From 9f4f03ec6c7264bb4e78f17c18e17599d55ee4a9 Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 12 Oct 2024 11:06:14 +0000
Subject: [PATCH 001/379] docs/examples/cookies: add youtube_oauth to examples

---
 docs/examples/cookies.example.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/examples/cookies.example.json b/docs/examples/cookies.example.json
index 73f3378d..7996adeb 100644
--- a/docs/examples/cookies.example.json
+++ b/docs/examples/cookies.example.json
@@ -10,5 +10,8 @@
     ],
     "twitter": [
         "auth_token=<replace_this>; ct0=<replace_this>"
+    ],
+    "youtube_oauth": [
+        "<output from running `pnpm run token:youtube` in `api` folder goes here>"
     ]
 }

From 7c0fb16fdb8b2ff2ea9bf5c4b7b0a6f5321d03fe Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 12 Oct 2024 11:24:29 +0000
Subject: [PATCH 002/379] api/keys: fix prefix size calculation for individual
 ipv6 addresses

---
 api/src/security/api-keys.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/security/api-keys.js b/api/src/security/api-keys.js
index eee48da3..72063099 100644
--- a/api/src/security/api-keys.js
+++ b/api/src/security/api-keys.js
@@ -99,7 +99,9 @@ const formatKeys = (keyData) => {
         if (data.ips) {
             formatted[key].ips = data.ips.map(addr => {
                 if (ip.isValid(addr)) {
-                    return [ ip.parse(addr), 32 ];
+                    const parsed = ip.parse(addr);
+                    const range = parsed.kind() === 'ipv6' ? 128 : 32;
+                    return [ parsed, range ];
                 }
 
                 return ip.parseCIDR(addr);

From 1c9685922f2c9139054d6f9831d79cddb060e54a Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 12 Oct 2024 12:01:27 +0000
Subject: [PATCH 003/379] docs/api: add information about auth header

---
 docs/api.md | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/docs/api.md b/docs/api.md
index fc09a441..e3f3bf99 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -3,7 +3,42 @@ this document provides info about methods and acceptable variables for all cobal
 
 > if you are looking for the documentation for the old (7.x) api, you can find
 > it [here](https://github.com/imputnet/cobalt/blob/7/docs/api.md)
-<!-- TODO: authorization -->
+
+## authentication
+an api instance may be configured to require you to authenticate yourself.
+if this is the case, you will typically receive an [error response](#error-response)
+with a **`api.auth.<method>.missing`** code, which tells you that a particular method
+of authentication is required.
+
+authentication is done by passing the `Authorization` header, containing
+the authentication scheme and the token:
+```
+Authorization: <scheme> <token>
+```
+
+currently, cobalt supports two ways of authentication. an instance can
+choose to configure both, or neither:
+- [`Api-Key`](#api-key-authentication)
+- [`Bearer`](#bearer-authentication)
+
+### api-key authentication
+the api key authentication is the most straightforward. the instance owner
+will assign you an api key which you can then use to authenticate like so:
+```
+Authorization: Api-Key aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
+```
+
+if you are an instance owner and wish to configure api key authentication,
+see the [instance](run-an-instance.md#api-key-file-format) documentation!
+
+### bearer authentication
+the cobalt server may be configured to issue JWT bearers, which are short-lived
+tokens intended for use by regular users (e.g. after passing a challenge).
+currently, cobalt can issue tokens for successfully solved [turnstile](run-an-instance.md#list-of-all-environment-variables)
+challenge, if the instance has turnstile configured. the resulting token is passed like so:
+```
+Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
+```
 
 ## POST: `/`
 cobalt's main processing endpoint.

From 52c24ab1a3127a62e2d4be04fcbc5b99f3e4adfb Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 12 Oct 2024 12:15:07 +0000
Subject: [PATCH 004/379] docs/run-an-instance: add undocumented turnstile envs

---
 docs/run-an-instance.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/run-an-instance.md b/docs/run-an-instance.md
index 08654d9f..272fbd35 100644
--- a/docs/run-an-instance.md
+++ b/docs/run-an-instance.md
@@ -72,11 +72,17 @@ sudo service nscd start
 | `RATELIMIT_MAX`       | `20`      | `30`                    | max requests per time window. requests above this amount will be blocked for the rate limit window duration. |
 | `DURATION_LIMIT`      | `10800`   | `18000`                 | max allowed video duration in **seconds**. |
 | `TUNNEL_LIFESPAN`     | `90`      | `120`                   | the duration for which tunnel info is stored in ram, **in seconds**. |
+| `TURNSTILE_SITEKEY`   | ➖        | `1x00000000000000000000BB` | [cloudflare turnstile](https://www.cloudflare.com/products/turnstile/) sitekey used by browser clients to request a challenge.\*\* |
+| `TURNSTILE_SECRET`    | ➖        | `1x0000000000000000000000000000000AA` | [cloudflare turnstile](https://www.cloudflare.com/products/turnstile/) secret used by cobalt to verify the client successfully solved the challenge.\*\* |
+| `JWT_SECRET`          | ➖        | ➖                      | the secret used for issuing JWT tokens for request authentication. to choose a value, generate a random, secure, long string (ideally >=16 characters).\*\* |
+| `JWT_EXPIRY`          | `120`     | `240`                  | the duration of how long a cobalt-issued JWT token will remain valid, in seconds. |
 | `API_KEY_URL`         | ➖        | `file://keys.json`      | the location of the api key database. for loading API keys, cobalt supports HTTP(S) urls, or local files by specifying a local path using the `file://` protocol. see the "api key file format" below for more details.  |
 | `API_AUTH_REQUIRED`   | ➖        | `1`                     | when set to `1`, the user always needs to be authenticated in some way before they can access the API (either via an api key or via turnstile, if enabled). |
 
 \* the higher the nice value, the lower the priority. [read more here](https://en.wikipedia.org/wiki/Nice_(Unix)).
 
+\*\* in order to enable turnstile bot protection, all three **`TURNSTILE_SITEKEY`, `TURNSTILE_SECRET` and `JWT_SECRET`** need to be set.
+
 #### FREEBIND_CIDR
 setting a `FREEBIND_CIDR` allows cobalt to pick a random IP for every download and use it for all
 requests it makes for that particular download. to use freebind in cobalt, you need to follow its [setup instructions](https://github.com/imputnet/freebind.js?tab=readme-ov-file#setup) first. if you configure this option while running cobalt

From 6cc895c3952df1291d1ba2371b6222fb17f12ce2 Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 12 Oct 2024 12:20:15 +0000
Subject: [PATCH 005/379] docs/api: document `/session` endpoint

---
 docs/api.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/api.md b/docs/api.md
index e3f3bf99..39b17209 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -143,3 +143,18 @@ response body type: `application/json`
 | `commit`    | `string` | commit hash       |
 | `branch`    | `string` | git branch        |
 | `remote`    | `string` | git remote        |
+
+## POST: `/session`
+
+used for generating JWT tokens, if enabled. currently, cobalt only supports
+generating tokens when a [turnstile](run-an-instance.md#list-of-all-environment-variables) challenge solution
+is submitted by the client.
+
+the turnstile challenge response is submitted via the `cf-turnstile-response` header.
+### response body
+| key             | type       | description                                            |
+|:----------------|:-----------|:-------------------------------------------------------|
+| `token`         | `string`   | a `Bearer` token used for later request authentication |
+| `exp`           | `number`   | number in seconds indicating the token lifetime        |
+
+on failure, an [error response](#error-response) is returned.

From ebf157862a1df96b676a07cfac2a9a6a01511e8d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 19:06:11 +0600
Subject: [PATCH 006/379] web/about/community: redesign the page, add
 descriptions

---
 web/i18n/en/about.json                       |  17 +--
 web/src/components/about/AboutSupport.svelte | 116 +++++++++++++++++++
 web/src/routes/about/community/+page.svelte  | 103 +++++++++-------
 3 files changed, 185 insertions(+), 51 deletions(-)
 create mode 100644 web/src/components/about/AboutSupport.svelte

diff --git a/web/i18n/en/about.json b/web/i18n/en/about.json
index cfe9129f..10d31ec2 100644
--- a/web/i18n/en/about.json
+++ b/web/i18n/en/about.json
@@ -8,12 +8,6 @@
     "page.terms": "terms and ethics",
     "page.credits": "thanks & licenses",
 
-    "community.discord": "community discord server",
-    "community.twitter": "news account on twitter",
-    "community.github": "github repo",
-    "community.email": "support email",
-    "community.telegram": "news channel on telegram",
-
     "heading.general": "general terms",
     "heading.licenses": "licenses",
     "heading.summary": "best way to save what you love",
@@ -27,5 +21,14 @@
     "heading.responsibility": "user responsibilities",
     "heading.abuse": "reporting abuse",
     "heading.motivation": "motivation",
-    "heading.testers": "beta testers"
+    "heading.testers": "beta testers",
+
+    "support.github": "check out cobalt's source code, contribute changes, or report issues",
+    "support.discord": "chat with the community and developers about cobalt or ask for help",
+    "support.twitter": "follow cobalt's updates and development on your twitter timeline",
+    "support.telegram": "stay up to date with latest cobalt updates via a telegram channel",
+
+    "support.description.issue": "if you want to report a bug or some other recurring issue, please do it on github.",
+    "support.description.help": "use discord for any other questions. describe the issue properly in #cobalt-support or else no one will be able help you.",
+    "support.description.best-effort": "all support is best effort and not guaranteed, a reply might take some time."
 }
diff --git a/web/src/components/about/AboutSupport.svelte b/web/src/components/about/AboutSupport.svelte
new file mode 100644
index 00000000..2d4727f4
--- /dev/null
+++ b/web/src/components/about/AboutSupport.svelte
@@ -0,0 +1,116 @@
+<script lang="ts">
+    import { t } from "$lib/i18n/translations";
+    import { openURL } from "$lib/download";
+
+    import IconExternalLink from "@tabler/icons-svelte/IconExternalLink.svelte";
+
+    import IconBrandGithub from "@tabler/icons-svelte/IconBrandGithub.svelte";
+    import IconBrandTwitter from "@tabler/icons-svelte/IconBrandTwitter.svelte";
+    import IconBrandDiscord from "@tabler/icons-svelte/IconBrandDiscord.svelte";
+    import IconBrandTelegram from "@tabler/icons-svelte/IconBrandTelegram.svelte";
+
+    export let platform: "github" | "discord" | "twitter" | "telegram";
+    export let externalLink: string;
+
+    const platformIcons = {
+        github: {
+            icon: IconBrandGithub,
+            color: "var(--secondary)",
+        },
+        discord: {
+            icon: IconBrandDiscord,
+            color: "#5865f2",
+        },
+        twitter: {
+            icon: IconBrandTwitter,
+            color: "#1da1f2",
+        },
+        telegram: {
+            icon: IconBrandTelegram,
+            color: "#1c9efb",
+        },
+    };
+</script>
+
+<button
+    class="support-card"
+    role="link"
+    on:click={() => {
+        openURL(externalLink);
+    }}
+>
+    <div class="support-card-header">
+        <div
+            class="icon-holder support-icon-{platform}"
+            style="background-color: {platformIcons[platform].color}"
+        >
+            <svelte:component this={platformIcons[platform].icon} />
+        </div>
+        <div class="support-card-title">
+            {platform}
+            <IconExternalLink />
+        </div>
+    </div>
+    <div class="subtext support-card-description">
+        {$t(`about.support.${platform}`)}
+    </div>
+</button>
+
+<style>
+    .support-card {
+        padding: var(--padding);
+        gap: 4px;
+        height: fit-content;
+
+        text-align: left;
+        flex-direction: column;
+        align-items: flex-start;
+        justify-content: flex-start;
+    }
+
+    .support-card-header {
+        display: flex;
+        flex-direction: column;
+        align-items: flex-start;
+        gap: 8px;
+    }
+
+    .icon-holder {
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        background-color: var(--gray);
+
+        padding: 4px;
+        border-radius: 5px;
+    }
+
+    .icon-holder :global(svg) {
+        width: 20px;
+        height: 20px;
+        stroke-width: 1.5px;
+        stroke: var(--white);
+    }
+
+    .support-card-title {
+        display: flex;
+        flex-direction: row;
+        align-items: center;
+        gap: 6px;
+    }
+
+    .support-card-title :global(svg) {
+        stroke: var(--secondary);
+        opacity: 0.5;
+        width: 14px;
+        height: 14px;
+    }
+
+    .support-card-description {
+        padding: 0;
+    }
+
+    :global([data-theme="dark"]) .support-icon-github :global(svg) {
+        stroke: var(--primary);
+    }
+</style>
diff --git a/web/src/routes/about/community/+page.svelte b/web/src/routes/about/community/+page.svelte
index e0638015..f5c20bf4 100644
--- a/web/src/routes/about/community/+page.svelte
+++ b/web/src/routes/about/community/+page.svelte
@@ -4,61 +4,76 @@
     import { contacts } from "$lib/env";
     import { t } from "$lib/i18n/translations";
 
-    import DonateAltItem from "$components/donate/DonateAltItem.svelte";
+    import AboutSupport from "$components/about/AboutSupport.svelte";
+
+    let buttonContainerWidth: number;
 </script>
 
-<!--
-    this page is not final and is more of a quick mockup. this is why donate alt item is used for links.
--->
-<div id="community-body">
-    {#if $locale !== "ru"}
-        <DonateAltItem
-            type="open"
-            name={$t("about.community.discord")}
-            address={contacts.discord}
+<div id="support-page">
+    <div
+        id="support-buttons"
+        bind:offsetWidth={buttonContainerWidth}
+
+        class:two={$locale === "ru"}
+        class:one={buttonContainerWidth < 500}
+    >
+        <AboutSupport
+            platform="github"
+            externalLink={contacts.github}
         />
 
-        <DonateAltItem
-            type="open"
-            name={$t("about.community.twitter")}
-            address={contacts.twitter}
-            title="@justusecobalt"
-        />
-    {/if}
+        {#if $locale === "ru"}
+            <AboutSupport
+                platform="telegram"
+                externalLink={contacts.telegram_ru}
+            />
+        {:else}
+            <AboutSupport
+                platform="discord"
+                externalLink={contacts.discord}
+            />
+            <AboutSupport
+                platform="twitter"
+                externalLink={contacts.twitter}
+            />
+        {/if}
+    </div>
 
-    <DonateAltItem
-        type="open"
-        name={$t("about.community.github")}
-        address={contacts.github}
-    />
+    <div class="subtext support-note">
+        {$t("about.support.description.issue")}
 
-    <DonateAltItem
-        type="open"
-        name={$t("about.community.email")}
-        address="mailto:{contacts.email}"
-        title="{contacts.email}"
-    />
+        {#if $locale !== "ru"}
+            {$t("about.support.description.help")}
+        {/if}
 
-    {#if $locale === "ru"}
-        <DonateAltItem
-            type="open"
-            name={$t("about.community.telegram")}
-            address={contacts.telegram_ru}
-            title="@justusecobalt_ru"
-        />
-    {/if}
+        {$t("about.support.description.best-effort")}
+    </div>
 </div>
 
 <style>
-    #community-body {
-        display: grid;
-        grid-template-columns: 1fr 1fr;
-        gap: 10px;
+    #support-page {
+        display: flex;
+        flex-direction: column;
+        gap: 18px;
     }
 
-    @media screen and (max-width: 1030px) {
-        #community-body {
-            grid-template-columns: 1fr;
-        }
+    #support-buttons {
+        display: grid;
+        grid-template-columns: 1fr 1fr 1fr;
+        overflow-x: scroll;
+        gap: var(--padding);
+    }
+
+    #support-buttons.two {
+        grid-template-columns: 1fr 1fr;
+    }
+
+    #support-buttons.one {
+        grid-template-columns: 1fr;
+    }
+
+    .support-note {
+        text-align: left;
+        padding: 0;
     }
 </style>

From e34b8dd89c365abf03c9c413a7cb0488962fa456 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 19:07:05 +0600
Subject: [PATCH 007/379] web/Switcher: add a gap between items

---
 web/src/components/buttons/Switcher.svelte | 1 +
 web/src/routes/settings/audio/+page.svelte | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/web/src/components/buttons/Switcher.svelte b/web/src/components/buttons/Switcher.svelte
index a72c4e77..2ead0caf 100644
--- a/web/src/components/buttons/Switcher.svelte
+++ b/web/src/components/buttons/Switcher.svelte
@@ -47,6 +47,7 @@
         background: var(--button);
         box-shadow: var(--button-box-shadow);
         padding: var(--switcher-padding);
+        gap: calc(var(--switcher-padding) - 1.5px);
     }
 
     .switcher :global(.button.active) {
diff --git a/web/src/routes/settings/audio/+page.svelte b/web/src/routes/settings/audio/+page.svelte
index eb0ac679..06555a42 100644
--- a/web/src/routes/settings/audio/+page.svelte
+++ b/web/src/routes/settings/audio/+page.svelte
@@ -24,8 +24,8 @@
     </Switcher>
 </SettingsCategory>
 
-<SettingsCategory 
-    sectionId="bitrate" 
+<SettingsCategory
+    sectionId="bitrate"
     title={$t("settings.audio.bitrate")}
     disabled={["wav", "best"].includes($settings.save.audioFormat)}
 >

From d5ea154ed8266cb72f6112000840dd4ee0dc8dfd Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 19:08:01 +0600
Subject: [PATCH 008/379] web/Omnibox: reduce gap by 2px

---
 web/src/components/save/Omnibox.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/components/save/Omnibox.svelte b/web/src/components/save/Omnibox.svelte
index a900def7..eed0ad71 100644
--- a/web/src/components/save/Omnibox.svelte
+++ b/web/src/components/save/Omnibox.svelte
@@ -225,7 +225,7 @@
         flex-direction: column;
         max-width: 640px;
         width: 100%;
-        gap: 10px;
+        gap: 8px;
     }
 
     #input-container {

From c10652b8c4586dbe14ae5d52c9dcb2e19363cddd Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 19:10:31 +0600
Subject: [PATCH 009/379] web/AboutSupport: replace duplicated type

---
 web/src/components/about/AboutSupport.svelte | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/src/components/about/AboutSupport.svelte b/web/src/components/about/AboutSupport.svelte
index 2d4727f4..1e9170b6 100644
--- a/web/src/components/about/AboutSupport.svelte
+++ b/web/src/components/about/AboutSupport.svelte
@@ -9,9 +9,6 @@
     import IconBrandDiscord from "@tabler/icons-svelte/IconBrandDiscord.svelte";
     import IconBrandTelegram from "@tabler/icons-svelte/IconBrandTelegram.svelte";
 
-    export let platform: "github" | "discord" | "twitter" | "telegram";
-    export let externalLink: string;
-
     const platformIcons = {
         github: {
             icon: IconBrandGithub,
@@ -30,6 +27,9 @@
             color: "#1c9efb",
         },
     };
+
+    export let platform: keyof typeof platformIcons;
+    export let externalLink: string;
 </script>
 
 <button

From 0d2e300fbed81dd22f08270f9a43393bec84721c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 19:20:20 +0600
Subject: [PATCH 010/379] web/about/credits: add a section about imput

---
 web/i18n/en/about/credits.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/web/i18n/en/about/credits.md b/web/i18n/en/about/credits.md
index 6c001f58..812f3394 100644
--- a/web/i18n/en/about/credits.md
+++ b/web/i18n/en/about/credits.md
@@ -6,6 +6,17 @@
     import BetaTesters from "$components/misc/BetaTesters.svelte";
 </script>
 
+<section id="imput">
+<SectionHeading
+    title="imput"
+    sectionId="imput"
+/>
+
+cobalt is made with love and care by the [imput](https://imput.net/) research and development team.
+
+you can support us on the [donate page](/donate)!
+</section>
+
 <section id="testers">
 <SectionHeading
     title={$t("about.heading.testers")}

From 6ad838b6498d11934f4b70f0b368778535d75c89 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 22:06:54 +0600
Subject: [PATCH 011/379] api/tiktok: fix url patterns

---
 api/src/processing/match.js           | 2 +-
 api/src/processing/service-config.js  | 6 +++---
 api/src/processing/services/tiktok.js | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/api/src/processing/match.js b/api/src/processing/match.js
index ffb92c23..b0022d08 100644
--- a/api/src/processing/match.js
+++ b/api/src/processing/match.js
@@ -127,7 +127,7 @@ export default async function({ host, patternMatch, params }) {
             case "tiktok":
                 r = await tiktok({
                     postId: patternMatch.postId,
-                    id: patternMatch.id,
+                    shortLink: patternMatch.shortLink,
                     fullAudio: params.tiktokFullAudio,
                     isAudioOnly,
                     h265: params.tiktokH265,
diff --git a/api/src/processing/service-config.js b/api/src/processing/service-config.js
index 8d8bf4ac..a2136ad0 100644
--- a/api/src/processing/service-config.js
+++ b/api/src/processing/service-config.js
@@ -111,10 +111,10 @@ export const services = {
     tiktok: {
         patterns: [
             ":user/video/:postId",
-            ":id",
-            "t/:id",
+            ":shortLink",
+            "t/:shortLink",
             ":user/photo/:postId",
-            "v/:id.html"
+            "v/:postId.html"
         ],
         subdomains: ["vt", "vm", "m"],
     },
diff --git a/api/src/processing/services/tiktok.js b/api/src/processing/services/tiktok.js
index 3c70e033..e205ce54 100644
--- a/api/src/processing/services/tiktok.js
+++ b/api/src/processing/services/tiktok.js
@@ -12,7 +12,7 @@ export default async function(obj) {
     let postId = obj.postId;
 
     if (!postId) {
-        let html = await fetch(`${shortDomain}${obj.id}`, {
+        let html = await fetch(`${shortDomain}${obj.shortLink}`, {
             redirect: "manual",
             headers: {
                 "user-agent": genericUserAgent.split(' Chrome/1')[0]
@@ -24,7 +24,7 @@ export default async function(obj) {
         if (html.startsWith('<a href="https://')) {
             const extractedURL = html.split('<a href="')[1].split('?')[0];
             const { patternMatch } = extract(extractedURL);
-            postId = patternMatch.postId
+            postId = patternMatch.postId;
         }
     }
     if (!postId) return { error: "fetch.short_link" };

From 6c3b4e0fa943c81b81ba9a4c4dbb8645adbbfc4d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 22:23:01 +0600
Subject: [PATCH 012/379] web/AboutSupport: update github color & add glow

---
 web/src/components/about/AboutSupport.svelte | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/web/src/components/about/AboutSupport.svelte b/web/src/components/about/AboutSupport.svelte
index 1e9170b6..bdba8e85 100644
--- a/web/src/components/about/AboutSupport.svelte
+++ b/web/src/components/about/AboutSupport.svelte
@@ -12,7 +12,7 @@
     const platformIcons = {
         github: {
             icon: IconBrandGithub,
-            color: "var(--secondary)",
+            color: "#8842cd",
         },
         discord: {
             icon: IconBrandDiscord,
@@ -42,7 +42,10 @@
     <div class="support-card-header">
         <div
             class="icon-holder support-icon-{platform}"
-            style="background-color: {platformIcons[platform].color}"
+            style="
+                background-color: {platformIcons[platform].color};
+                box-shadow: 0 0 90px 10px {platformIcons[platform].color};
+            "
         >
             <svelte:component this={platformIcons[platform].icon} />
         </div>
@@ -66,6 +69,7 @@
         flex-direction: column;
         align-items: flex-start;
         justify-content: flex-start;
+        overflow: hidden;
     }
 
     .support-card-header {
@@ -109,8 +113,4 @@
     .support-card-description {
         padding: 0;
     }
-
-    :global([data-theme="dark"]) .support-icon-github :global(svg) {
-        stroke: var(--primary);
-    }
 </style>

From 72483bbdad90c619300aab1bb1a53939e7767a35 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 22:49:36 +0600
Subject: [PATCH 013/379] web/icons/Mute: update colors for better legibility

---
 web/src/components/icons/Mute.svelte | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/src/components/icons/Mute.svelte b/web/src/components/icons/Mute.svelte
index a869fb09..9e8d2d5b 100644
--- a/web/src/components/icons/Mute.svelte
+++ b/web/src/components/icons/Mute.svelte
@@ -1,5 +1,5 @@
 <svg width="24" height="24" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-    <path d="M7.80282 23H12.0122L13.0122 16L12.0122 9H7.80282C6.80707 9 6 9.84705 6 10.8921V21.1079C6 22.153 6.80707 23 7.80282 23ZM26 16.0232C26 17.7104 24.6322 19.0781 22.945 19.0781C21.2579 19.0781 19.8901 17.7104 19.8901 16.0232C19.8901 14.336 21.2579 12.9683 22.945 12.9683C24.6322 12.9683 26 14.336 26 16.0232Z" fill="#9B9B9B"/>
-    <path d="M20.6106 26.8309L11.9976 23.0011L11.9976 9.01942L20.0474 5.23153C21.1704 4.70349 23.0356 5.2552 23.0356 6.49651V25.3045C23.0356 26.5512 21.7343 27.3705 20.6106 26.8309Z" fill="#D3D3D3"/>
+    <path d="M7.80282 23H12.0122L13.0122 16L12.0122 9H7.80282C6.80707 9 6 9.84705 6 10.8921V21.1079C6 22.153 6.80707 23 7.80282 23ZM26 16.0232C26 17.7104 24.6322 19.0781 22.945 19.0781C21.2579 19.0781 19.8901 17.7104 19.8901 16.0232C19.8901 14.336 21.2579 12.9683 22.945 12.9683C24.6322 12.9683 26 14.336 26 16.0232Z" fill="#8C8C8C"/>
+    <path d="M20.6106 26.8309L11.9976 23.0011L11.9976 9.01942L20.0474 5.23153C21.1704 4.70349 23.0356 5.2552 23.0356 6.49651V25.3045C23.0356 26.5512 21.7343 27.3705 20.6106 26.8309Z" fill="#C8C8C8"/>
     <path d="M24.9692 26.6519L5.1497 6.83167C4.68545 6.36742 4.68545 5.61418 5.1497 5.14994C5.61394 4.6857 6.36718 4.6857 6.83142 5.14994L26.6509 24.9694C27.1151 25.4337 27.1151 26.1869 26.6509 26.6511C26.1866 27.1161 25.4342 27.1161 24.9692 26.6519Z" fill="#F8312F"/>
 </svg>

From 4499992d58a4e6af0cb25e89140b70e91ae73303 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 22:54:44 +0600
Subject: [PATCH 014/379] web/icons/Sparkles: update colors for better
 legibility

---
 web/src/components/icons/Sparkles.svelte | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/src/components/icons/Sparkles.svelte b/web/src/components/icons/Sparkles.svelte
index 91d8d2eb..8d061f45 100644
--- a/web/src/components/icons/Sparkles.svelte
+++ b/web/src/components/icons/Sparkles.svelte
@@ -1,5 +1,5 @@
 <svg width="24" height="24" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-    <path d="M10.5194 7.0517C10.2265 6.93064 9.99626 6.69861 9.88117 6.41614L8.929 4.25725C8.75112 3.91425 8.23842 3.91425 8.071 4.25725L7.11883 6.41614C6.99327 6.69861 6.76308 6.92055 6.48057 7.0517L5.26682 7.57629C4.91106 7.74779 4.91106 8.24212 5.26682 8.41362L6.48057 8.93821C6.77354 9.05927 7.00374 9.2913 7.11883 9.57377L8.071 11.7427C8.24888 12.0858 8.76158 12.0858 8.929 11.7427L9.88117 9.57377C10.0067 9.2913 10.2369 9.06936 10.5194 8.93821L11.7332 8.41362C12.0889 8.24212 12.0889 7.74779 11.7332 7.57629L10.5194 7.0517Z" fill="#FFB02E"/>
-    <path d="M25.5744 13.5546C24.7045 13.1673 24.0166 12.4539 23.6525 11.5775L20.7897 4.81023C20.2637 3.72992 18.7363 3.72992 18.2103 4.81023L15.3475 11.5775C14.9733 12.4539 14.2854 13.1673 13.4256 13.5546L9.80419 15.1955C8.73194 15.7254 8.73194 17.2746 9.80419 17.8045L13.4256 19.4454C14.2955 19.8327 14.9834 20.5461 15.3475 21.4225L18.2103 28.1898C18.7363 29.2701 20.2637 29.2701 20.7897 28.1898L23.6525 21.4225C24.0267 20.5461 24.7146 19.8327 25.5744 19.4454L29.1958 17.8045C30.2681 17.2746 30.2681 15.7254 29.1958 15.1955L25.5744 13.5546Z" fill="#FFB02E"/>
-    <path d="M8.2811 20.3304C8.44173 20.7222 8.73465 21.0258 9.10315 21.2021L10.6528 21.927C11.1157 22.1621 11.1157 22.8379 10.6528 23.073L9.10315 23.7979C8.73465 23.9742 8.44173 24.2876 8.2811 24.6696L7.05276 27.6474C6.82598 28.1175 6.17402 28.1175 5.94724 27.6474L4.7189 24.6696C4.55827 24.2778 4.26535 23.9742 3.89685 23.7979L2.34724 23.073C1.88425 22.8379 1.88425 22.1621 2.34724 21.927L3.89685 21.2021C4.26535 21.0258 4.55827 20.7124 4.7189 20.3304L5.94724 17.3526C6.17402 16.8825 6.82598 16.8825 7.05276 17.3526L8.2811 20.3304Z" fill="#FFB02E"/>
+    <path d="M10.5194 7.0517C10.2265 6.93064 9.99626 6.69861 9.88117 6.41614L8.929 4.25725C8.75112 3.91425 8.23842 3.91425 8.071 4.25725L7.11883 6.41614C6.99327 6.69861 6.76308 6.92055 6.48057 7.0517L5.26682 7.57629C4.91106 7.74779 4.91106 8.24212 5.26682 8.41362L6.48057 8.93821C6.77354 9.05927 7.00374 9.2913 7.11883 9.57377L8.071 11.7427C8.24888 12.0858 8.76158 12.0858 8.929 11.7427L9.88117 9.57377C10.0067 9.2913 10.2369 9.06936 10.5194 8.93821L11.7332 8.41362C12.0889 8.24212 12.0889 7.74779 11.7332 7.57629L10.5194 7.0517Z" fill="#FFA514"/>
+    <path d="M25.5744 13.5546C24.7045 13.1673 24.0166 12.4539 23.6525 11.5775L20.7897 4.81023C20.2637 3.72992 18.7363 3.72992 18.2103 4.81023L15.3475 11.5775C14.9733 12.4539 14.2854 13.1673 13.4256 13.5546L9.80419 15.1955C8.73194 15.7254 8.73194 17.2746 9.80419 17.8045L13.4256 19.4454C14.2955 19.8327 14.9834 20.5461 15.3475 21.4225L18.2103 28.1898C18.7363 29.2701 20.2637 29.2701 20.7897 28.1898L23.6525 21.4225C24.0267 20.5461 24.7146 19.8327 25.5744 19.4454L29.1958 17.8045C30.2681 17.2746 30.2681 15.7254 29.1958 15.1955L25.5744 13.5546Z" fill="#FFA514"/>
+    <path d="M8.2811 20.3304C8.44173 20.7222 8.73465 21.0258 9.10315 21.2021L10.6528 21.927C11.1157 22.1621 11.1157 22.8379 10.6528 23.073L9.10315 23.7979C8.73465 23.9742 8.44173 24.2876 8.2811 24.6696L7.05276 27.6474C6.82598 28.1175 6.17402 28.1175 5.94724 27.6474L4.7189 24.6696C4.55827 24.2778 4.26535 23.9742 3.89685 23.7979L2.34724 23.073C1.88425 22.8379 1.88425 22.1621 2.34724 21.927L3.89685 21.2021C4.26535 21.0258 4.55827 20.7124 4.7189 20.3304L5.94724 17.3526C6.17402 16.8825 6.82598 16.8825 7.05276 17.3526L8.2811 20.3304Z" fill="#FFA514"/>
 </svg>

From c8ab784385707c54e4684e204cbf8b73af321c69 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 23:06:14 +0600
Subject: [PATCH 015/379] web/icons/Music: make colors brighter

---
 web/src/components/icons/Music.svelte | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/src/components/icons/Music.svelte b/web/src/components/icons/Music.svelte
index de73841f..f9b07373 100644
--- a/web/src/components/icons/Music.svelte
+++ b/web/src/components/icons/Music.svelte
@@ -1,5 +1,5 @@
 <svg width="24" height="24" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-    <path d="M14.3599 3.00421L8.21995 3.80421C7.89995 3.84421 7.65995 4.12421 7.65995 4.44421V12.0642C7.08995 11.8642 6.45995 11.7842 5.79995 11.8542C3.74995 12.0742 2.12995 13.7742 1.99995 15.8342C1.83995 18.3242 3.80995 20.3842 6.26995 20.3842C8.62995 20.3842 10.5499 18.4742 10.5499 16.1042C10.5499 16.0142 10.5499 15.9242 10.5399 15.8342V8.00421C10.5399 7.72421 10.7499 7.48421 11.0299 7.44421L14.4899 6.99421C14.7499 6.96421 14.9499 6.73421 14.9499 6.46421V3.53421C14.9599 3.21421 14.6799 2.96421 14.3599 3.00421Z" fill="#6B438B"/>
-    <path d="M29.4 5.37423L23.26 6.17423C22.94 6.21423 22.7 6.48423 22.7 6.80423V16.8142C22.13 16.6142 21.5 16.5342 20.84 16.6042C18.79 16.8242 17.17 18.5242 17.04 20.5842C16.88 23.0742 18.85 25.1342 21.31 25.1342C23.67 25.1342 25.59 23.2242 25.59 20.8542C25.59 20.7642 25.59 20.6742 25.58 20.5842V10.3742C25.58 10.0942 25.79 9.85423 26.07 9.81423L29.53 9.36423C29.8 9.32423 30 9.10424 30 8.83424V5.89423C30 5.57423 29.72 5.33423 29.4 5.37423Z" fill="#6B438B"/>
-    <path d="M13.09 10.6543L19.23 9.85429C19.55 9.80429 19.83 10.0543 19.83 10.3743V13.3043C19.83 13.5743 19.63 13.8043 19.37 13.8343L15.91 14.2843C15.63 14.3243 15.42 14.5643 15.42 14.8443V25.0643C15.43 25.1543 15.43 25.2443 15.43 25.3343C15.43 27.7043 13.51 29.6143 11.15 29.6143C8.68995 29.6143 6.71995 27.5543 6.87995 25.0643C6.99995 23.0043 8.61995 21.3143 10.67 21.0943C11.33 21.0243 11.96 21.1043 12.53 21.3043V11.2943C12.53 10.9643 12.77 10.6943 13.09 10.6543Z" fill="#6B438B"/>
+    <path d="M14.3599 3.00421L8.21995 3.80421C7.89995 3.84421 7.65995 4.12421 7.65995 4.44421V12.0642C7.08995 11.8642 6.45995 11.7842 5.79995 11.8542C3.74995 12.0742 2.12995 13.7742 1.99995 15.8342C1.83995 18.3242 3.80995 20.3842 6.26995 20.3842C8.62995 20.3842 10.5499 18.4742 10.5499 16.1042C10.5499 16.0142 10.5499 15.9242 10.5399 15.8342V8.00421C10.5399 7.72421 10.7499 7.48421 11.0299 7.44421L14.4899 6.99421C14.7499 6.96421 14.9499 6.73421 14.9499 6.46421V3.53421C14.9599 3.21421 14.6799 2.96421 14.3599 3.00421Z" fill="#7941A5"/>
+    <path d="M29.4 5.37423L23.26 6.17423C22.94 6.21423 22.7 6.48423 22.7 6.80423V16.8142C22.13 16.6142 21.5 16.5342 20.84 16.6042C18.79 16.8242 17.17 18.5242 17.04 20.5842C16.88 23.0742 18.85 25.1342 21.31 25.1342C23.67 25.1342 25.59 23.2242 25.59 20.8542C25.59 20.7642 25.59 20.6742 25.58 20.5842V10.3742C25.58 10.0942 25.79 9.85423 26.07 9.81423L29.53 9.36423C29.8 9.32423 30 9.10424 30 8.83424V5.89423C30 5.57423 29.72 5.33423 29.4 5.37423Z" fill="#7941A5"/>
+    <path d="M13.09 10.6543L19.23 9.85429C19.55 9.80429 19.83 10.0543 19.83 10.3743V13.3043C19.83 13.5743 19.63 13.8043 19.37 13.8343L15.91 14.2843C15.63 14.3243 15.42 14.5643 15.42 14.8443V25.0643C15.43 25.1543 15.43 25.2443 15.43 25.3343C15.43 27.7043 13.51 29.6143 11.15 29.6143C8.68995 29.6143 6.71995 27.5543 6.87995 25.0643C6.99995 23.0043 8.61995 21.3143 10.67 21.0943C11.33 21.0243 11.96 21.1043 12.53 21.3043V11.2943C12.53 10.9643 12.77 10.6943 13.09 10.6543Z" fill="#7941A5"/>
 </svg>

From ef4dd4875e3d609a815abadd3531561904c73c9b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 23:15:29 +0600
Subject: [PATCH 016/379] web/icons/Clipboard: increase color contrast

---
 web/src/components/icons/Clipboard.svelte | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/web/src/components/icons/Clipboard.svelte b/web/src/components/icons/Clipboard.svelte
index 5ceb9618..cf2d3b93 100644
--- a/web/src/components/icons/Clipboard.svelte
+++ b/web/src/components/icons/Clipboard.svelte
@@ -1,11 +1,11 @@
 <svg width="24" height="24" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-    <path d="M25.5 2H6.5C5.67157 2 5 2.67157 5 3.5V27.5C5 28.3284 5.67157 29 6.5 29H16.4244C16.795 29 17.1524 28.8628 17.4278 28.6149L26.5034 20.4469C26.8195 20.1624 27 19.7572 27 19.332V3.5C27 2.67157 26.3284 2 25.5 2Z" fill="#E19747"/>
-    <rect x="7" y="4" width="18" height="23" rx="1" fill="#F3EEF8"/>
-    <path d="M18 3C18 1.89543 17.1046 1 16 1C14.8954 1 14 1.89543 14 3H13C11.8954 3 11 3.89543 11 5V6.5C11 6.77614 11.2239 7 11.5 7H20.5C20.7761 7 21 6.77614 21 6.5V5C21 3.89543 20.1046 3 19 3H18ZM17 3C17 3.55228 16.5523 4 16 4C15.4477 4 15 3.55228 15 3C15 2.44772 15.4477 2 16 2C16.5523 2 17 2.44772 17 3Z" fill="#9B9B9B"/>
+    <path d="M25.5 2H6.5C5.67157 2 5 2.67157 5 3.5V27.5C5 28.3284 5.67157 29 6.5 29H16.4244C16.795 29 17.1524 28.8628 17.4278 28.6149L26.5034 20.4469C26.8195 20.1624 27 19.7572 27 19.332V3.5C27 2.67157 26.3284 2 25.5 2Z" fill="#DA882F"/>
+    <rect x="7" y="4" width="18" height="23" rx="1" fill="#F5F5F5"/>
+    <path d="M18 3C18 1.89543 17.1046 1 16 1C14.8954 1 14 1.89543 14 3H13C11.8954 3 11 3.89543 11 5V6.5C11 6.77614 11.2239 7 11.5 7H20.5C20.7761 7 21 6.77614 21 6.5V5C21 3.89543 20.1046 3 19 3H18ZM17 3C17 3.55228 16.5523 4 16 4C15.4477 4 15 3.55228 15 3C15 2.44772 15.4477 2 16 2C16.5523 2 17 2.44772 17 3Z" fill="#8F8F8F"/>
     <path d="M28 11C28.5523 11 29 11.4477 29 12V26L28.5 26.5L24 31H14C13.4477 31 13 30.5523 13 30V12C13 11.4477 13.4477 11 14 11H28Z" fill="#D9D9D9"/>
-    <path d="M29 26H24.846C24.3788 26 24 26.3788 24 26.846V31C24.0914 30.9584 24.1755 30.9005 24.2478 30.8282L28.8282 26.2478C28.9005 26.1755 28.9584 26.0914 29 26Z" fill="#B9B9B9"/>
-    <path d="M15 15.5C15 15.2239 15.1919 15 15.4286 15H26.5714C26.8081 15 27 15.2239 27 15.5C27 15.7761 26.8081 16 26.5714 16H15.4286C15.1919 16 15 15.7761 15 15.5Z" fill="#9B9B9B"/>
-    <path d="M15 18.5C15 18.2239 15.1919 18 15.4286 18H26.5714C26.8081 18 27 18.2239 27 18.5C27 18.7761 26.8081 19 26.5714 19H15.4286C15.1919 19 15 18.7761 15 18.5Z" fill="#9B9B9B"/>
-    <path d="M15.4286 21C15.1919 21 15 21.2239 15 21.5C15 21.7761 15.1919 22 15.4286 22H26.5714C26.8081 22 27 21.7761 27 21.5C27 21.2239 26.8081 21 26.5714 21H15.4286Z" fill="#9B9B9B"/>
-    <path d="M15 24.5C15 24.2239 15.199 24 15.4444 24H22.5556C22.801 24 23 24.2239 23 24.5C23 24.7761 22.801 25 22.5556 25H15.4444C15.199 25 15 24.7761 15 24.5Z" fill="#9B9B9B"/>
+    <path d="M29 26H24.846C24.3788 26 24 26.3788 24 26.846V31C24.0914 30.9584 24.1755 30.9005 24.2478 30.8282L28.8282 26.2478C28.9005 26.1755 28.9584 26.0914 29 26Z" fill="#BDBDBD"/>
+    <path d="M15 15.5C15 15.2239 15.1919 15 15.4286 15H26.5714C26.8081 15 27 15.2239 27 15.5C27 15.7761 26.8081 16 26.5714 16H15.4286C15.1919 16 15 15.7761 15 15.5Z" fill="#8F8F8F"/>
+    <path d="M15 18.5C15 18.2239 15.1919 18 15.4286 18H26.5714C26.8081 18 27 18.2239 27 18.5C27 18.7761 26.8081 19 26.5714 19H15.4286C15.1919 19 15 18.7761 15 18.5Z" fill="#8F8F8F"/>
+    <path d="M15.4286 21C15.1919 21 15 21.2239 15 21.5C15 21.7761 15.1919 22 15.4286 22H26.5714C26.8081 22 27 21.7761 27 21.5C27 21.2239 26.8081 21 26.5714 21H15.4286Z" fill="#8F8F8F"/>
+    <path d="M15 24.5C15 24.2239 15.199 24 15.4444 24H22.5556C22.801 24 23 24.2239 23 24.5C23 24.7761 22.801 25 22.5556 25H15.4444C15.199 25 15 24.7761 15 24.5Z" fill="#8F8F8F"/>
 </svg>

From fe1d17ba8d02317201dc4e1ede2e95e00de913a6 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 12 Oct 2024 23:29:19 +0600
Subject: [PATCH 017/379] api/service-patterns: update the tiktok tester

---
 api/src/processing/service-patterns.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/service-patterns.js b/api/src/processing/service-patterns.js
index 2105a563..7f8982b5 100644
--- a/api/src/processing/service-patterns.js
+++ b/api/src/processing/service-patterns.js
@@ -39,7 +39,7 @@ export const testers = {
         pattern.id?.length === 6,
 
     "tiktok": pattern =>
-        pattern.postId?.length <= 21 || pattern.id?.length <= 13,
+        pattern.postId?.length <= 21 || pattern.shortLink?.length <= 13,
 
     "tumblr": pattern =>
         pattern.id?.length < 21

From 0b06299da085934e63b99c69f6dd04912fde0ec3 Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 12 Oct 2024 17:36:28 +0000
Subject: [PATCH 018/379] web/DialogButton: add "link" buttons

---
 web/src/components/dialog/DialogButton.svelte | 43 +++++++++++++------
 web/src/lib/types/dialog.ts                   |  3 +-
 2 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/web/src/components/dialog/DialogButton.svelte b/web/src/components/dialog/DialogButton.svelte
index f977cc6a..69aaf722 100644
--- a/web/src/components/dialog/DialogButton.svelte
+++ b/web/src/components/dialog/DialogButton.svelte
@@ -23,21 +23,36 @@
         onDestroy(() => clearInterval(interval));
     }
 </script>
-
-<button
-    class="button elevated popup-button {button.color}"
-    class:color={button.color}
-    class:active={button.main}
-    {disabled}
-    on:click={async () => {
-        await button.action();
-        closeFunc();
-    }}
->
-    {button.text}{seconds ? ` (${seconds})` : ""}
-</button>
-
+{#if button.link}
+    <a
+        class="button elevated link-button"
+        class:color={button.color}
+        class:active={button.main}
+        href={button.link}
+    >
+        {button.text}
+    </a>
+{:else}
+    <button
+        class="button elevated popup-button {button.color}"
+        class:color={button.color}
+        class:active={button.main}
+        {disabled}
+        on:click={async () => {
+            await button.action();
+            closeFunc();
+        }}
+    >
+        {button.text}{seconds ? ` (${seconds})` : ""}
+    </button>
+{/if}
 <style>
+    .link-button {
+        text-decoration: none;
+        font-weight: 500;
+        width: 100%;
+    }
+
     .popup-button {
         width: 100%;
         height: 40px;
diff --git a/web/src/lib/types/dialog.ts b/web/src/lib/types/dialog.ts
index 69e27b5d..c0721f97 100644
--- a/web/src/lib/types/dialog.ts
+++ b/web/src/lib/types/dialog.ts
@@ -6,7 +6,8 @@ export type DialogButton = {
     color?: "red",
     main: boolean,
     timeout?: number, // milliseconds
-    action: () => unknown | Promise<unknown>
+    action: () => unknown | Promise<unknown>,
+    link?: string
 }
 
 export type SmallDialogIcons = "warn-red";

From eab37ae7ff699a42b2ec3efa89e517bce5f80ad0 Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 12 Oct 2024 17:42:31 +0000
Subject: [PATCH 019/379] web/dialog: show dialog when loading cobalt with no
 js support

---
 web/src/components/dialog/DialogHolder.svelte |  4 +-
 .../components/dialog/NoScriptDialog.svelte   | 39 +++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 web/src/components/dialog/NoScriptDialog.svelte

diff --git a/web/src/components/dialog/DialogHolder.svelte b/web/src/components/dialog/DialogHolder.svelte
index 939e7a8f..5ca84cb9 100644
--- a/web/src/components/dialog/DialogHolder.svelte
+++ b/web/src/components/dialog/DialogHolder.svelte
@@ -4,6 +4,7 @@
     import SmallDialog from "$components/dialog/SmallDialog.svelte";
     import PickerDialog from "$components/dialog/PickerDialog.svelte";
     import SavingDialog from "$components/dialog/SavingDialog.svelte";
+    import NoScriptDialog from "$components/dialog/NoScriptDialog.svelte";
 
     $: backdropVisible = $dialogs.length > 0;
 </script>
@@ -13,6 +14,7 @@
     more info here: https://github.com/microsoft/TypeScript/issues/46680
 -->
 <div id="dialog-holder">
+    <NoScriptDialog />
     {#each $dialogs as dialog}
         {#if dialog.type === "small"}
             <SmallDialog {...dialog} />
@@ -71,7 +73,7 @@
         pointer-events: none;
     }
 
-    #dialog-backdrop {
+    #dialog-backdrop, :global(#nojs-dialog-backdrop) {
         position: absolute;
         height: 100%;
         width: 100%;
diff --git a/web/src/components/dialog/NoScriptDialog.svelte b/web/src/components/dialog/NoScriptDialog.svelte
new file mode 100644
index 00000000..65c05d5f
--- /dev/null
+++ b/web/src/components/dialog/NoScriptDialog.svelte
@@ -0,0 +1,39 @@
+<script lang="ts">
+    import SmallDialog from "$components/dialog/SmallDialog.svelte";
+</script>
+
+<noscript style="display: contents">
+    <div id="nojs-ack">
+        <SmallDialog
+            id="nojs-dialog"
+            meowbalt="error"
+            bodyText={
+                "cobalt uses javascript for api requests and ui interactions, but it's not available in your browser. "
+                + "you can still navigate around cobalt, but most functionality won't work."
+            }
+            buttons={[
+                {
+                    text: "got it",
+                    main: true,
+                    action: () => {},
+                    link: "#nojs-ack"
+                },
+            ]}
+        />
+        <div id="nojs-dialog-backdrop"></div>
+    </div>
+</noscript>
+
+<style>
+    :global(#nojs-ack) {
+        display: contents;
+    }
+
+    :global(#nojs-ack:target) {
+        display: none;
+    }
+
+    #nojs-dialog-backdrop {
+        opacity: 1;
+    }
+</style>

From c33017283d20ee9a998b7c19ad5f24fc17bdede7 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 13 Oct 2024 09:59:52 +0600
Subject: [PATCH 020/379] api/twitter: fix gifs having a wrong file extension
 in a picker

---
 api/src/processing/services/twitter.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/services/twitter.js b/api/src/processing/services/twitter.js
index 18866b49..229415eb 100644
--- a/api/src/processing/services/twitter.js
+++ b/api/src/processing/services/twitter.js
@@ -208,7 +208,7 @@ export default async function({ id, index, toGif, dispatcher, alwaysProxy }) {
 
                 let url = bestQuality(content.video_info.variants);
                 const shouldRenderGif = content.type === "animated_gif" && toGif;
-                const videoFilename = `twitter_${id}_${i + 1}.mp4`;
+                const videoFilename = `twitter_${id}_${i + 1}.${shouldRenderGif ? "gif" : "mp4"}`;
 
                 let type = "video";
                 if (shouldRenderGif) type = "gif";

From 1ab94eb11d7f4499acc87ce5ca1171f93586b7e5 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 16 Oct 2024 16:53:20 +0600
Subject: [PATCH 021/379] web/i18n: update data management strings

---
 web/i18n/en/dialog.json   | 4 ++--
 web/i18n/en/settings.json | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/i18n/en/dialog.json b/web/i18n/en/dialog.json
index a2688f6d..3e6f5dec 100644
--- a/web/i18n/en/dialog.json
+++ b/web/i18n/en/dialog.json
@@ -1,6 +1,6 @@
 {
-    "reset.title": "reset all settings?",
-    "reset.body": "are you sure you want to reset all settings? this action is immediate and irreversible.",
+    "reset.title": "reset all data?",
+    "reset.body": "are you sure you want to reset all data? this action is immediate and irreversible.",
 
     "picker.title": "select what to save",
     "picker.description.desktop": "click an item to save it. images can also be saved via the right click menu.",
diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index 0537982f..8d003439 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -106,7 +106,7 @@
     "advanced.debug.title": "enable debug features",
     "advanced.debug.description": "gives you access to a page with various info that can be useful for debugging.",
 
-    "advanced.data": "settings data",
+    "advanced.data": "data management",
 
     "processing.override": "default instance override",
     "processing.override.title": "use the instance-provided processing server",

From 0e52e1f8b091c2c48d7851a0185ecf8087115733 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 16 Oct 2024 17:03:34 +0600
Subject: [PATCH 022/379] web/safety-warning: reduce continue button timeout

---
 web/src/lib/api/safety-warning.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/lib/api/safety-warning.ts b/web/src/lib/api/safety-warning.ts
index 175ddd67..26ad6aa4 100644
--- a/web/src/lib/api/safety-warning.ts
+++ b/web/src/lib/api/safety-warning.ts
@@ -98,7 +98,7 @@ export const customInstanceWarning = async () => {
                 text: get(t)("button.continue"),
                 color: "red",
                 main: true,
-                timeout: 15000,
+                timeout: 5000,
                 action: () => {
                     _actions.resolve();
                     updateSetting({

From d55dddea2e7928bd5cac2c4c02d876d6a093ed9e Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 10:00:00 +0000
Subject: [PATCH 023/379] core/api: normalize bearer authorization

---
 api/src/core/api.js | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/api/src/core/api.js b/api/src/core/api.js
index b11d689a..b3123033 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -158,19 +158,20 @@ export const runAPI = (express, app, __dirname) => {
                 return fail(res, "error.api.auth.jwt.missing");
             }
 
-            if (!authorization.startsWith("Bearer ") || authorization.length > 256) {
+            if (authorization.length >= 256) {
                 return fail(res, "error.api.auth.jwt.invalid");
             }
 
-            const verifyJwt = jwt.verify(
-                authorization.split("Bearer ", 2)[1]
-            );
-
-            if (!verifyJwt) {
+            const [ type, token, ...rest ] = authorization.split(" ");
+            if (!token || type.toLowerCase() !== 'bearer' || rest.length) {
                 return fail(res, "error.api.auth.jwt.invalid");
             }
 
-            req.rateLimitKey = generateHmac(req.header("Authorization"), ipSalt);
+            if (!jwt.verify(token)) {
+                return fail(res, "error.api.auth.jwt.invalid");
+            }
+
+            req.rateLimitKey = generateHmac(token, ipSalt);
         } catch {
             return fail(res, "error.api.generic");
         }

From f5d09f86db73ed82b5d18b2ff0f8ca09c716f4cd Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 10:18:51 +0000
Subject: [PATCH 024/379] tests/soundcloud: replace private link

---
 api/src/util/tests.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/util/tests.json b/api/src/util/tests.json
index 94005c0a..402a2baf 100644
--- a/api/src/util/tests.json
+++ b/api/src/util/tests.json
@@ -238,7 +238,7 @@
         },
         {
             "name": "private song",
-            "url": "https://soundcloud.com/4kayy/unhappy-new-year-prod4kay/s-9bKbvwLdRWG",
+            "url": "https://soundcloud.com/user-798052861/asdasdasdsdsd/s-9TqZ7edLJ90",
             "params": {
                 "audioFormat": "mp3"
             },
@@ -249,7 +249,7 @@
         },
         {
             "name": "private song (wav, isAudioMuted)",
-            "url": "https://soundcloud.com/4kayy/unhappy-new-year-prod4kay/s-9bKbvwLdRWG",
+            "url": "https://soundcloud.com/user-798052861/asdasdasdsdsd/s-9TqZ7edLJ90",
             "params": {
                 "downloadMode": "mute",
                 "audioFormat": "wav"
@@ -261,7 +261,7 @@
         },
         {
             "name": "private song (ogg, isAudioMuted, isAudioOnly)",
-            "url": "https://soundcloud.com/4kayy/unhappy-new-year-prod4kay/s-9bKbvwLdRWG",
+            "url": "https://soundcloud.com/user-798052861/asdasdasdsdsd/s-9TqZ7edLJ90",
             "params": {
                 "downloadMode": "audio",
                 "audioFormat": "ogg"

From 1cf82e4d69fb667518c09b23c447ac923d80f703 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 16:23:09 +0600
Subject: [PATCH 025/379] docs: add a tutorial document for protecting an
 instance

---
 docs/images/protect-an-instance/add.png     | Bin 0 -> 15590 bytes
 docs/images/protect-an-instance/created.png | Bin 0 -> 29173 bytes
 docs/images/protect-an-instance/domain.png  | Bin 0 -> 13460 bytes
 docs/images/protect-an-instance/mode.png    | Bin 0 -> 27968 bytes
 docs/images/protect-an-instance/name.png    | Bin 0 -> 14816 bytes
 docs/images/protect-an-instance/sidebar.png | Bin 0 -> 6662 bytes
 docs/protect-an-instance.md                 |  58 ++++++++++++++++++++
 docs/run-an-instance.md                     |   2 +-
 8 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 docs/images/protect-an-instance/add.png
 create mode 100644 docs/images/protect-an-instance/created.png
 create mode 100644 docs/images/protect-an-instance/domain.png
 create mode 100644 docs/images/protect-an-instance/mode.png
 create mode 100644 docs/images/protect-an-instance/name.png
 create mode 100644 docs/images/protect-an-instance/sidebar.png
 create mode 100644 docs/protect-an-instance.md

diff --git a/docs/images/protect-an-instance/add.png b/docs/images/protect-an-instance/add.png
new file mode 100644
index 0000000000000000000000000000000000000000..e186a65ce99e5a3b31d98b524348af049fba3a38
GIT binary patch
literal 15590
zcmbWeby!tT^e(;u0i_$1?k;IKDBazSgmg$BN<aiD>2B%n=1@vVNO#Jin?ni+=N>=b
zdw<XGzxzCQ{@QzDy=&f?S+i#EHIW)>^4J)!FaQ9+R#cGD0su4^03d}tM?vJ+T{~kV
zUS>5^bY$UhIGQtDNl6I~0KB}sEiEm^#>N^N8ct45m6erGPjDL>8&y@+p`oFJgM+iP
zv$eIg>FMe2?(VCrtL*G-ZEfw~;9wsg9}5c$Gcz*-1B05Hn!v!o?d|R5<>kJ<zPY)%
zyu7@!va*qpkx!pKK_C#7uW(ma*SovBhlhuThK7wpxUQ~lR8-XVDO@xZo|&0>dV1>a
z?*8S=m$bCBx-ob`K>-W~^YinIYk}|X?#9N(+S}XTKft}byatxx&iU}i$H(I0Vp4bb
z#KZ)(7aYqKZkPi9_3PK*;9&1OyuZKS#l;2w^q7>CbaQj#R|fz4_b(F|KDz~%`~ttd
zy%iT1x3;zpt%duP!WR}6GP>aH?d`I%vV44e*LU!vqobIZ82H{!%Ou<}55Bw$|FsS;
z8-f@0!#6fI5)u;lg5YqG*V>8j^K1CKbhxmvFo!?<=PDdtn46N4(lHHhZf=I({W-pX
z=k~(y@9z)J;qSBIo12^ZiE#NS_{U0ke0==GZ@7CQ98vuB>(_)fcxPv4N(UUyNKN1d
zhx2j5&racE!|?Vd_~(ys**DRRaCmnoJTn<?Zv`j8hht&DO?2UF%W!i8xUUCXM|E}A
ztOx)^e<{jH>VTJz`$7<74g}{vmXnqv|9kv@OYd$D7oS<MU={8U;Ub}8lU%%-`aV6v
zOZAMRcl<F;gF_pg&RxwzzU}`-datW!_8`!^L0;jV#-Q!!i~&?x24(x(SY%cBF|>c|
zzy_+IW**Y1JU8nTcYeBazhJ>aVm_0Za(IIle|K=bjv8!Ks}xnOG6kc^u=txN<3CG%
zLT4;alz#D<%5To&fHqzlr`Wu6t4+{m#S=T(8Drw?b!_YwOfnn4Ee~D{o?z(Wt?f4I
zqS68Zy**x9m&l4anXMQ4(R-9xnux5>59t+C8=SfSo>6$sAxacOLqfPKE);4*jny;7
zd4%Kw{{G&D;zq2Lp9S#;VUb1k8$WA%R7h(ZR-L$d1OVV7iOWn`YYn2SXgs``q*bh$
zV#b(st|~cxSmm2lt)Mpd7XPS}y%9H2&xQ2tH%~mFS1lG0jO9z}I+@}Ubt|KNRIhq0
zqf~X<7`<@BqRIIZ0A9Ltt!M5=wQ|dbFb(eV?>IpgITbM2NYEvVhNEc8;3Z&s`1nxm
zV`c*q5Kp@R75VZ@(>GZq*9G^-h4p)W6|Rih^hWjr$HQ%<4zPvtw49S(d+uj$egJsA
zZ3Nj*^8Gjs!+e9DIAXIqSi!w;Zdfn;lV!c3sPLPJ?Zd~Q|EY$Z#l9|dDaer10W+Cy
z`DIOX7F|@7%h-c~P`;g{R@fYpla(&6v`$t1vEoa{fbtF8>;^6I1{+a)mphluZ8i+i
zSA?ZHT!^mCjE+I)JVz4{+A=OYfP+|aIjdQxURo1#PjU*N0KZ*utH3qB+zZI6G83eK
zV)X+AcLwFr0121rfffF<$AW>&alyAbjLjr}DC3O5K=9w<=!JMs2g0<uu;{e5bD^t5
z=vTO>9w876DUSA`E4Lt&<<x^j!@$RAdu{Xwg&8LbqVPai3xoJqXUkbTes9D8m=r||
z#a|xg2VToylGG9?__^3vxOx9+;NFuJae*5_&YO$$MEF-~+)yZi_&iS-)QizUKAL!9
z&>ds#wB4rmMAiqM<S8CMWAC+XLJk0T3ZxT)D5}>a;*}zxS(R_D>!Y2~w#KNxj;Ro(
zB8sFF_h-n8^2WDqIXrf{JD|0-#`3x*z4!vZ4)FSVw3o<K=X(Sd<__jpZ&n^ZD?dhC
zIHW0o_t0nkSFT%-{%>pVH~PcPOrinNpxa;CTvkhpU;NAug?xI}-{M6Kbe<_;(z6<E
zOT?tLoSa(P;kTs^Os?eaXV1(*eqpbyZa)|fZ~g(T&c*HJ`v2d6{=f3x{N(`q6Egq+
zm+Cxl8K3Et#8p;*@ierw?X0Xw`2+yxR40Mv=$^O_1l;CV!#Z*RK(=7!C@D|jY@!si
zJ!khE0IVEt`DZ<~EDH}R>$w3SrgZy&-H(}o+*IHY8R!)r5edu@Vt0e-enm$D-eKKF
z-<$6d5DMA+Tp<F0LARQa)2FkOo26rmp_$&yei`?fh4nbje>LsZbISGPszNJjE9yIO
zCaYc`pxPD6wAT`m%4NOW5whj=_4hilIuFbE5V!$Oie5?=(>parn24gGd5xpSm<q2s
zwx5MrB38QL)yvn(&k}u>t_zFR#2<!hVqILL6si+O_k8x&^~CIh%p-`WIIM1&rRQHm
zpLNwf19;j~XU|<2W$gFEzc;-4Xo!|#%2hI8D0VXo(?9OuE0mMV<h)#ft~l(?3KO#z
z7@B|0Bd`mDeD^9m{t5t0dgj${2}%q#>1pF`0tCjbC++KoSaduMo@hX@3J0PM4S#-E
zK^CJEmf+4($t!t+{fy!$M6-ohqrew)T1P9td34ew=SYR-_5uUTS8$Xe@0+8hnxzT2
zJC-_LEkOA@9sU^8%V&H+2GUJ19mW*e=Dxi=m;B25GFih)E!SG$b1Ntl+{bFc+u^MM
zl@(giu+qzR^iu1;yEY*Kc<M8AF`LR1j<Iqoh#5XqN^_&0@h7KIDMAdr{x^!@$eZ;j
zVQeq&{yWFgH*ZYthSt0O@)OHg0B`$H=xFkFigq*)>1paCL6$G@5(T*&7#KO)7(TDh
zGS;{hxJ~tkVOpv1cW7<}ReIZq`h>HV_NBCLxLUPw?)^L*UG+r*tPP@@MX%3uQ$8h$
zFgE0hP8i`kPT8DPwJcem+}G!U7nWF}nnNR*g+?Ff7f}QUhtv6R0f44c&CsYsctS~g
zL#k#hL126&mXOs=HEjH_>vKv&5}2usYTc+}LOuGwrjB)5ZY8i)*>5NPMQi|Iy?{9%
zTlS^kMT!G6Z{~d|>uVcJa-Ex_sleBV2~Ro0n31i#(%~9n>0tN9j#j`kqq^hPDdQjL
zuBwd&ck8O=yNncz*W=mr#y5uT_=~gpmxQiXF<9Tcg<;z^&XmE%Mai@0<8K;!@O2Th
zwSk>Em#*dKaycK(GLsdp_-iqhHu|?Di?eCB1l&f<(p4wSW<9@fR@ZzA|LPAfrFH+J
ze0YY~I9f&pslS&Pbe{F=>RhkO#!j36s2bBYicFCeg4qlcICe%Z_%vp6l}o``pl>tz
z-29w(KmT(bUfMu6J3xcR1+koZhwH`@tp~R;FwtVw#)e%cvjmQB-aH5`Z%Qw9`cN~K
z-~aIwqD2B|e$3zJ4b8N>pF02c|3MjP6sq+c-R?W3h!8CG=YLQ^jU~fx$<JNAngpju
z&6yAjzTsHJ(fM#wkR3+GN^i3}5t-A;WS(3SouYa+M%>W9>;k>sa1wl+$u$eT<Y-22
zvgk(G8^f0V<)WrckDqVtJ*GsG8uqC+30gMu7@Q-TAN!AbmOeP3JQm9Al;=)Fi@`(O
zR(&x6p6Bz1qS_5(BhT$QDfw@wL&%y{<xH72*kPZSzx5|&i3C{$ECxy&GZheP4;?GU
zu_MSc6eMXp*K+-oLJX%!p1PWI#~q7@X@!|ZGSA{L<*ur*F3$0Yh+FgfpPMbQ`62_s
zPUIHvBfggyu3T(*Fny6}$`m#xHPTlB{SR9s{{G>MX1Auh?U5ogFl;11q9w&ZjQC9+
zla(B^=2T69y<S%(S$L?KLL_Mor5dO`!@W_gdO_{jFNK!!V~I@;V)Cqb8)Oy7&%L;1
zqk%hHWr)22w?<BArYD0p|Leuep-2q1X?Fg+A|>Kq&I(iX2&H018@-RF*{40M#kXU3
z4SZ5vGgcKFBiR{p4OUbUAoW9(V)t>rsYc)19mgx)&;Y>Cj#rLh4)30&*R?2wcXeJT
zk3Wk4eyBP&p+%780=@gSP1<VfV5s7mZ1mlb=M3cdkE?|!L&x~D^UrHtFI+A_-%6h<
zQu*{8^c6tgTC%_&`R;If8;o8wCQ^MJOkuW3B|x|oXT;=Ly6!p`RRdm1ovwOUd5hBQ
zYe!f$wOS*Ve20I?)IjC`t%YR+ZQZKM>W||ums@eKlyngacHdYDo{GM_8vl46!r@;k
z89-%D2CO&BTNxFu;!|QG2Iz)B-DTGVJ()jyYSlyFJo;*B8UT0zH7mh_+oZKppOY=I
z%5A@4%B{n^(h%jjErOTw*m@%j47nOBiU?AIOj<fvf0}-OnK6oRzuw_(FDeaEZ;#Kf
zJH^!zb0^tmXhRj1mTaAa41-#Gmz(0jTFyd<1u@8AjA<RyI7f%r+Mdm6cI$9L{`8ZT
zHkC7xhn?tWG2@eGAt3&TcegK{>xr7snjr*xq2D@2yJTAr3OHMKhc&nBzE;G8-T#v)
zm(gkTt$v#e3FyryQ)~MYX^#OOGF1#Sx$HB#vmzi+uW=?+cOk*q6e~(sCR7ne0F#wU
zQ#9#+%f}ZK{OMCUOiH1Wko>=;4XTV8iSTcwQxF0GR_xrS$PMF)7p#orO(CYy1FzWb
z;RTLod&|FBarC*F&hXN^0S|GU9Q71|CPz-|P|G*V4E4o%NUsXG8w-2LR{b|g6Ra53
zT1~90Wf1(@E$;~}wAkG02`c}X@E+VZ*GY>KdWG58*=`wj4}<gnJCgqYQgGkZ-RM#6
z+n&Jtr>*6nv!Pq{jgNtWk2`#b?z-NbQVMv}M121cy&O##>a+O*ONq-Y<inz&RWe(;
z%sipu<@zzIIA{yW*HZs+1II|wO-Xm{5A8{&9+5*9mlpu2Ko7H{jqci`C;@;A+bsDq
zBp)5vE&hgwg5f}g@IA^Wd@wgefMCO6nsBU06kt(j&xhA;|A<YIc+9uoUTg001L?cV
zWh4M=S<u}o2m^y&gFwx{eaeXv=*_&K)0eIF*6%#VZ0{%&X9nKMPLBwgv)ftML_2bC
z7=<a40O!$Gw9%k4*K22Ku4w2!0C+Qmao{jXsk_I^T0nb&V9liwCsG|D{#s~VlHq6%
z2&l94Psk9Og^KxQn9jDkApuEpHtRZ}+_2Y<6hQB%Wt+ZEPT#5mlwedvm!{uq$&l66
zDWu+lKBvA;R^Lz*z;0pK+Sbl)=ddm51ve`Y?0t~v{)vy3<3-x-1t8H*lN6dD4)KTe
zc@LlieAD0W_Xl6MY2zV^nkBw(BD`hP`m_Y0fTN$@cW81C9l$&30kj)0lpc2gXdZvf
zrZSY(7C*Iw1T-mmyu2Q7GLsW&WC!x~m<t0B^a5?v&9nC7RszJ|=eg*%+hS4z$&S{Z
z?vA;Q3ks17$4k{Bu+PW<%fg%V(V)8sqC2o}UH+sf5Uf_LLeNSVtuwqDCBp;?#{rad
zUthQktmMH%ZfACXRi7U-1HlfGa-j(kx5_`s+q_W$9Y?BTCW!n9q?1^@5TU{HW?vXP
zobLToqer)RHIXLS+cza^(`zl0TK8#EtolYAipr{zRV)!`QepYDUlj_NnAn&y$v(Z9
zA|rI2^tqRM>=+r#J$3K+5f%06#@DTJscCP_cYN%xcjssz`*x4%T?$oVY9*#8sceO*
zpRj1aInvUm|Mc<5%r@nh#*a$4Cg%E;%t1bDHtg25RG$Sa=E{TejT`m3Jv+L8)WzI7
zlM2B#kA~t)^(X%B5nae!%6FK*FL}(&Um=!GJ}sc&@FUASyW%hiCGEc#7H_nDwBe5)
z`Eq!nlb!4^BgOb~a&MdXZZ^k^hXKRm&wA5yh>Xt^Lol}Aq7snM)9KPk+@OyurQO^A
z=;Jtn#B)v=ZUeFHY`cpydfQg(5F5GIU3G`DR-1S}`thn?S(lCV)zmS8K{e-vXEv%)
zpUt-8p$@SWuXZm(ox&S|1R(@S`q7^i&I}~IeXa^1y^HZsTH{a2-ki8$21Dcb>fdBR
z7MOd_ZzVuWoaH_9Kci5#$2+^F$I0}L)4{F#d$uXv6ohBWC;bzixCH$k;fLaWP}xtZ
zy^8n}PQ}gZ&+5A6q{Wf&#5*kHZhQ=Z-wd-knT4OfsRl|*(8H_?K7479?O97yw;?%e
zqvyI(E-Ax(U;AR?3er(%`LsTT5ew6A`4Ia7x1Vq=@jm+NDjG>Ytt}R-w+h7gYBU{O
zvp%c#SL&9nT^-IGnKp*}$m(Ulj_ix;djx2Z3s^aK7bXlXBb7)azlvZcc=YeL65lTi
zdOy<{G!OEGt~t_^hG4su@iVQPPd8dYefzZwG`~jrv|fv$I8i0)`M(gR(LY1sM9-1n
z<N8xFMxQH^9|@+LN(UQRLB*w@*Lc^|v5`Vd>p{`rw3ly0$A3P8E4yTch+L^h3De}D
z0$M~>U^c2Z&pqP3nZS>y$iD<E1CfRQuD$qu#AlEp!RIa^MKD1zsRGLQ=@h|`%VSWM
zdljrQ-QGOf>0<vnELnxVummLk{UH#nK#M_Lxq3DKnzm7~F8s&e_t3fbyw|tnLE+$+
zBI#S+ps}_sB0}yu<L^y=!Z1iAqnIr{H}3njlg{M<Orcc~!!W0h*;M6&{SOO~r1d9C
zkR}(}o;4cL)7_BuR`T_tuccNv*&qF$cMT>nqO(wq5mcr&{$4DW17J-0emDg?r<?oA
zg;|Ey`lYziX!v*xHbD}X>X>8{%ics0%Pl7xAI*`Kw#!k9zOW0)X-mjt_9Yv|_w%9i
z6RI=4CjX9;REuN5<3F>w?ioKn<k?~Hc}^Yop}vkPjL_dcP2qE9;|XPf@5(xrP3uX8
z%H~2zwF80uHo%=%WfYu}b;-N9TJcqHL(-zS8q#<o*e=?7!cb3gLcwZ!<Fqg@uyQ(5
ze^HVa@T%)gGd_P-+bQab_wU6DKdWJ}mM(Rr(FJoYgo?>6->Ic<*=E+7@Wk>M<`?!f
zfiQa?7Tw(F!%ju~KJ5ZN04=(+KT|vcd3;)zzE_yZ=(b}&Ls1rF)haAGj*Lc#ecv0K
zkmyttWH~&pdRc}W@I{n9?l$bGFS+xhLgonpX4>~0%(72e=Ekh~!rIFPLuIzj-Q<L4
z=Je~&c$%?`e-++hYK$=ZzICaRb}Tt{k*S<?&yCmmOJQ`A$*?}vf>Qla={UyM4qHtM
zjrUc*luOHtckxK0q=A*shj4pm$H$M)uRC8vk=DJklS39x`#<!)g5po;f8j~*(j+Op
zc6(uz)8_qpkh+HkpRK^fm|T_!S|osdJVNwQ7N0&5LF$U~<V6p$wUh41iKj<Ygi<f6
z{amAHnjR)NFXu~a2l`kff=vC!eCrdmF{YYMRDE=7E??|F^I_tX&`P|l>T}C|vpJzP
zOEO<llRAMReR&Y6IUp$WY<`O0q?t?cAZp9029>NdI!4MdBhq$1^%Gi?-^-0mqOVt~
z982xQ=M}fqhcQZ}e_@}{;XIv?u!k?%NxB~{2~SDQ{gQ8e5ew@XG%(tP^-+qXtj4md
z$($45^*JG(&@fR{cM|>E<%i1>kY)B$r1$AO?8(6AG(Y&7Q4&I+VPdGp!Hsl>c6Zf`
z3em`l@eJOr_r>dz<hb(N&rwz3r%NDy$4C%q_lnPj!5$KptdsTR6#o)GpFP4B$BrhK
zHenc#DYq8KzV4<Z)TX`DRC7puDr>z*5Jz3-Z9%Vt*W0y*U~PP*lfMqa%ta~kp2|gJ
zjJYcG1ys8smU~y0yqNuvnoOhS<P(lFZX%#lGTA+zzWR~eXS`D)Gb2W1{mlaMU?zZ*
zX|R_2Ac!HHGPTt2H6c%DXdOg-30l*-U_;A9#d*g^Y_yDlPanQppq;zOejRM7wLylw
zuYYSSPSw2FD*J3+``rhlrD~jD)Q_zT!<-=Ba^NcNQw+U>P>9W5MboM9Od{A_Ym(yk
zUze#nfG=zP{}7*}zz_vJqprNe5h?U0>pEPQeOXr$L2Q}U`T-u{(SX5ZHZ+nqVVWb>
z%P%hVHS!iOqLkZ(-LNg|<Lg5++o4(Uw9HYQ_z!n2Mn0tW{L(Uc!jQ3UR2PC;O$qPB
zpcmW36V&26*r(7`$!BQwfbGVgNj4;igroyeeL38vmE3wz1UE9086})>A{}At0%Do5
zy}O3rLu@!*%A=j~^EcWyd&C>-xTM<qD?jiCFlZ@2hxzFak?_RyZsmR7Wf_#{86MIQ
z&fJUx&hBraP4;CSVSHYbDDXQlR;8qsDsV5C0_Br<%VnEn+zKwU=I|xA>jcmeU3z?)
ziRt8GLZ;J^QfqMqIcUVK1KHkf>^^rtTpT*gkNBRT+$ersX{GW*<y9%?2_<{CEo~%o
zr*8cp)y-6sq*VoYe_{^bo1v|kVU7=dUbRWgji#2H;bP2{@1Wmm!$G)22lx&ukf2=f
zueon*e(SY^2S)6@haZB<+LHt`>AEx5X4Ag=-m2(M+&6CG3SM^`n3h*oj+}eNp<dX(
zP+JS^aBub)r9logh*^|?=3EGJH1E|+BVD*5aR%o7E@FULOB`5lFr)ig(KXU0f~Vh|
zsH$fa$DNFBh9}Y%tW`3n#o$%qD}WAZ-^Tn=)WA>#Weie#{gU+ffm#-J%vc{&ePJ$i
z?D5@?<o!i?Ovpp3qoQ%5W=nMap~PyO3RQYyBWpZ(H&K1nIEIg6vEw^QRYxRPS1S`W
zw<4~hAf1RXC>h*rkv}pwmr12PoTIBLvqe8>Z`IH!gSGd<qZQJ(Ux~~I10zgg7(p#6
zWP5OfsK+|}nBc!n2bGXJ>(xh2#W-~<=;K!ZrSgw(q4?-c)#2<;WUDv1ShF)#O<!tm
z=XOj%BP(A!P8(P><a@F1npjTnR6?I)S@wzW6S_(|LCw^3gF7nnUeT_f0>aFaAbbr`
z))XPc&O#T-j6J`u6Zod<w=*X3MJ1*R8lmf_x0&*9dBPZSRkq?@!At>)vS&u&dKO=)
z(^<cp3MOnh`>Xw>S=LJ<trtK~dWFf1m_8EXsn(4~?t-WU6DAjWn&x%H@pcDGlkyoV
z{agI9R}m~`!80_~f|Iz+>+x(m!gu_^%{!0xyl)*SYB8(5Btc8n9bp_p@OwR|?$;bX
zLiL5fF|V@|Ua-{h1^4QQy-$@2A1;$=AFlo&T#dKt5If&8Me#Goeq6#`m#04UvDQlO
zVABG=Ywn4y0*u8i!k6^0=Pc2WoW>4>qrwrrG$g4%RUq%tiYGHeUv@+P&WFxlojG{<
z0ea9x@auffhPKnBPzZ0r5}qQ+p2vUdF8PL|N)ej#jIj1(-+`^y{oVgei)+RWH4oaG
zv0y#yKPn{3TnsCIqVJEkXBIlnC_U}9uLEBVROi<-1;3;g)$3ZardvN@^m$i#HNJ_{
zAb;pxXHA#;L;93n8Fc%_!tD+{lGGJ>Cr3B|eN%VC$r$JLY5Bwr36I5T>V>;UI=eqP
z%%NmFBa-<r_4Ue*dE4eVs(!+Gn>mWo)gRB=e*dklxE|hYo}(OYvo2p~Wt{onq&sRB
z81niYBn&*%jZURL>yd6ZMjVWm15jG-SPTbvR9{q3Ha~;C;sfyfzj+hAj>xAWac{+Q
z9k0XWMmgBLuWWpotJk7{H-X2qEt0EZ&C@UQj}H34g7@pShnK}_T&b?#6+mo9^}3ry
z$Xd^#k^G6^_m6xet^16YVNDfft(}B{Lnad=l_ALEku90&rKnz%J)hNn8xVGT^HXdO
zIAPErD9NkHY5DBsV9i_WJzcBXzeT?+qh~Hzg~yK0@FQYqxgH=QRUY2l()}a1K*_7N
z_>nP!xw9FiDWchz99DuXN~#7StTATk=i)lV6=kl(3kvDJ>|t8ptDW>Hv^A%{pZxH>
zY{9(b)~wTQ*Wd3A$74`B7}c_P4$JsEc5xY+XJj*%p1uuQ%`;e8J&%TMVRdu7WCYE(
z{w&L9n4Czc#xJrz!Oed;H7+cDO+svI@5o@*bfL6NP{mN`$ksH}Q3Z%dU~TS@ibj+M
zbQp;$p;C~?ie*9u^r}qTzZbMN`O;5@+0JE(A=^sS^TR9Q`Ok3dLZk*u!LJ0|McXYM
zzHEguO%Yt0#HjaH{afu5TSG+|V5yYYP{$pDqOCt(Z!ELx0-w10N5k;cy}4q*Cb#Bv
zW^En~QM@phed2<+epY&z)D@`f*B2l9b@j84*VGKTGv|S)I^t3hMW*74rAPd@pzF7B
zZ3$y&7u=jOyWZ??p!K_*BA5~!UMn=#@gJbY!Is%_{Fpr>XnfCLV@SXHlOnOg(<7L%
zaS)Ey@8nWtbpq{Z8|Yl)!j1~^gCwg|Br|&YRo4wH<Qs?{Mlw6z@(FV8d3OI-P}G4)
zU>S8e#7gy#;AmUer)*XFeoWR3OX1RvFvEi9_cE2j525{?BDbTxax5@Vb<Ue#D7|5^
zgx6ndUjOSS*Jp5E?}ImpTn)6;{?Ido>7%B{%am)LHyHWG|KyBz{m8t_g~p79?d?4-
z0dCT^18P}$&>o}WeSir%2aG`RTIgo{q%@KSW2=-oWV(1-%K2Mw>ij1I4m(Ms+0;)3
zpUNVplUX8P$)Xm>g$_OlI6$-D^`~RG<L(VVz=4xj{yg3*;(U8q8INAxwj))?_3jjI
zb7+T_=lkq^q3Mz6Gh&rs@vP<@_qKa8{fNy^8Q}0>Q7G&afB1gH5Vjy5H|dbx$`u9f
zyP0wmG=GnevVSRHE<aH`<#`Gf)uln3D}?BM0jYSHTXZp7@djP>*e^LA7QArp)N<l(
znbbhiBXy*sJaOU;4hfmsU#S_^d0k<O{h4hp=IAtqWUw|fN=X^x{tRSB^DQ~?7F(?T
zN>pA~)@ZE$EzaAA3D{UapV(02pNR;cr`w2IVjO}|L{6n52p85N!P#|)7dI&1Te$;5
zD>pB(^DK{bnX;C^k3->WcVq<P@xkun*Gp?}qb=PG-t38#PpClFkPjnDSrr_gGgI*`
zszB6qrQlrs%Je1qu`8K$2uxxu-&74OyXhGM+>Uy3lEqAK-<yQQzqvgTUSvaE6*Vzn
zuL;OG<(cZo{w)izaT<=Y<H({w+~#5&for?|^<(;KZ@2!*4Yd%yy1SEV%r`Sa*gfdM
zp8yTomv6N2){c(KRfHb4eSf^i|3sg#JV7{dOfg!Z2%$9kGS~T`MG?{?330D>a}!~n
zpf2&3iZ(SAvAeaud14@^FK$Z$7dv@NSMQG;u=joXL%`jCMtbd+cQr;onAZPi@k)((
z#0Gjoq9G4bl{Atjg0bM*)J1|FBl0BeSj!?vq5X}1JcP0;_E9`|ar!)l$RC6>(9`%2
z4kCp<lf4{p`@Q_d8AbSbnFM<)JIM6*ot3`6ivhz=|D-gqBu^1X$uQ>0>tU=|61P`m
zuusd%f5a>>`g&Mgg<INW(eRx~`gBFJehJ9wy6xTTcUD&Z7!pRhjPUncl!17H7by2>
z=Q9jOUq+&@@Pq7xP$Lrs@c*ahpxT?zW-r{TFIV?h)$;0R8y_FSfFYd8(s4cNwo$W+
z3%T9W!v%@o6_;^^)wV|qIBGTg5k7vqQ!|dO`szXDdgh%wYE)G*ImD7J6>}JnGQG3E
zKK&kNiz{xewTyV^oE?N($unQhvrT>t%P+`x4B~wDA#i1l_08%|N%N_EhWkBIC@vi+
z;nLZ%WQkj3E*uL<R-toXSa(4Z=$|3lwtY@dwbO?!h<`?A`JEs+T}}~%Q5?a%Qo<a1
zlFy3RDO_hI`^yd82s^RejAz!L`U?loqOCAL6ytTSEqiVe4SIa^O6kXxJFs>4%e`FR
z{^g&2yilZarfN~g)M?`S@|KmICH$0t3R`=FS^`V7sKH+7PslU6We#KkxgV{XksU;j
z-!X{%c&IJ~T%w$~n+ig}4MRAjom^MHuY~ET1d2rCTC+32wckJQBTWoq6q>TJHhO@f
znP8v}%sAu_UW4L=35op+#uvgLgFQ(Y@|cjeGm}a`Oc_4oV-4}4rZA+A0Q>mHzl^`X
zdW5snG(X|u)#lolO(;MDkcV!INd%4Yzi`5c*yDr)3it$ORn0|RX$Ivx3j!Y(^#*CA
z)z3EXtWdIqYa-+)N{#}jvey#jkC&SXK+mx$QgFRnk3|48N*}oqjiyPF=`$CxvVr=!
z<@(Ugx(x6=!phiVT=0FykGuGdmKA~S)nAS;M(Kcy+u5)EjR;2ZT1o721@Ya3xH(?l
ziM?d+^-07qqpH7SB(qq|hPhUQ5v7fGX8L(0`(u;k)0QRw?AHPph|n;ke9b8CIPy@t
zgs48xWs1HenK+lMJMF_y;lLo4<=14MwLN-bmMc&>hiY*!&Xf(liR|}?EX-m9(U8UN
z<0p{O->pfx7BYFPJ967Elq<E?tx3WT3{*s#6;ubd{e|I0m*CNi2zhhzPoa)esgc5l
zss+~A{d}TBjdld;2cv;sbo9v`Io<*g^FR;B2CWn)D7r!=*N9oL%m!_6H5yE<`bTpo
z?s|Y}?P@BuF)H}VduJzS#7gLA7Y3-~&+ZS^VBC=2;m3!e->|1g*C!;X@2m@h*^$=E
z;$;k)WCvM&#k=%^`8cg=N+-svW5E<ctA2KDt@uCj76rqf>OxSm_RD|(K0($+x<a;#
zHWMR30(EK)X@pI9B^?3g_|GP2-d`mV_G4n~FjA?|S7ZH_O^+O6BU7a-wg_$My6(@C
zhCfmjewD2!j}V4x>v!x|PkqDhSueV13B8hj0>$XJusI_iU}73d^8Sq!@+VV#SanG#
zst{qvF?=>{$=#6|r7-J4&x-PDt3mQ!rZfXwH%Zz5LEIA{gXu_D{G%_@mY6&i7Z|on
zQyTft0D|Joq;|Au&e7g6()8+vj9RYk8UyJt5gLXUw;C!FgH^nH*Rtr&GN8;qIik;@
z=N~aEO6_fg==Xx>xW_}pGz{-bbGIHTVEKBU_aC~+3h~0ax<0vnd!?{*pWXdxJqDns
z>Q(5x9N#41fg)8ki&!Lu3X(+(efj{Ue11KN#vV8AiJiTkKgY!C?e;4(q7=J~F}H*!
zhjyE1H1wqt4V8)dHhz6JDqSvuv-M0P+@DcAga{*=i2p|+Hv-9S#aJE0Uan%H-LKgk
zFmY4KZhAHS!%}D^JIGbbx0Jxm@+;SS5%m^wuCHwDI#`r2ph0_|Me<``rDSP#u5A5a
zuB^tBx-bsfL>LFq(Nbt-N{5=y$0bU;D~9=whKe=O%HP^hz3|ciG4YrMHn=+^=rEL$
zt1`egdtee(D64pCwBG!tgM|CZa%#X<$veWg`TR^~)!z@_3p3E%s^Fi!S;c-{ZSV<f
zzWG!<C_eMj_jhu(Wo+MJk2J)5s!H5;ueWd~c3cMw)F3J<<o>(T;C{}-ba9+u|2>YB
z5f=y22h+SDtz+YuUhcy))a~|jP+Omkp|_}IlgzNm=cWCn*m2J<#i|qeqN)KISYGdU
z5MO3AT%(Aq%#|{RCVO7ytSlb1<Zz|aCr^`)f?`$Wn`FJ7tkH{PS$9t@TtqzHk9lY0
z%-F)r_i^#gv}7%hSs=okdnRWnT6~{W{{~M}N;b1q1rUt+A>qF2UqKe0F$ndIuVeF+
zL-WO*Lvv$>yFvx#X7gr=`?2`1Nt<mgEzM4@)p~o%U60rL9A8Ni4Z$`>zcop-Fls2d
zi1?Oy3Mtm}6HU>HA*oB=<{KD9)hLCcp&(Tg(BAx>gSVYROovW~L;WYaai6V*P%h4-
zQQGhg!HE31sCvHpLKN(yWUp0y16;HndNXMmE~0RDG`^m4>j@6{19JV#KeH&flD=Os
zSmjRyf507hpdTQFhn-QYso}!1(@@;KGP6}b!q|-VKq?5458UgR8n1iLjAZ!}IXPEL
zW`lQFW9FTYlBjB|7GzQc2aIX|-1<WRc1z;-OqzAcsn8eop_PsMzt5B-RAk9D$KM9s
zc{$?{f^_}~<I2UX+|RgBiCFXaJ&mGA%6BO58jiYJ1Ao;5e&0*4$1~tBlVuRg{6Zto
z`KMSeUT2%I;lmv{o%Z3@gEjXKEft-Qj(YtWlruzj$qrC$#4x10>2+4ZHDJGDrGDQK
z^Frj@85ZzPqRJ&|;ZxyVM}lXQGjk$BrD&hM+P9CvKUY_THfkn%%yKDj?qP1A0kh~*
zO7cvC4koKD4D;4D)dM8Q*hvAAs`7IxoF(YNFD<)jyC@-P2=Od#;v<h*2N;z#7f&i;
zEb0~u#N3k=tjsTwof`rbEJkbjI)|Nhf-1D{OdLmr|7W)YV|$C6Jk{eBXZC^3Jfl#n
zhU>uDCoK@|XS@vJ+Td~~|I8!oAReI%ZD(FDl`Jik@=jutrzS~@7E_Q<L;xZpfr^65
zuo#C12<MvIG@i^%x~bF%6^{IxfS{Q6^Uor%S#WBX-)pyNMnF338+9wI_`4J&X0wgY
z7f!Hw7vlWzUWU7#%tAAK4RtQYq^knM!g{f8B*$+=>d$Fqm<Egi5C6H%N2caCt*jz!
zwBql+65aoGjNw{>%G%Hd!*W_mQFTpvq>7RhuN*KWbUhT`NHY!)1}$|q<}wxV#B90d
zDH<Qg$d*YM??)*_=Le%b*DEBB#81m7BfOH*u+njf!F(|l5!wHn%IC3Z-f-E$pP!3y
z`tom0esajwZr*{v8ZN#jeN?Hp_35VO07}p1{CL)NtMsv3Pj+{^$Aq@|z!j%YBv!P%
zj7*O)1U|4jSNR3f80r1+M25&Ks#MhmZ5WEwi3*8}`}{I1yxWtp$QYofb8yHi1>^ce
z{tSr^L_W^5f<;7lHv2~HiTQ0FA|<S)ojp7u|7*|wgElK4%sAs8d;c^J*M_7(bU;6?
zcXx3A@L55BQjVUQDs<@6(G~nMgCv%)m|2h70TJqd=;=~Cii6B|#x6ZfS?qmkWn^SH
z)`K)5PUt36&hRpDj>J2=4G=<pKlJhKz-TSf{{B*{9)PFvm;~JkjgXi5j8M@M_LK)b
zL8&UpDgB8Te2Qr9-215xEF<&w(&DmeZZ#bm7>}lmJRj5cSAyp+Zj=zpA43pbL7t!M
zVyYpi6?|6QCl|uYx`KIJd7yLD_E*Wyy0`<(nqR91yQsb>Oi;MP*!vuzz<d<$oG@U_
z?=(?V|6L-VO<*D9a>L7^*p>hJvrer>%hB|bg`O(=@PYXi;?M8B_i~_Ns(ipRl^KXx
zV6n3_DrQJ-{fwm}FDXM8Nh3Ua`{ACG<|7-ejLb6FdC{y6%#F3;XkX>>&Y)sUT{Wyi
zRA3r+;WJ^!qlDvoK$w;Bo7e}$9~~IerlMXAzj4!V;myAv@k}Eng+nN*!+snR($Sd)
z@H=tKZpPFOXXA&Zg`YI?>oI>&aRBFtQldirxz|^wkearM2Sx$Am&!R&76sIj2@xCc
z=LVM#kJTycUMR3{A=N0468vXGwHgwegQ=W!?Z|lkv$-b?!7pj)ru*4{+~^VQ2B_Mo
z5v{*!(VsS84tDc`sUdOh6<LEYh>l3lI(D#6sE{f|%-)2@I<FV;I3wa=Etybac8iK|
zpUWUP#BIf15z{od7Rb=m1lumUC|eD@3rij#Z{-nYZL!9qWcP~pK@nzbS$**yW|Rj~
zOl1x;ECsJ?(~%TZ@7$~*Iw{^ZQ^}|){N}`wZDvT;VmQlAFg2`=C3+7%3Mz`~RILxu
z0QA%-?BB!KY(msZ!SnX@%_xR$Cdf?x;3u$$3Ydg^D-Vk^WA~;FLiaUDU4!OKPN?F`
z^&vbOc=|G?5RCjGR<j;q7oD#JTM?M}2~1{i=r72cet_!s$f-G`>%r*N*faML=r!=d
ztr_Xzh}e~Ckv*4Xb^x<9++XgOM4btQt2_YBHX2jHEF$9S{7_$+$fug>S|GBpvQuW~
za*)F$Ayh)j5c2Vzo(a8#Z5Q-f@9bTk1_}4{3w>4CJuF8L!S)aGA2*xrENiA~cb+qG
zmnC_pCSB}G6K}~{gr?v51S7qNF$LGP?S_Q;4Je~HLPcuX%od*&JTyMd)?2H>n1G<p
z%Gxe*W*Hej1GC#3X1kMW3uE(Cv@B$%?uYKy)&`V7q<!LrfeVVWL}8L+C}S`obVO1Y
z!VxdRvGLg<O6XZpScHPKIo3*JQbB#v1l9_vebbU;zUs)d#JA~kmv_-^;UUQpPUyP>
zycjCWq|d|q6Ld(<Xhc_;e=QKzl9S=l(P4M-P;kpyabpi*+P86NL`2vUvFM2sqgifQ
zVh-VhPMXGyBMCg^f~9wUp?*_)53`JjvZ^WpTjalGj?K6+Ly#~q%=n|_%Ao0b(H~n)
z>BkP{PFzQFf*Or?$298_k_ts?q6y{)c_o72cFVWZFG|7oy_t!wQ5qz!*b1U=>m8z)
zb9!Ur(>8b!q6VFRxEVJ!f8&;Xjq~hF>G#OlMH)QUqzdR)EM!irgYuYz5)CP)$=4p@
zzEfDa0KqA!)~YPf*az1LqXOED0^77oDkmqa=3Fn9%<oxDJw8IVG^tROd1dHrYj6}@
zP(I-0liJQfPKz(Q)R%DPGvyrJ_nxVr<c8|y`5VQ16I_arx{CnFkDW_my5@l-YoKPa
z2oK-Bzw^gk*#R^qiCX9nmr%n%wE+a&R-xT8uhPq<$xBy*E(Qe(_@Kn<7i+x0{MY%s
zoabWikn6&Siq&A&*8Zz%yCk_7$})b2X44OWs<nTVM;kP4_OzFd2Rs!Hg(+N=zesCw
zCQv1ueg5veaM^?9c;6Rw|Mqz+qpuS({=weYO)y-M|LUM?6HG57Gkd)5>m%|i_JX8K
zY}H3fMn=`u&2(iu<x}aycS<_CY6w5Ssu?SIHAG#;e5o^QHC&Pg>qo+FK=(68Z;rNL
zq32fdK}mlaoEgQ`D)bHuvUtusQ1lAV_^k4k=0z^XL(&j2wZzM+-g;BlDU~T}C4b`h
zfP58wYaua4f8VcJ@AW${0SQdPow^D;!C!1&%Kin%tO<<JwjC;W&!dXS$jWj7zmr%m
z-aS-Q{wis`&`<ya`KqnMtg&++R}KeRN~@PWkb#eLHogt3CSeCdZ7X!@?$@Y@M$Ccn
zq~5O{tOHPqZMRephlWR@d!ZtL9m2!1uHflM2A&-13O?^NKLaLzb+TZ{>>)JWfmFWP
zGu)*Fek&)PN>&h`mVfFL27-g2UrdUm7;*c>fL<X}cVA8mv+Wa34;Dx7$Uu*OQBBmx
ztM!iGB@iCyt?{FD$Fs3n+E9(>ioJ@<IIJ%zEMq=2eN#h~j0z1khHtg7Omoqt&yaUh
zyR@IE-k!ov5kX3b)N8NqYzTUL`uS*tI<Ir$W*7kUr*vf5R>y0~6#RhS8zr7vMove*
z`~oHm{Fw_YbSWkxLO`&3Wxt}V`0Lg2GOi-wm#=`{EH~zAp>X4ss$v%>08l5Xw~Srl
ziLn~ML;=8>@BO~{kVYLuH;e!Pm5#ldCVrx9ZsG;v@`G&2JYJ&SOCLO7e@$4=^0~5<
zIWgeZddScB*`~zhJrJB*`GTtYv#rt&HXyzt%z2V*;XWyd(kMAY)iS2|(41`bh5)$N
zaj;<)q3pu>;v?$5tN-BVYD1l*Xl+ZT!W0syct;Lrv|+;rCbI^25^@+A{c+Fy;D)$g
zs;z?ph~cx|^{qNfKRFV2y~7hcU1^twf<jn)z9RJs`6DiY2vU4;`+IA0DdmnoHXQn;
zPD<f(b`&fh{F7D=5!v%8U#E#h0XFXg*~#NDZO~azGew{H($~@B5$L_-Bj|8o6dthy
z%8!V`85^7SrIj1jcym&mx1+^ZmsD#E@!Z{c3}QqxPnMVQ6sLR^WCD7LvUTD6%}d2O
z_=#5_Rh^FqZ@~QCybXLXHu?Zp3Xa9YpGpCzzJKzC@k=CyCFbZi2bVgQZ1-@joAYrV
zMVn?a(A~$W;*Fw8+*z@3te-?P^KM{%iP(3z2jAJjY(|Qq&MhG<>)xFN3413-Oj$08
zLHjr{HS2<mgcN=^r*(J<yWWnpOD^aKEhoz5;0N>{QP5&0Mk5|&r$Fa!V%H#^DjDi=
z#=Y9>{`H&Nvr~t!iTmGJU!R>FuX+6OZmn7K4@}f~f3-3;Yni_?Xy-hCT8p#n+Il%x
zZ$(b7&gHw=C=eM@Q-X3EIxuR=W=1Nl*^Q)%KLu+;duL0Hrs2niybDBKRwzcOs5|@r
zX$Eszn^peO^JdT2y$_Vj1qGq+@CVxJd!vgvF(@#8onA{UQSkD#FIkeeIa2lt`b9%(
zx33_g-QK$shVZ#655B>spq$BZq!S;mwq9#c-&AQ%ez3B}wJ_VHAb)B_sUr#k#p1;c
zt-B5wXY*wFRbx+91jq&Mqkhq5?&<TI4&7<QUeggj>3#KV-3`6U(dW8qZ=n0+-NF%0
zmn`+<4mxM}n$OV5Gja2ZLS??v-ZJ9T6%xzx)7qEY$eng=xATI>%p$cRxrkBo^4v7v
z6J6hdTI5F-piCq#e^-jbx@sIWfUS7dIlwYaJ$3qUgu}F+a~{vahzwz`^vpyThCf}V
zr)kXK+c$TH-#v12`;UQN&#8|KUB7UOIg}&iYo=z@L3dm<`mg8v;cT0|(b;>2>@qT*
zl+1Pu?Xf=X;1;Hr;;!M(4w<Oal};a_lok_=@8t}XEwC$DM_AZb9No?_Y`LJuWZQ1D
zUbQazbmhc#2_PAN{24jpWP4GFsA!(yG;lNbC=j|z=P6FH4Z>!oMKDWzX0`yc96m^o
zgd$<4MA!w?gGE~sm&&$Qkvgo63}M~_eFl^qNc!&Aoq`36ci8H|l^snia)K3wj?qHs
zssH4e{LW$_clzfW^F7_^3%vEGJcCt(eF-v`-adt(kWKXcb%GK6=0zdXS|nb3(Fpa5
z4i%YxF=IIuW-2(JXoOVLvGSwvHDEM1l>*J!@(SXaK8n_-+$IUdNrzQt%E;LMy|k^7
zxT}PUr*3VIpN9%utaIn?{{C7xtWFYMys%}@g2NzbUWBduMiV0VajGVk>lZ&d^Y*91
zr%Xw%I<}}G+ZsIlHC6Oe)!HpnuH0z@SEpWg#4WAGMNYmx_d7ihO5iZRF07vmM+IFz
zL4XG?0}GeX2<SdHfvHfA?+P1ok$4SM;#3gD)vD3Zb!5FUbMc})V^R804i*Vo4ugG!
zVL25Ime_rN&7P}C0q&JyV0kkXX1W7y4%Wcfi`qjbR1}{J)NK?k(*kuP=S1wgFh#g(
zL!ccCFfAAc_fifv1;TTZD4G-e=D2$@9(8L#p%N1Qb3{^1{m^fb<wR5;!o<_A0SU07
zj=Z}(qf+n+^3o^<2c+@R6?DQlMj?tYD*TKJzTskMd!r#sxz~I+WlScNGq}5`Nwbza
z4E3TrhBE*9Nb*N`uI^S-+AMGbX*x22S%(*~mb-SD6_$Vp#^^iP26nNY7j^Xfr)CmA
z{?wx<-f9t;@V5n5W@{ri@kFZyI5Q&48n;KV*RNPNn%O!3%-)C$1=IJkDptRmVI+!K
z-irs<&$mGjtzh2da{3|78}UPyFQh)ZvbNd9QLg9LD#{lPe)ZOn{C_A$ppUIIbOjGD
z>ADqRP1wQxQmtO);Md|vrs7DRDJ-`+w{sLg9jA_2ZH+UMXNXHWsXEmR3VNNm<}1_Q
z1LTOu>6*)dq)D`FhMa~9a?`O{s)o0d_h=lI50#-616w|y8R<Imc-&v5MJ<f0NMTQY
zS9}`193b?-L)!lwbZ(;Rnl(QF7Lc{S&hCKP4?PPeJS(<-vO|g>-<^Qkb8Ft+hLNLx
z@Z&b}T?m6ll8OO|-^|~3q_Yk^?;XoR89jU&$&Vwh-IV!;unBWlyorr;M1BWxQVgX0
zUG0BgRv+B;Jh{K0ht~ua?xOLHotjMM-dG&;<BDGrcK-d)lUUJ_q5j}|9iAykEdb^F
zXG<NZE!?_|PgZIBaEHI;IAW|#B2OVs0{c<RJOOv~my~r`m}{Y~`J4!&psLO*CuRQY
zIV=eQuG=2K54&!%XhXPO`hv}O>s01r&u(-OEf2#}e*~HLB$ivjiV^2pA>Jn5^RRBT
zARw!co~|RIyzfZPJj}88x3mjgL6)1<yU~T9NB;*-yvw)Lh}u`PvB7HZFdoHhCXukZ
zTk<0I2X7vq*NG0jTm3E2<$p=O^?R{Cxa=(n9bHHBhsAmc_;@+rwogAoG@<MC*;NPg
zWT42J*<X;wX~ci2yAd57aXSP6B%W%&=2!ebC$^J5#D$T6S5@J)ffoNs{3rEa3N{oH
WQ+n#X54isKrYNf>QzP~6)BghPEZN`y

literal 0
HcmV?d00001

diff --git a/docs/images/protect-an-instance/created.png b/docs/images/protect-an-instance/created.png
new file mode 100644
index 0000000000000000000000000000000000000000..546a68978caa3b604e5ef283c178aae7112d16e3
GIT binary patch
literal 29173
zcmb5Vbx<5%5H7k4!Civ|cY+1i#a)8CCqaTsfB*{w2<{Ss2X}%?kj35I-3hMC0&nxX
zuU<W=d+Xi#V{7Kj>C@d`_t(8=Y9{=>nmiUd89D#}z*1C@(F6cqfdK#{O;kkqh`j5_
z6aav5{a!^|_T}Ye`~LX&`o-JZo12>(pwX>88~m-|1;}QNB}j?v@S>!oBqk>I^z`)j
z_(*Rth^5=h&(B|8UVeLfdvS3Qo7eU5@E{{2(>rr{a&kf@{sjaA>FewB@bE-MMM+6X
z#gwITX#~TbUg9cu*Vfj`I*+%uwmy9LU}R*Jn3&k#-`~;E0S1E=6cp;}>Qw!vsZ0k8
z8YjcT!qU^z4=$eX9-bMLxSNJg<Kp7b-Z_XkkC~a7b#-;+wUv*Lk5^V!78e(zYWME#
z?Y-i()7I90|NebWPEK6oi=_L+!q#O@^T9hEv8$`At)u&qg=5~&qaf25A0HnN508<N
zk=?VW)Y@OCr>9w2SuQRvA|fI}LPE>S%XW5lf=1G(SFowov*zaJwd?)YhW%-E`-|sW
zb8~a4<%5A)QAg)cG1u{wl$7b|>1y~f@)G!?8DGe?prD|&wN*_`jaZz%YOu*D<>lz;
z=ySrdhK9z%*6qy9OhZFMKtO<sipuU^=;!R0^@DrcFgI&!Yg*423Tc+Ywj*XGe-qzN
z2L}hPk-u3!3|IG^%pR|L$JY(aUG41bI66A6?A?YJZ}aPh|7?E=&fl~TDQ9~xpzE6H
z9P{;4K+)yxld^3}NJvP_z`9rZ+QPzuWz?dvXAZT@SIa<q-GrB^gQaiZzV%J-4-O9c
zWv{2Erq*;VhGn%EcU7++zkDft>6kbl-kesj)ohx28DGA3OI=Ma>348&7+ZhoTYl;3
z>EQyuOt0TG^scBn>fs7gszkqd{|K7hd6Dy)Y?^>1Rb~2=yp*-g%6&+b{-`EquAt>^
zGQK-+?vq#4{}NR70vX#54h|-9dtq1qHoAC~S3mBN;9on^Y8*DN889pO?IpW<)G2wT
zXL&^D+iX^IQOEpCWMPti$lSpCMB7Yn>(B;)C@p~qjabMFhs{V@<q$YMY<d5MUfvJK
z`K5DVP{T1@I_%|pZd~u`m|pNKt4d(WVLOYmzteJ3*V$yuR*COTZXy8S*s3TasqM9N
zGE;%o^`0bT^SHx2LO$V~Km`kpp1MWyBPoKcf}v;((RmcamDgBrRa-1p$oiWA5YC|g
z-2-x;wv_@XoR<?#1IL=o`w>VqaD=Yee)tilf8%r7r~oh^m3AQOuB|-&*d7_SFo?sY
z0anAi7`&^mxOIB~B3FiX_{eBKIQEUG^D8TY1E?Nv$J68}key*DYq!_fN8!#BUlL?g
zmpVD5q-b|fcBWAK<}giacu7m8<Lgcx2g#Y66c5OmuSah-DJ!29HLLuYvF@JUcI@vT
z9$w3~UVRzu$V47ikAMLN60+4wv@c&<<$SjJ>|70cs&+}<l-wcyHl+3x(l*AKycVf2
zsz!LEX*#aHZ!ajyCIo11%*bvZGvYrz^0MflR2IwVr!~uPfO+a@WYb!IdWtU=^v+@G
zQ`4UQXw3)W%&L=(CNsj882dP=F8v`s+lo8(>sZNEd_Io5!2UipF}KSqaG(+MK`5aB
zMkvGRfT!bT$9y#Fl2<z1wEcDaLZN8TOSGLGlpJ4N^%Nc!g^Vpx=`a>+hs~B8;qc*1
z_?k^mSVc<gc^2KOKda*Dx;2aHMJaSO%gsV7lwch=P>cESv(+Q~1A&<^QM5b7!Ni=r
zZ&8<Jwf=fsHjjzARM9snS1`akg$DG8!y=t2a{IBx@p#Fj1na@OsH|XQHqrXOHCQ<I
z_kA@|Vh<bhRvV3;_h1VTp~*5P{ofGdtPLuCg=$;9Ia0C@v*@?R*N4cjYMI#7C;~(u
z^I*lc7A`D)THwB#+#|rwBGsO}s*(I$@*w!T6R1~uT38fz03ZGeM&>vDI1-EYsa{_O
zN(z45bff|_?pRk|HGW|2U%ayV^o1#Ix9GN(%?#j72Rie}V$#y6*|pX!n=O|Dzoq^7
zChM@p&j-vQgL9K0o&4bYJOVd+7d9j7=Z$CoM!65>-e-CDa$j++sjD|Lti;mvld7Xi
z+J8gDv#sADRN|C<zvxb(=OpvPP;8rVX*T(C0%fF}=gaPO4Lj>;e{LEab@t1=PgdM0
z235Wxs){;)I3`=zKu2|~CCL5{2(Dw7iAR+69{#Qu7_ZlkZ%sZuDvpzOm`)5taX9VC
z%l600sK$&@0LoF-aKxL;w*3#XzJInpy!UMH-0i&4-T2=nn6sITNX2mtqI32`d`kva
zF0-?NY~kJV_|b|-ImOS7y+IY5<*WIu{obG`Dgeaac3t^ROBBNRfD`Dr*?O(qx^VaB
zo5s?8?>*7QIftvd#J`AudrqR(ncI%xaRX>pk)zH!4_2cclV2zAqORCg0t|4cci*Qh
zmi1f<yT=i|dXDMuchs5YaqwA^9w!{YarXDKK0EbT($5tPpbGc5o|{^lGaN8o(KknJ
z`b|!66hkDW%}Ww)uCmF9^_~RXy;nYw)x-;!?~Zzb5bqWFC?nt*JNJhttNJ^RTXNae
zF+TPV{S=HxM1-f3u3GHne$raVZ@3)Qkg#FKKm+OIv?C&Wnw_7Xrbqb=jRv^m{_vYa
z!WM?5hZ2UbhiWm-ms_*m@hU}-RM=}n^!RtajrRt?1tz7(?+Y9S9+0j#5yt1&`vLUe
z;Cm~N_=a1@3+Z%oy(M}k-TXR--^6&2;Eg=jjO2T~t#KV`!#<zJ`)2;OEkpTSJ406C
zLNurBu>VALIw?DE*Vw^wg*SzK^esu6z~lE3J+Zj{HS#jZomjMYXT%_7^Uau#9AC`!
zS;#&x!1Z+q%6|xKz-2)?BLZn78x@61h4tjh6BL;@(qGW^y!4<gkY<ihs`+g9IXG-8
zKPHM-u9mqQnaA?Fe6J%&Ynm5eG1WGBX25dq8%C)I*Nz%Rwz3-0jNW~{dM@_$x!Wz3
zunjqKDl=a_@WG%D_9{fC4fVd{S6v4D6kw%m_>&*=`Hpo}cmYp!C2(0XUy(rU_pf&6
zw&!pBpTllmDu#kGKP%4R;9YsDGskx)Ip9l)syBR7042+a<d<d96(n6Hx%@RQ7=8@H
z6piqc`%q3L$reB~hz~l&D)-ebRb#)nszuQ`PK1NtbckjzBjaOUl>cBDcw|a7f2z~R
z{v8y)z$C+unDu-g2xj)5|0igCq~qCl|KN;j@=<+DK1`r4GOR;d#uO>uDgOvFhrDEa
zscpy?l3T{kWi}n3!v5LZ!wuFXaPEw{`jZBn#&r%-f}vjQg|0pj-K~cOzqT7?EPPuT
z@R6cygrk$Vj#o5~o7PCip6H|t7gXg~D@+9PAPHf@2T8Riv;A(VArxg?mV=xZhAEJ~
z-PZrOmt0qMbr*tES}KBH8ya>!Kmxb$ZBf~~^swve`(|cfxw`;mG&xa#AGTm7YsZ6m
z&`?JU9OuC`q7Fz<>xYH!ty_q1Ps~1rUs`{pe;1=e?04fBZQ)wZMt~AuBbH+kMRkY#
z-9pnNfdM_s&|C?&^6kMYCOzjkh<&)7ie~Nh_ak04R<}i&PXN|!n0J5bfS|6y4n&TS
zlx|984U)}bCb9g_q!YDL$}oLTVerx+ZG%7<l?pt!ya-JGM(p2SS9?~W?q#PEf8v3w
zXEVq8IOp=yxZ-QkNCNDQ6|AYz;GOnv;Z_k&3J**x`ad~#nJz!ePCz_)tmTiwbir0K
z2;6dhfv}nT&DfXw2zeP1urOXkSls~OKh?mK1+VUj<`&BJOXkfRNajEMiFI>2Y|T=I
zb-|dri`;8rX)fh8&GPgk(@vS!KEG#YOg?}hl+hR4Ymj&P-0Cbk?BGg>IGF$%EDlaG
zEYWWsMKQ*!hXnL1iMc2#a9Pqov3$yuqr**b8W?AdyD!!Uk?*Oh==rw!@`Q*Zo+V%H
zpW%qv^}91W&3Os4SuxIX5q!U+tdd8;VG2Bao0}FdJbXkgS{%z0+x=~Us=phEyX{~}
z+h!%c&PD&Czs8^+iSOqZK>3Y5ehc_7_Bzr#%t8pdy1KQIrtiX=8Q@q6Yy=Uh=s=|i
zB3OTahbMJaqy551!Kqss6!Tx!?R4C5srqE&zgPJjlujx!O=rPj?*BO%Q=t@2#o6-~
z<)0>ebxwWwPD5mb&00c(M(00W_1OFw^pjaFbUqm~+W(25>&I(9D#47+3se3nYKSp7
zA|(B`x=@MdUS5L^8>CEkZH45$#aLA{{p^sy4PGHHPAjV;IFlaHPJv@M`-OWLPqsZM
z`RyIA^-9?%vzBV*M<~)bpEE@-1Nq*)i&GAOpL!O@<CYFyXEJtCxU@_~PyoXTmZ<;m
zUXHP*r;~AorsS#luGKllz_YX!_bqjAf%o72p#w!YFXzcD8n|VNJH_L3vHnRsqBpo#
zy@X-Y#wMaG!;yObs*G&>>DZ`zx73?vZ-=;cmf6*@9ibZdZ}JsuSjNR%W=CP=w*Ft*
zDZ2jzbo2NcKCj%l{WHk-B-A`Q;|Onva1*s$J%ao<rjYL94c<e@z~zh{%xOvQ8t%ac
zW#J=5EyH%DwQs^bo+U?%x!6<%YyZ2(PHavU9KL}#tK?Pr{0gltLR$xAm>^%y6SU`^
z=5GJU>QEo<L9<QZ8>65@W3kv~$?y$P()k#jFQ7PAlJ{F8ny^-OIHIW7+<vKT?`tx=
zKsZVKY?1LiVqiHqyJLs~p6FLSJtCa3iDQ`eOr&v$Ls`qn>0_8HLVH*Z{v}wDqLO#w
zb&0{*<6>?Soec36G-C2KynM<NocQ+j6ys$_m|KkH4U8ec3#jf#&(NL)XWAgXzi>uK
zpj0mtMYw;xUB>Qqi1;`UA=5(9!BIfHpzvpT=`8Cr?=6Sge>3$XAyi9aDBfPG7&^ra
zFWr30Eb<fYU-_gXrt~E>;p+%2F<3#-e_@m57zU85wN>^Lq0y}PAua5d_ofzoU{`1?
zjr#n9^^cUzaLER4wd^=0T-aIZu<tAE<TV}}r#+vpav0ytXheCv=-O!<Zr9-Dh;cCs
z70XdFcfq~M15i!p3t!J^MS3E(jV?Ui6Su$qWId;L;&6$a+t8XNj6dLS5rwY)um;~B
zP>&DKkRHq>*Je2CeEA%(%kbrO_2~&bg62+mrG_~@IFAS2IYhYIWZ_garY;L@(u_I|
zI@`G@v(;adR^a{t&7WibBE2b{yZ3fP>?Y3-j{bJRv!))A>iVbZ`+X^#AL9)`-Rps3
zl-o%CO#q9)aegekuYEGuGN^A)TBrXE6a5o-qC;A3rgPI3-J=N#&Yh(hjr~WgaY9T8
z*@s)yzXV=3P2}I+R3d%AfCn>=?wB|Yd7=JaVonS?+~^53EQ693O`{24k76>~Q4Qp*
zCc;zhIc3hxh<p@>Ez4>a*6NK&_gmby)k37P!KLk{z=WEo3YxUMv}(f}N*|2N3C3xX
zlS1XDdQ9&fh?i%PrYcv1Uox@(-o1X#e5cPqO%t4&$N|yi4EMgFg`~knuJEsM|1^IF
zi<%t!%av>Xn~+|L6WOVUFBK+a$k{pI|8J-)xx@UuI1T))mikBFC$3usRGK|bqjh#m
zOBaheX(`kT91+jr9Y(?s;JwNYCo2>{q+(){E{e#ByZZWonsq{NMGqpI7X*px<U*w%
zq0XbFdpEL!W_W6wGWA6<E#a>_)c@1spA0uoT^I%vJ?HM<{duaj)|YeWYLT84{MpC<
z|KpmI^_Wp~8T(qtdfY<mhm;JCo}2{+RFYgyg*vx?D2-x3H7ScYYeH{rD@l$K<&u$r
z_G?l>M<`#X<^jquME}I^`C}O64sNb0wp53^f?+W17*|ZjPlf_jj4jNiJS6PXYXe@R
zUuet7{P?tK1~Z1)(|c^9>kT7Rxj$!9Ugn+f42B;$a}D0aoQF7WY!5u}Oh%>9u&#Np
z_LSjX-gxFd+=mHyv`_Nyh0sp=*7%VRB-OvD`r+f9X`8j14Zkqi-1$ELwBf+Q|CzL{
zSZ(^+D`D7b_Ea%nR>$G2jKWJtXGj#ES4yT<aQBuv5nx6dDH_Vxj<6#F7EBnTTCV%e
z7SA5Hswbom3>?`uze>cNq@X4F$=?&D2MD>_Zb9e9A6$ho5?ROAt`L9>z13j{Ytxwb
zaR`&5Qm+L1V?Rjn8&bUjj{~Ab26h~M=(p^rX2mY@l0AE4PsP|Jm}Pi_YDRy&!y=(N
zqY!)60I1aep+n#WpYr>|-d?3-KTGq5lF5O2z#Fi}3p!-q>z_8*Sh?%b*$d6YAV%yS
zmTfN@S{({S2YZgMUJ5Y{=X$wQJNA(u_9@H5jdomCiX;dg^X>;n+DH4P|5Ee+_)Cjd
zVfOjsIL6irar}J$xJ_r|_G;6i&6y&e*&}V5Y}mEuw!BFsmCs=Po8QFo2s*DIM;7S&
zP4QK_Xc=R7`N6_1>!ZF@AYc+_P`OhjQ)Yo4-MkW(p5T7$k9)-pLUI!lfj75VNv`+O
zypcR=@0L%jg~2f<n?)reqK%A#Z=`Z2;|^edkIVzKbq!MJMrtmL?iW46j^A<RJu;6U
zdGh6ulhaGXUP<63OHPFt(&OREe@v@u;c^sS^65gerpX0aSEoAN^1J~lh`ONXB$!4u
zm@R!q_qHI9+2hQ+H!upW6qnSCm};8j^vN99LCs=SXOBq!o>-_lC+YJFzRuU<6Kf!w
z%=NzTfNyQ~;eB;hF+v4p;i)`ZPD&@w#df!2{{HTg!K~oz=efc(!2@FTWW1$%L1a`8
zu?(fxeX5~tMZXAW)40Kuphq-W?Lhqu{DtrVJnt_I;5r3T67L#!@>6qN2P!ANh+pp{
zxnYKZM%c1%+%0C3E~MRi*E=3sJa4tIE)v6P=k66nHWu>J2k)yT3i@g{c@W}}>w}+c
zk)Pjt%h4X?+a~7W)lY<IXs!9;nOxk-k2^mzgG)7F12lbl6)a3!Mcp}9JBmT2XH7|{
z?FupW#rAmNmmId+v6Qc%%_XO!lRT4EPdBgEtgIXET^i!6C45p_pe$2N?-n+hF)|*n
z&=<SD{!n^jTUJr1ib=;h9ilO9;naSvc8yOa6PxyQzm>1IEni_5`E+&R794MOVfYrI
zalU<dhHG7iEI3zFH66K`Ni82EudsW~_ayFsVTP-=f7}bQy-p1Jx_7yFuNVjNdHS?M
ziuLW)jc2m>$q{}HDsKp{kP^nLr6i{oYN*IHdl61}Hu~3s>cOhsahe$QsmSZO!>Db}
zEo;wk?D35Bi(Z9~CaXZjnB4+RWnPsUY*b#MiKH6LOJjH>Je=BhlMV`kQ7Q33eCGUH
z$sujTpmgH?n%G$5=`O%z*CRK$$8&Ns`4=0R{bcjihuJTJIGr~-yGq1q{HI9>0Z1o`
zujSwYeF!9%;iUcMtpM{vmUs?n6X|mx3d`jZb@fi+{*3zB9B~nufv?v-aIF3_^OSyW
zc%d`eRFXCaOB{plc`(amM(7g-TLZy`f4zr%uHYw<CV>HlmsQ_cl)-538}a9flX2fG
z9VJ&uO$W6)&37R&GZ{UxtG-I)wX8wz3K(<@Zn8!7wgSk;*TJ94>KhYoJVcu*K#Z(x
zinji}gFn`zeogewQ8299!xoyR^j$uy{moA%oz-fNz2`nQiAy5(=UWLwr&49Q_-~yC
zbmQA7-K$Jq-(Rz^GP88H=wIiZm9#wF?T#3q+v$&<j7v;e_af9jPuo#8?T`k2sZmNO
zJ(<T|x-j{XnwM#a{1-6p`IOpuLyh(M%BPKOXKkrHiL4J3VZ1SiX1G0>ke=n!z`JvT
zlRv$%0{KzrxTTZP6?)x90YJOP-xXKvM2BjAfuYRp5bKTf-OgT&MgP^YK909c1%aW1
znQ2`c-*P9vo#F+el!`du2h}D-3x6?%n4D;ZB<z=3pA6?Dl_9PSDz6NEMB5*F@lt$O
z#J@KLxT|$wEg8CO1oyff(ET}DzbsEE{qC6=_;~3}7OXCnHob}B1uzph+`#^pA4EP?
z$msL`eH0S_I+>})0#Ks@xR?Y$`({?gO@YDDw_ynX->LuC$cX#ab0ZL4H}t)FjdedG
z<|}SoS&iHg6VsQ&n&Te!0p|?C3sb!8K%n7e?Ylc+JpgPo3tA5F5(Vk)p#}6`T`e}?
zOeAC{iU7ziulT?LS+Em#Zy@`_ASU1exF!t_AbS87#!=<Sfdg1}P>SQJ%+Vi!b~`Ak
zQvb_aR3g?@dF8|*o8^~n7**e5*m4T<sc9|{&XH9V><`e|s`KM80^$^C^gn-$BHbn=
zW*kGxK*U(674vx>p%{x5?G^Gh(r@(<dL%{u1fvWBBO@a}b7DeCNl5M~UmTtUuW`;(
z)U8QN1RXiAndbj~k$pihZCFOT=~=dKC)Dz<3mCCUpM*f}4mCiZN(!8#|6<%kf{}6K
z&@l|#P`Gmafdu9%Z@zeqCxc`0QzJ`2h7ye5m2ozLEff&P71f~^1iW4-M~SnfVMU}Y
z2dbdRSvyHH*D9)&ycf&3SE*v+9vTwo(oY$>OqRX?-t&y>yzDYyM#UoU9KgOro&yq+
zbX}A^*{J4Rm92*?F=PbgL~dr>eZDA(MEFK^Bp)Of#dEOleJBqC{s#YwSSB4P0V!>S
zB*BJnrfZNhIv573)Sq0QGHf@54rM_o5d3AXVi2ZH{-=rY4rvho#uUVDDiYjq_BsXl
z_P~l5dvJj~!Q~X?pfc;FGB_|`1||VIqS$%+H<oU3#--y(V9f6q(quOjPcpSPbX4P5
ze&~jTJU#4&4$JSh9qkEsWAeZC3L$}p{Eux<`~FyTbbSI*agFwFf464Sj%RAJ?E+Fh
zVAyUL@9^{8Z!QHjV!yGxHUPZ(sO=E?-KB4lE2`uuxCZ=X%VWtid`3v_dvy)xF^|ee
zdLN3<f<{-uK~^NQzx==JpA$y%<fz`w)GXKq=w-FfjW?8b8e>|qAZ<DfDPuWWu%^+W
z2$A&Vr?;@aCLrw#Y>b%&^8I9nJoa#CZhz{Sjy1)Jc1R;lIr1YXmy4LO5zfMfdK-S7
zj73vX{KWDdc1tsqD<Q3*0!AjtI7OZl$H_q8>Wp~q!Ty8KKZ%JI{?Eu0&-GZ&E$+m3
z{UoU>K!~<n4J4mV+@L!*ZHsJVk$x|qPlT#tX583VKrQe!3#!vPBq?G~K~gSYP1Phh
z@<MCm4+)Kv0aq9XuOdnJ*|i(cDx9WSk%j~;Z*21~6>_sb*0(4~Ss?ZUTHguq;3yPZ
zzJe?r<-Kxdnw7wA?R)K32@Em8GB(MdKHyCQW=Y?m^IhuHVFh4Je&C(jh?dJc`26%9
zRVA!?W3h+XEh><-m3~+^LZJb<yb*=RJuqW{QfKp%|95Avh^3X*o~pk$8-0ka2H?nX
z+xsxEOdK~?C=q4pbSF&NZHKxBeCmdV{%WO$kZWl#g#Nk~$^2ueZ9tQau^V8@LoBJ>
z`=DL%&*VVa`j3{)wVdptg4a(I6cR2gaS|3mEavw&5`dFZzt-FItLTuri@2j}rWmBC
z^e!QtU`TPLonTL>9e;e&-BmqUcNN=b%~D&a4`3OpKx#XqU6dG^%G$&JgZ+1<)oy_9
zxCgSnM?qO==ykVb+TVn<t-xF%+OT{oSq@3$nX@Gz%WwM@qHu(HJ!+@!>d(3yQ^jKJ
z#vc>&eL$25WL|2}Nt{s)yb)L3xFO_cwpO-S8Bu%$H_JIlyD3BC-ud2eqr_0zIRBNR
z-$sg^uJ<XylMHB!W)VqWBa*eBgv-A4y-b8_t#?JRkwdu7Sq9$Qv~4eYL@y^%S1%P1
zh0Iz5;H7HxK>`$E{OyhTWl0fo2X2>#OrZC?&L10Ntq9wsfHM1pd@3wtEKw%0!%#=E
z)Os};R`Q*C;nZ+Sy!h{Wp{dc89k@u&B^G0^6&PNsc3;ucUm!k31)^OvNg~L`xRC1*
zDaHYray`q|UUAIyhCdWUk!}4$!^?-&)I@RAVg{<Qi|=L38$fwkuM@aq0>rXTPeuFF
z=d!8MP2`-cN_NdNQ3f7}>DnS9GNMh!+M9AfS?i5M=9iGflHX8}5rF)0DDFl~KtluP
zW~&bQoCHR)hMHr_P|4wcum@Hj?Mu)neDzEOpRB3VOLfxkA<IPU72o6yF{IAAb!?r;
z++cAt^{Ntj0pHp=FYxJ^tLCQu^En$p4EOozx%ZKN1`wQIBZ+WwD8@$l1KFG}fRp?L
zU&1b=MU{`>b%5TQY1l(Jn0eFREMT`t=w4XyO-a|{>ZfWVFPrx1*dDZ;@HUI##4)NV
z9F+LRSc!a_7(-C0@wZm-eJt)p%KQH1GG^-f?^Q0063kuQIs%Gw>XPtc><_ibU<n8r
zLPqjm#h|7BLxs!Rzx)G0WO$&}TPm7IJ6EzL59Rg-8ij#IX>?nJ6Hb3g&#42$Lqrc(
ztB&L+DeA%6&9BHe-aj15X<I7S$x@>aR48t^$_Iljn}!$_q1?z%qU?T0q2a)%pt5X%
zuj4WO1;A0l@}<qUUx50Ng~sAIfcCzZpJ0lrrH?o}*?Swwl`%b>g^FGyH;Ud>*(4-C
z5&lqm|3bdfyUF|K(~vO&hL)@GNtso|khYdaPTF&ZVbpCXr-c(vWsPD2IL1H??$--+
z(`ZEbBINP%qKzst)v-S{Nf1TawZ|i^W+WJ#Pf&UzePy?SF#o_Cs()Cj(17A#=D>XV
zG_oMCB9g1seM=5Ch}dqQh|LwUdkQmFlF}!n*${u5p+~Vs<b@b<%6n+$D0T+C3%XM!
z2QOOZP(9i6R^-RfIn%iI@RXvaUU<o2JzGjnSrPeEI}hwF=PIpfJ{)`Z&2veCF41P8
zKLG?aJD=akVpmTQ#WO;pQ+J+^_8C_*_V9jX?65rrCy%9WJwoyRb(3V}tXL|`p{I9r
zt<YQvKEEGix<@EyLyTBZQh4jk2Qt|iAfi}ua%nYmGKMtn#J5ETo1upPL=-thuysmP
z&JC$F3$Kn_s+-P}BNQH1$&eHOWe6fPZ|N{<iJ-77V58k#9e0djyY9wtMI*%KM$syQ
zUP>CBLr!7I;1Q04DWtUnjHeX=`B(ARc_R$JO%9M7KSVAPe=dQjd{6^4{*)hLkOIJw
zmsvWuK1CEeWI~MS1KkqC9tUb~g)ZnF?75Dg?K>@zjK}}}_#4Q1smHSNM#mn(OFVwN
zzN5Yo1v6LKGswCxv|&mk<9$Ik=28d>QUt|cB|X`%wpBGSKC&kn2}Qn-jeL&RB#7Kp
zm78u)=M>G7XzjnKnuRoR72yf-?Ul>b_Q9*PkVtKFgnZvQ<zupUfpr5TwgDbMy+!)m
z+{c(Y=GCd9z@q%uPlCkf!hCw^gVhpl9_9#D%Y&xbg~xr!?Z_m{CUx~oBIvIn>{rt^
zd;E<GQjqlhdFHDC7ans8^;_`HtgAsrVDstYp9H<qiP)`R^ru#d2iquDcodW4F{#Dd
z|Mtll@<I&|!sJ^<{Wo<!Bqo#QJ&0{Tk^ZhR;hp7rGzJ+j2^;G*ZxXLh#I8`Vgq2h2
zaCG8Tym!D^jrBLqNof(_QSYa($86G04CE$8GxkWd!M4$AdpCjgk}$qRc~A802c_|e
ziK#QNB2CR{BT#t+V1;v@A>Khe3e61_?-|HizXrZ(t$bBQI~RKt%=$Dz21%wT6zWmZ
zlM%KxmoxaI?|n;7YiN6*`CfIWL0-LmW?U1|4F(<j@vmY0XAXIbh%`f!75()#y?I>$
zERejaZ=vv2WsBnVUc>lCBY=bVJn8yohi(4-Ra!>zre?l`@cMlPcwn3t;OO!zg&7E_
zIKiH>s;oIeH*#$2&$8p^;poKpd6OspOA|zwLml`IPPrq6;T}YD*_p$BQWTco#aAJw
zCbla=yV`{Sgv|Ci91~?M3Fn-ue~d?^J(mBej0<p5ty=a}ItV>6dOr$oj{`Z{(})ME
zJhfNg$KG5KQ|nJbw5HaB?zF_mVp`PCoWJO$e@ID86y3>YjC>3f@c!{6Q+l+nqm%tU
zy2J}Pf8@eD|H<sOUO?^74T_IvR2ml{z<i<c)!N3Jujq}Gc>=g!0d7D~PZ!TG7XYbW
z%4L7ts;?1{!Z`|5BZXzM@_Q1%>%gvIj0f*lltD&+ip-eOR`;|!U!sKML@n;Ppa_?O
zr5&BxrO0ibaffR^rm8^yAu~1gw_6Z?8?naW-M2||+#CqnaoJklQPUFaWsTWRT9rQB
zWB-QeYSVYAvF)X2_+U$pUrEFlwf5dV2)%ppb-0u;;SA~)qR~#srklR7tU;S;Y|a+H
z+e;K-Qyhz@qE3bZ9B4oi@J+=Md;`IIiC7l`1K94M*kC*Wrv`8)h%XWI<Ee7kcTg1Q
zKoUj+IB|PtyF~*~;0F4`qV+PsIRti6Lklpb0j+jjqSy$73cx9U5hU^+SR8ncsd6@9
z6i_XDPi#m4<CPW}5h)}@xFc6&>68JrNde{m+B5yXPd0+Y1nK_`;$FYhGe!NsZ~t#x
zL+EbDvY6u8qqfzzI;Lqzsc{hyu{LFcrO5D6$-4C?!@>~^Cl;7P*1AZ}mfkNOzFzns
zVg*A;zh{TZ=#7tTa*5s>xBWp{%QP!Ey%6Pe8*}O+{eZDOy2gU%px$@gE95kzxb>pJ
zAYIP8Zj+%gP*a;ZdYZV&oxYk23XH(o_<n%0u`)T&7(}o5)*w0lL{$Dd@?42cB1tMG
z)5DxkF3k~tp$HVfL!RmjVrW5*E2<jpIO^B-cJ}j=z_*_`V+!<U?QqOIrs7Hd4t;o6
z4){3rA<*fX={?HPv))fP=vEjMO_wyJmF*#CUA^l9u;B%30VgPoX_Fo8562k>WirLm
zp)?CVp<M?ScynJaU(?m{LMM3xNl3vaptScOvoK~ZnvmI7cGvO~k_pcO!BDiDtB>A^
zV_|C~hy+vlTh|u&Ea>=()!eIhKMaS`(ogv%X<ZRS{jxfVbi=I*dLWD)sNOvs?D+TY
zsz0b4TEgwGtxOEd%_rY}BJ+-GCEQ7!`*>0d-K^l(x_Vy&R>7xH9*PfwzYnw}^z`m6
zx8oAzx8P;vQ^m1(y!?s>IU#+=&sVM>b)13y4+U0qp1x#svi+-hf9wY(J)G3=HRi?g
zTtJ}~g~S=yvwfMuB%Z4nn)ZKA=~%K>$`EOQDdOWfn=SnI^Bx@p8q<G|iHzztn?muH
z+(fRG7Cml~Jmyy~2x4X;`R!Owm9c*-Z|CTJJ)Nx^QJrtI;;RN95iXPKti(xitjh31
ztL;e1zm$B6ul%&jxl!1mhOYB*-Xl?BO2>npgPJSsMzcG;+me;GJ^^dT^s)xLqg#92
zFZHIS60u*$<c5_G%B|>ogM#^DL?)3E){eMV+4Q#4I``B^1mf9d5+H{D`(t<B*DaI3
zOiw{kjk@-PS_1F$?`%_~&HZ0fiVd%S#uoja*XWGht~zh0>(szT1I!X1H^&jbJ8J(q
zSu{zR>4nGNRs+nhlMncoea;9d$gYlAj+(~YhcwJ>;F9VRoE2qTT3}5;@szCNlfkqE
zCYoLTO<39X-`tZ;Y&7l3RLybE3cd@3_U8vNik_quQ#H??K&#(RJGCDxMT5QYC)1y?
zL*C+4lMBkb|AnX)BQ>Gt`xq@h0pr5s%CngR)S7GjFfs3*{{C27uC)IVK+cyLt!BHh
z++M5)6nIyZjpbhRdXnfsy2t_W^OAWP$fc=#&FQ2i2uU8JW}}Bp?~{tk<tgUpO&(lD
zf#m|GeaRf2L$XyRL1N`^vc*jZqJc&FRSw!ZgwjKj@uD07Cc4u;&_nkLZ$VLdoL}yg
zLP6Jvu0HkMxro;{;4l45$GhY?;<M_s(7D6p`7VP096T<_p`zrO1eUJb-87bS&_4}S
ze4399v6Ih3#5Cn`<as)$*W`~Yh-26ywJ~Jah+p#p3Uk-5=mjzvfJ6|@jn;2s!<jXE
zH$uU=>$hKszaK?9qL7RqqWBGiJW8k7LVn#&aKwpFe?{PE%RB*yJhyx$#@{%+!W>zQ
zHK?5D&qx7Z1?Er@{(%Pm(wcOmoWi_whM66gROzcm-XQwO0N2<u<;MWbr4EY?ff27e
zqf2h{HKGq#Z>nRo14w&(SdK#b?E#~~{vL@Yk|52phnwwRBa1lGIO<zd-pAm9caw+_
zhHp`@=g{*7tGN}zpo0kH`M)D1vY7cO%@Vf;I?$HB-f18$WK56GUf(0QI0=j87V-Cz
zo(r^H2E2Z)!I_(hi*F9Mw+ZYn7~;WsShS78iMXHNG)iL|zbW;|#oeQBN-(dUqnLK5
zydTda@lJNBQ<l~a_^|_J+a=>ro)v<*)kb*TZS}=rg+j$j7U@Z$Vvj8>1pm60IegW<
zT7qV{XBQv=mEde=y7UGbCV<OXGg7niG@J8CX(iUpL@y3GU*Ogi8n|0KO_Mg}2Vll0
z_hGbY$}$|Q>UCAe0o1dtAvby2+!IDzaPw3s{Vj_7{SlWwDCBF*P?BAwtxd<i$pf6F
zjL})o^i6pSp(s7|_c5!0G=ZPs=?#y5E%MCZHgPH{G~RGj4;O>sz}f<zIOHwqGN7SQ
zdDC*Q|Dz&EL?UzzF^k#WElXI2C5Oswcpb^mZF)E0l?IO95b78EH$h>-XhN?E{)M&)
zd?^v{TOOE`J?G9YuxL>`?)fr1kB%HJ%f~*a9{%kuN2dJkwVMMNZCuIZ{=o(fiibWC
z<i&~fbe@U>5q`*zC%&euPphIPR+_+3rv1QDJr`H2a6vGTI4=I1=5QZV|Cjfv+~RgZ
zdR;wuq;HJ-=_I{(H7(sSS536f&LYc7Djc{Z!%oe~_>V%)PoiU4@)7FoBiY0seRBi~
z2W`_2*w>xviW%3`6LT$G4l(GgH+nv)MfEw|U;^_W_dPML>0X;7UznmpH@VLOcT|GI
za;SdI`XW`o{|0A0jj|%P&L#7xae?xN>6AK#U;*{2kBxX)_J%tSBz(wR#y!d{SA0kY
zOIuMPpy-ABsoY-^G>(cZI_$2~iat?@#OL=OgrRIkA;dGC*b(Tq3(1NWU}P_(Y6kFx
z-DytX#2QEi%$!Z(z#|dLgjbV9@<f5?$s=$nrU*J(M_g%v9Lb3Z8-gBN!AnQj<Rf`O
zs!9t31hN{mteb(sue_jC)8lwP7Yt|N{Bh-^V>T%*UvKKakw+5G(I59i{^>;&;hvsm
z_dlwL)&VShg5qIt{h#O)P#f~lgMWbanI%D@;c*2$2iEF8AyybR#eXlOMNflksoG%V
zDUFe!s%()F%;K+QwSm}T+kGOH3cVD@aqv`pv4Vy#>Tk=BH}NGR-^m2NDMU_OD(nFi
z$za%_-)c?aaQeCIU^@2<>Fo%-$$?zc5&y&4&dbefL@Y-Yvyw_Yy_||zX)0EU_QN4J
zR0svzn(}jOn57bZ#7z#kJiqxu4qKBuck3EW^YIEAo<F*sD!7s0$x1N(ReeCXxT5<o
z;eS~1OZ@k-`r_TqG+=B*4ec~M%qvDnGM;s<>OAe+Q_^*}@_hVHu-(oy&~e|swfFyS
zhsg$v4!T)82(|b{|8#<2_I#!N{3;6U7<dF^Ih|U&GJmZTNw^*a{iT|N=jCgZd3t<V
zbd$HYz&G4>(&1C+8j{kea5rT44&G^>QEsO9oJ3$oXHrYmqgfj`3zzjv*hnPZiWNDE
z=%xf`O!MQ91y=*4H+vGYNTnHH%7}hGZ}1jpOP2&dsMnOSoUmh?5tHzDxJ&C_J^fyk
zc{+bzD((~bFA0akCvk29!wXXU`#|{zhs($9JVn{96?zw_Hebu2OOI>MI8Y&%4bh{+
z@1D;DN#Pxrck#zLYV`27@{$8CMiwlXUK++qQ(dsLd#W7h5nIS=`eNSL#<Qq{xkX6L
z-}4~h#QcA=@Sx~(2vB<gdhKqDL^7)VfVnb^lq%W!19^>t@{01n2rBghPT$23a0|5&
z)SAG=j4qSDXzDpXqDh~O3j;@NAFExEwEsMh4zir>8>Or96jRmXpFH0)FOee<IoWXh
zF};5Tj=tnju_6W~&mThhohx4kv%_dVzb{i!2q<{5c$#1lT?w*M2c=-R%gI|CRc3Db
z&|+Zn_sNeJA#TL&Eg+irD|Xs#J?+5TIlK_-|B<f+n|KcZ8HQiF3qzGe*V<8522_$o
z0F0ALQp^xc%QoKgz4O$@&k~2WFD<&SN>RRn@9k^AUd&4X*Ysp66*vR#ahbIST)Fe8
zpc*0LIy6mudKg#G>LFB^P-8tBj=;0owbjR8C5iGtErOezwM;m;Q!h>6Voi!J7f*tn
z<IpeHGW!^m{WAQ&SU832C1VN8;Wej{s^nj5{?LdR8{=u+q0qfANK||YbjlA#7@?k1
zMuZ1labEFW8-xBZbe!=xG?aA#aNc#@o!I0SfQ4?rkp$*N+0AG%y{UXCH%D=9FW52!
zeZR5dyM0zj-$4(^jGl()qm3#6(!9<zI(lv6Hj-QWN*_u!8OtKNnMtvnKXB&;aO4O(
zLn~n8oaV9A*D=8<3%}8tz+uajorC^bIK-8JYMWILo8kwUEY*M0Vf>=^hMIxU9J%@*
zQ}tD3OMmgkuSCa}|HoF!qn-T#zm2{vda~PDypXqib7SDgxm;4qzj?3N3m>gOMEC8P
z*3wA#?#J>b__*-q?@#IBTgg(#d1$f)qQt;6>@gdV4NeONqYuPabXkexlT3>nrW)_O
zV}uun!M2^zO>R2RM{5^L)Y|Z{-CiwX7cYDhbTk7F*0wca@47%ADBoBBatQo00^eX|
zBY#6n5wyC4AHNxuuREY2!LaVNH|f-vA(8;>`$lZ)FoJtceKa5*h7bGn@&W_hhrp<K
zK7s@!getV1$3DR(k%m)Zyu(MTQX!f#XV$X{Nip-b?b;aGRYD<3?gyLKz~h^<&&e&y
z53Dt?sfXXO*}nhtofgSr5aNFy2vEPw%e~k6UmX@W*suOA6aX_Lm;8TD40$6mr$HFe
zB?wNd(q^fknVG;PXj#U?cUuoYAiG5i8~sE^uE<D=&x#?XY|Z`UOKTUQqh(?07#Qk-
z6moI8WuI}Pvhc{3*}QM82xEd~8xk3$RLuV|*-4;RoB}0n(9<d=<oh$PIbMl+0!|bX
zpuJ?8Rw;$*?zkjwP(d7T-h#%{DR-4OJ!~td(|66bQfC{{<it9k3P)mRc(Qb30MpK5
zr7D0QVf=v8gKqoYGb}5KJnStZ$GgKvOlJ4Y{Tyzw`F{7`jEYBCqw)^b-ig`r0Gw;J
z^nNT4AEe8Up;%`mi_OtAgEx=j3?QpImGPUOyYE1n{>6BJ7okXdK*ZV@j;)%+8DCde
z%cyB1j(;-MCVE#_I$y2ut)DLVpu7ZUcR(TGD=nh_)@0{91YF*SLw6sn9@t9zIok+y
z02X!={}BIm2hE&&)>z`_5X=~g|4?!)ZS<3>L_mr9S1rZBa}pIB#Y9Mf#|?ofY6-0h
z!6gqW`_WX}d(o#qE_0sAtai+M@~|@+6T29+<H{`T3SDqd5$m3OIgW!y9Q{ofA&G%I
zKcW{K2zgy|*TMl|<R{MIz#iTz5q38%`k};jMxe_Wf!!5)cc>Y$GL&J@S61Fa7-8gx
zDjTTulnY`!UOZ{Mxg>RQ-SZw$SwiTNj%_@aJ=0@8acG{njJfA#iB_A|C^{?$AntuL
zX$u%_WF(X?QkHJhhMcShD~OsHk)o5}d@q89sq2iy>QhZ65-DnOzLJn+zbl)~85~Dl
zKd>2l&msnu4a7Tj`4AIcEa9Nao-W4vSOhIw&Hw5btmHfvtC!p5ZpW*4V9J~|_r6*T
zQR%5muscvKpAnOYsWo-B_2Z9UxjpV=xH$>aMi$|Qzaolakx5xwTjKAvdtt_N@(Ivg
zB>hPwZjf65X&NOv0RD=Dxd@oDX9;10b+YXkdTuh`R@A2gteNc_1+LreGVuaI*(e|q
zwj-E6|L=vvw9Wwif${o~twR#?kNDOURl7nUA=o~>w<!O7)HlTqz@vqaZfz_AK#lA*
ze?Su@ZYPJOKo!}Xr3++zY<uRFDcC<v6R<wz)ds;qiMZGPbH%ed3{`mA2CU7(g27KT
zhD#nCgc8l5ws$Yx<4k|1v(X_AyG$td#|unUH?4%s6;L`ML-dD3H~?VS;M&t=DOQLJ
zh5v}UYl%!_NnxSww=y~bn%1BQ%dcj@&J}Ym23rI)bjjaM=zGq0?9|i-xPma)mu1AF
zRjsd$;SSBBRJ8@mZew3-9^Y(_e*&y|92<cr#`O5Df<-ht5@f1$R-Ehs{3Vi1niv!+
z^~x%;Y&qHNZ+av&g~Toc2XC~^&$TMXac<-u1jK#>-@moIzqSAqLjvAaVW&m6BH#Wk
zsyy8(!dTZCA5qcF%+{mM(D+n(S$pjg?#SZ(>7isjPQA*>Y&^PlOufHAh4-gD3lBp1
z5v+WM<107DK^c<i&?vTVFx^l-Bu#yP@<EEU5rZVTXy~dNz>dFFd%o$Lku8p?1<F;t
zBzu*F7BHO&qX-DDbO&bz3bFi!MNaFI4s5%BcqmzoQ~!f3r70&2!hrrn%kTzkr(`p~
z2Cn)BCWGs0nH)6rTXqYQr$^uR{(Qy7s-|;EM;Q}z-VJL-aLUIFkkk#rV4-R8yyO9N
zN%mawyeiDMcZ|i-)T9u63#uo-Jj9z|EWlg4+{WwHEWAAiW_FQwjuQV4534G0RM?&_
zU{i(^3+fEUdI|bLo|r*KfHz1GT7Q}d!hJ_@))?Tt=5j<6tOkinQq0QcnRt6*UIUwP
z7%0**m(>f=Yex@EbyRbDDs<rl`IwvN1KXw$f;7Q1Shl_`z6{?rTuKwDE}WMjCwZ`Z
z<_Ar!pm)<P8=19e@FXFICIEE5l+Z&fVCRQ~3p2ac-rrq0L6lsa;vwx7gRw0%(ds{{
zC@i!yN_XT%Gl;nEnL%h1b@hI#Sg9Y@_yO*;nb~v`biK&su&LUL=8j}4ag*oa*TdtV
zshTh=_HA1_eq_HQA*Nc5`h1xOHr}4zW%DB;Dq?-W!(l>-(Vn;zy=~}rdDx$s4{$5;
zGuQum+E4cpsQ*w9oN6|Llg$CT8M(AtU3;@&{xI3NQcy<XYyh^)dfbE~#$o<HjG~xk
zd5TdB!1lSe5_SgDfmSfXJiu=uw7VJp{s7EpQIIb*$IJ_K4y(iCpZQw@J22uWOTq{c
zpWP|C)?9lRQCc|q-fR)!yYN5w?TIH0Qp5v>F129WexH`xeE7JE>Cap7c7@MJMM11`
zcpvdWXEHbkElKH1l*8&z-+hHIZkDmV!InKqMh7sG-KX{=ImZB52QV$<aCPm#uRO!_
zm~9=9x24Sh+PV<+2&gRWJSGkMAqrYPHi}`1z(a0DE;Tk{b?rW0#;}$sI<MU4cjm2~
zO?z*aY`rnjwCCJ;rPV=`-2imozx{!+wx$pMKHph_lcDta(CBuv@e&U2_7ZI3d<k@i
zq`+2008w{(u?qPgF%M|KHn*QzV}2Y+n5NC5S^{i3zf;<$F<&j|#C6tPJ1rWg#r&dP
zYmM?7<AL-6GVFU+VTn2WwQAFc!_eptRuA5=`s(-DX}2BdWcY4Bm`bJpR<9LUG-U`)
zdA+zl^<^9dk>tG}_#5Md8U5jw*sd?MMY^fMGl<Sqn5$GRc|SA}Udumy=~R78F1@s>
zbgs`4;Uggjb$}@-a)Q4c5}akZn4H{(-#HK{i87{SFJYAxwVh-){x;rv;JyhR57hEz
z_ZucRHqg$ba&QlH#k_a#6QkL`UgEkhc_;ars0E02@$;2#R1}Xu_`bX!A7X(2+H@Oi
z;?}76Dlxs41hCZ|rS$M?l?(vYYS|6VjYb5h4m14IbEYn@e%)Q2O7(F9Wy1*pL9Mrb
zsL{9Qk6WbOW!|eRMnIm3K)5Q~9yRiYe{?ZcP&Vu9I#vb0o+7JLhv78(=p}`}hE|D3
zNE$&yBN{h)Bd+ri#Um7rw?J+xCw<VHZK;)aq|LtUw~;FH%22*fRrNf_MdWRB2PK!<
zA-LJ!8%>LnlmmFsXnM@>ALd_b-r6Ei!Y|fq5OAyZ&DH=Til{WtS(0JKf($gl_vw9e
z=j@J7C-5o3xKgMzJsrpwFVr-Y=shn%{|)^2(_V`biVTpD004-F4F)KQ?<-jv9!%&J
zf1G0f&;Q#6%%|a1dwz04+Q`$WG6i5ieko6H!iT?9%<He1ny@rbzpAfrx?-R(;Iz@j
zJ4T?-8`g)VpinI%8@Mv1AtB$-mJeW2l9bPWX3PrYj#~6^_sC2C&~BL+?K?K6FYJH*
z+n2_zWBh6b<y<Q5_KDODs_Dm8K)z}q=YO5VBnBmOjelYBn4axQ*})a~?E$j^Np!CW
z0Qbh^u5}s!a_*xDd7vf#&F=5UJN^o*?)4L)Gk@}9|5{0>-BygQQ_B!QX+Ogs9A)+h
zP#4)P-=sW?Eh?MjU*B9zODUcuhzA+>$KH-&Awb*`dw-#s&*fB2-ack$^>i*jo09QP
z=KIV3Wq4fzh2H<d_$i)bC7E^`O$z)?KKVy(8Br4&Rh8WXy}0T)xS{HaRiSzVTJjVC
z8cTzzCae$cAE5W~htfXq!8?A$C3;>2>Q)%TmxJ#-ya(7!juX)q3IcoBIuUP#!tWkS
zR+9#r%-99A>LC*kKCm8(-tmK&1&z{|-a;b@9q0t5@>HFZJy2yw0TbER5p((u;KP$6
zC4ib0J#uNTN%@KfO%WIKaCN#5Srp`#^NpOISG7-2!+;4VU>Yoo#I``tSVPj9^Fqz2
zamb|l&D`S@WC*3~Q{;a6OMSk9BpJ6_a;lGsx`fOSSoU_p#)w~3z+lpWvsr;@l{>(I
zKza>F>5f0uX{rLnt$(AL^9^l%%W2{4y~cFth`lTvlAn<8jv*q>S%abYHtgqP`R$@q
z=wc@aCP#tG7v`3~<?x(|Kz;aKQ=6RJl!ww*Kn~Ogde*0WjtRV{Z36T!kzpJa0<*IY
z&KxgHm9LvTI=xL=P8nVcUDN1q?t-s7ciq|7B=yPcJf2j`F0|CBR3Fj40-)}rE`b-3
ziw&aYw0-RI*J&R=M~JoJ|3EN#?yX(=^bXlKNWJm6%g?q^Q7M4hr0Nq>j!8^5X+Zzt
z2cEvp{lwy1t?mAsyjGBHY#@X>?aLp$T*pR{it;SL8b|tDgx0?hN8$tCz*T!o4w6`%
zMP&|GFv5xG-&4AcN!&ZSz&{!8SF{Pk8Gx|c!w;Vj<?Erf>AKrRo>PZ;Pb6poCjMS-
zlyz=B?|JuqSIkFCoP%GdbVSm{Yq;sjU?8@J<GTiG`C3`o4-8Toui5(m@99gQX6}LM
zSyc+V-l`rqY2oh-5zJi!_p{La7T!@5ufX*qHuY|GbH|0>cdp@j+W0<lk&leOR!=@s
zcQW+5Kf=2Ikp)lsQ9gWML59P)rshyBU$k5fDuH<#N7t;(3F$G;LoExNyv2=ahpBpO
zuDmW`RcWC`&L8rieiV|Dr_$~I);g1cf#S+B&Z`wc1QmYfa!oD!w<tXD@4p_S<SZ{R
z<Gat~sfQ>7<6gO3NYo*_*0-$v%K`xVRNYzSq|>)$kAol<e;`gEB2^<PT1>Pam{dI|
zAhrTE(UyBPOL`u;HI{n2h=nr~A!-IZdqEIkfnxgcgSM^+riLw1)C`j8x6ekTAQNgj
zi|!v2$i$bkV?2tshidi0Z1pX3g>de7^mp4G`rLC7ApWN9{65-WA#F{5aqSW8KnSd-
z`!((#%5$&Ovk3WI=0Xk<gD_ZNb7?;6^o@rHqqavy4IKf^<0rx(3UA-X1ILpu5&?-*
z_@7|l)ShIg=vIBr(qnr=cro}RSSCvVsTm;RH30^6t{?uYwWi*UwZXXPWY)ud=ry0L
zAVxGldlVB|Y}HY-w)#B;wu22k->SljXW7gpt%+0ZsRgIOj?G1=cU${JUaUxxQhIlJ
zW-(MQ)%m*fOLZ|+f9GBJ0hY8>dX_?t#sLD)C-u8b6d%dCS0naUx>3rs(oV4BCKrL_
zHD*uu8fB5$Z(j&OnW!tP_ZPsRU>fIED$u2+Vo7DKExfdFx&s({vrV*I9k+{2ME%}u
zModQ*vWP_<R^k>8qMfx^)_A-8ADz5)TpYpjFS<AccW2Sy?z(sg1b6qK!Ce*t2_(1^
zoZ#*f90I{5!QI_mcj0Z$x#zw6e!p|>=iWPi^-NWFeY?85X1cnjG!*%D7OKH8fOk}#
zY%Rn-)g$0VyOXnD6L9<S=SEvI6JO~6rC=P8kaAM*#L+z|Jo6YSD31gVC1Kk`my8V%
zb#HZLk%Ne0mJB@{h&3<{yk;X8leLwALXV3zTcwov!KXRUl9@(<%B?p~gkfX5*&L6O
zhQbi7&2Tn~p-;q9qP=0ptl({-qSPS)+8Sh6hhS!?1R-c<#{Z%J$>eKJN<iY73nREs
zIUcCq0t5*<Cys6DRd%-h?dI7OBC<yl>ux^EJ(eqeeSUu|nlres{PO8}h|hoKg7?G&
z;}6c@Hu+f##kgRw_H{Wq=y=t>DEo2^%Q}=mp>&;#6m-l24(k>wke)zxe<lHOn?>?t
zlVI6<Rw^Ie{{e?%oTFU2>o@hTJuV84bNauxhX~<5V&FfZ2MoV)j$*2a$vJk*PDj8e
z1!;C0W>o{q_jNhJUft=ZS{VSy=yGPw(n|jXs?cQkZ}@W~nDJ^s!IG~%d((-@4=(s*
zBiQ9rs5Q6rcksRMNnSadSA|!0VqX}Tk-&jx4Kj$hVrK5YBT8=LG$ZEGQ&!ZW+G=`2
z`l!w)(RvSXQ8Bm|@-&k&mY(5aIrQYZ{9se}Hm|<2YP=iiqTKD80-*C^w}>SM^x?Qm
zh>ZHM&YjVe0>_p8!T|pH8fUbqJPrNc-m?Q{JM$+m@}YonbdGib!dYe1t$2#&BVQky
z9=&x(ue)O#3mKt4tq9;AVdhGG_cWM)%ck$#$-TJMlG{gWiH0BCr0insdd=oPB<D1M
z6N0Nf5X&bdCG^SO^F%rIvjodMjoo5%YQ)1imIL0VH7@a36Wu^%R8XcyjJG;C;JNqD
z6_+!-8MsYq=bk1XguLF-XZ4X8df1O$xkhW|-X#Lg^+sU;+xkQSez0y{(D^45lTIAd
zM%D{M`N2%1_bR-h(}yA%I-e_Fi3B#}m}fNAKhqcBSx)<5l~%bdk&y;<*otr|%<MNJ
zW9OU}zuM|wD;p4sx95sJyH1EQaS(A-!-Q;Be%FDGLy;Xwo^e9APx&LAUHUDyzqjot
zE?8vtbw)9Bh!ou)0!e(ceL$p18ZrqR(z**X25vl-K-#FVoRR;*Hdy6J`DTHk7=C{z
zxu7Hb?3)!+FxYACVe{4RDfbtWr3?2T1OPxc?N1g$M^nARe;XdYK0!r+`j2m}hc1DT
zvj6+51_k9G0wkZSqjUf7n_)R#?oe4$Bk8};-CQs*bPL7P{xFCqg@=m37BAUQ7R;;^
zis<^Y`=_)BKt`+4%KT8?Iai~(>=2XshQm)TkW!S%6l%tFc>eOXDK>U(>mt4@=07G3
zSr3W_9gqUV;(oc=(y>mqz;$;Ki`iiolw9si;|0DYd?Ihz+S<A~rpRfBE&$f4+}N%2
z_>@>Ci(0bE%gg1SqUGM&2sH3H!gq^PoDLIu(J@D6?T(yuFQcFN+<0GHO&V5X0#5U3
zN>>EYo6sk>+6zyKL5+D034(whu^;(rzH7cE?uyERxSh#xfxxY`4b8T6s%xGZ$bcXm
zf<k_!6G5`_&V|UWGJVz<de6=K@|IKSI^D9}-M)#bH()DYkIpNlmMtr-DuRIz<OZ=@
z-{u|wuYC+KE(NMM*wX^Figt~6Y!oTOc`p*z67ncV9GM6idJQ_25z5(T5D<d79THej
zdfq`YS56fTS~|q}k3b2VUY-mIL?Na3Xa=1UwWIN8#~hV29jgPCkE>-Z0c`vjfc_I%
zx5Cd?r#_H(5>E@4A>?Z&J`*FQ_rl~sJI}@k^8s=!pNJ$9t43$qbE-oC?@HwqJD^^?
zu>P&iH}x@=@=$@&I8*E%F1n3Cl$$r7siADPa{x0%@B9L-04_oBZK1_D-dP8$AUUYD
zMr-es>d0+=G5(rkWr+{)4cAFfhqh&Wy#0RRT;5K>$(IFO6){<ltv}$i6QX~v@c3Sb
z3JW2)#f{iGku8lFgibb>5tUPx_29?Ar91n>@~jl=Z1y&h9{?G)FkXC`nVE?E&e%zz
z(l@cy{d3s1wci|1#5=i>E$-24jKUAVJA8C>^u5qT=?_d`QpCgByH>qZAE^m)DSGV>
zKiyTU-mCvAMh4*P40JA%Dx_*&O!3Ysfh0W4yVkH@Z`o)G+xl(kEWVnwgo1hf9akjc
zt1tntDZL8(#*Dx+lk!BMd@Fms%}Onw<RmtQHrNkaiwjYA_|~bQ4wV#pXr4{_bw9vt
zIBofAF50W7xlq^gLNlejS#>N$X|jIydD7ail#d(~KD2(f5ER4`ov(AjQCzi?Cx;Mh
zw-+y;9aK|$Upu>!Sv{qfmjBR2Uhd1=$&EgnM0)*UKiX&sU^d&PSRlLcX7%-EaZ3wv
zsSj7hgI<zW`{|hfwV0o16Jh%249}KH^>K|cTc06Bz}2UfyS+x4jAGK5x?T55ibYdY
zCoHcz_vrT-Dffh=!Qr~e4bFh`8vCaqWkVVpSZQ{fDo7CEV@3taIwD614sQx@>E+b<
zZ|m`XXqB>DfH2IQB51?E>6*Yorl7Bnp@3UH+yjlo0{3J)Pr4^xCWY<rw~&ImQRecb
z(x6U(Ahi#%N&Mb4qAUoX<y)sX^rc9eS*-U-g3lCd?{AhZj?l3Mt1e;yfueH|&l2BW
ze>5OBj?D6k%@<!fh-ddTMXnjk)?3gg!R$5PD;f`!>?^o?o1t8CiEoDWzdw)#huC}d
zj%F@8e)<T<R3T;SBOXK*CXv$~46pRKk@nC4>?8?>f5K}wX}A-ofE7hi*T#x*?vIfO
z4Ddo8wgpIn^PF3j%m5LcJ5Hf+OphsTn8>;NhNu5qgcl;m_9e{wv(~mw)1<FTd3raz
zuk;e*;ie}z`{5jVUqHEFa3gt*KpV1A?W3Ks|Kw?O6MKYv4*wyUOXJ~Q`nVXd{{`7$
z%ge>(>yNBF+ZyrGX%c>W#T<3eo-DMRvRRV=T_8z9XSAa6dxJDI6Z;0ids#)DO;63&
zu_fC>;s1R?uUA-MIijq2@a0h$c!+WeYfPa=<{*8?goU?3v3Tn3@u*kvR311b54;|;
z#2kTmq<F^Wu6u)TH<6$^$vUFFwD?T}q@)gV88{)33klS)PYX?dTq`hKQ1ve8fw1ih
z06SCi|3_W_k_7AQ{Vg5M!}Nuk3WE_xT7ID?{g00yMV*S7@Em16@IJlvtT31xd2sz5
zZGY5q`auK4s`ihjp`>i_UZYKl!$FB<A6kkh6UocO*E6cMOMpMNydr3OoDQ?~Wg0)!
zmw7n0RMJ@^2V8XG{j<;X^O)jwcb+SP^(d2Hv+RmAV)wv0|3dUs_BbnZLjV5OKqPB!
z!u{aH^3aCiUuwW-E?I6EecnXtJCw1`hC%sPFITj8Jua5r-PPYFHo<gRA^lH{qv=$>
zeWN`hrqWn%TM(w~z=B<xL-<dC7CmH>**mS1D-S)Y{!@<BE5f<pf2jq@p{T5bt3F<<
z>{;x7;hRAbXUDseoWg%r%<IW6RE+g!DCIMzfaq~7#H*D4i?rDj#=jFIF@X*CyPdlA
zoDrR#;F-o=b`_NiLQ5IF^>a3O-){f>lhozcp-oJr7Y7CLN$}%FdJlRJe`qfFht)%f
z%MedV&RP`wtd$jPr$@Ocgn?*ILTOhM9TE*6jb~v->4Cslh)|ES#b=rBrSWIOVVzIV
zuR0_rfb|S->;A#I%m3v8;cBHBI|jJ^!eZ#VU@mz#Jc5PLs%zp!^1I`*t~dBJIh7LG
zqq_Z=E7yO=Ivj3=l~WXB-{ilsj?x78ht&;CFaqKDZU<GT8+Js4`&V1!lucWH1WH-<
zCakGX3GI+c8ak+05_s+gVCI${W!fa&4EuV%grtOdj_XeIi}9vfb|L;Awg#n)+MHBJ
z1}f$jmO{>6^<T|9p*6TI#nc~{^TG@Vq{jQD!miJiVgR(h|0X;;lRz$&uJ~f&H`~WA
zm^7YlU*YKX;~11S%|t$_@d~%hFjD_W77LZm`6ZsW8rXqu@Q#@wDI{l(_71<ZxufNY
zgOT=salL5lR)~+%-kuC0WooVb;xtg5!@>2HIo-~*0()R<<|0fF+CcJpS!88bRh(qA
z?}#w#(gTN7y??tu(}N~*P;hV`Skul%n|UOQ(rn_k2Ow|3;NRh222Je}=D57s#F#*|
zmlOApV7-VpZ^6rEXzmXm1j=RwuBKja0(us?^tdPyQ>u+Bw>gWk=O@oFR1On)D=Jm|
zBg?&rzB{S?d^#L7U8Uy3EaGa+MZ;adcX#`&=i~{KV-6Qjm)?4nkOTg#`-O6n0zt^1
z9^I;?gFhhf8#u;hL7N3(U7WmJ-s2Zgpcs`mzf*{_PSAku$9zpz4mbIhZ<qcC&yecr
zCw%(4adB0O0VFrV*`?FN6gzBg(RYn2ZI(oN6@gZ*4{_z%dUcQ_pnvMA@>fjk!GKMi
z@4Q9EUk0;D>O*v|rZ{Up$LVt1v4hkDS5Fq9NkYT@T|Ta(X*1hjXKZygaK48kbLK;S
zH@_TG0DkP?N*A+9$==F^cg$V64<bd)jq8JdK1S8Df+WsxT)$0FZ`4OCG>b>Q$22R;
z)B|VZ`kK)p_^{FPZ3Vr^>EZhF0)y_Z-G3eGlyU@k)v$t`(u}{k`*96@U&!R&`Mk3y
z{x03LQcK2c{FSVg^E9~msbw8@LP@i>k_?QE)jPT%tNl)yKBjM~*D%97`@SgvJV3Xe
zMEPZKRfsygdbfDE`~>nY(&%(pHD>2{7d`c$?s)T;>tqTMu{!t_*1LGYCTkXXhIAR(
z+W|CZTnDVzOAjqJ_N*XJpNEz5Jz8;D9%~T=0>KflF+ZMNf#F!~0Vk_yMOUFccv{dx
zvwuoc9v9X+w$P&y3O+5K9T9hJx*Rc09-bp(ssWCaZt85IN>3_7q9GLivy%n{6-oq^
z<sV{*wmaBOT61pY+{?U}2psq2;I-nuvcb?^YPsV9&(^I(+cZv%8~C1gX54fTUra@Q
z99!maXwivU*&S!{O+Ugd_iYw4Do-;-zR>J!8&wf@eWG@T|3)Lny9XMmkJJ$;j;P+0
z5h%w+H(UTVQ#$Rf1V&{g8%O#_FH<fzF?vT<k^5@)tw$cbk#)`7OWrW3%r}Q@kGUua
ze-~JjFe*djQaTk)gH{fxh(Fy;eF$#^&jMqXgoDImayEV3o?2!{j?b`<8pPT^SWEo+
zwBmQ`B$^g`Q878%-@B~Qc@)!{y=LQFpS-1#BN%Gl?I`>>J#M3`iq1_5QiskCIs&~J
zpC8JqwyR0ngq)*>OQKu6II^hv(8()D{mKJ;>Q;x077U`*A$`xryOZP6QARdk46|7+
z4uMsUfv%a^PNEBtTq6_bto=o5V!a|ny(9MH<$A|{)vU$lw@%bxU6@ly$=w$RFl8bN
zZf!I4wcaB237op9|F-Z%1*mr3c%*$@VRA}|^q<}0|A7K||DWR<{{PVq+MkWv=9I}J
z@&Vw2%u4<Qba?I3-jI7mb6cVUoq{rj*C}euJ>9=QBc*(TlVfH}o1Y{unXW9mgpYr8
z>qzyVN%-M$Frb!`gLv<p<IqIs$o6l|-Ak<zGXidW5S!1WVS@S16-khZ7ativ^e%vJ
zDTkVN)7t;~=WDR8f34nj4b2<3kj9RiqAy>(7r(3Tf8xVB&%k=y`QQs}f9(s8i|fOl
z02Rh*XNilw3aSJj;_45{$Re&L7+HLHcL}f3DQ1l1vK%n;D{x1fr?mqd#_gMg&|a+D
z%OOiY6Y?bhYwyR*VmSXY+FK$AeW9)FtXLJD8Zy^_3}b>p*#_bzbDRNFs#(|;>$O%G
ze&&R2lp~8_)Rx3-x+{e$4Q(kmU8?W0=3*i5a5ovKNb^UCdCY9~l!7eicR8pe2cpE|
z*y}IF*if7OF#7W_F&aRdK-Q#C=8OR03X<)I8Zgj%A3wXrZ|_*hyVbbeSmLQ$#(hya
z6`^PK_TGBB!M|4M4E2_;tG{cP>VMs=>IRgTcx{Lie{CDi7a_VQ<HI@TgRma5?ErXV
zrFA#Ns|#YAu1CfD^WhHs`WAClH^Copsa+Q*^*+_8yCiX1Q;N1!1N*>eb+wx$Apq%!
zP9Ld=-l699UH{C)I`Ytd%HxGZ?@^j9!17clqwsTgRtEy^+vJT%+N^u_U`w9ipMI)5
zkq8M4dQ#0xo;U88)TB^r=sEoO`V;@GW5>*E-<=|aFABp}CXFmK(Naq*Bpg+Ln3jZx
z&3dcOVr4!2p=`8n-aFoo9E)%vZ?@Uh405DoHJJQe-@3sayG%`wV~UmJkVVOQI6$Yl
zX!Oy{l784B=F01Qw0z>AJxFqhdvnS-wy}tRCDQ1g^r8=?&s#d&a}9o%{JeOWw7vh7
z*UDKSTs7qWMIj<7ee6B*I2tKD3ie_D+7s-rK-$Oh;_MNG#4LDJ>E?i5-pd+tZogN!
zZ{wlSjBY90qtGes@Z_|Ky&k{pZV^_Za`KzRFOQFDua5?R`d)C$@tg?WjuK~&qVrJi
zZGPF#TJM3fud?bS1K7(`CoJC-q!sw0KOJ+~HQ>_LeKIcR`)W45^7DOq^yeZ}a|Y!y
zk6m2Hz|hZukz#+w_X#+Rz7%oI9lgx`GP(#odT^1go_}3gb*N8W+fi4RBDXE&`9j;$
zQvx0tH7NZ}5U-)qSf>U`DXbSLH#mB;cp$jypT7Filp(MdD0QRK$O&i~=8UE^)?Rul
z^9zUv4?mo@s<$hdk|2?ZvS$-(xlf?qSn9JdL}xY9DM1?&P)G{*o-=ivtI+F*6~*k>
zQi%ae)^VE3l;TRXhqj0BJM(hg!!`9wfJ+)JP2fEx`pVjIJ$iim!wZx5k7N$$!5^-k
z_=>+m=fvMS`@VfueD1;OJ_h={{laMptMoKEGJKawl-~3hUsslGBUhKq8%?=(JiKg;
zm&*ufQoS9p#c8mT0^=psy+Fk~h|4_=@<uA!X?UGxiK(2c^ZiEEtpKxUk!1pifLT^s
z`Z?#PHh91hq5bidDO@l=x^|nYC0wwls9lV(1>wK5cI)}pjJ@&;fOEwb?o6v+uIhgP
z=NjC2sn(DETH&}|ZU{cFftcm}*TxbP@2!5Ok30a{4U34<<Aoe7ekK6UwV3(vUA3BQ
z?cuu(`87RmpnI*QZaYXmY?}PauA05?kb(z_`e%TD{Q248)@xII2?a@e8;RE&qqsL;
z+l0cM2M%XpB6r_0dkc^N){2)G%m4v7ZvR_^Ak&%>JhF9V^Is?V63w4XZ>D&=6Z}H7
zg}HZ#R1hOEYWPfE0)(m$i!Fi+wGmm}%!fbB5*}Oa9X2eB;;^pX^}Leq8E$F?dwCRT
z5|bmajV%;E6S;a}SM+q2fmv=N!WUsXq+GB-R=vL&x{hw(Xyo9K&B<;lPz^*rz93$M
z#G4*TudYL>_LnIW#)OtKaS%!0Z#;u?h%!A9=I({f)`MIons8rQ+qxY}JvcZjg_HT0
z`x&+xSX5-q3I48zUugS^vKAKj%O!tk1>kyF@=6`GP)XRE7UY|`i0YUGbi9t}3Jk4G
zCC}LdXc<MaLM!G2?k-=%dp^dV#kJt??lK%>7=$PvdzY=;uJ?6TA0|Q-4LfQlC^cb{
zF7dpO*?S~>3m5Co7QCNY8``ZWGU{_P!~#A(4!xTvZ9w$jkFi&UxY}5$(w}5`zoa)b
zg=a#8ABU9x5=HlF3(jsaZ;-(Y6ez|A#{Q>m#<0GrI{h49pD;`AU_J53q^}g4oz;9A
zBD@2h@1jqudi@;FWti7qOAb3VP4RPD?Kz`p5!m}B3bXE?vZR!1SiuE%2y2Pg-4cH|
z^OMDQf?zOt2>!zC^sTx2-IiQ1cWb8!nmB2W{j2H+G||u$Ge)n=hj@GRr;sK;Y-4}L
zzW`PL0&F{3ENwDbq~lL+pjvV+f$=Z=gTJFQa9Z=^Vz|wo%&ugsbK*=LCdCck3;9D&
z*lpkk<>RHXo{1l<V<(16fBW+uhM9fdcIO%W?UPsW-P8Ksa;-h@leOGmK}s+|$o@^2
zha(M^-Z3*25Zm&_M%BOAd||R~&HMwMDFdCbz(tQImkiiWe+Re@ruLH_tq-TF*wt?X
z?5U<zZ($lc>-k}e^71v(3!bSA{Np{2O+SAq9Dz2-s4j|kD`5u^Q3gC=T#vf_97Jd_
zVu*<5<r01c%<S35>I#HsssIDF>5fyvVSbQnc5HGC$pb?wm^WmyS<I0OQ0VMCZw63Y
zyR7K}Bz5kX!(1kTBfZE7YLEY}LZKqy70msf1GHlXAQ=_`BkbZkUrF|K7Jar@RN~F<
z3=Yw*zkbK<8E(e`_?2F4t}FFn(uyANnM`?7-aJqtQFy{sGQRAAK2XhQ#$2)frbiBr
zY4}&@4O?OFd>02+7@A~!*aql!ZKZ;E3Ne>y>X#q>?KJ6swLRcE?}3W1p|Fi&(E2_n
zRw@oNZapG?`GFd-RIQv}mXUqWD-jP@JIY1!h-oiZH_<i8?}p5G$XJgY0dlEg65H=4
zQnvOfQJz7OkKZ5zoEKkl{uwjz|HVo4by+nShEg;Xi;{EkYLi#<osGj-fP<YPv}r&S
z8CP3)!b{R>ih2xK<b}{|oY*0UbX}&><<x=q*xJy<RjR}%oXuF0wKQk4;M&wZo}t)F
z@(17V*f4H7|83zUB@w{{AWa`=%N=MC#=j4lA3<R%R;@R0smsn;eZC}O4c!S@*wNS-
zDI<V}A7E<u4M62@%A%78dQUeil4T0&*({31u7UDj-lb|XCGSvu!ZEZ^k&v#ZQu_VC
zeL$^~ufd-PxrWb{S}N2)`JEkyb<m{Is~fqnXO$xJ9s?kX0qniUH=WLePa@s<dL```
z{hE^8Ve)~Lmtw--9}bv%Wy$Y@WGj4?jycr;$7<GS4Km?6lG2P!O9|93)`WNIK3<L1
zM$^-JaAjQ4^w+Z5hwHb&!m;CZkU_0w=*KvJ5B9^#_~KKwr1|jm=*n(tRW-gh6D*fE
zo>n$QIdZ{fLmaO$I3)zSp7GYcg)^!N8>ETEk#>x<^jaIA;2>6OPbs{#<QM8Mg50;u
zj#{k(_;T3$L@K4k%CQSaS(9^Y`kY9}f(PJfd7tl8KM_g?d<(s+0*~vdBp>$eaSQAW
zcrAQ%lf_OqnNHBx%r1c(OAcL@v&;a#@do2qIB2adJqd3JCFgu`b{>u$K+|az3l~rz
zs+BlOL2A5-N+vZ01Xy4SZF9ranlFpBI;xsxa{zgV9x$H-jC68>qNGlKcc4=*c2Y`=
z6avMd6?VrjTC)InVN+zD3e!Y#>BzM3%6;q|3rO4NVa#v>$?pp(hq5GVMe0eW_C7bU
zD_BT+bXwPx6l>Q=617%NBA!#NBCgT{tcbDnWgaU3cFo6m(ys85SE^!|%z_YEVY#-G
zCDs&KZ1t=}U!r;ovVYd^xR37;o+%BhjghmUBr6XWSa4;T`MWuIS;FS`gH-gLJ3aEF
zX(W5<*uCW-H(oPGG4lG(0|tpPmNGx<ehI{-4C@c${K7etGpr5eT}-#8muVNFjILqq
zW6~@+L91JVq1ZphYv3lv?PEYUzpn>z+*(c1fs5N5bq)@9U~A;N?3^Vv!-;`RErhx+
z$rb_Ma4gz9IHct}14cGH!Diw=tmZ$^4PjTnrz%8+aU6Zo;-R^M$`ok9PoiC0R4-Gb
zKT+vC^z?|QRqxffDP_Y@d>B=?_D0EAD6B?awbTm(Yt~&vu6FmS&Qe4SV@EaFSe^)U
zz`<5fxd(WXM+~-B+i#n%rkqZ%A|1sdfydJ{xBwa)KsS1K`#r`sH5|VSqM3q>78`uz
z5@xN-#g80NVJ-Z6hjWwAwu$|JwJ87deFmjy$#<Nv5T->BUJ0(yo=3A@<R(-}1o*>^
zy*68u@e8h@?SFfu_dhrC-^xifV^1pxNp)R!%Zr=4sA`knKG@mtj34bwG7oshY&)Vq
zB~&9YK<`#kJn2<YBK#8a+3m?Yv9)fkD;9HdqOb@AE*tneT13_6vzjXp2C^wP1u$gb
zNUEqV+9co3$JA(QF?2{f)nw7-n$feAAd6^doKSq+=@lNZ+J5W2PN>zC^BgOj!0_}D
z6j7%HxrCQ~QfX7p(7*$HFKn>Ge}K!Q0|5dCv4fcgu>rtK1nO6p2;Jcjz?TpR;G6~o
z$fN#0AWxO|9`HmAdZtTUT?$YZaybyUElKzd^B*$fS1@4b9w2xX9zg;|uauvK#+@h2
z>JQ~)O|+YRAM!#8-k+FzFTI&)kr%fPY21e63+%4)$jVXI4k{qIR(ftWo$JtQEXiIR
zj!paeM23x?1QZ3lz?~f#<FJ6v@)<!(ht35@ZW0a2KwkViekwv{kQd+?0ZRl`dgo25
z#APDVplaY)&=RE1{kC<8PMsvB$j>>rpE5OgyZ=UuLy}{8N_|sQvXrgG<s+Lusy@MQ
zHA&?+(d6{>vT|9k@ifx+S#`I%YTd`*v!8(57S@~JZjL^XPx$g+U{Qjz(LnRw_Xp=!
z(bF4yzUOps4kMd30$wleGht24i;7QA(0lHIoJ*dQ@9R5@?TwwX!-e+`<Vcr8&=mcw
zgH{Fa=8o^2GCd<+Ak%NPmOhx_$Lz0D5J3UsTP;2;(6x*DeYn8Xb(=Om0LcYY+gPVF
zAnfePcOYgQnL0m|RgWEFs%^s=7$gfp!)4NKkzNBjEG3?;$rg2-oekp-uZcfBI6&S#
z;?=#p*ZGtti+4V5==Y`Nha!m`*LKAXL#GiBV?npZn>Fn6xK3b__3v%GHD(S|Xu*EF
z>7pJ*vgh~8vw^&siravoov@g`PafXSOP`fkwrMemu-D@=QGXW4z%7{OG<XldLrPg^
zpJ90`7}pQ0e=(gZIT8u{!nPE?2}C<6CuI=cJB>NQq}nXK?iz?y2wvv}`{A`zv_1BQ
zYb;0$Cv`;~FDum@d`-W7tezW{&UwVQz?^5u4K^4V|5!gr0OyJpVmge(bx#JW3N;$4
z*k40!*_P$A3bU37%&4D*vu#ndQc?K$*+}(_(Q;iYMJh4!qbrsf!2P=i!l|cfn0_77
zkH(A{<{CqIvx_N&JmJbXc^*rGh?UoUPu7^?AL0%~yv?{RuMzcJj!}4gMI(Ur`V6)7
zFwpW;zc=<WO8CK!2$%DH6I7C*9|O8pl<T*C=#8p}H(EASfP;684hZ`hzgpvN#v2$Y
z;*XHum4X(T4Ag6bP3X_d={1&-L93*z7CfHxaofjFfT$aKEnTNgeCm#0;F{Rr=n?%R
zK!Z_Xf2Ir4E8`W#?Zs}c5guDN#`Veqg3}%EtFYoarRsB|*G#cF-ad9Dos*{$fblpT
z1v=)g=ZzZzvAVWWe%@fFAIcWx^ox{n>OQ6taq>0u++?7+LBF*%X@qm*5TL#9@r{^I
zhsoLC3L!cWcrT>dbr$OISp>p&k?(Y8sW&h&$ns*O0yp85?LKevXSA1<i#?^4A~HRp
z43j8M;Np$}ENx~KTz>Ba$Xr}UajE<4lk^K7JJ?p|I`x9K!3bfta1i@VzX3|_&SX8%
zAa|A(N3iqgqpH*U4I>Y+8V<#X^z0PcDIz^LDPKspues?GMX-kgs}*fD9Ee<)<4(>G
zo=EzDcEd{8pgT9D#A?76(mlNUyz`2}He^~O2l_iRS=5(UwHO!-bVZ(p#mLM&;-7Ul
zEZD=<a8^VI@W)V8FQneNosUW@LIc0%XxE|(Z5`*&dl=U1+;bn>J8x}26~A$1P?I;f
z-8eV6nM?Y|tRVn3NLFGymQggdVx$|r>iWU(Bz8%GN}fG@PE)fPa(Vyot(LJ3pW3yB
zT#=SJG*@zcL(S&sfXj6Rk*!(1Jq?f$W4CFe!O%dDhNlz_Om{yxeYnOy=M4ZflYuc5
znvb<|*Bl#BD(cWCy49JIiLZq}=c{sl>EgVw^n2hi3zdqZ-;-onTz`YV8-LQW%7@zj
ziaGNg^+ts!z<}cyHoKZbdc8E^^qe)<(8(3Ea4snI$98g+gzqBZQ@*LA8Wrf{`Z+J$
zs_|{uqyjNDp($&yqVM}2{5<%!0?YLK+VZQ;Bzgrle(-!I``~vU2`D1uOY$dk-Fs35
zUG-tWa^8$$Vu{zMI^xWfUy}yi8LrQ^`L-Q4N?>$hu^!&~z@MFzV3S7l%sNkByw74j
zA%t<4vn&A9e<EYUC9cl$AT@F`T+f!nmQDK3tg|ENJgadw|1DPxtU>`^r6(#fb7qRR
z@{?@kMXFvDurthWx07<S<O5$b*M9!89<FB(`JIUlR4oC11bT)hz5=m&HYOoN9aY}G
z$~8rmq!y~2-oF$JeSE?Lg&*ts3;k?#86CH3J~`*DV4sumg14UL@ytkG+v2;#L|5>2
zAPi<s-3;ecV;%EOf-9&TSx;CpOKW^oe^<{DbIw7gX#VZdBMN!vqTce{a>zm>?UfyU
zZ9Twe2>cGnB%(sB60}8w(1-QKf%&adRDY~|@|z18c7Cw!_~$mp>51-GQn(I0Q1RpU
zUeX`ah9{rGQbLlk8G}wdw;>nze}q@G5stNEk;|L~^9aELdDG-co}a?V&e9o6lKv`9
z7p63j`J!=WtsnIt>zbjg3z|Ol55636GTccKA(*PdN>wiRxhEI-+g+%)VF?PaJkRhH
z$0hkZ>ecKDjrh+k<GD}%2OLUpXV&6ovENxg8R5M!{Lv$bDfY0^3o+_#X>)V38R7fr
z8nsispa%7ZD!sD6DIKJfa(VIQ-dK+t=C6lFDEl)!Su?}8AIJO_+j4YZSrE$s?^*~z
z0Ur%`Rd2SDejM=3Z#&tmNVC-mkbg;Bm9tY-qG@6gm#~F}C!@uEJH{-GPde`PLr6k8
zN=vY72Vr=jJ#9ut*~J3wOD|;HPtUJTrinnUskFQU6D43jdqA&Wc{HFnc`MsOfypPx
zVa4!h;{K~EVeuu-FqPu+;>H_i5u$F%u2L0#B=~wUKb5}&$q5@sBE32N8N6<HPf|xW
z&az3=#8E3|_`rsIaZ;Ge57TghB^Kz|caDHMgt<d&_aW7GnRPCNyDVoMW9Sbr=@b!Y
zT4O7GcX?xPsgxi5ib3+**1+}k(<}FG=Z5sRDz5s%E`7@EI;*A?YcpRZwro)5xl<nG
z_fHTXCh<VdelMR~XZ`$phD$Gn;hCK);eWd^gXiHJFG;F5KNkMBJ|7a+8^3~%U}EFa
z5al#za<y2{82m+)d^?EXv>jF#-#{c;&23xeZOY;%z3RhgX|NS;U=JzD6oo*TAoIw<
z7@*CHvj8Is`P(uj2Po==7Y`}A2}-v~iT1B2|MJ<3`Nt^W+|Lu;2gg;~U^;`%J&_8k
z#?!rDa=h_J5~MXbWki6#xB~R6vhfYfG_eth&9qrVRh=S^DAj9mTNPemd5Va`tDL;Q
zae$O?&Zd;c$%|kiJMjyeZ&3kdi@uK@i4ON$hFiV!ho~trAP}{oib4WJ8~asDr9S6G
zep*h(#xcm>tl=zOWv-18t`Vr&Jv<U_O$@SXs%aj6pZna@{idnF22En?4ZTamhZn4V
zLUScZQe#xRg@S9R6fj61q1smjPocCCOLAmp(p~zMBTFA$H|O_}^+e6@nRy0pls}G8
zl#<e5)UQ;4qk%gZ&*-q1@~d*XJGm`WMR{weI|>r@Ye3%m2}F`WDgie8d;N%UT{ei!
zdsoComNxaT-OuU98Njjty~y6eJ14j&H~P#~vy>O}tJ&}q=7wN9VS~FuCszf}<QtpE
z?wd|y%76vN`vnAr5oLk%MLdv62va~u7A7@M<O{AO!Kn!&R!wb&GmY<s-L;oIVnGxP
z`0zi0+aqolwPHvJ=O5NHvozqUezfH;H{E)JAE%{2yMQOOcKpB%7f@eY8CnmdEbg+>
zdQC-}>Reni`0e(7qoW$mQuqg#u!Fa|62mjwqtrdAgd*e{x8i4h0l22e9lXMj2tLc*
zYe`VEG&CA>dyx|jEMMYxPst^#1R?2Vbu*6i0`sfc=F3d8p6^Kx>;3&!U>9c`ga1ka
z*pep=a6?a0C3CtVz)@Y&sb7Q#aZ2F)eq~qC7A{@NZr_@;;Wx8U^Fx@Z0F?EWfQWR8
z3e<iVj|8xJZFAxj^#bXIbZLbHi9ioZcgih@6if^=n_0?&fMbiVaKY~)2%DjC+^!#-
zh9$P3AMg>ncR85Aefg~(0HVqZy0DK(-RLH=G@|2V1K+UZG@q~mJlW{f*06V%Mpa5S
zz6P~8s=I7HhD6KPDleJ$g$<{X0`-f?Ad4e7K?9m-KCrG+<?}S80gR`5@kq}ixvz@q
zZuaNzIQs`FvzraA5T0<v0SzzM9!<CQSUZeVmdq2Gwhs3mtOa=-ERkjq!X6sC{`?_&
zsTuv_v<+^pNw43bY(6zLsNb0s-ay}$OLSm{Dr|!!${VD~?7+))yfq9PgAWp<QyT3%
z%K{6TN97m3*OnJof{lJfy6Z3L8hT>Yoo@<yo}S)<oM4AUQ6dlsI1OuC&*Rai5n()J
zO7N?dk|T$3Ach&W2>0RnRfe@{2ntT5%1ePtM_<S<E-1O20X)}guR9_&K^BSU{lkg~
zeD@+@*7IB8hhkdIz+we|^p=W@{l2o^3FlesDN_pB;vk(PWwKbrd}l&CKI1oG_^PeC
zt0B7KIVxEqP*hkGq2i)NA4$UCn8>WTV-uKr&Icz8jnQ*SUgc7#3{dA=cMSBHreIdY
z19M>sfM*A>)nJLc9AFuNVQIYhFA=n8K;5vUUS)AWvuFrFdl0(@mN1xQa@Qty;p5Nu
z$Lz(7RagXGzoy(;Ej@B;aJ@(D$S=HdD+K#z6Vh?LQ6gID-YXqpK4EL!<ea6<<8sGL
zAz(zL?Qzq_q$~=;GuZ{Ox16+PiwA4m?mbSLWc{~Lv;VpuUZ10)!2A0U_3>p9`~80<
c|EGI1G^Y%1hH#EI>3=!i%Bjd!Nt=cIKmV{54FCWD

literal 0
HcmV?d00001

diff --git a/docs/images/protect-an-instance/domain.png b/docs/images/protect-an-instance/domain.png
new file mode 100644
index 0000000000000000000000000000000000000000..249a8a9250c51e5939bc6067c11d43436f2f3ec7
GIT binary patch
literal 13460
zcmbulbyOTd_bocO%OJsRupq&LTadwn1b3I<9zt+}%;4^>f#B{I+zB3Bf(CcX+{yRd
z`&;+@_tty8dd=!;soHhUKD*B89;lj%91bQqCIA4yQIH3#0|3Zi006-Q9SMGhij0y1
z-WX7OuPFnA!IqboQ5|700KnVZn}>%7_HbWQQ{&^~6A%!Pl9B?uxcK|>^78z0e0<#3
z*SEdBy|A$0=jRs^5^{BQH8nLA92^`K6}7guc6N5w-``(RQIU|4Fh4&Z6B9EtGn1X2
z{q5Vg_V)IytgMEHhVt_A-QC^2y}gW#jG&;P!oorb1afh4@$~eRo}NBDJUlo!SXEVZ
za&j^^H`mqG)!N$H)YSCw@Gv?$nw*>*9v-fzr#C)6UR+$<-QAs^pMQ9G7#0?Ge}C`h
z<&%?>BP%OgUtb>|AAfgu7a18jJ3IUM__(yRw6U>qdwW}2TAG)aw>mW$7Z=yk(sFQc
zkd%~kb8{mmCRSZt9T5>xR#wK#%R4za+1c4?XJ@ywv(ww#tD&JGC@3f`E!{N_GfaUg
zD=Qlr8Oh7bXLiAYDq$>NV9w6YWNt8+n*7cQ%rXOp;{t=--C9~&!tk(Q^;I4o9><q3
z_aYc<XKQj3_Sf$dOiE;Q4OTe{D;a>T?!#i6V3Of5fgl)ceip{Z@s|m7^8izhfx(9Q
zUg9EPlq9PhvM@J?8(T9z>!Z!So`anHF<A*WoyJ-Tk9r-AXlF<DMKTuvfG0u$EUEeV
z*Pq@XxRU{ac`s!oWr+U{|G#afpZ=W4K)G;t?g_7pUy(N^jQ){GA`WHD=67Q=&>rQ%
zw9V{E&{X5>FgQPR#&xm_^=KLO78f|fzVdPI?zs9pwJzGh{<gmR6QJ4BT2KA3*xF`;
z@4DKpN7p)q@y)9*C@+P=hRNwx3XzOkNH3Y@j5NdJbqq1X5Bewe-u3{G6`r?Gvydz`
zb^*jkt>SgVZo{R8^1d4nw`M<8EXgf-t!_=R^u%<>78$T6DWdm4OqSv#WBsDy`@VCP
z=?sa_@7u&tWT%oJHEF<KUtT0?Kad*7X=41S`BF>bN0wq`P2tD_Dn}S1_U5IX?<~+o
zf1)DzO+g10lTj4g`ywNgF`aNt1W8D0VR*Y@IR;!tVM;J2By+rh?(PH0xc~44)liGQ
zhww5O0ggChhB{kbq`|UL39Y9F>C31FF_6b;v3PdT#D>{W>p0nv1q>7e@Tq(oj&Hni
z=yW_$R6a}^j4Gmjj=Th)K}|9w3-PoJCrir#@7shb=t3>Vn?0gOiRE>&;>ezbgcBb~
zmH2_QkL+L9(BZ@u6b0d55qyD4w%{fr3Tpm*49<ocq%4EzVc@{g^nW{y3X*6JGGdex
z%;0zm2euY1eWZ@xw6r?T6W`v4IIu0agU9(--N3;J*u{m@hK32(3o=FAOgHY}@)(F7
z6T93lC6{u5T~ji;SrZc|`XKvpx$_cBuAlvT3aHKxV3=6t-#s&oP{{{mp;5{40*}|(
z0pm?ku_J%_{j@IP9<GMUH|$8%#?YImXt{!eX<skg4uQMIv3e~On9;Z@s^FJfpCo_o
zPXoEf%3qBMM~E@0J4ZuB=Q1F>L3@XH^+BB46Fl}ppe_1hR--*9J0tM=xIA{O5Xf3@
z9z=Xwy7<ZS;Icuf$V<nbz98={LW#2%CGf3*mZ-Xj-cRR`4ev(bGVwoKSFHvb8xE2g
z{?I!!T4Dy?3|$OGjVPhUV1ha6H$SCkBGJ2G?FYSSN_9c};f|Luu^x`GaoqnmaWfq&
zh)zAR^;=x%{2W0St?Y#P{aF{m)xxDG&?_uJ)Q=*9;k#HmOv={oWPQrBjVFAHJ#sZ1
zuSY8Vq_`!i;jOcuQfAfp%hAf~r1CZWugc;Au^u5`_-7kmSTB87L_t5>a)D(|7jYKg
z)fxW-bFWM5b;Y7@zo|U$jc*)@6qQF6&2g;1aK(DOT%Al@nXIHNSTasLk;Naq!V{A1
zCv#*k-fOho`YcD>rRql!s!sSM5C}YcURUpjG=O~=LqGZYFNs{0^v82W!NW<5K@*YG
z2~3J{SG?^g6p<1d6D23qR=l7)c?ToHTEkFQa&Hki7S7n9saG0aIa`iZIFGyfY;$!>
zcJBc)@7;$Ehb(Xa0%mf<nL*B@4#0~Q+sCdH2wF}Cc&^D2%crSR9;s=z-Sx#IQRjHM
ziSuh{RFf3$@e5Kv%P+LKeL*USF7!8+`P?5$?$IVHPtlXPZJ%9J!<7x&z^SIGk3CE#
zgPv>|ZGRcnJC*JrvrD4Tx$4~evC1Ij^)3YcrtG9~Ay>hREE3h5_JPP$!dYypLFZF%
z1~=Tg<XxF^^1^1<d$mfUobX0P$5U-2k+0V(x1dHXx6j5Zx;Kd^Uj^-&-O7lzB0WPO
zuiZ-b&HF~ht41q5S(ZxKbBjqPaPFc(?fGNSGW00@cj_uXn<(mT{?NsJ-Q%XBo()WJ
ze1bSRiZI%6UT#i!NkuvNmND5eZl~2Mg7J!!6ZwvD_LaqK-1K&h?&QRa{a8Q<_wJ^v
zS-|ApR<rq$K-VPmVl?3mE;qt##M^KmSHBt{&*nLIBrR{pM-^99TY#3E5CY8s=&j8w
zwmO5Z+W{WZCIuvpn4aO3vMCaF!ucMd)Cn@rni;#Qpn6+*klWVMUxu)(uMUhI!&(&h
zDuHH|B8_&r<~`(&K_6&k$Bkkc7@8y06@uiC(Sh-9shubMy9;itRjRG6?|Mg!Ro=_g
zK-x5><SgZza>S5#Bvbi3(y=Y4c_4ifYLmvhy_shrq&<K;wpB4wuT+Vcb(i%y_mbC<
zyzc_2cR+3yM!$o*?D;7>U0Py(aQS3eQA%;%b6oleitSYj&oADR2=AKjgpi^^GQlM{
zFaDibP6)?G4<mL#rJ<f~3iOglF+H5BA`(91j`;V%Ke8_;>Fz&M84NSTeie}$#?JhO
zu^$xba$n8uUVyCIpE=F{Yo!ZRLkk_w&QV=IUCa-K4!Xrvgpjn_jaS7Knv6{T<WSpg
z{MEVKDz<?V@vU-Wur4qbrzmVx@xey<@38!*@2`_7AssRJ@wKad<UDA_tA#P0Idl4x
zj`t+zVw6tu6DJfXQpG3%#Fgs}nt~*!^8p%i5X<9b={)quKu*%&btVpw+bt;e1F-cw
z3^P^x`!q#=)CYxBcl!mpxI%#}ftxIrQP9Lx?htB2ol<P^*D8996uLDRCrOK0^##`f
z17en$*H6<eRo0vPms8e19C}&V_R;K_qNlg+lC4DZRQ$B#sJtkUS2<}7A1tQ-ntwm~
zk|v<lCYL<%bRFZZ-(fHa^?wb8Bo~Q0;&_vfN!Ae<6KO>rUf3Mf8x0{;&r5rpUsBYF
ze(uh%ztM2@<$fS>seF$(QdzF)Mtdo22qtQ6_ROk_f5H9pK7a|7K`~dm;(;rsqB1b>
zS)x}@(LPFViX2g9S{6%yso0|;4j;(k6CaKrFF*950m-TVJ0TLj&zQHyRC)pX<@2+v
zgM>@(&lzux#h|&5;Tb>7^d#p^AHwC$4fajYR(jlF$)OzF1zJQ&R~mc@1(W*ESozrP
z`YlpktB&}?{H^2+YL-TkkUAx0E$|z26m2clnN`<{t+@aAH1(n!BSLVizVD<BKoW^5
z(iL<>CZxk*yZw4KLcQ!q>f#otU|0<A`-#I`U_cuLvgah_Mex}BDOQ+Ra=kUzyC2&3
z<raTf(*4k<!2a|r6q41c55|SKMu5JnJSVKCSvU(hj|yod%jD#~i*W_o0t>Mj<V1FN
zsvkroZ`;6#wH5~eJ@L3Mv;6we2O)-ZzSa8tjx|ezE%YweW=YrH{UH|M@4(aAy0VCG
zD0*|8nxMKJe=%RRU0OX1P75tUqPVRO=Qt$6PJ(5qX?mf8e4+$$TiQvAR9zjoBtV%{
zvOkkghfyD$P!U{96Ec$`@^C^PtVdZYO7Vi)%tUJVfzI%7t<#B=|5+&;`r-q672CPo
z!6L0i?CIeDS8y-~+Jd9di62kAIWwi}QOcsoqu~E8(aZ#0J7~~_S?|ckj-ft=eWppf
z^gQoGQnwS1`QqLbMZZ44AFBpeno&z*XdGpqJnkeXx05IytC`&=g3^-hROSPpENkl7
zD|?ABSvz8>RjOeC8^$vwtrBIZ!3S2)`~Ol%u7<xFZgI@Qx0{Ron#ga6mK49Jnu%GU
z&*6w5!`{(>Kt7F-mfr@JKJIw$AXg;+I75M_rKM@>FAjm+&w~<%(7lTxq&JeiE54$a
z({iYV0<n-RTgXqu(-FwsQ|s46?&hESw+fpnkfwIm>yfbWRAsF+EZ;ZRwN;7{&X}ff
z-%B=a8_#LAfBUiJQ3oL<9bgFStJF0n{<|dn9z5tS5IAiw1Llb^wZ{c6o87&YVP~zd
z!GW8WWiuuOGQ9j<hC!GWB+L()oyGS#_D+NwHaT@m10s(uXtG_w>6rwQ%KR!$*|Rs*
z<;pKwL3RZ}Z;YdV_X?7-RVWui<n*;i$kn_G%{@O3!DTHevmBxiO8cvi!oGnF`~atb
zGGTmHSoo>kB#C%B6R2p%iFB2~#8^-Gzczdi4?~?9zn5f445DiWIsYDh{97zDp6@Mc
zy71`p{Ba5Jl>+bn*~gE^?83x}=)CC|$uEz1gn}7RlN9oZ;&B_4+IAKLgf@c(`R10N
zMS(lM1rUcG)s2RepnAmlnGY>E5m*s4pY!O7$?+-d%ei!B4WK(KmcV%TxXO|Uc>qQt
z>Z)pIwnCmPre(9ax97dZF&7+nj?C{HP{Il401J{xq6W|~Ujpkh7tzAoFp0Gq8)cFH
z^<sRW(9<%gF0_qX^V^caR3>G4`L|ptaK!1cUom8O;mPq}Wv-OF!}{&<AKML%Q|JZn
z2e4ubM%|-qyklXN8wIk%wq{XfJ=IX>+*}h^ZXd$5S|kL7wjAN}LF>ff{=GQ&jiP0A
zbaT`{Us84H%0VEYyQ(KLTt?}qg2q{yUF!I~^T~3tSjhcjFHyYCKYLmI_@d`<LwydH
z#iY(*={KPLo>v>S!vDvuH-r#*RE*{@IY;r}^!F~okc#cy)b<sJgXYPk-XT^UfwHNK
z88DC=G)zD7<8xoes3ZO<s?l$Q6Z>Pd4QF5oSc4=mZPZXy{hLRYL3m5qE1(Q+9r0a3
zx&Ex1`EyJeC;|EN`Jh&b1Uy7)JA{3`sW?CptGPiLTfUi6#tom^APhmEYGq=C3_0*P
zJ;QhO{}8dx%t-Va)p#)!BENhkS^|Z9K=MzD8k~Bh#`pQ*tr1erdIXo<8YQ{pNgY}$
zJ~Xu3IHR_ron%3W8P;?q<<)NfBl%s9=u14CzPq3yB_2huc_>IK7N9$mdoKWtZO1{x
z({EEgX$XrLIZMNvgv3NjDDvLC`pBq!723L~E7#<J{{YfuXoM#~@C6huwnp@IUCJ|B
z%DEtr=zV3KSyJ`DAGp;1p5GcfZUOP+_>k-R@K2_wn90c4mqwyH0zwm9Kl%Ug3Ku4Z
zz5%=mg=a`=$l1GB9-;DcK%kHh3tl5c?F=^%S5rjd6rK{zyq3`u4}qXNXbFq=JUrJL
zqTnOAkY_W1G?8wxw>`E2+kl8akPG6ToKSg(I!OQKs#gl&B<dr4sW{KRT=d*~*M>#w
zUMOk6IHOq@D&Cs97fg%;X$DEq^2vaA;o7xj)nT_Km^U9Zbed!X@*NK<M==dWt}|%W
zJUajF*#e&^Cjep}*d<ZW_!b=UT=fCEM;KoxFISi2jJ}%}d)$#5&1x3|mxf4Drbu*|
zMRq_VEkY}NNtY=kvU<P<N!3<_Q5YXeUkg1pzL-z$azArlo+}{LqzbIjkbg(I|EZwz
zD*koWSJ{volTXK|S7TMEn>EtdZ()EuyVQ?GWpl5!gWQ)53k+uvECrM^K%jrw>UqI8
z{TeHT#~{5lI?&!AHQ=P*^*cxQKkj$Lu)%p0twtrW%OKC7FQNn<|0?`w7;dWq%*U>H
z8+zj_O^enE5%g+C>~HxG>^abO8%|0lm?`c*iblmbCWjyI%~hzpO}Qa1XG<=gCmnpU
z;xbArS?(cQEq$`kk^JfxN3o`M>TDtZuVU&6*<IQSOHRdc_30uZF7>TEp_NMEXO`n{
z?gHdnN#%`pAu}i36RKDy$qV)261ZQqZ>uN13QL^7*;fuJ=Qv{i8yzwGZ8JnvTwuiO
z_PA<n*&&M5Uo>t=q%<9sV|Yh{P;`Lgi_U7V{+mo|8{oYp^;yQ429+*T?9{kyu-F@4
zoun>=8eTwVz~<C)07rpD|M5@eAw0*swU-I#NnbRo=-k4{PPPRytbgP3_`;yoA@iD=
z`)k1V8P)aq|G({i$naAEsu1|)FMlWM>=`GJK8?e8s2>xCni~*gX-qTw&Zd;O@NTT@
zo${>S<^Eyr?0p+$@rLq9w=^|PN@NCZo<6%$fS{RwhD6Mi0;Pmb#X0Aa_)iLktH-pz
z+%~VSnK}(pE<#JLko3NY^^v1pw{zG3YJW<$q3*_TC&ShLV-hhe0B-A=bOy%LEakye
z!BNOO*ZvRHG7PBf)6V<tcc}nzR%?`R)#9aH?_>glFPy;)m_?!3FKodXuU=?mLSj;z
z4qq-!BGE&Yu4&E#Q7-Qx4uD1`oR6A;*#Yz*1={;euq6)j^_k3WAx|!(LxkT|j+!Pe
zDO4m;aDpB@9zX}e>M`k-14q$6UxRlGq4H!O<A#QINL(a2zW)i03v}T&lldf_+RxC}
z#iY`Udr_J59b8`7Fe2d4D~_Vy)X7`dH?Uom)2Zm5e7R!#t8C!z+tjBo0#&(A{PGj^
zq|N)kL$u!MaX~BwS%G44{K_jT3FEr&BN%cVpLiNu4RHS8$Ddhpsv9uIP#&lFZDvue
z-K#6lDKgY|l0!64Ds2iDh0;I!*Tl_e%TNEe9{j?aXD!m2<S23kk#F#^6Jzg=Vw<1P
zhyI4A_d6c6Ki|1Y{&=-p1;UGEDX6cE^4~xER@dEllH`7S*9aCppYvVL^}k;pnrG^q
zR6u6iy|_T9m69Hhj68rKKO-~yj1bE*tDwkmFqv8wIQ-D=(W9y|ebrMN+sYO|F5y{&
z_STfLSbl^l211BrlPGv+x@yE)&AXdMq;Ma2%Ys@l^NJLupjLMvH_Qo*OXAliyT9va
zV`j>mhiqrSPu|__VWIqS0TT$R0_}jzuHHVv{l}zFSu|^2GP{EGZG8qkM#tHoLcD0d
z4U1zVKP(GzIZevbX4I{utzhhsFYaD!aUo<fgh1|jk^ft+<S2su5!>_CtG@Y}QQY!B
zW8G8Z3WTv$08A{hUDl<d@pQDYMBh{pl7&xWbwxf?tHd(PujJRK^J;33zO(NU$3aI(
z_7G~erec)=$0)>y;4S?>i>O^)#{X0D#EHA`tD3&4O6BK~_~QR>N~Mp#{z`=##=Nmi
z80yWYx10kdRGv99CK~uaniXpNFkk%h8(b|KTOetlU_D=i)({uGjoxYtkWJbTTW;s8
zyJ0O+O&LRmqdk+c9;<@-BG2Fcw=!GrP$Bi!U8fOv`pg@6iVVa!T5=@Fy^srqc(AYX
zWoOd%6HS4mG+rVm-jlbDgkjlFP6S^OH&pCIXwJo#B9sYsaV5%pv=U!?_8h-qp&u%e
z??V#>qph4!)Hq;c=FzKK)M5gm9%(5f8-iP2S(ylP6Rp`UbCNQOyo%W5-!0V_e<%Wj
zCb!$>T@`~13bSl5XtxZTE9)f;YDPOyx+!O-(}xfn_H=Khz*$>0#S<H+A}1G94z+K)
z6UC2v7`=UY6?-O;fy*H|puyO`^0ATf<SAEwb&4VAzk1$MRIx6`?YXE{=Gny|j<xcv
zOC+1fXL=SbAGf>>HG*eT+$;&_2;ZyxmKF9w2F-~<+aHHmB6uxV`ZDPCD<uw-Rpul^
z<;}5xA4rNJ&kTd&(<OAS_u;Wzgrd{`sk&sHj0+{AIlmnx;RDw^1Og($cFh{Ixsd)o
zWValD@#XE4a0-T4;?qu|#8HsM4{SZvl7ZY%*`wDB?*oh8{y8f9WsSv?i0Nwg*%H>4
zIa5jm6k?Jg5ce_&&%1JL8=Q)>AO<CPthEQ7i~2Eq&L+HhU`!ZBSlcNBZFf+hEQ~NR
zZY$E#p*^DLX-|=Jd)N$w2})aXf{XYZG~9TfjR-mh70_B}V`F70ma=F;zzXQhBOeDS
zee0>2P^O4X#d*yH#SnPWzDV==`t7TrEMeB%dY{exz=?fofBb#U|6`yJHUUG>ExEuV
zT`Qn%%h6l`-S=lM8z<)aDH4Zfz%iF*#%mDXu1iSA(j=&=T7Ed_m1%U7#85e#lsJoz
z9(W<_C@JX&2^<TNATt~bo}gwV1R<n<$ssxt!sojIM>fHSgL_=~BN<+^keBXYR|b7}
z52B)Q+RRV{{|onTcXzrKQs4qi;D|JH@2ZM*F6Ywe;0!Yb&pgOY>W8r}V=5AGk%_=9
zk4?h)=iik2RPk&er~o^6@6)#3p3mP_+1P+#0nu+VAs$4K*|{2S4$wx}S@S&T=W3|-
z%94p9lga;7B_Ff8(-0!JoIY<SaJO0Yjd~|ps59iRZ>U$)%P>q_?T#N?-ahc`Nzox~
zwv`dZQwUk8U<=Z##6#uvDVIX5->+_fo`k?5<p&9-D$LuMvpYXNY+8)i?p|#V?bqFd
zx@KL%KYDV}MNu$;Ov2ANzsdBY{kgI-S)J?;<Wc@HU9+?LYw=^!o4IUKDNNvpeg<Z4
z*MPCwNrL#ShSEI`o?~C);tU^+TX2-S4w%>dGvh;|q0<0;I5xZ*5>%7++s+QldU+2V
zDUb>l%0BlE<ni_u%n7n`(*t|@yawGtc*AwdPU6v!O9sHZfcTvH#(9u>PyAuT;A3R^
zYH1mzP;Nv8_Y8g(l7a8tp&~HeLY)yldAEvsFhe<=YLu}sQPv_<!n-TsMDP^)k>sxb
zvztu+TJy+^qb=^)9>*JoG^Q4`abaraQ)i*4bkI+koAC?kU%4Al1J&5rA)dHbCY=G0
zm2?KR-2^q6K-Jv{AD|kgA52Okayaoy$f_Cy4$<iSkg00ML}-aB{#ABFP>ER&>=*U@
zz1exLK1^cd<8#FscWy#4E0Yj(<jJ64SPMLka{EZGzXTL|aWG~^{QW>+Vj$|6xG}t1
zILZHTF{1`1aG=TclU^lq)ymtbvojLeU^cHuVh7waojD7^%V>!CJ0!lZopbTI8yMYJ
z+#@?Xz-Yh#Zv3(y@-_|~r~!dUad7z|y8ibu<Q`jCyvCyot?kdt!BinyBSaKwz<@^y
z;iVW-^grc;jgF^n65lFzZm&}^PNDBfl<WUa(pAh@28!gRI=hQ?OQG^8+7@c{$VcyB
zJfq%uT+M_*m%dO@7Z+I%!`*^fJkh@slP@hLI4G`wcUxFWLq4_{x(4m@PEC=@d@p9q
zPErOsn8L_pm7&7?t1y^O#Uf)Q-j!@9oz^MRc6CTQNy}TPH(3JaSz!Yd`L91+4Azr`
z87pUVNM&c&<+|x}DU|mpmIhnvBqp=AvMYLKB~!ks)+?|cdUSTXNs>zy;+JaM!B*ai
zLR)?hh#4ECX{ZJyWnH&PU;6f(0V;Rvy!?hYkcyrDvK!w}OW5GpuM7$SwIcz@fG-0@
z)?auXkyJz~jcK=6RT6T%2AyLJx6}4AgoM(+)+{!se{Y2LtGEp=;s8qfp@#27<olXB
z^6$xdRt(T4HOR`bCMV@;9=uM+nKqvQ9Ja#M!AOEYm$=F7L$`$I`@BCljxp=Mz;)4n
zaV6as&$Jc6tk7iM3RKgb6sAJx!I&_$-;P&>%O9kfwmqi4Fg#V1wT5-fP3GzV(%T89
zzCJe5$II{8*R_o_ypEftXj_jKXo2oKA6P%xbI0%f-zfc5i+*>+K%+TY41H1~_R#w(
z#xgxTv1xzdC35FpT%NTpBa5<XenvXQC-Xj8M?_cA`~`k3>IU#A&#3r^aUG7aa^aYA
zZ?M=q_}pFITxMW>{qQ!<x-3kft>ir=f8&Qgg*D2spJ~`E8#f=-$G5SEJwnkGzt!y@
zbtowqS}4;qAJgtl&Cg95NB4d1qIGAQ#~tG>ro0`|yw3Q-Umd2S-CqZONQCix;Y(BO
z7WIlF^sxM!t(%6E#5+;0#hQ8O{FK)3CX`f2Rx2+cSW0<!u4<p5intTguWnl)PD}Ty
z<XDq;0<#<OoC@$}`K>Vz37hW^#S73HO73g9r_BX~LAiZ~lre_5l?-UARJ$L66gpi9
z{{Qv!Y~38=NQ)W-K+mbtMhDQjScX_Wy>0(9Wb(tr?H7yb4$A+0_%U@XxkxGp7?%Ae
zvyEtdiO58Bv5Q>fD4F~QFpMl+vQ5WASY2@=q_02zeoOT04ZyI~K)&<nyDB$#AqOK3
zVow=8iP1I@QYGw{BtY<00Y~Qu%*tp`E|AmbwrYnKU)t>c;LLk0pB5c~__cb=s}YOp
zRI6iNjp#|8@x#^SIzH_NM<&svH6FyPBDG?_kKFYI4L@>NLv2w9Wzv=T)SNL7`^O_Z
zm_kqN?i9Q$B{EOz_m*ZE-m;A*-R_86sAE-(e&4J5n`dunEo0XP6A#zd6O%hIP9P}k
z{yY(JL$1(0(|fO}g2M&YW?q*b$6RpH1|nIW-aJ&bxM=d!yHT;<t#h%J;>CgNwbS)_
zwe1uz?q8R_I;j3*WsP!dTb(+bCA>+6(Pcdzp&e8tFwMf;XEHh-fr^QY2Yh>l&t2~<
z3jPzGEi7w>k6G|qcw!S2700(!qLOX({BlNX3zi~6ji>#hA|#r2+LsSOrv*u5L!Olv
z^+^ID4)Z()08pKlKQb){glGb`Oom8=LMjM=-&z#G#?4REnU4a%Aa|MF_$e{|8)p#W
zV)U>ew#9f!BBTcdd|19t_xs<+K%gK#(7WDVu3JIcjHu@wfl8X?n%chU_cpzFE6ho)
zWy7{ws~E?KOj(?0V;KX2Q6y)E=NJ9clV7fkk~Hs?yEb+(ghbZ}58lM0TfmMXe>mQw
z%Dp+!rI154(x``h1Ye&XZj_MTio!3K(Zu&9GEGzMI;tz0(LU0!LM_BhKKb7F#z>B?
zRO}Znk2Dj?b)R@E=N)>lV=9cuALsmaw3x5Y$MX8Tum?0_pQlf_qPtli-HZ?1U967r
ztVFVPc~7@fhBs2XQ`j8>!B&V&SexxuuF}L)Kf{5K$U+Sy40Lb4_y}luGCK$0PZ}L}
zq2*P@czTho8T?Mn2gni$_f&5x?MMQy^>yUBtuowuvTQSk7#Qh04OF**ED!j(I&ZCC
zxo~=eNtI3@4lO-}A4!D4*J~)FM8e2zO`;1u(|INfzIl@1M)6hb(7K*%vRvrF+7|)=
zM?@jaHMIBCz`+U~ayDXmb!2{92Y+-|Zd~!iBovi7$h9L`CsG*LGB;;EQ4&Kp*A;y2
zBnHhygjitCkCqyUf}#%D%!{{Ehka?bvx-7x3kgvD*)Rce(Zl>K)cu%@q&=pCz?t?N
z1}Aa^ultD9+JCq2oQ<PyDx>1cwDnX`#`_dS1!^f~`2DwMT)>@akX%SD3;e#_^kE8G
zC55TPUi>9e8hcljQH{+cspK!UgrAjZ4#ovRUz&6Jl`9bdTOG!{pTVTFI{k`cU+1-G
z--)&0tWwe(i_3fp90E7+2J$>X;PXxRSYCODZ};ju9JX==BspUxozK*Xr$sUzSB;Fu
zzFTG#BaZ%Y7on5l*!pGpYFQ3^wm>*vv^s+42Z))V?^|jluKnpg@Li0s41gf>*wgCE
zlt5>Nt4paml73N&r+woj_CdM!sts**8%~5)kaom6A$P{PmjaK&Q&tp*@7JPoeNwa~
zx&Z`nAkJ1fUggAJrT+|(q=|oU1>s831+r;zW{M$*$2DM70N)^mGpwQA&bfR}<@rKa
zt?_se-ypyZTIunLV5F~vyS^lOV1PgY7a2|>9d<S&=ZX~HO^VQ?%jyATgbN<b)d+H+
zCsf_#HyeF(fzrm~?#VbS7wri7dJ|#%dL^@~#!9FG#2@+@ZjIvGMlXG|=MNn9*`7hN
zq^l^ae{2USA9@f%DO-?`kMGEvGbK!iMKYXRkDrFDfbXM*!vJA>u|@^uSbzRY!;-~7
zuQ*%caSpYALC{Ih(~UMzsWJRo3W&!dyx@qJP|x*uoKW7_bGw)I4Sj=zCa}kv=jT6S
zl*bIx0h-5kI--g{gCR}Ah!O#DbXKmEkY4eDp+}xG#Dl$5`NwUH9!_mrH*gG|4`L1U
zVEj&TME-0c(Nbgb0^wSY<hhQ_;*c6xP(0ox26RaN<&pj2v)(txcUO%KO5IkJjlY?%
z<<DXWvt4Vu`>H$N-qJ+LA6-DW2I>3g`_f|MELq_pVBJf9S&b|q5yed%-<^yVOvyb6
zCzXW)+&;CMTR^j@3&^u&x0C(~YQbx4nwZ|qewdpz9flqOgRa)GGsMURgYltP3#=&M
zxD$#zc`hE=+FsutE&`~Mg92JulF$K)$UQf&fdGL}0t5;8DQZT<%@Q>bz^N9jxKc{@
znGS$qu#}+Eq!e9NV}w&r5E!Dx5w`e3IlKHRj;ND3FvO9H5oN_Dx~wr<;n#gn0IK|Q
zFNH$-i8ehsfxSXx;adcG?Y$i-b;sC_V<U@HdxhQ!eE>nD6Xm+Btw6RcvE%;HZ;n=(
zK(N*CGqL8v!Nx|Tkh|+2;uXlWEZ=M1b!=ef*K|^ey!#c?P6zu4P!LAF`Shc$nzv5b
zqMgc|#LR>QH7==OJv{Ww_k~aOGY4*Wzp?=gj*D%n_P$yt#@L8)HTY}a*_87l{r$Z=
zMa9Mg-%;nJyrb?$x7FPb^{JgDIt?(k?%8-la~3*vq8VDj@ltZi8+x{3-P3Jk9L3A)
zU5qi_JsAk|c@vG?A6??ooP|KsDoT-SNZ8D#ycJW8{V{$nd7yPdSlMEdD)^XvAJM<o
ze&`#{4>dp-W6o>ReZWW#p{45L<O#+XL_A6AC^6xnCEkY6+m7NX?xNZ?YkXczSo0y^
z5vb}6X6bAikGzICo}QnuI{m2_9@G9(j1YF~wwpNzkhb0V{n0tly<Smx<riS*sM3S=
zR)#C?4#$iQI2+LgYDJi|ED$}ze=fN#;6ZxUlrNo`-G1mruvjm?I>fIneG0{RLo$E#
z-ZNRyG??UO3%}9Q3eiXCrOlwd7-f(OOvP^A<Y7;!`$?EXX>}EGXC18diaWEtAGwK8
z>!4Q%>-}fq#(GGGI};bDoizA7T<*g<$Zm@s1V$#21M7jKA)Dr4WH7Q$C}b5CbUC0x
zH46YBasi&sImxivhk5jYj7&fVDPpKY96C3Y7FaHC`4tRNK!&QxfG8NG-h<>rSP7PC
zf#w8~AkFw;R49HTIzfH}m|s354g5J{I3AtgAsEadvi~<jm|(ya*S8n^s*fQpFgo@N
z8yJP=o;Csxv$z=a`b}t)?g6|C_#+&v@~5Ra-)s4X<LY7SR}Pu#9`>DYb{3)iNHj4p
zk{CFqXC|`?3nB(8IaNS(;rk>e8wiF6KX9{<={J|@chlAdJ_NWdfPSufn?!LQlIWdk
zn<y_OAC#`1VwP;ZD{5Go2-sRva03}Pt>7F6!n<^41Tk*DL|&l2fCL~1Hh+vN8a@uN
z@f_wklK+(+?8)ewc=a&{`|{!(-u<NyR33@cpWC<)sqj-`%u>UO)#w1$r)xr8Vj%qp
zfy;;~x@bn2bAj}OxTD9xlPIDEj~<;+hc2-8*%(wOu^)L6C}{Nl5JDZN3TEw@pCbI3
zooG25q+ZFcWa>oT1;zdS1pma}E%C5BX$0+T0+~N_f*EAt;6eluGIC*KB2kx{2rMsR
z&dU@fHXgodG8s(zC0m&XYF$%<azTGxMg3VD{_{}(Fsi$+1e#qBBxWgJv9%?zJHMM*
zDxQdsWDLD|Fbh=j-=|b*UeCT$f%-Ip%!NdNWVq$|6wdYxx+MPN`fK~0UCd>U7R|r1
z5-qQH*3TFS`6j1O+658IT}44qk|B;hK^5#&Uk_mWho@*{qy7Q{wSbGl%qd%S)Rc6B
zKS=})hZdCzq_4yZ@ReudinBbPRXQcJWGjfQfmgQ0GOL&oBvEzwX;?Sgpkyz}C1vQ6
z{e0{%Y2iJ;i&W3CgIBnPS-9iM*+UnGlc&yw+IJBQ1=DaRyIF(kJbE!iFUW+EnBUKf
zDZIlEYmLhiMt;X?PDu>flbBv?CJZh(OyI|INg_pFA^;}FWMc_~dfDk;t0-2h5lpwE
z?zbXGz5g1<i2o-ou7K6GXrUu~6MW_HdQYnPTg<%+S5{<N0iV^9LvQ;0J+YfGmw+c?
zICNR5HscM3uRnS{+*q7ITS4^9^@G7s6T<FErzhjt_=4K6JD)g2&*ml72&oWDPi~w_
zd+JHMnL&Hrz#P%3l{khQ%$}vIy%MEQX#3X76gojNB?=vZ?(y1>@5CFElyEVNzM0GL
z_VT&Pim#4Y!T3E;B_`l+^F-vCUV6WFY)2lEo;|SGoa7x<Dkb83EvrR^sz;@2&t{4O
zMwIN;I644&0~Q*lU*;(obuZX<JxrbKDB{!BE_9;T8Sd5k<5ZjB%pj53jpdXn+6A#*
zRCu{6Xku_vM4X1nH=sjW^Xc?oyDxGM`$7ipaa;|t4<I%(5qw6*623Wgq~9>6!if#X
zkkbo%4C!vd8Pa<yFP<m{H)smprgEEFlk;N9)BWl-xpJBg5wtKJUgPoJnbXN9#Ue&>
zN{8^%;TK75=E!RRGT?t!+4VGaU|m$?ULkX@9nV_kz~j^gv+py2JOvrI4Yd=y{|3#{
zPij(fQ+n|Cw+>CXx`q21ezMW%DWoUJ!7mxh`2Hwl<%+xv+S~^o+WsK5g2csHl3xBX
zMiQ$<w5eVQ?&tN5^Jm!V(l;u1iaRwqb9rNK=};)mO_ISHuggOGW%RZ?{LLST#zhcs
z_1DBq;hC|$j4N7ym))mIxSq&?S;b!!kqNiV$wc!_HFIP5AHdGqsx}eCel}m|Rn>|e
zx?z<{A%@#1L{)vfGW4<Rxn8jiBI}kNUgW*51@)r8P7A{`e#p+S2HYLk#$ZVh3wpjD
zlzIp}pOuYN&||kImN?|r+S>aBcMpyHgTpwKa7@pKI0Y_550GKf11c}6b#ZkJp8^EL
zggGm|pY4v!v+cwCw%lrK%fz5U)n9^#mkLuId*Ku$B%sEiaH$brUURA7IZ5dfe+|LY
zLj|kZ^IojBK{A$=Zez5-c7sa^4>+%NS_E>Uy^Ha3uC2^PfBzdCfn#L3?b6rOw*76&
z6=6J9VEi8DQsO3o_*C=Z#oIJzAW^LEbBrMH(;&ThaUuuO>Vd`}%7=2+G95YqvrtOB
zoL?p{in$6F)MdQR25mOar6!Mk@yKO1RVGdy2&k(57utNs?-*I)+D!8U#!q@y=h`>~
zs1CV}{DzC*vt5P^W71ja_ArhR0jHYzt=jYHX+OqvuKQw-Kimh)FUs;5f&>o}5T=qU
ziQWfdx-JP`1f9#vI0YrBGb;B}nIu~J{LIruY91t05Z2L8<Ud2`u$JN`v0DfrZ$m2@
zYuv7MZly}g{MB1*EGHXl%Qoc)r<n}{D0Qef3dJ{}L2dt`Y1%|qkGf(YnjO#rq8S3G
z`(W+3IJZz9HGK@)AIIcO4{=61QJo;$t|5yc?2TCYgf3r`Ze~R~UKjDum;ov$yTVpc
z4mW4l91{G{7*m<@<^$ORTARKT+F(glkU%4D<xsizk6O4|&;ZF0{I;)0Sw8F(I=l9w
ztp|cIsMQ!1wJOaBO%;88IUidGZHm5mq;VV?&m-9(v>nY=L1PGiBfh!$YVtGp*eAV=
z)rQ%Ulvj(mzs<195;Nr~$`ooUN)^#MjYz|#L=hq3ZGjNH3fD^`L_RT*!l5$Uu?Wa-
z2ly8~kK_zP;Jl{&oV(h7Zjgkkr}nz{<2tM4=ifW|c5E$mO26=-h6Fa=vy7FRV_uld
zjOMsrde`(!-}6p(R>(~5uO3j6$E-?_j#?!Y!z5?Je$*$4(VBvlT6y_@GeYXl-YK@a
z+p!Y4=ePYWw3-?U<b@^)X`?0l!{P{{{fEUd#5eZeQmp`fjqph<W1}t25%LXdHR<CO
zX@S;uZjg+Ct`q-@@cCB={~P4>uv-Cuta+B8NS+#yd=uBIV51aVqQv@yzCk)cX!<?(
zoE+&!2xtKKts1JeY>LZP<nm#Y=DLOQXU8UhBi?NK+Ak!U&fwDkj@*D`X>ZycKr8rM
zF6x`;k3`%7!`BlYFGIfkvLVwfgg&td*lr?R0*w%cw+1>nY#ba4rtsxO7SvY)@C9Ux
z!y3`^egoz^hZio0H(S&i<NM46LpG4@d^;4fPyrvnA39Ue0~0eipeeYU4S-UK$GJ%Y
zK)nyzYN0ht*URZhuyj*^dIrKrgf%L2&=1;a9S?wmKmh^5J?^SbKHu4!p6ak3rE<6~
zwf)tEal;mRB_64esDFFHV-q52-BcyI(Z>?s5BH)kIAjTg$YsFwaLkXGb&xPJ)gu;d
z9Z2&o!ITGy>x9JR&0y-NIPr$7p3p@Y#q9~1;Sa{4<EFqG-4wZev~9yq!9du#id<5^
zz!qrLISNf|4~pfH;Sv5O-fXx|)NrQzN`4v}foPV$WSczv!?-p(A)Hq66|e*I0bC%}
z2M8b_qs!fKcpo0YVw+Yr-$&mb)6&6nurWO-dbNP|>mM~!;*6K^`I^SFEV|L%mWK07
z8*T6RE&CpsE5rw{n;pLJ&AMc)$Dg$t#^Kt13@ISV$kkW1H*!MzqH*=&C%^_udAHJR
zF&Ad`8t{XF6FH*Z<7gp&dTqLFn$Y7|MpWTz?GQs;NC@xrQ&aMewSqZC1&9Ua6%zPY
z_iVXWhT&suq79CKtM^YF5F&`D|7urDx_d3#xSbJ13zFXLMheOFf^m62KaoMuA;YxZ
z{?*RwN;%!fuYd?ZNePHNIRyO+J^WU5OrQc1P|_KU3?m21fF;0Ai2rGUktOLswzQyw
zXh<N0_BEIR2aMba1mXjcLm@>$kURnSsKI&o@x1uJYgzbX_(Y(DunT(g`%kD}LFT*#
z{QlsS?IbWV)$KMr-@g{7D?3m!T-DVs`dc(je5D{Uyp=5|@~;JCn`EK~wH#T{PwLa#
z?Z_1+4Q4<#%N5CeqQCJ0FSv=g-ARBbS$qQ9M3}BuE~AyauNZ;7GQXwBwdtIwRURsw
z*m#&hEvD=IML8_}6GJQ}Bk_8Kz^uf|Xv#_=(Ejfvou52t24Ux_Z!`Nw5Y>L!(N`+c
zeKH2|yg@!FOk?ezobsdpj&h)FgE@1>+c5n3m1J{pSW(a7uDd>li_w4)6UN^KX0|Hc
zmJ(~uMD$pZrS#t_UzIQ^`WA45<aXsAJYT2C1`^h@H#KR>4^BgTkvi22j}6s~7yrFT
NRgh5uS4o)$|1W`nisJwP

literal 0
HcmV?d00001

diff --git a/docs/images/protect-an-instance/mode.png b/docs/images/protect-an-instance/mode.png
new file mode 100644
index 0000000000000000000000000000000000000000..242b35a5b00c4f293e7cddb480d9660f131ffd88
GIT binary patch
literal 27968
zcmb5VWmH>T7cLsSXwgutKyV3Gq_}%=4^kXb+?^r?0x3lsikIL{A-G!$#k~}YyE_z0
zxxDZ9oipya<D7fPT|bhYWURgCGoNR!Ip^LhvD%u-gm~0=004kcRYgG;0KkL*0O*h>
z7?0nu^G#&}0BBO$uk;lk9v&nmB_99)et!Ok-#7R7_v`EHGBPrglaqIMckkc74-XG_
zaB%SS^i)<>?&;|X2nZM$7%(w0iHnQd-``hLQ)_K)t*)-t*4EzH*^!fzb8~b1`SYiO
zg2L6+6%vWe&d#2jn=2_Pv9YnSu&_8eIWaXgJvut__4U2DxQL31($LW8?(R-YOG`*d
zSXx?ga&qeE=$M|KPEJnN)zw{GT)ertaddPnD=S-BSs5Q6x3skE@9#f5J1Z<K9335P
zY;1(VU>O-1p`oF*wY90Ksrvf*mzS5WuC75rLBqqtF)=Zlo14we%_tNqA|fIzEUcoU
zLR?(@`}gm{!os<^xgH)KhK7c3-n@Ab;X6J)K0G`e8X9`o-h9Z<d1!5X2oHKN)qh~2
ze>gsRP?UNgCw}-b`!Lx5kdgWTwTXKB$^ZaxYFAZ|)%X8-&>jBhT|n69`%=nM^nVWj
zkHh{c5#~QXhW&X>BWv)#j3~O+eN`qHI$!WGO_z{Nk~M|2HfA}Zti;C%U-y*j=MTfV
zdY8S22l{LudnV((D1H~d?dJ6Gn&Fv%6uQDxT{Vuv)Z5&v57&wug*kIVukI%EGe+#E
z&Z?W%Q+4GX!A~-BepTVfemioFWcWex8yi*l?Ij<VR-Mz|bL}Ia;ccvd_u`ryLhoF|
zz_9_0!HMFTU6e^ie7XT^71ggTG}Wr-WSTf}-Kg0eA*q3RWiravxqNC3_+7~+%G>H%
z*_RTu_esDi<}a~Dilvm?AHykP>8yi48so=VOS(ap)R3i6ojpa<@V34;E1oNgHQ<mo
z@7?Z-AWFMkzt;M?TSrJ>4$o8?qHuoiZ2jBsp#05L_QL3XW@2R|X?XcCJD=<9Iv=W$
zY4`kzfD?tt{-6jGTj;_cTlx3;#o;7oa2-N<2E5)CD@cnq-Bkfgy?@+9(`o-R|3ytk
z^dc=zWGXcgWmmY#LL!&kVr&2`*eE-s?nuj{ct+Fy-Y8PM{`!Y<0i2>=<7W@_vXCW>
zaeX1<6>)Yeirda3&MqnZn~QBtXy89*A>8>{zA)%wEVw|6>6wd|ruy1Pp4DP<{pMLe
z=#M+p1fcot!x^!m;#J1Tle3Ynz}FDG1^2{7q?xZdWHfAtn-cvpl|ZaY5N-831%inc
z!lC;{rLE4dL6QA!G*w-8WM&S^3{6iQv@7O1yB!{=YAf1RR7m(f7WO(u^w`Z093^O*
zf}fMX1J0BgqCB+^<D&95qZ5GEb)W$iOP3E8&9%s6pGB|EEzTo^B8=hpH4tJ`cz;CP
zM>k@05P4E9I@;fdV|Ov4ye>J3m4dD2WLAxoU)LpmzJ5g?!%s+(=L{oV;Peyml^Cxs
z3hl^RD7@4*Pt56~J(sc|WS>syr<uIYx~9aZtWy$q=@5JljNor4B^zTx=;{c8D)d(|
zc)B7aR8NFf1}tQT*sLdJ8EGE<iNiaxfDfgLq~EGPf$qu;wSiDannPMY1nLY*EQ(md
zZO)0pN>e>L!;fd{j+SEwWJ-FQ+GCjLQwSF#qs<FhG%bhP<Ug<3D9p6^<RYjw=P{Iy
zHP!D(n3Cp&2TfGe32&S&C_brDT~|JAaDRdkyaWIE0{Zo%0y6~>Dfb#8AhY`Oc>@uj
z+mc>xB-ZW7QZ{fQ5=s*h9fjfs#2C?d&*^@RpL82guw|f?Z6G_6YfwFt+5T!UgmaF!
z8qJP>JhE^C4Zs-&w*8i~`kjM%)%At0>&)(vPw=^6czUWwkW9C@ceNiY2qW)TlwlJQ
z^mn7izB)X+%Y8szWr%}(VN1a+gb3+QMz)v&97?ind9TO_{yXk|6)FBT9>aw!N!CkE
z>uVN%*X!g(V@3$yb}(~+9h~^XH>=YCAOf^sx_QpU2(E)d127bCEYqN0=mxe%(y1d`
z3g6>rMrOav9dojQ4}30JBkz^wT4`%SAOb8~Z4tT51%-x~89~c&-lx!cHi`Fidp#YZ
zY>92^szYiKdM#>0VkbhvaO$qI!uZTcBf1xGWh+f62^Bd-*7g?R`gBzxi&+1BRqr!x
zeg{VQ+y$4y>KV%%wHtsfNi<*PtiXp0e1-9{z8s~X6?U*=Pc_hw5a!W~cFw<T!ac}@
z5x`0axL<>BW)C5dirGH#bk>6YXoNd;_M>PfSY=<hNs{4?P9CDn0CyqKFTvTCJT?e1
zSEM?hD@cG(i4mG<gx=s<&<~6bx2*;mMz&8LS&ul27WA*hlVqLUINdq96ccE<7PGub
zj=!6-K0M{mGRiF;R;9b%Ws!Vcf5v_G_P0fPEV!SBp^y3d0Z)!e=S}^6W=UN`X6!Lt
zqrj=Nl5`O8cc%g4ywG+Vt|%Evz!N?59pSQ0HZql*4A?;A%_kQ2*Pmbm7^2J0=&DCX
zg9-}IwOh{=#|#u7Gu{7YY&;EeXZUyZ-+1`><S}{up9fx$-$JSad9=r$rDpp)mVOMK
zB3Zl$G(0PoH&`rB)2Y)JAn}*?(#m)4#N6yrE<G)w)tI6VexrO3Np`<jK%f>?wS`#C
zax+&S(ghYq5MJ-^QtH|u9tDM|+N1gzE1|}8SHa25=DoZ(%XRNyj+~`sy3N&|t4^Aw
zZ`5G0qLU*9gX@jt_A;>mHU$MTF4}Sm^-#;olJy8;5{&`pQUr_i7ej*~au9ORx$GW;
zYSr?!3m(aY0-no9MABrLWF39%(eQ}DJDB|(^84U3(R%jI#@4#JspRmYJAZ?}HI!X#
z#1q3}j^(NElXMR;epiYE4w5fSh5)I5U{J=}YUb(m_dZ3WM(X&Qg>Lw-@JWPbl&SXf
z-&pX2_a}{PATX7q5*8{a)nColki?^>-GwN@T8`%7mW%gPs-^-3r%gO*AtANq$&69o
ze2StRx9B+4zt&E#8cfylhR<q45OE%WbY7FwgP#p9lBM%97y9UMRUCIIzmdP|cYw1-
z+mVI^*?<fh_ru`SRiiflQ55mW%R<(_hYa9z9ff^a{G%SxX=s28gQZ(+IW9wTcr|C0
z9O2KjXn#Xu|7Ifc{<?&)6yn!J;aHCsZ-`0;UXuHRb1+Y=q*c_rv5`-$1DZyCAi^~|
zt@vH@WF&sX$(y~74{kYW?o{HgMQdW<a==pGPmiwAxc!go@goZ``%ge*I`BIVhyrb^
zPY*L^A60>#4uf$6c6L!Ol|ftlVK0(mCRVB`Up$pK7q$oNe6n^G1;n)o@spHphre&k
z^Z=CO=)T7M&uOg8Se(Mrk|H7<kW;#x<j?oURM_`Xg8e?07;GT>JZ--I8MH)FRg9gu
z;?gOBrxkbADrm;U0XPhfzx4hEbhcTSd@Uma>xt7G>Y~=3?pA@b;ZEDGJn8b){si+U
z@`gBn=Iprpt7QtPT@!VH!0b)gi-$Q%X<(Tkx0S4?lV?74cUS#&FR`Jea0i?l5YLO&
zg&cKP29+Tx%gh$$zc6&OA*ma^h6@6o=T3|nE_qoy)e0ZNHJUfs@^TU8IN`F8id7W%
z=IRs_iZMj0a?5nZSFzOz8r9o^xkf`DBz1~e@Pm`dRyGwOEdXS{THOm)aH$<&@W(t<
zR7IUgMq6~~R9OOD+w|g)ho^<i2vE$^@p4K|Z~@PyUUEc{!W+Vj%Vxb^6_A7=&=&0f
zNS}?E`uim<O%{@au>%Y3p|KK^F^YD+R8|T9_6YA6DlK9XI*4{19(OU7jD4bG#^T@&
z*$Njr)sI9;cmo#7&6wjX6$t&UusKu<sX-(FyHnI7873l!Slm7kY9cdrN+<{5<<*wX
zvyZ^HS?le8KCTwBz{s+AKQ;<`zYhfD#O)&pFBFCe!m?QG6SnJ#M>;roTPvqPF(>c|
zEjTmUaOF}!H2-6TLCl*wB0dgHvcb&YjUXY#NUW#=q6J?G_-z1cwvjdYuka^^Gq>y+
zBT>N^<1}jOJ<-)I!eZcAiQu8^P)J3Y2y-3#J?fK-BMrx?Ac_Bo8w}<e#^LHAtO9Qi
zFA+)w4sOv|HbXzC!avQt48uvd<nYRg+3m|=NuGNFn~A%-Gzno3&$_<(i{2T`+CuVo
zJl>@8Ao=%xk=;|<ckJ39!>B|9LwPW^Cdrl(GIq9Z?iy37c`@8Z{`OP&=aM4dDnP|2
zpdW`SHLY8j-^yck1s+^56ETdnmXqkbq(0wqnu~(5Gq?ND$P_iOD=1j0{aVw3fd0S6
z?Kg_&xtU1Gxc;R<ALB2^hQUd{JWq3S7`cy~+PgK|6Aq&VR#mp_6{CWpB-$&>r?_6W
z$Ifxiblf}sNm-pb&c*e0W^B0K|CsBqczLp)-mme;XYA>Ev{l~_^i+{x9bpz@_w2ea
zrG0<&Tz`x>d9s$Ik*BE5WjN-=>J$5UcOhnlKvSb)BlkeEYJ+}0!>`g*Qulw;Ex&Po
zy>&ATU89)kt+vA!Ic+p)Bm_@o3V?It<BMb4-KVTs<Arc}!GS$G7BpWMMw3_=jdxuM
z8+-@@v5J3P2|{<NzV>`#yIeF{PB@uFUayuxC%B}ICu)|McU>FFw}RGl?c0Ukixkfn
z_RU9Id5=IRb#F#ToBayov8{r0q~%oLB#G?AGOoz5I5YB-h-*W?!~Ur$7p=zS2QTLo
zg0=#AJnvsqHX>uvL9fn6hwp~lqzPNFu<<mt3UA-6s!sHv6<%3EF9g-BH8wK1d{3aB
z4{b)-W?hOO+7;-uVt^)}6yOH};<xYQYl#YSJcUD@T+lrtX$y(MGT%lbq{9aE@}pQL
z&Mw5d)C1*E++g36G$f00=W{T3IO1V(qF8z8K`xz}6FWdmEg$*^AC-k}I`#}qaqysv
zs)=NT<Pd-l9ASvpND}u~Hj?NQP(E+!!QdB$QcTL_S407OKbfvOA$L43mpIWP)QwlT
z?v@MXdL$osZR`(2=56LWBtJJ^8zyv=^1)2(FF7}zGDAijdO|PUtrs|ul0h$?fNKjn
zs|_>SvlEmR$P>Tf4{T;xuvY$6E^d=w5T2+zZ1O6X+9^ICOmluU*f0ia{CE)ESajd<
zd)GX=q{E1x>rNhd?00Lq5K!Q9m+Xbhb>I9kHIlQ~cz;pVynpyFAxVh2YVkTvU&iQ&
zh2phVMfOM~{f{qB4+d;nbH3>%o1czKewAc=l%{)ngNy^m>9*TpNez*nzo_fzv5|I}
z4`MNh%pVRtH1&eufxFEOKh*YV$7z;qI$zCh#ihS*6(T?6JehAuP@IiL1BH`qE?hYs
zKX(|8u6ZkV<Yh#!kud;MYAo(@N7EAW6BJ3zZ4(u2J0~#u2=)^^TG{m=?OwsLY(45f
zu?BQ`ACz|)h{>zbb=?bK=noEknuQsj2ml@(v@U2Atn%m_!hucHY8ix0EQW1}5uZ2G
z&ylR_ge)w)_3Mj%TB(BearxWO;+T~h3m&V&fe~FI%}sJAGMNp`53`O>t6KWbHhtUn
zHrk11A`b@uZmdpZ3OdJxJ;sq-_i9WXCDw4HzMDz-SZ&{*f!pc1TWk+Po_g-%HLQG=
zrXeY16Hj(KHveXaEBRM5?oYK`l6<VgRAer&bF4Y|X?j9mFK&Y|YA}{0+4GnTN3)MI
zcj#li4m4gBW;uymbS_RfDk{r>s5LY|&Vaf7UQK>@({`xF@mq;sER(*LOQA1$iagFB
zn={;Fn=}9p%5}$aUB^-f9nrUR&8qow%#%-0`gO+(y-&rD<|~x*g%*|bSwOwf%?+7c
zZ=*YgVw&GnnP)X*39<b?3Mekg_q6_~zTGJEzGE56NPWooJbtUqtVb;=vye9HJI5?*
znDJ%NOcj8z&(CyUh(VV7^--F?U8Nbp7;kts{SPZ9&8jN1<a6APhz=@_U>87nAEkk_
zPU;?*>%;_+MQ@V(CE{Sy6<UW*Kn}q(*qAd^&zw0xdvo4WL2LKhltr9zLU%V_tXUb~
zKF;wO7`=RA2QeVVFT?z~T8uN_>@GXjLiSM~%aqq9Tv*;1<D`T6)+f#WBI~qI>q=-n
z>g+>jkp}0-LbpX|uX=sxov1rm_FtQ8XZmZY%`KTa(&nBZIymAlH^*y<et}mOhy4_&
zV}S?f^WWc0<<?iA9g*-8B}!gwm79RpgqW5*m)gDY?^TXcmy1QyP`X?8Umk<QEE6E*
zBCgDh+vYu6^okrq%1L(dL^xF_;;>0(mS&CGbp}^6&?~QUV?9`>|FNxIs*T9C8~mMg
zd3Y}34URU73n2V_*nwgVXC65e5dThENt#XU2qoIhd@LX?P2dA%1jM)?R!uy!!T3*v
zR-L>@b%sR#G+_v?jTeFq9_l&k-5Y-|vl2Y$!;<$qc7=`|J)a4;saG@}RXi(dhC4Z2
zWuesbHh~%xngt||gF%#j;lq!vHhC`mvtj&ltNhh_U}(r9`q5z2vvCsf%Y=kSTnNY2
zEKe8o9}H3fF@K)dlfFYtHw_kAisJ=T2gP))z5`*2;Hx7QU19Q^Sdx$N&9uk0AqpV8
zyPqt;c3RAqr&FES6m=x|7YS8TIVUw97*sAG!^{q%Sv|ad4Vyn%;9Zk)@Cow;Ksa~G
zyCG@YH)DhMm!giP80A%W9@M#+>$vkEL7nf13;b31ChANrvhNY{>NGpEu`G}Br9F9n
z=Jg(-w}KIHi!a2h>G~eXikJQ@UR@KGefv!r!r`Tka@TAY=4Vw4kO*>uVSQ#9IRWrQ
z9Da_TO9OH0k(cKA(Y^zkkY5{e+?XIf(d#U8nC@3I=2x*Mk(*l(gBLmHabpqE12d9G
z<PZfzyD$~)Qy=Bw=&?|eYtenQCOjE+GN<naNfO^a4&ECwKt3QN+w1p#G{JelDs;6{
zR`J~1mW#bMUj<iwUZ;&;OLpW4#;!f}bhUp}SCw?{d9UNVcIWE@&~bfGrdcWY)1Sc=
z;lz_eeWarCe{DDX#nB5g;zggZK4+m5k#@g-daQg#jjcxx-Iu9sHBEC&Qsl5nMbEX1
z{Y`Qy8j|Q}VqkRqXnam2aDsCJHyknj>>bXd+qq~MNJ|cJ@)hTK*QFdN!fu>Vjxy=S
z8V7@3S&9Lp%k|IF#Ee^~jwtyHK^%voTKb8|aIfZ=(PYOwxjFQ(p96_dW{AbGf;vf2
zTtZJUYT#c74|;6nD^{2jfw}O&((dN_&AC1D%Q;0VYXCs)u{t`qn?@He6v48kJZ+?q
z!weBN@T*FEv@HQBnkua{)Sv(#`0ingUVm?iV!yLnbf{#O8d1Ve-}x{y`GsT5!_!mx
z1r1o4f9G@rK68G4++vLVvpmPwD5m2$*Wjm8Kkj((6K)qOlzU}yBLzTQ88m`)<iNNb
zJlXphjJomVoB&mrp@TgS$MO|_=8f*OznJ#$i7;2hz6K^fFpQHnF&3^km{^A@gkV^z
zBRAvsG%-~9UwMs#AeSkQNhYEnURhd6KLdyUYuUoCR<&-wwUcL@)6LMe$uYLK%Pmvo
z{^0%8yrU|Ba%1PXloE6_#yFCk^es)K$@9-#<I-A2C=6&q%0-E@1QUcK?aV{8$(0ix
zJ$5iHE!Fd#WgIm7R{|1YUd(ugRc19812l>v#8(YRbP;l3N&g#8P8i#yVDL;fUb6M4
zt<Q?6J+=u@ohNPj=eS5wN1ZFL#bpH+e;V6|ik=Pf>bwBK0AARuc0X#9Yg#wWqvH{!
z$MQT<XYBzyX^kZ1XZMk~NC4#__R^?4ypy>wB1%ZJP6DDUldd|~+ln;~@>5e4)aS9<
zTyrFGqLfp&Vg1K6saew+f^cBt&`l<9*$>(O$!B9_{=gx38q+#8N<wL4j~mYXbgIWO
zsS@%W{M7TE0d2Y^y?ypuR^ESue9Yr5WjiMJdiU&?V$D<jACa)APs*z_Ine8`zi<A2
zk)i?9|2FDY_A7(u9DRN3<R9uun#Un&-3f)dYCQx;P1B-a$yHCUBv=J?fKZ?!{yd-Q
z`s-s>pbY#6$6NVLv;X*VR2hF8;fU*-E$se!Bkl&1jp!))50~}O3Y^pTB-*%ptajru
z3Hv4<@?{O*7DS70nEpxgREe|7cnp;?yNMp@&qEco%B<|WFsDD)l8XE^Q&;e&u{#k3
zg$3wmer5qkTG&V3;!nciuA1Ttm1nL&j;w-ZZd)2|tXIG8Uh_;=+vgWz3PNmCZ?~=;
zRWG$oCG+QKfX>#Za&&X9HfLgGf;eDg0f<kGsZ1p7y-FP)M7KK8*$vt(X_@c{Ws$=i
zBhn@EvD%_kh8v61gR@MLEI)k2hPHxsUga0MB7I9pSSFh`9?^_Pr~Ws0gs39@z7)~{
z!%eHYG4yLgihTa|H44Z64@{Hjx7!)4wPi1@f!JMks^!%=40nqE$&=0djJRDDc4)zx
z@!ef7@QuYRw+3|Bo^DKaQM|Q(vnYCv#<h|*_ER0uE^)TKSC8;<L=U8v@qq`cp;P{O
z^KL=ZF^MH47VTEmK>13iz=ReohywgVA0G$GJ|YP@xql1l`5rX^n*E0rpyTNRBfs|f
z1MZLpu;y0dbMERRik1I~LNQ}8=4OAF+WYv8-&3Lg<O~Q9{L=y82(RG$@Cj@0L*rXD
zYvFhI9Zh2v4*jgOAuR#}F+i6Kys(Zbs;BD9>5a8t9rG&dxx@UKPv{M9eqgw#mE)td
zp~^Uk&nX6~?>%@$!m7{5LFxi=xd3Bd%>ol_a4NiYC=MGO0c_SoUY1pTRW@$sgY^Au
zc3fQ~1y2&aUDA+-?3|3IpZ@%q$5ZwroW>eUs+@USd3LVFk588l+CgntJ}NIlov+A)
zuLO6TsddcL@5THHDvx7wkmV9za62N1?Q?!|XRx@uz8ovIhoXOY$;1Jkfwr@<<X?RL
z4Q%j~_GK`@vp(KOwAHuSsz&K<;ZBl6vfnGosUPSs2uD<ARp(j^HRpEufb}>rzabRC
zcNLGt((60}v5ZwA5oI3J4uhfc4wgD>ww1$T;BG?P9nGIUQcnF6?L4_CJc|FXgTGeC
z9}I}2!vO@#gdmMlG0~<HIMUcXnMbqg=k;6KdLkWbnkUbJw{LCO2Xkp^f&bnG{9j%k
z3|rO2oU>b%I%-v6A_3`M`<Bw;dX33E`SPNzS<D|h^?DQzroUwd@BJdVvVnb@tHM*u
z=wBVIPZU1vJgCw7XU?9)k1@?sn%_uv3zGbHsVtU%XAK_!#RfObA3oI3%S%Yjf!LwI
zn3&>CBdsChv@>sq<HgJrY$SW=7(Ma0pf;Zb>5?|L3Y5e6xpjD%ad7>IbsMG5hiz?N
zO1Z#!fqoC#FP(4WG-`v6n*Fq(hp)bMZ4Qa7(!mij1a=Vlt(kJ_`{%!nzztDE+3y~^
zIJrL|s72+W-1i99KKd_9UmWuw%*swGfP|fE7~^QecwWlMT)rL8Un$5@{$_&G5bpCy
zA|?3Bm?C^_IUe!)acT(a&x9jKegHlAdgAQ0lKPR2h+V64zuipU){8s7w>3>!(pf*#
z4%dD<4qm=mC^H){1e#y}mJJ<?Q-m|)GV|yeHj)#y9>FmCWB7}`UJ@kc8n#=1TqY7E
z-9bGclHyk%gKG9kGOI2~zCJYl?2}&G+J2JZ7_eAj+bK0n{0nKl)u58-@$1_winpA<
zD(r2ZCb-2TimROR)?0LRF^PWV`F}ZX5jtJ#8F|4bX{=FiA#&-ofVNAk{~_xm(w9Zb
zmgo(OKLKlzK|4>Bkj6*a=77-p6~i#MD)AKxp<mBKKF!lDt8m11_8C-5jfw<sx0n=|
z`GFcO*JjjuRfms4iO70Wx}1NsoZiY^&>5@+piW{hj=!jHd?$XUYH$e!dVLp~pM8d@
z8L0@rcIE`PVJ)S@>oGl^e8+)Do<2{;hp^BZk@BGLGmk$@E*r>Tu4NXL4XJlK?04mc
z#39TcaDE}zaMhTfp+Sq{Briu1M&BA0hn|pT0uQX@y!K?|T{3Moc~*pGz9%yK5UD9+
zzj*R>Shf;Vv57F&)JEg-q1h+Y2U`_xWV<H&G^}6g`-|CNg$wfJxW$OrG_Lw-4IyiP
z(ock@!WOS#9r<z+aNvl-?e!13o*;MDc<T;=3xyfIAh$(&jWBtS=E&*apXvFnY>iQv
zL{{y$g6st+2lZKXp4)!}&nKc;)*3OhE(9uL$qaC8R#pVksm2tlC3!42BAe-b7;2T!
z4{7++)2*iDt`887R2ZAOMFt`ri|-L{*n9-3=?X1z((!)1`)zPq>`7s}o@Cvzmi4$g
z)oYi;nXu~@V6pT$YT})Ryroxp!A8+mRD;j8G?3cS?YKinfNodLC-&UWGD`qQh!n^i
zP8s_b+AW)EtQRuTQ+*|m#XyQjcM|tXKmKUjDl(q@o=;n93{}PL?U{-nB?gO@qiV(?
z<25XMIam3&SpKsHffjn5Rp!@y{P}U6=iu9a=zJj<evK3(o9b$NqtJUs81v%c)4)$f
zk7Tiz4ilaQy4R&qPNEK4x5y}&9GE6yFiCT6n8Y(E&Fj83H!BI2gl9kHdMt$1%;fms
zp2j0TK1xAuiM~6WIWN8k8h<;d{AQy6>A%qT&YWJ%Sj!v`NjvQh<zm{NQ0SF5e9zWD
z$ynRtvbn+hu++`4Lg2{rQ#M?*B<b@L{n|MsRMOaLN&hYCq#U<dxOxC{&Dva87nrlT
zLn*&fSiy4S(!HR?nwrm(1>jG`wC^>HpQEV#k}m=ACL0|7N#SYI_fh_rtByYSE*UKj
zB}W${lD|1jN=N1jLF0GWW-fuf$c+i98LobJ^Ui?j(xL=~?7qIrQEieD)_{9Rjw`9V
z1uWnL!8WA9fXP=;_C0^fZuG7|{5jNqali~bkL{Pd`C1Bdj{mZjRcCzgCB9*{n}Lr}
zmON&-yPovr@w>Z<(hkQ}qnYL{iu5xK`cm|)&!lr9UC1an8<|P7E{4iJGHRj5d|iYR
z`6WdW?hBfKF5W}@gYET9=_cyK{qlu$D;4;zD-6g;O#TomA3?>VD1WU|%lovILkb)e
zqWIjv8#@r!&Rdlfo%E+;Kx-Sg8@VZjOB9B!mzU0$%ULCP_#4=2it6hhZ0<Xax*-yb
z3fU@%m=na5O4`6LgWyDVsgt(#q>45fq8DQ;z=US#!GFrc=Gs7dp>O+@%Lq~=j8S~2
zwrdJeVtnI@_>ESrU)^{VY}nwyLxoyN-**Ljkw*3Eq&5?2-sR&}%H8=axMq^Xufh=S
zDwUUp-kp(55V23hl6@Gs!8rMLfEnNX28$lDzILeeoRWG#z{2T>V|p?u3jKeWyY^f7
z(Oki;gzYSjY-=~3B~cqqHDiqq*ZQOxv1eu<-aO~nT7lq}XGH}npHi|CGtT}ik3F;V
zxK|Pk;cf+~FGEo7r?xy&N!Uv}|2S81{W8k=fIZ>A2BX&=JgkOH2z-+3$uA6}z_T8G
zUOk!~^~c(nkQs)KE%6=@aF7cK^D;MMVg#hNF}|Esf=5n%U3L=feqTEN>XR15TuzK)
z9K2OgeWc5V8l;J~Aex`HpY^C?yrn8thGH*mQRFDOU!uA(qXhqFM`9<=1jIK9h_T{Q
ztSu8uA2dJeadmR}0CepYj-LbmD_0cR;MEV3z^-s%h;4+{!eHOu-RB7i((yPI>LjV$
zI`uY&!BU9>;P;_BCNv1kkIZ?Qt0`(+;7?{;ngOSLmWDQP$O{PP(sV;Q-u=6PvZkwR
znRw<)aRs>kFC=TUm(`tj6sezXw-aYTt3}uN%YjjHuSE5emoKao&esPVQ6Z?BxHhsu
z<?l**^x#*2t|n>?)_wl(J_GW#fFUigD5z$ZvO2oI+H>d84}1oM+-SI~>+df%l7+3E
znDtMin5kAUbUXt}ILjx_tOFKK>`~9G>LbIySoD(xTLdOwm9PCwXt&~6=7*d)>JAT*
zv@2(dz1-5|^w+?3n`0NF#+gsICKAB?%le@oek^0V@3=})`e;^J1X;+V1{aiv{%3rn
z$V#t%h=$hsRhdJXWuH}D%fHZ!U;?pwrj$oKVP}Aq_;)WT*?4-AdL`dKblUWKuk#tU
z)->h#Xh`RR^nMwb8{7+stVc(^huHB@THf7`_c$21^MFZA_Sg#T@Jo^di;A9Sb5`n{
zkgl?&Az1W(KBYtp|FRz>F2w_OdTMXrOXK&jY6`s`WN&l2sqWg#FZscq)I-ut`}H9Y
zWvla~X`#@ua{05OL<(L<(LnD^_^+N{WK_06adwF@D-#OChT`5|>ku?<iowcfh_Y^u
zlp*?No8PBJ+YwmOA5n{r1$JM1_9+FvAOoQjegzk&SL}>S+RKcZ>4#3@g}0U@W{{mX
z7gv^@bNDAxWOFh?9HGw}A)a;D$`B^0%h7MgWM)1yGbYnpleJH0oWj{7&i1`Ok4Akh
zER+^lX#9kFH{_}pLsDO_Q-X<F)bOFgFbvVzRWfHZFme;;fa3n)C`tzE$SQFv;Jo&b
zd&Dr3LF&Gj|Lr$i%Qo?l10nl7;+v8Fq8+N*J{joqb-<{=m)WhfA}Y~6Qk^k>6kU>%
z`(|(wDQ5}&RC#h6^{S%80&+pOdwpu3Lp+hd2l=M>B@=Bl_IRI^(-ivi##xja8jGsw
za92s=(qZ<`EuBlF>)I`Q<6u@v(#pcI5LX*{X)cR;)*H);3Bkxv^=LBC#&XQ7WiM$%
zcz!L6dQ&x@u>Pap1{&K>25-1$L32t{Ts<Xe5@${t5%1!Je-}{`4)ovF7L-~+w_?E<
zDJ_UPvdrUZ{1OGWPS@X=C2zjjtY=R)s8<*Kha!hZijuH|_iY`-M_*0q;)sPX-o#CR
z*Z?aAb*UPrQU<~vw5v}JTz-7V!p~7x_Y7KSM5jPk?{$uv<F%DjyqrWHs~G-ml>dxw
ztOLkXAL(#a2*1H{|F-O;V<cusAd^>e*b|@f(lQEN@aF*=0LcNsptd2#L1yEPo6M-<
zx6^#61+b~gQ*$s-U})a+-Yyu)zhHnkXu({=r^ok6?ls8Q2xPdUz6;cRM_T817z?<K
zaLyVm1B+4+rYoVS_)38<uQ*XodrAiN!u^k;o9uZpAb&!9jE2%xxpZim19f0@5xq|O
znbcMY%gA3Lvb7HBl<$jhm^>pXN$H_{M8f?K5>Lfu)Q)&^+5@3ZX9J+zof-8s7h}Pr
z%cQP;Qf@vOi@`Uwh^=Lu=%67Mvxe!d862%fjqvPCkkG5c+tNzH@V<#Cx9POenj6v8
zG$1EWKiWI=jF>U_KEPTO*$MBFf}-6R9%Gbqb4tC*126~^t3lAMw*AGR^I^9teJ9y4
zJKen3dIB3i?GB0s1`4AbwCN+(obbC0Y9&%o+O|_@zW*hK*|T?rvyev>fsbGVbNjP`
zx8KC$QJ|+FsPL;_5A?-(K1L8T@52Jfe5_$t^}x2Ph^@K8feqhfE@)6&fx2b4?~P%m
zft&ulr$o^~JcDLyPVgH<d^B}lf*i>pqF!fLS&_PY-Kzm=@6Y->qwNhx;|qIt0TPOV
z_o?t(id|DREXvdSHY+Xq;3t_a#Lwy|b9ili{gnfymZqtO;K^pMJ6Y1Gj|MIMNqUS~
zd)<_tpN_TmRJ{e1+48kvHrS=R-7SAOkPJ)3TDchcBUQZmaY8YNpp$O*T#mM>a|sl=
zYWK2>gDO;6VI`3uno|D9*83lpe9s85BfI~9zn#pQ_^0JL)SMpu8X5Y;wLV{ysgYU4
z>Uk9!8Tzz{>-yW_!ZwBNq4_(4PEmu3sTWTGUc5F{?;V(8wxqwK&F)-VmU*VFyB|1E
zY&`R`^&es$8ylLs$`Dz5;04oYUL+Q61C2i$b^ZK3N?>2%IEDa{DE$q<A_*8yS|zL_
zP$)VSa_f6|4Uzh+`tVLE*#g6gd&Kf<+|{3y=`*?8bSzP&r9XZMxAbLwh+#PP{nG%U
z$+JHZsp~HpdKWfDJ|aFo?9zJ%$xq778H0NFKO=tRXO6gYwvm5koL5-mbI(brZgM#2
zB+`#)?u}ten)*CNMLdyv{>9i)QCyK#2hhPrdgnQP=iX)@M$BwdSy|k3yl+wcg=Di`
z^B`?dN)mM6Oa^Byn~!mI+LoK>nMC9G^Px$Ukcyp+=}IeN^tL!_L@Z$6lsjWtJ*6)V
zW{>n%l~0cC1I6p~Ov)qUoX$00rrNE4D`g`k`Ph-I_3^IN0O=`oyy0XX;w{p<m^}kc
z{Gso(h_9601AWIVt+mZnIXNfH(d4#yxbA~ejLTF2MHz!U*3^+^zm!4ED;lfm8s>r)
zuFnPR-eNU|Ue6=YAM5^IvdBY6ySv#OedmS(ioRir2`)yMAC3os$KIY>kKZxcL9<a+
z@+DG?bjNCd)L?aTTEl~I@I#vchp0h3Z9nn;j}(M5)As-s!vSSTh-+nu>w;1Khu9`2
zS1C4{r@0|xag3^|^r}Nam(2$*Z$Zf()6<f@$JP=(FR=?qeaQ5ee)}hgGB8ZBC5ZpZ
zd=}l;(z4U?A?w_5Yt+=n*#J-HmFPSR);YNS5Y1iX%j1numQw-_zcsMs#EZ-Z$F@ZY
z+c7J?wL7xQawB)qJluYJ_3!8=0&RE^J1<vX*?a*i-e?0GR=DZtr(=O&Os~Pnj7Uw>
z=eR)Z%WR37*m1*<06OF8R}<Mo0DLd6eyi4R9`(r*9flf7JPh@yM02jbMoH*td<~g9
zq9M8YxTe98An5sNO638>BF+LZAf6t2--J~zJ52H-ZBigih#^Whqi)lciA;Hb7rd-Z
zeL$q9D{cb%P%uWD1&BYzQu$E8vMlz7Sz38j;l`f_+^%1@JYYO<jcj&)pndWNdFPSf
zc*qcxsuhybOvdtZ`}Nfe{tKQ>m+0UJ0X`U`7GCx-!))c~TqIbxV0#PlWMqWJgcQ!7
z8hzeyGU^~~KH=XSFmO>E^+(5ZdsLQ7k_XJPfA8YyW~w^#&iW2vYx)w@Th8zVCA^qz
zwF&_?Age&S0}Ey1#~Vp^d3It1ZIlY+9*I_ZH#|K?`8W1M4s5eLBrauM>7LJ?IPor|
z0p>vqu;XN9!X}^07cl%)U(?{_OJe0{QR^*Th*VEYA-@9SrRq5E)yfYkXg3as>IlI~
zVoigUX{h&1LQJy88T7HIsue3tNGeAi|3hkO!Qyak@0;@-wVJ<)um5oR85qB9*`_0s
zYUW6Nd)IVaK+SB`QP{}R?TS2kGw8$pRF6tC$bO14{$pkgt^2swwiE!{W)d`|w1#Jh
zU<EF87Cg_e^{2q3KT665xwb})l;-{-vz{SQydL=Om^p;q(j$>;-L^fuk_v_W@^pwt
z7HRf^+ffDUOz`*}|AYd){Ej1EF_XrHX@j><ShiFgq(t-)bd#PKwjq<cj#G)g&oVO<
z#^WQa_2puNY4haNAWF+wSR;=_zA+=w{Z#r?(Ae7-kIFN)@7H2|_5==>d!Ke9XT-B%
zzi}b^$(}M6d~*(AZl_14TqcYknWE~$;A|Rg^?;^R=I?e)_F3Ph2_|SgA|RkKodo#)
z>R}yZN%+u+gNRX1MQ$h+n#m<<<ppYLgeoQzAHfX66_ejxPI>}@8Dk|5jc7}fY!+T;
z3uLWFh)$-D(V3oNOzL3+gTHPwm*y3#Vom@~^%R&k)@fI9puZ!{syzC?c|n_5DU~^N
zF^z2}SR~tb8MxaIQq(829dH~GgE6Ci#Eff`$Wnxav?SN(y%(7+jund%8xj#4{H$QE
zr}So8JPmJE9aIum4Tyu;6{%nP;<w83P;du~gb4aF$FMiI$^XaPa6eLlAlL37NI+#8
zf?^CAOU^O99a^ca(Gva4tKdavgEo^=kZW~|H!zqR{EeBatJVZ$tA!!H;Xp>m0)DzA
zZJEiU>qldx3UB$=hQ?jHgIzQEG=dVr(VU_#<zb`x7H2KbELq}l;fq(tubxee#=3CM
zou5{;+1z3*Uui-eq!h%#2m7yhOQX@LEU;wVzSV2fkrAV9v|(3Dv4Df|s<+=^Jyjp4
zrq#{bD`Z(WsQ^H!lVsJ-%OdxLk6@YQ+eV=WWcYF5T#rcRkk6x}{LI#;ev@N08a$jj
zYLFi{j|HG&n!MSKXIl5O^t>vOd_Ya8ZA!#lC<Nk9I%A%S(K&yic%GISQxP$xI+TC|
zRSvZNa<Bdd^eWmY+)o&4dLz-nODovU<fNs7pDTBnl>zExn1>h>d*i37)|RFrvK&12
z8se>=vP*G*hm%HWhxSN5DT_bhLix6hAKw-B-|YflZp3P5+9v&()*e^Ir;*M^-Q??W
zvZX5<7roiG8Zj5W?+$n_Q>uZtb*Bnlo$+KU1<<X&$n1EelzW5yO(0Y?nK|<N#-jpJ
zvB&?!kcU>X7@tT7@9b$jv+Bxv%4ARRNde1yr)2*amVkB?cMy;fwG&SF`Jn*Cr!00Z
zdD|<eI{plv&y|~-zzY*#E?u)od4jC4iy}V9{TTP|KQ`6u@KjD{i^tWxn&I(CW?Vs#
zQ!fWTnxiYE^77?bx`ydL>B$pqArLCcI!M)_@sGe*%u*f&h6!4l-@fTEmMgq>&!F*_
zgWQnUM!8OtQ$|QAyqPYJ@n8iX!JZ`Q(Ub`N{p{OI?Q-q?*ogfqqSfFVLn{_kBI7p=
zc<Viz%rGciB^3MlN~~=6?(}B5-8>#ub2_DppHLO{z3kRP$+&2b396zjiM!HqIaxbc
zws}S}I!4jAFIC3@|2i}xU-h5fYTW~>gI~j|T^Re1tRf$a7YfX97t?mp`SU|~NQniW
z0!aZ|VU(6EPCgD}NJ$X>n%?nZ2qe3#+^AUMF`=luKY~sFF`{MZqbYmH7T6cwQgQpM
zstQ{x4>Vio2;>Iuk@Pz-JVvdM$8wRP=ztBH@#bXDS1mTMM2iw_RJMGOD=s*_m8-9y
zGqjqLL2Lm*Rl_xq6!CjjP5rr*OT8goMdA*F+y7WBv+9XS_YO0Mn^4AZwYx7eWbnh+
zy5v*_U!_NA9v;B5DE9_l9?C!!mi7=v{8)QkT2~5NdB;LU5v-YT&DT!?w2&F(){U44
zLw|{mY2&`)nE8k7(U3IX*y)fDmc7X(k?wJ%qwIIZe(CV*E8XtMl;m>dB6p1moA`pq
zbM+xb2|sy}AOu%BH%Uly_^9@8SsR5gIv%j|pVY~o`~@^i(Jo!={i;sjEG5ydCrjMB
z;jRfrod7+KtSZ=}5-_fWoe>HiQ6JowRR?c|i@2$|M4qN!g{4%m^Ii}?@biExcfLKD
z(FzyOFm`rR{eC60TM*!PB&|^YlVinLn@0W+pM_3l8a<0y68sqKq|5xb*SKMhcwJ%B
zcP%wYnW;NEq%u>B4m4atb{&&*?|hu)SolcAEp)y0Bi9m!V`1W+bjRFTA&x%4?9Vte
zGI;d}a7z{9ZIY|}QT;L0Dp4mpzIXs@E;&{FL$NRl3~hFz8NnyU?GaH;S&Bvq?Wkb1
zFm&~`=M^o1b3D8MRk?tU7x`lNv4wgA=seeL>YueA6{&Cf3r$!n??GPQyw3w)<_7Ux
z9saTfVEK_+P!`h0!JMR_tO{=j>glNf7Z3S~pHB8DG0V@6Gux!(-qvFoM=^D`#*0p7
zlw0IdUUba?!^)Y1>|Cpi>j3XsS`>n1^tY@4i<8f&oV}n{>%}R+5O3*Z5|9|(CXcD7
zo=+-*YG4rq#+tm*9n9qxiogfrC8Ye&C>7T`3?g?PbN-1u^*m2h-H7fsP%}SM9s0UA
zUlW)~lA--rI8w`%#aV5CB6wgd<4ICdNW><APV+isAk8j{p8P0qKQs)fx`BCTr<aV?
zxlH!Zd3Z@CIVYihT-yGoX9eMN$pv1lJG?(4I9ByAxi%@NE3f+vq!Cs}F8%kSALZXp
zrV2EswC=|C+ryq=Gn2Ro{BdA6_s7y}!&P`L8pw~B?Hp_ex}OwvCKRHEmFOoxR2Dc&
zkiU{!<75}Qw19KCqF7sd*m=>z*8#5rJ2Ea?f0k#^-;~Wk-RHPE7yulZCUv)T2Nm_n
zy>zzG>geC!e{+3WizkL&ItTLK#y(5j6I{OGc%c9Iy<*bSd^e@r@@AVBd$_Uozg^Sn
zW6dM;??bSGhk6qI|K$%)|IZIU8kciWdF%u$38JMHUz_0(?<@CYG6{X?GV@i07eD{C
z$tWpwhKD{Jf6=SRjOSC#@;Lq7{y8Ryce^bp8OZRz*&mAhR-rrO+Gu37urLq7Qc&<)
zz34Nm4Zs5-J?78Dcl|egis!v&hb+Efo(scZUz5+@bL6fz*46S`5Gg3wyp#~Iz~CSp
zqos?0?aVG>)Y)P{uaZUGWfi>D4Hr-@W>)*PSRmwriAbd+LCu`NeiK{#AuIOpw>Tt{
zzOI(E1RI~a`rCKn+D<%X9>ifg6I`DJqS-Uis~SzJ8{Mr+Eu?z}J}7LwP`V2HXGT!?
zpcO0&_sYFel;p9|GPb2;3St%b0z>PdrKfLwCf}ki0E7K)uGqCI$r)VYhV=N^DB|aE
zZ}O?gDiHC1@TR2e%iSmb6$75?*EX;7se9a(5oC;dPmlMs0G}k@a+I83e`5I8<3rn4
zYH*caV7y>!YVW1z2kDpOqf*nHDy7rO`LhK!>&bJ4(L%bYn|L<G(0NU7BeAbvwHtO9
z1tH9tAAsd;TyHA3nHs2~^X~Jg<7_qE`x}l70UNzFE-n(3NpDEHGWjNTuUoWdXERCy
zueExwhmufvcy)mSw_j}X#`gM^*^2O0{8X`<)A^k9ju{9jg8@Qh^nqV`arhPddOw*S
z7Ui>$CZ$geO{{6ETQ@wZFPzzkxCp>FHqHPDfW&DgMRYK)SdyaN3^ua|O^oAS77{iY
zsQz)5GYMxlJoHYpP2?H*?55NQ@K0-Y?0RcQDw*Xtm<CEZPRqBG9u2!M&a*JAV8)%b
zt;|T6qj?*PXj7Qt`l*4w;^Jcj-+WV#x$@C*zf`7<ft!V}-o!qS(76w{;b-i69+ps{
z;?2Dsd8gK+^&vCrxMc<XFBsAiq-*MEW1lUNlSqD|K}rOIJkQu5OYi|U`kL2Y_f<(1
zmI3=R@TJ#C#hlx)d_~*BoaEryH+W&4pjyjsga%HeH8my0l8%L@^d8S?r=)6blx%yn
zd{nW)(V%Mg93v_k;|X{}Pn&C+Z0C>G^_&7E--mVS>xGZ5QE08NWEG8(W-2xMs0!|W
z?(Z4zX3UNse7tkLMlTOs^^2TZ-%8|;>|#Fudq*@XYL@zaP{5U<TfP<JaPllZ>xI_>
z{zjhqkQ4JL>qeS%L4QTCCEPYORxWArNg_-|surV_FT%Ig#g%$q*(D`vV9`e|XG{%W
zZ9|N7-+lmZkd4^f6GN>u%UQ}O91>pf4hq@0Pm+G1ZY?B%;WZOl+I<rpC@Oq%`fj8B
z6*;Rd{a4cYMvR0+A=c&?OEq6h!8QMvFTe>ZuINU-11y6tU?N+*h5Aw-h7EoNeeO_K
z&)gt-FO-a78o}5n^&6v0H2d-uWU=={E%XbSiHHi~j|`I|U6w?}h2vzcswe(Z1?ruT
zCuT5fIoiqWn5IOGE+;+CefjQwO0C9_S7XmwoR_US@e(t*xNZtW*6t#$Jv|%XGPdY*
zk%n4fnnx28wqprAYf~$w4VK{7P`6Q)vzqi&oO_ZP*8LtO5ws%cmWt58{f_jgX}S?e
zL6m6LdOn;XohChfB8|ZQvZGO}w9VGy^5S=(-}CQuIdLcrRHh<kQ`hK*J(VY_>)SGt
zfX7PEq}bvngzAuD%ZKyH>iR!m@J`a}Z?45{s=B=OpHn|(s>{x!U_*jn|6JF}J_An-
zKNa{N;KGI#VB!O4nNx?EUj9M@@`p$#sMO-+wVnV}l;tj@@oDJsEuY6T#iZxXI(wZK
zk3E7I(O)pQyH^nGrg9V`GtT(?b{6X4)Vn5OPSwFC{@wMnG?7^f&d5CKy~^Jw2YHLC
zy;_3>b~0CiwuIJcX7{$Er-`i@z(P-td6!(^G+r`7P#|hD)&vXJEf;}CHnWKkw>I4s
zDKuEdkRCr|=Jn=<>-|Jw#++@?YZ|JCD%i(q;d8!{h~|IIhM!%3C#lwusvB@qOPm7S
zE>*`z5{k8+H-$j73)mf`o=wC5$dCY`)5^l&l8|COYV=SwR<P46+O9VmJA!$s=$<DO
z4#MD3$}}KBrU9#=pY<XO*ux8|_E!)~)PfHUD*Q)=Yi9^N6!}FRpW5^+0cuBx$V^sM
z*EpJpK6g&He(jg@vG(k)zoNT1|1=oZ3a=&;kPh{TN=MF85xkw7b^n^W95loE^ulIL
zE#TJY>`?&l>+kvNuGjwhOYpqu|F`7zL;Si3mCpV?cRPXDMhHaO=iV9TCyOboPkuTX
zSULqgL>*s0&{k(U8_!i#OwFeIvUa9xI<<(7i3SlpWz7@%-=r(hnw!0k?^X0tOzSVx
z<lmXh-cidV&oRsYn*aEF0$OSXhIm!X&rb$LJzSe!itzQ|+<NteQ3X=Yn*Bg{Z&W9b
zQ~X6cKW>!l{rytIab&ETcw6!+hBB{uGdt4;t<;Zz9s@})b8dQp#{7Wg#7|n17;)g=
zrqroywMb6-fUGCCntF#e&NM2HTA`~{<dy1&TpZ5CY_F4>4AEQRcAa)wf>8~LY*?ks
zjbAYltfWcxj*yeby~31p#_*!{+mqldkkfB6Z|6@X4`j1F{>o0P3bSWLx(^X^OS!c`
zSzGYiWY#PSvcdrf$SJmhr4}Kricy@}Ej;M#K(u2onWWC$5Brh`O&qh>`UF!;AJ%a;
z^GJ&gIb~dJpuvzA>}v`YTi&)|O<{f-3aR9CV_RccL*?iTZ+%ym^K;K|Z+Q*I`|^?F
zoelX5gOwoGsbaP>9Ip@NlIn4mesh|cIXk(d^Os|GPRWBQ&i8-ALqbvpHxfr}H8EmG
zh8u;>sO-M$nx+4d7df<TP)q3%-)zz|r^bA1?r8SXD2S!79%imL7gA?F#-b$donykL
zyY;ydk?U|ybNF?RC<>%PN4}3)It(k$4mcUI3E2QYF@+my@)$GtDe;c-Wf(z=gDf>F
z`c=#e4_)VL1=7h()LpBk+McnM=Iy2C(_>3~%w^TwA^M<5>h+1P$?}KzMW2A@MjgKJ
z9$e;_1n?r!^d?L4{8rEGgrwygqet76>sA+E+Mvyo+(7WSOHY1_5^wsq829&1H-htg
zMk`4cxDj+Uc(4k|8{4)L&~`KPgjAC?!x!|$<Zn_n?B6J0y;}mjZDT1^w?*k;F|DOF
zz%NdFEkO<Rx4!s3AOoU6r`_V;OGjKF7}59rm*6hbhMueb+%Q!4wXzi$BHC;jzDU*n
zGBQ`U6l=DYnJy7kaJAP9_eiEG(-ghcDV$=jGne%Iaxw{N@kRcCEczzC)HPL~v7jdM
zh28R0A?kXaEZHjxpQ8Rq{a{z0)rHbG);=XVDDdm*GZPj6(J*m%(_(P#Rd-#8c2HWu
zLYpt5hY7T|f1{v;ado5K`RVIwA$^6bZzqwk$?dbkz)B?iCI8<SI-;Y($1bSz)ZBC^
zlhlipY!%xZ0Wq6arf(F+=k8h}>QQ*^E0h*r;B4Z(!mkWlXOwQ6mQ6oJrW2aLQBH9!
zZzX!>pQnD{YIYljkc;kA+Knh~ZV341C@GT2dTU#J<ELG=7>nGFVXBzgpGBsm-~-=@
z<x>_jYI8Vb?r(`4G22;QGb~8>tjll~u>354${U}usO|Heq}ppI-jnt;Z8qYHQ}VRG
zul^@QSgp_4<75QMCe^)|JDhn6<EQsJFSZ5K{H5X4wuF0?7%y5MH6ID{3%C;&)(`L(
zz}LZ_9wx}{gr&|c)h&qgGwu%VR{;(Ewl1_=_XqA$&Ce)F<(ty_N^B}%L-Wznd0%OH
z2&&y1j}KvRkUH14zj&(K`b%5zWEIDrYuBG=ZI^6v_3a}NT|TFazSwN1D5igyMpyca
z=sSgp2ZG|K$(<&?4`SgAWCvvWk0}=RzFu2eMZ~&c(_<EpLy(X0Zk@FeU8eVeC)R=u
zzvlOwp31>lf%J?QO^8Xz_YIw}b|r%H_}Wj6piWSWawM~pC~E@eZ2L+x1)g)>*6tR8
zwKMwv)!J7D#T9j3;?}q{1b1&-1Hs*08VN3qYp~$nI0SchZ`^`waCb|91PG7-A;^&L
ztAA=<=3%O)s~@`V*$?aNv(~!1?zv|-8-@e=7;ej4Qy98Iq*J5W55X9+{w>-ql8o~&
zthEdU(y{Mx&Z7?8*JuN^8a6?`5d|so#?@IX^JxDTY`?3{m^#Zd8EyGiz~PN0oxz(}
z>bJ}*6I;Gr=}s;d!;o;p919R>r|V~g`K<OBDis@>BN0V-H7ASPs-ItD|3g>|ew{q`
zVTZWny|Bi|L9oDZ#Onh`aP#L$HVjf%&Ulk42P&;*SO9&Z!(}T**AXvbX^&lZYB%{u
z+R69snC2iYOfi6{Pmo0>H>W|a)k-k3x_1JSxkHiH%QP)(Y{vm|&;3Eugl}UN@vpdd
z<dZAKYy6$gj7ziy9Qc#uzg8BIZdaHk68;05zSrd3GVKFJ*a^7@-w2q`eLqz3AMPM2
zebFgJU-)kkc1lg1J-r)02f;d6x)tPC7<#0#fi1A>K`_rzDr%&XgCRpAme~qw<&E#n
zYJ4wCyGS#Pe&Ue8yEipMrXV59+0|@B5SM^FkdB^QdU}w@_0rZIgYU_|gm5lPcnwTC
z0}n9vu7(BtYKT4)(ilEw_iqkeI~viE$R?g=zo;9-YXkbO4tf;~O{;Ts{|A4{3wFm9
z&t|79(!6AoTKS}2-hRT@d5d-83PY$IhcOq++Z%za$x>gDzSPzxSuuWZ>e~MZV^q<(
zlJ$5TT;7P*%8Lp2ZXMhf^I7Ds3r50-R8I5te5;!lJjR0lxEKy1k;oDvTRU)mwOidX
z7$Ll*W;5`+C%&C_x~>s)UM@DizOy=diiNh~p)o3R_!(JLY6X7-rm=19R&k1nZvE<H
zMUVMmOlM<yLZNGNzIkTQG9Aej?6qqF@M5hj9Wh5H;VZ*Cpv{k+Kr-a((@X^xfsA&2
zGE)O+^{Y42nVKVg1|lo0;-|+%v8+f5umZ$#0D#%rS95@}lRf>rbQ`WBX%6ZQPS^oY
zN_eCwUHUeDA)od!?{IZLP!9_`KV6Zs?O<f3t&g1&hJ!5Dmf0UzxCq16vT=-{Jr3p$
z!tmbA<IF|VlI3tW(Fo~GcU85YI}i%z(PeQrnHvZKWIpL>nzMW;2oxUWbC@5G05Hnh
z?l9(OPEW_Wfb>aXpm%8&9<u(w_kXX@Y9-XlM);U!UN_AP&^!3j7f`r_WiYw$FB7k%
z48R^{{_>9U4U}-tfY0t3FPL^&YGq#&OW3H6Kp8iM9dkus@DsAOY@m$ODZ1Rmau8{U
z!1Rh28ZH}G)(9K#2G;*w7^d(wz{c0YhB%MJQ<YnR`Dn;coqdsX*^ayr*rKS~g)Aqs
zVIpw~4j_o|@64oPUKau?RU4Z<k%^TfUL9-d5!ljeS+QyaRS@o?_RI5d>n`N%Px}^p
zWTpDNj)gt-(Hx{)+f=Q;M#~ZBMQEQ5V>d71^{t41>Vj?k%<=eew)&lN0eDq54QdOM
zNBh+z`peeEM8U^1c_YL!rh`Urrm!QRlN_LWkQ{?5wr1{-{6SUo0}&b9;}!lt)P4h$
zZnbRzhwPVTiZV$?c&1EtW;Z*^-Z(Q}TlTMn7y|&A|FL$^%BC%VX&tF8TKt=wQqliG
z+mr6})ju3Nz43tBsg>sMPJ8iT(z`{oVS*^@V71Uu(gK{ZSu%^#`F6Y<2<W5ha%PzD
z1B1i9i)mcVUTOhTR8)%k$KzR95&dVrG?ig2^>p#0I%*pFj%5>KZsqC@3(;+0(E6G~
zkz%X6&mMnNo$L<3>^6va`D-$NOSk}jHF@plGpJs+^aZ=yed1ra?!ItXi2HxZy$8QZ
zmawn;^Ausi{`C$8AXbU}(xduFpPAKnD!9{u($+jWYu-JB9S)OurOSxW1eR_Yxgiw)
z$}_$t!uYup*2;ZGmH~(ww|>g$B!i;V5xKWD0t<>)4J`ZNf0aeX!F$?Q!!+R6rby*;
zbOoaO?LZ<Dcf(xKDNako2`BFBl5!Y&2rD1PS-qUZuuuo=Ck*_nzdU`u6sD*J&(<A}
z&s=r;?|0-<p|?iyTlS;H5v8sTjN0VuQK^VHg0AbU&YTgroXo1CyI7;xIu!lnCXl~?
zfy*d25+eurWAZW%-v^ZbJ5y?u#eSWWBNZJ*OAzU6Jrdc)>*uy{Yx8xC>*Hrt>i6(w
zh~78~EUo|NJf~_1%~zPI0hnbjbF*-pGCwO@J|Vi>@2T{~PYEIK9l_;JnfA|O+t)_e
ztWPkS*`Dgxjof4Bf9=D{w1->HCY-*9E6kI=pzjdf0a&39-_t&k(IzJQD6ozZ4GX|6
z!sGVq7${G{ZvpniUd_aJb;(Px25w<W4$n&#o8s=+SkRFDZl29*q`gmgK(sd7l}ZY4
zSYYxyJ^p6}zTl?OSIaL7J^l3MWMrbtA{ov$N(8+wzbp7nB3_b~UCjT~S4zTNtJkEX
zbfol^baaMLZbw9gt(4h}dVr8Mog+w(25Z2vHTuZ6X5ig|A=EA4v--2OL(x&!3`OG-
z7kp{r4Q=MEzTT9s_caSs$+VRq>AP!1-5KH)9ypBQ<U<VadewniO0vnz0?Td=v)490
zuc9xn|0^$W`mUzB#$AZFn<6FJq}!}?HnhJncG^ByML;KF>(%>hL=2iSA1j)G@y3;A
zTHdc!ZzZTn>5v<sfV|Q4gq;k}NA$mo23D;EF`hfNpPK4zDJZIqN`fdX+$nXLWnG_m
zX+b}Z@{}J`S0G0oo!ZsOvGgJwQ;cN|`XDXtcg}$oOGWxk%@#(U-Q_O@&|~sz!UMaj
z3u=B#g+HJ4_;jPa`eRJh2x~8<H&1_9-JIpDb1Nz@nr;iZEwRWycEKJwm?WUI&$gE;
z-T3mwTmic{ig9&#q0EsV@ni+ok#x3X^Hxj~D!jf-Kfdg8m*bPh>MWhQscqU`+>9*l
z_5Rk2@Iwnvr=ryh{CS(;ydR$VP2tnj2YS1`<jfCW$SP&U2N1c%M`;?#w@c@@NmhW|
zvs&Rdu!^jiM2WoDh<-ig6%_X8#3J$7l>q`EoWH{K%@GxRDHfb9DfeaW@fpJt8>wr0
z_V6Ru*aTA2#fN*@rztBAW$d3mL#v@LIB}lOyuvSmSbr4nVRjGEB$4L-Z{M%t$BPHS
z&**GWVa+!GyF_{4zl}BDsM>mRc6mlt4h}$1d`D?#o-UMH<m!>WY~{P}ul&xK{dWnS
zvR*vX+Hs6fn|EehvZMl}ht;Lks?_dQXhyD%`Zq^<5Mg!#vA=GX-BD|Mw%+-#TfjsU
zh4L|PZkDA!eVP{00Kl{xPMqmRA-<GuqHn%ZR369N6#{AX07E^>2B2DCWY+a9&e3f`
zUOfkq+)+zVm({0!LY3<^yR^mIsIM}h-&X0-*Aqu}yxorL$)dh?4y))j@405Iu6>--
z>f~6S?rCHxvwqwP1#Vw`C!K)**cJ0(LVi<?GDVp$t2SxMkmozh(2jh#y(Q;pL4{G@
z_FK{$_K~`Ubyn3*RmMdH`qT>gj49;LGe-Uj!_Y7lY7^@@by3i8pwA=|ScIYG-c6h<
zddpGitAjY6`pS)r`{W*Y0;2grToiWr<nq-Dehcx#PAT*V8~vKfv7-B9<vih~PuHVw
zoAJ4G&}IqC0rU3^S=+o5#&udr)~v0R$V0)9EL>RbKuM1xhYc#_bAD(1(1=h~3H!&o
zzvn3*#@?b^;1UXk@cX9qAQK;Qs#^&lsX1MHK@j19ss^J~_nnA7{hA|Pc8hBMh|vas
zU@_h(6}-@4l#dmtiTD%8Aqa*bs>k&lk5kq_<dq@qY;LqTUR6pNZe5nh_Got{-#RN;
zWq11{y8noD(E24~Mb3wxLfQeU;^$1%%y)K5gd}1JBpo+wNqZz~nN$hpgpe3g1J+V(
zGT?*%bH-gk1J<T6D&7?w2MvYMgst+Ii(GK*c8T|y19`g720L7Ln9ld5nCY6bE!CyO
z#P8_CUaQ6?^a;07Y|30(I|<BWPcBjX*&4y1K*r$AHJX9QO&jv}Vs9u55H=-YcAJeH
zmv<iM<i@J)=Yvwj$q^BR$dhHSGs0QxJ27!Yq!7-_3MZ;5!{{HXj3^fkOJ3#;I)`Hm
zktEb+@ObmZ9#jBA2$T5F9GSZ_ayjevpXeW`5~BsNZ{$aQAx=tBV%M)~GYJkTYJiAP
zM-JJZXhVu?(^H5<gdI_qXmQ54Bw;7^gsShk3t|-5%KGho4a23Mz5}(N#KdB)rGTrY
zuY!MznJozXq@G;iY5*Fj`W0u%P4tRW%tGULN0Qs=a2M?&Y4*BUBjn@WEr042z{BH3
z8N;kByC}f_%^slHyGol8MSKD$7AQ`ZyfD&3Hog_H2vD~7-&8SDlSc?+E?2_ZQzK+I
zuSM2Ua$u;D-R_m-P!zgg-sB1-7?Hgka2md%&JGHn2UJ>Pjh5p^eR5WYRK+5}!xV<D
zJ~VM-z;bDNB}2RZo@BcNj$)V-P|*EGbHND;8iUw))_8YNGI&^S(jGyhq_%hC`8k?0
zT})G@_@E|UeNSKEA<U2=BQ2Vt#(GvN0qJ|Okp#%y*Czx!?RMOHcJzy5R~)ZlRGrXU
z8W!Gxx4uYPRpr@=>esKwm;<QGTJ@U2Y1@mYci9HEyze@LmP0@ZNxC#I#+A4lQw-G@
zk}@F(Rm=Y}3=bomXG%m~M<;UA>xY+_7|Pe4a-r||%#SC#WfN*A0n(>mLxS*?g(0eg
z@KR!8p1k9~zCk%)kk@HdOrl229f#maUo2XwpJBkpkN1(^x+)S#Q%;wQAYDux!XG!L
zS$jV9h3HgQQK}K^Cu^Cq8G<G+y6I11{Iw)<L?0SQo>q_WK7R`agC#18wUm|0(g$2I
z2{e?6nyQo&#;sk<H4^hU(P6c4HAilAHP-Hb<*!J-7pqZ*w7ZQRrT#3C7X){HQ9~kt
zv8SkDSr^CgmbZ~<M71z&&`%5vjP!t4LS~_%+J$8rP-9BdLiP4v$e13C+Yg=;Zxy1-
z9N$QEYS-YhXiaE;%Bj|x{I|mE@4jZh^~XGBU8c8=gp3xWYG79~+=%SSU{nQz+jJo4
zm}6Wwka@0mBJ~*WGAmF5AP0Qe0bjl@HS^a10fyIWyp2HIOfzCZnO5;gY8?;}qLF7b
ziM^X`B1a=TOtXq1>W%w<Q}ytx>Y2puOX<|-Y&<DOdIs4KSK&7dR0?I;5N!Kvjk2^=
zB|T+>yHiunfq5I8TpP34qM4cqo;;y^W~!_P-6`6d2wypnRgpAh`Tm)?3%VS=f3tf4
z`;t4V&bZ|_VVLn@uINUlwz7TKyvRY!$1TJ6(6)?a2p$GR6EVu!DNU^8XE7K<!eOMO
zjVC}8w2%Doi+_`XD_c=Nvwr9erfQZ}A&&Eb#Df@Dv_&<d8Lu(u`k&Q$WxQ@G9m-I)
z3C)dM_V@Et07HCz43Qdp#~|iAQXp&5BzcT`8N$3C#(V7^YKWTngJFOg$SaN?pYZFl
zMJD|?iSsux$IIO&4VcwD_2xv!X1BBn-+P@Y(m6UJ2rQiVWYHt@Ev4;Zo$4x0X#Lyc
z@M%ACZ!_Ex9isua4)75yWx4o_<MKBfVnKj)G@sRBq?Hv6O$%?2Lk6__I9Ch&stbuJ
z>XHxjYBCa0$V{Elp<7rGqWwJXs|MmPRO5K(U<z7$dG=f_Ne*eCZ<Jn6kyj)h+~k{V
zKUsi643WhmDy^eJ|4}(9x6d!9oPY=!Khq>YuPp62TD(kh39`<^$T&ra;YVH8^QtnP
z?c-ikDKATRiftgOUu|zCaB>(=yUO}uXHrlPaKj4wF|-@#N3ML3d}tD})eVFcIh5u+
zM@{EzL%k7~v^NTvww)zF-m;Ywa$EGg=Pnt{Qp?4<$u|P-RJ*PZDPWoL;mC@HFvPra
zLUXnyeA7Zp_doY+8c7Qb=KM^=t0gonCEcsi?r%D@KcQ->d6B7Yii4V1L(=|dt^776
ztN3|{Elvi3Hh0GjAB8(GD~|(KyBBMV3w5Tn$rhh{KcQ(tpNWHdB9hyTfG4G`nsrC-
zbZ!RJQl|rU5g_?)KUNeRf`)~RL8*y(M#22K`pScfa;i6C=ya^!+OYJZx`s%iYTyGV
zqBMR!uZDjFSg)J8A?^h7E`ff=6&tf{TEf>Z1UoKo5VVbr`6FAaYnl7UN_l!U;_t>Z
zBEWIJ9HHtSA6GP_I%w@A-x1PF?pme5((tJk*x3zfXonNkrA@!7M>`IGgzX44QfVk-
z3z6dKdIw{bfyLkp<V%mC>0r><W0kRu8mJYG+8ItSHh)eG?xZ|f3`OtNXb`y$Bq|cF
zc_Br0+NfN#Z)a+(|6nUr?7!b|9)q{V47dodImY&(zZSLCG1Y;-@JuVfF*_|_-uV<0
zGUI^eLjEEaVwgRS8F!g)8KM5LD`Md!r`~Bmc#0pOo~%04?YBQ-&HRtCxqm1FSLz}p
z8LS4t=2(J#NC%LSm#)X~&B)U*h2ASx0nfLb(&fBV>(a?JXd|<>>o(>|f}6G(6J1Q;
zR;ywgfMC4DIl#Fv3{9oCUA`2)u2Zwvx?MU1>7gFc!0_e`%n=@o6O7Qm=&&U9$7zV-
zkXahvfkC<o=oPXC%fUjFuu`}=)xy(E<{i@3y4*mByUu!}QkD<78Rh?Qs-Ug%zd;(C
zm+HlwOzT6lRPRyWRswlE65$Re2&<N*zS<KHNb??HBs&{14Ri5qK)QWpwe@at_@*HK
z(j}`rNWTi%H`*7mZIlF0XF4GdRo1Pbn`4AGEm_q`u_`ym5px39S#y$0syF_na=m&q
z+e5-*QKun+<tB{%lC#a(4I0cFl-$#ssjL~73UdQ=+~NfWe?EKUI)}_MWxmg#&24x$
z;~0o^HvAZX9ddla7=JO^*cNRbsC%6Vw}2AN+lTgta*otz5Wx&5#yrr3CxZdir>6?<
zModVJG1#-eMG^DHq2!d#Vuye(Po3t?|Gg}Kw)tkNO&(svg&8Gnll)D-p3(HSKcuL&
zm;xN%h8WQ|iyt09*-!A=A@)9Kd(V=!6XRzdgoEXwh}VaV%mNRNm;uG%CyMkmf?4vR
z*-z5%x^RzW`STHG@G@u_IQVG5Jz*>qrVd3o$E@7Xnlw`sd82b8fB?4DC^xOn)HlZ1
z&6;|U>r!6V{ebFbe0$@BlN5H(qjcQH6S+^a2R^MH)+V}F1lD^yvwkC*B&SBdSzD$<
zv3v#|*m=*fz(Su4X%j=nj8n4Q)xe&z&eei&`B%Em7$2v^a!781!<HqBh1Q7PTn7&w
zOY*G&6@Ys(ZLS}jbEfD4uCzuxOg4)$&2SaX);w!3<kfr~5;=X>img-C#!X%*VBb!y
zHks~O<~MM4_%25jdMu^EL&i3a>tE5|2dCZyD%~P*PXC4c9G95KdTjpC@J=<%oMepC
zTT?!j1*iUPIe{mcw$*FT$V?tjR4Ft{3l?e;oI>Wn7tXy63zM-nU=d!+-;5+r2j9Oq
zA1^A7jZ1X@P|=39-Cs`pH4GObb5d{ndnf2e;z2Hr<|Z)4Jyyid`0FL-LV*&8_@K6r
zasnbX_cRATm}!!0$4@Ed*vbgBr5T<RNfIgU>x(ETIPce{NWY^QPWnse5fFBA%m4Ku
zn)+d;e1q8<ngs@FPp1p$+>~R}L~e{_Dz6Zz{lW9*aY;*?3=IAztyh%-|2mK#SMc|q
z@Ot8>zKd=ZMgc^z_aib*<huHL(&ku(Yst4PRsOmXs92qVE%h+2NV?aS7`7DFY-=Rs
zL`c>p2qbbo%=MSu1&c(K`XM1Cwz@BYa^-t<G@!JfQW|Gj4@=5eZr567Y0NwmeqKe}
zdJkN6IeOUro2Y}QS~v`vN~iBO3G}T&Fyl?OD_k_7O;(VOjz&(5#-`~aA0aOxp)YH8
zElmYd=<#65>y_a;`r6woN>hhfQC9RY*tge8h)GnqrC6g~UB-=)%j23@&@43X=%6_2
z$|hD1+Ejjhi@=}=LDQqYJV<kMw^CZ5<tUlY1RQWK@D#Q6N<AirTN<ev8-r~!#{5kL
z1e_#Z1Lzc|d>5Ll+sw$Q%%hUs*4mcN{w(6FypAyZ8%fczUpxC%HI%M5!CNshu7k_`
zv0*_3q<y?jX<wx?w!ni%Y_0$vj1dEoDMf+Q3q&2eHqZ*v$;#K~fQ*V_Z4NNA>~eUc
zu8*x)D%oEV9B1*}Qc@>aT45VZwm}uv))_|^0s3IzC)w+j4Z?5|l?8mgU-p_9*if<b
z4+5UxgQE=u3Of5e^a(=8*F#7l4p#V1i$D|gbN5n(6}5$wVuziKbobo)yX)anG+O)9
zLvi&fEO1PZY%{u9%2tR|6#Ia(a->yY=Q7{K*mLW&AvsIq4Eu-Dkq*gh5eH$Yj=MH}
zr~<h7TbV5MA#(in?OnZKmA?ZE!Sbbs@EY6`x}2cfRgc?aLB;Zq_C@>+CF%58mkP@H
zaqopY#Q-!YsjV`z1?eXlZih#C7+XGbaMesX`+B*FreNn(;WbZ_)kk}`$s$m4t&jag
z68qq761zmSBs~b8RzdmK&^IApqBhzI?slNpT>wJR!UA>Yl}gx922lGZ@F_nd-6`dJ
zW3OjIIElgn{<|P>@h%TB6S0}UTS~gFJN5wi`kBJiClN<pf)5Rz6=iT^Y$+g4kXK4O
zxnqq~G(0^>^QMB~I{tYld^`gfc0@Z_s{365Fu8g<`R2KmS%@#i!4ym=5-%D3Ob<$a
z4NVy%2wM!jI}#|LsQI~YFkXAC(l&GccOfN;PL=1l%zE+p$Y=Gr6Nd&Rsa0mCAl=Ti
z8aFo`m?a&WdsjA6G%L>Zr+f?yT})##1z)7pN<?eWgI-^y$yja+VTK!$$5f(YaH}g$
zm#`$~jOFab$8XQE+4s|owNxs0et5=NC=o!(8;rxSnWTT*mCKhjFdM?L@Qj%$XV@tz
z9JJ38tY7EjF!EkVc`+r?5+|eBBr1kgKGqo0yj@ads4K2_;Bb^gvp*#g2R-35ic-~I
zKP}Mme*0B=((Sp>ytHl8eUncm0Gcu3nDRb-F#Oh)uKZ1oY#S*3jYAO-s-WyB0K%i{
zrcj$ATkZN@F1vF&9reA!l0x7%rBm`yZY(~*W%jMT@LX9DQ;XXl@R%S1Qd0VfBbc_2
zojx~R>f08zpnVo)w|~i5gMaksMIxC8&iv8Jwg@qGT&s-DBK{ST?SAXHlz6(u0_~sQ
zRoY=ilyl{>ZL?mUT|}wCPM=dSm7%X3=K_9?sxpMr2K1$`_gdzn_=~Jz0n@U-v;Sy6
zH7I$#_2*mP;MQSf<+aCZa03v!+|`v0fLmBd1?oA%FGzudWs-mk2+RuyvfyCP|6f0^
z`+p9>m6rYXS=0&=&VFEQKW5^dmeF|mve>-!Ljdo`Rj;g}+7S)c%eL6x2nKhwg%mZg
zY3_9C>LxqcU&h2{g8xRN8hUqZ$~2DM0sGfP7VF#MnK5@Wv<;cz_mR!%40oIy9l1;g
z*4PC^T4|>C!^=<e1x%h_s7}o3p>KR^=Ta8tPW}LWJ3NU0d`<~KXp~8W|DbaBo_Lz6
zS++7=T^?kZ`Ad=`1o`x{e0BN{MJRx(=cl-)^21T7+?}jg_ny}^aH~I4qyoR%8skM9
zrXd0nzgJksmk<4K;1qtN0#%IngV=Wiz{UINZEf^ro`{z!a5--Eak{!5=<afv4#cRV
zT$!!`Dwyo%)|s;X99C_;y-~g$)-ms2ho?EzRi8YRtV<06r+c`!>M8qO)xhHkqnZfU
z)@J-@C@BBfHZC5Yvwc=CMVqDHn`T~j+&j|pT||!Gh_XMoE}!&UUXKna>s(lxlcL#b
zxRfHlPXEWfW@<v+a+R=X3p*Lh)LYjBXQE;`mL_G6urT4?>*hjqfN<K1@8pS-Lp#L2
zVf6gL*gR38>$pAY=C||j-$1t`kV8Xm-s+*IUb(o^7gl%|_Nmhr{j(cD$&_Ho?1`!t
z%~Tg{F>;L(Hig43S*j=;juF$Xj$??yn;IH-Exy#j>0vy;h--zWQ+G!5p*kvoCFU~i
zH|`p1Y;~|%8boGlfPq^egk+u_mxdMuAL&<_<exM_(;yPnPq5^U9wl9180(x=+TG!F
z7+Fl$;!Td(vabzzX{oZ#R(Oc)%Nai=W!3gr3zv==p)d~SE+%WmCa)#!PZ~1OU{74;
z36(BWX$GOP+#RcSF`$U%9CqzN-QlBv+*?}h@F%INg#=uFZz`hc9o^Rkszu88;4s_N
zepIa?1X*(zzVHV-x!D{<|FP%+RqBOHyIaH+flEc5VQJGDb<es)C%DNG%-q<?T0I^I
zxDbJqKh8u3d&^p<<tvdxFv2*riu90}8!JCg__%24oG9P9aa-tsfKdQsI`Lr$v2fD#
zf)*xz!Z|Ies$MBuB_-ZTdZe``oJz0i(jVE>m$S>cv0AAzL&GbwDeLJiFmnL>z11ju
zCgnun|Ng+PYWGW4GzQ?EoJ3QSb6xdnJ=lWvE5_-z7ey~<BAuULWZ&>eD5AJB-Qq)k
zUZAza``oyNg4g}xmKJMM5E1OouboC9WOiH>Lk}t%TnT)y9s#^(gTgbs<KA$>;Jr!A
zWE<U-YAIwQJsl*g#Cjo-hAH@NK|a6THv6m-EytC&SRb0YxyW%5XPVVs(gQ9OTxWui
zl^Ma<$vSKbT>3-16x(YNGuX$;)rf8vHQU(Xwdsl(Hpg4;f{6bTKny*^Nu17nSQN9X
zHTub4R^pW1leQhWQ9WB0WG)!1Ql73Eah;@Bdm_j`5{!UWB~?IpWU@1#h5!@k${JbJ
zkzL!sC9O+dJb1$(!qf8@Vd^5>KiLDeo^fWdal~lI)m@rHh(VT-bpE&???kjA_ahKJ
zm_>Foxbt+EM+X`=RtMb7f*=|&POcfab5aWQde9=$PsnOaMU%{iSgV5!Px#%%qX@?%
zkkxQYcE2CH0J|$pNXH4rSgQkJj;G^zbm%5oD&Ur}2F~p0SLjv8!6ceGF^6xGGODb}
zZh5#9$YJDus4JN=k4E{0^>awvW(6b+wMxa~OM|Sp|5Rh&2tI-zc6;!jY#(@Uh-s=m
zk`+UjucJKbsVc>W^7a`d4IB5_f~>zb{l;7~9ITIaXLheJLEa8g0oe{SBVwt8JcO8{
zm`#($IB*FHaLbIp-E-u=UAwAb7}fH4M|j0Flh8I%6xBhGngvdXaSPQxsDuabzycyD
zh1rE6EPkjq>+mn>phE4`s$*pf<2_@1*>a!&P7uL;9O-9BGV0za%PGq)LK6>=Nfk5D
zCIt@)F>iREJjBoXKhP9$E!Ty=_j}eyv#xzr>rThec^jXt4yrgxk@}*oOyP3?r!!86
z&K?VC8kZbt%8_JSHH^2=0x9lA5M0CAsWN`V<Ucg=9$^q3U*d7y<kH((`Ed(Auyc+D
z$L{p!Bp{ycgpf9hcUphNGLr+GqQlq|OkgxIwAxby7SXDEys=0%vXl}!(Ef@5z~iTp
zU?Pj3yoYk^`p}<#sBJ-08X%t6ga7$xhq_$`v=AwieKnC-C%E80Je-x*`NjgS++u~5
z9kRN1D%fo={-9zoN`;xiQVOEHGtcSZdD#QaK?-^4t^?juF-4`T{rHkaF?B$L?0!AQ
znL(;!)+q^`#`>xZtkxBBC5x^DT|*M18^Qc1q_9S{a$t~k0M^0uT6EY_O4ygD;)%xB
z#YDOZ(gINI*wIFvoC|-Bc6?6~{BfkFOoqeFQ`G2$nL~&V2qe6)L7tR^*jEXi(`Q(m
z|51by2B#CZh-dx6wM!WiJ-8+hU2f(_<<F)7VMe*b8Zml78Ee2p#O&BwPi3dOQnbP@
zepS#ja|i@4XTY{KRN_?&TZSMD>rn7;Rudj-RT<n;&n{dwe)Vy^Xxj@0BpdwD$g3kM
ztpT7*<-`59TnxDYu*&6w4mzmOL1rYS>68a*t;40@^kCJ4pG+Ui4}`h-(u>%m%wWT#
zf&qPb?vkG24(@ASOIlahr6J$6+g0R4rcNPvB}mmHyWw;ON3O@!BY%VS@LwO&yXwQD
zKgIAz^IFnjYfYuBdd3zj7lA4B?|9=l6^=rdq~5Xfo7;tgdkQ|c=YqMYM{(DFIVKNO
zsl>9ey4OczM2v@nZ*_WT<pQ)o(19Cjm<IZ9>pM;4*Q|_w)-QvcQkTW=Vqv)yY50DG
zk~k!Q@pnS#akKiYM<pz}z{AX6o@bBB9&(Z*l4(Y1xDGB4?aC{G+ymRogT+7pgDW*I
zlW54P>BQvO-lXULZuvT2DxfFFJV2cmr!1YG!`)}Fz`H5_rq5s3(yj-5!0#P9vTnW#
zls1b8>6u>S&Vh6@o$hp&9S9)vj(2?V=2{?6v1f!+S6lg80lOS#*lp`NQdczUk%a7U
z8N~NojCJQND(Q|?0?n4-hJ@D=&%l}%%2#?LN++S0r88y~eJIJulM1~)v>#o1FM^kD
zS#zrWu)-7>?Nyv;dVtkeY1X5-y$Z9%;vU3)GIRAI*P<Cjx6ASi?>;c{DnTmX@$Jxk
zybPrh$iIABHb?v%@|HCRLz6uM@n9*1r!KSH#8AU>i(d`fK$&gQMmM1NULfJ3vexly
zFu??}Ced%XNIlc4E*TKiL<e|#!frp1!nlo4cqTy`r6hsviR9Q|mkOCctWjOKen(;V
z6Yy>&L=EgKqLkNlnZYj7xXMfeV_)Y%{c(x6tQT_30!fy&N9ZjoR#>7H_&il9s`MrS
zTnY74DFUyoAiweysV3r|V{3#7@wyEgbMFA5718aJN`6=dsqt?2$$g*xZekwlV_aR`
zU>?fj`!d7k@HFt$yDeYu-d=_6?4mSXNRDI!eXf6x;DXH&g&6Y{C^WF(=6Pel8z^S^
z2%K;6VRPl!l`L>&&7!Az=n|||M;hpp`xtOasSwS4gp-ZNr~!ojIcX78GdQ_LUBEkd
zv&!In#))*7Z*X1}rGo*o@Q^Ec%^f%i<ziqHx~UxNw4px8iL6n3pvZ?zpOV@DWDE$O
z93~xp_3^K<S8auT`+a@Y<D;3Df42*$Y)QnmqZ12kNP?2a!>X)_$73rfobta1gN2s@
za0)Dm;HnVNA@j{Fa1fX(?F@iOL-}v)uYC`zA*5fmjJkm18rI;Yz{v8~(qIw#qfeTF
zE2=DoRU0t>og?_h6U$%^=$=Nv7;Gm)_PR46{<|&7vFf-F#mvASLkB88c~H%v{m-LH
z;srV(MK$^8B*?NlP*I6Sa0l?e+$WI#K}1&>v7nhQp_ZD!jlU}Y$|B3iD}spod-KRE
zrjJU@Q-3fO4eZ6W8HqXD=txyl?7z0#v4X*mG|4SCeJWH(XzJogVa+_&sUrcxKKpvS
zc~=?hq5x)*)c1@mA)1wX*p8t|ntgJ^O9zF=>wFjMvQ5Yq*4MAe!e(V$bmU~yzS}HL
z{9M2rN5womcF7y(!hDoK&${|0N37UVrhwv}9E!b{^Jest@Zd1xP1GgJk@F9Pn<k!f
zlYFW7MY9PSpl4K>xcAJ%vkm*GUHwtb*l=%yeG0_HrC?}}xMI}Vlj{2v7yVOnO7Pwd
z+U2uJeot<X)}^Qi-+ppjL{aAV;)u^bQQXq*zn{RSc{qN$pCY3n2)J^7ycedYKcaf)
z7kGypq0&qH!1%~dj(@H1{~>MTEv5|oFYXTLQWS%7Q=ZienGd1V;+#OTlsLjWTXYm0
zeO^o7X(M;au0s+Y3el4Ad5<wGF?2633#GQfi%Iim%$;1dLs+|EPFSEv>K)a%c{{S4
zZqacvi?19PbJX0z_Q}p|kVN8Z2cz>B9?=wUz^_d0o`a9{oVLyo0H!W*D3OC<2}n}O
zo*<nEgdwA_LWy3~wBw<r8GySVEF9IRbCyy390I&{_l7$M7G6XX2IJ5(4W!*12Rlkp
ziko6<Nu0jd4ad4L^BYnsEw>=RmLD67SS^oozjS<!r+ZR(%@E6o?r*=i%=CM!8bkBQ
z4<7YK0nK)AFj+y)r8iYSZjgeOdomV<N8)X?owow8_wrl#UeZz!?iKM3^ZBhukoz*&
zZJ0R<8+-B(7Z5ri(EiZJ*eZ4hxXYC?H1_@z*J)*wP2f*KC#O1PF>unqe?0rYfA&IN
X0`LXhsc+ZC{sk$@s>#$#nT7r@@y`EQ

literal 0
HcmV?d00001

diff --git a/docs/images/protect-an-instance/name.png b/docs/images/protect-an-instance/name.png
new file mode 100644
index 0000000000000000000000000000000000000000..fd39dc954e9925f2f97b58ccdcfb4baf7d65e867
GIT binary patch
literal 14816
zcmbWd1yEeiwl6$51c%@fJU9%41rNbBxRb#K*WeZi5}e>OXdt+|yUXCgAwVFw6Cmh3
z{^xtAzISh(y7lUH)!wtad&zGv>D4_mk?+;yabHlr0002EiV8BC001f+06-4KM0p;8
z*XY_kcZlDsXv-oH2y{mT5D4_~@d0S`DJdyUPftHRJv}@;l$Dho9Ua}@Kb)VR|M~N$
zva&KMDQRP4qqw;E;SmuN6B7{;p{%Uj)zvjPIJmU56c7;L>+2gD8mg|YzPh?PH#e7+
zm4&N2@U3MpGc)t%=7x`tue!Rrt*vc#cJ}AbpA!=ksi~<@C{$WnIzK<ZarBtUY~<6Y
zPwDCDzkdDd?d^?kM11@9O-@cuSXlV#=E)!hfv(lx)YK#<Cbqr34YC{m`t|GH-d=EU
za8OWCTwGjzef{a5hm(_&?StFfyQk~xYe`ATgM)+h14IoR0fr(xJw2VAoN8-p`T6-B
zzaexJ5!#>U^z`&-JrF~47se3_&CSh)g@smDR=-aW%CQJnSJ#E#i1OaUg@uK&v9W`*
zyW!#Cp%sMiX9W32go%ksP&wlE_BJ4Aoz!s1(9n?C8!<32F#Z$aSAy6-Lx{Ofg27;I
zZSBbo1grz$RfMqpx<YF@oYaDdDEh^2HP$kNkd8py-Q7*D{3+@@Pz{)scAv7fwe4L%
ze1xvPa7J+WA-bo}K%Wqczpi(8caJU+iB-R2%eEm|2qoW{icv&CKVoNRC#wtbbLVf(
z;E_}Eig+l3*cH(VKdqlcgjFLfW0yj{Z@T9rI({HZh7jHvKV`kAf2?2G+uOV3A)s|T
z8eb7vO}jz48zL@~!cG%Wb%=LVgJuALP=un)TW#;<qn_aBkO2gJdn_R<LH_6Q|E+<q
zPfTS!xNx@q8i|2{CY5wQgBs}v4nDU8OKGBOraQ4SvpoRbB9HR3V;b&tf1BW<^{B8M
z@OBrQfZuMkciElBOfMiIM1ij|fP>@~G5_IqROrxgGTk-nG=+%7vMy7L=AK)?0uDYE
zWO}YT=9KrrzkLx15)mJ>(X;wv@e|4Kx;u2RvtpLtsc9%#dHIl11HidA17LaPcr)0c
z(C`g5`zpfV$DyoyPIT$u4b{9~Q5|j2QNn5`^1wG*g0Flijc(HiEztd7atq0lM$FZF
zV6?geb;YXlQ2Eo9V1~Uiz+wL$XrHGz<No(;e7^&J=&ckB0Tt6#aA*V{4^*5CBu-#)
zgfS-<v3@$p`Hk43Q7HKFbV$Vyg|qc=#8d2L9guhC6RLkA>0LZEXz)qgjtVLfKnP++
z{k4o>fmBASCoT&cCNU9E{WI&a%scc43};1S7^NW8kvSm-MrS$?z#aE%^;6_U=f4BX
zWJyiVqrC1TL%PrI$nx~OJm7!w*f~l~@bj&$VgmY18;^RRK0!*8_Xptbhs>mGJe%{O
zkF7S^S{h{LSJF|;GQ>77=ov)Z?uSyqcsqk+Kzpo&uiKb4dXp=lLT47~ypX-Aa`E~E
z&pZZQ4x|XMio6!R!=kjrNCqbNYyP`;#Cvgkt$&c<m+Nn9ztH^7C=wM(#|9SG{q7Fs
zk}y>Q+Gmof;v7VvDAs9^@qT$sJCOQqKw+V-1m@m9hhjBsSuqLb=SIobhs_9bYieLL
z;{B%HRy%A6e~&&v21Jp&V-s=bM|!}GlV%_eQP?Oy9K%`}5aUj`i}p`sF}(`?J$?L@
z+p?PlG1|4e`vpa=Tcx8Wd|5p$RIA_N#r`+4D@O%qycCSmiBWRDS}R;%F$gX=(YelD
zv~AD{GoQyT8apB+5bBOpl^G>*2GQ6oF#Uj3=G$>XWWY9Ma^>|Fr=3#0-yv*KIgvIY
zvX2+f^V0SOW=Nb!(B93UJ(5b~gRi)pzrPMb1ak8FD|hdHH~LQgzWmIKwRA#@+|SvX
zZy@%7suBNWb6)M==_uENFlW?uA*c`jaZi1hLU67IZLtW4#Sxa);zwU$NJYQQ`|pg5
z<M=_9KN31{>8M5AG`kl{_E54t4n^w-U8*lq5?`B#2jA6TdA#g<0|>bFHp|jGVh~XJ
zpkXrPfa_o~mr?l6ie|A0t$|xahJ&I8lRU*DbxBH6a+Gas4rIo&pP$7OWj;KsT#mv^
zFFtiu9#hlhfGnDiVIDroXoj2<5TceB*d=cbTZOtf^c%R6_LVBguFGxA#6o2Se^Dgd
z{T({_5Wi&I83)4%qjXzv!788Ay1Ad|fEuvK$XMIA$Y2K-h>Z)1HE|~ynOwTTNe3)X
z-luR3`^h#)aT%h#k}1_6Pp94U)g4^?aD~*Sj^D4cVj3`yL-&<Rz+Q7O)+#${N)9|#
z0i6pDO(v{<I0PCc#lf^5ek3h$`UuQ84RN9t-c|T&lOp-GARQ9O*2+^Ys<A;DSRB%r
zKBSHbTw!s-qF_O`$!c1&C?s`!gV_yzxC=n4ta4L}?#x-{?xa^!w^xz)xv_C?h0F_e
zXZp$!zVK8L$meA8cP-YK&c=Rp5NxoD5}8TsS=6RajF1Rr_WA*m5&J+n8nr?VKnwjS
zHrWtIE3Rt}5e_cGV2Aw91YX|*v7_){yhC>9?Z=L?v&q2Apd}r+Io0r<9Gsoww)<D)
zcbEtSg(jb#CRP=&w(<Q+2QK#QwiLiy?0~<*Fg7Sd!{s`Hl;{Tc?T&I|Q)&6$!PbGM
zWrA<$n;?Vl{^mJG^t?bQqgQnAHc;PN!o!0!VwYepPJ=2H`5%7ETgY{E_m6;mBq8sN
zBTDu7V{Nh8%Y-B)Dt@O~G$z|7wu?cIM`e+ejmh_eOP`Grcn*+~LPJ^+;U<=9h0gD8
z{mkM5)uYfAudVRer?4;Gwm=otx{`j`+{~pKh-=@O?dew87|x>Gc8V?*3YveX26c%w
z4|{<yQr1*n*`%807h$xfrvR_piXf~sV1Gk=zYsM$uTGHi$Q^282JjG|ta;b{6b<E4
zNDrU^ajh(NADO~Mg4Bh4788d>mwST4F^j3|DE=I_T(=m{Um*oiY^-$&YE3>Ttu%xE
zwKx1{5bd<lx$V{OB6q#0RAO0Kb_j5)nWPRMEIo>jc{%`}5g?Z&2W724bwC3EuWmdC
z#>>62Kho9Jv_-%O``}}9Z9aD4)3P^#@IU{={H9wWJoK2LK;iPr%94R<P4}EYy~rG^
z|Ji9Qx1b^o*NYU}wP=dSU;Z=GjKIq@<*PHf^ME!V8qk}8DP~(*?kZ<xs+Zs22qJ?$
z2|<QPS~}e71MsR$e!rIe^e{7JeC@21)3))&OR{vHS8)dF0FD;4>F-JJX~y%_vQckH
z$Pcxr{v6PCH+%O2&SLxv2-jkl*w@`JkLAq;xw2gf_-b`PdKPkb(H(4+Ml+}zDLZeK
z(twvpewkI3cQ28zd9mb?osC+Gt^1N^<=D*S@!iFrLuA1TDRf_Ph5~s}?xJsbEyj8i
z+2~5cD?Ld6e(MT}JXK3Wl%z~Ip!aRZCXuYkhQRrdA5#8&7PLg7{L!JMrYXLklP_4d
z&-H<>OaG&5ddqnrO`R?d4sjP5-k;RG`M0)0?#N(`IGC?Y`-^o+vHL5nffynMhKnD0
zf&^Z7OMH>RSSjeG@X<67@Y+wvn)9&P-Exmgwiv3x^37ZA4T)vs!SzI*Fvc(OFb0Ub
z5Tq4<-vR@$W5Sw^^8?=Qu@GZQtmG>$i}_7I9SN#u0rC0TT2W>MXh|M|FVZy?UP#S7
zmyRya6^8-RvVCas+G{}F@q1d3TOteKqp$$`4QTAw=tPpJq9X+;YTkspKx_9f1Elsv
z5X_T@p+0U?u`QPL>(Ga%Gj7SCUQ&HJQ{SB#8I?qHQB441>7OsGF2@H^`XeoGTH-8R
z+d->?F;jP81&DbZ{AA;n^V>S5Atn{!H1#efwLtH}sKNTfg~ZTg%ov)+@t_!}Yj<ka
zj!V)nS2BfRjt3!;ZGxL`{aajRuybr9emdR`wFjzHRLMKI_({`}As~&*9@#&V$l|EW
z4uuXkahlZsRR4KO-;wNH)NMQP`EkjicCj$TbJ*+3>_6>_{_EI%h`2Dpzcz3epBzzj
z{@<I~dSKuTdLJN8a^#|t4s4MBE1oZj3rV!D-^`OwhKh{nSC8u^uc`taZ94(apOb;D
zxO=Jx(9PLJUdVWGBy+mIWZEuUg?QjQ8?^t6{Unc})s;42qd}CPrFc&)V(YIVfDSk9
z7369gwnky$pLOaEK?BU34ZuZ`cU`DuHB8C{I&3qbNYD#I^TtxIW#Y1$9O{M$iXiQ*
z4+gp6EEH9TlhmLTLV5@wb#uGr-In<d0SK_45o<u7GigmbpE)t_4Y9)*y1~#am*cpg
zYicun+FzO*+nu}$@9aqEc!CH*!VDYk1bF~o4dJb=3j@mw4LgB-JY<c;7T2r6H@0AH
zv5_S?A%6CnSN!80c@b3>0V0qtwWB$+5>`O<HZ&zBz29Ld#v`3?1}_%0HyLk`O#Ye;
z8^9?5vEGS?I#LkF-2aX)rEF-?qTIv8p26vx9+8rNd<EoKPV!ollGi5$=$pfTC^j@3
zxnuMNj;%aaDo+t5OxJRs^g4s^0T7Fw*vg*{Q7_}%TP{%nspNGVUs%1SY$FV@JSz6`
zK<6?Ix^+tznb0}+pN%qBjYp42;7H&~GND&B%Y0!ah6s=QwUxOVTw>qdti4_jsr$lw
zN3AX7`dty;S`Nm&<iXEXXv@7Ghpxc_7gCUw#Q015gN^9urSmEMtmDIs7GN8nmJ=Gl
zQ~|#IR~0;%c+n0GgN&vCx|JhgJ4X)=#w8ozU}wnE95Cw(GQf7g;a&M@^pJ{`;De0h
z9`{)Wg>xE`%S^OE`F+EhQ(~CK&Yz<UYi`IBA{&Anlwt~(IHX<SvL}r;n7j#~VNbGw
zOB~G1gUI5$tOXrL6@YPDjQ}Z1AO}^$4Ts)37HNzDy}M+J&(g@&NT<dJugjJ$iyaS-
zeO<8*n_=ZTfM&Eookiy6u{kh_@jLoT0X9vrcoUJtQ~VCDU*)W7j0h1xff-V}Dg9C=
zT4LNG3mW;BX})d9g5?wgl9x;fP<Ra?T595SvRC&O`0mhUjn>yt7~_-Xj2?_dRR^ro
z^>mo{T-SsQU>m*4)AFG_tzWkvUoF@eVRVZv{xFI4?+oZ#3bA-TVqpTnPC4>#75Nu>
z8*u+U_n$sDv^>YrU5-|J)G6P-96C??fa0Lx5UE)f#8MkH$80OmieXz?0VKrN$D{qx
zpZ~mdGxsgIF%`RB?8^NF8S6Chgpj94VleIBQ=iMq6L&3{gcD-%AQtX<=KOzt<iQg4
z`J-(%vk<rqlMnYVmrC%Z>VC8zLc^qgLTOXr{QCV(_00Do!ER}gp=`BYzUbR>wRd9@
z;e2RK{~{?<FjnV*sP@k*c%d}PwCY9B%uE3s)XiB!!C?eg2p2oxr3hG$*tF{FNyv38
z*=O-2C>H%9P}5H<nqn=;<F#>359XoQV-y#FLsAER@Jc@=l%Q@?NRw<f+JMj@hyPH)
zpJmRmSW@}$vp_aGWcT|OCOt&@=a)Q@255)O5m`xPf<C<tX}R9FVS}Jts>EmM40`W7
zpoVZ(6i=xrLri_1rR(lat)nv*nQDR8Kw{}?ByHI04|7jTzm*FP&5TBQ2P6JpSp*6F
zDww%z$BrQ#Fhe-E<K(_6ori2xccVlkjDUeqzC6H4I$tadx{rVOfLw6$wY7%7N&Fvi
zi`oPR1?my*fhrsjccexY#!CrJ$9Or3kgTL<iDuKN_V2IP5t)zkGq)Q{cPHv~L?>E>
z>fjarnV?cdMyqPlfr-+iKS1nZQ?8$@9zve@wyb(qqL#v9KUpPLv(gsucN7IAGdt1S
zO7X^%2!1JY(G$(HHaV~KkG79tGwELXGOre?jDhhj#$OOFeM|8BcsMM7SvwH`i$x+@
z+tkJ_H+QdDdB<QpqG^X@ajk%Pp4<*dsGMm)h6!@KcPDj&Jo7uO@GfWj%&tgp`yO3?
z%wg$=2O#lWmE46wJ37BOohh5M^dH@!dn(EVREto|Bk#r4D>bXbDtkKLA6aLX3x6~l
z7hANjl7_F6P4O3v&O<w1n7z0o0?|X}OWg!^(5}COe%70{YIAH#SQ%n)XqIPd?=@+Z
zl7VxMfge9eNrsk~MJ|QMyLO;G+ZuGhuPyX8necp4L1zrCa?h+k;yUVtdjy-FM{gjw
z1)KI|8CdLe2K7n|x|do2MZ;6plc89^47_^m>}PALE)O20{USHcPjSgk_s4lJw@z_5
zIm^P})xYy=?`M(#<OEy)N0I+iB?LYp65%mgF*dImq+c*tf&Fw4+z^t>fJL7@^@gFt
zr-I8Xe-VrDvd#XZOxPfrCdC3<TV>#~y1?UKE4GRB&S1+CO3)2j`$>V;_?x`trc(u-
z7)fkjuDAuq8jMEPdw3{R_BOjy=vT$>cM0+l4eJDBj%+C|S+#zZIa{;R+cbnJjvu-!
z{{@Ib^@`2&cl>~Z5Dnj};alr}O!t0T`0kU}!(NOrfD~f8ZDNS^41lJZxdMOu&)1_`
zPqYP&Mf06bKvj~8z}&ZV;NfTSrcADx=L7(Tphx_D-S4y#k?fYNUzdfOOhuRKnqA9L
zBGgEW_}k5xC#`-w7U+hsjfUML-$ghk{6eaUda4|zlV>|+2-Nt;+e^VMWELcx%8^{v
z-=v~A%_(--+V~hcw5$SC!YfmfsMbRqjsEe%faO8*OP%KvAkyOJE3t-~e~?cI>L(E4
zR$nZR+{@>;V2lZ?F9~$tjXG}Dv|?0Lo+J+&{=+GHxnO}J4l$8=5GxVvIUuT&JX(AE
z&kBcembRcx7X6K|o?%g@QOQWfPH_o^yj+m!7t&ZT3NwAl`P5ga>Df=^c=2n{9}B^K
zcx}5`s+w=G>QmSE&c3$4lOp#!T-~E=a$lAQ(Y_ymW-hLE?hO)%xOF@oB}FcaHXS1T
zVH9sg2^O;9ydRyvO(>1i9>@~<$R_sQ=V5|^bUqGWzSc0goD>IJg@pPg5XI>vD#WeJ
zxUXsLTK~$D_7L~&Ze=!tKFVj<5}jB=bqq?B%eM(2fHKGsAEPKQ<YKJ+FD({H0+E`I
zCzsCjdEt#rom)(vO#S}YcpV>nm1@zlph@j>JJQB&`!J>%dbN2wyZx0y((i+q59Qj5
zO3}$KrL}GGy7$H-9gDHHKTc{iYr<iEC`LdXM?#2D`;=ZNMR(NFmaN3cmsEfFi-n>S
z9nUSW$n4yLU(IjV<>Nm(R$1j{J3pnE3l9uK4I;@77~ue2xP;M2SR`4wyTUR7+om=%
zOw07%%sVzFEk-pyytSVea)O(0V4LX9odbV<nMh5i+AMOFzqB98b%_2&era^;qQqzw
z*W7V|EM9Ad54u60_bZQ46t2mE36yuzKdTrEvKU@KR@Dtmd{4}_scUr;mJ*91&TJpo
z-uVWH!@L*X5zNj(LPR;=1S9sJLZu^gTH62CX7fQZ16!-NVsuly-_;Z&s)f$xVo4ui
z@y|O4Q2faK>@mR^&x@k)*)u-HSjo3<IkmZYk(r)Hv$w+ToRTgJSM+1o{v&VTzZfts
zo>FmCFVO)A87LA{w;)G+P4w-DXpYF9*oPa{{7{P&lW^-}jcw-1(t)sN1p+NV-FrA6
z9KAe~0S+JnGcb&iev}1HbUU+Mbg*jnHjJKRTBBM;8K1@c^e~3D2=U^12hz*664wcQ
z7bbPo&G<x<VJ1ii(9iZN7k@n)HaQw89D9NB@`BqSKlEdY$xkR|q?ntfLd~;3x^2>Z
zXl?haYVP5N{98@5PpnD0-PfOjNL*N+0t+IW!xqiQC-;V6<H*k;P*p3+`!iRrQrM03
z)w65LZ_C%5_H+Kc@tiGx^*cGuido1@JU|9eEhc+@MxRxydA0q?Y!#u+UZg%D!l~8U
zF?s@JB-yIevUGg=jQTA2-P7KH>z2cCl*%=?{n|V6$a(7unOt;xT;w3DH<rhi)AaK~
zuHh^=vP#XmO9hY3Kd3OM54>H?cIJa{O!j}^)OiXh4Zf~et?tXsByX5w(JMOrKnURM
zndnXS0T&Q(#RzKi^b5%EvbR-Hi$u_bQ%&dnlU=0M`)*H+-E9s+7dCcvA*T>z&I~<k
zE9=cKgBc44R&TR$pR)gIH~XcSq`qroa{OrH=lTrSWx;aajI&o|1l0k^HXDP}ivwP|
z*7uVYG#a#>8fR3lQp^waOIf3_?-*}Rt8BlD|3?**bXA&i5+>+4f8wLl3cr0o1TTty
zZGi3pt$}#0@o_rsdCUXt$Ul~)!Z3g6J;n>Bcs8te>=)J?b~m*5mfu$_%=pqCc8Q<U
zt9CeyqUDqSe*OYWh4x+zk>!wO;XfMjbxpsr4UHBkKZC4Jwe$GmyuL6o(0`1AB_!{I
zcZ=U<sd4z6Y>AL9iP>ezm4Mwhx?DX7L0)iyGJ2J^vegYwmFbTe%Uzw$0>iMTmhZc$
zfND$8a!V`#9oDkP?=SKoB_xhl&pkqxa$_HUk2UK8Ll!`g%p%0mO=0w|NW@+q74Q{j
zOXAA~hCD27$tmI896u6(Nrr8MeEc0UKq2NH&j`)ynTF0twsEhD5FnN3uP$!&?y^oE
z08qR<vdEp#%IXCt0RV|5ZkZy>BUx6S>SyoK|I^O%Ka8Dy>A2U^ppNPV1a`7N29RP0
z1R-IoCP}d~&ymkW7#0&usl9wlFu*|6(?H>{L+F*1A&_A*<hq*0y!04|<8U3fyGlPG
z?>7F5;eWTh_RWzh)i%E=q5G5iot$uK8Ro4xJKDY1rjFY$2vdfpJ|HV|K$|(NFe7ty
zPnfEIb^N+Kiz((rPr;+M2NB$jfGytaX*XL(D49WesU|}!(__V<tD-W@)wpKz(#}y1
zp+@w1pQ+xQQArE&`wKJD=SfrfsC^4{(hS}Ljz_$3JQNnq^*W~hVx2C7CWuXlxkfKF
z?2Hug!XDha`)0=^89zzShJZu|O>p7q^hdP@Ap?89*--R$sxGsK8!qARZ1$4WhffSu
zeSSz0QTstPtM&Z@EpsAU=4?5K?oLs|rR&aOx-gB$r<|y7Ks;#~v~BJz*ea@aeHt3+
zdY~ygC7q;q#c!F5l~O-pj|B87zj8h;jPwg@cqa3y$ZPgILe3W4ugM}PyS`2jy)qLD
zw4~JTM3gitzY}<8Q{qEm+4q9j?TazR5q68KG>{n--<ER~P((%WJA%WJJ`r-|JdqL!
zB1r2+F7NEe^~SfV5ydXX&TpC};W*u2cl)ixim+DgZlu2L@%nXJhb@8k&&868z16C>
zX`}+FA`yb{{$9n1VjF+dSGXY2b5m%=u>w)0W0g$4^XYc|3HQu6&sMcx<qz5DIIW@p
ze>LvyT5(Q?dsYSv(c!SAsRM82%V>I7VMl7{RYlR>U20`a$*`&LZdPk3%<cfmYGv}a
zu%*TM#RfJZi7IYVd^qgd6zTy?><2xcas}^10dYTLzCv|>XWWrT-j)%OE%V>5l)vh8
zKsnao6JIknbd`084$I}R2wZl!5{J*gmeqaf*7-B;3$e(aU2F5==DXQ-=3j4U*rn&0
zRicC1jqVR9Y-&ij3W^bXaD)a`=vXl7J-S-`(0k+)e>uNa9vo|2%$+XMHxs!ad@#yi
zvdkzXa$;}m84K{+m9v=qfpS~8v?|mBeesN!tZZl=E<p<+=TNMlB_O6U75g!b&?&Uu
znXhm&n?J}){qd^C>$iDq%~R2Ly;@QmNDA%p75_ov=BC*3^gohrDq$5<Bn<57;xYf9
zq&T7qTy<x)#1A^b75P8$>Humw=5~=;#+d|z7IB~+k=rwWkCN3M`+|g`Iu5BDMWRmH
zVSx@IIL=X6L=*&n%eevuOSIeK#3J)1O&}Qi*=9B$&b3ULYK)VJl~YrB(xzk??WyY{
zV^m)_!A&eM4e_O0NH&wxhM1H;&8HhkV%PBl4MpI2ZwT%*t{_mZpicDAL>L2+&w!#G
zd6a&!Wy-8FUyDc^sW*vZ0fw8ZPr9Nu1m7PisNXrvK#~l?C%Q#7N!dvQ8Kj1_Bu1m$
zxef&%y^owNNz*w25~=PVxe-L@=6v_5D9O(F03b-2L`j1zMoN-GA_tw00Y8t989^Aw
zBVqJppwQZ0{wHH2%DvL^T9gm<sdykN`)S{2=l<an;u)u7fAy-zx&l@Z``xQgrOdf)
zubl=$KkpWMQN6q&P?;f_RsEFf7ND3FIZ=s{szk&n{?$Hxd^{QwIl7B_sMX79M2>xe
z3F4X>plLV8sspBm8(T2cCaV99Fm<`h<&$dSjtrTo#1vM5d;F2=d<NSDB1}o_oPHqg
zb;zVe(;+(zTS~iZp|8o3P|Rd#CxT3_hbS0mbtEk3uB#qEgt>vu+APc>>AoMcOa>{v
zJz{$xEmO}9_jUSdqo%DU;2^;aSL+^2DmGj3;enUpNiPt<xLj0tUaVC7m^5P{+1Q{Q
z6-dfcLHQWqZg8^$eIgI}h0<wXE*M=f!ClgXBpft5h0^jIiT<br8d$O503~RNKv38h
zr^~fj_%ZEXHknjgLE4`#tV=UeQDhe}fYHc4-M9s@@OH1t5};LTLA6d<cT1dCh$`>d
zi*+rxE^>K9cik3s>Xpc~Wa+DTppy7BfZYkrI;6D`1>UEZB8auS;KZ-jgX~I#%Up$D
z&eVtoY2i&O5^e(v2705u@7SD|eMw+qU%I<vQ5QM7$H>DE8<f21n#va_9}S3^ujZy`
zC><jy6>wm^{o3kx<!l3pHJ)8v_0Pr9pjbncwxpqT8nh>0>wI(~cVe2B|5BCCc(<^M
zAlfKm;|)l>u(Rm;nBo@S9n6Eoa<_n^@>l5zyAKcGjJGlO6@&HFj#NbPHwZoQt)w>o
ztoW3H`ZhgMFN{FL%#p_WH3ECiI}ziU+L}W~8_YO~^^^n}A1diS_l~5{=!vENi<?VD
zDM1aP(Aac*x0o=M!9Ybn35-+%KbMn_9{0F)H5f^LUy5J;tKjr;;0FR1_3=bVPAKwf
z$?ufGwrIp&1vvD;AEQ~Qy6t-YrZ?(;QUXK;KVxD7SX;TfC}h7zTCR+thxZd;Vv#Ut
zv*u3sq~DbO9hp>Y8mQT@ipglAuC2?~T21@D;mPTjsiyINTZ;c%b?)9xxsn8II~50x
zQ`6ohYf^2P?*=~qMzaNoL;Ovh`(bxnU3q9{qz}6133HVFsGnaOCw&D@dxxL#zWRtR
zY$p1r--zo_C;Eq-Y^KRV=`0H>i?DSJrcHW@pPl_fui38<OYwQRjFDTcBFQp>QF&+y
z9vixY{z%!;no5tKO1tCwGXdy{-ssvgadg7><It@3PY9)C&4Um7$X|$7`fL=B$X7Gp
zoM;<eWB|*0>@}21J~3~-H8RH_f5kNag-X#Do~#-Fj>?Yc5L_PVy4zQy;&M=-0Y6fB
z$6_TUbOExMUv5rKc!21#I6jx_*xk4oW1drf>SsA6sX<k)veL#Y4L%#uZvt^X(<v$k
zaE0zXHO4M24wtrA>f!8G<1|mFkgw6X(Bpho2=pdG#ehjutZwRMlzHNw<*7z;L1Cmf
zBJ?Ld?=qS3Kku1pQhlV~AeoS1D<~{R$$`6)ERzwW?GrrMue1n5ZuuggxC9|Z%%T@K
z3g(T{>@gh8k#lLU(%-Xw#iTU%f1z+o0+c{;7B??AX4qGJXWpi&Ii1H^@Z+VGz9QLU
z+KaO{k2@42tPt487)=UvK}a-BcSo~pOEqu>8GT?u08>yl^~<|gc72;8GH|88S%EfP
z@Ev~}Q&K<f<|09eRnr1?a2(aOpF}mcTp4PQRW5OFbj-8(zWLd?Cn}qx9;?=$Iy3{E
zZ<2*%eqL7t%aA+Dhizpj>x{m!GOUOfb4fHq=25w;WChbVtP>x6JP6+)vkO9g)+#h%
ziM5a|U4iN3CQS`oH%tBz%1)52IAKMnCbgkJvllnufct<8q|A<8V)o_&x)tz49QWRs
z*Bc9`6M^o9dyuAxMt0q-%`KIxoh+_<22-NQWnG$7AA`PYc&2C`n7tvZ%twB$n7s3w
z#v4`xHR&#3(sh7mcVjD37Xhgr9}L2i*no9)Vkn-L`6!N5b>Zad!KshlwG28gmqdOT
zdwqFICAPk2n)93N`$JR)!HqHIJAdC3h<@$o#L#9w$68cHKO^dnewNX(g0eF(OnaPj
zgCQUXG<s=)Buu>Zj<PQ0yv2aDAlX+RX`(>I<@HQZ+-moXKK!7&EK;@Zru#EfTq2YU
z<Rr`m35$esg)%_~9O7I>^O803+dl7zXGR0*;H~dpMK76S-V=L4W<os_shNPHXyM9{
zVFd+qAEK5drW{^T2R@{Tf<&8qvZ6GV#E+K0Sol?WWM-zy2DU;--`*PH6y@}D5=*}w
z9FH@=U5+E~paA+|oisk1TZPcSi>ggYZQ-?fBYICQ`BHkU0a8Y3-dZ{^G*HgGMVG_b
zLh!)=E*QiCyx5F^9s|mVj2s#aTc=gn1awHgXI?XO7pwF;Ad&OS)Y3S>-K@UV*J`pT
zSX^Uel=`f9-XlNEKI`5s^z%41<z<BM0Zt`4-SN;VK?OgwCxKCk&8VxZGVn}H3zw~n
z{y~-03?`-18K@#*^P8V`Z7!P;K#b6=q!M5fm5Zp+0Mbc0wBzdAQYGn_A|yrAE<FZg
zH4b?`DH5t!Df8<WCKU*FYEge!CJ1@{ia=A@e2w6{q&VaQGSTZS17MO<Py@3Po4^|N
z-<3ogz_Yn2#?rV$Ia<!U0CvXXyE0CW@O~eyzO%+g<_52m7Wcv-mDYe)?UNHn(2<=M
z?B;}%vG+=kxeu3XvOe9`Mznn;r{g)J&26CDlD3nDn1^)Zo3Y9#t8mQ&p0dwfujLx^
z<CWP9Xsi4IZ`%xyLkVajpPi$b!jkIs4CBhiYC(znuh1z~-VdScldtFia`Yg&tjOL`
zXx{BE=)Lw-{s@gfF@9MGW;Ee{TYLXYmr`wqtG9l#v*m~-4$Z7N|3mHgoQ(c+#Y~Vg
zW@O?vC!w#DmM*VV^^B|?4c8mSwuJ3wxft{P*zOl^7M(T7R8LR1BS#dmYJG@Uacnw$
zjbG)C7X|?-+xoQbCw`lEm~QGeDsbk-7-rf3;5qMm7YMn5MarW0t#2Wb{fVRo+mb$6
zAK^&YOuexTCMw9^w15$F-01(Ci%BT*gXiEgml_%1WElL{-W{<0sTkhceO7YtP^4j4
zMb*UxYQss>94W7DbiZP9PRZ+`h9l)EM&7%Gxjjx^*TtNj*xl$P_nbYxMA8l{hMy3K
z{8_IK@~4C;QZ}Ty^KpDHE_>}$_7Zmoj7OlVwEBf3`S4SH4jMRzz>3#jv;_^h{F%$i
z<?T8TXryUWCD9OKo8C_nXe3$IJuwVF6RN3RL?wSzfweS)_>?tKg!W$#9}%*W!zi9u
zh+me(u>czdaL9!G<YQBv=nJ)uxb*P-zNnGU9j-|K_SHC1_xatxcTU<TFji}@o^(av
zOXia|SRv|?AsXeqbkqC$NJ3ry=fM?oyKl!US?kfjMJng5fLi;7Pb`HxIY>fRzON}e
zSG|cQqT*c*$gI{g#FpLrvwwW=)4TEwVPuzSdWFz(IMEHfHK!ee-`e!mHhE?GcHFVK
zYgOHUQHstlk)Nj}c4nsHOtMmz<;9@R`0?aTFK;a@@^e=|*LYX?LZ6ezw}KjId)Kl<
zY$wxj$7D(!&FUj#I%rYc^EJ*th+UlKw6#3f1v{v~1f1yskj+Qlc`<zLLKh(hVt=>U
zv@eA}&W*>pyF`G|YqHHp7RCF?Tv>+mFL#r9!|#BdFWch40Gax^GmkqBT$8-nk4Emj
z0#VZ&C>oCR+4yB-31iY~V3<b2O7(BSh$$f%xPn%Exp;U}B5vwPYwBPRwTr_HOE)oF
zt(4ITBS*}_ZKD2L_wu*NtvT;xjEPLl33wnf$zlvVTfiS+g(326Rijr8e?Kl$saM2&
z!qs0!+oABT_WYh2-<b?MjFq1qLqo^ldPCdmYOQxj50y*Wy7S7?;0QY89-N)vnu_jx
zZPwCxP~ScqX_u_T@khB}nqF8qS;L;&<&yFkWJKB)|IysDfb=~_$_u-{t5#*8Q(sIa
zr6`H;$<sB7sRBm7<R!C&xt(s7?6Wiq^nvAizDwuosO8Yjr#1FFVy6(y0In1<6{P|;
z+XKP|Wtc4`XQBXCY=};fjV8@PeleZ<wnVKo8wmao&*3A0G%r(f|Ar?vcu12?UDJR;
ziJCA?Ba{-S1X>dBl9N(@xw*3!q6|oN3a+sZ!4P%p?Iz^I_Iju&m6n+Y12x^w-bb=v
zSm<s_jn7d&(La&CO_A_6`t{aJlvPxUM?Qg^+dF4};l}#`FQEE-F8<a(!d}N5{fTM-
z{(YgV54*iMf6lcR^Z=o<V%?2Jo~UldW#B*0hLxL)s_^UQa2io!e0+vY_LNGNo^wq|
zq69nN_xS7C8aV0)`8U{bN*p$CjKYJh9Wn-iTPjU4Kq_RD*Z|CAscWXl@b0xGZzRj>
ze3Y=DV*{O{U38m-UliCzjCG{wKANkHti=I?SVHAKcK3F(FGz7kHoSi=A*pxd00+5u
z4j$KNUi%}>_ZS7aCD$+y(12~Fi7i>|$@mg*=UK*5Sw@enf{OkoX3~S6Y=58&+TO!V
zA^sFr&msM}AzjCpW`oa7?ewofBR_VI4M2dtj-Bm}d^BLy#_cYj{H#bA-?(H}q{g_8
z64v5M!Q8F+T7}s1S|-ZK+isHHRrObf2BEBg&SffP4uRfzsI#_Cc~Gs$<=tOAE>)Y)
zaLZ$9mfD_W%cU6^m<CH}?ProK#yYBN!70U+$v=EsW32CR!!KQ>pOoAQ$CIf(ZR`dW
z7zrnG96LwjcYGS-oD4zBPKcdr9s7fnYLN7jQ=OgFQ4EDlRhF=tpATC@Z1iLKH5=1#
z%$HhZ^{i+JYJYMQ{wLpaarVtSmsA9$y0@wo+no}G_Jr-T^KA5#C2V9lOvN&!VWhTT
zgs-f3y;M?fB9Vf}Imm7~urQ6{gB*n&Z{{T9#vDGK@2~0jqH!e7acPyxy%1Y$7)k%O
zhZt`iDy+dp`mhduv|$rW(A1S|z(y<KagxxT3zZ8(7SB`g{JUB6+W6J$_RmPb8zsot
zB7PMTr)se&Bz?KyS+&Q%RM&}%5n2&COe7j;4Rd-(&W;^@Ebeg;#20p}k~p)El3acc
z<dG|aKOAd@4N0t^u`ga;wkEMGk$hAr$A&U(f(!m2qd}`}WbJ44T$_VS0!CtQoHd9A
z^018q9)u*+yvc0d%gBv5M07srXoLqcgH-?Jht};nOSu~;fzJD)dOqca$@MfCjzD}m
z#YE9&UjqZ_+0m@uy9S&3?a$S^Y0kd6*9~xAR#EqF(7*PDXzd9yqYfl#=XhdSuj}~k
z@(Vt*q&%jDw9Rju1!kVLL~XnnonB+et_J>};m4fwx{l_7t7R{+3~m{02t#Y!sp8xw
zWCM}d@jjrdV_pos)-F51D$vthMJBZ+g$n%DVBy%$Fkl2*YrHwnFp%ih%7aH?emuW)
zT&l8coW}d05vkDkvaVcHkzU_%BTJ>37;({bl>%Sx<~pxqtai_}vgE(Au_NOn#3dbx
z<Xf?^D!jW-9@zMe4YLYltNZcz90F8Daq)1V5-lO0R_@L{bknQ3=PUWjyYS){PyJrV
z-3;T%v(h%R7*%~tu;2ck^Nd7Ra_>T^MBaO>mCHeBTqu^%eDhNbaI5S4^w8EjnqI96
zWP!iD#l9~tCygp1mgomh;9s)CmI5{c?RML;G4xyClUW6b*Lt!MFM%Cv9ZE3ghmVMo
zfK^ceGGSPJ%1i2Obz*1mb@PNbk%{v8aLeaN;5N8gGIyF&|04<(Z@^yr`sI2S8HCLD
z(XFt<DiLn;x%yE$O!*Uxv#$M%j-ztyF4{qU0)>t?MeH@srW{Y*8y78)%*j4^u8r%p
z#&s4<5%*Cv<fA-2R2yP-VZR~=fg=rcTFJIw$ok09Z@~M~_uZWvHU|mMtMD+o{XfOA
zS`K3LN=k<VRLN@qVY_FulB4bA$e<+o6ciIdB)@I-G8etCrGDd8${C(}WF~zOuP|PP
zaYPLdz#9dpH1Y<ngx!4;6fN4U$oIVojUW^NL92ilV}S_)V{H3Yko64|Wstu%YV}$0
z1`O5Y47*TjiXiC|37`jAf8BzF#83?Nj~A+b>lBB7^~?`O`?SR8m5k}oa<E4P#%AHu
zs0%SRtA)>8YmJs~%j<Or$m}pFQ77;v{R3)|mc`w&p!22U_uTOv@B04Fytx=)VMnIX
z7*8RI>T==355qBqNdPI~K>7}NW)ub;G)C<@VH<?~?a}sce@mit_wPk|r|oSmM|3*>
z#uWI=mNlceSKp?>49fr@Rq^FVAC7-}aiko5HR=Dy5>tt%7Xb9shfp)eVZuh<his~!
zi{x}N@$lYGrv}D?#zp>ouz|~m$=vM7Uk>sxG=9iw`?x1|@jX^G2a3|hBb_C!ruSU$
zTecY9j8j!0e@tZ3{cG|FKi47C_!S}XL(Ck)>(6sqrjzzk)%#Bf#jkW6^pH(u<G*Rn
zaiB@S%^!=A<6t5R9Q3|4l`+5rK<aQv0>2>(7yOjc*mH*O=VgNe!0ZPQV9@u}phQvd
zI`lo!vPg9`Q|0B6{60OpDm|2te^J&kz~J-)*({mz{t>v4`d>EB%}2}hc*sD4uuT|;
zODf49^oVi&m--60^brHWj3%?8N9gJ#P5A=)4@Zc#Z#!0Z5CEY2L*HTDtN0h)DO=5m
zc65UnF(XZY8goV+XYb3GLH1@uh`V8J^yV~ko(bH-@oS%eqj}`+l&cfh0H+4v?%WbV
zy~scvz~z8i-4JcTc0NN_7d6OYpq_71a=dtM<q{i7`_ZV3)k(F)${^KFON5Ffh~vA5
z6{C)mZR+X?|Hr?o*-atHF8eO`9!foj9ZRdN2nL3-V&BtISwQoJ)dHReF=ies&U#&5
zUY>0sk;Vds4ZC+#1MAmnJFE&;q9!CoI&vb^sHP)JBPRNMl8jjd@lDj+<!jJV{ML%J
zuR5V?rqXhF(S?7cL~(i%0L*&KPBWptZKZ!_tQ2A(!@nGl5>#?-s%lynT>s}m+~T!u
zmRGtBEx=)1K+&gy`M7sl(T<~W`m-ntn3JpCHiIRrcUnO+$;<Yh74utz4$PX-_GO%I
zVz`g`B`VmV*jBVaN4S*f>N2(23VA*;+4_SfNnCQkDFA%zKd-7T3PgFrHb?J92BLt2
zp-9zIaDYA?1i<<H$2!u8r5x|#!!H0AV)OYP=$xzuMo<Pp9o}I1FmktQ1O*U93LZ!R
z>c#;wLW0oD<=_D9{-eZu)6=VEFLQKvbYR<d4eLo|z-x$<H9_6_;L+`V7!>Kl(b~BE
zvJ3UlIZw{!ySc?E{0ae2-Vl5pGskJ_gS|ne-0SygAzvs7j!H0d$^1?Sww~giV9~cr
zYE32ws3EuQPB~1wLQG7Sm*jPbSXdmgg<QQ)48`-Egd8*&W5a<e0x`6k*;^({S$G5G
zS9yHrNUz&s`~46{DKA;gcd0U~@<9SI(5PDPm;q!oM6+njhT7tZ&Bvt&u$C<7&q;J!
z$Xl_Lm)WMSo9l-5LJ2E^fJW-@Us}-hQTf++ye_+Sv1;@}c52}5otpH#G%<zipn9(W
zs#x8MbiW{=Z>#|uwbOSpJP<^N0}P)huETL*tK378)<{5pf4zeW(HMA<W5rT6k(sd;
z)m$%V=ns+G7V3#zYKZ*oU79qKV8g;^H`uCBrY|0ARhZAngMHy`29J1PX$Fd-(5CHn
zvTE(I>#oa=eB;5M*?U$JNW2Oy2+H_0$*)3E_A2kFn{o_3=_a1^>NAk>B4=Z;9Pgu#
z=XQk&>$pY1DvB&&N!Z4-Jb%_^pgnTr?~+J29FAWDrJSP$Ui(>L4k8{m`ab{Yd)*A=
zK)J!b#4C>ElQ9}N&`-v;l-)-1{gHt-7&H9oGgTclxYb)}d_H@X+@^%WdF%baDCxl9
zdnPlwg2E?x_(crG^bVR3WF|x>0fsD+9uccHok6joF<@s}g#^i>%DD6iFMz(8q5$QM
zW4pjB-RpUX6GAMm!V#*NzDrqc-Ic}qRuwxXnSxx4t~`OUwJbHsa|TgMTvIW?|7}^&
z8%KZ~S@(Nly#~>o+hH-teZV&)I(Ozu7qV*U?#&B7$o+$0(lGvKY7pB`%Al)1z`Pxs
zJ+=Bn*94z(A_{EYa2*YK7M7{oKkd|@H=p>(L3y#*?r@pPX!)(M5|X|T-)mV-sco_C
z>&a5OWPLIe>s^uJVbNXbjLR?n&w%5F*lz;j2&UV3ArdhLGp>o!GN--JTV9Av*J6X;
zOW8cusI41^+<9~G@wbp)1#*;)vdm$#!6^+eZRXFcEV#J3+uXbCAYNXLqAv)Z=GTEE
zn*p0cte{aGfE9Z8%jXOEzg?ewU=4|>RcN|M-TKVGjg{>BrkQNBmUf@>z2ZrrfQ{Ob
zi3Sv1iPXKQ!@R38!$K|2gbO315w=DiEDhnN2+5ZhZdDYq)-}RK>Yo4RnBto1jxB$$
zVR&qsF<Es303SRm55=r0QQnx9C>$^Zl+g&=BBz!bm7OYN<r8IBCf?n)EUSrd?!*JY
zzb#Cu^FQdwz&kAO7rjcEQ&?tpbpf1?l8gefngK7g(llls8`_(EG+2<T`BDZRNcY{-
z_)U9ti`<=&gBo@!e}q*PvZlNNkY_||*8FTbvM=adK?7*DRqB<hc3C|%@c0^LecAG*
z0F-ks3~jd0XaP@aBMPa|x>pwsa)5~DAIRVe!N8%1g?+=tETqOkw}!_L*IkdtH84Y@
z>KV0+q4B3$oc~gh{>M)D>Gj6fe<-A;5DPzf|3}*YX|h|xTf094b9vS2A1XyzHJM6j
H@aO*p%%Qsl

literal 0
HcmV?d00001

diff --git a/docs/images/protect-an-instance/sidebar.png b/docs/images/protect-an-instance/sidebar.png
new file mode 100644
index 0000000000000000000000000000000000000000..8294c4a059a39b5f922bd40521998cb6a20bdd4b
GIT binary patch
literal 6662
zcmYjT1yqz>*BxMhp=4+Tg&CBPkVZm~89HBDP-1ALLj)vc2BaH78B)5tm2RX%x=Xs7
z`SJa~Z~gyWcinZ)-sjoRU3WeA*(X>{RgQ#^jt~F<kSNGYYXAV)AOHZ%6ohk+I9%dr
z-vhU5%33lQ3});68Up}SS65F>O<{3Z0@T|8LZ5E$?tt9Zc~yNkw|7BbYp}Vjs6?Gb
z5J@{1H<wp876FxmOFObQ8An&Q=NDHIsSQ^*w>ABXr)L-4vs=_}x^Oky`883t{@F4n
zQD--In9Iwu#-VQ&LsZhC7zfw8JIwm&6=ru&)hbrOJZk0ma%T5zY;C{c*FOBi5WPV+
zp;m{MeFCYF1EGK&MpzaDV6JN$=d<}m`noeDsaDUkh)p97b9=jeaJ74I!lmLjFnv5Q
zwp7+NTU<B5Y|{HNvV=~;b^r2acycARsKe`9GbRzuBJYJUw{8D5V}dNl=e51OzTMn8
z!d7o{4JnW}izX5eoZmn1nLNrY>yF9zae96`zj2|B99Qrh5p^77H0nvrX~86?F~Hq1
zGHMvW!?o?p;n|a^`OV~-jnS#qH$juCKBNBel}>?qR=$~1R_O*GlJ%UwF(^d}>wJbv
zd2F6tAD^6WAD<l@ovm)}XSe)`Enjo}HfI$xb22e)6grhwJBIl+P*Br<(bbEoslyRL
zVm|ur>>e$x?N;{eqH>m<5@$0TCZ3u1CFQr7du6~3!`nxX%KCTH8n;@;*D-5r;RUNf
z`78EuGnn5~5-x+Bmi@PlKTSTSap`=)cq1|IKVp=1FaS~vfN*N%d~SKWpmlp<cD<!{
zs<LSWnbxl1n)gyK_|Mtp=*C&o<UwiYPGZG+bn#kv>8fAGB4%O1JaRg!pbwLktK^XN
zN<S21?Sug^?j2n>4IN<qZ1)Z?G<8n}eed*+E;IBi9bY)@SvYQ=Io#XWY8+niOj~e6
z&vy>a6}C<P==_Zt9dipUdS#v>p#KdMpNI*I!oXB8kN7YI97_imgDa<XBm3W*|0LFJ
zRQArh#{O`MthWuVMR=rQj*buKmvWjWt6Rn}Ep0dD)tG{!j+9i4e;~%y6Z0B@(Kg&s
zd+m#EIqM&8C@pQu&1=rdm9fsiM12_z_`GOszx2*-&Di`1u6V&E`dDk9005wFSCEEj
zxlixR@)DvX!P3M2$q3_p-vv84T#E4aW}kiHR5~%<_a`Fq51%XyMS_KiK1Fb1Q)59P
zK$IUCj6ERtHw*n6!X-hqbn=|oG9YDA)B(}0?tMi87Ig7lGZTWWRt(kBr~irsZq+vG
z7b)|X3H6ha1cCln>6q+3gOq_Np*#ei6hO*w#F{n2oQw^Q*ua1||7zOmlTbnrEH?}d
zGYH#+BQQcupRMVPg&r>H4w)d{BnrV(sAFYSDTB;Rc|_(-Bpa+WDAg^1cJ;&tPkErz
zU#TkDf~jHZp*k`r+?AVyo8Aj9**kbD$%|-r33~JQ8*V9<^ZY9Wo7QSyRDo-w!D+-K
zu*>&?Y^kb1^DSw$FM(;;^>lGr6!#z#o0ODVL|_`478Ug@{zOW(jKT-RVIiIWFxQ<x
z95v>_o064g!o0JxauFmi_qki1MhlG+BRd+e>~@rR1&t|QPhWo09(-VOmCHIJR6{M_
zUlr^wmt!Q^A+1Yc?B(;6t8)k&9RTGWd2+m><^<LNUE1?DUKX#tb2oXv9T*f41*fH%
z^75<>bBMEaaG>65-GB3AOBlQBi|-8S0>Lys&XkG~Ook0beIu<T4keDVTtXWv%p)r-
zxQQG;Zuv0i_Hf6jVYET#J=%^!F)u+ISeJAIls$HR@ZU}Kc<k&sfogEcfbFG1);ipQ
zr!$kyZ(>bjlJ8l(Q(sl!EP@ryAjDroJ>g@qq;J-?_SDS^^eHG%4gIW5{#F}Q(5=L?
z7rh^|6A*2^0YG!+lz!?GKz);+XEaX7?bMBRH}EBEJ$vfbD%{O5yZSWDZPi=%I>swp
z+*bY_=##uE5OPS~U8z`4+@F2N14N&s9=`2Qu=4_%(sMY{=_xGsE835Ny~s$?_u=(%
zuV&fjM}DWh(7$T~6WZdH3Uw6;x2`^{0q?cGvuIK>3k?JZt>$4JGtJqVP?ZD|o8NJw
zCihAfwjU5uHL#G^ElSrV%`O@87S9?IrCa(gg0;-xR&^}0qX)UP-$Oy1A)JfnS<{!`
z#P|PPKU2jLOPs|oNEPRqSaU!4Or%(n##BM)C}Vb_z{oe69n_Xv$KJvBCu$9Uk*oyA
zy<1cANs@8VT!(@#qenS4yqdR^l%0<Pt8MwmC&3B!#}9!lnK-Akiwd3}gozMyh77IL
z)Cg}T4tma*&nJTZ6dl0_&UXsx7K=#~Uz7Au@ecfv6Dtz2Iox=f2nu|15--wiU=zC)
zNLD~fmwbiSi<x)6Rg{%4v|g*$H6#EbYUYMNnJ~Cxe#~wZ5swN)NIMJOFrmf-8<_t%
zBLg&d0$d|^!~0w72UhhiKK7i``BUA$vHW8#+qikb(yqx+m%yKj5E5JY<}HDR7p)%$
zl0b#R9g+W*A(Z83&bg`a#UCo9NhHLq5?ov<FdSOqlzh)_K69nR29JY_gDRh&LY)d4
zK6vfSaCVUY8CPcT+ZV4Rn#gPjqx@~>1CuIcs-^S$V$b_cs3v4sl;k`65v3~!j|ag|
ztq8X{p-p3IBUfkS{k~n8v}EeV%SPO8l=_vJ+OA$jm67cwseWHhrl+_4#@3J!=5~V9
ze@LbS>hAaPpsyeMe8e9;jGOx##D!XH9vZ{_J_dD`6AOwxfIE`&9F1pmN9_gZ5(olw
z*8EwQlSjp#wkusgi5~<LlfXOrnreT{C%sT}`u<{6<71o3{gr<QQj}7o^B)1nrO?Hx
z0<)lA7W?z?>7UEOeyIz_X#Rti3=XX^d}I%~e8?U&J)`9_6r>oX9`w(4;AX5R2q>L6
z%1(#>qtQLRf{L5!j3@5_x?%(llirqnHhul0GHa&(!`yA}9R?$!cjT~_P<|J?uwjnL
zdK$Ohw|_Grf<eFPRRkYYXLzBgu#Car0Xi@q*3yt)DN|a4HkoZ~g19P;Oo>p!sEfzQ
zS-C&Y{7a?i=zgI{OK+=0+P$=HchNxBa$PdzUz2Qn`8L0@ceGG0{FD!8`s@0Uhzhmj
zv#sj%P@&kQwAZmSW(~q)LUXFFoYnn-c<0P?e3lQ($;>FLp?!}?>Q)ERn22lP23-`x
zu9R9@JNC0xHZ%~N&7=pX7sW7lb$75N*>|SI0TdppiwW4k3y|ga2*C5GA0=!p4^>QY
z;=&D2#FqNFnI2QX9S-qQ%9=8VcQX{?;!RAdW{p0>Hx4AU#0Nq5cks-tkd}D}1uoED
zjux%ZvvGha!fS3pb4kyQ5XK{tx4sI1I_NB>MN#1WqY+*qVF)&yTwBcd>ch!;B!JyZ
z!YG!vZtWdI)xx!aaH8;EgM3DptA$sH)rCN=kwS38u02SNK%WFOFNEg_D_tV;(HKjp
zH#zJ=C=SP#)HzbQbqfX4{j!3+4w35_PUnV!m7lAN^5Baoy$>tiyMPHlnO1yphA*-m
zmq__>d4LYDU33Hoe$Q{4mX!<8<}lTEH1kNx<EEhn+3-GVmLVO3^8*Q{klXTg$~$5=
z)LbB3X=94(aF!z$p%9Uxw>vT^k=kUO!aS=4yu#>UGL(y!U?`3hgH=wxQN{q>>huxc
z0PT?^qxLOW5X6#y1U`C@hTcfePt719`K2WofeYn+nVJ78LmOqIHLTjrAnCCfQvIGb
zi%D5++>{gKVG@)7GnBZMNBcck!%s8tW+=TXG+GLIb`={p0e(|ZAc1S9HmXIXPS%-c
z?H@%+O-1vtftj3_@8izz-Dn-j&S9EI^e0rXB>w&^A-*uaY63^^t>(ANnm&#A6^KVJ
zT8A5<u*57vCF_Ddqf+Mv?=5fYY}+2fZrTC0j#u0dNVEjwrqN3fv3j)*S}~`KQIgN5
zD{XBgVP)s`%@|wr26Dg|HB~%z$O?V_2tI6&|2Ig%eBgk=My<Eyr#grH+3@!;?FAI&
zthZDSBj5UgbIIehxMOljCv;AJ>M0Cdp$I30co>)~9|k{etvut?sV3-oyC#|nn@(Av
zdG;rNMa&N-kF9-MOxkL0r^j1GZT#t31jCi1CQX1;n4mD^UA#)Z$H4wOnulI)u8lHZ
zP)~|zQJFL}m=XLIDXP&tTw|2N8WDJ%qw@hggk5BT=o>K-VhoPqRi^UYMlNQCRF8d>
z>Do~GflqhFuQQ5kT&NuujsO#<ePu8HgItV>4V0DF-d?sM1<u_O0)%>}8s6a>&$C{4
z@TUIbo!4E1$8l`Y)aW&)Vfoy)968h^u{NjI^j)9o+RJe7{Bk0G+w<o}J;Zi=!sE6e
zvK}DwRj7XpDXC3Ur67eT+gtT!sHfK<lOE_&YUGu4Y_j$$pwTMa#hyChR-Zph5PC*k
zOfXy3N=uUsSR^szKtf)<ttFD*m&*?!2fhu2{pK{?e<O1|6#E0Bj7ylra2l%QVCTCP
zpgpi}!~YM16}#OJwZ2O-E3RjU$Kx?EMM02Rf`i@ovR;n?4y-M7Bo$Co5q7cJ_cqPt
z`=`fE4+uR;w)+ji?x9oy0epbP6~ogk(Zi;R7mWq=3@{p$2|q@gUSYxmL9AALr3-VU
zh#7Gn!8f7a0)(3~ib1&xe*fITZ7E!nY&Z$&^VyAjBVvU0>;w2)t=>)6j?Yg#w%NQL
zV0zeN>IDo|!5OKypSFYFP)~jZ4NCih8#GfMxvFmm&Z)(ywn8YK89~RreeyJ@9byu}
z9UD9D`oPotZ4Z3CUn)@_r{3z>QcJ<27T)u2I1~gxn?2@kedJ~#i6Y$OW2)o<1%s*;
zx}6eO<3+bSiS=PxcTo9qCbL%{nR-ZbfL-yygnh>Y_-nt<Ku1df#frqk6DK3bs>P_7
zPYj)3B%gSq5*UCgThont!L0$msapEnB0#rt5sMn|xGmF8BE{q#Z*ZJ?I@%kEsk@^V
zOY{MMlN?QD18HoBe4V@(ew>O==>U7S!o1GhNsVQe+AZ4fJ_)S!4hUNS2{1qKKhbZj
ziztyJfD@gYJ`QSVM;~U7Vw?Ve2&-yML01iQen#1YLu!q#b9H<(ATOuqpW}|xy(n;)
zT5=_W4ap{Yrj<|Z&EinjZN*&*o!}R)<ALZOfTqlLkd^0jI>IHcey%oMXg1IT?h^WK
z?Ak?|EJVt2)ejv5u$g(?iwX0`Z?!kjY|iwe$Ml-^vOY`B=T4Ykl}JSL2KxHPto~O=
zD_sId`{!ENn!1I*pe8$lg#~Y^42z$?N=LoO{yj2fyJ@xqmcIB_HbA^5S6Xu+ve6X5
z%xgn?>>)xrHdob0`jt?c$iGVAwz-+zUa_lIo9j5~^<%lIyP&x&sj$bclCmK+F}Hrj
z%SAe%vb`!P%8BI|4Y4%Z7bO-xVq%<McqcsX{{%igx>HOL9B@sA<pmDSR(1@EqDIP%
zcflS}NauneUdDg^^=?(A-U-b+G306EWNhqGdG6i$`;bIZ7UFyK<uDS#d|hTuoqa`H
zyg}bCplyC=c^HwkqRdwEr|v;Fq<wI?!c#5KG!x&K#E$1EjrgS~>q78%mjj+6FILjg
z)|Jzv<d=q|q_h1lN6jiP{a-9}Nchu`t_`p{Jy`2By*idZNc8b?luL;v-D{S+T&=5(
zJZkyuxfZ_I_T#|G_mb<P_LUdFDkT&H7@9ncZuVfhkYA)^AUE_==oWWkB!AA~FF>J;
zeMV3xx896h<`3S>d-RxxKtwKrXb_SIsZHh+vWK%fnm=><kNH8squQ5&_^6#0S?Fu8
zoy>0qr%`6$Acdc6f9=#ny_*Edn%AjEs(}BgHdVv;cP1t74rN%$wI};aiWT^>9#TLm
zpaKUK<;FvZ_rm>4;5yMWEuft^?3)3LwRSUBYwgu^-g`QY2iSTa)O+|<LC<on+Bs=Q
zq)6lSy`$JbxKCrYh)Jw{l`A<B20Z8<4uS4b5&|T6&My?t_2pLx6ERf-z1wc9BrSa5
zJwAyu33es}u*W+%uwO6G7Wgp0uA5Iz>Uo_4>Hq=`5V8qsu}Bx)9kr99v154wD`BbW
z`QVgmSD*Yx*A|ue7`Qb{EYm6E5)t(j2~Nnnq?3_#Et--R_^J(jXHtt~TG^td7WdI%
z_ZRqYw?v^rjf70GaC@SkhZx#D&)GQ23`b@138dXnFoW0_jb$WhfhZ}Q){y(Y3qp+D
z3Q4oYUlNQn<pIefrP`WyW(SqD)G6@~DmEWkpy!)y`2r8|E5WwW;ZMxC`rGM<r3;CB
zeG)-gx8yPe98aub@$$&DX!ouNxcD*y5R@a?Ow%>i!>PmG=gM2V+EEg1mJ5R!EuIb)
z2R`B(a~l_cF1h9orZgr1J2nL52Lbp4K-i08fZY4IIRqC9JHWtX06;89>-%Mh4nT#a
zMh1WZD)A&`09rsvFrer!K!pXqkDKBDnUYHvAVMlEuUt@?8d>xICyLHA+h#XU`uk5d
zAHgzF`efCQ`a<Hxs{<f#I7#bpg^3vpE58X^ToL@xSb}kBTqk;ZOO)?Vwv9~nPo|&{
zFh}bb@}9HyT*yRhJbC5kZV)$!l&{>AhRfNi#*6_hEoGGx7{cDO$JA9^sHHvBR9044
z2o(lkBtU~Q***E5r`8dLeN2N}+?003mE0clI~*MK@=Zg7-jt=E>e%iJe+p{#+_p!?
zwtXsaHG68WNOc=<`e-tN@k(f9@J-?+lfPu8C`W4#j`Qa*&4*>GkC;~?9tqcFLMZ9C
zbMU@i<0x#JuRjL)m$7rS+L8HgpSyN{GW{MI5sFs1Sc9#eY50S=Z7t}J8Jz99%eqcM
z*hM3de))-oOZ8|svqs7(8R_7{e$FQ#%A`fJkVlikBFj!V{*nb1g8I?dX0uV`GZYVk
zPokWRiaA+9V?DDf5sG_R&JzFN2HUJ%uG)Gko{I|)sToR)-R23*E67S2xojiWMrrdp
z4@YL3-HGyUkCS4N@!O+j!ZveLY}fUZhpx=*t=f6aD=D^fa&HLjqtrRL6R1#j{SH=T
zw<!;QH>j~r|7M@dyWV@SN&nK`V*LY?Xuq|gk}UVzc`yI4FE8Jo=JYsD)K?6f*XKW}
zF~((YEj7EvOg=ekR3noO&Sm0g>mzJ6v^alj)NepQ7jn#U_0tHaLuE318Q*nb4vPf-
zuGnpVv`d=HDP_}ERR5P(VwguniErZFMZm77fz{dwD@}dZk-lPJ#YA#=sca<8A>Hc?
zLFLek4J1DEh*Qv}*=Msq-Hjn9oE#u;{S}=R4SRl!j*H-B{aX)&RC<7;Izkc|<p5de
zc*>|8%{$=qO8?hcGMl>IO4DnyF1MINme<FkrT=OV_P{oaU`ox*Kjgt*U&cNIE>?6G
zuK}0njw!h&+Gi16uBOv<7N|m>IX5>+q}t8xFBhp*C6cRfrd=miu8a0dTD?zIq76b4
zGjp4DBA_Owr`5gMd}kz#;3uBn{loa3nabiI2ly*1x>XC?@5+SiS)L@18a&#t%nW(|
z?@>_b4c4Nys(uLS4H|G|3OH|YM-di}PgP0Arip+Wm~s<h6r%Sh9LEpca=P8j8fM=P
zBzH(Y5L&-{boukZPbkDtBj?{UZS^TX>NgMB^$zN+^$=eWme%?BrLL;Jb}PY##^U=w
z_iDP)5ZmGT#Z9uhs!GV%MZLugchm}p%j>$xQ{AcFj!cdE{Q*A;RALuVBkGl4i>!?i
zl4Z#&Cj4qy3sEFS?;4)6j$rmbNLt`{YMoW>|HUU9JT^#lM)~|=ENHKRe^CeZh}8B9
zHnY%nc9%&oCseNS&kSB-owL+`pN8B(a%ny>V$`D<2>C%$>y)oEooC|@kWNu!nsaWJ
z%_MN~*P3ee{CNqF^LrR*acq*Ox^3R2#}l{e%MOU*P{leg%jd#qP4}7dsMjO!dd<ES
zivQg+J<5<FY?ymzhzfV>X#(#3hiRkf4omx*s@Uoh-A8E+w(#&LG(p}3Y!V#Dtuqy0
z?-AF+cr-mLO;6)}_$VkS=2mTLYMx!QzUPZyU2cBk_Q8(uaG&lE-vEBh*?8~XlXSc#
z=rOH#P1n4&=-})GWrL6KLgBwEX)YFSNhZOg@jK$s`lywwQQiv3;EHISX?K`v*$Z;r
z?SWzys1C56<EXpNqE_Wz2t6;Wp;B$&z-hUj+11lkzyAq~#Gmdw$2w7*KBuhq(pqTn
zrr+VkWa`($kt^XYF`WBLE6Cm+A}RNQJ0FXce<T_t2r9EE&cr=E%N`sk*Rd$MO1~=~
zeh2~@uUtJBa)~eL5j9BRHyR(zd4Hr|(S_!8xbP_AZ}{*E@1ccEniA7~?qa?nZ(-xf
zO5n*pzJ73MNrPr+hTw9c@{6#W#)+>61qRR?$kPa=o;*gmE)L)@nKgLRPKSlUtbg|l
zh3kE80X_kF<Q%A1$pOj8@00#SZyN_F8X6Q+ni}btD=n(QT9d&mtrA29n*)3J>YK$u
zG~lH048<^Ge=CCHOVA%H*-TSLSS9KW*_f3!RZ2X$h<iTWqF(>K7rnvxuP;sfHKdSx
zYf2NmH>!K|uT4Qf2<YFL=I8|s2mwfF0o8Iri2tJh64row0?!|STX1^`0xSG=HGnF~
z|4E}Bqg+cnZ|Vdgpamh5W~*@?LRtFI?+5{C7&bXMHo&K3v*iQ0>K1T66l7GTi{S|W
F{{buvy|@4X

literal 0
HcmV?d00001

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
new file mode 100644
index 00000000..650f155e
--- /dev/null
+++ b/docs/protect-an-instance.md
@@ -0,0 +1,58 @@
+# how to protect your cobalt instance
+if you keep getting a ton of unknown traffic that hurts the performance of your instance, then it might be a good idea to enable bot protection.
+
+```
+⚠️ this tutorial will work reliably on the latest official version of cobalt 10. we can't promise full compatibility with anything else.
+```
+
+## configure cloudflare turnstile
+turnstile is a free, safe, and privacy-respecting alternative to captcha.
+cobalt uses it automatically to weed out bots and automated scripts.
+your instance doesn't have to be proxied by cloudflare to use turnstile.
+all you need is a free cloudflare account to get started.
+
+cloudflare dashboard interface might change over time, but basics should stay the same.
+
+1. open [the cloudflare dashboard](https://dash.cloudflare.com/) and log into your account.
+2. once logged in, select `turnstile` in the sidebar.
+![](images/protect-an-instance/sidebar.png)
+3. press `add widget`.
+![](images/protect-an-instance/add.png)
+4. enter the widget name (can be anything, such as "cobalt").
+![](images/protect-an-instance/name.png)
+5. add cobalt frontend domains you want the widget to work with. you can change this list later at any time.
+    - if you want to use your processing instance with [cobalt.tools](https://cobalt.tools/) frontend, then add `cobalt.tools` to the list.
+![](images/protect-an-instance/domain.png)
+6. select `invisible` widget mode.
+![](images/protect-an-instance/mode.png)
+7. press `create`.
+8. keep the page with sitekey and secret key open, you'll need them later.
+if you closed it, no worries!
+just open the same turnstile page and press "settings" on your freshly made turnstile widget.
+**never share your secret turnstile key with anyone.**
+![](images/protect-an-instance/created.png)
+
+you've successfully created a turnstile widget! time to add it to your processing instance.
+
+### enable turnstile on your processing instance
+this tutorial assumes that you only have `API_URL` in your `environment` variables list.
+if you have other variables there, just add new ones after existing ones.
+**example values in the tutorial should never be used**.
+
+1. open your `docker-compose.yml` config file in any text editor of choice.
+2. copy the turnstile sitekey & secret key and paste them to their respective variables. `TURNSTILE_SITEKEY` for the sitekey and `TURNSTILE_SECRET` for the secret key:
+```yml
+environment:
+    API_URL: "https://your.instance.url.here.local/"
+    TURNSTILE_SITEKEY: "2x00000000000000000000BB" # use your key
+    TURNSTILE_SECRET: "2x0000000000000000000000000000000AA" # use your key
+```
+3. generate a `JWT_SECRET`. we recommend using an alphanumeric collection with a length of at least 64 characters. this string will be used as salt for all JWT keys. **do NOT use the example secret**.
+
+```yml
+environment:
+    API_URL: "https://your.instance.url.here.local/"
+    TURNSTILE_SITEKEY: "2x00000000000000000000BB" # use your key
+    TURNSTILE_SECRET: "2x0000000000000000000000000000000AA" # use your key
+    JWT_SECRET: "bgBmF4efNCKPirDqTc4FMmbX8P22I31oCj5R1zDiDi5sy8CWPnfLUct7rk5RlZUS" # create a new secret, NEVER use this one
+```
diff --git a/docs/run-an-instance.md b/docs/run-an-instance.md
index 272fbd35..1d4dcdc0 100644
--- a/docs/run-an-instance.md
+++ b/docs/run-an-instance.md
@@ -1,4 +1,4 @@
-# how to host a cobalt instance yourself
+# how to run a cobalt instance
 ## using docker compose and package from github (recommended)
 to run the cobalt docker package, you need to have `docker` and `docker-compose` installed and configured.
 

From 90114bdbea2d757681e7c78686b5e45acec22e18 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 16:28:22 +0600
Subject: [PATCH 026/379] docs/protect-an-instance: update the note to show up
 as such

---
 docs/protect-an-instance.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index 650f155e..7c9bec7b 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -1,9 +1,9 @@
 # how to protect your cobalt instance
 if you keep getting a ton of unknown traffic that hurts the performance of your instance, then it might be a good idea to enable bot protection.
 
-```
-⚠️ this tutorial will work reliably on the latest official version of cobalt 10. we can't promise full compatibility with anything else.
-```
+> [!NOTE]
+> this tutorial will work reliably on the latest official version of cobalt 10.
+we can't promise full compatibility with anything else.
 
 ## configure cloudflare turnstile
 turnstile is a free, safe, and privacy-respecting alternative to captcha.

From 5ce3a941f9ef345a74439bfffdb33fb9c417ff39 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 16:31:55 +0600
Subject: [PATCH 027/379] docs/protect-an-instance: emphasize a warning in env
 variable section

---
 docs/protect-an-instance.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index 7c9bec7b..c95bf135 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -37,7 +37,9 @@ you've successfully created a turnstile widget! time to add it to your processin
 ### enable turnstile on your processing instance
 this tutorial assumes that you only have `API_URL` in your `environment` variables list.
 if you have other variables there, just add new ones after existing ones.
-**example values in the tutorial should never be used**.
+
+> [!IMPORTANT]
+> never use any of the values from the tutorial, especially `JWT_SECRET`!
 
 1. open your `docker-compose.yml` config file in any text editor of choice.
 2. copy the turnstile sitekey & secret key and paste them to their respective variables. `TURNSTILE_SITEKEY` for the sitekey and `TURNSTILE_SECRET` for the secret key:
@@ -47,7 +49,7 @@ environment:
     TURNSTILE_SITEKEY: "2x00000000000000000000BB" # use your key
     TURNSTILE_SECRET: "2x0000000000000000000000000000000AA" # use your key
 ```
-3. generate a `JWT_SECRET`. we recommend using an alphanumeric collection with a length of at least 64 characters. this string will be used as salt for all JWT keys. **do NOT use the example secret**.
+3. generate a `JWT_SECRET`. we recommend using an alphanumeric collection with a length of at least 64 characters. this string will be used as salt for all JWT keys.
 
 ```yml
 environment:

From c3f3499a42e04a24c8a63c3f174bd68aff9b4e5d Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 10:35:05 +0000
Subject: [PATCH 028/379] api/util: add script to generate secure `JWT_SECRET`

---
 api/package.json                    |  3 ++-
 api/src/util/generate-jwt-secret.js | 13 +++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 api/src/util/generate-jwt-secret.js

diff --git a/api/package.json b/api/package.json
index 339d383f..ba346f39 100644
--- a/api/package.json
+++ b/api/package.json
@@ -12,7 +12,8 @@
         "start": "node src/cobalt",
         "setup": "node src/util/setup",
         "test": "node src/util/test",
-        "token:youtube": "node src/util/generate-youtube-tokens"
+        "token:youtube": "node src/util/generate-youtube-tokens",
+        "token:jwt": "node src/util/generate-jwt-secret"
     },
     "repository": {
         "type": "git",
diff --git a/api/src/util/generate-jwt-secret.js b/api/src/util/generate-jwt-secret.js
new file mode 100644
index 00000000..83f0aa5b
--- /dev/null
+++ b/api/src/util/generate-jwt-secret.js
@@ -0,0 +1,13 @@
+// run with `pnpm -r token:jwt`
+
+const makeSecureString = (length = 64) => {
+    const alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-';
+    const out = [];
+
+    for (const byte of crypto.getRandomValues(new Uint8Array(length)))
+        out.push(alphabet[byte % alphabet.length]);
+
+    return out.join('');
+}
+
+console.log(`JWT_SECRET: ${JSON.stringify(makeSecureString(64))}`)

From 7515204bb73a858a82853a456cef576dd64cd038 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 16:51:38 +0600
Subject: [PATCH 029/379] docs/api: update warnings

---
 docs/api.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/docs/api.md b/docs/api.md
index 39b17209..dfcac1ed 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -1,8 +1,8 @@
 # cobalt api documentation
 this document provides info about methods and acceptable variables for all cobalt api requests.
 
-> if you are looking for the documentation for the old (7.x) api, you can find
-> it [here](https://github.com/imputnet/cobalt/blob/7/docs/api.md)
+> [!IMPORTANT]
+> hosted api instances (such as api.cobalt.tools) use bot protection and are not intended to be used in other projects without explicit permission. if you want to access the cobalt api reliably, you should [host your own instance](/docs/run-an-instance.md).
 
 ## authentication
 an api instance may be configured to require you to authenticate yourself.
@@ -46,9 +46,10 @@ cobalt's main processing endpoint.
 request body type: `application/json`
 response body type: `application/json`
 
-```
-⚠️ you must include Accept and Content-Type headers with every `POST /` request.
+> [!IMPORTANT]
+> you must include `Accept` and `Content-Type` headers with every `POST /` request.
 
+```
 Accept: application/json
 Content-Type: application/json
 ```

From 67ffcdc5047ef314a6f042c0634ee7539ba98449 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 16:52:59 +0600
Subject: [PATCH 030/379] docs/api: update the general api warning

---
 docs/api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/api.md b/docs/api.md
index dfcac1ed..dc7e9c59 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -2,7 +2,7 @@
 this document provides info about methods and acceptable variables for all cobalt api requests.
 
 > [!IMPORTANT]
-> hosted api instances (such as api.cobalt.tools) use bot protection and are not intended to be used in other projects without explicit permission. if you want to access the cobalt api reliably, you should [host your own instance](/docs/run-an-instance.md).
+> hosted api instances (such as `api.cobalt.tools`) use bot protection and are **not** intended to be used in other projects without explicit permission. if you want to access the cobalt api reliably, you should [host your own instance](/docs/run-an-instance.md) or ask an instance owner for access.
 
 ## authentication
 an api instance may be configured to require you to authenticate yourself.

From 51adfc85cd03bd24fbf4b535f7a6c5b220dbc4db Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 17:20:38 +0600
Subject: [PATCH 031/379] api: update readme

---
 api/README.md | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/api/README.md b/api/README.md
index 5c281246..05664321 100644
--- a/api/README.md
+++ b/api/README.md
@@ -11,12 +11,14 @@ as long as you:
 
 ## running your own instance
 if you want to run your own instance for whatever purpose, [follow this guide](/docs/run-an-instance.md).
-it's *highly* recommended to use a docker compose method unless you run for developing/debugging purposes.
+we recommend to use docker compose unless you intend to run cobalt for developing/debugging purposes.
 
 ## accessing the api
-currently, there is no publicly accessible main api. we plan on providing a public api for
-cobalt 10 in some form in the future. we recommend deploying your own instance if you wish
-to use the latest api. you can access [the documentation](/docs/api.md) for it here.
+there is currently no publicly available pre-hosted api.
+we recommend [deploying your own instance](/docs/run-an-instance.md) if you wish to use the cobalt api.
 
-if you are looking for the documentation for the old (7.x) api, you can find
-it [here](https://github.com/imputnet/cobalt/blob/7/docs/api.md)
\ No newline at end of file
+you can read [the api documentation here](/docs/api.md).
+
+> [!WARNING]
+> the v7 public api (/api/json) will be shut down on **november 11th, 2024**.
+> you can access documentation for it [here](https://github.com/imputnet/cobalt/blob/7/docs/api.md).

From c494850cfff1d4f3977e735b73cc690c39ad065b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 17:45:10 +0600
Subject: [PATCH 032/379] repo: update readme & remove old docs

---
 README.md                                     | 114 ++++--------------
 .../troubleshooting/clipboard/config.png      | Bin 4154 -> 0 bytes
 .../images/troubleshooting/clipboard/risk.png | Bin 17944 -> 0 bytes
 .../troubleshooting/clipboard/search.png      | Bin 6867 -> 0 bytes
 .../troubleshooting/clipboard/toggle.png      | Bin 18725 -> 0 bytes
 .../troubleshooting/clipboard/toggled.png     | Bin 17312 -> 0 bytes
 docs/troubleshooting.md                       |  37 ------
 7 files changed, 24 insertions(+), 127 deletions(-)
 delete mode 100644 docs/images/troubleshooting/clipboard/config.png
 delete mode 100644 docs/images/troubleshooting/clipboard/risk.png
 delete mode 100644 docs/images/troubleshooting/clipboard/search.png
 delete mode 100644 docs/images/troubleshooting/clipboard/toggle.png
 delete mode 100644 docs/images/troubleshooting/clipboard/toggled.png
 delete mode 100644 docs/troubleshooting.md

diff --git a/README.md b/README.md
index 5bf8ae8e..ca108a86 100644
--- a/README.md
+++ b/README.md
@@ -15,108 +15,42 @@
             💬 community discord server
         </a>
         <a href="https://x.com/justusecobalt">
-            🐦 twitter/x
+            🐦 twitter
         </a>
     </p>
     <br/>
 </div>
 
-cobalt is a media downloader that doesn't piss you off. it's fast, friendly, and doesn't have any bullshit that modern web is filled with: ***no ads, trackers, or paywalls***.
+cobalt is a media downloader that doesn't piss you off. it's friendly, efficient, and doesn't have ads, trackers, paywalls or other nonsense.
 
-paste the link, get the file, move on. it's that simple. just how it should be.
+paste the link, get the file, move on. that simple, just how it should be.
 
-### supported services
-this list is not final and keeps expanding over time. if support for a service you want is missing, create an issue (or a pull request 👀).
+### cobalt monorepo
+this monorepo includes source code for api, frontend, and related packages:
+- [api tree](/api/)
+- [web tree](/web/)
+- [packages tree](/packages/)
 
-| service           | video + audio | only audio | only video | metadata | rich file names |
-| :--------         | :-----------: | :--------: | :--------: | :------: | :-------------: |
-| bilibili          | ✅            | ✅         | ✅         | ➖         | ➖              |
-| bluesky           | ✅            | ✅         | ✅         | ➖         | ➖              |
-| dailymotion       | ✅            | ✅         | ✅         | ✅         | ✅              |
-| instagram         | ✅            | ✅         | ✅         | ➖         | ➖              |
-| facebook          | ✅            | ❌         | ✅         | ➖         | ➖              |
-| loom              | ✅            | ❌         | ✅         | ✅         | ➖              |
-| ok.ru             | ✅            | ❌         | ✅         | ✅         | ✅              |
-| pinterest         | ✅            | ✅         | ✅         | ➖         | ➖              |
-| reddit            | ✅            | ✅         | ✅         | ❌         | ❌              |
-| rutube            | ✅            | ✅         | ✅         | ✅         | ✅              |
-| snapchat          | ✅            | ✅         | ✅         | ➖         | ➖              |
-| soundcloud        | ➖            | ✅         | ➖         | ✅         | ✅              |
-| streamable        | ✅            | ✅         | ✅         | ➖         | ➖              |
-| tiktok            | ✅            | ✅         | ✅         | ❌         | ❌              |
-| tumblr            | ✅            | ✅         | ✅         | ➖         | ➖              |
-| twitch clips      | ✅            | ✅         | ✅         | ✅         | ✅              |
-| twitter/x         | ✅            | ✅         | ✅         | ➖         | ➖              |
-| vimeo             | ✅            | ✅         | ✅         | ✅         | ✅              |
-| vine              | ✅            | ✅         | ✅         | ➖         | ➖              |
-| vk videos & clips | ✅            | ❌         | ✅         | ✅         | ✅              |
-| youtube           | ✅            | ✅         | ✅         | ✅         | ✅              |
-
-| emoji   | meaning                 |
-| :-----: | :---------------------- |
-| ✅      | supported               |
-| ➖      | impossible/unreasonable |
-| ❌      | not supported           |
-
-### additional notes or features (per service)
-| service    | notes or features                                                                                                    |
-| :--------  | :-----                                                                                                               |
-| instagram  | supports reels, photos, and videos. lets you pick what to save from multi-media posts.                               |
-| facebook   | supports public accessible videos content only.                                                                      |
-| pinterest  | supports photos, gifs, videos and stories.                                                                           |
-| reddit     | supports gifs and videos.                                                                                            |
-| snapchat   | supports spotlights and stories. lets you pick what to save from stories.                                            |
-| rutube     | supports yappy & private links.                                                                                      |
-| soundcloud | supports private links.                                                                                              |
-| tiktok     | supports videos with or without watermark, images from slideshow without watermark, and full (original) audios.      |
-| twitter/x  | lets you pick what to save from multi-media posts. may not be 100% reliable due to current management.               |
-| vimeo      | audio downloads are only available for dash.                                                                         |
-| youtube    | supports videos, music, and shorts. 8K, 4K, HDR, VR, and high FPS videos. rich metadata & dubs. h264/av1/vp9 codecs. |
+it also includes documentation in the [docs tree](/docs/):
+- [how to run a cobalt instance](/docs/run-an-instance.md)
+- [how to protect a cobalt instance](/docs/protect-an-instance.md)
+- [cobalt api documentation](/docs/api.md)
 
 ### partners
-cobalt is sponsored by [royalehosting.net](https://royalehosting.net/?partner=cobalt), all main instances are currently hosted on their network :)
+cobalt is sponsored by [royalehosting.net](https://royalehosting.net/?partner=cobalt) and the main processing instance is hosted on their network. we really appreciate their kindness!
 
-### ethics and disclaimer
-cobalt is a tool for easing content downloads from internet and takes ***zero liability***. you are responsible for what you download, how you use and distribute that content. please be mindful when using content of others and always credit original creators. fair use and credits benefit everyone.
+### ethics
+cobalt is a tool that makes downloading public content easier. it takes **zero liability**.
+the end user is responsible for what they download, how they use and distribute that content.
+cobalt never caches any content, it [works like a fancy proxy](/api/src/stream/).
 
-cobalt is ***NOT*** a piracy tool and cannot be used as such. it can only download free, publicly accessible content. such content can be easily downloaded through any browser's dev tools. pressing one button is easier, so i made a convenient, ad-less tool for such repeated actions.
+cobalt is in no way a piracy tool and cannot be used as such.
+it can only download free & publicly accessible content.
+same content can be downloaded via dev tools of any modern web browser.
 
-### cobalt license
+### contributing
+thank you for considering making a contribution to cobalt! please check the [contributing guidelines here](/CONTRIBUTING.md) before making a pull request.
+
+### licenses
 for relevant licensing information, see the [api](api/README.md) and [web](web/README.md) READMEs.
 unless specified otherwise, the remainder of this repository is licensed under [AGPL-3.0](LICENSE).
-
-## acknowledgements
-### ffmpeg
-cobalt heavily relies on ffmpeg for converting and merging media files. it's an absolutely amazing piece of software offered for anyone for free, yet doesn't receive as much credit as it should.
-
-you can [support ffmpeg here](https://ffmpeg.org/donations.html)!
-
-#### ffmpeg-static
-we use [ffmpeg-static](https://github.com/eugeneware/ffmpeg-static) to get binaries for ffmpeg depending on the platform.
-
-you can support the developer via various methods listed on their github page! (linked above)
-
-### youtube.js
-cobalt relies on [youtube.js](https://github.com/LuanRT/YouTube.js) for interacting with the innertube api, it wouldn't have been possible without it.
-
-you can support the developer via various methods listed on their github page! (linked above)
-
-### many others
-cobalt also depends on:
-
-- [content-disposition-header](https://www.npmjs.com/package/content-disposition-header) to simplify the provision of `content-disposition` headers.
-- [cors](https://www.npmjs.com/package/cors) to manage cross-origin resource sharing within expressjs.
-- [dotenv](https://www.npmjs.com/package/dotenv) to load environment variables from the `.env` file.
-- [esbuild](https://www.npmjs.com/package/esbuild) to minify the frontend files.
-- [express](https://www.npmjs.com/package/express) as the backbone of cobalt servers.
-- [express-rate-limit](https://www.npmjs.com/package/express-rate-limit) to rate limit api endpoints.
-- [hls-parser](https://www.npmjs.com/package/hls-parser) to parse `m3u8` playlists for certain services.
-- [ipaddr.js](https://www.npmjs.com/package/ipaddr.js) to parse ip addresses (for rate limiting).
-- [nanoid](https://www.npmjs.com/package/nanoid) to generate unique (temporary) identifiers for each requested stream.
-- [node-cache](https://www.npmjs.com/package/node-cache) to cache stream info in server ram for a limited amount of time.
-- [psl](https://www.npmjs.com/package/psl) as the domain name parser.
-- [set-cookie-parser](https://www.npmjs.com/package/set-cookie-parser) to parse cookies that cobalt receives from certain services.
-- [undici](https://www.npmjs.com/package/undici) for making http requests.
-- [url-pattern](https://www.npmjs.com/package/url-pattern) to match provided links with supported patterns.
-
-...and many other packages that these packages rely on.
diff --git a/docs/images/troubleshooting/clipboard/config.png b/docs/images/troubleshooting/clipboard/config.png
deleted file mode 100644
index b0c0a04803397f14957aef152d84e3449757f3d0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4154
zcmb7Ic|4R|{~lv76vmo(Fhlk&vP5Bw!C145eJdeZ5-~klvdu^(TV$QcK1lX8BbkaU
zWhYyaHOu3%Z~5J$-}~45*Za?W&gY)*a-DOZb6wZDADf!!F*ETpfj}T;eGJ+h1frn;
zV;3kr@Z0N?X9EJkX!Oxq*uR}tiNR%@L;T@kM{XRAg}=?Prr3}u`0McSN*&Cr3@e%f
zGgxVzrJOEhCQ69p6~&#BDWnT~UXt>t&Wgq><m+`~Q>3h7One%*UE^n+7$&wFr^>0`
z^vO%X?l|1~+SFwFrRr%>d>1i&bFX*ocxU&@t!RNyJ4+)HkAp<Y8XvnD-b8?Cpo+2)
z0yw71hAp*?8?(JuK`b;-WKJAJn%!k80P`kJ*rX2@4uZg825@(Tkk-5i1P&yPYQc38
z?rs=Gk5A|vE@}WT5ov^4LF1okY%Xe2W4fReIA!f~f}_%l9z+H$P!-Mv2|BwNhMQ!b
z6~A~!D!=fhdVIqA*0RVW{+-uYPyxqjqXZ*x;5ip-g{wOa<bS8-$O&<Aajxw7Lx28c
z0{21X73o)#ISz?J(?{!ku4zw5XfZ0L3z<kqg3VR6ZUNQV*odmIX|gLv{`P;;w$HgF
zE}Bl>@zV{%r#-R#lae2fJd5i7@C+(XH}FUn2?E0~tPxF&l{QU-$Dy*G7f?oD(79sN
z5=kaGWRx@}bv{p<js+nadhqoj6o_9!z*=DH`ZzVzUzEa(t!|MZFm<AR5FxJIbXm&>
z7WlNqM(tVZI_Ez@;!#^ghHNe+^K8TjU`Z4H1_!da>_zk9)Aq*9b7|$?*via)bjq5S
z?N<Sc%t2h(U2urR<l8~+=Kv%&{Txt5$p{aEhj+1==Fa+jVMbp3nutZAgJ@JQulVvp
z6oY2!_8Z^ixvuP_c#Uu4#W#5kTiINsM@gJuSTQ1k!nE=8`C(_vZcmDO@XqJxZN9l4
zpY;ygDEf|=#P+%3yr9n2`kutq@e@aFET`oY5X$u-Fh_kcQ%ywlWRy)F)J!LeRmKkf
zYorw+vneRf6O~>+aY0z`rLc-ordB>r-&vg)wunMrU<2KOuuGst-aa=`Gb>d3BF^OA
zH$zu-^HUg#V0$LxHut-m@tV>t!Ggl}^<;@ChHMd)FAa`Up}Q?fqy61^+?xai;Ef(K
zUNDa_z=hdwJ}Gn9cQAWzQRF1ru2(F+G2ax6YN5OPgD~s*vvHv#>&ip>)SYuuHI4fV
z{R^WSTqE|r0*R;`1po+w5iLsjZoEG^hRxFm@ofo=^A6s8of}oC{B0uaWTI)3$<&vI
zB7vq0+?dhCZbcWX#6RI}@1(x-5_kdzq0#J5kPe+8$qJ)u+X}IEwNg$71}Z&i^F;ST
zmRiu@^Z}QV%<^EK+SC-;zMQ-qv_6r8G@>aH_c_8peS1&PrUEk+7FKlhu&sr>RbWe2
zvz=zJDRBy1`F+UU;I?Ev8n~QRV!b{6w)N}Ex}+FN5Z7y3?+mRh9i#X`k?(Ne$DFx#
z+AAaL_@pJ%6su6LaeFR3wfS%f`6Y}#qgVemvA@j+T)tL){a10W%FDVrH3;i=`$4gq
z0izi|t8UEkVfGqFF1vk2$k1@bbmq3F?J};n<xu5LYM`f8twl>fYY(o(OQof6ncw2X
zN)GRFIG(km1p?2(F!`_{SqqW3BhKUEGBRh*9FXv;xD}86v6R-bC0Pp#mgR+tn17Zu
z-)!YJet&Ks5KyRGjFm)JKiAq{zG;_Hu&gwmQ*JRb5j1}G+SUg=k5%0R88#PHUzJ{9
z?|X~FvSCCW%5U0|lWEyO-W#HuUSlo6@!q2qosQSAt$gw>X~n^uL#1xNQMT3YK0`;f
zkZy2|_j^cA?rTTEwIt#d%`Khh2M2aceX&-7`)%UNWmBF69xG*3S&*k60s_BI-S1|V
z0omAlALjhatNAwnX=lCfTWuQlLN3^xo|#wtl5e_GEoXafg}*R*sP6l>%mYVG)Jn+|
zP%`-fTP|V!P6mVqibccwfTu+_KgE&kp0vead;{c#DZ|4uIwR2b;eWfw&%Ym@?N(|l
zABLrb4;FH_3>S@D=^|PCl=SU#y~tFsEQ<=PiXI(0`|~nz;xB+n+_}6lYnZ-?*QB3$
zxQ7|2!RCwG;S3{d-Tdioj)iRjWs;hIpJbECqp|}obEzfu-=JpO@}urUvcx74lu`fq
z%Q_SYd;?-GhnD&9i#Yk5L(IsXdoUsV{0AWlZ)AZuz#QCQW(38iLm63M5GiR8@`I4t
z$XZGBF;f-=UxmP2zUehYAD_{HBD+j2weU9DUpeV$pcE7c@iCHUK&2|=J7qAmua51N
z`YC(D&d}g_&fp{o0B3<{#-VWZxGsK&%9i0sX`tR8f&mVUw{SSjhmY+WmFz*_N*FSx
z@_LaubquR`213>NpgmYm<>P;7wzW7`-MQcTD=#R}pvY{z!H>i3gdF-RCG4<6IM0)F
z`xFKUf`=yRQ;`F$?g9V{X-@kfK?nr~sx|=6ZNcc6ZpdjwIKXTy|DPBGOQ$`ZC5R?I
zd`M#84J&_ARJLG3+#5B@{Z@Kf=%1p+@-$wAV%NP+ay;9OXAD_0r&Zxu;kBrV))R}R
z#l0lIsMGa<qEYYc5Nl)2nTr>bB#<Jf#dDyeQWW*oSlAy}a0M__USSXm>@NU@G6yn7
zIiAJmG(VyP3a50KTCkl)jv9dw->$0FFav81f(QvGFd^auPdHS=wpd+9E2;}fBz=~@
zF2ggGeG;vQ$&#hknu6zzBqOOnB7U-CYG8+3OERp|S#rz1B5hMG@rgaJPZAK?tzxUI
z&5o*T--cvWj9Wh(XP*0mD~E@AX!QS)`y!ocr5FBGz)mP$os51V8`{6W&z6pBuT=<K
zp7Y<f98uMD7Sra}ati9?%<nj)ZUqqJ2|K0?mi+)n7$+Hun!IRU@9bDA%3l6m=DfTY
zynbvke_XC3a5BrjYgU}<l%zRztSWED-FnHs_c^QUSTdu6uh*_&O$%P1)%V4fFI{#1
zj`ISEMv(`aw_m*_o|o`3e3N))!Ka!(uyg0Z?AM)qhmFOJDru2pgRPved)QOH%J?zS
zyq@fLQ_eq+%*^MU61-5`QDPakO|L_|cUb1!8S`VISz;)4<f_=cwT7<yCcC;9)etN%
zYt3I6tIH0v-kYTFIg6Ob{6sg)UP5PNuT8~DE-XhjCJ6PV4uthaAl0dgbVktIZ{+NH
z8qu%+)ve|wa}ka0E63))9`Pyvo;1#^tGnZuhuLmkQt2&Y`%;X*jB#(-D|YC!cHzp6
zGhpYtF{J-jhT$M8wuH>vVk=G$eoR%F47MMGQes_u8=5->hCMY)C6-^h`o*j+FZ>k#
z_^+<0T<+2SueoxX0TDiE8p=WPlbrQZ`-;@w4YxwxYOx97TTUn5J3l8FYKyl<=wzxa
z|J^R{auB}qrt|aHk!Xo4bIWt7hSSI<Wt(`3H%UG`S1p|GcHKKzNO?WpILT3!-CnBD
z1a~V-FTO;?`p+xvKNPht|MdFmfo1mGwup7)d<mi9PD{rFVIo;gF1}Ho<v@XG#~g#z
z^YDyyKL7k0B6zk5m#nG8=Mk?W8Z_~AP|QaVV?R9`vYPBr`0i%jyjc$U`UOE{!BY1w
z0t}-Xfo9rRy{~MoE`5uI$9%r_1`3<%DKSqN9i9)lOII+*lw))L<0C&~Jde}0opx&!
zo;!iC`)V}=%5Y$g{Y)E)lJ2vPw@qL43e1qG=5M{LQy@}2H>1%1$=?}kw50SjY_;!x
z_r5z8hR6scZ?&(SW43rZpPIwIO*c+zb*1|?;#}PQ&|^uLzh&5SRGb0q#|CJfCBEUC
zt(?QJiCdT5yTx|}(6t&oAtXgo(>b&3`;{CbaXcC&2E%Qfw>5Y_>$&VtHws>FWVKMS
z>*w>0jcL1Y;(;$7F8GW|59-tHpwF(j*`|DCs28Kw#JttM_g!wqtGw5uYUZEqq0;f#
zvQmn3r`ruPTazHC!)?{L<h7)+HFtzul}a4f(|22q1^E`<tM%VA5)J~m5jMIK2o2o(
zJn}=%EPF=nUILPq9e|r>tF1T?HsAfVpV1x|5w%@A^~ZWHk_WToL_9Ioe5kE{*ES60
zHf~Qo>`JCO!qbn-py4ia-}Fi9L(YEdOI-GfZU>I(NsUO8^1YsV?U!GU^y?tyo3#VU
z*JDxAFHmwK*YP$R`0rq7KqgX%VDnpcApH*7rbl)l(sx(aPM&X-OV`X?`rwj9besR%
z4oR`R>*p=?VmRD}%T^Vx710{jYQ-v1kR>W<4}Ynly7i*=x62lVD7JEUaKjGO&UQ8V
zp||@cQt62bN_hd3^%cn^ZtTS-sr2_NLT+{@p(*H?YNCxwE1zn%<Skm0dQCBj94#nt
z`aHb{L!%F-P$|6Xt2Gv(yXP}@5haer>OrpSw$i(n6{>CHKVh*jZG*FqcbIzn7a%GT
zmzOMC;?5a$xpiGsAurYqdNNlYK>Lm&O)(eL5J8#AS-Lf<H-|^Y(q=ev#~Lbnj2mYk
zY#fd)D{LmoD=;E59lGW8OBSnCh9JY|wC6~;`*h03X_-Y#<92H+3s<3vq5x^iALeIp
z^<FYm>6+1rzg+Khb>=F`ov@Lg(b+3=Zp2`-#*26>i^b2)c5HUMn-wJ@(DGdIg4^<H
zVK-w}s=(RAlzlDlLM38$kFhkJL~Sk#%fR%jGtA?DUv%W4`<#TuZW~0SF>@x)H0Ig9
z2Ft3FSBw!o6srrbL}4ef<_>$`Lw3&>W{2Y59p5kAG+lqyt4&Thio2ZK8Ctls#rNRF
zZMT73?pu89EVkoiI?TytPmr?y1oZ(3*o^~Fi9orbj2Vwx^`s{KRuZY`Ues@`UH6dM
z_Q8-K<1y^zN+$3J-{$MgrA%3tj_jk*=(DA{9Xihp;an*1i67OZ1xNLccZGHR+*CCq
zKwv`E;8Q_>e+Mjp5$%6zZWUzZ8EkirdskQ6>5ukCK%q8Ll;cCql(;xKVI=bON(o5p
zQ(+2Kkgx588YOo~pBj(|4Ah1XQ8FbZA#ijQ9uP7V!6Tf`f~DTOa{L%=WGEl`xlb>#
zAg~!AtY#cVfYYHmkR-r?_}h4Jo=P3s7=+L@&N?`i@plG*-T8dumDwp6m=a)jl>C<e
z$hj0F94+;TpbL0n!0rqJc4v@6Vm+N+*@bY}>%X{p0rvzn_#c{`FbI;_Bj4)>+XLSO
OK>9i+=yKHc$o~VoUOguO

diff --git a/docs/images/troubleshooting/clipboard/risk.png b/docs/images/troubleshooting/clipboard/risk.png
deleted file mode 100644
index 1948f0eb48baad049c38a83297ecf8709d94c275..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 17944
zcmeIaWmJ@18$YTbpdg@9A}QSs(jg_?ozfv7Lk>eY@*oY;9n#$m1E?Sk(#-%ejKnZ9
zbf3ZJed1l~oNwpDS?B+Lx!0Q6`@Z(x*S_L+#Z0)Sx*|UAGu%6O?%*rElGDC(2b1Z}
zox8aAvC-eazscy|xkGzLNlr%B*Br6@U`gNl`g9*@NlX$xML(oN_)KL$`zuStplb3y
zeTb^g^Jqafl?et%9y-uV!RUaAIn;$#k%Cq*uXn;YUBMr$Y$(E;`jr!-s`}+IV73Q$
z&czYxe54wlxnnwe(KZ@j0rlX7Gq*Q69pwL#xpVj4Bk8{$e8i^@z)By^O`rYy+lO~C
zh@N3!+^2na=RXe{E@{hnAj!vn&w515^9lc-DYWmTH!<!pr5W5M|C{{nLKs8~e^L28
z`G2HtdHO$I{huQY>m~1H7lY_Sn=bT^U9PhH59jq!1KX80-!hp{(;qnbs#*B{Ry4F^
zh~Pa+b!coi%crqH>6Ob9s_N#{`XE_!vgbN87w_82{-wK*q-k})5rnFTxi+7tNb1af
z(7a@SiT-#egz(?0TfnWk4<7hB8}Lk6dmTnCUKJvKqMd)}3?_d3kDivi1xFC5`dwQE
zt5P?LdJ~;GOzThBe&4H&g-id-Ts#V6)*J^9T(Yv;G$&{LP%=`)?`mxwPF-dg7om*$
zx0<hEkWi!^?(H`&`R=FpAbyk|nY@C7+v{}<tVGnqIC)U+MnWwi;$piz<S4`4dgayb
z1e*!=7yZ2Ddr32W76uq+jFJDbKbkohB;=_-@mB1YkKNbDpR`*sN!A4ayh&PsZ?uyQ
zM)wIA*n<uf&YYIvsL$m$%t4)N*g$`!(xj>=lu0632}I88(U$4)uAjo^BqhPkxBkvA
zy8EhS$0<7M<P4A)Bnyt7V1hz4MSrrsl91b_vQX8P>Po;4BQWsW6#%(gh?Q9TN?qj4
z4!D2*!xlc49X}N0UYn@rZ^F=HgL!KZX#>C!4^=-LUsV6RAvtHA)*|BPab!V?3+kAk
zEoq(GO#{03Dhq5Eok|zH+2clXhQ2Ivf1G6Q)Mj}MpH|3a!A$r8i;;h!Qk_ia43CM!
z#96VBeo+5Vb)i4px+-Nz!<n1&*&Ei37lF@nI4)jEUY!P<ohZ9xyuF~FbAB;zM5w>Q
zwy%|?V&9Jg_x{M)6=YGAGo=!Eqi}b+m-SB`PSs2IVllZl<HVGOYA;F7Jyd0|iO@`H
zpb&oPO6C4u*R5U4Jo|0bAp|kWf_t6aB&~(bM5kwVKI9g&ps<qd-z@&anN)GG@Z`o^
z9eOOX^;Y}4KxGt0LYc)tqs}#Lz{$Kq=h-O<a5s5pW3Q`&Q--s>%*^c!F)r2bMPy%O
zR?k{U)@O{@!?nu{3fd0>e8m*EeDxsP=C>o-Hq2eeNLYwT7T%Gya7NW0d!K5b$>A{B
zDV3>1bnMI*b&RY0v`0lQp8%_LaSgf7I3~IoGGC~Fe+*AeWUnoYRrP(Fm^o#<aiyp*
z(3&E_S}3K$i`kc09<uSLqtkq#t7}>3969oBh<NgRICWC)1C+SNj=nOoAXR;-TMkdn
z=4X@$VEnl=EDet^<se&?mxzIcQ`+*03-L}Eo5)R^z3tqX{7SliQ6^8PsRF@$RVzIy
zoaeVno0usrkHz%DyiUQ-=SFl|S@a0SW^}kIR9a+Y5Z+6u+VI`xFab4@8_-CwoNXLh
zRRxf1Q@)Flp!-Z=I@b|3{Bx9!+ms!0u7RJ~mNeMAE%+EC!4I}+_50qAm^6981A&52
zaxr)LfX<bg5b^e!xZOp&gkz|WRw#u`ICW;?7iJ|(It93I5JmzATXHu8))6(|TF4@-
zfD}2fA;~;QGw8Jc0<46K{|Ccwc0_3AT45xFR$u56xKtxLiS|W~-<!d*7)>Y?qb1>Z
z<cB+6TE$PnN~}@o1w^T-S$V<c?Yg2_`J4oMo=vKh%NBl@70OZg5TR??y@lqSr46le
zk$r9Q@tYJt{|aY8DMY@!Q-0rm$Yw1eC|T@UKz1dfakNvp?O}^F_R$U<PNNgo;uhJo
z<hg#ev*cMy2aij<X_e`&bM{F)SaIlXrMCd8EQ^t%%aGM=IE~3iEtBgYzsh3TC{WBZ
z?BVW;xiO-pGF9nKBDW+^XHzwcp;^`B(UorJrbFwmFV6wm@TSj>#7|Qjx{hx)!UH*N
zuIDfdZxUDSoGE87RMNg5d$vmatf>l0?9#ZPiR&9pqz}DX79ULEE)S*@&DeKIGp)qJ
zR=`*xXl#<cK&=5bA9Q_$7z>cP)N`B#PWqkgN^uWZ`<T%a*~#m@>aUzXU^3!4yXUC;
zi@@r$BSqwoF(iAJxDB`C{M2ysGC_7HuptU)3K{uDq7gtFY$D10RV<sLHJ}<;U3I)j
z@`g&2I$w=2G0==4QD4l>ewhq9RCMHQJ8d#HbfvS0zbrJLrQvcAr8An$J}M;?6dTZ`
zG*f*oo!xa43%JVS-HYvaGa>kG#aZmZ5%*OO-^mfG=1E4bII$F)H>vE^w7|E(QPkgw
zFVI3V;q}Ed%?}{kOJE+;z0nDQ4LI5lNK!!K;P4K%oWS~MU9TmX6{$U+vu?Sa(}!JK
z3L@~DtPSQ2{h^7Fn~!8EMka#JCJo-Z-(?o|Y9W_4S0GfsZ7^)GX4FAVDoq&p2c<!M
z^c(X^EP+V#M3_bTwpfFtsi@aPlbAW*$PKD<sY(^!_A1nEATPwt2`D%k-=s*zN_DhT
zZA|;ZR9Kp+tD>s6%(^=6q6$fWAz;c)(|JZ{boi~<iebE>(sRczY`6AG!)6-q#i0BZ
zGVUEi!Ddv(#!B2mj6J^4z;<Dz&G>tm)hh>rP#V9I2FKdMiooM%TQ_U0e8nHhIE+8{
z2#p!b<kztvVB7XLbXSY65AiLBY3(V1R=?u-rdF=H$x<6qB)<l7UI@%^H{^Tn24wCw
z@5!eLU10Vl84RizK$+{KgWT^i1*Z&B#YQKYi@Ci8ZXfyj!X<2rb1IV0UOY^?_91KH
z>Uq<pMjzZ@bMi)!{QSEMAbTdcd7(pH()6;e<GRi$ba59D=7~7xcVS;w1Me6)k)=+3
z5nZ)S_5*cXpsWjv_G9Zty(}C~_9bzYLNQI8VP{(Uqgk|Mgu2Z;{+57Be_pTmQ9qmN
z-@Gk?bx37Hl+{Jy<3Cp=j0)ch{Kl5#4|L@$pZGKseD9WXBmC;-%EfQ@f_1y-u@ukN
zb0UilmB3|(?90xtMtsY9Y+^jE=622GT#%XN=kUW$!Cd|ott#JbN%AEwf5n1yqP`)Q
zAL_{gP2Y=_AAZlSD)&3i;!0Fx%3{uX7RaCxMZ+PBG>}MgrC$c^vUu2uiPh^<J4xb+
zS8qnO!>-F?lQ&gp;wM3-Fm9FNq3Ammc1H=Q(0Z=8i-1MZ#yI}Hv-+s5+60b()rVWa
z!Y+Onq-WFQHV|-NYcP=2xkm0H2Vauv$Nx$YFNmy4_C`D-`?cv){-YX^PkO4`smwm~
z9$Z&_Z2XxUeh-UB&loZ?nY|~4RA=^NU>-fByGT`peg42a6mBx24RXqVJLyKnW!7|2
ztSW3wF&!RQwAzl0qP2w1!ba0qP<>N-$|J4=rFDo*CBRXt()D8@&bOU#@c0De><O%0
z7JW~`cyT?(SCXXd5<(XB(yq_kL-Hh?W+$oHGQ|QrOqVJ{{HY)5&VdJrVqLiVuC_ry
zV=p(SEmOfWb@Hh_F-}c!bBYo6+?P7#vQJ*#!Z;Q?a2=tl-^r=5Ylp8|g=mSIC2G8^
zvS288+1iY`Ja`?ODXSp_If>JlL^7z}M3U-%)_K`5uLxLv0Pm;2dli*{^wp}8Y6|b5
zuvaWlHyEstB1~*z*ZnM`*y??J1@J5X*v)vSvG{o7a+Ih!S;XKt`8gquPnf79{XN3t
zMYU_e+V)JoabRYv{@SdG6t}_kSS#3;q!!h3u>(+<?Oa#RbIMh{fwIHMpps;9AB6bT
zcP=%iXO7>nJLBG0l^Yhl*0&@0$@F#eOsnjJB%KGh11%EL9_u-GtwiqIbAO-4J6pW&
z)N1~MaV(N}5?3`nfIDMWoIC%eI3i@nnOay0?=Zg8R#M@e{&%%GGe4?}7;z%LGW$~k
z2}6Cc;%=i^w)F0ecdt>ip@GbZ&Is4obAo^XWE$)2(P=4P3D2Sl|Cu?6bthBn`N`Z}
zW6hJFMs-Nk1+2jO+pCFZoF#3-4{iZk?#8`ANuD$*+mPKEfJa3{shVY;#cKM1*kC}c
z8_kZf5hXDiU~0VTi;6plDV;esfEZvq=}2D&lO4CcM>evun>A9kV~AepkqugGnz7)p
zVd8sjfmTpHtrxS=HhVv1Z9ZD3e%swea3eJ&)!NP9b44eGO58lQH(=uQ^;N;6PKL6Z
zH2@Y1`Krz6x%+?<<p_+U&7WUwTKjtM$Edr~arY|8?w0CXkP@ec#f6U6vE|AJUDG4`
zYwY-KPcyP$--u=hHbxijCpF_n3lMyqg*fX?pqW`6y}z+k7R%@}kj<?A%D3In#dAdW
zOupKA2e|!_e9FrYDy6N(0S*ty>7|C$AZ_I}Uk4Toq%`t+OY$$QJVzFaM<mraz7_s$
zG_>#%y)5Hx8sw@A7qFQuDxohAQ@8>P5xaU(H1$N|nkzu3q7GDRmTZ9J*-G6(3}=Ch
zbHLpTyEFf_EWnDR%w&Cqx&^<BR(+X{GowkNmld3FMTHmRF`Y-ZAZm%ISV?F0*@N=@
z6{}7wW22V3v`~qLceMVzEm?zMePlzef_SiWZ_FN3F;_LmGVg1XIl)Heag{)3L2h$)
zL?gm+WGrqWY$yOQk-TrA?^uPL>#XUP8;;rkY}_|TZkYz;y=nUT(1my%iP_M**4NKW
zbez!H+&U!SaNf01meU2dpv=*?oOlcVD%@YMT;*ri`Ot~lt+quhNmwUqdm9afqW4A;
zCo|3u%qYR(wg+aH$0aJ{F6+Mt15P@wvYs@qz0dwIUzPF8wV=((uORXk`hlhAv6&VH
z&p-R7t$RlYg_)@};;SCwsrg&t{OGc}oYQ!51)TIQK6i@tM=kgR55d38d;xf=U1!eS
z0<`>I`Scz=ihQsdqK))9oxw`=$%W93*#%=lk2iAD^RdOw-bKkhfiHKU4_LQ!K=Pq2
z${Bf0Z*v<`CA0}dF2;Syx!)Ra@w>C9E|{3)tSx&DJ$*1QYezBJG2C&zE@A(uFvsm0
zG+X#$XzYAtZPd*etTY@K#Xtr0QK<9_bI9Lkqd(J<IaAlB4l?oFq*q@hc^gG?`9fua
z`bdSst1HxvAN<STZ`WzMDq$AW{&%pRn0<R-*^4WK!<%^jiTkP%z$pd*n*m3Ka2DM-
zsYW04*)-4y3S@?|a%=o#buRLZv+nyA^EQehx}hQDWI%Eh;nE1)9~z7AQF54EHC_~Z
zZgggmv>~6=xZ8~tO?;GdUS?{>|AI{O8F*0=Zy9eXIt!xy(W}hS&k>8Md<w4)a-{1(
z@kGRY&(O2}@O<k4aQ1oOS&0ok?dJHxOp93{6M|ru1BB3KlyYt_*F|)e@79boZIaG7
zM|k!Wd^|3RyqBqH`J}$}?bF{P&jGG`sESL@Io^mq%%P{<uw$M}9L4z;uwhcdv5X@&
z(;)M9%tNw;(ucUJPrP<3{hvDOb+K!V_{w*NMQ<&w%sf;rg944IK_Y>;b%0N%0b`U0
z5h0%UoXJze0Lq!<ntL}B$btj;%}og4b1(||T90q2R&yoQ)nl7*(5&zh$?Kl??SbJB
z$^?!2??MH|mKFA=XNsuR>L6BwqBB5mI+4wA%O}7WnMxa+A6QJAVxB^Q_4<;=`-K%o
z`yVb3SD}Mz`1e))n@wF7y>>yVn7<=>WxZSu%!C$hg+qN~V{mwORp-pckLk^!n+RBf
zon<`evz7E3E<(46I<?3DQ&!tkJIe{aLkR8T#teB&t7_-ReV$_UG&qCKUkMVP#~J~J
zng}FSo=Ltz`rE2uI-izUvt{M`GxA&IRoXwjh#KCtpjRo%q3erMuX+9Qm6v{&U&ip$
z6ZU!FS6ra&iYo9tTpktM1z}rR&X4qCGkA{Bdhxoaz_9b%01o;NG-ohu$x?S0tm<o<
z3O;J2gOzw=(x>b#t*Us(NryI9&Z&wOh@Dj{Qm|bmcC18pJBrsC;>C(;#D%$ESMhG;
zA*PZt(vw(l7CtjCG2yvgCB2HjEdFIPzXaUMSPBF0fB8(ma?k<oF)dj>F>(IX(ReX2
zsv)*=yvO180E-FG{S@fENv?e`U;#6AQL(w8ic>1*_VG_@a_>GM8@fAGJTz|~bJX><
zC+@8l4%6Ux!&9~j-f(cw^WWiFBMD1;_r^DsnODd?3$l%PJIg%#)v2L!oAHcA;>46T
z;ZjM=gaR=ua+scXdc~?`l821HIF$!kE@`9hMRVg<?IGdzS6DFCHz^!PA_2&=(BqXb
z8r-F%A>~QmF98h|d@~WdF1ruCr=E;~lp18C-@#fmMnX^#rDj!>$=a5AE*Lxx=Q_r3
zJG@pi=6*EN9h96RT4R?E#`Y(!aBg&~PBVB7#o`e=rpS$9mrPc7nZ6RC)Uf3H&?INC
z4xC4<_m;**VE57f@eWv<l%>4erYjw3Gvh)-W=i9T!{n!#hr`^9Djn;Vs~{^wRJxcf
zDw^D<w&#mJOSISs|ExHu*+=hcJ?`C%-x(C^*@%&~Yyr`0b95`#X!2Z9U4H25onR2a
zZ64Lp<|Uo<FpF1_OZ1oQQ5(J+-^|d{b^*>^tjMzsN~A6M^sDQ`9``!sMwhzB-IPo>
zGuJ}Z<yO2M{6UN)sSf1L<_vQ(E6J?zOZBQWi&uC&cdejeSIDHGXat)YNhH+T4bvt1
zco$-8c8}@7pw%oyFn(r_^CqBY{iFqoNf~;ZmU^U^Tk%)Wd!v>KV2=gb56l2|vD!DU
zXAa0HY)~cBSjELThN}5YwPFUJ7@JluuNMj@wldQ`DKdc$+K&kmLe&%W-If`P9l57G
zu=uiuyBfzuL2GUnCr7A8`R`*+k-1%w`!A&sOX;H%h5Hz3NK+0MwY9CoEFmWpJK~Dz
zalm3aS61QpCDz`hN!E1bjeEW4Y||>f`b*Hz@iM=S=}DGNIVYa~=e*!<!#gW$_-W$#
zX%8h|>vgxw4&T|d=U!&7rt(a_ymYxKQRW&D1}pv4?{?2VgyU)c6lJt$FA+UbPXoGW
zIJRyD0BttT0B1i`@Y-^$qdWDE;*^4@Sk0Q8ITl?tJA!)ClUvMw4&5JlQE36v<(~%(
zonR=?t#?TC^@y%zK%?V|zrGmYPod_5&+jB~$YUhDPbXsjo$k1IKM{?ca2Wh7wHL?c
z+I<pPHQsQakD3#jHESPgr7rk)d{%dvC_}U!QKg2>Xtn>St(_?EZAPs`jRQX0YMhhe
z?%0-zxOXgxbjD8kx4&W{5SMi|*v*?#+9B4U>gejPV}=pho6((s3@9lcIEpbHEt`Lf
zy79;^OK9o_r8mKlGwil|YV@!{F)|j6U?IRdj2?E$e;h{`7~~u1-jWm%fT%PWO~~MG
zSKiZ=0M1qgoRu6DKqXadhCjh0+HdTzDQBtc6Dojf3auqK5~#XrzQum>X4Pc&m_>!n
z5hHp?jH6b2sj2b#rpb;^61V;ygIJ(v`3;0YpE~MJ(Kf$PElB5#XV*6Iv5xz&^iP-8
zLT8J#k`9s`DW37jxvfkPZ1b_1ZAwl>3M02TOLJ_y47EWc%~#n)?9)VOKM*06^xQyX
zAr4~4$Rb>|#Y}{RsQOg|X=caQ7gPf#Lyq~@_b*^e-WEfb6d#mt+Aa1QFe<6cgW63&
zmkMboPV8G=a=(a67mR(LiOBAW)dvfhQcV<<iw?EUT5zXOj>}2<c}97*Pu<YI?=EP9
z4ra#QivKDxO9uL5KBLz>#|P+=sok)vc1lWEk~aj0NkIx}06-*4y@Ccj8;af0?_Ups
za8+~EuW(OR7>j!Uq;)x&Gnd;rym9|&#5WJMZXVQUgeX9nW-pt91uopP{98`FfLAb>
zRY61aF?D$Gq7n!(a)iIqsd7A}V49gz#`V=^oin&lhd)lOJZ0dEJog}qJDRAmd4-07
zir@_==d(+eoUUX0vn$~2Ab+R2SCS_=uM88x7Q={5LWOzTD^kw4<`;KFYSi!?fBk@?
z77oi{m$f(L_X9--zboz~9t3p;ul?H0lSgeTdw9Bq&V&wq3T;fzx`qOPR!eutXEwPI
zw%(0|syz!{<;%$#4O_<7FFMedeI9;gJEX>aVKMmgk0@h$OT<#cSNKi5kp`r6dW2x&
zxTFZR9T&X8M4$BrgD9Weo1CtThF`92Rv?*E9`xzwAgs>!h`Dav3qtMlahsrB<-o3e
zfSNNy+1iC-6=`wOOfM$wQgdw${L!0IaXz{5{cfleePgA~(2Y1-3Vxe1K`JGRAV-~S
zkUn8_a$!BTZtrWe&G?rWFdYcF!^xMmP#P|f%SG)l<pl+>bWyc+KlNiH1*;((QwXBw
zd@?C@<FeTcw0LtA-Es1Z1hAP@Cgh@lXC19n!EH(KJGcxZW{K=B@QJO4eT$rxBNZyg
zlr(NcGq(YxpE73lBB8sdrER8`<}LW)_N+XC)AW-6-K^u=B$rY9wp5+vCPOPC8J?8S
zYTi)h4S{98wpSXH^-jp5c=25{ZNVO$aNn*^LM>e4*beq=ZBr#Q6nAw|iOOMnLoJMj
zTsXe5vvfikc4n)RPb{*SHCBRRFIlbdU+Se?1IAl13qb9p6H{$XW*-dTl8l5)RBsWc
z&ku{yX+sh?4LhQOpe7kOf7+`Iv>p{`9U2Ac-g(r{XcT$kb7SAn@*z1DLaLbIv<X^l
zKQQJ+O>bq2!P1{ADvuBtFFPEedYOX~Okye7CZj#;@KkrLrVgJn*q`jsD^gBrrwi6C
zfTu}cRNQDw`t5iDk6UqIX*gGlcXk}7GKGz+T2Bo{a;Iag1gtCZuTFmWz(N#V<8~^?
zTl!fY&R_Mw=r^MBPlg-UMku;IYOJI(5-COtDtN3%$rV^t#vYoTQ=Gw`gJ4KJh+1Hy
zf+WzTX^DT0`fSMLGyS+bD$V&N?}El|(FpiAez0ZLB>lUX6500t&$7n;e^qF^qz7=A
z9AlG*&F5aN7_~J%_u35KDF|<xVTc|x*lFf5Z#zYokS1Qm2>hAr{xccK4vr^KJ;d5R
zA0lpc&Q$;PtBUmFp{UfdS!-rxh*m;fn-9ywTLgS-8{SDrU@%gpK17^YjNhp2BpicO
zJI*E))%+Y69|v_Tm|B0v`FGV<6&#PRIzi1j&buwjGhWSWtxiN9sN=Cf^EW*-QQ>>a
zLOiYe@q!cW7qg`XMc32`J}E*x6A-6g@W#N{aJJxcV<H7L?P}2{a(|bzSYCtUAF3XX
z$G^C#>#&(87i66;qyO>OF7IG?F=)nvl@`R@r{i2K>&}f6jswbeF6vAP|JfcmkA!8Q
zn*kw@G@4Ss&?%c26~^<e3jck~+lOW%x<XB^hX+<t_+?7^_j|c4Sjv1n;}-tD)2rMO
zPXyG9I%mx5=F};8*Mk3k7tO39X(eo?_NKWv9fq~KQs;}XvCbm-Qo9^~`hV(oAKPvx
zwY@ZRA<Jy5p_6ICt0J_m0{=}$QyGJiBK4;Uwv_*s@_h5iBbJJ<fAs?R6mD?-m8~lk
zPcXWLX8+mbwsEcvCJ~hap*oWTxACs~+=n*rGOzRVw)k>p<SR{WXQd~9&wa$Aczgf5
zxbxMUVq5M%vF9}?BpfGBFY?NmuQ*Xiu4UtFQ0e1EOftQZkK}(Z0=9Z`YcNu!2k`!V
zmkeaIJW8(L$p5*B`?MeH?tqmBa~XbPtG~`ZfOTIrKEoaR-!B(%p!){+SO$KBhri?v
zfUbXR*k%616Ep=@bkVcmp)%mVRxy3o&Cp8zXYl#g%Y*0}WDSm|{P!yV+v0!3>;DBV
z>QC5Hik}11cpV58$*;NS%f}K!H)zQvkXnusKn?O!OK*8`mjxWY&ho6{UDO(+Zf$0h
z+EHS4ZGAv@IFnd*<p42SVZu7$H=`8Ui2tp^b>CQu_(U!SkC^31=r!3eM`(NMfkHa;
z%rU7panXVmp0)VGkhZcZ+WqSOqtvNbkH@CH55=+dL84d1P-Y#NDk8L07$br1ownVl
zr=lkz3pUv&!HNS*eQg6v39-qwHyjPbUY^-A*D3hsOpx}N1gjxq8AdL<o%gssO0`&4
z4YrVAAzw$DEurJaxdA58n%|2`Xfe9i^t2dg4yvPNOzgrBQa3Il;pF-XC#svF;w2w)
zX*RFXCfnx+PFJI<kiurfu8ymeX73v_8$Ao}`S9`N9cCWZ36MnDmsX#=KL+7Q-n}Fg
z>zl2lKe`JJw=3RJ=CJ9c#1hqh*qweb2Uem%JgAeb%cD8^r0OLJ6Y6Zi3EOABs`pQ)
z{~qq%=^f$B2KK)0@A696k73o`qZ##_I81ucK)E^o`b^-ODc^Lm%@k~btG>eObL@#H
z;kMTW+-CVuTXy}!LPHFcUBA2LwUHs}kX61-8`6vq!O!6w@<)vC-J3sq%E%X(=}F>j
z!&AWJKWY3DMXF0M$!9L+)wT$u;R+hosMKB2$VUA!6=X;qyr}xl#6c|5VCB?haPq^E
z`qxu>POhK}Z&7S>`Vf$&p2hL2V56XglQpd$6-Z@7)Aue5GO;fD<^0KUud4jefWCAQ
z?WD8T>}*!!Dv*FhJUT&lwQNF$7`vjfO15tmEEEos!Z+Q!j%ieRJjAPiF_Pjkk?2Ie
zp1HpJE7Awqo^@DSrnIQ&yF9xuQGBY!Qn1vCqw)L%FojG#U*X#I>8>F3D9}8DNNIly
zxhX0S6gX=ZC8Fgi<zJvvo;wA6UyuLJJaepD?XTF~0xm!J-1j*jnP6?7<*3$I8#8w0
zE0=>*8+)ogEk+wdb9XxSNB8!sc(2l=3DFv?=KT}J)_}7^2^aTRq3M}{6WK~HeT8N!
zX6r`aYG)j`#xm*V+SXIwYO)2#uqvMeoY^bl=|!1{QJ)T)0#{>cKA+TO1+VHFq4LIu
zy$SqoD|uq-ybr~rzhAqXO7>>!=Xd5@!uF&5{g5spUcMQ;)fu~@<1o$^d{FUZW>w==
zukoV6a6Mj^0y<~a0VN+iUJ$&2B<{$;-mAC;Y|?n&n+1A;@Yy{ww^)@h6KoJ)2r8CN
z{FW|?7oo$T=T4qd=PTjo*}BcZ=@Z@E4p67husD-5jnTF1X%Kz>``$aUvpSe##O8ev
z$|Et-rBS>Ks$Y#D<Vj$Uo8RN3O*T6AdrV21BM&f$F8V(E3y|?*^?C7|Sm@5gM&9`M
zl0|rb^f{CvNxcVWHBXPz+htSC6p-jE*drEbD;&(=XNgGgsaBYCNEemxX%8#&@e%{f
zdSv?dUCIEOr1W|fuW8d<_@oG>7%}xM*U7#3%@B>kxCY^6K}lXyA|a;CWupmAtcnyu
z3Y6=rSP}fVyV4qmW-vG5!R{WtpomM~g><KaX)|~P_RfVXF8NsuuSD-j!yL6yLucdx
zqVuEo<K`>Yn4y5s(d6uvxbdD7_2({~-#f}PFT0$rmfEx1BFn1fT$)HvGTrJkFuD%>
z$JM?=DD|Ws46UDE;a3sPF0kbUe1RVJt7G9zDZJ}05b`SoxW4c1X=G2a;>~sQojv%2
z=a)Z1(R6z4S5=Uv2J_op;>}^5VFA5qV#AnswDcS~D_!KgSw1KAE$S|^3eBcp*Y~tx
z#c`)%US*fCQ37WQaF9n}IQt9}a8Ye4Oo`*b7aZ<n(7M|8oj6ZHb%IaRv+6SPBfV+<
zwguACmy>=>Ys%s|TzIEL$YpNf4{OUtK|wZ$(C(*DM=WS?#5g&ck5y9g7rOVD*1TMW
z;=BD7lSIn$ckm>aqWMtmFY3(hHA+o8K%neo0$8fD^&aKaNA3mo4N@Ss+;tG2Lp~V{
zLX_mwdzJ4Q<4Tiu<?4&9eTim_RKsz98QeU^N%4u$*ZdkNxc@PcMpnqRU9xgl^&baH
zmfByE$i#MPy(z-CEz>o4+eG1?*|UG%!)Cghm1K;?#5?IJCZ9;Zsxp5fpTvH_52$d?
zfVH{v4L&Ni&P%N`I0U1Q{xa}m-gX`_W<nTi8amZ-Z1$Kq^$#=V^>#Wwp73;iC!e=R
zM{n+$godu*X&q4?nZa-DDs#FEYLHB`vLC{zHsjS{fPfsufSach&SRJ*hFPXQ(#bj7
zMb{ybWT^~qy0G99mE8r&E<(|u(ajh=`)vTbGe@)QU|UN5g4PCv%D(c`MI(+oM#7~m
z8`8~hH=7ivhyjgKp4hlE|Hwh^j=A;3Hd=Xpk<btrJ-g<#{-FxPr3ndFpVXTv5jnjp
zlNt2v!?YH)h(TMlPn5P?VYQz{lp8UNrSo#h9e(c>D!SK>*jH-2p46ffq|QAIWz?A2
z!kZYixyQw+$i1a3E~g#_PRud<;>?*J=Q8RmKq0QR#uz7lEreEUDB$&ppJb4GbBw;m
zP?&0Q(}^WjOsemTk+%|W!UlbG&1R0ml%|dn8l-H+ruU{3QU+GTDtqaXS^fUlo@GB)
z#I&G6>A_OI5l?x;%PvYTrcML6e))V|BxgAk<8C0@Xi2d@!i7poHeBPLQfW?yqRbzh
zs&Vg)ni*}zbQf@x>*=xd5|Ll=Ah7ZMW0ed;=L2z{_(V)dRj$6G6a&u7wmpu728%)V
zCk}C#Vz}R0h*)t1Ha`&v^lu0`Lp47>JHhbn(j^jOHTNtke9ayBqF78ght3&$(r=*R
z?j}e$k1XzD@dNir$<9_}p@*}Gm1k}~2GNe9kEO%nFYH-;(5Qq~Yz85MwZms>jDN7e
z{O2yOhEp!CYMW@Wa4M|ynB&8Vx>{t}O>Q*y`$g4XL{K@n??S-3kZtqY(n%Zv>9wxV
zuV>#xlWIWX3MN`pDIU-C*JFwU+&)YLH+&RNePlPn%IdymayxA3R+*B&?+UVNmg>Dq
z@Z1Ll7QaM7^8Jho4nTZ%mQQq7N<dw!-38t*O{*aFaWl=pu^yIY_R^0ak!=u13kTLE
z!96Udh<U7IH@_o5-%uhw=5oZA+>D9L1J&*5wx?W)IR|M&YP;QE_)m<a+yKsLaT%hI
z;C(9|0i3j3ki$2#6w~xUlmQk`#vT1&W*#j8uzsH~Y<&}ZHk9LK@BNChWfL~%8_MiJ
zO6D=|-fWi)2%h1x4oy7hr@VXd)=J*A7~ISYVjP|NG}RsDf<u44Zw&AEZQEYvnv?h=
zr=*JL4O!-#^!&J&+l%s*5A$Z!L1vEa-thP2kp0qG09JF_>S$1&2eH)3YZo>i7qO4c
z9qXz)16>2AwRrK_>M~HhJzNzxHUq;f#Q>jFAg;I9l58nDpi#fTyCB$?P^~46fCqc(
znf)R50m{6ONhFcg0}axrVl)d*L?Az$7}V7O+O@-5QoaWDeOUmapm%SA|9A(IC;8)1
z>M4aH)eSlTqryz^Z+Ulvmw#;K6=#R=kjGWR8f>K=YJH=$)2ba)JUUtGNIB`wKoTMy
zwe_)O8iI~EmMJ_!Xu&1&Z$tX0<<mnpf<2s=H8+o5!OOfy@`=Za(C-NTey3WxKV7J1
zTMuo_&0E<otX4jmSc|IvRH4a-Y}1YWEC<LfU?l0sdR9%i%Jk+?du6Lrt)<4$mu_GI
zx}+YP=vnJap~H-$AH#b8L}2JXKe>0^e{B9&*ph}0TWrj+Z2k(<eow!z>VWxQaZD?E
z@0)tk*#9PmCMEP&<n(*;|0$%ra=`cyzoEA0DFcLR8H{anq|RN52xc?x=<Kw(pW*}x
z|L~Hw6wNs8+9%?Hu!L#`0_9z+?au>T%$^*dwG(XriCeXw(DJYrF0k=b({$Aobn}l)
zdQ0RL>BBwv{uLx@p)XYHrR}eimzW8hGeMkE0<KS<re+EuFv+>|3y$7}nkj$lGSEm^
zG3y(Uq6&H-+W9byKH}}isO*!HhU|{whyFEz$|kKdM?Xx`4N7mkQ$r>{=jWu52Oodu
zy7D163Mdj!lxJ#Tx?NIQ2E7<oZPJWV$UUY?S8Dpj&ZDwR`@zZ2^i1fWX6Rcaybrp2
z`LN<zvnboYA!<aPDQTQlyE*Ed8&ru&1aZaT_P|Lg3mV$i4@*c9?z2g{Id7?|zC3~w
z?Bu6bIa7)&Z%WRnZMJoSwk60+AKm5%a;4ExHO89qRzm?eoH|j!NI)a`X3h1iNo{ep
zTW<P6&9z!G^7&8}{XLT9*CjUu&%xo|p-)nM-w&O;g&ti?IQow@Bo9O-PKim7-R5K_
z(Cz(7vbFt_uh5f%pFkWwJF5=Is5f^V#kpEr@DoQl61(ih#qo_wj10{y35XJ67A$z1
z>}4L?`eZAFN6|2wMQ=Uz={NtTTOw(!s6rDxu5lRC-@-0~OeHigGlQ47&+OA3C^+eq
zl8RL$a<=1gu%86t2ld_PrnUKJ3i&7IRN0y|Q2*)_Okx+m`8?aC7N2AxIKov-tc{~E
z-zF*!kLKH%Ja9WE?&PU|x&2wZIQC(Rl(7z=p+k5fj4fzz>yKJgd0}PJ7^t&cFr>-g
z;8intdZxk=w12bdIQcDXBTiqRG6?V7N3m#Hq0uFD0qbQI)yc|uJ-J>VT^aJOhq3;5
zua41Czv#~9Oz4ZX*#S7`z!l{Tlhq6;?q>9(1e)oz_-LjJ5J!sROYoF-TGdoYockIr
zUY&L?mA!v*wOZ4QJR5Cp9qrkB>v^#%K09e_uXw#Welk#7KiW_PG}7rxUd)nZpBu-B
zZ~ZFXCtMVYRcT#|XYW0Xk~(dTQK|~wfmBVei8#3ip2q{q(!H>dlfLa=H-Bzy1Am@n
zQkR?-Hv<pcHn@K+jKe|ff@o;bK~O>95LIfrb|$naJK<L&Ha%24celE$$}0K;i-PK~
zcg+&-m1bNM4*%d_N)c&)l&hHfHz%;t2K4>*lGqpDw&YDKPBj;`6z8(|E97XesrNNz
z5kREah{-8b1~^egHBFF+s4pjV!=9<#2GM@=BBp0@->Y=3LS~fg$U$REXWPpHBQJeI
zcW+ZZA?T2vI8WaS{u8V;DWaiNZc>%3!F3Md6MlfJoQFYl@SqGbDn}zIY?4fV&<?p-
zlt^Et^YqHS%;z~KQik_O$*InV@#n4WEr}jD!?|p>Ba0L4?mbs2Ryxw6`x-5OGkQpD
z3xG*&FKEFpC~R~s*TrN>9OSW?w9c9^h-R@LT*ooGef%`sUaeDMi1~vvvD&(7u-aRD
zVoR#ZlLR&Zqu+KrhU7W8ee2J*Qr3>|z`n=y`9w=D02?+iJ!8EjHiP*P8kSuiqX)$t
zM~qmcXu*jAStS>>1ly3FK#zVdw6<%OppDcg0HbHNL=roT@B=($I!vN`9V;xV^<558
z(W3~0Xt#wBdxo!&;3PWfFvI$Iiq_hq)bO%{jop^kqLLQ&*;I_pMYW+c=H=W_aRUhx
zzXh<-;vGCOD*NjrYY!c7-C3@R%TGG3hu6NYCv-dMqpV);q+NYHDyD?`#d<k|wi<*2
z9`G&8Z$?sil+!5JncP<<?ru27^3i2yLZLNJVjJpn2HT78%*&j2J0ZK+`KavoL3a_~
zeGvV1rw5yEWGjA}4QIl$``E5=x91DH7;nkZL#VP_4`23_L7$xC)0N*^HB+>(w`eo^
zXL>}3zYq>b-ykN@n7_MAK)5pke0+0a?$>0U9#7uyiNAZVT!9sLC$(LyIfA*kvzsB8
z|FPyttK*wy1gi&gDm^2}WU|>6dH`(IQZUTgG4`~HawgNiUhQTmL(8u&Iz%!oUgBfF
z>Sp*-rVmz%I!-o$t{V}O93n@Xj5RH_rL(OXFp-?PzLrnoq--spc&lq##{Z(Uct=K>
zN^EKRrAx|&3T+f$(V=m@T)ABA5m#VyZ~{JpAo+s|Dcl>1%Vs`>M>-<1G-R9YfajGZ
z=59ol3_OTQbh>!pyFvL2-P-=r8-H>Pt(XHrJ50d{S~+fyF<ZVyzjr?%jE}(~KFjZ_
z>9h${>2_$*aPe!!_wF7tU7%Q3NL1=Q*o!xQx`}$JGM|F*N`hvIITX9MZ+zIn1z;r`
zF?5p&Z<eEeb&ts*Tk%fowlFZ`1pr=I-7jR^@8#q!rMSu5E&Kvyk|*`jh5~(rFjjOM
zI#F37p$=lO5Qmu)nf8c0@h2<>S9N&wUFT4;Pcg@iWBmaXA~k&6YNP?17<A-n^Oj7T
z5vBbNyZ6ZCHy2+@pD}q7m74F()d{p65CtNB9_VQlU@D@w-;Jx<F{wqY@hyKCm*5s?
zv!#trw}wpIJv*T58L76n7ct=Dt?<WQ5IJ5ykqeqs{I+{s1Pdt3bX0rpIn^a(rhSGi
zBl9^Qq*;!6xx>$*vCx>m0Im!8FjMOnV6fpu47OPZv7_2^@ATCOJuY6^+3Kw*ycAPh
zc`ThPe(%2OU_Q01N}Nr*rQXXpaJb;KL+-r}#Pam~NrlUI%=m#yTLsqzO$B-;{m%%h
zPj5mmt7M$4ZuTr^7Tzs!S)T*PsmQNNR-OCAplM%AdXZIvM4h7jaG+)5ahHc!G;CHv
zxY-JypIv}w-}Pu0I$@AS=EGSUyI(~XUiQO*-EFxQ)3aG)4ocas3ws|>FV`xLebrtE
z^c!+>Bil9PFZ6v+W0>=JRvmy$MSOu|HMhr1gOyGL@~#9e581~dBxh!ikb$a=E9|R2
z5p;BDgV%<(1y~KiNgADWQUWgeno7-v7lpfkmwoR?VGQ?hA8S@iu`n=>vg+U6ZZUNJ
z;D2i*=W)>(a>s((0Q$YWxq<><w7x1wsN9s}2@&wKQ-EwFMABMHJw8DWhNy`=c$Au`
z<DyM^>w6^7>UhYZgzj+Eev~_zj$swYEJH;G#ESdvnds4@QLC*S|AIjGH_#b+2mJp*
z)Bmqx?}C>L-99cSDb+!s&Nth0@_`QDYhEg=@jhmu0dooku;ZJjajRW>w!eX#B2cVP
z8UL&lcBA2M>ARv_9L5~z_5Hg_SW|-X96@&_r02ITJMS^WET$805n_ojS|V^uP~6`%
z;@w0~O5Vk5%iUv>wamb(x9y9QWy`NgeDWJeTA|gFEw{{IG%$2L9=F6k!cYX`ykvk&
z;<!8$Lr41-cY`C)=&<yi)AeZxBZ;PRM3}VggIzy4HCvL@iCZ<epLiRt%^TF-N2`M_
zpM1sb+7aad+}q!X{b!8#c8FKL;ug2!R(MAI9=eT`(hO?M#TC$7h-bCxMGL&HX_AiR
zEyCSJi|=4(!~^tD1gjMmT5WVK3w3O6hlX#5I^L7>mcGL+3L`-qP3^d8^-t)2IB*>)
zIy%_d7R2k*t->v_i7<3WgL4uC81Yl|X<0z%)$6L){T`}Hrf~_%x+Z;?(AU@Sla_ST
z+iqdEDUMW+Ck1@EgePC4%-DKsCrr1Mc7JAUWPMUJym@-k<{qoU_~Uu_oUN$3zPO-5
zCxHlHr|*2ge3G<1#t<}Jj#4Ua8@8?$E;LcVNbr<U!oTG(?d_twJGrACnilj-qw4Tx
zOuNB&bPn~Pt`{Pm5FXmUHx}xXdDS;1AF4kd-i+C1`u54~T9M_tKi%EYN!q6x-_KD`
z9T}~)@m05rsqq?>k>Y<D12i{;(Ki^8PrWTbc0`nFNHsP?Hn?ruTqHiI3ChkRP;FT6
z9muix<cUF4?|;M}ub*m*STqbMM)M51{%18cw+hYAZR3{v6V)l*J$~EV3$F$g0U<(W
ziiwl09Xh~FdUiC5-d)`kgR{r@>U)o=5!ERw66+K%_!iq?QBCSK)fWLuCr1sc#E`G4
z-cJ8~|Ds#-9_2#+m%v%^toB@ytAU`*c~-Iq&uUQ`g@713d837t6W>M=^_juR2~WrF
zutYaGmeZnNFmB5Tle)Ii*?bX3ZgmlhkNSNUbZXYBwUHJlTY=>0n&FO;({F<|e;bKg
z;CN*RpWjFO#x#<su+|wlLha1S)?IavK()_!b(7Z9s8%5u`?=ehdi9QRB`Ryf-+pOZ
zR}|x;u*NuM@tv(5nO%aiyaa^ASeBIA5gP^(`_Fzjl<2MSd&$WIEJqaTF{+W7=dtsZ
z!kj=G6H#B-!^Ro#ob7-JD+lJ#&izh+jE=OW)s=)3XSka#qeDc7K20m%w-Q44dvsOZ
z3<6ocV5Pb?jT3!l9;MlYso&{<I&^t;pp#%*9LI|$)fW>iyu(7-O90B-+evhWw_d9a
zV{K;_AFZtBdV|BQbU$~R+gx|-ywQz>La6*SET7EP`cTfgmF^bCmb7I5QhdSLtkUnG
zZU{ug1a*gnOXNLzmRdsDxZ56_^z>{fE1&uS0Eg-MQ5jZH96eL`j%1r;Jf#d8BSl*O
z**YqN&X^E8l_mo#4!V0zdMtWo$?-u>)IZ$VFb+yvNm6}%Mo|Su<=s6AP3)Xw#O(Hx
z)AVH7qm5riZ~lO8Gf;$=i!Qmq77HT_Ke<Jux2?_P>zsA@6+wDgs$cZqKZ@qJdh#}^
zovL(p%D0*daw?%N%8QZE<7F{KG4CM?R%**G_;6dw{CI0Vj=ePDA|*TBJ<xG4;(@^T
zH1wyMl3KC5Q`j7Ls^Q%XPU+g_JvUR(E*|lUA8(2_jIHZ*@l+Qaz~RS1vdxa8F7Ql3
z*F<_IbT8xG{O464EWUu1F8`moPmy{$>ye6u^6dU9S{!mc0;JNg7o9FOeNA;FoaJhO
z-<P&Y+O(K_pcLqJEy11=v0Kz7%k*ZdXZGx5lkwZD_jMg*tooxb6|c<1ggn^{-an?|
zEN!FU-ETPR@ygk&RJV+;VlMq%2e;uy!_ok%DImeN0FRcsJYVES)+h<2ds!|@VBpRj
ztiId-1)zTLeXNP>+oJQUrTn{R@=N=qZ$i0W`E1U%W*A1r_;KCA8_a3;o6hoVj`oQj
z@SHEz3pxl%DmxPNUbWHS#5J~GuVjbj9WlU;TorP=1b8<jcq7K2$$s0XPRK=vrE0|M
z8)L3MuaBN`Q@I5K+TG5C@WM<^wpO<9F>U$9Kl`1=I7VB_`B|APcrF)a!uJ!MdwZ#g
z+;tvQAAFPz=b$}{B2%L9aua8y#(2}9pk!wpW}j$uw-y$Xcg4kSq(E<n)qipxqxvzA
z-|BV?VLbNei&4-l-ya=eyeYBocG^*;h4nAF+&g^v%tOrxpGAkPksdW;y2g8Po31au
z>xS0o;oU&8{5;yNFMgO8>quWe3|&RMAL;!ibM#D89d<uGzkzr5eCqfcGf!zHE&O*6
z25|;jaB8PtQEe2Xw=CN4`i0?Zkp!b^#Mj3x&(T)*Nf}37#I1xqQbE^!Np&1)<Sexp
zjuiJEYoa~Pcdp+mIjDx#f+Z(iE$Ul``G4;*tm04vXg`F(N{4}q{)>Zjtltc4y~SrH
z(fUhaXx~OFf15A-Gs&lU_txoX4n(EuN;B&8L=ai_6s(tJV%%=p7A+3i$9f!ffMYR~
zZ14vXP3>EUdjC!BmdSi!Utp4!q4Mt*7ERvYM5ZmGau}eVds=rH3&ZZ~e&`m$vm1(`
z57kw8&C2+D8@=eTTUS~yXx2OE?DAOgsbJ~5wxTc?cW!L*u4kadyx;yJ%)(GP?3NLl
zw}~+l?Pb5Ws3W(r6g8^$N4dJMvUG+~PtX7yyLvc<DX1+gx1ggedE$2uh9P>s0M;!E
zxb<bXkN(>}jRQ8?|4MpFTfU_DXA0U6-@0hNYK(vX)cp>cRKs6X{zvL>p8k(l|346h
cYpKC;r0<WE@N4uxzT8ogSC^}LY5D&D0u1$4M*si-

diff --git a/docs/images/troubleshooting/clipboard/search.png b/docs/images/troubleshooting/clipboard/search.png
deleted file mode 100644
index 95684ff42b8472bfb1cdbc984869f6442246e372..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6867
zcmd6sXH-*5yT=J2^&pS{0)oL1X#!T19(pg*L8^2_1(Xt6=)E`TgeD@PcTkE-6(JO<
zN-?1H5(Eqo;BMdZ9?t!EKi;)w?Ugmj%sgeDncsgW>VcLr9Su7T2?+_Es)~Xx2?;3z
z`0PkU0X(lXC+U!ouxF_%$m%04Hgjp+nGCXe&%EV=y#uL*sWZ5!sKlii*zAyEG}5v|
zpYtOZlVpv*NJ*^4io+l;%aIekWiR%)uD5$~FuR&5DVRa2-sehT7S>~_9z96m>||yD
z?{Zab&6$py&l-#y%#N!XczFEo5cAhknfLA3KHb`^3~1keJ8oj5lt8z%#1u#m<^uh<
z^^udBFd;IlKj&~$CzAZ91<D2DB7B3$RRaIhxQeJA5N*Fae^CpUA^p2CA-<8p7hoVX
zHX?rLBBAvyBf}Zt?<rl;B;5(epPg>WQ>%P<UC|I$$SXgI9^(OlcP@gWq1)vbq*Py!
zKHYq}vbvS*;QeXgDxZL`qNk^47Ir3Y_3#8$&*AdHE26!@K_*^~6rMOj&WF0~b13G0
zpPIwvS#ptd@(w>g=TgaPea-kc_f%58r-mtzt3gYQ`2^J~z7L0Pk`4~`F0mzWcvEmo
zx0(6!lh(V;Z&@7J-~Zz<6*!;pU5g8pPQ{0F_)_X7Y@(rk$M^S^8aB$!5b&)Mn8uAx
zgw9SJu+`TSa7BtkjE36wHYggcVc|bCYe33`I9Mnl)I@MAUk%dWk-?|*W3Vl6)jGBC
zV*&m8d)bntgTK%(JT6+?RKhQY8RXN$6K4P)bbU`&{An1gHHl^-AhOd(w|AfWulQ~1
z<scvX(&((b#V{fK9r_qmxW=eO1yBOlue%bFv=1LXl<XF}afANw(A&}3Sv%TNQBg4i
z5pbnM6CHiaMyX$VW4i9r*T#wOuhK1&yj43aiN9l9mpQ$zbt|(spk)eiul=W-`ou<}
zQOXyca>N>sn)omqU4cX`E(V!nZqwmk7C)Ildc>)Y`(iL^TXs-ySAsj<;@9WL<rXJ@
zSsZ;F$is>6?j^DM_OL#gKLurFWts0kJ=nnD*WYe2kiIsc%55l}*Sql*DrH~KpfFib
zx&oKn|HA(5`2Y<6f^kU9HyCp|lJSBZ%!rVBofGb_ZfL#mwkp2?$+hb<<F@8oRd}*D
zLO3}1db4?tm4aD>8!<^Az;*c);ZHjM(tPFcsQLwDr>~C*am9qHRhE=rqmvO|M1`(^
zCF}h9%AD8r;`DG)N9R_T0SHcwW^NEc62A9pT=+igH6OLEsITJvfQWp4y!YviLKimb
za^Cx-viG7{W6?i9`2FP@02%VF15L~KEOrgcI&w}%ZB5V05y@>qOgj!m^Iposr<hBO
zj?9c#2W|d(`EG~nr@mk8{9tLf{l2r&mxWDLsP#{O7qU@olabZOP4()d0i<4P&pS?J
zpPH#%d1mujZWO_#jUKPDYO$S7Xt{{JZx-!Ub_th8zUk9(=v_M9c!jnsC>#+Gy`~zn
zL)1pa&Lp&Li%G#jP1IAuC|y|sU*as2j4qSIFVm{t*ihA{#g3WDG%3Vlg4?ms_Z%q<
z?)BLlM7YcD4L5~v<VPzqc)<&;b*--b5KEgbqZ5UafrM@K`20tCgv#oEvf&%pgj4U?
zmF?|dmvQ^OCnp~ih>@1t#>`COpX7y5;H=gQc!-E+cqDoq-F^SgT=!1)1dl>}Rb21n
zllM?<)5X@=_M^d5c;a8AjnQa*u=F$9{A;i{5$B2VX56kx$-3Dwc0e&3^Px)pO-(-{
zD=*exHv1w&wE!wS)-<}35z)20yq~|hEuJV8s@Zgdp3{4pwRM}kq<mFDd+av>J^!=t
zDH8Nt!jJEhv$E5p%g+(t;wqKzu|}f{){Q_-*!L(8+X!6mX_{6c!JFLck<TXY0XB*|
zStjdGNfj6FxapBpn4W>}J@XrTv9Imah?bJ##Nd`=brK3O*6?<Y<&Rs?#saP;NLULe
zYxCO+@{Pace;l{;ZA-@Xq+DFYV$A}Hjn9}o8w&|b7juX|F0G(sENw1n_|lmpF5fV!
z=&^x#;o`INf^w!uBccAbN=IiE56Xr-pCHN7AVCp7+SQgE$ik&7>!XUtd*)yppV`0`
z37iSop4!1Ae9f*0@yVH#@y?ekPnjNXy^nO^!8q}6UZYN=ED2X~)PEI_T0i+VW5g9v
z(l7L-O8qRMIAJOMvPGx%>)8aWgFddOC18o?dp|B2Ji;~!aYkL(AE@4MSe;_ml3ndl
z=6w0dsoB``)#Mcl)HRqy6+bF_4>HjtWKJQOueGg;x_;8Nj%^EEiwUxfSpKovbTOA3
z^p$#w2PI9Ys(4=W3`W1IKehyo^2#SmFsZ8wb}zf0r0iwX#K4ygUbSx7bU<%+4$`Ju
zEo<>C2+6D0g&THbQ$Kk)UN#FXv0i9KPMGfpl%Dnq@i}saq7FkIEMOT&^6cH4pq&Sk
zKMR{%$jqPi>KHQ1tn#8^zo}2!0$@0YY5RRFY4sZdbz?T60QNx6LmtTu*D73(tYirO
znf~C_xb>^Hr6XAB<3x8<x3TYaoP)*S?TrdLY8KTT!BZZ%6%%7V73Cup7PVoT#BjUs
zdr5+h!gFP7RT#EWWuLt>XcY_MYEThd0GrbIvz}Gmw)i*ZimZynyx$+BB}ppKNqq?q
zi!U5&1q3|f6JTPeeXNsi?{ZHof*i*H>?gkNcge^pLaPX9WM&2i#e3p(9zL`-A?h0#
z6qFt5`@Q=GxqJ7n`1gxoW`r7ikl$^k4=(1YK?($>Yc$|PU<y_~hG2?AGVY)u9kTr{
z6QBz}thLkg1Gp$pT4xrNX%7&sREHIuj;r%QwJAOis*fQ{XUC6op%lT&j92V&4jY5W
zQ#{SPGGVQkD6b~z-68?x#JkE%hRNz{eaS<-+`c?_D<Yv!jT#sdQ5K;tcf&emZ`~w1
zT~oWmq3ujlm{uC2FUcXX%l$Pj?O>EjC@sBKCfd$uQ@#}aW!aK@<g#ipTQsz&#>4+`
z;#!afw^cSFsgs}7(OXl<BH$!0)yl-&JPf~#UM}59l7VL(BtH%<(ME?mFAr%`$GhK_
z24Qdx?gw$KdZ&>3OST0bfz6a(jG>+rXOuKeU$`ZjNDk$QOI}{EvrhxV+n?)(^Ty+3
zOh~+Qh5Du&=uAv4Vues}^TOg>_GKk4-#6V+@aR2$KGSY`uGc-`&k|{?U!k`@EY93D
zw(Lsqd*4Al{{2>JWE9@%27h!d!I_b5+ACW?t=PTMgcw@%pp5!)p`McGF&8Sfr-Tr7
z7H$_)&trulsEUA=UhX6{t62YB!&H4pGy2?EUvRIZL8o|OuJf@Q7Aid&5@>+ei%n{-
zK5OF>lxE94oE9B{5*`;r1CGBsIG&VU!P!cD>M@Tj)GHeiy8V_j3}=BjL@jYhMNi}=
zbe`pw#VaW}r0OOY-UJS%kFuZH*u~ebXcHaDlioX3g~AZYmTK@7c{BK-^=hOP!~I<d
zv$-nQE|~|-XFEJZtF46#^;fr{&pWIrEx1~)(-WT}K-#DIo%<H`6_0to_|~c@(>=+v
z@bwzoe%PUH#^hG~Q#-wyxLZK<mDl`Bwpn5Y^Fnh@!&dqS8DYHYR9E}3&sH<ZB1fTw
zt~zz9d>K>7!-t5Trht>&Ah$&ycClR;O$PmyslW@ncrTBK0>&F=EmsW(6Skxg)G=r)
z@->)_nj|QiB&NexFbZnme$6=a8$;PD^*Hg#9n9*jvVI-t)%$PII^$~!uiEa4AY_ln
zvHbh@JCQnQ+lRj((yen5eF<j86^;E_Xu{iAq0!txZk)1E;1+`=wtD~MX&%m4M<<B(
zM%D_lOda8LO^7fopMbN&i?Arss}jCl+ak$Tdn2zcR2h-0sz6*SBq@69(o-E=!zcDe
zBQl2r|5-`flf|zEmnqbhuop_-Zg|y?^ce3w){);kX>UU0V=NG(OoiFaI^AfwxcpeZ
zj~f+3m$2Q{)k6J+*k>((1ZxD$T=y$dY}xVlTk&v?xnx9K(b5!&Owpw4V7<~>^N5e8
zUY{eJ22G*Ij2IAh)K+rR_Kivx;TLh!-Dsf@6xH;%M5_cWj#=0*_SSyAgtuAvHCmC;
zp7FY^d{eYhO_?-43Q9e(7xTJ6(XT0eQcE-~Jw58fh#!X}a(G{a4%OD3i<7{{Q+CW1
zO7HEn6opv2=$M(sDqlg}wR>D*Mw#(}0>X$Gy?YJh?t`V{!_zA}$-bGYJ4u>%At5y}
zS=sT(uRA7hZPm&b!7y49&gf=A5gnMy$=~GBHI7ORif$94?F7~Dnz)zis;!rjOvj2i
z!I8?HI(P^cS<)^XP_s%m*?(cMNSU%@s=gg{qw(1+kFK?I=9=1ATv91P=VmG;PyT1G
zi(0z|172R?3<whwF~_0l5F4DgadB);0C|yU;`XFXy2y!}kMp7~(Rk5zPJs1Musc1>
z#edV<lDFp+Zj}i@vz`7E6;glhVN?9reN5YC#kXGGQA9@T+9q-awJR00<d?Cveoyc(
zZM+RAxg_eeBzjbnf!`1Os_$S`F%ZYwHjz??zZvuejF`KiieH><C~$x$3jBd+yH_g?
zpCI{!8V72A)W-Kd9Tlz=YCxUruD#f*1V8A)_9Z!RNtkks<G3G@qB@|*2b)^WP>Dan
zCNPVnoBlT$b+f_(@&$wxH_smukzeedsBSnmpz&f%$Iol!>s}U<gFGpG;Sc>!CXHE@
zfE}G(<h8xhCH+-Nn3>aWliIr7QDH>CT-0QeX7R3JqfV500w{uSSK$lbKWgY6-mYDD
zFXC@~^{*(AAx$P(TiFP#GWBEQSA0ORMWU5SuF^?MUK>t#nT1c7edB`V3fVvUi-cNK
zi_6(~d`AXP!eS||l|}JiB^F37DI19Eg$&5>p7(r%$>0}RoMx{6Bj|R>K_*0w<I_mq
zoC3(XVuLT-1-i+7YI7Pt;#L0^cEGa}0z_4^<}df)f7D*55a7?Vq!P|^iKxwxPr!HG
z9;QC;X#xacvtpL#xe@<2v!bEef@Hbp%F{Il*eRyPP7&uz|DTLeF(%eq-llyz`B{0{
zWHCq(B^1tUn56Yz?Mgyz%#)Z%aBAPQs5kR{;kqLO1njo`J@|QeXg~uv<!Ay&g|`Na
zl$~~^LVwAA;QV%)_wfHx#nlR(wFEKZlDPZnf?ukX8$#_~Wy4+3%SnGL<UiYKlFFC`
zalC%e-=5IC@kGh*U1Rj#zpmT{t>YYyjb!mJRx@8xI>?{L4!pw-Y_6&bs+04Kxuybv
zC_;*f{<8sqxdGwwRB?s=yr&4r6G!*J`}5SjQvw`wzAhJ_!Zk>}@#c)SCsz9UphN#E
zU?TEQ4W=7Kv?s~11A<reqvDTL6|Qbz(&DM$5p%GL2aw}8?ZJC!a$R&_5$<)hD@jkT
zHw8sHeNP~WY<PS;jEs`rYVy+Ck-52-M|+}VV6LE0pw8g2v7A8CpYSYX5cq|Jy6c_v
z!up(ggUBdd2|JHc)6<J;Yr$b*VN;D27d16C?`cPT{9{foV9umb<Y|)35yVx22ow<8
z9bv}8WiHQ+DMm%N524g@<OU15UUPLqr0!e(F1WO{<y-b6(6NB=QP=R@qgiCxV|!@6
z{ayuwB|4_X`7}6;4$=EL4c!l*a#b$adzR+n39I3e=yVV5vB9Q%;+y{1rmE_Fe?|P_
z(hzP6r~*SOQ5XvDcE{D~4a5EItfQMYJ+DMP%ljX2n7EnE_t0KSnIp`uOHWpQ$P0_h
zxW6dtH?uDLZWzxY=)bJ^&G;4Mjx|bq(NNIhk`T&gQKVb@u1MYQSiw-MqJ@!7gJ|^J
zhSdR((CU;wS04Bt9Ua}&+uv0s?eUlI-{Ux`v5{j!cs_6s_{)2?<XHkgZi7MCGxiZL
z=Zy`cXsCoystpjPVlYU#3;V4F0TGe<>bf%gNRK6iGCd|M-^sY+bld_z8oGM<EHJB;
zzjXXnTcIw0>yH0Ua5JfgUV2QQ{BYc+h{GfNobS%T%w-0m!Ny+nM9&%S_oR6gr2=2i
zN|nP&*j)JyhS+d@#PN%}f~keDWN2&6I6sY@#i->}LyEj4_ohf7)&Q&d4mRafs7ztA
z@m53}%#b<owOKN}D*EZk!@iu!6DIA+8<b1v!KNUc8Fe&8%IVqV^4Q`b_g}g_k>g6c
zTyuG{8mLdL6(o<-ZK5A<8&6lslK!;G*uK<{7hM;~GTwhLxNBpNARPC&X6a^rjElSe
zAmqo4d)5>tqc-RF;p+J7D-u8~rW668f5%}+WU9eAJ*-dL?(>(7Y4{KNWr1-;(-tdC
zmu5M=?JHqE<gLia(47ch!Us0B{z!VaqKAd0rC}Qp%`ep(1azGEe-yI38}8k>+)6SB
z<WTZR3^Qi2+wDTLCWoV)oC|s73r!8nIC9(a$G9H;G?nj|9K=3})j49y_7PT_`SfkF
zw1L6%WjwfDw)=Wdd?O51?330rf89fNWWB_UVAD`j>tMZ0Tk%!@s?XY%4r_#ha?S~R
zCTiI0gtg{(Og-AV90T(cJhD=3mT#L(^PaqLc=@Po2BYCSy^kMs11iZ!9q<!Ue#oCh
zn>Bbv_wmMXfjnWO4hz{ck7f~+33;AGzdwPpy4*y4>R}e<U=UV6GeZ%g66*9cE{U#z
zZ@8_phO^3Lg_N~5qfhV4p|GW2VVAb;vzG;By(3?#=)umyc)vKt*%33DL8(SKYEMK!
z{Hg=%;Bb9SqeJ1lFXbU1S|CMhIu-E+%wshtYM&z<4e<vUpMdrR^}TKF38FDdqV_6q
z+DVXe0A%7+m3ikz_bJ(N&0<lm&Yh&Lk)7}3Q}s?SaIf1mgom?^E{w&L9mq?zUhG<s
zpVJ^Zj>^yQQ|O7$$jv&QrS7HbSccG=>g)H2vU9)cV>-4s<r8QqN^ob3EwF!8!5p=S
zVG_|TeB=}HgbA^B*LYatUBg7ft^GSb+FgrAC*=Zh4t5=nn^|}2t0!&!%MrI;mpcbb
zD?~wK4n8`GoUGoAhI&a4I)wq(+HIhe5^T-ORx|H9foEnO{@~tDIwtDp*SqI$EGR=a
z6KRVeJ{e{=Q@Bxb{K9qAp@_Y-){J4rTU&}9_i?;S3e5)}OAYy1!!ipiBW{7clx#8v
zubCAUb}U5by4G|hSPW;n)`Jh-l!;x74m@UszoWe0*X`eeHRA|&KctGRT?A3M4UaTJ
zbTNy3h%OPn$JpBgoI*noR}G>{<$xEG<#lWL#R>%ri#$I)`Bmg`rMcxN+)6Ml4_r7<
zLpURg{z+X-ne2?Z?}!H1uFdKPPWCE$iIRyjU0t{116g99Zx5db%sjW=3GwFDq0{vf
zR-PA8yr_JP;^@Zel!$?v-gO-Bnq%WuuuH~)ZWFLial3WZ&k9sCp}bAfO00I09p&#F
ztfSD)#|8~emCjvq9-EnWg}W1ep_l4`x4elAAmwgtN$oNW#`juaIg=!%{Lb2nay^%d
z=%$^%a$!@AJ<r@jrk3CFPvn_|i?-T#G>_oI;iqB851UEW&ay6@8EwTt#BLSmn9(Xe
z+LKd=+Tly$s=Fn}Ta((NFH+{h!!|!z+9GfPyW32m6El2aY(pBMWUV5Aj4wV8wlNH&
z&FALL#Wh9MIPAe>uvir;0cTFkl<}QPHzDoMC*aAduIS3R(9E<GaS_A!bpreS!OKW=
ztY0pWdnZy=X2j@{4{u;9MCqzzVULx?$KX;4$#rM0z3+tfXmn&`lwiuEK1&7vRPLR%
z3v`nzp{O^AC?<1>Lh(UnX+|D#brBYfQfd4$MoW5CIF_9!dBwYtriw3Y?7O?sa6xGc
zs}cz=2JNVIWJ74(PmNR7`ehPDTyZhsx}!6@DIpqu&`5D~FL@g2%fo|!;33jSoUOUR
zwnlZ9LXl{suTZ0<u8Z?_W;JI>Hb>UxWGO;PF8Cfy+Mv<<%j_!FJzkp>ZWSam+MNIk
z9FqFY@nmX;msYq=b(AV2&rdx|x%RswW42j<qtrc+5~^7qI7X5+J0UpUX$Hr68c>Qj
z?7BJUGkN^tO{?sP*Mu52z6fp*SS5p`Tl+)b?W&MfM*D<(0O|VVjNL<Uy)eFez}K#^
zz#VPlD0UO5bw&VCwrGJX-xeTk)dQMg>2nOh02pG{t!Z=4mHmI-fNwD8`=0}j5x@z}
z(b+xcaG0zKApP`pnd9?8mEdY&)Y?IRd>lYdo!egHs_cLX|A67!KVTJsHj5a7<|Nee
zZYlToG<Z%gi=GdMF9-k(_xdE+MD*b=RtBp4js7&g>H0iIE~E75f7jjMvN9p6^klib
zy(Ba_$5DS>fuXi`V<*Vw92FA-oyoyqM6!`CdFf`>;fkcQWOst|fP(z_Ql5+eZcf={
zEdD!2<~G1l@DTB*$^Wn*JPru$=<pa2yT7~spZx?bi2C$tz-?&S!DeMx?fZ?6sk>}3
hO4;X5w(;(qA&&#TY;{RC1AkVLs48kHRLWTe{|_bvz`Ote

diff --git a/docs/images/troubleshooting/clipboard/toggle.png b/docs/images/troubleshooting/clipboard/toggle.png
deleted file mode 100644
index 32060dc7f9e01dd447d66db8b6e493e47997e3a9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 18725
zcmeIaXH-;6&^C&M5n&`q5Rj|{i6cl(qa-Eg9F+_MDgu%jBpwhXi$o=7B#mSQBqzzt
zfPmyI8HRK>Cn)FW_kQ=+UF)v({+ZRx?5^&vu70ZO>DmOVD9K*Mqr$_$z_|MGfs`5s
z1`Za`-oOO`pE8Gy*cce}7!RfHX}mC6o4ArlI+t{|IoSni5~KF*m;=lCJTQ1=6}pl;
z#a2c8(KRRgjw)`W8`Br5C^F)ipj)ciciy)7;xgOTj5M=uf}U^pQiUxtOVMXbVu$+T
z@;2dieK~W>t**+;%d5(D&&|uL7LU4KgsZ+wy|EBad5oqed)!J*o0q$M+k@T*0~7a`
z52!2N>ICXmcXxr>Jqn#<EQKN>D8?o1|9(KQak1j@f9(#4l#=p+Kp3$U1&DvwksfSD
zK(B%g4+|q0t9B@QURM54;fRjzUy`7tIBe<nb93`DWcO*+G&RYjG0~yWDNH{&JWAbk
z5J!XPV^&5y5oDPJetPr5Dxhjmf8W}p9VQ|(C3+$s3{w+~HVwFsu8Hyrt+fNH=<LhA
z%LEa1<tG^>CD(2dVkRXe^^cdyi=z)D36-~TFKQz?5{g)+TAIjnxy=_}!Ke}m49+BE
zceg4U=dJTbzcx-TeX;QwJYziOeYxj;VG_2l^g!053u?l<nW}YpcyGn{P2+8{OW5cA
z6+qaS<fFAm>a{JZY2v+qG>EPZ;eAp}_}ab=Gm^ZZWOy;&&WZqizG9joZuBc)8Dn53
z8bHcTFtwPQLC#&F=(X{WPYqd7(rFj>h2Hy8W5e;<3zADkz-UGpF9<HB0NZo|zXjfD
zjZnMrC~g!W^o`8Ris(F`Q5nW@f>(fHnkpeFNwFAyGvk6$5HSNXA+JEN+uA_m8I3NQ
zOz)CJQv<DbBFBWXsDiWcmWtJpes%ych+HoA*@Z1{Q=U4;?;#2PJe!ksDpHSGhQP(z
z&YbxyijCe|V@L3JMW`#q)8}ayMCjXFzb?>6%&Dqb*WRbl(VLOB?SwWUAm3LXXYBK_
z$T=Yh#`bsU=1MOcabwYJ7}A4x>_10cuozOkDWq*Z)8rd*#iIFlpXJR?k5gtfnM_TL
z>}sO38pO6YB9V2Tv+&F0?J?RtuQTV#E7y@L+Z+YYjqq=Qsrl`)@AC1<J32aMn*k>#
zBQsNPZ`GPpu37`rvz_UBr(ZBj=jeyDUH*LIdQ~kB<J;k)TiNRwryle5-LE$cTqISI
z4>C^iXQ@CHVS*aD;<gd%BH~K6U0L|{vG<zx9&Wt#M0<PM)~;w;dou~g*${!y5(2l0
ze;z8h2hP`nl$es)cNypv^(;eXmLx%jqW6Hl9^uc)w^H*O89Qb1FmTh^NPp#Yq%zxG
z<};$*pNmI)HDZcWuD@TTUcUe7GyZJ$&G6lfRmgR<?+_J#-4I#>dVF$G*6`yIZb|by
z%Z_QY-+RMjMvT2Bo!5{wR;V7aed@~7fR(a_B5C|n+Ni550*kxhlp-?txZII-nPz(a
z0jh68;RH}(_D&|Soy4Nb*z?b8JX3SB85zz#8VE!OLy_q1f|MIK>5SaVsYlP$DMwup
zgU?r@dvr3MpV|~Wuc=Z(PNIyOX+i3IrY4Y{LEoQ{<CD;k{xGZEo67?lb{v?tD?52w
zU%utQTNE8<<Tkc86xvGynpYr4UXMN5)AfuPNOBop%Xt;mE2iHPE}_>WyltS|d$g(Y
zp{YUO)Uq=9?8Tu<EX(P@Z6jJI&&*WQRAOwd5v{83%0sP@7SfqZF~<Zn!ngXMDmZX9
zn)>Y?cWSKu4bKgcElt=^>Lvhnp<}9VgdMM7NgN?xmZYsi$8?7ntKEm%f<}^~(o!6v
zI~Zo>N~f_h%*Vy8MG%VkSdZQ4DOU2M*Xh<?4{w~_f5eIW<5OAqhi9Mr={mIo3M1TE
z_}X~37kUzJawmV!O!OKEVO&lrqG9VbaQEjp2uXmmZR<sd)QH+fJ5_agE(sob5A%Q2
zG(YqhX>15FdpKjgrFQb%^=_+M)7iln9?Q=pJOxJSn=anbXcACI<o2m9mG4ow?KI1K
z|DQ*p4i`*!#~|P;4fBZ6zT#MkdBXUUll`4%8#OBgl;R%QUG)p%V^y#`yF-(Z1vD;}
zn7aSzJ;%QJj1TwnyQ=S_@H{?~@eaIo{Nf+CSbbMBV0UyTJl)g&ldpdX6m{Pqn^4m-
zMch-2Y_h*UA2ARf?&}ZFAi}2dxd-yKiJ2^!JQZG%d$=2_r)X_QqqPR$&f}`UG;oor
zNx0;xuCUT^#VQ4BiKEY6Ui}08&t5{ib^Ei$F4eXoFGc2}yhPGBzY&Z%K5|$xnz${N
zi%OSW@LD<;<FPhAwUiHh1yMPg(Ub_e?A;P51nvrMm!x>3>MYgRP{b9x&r-{AGfO-+
z%1WD#R$@WZb-7O(K7tx@-WLA>>QHOkY)v1Rue*<P3JMhYbqaLe3eDghPM&$HpOtcZ
z9}4Pzw1QWByG`~C00V2&>3u_O{A-}t7SZqha*h-)+DGcxdQZ^;l&!5fLeF|;OXuQ{
zs@C`X;JJ#u;zx<Yu?ss~I#~RUf>~N@O2bI4Fjs|pjSXsen6Iu-YtUz_Ew)GXM)01Q
zm&}YPHNg;zBs~Wz`oYS_S;0ni!!I(iv1<b0k}chlCxM>2U&X5o_o!>M*~(Lk3exoU
zw6r_EE2gwR4B2~lRH!`b?Xb@5F0&VH?=F(=;FPzsQ7&6mdl<G_zd{)zBMPQIZSIvS
zJo&@!PSNpA@Q(L9=^b#5y#4FotF|W_ButDy9Hx{Jv>*{Z^|D}VM_suywqQN)ba468
zbW=dP>p}|4O&KsrIUYOevZ=|T!W~D7g9DQA?6h_BmO1TPSoa<?4AR0rqn@vg*QGW>
zXF{O@OZ3Q@;eh*|U-u!!q%RxjvF`2Sd|xf?4O~BNzOM-B=qCM61@iLRnJDpIWIgQs
zNZ`8A>7H(h@a)e+8Bu;$Dh0dNR)gIO5(ZaMTnR^Zag$;POgUo%%(Z*v57sWZ&-v6J
z>muiMdl&CEHaO13IpNPH&uDczsnd~qvOLkFurjR7^74+Mkj*Z1n-}0&6@)F-pB8@L
z`A$hGKKX*V{OaL%_Hws6o?F4iHm8+5?z*`il_w+5KE-ZymR%msO4ZQMw39FIHofMG
zWX{K|bY)?Y8?{4n+1inK=`!>6#9Tp>%=hL^W>uh;Q|t}c7L?zxZ%$P3qe2y@Q|g2_
zZaB5a7QNw<%Y?n*>`X~!?TpfQ=A7%4i_dV-@6jqkk0&us4r!f=!OBq6Vg-9-r4}Jw
zybgg{Yy4ja#EWRY8x+w9J@qUx_W1mBgXmuyPTiP%!#r8Hm+%Y)Lv*Sui?0Q*0B$uZ
z!J+QqdXjgF=uTf`{ss}qjgd1ru*)<R?{sjET82JbIMrE7OC!h&9;jzXC3RpSp0-gw
zqP2KER?yJ-#&h>^5Z|CBX#Uy3yDzE|B4(e}JB5b|K2>^@tvL+Dy(0g1b3|<0-wMl|
zT)V-R;zfUPt9dV6%sj3FUH9;)d~3B{{sdtZlgx>g;oc2h8q>`v0F86P3iRi8v$7tn
zt=E=#D@TEILmr-$dq>;vi<vE1v4In7yN-L2kHbt&jw@%r-o>nL)_Q!X$e7<L8u(p-
zbLyz#O$CD`ia9?;nKhFa%(>RVqhSO9;X+sJtE<5n%KlEglgij`GOQNZ)_T%zPgs}W
z1~aR(&iZ0gBIcD#o}KY8hhuz(C&L8-;lT~u1;=ANRi^PCN=f?*Iz_~!nMlvgenlST
zepI|3r4<3^%!ZN&OzzQ;$$O4Ffr+0_kg3i;f;V_SkqUgO+tEJqaNGMmj)z1$a?!Tv
zB$k}kOWxl0;{+eB1`aWR4AcNJ#1MAJJLYkW+!xq2CBPoq=)RYVK515GejwSzi8Dc&
zW6w{^bF0o|P7bzU5miC5U1eK@SW_YbLb^msD}yl8uP@j5A0CThf6>!EJ3SE%ggZGo
zscCx$<?GgJQQZ)z<`XIEU7!L{v2&hO-C-`0*^Vs2G-_&?L7ze0=$@3_wY`qdXDth>
zc`|;~zcER7eMv|sVc;ZPHear4WAbKFKZpK$G6Nr{dq!oe5#?Z(p<7+4mJO|ui8VqI
z!wUPUlIhfRTxaB=<lMt;bGqf;GDrA;Hs~!E(Zi#fVZVG!kRH-ZJLP3v90YQr=?KX@
zbq%OVasD79N`0fUPv^6M8hNH6<WYWydfZbpW6JE21X#ioz3)~w8MG7@c_ZTi&F;%d
zXAcV2)!${nD6F(A<_wKlg#8(QKu~nKkFd!1!n2Q($^8}h0^`CX6-AEr@tg~`sFy`&
z>-z@1cz5yW!5k^pj=jg#JDM)@_~x&mD!ctU#8x{xH1V0@8>BsloHOKmm7ZTW_ONx6
zH&A|>Gr%L9h~si+sM&3g!I6>ngU4Z9Rz%s<&nB4jdnghGpZXdIG96XoWtb@3m^s(y
zotU_e(N7BxZF}*ompDsKzZ2-zPS<CQ<lRUw(O1s-(%A5}!c)z0n6m!_U-p5mbV4)e
zbGn;xsYZc516k2&<Nf5yWu<~|1BfO2<j5*T9R-x%TE!}w3iQXKesG{fnz7aU(?d{v
zN*!#}^xF$OtX&Md+(DL3h}PiPBy+yjSht6=z7S%`W`OPfjCo2^!z`P$`sD#FZsZWk
zAJSK7*9fiS{He9)_n;G0`QoAaeg)FNx(jU@8@Rv^+Kl)b%SwAhwJYo=V#}RuK7ZZr
z^eVXQm#5uIXvx+bn7c5=aCt@AIA?+_UyCJo8*fb<h%hPOYIxW$@i58K@b-Iz7VK1w
z!A9ceAs4K3%K^_VraaF1d#Lxhj`S#*TK7Myx((6NAK9?YmC`b9ge?yeta!@neVw46
z5S9kL5-~#4YH-7lN(Z&I!WpHR>bcJA(Xm4=4;N%J9S?TqQLs;%pHiIT+jvp4>`jvj
z<B-*BpiCS;e#Di9G9H!k&g>1vL)jtn?a$1*qlQflp+hc0`C!uRSkpA(OaAcof)3|h
zG&Kkr5PsV2BzONu%Eamb2ZF$iarX^n>Rtj3OB}Bi{mJMkrNk*pUq~OX=0nksIwCB^
zE-7`^*8_EK*w;Qte@(+n2Sa!q%2lrPRMWidpl@t22t#gf2i5xKgYSY0Nijdszl6@c
zXRgFMAm`ATbqfxvay$Bi-C|LIP=v-xw~hN+2Un=i2t;M*)IW^fTx0Eu+E7|tnM+>(
z{dzo33epqp1hgj8dm0*68f4Ll9z6xBRQ|30a9f~v?MUY4-ooY*`*s=ry$YD8Or~|-
zw%WA8OOAn;Re5HkykkA!!9A+Uhz<Vf7raAwpS=eQ=LNMwq5TtI)hVp>Jg?UerrmkU
zZ1SzEflSE~6PdJ>RqLJY{IqqjwX8)bvEEX6h5K>B6J$Jm6TL#m)3ZTBS(N0k_`<?O
zuXY)exLi}nbk-@M*lQ`cQmF_0JjGlT{v$4*x|M2w#cSpj*|YcLJ1`(j487s<v8&EC
z_Vi#JHQ!$4<W0Q7YjpPtRxN8x4{uAwl(;9l&D%yOXx9rAbEEqh(V3Bv!SopQguyMo
z^9u|Jkjxz|Qk{xJq2H@k>>tol=>}cu&gyz68Q8IT_QK#30wfYY{<L*st5cS?99D&g
z>F{w{_{1VXZOkUAmqKbY$)K^pzF)ni%#iD*8!guf8Vu-{ZB09)Ok3-LtN_p;2jv>~
zGthAA5mBHR9X8MrWiG29-Z@nz-h6tcO>3r~uoKpZ7V=tXQ>kqxoQprqoBMcMD3S6F
zF6j`gc^KsvM_Dk)eT_2Zpa!8kO$E}kpMwqB_rQ)@9=JY~xD5Fqr*c%?Q8No`%IuWd
zVNRc{N$^T2-dif;Y(pwG6Y_PGNg68|2|n_gJmojd+A0N3Yz#bCewe>kkBh|eSwb;_
zvQ_<Ogl=)k$zrM->D?#3nW98K6ZtyM*iF}a_U@Wv%N(Q4?i37};l<4)zL5EVVv$+H
zEkzqX#bjLlfU9ygPjBXNiRp<<Ey?4Su;J?pIR@t$Elvq8o1Ll22bt1TcC1%QIX6t-
zCcMS3+7O{@`1JC!_4PZ0Z56Pw{lW$H3X}-jt=iLojR)%LQKDOIfUu^3gX>Li?jWzX
zNvrAW=W%N@;XaSzsO??22Fm@K1O4u}W*p^}bTh-d_Y|49#=tk>F0UXmZsO2tG&Zsq
zzdCsqU#4LfE8%jQRrXmAKP2)gLlEK6Sd!wRTE08QqGWYPZIE4DVzm3@65Y=@JPvzM
zu3;hBTT7(HDkM8Zq&v=!A}(YVS*|Z*#g5x6Zd+2P*4KI2H1&E$zlRKtcb3&*-|Kgq
zyhq~WdoHeu)z*S-Nw3+!8bTpX{_m3(XWK1TTpm$7rRyQpjOgHg@Hy#uV~5b^28KjD
z7F|}gQ&(^BcWlkEmvJ_S<DhY-jf+^@73oJHeXI^oR&^)`pGNO2Wyk3#h(J{EvDn#i
z&0L1u4mFO-4N;Hu55f;BOyj)^yOg+AR%{A3V}e_2t?i`uv}jFJ1y~lczOfUT$2z-j
zaaZe+Z~SDUq*S5)UQL07BMzim_=a6{Ht>+Dhc7x~Ig<h2X#WaUnqZXgN@-Q=G~U`b
zq9VGvD*Y%(-wJq22;1XYn*ewx2TdLF(2gN&gLqito4%(bN6Yk6C#@;O?nzS%x%tN2
zHIN(P4~cleo5kY0$#tIb^bqX_$+ADuFclzmE<L?X1^2@+rB}ZM_rZ~42ZJeC0+(^I
z92>r={)lugVaowzU9lAC4~y6`pwmM_x>wxNml~noGOr+gbh2{yeh7uqD*&XDDb-b^
zS|QMw6E4|dFT<3f5VRRw$S6^(#(NW<h$Ac_Vm^@R^2{sz`USQLN<R+tn5L!E)22P|
zdM9k>y&v{DjmD)O-hNKWd7WI2Rq1RR7@Vkf?vSPPrbq^TxprZeM2jUp&eHD(_f{t7
zp0NURD#3sL+=KaO-$m~8=$*jU++4SB{ur1z<f8*svPjh4N_jT4*a7CPh3j@#n;kPD
z!I>D_ZRgva3nJwnrs_Mr+F2i}j()44Pt5udptmBa`Kb&$FllILO0qI^jcM90|FGIW
z@zKZ17Lz?4@FD;wi39vbsskvmp@B5qC&>p7dw(6pP6LDa`6>`!7>6h*-v{qf-d|iM
zHasE;=eejA+>Ao-QFD+EY!d5bVG8=9t}ZB?9-cWLZr&QEoc>5^qD=?pz{QK(mSpqW
zr*REZt$URY%@*t%8ye<vh<=hwKU;tu;9_BcvV<>A?*~Ww2h(eEkQcf=>{0nkw+lSp
zj|YgLsSTJ|1QgLoW@_6a)+bJ+;Xk~_kAUu+I{bVsdy)Jmn1ft=_d+i7^AVzSz|>wN
z2Z0^?iHrZVpv1r=LxPlt{`ulx4`JViQc$GxJN=A>E^w79QotTEepBcBjaUrKdw4`3
zP>!PEZ{?Dz0y`OWpz-Qoqx~%#`Wmp>dp7FVe=Ap-6o^k5#WjB({|i(4zb$o(083vv
ziNpPL_u80C^NWZ-{$O;5=l-JohA1cp^Tb)1jN92V@zQQbX|mBY12z#WH@v2?VM2S7
zwfnjeZCqbn1Q959Bt2E&KWj8+GeNr?)P+m1o_L{~c-B}afY6Brp4bE}XMD1d=)Obr
zr0)bFU%!w{w6rQk@zY}dZZ&eL=-#gGO=c7+tbAxZ%3C}wtc4rk*=0qCDULr&4YIF4
zdpfpH*xHtQG%r_gNw-}oL>l;uCjH4r#SR(AHoM3APtLSDr);@6o;yVYHpFnPO$a<*
z@+|7>aZ`_ABpIB6>cQI!OyQrBd@L`){HLn9YYHU9k7rerjc4uw3h;!FH#Lk*z6ykA
zdA{3mS0?=L;RwoZsOCNsq6H;C*O9_m<j4F1Y**;~#{t`a9|Cv~J`qU91GDd>4X_g#
z=fx$#fA2Ol8nDYWQS^>j2Vf1Vw4Ug&f3J{87qGrI0x_EKkAQhMvtUg8MC3ouP*5iD
z{oU3iqnl8QHfksa{5@{|<aZWIk@=wagNhj!_l*8NMH>f{{w*-l7it%`SI{r#he90t
z?ge!C2K-2zg7I9U1ZYIixCw_rpPoOpqP%uN)Qc-vtzk6mEQwEQG_<tlu!qOS80wEE
zHq1}ZyF#_CO}O+bFW}I|2BTWH&X3$4Mg-IzsXOZv`g<Fb-1-PujFY#Qte*ZpX<ghP
zaDd;D(1XDfulwkKC=VWV1sEbrIfa?K?x3WstZX)YAWNA}=wxTWZ1Wq_k0E>m;U`D?
zaaTx`hVR#Fja512*-h3Nf(U6jngXsy0i(D7LB?)AQfTPEahs3c2bv9BTuAa!-v#|J
zMtWaNfDfSL<%(lT@nGXl!sik+Cg*g66uG!wxrB|!qS6OZDZov<yQIO1J<gn`RnW2c
z`9mvhp1-f;Tt=MHCSX0+9o&p)3yc{bTh8ux=RO&XUX_N@)yos!5km)bQ98zmzB_4;
zmiCTZdSx6p;NUHPR)h9zdYIGeetS|cAkGEvP=R7Tukz|s^+4Ksue>5-Z9lkwqAqYl
z^TSkps-YABX%S~1=}MviGrXfOqvWY@^fJx7=MNUM*+x~KwYYW9D=Q?q-n^3uj3hUP
z1ImNls#|(pHIs#(t2P?l66az!*E*+tzdSpMcNny;4>_wG6^*iGDcGGydub;l_F5M$
zwL3UsT=1ztxy23*KBs!4`z2|u=UjSL%6iFF{Ox;S$&ZoB)!SYRjVbNurG&X}4<%wH
z<_#ZE7>UYR)b8L{mi1g)w?5Hl)o$-<<!x&4&{L#%lQX}=mv;H(x5pS(@p*pm!!DDr
z7rcLi1pHe7e6!d=FOB&0^O4hL;#kQC)53fP@Qy>OSoADa$E%dTc(2|gOKY8(chK<g
zkHae;5)<jzRlJ|s%SITnT2W;C*0r?AjD6fJ3Y)kgu>O5^87ct=Zm3kibzskNB`-1C
z>?PUP3$m16%YLSH*Fb2Y_t6);1at|Pln?y;>SG;BidltcSLb#%scz#dvg4dsrP$Vb
zX*|-Ffuq&4=h24t_nI1Rt8?}BU>h*ddDl#Qn7B+Us3W5O#8-5)Im&gH6Q(~ie-<gk
zt{e&K<ev^L$ckMH+w@t~(skY9M0S+D;5ABd^y?Zw@O0h$Q1tLPyu?9Pv1rC&YdfST
z(iN#DRz0LSJk_~m7;#`ziT-RH*Ro_YlxP!}VYeNtlxA#$qtz6ArFU@Ky21GFzT#1+
zMO;NyUuLMHws|3`{O+9eVH^jHZ@D7OfBpF2u;fV-CnH)yL>a3Z);J7nTHZh7LS$7?
z>7&h~Bi1N~FcCsGbx%T{R%@nDlMA)qb*bqZ`RL<F*|ROpH*RiFE?ZOa$=W<s{bW;O
zGI4wuwlm$|jp(4RWb!=vz^^@*u5Y&b=H?c<YJus;u?0@mVii=i30nCe_HGYZ{9M`9
zQCzI7wj<thGQZv2`ULY}b8|hLJj=$LmED3LhBUj_33*qZ<ENFxq#!$1$7QzpO+8m&
zdhXXyj>@`R3(6{a3<DD1Hf$KiZ#$BlT-SY9!=G(ppSyS~n6rAGvv3SWU33%X?mVLw
zzl)TLw;W@(vvY7}>$S&!jxLR#nbRtA(z@Yf!0p0Z!D_2)wWjDwxouX_R#VCIX?A)r
z)=s=<t+$qzds}jM1WD@|N}@kg>gMJ2p+;h37F##dsbYf&=PFkHR*ZLy)5@@`4y7Q+
ziq@knf<;s5q}$Crm>lY(ah$1;9<tEDn>l?Pl+L$arZ<yoaSj%Xgg_o^CVVB}M5$R$
znA^?p-A{h;J!W@8ivGEE5)($*-dK&I4&h6s$e3V=8rN}M7xLh-*qgiF9-Emd?e!eh
zY?}+Qr$RAzkX1}$<JTW26gleiw%pIN9JVTeJ=*Hv(XaJ`FV|FeO9=Fkbx{l4#O>S*
zjT4F*;=W_g;ttR8{-+kemSL)6<3>v`QIC0DW)+=7b$RIOwsdzE$4oBS`kZZx)yp_~
z{VvCe#r=+t^)P)!#~4_n;aTSmrVGJFAKCdC%^^zPWT@udy@m=}QD+FGy)~5OoBBef
z-%5C-r({>hp9$bmab#s)Jh}pAsWqc}P!*dp+9Ap*e`5fX*Vf&j;(qJPQjN2yPbxg%
z&T*Tyuk%twR?kQ;$CZ^5z_j{xo1nG!j>S1~d2_YFLw>`XrFkP<U=2&T%=w`5-pxtn
z!TSw!lS#?rjjO}tAC{E&T()vp!iDn7ZF}BS_NV&8by1HEb&oXHYOf;QX%SDZ-vx)J
zP>w3s(>E_k!kA7EX2RzR5MO&X-QVab@+(rk>SNz@cJnbkQ}Ec;NaEl(REY56f7>m`
z*IIhGx(o?4i|x%CTHCW{B$D%Ece~CB8)<qI3V{p>^k&aL%Xhkk-#&aDQDLEb5=YJ|
zgct?r6S0||Yj(&&XL<J)RARf8IZ|*`Cn)aFhHJ={a%uY6p7Y#rfC4+>&?Y&hs6A)6
zNVx~Rb3E7f@`6*vW>8s$sBEOs+B9odW(4{Mf1l%1S9wD|m96Q;JL|bZ={#@A0T0GY
zW3EMLEGrXN8W{&Ks04h45YDkQ)&z&aLN7bysC27kc4`fE#rW~(-5$V{;f7Usx9DlN
z<Vpa!X`#WkmV?8t-a_q!O~*mvogVJ8c$SLCmSfJzU+55f3+mx<LaSxM!x>`e<-TJC
z3{ay6;!27a+PcJig<N+xaENlUQ$t7anOUvq{&>l_1Bo+ket(aIBRIZa@>Q4PtlfRW
zEC>W90&}}Qqi-_6UDsxp@*!zt-7q1Q<?&GRiH%r!#%T8BQs9FYEu9s)2MIh~T1%GQ
zm1UX*Y<IQf^=`~Qrm*_TPhHdk%jfJBtl)K2`gl0R%@1?m<1rpEuoD&Q;?wkdT>Z>W
zQifvj!|5!)*~(fI5Jn$+h6!H?(!O&L{Q>E-g0(E)P2k1qX6SpfqiLC=lpslJOX2jk
zM&qnRf#<%IW`OHls%}q7Zg=f*GYS8tbXWf*Au~tR`^3ttBh2(Xfp8;aK1{s=KVsFM
zq{rIa1Q|QDbNdYvnMi3gXP?^POf@4_YY$V^e^OwYx+22AeJ905wA-}6leRNiD`iwT
zdFB-g0FWU_Ht!{6!D;NV(ky9!MP)`I9O3{LWhE|PXF~!?mm_g(8sqilff60TCAFuG
z4b8D8Sp>HviDnFHr5?;u`OcAmn5iN}MS9lrn-17&qq-KB#{83<%>{RvTw9X(Fy!rY
zd&oh0SW1^=x!JK^Ucs6;PV}wma{cB358CHZGvHd=+Twd$f*`~)oUhueBbLdmc*KIo
z1nyeWrzX6RU#M8YRs7+(rTpx5GF*3I)4QbU>6b0qi<jzDOO7SJv17{Sk@+Hrr;cQ6
z*<9MM@_aCbF_*`gz+TCl<iN(daCai7CwPS9QD5H<OUSe1T>}aGWuN-Nb2vXyrV=Fk
z<71VUF$s+*OsCJhxFPlw536)2$|1F2XbG7tRUOH0tNpg3v)X%s^#w)t+f*&wT>Y1U
zgmlb9LqjFDBV30&1BOUfU+*tXjoh9~qvKfj0x@oLHax+Lx2w3475D()b9YG1m^u=+
zs}jdekc}&7`|FKR&(*bxx4C7^o(W}c{fGR<wv+^(Pw}xnKZ`X*j(2%6r)_2fR}h}n
zh`mfEjM52aJFk|`#HYL45c^;yA;bQNDrhr<L3!e(oa+n2T-?UInNQoT5>`C;%BSCV
z^GtX+XRyUV`c6c6lrO*~Q7Uw?v7t;}+Q668(?8*Z=AfU2;bw+ck-raqIX;gC)u$9Z
zJ?2_&`Q<F(z^6(Gnyi=<SqiIsn}l)$=AO>FZr%k*pL_yM^3oQ+DFXFQY}hvGv;yTf
z;LEdrr}!kYB!R_w`}W~8@!eUWK+PokWb337RAb`FjfeE6si^%DG#Xuld5=4ep&7yP
zR=d?4WG3W5QXvx9qu2U=U=G3S#UW#nHuBC8n~~k2pIaMp*?@9QzHWs<qoi=J->Y7w
zP;R`#*3Gz{Qs{$RFI5*MJI1RRUnTQf_Gmt|8p1Vr=|0(hg+-|UQ+SY3VRvqYl#kg?
zt2#xtA$=s0mWI2O%k|xZWoE;D%aSfiTULwRQhb^6x{p00WzW`nG0T#ATRfh^;sW{2
z@UdQr3-;{p6mcRtl|Dk7*F<inTu5zFi!r6IVrh<Ub}RBcU4GoIlxgfWO<UK@Jqjrb
zdL}%gIKg9E1=A$NW%*-Jprf&Qj@-F_ea_wXG16JTfKhCAfQu%_!Qj?S#S;X6WB;Vn
z7;_>ks=K*Unzk~9(rR4Ajxs#MvSV9)Mu5pZXQT%TOux!hz{~!T=T<*u!ks72AmyLe
zF^N%|N_A1nVqfQFkuT!8h}w~~oJ59<10)Cn6oM1w60QQ=)WZ*Pd|R$o1asL~MjMU`
zD$*7R1Zu=vX6qujo%z5T<t)7q<?nuW4oR<I`@Rs1uUt~ULR(D9-Zn@Hf8S$uG-j%|
zxX-6ruSwVLtmFH>%yCWw_v1$;T0SnuhxUXO(WYIuP-KsckTy<o6Qb1INS<W3%W4Q|
zcOX9!_{zqvTqpgUaMx4_!DS?~XE|s)?6{vl6F=0;0Pb2$ajJ8}#hRGc+jAbH5b@}~
zwerEJEz-Qu(l064M}Vy5ZHsoEwo;XJOPEmO8_i>h9|;GLdSG*?3_>6u@Sfb)OW}Pf
z)(UG3)>n@bSY__`Pz`W|emwS<>=TptLe-@$xF_{TA790)Ekt*?nwtRBLG#Bs{!L%!
z>aD|#?$=oaivCfDfS$@;_{30YRLh%Y4vCD|o?Ht;Na8yv$FtAxt1;v{62+Et62u_{
z>j8DIZ{Hl~BGt3pzH3;M)=^v^fjYb)XVnNDk|M+P+6<9x=j}aan{t3_#6|hcbax2F
zd^>82e^<DnsgfFw2_OM+)cXt0piQzto<h(Qeb;sKbKLngLKYQzXDQ8?wd%!YWa8J5
z<|b<a4B7Xst}Z;hMBUY_z%_&)8`#WD?q0(*btBQ;BnSli<!ecjUsz5&`Y9$bwTN@R
z^X<h=HC^2pb$o!ToOP)`ss(Dg#IyE0&ZftEUD&-z7HF@5$SroRVByc`#bz)g?(0{4
z4ag`3m`}<p4r@T=*?jW_G9Q;z4w$h{c2$~={WJXB3Qhr(E?l+j=`ydWiKzt^@L_OX
z{AX}pEXjBwfFRWd=%$aSgJIAQz)vAe%C#4M{1c*n5K{j~K8#czkfF0R81lQc|1TNR
zz!R*i8h`wTKKP4BfKLI8!ApTG8SF-SfLIGqO}+ZxiC}X8KR^VB7>KT&b1g9mJDGIO
zEfI`KNeoM%?hEAL-_%4eW=zc1I=;h7IH81V^uovsfQpnereA<OIXVgNtn(I>0Zj;K
zqs5MNmhk(qE+!=BvKX0*-M6GmW)ey>j?M~VKaChreE2$Gi2a`PwIju-+p^i1&;o6Q
zjsj@HyL!ic{fZW@j61;>_kW9ls}c8UVXuq3|FQaUo;l(VJj&50Njq+HV`|o7Yf>1O
z=&+v=U}+{*7uBi0<*pGmswKzEb)f&X9v0e$qi{wrxxaZiV^Z0hVhc1NicR!gpS}p9
z!gs%bXneaUuC4B73ke7<#uoiwz6;8LT?Q#WN*R8zVJz18N5lOCHD*jE`qwTLI+&hm
z!T(kBUw+Bt8c-f9e8ETkAWaXLAs^Eu3vI@jWH%=BPLK=wl^JS%Rm)U|@=h*?MPJKH
zDl**{-zrj2R584}_p5ZMHJ(8ql0#zjBzVx-Io9H`hy8B2&E*c|qrLsg!9p@wicvm^
zuQEURr5~+6>;RXt&OgG%U#~B}rxK6ER0my+m~`2oq#|x?=mX<iy}%Ou(@9QyYF!x-
zqDR>#Tjhgf^H`rUeP_x526wCU5&e6w&gq@h=Qy#pd6=^02quy5CMjMeI!EOhx%x}a
zY^||*+t*lDZOO<&spyW_*vtm|B7|Z!KDGkq(^9_uH_J4`79T|$=^3|P&56tG=xE!S
z99PZz9Ap|8&;o}*?n>U1ynr`<TQ9ty4A&8Zyv*heCvX~)uMYlqF9DE^eg}PnRh(Mc
zWOt8(V#h93{5Q)0<1|wH;B?bi;5Rm;T4L?~hNL!UC7Q?Juv&-c&(eShs6=(bgts10
ziW?ZdG9WIy{ktBxeh;Q9Pz&kh^YaN*_Xn#?60U_xD^%Exu{qS9RIH9BSJjRdWV!mo
z*>FW4BcC5ORqbw#)WaflIOeqoFZ$_!_J)Y{F`UrIgQvjdrc!-ssCz=K?L8e04UM)1
z0!l7pDgiAcosv;U`ZwAXFP3w%Iwq_3BVHv)1g)m_KmB#h81QH)(IuUn7niN?RN4Dc
zmlR1Gxz3R(ivkl;&oW{rEYfZL1FGCC>i3f)`==FM4}E<}XO!<{nF>2L_YDc9ST4^|
z68U7)DGl8!v~n`r6vOWZ+`5j-gMnXd(MPTxE_5FsE6(i^KteS)Oa5vN7?@+&#{>-k
z*%&D<<}Rn`RBjbAiHCky*fcsh%*>hM$-K5kV_4YffR6wXgQ~7<y8dRsOU5|I;06sM
z!QzUFDTY)spu}7x;cXQ)F4}t9{539c555V$=#KwBy*>_@ULcc`qrHfAzM;Bu&N$z_
zHHRp}ZqCY@$j$r|awDqy6pPZqmcN?gC2S9p@4OfyPo{htv~j42Y@DWAMI_cDL;l}%
zTJ*V8SI(Z|D~|SqK)PYe8bCf|$+$`I>kL)Sukmssb_W_eJ=)F9O(su0({F0sCcC*T
z)ADHTYoP_8RUWYD%YU}(Cn`zFHuPeI#=tAP6M)P4KkV=Pb?r1B<Vy8}t^Hwb&<4PP
zyy^cA48s9bBff9u{oOv*T{)oiIRuLJ77*R!U+l3e(X#sw9BpltPG-BH_}5W>j&CJI
zLw}u0bS;#kso_f?I1aGUHX)*0;9FphBW@kxpkJSTE=><ylusJf&SnXC$!=Z2zJeuB
z52lvbHgdIDbTFGGG+OGYnVVp|vN$7fXrjL6(4JrF%^Ggw{cMwvHZC4z9~+D>u$-b@
zpW>phylwQ>j<cy##NUG%ygf7?@G(a+T$}sbO780@cnL9-z63KT#q+CIrvI9yuG!_V
zu)ni6pET$w5FPb-VBKp3SoiOqIVn%mYP`Sl3wgIRl`wl0biR`Y$l~`XGbB-GJubk}
zGD<{SbDIUgg-DY<?%JJUl2t(Z>~jC)X?6G=`BLIrMF55RylhzDj+%3!<?M7gsJL4*
zqj=j+qO+#_ZPwrRMK6bG3dUN){8Sm@UFbm5vv-f;0R=@}(FD&GogJ0c(Q;i$MTyh7
z)^MKVL~K8}myH@ZU@|Jcm~Iq;8syAcpWK)3je5npTJ!e)Z3xgZY+o?e&>X$Zk%Ks0
zQIV&9oy!K6AN()-Axj1~J%K+!R<sbtwdZTfc8dO_S?e{pBj;Ls`m{1XSJ!<z#WzP<
z>|WpD%`iHPTGe;yUpc7eczAr>>mtP(p*)#iaH^g+uOY%=o`85xb)t4@nopLg1+wdb
zOkF<PGTr&fvep~DsZ`?_iks}z)kWG2!f5a(4*k{5+Z}nOcD$XF-JDT=1*m|bjiR_b
zb^TYICp;Z(d!aUPRANNFSIbAvYn2uO3XpCZ?rlD<DT9D*k1s}!H?-G?i(pUmC>J%n
zk9*IO&skPe<ghf4yhXZ$ghl6vtc?%n7&pf`bx_(e=k6*)@n&wpYdD2+u3LWN?>$Hj
z0#4j*4++j1@Y3Mpu-6&#ac-^}Y*n9UqmrsK-bXh=#qudE@IHjrgA;rM>@N8~Ei@6O
ze&}z}UN6Y<U&1mtkdcyoKlC*Vt%td%05PuOjYn573OxCN6w+Qmc!npw^bnx6WoInE
zvRc+|HZ`Z{qZc$}lAPpAD!E(ujTg={L#^IK;lF4~!@p?C7Ry(TIJ~XhxQ!)ZGv+;J
zyYitZDNbwyFNA3#?zF+YZSK)#g??w7xbdJz2T!34(c*`zM!t4;dY#fH^S+%{z&JxV
z*OKe9wuk`ZnNn=9Fi(x!m}@_yh@D%gL-m3kuFl^62V&`6E=gb&za*e|?T+Q)@e<ZZ
z-u0~ztdZB=6S2=}xte~NVz0MZTREd*)+~UQpM8iLF@qd3C1~eJQO-lH0R(L{uJ&`U
zmHN9nsF+sgo3#dxLSg1+D<S&&rTM4w_|b{=kHq}p!@TPpXOU*rNX|7%2S?_#80#66
z#|%cmHI7D+d3s>y7%E2p#%euRzOiF0I?B;9Mxn&ZGqyd}na(>?g%nuD>qEzhp60C+
z-nE5yBPnBUm0S|M6omgQqJagt^dn6NkU1c$MjIr2JSVUQ=5Kv{Ta2__)V-DY?o&LT
z{)+i@LU|8-JM`!4@oT&l+sInm?YO;AGK{^v-ND#LX<k|Fksrj`tFHBDf=e~gt}a|K
z%{;tULy^OvLkiGa#MRckr#EandBfJa5=rd6Zl?T?ESr`|Bb0j*;R@WGy=Q*C=Dt1q
zQk^REF?avj*GKtXh~x4712GYs@tx~`W3?|a;A|ZADPOcAilU>!#CeLsaylisk{sQK
zU34j}rf)BIKm##y1WipI$rlgoJPe?3sdNi|-NuLA$pTim%jo*`^@MKVrluRoIo*ZB
zcTRVGwl9YZee5C!xz#-U(%I1fOi4f@i=NvtS<smNTW#oInWJ@FToL5}b;X}t*X>XR
z*k>hDIf^$Uge*q)G2lGc+kkY~t0nzRwk17m*Ro<|@=nKi%=+IU6;u^Rjv0K6BCp(;
zuk?d60TpJFKGEbRg8mBp00ASJPOSxU!z;NqH&L&}Z1lM5PT%eXmmeIhQGv3_J^8S9
zD5Zor)a!h*7@|+XYGb?irDVLMK;)Dx?nFUmCa)hzLVK$eN4K~o0XnC<_eDH!p%-ln
z=a<`A^1^nAXO-R85zelMZ`;X1RYOHz`H)YV_~Wf<92y(mpF%R9VH4rz`0TnPQ2Wmc
zZuB6oBzRfWKlO-Bsb(lo)&1M~sqkao3xIpN??$G4J)k*}F)i=kSf-n}*<Dajr(43)
zcVBlf1|D1wt~R8<Hd$h2L=#8(dag!sbe&q*mPSI*DEaJDQ%MUcx{G?xB|=kT=wI~E
zX`J`kzWi)pu)eF}#)`mAmPSEah-E%AL<>(iCgS6g_I^KFt$tS^6JK*2_4W?AUM(7j
z(XEo7oneqJ0r~AVco3-ng@uR3>88}E+;WO4JmS@z59K2*MGGai&$>-3>Q(M72#@tx
zKCb&%!H$quSoQ75-*vBqHe2U?bePP%jSH9->zzv|NZ$@!FOOG?PGbXyL}{saFV`KG
zw;_LfW+vb*J&J4-JWAYapa2fALLuuwPsM;l8E;3=q;r@k-ypS`dGb4piMr7th>B*C
zC=2HoQWR(82sMYiomPv`IW?0(nazu&rOWj9vXrYWr-@BvT{93O!xR_ONanG3Q?%#%
z<9g(m>lZkgqT5dEs?TzTk|Uxkc^JjRLd*_7@Jc1cTXkL8zS?J$th%AwJ5dU}VC5*9
zI?*q&;;~Bvs_HIZT`RfceDL<+@MA;k_zR>A+CfaYINdA%iw=MX4YHTAVtiU$;ln9k
zf;XC$5LZyg<H~ox>~64#JNy5nIV9;9ftpeMZ0Ku9A5T$8EzfK2QpPKO&#SYxD{>fx
zR5=0A`H}XWw}?quWhkt!<5n3Gd^5Mg#R5t%yP|l!Th1wuoww(d2bAPLQ6wX`N<O5I
z8aLP5xthAU6G{vMO2*<@%#ReF<*7bEya3*7SsP4y{GWlCZmD!Z`W%>n$OKxyKsxuk
z{Dlb!=BSha7p4%I(@M=CAIG)3m96nSq@6{?MgDV8Rm2A!cmJ$7LEb(R62jjIh&V?Z
z5g<yHc6w}{>YoBB&fbpb_@&?l1KxLq2$UJntc=f%)!hN*mit{GN<Wq0lX7Vkj&=Eg
zKjLbBUHK#{D>=#Gi-jyhwh^G`RUm}@p90R^4U}xvh{n-yg#jKCQLpIChnU@xYbo{8
zdtr?W)E_b>|0cI3`mP9szxnzIHcB1+8wbnKa<(Uy>QQ9~m*?%D|F476_~bx~m3x!b
z)C~>4tEl+<9HEfubEUmi)Yxn)^_=6NU`U^0Q11n@|A#Fcun|4Sn75tr<l?Xj!Dwvg
zoSo)dxs~}yUHm`0|L32K+`!Z17T@VP*~${Mxc*769!ewLc$7FIG(xj)P==JdS7*)*
zsw>CTJ8j&&A>cigbB*?ARrODD2dJ;6$0{zC2mL$C;{dX}mmtDe-b}?fiF|!-?-LX`
zP;&Qv{x^wRst1lQxS_F-!p~oi_@GiUpfj%JRm}BRj#wHL!u?S@J6MA$5BeQ=g)w@%
zDbTupyW)MHddQ1&DET>$zgnrY*!I<)N_xOMFgfpL(No$lUw#N`kLA<{ZVo5+sIhZT
z=V(A^e@UVL*!Q1*W^jN1G`!z0eCN^VyNt;kQFo&AbY1jv%*Zd}06B~rrYS*#FKre?
zA1EFZyOB-!>vUKp;gHKF_Z$Pq-aDL$_Y>!Jt?^H%Uds8+qvwT?=kj9lOL2hvpZ|}T
zhW}yamuxZkZ5AJlX{)LRh&gRsGfk}~zIa9Q!}g+!8>$FzWK@*$j=e0Rds3Xg_$ANJ
zJ=%ESvdi-}WW9ruyK8f?<TiUghQkM*VvKCk;9v7EDaENz%Hoj&`|H7a2*ac59Q|?y
zQ7gX{$9rM`#Tb2e_usJh=WdyEr20b1aJM43o+wXVdgij`(^pIc3b0_c`q$gqfAv&B
zVs1OHy)N3YW?NG_7)6)!O_+D2zI!Ju5&`LJy_CuNt0~bhV_q-g?{s-99y3j|7Lj3<
zn;&hwQ%F|M2C<9FJ}(5*`#tTE4ZxEOta*w1zi16i8)^oysy9V;o>Tv7El_$JAPG>t
z@f7`!AN<QmzcggQFfecj&;KvLU#t01Pj=z1<wsT>^cJWk8<a^r{at~jlos#;eu<=V
z>#wkS9uoq}E+@{a|7+ZT>pX%CD2`k08~82LlYM1p(eP%0JL<1;)cjgTo0H#*!IhFp
zt#Xf9wXtUchjs-GsQ#*W4EX<{&hAgUfer$+cpCq=A3^HHvkBzZe;2&{YGd?7d_X{+
z{Yvme`iHK5!bea(pf$6=<bSg9fAyDA1hi&zQ_1^xT4Q7fv^MrGYvy-aQw6HxLXklO
z#{av_|5i=@?{5BWx&Ldlxc_@L0eA5KHwY4Q8+owul|P3<Re*=wwkU`Lo91`^2%0*M
z^EZ)o1*_9D^}_o;7eUq!-t`-o2p}~hBY>|F@XUnY;VUi?i0AS}5AXxpgMt7+mjb=D
z|D78IZZyx!tba2gJtN>jh$*eAeiNkt4$+j}@prv2;6cDlWXw{Rn1AE+F#wVOySV>u
gABE}E*=6fPF%y~W_6NYfKf-t@tt3@=-^BO-0Tt5u%K!iX

diff --git a/docs/images/troubleshooting/clipboard/toggled.png b/docs/images/troubleshooting/clipboard/toggled.png
deleted file mode 100644
index 6afa0ace793db75be3e30184f2a2a2d96ea9b4bc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 17312
zcmeHvXHZmI(=Lnyj36+e<TQeyWF$(S0SS^N=OB_9Kyrow5tWSOjFO|IAqPbf0VPR}
zO3soq-0geLQ9Q3-)%|hn*8Opds;Pm!_gdZ0>h9J3tlm6RQIf&OrNqU+z`(yJdsh_$
z0}BLv{{+DXK4*;ZaWF7o829cX)ZGo&CN8^c%r$Oo`pH7n{ADpoB(Cy8ti4jRi>2Ps
zPYTh}-ORgsEz=UGY`~L%UjLQjvI85sQ4RsF!d0rOk}G}6t-X=|T+_}5>lt4qibWeg
z5+)h#GgQB4=v7*^N9nfL(0nW+CeyCF@!ewze6mZ^Asr^d(l=VCb>M6;&1yu!?sqb?
zf{FVa?EXXs3U4vW=sG7#gJWQVp}&3P7c4WIu|U{3H?VL(5STy4e|=obZ<%bYhk!zy
zZI?*@>*|ju9$^N+nJ)eD5+e)_)dmGBkP-bh>)%4aAP)&(k!GmyaDtI~`%-7>J20ZP
z^Ml`|$iAh*WTpy;u(R5$*3sE1ALTE`5b1&$&{Fh5&4d{*5Bj>;MF7*7Ss8Q`eo=f<
zOcKam{<1uIdjlMX2LhvX;5oS9D=4%mvd`DJ`K&V#hmOVPSVO+rZUO@r)-y7~T<=!Z
z{$cE#V%mxpaRDln1aaP?A+wL?K64gRza|)0)gSg6791u`R?t$C%6?=GCjsr1(yHW5
zv|H7?p}pnE6Z(lV94|oK$C;stwYOrFdKSP;gb8K?q)~u?%Wu7QTCng$?(WKz6LU$q
zRdK&A+ibixHP3h9QE0ms>g<%TV<@MW1N>YXnA!44bojLZe<CpLqj$YQJ>w0?nd6P-
z<Z9$AlZz`DnS_Bbwzg{sf|CPaap{VLz{#*6pn3?oS1OE4G(0BY7g}(!%TVxqzhzI{
z0}>d7Z7?d^$b%UUO-M7j4pE3;$iA>7k;;JZhrE=P+1kKpAubP>v<z{xcp$5SGrUW;
z=N(2oMkGB(h7|ap!?<45#e`j$#2ppF(WG*NI4U>&%;g~7)E)}XQTPzT4B1&5)3QS*
zFyy9-X%03Y#&xBR!St%_<TJD0dIrH>zitZ|B&~su2DCUSMT<>QF-))uJ)Gk4i|(e=
z)|%%2nxqUR{~VHg!N%INTDlU&Bkh$_Uutdkd}HMHJL^_02#0Yo@*B$CpU&Ohi1PI*
zoJHY~e&icccwtblH+PgMkfp8rwIOa3=CIgvz1(KVZlux6%`o42W72?ywO(FtEG?x{
zp0PXLfd5`wxUiyhn2>~hYg^bxXVQSpT-k@XCBx<YTtADXlkZ1VPJPlWip}t0m_zsL
z)~u6l&85wcuJWd0dJZ91sOyxE)YtpZwW>w;8`#zg<rYBr0WCY-igI^<868XmrFH&V
zGft#Z-Opz$rf~MlZBsQC08>VEgZI+AtI9oEWBCfV+GUF0B@5>w221@|+h?pi=2P+Q
zI|kG&7F`PV#A@78)LvcpteAz<@jhBY^8$*b2st9L@MvQ``0lzJ3Vw;mi+>eP&A2ky
z$imJpTrrB??iSawtJ(BqU$q&KXr3##nqg`@i+Uw({dM~8l8s!JhOsv8)!T)aB3nD&
zf>CQYbWCA9>yd$mx=h8V1kvkjUb7*EY0;t#(jDR!zFOE?eoU8+)?+%JD=mdOzxX`W
zz)r*2%(~_`7S&2?o@*V@vU*1i??T}41zlxIx!$aQ;7`3R9zH}j@%?-<ZbPA2TC>Fa
z<HkT%=~eI(rp_@k&66`hA5{N@+XPi!*g~pbc#6Z@O~*Z*1sqQ?8p1gti1#jG;qJ-J
zb{U=U!=ohx?XC}#DI$XiR5GYp^Qm@DbLz?LH_X@r0t!b<%~rsB3)D~6>;0A~!_N*r
zh{xDl6=H=EB8)lAWz3haTm}339tLjRTQfeaY|wDsD~T~F72*8Q+;d}sKolWXN&zdD
z*?4hjfvzW@<tZ(;v{3!MhzRj0QE^Xo`r=VJM5jeem$qlFKG!UJt-VBG5trXuk>J)h
z=F-kYf#zE;&wS>g9<K9ObiQkeU(%RYh^h||v59fX8E<l|JTda3Iw>gkX|zF1-__}J
zeo|DF%+e__n0y{V$LTaE!mPG@H_7n$#g|lWc%1$LzE%6=d0yQ4-Ad@sI1gh7@wHk%
zT#U@*-agupciQH!-F!l~GB@edZJ?^gb9erHXQA9>Ow;O2#%cNp0=lF&cN#b!$u4VJ
zQATh71byn(7P=HSuh6i=?c<iy@j6a?GhxmKkCZJ2YZU!e!ACt+L&N71$<%0_p1p;T
z7{z4}-gPkV_i_sCf&m{^-*dfglIUfMs^@*f97Ut|pb6pmX>?{_e2|y#CRN|<d7;CH
z{_VLqR_E#=)VIbsXZ+3t1Wy8KNA0GS4z<pev#eBuE5nu;MC;t-y4P{CEEas1YW#vK
zOV2`zTcx3Sr+dl!GLqsmrUW3#+dw#a(ZLY~`>q!<*Ls=r<M)r9lFwXszh0ehU{j_;
z-&)yqt(s_v_!*E?$U)Y-Qxp5+%%?}YAp+XP>PceACnuW`r7O+*v8ADLK_R4;tf|D9
zA4&}BD>J?`O=$#xQ9-u}11kHd!G^Af)w8uzXB<oIclcyJi*8VR=nK=bQz0^}`<=Q)
zORMHQ8u9iVK2dk&lRRIrLbA4rFs&hsuLt?J&3@7(&+A**{w%EZ`DoswWJ&<P`qRM8
z<jwnI!5_SR^dmQT(wH$&8HnjjneOP*U_U8->M0In@M^4`Zo6B?tNPWoNkwZ)@pv_|
zwHJGFejn-V^CQt;8?zqR2k)#k$rN~1-+RBZ@$t+nt;*_dU`x`?4YEWJ6mPQD2@yEQ
zZ+?~w(ja3O^9bKQw^=#n=`TRGK-TZSh@X{dq<I`sSWPZBk17{a7EuVPb2KbUQ1IL4
z<qc>V(gn19OMEa7`~K`Eotn&8XJw(qyH>a<k$N(^4_V-<WP}cY&nUpfmuxFPl;S5I
zdFlqXNL<0J04(C;`M4A3?1aa&#3cQgWHu--L}cr!m)Uuw=iy2(&DNyWXqMJ{u_c2t
zEdo#bYU;X@;441a5-j^`k?b16vsF0CaUJMOeO^X|JI8Mg58oP{)8ovKbkFhzv~169
zj$&=~_pZzxeI$I|bUZ{19@SdSH!@;vdz5c4b}URGq^q}H+H6w<@z%7Sr|Q0erloTU
z)9l6yZX=pZ@oVZbjJjpCeo(AG?)^f+!`KugS2Y)ne1@)7cnQ}F)F2nwsMNl!r=a&R
ztoRM*$HzHiW<_U@4_B6lp0T5k;*;Y#q)hGO7YX!&i{Ix=D;ve`uZ_BQ4s{j8GbfvO
zE?cyHTt478&^s*GG+)w-ZCutcs@I#98GYVt5$amskUP+1K4=@|G0)ypFwy2UI#kt~
zvQo*wWcPGGWJCKxGSGn4bh^guIMKDyiL9Qut}MQ*04w>isoK@fnb+E%b<br6$GJC2
zLdl<2!f3g1P%JxYWRJ*AGM4>EFY9PB9huQsYgq9I2y7>Mmo}73H>bQ?doX5O{lQ*k
zdoQ$w3x|d>Rl&ky)xnxMw~ppc*FwwLr6bi|1@E`(QQdc`Zt+xu5P>af!D82ufnN7Q
z(BFLH_qs=&#G>oy8rT|jabzPpF#8HC^!2c6)Cg8bSXR<%?;fp<vmTGRery?is@{Bh
zGymXF5*^MI&@#f>bzUMmPYISzr#h`88hno?>)d#NFxaXMw6OX*>GELIbG3?3TRcKV
z!Gd&jbndn~BB14-lX>Sce%W^=ESG-q&>#<KnE7K%T`5n?TZ3FBR<7P5#kA|GO`|(a
zYoUl^T=;RRG8Yc2>~**5nXTYUlb}$Qh2z>mo5zozxhm_9-r9aQ`uW{+xRWu3kJ~tF
z{5ws&whm&amc+3Qd~2DXd-1I+m?YSf+zaN3;^!8+HTyi>(%mVCm)P%|pvDIsg6$!B
zxbzUVP(f%`EDK!{&w{2-F_zu3DZ!<I(ofejj&^JMKgdb8j)$&4RTm(q^R#p>>);y=
z|70*q(6wSQIX#?e3r0yjlFoQU^u(jPY6^UB0TsMgS5SD2Ljba|vB^fShinZVRcGg0
zg&0++9eEDJdbCXvOOj1gt$8`KHDH#|J9S5X_tH73IqR$N9=lq}*qo&I(#f6s`AK9A
z!H`P(@o7<xOJ&W9LT1&xQ^JZYdix#gX<lZ=8udG#8_0ZbcU18N!Pj)6x3yR(83T6t
zdBUjNE;6sYss7Ix=n@F80qKLox<PO^4+x2LEa;XJmxWsT3{XGM_e*D@)8*)Wif!6T
zMp?N3q*J2PjK0lU#AWlz{&RSvVQKN3xSrlGa-wWI1w-RchP{?k&*h4i)lk`{&_#9h
z+C-(2Gp^(>q^&VsG^a(+UE)QGkwkViyRILaJ|_z6arB|VQ{P|F9jD=2UIQu$k^Xrg
zh3nNCOXQ5;dkY_sH)YJ|HFZ%)I;zv-inpU^&gkA)S+Y~+@04E|G#+qZxS}r4=2u9A
ztpiD~tJ4+y`fi4Y62ubxS}$-QF<_=GELNU#Q%oik8fs;#{sYhQu~=^Fo}ltvt;EVb
zq7irX;G(G=o2An&rX|f@d6p{J>#Y{Ce34^6xd=`loxK>E$o7_}&QsNT9a9DjW}M>I
z49bScT+NLoJ*R5@=o&t41--yj^imEV<XUev;gCq7k>Sg;Q|Uze36@pvM<6Ve=K-J2
z@;5Vb)}<7Ce9gj@oO4CJ+d~Hi{mY1%IbIyp=D@QY0$ojZp@Fd=SWmuf0Nj`D`p;_3
z83CUlC=zQ!zS(<u(zLG5hcG6?zR_*S7f@NzEo6kYo0uOFs#4tuB559IeY3mr3WwY5
z+pA^4*&fNAm!-XSgqnrK1BZ{5fY2VvpdxExjFx~)<pneX`<ToZ0g1@&=TqXjNVPKq
z>C!@iK7zD+>F^%d>+~<3T3%<tJL~&cBU&ShVjIj`2%lV6t_|V7qc=?Xi`OXJceJuM
z-nclz$4;B7-Ey5ZUF8mQ)8$r<yt1}U`)j>Cw^Pv*1wG33cV<VBj)+eyWyz0y0^ss@
z79DIH@<>nx2GTyIokQw+UGWL-uaB`&_X^h~iXhjv`AuFC>EME9#$Kc@D>^|J$whMP
zOVo&erjqbScnwFvRgP0W;!dKhDyjGffpp$RN;EwDTwsK;aY2B)Lzydwae6^hoV>&;
zezg&0^vCeThzh+%&*E{X{l=2(X8b_S^kF4?Tf4Ec6vB&L41L>T`^3LPO3{I2on8BN
z`~F*~OXFTBMgI=flL>;-u2}(ynT0f9JbBjVsvr1Nr#7xJZ;a@TvUXIplq%q1Nu4kF
zALZ)b6=qQps`T5lF)_|6mU69bVmu%BPM4fX?Vjq_nzf4evmHAsQs~v3V+^Rp*2xTZ
z9_r|^X#5QMvPU)*yF55;$urRLuGDJCA?1cN`I0@|EeLOMU5Mdy?=|5|T&~j7l+`>K
zsh_|1Pl_wlXPIs}7C+)xSWEo8CqGJQE6Bj5>o+0U=HWws({h2LE{(`CU(0~>CHm%v
z&;UF9LC!n3hdxrE&MHE0{$dHn!C#OqrA>9xZI;)Kw#Ad?7GFg~k5qT{(KVl<J+^?f
zndF!U!Fw4Lc#GsSPn+g+K>^EQc3j}_hN((z@6LukdvS5`J-r~F-cGI$Rb~tjw&y&c
zwM%A?QA0+4rYHXG3Rlco%m^sB?=~G(^-@d`teQIx8SHn=M6f&A*5P8>H*9*IVkb+C
z7^ZfR$9xku324DxVq_rHXK(eSVLUCwwniD%?kNjcZD=ylkc^5?RKiqF8EE=?3xfQk
z%tv~*u3BwaI%T-jKV@+J`ayFhfN-q%%~7q-LI<?*onJ@A_E6`dyhI8SIo{QQ;?_OA
zKrQm(FP!*-*Y|dfE8Yq~Dkqx8vL+(OcGkX@tBUV)qJ>nBy*e5Wir?mhNbWFc+YeVw
zQWp7)l&@*mKRU={N^~5S-|Up?+7O<iT-9vSYBbO$%By>5zg;xIZ6{QXjg$OHB<N?#
zWlXAK0iJw$8Zlzp<eNlJ7SK?+#dsRUQ&~zu_AE~$u-c03pg7d$lX4WSM>+3%Q_0(w
zPLA|j@dkVB#hXMUm76||R~ckzGCAW^YuhgovUPNT^1SgtPJBredPJ7avJ)reUPJ4l
z>)T3L_B|P>(QLffa%A$p;jVheo|g<(mcaOd<VclGyvW|L<4C2I+76Y;tn6B{>C2s!
zA!VbNa*)NFI_^e<SHT67`CJZnkLUWDoodwg3kK(HmGf77W#~suu)T!$I+`w}cb=W5
z%iD~Q9?CCp&cPolo8OP-IG2@lQL-R9y0$_G&dD@*Z}@m9i0S>L+fndO1bP@Tt3clm
z$<q46Ijl)t?&TgzKxgQq;^I=d74!t%KaVUdv4R7=AwTSEo`+>e*q}3*fQDG~)kgZ5
zShQ9pRZvCkB~>gGi$z(ff-|w`MuXFiFju&!G`kIRiE>+D%eQZGM)slV`UcqCj<ZCb
zZ<6^NISaK)d(rru-OB=!N1jsmd_g9G@K+6ps22~7Ka{Bs+`k$1)D@mV3XY47?fkqI
zww1WoO@P!x&WraJzvVvnPNXsVJT##Dij`QV+0Is+K$8|>%yn}=_a!T#S)8l<){Fsr
z$o?-nLhe2s%a@Oj@95JT>!^^!SESW>RDsFK$(Ks8)i<t!<Gv|$7^V+2;`3C>O9c2n
zcZp|0823=LI6<-yumKnszDBOfUE47SXQS6=&+Il7Gj9cJeHrl|TJm}lhWz-ZlM!;o
zj>L!CmC4xPo2XAG_jO}!*|cBjOM3>u17Sa6rbH!RAYf{kC^p<{n$QHPgh&k{@DuRN
zqYL>ZE*#*OFtDF7kv0Giy&=3#bL$2`9_@sZB8)w$nX!JBl^7^*Vi=?=w>N|RJqxfS
z7cs~;Z>hFGKr1T|F?JJ`tbT`&Nf%dFW7^vGC7M6r{YFep{a}zp#VSkgfB^={lzK@D
z1z8;(d1;V98});fJ1xYyCR?~&2<-e~u@TkhJk69+Hoqbg6rLdu8g+TvSL){y-!W|l
zhJGhoTs+YK4+W}fIN5n_1u&f`j?0y6RxkE09q)3hlMh!L@v&aI^t>R}A0YXlAncuQ
zw=e2_FXN?G_Ri8oZe)^z9?>mXK<NN#eoBKp5Dg7Y-(a1d5lK7FFYSMPgI8AhoAu=u
zl*Yuzx1umW6r=zkTwL!NjLB3?rYC*8vS(T_L5Q5+c-5F9e_V{tdbjvAQBPt}+$vkf
z%m`^uV2erX6RD$Jnv}J=e8S(S`6oFlzwz2;-<2IwL_@nY6dZzA{!oeUBC0==frkdh
zT4T8Y-Kmu;aY4mj_?5E(%$}J;!LPjQ0yzsK18u^-SNQovhaBZ!{U1buIrNZWOIKsd
zjCPi*&}dv>2Y*Td^M`YQJ6Pz!s9OJAr9aE@gJD!eE=&BQ;x7@QaF`5WB!U6Cy8ll-
z+EbyN9fMy;L;I{U-mJp#&!S@h9_GApUkUIr`+`3!ck_pGCb_DAR*n_G#lYVB&+Bs&
z#EgZygo7V#8X+icZT-YLY~J=wN+@+K{RQlQL|3RBjQ-Ony}49;s@WGb!V--iTOlwN
zYEWh%KzOA&?dg>Jo{semAE55iM}3RTAp5s5T`Pm@=p=p_qT{%k=H4K3{ucLb3q7q(
z-4p+0_#({V<Y05FSB9>0{!>`qzo+(xqb`S%-{%abc6?o=TUF4atK>uk&nN`uZu$74
zG<vQx{Q;w~)|?03zYGjT4ati|UA<|@CLb@B5;&Sqj0tvRj+B7j(TQXCqK`-B*!>q|
zivcZJ_u{P)(|sH<Ero!JPXTa)?pRk+{CjW?2o&s!8KFgV%NX!)5UohkZwCed0B{!I
z+5Egs0#Fbq5Y-M$WeG1D<qt!JFv6ka&qIQVZcze*yrhs5y1=9VXIF!B0T+ywM1tUD
z0IN<q_Oy@g-$Hu>fiICB5|aZ&S*vj2M(N*O;Fbw60x_+3onap!52NUbGwtuXWL(1v
z0Ha<>hefL?9TqsRXwp8<tEiAP^jd2+1In4q$r%$c6gc+)w!g{7<Mv)7AysTbN;aRP
zov72}{mwz8-rPiU!%eTfO0%ZmFaI(e;8#)<3^DyBUv2h1nNjrM;Gl}9hK7dYe4<7B
zxA*cAjUNC@iu6E*VxtBI2Dn{Ut#qfWWq>M!Mc8#U5)p{~u_se9+ihdA-29WSm6g>;
zZ_a$o-xUD#{RTn=v{?0*#O0=W3NcoNa5l-3vU_r6yLnv31asevEQ6^OgHyOn8b~qh
zUI<Ki^W@{)Om&VXg%Cu=vT9``&88m-G{ZWV<J$AA@=r55sCgK1h<ZM3bZ{oo`e@9D
zHfW}O@m+|P@{7w?)M`(3Yk1{na9a2E%e$e#7<*2JcHu;CCc62;TKxNJ@wBD&u^WX7
zO4uD2Rsz-uI)s9ie((fsNkUEL=qu?B`p022W}lO8njO6LOx$vhGwIV#U7p%$HlUxO
zoK!N+U*cSTEXdi}AI$!IB;@V~v*NA-fU$iru+;5cuX(Jov;Y2U;%oMbA*#L85)u22
zh~Dm!7@b=i=4=pk#1sNY!v--WUqbqW1yA=G{6>B)2b4hgMvi4o=`dA(BR)*6x;^W%
zTSvMo#|=6|5l!=AZ}pO*Dl9MEbJC6~?$c+pFs@k5t6-+WTA%L4%#5ttC#*@eNgZ7?
zG#4yzOBq&;Fy>uM?t2LKyPy6SrBdCg2W%OsTurF)%N1t3JTnh>gQg;%RQC<>PI>lg
z#a3lq*}bXuNztvA0uQ9oKJ?|wjg98!k*ZHJbUy0d8pc9G($EBg_p9-l5o1;>B9}fn
zKXzZb#gHm=$YpdH)Gzol=2z0|5C008<%R6vKhP#h_>?$H)xI>tr%#%s3CVfo)3lrO
zia3{>`%Ah4pTNW%fK0<|bVwBs#!&m-ny~(ui2HZg+LbqDTeB~ev%he5YPPXAM+@30
z$6}8SPG_y<pxMKF9TqipyhinrQo5BCEA!quIn91A8fs1)pPj|+ld9X$_{GaGrLk{U
zGI}Z%7OZB*kJZ!nYB;)tlt$*{TUVu62N&CJ^DDhFvYyjuO-Qi#=7IP9(R`DYQST~S
zAudgaWdpxQkoHSX&JF?5QR^>AI=qR)XCV*2=G4+3HP<U&$}N7gSNwK)=$ymt2AXW_
z$SmgTZm2bCDuqZ{+;rTI#43R`H)&oe@{p3mfwR@8DeuW~XyKl04}VQD#JN!X=veQY
zUTv6|K5$Tx$lz407d~R1($_6)DDf*wz*0ei_#m^FY*uv!597uLjTj&ecg0dlim8j#
zM5pNGZCU$>$AnF}H;dnwtrb5oe3YP{YXqIs@O^Mx?nU)UFK~Aa9k=&%aW1_{mxHoU
z6QL{K>sE!azB6WeN~ZIwfj?ixu6*%E8M1C3Sv-jhA2b<>o~TqeZ{${*A3<YN=_O5c
zIF0Vv`tW-+oGe#$+rJ8@nq418KU}+9+<2MOG_8v?(XBp|&!eX5edmY9)2}O+xy9A}
z*4BDI+(FY!_HX~-=sj}Zw?`K@`f5G|7I`|r?}gixk3h@wmdv!V;0el79FnRWj7~_Y
z!u3F{J0>X%<oMFWC>@c-r@^vi$U@zWug-hMeb)SqG`c0(pV9K81Xf^?-k#3w32ky`
zvtss>iv5uWK5fDPrP!)6m?}r(J@ZDtTw1v#@edQ;&E8J$tIDRTce{&28CJ(4Kl$87
z@6}cFS+P}mn$u)fDJmG!^6<$*^FCLPZ9RPyZoE}PaXn#(2QeR-Yh*jF)DLQ@5};@+
z!}x5`#8gLztZ%%sarkon#fKW}Ae_Ur#g{jT|LFy|Jqo??j&xgJ;HZ&*d1H9+<#1ct
z=Vs6Q7Z1~GueKwh2@rS^t)q}6C)%ZkgUDg=x~c&^`1z9?iaAcJwqs!$D%_{7cP$@+
zZ=zp2yp>zv>Z?8(-kW2lMOHpG+uJ*^^$UMu{_O07WTrbbuAy<X`BNFRXZ98cM_dIy
zjb_hCU`v*Y8mCsLr)eQ%ZDv8eR1MHBQlX2;EB#e7Z7!C7p&u__6LO@K{aX*+hMQ{s
z%^<;|Dx1&kW7!Bikm#7H(fwogwMNBJFU)GB1sfzZjcC}Y`O3SsS7<`}sV0L-4-3im
zbYE+dk!x1mpwi*7!S8Pm6Bi5eb#-j(9>4V@O=`vE8`}Pqvdo3^5M8RbyyqoAiv2!-
zq%j1IUO_0RLK7DCjMbe4_k_L$x$nL&Ev79zV>5~N3b}-Z+T&TX&CHo$5$NQ3Gq0e^
z%04q~d>sKq?=Kl<+JR;pu0b}E<*`%VeBIqz4;xO8U+{n~`3Y~qelkKBpb==h3p8*4
zJ|XYR!m%QhF`K)``)kCyZ>g&4?327L#VbCagtD{UM|^qQ%pP0UFJ;%GHC-E%DZmCl
zEQ8sn*igO7)T39ah+V1><@3PGY-N#?uOZL+^tpR@MNW5ZfeI`XYcn}XQ)GDD;HE1@
zk;>EN5k#>4?$N5P-lrEwGec+U%a^%>Cp6z5RmvEVBpqq4g<_!qMu(?cL^7$Gzcbms
zNcl)GC*bYZ)|J`A1+B-;e8Y@I<tc9Slw3NO!e*Ujs6m9)(AM&x!O{1NXss1SvX5&#
z=<h;}E6}YQ#e+_U*|}&Us@?ii%;?I~fhJI2=9P-rU0cC)biu&mHkNx{fqmrQq-tE5
z!c8ihF`kk&g|w@_zAhn(dZ~e3S|K5U7XGz4&mE9j?ff^eP?#$b_M&L}b4Ey4+tgg%
zrC<9uss-dh1g0!j)Qz2Ykj@aqptLeT#w}I~!pm^(TeNr7#Xk%nf)#Lgv0{I6L=V`W
z&3#C7fY5znUFpJ1o<h&g7FQE|jTD4j=`%;#l&ksAI{%04i$fL+GA9gwPNCKh5>PR#
z4|`N(*o@9YR`0=j_Gy9-6FP)Z^REY+{LPf}Ly%;I9u=-_0dPL>@|6}fB|)jtQC+i@
zL1ek<2LcLS%Sc~@tjjLq=vL!qTk=sheWn=4*ZXz>EyMiA)dcS@L1(BNwc)c={@KLf
zHcBFK*3V0}t&7VIYM&Ms1cP{$%xZQSeREPpPo5*y_HaRKUvolCBS}yrmqDi|;}Q+C
z9^ZU*WWRG0>x-@7Zi$+fyAgnV=Ii#Fi0(3>jXvN475Oehc<?U<0NP#&H^f2}R1mN>
zKH=m=j^ST>soh%c-m|mqsdH-78|yCv<h`S=(?(yK+4kGRxJ$mSJzR!mj_Qe-WTO>%
zn7cx7+*oIAk@AJverU~yHz3ZJRr-OA9*ubuRp)Nb0ok#X_by2cxHq)P@A-`s>^bnl
zI-z)AX)H~<{u`_HP!hWR_<Xh<U?&T-ST7B%weaytW_#_g_x1JB1DVFlRJsE#(OV*i
zvoGETqd2}sF*Z2hB~YWW^)6*WSwWYAw9B^Ui(d3oDvY`MOsz>k^CIf|_f%uQXje-Y
z-kh*stBU{HN7f8ev9%!6ozLE<2yJ_X2!OAU+OH|<9n9764WB4P3eK#M8IM0mb*ztM
zc%<`G{<XF6_I=LJr3Q#53x%2JFZ@%7*4C}>*trM1HM3dbVLj)$x0Nr{mXT7Z20Rcu
z+0%o^w~jjaO}+9ie`@NJKh?#<AhV7)Q4o+2Cn;ArP>K7Z=t}r)+>Q?&lP&?ZEHY27
z(rx>+JvmAt^uy-jE$SNhhBrtT{dY%mn`Z`%<z?r^vBRfSmA2nmiM=;c%1*ns@VcPC
zyT6Y)7uh)}F3U{|K02i?EG(2~zH-HJ6XBfv(nCYv@eZk{&FlVJr#&IkROaS%*IaUs
zFvDQirQo7Qoo3lL)OL(joM(3a@Q+O$^2fUpwfwHfB}+c1*t5gSB3`#FicWYmA$74t
z^}R!j@@sL7Ih|@JV@bTEZD!X!YY7TR9(;}JO@|{gTy<n0$U9edjULQhe@5kWn!cI9
zvj^{5U%2+%+GjJhG|n-#`^+h&yUlwOspZe_j)jt@(_g6D^#V@Qt~RIRdDHxIT_CY$
zjqHc1V9`w3$2@uw|3TQQaq+FV`!mBF6T{1MuHngbii6ID1+)a=SMzP6gUUkKQnF4v
z2?wP+N%e~9MW_2Y$n$M<Z?r0&y5YVl+BmYs50725AfD|D|84=M6d)RFGhNczdON!q
z){a<q;Z}(cx?$HBmi9uMtl7BD<jOd;0`gHE+q*{%GaFf|%C8SiC^-AguBWZ_zU^V;
z=5wuo?KIZl>p3d|Q4f=6zrt%*5ayyR{K8hX|C)}b1wmePw?c)z&Z;#)vPYzcklH+-
zLCYffrWw$kiVah{ghQdRrppTO`xfOBel?^A1{}-r%UA7#*>9AmFyw+--dB}()i~d1
zVjR|dayx`t>j{=s;RN%eR)<Q<G52K}*>PN&8<3Py=fWaUWXU4!vZ-(`hwhVoo@Ksc
zL9e~dogJskpch9L>7_u!TXXIF1P6|3{6?a?=w7Fm$h@a&4+WmvRYZ}M_u2vurBlfH
zuTBG?qSCqAZUrURI~5r08=F<>cCm3-b^UUnSXbtlVh2;g%?KUyO*Z$!epDd4u@#6V
zx(DN0v@Y#o1({->F|{GlWn`6lF`P$ZydFod?{X!|LG$E7o@hNoxYS{o%cXiX?tP>~
z29u7b`PL^)$%FIOuP0dO>2p{=^1B)9d9ol=p2+-qZ;RKU{8fiTlgHSp%soRes=$Ng
zipYA6>D-8g--{|bZ}pe}c$(d&0)eyIB30=H#{<M?q=y2~2)R6OIQS;tH#$lwmt9aG
z*DT_^`HeAilJ!|IyTEDO-3YbyhmPb)j`tfZiQAK5k@uOwnDI_H+Zjt>lm{1t_qQSt
zR~jY@y<`35)*7g%RIb`?F7s$$WaN5j<K9&HqnS394U+TLuiZ|pzE}5YiNWUPJC{K`
zGrG>%ZPnrnOK2sa_D*(mhWuvRw*Vo#jCUEeoV~~L(Ii7Fwk^?tn~PisV{`LMz=u9F
z$;JDD(jL_S^t*M9WoDW{9;*ApxL!3}`!7!5>_>0hR6-9uxcoZ6%;1|XU*OCBlaj+C
zfO>x0lFJeoq;m}zkDg!S*Wuh>Kt>V*mHZ(WZY3sa6%PtFpGu*;us!@|!1jEA4NyAF
zr$(jxm@zc%`G4IJ2Hasco=<|($IF6(4H-M*#TlbyZww)GeJ>Pve^C|?W))3MroXuq
z>MccD84Q#J8H5HLPA6_CcC=_Z(okF0bF6gy?^$jMqKFul=OQHu;xr01WA&$&xIoz)
zP$3BQ9m~j+U&Ik6>m_*~>|Vd$XGR4;Rah}sRtV#-DvKDV`I!WHmz&BUDwCz@{ozMo
z2^>^`H3>GYSJ!Qz{Yd>-L+40W^4`C>Cs^cl)Kgvo`&c)ATNt=2lIuNv<i-!;>u{2J
z^w-(JZ^VTr;Fad!3klz^LH{?}P=6ch?<ZA2z?v~~wL1eXn}1>Y+rkIH=YO7J{Py_&
z_319slCf~NCHg<2kPR3F(RB#hr_9`;U)cQmmVF~q6?(^^2PU|eV49U<o@f4E?yYJP
z*UrD4<_8+EArO(3-6YF~?Jz8Tb(pB;_Mdpgme|dUDfq9sAkK;zMMVnBzsy8xnv2UB
zddK&~{SY`|G~1qUE2&DT{<m%ZwE!@)ix!H-!T>zzv87S&eW+FhzVfb9^1?*F;@CrJ
zc=45#JDU%5>UO@uNdN~@iZkm>gQ(vj{I|FMwVd#IFq2}PIvyw<y8ws{(5rvE@1cCg
z%a;-b1xK=GX4$UF$S0fy1MAJh&3?_5X!JcVFE4am0@@P->X*KU_>){C*Ho@g`(xsm
ziD6W_$>D*;Pj@N;@Ge~jRR{{_<Nd+%U`Wuwz-e~5OhjcYSx(03@!mc8&d*$>vnM(M
zEh&VU_`g}{-<B&YW&C{_F=B*o$*ZnMQsZ+RuAY=y;RXRYNh`nqlUN2s<lf(>OByEU
z+^YQ=8avG%R$v6Q*jlTR{lU24qd)*`y-y5&vi;5K559sDA%a1!2tdK8uMO^$f6__$
z#{l@i;rt!Wv<n>EPsXGDD#{s*3L)eC;(0Y{rQ|pY0Qbo<g#|dNhDkY%tus!P2siR#
z#{CNf2z_J;%;DYB)*nXIV**3K5XO-n9Xx;3`kJf^R9i!Xaeu<CG>aIU7(DL;bstyU
z`nJ`Xt$D@~p&+6+f0`ds5jM1~IbD-%6ltdA+uPT~9-)8TqU27$5YCNQ!ADVS<Gfl*
z19C<J3!U7ebfk^*{p0AW?9EYe`M|f1$3^uT(u!U}_6x-L|Kj-DjeclZ;FkXc1qOZ&
zk0&y9%^&mX`7*v>8fShVA4JPqp()0qHONE=>}PQ~<{ZE_m_DRKDO`ZSK%HEjUeG%W
zyUhMKQG{wBmeqnTUc)|{z3H|x7St%V1OcU=hN15;5l7*1)M%F$7&SLJ&c$lAf4rG~
z>t=-5z4ONXv%33+z8+N~TkWraCg}B;4;hslcpq~$)R+l%h73bXV_5rO-=n3T4Oqkt
zc#aNpimXT_+8Gfgs1kQPhj;5NZu*eYrSq18*!Daosx~|)rGagS6cFrs1TFIKQ%RI9
z<N&CB>7i9~0<qn6XWx^$lK5`UAg0?C{RUUa`L;T_eNO})PWnye1f!JbNI++^;v3OM
z=SKqh&i9^+Kq^ZJ^!D3Jv-Ub>i{H$Dm({9#d~LADV!)lj@;Q<-+@4*7vx&t?+K^S*
z^GZ--iKVugb#A_0Zu5z7b14gN^){|mQj#`_1^B_e(=U^KS|2Ail^$dpH>}x><)&(m
zkEDg+Af!!}R|G=FDQsSh?Drj;nYNM_U$+kWhU2K{-C68J7fQUQ=T}^Ks&HB!5hR)=
zH%hs>LH=$uZ_vx`P$y~3u~0S;O(RG<jh#I9Y~3rC@taub$!MN6WRkQL)>DlCY)ZMS
z;$Xvyme8(NzXXjG4ewrw@nzfk(ZLc)2U_>D8%hq(<2pTbc+sxBDwFZ<e7xd}=Kbk{
zukTK(=FgCZz<SOMIhk~`=-@ot_ikLVZz?mS^*zwqYNN7WWW`VxJG@c5T+lg3HKRP#
zEVd$UcaQlB+c#K`Pe|UoZpe;16K%~6Pz<}?8AnxBj?+S=k$tZ(awKTEtncFz=Z^Jv
zb(MX1<D;C^O|sp)W1%XoE2m4!H%1drJ`uC4DHP6yTC8H~ew*MzWO%X;u4h42eAsmd
zH@eIBZxg|#juQ?Dsj9{DA_sQGLn(7*B&AAuV3J_eI`Vrt|9C(bd$mQV;IvAF7^hK;
zeVwhJ>qfnvj#~#L*u$htUS1Z7c`q&Zqv1!Vc6P`Wk?Mi{q0?Z!&mPV~fssIJOqVDE
zWC4e4K)x4RZFG7F<$~;-B_?;%SK|K@Tx3bV<AHdPapA>p+MdHn4)SCD&jmL)*umak
z%9f^%&-k_)Hw+4c1815anJ*&WzNZ3HvVP*_H<i+VK%%o{-E_dOsuoFdDyrsBjCa^o
z*c&Y&RLx#ZFviH9`ILP;!NMqi-XTATPd(~j+5g~qTMdFf^3nK%Ykr^oq)fNiDv>W@
zhjGO}3`Fg*SGARf?J??wG!o{JBs_b)K%eO1^y<WL{iy-;TW<t_9?^2r{9RS!r9B02
zyz(W9sH|GEA?NMhG@kB4n3J$oXT`@s{kW+Hg}QgG$Oh4-ZlH#`0t&2r!z(jXOvR9E
z&5H5KgiddP`&5Q%j=>*Z0tWh7vCb1|#i{Nr`Mq}1HcOp1rE)ZrZu~pqspx{<Ujr9J
zsj*^~);xH=00Xi?V!?aD;@`=dYm9t1w{ax!-FvZ7lYWoT#VQq#-S%SL=hp<vs2-$#
zhF91=QfzwMx<op5AiLzZX%}kbn2AH(wv5&ud-s)8f93cYj7#tfkgU^GZ`Dl|tPYYj
zPVR^4xrYtvXa(s6WN75dXnlWw-rD+gRW#YfTO(6)I>}N?C;;wMKQaIKnCIN?adeu~
z3e9FEZ&1(tHbG$5+ALLBYB%3bdc3k1`gT+FK%cT#OY%YD>@_g9RiMvt86)|?^P2$W
z;*<_-02%(^lK}X!M-3-XoKCJD?_aii#F?>#Q2RTTfL{gdV&RibWU1e2Oia-isq1RF
zz8|(HoJ$~;T3H;B+Z@o_eu~JezO%i-J9u|fn$`!V`)~mYL@tp4G$F~dZL~+%`&qQU
zuX6dL`0N&8ulk)?+JqbSYA)l3R=Q#4Ml|sU5kwK?3Kk?3to6hjhx>0>Aqqvb3Lhv?
zIuOu|USinZsH8>u_s<q)>AO@@oDk>4c(Iu^a`2M|ws(GZg=xbJF;$IV6!U3fn>=uw
zi2+K)1F4N*sbCoM{*#ExDZwfb(>S`&JEAj)j5@x9b_N-yf$d4J<k<kf`t~y4Z7c>8
z>_$s~^JUMThj!hOT!)xa6%Oqwo;%1H`OH<&_poOPt<NVvd`IIZ%}IV6>y{qc(t>a>
z>1|#XT)KW*vXR(NTw6HsF^3_U(7P$OVPYGdSZH$4M>7vBA<Uy`Uh`2YW^0@84Z@YJ
z+=><pSap2EGv(0S5cSou_Xg?D?4w-M^){iO2Kwe)AC$6Bl`JqE#hOi7Q>Dgl#xmF;
zL-+el2J$8Ks2Ack#`%5xtjwgF1@zI_I5n?tb`i>^NdX(bBm4Bp0=lz%C+ihk7i+ia
z8>7hd+S+yAU50<M?d!l&w*dWSwHr-dyUBqAxXu4$26=Ced!36Q3fZ?=MAYf3GkS`<
zzTtxus~4Hv#JYkAFyAug!nmw7Vy50h3u4h0`si5Q;}_m#kB0`0onZMLWww%NgiiI*
zDCdc+=0Lgtmht>ew#<|zaft>y%e1q{ni6oC{jrFv#jg!RABf-V`<f!*MMlFBc~8}$
zc3@~r-+yg#uceo=9J{9I-8TR1FsWPP{mJb<8$6vpillqw2u{4s<4G=qVbe)|djiT&
zP8|tD%lx)tfPca>@$Q^?JKaIQTeI*ydBD>wpQe3Xdr>WD?=P)Y3P8Sy49AZT$rB1;
zTmzdNKscwSXQpM3NvKd#vZ>LppBtJR7n1CC)OM{4fXDZ|cjc<?m%8!njSECUBBj(K
zh03Cdy@ws*OnCJZQYBnI%kEIW*Y&mxr`aRm{RvInIy)MC%i;mE=FJ}6V71q?#3vqD
z<`E}y)}`v(Qa)YhsE5|MD?GjT<?9lAxhKWqI4r=+SbCpboD;@Sf$(OJrJ*(q<YqnF
zyESn`q=f}jTgw+FHSILs(#s&VQzz6uP&#yjqy3tIR%3Mf$GGIjpZvl-PJQURg_NCs
z7Fl$_`Ev#fy&90LWmx(DmEh%@8F)iwA@9xu+t!}Ur97y$t?sZ&&ZGV(;QvhcQosS&
zC?%7ODJdA@-DMEanb`Fr+Plq*#Hc9}sH;0=dkFrWqMm@?f>HBaDyQ|pL%uGBz>7x2
zVC=-3jEA9u5a&AW8{#TJfp1D}iS_T~_v}aO*g0{lC;}=ACAVw)&in5>ek`gSP)L3q
zetujY=|C!S;gz_b^`i>>#~s)qFs>9b<)8L_Aw!*g29*9aC?Jboc;A2F?>}<^4|*=(
zWHhS0e7q9K?$*ZKW^>lB*)T#Bh{A{d!4<^?3KSZhd!j5Jhv!!P*n_<^&8MlL`J~)4
zqd{wgr*u@x^zU0UoUwogba}G~T0zX=X8ZKY%GIuW6Zx8Q(1Zf&ji2SxbujJ0!G@#s
z*gDjHcHtEZSfqOX`-v@e@jn@8^wqq)yhzMT1RZAuaDb`HP4{J5TU*02Q-W%%v`U%&
z9h5UvuzZJ3P}H@4_L=<Rlj}5dBwGWcQCL%iLjU;sdxng+fUk?G0!=B0a1}g^{f#Nk
z;$kEg8K{8hCWI}`Ls|K6;b9S2(teXnZtKG=d}}ycHL;V5V*|zd>l9qtv>O5$#>ep1
zf9gt<Drvg|)IFBX=q%=LWn~QEA65@oq*>_<g?e?fZ|_3PmimG(@nsaz)0?$g2g}f}
zy|FW;5ch5H-s$~N?%`ybf$RPoC-o2XnBYE6t_OD;sU6$jlv@uJz=MJbKsW@HHx^QS
z;);yU(Y*Y=EgdcJE|JGSjp85Ge^`(w_={Z2(NXK%yQ>lL3r5=4e-zz$(>;KjXau1?
z&^m>F`Eq5zm&BIQBxCS9^v`M>K<;MMdK5NPm`F}TRY($4q3zl~4d^$cf}8wkT^V%m
z{d517D$x9=@GLC;mv$Gv-C_f}SKd-`>W2JLlOMjoT(<eES^MH$K|ptnw)Tva%|8qD
zn|I6J1IlpV70$n{>$hw0jMqR3iD%Pb$^J*>nE{1z-u>87FTncG)Ysww?=lG^EB>+X
zTu|k2x`7c;C}!9l=u7#pYZ$1v02XXTn=h;WIC9nvfHEYe;{53{7w=Nh2Kf{gX4z`5
zeV5H@EPAc0^k=={KvO1g3ZwQvkSRex!<crBsZ8e|L4yG8e&h+yasGJmmi~{mq7l~p
zH|zNyWZ*ygq*~NPe!U`g0Xz6tT);%uhkGx+===*G5WsR`=X^u_0WwT5t`^W|>hK{v
z?oXi(2Gs_ZnTv$*zuL-v2&Gc<8)gn(h(D_hZ&C9nK`B80IKSMFK35>XbNq1%IJBMm
z=Wg;#BcSgT449a_apeC%uz^usf3Of$+9i4nj7!Qt{x1MvUH><y{{PecA6&=(59a?X
gV5&n8&M_m8>Qig29p-`myn%5~O6hKigmJ+C0%F71W&i*H

diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
deleted file mode 100644
index 4c97511f..00000000
--- a/docs/troubleshooting.md
+++ /dev/null
@@ -1,37 +0,0 @@
-# self-troubleshooting cobalt
-```
-🚧 this page is work-in-progress. expect more guides to be added in the future!
-```
-if any issues occur while using cobalt, you can fix many of them yourself. this document aims to provide guides on how to fix most complicated of them.  
-use wiki navigation on right to jump between solutions.  
-
-## how to fix clipboard pasting in older versions of firefox
-```
-🎉 firefox finally supports pasting by default starting from version 125.
-
-👍 you don't need to follow this tutorial if you're on the latest version of firefox.
-```
-you can fix this issue by changing a single preference in `about:config`.
-
-### steps to enable clipboard functionality
-1. go to `about:config`:  
-   ![screenshot showing about:config entered into address bar](images/troubleshooting/clipboard/config.png)  
-
-2. if asked, read what firefox has to say and press "accept the risk and continue".  
- ⚠ tinkering with other preferences may break your browser. **do not** edit them unless you know what you're doing.   
-
-   ![screenshot showing about:config security warning that reads: "proceed with caution. changing advanced configuration preferences can impact firefox performance or security." lower there's a pre-checked checkbox that says: "warn me when i attempt to access these preferences". lowest element is a blue button that says "accept the risk and continue"](images/troubleshooting/clipboard/risk.png)  
-
-3. search for `dom.events.asyncClipboard.readText`  
-
-   ![screenshot showing "dom.events.asyncclipboard.readtext" entered into search on about:config page](images/troubleshooting/clipboard/search.png)
-
-4. press the toggle button on very right.  
-
-   ![screenshot showing "dom.events.asyncclipboard.readtext" preference on about:config page with highlighted toggle button on very right](images/troubleshooting/clipboard/toggle.png)
-
-5. "false" should change to "true".  
-
-   ![screenshot showing "dom.events.asyncclipboard.readtext" preference on about:config page, this one with "true" text highlighted](images/troubleshooting/clipboard/toggled.png)
-
-6. go back to cobalt, reload the page, press `paste` button again. this time it works! enjoy simpler downloading experience :)

From 71c3d64331a148250510dd9837c198b8a4b24fc1 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 17:45:37 +0600
Subject: [PATCH 033/379] repo: update contribution guidelines

---
 CONTRIBUTING.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 2668242b..073d0fb1 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -4,7 +4,7 @@ if you're reading this, you are probably interested in contributing to cobalt, w
 this document serves as a guide to help you make contributions that we can merge into the cobalt codebase.
 
 ## translations
-currently, we are **not accepting** translations of cobalt. this is because we are making significant changes to the frontend, and the currently used localization structure is being completely reworked. if this changes, this document will be updated.
+currently, we are **not accepting** translations of cobalt. we're working on changing this soon!
 
 ## adding features or support for services
 before putting in the effort to implement a feature, it's worth considering whether it would be appropriate to add it to cobalt. the cobalt api is built to assist people **only with downloading freely accessible content**. other functionality, such as:
@@ -22,9 +22,9 @@ when contributing code to cobalt, there are a few guidelines in place to ensure
 ### clean commit messages
 internally, we use a format similar to [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) - the first part signifies which part of the code you are changing (the *scope*), and the second part explains the change. for inspiration on how to write appropriate commit titles, you can take a look at the [commit history](https://github.com/imputnet/cobalt/commits/).
 
-the scope is not strictly defined, you can write whatever you find most fitting for the particular change. suppose you are changing a small part of a more significant part of the codebase. in that case, you can specify both the larger and smaller scopes in the commit message for clarity (e.g., if you were changing something in internal streams, the commit could be something like `stream/internal: fix object not being handled properly`).
+the scope is not strictly defined, you can write whatever you find most fitting for the particular change. suppose you are changing a small part of a more significant part of the codebase. in that case, you can specify both the larger and smaller scopes in the commit message for clarity (e.g., if you were changing something in internal streams, the commit could be something like `api/stream: fix object not being handled properly`).
 
-if you think a change deserves further explanation, we encourage you to write a short explanation in the commit message ([example](https://github.com/imputnet/cobalt/commit/d2e5b6542f71f3809ba94d56c26f382b5cb62762)), which will save both you and us time having to enquire about the change, and you explaining the reason behind it.
+if you think a change deserves further explanation, we encourage you to write a short explanation in the commit message ([example](https://github.com/imputnet/cobalt/commit/31be60484de8eaf63bba8a4f508e16438aa7ba6e)), which will save both you and us time having to enquire about the change, and you explaining the reason behind it.
 
 if your contribution has uninformative commit titles, you may be asked to interactively rebase your branch and amend each commit to include a meaningful title.
 

From 6499d079ef869585d4687b6d9b0eac1a218b8f5f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 17:49:37 +0600
Subject: [PATCH 034/379] api/readme: add supported services & acknowledgements

---
 api/README.md | 103 +++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 94 insertions(+), 9 deletions(-)

diff --git a/api/README.md b/api/README.md
index 05664321..38104626 100644
--- a/api/README.md
+++ b/api/README.md
@@ -1,13 +1,5 @@
 # cobalt api
-
-## license
-cobalt api code is licensed under [AGPL-3.0](LICENSE).
-
-this license allows you to modify, distribute and use the code for any purpose
-as long as you:
-- give appropriate credit to the original repo when using or modifying any parts of the code,
-- provide a link to the license and indicate if changes to the code were made, and
-- release the code under the **same license**
+this directory includes the source code for cobalt api. it's made with [express.js](https://www.npmjs.com/package/express) and love!
 
 ## running your own instance
 if you want to run your own instance for whatever purpose, [follow this guide](/docs/run-an-instance.md).
@@ -22,3 +14,96 @@ you can read [the api documentation here](/docs/api.md).
 > [!WARNING]
 > the v7 public api (/api/json) will be shut down on **november 11th, 2024**.
 > you can access documentation for it [here](https://github.com/imputnet/cobalt/blob/7/docs/api.md).
+
+## supported services
+this list is not final and keeps expanding over time. if support for a service you want is missing, create an issue (or a pull request 👀).
+
+| service           | video + audio | only audio | only video | metadata | rich file names |
+| :--------         | :-----------: | :--------: | :--------: | :------: | :-------------: |
+| bilibili          | ✅            | ✅         | ✅         | ➖         | ➖              |
+| bluesky           | ✅            | ✅         | ✅         | ➖         | ➖              |
+| dailymotion       | ✅            | ✅         | ✅         | ✅         | ✅              |
+| instagram         | ✅            | ✅         | ✅         | ➖         | ➖              |
+| facebook          | ✅            | ❌         | ✅         | ➖         | ➖              |
+| loom              | ✅            | ❌         | ✅         | ✅         | ➖              |
+| ok.ru             | ✅            | ❌         | ✅         | ✅         | ✅              |
+| pinterest         | ✅            | ✅         | ✅         | ➖         | ➖              |
+| reddit            | ✅            | ✅         | ✅         | ❌         | ❌              |
+| rutube            | ✅            | ✅         | ✅         | ✅         | ✅              |
+| snapchat          | ✅            | ✅         | ✅         | ➖         | ➖              |
+| soundcloud        | ➖            | ✅         | ➖         | ✅         | ✅              |
+| streamable        | ✅            | ✅         | ✅         | ➖         | ➖              |
+| tiktok            | ✅            | ✅         | ✅         | ❌         | ❌              |
+| tumblr            | ✅            | ✅         | ✅         | ➖         | ➖              |
+| twitch clips      | ✅            | ✅         | ✅         | ✅         | ✅              |
+| twitter/x         | ✅            | ✅         | ✅         | ➖         | ➖              |
+| vimeo             | ✅            | ✅         | ✅         | ✅         | ✅              |
+| vine              | ✅            | ✅         | ✅         | ➖         | ➖              |
+| vk videos & clips | ✅            | ❌         | ✅         | ✅         | ✅              |
+| youtube           | ✅            | ✅         | ✅         | ✅         | ✅              |
+
+| emoji   | meaning                 |
+| :-----: | :---------------------- |
+| ✅      | supported               |
+| ➖      | impossible/unreasonable |
+| ❌      | not supported           |
+
+### additional notes or features (per service)
+| service    | notes or features                                                                                                    |
+| :--------  | :-----                                                                                                               |
+| instagram  | supports reels, photos, and videos. lets you pick what to save from multi-media posts.                               |
+| facebook   | supports public accessible videos content only.                                                                      |
+| pinterest  | supports photos, gifs, videos and stories.                                                                           |
+| reddit     | supports gifs and videos.                                                                                            |
+| snapchat   | supports spotlights and stories. lets you pick what to save from stories.                                            |
+| rutube     | supports yappy & private links.                                                                                      |
+| soundcloud | supports private links.                                                                                              |
+| tiktok     | supports videos with or without watermark, images from slideshow without watermark, and full (original) audios.      |
+| twitter/x  | lets you pick what to save from multi-media posts. may not be 100% reliable due to current management.               |
+| vimeo      | audio downloads are only available for dash.                                                                         |
+| youtube    | supports videos, music, and shorts. 8K, 4K, HDR, VR, and high FPS videos. rich metadata & dubs. h264/av1/vp9 codecs. |
+
+## license
+cobalt api code is licensed under [AGPL-3.0](LICENSE).
+
+this license allows you to modify, distribute and use the code for any purpose
+as long as you:
+- give appropriate credit to the original repo when using or modifying any parts of the code,
+- provide a link to the license and indicate if changes to the code were made, and
+- release the code under the **same license**
+
+## acknowledgements
+### ffmpeg
+cobalt heavily relies on ffmpeg for converting and merging media files. it's an absolutely amazing piece of software offered for anyone for free, yet doesn't receive as much credit as it should.
+
+you can [support ffmpeg here](https://ffmpeg.org/donations.html)!
+
+#### ffmpeg-static
+we use [ffmpeg-static](https://github.com/eugeneware/ffmpeg-static) to get binaries for ffmpeg depending on the platform.
+
+you can support the developer via various methods listed on their github page! (linked above)
+
+### youtube.js
+cobalt relies on [youtube.js](https://github.com/LuanRT/YouTube.js) for interacting with the innertube api, it wouldn't have been possible without it.
+
+you can support the developer via various methods listed on their github page! (linked above)
+
+### many others
+cobalt also depends on:
+
+- [content-disposition-header](https://www.npmjs.com/package/content-disposition-header) to simplify the provision of `content-disposition` headers.
+- [cors](https://www.npmjs.com/package/cors) to manage cross-origin resource sharing within expressjs.
+- [dotenv](https://www.npmjs.com/package/dotenv) to load environment variables from the `.env` file.
+- [esbuild](https://www.npmjs.com/package/esbuild) to minify the frontend files.
+- [express](https://www.npmjs.com/package/express) as the backbone of cobalt servers.
+- [express-rate-limit](https://www.npmjs.com/package/express-rate-limit) to rate limit api endpoints.
+- [hls-parser](https://www.npmjs.com/package/hls-parser) to parse `m3u8` playlists for certain services.
+- [ipaddr.js](https://www.npmjs.com/package/ipaddr.js) to parse ip addresses (for rate limiting).
+- [nanoid](https://www.npmjs.com/package/nanoid) to generate unique (temporary) identifiers for each requested stream.
+- [node-cache](https://www.npmjs.com/package/node-cache) to cache stream info in server ram for a limited amount of time.
+- [psl](https://www.npmjs.com/package/psl) as the domain name parser.
+- [set-cookie-parser](https://www.npmjs.com/package/set-cookie-parser) to parse cookies that cobalt receives from certain services.
+- [undici](https://www.npmjs.com/package/undici) for making http requests.
+- [url-pattern](https://www.npmjs.com/package/url-pattern) to match provided links with supported patterns.
+
+...and many other packages that these packages rely on.

From b837f291b5bb8ce21a53334deb4d5afa0329b171 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 17:59:38 +0600
Subject: [PATCH 035/379] docs/protect-an-instance: fix image sizes, add a
 secret warning

---
 docs/protect-an-instance.md | 57 ++++++++++++++++++++++++++++++-------
 1 file changed, 47 insertions(+), 10 deletions(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index c95bf135..5b9aea1f 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -13,32 +13,69 @@ all you need is a free cloudflare account to get started.
 
 cloudflare dashboard interface might change over time, but basics should stay the same.
 
+> [!CAUTION]
+> never share the turnstile secret key, always keep it private. if accidentally exposed, rotate it in widget settings.
+
 1. open [the cloudflare dashboard](https://dash.cloudflare.com/) and log into your account.
+
 2. once logged in, select `turnstile` in the sidebar.
-![](images/protect-an-instance/sidebar.png)
+<div align="center">
+    <p>
+        <img src="images/protect-an-instance/sidebar.png" width="250" />
+    </p>
+</div>
+
 3. press `add widget`.
-![](images/protect-an-instance/add.png)
+<div align="center">
+    <p>
+        <img src="images/protect-an-instance/add.png" width="550" />
+    </p>
+</div>
+
 4. enter the widget name (can be anything, such as "cobalt").
-![](images/protect-an-instance/name.png)
+<div align="center">
+    <p>
+        <img src="images/protect-an-instance/name.png" width="450" />
+    </p>
+</div>
+
 5. add cobalt frontend domains you want the widget to work with. you can change this list later at any time.
     - if you want to use your processing instance with [cobalt.tools](https://cobalt.tools/) frontend, then add `cobalt.tools` to the list.
-![](images/protect-an-instance/domain.png)
+<div align="center">
+    <p>
+        <img src="images/protect-an-instance/domain.png" width="450" />
+    </p>
+</div>
+
 6. select `invisible` widget mode.
-![](images/protect-an-instance/mode.png)
+<div align="center">
+    <p>
+        <img src="images/protect-an-instance/mode.png" width="450" />
+    </p>
+</div>
+
 7. press `create`.
+
 8. keep the page with sitekey and secret key open, you'll need them later.
 if you closed it, no worries!
 just open the same turnstile page and press "settings" on your freshly made turnstile widget.
-**never share your secret turnstile key with anyone.**
-![](images/protect-an-instance/created.png)
-
-you've successfully created a turnstile widget! time to add it to your processing instance.
+<div align="center">
+    <p>
+        <img src="images/protect-an-instance/created.png" width="450" />
+    </p>
+</div>
+<div align="center">
+    <p>
+        you've successfully created a turnstile widget!
+        time to add it to your processing instance.
+    </p>
+</div>
 
 ### enable turnstile on your processing instance
 this tutorial assumes that you only have `API_URL` in your `environment` variables list.
 if you have other variables there, just add new ones after existing ones.
 
-> [!IMPORTANT]
+> [!CAUTION]
 > never use any of the values from the tutorial, especially `JWT_SECRET`!
 
 1. open your `docker-compose.yml` config file in any text editor of choice.

From 722223f6d337304d3a464b8f9bce9f4243a69239 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 18:02:24 +0600
Subject: [PATCH 036/379] docs/protect-an-instance: fix image alignment

---
 docs/protect-an-instance.md | 38 ++++++++++++++++++-------------------
 1 file changed, 18 insertions(+), 20 deletions(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index 5b9aea1f..96f3a309 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -16,60 +16,58 @@ cloudflare dashboard interface might change over time, but basics should stay th
 > [!CAUTION]
 > never share the turnstile secret key, always keep it private. if accidentally exposed, rotate it in widget settings.
 
-1. open [the cloudflare dashboard](https://dash.cloudflare.com/) and log into your account.
+1. open [the cloudflare dashboard](https://dash.cloudflare.com/) and log into your account
 
-2. once logged in, select `turnstile` in the sidebar.
-<div align="center">
+2. once logged in, select `Turnstile` in the sidebar
+<div align="left">
     <p>
         <img src="images/protect-an-instance/sidebar.png" width="250" />
     </p>
 </div>
 
-3. press `add widget`.
-<div align="center">
+3. press `Add widget`
+<div align="left">
     <p>
         <img src="images/protect-an-instance/add.png" width="550" />
     </p>
 </div>
 
-4. enter the widget name (can be anything, such as "cobalt").
-<div align="center">
+4. enter the widget name (can be anything, such as "cobalt")
+<div align="left">
     <p>
         <img src="images/protect-an-instance/name.png" width="450" />
     </p>
 </div>
 
-5. add cobalt frontend domains you want the widget to work with. you can change this list later at any time.
-    - if you want to use your processing instance with [cobalt.tools](https://cobalt.tools/) frontend, then add `cobalt.tools` to the list.
-<div align="center">
+5. add cobalt frontend domains you want the widget to work with, you can change this list later at any time
+    - if you want to use your processing instance with [cobalt.tools](https://cobalt.tools/) frontend, then add `cobalt.tools` to the list
+<div align="left">
     <p>
         <img src="images/protect-an-instance/domain.png" width="450" />
     </p>
 </div>
 
-6. select `invisible` widget mode.
-<div align="center">
+6. select `invisible` widget mode
+<div align="left">
     <p>
         <img src="images/protect-an-instance/mode.png" width="450" />
     </p>
 </div>
 
-7. press `create`.
+7. press `create`
 
 8. keep the page with sitekey and secret key open, you'll need them later.
 if you closed it, no worries!
 just open the same turnstile page and press "settings" on your freshly made turnstile widget.
-<div align="center">
+
+<div align="left">
     <p>
         <img src="images/protect-an-instance/created.png" width="450" />
     </p>
 </div>
-<div align="center">
-    <p>
-        you've successfully created a turnstile widget!
-        time to add it to your processing instance.
-    </p>
-</div>
+
+you've successfully created a turnstile widget!
+time to add it to your processing instance.
 
 ### enable turnstile on your processing instance
 this tutorial assumes that you only have `API_URL` in your `environment` variables list.

From a58684f314b6a539e948d6423b5c6d00de41d4ba Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 18:05:50 +0600
Subject: [PATCH 037/379] docs/protect-an-instance: update the tuto value
 warning

---
 docs/protect-an-instance.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index 96f3a309..59c7fa27 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -74,7 +74,7 @@ this tutorial assumes that you only have `API_URL` in your `environment` variabl
 if you have other variables there, just add new ones after existing ones.
 
 > [!CAUTION]
-> never use any of the values from the tutorial, especially `JWT_SECRET`!
+> never use any values from the tutorial, especially `JWT_SECRET`!
 
 1. open your `docker-compose.yml` config file in any text editor of choice.
 2. copy the turnstile sitekey & secret key and paste them to their respective variables. `TURNSTILE_SITEKEY` for the sitekey and `TURNSTILE_SECRET` for the secret key:

From 4c43a00e884b3eba06d9d2931dfdad3a6bae5a9d Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 11:46:09 +0000
Subject: [PATCH 038/379] web/api/session: replace writable with normal
 variable

---
 web/src/lib/api/session.ts | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/web/src/lib/api/session.ts b/web/src/lib/api/session.ts
index f7974393..f627b6f2 100644
--- a/web/src/lib/api/session.ts
+++ b/web/src/lib/api/session.ts
@@ -1,12 +1,11 @@
 import turnstile from "$lib/api/turnstile";
-import { writable, get } from "svelte/store";
 import { currentApiURL } from "$lib/api/api-url";
 
 import type { CobaltSession, CobaltErrorResponse, CobaltSessionResponse } from "$lib/types/api";
 
-const cachedSession = writable<CobaltSession | undefined>();
+let cache: CobaltSession | undefined;
 
-export const requestSession = async() => {
+export const requestSession = async () => {
     const apiEndpoint = `${currentApiURL()}/session`;
 
     let requestHeaders = {};
@@ -43,7 +42,6 @@ export const requestSession = async() => {
 
 export const getSession = async () => {
     const currentTime = () => Math.floor(new Date().getTime() / 1000);
-    const cache = get(cachedSession);
 
     if (cache?.token && cache?.exp - 2 > currentTime()) {
         return cache;
@@ -60,7 +58,7 @@ export const getSession = async () => {
 
     if (!("status" in newSession)) {
         newSession.exp = currentTime() + newSession.exp;
-        cachedSession.set(newSession);
+        cache = newSession;
     }
     return newSession;
 }

From be7c09bd07e2f8e2c9b3767de0803e03d44889b3 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 11:50:39 +0000
Subject: [PATCH 039/379] web/lib: move `dialogs` to `state` folder

---
 web/src/components/dialog/DialogContainer.svelte       | 2 +-
 web/src/components/dialog/DialogHolder.svelte          | 2 +-
 web/src/components/save/Omnibox.svelte                 | 2 +-
 web/src/components/save/buttons/DownloadButton.svelte  | 2 +-
 web/src/components/settings/ManageSettings.svelte      | 2 +-
 web/src/components/settings/ResetSettingsButton.svelte | 2 +-
 web/src/lib/api/safety-warning.ts                      | 2 +-
 web/src/lib/download.ts                                | 2 +-
 web/src/lib/{ => state}/dialogs.ts                     | 0
 web/src/routes/remux/+page.svelte                      | 2 +-
 10 files changed, 9 insertions(+), 9 deletions(-)
 rename web/src/lib/{ => state}/dialogs.ts (100%)

diff --git a/web/src/components/dialog/DialogContainer.svelte b/web/src/components/dialog/DialogContainer.svelte
index 993efd7c..363395ba 100644
--- a/web/src/components/dialog/DialogContainer.svelte
+++ b/web/src/components/dialog/DialogContainer.svelte
@@ -1,6 +1,6 @@
 <script lang="ts">
     import { tick } from "svelte";
-    import { killDialog } from "$lib/dialogs";
+    import { killDialog } from "$lib/state/dialogs";
 
     import DialogBackdropClose from "$components/dialog/DialogBackdropClose.svelte";
 
diff --git a/web/src/components/dialog/DialogHolder.svelte b/web/src/components/dialog/DialogHolder.svelte
index 5ca84cb9..a59fb8e1 100644
--- a/web/src/components/dialog/DialogHolder.svelte
+++ b/web/src/components/dialog/DialogHolder.svelte
@@ -1,5 +1,5 @@
 <script lang="ts">
-    import dialogs from "$lib/dialogs";
+    import dialogs from "$lib/state/dialogs";
 
     import SmallDialog from "$components/dialog/SmallDialog.svelte";
     import PickerDialog from "$components/dialog/PickerDialog.svelte";
diff --git a/web/src/components/save/Omnibox.svelte b/web/src/components/save/Omnibox.svelte
index eed0ad71..c366dd8f 100644
--- a/web/src/components/save/Omnibox.svelte
+++ b/web/src/components/save/Omnibox.svelte
@@ -6,7 +6,7 @@
 
     import { t } from "$lib/i18n/translations";
 
-    import dialogs from "$lib/dialogs";
+    import dialogs from "$lib/state/dialogs";
 
     import { link } from "$lib/state/omnibox";
     import { cachedInfo } from "$lib/api/server-info";
diff --git a/web/src/components/save/buttons/DownloadButton.svelte b/web/src/components/save/buttons/DownloadButton.svelte
index 7dec3a36..43a7412d 100644
--- a/web/src/components/save/buttons/DownloadButton.svelte
+++ b/web/src/components/save/buttons/DownloadButton.svelte
@@ -3,7 +3,7 @@
 
     import API from "$lib/api/api";
     import { t } from "$lib/i18n/translations";
-    import { createDialog } from "$lib/dialogs";
+    import { createDialog } from "$lib/state/dialogs";
     import { downloadFile } from "$lib/download";
 
     import type { DialogInfo } from "$lib/types/dialog";
diff --git a/web/src/components/settings/ManageSettings.svelte b/web/src/components/settings/ManageSettings.svelte
index 4a28aa72..5c113a01 100644
--- a/web/src/components/settings/ManageSettings.svelte
+++ b/web/src/components/settings/ManageSettings.svelte
@@ -1,6 +1,6 @@
 <script lang="ts">
     import { t } from "$lib/i18n/translations";
-    import { createDialog } from "$lib/dialogs";
+    import { createDialog } from "$lib/state/dialogs";
     import {
         storedSettings,
         updateSetting,
diff --git a/web/src/components/settings/ResetSettingsButton.svelte b/web/src/components/settings/ResetSettingsButton.svelte
index 3202a72e..c7358d93 100644
--- a/web/src/components/settings/ResetSettingsButton.svelte
+++ b/web/src/components/settings/ResetSettingsButton.svelte
@@ -1,6 +1,6 @@
 <script lang="ts">
     import { t } from "$lib/i18n/translations";
-    import { createDialog } from "$lib/dialogs";
+    import { createDialog } from "$lib/state/dialogs";
     import { resetSettings } from "$lib/state/settings";
 
     import IconTrash from "@tabler/icons-svelte/IconTrash.svelte";
diff --git a/web/src/lib/api/safety-warning.ts b/web/src/lib/api/safety-warning.ts
index 26ad6aa4..d9869128 100644
--- a/web/src/lib/api/safety-warning.ts
+++ b/web/src/lib/api/safety-warning.ts
@@ -4,7 +4,7 @@ import env from "$lib/env";
 import { t } from "$lib/i18n/translations";
 import settings, { updateSetting } from "$lib/state/settings";
 
-import { createDialog } from "$lib/dialogs";
+import { createDialog } from "$lib/state/dialogs";
 
 export const apiOverrideWarning = async () => {
     if (!env.DEFAULT_API || get(settings).processing.seenOverrideWarning) {
diff --git a/web/src/lib/download.ts b/web/src/lib/download.ts
index 827b33b1..9cfbf630 100644
--- a/web/src/lib/download.ts
+++ b/web/src/lib/download.ts
@@ -4,7 +4,7 @@ import settings from "$lib/state/settings";
 
 import { device } from "$lib/device";
 import { t } from "$lib/i18n/translations";
-import { createDialog } from "$lib/dialogs";
+import { createDialog } from "$lib/state/dialogs";
 
 import type { DialogInfo } from "$lib/types/dialog";
 import type { CobaltFileUrlType } from "$lib/types/api";
diff --git a/web/src/lib/dialogs.ts b/web/src/lib/state/dialogs.ts
similarity index 100%
rename from web/src/lib/dialogs.ts
rename to web/src/lib/state/dialogs.ts
diff --git a/web/src/routes/remux/+page.svelte b/web/src/routes/remux/+page.svelte
index 21c5bbec..d0edaf4f 100644
--- a/web/src/routes/remux/+page.svelte
+++ b/web/src/routes/remux/+page.svelte
@@ -4,7 +4,7 @@
     import { beforeNavigate, goto } from "$app/navigation";
 
     import { t } from "$lib/i18n/translations";
-    import { createDialog } from "$lib/dialogs";
+    import { createDialog } from "$lib/state/dialogs";
     import { downloadFile } from "$lib/download";
 
     import Skeleton from "$components/misc/Skeleton.svelte";

From c17db15e62c537e713e5191e21236bcd06b9dc57 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 12:51:52 +0000
Subject: [PATCH 040/379] web/debug: dump states on debug page

---
 web/src/routes/settings/debug/+page.svelte | 39 ++++++++++++++++++++--
 1 file changed, 37 insertions(+), 2 deletions(-)

diff --git a/web/src/routes/settings/debug/+page.svelte b/web/src/routes/settings/debug/+page.svelte
index edb612f9..98b08aa4 100644
--- a/web/src/routes/settings/debug/+page.svelte
+++ b/web/src/routes/settings/debug/+page.svelte
@@ -1,25 +1,60 @@
 <script lang="ts">
-    import { onMount } from "svelte";
+    import { onDestroy, onMount } from "svelte";
     import { goto } from "$app/navigation";
     import { version } from "$lib/version";
     import { device, app } from "$lib/device";
     import { defaultNavPage } from "$lib/subnav";
     import settings, { storedSettings } from "$lib/state/settings";
-
     import SectionHeading from "$components/misc/SectionHeading.svelte";
+    import { type Readable, type Unsubscriber } from "svelte/store";
+
+    const stateSubscribers: Record<string, Unsubscriber> = {};
+    let states: Record<string, unknown> = {};
 
     $: sections = [
         { title: "device", data: device },
         { title: "app", data: app },
         { title: "settings", data: $storedSettings },
         { title: "version", data: $version },
+        { title: "states", data: states }
     ];
 
+    const loadStates = () => {
+        const modules = import.meta.glob("/src/lib/*/*.ts");
+        const excluded = new Set(['translations.translations', 'settings']);
+
+        Object.entries(modules).map(async ([ name, _import ]) => {
+            const moduleName = name.split('/').pop()?.split('.').shift();
+
+            const module = await _import() as Record<string, unknown>;
+            for (const key in module) {
+                const _export = module[key] as unknown as Readable<unknown>;
+                if (typeof _export === 'object' && 'subscribe' in _export) {
+                    const name = moduleName + (key === 'default' ? '' : `.${key}`);
+                    if (excluded.has(name)) continue;
+
+                    stateSubscribers[name] = _export.subscribe((value) => {
+                        states = {
+                            ...states,
+                            [name]: value
+                        }
+                    });
+                }
+            }
+        });
+    }
+
     onMount(() => {
         if (!$settings.advanced.debug) {
             goto(defaultNavPage("settings"), { replaceState: true });
         }
+
+        loadStates();
     });
+
+    onDestroy(() => {
+        Object.values(stateSubscribers).map(unsub => unsub());
+    })
 </script>
 
 {#if $settings.advanced.debug}

From 6933daf0463e44b406b304c1ff78a0e832ed1e85 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 18:56:23 +0600
Subject: [PATCH 041/379] docs: add configure-for-youtube document

---
 README.md                     |  3 ++-
 docs/configure-for-youtube.md | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 docs/configure-for-youtube.md

diff --git a/README.md b/README.md
index ca108a86..434b5943 100644
--- a/README.md
+++ b/README.md
@@ -32,9 +32,10 @@ this monorepo includes source code for api, frontend, and related packages:
 - [packages tree](/packages/)
 
 it also includes documentation in the [docs tree](/docs/):
+- [cobalt api documentation](/docs/api.md)
 - [how to run a cobalt instance](/docs/run-an-instance.md)
 - [how to protect a cobalt instance](/docs/protect-an-instance.md)
-- [cobalt api documentation](/docs/api.md)
+- [how to configure a cobalt instance for youtube](/docs/configure-for-youtube.md)
 
 ### partners
 cobalt is sponsored by [royalehosting.net](https://royalehosting.net/?partner=cobalt) and the main processing instance is hosted on their network. we really appreciate their kindness!
diff --git a/docs/configure-for-youtube.md b/docs/configure-for-youtube.md
new file mode 100644
index 00000000..345776a4
--- /dev/null
+++ b/docs/configure-for-youtube.md
@@ -0,0 +1,33 @@
+# how to configure a cobalt instance for youtube
+if you get various errors when attempting to download videos that are:
+publicly available, not region locked, and not age-restricted;
+then your instance's ip address may have bad reputation.
+
+in this case you have to use disposable google accounts.
+there's no other known workaround as of time of writing this document.
+
+> [!CAUTION]
+> **NEVER** use your personal google account for downloading videos via any means.
+> you can use any google accounts that you're willing to sacrifice,
+> but be prepared to have them **permanently suspended**.
+>
+> we recommend that you use accounts that don't link back to your personal google account or identity, just in case.
+>
+> use incognito mode when signing in.
+> we also recommend using vpn/proxy services (such as [mullvad](https://mullvad.net/)).
+
+1. if you haven't done it already, clone the cobalt repo, go to the cloned directory, and run `pnpm install`
+
+2. run `pnpm -r token:youtube`
+
+3. follow instructions, use incognito mode in your browser when signing in.
+i cannot stress this enough, but again, **DO NOT USE YOUR PERSONAL GOOGLE ACCOUNT**.
+
+4. once you have the oauth token, add it to your cookies file.
+you can see an [example here](/docs/examples/cookies.example.json).
+you can have several account tokens in this file, if you like.
+
+5. all done! enjoy freedom.
+
+### liability
+you're responsible for any damage done to any of your google accounts or any other damages. you do this by yourself and at your own risk.

From f33cf12fd3f13a4ac5d62e17782206950fc69d50 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 18:56:37 +0600
Subject: [PATCH 042/379] docs/run-an-instance: update headings

---
 docs/run-an-instance.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docs/run-an-instance.md b/docs/run-an-instance.md
index 1d4dcdc0..63841625 100644
--- a/docs/run-an-instance.md
+++ b/docs/run-an-instance.md
@@ -54,8 +54,7 @@ sudo apt install nscd
 sudo service nscd start
 ```
 
-## list of all environment variables
-### variables for api
+## list of environment variables for api
 | variable name         | default   | example                 | description |
 |:----------------------|:----------|:------------------------|:------------|
 | `API_PORT`            | `9000`    | `9000`                  | changes port from which api server is accessible. |
@@ -89,7 +88,7 @@ requests it makes for that particular download. to use freebind in cobalt, you n
 in a docker container, you also need to set the `API_LISTEN_ADDRESS` env to `127.0.0.1`, and set
 `network_mode` for the container to `host`.
 
-#### api key file format
+## api key file format
 the file is a JSON-serialized object with the following structure:
 ```typescript
 

From 155322a47bc44f5b77c7fc0796928f887e11ce49 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 18:59:07 +0600
Subject: [PATCH 043/379] docs/configure-for-youtube: clarify where to put the
 token

---
 docs/configure-for-youtube.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/configure-for-youtube.md b/docs/configure-for-youtube.md
index 345776a4..5a397f92 100644
--- a/docs/configure-for-youtube.md
+++ b/docs/configure-for-youtube.md
@@ -23,7 +23,7 @@ there's no other known workaround as of time of writing this document.
 3. follow instructions, use incognito mode in your browser when signing in.
 i cannot stress this enough, but again, **DO NOT USE YOUR PERSONAL GOOGLE ACCOUNT**.
 
-4. once you have the oauth token, add it to your cookies file.
+4. once you have the oauth token, add it to `youtube_oauth` in your cookies file.
 you can see an [example here](/docs/examples/cookies.example.json).
 you can have several account tokens in this file, if you like.
 

From 9d68247523890c83dc8ce13f150f11fddd12f051 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 19:06:48 +0600
Subject: [PATCH 044/379] api: remove the outdated setup script

---
 api/package.json      |   1 -
 api/src/util/setup.js | 105 ------------------------------------------
 2 files changed, 106 deletions(-)
 delete mode 100644 api/src/util/setup.js

diff --git a/api/package.json b/api/package.json
index ba346f39..948f8180 100644
--- a/api/package.json
+++ b/api/package.json
@@ -10,7 +10,6 @@
     },
     "scripts": {
         "start": "node src/cobalt",
-        "setup": "node src/util/setup",
         "test": "node src/util/test",
         "token:youtube": "node src/util/generate-youtube-tokens",
         "token:jwt": "node src/util/generate-jwt-secret"
diff --git a/api/src/util/setup.js b/api/src/util/setup.js
deleted file mode 100644
index 34b870cb..00000000
--- a/api/src/util/setup.js
+++ /dev/null
@@ -1,105 +0,0 @@
-import { existsSync, unlinkSync, appendFileSync } from "fs";
-import { createInterface } from "readline";
-import { Cyan, Bright } from "../misc/console-text.js";
-import { loadJSON } from "../misc/load-from-fs.js";
-import { execSync } from "child_process";
-
-const { version } = loadJSON("./package.json");
-
-let envPath = './.env';
-let q = `${Cyan('?')} \x1b[1m`;
-let ob = {};
-let rl = createInterface({ input: process.stdin, output: process.stdout });
-
-let final = () => {
-    if (existsSync(envPath)) unlinkSync(envPath);
-
-    for (let i in ob) {
-        appendFileSync(envPath, `${i}=${ob[i]}\n`)
-    }
-    console.log(Bright("\nAwesome! I've created a fresh .env file for you."));
-    console.log(`${Bright("Now I'll run")} ${Cyan("npm install")} ${Bright("to install all dependencies. It shouldn't take long.\n\n")}`);
-    execSync('pnpm install', { stdio: [0, 1, 2] });
-    console.log(`\n\n${Cyan("All done!\n")}`);
-    console.log(Bright("You can re-run this script at any time to update the configuration."));
-    console.log(Bright("\nYou're now ready to start cobalt. Simply run ") + Cyan("npm start") + Bright('!\nHave fun :)'));
-    rl.close()
-}
-
-console.log(
-    `${Cyan(`Hey, this is cobalt v.${version}!`)}\n${Bright("Let's start by creating a new ")}${Cyan(".env")}${Bright(" file. You can always change it later.")}`
-)
-
-function setup() {
-    console.log(Bright("\nWhat kind of server will this instance be?\nOptions: api, web."));
-
-    rl.question(q, r1 => {
-        switch (r1.toLowerCase()) {
-            case 'api':
-                console.log(Bright("\nCool! What's the domain this API instance will be running on? (localhost)\nExample: api.cobalt.tools"));
-
-                rl.question(q, apiURL => {
-                    ob.API_URL = `http://localhost:9000/`;
-                    ob.API_PORT = 9000;
-                    if (apiURL && apiURL !== "localhost") ob.API_URL = `https://${apiURL.toLowerCase()}/`;
-
-                    console.log(Bright("\nGreat! Now, what port will it be running on? (9000)"));
-
-                    rl.question(q, apiPort => {
-                        if (apiPort) ob.API_PORT = apiPort;
-                        if (apiPort && (apiURL === "localhost" || !apiURL)) ob.API_URL = `http://localhost:${apiPort}/`;
-
-                        console.log(Bright("\nWhat will your instance's name be? Usually it's something like eu-nl aka region-country. (local)"));
-
-                        rl.question(q, apiName => {
-                            ob.API_NAME = apiName.toLowerCase();
-                            if (!apiName || apiName === "local") ob.API_NAME = "local";
-
-                            console.log(Bright("\nOne last thing: would you like to enable CORS? It allows other websites and extensions to use your instance's API.\ny/n (n)"));
-
-                            rl.question(q, apiCors => {
-                                let answCors = apiCors.toLowerCase().trim();
-                                if (answCors !== "y" && answCors !== "yes") ob.CORS_WILDCARD = '0'
-                                final()
-                            })
-                        })
-                    });
-    
-                })
-                break;
-            case 'web':
-                console.log(Bright("\nAwesome! What's the domain this web app instance will be running on? (localhost)\nExample: cobalt.tools"));
-    
-                rl.question(q, webURL => {
-                    ob.WEB_URL = `http://localhost:9001/`;
-                    ob.WEB_PORT = 9001;
-                    if (webURL && webURL !== "localhost") ob.WEB_URL = `https://${webURL.toLowerCase()}/`;
-    
-                    console.log(
-                        Bright("\nGreat! Now, what port will it be running on? (9001)")
-                    )
-                    rl.question(q, webPort => {
-                        if (webPort) ob.WEB_PORT = webPort;
-                        if (webPort && (webURL === "localhost" || !webURL)) ob.WEB_URL = `http://localhost:${webPort}/`;
-
-                        console.log(
-                            Bright("\nOne last thing: what default API domain should be used? (api.cobalt.tools)\nIf it's hosted locally, make sure to include the port:") + Cyan(" localhost:9000")
-                        );
-
-                        rl.question(q, apiURL => {
-                            ob.API_URL = `https://${apiURL.toLowerCase()}/`;
-                            if (apiURL.includes(':')) ob.API_URL = `http://${apiURL.toLowerCase()}/`;
-                            if (!apiURL) ob.API_URL = "https://api.cobalt.tools/";
-                            final()
-                        })
-                    });
-    
-                });
-                break;
-            default:
-                console.log(Bright("\nThis is not an option. Try again."));
-                setup()
-        }
-    })
-}
-setup()

From 16c5450d408b73e8ca683805aa02f9aef9b9c83e Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 19:07:42 +0600
Subject: [PATCH 045/379] api/cobalt: update api url error message

---
 api/src/cobalt.js | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/api/src/cobalt.js b/api/src/cobalt.js
index c548e792..363930ba 100644
--- a/api/src/cobalt.js
+++ b/api/src/cobalt.js
@@ -2,26 +2,24 @@ import "dotenv/config";
 
 import express from "express";
 
-import path from 'path';
-import { fileURLToPath } from 'url';
+import path from "path";
+import { fileURLToPath } from "url";
 
 import { env } from "./config.js"
-import { Bright, Green, Red } from "./misc/console-text.js";
+import { Red } from "./misc/console-text.js";
 
 const app = express();
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename).slice(0, -4);
 
-app.disable('x-powered-by');
+app.disable("x-powered-by");
 
 if (env.apiURL) {
-    const { runAPI } = await import('./core/api.js');
+    const { runAPI } = await import("./core/api.js");
     runAPI(express, app, __dirname)
 } else {
     console.log(
-        Red(`cobalt wasn't configured yet or configuration is invalid.\n`)
-        + Bright(`please run the setup script to fix this: `)
-        + Green(`npm run setup`)
+        Red("API_URL env variable is missing, cobalt api can't start.")
     )
 }

From a81a19de6825d6c4199a1f4989322328332c50d4 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 19:26:19 +0600
Subject: [PATCH 046/379] docs/protect-an-instance: add a command for
 generating a secret

---
 docs/protect-an-instance.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index 59c7fa27..5604ddec 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -77,14 +77,18 @@ if you have other variables there, just add new ones after existing ones.
 > never use any values from the tutorial, especially `JWT_SECRET`!
 
 1. open your `docker-compose.yml` config file in any text editor of choice.
-2. copy the turnstile sitekey & secret key and paste them to their respective variables. `TURNSTILE_SITEKEY` for the sitekey and `TURNSTILE_SECRET` for the secret key:
+2. copy the turnstile sitekey & secret key and paste them to their respective variables.
+`TURNSTILE_SITEKEY` for the sitekey and `TURNSTILE_SECRET` for the secret key:
 ```yml
 environment:
     API_URL: "https://your.instance.url.here.local/"
     TURNSTILE_SITEKEY: "2x00000000000000000000BB" # use your key
     TURNSTILE_SECRET: "2x0000000000000000000000000000000AA" # use your key
 ```
-3. generate a `JWT_SECRET`. we recommend using an alphanumeric collection with a length of at least 64 characters. this string will be used as salt for all JWT keys.
+3. generate a `JWT_SECRET`. we recommend using an alphanumeric collection with a length of at least 64 characters.
+this string will be used as salt for all JWT keys.
+
+    you can generate a random secret with `pnpm -r token:jwt` or use any other that you like.
 
 ```yml
 environment:

From 9790179e29e498494e01d7d300ff2203aa681df2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 19:51:35 +0600
Subject: [PATCH 047/379] docs/protect-an-instance: add api keys configuration

---
 docs/protect-an-instance.md | 52 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 51 insertions(+), 1 deletion(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index 5604ddec..e0ba7f3b 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -13,7 +13,7 @@ all you need is a free cloudflare account to get started.
 
 cloudflare dashboard interface might change over time, but basics should stay the same.
 
-> [!CAUTION]
+> [!WARNING]
 > never share the turnstile secret key, always keep it private. if accidentally exposed, rotate it in widget settings.
 
 1. open [the cloudflare dashboard](https://dash.cloudflare.com/) and log into your account
@@ -97,3 +97,53 @@ environment:
     TURNSTILE_SECRET: "2x0000000000000000000000000000000AA" # use your key
     JWT_SECRET: "bgBmF4efNCKPirDqTc4FMmbX8P22I31oCj5R1zDiDi5sy8CWPnfLUct7rk5RlZUS" # create a new secret, NEVER use this one
 ```
+4. restart the docker container.
+
+## configure api keys
+if you want to use your instance outside of web interface, you'll need an api key!
+
+> [!NOTE]
+> this tutorial assumes that you'll keep your keys file locally, on the instance server.
+> if you wish to upload your file to a remote location,
+> replace the value for `API_KEYS_URL` with a direct url to the file.
+
+> [!WARNING]
+> when storing keys file remotely, make sure that it's not publicly accessible
+> and that link to it is either authenticated (via query) or impossible to guess.
+>
+> if api keys leak, you'll have to update/remove all UUIDs to revoke them.
+
+1. create a `keys.json` file following [the schema and example here](/docs//run-an-instance.md#api-key-file-format).
+
+2. expose the `keys.json` to the docker container:
+```yml
+volumes:
+    - ./keys.json:/keys.json:ro # ro - read-only
+```
+
+3. add a path to the keys file to container environment:
+```yml
+environment:
+    # ... other variables here ...
+    API_KEY_URL: "file:///keys.json"
+```
+
+4. restart the docker container.
+
+## limit access to an instance with api keys but no turnstile
+by default, api keys are additional, meaning that they're not *required*,
+but work alongside with turnstile or no auth (regular ip hash rate limiting).
+
+to always require auth (via keys or turnstile, if configured), set `API_AUTH_REQUIRED` to 1:
+```yml
+environment:
+    # ... other variables here ...
+    API_AUTH_REQUIRED: 1
+```
+
+- if both keys and turnstile are enabled, then nothing will change.
+- if only keys are configured, then all requests without a valid api key will be refused.
+
+### why not make keys exclusive by default?
+keys may be useful for going around rate limiting,
+while keeping the rest of api rate limited, with no turnstile in place.

From 43b3139b4a318ecc27a33fead946fe990f19a89e Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 19:53:17 +0600
Subject: [PATCH 048/379] docs/protect-an-instance: skip second step of api
 keys config if remote

---
 docs/protect-an-instance.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index e0ba7f3b..2cfcd808 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -105,7 +105,8 @@ if you want to use your instance outside of web interface, you'll need an api ke
 > [!NOTE]
 > this tutorial assumes that you'll keep your keys file locally, on the instance server.
 > if you wish to upload your file to a remote location,
-> replace the value for `API_KEYS_URL` with a direct url to the file.
+> replace the value for `API_KEYS_URL` with a direct url to the file
+> and skip the second step.
 
 > [!WARNING]
 > when storing keys file remotely, make sure that it's not publicly accessible

From 4efe6d9350bb6770757632d2ddf81b24fcc90e8a Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 14:14:47 +0000
Subject: [PATCH 049/379] api/config: disallow `JWT_SECRET`s shorter than 16
 chars

---
 api/src/config.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/src/config.js b/api/src/config.js
index 3a28d7ce..02584212 100644
--- a/api/src/config.js
+++ b/api/src/config.js
@@ -54,6 +54,10 @@ const env = {
 const genericUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36";
 const cobaltUserAgent = `cobalt/${version} (+https://github.com/imputnet/cobalt)`;
 
+if (env.sessionEnabled && env.jwtSecret.length < 16) {
+    throw new Error("JWT_SECRET env is too short (must be at least 16 characters long)");
+}
+
 export {
     env,
     genericUserAgent,

From 4b1ea6ed8034818b79af9cf01425454184b409b0 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 20 Oct 2024 20:18:50 +0600
Subject: [PATCH 050/379] docs/protect-an-instance: update the template secret
 to fail

---
 docs/protect-an-instance.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index 2cfcd808..9b4131c1 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -95,7 +95,7 @@ environment:
     API_URL: "https://your.instance.url.here.local/"
     TURNSTILE_SITEKEY: "2x00000000000000000000BB" # use your key
     TURNSTILE_SECRET: "2x0000000000000000000000000000000AA" # use your key
-    JWT_SECRET: "bgBmF4efNCKPirDqTc4FMmbX8P22I31oCj5R1zDiDi5sy8CWPnfLUct7rk5RlZUS" # create a new secret, NEVER use this one
+    JWT_SECRET: "bgBmF4efNCKPirD" # create a new secret, NEVER use this one
 ```
 4. restart the docker container.
 

From 429b7c85aa91b284c01435dd49ea8d2e417a8d9c Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 23:12:07 +0200
Subject: [PATCH 051/379] docs/configure-for-youtube: change pnpm command

---
 docs/configure-for-youtube.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/configure-for-youtube.md b/docs/configure-for-youtube.md
index 5a397f92..65795912 100644
--- a/docs/configure-for-youtube.md
+++ b/docs/configure-for-youtube.md
@@ -18,7 +18,7 @@ there's no other known workaround as of time of writing this document.
 
 1. if you haven't done it already, clone the cobalt repo, go to the cloned directory, and run `pnpm install`
 
-2. run `pnpm -r token:youtube`
+2. run `pnpm run -C api token:youtube`
 
 3. follow instructions, use incognito mode in your browser when signing in.
 i cannot stress this enough, but again, **DO NOT USE YOUR PERSONAL GOOGLE ACCOUNT**.

From 1b9855206ee5861f48262a390f5dcd7e8949482f Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 20 Oct 2024 23:12:35 +0200
Subject: [PATCH 052/379] docs/configure-for-youtube: omit `run` from pnpm
 command

---
 docs/configure-for-youtube.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/configure-for-youtube.md b/docs/configure-for-youtube.md
index 65795912..fe286d86 100644
--- a/docs/configure-for-youtube.md
+++ b/docs/configure-for-youtube.md
@@ -18,7 +18,7 @@ there's no other known workaround as of time of writing this document.
 
 1. if you haven't done it already, clone the cobalt repo, go to the cloned directory, and run `pnpm install`
 
-2. run `pnpm run -C api token:youtube`
+2. run `pnpm -C api token:youtube`
 
 3. follow instructions, use incognito mode in your browser when signing in.
 i cannot stress this enough, but again, **DO NOT USE YOUR PERSONAL GOOGLE ACCOUNT**.

From 9d59a2f5d20e59e1918a2df6b01773d5c396c668 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 22 Oct 2024 14:16:10 +0600
Subject: [PATCH 053/379] web/about/terms: point out even more that safety
 email is not support

---
 web/i18n/en/about/terms.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/web/i18n/en/about/terms.md b/web/i18n/en/about/terms.md
index a134ab84..aa32fd65 100644
--- a/web/i18n/en/about/terms.md
+++ b/web/i18n/en/about/terms.md
@@ -48,9 +48,10 @@ fair use and credits benefit everyone.
     sectionId="abuse"
 />
 
-we have no way of detecting abusive behavior automatically, as cobalt is 100% anonymous.
-however, you can report such activities to us and we will do our best to comply manually: [safety@imput.net](mailto:safety@imput.net)
+we have no way of detecting abusive behavior automatically because cobalt is 100% anonymous.
+however, you can report such activities to us and we will do our best to comply manually: **safety@imput.net**
+
+**this email is not intended for user support, you will not get a response if your concern is not related to abuse.**
 
-please note that this email is not intended for user support.
 if you're experiencing issues, contact us via any preferred method on [the support page](/about/community).
 </section>

From a3ee3d9c16bf8b636c3cab773d48e26543055cc4 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 23 Oct 2024 14:01:10 +0600
Subject: [PATCH 054/379] api/youtube: catch one more age limit error

---
 api/src/processing/services/youtube.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 46f72a5b..a6cdc9a2 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -170,6 +170,10 @@ export default async function(o) {
         }
     }
 
+    if (playability.status === "AGE_VERIFICATION_REQUIRED") {
+        return { error: "content.video.age" }
+    }
+
     if (playability.status !== "OK") {
         return { error: "content.video.unavailable" };
     }

From ae271fd3c631c1b0a90cd0bb7dca5c8660802e83 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 23 Oct 2024 18:08:50 +0600
Subject: [PATCH 055/379] api/youtube: refactor playability status handling

---
 api/src/processing/services/youtube.js | 79 +++++++++++++-------------
 1 file changed, 41 insertions(+), 38 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index a6cdc9a2..95581863 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -1,5 +1,4 @@
 import { fetch } from "undici";
-
 import { Innertube, Session } from "youtubei.js";
 
 import { env } from "../../config.js";
@@ -146,41 +145,49 @@ export default async function(o) {
     const playability = info.playability_status;
     const basicInfo = info.basic_info;
 
-    if (playability.status === "LOGIN_REQUIRED") {
-        if (playability.reason.endsWith("bot")) {
-            return { error: "youtube.login" }
-        }
-        if (playability.reason.endsWith("age")) {
-            return { error: "content.video.age" }
-        }
-        if (playability?.error_screen?.reason?.text === "Private video") {
-            return { error: "content.video.private" }
-        }
+    switch(playability.status) {
+        case "OK":
+            break;
+
+        case "LOGIN_REQUIRED":
+            if (playability.reason.endsWith("bot")) {
+                return { error: "youtube.login" }
+            }
+            if (playability.reason.endsWith("age")) {
+                return { error: "content.video.age" }
+            }
+            if (playability?.error_screen?.reason?.text === "Private video") {
+                return { error: "content.video.private" }
+            }
+            break;
+
+        case "UNPLAYABLE":
+            if (playability?.reason?.endsWith("request limit.")) {
+                return { error: "fetch.rate" }
+            }
+            if (playability?.error_screen?.subreason?.text?.endsWith("in your country")) {
+                return { error: "content.video.region" }
+            }
+            if (playability?.error_screen?.reason?.text === "Private video") {
+                return { error: "content.video.private" }
+            }
+            break;
+
+        case "AGE_VERIFICATION_REQUIRED":
+            return { error: "content.video.age" };
+
+        default:
+            return { error: "content.video.unavailable" };
     }
 
-    if (playability.status === "UNPLAYABLE") {
-        if (playability?.reason?.endsWith("request limit.")) {
-            return { error: "fetch.rate" }
-        }
-        if (playability?.error_screen?.subreason?.text?.endsWith("in your country")) {
-            return { error: "content.video.region" }
-        }
-        if (playability?.error_screen?.reason?.text === "Private video") {
-            return { error: "content.video.private" }
-        }
-    }
-
-    if (playability.status === "AGE_VERIFICATION_REQUIRED") {
-        return { error: "content.video.age" }
-    }
-
-    if (playability.status !== "OK") {
-        return { error: "content.video.unavailable" };
-    }
     if (basicInfo.is_live) {
         return { error: "content.video.live" };
     }
 
+    if (basicInfo.duration > env.durationLimit) {
+        return { error: "content.too_long" };
+    }
+
     // return a critical error if returned video is "Video Not Available"
     // or a similar stub by youtube
     if (basicInfo.id !== o.id) {
@@ -212,11 +219,9 @@ export default async function(o) {
 
     if (bestVideo) bestQuality = qual(bestVideo);
 
-    if ((!bestQuality && !o.isAudioOnly) || !hasAudio)
+    if ((!bestQuality && !o.isAudioOnly) || !hasAudio) {
         return { error: "youtube.codec" };
-
-    if (basicInfo.duration > env.durationLimit)
-        return { error: "content.too_long" };
+    }
 
     const checkBestAudio = (i) => (i.has_audio && !i.has_video);
 
@@ -226,9 +231,7 @@ export default async function(o) {
 
     if (o.dubLang) {
         let dubbedAudio = adaptive_formats.find(i =>
-            checkBestAudio(i)
-            && i.language === o.dubLang
-            && i.audio_track
+            checkBestAudio(i) && i.language === o.dubLang && i.audio_track
         )
 
         if (dubbedAudio && !dubbedAudio?.audio_track?.audio_is_default) {
@@ -313,5 +316,5 @@ export default async function(o) {
         }
     }
 
-    return { error: "fetch.fail" }
+    return { error: "fetch.fail" };
 }

From cfb05282c351185b44f7768e75f2354f4ff72cb7 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 23 Oct 2024 19:56:59 +0600
Subject: [PATCH 056/379] api/youtube: refactor, fallback codecs, don't return
 premuxed videos

---
 api/src/processing/services/youtube.js | 99 ++++++++++----------------
 1 file changed, 39 insertions(+), 60 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 95581863..e2f83c5d 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -9,7 +9,7 @@ const PLAYER_REFRESH_PERIOD = 1000 * 60 * 15; // ms
 
 let innertube, lastRefreshedAt;
 
-const codecMatch = {
+const codecList = {
     h264: {
         videoCodec: "avc1",
         audioCodec: "mp4a",
@@ -120,12 +120,12 @@ export default async function(o) {
     let info, isDubbed,
         format = o.format || "h264";
 
-    function qual(i) {
+    const qual = (i) => {
         if (!i.quality_label) {
             return;
         }
 
-        return i.quality_label.split('p')[0].split('s')[0]
+        return i.quality_label.split('p', 2)[0].split('s', 2)[0]
     }
 
     try {
@@ -198,36 +198,31 @@ export default async function(o) {
     }
 
     const filterByCodec = (formats) =>
-        formats
-        .filter(e =>
-            e.mime_type.includes(codecMatch[format].videoCodec)
-            || e.mime_type.includes(codecMatch[format].audioCodec)
-        )
-        .sort((a, b) => Number(b.bitrate) - Number(a.bitrate));
+        formats.filter(e =>
+            e.mime_type.includes(codecList[format].videoCodec)
+            || e.mime_type.includes(codecList[format].audioCodec)
+        ).sort((a, b) =>
+            Number(b.bitrate) - Number(a.bitrate)
+        );
 
     let adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
 
-    if (adaptive_formats.length === 0 && format === "vp9") {
-        format = "h264"
-        adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats)
+    if (adaptive_formats.length === 0 && ["vp9", "av1"].includes(format)) {
+        format = "h264";
+        adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
     }
 
-    let bestQuality;
-
     const bestVideo = adaptive_formats.find(i => i.has_video && i.content_length);
     const hasAudio = adaptive_formats.find(i => i.has_audio && i.content_length);
 
-    if (bestVideo) bestQuality = qual(bestVideo);
-
-    if ((!bestQuality && !o.isAudioOnly) || !hasAudio) {
-        return { error: "youtube.codec" };
+    if (!bestVideo || (!hasAudio && o.isAudioOnly)) {
+        return { error: "fetch.empty" };
     }
 
+    const bestQuality = qual(bestVideo);
     const checkBestAudio = (i) => (i.has_audio && !i.has_video);
 
-    let audio = adaptive_formats.find(i =>
-        checkBestAudio(i) && i.is_original
-    );
+    let audio = adaptive_formats.find(i => checkBestAudio(i) && i.is_original);
 
     if (o.dubLang) {
         let dubbedAudio = adaptive_formats.find(i =>
@@ -244,13 +239,14 @@ export default async function(o) {
         audio = adaptive_formats.find(i => checkBestAudio(i));
     }
 
-    let fileMetadata = {
+    const fileMetadata = {
         title: cleanString(basicInfo.title.trim()),
-        artist: cleanString(basicInfo.author.replace("- Topic", "").trim()),
+        artist: cleanString(basicInfo.author.replace("- Topic", "").trim())
     }
 
     if (basicInfo?.short_description?.startsWith("Provided to YouTube by")) {
-        let descItems = basicInfo.short_description.split("\n\n", 5);
+        const descItems = basicInfo.short_description.split("\n\n", 5);
+
         if (descItems.length === 5) {
             fileMetadata.album = descItems[2];
             fileMetadata.copyright = descItems[3];
@@ -260,7 +256,7 @@ export default async function(o) {
         }
     }
 
-    let filenameAttributes = {
+    const filenameAttributes = {
         service: "youtube",
         id: o.id,
         title: fileMetadata.title,
@@ -271,46 +267,29 @@ export default async function(o) {
     if (audio && o.isAudioOnly) return {
         type: "audio",
         isAudioOnly: true,
-        urls: audio.decipher(yt.session.player),
-        filenameAttributes: filenameAttributes,
-        fileMetadata: fileMetadata,
-        bestAudio: format === "h264" ? "m4a" : "opus"
+        urls: audio.url,
+        filenameAttributes,
+        fileMetadata,
+        bestAudio: format === "h264" ? "m4a" : "opus",
     }
 
-    const matchingQuality = Number(quality) > Number(bestQuality) ? bestQuality : quality,
-        checkSingle = i =>
-            qual(i) === matchingQuality && i.mime_type.includes(codecMatch[format].videoCodec),
-        checkRender = i =>
-            qual(i) === matchingQuality && i.has_video && !i.has_audio;
+    const matchingQuality = Number(quality) > Number(bestQuality) ? bestQuality : quality;
+    const video = adaptive_formats.find(i =>
+        qual(i) === matchingQuality && i.has_video && !i.has_audio
+    );
 
-    let match, type, urls;
-
-    // prefer good premuxed videos if available
-    if (!o.isAudioOnly && !o.isAudioMuted && format === "h264" && bestVideo.fps <= 30) {
-        match = info.streaming_data.formats.find(checkSingle);
-        type = "proxy";
-        urls = match?.decipher(yt.session.player);
-    }
-
-    const video = adaptive_formats.find(checkRender);
-
-    if (!match && video && audio) {
-        match = video;
-        type = "merge";
-        urls = [
-            video.decipher(yt.session.player),
-            audio.decipher(yt.session.player)
-        ]
-    }
-
-    if (match) {
-        filenameAttributes.qualityLabel = match.quality_label;
-        filenameAttributes.resolution = `${match.width}x${match.height}`;
-        filenameAttributes.extension = codecMatch[format].container;
+    if (video && audio) {
+        filenameAttributes.qualityLabel = video.quality_label;
+        filenameAttributes.resolution = `${video.width}x${video.height}`;
+        filenameAttributes.extension = codecList[format].container;
         filenameAttributes.youtubeFormat = format;
+
         return {
-            type,
-            urls,
+            type: "merge",
+            urls: [
+                video.url,
+                audio.url
+            ],
             filenameAttributes,
             fileMetadata
         }

From 52c171460833215ca2af0bb33a049c40ac267363 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 26 Oct 2024 22:38:42 +0600
Subject: [PATCH 057/379] web/i18n/settings: fix typo in youtube codec
 description

---
 web/i18n/en/settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index 8d003439..2b34eb62 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -30,7 +30,7 @@
     "video.quality.description": "if preferred video quality isn't available, next best is picked instead.",
 
     "video.youtube.codec": "youtube video codec and container",
-    "video.youtube.codec.description": "h264: best compatibility, average bitrate. max quality is 1080p. \nav1: best quality, efficiency, and bitrate. supports 8k & HDR. \nvp9: same quality & bitrate as av1, but file is approximately two times bigger. supports 4k & HDR.\n\nav1 and vp9 aren't as widely supported as h264.",
+    "video.youtube.codec.description": "h264: best compatibility, average bitrate. max quality is 1080p. \nav1: best quality, efficiency, and bitrate. supports 8k & HDR. \nvp9: same quality as av1, but file is approximately two times bigger. supports 4k & HDR.\n\nav1 and vp9 aren't as widely supported as h264.",
 
     "video.twitter.gif": "twitter/x",
     "video.twitter.gif.title": "convert looping videos to GIF",

From 3907697fa708e5c1d19b4d23c9c1809e86801f9f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 26 Oct 2024 22:45:16 +0600
Subject: [PATCH 058/379] web/i18n/settings: rephrase the youtube codec desc

also added info about fallback
---
 web/i18n/en/settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index 2b34eb62..8e5a402c 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -30,7 +30,7 @@
     "video.quality.description": "if preferred video quality isn't available, next best is picked instead.",
 
     "video.youtube.codec": "youtube video codec and container",
-    "video.youtube.codec.description": "h264: best compatibility, average bitrate. max quality is 1080p. \nav1: best quality, efficiency, and bitrate. supports 8k & HDR. \nvp9: same quality as av1, but file is approximately two times bigger. supports 4k & HDR.\n\nav1 and vp9 aren't as widely supported as h264.",
+    "video.youtube.codec.description": "h264: best compatibility, average quality. max quality is 1080p. \nav1: best quality and efficiency. supports 8k & HDR. \nvp9: same quality as av1, but file is ~2x bigger. supports 4k & HDR.\n\nav1 and vp9 aren't as widely supported as h264. if av1 or vp9 isn't available, h264 is used instead.",
 
     "video.twitter.gif": "twitter/x",
     "video.twitter.gif.title": "convert looping videos to GIF",

From 8b15fe78637588a71c34dc712ef6c689e114d340 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 26 Oct 2024 22:49:16 +0600
Subject: [PATCH 059/379] api/youtube: check if playability is ok after the
 status switch

---
 api/src/processing/services/youtube.js | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index e2f83c5d..7517c351 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -146,9 +146,6 @@ export default async function(o) {
     const basicInfo = info.basic_info;
 
     switch(playability.status) {
-        case "OK":
-            break;
-
         case "LOGIN_REQUIRED":
             if (playability.reason.endsWith("bot")) {
                 return { error: "youtube.login" }
@@ -175,9 +172,10 @@ export default async function(o) {
 
         case "AGE_VERIFICATION_REQUIRED":
             return { error: "content.video.age" };
+    }
 
-        default:
-            return { error: "content.video.unavailable" };
+    if (playability.status !== "OK") {
+        return { error: "content.video.unavailable" };
     }
 
     if (basicInfo.is_live) {

From 66bb76e1c7410e62146abc5f52cf0c097806e4d6 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 26 Oct 2024 23:06:43 +0600
Subject: [PATCH 060/379] web/i18n/settings: update preferred language
 description

---
 web/i18n/en/settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index 8e5a402c..ba2fc886 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -91,7 +91,7 @@
     "language.auto.title": "automatic selection",
     "language.auto.description": "cobalt will use your browser's default language if translation is available. if not, english will be used instead.",
     "language.preferred.title": "preferred language",
-    "language.preferred.description": "this language will be used when automatic selection is disabled. any text that isn't translated will be displayed in english.\n\nwe use community-sourced translations for languages other than english, russian, and czech. they may be inaccurate or incomplete.",
+    "language.preferred.description": "this language will be used when automatic selection is disabled. any text that isn't translated will be displayed in english.\n\nsome languages use community-sourced translations, they may be inaccurate or incomplete.",
 
     "privacy.analytics": "anonymous traffic analytics",
     "privacy.analytics.title": "don't contribute to analytics",

From fb7325f3b2a9ebcbe60061a10bf343800cff0a90 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 26 Oct 2024 23:53:43 +0600
Subject: [PATCH 061/379] api/youtube: more refactoring, return audio even if
 there's no video

---
 api/src/processing/services/youtube.js | 31 +++++++++++++-------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 7517c351..b4583051 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -115,19 +115,7 @@ export default async function(o) {
         } else throw e;
     }
 
-    const quality = o.quality === "max" ? "9000" : o.quality;
-
-    let info, isDubbed,
-        format = o.format || "h264";
-
-    const qual = (i) => {
-        if (!i.quality_label) {
-            return;
-        }
-
-        return i.quality_label.split('p', 2)[0].split('s', 2)[0]
-    }
-
+    let info;
     try {
         info = await yt.getBasicInfo(o.id, yt.session.logged_in ? 'ANDROID' : 'IOS');
     } catch(e) {
@@ -195,6 +183,8 @@ export default async function(o) {
         }
     }
 
+    let format = o.format || "h264";
+
     const filterByCodec = (formats) =>
         formats.filter(e =>
             e.mime_type.includes(codecList[format].videoCodec)
@@ -213,14 +203,14 @@ export default async function(o) {
     const bestVideo = adaptive_formats.find(i => i.has_video && i.content_length);
     const hasAudio = adaptive_formats.find(i => i.has_audio && i.content_length);
 
-    if (!bestVideo || (!hasAudio && o.isAudioOnly)) {
+    if ((!bestVideo && !o.isAudioOnly) || (!hasAudio && o.isAudioOnly)) {
         return { error: "fetch.empty" };
     }
 
-    const bestQuality = qual(bestVideo);
     const checkBestAudio = (i) => (i.has_audio && !i.has_video);
 
     let audio = adaptive_formats.find(i => checkBestAudio(i) && i.is_original);
+    let isDubbed;
 
     if (o.dubLang) {
         let dubbedAudio = adaptive_formats.find(i =>
@@ -271,7 +261,18 @@ export default async function(o) {
         bestAudio: format === "h264" ? "m4a" : "opus",
     }
 
+    const qual = (i) => {
+        if (!i.quality_label) {
+            return;
+        }
+
+        return i.quality_label.split('p', 2)[0].split('s', 2)[0]
+    }
+
+    const quality = o.quality === "max" ? "9000" : o.quality;
+    const bestQuality = qual(bestVideo);
     const matchingQuality = Number(quality) > Number(bestQuality) ? bestQuality : quality;
+
     const video = adaptive_formats.find(i =>
         qual(i) === matchingQuality && i.has_video && !i.has_audio
     );

From 2ccc2106224b61915c7b4f85c0d5b2ce8aa81d18 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 26 Oct 2024 18:07:13 +0000
Subject: [PATCH 062/379] api/test: add test for audio download if no video
 found

tests for bug fixed in fb7325f3b2a9ebcbe60061a10bf343800cff0a90
---
 api/src/util/tests.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/api/src/util/tests.json b/api/src/util/tests.json
index 402a2baf..c8a1782d 100644
--- a/api/src/util/tests.json
+++ b/api/src/util/tests.json
@@ -486,6 +486,17 @@
                 "code": 400,
                 "status": "error"
             }
+        },
+        {
+            "name": "broken audioOnly download",
+            "url": "https://www.youtube.com/watch?v=ink80Al5nbw",
+            "params": {
+                "downloadMode": "audio"
+            },
+            "expected": {
+                "code": 200,
+                "status": "tunnel"
+            }
         }
     ],
     "vk": [

From d8b7a6b5591d484a593126c8d319d9e32caf4bfa Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 26 Oct 2024 18:08:24 +0000
Subject: [PATCH 063/379] api/test: remove youtube vp9 test

we fall back to h264 now, so this will always succeed
---
 api/src/util/tests.json | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/api/src/util/tests.json b/api/src/util/tests.json
index c8a1782d..2d8d8708 100644
--- a/api/src/util/tests.json
+++ b/api/src/util/tests.json
@@ -437,17 +437,6 @@
                 "status": "tunnel"
             }
         },
-        {
-            "name": "audio bitrate higher than video, no vp9 video in response (vp9)",
-            "url": "https://www.youtube.com/watch?v=t5nC_ucYBrc",
-            "params": {
-                "youtubeVideoCodec": "vp9"
-            },
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        },
         {
             "name": "short, defaults",
             "url": "https://www.youtube.com/shorts/r5FpeOJItbw",

From a4e6b49d7fc2b375013981b3c37698805ba4dd9a Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 26 Oct 2024 18:28:25 +0000
Subject: [PATCH 064/379] util/jwt: ensure uniform distribution of characters

---
 api/src/util/generate-jwt-secret.js | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/api/src/util/generate-jwt-secret.js b/api/src/util/generate-jwt-secret.js
index 83f0aa5b..8db6e230 100644
--- a/api/src/util/generate-jwt-secret.js
+++ b/api/src/util/generate-jwt-secret.js
@@ -4,8 +4,17 @@ const makeSecureString = (length = 64) => {
     const alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-';
     const out = [];
 
-    for (const byte of crypto.getRandomValues(new Uint8Array(length)))
-        out.push(alphabet[byte % alphabet.length]);
+    while (out.length < length) {
+        for (const byte of crypto.getRandomValues(new Uint8Array(length))) {
+            if (byte < alphabet.length) {
+                out.push(alphabet[byte]);
+            }
+
+            if (out.length === length) {
+                break;
+            }
+        }
+    }
 
     return out.join('');
 }

From c463e3eabb8b8303590449def8d68b482ba1ea95 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 27 Oct 2024 19:18:15 +0100
Subject: [PATCH 065/379] ci: run codeql on all branches

---
 .github/workflows/codeql.yml | 93 ++++++++++++++++++++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..47ea374e
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,93 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+    branches: [ "main", "7" ]
+  schedule:
+    - cron: '33 7 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: javascript-typescript
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        echo 'If you are using a "manual" build mode for one or more of the' \
+          'languages you are analyzing, replace this with the commands to build' \
+          'your code, for example:'
+        echo '  make bootstrap'
+        echo '  make release'
+        exit 1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

From b22d0efbf1ad781767c124cebb1b869d1f1d6e03 Mon Sep 17 00:00:00 2001
From: KwiatekMiki <hi@kwiatekmiki.pl>
Date: Sun, 27 Oct 2024 18:34:11 +0100
Subject: [PATCH 066/379] api/service-patterns: recognize older streamable
 links (#862)

---
 api/src/processing/service-patterns.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/service-patterns.js b/api/src/processing/service-patterns.js
index 7f8982b5..9a0acd75 100644
--- a/api/src/processing/service-patterns.js
+++ b/api/src/processing/service-patterns.js
@@ -36,7 +36,7 @@ export const testers = {
         || pattern.shortLink?.length <= 16,
 
     "streamable": pattern =>
-        pattern.id?.length === 6,
+        pattern.id?.length <= 6,
 
     "tiktok": pattern =>
         pattern.postId?.length <= 21 || pattern.shortLink?.length <= 13,

From 5ea23bee134de366a8e7ebb99b6413505c4a8128 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 27 Oct 2024 17:52:04 +0000
Subject: [PATCH 067/379] api/console-text: refactor

---
 api/src/misc/console-text.js | 37 ++++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/api/src/misc/console-text.js b/api/src/misc/console-text.js
index 6ce747d7..8df8fcc6 100644
--- a/api/src/misc/console-text.js
+++ b/api/src/misc/console-text.js
@@ -1,23 +1,36 @@
-function t(color, tt) {
-    return color + tt + "\x1b[0m"
+const ANSI = {
+    RESET: "\x1b[0m",
+    BRIGHT: "\x1b[1m",
+    RED: "\x1b[31m",
+    GREEN: "\x1b[32m",
+    CYAN: "\x1b[36m",
+    YELLOW: "\x1b[93m"
 }
 
-export function Bright(tt) {
-    return t("\x1b[1m", tt)
+function wrap(color, text) {
+    if (!ANSI[color.toUpperCase()]) {
+        throw "invalid color";
+    }
+
+    return ANSI[color.toUpperCase()] + text + ANSI.RESET;
 }
 
-export function Red(tt) {
-    return t("\x1b[31m", tt)
+export function Bright(text) {
+    return wrap('bright', text);
 }
 
-export function Green(tt) {
-    return t("\x1b[32m", tt)
+export function Red(text) {
+    return wrap('red', text);
 }
 
-export function Cyan(tt) {
-    return t("\x1b[36m", tt)
+export function Green(text) {
+    return wrap('green', text);
 }
 
-export function Yellow(tt) {
-    return t("\x1b[93m", tt)
+export function Cyan(text) {
+    return wrap('cyan', text);
+}
+
+export function Yellow(text) {
+    return wrap('yellow', text);
 }

From af50852815ceaf7ca4f1b4a8dffca5d961a2f812 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 27 Oct 2024 18:00:05 +0000
Subject: [PATCH 068/379] api/api-keys: log message to confirm successful file
 load

---
 api/src/security/api-keys.js | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/api/src/security/api-keys.js b/api/src/security/api-keys.js
index 72063099..bbb00194 100644
--- a/api/src/security/api-keys.js
+++ b/api/src/security/api-keys.js
@@ -1,6 +1,6 @@
 import { env } from "../config.js";
 import { readFile } from "node:fs/promises";
-import { Yellow } from "../misc/console-text.js";
+import { Green, Yellow } from "../misc/console-text.js";
 import ip from "ipaddr.js";
 
 // this function is a modified variation of code
@@ -134,9 +134,13 @@ const loadKeys = async (source) => {
     keys = formatKeys(updated);
 }
 
-const wrapLoad = (url) => {
+const wrapLoad = (url, initial = false) => {
     loadKeys(url)
-    .then(() => {})
+    .then(() => {
+        if (initial) {
+            console.log(`${Green('[✓]')} api keys loaded successfully!`)
+        }
+    })
     .catch((e) => {
         console.error(`${Yellow('[!]')} Failed loading API keys at ${new Date().toISOString()}.`);
         console.error('Error:', e);
@@ -200,7 +204,7 @@ export const validateAuthorization = (req) => {
 }
 
 export const setup = (url) => {
-    wrapLoad(url);
+    wrapLoad(url, true);
     if (env.keyReloadInterval > 0) {
         setInterval(() => wrapLoad(url), env.keyReloadInterval * 1000);
     }

From 5a5a65b3734554b47804ef5584dabbcab442bd93 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 27 Oct 2024 18:10:57 +0000
Subject: [PATCH 069/379] api/cookies: trigger cookie load from api entrypoint

---
 api/src/core/api.js                  |  5 +++++
 api/src/processing/cookie/manager.js | 10 ++--------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/api/src/core/api.js b/api/src/core/api.js
index b3123033..4811cd40 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -18,6 +18,7 @@ import { friendlyServiceName } from "../processing/service-alias.js";
 import { verifyStream, getInternalStream } from "../stream/manage.js";
 import { createResponse, normalizeRequest, getIP } from "../processing/request.js";
 import * as APIKeys from "../security/api-keys.js";
+import * as Cookies from "../processing/cookie/manager.js";
 
 const git = {
     branch: await getBranch(),
@@ -348,6 +349,10 @@ export const runAPI = (express, app, __dirname) => {
         APIKeys.setup(env.apiKeyURL);
     }
 
+    if (env.cookiePath) {
+        Cookies.setup(env.cookiePath);
+    }
+
     app.listen(env.apiPort, env.listenAddress, () => {
         console.log(`\n` +
             Bright(Cyan("cobalt ")) + Bright("API ^ω⁠^") + "\n" +
diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 25bf9c90..3afb4bfd 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -1,26 +1,20 @@
 import Cookie from './cookie.js';
 import { readFile, writeFile } from 'fs/promises';
 import { parse as parseSetCookie, splitCookiesString } from 'set-cookie-parser';
-import { env } from '../../config.js';
 
 const WRITE_INTERVAL = 60000,
-      cookiePath = env.cookiePath,
       COUNTER = Symbol('counter');
 
 let cookies = {}, dirty = false, intervalId;
 
-const setup = async () => {
+export const setup = async (cookiePath) => {
     try {
-        if (!cookiePath) return;
-
         cookies = await readFile(cookiePath, 'utf8');
         cookies = JSON.parse(cookies);
-        intervalId = setInterval(writeChanges, WRITE_INTERVAL)
+        intervalId = setInterval(writeChanges, WRITE_INTERVAL);
     } catch { /* no cookies for you */ }
 }
 
-setup();
-
 function writeChanges() {
     if (!dirty) return;
     dirty = false;

From b434b0b45e25f4610e2188870a8ff9f4ee2dcaaa Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 27 Oct 2024 18:12:01 +0000
Subject: [PATCH 070/379] api/cookies: log message to confirm successful file
 load

---
 api/src/processing/cookie/manager.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 3afb4bfd..060f8695 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -1,6 +1,7 @@
 import Cookie from './cookie.js';
 import { readFile, writeFile } from 'fs/promises';
 import { parse as parseSetCookie, splitCookiesString } from 'set-cookie-parser';
+import { Green, Yellow } from '../../misc/console-text.js';
 
 const WRITE_INTERVAL = 60000,
       COUNTER = Symbol('counter');
@@ -12,7 +13,11 @@ export const setup = async (cookiePath) => {
         cookies = await readFile(cookiePath, 'utf8');
         cookies = JSON.parse(cookies);
         intervalId = setInterval(writeChanges, WRITE_INTERVAL);
-    } catch { /* no cookies for you */ }
+        console.log(`${Green('[✓]')} cookies loaded successfully!`)
+    } catch(e) {
+        console.error(`${Yellow('[!]')} failed to load cookies.`);
+        console.error('error:', e);
+    }
 }
 
 function writeChanges() {

From 7dc01210318936d44d0742b99dcc968b0b1fb200 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 27 Oct 2024 18:12:59 +0000
Subject: [PATCH 071/379] api: defer file loads until api is running

---
 api/src/core/api.js | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/api/src/core/api.js b/api/src/core/api.js
index 4811cd40..9532be81 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -345,14 +345,6 @@ export const runAPI = (express, app, __dirname) => {
         setGlobalDispatcher(new ProxyAgent(env.externalProxy))
     }
 
-    if (env.apiKeyURL) {
-        APIKeys.setup(env.apiKeyURL);
-    }
-
-    if (env.cookiePath) {
-        Cookies.setup(env.cookiePath);
-    }
-
     app.listen(env.apiPort, env.listenAddress, () => {
         console.log(`\n` +
             Bright(Cyan("cobalt ")) + Bright("API ^ω⁠^") + "\n" +
@@ -367,6 +359,14 @@ export const runAPI = (express, app, __dirname) => {
 
             Bright("url: ") + Bright(Cyan(env.apiURL)) + "\n" +
             Bright("port: ") + env.apiPort + "\n"
-        )
+        );
+
+        if (env.apiKeyURL) {
+            APIKeys.setup(env.apiKeyURL);
+        }
+
+        if (env.cookiePath) {
+            Cookies.setup(env.cookiePath);
+        }
     })
 }

From 77988447553b909595e138efd8415e0cd649ea51 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 12:01:38 +0600
Subject: [PATCH 072/379] api/youtube: refactor, fix fallback, don't repeat
 same actions

fallback to h264 is now done if there's no required media, not only if adaptive formats list is empty.

best audio and best video are now picked only once.
---
 api/src/processing/services/youtube.js | 43 +++++++++++++-------------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index b4583051..c045dce0 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -184,6 +184,7 @@ export default async function(o) {
     }
 
     let format = o.format || "h264";
+    let fallback = false;
 
     const filterByCodec = (formats) =>
         formats.filter(e =>
@@ -195,25 +196,32 @@ export default async function(o) {
 
     let adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
 
-    if (adaptive_formats.length === 0 && ["vp9", "av1"].includes(format)) {
+    const checkBestVideo = (i) => (i.has_video && i.content_length);
+    const checkBestAudio = (i) => (i.has_audio && i.content_length && i.is_original);
+    const checkNoMedia = (video, audio) => (!video && !o.isAudioOnly) || (!audio && o.isAudioOnly);
+
+    const earlyBestVideo = adaptive_formats.find(i => checkBestVideo(i));
+    const earlyBestAudio = adaptive_formats.find(i => checkBestAudio(i));
+
+    // check if formats have all needed media and fall back to h264 if not
+    if (["vp9", "av1"].includes(format) && checkNoMedia(earlyBestVideo, earlyBestAudio)) {
+        fallback = true;
         format = "h264";
         adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
     }
 
-    const bestVideo = adaptive_formats.find(i => i.has_video && i.content_length);
-    const hasAudio = adaptive_formats.find(i => i.has_audio && i.content_length);
+    const bestVideo = !fallback ? earlyBestVideo : adaptive_formats.find(i => checkBestVideo(i));
+    const bestAudio = !fallback ? earlyBestAudio : adaptive_formats.find(i => checkBestAudio(i));
 
-    if ((!bestVideo && !o.isAudioOnly) || (!hasAudio && o.isAudioOnly)) {
-        return { error: "fetch.empty" };
+    if (checkNoMedia(bestVideo, bestAudio)) {
+        return { error: "youtube.codec" };
     }
 
-    const checkBestAudio = (i) => (i.has_audio && !i.has_video);
-
-    let audio = adaptive_formats.find(i => checkBestAudio(i) && i.is_original);
+    let audio = bestAudio;
     let isDubbed;
 
     if (o.dubLang) {
-        let dubbedAudio = adaptive_formats.find(i =>
+        const dubbedAudio = adaptive_formats.find(i =>
             checkBestAudio(i) && i.language === o.dubLang && i.audio_track
         )
 
@@ -223,10 +231,6 @@ export default async function(o) {
         }
     }
 
-    if (!audio) {
-        audio = adaptive_formats.find(i => checkBestAudio(i));
-    }
-
     const fileMetadata = {
         title: cleanString(basicInfo.title.trim()),
         artist: cleanString(basicInfo.author.replace("- Topic", "").trim())
@@ -262,19 +266,16 @@ export default async function(o) {
     }
 
     const qual = (i) => {
-        if (!i.quality_label) {
-            return;
-        }
-
-        return i.quality_label.split('p', 2)[0].split('s', 2)[0]
+        if (!i.quality_label) return;
+        return i.quality_label.split('p', 2)[0].split('s', 2)[0];
     }
 
     const quality = o.quality === "max" ? "9000" : o.quality;
     const bestQuality = qual(bestVideo);
-    const matchingQuality = Number(quality) > Number(bestQuality) ? bestQuality : quality;
+    const useBestQuality = Number(quality) > Number(bestQuality);
 
-    const video = adaptive_formats.find(i =>
-        qual(i) === matchingQuality && i.has_video && !i.has_audio
+    const video = useBestQuality ? bestVideo : adaptive_formats.find(i =>
+        qual(i) === quality && checkBestVideo(i)
     );
 
     if (video && audio) {

From 7c516c04686adfee0cdcdfb7abbbdbd5d2a929b4 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 12:08:12 +0600
Subject: [PATCH 073/379] api/cookie/manager: pass `cookiePath` to
 `writeChanges()`

also reordered functions to maintain the hierarchy
---
 api/src/processing/cookie/manager.js | 39 ++++++++++++++--------------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 060f8695..02eecfda 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -1,26 +1,15 @@
 import Cookie from './cookie.js';
+
 import { readFile, writeFile } from 'fs/promises';
-import { parse as parseSetCookie, splitCookiesString } from 'set-cookie-parser';
 import { Green, Yellow } from '../../misc/console-text.js';
+import { parse as parseSetCookie, splitCookiesString } from 'set-cookie-parser';
 
 const WRITE_INTERVAL = 60000,
       COUNTER = Symbol('counter');
 
 let cookies = {}, dirty = false, intervalId;
 
-export const setup = async (cookiePath) => {
-    try {
-        cookies = await readFile(cookiePath, 'utf8');
-        cookies = JSON.parse(cookies);
-        intervalId = setInterval(writeChanges, WRITE_INTERVAL);
-        console.log(`${Green('[✓]')} cookies loaded successfully!`)
-    } catch(e) {
-        console.error(`${Yellow('[!]')} failed to load cookies.`);
-        console.error('error:', e);
-    }
-}
-
-function writeChanges() {
+function writeChanges(cookiePath) {
     if (!dirty) return;
     dirty = false;
 
@@ -29,6 +18,18 @@ function writeChanges() {
     })
 }
 
+export const setup = async (cookiePath) => {
+    try {
+        cookies = await readFile(cookiePath, 'utf8');
+        cookies = JSON.parse(cookies);
+        intervalId = setInterval(() => writeChanges(cookiePath), WRITE_INTERVAL);
+        console.log(`${Green('[✓]')} cookies loaded successfully!`)
+    } catch(e) {
+        console.error(`${Yellow('[!]')} failed to load cookies.`);
+        console.error('error:', e);
+    }
+}
+
 export function getCookie(service) {
     if (!cookies[service] || !cookies[service].length) return;
 
@@ -46,6 +47,11 @@ export function getCookie(service) {
     return cookies[service][n]
 }
 
+export function updateCookieValues(cookie, values) {
+    cookie.set(values);
+    if (Object.keys(values).length) dirty = true
+}
+
 export function updateCookie(cookie, headers) {
     if (!cookie) return;
 
@@ -58,8 +64,3 @@ export function updateCookie(cookie, headers) {
     parsed.filter(c => !c.expires || c.expires > new Date()).forEach(c => values[c.name] = c.value);
     updateCookieValues(cookie, values);
 }
-
-export function updateCookieValues(cookie, values) {
-    cookie.set(values);
-    if (Object.keys(values).length) dirty = true
-}

From a46e04358aefcb3ff8ad861a95f536bc03b3d31a Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 15:14:36 +0600
Subject: [PATCH 074/379] api/match-action: rename `isM3U8` to `isHLS` and `u`
 to `url`

---
 api/src/processing/match-action.js         | 18 +++++++++---------
 api/src/processing/request.js              |  4 ++--
 api/src/processing/services/bluesky.js     |  2 +-
 api/src/processing/services/dailymotion.js |  2 +-
 api/src/processing/services/rutube.js      |  2 +-
 api/src/processing/services/vimeo.js       |  2 +-
 api/src/stream/manage.js                   |  2 +-
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 31d12e7f..578a5218 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -9,7 +9,7 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
     let action,
         responseType = "tunnel",
         defaultParams = {
-            u: r.urls,
+            url: r.urls,
             headers: r.headers,
             service: host,
             filename: r.filenameAttributes ?
@@ -24,7 +24,7 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
     else if (r.isGif && twitterGif) action = "gif";
     else if (isAudioOnly) action = "audio";
     else if (isAudioMuted) action = "muteVideo";
-    else if (r.isM3U8) action = "m3u8";
+    else if (r.isHLS) action = "hls";
     else action = "video";
 
     if (action === "picker" || action === "audio") {
@@ -54,7 +54,7 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
             params = { type: "gif" };
             break;
 
-        case "m3u8":
+        case "hls":
             params = {
                 type: Array.isArray(r.urls) ? "merge" : "remux"
             }
@@ -62,12 +62,12 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
 
         case "muteVideo":
             let muteType = "mute";
-            if (Array.isArray(r.urls) && !r.isM3U8) {
+            if (Array.isArray(r.urls) && !r.isHLS) {
                 muteType = "proxy";
             }
             params = {
                 type: muteType,
-                u: Array.isArray(r.urls) ? r.urls[0] : r.urls
+                url: Array.isArray(r.urls) ? r.urls[0] : r.urls
             }
             if (host === "reddit" && r.typeId === "redirect") {
                 responseType = "redirect";
@@ -92,10 +92,10 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
                     }
                     params = {
                         picker: r.picker,
-                        u: createStream({
+                        url: createStream({
                             service: "tiktok",
                             type: audioStreamType,
-                            u: r.urls,
+                            url: r.urls,
                             headers: r.headers,
                             filename: r.audioFilename,
                             isAudioOnly: true,
@@ -184,14 +184,14 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
                 }
             }
 
-            if (r.isM3U8 || host === "vimeo") {
+            if (r.isHLS || host === "vimeo") {
                 copy = false;
                 processType = "audio";
             }
 
             params = {
                 type: processType,
-                u: Array.isArray(r.urls) ? r.urls[1] : r.urls,
+                url: Array.isArray(r.urls) ? r.urls[1] : r.urls,
 
                 audioBitrate,
                 audioCopy: copy,
diff --git a/api/src/processing/request.js b/api/src/processing/request.js
index 4287267c..d512bfe5 100644
--- a/api/src/processing/request.js
+++ b/api/src/processing/request.js
@@ -37,7 +37,7 @@ export function createResponse(responseType, responseData) {
 
             case "redirect":
                 response = {
-                    url: responseData?.u,
+                    url: responseData?.url,
                     filename: responseData?.filename
                 }
                 break;
@@ -52,7 +52,7 @@ export function createResponse(responseType, responseData) {
             case "picker":
                 response = {
                     picker: responseData?.picker,
-                    audio: responseData?.u,
+                    audio: responseData?.url,
                     audioFilename: responseData?.filename
                 }
                 break;
diff --git a/api/src/processing/services/bluesky.js b/api/src/processing/services/bluesky.js
index 5f5cbcec..d200296c 100644
--- a/api/src/processing/services/bluesky.js
+++ b/api/src/processing/services/bluesky.js
@@ -26,7 +26,7 @@ const extractVideo = async ({ media, filename }) => {
         urls: videoURL,
         filename: `${filename}.mp4`,
         audioFilename: `${filename}_audio`,
-        isM3U8: true,
+        isHLS: true,
     }
 }
 
diff --git a/api/src/processing/services/dailymotion.js b/api/src/processing/services/dailymotion.js
index a403a16b..a30a8bc7 100644
--- a/api/src/processing/services/dailymotion.js
+++ b/api/src/processing/services/dailymotion.js
@@ -92,7 +92,7 @@ export default async function({ id }) {
 
     return {
         urls: bestQuality.uri,
-        isM3U8: true,
+        isHLS: true,
         filenameAttributes: {
             service: 'dailymotion',
             id: media.xid,
diff --git a/api/src/processing/services/rutube.js b/api/src/processing/services/rutube.js
index 4305241a..67609ffc 100644
--- a/api/src/processing/services/rutube.js
+++ b/api/src/processing/services/rutube.js
@@ -65,7 +65,7 @@ export default async function(obj) {
 
     return {
         urls: matchingQuality.uri,
-        isM3U8: true,
+        isHLS: true,
         filenameAttributes: {
             service: "rutube",
             id: obj.id,
diff --git a/api/src/processing/services/vimeo.js b/api/src/processing/services/vimeo.js
index 23e84191..0268e1ec 100644
--- a/api/src/processing/services/vimeo.js
+++ b/api/src/processing/services/vimeo.js
@@ -122,7 +122,7 @@ const getHLS = async (configURL, obj) => {
 
     return {
         urls,
-        isM3U8: true,
+        isHLS: true,
         filenameAttributes: {
             resolution: `${bestQuality.resolution.width}x${bestQuality.resolution.height}`,
             qualityLabel: `${resolutionMatch[bestQuality.resolution.width]}p`,
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index e25f4434..557caa55 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -34,7 +34,7 @@ export function createStream(obj) {
         streamData = {
             exp: exp,
             type: obj.type,
-            urls: obj.u,
+            urls: obj.url,
             service: obj.service,
             filename: obj.filename,
 

From 24ae08b1050fb78f3dd6776617e69027014c6122 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 15:15:41 +0600
Subject: [PATCH 075/379] api/stream: add `isHLS` to stream cache

---
 api/src/processing/match-action.js | 3 ++-
 api/src/stream/manage.js           | 5 ++++-
 api/src/stream/types.js            | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 578a5218..a502c6d2 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -56,7 +56,8 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
 
         case "hls":
             params = {
-                type: Array.isArray(r.urls) ? "merge" : "remux"
+                type: Array.isArray(r.urls) ? "merge" : "remux",
+                isHLS: true,
             }
             break;
 
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index 557caa55..5f55b5fa 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -46,6 +46,8 @@ export function createStream(obj) {
             audioBitrate: obj.audioBitrate,
             audioCopy: !!obj.audioCopy,
             audioFormat: obj.audioFormat,
+
+            isHLS: obj.isHLS || false,
         };
 
     streamCache.set(
@@ -100,7 +102,8 @@ export function createInternalStream(url, obj = {}) {
         service: obj.service,
         headers,
         controller,
-        dispatcher
+        dispatcher,
+        isHLS: obj.isHLS,
     });
 
     let streamLink = new URL('/itunnel', `http://127.0.0.1:${env.apiPort}`);
diff --git a/api/src/stream/types.js b/api/src/stream/types.js
index 184af873..2a1b9677 100644
--- a/api/src/stream/types.js
+++ b/api/src/stream/types.js
@@ -101,7 +101,7 @@ const merge = (streamInfo, res) => {
 
         args = args.concat(ffmpegArgs[format]);
 
-        if (hlsExceptions.includes(streamInfo.service)) {
+        if (hlsExceptions.includes(streamInfo.service) && streamInfo.isHLS) {
             args.push('-bsf:a', 'aac_adtstoasc')
         }
 

From c9eefc4d553b795e477977183e46850f9c153a74 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 15:17:54 +0600
Subject: [PATCH 076/379] api/youtube: add an option to use HLS streams

- added `youtubeHLS` variable to api
- added youtube HLS parsing & handling
---
 api/src/processing/match.js            |   3 +-
 api/src/processing/schema.js           |   2 +
 api/src/processing/service-config.js   |   2 +-
 api/src/processing/services/youtube.js | 219 +++++++++++++++++++------
 api/src/stream/internal.js             |   2 +-
 5 files changed, 171 insertions(+), 57 deletions(-)

diff --git a/api/src/processing/match.js b/api/src/processing/match.js
index b0022d08..8500c3b5 100644
--- a/api/src/processing/match.js
+++ b/api/src/processing/match.js
@@ -97,13 +97,14 @@ export default async function({ host, patternMatch, params }) {
 
             case "youtube":
                 let fetchInfo = {
+                    dispatcher,
                     id: patternMatch.id.slice(0, 11),
                     quality: params.videoQuality,
                     format: params.youtubeVideoCodec,
                     isAudioOnly,
                     isAudioMuted,
                     dubLang: params.youtubeDubLang,
-                    dispatcher
+                    youtubeHLS: params.youtubeHLS,
                 }
 
                 if (url.hostname === "music.youtube.com" || isAudioOnly) {
diff --git a/api/src/processing/schema.js b/api/src/processing/schema.js
index 172d480c..f7493325 100644
--- a/api/src/processing/schema.js
+++ b/api/src/processing/schema.js
@@ -42,6 +42,8 @@ export const apiSchema = z.object({
     tiktokFullAudio: z.boolean().default(false),
     tiktokH265: z.boolean().default(false),
     twitterGif: z.boolean().default(true),
+
     youtubeDubBrowserLang: z.boolean().default(false),
+    youtubeHLS: z.boolean().default(false),
 })
 .strict();
diff --git a/api/src/processing/service-config.js b/api/src/processing/service-config.js
index a2136ad0..fc437095 100644
--- a/api/src/processing/service-config.js
+++ b/api/src/processing/service-config.js
@@ -1,7 +1,7 @@
 import UrlPattern from "url-pattern";
 
 export const audioIgnore = ["vk", "ok", "loom"];
-export const hlsExceptions = ["dailymotion", "vimeo", "rutube", "bsky"];
+export const hlsExceptions = ["dailymotion", "vimeo", "rutube", "bsky", "youtube"];
 
 export const services = {
     bilibili: {
diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index c045dce0..af8d8c3d 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -1,3 +1,5 @@
+import HLS from "hls-parser";
+
 import { fetch } from "undici";
 import { Innertube, Session } from "youtubei.js";
 
@@ -27,6 +29,19 @@ const codecList = {
     }
 }
 
+const hlsCodecList = {
+    h264: {
+        videoCodec: "avc1",
+        audioCodec: "mp4a",
+        container: "mp4"
+    },
+    vp9: {
+        videoCodec: "vp09",
+        audioCodec: "mp4a",
+        container: "mp4"
+    }
+}
+
 const transformSessionData = (cookie) => {
     if (!cookie)
         return;
@@ -117,7 +132,7 @@ export default async function(o) {
 
     let info;
     try {
-        info = await yt.getBasicInfo(o.id, yt.session.logged_in ? 'ANDROID' : 'IOS');
+        info = await yt.getBasicInfo(o.id, o.youtubeHLS ? 'IOS' : 'ANDROID');
     } catch(e) {
         if (e?.info?.reason === "This video is private") {
             return { error: "content.video.private" };
@@ -183,51 +198,139 @@ export default async function(o) {
         }
     }
 
-    let format = o.format || "h264";
-    let fallback = false;
+    const quality = o.quality === "max" ? 9000 : Number(o.quality);
+    const matchQuality = (resolution) => {
+        return resolution.height > resolution.width ? resolution.width : resolution.height;
+    }
 
-    const filterByCodec = (formats) =>
-        formats.filter(e =>
-            e.mime_type.includes(codecList[format].videoCodec)
-            || e.mime_type.includes(codecList[format].audioCodec)
-        ).sort((a, b) =>
-            Number(b.bitrate) - Number(a.bitrate)
+    let video, audio, isDubbed,
+        format = o.format || "h264";
+
+    if (o.youtubeHLS) {
+        const hlsManifest = info.streaming_data.hls_manifest_url;
+
+        if (!hlsManifest) {
+            return { error: "content.video.no_streams" };
+        }
+
+        const fetchedHlsManifest = await fetch(hlsManifest, {
+            dispatcher: o.dispatcher,
+        }).then(r => {
+            if (r.status === 200) {
+                return r.text();
+            } else {
+                throw new Error("couldn't fetch the HLS playlist");
+            }
+        }).catch(() => {});
+
+        if (!fetchedHlsManifest) {
+            return { error: "content.video.no_streams" };
+        }
+
+        const variants = HLS.parse(fetchedHlsManifest).variants.sort(
+            (a, b) => Number(b.bandwidth) - Number(a.bandwidth)
         );
 
-    let adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
+        if (!variants || variants.length === 0) {
+            return { error: "content.video.no_streams" };
+        }
 
-    const checkBestVideo = (i) => (i.has_video && i.content_length);
-    const checkBestAudio = (i) => (i.has_audio && i.content_length && i.is_original);
-    const checkNoMedia = (video, audio) => (!video && !o.isAudioOnly) || (!audio && o.isAudioOnly);
+        const matchHlsCodec = codecs => (
+            codecs.includes(hlsCodecList[format].videoCodec)
+        );
 
-    const earlyBestVideo = adaptive_formats.find(i => checkBestVideo(i));
-    const earlyBestAudio = adaptive_formats.find(i => checkBestAudio(i));
+        const best = variants.find(i => {
+            if (matchHlsCodec(i.codecs)) {
+                return i;
+            }
+        });
 
-    // check if formats have all needed media and fall back to h264 if not
-    if (["vp9", "av1"].includes(format) && checkNoMedia(earlyBestVideo, earlyBestAudio)) {
-        fallback = true;
-        format = "h264";
-        adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
-    }
+        const preferred = variants.find((i) => {
+            if (matchHlsCodec(i.codecs) && matchQuality(i.resolution) === quality) {
+                return i;
+            }
+        });
 
-    const bestVideo = !fallback ? earlyBestVideo : adaptive_formats.find(i => checkBestVideo(i));
-    const bestAudio = !fallback ? earlyBestAudio : adaptive_formats.find(i => checkBestAudio(i));
+        const selected = preferred || best;
+        const defaultAudio = selected.audio.find(i => i.isDefault);
 
-    if (checkNoMedia(bestVideo, bestAudio)) {
-        return { error: "youtube.codec" };
-    }
+        audio = defaultAudio;
 
-    let audio = bestAudio;
-    let isDubbed;
+        if (o.dubLang) {
+            const dubbedAudio = selected.audio.find(i =>
+                i.language === o.dubLang
+            )
 
-    if (o.dubLang) {
-        const dubbedAudio = adaptive_formats.find(i =>
-            checkBestAudio(i) && i.language === o.dubLang && i.audio_track
-        )
+            if (dubbedAudio && !dubbedAudio.isDefault) {
+                audio = dubbedAudio;
+            }
+        }
 
-        if (dubbedAudio && !dubbedAudio?.audio_track?.audio_is_default) {
-            audio = dubbedAudio;
-            isDubbed = true;
+        selected.audio = [];
+        selected.subtitles = [];
+        video = selected;
+    } else {
+        let fallback = false;
+
+        const filterByCodec = (formats) =>
+            formats.filter(e =>
+                e.mime_type.includes(codecList[format].videoCodec)
+                || e.mime_type.includes(codecList[format].audioCodec)
+            ).sort((a, b) =>
+                Number(b.bitrate) - Number(a.bitrate)
+            );
+
+        let adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
+
+        const checkBestVideo = (i) => (i.has_video && i.content_length);
+        const checkBestAudio = (i) => (i.has_audio && i.content_length && i.is_original);
+        const checkNoMedia = (video, audio) => (!video && !o.isAudioOnly) || (!audio && o.isAudioOnly);
+
+        const earlyBestVideo = adaptive_formats.find(i => checkBestVideo(i));
+        const earlyBestAudio = adaptive_formats.find(i => checkBestAudio(i));
+
+        // check if formats have all needed media and fall back to h264 if not
+        if (["vp9", "av1"].includes(format) && checkNoMedia(earlyBestVideo, earlyBestAudio)) {
+            fallback = true;
+            format = "h264";
+            adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
+        }
+
+        const bestVideo = !fallback ? earlyBestVideo : adaptive_formats.find(i => checkBestVideo(i));
+        const bestAudio = !fallback ? earlyBestAudio : adaptive_formats.find(i => checkBestAudio(i));
+
+        if (checkNoMedia(bestVideo, bestAudio)) {
+            return { error: "youtube.codec" };
+        }
+
+        audio = bestAudio;
+
+        if (o.dubLang) {
+            const dubbedAudio = adaptive_formats.find(i =>
+                checkBestAudio(i) && i.language === o.dubLang && i.audio_track
+            )
+
+            if (dubbedAudio && !dubbedAudio?.audio_track?.audio_is_default) {
+                audio = dubbedAudio;
+                isDubbed = true;
+            }
+        }
+
+        if (!o.isAudioOnly) {
+            const qual = (i) => {
+                return matchQuality({
+                    width: i.width,
+                    height: i.height,
+                })
+            }
+
+            const quality = o.quality === "max" ? "9000" : o.quality;
+            const bestQuality = qual(bestVideo);
+            const useBestQuality = Number(quality) > Number(bestQuality);
+
+            video = useBestQuality ? bestVideo : adaptive_formats.find(i =>
+                qual(i) === quality && checkBestVideo(i)
+            );
         }
     }
 
@@ -263,35 +366,43 @@ export default async function(o) {
         filenameAttributes,
         fileMetadata,
         bestAudio: format === "h264" ? "m4a" : "opus",
+        isHLS: o.youtubeHLS,
     }
 
-    const qual = (i) => {
-        if (!i.quality_label) return;
-        return i.quality_label.split('p', 2)[0].split('s', 2)[0];
-    }
-
-    const quality = o.quality === "max" ? "9000" : o.quality;
-    const bestQuality = qual(bestVideo);
-    const useBestQuality = Number(quality) > Number(bestQuality);
-
-    const video = useBestQuality ? bestVideo : adaptive_formats.find(i =>
-        qual(i) === quality && checkBestVideo(i)
-    );
-
     if (video && audio) {
-        filenameAttributes.qualityLabel = video.quality_label;
-        filenameAttributes.resolution = `${video.width}x${video.height}`;
-        filenameAttributes.extension = codecList[format].container;
+        let resolution;
+
+        if (o.youtubeHLS) {
+            resolution = matchQuality(video.resolution);
+            filenameAttributes.resolution = `${video.resolution.width}x${video.resolution.height}`;
+            filenameAttributes.extension = hlsCodecList[format].container;
+
+            video = video.uri;
+            audio = audio.uri;
+        } else {
+            resolution = matchQuality({
+                width: video.width,
+                height: video.height,
+            });
+            filenameAttributes.resolution = `${video.width}x${video.height}`;
+            filenameAttributes.extension = codecList[format].container;
+
+            video = video.url;
+            audio = audio.url;
+        }
+
+        filenameAttributes.qualityLabel = `${resolution}p`;
         filenameAttributes.youtubeFormat = format;
 
         return {
             type: "merge",
             urls: [
-                video.url,
-                audio.url
+                video,
+                audio,
             ],
             filenameAttributes,
-            fileMetadata
+            fileMetadata,
+            isHLS: o.youtubeHLS,
         }
     }
 
diff --git a/api/src/stream/internal.js b/api/src/stream/internal.js
index 51552d4c..4235d722 100644
--- a/api/src/stream/internal.js
+++ b/api/src/stream/internal.js
@@ -114,7 +114,7 @@ async function handleGenericStream(streamInfo, res) {
 }
 
 export function internalStream(streamInfo, res) {
-    if (streamInfo.service === 'youtube') {
+    if (streamInfo.service === 'youtube' && !streamInfo.isHLS) {
         return handleYoutubeStream(streamInfo, res);
     }
 

From 60b22cb5f7d1bbd2ab3b4da2f185997599fe8b57 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 15:27:51 +0600
Subject: [PATCH 077/379] web: add support for youtube hls

also increased api response timeout to 20 seconds
---
 web/i18n/en/settings.json                  |  4 ++++
 web/src/lib/api/api.ts                     |  3 ++-
 web/src/lib/settings/defaults.ts           |  1 +
 web/src/lib/types/settings.ts              |  1 +
 web/src/routes/settings/video/+page.svelte | 16 ++++++++++++++++
 5 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index ba2fc886..b583a043 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -32,6 +32,10 @@
     "video.youtube.codec": "youtube video codec and container",
     "video.youtube.codec.description": "h264: best compatibility, average quality. max quality is 1080p. \nav1: best quality and efficiency. supports 8k & HDR. \nvp9: same quality as av1, but file is ~2x bigger. supports 4k & HDR.\n\nav1 and vp9 aren't as widely supported as h264. if av1 or vp9 isn't available, h264 is used instead.",
 
+    "video.youtube.hls": "youtube hls",
+    "video.youtube.hls.title": "use hls formats for videos",
+    "video.youtube.hls.description": "only h264 and vp9 codecs are supported in this mode, both are served in a mp4 container. files download faster and are less prone to errors. files may be less compatible with editing software or video players.",
+
     "video.twitter.gif": "twitter/x",
     "video.twitter.gif.title": "convert looping videos to GIF",
     "video.twitter.gif.description": "GIF conversion is inefficient, converted file may be obnoxiously big and low quality.",
diff --git a/web/src/lib/api/api.ts b/web/src/lib/api/api.ts
index 19f27c94..bdbbe59b 100644
--- a/web/src/lib/api/api.ts
+++ b/web/src/lib/api/api.ts
@@ -26,6 +26,7 @@ const request = async (url: string) => {
 
         youtubeVideoCodec: getSetting("save", "youtubeVideoCodec"),
         videoQuality: getSetting("save", "videoQuality"),
+        youtubeHLS: getSetting("save", "youtubeHLS"),
 
         filenameStyle: getSetting("save", "filenameStyle"),
         disableMetadata: getSetting("save", "disableMetadata"),
@@ -82,7 +83,7 @@ const request = async (url: string) => {
     const response: Optional<CobaltAPIResponse> = await fetch(api, {
         method: "POST",
         redirect: "manual",
-        signal: AbortSignal.timeout(10000),
+        signal: AbortSignal.timeout(20000),
         body: JSON.stringify(request),
         headers: {
             "Accept": "application/json",
diff --git a/web/src/lib/settings/defaults.ts b/web/src/lib/settings/defaults.ts
index c0b0c187..168ca54a 100644
--- a/web/src/lib/settings/defaults.ts
+++ b/web/src/lib/settings/defaults.ts
@@ -26,6 +26,7 @@ const defaultSettings: CobaltSettings = {
         videoQuality: "1080",
         youtubeVideoCodec: "h264",
         youtubeDubBrowserLang: false,
+        youtubeHLS: false,
     },
     privacy: {
         alwaysProxy: false,
diff --git a/web/src/lib/types/settings.ts b/web/src/lib/types/settings.ts
index 3c9cef6e..25eb1017 100644
--- a/web/src/lib/types/settings.ts
+++ b/web/src/lib/types/settings.ts
@@ -48,6 +48,7 @@ type CobaltSettingsSave = {
     videoQuality: typeof videoQualityOptions[number],
     youtubeVideoCodec: typeof youtubeVideoCodecOptions[number],
     youtubeDubBrowserLang: boolean,
+    youtubeHLS: boolean,
 };
 
 export type CurrentCobaltSettings = {
diff --git a/web/src/routes/settings/video/+page.svelte b/web/src/routes/settings/video/+page.svelte
index c43016cb..4760d9c0 100644
--- a/web/src/routes/settings/video/+page.svelte
+++ b/web/src/routes/settings/video/+page.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+    import settings from "$lib/state/settings";
     import { t } from "$lib/i18n/translations";
 
     import { videoQualityOptions } from "$lib/types/settings";
@@ -53,6 +54,21 @@
     </Switcher>
 </SettingsCategory>
 
+<SettingsCategory
+    sectionId="hls"
+    title={$t("settings.video.youtube.hls")}
+    disabled={$settings.save.youtubeVideoCodec === "av1"}
+    beta
+>
+    <SettingsToggle
+        settingContext="save"
+        settingId="youtubeHLS"
+        title={$t("settings.video.youtube.hls.title")}
+        description={$t("settings.video.youtube.hls.description")}
+        disabled={$settings.save.youtubeVideoCodec === "av1"}
+    />
+</SettingsCategory>
+
 <SettingsCategory sectionId="twitter" title={$t("settings.video.twitter.gif")}>
     <SettingsToggle
         settingContext="save"

From fba6ba09c2e9633a3e09c05013be092b4d80642e Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 15:45:18 +0600
Subject: [PATCH 078/379] api/youtube: add hls codec fallback, update hls error
 code, refactor

also fixed best audio format
---
 api/src/processing/services/youtube.js | 62 +++++++++++++++-----------
 1 file changed, 37 insertions(+), 25 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index af8d8c3d..adeabbbb 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -210,7 +210,7 @@ export default async function(o) {
         const hlsManifest = info.streaming_data.hls_manifest_url;
 
         if (!hlsManifest) {
-            return { error: "content.video.no_streams" };
+            return { error: "youtube.no_hls_streams" };
         }
 
         const fetchedHlsManifest = await fetch(hlsManifest, {
@@ -224,7 +224,7 @@ export default async function(o) {
         }).catch(() => {});
 
         if (!fetchedHlsManifest) {
-            return { error: "content.video.no_streams" };
+            return { error: "youtube.no_hls_streams" };
         }
 
         const variants = HLS.parse(fetchedHlsManifest).variants.sort(
@@ -232,34 +232,41 @@ export default async function(o) {
         );
 
         if (!variants || variants.length === 0) {
-            return { error: "content.video.no_streams" };
+            return { error: "youtube.no_hls_streams" };
+        }
+
+        // HLS playlists don't contain AV1 format, at least with the iOS client
+        if (format === "av1") {
+            format = "vp9";
         }
 
         const matchHlsCodec = codecs => (
             codecs.includes(hlsCodecList[format].videoCodec)
         );
 
-        const best = variants.find(i => {
-            if (matchHlsCodec(i.codecs)) {
-                return i;
-            }
-        });
+        const best = variants.find(i => matchHlsCodec(i.codecs));
 
-        const preferred = variants.find((i) => {
-            if (matchHlsCodec(i.codecs) && matchQuality(i.resolution) === quality) {
-                return i;
-            }
-        });
+        const preferred = variants.find(i =>
+            matchHlsCodec(i.codecs) && matchQuality(i.resolution) === quality
+        );
 
-        const selected = preferred || best;
-        const defaultAudio = selected.audio.find(i => i.isDefault);
+        let selected = preferred || best;
 
-        audio = defaultAudio;
+        if (!selected) {
+            format = "h264";
+            selected = variants.find(i => matchHlsCodec(i.codecs));
+        }
+
+        if (!selected) {
+            return { error: "youtube.no_hls_streams" };
+        }
+
+        audio = selected.audio.find(i => i.isDefault);
 
         if (o.dubLang) {
             const dubbedAudio = selected.audio.find(i =>
                 i.language === o.dubLang
-            )
+            );
 
             if (dubbedAudio && !dubbedAudio.isDefault) {
                 audio = dubbedAudio;
@@ -359,14 +366,19 @@ export default async function(o) {
         youtubeDubName: isDubbed ? o.dubLang : false
     }
 
-    if (audio && o.isAudioOnly) return {
-        type: "audio",
-        isAudioOnly: true,
-        urls: audio.url,
-        filenameAttributes,
-        fileMetadata,
-        bestAudio: format === "h264" ? "m4a" : "opus",
-        isHLS: o.youtubeHLS,
+    if (audio && o.isAudioOnly) {
+        let bestAudio = format === "h264" ? "m4a" : "opus";
+        if (o.youtubeHLS) bestAudio = "m4a";
+
+        return {
+            type: "audio",
+            isAudioOnly: true,
+            urls: audio.url,
+            filenameAttributes,
+            fileMetadata,
+            bestAudio,
+            isHLS: o.youtubeHLS,
+        }
     }
 
     if (video && audio) {

From 3ed51c9eeb9b2b08796c918a9a2c6610b749fb3f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 15:45:32 +0600
Subject: [PATCH 079/379] web/i18n/error: add youtube hls error

---
 web/i18n/en/error.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index 67dd911c..5ac0ecf6 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -50,5 +50,6 @@
     "api.youtube.codec": "youtube didn't return anything with your preferred video codec. try another one in settings!",
     "api.youtube.decipher": "youtube updated its decipher algorithm and i couldn't extract the info about the video.\n\ntry again in a few seconds, but if issue sticks, contact us for support.",
     "api.youtube.login": "couldn't get this video because youtube labeled me as a bot. this is potentially caused by the processing instance not having any active account tokens. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
-    "api.youtube.token_expired": "couldn't get this video because the youtube token expired and i couldn't refresh it. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!"
+    "api.youtube.token_expired": "couldn't get this video because the youtube token expired and i couldn't refresh it. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
+    "api.youtube.no_hls_streams": "couldn't find any matching HLS streams. try different settings!"
 }

From 0ddb3e3ecc9f8a29b920c62aad9a26e12381bbf3 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 16:45:30 +0600
Subject: [PATCH 080/379] api/match-action: add isHLS to audio stream info

---
 api/src/processing/match-action.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index a502c6d2..83bba08d 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -197,6 +197,8 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
                 audioBitrate,
                 audioCopy: copy,
                 audioFormat,
+
+                isHLS: r.isHLS,
             }
             break;
     }

From effec1bfb983d4ebb8e23a3e133a76040dc90705 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 16:45:48 +0600
Subject: [PATCH 081/379] api/youtube: return correct audio url in hls mode

my disappointment in its quality is immeasurable
---
 api/src/processing/services/youtube.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index adeabbbb..f95f0bc2 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -368,12 +368,17 @@ export default async function(o) {
 
     if (audio && o.isAudioOnly) {
         let bestAudio = format === "h264" ? "m4a" : "opus";
-        if (o.youtubeHLS) bestAudio = "m4a";
+        let urls = audio.url;
+
+        if (o.youtubeHLS) {
+            bestAudio = "m4a";
+            urls = audio.uri;
+        }
 
         return {
             type: "audio",
             isAudioOnly: true,
-            urls: audio.url,
+            urls,
             filenameAttributes,
             fileMetadata,
             bestAudio,

From 866427a7a79d66d5f6762851faccf34b1e3254d8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 16:55:44 +0600
Subject: [PATCH 082/379] api/youtube: fix local variable overlap

---
 api/src/processing/services/youtube.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index f95f0bc2..ebf4c6f8 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -291,7 +291,7 @@ export default async function(o) {
 
         const checkBestVideo = (i) => (i.has_video && i.content_length);
         const checkBestAudio = (i) => (i.has_audio && i.content_length && i.is_original);
-        const checkNoMedia = (video, audio) => (!video && !o.isAudioOnly) || (!audio && o.isAudioOnly);
+        const checkNoMedia = (vid, aud) => (!vid && !o.isAudioOnly) || (!aud && o.isAudioOnly);
 
         const earlyBestVideo = adaptive_formats.find(i => checkBestVideo(i));
         const earlyBestAudio = adaptive_formats.find(i => checkBestAudio(i));
@@ -331,9 +331,8 @@ export default async function(o) {
                 })
             }
 
-            const quality = o.quality === "max" ? "9000" : o.quality;
             const bestQuality = qual(bestVideo);
-            const useBestQuality = Number(quality) > Number(bestQuality);
+            const useBestQuality = quality > bestQuality;
 
             video = useBestQuality ? bestVideo : adaptive_formats.find(i =>
                 qual(i) === quality && checkBestVideo(i)

From 6b1eadbe09ad7c885ddd08bf659c69cb9ed2da2c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 16:59:50 +0600
Subject: [PATCH 083/379] api/util/tests: add youtube hls tests

---
 api/src/util/tests.json | 47 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/api/src/util/tests.json b/api/src/util/tests.json
index 2d8d8708..3914deec 100644
--- a/api/src/util/tests.json
+++ b/api/src/util/tests.json
@@ -486,6 +486,53 @@
                 "code": 200,
                 "status": "tunnel"
             }
+        }, {
+            "name": "hls video (h264, 1440p)",
+            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+            "params": {
+                "youtubeVideoCodec": "h264",
+                "videoQuality": "1440",
+                "youtubeHLS": true
+            },
+            "expected": {
+                "code": 200,
+                "status": "tunnel"
+            }
+        }, {
+            "name": "hls video (vp9, 360p)",
+            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+            "params": {
+                "youtubeVideoCodec": "vp9",
+                "videoQuality": "360",
+                "youtubeHLS": true
+            },
+            "expected": {
+                "code": 200,
+                "status": "tunnel"
+            }
+        }, {
+            "name": "hls video (audio mode)",
+            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+            "params": {
+                "downloadMode": "audio",
+                "youtubeHLS": true
+            },
+            "expected": {
+                "code": 200,
+                "status": "tunnel"
+            }
+        }, {
+            "name": "hls video (audio mode, best format)",
+            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+            "params": {
+                "downloadMode": "audio",
+                "youtubeHLS": true,
+                "audioFormat": "best"
+            },
+            "expected": {
+                "code": 200,
+                "status": "tunnel"
+            }
         }
     ],
     "vk": [

From 53e6085095cbfb4d23d2f993242b2bdc0026ce84 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 28 Oct 2024 11:55:15 +0000
Subject: [PATCH 084/379] api/stream: don't override content-length for hls
 transform

---
 api/src/stream/internal.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/api/src/stream/internal.js b/api/src/stream/internal.js
index 4235d722..48fa124c 100644
--- a/api/src/stream/internal.js
+++ b/api/src/stream/internal.js
@@ -96,8 +96,11 @@ async function handleGenericStream(streamInfo, res) {
         res.status(req.statusCode);
         req.body.on('error', () => {});
 
-        for (const [ name, value ] of Object.entries(req.headers))
-            res.setHeader(name, value)
+        for (const [ name, value ] of Object.entries(req.headers)) {
+            if (!isHlsRequest(req) || name.toLowerCase() !== 'content-length') {
+                res.setHeader(name, value);
+            }
+        }
 
         if (req.statusCode < 200 || req.statusCode > 299)
             return cleanup();

From 14ca47b73d9197035e951d596926f914102489d3 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 18:30:01 +0600
Subject: [PATCH 085/379] api/youtube: make `mp3` the best format for hls audio

---
 api/src/processing/services/youtube.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index ebf4c6f8..df4a99c1 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -370,7 +370,7 @@ export default async function(o) {
         let urls = audio.url;
 
         if (o.youtubeHLS) {
-            bestAudio = "m4a";
+            bestAudio = "mp3";
             urls = audio.uri;
         }
 

From 9f9300ebb8d159666e43229842e95c2b3eb5162f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 18:30:18 +0600
Subject: [PATCH 086/379] web/i18n/settings: rephrase audio format description

---
 web/i18n/en/settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index b583a043..0c493000 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -50,7 +50,7 @@
     "audio.format.ogg": "ogg",
     "audio.format.wav": "wav",
     "audio.format.opus": "opus",
-    "audio.format.description": "all formats but \"best\" are converted, meaning that there'll be some quality loss. audio is not reencoded only when \"best\" format is selected.",
+    "audio.format.description": "all formats but \"best\" are converted from the source format, there will be some quality loss. when \"best\" format is selected, the audio is kept in its original format whenever possible.",
 
     "audio.bitrate": "audio bitrate",
     "audio.bitrate.kbps": "kb/s",

From b14c6182287581a6f64d1e6848f73e259a27816d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 19:35:08 +0600
Subject: [PATCH 087/379] api/youtube: pick a default track for videos with ai
 dubs

---
 api/src/processing/services/youtube.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index df4a99c1..73ad1260 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -263,6 +263,12 @@ export default async function(o) {
 
         audio = selected.audio.find(i => i.isDefault);
 
+        // some videos (mainly those with AI dubs) don't have any tracks marked as default
+        // why? god knows, but we assume that a default track is marked as such in the title
+        if (!audio) {
+            audio = selected.audio.find(i => i.name.endsWith("- original"));
+        }
+
         if (o.dubLang) {
             const dubbedAudio = selected.audio.find(i =>
                 i.language === o.dubLang

From cdfc91844d416519ffcf58305178f87405a6950c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 19:56:18 +0600
Subject: [PATCH 088/379] api/schema: update youtubeDubLang to accept all valid
 language codes

---
 api/src/core/api.js          |  6 ------
 api/src/processing/schema.js | 12 +++++++-----
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/api/src/core/api.js b/api/src/core/api.js
index 9532be81..975e7da9 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -9,7 +9,6 @@ import match from "../processing/match.js";
 
 import { env } from "../config.js";
 import { extract } from "../processing/url.js";
-import { languageCode } from "../misc/utils.js";
 import { Bright, Cyan } from "../misc/console-text.js";
 import { generateHmac, generateSalt } from "../misc/crypto.js";
 import { randomizeCiphers } from "../misc/randomize-ciphers.js";
@@ -222,16 +221,11 @@ export const runAPI = (express, app, __dirname) => {
 
     app.post('/', async (req, res) => {
         const request = req.body;
-        const lang = languageCode(req);
 
         if (!request.url) {
             return fail(res, "error.api.link.missing");
         }
 
-        if (request.youtubeDubBrowserLang) {
-            request.youtubeDubLang = lang;
-        }
-
         const { success, data: normalizedRequest } = await normalizeRequest(request);
         if (!success) {
             return fail(res, "error.api.invalid_body");
diff --git a/api/src/processing/schema.js b/api/src/processing/schema.js
index f7493325..48d8b058 100644
--- a/api/src/processing/schema.js
+++ b/api/src/processing/schema.js
@@ -1,7 +1,5 @@
 import { z } from "zod";
-
 import { normalizeURL } from "./url.js";
-import { verifyLanguageCode } from "../misc/utils.js";
 
 export const apiSchema = z.object({
     url: z.string()
@@ -33,17 +31,21 @@ export const apiSchema = z.object({
     ).default("1080"),
 
     youtubeDubLang: z.string()
-                     .length(2)
-                     .transform(verifyLanguageCode)
+                     .min(2)
+                     .max(8)
+                     .regex(/^[0-9a-zA-Z\-]+$/)
                      .optional(),
 
+    // TODO: remove this variable as it's no longer used
+    // and is kept for schema compatibility reasons
+    youtubeDubBrowserLang: z.boolean().default(false),
+
     alwaysProxy: z.boolean().default(false),
     disableMetadata: z.boolean().default(false),
     tiktokFullAudio: z.boolean().default(false),
     tiktokH265: z.boolean().default(false),
     twitterGif: z.boolean().default(true),
 
-    youtubeDubBrowserLang: z.boolean().default(false),
     youtubeHLS: z.boolean().default(false),
 })
 .strict();

From 0b4d703d0f4ac5b918fcc8810aef73d55e032953 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 19:56:37 +0600
Subject: [PATCH 089/379] api/utils: remove unused functions

---
 api/src/misc/utils.js | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/api/src/misc/utils.js b/api/src/misc/utils.js
index 34666d1c..c584d5d8 100644
--- a/api/src/misc/utils.js
+++ b/api/src/misc/utils.js
@@ -26,24 +26,6 @@ export function cleanString(string) {
     }
     return string;
 }
-export function verifyLanguageCode(code) {
-    const langCode = String(code.slice(0, 2).toLowerCase());
-    if (RegExp(/[a-z]{2}/).test(code)) {
-        return langCode
-    }
-    return "en"
-}
-export function languageCode(req) {
-    if (req.header('Accept-Language')) {
-        return verifyLanguageCode(req.header('Accept-Language'))
-    }
-    return "en"
-}
-export function cleanHTML(html) {
-    let clean = html.replace(/ {4}/g, '');
-    clean = clean.replace(/\n/g, '');
-    return clean
-}
 
 export function getRedirectingURL(url) {
     return fetch(url, { redirect: 'manual' }).then((r) => {

From 486555bd11ac6a223760da2bed54cf48bea15067 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 19:57:37 +0600
Subject: [PATCH 090/379] docs/api: add `youtubeHLS` and remove
 `youtubeDubBrowserLang`

---
 docs/api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/api.md b/docs/api.md
index dc7e9c59..001c74ad 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -65,12 +65,12 @@ Content-Type: application/json
 | `downloadMode`               | `string`  | `auto / audio / mute`              | `auto`    | `audio` downloads only the audio, `mute` skips the audio track in videos.       |
 | `youtubeVideoCodec`          | `string`  | `h264 / av1 / vp9`                 | `h264`    | `h264` is recommended for phones.                                               |
 | `youtubeDubLang`             | `string`  | `en / ru / cs / ja / ...`          | --        | specifies the language of audio to download, when the youtube video is dubbed   |
-| `youtubeDubBrowserLang`      | `boolean` | `true / false`                     | `false`   | uses value from the Accept-Language header for `youtubeDubLang`.                |
 | `alwaysProxy`                | `boolean` | `true / false`                     | `false`   | tunnels all downloads through the processing server, even when not necessary.   |
 | `disableMetadata`            | `boolean` | `true / false`                     | `false`   | disables file metadata when set to `true`.                                      |
 | `tiktokFullAudio`            | `boolean` | `true / false`                     | `false`   | enables download of original sound used in a tiktok video.                      |
 | `tiktokH265`                 | `boolean` | `true / false`                     | `false`   | changes whether 1080p h265 videos are preferred or not.                         |
 | `twitterGif`                 | `boolean` | `true / false`                     | `true`    | changes whether twitter gifs are converted to .gif                              |
+| `youtubeHLS`                 | `boolean` | `true / false`                     | `false`   | specifies whether to use HLS for downloading video or audio from youtube.       |
 
 ### response
 the response will always be a JSON object containing the `status` key, which will be one of:

From 17c020fe22ad221de3135bd3354ef592110ee7a8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 21:38:25 +0600
Subject: [PATCH 091/379] api/youtube: fix dubbed hls audio marking

---
 api/src/processing/services/youtube.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 73ad1260..d98fb6e9 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -275,6 +275,7 @@ export default async function(o) {
             );
 
             if (dubbedAudio && !dubbedAudio.isDefault) {
+                isDubbed = true;
                 audio = dubbedAudio;
             }
         }

From 3a0b0fed8b20b3c5744a74477746d9a904b36db7 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 21:42:07 +0600
Subject: [PATCH 092/379] web/settings: convert `LanguageDropdown` to universal
 `SettingsDropdown`

---
 .../components/buttons/SettingsToggle.svelte  | 10 ++-
 ...ropdown.svelte => SettingsDropdown.svelte} | 72 +++++++++++--------
 .../routes/settings/appearance/+page.svelte   | 26 ++++++-
 3 files changed, 69 insertions(+), 39 deletions(-)
 rename web/src/components/settings/{LanguageDropdown.svelte => SettingsDropdown.svelte} (64%)

diff --git a/web/src/components/buttons/SettingsToggle.svelte b/web/src/components/buttons/SettingsToggle.svelte
index 75a564e5..f9c3cbfd 100644
--- a/web/src/components/buttons/SettingsToggle.svelte
+++ b/web/src/components/buttons/SettingsToggle.svelte
@@ -39,16 +39,14 @@
             updateSetting({
                 [settingContext]: {
                     [settingId]: !isEnabled,
-                },
-            })}
+                }
+            })
+        }
     >
         <h4 class="toggle-title">{title}</h4>
         <Toggle enabled={isEnabled} />
     </button>
-    <!--
-        description is repeated here because there may be several toggles per settings category,
-        and each of them needs its own description. this is intended. don't "clean it up".
-    -->
+
     {#if description}
         <div class="subtext toggle-description">{description}</div>
     {/if}
diff --git a/web/src/components/settings/LanguageDropdown.svelte b/web/src/components/settings/SettingsDropdown.svelte
similarity index 64%
rename from web/src/components/settings/LanguageDropdown.svelte
rename to web/src/components/settings/SettingsDropdown.svelte
index 89f2b44f..585d5e67 100644
--- a/web/src/components/settings/LanguageDropdown.svelte
+++ b/web/src/components/settings/SettingsDropdown.svelte
@@ -1,57 +1,69 @@
-<script lang="ts">
-    import languages from "$i18n/languages.json";
-
-    import { t, locales } from "$lib/i18n/translations";
-    import settings, { updateSetting } from "$lib/state/settings";
+<script
+    lang="ts"
+    generics="
+        Context extends Exclude<keyof CobaltSettings, 'schemaVersion'>,
+        Id extends keyof CobaltSettings[Context]
+    "
+>
+    import { updateSetting } from "$lib/state/settings";
+    import type { CobaltSettings } from "$lib/types/settings";
 
     import IconSelector from "@tabler/icons-svelte/IconSelector.svelte";
 
-    $: currentSetting = $settings.appearance.language;
-    $: disabled = $settings.appearance.autoLanguage;
+    export let title: string;
+    export let description: string = "";
+    export let items: Record<string, string>;
 
-    const updateLocale = (event: Event) => {
-       const target = event.target as HTMLSelectElement;
+    export let settingId: Id;
+    export let settingContext: Context;
+
+    export let selectedOption: string;
+    export let selectedTitle: string;
+    export let disabled = false;
+
+    const onChange = (event: Event) => {
+        const target = event.target as HTMLSelectElement;
 
         updateSetting({
-            appearance: {
-                language: target.value as keyof typeof languages,
+            [settingContext]: {
+                [settingId]: target.value,
             },
         });
     };
 </script>
 
-<div class="language-selector-parent" class:disabled aria-hidden={disabled}>
-    <div id="language-selector" class="selector button">
+<div class="selector-parent" class:disabled aria-hidden={disabled}>
+    <div id="selector" class="selector button">
         <div class="selector-info">
             <h4 class="selector-title">
-                {$t("settings.language.preferred.title")}
+                {title}
             </h4>
             <div class="right-side">
                 <span class="selector-current" aria-hidden="true">
-                    {$t(`languages.${currentSetting}`)}
+                    {selectedTitle}
                 </span>
                 <IconSelector />
             </div>
         </div>
-        <select
-            id="setting-dropdown-appearance-language"
-            on:change={updateLocale}
-            {disabled}
-        >
-            {#each $locales as value}
-                <option {value} selected={currentSetting === value}>
-                    {$t(`languages.${value}`)}
+
+        <select on:change={e => onChange(e)} {disabled}>
+            {#each Object.keys(items) as value}
+                <option {value} selected={selectedOption === value}>
+                    {items[value]}
                 </option>
             {/each}
         </select>
     </div>
-    <div class="subtext toggle-description">
-        {$t("settings.language.preferred.description")}
-    </div>
+
+    {#if description}
+        <div class="subtext">
+            {description}
+        </div>
+    {/if}
 </div>
 
 <style>
-    .language-selector-parent {
+    .selector-parent {
         display: flex;
         flex-direction: column;
         gap: 10px;
@@ -59,11 +71,11 @@
         transition: opacity 0.2s;
     }
 
-    .language-selector-parent.disabled {
+    .selector-parent.disabled {
         opacity: 0.5;
     }
 
-    #language-selector {
+    #selector {
         display: flex;
         flex-direction: row;
         align-items: center;
@@ -76,7 +88,7 @@
         overflow: scroll;
     }
 
-    .disabled #language-selector {
+    .disabled #selector {
         pointer-events: none;
     }
 
diff --git a/web/src/routes/settings/appearance/+page.svelte b/web/src/routes/settings/appearance/+page.svelte
index b1067be5..3f964e9b 100644
--- a/web/src/routes/settings/appearance/+page.svelte
+++ b/web/src/routes/settings/appearance/+page.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
-    import { t } from "$lib/i18n/translations";
+    import { t, locales } from "$lib/i18n/translations";
+    import settings from "$lib/state/settings";
 
     import { themeOptions } from "$lib/types/settings";
 
@@ -7,7 +8,16 @@
     import SettingsButton from "$components/buttons/SettingsButton.svelte";
     import SettingsToggle from "$components/buttons/SettingsToggle.svelte";
     import SettingsCategory from "$components/settings/SettingsCategory.svelte";
-    import LanguageDropdown from "$components/settings/LanguageDropdown.svelte";
+    import SettingsDropdown from "$components/settings/SettingsDropdown.svelte";
+
+    const dropdownItems = () => {
+        return $locales.reduce((obj, lang) => {
+            return {
+                ...obj,
+                [lang]: $t(`languages.${lang}`),
+            };
+        }, {});
+    };
 </script>
 
 <SettingsCategory sectionId="theme" title={$t("settings.theme")}>
@@ -31,7 +41,17 @@
         title={$t("settings.language.auto.title")}
         description={$t("settings.language.auto.description")}
     />
-    <LanguageDropdown />
+
+    <SettingsDropdown
+        title={$t("settings.language.preferred.title")}
+        description={$t("settings.language.preferred.description")}
+        items={dropdownItems()}
+        settingContext="appearance"
+        settingId="language"
+        selectedOption={$settings.appearance.language}
+        selectedTitle={$t(`languages.${$settings.appearance.language}`)}
+        disabled={$settings.appearance.autoLanguage}
+    />
 </SettingsCategory>
 
 <SettingsCategory

From e081751c5933cc52aa12e83cc05ae2a43703c563 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 23:05:56 +0600
Subject: [PATCH 093/379] api/youtube: fix dubbed audio track matching

---
 api/src/processing/services/youtube.js | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index d98fb6e9..d4473b13 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -203,7 +203,7 @@ export default async function(o) {
         return resolution.height > resolution.width ? resolution.width : resolution.height;
     }
 
-    let video, audio, isDubbed,
+    let video, audio, dubbedLanguage,
         format = o.format || "h264";
 
     if (o.youtubeHLS) {
@@ -271,11 +271,11 @@ export default async function(o) {
 
         if (o.dubLang) {
             const dubbedAudio = selected.audio.find(i =>
-                i.language === o.dubLang
+                i.language.startsWith(o.dubLang)
             );
 
             if (dubbedAudio && !dubbedAudio.isDefault) {
-                isDubbed = true;
+                dubbedLanguage = dubbedAudio.language;
                 audio = dubbedAudio;
             }
         }
@@ -297,7 +297,7 @@ export default async function(o) {
         let adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
 
         const checkBestVideo = (i) => (i.has_video && i.content_length);
-        const checkBestAudio = (i) => (i.has_audio && i.content_length && i.is_original);
+        const checkBestAudio = (i) => (i.has_audio && i.content_length);
         const checkNoMedia = (vid, aud) => (!vid && !o.isAudioOnly) || (!aud && o.isAudioOnly);
 
         const earlyBestVideo = adaptive_formats.find(i => checkBestVideo(i));
@@ -319,14 +319,20 @@ export default async function(o) {
 
         audio = bestAudio;
 
+        if (audio?.audio_track && !audio?.audio_track?.audio_is_default) {
+            audio = adaptive_formats.find(i =>
+                checkBestAudio(i) && i?.audio_track?.audio_is_default
+            );
+        }
+
         if (o.dubLang) {
             const dubbedAudio = adaptive_formats.find(i =>
-                checkBestAudio(i) && i.language === o.dubLang && i.audio_track
+                checkBestAudio(i) && i.language?.startsWith(o.dubLang) && i.audio_track
             )
 
             if (dubbedAudio && !dubbedAudio?.audio_track?.audio_is_default) {
                 audio = dubbedAudio;
-                isDubbed = true;
+                dubbedLanguage = dubbedAudio.language;
             }
         }
 
@@ -369,7 +375,7 @@ export default async function(o) {
         id: o.id,
         title: fileMetadata.title,
         author: fileMetadata.artist,
-        youtubeDubName: isDubbed ? o.dubLang : false
+        youtubeDubName: dubbedLanguage || false,
     }
 
     if (audio && o.isAudioOnly) {

From 1373d16286a55af975ef4f02c995c42f7b6c04e1 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 23:14:19 +0600
Subject: [PATCH 094/379] web/SettingsDropdown: add a separator after first
 item, always lowercase

also split out anything in brackets in preview
---
 web/src/components/settings/SettingsDropdown.svelte | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/web/src/components/settings/SettingsDropdown.svelte b/web/src/components/settings/SettingsDropdown.svelte
index 585d5e67..9f0aedb3 100644
--- a/web/src/components/settings/SettingsDropdown.svelte
+++ b/web/src/components/settings/SettingsDropdown.svelte
@@ -40,17 +40,20 @@
             </h4>
             <div class="right-side">
                 <span class="selector-current" aria-hidden="true">
-                    {selectedTitle}
+                    {selectedTitle.split("(", 2)[0]}
                 </span>
                 <IconSelector />
             </div>
         </div>
 
         <select on:change={e => onChange(e)} {disabled}>
-            {#each Object.keys(items) as value}
+            {#each Object.keys(items) as value, i}
                 <option {value} selected={selectedOption === value}>
                     {items[value]}
                 </option>
+                {#if i === 0}
+                    <hr>
+                {/if}
             {/each}
         </select>
     </div>
@@ -118,6 +121,7 @@
     .selector select {
         font-size: 13px;
         font-weight: 400;
+        text-transform: lowercase;
     }
 
     .right-side :global(svg) {

From ea2dd5bb3567cb67e0d50a846f53f5cb917eb815 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 23:15:01 +0600
Subject: [PATCH 095/379] web: add support for dubbed youtube audio tracks

---
 web/i18n/en/settings.json                  |  7 +-
 web/src/lib/api/api.ts                     |  2 +-
 web/src/lib/settings/defaults.ts           |  2 +-
 web/src/lib/settings/youtube-lang.ts       | 95 ++++++++++++++++++++++
 web/src/lib/types/settings.ts              |  7 +-
 web/src/routes/settings/audio/+page.svelte | 25 ++++--
 6 files changed, 121 insertions(+), 17 deletions(-)
 create mode 100644 web/src/lib/settings/youtube-lang.ts

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index 0c493000..10f0acd6 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -56,9 +56,10 @@
     "audio.bitrate.kbps": "kb/s",
     "audio.bitrate.description": "bitrate is applied only when converting audio to a lossy format. cobalt can't improve the source audio quality, so choosing a bitrate over 128kbps may inflate the file size with no audible difference. perceived quality may vary by format.",
 
-    "audio.youtube.dub": "youtube",
-    "audio.youtube.dub.title": "use browser language for dubbed videos",
-    "audio.youtube.dub.description": "works even if cobalt isn't translated to your language.",
+    "audio.youtube.dub": "youtube audio track",
+    "audio.youtube.dub.title": "audio track language",
+    "audio.youtube.dub.description": "if selected language isn't available, original will be used instead.",
+    "youtube.dub.original": "original",
 
     "audio.tiktok.original": "tiktok",
     "audio.tiktok.original.title": "download original sound",
diff --git a/web/src/lib/api/api.ts b/web/src/lib/api/api.ts
index bdbbe59b..6d836380 100644
--- a/web/src/lib/api/api.ts
+++ b/web/src/lib/api/api.ts
@@ -22,7 +22,7 @@ const request = async (url: string) => {
         audioBitrate: getSetting("save", "audioBitrate"),
         audioFormat: getSetting("save", "audioFormat"),
         tiktokFullAudio: getSetting("save", "tiktokFullAudio"),
-        youtubeDubBrowserLang: getSetting("save", "youtubeDubBrowserLang"),
+        youtubeDubLang: getSetting("save", "youtubeDubLang"),
 
         youtubeVideoCodec: getSetting("save", "youtubeVideoCodec"),
         videoQuality: getSetting("save", "videoQuality"),
diff --git a/web/src/lib/settings/defaults.ts b/web/src/lib/settings/defaults.ts
index 168ca54a..49f44ac0 100644
--- a/web/src/lib/settings/defaults.ts
+++ b/web/src/lib/settings/defaults.ts
@@ -25,7 +25,7 @@ const defaultSettings: CobaltSettings = {
         twitterGif: true,
         videoQuality: "1080",
         youtubeVideoCodec: "h264",
-        youtubeDubBrowserLang: false,
+        youtubeDubLang: "original",
         youtubeHLS: false,
     },
     privacy: {
diff --git a/web/src/lib/settings/youtube-lang.ts b/web/src/lib/settings/youtube-lang.ts
new file mode 100644
index 00000000..55667aa0
--- /dev/null
+++ b/web/src/lib/settings/youtube-lang.ts
@@ -0,0 +1,95 @@
+export const youtubeLanguages = [
+    "original",
+    "af",
+    "am",
+    "ar",
+    "as",
+    "az",
+    "be",
+    "bg",
+    "bn",
+    "bs",
+    "ca",
+    "cs",
+    "da",
+    "de",
+    "el",
+    "en",
+    "es",
+    "et",
+    "eu",
+    "fa",
+    "fi",
+    "fil",
+    "fr",
+    "gl",
+    "gu",
+    "hi",
+    "hr",
+    "hu",
+    "hy",
+    "id",
+    "is",
+    "it",
+    "iw",
+    "ja",
+    "ka",
+    "kk",
+    "km",
+    "kn",
+    "ko",
+    "ky",
+    "lo",
+    "lt",
+    "lv",
+    "mk",
+    "ml",
+    "mn",
+    "mr",
+    "ms",
+    "my",
+    "no",
+    "ne",
+    "nl",
+    "or",
+    "pa",
+    "pl",
+    "pt",
+    "ro",
+    "ru",
+    "si",
+    "sk",
+    "sl",
+    "sq",
+    "sr",
+    "sv",
+    "sw",
+    "ta",
+    "te",
+    "th",
+    "tr",
+    "uk",
+    "ur",
+    "uz",
+    "vi",
+    "zh-CN",
+    "zh-HK",
+    "zh-TW",
+    "zu"
+] as const;
+
+export const namedYoutubeLanguages = () => {
+    return youtubeLanguages.reduce((obj, lang) => {
+        const intlName = new Intl.DisplayNames([lang], { type: 'language' }).of(lang);
+
+        let name = `${intlName} (${lang})`;
+        if (lang === "original") {
+            name = lang;
+        }
+
+        return {
+            ...obj,
+            [lang]: name,
+        };
+    }, {}) as Record<typeof youtubeLanguages[number], string>;
+}
diff --git a/web/src/lib/types/settings.ts b/web/src/lib/types/settings.ts
index 25eb1017..3531f88e 100644
--- a/web/src/lib/types/settings.ts
+++ b/web/src/lib/types/settings.ts
@@ -1,5 +1,6 @@
-import languages from '$i18n/languages.json';
-import type { RecursivePartial } from './generic';
+import languages from "$i18n/languages.json";
+import { youtubeLanguages } from "$lib/settings/youtube-lang";
+import type { RecursivePartial } from "$lib/types/generic";
 
 export const themeOptions = ["auto", "light", "dark"] as const;
 export const audioBitrateOptions = ["320", "256", "128", "96", "64", "8"] as const;
@@ -47,7 +48,7 @@ type CobaltSettingsSave = {
     twitterGif: boolean,
     videoQuality: typeof videoQualityOptions[number],
     youtubeVideoCodec: typeof youtubeVideoCodecOptions[number],
-    youtubeDubBrowserLang: boolean,
+    youtubeDubLang: typeof youtubeLanguages[number],
     youtubeHLS: boolean,
 };
 
diff --git a/web/src/routes/settings/audio/+page.svelte b/web/src/routes/settings/audio/+page.svelte
index 06555a42..3af303e4 100644
--- a/web/src/routes/settings/audio/+page.svelte
+++ b/web/src/routes/settings/audio/+page.svelte
@@ -1,6 +1,7 @@
 <script lang="ts">
     import settings from "$lib/state/settings";
     import { t } from "$lib/i18n/translations";
+    import { namedYoutubeLanguages, youtubeLanguages } from "$lib/settings/youtube-lang";
 
     import { audioFormatOptions, audioBitrateOptions } from "$lib/types/settings";
 
@@ -8,6 +9,9 @@
     import Switcher from "$components/buttons/Switcher.svelte";
     import SettingsButton from "$components/buttons/SettingsButton.svelte";
     import SettingsToggle from "$components/buttons/SettingsToggle.svelte";
+    import SettingsDropdown from "$components/settings/SettingsDropdown.svelte";
+
+    const displayLangs = namedYoutubeLanguages();
 </script>
 
 <SettingsCategory sectionId="format" title={$t("settings.audio.format")}>
@@ -42,6 +46,18 @@
     </Switcher>
 </SettingsCategory>
 
+<SettingsCategory sectionId="youtube" title={$t("settings.audio.youtube.dub")}>
+    <SettingsDropdown
+        title={$t("settings.audio.youtube.dub.title")}
+        description={$t("settings.audio.youtube.dub.description")}
+        items={displayLangs}
+        settingContext="save"
+        settingId="youtubeDubLang"
+        selectedOption={$settings.save.youtubeDubLang}
+        selectedTitle={displayLangs[$settings.save.youtubeDubLang]}
+    />
+</SettingsCategory>
+
 <SettingsCategory
     sectionId="tiktok"
     title={$t("settings.audio.tiktok.original")}
@@ -53,12 +69,3 @@
         description={$t("settings.audio.tiktok.original.description")}
     />
 </SettingsCategory>
-
-<SettingsCategory sectionId="youtube" title={$t("settings.audio.youtube.dub")}>
-    <SettingsToggle
-        settingContext="save"
-        settingId="youtubeDubBrowserLang"
-        title={$t("settings.audio.youtube.dub.title")}
-        description={$t("settings.audio.youtube.dub.description")}
-    />
-</SettingsCategory>

From ce131b1454aedee2488cdc0f4e5f4b5d637924e5 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 23:18:04 +0600
Subject: [PATCH 096/379] web/settings/privacy: remove beta tag from tunneling

---
 web/src/routes/settings/privacy/+page.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/routes/settings/privacy/+page.svelte b/web/src/routes/settings/privacy/+page.svelte
index 8975f2ef..dfe3bd7c 100644
--- a/web/src/routes/settings/privacy/+page.svelte
+++ b/web/src/routes/settings/privacy/+page.svelte
@@ -7,7 +7,7 @@
     import SettingsCategory from "$components/settings/SettingsCategory.svelte";
 </script>
 
-<SettingsCategory sectionId="tunnel" title={$t("settings.privacy.tunnel")} beta>
+<SettingsCategory sectionId="tunnel" title={$t("settings.privacy.tunnel")}>
     <SettingsToggle
         settingContext="privacy"
         settingId="alwaysProxy"

From 1e5b30778d286ec850077532e09603e9c2d1dcd9 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 28 Oct 2024 23:21:46 +0600
Subject: [PATCH 097/379] web/settings/audio: add a beta tag to youtube dub
 section

---
 web/src/routes/settings/audio/+page.svelte | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/web/src/routes/settings/audio/+page.svelte b/web/src/routes/settings/audio/+page.svelte
index 3af303e4..d9a589d5 100644
--- a/web/src/routes/settings/audio/+page.svelte
+++ b/web/src/routes/settings/audio/+page.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
     import settings from "$lib/state/settings";
     import { t } from "$lib/i18n/translations";
-    import { namedYoutubeLanguages, youtubeLanguages } from "$lib/settings/youtube-lang";
+    import { namedYoutubeLanguages } from "$lib/settings/youtube-lang";
 
     import { audioFormatOptions, audioBitrateOptions } from "$lib/types/settings";
 
@@ -46,7 +46,11 @@
     </Switcher>
 </SettingsCategory>
 
-<SettingsCategory sectionId="youtube" title={$t("settings.audio.youtube.dub")}>
+<SettingsCategory
+    sectionId="youtube-language"
+    title={$t("settings.audio.youtube.dub")}
+    beta
+>
     <SettingsDropdown
         title={$t("settings.audio.youtube.dub.title")}
         description={$t("settings.audio.youtube.dub.description")}

From b9a44f81a08722cc0b1c31992e8095647add0d95 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 11:13:36 +0000
Subject: [PATCH 098/379] ci/web: run type check before building

---
 .github/test.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/test.sh b/.github/test.sh
index 3d175da9..81d5d88b 100755
--- a/.github/test.sh
+++ b/.github/test.sh
@@ -46,6 +46,7 @@ setup_api() {
 }
 
 setup_web() {
+    pnpm run --prefix web check
     pnpm run --prefix web build
 }
 

From f610058b826453c4fad7649bdba06b9d957c8486 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 17:13:19 +0600
Subject: [PATCH 099/379] api/stream/types/merge: encode audio to aac or opus
 if hls

audio is encoded to opus only if it's a youtube hls stream with webm container
---
 api/src/stream/types.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/src/stream/types.js b/api/src/stream/types.js
index 2a1b9677..6fbe314e 100644
--- a/api/src/stream/types.js
+++ b/api/src/stream/types.js
@@ -102,7 +102,11 @@ const merge = (streamInfo, res) => {
         args = args.concat(ffmpegArgs[format]);
 
         if (hlsExceptions.includes(streamInfo.service) && streamInfo.isHLS) {
-            args.push('-bsf:a', 'aac_adtstoasc')
+            if (streamInfo.service === "youtube" && format === "webm") {
+                args.push('-c:a', 'libopus');
+            } else {
+                args.push('-c:a', 'aac', '-bsf:a', 'aac_adtstoasc');
+            }
         }
 
         if (streamInfo.metadata) {

From 367cab0de4ad43d2308fe049202d9e101161d257 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 17:13:37 +0600
Subject: [PATCH 100/379] api/youtube: update hls vp9 container to webm

way better compatibility this way
---
 api/src/processing/services/youtube.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index d4473b13..94eab2b0 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -38,7 +38,7 @@ const hlsCodecList = {
     vp9: {
         videoCodec: "vp09",
         audioCodec: "mp4a",
-        container: "mp4"
+        container: "webm"
     }
 }
 

From 6e61e73a5f8212b0148b0995e3a4837348233bbe Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 17:14:16 +0600
Subject: [PATCH 101/379] web/i18n/settings: rewrite youtube hls description

---
 web/i18n/en/settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index 10f0acd6..0d10b588 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -34,7 +34,7 @@
 
     "video.youtube.hls": "youtube hls",
     "video.youtube.hls.title": "use hls formats for videos",
-    "video.youtube.hls.description": "only h264 and vp9 codecs are supported in this mode, both are served in a mp4 container. files download faster and are less prone to errors. files may be less compatible with editing software or video players.",
+    "video.youtube.hls.description": "files download faster and are less prone to errors or getting abruptly cut off. only h264 and vp9 codecs are available in this mode. original audio codec is aac, it's re-encoded for compatibility, audio quality may be slightly worse than the non-HLS counterpart.\n\nthis option is experimental, it may go away or change in the future.",
 
     "video.twitter.gif": "twitter/x",
     "video.twitter.gif.title": "convert looping videos to GIF",

From 94e6acb832fd109739f7b0b544c3fc05b6eb44d2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 17:19:51 +0600
Subject: [PATCH 102/379] web/settings/migrate: remove `youtubeDubBrowserLang`
 migration

---
 web/src/lib/settings/migrate.ts | 2 --
 1 file changed, 2 deletions(-)

diff --git a/web/src/lib/settings/migrate.ts b/web/src/lib/settings/migrate.ts
index 98dd86b4..5e8114d2 100644
--- a/web/src/lib/settings/migrate.ts
+++ b/web/src/lib/settings/migrate.ts
@@ -16,7 +16,6 @@ const oldCheckboxes = [
     'disableAnimations',
     'disableMetadata',
     'plausible_ignore',
-    'ytDub',
     'tiktokH265'
 ] as const;
 
@@ -100,7 +99,6 @@ export const migrateOldSettings = () => {
             tiktokFullAudio: getBool('fullTikTokAudio'),
             tiktokH265: getBool('tiktokH265'),
             disableMetadata: getBool('disableMetadata'),
-            youtubeDubBrowserLang: getBool('ytDub'),
         }
     };
 

From c3a23860863e2597a4235f42ba4f39d21792e359 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 17:53:10 +0600
Subject: [PATCH 103/379] docs/api: add one more example of language codes for
 `youtubeDubLang`

---
 docs/api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/api.md b/docs/api.md
index 001c74ad..6da93a44 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -64,7 +64,7 @@ Content-Type: application/json
 | `filenameStyle`              | `string`  | `classic / pretty / basic / nerdy` | `classic` | changes the way files are named. previews can be seen in the web app.           |
 | `downloadMode`               | `string`  | `auto / audio / mute`              | `auto`    | `audio` downloads only the audio, `mute` skips the audio track in videos.       |
 | `youtubeVideoCodec`          | `string`  | `h264 / av1 / vp9`                 | `h264`    | `h264` is recommended for phones.                                               |
-| `youtubeDubLang`             | `string`  | `en / ru / cs / ja / ...`          | --        | specifies the language of audio to download, when the youtube video is dubbed   |
+| `youtubeDubLang`             | `string`  | `en / ru / cs / ja / es-US / ...`  | --        | specifies the language of audio to download when a youtube video is dubbed.     |
 | `alwaysProxy`                | `boolean` | `true / false`                     | `false`   | tunnels all downloads through the processing server, even when not necessary.   |
 | `disableMetadata`            | `boolean` | `true / false`                     | `false`   | disables file metadata when set to `true`.                                      |
 | `tiktokFullAudio`            | `boolean` | `true / false`                     | `false`   | enables download of original sound used in a tiktok video.                      |

From edb340dc6693e787f8f623838d8060830f20a517 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 18:01:43 +0600
Subject: [PATCH 104/379] web/i18n/settings: update `reduce transparency`
 description

added that enabling it may also improve ui performance on low end devices
---
 web/i18n/en/settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index 0d10b588..dd013143 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -88,7 +88,7 @@
 
     "accessibility": "accessibility",
     "accessibility.transparency.title": "reduce visual transparency",
-    "accessibility.transparency.description": "reduces transparency of surfaces and disables blur effects.",
+    "accessibility.transparency.description": "reduces transparency of surfaces and disables blur effects. may also improve ui performance on low-end devices.",
     "accessibility.motion.title": "reduce motion",
     "accessibility.motion.description": "disables animations and transitions whenever possible.",
 

From 7a50c89728681d702eaa5b66151691e702267a18 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 11:40:53 +0000
Subject: [PATCH 105/379] web/settings: split settings into versions

---
 web/src/lib/types/settings.ts    | 62 ++------------------------------
 web/src/lib/types/settings/v2.ts | 60 +++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+), 59 deletions(-)
 create mode 100644 web/src/lib/types/settings/v2.ts

diff --git a/web/src/lib/types/settings.ts b/web/src/lib/types/settings.ts
index 3531f88e..fcd04f7e 100644
--- a/web/src/lib/types/settings.ts
+++ b/web/src/lib/types/settings.ts
@@ -1,65 +1,9 @@
-import languages from "$i18n/languages.json";
-import { youtubeLanguages } from "$lib/settings/youtube-lang";
 import type { RecursivePartial } from "$lib/types/generic";
+import type { CobaltSettingsV2 } from "./settings/v2";
 
-export const themeOptions = ["auto", "light", "dark"] as const;
-export const audioBitrateOptions = ["320", "256", "128", "96", "64", "8"] as const;
-export const audioFormatOptions = ["best", "mp3", "ogg", "wav", "opus"] as const;
-export const downloadModeOptions = ["auto", "audio", "mute"] as const;
-export const filenameStyleOptions = ["classic", "basic", "pretty", "nerdy"] as const;
-export const videoQualityOptions = ["max", "2160", "1440", "1080", "720", "480", "360", "240", "144"] as const;
-export const youtubeVideoCodecOptions = ["h264", "av1", "vp9"] as const;
-export const savingMethodOptions = ["ask", "download", "share", "copy"] as const;
+export * from "./settings/v2";
 
-type CobaltSettingsAppearance = {
-    theme: typeof themeOptions[number],
-    language: keyof typeof languages,
-    autoLanguage: boolean,
-    reduceMotion: boolean,
-    reduceTransparency: boolean,
-};
-
-type CobaltSettingsAdvanced = {
-    debug: boolean,
-};
-
-type CobaltSettingsPrivacy = {
-    alwaysProxy: boolean,
-    disableAnalytics: boolean,
-};
-
-type CobaltSettingsProcessing = {
-    allowDefaultOverride: boolean,
-    customInstanceURL: string,
-    enableCustomInstances: boolean,
-    seenCustomWarning: boolean,
-    seenOverrideWarning: boolean,
-}
-
-type CobaltSettingsSave = {
-    audioFormat: typeof audioFormatOptions[number],
-    audioBitrate: typeof audioBitrateOptions[number],
-    disableMetadata: boolean,
-    downloadMode: typeof downloadModeOptions[number],
-    filenameStyle: typeof filenameStyleOptions[number],
-    savingMethod: typeof savingMethodOptions[number],
-    tiktokH265: boolean,
-    tiktokFullAudio: boolean,
-    twitterGif: boolean,
-    videoQuality: typeof videoQualityOptions[number],
-    youtubeVideoCodec: typeof youtubeVideoCodecOptions[number],
-    youtubeDubLang: typeof youtubeLanguages[number],
-    youtubeHLS: boolean,
-};
-
-export type CurrentCobaltSettings = {
-    schemaVersion: 2,
-    advanced: CobaltSettingsAdvanced,
-    appearance: CobaltSettingsAppearance,
-    save: CobaltSettingsSave,
-    privacy: CobaltSettingsPrivacy,
-    processing: CobaltSettingsProcessing,
-};
+export type CurrentCobaltSettings = CobaltSettingsV2;
 
 export type CobaltSettings = CurrentCobaltSettings;
 
diff --git a/web/src/lib/types/settings/v2.ts b/web/src/lib/types/settings/v2.ts
new file mode 100644
index 00000000..bed04cf1
--- /dev/null
+++ b/web/src/lib/types/settings/v2.ts
@@ -0,0 +1,60 @@
+import languages from "$i18n/languages.json";
+
+export const themeOptions = ["auto", "light", "dark"] as const;
+export const audioBitrateOptions = ["320", "256", "128", "96", "64", "8"] as const;
+export const audioFormatOptions = ["best", "mp3", "ogg", "wav", "opus"] as const;
+export const downloadModeOptions = ["auto", "audio", "mute"] as const;
+export const filenameStyleOptions = ["classic", "basic", "pretty", "nerdy"] as const;
+export const videoQualityOptions = ["max", "2160", "1440", "1080", "720", "480", "360", "240", "144"] as const;
+export const youtubeVideoCodecOptions = ["h264", "av1", "vp9"] as const;
+export const savingMethodOptions = ["ask", "download", "share", "copy"] as const;
+
+type CobaltSettingsAppearance = {
+    theme: typeof themeOptions[number],
+    language: keyof typeof languages,
+    autoLanguage: boolean,
+    reduceMotion: boolean,
+    reduceTransparency: boolean,
+};
+
+type CobaltSettingsAdvanced = {
+    debug: boolean,
+};
+
+type CobaltSettingsPrivacy = {
+    alwaysProxy: boolean,
+    disableAnalytics: boolean,
+};
+
+type CobaltSettingsProcessing = {
+    allowDefaultOverride: boolean,
+    customInstanceURL: string,
+    enableCustomInstances: boolean,
+    seenCustomWarning: boolean,
+    seenOverrideWarning: boolean,
+}
+
+type CobaltSettingsSaveV2 = {
+    audioFormat: typeof audioFormatOptions[number],
+    audioBitrate: typeof audioBitrateOptions[number],
+    disableMetadata: boolean,
+    downloadMode: typeof downloadModeOptions[number],
+    filenameStyle: typeof filenameStyleOptions[number],
+    savingMethod: typeof savingMethodOptions[number],
+    tiktokH265: boolean,
+    tiktokFullAudio: boolean,
+    twitterGif: boolean,
+    videoQuality: typeof videoQualityOptions[number],
+    youtubeVideoCodec: typeof youtubeVideoCodecOptions[number],
+    youtubeDubBrowserLang: boolean,
+    youtubeHLS: boolean,
+};
+
+export type CobaltSettingsV2 = {
+    schemaVersion: 2,
+    advanced: CobaltSettingsAdvanced,
+    appearance: CobaltSettingsAppearance,
+    save: CobaltSettingsSaveV2,
+    privacy: CobaltSettingsPrivacy,
+    processing: CobaltSettingsProcessing,
+};

From 7c9a824a69e6a31119f786bf8f2ce364dfca09b9 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 12:05:49 +0000
Subject: [PATCH 106/379] web/settings: add function for getting browser
 language

prep for migrating youtubeDubBrowserLang
---
 web/src/lib/settings/youtube-lang.ts | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/web/src/lib/settings/youtube-lang.ts b/web/src/lib/settings/youtube-lang.ts
index 55667aa0..1a777552 100644
--- a/web/src/lib/settings/youtube-lang.ts
+++ b/web/src/lib/settings/youtube-lang.ts
@@ -78,6 +78,8 @@ export const youtubeLanguages = [
     "zu"
 ] as const;
 
+export type YoutubeLang = typeof youtubeLanguages[number];
+
 export const namedYoutubeLanguages = () => {
     return youtubeLanguages.reduce((obj, lang) => {
         const intlName = new Intl.DisplayNames([lang], { type: 'language' }).of(lang);
@@ -91,5 +93,20 @@ export const namedYoutubeLanguages = () => {
             ...obj,
             [lang]: name,
         };
-    }, {}) as Record<typeof youtubeLanguages[number], string>;
+    }, {}) as Record<YoutubeLang, string>;
+}
+
+export const getBrowserLanguage = (): YoutubeLang => {
+    if (typeof navigator === 'undefined')
+        return "original";
+
+    const browserLanguage = navigator.language as YoutubeLang;
+    if (youtubeLanguages.includes(browserLanguage))
+        return browserLanguage;
+
+    const shortened = browserLanguage.split('-')[0] as YoutubeLang;
+    if (youtubeLanguages.includes(shortened))
+        return shortened;
+
+    return "original";
 }

From bad59750bf50305ac3293d490d13498339537c77 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 12:07:55 +0000
Subject: [PATCH 107/379] web/settings: rewrite type names, remove unused types

CurrentCobaltSettings -> CobaltSettings
CobaltSettings -> AnyCobaltSettings
---
 web/src/lib/types/settings.ts | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/web/src/lib/types/settings.ts b/web/src/lib/types/settings.ts
index fcd04f7e..1a553c8a 100644
--- a/web/src/lib/types/settings.ts
+++ b/web/src/lib/types/settings.ts
@@ -3,14 +3,12 @@ import type { CobaltSettingsV2 } from "./settings/v2";
 
 export * from "./settings/v2";
 
-export type CurrentCobaltSettings = CobaltSettingsV2;
+export type CobaltSettings = CobaltSettingsV2;
 
-export type CobaltSettings = CurrentCobaltSettings;
+export type AnyCobaltSettings = CobaltSettings;
 
 export type PartialSettings = RecursivePartial<CobaltSettings>;
-export type PartialSettingsWithSchema = RecursivePartial<CobaltSettings> & { schemaVersion: number };
 
-export type AllSchemaVersions = CurrentCobaltSettings;
-export type AllPartialSettingsWithSchema = RecursivePartial<CobaltSettings> & { schemaVersion: number };
+export type AllPartialSettingsWithSchema = RecursivePartial<AnyCobaltSettings> & { schemaVersion: number };
 
 export type DownloadModeOption = CobaltSettings['save']['downloadMode'];

From ec10019bfaae72ee27c3a8a2be7d9ac3895089cf Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 12:11:21 +0000
Subject: [PATCH 108/379] web/settings: fix types, migrate old settings from v2

---
 web/src/lib/state/settings.ts | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/web/src/lib/state/settings.ts b/web/src/lib/state/settings.ts
index c7f64e5d..0b69b86e 100644
--- a/web/src/lib/state/settings.ts
+++ b/web/src/lib/state/settings.ts
@@ -1,11 +1,10 @@
 import { derived, readable, type Updater } from 'svelte/store';
 import { browser } from '$app/environment';
 import { merge } from 'ts-deepmerge';
-
 import type {
-    CobaltSettings,
     PartialSettings,
-    AllPartialSettingsWithSchema
+    AllPartialSettingsWithSchema,
+    CobaltSettings
 } from '../types/settings';
 
 import { migrateOldSettings } from '../settings/migrate';
@@ -39,7 +38,7 @@ const migrate = (settings: AllPartialSettingsWithSchema): PartialSettings => {
         .filter(version => version > settings.schemaVersion)
         .reduce((settings, migrationVersion) => {
             return migrations[migrationVersion](settings);
-        }, settings as AllPartialSettingsWithSchema);
+        }, settings as AllPartialSettingsWithSchema) as PartialSettings;
 }
 
 
@@ -51,7 +50,7 @@ const loadFromStorage = () => {
     if (!settings) {
         const migrated = migrateOldSettings();
         if (migrated) {
-            return writeToStorage(migrated);
+            return writeToStorage(migrate(migrated));
         }
 
         return {};
@@ -60,7 +59,7 @@ const loadFromStorage = () => {
     return loadFromString(settings);
 }
 
-export const loadFromString = (settings: string) => {
+export const loadFromString = (settings: string): PartialSettings => {
     const parsed = JSON.parse(settings) as AllPartialSettingsWithSchema;
     if (parsed.schemaVersion < defaultSettings.schemaVersion) {
         return migrate(parsed);

From cafe05d5fb923c2d32ca3a262f0092de293e8bcc Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 12:12:51 +0000
Subject: [PATCH 109/379] web/settings: add version 3 of setting schema

---
 web/src/lib/settings/defaults.ts |  2 +-
 web/src/lib/state/settings.ts    | 23 +++++++++++++++++++----
 web/src/lib/types/settings.ts    |  6 ++++--
 web/src/lib/types/settings/v3.ts |  9 +++++++++
 4 files changed, 33 insertions(+), 7 deletions(-)
 create mode 100644 web/src/lib/types/settings/v3.ts

diff --git a/web/src/lib/settings/defaults.ts b/web/src/lib/settings/defaults.ts
index 49f44ac0..e629a306 100644
--- a/web/src/lib/settings/defaults.ts
+++ b/web/src/lib/settings/defaults.ts
@@ -2,7 +2,7 @@ import { defaultLocale } from "$lib/i18n/translations";
 import type { CobaltSettings } from "$lib/types/settings";
 
 const defaultSettings: CobaltSettings = {
-    schemaVersion: 2,
+    schemaVersion: 3,
     advanced: {
         debug: false,
     },
diff --git a/web/src/lib/state/settings.ts b/web/src/lib/state/settings.ts
index 0b69b86e..2bb6702e 100644
--- a/web/src/lib/state/settings.ts
+++ b/web/src/lib/state/settings.ts
@@ -4,11 +4,13 @@ import { merge } from 'ts-deepmerge';
 import type {
     PartialSettings,
     AllPartialSettingsWithSchema,
-    CobaltSettings
+    CobaltSettings,
+    CobaltSettingsV3
 } from '../types/settings';
-
+import { getBrowserLanguage } from '$lib/settings/youtube-lang';
 import { migrateOldSettings } from '../settings/migrate';
 import defaultSettings from '../settings/defaults';
+import type { RecursivePartial } from '$lib/types/generic';
 
 const updatePlausiblePreference = (settings: PartialSettings) => {
     if (settings.privacy?.disableAnalytics) {
@@ -29,7 +31,20 @@ const writeToStorage = (settings: PartialSettings) => {
 
 type Migrator = (s: AllPartialSettingsWithSchema) => AllPartialSettingsWithSchema;
 const migrations: Record<number, Migrator> = {
+    [3]: (settings: AllPartialSettingsWithSchema) => {
+        const out = settings as RecursivePartial<CobaltSettingsV3>;
+        out.schemaVersion = 3;
 
+        if (settings?.save && 'youtubeDubBrowserLang' in settings.save) {
+            if (settings.save.youtubeDubBrowserLang) {
+                out.save!.youtubeDubLang = getBrowserLanguage();
+            }
+
+            delete settings.save.youtubeDubBrowserLang;
+        }
+
+        return out as AllPartialSettingsWithSchema;
+    }
 }
 
 const migrate = (settings: AllPartialSettingsWithSchema): PartialSettings => {
@@ -65,7 +80,7 @@ export const loadFromString = (settings: string): PartialSettings => {
         return migrate(parsed);
     }
 
-    return parsed;
+    return parsed as PartialSettings;
 }
 
 let update: (_: Updater<PartialSettings>) => void;
@@ -106,4 +121,4 @@ export function resetSettings() {
 export default derived(
     storedSettings,
     $settings => mergeWithDefaults($settings)
-);
\ No newline at end of file
+);
diff --git a/web/src/lib/types/settings.ts b/web/src/lib/types/settings.ts
index 1a553c8a..fd9f31a5 100644
--- a/web/src/lib/types/settings.ts
+++ b/web/src/lib/types/settings.ts
@@ -1,11 +1,13 @@
 import type { RecursivePartial } from "$lib/types/generic";
 import type { CobaltSettingsV2 } from "./settings/v2";
+import type { CobaltSettingsV3 } from "./settings/v3";
 
 export * from "./settings/v2";
+export * from "./settings/v3";
 
-export type CobaltSettings = CobaltSettingsV2;
+export type CobaltSettings = CobaltSettingsV3;
 
-export type AnyCobaltSettings = CobaltSettings;
+export type AnyCobaltSettings = CobaltSettingsV2 | CobaltSettings;
 
 export type PartialSettings = RecursivePartial<CobaltSettings>;
 
diff --git a/web/src/lib/types/settings/v3.ts b/web/src/lib/types/settings/v3.ts
new file mode 100644
index 00000000..fb376d8e
--- /dev/null
+++ b/web/src/lib/types/settings/v3.ts
@@ -0,0 +1,9 @@
+import type { YoutubeLang } from "$lib/settings/youtube-lang";
+import { type CobaltSettingsV2 } from "./v2";
+
+export type CobaltSettingsV3 = Omit<CobaltSettingsV2, 'schemaVersion' | 'save'> & {
+    schemaVersion: 3,
+    save: Omit<CobaltSettingsV2['save'], 'youtubeDubBrowserLang'> & {
+        youtubeDubLang: YoutubeLang;
+    };
+};

From 30b70038713d845504dfe97695e3c19d6344f412 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 12:13:11 +0000
Subject: [PATCH 110/379] Revert "web/settings/migrate: remove
 `youtubeDubBrowserLang` migration"

This reverts commit 94e6acb832fd109739f7b0b544c3fc05b6eb44d2.
---
 web/src/lib/settings/migrate.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/web/src/lib/settings/migrate.ts b/web/src/lib/settings/migrate.ts
index 5e8114d2..98dd86b4 100644
--- a/web/src/lib/settings/migrate.ts
+++ b/web/src/lib/settings/migrate.ts
@@ -16,6 +16,7 @@ const oldCheckboxes = [
     'disableAnimations',
     'disableMetadata',
     'plausible_ignore',
+    'ytDub',
     'tiktokH265'
 ] as const;
 
@@ -99,6 +100,7 @@ export const migrateOldSettings = () => {
             tiktokFullAudio: getBool('fullTikTokAudio'),
             tiktokH265: getBool('tiktokH265'),
             disableMetadata: getBool('disableMetadata'),
+            youtubeDubBrowserLang: getBool('ytDub'),
         }
     };
 

From 0a471943cabac2a9fb0df2bf727130a14326ba39 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 12:18:18 +0000
Subject: [PATCH 111/379] web/settings: write to storage if migrated

---
 web/src/lib/state/settings.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/lib/state/settings.ts b/web/src/lib/state/settings.ts
index 2bb6702e..76a87105 100644
--- a/web/src/lib/state/settings.ts
+++ b/web/src/lib/state/settings.ts
@@ -77,7 +77,7 @@ const loadFromStorage = () => {
 export const loadFromString = (settings: string): PartialSettings => {
     const parsed = JSON.parse(settings) as AllPartialSettingsWithSchema;
     if (parsed.schemaVersion < defaultSettings.schemaVersion) {
-        return migrate(parsed);
+        return writeToStorage(migrate(parsed));
     }
 
     return parsed as PartialSettings;

From 44f842997e7891ba1ddacf18aabeb3fab946937a Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 18:29:53 +0600
Subject: [PATCH 112/379] api & web: bump version to 10.2

---
 api/package.json | 2 +-
 web/package.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/package.json b/api/package.json
index 948f8180..ba365899 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.1.0",
+    "version": "10.2.0",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",
diff --git a/web/package.json b/web/package.json
index bd2854b5..e0c3d1bf 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.1.0",
+    "version": "10.2.0",
     "type": "module",
     "private": true,
     "scripts": {

From b125894b7e20dba404358d8dd8949a57e47b2990 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 12:42:48 +0000
Subject: [PATCH 113/379] web/settings: move migration to separate file, rename
 v7 migration

---
 web/src/lib/settings/migrate-v7.ts | 109 +++++++++++++++++++++++
 web/src/lib/settings/migrate.ts    | 135 +++++++----------------------
 web/src/lib/state/settings.ts      |  36 +-------
 3 files changed, 144 insertions(+), 136 deletions(-)
 create mode 100644 web/src/lib/settings/migrate-v7.ts

diff --git a/web/src/lib/settings/migrate-v7.ts b/web/src/lib/settings/migrate-v7.ts
new file mode 100644
index 00000000..98dd86b4
--- /dev/null
+++ b/web/src/lib/settings/migrate-v7.ts
@@ -0,0 +1,109 @@
+import type { AllPartialSettingsWithSchema } from "$lib/types/settings";
+
+const oldSwitcherValues = {
+    theme: ['auto', 'light', 'dark'],
+    vCodec: ['h264', 'av1', 'vp9'],
+    vQuality: ['720', 'max', '2160', '1440', '1080', '480', '360', '240', '144'],
+    aFormat: ['mp3', 'best', 'ogg', 'wav', 'opus'],
+    filenamePattern: ['classic', 'pretty', 'basic', 'nerdy']
+} as const;
+
+const oldCheckboxes = [
+    'audioMode',
+    'fullTikTokAudio',
+    'muteAudio',
+    'reduceTransparency',
+    'disableAnimations',
+    'disableMetadata',
+    'plausible_ignore',
+    'ytDub',
+    'tiktokH265'
+] as const;
+
+type LegacySwitchers = keyof typeof oldSwitcherValues;
+type LegacyCheckboxes = typeof oldCheckboxes[number];
+
+const _get = (name: LegacyCheckboxes | LegacySwitchers) => {
+    const value = localStorage.getItem(name);
+    if (value !== null) {
+        return value;
+    }
+}
+
+const getBool = (name: LegacyCheckboxes) => {
+    const value = _get(name);
+
+    if (value !== undefined) {
+        return value === 'true';
+    }
+}
+
+const getLiteral = <T extends LegacySwitchers>(name: T) => {
+    const value = _get(name);
+    if (value === undefined) {
+        return;
+    }
+
+    const values = oldSwitcherValues[name] as readonly string[];
+    if (values.includes(value)) {
+        type SwitcherOptions = typeof oldSwitcherValues[T][number];
+        return value as SwitcherOptions;
+    }
+}
+
+const getDownloadMode = () => {
+    if (getBool('muteAudio')) {
+        return 'mute';
+    }
+
+    if (getBool('audioMode')) {
+        return 'audio';
+    }
+
+    return 'auto';
+}
+
+const cleanup = () => {
+    for (const key of Object.keys(localStorage)) {
+        // plausible script needs this value, so we keep it if migrating
+        if (key !== 'plausible_ignore') {
+            localStorage.removeItem(key);
+        }
+    }
+}
+
+export const migrateOldSettings = () => {
+    if (getLiteral('vCodec') === undefined) {
+        /* on the old frontend, preferences such as "vCodec" are set right
+         * when you open it. so, if this preference does not exist, we can
+         * assume that the user never used the old frontend, and abort the
+         * migration early. */
+        return;
+    }
+
+    const migrated: AllPartialSettingsWithSchema = {
+        schemaVersion: 2,
+        appearance: {
+            theme: getLiteral('theme'),
+            reduceTransparency: getBool('reduceTransparency'),
+            reduceMotion: getBool('disableAnimations'),
+        },
+        privacy: {
+            disableAnalytics: getBool('plausible_ignore')
+        },
+        save: {
+            youtubeVideoCodec: getLiteral('vCodec'),
+            videoQuality: getLiteral('vQuality'),
+            audioFormat: getLiteral('aFormat'),
+            downloadMode: getDownloadMode(),
+            filenameStyle: getLiteral('filenamePattern'),
+            tiktokFullAudio: getBool('fullTikTokAudio'),
+            tiktokH265: getBool('tiktokH265'),
+            disableMetadata: getBool('disableMetadata'),
+            youtubeDubBrowserLang: getBool('ytDub'),
+        }
+    };
+
+    cleanup();
+    return migrated;
+}
diff --git a/web/src/lib/settings/migrate.ts b/web/src/lib/settings/migrate.ts
index 98dd86b4..e452b6f8 100644
--- a/web/src/lib/settings/migrate.ts
+++ b/web/src/lib/settings/migrate.ts
@@ -1,109 +1,38 @@
-import type { AllPartialSettingsWithSchema } from "$lib/types/settings";
+import type { RecursivePartial } from "$lib/types/generic";
+import type {
+  AllPartialSettingsWithSchema,
+  CobaltSettingsV3,
+  PartialSettings,
+} from "$lib/types/settings";
+import { getBrowserLanguage } from "$lib/settings/youtube-lang";
 
-const oldSwitcherValues = {
-    theme: ['auto', 'light', 'dark'],
-    vCodec: ['h264', 'av1', 'vp9'],
-    vQuality: ['720', 'max', '2160', '1440', '1080', '480', '360', '240', '144'],
-    aFormat: ['mp3', 'best', 'ogg', 'wav', 'opus'],
-    filenamePattern: ['classic', 'pretty', 'basic', 'nerdy']
-} as const;
+type Migrator = (
+  s: AllPartialSettingsWithSchema
+) => AllPartialSettingsWithSchema;
+const migrations: Record<number, Migrator> = {
+  [3]: (settings: AllPartialSettingsWithSchema) => {
+    const out = settings as RecursivePartial<CobaltSettingsV3>;
+    out.schemaVersion = 3;
 
-const oldCheckboxes = [
-    'audioMode',
-    'fullTikTokAudio',
-    'muteAudio',
-    'reduceTransparency',
-    'disableAnimations',
-    'disableMetadata',
-    'plausible_ignore',
-    'ytDub',
-    'tiktokH265'
-] as const;
+    if (settings?.save && "youtubeDubBrowserLang" in settings.save) {
+      if (settings.save.youtubeDubBrowserLang) {
+        out.save!.youtubeDubLang = getBrowserLanguage();
+      }
 
-type LegacySwitchers = keyof typeof oldSwitcherValues;
-type LegacyCheckboxes = typeof oldCheckboxes[number];
-
-const _get = (name: LegacyCheckboxes | LegacySwitchers) => {
-    const value = localStorage.getItem(name);
-    if (value !== null) {
-        return value;
-    }
-}
-
-const getBool = (name: LegacyCheckboxes) => {
-    const value = _get(name);
-
-    if (value !== undefined) {
-        return value === 'true';
-    }
-}
-
-const getLiteral = <T extends LegacySwitchers>(name: T) => {
-    const value = _get(name);
-    if (value === undefined) {
-        return;
+      delete settings.save.youtubeDubBrowserLang;
     }
 
-    const values = oldSwitcherValues[name] as readonly string[];
-    if (values.includes(value)) {
-        type SwitcherOptions = typeof oldSwitcherValues[T][number];
-        return value as SwitcherOptions;
-    }
-}
+    return out as AllPartialSettingsWithSchema;
+  },
+};
 
-const getDownloadMode = () => {
-    if (getBool('muteAudio')) {
-        return 'mute';
-    }
-
-    if (getBool('audioMode')) {
-        return 'audio';
-    }
-
-    return 'auto';
-}
-
-const cleanup = () => {
-    for (const key of Object.keys(localStorage)) {
-        // plausible script needs this value, so we keep it if migrating
-        if (key !== 'plausible_ignore') {
-            localStorage.removeItem(key);
-        }
-    }
-}
-
-export const migrateOldSettings = () => {
-    if (getLiteral('vCodec') === undefined) {
-        /* on the old frontend, preferences such as "vCodec" are set right
-         * when you open it. so, if this preference does not exist, we can
-         * assume that the user never used the old frontend, and abort the
-         * migration early. */
-        return;
-    }
-
-    const migrated: AllPartialSettingsWithSchema = {
-        schemaVersion: 2,
-        appearance: {
-            theme: getLiteral('theme'),
-            reduceTransparency: getBool('reduceTransparency'),
-            reduceMotion: getBool('disableAnimations'),
-        },
-        privacy: {
-            disableAnalytics: getBool('plausible_ignore')
-        },
-        save: {
-            youtubeVideoCodec: getLiteral('vCodec'),
-            videoQuality: getLiteral('vQuality'),
-            audioFormat: getLiteral('aFormat'),
-            downloadMode: getDownloadMode(),
-            filenameStyle: getLiteral('filenamePattern'),
-            tiktokFullAudio: getBool('fullTikTokAudio'),
-            tiktokH265: getBool('tiktokH265'),
-            disableMetadata: getBool('disableMetadata'),
-            youtubeDubBrowserLang: getBool('ytDub'),
-        }
-    };
-
-    cleanup();
-    return migrated;
-}
+export const migrate = (
+  settings: AllPartialSettingsWithSchema
+): PartialSettings => {
+  return Object.keys(migrations)
+    .map(Number)
+    .filter((version) => version > settings.schemaVersion)
+    .reduce((settings, migrationVersion) => {
+      return migrations[migrationVersion](settings);
+    }, settings as AllPartialSettingsWithSchema) as PartialSettings;
+};
diff --git a/web/src/lib/state/settings.ts b/web/src/lib/state/settings.ts
index 76a87105..db41915c 100644
--- a/web/src/lib/state/settings.ts
+++ b/web/src/lib/state/settings.ts
@@ -4,13 +4,11 @@ import { merge } from 'ts-deepmerge';
 import type {
     PartialSettings,
     AllPartialSettingsWithSchema,
-    CobaltSettings,
-    CobaltSettingsV3
+    CobaltSettings
 } from '../types/settings';
-import { getBrowserLanguage } from '$lib/settings/youtube-lang';
-import { migrateOldSettings } from '../settings/migrate';
+import { migrateOldSettings } from '../settings/migrate-v7';
 import defaultSettings from '../settings/defaults';
-import type { RecursivePartial } from '$lib/types/generic';
+import { migrate } from '$lib/settings/migrate';
 
 const updatePlausiblePreference = (settings: PartialSettings) => {
     if (settings.privacy?.disableAnalytics) {
@@ -29,34 +27,6 @@ const writeToStorage = (settings: PartialSettings) => {
     return settings;
 }
 
-type Migrator = (s: AllPartialSettingsWithSchema) => AllPartialSettingsWithSchema;
-const migrations: Record<number, Migrator> = {
-    [3]: (settings: AllPartialSettingsWithSchema) => {
-        const out = settings as RecursivePartial<CobaltSettingsV3>;
-        out.schemaVersion = 3;
-
-        if (settings?.save && 'youtubeDubBrowserLang' in settings.save) {
-            if (settings.save.youtubeDubBrowserLang) {
-                out.save!.youtubeDubLang = getBrowserLanguage();
-            }
-
-            delete settings.save.youtubeDubBrowserLang;
-        }
-
-        return out as AllPartialSettingsWithSchema;
-    }
-}
-
-const migrate = (settings: AllPartialSettingsWithSchema): PartialSettings => {
-    return Object.keys(migrations)
-        .map(Number)
-        .filter(version => version > settings.schemaVersion)
-        .reduce((settings, migrationVersion) => {
-            return migrations[migrationVersion](settings);
-        }, settings as AllPartialSettingsWithSchema) as PartialSettings;
-}
-
-
 const loadFromStorage = () => {
     if (!browser)
         return {};

From c4be1d3a37b0deb6b6087ec7a815262ac942daf1 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 13:17:38 +0000
Subject: [PATCH 114/379] web/download: don't try to open non-https links

---
 web/src/lib/download.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/web/src/lib/download.ts b/web/src/lib/download.ts
index 9cfbf630..7a126a92 100644
--- a/web/src/lib/download.ts
+++ b/web/src/lib/download.ts
@@ -56,6 +56,10 @@ export const shareFile = async (file: File) => {
 }
 
 export const openURL = (url: string) => {
+    if (!['http:', 'https:'].includes(new URL(url).protocol)) {
+        return alert('error: invalid url!');
+    }
+
     const open = window.open(url, "_blank");
 
     /* if new tab got blocked by user agent, show a saving dialog */

From d16118ed42af1c9dce55597b6fc7757083b0a05d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 21:56:30 +0600
Subject: [PATCH 115/379] web: bump version to 10.2.1

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index e0c3d1bf..60534d07 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.2.0",
+    "version": "10.2.1",
     "type": "module",
     "private": true,
     "scripts": {

From fb2b0ad290f3d2eced9a85e640adbab6ac12331f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 22:06:00 +0600
Subject: [PATCH 116/379] web/i18n/settings: update youtube hls toggle title

---
 web/i18n/en/settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index dd013143..aa688209 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -33,7 +33,7 @@
     "video.youtube.codec.description": "h264: best compatibility, average quality. max quality is 1080p. \nav1: best quality and efficiency. supports 8k & HDR. \nvp9: same quality as av1, but file is ~2x bigger. supports 4k & HDR.\n\nav1 and vp9 aren't as widely supported as h264. if av1 or vp9 isn't available, h264 is used instead.",
 
     "video.youtube.hls": "youtube hls",
-    "video.youtube.hls.title": "use hls formats for videos",
+    "video.youtube.hls.title": "prefer hls for video & audio",
     "video.youtube.hls.description": "files download faster and are less prone to errors or getting abruptly cut off. only h264 and vp9 codecs are available in this mode. original audio codec is aac, it's re-encoded for compatibility, audio quality may be slightly worse than the non-HLS counterpart.\n\nthis option is experimental, it may go away or change in the future.",
 
     "video.twitter.gif": "twitter/x",

From 88403968651f54bfc1470f6c33502dae2b44dfc1 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 22:37:45 +0600
Subject: [PATCH 117/379] web/audio: update youtube dub section id

---
 web/src/routes/settings/audio/+page.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/routes/settings/audio/+page.svelte b/web/src/routes/settings/audio/+page.svelte
index d9a589d5..5dfda46d 100644
--- a/web/src/routes/settings/audio/+page.svelte
+++ b/web/src/routes/settings/audio/+page.svelte
@@ -47,7 +47,7 @@
 </SettingsCategory>
 
 <SettingsCategory
-    sectionId="youtube-language"
+    sectionId="youtube-dub"
     title={$t("settings.audio.youtube.dub")}
     beta
 >

From 904e5aa9187d2902604121c90db39f0c112248c1 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 22:37:55 +0600
Subject: [PATCH 118/379] web/video: update youtube codec & hls section ids

---
 web/src/routes/settings/video/+page.svelte | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/src/routes/settings/video/+page.svelte b/web/src/routes/settings/video/+page.svelte
index 4760d9c0..9897d7eb 100644
--- a/web/src/routes/settings/video/+page.svelte
+++ b/web/src/routes/settings/video/+page.svelte
@@ -35,7 +35,7 @@
 </SettingsCategory>
 
 <SettingsCategory
-    sectionId="codec"
+    sectionId="youtube-codec"
     title={$t("settings.video.youtube.codec")}
 >
     <Switcher
@@ -55,7 +55,7 @@
 </SettingsCategory>
 
 <SettingsCategory
-    sectionId="hls"
+    sectionId="youtube-hls"
     title={$t("settings.video.youtube.hls")}
     disabled={$settings.save.youtubeVideoCodec === "av1"}
     beta

From 8f89c7f412585b4e763b42dfd8483208a0ed944e Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 22:38:38 +0600
Subject: [PATCH 119/379] web/i18n/settings: update youtube setting titles and
 descriptions

---
 web/i18n/en/settings.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index aa688209..6e6e3512 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -29,10 +29,10 @@
     "video.quality.144": "144p",
     "video.quality.description": "if preferred video quality isn't available, next best is picked instead.",
 
-    "video.youtube.codec": "youtube video codec and container",
+    "video.youtube.codec": "youtube codec and container",
     "video.youtube.codec.description": "h264: best compatibility, average quality. max quality is 1080p. \nav1: best quality and efficiency. supports 8k & HDR. \nvp9: same quality as av1, but file is ~2x bigger. supports 4k & HDR.\n\nav1 and vp9 aren't as widely supported as h264. if av1 or vp9 isn't available, h264 is used instead.",
 
-    "video.youtube.hls": "youtube hls",
+    "video.youtube.hls": "youtube hls formats",
     "video.youtube.hls.title": "prefer hls for video & audio",
     "video.youtube.hls.description": "files download faster and are less prone to errors or getting abruptly cut off. only h264 and vp9 codecs are available in this mode. original audio codec is aac, it's re-encoded for compatibility, audio quality may be slightly worse than the non-HLS counterpart.\n\nthis option is experimental, it may go away or change in the future.",
 
@@ -57,8 +57,8 @@
     "audio.bitrate.description": "bitrate is applied only when converting audio to a lossy format. cobalt can't improve the source audio quality, so choosing a bitrate over 128kbps may inflate the file size with no audible difference. perceived quality may vary by format.",
 
     "audio.youtube.dub": "youtube audio track",
-    "audio.youtube.dub.title": "audio track language",
-    "audio.youtube.dub.description": "if selected language isn't available, original will be used instead.",
+    "audio.youtube.dub.title": "preferred dub language",
+    "audio.youtube.dub.description": "cobalt will use a dubbed audio track for selected language if it's available. if not, original will be used instead.",
     "youtube.dub.original": "original",
 
     "audio.tiktok.original": "tiktok",

From 406ac7613ceebef8677614d672eaf9f16a7af2ee Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 22:55:50 +0600
Subject: [PATCH 120/379] api/youtube: make sure language exists when checking
 for hls dubs

oops
---
 api/src/processing/services/youtube.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 94eab2b0..e3265b33 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -271,7 +271,7 @@ export default async function(o) {
 
         if (o.dubLang) {
             const dubbedAudio = selected.audio.find(i =>
-                i.language.startsWith(o.dubLang)
+                i.language?.startsWith(o.dubLang)
             );
 
             if (dubbedAudio && !dubbedAudio.isDefault) {

From 776c4f4dbabd1e425c29bf98eaa95155c3295ccd Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 30 Oct 2024 23:56:14 +0600
Subject: [PATCH 121/379] api/stream/manage: don't use clones in node cache

---
 api/src/stream/manage.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index 5f55b5fa..092232f6 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -15,7 +15,8 @@ const freebind = env.freebindCIDR && await import('freebind').catch(() => {});
 const streamCache = new NodeCache({
     stdTTL: env.streamLifespan,
     checkperiod: 10,
-    deleteOnExpire: true
+    deleteOnExpire: true,
+    useClones: false,
 })
 
 streamCache.on("expired", (key) => {

From 6322c172c1e1350633bc6eab2e3b92793a35bd02 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 31 Oct 2024 00:10:22 +0600
Subject: [PATCH 122/379] ci/test: update api test url

---
 .github/test.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/test.sh b/.github/test.sh
index 81d5d88b..90f7f19c 100755
--- a/.github/test.sh
+++ b/.github/test.sh
@@ -18,7 +18,7 @@ test_api() {
          -X POST \
          -H "Accept: application/json" \
          -H "Content-Type: application/json" \
-         -d '{"url":"https://www.tiktok.com/@fatfatmillycat/video/7195741644585454894"}')
+         -d '{"url":"https://garfield-69.tumblr.com/post/696499862852780032","alwaysProxy":true}')
 
     echo "API_RESPONSE=$API_RESPONSE"
     STATUS=$(echo "$API_RESPONSE" | jq -r .status)

From 98acea6c588bef80ede55a7ebaf5363845725e48 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 31 Oct 2024 00:14:26 +0600
Subject: [PATCH 123/379] api: bump version to 10.2.1

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index ba365899..a8d27fde 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.2.0",
+    "version": "10.2.1",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From da72b9615e30022b708aab93d7d675c9a79c9316 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 31 Oct 2024 21:18:34 +0600
Subject: [PATCH 124/379] api/youtube: use best quality if all else fails

---
 api/src/processing/services/youtube.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index e3265b33..affdf40f 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -345,11 +345,13 @@ export default async function(o) {
             }
 
             const bestQuality = qual(bestVideo);
-            const useBestQuality = quality > bestQuality;
+            const useBestQuality = quality >= bestQuality;
 
             video = useBestQuality ? bestVideo : adaptive_formats.find(i =>
                 qual(i) === quality && checkBestVideo(i)
             );
+
+            if (!video) video = bestVideo;
         }
     }
 

From 5470926d5236ad6deab7cd3690804a7775c2429a Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 31 Oct 2024 21:31:39 +0600
Subject: [PATCH 125/379] api/youtube: adjust matched resolution

heights like 714 are now adjusted to 720, so that preferred quality is picked correctly
---
 api/src/processing/services/youtube.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index affdf40f..501f2393 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -199,8 +199,10 @@ export default async function(o) {
     }
 
     const quality = o.quality === "max" ? 9000 : Number(o.quality);
-    const matchQuality = (resolution) => {
-        return resolution.height > resolution.width ? resolution.width : resolution.height;
+
+    const matchQuality = resolution => {
+        const quality = resolution.height > resolution.width ? resolution.width : resolution.height;
+        return Math.ceil(quality / 24) * 24;
     }
 
     let video, audio, dubbedLanguage,

From 3dd6165472d68360e92f5257973431a043035abf Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 31 Oct 2024 21:37:11 +0600
Subject: [PATCH 126/379] api/youtube: slight refactor of `matchQuality`

---
 api/src/processing/services/youtube.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 501f2393..67a47326 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -200,8 +200,8 @@ export default async function(o) {
 
     const quality = o.quality === "max" ? 9000 : Number(o.quality);
 
-    const matchQuality = resolution => {
-        const quality = resolution.height > resolution.width ? resolution.width : resolution.height;
+    const matchQuality = res => {
+        const quality = res.height > res.width ? res.width : res.height;
         return Math.ceil(quality / 24) * 24;
     }
 

From 2c451c69d0612fedc734d29ce1869515b53ec9e0 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 31 Oct 2024 21:43:02 +0600
Subject: [PATCH 127/379] api/youtube: rename quality variable in
 `matchQuality`

---
 api/src/processing/services/youtube.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 67a47326..005c3ed5 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -201,8 +201,8 @@ export default async function(o) {
     const quality = o.quality === "max" ? 9000 : Number(o.quality);
 
     const matchQuality = res => {
-        const quality = res.height > res.width ? res.width : res.height;
-        return Math.ceil(quality / 24) * 24;
+        const qual = res.height > res.width ? res.width : res.height;
+        return Math.ceil(qual / 24) * 24;
     }
 
     let video, audio, dubbedLanguage,

From 9cc2df9efda84621c0ffb2e552c73cd4fe0dbe07 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Fri, 1 Nov 2024 19:48:12 +0600
Subject: [PATCH 128/379] docs/docker-compose: revamp the template, add
 `read_only`

we use `read_only` on the main instance and i think everyone else should use it too
---
 docs/examples/docker-compose.example.yml | 34 +++++++++++++++---------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/docs/examples/docker-compose.example.yml b/docs/examples/docker-compose.example.yml
index 7d3442de..e56c0a21 100644
--- a/docs/examples/docker-compose.example.yml
+++ b/docs/examples/docker-compose.example.yml
@@ -1,30 +1,40 @@
 services:
     cobalt-api:
         image: ghcr.io/imputnet/cobalt:10
+
+        init: true
+        read_only: true
         restart: unless-stopped
         container_name: cobalt-api
 
-        init: true
-
         ports:
             - 9000:9000/tcp
-            # if you're using a reverse proxy, uncomment the next line and remove the one above (9000:9000/tcp):
-            #- 127.0.0.1:9000:9000
+            # if you use a reverse proxy (such as nginx),
+            # uncomment the next line and remove the one above (9000:9000/tcp):
+            # - 127.0.0.1:9000:9000
 
         environment:
-            # replace https://api.cobalt.tools/ with your instance's target url in same format
-            API_URL: "https://api.cobalt.tools/"
-            # if you want to use cookies when fetching data from services, uncomment the next line and the lines under volume
+            # replace https://api.url.example/ with your instance's url
+            # or else tunneling functionality won't work properly
+            API_URL: "https://api.url.example/"
+
+            # if you want to use cookies for fetching data from services,
+            # uncomment the next line & volumes section
             # COOKIE_PATH: "/cookies.json"
-            # see docs/run-an-instance.md for more information
+
+            # it's recommended to configure bot protection or api keys if the instance is public,
+            # see /docs/protect-an-instance.md for more info
+
+            # see /docs/run-an-instance.md for more variables that you can use here
+
         labels:
             - com.centurylinklabs.watchtower.scope=cobalt
 
-        # if you want to use cookies when fetching data from services, uncomment volumes and next line
-        #volumes:
-            #- ./cookies.json:/cookies.json
+        # uncomment only if you use the COOKIE_PATH variable
+        # volumes:
+            # - ./cookies.json:/cookies.json
 
-    # update the cobalt image automatically with watchtower
+    # watchtower updates the cobalt image automatically
     watchtower:
         image: ghcr.io/containrrr/watchtower
         restart: unless-stopped

From 0508c2305cb8f7b418cffcaf97816bbc15ce16f8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Fri, 1 Nov 2024 19:56:10 +0600
Subject: [PATCH 129/379] readme: rephrase the thank you section

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 434b5943..8168a4df 100644
--- a/README.md
+++ b/README.md
@@ -27,8 +27,8 @@ paste the link, get the file, move on. that simple, just how it should be.
 
 ### cobalt monorepo
 this monorepo includes source code for api, frontend, and related packages:
-- [api tree](/api/)
-- [web tree](/web/)
+- [api tree & readme](/api/)
+- [web tree & readme](/web/)
 - [packages tree](/packages/)
 
 it also includes documentation in the [docs tree](/docs/):
@@ -37,8 +37,8 @@ it also includes documentation in the [docs tree](/docs/):
 - [how to protect a cobalt instance](/docs/protect-an-instance.md)
 - [how to configure a cobalt instance for youtube](/docs/configure-for-youtube.md)
 
-### partners
-cobalt is sponsored by [royalehosting.net](https://royalehosting.net/?partner=cobalt) and the main processing instance is hosted on their network. we really appreciate their kindness!
+### thank you
+cobalt is sponsored by [royalehosting.net](https://royalehosting.net/?partner=cobalt) and the main processing servers are hosted on their network. we really appreciate their kindness and support!
 
 ### ethics
 cobalt is a tool that makes downloading public content easier. it takes **zero liability**.

From 5e92b649a33dcff0553dd03f61eacf304adc9da5 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 18:59:20 +0000
Subject: [PATCH 130/379] api: add `API_REDIS_URL` env

---
 api/package.json        |  3 +-
 api/src/config.js       |  1 +
 docs/run-an-instance.md |  1 +
 pnpm-lock.yaml          | 98 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 102 insertions(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index a8d27fde..ef70f2e4 100644
--- a/api/package.json
+++ b/api/package.json
@@ -44,6 +44,7 @@
         "zod": "^3.23.8"
     },
     "optionalDependencies": {
-        "freebind": "^0.2.2"
+        "freebind": "^0.2.2",
+        "redis": "^4.7.0"
     }
 }
diff --git a/api/src/config.js b/api/src/config.js
index 02584212..e0c09afa 100644
--- a/api/src/config.js
+++ b/api/src/config.js
@@ -45,6 +45,7 @@ const env = {
 
     apiKeyURL: process.env.API_KEY_URL && new URL(process.env.API_KEY_URL),
     authRequired: process.env.API_AUTH_REQUIRED === '1',
+    redisURL: process.env.API_REDIS_URL,
 
     keyReloadInterval: 900,
 
diff --git a/docs/run-an-instance.md b/docs/run-an-instance.md
index 63841625..f3fdc630 100644
--- a/docs/run-an-instance.md
+++ b/docs/run-an-instance.md
@@ -77,6 +77,7 @@ sudo service nscd start
 | `JWT_EXPIRY`          | `120`     | `240`                  | the duration of how long a cobalt-issued JWT token will remain valid, in seconds. |
 | `API_KEY_URL`         | ➖        | `file://keys.json`      | the location of the api key database. for loading API keys, cobalt supports HTTP(S) urls, or local files by specifying a local path using the `file://` protocol. see the "api key file format" below for more details.  |
 | `API_AUTH_REQUIRED`   | ➖        | `1`                     | when set to `1`, the user always needs to be authenticated in some way before they can access the API (either via an api key or via turnstile, if enabled). |
+| `API_REDIS_URL`       | ➖        | `redis://localhost:6379` | when set, cobalt uses redis instead of internal memory for the tunnel cache. |
 
 \* the higher the nice value, the lower the priority. [read more here](https://en.wikipedia.org/wiki/Nice_(Unix)).
 
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 71456e11..d96b6642 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -68,6 +68,9 @@ importers:
       freebind:
         specifier: ^0.2.2
         version: 0.2.2
+      redis:
+        specifier: ^4.7.0
+        version: 4.7.0
 
   packages/api-client:
     devDependencies:
@@ -569,6 +572,35 @@ packages:
   '@polka/url@1.0.0-next.25':
     resolution: {integrity: sha512-j7P6Rgr3mmtdkeDGTe0E/aYyWEWVtc5yFXtHCRHs28/jptDEWfaVOc5T7cblqy1XKPPfCxJc/8DwQ5YgLOZOVQ==}
 
+  '@redis/bloom@1.2.0':
+    resolution: {integrity: sha512-HG2DFjYKbpNmVXsa0keLHp/3leGJz1mjh09f2RLGGLQZzSHpkmZWuwJbAvo3QcRY8p80m5+ZdXZdYOSBLlp7Cg==}
+    peerDependencies:
+      '@redis/client': ^1.0.0
+
+  '@redis/client@1.6.0':
+    resolution: {integrity: sha512-aR0uffYI700OEEH4gYnitAnv3vzVGXCFvYfdpu/CJKvk4pHfLPEy/JSZyrpQ+15WhXe1yJRXLtfQ84s4mEXnPg==}
+    engines: {node: '>=14'}
+
+  '@redis/graph@1.1.1':
+    resolution: {integrity: sha512-FEMTcTHZozZciLRl6GiiIB4zGm5z5F3F6a6FZCyrfxdKOhFlGkiAqlexWMBzCi4DcRoyiOsuLfW+cjlGWyExOw==}
+    peerDependencies:
+      '@redis/client': ^1.0.0
+
+  '@redis/json@1.0.7':
+    resolution: {integrity: sha512-6UyXfjVaTBTJtKNG4/9Z8PSpKE6XgSyEb8iwaqDcy+uKrd/DGYHTWkUdnQDyzm727V7p21WUMhsqz5oy65kPcQ==}
+    peerDependencies:
+      '@redis/client': ^1.0.0
+
+  '@redis/search@1.2.0':
+    resolution: {integrity: sha512-tYoDBbtqOVigEDMAcTGsRlMycIIjwMCgD8eR2t0NANeQmgK/lvxNAvYyb6bZDD4frHRhIHkJu2TBRvB0ERkOmw==}
+    peerDependencies:
+      '@redis/client': ^1.0.0
+
+  '@redis/time-series@1.1.0':
+    resolution: {integrity: sha512-c1Q99M5ljsIuc4YdaCwfUEXsofakb9c8+Zse2qxTadu8TalLXuAESzLvFAvNVbkmSlvlzIQOLpBCmWI9wTOt+g==}
+    peerDependencies:
+      '@redis/client': ^1.0.0
+
   '@rollup/rollup-android-arm-eabi@4.24.0':
     resolution: {integrity: sha512-Q6HJd7Y6xdB48x8ZNVDOqsbh2uByBhgK8PiQgPhwkIw/HC/YX5Ghq2mQY5sRMZWHb3VsFkWooUVOZHKr7DmDIA==}
     cpu: [arm]
@@ -915,6 +947,10 @@ packages:
     resolution: {integrity: sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w==}
     engines: {node: '>=0.8'}
 
+  cluster-key-slot@1.1.2:
+    resolution: {integrity: sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==}
+    engines: {node: '>=0.10.0'}
+
   code-red@1.0.4:
     resolution: {integrity: sha512-7qJWqItLA8/VPVlKJlFXU+NBlo/qyfs39aJcuMT/2ere32ZqvF5OSxgdM5xOfJJ7O429gg2HM47y8v9P+9wrNw==}
 
@@ -1216,6 +1252,7 @@ packages:
   eslint@8.57.0:
     resolution: {integrity: sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+    deprecated: This version is no longer supported. Please see https://eslint.org/version-support for other options.
     hasBin: true
 
   esm-env@1.0.0:
@@ -1339,6 +1376,10 @@ packages:
   function-bind@1.1.2:
     resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==}
 
+  generic-pool@3.9.0:
+    resolution: {integrity: sha512-hymDOu5B53XvN4QT9dBmZxPX4CWhBPPLguTZ9MMFeFa/Kg0xWVfylOVNlJji/E7yTZWFd/q9GO5TxDLq156D7g==}
+    engines: {node: '>= 4'}
+
   get-intrinsic@1.2.4:
     resolution: {integrity: sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==}
     engines: {node: '>= 0.4'}
@@ -1839,6 +1880,9 @@ packages:
     resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==}
     engines: {node: '>=8.10.0'}
 
+  redis@4.7.0:
+    resolution: {integrity: sha512-zvmkHEAdGMn+hMRXuMBtu4Vo5P6rHQjLoHftu+lBqq8ZTA3RCVC/WzD790bkKKiNFp7d5/9PcSD19fJyyRvOdQ==}
+
   resolve-from@4.0.0:
     resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
     engines: {node: '>=4'}
@@ -2289,6 +2333,9 @@ packages:
   wrappy@1.0.2:
     resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
 
+  yallist@4.0.0:
+    resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==}
+
   yocto-queue@0.1.0:
     resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
     engines: {node: '>=10'}
@@ -2549,6 +2596,38 @@ snapshots:
 
   '@polka/url@1.0.0-next.25': {}
 
+  '@redis/bloom@1.2.0(@redis/client@1.6.0)':
+    dependencies:
+      '@redis/client': 1.6.0
+    optional: true
+
+  '@redis/client@1.6.0':
+    dependencies:
+      cluster-key-slot: 1.1.2
+      generic-pool: 3.9.0
+      yallist: 4.0.0
+    optional: true
+
+  '@redis/graph@1.1.1(@redis/client@1.6.0)':
+    dependencies:
+      '@redis/client': 1.6.0
+    optional: true
+
+  '@redis/json@1.0.7(@redis/client@1.6.0)':
+    dependencies:
+      '@redis/client': 1.6.0
+    optional: true
+
+  '@redis/search@1.2.0(@redis/client@1.6.0)':
+    dependencies:
+      '@redis/client': 1.6.0
+    optional: true
+
+  '@redis/time-series@1.1.0(@redis/client@1.6.0)':
+    dependencies:
+      '@redis/client': 1.6.0
+    optional: true
+
   '@rollup/rollup-android-arm-eabi@4.24.0':
     optional: true
 
@@ -2902,6 +2981,9 @@ snapshots:
 
   clone@2.1.2: {}
 
+  cluster-key-slot@1.1.2:
+    optional: true
+
   code-red@1.0.4:
     dependencies:
       '@jridgewell/sourcemap-codec': 1.5.0
@@ -3371,6 +3453,9 @@ snapshots:
 
   function-bind@1.1.2: {}
 
+  generic-pool@3.9.0:
+    optional: true
+
   get-intrinsic@1.2.4:
     dependencies:
       es-errors: 1.3.0
@@ -3785,6 +3870,16 @@ snapshots:
     dependencies:
       picomatch: 2.3.1
 
+  redis@4.7.0:
+    dependencies:
+      '@redis/bloom': 1.2.0(@redis/client@1.6.0)
+      '@redis/client': 1.6.0
+      '@redis/graph': 1.1.1(@redis/client@1.6.0)
+      '@redis/json': 1.0.7(@redis/client@1.6.0)
+      '@redis/search': 1.2.0(@redis/client@1.6.0)
+      '@redis/time-series': 1.1.0(@redis/client@1.6.0)
+    optional: true
+
   resolve-from@4.0.0: {}
 
   resolve-from@5.0.0: {}
@@ -4206,6 +4301,9 @@ snapshots:
 
   wrappy@1.0.2: {}
 
+  yallist@4.0.0:
+    optional: true
+
   yocto-queue@0.1.0: {}
 
   youtubei.js@10.5.0:

From 18acad19b931418c343a14cf88656684827b0e02 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 19:06:46 +0000
Subject: [PATCH 131/379] api: implement redis/memory store for cache

---
 api/package.json              |  1 +
 api/src/store/base-store.js   | 39 +++++++++++++++++++
 api/src/store/memory-store.js | 72 +++++++++++++++++++++++++++++++++++
 api/src/store/redis-store.js  | 62 ++++++++++++++++++++++++++++++
 api/src/store/store.js        | 10 +++++
 pnpm-lock.yaml                | 15 ++++++++
 6 files changed, 199 insertions(+)
 create mode 100644 api/src/store/base-store.js
 create mode 100644 api/src/store/memory-store.js
 create mode 100644 api/src/store/redis-store.js
 create mode 100644 api/src/store/store.js

diff --git a/api/package.json b/api/package.json
index ef70f2e4..6867c37d 100644
--- a/api/package.json
+++ b/api/package.json
@@ -24,6 +24,7 @@
     },
     "homepage": "https://github.com/imputnet/cobalt#readme",
     "dependencies": {
+        "@datastructures-js/priority-queue": "^6.3.1",
         "@imput/version-info": "workspace:^",
         "content-disposition-header": "0.6.0",
         "cors": "^2.8.5",
diff --git a/api/src/store/base-store.js b/api/src/store/base-store.js
new file mode 100644
index 00000000..3f81d8d9
--- /dev/null
+++ b/api/src/store/base-store.js
@@ -0,0 +1,39 @@
+const _stores = new Set();
+
+export class Store {
+    id;
+
+    constructor(name) {
+        name = name.toUpperCase();
+
+        if (_stores.has(name))
+            throw `${name} store already exists`;
+        _stores.add(name);
+
+        this.id = name;
+    }
+
+    async _get(_key) { throw "needs implementation" }
+    async get(key) {
+        if (typeof key !== 'string') {
+            key = key.toString();
+        }
+
+        const val = await this._get(key);
+        if (val === null)
+            return null;
+
+        return val;
+    }
+
+    async _set(_key, _val, _exp_sec = -1) { throw "needs implementation" }
+    set(key, val, exp_sec = -1) {
+        if (typeof key !== 'string') {
+            key = key.toString();
+        }
+
+        exp_sec = Math.round(exp_sec);
+
+        return this._set(key, val, exp_sec);
+    }
+};
diff --git a/api/src/store/memory-store.js b/api/src/store/memory-store.js
new file mode 100644
index 00000000..07e94ec2
--- /dev/null
+++ b/api/src/store/memory-store.js
@@ -0,0 +1,72 @@
+import { MinPriorityQueue } from '@datastructures-js/priority-queue'
+import { Store } from './base-store.js';
+
+// minimum delay between sweeps to avoid repeatedly
+// sweeping entries close in proximity one by one.
+const MIN_THRESHOLD_MS = 2500;
+
+export default class MemoryStore extends Store {
+    #store = new Map();
+    #timeouts = new MinPriorityQueue/*<{ t: number, k: unknown }>*/((obj) => obj.t);
+    #nextSweep = { id: null, t: null };
+
+    constructor(name) {
+        super(name);
+    }
+
+    async _get(key) {
+        const val = this.#store.get(key);
+
+        return val === undefined ? null : val;
+    }
+
+    async _set(key, val, exp_sec = -1) {
+        if (this.#store.has(key)) {
+            this.#timeouts.remove(o => o.k === key);
+        }
+
+        if (exp_sec > 0) {
+            const exp = 1000 * exp_sec;
+            const timeout_at = +new Date() + exp;
+
+            this.#timeouts.enqueue({ k: key, t: timeout_at });
+        }
+
+        this.#store.set(key, val);
+        this.#reschedule();
+    }
+
+    #reschedule() {
+        const current_time = new Date().getTime();
+        const time = this.#timeouts.front()?.t;
+        if (!time) {
+            return;
+        } else if (time < current_time) {
+            return this.#sweepNow();
+        }
+
+        const sweep = this.#nextSweep;
+        if (sweep.id === null || sweep.t > time) {
+            if (sweep.id) {
+                clearTimeout(sweep.id);
+            }
+
+            sweep.t = time;
+            sweep.id = setTimeout(
+                () => this.#sweepNow(),
+                Math.max(MIN_THRESHOLD_MS, time - current_time)
+            );
+        }
+    }
+
+    #sweepNow() {
+        while (this.#timeouts.front()?.t < new Date().getTime()) {
+            const item = this.#timeouts.dequeue();
+            this.#store.delete(item.k);
+        }
+
+        this.#nextSweep.id = null;
+        this.#nextSweep.t = null;
+        this.#reschedule();
+    }
+}
diff --git a/api/src/store/redis-store.js b/api/src/store/redis-store.js
new file mode 100644
index 00000000..cce158e0
--- /dev/null
+++ b/api/src/store/redis-store.js
@@ -0,0 +1,62 @@
+import { commandOptions, createClient } from "redis";
+import { env } from "../config.js";
+import { Store } from "./base-store.js";
+
+export default class RedisStore extends Store {
+    #client = createClient({
+        url: env.redisURL,
+    });
+    #connected;
+
+    constructor(name) {
+        super(name);
+        this.#connected = this.#client.connect();
+    }
+
+    #keyOf(key) {
+        return this.id + '_' + key;
+    }
+
+    async _get(key) {
+        await this.#connected;
+
+        const data = await this.#client.hGetAll(
+            commandOptions({ returnBuffers: true }),
+            this.#keyOf(key)
+        );
+
+        if (!data.d) {
+            return null;
+        }
+
+        const type = data.t;
+        if (type && type[0] === 'b'.charCodeAt())
+            return data.d;
+        else
+            return JSON.parse(data.d);
+    }
+
+    async _set(key, val, exp_sec = -1) {
+        await this.#connected;
+
+        const out = { d: val };
+        if (val instanceof Buffer) {
+            out.t = 'b';
+        } else {
+            out.d = JSON.stringify(val);
+        }
+
+        await this.#client.hSet(
+            this.#keyOf(key),
+            out
+        );
+
+        if (exp_sec > 0) {
+            await this.#client.hExpire(
+                this.#keyOf(key),
+                Object.keys(out),
+                exp_sec
+            );
+        }
+    }
+}
diff --git a/api/src/store/store.js b/api/src/store/store.js
new file mode 100644
index 00000000..e268d88d
--- /dev/null
+++ b/api/src/store/store.js
@@ -0,0 +1,10 @@
+import { env } from '../config.js';
+
+let _export;
+if (env.redisURL) {
+    _export = await import('./redis-store.js');
+} else {
+    _export = await import('./memory-store.js');
+}
+
+export default _export.default;
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index d96b6642..3f095749 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -10,6 +10,9 @@ importers:
 
   api:
     dependencies:
+      '@datastructures-js/priority-queue':
+        specifier: ^6.3.1
+        version: 6.3.1
       '@imput/version-info':
         specifier: workspace:^
         version: link:../packages/version-info
@@ -188,6 +191,12 @@ packages:
   '@bufbuild/protobuf@2.1.0':
     resolution: {integrity: sha512-+2Mx67Y3skJ4NCD/qNSdBJNWtu6x6Qr53jeNg+QcwiL6mt0wK+3jwHH2x1p7xaYH6Ve2JKOVn0OxU35WsmqI9A==}
 
+  '@datastructures-js/heap@4.3.3':
+    resolution: {integrity: sha512-UcUu/DLh/aM4W3C8zZfwxxm6/6FIZUlm3mcAXuNOCa6Aj4iizNvNXQyb8DjZQH2jKSQbMRyNlngP6TPimuGjpQ==}
+
+  '@datastructures-js/priority-queue@6.3.1':
+    resolution: {integrity: sha512-eoxkWql/j0VJ0UFMFTpnyJz4KbEEVQ6aZ/JuJUgenu0Im4tYKylAycNGsYCHGXiVNEd7OKGVwfx1Ac3oYkuu7A==}
+
   '@derhuerst/http-basic@8.2.4':
     resolution: {integrity: sha512-F9rL9k9Xjf5blCz8HsJRO4diy111cayL2vkY2XE4r4t3n0yPXVYy3KD3nJ1qbrSn9743UWSXH4IwuCa/HWlGFw==}
     engines: {node: '>=6.0.0'}
@@ -2355,6 +2364,12 @@ snapshots:
 
   '@bufbuild/protobuf@2.1.0': {}
 
+  '@datastructures-js/heap@4.3.3': {}
+
+  '@datastructures-js/priority-queue@6.3.1':
+    dependencies:
+      '@datastructures-js/heap': 4.3.3
+
   '@derhuerst/http-basic@8.2.4':
     dependencies:
       caseless: 0.12.0

From 11314fb8d15ef7b2b90da51a43360e1aa8e02732 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 30 Oct 2024 19:21:45 +0000
Subject: [PATCH 132/379] api/store: implement has() method

---
 api/src/store/base-store.js   | 9 +++++++++
 api/src/store/memory-store.js | 4 ++++
 api/src/store/redis-store.js  | 6 ++++++
 3 files changed, 19 insertions(+)

diff --git a/api/src/store/base-store.js b/api/src/store/base-store.js
index 3f81d8d9..9938c852 100644
--- a/api/src/store/base-store.js
+++ b/api/src/store/base-store.js
@@ -13,6 +13,15 @@ export class Store {
         this.id = name;
     }
 
+    async _has(_key) { throw "needs implementation" }
+    has(key) {
+        if (typeof key !== 'string') {
+            key = key.toString();
+        }
+
+        return this._has(key);
+    }
+
     async _get(_key) { throw "needs implementation" }
     async get(key) {
         if (typeof key !== 'string') {
diff --git a/api/src/store/memory-store.js b/api/src/store/memory-store.js
index 07e94ec2..b30908d5 100644
--- a/api/src/store/memory-store.js
+++ b/api/src/store/memory-store.js
@@ -14,6 +14,10 @@ export default class MemoryStore extends Store {
         super(name);
     }
 
+    async _has(key) {
+        return this.#store.has(key);
+    }
+
     async _get(key) {
         const val = this.#store.get(key);
 
diff --git a/api/src/store/redis-store.js b/api/src/store/redis-store.js
index cce158e0..dc4e405e 100644
--- a/api/src/store/redis-store.js
+++ b/api/src/store/redis-store.js
@@ -17,6 +17,12 @@ export default class RedisStore extends Store {
         return this.id + '_' + key;
     }
 
+    async _has(key) {
+        await this.#connected;
+
+        return this.#client.hExists(key);
+    }
+
     async _get(key) {
         await this.#connected;
 

From 132255b00412f16cd12ffb825ab7d80a821692b8 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Thu, 31 Oct 2024 22:33:32 +0000
Subject: [PATCH 133/379] api/stream/manage: use cobalt Store for stream cache

---
 api/src/core/api.js      |  4 ++--
 api/src/stream/manage.js | 25 ++++++++++---------------
 2 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/api/src/core/api.js b/api/src/core/api.js
index 975e7da9..dc5c4ae1 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -257,7 +257,7 @@ export const runAPI = (express, app, __dirname) => {
         }
     })
 
-    app.get('/tunnel', apiTunnelLimiter, (req, res) => {
+    app.get('/tunnel', apiTunnelLimiter, async (req, res) => {
         const id = String(req.query.id);
         const exp = String(req.query.exp);
         const sig = String(req.query.sig);
@@ -276,7 +276,7 @@ export const runAPI = (express, app, __dirname) => {
             return res.status(200).end();
         }
 
-        const streamInfo = verifyStream(id, sig, exp, sec, iv);
+        const streamInfo = await verifyStream(id, sig, exp, sec, iv);
         if (!streamInfo?.service) {
             return res.status(streamInfo.status).end();
         }
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index 092232f6..2b03303c 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -1,4 +1,4 @@
-import NodeCache from "node-cache";
+import Store from "../store/store.js";
 
 import { nanoid } from "nanoid";
 import { randomBytes } from "crypto";
@@ -12,16 +12,7 @@ import { decryptStream, encryptStream, generateHmac } from "../misc/crypto.js";
 // optional dependency
 const freebind = env.freebindCIDR && await import('freebind').catch(() => {});
 
-const streamCache = new NodeCache({
-    stdTTL: env.streamLifespan,
-    checkperiod: 10,
-    deleteOnExpire: true,
-    useClones: false,
-})
-
-streamCache.on("expired", (key) => {
-    streamCache.del(key);
-})
+const streamCache = new Store('streams');
 
 const internalStreamCache = new Map();
 const hmacSalt = randomBytes(64).toString('hex');
@@ -51,10 +42,14 @@ export function createStream(obj) {
             isHLS: obj.isHLS || false,
         };
 
+    // FIXME: this is now a Promise, but it is not awaited
+    //        here. it may happen that the stream is not
+    //        stored in the Store before it is requested.
     streamCache.set(
         streamID,
-        encryptStream(streamData, iv, secret)
-    )
+        encryptStream(streamData, iv, secret),
+        env.streamLifespan
+    );
 
     let streamLink = new URL('/tunnel', env.apiURL);
 
@@ -150,10 +145,10 @@ function wrapStream(streamInfo) {
     return streamInfo;
 }
 
-export function verifyStream(id, hmac, exp, secret, iv) {
+export async function verifyStream(id, hmac, exp, secret, iv) {
     try {
         const ghmac = generateHmac(`${id},${exp},${iv},${secret}`, hmacSalt);
-        const cache = streamCache.get(id.toString());
+        const cache = await streamCache.get(id.toString());
 
         if (ghmac !== String(hmac)) return { status: 401 };
         if (!cache) return { status: 404 };

From 93e6344fc7ea73cf7e489bc0c5b8de71d424030a Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Thu, 31 Oct 2024 22:35:26 +0000
Subject: [PATCH 134/379] api/stream/manage: make itunnel port configurable

this allows us to bind internal streams to
a specific worker in the future
---
 api/src/config.js        | 3 +++
 api/src/stream/manage.js | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/api/src/config.js b/api/src/config.js
index e0c09afa..9d2df3c6 100644
--- a/api/src/config.js
+++ b/api/src/config.js
@@ -55,6 +55,9 @@ const env = {
 const genericUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36";
 const cobaltUserAgent = `cobalt/${version} (+https://github.com/imputnet/cobalt)`;
 
+export let tunnelPort = env.apiPort;
+export const setTunnelPort = (port) => tunnelPort = port;
+
 if (env.sessionEnabled && env.jwtSecret.length < 16) {
     throw new Error("JWT_SECRET env is too short (must be at least 16 characters long)");
 }
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index 2b03303c..12acf959 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -5,7 +5,7 @@ import { randomBytes } from "crypto";
 import { strict as assert } from "assert";
 import { setMaxListeners } from "node:events";
 
-import { env } from "../config.js";
+import { env, tunnelPort } from "../config.js";
 import { closeRequest } from "./shared.js";
 import { decryptStream, encryptStream, generateHmac } from "../misc/crypto.js";
 
@@ -102,7 +102,7 @@ export function createInternalStream(url, obj = {}) {
         isHLS: obj.isHLS,
     });
 
-    let streamLink = new URL('/itunnel', `http://127.0.0.1:${env.apiPort}`);
+    let streamLink = new URL('/itunnel', `http://127.0.0.1:${tunnelPort}`);
     streamLink.searchParams.set('id', streamID);
 
     const cleanup = () => {

From 2d6d406f4834ffe0f44a38e743468e4a4017c12d Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Thu, 31 Oct 2024 22:42:46 +0000
Subject: [PATCH 135/379] api/crypto: use buffers for salt directly instead of
 hex strings

---
 api/src/misc/crypto.js   | 2 +-
 api/src/stream/manage.js | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/misc/crypto.js b/api/src/misc/crypto.js
index 3a520156..70903d30 100644
--- a/api/src/misc/crypto.js
+++ b/api/src/misc/crypto.js
@@ -3,7 +3,7 @@ import { createHmac, createCipheriv, createDecipheriv, randomBytes } from "crypt
 const algorithm = "aes256";
 
 export function generateSalt() {
-    return randomBytes(64).toString('hex');
+    return randomBytes(64);
 }
 
 export function generateHmac(str, salt) {
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index 12acf959..50badce6 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -7,7 +7,7 @@ import { setMaxListeners } from "node:events";
 
 import { env, tunnelPort } from "../config.js";
 import { closeRequest } from "./shared.js";
-import { decryptStream, encryptStream, generateHmac } from "../misc/crypto.js";
+import { decryptStream, encryptStream, generateHmac, generateSalt } from "../misc/crypto.js";
 
 // optional dependency
 const freebind = env.freebindCIDR && await import('freebind').catch(() => {});
@@ -15,7 +15,7 @@ const freebind = env.freebindCIDR && await import('freebind').catch(() => {});
 const streamCache = new Store('streams');
 
 const internalStreamCache = new Map();
-const hmacSalt = randomBytes(64).toString('hex');
+const hmacSalt = generateSalt();
 
 export function createStream(obj) {
     const streamID = nanoid(),

From 40d6a02b61f061a8ef65702aa4012bb6b045daec Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Thu, 31 Oct 2024 22:59:06 +0000
Subject: [PATCH 136/379] api: cluster support

still missing synchronization for some structures
---
 api/src/cobalt.js        | 11 ++++++--
 api/src/config.js        | 12 +++++++-
 api/src/core/api.js      | 61 +++++++++++++++++++++++++++-------------
 api/src/misc/cluster.js  | 29 +++++++++++++++++++
 api/src/stream/manage.js | 24 ++++++++++++++--
 docs/run-an-instance.md  |  1 +
 6 files changed, 114 insertions(+), 24 deletions(-)
 create mode 100644 api/src/misc/cluster.js

diff --git a/api/src/cobalt.js b/api/src/cobalt.js
index 363930ba..4c4d3c4e 100644
--- a/api/src/cobalt.js
+++ b/api/src/cobalt.js
@@ -1,12 +1,14 @@
 import "dotenv/config";
 
 import express from "express";
+import cluster from "node:cluster";
 
 import path from "path";
 import { fileURLToPath } from "url";
 
-import { env } from "./config.js"
+import { env, isCluster } from "./config.js"
 import { Red } from "./misc/console-text.js";
+import { initCluster } from "./misc/cluster.js";
 
 const app = express();
 
@@ -17,7 +19,12 @@ app.disable("x-powered-by");
 
 if (env.apiURL) {
     const { runAPI } = await import("./core/api.js");
-    runAPI(express, app, __dirname)
+
+    if (cluster.isPrimary && isCluster) {
+        initCluster();
+    }
+
+    runAPI(express, app, __dirname, cluster.isPrimary);
 } else {
     console.log(
         Red("API_URL env variable is missing, cobalt api can't start.")
diff --git a/api/src/config.js b/api/src/config.js
index 9d2df3c6..899dfe49 100644
--- a/api/src/config.js
+++ b/api/src/config.js
@@ -1,5 +1,6 @@
 import { getVersion } from "@imput/version-info";
 import { services } from "./processing/service-config.js";
+import { supportsReusePort } from "./misc/cluster.js";
 
 const version = await getVersion();
 
@@ -46,7 +47,7 @@ const env = {
     apiKeyURL: process.env.API_KEY_URL && new URL(process.env.API_KEY_URL),
     authRequired: process.env.API_AUTH_REQUIRED === '1',
     redisURL: process.env.API_REDIS_URL,
-
+    instanceCount: (process.env.API_INSTANCE_COUNT && parseInt(process.env.API_INSTANCE_COUNT)) || 1,
     keyReloadInterval: 900,
 
     enabledServices,
@@ -57,9 +58,18 @@ const cobaltUserAgent = `cobalt/${version} (+https://github.com/imputnet/cobalt)
 
 export let tunnelPort = env.apiPort;
 export const setTunnelPort = (port) => tunnelPort = port;
+export const isCluster = env.instanceCount > 1;
 
 if (env.sessionEnabled && env.jwtSecret.length < 16) {
     throw new Error("JWT_SECRET env is too short (must be at least 16 characters long)");
+} else if (env.instanceCount > 1 && !env.redisURL) {
+    throw new Error("API_REDIS_URL is required when API_INSTANCE_COUNT is >= 2");
+} else if (env.instanceCount > 1 && !await supportsReusePort()) {
+    console.error('API_INSTANCE_COUNT is not supported in your environment. to use this env, your node.js');
+    console.error('version must be >= 23.1.0, and you must be running a recent enough version of linux');
+    console.error('(or other OS that supports it). for more info, see `reusePort` option on');
+    console.error('https://nodejs.org/api/net.html#serverlistenoptions-callback');
+    throw new Error('SO_REUSEPORT is not supported');
 }
 
 export {
diff --git a/api/src/core/api.js b/api/src/core/api.js
index dc5c4ae1..9ef0c691 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -1,4 +1,5 @@
 import cors from "cors";
+import http from "node:http";
 import rateLimit from "express-rate-limit";
 import { setGlobalDispatcher, ProxyAgent } from "undici";
 import { getCommit, getBranch, getRemote, getVersion } from "@imput/version-info";
@@ -7,9 +8,9 @@ import jwt from "../security/jwt.js";
 import stream from "../stream/stream.js";
 import match from "../processing/match.js";
 
-import { env } from "../config.js";
+import { env, setTunnelPort } from "../config.js";
 import { extract } from "../processing/url.js";
-import { Bright, Cyan } from "../misc/console-text.js";
+import { Green, Bright, Cyan } from "../misc/console-text.js";
 import { generateHmac, generateSalt } from "../misc/crypto.js";
 import { randomizeCiphers } from "../misc/randomize-ciphers.js";
 import { verifyTurnstileToken } from "../security/turnstile.js";
@@ -40,7 +41,7 @@ const fail = (res, code, context) => {
     res.status(status).json(body);
 }
 
-export const runAPI = (express, app, __dirname) => {
+export const runAPI = (express, app, __dirname, isPrimary = true) => {
     const startTime = new Date();
     const startTimestamp = startTime.getTime();
 
@@ -288,7 +289,7 @@ export const runAPI = (express, app, __dirname) => {
         return stream(res, streamInfo);
     })
 
-    app.get('/itunnel', (req, res) => {
+    const itunnelHandler = (req, res) => {
         if (!req.ip.endsWith('127.0.0.1')) {
             return res.sendStatus(403);
         }
@@ -308,7 +309,9 @@ export const runAPI = (express, app, __dirname) => {
         ]);
 
         return stream(res, { type: 'internal', ...streamInfo });
-    })
+    };
+
+    app.get('/itunnel', itunnelHandler);
 
     app.get('/', (_, res) => {
         res.type('json');
@@ -339,21 +342,27 @@ export const runAPI = (express, app, __dirname) => {
         setGlobalDispatcher(new ProxyAgent(env.externalProxy))
     }
 
-    app.listen(env.apiPort, env.listenAddress, () => {
-        console.log(`\n` +
-            Bright(Cyan("cobalt ")) + Bright("API ^ω⁠^") + "\n" +
+    http.createServer(app).listen({
+        port: env.apiPort,
+        host: env.listenAddress,
+        reusePort: env.instanceCount > 1 || undefined
+    }, () => {
+        if (isPrimary) {
+            console.log(`\n` +
+                Bright(Cyan("cobalt ")) + Bright("API ^ω⁠^") + "\n" +
 
-            "~~~~~~\n" +
-            Bright("version: ") + version + "\n" +
-            Bright("commit: ") + git.commit + "\n" +
-            Bright("branch: ") + git.branch + "\n" +
-            Bright("remote: ") + git.remote + "\n" +
-            Bright("start time: ") + startTime.toUTCString() + "\n" +
-            "~~~~~~\n" +
+                "~~~~~~\n" +
+                Bright("version: ") + version + "\n" +
+                Bright("commit: ") + git.commit + "\n" +
+                Bright("branch: ") + git.branch + "\n" +
+                Bright("remote: ") + git.remote + "\n" +
+                Bright("start time: ") + startTime.toUTCString() + "\n" +
+                "~~~~~~\n" +
 
-            Bright("url: ") + Bright(Cyan(env.apiURL)) + "\n" +
-            Bright("port: ") + env.apiPort + "\n"
-        );
+                Bright("url: ") + Bright(Cyan(env.apiURL)) + "\n" +
+                Bright("port: ") + env.apiPort + "\n"
+            );
+        }
 
         if (env.apiKeyURL) {
             APIKeys.setup(env.apiKeyURL);
@@ -362,5 +371,19 @@ export const runAPI = (express, app, __dirname) => {
         if (env.cookiePath) {
             Cookies.setup(env.cookiePath);
         }
-    })
+    });
+
+    if (!isPrimary) {
+        const istreamer = express();
+        istreamer.get('/itunnel', itunnelHandler);
+        const server = istreamer.listen({
+            port: 0,
+            host: '127.0.0.1',
+            exclusive: true
+        }, () => {
+            const { port } = server.address();
+            console.log(`${Green('[✓]')} cobalt sub-instance running on 127.0.0.1:${port}`);
+            setTunnelPort(port);
+        });
+    }
 }
diff --git a/api/src/misc/cluster.js b/api/src/misc/cluster.js
new file mode 100644
index 00000000..86ef604d
--- /dev/null
+++ b/api/src/misc/cluster.js
@@ -0,0 +1,29 @@
+import net from "node:net";
+import cluster from "node:cluster";
+import { isCluster } from "../config.js";
+
+export const supportsReusePort = async () => {
+    try {
+        await new Promise((resolve, reject) => {
+            const server = net.createServer().listen({ port: 0, reusePort: true });
+            server.on('listening', () => server.close(resolve));
+            server.on('error', (err) => (server.close(), reject(err)));
+        });
+
+        return true;
+    } catch {
+        return false;
+    }
+}
+
+export const initCluster = async () => {
+    const { getSalt } = await import("../stream/manage.js");
+    const salt = getSalt();
+
+    for (let i = 1; i < env.instanceCount; ++i) {
+        const worker = cluster.fork();
+        worker.once('message', () => {
+            worker.send({ salt });
+        });
+    }
+}
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index 50badce6..46fff483 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -4,8 +4,9 @@ import { nanoid } from "nanoid";
 import { randomBytes } from "crypto";
 import { strict as assert } from "assert";
 import { setMaxListeners } from "node:events";
+import cluster from "node:cluster";
 
-import { env, tunnelPort } from "../config.js";
+import { env, tunnelPort, isCluster } from "../config.js";
 import { closeRequest } from "./shared.js";
 import { decryptStream, encryptStream, generateHmac, generateSalt } from "../misc/crypto.js";
 
@@ -15,7 +16,26 @@ const freebind = env.freebindCIDR && await import('freebind').catch(() => {});
 const streamCache = new Store('streams');
 
 const internalStreamCache = new Map();
-const hmacSalt = generateSalt();
+let hmacSalt = cluster.isPrimary ? generateSalt() : null;
+let _saltRead = false;
+
+export const getSalt = () => {
+    if (!isCluster) throw "salt can only be read on multi-process instances";
+    if (!cluster.isPrimary) throw "only primary cluster can read salt";
+    if (_saltRead) throw "salt was already read";
+
+    _saltRead = true;
+    return hmacSalt;
+}
+
+if (cluster.isWorker) {
+    process.send({ ready: true });
+    process.once('message', (message) => {
+        if (message.salt && !hmacSalt) {
+            hmacSalt = message.salt;
+        }
+    });
+}
 
 export function createStream(obj) {
     const streamID = nanoid(),
diff --git a/docs/run-an-instance.md b/docs/run-an-instance.md
index f3fdc630..66a7d51d 100644
--- a/docs/run-an-instance.md
+++ b/docs/run-an-instance.md
@@ -78,6 +78,7 @@ sudo service nscd start
 | `API_KEY_URL`         | ➖        | `file://keys.json`      | the location of the api key database. for loading API keys, cobalt supports HTTP(S) urls, or local files by specifying a local path using the `file://` protocol. see the "api key file format" below for more details.  |
 | `API_AUTH_REQUIRED`   | ➖        | `1`                     | when set to `1`, the user always needs to be authenticated in some way before they can access the API (either via an api key or via turnstile, if enabled). |
 | `API_REDIS_URL`       | ➖        | `redis://localhost:6379` | when set, cobalt uses redis instead of internal memory for the tunnel cache. |
+| `API_INSTANCE_COUNT`  | ➖        | `2`                     | supported only on Linux and node.js `>=23.1.0`. when configured, cobalt will spawn multiple sub-instances amongst which requests will be balanced. |
 
 \* the higher the nice value, the lower the priority. [read more here](https://en.wikipedia.org/wiki/Nice_(Unix)).
 

From 66cb8d360dd88b3bd137e4fb1e3155e156d3f550 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 12:16:53 +0000
Subject: [PATCH 137/379] api: move hmac secrets to single file

---
 api/src/cobalt.js           |  2 +-
 api/src/core/api.js         | 11 ++++---
 api/src/misc/cluster.js     | 19 ++++++------
 api/src/misc/crypto.js      | 10 +------
 api/src/security/secrets.js | 58 +++++++++++++++++++++++++++++++++++++
 api/src/stream/manage.js    | 30 ++++---------------
 6 files changed, 79 insertions(+), 51 deletions(-)
 create mode 100644 api/src/security/secrets.js

diff --git a/api/src/cobalt.js b/api/src/cobalt.js
index 4c4d3c4e..d4396ca5 100644
--- a/api/src/cobalt.js
+++ b/api/src/cobalt.js
@@ -20,7 +20,7 @@ app.disable("x-powered-by");
 if (env.apiURL) {
     const { runAPI } = await import("./core/api.js");
 
-    if (cluster.isPrimary && isCluster) {
+    if (isCluster) {
         initCluster();
     }
 
diff --git a/api/src/core/api.js b/api/src/core/api.js
index 9ef0c691..2fa30cea 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -11,7 +11,7 @@ import match from "../processing/match.js";
 import { env, setTunnelPort } from "../config.js";
 import { extract } from "../processing/url.js";
 import { Green, Bright, Cyan } from "../misc/console-text.js";
-import { generateHmac, generateSalt } from "../misc/crypto.js";
+import { hashHmac } from "../security/secrets.js";
 import { randomizeCiphers } from "../misc/randomize-ciphers.js";
 import { verifyTurnstileToken } from "../security/turnstile.js";
 import { friendlyServiceName } from "../processing/service-alias.js";
@@ -30,7 +30,6 @@ const version = await getVersion();
 
 const acceptRegex = /^application\/json(; charset=utf-8)?$/;
 
-const ipSalt = generateSalt();
 const corsConfig = env.corsWildcard ? {} : {
     origin: env.corsURL,
     optionsSuccessStatus: 200
@@ -74,7 +73,7 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
         max: 10,
         standardHeaders: true,
         legacyHeaders: false,
-        keyGenerator: req => generateHmac(getIP(req), ipSalt),
+        keyGenerator: req => hashHmac(getIP(req), 'rate'),
         handler: handleRateExceeded
     });
 
@@ -83,7 +82,7 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
         max: (req) => req.rateLimitMax || env.rateLimitMax,
         standardHeaders: true,
         legacyHeaders: false,
-        keyGenerator: req => req.rateLimitKey || generateHmac(getIP(req), ipSalt),
+        keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
         handler: handleRateExceeded
     })
 
@@ -92,7 +91,7 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
         max: (req) => req.rateLimitMax || env.rateLimitMax,
         standardHeaders: true,
         legacyHeaders: false,
-        keyGenerator: req => req.rateLimitKey || generateHmac(getIP(req), ipSalt),
+        keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
         handler: (req, res) => {
             return res.sendStatus(429)
         }
@@ -172,7 +171,7 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
                 return fail(res, "error.api.auth.jwt.invalid");
             }
 
-            req.rateLimitKey = generateHmac(token, ipSalt);
+            req.rateLimitKey = hashHmac(token, 'rate');
         } catch {
             return fail(res, "error.api.generic");
         }
diff --git a/api/src/misc/cluster.js b/api/src/misc/cluster.js
index 86ef604d..145c5588 100644
--- a/api/src/misc/cluster.js
+++ b/api/src/misc/cluster.js
@@ -1,6 +1,7 @@
-import net from "node:net";
 import cluster from "node:cluster";
-import { isCluster } from "../config.js";
+import net from "node:net";
+import { syncSecrets } from "../security/secrets.js";
+import { env } from "../config.js";
 
 export const supportsReusePort = async () => {
     try {
@@ -17,13 +18,11 @@ export const supportsReusePort = async () => {
 }
 
 export const initCluster = async () => {
-    const { getSalt } = await import("../stream/manage.js");
-    const salt = getSalt();
-
-    for (let i = 1; i < env.instanceCount; ++i) {
-        const worker = cluster.fork();
-        worker.once('message', () => {
-            worker.send({ salt });
-        });
+    if (cluster.isPrimary) {
+        for (let i = 1; i < env.instanceCount; ++i) {
+            cluster.fork();
+        }
     }
+
+    await syncSecrets();
 }
diff --git a/api/src/misc/crypto.js b/api/src/misc/crypto.js
index 70903d30..e0f8858b 100644
--- a/api/src/misc/crypto.js
+++ b/api/src/misc/crypto.js
@@ -1,15 +1,7 @@
-import { createHmac, createCipheriv, createDecipheriv, randomBytes } from "crypto";
+import { createCipheriv, createDecipheriv } from "crypto";
 
 const algorithm = "aes256";
 
-export function generateSalt() {
-    return randomBytes(64);
-}
-
-export function generateHmac(str, salt) {
-    return createHmac("sha256", salt).update(str).digest("base64url");
-}
-
 export function encryptStream(plaintext, iv, secret) {
     const buff = Buffer.from(JSON.stringify(plaintext));
     const key = Buffer.from(secret, "base64url");
diff --git a/api/src/security/secrets.js b/api/src/security/secrets.js
new file mode 100644
index 00000000..2973043b
--- /dev/null
+++ b/api/src/security/secrets.js
@@ -0,0 +1,58 @@
+import cluster from "node:cluster";
+import { createHmac, randomBytes } from "node:crypto";
+
+const generateSalt = () => {
+    if (cluster.isPrimary)
+        return randomBytes(64);
+
+    return null;
+}
+
+let rateSalt = generateSalt();
+let streamSalt = generateSalt();
+
+export const syncSecrets = () => {
+    return new Promise((resolve, reject) => {
+        if (cluster.isPrimary) {
+            let remaining = Object.values(cluster.workers).length;
+
+            for (const worker of Object.values(cluster.workers)) {
+                worker.once('message', (m) => {
+                    if (m.ready)
+                        worker.send({ rateSalt, streamSalt });
+
+                    if (!--remaining)
+                        resolve();
+                });
+            }
+        } else if (cluster.isWorker) {
+            if (rateSalt || streamSalt)
+                return reject();
+
+            process.send({ ready: true });
+            process.once('message', (message) => {
+                if (rateSalt || streamSalt)
+                    return reject();
+
+                if (message.rateSalt && message.streamSalt) {
+                    streamSalt = Buffer.from(message.streamSalt);
+                    rateSalt = Buffer.from(message.rateSalt);
+                    resolve();
+                }
+            });
+        } else reject();
+    });
+}
+
+
+export const hashHmac = (value, type) => {
+    let salt;
+    if (type === 'rate')
+        salt = rateSalt;
+    else if (type === 'stream')
+        salt = streamSalt;
+    else
+        throw "unknown salt";
+
+    return createHmac("sha256", salt).update(value).digest();
+}
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index 46fff483..fc6ffe2d 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -4,11 +4,11 @@ import { nanoid } from "nanoid";
 import { randomBytes } from "crypto";
 import { strict as assert } from "assert";
 import { setMaxListeners } from "node:events";
-import cluster from "node:cluster";
 
-import { env, tunnelPort, isCluster } from "../config.js";
+import { env, tunnelPort } from "../config.js";
 import { closeRequest } from "./shared.js";
-import { decryptStream, encryptStream, generateHmac, generateSalt } from "../misc/crypto.js";
+import { decryptStream, encryptStream } from "../misc/crypto.js";
+import { hashHmac } from "../security/secrets.js";
 
 // optional dependency
 const freebind = env.freebindCIDR && await import('freebind').catch(() => {});
@@ -16,33 +16,13 @@ const freebind = env.freebindCIDR && await import('freebind').catch(() => {});
 const streamCache = new Store('streams');
 
 const internalStreamCache = new Map();
-let hmacSalt = cluster.isPrimary ? generateSalt() : null;
-let _saltRead = false;
-
-export const getSalt = () => {
-    if (!isCluster) throw "salt can only be read on multi-process instances";
-    if (!cluster.isPrimary) throw "only primary cluster can read salt";
-    if (_saltRead) throw "salt was already read";
-
-    _saltRead = true;
-    return hmacSalt;
-}
-
-if (cluster.isWorker) {
-    process.send({ ready: true });
-    process.once('message', (message) => {
-        if (message.salt && !hmacSalt) {
-            hmacSalt = message.salt;
-        }
-    });
-}
 
 export function createStream(obj) {
     const streamID = nanoid(),
         iv = randomBytes(16).toString('base64url'),
         secret = randomBytes(32).toString('base64url'),
         exp = new Date().getTime() + env.streamLifespan * 1000,
-        hmac = generateHmac(`${streamID},${exp},${iv},${secret}`, hmacSalt),
+        hmac = hashHmac(`${streamID},${exp},${iv},${secret}`, 'stream').toString('base64url'),
         streamData = {
             exp: exp,
             type: obj.type,
@@ -167,7 +147,7 @@ function wrapStream(streamInfo) {
 
 export async function verifyStream(id, hmac, exp, secret, iv) {
     try {
-        const ghmac = generateHmac(`${id},${exp},${iv},${secret}`, hmacSalt);
+        const ghmac = hashHmac(`${id},${exp},${iv},${secret}`, 'stream').toString('base64url');
         const cache = await streamCache.get(id.toString());
 
         if (ghmac !== String(hmac)) return { status: 401 };

From 693204b799d9d673bd3dd31e737e65c92fa41772 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 12:20:01 +0000
Subject: [PATCH 138/379] api/store: use basic strings instead of hashes for
 keys

---
 api/src/store/redis-store.js | 40 ++++++++++++++++--------------------
 1 file changed, 18 insertions(+), 22 deletions(-)

diff --git a/api/src/store/redis-store.js b/api/src/store/redis-store.js
index dc4e405e..0b359526 100644
--- a/api/src/store/redis-store.js
+++ b/api/src/store/redis-store.js
@@ -26,43 +26,39 @@ export default class RedisStore extends Store {
     async _get(key) {
         await this.#connected;
 
-        const data = await this.#client.hGetAll(
+        const valueType = await this.#client.get(this.#keyOf(key) + '_t');
+        const value = await this.#client.get(
             commandOptions({ returnBuffers: true }),
             this.#keyOf(key)
         );
 
-        if (!data.d) {
+        if (!value) {
             return null;
         }
 
-        const type = data.t;
-        if (type && type[0] === 'b'.charCodeAt())
-            return data.d;
+        if (valueType === 'b')
+            return value;
         else
-            return JSON.parse(data.d);
+            return JSON.parse(value);
     }
 
     async _set(key, val, exp_sec = -1) {
         await this.#connected;
 
-        const out = { d: val };
+        const options = exp_sec > 0 ? { EX: exp_sec } : undefined;
+
         if (val instanceof Buffer) {
-            out.t = 'b';
-        } else {
-            out.d = JSON.stringify(val);
-        }
-
-        await this.#client.hSet(
-            this.#keyOf(key),
-            out
-        );
-
-        if (exp_sec > 0) {
-            await this.#client.hExpire(
-                this.#keyOf(key),
-                Object.keys(out),
-                exp_sec
+            await this.#client.set(
+                this.#keyOf(key) + '_t',
+                'b',
+                options
             );
         }
+
+        await this.#client.set(
+            this.#keyOf(key),
+            val,
+            options
+        );
     }
 }

From d466f8a4af41deda5b2f0616b94c9464db6336ea Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 12:54:16 +0000
Subject: [PATCH 139/379] api: upgrade express-rate-limit to v7, reuse key
 generator

---
 api/package.json    |  2 +-
 api/src/core/api.js | 22 ++++++++++++----------
 pnpm-lock.yaml      | 14 +++++++-------
 3 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/api/package.json b/api/package.json
index 6867c37d..3a104158 100644
--- a/api/package.json
+++ b/api/package.json
@@ -31,7 +31,7 @@
         "dotenv": "^16.0.1",
         "esbuild": "^0.14.51",
         "express": "^4.21.0",
-        "express-rate-limit": "^6.3.0",
+        "express-rate-limit": "^7.4.1",
         "ffmpeg-static": "^5.1.0",
         "hls-parser": "^0.10.7",
         "ipaddr.js": "2.2.0",
diff --git a/api/src/core/api.js b/api/src/core/api.js
index 2fa30cea..1d4370e9 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -68,31 +68,33 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
         return res.status(status).json(body);
     };
 
+    const keyGenerator = (req) => hashHmac(getIP(req), 'rate').toString('base64url');
+
     const sessionLimiter = rateLimit({
         windowMs: 60000,
-        max: 10,
-        standardHeaders: true,
+        limit: 10,
+        standardHeaders: 'draft-6',
         legacyHeaders: false,
-        keyGenerator: req => hashHmac(getIP(req), 'rate'),
+        keyGenerator,
         handler: handleRateExceeded
     });
 
     const apiLimiter = rateLimit({
         windowMs: env.rateLimitWindow * 1000,
-        max: (req) => req.rateLimitMax || env.rateLimitMax,
-        standardHeaders: true,
+        limit: (req) => req.rateLimitMax || env.rateLimitMax,
+        standardHeaders: 'draft-6',
         legacyHeaders: false,
-        keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
+        keyGenerator: req => req.rateLimitKey || keyGenerator(req),
         handler: handleRateExceeded
     })
 
     const apiTunnelLimiter = rateLimit({
         windowMs: env.rateLimitWindow * 1000,
-        max: (req) => req.rateLimitMax || env.rateLimitMax,
-        standardHeaders: true,
+        limit: (req) => req.rateLimitMax || env.rateLimitMax,
+        standardHeaders: 'draft-6',
         legacyHeaders: false,
-        keyGenerator: req => req.rateLimitKey || hashHmac(getIP(req), 'rate'),
-        handler: (req, res) => {
+        keyGenerator: req => req.rateLimitKey || keyGenerator(req),
+        handler: (_, res) => {
             return res.sendStatus(429)
         }
     })
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 3f095749..9283338a 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -32,8 +32,8 @@ importers:
         specifier: ^4.21.0
         version: 4.21.0
       express-rate-limit:
-        specifier: ^6.3.0
-        version: 6.11.2(express@4.21.0)
+        specifier: ^7.4.1
+        version: 7.4.1(express@4.21.0)
       ffmpeg-static:
         specifier: ^5.1.0
         version: 5.2.0
@@ -1298,11 +1298,11 @@ packages:
     resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==}
     engines: {node: '>=10'}
 
-  express-rate-limit@6.11.2:
-    resolution: {integrity: sha512-a7uwwfNTh1U60ssiIkuLFWHt4hAC5yxlLGU2VP0X4YNlyEDZAqF4tK3GD3NSitVBrCQmQ0++0uOyFOgC2y4DDw==}
-    engines: {node: '>= 14'}
+  express-rate-limit@7.4.1:
+    resolution: {integrity: sha512-KS3efpnpIDVIXopMc65EMbWbUht7qvTCdtCR2dD/IZmi9MIkopYESwyRqLgv8Pfu589+KqDqOdzJWW7AHoACeg==}
+    engines: {node: '>= 16'}
     peerDependencies:
-      express: ^4 || ^5
+      express: 4 || 5 || ^5.0.0-beta.1
 
   express@4.21.0:
     resolution: {integrity: sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==}
@@ -3341,7 +3341,7 @@ snapshots:
       signal-exit: 3.0.7
       strip-final-newline: 2.0.0
 
-  express-rate-limit@6.11.2(express@4.21.0):
+  express-rate-limit@7.4.1(express@4.21.0):
     dependencies:
       express: 4.21.0
 

From 2317da5ba542f64a910897f9ef49b91f7998efdb Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 13:26:18 +0000
Subject: [PATCH 140/379] api: add support for redis to ratelimiter cache

---
 api/package.json                 |  1 +
 api/src/core/api.js              |  6 +++++-
 api/src/store/redis-ratelimit.js | 19 +++++++++++++++++++
 pnpm-lock.yaml                   | 14 ++++++++++++++
 4 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 api/src/store/redis-ratelimit.js

diff --git a/api/package.json b/api/package.json
index 3a104158..da4d7c4c 100644
--- a/api/package.json
+++ b/api/package.json
@@ -46,6 +46,7 @@
     },
     "optionalDependencies": {
         "freebind": "^0.2.2",
+        "rate-limit-redis": "^4.2.0",
         "redis": "^4.7.0"
     }
 }
diff --git a/api/src/core/api.js b/api/src/core/api.js
index 1d4370e9..5ea75c37 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -12,6 +12,7 @@ import { env, setTunnelPort } from "../config.js";
 import { extract } from "../processing/url.js";
 import { Green, Bright, Cyan } from "../misc/console-text.js";
 import { hashHmac } from "../security/secrets.js";
+import { createStore } from "../store/redis-ratelimit.js";
 import { randomizeCiphers } from "../misc/randomize-ciphers.js";
 import { verifyTurnstileToken } from "../security/turnstile.js";
 import { friendlyServiceName } from "../processing/service-alias.js";
@@ -40,7 +41,7 @@ const fail = (res, code, context) => {
     res.status(status).json(body);
 }
 
-export const runAPI = (express, app, __dirname, isPrimary = true) => {
+export const runAPI = async (express, app, __dirname, isPrimary = true) => {
     const startTime = new Date();
     const startTimestamp = startTime.getTime();
 
@@ -76,6 +77,7 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
         standardHeaders: 'draft-6',
         legacyHeaders: false,
         keyGenerator,
+        store: await createStore('session'),
         handler: handleRateExceeded
     });
 
@@ -85,6 +87,7 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
         standardHeaders: 'draft-6',
         legacyHeaders: false,
         keyGenerator: req => req.rateLimitKey || keyGenerator(req),
+        store: await createStore('api'),
         handler: handleRateExceeded
     })
 
@@ -94,6 +97,7 @@ export const runAPI = (express, app, __dirname, isPrimary = true) => {
         standardHeaders: 'draft-6',
         legacyHeaders: false,
         keyGenerator: req => req.rateLimitKey || keyGenerator(req),
+        store: await createStore('tunnel'),
         handler: (_, res) => {
             return res.sendStatus(429)
         }
diff --git a/api/src/store/redis-ratelimit.js b/api/src/store/redis-ratelimit.js
new file mode 100644
index 00000000..64d11e5e
--- /dev/null
+++ b/api/src/store/redis-ratelimit.js
@@ -0,0 +1,19 @@
+import { env } from "../config.js";
+
+let client, redis, redisLimiter;
+
+export const createStore = async (name) => {
+    if (!env.redisURL) return;
+
+    if (!client) {
+        redis = await import('redis');
+        redisLimiter = await import('rate-limit-redis');
+        client = redis.createClient({ url: env.redisURL });
+        await client.connect();
+    }
+
+    return new redisLimiter.default({
+        prefix: `RL${name}_`,
+        sendCommand: (...args) => client.sendCommand(args),
+    });
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 9283338a..b36f1ff5 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -71,6 +71,9 @@ importers:
       freebind:
         specifier: ^0.2.2
         version: 0.2.2
+      rate-limit-redis:
+        specifier: ^4.2.0
+        version: 4.2.0(express-rate-limit@7.4.1(express@4.21.0))
       redis:
         specifier: ^4.7.0
         version: 4.7.0
@@ -1877,6 +1880,12 @@ packages:
     resolution: {integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==}
     engines: {node: '>= 0.6'}
 
+  rate-limit-redis@4.2.0:
+    resolution: {integrity: sha512-wV450NQyKC24NmPosJb2131RoczLdfIJdKCReNwtVpm5998U8SgKrAZrIHaN/NfQgqOHaan8Uq++B4sa5REwjA==}
+    engines: {node: '>= 16'}
+    peerDependencies:
+      express-rate-limit: '>= 6'
+
   raw-body@2.5.2:
     resolution: {integrity: sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==}
     engines: {node: '>= 0.8'}
@@ -3868,6 +3877,11 @@ snapshots:
 
   range-parser@1.2.1: {}
 
+  rate-limit-redis@4.2.0(express-rate-limit@7.4.1(express@4.21.0)):
+    dependencies:
+      express-rate-limit: 7.4.1(express@4.21.0)
+    optional: true
+
   raw-body@2.5.2:
     dependencies:
       bytes: 3.1.2

From 3f505f6520c652c3bd00528bfd7e0b62152bbc07 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 13:30:32 +0000
Subject: [PATCH 141/379] api: wait for cluster to finish preparing

---
 api/src/cobalt.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/cobalt.js b/api/src/cobalt.js
index d4396ca5..5cac208d 100644
--- a/api/src/cobalt.js
+++ b/api/src/cobalt.js
@@ -21,7 +21,7 @@ if (env.apiURL) {
     const { runAPI } = await import("./core/api.js");
 
     if (isCluster) {
-        initCluster();
+       await initCluster();
     }
 
     runAPI(express, app, __dirname, cluster.isPrimary);

From 48883486fa315536616528e9478915c529e283e9 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 13:57:53 +0000
Subject: [PATCH 142/379] api/api-keys: load keys once per cluster

---
 api/src/security/api-keys.js | 30 +++++++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/api/src/security/api-keys.js b/api/src/security/api-keys.js
index bbb00194..5005d64d 100644
--- a/api/src/security/api-keys.js
+++ b/api/src/security/api-keys.js
@@ -1,6 +1,7 @@
-import { env } from "../config.js";
+import { env, isCluster } from "../config.js";
 import { readFile } from "node:fs/promises";
 import { Green, Yellow } from "../misc/console-text.js";
+import cluster from "node:cluster";
 import ip from "ipaddr.js";
 
 // this function is a modified variation of code
@@ -131,7 +132,18 @@ const loadKeys = async (source) => {
     }
 
     validateKeys(updated);
-    keys = formatKeys(updated);
+
+    if (isCluster && cluster.workers) {
+        for (const worker of Object.values(cluster.workers)) {
+            worker.send({ api_keys: updated });
+        }
+    }
+
+    updateKeys(updated);
+}
+
+const updateKeys = (newKeys) => {
+    keys = formatKeys(newKeys);
 }
 
 const wrapLoad = (url, initial = false) => {
@@ -204,8 +216,16 @@ export const validateAuthorization = (req) => {
 }
 
 export const setup = (url) => {
-    wrapLoad(url, true);
-    if (env.keyReloadInterval > 0) {
-        setInterval(() => wrapLoad(url), env.keyReloadInterval * 1000);
+    if (cluster.isPrimary) {
+        wrapLoad(url, true);
+        if (env.keyReloadInterval > 0) {
+            setInterval(() => wrapLoad(url), env.keyReloadInterval * 1000);
+        }
+    } else if (cluster.isWorker) {
+        process.on('message', (message) => {
+            if ('api_keys' in message) {
+                updateKeys(message.api_keys);
+            }
+        });
     }
 }

From 2351cf74f4471471e84f99912d30021462496597 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 14:05:18 +0000
Subject: [PATCH 143/379] api/cookie: formatting

---
 api/src/processing/cookie/cookie.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/api/src/processing/cookie/cookie.js b/api/src/processing/cookie/cookie.js
index 6dd95fc3..5a3f6dcd 100644
--- a/api/src/processing/cookie/cookie.js
+++ b/api/src/processing/cookie/cookie.js
@@ -6,14 +6,17 @@ export default class Cookie {
         this._values = {};
         this.set(input)
     }
+
     set(values) {
         Object.entries(values).forEach(
             ([ key, value ]) => this._values[key] = value
         )
     }
+
     unset(keys) {
         for (const key of keys) delete this._values[key]
     }
+
     static fromString(str) {
         const obj = {};
 
@@ -25,12 +28,15 @@ export default class Cookie {
 
         return new Cookie(obj)
     }
+
     toString() {
         return Object.entries(this._values).map(([ name, value ]) => `${name}=${value}`).join('; ')
     }
+
     toJSON() {
         return this.toString()
     }
+
     values() {
         return Object.freeze({ ...this._values })
     }

From 1c78dac7ed1394a7a429da1b5c5c8809ed267e62 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 14:49:52 +0000
Subject: [PATCH 144/379] api/cluster: implement broadcast helper

---
 api/src/misc/cluster.js      | 14 +++++++++++++-
 api/src/security/api-keys.js | 10 +++-------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/api/src/misc/cluster.js b/api/src/misc/cluster.js
index 145c5588..ea43aaa9 100644
--- a/api/src/misc/cluster.js
+++ b/api/src/misc/cluster.js
@@ -1,7 +1,9 @@
 import cluster from "node:cluster";
 import net from "node:net";
 import { syncSecrets } from "../security/secrets.js";
-import { env } from "../config.js";
+import { env, isCluster } from "../config.js";
+
+export { isPrimary, isWorker } from "node:cluster";
 
 export const supportsReusePort = async () => {
     try {
@@ -26,3 +28,13 @@ export const initCluster = async () => {
 
     await syncSecrets();
 }
+
+export const broadcast = (message) => {
+    if (!isCluster || !cluster.isPrimary || !cluster.workers) {
+        return;
+    }
+
+    for (const worker of Object.values(cluster.workers)) {
+        worker.send(message);
+    }
+}
diff --git a/api/src/security/api-keys.js b/api/src/security/api-keys.js
index 5005d64d..0e24c48d 100644
--- a/api/src/security/api-keys.js
+++ b/api/src/security/api-keys.js
@@ -1,8 +1,8 @@
-import { env, isCluster } from "../config.js";
+import { env } from "../config.js";
 import { readFile } from "node:fs/promises";
 import { Green, Yellow } from "../misc/console-text.js";
-import cluster from "node:cluster";
 import ip from "ipaddr.js";
+import * as cluster from "../misc/cluster.js";
 
 // this function is a modified variation of code
 // from https://stackoverflow.com/a/32402438/14855621
@@ -133,11 +133,7 @@ const loadKeys = async (source) => {
 
     validateKeys(updated);
 
-    if (isCluster && cluster.workers) {
-        for (const worker of Object.values(cluster.workers)) {
-            worker.send({ api_keys: updated });
-        }
-    }
+    cluster.broadcast({ api_keys: updated });
 
     updateKeys(updated);
 }

From f098da870c3414c31be05cfbddc6db973ef87467 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 14:55:00 +0000
Subject: [PATCH 145/379] api/cookie: pick cookie at random instead of
 round-robin

---
 api/src/processing/cookie/manager.js | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 02eecfda..eb25adbb 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -4,9 +4,7 @@ import { readFile, writeFile } from 'fs/promises';
 import { Green, Yellow } from '../../misc/console-text.js';
 import { parse as parseSetCookie, splitCookiesString } from 'set-cookie-parser';
 
-const WRITE_INTERVAL = 60000,
-      COUNTER = Symbol('counter');
-
+const WRITE_INTERVAL = 60000;
 let cookies = {}, dirty = false, intervalId;
 
 function writeChanges(cookiePath) {
@@ -33,18 +31,14 @@ export const setup = async (cookiePath) => {
 export function getCookie(service) {
     if (!cookies[service] || !cookies[service].length) return;
 
-    let n;
-    if (cookies[service][COUNTER] === undefined) {
-        n = cookies[service][COUNTER] = 0
-    } else {
-        ++cookies[service][COUNTER]
-        n = (cookies[service][COUNTER] %= cookies[service].length)
+    const idx = Math.floor(Math.random() * cookies[service].length);
+
+    const cookie = cookies[service][idx];
+    if (typeof cookie === 'string') {
+        cookies[service][idx] = Cookie.fromString(cookie);
     }
 
-    const cookie = cookies[service][n];
-    if (typeof cookie === 'string') cookies[service][n] = Cookie.fromString(cookie);
-
-    return cookies[service][n]
+    return cookies[service][idx];
 }
 
 export function updateCookieValues(cookie, values) {

From 42ec28a642a600120f76863869813b19f2473c93 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 14:58:04 +0000
Subject: [PATCH 146/379] api/cookie: update cookies value-by-value in manager

---
 api/src/processing/cookie/cookie.js  | 15 ++++++++++-----
 api/src/processing/cookie/manager.js | 13 +++++++++++--
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/api/src/processing/cookie/cookie.js b/api/src/processing/cookie/cookie.js
index 5a3f6dcd..1d9636d5 100644
--- a/api/src/processing/cookie/cookie.js
+++ b/api/src/processing/cookie/cookie.js
@@ -4,13 +4,18 @@ export default class Cookie {
     constructor(input) {
         assert(typeof input === 'object');
         this._values = {};
-        this.set(input)
+
+        for (const [ k, v ] of Object.entries(input))
+            this.set(k, v);
     }
 
-    set(values) {
-        Object.entries(values).forEach(
-            ([ key, value ]) => this._values[key] = value
-        )
+    set(key, value) {
+        const old = this._values[key];
+        if (old === value)
+            return false;
+
+        this._values[key] = value;
+        return true;
     }
 
     unset(keys) {
diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index eb25adbb..074d0045 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -42,8 +42,17 @@ export function getCookie(service) {
 }
 
 export function updateCookieValues(cookie, values) {
-    cookie.set(values);
-    if (Object.keys(values).length) dirty = true
+    let changed = false;
+
+    for (const [ key, value ] of Object.entries(values)) {
+        changed ||= cookie.set(key, value);
+    }
+
+    if (changed) {
+        dirty = true;
+    }
+
+    return changed;
 }
 
 export function updateCookie(cookie, headers) {

From d48cc8fc07cd8f3cddae2f6ef2306ee1b2c779bc Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 16:43:01 +0000
Subject: [PATCH 147/379] api/cookie: implement cluster synchronization

---
 api/src/misc/cluster.js              | 31 ++++++++++++++++++
 api/src/processing/cookie/manager.js | 49 ++++++++++++++++++++++++++--
 2 files changed, 78 insertions(+), 2 deletions(-)

diff --git a/api/src/misc/cluster.js b/api/src/misc/cluster.js
index ea43aaa9..56664d15 100644
--- a/api/src/misc/cluster.js
+++ b/api/src/misc/cluster.js
@@ -38,3 +38,34 @@ export const broadcast = (message) => {
         worker.send(message);
     }
 }
+
+export const send = (message) => {
+    if (!isCluster) {
+        return;
+    }
+
+    if (cluster.isPrimary) {
+        return broadcast(message);
+    } else {
+        return process.send(message);
+    }
+}
+
+export const waitFor = (key) => {
+    return new Promise(resolve => {
+        const listener = (message) => {
+            if (key in message) {
+                process.off('message', listener);
+                return resolve(message);
+            }
+        }
+
+        process.on('message', listener);
+    });
+}
+
+export const mainOnMessage = (cb) => {
+    for (const worker of Object.values(cluster.workers)) {
+        worker.on('message', cb);
+    }
+}
diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 074d0045..5ea3f6ca 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -3,6 +3,8 @@ import Cookie from './cookie.js';
 import { readFile, writeFile } from 'fs/promises';
 import { Green, Yellow } from '../../misc/console-text.js';
 import { parse as parseSetCookie, splitCookiesString } from 'set-cookie-parser';
+import * as cluster from '../../misc/cluster.js';
+import { isCluster } from '../../config.js';
 
 const WRITE_INTERVAL = 60000;
 let cookies = {}, dirty = false, intervalId;
@@ -16,18 +18,55 @@ function writeChanges(cookiePath) {
     })
 }
 
-export const setup = async (cookiePath) => {
+const setupMain = async (cookiePath) => {
     try {
         cookies = await readFile(cookiePath, 'utf8');
         cookies = JSON.parse(cookies);
         intervalId = setInterval(() => writeChanges(cookiePath), WRITE_INTERVAL);
-        console.log(`${Green('[✓]')} cookies loaded successfully!`)
+
+        cluster.broadcast({ cookies });
+
+        console.log(`${Green('[✓]')} cookies loaded successfully!`);
     } catch(e) {
         console.error(`${Yellow('[!]')} failed to load cookies.`);
         console.error('error:', e);
     }
 }
 
+const setupWorker = async () => {
+    cookies = (await cluster.waitFor('cookies')).cookies;
+}
+
+export const setup = async (cookiePath) => {
+    if (cluster.isPrimary) {
+        await setupMain(cookiePath);
+    } else if (cluster.isWorker) {
+        await setupWorker();
+    }
+
+    if (isCluster) {
+        const messageHandler = (message) => {
+            if ('cookieUpdate' in message) {
+                const { cookieUpdate } = message;
+
+                if (cluster.isPrimary) {
+                    dirty = true;
+                    cluster.broadcast({ cookieUpdate });
+                }
+
+                const { service, idx, cookie } = cookieUpdate;
+                cookies[service][idx] = cookie;
+            }
+        }
+
+        if (cluster.isPrimary) {
+            cluster.mainOnMessage(messageHandler);
+        } else {
+            process.on('message', messageHandler);
+        }
+    }
+}
+
 export function getCookie(service) {
     if (!cookies[service] || !cookies[service].length) return;
 
@@ -38,6 +77,7 @@ export function getCookie(service) {
         cookies[service][idx] = Cookie.fromString(cookie);
     }
 
+    cookies[service][idx].meta = { service, idx };
     return cookies[service][idx];
 }
 
@@ -50,6 +90,10 @@ export function updateCookieValues(cookie, values) {
 
     if (changed) {
         dirty = true;
+        if (isCluster && cookie.meta) {
+            const message = { cookieUpdate: { ...cookie.meta, cookie } };
+            cluster.send(message);
+        }
     }
 
     return changed;
@@ -65,5 +109,6 @@ export function updateCookie(cookie, headers) {
 
     cookie.unset(parsed.filter(c => c.expires < new Date()).map(c => c.name));
     parsed.filter(c => !c.expires || c.expires > new Date()).forEach(c => values[c.name] = c.value);
+
     updateCookieValues(cookie, values);
 }

From 90d57ab6ea861b3fd6cf76e365f267ea0117e852 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 17:02:29 +0000
Subject: [PATCH 148/379] api/config: store tunnelPort in env

---
 api/src/config.js        | 4 ++--
 api/src/stream/manage.js | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/src/config.js b/api/src/config.js
index 899dfe49..925b51df 100644
--- a/api/src/config.js
+++ b/api/src/config.js
@@ -14,6 +14,7 @@ const enabledServices = new Set(Object.keys(services).filter(e => {
 const env = {
     apiURL: process.env.API_URL || '',
     apiPort: process.env.API_PORT || 9000,
+    tunnelPort: process.env.API_PORT || 9000,
 
     listenAddress: process.env.API_LISTEN_ADDRESS,
     freebindCIDR: process.platform === 'linux' && process.env.FREEBIND_CIDR,
@@ -56,8 +57,7 @@ const env = {
 const genericUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36";
 const cobaltUserAgent = `cobalt/${version} (+https://github.com/imputnet/cobalt)`;
 
-export let tunnelPort = env.apiPort;
-export const setTunnelPort = (port) => tunnelPort = port;
+export const setTunnelPort = (port) => env.tunnelPort = port;
 export const isCluster = env.instanceCount > 1;
 
 if (env.sessionEnabled && env.jwtSecret.length < 16) {
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index fc6ffe2d..de4a2cf6 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -5,7 +5,7 @@ import { randomBytes } from "crypto";
 import { strict as assert } from "assert";
 import { setMaxListeners } from "node:events";
 
-import { env, tunnelPort } from "../config.js";
+import { env } from "../config.js";
 import { closeRequest } from "./shared.js";
 import { decryptStream, encryptStream } from "../misc/crypto.js";
 import { hashHmac } from "../security/secrets.js";
@@ -102,7 +102,7 @@ export function createInternalStream(url, obj = {}) {
         isHLS: obj.isHLS,
     });
 
-    let streamLink = new URL('/itunnel', `http://127.0.0.1:${tunnelPort}`);
+    let streamLink = new URL('/itunnel', `http://127.0.0.1:${env.tunnelPort}`);
     streamLink.searchParams.set('id', streamID);
 
     const cleanup = () => {

From 5a66af514e9d302705915e136e2114451405dbeb Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 17:24:22 +0000
Subject: [PATCH 149/379] api: make deepsource happy

---
 api/src/security/api-keys.js  |  8 ++++----
 api/src/security/secrets.js   | 18 +++++++++++-------
 api/src/store/base-store.js   |  6 +++---
 api/src/store/memory-store.js |  6 +++---
 4 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/api/src/security/api-keys.js b/api/src/security/api-keys.js
index 0e24c48d..d534999c 100644
--- a/api/src/security/api-keys.js
+++ b/api/src/security/api-keys.js
@@ -117,6 +117,10 @@ const formatKeys = (keyData) => {
     return formatted;
 }
 
+const updateKeys = (newKeys) => {
+    keys = formatKeys(newKeys);
+}
+
 const loadKeys = async (source) => {
     let updated;
     if (source.protocol === 'file:') {
@@ -138,10 +142,6 @@ const loadKeys = async (source) => {
     updateKeys(updated);
 }
 
-const updateKeys = (newKeys) => {
-    keys = formatKeys(newKeys);
-}
-
 const wrapLoad = (url, initial = false) => {
     loadKeys(url)
     .then(() => {
diff --git a/api/src/security/secrets.js b/api/src/security/secrets.js
index 2973043b..fff24f84 100644
--- a/api/src/security/secrets.js
+++ b/api/src/security/secrets.js
@@ -15,15 +15,19 @@ export const syncSecrets = () => {
     return new Promise((resolve, reject) => {
         if (cluster.isPrimary) {
             let remaining = Object.values(cluster.workers).length;
+            const handleReady = (worker, m) => {
+                if (m.ready)
+                    worker.send({ rateSalt, streamSalt });
+
+                if (!--remaining)
+                    resolve();
+            }
 
             for (const worker of Object.values(cluster.workers)) {
-                worker.once('message', (m) => {
-                    if (m.ready)
-                        worker.send({ rateSalt, streamSalt });
-
-                    if (!--remaining)
-                        resolve();
-                });
+                worker.once(
+                    'message',
+                    (m) => handleReady(worker, m)
+                );
             }
         } else if (cluster.isWorker) {
             if (rateSalt || streamSalt)
diff --git a/api/src/store/base-store.js b/api/src/store/base-store.js
index 9938c852..c2a59ff8 100644
--- a/api/src/store/base-store.js
+++ b/api/src/store/base-store.js
@@ -13,7 +13,7 @@ export class Store {
         this.id = name;
     }
 
-    async _has(_key) { throw "needs implementation" }
+    async _has(_key) { await Promise.reject("needs implementation"); }
     has(key) {
         if (typeof key !== 'string') {
             key = key.toString();
@@ -22,7 +22,7 @@ export class Store {
         return this._has(key);
     }
 
-    async _get(_key) { throw "needs implementation" }
+    async _get(_key) { await Promise.reject("needs implementation"); }
     async get(key) {
         if (typeof key !== 'string') {
             key = key.toString();
@@ -35,7 +35,7 @@ export class Store {
         return val;
     }
 
-    async _set(_key, _val, _exp_sec = -1) { throw "needs implementation" }
+    async _set(_key, _val, _exp_sec = -1) { await Promise.reject("needs implementation") }
     set(key, val, exp_sec = -1) {
         if (typeof key !== 'string') {
             key = key.toString();
diff --git a/api/src/store/memory-store.js b/api/src/store/memory-store.js
index b30908d5..549f6e6f 100644
--- a/api/src/store/memory-store.js
+++ b/api/src/store/memory-store.js
@@ -14,17 +14,17 @@ export default class MemoryStore extends Store {
         super(name);
     }
 
-    async _has(key) {
+    _has(key) {
         return this.#store.has(key);
     }
 
-    async _get(key) {
+    _get(key) {
         const val = this.#store.get(key);
 
         return val === undefined ? null : val;
     }
 
-    async _set(key, val, exp_sec = -1) {
+    _set(key, val, exp_sec = -1) {
         if (this.#store.has(key)) {
             this.#timeouts.remove(o => o.k === key);
         }

From 676bc9879c02cda1ae7ac7e3187edad93e611ff3 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 1 Nov 2024 17:52:46 +0000
Subject: [PATCH 150/379] docker: bump node version to 23

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e933c468..f9451a55 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:20-bullseye-slim AS base
+FROM node:23-bullseye-slim AS base
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"
 
@@ -22,4 +22,4 @@ COPY --from=build /prod/api /app
 COPY --from=build /app/.git /app/.git
 
 EXPOSE 9000
-CMD [ "node", "src/cobalt" ]
\ No newline at end of file
+CMD [ "node", "src/cobalt" ]

From 382873dc116002d89118d13b615d74ab9d8aaa14 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 2 Nov 2024 09:59:48 +0000
Subject: [PATCH 151/379] api/core: fix main cluster being unable to handle
 itunnels

---
 api/src/core/api.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/core/api.js b/api/src/core/api.js
index 5ea75c37..153f2ca6 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -8,7 +8,7 @@ import jwt from "../security/jwt.js";
 import stream from "../stream/stream.js";
 import match from "../processing/match.js";
 
-import { env, setTunnelPort } from "../config.js";
+import { env, isCluster, setTunnelPort } from "../config.js";
 import { extract } from "../processing/url.js";
 import { Green, Bright, Cyan } from "../misc/console-text.js";
 import { hashHmac } from "../security/secrets.js";
@@ -378,7 +378,7 @@ export const runAPI = async (express, app, __dirname, isPrimary = true) => {
         }
     });
 
-    if (!isPrimary) {
+    if (isCluster) {
         const istreamer = express();
         istreamer.get('/itunnel', itunnelHandler);
         const server = istreamer.listen({

From 541bf04575d7ee436c2ed64fb97c40c52f3f726e Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 2 Nov 2024 16:43:36 +0600
Subject: [PATCH 152/379] api/services: fix `createStream` calls in pickers

oops
---
 api/src/processing/services/bluesky.js   | 2 +-
 api/src/processing/services/instagram.js | 8 ++++----
 api/src/processing/services/snapchat.js  | 4 ++--
 api/src/processing/services/tiktok.js    | 2 +-
 api/src/processing/services/twitter.js   | 6 +++---
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/api/src/processing/services/bluesky.js b/api/src/processing/services/bluesky.js
index d200296c..98b92c64 100644
--- a/api/src/processing/services/bluesky.js
+++ b/api/src/processing/services/bluesky.js
@@ -48,7 +48,7 @@ const extractImages = ({ getPost, filename, alwaysProxy }) => {
         let proxiedImage = createStream({
             service: "bluesky",
             type: "proxy",
-            u: url,
+            url,
             filename: `${filename}_${i + 1}.jpg`,
         });
 
diff --git a/api/src/processing/services/instagram.js b/api/src/processing/services/instagram.js
index 17e78ec4..111d7603 100644
--- a/api/src/processing/services/instagram.js
+++ b/api/src/processing/services/instagram.js
@@ -177,7 +177,7 @@ export default function(obj) {
                     if (alwaysProxy) proxyFile = createStream({
                         service: "instagram",
                         type: "proxy",
-                        u: url,
+                        url,
                         filename: `instagram_${id}_${i + 1}.${itemExt}`
                     });
 
@@ -189,7 +189,7 @@ export default function(obj) {
                         thumb: createStream({
                             service: "instagram",
                             type: "proxy",
-                            u: e.node?.display_url,
+                            url: e.node?.display_url,
                             filename: `instagram_${id}_${i + 1}.jpg`
                         })
                     }
@@ -230,7 +230,7 @@ export default function(obj) {
                     if (alwaysProxy) proxyFile = createStream({
                         service: "instagram",
                         type: "proxy",
-                        u: url,
+                        url,
                         filename: `instagram_${id}_${i + 1}.${itemExt}`
                     });
 
@@ -242,7 +242,7 @@ export default function(obj) {
                         thumb: createStream({
                             service: "instagram",
                             type: "proxy",
-                            u: imageUrl,
+                            url: imageUrl,
                             filename: `instagram_${id}_${i + 1}.jpg`
                         })
                     }
diff --git a/api/src/processing/services/snapchat.js b/api/src/processing/services/snapchat.js
index acb6813a..4c62a5ff 100644
--- a/api/src/processing/services/snapchat.js
+++ b/api/src/processing/services/snapchat.js
@@ -73,7 +73,7 @@ async function getStory(username, storyId, alwaysProxy) {
                     const proxy = createStream({
                         service: "snapchat",
                         type: "proxy",
-                        u: snapUrl,
+                        url: snapUrl,
                         filename: `snapchat_${username}_${snap.timestampInSec.value}.${snapExt}`,
                     });
 
@@ -81,7 +81,7 @@ async function getStory(username, storyId, alwaysProxy) {
                     if (snapType === "video") thumbProxy = createStream({
                         service: "snapchat",
                         type: "proxy",
-                        u: snap.snapUrls.mediaPreviewUrl.value,
+                        url: snap.snapUrls.mediaPreviewUrl.value,
                     });
 
                     if (alwaysProxy) snapUrl = proxy;
diff --git a/api/src/processing/services/tiktok.js b/api/src/processing/services/tiktok.js
index e205ce54..d5e5c6e4 100644
--- a/api/src/processing/services/tiktok.js
+++ b/api/src/processing/services/tiktok.js
@@ -102,7 +102,7 @@ export default async function(obj) {
                 if (obj.alwaysProxy) url = createStream({
                     service: "tiktok",
                     type: "proxy",
-                    u: url,
+                    url,
                     filename: `${filenameBase}_photo_${i + 1}.jpg`
                 })
 
diff --git a/api/src/processing/services/twitter.js b/api/src/processing/services/twitter.js
index 229415eb..b4a1d557 100644
--- a/api/src/processing/services/twitter.js
+++ b/api/src/processing/services/twitter.js
@@ -159,10 +159,10 @@ export default async function({ id, index, toGif, dispatcher, alwaysProxy }) {
 
     const getFileExt = (url) => new URL(url).pathname.split(".", 2)[1];
 
-    const proxyMedia = (u, filename) => createStream({
+    const proxyMedia = (url, filename) => createStream({
         service: "twitter",
         type: "proxy",
-        u, filename,
+        url, filename,
     })
 
     switch (media?.length) {
@@ -217,7 +217,7 @@ export default async function({ id, index, toGif, dispatcher, alwaysProxy }) {
                     url = createStream({
                         service: "twitter",
                         type: shouldRenderGif ? "gif" : "remux",
-                        u: url,
+                        url,
                         filename: videoFilename,
                     })
                 } else if (alwaysProxy) {

From 44e08e8474a420bd168a9a00d6b845356d97854b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 2 Nov 2024 16:48:34 +0600
Subject: [PATCH 153/379] api/config: separate error if statements for session
 & instance count

---
 api/src/config.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/config.js b/api/src/config.js
index 925b51df..191e8441 100644
--- a/api/src/config.js
+++ b/api/src/config.js
@@ -62,7 +62,9 @@ export const isCluster = env.instanceCount > 1;
 
 if (env.sessionEnabled && env.jwtSecret.length < 16) {
     throw new Error("JWT_SECRET env is too short (must be at least 16 characters long)");
-} else if (env.instanceCount > 1 && !env.redisURL) {
+}
+
+if (env.instanceCount > 1 && !env.redisURL) {
     throw new Error("API_REDIS_URL is required when API_INSTANCE_COUNT is >= 2");
 } else if (env.instanceCount > 1 && !await supportsReusePort()) {
     console.error('API_INSTANCE_COUNT is not supported in your environment. to use this env, your node.js');

From 2f89f79b14b697bd9c923d2ae2057b243db2909c Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 2 Nov 2024 11:12:39 +0000
Subject: [PATCH 154/379] api/memory-store: ;

---
 api/src/store/memory-store.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/store/memory-store.js b/api/src/store/memory-store.js
index 549f6e6f..2b7f4a86 100644
--- a/api/src/store/memory-store.js
+++ b/api/src/store/memory-store.js
@@ -1,4 +1,4 @@
-import { MinPriorityQueue } from '@datastructures-js/priority-queue'
+import { MinPriorityQueue } from '@datastructures-js/priority-queue';
 import { Store } from './base-store.js';
 
 // minimum delay between sweeps to avoid repeatedly

From cba308aabdab05909b7565ef8f507deb7f2df727 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 2 Nov 2024 11:13:04 +0000
Subject: [PATCH 155/379] api/test-ci: reduce stream lifespan

the streams have picked up smoking
---
 api/src/util/test-ci.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/util/test-ci.js b/api/src/util/test-ci.js
index 988fac7a..3a0352cb 100644
--- a/api/src/util/test-ci.js
+++ b/api/src/util/test-ci.js
@@ -39,7 +39,7 @@ switch (action) {
             console.error('no such service:', service);
         }
 
-        env.streamLifespan = 10000;
+        env.streamLifespan = 3;
         env.apiURL = 'http://x';
         randomizeCiphers();
 

From ab3af731e7162e398d9f126306ff323b32306470 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 2 Nov 2024 17:19:28 +0600
Subject: [PATCH 156/379] api/package: bump version to 10.3

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index da4d7c4c..2624812d 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.2.1",
+    "version": "10.3",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From e2b4141fc76d1352407b904c23d56459dbce5faa Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 2 Nov 2024 11:32:35 +0000
Subject: [PATCH 157/379] api/memory-store: unref timeout so it doesn't hold up
 process

---
 api/src/store/memory-store.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/src/store/memory-store.js b/api/src/store/memory-store.js
index 2b7f4a86..100a0e09 100644
--- a/api/src/store/memory-store.js
+++ b/api/src/store/memory-store.js
@@ -60,6 +60,7 @@ export default class MemoryStore extends Store {
                 () => this.#sweepNow(),
                 Math.max(MIN_THRESHOLD_MS, time - current_time)
             );
+            sweep.id.unref();
         }
     }
 

From d4b8400146ba4e2e6fb4a68aa0d263e54a5f8d10 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 2 Nov 2024 17:40:32 +0600
Subject: [PATCH 158/379] web/FileReceiver: reduce padding & gaps

---
 web/src/components/misc/FileReceiver.svelte | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/src/components/misc/FileReceiver.svelte b/web/src/components/misc/FileReceiver.svelte
index 7cfbf31b..59d1b406 100644
--- a/web/src/components/misc/FileReceiver.svelte
+++ b/web/src/components/misc/FileReceiver.svelte
@@ -65,8 +65,8 @@
     .open-file-button {
         position: relative;
         flex-direction: column;
-        gap: 8px;
-        padding: 28px 32px;
+        gap: 4px;
+        padding: 26px 28px;
         transition: box-shadow 0.2s;
     }
 
@@ -149,7 +149,7 @@
         display: flex;
         flex-direction: column;
         align-items: center;
-        gap: 8px;
+        gap: 6px;
         max-width: 300px;
     }
 

From eb84aecebc30380003b34c03cb07e4f48f5441e0 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 2 Nov 2024 18:04:21 +0600
Subject: [PATCH 159/379] dockerfile: update the image to debian 12

because there's no debian 11 armv7 image
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index f9451a55..7926dea6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:23-bullseye-slim AS base
+FROM node:23-bookworm-slim AS base
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"
 

From 37517875dbcfef07e51ff6adbd1362deaa17a57f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 2 Nov 2024 20:18:59 +0600
Subject: [PATCH 160/379] api/package: update dependencies

---
 api/package.json |  4 ++--
 pnpm-lock.yaml   | 48 +++++++++++++++++++++++++++---------------------
 2 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/api/package.json b/api/package.json
index 2624812d..46fbd3fe 100644
--- a/api/package.json
+++ b/api/package.json
@@ -30,7 +30,7 @@
         "cors": "^2.8.5",
         "dotenv": "^16.0.1",
         "esbuild": "^0.14.51",
-        "express": "^4.21.0",
+        "express": "^4.21.1",
         "express-rate-limit": "^7.4.1",
         "ffmpeg-static": "^5.1.0",
         "hls-parser": "^0.10.7",
@@ -41,7 +41,7 @@
         "set-cookie-parser": "2.6.0",
         "undici": "^5.19.1",
         "url-pattern": "1.0.3",
-        "youtubei.js": "^10.5.0",
+        "youtubei.js": "^11.0.1",
         "zod": "^3.23.8"
     },
     "optionalDependencies": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index b36f1ff5..ef6b2538 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -29,11 +29,11 @@ importers:
         specifier: ^0.14.51
         version: 0.14.54
       express:
-        specifier: ^4.21.0
-        version: 4.21.0
+        specifier: ^4.21.1
+        version: 4.21.1
       express-rate-limit:
         specifier: ^7.4.1
-        version: 7.4.1(express@4.21.0)
+        version: 7.4.1(express@4.21.1)
       ffmpeg-static:
         specifier: ^5.1.0
         version: 5.2.0
@@ -62,8 +62,8 @@ importers:
         specifier: 1.0.3
         version: 1.0.3
       youtubei.js:
-        specifier: ^10.5.0
-        version: 10.5.0
+        specifier: ^11.0.1
+        version: 11.0.1
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -73,7 +73,7 @@ importers:
         version: 0.2.2
       rate-limit-redis:
         specifier: ^4.2.0
-        version: 4.2.0(express-rate-limit@7.4.1(express@4.21.0))
+        version: 4.2.0(express-rate-limit@7.4.1(express@4.21.1))
       redis:
         specifier: ^4.7.0
         version: 4.7.0
@@ -1009,6 +1009,10 @@ packages:
     resolution: {integrity: sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==}
     engines: {node: '>= 0.6'}
 
+  cookie@0.7.1:
+    resolution: {integrity: sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==}
+    engines: {node: '>= 0.6'}
+
   cors@2.8.5:
     resolution: {integrity: sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==}
     engines: {node: '>= 0.10'}
@@ -1307,8 +1311,8 @@ packages:
     peerDependencies:
       express: 4 || 5 || ^5.0.0-beta.1
 
-  express@4.21.0:
-    resolution: {integrity: sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==}
+  express@4.21.1:
+    resolution: {integrity: sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==}
     engines: {node: '>= 0.10.0'}
 
   fast-deep-equal@3.1.3:
@@ -1547,8 +1551,8 @@ packages:
   jackspeak@3.4.3:
     resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==}
 
-  jintr@2.1.1:
-    resolution: {integrity: sha512-89cwX4ouogeDGOBsEVsVYsnWWvWjchmwXBB4kiBhmjOKw19FiOKhNhMhpxhTlK2ctl7DS+d/ethfmuBpzoNNgA==}
+  jintr@3.0.2:
+    resolution: {integrity: sha512-5g2EBudeJFOopjAX4exAv5OCCW1DgUISfoioCsm1h9Q9HJ41LmnZ6J52PCsqBlQihsmp0VDuxreAVzM7yk5nFA==}
 
   joycon@3.1.1:
     resolution: {integrity: sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==}
@@ -2358,8 +2362,8 @@ packages:
     resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
     engines: {node: '>=10'}
 
-  youtubei.js@10.5.0:
-    resolution: {integrity: sha512-iyA+VF28c15tCCKH9ExM2RKC3zYiHzA/eixGlJ3vERANkuI+xYKzAZ4vtOhmyqwrAddu88R/DkzEsmpph5NWjg==}
+  youtubei.js@11.0.1:
+    resolution: {integrity: sha512-ZsbOd+5XF2Ofi3FrLMfYd+f9g9H8xswlouFhjhOqbwT68dMJtX6CRGsHNj5VTFCR/+L/865x1lnUlllB2dDDTA==}
 
   zod@3.23.8:
     resolution: {integrity: sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==}
@@ -3049,6 +3053,8 @@ snapshots:
 
   cookie@0.6.0: {}
 
+  cookie@0.7.1: {}
+
   cors@2.8.5:
     dependencies:
       object-assign: 4.1.1
@@ -3350,18 +3356,18 @@ snapshots:
       signal-exit: 3.0.7
       strip-final-newline: 2.0.0
 
-  express-rate-limit@7.4.1(express@4.21.0):
+  express-rate-limit@7.4.1(express@4.21.1):
     dependencies:
-      express: 4.21.0
+      express: 4.21.1
 
-  express@4.21.0:
+  express@4.21.1:
     dependencies:
       accepts: 1.3.8
       array-flatten: 1.1.1
       body-parser: 1.20.3
       content-disposition: 0.5.4
       content-type: 1.0.5
-      cookie: 0.6.0
+      cookie: 0.7.1
       cookie-signature: 1.0.6
       debug: 2.6.9
       depd: 2.0.0
@@ -3628,7 +3634,7 @@ snapshots:
     optionalDependencies:
       '@pkgjs/parseargs': 0.11.0
 
-  jintr@2.1.1:
+  jintr@3.0.2:
     dependencies:
       acorn: 8.12.1
 
@@ -3877,9 +3883,9 @@ snapshots:
 
   range-parser@1.2.1: {}
 
-  rate-limit-redis@4.2.0(express-rate-limit@7.4.1(express@4.21.0)):
+  rate-limit-redis@4.2.0(express-rate-limit@7.4.1(express@4.21.1)):
     dependencies:
-      express-rate-limit: 7.4.1(express@4.21.0)
+      express-rate-limit: 7.4.1(express@4.21.1)
     optional: true
 
   raw-body@2.5.2:
@@ -4335,10 +4341,10 @@ snapshots:
 
   yocto-queue@0.1.0: {}
 
-  youtubei.js@10.5.0:
+  youtubei.js@11.0.1:
     dependencies:
       '@bufbuild/protobuf': 2.1.0
-      jintr: 2.1.1
+      jintr: 3.0.2
       tslib: 2.6.3
       undici: 5.28.4
 

From ca665c5382ab6d547f270c3f163d635fcd4fe141 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 2 Nov 2024 21:19:19 +0600
Subject: [PATCH 161/379] api: replace psl with homegrown & up-to-date fork

finally no more punycode warning
---
 api/package.json                      |  4 ++--
 api/src/processing/services/tumblr.js |  2 +-
 api/src/processing/url.js             |  2 +-
 pnpm-lock.yaml                        | 18 ++++++++++--------
 4 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/api/package.json b/api/package.json
index 46fbd3fe..beeea330 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.3",
+    "version": "10.3.1",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",
@@ -25,6 +25,7 @@
     "homepage": "https://github.com/imputnet/cobalt#readme",
     "dependencies": {
         "@datastructures-js/priority-queue": "^6.3.1",
+        "@imput/psl": "^2.0.4",
         "@imput/version-info": "workspace:^",
         "content-disposition-header": "0.6.0",
         "cors": "^2.8.5",
@@ -37,7 +38,6 @@
         "ipaddr.js": "2.2.0",
         "nanoid": "^4.0.2",
         "node-cache": "^5.1.2",
-        "psl": "1.9.0",
         "set-cookie-parser": "2.6.0",
         "undici": "^5.19.1",
         "url-pattern": "1.0.3",
diff --git a/api/src/processing/services/tumblr.js b/api/src/processing/services/tumblr.js
index b361b98c..2b8aa4ce 100644
--- a/api/src/processing/services/tumblr.js
+++ b/api/src/processing/services/tumblr.js
@@ -1,4 +1,4 @@
-import psl from "psl";
+import psl from "@imput/psl";
 
 const API_KEY = 'jrsCWX1XDuVxAFO4GkK147syAoN8BJZ5voz8tS80bPcj26Vc5Z';
 const API_BASE = 'https://api-http2.tumblr.com';
diff --git a/api/src/processing/url.js b/api/src/processing/url.js
index 034a5d73..899005c0 100644
--- a/api/src/processing/url.js
+++ b/api/src/processing/url.js
@@ -1,4 +1,4 @@
-import psl from "psl";
+import psl from "@imput/psl";
 import { strict as assert } from "node:assert";
 
 import { env } from "../config.js";
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index ef6b2538..5a96ed57 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -13,6 +13,9 @@ importers:
       '@datastructures-js/priority-queue':
         specifier: ^6.3.1
         version: 6.3.1
+      '@imput/psl':
+        specifier: ^2.0.4
+        version: 2.0.4
       '@imput/version-info':
         specifier: workspace:^
         version: link:../packages/version-info
@@ -49,9 +52,6 @@ importers:
       node-cache:
         specifier: ^5.1.2
         version: 5.1.2
-      psl:
-        specifier: 1.9.0
-        version: 1.9.0
       set-cookie-parser:
         specifier: 2.6.0
         version: 2.6.0
@@ -543,6 +543,9 @@ packages:
   '@imput/libav.js-remux-cli@5.5.6':
     resolution: {integrity: sha512-XdAab90EZKf6ULtD/x9Y2bnlmNJodXSO6w8aWrn97+N2IRuOS8zv3tAFPRC69SWKa8Utjeu5YTYuTolnX3QprQ==}
 
+  '@imput/psl@2.0.4':
+    resolution: {integrity: sha512-vuy76JX78/DnJegLuJoLpMmw11JTA/9HvlIADg/f8dDVXyxbh0jnObL0q13h+WvlBO4Gk26Pu8sUa7/h0JGQig==}
+
   '@isaacs/cliui@8.0.2':
     resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==}
     engines: {node: '>=12'}
@@ -1866,9 +1869,6 @@ packages:
     resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==}
     engines: {node: '>= 0.10'}
 
-  psl@1.9.0:
-    resolution: {integrity: sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==}
-
   punycode@2.3.1:
     resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
     engines: {node: '>=6'}
@@ -2581,6 +2581,10 @@ snapshots:
 
   '@imput/libav.js-remux-cli@5.5.6': {}
 
+  '@imput/psl@2.0.4':
+    dependencies:
+      punycode: 2.3.1
+
   '@isaacs/cliui@8.0.2':
     dependencies:
       string-width: 5.1.2
@@ -3871,8 +3875,6 @@ snapshots:
       forwarded: 0.2.0
       ipaddr.js: 1.9.1
 
-  psl@1.9.0: {}
-
   punycode@2.3.1: {}
 
   qs@6.13.0:

From 7fbb7ee5e64e7301b25fc1260ff0a836d9971871 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 2 Nov 2024 16:23:31 +0000
Subject: [PATCH 162/379] dockerfile: switch to alpine

---
 Dockerfile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7926dea6..1af6273a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:23-bookworm-slim AS base
+FROM node:23-alpine AS base
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"
 
@@ -7,8 +7,7 @@ WORKDIR /app
 COPY . /app
 
 RUN corepack enable
-RUN apt-get update && \
-    apt-get install -y python3 build-essential
+RUN apk add --no-cache python3 alpine-sdk
 
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
     pnpm install --prod --frozen-lockfile

From b88abdd94b7495c56a91c3f642cfbe8fb77c7c2c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 2 Nov 2024 23:39:46 +0600
Subject: [PATCH 163/379] ci/docker: remove armv7 as build platform

fuck fucking armv7 FUCKKKKK
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 8dadd1d3..e25378b3 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -51,7 +51,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

From c44a5ecc89deec4079e20772ff48b966c3a184db Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 2 Nov 2024 18:46:56 +0000
Subject: [PATCH 164/379] api/cookie: fix cookie.set() being ran only once

---
 api/src/processing/cookie/manager.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 5ea3f6ca..275f5b96 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -85,7 +85,7 @@ export function updateCookieValues(cookie, values) {
     let changed = false;
 
     for (const [ key, value ] of Object.entries(values)) {
-        changed ||= cookie.set(key, value);
+        changed = cookie.set(key, value) || changed;
     }
 
     if (changed) {

From 5a7635cdf7acde744178b216c5f0a3f4a6789f7f Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 2 Nov 2024 18:48:26 +0000
Subject: [PATCH 165/379] api/cookie: write cookies only if from-file cookie
 was changed

---
 api/src/processing/cookie/manager.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 275f5b96..7a47685d 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -88,9 +88,9 @@ export function updateCookieValues(cookie, values) {
         changed = cookie.set(key, value) || changed;
     }
 
-    if (changed) {
+    if (changed && cookie.meta) {
         dirty = true;
-        if (isCluster && cookie.meta) {
+        if (isCluster) {
             const message = { cookieUpdate: { ...cookie.meta, cookie } };
             cluster.send(message);
         }

From 160160704d2acdd88784db3243e033d0b459c7df Mon Sep 17 00:00:00 2001
From: hyperdefined <contact@hyper.lol>
Date: Sun, 3 Nov 2024 11:29:42 -0500
Subject: [PATCH 166/379] docs/run-an-instance: add missing `DISABLED_SERVICES`
 (#882)

---
 docs/run-an-instance.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/run-an-instance.md b/docs/run-an-instance.md
index 66a7d51d..60a3c8aa 100644
--- a/docs/run-an-instance.md
+++ b/docs/run-an-instance.md
@@ -79,6 +79,7 @@ sudo service nscd start
 | `API_AUTH_REQUIRED`   | ➖        | `1`                     | when set to `1`, the user always needs to be authenticated in some way before they can access the API (either via an api key or via turnstile, if enabled). |
 | `API_REDIS_URL`       | ➖        | `redis://localhost:6379` | when set, cobalt uses redis instead of internal memory for the tunnel cache. |
 | `API_INSTANCE_COUNT`  | ➖        | `2`                     | supported only on Linux and node.js `>=23.1.0`. when configured, cobalt will spawn multiple sub-instances amongst which requests will be balanced. |
+| `DISABLED_SERVICES`   | ➖        | `bilibili,youtube`       | comma-separated list which disables certain services from being used. |
 
 \* the higher the nice value, the lower the priority. [read more here](https://en.wikipedia.org/wiki/Nice_(Unix)).
 

From f4ca4ea7195170b5b9db4b3d2b1ef80b0eba166d Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 3 Nov 2024 20:02:43 +0000
Subject: [PATCH 167/379] web/settings: validate youtubeDubLang as literal

---
 web/src/lib/settings/validate.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/web/src/lib/settings/validate.ts b/web/src/lib/settings/validate.ts
index 9b85bcce..02467d2e 100644
--- a/web/src/lib/settings/validate.ts
+++ b/web/src/lib/settings/validate.ts
@@ -9,6 +9,7 @@ import {
     youtubeVideoCodecOptions,
     type PartialSettings,
 } from '$lib/types/settings';
+import { youtubeLanguages } from './youtube-lang';
 
 function validateTypes(input: unknown, reference = defaultSettings as unknown) {
     if (typeof input === 'undefined')
@@ -79,7 +80,8 @@ export function validateSettings(settings: PartialSettings) {
             [ settings?.save?.filenameStyle    , filenameStyleOptions ],
             [ settings?.save?.videoQuality     , videoQualityOptions ],
             [ settings?.save?.youtubeVideoCodec, youtubeVideoCodecOptions ],
-            [ settings?.save?.savingMethod     , savingMethodOptions ]
+            [ settings?.save?.savingMethod     , savingMethodOptions ],
+            [ settings?.save?.youtubeDubLang   , youtubeLanguages ]
         ])
     );
 }

From c477b728e15312a61247ec00b02015b51b54c936 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 4 Nov 2024 21:26:38 +0600
Subject: [PATCH 168/379] web/about/community: add a link to bluesky

---
 web/i18n/en/about.json                       | 1 +
 web/src/components/about/AboutSupport.svelte | 5 +++++
 web/src/lib/env.ts                           | 2 +-
 web/src/routes/about/community/+page.svelte  | 6 +++++-
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/web/i18n/en/about.json b/web/i18n/en/about.json
index 10d31ec2..72b7fe40 100644
--- a/web/i18n/en/about.json
+++ b/web/i18n/en/about.json
@@ -27,6 +27,7 @@
     "support.discord": "chat with the community and developers about cobalt or ask for help",
     "support.twitter": "follow cobalt's updates and development on your twitter timeline",
     "support.telegram": "stay up to date with latest cobalt updates via a telegram channel",
+    "support.bluesky": "follow cobalt's updates and development on your bluesky feed",
 
     "support.description.issue": "if you want to report a bug or some other recurring issue, please do it on github.",
     "support.description.help": "use discord for any other questions. describe the issue properly in #cobalt-support or else no one will be able help you.",
diff --git a/web/src/components/about/AboutSupport.svelte b/web/src/components/about/AboutSupport.svelte
index bdba8e85..5b0c319c 100644
--- a/web/src/components/about/AboutSupport.svelte
+++ b/web/src/components/about/AboutSupport.svelte
@@ -8,6 +8,7 @@
     import IconBrandTwitter from "@tabler/icons-svelte/IconBrandTwitter.svelte";
     import IconBrandDiscord from "@tabler/icons-svelte/IconBrandDiscord.svelte";
     import IconBrandTelegram from "@tabler/icons-svelte/IconBrandTelegram.svelte";
+    import IconBrandBluesky from "@tabler/icons-svelte/IconBrandBluesky.svelte";
 
     const platformIcons = {
         github: {
@@ -26,6 +27,10 @@
             icon: IconBrandTelegram,
             color: "#1c9efb",
         },
+        bluesky: {
+            icon: IconBrandBluesky,
+            color: "#0a78ff",
+        },
     };
 
     export let platform: keyof typeof platformIcons;
diff --git a/web/src/lib/env.ts b/web/src/lib/env.ts
index 53b93a34..34c0e800 100644
--- a/web/src/lib/env.ts
+++ b/web/src/lib/env.ts
@@ -20,7 +20,7 @@ const contacts = {
     discord: "https://discord.gg/pQPt8HBUPu",
     twitter: "https://x.com/justusecobalt",
     github: "https://github.com/imputnet/cobalt",
-    email: "support@cobalt.tools",
+    bluesky: "https://bsky.app/profile/cobalt.tools",
     telegram_ru: "https://t.me/justusecobalt_ru",
 }
 
diff --git a/web/src/routes/about/community/+page.svelte b/web/src/routes/about/community/+page.svelte
index f5c20bf4..c2219317 100644
--- a/web/src/routes/about/community/+page.svelte
+++ b/web/src/routes/about/community/+page.svelte
@@ -14,7 +14,7 @@
         id="support-buttons"
         bind:offsetWidth={buttonContainerWidth}
 
-        class:two={$locale === "ru"}
+        class="two"
         class:one={buttonContainerWidth < 500}
     >
         <AboutSupport
@@ -36,6 +36,10 @@
                 platform="twitter"
                 externalLink={contacts.twitter}
             />
+            <AboutSupport
+                platform="bluesky"
+                externalLink={contacts.bluesky}
+            />
         {/if}
     </div>
 

From c09347f18b68f4d2b52160878713bf218b022e16 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 4 Nov 2024 17:35:51 +0000
Subject: [PATCH 169/379] CONTRIBUTING: add info about localization platform

---
 CONTRIBUTING.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 073d0fb1..2d71877c 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -4,7 +4,20 @@ if you're reading this, you are probably interested in contributing to cobalt, w
 this document serves as a guide to help you make contributions that we can merge into the cobalt codebase.
 
 ## translations
-currently, we are **not accepting** translations of cobalt. we're working on changing this soon!
+we are currently accepting translations via the [i18n platform](https://i18n.imput.net).
+
+thank you for showing interest in making cobalt more accessible around the world, we really appreciate it! here are some guidelines for how a cobalt translation should look:
+
+- cobalt's writing style is informal. please do not use formal language, unless there is no other way to express the same idea of the original text in your language.
+- do not translate the name "cobalt", or "imput"
+- you can translate "meowbalt" into whatever your language's equivalent of _meow_ is (e.g. _miaubalt_ in German)
+- **please don't translate cobalt into languages which you are not experienced in.** we can use google translate ourselves, but we would prefer cobalt to be translated by humans, not computers.
+
+if your language does not exist on the translation platform yet, you can request to add it by adding it to any of cobalt's components (e.g. [here](https://i18n.imput.net/projects/cobalt/about/)).
+
+before translating a piece of text, check that no one has made a translation yet. pending translations are displayed in the **Suggestions** tab on the translate page. if someone already made a suggestion, and you think it's correct, you can upvote it! this helps us distinguish that a translation is correct.
+
+if no one has submitted a translation, or the submitted translation seems wrong to you, you can submit your translation by clicking the **Suggest** button for each individual string, which sends it off for human review. we will then check it to to ensure no malicious translations are submitted, and add it to cobalt.
 
 ## adding features or support for services
 before putting in the effort to implement a feature, it's worth considering whether it would be appropriate to add it to cobalt. the cobalt api is built to assist people **only with downloading freely accessible content**. other functionality, such as:

From cecdbda7e40832313e27eb53fd17b58d6fd3211c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 5 Nov 2024 00:43:03 +0600
Subject: [PATCH 170/379] web/layout: update long text heading styling & add
 table styling

---
 web/src/routes/+layout.svelte | 35 +++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 598f71da..a9d68837 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -464,7 +464,7 @@
 
     :global(.long-text-noto),
     :global(.long-text-noto *:not(h1, h2, h3, h4, h5, h6)) {
-        line-height: 1.7;
+        line-height: 1.8;
         font-size: 14.5px;
         font-family: "Noto Sans Mono Variable", "Noto Sans Mono", monospace;
         user-select: text;
@@ -478,15 +478,46 @@
 
     :global(.long-text-noto ul) {
         padding-inline-start: 30px;
-        margin-block-start: 9px;
     }
 
     :global(.long-text-noto li) {
         padding-left: 3px;
     }
 
+    :global(.long-text-noto h1),
+    :global(.long-text-noto h2),
+    :global(.long-text-noto h3) {
+        user-select: text;
+        -webkit-user-select: text;
+        letter-spacing: 0;
+        margin-block-start: 1rem;
+    }
+
     :global(.long-text-noto h3) {
         font-size: 17px;
+        margin-block-end: -0.5rem;
+    }
+
+    :global(.long-text-noto h2) {
+        font-size: 19px;
+        line-height: 1.3;
+        margin-block-end: -0.3rem;
+    }
+
+    :global(table),
+    :global(td),
+    :global(th) {
+        border-spacing: 0;
+        border-style: solid;
+        border-width: 1px;
+        border-collapse: collapse;
+        text-align: center;
+        padding: 3px 8px;
+    }
+
+    :global(tr td:first-child),
+    :global(tr th:first-child) {
+        text-align: right;
     }
 
     :global(.long-text-noto.about section p:first-of-type) {

From 2b7fcabf870cba58d63a91647c4fa11ab151be84 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 5 Nov 2024 00:43:20 +0600
Subject: [PATCH 171/379] web/ChangelogEntry: reduce banner min height

---
 web/src/components/changelog/ChangelogEntry.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/components/changelog/ChangelogEntry.svelte b/web/src/components/changelog/ChangelogEntry.svelte
index 18f474ef..4df9fa40 100644
--- a/web/src/components/changelog/ChangelogEntry.svelte
+++ b/web/src/components/changelog/ChangelogEntry.svelte
@@ -142,7 +142,7 @@
         display: block;
         object-fit: cover;
         max-height: 320pt;
-        min-height: 210pt;
+        min-height: 180pt;
         width: 100%;
         aspect-ratio: 16/9;
         border-radius: var(--padding);

From 2300f5c0afde61f9f78fee12a07f165eb9ab9edc Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 5 Nov 2024 00:43:58 +0600
Subject: [PATCH 172/379] web/package: bump version to 10.3

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index 60534d07..07936290 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.2.1",
+    "version": "10.3",
     "type": "module",
     "private": true,
     "scripts": {

From 857ac06435ebc3299cc0cebb4331c01fd2c9b42a Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 5 Nov 2024 00:45:25 +0600
Subject: [PATCH 173/379] web/changelogs: add 10.3 changelog

---
 web/changelogs/10.3.md                        | 101 ++++++++++++++++++
 .../update-banners/meowbalt_very_fast.webp    | Bin 0 -> 68470 bytes
 2 files changed, 101 insertions(+)
 create mode 100644 web/changelogs/10.3.md
 create mode 100644 web/static/update-banners/meowbalt_very_fast.webp

diff --git a/web/changelogs/10.3.md b/web/changelogs/10.3.md
new file mode 100644
index 00000000..0d2955aa
--- /dev/null
+++ b/web/changelogs/10.3.md
@@ -0,0 +1,101 @@
+---
+title: "fastest cobalt yet, new youtube features, translation platform, and a lot more"
+date: "4 Nov, 2024"
+banner:
+    file: "meowbalt_very_fast.webp"
+    alt: "meowth plush getting squished with a hammer."
+---
+
+## oh-so-fast
+starting from this update, cobalt can run several instances in parallel, reducing load on individual instances and making it much faster.
+previously cobalt ran on *only one thread*, and it's honestly impressive that it lasted this long.
+
+we tested cobalt under peak traffic load & same network conditions:
+- initial request processing is now **~14 times faster than before**.
+- starting a tunnel is now **~32 times faster**.
+
+<div style="display: flex; justify-content: center;">
+
+|                   | 10.2    | **10.3**   |
+|-------------------|---------|------------|
+| processing        | 14780ms | **1070ms** |
+| starting a tunnel | 11660ms | **360ms**  |
+
+</div>
+
+these tests weren't really scientific as we based them on screen recordings,
+but the point still stands: cobalt no longer slows down and runs as fast as it can.
+
+## youtube improvements
+- added a [new hls option](/settings/video#youtube-hls) that allows for downloading *more formats* of youtube videos.
+- fixed an issue that caused long youtube videos to get abruptly cut off. if you still experience this issue, try enabling the [new hls option](/settings/video#youtube-hls) in settings!
+- added an option to [pick any audio track language](/settings/audio#youtube-dub) for youtube videos in settings. all languages that youtube supports are listed, cobalt will fall back to default if preferred language isn't available.
+- if a [youtube codec](/settings/video#youtube-codec) isn't available, cobalt will now fall back to the next best one.
+
+## meet weblate, a place where you can translate cobalt
+we're finally ready to invite you to translate cobalt to any langauge you like! your translation contributions are linked to your github account, so you'll show up in cobalt's contributors list.
+
+you can start translating cobalt at [i18n.imput.net](https://i18n.imput.net/) right now!
+
+thank you for showing such an overwhelming amount of interest in making cobalt more accessible around the world, we really appreciate it!
+
+## other service improvements
+- added support for bookmark links from twitter.
+- fixed parsing of some mobile tiktok links.
+- fixed twitter gifs having an incorrect extension in the content picker.
+- fixed a bug that broke downloading older (shorter) links from streamable.
+- fixed video downloading from odnoklassniki (ok.ru).
+
+## ui/ux improvements
+- [always-on file tunneling](/settings/privacy#tunnel) is out of beta! feel free to use it if your isp tracks or filters your internet traffic.
+- redesigned the [community & support page](/about/community), added bluesky and removed support email.
+- improved the debug page: added a button to copy data, added current states, fixed padding. if you're curious, it can be enabled in [advanced settings](/settings/advanced#debug).
+- reduced timeouts on action buttons in security warning popups as they were very annoying before.
+- added a message about cobalt not being fully usable without javascript when the page is loaded without it.
+- improved contrast of all emoji icons on the home/save page.
+- improved contrast of the toggle button.
+- fixed the color of text selection, it's no longer hideous.
+- audio bitrate section now gets greyed out when it's not applicable.
+- fixed cursor state (pointer, arrow, etc) on various buttons.
+- fixed a bug when iphone landscape mode optimizations were applied incorrectly (fix for a bug in ios firefox).
+- various text/phrasing improvements across ui.
+- small padding improvements across ui.
+- other small improvements.
+
+## documentation improvements
+- all [documentation on github](https://github.com/imputnet/cobalt) was majorly improved. all projects and docs are now listed in the main readme. all docs are now easier to read and follow.
+- added a new document outlining all [instance protection methods](https://github.com/imputnet/cobalt/blob/main/docs/protect-an-instance.md) along with step-by-step tutorials on how to configure them.
+- added a tutorial for [configuring a cobalt instance for youtube downloading](https://github.com/imputnet/cobalt/blob/main/docs/configure-for-youtube.md).
+- updated [contribution guidelines](https://github.com/imputnet/cobalt/blob/main/CONTRIBUTING.md).
+- updated [examples](https://github.com/imputnet/cobalt/tree/main/docs/examples) for cookie & docker compose files. we now recommend running cobalt api as **read only** image, as it ensures that it wasn't tampered with. we do it on our servers, too.
+
+## internal improvements for nerds
+- added support for api keys, api instance hosters are now able to limit access to a set of people. you can see [how to configure them on github](https://github.com/imputnet/cobalt/blob/main/docs/protect-an-instance.md#configure-api-keys).
+- cobalt api docker image is now running alpine & node 23. it's also much smaller than before.
+- instances now log whether they were able to load cookies or api keys. no more guessing if your config works or not.
+- updated the console error when cobalt api is configured incorrectly.
+- majorly refactored the youtube module.
+- lots of general api code refactoring.
+- improved settings schema migration on frontend.
+- removed outdated api functions, util scripts, and docs.
+
+## fixed a XSS vulnerability that wasn't exploited
+a malicious cobalt instance could serve links with the javascript: protocol, resulting in XSS when the user tries to download an item from a picker.
+
+as far as we know, this vulnerability was never found and exploited in the wild, but we still urge all frontend instance hosters to **update their instances asap**. cobalt.tools and all other instances that configured CSP correctly weren't affected by this vulnerability.
+
+this issue was fully fixed in [c4be1d3](https://github.com/imputnet/cobalt/commit/c4be1d3a37b0deb6b6087ec7a815262ac942daf1) and [an advisory with CVE was posted on github](https://github.com/imputnet/cobalt/security/advisories/GHSA-cm4c-v4cm-3735).
+
+if you ever discover a security vulnerability in cobalt, please report it responsibly [on github](https://github.com/imputnet/cobalt/security/advisories/new). we'll make sure to fix it as soon as possible!
+
+## where's 10.2?
+we were very excited to release the first part of changes, so we bumped the version early. then, we decided to make cobalt faster, so now we're at 10.3!
+
+*we also silently released changes in prod before the announcement, teehee :3c*
+
+## all changes are on github
+as always, you can check [all commits since the 10.1 release on github](https://github.com/imputnet/cobalt/compare/f461b02f...main) for even more details.
+
+we hope you enjoy this update as much as you enjoy fresh air, because it really feels like one!
+
+\~ your friends at imput ❤️
\ No newline at end of file
diff --git a/web/static/update-banners/meowbalt_very_fast.webp b/web/static/update-banners/meowbalt_very_fast.webp
new file mode 100644
index 0000000000000000000000000000000000000000..afe6ea4d3cd7138802fdb9b184bac83aad20cbcd
GIT binary patch
literal 68470
zcmZ^}Q<Nr6v^H3_ZM)01ZQHhuF59-<W!tvdW!u&}{hjmA%$ke2%Zpf<5s`cC{YY6#
zT-+WO7)V1*SW#V(lgRkrGtv@7E-;NC#1t5RqG+Bhd2v%cu@eo9BMP*YJ>cksaHTJ)
zX`H4eiSlJgVB6}uDVhG6^hY2fya14Ot_cWkCaiGC$<x^;W3P4_Ded9iE`KY3%fHV5
z+cyd*ezSQn*bx}@4+b#&e14Ao82AH-KHDDhcm3@E-hef~pC3B_Lykez&n1Ac$YAE@
z_{ZV1?p@&9AX~uEzZO9HBl3LtId%=%;!o#44<NsSeLH=adnDWeO!yB1MDB*3@?Qay
z{&^2)3w^7AYXI&Q{-wbjVBg;ZAOW!Wq8xLW@Sg_2erDhFUHBjLJ^RPL0sokNO8^93
z9nAgPfA{#;0{~~`&kRq1mOdbX3IA6ATY&%1>C5N2!Q1Ue{$bz7&$N&6*Vq@wkHMqB
z^^Z_rIzR<5@I&}5(Q^yf-8P6P?AQhLj0+h1{{R{Rs!Y<`iYapU%i{-w-m?aO58>kw
zSog~!gcTPM8-yS02d-DiKWJk)T^$7pnOXOj(?el6U6&f2IEJ%!?}H|N+?92I_6FV<
z6^bNGoR52rPD|Ar6b7sc8#FTY_m<0tyVNtQV6q0KYQ7G*(5#32!jAKH{XkTf)k)4I
zlTecxWltFO57}W3k;mme_O-z(Tpj8dIsD7(dTZe^%ZLQRPkU`H&fu?t+@~`34u!lU
zewLpwEug>7kz^>h_6|(nAG0=x77YzMRqzBaKPQH~`K~Fhldj_M1xZe}G+=@KS$OQh
z7Z>yWmL=*pzj>!sP`daIRoOF+*0EFaXwOg6$kifWfb%8GUUco%_@?$jX9htGvis}c
zsuQP)ZdyB;(?3lN&QLvh!|7D1JOVdP#)FiiU4GR1`o$2+l)YU-abV(H$j5kS2j3NI
zj{jy})P>U2)~`S=(4F~DeRf-WSmBFb8gtG%DyW1l_<Lgm<L#C9G5RTEI=X1I!2>J1
z9&k8`#0nMMY7~2X#9f-Z2a+aM1k&KGrYq)=omSq)S{JaK5!Llhp+PGekqSG)#dED?
z@n>v>MelW{^(#PLalsx^%38Xya%Tz}o1vawhq|TgMuvFZ`V<UlHP!%&9>xLk*+2>D
z(*GoMQlaEnrmp9i<W3TpKB4FwSQ^~NIAU<%qIFf@hVn;=8yl8ZM}%z#DQj~xR8l%$
z(4WhiLigT1jSrTQxEAlLQ&ZwL>Gcwh*a1{Cnd~R!K^3O8X9?{AQoje>nB&79*)J?A
zFgMUy*h7PA^2uMvZLt)zOAfVgEMX-!-Y(zsQ3&vb5w;d($7}ysh_(hw5q`O#uxXUL
zt7pj2AdBPVGTKS%IQ=F>0xnPf*p2=$F>;|D+ITR#Eiz_Nt>I&D7tH_8X}ht!)OzmP
zpf!vC8_R~k^YZPl;f0Vs?QU<kd518^&i_?yP(2>eNptgG!N{C-J^OaHy&fNMFZ2U6
z75MWZ2JxVm2v*T;dW64=b2DjVc@V}aj18>jnZ*`0J}9iGsEMq-p8PtAPEXIf)6ORO
zSaKIi%B>|@tlwGzQI>XSK2+a`(Bkf4sz~|AiaGKdY^FT^4V5g;95Ox9zwAZ(esfO@
zRVH3c3s{Cl96s}tzC{8ph@Y-Eb_n)z6%KXP@7V_hQ+2PrP#+U+szWTuL(Vg`Q~T}~
zr=8mmh0o^!I2yu#opaf4P?D7WnAEivm45HH2pWWI<W?V0SD;Az*uQQ_T1{%jkXk!u
z*yxFb!bxA-)!pd>R3JMurA|4Tg71;d4NP6Bv6JD&?sSKREbuW0Ts`zIDYrwwYHOj>
zVL{%(Z;bFlT+W2Tbl<+K=@!?whc({qBMVmaH6D9HNt%a+Qx;v=G}8YT>c~yN>eN6S
zPmJ8&G0?R}jyAHE)?K{N{km*BsKzI7!&_S(nuMroQJAK37u><S^C@Sj1GFwS7tHL(
zN;_lPI$95Q*b0*{*xaG^wQ_RSph+>M7rAr_TK^Q0bIs8q@qhgSqH~3`z&3g5`_$(5
zw3T^cAN97v*|^ietN1o%JYpMy6Cv0KX%m)5trkm<+NQzfweV;{bsWJgVQA2D>iS}7
zX=-E!q3hF*>Rau(vnWqg^9ISB0jMnuj1c~68iYK(r5$?gP)EVdUY?-)LZr>c(~nfp
zr3yUQu;k<%q&-l|%>O32H`zghN3mf&?Hy}?GWNlw5k(R)9lBs${nA<}32-#S%(5ze
z!58FWVo5PmKi62(q8np$Dw}0#P`*INCGo|rdspkt`Sn+V@+%V?j*ELXjB5AU@u|Dq
z7QhEhW`G{Hu}%;;I-0$hQ+_@~aDgv$S9RLC)2{}zO4F>c!6y)!w5`fc=4k5RlX9w(
zG0Jmzw83mF(2cq_9`1|g9l6$nkcH{XQv-dP+hg2A^AzFe0L7&N*X3LCCel?I$RA+k
z$#Y8~wB@OFw>hr?_bZ5eUr5np@sj>Je#BD{Kz{wHPGj<|vRBvWTn=%rbRKlBgd5J*
z4~T(lRhDZ=aIT7UfooHs{(`rwt8kMW?e%D7itcW};Io9OE~wz4xWwvKWX!No;#0T0
zS4UL7{jQ<!O6h05lL_CF<KCDI9WK(hQE_%Cv$46pzP~<%2Z`EVkR|9pAn$k8`*ro{
zA*TMDkIAuWN~0?Z!w=ZDOO&4hikR=JYA%xAx5_Qh-<aK1NOYH7l#j9krQqS=F>ovx
z<ZZ?i>L*k(z&2|M<^`2!^XW)&WU+8EQ{-1|-edG=$b3r#>|HBr5NZWA5BO;N4=n3R
z>Qm!4NRtOsU|0hqW|fk96kaSkclGe&7EGl4(4L~T5uC&R`Wi)Q3VB3H(_4<oj@^Td
z5pFEuC_Os7b&>E-0`xBhFl55lV#6T6g24CwwzSWPFn}!dlH|uYhFh+Phk(|LbOBcn
z1p9!ya<5+xs6d~(b>m5qPcRX9%~J3N>%M50gG+35{)y4@3WHxd@=cvi<Hb;DZMr^<
zF|?qBc=jvEa-d*;?@YVXc+VW67>$cOi_Yrqk^x+ga)o#X1f*41^{c5vU#A>=Ek*kF
z8*B`#hzvMC(UJw^WHAYcJ@<Vk#WtT>0PnEXc|wI7oYLQ-3Q4GMG$Q#;qV_{3Gi(?8
zPC3qm#no!8Xecnk1BAOem)K{TJhgI<{NHJ2DG5wt85lWI6kln1c4Pf`hwvC_bjGW!
zm<6i3T5zx#WgnKRHg0LTsPizGX-?0OL%Ky1B9$rGp@_p_QbVmiH+zeS9%(`Bh$|Fk
z10=Y0XPQUR<fY&$L!Dn=;yG=UF-{NkY5|AipdKSqOL9%|n2E5+WQ)RrfOisa{>vcO
zh7oRnYBe5ELP}a;oYT6svU)U{6@?z}6L+wwxQlr7X^dLFd1ae$T4nR#?V~@&q&PNf
zqC5Ci+{jF^k`0lo>H&qVWh?npHgjX&)ZEzqnK!e`*sQpr^LWr~;{AO_5(JfH;L9{m
z$~I_ePf<X=tFN$IYh;|Sd%of!?gf3{U_qQIgKWt&h_ZZC^t1)8o~KC28Yz-`R>(1+
ze;}IjvaWIT=x>!S|8%o!PlDWee0)P5ZPh)#-*f&FbAD~`vn=t!CLd8ksP3JH-fiip
zG{sGu?VX)wVrX^NnUVEfVyC?X@Cm5ccX5em$E5}9A9d>Szh&ltF;fyya%H7o!!88}
zXDGAG4TrHg7sv8&W3Ts$NCFJXbli=_z$S_N!-#*6H|8E2n#E_4ziyW}qAb)*B>9yl
z;P9iVhbv0Z_uAYJ(Y~9|p3P)aZ$Jpw96Y}@hL5D*tkZ&agM36h+a}{)sRCwI!W%`D
z4C)GmaX2DD{HtnsGmauuX1<-@KLM^;>5hZw(~eHrgS1k%QRIIEWK#`((eSwn+m5{(
z0GC<6lbf#P?POLd9b@_)sq!=J!Q*2W%4{tI^_do>d->#~gHNuYHZY0Z$>RUkJ3{9O
z8<xzStgsRL{o4nkBEXBORb}+{X{^$cgGZ`vioAlfPE)_5Q?97COUT%%aLe&|^e?<p
z)|u+hdyRK|Jw(l8c6av2G(PE-Mr@Z@PH(D6Pvo617wo?|u@tUC&1e4Ic*Y<2Y#C+;
zUp&DE;9alML$awLbiQx8IVtjDvlz_*Rmd2EdX?rv+8BGIioO)Huf*?iG7r4LN8fLv
z;@m5h=ED?~$X5T@0=z6*PE}Jt=6nBYTlsDnn1K#u{cyVTeDG=!uL{QKsnAEpyy1Wr
z2j_%!22$IA^0qFlFvn--yu*%q#EqFvuLYZWj@&eWvDk|>5Vks}+}Z17;3ehABVN(;
z#}D|%_KgblNLaBjihriK_I(CX<<6A40IP7nv783(;DfWQxQUWzPvwH?a@UavxQAW@
zR-7>2#qkYW^1rLLXU#!@oAM0yf-f3eNo&N8KDy98gt(})I5s=m-DMV&jR)T8d&ThZ
z#Lp`bPqF(H77dK}fUpjU_Wt5crNt15=#5q&^tsN&X{`U&aJcrN3CP}Sn*U9k^ksGZ
zG6~fUyX$Zm`fSaGIN|g{3#oqVTwHf@j~Kh<N246E-rHvDx4uO@N8A7G#JSx8WnJ{0
zB%_xaT#Z~s=n8US_OBxsE>FspK*9CzUhlU}I>xM{bpwYL!y0g@QRGPb=Cp2Q*qyQx
zv|9fGwYabA>IhO&ykKcmOBU@__V5vPA0B;~&*3oiW~w2(N+)-IaYn36@f5e(^}PJv
zV0wr?zDyA~UzT0BKs2?hS$a71aC67bkzT>X+L4O*knm&|i+=sx@hGuKR19yEJA{wh
z*K3$s+Bcnl#*j@z$3?XZDzKjnMy-mA2iosh_QGhgK*U9AsH!L3d5l1%4B6=5X;(#W
z5**9v#+<wi?QM7i9qtF>(HeKd&&4^m%%DWg079}A_NN33vm~s<uSN$+TvvdrGqY-Z
zh+x2<@9NdB4hh*B;hf#YT`{q8Evp_$H{Wi=A@kBAf<cX^AzJ#Y;`&hEo3s7tAzEm;
zPznfp;-a0B%F#N({9pt7qPaiUKYgm}DK#WRbdK&YE*X2lC|AnD&FQ3+BSFNLq7ZAD
zzCxhP_xKlY+k77_Lrw<51h-;()%5Cjv7#Rrun1&qn$zfs)`(VPcJI2L;(?%Tpcuvw
zr7C~X8~s1#5lDkC{p~Rw#rL4Z7w3VT7dXU~ju~8Jl!Pwq1Mu>ksW<lR+pM;{>JZTw
z6eU1`-cExErNwR3>ziGX{Ns#v{6-gka^h|^kLzyRl14S~Egjpa){RFB%{P*=?E(Y-
z7NNk|821Ds8F<Qlm$LEkocjISP&`eJk_a-{rZJz;&)na*LTI4%!P6SKED!F0bvIe!
z7JYY;tAwMIH{_{VH1*MOm@=jYN3(+;T7lCp-mP*9+dNbueI*UFX2u|0b?E?yZ1Ma0
zL$({Gok~k%`WQx%Vwa0!PgkyH<gqaac%bmJM7WFDl&+HW|Ne!F+q4d^ZAsM3&8{U<
zWlofl^1xz2)jOf;A~Zab%+*JjOBjNQyMpS)tXg7NS7R@xs1v=6x=~vK=CX<6Si&m7
zL`eXz3Gkz>QT1^hZ6(uZX(AM}7patvE_f4Rf#Iv|<$ft<VlHi(J)t`j`6dKPqp~=>
zKu&kG^oiH=x)(e(C4Z_rS`O3`=#$qNdaarRvi;T=Cp_thv55RoE$5#;$B6yeAzt8R
z2BSY}$Uv&NCXhk+`27bhoLLN8Us0k0a#22=8^s8mNV-qVLBGE&`#KPUjSHJ`Z44ZA
za&E6*Z=|a`{$t<ElM0F?`8rU<W+WL%mO$k9hlx7&CXd?mH>_nSzlp_-*7W`|NF($S
zsq?>FFzoPFVqJ|;*6EZ#UdpRZoCxRwfq4iT*`{Jf->IUkCUhJ!7dU|M4Yfl_>{(|J
z>d3jZK)?WCY<?P}tZy>C3MiNyGe&c$(^q_b&cV>`jU4QR&EW;~(gSZD%O7#)>su&1
zKWPPQ8Q_&E#rKDRy;N2a5aBP%IgrUu(zP&TB<!caAT*FZv6jM>YuZNU`z)I()|vmO
zK9}YkVh1n+1+n@|HzVk|Al6(ItQ6P?YUF!KJd42qex2ka@6B)-bh?AbrPMa9r}ZE^
z)xno30S;CwBU*>~?kY9sMve)#lKG-rAASb2a2m3xM;LzRKY^oQIXp*JvE1_cgLOMM
zgpK`Nn=2PQlmaq*b9bvK;=j_`9RjWLDh*vDoGW4+&(;f)X^`Sli0o<VIp%E3-9BO&
zR2~T4yqEJdS;kcDd#PtSRCQ~iVDroszIN45*=Jb-8B4_^?8&sZsOz6H-_9tB)_*SW
zWh0DgACJcNc9^qGfJ-59951XWI6Z9fHDuK)Qjpbyv4K~lk4HjLrKOiAv6HZV{w(v)
z)f(GMtb*(nuE5VL!2rQx30k+PWF^(Be*A4j&R{phXmx0|!9-@?gv`%6U+vOb@sHlf
z)kRu}t8`dB|Ko<Sv+*0njrPQX3NJHI1=z*ik#fPqOkf|sGVm&?q;sUR;*!jrL^t=$
zPn&L)(P@3Ty!Cz*R7>SojT>{tZGesn$Q`#~&tUvSm*syml~uPT_7u8lNm-`iU{{g+
zKX}K*V2SR*4^_5CmD5ckm<G{=V{>j^y4)kFP|!^CIX-5MX@Bmhi-E|v118YnG`8;)
zG*DuH<iHMxL+9u$Uz5Rq-4a;iVdTXMIaDQy?UYwx$nV1>H5a@pse#c&9;4x=OVobW
zHby7)0I46`qSS?uV3wqAH6P&K^;!D0&+S;|)%YmCbww3h?JK{6(Ue-Pd>sdOn;nnY
zz#ezt8<Ti&ss^G89ykG(F#fOWc`4YBa5Ijxau9uyx5g38{|pE{MO|8)y@TQ~luq{5
z=l(I&O?FjuAJHVP1VuONN8!2dpN!%y=ig}?2QM!P5Ulc>to)GI>GAQ{F0}@Z9B{mh
zP>tDrZW14EHR?<%hNI-XAh9liSqO5Xnr2z5cCr+NrEwq3<~VjV>>H0MOWvSA+$ok8
z;7jN-pi1;~$`q$D?J~nAtj2sY05c}-VQ=RI^}F@4{@0<^(NQm0p0QKAm&kh?*)s<s
z3SXC8w9AKgL{_O6)LTfPhF05G=wK!zv{2+y=`PD$&Whx+%2tT<Ny2s3T22<VB|Rx2
z4wt6Z`$JgG2G8$OyfVKC694QPwtiR=V77ekG27dB_2q1&J_zoDmAk^wQ0<ag(B3O4
zJj&{aKJJJFf5VPQnDdxr<2WVz^}p};p}45koJLFsQ#JQHx5R-oW5JaOLmC%GVoZ>=
zq8zCRU6@fsOEwE6iEa%gFhAIkeB)kO*s>o}2bo~nvNTlvEB~VY!m$Uom(R7*U(5tw
z(Dp|8?=FQC69TJc&2Ws6xlvefsMxXe?$&Q@N~dwWhUwGfeoVH6_2<HlOcI2x&2<pA
zRRJ*=rU+BIPgA?qd`}WY>pp7!r)F*3wmxq-`6?16&cUXyL!xAV#-0C87QY&EB*WWf
z$fqLgtx081(+!Id>rT~xsB*&D4ww&RC@VRc=l1fxq(|?C+Y1r6M47VAw-)z~e&dy5
z$`WwT9O2MI<v4jvPD?)FtJ?ES-V>+q!;Csn&JH>Z5&3v}rAKfZoaZ{dO=c^0GDw3Z
zZquLUFpl#$K%UW?Z|R<e!5wSj66hMi$x>pGy-n6$M58Ocp8!Xmuy|$OJVixAN=PCt
zYu{3wg8A{mAo`nXBAC|`D8PP^(^Gw@U~WJ|5e6-;u*jm6DKA&JWR{&tlV=w7d|Tjg
zbfC-_?B={B#)vD|R0Nbbedvb7>3ZofBD3(wkK~__J%bAC?Rj^ZDeIO#B2-Yw0L&9g
zNk2dtL?^?XoP6K@{4hASX@LW_S%?r74Tq>WIC#jCeRX>$p`IO6qO4IAFyu-$X7byC
z9TX)Z-bg6ZuR{FaK#8tZ&P}hxk_+a>#Qc8Se>S^>6HOoBO3G|5Lls6JEvG?#x)9#k
zs;E#kpnYUNVc1HY9cXcm;KVCLC`n8dI%vo}Ff$Jf<t?TsQt6#~sL5yj5Em;a8K(Za
za=Pv_yAYaFj(qU<;|Ren0BvGOJ;+Kg1vMI6`BY-Gd+H<sDO|X46X5>C9d>kcA<*L3
zT_0uGH0@>Y5bI3+-dPIh%K3&Kq&lT+@K}NxUf>bs-Eb;_bq%7lb?%M}{BvczYRV0{
zP`+zYv`w!mbUnN(C_ep!b0h}_o$|%mMxe5ln^27b%h7g}^>JjgPD*?>9)=d|p-vwb
zy&ska*}Y~(Y^P+>1H6nym05E|!$Z>EYlW3v&+;g7Pz`y>$8r<;(Y{^D{`MAX>m5Bq
zq8(`O2&!y*9saTY(}uw$cc@9g9j~&0<~sKYV~wwt&>$4GtO6C4y!4Y}P2f*%Con_$
zXB)Y$VbIE!e@00*_vN99ZQ2PcqluNJED>uTC!BMaxt20a*nPKVyTI7PIxDU=#;rTv
z?$SnM7KLnibN8l(A^C{TNGt|Zyb(w|){$F$jfAz|IYj!daabw@jY=A6(^Tu29g;_U
z?iCqd+qviO#wqqmQ)Pl&#{DREZuiwcQcHP<qMRTw@pacAxvaoG`RBnk4R(K)P;HAf
z@x@7uCrVMVLS@6KM+W~NviR5c6YgfvK3j8$?}Ocq;9*s)(*tPzR`bo2dTU+^*r)hP
z`d;#fggD=bn|iAg;R_*LTL4Nlew5`}#inH&FiVr(B&qa&oP|RjaC4MqI>FgGJ;OqT
z57Yi4h?1%KI$m$&1C-9_gT@%lzi?-zju^=WD)>~WTG*V7jjQfTEFQVt1a(UBH_1qR
zv^pfQS2{OfD#J_bg0En~C++$NV;m{MoqPZB4h4BG2k;$jScK1Pe}J<_EhzkDWiA(x
z%3o}Hr+fD`yheZ!m!I^g$xGnC*+zQ%r;WScB8j{HE{#m1GVpLBEFTSeiKl#0?lze1
zz{fyF0%g^-Z8#^Zq)~36geIc^49ccDd+Xl}k6HGCG$R==uGr}Zmhe9)Pb3X5(1&Is
z@LPJPTli@Q77TY4#PoC<RH<?TS&EXVxX)^G6iLaJm)s(Z47aQ7_Jh=9py8lNj^{}$
zK2O3l-Xf3=)3u$|a+gNS+xEXtIK^s`W^d32B?cW*=B3uMgGS<&yC^C0%)4QbTa{Or
z%5hHqadKrj5{TC&!?$t}m|KKW@$sD1qM0_o?(%1m;nR#ermu7`>53z$+{DNfAUrLN
z-xJgpTP(7jNLh5wutNhAQBpQs!X?*VXqEzpo}IU+1M|D+-KQb4N`<4f!NNr8<gb(K
ziZaO>e+vU%FOM;GJ5hlYgTp~P9_n>8mjWCofo(qJl`=M<4TOkqYzdHjivpKgmbo*H
zIPQ|o?D(v4kn<XB{I<~bDyjIkpru*p>fn)VW#><Z6fLBK1toy1TB~$4$^O`9cMk>9
zz=k$;(S581>_O+YsBMBG-cH&Ph5XPOg|aIa*pepJE_ZI$_x_oZ<|iKMNcIBXAck04
z_JJdbkg2HsHC<l~fz?Bjq-3G;htGH;8@Ooj&A=h$k2pQ$*96?*#;79pn^yCR0twT)
zxq6YS&7$_0o-+9^{%d+wnnD7B#sR$wkJUy+20F4D*#u%a<0X+!c|fC0uu-95CXbD-
z6M64y6CmB!aQRALgfj%mB0yPDWv*-X(mHw@bB%PG|Bte;ziL<5iu+KqJa~d*-YR?b
zi%nm}<~><pv4DY&@Ce+OkxVzJ4A|U<gfi~{t?*bI7REoee_Vr`?W;p}Yp$a?lVw!n
z544Vh&62wja7yC#P1kb6@(QlY5joB~n4b1B$&DtdGGUfywrC!REX@}+Z2;9D*$42?
zf9hz9@5vvFl6c2ODdr?d<=vnRlmh=v2fM|1$)H(3nuy<<$k4Vt=d{Q2l&H=`Y=RXP
z+$f4--xWt?=^vM+m0h))g|JLbEt4|gYpy#QAeNq*qSsL9r6@Md3=Uqqv7M?P>}<~8
z%D!@vd<y?s87?asXhL0(RNoHbkU1&Ig2D+;f0g_XB^pc;So&T1v?JQyq$MPaBp?c*
zO+K18LA$Oo2MXD3kAXtiqp+Z22W30CI0jq%{GeprefqH(e5EPAws31cSHt5K4&PLC
z2}{_ziQCJ|mzuEsZjxuTY6`p(OVFb7kwAUr%UQ^QO$(XYCf(5sq`Nz~SXad#$x#rS
zm-|x=_S)^k$JX{vdb|*;W>0n)!BJ6-MR}_`dFfv!+h0=3xtnUE;S<U(4gzkdtP_X?
zzGSPR@wq}wN`*#5b%dY-`agVsP5Zcu-<n>Pf|P8BIvO}x<JQ4TkzbS)VrsLu0;L^6
z4l5-m6DxLg)1ET|-k@sc;#b@WFo%+?W6943v_STNKt|YT4X-HWZgnfSprhtKXBNto
zyQ-`abjiCtBovCp1}B~$D1)|vD2toFOx}`GkK8Br)zlu1O+2q&Z2jmg;>2%F0V&tM
zxPF80Qw8)y3-Npe2qPWu;bQ)+Wv6mMjK0T_6pDrFbwn!9#daQ)R5DYWuQFz!IhLWq
z#Xy>T&vtwpCuV31i-&ZK_-OgyQiA+qrfLE<jB)H-SBi?TBy^=I<u!55|MVFJImboG
z%+FptSEO%!bLz;`GU{b-V9a2`tP32YLnesO(}{xv_}D!q^c%C}9k*{c#4e#xGP)#i
z|D6uK=hNG%a+ww*0VaC=3|gGTby<kQ8KFhrGyUPN4SrIHXnvu|W!lNiTQuV$L>NbG
zUu&W6Y&i_Ba>qy|lCR)AmtENr&ljL^P3D$gMi1C*d#Z}yMhwBuKHpvXoL@q#9f$&=
z_3L4Ev%l=0{%W}_S2JOKY&32@_!tx3hT_K+;q)QrFe*vk2MF)8to6AHW{~d^h^hg}
zWT*NVOaM6<fED0D=*@(*AOvXI7&<vm?t?nqlm|Ww7boVy%;zL_xuOwRC&>FNw^SFO
zswwkxN@TU>zyY0FthNsD(^A>1A0EfLyb&n_(4~XcvtP^4{8XObf)ZGLc_m&XR(v*~
zRDoPToujl`bHeFXGbGBpY+3PJnMu{%T)*~xhBoaANf6O4b&)MmA|SG}G8J9Aq?Ww4
z(4Ofw{46TkTjdW<(6=?0SHcIf@lW!Cj)n9VP_`;?vv0UN^e5&KQ)-f8m$;IztK?F)
zvia4Z=z*G#vo_h4jPWdy1oQ$5-bR|T_dGLoxv*ein(y>~OMUn|_~d-HH>;;N?DWRm
zdCR}a=-!2$0V&8#)H)8hWWiJ_8n%BB5bbYQuvcp%&i|TnCR$9(rfr(3Q~<h49C+|1
z5jf>9a!!NbJpAbofsv(7#-Mv{PUZ|inUkD3N-@`(Ul;L|5a>mpgy7YSfki^v8zkGn
zbX+9?%HGG=3xD?yy3ojEDt9W#dDa~)S$B8sba8!{L~~9(QY#;vIw$15Y|y8)2G<27
zO=<}~7=1oo<s-SQzl(gem%Af5KV?Dir}FsVeUAr$-+BK!kEjw@AxD#MtOtd+LKT52
zzlZu>4o8_bCN$e-V2t&+RhPh7w#Lox-Y7}3X86^<hd=jhkmKP4T&5{a^8Vy0P`6So
zN3La#&h#hM5lJYQPH%*Ca4gqG^EvM)$Ir-1Dc`($hnWE^RL}Xd^8<687yAggx`3+E
znU*N-QP6Wz>nLF=LQvk|p)BgjPBe~rgPtKO?H)D2+DZLy>4opyrF=R%&uLFAoVJp2
zRSv*gcV$vs3$7#fqjy@mln(2!_P|KtFAt7ipu`H^Rkn`m_9^iaIB)u8MqOlJMKM63
z1Ak(&9}?b4#Zr1P$(Ld}ZRemVSg#;6+O8cCNWSZ4Z?sQ!N+^EGrT3^KQqmypNrb6C
zbn_$m+da=ReO8D+2c|q<f|v)YDTlkOT}?z=0{6$PC^hzXrS9`uqEZxL;C|1yk`6V@
zb{}f4AN6)csSQg2No{F~k|T;Q6Q?y{?Bb4)Q_RxbHC%t_LdL%3y@u8oE=baDriLOp
z>j!WsWD(Ae@iR!R2ehxLKJ~aW&9xEu+>FMVC0HyfA+CXgvR{lrz!Q4yKsO0#$X!8Y
z$*8ef+Sm}}lG_W;%NTF})@rmGsw}=g7)%(5&g~HihHk1|WVE8UR<%wkpGeaPQJrdT
z{#Mzw+kBZ+#yU7-e7%+S$t4$WEscwoNhH3qz|G}J=+YeG56=Bn2R5q0WhVTH6LuZP
zpeD??#{}$bq1#^Qgx!`}nj`&EDz(r9bkXuXY3MS7(w9PC>ZwuMlU5w$bGeY9Icx)H
za64cKB0dsyfi%%UB*kckmx1Q6l*ol?ZEXJy&t$?upG+0_JD?VEKC>-wMr#1Yc_Da@
zpZ7{E&`pI%_IhU_JSo0@QL%qF_q;twz8w>HBjKi?-^lDA?kX4fO}#iq1cyYa8e-XP
zz#Xv8A5D8NYACPk+~d_eTWH!XX#J!%+q2INTIYL`&+9QAJK-DBd&)m)NNwyJIA(@5
zcC3OQ4Bqq0vg#KT%zG(H8qe!YXwi%lE60El&;X^u*R&l|4T4LgZXA4z@zi&qlHn>m
zgOg^@_i<B$M03UUF1^#YH*LkHOavcv`R&%0gyfriAT3qf2ibdt#X?lzU&0;s+u>Ed
z306Mlm1VJgpnkt%QY-MKj4)h9PSA*@wrZPLFSZv--IE<W2ZC)N?o8;NZ`B)6^9Q|@
zyaMTP72=G|0wvoh+=rgw%H+z)h=mL^4J@MUi3%C!BG>oTj34$tI6Y<F+}lKPFNWiX
zJ11f$F&}24(N<-iMSD&;t^g^>!i4X-_}BA<sf@#=mPq3$6yzFZGEmEQEONk%rH+05
z`m`FXrWNz{=9gCUtG%cUo%s$QR-ZW%1MAu-@>g~Xa}|zhIXVf^oGRX9VBa1PLJ2{E
zbU{mE%j^mv8k(r%nWW@z%{{o-%KX+9T~zdR;CFQ~k*6?ccXkk+V4EWAi}&GaTt_az
zj+j=B3HaiFLr*irA1e;XuNtS3<x$B8KgyDAc}!HPXcjv+uupRhjsZiY(`-~3clI8$
zm@4M<D0KFNxLNNILazozRM$Ogor=<@!*d^Z5v<~$JHUE{FW9f;0)S>UA0|_gkg!F_
zE@3<PnbhTFvkj?NiXcefO;Ze$n8tTt4z@YFdZg`N`&^=V?4Q65sD<qiDeVs>82SE+
zV2br9IC4aYJoA0jME|^t;6#MVBq1ISyUlPw=ni6MJlE|1Y}O*%=p-GXp5RxZuQY&L
z)n9=T{gCV3hw~`=m*~k9OCkqhE}+|`6W6_=;XU%KFK1)&E*^5%E6XRSGkIl?w@x8U
zLOWRG(PAidHVmnzJvAJ2ks~^k$CnMJ`NGCu?)*(LAC;qe_i7i*w8YTvQ-zjBOL5*I
z;7wFvGO@2@hppK$8eiQkl+Xk|++`3Jsr`Anx#?qU1eDr~hDY5sw{HY_>AhC<J|3Y7
z+$U3)8@>o&+>12{$8l{J;<>RBc^t~nGC#GCRl!uJJdeAL#%CxmVN~}cS`#v$DxlC#
z-@WcVgn>K$7vysL1x+RWyHas6L3~cmry|{wU3s66B?*4DI$dc<hq0{KX+qs_d`l)0
z0!bAVlCB#^_kV3O*P*;s{TxCrJlik1bo~q%zc!2GEXGxsVujJ~s=tt~HYt$|k29De
zO8DcDu9!_`7|9o}0Q{o?TJQ3CgEy5Bl{Fd=sPhyft3Sa#pqP%tA06p<B^aZ+dJB{)
z3kfdk(o+hxtx>&wI5_h8w9WUbl^#lL56+pS5hZ2a$YzwXFpKnnVJ|;fl$`XHTn-g#
z6u%^F7t#*Bc%1SO6p5rMpLrRS$`Z1(hCT0|n1BLG0ymTX8Wgk`i=0ibg~plxkyZ0@
z2F6cx3<wGrV+XQXFkS=w6EIDDZRX>CBM*l$%K&WB*!^Zyri;7VE<gic73k><Q|`}H
z7wEoT%P{$$^xj_Dl;f3_+38R}xgu(I(S%&P>rJIlNqFsRggVB9qqM6+6U9EB)p9A$
z1;cR$K-I3prB<%m(KRirX9<DFF|Xz8suRFE6W2J$x$x~Cv_XLtIF|w@pp4g4f%can
zvtuhpLOsDUnQZ{DgoS01%$bdDY(<WaR6D-R4XJ|iHep?lTr9Q!nXrN>>?bGH!0!Wg
z&JkOMms$pgu&Mv$-t1}@n(MlPM_rTI{ls=r^;J%NIKg}Q8@QJvGSBnO=fWrhw9SSS
z$wq(_U>s%V<3WASaLMQ%+%Q&j(GcNQDB#!byA=xKN=2bzVY%|)9a|*L>NI9z&~8ok
zL9cU|SYCc8D5e&mdJD6#cWjz)*qeCVZMFr>@4phD1PE@vt(lXWKaPSs{<B#zDoTrl
zLxbj1&tq&kcaf>Jq5tXHc?Ggi=UlNLc^=*MS6x{+W7o)xXh1m0TQVS0Ba*my+WncI
zKroT|p~d_KlO;bYTW~@n{Y;49w-%E2S6-Il^mm_^GTED$tw^LF*}hcILowEn_b(i%
znk4qJHwz4e!iG!r4pO=;y%^<X?)DQV@?kv5-2zy!XyNBJ?%)&Mt6tw2h~mHGOb2Ar
zhij7IYUj<5|8wnZw>ZK2pGxagFFr(v5O~_A(wp0-));E)Qs$58DVW%N(76}q*!;xF
zj6Rxo6Q5u1LpepHC+VJg3_~;Lvj_2*ad3*TlP1<Wb_3r?UVoW-&UxfqOADLw(d!q`
zqrm?G87kC`aYY7^d#fRh_XNSELc9E89k&VXZ#jH^EvG$EZad0h8xPCiW?s=FP!r|a
z)qP+)Z=-;K>m0DUw>)`=Jvpk@s$_0qeAm9)I?2-c(@5?53%7)i&L3IMwrA#LdtS5g
zpWH+vFCmQ-7=VUAWE3LI)+1Z8jMVrm%9%yS1`_SJp!Gc4VctrPV8Ec%=}G!XN+EFa
zWZ}t&m_dC6)de*{Xr%MK;0JB+@fZXN_^9EU;ZK!_15XODFmoWfBuPdrXLF)=pO;Ya
zp`w0B=|sX$5yT_N%|^y^f2vC<WQ?Lz_UFqj?fN28o1z^m0fBIB>)(B|$jX4yNY~J9
z<nvrMqgy<1dkE4B_$^3~LZoC8iuEn9HB-@6@K9wzF|@^8*cQ%pLsMK;jE(kZv~s-8
zDg2hSc#%XsE>rJO%Nl2$p;8A?9%_>BiB?vj+QPzrKF?qC((^ahu{jdC-Wvs%8ck*I
z(4vSEM5Luwtw!U~EjspBN|%Q&Ve`h(@Zq5VU;7S7=>+^jwwxBYL`6;k)~XTi#41X}
zrjDT^X{KvBo1GytCGu?IG7QnRWfjm2QU1=%gqoJ+jbLsM0SeJB)gpNZhTuwdhV@)N
z<#d|nH)@EsA5_kGCt$o6FVT<*3|r;{GCJHG6?GAOzXF`z8@FJjk<d|df1<?NvDU~*
z!Yv2ZxVosxxq4!)N5{6mic7p!W>_jpS-b7&>k2%PiZ=T}R_xiNI@q1DGrkAXdei#P
z%>U%fEXC+F_I}lqL*N>*Iu>t&b2l5s9+Q=wzdpj*1_th3E=f?{P~myb04M^-{ptfY
z(*(SLASgeXuXIHSZ`3VjJ#b<`tK2$RFSF%kbQky2>M5AK@d3uVwdmSx+n19<S)i-g
zg}>%=iS=<u@cH|yigJrubrxeMQv~5&Gi2El;eC?<oY#sk5F#_Y39noe^z_p2X3OoB
zKVJ_W+!4lEJLEjwZ%o+uUJ4WP%^%*8ASDUw2TKu_ElmI5fFe02I@W@%y*`FMKhiLj
z@I&(Ch0raw{tL(uT)2eoc6vPzcwIy$YMQtx+AhT&uiI_nfB<76FbCXxm#+P1=9RYG
zcsCNtc!>)B3%K>br($lh69>`BxT0AEkTt*z)Y59FJ&Zm<L^d;-QdX8&&tu2@BR<or
zKi`DqhmPW*@sFGEsS7avq|OJsOz2v_V5qtrjx0@8w?pn^^8=<^kyN9m<g`Z5x0n+q
zM<xPoh?}^=1rh3eZo69gZGmX;2EMSHe9*LnifhEXa(EZG-0@G^Mo(H|a$0-_$iKtw
zMO8A5WrlNVkcPDVwI4ZGM@+>mCdq;F*_$Qv<R10;E``!aAfS8y&KTU#e?_eW@N!O(
zen_B7^4n-)EYBHDu=|a7zFF&t!WrprHy-kHbOfebjl2lW*nTS7EEDcjg=57Ntf3)S
zo@aJbqu4|^DVd}aR9R^No6{SmIDiz5Pur5m3k^nr8q+nj3R1zojNz-??fjhw*7g=2
zyP`1bCRq-A5t9kfmzHBLKr2qfAZS{Bl9)ic-sr>sozJD6#L#MKN78?T7kOAYF3Jv7
z66Flb5BxB=a8Hxxsb?lHk)dIuLc459^<vsIrOFW<wMY_FLTqHXXrmi+Zsp~bk)9Rr
z-q@CZZ+2;fjDA@swaedRw^I4z$5`YHL97W(t?6PqZdb)PoIf5+0?)HVF4XQgv8H~;
z>8Dvyrc(f?K{t+USRk8F(IFE(-(IxVa^9e}hO>v?aBd+cl#Ib;^qRQM;1>OHjfMBy
zBmJTDUmDt&6j4ZOgmxqZkeLekL<kG(t{+kR!ahYpAgZ)qG4#057ru7Eh*Q{~reDH8
z;U%cjl%84NGFYS%u1H5gG7*_Al^v|bSe_JNMIN0)f`8SqN#qk%(-i<8QfU%9cy_=0
zuq^Mg4DU!dpl;A%%+EMj5|n|rjm<ew=Hr1G33d`*B(WN0d5*G-x!x_$RO?@`-`<5w
z_l5>Jc-@<(EZT>Z<tWkmEbNz)v66?gXq+R2izxX(l_{cBc>7vF4ES1bM^?e~HL-ij
z(PPRj@KwrbF(VT}4g;JQX_#@{w35Gl37$JO42<S*XTlVROk>Uv6}G=s;g0e!qgZoa
za-V?<mc`&r9A^|r^|#K_xo#8tu_(&t#=>Rshb;5wdMmHM+&(mckD)a~*OQ@O23ZEg
zu!S<kAWh9n;_JIf^V&w!>!Bewuvq+T6Y^a?fj(X+AK6+^9u@rkd5-I)C{mX&8YW4p
zK0a~VEA)<{>YNPaySX3>H%P&!ZRHgTBoj6XW?Nc0IP|Tl{TY{?G>`N8;W8r`1_vjI
zY}ZtwZ|s^aM2=%vRs}azlvOI$QIvLgOxC?x)K%Zsm~HqMT7ppCD$`;zb%+Q0Z|(+C
zwUOY^qm6)6D}Rm3g0-(7O^;vBAE>j17}Fq(J>ory;1BgCJ``?NdbI-(&N&|&m8uRW
zFn9UR8Z?`1+*``l0q}Ve6-(rT`b+Uu$f{pl6y3f^NW3}sTsya)4)a`z?csW?)gp|C
zwJ{J#gCD*O9~yHbr83d+l5`&DzSL(c7o+#|q>R+Ok`ir1HfBbBnxhrk4*e5o%kJ0I
z=W}_#t@ty@I%x<hbP4pJ?j*Iy3$omy5lk2YDK@%P86MGeopSRn5B#ntQ1M@56o6ui
z=PAr6MZ^}%G5g-gimsl;|A*>P>o{PNXq}`eW1GKIs1Vfz;BWcU9JXX5Z1I`e8yoR?
zY8w2FIj7NivA(yjar|VRb<+h*j+a4h`br!@v#zEr(4Z+sA|vEKTTH{{*)Q}+kVg18
z8W@jM#^$bu98O5B^!QRplNTP}X*G4`6KI|^MV_-w<#=ZHq6=cm67>@_tc&*QBsKkw
zqS8NYyfqc(Lb5v5B`7K5!bNmBqf)Y+st96~s$3!j3Gwr9Y<T>iAd`Q4B|Ox2v(VFF
z4`;*0!q&u#!=``UC&CVa&UkpyZY4)lNmcm9A30^VwyTwcZSDOR>!;W>V)R2H_FGw}
z^*Go+m>1SU*G>*|Ijj<z$fYUd2e_22j}O@cq6R;|!E%0kj7fmBa-&3m3X0_FvBeCZ
z1!E$N^fXDfXO((7TL;<?iYz)fICHB0cZ15E-l@{<^!<rY7);@Ai~kdWs~`onRuS_f
zJ=W!)(T_`PSvRl4c+KV$SN2}uC%W28i>pDkx$&%HG}zX}O;b2IMf;^R>z3E2fdb3u
zDugx#e+!peUt}HrYgfN&__pg8M#yf@n)0;*DZD)EaN2Hceu9~l^WOZIDD&}y!Bt|7
z%KwvDgCmZcz+1_&e_D$j>ZMyLb>K!b0AF4R10N~xPMLWW`_|$Kj#a=go^e4;{43)m
zh@qfxqEP6U&XmLbC+0zS@5|8)SSTyOM@a;N9U$B<C=nA{&Dj)%Zn=f*#xyYW+?=Yf
z6t5!wuL1mrqyJ0E!BInc!}XQ2YK+J?r*=R6Z%r9q`rdExoD<UgyZL(+XWHY&&#`g4
zx<BmC?Yz0Wuii-B-tb5Hj#!}6BWqQw-Plj-O+Oo=X6@AOLrvQM&#R#o|K~D`cox{Q
z{$slT=aV1eE&EbEr2lfaB|9`prJ8lM$MaoXU=c;{eZ-P@NHlOMQ|u>wXnYSdr;oQQ
zQ6$t7I`;qTVgAGT|HO@d6y<*i$-g+<f8pN$6TM8pDb2am<vRF&MjvYW#=+?9`PQZe
z$WpFK{QQ%A{v$B|-}V2K5d7Z_{--VcFNZ744tbyIA=TdbzxTTQf6nm#F8Tl2K?V@e
z&szyispvaclV;X#R45pmx-mY{**F0iDwpHZE`_X(@>yF%Nd?L+Lgi-A@$IEKxsDqn
z11b88mPP01$3~>%o{?qjyV{*wVI;(2Tt(^!@uqKw9tQZgRgEI);c#-e{5VL~pN*=n
z@QOb*&}3|={$m!TlJF&ZL2^F!D0d%MpaP@Ucm1N77+?LhcglW&MuN-k{-K(v5Aw0m
z;K+`Y4!w0D$0c93Y-7w+6X4EN%fN}k&YBgK0SH7$v@sXt{XpR70pmc^z+M6Rb5Q4M
zU|7^lLST)lR!p5(xB2W7M|_ZJ0YEfZ-y&@)!zO#bhqzSgp#wPY976?tt&1}&RFeWz
z&Qz?GHSh?3DA~Ox>sF=q5y4m>W`Q8@fHkZJSK4bkDNjmSG}`KI^gLCU4a`EjyUjWK
zrE*I9fv-&-=n`>9Ng4uoTt}C3+ig`{nyyJcalSa3Lu!8^G7yQ;6aax^2f&oVxNsKl
zjjnKx|4IBXgg3YT<%07r51db<rOA~y7XK~KE9#(*;fhQE35=CTWed&&J+T;N_*c_D
zksR%ZRKIAJWmw_-C$T<L%j7z**+gud3?M#3fQDc1XebB-1O%+C7(bhd8cJV+#VAch
z1qAAQ9`EiMz>>y}9EF`ZA_<g$eZj42{#BfB9V!H`7XUE?hGMFNFrE%dB@7gW*{E~C
z>gMN95tZY5_&hic1Oz3zLj-H*cI4y#?iqS=-Aogft2!iP@$BF4`&XBofRyFes*$rZ
zb71Z|klLTeenBqdX>?2p19WqfsiO)YAOr)>01i3BL+lYCAQl>6BaDy5$U9W#{H#w1
z1k+7m;xCwf@kQ3>T7#r9H(FpPIIv>;fg?*qF=9pV^PpiXFF7J%oXD9i;&w)}uUvf~
zAdq9nn8IZcKL`hvE-wU5t@McVyc1%~yB4#*ia!x`YnvO|=y4MbF}!7QKQ9Qod1qmE
zF8K1zytelw^+5VLK&+G`;`rwSzJ{RrFmHWH1M@IXbC7<5rjvc;7G44u>=6YknULZ|
z8rz7cE1$3$f=3^4JLT?o9{_vWUf0m}W0x(7u~_))WGSoJ(E(lh=gI6K86c>0AXpJ0
z0U#jgi95vjDTF8w8m5c2!B~9VBGYpj!lqRW<sdpWyddv=i0%lUGXI1Fmhm37^}ixm
z=nO@C(X~8?eP(%X9~%C{_fC;l?7cuhU6EshO@Fdqsq0W_8Ys=Ic=KUWjC`8(-YLIK
z{SWTqift+sza*DJwjIgQaxupurI1C6@7)4HP|t;$wZC1bR=Ks2J`w!{K3z)#0)98B
z(W?`$G+qNHW+BEZ8~N>O;rapzEQZ>FfFeS60zSR$7BAgGfOQQ+DM0!T2)ZG+JR)oc
zhZ+ck7QM#*Wc_)Z#Ls#mdRVs+t?u77$H&54LnCraXU|W@tqO<4%l5!_*$5gRmA|6;
zHoh!2b(}){iLgIbbcU&epZ|%in@-G>LT1Eq>r3Si_FSu`Vx$f|RW$QW#MGU|2zvN3
zbh0^dd;C5jt1C;;1DoTNqETEZCO+3Iankb7F2(jyRu4p5>1&~Oq3<R3t%-FH0P}U-
zUv)23zF^wiKfpT!;?w8jQ1W=D6WB1gr1gS31t0u^h^DMC@dsZ~A?9zeAat`3Pu%Fn
zo6qjq&>JTnL9fcnO0LvDDOX8ZNI~*j?pwU=O2PPQ_(qHWWbE@`LjU5;(dW`N_*jo;
z;cok)7UEN4P56rKwS^`c<JgkWbSI60jjI;|RX9k}Y;(vRj=cIwj8dfhb(P#*0Zm$-
zS&x^YHW<Ux`EGq!P+j_hB>wqLbx0cA9Y1Mi%(9+tBcKFVT2g|sNm)&BkVQ}gEqzGS
zi&N`(sS;hsg#+)EP)7@PJb@UmmAD#}1N~^WWhUHFMRfZ(xyi0)@aY%zCQvB!;riAK
zk;5<UWLfhG5>21G1&2GU{5Stp5~=l7<Ku9Fr#K7+Z#G2Oi45sEa;sMsIxyPbK=#Sl
z@R4Qb4Y5&8V#UMk5^|}&6(X(Q$S+B0F16>c&t-y`3ltjqGHgT;hte#^+WaiI-|(Qd
z99z*8r7F7M*)+xHO~_iPsL;r(!t2A}FQ!!tQy3>t?z_<$&%o-xn|f(qNjeRsKm4YK
zN7As^PF;jy)}7tTrGPPBuhHjzaTmvdv$Qia<9qEo;<dQaxg}c=id_zPe6+4%f5#p4
zHXS#XmnS^7k!qruMY)=%+=2@qS$J(2rZg{)2De>FE)3qEa1^9V`r$7WK`%_)ct(VH
za8;zAw|j8LD?MFh46hJkzV)Gbf`Ym%1#y^>F@`Qz+w*}6jPSl)cQhw8KV=O^@b7j;
zbXNjO>MEGrdzlkRP+}*7tFXGzE)V>%XP8Btg<&4${a56vh7C6Z&e#HUXI8pmN!y))
z6vXg?(IK9con*<(a9=m;)iD+v*)4jdt#XhHyRu6K{B~Xib68Qs3~4Dfkq!kn@l0lu
zviX8|J;@-QETR_w3tFDP9AMAN`h;FdsvE(l-R$cR9E<cq9o<`o@&^%rO~q)Vktqz;
zsw>s;2~7uQCEp_P<#aR6XrM88Fr@(aC6^qqsVX=Tql-(gc;O2$=xjkopZu#K@rylf
zqVsdZadflCweJfqlHfV#)d?)Yrr7h)9>1Q`2_3Z-f;Ik-1*;^>*etQ2Ay#)3OoO3j
ztg-5bkQC(M-4X%e^6_GiP;5CnTx2~BT9#)_34!H3QOZpVDvj7E2R`7E5Zb$PlT@MO
zMG%Rs=gW$d>h3&zJICL3s^`BW#}Mh*6Fxle|0z5JtD-WY6Pu|R!|^1jlj1;U=tKCS
zp~e0Dz6wv;0(E7YCJc}SB#sCxqTIkIEFq7Q?X{3J$$K6e*wrV+N{2l_TN)#IAorJg
z@&Hvbt~BKoZ0{zBa#)f>GUvos%7S53){HKmL9f|O##I~VYISFx#o9b>q3EPp|JFi1
zNGeFi+lAFUpfK(XiE<L$_JocV>Wbt6L`|+Z_a&<t1%78rDii{3-Y{$r?=yVj-3d`I
z^Q^T+R44Z}A7noYQf{n0H0P57B~u~#cm?a_!ur*glO;Ssbc3$5szMdSTp8>U?OhvW
zmSAPKWMaQ<k7b86i5q^GFw+%BANcIs^|dNM0|lEt{6;gkOspiYg58|ktEG_O;!BXD
zF)~(ZJcv;{?^Fs`*aM40*ort_3F4fAs7Gr~wus58JFhm&>)*qpx{Kr9fd9)D-*m;v
zhV)^ymaaz-d%Fm3GZxV1P1b*qnB%ln*;pUkZPHuMWTadnV{59qu$@)Y)qU-paJ*g&
zOu2l*1rX=Ha$3|nFAJs=LS4$;PclB>gr;k0BRca3r+T#g)~Cg7PsIB20JB`FW-96Y
zJJMT!BP$|jH*@Ck0kYPu{A>9oY7pW+w$+6~N<xsl2-1bd7Z}9f<~K_)ak%1Cn(ffO
zjlOo8yw_mee%}%=nR1}SvL<+92@a8C(0M#jV>5@&t73X~kL2;ws$6L9f_(#+3CFnG
zj;8eg1vNm*zuym3tR$QRX>cMHeya|8G?O-3I`ieyzVV4{5&MeQ1v5nZv6365zxt)(
zkWEjrVP@O!u9ULt$^SO^c%J-UZ*Y)2v7#=4lf8S5N)vwMub$_gT3yx$G<<opQB4R%
z#?U<{8a5Y$%E#*z0e(T@O|UVxq{W+!z9~UeYNE^?t0V3Vblix@C`t|9x4(dz=HN!~
zZ3Steq7wfSMEL`+z}98rPI}YcB{n1jHY(ew;3H@BOY47=gHP~_$}&@I?ik{gmfE<@
zEhU(5^O8Gq>?}?fk)2=9MewMYN)-u`wooXdxU>WwBpuT0wb&umvN6OKy)pLcipTZ=
zPi_E$>}YEl-CFFJ^>d*iJptL?gV;*6sr?JjSI;x^zD(wLp`fb1X-t&0rjf9gdHcf5
zIyiNBEU#qMjcGmSU(MgmRG$B$g25LYX)`X$vN?qv%U6Hxtp|<S7`IWmu=1c*#>ce^
zHA>|PL|g%kyu-I!sV4Ufj_a?j>W~^|^6}gx^VX=k%l;svsFaH~%E)~;Z*+2A%&;sv
zM&McGS^O0^sbiWTe-g1<uV_>;>HSi0kX0(;!><If6@@0AZfbg4D@CNIa_;^7_^h=j
z)Up!>wFJkww2`qUTL%kwR>PtxD{XvC=inwx3^L{XF1>e%KmRQ1{^Im1k7#UVra(Vz
zRd1!Q%Zb8E$>CP0W@ItdxNm}i?#9OyY<eCbbZf73Y)?!beI7F}*(yi>{Qi|ym_qd5
zItK}g-gyMA|D6Mb#cw-u0+(OD9;BbUu_ySv1Q}zA3~59pr^dUL1>~E$zwLafzW|3}
z#kX88aa{SvOPnY6*us;{)d>Osj#<1pGG{xM=a;V%Bd_Q3Q>g7KWrucw+P~^ST7N+;
zAZ3nx6!~|v?S%|oAj?D!=2Z9s1pgCO+x<HB2LRrU0FylE++BR)GktLHm$|sfZFJNs
zy}KhI@_?-Zrb-JM^jga9eex?AR7Pa>FFZA`Pm9T^TP1hV+j20bo^^jm-RoLHE5Rbb
z07U=+e{}O$6TDnq6X(V^Qa~OerZLM;>Rdakw8Tw2_;)WU0O0;SiU*7FWf2omH7?>|
zb18NZw~_L-Ppk<Ve{5eego+{>On4ak;gw9v!Q|K1{z<>MU1kOA7gWrS7v`binr>nf
zog@8BUnY-9;tm26*-cN?^(=~^(0y5WOr+XBtiAB`QoweBrDkgK2<^YTzZTCTf7gkV
z5}+MwLG|;y*Fhl<O976Y|25UMs8)JVXq9=FZGwQT+h&#R&AhDWU3bAS?(rIav#6eb
zH1kbuy$qTRj7S~KDRuu3<H|>B_!iQv3oURq!@xWV!G?Z_ceVtvv}sk-zxAuvbI0M;
zsDCoVU2b6GVogNsBdEs@TOejwG;muM2;_LzgTr}snyt%V_!S7-;ktvo4r?9YA4!0d
zD3dL&|NMZ>dU9B86B$Ra1$=%?fNarsl>0TH!s{o81iZP0wFCs%hYysSj;ybFsT(Ns
zAoIp3E93-vmiL-HECi2amJ=9i2h!U-{s%reTOyZ*xqH~88K{Mq<DUf+aoDap9Lnx1
zjFcoY$n?Ob-!5|h+GyiXL{)j{m}j>ob45K(aSOct1&=pEJZPZa0IfuVIwlgl$QkI9
zZgdnDX%w!X<(2k6B-t_D9j9x1ZS;tC8-a5+NE2M*0(K0{3wtgGztR3|w07nh-Y(H&
z!zS@F8C6G}zHWY6=2rg|kJTpCUK1jg=>nFTMba`yu>S1u5G9slPHOs89Xxk!wg{2G
z1(+h^QISlt>jjvPCHR+i7r^B5=08UPcHg!!-AhQ*z+U0>ljP^}2@K^AYy}Yh^_(OT
z)HzqPL|rNcfBi9Swn4s$@unLjgdaTT5y%s0)kctaQs&P(suvg_J$)VMwZPKRbfG(>
zgw0KqmC6&pcfR|1JXc`h)^z4(wGDi5_J;iTU?%WlMY}UYwgFlZq9f=R0bm4}f8HWF
zpFC%P6{DElSS7rCwPdpm1u^Zytm?RH=;rwL(6cj4F*zrJfmY$xBpq?ebw?0dmchaB
z3<V`aHzHgVI%Ww1x-Rl;lFxbok+NVnLFHWpsI?8#Kma0HVzSF%SXE*XEa-twE$ojQ
z5HV=HP}|6{f;sS_$3vm{!%sqld^@Bq_Qz=%TZ3h>^p!(+@VTC;;7(i$kw!Vu9!Pw-
z8UOu@Xv1T}Xhh1nD<&ch*FLxF-V<?)!TUkqGeopDMQ3<7pWD~11>exDlU|}T=>faO
zQ_lKCB(qMN7xh5lD1@jx6iJSgN-Id-Gn>!y|FSJ=K8)6vb#dF8wFb>oc!_3oi~4hp
z{w)_W!8Szv#bBLq=)QbpfRibnly+Kt1~G<HpJfJJ3O|iTK$?`2uX-$~j>^R8)8R+s
zzWv*(0a|>>2UpwIp;CtE+ixq_eRu@I5#Sa~gvR<A7;4A?=#!Q;nSV@+1ZSG*@svb}
z%mK6|<$c4B9_qV9vXoJFeUe~8{Cu$yi#*r4We2)DTAJ1gCWTuJ_OuhS+mzc@175~Y
zkm=G|jr#)9+j@~CqHWW~hNp&|LKBxc&?Nx|cqs4?3jB=|)uMktCJ=wQH$gDCk1VX)
zy;J_$;PXra5U93*yXs2<kb)ozE8yX@3<vd19eVRP15*%3fsXlVy?~Q}W1$S51$Qis
z7K$ZEMC}HdAR$JOT^ZFRcUr<A1(t<3itn@PVHF1EZ{K$22t&FC_g9y>=Z6Z%kLljn
z$>nICqkIa{_1akxdp#UTx5WYK5-bGFN4;%`ne6i1b7`;Rk>apqTnwDmdlbV{`a5M%
zKqK_yapCdL**~>B1$k1KzUvzsZzopk3C91n7b$*~t?DbWadd$VQ!}J|2&zVFngEDD
z0f~DDemh1cjKQm;$}%d_I-V~aR?Zsw3~{QE_~0S1VlBoX*m>YJKiJJcV!{IT2R92p
z8cf58D$bfZNAS4w_H<7Q$+ur-SCU|>;R<;R(Y;d&=I#{8<as~h>*I+rR)kSV``EYp
zMztGnXYfs?9!<^)D~rhfn_ck82Hi%HDwgBgS<N%tn;9RgL0+ExT5X&}dED7;z%Uop
ze%?(6^eLD$lgBmjI&Iu9&++vUa#m=0EwNnM+k-tplf)3%1Dgs2;vh`vtz^(8;kQ`s
zouImrEGoV=;YIQj=aP#a6@I+&f%k!LqHJf)P+%FF>v@;6ZsPY9R#idC{->(^q=cqz
z1iv;OuF+tfaJk*aC_{bhnUyXF^|44|9Uvk^pnhHU;(=j%4TUA34BKyK{@n<*HDcij
z!4O3>L^%NiYMj}(z~G!)U<Zu;NUal77x+1#BXZZ@utG7;3Bm0T#meE^Lr8Z~%lNGq
zMt*7`s5p3%c*b~4E4Xnrh@-Jl1~~EzoEgb%1Q3)<h9<ARbuLYCSevh2v9W|+<EyNo
zDdmL7&xTSy4>w1%m0Z?T`Bnmni3HdtE|J6uVoaop!ul~VcO18U<$c$T3P)rHVLxe2
zaa(9MoF2wuFCj~iv1X-GRpudIya)cN2oI+>@#aj#$i=LE*_Q)=iNiY4Z#aC*|5AJc
z5s*jTu@7e!?zYLsb&6H26KnBqsBBo$>?pa&=f|!mfxZ6=g}w2u(rI|y9_XjiP=`;c
z@#)Bi6kMR1Vx^|AaRfQs#N0$7@$bKpjkHKD;cj)?FeSWlyTe>2LuI(~vc-mN^I8eo
z*F7WN%L-4;xyUcBv@rT4s$%{HJ&5uZDpQ1-nR6bl3vhg?M9|0T75@B{z9)qLpYGWw
zzQ2G_^E8#XqI;(={<c&|#Emg7aw)G1n`bvRYTB~$_YJ%ch+z3t!`nPZ^|d+!p4v)>
zCU-qQuNT9^eL`OmdtDp*M$klg>9?IUSt9BAZJE;rk%DDpfDg(Jhvt9hUj=!J&`OCu
zmdD4FE%67i_T?FdrJpyv*WyBw9i(!f>5xHx4Q);BB1grZOsdPLoKGo))qpF@rJEZu
zIRW~#j>SKBZR9=nHWnCoTx`urHc>(YxAdR;$Ty%-FBCtS0MrMOJqs<4_*3}J>a=7)
zUZ(X&w56F7v^)f*%<s3Lnvi(~zRHRZQiORFd*t4F7p?WQfyT>;qcra5fwR;pSZp}i
zw6!**S82XF^r3h-=l^ZA>vc&hQT729@Dx#mAyan~jTg(*g(82f-jwp4h=+F`@?LQw
zEZRD9kZ?aO->lY6gp!?Z2)j9KRAQBSeh=IVkcOlUe#1y3(Cu<}*k(+xXrC$@@0vnr
zH|#@EqsFXt`s|}+hQyRqsN$a%hoV<!k}VKB=d^kFN&|f4oD-B0s1|j%aV)1$gS4QA
z8}Yw1m?@J3=;xEB3Riz<cq=khxtrf#*)i_>Rohb-Ik#lu!H*!V0FQAVi2_M)(k;|#
zob>kuev;$?#Zr61LAie(NFU%}rJ9p(O3NFD#nhhyX3K|1us1NQtG<4Db8VU8>w|-v
za#c~_Tc<iS*5?9v`So+41BGHIKY%8r7>iC$s&Vkm%$a}4ZlZCGBa8QYW-oR+#v~n!
z*aB$7tr^;0z>rg`*_`az_MR<pK7)7`R>{qppl`(DeW(O$bfaIyzU~#t5rwX1(VHD|
zR=jtcZU;0x1p%>5z;{2Hh`g-FWFN!;si$oZ2-l6+ue4`yp4!g$=<8}yD(Gk4$2@VJ
zKn3h!A&(_;qt_KxKMzEh4eVXEB6>8+jfY_szA@=+OM%)DR7X+~5)aR5HJtPTQDwfd
zb58J7;02Y!>Y{?bPXb{9sb3;duAWr!()+zUEV;c7UapS7Kzu4sW+?XDZg0S3wyPC%
z#k2n6W=J~}i*YN3?m(z)PF&wRQc~OT=lHqo(?=sNMq2<o=KYXxvrj(vxL>@}XAgBT
zgS~eqt>mJZ9q2l{cF?CY&RqvL#x!YhLc0(?1f>{I_00o_q_4KtWXBkTCXi}3hc;x<
zL)CZ9{k1g{_~5MT@bMn;!w>1M`5}dMQT8jR>N~40vO)biFj=hs8n4k~(!|$0b0Wv>
zPy*1*kQS@nSZpLp>%MoobFeEzFvd|Vo6b1zoy{EtyGlYl*&&<t0gCM?);2#AW4k}I
zEq%K$f<U(_F%T^~EC5oIOGd~6u2&nN(yt*cYBznDVDnl%znx|hTpX{2olwc;^qIoa
zvbtwxz$)o^K&!AGCjHh6{JOFg{JSIRv*Rt<V_lKHeFB$WZ0;dI1Edu4)H&3(qsDJy
z_L;3X2PKG9eW{(dPdKS?5PV#xsW6;;$41b}UAc`OfT|mLRpGM|x1+0O%>9|LcX%Ec
zy5|FQ<zcov1-!JNmJTi`1lhdst@AiISg0yRP!6Xb(q=TQ^>D9$2YGEtaiyFw?S3wo
zzqK<c+km;bxmB|Duj<o?124xfG-YFDFkPDb!lxbB&X}+#Gb+(Jj#JkBvm;8$Y*0)8
z-qzlZA<|$H$$Z7A2vDZzE0MxB1W*7GSIQJ1S+>Rz4yZ0nR=?{tvPjl%VaOM43lKNk
zfJ@pK!zHOsqeg}3E1ly5SCTX7{D}ysrTd(^>NzaVv5_6u$Aw4LgWYyX$JF)CVN@Od
z2vel8LlzHy-*WKylaRYG3<;0ZxTvz|du>zX*f%#-YN;9_9|=-_O$Bss&l}b2ENY76
zN7$_JAHUiaroR4L*ix1=*oeJ{jb0)wg>bqF?2kBW|BUrRo$h51ET|Yv^$z?WP{$^c
z+0$#6$5ZP<Dc<~CtKnY*9CiNQ${^=^FZnkWTq&U+tQea8h#O>fOim@Ahodm`09$BO
z(>U_&()>n=WRweXQrvAk1(E#>aZSUZBBKK0xrnL9>?ZPQ@ot)V?MO(6f!wm083MrV
zYOxzd{wy;1x(4fZp+^1oE=GZznhzAK+Z!${7FwE0!0Mdfy1J11Y53#rXuIp9m+nSF
zDn*EJcufo~a`soq%J1d;yFWn=q+||*wG+u+#`;tEkG^B5EBgny@J-=8r;ero7j^3g
z<<lZ}h<&Pz?$OP@VveX2fqamFwTO&UHpJzx^gJ#0=(`9tEEXWu*RDAS%1D1ot5Fg-
zH+MOD!`-F&k@=Lq<e<88$VQ&=SKe(k=A3HTLz^O<^vVk!axT?DlV2W}pt%~T6&`hP
z8dSZ;#MqpPPt!Y?G|;T&_UZ7urLx1zc&@qA&Mipu=P#(Mw$MOc$H!&Z!Ap!uw?mN-
zojEP{*WRZ!Kx{oRLKuyQNtdt+i7*J1_^!Pb*l?@<AAqh+rym;~PQjmKNZKt2Gd5RX
zgm&;uM#G#m6y|R8vW$9ACoLgQ@=#_Zc7|~LSOMI3zN}>J!wB56`|w93S(f~o<?L|a
z(6#Mvn@+X=%clK*Xw%ovHaWLuuN;g^Kr`h*FF?iP|MgbP$o+oB*8JThXIJjO^Eabg
zA&lQT2e|B!wAmMU6!P4g-&Jy-Tb0Na1?C!<a&5Bc7~%UcSyBGo^^iBLtpM*=RIC75
zfez6;meHb7ESVi>8@Wp>8!3~84E&&iE|<Et2JC}Hbp}L2KL9z{0hH6A<x}Twz*H${
zc}FiG<-7%LX`%k#gAYeaB!jGU+jQ!2tp^ddwIa%T;Mex*^ghGVTQ|!{gW@h(^{%F=
zax_sO)T-Jl5ZczJ@KyzjVW5gS*%5zJ8N2Tuz|FrA(eGPG0&5(F=swj7`ZDcg9Rn1z
zZ1wkMHCr64SeKF=F!~|#54~%s^@IMGAR~dLkJR3XN(>Mu0N<xZl%A}9ycF8Sf*It6
zj|hgJ@q(fU^OQC^zY}h+-xk>;VtEsLMqpO#tpj3xR3XPbesR^O|Hb_ilTD}Z91ez9
zrBXw9h6>&3<@XA5CKCD0vC*=Bi~0DCw4isRNk@l<u|J5wY0M(J1@53*9HW&R-j#Up
z(iKitH98s-4u$y0mx6Y^6fu`)htj*b*OV(Y^XILJ`@q$8S~pCK9ZV!&>P>|o){wIA
zyw3Xt6NOFk9z|yD)g$#A8;x(^_4`fSXWR*(zg@xZJb$!8Vb&o6#4=Q_LthzFT_c%Z
z-&EyqBPM|BW!>dgeTWXGB8I%pQWH=JeBsFqX)VYswBiWnM5m@i2a&@MmxmTGJYOK{
zyvjbk=PyE)HuA0GdiR$E5-;d=1giiV%^}Pmin(|Q3fApkD=KW!lK%$F7&aSABHkVq
zeZg3nXa%|7?=<(m5KyB2FoyM%W6|oD9cL%j=%T}oE*Km?n|Idi@DhgjNkmt0CSGkU
zXRvPRJOPrQ7}<7}ioSc$M%P(Ruo~Vn>|b*ev(4U*U)iHkeN*$O8qpyd1IRb=KljIW
z3w0pQO)eV(4K6{r>mU!EN)y+HZodmFm9;w(-KQw3CiE2`HVxS`uy-u+H-rd~KEApq
zo5vFWju5rAlFxGPHTbK)MF3vkb|f5{a%OuJ_vEx*7g9G(g;fx&j{&t%SsXm)@ONaC
zGAOR-YJX+wTmpl@7Db@bs8eqfH)TMYWA|zvAfDdyJ$ltJBU`Kz7BZv_ez@r5Lbc&`
zC%vAPkvu<PONqu;4@D8Gu}xC*PnZ_P#as9r=cnJ9fgPKjJs?8Ujas9_OHkL7jxD~B
z_$c^XK@cSTGx<TCc@nK1zyK}L3I~<L5#LgOdD7YGnsYuFIwyZXO;7*Xxc0)aQ9?YR
z@I5gl#%f=GVcL9d8<SE%R(XWO8ukF(M&RuXp34Br%4YkZo>%xp&sa-~&&PbFj}mBN
zTI;@aJTGbrAM{4cE`UDgoCU9f@PU^;hshUVBac8qpO<wiebT6S)fOXyf1Kqbh4n4<
zX7mqP;sqlyl^#6+;t1;)L+GLkRmmSQNASvf_n}ZAji97J;>Q<}*8b0EiUq)bF<4s5
z&kGSlW(6m~bB^+%tb>hFfZtvy())v6cK%^N4E<<Q|NF+r+nZL7HdEz1r3%X`{Zk-7
znFO+!W-5|#K{-AwJ*A#VfyR`#CrSA?*65??<+TIW_-i6kw?@Vilu)&2LcQIBhSj#4
zfKLiaUaTfH-^X%x_h)x&Oe%gp5JwA}_epy0jz)~wqJ;U!073ef2u4=2*|>Cg<MPi(
zlvRG*9hM|kCkrnw^F7>^jys(y9UCZI*tDqhKVAeUCflpdhY^?m)`51Q-8?0-6b0tl
z4`GiJ*R>_Q?!#bOpGS5!^4`}1%)9{d{r7A{g+xf<$U4Tfwy}XB-Py)%hx#kiF7RR0
zizzm*qrRSJCxW?&^4p>NiG<}?Uep!L8po0=(ML~uH2229{MjaWiLV-`DU9b0o313Q
zz-Jw`0jAK=GbnBSBnLAp10gQ(LjcD_QEfl6R%6*ui*w9KD3AXQdE$`iIBH<pQh;#b
z;^5grmep|#Jo?a&s(*TpS*t+jfh*&oRZK5!MwLsV>yK9rvRm*euhCbH1SMdi5HC>W
z7gEU>ctAI&2B#T%!vv6@!2MHFuw3+Ey){4##_<@Ueh2{;>wVX%J&+6O94;m|clQza
z-s;K()~qG?vW!QEu#G)z0ud%!^6A2&Nr?%FLABvX>Mby&u044(9Svqx;B3`VG+{cN
zpmO0FiNsrg)zKQYz@=Hn{a3-u<vntGq>Wh+<GfnVxL!dHl_z1iy?2l2UWP=_M{n#3
zFW6cC<XBcx9ACl>Q8YiElkCBKL|d$Hx(5a$qY>{40S*)|<@SShesu<vP)fb8_sI%i
zWP8uyD6$(i0o^MmXLUMZ$*IO*RG!#-RRq7>h?jKAClzYeG3hf$BXXzT@_{1T(hd)3
z3!TMLap1-Z=i9v9G029%;=4%$Jfp_rlx4{nOFRrJA{t}K&@W1l1K4-n<A9xaC_b6;
zG9g=`Fpc5ssR`~YOg^%U`Op$i`m0!ha!<hK-Q!?IrA}wBZYYHfIaL)L#mfqy&Qm8P
z{z<y6W``A?&y(6QLF6CVFBaSF7#a*@sx&CEv>I0wDcS=yHBl}5IoqFhWYVd~Ogsw=
zsopHk0(oD>zgYlu@4NP($YQBP4YK<V)CVg0Vy^)-MG)-~3AvD_;8s{@AvV!Sre8Yo
zZsX-uN~^%oBYmC?Jqk%;vV<gyF$gk3aj8|rf9|pV$=2UuvddnG8hYPnJl%s%LKaJq
z9r-lC<nK>>b5|v1Sasi6w+XTWcV%2E?-Y6BL>_ZM=YNleKI~D71Q=f<LdX#q1}6@C
zq@D63uS3(PE#G#c8>=Es1y?xa`K_$u&d+6k%}nZqYq)x+=4uI)&d*Z4wQ-~NGTCZq
z;?lFCNjC|+q7|_{6mM@Jpehs%E+X5hUw`ho<MPa*k5?ImsbHfV;x5rg(OQi7>n^b8
zF0#_G>A&r2kMBZUhQ|N8^%&$<{tm_ssE`J!R-<;t=&~LKFs)gg=nlBN)-XgrF_`^a
z!UF8q7Eya>cddeIV8h9k%UiDN7XY6&yj?*EGYwsL507?NMOcHo3?|W!uHPz~GQh*I
zznyFlE1p#S3W<A6L@A`hx3!1WcstS)cIT^;NO0Xhrt`(W8h;|P_b~)6h_G^`+0N?5
z(4)9h#C}=|_2#f|e8~upN5Jv~%PT1ES(T_b=eE36sJNJbJr2ayCySYJv8swRggb~U
z<10g0l!`=O+L|L9!j{mq;ha7ct1nkrpR_3cf<p|R(N7!M3Zyt`UNk1|e46peULCb0
z3#g&Yd;Q$HM)>;_H>l4eMh>3tLX$g3X=RekKGHsdR;aOM?fp<arL@O&3{wBzSY?z%
zXmKe(-Q>j|+W8dEU=lI0ZBH#82H=ZFwb7GNrr|d;P3<gT;?3Dp@T+cLgiBiSX3yh{
zO!&SjMs{910+%#sN^@oYGMNZreQF>>NI=7i^5vNwLkmHy>=OviPOe_R07P|xKLMqO
zriZclOS%EHYt|DG;oqr^c~N747V?il;y9F_V~>#F3JW-O1&dExgR7c8e7gF&KDjZp
zix0%>Ef<TFOgLD}+Gcyvt7oBdMaR`w3zQ&97MHnTi#dr{@);DqD#={`|Fe{z8U!gV
z;CQvS$f&Bl=bhrQnv6h>)NU5AZZu0_CJV<fVpMffuJ(n|Ywsey#5}m9cDtyqp=cKZ
zx6yDNmd|}LrdXbukO<l$SM}9?L7EewcsF4rGmm=5z*S;RYpb~EE9C`SJczgIpuzJe
zL6ic8eYL(Pe2avqwo^IT8;zjeUj!kSRR@A5^gxG;r!_E|*Am9l3ZLhg>hSi(0jg{l
zJ1QRBRb+8IL^?`)IrXejxre;Z0CEY-Yz<R4Y_3dyAU-QaSRahGXYvk7nvTD^hYITd
zR#7P;vWi8XZ_F+1MdV+(j<OA`Tc^e?$=qsVMJjlzLpty#wgZ5#`@8`PtC_+S`*8c<
zqO4id4LwxP*f%V!oXlOcab8cj#2{U|23RQU@Mx!)I$1`$z6%}|mPjF2QK<LPT@zA|
zvw`#breh7j1}i)w9x@SQGxoj_@|wF028a9b#U`KZ;sqcBQE(3V=U8~<V(*w-p_mq_
z$dLHTvnr^cEy)gF7<Yey4W&%s&3br8TSa0Q2rz%YxkF*i{8>4L!0s08eiAq`35C#@
ze|n?tnY*IVevp#RH`C=hO!6Rj8th-Bqj76YPsYJCXi~~%32v}dx*-@S=edjl{7=C8
zo_$z7?h_7edl~E(3s7|Uj7BYnl8ogsy76H;9vQV&X&9KsY*=mRbQ3=mD&GjBC?*VC
z;V$x17^I^20$9OwW1d!|%ek#S-5NIFXZD-l9D^8k{tW3#fjM=jSU!I5@<ou_Lw{Kl
z>Pb-ZaCski9TsR$?_xz+PHp;m{)nI=+BLA#wHd1gka`~>3QbNvaMr@;-+p>3!x7Ur
z;&I`gtH9&K_Ti-qE3ipN+q-uiZD0{WVL>C8!AiW~Y4>n@)sM2Er$|rGQlG5F8!asL
z2g=D9?Lhqj!kWX0=m(fCp{Y%G)>AML<J4n&!RJ$|7RCkFGG{a#Va;g^mKfisr}>6D
zwIf#71XW=_07gK~nrOA3S0(cXCK##WGJxjviXS}<YW&)9QN-Sz+ACbZGUpe9zcb7C
zSFl$%5XvZo<kH+6tVM>#L2-OC%|ulQeb~%ejSI<17Qk?0P^+~W_vFs*$DWkoc6@QY
z{e7{IF|bIlrTg<oF60j595zG?3oW%uIxokLKQ@;91f_e*po+uFh;FlDhzFV$88=8X
zrJ!6Qxi(&P2F^bnZ7=de>StQ7+RjVEV7&vaFczc`mdvo8*XFdaoN0gt=y3z!Z><~i
zw8JW4r?MM(#AEtoe29cb8}-ydL-fz)+OJ;Fvu&{`aRWnX2;1!(P_>!^uMv;<j&qvs
zgjVE8<%(sZ#Yti0HWj`aT9bU2#VJo?eiRw)nDXag`|%S8OUZSxuo>~eRf?jY<6Gk}
zh$?w_ck<gsilKhXpR8I4PW^R4l2%hJzk_<5;(<8BR?6+qX0s66ZRMa?l;LR6Qux_7
zT^yIdl^g+@QZu|#@?dK0=MZAC87Z^Az|1v1d%$BSCL#wj<UHrAPZrD?etM&}T)Flo
zWp^;vk}E=o?!O7<-S_m)r})l1d3#$`?&6+$&0}U%rIHg#(5n8(fYlT&4WNFc7)=J=
z%FcxfM91&4X+2BG$j$1jy@iYU(k+z)@I?pO9Vu92wiJLQAdbCpGwG#)^7b(~DX19u
ze2OpIdtIp=obv@tR+}L9>oRxjH_2@$yIxE6CSqpYQokn_mKRVX^435Vi~FSzthHCx
z$*Z^aWOO35YN?_BN36V-6DJn!nR+0uodQ!UOH(}O`uFj^DCV$5*cuaCXVyb`FSN9u
z4HZBC4co3@E(PP^dwf-8T}0eob4a^b`p>W;-Qmz*y7V452Wcj!Y61?q5tCpR78|q5
zgmV!S{mv)Nilv5R<^i_XzcR^yL3Id3A}j~*q0&HluftAB?ikoQ7*si;CiUs{qiDl`
zE(k%Ys$gI!sM81r?Wam{8@8fg0}oqKsw11fJ^D#&k_Gw5>kTacC8XJ!h6o14hCo~z
z0*q~p7Gi8mVzZ@q4d8_<q^+>g6>?cxIYyV7LUz%BX@hnyiM4eEU_Z8PSf<QVQ0eJT
zoX)F!W;X4~>UeenHUm^4+z2}b;Fn=G<mTX-`3i^oGX;a2CTp7&Q#pUrQ3Gy864t=2
z#qyx*1D*s>Hsb>*Dh`uN>q;J+6K%9HClz=5FamHbu9P&;bP7y=z<46}_akm6{;*lk
z?<^0A3`nfk;2@svcnQ5wLBbc?oEnwrd>P^wu?QxI;Oe5KK>F%T!tzBF$}YUVYOVn;
zfHr~2#CR9_h3t~c8^*&qK+-4xJ<mx}mgKjIB#SHJaBK-p`vlEqOx*+QMkVeF#Hff?
z<!6_CGvlCDV{Zos7~_fxftRfqFTXWQ96MhIagHz`0@-oaD0@~as&gZEosoUP^^t8j
zaz;H5P2y4PponTXoPqa+=Kvlfy#pGVMK7oZTc+Ohay}boOuO+FdXr33tcfeHAOfDq
zPs}d*o`xE!8Q5me<4$oc-~*gjXeY99@TuA>6uc8MP5qJH(YpdpudM!1-kmBGLFi=e
z@bifH@{e{?nRC_p;5r@!QF6kF4Kz_Us_v|#dt;<Xg}e^PI9%A-eGIkkS1KsY;+&<;
z4Pcz(WXlXF3MWxO#eerlfi%UC7p2r0o%^y>la@xEk%xuV#Yn=~Lc-H!OMX`~FT(qk
z!CL0N)zkH{RR#EwGeK(7l|b%pfZx1|;rg~JDzwRwg?C=Yd`##M5o9GkKr95JP330E
z*Hq7^VL&75;ne?w+q7_SSd(I?Ak%^QZ}B!~t!o#}#Z=wbEuP5J7-GCz<ik8BAy1nm
z4&#WRJnK0BkhNNc%H(fkao5}+(UVu+6CSkQx^qIk#maQEH@BsK;svsA7XceJYQkd=
z@81qQ#Ljr#b(c46g=Bh#uY#*|Ez^%BpjyiO32*4&5<8~7A0{$v?&T~QX;0nQ=?4f+
znVRs|mDW%*yWkg(W1|Zx)dAQ@OmO!fE^R2Aa|Nx51mp3=##V8(@wqWKGol?{lJRb;
zG>vg*xFjNqcf>vah6G8-BEiH2G#;OAnh6RZ4p3%EF0NVdTKMgu9F-*sF54jsyx_ms
z;*SjbT%}Slt<OKumo~ek0P=?mU<zwJgjOJ)f|qr@*Og!|-({+QpfF4oOM=W{Q+-`S
zZM3j$+A9D&{v3!V#-9j<9Ljxh4#zZ1Utn}Ffeew3j%J^$s8n0zyXCC12UVu~+1_v1
zw*KPchk1|*pb&yN70-FSx9@q}%!8x=?$XJj?<f)<NKgY#mc`NuI7_e36Wxbfz`Tpr
zJ$&XNSJupp*`Z&@#4vnp<Zm%SFbWkI?&rU+E>j+X5JKLD{kk7RWaG5qld%Pn=<P^;
z_o*qzD&t*TvmE-+Y;vbOCnRxfX*2|=S#h}C&oWo>GgaQu&qUVQDu~}e*fq*&NjUso
z5U#Ng=(39Ko=G2+GKw#}H22}Gfv`h1cJw%FYpGcB{K9xHt|YBLIhVc*$h;|dZRez;
zO9&d|j?K+1qBQAJXef0IHSa0bLhnoJyIY{UMGXS~#htWcq>Cb)AQ_YZSTJxa8Nq4G
z1z+HPow?nwnotCwTM|BA42e|{*l;2wDB>+yAbCTH`WH&TWd+^v1Aw#iM?PA)_Q5MU
zjxqQjS1Hm7!__4X>-Hda_Tumng{fVVE6})m7i3@URN=$i7f`0iTSC3@|26}!|9z+0
zB;}ssMorG{6<`_M_JKZ{8H>r1dx1e0$nM@+#Qh$*VjWt%7T-a*&y-hHEh#HMkdf|*
zz}NUlO4wTx0YUTCk=H?5&JRvqYk_L3%l}njH_^dH(bf<9H~p^ox94i~I542@WuvyK
zqsNj~!i_BPm4n~p<JnV@{fuZA4EL!YpsWY2+opCZSgq!|TlLzJx|nJY(<KT(0Ilef
znU>V(D>{ci_B)w+yBk2VdC3-xwJ*W&p-FdaomtsN(%3nrnRxeHkf>d*^}kcmN%%q{
zk3s>@%<Mp6TLft52KY5`d*48HPRp<wR%6Xi<`9@~NVI!sVWcNiATR!*WLnFi80jF8
z&>NPsr`?B&YfmVaG#{PgP|iQS|DX~@9OVYw%a65NlKunh5g!AFcCn@xCgHfF4O66r
zb}Q3)a*1&v;??Te?6DENT|sNHr&7A?xd;P7eXtU6B8dWq$P=()kdMCyDFYrH4cEU9
zzvog*gQ!0GpMAsRw73dTrHc^=u2bO7BYCEh0u@`aFX`JkkJ86OX>D=BNmc#UYt*a>
z;*Dd^uqyFLIxf8zWcZNfK|6Pw3YegTJPy7_lIKFRMj%Vq>>OK!kV{DGX~Hj%>u*Pi
zn5kO9*0^2mrhYz4RcMqt5H(fwQ>4&xGDG`}ux-WK6_i!XXDvQ-YT_!E{(^fLH1{_#
z2tO^2DbwJHbBg{4c7hx(OWfIM<UXA5WFNk&u^=eK8%7#vYVZvA8x`Mp8^<bB8TLPs
zr~_hfQWJVYe(NRRutC5;gI2XDFQayH?MrGALsB2d<2D@0cPki+7QxbE*^UtzhTbHT
z>$j6<D*pX&AnAm7*LE>eD+m>*>2_1W;cLaJOk)6as;{<>Yw>y$e!<pY^HFF)b6o-G
zfs&f~H}m7vR@Uc~Do+GSnp&1QG*2@BFmaI#>0I1yP#WgWBUEZUXQ1U$R9V2Z;}Z($
z+)c*fxoFRe&)@XJPiq5Z?Vyfo4|wbv8QFx=Ue?m00A9y%w@id0Jf-9q3H#l@F_2(o
zK`dtHkUwWQU@gefcdYH~ow{sFRJ^1~!-yF16=<V8>g!Y{KXI6k?UTi>GBeutjB2%5
zBQ%&F{mmjorA*p2S(o$i2X+sy#*s9%1H#1D2d3xr3#>eHr})vjz7*L=(KAsbXRgL0
z!0aqpZ*8{$J!0|9)l-=pTJuMyOqGjlQCAE(Gc}80%!lf^e$v9wWh<m=0l-gpm}MCV
z+OF@V>=TUKhDQutn)b@rM1MV<%z_2SfEI{MGc^?rNq@97yQW9C%d3{OiXM3k_>X`X
zzCx=@1V_%ydpgyPNEx}k#^`T^?>_QO%W!#3DL!ry)`^|?_iKr3Uh4HLwX3IynmE``
zQfrl7cP?;$Mi41?-lku?8j64wJ07Z`jfQ}Dh0ZmeCiYqY|2o40z`iBH_`7np31pkQ
zd)YdbQpztqrCF_sKfbT7n5cy8S>6-NUp?X8vnQ>FNJCO1@KY}LY&L7<0LQMSW6Sm2
zr6U^JBC>Hq0-FVroSUF{9Ol2>H4r<*a5wc5Ce^;rQ|W??0zrD|W+N~kv2<3QK3^im
zJGxzmGV7{$XJWDyc?(fMnW8rXu$rF(GZ=u#b{Dr)5oPlf-A5QrZgKELdYoJknP&JT
zdZK*zDh8oF${Rr`|15;eHyirVA)?U=@>&$(fHCjqgiz;_|M}Fld9fjvx1fGcsKaju
zdtANpp0t{en5K-;Hq?UDXhDJsHt=`|+4klN1J5>$xs&)XeKdtWdB*;^0k5#p7M*k{
z2J2y;bv~P<+402<s*7?k^AWHr=gGpdQ2phIRg#fOl?cd%s($+umCjuzgu+cQ1b%n`
zY6;@S{O;B^t-tiE%6Et}`7lz>@Oo}@?8B5W6nB+y3F~+4_ceN%B2(X6yXQsm6KJd}
zu3womj^fLTjEfOE5cdSJ=EP^mA>PwRNc#dEjF$8=?reiMwg$uCb`GE|x!ENUg5Wt+
z@HzWCs(=ZTQ?xJ2=)0cry&<7*K6^4$6clFcn9#4f`*f=fdn47W%IOfy*nalJqW+i<
z=dX#j`C&%VX*HQ)DHU~gDmME7f`q!PdcwlHk$_mJ6v)WIb*XBy)z~R-Vk7b#jM?eR
z7OWjz<L{?5#4bd;-!OLRk|9@n{GGAw#*T<?K0b*osrG~EH4!MjT^T}FzZXdoPCd1?
zrkfKKyVO$Cq1iN*xL~`);iXkDJi>X(4@-1~ha7X}ODQbKUP95vhxd)040N;`Gsfc8
zZ<oo5G(j?<FsUAZ5q+f*y<3etg%N!!Kvu*-^j5-zrFQg9f?zUhn<;KcG1;eAo!_oq
zG9f-{R?3J1Q&Q>^r1+=ne(52DU!3aG70z!p813K>F59(cRX3@S5J20*4i6w+M2KdX
zctAltm=_{z;0IsxOadG?S-KD(rU<TAd4{a;!52aV%*8A3d@`0q=y6ids*Gj<;}mTa
zqlJ2hjva^bu>&97zqr&{7+($ZTV0-{)uy9;#|7AyAr%1yA(X3E@ENLsJJOe2izok=
zES1#I+!q}JN@Oa9)o4}80m-kr7WkVEn4c+N<KzoiPVwyPWt$HF4y8IP;&xCJvn>(l
z39>5AveKAcIj|dR=y*-&$si79v^1huS?WI*3fTEwzL}O37jUAPESj)VwSYRNz-^1Q
zj`nR$<c$jRMY<7ya7`6x#EIY@xO+;`Nr{LR(f<76h-hQcbdWT+{@_5^{Nf`pKx;BY
zN`$KLn_4qTeC}0{W&K8$Tf21gS}b8qxx|eDBr;wF!;SOY@;NhyX9<+<7s%_RfCMWG
zRq=p=VvFmQ5+emH-4w4h8g#Y;B3@WmfKYq>HFa9I7{Bc>FMKy5rd2n?`ONHubA+qd
zhCa9M#p#?TB26@qwh3jSJ~0a^oAo}mZ2|)6=@*2XuZe^D*18N0`c854HL-#ht96!_
z!#{Xz3*kkgo0ff4HxOYTy#SuO0w&<IhIV9PnqH3!OP;T?7pzw%ZI2o!&lGxt3kQs(
zj87PxE{SJ$W^-vkWGLy-t-t)7zdngLhwa53*S=`8iQHvw(9rXToNLGTuK6WQf!+)!
zEefU}nHZ9qQJ2V>S3GS4K6m64OF1P_P%L;6&$KIGtf|Q^i@Yk59aVu*1AHX}<((@<
z$!2#5CH@<76BCPfVeg*00iBL2(hj#C{S?1}Gin21PbwUpK@)z{ngJP86MJ8Wu=!_O
zPK+QguQ=_wZ4H-X^(A|gQ+IS_m+oYX+m`E~<dr!+0+7aW2JCYuTnC+e?(5*_36A>!
z<oCNf8JhRA63h6dO>JbAf9L#H4&1v-hJCkG)*Meb%*Ts+(+L@4!-|rX)Qchtdej%m
zt4pT7hwz@22X6D~Bl2;;Bk3PL=tH8a;*~a~N3qZ@HvFjculurfB6%_2o*lJ_`=lp&
zp{euv&%Bl;ixzBrqXk`S$kI~h;xN?l5$fA!G@AG9pTyx*Ua6TfIkbWdEpWB7oOKpg
z2HH(re6a=_zJ1UptvS3u9T4a#`~~mQ5DxPifc8lI4XHh6@plZLTOXT9>iLGm0u4zX
z_sJI@?hgqvKMp|x%t|hsvp8wjuQUKiBdduw`MaYARAXQ``T{P(<P4RfJ<Ux_tc-16
zMwzQY{sWg3OFry{g7EX1M@^wo`6pdZ>n^#wZl)sx{HfpJ(_vfW7Vdff(PVIXhV=70
z;E(=1h9&A*FBA+&4z%q;lxnJIue{@z!m6=CSIf;^l%LHR8U$b>mVYUiO9Z<0NsQWz
z57a%3vDT?#5oZZ|dRLIj9*2BKO0*#a58eHeRl}m69c)h?ipU4qE)X_-tgHP0Ip>O=
zX~_vEdpj-pASe{+b!Y;%f{A}Ki9w2Co3|aW2i%JA^W#MTXKKyrgx<3neuG9^31Q;B
zu{DFQ3}w+9Dwz&|xlhPXYe2GSF({D;#wWbxn+-EXYE>XN9T(3aZU4SH#vA{c)X7YL
zE#r?MDwy`uoOU+0A=5z>(1QUyaXw3j48ui7dpn1)_Nv=VET8NnIV2(!cci!$z+;M0
zLVgJs43U4Rb)q7iY+R9Z6c77+;No*u8Htp;zmFvd)?M&yg1u5OLWMT@;Hhd~Zg6)d
z<>k@;gj2Dd`mWQKmq$PYVa|(Q3|3)JxWDQbXHSh@`CAo|Qy{bm>E)U8sJThR;$f!E
zyLCkf{~~Df%c?s2>+e&;t}XA+xq|w?$3<-*LOBgB(DrR{`c4d)!x~Giyjs&Kb*<$I
z?`T9*;m7K<py!(>WRWEChA$po!&5F?<sAw%dPCaW5E+F-Fk`2!b>#Y%hD{+1is)=Q
z7tsucw|j|Z1}&2tDGAN+fKjCAc$}A06(iQzLW#~+{A%m@doA>Y$_2M=ZAXgVzO28)
zzkeh52z4;8KZ^p$mT#++prJ0N;MbWXm#p0ebs#p_yRsd?-OtOE{bT?@+bwRhq#mVv
z`b-0mkQLh@%fG=>WTqE#6=&PREZK#UXe?zl0#rmcZ%wb)A9`-cyPk5100X}rHrL`X
zDa^<B4t_0z*%pT4+>3abD#u}{=K#TFYe=-wWU0Lfkou~ov)u=N>%1qqujwD*TX=f@
zkxn)>HRcXX5ARvZX?UzL{*8hs^>ueCGZ9+PvBuiip@aIpV`BtR$HZAa?`_U`G*Eu?
zI$WT4#-$a8p)v-lsez-(^U@?i;Rs|r{P8&4Z<-AoS1(J~>0=x?(9B#oAE$3cu}+^a
zwv|8DRL%{Q1Cpk7?=lLG&;OC~JY#jwy69bGM5>D_WJ!%GMOz)I{Rn*^PN)Eh`yL4C
z*fq@^_5ebO^w5Xe{B{o{apfpA1G@Wu3L+NFIbucocG@b?8r~)B?Cl!X0_IdDZ{ebN
zu1z#k8WcmjNqbY<#K2F;qCr|v8A_88^<_|Cr-@mUwDohIsd>q7AyV#=$w~tz_g;QG
zgSujZcws08wI!G65`EL+P1ID^$=cx4R}raBhc_75!v=yS|5?#UST;7yJwk27ib)5U
zDLA)T*6BGZ%$m@fNky>Kci1pPiZctr%_-ilxh&Tr5({?uK+c&E?esq|^^$JM2m}#?
zuBdd`TEnGjC+Q+>rsc2$eV`&G&(@Yu_0Ge=%MG*g(LH#$)DnBhV#q=#-&hQ>>3n^0
z^MWhmKt$ku=>YfRujF48EG2^994k?6+(h{=0vMM=$z6Q~+jaDy6{-l^taBDa5cM)~
zwV?2|pjkjFc0eL;Kh`>5iBv7@5yZM0U28e}zjDt1tfY$&Poz076Q)uWu`t7&vQC#)
zBt8u+>b0saHbOD$9py8fk$ighP62am*Pedj%Ky!$D9wiU7~uSeEp}hg>3Q3JuCR2|
zW}JB47Te?~F;E;%D^F|vYOge5?SHolmkWA-?p~|#@3o5b1y3V`mW%x5@%EER2-cSW
zGhysU_YoTpsO$f`eTa<w0T;}hegRE<`xl?^@&WD2sjO7TjwkNPaQT*z_lZO|2Sq<8
zvbMcg0H;GC^KFG%E4UEQBuwp>lnN;@ggrarz|tY@jNUocEeI!`RkE2-vqZ{SPrqRc
zJu01(GLL9MP8Q79P8S&)SQImrKtUuXZ497J@_9T^^f%>ec#AveA8(}rV1tBId9_Fx
zioSbIOs{HAF@5*7_ChXDXsgYJ0T*K5AgHh+_<|bVqKGXBciho2emx8nW?%03O;j$8
z$}T$&(Yta#TrDKVVOl#Kqim6hKJhjACW&)=q*ILH&;oQ8@HQ?x`!R|@uT|~INh521
zNjV5evIe}(U>a`dh55rJ*k6W<B0<@!8%2aOB{AYIPy{^uzJQxMGK^U^SauE2CfLN@
z6Xe;&s69#}{<bz)2lzqTaKoYGz26eZ9q6c4*;Xv2&=I>1^2K^0S}6>@FIu`Rmj{c@
zfp%uXQ2)M#jvM}(<ZIsAPv--M*F?+xq2c?=Q@wWb7c4~IY>WUaze-|*Z`e8Nk9<?z
z5?$ex9k^IKE^J&m_yAO8)U^`Mc7QvzSFJohtf2cyg|>OwkBEII&&*0}r$SU-W@H{_
z(p(gTuo-5wbIQtdm9YaBGj}f8mXztOsd_N2(7R9<&J*#BNK2-5cMyQ>Gi7Y0-o9F}
zkQL;?gEqFh(iErT7tbu@ht|F;sQcQhWw_*>sA|b^4M%vJ^F|E&Zx{V1BZWH7y`WK9
z$ud18p=<o02+)hD5UyH`S!p^9r$D)x_cNzm6pGA)y=-9`^0TS%^}2*Q46FknS=5c4
zNd;_?lcSuz>3f*XE4cSyE2QBzK>5^)9cy$YL!V3O6u8#zT!Gj1O4-M_Y61dF)_{D)
z3VxUT2GLoqd_xq)6^PCaRBsd*oCj*0RX+K`fRP}eGJz$uh|u*kR1Bj+tc_=`VSg$R
z30O7ZJC@{A<LFq$2zIG<5o0G4Xs{{~+4Z9q;`^YPas@?EvZd0V+3C)dKwuTjVZz~{
z)>&3O+3fg%9O2<e-z}|2c5Uwa&RjLSVHt+-cuBIMX@Dg4X0`=kNhRWS2iS)$t=-ts
z+VR5pcVt}EfAKCFcd{-_JNLE>fwG6C+lugpn=Tt!9gN(FHd>EvLlZp_!r9^o%x%J6
zZ8?}r0bKOXUetFfB0m%Z3c6Q>%E+ddj%7g`U_6qek77B<N8=<10(W;)6HWc#uWtTz
zBFZ{dWwx*j!tFjq*6(hRY!31)bfx;xMLWX)^}%*}D%{Z_=yrPM;mR8fveplqkQ_`a
zG+OVt?}%kuu7VQn8i<1(KCVR7m(bU2H=wHX9VntWWD}3$4fkA%tx0N{RxOUaA)Toz
zNHUS}O_`{WeO`?}=r)~n9$z}Wrm%r&{1Ab6D9A&79Zn(&&$s9PFz!enSKB32nbgmJ
zEXG;k51bM&OU%74Q;nr3zu5!>t;yR-B%%`qvPia7&&<&0Na=xbn1qQUTN%CT=K(*b
zr|n5{=0I}iWSMt0|BU6iGUBjT&-{QKj%2f`Z}}WVKJR`T==S^G+^X7HYyyvsmp0wD
zNfnwZ4I5Xo?0)JNr>xV?1pR5QskT=>_^ruXW#vu7MKuFeh&kP%z$QElVFZc`;52%S
zgPmkBrD+s;N;&S|L5*#rb@n;?7f~)e0mEgg;%EgUqvzro<ULbfy{SyNw_pdhQIn+e
z{-)(n>m0-YU}`IuiYJv0$(b-<5p1N{<Y<O0xW{GGo!4|aRH@XypprS6VXci5<r9e@
zX@=anUF~|(^nKIoc>$s3LJ;OxIdBQumvp8K?<3RsssssZC3+6*Yfgw}SUwt@DyuLI
zwOlnG->WL5e@&7RNWu6wX?fVozSi`HGIyk>mdr7Q#W<dI(p$BUt<ODl(nTNh4_NNt
zx}+)w9dPbhcK3CW#=HU#d&ruGYlrj9Mi^Rpv;uHlXkB9@Oe8azAum3xbA0W+3Sc>>
z&7$gV78SQK?FUHxQY}wXiFH#0{MW}*&#T*MLESb2zQFtvY?A>2AN7fjWEmTrG$j8V
z_?`$6y-UW7f16p4!`53?!#9rMl>SiGzLnsYuYbD>{RHlm&*edYy{{4#k!yxz3Pq1K
zu9l|kRy)%^OBtPoi*}~^W`}{$cU2UcR9#6?*y_%Io9?1vl$Gg);Mhjwrp`3*C&31u
zja5|AZG|CWI_QblHy^&s1Osb`My{B)vX{=&i=yQOMn?8cI+jkbg-i3oXEp?a3Xf7A
z#CK`5wh0ggLplHdP(06gJyWP4oh0)5>u>3*hhH{H6?KEtbl)OHRs^l}Q0;P!6yn_a
zE~cEJS!geRaEy~8fZY5E4$7s7$%bkZ&jz!KFEYq2jyr%wfEtQE;7ivY&$y9zD1aw|
z$z7ivWkMpBBCJGN47T?YnpG1X&!HfgFA{+UbJCFABlwPFWKT*W_OH!Y>R<kR+>`sT
z6_H6ch4Q*N{aMMq@9A7Uv%}*I<|>8u+V*lv%tp~9k%$Y&;Wm^*wjefnN4RCq$7f8^
zfpM1XoI)`IP4&y1?TEI>R7!RN92r|t3sHw-i{cvq{K{XgkWUnzHICQI^Otl4Cvu)V
z%vf{D==0y9mI#2`lB57rK&-!0%7jX+m967x#HBOMmO-1#&#dXeS4vvr0a~|d={TQY
z4ajSp)~EsWM3}y8-q7tQSAmaX>wL>5fg%4gSJcL$^wP}Y6BW(0qh%J5AU~Qk)s2)C
z)OPo@-+hWCKaZltcZ0MlR++M+?4XoX9wO09d`#}@do9kwrZv;G^GDw<7#v3!W{n|P
zwD^rhl1N?1o$a6R-pR!g143*66-Djw^~SgU)rRh&5gfJZ&`TPVMQq^Wlc3R}(TK<-
z|I_+7rzNP8YBhz-=fh%J28m-Ev&F3u-5>0-?kiu+6wz+Zp66~o?L7}cq2w^0rlGkb
zsL0(6Ws~;Z7KhMTX|2TP-1;fZbL;fHEN}4rgQI`Z-eg(5ejp!Mx_<lD1^*xuUfQs6
z2QlpMnw4lD?ADYbY771~t5{8SD4(AQapin>Dx3xU^!od`Bj_E3qBP>;+$IJ6X*z&S
zH5lCPqAzGf9+Rt3yOMJ6mx=q7Kxg5|j43S7Z!A*8_CKUa+%M?bP2?8%Znf0En0=Ba
zW+RvhCX5Jn+HdaPwY<l1Z~kD9M`xh&Oi4F`=RhhnvZV2rV^n>X@X9W1hXR~;wm3fY
zEeV3A;!Vv9oi>Nl3EB7w7n@Kvt(x{Zplu$x%!>E=DivU_sC~=4c!$M<AMOem^PoUZ
zbVNx285}`Jq_f^V1f*sygZuDlGFGqxSJo)p_}b}LdRf@9=Ep3ef6%|;9P)C)#GBN7
z0LAzvI;kYJBpkfFabO>v@Fhva*PtntdNz0KM$@)k62T>&4A0U~(xG2(XjzX>V19^E
z=Lz4gqtDV#L?s9KwNc4IQ(I7mvQlcDYS3)6jK-&0Jm-@%j;CHM6WO%AlMwLAavP0N
z=gO<!)^?U7N;OZqH#$$F1GRgqkN^a13Dg1t{B>%}M>vC!o+TDrt;*^@|2&z4xHwIB
zg+R(>Jj5M^^`2GKnp>Coag`n^{-3t^p88ZhnZ#!J_Op~oTUK{f3ID>D5PRwFQXU0P
z9jK20K#gCiN?01HZUe#uCizLzXt9~Z@`Q2>)CH6N#Btxyb@X54x?D$uiVBp5_kKS1
zK=USx3*hzvYGH914Rg9{wr;_J1)>o{pYI`Wcgv-zFVht!iB4)xZut1hYVG39Q}cTZ
zlJj7!<|E;4KO;~iR7b`X62C_{g6Aj`%4n}vaM*5LFXY!9s5U=zgTb4f?w=Lww=i5a
zW$S}cf{xseH=t4*X2~n`Tm#{kuVG_Vg3MK*;{h;YFe?6<L<$#@t|&hl+93^IG0-={
zBB0RAhr!AXh9iA;@h@_-je8MxRDI4RYH3|f!goo#=`A`b-<bsmRm<Webnt(}%j#r;
zOJM0<RSbdIet)Yd-moMuI?lcRmS-l(Ai3UPcX}Vxl1=~cHCw^c-l|vF+^Y{a?~*Mn
z_cII!#YcQ+Yj%Q|Pn+XNU&cp@aFxly*@M6#$y};1Nez@13&iCWiRuX8wP^<0>iLHD
z(@aF9-7j(fTvf%eb&uz1GelZ67MV^{6P3nKSVi|0m2s|g-+OUsws1_HS7i<3GO9%J
z>EdRZ&md%CYRD-au*8~;Io*HxD}&3nvge?KOHi5l7*CkvrO!bL6syvq$S2<^rT4l#
z$AdUp3i3@3K_%UC(K=wd9U1UB%^jb4@RO6!pu2?cq@qr8(GvMy!_nY3)m|7^5q?~j
zlMM{C;4nDE>qknt#Rr%mzD5|L>t*@Say0gmwQ+oh87=Nrj;mt_>h&k2;|TJKTJTI`
zXl&x9wQoPnzfSH&e(@LzM|cOv*Y0v(?UD9k?3-=k^$dqd<uVv}Bouq1)6jOrSE7)~
zKGFc>^SkXMD|=_#P(13ZIisP~4dNeVh7I?{?7{o(wB1~BgCG#xGNuXHAz$uoy-O~J
z^N1PL)h<Sg8&f|cU)<95tj#UO^GoN)IohF+J?Lzt#Yu7r>t#1c&3NuVW3yu&IeuHn
zCocMER&O<bb$f{;x<=dwx(^~OCm0ndbMKA<vTxEIOMERp4}ljLM?X14<C+F}0~R6r
zjJymtt9f)TiNM|<SFs-vlLkzB6P^{>iOD?&O54eNWS@_30e^LdlJQt~o$ZNP6w>Rq
z-}NGu(tyj*i`HkNSw$=;Lw9(9?zYl$pg4|TTg@`Kmf3`<?dhjIk)dADCMC-Y%c*4U
z5KTC%pTJaS*nPt{snlqcSo4%W<~U@o?G<%}6G6x7e(`i%T4;sami)TCNh)>(d}$Vd
zk9O^G!bzFkQ+>=GL8Y1_O4LeV0N!V`>b7o2g@mfp%RB+ZS03C%m(z0R{4ZffQ?_t9
z&Yn1^732=3mN1_nTp;e9_e5vfJjXa}F_cu^K16rrhbsL4L-Vy~(twS52!~T=NJ1cp
zgPERUTMtBz_ro9vcmHPtpsTFS0WSGRJWX}f?4~)TUYo$u_-p_X5`4|c_dL}H-^9Hm
zt;8c|&=5v~RcJr8(k3xo!eg-4@|Vj1(d&Rsgz+l1$4`}}YwtwL0u@^b%pgLV4wx(;
z<0J>LRJ{mp1T)X9dzAFXlDsJ#GR_Ia0X0S`GBa5Ix#f#xRV*+8+4=htFO-~SN+{c@
zb|MIe{Bw?M%UX#~RztcUa#ADayxV=I?o=0&V^`j1_m@G3CeTm%r1fC_eQcU=bC{$B
z+gFJw2d>IgvQj4wg_t7XL{qDb-wIyYyoq?%k?PvJK}baC*Dy8PHXfXC(p7m#ymSl`
zanxg^`V=j7Yw4A8Wrx);X&@b%5{yz^*`1KF&5!z;^*|<a7Gf_0p7z3#zw<#s?sf4!
z*xoDg|DBg-^(BxplYN&QsCWL5Vkhs|etmvB2O!Hs#YN3kcv70U{;)bIS^ppW)~cVO
z&=+A?7`S!iGNO<U<OL7ai~^9qXN|Z|Wcvc@t<l+R6xs^W_jva{y(X_gU)&5X3bkv&
zAxXkT72*fj^WIX-!gM`i3OWYnT^G!DFkZME5^c1y<T$G$)ITluMRjxI1ODsv7aP4+
zJ!_XE^z8fMf^ZRuU9%<CStAQP;J3pe(A|m}iO>Qt<d`3i(b>PHtG7v@B38vaPt0Nv
zoZ|RJ_r5{!7n#y#H7%RSyQnR1%hMN0o{k+u#UE0nn7}pSnDA5Ky>PE!?dAF-L=lC+
z=r7R6CZgBBmnM&t$9ST?7cl<rbNMKjFoV^w59>ikcbo^c`;P+*HGkP)0e;;}EZ>aS
zFhui2sn^wKmnN-cMukQcgT-;#rgbZ7^hS+g@TL|DAbcC|i<8O%2CAlT-g)J&A0p&j
zyuRDVsUn|uO~f)#Z8G4G+JU2tOX;XgWzLDNQFuEgcTz7@aI(_9kjrh;y%jssiobL$
zMCqvFP#ehEPK&<+4)e2>!5advQd`1Pjz5~S>>udX{1<!(E=ppyGB!WCC{8oLzk~rp
zyE7U{CHaOvGF25!vPAY>iF)T~)m1Psf!-O&EBD4#MFBkAxNp|H{WS;NZbJaiaWc{<
z2#L;^;e~9-2>k+UB>3!PArgwtQ&4HVAb6c?zPQs~ef+r_7;8!zRJ)^GM-AA=%M%Rs
znuw#m>kT|~UOPif#wbOJa=0@icYiZ}<toD`@#-*NON&Ce2Rk{7bQ+oO1<I5~w%7cv
zM{1+T^;5N%Lh-_4ox5}t??UA{QCNj>gvQM{%kxV8i0mMRSos;G90AFCP6mpHyy#LJ
zmF(v69z<E8x@6yr>>)-G7FYKij~wbFlCd6+M<P#}NQ7eU$`AHL*5{esKpM@hu3gWm
zv-V(!pf0f{t_N@f%)Y2c@O@|&>O~8~y1RYerT^VbIgcJWxN{gk+H4+$vmGy55`z3+
zlp${O9mY^JP+K53e%b4Ped(t3G2CSXMG`D}YjxGPeH9$dydE%2C>2cfkQ?U2t0UMl
zQyOK!WQvWygfWd8J2IzDR1LoCJlfHIm}R&qq=;8olfbp(C&u!>;9uBM*mT%D68WX(
z#d_<(60NcbQcmXdf>-#ayC4w-<N}c^o<an<%=G>>(P+;tS5)EKW^~jep8gB+L@QwE
zCOQsiGf?7n_4Ya?m<aMCNNzn{4_4^3rXR6R45=>zxirZ{c5H&&&p6R`z_179XpjO|
z(0I^f9jW#^HMQ^>g}1~1YJW!&eY3!+x1gW}DCE1VH><o$M>11mmS4=G*%2d6XSS*|
zp;Lo%u9HPKaDHkRGo96-+8)xLM}}}Au}S5vC=r69Q@2LD3bXeqpmSeNfEDNyXXt}j
zcUb$OhDg5CWhz+x=qpB_9BP(T)-xd}2Gu+(&GhyiVOAgo7Z%GE{{PJJxv(yFLaAlL
za)ico(VTw400bbZzypwstpc$K00uG%(-hL9*$zTC&q+}J6fHmksDBWS8Z2h>o!)zz
z-&x7}Vf93=T8bHnt)R=@;T@Ils((-w9I;sT+0rGT*y-Kfr1uf~L_KF*`j;Uq-tO|0
zA&fj<#{zTvwdYAsuU0OAG0_8TvxU(eaF{GxX;eUuT`R}m3cEAM*8lF8Yodxo9q0=7
zR3f5#W%0N4rh#v>;y!MS%a}g9kp}?Cb+v6CfmJ$1L;eHXyU6z5v3LQA#T(>0n1XQn
zBmCH=)tBGeho`6ua%irItI%4;A1bG%K?cYF5}cnHw>0Gu0XONjXDPzqgdVE_zP56I
zw_`vN*xU!lGARSuvg6N<@J@>!2u<}N-(%;H74D#HjI5~?Am8|A7{(`9Q@imVf-`g0
zfg$?;6v6qzYF=DLPu3|z7!eiiaTdPJRbKBcR~)#Vk(D4}s1c-OEZxAq+B9Gr_`Tz_
z7e?pC0V*Xe%4KN*s(a9V&dqZ+edjDN=ReUHB_PPHd51N2fm$;gsj(*T%yW+eU~xov
zF39i;rA&A7k6y9s@p=r}l_*p{1e3CT^m-#EeDTpGO~X*$sq>I1z;<(O)5labs_Nni
z!8TnYs@|%rU^rS%^ypFj&8ug)Ad>$PH1d^2AaxuA;5PR*gA(PdCHs&ysMsJ%m4yXy
zI<Z@H{vJRjnnPn*vI6GsG8&%<?Bj@bT`kR!B6~!WwG?X7cl7=jWi|&t<DV`Z*Ni1)
z>&ik=l15?eJ15+`)1c>~%vQWfd?XM~Q|(Bz?$)U$%FF}qC7-+<RMrGzs3{=zD^mhT
zdYz;~2V-gTEQ#~Hzkp|TIE8tXeQpv5%TPuD-~S7VfBwwKBq#Dkih99lLaFP6@ZIGq
ziEPTp7@&bBg>D&}=#LycWy3l8Ry*7x(AdrWvc&Ys<<=)?%tw(n$aW<Rsn}~%at^Ug
zYFZ2}7c*zVBRN|@c3h(*r^P$JUqQ`zG(_P50OGO?5)hIEmFZ!&r@I>$Ys1RzE+4)c
zvLabZ3-fw3#OzW`RgHC(xwxG&yvTrs{!4#khnLv0@}90&up^NblMP|Zn4Ml0A`!%&
z5QWwsh)oMPePVI6TtOCwF1j~$`7~g{AuJ6OGzdv>ETxvMRwNvuC}lHVaT*uH<^GFf
zUR?hyQT+&4w+3(j4|_ARsWFj{LWd7V1NP0!3E?E=KuU0kRM-P8h%W_D_%O~h`+JX3
zrczM+tfE`m7qde65xSVA+>xExBD*t%94r*cM6$jSHa>D4@I#YO^E+tQ<Y^OCn4)e(
z|H1STRQF+b!n_4HH7!QkJu#kUOQV+J^(*=Rj`=`BOeQ1T4Qg@5Mgf*zu2o9#(T~kj
zC{qw9r-j+js$bYnCAOI+o_W6*V$2)(+}L6OlCcz4S*<$X0)@)3q3&ruW;Q^%!U#Qq
zjY!0j&$3k)d(i+u{*h?zI8A(}GpG$fgWwL!-qb82awnOGiJ93v($r_prw2#fsMaJ+
z&FC|6Cn<E~Rt1C&yULV1fs-SOKz=>yuG)d1#6}&ciYo`x6~T`L^Gz_O;)o08R0e>c
zelTrbj})+>;Y|G{8@y(F+2FPp1G8ORO-U+o=I(|(#D=r!GI#KAEB6Btj&9_`O>q!O
z-fo<ekTV8AH;*^g0dV<dET<#LJlW<rN{m)VzI&j+h2g5tVY7Fn%`EW6diLX?cxtq!
z7vvDI?2wW=6?2|Z^k&oNx7H<aUV1>+w+*A%dTNAODReMy|7to8auFV;uA!(KqxXG(
z`BtxPJnK_qdF?4_S4{y(Y0OIq?8B-q2lFkF8_5T*mE7L$lhL820OZq4aC6}S0NWJ;
ztl21X<C?2SRwU*_-OnAv`kXV!7jT>dMff;X7vcOMoi32g5k|F_ALIkj%dWF<sBSu#
z%O~Q2QGG7;=K!2!-Z0c+dIGF>NRr8@v(zWgFDCeG6-4~>LeO<1MlssFH)OlvA^|j2
z-8^20j|n#ED7(?$V*(zed=;=TDH7j*6Y_AKkd?_C54%Gp73BPF+oTu9kvY=z!n^p&
zwggO;Iu6Uq(&lG@P?;ZZ{v?9ZWevC_!p59|v6v@jT2$?Dof%M%<*V*Jrp@DD`d1;V
z-4<vNoESMc-yPhtH%M}q?Ka&yJ^h#2(KFo<sem!^;HUTt%{-6jmbvX-dS@PK)bMQs
zS6|BLwtROo_sJphv}?zY04O-8hBOCx&Nb{db#d{^izHxJtOyVw)KQL{GCf7RgQ}0~
z_Q@<<ojhi;_|IeKhnFf+|HvUHgEmwQCVGf`Yq&b7{cC7j-*5mSQv9V55oOX{y)Mrv
zkh5u9oTzy|%t?W9uxf7n`UX{+Lczl@32EH|Fne;>?Y<)4-_t#YMLy2;?=}}<7rVZq
z%d8wc0h?-SUZ3b^mpRw81$e-cmZ)@X!fX1J$FGad)oyK-jakY!g6!}~FRwkyBmX9_
zY5ffH`Z?m*;e*nhK|UGrouG#F>(-8QAkG4X_^5dkCpwVN=1MkJL<|lp2Kxi3+J<3)
z^R-<M%CzLi!tKr4=`SCyjqKh{$b@CG^5=NGuQ`>H9INdqId`55|E5lvkSBDC)gp5V
z6lM~mZOFHb|9^D9U~~Hr5GLY-tFAE;plMLFfjU}+7ip9S!b_nK2+?X_+#PNB3qkt-
z=vTxsrn;3)9s!fCyz(0N06Q%DwVfZDe{^AoQ?Kq+ct0H0`GHo!(tTs&A#Ztgy6LAg
z-!x^9DO3B^W`#G5M7z6q-{opTHxryLa4rS&MEd=#ZQ)4Use`qxl|?Df2DaqWOu_mq
z3QkAi1_8buL(P?gX&gq*rn+@?8a@Nga(0yesE}Y`zw)&$2+apI2d3j_Z*tlW(BPiu
zFNo%W$Zx{8XBeg~^e-T1U<T${ohx8t2k%Q_5plTS=0m|0MBi<(k?|@AOFwQ@fQ_yt
zT*$$_a6=CXjd6|XSb|bdb9sSJU}d?T6TIhbw&ek~!h~je*Y2H^S|HI**f_-aD^4j*
zH}9R?`7oHLz2S~~C0D6h4{m_G$KW_+6Xi~C6X$u?gm~{41*U6nh~I*woD#6K5C--^
zpT*3n=?^JxnqZ-NL24Tf<6E+0Cwfb&4*JUO{j)BstZ}qZ6Hf|$nwOkMksA4|is{J?
zpJiGwpobUNL=(Nn=kg$JRDW-KxA+A76rSo?F5M<Yz@C4eUo#m>{ku>oXm*!<8c0^P
zawZi3DO&)sd3M7c5neehr~h=W+kV-qUG4Wdq!YCczA2jG_ERR5yb<k!z(SC)wv1#?
zFu#^lcZ{H{q7VoM)`!!EHfGi0Xl&DZEfC@nLnjdQ4Z){?@v#5N+Ef`xooEh6#Jx4M
zj`Zxr7T*E91YI>0pfaF`?IM#Gt(iOCH%vWn6J<M8JGo!W1Jq#9!f!Beh}R+p%|PY@
z>|nl&tuk1CMX8mLYysRAxO_s6gTAGmX&i^dbc-Ns;8r{VQkp#jyCg?iNlD|Ho=xP~
z6h`iB)aRj?eDo;d8G0%GF#4aMh{EKW8|e5KI%#({3cxVc#YHyDzXo9+x{BfVg~5XV
zEV7m%KTj+RZZ}o=&xbC)xZ8QVsRu0m|B>7?&U_cd`ZaL+4$A-g8d6V)cAqPkL{k`U
zHrC)(3|hMka=H*V6Ym;=!n)vtkP_oDKC4h~Kd^6!-4ofXH?~%H!VAyd{em}L`bKlI
zwLq9AqP3-n^JX~RRJ)0{&=*yb=EGO@k_+R__H|_OTE-;?0(qiY$fbHd<gAVd6cnjm
z%OzCj&R5>a#9bmO1uV1RL_buvgi->fg?)C>isoGZ5Ejvw6(rZhp`zo6^sc7G!*&ZM
zevH)XiD|J_UzG;ZZHUC8F9|SuGDjcjbom!%GfOA;H-BN3Ei{LPN2<Oj8OHsW#}a{A
z%S&+jl{}|r%HAv}DNC3zi62|CTZ#VWutwM#^=oIYC38Dnw>n*JVZEA+!eUH=_|YZ+
z{?n><c~<HgK|XMb6U(rXVz38<^pTs0X4#Jr=vQU1*eMc)MpgY5x*kakVa=e7x0;B`
z6KRQK2od*@;9|6Ck2y)EHs+%bHHEnsMy6&T@E^4U9+O3Lh?1l?_hrG0ke<^Bpezol
zmpFy)g9ks;z9p~8<T{wqmA6aBo?LUEw@qLaCy%2LC`cwqfqkeY${1~YZAqbkd!~^@
z$&{FR9!mKcH|??VoC^XpiJRub+7zF9S9N73Lv&gc<WAhgM#<%ZpTQQrPVo}DK1!ZK
zGA4hScMQ8(4p&p6U;5^2T>LKe7K~L(2B1e#WY=flRz)<I%0=|X2PzXA=Q7=_yXI0~
z$qXT=oH$3h8cy(A4&QUw#bk5__u?t7Sl7q~n&EflZob5<KAj-wR~>BtEG$@V*<yUY
zH@y5=`JxaA;NQ<$f#lJVuOcVWW}~8<(Ob`7_m<%x=0QyuY&|g925ZnrCoV`URL&t#
z(m<E0Q;2o^<qi*F7d6<|*gwi)j%6^tF)2*$sxm8z@0)@)X7I{1*a)-|P{TTng#^Kz
zuafWca1X-La_SZ2LqL)KB?pc*)V)u;OgTGG+>3W=MzsJ!-n``EvF_o>{LKd>-~>sn
zu5-0q5h*9C5c$<#l0e>$Xnd7K=-`OsRQo!#u2myT@-g-z1%dY#E==Ab6JobFlK`!)
z)ky*MCv}?WXAp?n#A<Awofo4RWF&EV{jYrCu1#}P=qy{hA?j~GoWf9LHFWnWD<i{N
zl4<yh0BhP*R8D3(r#xi-5M@}4z9B=CyW5=36eoDeMbF6;`gYdT4W16(0O9vdBAzLJ
z2p$OHq^7)NB7rFlYQww^45#m6F1E>MWt0=%^d!L<<SJ-ULv+3Gu7PymG=%hBgo*~0
z;Qt_!Jd#>fh>UJu^iV1L(KZCMw_+Yz_=kLe&_jX9@530uMdl_Mym`p}-9WfCUabbc
zZf{(fnW4L13Yh(zwO;-apFLjubDsnQHFM?YPlm?$4Zo|W&Xymh<cneI;d=}A0N0;j
znB%j<{cF#?ZOD^?x@W6;p`6TJ=CQMAL$yFol7R5^r{xWv4Aj7Oo9h@3!7Fv_@TjU;
zKfDkv$CnhiGh5ukJyfUaDDNHA6IZo}Ecg56K1+oi^iExa<ZTFJlTD?|H4M0tI9pAD
z>KlS&(K=zaU;|IybI72b2?~pv#E8RtxdFJI3|g*D06(X;a`?{xrvkgDR(U}J0W~xL
z-H*4jw2FETEHmFrpqd2jTZRI!^aEluumQ3MS5$pls2CW;@Tq}G3iFd|4S&;+b`<|%
z*T}@P(ATM5jGl+t7Wv<R#~l|~c)NU?xUPrnA^6!QS!*kwa06pOlyU$QoLh%HTX*v~
z$~9_wk9vPz?16Bt1w#$3<}TkL*(P)?dpWZ_31lI-?TB~DQsw9@0cwKHEZUp6tJN7(
z|8ZqNjm`b)@Pon6T+v?>eWJ#^aHGN`0RYqsq~9qjhG97q;k3n{vD=G{L%(7g$*};E
zW(pF{$^z_OwVatJVUx>w72($YJuYnAYH_c9qM<EO$T*S2(uaWG$wb*WcsL-kq*<x<
zYL4^{t$0A?$u~}YK)p5$S&VAL_Pu-QwGvUH+m5m>ZVKJ4RH=ZSzT#2C?+o^^4cL<g
z%=0_U;oJa3nwMjyCY5M1qbV4(y)H}aPk`nW+Xe&+!z+Aa(xRppl6#<J#Ul)ul(T5R
z*1$$~4YOpC$}aifZo3B-CEcnNtfF?$C7PW!dq)|(BDyq)q6xa+!b<>R*CmZ;0N-8E
z3NK*6rZLM|1v)Mz&%DH!xvkDBBrTRFB9{N&my^>*p=jq0D5(^O)e=7b?nmq+C_c^#
zQf_x=W4?v;do|4nC-whQ*XbTqv%I-B!w7zyrODZDj+=nfj}VIIwf6iA|K?{@`24KF
zE1)aL%j4Et&Fxz@6qYRr){b#89?KOl;fm0DQ6cN+O(u5B6l(-(!@DVQ0`j;ld)*G<
z=jH90xS{>Yj*Hw){K<^wR*yD!C*n>o0Iy@F#mKn+2rlN~ATn(>=hR0`V-By<O(7$x
z3aiPRUB-LXx!N}O!cYX07P#zgnsF7Jf}4f0mqIq>fe)eJ45{=CU!RFoqB)-qYaeB0
zRq;bX>1mU|5?uvK#M6keW*lwRU4J#gq?rzdc4K$4JB#QizjV}R@0*C3BWE+E*Nor&
zbVft#tBd2@Uxp-U;wGTg)qpK?SBk<_zJ08YuX%<raL&W5+G%i)D#2UHP!*KG@&_7h
z1a6)m2ZjE@VTIEN^x!+^&5Gpks^Rp{#3L>oTwh#8ic4eUm0|E&EKj8uLEmL|c!cOF
zslL?Lpu=EqAq&3(?X5xLT{Put(>>ni#<EAe1@<sw7+Ot)jm2lah>S;JH>v-kp?E#a
zt9R$`;rUP*0QSbtieO>^tHvt~WH^=x_A2%!BxhGy_-6J4wP0*q;izL5*FPPlUSlhD
zQhF#SYl_INf$aPZsEmlIp*&G^2G|zuChP!bM2(HaS*4nos@6=ug2xwt0wWUdW#iGk
z&<=~9A`77JR0@2=&y~uYqeMi(2mst{^tzg*$k9Xvn#j_~TFm{A!<?xVWfsnYU@}O!
z*26Ao#$MK^T3nf@&}d|zZ!BcY(ZALh!F}`dTpVe(4e84T3fWWuj6W5%MkcSBc-rEc
z?;HX<BoOdTDUUq483@BkJFtIf;v4tX@EiwUPb`7kA*F^VOKL_1@=HnoUo=Ddh}493
zY~^suWk89gxyWukEr<i4-sK*eXHt$*?TiDwfc4Zs`qaIGznVpYRL`tiN$e$iLL&Vu
zkgES=bBzsd=Uq$@6BgPHw~FPyg5&tWxdw`R&C}2~?CcnJ)bC|?j;4_xtL8%lR-|{o
zX*=P}(?2H>%F2^1k;M+@XWgLirXZJP3G^Y+^V0TnZyAv4mLmuMkp|Phw0h?t-9c6u
zBMLYaVrR#T<rl};e*t#ea(<e^XO!gs@M^t+S)jue<cy}uD2@1{qwNN5JM9hTK+YY0
zIMB>UfK?JPV*;+nI$0N;jTAIzkgDH;TetSns$QJ!n(rv)kT~q9qRXATlprZAn70jT
zkm;RyGF!Ig@q28lR_7iN52<}kMSYR7=iSjG=`r|D2Iw<PJB5Xau=`C#K*AwUr@!^)
zEa2`!K|9U%bXht*`$207AABaUUU*6o52u(sw*p<?TD#G!#kTT&u{BMZkl|l7WKV>-
z48#0O|3!N*$95_pNlPCc5s{lUJ;lJvASGz4TE{scWsLzs1({Su?*;CFGi|G-e7-Z$
z(YVU_pw*LM<MN{jqhN!TT*{D<>h_%YMef@q+AssnjhkH5!9bO*)3Je&@U^+m6Ou|e
zBnMG~;gasMzOnd3_oVi9v6@l84cUhqTCm49)cBeztq6-AR7)ggKTOIUdl5R`a(a>1
zWT<n3{Xt1cmX9ysUmi>f9kf!utZ3@i4H-TYWLtsY<?WkqUk(8)*1N@;)a?d)6sUdC
z5|h3)VZ!Y`+K`F#>6;3#p_i}Lo`$SJ%`jqXT>bdPi|}Qmj{e!#QetKJ>y#NA4Gu`Y
zzA4YBvXrCtBG3cqEm_TW8d!UsZAR5F_3z~Ff3i<Wp9*$edJa*RN?;aRWNJVFEy##s
zn%IR20QMT67hgEl3!zO>$)lHA0s=2<&VY(HKO+*)IukqoJ?Xbd{S&xGxUChJ_-|~v
zNK!s2mMR0?Cx@mfI|vO;;yzuYMgur77#$pJO<jd$mTe}e`uYPQt1qb1?+$_3A<t^?
zKpGk@>41XrBk$87)qCnQ`PpHPEyJ-Bb-2dR1%b}V>lqgr=ub$!#fJ=$1(>0a%scfN
zs5|ZF(~RV%8Se=Iouz&I!C{S|Jd%LZ)e7QHFOGzaB6L|)=|F@Iu}=lB*Ow=RMXtI-
zo%%tfr?TBhz2JA^X~l@43hNQ}euuOd3<_1*eyxBs_M(*Ju&8T}OmV`Pqw8*1Ljw`%
zW)T-QhiVJFPCYQ9HABUxDiUANt0aUW8?*>(>D$vj2z%oN0I%R~QubPnI_~~z(Ex?2
z+PGGFcPwdnG~Io{*)-oLlHcW71mi(BP#0IR!#klhbBVx8eh7h(vU{4xphVnmvdAZ{
zBV+qU=usdyqSke`9HdqCIeP2X{BX6B?czUXZ@`_m1p?Ae9EJDyT^M3D+m1jtO)G}P
zA}Y>n;{zGzreBH?E+q|%M9=*h&;h3%$d@HMlAWdFQS>?3I#afB@n><3Akpu=H3N^R
zhg+oE;p8d)LtvkOq>eW6LfCfElDzG_D?gnYR0h+$8|W{G^vQ;2EIFt8`VaDg!Fok_
zAf?)g>4XVAn!q58H3IZu8TKOBO_6Q~gO|2#y?i(Xz4TZ|I3yAZT=HJ?-<@Zo(r>~8
z8wLGYE06@RN4Y*SS@sS(Tz@*KhYF%6JlQqAW0iHxR1cYznFl~Ylf>(@ya1rAP$1^d
z?LRBJ5_B`l7TeL49T?+1oj3npGr3T$>v$&P?tP&_9b*in?saZL&lHmYPz@;L-fT;7
zNDu}IbZr1AAbbhZPnOmHBWU{t`ONN%gNTv<*GM|IwrBw7R2*HGQ|&opC(eI@DO&(r
z11`MTA!|d2l&R$Q>*h|V_+QS3NXsRN5zRA@78rusD~oI*DCva^71UyK?Tmrno<TfB
z4CcN&I2BA1`Ecn>pvV$?yNh1*n@f03KdjFRh78E0xXdI0g6YFa3h%zj;MwIo1l8Ud
zf-4X6#iqyIvj+(?R$&>?mr;CyWDddf{dF?&vS-H7K*Ka25<~sV8Oih&eJTcqi@br4
z{@4O2hzyo}+jZ`zg4R#O6P!49hhG3PJfG%rE4f|Bq;zA}c67l{T^^@C_4L0rQlm^u
zNRaSG+8p4+-CjMJLIctI#;gVB+fM|*iuSoc%qyt{Hb7U@Iz%v4fo{R*HvABGaMaUg
z$AoEp3L#?uVfWqiES&!TwpMC{t)uQqY*0!{9^|vnwCWJqe;I3L9WprRxXcjSlntW}
zW+<=MMV>8xrD4zI){QUPa*&b6CtMzdr@BP8%?xg<N^(Nvg-qpI04wnHcK_cuk`#w%
zzq>h(T8W6X4+hD`E;388i8ECz)P2HFnb2m@8OH#>P%3C|$mU2a$%iyqEVRZ3bqLS$
z^Ng?Brf!<s`&s(~4P0D+^mBzxr8ZoW8gGyjWxyJ<%axF8-H;sX)<{T;zn=Vis`o*L
zYQsK^>W4|r_3kNeQS6r_sILK-rT6)P3_+zLJ-12?&CWdG^yO;<w{lIMNhO=@)!YdC
z!oJJcN4K|8Z31U}Mkxt2SvN8=uvv)YBlnZ*41fc_buHi1pB+9`n=tpmM84nFJrX8q
z_RpEFk87_~JOrk>#3y{!_{r|X&ppc}9AuM`-)x|CrpYI-l36B7LREHh8SvX*PA_Bt
zC`hc*K;|9%oq;HM+w_5YZfoq{2oMpjTlhX2mQh#e&y)vp*Mb(9O|h%XkGmNpLV9B<
zyo1mk^=&?;Q^YCuf@ix+)K0vSa*xyvLKwTuapmEjrq=gKql3Qx@yR(U(5z1-s>lSf
zBl*XWx6c^JM79Adk1_UC<`o2E8bmI$7F@`Aesz7xwIE;u^Dr{d2&SD9d=QwLcfcd+
zv6(`o(8!&wO0n)b_qA*0m=(=P*a`vbobfkyk4op(WTpZ1T~KPG_7)2I+_cm5jC!$-
z@?T%Hio9Y@d|!8FW{=WMOlWh+HTb#b;g(4EO-Q~QucYKVx9DS5cP-&SBRb86R+Pzb
z!Rc^nwCbK3=ukwEr6JBxP9fFdO?V?f9PyM#PK_3YYS0W1HM87`QBGxX$17H={5q(Y
zs6$79l*3$}9psOWRh&4I4nnOCTPfZj=YA$a^wN|cl~T8<ao5;I!aWCEFZgkhT~&w4
z&Ja%V@C+Wcy-2TmY&G#R!;z0O+QlL&KZMt3)6BxCi1E@rarxbIq~NObR1(G8J))s@
z<{XM!z65}4uSp#T!1SdOF|5g!9pbA(4+Ii^Uo0sOwDLQ3B$WobD#{>JWWd0`Jfb5W
zuFsE|Ti#44x0TW@>sIxngaPgh{Y?UsR?><bg_a}^&{&BUh~{+~*$5xXp{<f9zMd?s
z%V&4^P$Ljo|Ku643}%a9X5-UHmjBy;V?A2@XgpFkAPgI^@EkTUG^QvLY~a}Mvr!Rg
z{S@<PX5Sidfs^Q>9J<&kn=`(<=@SmG+hy&H`0qsg@)hUsK`WIso$Hzt(y#&3zEF=S
z7y|?!BNEQ=i84>Yr-t0kw|xzUd@x)xW{(^cxQ`(Kt=RgJd9knAeg7&D{UO+MB6905
ze`1ODf?-GEDBxxdrCpCX(LG&$MoiI_lr;~rawON7Y~Z~S<hz4hfWJoMs<i<+dGU)Q
zCKCYmAXdO6FA`H<plg(OH+geCeF%4aWyB1YarNb;&SZ9sYMtSaHR%bvV0jVU&!3&G
zi{*(x04U<v&p_`$F1Q{LSul}{B1+Q!+1yrAxysYk!!Kf4A>T~}O)>E`0$Pzdg}8Yu
z_2p2txADr|rO<|}_zxjI8<$g5Yt1pqRGpdGd=C??vF068GkoK&3~-vG4#f5R0coc1
zmBWTPH~x>H%{OcUCD?cjV;LK|xn^X7wlegn#O6#^R~!*>OO85D1!rCQ)QbwrHP#wo
zmhKz-b`IhzqTaxdOtJbV8pWe3KM|F;gq_$|QVz$}-euljI7<Y2RMnqXp$B)0_bE(S
zaGcl3e#v3(Dfam7n=HaP3%nko$-Jet#Onl76AmhQj!|?v_&E{fdVMp4BuKmlY$kN6
zOi`-H#%0#xshz#1C`}aINg320e**c+fKiQx7a?H~lxE#U!H?^&qE3{vs9acFe1(|c
zWOhiQYwZvv1?%aS>rBu!+dlZGz0dHoKz;!t<yT3XKO&KzpVqYc^U%@KUb+=PDIpEU
zBJk%<HP1doT!p^ZR}-89pO^&bcEmZB0M%wW8f~6_IuS$?^Q;`1klGqX4U)WLHo=$R
zOc0(4wMe_F0e?ThBd={$QrbRsC7pBwP^iqQNKP0%aFl9z1k3#~li<hYWd?JPRS)Hi
zLSepNr}`p(uNCXhSgdc}z3{i#Dh#}c1&INq^E}lCxeF{8+xws?U2hIlE5OiF@uZJ}
zlv?}OPu+c)3G72A+Rt_ba=RIcD@D)3)@2UMw7ah4s{vG`enppFiq_DN34;&h6;mm$
zm7`rkY*@X8*H*La&*ktt)B0mlRqGMcbSoW4xVIk&$6pP~JOnK1rJ2&RIMIrm&=R1#
zrD=>#-4W0KU7M5M@nYS6THfyc6a$$&vnKH4H#cpJ@u(w<3b}sCHa=Njuayhvqb{(8
zoiGgv^yc{TI?IEPBH;;xYW8!Z>Z>uLacq<xOG-Ikk6J2)<UpKd_A31pZHu=#A+jje
zgHlBwLC8MI>=F81;zEJ+w=jeAKL(F`D4zDptQ6UUa&(P+J_iM{x2k$1EKi@=0v%6P
z2Cga*!E&(QlFOuz+PM>k;}9LPPN}i<tDpLT&~JWGHT*awq-z~r!!vOQB))fWh(AQ%
zFX+t*#b3FrnL)51rez``0ztQ&wi0b&vtJ${?$Vu1iRt4iV^_djX#;}|?z?K~0E)3=
zFtJDW=(p!j2Fy;hz(mHT5zRi}cdALs5!&m2`HdN(`!qSg$CN}uVkXC`UL+q~s!{eo
z!45C`f%ggZH`kE&gLV|$l&T6<uhbHWUPq}~vW|AU?NXpbT2}^vL)y%Z)ouFA%#c&_
ztFF(D?xtnl_CIX_TJ+l>2kSxFjL{}SB2*137V6q%m1sm@ae68IvTSIfpGTRxnf?FA
zHb83I4O0~#kp&WpEW_chT;ZPP<9L5B`_Q~eCj=(-B<W^GNEWjNS{N_DvPe0lkcC2#
z83CClOkON;NFGBrEW!3M5F+U*GxA*GzP?Xr;CI$KDaADY6e!LwTrgtVm&Y3=KS5cl
z>-@Eo1ScaB&n-+Ve0MbRH5J0AjB*SWYUki=d*B*17Ypdtv8pg(9Q*$?`?n$3jPzfb
zS#;hu@%|ARlmQxWYplNS$g~5-P~Vj=r*U9hCjvd5n3eckc~Jiln&{eV6rSb$4fe%&
zI1Z)=xq7sK=E*}pzZn|+D{<4X8;}Ck!|TSs0RY{vV#j*g)G2ynIcx{>AFkZT#K7Tx
z`GDQ4JsRA6-HUi#F30=iOk37SKdPeOt7TEhE9dXb{rT5_TE0Kja0qIj|5M^t1VgFp
zjSzhsIQDwiOw61S)>!!t_J!Dj`IL(KAO7m`qxeXuq3$+G@eQ=h)5?U#q2x9VG|5i4
z8rnk9hzSmI50|zJcV}Q}H40oTUoj+YAFaeEuE~hri7Sjh*XSA|eHmJ`*}8+4P<HS{
z+a<3$VmeM)#Dbe!Q<43uY^2aIi6~EqpoS7`<(k)d(_oP;ii*$GJGUn|C4i=5lB^$a
z8+Ud<K^l2{Xo(9b0%qM5z5a`EDmVUDB6HY>zFAcr-ZE70pE#_P8x)h%j~Fm)K>;36
zP{7`-0|k~A+L0*l28F#sZbh~o?#ONH;|fa5C9)gh#5cc!3!1?ASz?nP=qi3HQ1_Os
zXt+{>JMW}RiYZtfG`<z)MKh|u-&6nIRHwb*H0gPF2qEPlD-w|RCX6iMv981|D!T}N
z7pQ-(fu!+Iof8Yc>wLZLOyg(Ng?^Vw#M=1FdHhpZqtHf>V4<@0Oo%y&S<E}fNT&6@
zyS;Pe1y~(lUaplUt}hXOpAb6la@)*Q-zWkm*z8PLWCXr3F|zW=vgK-0ZoI}%-7^Hy
zyO@iFzA3<Ih0A&<ZTCf-oyT~P-os~DbuFog&Ey`=osDtU;AUi{{!R5~LM&AO#X=WG
z$j=kSb#7~bju|14;zd~VMp~3prOkKPs~_l?yeKQNWF`KgP6B%HEEI!}Z5TG_l_wtP
z<KJ<YM$`!BP>T|S2gwj7r3L-Wt<~{5MQ^im>WHnIghBP5Z&?Q^#Rdt9Xm;f1O)WB}
zB-2S5P~u%#3a85qwTQ!tGx97yT-MCKX5hqqZ!&fQ`(@~EMoJ}*o(f8cDb->b7G8CH
z>xR12)ND(z?Vmw_lNYrcXNbnHXqDljj8`g0)%H}St*cztYpxRXVt0xc@yu;n-}>Fr
zN3OYulgj5qJ5KtnquA|St!p40{J*iZIuufo$&96pVoJL72=StOv97IMN-JjZz;_M{
zLRj|$S4$~L{xNya!%`99*B^6f45?(4SyHW_%>una5nez?L6ZwbpH!>yD{|?6=3*k#
z+6Vo7@I+4>3}z!+9y&l_<{;N&o^L=h!-T_?<>hRfGGXCz5%(_4uZbd|2s!Ai13_jK
zFaHo}UaCY-mrfG@XyKqzn;$8_up_7+&(a8=X)yS4QK6GDQq63>z?wjG#}+*S;eBo$
zsFfQ^&nZv_FQ^8nI04Tka+euvfOr;CybiS`kY(e$brxz&*bP=*d)iDjcXroxu12Jb
zU<o6+qTEEXyy4SP)L^y~9gds3*+6)LmSyN=B6}DKt^RV(hP3}x{>mJL59!2%eD0s2
zr(fs;1rlyZ5;27v)U50F{_$KtGV$vWcs_S>ts^VqkuYK3sDQeaUdpEY5-Gkt)osu<
z5CCoRE-N(HOIqk{!p!_;x)M7pY>QvU_VQf>!h8%@Is2rIb2H$^P!Vil@u;(Y>cEwI
zFeC4Y_~qe}N~8gs>XWVO;mQ}gOBB$y7`&#bIrzRF7i%&}%ti+D5O)U;FcEl3lpO8_
zZqA&=8Q_?PO@~IT0rMDf?=r<h^3mdklz;*qi$FzOfR@?G6Z?%s0%@CQ7hWrKcSHO=
zJCWQ09L3eNY^%Bv_S&+HdI}lF%iU?={z7Jfs812mtQsSf?www*P&;7_cNtT*qd8oc
zgnHs8yy8trS|IE~6hdL~P^1I^Szrci^_SF6lyK6kP@(dOsZr=nNFRRogd>HpYe=rM
z%P*JF)7W~Z&ucQ5=G)>Cpzz^vF0=i{=b2ZyWZX+!muKptsz#gtgAm>+2?JK1Se-Z4
z8M<%>@5Vl-#;rUm<>DG)JB2@$o9KpY^xv~AZb=v`(yUMzG37{g{MhUarg~6NKh3{`
z{Srq*hK!~*ZD^%dOOxm;itwTs4M!=Wr1>T2>&dO7KXBFq{5m!~_Dc!14hgjavr{si
z@jjAAD>RA6=OVcnB36q7IEBin-{$9-63i;Ah@gacxN##!K{a(li{nlA<s-X!+<RGL
zo*8VktH%^Zj*Fbo>pJZ!yJYq$UJNU+xaPP3o}Qv~cosws;=;9#wOXcQfM5?}WY7t-
z&^1&n&Payn`B??S8fi~snO%q)AH(8T`<c*Eg)Hx~es$p={~QPCeg_DJ`a5YJEqP}Z
zD2d`ydjr5rMrt>&q|8JEhuifvenA^7L)lDbTYvxR-?WUT0~2S>ppk*<){EV;qKz_a
z2_x%X@(QaY2ntCx=UKW?DhcyKg^}~Z%ZUHxXH4OR!2)XW^dJn0_R>po3c=ojfswWV
zNSzye<cK*}0k&|ZpN~pz?)XM`8Xol|T<9m$s_^uUJ2DF|)}o~sLp0dO^|K9ucL<=?
zaeUe99snB4%&YHle_jZa@L`k!g&XklH$&NTkfy*ec&5flfMK5~Fot&Y8rwwFy`qBJ
zYy_ga3o*+fY3uP!QCOS6Jy47CK(SWDcA<R0;x)WibscA$LT&kySy%77R2>TOdeMOA
zNy=<L(+xOH;!x56Prw{bAv~BJZs-4k(MLaS7naj@FqIqoihs2~K-PT1%t?)I`&fN>
zh+W1GwqKZMw^}wlhF|oKbMyG5AgL#d0qLt+tvpZbHcq;gnWcRil%;cI=9;uourgwM
zcRAejdKPe}FE?k2&AC}Qz2%wLty;3D7!I;brix8Q!nsH8vUcvIIoU$+kDMV=D=!)x
z9DY`Q$rZMMc(i7N1@NFy%qZ0U!er}xtYU?m-7(+O`>-8E!x%F(&8^qfJl5RNZESSI
zElVHGNrwCctI*j}eJIwZDbOkQqR;qhX3c3Yw~TF<AAw=z5q)Oy@}bX>dV>FoXW3bH
zx0D=k9E!<0*h9X$77S$T<J#-1<=!`uJw36D`na%uc&Lje>~srB<#T_mdkWLjdSX%n
zx<INH98%YSgBowEcqc1|+C5sL8e*(6LmYR)jARi)&c7vmddrzWePxyLWjDtZHq8H4
za5m?0VB-eHw26x6PpZ0=6zc>YSO?|f{0H2=qrDfWY1G|SbVupMQjnZb%OCi6KyWLI
zTj6%{M{Zq!cUxLTC&l7u#MT{X<KGszu2^BbAeM&i|Hoi=D_(RDXCWV;0yb^`v<li5
zofeX(d)-ss?5%|T@(F5XR~tZquO`JYqgPmJ<Cl33qp_e7#G9QoWOc{vXG|$)MS2LH
zBg7w}9%Pb#1cdB~wBnBIeih?}y)m-ac^iFM9bLzMI^*f;k?Fo42R%99(j4IJ&fWc$
zX`5<Ito6ZNYTuLVe9(^oqZYOYBXh4~N=O5aA_{l0n8?n-&&eSV?~Fjx7=AQQLjqZ7
zp=pIqvt)n_vzne|M{MxSY48W86@G>AUg7V=7Ch&kR>;Mx0U5nh>UVrhpcq8`Dop~S
zSv+_7GsQLW8F(JH#b1E4v7+qrAB}dsC}<*3HbYO2CeWMQZlNjDR}bD2;Nb+NSeVH?
z8QiaZYvF6ucJY*wWM<IHy)9A!0r0|&xe8D=V?2$1s8cqQ7Qc+X<z-TvW+FMcvm~0^
z)G9J6<^z(QYB0d;=8o8~#s4Mcp*TMD1B$R{4?wN%znNYWJDpH#sZvh=5D0mVjdx_{
zRRZ3vPtH?%EE~!^GUITd$#C)i87gk_E}il)KX&G*Le_NL<%M7ZtVSZ^vy<R*8X3OY
z^vyxP!8><DyJ6FH>E=nveJfWKcI<NNDr~PGWjQkzbZWrF+N8|epO-n|K5_gK0mu51
z+pZ09R;%Qa8u0$mB{$*j-O=~{qAE~<@;zw65Caf?6#%*FNH`H;$Yk8OTNfiz|5si)
zt<)|h<APT^1i}Pt6MuUU<qSh$ysV%%7^=oeVJvCX_mWcQ6=<nO+KKfR9Mn6{ag~@F
z9JIRdMWB*yC9G7m78l9!qIH%9kTcnjzZ#h@$8EQbpJE8ch@!H4A%)PIH_q<Ve5%7|
zv!xL|Fa-4arG{i9JG->d9}?Q|1643EFE78miLV7Ys_-j^GY(|ha)7jKV6i^w>rPsE
zDJe&Fpc?7SB3)>C)v8&nRS$Hd^W^ofoL5>|f-HKG4bd>V98`JGJcFS&AKe&-#x}w^
z0DvpYVO@GLypMQq6u$pJ4>NUS9cC<I8IKJ*&cMq}-<#AxAi&c_)8I_?P-iGQU<3QO
zGB(Iwqb~eg>B`UDaphe*Z6IIsT9G!KO(?bRSPn0Oeo%GmIC$&U*Hypi<V5I~Ml{)=
z*gfo4nBHns$o3MV2s<5QhFxVSh3!15wkSB^-wN0L=jF+M(Mwe(9=7E((qOuxVjdq=
zB#7z~qk2^t8lSshjL(dB9+tM|EJDaM>o?{Y94q%KPQdt--Ls-trItTI{%*(D`y!+6
zoANJN3fVNQ-&w3P+m^rPl0<_E1Qwoh5MZuqP2OisnBsN)n2lMtcw(OUON)}Q%Wsqv
z?nEYbPB8$bi)$8T>v-oR+bDaAWKW4d!G@v=pA=+6&^NRQFzgFi738)6h9vHKCif@g
ziGWAS0vm2Fm=2Fl+$JxIA+bDIx-YcEcx>3n&i`M*!Qq2$3=UXOa1%B4{7p8YqZT9g
z>_IDF__|iy-{*25rJF#C8r1t@x(3W|$FxVyAw+8cZaVNY?{?g8P4r{IW-_&u5U((A
za)DwIB2dr(NWq9e-tfYdSGhS|Yi1MH)q^X}{y8e&Xv0S;n9$_dtfgH2s_P&?>eKbP
zKF=lmTDLM8NgDgp<}Y+F&fiQHwU|I406MDh$VJkv`fctsxMv>`dc7m?4W6jrC16)B
z+Qe^VIAn&%qP=z0D=0t~L>6;G#DN*PkAtFU;%geJ4~e>ZZ@jPDR0}Fu>L^E~Y|6}^
zi$e-!ta?(PwSN&k@8tvFXNb;1UBVZ=K$?nl95pR8WhJN2fOLTZ8^X6CfVz>UqMwjE
zO%D)o>OAatTV%=d4r{-xeTRHe^5+2D+bGI_nbTh0hFb@WPLTK#lsfm(N=_Pmh6nc?
z=f2PGVj&y9#F)MNFiw?{muW|2H=$)w6hv5XR&k98=TUs}Ofn5RSNLVUX~QDDN@lpW
zyymL(C*^WBd7(-apv)>B6+_ONptLyXzYl<1`;d%sf@-df4P2kPQ$ez0CU%xtbr&!#
zXr>7b`ukFxi4osiDORU|F&PLB&Wt_w6X-;6J8q44<j)2Qg^!7KKnm@57V2hpeoWa6
zq-0*?;I3jf-fhL-srY@b`8Ulirrj?!AD!QZff7!hKmPX-B^(Gum>mqz!ReSbLX`wm
zZb1NaK#RXedCDBhs?|<KrHJ>SwL8L<+<{q?$Z0tq7baqJ`VR*9J80Y5B`0UAt0b`5
zS}(B#_Ra<l0i%?Z9^?ec2%`?WqHaueC0}Ue#rK*6wl_rwqz_Mtdr?3OEI(i`KUI2=
zv(1L*=7)$*hDx)8{3)sgr#067_iVPk{yLwgO#dv1Xz?4A+1C>UM~1OCf+8$>FP1*t
z_@6oUZ*n%Lk&X>TzBA&{+@-K!+DugRk=xO?*_W>5PP-|$(wAch=56Buy8@5QB>8Au
zBEA=7E<BiFWtY9=k~&Trq=#LUm(a~WyQ}=0dp;(`jS@m2I2nn_2n>!c7ul1CS9wpY
z+*qz-RI~hC0`mf?im`~zfKqd8|Nmoy5T+fYs<z<FJA`IR?)3oTwzV8{I&0h=sJ=go
z`d}Xdjc=xz5q*h1M&2=)=i2EEMfzTZz-lihM*6e1VXDqwki%%CT_@C<Q8;NP7;y>U
z4N<z-4;7++|IG?V)}!cAo)li}lZC4<thS2>CwXlIkV@tW>^G={vg6ybb&@y&J@KRr
zjDCWHNrR*wr0dpH`pjZ+1y~2SQ1<&`G9#MHaB#R<-+TjxnWfJi@_jQvpu~=yXx0M1
zgdV#hadC%GK_GLW6|vhH#R`;<p1grI5!~Gq4q2edtLn%Zw&PQ&S6vW?mT>|DYl0s<
z132Y<wn-!i0BTGE5QAXC6abnDFtpACZiV!4bNy3+Wt|oUV4*fmb6M+%1~m>SG^9w~
zpa68FWE;blS?DVnx8zY<iAy|rcet#FkUyv7WVjn<qvGUZT}sa5JY1&D&Jx%ltExUl
zalLyfH=HbC&t>zGwkzK5uZ}SAyCz2zofYj?Ys`v^68;)vk6==<+P8O>@stE)QZSW+
zAmN;Wg<<VWtX_HSybO)$wi+7<lEN4RX2NU5h6A?qos-2VSvI?pI;t65zdiG=s#a1c
zGSuf5&Z65-LFcheP{Caqw{r6TsCV$XDLwNdx{EYNpZvN|2rZDiRnaT8jEmJo^%ISy
z$j6E5l2;zSGyYC5y(aXZE#f~&s>M7$9nuVhKt?##dU*yl=Q2|lEL}GO16>MSJN3kN
z$ZHQ|${!tLgT(6!d~Z+GKQ;LEbj*OVQ_P{a#u!|Ki2Lh{$VaMQmT(-!b;*YWAnNN~
zrA>pZW8?hy-|_351Xvq`mO10;#O-YxT*sg63N7my2#(jc!9`*xK5w1T=D?k&cnV*#
zy6Ec5^vNy{^_>L-`XTb6g?4*;V?<hgYRSd(5>@zFNrJkFOJis(hOk+<-Uyl_fwN4(
z`{U}O?@{t;Rw-$;uMhT*)Qfw8+T*6B73lRonrq$CL^M%-DIG8YN8)%sih*$g_5+|Z
z06IeY87odjc>|5OqmrAKcHzX@!8xK-f}$naPz#@CSFZ&|cZUAAAVL?Ghx=10xJIb9
zcTbq@a~J2=08FF1&4&gOp?&XJZPVHkNBRB!Y?Lc1G2m>Mcxiz~AmPqHe(V~FK2ao;
z2}f#3iogkO_mQ2JlJS;q#o19`^bg6PEV^3SD~Ml(!TtKVFfy#Xk{yMKJpJSSzfD2@
zlzW|Id8u)>_T{+#R<)Uee<|OwWSL{CNl!hz<G9I&X9%6FvfKU`ft!w*$tB99=NJx&
z+@D$JQl*8mMVe0!B5}EX)n`drE@j10J#I8>A$RMlb@~!x&wWE{+TYCEt3pa$C@a08
z85mA%>>Rk9An*PUU&KdZ%Gjv+=}&FQLQs$t^z-6-`+(o7FuaJV-S3vAan3{4^Q^;w
zK=~auy|StrKRLo#4L9DD!6(R|LY!LP=gI#rsQ>zX_jE{cY)`zL-@&*7`<{O7viEMX
zIZon5O3a(!diA+(!Di-9{_zUyoy#nRgF-I`rQC;xXB@>8tc5l4lWzPKV4>HZk~EA_
z`7OqBH6z;Tu{siD114s)$Rt10)SBPHZhf=|@C(c!MAaO58A9!U)40x3!k}QDQk~`i
z2X%t`9YUEOAD|W?zV3OUG=M>3tW0Ms>i8^eDhw=#A6eY%N9@TyK_yrv8#TdMr0Ovz
zf3^j$+K7oWAzsi|Ez*0N6emCxz9ATJ*smc70LU{%*F9LCtxPfQl^87tEjg)eSPfxv
zsZWMs4fvd{S2E;?EgFq5PXsHCp!Qpr2j|Kafa>0>CgGSq5?KG1V29Zj2)rHO&LPS;
ziZIrTN-1H@h6S+ay@4o}HKbclUNfJ);_uD(sTb^&!!+2K%)7KvN_v0L|KC_s<A!Zn
zT$1=A<l|7pyX7-Eb_;m$2caD^4I?thCH$eGfxQi!76~f^%OeDARuZeI_Q31{LYopE
zxs;N{^oBU$Ipgm8Z#TEd(XJ1yFq(RHp6uCAVtk$=L<Y=8;jxusr6&<UYPt*6V1mD*
zd@E!r%ln_fg2N88XX>a|EAnpUUWpO(XPD$+zn=rb%i;l98pAqth`@?p2nrWh>P{jT
zo=CyBJ+0F#9;a#kw08hEFhWZt19m<6MnnDkK1i*8NtpzRwo1M9)=)cg0CtNIpbN-4
zOC;f-;s3zgmd35|L!DoTu1Md*dliauyanfL$eH^V^Vbr!A+*-^Z|h)e(EKCzT*x*p
z!hBxy=6l_afpwI*ayB!v-XhMPuy0zvQGO9$QU)o!!N$8mGd4P8&Rom^*x%@t;~-)a
zZ;xvcmD45op=~XB0{!K{hSB@c%V%tn+?w=;4F?P*0%)1;zV0qrYb)}Z1&{01{w|zW
zry<rXi_V+C!WT!G;K77=A#<UZ0yD0v-sj-VKYjq#L((hxH_o_3c6q{s-aa6F6a3oe
zD_C}`V>BCmw@E&E0-_#dV39O3ePYdLfT9SrEHOX{9a(#hc2X4e!yL@qwAQ?UCSJ<;
zFHHFItP;@T`iNH4#;t_lRNg*Y5J5}0*Xh^f$ZdJLs_`q_oVQeN1;gCRPN924CsUUW
z1c6h4XDvdx#l^lV*V|+|vVEg`+;`#$45{Iio6Zg~f3_vLU0+Qlpu2IepYLHe#&?|t
z2jHx&jXw~C?_`2D(4f1LRMu<=`$3?#;!ub)e4HecA!;Oo%%REZn!QW#W)31~mI$Mn
z|A%jGHqYl@RsmnO-4I-ZD=Fj91+J4RgC%y^<KmU_-5}~F`H2vc{=w7Nr6ztb;05?7
z_)|1%PBgUNjUT74b$g{9cYSR3|H~@F=qQPQd2CQ8E%hQ3-N!JSbp5{hhnF+$lp_R&
z(BUU&)TncBlQ5l@ubV~CGk{@!vcry<-HZ4AK!><-y#sp2Fq5-ak~M}^T>h)inqwGL
zCIvUM%&B<dZ9Cv4iR->D^=k&kr-#!_zZbURQhj%)7^}E`L9Jf4s5O2!jE%cwJk$bq
z3okql_2W0b0x0O7hMpj*Cz=Y&<)|P^M9Sw>RmUu40pxJDHQOKsC!&^LgHtYC<sAw%
z0s+XSM#2(?7;=Bvs)|fCcXrox$4GCg;n&%kY*>}o8Nk6I&?MQ_@3%3iQsU2xEY9O<
zqxVQWWLNPg{YgVggHTK<4nTW{R~nu^m##=;R1p~CvELa(I&bO7>LCNK**h~~!3sW|
z!DMM)_#oI-gb@lB^627~Sn<=a(*=w;9tXQvnh*8#yUH!jc1NJuQ#oJ+VGg+6uKB_V
z(!Tp16B-7ppngS6*{%`s%vO4^h2qF%w@zXt2`-;u1sEz9$hhjg)mw`)sQ4O!16h(0
zE`EQ7bb#&F<z{z2qGkYPb%0eeuqA{PFyncu!Tz*)BVewmbc!+oX!5+<HtQOLFtWUr
zVO?k~|1x%buoncHI!W07VBI&3p0p2p`jY+?QDE!+KV={8Dz#jL<u$`of}{(I#l3_g
zfFp{n#^MjtmV2~|uj59OwE$svw>{c#3^2Qzb8MvlDDFD|#snDxC!u($*pq%N^sXYP
z8LGiGu|6!5`kejTnS9+*4KRq`;v1RGCQrnP_t~Z;Z1gh}tIk0A*pD#C0(5#!dCO;f
z3`NVAgR5~@(FUvv<?;JsX=VV*BCLb8fD6Y5$+v5BhBiG?Fj~JA{gJng+Cx(E47H2l
zPxtK%AWg(MpTNd)7-Zss3KN<q1Y<4IzUYNcVC##yDsycT;6-k37>Pn@G!yayq`y4G
zuL+&g%kB`bpKgBKJTo+Xg7s|!^!m}?l3oBQ{Y5X9T^=r2enj{Gi3#szDS%`_ZCi3H
zAQ!`WZrfAc%I_N1Z$#(Hyv7E2XGQT*wt?kpFtavm$k@D%@K7xS7vPl!T<foDqm0W&
zABTDxp@#E%$f5ao95^Ochl0LemnC)qLFgrt6tbObru9_08Yo~PAdg9io%~V8?s12i
z(#>57t>-zkFAI*5jt6kT1D@bkTW@Qiy$hos@oQ&Y)(GtU5wrE&jcUDrOK5!HK##d}
zM&d|d3E|yKkr00Sz*g5HxoDf_hPN7LvZ^{HXgY;cbtv>I(;S8gCh{N}nZ6PL(Ji4j
zL618XPMv@_y0xVE@FKt#JZ9p2K{LEwYW1jFOg>DQ0sdg>E{q7Q{Y_<)>Z0jD-_BWF
z1mpGZ3O~T2t0wJO?qUDPYKx!WpOqH<ZKX#72|iz6^U|G6#+;ME%0mdn70-xEK^#$)
z#)PVJaJxqv3C6%k#V?QkDd$f3U`t+ml@Hqmnie#fqQZt3e`}2jxNe^DZ+p}mx1($-
z)w*l=UJqK+{t(!(l<@m;=}TStULmB!nPZFY?ll;s?Gf!b*Rk}5NxktENM>`C!0N$b
zB%~jrXY3|@d8{bzF9`VazBbDdJy(r~{zcZ10k_KirR)t_3V=||zdIp{faP~<F?aCe
z&#pizO;!bZLC6wGYQ4rU(E`KuwkCGG;?Q}@tkI;CdFzJPh%(?J!(Yin86Q;AHaW)P
z3C(mlu2*T+7AJ1zzpGP6fJ2~)XVvz;2H4DfzPvkmebkk|&<rXWf-N6R0UZ2hV5VrF
zb|EGM@xV36Dds_m2M?(#Kr4^%Tqtz$kWT1wJo2gv)}ylb_t2Do4>#4E$W@FatnQq=
z%VL>Y1;28J+)-te=yo|_%|F4vsy#^#LYgHNy}lb(M32*7vq~;Hr0P;~QrkrV%8%us
zKy(4vNTU7xYeEWr<1A(_3bDIayN8u$gvW;p;uEXmF$9c_yR2Ss`UcE7?Ud!HBsF)2
z8y;KN=OjEQY5S3MIUg<ZWle+S*>nN>ae$b{O>^{IdrSMw&m=G`;|B9EOth2~xw!D`
zrxxQBf9l|^nYtv>R>G|XUz7zb!2`TQLP!p0;$QPws$mrwpf@oNE|BoF@2tLnGhPPY
zuDjPYgOG4yzZDSElKQWwUlR@zyWc;QzrcG;0-6M}f<w1c;E`UmM}xf#Lv14(jo7AE
zM-FaOt+)JxDzv<QkGX1l$w%<9bEbYo#X2(q1tGU;{FQ@fas<0#0#@ii;DR{EUm~o<
zBkLCooW?tF&C13MKNC8?b$lMHuBztV+I62L?MPYMmWnJk;?ItHCddW+01O-FF5^vJ
zGcaABBlEt>VRhp}IcBYKFy~&DF32W}elkjj95S7#1SSJJa|>72^M3fC4uOTg0Vd?t
z-W~_Et+lcTi&&iDQ5GPCkL9V)T5i08Qqm0QF$ALPq>Rchl!8`>Sq2KayQ6wT{!I)N
ze#_t6t}hP3sn3uvgS?ijVU<~WFY>_RZ?0dyUQ8%|4M8hn{iY{8+Rapqi>Owtb53|I
zrj9loo%frNjKJOz6SK6EY;xyZWN9ro^}fS;l-Ec%x}(yJ*a`V-hO7)corFV~?)>Yn
z_FA!kz<_^G<phJw!;>@-nR-28`|IMl%NyJ?cTQZT!d2-(C;Y$@=`wWCa|K&xS#*-=
z+7;_*b*TPm#Pmo#uAqjB9N#sn<QSeVy5h6hQBuF`DZ7~7W8G>9d%4mNNF2YMnfm=C
zjA*tle2^ZWKU@)$rT#~%rhVf90ts+UtDAHa!1)7Vfct>J2WCZl^3B_qqLB2jnm|*U
z;)(;@jm`}_k#VG?C3w4D&53zjp%Eb4N;q!M&pkGK0%nOn3LU1FB-RJSXY?4n@~fc}
zx;dxUcYYHVaz6xUtjRD|&2jh_HOwv}!lITYOCx18Er7Y!@$}U@Kn+`cfN%|{Xu0%u
z+SX}j9#Tl~%Ql8RN<5A`GtY`sTQn2vWrS-NDuL-OCipft5bhdiNL{4oEhvR@N0{r~
zp8&@^(lH-ws;A93^zW5LeojPH!Cw|LfP`WGko--?x)SkoeV8YXz7jS3JC?0L!(Q}c
zp$}@kfN+o9gDcrN;@K!Ii!Vw#H?!0nPV@YFf}!1Nmey;4cbdRzAIju4uG1-rvZ3uN
zOn8hd9$7ZKOj=pKchJgc_y*?nSm{;Pi%&opxPJX=^boBp>|i2d97Ux+-{WXl9N@X=
zzq2y-aszctA#1Xo0{cH0tglot1qJbXAAvLUF$gf3HN+->l%TVIRnhjmk7O1Jxw10n
zLX+`1=^L-V(C;Bc2m(umUL+|(E-)fMu8ikuxBM$2;g}^7Dkf_KlHOO>|EZma?-=sg
z^%_PW8Mv*#IWi->cH4mFB+vrFyH;t*{lB+9|J|S!AZ(Rs<3}Y|&p|F-sHwn#7Dyko
z%98eXm@<kz29m<+XqsBKpG#3WJ@%77j<qb(9fsPeF|mwQ74*3cG6N$;C-Ou6{5kl5
z*SvVu(airh@8zD5gMBGl(vlPv$_a15XGX-+!bl1;)GVFy96B(YidAPKHVVNUu{NO4
z;}^^wf;5GS2yZ^l)G0!&U^074nVl-PMRkh51Z^GK+O4?u|7N>anHqiW+=uwt3jOE{
zIlHIsN!A7ezW4n)TB~4T**TxOm+on_JF&QZC|MyJ5RS|{TCP72C(w7r*&4l`r!*7&
z?6CX9V;mI>A6T;pB;lOE0kiwM*WEr)rk>v#r1uBQLgAeXviW|tP#!-jD(z6({pY}<
zD!dhNu}pN>&WVSO-C5tNnR6^@j1sc^n#3e=!1>jQ<HY9uDR7?W%Q8nuyd~pi{X?u&
z5MH>Pg!4Oek*bnxJ-C)xwlKo+%%!Z6y4PjNI6|C7nA;XYpDAk5d`LD4y1Gt_facah
z+jslJLhC66KaI6j+3KK}FME_~VX*mgzo$Y4f@^ML<yNAaCCG+`5qaIM?D}!TfE|=B
zgoHl#W-^sfn_+^dfZd}c<{vJXx<~b4B5(P6j1&~ugi`q34&W!6wD>I#;EC{4EU>Fn
zT$TphXG_Y<`#0CK*E1U;dQa{Q)rsD+yqWf7FTF&F&@Ah_tL?GHfg-M_8R*)dI58+K
zXmSKi^mM-^9x-ru^_8yYgVoynLt5Hhsy6C=fkZdOO`i~0=jrA1F;nv~Ssc3l%M(@;
z^O+)#IXRmXE^Wu>7uHBD_{M6&-HX6yvzH9<M+~DiKGTs3oY4DIH6YdY9v4tpsDGJ`
z+NK2%#o~}M2g4_KceL(BYYtf069VEdejDgS@%%-nx!71hCi0SF5@Ehxg6|>8WT)x9
zl5}D1HJA8--s*YM2(#Gd=gPX8$<?`i%gZ2L;>43D^vXVv?XLsSiVqY~Xt#K2=30Og
zX%bO?k!r0OmMX736E^tC5D8D1*wIDEcu0ng5!ZKd#45-Fd;wMZUqe<C>Z2U^*h#iq
znTJsWX_rR-SHOr-L6G3od2~A2i6p1`Rm<jcIG>ov|3?qQA*;nUc$`+2hp|=<;4m1o
zbEDU@4k%cUdUedFQ<I0U0uTx%ViJvK10cFS+=vC_o(BbSM^v#Gb(rCEWFMNzg>Qsh
zU{PpI3YlDZn^`i%8}K7dzjTzyv`{H`aa<O0CPf%WmYJ@y4aRI{l%`UD<qUy4X&}n*
zlWJa5)F^Ja9mtK5LxE49S1AC(iDc?r3y*OMIAV7iom*$mS46HT|J1Q0R?!!psIyOc
zN#`DMU&>`nK|7qf`k)v@V<6PhY_XoTB<Vj7z|1xdt=^^dojvXn=SO^z%}YQ;)1&Co
z4<<`|z(%gMCd__B$>bmetEt%;Flks2fE;mq4bv?L&5*z>EwQuhUVwvq$d91&Q(NBz
z+w)$2RW{|HI|C@5J=5qvtwYZzSp&G;Ad0xf0qaA}iabB@1^O9i$wErt<t6U9LIn3x
zsg|(v_GAcTAJzJ*7xT$kHIQ24j^2U@2qml1-F1azd*Jy04}}0e*Wh@60+jh-d{)iV
zK|WKC{;xMBWlYgYytqcO8f~kYs|UZiR7Z64F)@z!QL{2MGt%B6DM3W&;Czii#$skO
zTzHT{4r@WmJ7Z3SSkU6Z6O_hWSnEqjep-l+lHdBG+96j2!8@2na~Nai7f5n5qaS?9
z$y!`8a*Bf~DaCFls6{pWMWk7gCcU@#9OhczyPY8l&?-LQh!Y_GYz45Nt}B$eoB;8i
z!8gQp-V?2ds82%v^freuZ_RL&`Xw8P4GZmvnrh*Mmke|4DzaSV50P-G;L{|oErDOZ
zCeDTTiviXND>b`X1n{7jg4&7c3W`+kXxnP?t=aV39cEPg&00F<uKshraG6ubk*V$)
zrp3URtcGKF@H}T3y;Tx40|CQyQNgq&z)Hg|2Au0*(<d1WwUXaR51(BpJ&o5RX}n|%
z8G5lI=S`n9YJZXxlHY03ProXt`iWWoGXx%YJjLipR$dBgu6EGJCfG@`ZLYF>z1wi2
zQBl{1;L}rjuvL`kj5aH?;&DQ1Zb5!#FW9Re=$A7@H|6>49OAd)5&FWj8iebqn-HrB
zzWH_HLaJfO^+lX+@#%k(`F3qSTvB@}7EjXrM|GB&Ds2qt=1E-@(>Idr_7`(_>|M_X
zx%=%@amiB?8Zf>VM;@vuW>C5f!ReoaS8@xE?A7@Xsu0S)g?YD&$@5eAyfny*wLw=5
zHnaQ(o_09wyrFikq$~t)+4(1AY)H%K@c&{vXugr6PRU#mkFoeyVeKted6w$cO33N5
z(jPMdN%~d2!Kf=P@<JOMNqTg7Bs=}uOa%y=<0L@m@5#`?;H7-f>PoBk11buXv1&sd
z{xmG|ZKHCM;G=MI-i15VJmuLbZUC)nyGAhq(%QTTayHqWV?a6Hr|ySzKFv2;9*Oyz
zmorJdZ+&jvY11sjK1D!2dL>9PS;lo8nfW^#Rop@CC0{t}vc`+Ovf0S-3V)~Q-JDaX
zTsC$WKWhcmv0K>kleqD5bg}{G0~#f<hJ%o+&M6EAoU~d@{ml5wJX@wf1b@n+V#Tu~
z51fHPa^Z>p_}A;JV3Q(F5{jF8%xr$tsf$_UG?tKHSrRUpAXUTL3$Z*b>6NwCV~=*Y
zpkbjv&yot8yAQ?7OMItkFWWqewx%T4WsTY)@f`%YVmeI2(CZaWMHUU<5IIjsGt>DA
zp1)2y?--W(t<9AHrf#!{>o=69dG8XijyR;IVlJs<f9@DayZF^-V5jH%06)m<2Z`JR
z16d?p7?+`?yC5#$6zfVG_dU5+HNX(pF3hc6dl~HW`97r7<>TBORgkvPmroT+uTR?@
z!ZJ2NO4)kL(eVfC5*U`1kv1Eiak@m2zpq*NB6Pkyi!g}Wk|TG_5@b5(XWE;Wbk@9x
z;AFJ+%+;ncLkAt1&kGGq{AG3drnH882QaOO*8ybJd3wa%FE{a*lygHE8qFx{TUdd1
z0fXTa^ImwBWHQl>WToZ!8;prVRYzhIYEI{hM3?g2_9_eozd_H83Vhv4u_?N16uiRF
z)91jM^>15UzF1(r?0=ARpr1YOdhCNOxV!V<01iB6(C6K?dYTr951ZJ)GZmdzKMgdN
zM!mguGQaKxdR;XZFf~5gyh~;Ky7_ZSFX2y~U-juXuE<PPZA^;e3#Y{rg)oksJ;V`M
zPMG`@AY~f{XrP*%?(X(};93i07OVuncV;u`eq{1XpcID@!$p7>dxwaReI^P{6K$@k
zH7iwp3hTTo_EO*F)sTVu8iIK%h4h7-_{ua4#XzcNiwOTvIB-DH7$5q5@NJtEI(%cz
zeKVQg`m!9SNmGpMghQFCNIzH0E3~t-r_;8EHQwg7D@r+=WzX@S%d1z>@7_-Kb8#3A
z!2kdh*md@p4OS`hMfk)LNwsb*p$nE<DX`$0?t>reb~ARc;QMP#jvR6id2VI1|Idn@
z@wtgLeu2go_kT%fd@ijX<-FsZOZuK528vyC&v9`r0(QH(hSYb!X9TtwcpW5)W|o6O
zQ2E|s9hVTF&iZg7ySSf;jl7Q;@Xt3N<$$t~kbZ-2!@ql#TX@N=$RziIYy<U8(w`5s
z$^%~$FHQWgp>ogqJ_BqWseAd|r)ZWMb^yuba_wd=NQ?kBSM+^__X!)`<2_ycBdJ#M
zDZV|`adfks0h-OQjbS;wHzUVyaG#lkM|X(Gzrit_xOYsb3B3>YhsdG3Za*P~Yx(9T
z2frkVZ7UR<VS#@bN7TBV!z0dagRQo!p#m@yae6#sK0LA0kav5s`Rbep0M+#%hdn?C
zEfYaO*E|z|kKCVR!JO=IFuxVw9$9Tnyhduno{4`M-fz@QgdRVg3bGQYw&{G^fGZ)x
z3W4Pi9=PH%$sC|Q4j0c|O8-m*%Mj4EgzU^{$UD%P-IyDX2QR9&7OB|(LkRz7SMi39
z_gfqF$h%B~)03;`c1Dwl1nvZf=N=jfn>;^RibM%^P9Z#Z^d^RSP)FTim98wc%=P@K
zR>kC|wQ~DVxy#vHJNCMk7`)+dl08YjvRk&Ygje&*kja$c(S;auQ1xCap$};@s2&dl
z$POZ)Za!Y5U-_`NlV@i_F1CEhkhO;AEM|WccKe8MB3bztKz%F9UiB4w{$2?FVQkI*
zY4?Xs_}kcHuV2PR7l$vw!dOs0xS`bdToN1LD<jV9%1?pmD^C*Ohn)l>_8b^-WGCu_
zcO;68X59ToTQr<Er4Jv%dN2<RQg8fB&W5<xpKMCaZ~1iXw2bO(Fy3#FnUc>;Z!4hq
zM&)DlbRl2Aa?@elP(FDEiDA)C%cqv_4u0z)t|Gp$Ni1cLtb3f<SM{5_)IFNXWzARx
zk7lf&_=cLVuV(uy7*%z7P#z9Q{4bPnNw*;*oMWz|aA*Hda-1a#d1<ni7aoSSpgHY_
zME=L0!GvxKxu3!r!exlS^&lSHs%zp}dmiMks)}~&G|fOED*x#Ls}9nwA^6zyIfJ5&
zsPL1#?%s!K4!tuB_CFYlJgH<F7N3E(K<3Lxl<xJ`!duE{xM^`m<3<`4ad4({Ty8bM
z^))BzLR65zu~pNtk{z(tpxwg%Oss0{{~kcnEWa9EwbWjl#s~UErdc?h3USx6J>}@Z
zPddn1Nf?qv>>W|4lUkmXbD{QBn`eHkA=4?v98{OT?9|UEfFae!fBMhp8y}%kx*c0_
zIqW~Rm{{ez38{WcFy7i@I&iUeMV!fl1uwzqRUwJ2<kh2>xv3@uAh>Ey8SwoW>)`Y&
z0M*Pf6Hjmp&8a8&S7CV6({Zlw=ri)phNreEnEQenun}dHlS#G7Z$<RBYW<UqQg(B`
z<-vLu?{}6HB!VxDaq!`83}MqXzA@?T`k<8?z;{BUH0_4Y72qas{Rpk}fLnoEjj013
z5^l4uSPuFP>YDzJ#EFO!XyBZF=JP*2Tsp}Abyg2AEA488*GFz+WDNX~66}K1ylpbe
zkWl5X^&wl3)X+U$AR_=h_L&f46Is41gERX4U2G(k(5*>nV494^flJ8iLnch~NQ=-w
z#xhz%?U^bX`>)HTek0J-&N;bWdLBW9kd#7*6vW+XmhI^-cHGVn!;+hd6kUp%iry8Z
zjp&-uX?&~2Dc!W16ip6zL)ZFL`F`H#$TitenoQrH?i_;Bs}Hrk6?vR&R6F{P-|LlV
zmA~nA)O7Eq5#TGZ;z8LG;E9`LWKtkqO(|*q+9Nl`|HwAw+U$r4=heY(&n)!D-G;x&
zD7Y5G`#-0;P$|yMN{=}j9Ne;6dp*|yEHvT&_{3PKcRC{Gg}o{};4O4=&s>oK7=>v=
zC~LnXWz7YJ7$HhzRxMj?$88J`X#QS8f_Mv(Q!mmf4DTMZg!u%`B8|U?>mJZzkFm6=
z=IRu*j(-Zna`sHs`0S8-*6&5B*7J1D!$74{mtCPy7`tYuR!@q34Hp60=)T?2X5Bk&
z8_ExHi~zU@yZE%<56X}0B9}xCBVYcIQ#9!$=ZJ!nr-;`4gG;}weKKc%c?rs00J0dK
z-ld(GDHX&WYlU?Gh~p}1v@&bb=$GnkF+CsY)G`2f_it`lA@=5%ZIR*^LO$z<sb$ZD
zqvk7a{BN)UxgMn$UGx4Y|KUO=!0FmI5L0O){7FLvXd$pyJk~B?Xas39uYKjI7z{QU
z9gWqu6o{zm;WBwD^_IuPxM564J|e>M*>D}V7bhjY;XP@45lM2KjIJ|ksgwhl7?s2!
zS+75foMa-@b!RL%Ha3hca@)kex&YO!zzixfv;=v#`)VIq+BXl~mk(#b-G&$t0b*7~
zG`j7$5h`>;E<UB!!)#~7+KVj37>9{dEIW0UY`HwQeV~39O7*HE{s3HUxCx!-r(iMu
z)r&MI;w$-hAW5Jcq+;%EzivT<Gj#Yt0B=UdfI=b~lkGx6AMw&SsKd9>mOS~Z#4=?}
z?6G}J&c~n*JFRfve1^_^wuQy|j1^elOqiBZpDs2kd~krkBhygS`?W&~j$Ja-3J#TI
zivM<?P_>}x@;$h$DJ>8-YR~96^9GA-^(0(UCWbf`?bzCE&Dg_%;CS1~^<3~bMrzs0
zECT!KImUbrxBviUIMCFId$Wp^ZA(Q|m{z?-vQ*U0NvWs~!zznwF(*i{4q$>qhLuQA
zXjY%we7+KU&=91{XcFhLdX33VJO<r2O~t97b1rr0cU+k)D~sphLI=4)Vzs|*z%zX)
z?JH!F_`bzfC3E{fY^T5g1+O$z4wF@6^7y{O>Nc?9WoQcv;V)mN(@qa=HYTMc@;G{|
zT2)eX3R6ZoEyHqkTc6pBY~=IJ;BeO#G<fWW5+;R~(;`@CH_`2^rj+lUF?11}%RKvk
z4X$`#-QB*2tB*}QckPcGsWAkzWIVRPxX?9tpZmdnj+`<$l;W6f&p(!PBz;*4-*(*M
ziD1sT>zJ$`g~4^pc_33AAy!nMl><h@T70r^kPF|!4ih$jdBT?NC~*H?$H{*+rBXo$
z<7UGFRWRD4w;Z@bAGF33U83us_kRb#0%vzZo~jpW&C^3vm2He$y4Np1enbejeJN=Z
z7eZD;0ED^}K%|0~;uzV+qAXQD^lF#UrM>w$Zsnn^iQR>Ie9=Mcc0Wb4jz-K{|80lh
zV4(g!#u%pBSpFv@ccTE(<b%F}?*~G5R8i`#EL>;KRNy8Nu_ZM*QU-~Naz&{S4J|+1
z!Ox-d6wU0wo`b1bsAh4U+ws?W;XYYvjL2^6L1t3V3j#azmt(eoOG&au1dlD+2xxnw
zytR$j$K=wU0U5|nKnEKjDt2-(H<Q|FZi8smkVvU{Ie!fh$V}Ibs4;*dZQ*K>uP_DT
zRq_jnc3DrTFxkXD>SV)B_gX~uTthCp^Blw~H{#5f>oF&s;6b1@qmdLIBF4)y{y`2;
z&6=3CV5PfBZ*kt###3|=!Ijm_I=WxejOk9@2mzMFh5wy_yteC|<D5XIxN~(<<D8!r
zZf{6pcyESq^I;adDDfHG2=gw#(k2Qh8{JotDn=->?Q!;N?Mm^oEk_$x*f5_DDyy#c
z9v99OUw95rYhk-(Mf;j9(6r=$FSjTC8jRL+sh^#@IemD-w2c2X<H8fQNHM*iaFFn9
zQzdwMl55xD1x^D`sUpjsT`m(RZvxP!>;=FtS~Y!0xYfZAgAQ6d7N{<Ipu9!a&R5&B
zx{jO_JB6L!vuR?g1Ty!j$<>|ev5f1Ggm+lzGxmiZhq$dG@RyDCmZY9i8Z}Yq3wjOM
zr|OypkkY1Xc%vT2isX}Qll1yajFy<KL_A%BI|##$wY3}azOPk13yG#WHHCmM#N2(n
z=~p8`oxa|sWzZ70pBGp4#7TYJjjT)}=rzN9OMG>w%XF-Lvd*54AQc>%c*TZGhBp$O
z3Hk;ZV_o*Y$$?7i1(;X8Tg&evO2Vmy%gNG8qwr*QFPy`IjgL#pCJ>z$b;ze8K8W4|
zV;2E7Kf{OL^5o+W3DTp|cv&j_m*S9cp{dp8Kk5DHxk)l;i~M?L;>bBn#-zr*`OzfM
z;~U5i6nA627kiCYtU{S{w_^xY895Tv*n&#Q2(0%RNUGP|@lydM#b(zvyQ97F?u2C;
zH;=*F&^t{J3!hOpU#7I*C&8%7_QB+#vBX<pzz}`LPd8VV#Ng0X&Jzr{&sEZ_pkIz2
zt_k8`As$Y!y;%>QZ!a7#fpp%l=|LcYt92fv0WlAy0St9|8iNt^37og;L3QgmjG);P
zZ-N~w7#~H9p@#jwzLrIA!`=^?6ts`ZXB6xx5wS7IGwcJQ36}J1G<u5iw{C3&4q$Wu
z)SmxXVBf9zFDP=5o=^irQcD+is=5;jm##IxRp`EL_vz>bI@jz(f){0HJN9xW;upI;
zckbAwJp7m(`n!`i?$P9U7Qm+w-sjb28RAmN-dBIMN=Coum~)E^y<jjfbByopR@@0w
zAK#3OFxwtrQ)h%v2yI?ckhUFo=&UB$=ymopkvE8QFV`CD`oJO+Hc+Sn=65OuHiRD8
zXMdU#@#Hd72jbg+3%@m~l#OpuKwW^Qf{H$_ShEa|N2<PHTBm`2PP>K5%xvbA<Vpzn
zy;*dq!amemyH0eh*xry2v>k9?@YjML-Vb$%CtXN7kyoPTPOVk-gALks#gesge=4dx
zzzupjP8q6oD`gdj8v$Y?KM1`Zl0AejcvpETao5j!a)(j9iBuxQV&^j!575<<^)bf<
zST?bQq?|pXuiN5TF*fk#y5B)OvT>_u)1F6LJG_+cxuhK_uSToH1*Ug>s}L}8gd^gE
zS$)~19c+8{y~EpQp7pmz?y(AbW|e&Fu@OuAIFB@r<F$kc@U_^FCgs1n2UPVjkTW=$
zS{kNF0+;?3qlX7DRhm^MXTNi_36rEKUa4KbeTOhF=J@GsS1r_8DBMs{9)2&2&WYTw
zslMAoi>+=Z!sFJ_ojTCfj1_|4`^zkHTEcYOAHDQ}n2cH(JdHYtd&E>OmEbP&`kS5C
zJvI0PNGAmLC#WT2<%)d74aX{wU&YOUVC`F;g$T&e*;BjQ9Ih_fIIkz%V8R#4gdc@o
zuC<h9z?%b%&}t|vBaa45K3MASbsh*jz_Wk~TVt7RdERgNWmyZ+d#A#@J=}4ARdYjk
zx~~DQX(r{uuTi$pzF=?E{#5iI&p-=VrR$%k*nzmJ=CC7DRDct<7L&<sPa7lZ!wc)V
zul#)9K4#p^8jG1;`I6GoB*JL)?l%3DHjli}(ai&TnD@@JA^}}_XoZ-+AL3<0C?jdT
z;&aiZ=g_xnTB3UT+zB)VDea}f{?6uIV7r|p{+G<EPw>(W5;my|LziLb=8kQF_su;1
zxwwUDujwsMKB)_>=O+5V`&#SM9=q3~^(915gZ=Rpkk7~q0R-NMMSP{6p(f)CI8w&(
zT6>Zh?I5@K&*jgjuOZpPtQ!&{q_!@g)2XlZizN8$MkYvUuZU$`eimMf)X+5vIOT{@
z;6PGngPKxeu5;o6p?hX_m2(1%G|aj%Wa+Sf$VANCIr9@}lOF6|2<0$mDVE4$o23{F
z@Y`BqOd(8S=Mkk<BfUq`y33(IIPtc?vfRr^?BX5JcuwZWzxDBn2jh-yO^})DaYJ$^
z614Glmmdv7nM7EWt&EXKwf$f!)0!~gKgZtly{CZ-;<e6Gz)2lLYnxg~gbQjbF7qNq
z6ZNII2l(;6sU#ZtP2C4E-7*nsfGd(CJ5-k*yt^S8QzFWb%xf86H991`XHiI78eR3%
zHVI_|h07uBHh;`GBk!xcwT{rg$-t?Ts+ySL8z;j1My*j>`=7cEH~<8EIBScaG)f_+
zS!~{bjuq1KX$T5?A94j^H;KcXg>D5h$**7IlBwEc(S%LV3Li2zAqsFca9xW6AR@#@
zXb8rK%Elfj#n^qYA9Z$Wr;7n6<Sw)G0*(hXE7Qi_3H!|Faju9FZdIi=D5DL}4f^{I
zB<)M80m31499K76pl_u{y2$C!FIUKdiNuBf=V@=Npw!(}nuhL2J3I5at^jLXggE4y
z;_yRR8_z8&7^-pDc${->E+kMN%C7-i-+hItLru?SCiDTo4eD_0z(F!%<<uFl;~s=X
zF+gsjzZ0btwzoxH>hp58z@hfzyZQia4oBYGv|Gkf#iU71)&LS5)`B3Fy6C~`G7WdG
zE3GXiT`f>UCkH&R(bHpNEE>7biu*uNfRG?+&VNKSRG3(fia$!+3xUAUg${n>end*Z
z2c^oCWNG0ysW?-PLzGDX#FiMqA?A6q1yF>Dz8j24Gwcggv|1D-n*dMhjbH*@qKSR<
z?A!8kqEP!*X8T%|<-x}T)^RKNFMy!Y9dZq_j=1AtUcjV84xR#>;-`G+p{xU(yV3+8
zvdRJDU-5U%LJf{Vr3Gy0+vF{``j$o*4DMT+S+w&?eb#ri{O|*0qgI-++`ng7*TC5w
z`jgDr?&G2+d*lUBfopp@rD@9tS1|smm#Cf1_12aGBj6(|zUk%?05tCnLF1<)#$0AT
z^K~doqx@WxIsr!zQ(Y8QrMD;ohx-O+avFk44Jy<na=xaYhugMws9f}Ec(HZwoWF*{
z(3qtB;+~$koz}yRQ{ol}tC}|TjkH?36OobxI_K8rfIS_ZU1Ntw0okL6bqu5bgdZ%L
zpdUgxfeX^a+7vfj_;KDMX31_=YT4MGN^}!rtcj-z)0D5U)h`IpfJbN(%XH>|F4^kR
z(Z^A~j&YD@ml$7O*!L38sqWN}PZzxAdfK|DU^r)xxf*|$o$i)be@f~Dcz8e&P-V%j
zvYb<+r^iji(G<kGms-WM9AL#Igzie!B9~;l_Ji7oHDU;RAv}rf^4lXL3Dz))Xddk#
zTFDoRIH=5Uc{_O!Brwo1Z?j{gUNL2<1f|5`+)x4!#O*h=Pw;XegYxP356^5V;SV<Q
zouT5jKl8O7YF4p${u8GR6CK+CIabd734JXv9HNJ3YSfL{tQi}YiRrV$Qhl)4fi_bF
zLX@w6xQz5%JiTJg^kHNQY7_NhX|W2o+pJwM2@xC4V?7J9e#iVAi$;mX`A_?pZ*ZWP
zDg*t2mAbpDxB)wGo2aB7<F8J`r+krAyDJP2cJ!4;3ldXGbB@YzMX3wmJfI)8WD0pW
zR|)oZ^1_~ie?lw()Od8~ttU}K9Sk)Fq1wUuMZ^IneZn`-3%}X2Fa|qgRYFiM-g7T+
z(W=+3rmUhpb)-q}5%-0Qs)1O+8bkoK=T8eR*$2)#@|%CXrH%T7F&5%b=sd1Af6i77
zAK8FY|K)moecX0qYN1GhJUGbk*pz1g)9hwq3h}&gcQNwQ0dHv0UUhm&Q%wP<fc7Fx
z@AqxQah@W@;9$}_C7e5Ak8w>Rq|PnKPNd~|i`=k1@>Bh8XClqMnd8``#?2P(Btxm`
z2Q<pq4lltKVU-&K-Ri&%3rVA@TmD>rYFCT%NXwrhmw<9WOwIW<dQa=Q3D*4uGa=YP
z*`fJPrfHE~3yEdWe)kvR0AO`j3w2_@8;h)r6-|6iYp#ib1PJ0~sHG-|Z(*&^Cs9HD
z=I|faJ-NY!c4c8k1NP7-s$VMsd8EG#Pf<+1k9;=$8z`Vq&2Fin$0Q6MAHZSsq^VIZ
z@nTjric9P>j4e=khC5(-7{_?Y7&209Sl&q`J>@q0T1dm5w(OER<YO&Nxsxr54SHn%
zN{_;La$p0i4HGSkio4%dYgW0oyd7Q*v2&iBUy(o5xdaPPjQ~B7H(HiJxclrWVSjG6
zDO9`SA!T{W(DimLD!mD<^;-I{&{5V#xKuo0s{(sTxl^PQs{$Rx``^PS`(jWP1{K!%
zYx1_9_Y?3gyx$Re-R2h<$m-dl>tADojWK-jf}ze06zcj-fxJlYPe95tL0AFVMu^>_
zl;p&U6pf4SIb7ct@5xtFt5t3b<=n*F7<dRQ1dVfjd=ODBOxt;-X|w*Enp{B7jXA1K
zn5c3FgmbhQxG@gRb{gt4LR2lBVL1rL2^Hol?-#n|ke1#W#?eUL+zDLMt}tq<i}=VB
zxm|+2tiX^-Bb&37e(p<mk1-vNyk)$+3xm&uBN`o<GDc-@GLCQE6)b20PWQ7GxG-!}
zLv9XNMQqt&(qEv+Mj{Dt?j;~-#f8b8A&>SJ`R65_0&#t*nZHg1zDjm#nin~I;mVnJ
zl*om&oPov^;_9jRQr`}-Zfh&Nt0_KXFA|Q=U<MLH2Lf&xh}(D9T=1LD4VU$8$paS;
zdc&|7DFR&6jxirW+O8X&NEkx4@~gvTUHp*+uW|yqkl+43qDr}j!fK`Fsroh}8F@p8
z2AB0204@x=8)i;@sq0r8bN2ym;y%iBFo>N<aW~4$H0`(}QJ;nLu`Q@IY)hBg@Pk0_
zKv2~EMjGBRlkbl;%ofF(sT=@v9O~U}S*>Nmr4IK#Yf~)Mw)j58#3!5Z^cOEeBkgl`
zL?GigS*80eq)aiAjCLz7WBw0ZI65Rm%z78oNJPs}9rf}Pb|;3%AYU`APhx+vgA;pj
zK18;d06{r1t7`v;R>)HK7W~k&iT#G+&1`oPo~w-X9V7KaWkpwgPB{a<%?H4CN#LJH
zP(LR0ir4vPx$jY+41jm4e|)ooI<MuymqAcY)0S&;`2SgtZip|JqNL(cSqQUR>eS$#
zkLZGHFA|J;s-;Yimqupk`kWcBctUfd6Ps(QDIE@PxCCJuVI#bD)MusIb`hR4Q+T4O
zEv*d=Xo!IdAO>MxE~=D3TUxcRhD5?6x@cbVIwn_>v7Ers1FaDDl111kIf5Mm=~C_x
zx%d6XG)$f8MUUb-Z&N~GDr2QMoJgbIJc69hU`UyhYzT6W1DKyvLbl{z!?rr9)8AlW
zO$Qq+>EGp@vbDoB!hfT-p%Yub#F{y|?XbgHN(H7`ljqT@Qnz;sMx<knRpSVP9x|$~
zYqDHgaJJW0cK;yq6txl6J4Z9=D48xsjVX;4ut!#22sign*0i8T7wgH$1A7&g-BEeD
z0dG~UO)xnf!S{rYP3#gZ2|Xs_$=R@D0Z=05aCS%8_bAMXx1_m6zb8sNJn^=<t51Xu
zJ0mW=d%yiql-=u8G$C6{GIh7vN+IKZi2zC`m0!Cr*@LQf6D0yLVKzp_2%&@@5$DTS
zH}b|PlNx!hTFey9^RUCqs#tdl-~wHs>?Z^N{l?%tyRHu58+8s$w7;;6$uN%LXd#}@
zY_QA<24KbK5>T}+?i?;M#u%q<jXnO4p09M%2S_f1O3s@<{>rr~rk7yMk+!2{LSmSO
z*LU!Zd!F=#7Nh2r$bh>C;4#6ftbP#+<t7!hDl^VNr*|bWP5+H#WM6ZvLCXu)Kz#I6
zJbj*=1R(W#AqM*pofwuptdo7IE$$&04(fV?np_p*Q8?q18=H?B@cOp*!C?CXS!Kas
zkd~^lUjq3r>@c?jU+Dk_m=@dUd0xIO+Y{B~+V+lA$fIQK)bq1I@_dVToKpR+wg+s)
zMnB+h7jbw8C!HJ+q>D|9o%kfkOYUTsNO=q3HJ2mu?>YdXBU7Ha`m<!FcRzj1jDv;R
zL3A<r+q#X!js&5;5O|}ipje?j^h#dtz*4T|8=?wNb$Q5dJyssw9eQUSW9>+y#uF-p
zm&;Yf;Mba(dT7;NE;*vFlhedVw`!}k0EI)K?8Yv>SzV#OSoTB#qO%SesnYSSawGgz
zC}aBzIm#=njOF}Epm73D>@HuIv7gS7l*iaLYBIj<slj4!Wwq}Zi8m$W9k1N1Li&pq
ze?zb|#4I~E!#SBavv!yr<Tb8}dtzX&)UH-5mc!e*84(h@&P=~)k<AV`etLAaB(3{I
zeHy&1P7al%KwQ~3?AUwWC-0{#z4nzhC8Rm?#WXVc!SYvPniX88<lzie3S&4I<$llo
z_BW1cdJ!JdW^b(6cEej<ZWID&toLF0jk=vBn_R8^4^5nj`B&Z*Zc{+W!GF`e)X`qV
zrZ_F3W~>Pqm?iy->Vo8;k~)Z*dIY>}v07s2M~n@+er<1=1Fl9;ZIq0v>cgS|4iML`
zG~?J4VBPZ!O)#S`T!+px;_!|h_XNTY7=Rgk37)3pa3#MfER&YMzcSEW#8G;e5llSd
z4i;ZqZXN^~P^$X@vgkIYW6E72ts53Sfj(fG_4#AcrY%!$zcnoXY;g_Cb8d1O(4?|L
zi4%>cb$|se$5s}RfV2sAl$TJwCdey|8}vtJnB`x7E(Ykza>NgEU-vHT0Y&^AlgqSb
z%|O&PO1bB?nQSS=aCX0+Lg=LrNmdb<tCOMm>B~irWTG%4U1bm<+xUivZ2vvPC)k~4
zYcd)NiN~s3EdQPSg(>*dbx{lTFODjE78@(A1n0dSkH%yn+?m!0yNvF&hoba|@%-ur
zt)`i7vR)MVCTL+e6GGvtLFaB3Xc->pk-`#GmQ_!}&2nm2#}3YSCYpvJ)wa?rbwo@N
z+tIh~DdCzt5pa1iz?oqO>q^!;U}{9b2Qyfz5K&fC*&Vh9?na4<OYGmm6K-iwpLULA
zsxHC!hn|$Hz3lheRq(V3cM>5|v)>UebJp4#q{Gj>L;kGbR}`!RW-`CMX0pkrxiHk#
z^^DYEQ2Mhidq!(87HWu);$vv$ng^VwX%gJBU6xZq+df&7MP}r5W2|6qNZ44?A!%NV
zD*$EB?O43`9{G8NEo{#=4+V+eHg|vgI})T>q1L3Pw34or4i~8vHSnarRc+*=cjV83
zCMFygx{>1ef8ISgF_6!RZh29Nh{byoDJ|%R8uMt()AfbfS4EhGaKbIjxkU>P1H}3T
zgt@n4v$8O)J&6KSo5<{)*eYem1m#?Hp{KDN8vXm9#-St3iTrc<!O@=(o>)$f?xGHY
z<rB~XfkA9QDtzeFkUa~A&Qo}FwR<*&VNM27u$HyN6gqx^wVhw>k`Gb1phi5G5d5p#
zw7?lxoV6-QKF-?sHER+_B2rbP0`u20-%+L`glKQmws#zFEG8wIRRj(0cgUlwoo3Te
zRERW+4fsv=loKRjDAleq4-O$^JVSE(H?3P-HQhc{&!EEypHk=QS&y{gFQbDGG=^Q}
zqlfmqk}nnO30rYMZ`N3`QBC!TVx?0n*LtJku7H}|VDw(b2XTr~p-LB*^{@-A#LC5X
zFH~aXQyKf2Lz>)hjT)oN@FOOgEIS*<OQis`TJkfXH+hw0Z;0aMFX&;mB85L0FOM$<
z1G|3s59XZ(o9I!KM)2?c0qsD;iBV9(Ck^nDE`OV^mBnWf9WsvXg{9)5n@Zq#s6_{i
z_+ed^Z@<_-1JpYkk?OgX@<<^)gBru2QAwyC?z0ShGe@>TUUxY_HD*DMSX-l?9|xL_
zTZ4D%Y}!L{#wEf9=3&jT8QIagheJTQz%4GBtc-R@vF`HbW0<B*F=2S@r08l&Aa<mg
zuG+!7oX*79FrngXhycUXcAZXHJNgm7?%@(G+ksCW4RZJ-tC5aKd1XMtXRAq#dMgq~
zpaDSDAOA=BBaU)1IyCzZWB8Wj>_ZT1<?NS@YAqp=$>n+)2W5}JQI}r{$opc9wh-#H
z`5PE1(YI7!YhxvQxp6~Vf%6}7e~YwZT^7a8fUUZ9$0sf6P;m}k-scg$9nxC3)axN&
zeV*R#cZaG3_8vHg;~bJF*gp{dhTfoi6V`O}@e(US_-gc>5NCI#1abk0(X~`<I;yY;
zv)kXHL8=~ZUm&-eFLex+AT^R}e`MYPXbG40En79ingvWsiB@n#0x#QvLi6*lH2VdP
ztSF&@YYId}3B;P9;2FZ{s&xzkSjw83WANg<5hNzJv9e)@QF$fC6M#{wZJHzAJ^ko1
zoeCgfPW>;fHF*=OM>s*2QNAc(huL<tq4q~+ARw<#at&Hc7daFJIQV*dE`6wr6L(b`
zO-<e8B&6*Io}55CkCMx<<qf}9kVWv~tfs>IzWcPmC!8-v3DuA0mP@O6u-kYkX@L07
zx9Qc*B@k2&b=igJG1eybC}s0PGj|K61WWY#JsXrJUhSBh<>TLviuGlWt1%fkJb;Cr
zWi@LdO(jxbKI>L6m#5L2ImWlCHS9O!`l#Ul^{kcmokP&~#AuvNUXXv63sK|2ksq16
zp2+GU8uxcc>puK1LgCjd6uvs+v_ClsPyh;#O+)x#?N>syQk1E_0XB8={U2d?w_7ZZ
zwu8)SJ5;vq-0DnVq;e%!MIuJnV#tFzS1gkS54uLtWDtIhil1kkE(}m}vnXRWF^5{L
zzWN;cXrY&HitZpw_&{zXCVaq77+0<h^@>R?V(TK2)bMr(1ah<7FQ5jq4#{>ONBr;h
zl19|gRXZk#khbBV2-%g)2YU5?!k%8n!P(NwthMng*-ACu$=tuFA9v@rc^U<UvZCX~
zSoy)99JRoB1xb8cwa769LS<T0!Zw8p4P)|4Bj!}CIY8jqTk3wEF0jM*{3!IR2s#V|
zMp4YMPgx3K4#dOZ*(1WI6(8bo-+&yoNVkqdN>-n7k&LvuBotl~whdYFyrmVuY!6x*
zGQ+_(wGB8rtBf0^i=Q^{&7v_(6-<EM55Xk`VBz_Y4?S&aH&Hgw&(bO4v6+G8kt{M@
z79{NN-B}pblB@siKP<=!j8fXJ6gouI4F;f7_V!bxA4)>MzF)ze6);p#8=?q}&lfql
zxrgq3C4hZ1eT?O4Vu3>dQwh@O8hX*VL2qHVk{^f@Hm9U;WpTHbI6aX5aLN)KR@`6=
z3*}%g$8Ki{?3v-Yv6?;c8q7#@ui9lc#Q>WdNZJJb17Jju(^*+juXlQiLS_U)bDxnl
zQx(J<{rTK&NVn%$WhYn;L@1sO$bETvq0lJz^M?x5vTZ#fbek;#%$7kq?awLz+2D^U
zXCjTmGJeM;Co2rJ@Tw&@<I5{jBl^zQ$olUE8LMjU>9;S@wW@SKuPUSeJ@#O@)@PhV
z%<E^mEy3ArCn%#W_A6rnHEkUo=&RJW2HbVnnPa;kx;{SdbjJ!%k7ma84tH}aJt(BM
zz@nHdsVG?bBg-phqa^D>UeGEV5|Bj3Joq^l1^Wpk3)o8tMWVc|c^w}wKwLQ_mG&V9
zaiXw2bPw7M{dvM^(Kzr-&-6;3qJe_L>sISSvdg}W(hCU3vZ4U8rdeSv1bYrJ044=U
z!G8l*RV8+i1cHm>%DOgvZCM$yab$oo(E{CR-Vh1sD3Gd0PuBw%67c08MV2H^mFCO)
z8Mp6_IY6_A<{*sf;)P`Y+nE9XrQx|9c%$lZwIC(s<r;f3=V-o<6I9_KTlfG8|8@Tx
zqAoj&!qD4H0dBOt{osN@J^vKZ!N(K1H)$9E8w&tSDrkP;9Ij$)HWvj<=W8m?4ei*w
z<oq(q+sO8<Kt*73nU?;jD2NH7SHGm8G{#k_4^X8L3tY>N0+63h!aO%;X^;TarnZ%I
zCPBp)&xTRpSa9raU5PpiSiV8H#rgSTs4eYs5&6dD$n%3bYO!`p@*3qqya;|za||;I
z>0&jljKT+k6!0I$0>Y%f1~7_PMW9`0s|G?T(G(Tur;DbMwjcj)wr-!XOrp*@tr+K=
z`h$tY4V|;k2akAy{G=UGZd=<v6$SdoX9<!o{pca)d#kQ?$kFY;>}FJ8S4H=gr}OSQ
zrCOc()gX9~jaGC3tRf38r2|OP9#;Xiq+ntz$o|y@gZPUuAinz%EMo)cyev1zjI*qC
zYG3fAWLNvBjEYP3+r+){;5pJr?%+DDtGd<FRRl6)u||}aWLz%+a1Jot{j%2MQC15T
zRcTvRi%qbTx;wV$PC^;AP~|?-{JiV%CWBP)BVJF^vn=Ktp>WJO0p@pJ;th-!!g*LQ
z!7Hcc%6b5KK__IBmRFa@{yK37XxAY7C$WGgXGB*REH0<MEC7ZdBtHYNhD3FXjS-5n
zs$74Url>Im#vLNfHeSoSqdKuNWW$jlMbDiqKTVO@BT}kxpdgM^!&va+vdQ=%pNF|f
zZhlIt*KkDR)-trI*8=Wv@-M|NYOs1*RP3cHvIA)5O`t&2$%5CaJ5f7dZvYYd{FNXU
zc%!B|e@=3R;^z$=h>P%3&tW7A-nPY~YEZqk!STS@zL((u=nP3oaQV&SH7nuyXkSUb
zD&?BmVA$XQA=0XY;gn~yIZ%KOKQd#kQnzI4B9}b_uyDvYhHGjJ&YhWId`0?nhQ!`d
zz5u-t9k35GQ!PU%QyIX(p(U#B)kAD;mIXHfsaBM7gK2qqg;U#YoR=K47`x<B(}U*6
z+n-W&wFJ#CqBwv;Z?@R!IS*l6mD;`!g<ZlgK`OB5+B`6X;YKypCw~=50-c6V0q^#3
zX6`yz<$L8c#%cL*eam+sLkMO!c1M}(41dHDC-})8#jPn+4!pEvuUDZSxD&CnO_Zp_
zZ=w?Um?O#;RlO-h1J7T|CU{Hcm79ybY{lwDTkq?H4->JcawEpN1HLs6J!yMXF#~0V
zNO$(Z&T)%ZbT3mZUrBfvqx5CbpD@QceU*%?LoB}<%K}t#C!~^2(Vmn500047w?qT>
z0i^>cqLE9gQ&|8B$d{K%Aka+wu%P~)(8G#P8iPfcEKvga+8sEq?pTm7S7b-XWoePW
ziexK^bdybyX}!xFJ@s~FY2{D|{#we)k!<kz2qM5bor`!~F3Sl!*}jUF-bjG#5CO@F
zIewwdx0Z!!57Du+kt?_5mRfBdNuzvZwrcLbXf{^zzRlzXo$qEO0t#PP)|nVA5y*Ye
z^e~(`7O=bO=E`&iQBzNHMnl{mLnWg31>vdd*}*$Cw}?)p+IBZCmYzq<J7>bD6UF2|
z*@jjtbo^SP+xqcg)e8>?D-Xck)A7!rabj;sA;U`NCg@){_l`?PWe@-W01Dl%%8dWM
vjgp=|#t)5vFC2tR+hfOFW1~NhL|1z<(oetLJBvy<000000000000000g!%8C

literal 0
HcmV?d00001


From 23eefe2f41f7de4088a8a0be7b7c63cfcc5d701f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 5 Nov 2024 00:47:09 +0600
Subject: [PATCH 174/379] web/changelogs/10.3: update image alt text

---
 web/changelogs/10.3.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/changelogs/10.3.md b/web/changelogs/10.3.md
index 0d2955aa..28b443ba 100644
--- a/web/changelogs/10.3.md
+++ b/web/changelogs/10.3.md
@@ -3,7 +3,7 @@ title: "fastest cobalt yet, new youtube features, translation platform, and a lo
 date: "4 Nov, 2024"
 banner:
     file: "meowbalt_very_fast.webp"
-    alt: "meowth plush getting squished with a hammer."
+    alt: "meowbalt absolutely zooming through space and time (only meowbalt and his speed trail are pictured)."
 ---
 
 ## oh-so-fast

From 57501e834ee613b76cc72b5c8fc78475f07619ff Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 5 Nov 2024 00:56:00 +0600
Subject: [PATCH 175/379] web/changelogs/10.3: limit the comparison commit
 range

---
 web/changelogs/10.3.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/changelogs/10.3.md b/web/changelogs/10.3.md
index 28b443ba..200165d2 100644
--- a/web/changelogs/10.3.md
+++ b/web/changelogs/10.3.md
@@ -94,7 +94,7 @@ we were very excited to release the first part of changes, so we bumped the vers
 *we also silently released changes in prod before the announcement, teehee :3c*
 
 ## all changes are on github
-as always, you can check [all commits since the 10.1 release on github](https://github.com/imputnet/cobalt/compare/f461b02f...main) for even more details.
+as always, you can check [all commits since the 10.1 release on github](https://github.com/imputnet/cobalt/compare/f461b02...23eefe2) for even more details.
 
 we hope you enjoy this update as much as you enjoy fresh air, because it really feels like one!
 

From 44fe585a8920fd926b2edf6e160eac6c81a91ee0 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 5 Nov 2024 12:46:18 +0600
Subject: [PATCH 176/379] web/layout: fix paragraph title alignment in about
 tab

oops
---
 web/src/routes/+layout.svelte | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index a9d68837..03bebef3 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -484,9 +484,9 @@
         padding-left: 3px;
     }
 
-    :global(.long-text-noto h1),
-    :global(.long-text-noto h2),
-    :global(.long-text-noto h3) {
+    :global(.long-text-noto:not(.about) h1),
+    :global(.long-text-noto:not(.about) h2),
+    :global(.long-text-noto:not(.about) h3) {
         user-select: text;
         -webkit-user-select: text;
         letter-spacing: 0;
@@ -495,11 +495,18 @@
 
     :global(.long-text-noto h3) {
         font-size: 17px;
-        margin-block-end: -0.5rem;
     }
 
     :global(.long-text-noto h2) {
         font-size: 19px;
+    }
+
+    :global(.long-text-noto:not(.about) h3) {
+        margin-block-end: -0.5rem;
+    }
+
+    :global(.long-text-noto:not(.about) h2) {
+        font-size: 19px;
         line-height: 1.3;
         margin-block-end: -0.3rem;
     }

From c27466e24708a45fefbff8fea783662b74cfc73d Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 5 Nov 2024 18:14:24 +0000
Subject: [PATCH 177/379] CONTRIBUTING: mention lowercase text in translations

---
 CONTRIBUTING.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 2d71877c..9c3ae0cf 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -9,6 +9,7 @@ we are currently accepting translations via the [i18n platform](https://i18n.imp
 thank you for showing interest in making cobalt more accessible around the world, we really appreciate it! here are some guidelines for how a cobalt translation should look:
 
 - cobalt's writing style is informal. please do not use formal language, unless there is no other way to express the same idea of the original text in your language.
+- all cobalt text is written in lowercase. this is a stylistic choice, please do not capitalize translated sentences.
 - do not translate the name "cobalt", or "imput"
 - you can translate "meowbalt" into whatever your language's equivalent of _meow_ is (e.g. _miaubalt_ in German)
 - **please don't translate cobalt into languages which you are not experienced in.** we can use google translate ourselves, but we would prefer cobalt to be translated by humans, not computers.

From ab653e4533f1da126384155595350b6d7a2c1a37 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 5 Nov 2024 18:27:42 +0000
Subject: [PATCH 178/379] CONTRIBUTING: mention comment feature

---
 CONTRIBUTING.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 9c3ae0cf..379dae5a 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -20,6 +20,8 @@ before translating a piece of text, check that no one has made a translation yet
 
 if no one has submitted a translation, or the submitted translation seems wrong to you, you can submit your translation by clicking the **Suggest** button for each individual string, which sends it off for human review. we will then check it to to ensure no malicious translations are submitted, and add it to cobalt.
 
+if any translation string's meaning seems unclear to you, please leave a comment on the *Comments* tab, and we will either add an explanation or a screenshot.
+
 ## adding features or support for services
 before putting in the effort to implement a feature, it's worth considering whether it would be appropriate to add it to cobalt. the cobalt api is built to assist people **only with downloading freely accessible content**. other functionality, such as:
 - downloading paid / not publicly accessible content

From c021293780902fe0fd379a2122d8c6310ba52169 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 6 Nov 2024 17:16:08 +0600
Subject: [PATCH 179/379] web/changelogs/10.3: fix typo in "language"

---
 web/changelogs/10.3.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/changelogs/10.3.md b/web/changelogs/10.3.md
index 200165d2..72eaf0e9 100644
--- a/web/changelogs/10.3.md
+++ b/web/changelogs/10.3.md
@@ -33,7 +33,7 @@ but the point still stands: cobalt no longer slows down and runs as fast as it c
 - if a [youtube codec](/settings/video#youtube-codec) isn't available, cobalt will now fall back to the next best one.
 
 ## meet weblate, a place where you can translate cobalt
-we're finally ready to invite you to translate cobalt to any langauge you like! your translation contributions are linked to your github account, so you'll show up in cobalt's contributors list.
+we're finally ready to invite you to translate cobalt to any language you like! your translation contributions are linked to your github account, so you'll show up in cobalt's contributors list.
 
 you can start translating cobalt at [i18n.imput.net](https://i18n.imput.net/) right now!
 

From 5a418bd9c6042d439e4ea8041429bde2d9b550ed Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 6 Nov 2024 17:41:01 +0600
Subject: [PATCH 180/379] web/changelogs/10.3: update commit range

---
 web/changelogs/10.3.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/changelogs/10.3.md b/web/changelogs/10.3.md
index 72eaf0e9..9adfc6e3 100644
--- a/web/changelogs/10.3.md
+++ b/web/changelogs/10.3.md
@@ -94,7 +94,7 @@ we were very excited to release the first part of changes, so we bumped the vers
 *we also silently released changes in prod before the announcement, teehee :3c*
 
 ## all changes are on github
-as always, you can check [all commits since the 10.1 release on github](https://github.com/imputnet/cobalt/compare/f461b02...23eefe2) for even more details.
+as always, you can check [all commits since the 10.1 release on github](https://github.com/imputnet/cobalt/compare/f461b02...c021293) for even more details.
 
 we hope you enjoy this update as much as you enjoy fresh air, because it really feels like one!
 

From f50bd6339b9dcb25ec1f8f327e284c501801c4ac Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 7 Nov 2024 20:53:25 +0600
Subject: [PATCH 181/379] api/service-config: add support for loom embed links

---
 api/src/processing/service-config.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/service-config.js b/api/src/processing/service-config.js
index fc437095..491c4366 100644
--- a/api/src/processing/service-config.js
+++ b/api/src/processing/service-config.js
@@ -46,7 +46,7 @@ export const services = {
         altDomains: ["ddinstagram.com"],
     },
     loom: {
-        patterns: ["share/:id"],
+        patterns: ["share/:id", "embed/:id"],
     },
     ok: {
         patterns: [

From e3f6784e83652cc507aec4fcbb2245994eb1d504 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 9 Nov 2024 17:00:00 +0000
Subject: [PATCH 182/379] web/about/privacy: replace html link with markdown
 link

---
 web/i18n/en/about/privacy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/about/privacy.md b/web/i18n/en/about/privacy.md
index b19ca762..7291aff4 100644
--- a/web/i18n/en/about/privacy.md
+++ b/web/i18n/en/about/privacy.md
@@ -58,7 +58,7 @@ plausible doesn't use cookies and is fully compliant with GDPR, CCPA, and PECR.
 
 [learn more about plausible's dedication to privacy.](https://plausible.io/privacy-focused-web-analytics)
 
-if you wish to opt out of anonymous analytics, you can do it in <a href="/settings/privacy#analytics">privacy settings</a>.
+if you wish to opt out of anonymous analytics, you can do it in [privacy settings](/settings/privacy#analytics).
 </section>
 {/if}
 

From 8fc9ca29165fa17484acfd165ad2e5ac5129304d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 11 Nov 2024 12:23:53 +0600
Subject: [PATCH 183/379] api/bluesky: add a dispatcher & update unknown error
 message

---
 api/src/processing/match.js            |  3 ++-
 api/src/processing/services/bluesky.js | 13 +++++++------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/api/src/processing/match.js b/api/src/processing/match.js
index 8500c3b5..96036e5e 100644
--- a/api/src/processing/match.js
+++ b/api/src/processing/match.js
@@ -240,7 +240,8 @@ export default async function({ host, patternMatch, params }) {
             case "bsky":
                 r = await bluesky({
                     ...patternMatch,
-                    alwaysProxy: params.alwaysProxy
+                    alwaysProxy: params.alwaysProxy,
+                    dispatcher
                 });
                 break;
 
diff --git a/api/src/processing/services/bluesky.js b/api/src/processing/services/bluesky.js
index 98b92c64..75ee8e6a 100644
--- a/api/src/processing/services/bluesky.js
+++ b/api/src/processing/services/bluesky.js
@@ -2,12 +2,12 @@ import HLS from "hls-parser";
 import { cobaltUserAgent } from "../../config.js";
 import { createStream } from "../../stream/manage.js";
 
-const extractVideo = async ({ media, filename }) => {
+const extractVideo = async ({ media, filename, dispatcher }) => {
     const urlMasterHLS = media?.playlist;
     if (!urlMasterHLS) return { error: "fetch.empty" };
     if (!urlMasterHLS.startsWith("https://video.bsky.app/")) return { error: "fetch.empty" };
 
-    const masterHLS = await fetch(urlMasterHLS)
+    const masterHLS = await fetch(urlMasterHLS, { dispatcher })
         .then(r => {
             if (r.status !== 200) return;
             return r.text();
@@ -64,7 +64,7 @@ const extractImages = ({ getPost, filename, alwaysProxy }) => {
     return { picker };
 }
 
-export default async function ({ user, post, alwaysProxy }) {
+export default async function ({ user, post, alwaysProxy, dispatcher }) {
     const apiEndpoint = new URL("https://public.api.bsky.app/xrpc/app.bsky.feed.getPostThread?depth=0&parentHeight=0");
     apiEndpoint.searchParams.set(
         "uri",
@@ -73,8 +73,9 @@ export default async function ({ user, post, alwaysProxy }) {
 
     const getPost = await fetch(apiEndpoint, {
         headers: {
-            "user-agent": cobaltUserAgent
-        }
+            "user-agent": cobaltUserAgent,
+        },
+        dispatcher
     }).then(r => r.json()).catch(() => {});
 
     if (!getPost) return { error: "fetch.empty" };
@@ -87,7 +88,7 @@ export default async function ({ user, post, alwaysProxy }) {
             case "InvalidRequest":
                 return { error: "link.unsupported" };
             default:
-                return { error: "fetch.empty" };
+                return { error: "content.post.unavailable" };
         }
     }
 

From b6e827c6f9d27553925bed46d772dcac8f524435 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 14:49:51 +0600
Subject: [PATCH 184/379] api/youtube: improve video quality normalization once
 again

---
 api/src/processing/services/youtube.js | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 005c3ed5..fc6a2525 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -42,6 +42,8 @@ const hlsCodecList = {
     }
 }
 
+const videoQualities = [144, 240, 360, 480, 720, 1080, 1440, 2160, 4320];
+
 const transformSessionData = (cookie) => {
     if (!cookie)
         return;
@@ -200,9 +202,9 @@ export default async function(o) {
 
     const quality = o.quality === "max" ? 9000 : Number(o.quality);
 
-    const matchQuality = res => {
-        const qual = res.height > res.width ? res.width : res.height;
-        return Math.ceil(qual / 24) * 24;
+    const normalizeQuality = res => {
+        const shortestSide = res.height > res.width ? res.width : res.height;
+        return videoQualities.find(quality => quality >= shortestSide);
     }
 
     let video, audio, dubbedLanguage,
@@ -249,7 +251,7 @@ export default async function(o) {
         const best = variants.find(i => matchHlsCodec(i.codecs));
 
         const preferred = variants.find(i =>
-            matchHlsCodec(i.codecs) && matchQuality(i.resolution) === quality
+            matchHlsCodec(i.codecs) && normalizeQuality(i.resolution) === quality
         );
 
         let selected = preferred || best;
@@ -340,7 +342,7 @@ export default async function(o) {
 
         if (!o.isAudioOnly) {
             const qual = (i) => {
-                return matchQuality({
+                return normalizeQuality({
                     width: i.width,
                     height: i.height,
                 })
@@ -406,14 +408,14 @@ export default async function(o) {
         let resolution;
 
         if (o.youtubeHLS) {
-            resolution = matchQuality(video.resolution);
+            resolution = normalizeQuality(video.resolution);
             filenameAttributes.resolution = `${video.resolution.width}x${video.resolution.height}`;
             filenameAttributes.extension = hlsCodecList[format].container;
 
             video = video.uri;
             audio = audio.uri;
         } else {
-            resolution = matchQuality({
+            resolution = normalizeQuality({
                 width: video.width,
                 height: video.height,
             });

From 8b972c7a85daaed9d3ef3ebfd336a041c7dcaf8f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 14:50:13 +0600
Subject: [PATCH 185/379] api/youtube: disable hls if user prefers av1

---
 api/src/processing/services/youtube.js | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index fc6a2525..2c21c4a4 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -132,9 +132,16 @@ export default async function(o) {
         } else throw e;
     }
 
+    let useHLS = o.youtubeHLS;
+
+    // HLS playlists don't contain the av1 video format, at least with the iOS client
+    if (useHLS && o.format === "av1") {
+        useHLS = false;
+    }
+
     let info;
     try {
-        info = await yt.getBasicInfo(o.id, o.youtubeHLS ? 'IOS' : 'ANDROID');
+        info = await yt.getBasicInfo(o.id, useHLS ? 'IOS' : 'ANDROID');
     } catch(e) {
         if (e?.info?.reason === "This video is private") {
             return { error: "content.video.private" };
@@ -210,7 +217,7 @@ export default async function(o) {
     let video, audio, dubbedLanguage,
         format = o.format || "h264";
 
-    if (o.youtubeHLS) {
+    if (useHLS) {
         const hlsManifest = info.streaming_data.hls_manifest_url;
 
         if (!hlsManifest) {
@@ -239,11 +246,6 @@ export default async function(o) {
             return { error: "youtube.no_hls_streams" };
         }
 
-        // HLS playlists don't contain AV1 format, at least with the iOS client
-        if (format === "av1") {
-            format = "vp9";
-        }
-
         const matchHlsCodec = codecs => (
             codecs.includes(hlsCodecList[format].videoCodec)
         );
@@ -388,7 +390,7 @@ export default async function(o) {
         let bestAudio = format === "h264" ? "m4a" : "opus";
         let urls = audio.url;
 
-        if (o.youtubeHLS) {
+        if (useHLS) {
             bestAudio = "mp3";
             urls = audio.uri;
         }
@@ -400,14 +402,14 @@ export default async function(o) {
             filenameAttributes,
             fileMetadata,
             bestAudio,
-            isHLS: o.youtubeHLS,
+            isHLS: useHLS,
         }
     }
 
     if (video && audio) {
         let resolution;
 
-        if (o.youtubeHLS) {
+        if (useHLS) {
             resolution = normalizeQuality(video.resolution);
             filenameAttributes.resolution = `${video.resolution.width}x${video.resolution.height}`;
             filenameAttributes.extension = hlsCodecList[format].container;
@@ -437,7 +439,7 @@ export default async function(o) {
             ],
             filenameAttributes,
             fileMetadata,
-            isHLS: o.youtubeHLS,
+            isHLS: useHLS,
         }
     }
 

From 5f1c19d0f13b8d9ceb16b637b002aae99bc54456 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 15:00:09 +0600
Subject: [PATCH 186/379] api/youtube: add no matching format error

this error is returned when cobalt got a response from innertube, but couldn't find a matching combo of video and audio streams. sometimes youtube returns only video or only audio per format combo for whatever reason.
---
 api/src/processing/services/youtube.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 2c21c4a4..bd741fca 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -264,7 +264,7 @@ export default async function(o) {
         }
 
         if (!selected) {
-            return { error: "youtube.no_hls_streams" };
+            return { error: "youtube.no_matching_format" };
         }
 
         audio = selected.audio.find(i => i.isDefault);
@@ -320,7 +320,7 @@ export default async function(o) {
         const bestAudio = !fallback ? earlyBestAudio : adaptive_formats.find(i => checkBestAudio(i));
 
         if (checkNoMedia(bestVideo, bestAudio)) {
-            return { error: "youtube.codec" };
+            return { error: "youtube.no_matching_format" };
         }
 
         audio = bestAudio;
@@ -443,5 +443,5 @@ export default async function(o) {
         }
     }
 
-    return { error: "fetch.fail" };
+    return { error: "youtube.no_matching_format" };
 }

From e9d06b77a86eacdde21c98af50a9d374366cabe2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 15:02:10 +0600
Subject: [PATCH 187/379] web/i18n/error/youtube: add no format error & improve
 hls error

---
 web/i18n/en/error.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index 5ac0ecf6..8ae5cf8c 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -47,9 +47,9 @@
     "api.content.post.private": "this post is from a private account, so i can't access it. have you pasted the right link?",
     "api.content.post.age": "this post is age-restricted, so i can't access it anonymously. have you pasted the right link?",
 
-    "api.youtube.codec": "youtube didn't return anything with your preferred video codec. try another one in settings!",
+    "api.youtube.no_matching_format": "youtube didn't return a valid video + audio format combo. either video or audio is missing. formats for this video may be re-encoding on youtube's side, or something went wrong when parsing them.",
     "api.youtube.decipher": "youtube updated its decipher algorithm and i couldn't extract the info about the video.\n\ntry again in a few seconds, but if issue sticks, contact us for support.",
     "api.youtube.login": "couldn't get this video because youtube labeled me as a bot. this is potentially caused by the processing instance not having any active account tokens. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
     "api.youtube.token_expired": "couldn't get this video because the youtube token expired and i couldn't refresh it. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
-    "api.youtube.no_hls_streams": "couldn't find any matching HLS streams. try different settings!"
+    "api.youtube.no_hls_streams": "couldn't find any matching HLS streams for this video. try downloading it without HLS!"
 }

From c05f40b2799c0ed0dc798b91e3f0326e8169c6b8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 15:05:20 +0600
Subject: [PATCH 188/379] web/i18n/error: fix punctuation in no matching format
 error

---
 web/i18n/en/error.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index 8ae5cf8c..638caa4a 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -47,7 +47,7 @@
     "api.content.post.private": "this post is from a private account, so i can't access it. have you pasted the right link?",
     "api.content.post.age": "this post is age-restricted, so i can't access it anonymously. have you pasted the right link?",
 
-    "api.youtube.no_matching_format": "youtube didn't return a valid video + audio format combo. either video or audio is missing. formats for this video may be re-encoding on youtube's side, or something went wrong when parsing them.",
+    "api.youtube.no_matching_format": "youtube didn't return a valid video + audio format combo. either video or audio is missing. formats for this video may be re-encoding on youtube's side or something went wrong when parsing them.",
     "api.youtube.decipher": "youtube updated its decipher algorithm and i couldn't extract the info about the video.\n\ntry again in a few seconds, but if issue sticks, contact us for support.",
     "api.youtube.login": "couldn't get this video because youtube labeled me as a bot. this is potentially caused by the processing instance not having any active account tokens. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
     "api.youtube.token_expired": "couldn't get this video because the youtube token expired and i couldn't refresh it. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",

From c88e21d4a846e72aa5220725c2984e88d43d2cd9 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 18:41:57 +0600
Subject: [PATCH 189/379] api/youtube/adaptive: refactor, avoid extra loops,
 fallback all codecs

---
 api/src/processing/services/youtube.js | 122 ++++++++++++++++---------
 1 file changed, 77 insertions(+), 45 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index bd741fca..ea011253 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -215,7 +215,7 @@ export default async function(o) {
     }
 
     let video, audio, dubbedLanguage,
-        format = o.format || "h264";
+        codec = o.format || "h264";
 
     if (useHLS) {
         const hlsManifest = info.streaming_data.hls_manifest_url;
@@ -247,7 +247,7 @@ export default async function(o) {
         }
 
         const matchHlsCodec = codecs => (
-            codecs.includes(hlsCodecList[format].videoCodec)
+            codecs.includes(hlsCodecList[codec].videoCodec)
         );
 
         const best = variants.find(i => matchHlsCodec(i.codecs));
@@ -259,7 +259,7 @@ export default async function(o) {
         let selected = preferred || best;
 
         if (!selected) {
-            format = "h264";
+            codec = "h264";
             selected = variants.find(i => matchHlsCodec(i.codecs));
         }
 
@@ -290,51 +290,83 @@ export default async function(o) {
         selected.subtitles = [];
         video = selected;
     } else {
-        let fallback = false;
-
-        const filterByCodec = (formats) =>
-            formats.filter(e =>
-                e.mime_type.includes(codecList[format].videoCodec)
-                || e.mime_type.includes(codecList[format].audioCodec)
-            ).sort((a, b) =>
-                Number(b.bitrate) - Number(a.bitrate)
-            );
-
-        let adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
-
-        const checkBestVideo = (i) => (i.has_video && i.content_length);
-        const checkBestAudio = (i) => (i.has_audio && i.content_length);
-        const checkNoMedia = (vid, aud) => (!vid && !o.isAudioOnly) || (!aud && o.isAudioOnly);
-
-        const earlyBestVideo = adaptive_formats.find(i => checkBestVideo(i));
-        const earlyBestAudio = adaptive_formats.find(i => checkBestAudio(i));
-
-        // check if formats have all needed media and fall back to h264 if not
-        if (["vp9", "av1"].includes(format) && checkNoMedia(earlyBestVideo, earlyBestAudio)) {
-            fallback = true;
-            format = "h264";
-            adaptive_formats = filterByCodec(info.streaming_data.adaptive_formats);
+        // i miss typescript so bad
+        const sorted_formats = {
+            h264: {
+                video: [],
+                audio: [],
+                bestVideo: undefined,
+                bestAudio: undefined,
+            },
+            vp9: {
+                video: [],
+                audio: [],
+                bestVideo: undefined,
+                bestAudio: undefined,
+            },
+            av1: {
+                video: [],
+                audio: [],
+                bestVideo: undefined,
+                bestAudio: undefined,
+            },
         }
 
-        const bestVideo = !fallback ? earlyBestVideo : adaptive_formats.find(i => checkBestVideo(i));
-        const bestAudio = !fallback ? earlyBestAudio : adaptive_formats.find(i => checkBestAudio(i));
+        const checkFormat = (format, pCodec) => format.content_length &&
+                (format.mime_type.includes(codecList[pCodec].videoCodec)
+                || format.mime_type.includes(codecList[pCodec].audioCodec));
 
-        if (checkNoMedia(bestVideo, bestAudio)) {
+        // sort formats & weed out bad ones
+        info.streaming_data.adaptive_formats.sort((a, b) =>
+            Number(b.bitrate) - Number(a.bitrate)
+        ).forEach(format => {
+            Object.keys(codecList).forEach(yCodec => {
+                const sorted = sorted_formats[yCodec];
+                const goodFormat = checkFormat(format, yCodec);
+                if (!goodFormat) return;
+
+                if (format.has_video) {
+                    sorted.video.push(format);
+                    if (!sorted.bestVideo) sorted.bestVideo = format;
+                }
+                if (format.has_audio) {
+                    sorted.audio.push(format);
+                    if (!sorted.bestAudio) sorted.bestAudio = format;
+                }
+            })
+        });
+
+        const noBestMedia = () => {
+            const vid = sorted_formats[codec]?.bestVideo;
+            const aud = sorted_formats[codec]?.bestAudio;
+            return (!vid && !o.isAudioOnly) || (!aud && o.isAudioOnly)
+        };
+
+        if (noBestMedia()) {
+            if (codec === "av1") codec = "vp9";
+            if (codec === "vp9") codec = "av1";
+
+            // if there's no higher quality fallback, then use h264
+            if (noBestMedia()) codec = "h264";
+        }
+
+        // if there's no proper combo of av1, vp9, or h264, then give up
+        if (noBestMedia()) {
             return { error: "youtube.no_matching_format" };
         }
 
-        audio = bestAudio;
+        audio = sorted_formats[codec].bestAudio;
 
         if (audio?.audio_track && !audio?.audio_track?.audio_is_default) {
-            audio = adaptive_formats.find(i =>
-                checkBestAudio(i) && i?.audio_track?.audio_is_default
+            audio = sorted_formats[codec].audio.find(i =>
+                i?.audio_track?.audio_is_default
             );
         }
 
         if (o.dubLang) {
-            const dubbedAudio = adaptive_formats.find(i =>
-                checkBestAudio(i) && i.language?.startsWith(o.dubLang) && i.audio_track
-            )
+            const dubbedAudio = sorted_formats[codec].audio.find(i =>
+                i.language?.startsWith(o.dubLang) && i.audio_track
+            );
 
             if (dubbedAudio && !dubbedAudio?.audio_track?.audio_is_default) {
                 audio = dubbedAudio;
@@ -350,14 +382,14 @@ export default async function(o) {
                 })
             }
 
-            const bestQuality = qual(bestVideo);
+            const bestQuality = qual(sorted_formats[codec].bestVideo);
             const useBestQuality = quality >= bestQuality;
 
-            video = useBestQuality ? bestVideo : adaptive_formats.find(i =>
-                qual(i) === quality && checkBestVideo(i)
-            );
+            video = useBestQuality
+                ? sorted_formats[codec].bestVideo
+                : sorted_formats[codec].video.find(i => qual(i) === quality);
 
-            if (!video) video = bestVideo;
+            if (!video) video = sorted_formats[codec].bestVideo;
         }
     }
 
@@ -387,7 +419,7 @@ export default async function(o) {
     }
 
     if (audio && o.isAudioOnly) {
-        let bestAudio = format === "h264" ? "m4a" : "opus";
+        let bestAudio = codec === "h264" ? "m4a" : "opus";
         let urls = audio.url;
 
         if (useHLS) {
@@ -412,7 +444,7 @@ export default async function(o) {
         if (useHLS) {
             resolution = normalizeQuality(video.resolution);
             filenameAttributes.resolution = `${video.resolution.width}x${video.resolution.height}`;
-            filenameAttributes.extension = hlsCodecList[format].container;
+            filenameAttributes.extension = hlsCodecList[codec].container;
 
             video = video.uri;
             audio = audio.uri;
@@ -422,14 +454,14 @@ export default async function(o) {
                 height: video.height,
             });
             filenameAttributes.resolution = `${video.width}x${video.height}`;
-            filenameAttributes.extension = codecList[format].container;
+            filenameAttributes.extension = codecList[codec].container;
 
             video = video.url;
             audio = audio.url;
         }
 
         filenameAttributes.qualityLabel = `${resolution}p`;
-        filenameAttributes.youtubeFormat = format;
+        filenameAttributes.youtubeFormat = codec;
 
         return {
             type: "merge",

From dec977e34df1e8e8241200e9b09a243de45a7a85 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 18:45:18 +0600
Subject: [PATCH 190/379] api/youtube: fix variable shadowing in
 `normalizeQuality`

---
 api/src/processing/services/youtube.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index ea011253..e1b11a62 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -211,7 +211,7 @@ export default async function(o) {
 
     const normalizeQuality = res => {
         const shortestSide = res.height > res.width ? res.width : res.height;
-        return videoQualities.find(quality => quality >= shortestSide);
+        return videoQualities.find(qual => qual >= shortestSide);
     }
 
     let video, audio, dubbedLanguage,

From 225a721805aee1ceb84910f64d21dad7e38aad16 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 18:48:36 +0600
Subject: [PATCH 191/379] api/tests: allow vk tests to fail

---
 api/src/util/tests.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/api/src/util/tests.json b/api/src/util/tests.json
index 3914deec..72f00ad4 100644
--- a/api/src/util/tests.json
+++ b/api/src/util/tests.json
@@ -538,6 +538,7 @@
     "vk": [
         {
             "name": "clip, defaults",
+            "canFail": true,
             "url": "https://vk.com/clip-57274055_456239788",
             "params": {},
             "expected": {
@@ -547,6 +548,7 @@
         },
         {
             "name": "clip, 360",
+            "canFail": true,
             "url": "https://vk.com/clip-57274055_456239788",
             "params": {
                 "videoQuality": "360"
@@ -558,6 +560,7 @@
         },
         {
             "name": "clip different link, max",
+            "canFail": true,
             "url": "https://vk.com/clips-57274055?z=clip-57274055_456239788",
             "params": {
                 "videoQuality": "max"
@@ -569,6 +572,7 @@
         },
         {
             "name": "video, defaults",
+            "canFail": true,
             "url": "https://vk.com/video-57274055_456239399",
             "params": {},
             "expected": {
@@ -578,6 +582,7 @@
         },
         {
             "name": "4k video",
+            "canFail": true,
             "url": "https://vk.com/video-1112285_456248465",
             "params": {
                 "videoQuality": "max"
@@ -589,6 +594,7 @@
         },
         {
             "name": "ancient video (fallback to 240p)",
+            "canFail": true,
             "url": "https://vk.com/video-1959_28496479",
             "params": {},
             "expected": {

From 3fe2bd3b7c04a372747e97ba441c8e76cf008f99 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 22:23:45 +0600
Subject: [PATCH 192/379] api/youtube: add missing else to adaptive codec
 fallback

---
 api/src/processing/services/youtube.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index e1b11a62..ae96ea0d 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -344,7 +344,7 @@ export default async function(o) {
 
         if (noBestMedia()) {
             if (codec === "av1") codec = "vp9";
-            if (codec === "vp9") codec = "av1";
+            else if (codec === "vp9") codec = "av1";
 
             // if there's no higher quality fallback, then use h264
             if (noBestMedia()) codec = "h264";

From 0e09bf98955c1e1eaadd22938d0d118ffea8f7a7 Mon Sep 17 00:00:00 2001
From: KwiatekMiki <hi@kwiatekmiki.pl>
Date: Wed, 13 Nov 2024 17:35:45 +0100
Subject: [PATCH 193/379] api/service-config: recognize facebook's mobile
 subdomain (#891)

---
 api/src/processing/service-config.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/service-config.js b/api/src/processing/service-config.js
index 491c4366..9566fdf8 100644
--- a/api/src/processing/service-config.js
+++ b/api/src/processing/service-config.js
@@ -30,7 +30,7 @@ export const services = {
             "reel/:id",
             "share/:shareType/:id"
         ],
-        subdomains: ["web"],
+        subdomains: ["web", "m"],
         altDomains: ["fb.watch"],
     },
     instagram: {

From 3203f5bb2feedae639c4766b78488ecc6a402bc2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 13 Nov 2024 23:24:50 +0600
Subject: [PATCH 194/379] web/SupportedServices: better popover animation

---
 web/src/components/save/SupportedServices.svelte | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/web/src/components/save/SupportedServices.svelte b/web/src/components/save/SupportedServices.svelte
index bb1251af..099fefa6 100644
--- a/web/src/components/save/SupportedServices.svelte
+++ b/web/src/components/save/SupportedServices.svelte
@@ -73,24 +73,29 @@
     #services-popover {
         display: flex;
         flex-direction: column;
-        transition: transform 0.2s cubic-bezier(0.53, 0.05, 0.23, 0.99);
         border-radius: 18px;
         background: var(--button);
         box-shadow:
             var(--button-box-shadow),
             0 0 10px 10px var(--button-stroke);
 
-        transform: scale(0);
-        transform-origin: top center;
         position: relative;
-
         padding: 12px;
         gap: 6px;
         top: 6px;
+
+        opacity: 0;
+        transform: scale(0);
+        transform-origin: top center;
+
+        transition:
+            transform 0.2s cubic-bezier(0.53, 0.05, 0.23, 0.99),
+            opacity 0.2s cubic-bezier(0.53, 0.05, 0.23, 0.99);
     }
 
     #services-popover.expanded {
         transform: scale(1);
+        opacity: 1;
     }
 
     #services-button {

From aaf7077364e8c3f62c948b3c62a4faa69a14dc6c Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 13 Nov 2024 16:08:43 +0000
Subject: [PATCH 195/379] api/test: split up tests into individual files

---
 api/src/util/test-ci.js             |   20 +-
 api/src/util/tests.json             | 1550 ---------------------------
 api/src/util/tests/bilibili.json    |   60 ++
 api/src/util/tests/bsky.json        |   78 ++
 api/src/util/tests/dailymotion.json |   29 +
 api/src/util/tests/facebook.json    |   67 ++
 api/src/util/tests/instagram.json   |  123 +++
 api/src/util/tests/loom.json        |   33 +
 api/src/util/tests/ok.json          |   11 +
 api/src/util/tests/pinterest.json   |   87 ++
 api/src/util/tests/reddit.json      |   60 ++
 api/src/util/tests/rutube.json      |   90 ++
 api/src/util/tests/snapchat.json    |   29 +
 api/src/util/tests/soundcloud.json  |   87 ++
 api/src/util/tests/streamable.json  |   51 +
 api/src/util/tests/tiktok.json      |   38 +
 api/src/util/tests/tumblr.json      |   49 +
 api/src/util/tests/twitch.json      |   33 +
 api/src/util/tests/twitter.json     |  213 ++++
 api/src/util/tests/vimeo.json       |   64 ++
 api/src/util/tests/vine.json        |   33 +
 api/src/util/tests/vk.json          |   77 ++
 api/src/util/tests/youtube.json     |  240 +++++
 23 files changed, 1566 insertions(+), 1556 deletions(-)
 delete mode 100644 api/src/util/tests.json
 create mode 100644 api/src/util/tests/bilibili.json
 create mode 100644 api/src/util/tests/bsky.json
 create mode 100644 api/src/util/tests/dailymotion.json
 create mode 100644 api/src/util/tests/facebook.json
 create mode 100644 api/src/util/tests/instagram.json
 create mode 100644 api/src/util/tests/loom.json
 create mode 100644 api/src/util/tests/ok.json
 create mode 100644 api/src/util/tests/pinterest.json
 create mode 100644 api/src/util/tests/reddit.json
 create mode 100644 api/src/util/tests/rutube.json
 create mode 100644 api/src/util/tests/snapchat.json
 create mode 100644 api/src/util/tests/soundcloud.json
 create mode 100644 api/src/util/tests/streamable.json
 create mode 100644 api/src/util/tests/tiktok.json
 create mode 100644 api/src/util/tests/tumblr.json
 create mode 100644 api/src/util/tests/twitch.json
 create mode 100644 api/src/util/tests/twitter.json
 create mode 100644 api/src/util/tests/vimeo.json
 create mode 100644 api/src/util/tests/vine.json
 create mode 100644 api/src/util/tests/vk.json
 create mode 100644 api/src/util/tests/youtube.json

diff --git a/api/src/util/test-ci.js b/api/src/util/test-ci.js
index 3a0352cb..5a1d6300 100644
--- a/api/src/util/test-ci.js
+++ b/api/src/util/test-ci.js
@@ -1,3 +1,5 @@
+import path from "node:path";
+
 import { env } from "../config.js";
 import { runTest } from "../misc/run-test.js";
 import { loadJSON } from "../misc/load-from-fs.js";
@@ -6,7 +8,8 @@ import { randomizeCiphers } from "../misc/randomize-ciphers.js";
 
 import { services } from "../processing/service-config.js";
 
-const tests = loadJSON('./src/util/tests.json');
+const getTestPath = service => path.join('./src/util/tests/', `./${service}.json`);
+const getTests = (service) => loadJSON(getTestPath(service));
 
 // services that are known to frequently fail due to external
 // factors (e.g. rate limiting)
@@ -18,12 +21,14 @@ switch (action) {
         const fromConfig = Object.keys(services);
 
         const missingTests = fromConfig.filter(
-            service => !tests[service] || tests[service].length === 0
+            service => {
+                const tests = getTests(service);
+                return !tests || tests.length === 0
+            }
         );
 
         if (missingTests.length) {
             console.error('services have no tests:', missingTests);
-            console.log('[]');
             process.exitCode = 1;
             break;
         }
@@ -34,16 +39,19 @@ switch (action) {
     case "run-tests-for":
         const service = process.argv[3];
         let failed = false;
+        const tests = getTests(service);
 
-        if (!tests[service]) {
+        if (!tests) {
             console.error('no such service:', service);
+            process.exitCode = 1;
+            break;
         }
 
-        env.streamLifespan = 3;
+        env.streamLifespan = 10000;
         env.apiURL = 'http://x';
         randomizeCiphers();
 
-        for (const test of tests[service]) {
+        for (const test of tests) {
             const { name, url, params, expected } = test;
             const canFail = test.canFail || finnicky.has(service);
 
diff --git a/api/src/util/tests.json b/api/src/util/tests.json
deleted file mode 100644
index 72f00ad4..00000000
--- a/api/src/util/tests.json
+++ /dev/null
@@ -1,1550 +0,0 @@
-{
-    "twitter": [
-        {
-            "name": "regular video",
-            "url": "https://twitter.com/X/status/1697304622749086011",
-            "params": {
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "video with mobile web mediaviewer",
-            "url": "https://twitter.com/X/status/1697304622749086011/mediaViewer?currentTweet=1697304622749086011&currentTweetUser=X&currentTweet=1697304622749086011&currentTweetUser=X",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "embedded twitter video",
-            "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
-            "params": {
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "mixed media (image + gif)",
-            "url": "https://twitter.com/sky_mj26/status/1807756010712428565",
-            "params": {
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "picker"
-            }
-        },
-        {
-            "name": "picker: mixed media (3 videos)",
-            "url": "https://twitter.com/DankGameAlert/status/1584726006094794774",
-            "params": {
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "picker"
-            }
-        },
-        {
-            "name": "audio from embedded twitter video (mp3, isAudioOnly)",
-            "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
-            "params": {
-                "downloadMode": "audio",
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "audio from embedded twitter video (best, isAudioOnly)",
-            "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
-            "params": {
-                "downloadMode": "audio",
-                "audioFormat": "best"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "audio from embedded twitter video (ogg, isAudioOnly, isAudioMuted)",
-            "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
-            "params": {
-                "downloadMode": "audio",
-                "audioFormat": "best"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "muted embedded twitter video",
-            "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
-            "params": {
-                "downloadMode": "mute",
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "retweeted video",
-            "url": "https://twitter.com/uwukko/status/1696901469633421344",
-            "params": {},
-            "canFail": true,
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "age restricted video",
-            "url": "https://x.com/XSpaces/status/1526955853743546372",
-            "params": {},
-            "canFail": true,
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "twitter voice + x.com link",
-            "url": "https://x.com/eggsaladscreams/status/1693089534886506756?s=46",
-            "params": {},
-            "canFail": true,
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "vxtwitter link",
-            "url": "https://vxtwitter.com/dustbin_nie/status/1624596567188717568?s=20",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "post with 1 image",
-            "url": "https://x.com/PopCrave/status/1815960083475423235",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "post with 4 images",
-            "url": "https://x.com/PopCrave/status/1816260887147114696",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "picker"
-            }
-        },
-        {
-            "name": "retweeted video, isAudioOnly",
-            "url": "https://twitter.com/hugekiwinuts/status/1618671150829309953?s=46&t=gItGzgwGQQJJaJrO6qc1Pg",
-            "params": {
-                "downloadMode": "mute",
-                "audioFormat": "mp3"
-            },
-            "canFail": true,
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "inexistent post",
-            "url": "https://twitter.com/test/status/9487653",
-            "params": {
-                "audioFormat": "best"
-            },
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        },
-        {
-            "name": "post with no media content",
-            "url": "https://twitter.com/elonmusk/status/1604617643973124097?s=20",
-            "params": {
-                "audioFormat": "best"
-            },
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        },
-        {
-            "name": "bookmarked video",
-            "url": "https://twitter.com/i/bookmarks?post_id=1828099210220294314",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "bookmarked photo",
-            "url": "https://twitter.com/i/bookmarks?post_id=1837430141179289876",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        }
-    ],
-    "soundcloud": [
-        {
-            "name": "public song (best)",
-            "url": "https://soundcloud.com/l2share77/loona-butterfly?utm_source=clipboard&utm_medium=text&utm_campaign=social_sharing",
-            "params": {
-                "audioFormat": "best"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "public song (mp3, isAudioMuted)",
-            "url": "https://soundcloud.com/l2share77/loona-butterfly?utm_source=clipboard&utm_medium=text&utm_campaign=social_sharing",
-            "params": {
-                "downloadMode": "mute",
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "private song",
-            "url": "https://soundcloud.com/user-798052861/asdasdasdsdsd/s-9TqZ7edLJ90",
-            "params": {
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "private song (wav, isAudioMuted)",
-            "url": "https://soundcloud.com/user-798052861/asdasdasdsdsd/s-9TqZ7edLJ90",
-            "params": {
-                "downloadMode": "mute",
-                "audioFormat": "wav"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "private song (ogg, isAudioMuted, isAudioOnly)",
-            "url": "https://soundcloud.com/user-798052861/asdasdasdsdsd/s-9TqZ7edLJ90",
-            "params": {
-                "downloadMode": "audio",
-                "audioFormat": "ogg"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "on.soundcloud link",
-            "url": "https://on.soundcloud.com/wLZre",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "on.soundcloud link, different stream type",
-            "url": "https://on.soundcloud.com/AG4c",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "no opus audio, fallback to mp3",
-            "url": "https://soundcloud.com/frums/credits",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "youtube": [
-        {
-            "name": "4k video (h264, 1440)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "youtubeVideoCodec": "h264",
-                "videoQuality": "1440"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "4k video (vp9, 720)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "youtubeVideoCodec": "vp9",
-                "videoQuality": "720"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "4k video (av1, max)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "youtubeVideoCodec": "av1",
-                "videoQuality": "max"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "4k video (h264, 720)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "youtubeVideoCodec": "h264",
-                "videoQuality": "720"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "4k video (vp9, max, isAudioMuted)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "downloadMode": "mute",
-                "youtubeVideoCodec": "vp9",
-                "videoQuality": "max"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "4k video (h264, max, isAudioMuted)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "downloadMode": "mute",
-                "youtubeVideoCodec": "h264",
-                "videoQuality": "max"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "4k video (av1, max, isAudioMuted, isAudioOnly, mp3)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "downloadMode": "audio",
-                "audioFormat": "mp3",
-                "youtubeVideoCodec": "av1",
-                "videoQuality": "max"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "4k video (av1, max, isAudioMuted, isAudioOnly, best)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "downloadMode": "audio",
-                "audioFormat": "best",
-                "youtubeVideoCodec": "av1",
-                "videoQuality": "max"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "music (mp3, isAudioOnly, isAudioMuted)",
-            "url": "https://music.youtube.com/watch?v=5rGTsvZCEdk&feature=share",
-            "params": {
-                "downloadMode": "audio",
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "music (mp3)",
-            "url": "https://music.youtube.com/watch?v=5rGTsvZCEdk&feature=share",
-            "params": {
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "audio bitrate higher than video, no vp9 video in response (mp3, isAudioOnly)",
-            "url": "https://www.youtube.com/watch?v=t5nC_ucYBrc",
-            "params": {
-                "downloadMode": "audio",
-                "audioFormat": "mp3"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "short, defaults",
-            "url": "https://www.youtube.com/shorts/r5FpeOJItbw",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "vr 360, av1, max",
-            "url": "https://www.youtube.com/watch?v=hEdzv7D4CbQ",
-            "params": {
-                "youtubeVideoCodec": "vp9",
-                "videoQuality": "max"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "live link, defaults",
-            "url": "https://www.youtube.com/live/ENxZS6PUDuI?feature=shared",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "inexistent video",
-            "url": "https://youtube.com/watch?v=gnjuHYWGEW",
-            "params": {},
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        },
-        {
-            "name": "broken audioOnly download",
-            "url": "https://www.youtube.com/watch?v=ink80Al5nbw",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }, {
-            "name": "hls video (h264, 1440p)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "youtubeVideoCodec": "h264",
-                "videoQuality": "1440",
-                "youtubeHLS": true
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }, {
-            "name": "hls video (vp9, 360p)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "youtubeVideoCodec": "vp9",
-                "videoQuality": "360",
-                "youtubeHLS": true
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }, {
-            "name": "hls video (audio mode)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "downloadMode": "audio",
-                "youtubeHLS": true
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }, {
-            "name": "hls video (audio mode, best format)",
-            "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
-            "params": {
-                "downloadMode": "audio",
-                "youtubeHLS": true,
-                "audioFormat": "best"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "vk": [
-        {
-            "name": "clip, defaults",
-            "canFail": true,
-            "url": "https://vk.com/clip-57274055_456239788",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "clip, 360",
-            "canFail": true,
-            "url": "https://vk.com/clip-57274055_456239788",
-            "params": {
-                "videoQuality": "360"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "clip different link, max",
-            "canFail": true,
-            "url": "https://vk.com/clips-57274055?z=clip-57274055_456239788",
-            "params": {
-                "videoQuality": "max"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "video, defaults",
-            "canFail": true,
-            "url": "https://vk.com/video-57274055_456239399",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "4k video",
-            "canFail": true,
-            "url": "https://vk.com/video-1112285_456248465",
-            "params": {
-                "videoQuality": "max"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "ancient video (fallback to 240p)",
-            "canFail": true,
-            "url": "https://vk.com/video-1959_28496479",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "inexistent video",
-            "url": "https://vk.com/video-53333333_456233333",
-            "params": {},
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        }
-    ],
-    "tiktok": [
-        {
-            "name": "long link video",
-            "url": "https://www.tiktok.com/@fatfatmillycat/video/7195741644585454894",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "images",
-            "url": "https://www.tiktok.com/@matryoshk4/video/7231234675476532526",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "picker"
-            }
-        },
-        {
-            "name": "long link inexistent",
-            "url": "https://www.tiktok.com/@blablabla/video/7120851458451417478",
-            "params": {},
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        },
-        {
-            "name": "short link inexistent",
-            "url": "https://vt.tiktok.com/2p4ewa7/",
-            "params": {},
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        }
-    ],
-    "bilibili": [
-        {
-            "name": "1080p video",
-            "url": "https://www.bilibili.com/video/BV18i4y1m7xV/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "1080p video muted",
-            "url": "https://www.bilibili.com/video/BV18i4y1m7xV/",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "1080p vertical video",
-            "url": "https://www.bilibili.com/video/BV1uu411z7VV/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "1080p vertical video muted",
-            "url": "https://www.bilibili.com/video/BV1uu411z7VV/",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "b23.tv shortlink",
-            "url": "https://b23.tv/lbMyOI9",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "bilibili.tv link",
-            "url": "https://www.bilibili.tv/en/video/4789599404426256",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "tumblr": [
-        {
-            "name": "at.tumblr link",
-            "url": "https://at.tumblr.com/music/704177038274281472/n7x7pr7x4w2b",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "user subdomain link",
-            "url": "https://garfield-69.tumblr.com/post/696499862852780032",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "web app link",
-            "url": "https://www.tumblr.com/rongzhi/707729381162958848/english-added-by-me?source=share",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "tumblr audio",
-            "url": "https://www.tumblr.com/zedneon/737815079301562368/zedneon-ft-mr-sauceman-tech-n9ne-speed-of?source=share",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "tumblr video converted to audio",
-            "url": "https://garfield-69.tumblr.com/post/696499862852780032",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "vimeo": [
-        {
-            "name": "4k progressive",
-            "url": "https://vimeo.com/288386543",
-            "params": {
-                "videoQuality": "2160"
-            },
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "720p progressive",
-            "url": "https://vimeo.com/288386543",
-            "params": {
-                "videoQuality": "720"
-            },
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "1080p dash parcel",
-            "url": "https://vimeo.com/967252742",
-            "params": {
-                "videoQuality": "1440"
-            },
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "720p dash parcel",
-            "url": "https://vimeo.com/967252742",
-            "params": {
-                "videoQuality": "360"
-            },
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "private video",
-            "url": "https://vimeo.com/903115595/f14d06da38",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "mature video",
-            "url": "https://vimeo.com/973212054",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        }
-    ],
-    "reddit": [
-        {
-            "name": "video with audio",
-            "url": "https://www.reddit.com/r/TikTokCringe/comments/wup1fg/id_be_escaping_at_the_first_chance_i_got/?utm_source=share&utm_medium=web2x&context=3",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "video with audio (isAudioOnly)",
-            "url": "https://www.reddit.com/r/TikTokCringe/comments/wup1fg/id_be_escaping_at_the_first_chance_i_got/?utm_source=share&utm_medium=web2x&context=3",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "video with audio (isAudioMuted)",
-            "url": "https://www.reddit.com/r/TikTokCringe/comments/wup1fg/id_be_escaping_at_the_first_chance_i_got/?utm_source=share&utm_medium=web2x&context=3",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "video without audio",
-            "url": "https://www.reddit.com/r/catvideos/comments/ftoeo7/luna_doesnt_want_to_be_bothered_while_shes_napping/?utm_source=share&utm_medium=web2x&context=3",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "actual gif, not looping video",
-            "url": "https://www.reddit.com/r/whenthe/comments/109wqy1/god_really_did_some_trolling/?utm_source=share&utm_medium=web2x&context=3",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "different audio link, live render",
-            "url": "https://www.reddit.com/r/TikTokCringe/comments/15hce91/asian_daddy_kink/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "instagram": [
-        {
-            "name": "single photo post",
-            "url": "https://www.instagram.com/p/CwIgW8Yu5-I/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "various picker (photos + video)",
-            "url": "https://www.instagram.com/p/CvYrSgnsKjv/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "picker"
-            }
-        },
-        {
-            "name": "reel",
-            "url": "https://www.instagram.com/reel/CoEBV3eM4QR/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "regular video",
-            "url": "https://www.instagram.com/p/CmCVWoIr9OH/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "reel (isAudioOnly)",
-            "url": "https://www.instagram.com/reel/CoEBV3eM4QR/",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "reel (isAudioMuted)",
-            "url": "https://www.instagram.com/reel/CoEBV3eM4QR/",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "inexistent reel",
-            "url": "https://www.instagram.com/reel/XXXXXXXXXX/",
-            "params": {},
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        },
-        {
-            "name": "inexistent post",
-            "url": "https://www.instagram.com/p/XXXXXXXXXX/",
-            "params": {},
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        },
-        {
-            "name": "post info in an array (for whatever reason??)",
-            "url": "https://www.instagram.com/reel/CrVB9tatUDv/?igshid=blaBlABALALbLABULLSHIT==",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "prone to get rate limited",
-            "url": "https://www.instagram.com/reel/CrO-T7Qo6rq/?igshid=fuckYouNoTrackingIdForYou==",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "ddinstagram link",
-            "url": "https://ddinstagram.com/p/CmCVWoIr9OH/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "d.ddinstagram.com link",
-            "url": "https://d.ddinstagram.com/p/CmCVWoIr9OH/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "g.ddinstagram.com link",
-            "url": "https://g.ddinstagram.com/p/CmCVWoIr9OH/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        }
-    ],
-    "vine": [
-        {
-            "name": "regular vine link (9+10=21)",
-            "url": "https://vine.co/v/huwVJIEJW50",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "regular vine link (isAudioOnly)",
-            "url": "https://vine.co/v/huwVJIEJW50",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "regular vine link (isAudioMuted)",
-            "url": "https://vine.co/v/huwVJIEJW50",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "pinterest": [
-        {
-            "name": "regular video",
-            "url": "https://www.pinterest.com/pin/70437485604616/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "regular video (isAudioOnly)",
-            "url": "https://www.pinterest.com/pin/70437485604616/",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "regular video (isAudioMuted)",
-            "url": "https://www.pinterest.com/pin/70437485604616/",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "regular video (.ca TLD)",
-            "url": "https://www.pinterest.ca/pin/70437485604616/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "story",
-            "url": "https://www.pinterest.com/pin/gadget-cool-products-amazon-product-technology-kitchen-gadgets--1084663891475263837/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "regular picture",
-            "url": "https://www.pinterest.com/pin/412994228343400946/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "regular picture (.ca TLD)",
-            "url": "https://www.pinterest.ca/pin/412994228343400946/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "regular gif",
-            "url": "https://www.pinterest.com/pin/814447913881127862/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "regular gif (.ca TLD)",
-            "url": "https://www.pinterest.ca/pin/814447913881127862/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        }
-    ],
-    "streamable": [
-        {
-            "name": "regular video",
-            "url": "https://streamable.com/p9cln4",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "embedded link",
-            "url": "https://streamable.com/e/rsmo56",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "regular video (isAudioOnly)",
-            "url": "https://streamable.com/p9cln4",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "regular video (isAudioMuted)",
-            "url": "https://streamable.com/p9cln4",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "inexistent video",
-            "url": "https://streamable.com/XXXXXX",
-            "params": {},
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        }
-    ],
-    "twitch": [
-        {
-            "name": "clip",
-            "url": "https://twitch.tv/rtgame/clip/TubularInventiveSardineCorgiDerp-PM47mJQQ2vsL5B5G",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "clip (isAudioOnly)",
-            "url": "https://twitch.tv/rtgame/clip/TubularInventiveSardineCorgiDerp-PM47mJQQ2vsL5B5G",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "clip (isAudioMuted)",
-            "url": "https://twitch.tv/rtgame/clip/TubularInventiveSardineCorgiDerp-PM47mJQQ2vsL5B5G",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "rutube": [
-        {
-            "name": "regular video",
-            "url": "https://rutube.ru/video/b2f6c27649907c2fde0af411b03825eb/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "vertical video (isAudioMuted)",
-            "url": "https://rutube.ru/video/18a281399b96f9184c647455a86f6724/",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "russian region lock",
-            "url": "https://rutube.ru/video/b521653b4f71ece57b8ff54e57ca9b82/",
-            "params": {},
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        },
-        {
-            "name": "vertical video",
-            "url": "https://rutube.ru/video/18a281399b96f9184c647455a86f6724/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "yappy",
-            "url": "https://rutube.ru/yappy/c8c32bf7aee04412837656ea26c2b25b/",
-            "canFail": true,
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "shorts",
-            "url": "https://rutube.ru/shorts/935c1afafd0e7d52836d671967d53dac/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "vertical video (isAudioOnly)",
-            "url": "https://rutube.ru/video/18a281399b96f9184c647455a86f6724/",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "vertical video (isAudioMuted)",
-            "url": "https://rutube.ru/video/18a281399b96f9184c647455a86f6724/",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "private video",
-            "url": "https://rutube.ru/video/private/1161415be0e686214bb2a498165cab3e/?p=_IL1G8RSnKutunnTYwhZ5A",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "ok": [
-        {
-            "name": "regular video",
-            "url": "https://ok.ru/video/7204071410346",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "dailymotion": [
-        {
-            "name": "regular video",
-            "url": "https://www.dailymotion.com/video/x8t1eho",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "private video",
-            "url": "https://www.dailymotion.com/video/k41fZWpx2TaAORA2nok",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "dai.ly shortened link",
-            "url": "https://dai.ly/k41fZWpx2TaAORA2nok",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        }
-    ],
-    "snapchat": [
-        {
-            "name": "spotlight",
-            "url": "https://www.snapchat.com/spotlight/W7_EDlXWTBiXAEEniNoMPwAAYdWxucG9pZmNqAY46j0a5AY46j0YbAAAAAQ",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "shortlinked spotlight",
-            "url": "https://t.snapchat.com/4ZsiBLDi",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "story",
-            "url": "https://www.snapchat.com/add/bazerkmakane",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "picker"
-            }
-        }
-    ],
-    "loom": [
-        {
-            "name": "1080p video",
-            "url": "https://www.loom.com/share/313bf71d20ca47b2a35b6634cefdb761",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "1080p video (muted)",
-            "url": "https://www.loom.com/share/313bf71d20ca47b2a35b6634cefdb761",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "1080p video (audio only)",
-            "url": "https://www.loom.com/share/313bf71d20ca47b2a35b6634cefdb761",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        }
-    ],
-    "facebook": [
-        {
-            "name": "direct video with username and id",
-            "url": "https://web.facebook.com/100048111287134/videos/1157798148685638/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "direct video with id as query param",
-            "url": "https://web.facebook.com/watch/?v=883839773514682&ref=sharing",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "direct video with caption",
-            "url": "https://web.facebook.com/wood57/videos/𝐒𝐞𝐛𝐚𝐬𝐤𝐨𝐦-𝐟𝐮𝐥𝐥/883839773514682",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "shortlink video",
-            "url": "https://fb.watch/r1K6XHMfGT/",
-            "canFail": true,
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "reel video",
-            "url": "https://web.facebook.com/reel/730293269054758",
-            "canFail": true,
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "shared video link",
-            "url": "https://www.facebook.com/share/v/NEf87jbPTvFE8LsL/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "shared video link v2",
-            "url": "https://web.facebook.com/share/r/JFZfPVgLkiJQmWrr/",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        }
-    ],
-    "bsky": [
-        {
-            "name": "horizontal video",
-            "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3giwtwp222m",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "horizontal video, recordWithMedia",
-            "url": "https://bsky.app/profile/did:plc:ywbm3iywnhzep3ckt6efhoh7/post/3l3wonhk23g2i",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "vertical video",
-            "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3jhpomhjk2m",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "vertical video (muted)",
-            "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3jhpomhjk2m",
-            "params": {
-                "downloadMode": "mute"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "vertical video (audio)",
-            "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3jhpomhjk2m",
-            "params": {
-                "downloadMode": "audio"
-            },
-            "expected": {
-                "code": 200,
-                "status": "tunnel"
-            }
-        },
-        {
-            "name": "single image",
-            "url": "https://bsky.app/profile/did:plc:k4a7d65fcyevbrnntjxh57go/post/3l33flpoygt26",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "redirect"
-            }
-        },
-        {
-            "name": "several images",
-            "url": "https://bsky.app/profile/did:plc:rai7s6su2sy22ss7skouedl7/post/3kzxuxbiul626",
-            "params": {},
-            "expected": {
-                "code": 200,
-                "status": "picker"
-            }
-        },
-        {
-            "name": "deleted post/invalid user",
-            "url": "https://bsky.app/profile/notreal.bsky.team/post/3l2udah76ch2c",
-            "params": {},
-            "expected": {
-                "code": 400,
-                "status": "error"
-            }
-        }
-    ]
-}
diff --git a/api/src/util/tests/bilibili.json b/api/src/util/tests/bilibili.json
new file mode 100644
index 00000000..61d60134
--- /dev/null
+++ b/api/src/util/tests/bilibili.json
@@ -0,0 +1,60 @@
+[
+    {
+        "name": "1080p video",
+        "url": "https://www.bilibili.com/video/BV18i4y1m7xV/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "1080p video muted",
+        "url": "https://www.bilibili.com/video/BV18i4y1m7xV/",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "1080p vertical video",
+        "url": "https://www.bilibili.com/video/BV1uu411z7VV/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "1080p vertical video muted",
+        "url": "https://www.bilibili.com/video/BV1uu411z7VV/",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "b23.tv shortlink",
+        "url": "https://b23.tv/lbMyOI9",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "bilibili.tv link",
+        "url": "https://www.bilibili.tv/en/video/4789599404426256",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/bsky.json b/api/src/util/tests/bsky.json
new file mode 100644
index 00000000..840f1169
--- /dev/null
+++ b/api/src/util/tests/bsky.json
@@ -0,0 +1,78 @@
+[
+    {
+        "name": "horizontal video",
+        "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3giwtwp222m",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "horizontal video, recordWithMedia",
+        "url": "https://bsky.app/profile/did:plc:ywbm3iywnhzep3ckt6efhoh7/post/3l3wonhk23g2i",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "vertical video",
+        "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3jhpomhjk2m",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "vertical video (muted)",
+        "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3jhpomhjk2m",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "vertical video (audio)",
+        "url": "https://bsky.app/profile/did:plc:oisofpd7lj26yvgiivf3lxsi/post/3l3jhpomhjk2m",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "single image",
+        "url": "https://bsky.app/profile/did:plc:k4a7d65fcyevbrnntjxh57go/post/3l33flpoygt26",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "several images",
+        "url": "https://bsky.app/profile/did:plc:rai7s6su2sy22ss7skouedl7/post/3kzxuxbiul626",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "picker"
+        }
+    },
+    {
+        "name": "deleted post/invalid user",
+        "url": "https://bsky.app/profile/notreal.bsky.team/post/3l2udah76ch2c",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/dailymotion.json b/api/src/util/tests/dailymotion.json
new file mode 100644
index 00000000..4de9302c
--- /dev/null
+++ b/api/src/util/tests/dailymotion.json
@@ -0,0 +1,29 @@
+[
+    {
+        "name": "regular video",
+        "url": "https://www.dailymotion.com/video/x8t1eho",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "private video",
+        "url": "https://www.dailymotion.com/video/k41fZWpx2TaAORA2nok",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "dai.ly shortened link",
+        "url": "https://dai.ly/k41fZWpx2TaAORA2nok",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/facebook.json b/api/src/util/tests/facebook.json
new file mode 100644
index 00000000..876ac7fe
--- /dev/null
+++ b/api/src/util/tests/facebook.json
@@ -0,0 +1,67 @@
+[
+    {
+        "name": "direct video with username and id",
+        "url": "https://web.facebook.com/100048111287134/videos/1157798148685638/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "direct video with id as query param",
+        "url": "https://web.facebook.com/watch/?v=883839773514682&ref=sharing",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "direct video with caption",
+        "url": "https://web.facebook.com/wood57/videos/𝐒𝐞𝐛𝐚𝐬𝐤𝐨𝐦-𝐟𝐮𝐥𝐥/883839773514682",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "shortlink video",
+        "url": "https://fb.watch/r1K6XHMfGT/",
+        "canFail": true,
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "reel video",
+        "url": "https://web.facebook.com/reel/730293269054758",
+        "canFail": true,
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "shared video link",
+        "url": "https://www.facebook.com/share/v/NEf87jbPTvFE8LsL/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "shared video link v2",
+        "url": "https://web.facebook.com/share/r/JFZfPVgLkiJQmWrr/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/instagram.json b/api/src/util/tests/instagram.json
new file mode 100644
index 00000000..2ee42194
--- /dev/null
+++ b/api/src/util/tests/instagram.json
@@ -0,0 +1,123 @@
+[
+    {
+        "name": "single photo post",
+        "url": "https://www.instagram.com/p/CwIgW8Yu5-I/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "various picker (photos + video)",
+        "url": "https://www.instagram.com/p/CvYrSgnsKjv/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "picker"
+        }
+    },
+    {
+        "name": "reel",
+        "url": "https://www.instagram.com/reel/CoEBV3eM4QR/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "regular video",
+        "url": "https://www.instagram.com/p/CmCVWoIr9OH/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "reel (isAudioOnly)",
+        "url": "https://www.instagram.com/reel/CoEBV3eM4QR/",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "reel (isAudioMuted)",
+        "url": "https://www.instagram.com/reel/CoEBV3eM4QR/",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "inexistent reel",
+        "url": "https://www.instagram.com/reel/XXXXXXXXXX/",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    },
+    {
+        "name": "inexistent post",
+        "url": "https://www.instagram.com/p/XXXXXXXXXX/",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    },
+    {
+        "name": "post info in an array (for whatever reason??)",
+        "url": "https://www.instagram.com/reel/CrVB9tatUDv/?igshid=blaBlABALALbLABULLSHIT==",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "prone to get rate limited",
+        "url": "https://www.instagram.com/reel/CrO-T7Qo6rq/?igshid=fuckYouNoTrackingIdForYou==",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "ddinstagram link",
+        "url": "https://ddinstagram.com/p/CmCVWoIr9OH/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "d.ddinstagram.com link",
+        "url": "https://d.ddinstagram.com/p/CmCVWoIr9OH/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "g.ddinstagram.com link",
+        "url": "https://g.ddinstagram.com/p/CmCVWoIr9OH/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/loom.json b/api/src/util/tests/loom.json
new file mode 100644
index 00000000..1849a000
--- /dev/null
+++ b/api/src/util/tests/loom.json
@@ -0,0 +1,33 @@
+[
+    {
+        "name": "1080p video",
+        "url": "https://www.loom.com/share/313bf71d20ca47b2a35b6634cefdb761",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "1080p video (muted)",
+        "url": "https://www.loom.com/share/313bf71d20ca47b2a35b6634cefdb761",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "1080p video (audio only)",
+        "url": "https://www.loom.com/share/313bf71d20ca47b2a35b6634cefdb761",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/ok.json b/api/src/util/tests/ok.json
new file mode 100644
index 00000000..8eb103eb
--- /dev/null
+++ b/api/src/util/tests/ok.json
@@ -0,0 +1,11 @@
+[
+    {
+        "name": "regular video",
+        "url": "https://ok.ru/video/7204071410346",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/pinterest.json b/api/src/util/tests/pinterest.json
new file mode 100644
index 00000000..2f15fb0b
--- /dev/null
+++ b/api/src/util/tests/pinterest.json
@@ -0,0 +1,87 @@
+[
+    {
+        "name": "regular video",
+        "url": "https://www.pinterest.com/pin/70437485604616/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "regular video (isAudioOnly)",
+        "url": "https://www.pinterest.com/pin/70437485604616/",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "regular video (isAudioMuted)",
+        "url": "https://www.pinterest.com/pin/70437485604616/",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "regular video (.ca TLD)",
+        "url": "https://www.pinterest.ca/pin/70437485604616/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "story",
+        "url": "https://www.pinterest.com/pin/gadget-cool-products-amazon-product-technology-kitchen-gadgets--1084663891475263837/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "regular picture",
+        "url": "https://www.pinterest.com/pin/412994228343400946/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "regular picture (.ca TLD)",
+        "url": "https://www.pinterest.ca/pin/412994228343400946/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "regular gif",
+        "url": "https://www.pinterest.com/pin/814447913881127862/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "regular gif (.ca TLD)",
+        "url": "https://www.pinterest.ca/pin/814447913881127862/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/reddit.json b/api/src/util/tests/reddit.json
new file mode 100644
index 00000000..3afc6126
--- /dev/null
+++ b/api/src/util/tests/reddit.json
@@ -0,0 +1,60 @@
+[
+    {
+        "name": "video with audio",
+        "url": "https://www.reddit.com/r/TikTokCringe/comments/wup1fg/id_be_escaping_at_the_first_chance_i_got/?utm_source=share&utm_medium=web2x&context=3",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "video with audio (isAudioOnly)",
+        "url": "https://www.reddit.com/r/TikTokCringe/comments/wup1fg/id_be_escaping_at_the_first_chance_i_got/?utm_source=share&utm_medium=web2x&context=3",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "video with audio (isAudioMuted)",
+        "url": "https://www.reddit.com/r/TikTokCringe/comments/wup1fg/id_be_escaping_at_the_first_chance_i_got/?utm_source=share&utm_medium=web2x&context=3",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "video without audio",
+        "url": "https://www.reddit.com/r/catvideos/comments/ftoeo7/luna_doesnt_want_to_be_bothered_while_shes_napping/?utm_source=share&utm_medium=web2x&context=3",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "actual gif, not looping video",
+        "url": "https://www.reddit.com/r/whenthe/comments/109wqy1/god_really_did_some_trolling/?utm_source=share&utm_medium=web2x&context=3",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "different audio link, live render",
+        "url": "https://www.reddit.com/r/TikTokCringe/comments/15hce91/asian_daddy_kink/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/rutube.json b/api/src/util/tests/rutube.json
new file mode 100644
index 00000000..967c52fb
--- /dev/null
+++ b/api/src/util/tests/rutube.json
@@ -0,0 +1,90 @@
+[
+    {
+        "name": "regular video",
+        "url": "https://rutube.ru/video/b2f6c27649907c2fde0af411b03825eb/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "vertical video (isAudioMuted)",
+        "url": "https://rutube.ru/video/18a281399b96f9184c647455a86f6724/",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "russian region lock",
+        "url": "https://rutube.ru/video/b521653b4f71ece57b8ff54e57ca9b82/",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    },
+    {
+        "name": "vertical video",
+        "url": "https://rutube.ru/video/18a281399b96f9184c647455a86f6724/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "yappy",
+        "url": "https://rutube.ru/yappy/c8c32bf7aee04412837656ea26c2b25b/",
+        "canFail": true,
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "shorts",
+        "url": "https://rutube.ru/shorts/935c1afafd0e7d52836d671967d53dac/",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "vertical video (isAudioOnly)",
+        "url": "https://rutube.ru/video/18a281399b96f9184c647455a86f6724/",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "vertical video (isAudioMuted)",
+        "url": "https://rutube.ru/video/18a281399b96f9184c647455a86f6724/",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "private video",
+        "url": "https://rutube.ru/video/private/1161415be0e686214bb2a498165cab3e/?p=_IL1G8RSnKutunnTYwhZ5A",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/snapchat.json b/api/src/util/tests/snapchat.json
new file mode 100644
index 00000000..44f764ce
--- /dev/null
+++ b/api/src/util/tests/snapchat.json
@@ -0,0 +1,29 @@
+[
+    {
+        "name": "spotlight",
+        "url": "https://www.snapchat.com/spotlight/W7_EDlXWTBiXAEEniNoMPwAAYdWxucG9pZmNqAY46j0a5AY46j0YbAAAAAQ",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "shortlinked spotlight",
+        "url": "https://t.snapchat.com/4ZsiBLDi",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "story",
+        "url": "https://www.snapchat.com/add/bazerkmakane",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "picker"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/soundcloud.json b/api/src/util/tests/soundcloud.json
new file mode 100644
index 00000000..ea705cb5
--- /dev/null
+++ b/api/src/util/tests/soundcloud.json
@@ -0,0 +1,87 @@
+[
+    {
+        "name": "public song (best)",
+        "url": "https://soundcloud.com/l2share77/loona-butterfly?utm_source=clipboard&utm_medium=text&utm_campaign=social_sharing",
+        "params": {
+            "audioFormat": "best"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "public song (mp3, isAudioMuted)",
+        "url": "https://soundcloud.com/l2share77/loona-butterfly?utm_source=clipboard&utm_medium=text&utm_campaign=social_sharing",
+        "params": {
+            "downloadMode": "mute",
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "private song",
+        "url": "https://soundcloud.com/user-798052861/asdasdasdsdsd/s-9TqZ7edLJ90",
+        "params": {
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "private song (wav, isAudioMuted)",
+        "url": "https://soundcloud.com/user-798052861/asdasdasdsdsd/s-9TqZ7edLJ90",
+        "params": {
+            "downloadMode": "mute",
+            "audioFormat": "wav"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "private song (ogg, isAudioMuted, isAudioOnly)",
+        "url": "https://soundcloud.com/user-798052861/asdasdasdsdsd/s-9TqZ7edLJ90",
+        "params": {
+            "downloadMode": "audio",
+            "audioFormat": "ogg"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "on.soundcloud link",
+        "url": "https://on.soundcloud.com/wLZre",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "on.soundcloud link, different stream type",
+        "url": "https://on.soundcloud.com/AG4c",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "no opus audio, fallback to mp3",
+        "url": "https://soundcloud.com/frums/credits",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/streamable.json b/api/src/util/tests/streamable.json
new file mode 100644
index 00000000..bf03c228
--- /dev/null
+++ b/api/src/util/tests/streamable.json
@@ -0,0 +1,51 @@
+[
+    {
+        "name": "regular video",
+        "url": "https://streamable.com/p9cln4",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "embedded link",
+        "url": "https://streamable.com/e/rsmo56",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "regular video (isAudioOnly)",
+        "url": "https://streamable.com/p9cln4",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "regular video (isAudioMuted)",
+        "url": "https://streamable.com/p9cln4",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "inexistent video",
+        "url": "https://streamable.com/XXXXXX",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/tiktok.json b/api/src/util/tests/tiktok.json
new file mode 100644
index 00000000..d23c0acc
--- /dev/null
+++ b/api/src/util/tests/tiktok.json
@@ -0,0 +1,38 @@
+[
+    {
+        "name": "long link video",
+        "url": "https://www.tiktok.com/@fatfatmillycat/video/7195741644585454894",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "images",
+        "url": "https://www.tiktok.com/@matryoshk4/video/7231234675476532526",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "picker"
+        }
+    },
+    {
+        "name": "long link inexistent",
+        "url": "https://www.tiktok.com/@blablabla/video/7120851458451417478",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    },
+    {
+        "name": "short link inexistent",
+        "url": "https://vt.tiktok.com/2p4ewa7/",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/tumblr.json b/api/src/util/tests/tumblr.json
new file mode 100644
index 00000000..87352255
--- /dev/null
+++ b/api/src/util/tests/tumblr.json
@@ -0,0 +1,49 @@
+[
+    {
+        "name": "at.tumblr link",
+        "url": "https://at.tumblr.com/music/704177038274281472/n7x7pr7x4w2b",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "user subdomain link",
+        "url": "https://garfield-69.tumblr.com/post/696499862852780032",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "web app link",
+        "url": "https://www.tumblr.com/rongzhi/707729381162958848/english-added-by-me?source=share",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "tumblr audio",
+        "url": "https://www.tumblr.com/zedneon/737815079301562368/zedneon-ft-mr-sauceman-tech-n9ne-speed-of?source=share",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "tumblr video converted to audio",
+        "url": "https://garfield-69.tumblr.com/post/696499862852780032",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/twitch.json b/api/src/util/tests/twitch.json
new file mode 100644
index 00000000..fd6b84af
--- /dev/null
+++ b/api/src/util/tests/twitch.json
@@ -0,0 +1,33 @@
+[
+    {
+        "name": "clip",
+        "url": "https://twitch.tv/rtgame/clip/TubularInventiveSardineCorgiDerp-PM47mJQQ2vsL5B5G",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "clip (isAudioOnly)",
+        "url": "https://twitch.tv/rtgame/clip/TubularInventiveSardineCorgiDerp-PM47mJQQ2vsL5B5G",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "clip (isAudioMuted)",
+        "url": "https://twitch.tv/rtgame/clip/TubularInventiveSardineCorgiDerp-PM47mJQQ2vsL5B5G",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/twitter.json b/api/src/util/tests/twitter.json
new file mode 100644
index 00000000..0024d097
--- /dev/null
+++ b/api/src/util/tests/twitter.json
@@ -0,0 +1,213 @@
+[
+    {
+        "name": "regular video",
+        "url": "https://twitter.com/X/status/1697304622749086011",
+        "params": {
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "video with mobile web mediaviewer",
+        "url": "https://twitter.com/X/status/1697304622749086011/mediaViewer?currentTweet=1697304622749086011&currentTweetUser=X&currentTweet=1697304622749086011&currentTweetUser=X",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "embedded twitter video",
+        "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
+        "params": {
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "mixed media (image + gif)",
+        "url": "https://twitter.com/sky_mj26/status/1807756010712428565",
+        "params": {
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "picker"
+        }
+    },
+    {
+        "name": "picker: mixed media (3 videos)",
+        "url": "https://twitter.com/DankGameAlert/status/1584726006094794774",
+        "params": {
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "picker"
+        }
+    },
+    {
+        "name": "audio from embedded twitter video (mp3, isAudioOnly)",
+        "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
+        "params": {
+            "downloadMode": "audio",
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "audio from embedded twitter video (best, isAudioOnly)",
+        "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
+        "params": {
+            "downloadMode": "audio",
+            "audioFormat": "best"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "audio from embedded twitter video (ogg, isAudioOnly, isAudioMuted)",
+        "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
+        "params": {
+            "downloadMode": "audio",
+            "audioFormat": "best"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "muted embedded twitter video",
+        "url": "https://twitter.com/dustbin_nie/status/1624596567188717568?s=20",
+        "params": {
+            "downloadMode": "mute",
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "retweeted video",
+        "url": "https://twitter.com/uwukko/status/1696901469633421344",
+        "params": {},
+        "canFail": true,
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "age restricted video",
+        "url": "https://x.com/XSpaces/status/1526955853743546372",
+        "params": {},
+        "canFail": true,
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "twitter voice + x.com link",
+        "url": "https://x.com/eggsaladscreams/status/1693089534886506756?s=46",
+        "params": {},
+        "canFail": true,
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "vxtwitter link",
+        "url": "https://vxtwitter.com/dustbin_nie/status/1624596567188717568?s=20",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "post with 1 image",
+        "url": "https://x.com/PopCrave/status/1815960083475423235",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "post with 4 images",
+        "url": "https://x.com/PopCrave/status/1816260887147114696",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "picker"
+        }
+    },
+    {
+        "name": "retweeted video, isAudioOnly",
+        "url": "https://twitter.com/hugekiwinuts/status/1618671150829309953?s=46&t=gItGzgwGQQJJaJrO6qc1Pg",
+        "params": {
+            "downloadMode": "mute",
+            "audioFormat": "mp3"
+        },
+        "canFail": true,
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "inexistent post",
+        "url": "https://twitter.com/test/status/9487653",
+        "params": {
+            "audioFormat": "best"
+        },
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    },
+    {
+        "name": "post with no media content",
+        "url": "https://twitter.com/elonmusk/status/1604617643973124097?s=20",
+        "params": {
+            "audioFormat": "best"
+        },
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    },
+    {
+        "name": "bookmarked video",
+        "url": "https://twitter.com/i/bookmarks?post_id=1828099210220294314",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "bookmarked photo",
+        "url": "https://twitter.com/i/bookmarks?post_id=1837430141179289876",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/vimeo.json b/api/src/util/tests/vimeo.json
new file mode 100644
index 00000000..6c44a47d
--- /dev/null
+++ b/api/src/util/tests/vimeo.json
@@ -0,0 +1,64 @@
+[
+    {
+        "name": "4k progressive",
+        "url": "https://vimeo.com/288386543",
+        "params": {
+            "videoQuality": "2160"
+        },
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "720p progressive",
+        "url": "https://vimeo.com/288386543",
+        "params": {
+            "videoQuality": "720"
+        },
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "1080p dash parcel",
+        "url": "https://vimeo.com/967252742",
+        "params": {
+            "videoQuality": "1440"
+        },
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "720p dash parcel",
+        "url": "https://vimeo.com/967252742",
+        "params": {
+            "videoQuality": "360"
+        },
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "private video",
+        "url": "https://vimeo.com/903115595/f14d06da38",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "mature video",
+        "url": "https://vimeo.com/973212054",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/vine.json b/api/src/util/tests/vine.json
new file mode 100644
index 00000000..f1bc1f77
--- /dev/null
+++ b/api/src/util/tests/vine.json
@@ -0,0 +1,33 @@
+[
+    {
+        "name": "regular vine link (9+10=21)",
+        "url": "https://vine.co/v/huwVJIEJW50",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "redirect"
+        }
+    },
+    {
+        "name": "regular vine link (isAudioOnly)",
+        "url": "https://vine.co/v/huwVJIEJW50",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "regular vine link (isAudioMuted)",
+        "url": "https://vine.co/v/huwVJIEJW50",
+        "params": {
+            "downloadMode": "mute"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/vk.json b/api/src/util/tests/vk.json
new file mode 100644
index 00000000..b9b3fb3b
--- /dev/null
+++ b/api/src/util/tests/vk.json
@@ -0,0 +1,77 @@
+[
+    {
+        "name": "clip, defaults",
+        "canFail": true,
+        "url": "https://vk.com/clip-57274055_456239788",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "clip, 360",
+        "canFail": true,
+        "url": "https://vk.com/clip-57274055_456239788",
+        "params": {
+            "videoQuality": "360"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "clip different link, max",
+        "canFail": true,
+        "url": "https://vk.com/clips-57274055?z=clip-57274055_456239788",
+        "params": {
+            "videoQuality": "max"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "video, defaults",
+        "canFail": true,
+        "url": "https://vk.com/video-57274055_456239399",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "4k video",
+        "canFail": true,
+        "url": "https://vk.com/video-1112285_456248465",
+        "params": {
+            "videoQuality": "max"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "ancient video (fallback to 240p)",
+        "canFail": true,
+        "url": "https://vk.com/video-1959_28496479",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "inexistent video",
+        "url": "https://vk.com/video-53333333_456233333",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    }
+]
\ No newline at end of file
diff --git a/api/src/util/tests/youtube.json b/api/src/util/tests/youtube.json
new file mode 100644
index 00000000..0655e683
--- /dev/null
+++ b/api/src/util/tests/youtube.json
@@ -0,0 +1,240 @@
+[
+    {
+        "name": "4k video (h264, 1440)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "youtubeVideoCodec": "h264",
+            "videoQuality": "1440"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "4k video (vp9, 720)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "youtubeVideoCodec": "vp9",
+            "videoQuality": "720"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "4k video (av1, max)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "youtubeVideoCodec": "av1",
+            "videoQuality": "max"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "4k video (h264, 720)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "youtubeVideoCodec": "h264",
+            "videoQuality": "720"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "4k video (vp9, max, isAudioMuted)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "downloadMode": "mute",
+            "youtubeVideoCodec": "vp9",
+            "videoQuality": "max"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "4k video (h264, max, isAudioMuted)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "downloadMode": "mute",
+            "youtubeVideoCodec": "h264",
+            "videoQuality": "max"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "4k video (av1, max, isAudioMuted, isAudioOnly, mp3)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "downloadMode": "audio",
+            "audioFormat": "mp3",
+            "youtubeVideoCodec": "av1",
+            "videoQuality": "max"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "4k video (av1, max, isAudioMuted, isAudioOnly, best)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "downloadMode": "audio",
+            "audioFormat": "best",
+            "youtubeVideoCodec": "av1",
+            "videoQuality": "max"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "music (mp3, isAudioOnly, isAudioMuted)",
+        "url": "https://music.youtube.com/watch?v=5rGTsvZCEdk&feature=share",
+        "params": {
+            "downloadMode": "audio",
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "music (mp3)",
+        "url": "https://music.youtube.com/watch?v=5rGTsvZCEdk&feature=share",
+        "params": {
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "audio bitrate higher than video, no vp9 video in response (mp3, isAudioOnly)",
+        "url": "https://www.youtube.com/watch?v=t5nC_ucYBrc",
+        "params": {
+            "downloadMode": "audio",
+            "audioFormat": "mp3"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "short, defaults",
+        "url": "https://www.youtube.com/shorts/r5FpeOJItbw",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "vr 360, av1, max",
+        "url": "https://www.youtube.com/watch?v=hEdzv7D4CbQ",
+        "params": {
+            "youtubeVideoCodec": "vp9",
+            "videoQuality": "max"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "live link, defaults",
+        "url": "https://www.youtube.com/live/ENxZS6PUDuI?feature=shared",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "inexistent video",
+        "url": "https://youtube.com/watch?v=gnjuHYWGEW",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    },
+    {
+        "name": "broken audioOnly download",
+        "url": "https://www.youtube.com/watch?v=ink80Al5nbw",
+        "params": {
+            "downloadMode": "audio"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "hls video (h264, 1440p)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "youtubeVideoCodec": "h264",
+            "videoQuality": "1440",
+            "youtubeHLS": true
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "hls video (vp9, 360p)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "youtubeVideoCodec": "vp9",
+            "videoQuality": "360",
+            "youtubeHLS": true
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "hls video (audio mode)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "downloadMode": "audio",
+            "youtubeHLS": true
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "hls video (audio mode, best format)",
+        "url": "https://www.youtube.com/watch?v=vPwaXytZcgI",
+        "params": {
+            "downloadMode": "audio",
+            "youtubeHLS": true,
+            "audioFormat": "best"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    }
+]
\ No newline at end of file

From 91e8ef8ab42baf08fbf5e8d5a99e435c6b8ac67b Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 13 Nov 2024 17:24:51 +0000
Subject: [PATCH 196/379] api/test-ci: add functionality for running all tests

---
 api/src/misc/run-test.js |   2 +-
 api/src/util/test-ci.js  | 127 ++++++++++++++++++++++++++-------------
 2 files changed, 85 insertions(+), 44 deletions(-)

diff --git a/api/src/misc/run-test.js b/api/src/misc/run-test.js
index 10d19aef..21d97d04 100644
--- a/api/src/misc/run-test.js
+++ b/api/src/misc/run-test.js
@@ -41,4 +41,4 @@ export async function runTest(url, params, expect) {
     if (result.body.status === 'tunnel') {
         // TODO: stream testing
     }
-}
\ No newline at end of file
+}
diff --git a/api/src/util/test-ci.js b/api/src/util/test-ci.js
index 5a1d6300..a8b70fd3 100644
--- a/api/src/util/test-ci.js
+++ b/api/src/util/test-ci.js
@@ -13,7 +13,56 @@ const getTests = (service) => loadJSON(getTestPath(service));
 
 // services that are known to frequently fail due to external
 // factors (e.g. rate limiting)
-const finnicky = new Set(['bilibili', 'instagram', 'facebook', 'youtube'])
+const finnicky = new Set(['bilibili', 'instagram', 'facebook', 'youtube']);
+
+const runTestsFor = async (service) => {
+    const tests = getTests(service);
+    let softFails = 0, fails = 0;
+
+    if (!tests) {
+        throw "no such service: " + service;
+    }
+
+    for (const test of tests) {
+        const { name, url, params, expected } = test;
+        const canFail = test.canFail || finnicky.has(service);
+
+        try {
+            await runTest(url, params, expected);
+            console.log(`${service}/${name}: ok`);
+
+        } catch(e) {
+            softFails += !canFail;
+            fails++;
+
+            let failText = canFail ? `${Red('FAIL')} (ignored)` : Bright(Red('FAIL'));
+            if (canFail && process.env.GITHUB_ACTION) {
+                console.log(`::warning title=${service}/${name.replace(/,/g, ';')}::failed and was ignored`);
+            }
+
+            console.error(`${service}/${name}: ${failText}`);
+            const errorString = e.toString().split('\n');
+            let c = '┃';
+            errorString.forEach((line, index) => {
+                line = line.replace('!=', Red('!='));
+
+                if (index === errorString.length - 1) {
+                    c = '┗';
+                }
+
+                console.error(`   ${c}`, line);
+            });
+        }
+    }
+
+    return { fails, softFails };
+}
+
+const printHeader = (service, padLen) => {
+    const padding = padLen - service.length;
+    service = service.padEnd(1 + service.length + padding, ' ');
+    console.log(service + '='.repeat(50));
+}
 
 const action = process.argv[2];
 switch (action) {
@@ -38,53 +87,45 @@ switch (action) {
 
     case "run-tests-for":
         const service = process.argv[3];
-        let failed = false;
-        const tests = getTests(service);
 
-        if (!tests) {
-            console.error('no such service:', service);
+        env.streamLifespan = 10000;
+        env.apiURL = 'http://x/';
+        randomizeCiphers();
+
+        try {
+            const { softFails } = await runTestsFor(service);
+            process.exitCode = Number(!!softFails);
+        } catch(e) {
+            console.error(e);
             process.exitCode = 1;
             break;
         }
 
-        env.streamLifespan = 10000;
-        env.apiURL = 'http://x';
-        randomizeCiphers();
-
-        for (const test of tests) {
-            const { name, url, params, expected } = test;
-            const canFail = test.canFail || finnicky.has(service);
-
-            try {
-                await runTest(url, params, expected);
-                console.log(`${service}/${name}: ok`);
-
-            } catch(e) {
-                failed = !canFail;
-
-                let failText = canFail ? `${Red('FAIL')} (ignored)` : Bright(Red('FAIL'));
-                if (canFail && process.env.GITHUB_ACTION) {
-                    console.log(`::warning title=${service}/${name.replace(/,/g, ';')}::failed and was ignored`);
-                }
-
-                console.error(`${service}/${name}: ${failText}`);
-                const errorString = e.toString().split('\n');
-                let c = '┃';
-                errorString.forEach((line, index) => {
-                    line = line.replace('!=', Red('!='));
-
-                    if (index === errorString.length - 1) {
-                        c = '┗';
-                    }
-
-                    console.error(`   ${c}`, line);
-                });
-            }
-        }
-
-        process.exitCode = Number(failed);
         break;
     default:
-        console.error('invalid action:', action);
-        process.exitCode = 1;
+        const maxHeaderLen = Object.keys(services).reduce((n, v) => v.length > n ? v.length : n, 0);
+        const failCounters = {};
+
+        env.streamLifespan = 10000;
+        env.apiURL = 'http://x/';
+        randomizeCiphers();
+
+        for (const service in services) {
+            printHeader(service, maxHeaderLen);
+            const { fails, softFails } = await runTestsFor(service);
+            failCounters[service] = fails;
+            console.log();
+
+            if (!process.exitCode && softFails)
+                process.exitCode = 1;
+        }
+
+        console.log('='.repeat(50 + maxHeaderLen));
+        console.log(
+            Bright('total fails:'),
+            Object.values(failCounters).reduce((a, b) => a + b)
+        );
+        for (const [ service, fails ] of Object.entries(failCounters)) {
+            if (fails) console.log(`${Bright(service)} fails: ${fails}`);
+        }
 }

From f6bffe543c9039846240a594c45d52b7993e0d1a Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 13 Nov 2024 17:25:23 +0000
Subject: [PATCH 197/379] api/test: replace test.js with test-ci.js

---
 .github/workflows/test-services.yml |   4 +-
 api/src/util/test-ci.js             | 131 -------------------
 api/src/util/test.js                | 191 +++++++++++++++++-----------
 3 files changed, 121 insertions(+), 205 deletions(-)
 delete mode 100644 api/src/util/test-ci.js

diff --git a/.github/workflows/test-services.yml b/.github/workflows/test-services.yml
index 6291c736..77242cb8 100644
--- a/.github/workflows/test-services.yml
+++ b/.github/workflows/test-services.yml
@@ -17,7 +17,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: pnpm/action-setup@v4
       - id: checkServices
-        run: pnpm i --frozen-lockfile && echo "service_list=$(node api/src/util/test-ci get-services)" >> "$GITHUB_OUTPUT"
+        run: pnpm i --frozen-lockfile && echo "service_list=$(node api/src/util/test get-services)" >> "$GITHUB_OUTPUT"
 
   test-services:
     needs: check-services
@@ -30,4 +30,4 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: pnpm/action-setup@v4
-      - run: pnpm i --frozen-lockfile && node api/src/util/test-ci run-tests-for ${{ matrix.service }}
\ No newline at end of file
+      - run: pnpm i --frozen-lockfile && node api/src/util/test run-tests-for ${{ matrix.service }}
diff --git a/api/src/util/test-ci.js b/api/src/util/test-ci.js
deleted file mode 100644
index a8b70fd3..00000000
--- a/api/src/util/test-ci.js
+++ /dev/null
@@ -1,131 +0,0 @@
-import path from "node:path";
-
-import { env } from "../config.js";
-import { runTest } from "../misc/run-test.js";
-import { loadJSON } from "../misc/load-from-fs.js";
-import { Red, Bright } from "../misc/console-text.js";
-import { randomizeCiphers } from "../misc/randomize-ciphers.js";
-
-import { services } from "../processing/service-config.js";
-
-const getTestPath = service => path.join('./src/util/tests/', `./${service}.json`);
-const getTests = (service) => loadJSON(getTestPath(service));
-
-// services that are known to frequently fail due to external
-// factors (e.g. rate limiting)
-const finnicky = new Set(['bilibili', 'instagram', 'facebook', 'youtube']);
-
-const runTestsFor = async (service) => {
-    const tests = getTests(service);
-    let softFails = 0, fails = 0;
-
-    if (!tests) {
-        throw "no such service: " + service;
-    }
-
-    for (const test of tests) {
-        const { name, url, params, expected } = test;
-        const canFail = test.canFail || finnicky.has(service);
-
-        try {
-            await runTest(url, params, expected);
-            console.log(`${service}/${name}: ok`);
-
-        } catch(e) {
-            softFails += !canFail;
-            fails++;
-
-            let failText = canFail ? `${Red('FAIL')} (ignored)` : Bright(Red('FAIL'));
-            if (canFail && process.env.GITHUB_ACTION) {
-                console.log(`::warning title=${service}/${name.replace(/,/g, ';')}::failed and was ignored`);
-            }
-
-            console.error(`${service}/${name}: ${failText}`);
-            const errorString = e.toString().split('\n');
-            let c = '┃';
-            errorString.forEach((line, index) => {
-                line = line.replace('!=', Red('!='));
-
-                if (index === errorString.length - 1) {
-                    c = '┗';
-                }
-
-                console.error(`   ${c}`, line);
-            });
-        }
-    }
-
-    return { fails, softFails };
-}
-
-const printHeader = (service, padLen) => {
-    const padding = padLen - service.length;
-    service = service.padEnd(1 + service.length + padding, ' ');
-    console.log(service + '='.repeat(50));
-}
-
-const action = process.argv[2];
-switch (action) {
-    case "get-services":
-        const fromConfig = Object.keys(services);
-
-        const missingTests = fromConfig.filter(
-            service => {
-                const tests = getTests(service);
-                return !tests || tests.length === 0
-            }
-        );
-
-        if (missingTests.length) {
-            console.error('services have no tests:', missingTests);
-            process.exitCode = 1;
-            break;
-        }
-
-        console.log(JSON.stringify(fromConfig));
-        break;
-
-    case "run-tests-for":
-        const service = process.argv[3];
-
-        env.streamLifespan = 10000;
-        env.apiURL = 'http://x/';
-        randomizeCiphers();
-
-        try {
-            const { softFails } = await runTestsFor(service);
-            process.exitCode = Number(!!softFails);
-        } catch(e) {
-            console.error(e);
-            process.exitCode = 1;
-            break;
-        }
-
-        break;
-    default:
-        const maxHeaderLen = Object.keys(services).reduce((n, v) => v.length > n ? v.length : n, 0);
-        const failCounters = {};
-
-        env.streamLifespan = 10000;
-        env.apiURL = 'http://x/';
-        randomizeCiphers();
-
-        for (const service in services) {
-            printHeader(service, maxHeaderLen);
-            const { fails, softFails } = await runTestsFor(service);
-            failCounters[service] = fails;
-            console.log();
-
-            if (!process.exitCode && softFails)
-                process.exitCode = 1;
-        }
-
-        console.log('='.repeat(50 + maxHeaderLen));
-        console.log(
-            Bright('total fails:'),
-            Object.values(failCounters).reduce((a, b) => a + b)
-        );
-        for (const [ service, fails ] of Object.entries(failCounters)) {
-            if (fails) console.log(`${Bright(service)} fails: ${fails}`);
-        }
-}
diff --git a/api/src/util/test.js b/api/src/util/test.js
index 34afde7e..a8b70fd3 100644
--- a/api/src/util/test.js
+++ b/api/src/util/test.js
@@ -1,84 +1,131 @@
-import "dotenv/config";
+import path from "node:path";
+
+import { env } from "../config.js";
+import { runTest } from "../misc/run-test.js";
+import { loadJSON } from "../misc/load-from-fs.js";
+import { Red, Bright } from "../misc/console-text.js";
+import { randomizeCiphers } from "../misc/randomize-ciphers.js";
 
 import { services } from "../processing/service-config.js";
-import { extract } from "../processing/url.js";
-import match from "../processing/match.js";
-import { loadJSON } from "../misc/load-from-fs.js";
-import { normalizeRequest } from "../processing/request.js";
-import { env } from "../config.js";
 
-env.apiURL = 'http://localhost:9000'
-let tests = loadJSON('./src/util/tests.json');
+const getTestPath = service => path.join('./src/util/tests/', `./${service}.json`);
+const getTests = (service) => loadJSON(getTestPath(service));
 
-let noTest = [];
-let failed = [];
-let success = 0;
+// services that are known to frequently fail due to external
+// factors (e.g. rate limiting)
+const finnicky = new Set(['bilibili', 'instagram', 'facebook', 'youtube']);
 
-function addToFail(service, testName, url, status, response) {
-    failed.push({
-        service: service,
-        name: testName,
-        url: url,
-        status: status,
-        response: response
-    })
-}
-for (let i in services) {
-    if (tests[i]) {
-        console.log(`\nRunning tests for ${i}...\n`)
-        for (let k = 0; k < tests[i].length; k++) {
-            let test = tests[i][k];
+const runTestsFor = async (service) => {
+    const tests = getTests(service);
+    let softFails = 0, fails = 0;
 
-            console.log(`Running test ${k+1}: ${test.name}`);
-            console.log('params:');
-            let params = {...{url: test.url}, ...test.params};
-            console.log(params);
-
-            let chck = await normalizeRequest(params);
-            if (chck.success) {
-                chck = chck.data;
-
-                const parsed = extract(chck.url);
-                if (parsed === null) {
-                    throw `Invalid URL: ${chck.url}`
-                }
-
-                let j = await match({
-                    host: parsed.host,
-                    patternMatch: parsed.patternMatch,
-                    params: chck,
-                });
-                console.log('\nReceived:');
-                console.log(j)
-                if (j.status === test.expected.code && j.body.status === test.expected.status) {
-                    console.log("\n✅ Success.\n");
-                    success++
-                } else {
-                    console.log(`\n❌ Fail. Expected: ${test.expected.code} & ${test.expected.status}, received: ${j.status} & ${j.body.status}\n`);
-                    addToFail(i, test.name, test.url, j.body.status, j)
-                }
-            } else {
-                console.log("\n❌ couldn't validate the request JSON.\n");
-                addToFail(i, test.name, test.url, "unknown", {})
-            }
-        }
-        console.log("\n\n")
-    } else {
-        console.warn(`No tests found for ${i}.`);
-        noTest.push(i)
+    if (!tests) {
+        throw "no such service: " + service;
     }
+
+    for (const test of tests) {
+        const { name, url, params, expected } = test;
+        const canFail = test.canFail || finnicky.has(service);
+
+        try {
+            await runTest(url, params, expected);
+            console.log(`${service}/${name}: ok`);
+
+        } catch(e) {
+            softFails += !canFail;
+            fails++;
+
+            let failText = canFail ? `${Red('FAIL')} (ignored)` : Bright(Red('FAIL'));
+            if (canFail && process.env.GITHUB_ACTION) {
+                console.log(`::warning title=${service}/${name.replace(/,/g, ';')}::failed and was ignored`);
+            }
+
+            console.error(`${service}/${name}: ${failText}`);
+            const errorString = e.toString().split('\n');
+            let c = '┃';
+            errorString.forEach((line, index) => {
+                line = line.replace('!=', Red('!='));
+
+                if (index === errorString.length - 1) {
+                    c = '┗';
+                }
+
+                console.error(`   ${c}`, line);
+            });
+        }
+    }
+
+    return { fails, softFails };
 }
 
-console.log(`✅ ${success} tests succeeded.`);
-console.log(`❌ ${failed.length} tests failed.`);
-console.log(`❔ ${noTest.length} services weren't tested.`);
-
-if (failed.length > 0) {
-    console.log(`\nFailed tests:`);
-    console.log(failed)
+const printHeader = (service, padLen) => {
+    const padding = padLen - service.length;
+    service = service.padEnd(1 + service.length + padding, ' ');
+    console.log(service + '='.repeat(50));
 }
 
-if (noTest.length > 0) {
-    console.log(`\nMissing tests:`);
-    console.log(noTest)
+const action = process.argv[2];
+switch (action) {
+    case "get-services":
+        const fromConfig = Object.keys(services);
+
+        const missingTests = fromConfig.filter(
+            service => {
+                const tests = getTests(service);
+                return !tests || tests.length === 0
+            }
+        );
+
+        if (missingTests.length) {
+            console.error('services have no tests:', missingTests);
+            process.exitCode = 1;
+            break;
+        }
+
+        console.log(JSON.stringify(fromConfig));
+        break;
+
+    case "run-tests-for":
+        const service = process.argv[3];
+
+        env.streamLifespan = 10000;
+        env.apiURL = 'http://x/';
+        randomizeCiphers();
+
+        try {
+            const { softFails } = await runTestsFor(service);
+            process.exitCode = Number(!!softFails);
+        } catch(e) {
+            console.error(e);
+            process.exitCode = 1;
+            break;
+        }
+
+        break;
+    default:
+        const maxHeaderLen = Object.keys(services).reduce((n, v) => v.length > n ? v.length : n, 0);
+        const failCounters = {};
+
+        env.streamLifespan = 10000;
+        env.apiURL = 'http://x/';
+        randomizeCiphers();
+
+        for (const service in services) {
+            printHeader(service, maxHeaderLen);
+            const { fails, softFails } = await runTestsFor(service);
+            failCounters[service] = fails;
+            console.log();
+
+            if (!process.exitCode && softFails)
+                process.exitCode = 1;
+        }
+
+        console.log('='.repeat(50 + maxHeaderLen));
+        console.log(
+            Bright('total fails:'),
+            Object.values(failCounters).reduce((a, b) => a + b)
+        );
+        for (const [ service, fails ] of Object.entries(failCounters)) {
+            if (fails) console.log(`${Bright(service)} fails: ${fails}`);
+        }
 }

From cf40f0542f7ed4d1a924f8356de4d84aba08e91d Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 13 Nov 2024 17:27:26 +0000
Subject: [PATCH 198/379] api/test: make deepsource happy

---
 api/src/util/test.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/api/src/util/test.js b/api/src/util/test.js
index a8b70fd3..efb0f3a5 100644
--- a/api/src/util/test.js
+++ b/api/src/util/test.js
@@ -86,14 +86,12 @@ switch (action) {
         break;
 
     case "run-tests-for":
-        const service = process.argv[3];
-
         env.streamLifespan = 10000;
         env.apiURL = 'http://x/';
         randomizeCiphers();
 
         try {
-            const { softFails } = await runTestsFor(service);
+            const { softFails } = await runTestsFor(process.argv[3]);
             process.exitCode = Number(!!softFails);
         } catch(e) {
             console.error(e);

From 4c006b2291ae828f5d24d69a7805abce4fe04601 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 15 Nov 2024 12:11:29 +0000
Subject: [PATCH 199/379] api/test: add vk to finnicky services

---
 api/src/util/test.js       | 2 +-
 api/src/util/tests/vk.json | 8 +-------
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/api/src/util/test.js b/api/src/util/test.js
index efb0f3a5..76eb12c3 100644
--- a/api/src/util/test.js
+++ b/api/src/util/test.js
@@ -13,7 +13,7 @@ const getTests = (service) => loadJSON(getTestPath(service));
 
 // services that are known to frequently fail due to external
 // factors (e.g. rate limiting)
-const finnicky = new Set(['bilibili', 'instagram', 'facebook', 'youtube']);
+const finnicky = new Set(['bilibili', 'instagram', 'facebook', 'youtube', 'vk']);
 
 const runTestsFor = async (service) => {
     const tests = getTests(service);
diff --git a/api/src/util/tests/vk.json b/api/src/util/tests/vk.json
index b9b3fb3b..1dc3ca95 100644
--- a/api/src/util/tests/vk.json
+++ b/api/src/util/tests/vk.json
@@ -1,7 +1,6 @@
 [
     {
         "name": "clip, defaults",
-        "canFail": true,
         "url": "https://vk.com/clip-57274055_456239788",
         "params": {},
         "expected": {
@@ -11,7 +10,6 @@
     },
     {
         "name": "clip, 360",
-        "canFail": true,
         "url": "https://vk.com/clip-57274055_456239788",
         "params": {
             "videoQuality": "360"
@@ -23,7 +21,6 @@
     },
     {
         "name": "clip different link, max",
-        "canFail": true,
         "url": "https://vk.com/clips-57274055?z=clip-57274055_456239788",
         "params": {
             "videoQuality": "max"
@@ -35,7 +32,6 @@
     },
     {
         "name": "video, defaults",
-        "canFail": true,
         "url": "https://vk.com/video-57274055_456239399",
         "params": {},
         "expected": {
@@ -45,7 +41,6 @@
     },
     {
         "name": "4k video",
-        "canFail": true,
         "url": "https://vk.com/video-1112285_456248465",
         "params": {
             "videoQuality": "max"
@@ -57,7 +52,6 @@
     },
     {
         "name": "ancient video (fallback to 240p)",
-        "canFail": true,
         "url": "https://vk.com/video-1959_28496479",
         "params": {},
         "expected": {
@@ -74,4 +68,4 @@
             "status": "error"
         }
     }
-]
\ No newline at end of file
+]

From f7dc6cebad98180bb0c604bf94e5a17af41af2db Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 15 Nov 2024 12:19:49 +0000
Subject: [PATCH 200/379] all: add space after catch

---
 api/src/processing/cookie/manager.js   | 2 +-
 api/src/processing/services/youtube.js | 4 ++--
 api/src/util/test.js                   | 4 ++--
 web/src/lib/libav.ts                   | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 7a47685d..6b647db5 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -27,7 +27,7 @@ const setupMain = async (cookiePath) => {
         cluster.broadcast({ cookies });
 
         console.log(`${Green('[✓]')} cookies loaded successfully!`);
-    } catch(e) {
+    } catch (e) {
         console.error(`${Yellow('[!]')} failed to load cookies.`);
         console.error('error:', e);
     }
diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index ae96ea0d..e63a21b2 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -124,7 +124,7 @@ export default async function(o) {
                 dispatcher: o.dispatcher
             })
         );
-    } catch(e) {
+    } catch (e) {
         if (e.message?.endsWith("decipher algorithm")) {
             return { error: "youtube.decipher" }
         } else if (e.message?.includes("refresh access token")) {
@@ -142,7 +142,7 @@ export default async function(o) {
     let info;
     try {
         info = await yt.getBasicInfo(o.id, useHLS ? 'IOS' : 'ANDROID');
-    } catch(e) {
+    } catch (e) {
         if (e?.info?.reason === "This video is private") {
             return { error: "content.video.private" };
         } else if (e?.message === "This video is unavailable") {
diff --git a/api/src/util/test.js b/api/src/util/test.js
index 76eb12c3..256a92fe 100644
--- a/api/src/util/test.js
+++ b/api/src/util/test.js
@@ -31,7 +31,7 @@ const runTestsFor = async (service) => {
             await runTest(url, params, expected);
             console.log(`${service}/${name}: ok`);
 
-        } catch(e) {
+        } catch (e) {
             softFails += !canFail;
             fails++;
 
@@ -93,7 +93,7 @@ switch (action) {
         try {
             const { softFails } = await runTestsFor(process.argv[3]);
             process.exitCode = Number(!!softFails);
-        } catch(e) {
+        } catch (e) {
             console.error(e);
             process.exitCode = 1;
             break;
diff --git a/web/src/lib/libav.ts b/web/src/lib/libav.ts
index e5655645..4f540cf5 100644
--- a/web/src/lib/libav.ts
+++ b/web/src/lib/libav.ts
@@ -114,7 +114,7 @@ export default class LibAVWrapper {
                 if (name === 'progress.txt') {
                     try {
                         return this.#emitProgress(data);
-                    } catch(e) {
+                    } catch (e) {
                         console.error(e);
                     }
                 } else if (name !== outputName) return;
@@ -230,4 +230,4 @@ export default class LibAVWrapper {
 
         this.onProgress(progress);
     }
-}
\ No newline at end of file
+}

From 3de3e9e158fe4baac7399f345c4c6cbdc9df91e8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Fri, 15 Nov 2024 18:29:21 +0600
Subject: [PATCH 201/379] api: remove support for vine cuz the archive is dead

masterful gambit elon musk
---
 api/README.md                          |  1 -
 api/src/processing/match-action.js     |  1 -
 api/src/processing/match.js            |  7 ------
 api/src/processing/service-config.js   |  4 ----
 api/src/processing/service-patterns.js |  3 ---
 api/src/processing/services/vine.js    | 15 ------------
 api/src/util/tests/vine.json           | 33 --------------------------
 7 files changed, 64 deletions(-)
 delete mode 100644 api/src/processing/services/vine.js
 delete mode 100644 api/src/util/tests/vine.json

diff --git a/api/README.md b/api/README.md
index 38104626..d740fb21 100644
--- a/api/README.md
+++ b/api/README.md
@@ -38,7 +38,6 @@ this list is not final and keeps expanding over time. if support for a service y
 | twitch clips      | ✅            | ✅         | ✅         | ✅         | ✅              |
 | twitter/x         | ✅            | ✅         | ✅         | ➖         | ➖              |
 | vimeo             | ✅            | ✅         | ✅         | ✅         | ✅              |
-| vine              | ✅            | ✅         | ✅         | ➖         | ➖              |
 | vk videos & clips | ✅            | ❌         | ✅         | ✅         | ✅              |
 | youtube           | ✅            | ✅         | ✅         | ✅         | ✅              |
 
diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 83bba08d..5820214e 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -145,7 +145,6 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
                     break;
 
                 case "facebook":
-                case "vine":
                 case "instagram":
                 case "tumblr":
                 case "pinterest":
diff --git a/api/src/processing/match.js b/api/src/processing/match.js
index 96036e5e..fe587f09 100644
--- a/api/src/processing/match.js
+++ b/api/src/processing/match.js
@@ -19,7 +19,6 @@ import tumblr from "./services/tumblr.js";
 import vimeo from "./services/vimeo.js";
 import soundcloud from "./services/soundcloud.js";
 import instagram from "./services/instagram.js";
-import vine from "./services/vine.js";
 import pinterest from "./services/pinterest.js";
 import streamable from "./services/streamable.js";
 import twitch from "./services/twitch.js";
@@ -175,12 +174,6 @@ export default async function({ host, patternMatch, params }) {
                 })
                 break;
 
-            case "vine":
-                r = await vine({
-                    id: patternMatch.id
-                });
-                break;
-
             case "pinterest":
                 r = await pinterest({
                     id: patternMatch.id,
diff --git a/api/src/processing/service-config.js b/api/src/processing/service-config.js
index 9566fdf8..7e9dfaa4 100644
--- a/api/src/processing/service-config.js
+++ b/api/src/processing/service-config.js
@@ -143,10 +143,6 @@ export const services = {
         subdomains: ["mobile"],
         altDomains: ["x.com", "vxtwitter.com", "fixvx.com"],
     },
-    vine: {
-        patterns: ["v/:id"],
-        tld: "co",
-    },
     vimeo: {
         patterns: [
             ":id",
diff --git a/api/src/processing/service-patterns.js b/api/src/processing/service-patterns.js
index 9a0acd75..0c3d63d4 100644
--- a/api/src/processing/service-patterns.js
+++ b/api/src/processing/service-patterns.js
@@ -55,9 +55,6 @@ export const testers = {
         pattern.id?.length <= 11
         && (!pattern.password || pattern.password.length < 16),
 
-    "vine": pattern =>
-        pattern.id?.length <= 12,
-
     "vk": pattern =>
         pattern.userId?.length <= 10 && pattern.videoId?.length <= 10,
 
diff --git a/api/src/processing/services/vine.js b/api/src/processing/services/vine.js
deleted file mode 100644
index e0826720..00000000
--- a/api/src/processing/services/vine.js
+++ /dev/null
@@ -1,15 +0,0 @@
-export default async function(obj) {
-    let post = await fetch(`https://archive.vine.co/posts/${obj.id}.json`)
-                    .then(r => r.json())
-                    .catch(() => {});
-
-    if (!post) return { error: "fetch.empty" };
-
-    if (post.videoUrl) return {
-        urls: post.videoUrl.replace("http://", "https://"),
-        filename: `vine_${obj.id}.mp4`,
-        audioFilename: `vine_${obj.id}_audio`
-    }
-
-    return { error: "fetch.empty" }
-}
diff --git a/api/src/util/tests/vine.json b/api/src/util/tests/vine.json
deleted file mode 100644
index f1bc1f77..00000000
--- a/api/src/util/tests/vine.json
+++ /dev/null
@@ -1,33 +0,0 @@
-[
-    {
-        "name": "regular vine link (9+10=21)",
-        "url": "https://vine.co/v/huwVJIEJW50",
-        "params": {},
-        "expected": {
-            "code": 200,
-            "status": "redirect"
-        }
-    },
-    {
-        "name": "regular vine link (isAudioOnly)",
-        "url": "https://vine.co/v/huwVJIEJW50",
-        "params": {
-            "downloadMode": "audio"
-        },
-        "expected": {
-            "code": 200,
-            "status": "tunnel"
-        }
-    },
-    {
-        "name": "regular vine link (isAudioMuted)",
-        "url": "https://vine.co/v/huwVJIEJW50",
-        "params": {
-            "downloadMode": "mute"
-        },
-        "expected": {
-            "code": 200,
-            "status": "tunnel"
-        }
-    }
-]
\ No newline at end of file

From 3dc5f634cf502c595ccc0669987229742c0dac34 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Fri, 15 Nov 2024 20:34:53 +0600
Subject: [PATCH 202/379] web/package: bump version to 10.3.2

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index 07936290..b4023897 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.3",
+    "version": "10.3.2",
     "type": "module",
     "private": true,
     "scripts": {

From 09c66fead000ce658b88481fd1cbc172712c73f8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Fri, 15 Nov 2024 20:35:06 +0600
Subject: [PATCH 203/379] api/package: bump version to 10.3.2

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index beeea330..0a6ee744 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.3.1",
+    "version": "10.3.2",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From b61b8c82a20aebb1498f889fd467c80a48d16d63 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 16 Nov 2024 21:57:14 +0600
Subject: [PATCH 204/379] api/bluesky: use hls video cdn directly

---
 api/src/processing/services/bluesky.js | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/services/bluesky.js b/api/src/processing/services/bluesky.js
index 75ee8e6a..bc887437 100644
--- a/api/src/processing/services/bluesky.js
+++ b/api/src/processing/services/bluesky.js
@@ -3,9 +3,16 @@ import { cobaltUserAgent } from "../../config.js";
 import { createStream } from "../../stream/manage.js";
 
 const extractVideo = async ({ media, filename, dispatcher }) => {
-    const urlMasterHLS = media?.playlist;
-    if (!urlMasterHLS) return { error: "fetch.empty" };
-    if (!urlMasterHLS.startsWith("https://video.bsky.app/")) return { error: "fetch.empty" };
+    let urlMasterHLS = media?.playlist;
+
+    if (!urlMasterHLS || !urlMasterHLS.startsWith("https://video.bsky.app/")) {
+        return { error: "fetch.empty" };
+    }
+
+    urlMasterHLS = urlMasterHLS.replace(
+        "video.bsky.app/watch/",
+        "video.cdn.bsky.app/hls/"
+    );
 
     const masterHLS = await fetch(urlMasterHLS, { dispatcher })
         .then(r => {

From 606f0fd29a9485a24e25541f97e40056acd45f6d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 16 Nov 2024 22:15:13 +0600
Subject: [PATCH 205/379] api/stream/internal: workaround for wrong bsky
 content-type, refactor

---
 api/src/stream/internal-hls.js |  2 +-
 api/src/stream/internal.js     | 26 ++++++++++++++++----------
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/api/src/stream/internal-hls.js b/api/src/stream/internal-hls.js
index 07fcebde..83deb440 100644
--- a/api/src/stream/internal-hls.js
+++ b/api/src/stream/internal-hls.js
@@ -53,7 +53,7 @@ function transformMediaPlaylist(streamInfo, hlsPlaylist) {
 
 const HLS_MIME_TYPES = ["application/vnd.apple.mpegurl", "audio/mpegurl", "application/x-mpegURL"];
 
-export function isHlsRequest (req) {
+export function isHlsResponse (req) {
     return HLS_MIME_TYPES.includes(req.headers['content-type']);
 }
 
diff --git a/api/src/stream/internal.js b/api/src/stream/internal.js
index 48fa124c..751ecfa6 100644
--- a/api/src/stream/internal.js
+++ b/api/src/stream/internal.js
@@ -1,7 +1,7 @@
 import { request } from "undici";
 import { Readable } from "node:stream";
 import { closeRequest, getHeaders, pipe } from "./shared.js";
-import { handleHlsPlaylist, isHlsRequest } from "./internal-hls.js";
+import { handleHlsPlaylist, isHlsResponse } from "./internal-hls.js";
 
 const CHUNK_SIZE = BigInt(8e6); // 8 MB
 const min = (a, b) => a < b ? a : b;
@@ -83,7 +83,7 @@ async function handleGenericStream(streamInfo, res) {
     const cleanup = () => res.end();
 
     try {
-        const req = await request(streamInfo.url, {
+        const fileResponse = await request(streamInfo.url, {
             headers: {
                 ...Object.fromEntries(streamInfo.headers),
                 host: undefined
@@ -93,22 +93,28 @@ async function handleGenericStream(streamInfo, res) {
             maxRedirections: 16
         });
 
-        res.status(req.statusCode);
-        req.body.on('error', () => {});
+        res.status(fileResponse.statusCode);
+        fileResponse.body.on('error', () => {});
 
-        for (const [ name, value ] of Object.entries(req.headers)) {
-            if (!isHlsRequest(req) || name.toLowerCase() !== 'content-length') {
+        // bluesky's cdn responds with wrong content-type for the hls playlist,
+        // so we enforce it here until they fix it
+        const isHls = isHlsResponse(fileResponse)
+                      || (streamInfo.service === "bsky" && streamInfo.url.endsWith('.m3u8'));
+
+        for (const [ name, value ] of Object.entries(fileResponse.headers)) {
+            if (!isHls || name.toLowerCase() !== 'content-length') {
                 res.setHeader(name, value);
             }
         }
 
-        if (req.statusCode < 200 || req.statusCode > 299)
+        if (fileResponse.statusCode < 200 || fileResponse.statusCode > 299) {
             return cleanup();
+        }
 
-        if (isHlsRequest(req)) {
-            await handleHlsPlaylist(streamInfo, req, res);
+        if (isHls) {
+            await handleHlsPlaylist(streamInfo, fileResponse, res);
         } else {
-            pipe(req.body, res, cleanup);
+            pipe(fileResponse.body, res, cleanup);
         }
     } catch {
         closeRequest(streamInfo.controller);

From 26e051fcd88f83cdecaabbda231c32225771cdce Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 16 Nov 2024 22:29:32 +0600
Subject: [PATCH 206/379] api/package: bump version to 10.3.3

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 0a6ee744..153c198f 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.3.2",
+    "version": "10.3.3",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From 152ba6d4431236b6dc0ab735bdda90aeffa24b11 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 15:24:11 +0600
Subject: [PATCH 207/379] web/components: add `BulletExplain` component

---
 web/src/components/misc/BulletExplain.svelte | 72 ++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 web/src/components/misc/BulletExplain.svelte

diff --git a/web/src/components/misc/BulletExplain.svelte b/web/src/components/misc/BulletExplain.svelte
new file mode 100644
index 00000000..747a3b90
--- /dev/null
+++ b/web/src/components/misc/BulletExplain.svelte
@@ -0,0 +1,72 @@
+<script lang="ts">
+    export let title: string;
+    export let description: string;
+    export let icon: ConstructorOfATypedSvelteComponent;
+</script>
+
+<div class="bullet-holder">
+    <div class="bullet-icon">
+        <svelte:component this={icon} />
+    </div>
+    <div class="bullet-content">
+        <div class="bullet-title">
+            {title}
+        </div>
+        <div class="subtext bullet-description">
+            {description}
+        </div>
+    </div>
+</div>
+
+<style>
+    .bullet-holder {
+        display: flex;
+        flex-direction: row;
+        text-align: left;
+        gap: var(--padding);
+    }
+
+    .bullet-content {
+        display: flex;
+        flex-direction: column;
+        gap: calc(var(--padding) / 2);
+    }
+
+    .bullet-title {
+        color: var(--secondary);
+        display: flex;
+        flex-direction: row;
+        align-items: center;
+        font-weight: 500;
+        gap: var(--padding);
+    }
+
+    .bullet-description {
+        padding: 0;
+        line-height: 1.5;
+    }
+
+    .bullet-icon {
+        display: flex;
+    }
+
+    .bullet-icon :global(svg) {
+        width: 21px;
+        height: 21px;
+    }
+
+    @media screen and (max-width: 535px) {
+        .bullet-content {
+            gap: calc(var(--padding) / 2.5);
+        }
+
+        .bullet-title {
+            font-size: 15px;
+        }
+
+        .bullet-icon :global(svg) {
+            width: 19px;
+            height: 19px;
+        }
+    }
+</style>

From b015af7dde5c12611128e0a02c852a50536b11d1 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 15:24:50 +0600
Subject: [PATCH 208/379] web/remux: add bullet points explaining what remux is

---
 web/i18n/en/remux.json            |   7 +-
 web/src/routes/remux/+page.svelte | 108 ++++++++++++++++++++----------
 2 files changed, 80 insertions(+), 35 deletions(-)

diff --git a/web/i18n/en/remux.json b/web/i18n/en/remux.json
index b7a7f34a..d8b031c3 100644
--- a/web/i18n/en/remux.json
+++ b/web/i18n/en/remux.json
@@ -1,3 +1,8 @@
 {
-    "description": "remuxing often fixes compatibility issues with old software. it's fast, lossless, and everything is processed on-device."
+    "bullet.purpose.title": "what does remux do?",
+    "bullet.purpose.description": "remux fixes any issues with the file container, such as missing time info. it helps increase compatibility with old software, such as vegas pro and windows media player.",
+    "bullet.explainer.title": "how does it work?",
+    "bullet.explainer.description": "remuxing takes existing codec data and copies it over to a new media container. it's lossless, media data doesn't get re-encoded.",
+    "bullet.privacy.title": "on-device processing",
+    "bullet.privacy.description": "cobalt remuxes files locally. files never leave your device, so processing is nearly instant."
 }
diff --git a/web/src/routes/remux/+page.svelte b/web/src/routes/remux/+page.svelte
index d0edaf4f..475c94bd 100644
--- a/web/src/routes/remux/+page.svelte
+++ b/web/src/routes/remux/+page.svelte
@@ -10,6 +10,11 @@
     import Skeleton from "$components/misc/Skeleton.svelte";
     import DropReceiver from "$components/misc/DropReceiver.svelte";
     import FileReceiver from "$components/misc/FileReceiver.svelte";
+    import BulletExplain from "$components/misc/BulletExplain.svelte";
+
+    import IconRepeat from "@tabler/icons-svelte/IconRepeat.svelte";
+    import IconDevices from "@tabler/icons-svelte/IconDevices.svelte";
+    import IconInfoCircle from "@tabler/icons-svelte/IconInfoCircle.svelte";
 
     let draggedOver = false;
     let file: File | undefined;
@@ -40,7 +45,7 @@
 
     let processing = false;
 
-    const ff = new LibAVWrapper(progress => {
+    const ff = new LibAVWrapper((progress) => {
         if (progress.out_time_sec) {
             processedDuration = progress.out_time_sec;
         }
@@ -62,7 +67,7 @@
             speed = undefined;
             processing = true;
 
-            const file_info = await ff.probe(file).catch(e => {
+            const file_info = await ff.probe(file).catch((e) => {
                 if (e?.message?.toLowerCase().includes("out of memory")) {
                     console.error("uh oh! out of memory");
                     console.error(e);
@@ -105,7 +110,7 @@
             totalDuration = Number(file_info.format.duration);
 
             if (file instanceof File && !file.type) {
-                file = new File([ file ], file.name, {
+                file = new File([file], file.name, {
                     type: mime.getType(file.name) ?? undefined,
                 });
             }
@@ -144,8 +149,8 @@
 
             return await downloadFile({
                 file: new File([render], filename, {
-                    type: render.type
-                })
+                    type: render.type,
+                }),
             });
         } finally {
             processing = false;
@@ -198,7 +203,7 @@
     <title>{$t("tabs.remux")} ~ {$t("general.cobalt")}</title>
     <meta
         property="og:title"
-        content="{$t("tabs.remux")} ~ {$t("general.cobalt")}"
+        content="{$t('tabs.remux')} ~ {$t('general.cobalt')}"
     />
 </svelte:head>
 
@@ -210,22 +215,41 @@
         data-first-focus
         data-focus-ring-hidden
     >
-        <FileReceiver
-            bind:draggedOver
-            bind:file
-            acceptTypes={["video/*", "audio/*"]}
-            acceptExtensions={[
-                "mp4",
-                "webm",
-                "mp3",
-                "ogg",
-                "opus",
-                "wav",
-                "m4a",
-            ]}
-        />
-        <div class="subtext remux-description">
-            {$t("remux.description")}
+        <div id="remux-receiver">
+            <FileReceiver
+                bind:draggedOver
+                bind:file
+                acceptTypes={["video/*", "audio/*"]}
+                acceptExtensions={[
+                    "mp4",
+                    "webm",
+                    "mp3",
+                    "ogg",
+                    "opus",
+                    "wav",
+                    "m4a",
+                ]}
+            />
+        </div>
+
+        <div id="remux-bullets">
+            <BulletExplain
+                title={$t("remux.bullet.purpose.title")}
+                description={$t("remux.bullet.purpose.description")}
+                icon={IconRepeat}
+            />
+
+            <BulletExplain
+                title={$t("remux.bullet.explainer.title")}
+                description={$t("remux.bullet.explainer.description")}
+                icon={IconInfoCircle}
+            />
+
+            <BulletExplain
+                title={$t("remux.bullet.privacy.title")}
+                description={$t("remux.bullet.privacy.description")}
+                icon={IconDevices}
+            />
         </div>
     </div>
 
@@ -263,13 +287,14 @@
 
     #remux-open {
         display: flex;
-        flex-direction: column;
+        flex-direction: row;
         justify-content: center;
         align-items: center;
-        max-width: 450px;
         text-align: center;
-        gap: 24px;
-        transition: transform 0.2s, opacity 0.2s;
+        gap: 48px;
+        transition:
+            transform 0.2s,
+            opacity 0.2s;
     }
 
     #remux-processing {
@@ -278,7 +303,9 @@
         flex-direction: column;
         opacity: 0;
         transform: scale(0.9);
-        transition: transform 0.2s, opacity 0.2s;
+        transition:
+            transform 0.2s,
+            opacity 0.2s;
         pointer-events: none;
     }
 
@@ -314,16 +341,29 @@
         text-align: center;
     }
 
-    .remux-description {
-        font-size: 14px;
-        line-height: 1.5;
+    #remux-receiver {
+        max-width: 450px;
+    }
+
+    #remux-bullets {
+        display: flex;
+        flex-direction: column;
+        gap: var(--padding);
+        max-width: 450px;
+    }
+
+    @media screen and (max-width: 920px) {
+        #remux-open {
+            flex-direction: column;
+            gap: var(--padding);
+        }
+
+        #remux-bullets {
+            padding: var(--padding);
+        }
     }
 
     @media screen and (max-width: 535px) {
-        .remux-description {
-            font-size: 12px;
-        }
-
         .progress-bar {
             width: 350px;
         }

From 6aade3cc7821e4b05fc82ee2958a02e85849abd8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 15:26:37 +0600
Subject: [PATCH 209/379] web/BulletExplain: increase font size on desktop

---
 web/src/components/misc/BulletExplain.svelte | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/web/src/components/misc/BulletExplain.svelte b/web/src/components/misc/BulletExplain.svelte
index 747a3b90..92840411 100644
--- a/web/src/components/misc/BulletExplain.svelte
+++ b/web/src/components/misc/BulletExplain.svelte
@@ -44,6 +44,7 @@
     .bullet-description {
         padding: 0;
         line-height: 1.5;
+        font-size: 13.5px;
     }
 
     .bullet-icon {
@@ -64,6 +65,10 @@
             font-size: 15px;
         }
 
+        .bullet-description {
+            font-size: 13px;
+        }
+
         .bullet-icon :global(svg) {
             width: 19px;
             height: 19px;

From b036437871e21de5471f3719367ba974f8f1a7db Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 15:32:13 +0600
Subject: [PATCH 210/379] web/i18n/general: update embed description to be less
 corny

---
 web/i18n/en/general.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/general.json b/web/i18n/en/general.json
index c3667f26..a50db46b 100644
--- a/web/i18n/en/general.json
+++ b/web/i18n/en/general.json
@@ -3,5 +3,5 @@
     "meowbalt": "meowbalt",
     "beta": "beta",
 
-    "embed.description": "save what you love without ads, tracking, paywalls or other nonsense. cobalt is a truly open web app, built with love and care by imput."
+    "embed.description": "cobalt lets you save what you love without ads, tracking, paywalls or other nonsense. just paste the link and you're ready to rock!"
 }

From 277a6caefad31c492dde2099d499bed52f5a24fe Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 15:44:32 +0600
Subject: [PATCH 211/379] web/ManageSettings: use `downloadFile` for exporting
 settings

and also use 4 spaces for formatting the json file cuz 2 spaces is foul
---
 .../components/settings/ManageSettings.svelte | 24 +++++++------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/web/src/components/settings/ManageSettings.svelte b/web/src/components/settings/ManageSettings.svelte
index 5c113a01..abc053bf 100644
--- a/web/src/components/settings/ManageSettings.svelte
+++ b/web/src/components/settings/ManageSettings.svelte
@@ -1,12 +1,9 @@
 <script lang="ts">
     import { t } from "$lib/i18n/translations";
+    import { downloadFile } from "$lib/download";
     import { createDialog } from "$lib/state/dialogs";
-    import {
-        storedSettings,
-        updateSetting,
-        loadFromString,
-    } from "$lib/state/settings";
     import { validateSettings } from "$lib/settings/validate";
+    import { storedSettings, updateSetting, loadFromString } from "$lib/state/settings";
 
     import ActionButton from "$components/buttons/ActionButton.svelte";
     import ResetSettingsButton from "$components/settings/ResetSettingsButton.svelte";
@@ -87,16 +84,13 @@
         pseudoinput.click();
     };
 
-    const exportSettings = () => {
-        const blob = new Blob(
-            [JSON.stringify($storedSettings, null, 2)],
-            { type: "application/json" }
-        );
-
-        const pseudolink = document.createElement("a");
-        pseudolink.href = URL.createObjectURL(blob);
-        pseudolink.download = "settings.json";
-        pseudolink.click();
+    const exportSettings = async () => {
+        return await downloadFile({
+            file: new File(
+                [JSON.stringify($storedSettings, null, 4)],
+                "settings.json", { type: "application/json" }
+            ),
+        });
     };
 </script>
 

From 4a70f09017b2fb765b0cefbcade3cd3b16bf58e7 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 16:27:39 +0600
Subject: [PATCH 212/379] web/Omnibox: add community instance label

now it's easier for the end user to differentiate if an instance is official or not
---
 web/i18n/en/save.json                  |  4 +++-
 web/src/components/save/Omnibox.svelte | 21 +++++++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/web/i18n/en/save.json b/web/i18n/en/save.json
index 79a65dfb..e6edc0de 100644
--- a/web/i18n/en/save.json
+++ b/web/i18n/en/save.json
@@ -19,5 +19,7 @@
     "tutorial.step.3": "select the respective shortcut in the share sheet.",
     "tutorial.outro": "these shortcuts will work only from the cobalt app, sharing links from other apps will not work.",
     "tutorial.shortcut.photos": "to photos",
-    "tutorial.shortcut.files": "to files"
+    "tutorial.shortcut.files": "to files",
+
+    "label.community_instance": "community instance"
 }
diff --git a/web/src/components/save/Omnibox.svelte b/web/src/components/save/Omnibox.svelte
index c366dd8f..15368df3 100644
--- a/web/src/components/save/Omnibox.svelte
+++ b/web/src/components/save/Omnibox.svelte
@@ -1,15 +1,16 @@
 <script lang="ts">
+    import env from "$lib/env";
+
     import { page } from "$app/stores";
     import { goto } from "$app/navigation";
     import { browser } from "$app/environment";
     import { SvelteComponent, tick } from "svelte";
 
     import { t } from "$lib/i18n/translations";
+    import { cachedInfo } from "$lib/api/server-info";
 
     import dialogs from "$lib/state/dialogs";
-
     import { link } from "$lib/state/omnibox";
-    import { cachedInfo } from "$lib/api/server-info";
     import { updateSetting } from "$lib/state/settings";
     import { turnstileLoaded } from "$lib/state/turnstile";
 
@@ -134,6 +135,16 @@
 
 <svelte:window on:keydown={handleKeydown} />
 
+<!--
+    if you want to remove the community instance label,
+    refer to the license first https://github.com/imputnet/cobalt/tree/main/web#license
+-->
+{#if env.DEFAULT_API || $page.url.host !== "cobalt.tools" || !$page.url.host.endsWith(".cobalt.tools")}
+    <div id="instance-label">
+        {$t("save.label.community_instance")}
+    </div>
+{/if}
+
 <div id="omnibox">
     <div
         id="input-container"
@@ -331,6 +342,12 @@
         display: none;
     }
 
+    #instance-label {
+        font-size: 13px;
+        color: var(--gray);
+        font-weight: 500;
+    }
+
     @media screen and (max-width: 440px) {
         #action-container {
             flex-direction: column;

From 2b2bc573318d94e9b80cdcb723241e232167d58f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 16:30:27 +0600
Subject: [PATCH 213/379] web/env: rename `apiURL` to `defaultApiURL`

references to it are now easier to read and understand
---
 web/src/lib/api/api-url.ts | 5 ++---
 web/src/lib/env.ts         | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/web/src/lib/api/api-url.ts b/web/src/lib/api/api-url.ts
index d23af3ec..d5392c4b 100644
--- a/web/src/lib/api/api-url.ts
+++ b/web/src/lib/api/api-url.ts
@@ -1,7 +1,6 @@
 import { get } from "svelte/store";
-
-import env, { apiURL } from "$lib/env";
 import settings from "$lib/state/settings";
+import env, { defaultApiURL } from "$lib/env";
 
 export const currentApiURL = () => {
     const processingSettings = get(settings).processing;
@@ -15,5 +14,5 @@ export const currentApiURL = () => {
         return new URL(env.DEFAULT_API).origin;
     }
 
-    return new URL(apiURL).origin;
+    return new URL(defaultApiURL).origin;
 }
diff --git a/web/src/lib/env.ts b/web/src/lib/env.ts
index 34c0e800..cfad460f 100644
--- a/web/src/lib/env.ts
+++ b/web/src/lib/env.ts
@@ -55,7 +55,7 @@ const docs = {
     apiLicense: "https://github.com/imputnet/cobalt/blob/main/api/LICENSE",
 };
 
-const apiURL = "https://api.cobalt.tools";
+const defaultApiURL = "https://api.cobalt.tools";
 
-export { donate, apiURL, contacts, partners, siriShortcuts, docs };
+export { donate, defaultApiURL, contacts, partners, siriShortcuts, docs };
 export default variables;

From d8348dfa1c1a1f405418cd08ab803d93ab0ed762 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 16:32:33 +0600
Subject: [PATCH 214/379] web: remove instance override warning, use custom api
 right away

---
 web/i18n/en/settings.json                     |  4 --
 web/src/lib/api/api-url.ts                    |  2 +-
 web/src/lib/api/api.ts                        |  3 -
 web/src/lib/api/safety-warning.ts             | 59 -------------------
 .../routes/settings/instances/+page.svelte    | 19 ------
 5 files changed, 1 insertion(+), 86 deletions(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index 6e6e3512..b18b375a 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -113,10 +113,6 @@
 
     "advanced.data": "data management",
 
-    "processing.override": "default instance override",
-    "processing.override.title": "use the instance-provided processing server",
-    "processing.override.description": "if web instance provides its own default processing server, you can choose to use it over the main processing server. make sure it's a server by someone you trust.",
-
     "processing.community": "community instances",
 
     "processing.enable_custom.title": "use a custom processing server",
diff --git a/web/src/lib/api/api-url.ts b/web/src/lib/api/api-url.ts
index d5392c4b..2779fd5f 100644
--- a/web/src/lib/api/api-url.ts
+++ b/web/src/lib/api/api-url.ts
@@ -10,7 +10,7 @@ export const currentApiURL = () => {
         return new URL(customInstanceURL).origin;
     }
 
-    if (env.DEFAULT_API && processingSettings.allowDefaultOverride) {
+    if (env.DEFAULT_API) {
         return new URL(env.DEFAULT_API).origin;
     }
 
diff --git a/web/src/lib/api/api.ts b/web/src/lib/api/api.ts
index 6d836380..fb265f54 100644
--- a/web/src/lib/api/api.ts
+++ b/web/src/lib/api/api.ts
@@ -6,7 +6,6 @@ import lazySettingGetter from "$lib/settings/lazy-get";
 import { getSession } from "$lib/api/session";
 import { currentApiURL } from "$lib/api/api-url";
 import { turnstileLoaded } from "$lib/state/turnstile";
-import { apiOverrideWarning } from "$lib/api/safety-warning";
 import { cachedInfo, getServerInfo } from "$lib/api/server-info";
 
 import type { Optional } from "$lib/types/generic";
@@ -37,8 +36,6 @@ const request = async (url: string) => {
         alwaysProxy: getSetting("privacy", "alwaysProxy"),
     }
 
-    await apiOverrideWarning();
-
     await getServerInfo();
 
     const getCachedInfo = get(cachedInfo);
diff --git a/web/src/lib/api/safety-warning.ts b/web/src/lib/api/safety-warning.ts
index d9869128..0c28107d 100644
--- a/web/src/lib/api/safety-warning.ts
+++ b/web/src/lib/api/safety-warning.ts
@@ -1,68 +1,9 @@
 import { get } from "svelte/store";
-
-import env from "$lib/env";
 import { t } from "$lib/i18n/translations";
 import settings, { updateSetting } from "$lib/state/settings";
 
 import { createDialog } from "$lib/state/dialogs";
 
-export const apiOverrideWarning = async () => {
-    if (!env.DEFAULT_API || get(settings).processing.seenOverrideWarning) {
-        return;
-    }
-
-    let _actions: {
-        resolve: () => void;
-        reject: () => void;
-    };
-
-    const promise = new Promise<void>(
-        (resolve, reject) => (_actions = { resolve, reject })
-    ).catch(() => {
-        return {}
-    });
-
-    createDialog({
-        id: "security-api-override",
-        type: "small",
-        icon: "warn-red",
-        title: get(t)("dialog.api.override.title"),
-        bodyText: get(t)("dialog.api.override.body", { value: env.DEFAULT_API }),
-        dismissable: false,
-        buttons: [
-            {
-                text: get(t)("button.cancel"),
-                main: false,
-                action: () => {
-                    _actions.reject();
-                    updateSetting({
-                        processing: {
-                            seenOverrideWarning: true,
-                        },
-                    })
-                },
-            },
-            {
-                text: get(t)("button.continue"),
-                color: "red",
-                main: true,
-                timeout: 5000,
-                action: () => {
-                    _actions.resolve();
-                    updateSetting({
-                        processing: {
-                            allowDefaultOverride: true,
-                            seenOverrideWarning: true,
-                        },
-                    })
-                },
-            },
-        ],
-    })
-
-    await promise;
-}
-
 export const customInstanceWarning = async () => {
     if (get(settings).processing.seenCustomWarning) {
         return;
diff --git a/web/src/routes/settings/instances/+page.svelte b/web/src/routes/settings/instances/+page.svelte
index 3f35c9ee..31b7934f 100644
--- a/web/src/routes/settings/instances/+page.svelte
+++ b/web/src/routes/settings/instances/+page.svelte
@@ -1,5 +1,4 @@
 <script lang="ts">
-    import env from "$lib/env";
     import settings from "$lib/state/settings";
 
     import { t } from "$lib/i18n/translations";
@@ -7,26 +6,8 @@
     import SettingsToggle from "$components/buttons/SettingsToggle.svelte";
     import SettingsCategory from "$components/settings/SettingsCategory.svelte";
     import CustomInstanceInput from "$components/settings/CustomInstanceInput.svelte";
-
-    $: overrideDisabled = $settings.processing.enableCustomInstances;
 </script>
 
-{#if env.DEFAULT_API}
-    <SettingsCategory
-        sectionId="override"
-        title={$t("settings.processing.override")}
-        disabled={overrideDisabled}
-    >
-        <SettingsToggle
-            settingContext="processing"
-            settingId="allowDefaultOverride"
-            title={$t("settings.processing.override.title")}
-            description={$t("settings.processing.override.description")}
-            disabled={overrideDisabled}
-        />
-    </SettingsCategory>
-{/if}
-
 <SettingsCategory
     sectionId="community"
     title={$t("settings.processing.community")}

From 778ee76d59799f6b8c36ed35a5b110f1b7d04acc Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 16:42:59 +0600
Subject: [PATCH 215/379] web/Omnibox: fix main instance domain check

oops
---
 web/src/components/save/Omnibox.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/components/save/Omnibox.svelte b/web/src/components/save/Omnibox.svelte
index 15368df3..4b93f98f 100644
--- a/web/src/components/save/Omnibox.svelte
+++ b/web/src/components/save/Omnibox.svelte
@@ -139,7 +139,7 @@
     if you want to remove the community instance label,
     refer to the license first https://github.com/imputnet/cobalt/tree/main/web#license
 -->
-{#if env.DEFAULT_API || $page.url.host !== "cobalt.tools" || !$page.url.host.endsWith(".cobalt.tools")}
+{#if env.DEFAULT_API || (!$page.url.host.endsWith(".cobalt.tools") && $page.url.host !== "cobalt.tools")}
     <div id="instance-label">
         {$t("save.label.community_instance")}
     </div>

From a0b621c5e7369a3ce4eea1cb84ff9beef74ba51f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 16:59:59 +0600
Subject: [PATCH 216/379] web/remux: increase bullet gap on desktop

---
 web/src/routes/remux/+page.svelte | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/src/routes/remux/+page.svelte b/web/src/routes/remux/+page.svelte
index 475c94bd..4038a3a4 100644
--- a/web/src/routes/remux/+page.svelte
+++ b/web/src/routes/remux/+page.svelte
@@ -348,7 +348,7 @@
     #remux-bullets {
         display: flex;
         flex-direction: column;
-        gap: var(--padding);
+        gap: 18px;
         max-width: 450px;
     }
 
@@ -360,6 +360,7 @@
 
         #remux-bullets {
             padding: var(--padding);
+            gap: var(--padding);
         }
     }
 

From e09e098b27a5c76277a64691071aff815c2a996e Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 17:02:22 +0600
Subject: [PATCH 217/379] web/remux: reduce bullet padding only on small
 screens

---
 web/src/routes/remux/+page.svelte | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/web/src/routes/remux/+page.svelte b/web/src/routes/remux/+page.svelte
index 4038a3a4..282e19ac 100644
--- a/web/src/routes/remux/+page.svelte
+++ b/web/src/routes/remux/+page.svelte
@@ -360,7 +360,6 @@
 
         #remux-bullets {
             padding: var(--padding);
-            gap: var(--padding);
         }
     }
 
@@ -368,5 +367,9 @@
         .progress-bar {
             width: 350px;
         }
+
+        #remux-bullets {
+            gap: var(--padding);
+        }
     }
 </style>

From b38cb779527b9fd6f887d5ac469bb505a8c5ea95 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 21:05:47 +0600
Subject: [PATCH 218/379] web/turnstile: refresh turnstile if it expires in
 background

also renamed `turnstileLoaded` to `turnstileSolved` for more clarity
---
 web/src/components/misc/Turnstile.svelte | 10 ++++++++--
 web/src/components/save/Omnibox.svelte   | 15 +++------------
 web/src/lib/api/api.ts                   |  4 ++--
 web/src/lib/api/turnstile.ts             | 17 +++++++++++++++++
 web/src/lib/state/turnstile.ts           |  2 +-
 5 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/web/src/components/misc/Turnstile.svelte b/web/src/components/misc/Turnstile.svelte
index f1c9b625..7cb194c5 100644
--- a/web/src/components/misc/Turnstile.svelte
+++ b/web/src/components/misc/Turnstile.svelte
@@ -2,7 +2,9 @@
     import { onMount } from "svelte";
 
     import { cachedInfo } from "$lib/api/server-info";
-    import { turnstileLoaded, turnstileCreated } from "$lib/state/turnstile";
+    import { turnstileSolved, turnstileCreated } from "$lib/state/turnstile";
+
+    import turnstile from "$lib/api/turnstile";
 
     let turnstileElement: HTMLElement;
     let turnstileScript: HTMLElement;
@@ -21,7 +23,7 @@
                     return true;
                 },
                 callback: () => {
-                    $turnstileLoaded = true;
+                    $turnstileSolved = true;
                 }
             });
         }
@@ -31,6 +33,10 @@
         } else {
             turnstileScript.addEventListener("load", setup);
         }
+
+        window.addEventListener("focus", () => {
+            turnstile.refreshIfExpired();
+        });
     });
 </script>
 
diff --git a/web/src/components/save/Omnibox.svelte b/web/src/components/save/Omnibox.svelte
index 4b93f98f..8b0b443c 100644
--- a/web/src/components/save/Omnibox.svelte
+++ b/web/src/components/save/Omnibox.svelte
@@ -12,7 +12,7 @@
     import dialogs from "$lib/state/dialogs";
     import { link } from "$lib/state/omnibox";
     import { updateSetting } from "$lib/state/settings";
-    import { turnstileLoaded } from "$lib/state/turnstile";
+    import { turnstileSolved } from "$lib/state/turnstile";
 
     import type { Optional } from "$lib/types/generic";
     import type { DownloadModeOption } from "$lib/types/settings";
@@ -39,7 +39,8 @@
 
     let isDisabled = false;
     let isLoading = false;
-    let isBotCheckOngoing = false;
+    $: isBotCheckOngoing =
+        !!$cachedInfo?.info?.cobalt?.turnstileSitekey && !$turnstileSolved;
 
     const validLink = (url: string) => {
         try {
@@ -61,16 +62,6 @@
         goto("/", { replaceState: true });
     }
 
-    $: if ($cachedInfo?.info?.cobalt?.turnstileSitekey) {
-        if ($turnstileLoaded) {
-            isBotCheckOngoing = false;
-        } else {
-            isBotCheckOngoing = true;
-        }
-    } else {
-        isBotCheckOngoing = false;
-    }
-
     const pasteClipboard = () => {
         if ($dialogs.length > 0 || isDisabled || isLoading) {
             return;
diff --git a/web/src/lib/api/api.ts b/web/src/lib/api/api.ts
index fb265f54..f69c3323 100644
--- a/web/src/lib/api/api.ts
+++ b/web/src/lib/api/api.ts
@@ -5,7 +5,7 @@ import lazySettingGetter from "$lib/settings/lazy-get";
 
 import { getSession } from "$lib/api/session";
 import { currentApiURL } from "$lib/api/api-url";
-import { turnstileLoaded } from "$lib/state/turnstile";
+import { turnstileSolved } from "$lib/state/turnstile";
 import { cachedInfo, getServerInfo } from "$lib/api/server-info";
 
 import type { Optional } from "$lib/types/generic";
@@ -49,7 +49,7 @@ const request = async (url: string) => {
         } as CobaltErrorResponse;
     }
 
-    if (getCachedInfo?.info?.cobalt?.turnstileSitekey && !get(turnstileLoaded)) {
+    if (getCachedInfo?.info?.cobalt?.turnstileSitekey && !get(turnstileSolved)) {
         return {
             status: "error",
             error: {
diff --git a/web/src/lib/api/turnstile.ts b/web/src/lib/api/turnstile.ts
index 33d65a7f..6a39ad7e 100644
--- a/web/src/lib/api/turnstile.ts
+++ b/web/src/lib/api/turnstile.ts
@@ -1,3 +1,5 @@
+import { turnstileSolved } from "$lib/state/turnstile";
+
 const getResponse = () => {
     const turnstileElement = document.getElementById("turnstile-widget");
 
@@ -12,13 +14,28 @@ const update = () => {
     const turnstileElement = document.getElementById("turnstile-widget");
 
     if (turnstileElement) {
+        turnstileSolved.set(false);
         return window?.turnstile?.reset(turnstileElement);
     }
 
     return null;
 }
 
+const refreshIfExpired = () => {
+    const turnstileElement = document.getElementById("turnstile-widget");
+
+    if (turnstileElement) {
+        const isExpired = window?.turnstile?.isExpired(turnstileElement);
+        if (isExpired) {
+            console.log("expired, refreshing the turnstile widget rn");
+            return update();
+        }
+        console.log("turnstile not expired, nothing to do");
+    }
+}
+
 export default {
     getResponse,
     update,
+    refreshIfExpired,
 }
diff --git a/web/src/lib/state/turnstile.ts b/web/src/lib/state/turnstile.ts
index 5a165bc7..12231b11 100644
--- a/web/src/lib/state/turnstile.ts
+++ b/web/src/lib/state/turnstile.ts
@@ -1,4 +1,4 @@
 import { writable } from "svelte/store";
 
-export const turnstileLoaded = writable(false);
+export const turnstileSolved = writable(false);
 export const turnstileCreated = writable(false);

From c67132d2cc95f53b5fedcba0e65fd6fe9582667d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 21:06:19 +0600
Subject: [PATCH 219/379] web/Omnibox: add a cool animation to input icons

---
 web/src/components/save/Omnibox.svelte     | 44 ++----------
 web/src/components/save/OmniboxIcon.svelte | 78 ++++++++++++++++++++++
 2 files changed, 82 insertions(+), 40 deletions(-)
 create mode 100644 web/src/components/save/OmniboxIcon.svelte

diff --git a/web/src/components/save/Omnibox.svelte b/web/src/components/save/Omnibox.svelte
index 8b0b443c..a1e9873a 100644
--- a/web/src/components/save/Omnibox.svelte
+++ b/web/src/components/save/Omnibox.svelte
@@ -17,13 +17,11 @@
     import type { Optional } from "$lib/types/generic";
     import type { DownloadModeOption } from "$lib/types/settings";
 
-    import IconLink from "@tabler/icons-svelte/IconLink.svelte";
-    import IconLoader2 from "@tabler/icons-svelte/IconLoader2.svelte";
-
     import ClearButton from "$components/save/buttons/ClearButton.svelte";
     import DownloadButton from "$components/save/buttons/DownloadButton.svelte";
 
     import Switcher from "$components/buttons/Switcher.svelte";
+    import OmniboxIcon from "$components/save/OmniboxIcon.svelte";
     import ActionButton from "$components/buttons/ActionButton.svelte";
     import SettingsButton from "$components/buttons/SettingsButton.svelte";
 
@@ -142,17 +140,7 @@
         class:focused={isFocused}
         class:downloadable={validLink($link)}
     >
-        <div
-            id="input-link-icon"
-            class:loading={isLoading || isBotCheckOngoing}
-        >
-            {#if isLoading || isBotCheckOngoing}
-                <IconLoader2 />
-            {:else}
-                <IconLink />
-            {/if}
-        </div>
-
+        <OmniboxIcon loading={isLoading || isBotCheckOngoing} />
         <input
             id="link-area"
             bind:value={$link}
@@ -250,35 +238,11 @@
         outline: var(--secondary) 0.5px solid;
     }
 
-    #input-link-icon {
-        display: flex;
-    }
-
-    #input-link-icon :global(svg) {
-        stroke: var(--gray);
-        width: 18px;
-        height: 18px;
-        stroke-width: 2px;
-    }
-
-    #input-link-icon.loading :global(svg) {
-        animation: spin 0.7s infinite linear;
-    }
-
-    @keyframes spin {
-        0% {
-            transform: rotate(0deg);
-        }
-        100% {
-            transform: rotate(360deg);
-        }
-    }
-
-    #input-container.focused #input-link-icon :global(svg) {
+    #input-container.focused :global(#input-icons svg) {
         stroke: var(--secondary);
     }
 
-    #input-container.downloadable #input-link-icon :global(svg) {
+    #input-container.downloadable :global(#input-icons svg) {
         stroke: var(--secondary);
     }
 
diff --git a/web/src/components/save/OmniboxIcon.svelte b/web/src/components/save/OmniboxIcon.svelte
new file mode 100644
index 00000000..49d673c6
--- /dev/null
+++ b/web/src/components/save/OmniboxIcon.svelte
@@ -0,0 +1,78 @@
+<script lang="ts">
+    import IconLink from "@tabler/icons-svelte/IconLink.svelte";
+    import IconLoader2 from "@tabler/icons-svelte/IconLoader2.svelte";
+
+    export let loading: boolean;
+</script>
+
+<div id="input-icons" class:loading>
+    <div class="input-icon spinner-icon">
+        <IconLoader2 />
+    </div>
+    <div class="input-icon link-icon">
+        <IconLink />
+    </div>
+</div>
+
+<style>
+    #input-icons {
+        display: flex;
+        position: relative;
+        align-items: center;
+        justify-content: center;
+        width: 18px;
+        height: 18px;
+    }
+
+    #input-icons :global(svg) {
+        stroke: var(--gray);
+        width: 18px;
+        height: 18px;
+        stroke-width: 2px;
+    }
+
+    .input-icon {
+        display: flex;
+        position: absolute;
+        transition:
+            transform 0.25s,
+            opacity 0.25s;
+    }
+
+    .link-icon {
+        transform: none;
+        opacity: 1;
+    }
+
+    .spinner-icon {
+        transform: scale(0.4);
+        opacity: 0;
+    }
+
+    .spinner-icon :global(svg) {
+        animation: spin 0.7s infinite linear;
+    }
+
+    .loading .link-icon :global(svg) {
+        animation: spin 0.7s infinite linear;
+    }
+
+    .loading .link-icon {
+        transform: scale(0.4);
+        opacity: 0;
+    }
+
+    .loading .spinner-icon {
+        transform: none;
+        opacity: 1;
+    }
+
+    @keyframes spin {
+        0% {
+            transform: rotate(0deg);
+        }
+        100% {
+            transform: rotate(360deg);
+        }
+    }
+</style>

From 6abccd9743dc7e936f0fcd2cec87f9df6eb8af11 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 18 Nov 2024 23:02:46 +0600
Subject: [PATCH 220/379] web/Turnstile: log to console on expired and timeout
 callback

---
 web/src/components/misc/Turnstile.svelte | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/web/src/components/misc/Turnstile.svelte b/web/src/components/misc/Turnstile.svelte
index 7cb194c5..b1fc162c 100644
--- a/web/src/components/misc/Turnstile.svelte
+++ b/web/src/components/misc/Turnstile.svelte
@@ -22,6 +22,12 @@
                     console.log("error code from turnstile:", error);
                     return true;
                 },
+                "expired-callback": () => {
+                    console.log("turnstile expired. i am callback this is my message")
+                },
+                "timeout-callback": () => {
+                    console.log("turnstile timed out. i am callback this is my message")
+                },
                 callback: () => {
                     $turnstileSolved = true;
                 }

From b31c126cecc78beca03e88bcf2e921dd718c004f Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 18 Nov 2024 17:34:34 +0000
Subject: [PATCH 221/379] api/instagram: fix module not using graphql api

---
 api/src/processing/services/instagram.js | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/api/src/processing/services/instagram.js b/api/src/processing/services/instagram.js
index 111d7603..d9a646aa 100644
--- a/api/src/processing/services/instagram.js
+++ b/api/src/processing/services/instagram.js
@@ -266,6 +266,7 @@ export default function(obj) {
     }
 
     async function getPost(id, alwaysProxy) {
+        const hasData = (data) => data && data.gql_data !== null;
         let data, result;
         try {
             const cookie = getCookie('instagram');
@@ -282,16 +283,16 @@ export default function(obj) {
             if (media_id && token) data = await requestMobileApi(media_id, { token });
 
             // mobile api (no cookie, cookie)
-            if (media_id && !data) data = await requestMobileApi(media_id);
-            if (media_id && cookie && !data) data = await requestMobileApi(media_id, { cookie });
+            if (media_id && !hasData(data)) data = await requestMobileApi(media_id);
+            if (media_id && cookie && !hasData(data)) data = await requestMobileApi(media_id, { cookie });
 
             // html embed (no cookie, cookie)
-            if (!data) data = await requestHTML(id);
-            if (!data && cookie) data = await requestHTML(id, cookie);
+            if (!hasData(data)) data = await requestHTML(id);
+            if (!hasData(data) && cookie) data = await requestHTML(id, cookie);
 
             // web app graphql api (no cookie, cookie)
-            if (!data) data = await requestGQL(id);
-            if (!data && cookie) data = await requestGQL(id, cookie);
+            if (!hasData(data)) data = await requestGQL(id);
+            if (!hasData(data) && cookie) data = await requestGQL(id, cookie);
         } catch {}
 
         if (!data) return { error: "fetch.fail" };

From a3c807a9932c7ddf1edb7ebac2c28d4ef22b23ba Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 19 Nov 2024 00:20:27 +0600
Subject: [PATCH 222/379] web/turnstile: use own callback for refreshing the
 widget

or at least try to, idk man, im so tired of cf turnstile
---
 web/src/components/misc/Turnstile.svelte | 12 ++++--------
 web/src/lib/api/session.ts               |  2 +-
 web/src/lib/api/turnstile.ts             | 18 ++----------------
 3 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/web/src/components/misc/Turnstile.svelte b/web/src/components/misc/Turnstile.svelte
index b1fc162c..6b714c49 100644
--- a/web/src/components/misc/Turnstile.svelte
+++ b/web/src/components/misc/Turnstile.svelte
@@ -18,15 +18,15 @@
         const setup = () => {
             window.turnstile?.render(turnstileElement, {
                 sitekey,
+                "refresh-expired": "never",
+
                 "error-callback": (error) => {
                     console.log("error code from turnstile:", error);
                     return true;
                 },
                 "expired-callback": () => {
-                    console.log("turnstile expired. i am callback this is my message")
-                },
-                "timeout-callback": () => {
-                    console.log("turnstile timed out. i am callback this is my message")
+                    console.log("turnstile expired, refreshing neow");
+                    turnstile.reset();
                 },
                 callback: () => {
                     $turnstileSolved = true;
@@ -39,10 +39,6 @@
         } else {
             turnstileScript.addEventListener("load", setup);
         }
-
-        window.addEventListener("focus", () => {
-            turnstile.refreshIfExpired();
-        });
     });
 </script>
 
diff --git a/web/src/lib/api/session.ts b/web/src/lib/api/session.ts
index f627b6f2..5b3e542b 100644
--- a/web/src/lib/api/session.ts
+++ b/web/src/lib/api/session.ts
@@ -35,7 +35,7 @@ export const requestSession = async () => {
         }
     });
 
-    turnstile.update();
+    turnstile.reset();
 
     return response;
 }
diff --git a/web/src/lib/api/turnstile.ts b/web/src/lib/api/turnstile.ts
index 6a39ad7e..b95ecfd1 100644
--- a/web/src/lib/api/turnstile.ts
+++ b/web/src/lib/api/turnstile.ts
@@ -10,7 +10,7 @@ const getResponse = () => {
     return null;
 }
 
-const update = () => {
+const reset = () => {
     const turnstileElement = document.getElementById("turnstile-widget");
 
     if (turnstileElement) {
@@ -21,21 +21,7 @@ const update = () => {
     return null;
 }
 
-const refreshIfExpired = () => {
-    const turnstileElement = document.getElementById("turnstile-widget");
-
-    if (turnstileElement) {
-        const isExpired = window?.turnstile?.isExpired(turnstileElement);
-        if (isExpired) {
-            console.log("expired, refreshing the turnstile widget rn");
-            return update();
-        }
-        console.log("turnstile not expired, nothing to do");
-    }
-}
-
 export default {
     getResponse,
-    update,
-    refreshIfExpired,
+    reset,
 }

From ea73d09c8ff35b0ef14813a1143f84055f3774e0 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 19 Nov 2024 00:33:07 +0600
Subject: [PATCH 223/379] web/Turnstile: reduce retry interval to 800ms

---
 web/src/components/misc/Turnstile.svelte | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/src/components/misc/Turnstile.svelte b/web/src/components/misc/Turnstile.svelte
index 6b714c49..adedb0ee 100644
--- a/web/src/components/misc/Turnstile.svelte
+++ b/web/src/components/misc/Turnstile.svelte
@@ -19,6 +19,7 @@
             window.turnstile?.render(turnstileElement, {
                 sitekey,
                 "refresh-expired": "never",
+                "retry-interval": 800,
 
                 "error-callback": (error) => {
                     console.log("error code from turnstile:", error);

From 7b9830c5af9ed731cf1d37ad693312eba58e4b29 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 19 Nov 2024 14:20:12 +0000
Subject: [PATCH 224/379] dockerfile: drop privileges to regular user

---
 Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1af6273a..7bfc3dac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,8 +17,10 @@ RUN pnpm deploy --filter=@imput/cobalt-api --prod /prod/api
 FROM base AS api
 WORKDIR /app
 
-COPY --from=build /prod/api /app
-COPY --from=build /app/.git /app/.git
+COPY --from=build --chown=node:node /prod/api /app
+COPY --from=build --chown=node:node /app/.git /app/.git
+
+USER node
 
 EXPOSE 9000
 CMD [ "node", "src/cobalt" ]

From 540bbbdad7e3feb0e2b3ee0dbdf4f6e8f4ef9e61 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 14:14:37 +0600
Subject: [PATCH 225/379] web/SidebarTab: pass icon prop instead of using slot

---
 web/src/components/sidebar/Sidebar.svelte    | 28 ++++++--------------
 web/src/components/sidebar/SidebarTab.svelte | 19 +++++++------
 2 files changed, 19 insertions(+), 28 deletions(-)

diff --git a/web/src/components/sidebar/Sidebar.svelte b/web/src/components/sidebar/Sidebar.svelte
index ca3a963e..39407a19 100644
--- a/web/src/components/sidebar/Sidebar.svelte
+++ b/web/src/components/sidebar/Sidebar.svelte
@@ -19,8 +19,8 @@
     let aboutLink = defaultNavPage("about");
 
     $: screenWidth,
-       settingsLink = defaultNavPage("settings"),
-       aboutLink = defaultNavPage("about");
+        (settingsLink = defaultNavPage("settings")),
+        (aboutLink = defaultNavPage("about"));
 </script>
 
 <svelte:window bind:innerWidth={screenWidth} />
@@ -29,26 +29,14 @@
     <CobaltLogo />
     <div id="sidebar-tabs" role="tablist">
         <div id="sidebar-actions" class="sidebar-inner-container">
-            <SidebarTab tabName="save" tabLink="/">
-                <IconDownload />
-            </SidebarTab>
-            <SidebarTab tabName="remux" tabLink="/remux" beta>
-                <IconRepeat />
-            </SidebarTab>
+            <SidebarTab name="save" path="/" icon={IconDownload} />
+            <SidebarTab name="remux" path="/remux" icon={IconRepeat} beta />
         </div>
         <div id="sidebar-info" class="sidebar-inner-container">
-            <SidebarTab tabName="settings" tabLink={settingsLink}>
-                <IconSettings />
-            </SidebarTab>
-            <SidebarTab tabName="donate" tabLink="/donate">
-                <IconHeart />
-            </SidebarTab>
-            <SidebarTab tabName="updates" tabLink="/updates">
-                <IconComet />
-            </SidebarTab>
-            <SidebarTab tabName="about" tabLink={aboutLink}>
-                <IconInfoCircle />
-            </SidebarTab>
+            <SidebarTab name="settings" path={settingsLink} icon={IconSettings} />
+            <SidebarTab name="donate" path="/donate" icon={IconHeart} />
+            <SidebarTab name="updates" path="/updates" icon={IconComet} />
+            <SidebarTab name="about" path={aboutLink} icon={IconInfoCircle} />
         </div>
     </div>
 </nav>
diff --git a/web/src/components/sidebar/SidebarTab.svelte b/web/src/components/sidebar/SidebarTab.svelte
index 9f3b51ef..2330039f 100644
--- a/web/src/components/sidebar/SidebarTab.svelte
+++ b/web/src/components/sidebar/SidebarTab.svelte
@@ -3,8 +3,10 @@
 
     import { t } from "$lib/i18n/translations";
 
-    export let tabName: string;
-    export let tabLink: string;
+    export let name: string;
+    export let path: string;
+    export let icon: ConstructorOfATypedSvelteComponent;
+
     export let beta = false;
 
     const firstTabPage = ["save", "remux", "settings"];
@@ -12,14 +14,14 @@
     let tab: HTMLElement;
 
     $: currentTab = $page.url.pathname.split("/")[1];
-    $: baseTabPath = tabLink.split("/")[1];
+    $: baseTabPath = path.split("/")[1];
 
     $: isTabActive = currentTab === baseTabPath;
 
     const showTab = (e: HTMLElement) => {
         if (e) {
             e.scrollIntoView({
-                inline: firstTabPage.includes(tabName) ? "end" : "start",
+                inline: firstTabPage.includes(name) ? "end" : "start",
                 block: "nearest",
                 behavior: "smooth",
             });
@@ -32,10 +34,10 @@
 </script>
 
 <a
-    id="sidebar-tab-{tabName}"
+    id="sidebar-tab-{name}"
     class="sidebar-tab"
     class:active={isTabActive}
-    href={tabLink}
+    href={path}
     bind:this={tab}
     on:focus={() => showTab(tab)}
     role="tab"
@@ -44,8 +46,9 @@
     {#if beta}
         <div class="beta-sign" aria-label={$t("general.beta")}>β</div>
     {/if}
-    <slot></slot>
-    {$t(`tabs.${tabName}`)}
+
+    <svelte:component this={icon} />
+    {$t(`tabs.${name}`)}
 </a>
 
 <style>

From a0616841bf9d23182ea82e18fe713295c3a21eee Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 14:15:03 +0600
Subject: [PATCH 226/379] web/DonationOption: use icon prop instead of slot

---
 web/src/components/donate/DonateOptionsCard.svelte | 7 +++----
 web/src/components/donate/DonationOption.svelte    | 3 ++-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/web/src/components/donate/DonateOptionsCard.svelte b/web/src/components/donate/DonateOptionsCard.svelte
index dcd1d03c..ab8173cc 100644
--- a/web/src/components/donate/DonateOptionsCard.svelte
+++ b/web/src/components/donate/DonateOptionsCard.svelte
@@ -176,14 +176,13 @@
                 showRightScroll = currentPos < maxPos && currentPos !== maxPos;
             }}
         >
-            {#each Object.entries(PRESET_DONATION_AMOUNTS) as [amount, component]}
+            {#each Object.entries(PRESET_DONATION_AMOUNTS) as [amount, icon]}
                 <DonationOption
                     price={+amount}
                     desc={$t(`donate.card.option.${amount}`)}
                     href={donationMethods[processor](+amount * 100)}
-                >
-                    <svelte:component this={component} />
-                </DonationOption>
+                    {icon}
+                />
             {/each}
         </div>
     </div>
diff --git a/web/src/components/donate/DonationOption.svelte b/web/src/components/donate/DonationOption.svelte
index 7e5ca917..1c8fb5a3 100644
--- a/web/src/components/donate/DonationOption.svelte
+++ b/web/src/components/donate/DonationOption.svelte
@@ -2,6 +2,7 @@
     export let price: number;
     export let desc: string;
     export let href: string;
+    export let icon: ConstructorOfATypedSvelteComponent;
 
     const USD = new Intl.NumberFormat("en-US", {
         style: "currency",
@@ -17,7 +18,7 @@
     }}
 >
     <div class="donate-card-title">
-        <slot></slot>
+        <svelte:component this={icon} />
         {USD.format(price)}
     </div>
     <div class="donate-card-subtitle">{desc}</div>

From 1833a95027f0d780dc7213a24adf3d22f98fbb2b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 14:15:34 +0600
Subject: [PATCH 227/379] web/PageNavTab: use icon prop instead of slot

---
 web/src/components/subnav/PageNavTab.svelte | 13 ++--
 web/src/routes/about/+layout.svelte         | 45 ++++++------
 web/src/routes/settings/+layout.svelte      | 76 ++++++++++-----------
 3 files changed, 62 insertions(+), 72 deletions(-)

diff --git a/web/src/components/subnav/PageNavTab.svelte b/web/src/components/subnav/PageNavTab.svelte
index 898174fd..b828edb6 100644
--- a/web/src/components/subnav/PageNavTab.svelte
+++ b/web/src/components/subnav/PageNavTab.svelte
@@ -3,25 +3,26 @@
 
     import IconChevronRight from "@tabler/icons-svelte/IconChevronRight.svelte";
 
-    export let tabPath: string;
-    export let tabTitle: string;
+    export let path: string;
+    export let title: string;
+    export let icon: ConstructorOfATypedSvelteComponent;
     export let iconColor: "gray" | "blue" | "green" = "gray";
 
-    $: isActive = $page.url.pathname === tabPath;
+    $: isActive = $page.url.pathname === path;
 </script>
 
 <a
     class="subnav-tab"
-    href={tabPath}
+    href={path}
     class:active={isActive}
     role="button"
 >
     <div class="subnav-tab-left">
         <div class="tab-icon" style="background: var(--{iconColor})">
-            <slot></slot>
+            <svelte:component this={icon} />
         </div>
         <div class="subnav-tab-text">
-            {tabTitle}
+            {title}
         </div>
     </div>
     <div class="subnav-tab-chevron">
diff --git a/web/src/routes/about/+layout.svelte b/web/src/routes/about/+layout.svelte
index ddfb1c6f..e28df42b 100644
--- a/web/src/routes/about/+layout.svelte
+++ b/web/src/routes/about/+layout.svelte
@@ -23,43 +23,38 @@
     <svelte:fragment slot="navigation">
         <PageNavSection>
             <PageNavTab
-                tabPath="/about/general"
-                tabTitle={$t("about.page.general")}
+                path="/about/general"
+                title={$t("about.page.general")}
+                icon={IconComet}
                 iconColor="blue"
-            >
-                <IconComet />
-            </PageNavTab>
+            />
             <PageNavTab
-                tabPath="/about/community"
-                tabTitle={$t("about.page.community")}
+                path="/about/community"
+                title={$t("about.page.community")}
+                icon={IconUsersGroup}
                 iconColor="green"
-            >
-                <IconUsersGroup />
-            </PageNavTab>
+            />
         </PageNavSection>
 
         <PageNavSection>
             <PageNavTab
-                tabPath="/about/terms"
-                tabTitle={$t("about.page.terms")}
+                path="/about/terms"
+                title={$t("about.page.terms")}
+                icon={IconChecklist}
                 iconColor="gray"
-            >
-                <IconChecklist />
-            </PageNavTab>
+            />
             <PageNavTab
-                tabPath="/about/privacy"
-                tabTitle={$t("about.page.privacy")}
+                path="/about/privacy"
+                title={$t("about.page.privacy")}
+                icon={IconLock}
                 iconColor="gray"
-            >
-                <IconLock />
-            </PageNavTab>
+            />
             <PageNavTab
-                tabPath="/about/credits"
-                tabTitle={$t("about.page.credits")}
+                path="/about/credits"
+                title={$t("about.page.credits")}
+                icon={IconLicense}
                 iconColor="gray"
-            >
-                <IconLicense />
-            </PageNavTab>
+            />
         </PageNavSection>
     </svelte:fragment>
 
diff --git a/web/src/routes/settings/+layout.svelte b/web/src/routes/settings/+layout.svelte
index cbcd5282..79bd7b93 100644
--- a/web/src/routes/settings/+layout.svelte
+++ b/web/src/routes/settings/+layout.svelte
@@ -20,7 +20,9 @@
     import IconWorld from "@tabler/icons-svelte/IconWorld.svelte";
     import IconSettingsBolt from "@tabler/icons-svelte/IconSettingsBolt.svelte";
 
-    $: versionText = $version ? `v${$version.version}-${$version.commit.slice(0, 8)}` : '\xa0';
+    $: versionText = $version
+        ? `v${$version.version}-${$version.commit.slice(0, 8)}`
+        : "\xa0";
 </script>
 
 <PageNav
@@ -32,68 +34,60 @@
     <svelte:fragment slot="navigation">
         <PageNavSection>
             <PageNavTab
-                tabPath="/settings/appearance"
-                tabTitle={$t("settings.page.appearance")}
+                path="/settings/appearance"
+                title={$t("settings.page.appearance")}
+                icon={IconSunHigh}
                 iconColor="blue"
-            >
-                <IconSunHigh />
-            </PageNavTab>
+            />
             <PageNavTab
-                tabPath="/settings/privacy"
-                tabTitle={$t("settings.page.privacy")}
+                path="/settings/privacy"
+                title={$t("settings.page.privacy")}
+                icon={IconLock}
                 iconColor="blue"
-            >
-                <IconLock />
-            </PageNavTab>
+            />
         </PageNavSection>
 
         <PageNavSection>
             <PageNavTab
-                tabPath="/settings/video"
-                tabTitle={$t("settings.page.video")}
+                path="/settings/video"
+                title={$t("settings.page.video")}
+                icon={IconMovie}
                 iconColor="green"
-            >
-                <IconMovie />
-            </PageNavTab>
+            />
             <PageNavTab
-                tabPath="/settings/audio"
-                tabTitle={$t("settings.page.audio")}
+                path="/settings/audio"
+                title={$t("settings.page.audio")}
+                icon={IconMusic}
                 iconColor="green"
-            >
-                <IconMusic />
-            </PageNavTab>
+            />
             <PageNavTab
-                tabPath="/settings/download"
-                tabTitle={$t("settings.page.download")}
+                path="/settings/download"
+                title={$t("settings.page.download")}
+                icon={IconFileDownload}
                 iconColor="green"
-            >
-                <IconFileDownload />
-            </PageNavTab>
+            />
         </PageNavSection>
 
         <PageNavSection>
             <PageNavTab
-                tabPath="/settings/instances"
-                tabTitle={$t("settings.page.instances")}
+                path="/settings/instances"
+                title={$t("settings.page.instances")}
+                icon={IconWorld}
                 iconColor="gray"
-            >
-                <IconWorld />
-            </PageNavTab>
+            />
             <PageNavTab
-                tabPath="/settings/advanced"
-                tabTitle={$t("settings.page.advanced")}
+                path="/settings/advanced"
+                title={$t("settings.page.advanced")}
+                icon={IconSettingsBolt}
                 iconColor="gray"
-            >
-                <IconSettingsBolt />
-            </PageNavTab>
+            />
             {#if $settings.advanced.debug}
                 <PageNavTab
-                    tabPath="/settings/debug"
-                    tabTitle={$t("settings.page.debug")}
+                    path="/settings/debug"
+                    title={$t("settings.page.debug")}
+                    icon={IconBug}
                     iconColor="gray"
-                >
-                    <IconBug />
-                </PageNavTab>
+                />
             {/if}
         </PageNavSection>
     </svelte:fragment>

From 9c8cb5611f64e82e94de35428583de0aaa40b656 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 14:26:45 +0600
Subject: [PATCH 228/379] web/server-info: reload the page only if the sitekey
 actually changed

---
 web/src/lib/api/server-info.ts | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/web/src/lib/api/server-info.ts b/web/src/lib/api/server-info.ts
index 8a3e1b60..0f36ceff 100644
--- a/web/src/lib/api/server-info.ts
+++ b/web/src/lib/api/server-info.ts
@@ -53,14 +53,9 @@ export const getServerInfo = async () => {
             origin: currentApiURL(),
         });
 
-        /*
-            reload the page if turnstile sitekey changed.
-            there's no other proper way to do this, at least i couldn't find any :(
-        */
-        if (cache?.info?.cobalt?.turnstileSitekey && freshInfo?.cobalt?.turnstileSitekey) {
-            if (browser) {
-                window.location.reload();
-            }
+        // reload the page if turnstile sitekey changed
+        if (cache && cache?.info?.cobalt?.turnstileSitekey !== freshInfo?.cobalt?.turnstileSitekey) {
+            if (browser) window.location.reload();
         }
 
         return true;

From 6e81c55fc157aa7ce5d5ab8feb30e0924020bb4e Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 14:47:07 +0600
Subject: [PATCH 229/379] web: replace `text-align: left` with `text-align:
 start`

improves support for arabic and other RTL languages
---
 web/src/components/about/AboutSupport.svelte           | 2 +-
 web/src/components/buttons/SettingsToggle.svelte       | 2 +-
 web/src/components/dialog/SmallDialog.svelte           | 2 +-
 web/src/components/donate/DonateAltItem.svelte         | 2 +-
 web/src/components/donate/DonateCardContainer.svelte   | 2 +-
 web/src/components/misc/BulletExplain.svelte           | 2 +-
 web/src/components/misc/UpdateNotification.svelte      | 2 +-
 web/src/components/settings/ResetSettingsButton.svelte | 2 +-
 web/src/routes/about/community/+page.svelte            | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/web/src/components/about/AboutSupport.svelte b/web/src/components/about/AboutSupport.svelte
index 5b0c319c..713c003f 100644
--- a/web/src/components/about/AboutSupport.svelte
+++ b/web/src/components/about/AboutSupport.svelte
@@ -70,7 +70,7 @@
         gap: 4px;
         height: fit-content;
 
-        text-align: left;
+        text-align: start;
         flex-direction: column;
         align-items: flex-start;
         justify-content: flex-start;
diff --git a/web/src/components/buttons/SettingsToggle.svelte b/web/src/components/buttons/SettingsToggle.svelte
index f9c3cbfd..5d5941a2 100644
--- a/web/src/components/buttons/SettingsToggle.svelte
+++ b/web/src/components/buttons/SettingsToggle.svelte
@@ -76,7 +76,7 @@
         align-items: center;
         gap: var(--padding);
         justify-content: space-between;
-        text-align: left;
+        text-align: start;
         transform: none;
         padding: calc(var(--switcher-padding) * 2) 16px;
         border-radius: var(--border-radius);
diff --git a/web/src/components/dialog/SmallDialog.svelte b/web/src/components/dialog/SmallDialog.svelte
index f76c91e1..bce93be4 100644
--- a/web/src/components/dialog/SmallDialog.svelte
+++ b/web/src/components/dialog/SmallDialog.svelte
@@ -134,7 +134,7 @@
     }
 
     .align-left .body-text {
-        text-align: left;
+        text-align: start;
     }
 
     .align-left .popup-header {
diff --git a/web/src/components/donate/DonateAltItem.svelte b/web/src/components/donate/DonateAltItem.svelte
index 0bc45789..3f28d736 100644
--- a/web/src/components/donate/DonateAltItem.svelte
+++ b/web/src/components/donate/DonateAltItem.svelte
@@ -75,7 +75,7 @@
         overflow: clip;
         justify-content: flex-start;
         align-items: center;
-        text-align: left;
+        text-align: start;
         line-break: anywhere;
         padding: 0;
         gap: 10px;
diff --git a/web/src/components/donate/DonateCardContainer.svelte b/web/src/components/donate/DonateCardContainer.svelte
index 026c133b..74a00339 100644
--- a/web/src/components/donate/DonateCardContainer.svelte
+++ b/web/src/components/donate/DonateCardContainer.svelte
@@ -34,7 +34,7 @@
         display: flex;
         flex-direction: column;
         align-items: flex-start;
-        text-align: left;
+        text-align: start;
         border-radius: var(--donate-card-padding);
         background: rgba(255, 255, 255, 0.05);
         padding: 12px 16px;
diff --git a/web/src/components/misc/BulletExplain.svelte b/web/src/components/misc/BulletExplain.svelte
index 92840411..e3520c4e 100644
--- a/web/src/components/misc/BulletExplain.svelte
+++ b/web/src/components/misc/BulletExplain.svelte
@@ -22,7 +22,7 @@
     .bullet-holder {
         display: flex;
         flex-direction: row;
-        text-align: left;
+        text-align: start;
         gap: var(--padding);
     }
 
diff --git a/web/src/components/misc/UpdateNotification.svelte b/web/src/components/misc/UpdateNotification.svelte
index 6cfaa97b..ea839538 100644
--- a/web/src/components/misc/UpdateNotification.svelte
+++ b/web/src/components/misc/UpdateNotification.svelte
@@ -59,7 +59,7 @@
     .update-text {
         display: flex;
         flex-direction: column;
-        text-align: left;
+        text-align: start;
         font-size: 13px;
     }
 
diff --git a/web/src/components/settings/ResetSettingsButton.svelte b/web/src/components/settings/ResetSettingsButton.svelte
index c7358d93..acc1465d 100644
--- a/web/src/components/settings/ResetSettingsButton.svelte
+++ b/web/src/components/settings/ResetSettingsButton.svelte
@@ -40,7 +40,7 @@
         background-color: var(--red);
         color: var(--white);
         width: max-content;
-        text-align: left;
+        text-align: start;
     }
 
     #setting-button-reset:hover {
diff --git a/web/src/routes/about/community/+page.svelte b/web/src/routes/about/community/+page.svelte
index c2219317..77d382e6 100644
--- a/web/src/routes/about/community/+page.svelte
+++ b/web/src/routes/about/community/+page.svelte
@@ -77,7 +77,7 @@
     }
 
     .support-note {
-        text-align: left;
+        text-align: start;
         padding: 0;
     }
 </style>

From 94e5aad6c0ee5f1556c7c6513e2d8fb0b904970c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 15:33:09 +0600
Subject: [PATCH 230/379] web/Toggle: accommodate for rtl layouts

---
 web/src/components/misc/Toggle.svelte | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/web/src/components/misc/Toggle.svelte b/web/src/components/misc/Toggle.svelte
index fcb0aa92..bb935b14 100644
--- a/web/src/components/misc/Toggle.svelte
+++ b/web/src/components/misc/Toggle.svelte
@@ -1,8 +1,8 @@
 <script lang="ts">
-    export let enabled;
+    export let enabled: boolean;
 </script>
 
-<div class="toggle" class:enabled={enabled}>
+<div class="toggle" class:enabled>
     <div class="toggle-switcher"></div>
 </div>
 
@@ -10,6 +10,7 @@
     .toggle {
         --base-size: 22px;
         --ratio-factor: 0.9;
+        --enabled-pos: calc(100% * var(--ratio-factor));
 
         display: flex;
         justify-content: start;
@@ -23,6 +24,10 @@
         transition: background 0.2s;
     }
 
+    .toggle:dir(rtl) {
+        --enabled-pos: calc(-100% * var(--ratio-factor));
+    }
+
     .toggle-switcher {
         height: var(--base-size);
         width: var(--base-size);
@@ -37,6 +42,7 @@
     }
 
     .toggle.enabled .toggle-switcher {
-        transform: translateX(calc(100% * var(--ratio-factor)));
+        transform: translateX(var(--enabled-pos));
+    }
     }
 </style>

From 72c30a58aa86676e326d39210d8bc13c1b07c05f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 15:33:27 +0600
Subject: [PATCH 231/379] web/Switcher: fix rounded corners in RTL layout

---
 web/src/components/buttons/Switcher.svelte | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/web/src/components/buttons/Switcher.svelte b/web/src/components/buttons/Switcher.svelte
index 2ead0caf..0792c9e4 100644
--- a/web/src/components/buttons/Switcher.svelte
+++ b/web/src/components/buttons/Switcher.svelte
@@ -43,6 +43,20 @@
         border-bottom-left-radius: 0;
     }
 
+    .switcher:not(.big):dir(rtl) :global(.button:first-child) {
+        border-top-right-radius: inherit;
+        border-bottom-right-radius: inherit;
+        border-top-left-radius: 0;
+        border-bottom-left-radius: 0;
+    }
+
+    .switcher:not(.big):dir(rtl) :global(.button:last-child) {
+        border-top-left-radius: inherit;
+        border-bottom-left-radius: inherit;
+        border-top-right-radius: 0;
+        border-bottom-right-radius: 0;
+    }
+
     .switcher.big {
         background: var(--button);
         box-shadow: var(--button-box-shadow);

From e7c2196a25a701eefa36fd1196b87a8bdf0613c4 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 15:33:51 +0600
Subject: [PATCH 232/379] web/DownloadButton: adapt for RTL layout

---
 .../components/save/buttons/DownloadButton.svelte | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/web/src/components/save/buttons/DownloadButton.svelte b/web/src/components/save/buttons/DownloadButton.svelte
index 43a7412d..981bb0ad 100644
--- a/web/src/components/save/buttons/DownloadButton.svelte
+++ b/web/src/components/save/buttons/DownloadButton.svelte
@@ -183,6 +183,16 @@
         border-bottom-right-radius: var(--border-radius);
     }
 
+    #download-button:dir(rtl) {
+        border-left: 0;
+        border-top-right-radius: 0;
+        border-bottom-right-radius: 0;
+
+        border-right: 1.5px var(--input-border) solid;
+        border-top-left-radius: var(--border-radius);
+        border-bottom-left-radius: var(--border-radius);
+    }
+
     #download-button:focus-visible {
         box-shadow: 0 0 0 2px var(--blue) inset;
     }
@@ -209,6 +219,11 @@
         border-left: 2px var(--secondary) solid;
     }
 
+    :global(#input-container.focused) #download-button:dir(rtl) {
+        border-left: 0;
+        border-right: 2px var(--secondary) solid;
+    }
+
     @media (hover: hover) {
         #download-button:hover {
             background: var(--button-hover-transparent);

From 88ed5876ae0fa83aac106499722ccf37a1ed4881 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 15:34:10 +0600
Subject: [PATCH 233/379] web/Omnibox: adapt for RTL layout

---
 web/src/components/save/Omnibox.svelte | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/web/src/components/save/Omnibox.svelte b/web/src/components/save/Omnibox.svelte
index a1e9873a..108371ac 100644
--- a/web/src/components/save/Omnibox.svelte
+++ b/web/src/components/save/Omnibox.svelte
@@ -219,12 +219,13 @@
     }
 
     #input-container {
+        --input-padding: 10px;
         display: flex;
         box-shadow: 0 0 0 1.5px var(--input-border) inset;
         border-radius: var(--border-radius);
-        padding: 0 10px;
+        padding: 0 var(--input-padding);
         align-items: center;
-        gap: 10px;
+        gap: var(--input-padding);
         font-size: 14px;
         flex: 1;
     }
@@ -233,6 +234,11 @@
         padding-right: 0;
     }
 
+    #input-container.downloadable:dir(rtl) {
+        padding-right: var(--input-padding);
+        padding-left: 0;
+    }
+
     #input-container.focused {
         box-shadow: 0 0 0 1.5px var(--secondary) inset;
         outline: var(--secondary) 0.5px solid;
@@ -250,7 +256,7 @@
         display: flex;
         width: 100%;
         margin: 0;
-        padding: 10px 0;
+        padding: var(--input-padding) 0;
         height: 18px;
 
         align-items: center;

From 45e639a7e1afab2ba5dd1c5da02463b937a86e33 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 15:34:23 +0600
Subject: [PATCH 234/379] web/Sidebar: fix padding in RTL layout

---
 web/src/components/sidebar/Sidebar.svelte | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/web/src/components/sidebar/Sidebar.svelte b/web/src/components/sidebar/Sidebar.svelte
index 39407a19..1733cf09 100644
--- a/web/src/components/sidebar/Sidebar.svelte
+++ b/web/src/components/sidebar/Sidebar.svelte
@@ -107,6 +107,16 @@
         #sidebar :global(.sidebar-inner-container:last-child) {
             padding-right: calc(var(--border-radius) * 2);
         }
+
+        #sidebar :global(.sidebar-inner-container:first-child:dir(rtl)) {
+            padding-left: 0;
+            padding-right: calc(var(--border-radius) * 2);
+        }
+
+        #sidebar :global(.sidebar-inner-container:last-child:dir(rtl)) {
+            padding-right: 0;
+            padding-left: calc(var(--border-radius) * 2);
+        }
     }
 
     /* add padding for notch / dynamic island in landscape */

From 620bd2424356cbbf6a5019f8c845bdff2a9f402d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 15:34:37 +0600
Subject: [PATCH 235/379] web/PageNav: fix page padding in RTL layout

---
 web/src/components/subnav/PageNav.svelte | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/web/src/components/subnav/PageNav.svelte b/web/src/components/subnav/PageNav.svelte
index 7fa46b0e..83e3f0a0 100644
--- a/web/src/components/subnav/PageNav.svelte
+++ b/web/src/components/subnav/PageNav.svelte
@@ -129,6 +129,11 @@
         padding-left: var(--subnav-padding);
     }
 
+    .subnav-page:dir(rtl) {
+        padding-left: 0;
+        padding-right: var(--subnav-padding);
+    }
+
     .subnav-page-content {
         display: flex;
         flex-direction: column;
@@ -211,7 +216,8 @@
     }
 
     @media screen and (max-width: 750px) {
-        .subnav-page {
+        .subnav-page,
+        .subnav-page:dir(rtl) {
             --subnav-nav-width: 100%;
             display: flex;
             flex-direction: column;

From c9833a358b7e978a721cb83ce36afcb21c7720a7 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 15:34:59 +0600
Subject: [PATCH 236/379] web/layout: fix content rounded corners in RTL layout

---
 web/src/routes/+layout.svelte | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 03bebef3..8f3a4f17 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -278,21 +278,30 @@
         display: flex;
         overflow: scroll;
         background-color: var(--primary);
-
         border-top-left-radius: var(--border-radius);
         border-bottom-left-radius: var(--border-radius);
     }
 
+    #content:dir(rtl) {
+        border-top-left-radius: 0;
+        border-bottom-left-radius: 0;
+        border-top-right-radius: var(--border-radius);
+        border-bottom-right-radius: var(--border-radius);
+    }
+
     @media screen and (max-width: 535px) {
         #cobalt {
             display: grid;
             grid-template-columns: unset;
             grid-template-rows: 1fr var(--sidebar-height-mobile);
         }
-        #content {
+
+        #content,
+        #content:dir(rtl) {
             padding-top: env(safe-area-inset-top);
             order: -1;
             border-top-left-radius: 0;
+            border-top-right-radius: 0;
             border-bottom-left-radius: calc(var(--border-radius) * 2);
             border-bottom-right-radius: calc(var(--border-radius) * 2);
         }

From c50cecae92500fbdc0549ff40109edaa3456d9d9 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 15:35:36 +0600
Subject: [PATCH 237/379] web/settings: replace advanced settings icon with a
 cooler one

---
 web/src/routes/settings/+layout.svelte | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/src/routes/settings/+layout.svelte b/web/src/routes/settings/+layout.svelte
index 79bd7b93..a1f7bfb9 100644
--- a/web/src/routes/settings/+layout.svelte
+++ b/web/src/routes/settings/+layout.svelte
@@ -18,7 +18,7 @@
 
     import IconBug from "@tabler/icons-svelte/IconBug.svelte";
     import IconWorld from "@tabler/icons-svelte/IconWorld.svelte";
-    import IconSettingsBolt from "@tabler/icons-svelte/IconSettingsBolt.svelte";
+    import IconAdjustmentsStar from "@tabler/icons-svelte/IconAdjustmentsStar.svelte";
 
     $: versionText = $version
         ? `v${$version.version}-${$version.commit.slice(0, 8)}`
@@ -78,7 +78,7 @@
             <PageNavTab
                 path="/settings/advanced"
                 title={$t("settings.page.advanced")}
-                icon={IconSettingsBolt}
+                icon={IconAdjustmentsStar}
                 iconColor="gray"
             />
             {#if $settings.advanced.debug}

From b8c1c1fe5103c1f3a27c6bf0f1152fadde6e61a4 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 15:41:36 +0600
Subject: [PATCH 238/379] web/Toggle: remove accidentally committed bracket

---
 web/src/components/misc/Toggle.svelte | 1 -
 1 file changed, 1 deletion(-)

diff --git a/web/src/components/misc/Toggle.svelte b/web/src/components/misc/Toggle.svelte
index bb935b14..2ab52c32 100644
--- a/web/src/components/misc/Toggle.svelte
+++ b/web/src/components/misc/Toggle.svelte
@@ -44,5 +44,4 @@
     .toggle.enabled .toggle-switcher {
         transform: translateX(var(--enabled-pos));
     }
-    }
 </style>

From 1374693c2f68a15e55b1d0a0afea7f114f383573 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 20 Nov 2024 16:06:48 +0600
Subject: [PATCH 239/379] web/Toggle: make the toggle stretchy

---
 web/src/components/misc/Toggle.svelte | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/web/src/components/misc/Toggle.svelte b/web/src/components/misc/Toggle.svelte
index 2ab52c32..7101df95 100644
--- a/web/src/components/misc/Toggle.svelte
+++ b/web/src/components/misc/Toggle.svelte
@@ -34,7 +34,7 @@
         background: var(--white);
         border-radius: 100px;
         transform: translateX(0%);
-        transition: transform 0.2s;
+        transition: transform 0.2s, width 0.2s;
     }
 
     .toggle.enabled {
@@ -44,4 +44,8 @@
     .toggle.enabled .toggle-switcher {
         transform: translateX(var(--enabled-pos));
     }
+
+    :global(.toggle-container:active .toggle:not(.enabled) .toggle-switcher) {
+        width: calc(var(--base-size) * 1.3);
+    }
 </style>

From f1f995515969ff5040a527e66af2c84ac91c60d3 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 00:32:08 +0600
Subject: [PATCH 240/379] web/i18n/error: rephrase a bunch of strings for more
 clarity and context

i didn't expect to rewrite this much ngl
---
 web/i18n/en/error.json | 62 +++++++++++++++++++++---------------------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index 638caa4a..f350d729 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -1,55 +1,55 @@
 {
-    "import.no_data": "there's nothing to load from the file. are you sure it's the right one?",
-    "import.invalid": "your file doesn't have valid cobalt settings to import. are you sure it's the right one?",
+    "import.no_data": "there are no settings to load from this file. are you sure it's the right one?",
+    "import.invalid": "this file doesn't have valid cobalt settings to import. are you sure it's the right one?",
     "import.unknown": "couldn't load data from the file. it may be corrupted or of wrong format. here's the error i got:\n\n{{ value }}",
 
     "remux.corrupted": "couldn't read the metadata from this file, it may be corrupted.",
-    "remux.out_of_resources": "cobalt ran out of resources and can't continue with on-device processing. this is related to limitations on your browser's side. try refreshing or reopening the app and trying again. some devices can only process tiny files.",
+    "remux.out_of_resources": "cobalt ran out of resources and can't continue with on-device processing. this is caused by your browser's limitations. refresh or reopen the app and try again!",
 
-    "tunnel.probe": "couldn't verify whether you can download this file. try again in a few seconds!",
+    "tunnel.probe": "couldn't test this tunnel. your browser or network configuration may be blocking access to one of cobalt servers. are you sure you don't have any weird browser extensions?",
 
-    "captcha_ongoing": "still checking if you're not a bot. wait for the spinner to disappear and try again.\n\nif it takes too long, please let us know! we use cloudflare turnstile for bot protection and sometimes it blocks people for no reason.",
+    "captcha_ongoing": "cloudflare turnstile is still checking if you're not a bot.\n\nif it takes too long, you can try: disabling weird browser extensions, changing networks, using a different browser, or checking your device for malware.",
 
-    "api.auth.jwt.missing": "couldn't confirm whether you're not a robot because the processing server didn't receive the human access token. try again in a few seconds or reload the page!",
-    "api.auth.jwt.invalid": "couldn't confirm whether you're not a robot because your human access token expired and wasn't renewed. try again in a few seconds or reload the page!",
-    "api.auth.turnstile.missing": "couldn't confirm whether you're not a robot because the processing server didn't receive the human access token. try again in a few seconds or reload the page!",
-    "api.auth.turnstile.invalid": "couldn't confirm whether you're not a robot because your human access token expired and wasn't renewed. try again in a few seconds or reload the page!",
+    "api.auth.jwt.missing": "couldn't authenticate with the processing instance because the access token is missing. try again in a few seconds or reload the page!",
+    "api.auth.jwt.invalid": "couldn't authenticate with the processing instance because the access token expired. try again in a few seconds or reload the page!",
+    "api.auth.turnstile.missing": "couldn't authenticate with the processing instance because the captcha solution is missing. try again in a few seconds or reload the page!",
+    "api.auth.turnstile.invalid": "couldn't authenticate with the processing instance because the captcha solution is invalid. try again in a few seconds or reload the page!",
 
-    "api.unreachable": "couldn't connect to the processing server. check your internet connection and try again.",
-    "api.timed_out": "the processing server took way too long to respond. it may be overwhelmed at the moment, try again in a few seconds!",
-    "api.rate_exceeded": "you're making way too many requests. try again in {{ limit }} seconds!",
-    "api.capacity": "cobalt is at capacity and can't process your request at the moment. try again in a few seconds. if it still doesn't work, let us know and we'll try to help!",
+    "api.unreachable": "couldn't connect to the processing instance. check your internet connection and try again!",
+    "api.timed_out": "the processing instance took too long to respond. it may be overwhelmed at the moment, try again in a few seconds!",
+    "api.rate_exceeded": "you're making too many requests. try again in {{ limit }} seconds.",
+    "api.capacity": "cobalt is at capacity and can't process your request at the moment. try again in a few seconds!",
 
-    "api.generic": "something went wrong and i couldn't get anything for you. try again in a few seconds, but if issue sticks, let us know and we'll try to help!",
-    "api.unknown_response": "couldn't parse the response from the server. this could be caused by a version mismatch. are you sure you're on the latest version of cobalt?",
+    "api.generic": "something went wrong and i couldn't get anything for you, try again in a few seconds. if the issue sticks, please report it!",
+    "api.unknown_response": "couldn't read the response from the processing instance. this could be caused by a version mismatch between cobalt instances.",
 
     "api.service.unsupported": "this service is not supported yet. have you pasted the right link?",
-    "api.service.disabled": "this service is supported by cobalt, but it's disabled on this instance. try a link from another service!",
+    "api.service.disabled": "this service is generally supported by cobalt, but it's disabled on this processing instance. try a link from another service!",
 
     "api.link.invalid": "your link is invalid or this service is not supported yet. have you pasted the right link?",
     "api.link.unsupported": "{{ service }} is supported, but i couldn't recognize your link. have you pasted the right one?",
 
-    "api.fetch.fail": "something went wrong when fetching info from {{ service }} and i couldn't find anything for you. are you sure your link works? if it does and you still see this error, let us know and we'll try to help!",
-    "api.fetch.critical": "the {{ service }} module returned an error that i don't recognize. try again in a few seconds, but if issue sticks, let us know!",
+    "api.fetch.fail": "something went wrong when fetching info from {{ service }} and i couldn't get anything for you. if this issue sticks, please report it!",
+    "api.fetch.critical": "the {{ service }} module returned an error that i don't recognize. try again in a few seconds, but if this issue sticks, please report it!",
     "api.fetch.empty": "couldn't find any media that i could download for you. are you sure you pasted the right link?",
-    "api.fetch.rate": "the cobalt processing server got rate limited by the {{ service }} api. try again in a few seconds!",
-    "api.fetch.short_link": "couldn't get link info from the short link. are you sure it works? if it does and you still get this error, let us know, and we'll try to help!",
+    "api.fetch.rate": "the processing instance got rate limited by {{ service }}. try again in a few seconds!",
+    "api.fetch.short_link": "couldn't get info from the short link. are you sure it works? if it does and you still get this error, please report the issue!",
 
-    "api.content.too_long": "the media you requested is too long. current duration limit is {{ limit }} minutes. try something shorter instead!",
+    "api.content.too_long": "media you requested is too long. the duration limit on this instance is {{ limit }} minutes. try something shorter instead!",
 
-    "api.content.video.unavailable": "i can't access this video. it may be restricted on {{ service }}'s side. have you pasted the right link?",
-    "api.content.video.live": "this video is currently live, so i can't download it yet. wait for the live stream to finish, and then try again!",
-    "api.content.video.private": "this video is private, so i cannot access it. change its visibility or try another one!",
+    "api.content.video.unavailable": "i can't access this video. it may be restricted on {{ service }}'s side. try another one!",
+    "api.content.video.live": "this video is currently live, so i can't download it yet. wait for the live stream to finish and try again!",
+    "api.content.video.private": "this video is private, so i can't access it. change its visibility or try another one!",
     "api.content.video.age": "this video is age-restricted, so i can't access it anonymously. try another one!",
-    "api.content.video.region": "this video is region locked, and the processing server is in a different location. try another one!",
+    "api.content.video.region": "this video is region locked, and the processing instance is in a different location. try another one!",
 
-    "api.content.post.unavailable": "couldn't find anything about this post. its visibility may be limited or it may not exist at all. make sure your link works and try again in a few seconds!",
-    "api.content.post.private": "this post is from a private account, so i can't access it. have you pasted the right link?",
-    "api.content.post.age": "this post is age-restricted, so i can't access it anonymously. have you pasted the right link?",
+    "api.content.post.unavailable": "couldn't find anything about this post. its visibility may be limited or it may not exist. make sure your link works and try again in a few seconds!",
+    "api.content.post.private": "this post is from a private account, so i can't access it. try another one!",
+    "api.content.post.age": "this post is age-restricted, so i can't access it anonymously. try another one!",
 
-    "api.youtube.no_matching_format": "youtube didn't return a valid video + audio format combo. either video or audio is missing. formats for this video may be re-encoding on youtube's side or something went wrong when parsing them.",
-    "api.youtube.decipher": "youtube updated its decipher algorithm and i couldn't extract the info about the video.\n\ntry again in a few seconds, but if issue sticks, contact us for support.",
-    "api.youtube.login": "couldn't get this video because youtube labeled me as a bot. this is potentially caused by the processing instance not having any active account tokens. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
+    "api.youtube.no_matching_format": "youtube didn't return a valid video + audio format combo, either video or audio is missing. formats for this video may be re-encoding on youtube's side or something went wrong when parsing them. try enabling the hls option in video settings!",
+    "api.youtube.decipher": "youtube updated its decipher algorithm and i couldn't extract the info about the video. try again in a few seconds, but if this issue sticks, please report it!",
+    "api.youtube.login": "couldn't get this video because youtube asked the instance to log in. this is potentially caused by the processing instance not having any active account tokens. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
     "api.youtube.token_expired": "couldn't get this video because the youtube token expired and i couldn't refresh it. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
     "api.youtube.no_hls_streams": "couldn't find any matching HLS streams for this video. try downloading it without HLS!"
 }

From 5b445d5c7e5d451780d7bb1afa907a050b024b29 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 15:37:42 +0600
Subject: [PATCH 241/379] api/youtube: catch even more innertube errors

---
 api/src/processing/services/youtube.js | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index e63a21b2..9e99d62f 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -143,13 +143,22 @@ export default async function(o) {
     try {
         info = await yt.getBasicInfo(o.id, useHLS ? 'IOS' : 'ANDROID');
     } catch (e) {
-        if (e?.info?.reason === "This video is private") {
-            return { error: "content.video.private" };
-        } else if (e?.message === "This video is unavailable") {
-            return { error: "content.video.unavailable" };
-        } else {
-            return { error: "fetch.fail" };
+        if (e?.info) {
+            const errorInfo = JSON.parse(e?.info);
+
+            if (errorInfo?.reason === "This video is private") {
+                return { error: "content.video.private" };
+            }
+            if (["INVALID_ARGUMENT", "UNAUTHENTICATED"].includes(errorInfo?.error?.status)) {
+                return { error: "youtube.api_error" };
+            }
         }
+
+        if (e?.message === "This video is unavailable") {
+            return { error: "content.video.unavailable" };
+        }
+
+        return { error: "fetch.fail" };
     }
 
     if (!info) return { error: "fetch.fail" };

From 7fa387b12f80478e06b45bd91d0b2ae56445750f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 15:38:33 +0600
Subject: [PATCH 242/379] web/i18n/error: add youtube api error and update the
 login error

---
 web/i18n/en/error.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index f350d729..24434cbb 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -49,7 +49,8 @@
 
     "api.youtube.no_matching_format": "youtube didn't return a valid video + audio format combo, either video or audio is missing. formats for this video may be re-encoding on youtube's side or something went wrong when parsing them. try enabling the hls option in video settings!",
     "api.youtube.decipher": "youtube updated its decipher algorithm and i couldn't extract the info about the video. try again in a few seconds, but if this issue sticks, please report it!",
-    "api.youtube.login": "couldn't get this video because youtube asked the instance to log in. this is potentially caused by the processing instance not having any active account tokens. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
+    "api.youtube.login": "couldn't get this video because youtube asked the instance to log in. this is potentially caused by the processing instance not having any active account tokens or youtube updating something about their api. try again in a few seconds, but if it still doesn't work, please report this issue!",
     "api.youtube.token_expired": "couldn't get this video because the youtube token expired and i couldn't refresh it. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
-    "api.youtube.no_hls_streams": "couldn't find any matching HLS streams for this video. try downloading it without HLS!"
+    "api.youtube.no_hls_streams": "couldn't find any matching HLS streams for this video. try downloading it without HLS!",
+    "api.youtube.api_error": "youtube updated something about its api and i couldn't get any info about this video. try again in a few seconds, but if this issue sticks, please report it!"
 }

From ff9e248e4f6d255ad85d01fc9c2d647705e47559 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 15:42:47 +0600
Subject: [PATCH 243/379] api/util/test: add twitter to finnicky list

they seemingly blocked ips of github workers
---
 api/src/util/test.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/util/test.js b/api/src/util/test.js
index 256a92fe..2ba555ed 100644
--- a/api/src/util/test.js
+++ b/api/src/util/test.js
@@ -13,7 +13,7 @@ const getTests = (service) => loadJSON(getTestPath(service));
 
 // services that are known to frequently fail due to external
 // factors (e.g. rate limiting)
-const finnicky = new Set(['bilibili', 'instagram', 'facebook', 'youtube', 'vk']);
+const finnicky = new Set(['bilibili', 'instagram', 'facebook', 'youtube', 'vk', 'twitter']);
 
 const runTestsFor = async (service) => {
     const tests = getTests(service);

From 5b60065c9f8af638a7290ed03542326b6eb0fb7b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 16:57:34 +0600
Subject: [PATCH 244/379] web/about/terms: update the abuse email

---
 web/i18n/en/about/terms.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/about/terms.md b/web/i18n/en/about/terms.md
index aa32fd65..634e7502 100644
--- a/web/i18n/en/about/terms.md
+++ b/web/i18n/en/about/terms.md
@@ -49,7 +49,7 @@ fair use and credits benefit everyone.
 />
 
 we have no way of detecting abusive behavior automatically because cobalt is 100% anonymous.
-however, you can report such activities to us and we will do our best to comply manually: **safety@imput.net**
+however, you can report such activities to us via email and we'll do our best to comply manually: abuse[at]imput.net
 
 **this email is not intended for user support, you will not get a response if your concern is not related to abuse.**
 

From baebeed488b94be5ec93eaeadb7b8e4d03b691ea Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 19:08:24 +0600
Subject: [PATCH 245/379] web/settings/v4: add api key settings, remove
 override settings

---
 web/src/lib/settings/defaults.ts |  6 +++---
 web/src/lib/types/settings.ts    | 14 ++++++++------
 web/src/lib/types/settings/v3.ts |  2 +-
 web/src/lib/types/settings/v4.ts |  9 +++++++++
 4 files changed, 21 insertions(+), 10 deletions(-)
 create mode 100644 web/src/lib/types/settings/v4.ts

diff --git a/web/src/lib/settings/defaults.ts b/web/src/lib/settings/defaults.ts
index e629a306..a4448aaa 100644
--- a/web/src/lib/settings/defaults.ts
+++ b/web/src/lib/settings/defaults.ts
@@ -2,7 +2,7 @@ import { defaultLocale } from "$lib/i18n/translations";
 import type { CobaltSettings } from "$lib/types/settings";
 
 const defaultSettings: CobaltSettings = {
-    schemaVersion: 3,
+    schemaVersion: 4,
     advanced: {
         debug: false,
     },
@@ -33,10 +33,10 @@ const defaultSettings: CobaltSettings = {
         disableAnalytics: false,
     },
     processing: {
-        allowDefaultOverride: false,
         customInstanceURL: "",
+        customApiKey: "",
         enableCustomInstances: false,
-        seenOverrideWarning: false,
+        enableCustomApiKey: false,
         seenCustomWarning: false,
     }
 }
diff --git a/web/src/lib/types/settings.ts b/web/src/lib/types/settings.ts
index fd9f31a5..93958e88 100644
--- a/web/src/lib/types/settings.ts
+++ b/web/src/lib/types/settings.ts
@@ -1,13 +1,15 @@
 import type { RecursivePartial } from "$lib/types/generic";
-import type { CobaltSettingsV2 } from "./settings/v2";
-import type { CobaltSettingsV3 } from "./settings/v3";
+import type { CobaltSettingsV2 } from "$lib/types/settings/v2";
+import type { CobaltSettingsV3 } from "$lib/types/settings/v3";
+import type { CobaltSettingsV4 } from "$lib/types/settings/v4";
 
-export * from "./settings/v2";
-export * from "./settings/v3";
+export * from "$lib/types/settings/v2";
+export * from "$lib/types/settings/v3";
+export * from "$lib/types/settings/v4";
 
-export type CobaltSettings = CobaltSettingsV3;
+export type CobaltSettings = CobaltSettingsV4;
 
-export type AnyCobaltSettings = CobaltSettingsV2 | CobaltSettings;
+export type AnyCobaltSettings = CobaltSettingsV3 | CobaltSettingsV2 | CobaltSettings;
 
 export type PartialSettings = RecursivePartial<CobaltSettings>;
 
diff --git a/web/src/lib/types/settings/v3.ts b/web/src/lib/types/settings/v3.ts
index fb376d8e..7d02f2da 100644
--- a/web/src/lib/types/settings/v3.ts
+++ b/web/src/lib/types/settings/v3.ts
@@ -1,5 +1,5 @@
 import type { YoutubeLang } from "$lib/settings/youtube-lang";
-import { type CobaltSettingsV2 } from "./v2";
+import { type CobaltSettingsV2 } from "$lib/types/settings/v2";
 
 export type CobaltSettingsV3 = Omit<CobaltSettingsV2, 'schemaVersion' | 'save'> & {
     schemaVersion: 3,
diff --git a/web/src/lib/types/settings/v4.ts b/web/src/lib/types/settings/v4.ts
new file mode 100644
index 00000000..cf27a0f2
--- /dev/null
+++ b/web/src/lib/types/settings/v4.ts
@@ -0,0 +1,9 @@
+import { type CobaltSettingsV3 } from "$lib/types/settings/v3";
+
+export type CobaltSettingsV4 = Omit<CobaltSettingsV3, 'schemaVersion' | 'processing'> & {
+    schemaVersion: 4,
+    processing: Omit<CobaltSettingsV3['processing'], 'allowDefaultOverride' | 'seenOverrideWarning'> & {
+        customApiKey: string;
+        enableCustomApiKey: boolean;
+    };
+};

From 8415d0e4f36446bf9e5812ae75b3f346282faac8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 19:08:41 +0600
Subject: [PATCH 246/379] web/i18n/error: update invalid jwt token error

---
 web/i18n/en/error.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index 24434cbb..6cb04100 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -11,7 +11,7 @@
     "captcha_ongoing": "cloudflare turnstile is still checking if you're not a bot.\n\nif it takes too long, you can try: disabling weird browser extensions, changing networks, using a different browser, or checking your device for malware.",
 
     "api.auth.jwt.missing": "couldn't authenticate with the processing instance because the access token is missing. try again in a few seconds or reload the page!",
-    "api.auth.jwt.invalid": "couldn't authenticate with the processing instance because the access token expired. try again in a few seconds or reload the page!",
+    "api.auth.jwt.invalid": "couldn't authenticate with the processing instance because the access token is invalid. try again in a few seconds or reload the page!",
     "api.auth.turnstile.missing": "couldn't authenticate with the processing instance because the captcha solution is missing. try again in a few seconds or reload the page!",
     "api.auth.turnstile.invalid": "couldn't authenticate with the processing instance because the captcha solution is invalid. try again in a few seconds or reload the page!",
 

From 7c7cefe89bc1daea03ae85c413c84a57e2d18f8b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 19:11:19 +0600
Subject: [PATCH 247/379] web/settings: add a reusable `SettingsInput`
 component

---
 .../settings/CustomInstanceInput.svelte       | 167 ---------------
 .../components/settings/SettingsInput.svelte  | 193 ++++++++++++++++++
 .../routes/settings/instances/+page.svelte    |   9 +-
 3 files changed, 199 insertions(+), 170 deletions(-)
 delete mode 100644 web/src/components/settings/CustomInstanceInput.svelte
 create mode 100644 web/src/components/settings/SettingsInput.svelte

diff --git a/web/src/components/settings/CustomInstanceInput.svelte b/web/src/components/settings/CustomInstanceInput.svelte
deleted file mode 100644
index 7ebdb3cf..00000000
--- a/web/src/components/settings/CustomInstanceInput.svelte
+++ /dev/null
@@ -1,167 +0,0 @@
-<script lang="ts">
-    import { get } from "svelte/store";
-    import { t } from "$lib/i18n/translations";
-
-    import settings, { updateSetting } from "$lib/state/settings";
-    import { customInstanceWarning } from "$lib/api/safety-warning";
-
-    import IconX from "@tabler/icons-svelte/IconX.svelte";
-    import IconCheck from "@tabler/icons-svelte/IconCheck.svelte";
-
-    let inputValue = get(settings).processing.customInstanceURL;
-    let inputFocused = false;
-
-    let url: string;
-    let validUrl: boolean;
-
-    const checkUrl = () => {
-        try {
-            url = new URL(inputValue).origin.toString();
-            validUrl = true;
-        } catch {
-            validUrl = false;
-        }
-    };
-
-    const writeInput = () => {
-        let url;
-        try {
-            url = new URL(inputValue).origin.toString();
-        } catch {
-            return (validUrl = false);
-        }
-        updateSetting({
-            processing: {
-                customInstanceURL: url,
-            },
-        });
-        inputValue = get(settings).processing.customInstanceURL;
-    };
-</script>
-
-<div id="custom-instance-holder">
-    <div id="input-container" class:focused={inputFocused}>
-        <input
-            id="custom-instance-input"
-            bind:value={inputValue}
-            on:input={() => {
-                checkUrl();
-                inputFocused = true;
-            }}
-            on:input={() => (inputFocused = true)}
-            on:focus={() => (inputFocused = true)}
-            on:blur={() => (inputFocused = false)}
-            spellcheck="false"
-            autocomplete="off"
-            autocapitalize="off"
-            maxlength="64"
-            placeholder={$t("settings.processing.custom.placeholder")}
-        />
-    </div>
-    <div id="custom-instance-buttons">
-        <button
-            id="instance-save"
-            class="custom-instance-button"
-            aria-label={$t("button.save")}
-            disabled={inputValue == $settings.processing.customInstanceURL ||
-                !validUrl}
-            on:click={async () => {
-                await customInstanceWarning();
-                if ($settings.processing.seenCustomWarning) {
-                    if (inputValue) writeInput();
-                }
-            }}
-        >
-            <IconCheck />
-        </button>
-
-        <button
-            id="instance-reset"
-            class="custom-instance-button"
-            aria-label={$t("button.reset")}
-            disabled={$settings.processing.customInstanceURL.length <= 0}
-            on:click={() => {
-                updateSetting({
-                    processing: {
-                        customInstanceURL: "",
-                    },
-                });
-                inputValue = get(settings).processing.customInstanceURL;
-            }}
-        >
-            <IconX />
-        </button>
-    </div>
-</div>
-
-<style>
-    #custom-instance-holder {
-        display: flex;
-        gap: 6px;
-    }
-
-    #input-container {
-        padding: 0 18px;
-        border-radius: var(--border-radius);
-        color: var(--secondary);
-        background-color: var(--button);
-        box-shadow: var(--button-box-shadow);
-        display: flex;
-        align-items: center;
-        width: 100%;
-    }
-
-    #input-container,
-    #custom-instance-input {
-        font-size: 13.5px;
-        font-weight: 500;
-        min-width: 0;
-    }
-
-    #custom-instance-input {
-        flex: 1;
-        background-color: transparent;
-        color: var(--secondary);
-        border: none;
-        padding-block: 0;
-        padding-inline: 0;
-        padding: 12px 0;
-    }
-
-    #custom-instance-input::placeholder {
-        color: var(--gray);
-        /* fix for firefox */
-        opacity: 1;
-    }
-
-    #custom-instance-input:focus-visible {
-        box-shadow: unset !important;
-    }
-
-    #input-container.focused {
-        box-shadow: 0 0 0 2px var(--secondary) inset;
-    }
-
-    #custom-instance-buttons {
-        display: flex;
-        flex-direction: row;
-        gap: 6px;
-    }
-
-    .custom-instance-button {
-        height: 42px;
-        width: 42px;
-        padding: 0;
-    }
-
-    .custom-instance-button :global(svg) {
-        height: 21px;
-        width: 21px;
-        stroke-width: 1.5px;
-    }
-
-    .custom-instance-button[disabled] {
-        opacity: 0.5;
-        pointer-events: none;
-    }
-</style>
diff --git a/web/src/components/settings/SettingsInput.svelte b/web/src/components/settings/SettingsInput.svelte
new file mode 100644
index 00000000..3fda62b4
--- /dev/null
+++ b/web/src/components/settings/SettingsInput.svelte
@@ -0,0 +1,193 @@
+<script
+    lang="ts"
+    generics="
+        Context extends Exclude<keyof CobaltSettings, 'schemaVersion'>,
+        Id extends keyof CobaltSettings[Context]
+    "
+>
+    import { get } from "svelte/store";
+    import { t } from "$lib/i18n/translations";
+    import type { CobaltSettings } from "$lib/types/settings";
+
+    import settings, { updateSetting } from "$lib/state/settings";
+    import { customInstanceWarning } from "$lib/api/safety-warning";
+
+    import IconX from "@tabler/icons-svelte/IconX.svelte";
+    import IconCheck from "@tabler/icons-svelte/IconCheck.svelte";
+
+    export let settingId: Id;
+    export let settingContext: Context;
+    export let placeholder: string;
+    export let type: "url" | "uuid" = "url";
+
+    const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
+
+    let inputValue: string = String(get(settings)[settingContext][settingId]);
+    let inputFocused = false;
+
+    let validInput: boolean;
+
+    const checkInput = () => {
+        try {
+            if (type === "uuid") {
+                const regex = UUID_REGEX.test(inputValue);
+                if (!regex) throw new Error("invalid uuid");
+            } else {
+                new URL(inputValue).origin.toString();
+            }
+            validInput = true;
+        } catch {
+            validInput = false;
+        }
+    };
+
+    const writeInput = () => {
+        let input;
+        try {
+            if (type === "uuid") {
+                const regex = UUID_REGEX.test(inputValue);
+                if (regex) input = inputValue.toString();
+            } else {
+                input = new URL(inputValue).origin.toString();
+            }
+        } catch {
+            validInput = false;
+            return;
+        }
+
+        updateSetting({
+            [settingContext]: {
+                [settingId]: input,
+            },
+        });
+        inputValue = String(get(settings)[settingContext][settingId]);
+    };
+
+    const reset = () => {
+        updateSetting({
+            [settingContext]: {
+                [settingId]: "",
+            },
+        });
+        inputValue = String(get(settings)[settingContext][settingId]);
+    }
+
+    const save = async () => {
+        await customInstanceWarning();
+        if ($settings.processing.seenCustomWarning && inputValue) {
+            writeInput();
+        }
+    }
+</script>
+
+<div id="settings-input-holder">
+    <div id="input-container" class:focused={inputFocused}>
+        <input
+            id="input-box"
+            bind:value={inputValue}
+            on:input={() => checkInput()}
+            on:input={() => (inputFocused = true)}
+            on:focus={() => (inputFocused = true)}
+            on:blur={() => (inputFocused = false)}
+            spellcheck="false"
+            autocomplete="off"
+            autocapitalize="off"
+            maxlength="64"
+            {placeholder}
+        />
+    </div>
+
+    <div id="settings-input-buttons">
+        <button
+            class="settings-input-button"
+            aria-label={$t("button.save")}
+            disabled={
+                inputValue == $settings[settingContext][settingId] || !validInput
+            }
+            on:click={save}
+        >
+            <IconCheck />
+        </button>
+
+        <button
+            class="settings-input-button"
+            aria-label={$t("button.reset")}
+            disabled={String($settings[settingContext][settingId]).length <= 0}
+            on:click={() => reset()}
+        >
+            <IconX />
+        </button>
+    </div>
+</div>
+
+<style>
+    #settings-input-holder {
+        display: flex;
+        gap: 6px;
+    }
+
+    #input-container {
+        padding: 0 18px;
+        border-radius: var(--border-radius);
+        color: var(--secondary);
+        background-color: var(--button);
+        box-shadow: var(--button-box-shadow);
+        display: flex;
+        align-items: center;
+        width: 100%;
+    }
+
+    #input-container,
+    #input-box {
+        font-size: 13.5px;
+        font-weight: 500;
+        min-width: 0;
+    }
+
+    #input-box {
+        flex: 1;
+        background-color: transparent;
+        color: var(--secondary);
+        border: none;
+        padding-block: 0;
+        padding-inline: 0;
+        padding: 12px 0;
+    }
+
+    #input-box::placeholder {
+        color: var(--gray);
+        /* fix for firefox */
+        opacity: 1;
+    }
+
+    #input-box:focus-visible {
+        box-shadow: unset !important;
+    }
+
+    #input-container.focused {
+        box-shadow: 0 0 0 2px var(--secondary) inset;
+    }
+
+    #settings-input-buttons {
+        display: flex;
+        flex-direction: row;
+        gap: 6px;
+    }
+
+    .settings-input-button {
+        height: 42px;
+        width: 42px;
+        padding: 0;
+    }
+
+    .settings-input-button :global(svg) {
+        height: 21px;
+        width: 21px;
+        stroke-width: 1.5px;
+    }
+
+    .settings-input-button[disabled] {
+        opacity: 0.5;
+        pointer-events: none;
+    }
+</style>
diff --git a/web/src/routes/settings/instances/+page.svelte b/web/src/routes/settings/instances/+page.svelte
index 31b7934f..324a9af6 100644
--- a/web/src/routes/settings/instances/+page.svelte
+++ b/web/src/routes/settings/instances/+page.svelte
@@ -3,15 +3,14 @@
 
     import { t } from "$lib/i18n/translations";
 
+    import SettingsInput from "$components/settings/SettingsInput.svelte";
     import SettingsToggle from "$components/buttons/SettingsToggle.svelte";
     import SettingsCategory from "$components/settings/SettingsCategory.svelte";
-    import CustomInstanceInput from "$components/settings/CustomInstanceInput.svelte";
 </script>
 
 <SettingsCategory
     sectionId="community"
     title={$t("settings.processing.community")}
-    beta
 >
     <div class="category-inside-group">
         <SettingsToggle
@@ -20,7 +19,11 @@
             title={$t("settings.processing.enable_custom.title")}
         />
         {#if $settings.processing.enableCustomInstances}
-            <CustomInstanceInput />
+            <SettingsInput
+                settingContext="processing"
+                settingId="customInstanceURL"
+                placeholder="https://instance.url.example/"
+            />
         {/if}
     </div>
     <div class="subtext">

From 601597eb151eabfe7d87edf54f3144f2cc14df80 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 19:13:23 +0600
Subject: [PATCH 248/379] web: add support for custom api keys & improve
 turnstile states

---
 web/i18n/en/settings.json                     |  5 +-
 web/src/components/save/Omnibox.svelte        |  7 +--
 web/src/lib/api/api.ts                        | 60 ++++++++++++-------
 web/src/lib/state/turnstile.ts                | 15 ++++-
 web/src/routes/+layout.svelte                 | 28 +++++----
 .../routes/settings/instances/+page.svelte    | 26 ++++++++
 6 files changed, 101 insertions(+), 40 deletions(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index b18b375a..b4665ee9 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -114,9 +114,10 @@
     "advanced.data": "data management",
 
     "processing.community": "community instances",
-
     "processing.enable_custom.title": "use a custom processing server",
     "processing.enable_custom.description": "cobalt will use a custom processing server if you choose to. even though cobalt has some security measures in place, we are not responsible for any damages done via a community instance, as we have no control over them.\n\nplease be mindful of what instances you use and make sure they're hosted by people you trust.",
 
-    "processing.custom.placeholder": "custom instance domain"
+    "processing.access_key": "instance access key",
+    "processing.access_key.title": "use an instance access key",
+    "processing.access_key.description": "cobalt will use this key to make requests to the api instance."
 }
diff --git a/web/src/components/save/Omnibox.svelte b/web/src/components/save/Omnibox.svelte
index 108371ac..8da051d4 100644
--- a/web/src/components/save/Omnibox.svelte
+++ b/web/src/components/save/Omnibox.svelte
@@ -7,12 +7,11 @@
     import { SvelteComponent, tick } from "svelte";
 
     import { t } from "$lib/i18n/translations";
-    import { cachedInfo } from "$lib/api/server-info";
 
     import dialogs from "$lib/state/dialogs";
     import { link } from "$lib/state/omnibox";
     import { updateSetting } from "$lib/state/settings";
-    import { turnstileSolved } from "$lib/state/turnstile";
+    import { turnstileEnabled, turnstileSolved } from "$lib/state/turnstile";
 
     import type { Optional } from "$lib/types/generic";
     import type { DownloadModeOption } from "$lib/types/settings";
@@ -37,8 +36,8 @@
 
     let isDisabled = false;
     let isLoading = false;
-    $: isBotCheckOngoing =
-        !!$cachedInfo?.info?.cobalt?.turnstileSitekey && !$turnstileSolved;
+
+    $: isBotCheckOngoing = $turnstileEnabled && !$turnstileSolved;
 
     const validLink = (url: string) => {
         try {
diff --git a/web/src/lib/api/api.ts b/web/src/lib/api/api.ts
index f69c3323..0f2d5b9f 100644
--- a/web/src/lib/api/api.ts
+++ b/web/src/lib/api/api.ts
@@ -5,12 +5,45 @@ import lazySettingGetter from "$lib/settings/lazy-get";
 
 import { getSession } from "$lib/api/session";
 import { currentApiURL } from "$lib/api/api-url";
-import { turnstileSolved } from "$lib/state/turnstile";
+import { turnstileEnabled, turnstileSolved } from "$lib/state/turnstile";
 import { cachedInfo, getServerInfo } from "$lib/api/server-info";
 
 import type { Optional } from "$lib/types/generic";
 import type { CobaltAPIResponse, CobaltErrorResponse } from "$lib/types/api";
 
+const getAuthorization = async () => {
+    const processing = get(settings).processing;
+
+    if (get(turnstileEnabled)) {
+        if (!get(turnstileSolved)) {
+            return {
+                status: "error",
+                error: {
+                    code: "error.captcha_ongoing"
+                }
+            } as CobaltErrorResponse;
+        }
+
+        const session = await getSession();
+
+        if (session) {
+            if ("error" in session) {
+                if (session.error.code !== "error.api.auth.not_configured") {
+                    return session;
+                }
+            } else {
+                return `Bearer ${session.token}`;
+            }
+        }
+    }
+
+    if (processing.enableCustomApiKey && processing.customApiKey.length > 0) {
+        return `Api-Key ${processing.customApiKey}`;
+    }
+
+    return false;
+}
+
 const request = async (url: string) => {
     const getSetting = lazySettingGetter(get(settings));
 
@@ -49,31 +82,14 @@ const request = async (url: string) => {
         } as CobaltErrorResponse;
     }
 
-    if (getCachedInfo?.info?.cobalt?.turnstileSitekey && !get(turnstileSolved)) {
-        return {
-            status: "error",
-            error: {
-                code: "error.captcha_ongoing"
-            }
-        } as CobaltErrorResponse;
-    }
-
     const api = currentApiURL();
-
-    const session = getCachedInfo?.info?.cobalt?.turnstileSitekey
-                    ? await getSession() : undefined;
+    const authorization = await getAuthorization();
 
     let extraHeaders = {}
 
-    if (session) {
-        if ("error" in session) {
-            if (session.error.code !== "error.api.auth.not_configured") {
-                return session;
-            }
-        } else {
-            extraHeaders = {
-                "Authorization": `Bearer ${session.token}`,
-            };
+    if (authorization) {
+        extraHeaders = {
+            "Authorization": authorization
         }
     }
 
diff --git a/web/src/lib/state/turnstile.ts b/web/src/lib/state/turnstile.ts
index 12231b11..fffd90da 100644
--- a/web/src/lib/state/turnstile.ts
+++ b/web/src/lib/state/turnstile.ts
@@ -1,4 +1,17 @@
-import { writable } from "svelte/store";
+import settings from "$lib/state/settings";
+import { cachedInfo } from "$lib/api/server-info";
+import { derived, writable } from "svelte/store";
 
 export const turnstileSolved = writable(false);
 export const turnstileCreated = writable(false);
+
+export const turnstileEnabled = derived(
+    [settings, cachedInfo],
+    ([$settings, $cachedInfo]) => {
+        return !!$cachedInfo?.info?.cobalt?.turnstileSitekey &&
+            !(
+                $settings.processing.enableCustomApiKey &&
+                $settings.processing.customApiKey.length > 0
+            )
+    }
+)
diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 8f3a4f17..1a878aff 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -7,18 +7,18 @@
     import { updated } from "$app/stores";
     import { browser } from "$app/environment";
     import { afterNavigate } from "$app/navigation";
-    import { getServerInfo, cachedInfo } from "$lib/api/server-info";
+    import { getServerInfo } from "$lib/api/server-info";
 
     import "$lib/polyfills";
     import env from "$lib/env";
-    import settings from "$lib/state/settings";
     import locale from "$lib/i18n/locale";
+    import settings from "$lib/state/settings";
 
     import { t } from "$lib/i18n/translations";
 
     import { device, app } from "$lib/device";
-    import { turnstileCreated } from "$lib/state/turnstile";
     import currentTheme, { statusBarColors } from "$lib/state/theme";
+    import { turnstileCreated, turnstileEnabled } from "$lib/state/turnstile";
 
     import Sidebar from "$components/sidebar/Sidebar.svelte";
     import Turnstile from "$components/misc/Turnstile.svelte";
@@ -28,13 +28,12 @@
 
     $: reduceMotion =
         $settings.appearance.reduceMotion || device.prefers.reducedMotion;
+
     $: reduceTransparency =
         $settings.appearance.reduceTransparency ||
         device.prefers.reducedTransparency;
 
-    $: spawnTurnstile = !!$cachedInfo?.info?.cobalt?.turnstileSitekey;
-
-    afterNavigate(async() => {
+    afterNavigate(async () => {
         const to_focus: HTMLElement | null =
             document.querySelector("[data-first-focus]");
         to_focus?.focus();
@@ -46,11 +45,14 @@
 </script>
 
 <svelte:head>
-    <meta name="description" content={$t("general.embed.description")}>
-    <meta property="og:description" content={$t("general.embed.description")}>
+    <meta name="description" content={$t("general.embed.description")} />
+    <meta property="og:description" content={$t("general.embed.description")} />
 
     {#if env.HOST}
-        <meta property="og:url" content="https://{env.HOST}{$page.url.pathname}">
+        <meta
+            property="og:url"
+            content="https://{env.HOST}{$page.url.pathname}"
+        />
     {/if}
 
     {#if device.is.mobile}
@@ -67,7 +69,11 @@
     {/if}
 </svelte:head>
 
-<div style="display: contents" data-theme={browser ? $currentTheme : undefined} lang={$locale}>
+<div
+    style="display: contents"
+    data-theme={browser ? $currentTheme : undefined}
+    lang={$locale}
+>
     <div
         id="cobalt"
         class:loaded={browser}
@@ -84,7 +90,7 @@
         <DialogHolder />
         <Sidebar />
         <div id="content">
-            {#if (spawnTurnstile && $page.url.pathname === "/") || $turnstileCreated}
+            {#if ($turnstileEnabled && $page.url.pathname === "/") || $turnstileCreated}
                 <Turnstile />
             {/if}
             <slot></slot>
diff --git a/web/src/routes/settings/instances/+page.svelte b/web/src/routes/settings/instances/+page.svelte
index 324a9af6..6b749e21 100644
--- a/web/src/routes/settings/instances/+page.svelte
+++ b/web/src/routes/settings/instances/+page.svelte
@@ -31,6 +31,32 @@
     </div>
 </SettingsCategory>
 
+{#if $settings.processing.enableCustomInstances}
+    <SettingsCategory
+        sectionId="community"
+        title={$t("settings.processing.access_key")}
+    >
+        <div class="category-inside-group">
+            <SettingsToggle
+                settingContext="processing"
+                settingId="enableCustomApiKey"
+                title={$t("settings.processing.access_key.title")}
+            />
+            {#if $settings.processing.enableCustomApiKey}
+                <SettingsInput
+                    settingContext="processing"
+                    settingId="customApiKey"
+                    placeholder="00000000-0000-0000-0000-000000000000"
+                    type="uuid"
+                />
+            {/if}
+        </div>
+        <div class="subtext">
+            {$t("settings.processing.access_key.description")}
+        </div>
+    </SettingsCategory>
+{/if}
+
 <style>
     .category-inside-group {
         display: flex;

From d4044e335026722195c4f52f69ef7da93be1dfef Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 19:14:14 +0600
Subject: [PATCH 249/379] web/server-info: remove turnstile in more cases

---
 web/src/lib/api/server-info.ts | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/web/src/lib/api/server-info.ts b/web/src/lib/api/server-info.ts
index 0f36ceff..c0ceee31 100644
--- a/web/src/lib/api/server-info.ts
+++ b/web/src/lib/api/server-info.ts
@@ -2,6 +2,7 @@ import { browser } from "$app/environment";
 
 import { get, writable } from "svelte/store";
 import { currentApiURL } from "$lib/api/api-url";
+import { turnstileCreated, turnstileEnabled, turnstileSolved } from "$lib/state/turnstile";
 
 import type { CobaltServerInfoResponse, CobaltErrorResponse, CobaltServerInfo } from "$lib/types/api";
 
@@ -34,10 +35,18 @@ const request = async () => {
     return response;
 }
 
+// reload the page if turnstile is now disabled, but was previously loaded and not solved
+const reloadIfTurnstileDisabled = () => {
+    if (browser && !get(turnstileEnabled) && get(turnstileCreated) && !get(turnstileSolved)) {
+        window.location.reload();
+    }
+}
+
 export const getServerInfo = async () => {
     const cache = get(cachedInfo);
 
     if (cache && cache.origin === currentApiURL()) {
+        reloadIfTurnstileDisabled();
         return true
     }
 
@@ -54,10 +63,12 @@ export const getServerInfo = async () => {
         });
 
         // reload the page if turnstile sitekey changed
-        if (cache && cache?.info?.cobalt?.turnstileSitekey !== freshInfo?.cobalt?.turnstileSitekey) {
-            if (browser) window.location.reload();
+        if (browser && get(turnstileEnabled) && cache && cache?.info?.cobalt?.turnstileSitekey !== freshInfo?.cobalt?.turnstileSitekey) {
+            window.location.reload();
         }
 
+        reloadIfTurnstileDisabled();
+
         return true;
     }
 

From 326bc52f277c3e12f311c27b36f2956d6d283de7 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sat, 23 Nov 2024 14:37:23 +0000
Subject: [PATCH 250/379] web: fix turnstile/server-info circular dependency

---
 web/src/components/misc/Turnstile.svelte         | 2 +-
 web/src/components/save/SupportedServices.svelte | 3 ++-
 web/src/lib/api/api.ts                           | 3 ++-
 web/src/lib/api/server-info.ts                   | 6 ++----
 web/src/lib/state/server-info.ts                 | 4 ++++
 web/src/lib/state/turnstile.ts                   | 2 +-
 6 files changed, 12 insertions(+), 8 deletions(-)
 create mode 100644 web/src/lib/state/server-info.ts

diff --git a/web/src/components/misc/Turnstile.svelte b/web/src/components/misc/Turnstile.svelte
index adedb0ee..96daf18e 100644
--- a/web/src/components/misc/Turnstile.svelte
+++ b/web/src/components/misc/Turnstile.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
     import { onMount } from "svelte";
 
-    import { cachedInfo } from "$lib/api/server-info";
+    import cachedInfo from "$lib/state/server-info";
     import { turnstileSolved, turnstileCreated } from "$lib/state/turnstile";
 
     import turnstile from "$lib/api/turnstile";
diff --git a/web/src/components/save/SupportedServices.svelte b/web/src/components/save/SupportedServices.svelte
index 099fefa6..32129f20 100644
--- a/web/src/components/save/SupportedServices.svelte
+++ b/web/src/components/save/SupportedServices.svelte
@@ -1,6 +1,7 @@
 <script lang="ts">
     import { t } from "$lib/i18n/translations";
-    import { getServerInfo, cachedInfo } from "$lib/api/server-info";
+    import { getServerInfo } from "$lib/api/server-info";
+    import cachedInfo from "$lib/state/server-info";
 
     import Skeleton from "$components/misc/Skeleton.svelte";
     import IconPlus from "@tabler/icons-svelte/IconPlus.svelte";
diff --git a/web/src/lib/api/api.ts b/web/src/lib/api/api.ts
index 0f2d5b9f..d8424a00 100644
--- a/web/src/lib/api/api.ts
+++ b/web/src/lib/api/api.ts
@@ -6,7 +6,8 @@ import lazySettingGetter from "$lib/settings/lazy-get";
 import { getSession } from "$lib/api/session";
 import { currentApiURL } from "$lib/api/api-url";
 import { turnstileEnabled, turnstileSolved } from "$lib/state/turnstile";
-import { cachedInfo, getServerInfo } from "$lib/api/server-info";
+import cachedInfo from "$lib/state/server-info";
+import { getServerInfo } from "$lib/api/server-info";
 
 import type { Optional } from "$lib/types/generic";
 import type { CobaltAPIResponse, CobaltErrorResponse } from "$lib/types/api";
diff --git a/web/src/lib/api/server-info.ts b/web/src/lib/api/server-info.ts
index c0ceee31..0b905fc3 100644
--- a/web/src/lib/api/server-info.ts
+++ b/web/src/lib/api/server-info.ts
@@ -1,9 +1,9 @@
 import { browser } from "$app/environment";
 
-import { get, writable } from "svelte/store";
+import { get } from "svelte/store";
 import { currentApiURL } from "$lib/api/api-url";
 import { turnstileCreated, turnstileEnabled, turnstileSolved } from "$lib/state/turnstile";
-
+import cachedInfo from "$lib/state/server-info";
 import type { CobaltServerInfoResponse, CobaltErrorResponse, CobaltServerInfo } from "$lib/types/api";
 
 export type CobaltServerInfoCache = {
@@ -11,8 +11,6 @@ export type CobaltServerInfoCache = {
     origin: string,
 }
 
-export const cachedInfo = writable<CobaltServerInfoCache | undefined>();
-
 const request = async () => {
     const apiEndpoint = `${currentApiURL()}/`;
 
diff --git a/web/src/lib/state/server-info.ts b/web/src/lib/state/server-info.ts
new file mode 100644
index 00000000..821d1433
--- /dev/null
+++ b/web/src/lib/state/server-info.ts
@@ -0,0 +1,4 @@
+import { writable } from "svelte/store";
+import * as ServerInfo from "$lib/api/server-info";
+
+export default writable<ServerInfo.CobaltServerInfoCache | undefined>();
diff --git a/web/src/lib/state/turnstile.ts b/web/src/lib/state/turnstile.ts
index fffd90da..9024247d 100644
--- a/web/src/lib/state/turnstile.ts
+++ b/web/src/lib/state/turnstile.ts
@@ -1,5 +1,5 @@
 import settings from "$lib/state/settings";
-import { cachedInfo } from "$lib/api/server-info";
+import cachedInfo from "$lib/state/server-info";
 import { derived, writable } from "svelte/store";
 
 export const turnstileSolved = writable(false);

From a9831a40a3cc576bce5beff86541cce44f7b7e36 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 23:21:54 +0600
Subject: [PATCH 251/379] web/SettingsInput: fix uuid support & refactor

---
 .../components/settings/SettingsInput.svelte  | 79 +++++++------------
 .../routes/settings/instances/+page.svelte    |  1 +
 2 files changed, 30 insertions(+), 50 deletions(-)

diff --git a/web/src/components/settings/SettingsInput.svelte b/web/src/components/settings/SettingsInput.svelte
index 3fda62b4..0c96e338 100644
--- a/web/src/components/settings/SettingsInput.svelte
+++ b/web/src/components/settings/SettingsInput.svelte
@@ -19,73 +19,52 @@
     export let settingContext: Context;
     export let placeholder: string;
     export let type: "url" | "uuid" = "url";
+    export let showInstanceWarning = false;
 
-    const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
+    const regex = {
+        url: "https?:\\/\\/[a-z0-9.\\-]+(:\\d+)?/?",
+        uuid: "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
+    };
+
+    let input: HTMLInputElement;
 
     let inputValue: string = String(get(settings)[settingContext][settingId]);
     let inputFocused = false;
 
     let validInput: boolean;
 
-    const checkInput = () => {
-        try {
-            if (type === "uuid") {
-                const regex = UUID_REGEX.test(inputValue);
-                if (!regex) throw new Error("invalid uuid");
-            } else {
-                new URL(inputValue).origin.toString();
-            }
-            validInput = true;
-        } catch {
-            validInput = false;
-        }
+    const writeToSettings = (value: string, type: "url" | "uuid" | "text") => {
+        updateSetting({
+            [settingContext]: {
+                [settingId]:
+                    type === "url" ? new URL(value).origin.toString() : value,
+            },
+        });
+        inputValue = String(get(settings)[settingContext][settingId]);
     };
 
-    const writeInput = () => {
-        let input;
-        try {
-            if (type === "uuid") {
-                const regex = UUID_REGEX.test(inputValue);
-                if (regex) input = inputValue.toString();
-            } else {
-                input = new URL(inputValue).origin.toString();
+    const save = async () => {
+        if (showInstanceWarning) {
+            await customInstanceWarning();
+
+            if ($settings.processing.seenCustomWarning && inputValue) {
+                return writeToSettings(inputValue, type);
             }
-        } catch {
-            validInput = false;
+
             return;
         }
 
-        updateSetting({
-            [settingContext]: {
-                [settingId]: input,
-            },
-        });
-        inputValue = String(get(settings)[settingContext][settingId]);
+        return writeToSettings(inputValue, type);
     };
-
-    const reset = () => {
-        updateSetting({
-            [settingContext]: {
-                [settingId]: "",
-            },
-        });
-        inputValue = String(get(settings)[settingContext][settingId]);
-    }
-
-    const save = async () => {
-        await customInstanceWarning();
-        if ($settings.processing.seenCustomWarning && inputValue) {
-            writeInput();
-        }
-    }
 </script>
 
 <div id="settings-input-holder">
     <div id="input-container" class:focused={inputFocused}>
         <input
             id="input-box"
+            bind:this={input}
             bind:value={inputValue}
-            on:input={() => checkInput()}
+            on:input={() => (validInput = input.checkValidity())}
             on:input={() => (inputFocused = true)}
             on:focus={() => (inputFocused = true)}
             on:blur={() => (inputFocused = false)}
@@ -93,6 +72,7 @@
             autocomplete="off"
             autocapitalize="off"
             maxlength="64"
+            pattern={regex[type]}
             {placeholder}
         />
     </div>
@@ -101,9 +81,8 @@
         <button
             class="settings-input-button"
             aria-label={$t("button.save")}
-            disabled={
-                inputValue == $settings[settingContext][settingId] || !validInput
-            }
+            disabled={inputValue == $settings[settingContext][settingId] ||
+                !validInput}
             on:click={save}
         >
             <IconCheck />
@@ -113,7 +92,7 @@
             class="settings-input-button"
             aria-label={$t("button.reset")}
             disabled={String($settings[settingContext][settingId]).length <= 0}
-            on:click={() => reset()}
+            on:click={() => writeToSettings("", "text")}
         >
             <IconX />
         </button>
diff --git a/web/src/routes/settings/instances/+page.svelte b/web/src/routes/settings/instances/+page.svelte
index 6b749e21..b1f318c7 100644
--- a/web/src/routes/settings/instances/+page.svelte
+++ b/web/src/routes/settings/instances/+page.svelte
@@ -23,6 +23,7 @@
                 settingContext="processing"
                 settingId="customInstanceURL"
                 placeholder="https://instance.url.example/"
+                showInstanceWarning
             />
         {/if}
     </div>

From adb1cacd9dd9a461796c71757b04814539da48bd Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 23:22:08 +0600
Subject: [PATCH 252/379] web/i18n/settings: update access key description

---
 web/i18n/en/settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index b4665ee9..6e754e97 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -119,5 +119,5 @@
 
     "processing.access_key": "instance access key",
     "processing.access_key.title": "use an instance access key",
-    "processing.access_key.description": "cobalt will use this key to make requests to the api instance."
+    "processing.access_key.description": "cobalt will use this key to make requests to the processing instance instead of other authentication methods. make sure the instance supports api keys!"
 }

From 61291980249522e0bd82d29c0644887cfd496ffb Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 23 Nov 2024 23:22:47 +0600
Subject: [PATCH 253/379] web/settings/instances: always display the access key
 section

---
 .../routes/settings/instances/+page.svelte    | 44 +++++++++----------
 1 file changed, 21 insertions(+), 23 deletions(-)

diff --git a/web/src/routes/settings/instances/+page.svelte b/web/src/routes/settings/instances/+page.svelte
index b1f318c7..887440fc 100644
--- a/web/src/routes/settings/instances/+page.svelte
+++ b/web/src/routes/settings/instances/+page.svelte
@@ -32,31 +32,29 @@
     </div>
 </SettingsCategory>
 
-{#if $settings.processing.enableCustomInstances}
-    <SettingsCategory
-        sectionId="community"
-        title={$t("settings.processing.access_key")}
-    >
-        <div class="category-inside-group">
-            <SettingsToggle
+<SettingsCategory
+    sectionId="community"
+    title={$t("settings.processing.access_key")}
+>
+    <div class="category-inside-group">
+        <SettingsToggle
+            settingContext="processing"
+            settingId="enableCustomApiKey"
+            title={$t("settings.processing.access_key.title")}
+        />
+        {#if $settings.processing.enableCustomApiKey}
+            <SettingsInput
                 settingContext="processing"
-                settingId="enableCustomApiKey"
-                title={$t("settings.processing.access_key.title")}
+                settingId="customApiKey"
+                placeholder="00000000-0000-0000-0000-000000000000"
+                type="uuid"
             />
-            {#if $settings.processing.enableCustomApiKey}
-                <SettingsInput
-                    settingContext="processing"
-                    settingId="customApiKey"
-                    placeholder="00000000-0000-0000-0000-000000000000"
-                    type="uuid"
-                />
-            {/if}
-        </div>
-        <div class="subtext">
-            {$t("settings.processing.access_key.description")}
-        </div>
-    </SettingsCategory>
-{/if}
+        {/if}
+    </div>
+    <div class="subtext">
+        {$t("settings.processing.access_key.description")}
+    </div>
+</SettingsCategory>
 
 <style>
     .category-inside-group {

From 0b6270e7459c536e17c103585574afe704528cfb Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 00:12:35 +0600
Subject: [PATCH 254/379] web/SettingsInput: better screen reader accessibility

aria-label is now read instead of placeholders, cuz lengthy ones like uuid are a sensory overload and could confuse people. instead, now we make a fake ui placeholder (because there's no other way to have exclusively aria-label while also showing placeholder normally)
---
 web/i18n/en/settings.json                     |  7 +++--
 .../components/settings/SettingsInput.svelte  | 28 ++++++++++++++-----
 .../routes/settings/instances/+page.svelte    |  2 ++
 3 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index 6e754e97..dc876b8e 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -115,9 +115,12 @@
 
     "processing.community": "community instances",
     "processing.enable_custom.title": "use a custom processing server",
-    "processing.enable_custom.description": "cobalt will use a custom processing server if you choose to. even though cobalt has some security measures in place, we are not responsible for any damages done via a community instance, as we have no control over them.\n\nplease be mindful of what instances you use and make sure they're hosted by people you trust.",
+    "processing.enable_custom.description": "cobalt will use a custom processing instance if you choose to. even though cobalt has some security measures in place, we are not responsible for any damages done via a community instance, as we have no control over them.\n\nplease be mindful of what instances you use and make sure they're hosted by people you trust.",
 
     "processing.access_key": "instance access key",
     "processing.access_key.title": "use an instance access key",
-    "processing.access_key.description": "cobalt will use this key to make requests to the processing instance instead of other authentication methods. make sure the instance supports api keys!"
+    "processing.access_key.description": "cobalt will use this key to make requests to the processing instance instead of other authentication methods. make sure the instance supports api keys!",
+
+    "processing.custom_instance.input.alt_text": "custom instance domain",
+    "processing.access_key.input.alt_text": "u-u-i-d access key"
 }
diff --git a/web/src/components/settings/SettingsInput.svelte b/web/src/components/settings/SettingsInput.svelte
index 0c96e338..4a3fc373 100644
--- a/web/src/components/settings/SettingsInput.svelte
+++ b/web/src/components/settings/SettingsInput.svelte
@@ -18,6 +18,7 @@
     export let settingId: Id;
     export let settingContext: Context;
     export let placeholder: string;
+    export let altText: string;
     export let type: "url" | "uuid" = "url";
     export let showInstanceWarning = false;
 
@@ -27,11 +28,9 @@
     };
 
     let input: HTMLInputElement;
-
     let inputValue: string = String(get(settings)[settingContext][settingId]);
     let inputFocused = false;
-
-    let validInput: boolean;
+    let validInput = false;
 
     const writeToSettings = (value: string, type: "url" | "uuid" | "text") => {
         updateSetting({
@@ -59,7 +58,7 @@
 </script>
 
 <div id="settings-input-holder">
-    <div id="input-container" class:focused={inputFocused}>
+    <div id="input-container" class:focused={inputFocused} aria-hidden="false">
         <input
             id="input-box"
             bind:this={input}
@@ -73,16 +72,22 @@
             autocapitalize="off"
             maxlength="64"
             pattern={regex[type]}
-            {placeholder}
+            aria-label={altText}
+            aria-hidden="false"
         />
+
+        {#if inputValue.length === 0}
+            <span class="input-placeholder" aria-hidden="true">
+                {placeholder}
+            </span>
+        {/if}
     </div>
 
     <div id="settings-input-buttons">
         <button
             class="settings-input-button"
             aria-label={$t("button.save")}
-            disabled={inputValue == $settings[settingContext][settingId] ||
-                !validInput}
+            disabled={inputValue == $settings[settingContext][settingId] || !validInput}
             on:click={save}
         >
             <IconCheck />
@@ -114,6 +119,8 @@
         display: flex;
         align-items: center;
         width: 100%;
+        position: relative;
+        overflow: hidden;
     }
 
     #input-container,
@@ -139,6 +146,13 @@
         opacity: 1;
     }
 
+    .input-placeholder {
+        position: absolute;
+        color: var(--gray);
+        pointer-events: none;
+        white-space: nowrap;
+    }
+
     #input-box:focus-visible {
         box-shadow: unset !important;
     }
diff --git a/web/src/routes/settings/instances/+page.svelte b/web/src/routes/settings/instances/+page.svelte
index 887440fc..6ae2c3f8 100644
--- a/web/src/routes/settings/instances/+page.svelte
+++ b/web/src/routes/settings/instances/+page.svelte
@@ -24,6 +24,7 @@
                 settingId="customInstanceURL"
                 placeholder="https://instance.url.example/"
                 showInstanceWarning
+                altText={$t("settings.processing.custom_instance.input.alt_text")}
             />
         {/if}
     </div>
@@ -47,6 +48,7 @@
                 settingContext="processing"
                 settingId="customApiKey"
                 placeholder="00000000-0000-0000-0000-000000000000"
+                altText={$t("settings.processing.access_key.input.alt_text")}
                 type="uuid"
             />
         {/if}

From 57734822eab706e3439aa830a1f63954bcfff4ef Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 00:23:06 +0600
Subject: [PATCH 255/379] web/settings/migrate: refactor, migrate to v4 schema

why the fuck was tab 2 spaces here
---
 web/src/lib/settings/migrate.ts | 66 ++++++++++++++++++++-------------
 1 file changed, 40 insertions(+), 26 deletions(-)

diff --git a/web/src/lib/settings/migrate.ts b/web/src/lib/settings/migrate.ts
index e452b6f8..4054a0b4 100644
--- a/web/src/lib/settings/migrate.ts
+++ b/web/src/lib/settings/migrate.ts
@@ -1,38 +1,52 @@
 import type { RecursivePartial } from "$lib/types/generic";
 import type {
-  AllPartialSettingsWithSchema,
-  CobaltSettingsV3,
-  PartialSettings,
+    AllPartialSettingsWithSchema,
+    CobaltSettingsV3,
+    CobaltSettingsV4,
+    PartialSettings,
 } from "$lib/types/settings";
 import { getBrowserLanguage } from "$lib/settings/youtube-lang";
 
-type Migrator = (
-  s: AllPartialSettingsWithSchema
-) => AllPartialSettingsWithSchema;
+type Migrator = (s: AllPartialSettingsWithSchema) => AllPartialSettingsWithSchema;
+
 const migrations: Record<number, Migrator> = {
-  [3]: (settings: AllPartialSettingsWithSchema) => {
-    const out = settings as RecursivePartial<CobaltSettingsV3>;
-    out.schemaVersion = 3;
+    [3]: (settings: AllPartialSettingsWithSchema) => {
+        const out = settings as RecursivePartial<CobaltSettingsV3>;
+        out.schemaVersion = 3;
 
-    if (settings?.save && "youtubeDubBrowserLang" in settings.save) {
-      if (settings.save.youtubeDubBrowserLang) {
-        out.save!.youtubeDubLang = getBrowserLanguage();
-      }
+        if (settings?.save && "youtubeDubBrowserLang" in settings.save) {
+            if (settings.save.youtubeDubBrowserLang) {
+                out.save!.youtubeDubLang = getBrowserLanguage();
+            }
 
-      delete settings.save.youtubeDubBrowserLang;
-    }
+            delete settings.save.youtubeDubBrowserLang;
+        }
 
-    return out as AllPartialSettingsWithSchema;
-  },
+        return out as AllPartialSettingsWithSchema;
+    },
+
+    [4]: (settings: AllPartialSettingsWithSchema) => {
+        const out = settings as RecursivePartial<CobaltSettingsV4>;
+        out.schemaVersion = 4;
+
+        if (settings?.processing) {
+            if ("allowDefaultOverride" in settings.processing) {
+                delete settings.processing.allowDefaultOverride;
+            }
+            if ("seenOverrideWarning" in settings.processing) {
+                delete settings.processing.seenOverrideWarning;
+            }
+        }
+
+        return out as AllPartialSettingsWithSchema;
+    },
 };
 
-export const migrate = (
-  settings: AllPartialSettingsWithSchema
-): PartialSettings => {
-  return Object.keys(migrations)
-    .map(Number)
-    .filter((version) => version > settings.schemaVersion)
-    .reduce((settings, migrationVersion) => {
-      return migrations[migrationVersion](settings);
-    }, settings as AllPartialSettingsWithSchema) as PartialSettings;
+export const migrate = (settings: AllPartialSettingsWithSchema): PartialSettings => {
+    return Object.keys(migrations)
+        .map(Number)
+        .filter((version) => version > settings.schemaVersion)
+        .reduce((settings, migrationVersion) => {
+            return migrations[migrationVersion](settings);
+        }, settings as AllPartialSettingsWithSchema) as PartialSettings;
 };

From b1392cdc03a41500aeac244d5b4b2b38da3a1e7d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 00:33:36 +0600
Subject: [PATCH 256/379] web/settings/instances: update access key section id

---
 web/src/routes/settings/instances/+page.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/routes/settings/instances/+page.svelte b/web/src/routes/settings/instances/+page.svelte
index 6ae2c3f8..d795bebd 100644
--- a/web/src/routes/settings/instances/+page.svelte
+++ b/web/src/routes/settings/instances/+page.svelte
@@ -34,7 +34,7 @@
 </SettingsCategory>
 
 <SettingsCategory
-    sectionId="community"
+    sectionId="access-key"
     title={$t("settings.processing.access_key")}
 >
     <div class="category-inside-group">

From 4ca94aa2cdea7c625078f6c1bfc49a65ecab34de Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 00:37:40 +0600
Subject: [PATCH 257/379] web/package: bump version to 10.4

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index b4023897..e5f150df 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.3.2",
+    "version": "10.4",
     "type": "module",
     "private": true,
     "scripts": {

From 6bb412852d7ffe00f11c31f2e1d0d6b969ca3518 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 00:37:52 +0600
Subject: [PATCH 258/379] api/package: bump version to 10.4

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 153c198f..20fc4a74 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.3.3",
+    "version": "10.4",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From d8f3bbe0f3b81a25ea2f3b476056384bfddb3f8c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 13:37:36 +0600
Subject: [PATCH 259/379] web/lib/api: return errors from authorization
 function

---
 web/src/lib/api/api.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/web/src/lib/api/api.ts b/web/src/lib/api/api.ts
index d8424a00..89fba727 100644
--- a/web/src/lib/api/api.ts
+++ b/web/src/lib/api/api.ts
@@ -41,8 +41,6 @@ const getAuthorization = async () => {
     if (processing.enableCustomApiKey && processing.customApiKey.length > 0) {
         return `Api-Key ${processing.customApiKey}`;
     }
-
-    return false;
 }
 
 const request = async (url: string) => {
@@ -86,7 +84,11 @@ const request = async (url: string) => {
     const api = currentApiURL();
     const authorization = await getAuthorization();
 
-    let extraHeaders = {}
+    if (authorization && typeof authorization !== "string") {
+        return authorization;
+    }
+
+    let extraHeaders = {};
 
     if (authorization) {
         extraHeaders = {

From b737dbacd6570325f3932ddadbf3e7c62ff561be Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 14:08:06 +0600
Subject: [PATCH 260/379] web/i18n/error: add api key errors

---
 web/i18n/en/error.json | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index 6cb04100..369a4daf 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -8,13 +8,22 @@
 
     "tunnel.probe": "couldn't test this tunnel. your browser or network configuration may be blocking access to one of cobalt servers. are you sure you don't have any weird browser extensions?",
 
-    "captcha_ongoing": "cloudflare turnstile is still checking if you're not a bot.\n\nif it takes too long, you can try: disabling weird browser extensions, changing networks, using a different browser, or checking your device for malware.",
+    "captcha_ongoing": "cloudflare turnstile is still checking if you're not a bot. if it takes too long, you can try: disabling weird browser extensions, changing networks, using a different browser, or checking your device for malware.",
 
     "api.auth.jwt.missing": "couldn't authenticate with the processing instance because the access token is missing. try again in a few seconds or reload the page!",
     "api.auth.jwt.invalid": "couldn't authenticate with the processing instance because the access token is invalid. try again in a few seconds or reload the page!",
     "api.auth.turnstile.missing": "couldn't authenticate with the processing instance because the captcha solution is missing. try again in a few seconds or reload the page!",
     "api.auth.turnstile.invalid": "couldn't authenticate with the processing instance because the captcha solution is invalid. try again in a few seconds or reload the page!",
 
+    "api.auth.key.missing": "an access key is required to use this processing instance but it's missing. add it in instance settings!",
+    "api.auth.key.not_api_key": "an access key is required to use this processing instance but it's missing. add it in instance settings!",
+
+    "api.auth.key.invalid": "the access key is invalid. reset it in instance settings and use a proper one!",
+    "api.auth.key.not_found": "the access key you used couldn't be found. are you sure this instance has your key?",
+    "api.auth.key.invalid_ip": "your ip address couldn't be parsed. something went very wrong. report this issue!",
+    "api.auth.key.ip_not_allowed": "your ip address is not allowed to use this access key. use a different instance or network!",
+    "api.auth.key.ua_not_allowed": "your user agent is not allowed to use this access key. use a different client or device!",
+
     "api.unreachable": "couldn't connect to the processing instance. check your internet connection and try again!",
     "api.timed_out": "the processing instance took too long to respond. it may be overwhelmed at the moment, try again in a few seconds!",
     "api.rate_exceeded": "you're making too many requests. try again in {{ limit }} seconds.",

From 7fc3d70d71b997d284dfe6f133b7cefc88c027f2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 14:19:40 +0600
Subject: [PATCH 261/379] web/remux: fix scroll on short screens

---
 web/src/routes/remux/+page.svelte | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/web/src/routes/remux/+page.svelte b/web/src/routes/remux/+page.svelte
index 282e19ac..4e929b09 100644
--- a/web/src/routes/remux/+page.svelte
+++ b/web/src/routes/remux/+page.svelte
@@ -207,7 +207,12 @@
     />
 </svelte:head>
 
-<DropReceiver id="remux-container" bind:draggedOver bind:file>
+<DropReceiver
+    bind:file
+    bind:draggedOver
+    id="remux-container"
+    classes={processing ? "processing" : ""}
+>
     <div
         id="remux-open"
         class:processing
@@ -372,4 +377,12 @@
             gap: var(--padding);
         }
     }
+
+    @media screen and (max-height: 750px) and (max-width: 535px) {
+        :global(#remux-container:not(.processing)) {
+            justify-content: start;
+            align-items: start;
+            padding-top: var(--padding);
+        }
+    }
 </style>

From da5cd3e3246be009b6145b3d6d17f2b5aa4fc39b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 14:30:02 +0600
Subject: [PATCH 262/379] web/DonateBanner: optimize for rtl layouts

---
 web/src/components/donate/DonateBanner.svelte | 21 ++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/web/src/components/donate/DonateBanner.svelte b/web/src/components/donate/DonateBanner.svelte
index 0b2f1fb1..27482e25 100644
--- a/web/src/components/donate/DonateBanner.svelte
+++ b/web/src/components/donate/DonateBanner.svelte
@@ -100,6 +100,10 @@
         bottom: 0;
     }
 
+    #banner-right:dir(rtl) {
+        position: relative;
+    }
+
     #imput-logo {
         display: flex;
     }
@@ -121,6 +125,11 @@
         max-width: 55%;
     }
 
+    #banner-left:dir(rtl) {
+        padding-right: 47px;
+        padding-left: 0px;
+    }
+
     #banner-title {
         font-family: serif;
         font-size: 48px;
@@ -202,11 +211,6 @@
             display: none;
         }
 
-        #banner-left {
-            max-width: 100%;
-            padding: 55px;
-        }
-
         #banner-background {
             mask-image: linear-gradient(
                 180deg,
@@ -219,7 +223,9 @@
             justify-content: center;
         }
 
-        #banner-left {
+        #banner-left,
+        #banner-left:dir(rtl) {
+            max-width: 100%;
             padding: 45px 12px;
             gap: 14px;
             align-items: center;
@@ -238,7 +244,8 @@
     }
 
     @media screen and (max-width: 550px) {
-        #banner-left {
+        #banner-left,
+        #banner-left:dir(rtl) {
             padding: 32px 12px;
             gap: 12px;
         }

From 6a430545d28d1e99756f9e01e71f0666c1739d4c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 14:55:10 +0600
Subject: [PATCH 263/379] api/utils/cleanString: add more forbidden chars

---
 api/src/misc/utils.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/misc/utils.js b/api/src/misc/utils.js
index c584d5d8..85d250ca 100644
--- a/api/src/misc/utils.js
+++ b/api/src/misc/utils.js
@@ -1,4 +1,4 @@
-const forbiddenCharsString = ['}', '{', '%', '>', '<', '^', ';', '`', '$', '"', "@", '='];
+const forbiddenCharsString = ['}', '{', '%', '>', '<', '^', ';', ':', '`', '$', '"', "@", '=', '?', '|', '*'];
 
 export function metadataManager(obj) {
     const keys = Object.keys(obj);
@@ -21,7 +21,7 @@ export function metadataManager(obj) {
 
 export function cleanString(string) {
     for (const i in forbiddenCharsString) {
-        string = string.replaceAll("/", "_")
+        string = string.replaceAll("/", "_").replaceAll("\\", "_")
                        .replaceAll(forbiddenCharsString[i], '')
     }
     return string;

From 407c27ed863a243dc3ba4b57130c9d49c1a00752 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 14:55:46 +0600
Subject: [PATCH 264/379] api/utils: rename metadata converter function

---
 api/src/misc/utils.js   | 2 +-
 api/src/stream/types.js | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/src/misc/utils.js b/api/src/misc/utils.js
index 85d250ca..cf4fefe6 100644
--- a/api/src/misc/utils.js
+++ b/api/src/misc/utils.js
@@ -1,6 +1,6 @@
 const forbiddenCharsString = ['}', '{', '%', '>', '<', '^', ';', ':', '`', '$', '"', "@", '=', '?', '|', '*'];
 
-export function metadataManager(obj) {
+export function convertMetadataToFFmpeg(obj) {
     const keys = Object.keys(obj);
     const tags = [
         "album",
diff --git a/api/src/stream/types.js b/api/src/stream/types.js
index 6fbe314e..d1e56bf2 100644
--- a/api/src/stream/types.js
+++ b/api/src/stream/types.js
@@ -4,8 +4,8 @@ import { spawn } from "child_process";
 import { create as contentDisposition } from "content-disposition-header";
 
 import { env } from "../config.js";
-import { metadataManager } from "../misc/utils.js";
 import { destroyInternalStream } from "./manage.js";
+import { convertMetadataToFFmpeg } from "../misc/utils.js";
 import { hlsExceptions } from "../processing/service-config.js";
 import { getHeaders, closeRequest, closeResponse, pipe } from "./shared.js";
 
@@ -110,7 +110,7 @@ const merge = (streamInfo, res) => {
         }
 
         if (streamInfo.metadata) {
-            args = args.concat(metadataManager(streamInfo.metadata))
+            args = args.concat(convertMetadataToFFmpeg(streamInfo.metadata))
         }
 
         args.push('-f', format, 'pipe:3');
@@ -242,7 +242,7 @@ const convertAudio = (streamInfo, res) => {
         }
 
         if (streamInfo.metadata) {
-            args = args.concat(metadataManager(streamInfo.metadata))
+            args = args.concat(convertMetadataToFFmpeg(streamInfo.metadata))
         }
 
         args.push('-f', streamInfo.audioFormat === "m4a" ? "ipod" : streamInfo.audioFormat, 'pipe:3');

From 67707381168e60d600b268885f1ddbabd89f0250 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 18:12:21 +0600
Subject: [PATCH 265/379] api/create-filename: build & sanitize filenames in
 one place

---
 api/src/misc/utils.js                     | 10 ----------
 api/src/processing/create-filename.js     | 12 +++++++++++-
 api/src/processing/services/ok.js         |  5 ++---
 api/src/processing/services/rutube.js     |  6 ++----
 api/src/processing/services/soundcloud.js |  5 ++---
 api/src/processing/services/twitch.js     |  5 ++---
 api/src/processing/services/vimeo.js      |  6 ++----
 api/src/processing/services/vk.js         |  5 ++---
 api/src/processing/services/youtube.js    |  5 ++---
 9 files changed, 25 insertions(+), 34 deletions(-)

diff --git a/api/src/misc/utils.js b/api/src/misc/utils.js
index cf4fefe6..271df1c5 100644
--- a/api/src/misc/utils.js
+++ b/api/src/misc/utils.js
@@ -1,5 +1,3 @@
-const forbiddenCharsString = ['}', '{', '%', '>', '<', '^', ';', ':', '`', '$', '"', "@", '=', '?', '|', '*'];
-
 export function convertMetadataToFFmpeg(obj) {
     const keys = Object.keys(obj);
     const tags = [
@@ -19,14 +17,6 @@ export function convertMetadataToFFmpeg(obj) {
     return commands;
 }
 
-export function cleanString(string) {
-    for (const i in forbiddenCharsString) {
-        string = string.replaceAll("/", "_").replaceAll("\\", "_")
-                       .replaceAll(forbiddenCharsString[i], '')
-    }
-    return string;
-}
-
 export function getRedirectingURL(url) {
     return fetch(url, { redirect: 'manual' }).then((r) => {
         if ([301, 302, 303].includes(r.status) && r.headers.has('location'))
diff --git a/api/src/processing/create-filename.js b/api/src/processing/create-filename.js
index 216b15a4..cc985d51 100644
--- a/api/src/processing/create-filename.js
+++ b/api/src/processing/create-filename.js
@@ -1,3 +1,13 @@
+const illegalCharacters = ['}', '{', '%', '>', '<', '^', ';', ':', '`', '$', '"', "@", '=', '?', '|', '*'];
+
+const sanitizeString = (string) => {
+    for (const i in illegalCharacters) {
+        string = string.replaceAll("/", "_").replaceAll("\\", "_")
+                       .replaceAll(illegalCharacters[i], '')
+    }
+    return string;
+}
+
 export default (f, style, isAudioOnly, isAudioMuted) => {
     let filename = '';
 
@@ -5,7 +15,7 @@ export default (f, style, isAudioOnly, isAudioMuted) => {
     let classicTags = [...infoBase];
     let basicTags = [];
 
-    const title = `${f.title} - ${f.author}`;
+    const title = `${sanitizeString(f.title)} - ${sanitizeString(f.author)}`;
 
     if (f.resolution) {
         classicTags.push(f.resolution);
diff --git a/api/src/processing/services/ok.js b/api/src/processing/services/ok.js
index 2fb6082d..10fb785b 100644
--- a/api/src/processing/services/ok.js
+++ b/api/src/processing/services/ok.js
@@ -1,5 +1,4 @@
 import { genericUserAgent, env } from "../../config.js";
-import { cleanString } from "../../misc/utils.js";
 
 const resolutions = {
     "ultra": "2160",
@@ -44,8 +43,8 @@ export default async function(o) {
     let bestVideo = videos.find(v => resolutions[v.name] === quality) || videos[videos.length - 1];
 
     let fileMetadata = {
-        title: cleanString(videoData.movie.title.trim()),
-        author: cleanString((videoData.author?.name || videoData.compilationTitle).trim()),
+        title: videoData.movie.title.trim(),
+        author: (videoData.author?.name || videoData.compilationTitle).trim(),
     }
 
     if (bestVideo) return {
diff --git a/api/src/processing/services/rutube.js b/api/src/processing/services/rutube.js
index 67609ffc..ed8c58da 100644
--- a/api/src/processing/services/rutube.js
+++ b/api/src/processing/services/rutube.js
@@ -1,7 +1,5 @@
 import HLS from "hls-parser";
-
 import { env } from "../../config.js";
-import { cleanString } from "../../misc/utils.js";
 
 async function requestJSON(url) {
     try {
@@ -59,8 +57,8 @@ export default async function(obj) {
     });
 
     const fileMetadata = {
-        title: cleanString(play.title.trim()),
-        artist: cleanString(play.author.name.trim()),
+        title: play.title.trim(),
+        artist: play.author.name.trim(),
     }
 
     return {
diff --git a/api/src/processing/services/soundcloud.js b/api/src/processing/services/soundcloud.js
index 394f7dfe..d78cedda 100644
--- a/api/src/processing/services/soundcloud.js
+++ b/api/src/processing/services/soundcloud.js
@@ -1,5 +1,4 @@
 import { env } from "../../config.js";
-import { cleanString } from "../../misc/utils.js";
 
 const cachedID = {
     version: '',
@@ -91,8 +90,8 @@ export default async function(obj) {
     if (!file) return { error: "fetch.empty" };
 
     let fileMetadata = {
-        title: cleanString(json.title.trim()),
-        artist: cleanString(json.user.username.trim()),
+        title: json.title.trim(),
+        artist: json.user.username.trim(),
     }
 
     return {
diff --git a/api/src/processing/services/twitch.js b/api/src/processing/services/twitch.js
index ac85fbcf..4b9d4551 100644
--- a/api/src/processing/services/twitch.js
+++ b/api/src/processing/services/twitch.js
@@ -1,5 +1,4 @@
 import { env } from "../../config.js";
-import { cleanString } from '../../misc/utils.js';
 
 const gqlURL = "https://gql.twitch.tv/gql";
 const clientIdHead = { "client-id": "kimne78kx3ncx6brgo4mv6wki5h1ko" };
@@ -73,13 +72,13 @@ export default async function (obj) {
             token: req_token[0].data.clip.playbackAccessToken.value
         })}`,
         fileMetadata: {
-            title: cleanString(clipMetadata.title.trim()),
+            title: clipMetadata.title.trim(),
             artist: `Twitch Clip by @${clipMetadata.broadcaster.login}, clipped by @${clipMetadata.curator.login}`,
         },
         filenameAttributes: {
             service: "twitch",
             id: clipMetadata.id,
-            title: cleanString(clipMetadata.title.trim()),
+            title: clipMetadata.title.trim(),
             author: `${clipMetadata.broadcaster.login}, clipped by ${clipMetadata.curator.login}`,
             qualityLabel: `${format.quality}p`,
             extension: 'mp4'
diff --git a/api/src/processing/services/vimeo.js b/api/src/processing/services/vimeo.js
index 0268e1ec..45a52db7 100644
--- a/api/src/processing/services/vimeo.js
+++ b/api/src/processing/services/vimeo.js
@@ -1,7 +1,5 @@
 import HLS from "hls-parser";
-
 import { env } from "../../config.js";
-import { cleanString, merge } from '../../misc/utils.js';
 
 const resolutionMatch = {
     "3840": 2160,
@@ -152,8 +150,8 @@ export default async function(obj) {
     }
 
     const fileMetadata = {
-        title: cleanString(info.name),
-        artist: cleanString(info.user.name),
+        title: info.name,
+        artist: info.user.name,
     };
 
     return merge(
diff --git a/api/src/processing/services/vk.js b/api/src/processing/services/vk.js
index e3c18e47..6f5f2ea2 100644
--- a/api/src/processing/services/vk.js
+++ b/api/src/processing/services/vk.js
@@ -1,4 +1,3 @@
-import { cleanString } from "../../misc/utils.js";
 import { genericUserAgent, env } from "../../config.js";
 
 const resolutions = ["2160", "1440", "1080", "720", "480", "360", "240"];
@@ -43,8 +42,8 @@ export default async function(o) {
     url = js.player.params[0][`url${quality}`];
 
     let fileMetadata = {
-        title: cleanString(js.player.params[0].md_title.trim()),
-        author: cleanString(js.player.params[0].md_author.trim()),
+        title: js.player.params[0].md_title.trim(),
+        author: js.player.params[0].md_author.trim(),
     }
 
     if (url) return {
diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 9e99d62f..3af6ba94 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -4,7 +4,6 @@ import { fetch } from "undici";
 import { Innertube, Session } from "youtubei.js";
 
 import { env } from "../../config.js";
-import { cleanString } from "../../misc/utils.js";
 import { getCookie, updateCookieValues } from "../cookie/manager.js";
 
 const PLAYER_REFRESH_PERIOD = 1000 * 60 * 15; // ms
@@ -403,8 +402,8 @@ export default async function(o) {
     }
 
     const fileMetadata = {
-        title: cleanString(basicInfo.title.trim()),
-        artist: cleanString(basicInfo.author.replace("- Topic", "").trim())
+        title: basicInfo.title.trim(),
+        artist: basicInfo.author.replace("- Topic", "").trim()
     }
 
     if (basicInfo?.short_description?.startsWith("Provided to YouTube by")) {

From 1cbffc2d755e6c24b439ac63e7587d992949f8b8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 18:13:22 +0600
Subject: [PATCH 266/379] api/stream/types: convert metadata in one place

also sanitize values & throw an error if tag isn't supported
---
 api/src/misc/utils.js   | 19 -------------------
 api/src/stream/types.js | 24 +++++++++++++++++++++++-
 2 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/api/src/misc/utils.js b/api/src/misc/utils.js
index 271df1c5..fd497d18 100644
--- a/api/src/misc/utils.js
+++ b/api/src/misc/utils.js
@@ -1,22 +1,3 @@
-export function convertMetadataToFFmpeg(obj) {
-    const keys = Object.keys(obj);
-    const tags = [
-        "album",
-        "copyright",
-        "title",
-        "artist",
-        "track",
-        "date"
-    ]
-    let commands = []
-
-    for (const i in keys) {
-        if (tags.includes(keys[i]))
-            commands.push('-metadata', `${keys[i]}=${obj[keys[i]]}`)
-        }
-    return commands;
-}
-
 export function getRedirectingURL(url) {
     return fetch(url, { redirect: 'manual' }).then((r) => {
         if ([301, 302, 303].includes(r.status) && r.headers.has('location'))
diff --git a/api/src/stream/types.js b/api/src/stream/types.js
index d1e56bf2..98c3b04e 100644
--- a/api/src/stream/types.js
+++ b/api/src/stream/types.js
@@ -5,7 +5,6 @@ import { create as contentDisposition } from "content-disposition-header";
 
 import { env } from "../config.js";
 import { destroyInternalStream } from "./manage.js";
-import { convertMetadataToFFmpeg } from "../misc/utils.js";
 import { hlsExceptions } from "../processing/service-config.js";
 import { getHeaders, closeRequest, closeResponse, pipe } from "./shared.js";
 
@@ -16,6 +15,29 @@ const ffmpegArgs = {
     gif: ["-vf", "scale=-1:-1:flags=lanczos,split[s0][s1];[s0]palettegen[p];[s1][p]paletteuse", "-loop", "0"]
 }
 
+const metadataTags = [
+    "album",
+    "copyright",
+    "title",
+    "artist",
+    "track",
+    "date",
+];
+
+const convertMetadataToFFmpeg = (metadata) => {
+    let args = [];
+
+    for (const [ name, value ] of Object.entries(metadata)) {
+        if (metadataTags.includes(name)) {
+            args.push('-metadata', `${name}=${value.replace(/[\u0000-\u0009]/g, "")}`);
+        } else {
+            throw `${name} metadata tag is not supported.`;
+        }
+    }
+
+    return args;
+}
+
 const toRawHeaders = (headers) => {
     return Object.entries(headers)
                  .map(([key, value]) => `${key}: ${value}\r\n`)

From eb52ab2be8581ad87d213258ad8588df242fa1d2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 18:19:56 +0600
Subject: [PATCH 267/379] api/vimeo: return accidentally remove merge function

---
 api/src/processing/services/vimeo.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/src/processing/services/vimeo.js b/api/src/processing/services/vimeo.js
index 45a52db7..8d704771 100644
--- a/api/src/processing/services/vimeo.js
+++ b/api/src/processing/services/vimeo.js
@@ -1,5 +1,6 @@
 import HLS from "hls-parser";
 import { env } from "../../config.js";
+import { merge } from '../../misc/utils.js';
 
 const resolutionMatch = {
     "3840": 2160,

From 43c3294230248d02667198e74b05b80c5891dd0d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 18:35:07 +0600
Subject: [PATCH 268/379] api/soundcloud: catch region locked and paid songs
 and show an error

---
 api/src/processing/services/soundcloud.js | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/services/soundcloud.js b/api/src/processing/services/soundcloud.js
index d78cedda..ad535479 100644
--- a/api/src/processing/services/soundcloud.js
+++ b/api/src/processing/services/soundcloud.js
@@ -62,7 +62,17 @@ export default async function(obj) {
 
     if (!json) return { error: "fetch.fail" };
 
-    if (!json.media.transcodings) return { error: "fetch.empty" };
+    if (json?.policy === "BLOCK") {
+        return { error: "content.region" };
+    }
+
+    if (json?.policy === "SNIP") {
+        return { error: "content.paid" };
+    }
+
+    if (!json?.media?.transcodings || !json?.media?.transcodings.length === 0) {
+        return { error: "fetch.empty" };
+    }
 
     let bestAudio = "opus",
         selectedStream = json.media.transcodings.find(v => v.preset === "opus_0_0"),
@@ -74,6 +84,10 @@ export default async function(obj) {
         bestAudio = "mp3"
     }
 
+    if (!selectedStream) {
+        return { error: "fetch.empty" };
+    }
+
     let fileUrlBase = selectedStream.url;
     let fileUrl = `${fileUrlBase}${fileUrlBase.includes("?") ? "&" : "?"}client_id=${clientId}&track_authorization=${json.track_authorization}`;
 

From 9b0e4ab0bdb5c23158eb9e4be7e1349ebe38ad2d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 18:35:32 +0600
Subject: [PATCH 269/379] api/tests/soundcloud: add tests for region locked and
 paid songs

---
 api/src/util/tests/soundcloud.json | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/api/src/util/tests/soundcloud.json b/api/src/util/tests/soundcloud.json
index ea705cb5..04ed8632 100644
--- a/api/src/util/tests/soundcloud.json
+++ b/api/src/util/tests/soundcloud.json
@@ -83,5 +83,24 @@
             "code": 200,
             "status": "tunnel"
         }
+    },
+    {
+        "name": "go+ song, should fail",
+        "url": "https://soundcloud.com/dualipa/illusion-1",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    },
+    {
+        "name": "region locked song, should fail",
+        "canFail": true,
+        "url": "https://soundcloud.com/gotye/somebody-2024-feat-kimbra",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
     }
 ]
\ No newline at end of file

From 2ed52a161e7c18983c92502244879deda197e897 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 18:35:57 +0600
Subject: [PATCH 270/379] web/i18n/error: add general content region & paid
 errors

---
 web/i18n/en/error.json | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index 369a4daf..679915f5 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -46,15 +46,18 @@
 
     "api.content.too_long": "media you requested is too long. the duration limit on this instance is {{ limit }} minutes. try something shorter instead!",
 
-    "api.content.video.unavailable": "i can't access this video. it may be restricted on {{ service }}'s side. try another one!",
+    "api.content.video.unavailable": "i can't access this video. it may be restricted on {{ service }}'s side. try a different link!",
     "api.content.video.live": "this video is currently live, so i can't download it yet. wait for the live stream to finish and try again!",
     "api.content.video.private": "this video is private, so i can't access it. change its visibility or try another one!",
-    "api.content.video.age": "this video is age-restricted, so i can't access it anonymously. try another one!",
-    "api.content.video.region": "this video is region locked, and the processing instance is in a different location. try another one!",
+    "api.content.video.age": "this video is age-restricted, so i can't access it anonymously. try a different link!",
+    "api.content.video.region": "this video is region locked, and the processing instance is in a different location. try a different link!",
+
+    "api.content.region": "this content is region locked, and the processing instance is in a different location. try a different link!",
+    "api.content.paid": "this content requires purchase. cobalt can't download paid content. try a different link!",
 
     "api.content.post.unavailable": "couldn't find anything about this post. its visibility may be limited or it may not exist. make sure your link works and try again in a few seconds!",
-    "api.content.post.private": "this post is from a private account, so i can't access it. try another one!",
-    "api.content.post.age": "this post is age-restricted, so i can't access it anonymously. try another one!",
+    "api.content.post.private": "this post is from a private account, so i can't access it.",
+    "api.content.post.age": "this post is age-restricted, so i can't access it anonymously.",
 
     "api.youtube.no_matching_format": "youtube didn't return a valid video + audio format combo, either video or audio is missing. formats for this video may be re-encoding on youtube's side or something went wrong when parsing them. try enabling the hls option in video settings!",
     "api.youtube.decipher": "youtube updated its decipher algorithm and i couldn't extract the info about the video. try again in a few seconds, but if this issue sticks, please report it!",

From 6039eae6a3a84c4f542fd065c5a64a294efa82fa Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 18:43:50 +0600
Subject: [PATCH 271/379] api/rutube: catch a region lock error

closes #930
---
 api/src/processing/services/rutube.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/src/processing/services/rutube.js b/api/src/processing/services/rutube.js
index ed8c58da..5b502452 100644
--- a/api/src/processing/services/rutube.js
+++ b/api/src/processing/services/rutube.js
@@ -33,6 +33,10 @@ export default async function(obj) {
     const play = await requestJSON(requestURL);
     if (!play) return { error: "fetch.fail" };
 
+    if (play.detail?.type === "blocking_rule") {
+        return { error: "content.video.region" };
+    }
+
     if (play.detail || !play.video_balancer) return { error: "fetch.empty" };
     if (play.live_streams?.hls) return { error: "content.video.live" };
 

From cdd349cfb69de1026de00adb9ca1b909277bb5be Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 18:44:07 +0600
Subject: [PATCH 272/379] api/tests/rutube: add a region locked video test

---
 api/src/util/tests/rutube.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/api/src/util/tests/rutube.json b/api/src/util/tests/rutube.json
index 967c52fb..2eaf69bf 100644
--- a/api/src/util/tests/rutube.json
+++ b/api/src/util/tests/rutube.json
@@ -86,5 +86,15 @@
             "code": 200,
             "status": "tunnel"
         }
+    },
+    {
+        "name": "region locked video, should fail",
+        "canFail": true,
+        "url": "https://rutube.ru/video/e7ac82708cc22bd068a3bf6a7004d1b1/",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
     }
 ]
\ No newline at end of file

From 8a24dbb42d5c8bf31439ee1a15508bbbd4e86300 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 19:02:10 +0600
Subject: [PATCH 273/379] api/match-action: fix audio in tiktok picker

it didn't have an audio format in the filename, so it either failed or downloaded without an extension.

closes #870
---
 api/src/processing/match-action.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 5820214e..262b3acf 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -98,7 +98,7 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
                             type: audioStreamType,
                             url: r.urls,
                             headers: r.headers,
-                            filename: r.audioFilename,
+                            filename: `${r.audioFilename}.${audioFormat}`,
                             isAudioOnly: true,
                             audioFormat,
                         })

From 2433681d8bfe64bf6af69b77030ecf546859f241 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 19:08:40 +0600
Subject: [PATCH 274/379] api/package: bump version to 10.4.1

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 20fc4a74..9eec8e9d 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.4",
+    "version": "10.4.1",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From 1559ed13af93b0ca1dbb4d0b2fe19190f288fec2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 19:08:52 +0600
Subject: [PATCH 275/379] web/package: bump version to 10.4.1

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index e5f150df..4c6e49ef 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.4",
+    "version": "10.4.1",
     "type": "module",
     "private": true,
     "scripts": {

From a1fa79f2f56d3c48020744fd062e4656f21c8d11 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 19:26:44 +0600
Subject: [PATCH 276/379] api/tikok: catch an age restriction error

---
 api/src/processing/services/tiktok.js | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/api/src/processing/services/tiktok.js b/api/src/processing/services/tiktok.js
index d5e5c6e4..976350b0 100644
--- a/api/src/processing/services/tiktok.js
+++ b/api/src/processing/services/tiktok.js
@@ -51,13 +51,22 @@ export default async function(obj) {
         return { error: "fetch.fail" };
     }
 
+    if (detail.isContentClassified) {
+        return { error: "content.post.age" };
+    }
+
+    if (!detail.author) {
+        return { error: "fetch.empty" };
+    }
+
     let video, videoFilename, audioFilename, audio, images,
-        filenameBase = `tiktok_${detail.author.uniqueId}_${postId}`,
+        filenameBase = `tiktok_${detail.author?.uniqueId}_${postId}`,
         bestAudio; // will get defaulted to m4a later on in match-action
 
     images = detail.imagePost?.images;
 
-    let playAddr = detail.video.playAddr;
+    let playAddr = detail.video?.playAddr;
+
     if (obj.h265) {
         const h265PlayAddr = detail?.video?.bitrateInfo?.find(b => b.CodecType.includes("h265"))?.PlayAddr.UrlList[0]
         playAddr = h265PlayAddr || playAddr

From e2f01234188c67567cdfd5bb4bc0e84139d057e6 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 19:26:59 +0600
Subject: [PATCH 277/379] api/tests/tiktok: add an age restricted video test

---
 api/src/util/tests/tiktok.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/api/src/util/tests/tiktok.json b/api/src/util/tests/tiktok.json
index d23c0acc..c8dbce8c 100644
--- a/api/src/util/tests/tiktok.json
+++ b/api/src/util/tests/tiktok.json
@@ -34,5 +34,14 @@
             "code": 400,
             "status": "error"
         }
+    },
+    {
+        "name": "age restricted video",
+        "url": "https://www.tiktok.com/@.kyle.films/video/7415757181145877793",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
     }
 ]
\ No newline at end of file

From 47804f462ccc81e03dda96f1772587b812273946 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 24 Nov 2024 19:29:53 +0600
Subject: [PATCH 278/379] web/i18n/error: update private & age post errors

---
 web/i18n/en/error.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index 679915f5..bd512532 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -56,8 +56,8 @@
     "api.content.paid": "this content requires purchase. cobalt can't download paid content. try a different link!",
 
     "api.content.post.unavailable": "couldn't find anything about this post. its visibility may be limited or it may not exist. make sure your link works and try again in a few seconds!",
-    "api.content.post.private": "this post is from a private account, so i can't access it.",
-    "api.content.post.age": "this post is age-restricted, so i can't access it anonymously.",
+    "api.content.post.private": "couldn't get anything about this post because it's from a private account. try a different link!",
+    "api.content.post.age": "this post is age-restricted and isn't available without logging in. try a different link!",
 
     "api.youtube.no_matching_format": "youtube didn't return a valid video + audio format combo, either video or audio is missing. formats for this video may be re-encoding on youtube's side or something went wrong when parsing them. try enabling the hls option in video settings!",
     "api.youtube.decipher": "youtube updated its decipher algorithm and i couldn't extract the info about the video. try again in a few seconds, but if this issue sticks, please report it!",

From e93aa54e2fd4dcae945a5fb8ae5bfa862ca91f11 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 25 Nov 2024 12:22:28 +0600
Subject: [PATCH 279/379] web/SavingDialog: fix weird focus border in chromium
 browsers

---
 web/src/components/dialog/SavingDialog.svelte | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/web/src/components/dialog/SavingDialog.svelte b/web/src/components/dialog/SavingDialog.svelte
index ec719aed..03127353 100644
--- a/web/src/components/dialog/SavingDialog.svelte
+++ b/web/src/components/dialog/SavingDialog.svelte
@@ -144,6 +144,10 @@
         gap: var(--padding);
     }
 
+    .dialog-inner-container:focus-visible {
+        box-shadow: none;
+    }
+
     .dialog-inner-container {
         overflow-y: scroll;
         gap: 8px;

From 5be87895760ca150634d3bdf6c479537877909b5 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 25 Nov 2024 12:24:09 +0600
Subject: [PATCH 280/379] web/PageNavTab: flip the chevron in rtl layout

---
 web/src/components/subnav/PageNavTab.svelte | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/web/src/components/subnav/PageNavTab.svelte b/web/src/components/subnav/PageNavTab.svelte
index b828edb6..6ec9a2de 100644
--- a/web/src/components/subnav/PageNavTab.svelte
+++ b/web/src/components/subnav/PageNavTab.svelte
@@ -83,6 +83,10 @@
         width: 18px;
     }
 
+    .subnav-tab-chevron:dir(rtl) {
+        transform: scale(-1, 1);
+    }
+
     @media (hover: hover) {
         .subnav-tab:hover {
             background: var(--button-hover-transparent);

From d4bcb1ba617ad0f099b23e03ce05e4d41895ba9f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 26 Nov 2024 18:21:44 +0600
Subject: [PATCH 281/379] api/service-config: add new domains for vk

---
 api/src/processing/service-config.js | 1 +
 api/src/processing/url.js            | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/service-config.js b/api/src/processing/service-config.js
index 7e9dfaa4..0744474c 100644
--- a/api/src/processing/service-config.js
+++ b/api/src/processing/service-config.js
@@ -159,6 +159,7 @@ export const services = {
             "clips:duplicate?z=clip:userId_:videoId"
         ],
         subdomains: ["m"],
+        altDomains: ["vkvideo.ru", "vk.ru"],
     },
     youtube: {
         patterns: [
diff --git a/api/src/processing/url.js b/api/src/processing/url.js
index 899005c0..64517099 100644
--- a/api/src/processing/url.js
+++ b/api/src/processing/url.js
@@ -42,7 +42,7 @@ function aliasURL(url) {
         case "fixvx":
         case "x":
             if (services.twitter.altDomains.includes(url.hostname)) {
-                url.hostname = 'twitter.com'
+                url.hostname = 'twitter.com';
             }
             break;
 
@@ -85,6 +85,13 @@ function aliasURL(url) {
                 url.hostname = 'instagram.com';
             }
             break;
+
+        case "vk":
+        case "vkvideo":
+            if (services.vk.altDomains.includes(url.hostname)) {
+                url.hostname = 'vk.com';
+            }
+            break;
     }
 
     return url

From d7ae13213e7f3d9c011a80b76964ab86c456cbd4 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 26 Nov 2024 18:34:13 +0600
Subject: [PATCH 282/379] web/i18n/settings: rename debug to nerd mode

and also update description for it
---
 web/i18n/en/settings.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index dc876b8e..db9b54b4 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -5,7 +5,7 @@
     "page.audio": "audio",
     "page.download": "downloading",
     "page.advanced": "advanced",
-    "page.debug": "debug information",
+    "page.debug": "info for nerds",
     "page.instances": "instances",
 
     "section.general": "general",
@@ -108,8 +108,8 @@
     "privacy.tunnel.description": "cobalt will hide your ip address, browser info, and bypass local network restrictions. when enabled, files will also have readable filenames that otherwise would be gibberish.",
 
     "advanced.debug": "debug",
-    "advanced.debug.title": "enable debug features",
-    "advanced.debug.description": "gives you access to a page with various info that can be useful for debugging.",
+    "advanced.debug.title": "enable features for nerds",
+    "advanced.debug.description": "gives you easy access to app info that can be useful for debugging. enabling this does not affect functionality of cobalt in any way.",
 
     "advanced.data": "data management",
 

From 31d65c9fb72558f13325e07ea84ccac551fe3424 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 26 Nov 2024 13:44:51 +0000
Subject: [PATCH 283/379] api/cookie: validate service names for cookies

---
 api/src/processing/cookie/manager.js | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 6b647db5..bb36b9da 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -7,13 +7,23 @@ import * as cluster from '../../misc/cluster.js';
 import { isCluster } from '../../config.js';
 
 const WRITE_INTERVAL = 60000;
+const VALID_SERVICES = new Set([
+    'instagram',
+    'instagram_bearer',
+    'reddit',
+    'twitter',
+    'youtube_oauth'
+]);
+
+const invalidCookies = {};
 let cookies = {}, dirty = false, intervalId;
 
 function writeChanges(cookiePath) {
     if (!dirty) return;
     dirty = false;
 
-    writeFile(cookiePath, JSON.stringify(cookies, null, 4)).catch(() => {
+    const cookieData = JSON.stringify({ ...cookies, ...invalidCookies }, null, 4);
+    writeFile(cookiePath, cookieData).catch(() => {
         clearInterval(intervalId)
     })
 }
@@ -22,6 +32,14 @@ const setupMain = async (cookiePath) => {
     try {
         cookies = await readFile(cookiePath, 'utf8');
         cookies = JSON.parse(cookies);
+        for (const serviceName in cookies) {
+            if (!VALID_SERVICES.has(serviceName)) {
+                console.warn(`${Yellow('[!]')} ignoring unknown service in cookie file: ${serviceName}`);
+                invalidCookies[serviceName] = cookies[serviceName];
+                delete cookies[serviceName];
+            }
+        }
+
         intervalId = setInterval(() => writeChanges(cookiePath), WRITE_INTERVAL);
 
         cluster.broadcast({ cookies });
@@ -68,6 +86,11 @@ export const setup = async (cookiePath) => {
 }
 
 export function getCookie(service) {
+    if (!VALID_SERVICES.has(service)) {
+        throw `${service} not in allowed services list for cookies.`
+            + ' if adding a new cookie type, include it there.';
+    }
+
     if (!cookies[service] || !cookies[service].length) return;
 
     const idx = Math.floor(Math.random() * cookies[service].length);

From 3d95361c094c820d44de60b8163c4b2537607771 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 26 Nov 2024 13:51:49 +0000
Subject: [PATCH 284/379] api/cookie: validate cookie file format

---
 api/src/processing/cookie/manager.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index bb36b9da..a738611e 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -35,9 +35,14 @@ const setupMain = async (cookiePath) => {
         for (const serviceName in cookies) {
             if (!VALID_SERVICES.has(serviceName)) {
                 console.warn(`${Yellow('[!]')} ignoring unknown service in cookie file: ${serviceName}`);
-                invalidCookies[serviceName] = cookies[serviceName];
-                delete cookies[serviceName];
-            }
+            } else if (!Array.isArray(cookies[serviceName])) {
+                console.warn(`${Yellow('[!]')} ${serviceName} in cookies file is not an array, ignoring it`);
+            } else if (cookies[serviceName].some(c => typeof c !== 'string')) {
+                console.warn(`${Yellow('[!]')} cookies file contains non-string value for ${serviceName}`);
+            } else continue;
+
+            invalidCookies[serviceName] = cookies[serviceName];
+            delete cookies[serviceName];
         }
 
         intervalId = setInterval(() => writeChanges(cookiePath), WRITE_INTERVAL);

From 00ac0252356518c1f6e8025ef52897a21dce89ad Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 26 Nov 2024 13:52:20 +0000
Subject: [PATCH 285/379] api/cookie: warn if writing updated cookies fails

---
 api/src/processing/cookie/manager.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index a738611e..1b8981c4 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -23,8 +23,10 @@ function writeChanges(cookiePath) {
     dirty = false;
 
     const cookieData = JSON.stringify({ ...cookies, ...invalidCookies }, null, 4);
-    writeFile(cookiePath, cookieData).catch(() => {
-        clearInterval(intervalId)
+    writeFile(cookiePath, cookieData).catch((e) => {
+        console.warn(`${Yellow('[!]')} failed writing updated cookies to storage`);
+        console.warn(e);
+        clearInterval(intervalId);
     })
 }
 

From 20074a50913898a61e9bd54a582409719237fd08 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 26 Nov 2024 13:55:18 +0000
Subject: [PATCH 286/379] api/cookie: rephrase non-string warning

---
 api/src/processing/cookie/manager.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 1b8981c4..82f73a5f 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -40,7 +40,7 @@ const setupMain = async (cookiePath) => {
             } else if (!Array.isArray(cookies[serviceName])) {
                 console.warn(`${Yellow('[!]')} ${serviceName} in cookies file is not an array, ignoring it`);
             } else if (cookies[serviceName].some(c => typeof c !== 'string')) {
-                console.warn(`${Yellow('[!]')} cookies file contains non-string value for ${serviceName}`);
+                console.warn(`${Yellow('[!]')} some cookie for ${serviceName} contains non-string value in cookies file`);
             } else continue;
 
             invalidCookies[serviceName] = cookies[serviceName];

From a4cb6ada7940800df5c571053b6b51ad346bc592 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 26 Nov 2024 14:01:36 +0000
Subject: [PATCH 287/379] api/cookie: split initial load into separate function

---
 api/src/processing/cookie/manager.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 82f73a5f..946ab70a 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -62,13 +62,19 @@ const setupWorker = async () => {
     cookies = (await cluster.waitFor('cookies')).cookies;
 }
 
-export const setup = async (cookiePath) => {
+export const loadFromFile = async (path) => {
     if (cluster.isPrimary) {
-        await setupMain(cookiePath);
+        await setupMain(path);
     } else if (cluster.isWorker) {
         await setupWorker();
     }
 
+    dirty = false;
+}
+
+export const setup = async (path) => {
+    await loadFromFile(path);
+
     if (isCluster) {
         const messageHandler = (message) => {
             if ('cookieUpdate' in message) {

From fbacb944954787bc10dff12c20477a278199e78e Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 26 Nov 2024 14:02:16 +0000
Subject: [PATCH 288/379] api/cookie: do not recreate interval if it already
 exists

---
 api/src/processing/cookie/manager.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 946ab70a..fb5ca1b6 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -27,6 +27,7 @@ function writeChanges(cookiePath) {
         console.warn(`${Yellow('[!]')} failed writing updated cookies to storage`);
         console.warn(e);
         clearInterval(intervalId);
+        intervalId = null;
     })
 }
 
@@ -47,7 +48,9 @@ const setupMain = async (cookiePath) => {
             delete cookies[serviceName];
         }
 
-        intervalId = setInterval(() => writeChanges(cookiePath), WRITE_INTERVAL);
+        if (!intervalId) {
+            intervalId = setInterval(() => writeChanges(cookiePath), WRITE_INTERVAL);
+        }
 
         cluster.broadcast({ cookies });
 

From 58edad553ed7a8dfc2fe6e24106dc71961d84f52 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 26 Nov 2024 14:04:39 +0000
Subject: [PATCH 289/379] api/cookie: replace name exception with console log

much easier to debug when writing a service
---
 api/src/processing/cookie/manager.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index fb5ca1b6..4363aec9 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -1,7 +1,7 @@
 import Cookie from './cookie.js';
 
 import { readFile, writeFile } from 'fs/promises';
-import { Green, Yellow } from '../../misc/console-text.js';
+import { Red, Green, Yellow } from '../../misc/console-text.js';
 import { parse as parseSetCookie, splitCookiesString } from 'set-cookie-parser';
 import * as cluster from '../../misc/cluster.js';
 import { isCluster } from '../../config.js';
@@ -103,8 +103,9 @@ export const setup = async (path) => {
 
 export function getCookie(service) {
     if (!VALID_SERVICES.has(service)) {
-        throw `${service} not in allowed services list for cookies.`
-            + ' if adding a new cookie type, include it there.';
+        console.error(`${Red('[!]')} ${service} not in allowed services list for cookies.`
+            + ' if adding a new cookie type, include it there.');
+        return;
     }
 
     if (!cookies[service] || !cookies[service].length) return;

From 55c97f77b8df165b169835c1bc66b9727d8d0e7a Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 26 Nov 2024 14:24:54 +0000
Subject: [PATCH 290/379] api/cookie: reformat console.error in getCookie

---
 api/src/processing/cookie/manager.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index 4363aec9..c2b37801 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -103,8 +103,10 @@ export const setup = async (path) => {
 
 export function getCookie(service) {
     if (!VALID_SERVICES.has(service)) {
-        console.error(`${Red('[!]')} ${service} not in allowed services list for cookies.`
-            + ' if adding a new cookie type, include it there.');
+        console.error(
+            `${Red('[!]')} ${service} not in allowed services list for cookies.`
+            + ' if adding a new cookie type, include it there.'
+        );
         return;
     }
 

From eee9beef91fcec29c6f697bd4fb192cdf2e21c70 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 28 Nov 2024 15:47:30 +0600
Subject: [PATCH 291/379] api/create-filename: don't require author for pretty
 title

---
 api/src/processing/create-filename.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/create-filename.js b/api/src/processing/create-filename.js
index cc985d51..911b5603 100644
--- a/api/src/processing/create-filename.js
+++ b/api/src/processing/create-filename.js
@@ -15,7 +15,11 @@ export default (f, style, isAudioOnly, isAudioMuted) => {
     let classicTags = [...infoBase];
     let basicTags = [];
 
-    const title = `${sanitizeString(f.title)} - ${sanitizeString(f.author)}`;
+    let title = sanitizeString(f.title);
+
+    if (f.author) {
+        title += ` - ${sanitizeString(f.author)}`;
+    }
 
     if (f.resolution) {
         classicTags.push(f.resolution);

From 50344eda17a435e4c0abab16a661eab84414d867 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 28 Nov 2024 15:48:18 +0600
Subject: [PATCH 292/379] api/match-action: proper error code for unsupported
 audio extraction

---
 api/src/processing/match-action.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 262b3acf..8d2c1e38 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -160,7 +160,7 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
         case "audio":
             if (audioIgnore.includes(host) || (host === "reddit" && r.typeId === "redirect")) {
                 return createResponse("error", {
-                    code: "error.api.fetch.empty"
+                    code: "error.api.service.audio_not_supported"
                 })
             }
 

From 5ffc0c61614a176229a971d77c0ed27ab50c17ec Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 28 Nov 2024 15:49:15 +0600
Subject: [PATCH 293/379] web/i18n/error: add string for
 api.service.audio_not_supported

---
 web/i18n/en/error.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index bd512532..75023338 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -34,6 +34,7 @@
 
     "api.service.unsupported": "this service is not supported yet. have you pasted the right link?",
     "api.service.disabled": "this service is generally supported by cobalt, but it's disabled on this processing instance. try a link from another service!",
+    "api.service.audio_not_supported": "this service doesn't support audio extraction. try a link from another service!",
 
     "api.link.invalid": "your link is invalid or this service is not supported yet. have you pasted the right link?",
     "api.link.unsupported": "{{ service }} is supported, but i couldn't recognize your link. have you pasted the right one?",

From f696335278c0828b55ec9e1b9403b3021199cfb2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 28 Nov 2024 16:01:26 +0600
Subject: [PATCH 294/379] api/vk: use proper api, add support for more links,
 refactor

also added support for video access keys
---
 api/src/processing/match.js            |   3 +-
 api/src/processing/service-config.js   |  11 +-
 api/src/processing/service-patterns.js |   3 +-
 api/src/processing/services/vk.js      | 154 +++++++++++++++++++------
 api/src/stream/shared.js               |   4 +
 5 files changed, 134 insertions(+), 41 deletions(-)

diff --git a/api/src/processing/match.js b/api/src/processing/match.js
index fe587f09..57f04b36 100644
--- a/api/src/processing/match.js
+++ b/api/src/processing/match.js
@@ -77,8 +77,9 @@ export default async function({ host, patternMatch, params }) {
 
             case "vk":
                 r = await vk({
-                    userId: patternMatch.userId,
+                    ownerId: patternMatch.ownerId,
                     videoId: patternMatch.videoId,
+                    accessKey: patternMatch.accessKey,
                     quality: params.videoQuality
                 });
                 break;
diff --git a/api/src/processing/service-config.js b/api/src/processing/service-config.js
index 0744474c..81afaf39 100644
--- a/api/src/processing/service-config.js
+++ b/api/src/processing/service-config.js
@@ -154,9 +154,14 @@ export const services = {
     },
     vk: {
         patterns: [
-            "video:userId_:videoId",
-            "clip:userId_:videoId",
-            "clips:duplicate?z=clip:userId_:videoId"
+            "video:ownerId_:videoId",
+            "clip:ownerId_:videoId",
+            "clips:duplicate?z=clip:ownerId_:videoId",
+            "videos:duplicate?z=video:ownerId_:videoId",
+            "video:ownerId_:videoId_:accessKey",
+            "clip:ownerId_:videoId_:accessKey",
+            "clips:duplicate?z=clip:ownerId_:videoId_:accessKey",
+            "videos:duplicate?z=video:ownerId_:videoId_:accessKey"
         ],
         subdomains: ["m"],
         altDomains: ["vkvideo.ru", "vk.ru"],
diff --git a/api/src/processing/service-patterns.js b/api/src/processing/service-patterns.js
index 0c3d63d4..e8c46639 100644
--- a/api/src/processing/service-patterns.js
+++ b/api/src/processing/service-patterns.js
@@ -56,7 +56,8 @@ export const testers = {
         && (!pattern.password || pattern.password.length < 16),
 
     "vk": pattern =>
-        pattern.userId?.length <= 10 && pattern.videoId?.length <= 10,
+        (pattern.ownerId?.length <= 10 && pattern.videoId?.length <= 10) ||
+        (pattern.ownerId?.length <= 10 && pattern.videoId?.length <= 10 && pattern.videoId?.accessKey <= 18),
 
     "youtube": pattern =>
         pattern.id?.length <= 11,
diff --git a/api/src/processing/services/vk.js b/api/src/processing/services/vk.js
index 6f5f2ea2..0ef61c58 100644
--- a/api/src/processing/services/vk.js
+++ b/api/src/processing/services/vk.js
@@ -1,62 +1,144 @@
-import { genericUserAgent, env } from "../../config.js";
+import { env } from "../../config.js";
 
-const resolutions = ["2160", "1440", "1080", "720", "480", "360", "240"];
+const resolutions = ["2160", "1440", "1080", "720", "480", "360", "240", "144"];
 
-export default async function(o) {
-    let html, url, quality = o.quality === "max" ? 2160 : o.quality;
+const oauthUrl = "https://oauth.vk.com/oauth/get_anonym_token";
+const apiUrl = "https://api.vk.com/method";
 
-    html = await fetch(`https://vk.com/video${o.userId}_${o.videoId}`, {
-        headers: {
-            "user-agent": genericUserAgent
-        }
-    })
-    .then(r => r.arrayBuffer())
-    .catch(() => {});
+const clientId = "51552953";
+const clientSecret = "qgr0yWwXCrsxA1jnRtRX";
 
-    if (!html) return { error: "fetch.fail" };
+// used in stream/shared.js for accessing media files
+export const vkClientAgent = "com.vk.vkvideo.prod/822 (iPhone, iOS 16.7.7, iPhone10,4, Scale/2.0) SAK/1.119";
 
-    // decode cyrillic from windows-1251 because vk still uses apis from prehistoric times
-    let decoder = new TextDecoder('windows-1251');
-    html = decoder.decode(html);
+const cachedToken = {
+    token: "",
+    expiry: 0,
+    device_id: "",
+};
 
-    if (!html.includes(`{"lang":`)) return { error: "fetch.empty" };
-
-    let js = JSON.parse('{"lang":' + html.split(`{"lang":`)[1].split(']);')[0]);
-
-    if (Number(js.mvData.is_active_live) !== 0) {
-        return { error: "content.video.live" };
+const getToken = async () => {
+    if (cachedToken.expiry - 10 > Math.floor(new Date().getTime() / 1000)) {
+        return cachedToken.token;
     }
 
-    if (js.mvData.duration > env.durationLimit) {
+    const randomDeviceId = crypto.randomUUID().toUpperCase();
+
+    const anonymOauth = new URL(oauthUrl);
+    anonymOauth.searchParams.set("client_id", clientId);
+    anonymOauth.searchParams.set("client_secret", clientSecret);
+    anonymOauth.searchParams.set("device_id", randomDeviceId);
+
+    const oauthResponse = await fetch(anonymOauth.toString(), {
+        headers: {
+            "user-agent": vkClientAgent,
+        }
+    }).then(r => {
+        if (r.status === 200) {
+            return r.json();
+        }
+    });
+
+    if (!oauthResponse) return;
+
+    if (oauthResponse?.token && oauthResponse?.expired_at && typeof oauthResponse?.expired_at === "number") {
+        cachedToken.token = oauthResponse.token;
+        cachedToken.expiry = oauthResponse.expired_at;
+        cachedToken.device_id = randomDeviceId;
+    }
+
+    if (!cachedToken.token) return;
+
+    return cachedToken.token;
+}
+
+const getVideo = async (ownerId, videoId, accessKey) => {
+    const video = await fetch(`${apiUrl}/video.get`, {
+        method: "POST",
+        headers: {
+            "content-type": "application/x-www-form-urlencoded; charset=utf-8",
+            "user-agent": vkClientAgent,
+        },
+        body: new URLSearchParams({
+            anonymous_token: cachedToken.token,
+            device_id: cachedToken.device_id,
+            lang: "en",
+            v: "5.244",
+            videos: `${ownerId}_${videoId}${accessKey ? `_${accessKey}` : ''}`
+        }).toString()
+    })
+    .then(r => {
+        if (r.status === 200) {
+            return r.json();
+        }
+    });
+
+    return video;
+}
+
+export default async function ({ ownerId, videoId, accessKey, quality }) {
+    const token = await getToken();
+    if (!token) return { error: "fetch.fail" };
+
+    const videoGet = await getVideo(ownerId, videoId, accessKey);
+
+    if (!videoGet || !videoGet.response || videoGet.response.items.length !== 1) {
+        return { error: "fetch.empty" };
+    }
+
+    const video = videoGet.response.items[0];
+
+    if (video.restriction) {
+        const title = video.restriction.title;
+        if (title.endsWith("country") || title.endsWith("region.")) {
+            return { error: "content.video.region" };
+        }
+        if (title === "Processing video") {
+            return { error: "fetch.empty" };
+        }
+        return { error: "content.video.unavailable" };
+    }
+
+    if (!video.files || !video.duration) {
+        return { error: "fetch.fail" };
+    }
+
+    if (video.duration > env.durationLimit) {
         return { error: "content.too_long" };
     }
 
+    const userQuality = quality === "max" ? 2160 : quality;
+    let pickedQuality;
+
     for (let i in resolutions) {
-        if (js.player.params[0][`url${resolutions[i]}`]) {
-            quality = resolutions[i];
+        if (video.files[`mp4_${resolutions[i]}`]) {
+            pickedQuality = resolutions[i];
             break
         }
     }
-    if (Number(quality) > Number(o.quality)) quality = o.quality;
 
-    url = js.player.params[0][`url${quality}`];
-
-    let fileMetadata = {
-        title: js.player.params[0].md_title.trim(),
-        author: js.player.params[0].md_author.trim(),
+    if (Number(pickedQuality) > Number(userQuality)) {
+        pickedQuality = userQuality;
     }
 
-    if (url) return {
+    const url = video.files[`mp4_${pickedQuality}`];
+
+    if (!url) return { error: "fetch.fail" };
+
+    const fileMetadata = {
+        title: video.title.trim(),
+    }
+
+    return {
         urls: url,
+        fileMetadata,
         filenameAttributes: {
             service: "vk",
-            id: `${o.userId}_${o.videoId}`,
+            id: `${ownerId}_${videoId}${accessKey ? `_${accessKey}` : ''}`,
             title: fileMetadata.title,
-            author: fileMetadata.author,
-            resolution: `${quality}p`,
-            qualityLabel: `${quality}p`,
+            resolution: `${pickedQuality}p`,
+            qualityLabel: `${pickedQuality}p`,
             extension: "mp4"
         }
     }
-    return { error: "fetch.empty" }
 }
diff --git a/api/src/stream/shared.js b/api/src/stream/shared.js
index 91e1ac2f..65af03f0 100644
--- a/api/src/stream/shared.js
+++ b/api/src/stream/shared.js
@@ -1,4 +1,5 @@
 import { genericUserAgent } from "../config.js";
+import { vkClientAgent } from "../processing/services/vk.js";
 
 const defaultHeaders = {
     'user-agent': genericUserAgent
@@ -13,6 +14,9 @@ const serviceHeaders = {
         origin: 'https://www.youtube.com',
         referer: 'https://www.youtube.com',
         DNT: '?1'
+    },
+    vk: {
+        'user-agent': vkClientAgent
     }
 }
 

From 4700682ccb8fdae753bfe96db6014118c09c89e5 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 28 Nov 2024 17:32:10 +0600
Subject: [PATCH 295/379] api/vk: refactor quality picking

---
 api/src/processing/services/vk.js | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/api/src/processing/services/vk.js b/api/src/processing/services/vk.js
index 0ef61c58..33224d69 100644
--- a/api/src/processing/services/vk.js
+++ b/api/src/processing/services/vk.js
@@ -107,20 +107,16 @@ export default async function ({ ownerId, videoId, accessKey, quality }) {
         return { error: "content.too_long" };
     }
 
-    const userQuality = quality === "max" ? 2160 : quality;
+    const userQuality = quality === "max" ? resolutions[0] : quality;
     let pickedQuality;
 
-    for (let i in resolutions) {
-        if (video.files[`mp4_${resolutions[i]}`]) {
-            pickedQuality = resolutions[i];
+    for (const resolution of resolutions) {
+        if (video.files[`mp4_${resolution}`] && +resolution <= +userQuality) {
+            pickedQuality = resolution;
             break
         }
     }
 
-    if (Number(pickedQuality) > Number(userQuality)) {
-        pickedQuality = userQuality;
-    }
-
     const url = video.files[`mp4_${pickedQuality}`];
 
     if (!url) return { error: "fetch.fail" };

From 15a0ba30c702dbe92bb8b02ced0f41c3dbccd7db Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 28 Nov 2024 17:32:41 +0600
Subject: [PATCH 296/379] api/tests/vk: add new domain test

---
 api/src/util/tests/vk.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/api/src/util/tests/vk.json b/api/src/util/tests/vk.json
index 1dc3ca95..71720af5 100644
--- a/api/src/util/tests/vk.json
+++ b/api/src/util/tests/vk.json
@@ -40,7 +40,7 @@
         }
     },
     {
-        "name": "4k video",
+        "name": "big 4k video",
         "url": "https://vk.com/video-1112285_456248465",
         "params": {
             "videoQuality": "max"
@@ -50,6 +50,17 @@
             "status": "tunnel"
         }
     },
+    {
+        "name": "short 4k video, 480p, vkvideo.ru domain",
+        "url": "https://vkvideo.ru/video-26006257_456245538",
+        "params": {
+            "videoQuality": "480"
+        },
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
     {
         "name": "ancient video (fallback to 240p)",
         "url": "https://vk.com/video-1959_28496479",

From 3126acc08efb3a8b59210dc5c822c89133a4c93a Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 28 Nov 2024 17:53:25 +0600
Subject: [PATCH 297/379] web/package: bump version to 10.4.2

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index 4c6e49ef..c6962d99 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.4.1",
+    "version": "10.4.2",
     "type": "module",
     "private": true,
     "scripts": {

From 0e5914f66cb6653fbf86197dc36d9b59fa737696 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 28 Nov 2024 17:53:35 +0600
Subject: [PATCH 298/379] api/package: bump version 10.4.2

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 9eec8e9d..c6380f09 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.4.1",
+    "version": "10.4.2",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From 569c232b47f05294fc842b1f784c39b1f58ac2f2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Fri, 29 Nov 2024 12:29:44 +0600
Subject: [PATCH 299/379] web/i18n/settings: update description of "reduce
 transparency" toggle

---
 web/i18n/en/settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index db9b54b4..c450b4b9 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -88,7 +88,7 @@
 
     "accessibility": "accessibility",
     "accessibility.transparency.title": "reduce visual transparency",
-    "accessibility.transparency.description": "reduces transparency of surfaces and disables blur effects. may also improve ui performance on low-end devices.",
+    "accessibility.transparency.description": "reduces transparency of surfaces and disables blur effects. may also improve ui performance on low performance devices.",
     "accessibility.motion.title": "reduce motion",
     "accessibility.motion.description": "disables animations and transitions whenever possible.",
 

From 6ca377ded648e3b4a1734db8507b2097391772f0 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 4 Dec 2024 12:28:05 +0600
Subject: [PATCH 300/379] api/tiktok: catch unavailable post error

---
 api/src/processing/services/tiktok.js | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/services/tiktok.js b/api/src/processing/services/tiktok.js
index 976350b0..6978e071 100644
--- a/api/src/processing/services/tiktok.js
+++ b/api/src/processing/services/tiktok.js
@@ -44,9 +44,19 @@ export default async function(obj) {
     try {
         const json = html
             .split('<script id="__UNIVERSAL_DATA_FOR_REHYDRATION__" type="application/json">')[1]
-            .split('</script>')[0]
-        const data = JSON.parse(json)
-        detail = data["__DEFAULT_SCOPE__"]["webapp.video-detail"]["itemInfo"]["itemStruct"]
+            .split('</script>')[0];
+
+        const data = JSON.parse(json);
+        const videoDetail = data["__DEFAULT_SCOPE__"]["webapp.video-detail"];
+
+        if (!videoDetail) throw "no video detail found";
+
+        // status_deleted or etc
+        if (videoDetail.statusMsg) {
+            return { error: "content.post.unavailable"};
+        }
+
+        detail = videoDetail?.itemInfo?.itemStruct;
     } catch {
         return { error: "fetch.fail" };
     }

From 6c39edbc1034be247b5c8ebef71c47846a6b8713 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 4 Dec 2024 18:17:07 +0000
Subject: [PATCH 301/379] api/stream: use dispatcher if passed to istream

---
 api/src/stream/manage.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index de4a2cf6..79b5c1db 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -75,7 +75,7 @@ export function getInternalStream(id) {
 export function createInternalStream(url, obj = {}) {
     assert(typeof url === 'string');
 
-    let dispatcher;
+    let dispatcher = obj.dispatcher;
     if (obj.requestIP) {
         dispatcher = freebind?.dispatcherFromIP(obj.requestIP, { strict: false })
     }

From 6f0a8196ff1552fc3f6feb20bd40d26ee4d8ba24 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Wed, 4 Dec 2024 18:19:07 +0000
Subject: [PATCH 302/379] api/istream: remove icy-metadata header if sent by
 client

---
 api/src/stream/internal.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/src/stream/internal.js b/api/src/stream/internal.js
index 751ecfa6..7d8bf4c9 100644
--- a/api/src/stream/internal.js
+++ b/api/src/stream/internal.js
@@ -123,6 +123,10 @@ async function handleGenericStream(streamInfo, res) {
 }
 
 export function internalStream(streamInfo, res) {
+    if (streamInfo.headers) {
+        streamInfo.headers.delete('icy-metadata');
+    }
+
     if (streamInfo.service === 'youtube' && !streamInfo.isHLS) {
         return handleYoutubeStream(streamInfo, res);
     }

From e1b84e747211f334eae38283960a20a2bf48662c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 5 Dec 2024 00:27:53 +0600
Subject: [PATCH 303/379] api/package: bump version to 10.4.3

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index c6380f09..0498fe23 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.4.2",
+    "version": "10.4.3",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From 4b8b0a0e9ec2842874eaa89534e31f3d861817e5 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 10 Dec 2024 17:30:32 +0600
Subject: [PATCH 304/379] api/youtube: don't retrieve the player as cobalt
 doesn't use it

we don't decipher anything lol
---
 api/src/processing/services/youtube.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 3af6ba94..c0178b35 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -68,7 +68,8 @@ const cloneInnertube = async (customFetch) => {
     const shouldRefreshPlayer = lastRefreshedAt + PLAYER_REFRESH_PERIOD < new Date();
     if (!innertube || shouldRefreshPlayer) {
         innertube = await Innertube.create({
-            fetch: customFetch
+            fetch: customFetch,
+            retrieve_player: false,
         });
         lastRefreshedAt = +new Date();
     }

From e041e376c7283eedeeb7c5316d5ee2d0e19a8742 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 10 Dec 2024 19:55:43 +0600
Subject: [PATCH 305/379] api & web: bump dependencies

---
 api/package.json |   6 +-
 pnpm-lock.yaml   | 599 +++++++++++++++++++++++++----------------------
 web/package.json |  10 +-
 3 files changed, 333 insertions(+), 282 deletions(-)

diff --git a/api/package.json b/api/package.json
index 0498fe23..7766a10b 100644
--- a/api/package.json
+++ b/api/package.json
@@ -31,17 +31,17 @@
         "cors": "^2.8.5",
         "dotenv": "^16.0.1",
         "esbuild": "^0.14.51",
-        "express": "^4.21.1",
+        "express": "^4.21.2",
         "express-rate-limit": "^7.4.1",
         "ffmpeg-static": "^5.1.0",
         "hls-parser": "^0.10.7",
         "ipaddr.js": "2.2.0",
-        "nanoid": "^4.0.2",
+        "nanoid": "^5.0.9",
         "node-cache": "^5.1.2",
         "set-cookie-parser": "2.6.0",
         "undici": "^5.19.1",
         "url-pattern": "1.0.3",
-        "youtubei.js": "^11.0.1",
+        "youtubei.js": "^12.1.0",
         "zod": "^3.23.8"
     },
     "optionalDependencies": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 5a96ed57..56b9d285 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -32,11 +32,11 @@ importers:
         specifier: ^0.14.51
         version: 0.14.54
       express:
-        specifier: ^4.21.1
-        version: 4.21.1
+        specifier: ^4.21.2
+        version: 4.21.2
       express-rate-limit:
         specifier: ^7.4.1
-        version: 7.4.1(express@4.21.1)
+        version: 7.4.1(express@4.21.2)
       ffmpeg-static:
         specifier: ^5.1.0
         version: 5.2.0
@@ -47,8 +47,8 @@ importers:
         specifier: 2.2.0
         version: 2.2.0
       nanoid:
-        specifier: ^4.0.2
-        version: 4.0.2
+        specifier: ^5.0.9
+        version: 5.0.9
       node-cache:
         specifier: ^5.1.2
         version: 5.1.2
@@ -62,8 +62,8 @@ importers:
         specifier: 1.0.3
         version: 1.0.3
       youtubei.js:
-        specifier: ^11.0.1
-        version: 11.0.1
+        specifier: ^12.1.0
+        version: 12.1.0
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -73,7 +73,7 @@ importers:
         version: 0.2.2
       rate-limit-redis:
         specifier: ^4.2.0
-        version: 4.2.0(express-rate-limit@7.4.1(express@4.21.1))
+        version: 4.2.0(express-rate-limit@7.4.1(express@4.21.2))
       redis:
         specifier: ^4.7.0
         version: 4.7.0
@@ -113,11 +113,11 @@ importers:
         specifier: workspace:^
         version: link:../packages/version-info
       '@sveltejs/adapter-static':
-        specifier: ^3.0.2
-        version: 3.0.2(@sveltejs/kit@2.5.19(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))
+        specifier: ^3.0.6
+        version: 3.0.6(@sveltejs/kit@2.9.1(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))
       '@sveltejs/kit':
-        specifier: ^2.0.0
-        version: 2.5.19(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14))
+        specifier: ^2.9.1
+        version: 2.9.1(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14))
       '@sveltejs/vite-plugin-svelte':
         specifier: ^3.0.0
         version: 3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14))
@@ -143,11 +143,11 @@ importers:
         specifier: ^16.0.1
         version: 16.4.5
       eslint:
-        specifier: ^8.57.0
-        version: 8.57.0
+        specifier: ^9.16.0
+        version: 9.16.0
       glob:
-        specifier: ^10.4.5
-        version: 10.4.5
+        specifier: ^11.0.0
+        version: 11.0.0
       mdsvex:
         specifier: ^0.11.2
         version: 0.11.2(svelte@4.2.19)
@@ -179,8 +179,8 @@ importers:
         specifier: ^5.4.5
         version: 5.5.4
       typescript-eslint:
-        specifier: ^8.8.0
-        version: 8.8.0(eslint@8.57.0)(typescript@5.5.4)
+        specifier: ^8.18.0
+        version: 8.18.0(eslint@9.16.0)(typescript@5.5.4)
       vite:
         specifier: ^5.3.6
         version: 5.4.8(@types/node@20.14.14)
@@ -498,22 +498,38 @@ packages:
     peerDependencies:
       eslint: ^6.0.0 || ^7.0.0 || >=8.0.0
 
-  '@eslint-community/regexpp@4.11.0':
-    resolution: {integrity: sha512-G/M/tIiMrTAxEWRfLfQJMmGNX28IxBg4PBz8XqQhqUHLFI6TL2htpIB1iQCj144V5ee/JaKyT9/WZ0MGZWfA7A==}
+  '@eslint-community/regexpp@4.12.1':
+    resolution: {integrity: sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==}
     engines: {node: ^12.0.0 || ^14.0.0 || >=16.0.0}
 
-  '@eslint/eslintrc@2.1.4':
-    resolution: {integrity: sha512-269Z39MS6wVJtsoUl10L60WdkhJVdPG24Q4eZTH3nnF6lpvSShEK3wQjDX9JRWAUPvPh7COouPpU9IrqaZFvtQ==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  '@eslint/config-array@0.19.1':
+    resolution: {integrity: sha512-fo6Mtm5mWyKjA/Chy1BYTdn5mGJoDNjC7C64ug20ADsRDGrA85bN3uK3MaKbeRkRuuIEAR5N33Jr1pbm411/PA==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  '@eslint/js@8.57.0':
-    resolution: {integrity: sha512-Ys+3g2TaW7gADOJzPt83SJtCDhMjndcDMFVQ/Tj9iA1BfJzFKD9mAUXT3OenpuPHbI6P/myECxRJrofUsDx/5g==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  '@eslint/core@0.9.1':
+    resolution: {integrity: sha512-GuUdqkyyzQI5RMIWkHhvTWLCyLo1jNK3vzkSyaExH5kHPDHcuL2VOpHjmMY+y3+NC69qAKToBqldTBgYeLSr9Q==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@eslint/eslintrc@3.2.0':
+    resolution: {integrity: sha512-grOjVNN8P3hjJn/eIETF1wwd12DdnwFDoyceUJLYYdkpbwq3nLi+4fqrTAONx7XDALqlL220wC/RHSC/QTI/0w==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@eslint/js@9.16.0':
+    resolution: {integrity: sha512-tw2HxzQkrbeuvyj1tG2Yqq+0H9wGoI2IMk4EOsQeX+vmd75FtJAzf+gTA69WF+baUKRYQ3x2kbLE08js5OsTVg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
   '@eslint/js@9.8.0':
     resolution: {integrity: sha512-MfluB7EUfxXtv3i/++oh89uzAr4PDI4nn201hsp+qaXqsjAWzinlZEHEfPgAX4doIlKvPG/i0A9dpKxOLII8yA==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
+  '@eslint/object-schema@2.1.5':
+    resolution: {integrity: sha512-o0bhxnL89h5Bae5T318nFoFzGy+YE5i/gGkoPAgkmTVdRKTiv3p8JHevPiPaMwoloKfEiiaHlawCqaZMqRm+XQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@eslint/plugin-kit@0.2.4':
+    resolution: {integrity: sha512-zSkKow6H5Kdm0ZUQUB2kV5JIXqoG0+uH5YADhaEHswm664N9Db8dXSi0nMJpacpMf+MyyglF1vnZohpEg5yUtg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
   '@fastify/busboy@2.1.1':
     resolution: {integrity: sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==}
     engines: {node: '>=14'}
@@ -527,18 +543,25 @@ packages:
   '@fontsource/redaction-10@5.0.2':
     resolution: {integrity: sha512-PODxYvb06YrNxdUBGcygiMibpgcZihzmvkmlX/TQAA2F7BUU/anfSKQi/VnLdJ/8LIK81/bUY+i7L/GP27FkVw==}
 
-  '@humanwhocodes/config-array@0.11.14':
-    resolution: {integrity: sha512-3T8LkOmg45BV5FICb15QQMsyUSWrQ8AygVfC7ZG32zOalnqrilm018ZVCw0eapXux8FtA33q8PSRSstjee3jSg==}
-    engines: {node: '>=10.10.0'}
-    deprecated: Use @eslint/config-array instead
+  '@humanfs/core@0.19.1':
+    resolution: {integrity: sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==}
+    engines: {node: '>=18.18.0'}
+
+  '@humanfs/node@0.16.6':
+    resolution: {integrity: sha512-YuI2ZHQL78Q5HbhDiBA1X4LmYdXCKCMQIfw0pw7piHJwyREFebJUvrQN4cMssyES6x+vfUbx1CIpaQUKYdQZOw==}
+    engines: {node: '>=18.18.0'}
 
   '@humanwhocodes/module-importer@1.0.1':
     resolution: {integrity: sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==}
     engines: {node: '>=12.22'}
 
-  '@humanwhocodes/object-schema@2.0.3':
-    resolution: {integrity: sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==}
-    deprecated: Use @eslint/object-schema instead
+  '@humanwhocodes/retry@0.3.1':
+    resolution: {integrity: sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA==}
+    engines: {node: '>=18.18'}
+
+  '@humanwhocodes/retry@0.4.1':
+    resolution: {integrity: sha512-c7hNEllBlenFTHBky65mhq8WD2kbN9Q6gk0bTk8lSBvc554jpXSkST1iePudpt7+A/AQvuHs9EMqjHDXMY1lrA==}
+    engines: {node: '>=18.18'}
 
   '@imput/libav.js-remux-cli@5.5.6':
     resolution: {integrity: sha512-XdAab90EZKf6ULtD/x9Y2bnlmNJodXSO6w8aWrn97+N2IRuOS8zv3tAFPRC69SWKa8Utjeu5YTYuTolnX3QprQ==}
@@ -696,19 +719,19 @@ packages:
     cpu: [x64]
     os: [win32]
 
-  '@sveltejs/adapter-static@3.0.2':
-    resolution: {integrity: sha512-/EBFydZDwfwFfFEuF1vzUseBoRziwKP7AoHAwv+Ot3M084sE/HTVBHf9mCmXfdM9ijprY5YEugZjleflncX5fQ==}
+  '@sveltejs/adapter-static@3.0.6':
+    resolution: {integrity: sha512-MGJcesnJWj7FxDcB/GbrdYD3q24Uk0PIL4QIX149ku+hlJuj//nxUbb0HxUTpjkecWfHjVveSUnUaQWnPRXlpg==}
     peerDependencies:
       '@sveltejs/kit': ^2.0.0
 
-  '@sveltejs/kit@2.5.19':
-    resolution: {integrity: sha512-r/lah3nnYEZX1btlvpSy+Exkt1aWhmOP5pnCt+BBro+tZrh2Zci+26Xnm1fCBLLMeM5q7gHvWiS8c/UtrWjdvQ==}
+  '@sveltejs/kit@2.9.1':
+    resolution: {integrity: sha512-D+yH3DTvvkjXdl3Xv7akKmolrArDZRtsFv3nlxJPjlIKsZEpkkInnomKJuAql2TrNGJ2dJMGBO1YYgVn2ILmag==}
     engines: {node: '>=18.13'}
     hasBin: true
     peerDependencies:
-      '@sveltejs/vite-plugin-svelte': ^3.0.0
+      '@sveltejs/vite-plugin-svelte': ^3.0.0 || ^4.0.0-next.1 || ^5.0.0
       svelte: ^4.0.0 || ^5.0.0-next.0
-      vite: ^5.0.3
+      vite: ^5.0.3 || ^6.0.0
 
   '@sveltejs/vite-plugin-svelte-inspector@2.1.0':
     resolution: {integrity: sha512-9QX28IymvBlSCqsCll5t0kQVxipsfhFFL+L2t3nTWfXnddYwxBuAEtTtlaVQpRz9c37BhJjltSeY4AJSC03SSg==}
@@ -774,65 +797,52 @@ packages:
   '@types/unist@2.0.10':
     resolution: {integrity: sha512-IfYcSBWE3hLpBg8+X2SEa8LVkJdJEkT2Ese2aaLs3ptGdVtABxndrMaxuFlQ1qdFf9Q5rDvDpxI3WwgvKFAsQA==}
 
-  '@typescript-eslint/eslint-plugin@8.8.0':
-    resolution: {integrity: sha512-wORFWjU30B2WJ/aXBfOm1LX9v9nyt9D3jsSOxC3cCaTQGCW5k4jNpmjFv3U7p/7s4yvdjHzwtv2Sd2dOyhjS0A==}
+  '@typescript-eslint/eslint-plugin@8.18.0':
+    resolution: {integrity: sha512-NR2yS7qUqCL7AIxdJUQf2MKKNDVNaig/dEB0GBLU7D+ZdHgK1NoH/3wsgO3OnPVipn51tG3MAwaODEGil70WEw==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
       '@typescript-eslint/parser': ^8.0.0 || ^8.0.0-alpha.0
       eslint: ^8.57.0 || ^9.0.0
-      typescript: '*'
-    peerDependenciesMeta:
-      typescript:
-        optional: true
+      typescript: '>=4.8.4 <5.8.0'
 
-  '@typescript-eslint/parser@8.8.0':
-    resolution: {integrity: sha512-uEFUsgR+tl8GmzmLjRqz+VrDv4eoaMqMXW7ruXfgThaAShO9JTciKpEsB+TvnfFfbg5IpujgMXVV36gOJRLtZg==}
+  '@typescript-eslint/parser@8.18.0':
+    resolution: {integrity: sha512-hgUZ3kTEpVzKaK3uNibExUYm6SKKOmTU2BOxBSvOYwtJEPdVQ70kZJpPjstlnhCHcuc2WGfSbpKlb/69ttyN5Q==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
       eslint: ^8.57.0 || ^9.0.0
-      typescript: '*'
-    peerDependenciesMeta:
-      typescript:
-        optional: true
+      typescript: '>=4.8.4 <5.8.0'
 
-  '@typescript-eslint/scope-manager@8.8.0':
-    resolution: {integrity: sha512-EL8eaGC6gx3jDd8GwEFEV091210U97J0jeEHrAYvIYosmEGet4wJ+g0SYmLu+oRiAwbSA5AVrt6DxLHfdd+bUg==}
+  '@typescript-eslint/scope-manager@8.18.0':
+    resolution: {integrity: sha512-PNGcHop0jkK2WVYGotk/hxj+UFLhXtGPiGtiaWgVBVP1jhMoMCHlTyJA+hEj4rszoSdLTK3fN4oOatrL0Cp+Xw==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  '@typescript-eslint/type-utils@8.8.0':
-    resolution: {integrity: sha512-IKwJSS7bCqyCeG4NVGxnOP6lLT9Okc3Zj8hLO96bpMkJab+10HIfJbMouLrlpyOr3yrQ1cA413YPFiGd1mW9/Q==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-    peerDependencies:
-      typescript: '*'
-    peerDependenciesMeta:
-      typescript:
-        optional: true
-
-  '@typescript-eslint/types@8.8.0':
-    resolution: {integrity: sha512-QJwc50hRCgBd/k12sTykOJbESe1RrzmX6COk8Y525C9l7oweZ+1lw9JiU56im7Amm8swlz00DRIlxMYLizr2Vw==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-
-  '@typescript-eslint/typescript-estree@8.8.0':
-    resolution: {integrity: sha512-ZaMJwc/0ckLz5DaAZ+pNLmHv8AMVGtfWxZe/x2JVEkD5LnmhWiQMMcYT7IY7gkdJuzJ9P14fRy28lUrlDSWYdw==}
-    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
-    peerDependencies:
-      typescript: '*'
-    peerDependenciesMeta:
-      typescript:
-        optional: true
-
-  '@typescript-eslint/utils@8.8.0':
-    resolution: {integrity: sha512-QE2MgfOTem00qrlPgyByaCHay9yb1+9BjnMFnSFkUKQfu7adBXDTnCAivURnuPPAG/qiB+kzKkZKmKfaMT0zVg==}
+  '@typescript-eslint/type-utils@8.18.0':
+    resolution: {integrity: sha512-er224jRepVAVLnMF2Q7MZJCq5CsdH2oqjP4dT7K6ij09Kyd+R21r7UVJrF0buMVdZS5QRhDzpvzAxHxabQadow==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
       eslint: ^8.57.0 || ^9.0.0
+      typescript: '>=4.8.4 <5.8.0'
 
-  '@typescript-eslint/visitor-keys@8.8.0':
-    resolution: {integrity: sha512-8mq51Lx6Hpmd7HnA2fcHQo3YgfX1qbccxQOgZcb4tvasu//zXRaA1j5ZRFeCw/VRAdFi4mRM9DnZw0Nu0Q2d1g==}
+  '@typescript-eslint/types@8.18.0':
+    resolution: {integrity: sha512-FNYxgyTCAnFwTrzpBGq+zrnoTO4x0c1CKYY5MuUTzpScqmY5fmsh2o3+57lqdI3NZucBDCzDgdEbIaNfAjAHQA==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  '@ungap/structured-clone@1.2.0':
-    resolution: {integrity: sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==}
+  '@typescript-eslint/typescript-estree@8.18.0':
+    resolution: {integrity: sha512-rqQgFRu6yPkauz+ms3nQpohwejS8bvgbPyIDq13cgEDbkXt4LH4OkDMT0/fN1RUtzG8e8AKJyDBoocuQh8qNeg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    peerDependencies:
+      typescript: '>=4.8.4 <5.8.0'
+
+  '@typescript-eslint/utils@8.18.0':
+    resolution: {integrity: sha512-p6GLdY383i7h5b0Qrfbix3Vc3+J2k6QWw6UMUeY5JGfm3C5LbZ4QIZzJNoNOfgyRe0uuYKjvVOsO/jD4SJO+xg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    peerDependencies:
+      eslint: ^8.57.0 || ^9.0.0
+      typescript: '>=4.8.4 <5.8.0'
+
+  '@typescript-eslint/visitor-keys@8.18.0':
+    resolution: {integrity: sha512-pCh/qEA8Lb1wVIqNvBke8UaRjJ6wrAWkJO5yyIbs8Yx6TNGYyfNjOo61tLv+WwLvoLPp4BQ8B7AHKijl8NGUfw==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
   '@vitejs/plugin-basic-ssl@1.1.0':
     resolution: {integrity: sha512-wO4Dk/rm8u7RNhOf95ZzcEmC9rYOncYgvq4z3duaJrCgjN8BxAnDVyndanfcJZ0O6XZzHz6Q0hTimxTg8Y9g/A==}
@@ -854,6 +864,11 @@ packages:
     engines: {node: '>=0.4.0'}
     hasBin: true
 
+  acorn@8.14.0:
+    resolution: {integrity: sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==}
+    engines: {node: '>=0.4.0'}
+    hasBin: true
+
   agent-base@6.0.2:
     resolution: {integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==}
     engines: {node: '>= 6.0.0'}
@@ -1024,6 +1039,10 @@ packages:
     resolution: {integrity: sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==}
     engines: {node: '>= 8'}
 
+  cross-spawn@7.0.6:
+    resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
+    engines: {node: '>= 8'}
+
   css-tree@2.3.1:
     resolution: {integrity: sha512-6Fv1DV/TYw//QF5IzQdqsNDjx/wc8TrMBZsqjL9eW01tWb7R7k/mq+/VXfJCl7SoD5emsJop9cOByJZfs8hYIw==}
     engines: {node: ^10 || ^12.20.0 || ^14.13.0 || >=15.0.0}
@@ -1072,12 +1091,8 @@ packages:
     resolution: {integrity: sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==}
     engines: {node: '>=8'}
 
-  devalue@5.0.0:
-    resolution: {integrity: sha512-gO+/OMXF7488D+u3ue+G7Y4AA3ZmUnB3eHJXmBTgNHvr4ZNzl36A0ZtG+XCRNYCkYx/bFmw4qtkoFLa+wSrwAA==}
-
-  doctrine@3.0.0:
-    resolution: {integrity: sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==}
-    engines: {node: '>=6.0.0'}
+  devalue@5.1.1:
+    resolution: {integrity: sha512-maua5KUiapvEwiEAe+XnlZ3Rh0GD+qI1J/nb9vrJc3muPXvcF/8gXYTWF76+5DAqHyDUtOIImEuo0YKE9mshVw==}
 
   dotenv@16.4.5:
     resolution: {integrity: sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==}
@@ -1260,26 +1275,34 @@ packages:
     resolution: {integrity: sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==}
     engines: {node: '>=10'}
 
-  eslint-scope@7.2.2:
-    resolution: {integrity: sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  eslint-scope@8.2.0:
+    resolution: {integrity: sha512-PHlWUfG6lvPc3yvP5A4PNyBL1W8fkDUccmI21JUu/+GKZBoH/W5u6usENXUrWFRsyoW5ACUjFGgAFQp5gUlb/A==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
   eslint-visitor-keys@3.4.3:
     resolution: {integrity: sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
 
-  eslint@8.57.0:
-    resolution: {integrity: sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-    deprecated: This version is no longer supported. Please see https://eslint.org/version-support for other options.
+  eslint-visitor-keys@4.2.0:
+    resolution: {integrity: sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  eslint@9.16.0:
+    resolution: {integrity: sha512-whp8mSQI4C8VXd+fLgSM0lh3UlmcFtVwUQjyKCFfsp+2ItAIYhlq/hqGahGqHE6cv9unM41VlqKk2VtKYR2TaA==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     hasBin: true
+    peerDependencies:
+      jiti: '*'
+    peerDependenciesMeta:
+      jiti:
+        optional: true
 
-  esm-env@1.0.0:
-    resolution: {integrity: sha512-Cf6VksWPsTuW01vU9Mk/3vRue91Zevka5SjyNf3nEpokFRuqt/KjUQoGAwq9qMmhpLTHmXzSIrFRw8zxWzmFBA==}
+  esm-env@1.2.1:
+    resolution: {integrity: sha512-U9JedYYjCnadUlXk7e1Kr+aENQhtUaoaV9+gZm1T8LC/YBAPJx3NSPIAurFOC0U5vrdSevnUJS2/wUVxGwPhng==}
 
-  espree@9.6.1:
-    resolution: {integrity: sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  espree@10.3.0:
+    resolution: {integrity: sha512-0QYC8b24HWY8zjRnDTL6RiHfDbAWn63qb4LMj1Z4b076A4une81+z03Kg7l7mn/48PUTqoLptSXez8oknU8Clg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
   esquery@1.6.0:
     resolution: {integrity: sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==}
@@ -1314,8 +1337,8 @@ packages:
     peerDependencies:
       express: 4 || 5 || ^5.0.0-beta.1
 
-  express@4.21.1:
-    resolution: {integrity: sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==}
+  express@4.21.2:
+    resolution: {integrity: sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==}
     engines: {node: '>= 0.10.0'}
 
   fast-deep-equal@3.1.3:
@@ -1346,9 +1369,9 @@ packages:
     resolution: {integrity: sha512-WrM7kLW+do9HLr+H6tk7LzQ7kPqbAgLjdzNE32+u3Ff11gXt9Kkkd2nusGFrlWMIe+XaA97t+I8JS7sZIrvRgA==}
     engines: {node: '>=16'}
 
-  file-entry-cache@6.0.1:
-    resolution: {integrity: sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==}
-    engines: {node: ^10.12.0 || >=12.0.0}
+  file-entry-cache@8.0.0:
+    resolution: {integrity: sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==}
+    engines: {node: '>=16.0.0'}
 
   fill-range@7.1.1:
     resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==}
@@ -1362,9 +1385,9 @@ packages:
     resolution: {integrity: sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==}
     engines: {node: '>=10'}
 
-  flat-cache@3.2.0:
-    resolution: {integrity: sha512-CYcENa+FtcUKLmhhqyctpclsq7QF38pKjZHsGNiSQF5r4FtoKDWabFDl3hzaEQMvT1LHEysw5twgLvpYYb4vbw==}
-    engines: {node: ^10.12.0 || >=12.0.0}
+  flat-cache@4.0.1:
+    resolution: {integrity: sha512-f7ccFPK3SXFHpx15UIGyRJ/FJQctuKZ0zVuN3frBo4HnK3cay9VEW0R6yPYFHC0AgqhukPzKjq22t5DmAyqGyw==}
+    engines: {node: '>=16'}
 
   flatted@3.3.1:
     resolution: {integrity: sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==}
@@ -1419,13 +1442,18 @@ packages:
     resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==}
     hasBin: true
 
+  glob@11.0.0:
+    resolution: {integrity: sha512-9UiX/Bl6J2yaBbxKoEBRm4Cipxgok8kQYcOPEhScPwebu2I0HoQOuYdIO6S3hLuWoZgpDpwQZMzTFxgpkyT76g==}
+    engines: {node: 20 || >=22}
+    hasBin: true
+
   glob@7.2.3:
     resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==}
     deprecated: Glob versions prior to v9 are no longer supported
 
-  globals@13.24.0:
-    resolution: {integrity: sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ==}
-    engines: {node: '>=8'}
+  globals@14.0.0:
+    resolution: {integrity: sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==}
+    engines: {node: '>=18'}
 
   globalyzer@0.1.0:
     resolution: {integrity: sha512-40oNTM9UfG6aBmuKxk/giHn5nQ8RVz/SS4Ir6zgzOv9/qC3kKZ9v4etGTcJbEl/NyVQH7FGU7d+X1egr57Md2Q==}
@@ -1537,10 +1565,6 @@ packages:
     resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==}
     engines: {node: '>=0.12.0'}
 
-  is-path-inside@3.0.3:
-    resolution: {integrity: sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==}
-    engines: {node: '>=8'}
-
   is-reference@3.0.2:
     resolution: {integrity: sha512-v3rht/LgVcsdZa3O2Nqs+NMowLOxeOm7Ay9+/ARQ2F+qEoANRcqrjAZKGN0v8ymUetZGgkp26LTnGT7H0Qo9Pg==}
 
@@ -1554,8 +1578,12 @@ packages:
   jackspeak@3.4.3:
     resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==}
 
-  jintr@3.0.2:
-    resolution: {integrity: sha512-5g2EBudeJFOopjAX4exAv5OCCW1DgUISfoioCsm1h9Q9HJ41LmnZ6J52PCsqBlQihsmp0VDuxreAVzM7yk5nFA==}
+  jackspeak@4.0.2:
+    resolution: {integrity: sha512-bZsjR/iRjl1Nk1UkjGpAzLNfQtzuijhn2g+pbZb98HQ1Gk8vM9hfbxeMBP+M2/UUdwj0RqGG3mlvk2MsAqwvEw==}
+    engines: {node: 20 || >=22}
+
+  jintr@3.1.0:
+    resolution: {integrity: sha512-azhCHApkRfBH8INpiUCwKBYaNCdB5G+x3NApsI2MxQXSlgFAx7rap3YwE3JAkN08GO8f3ilZsGB0Yvc+412ntQ==}
 
   joycon@3.1.1:
     resolution: {integrity: sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==}
@@ -1612,6 +1640,10 @@ packages:
   lru-cache@10.4.3:
     resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==}
 
+  lru-cache@11.0.2:
+    resolution: {integrity: sha512-123qHRfJBmo2jXDbo/a5YOQrJoHF/GNQTLzQ5+IdK5pWpceK17yRc6ozlWd25FxvGKQbIUs91fDFkXmDHTKcyA==}
+    engines: {node: 20 || >=22}
+
   magic-string@0.30.11:
     resolution: {integrity: sha512-+Wri9p0QHMy+545hKww7YAu5NyzF8iomPL/RQazugQ9+Ez4Ic3mERMd8ZTX5rfK944j+560ZJi8iAwgak1Ac7A==}
 
@@ -1671,6 +1703,10 @@ packages:
     resolution: {integrity: sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==}
     engines: {node: '>=4'}
 
+  minimatch@10.0.1:
+    resolution: {integrity: sha512-ethXTt3SGGR+95gudmqJ1eNhRO7eGEGIgYA9vnPatK4/etz2MEVDno5GMCibdMTuBMyElzIlgxMna3K94XDIDQ==}
+    engines: {node: 20 || >=22}
+
   minimatch@3.1.2:
     resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
 
@@ -1714,9 +1750,9 @@ packages:
     engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
     hasBin: true
 
-  nanoid@4.0.2:
-    resolution: {integrity: sha512-7ZtY5KTCNheRGfEFxnedV5zFiORN1+Y1N6zvPTnHQd8ENUvfaDBeuJDZb2bN/oXwXxu3qkTXDzy57W5vAmDTBw==}
-    engines: {node: ^14 || ^16 || >=18}
+  nanoid@5.0.9:
+    resolution: {integrity: sha512-Aooyr6MXU6HpvvWXKoVoXwKMs/KyVakWwg7xQfv5/S/RIgJMy0Ifa45H9qqYy7pTCszrHzP21Uk4PZq2HpEM8Q==}
+    engines: {node: ^18 || >=20}
     hasBin: true
 
   natural-compare@1.4.0:
@@ -1799,8 +1835,12 @@ packages:
     resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==}
     engines: {node: '>=16 || 14 >=14.18'}
 
-  path-to-regexp@0.1.10:
-    resolution: {integrity: sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==}
+  path-scurry@2.0.0:
+    resolution: {integrity: sha512-ypGJsmGtdXUOeM5u93TyeIEfEhM6s+ljAhrk5vAvSx8uyY/02OvrZnA0YNGUrPXfpJMgI1ODd3nwz8Npx4O4cg==}
+    engines: {node: 20 || >=22}
+
+  path-to-regexp@0.1.12:
+    resolution: {integrity: sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==}
 
   periscopic@3.1.0:
     resolution: {integrity: sha512-vKiQ8RRtkl9P+r/+oefh25C3fhybptkHKCZSPlcXiJux2tJF55GnEj3BVn4A5gKfq9NWWXXrxkHBwVPUfH0opw==}
@@ -1922,11 +1962,6 @@ packages:
     deprecated: Rimraf versions prior to v4 are no longer supported
     hasBin: true
 
-  rimraf@3.0.2:
-    resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==}
-    deprecated: Rimraf versions prior to v4 are no longer supported
-    hasBin: true
-
   rollup@4.24.0:
     resolution: {integrity: sha512-DOmrlGSXNk1DM0ljiQA+i+o0rSLhtii1je5wgk60j49d1jHT5YYttBv1iWOnYSTG+fZZESUOSNiAl89SIet+Cg==}
     engines: {node: '>=18.0.0', npm: '>=8.0.0'}
@@ -1990,9 +2025,9 @@ packages:
     resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==}
     engines: {node: '>=14'}
 
-  sirv@2.0.4:
-    resolution: {integrity: sha512-94Bdh3cC2PKrbgSOUqTiGPWVZeSiXfKOVZNJniWoqrWrRkB1CJzBU3NEbiTsPcYy1lDsANA/THzS+9WBiy5nfQ==}
-    engines: {node: '>= 10'}
+  sirv@3.0.0:
+    resolution: {integrity: sha512-BPwJGUeDaDCHihkORDchNyyTvWFhcusy1XMmhEVTQTwGeybFbp8YEmB+njbPnth1FibULBSBVwCQni25XlCUDg==}
+    engines: {node: '>=18'}
 
   sorcery@0.11.1:
     resolution: {integrity: sha512-o7npfeJE6wi6J9l0/5LKshFzZ2rMatRiCDwYeDQaOzqdzRJwALhX7mk/A/ecg6wjMu7wdZbmXfD2S/vpOg0bdQ==}
@@ -2152,9 +2187,6 @@ packages:
   syscall-napi@0.0.6:
     resolution: {integrity: sha512-qHbwjyFXAAekKUXxl70lhDiBYJ3e7XM7kQwu7LV3F0pHMenKox+VcZPZkRkhdmL/wNJD3NmrMGnL7161kdecUQ==}
 
-  text-table@0.2.0:
-    resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
-
   thenify-all@1.6.0:
     resolution: {integrity: sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==}
     engines: {node: '>=0.8'}
@@ -2230,10 +2262,6 @@ packages:
     resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==}
     engines: {node: '>= 0.8.0'}
 
-  type-fest@0.20.2:
-    resolution: {integrity: sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==}
-    engines: {node: '>=10'}
-
   type-is@1.6.18:
     resolution: {integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==}
     engines: {node: '>= 0.6'}
@@ -2241,14 +2269,12 @@ packages:
   typedarray@0.0.6:
     resolution: {integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==}
 
-  typescript-eslint@8.8.0:
-    resolution: {integrity: sha512-BjIT/VwJ8+0rVO01ZQ2ZVnjE1svFBiRczcpr1t1Yxt7sT25VSbPfrJtDsQ8uQTy2pilX5nI9gwxhUyLULNentw==}
+  typescript-eslint@8.18.0:
+    resolution: {integrity: sha512-Xq2rRjn6tzVpAyHr3+nmSg1/9k9aIHnJ2iZeOH7cfGOWqTkXTm3kwpQglEuLGdNrYvPF+2gtAs+/KF5rjVo+WQ==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
-      typescript: '*'
-    peerDependenciesMeta:
-      typescript:
-        optional: true
+      eslint: ^8.57.0 || ^9.0.0
+      typescript: '>=4.8.4 <5.8.0'
 
   typescript@5.5.4:
     resolution: {integrity: sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==}
@@ -2362,8 +2388,8 @@ packages:
     resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
     engines: {node: '>=10'}
 
-  youtubei.js@11.0.1:
-    resolution: {integrity: sha512-ZsbOd+5XF2Ofi3FrLMfYd+f9g9H8xswlouFhjhOqbwT68dMJtX6CRGsHNj5VTFCR/+L/865x1lnUlllB2dDDTA==}
+  youtubei.js@12.1.0:
+    resolution: {integrity: sha512-42SUw7zPpx4b7+XBm9QW+//T2/tixBRoEjJAbfOLmGCiyGZuvfW+oq/IngnXo2Keu+yD7YVAfYFc/NaFjFDxGg==}
 
   zod@3.23.8:
     resolution: {integrity: sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==}
@@ -2534,19 +2560,31 @@ snapshots:
   '@esbuild/win32-x64@0.23.0':
     optional: true
 
-  '@eslint-community/eslint-utils@4.4.0(eslint@8.57.0)':
+  '@eslint-community/eslint-utils@4.4.0(eslint@9.16.0)':
     dependencies:
-      eslint: 8.57.0
+      eslint: 9.16.0
       eslint-visitor-keys: 3.4.3
 
-  '@eslint-community/regexpp@4.11.0': {}
+  '@eslint-community/regexpp@4.12.1': {}
 
-  '@eslint/eslintrc@2.1.4':
+  '@eslint/config-array@0.19.1':
+    dependencies:
+      '@eslint/object-schema': 2.1.5
+      debug: 4.3.6
+      minimatch: 3.1.2
+    transitivePeerDependencies:
+      - supports-color
+
+  '@eslint/core@0.9.1':
+    dependencies:
+      '@types/json-schema': 7.0.15
+
+  '@eslint/eslintrc@3.2.0':
     dependencies:
       ajv: 6.12.6
       debug: 4.3.6
-      espree: 9.6.1
-      globals: 13.24.0
+      espree: 10.3.0
+      globals: 14.0.0
       ignore: 5.3.1
       import-fresh: 3.3.0
       js-yaml: 4.1.0
@@ -2555,10 +2593,16 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@eslint/js@8.57.0': {}
+  '@eslint/js@9.16.0': {}
 
   '@eslint/js@9.8.0': {}
 
+  '@eslint/object-schema@2.1.5': {}
+
+  '@eslint/plugin-kit@0.2.4':
+    dependencies:
+      levn: 0.4.1
+
   '@fastify/busboy@2.1.1': {}
 
   '@fontsource-variable/noto-sans-mono@5.0.20': {}
@@ -2567,17 +2611,18 @@ snapshots:
 
   '@fontsource/redaction-10@5.0.2': {}
 
-  '@humanwhocodes/config-array@0.11.14':
+  '@humanfs/core@0.19.1': {}
+
+  '@humanfs/node@0.16.6':
     dependencies:
-      '@humanwhocodes/object-schema': 2.0.3
-      debug: 4.3.6
-      minimatch: 3.1.2
-    transitivePeerDependencies:
-      - supports-color
+      '@humanfs/core': 0.19.1
+      '@humanwhocodes/retry': 0.3.1
 
   '@humanwhocodes/module-importer@1.0.1': {}
 
-  '@humanwhocodes/object-schema@2.0.3': {}
+  '@humanwhocodes/retry@0.3.1': {}
+
+  '@humanwhocodes/retry@0.4.1': {}
 
   '@imput/libav.js-remux-cli@5.5.6': {}
 
@@ -2708,24 +2753,24 @@ snapshots:
   '@rollup/rollup-win32-x64-msvc@4.24.0':
     optional: true
 
-  '@sveltejs/adapter-static@3.0.2(@sveltejs/kit@2.5.19(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))':
+  '@sveltejs/adapter-static@3.0.6(@sveltejs/kit@2.9.1(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))':
     dependencies:
-      '@sveltejs/kit': 2.5.19(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14))
+      '@sveltejs/kit': 2.9.1(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14))
 
-  '@sveltejs/kit@2.5.19(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14))':
+  '@sveltejs/kit@2.9.1(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14)))(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14))':
     dependencies:
       '@sveltejs/vite-plugin-svelte': 3.1.1(svelte@4.2.19)(vite@5.4.8(@types/node@20.14.14))
       '@types/cookie': 0.6.0
       cookie: 0.6.0
-      devalue: 5.0.0
-      esm-env: 1.0.0
+      devalue: 5.1.1
+      esm-env: 1.2.1
       import-meta-resolve: 4.1.0
       kleur: 4.1.5
       magic-string: 0.30.11
       mrmime: 2.0.0
       sade: 1.8.1
       set-cookie-parser: 2.6.0
-      sirv: 2.0.4
+      sirv: 3.0.0
       svelte: 4.2.19
       tiny-glob: 0.2.9
       vite: 5.4.8(@types/node@20.14.14)
@@ -2797,88 +2842,82 @@ snapshots:
 
   '@types/unist@2.0.10': {}
 
-  '@typescript-eslint/eslint-plugin@8.8.0(@typescript-eslint/parser@8.8.0(eslint@8.57.0)(typescript@5.5.4))(eslint@8.57.0)(typescript@5.5.4)':
+  '@typescript-eslint/eslint-plugin@8.18.0(@typescript-eslint/parser@8.18.0(eslint@9.16.0)(typescript@5.5.4))(eslint@9.16.0)(typescript@5.5.4)':
     dependencies:
-      '@eslint-community/regexpp': 4.11.0
-      '@typescript-eslint/parser': 8.8.0(eslint@8.57.0)(typescript@5.5.4)
-      '@typescript-eslint/scope-manager': 8.8.0
-      '@typescript-eslint/type-utils': 8.8.0(eslint@8.57.0)(typescript@5.5.4)
-      '@typescript-eslint/utils': 8.8.0(eslint@8.57.0)(typescript@5.5.4)
-      '@typescript-eslint/visitor-keys': 8.8.0
-      eslint: 8.57.0
+      '@eslint-community/regexpp': 4.12.1
+      '@typescript-eslint/parser': 8.18.0(eslint@9.16.0)(typescript@5.5.4)
+      '@typescript-eslint/scope-manager': 8.18.0
+      '@typescript-eslint/type-utils': 8.18.0(eslint@9.16.0)(typescript@5.5.4)
+      '@typescript-eslint/utils': 8.18.0(eslint@9.16.0)(typescript@5.5.4)
+      '@typescript-eslint/visitor-keys': 8.18.0
+      eslint: 9.16.0
       graphemer: 1.4.0
       ignore: 5.3.1
       natural-compare: 1.4.0
       ts-api-utils: 1.3.0(typescript@5.5.4)
-    optionalDependencies:
       typescript: 5.5.4
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/parser@8.8.0(eslint@8.57.0)(typescript@5.5.4)':
+  '@typescript-eslint/parser@8.18.0(eslint@9.16.0)(typescript@5.5.4)':
     dependencies:
-      '@typescript-eslint/scope-manager': 8.8.0
-      '@typescript-eslint/types': 8.8.0
-      '@typescript-eslint/typescript-estree': 8.8.0(typescript@5.5.4)
-      '@typescript-eslint/visitor-keys': 8.8.0
+      '@typescript-eslint/scope-manager': 8.18.0
+      '@typescript-eslint/types': 8.18.0
+      '@typescript-eslint/typescript-estree': 8.18.0(typescript@5.5.4)
+      '@typescript-eslint/visitor-keys': 8.18.0
       debug: 4.3.6
-      eslint: 8.57.0
-    optionalDependencies:
+      eslint: 9.16.0
       typescript: 5.5.4
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/scope-manager@8.8.0':
+  '@typescript-eslint/scope-manager@8.18.0':
     dependencies:
-      '@typescript-eslint/types': 8.8.0
-      '@typescript-eslint/visitor-keys': 8.8.0
+      '@typescript-eslint/types': 8.18.0
+      '@typescript-eslint/visitor-keys': 8.18.0
 
-  '@typescript-eslint/type-utils@8.8.0(eslint@8.57.0)(typescript@5.5.4)':
+  '@typescript-eslint/type-utils@8.18.0(eslint@9.16.0)(typescript@5.5.4)':
     dependencies:
-      '@typescript-eslint/typescript-estree': 8.8.0(typescript@5.5.4)
-      '@typescript-eslint/utils': 8.8.0(eslint@8.57.0)(typescript@5.5.4)
+      '@typescript-eslint/typescript-estree': 8.18.0(typescript@5.5.4)
+      '@typescript-eslint/utils': 8.18.0(eslint@9.16.0)(typescript@5.5.4)
       debug: 4.3.6
+      eslint: 9.16.0
       ts-api-utils: 1.3.0(typescript@5.5.4)
-    optionalDependencies:
       typescript: 5.5.4
     transitivePeerDependencies:
-      - eslint
       - supports-color
 
-  '@typescript-eslint/types@8.8.0': {}
+  '@typescript-eslint/types@8.18.0': {}
 
-  '@typescript-eslint/typescript-estree@8.8.0(typescript@5.5.4)':
+  '@typescript-eslint/typescript-estree@8.18.0(typescript@5.5.4)':
     dependencies:
-      '@typescript-eslint/types': 8.8.0
-      '@typescript-eslint/visitor-keys': 8.8.0
+      '@typescript-eslint/types': 8.18.0
+      '@typescript-eslint/visitor-keys': 8.18.0
       debug: 4.3.6
       fast-glob: 3.3.2
       is-glob: 4.0.3
       minimatch: 9.0.5
       semver: 7.6.3
       ts-api-utils: 1.3.0(typescript@5.5.4)
-    optionalDependencies:
       typescript: 5.5.4
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/utils@8.8.0(eslint@8.57.0)(typescript@5.5.4)':
+  '@typescript-eslint/utils@8.18.0(eslint@9.16.0)(typescript@5.5.4)':
     dependencies:
-      '@eslint-community/eslint-utils': 4.4.0(eslint@8.57.0)
-      '@typescript-eslint/scope-manager': 8.8.0
-      '@typescript-eslint/types': 8.8.0
-      '@typescript-eslint/typescript-estree': 8.8.0(typescript@5.5.4)
-      eslint: 8.57.0
+      '@eslint-community/eslint-utils': 4.4.0(eslint@9.16.0)
+      '@typescript-eslint/scope-manager': 8.18.0
+      '@typescript-eslint/types': 8.18.0
+      '@typescript-eslint/typescript-estree': 8.18.0(typescript@5.5.4)
+      eslint: 9.16.0
+      typescript: 5.5.4
     transitivePeerDependencies:
       - supports-color
-      - typescript
 
-  '@typescript-eslint/visitor-keys@8.8.0':
+  '@typescript-eslint/visitor-keys@8.18.0':
     dependencies:
-      '@typescript-eslint/types': 8.8.0
-      eslint-visitor-keys: 3.4.3
-
-  '@ungap/structured-clone@1.2.0': {}
+      '@typescript-eslint/types': 8.18.0
+      eslint-visitor-keys: 4.2.0
 
   '@vitejs/plugin-basic-ssl@1.1.0(vite@5.4.8(@types/node@20.14.14))':
     dependencies:
@@ -2889,12 +2928,14 @@ snapshots:
       mime-types: 2.1.35
       negotiator: 0.6.3
 
-  acorn-jsx@5.3.2(acorn@8.12.1):
+  acorn-jsx@5.3.2(acorn@8.14.0):
     dependencies:
-      acorn: 8.12.1
+      acorn: 8.14.0
 
   acorn@8.12.1: {}
 
+  acorn@8.14.0: {}
+
   agent-base@6.0.2:
     dependencies:
       debug: 4.3.6
@@ -3070,6 +3111,12 @@ snapshots:
       shebang-command: 2.0.0
       which: 2.0.2
 
+  cross-spawn@7.0.6:
+    dependencies:
+      path-key: 3.1.1
+      shebang-command: 2.0.0
+      which: 2.0.2
+
   css-tree@2.3.1:
     dependencies:
       mdn-data: 2.0.30
@@ -3101,11 +3148,7 @@ snapshots:
 
   detect-indent@6.1.0: {}
 
-  devalue@5.0.0: {}
-
-  doctrine@3.0.0:
-    dependencies:
-      esutils: 2.0.3
+  devalue@5.1.1: {}
 
   dotenv@16.4.5: {}
 
@@ -3272,63 +3315,61 @@ snapshots:
 
   escape-string-regexp@4.0.0: {}
 
-  eslint-scope@7.2.2:
+  eslint-scope@8.2.0:
     dependencies:
       esrecurse: 4.3.0
       estraverse: 5.3.0
 
   eslint-visitor-keys@3.4.3: {}
 
-  eslint@8.57.0:
+  eslint-visitor-keys@4.2.0: {}
+
+  eslint@9.16.0:
     dependencies:
-      '@eslint-community/eslint-utils': 4.4.0(eslint@8.57.0)
-      '@eslint-community/regexpp': 4.11.0
-      '@eslint/eslintrc': 2.1.4
-      '@eslint/js': 8.57.0
-      '@humanwhocodes/config-array': 0.11.14
+      '@eslint-community/eslint-utils': 4.4.0(eslint@9.16.0)
+      '@eslint-community/regexpp': 4.12.1
+      '@eslint/config-array': 0.19.1
+      '@eslint/core': 0.9.1
+      '@eslint/eslintrc': 3.2.0
+      '@eslint/js': 9.16.0
+      '@eslint/plugin-kit': 0.2.4
+      '@humanfs/node': 0.16.6
       '@humanwhocodes/module-importer': 1.0.1
-      '@nodelib/fs.walk': 1.2.8
-      '@ungap/structured-clone': 1.2.0
+      '@humanwhocodes/retry': 0.4.1
+      '@types/estree': 1.0.6
+      '@types/json-schema': 7.0.15
       ajv: 6.12.6
       chalk: 4.1.2
-      cross-spawn: 7.0.3
+      cross-spawn: 7.0.6
       debug: 4.3.6
-      doctrine: 3.0.0
       escape-string-regexp: 4.0.0
-      eslint-scope: 7.2.2
-      eslint-visitor-keys: 3.4.3
-      espree: 9.6.1
+      eslint-scope: 8.2.0
+      eslint-visitor-keys: 4.2.0
+      espree: 10.3.0
       esquery: 1.6.0
       esutils: 2.0.3
       fast-deep-equal: 3.1.3
-      file-entry-cache: 6.0.1
+      file-entry-cache: 8.0.0
       find-up: 5.0.0
       glob-parent: 6.0.2
-      globals: 13.24.0
-      graphemer: 1.4.0
       ignore: 5.3.1
       imurmurhash: 0.1.4
       is-glob: 4.0.3
-      is-path-inside: 3.0.3
-      js-yaml: 4.1.0
       json-stable-stringify-without-jsonify: 1.0.1
-      levn: 0.4.1
       lodash.merge: 4.6.2
       minimatch: 3.1.2
       natural-compare: 1.4.0
       optionator: 0.9.4
-      strip-ansi: 6.0.1
-      text-table: 0.2.0
     transitivePeerDependencies:
       - supports-color
 
-  esm-env@1.0.0: {}
+  esm-env@1.2.1: {}
 
-  espree@9.6.1:
+  espree@10.3.0:
     dependencies:
-      acorn: 8.12.1
-      acorn-jsx: 5.3.2(acorn@8.12.1)
-      eslint-visitor-keys: 3.4.3
+      acorn: 8.14.0
+      acorn-jsx: 5.3.2(acorn@8.14.0)
+      eslint-visitor-keys: 4.2.0
 
   esquery@1.6.0:
     dependencies:
@@ -3360,11 +3401,11 @@ snapshots:
       signal-exit: 3.0.7
       strip-final-newline: 2.0.0
 
-  express-rate-limit@7.4.1(express@4.21.1):
+  express-rate-limit@7.4.1(express@4.21.2):
     dependencies:
-      express: 4.21.1
+      express: 4.21.2
 
-  express@4.21.1:
+  express@4.21.2:
     dependencies:
       accepts: 1.3.8
       array-flatten: 1.1.1
@@ -3385,7 +3426,7 @@ snapshots:
       methods: 1.1.2
       on-finished: 2.4.1
       parseurl: 1.3.3
-      path-to-regexp: 0.1.10
+      path-to-regexp: 0.1.12
       proxy-addr: 2.0.7
       qs: 6.13.0
       range-parser: 1.2.1
@@ -3431,9 +3472,9 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  file-entry-cache@6.0.1:
+  file-entry-cache@8.0.0:
     dependencies:
-      flat-cache: 3.2.0
+      flat-cache: 4.0.1
 
   fill-range@7.1.1:
     dependencies:
@@ -3456,11 +3497,10 @@ snapshots:
       locate-path: 6.0.0
       path-exists: 4.0.0
 
-  flat-cache@3.2.0:
+  flat-cache@4.0.1:
     dependencies:
       flatted: 3.3.1
       keyv: 4.5.4
-      rimraf: 3.0.2
 
   flatted@3.3.1: {}
 
@@ -3517,6 +3557,15 @@ snapshots:
       package-json-from-dist: 1.0.0
       path-scurry: 1.11.1
 
+  glob@11.0.0:
+    dependencies:
+      foreground-child: 3.3.0
+      jackspeak: 4.0.2
+      minimatch: 10.0.1
+      minipass: 7.1.2
+      package-json-from-dist: 1.0.0
+      path-scurry: 2.0.0
+
   glob@7.2.3:
     dependencies:
       fs.realpath: 1.0.0
@@ -3526,9 +3575,7 @@ snapshots:
       once: 1.4.0
       path-is-absolute: 1.0.1
 
-  globals@13.24.0:
-    dependencies:
-      type-fest: 0.20.2
+  globals@14.0.0: {}
 
   globalyzer@0.1.0: {}
 
@@ -3622,8 +3669,6 @@ snapshots:
 
   is-number@7.0.0: {}
 
-  is-path-inside@3.0.3: {}
-
   is-reference@3.0.2:
     dependencies:
       '@types/estree': 1.0.5
@@ -3638,7 +3683,11 @@ snapshots:
     optionalDependencies:
       '@pkgjs/parseargs': 0.11.0
 
-  jintr@3.0.2:
+  jackspeak@4.0.2:
+    dependencies:
+      '@isaacs/cliui': 8.0.2
+
+  jintr@3.1.0:
     dependencies:
       acorn: 8.12.1
 
@@ -3683,6 +3732,8 @@ snapshots:
 
   lru-cache@10.4.3: {}
 
+  lru-cache@11.0.2: {}
+
   magic-string@0.30.11:
     dependencies:
       '@jridgewell/sourcemap-codec': 1.5.0
@@ -3726,6 +3777,10 @@ snapshots:
 
   min-indent@1.0.1: {}
 
+  minimatch@10.0.1:
+    dependencies:
+      brace-expansion: 2.0.1
+
   minimatch@3.1.2:
     dependencies:
       brace-expansion: 1.1.11
@@ -3760,7 +3815,7 @@ snapshots:
 
   nanoid@3.3.7: {}
 
-  nanoid@4.0.2: {}
+  nanoid@5.0.9: {}
 
   natural-compare@1.4.0: {}
 
@@ -3830,7 +3885,12 @@ snapshots:
       lru-cache: 10.4.3
       minipass: 7.1.2
 
-  path-to-regexp@0.1.10: {}
+  path-scurry@2.0.0:
+    dependencies:
+      lru-cache: 11.0.2
+      minipass: 7.1.2
+
+  path-to-regexp@0.1.12: {}
 
   periscopic@3.1.0:
     dependencies:
@@ -3885,9 +3945,9 @@ snapshots:
 
   range-parser@1.2.1: {}
 
-  rate-limit-redis@4.2.0(express-rate-limit@7.4.1(express@4.21.1)):
+  rate-limit-redis@4.2.0(express-rate-limit@7.4.1(express@4.21.2)):
     dependencies:
-      express-rate-limit: 7.4.1(express@4.21.1)
+      express-rate-limit: 7.4.1(express@4.21.2)
     optional: true
 
   raw-body@2.5.2:
@@ -3927,10 +3987,6 @@ snapshots:
     dependencies:
       glob: 7.2.3
 
-  rimraf@3.0.2:
-    dependencies:
-      glob: 7.2.3
-
   rollup@4.24.0:
     dependencies:
       '@types/estree': 1.0.6
@@ -4031,7 +4087,7 @@ snapshots:
 
   signal-exit@4.1.0: {}
 
-  sirv@2.0.4:
+  sirv@3.0.0:
     dependencies:
       '@polka/url': 1.0.0-next.25
       mrmime: 2.0.0
@@ -4169,8 +4225,6 @@ snapshots:
   syscall-napi@0.0.6:
     optional: true
 
-  text-table@0.2.0: {}
-
   thenify-all@1.6.0:
     dependencies:
       thenify: 3.3.1
@@ -4246,8 +4300,6 @@ snapshots:
     dependencies:
       prelude-ls: 1.2.1
 
-  type-fest@0.20.2: {}
-
   type-is@1.6.18:
     dependencies:
       media-typer: 0.3.0
@@ -4255,15 +4307,14 @@ snapshots:
 
   typedarray@0.0.6: {}
 
-  typescript-eslint@8.8.0(eslint@8.57.0)(typescript@5.5.4):
+  typescript-eslint@8.18.0(eslint@9.16.0)(typescript@5.5.4):
     dependencies:
-      '@typescript-eslint/eslint-plugin': 8.8.0(@typescript-eslint/parser@8.8.0(eslint@8.57.0)(typescript@5.5.4))(eslint@8.57.0)(typescript@5.5.4)
-      '@typescript-eslint/parser': 8.8.0(eslint@8.57.0)(typescript@5.5.4)
-      '@typescript-eslint/utils': 8.8.0(eslint@8.57.0)(typescript@5.5.4)
-    optionalDependencies:
+      '@typescript-eslint/eslint-plugin': 8.18.0(@typescript-eslint/parser@8.18.0(eslint@9.16.0)(typescript@5.5.4))(eslint@9.16.0)(typescript@5.5.4)
+      '@typescript-eslint/parser': 8.18.0(eslint@9.16.0)(typescript@5.5.4)
+      '@typescript-eslint/utils': 8.18.0(eslint@9.16.0)(typescript@5.5.4)
+      eslint: 9.16.0
       typescript: 5.5.4
     transitivePeerDependencies:
-      - eslint
       - supports-color
 
   typescript@5.5.4: {}
@@ -4343,10 +4394,10 @@ snapshots:
 
   yocto-queue@0.1.0: {}
 
-  youtubei.js@11.0.1:
+  youtubei.js@12.1.0:
     dependencies:
       '@bufbuild/protobuf': 2.1.0
-      jintr: 3.0.2
+      jintr: 3.1.0
       tslib: 2.6.3
       undici: 5.28.4
 
diff --git a/web/package.json b/web/package.json
index c6962d99..538242a3 100644
--- a/web/package.json
+++ b/web/package.json
@@ -30,8 +30,8 @@
         "@fontsource/redaction-10": "^5.0.2",
         "@imput/libav.js-remux-cli": "^5.5.6",
         "@imput/version-info": "workspace:^",
-        "@sveltejs/adapter-static": "^3.0.2",
-        "@sveltejs/kit": "^2.0.0",
+        "@sveltejs/adapter-static": "^3.0.6",
+        "@sveltejs/kit": "^2.9.1",
         "@sveltejs/vite-plugin-svelte": "^3.0.0",
         "@tabler/icons-svelte": "3.6.0",
         "@types/eslint__js": "^8.42.3",
@@ -40,8 +40,8 @@
         "@vitejs/plugin-basic-ssl": "^1.1.0",
         "compare-versions": "^6.1.0",
         "dotenv": "^16.0.1",
-        "eslint": "^8.57.0",
-        "glob": "^10.4.5",
+        "eslint": "^9.16.0",
+        "glob": "^11.0.0",
         "mdsvex": "^0.11.2",
         "mime": "^4.0.4",
         "svelte": "^4.2.19",
@@ -52,7 +52,7 @@
         "tslib": "^2.4.1",
         "turnstile-types": "^1.2.2",
         "typescript": "^5.4.5",
-        "typescript-eslint": "^8.8.0",
+        "typescript-eslint": "^8.18.0",
         "vite": "^5.3.6"
     }
 }

From f1916cef6e32b41f7ef51b4c7377ac39ba33b5fb Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Tue, 10 Dec 2024 16:14:15 +0000
Subject: [PATCH 306/379] web: add automatic sitemap generation

---
 pnpm-lock.yaml     | 86 ++++++++++++++++++++++++++++++++++++++++++++++
 web/package.json   |  1 +
 web/vite.config.ts | 19 +++++++++-
 3 files changed, 105 insertions(+), 1 deletion(-)

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 56b9d285..2ef40243 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -163,6 +163,9 @@ importers:
       svelte-preprocess:
         specifier: ^6.0.2
         version: 6.0.2(postcss@8.4.47)(svelte@4.2.19)(typescript@5.5.4)
+      svelte-sitemap:
+        specifier: 2.6.0
+        version: 2.6.0
       sveltekit-i18n:
         specifier: ^2.4.2
         version: 2.4.2(svelte@4.2.19)
@@ -603,6 +606,22 @@ packages:
     resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==}
     engines: {node: '>= 8'}
 
+  '@oozcitak/dom@1.15.10':
+    resolution: {integrity: sha512-0JT29/LaxVgRcGKvHmSrUTEvZ8BXvZhGl2LASRUgHqDTC1M5g1pLmVv56IYNyt3bG2CUjDkc67wnyZC14pbQrQ==}
+    engines: {node: '>=8.0'}
+
+  '@oozcitak/infra@1.0.8':
+    resolution: {integrity: sha512-JRAUc9VR6IGHOL7OGF+yrvs0LO8SlqGnPAMqyzOuFZPSZSXI7Xf2O9+awQPSMXgIWGtgUf/dA6Hs6X6ySEaWTg==}
+    engines: {node: '>=6.0'}
+
+  '@oozcitak/url@1.0.4':
+    resolution: {integrity: sha512-kDcD8y+y3FCSOvnBI6HJgl00viO/nGbQoCINmQ0h98OhnGITrWR3bOGfwYCthgcrV8AnTJz8MzslTQbC3SOAmw==}
+    engines: {node: '>=8.0'}
+
+  '@oozcitak/util@8.3.8':
+    resolution: {integrity: sha512-T8TbSnGsxo6TDBJx/Sgv/BlVJL3tshxZP7Aq5R1mSnM5OcHY2dQaxLMu2+E8u3gN0MLOzdjurqN4ZRVuzQycOQ==}
+    engines: {node: '>=8.0'}
+
   '@pkgjs/parseargs@0.11.0':
     resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
     engines: {node: '>=14'}
@@ -899,6 +918,9 @@ packages:
     resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==}
     engines: {node: '>= 8'}
 
+  argparse@1.0.10:
+    resolution: {integrity: sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==}
+
   argparse@2.0.1:
     resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==}
 
@@ -1304,6 +1326,11 @@ packages:
     resolution: {integrity: sha512-0QYC8b24HWY8zjRnDTL6RiHfDbAWn63qb4LMj1Z4b076A4une81+z03Kg7l7mn/48PUTqoLptSXez8oknU8Clg==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
+  esprima@4.0.1:
+    resolution: {integrity: sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==}
+    engines: {node: '>=4'}
+    hasBin: true
+
   esquery@1.6.0:
     resolution: {integrity: sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==}
     engines: {node: '>=0.10'}
@@ -1589,6 +1616,10 @@ packages:
     resolution: {integrity: sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==}
     engines: {node: '>=10'}
 
+  js-yaml@3.14.1:
+    resolution: {integrity: sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==}
+    hasBin: true
+
   js-yaml@4.1.0:
     resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==}
     hasBin: true
@@ -2045,6 +2076,9 @@ packages:
     resolution: {integrity: sha512-2ymg6oRBpebeZi9UUNsgQ89bhx01TcTkmNTGnNO88imTmbSgy4nfujrgVEFKWpMTEGA11EDkTt7mqObTPdigIA==}
     engines: {node: '>= 8'}
 
+  sprintf-js@1.0.3:
+    resolution: {integrity: sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==}
+
   statuses@2.0.1:
     resolution: {integrity: sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==}
     engines: {node: '>= 0.8'}
@@ -2175,6 +2209,11 @@ packages:
       typescript:
         optional: true
 
+  svelte-sitemap@2.6.0:
+    resolution: {integrity: sha512-WcwsuIeo8iJFG9a5cgvXwXEGoyjk6Zowb6JmL5BbwfnFXMzakGa1+mQjthw5Ni3UV/gGbE0PgJvc7Ygir3LmFg==}
+    engines: {node: '>= 14.17.0'}
+    hasBin: true
+
   svelte@4.2.19:
     resolution: {integrity: sha512-IY1rnGr6izd10B0A8LqsBfmlT5OILVuZ7XsI0vdGPEvuonFV7NYEUK4dAkm9Zg2q0Um92kYjTpS1CAP3Nh/KWw==}
     engines: {node: '>=16'}
@@ -2381,6 +2420,10 @@ packages:
   wrappy@1.0.2:
     resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
 
+  xmlbuilder2@3.1.1:
+    resolution: {integrity: sha512-WCSfbfZnQDdLQLiMdGUQpMxxckeQ4oZNMNhLVkcekTu7xhD4tuUDyAPoY8CwXvBYE6LwBHd6QW2WZXlOWr1vCw==}
+    engines: {node: '>=12.0'}
+
   yallist@4.0.0:
     resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==}
 
@@ -2668,6 +2711,23 @@ snapshots:
       '@nodelib/fs.scandir': 2.1.5
       fastq: 1.17.1
 
+  '@oozcitak/dom@1.15.10':
+    dependencies:
+      '@oozcitak/infra': 1.0.8
+      '@oozcitak/url': 1.0.4
+      '@oozcitak/util': 8.3.8
+
+  '@oozcitak/infra@1.0.8':
+    dependencies:
+      '@oozcitak/util': 8.3.8
+
+  '@oozcitak/url@1.0.4':
+    dependencies:
+      '@oozcitak/infra': 1.0.8
+      '@oozcitak/util': 8.3.8
+
+  '@oozcitak/util@8.3.8': {}
+
   '@pkgjs/parseargs@0.11.0':
     optional: true
 
@@ -2966,6 +3026,10 @@ snapshots:
       normalize-path: 3.0.0
       picomatch: 2.3.1
 
+  argparse@1.0.10:
+    dependencies:
+      sprintf-js: 1.0.3
+
   argparse@2.0.1: {}
 
   aria-query@5.3.0:
@@ -3371,6 +3435,8 @@ snapshots:
       acorn-jsx: 5.3.2(acorn@8.14.0)
       eslint-visitor-keys: 4.2.0
 
+  esprima@4.0.1: {}
+
   esquery@1.6.0:
     dependencies:
       estraverse: 5.3.0
@@ -3693,6 +3759,11 @@ snapshots:
 
   joycon@3.1.1: {}
 
+  js-yaml@3.14.1:
+    dependencies:
+      argparse: 1.0.10
+      esprima: 4.0.1
+
   js-yaml@4.1.0:
     dependencies:
       argparse: 2.0.1
@@ -4108,6 +4179,8 @@ snapshots:
     dependencies:
       whatwg-url: 7.1.0
 
+  sprintf-js@1.0.3: {}
+
   statuses@2.0.1: {}
 
   string-width@4.2.3:
@@ -4199,6 +4272,12 @@ snapshots:
       postcss: 8.4.47
       typescript: 5.5.4
 
+  svelte-sitemap@2.6.0:
+    dependencies:
+      fast-glob: 3.3.2
+      minimist: 1.2.8
+      xmlbuilder2: 3.1.1
+
   svelte@4.2.19:
     dependencies:
       '@ampproject/remapping': 2.3.0
@@ -4389,6 +4468,13 @@ snapshots:
 
   wrappy@1.0.2: {}
 
+  xmlbuilder2@3.1.1:
+    dependencies:
+      '@oozcitak/dom': 1.15.10
+      '@oozcitak/infra': 1.0.8
+      '@oozcitak/util': 8.3.8
+      js-yaml: 3.14.1
+
   yallist@4.0.0:
     optional: true
 
diff --git a/web/package.json b/web/package.json
index 538242a3..1c3d67cb 100644
--- a/web/package.json
+++ b/web/package.json
@@ -47,6 +47,7 @@
         "svelte": "^4.2.19",
         "svelte-check": "^3.6.0",
         "svelte-preprocess": "^6.0.2",
+        "svelte-sitemap": "2.6.0",
         "sveltekit-i18n": "^2.4.2",
         "ts-deepmerge": "^7.0.1",
         "tslib": "^2.4.1",
diff --git a/web/vite.config.ts b/web/vite.config.ts
index 5faa8c0f..f762fbbc 100644
--- a/web/vite.config.ts
+++ b/web/vite.config.ts
@@ -3,6 +3,7 @@ import { sveltekit } from "@sveltejs/kit/vite";
 import basicSSL from "@vitejs/plugin-basic-ssl";
 import { glob } from "glob";
 import mime from "mime";
+import { createSitemap } from 'svelte-sitemap/src/index'
 
 import { cp, readdir, mkdir } from "node:fs/promises";
 import { createReadStream } from "node:fs";
@@ -60,12 +61,28 @@ const enableCOEP: PluginOption = {
     }
 };
 
+const generateSitemap: PluginOption = {
+    name: "generate-sitemap",
+    async writeBundle(bundle) {
+        if (!process.env.WEB_HOST || !bundle.dir?.endsWith('server')) {
+            return;
+        }
+
+        await createSitemap(`https://${process.env.WEB_HOST}`, {
+            changeFreq: 'monthly',
+            outDir: '.svelte-kit/output/prerendered/pages',
+            resetTime: true
+        });
+    }
+}
+
 export default defineConfig({
     plugins: [
         basicSSL(),
         sveltekit(),
         enableCOEP,
-        exposeLibAV
+        exposeLibAV,
+        generateSitemap
     ],
     build: {
         rollupOptions: {

From 112866096cfa565b47bac48283a851f290cc92d1 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 12 Dec 2024 23:00:49 +0600
Subject: [PATCH 307/379] api/url: return a diff error when youtube is disabled
 on main instance

---
 api/src/processing/url.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/api/src/processing/url.js b/api/src/processing/url.js
index 64517099..8f0e7dc2 100644
--- a/api/src/processing/url.js
+++ b/api/src/processing/url.js
@@ -181,6 +181,11 @@ export function extract(url) {
     }
 
     if (!env.enabledServices.has(host)) {
+        // show a different message when youtube is disabled on official instances
+        // as it only happens when shit hits the fan
+        if (new URL(env.apiURL).hostname.endsWith(".imput.net") && host === "youtube") {
+            return { error: "youtube.temporary_disabled" };
+        }
         return { error: "service.disabled" };
     }
 

From 994ce84483acba17e8802ed4c7b0fd3258ed2326 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 12 Dec 2024 23:01:05 +0600
Subject: [PATCH 308/379] web/error: add the error for temporarily disabled
 youtube

---
 web/i18n/en/error.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/i18n/en/error.json b/web/i18n/en/error.json
index 75023338..6b83ceb9 100644
--- a/web/i18n/en/error.json
+++ b/web/i18n/en/error.json
@@ -65,5 +65,6 @@
     "api.youtube.login": "couldn't get this video because youtube asked the instance to log in. this is potentially caused by the processing instance not having any active account tokens or youtube updating something about their api. try again in a few seconds, but if it still doesn't work, please report this issue!",
     "api.youtube.token_expired": "couldn't get this video because the youtube token expired and i couldn't refresh it. try again in a few seconds, but if it still doesn't work, tell the instance owner about this error!",
     "api.youtube.no_hls_streams": "couldn't find any matching HLS streams for this video. try downloading it without HLS!",
-    "api.youtube.api_error": "youtube updated something about its api and i couldn't get any info about this video. try again in a few seconds, but if this issue sticks, please report it!"
+    "api.youtube.api_error": "youtube updated something about its api and i couldn't get any info about this video. try again in a few seconds, but if this issue sticks, please report it!",
+    "api.youtube.temporary_disabled": "youtube downloading is temporarily disabled due to restrictions from youtube's side. we're already looking for ways to go around them.\n\nwe apologize for the inconvenience and are doing our best to restore this functionality. check cobalt's socials or github for timely updates!"
 }

From 5eb411bb8319749789a8c7d4c122ec3e258d68c2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 12 Dec 2024 23:01:32 +0600
Subject: [PATCH 309/379] web/package: bump version to 10.4.4

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index 1c3d67cb..a98fe47e 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.4.2",
+    "version": "10.4.4",
     "type": "module",
     "private": true,
     "scripts": {

From 5973d70053a6d5642ca2eb242e61813478ec0b6b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 12 Dec 2024 23:03:00 +0600
Subject: [PATCH 310/379] api/package: bump version to 10.4.4 & update
 youtube.js

---
 api/package.json |  4 ++--
 pnpm-lock.yaml   | 20 ++++++++++----------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/api/package.json b/api/package.json
index 7766a10b..21b76fc7 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.4.3",
+    "version": "10.4.4",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",
@@ -41,7 +41,7 @@
         "set-cookie-parser": "2.6.0",
         "undici": "^5.19.1",
         "url-pattern": "1.0.3",
-        "youtubei.js": "^12.1.0",
+        "youtubei.js": "^12.2.0",
         "zod": "^3.23.8"
     },
     "optionalDependencies": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 2ef40243..4224fba3 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -62,8 +62,8 @@ importers:
         specifier: 1.0.3
         version: 1.0.3
       youtubei.js:
-        specifier: ^12.1.0
-        version: 12.1.0
+        specifier: ^12.2.0
+        version: 12.2.0
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -1609,8 +1609,8 @@ packages:
     resolution: {integrity: sha512-bZsjR/iRjl1Nk1UkjGpAzLNfQtzuijhn2g+pbZb98HQ1Gk8vM9hfbxeMBP+M2/UUdwj0RqGG3mlvk2MsAqwvEw==}
     engines: {node: 20 || >=22}
 
-  jintr@3.1.0:
-    resolution: {integrity: sha512-azhCHApkRfBH8INpiUCwKBYaNCdB5G+x3NApsI2MxQXSlgFAx7rap3YwE3JAkN08GO8f3ilZsGB0Yvc+412ntQ==}
+  jintr@3.2.0:
+    resolution: {integrity: sha512-psD1yf05kMKDNsUdW1l5YhO59pHScQ6OIHHb8W5SKSM2dCOFPsqolmIuSHgVA8+3Dc47NJR181CXZ4alCAPTkA==}
 
   joycon@3.1.1:
     resolution: {integrity: sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==}
@@ -2431,8 +2431,8 @@ packages:
     resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
     engines: {node: '>=10'}
 
-  youtubei.js@12.1.0:
-    resolution: {integrity: sha512-42SUw7zPpx4b7+XBm9QW+//T2/tixBRoEjJAbfOLmGCiyGZuvfW+oq/IngnXo2Keu+yD7YVAfYFc/NaFjFDxGg==}
+  youtubei.js@12.2.0:
+    resolution: {integrity: sha512-G+50qrbJCToMYhu8jbaHiS3Vf+RRul+CcDbz3hEGwHkGPh+zLiWwD6SS+YhYF+2/op4ZU5zDYQJrGqJ+wKh7Gw==}
 
   zod@3.23.8:
     resolution: {integrity: sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==}
@@ -3753,9 +3753,9 @@ snapshots:
     dependencies:
       '@isaacs/cliui': 8.0.2
 
-  jintr@3.1.0:
+  jintr@3.2.0:
     dependencies:
-      acorn: 8.12.1
+      acorn: 8.14.0
 
   joycon@3.1.1: {}
 
@@ -4480,10 +4480,10 @@ snapshots:
 
   yocto-queue@0.1.0: {}
 
-  youtubei.js@12.1.0:
+  youtubei.js@12.2.0:
     dependencies:
       '@bufbuild/protobuf': 2.1.0
-      jintr: 3.1.0
+      jintr: 3.2.0
       tslib: 2.6.3
       undici: 5.28.4
 

From 3dafdd825a8d98983103f0275cf4199bbd6af01b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Fri, 13 Dec 2024 16:01:16 +0600
Subject: [PATCH 311/379] api/types/proxy: use default dispatcher instead of a
 global one

this function never gets anything but internal streams, so global proxy (`API_EXTERNAL_PROXY`) is only causing issues here. this commit fixes an issue of cobalt attempting to proxy internal streams, and failing spectacularly.
---
 api/src/stream/types.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/api/src/stream/types.js b/api/src/stream/types.js
index 98c3b04e..0a4e2d47 100644
--- a/api/src/stream/types.js
+++ b/api/src/stream/types.js
@@ -1,4 +1,4 @@
-import { request } from "undici";
+import { Agent, request } from "undici";
 import ffmpeg from "ffmpeg-static";
 import { spawn } from "child_process";
 import { create as contentDisposition } from "content-disposition-header";
@@ -60,6 +60,8 @@ const getCommand = (args) => {
     return [ffmpeg, args]
 }
 
+const defaultAgent = new Agent();
+
 const proxy = async (streamInfo, res) => {
     const abortController = new AbortController();
     const shutdown = () => (
@@ -78,7 +80,8 @@ const proxy = async (streamInfo, res) => {
                 Range: streamInfo.range
             },
             signal: abortController.signal,
-            maxRedirections: 16
+            maxRedirections: 16,
+            dispatcher: defaultAgent,
         });
 
         res.status(statusCode);

From 86a67dee834c176b2aec40dd48fec56d69597f29 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Fri, 13 Dec 2024 16:03:32 +0600
Subject: [PATCH 312/379] api/package: bump version to 10.4.5

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 21b76fc7..02e09e46 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.4.4",
+    "version": "10.4.5",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From b44410e93bfcc5dee84dc7c5731f1da8bdeeabf5 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 14 Dec 2024 12:30:04 +0600
Subject: [PATCH 313/379] web/SupportedServices: springy expand animation

---
 web/src/components/save/SupportedServices.svelte | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/src/components/save/SupportedServices.svelte b/web/src/components/save/SupportedServices.svelte
index 32129f20..28e97859 100644
--- a/web/src/components/save/SupportedServices.svelte
+++ b/web/src/components/save/SupportedServices.svelte
@@ -90,8 +90,8 @@
         transform-origin: top center;
 
         transition:
-            transform 0.2s cubic-bezier(0.53, 0.05, 0.23, 0.99),
-            opacity 0.2s cubic-bezier(0.53, 0.05, 0.23, 0.99);
+            transform 0.3s cubic-bezier(0.53, 0.05, 0.23, 1.15),
+            opacity 0.25s cubic-bezier(0.53, 0.05, 0.23, 0.99);
     }
 
     #services-popover.expanded {

From 89f197375ce46d4167f31d31b90227a94bd65700 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 14 Dec 2024 12:42:38 +0600
Subject: [PATCH 314/379] web/SupportedServices: better glow in dark mode

---
 web/src/components/save/SupportedServices.svelte | 2 +-
 web/src/routes/+layout.svelte                    | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/web/src/components/save/SupportedServices.svelte b/web/src/components/save/SupportedServices.svelte
index 28e97859..0b51e577 100644
--- a/web/src/components/save/SupportedServices.svelte
+++ b/web/src/components/save/SupportedServices.svelte
@@ -78,7 +78,7 @@
         background: var(--button);
         box-shadow:
             var(--button-box-shadow),
-            0 0 10px 10px var(--button-stroke);
+            0 0 10px 10px var(--popover-glow);
 
         position: relative;
         padding: 12px;
diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 1a878aff..062c2536 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -123,6 +123,8 @@
         --button-elevated-hover: #dadada;
         --button-elevated-shimmer: #ededed;
 
+        --popover-glow: var(--button-stroke);
+
         --popup-bg: #f1f1f1;
         --popup-stroke: rgba(0, 0, 0, 0.08);
 
@@ -198,6 +200,8 @@
         --button-elevated: #282828;
         --button-elevated-hover: #323232;
 
+        --popover-glow: rgba(135, 135, 135, 0.15);
+
         --popup-bg: #191919;
         --popup-stroke: rgba(255, 255, 255, 0.08);
 

From 35d991730135ad4fdc7b989520e14c5b808f1413 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 14 Dec 2024 12:51:00 +0600
Subject: [PATCH 315/379] web/SupportedServices: render popover only when
 needed

& also focus it for screen readers
---
 .../components/save/SupportedServices.svelte  | 74 ++++++++++++-------
 1 file changed, 47 insertions(+), 27 deletions(-)

diff --git a/web/src/components/save/SupportedServices.svelte b/web/src/components/save/SupportedServices.svelte
index 0b51e577..d3077a2a 100644
--- a/web/src/components/save/SupportedServices.svelte
+++ b/web/src/components/save/SupportedServices.svelte
@@ -8,8 +8,11 @@
 
     let services: string[] = [];
 
+    let popover: HTMLDivElement;
+
     $: expanded = false;
     $: loaded = false;
+    $: renderPopover = false;
 
     const loadInfo = async () => {
         await getServerInfo();
@@ -19,18 +22,28 @@
             services = $cachedInfo.info.cobalt.services;
         }
     };
-</script>
 
-<div id="supported-services">
-    <button
-        id="services-button"
-        class:expanded
-        on:click={async () => {
+    const showPopover = async () => {
+        const timeout = renderPopover ? 0 : 10;
+        renderPopover = true;
+
+        // 10ms delay to let the popover render for the first time
+        setTimeout(async () => {
             expanded = !expanded;
             if (expanded && services.length === 0) {
                 await loadInfo();
             }
-        }}
+            if (expanded) {
+                popover.focus();
+            }
+        }, timeout);
+    };
+</script>
+
+<div id="supported-services" class:expanded>
+    <button
+        id="services-button"
+        on:click={showPopover}
         aria-label={$t(`save.services.title_${expanded ? "hide" : "show"}`)}
     >
         <div class="expand-icon">
@@ -39,26 +52,33 @@
         <span class="title">{$t("save.services.title")}</span>
     </button>
 
-    <div id="services-popover" class:expanded>
-        <div id="services-container">
-            {#if loaded}
-                {#each services as service}
-                    <div class="service-item">{service}</div>
-                {/each}
-            {:else}
-                {#each { length: 17 } as _}
-                    <Skeleton
-                        class="elevated"
-                        width={Math.random() * 44 + 50 + "px"}
-                        height="24.5px"
-                    />
-                {/each}
-            {/if}
+    {#if renderPopover}
+        <div id="services-popover">
+            <div
+                id="services-container"
+                bind:this={popover}
+                tabindex="-1"
+                data-focus-ring-hidden
+            >
+                {#if loaded}
+                    {#each services as service}
+                        <div class="service-item">{service}</div>
+                    {/each}
+                {:else}
+                    {#each { length: 17 } as _}
+                        <Skeleton
+                            class="elevated"
+                            width={Math.random() * 44 + 50 + "px"}
+                            height="24.5px"
+                        />
+                    {/each}
+                {/if}
+            </div>
+            <div id="services-disclaimer" class="subtext">
+                {$t("save.services.disclaimer")}
+            </div>
         </div>
-        <div id="services-disclaimer" class="subtext">
-            {$t("save.services.disclaimer")}
-        </div>
-    </div>
+    {/if}
 </div>
 
 <style>
@@ -94,7 +114,7 @@
             opacity 0.25s cubic-bezier(0.53, 0.05, 0.23, 0.99);
     }
 
-    #services-popover.expanded {
+    .expanded #services-popover {
         transform: scale(1);
         opacity: 1;
     }

From 689d7b48463e8f8355123c16f4c6110689512bd5 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 14 Dec 2024 13:07:30 +0600
Subject: [PATCH 316/379] web/DonateOptionsCard: hide the scroller for aria,
 not all options

---
 web/src/components/donate/DonateOptionsCard.svelte | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/web/src/components/donate/DonateOptionsCard.svelte b/web/src/components/donate/DonateOptionsCard.svelte
index ab8173cc..727d2495 100644
--- a/web/src/components/donate/DonateOptionsCard.svelte
+++ b/web/src/components/donate/DonateOptionsCard.svelte
@@ -138,13 +138,12 @@
 
     <div
         id="donation-options-container"
-        aria-hidden="true"
         class:mask-both={!device.is.mobile && showLeftScroll && showRightScroll}
         class:mask-left={!device.is.mobile && showLeftScroll && !showRightScroll}
         class:mask-right={!device.is.mobile && showRightScroll && !showLeftScroll}
     >
         {#if !device.is.mobile}
-            <div id="donation-options-scroll">
+            <div id="donation-options-scroll" aria-hidden="true">
                 <button
                     class="scroll-button left"
                     class:hidden={!showLeftScroll}

From d8cfb78047fc9a2c5562c4c006aa4ac48c93b3a0 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sun, 15 Dec 2024 00:24:54 +0600
Subject: [PATCH 317/379] web/layout: adjust opacity of popover glow in dark
 mode

---
 web/src/routes/+layout.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 062c2536..f930e227 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -200,7 +200,7 @@
         --button-elevated: #282828;
         --button-elevated-hover: #323232;
 
-        --popover-glow: rgba(135, 135, 135, 0.15);
+        --popover-glow: rgba(135, 135, 135, 0.12);
 
         --popup-bg: #191919;
         --popup-stroke: rgba(255, 255, 255, 0.08);

From 459b2c8283d658daacde94891406051c926ca615 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 15 Dec 2024 17:59:36 +0000
Subject: [PATCH 318/379] api/internal-hls: don't remake chunk istreams if
 already wrapped

---
 api/src/stream/internal-hls.js | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/api/src/stream/internal-hls.js b/api/src/stream/internal-hls.js
index 83deb440..55634c71 100644
--- a/api/src/stream/internal-hls.js
+++ b/api/src/stream/internal-hls.js
@@ -16,15 +16,17 @@ function transformObject(streamInfo, hlsObject) {
 
     let fullUrl;
     if (getURL(hlsObject.uri)) {
-        fullUrl = hlsObject.uri;
+        fullUrl = new URL(hlsObject.uri);
     } else {
         fullUrl = new URL(hlsObject.uri, streamInfo.url);
     }
 
-    hlsObject.uri = createInternalStream(fullUrl.toString(), streamInfo);
+    if (fullUrl.hostname !== '127.0.0.1') {
+        hlsObject.uri = createInternalStream(fullUrl.toString(), streamInfo);
 
-    if (hlsObject.map) {
-        hlsObject.map = transformObject(streamInfo, hlsObject.map);
+        if (hlsObject.map) {
+            hlsObject.map = transformObject(streamInfo, hlsObject.map);
+        }
     }
 
     return hlsObject;

From 1da7ad7a9891dfc5a49cd84f5cd7f7cdf1252091 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 16 Dec 2024 00:04:43 +0600
Subject: [PATCH 319/379] web/package: bump version to 10.4.5

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index a98fe47e..5ca40a88 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.4.4",
+    "version": "10.4.5",
     "type": "module",
     "private": true,
     "scripts": {

From 2e4b76de6eb110def17cee17e20007471a5c0b04 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 16 Dec 2024 00:04:58 +0600
Subject: [PATCH 320/379] api/package: bump version to 10.4.6

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 02e09e46..16ff9097 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.4.5",
+    "version": "10.4.6",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From 4cdbb02de2d6cd7027ea197df8d295545af6c995 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 16 Dec 2024 00:25:45 +0600
Subject: [PATCH 321/379] =?UTF-8?q?web/SupportedServices:=20speed=20up=20t?=
 =?UTF-8?q?he=20secondary=20expand=20by=20~200=CE=BCs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../components/save/SupportedServices.svelte  | 26 ++++++++++++-------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/web/src/components/save/SupportedServices.svelte b/web/src/components/save/SupportedServices.svelte
index d3077a2a..6dcb9244 100644
--- a/web/src/components/save/SupportedServices.svelte
+++ b/web/src/components/save/SupportedServices.svelte
@@ -23,20 +23,26 @@
         }
     };
 
+    const popoverAction = async () => {
+        expanded = !expanded;
+        if (expanded && services.length === 0) {
+            await loadInfo();
+        }
+        if (expanded) {
+            popover.focus();
+        }
+    }
+
     const showPopover = async () => {
-        const timeout = renderPopover ? 0 : 10;
+        const timeout = !renderPopover;
         renderPopover = true;
 
         // 10ms delay to let the popover render for the first time
-        setTimeout(async () => {
-            expanded = !expanded;
-            if (expanded && services.length === 0) {
-                await loadInfo();
-            }
-            if (expanded) {
-                popover.focus();
-            }
-        }, timeout);
+        if (timeout) {
+            setTimeout(popoverAction, 10);
+        } else {
+            await popoverAction();
+        }
     };
 </script>
 

From 1ed7e74773a644f2e697300a58a4d7ce665d0acd Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 22 Dec 2024 14:09:14 +0000
Subject: [PATCH 322/379] api/match-action: pass isHLS when muting audio

fixes a bug where HLS status would be ignored if a muted video
was downloaded with HLS enabled
---
 api/src/processing/match-action.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 8d2c1e38..5c728626 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -68,7 +68,8 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
             }
             params = {
                 type: muteType,
-                url: Array.isArray(r.urls) ? r.urls[0] : r.urls
+                url: Array.isArray(r.urls) ? r.urls[0] : r.urls,
+                isHLS: r.isHLS
             }
             if (host === "reddit" && r.typeId === "redirect") {
                 responseType = "redirect";

From 537d1e8b61b855234eb8b3cf83e16a5dc0aef937 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 22 Dec 2024 14:10:31 +0000
Subject: [PATCH 323/379] api: bump version to 10.4.7

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 16ff9097..146f412d 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.4.6",
+    "version": "10.4.7",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From 999fa562e0752f0ba341b0ea4f209e283a6f6d2c Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 22 Dec 2024 14:10:51 +0000
Subject: [PATCH 324/379] web: bump version to 10.4.6

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index 5ca40a88..e298e2dd 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.4.5",
+    "version": "10.4.6",
     "type": "module",
     "private": true,
     "scripts": {

From 9da3ba60a9e07ec95e48c2ff1f6820ee92fa83c4 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 23 Dec 2024 10:52:49 +0000
Subject: [PATCH 325/379] api/youtube: add support for cookies

---
 api/src/processing/cookie/manager.js   |  1 +
 api/src/processing/services/youtube.js | 14 ++++++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/api/src/processing/cookie/manager.js b/api/src/processing/cookie/manager.js
index c2b37801..25f41c2c 100644
--- a/api/src/processing/cookie/manager.js
+++ b/api/src/processing/cookie/manager.js
@@ -12,6 +12,7 @@ const VALID_SERVICES = new Set([
     'instagram_bearer',
     'reddit',
     'twitter',
+    'youtube',
     'youtube_oauth'
 ]);
 
diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index c0178b35..6e61efa9 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -66,10 +66,12 @@ const transformSessionData = (cookie) => {
 
 const cloneInnertube = async (customFetch) => {
     const shouldRefreshPlayer = lastRefreshedAt + PLAYER_REFRESH_PERIOD < new Date();
+    const cookie = getCookie('youtube')?.toString();
     if (!innertube || shouldRefreshPlayer) {
         innertube = await Innertube.create({
             fetch: customFetch,
             retrieve_player: false,
+            cookie
         });
         lastRefreshedAt = +new Date();
     }
@@ -80,30 +82,30 @@ const cloneInnertube = async (customFetch) => {
         innertube.session.api_version,
         innertube.session.account_index,
         innertube.session.player,
-        undefined,
+        cookie,
         customFetch ?? innertube.session.http.fetch,
         innertube.session.cache
     );
 
-    const cookie = getCookie('youtube_oauth');
-    const oauthData = transformSessionData(cookie);
+    const oauthCookie = getCookie('youtube_oauth');
+    const oauthData = transformSessionData(oauthCookie);
 
     if (!session.logged_in && oauthData) {
         await session.oauth.init(oauthData);
         session.logged_in = true;
     }
 
-    if (session.logged_in) {
+    if (session.logged_in && oauthData) {
         if (session.oauth.shouldRefreshToken()) {
             await session.oauth.refreshAccessToken();
         }
 
-        const cookieValues = cookie.values();
+        const cookieValues = oauthCookie.values();
         const oldExpiry = new Date(cookieValues.expiry_date);
         const newExpiry = new Date(session.oauth.oauth2_tokens.expiry_date);
 
         if (oldExpiry.getTime() !== newExpiry.getTime()) {
-            updateCookieValues(cookie, {
+            updateCookieValues(oauthCookie, {
                 ...session.oauth.client_id,
                 ...session.oauth.oauth2_tokens,
                 expiry_date: newExpiry.toISOString()

From c6d0e0bdd51b7a25a2c255c13f7cb38f135ac781 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 22:58:16 +0600
Subject: [PATCH 326/379] api/youtube: use poToken, visitorData, and web client
 with cookies

and also decipher media whenever needed, but only if cookies are used
---
 api/src/processing/services/youtube.js | 47 +++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 9 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 6e61efa9..cb18aa06 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -48,7 +48,7 @@ const transformSessionData = (cookie) => {
         return;
 
     const values = { ...cookie.values() };
-    const REQUIRED_VALUES = [ 'access_token', 'refresh_token' ];
+    const REQUIRED_VALUES = ['access_token', 'refresh_token'];
 
     if (REQUIRED_VALUES.some(x => typeof values[x] !== 'string')) {
         return;
@@ -66,12 +66,18 @@ const transformSessionData = (cookie) => {
 
 const cloneInnertube = async (customFetch) => {
     const shouldRefreshPlayer = lastRefreshedAt + PLAYER_REFRESH_PERIOD < new Date();
-    const cookie = getCookie('youtube')?.toString();
+
+    const rawCookie = getCookie('youtube');
+    const cookieValues = rawCookie?.values();
+    const cookie = rawCookie?.toString();
+
     if (!innertube || shouldRefreshPlayer) {
         innertube = await Innertube.create({
             fetch: customFetch,
-            retrieve_player: false,
-            cookie
+            retrieve_player: !!cookie,
+            cookie,
+            po_token: cookieValues?.po_token,
+            visitor_data: cookieValues?.visitor_data,
         });
         lastRefreshedAt = +new Date();
     }
@@ -117,7 +123,7 @@ const cloneInnertube = async (customFetch) => {
     return yt;
 }
 
-export default async function(o) {
+export default async function (o) {
     let yt;
     try {
         yt = await cloneInnertube(
@@ -134,6 +140,8 @@ export default async function(o) {
         } else throw e;
     }
 
+    const cookie = getCookie('youtube')?.toString();
+
     let useHLS = o.youtubeHLS;
 
     // HLS playlists don't contain the av1 video format, at least with the iOS client
@@ -141,9 +149,20 @@ export default async function(o) {
         useHLS = false;
     }
 
+    let innertubeClient = "ANDROID";
+
+    if (cookie) {
+        useHLS = false;
+        innertubeClient = "WEB";
+    }
+
+    if (useHLS) {
+        innertubeClient = "IOS";
+    }
+
     let info;
     try {
-        info = await yt.getBasicInfo(o.id, useHLS ? 'IOS' : 'ANDROID');
+        info = await yt.getBasicInfo(o.id, innertubeClient);
     } catch (e) {
         if (e?.info) {
             const errorInfo = JSON.parse(e?.info);
@@ -168,7 +187,7 @@ export default async function(o) {
     const playability = info.playability_status;
     const basicInfo = info.basic_info;
 
-    switch(playability.status) {
+    switch (playability.status) {
         case "LOGIN_REQUIRED":
             if (playability.reason.endsWith("bot")) {
                 return { error: "youtube.login" }
@@ -243,7 +262,7 @@ export default async function(o) {
             } else {
                 throw new Error("couldn't fetch the HLS playlist");
             }
-        }).catch(() => {});
+        }).catch(() => { });
 
         if (!fetchedHlsManifest) {
             return { error: "youtube.no_hls_streams" };
@@ -324,7 +343,7 @@ export default async function(o) {
         }
 
         const checkFormat = (format, pCodec) => format.content_length &&
-                (format.mime_type.includes(codecList[pCodec].videoCodec)
+            (format.mime_type.includes(codecList[pCodec].videoCodec)
                 || format.mime_type.includes(codecList[pCodec].audioCodec));
 
         // sort formats & weed out bad ones
@@ -438,6 +457,10 @@ export default async function(o) {
             urls = audio.uri;
         }
 
+        if (innertubeClient === "WEB" && innertube) {
+            urls = audio.decipher(innertube.session.player);
+        }
+
         return {
             type: "audio",
             isAudioOnly: true,
@@ -464,11 +487,17 @@ export default async function(o) {
                 width: video.width,
                 height: video.height,
             });
+
             filenameAttributes.resolution = `${video.width}x${video.height}`;
             filenameAttributes.extension = codecList[codec].container;
 
             video = video.url;
             audio = audio.url;
+
+            if (innertubeClient === "WEB" && innertube) {
+                video = video.decipher(innertube.session.player);
+                audio = audio.decipher(innertube.session.player);
+            }
         }
 
         filenameAttributes.qualityLabel = `${resolution}p`;

From 00c453101129842ba051fdedc100662c40689cdf Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:02:34 +0600
Subject: [PATCH 327/379] web/ChangelogEntry: increase max banner height

---
 web/src/components/changelog/ChangelogEntry.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/components/changelog/ChangelogEntry.svelte b/web/src/components/changelog/ChangelogEntry.svelte
index 4df9fa40..e6ba53d1 100644
--- a/web/src/components/changelog/ChangelogEntry.svelte
+++ b/web/src/components/changelog/ChangelogEntry.svelte
@@ -141,7 +141,7 @@
     :global(.changelog-banner) {
         display: block;
         object-fit: cover;
-        max-height: 320pt;
+        max-height: 350pt;
         min-height: 180pt;
         width: 100%;
         aspect-ratio: 16/9;

From 6b49bce59529d66f6e7f0ecf0f136c0dce549246 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:03:35 +0600
Subject: [PATCH 328/379] web/layout: add more padding and a separation line to
 h2 in long text

---
 web/src/routes/+layout.svelte | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index f930e227..1400bc6d 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -528,6 +528,12 @@
         font-size: 19px;
         line-height: 1.3;
         margin-block-end: -0.3rem;
+        padding: 6px 0;
+        border-bottom: 1.5px solid var(--button-elevated-hover);
+    }
+
+    :global(.long-text-noto img) {
+        border-radius: 6px;
     }
 
     :global(table),

From 328bfeb4162e7eadcb613a39e2a28701b28e4131 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:06:21 +0600
Subject: [PATCH 329/379] web/changelogs: add a 10.4 changelog

---
 web/changelogs/10.4.md                     |  90 +++++++++++++++++++++
 web/static/update-banners/newyear2025.webp | Bin 0 -> 50780 bytes
 2 files changed, 90 insertions(+)
 create mode 100644 web/changelogs/10.4.md
 create mode 100644 web/static/update-banners/newyear2025.webp

diff --git a/web/changelogs/10.4.md b/web/changelogs/10.4.md
new file mode 100644
index 00000000..5982b0f9
--- /dev/null
+++ b/web/changelogs/10.4.md
@@ -0,0 +1,90 @@
+---
+title: "merry christmas and happy new year!"
+date: "23 Dec, 2024"
+banner:
+    file: "newyear2025.webp"
+    alt: "meowth plush in a christmas hat sitting in front of a shiny christmas tree."
+---
+
+## where the elves at?
+we are back once again with another cobalt update, whether you like it or not! just like santa, we come when you least expect us.
+
+we're back to the battlefield against youtube's scraper flattener, but we're winning so far! we even managed to squeeze in a ton of improvements that range from performance bumps to ui overhauls to brand new features. make sure to read further or you might end up on the naughty list...
+
+## even more youtube improvements
+- countless infrastructure improvements and developments that allowed us to keep youtube support available during the worst times.
+- improved youtube codec fallback. now cobalt goes through all codecs to find you the best one!
+- improved youtube video quality selection & fallback.
+
+## improvements for other services
+- added support for loom's video embed links.
+- added support for facebook's mobile subdomain links.
+- fixed a bug in the instagram module where it wouldn't use the graphql api on failure, due to which cobalt was unable to load slightly more posts successfully. now the majority of posts are accessible!
+- removed support for vine because twitter broke the vine archive.
+- increased performance of downloads from bluesky by using the video cdn directly.
+- error messages from bluesky module are now more descriptive.
+- rewrote the vk video extraction module to use the general api as the web app extraction was broken by a vk update.
+- added support for new vk video links.
+- cobalt now shows an appropriate error if:
+    - soundcloud track is region locked or paywalled.
+    - tiktok post is age restricted or otherwise unavailable.
+    - rutube video is region locked.
+    - vk video is region locked.
+
+*~ still reading? that's impressive. ~*
+
+## web app (and ui/ux) improvements
+- added support for [instance access keys](/settings/instances#access-key)! now you can access private cobalt instances with no turnstile, directly from the web app.
+- redesigned the [remux page](/remux) to indicate better what remuxing does and what it's for.
+- majorly improved the reliability of turnstile. it no longer gets stuck in background, and cobalt always keeps track of its state and displays it in the omnibox.
+- rewrote almost all error messages in an effort to make them easier to understand at a glance.
+- added more error messages to describe processing issues even better whenever possible.
+- added animations to omnibox icons that make them more lively and cute.
+- improved the toggle animation, made it stretchy and jumpy just like the rest of the ui.
+- made the cobalt web app fully compatible with RTL languages (such as arabic).
+- added an automatically generated sitemap, making the web app easier to index by search engine crawlers.
+- made it way easier to override the selfhosted processing instance in a selfhosted web app.
+- removed an extra security warning in the selfhosted web app which appeared when the processing instance didn't match the default one.
+- added the "community instance" label to the web app that appears on instances different from the official one, making it easier to differentiate them from one another.
+- updated cobalt embed description to be less corny.
+- fixed a bug that caused settings to be exported improperly on ios in PWA mode. now they're extracted via the share api, just like all other files!
+- fixed the weird focus borders in chromium browsers that appeared after a recent browser update.
+- optimized rendering of the _supported services_ popover & updated its animation.
+- improved accessibility of the web app all around.
+- other tiny but mighty changes.
+
+*~ 🦆🔜 ~*
+
+## processing instance improvements
+*(mostly nerd talk)*
+- added support for one more way of youtube authentication: web cookies with poToken & visitorData, so that everyone can access youtube on their instances again!
+- significantly refactored the cookie system for better error resistance.
+- added success and error console messages to indicate whether cookies/keys were loaded successfully.
+- cobalt now warns if it was unable to save updated cookies back to the file.
+- majorly refactored the youtube module and removed unnecessary extra loops.
+- cobalt no longer loads unnecessary data from youtube when not needed.
+- fixed a bug where cobalt tried to proxy URLs on local network when global proxy was configured.
+- fixed a bug that caused some HLS videos to be impossible to download in the "mute" download mode.
+- fixed a bug where cobalt stacked HLS streams several times within itself which caused heavily reduced performance.
+- fixed a bug where cobalt did not use a dispatcher on a HLS stream's chunks, sometimes causing it to access content from an incorrect IP address.
+- refactored automatic testing CI, made service tests easier to manage.
+- reduced docker container privileges to a regular user.
+- improved rich filename & metadata support. all metadata is now added to the file "as-is" with no modifications at all. filenames are now compatible with all operating systems and files should never appear as "tunnel", even in some rare cases.
+
+## more details
+as always, you can check [all commits since the last release on github](https://github.com/imputnet/cobalt/compare/c021293...main) for *literally all changes!*
+
+## thank you!
+our [github repo](https://github.com/imputnet/cobalt) reached over 20k stars recently, and cobalt is now used by over 150k people **daily**. both of these numbers are insane to think about, thank you so much for your support!
+
+this is the last big update of 2024, the most transformative and exciting year for cobalt yet. we're already working on new cool features that'll come out next year :3
+
+we hope you have amazing holidays and 2025!
+
+\~ your jolly friends at imput 🎄
+
+## donate to imput
+plz [donate](/donate), we as elves work all day and night
+
+![sad hampter in a christmas hat](data:image/webp;base64,UklGRn4BAABXRUJQVlA4IHIBAAAwDgCdASpAAEkAP1Waw1oxqqckKbqq2jAqiWIA0kkRgW9ViVdiWdXKQi6/gdi6yh7EP2hdKybn20T+5U2HORdT1INF/azUgAe83P37UIt7DaMNjNpN1q36xYwYmvqRvyHZCbmjuEi8jMI5QwpK+A6PL5WzAeMK1HHSwAD+6mC6qPoWsYNuVCVokfhT4iULSdrgIUxMVYuFmvaB6EO1tiQsDKgGz3TT/evh4KRuHM3hK23nOULaAYPQUKFqt6mmdlUXEnnkybyuQspqBd7vYu7KCfAgexNvxKgitS1o+4JfpkOuihhRfUFRqB2Z63FsbgywZxKR9zkIWWPVYn5XIBJX6LS+AU0fc7hHnV7I0boYFlIgvVJQX0k1Tcuvk4aS9UnxcZXhLIrob7G+vHgUt4z1jVbRN+cMa/ymg+mH2qtsTW1QyhZqaerV930ZZFSsPbSlxCabNU46cRYJ3EIYwxRS6n16lWtc1hKg3Tk23rG9AAAA)
+![one more sad hampter in a christmas hat](data:image/webp;base64,UklGRn4BAABXRUJQVlA4IHIBAAAwDgCdASpAAEkAP1Waw1oxqqckKbqq2jAqiWIA0kkRgW9ViVdiWdXKQi6/gdi6yh7EP2hdKybn20T+5U2HORdT1INF/azUgAe83P37UIt7DaMNjNpN1q36xYwYmvqRvyHZCbmjuEi8jMI5QwpK+A6PL5WzAeMK1HHSwAD+6mC6qPoWsYNuVCVokfhT4iULSdrgIUxMVYuFmvaB6EO1tiQsDKgGz3TT/evh4KRuHM3hK23nOULaAYPQUKFqt6mmdlUXEnnkybyuQspqBd7vYu7KCfAgexNvxKgitS1o+4JfpkOuihhRfUFRqB2Z63FsbgywZxKR9zkIWWPVYn5XIBJX6LS+AU0fc7hHnV7I0boYFlIgvVJQX0k1Tcuvk4aS9UnxcZXhLIrob7G+vHgUt4z1jVbRN+cMa/ymg+mH2qtsTW1QyhZqaerV930ZZFSsPbSlxCabNU46cRYJ3EIYwxRS6n16lWtc1hKg3Tk23rG9AAAA)
diff --git a/web/static/update-banners/newyear2025.webp b/web/static/update-banners/newyear2025.webp
new file mode 100644
index 0000000000000000000000000000000000000000..b450dcc97df1c4b73a0809b35a51403b61ac8dae
GIT binary patch
literal 50780
zcmV(jK=!{<Nk&Fg#sC0UMM6+kP&gn+#sC1+Xa=1DD(D6313v9?u1<nUJD`AJ*q)Z@
zVJ>-_jkglH(ltOC<EK=3InONV_m7|dmY)s-{nMAy%Qx@j!P3LU@Rg+*ee|Q_UORKU
zhF5QNB9_|pP3fk=4gb~W=i}e$fB64%*{%NH?>#tm*WRvmf5ZRp{%5gY{XEh9oBl8V
z{%Sw}`1<tZzg`}ESpVPHzskS+ZP%S6|KCa<o&WP4oUHChk$$ZI$L83MfOlCxDzuBA
zFQEI|4dy?2_{#U*9mv3RFht<xBObCy#sOyl?M|$)B~piE#(bcSQXOvVJHT62Hn8Uq
znC|E{Zl1i3;P*0;@*(J7QRN=l3Mi#03+0~hI^?b$kVU>9LhRQ@B7a?Pk%vz0Cn!~T
zQf$tzPWQhmM*IiRK?kGNVz}I7s92>csFrxAt$f7G39gKh9b@^d6o#5BkyK<4J5kkP
zjb4NaJ55s}4O<i=Q#JDk4A&nPN23NqrYoOnSZ<wRv|sXn3mIAu#PydwsyZYO&_Oe4
zV=$0oUsb1~&*s%kXZq}7N8E;LE@F3IuAHZ_UCNs;iCbx~77<a$1(}2hWtBxlHW3fU
zz*fLye;C9U^8Ul&BYM1|x;k$gw;iXoof7pY#r66&KXdg>qVC)gS*pX6?+yd42A9mJ
zF#nV>ASa>)QUw)G(8$CCJ5_QzhDV(t(fc^FY~Saee3HuK)EXrN_+}{*4BDrZJl{4`
zBM5PTO&P$4)7J&p&<5~-7+tr=igh>Uhb!L@xoe(}1{!(u=ZQ-YmrE9r40tNiixdBA
zgDDWn`=n(At#+PA3&0X!OL*e=#;6b}5er`O7Ii;WFtVKopp?`sY-c+wSF>T)`IWiO
zS0JuGgip%!I20R=Sq%XGfu{*#KwgaO6#jX@&?Ke5gSz^OF-7Kli=$Q?fLNpeHW4L@
zZ8Nye>?N#owg38!FghwWEGU_EZTRMGdEQN2NQm12vSrhknay$*nPa)sH$!~4zg%wf
zdtY;EC@v1%vq{{5fVG{ptewOY1}P(i>36jJT@Y7m;7oJy81$nZ^8m;oKVE`uf~D$k
z=lTpjuB;~d5bk#v=~yut7gAOTIY{Hj_l1H$jfgTN^0sQ3iq@=OV?b1(2DjkVGB8Sr
zW^PD|wM(Vc=0R60;=L!)Yo4)zGqE|8owHWbcg*l4N~x;o=%d6}h=1zg9tWemy;?b?
z&0)=94z_3_R||4&lYj*--@HXm?3`kFc{N^By#21DVejOmAsoi>W7)$aIA8vQOt4J;
zQLSh9sb`I2=in{l7y!pBSUa9AqCl9M-j?t3IT+(RsL7(mDq-c5TH?vI(;K0qt|Tq2
z$p%eC9986qVy0&RC1qxaA-mNh<ecT;Zq9ieXU&>L^Klxw^=#0Kw|Wm++Xnw&aY>vD
zUv0x0yZ#3tCU_m*={@Lgj3H~_NGjeHlC3s3N{ux#_A1@BQW_#*F&t@e|6x^Z7+qjo
z`3EpV1ppe(*ljDKdi6cw26Mia^iQ&*$-`4VkXz)^#B=~x+hYAba5r@ntv>WEQ#e(!
zH!qTl^W9Vq#L!kc^IiuKiz57b(g_nsDOhsMzZ96zI70H96hH<yPGu|?lb>QHxl8X+
zx`;!)aBB%M_e!c{z-vj<?p-KCOWDYYJG&4+#01>OQj2wflJ@`}z?8Y-5Cx{q^{Sj#
z32OC97x!KF;=;M@UA{UV4cWt{ky&pMxOnvGUB};H(X#WNC3C~vEAAB&(jz>U<piXU
zI7}-r?fueJDH1IT(dZd+XKlU=m4a<Vki<bx?F#@-ceawR&;^3b3|=&yU6B%Jl<~vL
zjGP#UfaBiC|1oKb)ALOGQj|-+K9ckpHh|%`aqH!2zi=U;$|(j?A*iI;9rz8q89f1~
z{GJ<fm+sjxrN!4#I{18WjbGIowX=pP`W49uG%R(vCYYLfsEy~;cu(tJ+aO)tB6#dy
z_W@Xmr(5CgIgZhdSO2s!AJc5Gb_kt2fI_QJ@hT4On~sk3z>Y$cbF)+WxV`rb-5^3b
z#|(@*Y#AUSg%h%a4*DuWP61?tr}chb#nSy!)y+g5vI9fWEx1Gzf$8yEFRGRo+yKr+
zJ~v@fB~qFddmG2RyVjIpPX=0|zsQmg=~`1iPgN7|s4x%I%7i2V(G`?)A*u0yde>v*
zi#U-RC3g>jxB-O_<0BVChtG5((47GwKy!=O=`ixoCld4YY<xq$BJ6W#rje*&8*kVK
zwjb(R^wm!`qmyJ)eux`T<WYCjoL3!>^gZvlYJkWK3RdX8GInS8KIg%hpn{&NZW&n_
ziyA?2*VcXETn3~EymIkNZxZw3zvU{jy#$F{A-4)qC4YGuU4?P+B2YksB6>#0mljz6
z{-n3G=zj(mbtcUL2ACpP6Vqg1xtfvl>m(!yB8uRu)vC=Z1cYxT3P<>avc~R2uR8p6
zsD6XuWO3Jzr@ZGOz~H_B6gClV!-e?CrQ@ah_<rD%s72trlH}J-(!dP;!*o+>GcE03
zciwPSQEb0f`L?eopWYu7e-eHiL})s4!;C#6SDUN@+#C8@P50gs|5S%n*p%gHQJ>?L
zZ=pW|F=kNH^aXR;`spLHKUA5&CY@08p?E1AxWzDqxb!OkSwcIOJo-isY5yE*+OT>f
z(>iw>6a{?0I*PiDMI@!$MT-SV>e{XW8i&(SIUU{`qtJ)h;GWkx$x@%nSwv2On{gO$
z%H4Y*bnrtcZA_m;WGcIj$-?iQu`)jKMWQvL04Htq7c)SmFHi@47x<#|)mC*0!YU9l
zJm~sYE4$-K6u;am&Ppv0Q%y$?Sr&w9v-7ah)I2s|^vLzk@)?W5LQz+|2Ln{@UR09n
zX?0Jw!%CBm`77NsM%-*7!e*Ul4pyMtif`?(8Th@n9%<%Dt7fy!meVDZ6#>&@gVc+b
z`EU|zE)12b`JD6ajo+pu4i}F$pE9sREF4|noLc~)Ag#1J^gj!YRnE_ThzPEg1r~DD
zNDy`;U-Y>WoxN4y1&Wr>zSliz2<=0Qo%wX!@V$5E)<+>z6F9Id+w9H*7w0HS($sX(
zUV%{b41qVG1W4d${abp3UU6o)UCAE=HJo3CS|m#`aXWhYh*0A<muu)1Mu_j5yA`yL
z7V4-+#L~DJ2aU1cz$iTtqJ6lj`6Gti7A{|q(brFacH+Dc{6>G&q4o%j*ebD1{8(s%
zp}H8nn32u@kVU2r-LBhVCaAdH@uIo)b)q%lt(RILH7^o5@UU#Qj}1IaEjF?WT@huN
z$CM|*TEu|rcH5Hzi@zOe^DuVEm-f8D`vkH`W}s)^=eQvK_g@mqTYbiX-p`o?e?~44
z02C9j<Fl?*Qg{`P^{H0yH`W<~Tm?22^paOWI(}gj5nOTi`kSTn0cgk}t#s{uZ^BsR
z(-73%Z?W;4fU4vy^Gu&?&dX(=-)34fGC~~%C%WT^)Fuy9hcZT$)h`BFv%?u3=xjJ4
z5}Q`d!xb&(tngU`vVJfo1{yyyyuHsB_w`lZgE#?Hiqd}BG%B*4Dw0-&;jY$nR`V;I
zvjMd@w5&|^YeqcMYAGm*&l3up0Rgv=b}$Y@-cH*}FFo^5FM7uh2{9ZSDh9L3<Vo(v
z?J??vR;;7EO;L2UKOhF>5$#SdqzP7k|6LEK`JqDbNs*ph&I3l!9<fAFg|3h55$^wq
zB~2a)*TMgOXA?Szj*V`RAD5B|&3amKDA!B$Usuk(I7Vcmj4K|ufE@PIK)4BHT8{EL
z8r6|SyMRl4Pw*Qrnu7enWpS$jVEFxt9yi0X1FlcI9=_PnNI&`k?6FJnc)#4d&pywT
zkw7GXa1$wezFOqhEb;L$RGmc%nzJQuc2&R(F+iHfZy|>>+;``dqh*0{RX>54l@R0<
z_DHB~>n$Y3rrPVof3JMtkZ;uRS<XEJ=$ImxmxFN7I6?wBeiz&vO7_tX;m*8%K;D5i
zj<Wp|jR=O`88T7s=Z9Tao9ouzTqk>9uW*s1SuPHag}x-Y9mUi;d(e6bzm_fSX3I>7
zmGnLp0V!ceh98z!Aba{YDmdmxoQ>vrPmo24WD~C8&)8%7))>&V?*t*8eEK~^p9#ni
z1<~0Hiq~3-!*Ce8v_snLTA;~p=LgJe3e+DWq<{zLqD_BAUT6MwGN#g}K7~FeoFXtE
zAMI(fb@h|!{f&MX<T`A2$`toJFRA)pD@80i=(AZDl6lkMaCJwTP=|%h-!Sk@=jHyb
zcl+OX9{R5(GqA*#xqZdXd->oAL)2sSLUMvOR}5cPfp3RF+2!9vKUT0upGvj^Jq|?T
z6WhhtHwU4-tCa6^{dKksy&X5>f(Zk}MpIbe+g-6pv5KpU47~Pe)<f}qsL`ekVR6tN
zs@+0&gm=5<sQD<aM|o9IjBE0hi2Pn*TDC`aS<4``9F9ne3P)Wz*4#5|kmWyNM+^J{
z=F*89xcHEU)Jo5c0AsYN7#kX-CuGFH=5MS(Xi<#%_A`9yJ?;F$wjq94+h*oe6vCim
z3pKDD19M{722t%$hUVNqM|L$epC|$mvep5c$rks_5*6Q@Cr|Phn#A%*0ze6cDz)gT
zf{?AF&ES-73h%N-;6QwzHId8`T>+}+Ij=C5KoqsR_?ikA^H(Hp(ct3Ih;e@d(xf$7
z@aXI@VPj0Usj4&cX=aO10#tRo67(4Pd%uJRHcLYhnG)^`SWN39(D40_WC7*mDHQ}F
zZz*lscxuA2uAZY9YxErV>4M2JsE-A6H!P6G#Z`5J2_pkFWT5^zM8=9y&Dk22dQ4bp
zbc%&(R!})K=A*ggWW4nAAqG?S*3w#VRON#(u^8w{>8Sm;(XP($7{$_47V-3$!#h%@
z0N$pVE5X^}d3QcEshcngo>2$`_&_T&-mYb_!yGr-5^+d%6=(qg)(aWMPK$uapyc?s
z^k465r6+Osx;D*Gv+i^GM~fIYY$=mI*E6?jRDK;<5r$atWVvFF3UoG0DX;v3*epi%
zvL%UQWqq}di2l7#a)Ua|DOM@3+kjwh3WB2jkheB<Q9Nr#!iWM3D<#SFNOtZwt4G1f
zBpP2PLs|M?$}KCYX<Oy4B^vb&kTCLGFSOdgWE=N~re%71_MFT}FKM8zmr~13Ow`Y@
zAoa8C21Gl+t;NTjUxMciR0nuVwc%fWv}SUL(*b0kw1*a=F=KpcRBQg>xy1HZ{lIkm
zzX{oMugP(UYb4&I-mkzvPoMP8?H^}gWlA1u+og3)AgDcX=oKooafJWuGbx9B!Y#(g
zhg#=Dv$2To^PZ?Q0hmHu`P8&tk7kxZxfMd*V<%i(Gn9=!rIs)&84h$!wzrdfC@y6~
zyBqS#FisB+=p08rDYgy<x84O(LT30T9Uh<7B^dOmw1gG=i&t5eGUPBV=4a~hZIG5J
z7z3?>Q@n<62D>CZ_CDHgC%^h}xc;FWr+5sGmb}WIaR;*ohizg%W&0%4B!eQUY)p3p
zHdfb9C@vypDIR|@`>R@F@ps-Wi#fi))!}V-unHF|4s|6=I)}McY4lt<>O=eB`jg-h
zePpN=OdS5Q-dt?sP+(=U5&HbN<78LdA8M38c7dhK6M98DAP>IH!6!5WaA^~JB;YV%
zX;spRgEa1x+4!n0`c|@Ocr+a4t##9wbl&x16J4RFqS=ve>@L>**RcxRzkj*`q?qdp
zGwQ+kqCYnmKGWk0v*U6aKxbU~8aCS>>-)HWmJb05Js3wK?IBHm(!+1SK!3P$1$ZuK
z8)zM-g}>-^_zMPU-iTh&FQCv6B0bsG&icRw6`JQ%-3pB2Jw_FbU-scH#Qn?}CCzIN
zSiKi=gDcx4qi%nDK2O@CJ(P~-T~?!bvg}ZN0-anvRR`5?!CWzGCu(`(5JMO_2e;Tg
zNd$q~Db48uVJ+c*WHCXIqwt6&(M0ZH(JRTsrxWhMqMMj>B*M@c@0|H!(V2k0sD(Ji
z+Hx0c%tBB<*$Bt~*^f~ZNe5m|w2EJ0DES#JqW9Am9*&kbztSXDM(^Gy(-4&snVL%=
zJ?qyUi4#uM$j1SRftK2Tquj)K@hI&aQZ2FB2{$ofOXB}Q4XlZ92IUlXRF9xmcHLqd
z{vnxDB*^2;h#ykyqC`P>ugn9EaXnUI0en@!Z%Lx1@qbsREL62@LEYOP>|hMbI3A}!
zyu}16<49VtVeL1(Ly8Cf$lU#9Q_b#W$h3;O8V(aLl>o<vC7`K_?E=yDTg!D-Fkd-+
z;ZU%xM~U`2zujnNbw#GDPlJNOe+p;BljW9Rjtg7K;`hE8KiSi`k<{fL>Z)N}3aVDL
z(|xrEw-@oW72nqg=jMl=X#g7jBa7m%RjTnP>RaScZY+ehcs$OrQr0TN2z_(m4C>iw
zR2@)r%BQbHfIJ33zIbXTM<~julXoe+ALLV1CUIIg?VH;})KHKwEPx0B!t!LGhW+4I
zY(`Nr`e+3gpCcm;y~%cV?W7lcm2|tqA10xCY07M6J~Sr3B~Fn}&*TL1P3%409$U2g
zHX%FplTCkTf%mIIJ0Nd~Q?0qoiDXP7OaXQAr0sIX9e<mUOeKc9LBB1jHcE+$(FseO
zfLKhd9BB*z6is2#zs(wu&#;Hd<F+(8d-mHG7bsk6KEsze!WVuPZr_}niO>z)fjAa9
z6QVYX&2~}Z0)TBvN3^OwvQEOhTBy=BRF<$z;P)ih6U<q1Jb|l?5ObTNeJygRp{ji_
z-VVkUKT~7V3lSVZX@-OPv(&^>4z%;A#mp`T<cuFfD6G!18W92hx+Oj20#!LN2Vkzd
zQCY_|CEISNCpuG+3L$h6SSN=chT1FuJUy}AWh&p^tGXx_r&@{G25TYgVSWBF*Ll(l
zdOBFW;2dAe@{4=0AO{6%miO|d>duWHA-@bDldmi-2xo@%QU#LgDIl3v@~u}%(8PV+
z-X;))wTskX=y|+em<AbNT>tI+(7Va#Fw6Y}W%0=D`Spmwd8vua5$9SBuH|dxmDRIw
z<z7^itGQD%Z6y3%V*`a|T{_*qD}x#Cfb#o0P;}ZJ+MHL`#%0MSGA5b%?F!QP;K@fV
zi2c5t7E#P%Wt<cKe~*p~%tR686H}qR#;-CqSAsN@qZ2PZxR|lrn}8d9!odX9_AEM!
zGALzA{B-*@IF_d=$mw|{;L_MSvB$#Z&S}-~3ky`@pl2`h#F=I~*P8Oj9jaUI`@fjH
zp|a6&MiJ<BwQN=u-M;1+Q9RxJ;w7Ug^cB4)$2-8N0&kdNy$$}@{&*IuKr{oK=1MX-
z%7WcA-r7X$Uz-x7AA)(m)U{G%A=)pydDgjaC<fGSIN<Tpp#bul&gcm>8i&^(mp4J}
z`e+IK7!A5^T*gC70G!=J*U1j!ICKfU0G6i2c@71mDj3O@_#Ov9?_^eOy>39%hVu&E
zabw(`U;BX4?vW(_!Wlp$@j&@TpDnTJ?;@(a>c@3mE~Z?Fr$2NifHoFJ`qr1_3CwEO
zQSdJLh<lS-&BPL%urE{9-<7vt7|m@iilx#TA5$i4V+}$rO)z`VP84Y7f%KF5y9m{W
z4@E7@6KmKB`qakgOap8W8=k5V+hDRV>4630Cg3CLcsCRV36>Y&Lu}|pD~wDS!I>Q>
z7h)l0=aAZcWMz_pjom6{-!H_@?l3?QeE>t`gC4K|^FZ00aPmMNCWS%gFwBrWC{F1!
zA!inQ1U^#J^(oncM)bIqE*;*Gel0U2k$@}ZM08cbPRAll-!R5o=*ljyzMgc3d7I06
z8qz@Rh(HB)uz)@e2Qz5b83$g_4+}!Oy8;;MS9rmaym3^2Uqn&9Gy8G-;Zx4R({|yn
z3aJ%l<`S_D(-AbE)3h}iYQ@eVRP2zU)98#E4PbnJg-5|gLk1b0=TXRsLeO4fQL5d0
zylIth*EM_KlE1y^M+YuTQ*>faSX@<CgKs71+ey@raE1<gT*e%9Eam~&-K1=AB0Cb{
z3cmFyW9gcJfw{f`t3o(x3cLZ(yhbPPXaFkxC~BXAr0kF4BM*`!>=1~4`k^d*Xvak;
zKYdk@MKXf3Uo9kv(UYuYr7e|krzs#=-fYJd>MhV?rWBKEDc0##lt#Z}Zc?#A;;ovO
zQem1N!{O{Zkw0roB$^M5i3#0CTCjl78R=_Kj1V+7<Y?6%9(9?a0pf^xwDSg|a~QNp
zgM`<Sm~7qk_@t7SruHYjFi;qg`)z-7B~HTvQWyHJ!ogUfYKGO>Y^Sh}?|wuDOFCR*
z>=zL5q&rc5G^+`DV2eQPF?yyH@50s<`f~f;(gI1#57lH<Na13gjf3{^+^QkwC}n5+
zqB0PP|3VayVs7Agoy~Mj&(S%!&9Sf*chHO|9PHV?xDNJ^QWejwAS>beMlp3%ZQ0a!
zUg#G>B9i<{TC8g^IJQtaaR)WKwQ#?OSEUvNQw<oxvrxBm;xy!cPo*nrG>pSxezxy*
zS>hNA2s;{(0*hfus{aN7`LoLIW#RvL$7^py1s+ZA#tIo&eXy12yBi3A)&WP`h-V#5
zaeles^>hcvRQ0;(ex#61GUsmXJP@U|W-u+XWKs7|#~$%VG*P^JV2T7jw_*~3MJuAf
z&yBvj^`qd=L7V`C%DnHf+uO6JM*zb5X*#l|^1{T_m&~6=0q;Y+zacpsNU>GVL8^J;
zsqlgA|G4ES(&Ycmlga!%=4HD_)laCmH6wr1Blc%tJ@s7_KaE)LB%x;k>gRb$g;ab0
zwf_v4KDLBy03%)bCwmwvpGp-~9^;QtmL;6dGgk9=S8|7uAX0Jg#ap+U_D^3H-q;`m
z;7``DLW+~SX20NoD9yDzZW|&3#L)lXn8AsMAa2@nm@!(XKWKz9a`@Vm!&R^t;6!x7
zp&36W@0Pq23SoKqq{$$k9CJ>Kk(1cb9vHi7^#^x2;T=jlC*|}`Y2e<DAdq_g$zo0!
z8AvHGI_iniSmDfE8MUu_l?5Y`R?~tG8W8T53mk|*b_dJyZHkp)%59pox*CcP%q^{>
z<SL^jJAjtwvvg{LA#8-2jqXp=sSb$}M5H~$W<J*GmmozrR~2NoMM$JOcpL?GQ#Tu$
z&lII~-UZ9}cb;VGqS@fJAYqG`^xM1`G7D6kDOiP;&jIgZSHkaP2ZiN!PRC%gS@zE4
ziCDSsHww8XC4*H5NAq4Cq-6FuMMb|#YKK=$7EqgAAwdSyuU&AcDG%_Ea#ZWQi&R-@
zApal0s?jmmb_xuV`2#Q#Tex9a1sk=3d)vYfjjJy&p2xcuN~ylGRiQy(>ifWy2^{v@
zW@}x*K&rDWDk`)*;-eD&$15wcgXT4GuQT0efwI<4P=_Wc6L&ly@`FA-bM}(!Czo#<
ziHejer_n0-O`i`Mg=o%^f2Mc%6(?AWM&$o))Zs%zTfQEww`%iF_xebNV#ab0OOpRL
zRbhJn^rt66;|H5}K)mj?#rAU*RA-W&*v5~)i#h*WNMptIfnTH0iVBLq&_NAUr7-I~
zbyg;MbE_Eq^}m@2)}}s21lya6b7{5ue9gPf2Fi1j4p9zVV4BM^gI;@sVtLvuG`hL<
z(AtZ@8SoEN$N-V<6OsHjHd2x%EoG(b&1%_=V#mHac@Fm!!u@%1Rk|(_B}dfkcY?k(
z>T`z0^~v_+2sB|BFggkOd&`3V{Ikdo6*FgJ=TEZ1+?d}Ahpv}&Pl=?tVIP1mH7Xrb
zX#ZywsEusRM#(4Ai(Q~pW+MR{*JYYHc?I#UQE6Ki`qv8zoe|Hpqvk-$(O9+xi;O^x
zCvjm28kdiV!KYgO4t8u?1|qaqgy9)e^eAPyn)!qQQPCHJzJ*&s?(r~@tS0%EmwYj1
zjm-uBX%TRB5-!~Hfx%j*=xna?&WqJ5g#D&E6$Q)^bSf1aJn^Y@bY{NkcnXRw@8QP@
z#d9TB-UKxwbjeJ!*9}<0I;q4CeM`Hq9u8RpPJ=)qln4EzeFYhW96DA}@C}$sT7%p{
zJB#E#mP31K-GHbz5?&yDAxNAdI2d*qiK=m#3^#b37sOm#Gu5tKj`a6@*xj!&F`<}a
zw?hE{wnLmdpy&D1uWiO5w>}64e{_BWj`~&o`yU*f;E{3MktW?IQ?}@h8|dY(9NBqu
z0?3k)7xi3*C+qYEl4C6xRBVi_8Fk&CjdC!ZbHm{M-xr91enOt7e`1%~N=6>H;I?qn
zrUFg8cj5=a-xooJ5v9WhIa|EX-*LXLx8z=00c%#5rfQCIi$dyub!exGNDTdfRVy$Z
z5o?k;8x-wuI-)D!9AumCk{h!ODp0b-VQVkpxky)wxHdCg#nL5;8@9Js+aElIf&xn?
z(_OQ3)<eSWm>-mD21<+wp*wr~k!Z5z1E4~7Ea7szo{G?*W?>}a@8VFl&ZU36_2Xt)
zftY{y!m=OPpY$JnDSi1u-zbh+j(8#lEdWLjrdy6KJS%n9W11PD-S-P-1Epp}*~e-Q
z14xXrN=V7;d{njY6&o!72J7Z4f>1PZ3+@Lx`cPqfv4Kx+{I1Pm)C$+XhYQ84w;;Fv
zkPP^*o*Le;t$+3i3qVyR^J2}SfNEw6Zz+PK+z1Ky4S9~u<XjP$>dv8ih#8DRsH0T$
zX*zL0oUA*)cCQjF!#TEkcWg}3q%e|m;FL3UK!5ci4PKd8TQu0TU`b?CX&VZy4fS3m
zo8Azc9ITt(0S)?Hr!$714TkY?R~!D{@Q>jr(}xJv(lTDhHC6QPKc*4I@*Hth=KnUg
z1O%zT0t_>!v1U{;!4}W(CkJw|P3x8iiJuPZh%DbEE=d4X#8hpOzf7J;C=*qqwEowg
zK6h{45;o=&V0@lENql{P%S(O!idyc<G~xc+`<xbD<Cx(sp|sG&!a<MLCGu5yNNOKM
zvjyHy=O5a@?D{J0eV-U`mVj$cKu6rYZ#rUJ1jp|V<a!v1N+`d0A2xg#J?|v>`}Y#W
z{pumaU#9l_S!b|&5)ky*zXt`H68F0c7!ND75@zg}0|Q&!@Ywj9FTOm|cAHhgaws(3
zynnT{A+puuM6i`A=nWX_N!`jx`;HM9bhvR!KbcOiRtrg(>R)dR<KsW3^Nz#<^1e}6
zA?jU1Wu=H(M_U>xBoEQ9R5dZ+{<^=+i{ZZ(4Xbx5H9P-q&fL6bda&eZwtj$Of7XXA
z8u=V=zzQzZDTAWFI7E@q5eZadF;L&)LSW-BvrIu;RjBqJH-LGzuBvaJeL|<?7j8z&
zb<(hU4a5RIzItEV8nUU0e<{J%di)F+P|{mP)bgfX0kzATl)r>$=TW7p0`yot<)AKk
z&_ZZ^&HqWccoKNlN?r|(b08kvN@U9}2!9o!SVFx_tul5G%ND`hwowQc&Grr(@pAo^
z#YoAij_-Ww!D;3YY!WuT18$=UJ_1GFGvUwV-m;E`oZlxArYW)NlfQF2hai0xygR$W
z>j1=~V<VzAEUJn;azhDc3)sg!bezNB4#?OZZts#OHGc>!Qy8-;{()>}FKpE=NchO4
z%VN*|ff1$^(llG5g-Gw0Dt7<+j-2J}U@E+j_*Ml6|4b?<-&1iqXI)(QFWCFImds!6
zBIMD>4DCYo927@df&RukNVZ^s*A@bDb5ABPN%Rx{g#IM{va?EuAdFp_oY<zPwKeg`
zUJLyxfs=eG^i}_Z@17~&${ThF7c}C}Kkdy~-NT2xdOJx;dp40J^Few_c5}}*3!HNo
z|AGG_?Ha01z#4hKYT6|3>{sfdZbLJ;bP@Lt;;JybHCi5T6dvvbeqY1d_bjhq6epUS
z^n)fnU$pe+zOCkVS6W)On?1_6c7cg#?&x(e5~)nJNQVZehb9{cqo%BnY4+uZ_qZ>3
z?q;5&lc<W8!@T5h?>mMVeDc;KiWEGER1;&z{3_kTXT#4dA>5y~xG^fN-NMtT1%{tU
zw%<}hWo$Q_xvLh2i6tS!AiswxZNu&*ISVX~4i!F9UMrdeHNeTU)5JO|lF!P?c34}f
z4`AP@d@1TTv}A`ejsofIn2jM0Cr(lz|7h&Q{{%y^+mDmVtn(_BCE+<sd6(5x2C4`7
zCjA%}FTb`-v_2FO_VTp>Dr{|`f*J7ilv`UgCQs|*mWcoq;DD$r=~y1M!@>dqA5zft
zW-wU&*TZKqk0c?)0j@a>#!iA`pHdue=&)XkUCRLuX<tNYxODuVGoH>Db@r0#%fmh2
z(AS^=Zog{_cOPghcL#uHj4JQ?B2Cj$6y3ISCWt3CpFfG;p1Hxg1hDenTM?B>N+&5@
zSt7bs;3=jKhL0%GfbXNa6mkvC{_`3x&qsu`loJSXvb*cJWCVdL5S%jRDj7~JPRHMU
z@L^jgq_KWC9qSW}?!0w%ZOQ`RKwQuj{a#M$t}m))NFgT#9x6cWK~=i!6ll*K`WEp+
zak4RnK<T2nsjuFW2X_dDzAV$lK!4`u>8as))_6-2zK$(oxS-p(oyBWP*H{#Hqb5OP
z>bx6<G|^A3{Dpw*l^5N_$@gPZ>SXkN5-WQ6Ahu!TsqWK=PdyRX7%$(g_F!q+lBXF2
zIp!PJ{?D_fs^YNd`7Do4RSLx&ii#0p=h~q4ZLUJU8tEVd3SG!50{C{dhaULZ=i!fS
zRViLvE!D`WgK4aN_NF*r7;F;yj^GnNZJ3(v?oc9nXhkTZzLQI@hz0js>HJQRrdT)S
z`U?{ixW#te;|B44upF*wST8UWD1(x-tG~G~tEwh~+u({zfxqmGN&_6&)GBzH18V1k
z5aGMekkp~Ok(~GlU_B(g^9YJ!DUx*;^V3-FTgSx0u-aTX*_9PCx+M5n4+B&GD##ar
z{ivaiO<dHK%pNuaq*f9&h1sF@COwzxs!uh+PJG6{=N3}70|L-+Cu8w$VXd3LVyZNP
z&8{*UumBW*UNR@6yZ@tbQ>PIYbhH-`pYFkuhb(hSiZcdpAW#&_oUq3|3;XqgQ55hT
zZ&8RmUO*p97W<1Rn1u1k_Cfiqb%=sAP<3V*PaT)Q91JPq4uw3gqZfW?>t3qTj1@62
z7G>l5BFv?6`9GbN3Q;nHcmUv59cbyMaz+F~5Cl}|2rK&%E~qo7%J3vH#{vK;sF-s?
zSL9SMG*65qepmqC^2xpo;uIrpLoi!Egw4j}E}RlRT_m~puJqhtqBes-P27v)IGqSU
z7pP|-K1^!QR{r}tc2mad8`BRLbrsLHI7?}0%HhvKB<8uZK~m92zD{}JhkE=F>qp$x
z>Dd0U7C%2?GN-&r%zC|J`0}#x1-A7MkG8OiYJgV%M7hShAo-Hx1bq4vr3x{iNk=Cl
zK;KhWEpPTgl5>nn<dMF8%X8HyW16~j>0lLvt6Y|@P%cUM&YjZ*v=Z0pkjcD{xz$sN
zUbqQYYs@p7?T4K#FYnscZ&#}u!-qVrrZ@I!vnjR;VP-PTF|cHqYj?^+9_1@`NzMMG
zv8sd{4CfD)IpKhni~FsM@}*29JLu9TY~g$QgR>HQ!JVI2RDq9<-vmj=pU0z8NqBzc
zn1(ci|GtfaidkrS%huA$)T^zg(X+X-|KXJR<V=l~5!60m0ON9IY(5VBWCp<V^dG`=
zwh*ODzB1>GhlOYO3@2PXPkbl3RJ9o$TmiXt$@jFsP{45Z!hyM64F5|V+JOO<GuXY}
zAU1A*L$4i27W|F3yZ7~Vykn#Tk2%>B>t>8J+F~Ri=jB`6+!CLaysg+-e%=qGjuHPD
ztT?LSRis|GY^5HK*Kv{Lc3ci3%j@e(kZl)YNV#kAx5vUZz;T1<tTA^UhcV7o+?_G0
zNK#+P!iDGU(;Rg>S_Pq{>7=2hJ#*tg#wt=bzou%{Zbym{axpiMW?}~g;)RX9?no2*
zbC=1zM#q$%yC@+fHX}-EHUPc;CPFtZ1o%?KmH20jQ%O_luqfJA1+GSK@OhrOY$N9x
ze`)%{8VDi$5eP}&kyp&Z=Pv*&ON9Hj5)jj`*h_4W93Y80eSvq)`7tUNKQ316o{{Fu
zQ3|8~u(Yx~ky1w&Z-qJO;{U-mB<n8PG`w1|WBZ-vQ0m#A*Hz-XMn7aVB*4mcxzBL=
zqTzwx)xinCtj)lI(M+zKvl0a_+KZ)|)v>n9bUZPvV7#EJ%oaid*$Gu+m{xUfhLl@A
z>0BhPzAc4Kh+IZt+4h+)+7E<QI#=~7v~a_jdH(usOkS|arxi1t>CNZJyivTooIc#M
z2>DA=;093&Do_c-v}IZn^q&c=)giCd2}vsH7YPY?BNSb+hHYf<&>1Ld%pZf!aTWh0
zr>%2@DcIU?^3`(9*S;8Fau-PZ8^;nvn^Qsat4bkjnK)3#Qrz0vo0OGUo)aQ%?guE>
zD~Ko-PefEEHEq1VU}5wI_q6*Yu*kU3@dxl}eIR~bNu`nh^?MFgsW0(;XH3P*CmO=G
zDpZ$QqkEkSLmDULOvhT`O?DU@l3yiPNW@ujkgx}hA&Ykp-}E&SY&2IJLPe!qWH~*o
z0mPh>nCiyEB{v(h627JqGw3}5P%`4?V^N=4A5i2ukB&IIoSngQLsE9;8spP<%TT}Q
z4p`bd_35^-pyl5|??>|qm0SBF{X|22gT%Z)Qvlpui3A^oCtlz;?l>*a<EYb;o^}lv
zX`%SR9IYV)?JV6*&!T}g6<wmK3KL#`7(VVau1%1(ULT{AP(I}3qTmGQjPY-{bh7Xm
zw$d>z^ybG$YjYWw-#cI$g(q*0z-PjOl~K3k3P^}uWTe^!gM1U^d0K7z<wT-PDG)U1
zW_3zbttYWugkS<VYf@1YN7ULZ&-)t{lO4G<^4+CPVLuN1NESg;J~=sPkiLmxBsgK#
zCIWTe)7PtQ(NrsuQ-`63DYsAlxQHYF^M_Jtws=ZGYd1_rrl`%<4A*Ivw|tn{eNL+}
zc9b`erg{_6{(xJsKxaYOu6+Sx>sqremzH$)|1Q#v^t~qr2fC8?V2V&A8DLUBtK|12
zRZR0y%x7d@2MOT?d0<)$Ul6{Z2{AjWGQs0up;;Ig-;to%_jeiov1CNunkpk84XnyA
z8VO)r8*3!!b}b2E4^DQQ9*1mUJZFKQ7c<hQGROaU`MsrKK4(h~PJx3+E|?bAcnigC
z1dT|;&PRTZAz+ajP?gl9FE_uAKNR+^GhI(FwEJ4U!FiNFmg5q3untAk+5wU>LE(Ky
z-m_Lz#vIm6hw-6-F94kwJ_1!viTzK>rvM>uCsd9Q*L<&W_QFSc4D!#4<n~xw9rxK-
zJ1i0QR4Ase?8>;JoEqn%0d?{Z!?)*8hF*o)2UU+fSw0kpG7>XmC3`(Grs5F<pRn%*
z?7HcuJr&&3(`6F~_o!Zd#p&@U|HLaP(?g+nK4(VyOCHOCMfOsj8_lBtThqm=NsbOs
zEjJmGgfWq4o}x3Ag9*~g^Z%fcMD&UBq=We&I12}}wGZ04sGbu*_r*tz=qcsCFg4ao
ztFpU+6ob&tHQVrkHQ77<Ly^|?Sx%Ouk6B-VLF48W)4O;{4tPD>zuv}AWs!Z~2T$Pm
zJHfqm_5%EHr57K+sH%qKDffHwYLKtS^>DOudi@=zU!V<kLl(Zl9U>i8ce}(t`_QZK
z)>;$XhkES~*ig)e9fL2>z$^sY7M(Er`_S6NwrC2C#20-Tn`%;)cTvpL4Yz>QhmUde
znkI8DA}??f@QVI@LHe?q6CA#?{2cA+3t_2J+E=DC;w`fpWZenTa?iAXV%6<Np2*K5
z(N+CFp7d2~uQqx6NwS1(#8DmA*k)@Q9Gq5e`QYgU8bA8tlO#vhZehDLg*YO53cALG
z$1LtZZHbkd7oOIk;MHt6%hRba=QoCp10YiqP!j93cq2pa!lQ}=!6w5{9mm<$y;kV!
z*Wp!l;+x4>I{q_V9zNReX7uH~+bsQ{ctYn-b9>Ab7m|3lCn{ndcvnjdnQg;`b*+&-
z{D+Im#m{d%LSNOKmEN!TD?x%a#yGOyWa6auROf{$0QXUKF3-XAZ$g(EHZtx`<ijm)
zT4SEjH*{-b492Q+Wrrnn-vimx%MF5k3jaPt6}J#eaQGo;{WUtlJcHKx`|+ICy8LZf
z^)smUnhJtVJbXXp)^W0XH^ctH3>dE1c|hCL^o%Q|ks!oBUzYhVq%|9s3xKymcjBVk
z78JG*B842%xX%QBt;8|C><BbjTL9;KvtdQ#4-|ZE*y7!2h<vk0uS3;<kxvnML=wt<
zg5%InK_f;^AIGXIA%ksHQiXdZM)o>PHP2AKC9`L>JA5Z*Qr?kmNucTVxW%y@-<5sH
z6n^{q`U?QHON^f1&XTMpG^yJPo7ZQ$bG*RRPY(|NGZMQjCgQOBqodTw=yDmV#2q&b
zMK|oI^i=95X}U461KBCkkhn!S2^>i^P|^zV-hU;oL;jGC-C_JS)H!eDo;H#B5#}>9
zP%sqgh6~xrAUZF7Q#!i&VHp*B18GDDJM|N&AweY`32vde3EdIBYFKjeE$$}yTS_8k
zs~SQJ#lpw`_j|}-!3jsy5%)?|XxVexy{<JtRT4CUPhx?Q%y~_-C9sl!D>%K)oiuwA
z4xgx&0)w-c^y#2cH2mlKUH1_mmlzAs&(<_puoPRPcw~2u2YrJpRZ0V;c1qDo;WcBZ
zLUuHne1O?+K+alg_+6%(*m~OzQ=0kuqo-T2dkQNQI6P0f-P;s4>nE^?76P|;Lw@B8
zr>S`J_7k14BSTh}K<ui*8&J@XXYS4{2z^*8qok#~VUyAx2LjI+K?&5}?MD+{mMQY8
ziy{<REBaPc9r~_o{au}Zk#3HN9RB(Z#1WCBD`Nxq10(I*q~~dvP=by-z7HpKQUEl!
zHRNZyQQMtO8(4vY(m&E7GZ_hmXV<C}eli-8a%?PngZ8f>h&(-D&-CSVPLD@}n1{=T
zK~j?V(rr4GA|2o!21uJ0{TKrzrye$UN~q+NrWX0O9(ZonFS>eHQQu8j>{~VL27TNa
zxO6kBkXP3`Ec8G3BfO~d!%TPGZ|(Ltl4w&I8SjX#avfAimGkiNed<QFoYp;*A&7NW
zAHyemW-!$Li)H_{eLk|X0c*&=tDc6Exjfnxo1jMrbI-SOo+HHv^#dUB*}3{H4Wf#4
zam0Y6VXp;XHlkBDqyL)CAVa)<j<Rmr3sn&vIUumN70cNd`1R1US+2E^!MAevQxlxF
zx)<&p3rGV1ETiBH`hgI<j6JWfDEVC43`3MtxeysEyYkU!)6uLa>t@9WIhE<~01^vF
z4l@%bN@xCX^$>*qq<7djnl#7f-KZoP8ei6@pp~L<b(8aaTfhT+&CI@^&-PnxB$Z#l
zH6ZdYA@=KFd6d#j5oV2v<dy1w1BkaenD$u10pnv&;7y6=2jLt2TF^3vf?uC|1@#eP
zyU+=Oc(akko+pO6<)y?nqJktO94q-}#f@u=oKE`+m<463xw$rKLrAfQcZ03%JOgpV
z5UMoPv;YA9<H+~dJlFgQ+l7gibd%M~4cHIU`EKC7_J^UGOutw7qwTpBysBG*I2=1a
zbw{%HD}-4ayDcs$7l3Z_$iVh}T?6={U3DqdM9yIi#5tuEGr5Z$Tp_)6*@QLKkH=mg
zK?$7G0r*;J2H@5*6*5xDj+9fyGQaPM*&5p9EJv$MRL?tN+R?lKM8rN90G~MRaq{HA
zE0>Txy?Z74<#1x*y_~b_4!I{etyJwbfVlBuF$l|?AoC8Cvl|@A5^R>0a0^Sxc|lMn
z9Q)peOm)p?e~xiY<Fni2y)=`+l`?ORQXsaMDUSB?_|p&P#G6jl(R#C?Od^^-<Xnj+
z=DlIqGk!e!g|e4|o7sODRl&os+kbatUx>ujX#t06p7JAy+df)3oeNm364Pg9PXs=F
z6nSU7E$1Da#Z<m{>XZYt%HPUk7}yM@Wke>Y%?!g|KjN{MvTfP7uxd3{*4uGLrzQXO
zR<QpZ>ntn4{cfZ7nmFR$?YL;(i1jJbILMuH(vJZHK6NKh<o>1inD8eXo66)7Pg>-J
z(-ZvKt#P7cvHnW5Hy_BexYImRsS1k~q5TTt58~#E)_P<o{|ez0aGn>MoTct=L`BJ#
zEr{E!fq@p^INpSpYlb-=(RsT@6;2sVFt!<CCwE>jQi6j?)bZTO-7nG-&q-9JJwZL%
z;JRkva(zJLY3xtl4%*}|AZsb1a%YpPa5Okv6qIML6r0DS5ip=kHUd;@Iy(M(0{Wy5
z-*L8p_5?VxKf2=%9RQ}&SGj02P*$3w+=Jyzz^L0<QX%=d61NA#_YEIv+9s`Kj%ugf
zsQp}<Wc7hA?>U++k=|7fIoF<s&1sxOEve1S?f|OPCPU8Nairgptf(>qBpBUx#7fss
zatkf=Ih{N|=jKh7-wM85)5?1Q7XAMNO7u<&>x0AJ!%3rfAM0;Dny{(kYSeXod)0^<
zo_2E;6%bfMS0vRyg+CGk_wIitiJG>o!r+6IQ;G8|VB}J9;?xOw`1EAd&S)oe1W$RX
zQ*1GO@G5dd!{FmXGyW_f87K8Y&FGf%%isD3`>S|Y;dV=UVr5Kt;r6b+^~LhlkAF9J
z7_OU}2}pRh`>a=j<IE#XNx6FD81aMW@kB3z%R=meXmO{yu~(>zc0$uF06KX5CNcgb
zSz<gU<RAti(Bl|w#4;On`9B?xZs1`+2l0r{ZF{&9kn))ef!uRk12b>b`3A5f=?EWY
zuYe`<0F-w$(LKn*f!o=E86acxEipbV<gM1f5z6l4pqK&5O4DjpEa{W!g94P*Ky*cL
zKaNvR(RYlWxS407;P0<G=a=*3vmF#Yz~rK(Pd(7Gyhw7W2n0krwkV<pf7CMY)!()&
zQug=9+j@Sg3XUVfy&{4x$*aClu2{~uC|GiT`8udH&HQJP>)(qE{R3Q#0NY(=gOGpi
z>4{`=J@sCw$?*js&PlG^-ii!B+SBG~<G7PKkNoq>FTw_hlMmk}>xj|z0&-f&a`ivo
zsi!Bx=Lnyd&_0IPETFyJF50TMkbBo`@;we!(Xj}}4rg%bck`aY#i4QwCsevFsYUqs
zQ%)U62>e=81ihA+q}qSxD1L3pEsjRpY9!L~I3tgZkxrWBI(_VS*BY54@eDyg0zKUd
z+8z*AXf+pinmP8t3t{S&llx1mTQEw6%~F&fku?k(A9%BWNKJO5P^A6wpkf9oh~*s^
z8THkI0JTvF!y_YGV!Ssv*)c2QgVg|EgE8%%Fr)X%<od|1FRppuH`x7Pn|-nPpCfMh
z6Oz^X$xG;1m&nNCm+<n&C=nRK_z~VMflQ3Knees8S2T)_OtY%mb}+y^!paUR-#ID5
zoidtvo<9ty!}pzXkC%+nd;70MRVs!u?XP2+h@z(ysT@an*frIR?pAlVWEV%e$@X`z
zS<rt%JQrDUiRlL<KF{0&9&tH{ijj>}?_caA*8}LqZM8k9ayc#2j*<Q7<^e#%5ymVO
z8O7(2kFw!;6W^0_e2m4tz!RX06=6=6Y@?j|r8JuTA5<)|O*29`yRW%V4AgijMIl69
zW`G|Sjebjzn^bo{J?3~p)&OR^obY|QaSB0;7@P7WEGLQZNJI~=rLofk0RPxOjDEFA
zB3LITBp@=pd(h$ETOw9(Q^4*)31<ZbSF~z`vGMEg9r}7>nut(z(V(m;l}oe^Ieez{
z@)&3E5Io&ZYh_L^XtM{?t2#ZX2U7z+{10ccGr4~EQa*xbK?bL`-XODz^)sKLec%89
zfFFUi$Dc2NX!mcf?#8yR0h_~i;2^QPTu>z+F-&R&Sr@HmDsI%hKRIm^W)QmjFTvqZ
zPE2fsNXbs>jpEf;D{QtJ5#oPhC!geA%lH+pR@8%C8C8u4LM-$39JBhgLPW$~YEhi>
z$+Q|7YE9>%=Ti81KbX+_8uxZW_*o37V;jB?IdAo&@@uM;oLcxa3b&&Pf4;}@Oylg*
zOuj4V%elPAgZX$1QRvlb^7fy0mz(2Tg!*?HCJ8Bs=wHX(?LKexem1Bt4b+%(zak}|
zAd-XI2qjjY{>*$wnyxo`Ap_`#cAqgBQ|eP!o})_R!$)lGWee_}?u{O^OnDKkr;pZw
zo$BB3foXh5@W3^fea%#mJ+0}d3~m8)?NJNYcx>@*YR-(u4tGe##LYlnfEvW*SEfXl
zZb*(_t}dg_1uD06?Dw7MB%DDtoo-LDI-~>^(*2JBJ&|>8XI!REBaaN0H3q7{RVX5>
zE|)Jp^SYuCF-9i~$yt2qAf%gnsjJ^tlqlSi0m|o0AVSWQ<_j5?lbah2fEiElx#2Pj
zvlFi;YFMm#Sn=N#WU$KH0-E#lK-Ezq1Eux;;+|H6%69h&e*T7)8ZoJCce{x#S)l2@
zpO(G3W5w<p=Q1)>vE*#p3!7wU7G|`o@R!r8Ym3QY)k<0fG!BJi$vowwTu<CIKPh~P
zw2BQGerNCj6E!5l(N%k1U~WEvC*$K`j;=-XaBL8k(GM@39xeqwsAWsEF9r~ou^QAE
zYau=QlBc;ozLQM`?DnG*A(T6kLPdV(4HxH3@Hj>~@8vpIT1x9xp@8{nn!?yTmC8J2
zDX!Oh58E!oM{{{{5(ogPFw6rC>UTKZlNgE(N_|KO4WJ$Sf{;`vOYBsC;}POkT12sj
zd)DWDd<Z~BF*Ej%{`Esx@W|~*9Lo(A_FA3Ehn}d+2l@$(vuCKH2cMlNA`@JkcHU%O
zCKmM|aoncPr@Mgj<eRjIH(hl26pacSyf~ij;?amkA~=LM{24tva#9sM(dvAqQni!j
zCd<Qd1Ing7H!;f^$P{c1%x0H$TzG;KUP5lYou%yihcN>aQi5r1v48}^X^z0QZn-hN
zmzeJ)^7P~|o*&^e#-bE0sm2PVKc&$pWZn3Yk;KVW92CIsJ}_RL#FH5b(%m20ABePb
z)1Akr=khR9f2|uz=q56vNmi*L-%?W&I`#jgRio?igua)XoA2CRioQ91AjUoCeK<SX
z?iZo%cTPQ=aM-r$c3_r{DSKjMB2vctw!rQwj_~&!h?Vv}Ii5c#s%1Lo&4K1$PkRqk
z@Lyx!rNU62Vz}-|=kPhyWooAfWU2zn>Fk8K=aW`qZ4iS3EgGp;5CLJKKhxjU0mCl$
zf3n#Sjg@1%$5?Po2LzB863dA1Ux>8SUZk@Tx}Q*ZH#z~W*j3yueQ&vD-}x8wFkg17
zeAF;Ctc-}-9f`Rn7-v{M$hWvNl~JCe^uCN_B(1hmWRlXndRzyL{DH`@#2Z#f&6~bd
zWx1<Oym37a^tbA>NScqUWmLBGMnyr?iWcVJ8_eL5<YHI!TOg2lmBPdF8A>#0$SZ?|
z4N07}<^P84Sc;4pF9%zk?T)pE*Mr)AKueOg(uGZas5xb^fvm(#M(vo0Ld(rKuwI6z
z7ITN-T9cpv^1!<*-=y|_(as*4j+^Z#Cc7bLwn9@xzhW&0+ij$PK*NC?4+nHaf`5Dp
z%CZ~^scEMa#49dMOe#5iU7tgfg&Rj3$4k#RcafwQ?>GZXAW7v*YYnGMU>mz@8y=Yh
zb{dvA(ys~Bj>mPG)cX>~d@u{pQets4ZbMR)sNz}~{deJBtFeBG84$K8j`@XPwjZ2D
z?q4`?kUEcUAI1Ky@(Z}Q+-}T)gmOLMvo1Wr6KhWBFK!T)G)PL6K5O^W{^SB_^049T
z+Ngxd6++T({tToG)DFEWu$W+w=vO5ulgBF(FDC*XzZR^@4RrvHL*ITd$R1U1!3+ep
zqO;*(#U<$HTo#yM9C@x1hOk|;04G4$zh&l(VnRm`%7JEl_^p5h9AV=mz*K}&|AF^5
z$HzWx^)TGAdgb&J!c!q#Sotnfq!NSA1#uuvcb|tT&qNL41%$(D#A5z|YY?~Q!2Nam
zCFDp;Pacx=z*k5Uhuw_tfG6BS8iX8m;ME8gz@U5>U%v6*YEd)7vL~IC@tUUN{3klb
z4!VH3`iAyg=ykfu-LM<H!t8uF3xsrO{4#;+_R(pP2IEcNc!gOWrWv|w6H=a<TS;Se
zJwlyUBh#Q2mB>eg%jJ<FkbSNiSFUV|t!~|97H(yLA281M(v@Zn;Wd#glaCwo<;Z;=
z*KeY##zxrm7=Jbk;Q%9p?3-2K>HsRbJ^yUI2~!Nal#vP3%(4CrOMcsd=&O6F;<^%W
zgE>Gv3|B?3`xOEgHr1W&28C<-aVRd?z~xp2pOip#+7IVbNvX-jf6g9+w*g>q5J>G2
zB1lSEvUDDUhXCL&E`x|R+QFF<CWmVVftgN|jDtc3IKX<0cQ@c?(N*2=t_B?fpMTvc
zs|2hc#+f9}67>@xh)6b%9(yHxCZ+4#-&ZEVg%tZ$Z!aCmZCpVUeCEm&tFZvDi#5Y7
zjq~72pCRW1Ra;%=%%R;M;!_!|H3}WnO|5O;N#}9Nk{%+s&<<PPvHk~W?R@9GFX9O8
ztv}cW^W{;re2F|mjhJtPEBpdc+D(oTB(}bk&jZ13bRhU?YKKC@HkW}_bcVVW`8O@Z
zbl>*1@RL)dJmyd#A_NuEGBb5_=gv0dI%+a(tuA{+x%}D(%A~`kQ0>cR#I+TWx-;9H
z#BUciRZWz;R@J#QV@>KOxUHq1GIc=UPr`=PyC3>DEc9$zIpn4_R^2Rl>DMlB#V%Y!
zg7<x*%r-|vc-nuV6FnZ-Fh$771cn`zUHw_uxvK1rl9SfP6AjSOC&QgFfGMUY)`C=z
zRTaW&e62HxSighw4M9+u?XU`mNO^x0*4Psw)LqyKL<H6m?d7}*A)QBDXxLyRFZ6_|
zI1wry^;;%<;>+@O$qoA(un~)uG5{!aB>%|l9%HVCCf754EbO6}8yo%e|2$!yS=RRv
zP|&kMzj@H7FHH%C<Kx;CX`82<TL{|alFjQ$b#~w5+~l7-V<6Qy3SP8jGhko!2I;6p
z(H#S&jHDIea>Fa0t!IX2-SLd2=@3}*g$avf=9nl}026X)H;L1iVi!2}@?!aOGZ(KL
zhMP)u<**Z}X|`W{^0&Mf2fV1&n%6=LuOSpn9jc{Z*G8ws?+Gy{VE})iIqjo@0AQIF
zL&Sx~jV0j;>i1J{!h`J!xOkh*aq})vX_>nGn<uLR7cP~qB~5Xr74-b|O_t4`sm+!1
z3gxKLM3Z9Ru*1!OoT+HSJz5~tYr)a#_c(i!F5t!V{j*_JA^+IJQF<K)vdzKtB~#}7
zw=(Rm$0|50#hQCvl9@@n_dXZ}Q0UbO1g!8#)R`KalU3!=PrXBFGcFH4%LJ*Q>-XED
zR}T$utkGW~ZY`s58sPH!xbp;6YI+{NAZF0EuN_z?y`T4Vy=Gk3lIf(7uF0%^Y0ugI
zWjG)hPg>Sz*#1c_<>4__vdmyCRkd&T%g~-9J(h746aGbdG*VEVTud^Su2k{-+HN{X
z`J=z=@zJ(`H=yFgp>ra`WBnpZcw`YuRJVH%eO><Q`ilS`FZoLrR?IV^G3T%$2&+x2
z2YNE6)A*|PRotgu(_m@%&HXLg1|%F-fi5Hi9<tZ^^f4d+>0;4ei0;`qO@(hmb34IQ
z9&ZuY%NofR&Chr;S+UZli=@a<zwk%xjg~w&>?J5bxAb>}b%m@MRa`M8wcsN?MdiWN
zi?>p2qeLenrP8lKjoB@gXeR>QHwzVkrylj?oKF}{OQf@dC`I@k=#u(1ogR~El$Axv
zj0eB+SCq_uddtOMH8Q-$-a8e~^~-!mWz8>yr$spzp?sw~8+dVL*4XO^cm;SW{?&I5
zDibF!NTV^~&`q6VKf}OKlQZ?#M|caCXVyWv(>ASoxwZoFX$oj480wwUF7FD07*<v;
z`CN$4@=q_Ck@rP0-J+rN#y1+3-q<0q)?*vj6Kv74(;UJn#<pE)>Al3jagtUBP@@b>
z9{@KX6Y-7aF$Nt&Ha?YjkROUm><>V<lXenoA4TQb4Amn_LC^RtgQ$bwLqC}q$2^h&
zf5gZ=luhlW1gCZpP$Bg6no&HQLb3NxCRiCA*X{t}QtJ1(2t^;xFbGB#vQewINZ)w1
zs|CWfb1oa7R%1-EBo~TrQt}>FU^7TY&yILIqMuo}>`~6lmfQ!2qDAW@vh?XX0OL$_
zD4>}G%4WvTa3w7^lJB9f-Bd#e>urxXj8<q?&Box=QScUhf%^^NW`|>BUufvy%>*7b
z*4}wNc56ohnx9R2|Ly))HvU`e!2R--%u+;R-9`E-MU_h;c{$!1Hi~)KSF>MM1F^a&
z2_GjNqx`w^k?dO0A*H4hB?%)q*$^rus1?NNx+?-IqC8H{!|hBfftnr6i@*4yMe!ge
zyY_d6Vl@SU&8w`7&VE9gJ!a~mshk3F56iv=yF~rx4-_;hp{W|CpysU#xUa#W>jyw4
zMc>C`j$csl8NZ6BlKb?r0UxjoB{wmr2Cj=3Ap=4eIT!8K?$TfpPGvHJRzil@&F5+?
zs?HN5Z(7gIdVTK3yzedVf+q}S>v8Bw?^-e<LTZ`HU;zuNzLZvZu09bm)R&=ZNh?CK
zYSuX*<GH%H&*Xu()?p!Z$g235mQ2he86BZ>WF;|t_f2ce--fJpTEx|I?+%YB%`0%X
z=WacZ!s1NZRV2nFmmk6pr!b_O#>;njog^`J1vekkbD?IHH^&0$Jvp>8N6cWm8<*-D
z@+)gk4ZYpR#`<0llBOvx`!pNx0l6=*Ml0W{14*tIPkZ@3?sWzVmt7FuUsp#7nGdzD
z5iMgInXP;!E>bh^63*c%#W4w*Ypi;^?O`lrT{J~b4|z67ee8Ge>Kd94GdOTW*j(~M
z5ubC;c?R=#g9M|HIqWnLtrvae&3(u3?N%g|-iRcwZy;b4jon0h3m(=*aj}lVMII18
zs*h50JhlZ;>*6c>qn*dgXJ4!Cxzgc_YW@&QP4#)K-igpQu^EMf2cdfoFVaoBDM5Z9
zf(r9NxnFcn)|rqf1Y_uh^IcF@0su$qZ8<KJ0Iwo}{}^({x<EEX!jZ!Hg!*gyq74>_
zq_!@_Qp_euc@{CdReCR*`F>kN^A{tAGTdU3?@B7bcs<yafL^APeV9yf>7xew%~eI}
z7}kQj6ThiDU7<-Gc;rpO?Ngc2UY&Nk$NVqhgzK>|jDD5%@(ea9T*JxS)sIB?Ox@~R
zFnm0>rsJGSS-Iy>U7WiVG(gXN8DShWI&OGgGbj(0jQ_;E!EXSF0cR=~Se0{?_cD3e
zzjax>(2fGaH-x*4yNDJTv^TrKd*KaW4E~CgyZPJOZ}37&d)0vWGBp1)sLbd3duHd{
z-RTcirM}_cV7xZC8b)vYT9#6YXJ|_8FRQ~UE;)rh)loOQPnsen&D=g)^3s+h(Hz}!
z7kasG_p9u<wd?lgf4FcxMtQrPf%z0WU(BzR`J;XOb!H~znn(BhP(Y`n+XTs$^WNau
z@qlypMTpnmw5Lz>z0q9~uK{^8lC}^q{0t$Pqy`b?c<M*nfp@K##`fgmIC3(LkJGrl
z{tyw~-zV^v_A^mBNsv8H@9scj1K-W|2F|a|N1uP3!Dm^r&minm`uQ3hyT7~@F3C=(
z>V~YwC>TYhgjKjk1LzI;bXJK5-m-T?MToCP#FM~2+>Y@89c=yUSc}t~7(hTEYqsjZ
zvly!I0gFO#n&ye1&U0DTCezx~+)NP``CLsmHRU=A0jK7>UI!i1?+U|<V)zdivi9Oe
zbFN{7TrHWq>;i|0&8}&Oo({Q+uDTP``PnSvMo}jF<Ekb@7C&}wXrKuBh8yvRPlL~<
z{yX9Lt)M_KWZe^@BH!9M!6%rvYO+lV!V(=?nZ)c`nY>T<D5|{bJ9Vk?e1BgXk%KZC
z2}$)BL6X@V4-7;@`KgY8QC=A2>ZyQ6QW{O~ZGIow`W?B)qRTDN<85<I3GP3VJ^}BE
zM)IbPuaRAgK0+g(1M47_l?+2h3jN*wqRzhWTy{4$4jUx~8TQmv`l*5vc4heyLSfK$
zeBSgbXtzB?!UQ4|l<YJQ*)bF1Py;7Rhr5AdHkPYq=U;&XI!^|Tve6Zhg&1$RY*V%O
zEL&65Teu$l)Y_fX8ISq&gV!<r85LV%;XIjR@a*~oz}^%}ED1{%tJ)J{2;O<1M$c5w
zRp=;p8%89b;>4^FI$%~}v+O=UzrRx>t0Bj`H>%JaEULmD3Wnpi#2ofnZza-pa4cNF
z+1c+=>RpxRjiD6~dK~K~7}WF87TU&cOa}rtRDjW(lbQ#54p($@E$}6l;ZMyUiVT(~
zwjFG{6wq;yd>^LEm!uP60~eAGw%aR@7tSy%74=X?^$F*W^p?u82E#Fm&<?G`hv)z)
zXk(<Y-uboGgQH0E(pAjIV*zdti45PS1m16cj2bkZs(956SI!#k@XrIk-2+j#$3?s+
zVo=~~Ccf+dOD~F?O2eVtI3ddaXkc}F73R~|swTW_Gk$b-s3U>zpyW`<;H<}~6l@DJ
zBlju=PVy};$Z8)hhD2Ib;%63NH)btNT^0oktl7c|O>iF{rDagS&A~9w7xz%1Fx0Bu
zR>Bv0&fhseer|vG(2)cZy4M`+E6Y$*0s%#{tz5NRILTw|usuu}s7=CiMV7{GWw(LH
ziWUEcweFLNXQ%^omZ%1rzP<!oZsnyW+h`?Yg4u>Se1;cx5q_1AL^ciRJ0{B-7B}Y%
zqUc>nW8GI)gSW~uUeVF8nCP*ZrAS0)aU+0rDsibo(WiX-08+xbk4Z~+U<>zbXz3(#
zFo7bb6qBjhN`emL!+FKm=03oFK@BRs@od~INdl67>FgNr@_`P-F3>G1%z=h^q2Ao4
z)NR|`J#-6s?bQbnj#`UkaQoW_-<Mn(m0z%=pIuAbnH+r91L=n=;fExLA#Z^2sDBfL
z*T+Kl{(URISH`E;d8+BqYjW@18p+giU3a|>)?@ia{~J<x^U(r&cU2ashWQ{;b1#9E
z<?|Vp_tw!<O(Ttn8yy<~2&km4_<KbXRk!#=nOe?_D6_$KA-Wvyv^G;BoxAJ{>4Q|=
zf`z6M7#~P17itNj-F`>Znz>gG$uJx(ehIB(yAjIBmMOWX_rjX|md;eeBQWzABRlY#
zS_I|NVgp2$C};{ZX|4lhdDvz_3x|o3gWMd>Y-R8=GPe;K;(LI8;=)&VoZ=j~l?u5Q
zov;27r^d((Lt+5-Lz}=y#S0hDGsEcF`ee?i2Ntr1i0=Y7iAxP-fLximyxE&7w#@01
zxFTqDJspX5XZ5(Y_lpSwbh+vMYN5gel|yy;=kQR9@5S|@?Jk~lV)h08%9mgsfapb{
zcMR|dwQk&jXGuXHNqC<-VZ05QVHpNm<0yM)p(e#@ZFAHIUnE+Og-kFy(|xqiHYmK_
z(Yw6T%^U~Gh>3|aqh-L+gZ<c&>3lJ;4fBKfxpnTrZRnV6?3g7I^sq`W%U;!LR06cV
zswLo|R`x_1pX*JvNV)m@r5#`qRj^o2LV`|hc55AJgXo<x*4yMzV5U)m>8Dsl(j%aP
z<qnbth0?12+Be_PK=m&TOsiPzXzAacx63`0Aq~0?du!Df0SEfyt!}hj$B*e#d$UJZ
zvmuZnJJ)a?tN`>q(>7e|tav+{=akZQ?1vOqlMpZ&qemeMo~&ySn5)bRI6>*iU<Pm-
zLfdR``;zY~JKwqK56sH*_SR@$$!D)HN{AD+X8*DApUaQ0P#N~0GT+egSZ4tC)KAf^
zgL9I%6gB4E`JzM(`1;oNPmE9+{Df0TpAb7T3@joP4c(8_;A1+OqlMbDP<?gVRMm7s
z4dUMAT?NtKj2w$!`v$G4AtO754UAcVJj9%rgz}7MWOc4eCaN4RlCKOILJ{S?=53tg
zgQ@x>6p-aCFmgqbp=)MT7^zIBUheAINmKV~FlR#qzR{te$ZWjnD6N4vvtqLRjv#Km
zYiL8Peq)`p_9O9-b-=AA1KTi4ZmH(YdY8dN#drT;x0zH^_$ptjFbsF}q0T`3#)c0i
zi9F3!Z%Nuhw>+LR-FN6eM~{d}BM{8V_TXl+^zLs-<xW=j{<mE^HDKr0s>8Dut;Fl%
zlFu?2Ht127!x0(NQnf$sv8&DilCGcXk-#>J`R1n=0No*mb?OazL7)8H{z=Y|49waa
zRO_NK5BHaD7_yApO*;#pPxQ_~_potLN1MJ%T%vn-3rwMSCA}D8*B=lf(dp@te41;!
z`<%lcu*5H~2w6$$8NaH=_VIcJN|HfeEg$p7mGMUN)jMi+x^L+B*a##)doo*$zbdK4
zTrmjXEfvgGMLOt|Eo2acnRElq7tqqhTw)kV;%bIJ2K-`$7Bn*3urp!9zRiG#15s@F
zu?cvdC^i4zg(iMBJGa&X;+c*nlc<iEvoWBwAe#o<`?KKPVv;0J11ma3u>1Inf(3G3
z!;1Z9Km@*#d$TUZ%HvHC!5L-SZ0aXU3sb2J*p>HKA2@}n4p$9&YM3%G4#+xn@|UcS
zNrV&`$epvCc%!ak)GR1@nNl%G*<<rS9?ydkK@To)YiG_EsgdeA6TvICWj=FnPq331
zTC)AI0w^n+QSz!+r$M07t*CV-t&Jvmp(|nWIa6nTbA?Kx#y<%e27i|Dg?iSW`=>2}
z!WHMnYN0??Xcc7=()y8QL$X59-d6=DFYi4uGqu{V$T#aG#)1{)HDddyhsi-uPrs;?
ztR9bkYNy+Ao^T*A^L)7m85|m*3phM|68J+J*ZX8e$sbrn@JZ1kNS6hdC$|*-BLa8n
z2FCwMVeZMjpE7{QT*Q&ye|_1evF$z9Z23?XLz3vAt;!}SK(!3=R)g0JLrGR8SikiB
zsNAs6#G1{F0Ne<;OkuX@l?7(L=Hz|o2I30+2a&q=04#l8<J(glu<Eg1REHj%mQ-W(
z|0}q({BW_kGf%4wfPM2lC#GZQMw((>xrxP70lM0X7R;xL?<}ZoSeOS63C)FbqNC_v
zs=&uwOj?VTATZ7k=7%O8dX6}EIx_@lPCK3G(HF2q<Ucep-MEEi_8x$~fpSqIhxRe?
zt<<<$&Sy0P6u#Z7mM*yqm&WzbXE2$F|D=m<P`VbNrm%YmYe~h}#IQ3MfCBRC`aUBs
zzD5kJBHS=HT;~29$T}+m{U}9-)jOo&fpviRieV|)?F2pUFI|Bs5z6LE*pOxwZe(i@
zjt;+cO!;s1AU~+fpJpB@9NO$NDyLp}xp#w&hT-YEv{6SBm9Nw*JiZw|yUzz>NDk{g
zqO)FuGJJ)qfNKAk@;@Uz_miLpi3|hRH)_dCl4g_SYlOkWZC+Vl5Fk|TlzJuf%MZp2
z|EblbX8!`=kshCA9B2D^&$NL5dn4HpP%(){_MO2zYFA&LNA|U@0)sJERqWw|Vy*MS
zZeYrpogvGyf>VqruH%Jm|7t5~G9=wMA#RYP?-gb_kU=Y2@={@tng_0PSKK%Ezht!z
z{q*=I^)4DfqMmt+(^>+HDn~Q3MRGWcJ%WWO>~lQO#P+5F!gbmYlD^6zZDrx8yBfx;
z>2yj%<^zV5L_2!XV!GtO$3d320+Y0?9l$ff<KcHk9D8M+vE6j_A|x<7_1;f#fgn5(
zqcOlzzE-?{rm_G2eQVgAtlp72j8}~$iDet=-=GG1$$>yJ`bxyukWrYa9xhr)d<P%B
zA64Q|)e4Ij>=cM>Uu6d7q%Ov&s9{2w0dRKIWjO0aJ1w|ix-!^QrNTIFt?uK|RHfrY
z0!@^5F=jXE$eaB%wrn|yi4)>z_(zl!@QB@?%s>)(%B-3mhwjBh-c-?2HzYvzLhaF^
z6Ds7*BE0Niy6}S~3_bnI^P5-^+O}JY6xb#{!=$GRv$F!l<L7K^kX_{6^-f;}BJogJ
zxeG%7i;65XZ^%9Adc$Kr?|m{jv*ZU(@$*Qq3P+|K3sKQJa9EGVE~7Z6Qh?q2@n(3=
zo0O^xpG*sa$$&^tG!kRqySUZ2_YixQ?wmU4u{5MRY32cKfK4~bI-3iBLf+i;SOK|J
zlY0Se3vN;hKAy!y98=8sUbUu1ntdgngT%`J>4O%dqHibJLv<G}$KHnU9|9$<z2)F>
zVXf}U9TBii*24HtQx_yCP}iCPhLUdIYmiJlrnvLsbQZGp)`%9px?M=S+N6SFd8}Ap
z)2IkJ%|pQeKNsarX=(iy_!wP^Lva11&<gvxpe$u|R<?9cir0))0zA*BxES^H_liOX
zT>X~E`xxkN@HvW=j%|Sb1R?>R1Y?`k8Bcm);HnRBinvTIClFZ-Sen!n>ld{PulLp}
z|FxF1H)ptb>3@d=Xd1gE9ddj~sTTIl#cUf}lth{t*a#)uJpG>Dr9@kR4L*H5hCD`H
z_e++9g%`rB_{F3ozUK<^43{ruR{~v?VIsLM{)>xhiq#WO_pwG#MPUoy=o~HCQ_m8C
ztV~g5=XF_l*tEUo1K_f608Id!hYDYpHZgre7))fS^GL3=RuxyemBvJ4fF!>9>4(-h
z%4FB*6(mk1m+PT*3``41UzXmo;#UKf$uil&GKUPxm3#`>0{Tk_hw(C_M<!?g#JS)e
z>JVG1ddvQ7mZkzs=ixE{iU3q_OD9MKYPmIoD<}1$_(^C|cr4AQo@I^KUO*u5wPy{#
zu<WMVug(rQ=>z{Z5~Yz~c3>?7yJ@DC0C<*4FPyzFMqKh_t`Z>z2pK1H4UlQ*wgdY9
zUXw&BGw1CE(3rVqB9?DrY_%I^d&bmz7LmbZ`{8qrfVn+_)GiNgFm5lk2v7f#MfRXa
zcZKJM`)n_w>0XyHHhP1)i{r;k?J%{3mz%L`E&C@Kx|AIVIkivC=XR|><bcjuT+2T0
zf>;3l^&w>^*JuC{J0hMzp#%qTEt?W!PR&e*a#T8z`K0y?l$*8NSK4KKc+WR6`po$X
z$yEk>GYQj}G&~lfFyHKL8^M#2uaLol0^^}*f@f=?qH~*9+}4OH+^IB}F88)WBYa#v
zO+Ryz#^cH0CsVUec-_~n|D0R%3R3EN$>?4)%2!8upG`w3p!G!z=_{xtUA>vv=bL4y
z-j^-Hpm}ayTZOL^R2_?HmLz@mkuIjOOdSmxkuSk<mK@hmGwV+@vBG)gy@v^w94&?>
z?ymzb1?#*p%nM_xv#=h;XCv<AZ7MUCQ6So62(;9J-VDfi5-IxmV3ae;06PDL)fZ_Q
z!^09?9Z5V6%IaPUGoD85*)zZdn0^8#P|FRz=7yM?q17XlQU?Oq60I1(K@OtgNapT+
z76Xrns{5lg8}y=rx|($pfFV3imTu=|E5y-&in(LR==n@&Y3!mx9E|EB<9Ctx>x~&~
zHGSt3wlH0BPm}f@Q^%nd(<wgGBWTl)30kI%h#ZMcyRS{pc?f*F{~d}tsV<^xf;<gE
zzsIx?B)S-YXL_{#LJKFha78@=o+0|B!tTdsaiNR?@7`H~+H6+_>IgYCsGA17XoqVY
zj_Mom(M-ffkxCE+Jco*!V`oA{r<ZqyheRx}Z_D^HZ*`WAJOBlh0I@8BBqQD$KWVjD
zg&|x)q?%_Ma0F>k{m_%J`HJcO#cq*;ZxC6olY*deoRV!haTUDKa0DAc(b-BJmm#Dn
zS<llph~==oy*EXI6Z6Sw*(BTZlFC{&$rXy+RspUm=LFBG&GlGsQ7ZUFnqXyGHL&~0
zuHS29W>2^gVpZBIt48Q$!zoS4%gHT1EH*9Jli}+R#}X%jQcG|zLQD}>K4?WvR{PKj
z+Is>B<G~2>yM~|q(SkWsoty^+{GIDv<rEC&WQ|_~tNFA6#i(HT;JcxzgF%xXZfVLp
zI{)S9M_46!*{(r8neBK9dDm;1ze>7qji;sz_X#cIfd|8~W6Q?NRi8LR1l=3vo$=0b
ztf-{Mwuu|4N|vQt+w%gQA<e}rAz4WE>E@btVgdOQHl@+t`fT`Eh>=iINnrnVQ;7KL
zovsU4CIsUY&qEuMatD>$U+97#mkeK(SX5;J0PWqn^iy1G4v^qH3wk;_S5o-ZKIsFw
zomwg#+m$IX`da@jsR4IKo2ZRR$>2nDo3lnD7-ty;F)N_oVqN{YfwmA4)RPsjqZQ1F
z-dZcxD?R-dbZ#9WHmJylPKXJXI)3MoIqhdk$d;C2HET09qgXq}%<OuK^MhQa`u%|?
z=XbEvRjHnGnRVS`3JUxOA~9;8Euo2ROET-f1qk?(9UBC!Y~{r?6U)Y=_-EOa<PCU1
zQXi8UBDoi>X6<<zoiN?c#tVyfNQ|R{=ySQ?jurDyUE)ACIT(+cJ^A#k18EG?cL*@y
zfgf<X17A4m1h_#Kf|QelM;Pu#pY+uCFeJUZxR6Xnk`ka!eo|Ni-89x(@yi`~YV0ML
zhh_j9n|`J{o39`RPa7K4IcPq}=Bf?#l`s=v4q8;jDd?#rF_ETSp`&6Rhs#$E@tsi#
zQY~aup^*x|;d5~6gBY;l`RHv8F8et+dL@6~Sk-lODSRwGuiQl;R$Gvlb$e-eOhrdC
z4|s#pA|jn>iRC*VJS{OKvjYXyPSLmHN0gB%Q9sjwsM)-JP+bas^;=cQxwSOzO4bYv
z*QuC1_`aF6up?sg51NkcCH6AYQ*Cz^3$lRDh!R?yo8QsiX_q`DzHr6u<;t9NjKrP|
zpO%x{q~^6WqA9N|9?25j!WM_?>P32C3C6n@%+7rX;<yZR_|^QQLRwgJ@LZuO`wO`a
zr_e-+p&9%-sI`3zcglHSOy;D<Q?&W=P%2y#F34JLRFNiBMAlRGRK0k#L$=OVaDEpi
zxxcM+8n&a;o2@h{^Si%}H{7Y23>KDt?rnngyc2mqb!|n;?t2xVIbE@*{(LyM(3`rq
zHY^amL5FU!FRs-D1z&jy4bW*6&Pt1llh4tY%amHUMbuB1J8ShzgVW$eNjG-ELzZ}#
z*IiLFR=z{_W%|dNPYHKFOi)B!JPC)e`YOhq5eawx7Fpq}gP8blYa@LX%NQmIcj4bk
z9{i-RLnux1g5wfDb%G8vz5Q>)z+>lG)^g=rItRZUNxw*HTaad~S|hBq<z;cbOUqKC
zwD***OQ`Xqa8PYIa>w=tfl{b({JMxKK^_@_yQ<Iv;zzL3@zHCzLwkfgizbOUS<P7b
z&LOOKs|D2b(v}SJb`QY#jAoh-0;-i~Q5L>Ww5X0zisgcY7-NG39(*kmImGaZxW3h5
z%Pvw9f!HQmfp5yAA&bxe2`X}q6ZOrWfwyi^s<S~2<lNJ-@Ckt;Sox=y?VQ?B#XOd1
z9gd>m{%eyV9gs|{Q*UePSXJd>EB5{LWz-|;%uGo}t(|s4gU2%K*sF3e&89#}LC6}k
zJr>i4DXD;kx!okd_6)M5S*{a@k}S)|*P~@7x^%VfO|2hT{+czD_PNP9g_q5GqshFK
z@nPv3uE}OxDOk7S3}~mUXlD0YiAfEY?0i1e+u8W_GI@2Ae+tkI9VO_0xZELC^jin&
zh`mr12opPCBQUE{!#vV`(Q8V3Y4lMx6ok1`4M)3hl?i@_w<LHg!DfK&q=D&K9z#G0
zO`(+5?R4hqkx}E!(DiX}V*~3hc<iJ~2Z9^B2N`@>Iw0YbwZuSKuqY*eW7}{^Li=h`
z%|AgJ)t|alS2C!Xwmi*UAc&t$uf#G&`q4`38-IBc#Hc8mD{1w#`HEdy00zdVl{Q?q
zqR<<NW*$7}a$O3@Y<~_St5LbgYWqVuGM$C3tzLJ)7F>(DLi6OtUB2tpsv$VN_x_>r
zyqDq;;{o&B%yXFmt?)62cKb3=6mkU2aBOMhy6@YjO9l|)tjei^fwUMhNGL0M1;Hpm
z6GQ<(pVVsc@F)5bHmY7B1Xw!)@fyMO8)OJcK)yf+s}Bl}2_QF_=Yk=UR(Yh*&B*5e
z@nBCS5ZXnO0?0jf4&ARg_93cLaN7uMTmU?Q8!pz0G(a;aqzAN(lnu=^n}C)mgF^t3
zpgWZs{id2QqhQ~ccyEh6fC`oia({M_8UTCf<S-dv`>~nhuC#+&T9QF7)v9pFfwI4H
z0^pV4n$H91Hx6?WYYp#fG?=c4?aNNKU?Ei^dAp+S+k`00hGJKb_L;NfGFnN?Edc}q
zy<Zh~>`D{H$zSO!MLhxS4$ou2tkC=yPvk;{;hA<yCE7e=YK7w(9>UOrrF2P~r%LWi
zRK2xOv64ohiemkhnu)JCk%6X*fo@_maq};Jd;r*5#US*6`rsv+ksbV{n`5X}Y5p2D
zN~sQZ#<+^qRQ?I&GMdyXPeKMRY(-kg-4jyXr5KI1JJ384gf}(>%F{7N0PT&FWFBFs
zo7at5PHkk^ww0~VVL`1II?link?TSTNN%Xt!~~>2@mcx{l?$Kl{g4=Gkja#rcFG9x
z(l=OcAx_qu5N9I%XGnKAAw@g7fWt#x_~+Kz9p+R_?5Grf{TzR`7|hbSJE9s`2h!3Y
z8!zUc0LyU&>}^~XVM45QUA>YYHh3z>`lr{wxF{QtM3Fl2<jV6m@9!t!+PuJ3e$R|w
zx|{Gpwcjz@zhO+=u<FzaO+Ku~uh7Vu`kI^KC`-P31pt)Pv(h(?>y#PRh?*2fcU`sm
z>HOMtleAm-4QU+}B0g&<QO&D6JkfEQjsK{AbmZV^Mf6d@c;fu()uy_Cmu|+WiF2)i
z6Ef@%(kkx~FlL-bpSm1xD*vrz!opgloVV;Fga{xIT)SFMq(=I!&%f~}_X+}xB~-Y3
zn466%cNAM>o7r`h{~9MX>*u!)b|l~T>sY9Dr2;%NR0SL<rYA12_QORk7S;4{({m=k
zsuOL~E>rwy!VBiBg_PJaK0nDvq_cKEfvj2XL`t?DJ;cP#Q9KyvB6+Ok#5CX1xXL&^
za)ShYgWb%Nylia|>4R<&c1z7zff59nCm`me(a@|1RHTroUQ*uXR>@bA7b_=KXr65_
z$-mYts^ra1xAUpkp6T^wuWm%H`=eW5Mo0|`*PrqbxcT7h;g@VIFm{gi4vdsa#IYR~
zzf(Ch4~!^?s!dH2Y6l!g;d=fC{XCkub0{db!mmEy30gN@_D05r7X#A^b+l#JJr@NQ
zZvxFHY{_A3k0niB4J`3$U;~DV4ku?R|8OpS46?rrYfn89yW5Z_S(L(Gi;*5rNgp>}
z5Zs?h2o#o_tr#R)7PcBvRTB`LS1-HUy_m%cfwsgyS^jdu!Pa)+Wkc~O=um#cjq3VL
zSYl`RvMo|@L<j34Ubvl9Ene;!Eml(xU9m*A=)zv~^2>{#(WGP)V=t=294&7?7NnRd
zEZTw5Xx|v`tGOx;kZZ7**2O)yiOw&EsbSYti;9VGxqU+j^bpj(PuDKFlVbHJn%=%M
zu0|gii6Z<B#f<_TzaWhYitHWko=?{Wl8HgoiBF@-@yapiMNepxSJe3F)7sv^clTNg
z++C1<CfaO;{2^viMZ>1FN1k0`w*0yUn+T(J|4Vl9mR-`%^-4vTL1$L2QoM8>A75_v
z4p*Z_m~viCkwylkJJqyzm`IAJ+LZ$yE3U(~;_>#o1<T#?cun{-*E}*vuA@x+smYca
zV>$yh1ty+RO5Nqan!XaoLGS1ym{hr>Q~N$Bj>1aBeT;e5g*yC1wKp%Q?FT%7kvv}S
z523{PK|t{}{Fw>kz+~#qz}1MNi0gDgefBt_m60gfqEc;>SN28}9IE;nnOmRiRm{8d
zD)HGJp#AD34YI8pfQCkBN=MlW^fn(xOg=@3y|FR5z+8tsfjC~kDtpmo@m>f;=bV1e
zlW<U<4<~n5WF$)J_T>xp>cSHL!{5hnh4<>S$^Z<)afMLB$Dmc$*IpOxQ{f>WWzB+k
zV}%4C^PxUiCMoITjt})Xd_b?V*qY!tXX?ZD#lVyrXCsdrGf5-udJC|=emnLn2@CFV
zWz}1Qdw8csv4dEXhF7NU**-sJ&!{|GSAo*BMBn&&=9Zr9!)q!8;Y^LQqmMB%^T8tK
z7VL(``KpU}V*bFJiJH3xR@GO{6@J{(hmI_$`BtVLGxke7*_gq?2_?A8EKGmT$ve+W
zH`jGA&%^L>nt1L9-m{avt)9nkPCx><x%mHHK!FFp9umRF)SQcZO=oM$g#|*s_|yal
ziU&`aN&9*i<|?k!@T?^%gr?w>fmp{>VKM^qfFoD~$LtNuY)JFHW_o01UDnNcs>p!v
z<nASxi2OC0neX|Sl-*`)sd$(;ArLLcEIP~1KC2S(G(K2J>5wl$udSDm>?DF|SD)p*
z)W#***QATYVDVT<TK|tF=&tG?Lh2Ibx#THYtkeZMysDncRSH~G{S-5cT01~|W`ODE
zj=+nEV?AEMCW(6u((mLE?4myW$OQax+`fNOzkTPVIV<-7XOv_-=M0@LEOm~{Dz`f`
z+Y^jhk!b3+wC86HvV%&%`8OQ$?@4~A2Od||BFW?LhQ1+NyvRf{hs?OucE5)p7ypm^
zsZy9M$AeYcfPj(%xUPKXODR_uaZsrO8^Z0s@|<ihf-S%J^X9ThNifM*PJ=!Q=na-|
z%VeVuG*RUpUz?a^G}X`Ax-Q@1{H$`$<G`j7XsOFj3%;BZbwpg7{(Z7=z(!x3ktdeZ
z&c{RC@oa<gy`P<Fl?AP;m(;e2eoB7ljc_L9bylw$G1-l}rfO|RqfiUsj`X$m-T2wJ
zj3qBrWnZ~A(@%a2vEK#R>8!6!xO-dNNij^gxL!FBK#I-qj5ZsihqM*(Hjm>lDuEsQ
zZECXA&RY`I62paBf`wbomB<J&d!eW<^G4u+L3Uf?zjfPt`O`uiVfv*na3)Wc2D(Tl
z$h!A&7;*Y{#<022Z#)K>c-~Lw)E9tKM4Zk?oAE}f4CW4%j2`pLwXm#?N##KppTW@0
zd7{18!Dq^nQMZOBA%<&^nW>sIq#Xjg%NpjE5<O}>Vz9Js@q*C!;_S<z5WL0&yTKGs
zrG6z97M1MTfzanoG`sZ5azQKhw!q+<L<5#ekfasNKFz(URPH)#lGAHdPT>%fyc1g=
zlUAP?0B8EtLKB{C*RfjA1`GgywJ`Qie_mJ7>qP*Gd(7iWv%6P4C?cvYd8jQ|YnUpY
z?KmRh`MXe5=}gy44Tpz4$XMakTcv|7y!TwFG~&el<#-5tIuqXg_ZOVCip^<s+%Qlx
zU0051#U+6p&aLo8B2TGIk|-0c{XWj5TSlp6B;!eNZ*n5CT^Pd0kNGG%&-+4k8&2QH
zcO_svlnSYv<f5e-=_aGHhx>I;wpzdvTbThgcRK&tlynyqpWB=o5H&(!C4#miSsF**
zEw99$IziWWa(M8y3zNh^9SM<LLDm@o5}LxM9zk$?*;O&pYP6bS;E_&dir(AlZJoNM
zijG~ygC_5#_e*XVt?1AgRzZ=VxvW2tT;g>nPi8ufcF@L0Waz|HzL^rj)om~E$?hy%
z63>+@YQFs{V&pTy)X;j$kUa<D6t#R_-Qqr^mkkkq#UYKW;dN=KmJv}$s+t@b<>+|2
z%+~W!*EILCHVQN?<%`D&ib%`z9j;c~(Rx6Z>|0ew<&*xTTLQdyj1x<iO3#ol!B*sG
zh^rr_n?LjiQjPnZldI8Io6?nuroxC2%em*PIgyTGalbh?Np{|}M4ztD5?36hM9bnQ
z7k6N|h1>EawgZ+R%9#9=)Iz8)C`I&#HzSIp^1*rWXdQBE8+b`pKxrX)hSA<z4lU#W
zJ#3jOFLil&rYLJwGX!y`V<9L54awV8auZ%&w_6UYi{ZbOzh9zv;}V%FvHm~4k7Buh
zWfdITf^l>RV8n*-er08Qt)7`#RoPBfpWQg?F)AuS97ydTN3O6JU0y=!TI#0?N%K~o
z6Kn;IqH?1H;s_A5r9t~<guiSq@Mdkc@h4MfQ7gU#rH9)ZNlNq7ZfGa@&-h~hvhYG1
zA7i8S_&+SpnSW|4*Wfbz<N2R09BM;Ma7QF}pLVUe?L_v%DDPi#9OIw<fyhy-(0P*u
zbZtG=QA$hrVvR4gB`VKRo|`km*<~5@HGQxQ*s7aBee0?Syi9~o>Lw-Hh8zGBnKOy(
ziThr#e3uYmtwiii$vOwA?8gr-_mUtJ;2XsXgHJ73t(XIhh0&D?`s^Y#_I0_<K_PCW
z?8t-WWa~(SrR|*x2O5qxL^?kZgGV@_^kaxRn5L0}kdD(>cq27O5UH0MGy<Hp^$634
z$XVI`hkT@L3m!d!2fjXk_dg_n#osp2&RK8LpKVdUJESQt#ebzmV=-um%G+uARUX`L
zl3S_B6)3Y;PgL&RpVQVLL_`cmjec^qiOQLLc6(jTF7*@+TjU+w6xcQb<Zr@Vp6+ju
z+{uuFIO=K})N0<s!;4AH)!P({jc}R`v$C4xeqaLM&e!rNTSllB{#e$&k3rhH{1<4L
zS<<_3eu>E_z)YsW`<@YaBV0Z@ha;53!u}$Tm^qc{5<3w7WU{+<8iaR@kg<B2Ola)(
zE7-8<-M?ndf)sY}XmVI{a<nhk+3Y8W50zff9+@`+zMU{~CHE4Zaq<&Hb%os71e^KF
zRAlBIyX(2{(*%|X?R@{SrVm}s41N@@Ez9EtWxsp7U=zL?nY|RBDPg+XYxAtLCJ~R=
z0)!osx7=cb$LhB^E9B^r2G>_cdQ7d0@1=Jy-q2pAlW3Z#%jJZXUZUS@@%whp_p)rp
zfcBv~=Z-d%=tv#qLC@3Va_~l*Hoh9$Mdso7SPRHh<MSnh$#VhVM#n4(Sgy3y9W-l?
z&<8>Msz4h5droI_#QF6$4c;R)P{G`f7eZj58l0f}NmRXdt(qB;5r=Lx$a9&g%bw3C
zoK(=vwb$NIM~XW9eJ5c`#IS$Fc9csRAi+g2wQ%(hw6(7%uY?APa3k^4ieuz=`b@(l
zAM#n_Q@<Q~%w4mmf(+9@!KugtZRfIyQ@AIeajjpQYsD+*H0Lnz`(h7#0s&4DqmMU0
znOHPfrL3g<XtelaB&nNWq2a(RCaT6Pcy$LZ^!s_7d#{ry)Jjv}UH#VEyXTvh!m%D(
z7h50HmmR}V5ibY0|5Gde2vlxHG?kJ|I8aqkF|dX6<8W}D3?JgWmp>cT(m^|!rI6OH
zkUkj^kHja?w7(Q8S*31iQ=ba*`lrZ{^+dS;f_GNM!5Od@i!W0Ih+Vi_h){U#44kk-
zB}e8D3?2L&$Tcqq10TVN;ep0S;n19;=pS!YI-~cQ5~lL?M42a{mD}V8VgM<zqo(-x
zlM@3!)3M=EiowvC3e)8c1PIMQgm`p35^y*!_(zAcmQO>)@({t7`T~P2O}|GGzH*xZ
z%h6~PZ!1^V!3DkI^doqkK`PYizwJcFU+sGh+pUv(UIO(^z3VY?YO+>?xo3@XpX0Ql
zl<f*L8nsH?Rk>)IJ%SjUWio9;`I0C4E7t5+N;o=_XNNW}Q}i%QlI?ztaHkNJCK|W9
zU*o+XFGDM4o7j@+-fYPq2Ni>K@6%w)E<^d6Ne{am==kZ{S1V+ku`3q^l+i{8=jKro
z+paQ7$1LijJCCTvp#5&+Vqa`Q@n3x;b1JKqF5xIaUO|ig1(Z2f_E;We$^~JMSJB_=
zzX@Fk$&uYmYX(JSZT}5lwrQPzts+9dDy0$`@&Gu}L7G7|y<F?mk?b9X%r<<FIDW#%
z=EnJedivcv@}V&gMP|~baff!4@ql!cAbuPLIAto9%HG_Irl?YA9eDiQI_@<5eMWxk
z!(Y?-2GBL=d3yF1$MY{Vu-NiqmIZU*U%uW@pva~0kKF8y%!G5~^?0AJ9NT#s?f6OU
zzC*p2;80p5d`u1XjM6q)oFr6CtA9MV!`44Mqq-BFTSYMjY<2(8!L4ZfV_phch5%(P
zx}Jy%qOK3u{F|>Max4Nf)o+d;3LzAmRFSd^%28k!U*it)=7pnYd}yrm^QrM>ExmpX
zEtb*S&ftu!SNb)9;E0|=GntcKa4#p+ntdqP_<$e~vEGF*CK^Ycouz%Pvm=G)S+QCY
ztRU`Gv%>&iZc-e<W-s26HdRx8l<t$p1Al5Ljm9&giKvu_59m~P(1vpznA2D5+e)Zd
zt3n`=3ea*~?!1E2Tf=wdZgqylsX*s~Nm|InEC))`!XAP!b*o(K!m63aMM?x`I4Z&W
zAP2M8sP-?KXCg+MFzhTA1$#nBpTq8vX(Is;cvQD{;~&YspC|4g9Xy8fxj3xzRH4#>
zz4hykl9M8nd{-BLpgni5*(;^W9#STVpr~>&dJGi}`bfmpEO$Ut5X2@mcn@3A0VE)m
z-Gs^hQa8t&tDQG_^WIv~YT0;V$pn9?Fm4x*T>7v7oG_T1kJY<jxl1|XD<Ou#Fk@8S
z&Z(1hk`VglPSMmCVAYgZ6c-k~J9c%7DM?KuDVUaAd!k{xltz>QCFZO0IAiSNtjUsj
zxw!tm|H0h^)}vef1zjc;N+Ow63Ub<+svSLJKwf&ajaELDIJo5!j4ZtI(HSuQ@k8*a
zaDwDbOX}QGw2E!NRbxO+<51l>Cdy6*_>H{Ofg0>9+xY|Kt3iA<XoDOyyBdRJd!1De
ztG=5h{q%<iya{MgYsywE-zZxv7RNcB@t@JMb3Vb<3sN%|$!23RCRjwQO6S|9xN2&Z
z@IpNnPPRv5!zMySKiCF)YZs~pC$Msj{Zw@F8UDk*82ra&=?k287ejM&VtJWL@HG4@
z-dKi~O)-fS=!+SNgxuhw?{1nWRa2AW$1$DTZZw>A;t3@Jb+#`0_EaR&=jHJQJw7BQ
zrrdJ(<e#)|@t1Qk+JmEq+{;NxD2ysCm-S8ac8}EMG-W{gjkfXOIwyZ+7tyM}W3H)*
zNTYt4^*|n8n7#<f&O?a9S#j8?U+jPCpAn5(tDOJ96gyI^r=fbQFb-DdxjD88m5jH@
zaxr=$*5zYL;T5dp>lIdP_L>>l6-2>zUP!U9$m|!V@8ValXWB^Rgt4&!xWKSgj-Krf
z11`;P0z9eOf5mL17aG-Qy2t(GN0({0tfu}_;cY<RfU#&G`&t$n2SkAQjc=JWXgOw#
zA68&2LaZ557c>Zur9gFonU*a8Tk|p5RJo`Tg<^pf;RRJiQ-wOW3#xxl*fA1N27JXk
zHWIGR7C|(8el-|f_n)$bxwylYL@FQd5hLXSDUUc+P8|rrs{h(*O5K>EfIJNYXe2W+
zw!$_qB$?D?+F?6eR;4A+kQ!5b5D*+&wXifr3Gx*3qH%YjXczLeRXju{kDl-DF^Rn-
zuD8FJ;bcvRis-EM&If!g#Z<zMiQ!YA9{%6uAxIXvP+JGcU(psW46JdGM~&)c7<F7p
zFS1xqr-BH0W4D!Qf41U8$klWRsms%EAhcI@d8gCT$t2BnOG|F)Ay{P(ESE(DEQcZ+
z3cLQ7UqNY_D#olkn(2=QC1}TlhqD4OO9I+%?~;D>e@VXveOVb_^9{K$_QZPW5#9`n
zTTp=D8ndX{gELJmB<bsvAQ^u<e1C8!Z@Eq{&R&sg_!(T8VZES)gLdNQS=ZZ^?dan_
zPWTSxrzGUKjrD-25}5|`fIS3<%-196``b6gxhS?dx$)+653)V=Z$}iEdxDYezVb}i
zwCeNIG<4giAN++GDe$D;$N_Hx0(j=LkQA$Ox$-}rgXg0}U7haz7JOzI{Xc~Cz$)Sg
zNu8S{QP&|2-d$@4Z5%6h-BC}iiotN7QdOy4vZ!y4IPyxeS}ICol>q6Wk2kzXHY!V%
zVl&azlf)4|U56g#JUyIwyZO?Mm$6Lr0;tqPD$w+C;<J_r1=flbg5=BpL&%#fsjZ=$
z#u~o)f@rGp+uyR8Ol^B(psPtZvZAErbyftD8Q^9*ck1%74l@TjPQn5Omc4n_9z$x8
zr>Rk^fYyJGc2X5^Q+mY28BXjPzCWJa#H4pxa@Nq0R(}{@<9UjtKE}Fmrw|5<N*t%8
zJ<vMC2=EPkg5Gdpf1wwDP#O&z<RNdn1ateClwP5<Ao4#2x(_8^y(j1XRbR(#p=Z_p
zk=~m6KxICpuz*6)r<a1&!He)bigCj8jky$DvfCQqKM%A$LwFDxkuc3-V9ckVpy9@S
z0hJx5s>BisuSokP45&sr$3<lhFXrUCeil;dvpzsi-=P}Cn^2f&YPvP=R(Xk^Fb}<5
zHf@|nWF*NvKc=SsYScJpcP<$9^52YnTa<%lJOXb&K?Yh;YiueIh>8h&kIAZuCF$c%
z=G$Ap`Vmz<)@3Htm7V19rpK!q?@nmbv$b$s1Bvptz5p{idMK_E)MwotOHXA4D($Rl
z)di4pk9YD|@n&V1Re1kP6Bw`~^vAl-SlidpWn7ut(Q8Gsv2D4~i(@H`eDF;Er=(_c
zb+W%0X$$KoxQZwUJGw|8<)}ZwO>c*{-FCYoePQ5yOB)K{g#hQ7&<2J)S=H>y+#Uf`
z^&9!4WRBQabj51ZClK14?SK)Nx%StbFtM~t1r!Oh5P6Rfq9UVF>?K2-8-FeEs0IyA
zn8+8kJd)D(Q~K+~x|wR>0J2dhrN08C3Phew&sz?89>D8840nokeNS`y#*J?D%5GC2
z#1C|Pwy3GXm+b&Hv4d4-$K4J)59!5=J)>H-^@GoEd@jYscP1eZwV%hrhMlv{7oHQc
zvKBhUu<0P-qZ%!WMiy18Icq$(I;60pv*y^7%I~FsI14@rK(z>7L3!UGf_)q2jm*#u
zmfKwmDPt<t9K8aE1Ux0UZ7KPyC{{mNk;CYS7f62ff%H5GlgtH&#$5v_f7}n0vXYb3
z>$2WIX?p`SORy0zym%BwNiHwi>c|;Jw|PYR=m+0-^jwtz<{fyD)!VR98lsX?se-Uc
zjEE}Q>n?Db?f){D1IoG2TZ@}N2-H}YNd)32!3u*sh397Qw{dCjhWK1iFHOhsbGJ6;
z$6knf202_?s2o2vmu=W7t9*z}C-sElVjY`IwK_-cHBg8la|u)p&5`%7av2O>;it?6
zV*PQ)LP>92TOXN(8$H{eOmz_qHIf|7<}CpK2Z5GjY3znW`}wSjI5JAr>B0z&zLV$&
z!`|YV_RJy6@ttm4D|)q4NHNn<qTCA;9xFR$nfnHkYrzsUQ9Nk&Z<C<@u%Lm3q;>(@
z^&SaV%Adjqd*pF8qInDZH^d!^i)p`-MDJ)F12gWHE=@`E$JL#^#O4?1_Mw5b$o5h3
zDl^znPymqS$7i~Q=wzU}s4PFY&)j`HUlXKehrN1@Nq8>czqyhgfpOGmGek`l*BvVz
zhkyJLtf08lEjKS}J&CI}!#_xKr<{+=$DIP1MxnZr9Sk1WOSA(UqI&W~ToUKU;}59J
zfhIO%?~0{y@E>&{-~sz{F;b(aT|QqBY)<j#zOfq<jWIZv2C>XfHs9oiuHAyp<dOu<
zyiMNu={ED5^)IuqqJ4aJY>bkDvLMB;{R6WbL^O!cJiH6f7bX>;pkgOjFW4UK3VvQp
z4FsWRC)X@Ak6ZRp4THs1_YL<a;v2ags%Kn=WvzC9dfUPGyW8+C2gCn5YS^jRe|V`5
zc^bfzWqIKY;kG@OD3iGe-~H@xgPX<w2QRo;%=GvLY~{$EKCcgF4OkJP!X1>0VOVMD
z_eEoqcEo!eoh-Ba>zXGX*gLXDni#%H+u+`|br|SAT3(?+?*E2jqcj*%jyP^=(Cm;)
z6w<ofYxod1D8{tL9qVFu08K!$zfI6Ts`E7uvok#mjdf&-rKTF{W@Ey3{Uk40sshux
z=Poa#FF?)=0(br(6ox}FBx!ug%=&Nws>J_;rP2u=v_+TCFz--RP&A+g%3IA)!MczM
zE^J6R7SiYzMDW6lkz5Mv<W^3K6IJh&u8qa*1G~*$O?tC<e)F)WJ}Nrejs(xuY!^pe
z%hE_P$$=zxP&IkxHlw!!SJIbUa!EdC?Y}#QTecH0vbsgV_}>xYAr0`eM9iZJjQ&Aq
zA(0cCg`1+x@6an9OFj@)EK46)Xv;h?u`Cx0+JlWK_60?fd}`#$T7}K_Z2Z^^D*t(K
z8mz774ID^n8U601Lz&PfYED5~UcGbyPp+A!@f##eUyrCd$V9U*_ih*`GHBq@NINGV
zXkXqjwr?(F!#rYrsRnadI>)q(zp{huGhzs^0>j&iokLDvCjb+&?hp#B0CJ||rJO3^
z+3@+}Fc+V;pCx5(qpAd0S|5Ja_k(GH*?o&%id9i+@;=1+P{{LyP<RyU0x8dKQyXf5
zc)8!PTLchr6X*Awd=AVW|EcdLbA7)Zb`mOG`Xq&X#0CDa`nIw`PK*r9vSUnIV%INy
zKDY2-G-Lbi9RAA<ZI4_jPTa>2$%o&ZuvfD>S6}=V;<)$j;%|U&o133w)$6yWAP-PW
zE$I2JP&T2M9~=|TOcxUeSq8U@)lLm__}HLWSOJ3TTOBC(;sHLyUm2deH*Lzw&w$eO
z#-3Mcwu0_N<Lg48t=T_dBe_jeXI2X333jIAX5aeZ8V+X5XY?(e;Y`9(`S3tl{lF2<
z`p@T=C`PiCF|`;S{(5{l?~<QE4=xhy<Ac1?;2m&Q#ME|-xbC|77isGSUfL{=1tbu-
zj~uZ**_Evv@C9eVLuD00KCLn;?jc+=+`MfSIZQg<;x{X3(btA1CAK~wuwnPW|Nl~>
zL^_nUY<@t-<gz=QDx3DTnglJWG$7*ooz;U#xl=+jXQj<drv}HsNqvo}^i^pZR_S~`
zS>Lg?7935JehTOgyZ{Ow9XnZu^L@Ivp2FBk{%=N$W%cLAxL1;597O~0E`Z<x-X-uP
zOiTTfP1>JZ943+7g`t#URmYG8W2&~y<aaa!jy_kkxpY!92Sdg`AReu(M0875AUYjv
zXIOOLbm)x0WdC{)l)$ZZfkeWK?PrKcnPv4;7JEL@dX8Y540y=R$b8lg6e)a&Ya;F<
z*JlIeAH8Hgp|WxZ%juI>Lk_2YcYQa{DFgHC>;+2?*lcS|w*?8<IHq-UXoTwZ38E`G
zwU~bpKPT5oZxg%?$oK)qpKIbWBN`C}598aE>HZG}-VMWEB+%?16iK{I3g$o4AAfgA
zC{W=S{m*$J9IXBb&fo^j;Z{p(_4bY3-uKU$aCcJtVG;!k&c=Q`!^3))Ja93~-AMAo
zo25@qBYJcsUnMXtg4m|y)m~rxS2~agyhOn#lnG&T#fM=Jl@kt|K2I@enlr^I#y1dq
zW**f2_7V!Q)x}?1x)Ot6i2?AcOFYg<^pyl!fh&b{S*XU*IEYVzAbGhO!j9E`Kwk8~
z8T<a0P_=23ZT*U_<!|u#?hA*4sQ`pp(bemWv^Tl~E-QV4S=?ZZSQ^;|^m0`WmN3U;
zgj9ecL8-3AEM+liJ~MEyS4R682UR>wMJ-_?ObsK`GI8;W+p*ltFE(#tprpU)a`6&U
zP?++5wOwm^2^qNBOHKo61#_AwV&kW5=t3QBuYJ$oX9`E*bH)j__5_SG&L@Dw{1t`;
z2RJAQS7N}0MGa}bLrlksoe$&CXT2is+QOlQ#_pvm+??A*3TCt{0b{~e4n3A{)04-N
zc;Q6>zoH`gA|{KfC`8YZe(b~XG216C$MU_wO6<jQ#6;tqECc+~^r0<me&6oo`y=58
z88Ex}IGi247z=Qda8B?JcVK1e<~&lIa^}!B`lzc@1{VeM0eT+*eP!ub4BZBy)7yiw
z;wjejk6oS-)!adJ4<@uyKVIfcfK+SoAptfXj*NlH6sVey*}Fu^#{MpFspLg5I<ds#
z@Z{{geCK#UBM!wIWJHN^11gD!MAU0=o)}IMOO8va$O8L@i|e*Gu_}RfMu0iaH{1?}
z-#!hX38ZgE5lUiD^nQ0yNFnUY;HPiSYPOL2#XhEiNBVl{*_0N(AS@k2)I-?OoL_>V
zlVj@+j2~Y`X-%QqE`v3wn?rjhG=&0UoNC<~;mpHPzBCdO#A7GDnw}Cs<c0^w$NJEN
zGDs>th;yz)-2Ud5ClV<dzIdaaaNIX8iK1o~<t0y+ahink`gMarmXRODkIJ+=pDKJ!
zKP$<&bP+2(BOd;S#|BJ0=4OcVeKa=~U9-_76`B&gBTd}yeNF8C&{aET@@?;aL0pb(
zZ2LXtzP6+RYY!NGOLg#0;!#vkHcwQG-8f%^q?AnQTLU8Su^t;d9^?w>jRgUD&=<wL
zGAYg{#^c7h*^_1Z&T~d~84rUVRqBdJ8Ihk-q@sC4i`7;v016r6C!fJ>Z0E!u+VgLo
zeX}6enboJ=g*Q291ZO<WZ-K?;q=uZg36Hhzoqh8c%<w*JWi6ZC!o0K8@s>*(ckE|m
ze)pt=&k{Hqjw?TGsD@2JS?SjIH<x=2s9K6#Boi|@Dp}u*P>Dnl)DK(%D<&lV1hrGv
zSZA;R7w}n}^r0N0a&cO!bV4;cX&G};Wp0ar1d#VEzm%|t>Vm*JpI+}C86e%P74#>M
z1T`2I&<s1Dhe`sY@EeDAJ-*Sxk1iY|VopIUDcQ#+M$Qw*repcnf}k9*>qmarGm%U@
zitrayc+gCse8-W$g!F+`sTO{1<oO@UIT@d$=kI>wopZ>hPn12@3)(KTTz4XMC{f<F
z-V2y=Or){}a!?e+|F9bLdX>C~mRQRALLliz4+#@>&pY=xvv_m-!JpBq4GUsN^{67^
zM=tLuMb)xx8GiK@1R_Oiq*wG=9K*|BQo6U|XJL~q6Yyy&SDYvkD0Tv`rO(Kb0qhVA
zD&}aVgeVQtqlAJnbT70%53Jo$+OC>Ag*wX0bW_17wUyQ^QiF*Kqot={AqHW8X%wd%
zl5`Ygg;y#VRRA_p`GX$IYcf`qaO2F&HTNZGCOVv3x>dSUp!Q%~lIX@gZDCz$ab}Ff
zS*1Vi-}OJ7wnoV|elA&oYHNDE2g!}fjLwvf%7MC(+nU;_1?#&O<tqSrm+8@lrHEky
zBI8(4%99%qzSy_QXzx#Q2r+ClfSjg^<_8fr5MM1I%L~<Jv@AY+t|4$5VM|8H{e*GN
z1lv4YyJFuZ+=9?3CS=hA#^C4knYmbR9C?h7m3!H`u-CU@4W}w#0r;$R7fr-)H8nx#
z?EZ_EFgB6AOkS+Gop3+HTYhwj9lV{GU=-WW6gEfwp|BcCR7%*)K4Z-h^O_!sOw-%t
zKdpdwwMuOf=@#SIR!z-3Vi|q=B(x;A7Ej)z@u)XJ;<ztKUJg^tjh#65XpurfnRx?r
zj()CR5ghTxwvTM1JMd-_0+oI>^3U{c$#M&2%UwVnC4%v+I^G4ufi!qWY3bq}ZfBLp
z6asRC{_tC}X{TvQykJMy@lc<D7I;{UYP}XO5$Iyo-@S{TxvjKgV6d`M?QR2@0!v&~
zR1DNO0^WbpEMdAk&6mnB&;k$<-T7l?>X<={03mVog>USD^5g)_#|)O9(G6t~p;pDc
zBh<oYa!_H|Rd$tUlEl#Q-WP<j_J(L#3RV3?7$R%4-zPsVQ19w|$f#-=N@FN+T6i>D
zF{Sziko5Lm>~S7m>L@OAZ8pnbcXXR_2K?4CY`XEzMgf^D$}4}1`$Eb+s;EA;@r5X9
z*&Fm*Wc$rm(9;Tf5Nl!OcD~T0zKwphaX2pj#gi~=9&=QxQ)H1)T(|+H$?cjO0L7)p
zY?6y4k^aB@Y;Hc|6O39}nxBIGV@=!M_R_Q#5LlEai!)Dy-Tx3xV)A3wI`2ERttJuA
zrh_M>+>##r7Mb%jLSfGWHF3`&q;x!=c|EkP*liXOhAxLalZ<KTmg*e;ZzY0FlpTzS
zZOgMOPAG%%%JSQxPy->-0A&sFQ}CWP3gRWbtsAGPeioqf_*mf9iYRNg`+4<Qb_)%p
z)>7`^9O~lmj4Gl+6m*R^jb3i(Uvw&3DcX)JO(6okg`(vb3)tZlx(3CYqP6Nrz4FXh
zl!tFrc&%gXIaR<jwE8qJWyU?rYuG7(I41hQdX8^$>;M1&-cELaSU$p{LfUIVn(|Os
zfkN}(_1T2r5O5u9m1KmAF(mAa)EE^zNWY%6;9rV<TwE{N=JQ>Y&mUBC=0A@YT=#<(
zv%%&8IbtL9%R$o_;1+GEAFams18I%0-sP0<eUMb^)E6#TWA7xt9V+2frVCWN7|e2$
zg@4QZ_G-j&B^!tp7Wn}$AOpe=>rZ;ZlMUZWV$J9zOjZ|zOgTj5`H6{_8Cdt7NyUdN
z-45K+CeF2sL3bEcw2!o57ArQik`%{EpsDI;VgJ#!$(YIgs!Ig|Dtz0j1CrHT6^M`!
z4A&BV9md2y&QPXFWE14cS?aMSV@pfra?dd)hg`%sa~0*OsfcZY43g(vWHJm`zc!yN
zFIjCRsP`Z1+t>hxKI2e*p=bA(K?`W#70HjGo`!(|==3C^-1)DrRRLZANGSUS9qD7K
zYg3T-lUyCSHh{ajo(u(?GZR-(-#euRlVxzM=&1r5p}Y_{kQv!A<gp;yT))dZ$<@XK
zxdbS-DaV8;Y(ik9Kw%6`!T=8*)l9sLSD9l?w|n-?N}0hlXi|;bYG=S<l-=Vyz7a@e
zVN|tQI-X3Q!y5|^b0KJWUSKNd%-}fF2#dD(@vUYyrtZ#m&@7a6Yv6t@y$w+Tz?Mj~
zunhy~j^pxx0ybg11>!#@5&0II)P`Qr7v9IM{M)mND(PKc3JHd7h#dNwITAr1*A<(&
zcyBN-+ge>3@V3B#Zs8in4sZiyvfB=Rre8PS)~>naC-SF`<$zy;ywgM1Ku2k7iIakN
zN}>ROvzcNG#2sHF2K;OrGpl}tu)4=;ZS&Qe9B3<69GMiV+OUU5Eiqy-Mq2L`s12?l
z01-jK03T8^YwaFblWdwb<O+>1SY~uTg+x>JUzns>=q#3CEDn`CbOWj0HbZ|X#{>pp
zxerVfJ3!A(3(D=U8gbMoLOG8fVrNHU*L}V9Frr4h{3*2WLZt}ytMD~BXDjG@tBuvf
z8lsV0%zY}rPuVP<QME|_EcpJzh+ehI$I#8nU4P9*8cSGipn-0Ie_DfQ0wvbuJ!QK^
z_8+7=YKst#XnJ$*utkk7jK>t{fkgVVhs95Y=&rE3UGLIu20WRO5Wf$XGdrV&TT4xo
zHrc*C2^rHkp22(W7nv?qG7p|PSRHoik{W-iG<B>7R*wGTwva_KzFI1=%)5IY);l-G
zi72##__w<R0O%mchz#5k_-vWhI)NlM)$CEk6E55FqRu3<@dq{WFI141t%{fuxTXai
z3|JB1f<!;SI#A@Xib-X6*u;>_mOopMC$sGvK>Q8g_$pM3$BAEwyg}<wQWeO(q?B-F
zc5v_tFfb@s$FftdA&)ELAdn`Zh4N^!aM1o(5>|wFp5Xtd7g(D>*ogC#*TFu_+!M)1
zCrRMNDxib?pz$V(U<G)}u5Tz3i|gbIOR`y{Wtgl>b6fBH@}%)R`w@^U8GolBjqRta
z<6-z2dTbAY8WWkS#iSGe@ePI7Ca;0St{_dn&Ga@#{>*vW)_bhF{L7m}2G|mf6Idob
z;*I{X#=2nl{5t|V3I8`p|H(K_GdgTOwC>}dn8+VaObwO&BrXhmt`aOYZ!=BP&0lpm
zTma#vz%3o3z{I)aNs#DzJO;-k%_9SwsarmIh1IV?v&%WI3g5>7S<i)lL1*`7w=5lT
zGR^4Cz6k>WHWyO;s3>M;?W7Lh5@p7fo(lZI&G_hFyd)Kj1vDI>EP&EKxg(;L3$w<y
z8ko*g+$m6lQA1t~KJ)-04Cnv=00IecwiPXLfjpuJWm^KC*^UnP4(w4@=}AVO^=$p|
zbiNEihmR#w26W2`7f3d9wX3w8T9%G)cp{gfL@D6|{=Lp4lcQ;?t&r%6Oxet<i>6-I
z`K;zaJEK|iqu6*{?XGsPbt&*mBd;SV0CxPN+7vWF^WfLDd@&&~=A%g&3LzXl+Hr6s
zf+FkFK6~KhaQPyS`D1g}9)MJ>CuG5fO_ZmDpj^8~bg~Z+>YEH<K9oDEW8GSEe^M!Q
zs0j{|?q?NO4Z+q}UrMTD7^Q!DrJ7=-ZlJiTAbsz5a)EHe$H=|SWekm><mIW7NQ@~+
z6S1TdAx?U!R!iv#e?187W^?1dLhic*K;2)!Eg3Ex5zb?o{El2J{NA&9&n{nKfJ1O_
zG)x9uhz}vbqR6Rdzviw7rL-0CQlbn@$6f8b$LCwgvJVTIn=7^dvwPMkdwvr85&)02
z_6A++=PmdgUk&?Q3miOIO~I?gz3OC&9rXoxz`*u}gb@^UekdeX<n;CtLQSrk@h?=8
zVd7Gg(B6L1m@$Am1U#{<y2OAj*2?S9c!JXK#8PRU@2{**$sUA59k0aV%QhBEC4t6D
z>jXmX1(7lDVtq>lM#UL|jg_)HJK^{d3i52&x2L3LHI$EPj^RE&;swFXhw4>MX*(Oa
zB>Ot)k%sSr?I%|xr2R`+gciDb)Py<9-P?BGfxuRtr+mDBs^U5hZv$oQt`C9)cs7_5
zuULaJrV!NYU9G^KTtPIOke=U_BvI%T(|k?OQ%74QUX=XAqo|Te7aMA@_}za{7WdV_
zXS024<S85g0002G?c#5%W8*FdpZ=FwO2=52PCVrojaC@@joi0&+7o|XF`a`s$PC60
zMy`jsyNheF^+Vfm$2j0-JQgPzU->`FI}pAO{_zVkbW_#0X=wq^iH7Kwybaux-h-C9
z|MKqEuJc8AeDlZd2zNRXL1@~pRRN}+Jv4ORX2NG#xMTtP*Hr!t-1MFM+t8c&e2Wx6
z!z8<-n=#&k<PN8JbQBFED7XHE+q19PfcC3z8%S60ca={ej(_GF5BQHIk#i#7b>P-2
z>T7*b0?B{<-upa{qmO%0zxX^LO(y?K>GJ7r)`Y4h46dhS(I2c;h4Z<oy%%N=8|k2V
z>9#gH!4DN9DZ}S4Sfr1U@^mU}-QTLlQ*kaMJWFn?Ab5+1FXYd+x!V5XRn=XCU}C`n
z6P9WKB9fByWLDxM6Lpqpm{0tzNCFYs^%!)v)lD&hA61O8WQzFDTJ4Y*8R1|H#S|3@
z<AFxpT%i(0;(0G*_C=a6UqTy24fyX6CiqOjIuY6AkCtO+rlFkjc!2)+5N#qIK&BeE
zXOuod@ZLpFRo9<UOHOr1L1%C?gI6vWSwMOlpik&(FAs*4)q60wy*eur8RLETXYTov
zgWDhSZwcid2U?*iyQsJhx!A>;LBK64$ST!*XjyiCP}8R(yl<JX%U!%?k%6cd#fIL<
zEN7)t60`#}geLS#*EH$7zqEi~ACJ``3F*x@WVtWlDh<rx>2b3eL5d|r2b*jNB=Avg
zja<us;&hW^4o`6@3){xP%j=cbZPl%I1S9z=4!+Y7O`uW7h%I?5mfT@zk1Ud5q-C-x
zy-`?v`XZVA+9CztZd^GZ0!H*>*E-IJFq&H5yP#p(ub1?zVj2QEauO;heYRGIP-hjJ
ziiD4Mh_?Ki(H3-QlCB<UuHmFRXxBn;;$uyPRN0-K&-KLTap2?{c)Cd^!TB==8v0Om
ze-hpN-@)DmrlnW_*eP}UrCD|$BUaYzmG$DHZrWOo#P|OR;?M}}8@}nxBzeR8UC-t2
zVZ->9ydhg?@=qRkzD&C>*Jl|Og(WF^ikm6=Pnu8hGK+T)z%BlU^_B0NY+x-nEKSzo
z+kAW`HQF_%+bgFv4f8fj2xf%_X6aGSzUP~ArZxn7!sByzJOAVIbKVS7R{_Z^nqnmE
z!^)T^yT>?{E=k5V$PzANBY14?jrjm*NdB-q{u563bJ)M?NcW3Pm<QJt_^-ujOMglH
zREYd33fV(K_#PP27OZF2w}nGqb^`CzA?*y`E;3*-<>YV1-}2t>M4=*XLPv3_IR{7U
zeO)o58~_QHLrX8q*N}{3F)-2bRt%BrL<6EJ?U*PLPKHLqc9BGSFdoQIZ#wqnm%1B*
z8N2;wwWwAL{v}uY^<Cxz&kE(c$rM+-v>cO@?wI0WLCukb0sPkDw`((Tr#p!@7{C>=
zu>z{dC!8HOsN;#JB~42`v-euRwOsKtbUg=oXyN$32=s&;)ABaGU?K$wmAAz}1ya|(
z+40CS>1j1|Cx2L-v_=9_*`XfVJf~C51eHW(&9w^z;|F0jJ1l{IMQB@UA$8H_Gr{Ci
zg|;1BiyAD>Hk#Ro*%`Xs;Lznj_W?TfYcd;iSXq2}h;H4oe$7J3;ZU=~mXWq1SS(X#
z0AY>`sSvJbagMBR!8Q~bE)^Exdcs}3LGX*SX-Xb(7gtlhuKff?l^{yN(LG^pVSc-x
zK%+DL0J##bJ8X*p==_s#g!qH&YB5tbU={#Z5V!TirKc~xK7jfinP(Z?-K>rt5wqwY
z`SpDSM;JWg%ZqZ)Y9(vHCsBRrFplnyrc9I^cItsj1GT&=?eZG$m^(a%6DEBb3x!=P
z!5^(O_=tfYP~!(oSowrWK{F-Jy271NEIG!%@(=B!7<a|ahXL0tq1o`WANKTk<cd=(
zbr)4#SR`MDi{=%-BROA&LJ!3cB=H!{7u8?G6l_B8f(iQA8e9eUz@8G<pswB6v&z9(
zXBv!N%(6$8uq)jaE*k^eaqU;wB2T^A97WFf3f&yB&=S!T<Gk*mkM95M9uRqfgK7qp
zPu?yykBc%Zy#xwq4iCrp1i@v1dr3Y&d5S3o6&74BfMLbj*x581%_^=;Y^9zS3U1G8
z!?bv;y<}&iYf%pvW&C+R$I;`#YfRN*8yUVg6WNOe^uyz^cBoY0No+47syMA1d^nXl
zybQ)vw{<<Bo+;<{;O@W}3f3gfAM>y*r}VGaQasim>fx3cpuZ{o_^M?R<u3T<?&noH
z&--fK-A?V~B$f>&V70$%G+UtR#GIDSKo{9qZwVx&Bs;F+jP!}}HB~Iryfi69VGIsU
ztF>OuTAYMQ*iKPWl!0nDX<UcVb~k!Yj8&2GBr_loz3PVQn%$o+KqHiY_bjEbQk<0X
zem3L%OJ70@Gz()J2S^EZkMVg0t-}cKI1PDUT9C*!u48oHza2K;zJ+wcBR_Vhs~P#}
zC5O4a-9~s-I6qfA0gYDhPIUQOnLSQ7=Gj%cP<UPfxiHOPSc#yjY?&1)PBK<_kYHW*
zXG<hof!jYP*g<)&Y?LJTin998+lDZ4S4*%8XaE4?U;bXNmNmlwrHTCv2@fYPNM@;!
zp!G(1@Q1OH<LlX+n9}a0DkU3bNZM5ou~-WbDLP=X>JC^=uKe7av%QYnmk$bh_T^m<
zv9;qVMVA7^&0pdqUcdLtwJh0LhqqAfVBr{ry`c%4LlYKDaH^#eNe3@-+$(U!k-(kY
z)WUc`_ybJkA7k30rU=M?PQSDuRw07!o6rQ;8KvS$*5ZScF?!1oIq!+nD8gqz4jsh(
z3EY&wPt0IB?K&)p=cMAac)L)aoHY|3s61S02)Eh?iqYJEZgC-)VMa3e<S%ZBaE>u$
z>LOn`-fT}+EWcT(8W!m9b~sv-i=v{Fjv@5Ddx6Fmb%}TjtKnZxhtTVQ4*uSbG4v7<
z0aXA))~`4CWLLB7i+wiRcJfwdV;z-1mR0itoxH$Ad{uUj+%>_k;N?C*jltE31imrR
zhRWZ(>@j&D11Zm&srbrCb9GpFWZAE;ejQsT&`Su#OIyXlcg?Bs634<Y%d==^hV3b@
zzL0hOSKQS0EZsNt6Ml3Vx|WsF({bM)F0a`xsh>Fu;~JD&WMO2_nL=EcxW2tp!gd!H
zB^JY1kCpju=^@62zK30cd-{~eM@z@ybqkhH$-RmfKiy*gPPz7xAv3>CRy|<|sWFZN
z{@A<#W#efnDk|e!<v6)SiF*T_DfQ(mTF)Qjc(=X>_3*1ktX0zkQ*5{nfk6cE488fy
z&r{clwOzoQ$&2?-#d|%@p8dB4?10UQ0hg8-MR!;bSY~ctf}a499k>w*2R4GIr_#&0
z#mF6|YU6SQu_#H&Dsx#i{GOD#i+q}pgbvOJQ3*AdN9>W#j;*P;F#<zHXp=9fZgLCG
zhTNw#RhWFM^Wzc9uSX6jza>;CwE6-lxLF>n<9y&y;RTTlOUzaoq4LXbW<v0j5QPw)
z1nV6jZbcd7eq@&OIi~++=bzJCr#?1#g|s<U53wboMa)Z_C|R5%)dzCTt{%pBcbSRO
zLnt~ZR8xttcZrhV_+5_*O)9?)GZdy!ze+PV0&TQ;2}^pRLB$FjqOTLxr=F6{0O$K*
z5n9FOawlVc*sAc_9!qcB;PRB0pwgK;4o%(l+Z{RTqsC7|)*94D3-0kP{0gz3Jj5Sz
zi{$vVBN%w0k-^!!70Xh^K=-%3m&K1IsiQ-RW98Q+KT`w_ALRCpM#G^8ptULsEX}Rn
zP>{S;qUiV10qz57hmN0eSN(EH$l=}V_{=IxtPaKO-tPf$UnYK~YbGmE?&iy%$XVT6
z)F6v!)G}=CZC~nJx^$B;ybYc*l~Nu3>be}-*gDI(X${jKG6b|TcA@F)uOaKkL~G9x
z4~{SY?v@NJ?Rq1+l3p(MP^fT3AeI6Bii2K3=Mz9Xdyj=#XEMVYIn8Rxi7LZ%a>FK5
zqN60aFDrZE8;j4>u>K|8jRuQ^Qx^|t_?|z!*~dY0F0K`%rQ&u654M)N<#{`Ka{0`6
zsDDZH8A~dZJe*R*Rw}PzzRseXS#g&&&FZsu0|+zbO!!Xv#crH)e{L>j!441ov5sY$
zP;g|su0q6tr){PzzB@{WNrXE+ebN|x0pm<dOr9OhN4U(?Ato!Hlo6oK;xXwZMB4F7
z7%|u3fN1C+JV>r)ga3He0CYnaD_ZCN0ld+2iJi#jwps0-_bi9IH^n)bG-Pg?g|ibE
z7h`XGaF}#1QNq*OVa{!Hn~8Vyn~zC(yfkmGY2|IFMPq<tw(u+?#Kb$AH8lnsGHscf
zM8y-^gkEX*x?=bKVz<-nC0zTUbKDZnhb6HjBtPc3EVtuhE0<H~BS6Pg&;6lq)Ydwv
z5iIe@5TYn|3Bur8F-h~GuS0wm(9YcYKRRtw1VkGQc<7BPyw_`CpokVzfa>teE9y`&
z+_#J`C;&tdBZroN470{Qsa<jOhZ$s7Je!CW^Qu_&)Yj?Gnr3r%zjl8}>VrfH)%QtI
zRQ}faD`YQ=!BvB_UcbvPraW<Q_z*bG5NBp-%XOkq*Lo4jd6S8={x_42C+yd~*4wj~
zmG`U?XhA8rnmzB+S#V8TPGQ!dBlzYkQn~<F!l2n}gdK^8>}7ZisWB1K2<Hv(xHEbi
z4v3u9Tk})vALI#L7<(nA^W1&JK)4Cp9WdzFW1d<QfI?)_be<uDoEnk8vM8~HLp|@J
z%`0(88iIr~skbbFGCr^)2oiZZOM(H@iP@bdg?yA~<Qh7Z?wCEAPHR)R=<2<kOsE3k
z!@If<77$jTCpl!7S)#}EX#S3#9s6eM$vfRgr=E;4SLR#Hd?kwI&BJjZ(ovz5f3ElZ
znE_36@~P1mnK;B48oEXq_Ol=Z<+^Y14;k##+GjmBFH0++G0qgd&{ADgn%4-cmOkE)
z>$64aM+URss?LHT9?S4*MYpw-oUg1LyIDsJP4(2`v5m#;PWK3fnTBQ~cdNPy%x;>|
z`Q2Bd76`dwjUDW}$Q))#6etgy{8Be>KfG&zY?=6T{pQOD_b)k@HK_O6a0gPJFsZdl
zW`?MeNP2sl7a}sFMYimYFduzaxd|c$)lN&sD0-&3{2QRn@|X{B{1h}vCc_Epmo4HD
zZhVtHzyH(=`6zc4J$mFfw|Q<#4Jgd+@hBpgmvDFPp`;9ROLlI;73F!n=nx}1R7#kD
zV=Ej9ZxJ7C^=Vb$hEN!P=K>5i>BN@S!z8v)xUCY{xVbrJ1XnKO^qrpM=_@>8aHoK_
zU)1T8qGLq#?M~~g#aD8-i(~UU_W7)Y$nfW+PKPE#OgI3he0Jt=C&V^hX_`RxmxbN)
zt#klLIdx2fYsvahhVmf&bv@p#G=gr9dy&22AWh*b_nCBH*QOU=x64`Xu<7D{gBQI#
zzzC$}3`B0c%Q7j`9hb&^UZVhlAeMk>jzP^DR*1Ld1|4CEa4Ul<QiSV^eJ<gDQVp#Z
zS4WqFMzJ4eUT9T%+Uyb;bQ|d@)-OX#PX?AXihaySzFEE1Fh<`FpX`mCRkUIR4XIcw
zi{R9aGi90+k6_Jp<qd3lk-QD#%$d`0NVfTf9&@fV_5iY}o9XzmS5n>M>SUhhk2C>O
zDp#gd2r6tRw^7P=S}=_7J68C+zo1r~KJKFiiC&cp!UU0pgTEA~;4J&<9=!matc<rS
zC(NiXC>Jzn-I6uN=r0$szTrIxfmMQb(qf$FsR7Ty+7p_O&PwdmV}t&_6C?MW8;?7d
z;B<5;5j0R>ntkZE7S$3t278}B7b$JB)NI>9m`SqEz%cy4c;CUxgZ%RYqDd+hMRHyN
z*n+ViL1yxTyk*wHF=F&|-V%My`g0wgx}qNZ;Y6}#hV)KRGK&R$P`2WjJl1LxbmWhU
zTn@c;Xa#RZ97_6qnpi$akY!<<__J*Ss=y7^UguFZbuyaiYiqmwY&A`Ua(?5*TeJ7_
zq^MrveYg$8_KEzX*rKr#u5wFjg3p=`6c)hgp9rY#00Yl(G#raim_;HC6vYjlq>)D7
zGA6ore*!wI{k7f{xNv6TXCzQbev7+cG4i?w#tf6M4UIzIfI@Tjji|$(pv{-*8}>J=
zs_%<YkASqi@*hpAim5Pfp$^<oXPLtZ$vVTl6T)j<UN=lXcLfoYIW-K9u@HZN5gZ%5
zpSp*>L|he;l$r^F%)2Ms(d@Wy40$+-ewMG4*$s8TKL1ZXLL?s4@6)@T^jAvcFIe7F
zbePNbT<d;9*py_hEeR6L*;cl0w1ceq>y~hLc3EXsS1{SwH=3Hontz&5<Hy{);NF4$
zqf_astos$Z`ku{lRIe_oh<G>r1nejnsxLZU;k#(e-wr#v6WUa{bYB;;Ge(u0;58Lf
z^IT;*gYivFCM-E+-=tyF8mEkdrX3AFq#b-D)Amy18xj;Zm;CmI%N?%LD;n?Sxf;Wl
zLk-T*J@Eq1W>WI$=hkeEd=$M~tEY+gt9;0pfXu)DR`Bs!;6g4S#gG9@o$7y|GZz}&
ze&RZq=f~!>CuREL2!gtSEcB52(nIh))zWnI))dJ)#ms}4Gt*Hyan5||UTml?3lp(9
z&mMd{koX$Esf7&~Duk<4SuHGUYI9vUq?Spx?YB19(fN(ThEF`13+Ea$C(+X6buy;)
zT@kQ8+xG8Mal&|YdOEg`M@m|Lt7lYpDp_{KH@@>zykDQgWG31xf2sG6$bjCYtaqS3
zx<PT|>;N-9^MiHL14@AIwl=1wrSfRs2|i5Y2LGLkF}kg)51Bev$%3PvrU>;t3|A*D
zblcMI8T*yEQS-9-ni*~0fEVDYFH~=9660Gp{L|uJ1;%=YW68bRm18<9%$0<lh#K&v
z;%+-?FACH)h2>`<_e*{!`=B=Ltm>-if0Aab1ci?T)KC>c>P90jlU+rG>@cZ4WCrqN
z)}>qh#qHRNqM2IhUMTj4E%88MNO!KAd3toTMfuSYrE_dv&N0!HitKnUz0gRnvoG;2
ztc;-o&i&pxshWAqd`j4^jQ2Cr9?6_A<yw<wO#!HizZJ!w=XS{fq<P&RPuW61e|GhM
z8P9g!Lmu<(CykY|e*M@hlooFrRxl|!=DE}AC_Q90kGF&4|8zr`8%+HofS;+Dg$083
zV{|)3ixOseC`2R6vDOdzwy$AOpH%~?@ntRXO)0I6d0P_3pO6(hlA)x@d(e(<FRL+Q
zSig$;5%ZUjfZM52Ox#;bt-Xygsj>B5>f&OaQOB_xuyFAC=Zjk&hn6Z5?ae8Dmoe;_
z=;XIw4R{Y0`M&y&+|l8=%v)o4QWshLb_nWQ#we6kw-=d``!%&<J;WC&-AldK@)Q4t
zi}xPS9Z%Jz5{Q7NemfW9)Z9y}l_ksq6r^ZDQGlRIb@Eud#u+D<JTc30TOctO3D#vC
zA9BmM-dFOwfYDqe7@r)I_1k6pCNcm>idx6`^I(Y=--+}#ibY5*zv%0P|BlMfRjl2L
zb5`z37Eq8kpb|czR9wL2^x9D$5{0YeP`AbAQ>vkBdK?n<b1eDKqC3?v(F|iDxvHu5
z0|Ek`;Knc-Ji#`f8Cl3=6D7`>Q)7?qZRZFE5TF6(8KrTvrj17tn5qE|!DZyDx1Tt7
zhu>-Oy}dy;&DPoutIbdo23HcQAwfIxo_9!ybwfE%Khz?QzA+!oh{n=t+R&1Z=6yiu
z1*%&vf7EHsULRV17r5Q&IMz~YEeY8G6BXP#O#?V-KdI0<KYUOr^-oJolU}7QJxh@8
z4-Jl~O_go}wG^)a7M)jYE{-HZ?3xNA|4fIILJ8k&i%8KQiFi$m8-_a=4~eWbz8FN=
zn>=A|X7r0<8Zmtyj8=oV$x)jUnP`2|yV&K8p2)4z@!8lgh1wK7u%PX@ID`B%dj+#^
zn6z@Q;7Gf{kmFUh$*QK+C3NMB^8^}i$sv?x8jTF0)r~^XTNb_J%Avq*6Z*2?fv#I7
z=+J$7$L+4vogsiy8=Vhb-UU7lHZC7^O>FjQm=T~dvS_p$Z|^rfVePTKV5O!3UC~PI
zD}z+DsA4d*t>naRVnXrCO1ARTnEo@Cvt*{ZU0=K<{P4*g_s|cxKu8-qwm<JymrvE7
ze20^UZw4CtA+xqbV-<3GQfL_-Bq{!F7TW*4vLio+o*m-O^yQkTiKi8F$TNU!ju`XW
z?z9n}BCPp#kL!2mfmw)7Tuip~O`@}-AB>hxlDv`6IY&1^M50ED<`7z&Laj_tQvq3_
z7{DvA^olT~_*C3!v5&J8BJoM{w^js+x|2u%ry16ygdw@Dby)&>-{S$O;(@t<d^#0|
z8*^Qg7^W5khsSUs^;}Zp4yYSPZL{v+2~Zt-cRNzOrrs;r^?VKs2>Rg;y_W=*X7)OF
zEN9lQt)uK__ExIu(lBaRwGy;}tJq1M$bjf*vCbfkdPFv$7dMOzvuVIb&uY3eyVF5$
zomq6&S9qMKi3@Yvu1e1W7V!Uve1qQOB}0%K+Q_$&l{Ac$59TJl2%?*#DyHA8D)Oy#
z!nKT-%p`{z+PP$E;KJXc2Dk}BnyOTD{OL-M5_|BWlH>n`YNMNu8<TF$rkk+&lr@%I
zMr4MAGJe8AjLnAMI~zmHvz@2`h^rd0zdKcDOW)nl^h~d>1Y(gI<ciLk5)dl_bvnxa
zIc&HWn!{P@eSELoPgFjMB-rHA*DBSnbBy2a&K?wYQ%6?P{;KgZ`2*H9@=lta=)pp2
z2(=z!M`XYi&`eSLghk<Q-|>s45s|4mYTMJ%jbxA6p=e;vLSF;(cKSy;&~GU!^$nIb
zu&c5)eq3FlXPXiV(H*7qc$-|msodCr04mbE)fYG)0ANz#b?}9LFjp&Lr2kS)Vhf_g
zVLgZ$rtj19aY!u(fBNdxaAxrPcU_K;5~o}9<Z?o%#1h0O8}>d*;IR){bJZS=h3yK8
z3R2KusOOH3JCa30pfu`f!Z)CoZyl(c@n*e3Y!Da)tpgudpQhCg!VFr=mr6qML%F<c
zR1c14s{Ob)M>DL?6BG*W$q38jdQ!GasZ{mwu<tr;J_VZ-`4H;)U(Zp=TG6u@qCRs<
zCFvOnV?1HQc;)|T+eFG<Q%k9I-pX?k37yrh=f->{?~34hub74eqXzXmfn^Dp)V6Gj
z6KV+0!9^J-o9vDBY+*++O}JeP6ZkEj(kRKjyT*_zT^ox9Dt0120(}a9RAO{5a-<WF
zkjUn%Vdz8wRqgyzKGH#F0Xi{yq9=afOR+GxD6AAfhs4&Bv(INk$t-j81_pTqK!q{J
z<)xVtvp^-U$O%<LPltysKL03V-p|Qrx=jUyR^|;~kcA&4y{MT&QKT@+84fK10mVAF
zz8>n}uiDg5k9ISqD!B9C^RM-ebtIv>nfm>(ufot~MPGFdxKT!$T3MXAn2dAsMpQ9X
zL0W@O)mUb8$f%bgL4CWwbA}i?HIQ(Op*Aa)UQ;W^O-G+6Lr(f4z}Lbuv9Dv)%(5^D
z5ZmM|1eyZoK3xQ2Ozji#Kh<_|cG?@Qa+rtVv%?*89ok{FyBo6Bu_JkfM~4RX<5q9{
z*hvu%H|6%=BGpR_p(VH`I*MAC8)i0$>oW?E7)#_~bSM%~s8OqA<}}qso+55w0q8>?
z_f#f0Kr(o4ChiQPYMV9e1}0MtG{W^W>YoH~q8=U2<mvfNmk`0n`<-vXrf=KrmN!+W
zBcLiS!-(S-3^orP(ZU=dkC}OR*6@-iF0?p({wTBbsmo;cm;t}Dn=le&x-XMjYH=kM
zpN{&)C6@>@p+0L*`6w?=iqUT}?{-9!u7+`~!^YWy|1SdxfGHG>fX$gp7Oq-Q31TR+
zPp^B|Pi<LTSilqmszGj<?`!?k5L&Io?v*gN{!jy&-L?L(6g$|xGUWyk%X~X+%7wcK
zZkiU5nG7`G#U5Pxl^)E6enG<)TZ!*ZPVp|XYPu>Eg+7R_=?_G7RW#49<Zu-{jHHY*
zjr=t?V^CZ@gQ2Wgt>n&gh_UAGK`o&Fwk6~t*YGjsTLs!Y<Wvqb90vQaNq#{cod_HJ
zK{H*=%t=uRxu%mc2QUiW+~Q5bxMI>G@-kuX=gW^iSKf1bkG^h?5D?Vu&`+Y)?(QYD
zppJ7n>-cyS@*Cx@W9s(&tq0(_>_B&m78}9|EVxbP*eM5gfb1_vS^4Ykp@4Fj@Kb*g
zj)pR}7@wnA(L_mf84ix4(N|$&5(11c-wzCsgV{zf8NLAt7jU#m36?{}jHY~EzU$WF
zB}Sssj2#}qGR=c1)}!pCw^RiM?6;1q;t5_qn&PEq+#Ub{i-nJt$YQP7ihfxAX&z^-
zNr{M6P_m5<AAX~hgt|2iW71SeG3(0}WsYR<^k5k>N^+<gbMJB&B&2tY8>t1eFn;mJ
zwktNIlTYWrUIUxYmKnzloQIDztE-zDPnyPy<mv!B0yIy_|5^1y`izxKK)kmZ1Ywyq
zszihW6(9c+P6&jY-&yol(q|bISCcwB$F3H$VF1w*JI`zgY75pOqCM0Ovhbv$m8VFL
zNq`zEO+5&L*okcxgY{S5VgSRCs8)061@@;k3|<ej%{g9tzin26tX3y?%z+kce{eL1
zq_Nqxv|A3PL~EBV#!~W5)_r=kiq+lC-7~R%Ey<zma%ptK0e_UVk{!=}d%o*qGFJ<;
zhMu%jz4o#9sjs<B8L^e|U|~OFYZPy;-vxMn%LfjaNuo?42G`H#`(4Qw`-s@n9yX5w
zFtp1cl6>C;RKeA92rjRtl!^o6=nAFS4-H&jkQj-K^>VF_zj%8jyf#MSdv)xHbazs6
z4n_@L@hic=V`K6$O;}1x32YE+?M5V^ZG+zi(EeWF{B_<*kc*~Fxj1s^U|NI_$c9M0
z5(}Ok2c1GS4=3Y|q$2v6Y%%vp@Y%5wNg}#8aMbbB1$5foxH|V0+p`MstuO$n<6wAZ
zQ)V1&Rz!4?hy<hkZQw-xIIv^*jtmoY=Go7OKf_<m2{z*U=YTmrPcV>$9hNfDzZ6l9
z;;BtPMt_3PF%^2X=-+m2USW<$AvLfjK1}*ky``S#yTGg6m|G&fzPW;^uEa0fTG8}q
z=oiB59bTRWxR~G6c;2vzUwaJMhmv*6Ay>x1lUIA0tzILhc7GNeoqZGD*L<%DU9Af}
zo3xRF-XwYKMO_bc9RGd=Ip5K7INwOdh|+YAZy^uh!_3Z4Cs;K^tc?1Tj2pA`sXfG?
zG-!M)bl*^`Qb?2KI$g42)rB{mv^3R#V9&j$nCaRGqVR-TiO{U&_ePf2&)P1^A#I#b
zp?r5GqSie6i&kkSVD$}%@2_3KA8c2{lKnKwJ<6mm>2N!x&NwvUXeEySo9<Q~^6aWJ
zTdWCfBI|K;$?hgOV-p;E7Ms{Mo0jLX28<L5oP&(3Ra>0Zu#+X=nu<>9VsLJeVl51l
zMWmz(G?F3Y+CE4svs<Y^^||I})LyZYxrjLr?WfT%yRbYEv>ZQgWNNemFl^Rj9o(UC
z?EBtSQ&%B0@_#YhRQ^FN>{{=&PDVBmB>Im;4@Q%zz*Z%%7jpA{^&-%EPLK76lOW&H
zFa(uFX4e=_8%s|+4VO1G+ver$+h9SV!<0!{CiK&q=4f$Mf$3^9nACKC5@R$T%qW9p
z^$hkUp4TmbT6M{@9)hvJ7lcg`D$oe!x8^%bQjwcWe3nK24Ah<+OfF$henUMRRhUB^
zFdI35mv~G7nY=&awBakFv@4t25pT?yNsY0;5Zqi`!VxccHjkqt_4oAjxJE0tpQbQ*
z|GGR`YZgU3$>YV*RM_z<_GRrfV+J(GI=GlZb7WLY_f&MfD#JkVkaL+gaKj7t6?DMl
z)N?b>fw$M?Y+Qm#Vg+YMA%;fZ%jg)9FEP^oh9tLvH;*->Jx;;aN9zxRxwd_m8go9L
z*4fh5)&BI3^*TTtBK+Fa>4Z|}BFr(;R*b|S*`Kk`w!KU)lcOTIkHuDpN^r;)12J+u
zTU4ZoyP%$oeokK+S7b@^cLsQzk5}Gt8thXv`uZyk{wsvnt2cY~n|laEDBXBwV*#WB
zbQ{f!c*QHEdiZU7Kbg}07VY2S;)hzcmZ)_Os){hf^;B>gJiIh78nKlj!nWf<fsmlU
z4J6Za6R<Q2nN#YD;J2pP9?qH)O2zIZ((d&~>)+czuKU1=5CSAY*)T=PzC(u7Uwb?V
zp!R#_l2~KMQvziB<rOg^b4`)i#u28)eguaPdj|c~+Nbzx9hW*bH6VVsEj(Z0GJ*z0
zUk&nPrl7*$xTXZx;Dn9aPcT0zMw9g~3V||i;Step$@;)qd|6D!VUO-}a_?G7jPwA2
zWDg@$nF=pXwx18y`U&CQ<V~8lx+Gm<<_&*A^3kRR6GjDnx)TUKzyL9LZof?&w8*%@
zxpBQ{IB$nAz2L3Aeu&2K)9MU*sH#2e>H-;NDK*><f`l*etP5SRjTE7H++g2{bLTPN
za3Ia=^Vo^yYcN~@x7FcrSGHCIP>~TL!@^&r`Qq~-%>|q*wKuKSp~Cu~Wc~5!9#tje
z?1BjFDH##($bGdP11v2v8$#OnCXEYvD|smwT~<~iL426>3>lzGGkUv=dj&v@8#TmL
z3kDoi?D4_cHZ1ZM%o5<SA$k8;Kw&I0=93b6O?4Lj3@azNjgJ*k%?^6(3fOR1UN~jE
zE(q@Ac$Iha;l_WZ%f!l3A;<~`ctwb(Fp%{%VB@N;#{QW*Q8$($u27B{6ml-od48}l
z#Dyf8mhCg>G|8sO+pPX@Br5|E7zE%0ZC4K-d(i^~0y|r#=r4H+NYxt!!D+*CDJs`j
zktSU8A-aSB90r=yD(>A1ukTaGlyjE@Y*o)H>uvDxS^eUd^rnDh$A-kux^Z3P#=A5#
zS0srP=g`)&d?5M5>hr1}Zmih>RaSW6q>2>~)LbK$!-fO0uLW-fi>}eP99DcmQGTha
z`{lK-FSsGx7Uuji%L>{0EoQx4aYVv-nfC#ch&>IVs?0wWOLFk{b|R&lQt#QhYO*O^
zNXtLtK*`G<zuzM64jWq8V^uzzWF5BA;xYk);kp2rVk3VK?zzO2S_rZ%g4$n1+QRhO
zK)Sp)SD3x0%m}aNJ|3nz;Aoxu0wRgIUEGspxH|vilGF<Sw?3c;Xr^()Y%a!JJ0Yt~
zMrwbP_kK*QnbRQL!&4QK4)9z>?3Io7HKCzs5mgeYIy|gdUVLIE=F<6}mNem`@Y`;~
zmi(trRwk<Z(E{di153FTmN48L+fwX~i56M<WyqIpy5?JRFfty(jpU0QdrVSK*~ARM
zh$TW+kowtGD_%KGw2iJt5d_5YE*n-OK^Au;N+mEMaS6X?8KA9-w%9;fp4EE9FABkM
z@x?u7!*Z*9_}ARl<-fdpLGQlgv^behftn}d0XIY&57&XZ7ZFSm=8XnA&Xf6T<3Ghq
z0_cyh^^+}Q)M0beTNaOL8>I1!C-q7sg8PS?=8gMNdQK_Me~E=zStQW`xXkzO^G*$h
zGUM&o@RxVKjm`v~x~xL%6RMQhg8J0ER;Qu%N|J#%CHKgId;x}Ao&pY47)qbK>K$Nw
zw4~2*ZR7Iz^{qjAp+A0n`B2)M<D}}_l@q)rg>=&YaeslM#p;nZir&WH99kRa2o?QJ
zY$24C?}Usjy393@RDKtc&6kB09m5HB-!N_*QSp5kOolXdik;lB%i4Ym%6h7})7p}q
z;*DkQ3N9k)^cqZM&7X}&|M)Cj;4WxHz_8TPQX5UhXB08O&W3{=lme%fuX4jj_VMA)
zw;=H<M|n~((W>zU1uMRkFi6-uO5R2|cr?a}_a0NO<4xZl?C9$%D|mJ}VMB%it~ls;
zDk&uVCIckS6o_b!8$YbZe&=m(A0h1otA<K@+kz|*9>z&NvAPs`7ACvZn$iLPE!QKk
zr32vngMlo4VC44J6frAyvc+(x^g=3>_8;_YKvo1pxJ=kE@%ZcyvilNFc@mYrKlSAa
zm$OwR7lZgh;!Sm?0AhI|_U4@r<sdx=Y(ClJFETk+NkyBFsO7gxQ;pK5p%O46QUGry
zr-!vwcwan<Qkqoxb4Y5$Bzm@(3<z~dF}&ifHajPm<5m@(a>3Ccsoie~b}VL#Yk<ik
z7`P)x#9qvPWlg`wjBv>9kOdKo&5VPYN<EJo{`tq29zkDpRgPTt56hEpOfM6_^I1-A
zT9h9y@V(!}F^!B6>!Veo0N)CSRY0#@D>eldz`EXEwdrfz64u-H^%!A35C!7OoCn^x
zeIS5D$P&@gDArnnHEl3Xe4x!o5TYEABWo@kZi3?tL@$oE3n#Az<%mZ!b%apay22mG
zX*B<roj6XB-3ze4Y3o&0w)d96V0fU>JYfltI10Xk?f_$e2o^oH0{6<3zH-B>^B3I=
zwH5}&X>peWEF{xccdSHv;e&fWY0g@Uy&!fJFR&%<ytE2<-wv`@C_vl?w@-Onc9|0!
zq|X$~Ak<n*w;L~_Zl2zGuNW7Eq6?PEst`>*ko@}`+K7TETln~Y+Z7ljGXEx2Pilit
zP)r7tW`>;NgwtEA#$>p^@uSSBx=0|LIrH<795!9@b&zf9%@i{c^D_J0gWitjz?*g~
zBOaXDFe)*OmC*ye#X<7Y78fWje@+tPYqTMCJ$27Q;0o!w8$(QB^ZryS+qMoEMvmvP
z2#r)iX^K<GB9xJ(MSW7dsImtRO>jGYP~Gy}%BP@nl}azt6)BhnCC5$hYGmV`V1)tU
zmM+3+{%YKfZL+)f0}K_|)HsBce_GdlULz*<`#iEE3|bQAGen+mh@vpI8O(^6sUO{M
zO3w6BnVY6FxKS!9(ed-ONPkYjnSs0K)hQKP9{i};*xt#?d=nKC@46XT2pE^k(#u;g
zF~AvHsWHz!V7A_DV_<OCN*spS-C?39!7pc~S4IK&V)dV^6Ij8ZP0dR35GH}nA=&Np
zUp14m-5-A#sefPZ#kaN;4rX9P1c|sMEZV#a;mLsskfPn6q6c{)m@h;g%uhw75sU%f
z1t9tZjosalSPUm!l6@X`74pNxvS((%j#NavuQ~}{w^v02GS^3g%uV5R+qV?eecI>w
zTXc&mLxb<6(&T}vYV-$qsX?_=h&R6BXMh1H!Y8x)p2T1@-T^ArZvs|O!HK|}MH>QU
z7uD2(DsDCMysaO`JT*cBDQ=_d*)1a-b)bA;amZuL0k*40$tsMQ^#k*>7lwu)dcWZ*
zT#110w}!r`L}vSuc>mD#A@p=WI<8Nw$gS{nJRKg3b(-yb$9~{qCA<t*0^f+9L_3Qg
zn)u1;{y1@GJf^EFy8Lun&pG>?`wt`@x0VVNTno81yg|<o6#gf$^Ts(&)Atc$E%OV1
z0OIn#)Aj_N6K7pIh3V%cWj)?JuY#*qztfMBihwpqkyBlHzw%-wB*Pd`?}ut<>7E}|
zYdMRki0Q?GrNBChBlz6hSxMF%bOP)e<Q4^7s|)OQW~rS^9>3**rk||#H~v{fPSMk-
z;h~k1;mO>`ADmDM<cREUB2*7q$eF@Gu!D{XWgshnynqsCfau}3*1=&y+{H<Q(7_C7
z8^eO#nW?25$$#fJMI2ec_bS4X5VB0$_hYk0U|StsO{b^im58qTabxL+Ft$ma?{zaj
zn`V^jwG4t)lLrjk1=hH8rEV8vAncv^Q2M&9DgIkDV7q8J`b<YeQB~|Qlb27k`NG<R
z@ti(lIk+VBsyuR);!DL26GIqrfmJY_n5)7YMTw&9>|pBr9prZ^Z5}$JcwHnad`r6!
z!N+PF6_Rlt#z&9%f<(oJogr*pGfwp_tLb`(sa5n$$olQWQ^dOg-Ua^#d4K>Ij+-qm
z$f@&jlT5%h=Mt%_!8Y$C{S%aTfkrHWX}ct^81@MB*WR03hD{v7l|3^bv1TDyX>{!R
z%HB(dkJ*pysH1q%>Z?cd=oSc7^FO(EsZJrlMzEgMtK_4Q20|9TD}E-xdf2xZC!+9v
zR9rS+UV4?Hn4UpF>RA(rg`*TvFRNZ}is1na0{B`MkNg$n-GLXA!b8z6{1P6^{C$~2
z2WgDiOjtwZp4@_H(B)HWoYTLAUj%uW)c?#=Fm*X=0}nQlo8o7YN_8(vJi|RemIh5f
zj!in&ZrZ&|wc)H6JIV1;TA7oI^;i!g!Qc)8NdT>qpHdQa`K)wJP-t$|ODtZ9+B3s2
z_siSyfXYiJ1IpEWjmz>Bhv0;H^C45mh>KKq-jfN<B(7KVdApBiD@t<i_u}eC+_htQ
z!|PFl^UKgvF8KqKyN?0D^l<bmx1~gw%8C!RnfdxeG2%K@U?pGxJ`9dRpaGdIcqpun
z1~yakQH*eD?!#3%=Z9O}=BgI%VKR-1iEuIMxcXeCYpx@+DAa4BFg0N!v<gX}YMXU0
zAC6{SaM3R~>()%24c)Max_KEV@+;D|v4icW%r}v|eUtvz{7A1(zyLShA}%g2+c`Jg
zEot;E31O%$nK3PSAk48)4zo_%#J;W77CPK#cMCcK^#=D-km8f`4`5z&tNP2G50n?3
zZMcVO7gS$V@i>JwtoDkMaR8k*xDN;Dh%Q_$(e;wIKaN+8ou!AdUiC%|H!MRtVVAMO
z8$V%NUD!+bK+g_!LL7?g12}a_;Oan|{3Rb!8f8!@C_8|t^;g+%?2C!w{E9I2MbShl
zztOWTZ+-|7PISsTeP~P1Ftx{6&|`P23kga9@KASUbL8eT9_NGFPl~Hlcy2Eq=sA{N
z(cSJXpT28DY(rE>fLe24vxavh(t+aLz;u_6z*t_A9vP6;&bC@t_jZ8d;)$KUD<Ya%
zcK#C0a^y|R(R$7i@m3D?*bL*yU4xeF)0YV>PKc0l)#x5psdP2|Z@_&YRexGrA#onh
zUq+>GL)rT#aT93bIxIxWmb=Fn2}|hJuA|C;jfRsuuqN;L(<RMZu*<UPyzncS2HLk|
zWhciNd<E7F9cv5_(t18|Z4#lzhV-KR7S)e+?W#y+B9VpR{ecIYCRXboZJeYJ008e)
BL013(

literal 0
HcmV?d00001


From b998425c7efdfffb6741b329682ae8dc4200e2f6 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:16:05 +0600
Subject: [PATCH 330/379] web/changelogs/10.4: fix the reference to twitter

---
 web/changelogs/10.4.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/changelogs/10.4.md b/web/changelogs/10.4.md
index 5982b0f9..1a3f65f4 100644
--- a/web/changelogs/10.4.md
+++ b/web/changelogs/10.4.md
@@ -20,7 +20,7 @@ we're back to the battlefield against youtube's scraper flattener, but we're win
 - added support for loom's video embed links.
 - added support for facebook's mobile subdomain links.
 - fixed a bug in the instagram module where it wouldn't use the graphql api on failure, due to which cobalt was unable to load slightly more posts successfully. now the majority of posts are accessible!
-- removed support for vine because twitter broke the vine archive.
+- removed support for vine because &#120143;, "The Everything App", broke the vine archive.
 - increased performance of downloads from bluesky by using the video cdn directly.
 - error messages from bluesky module are now more descriptive.
 - rewrote the vk video extraction module to use the general api as the web app extraction was broken by a vk update.

From 7f7281d794cbd074351c0c2a0cf11352f8a1a97d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:21:44 +0600
Subject: [PATCH 331/379] api/package: bump version to 10.5

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 146f412d..aab0c9a6 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.4.7",
+    "version": "10.5",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From a3166df03b38f14192ef91a0f715d6426572e258 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:22:11 +0600
Subject: [PATCH 332/379] web/changelogs: fix 10.5 changelog version

---
 web/changelogs/{10.4.md => 10.5.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename web/changelogs/{10.4.md => 10.5.md} (100%)

diff --git a/web/changelogs/10.4.md b/web/changelogs/10.5.md
similarity index 100%
rename from web/changelogs/10.4.md
rename to web/changelogs/10.5.md

From 41430ff0da5a69d2aa9e7a671317b9721f522938 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:22:19 +0600
Subject: [PATCH 333/379] web/package: bump version to 10.5

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index e298e2dd..2cc25076 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.4.6",
+    "version": "10.5",
     "type": "module",
     "private": true,
     "scripts": {

From c6be68945338f58ea7e40ef2375ebf07169dd37d Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:23:43 +0600
Subject: [PATCH 334/379] web/changelogs/10.5: fix reference to latest commit

---
 web/changelogs/10.5.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/changelogs/10.5.md b/web/changelogs/10.5.md
index 1a3f65f4..49221260 100644
--- a/web/changelogs/10.5.md
+++ b/web/changelogs/10.5.md
@@ -72,7 +72,7 @@ we're back to the battlefield against youtube's scraper flattener, but we're win
 - improved rich filename & metadata support. all metadata is now added to the file "as-is" with no modifications at all. filenames are now compatible with all operating systems and files should never appear as "tunnel", even in some rare cases.
 
 ## more details
-as always, you can check [all commits since the last release on github](https://github.com/imputnet/cobalt/compare/c021293...main) for *literally all changes!*
+as always, you can check [all commits since the last release on github](https://github.com/imputnet/cobalt/compare/c021293...41430ff) for *literally all changes!*
 
 ## thank you!
 our [github repo](https://github.com/imputnet/cobalt) reached over 20k stars recently, and cobalt is now used by over 150k people **daily**. both of these numbers are insane to think about, thank you so much for your support!

From 4d634603e2b3f620da70f9b38ead9f58e25f4354 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:34:05 +0600
Subject: [PATCH 335/379] api/youtube: fix variable shadowing

oops
---
 api/src/processing/services/youtube.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index cb18aa06..6559978c 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -68,7 +68,7 @@ const cloneInnertube = async (customFetch) => {
     const shouldRefreshPlayer = lastRefreshedAt + PLAYER_REFRESH_PERIOD < new Date();
 
     const rawCookie = getCookie('youtube');
-    const cookieValues = rawCookie?.values();
+    const rawCookieValues = rawCookie?.values();
     const cookie = rawCookie?.toString();
 
     if (!innertube || shouldRefreshPlayer) {
@@ -76,8 +76,8 @@ const cloneInnertube = async (customFetch) => {
             fetch: customFetch,
             retrieve_player: !!cookie,
             cookie,
-            po_token: cookieValues?.po_token,
-            visitor_data: cookieValues?.visitor_data,
+            po_token: rawCookieValues?.po_token,
+            visitor_data: rawCookieValues?.visitor_data,
         });
         lastRefreshedAt = +new Date();
     }

From 1dc3532c5de4dd54f93580d1101c22ec7e532e99 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 23 Dec 2024 23:34:14 +0600
Subject: [PATCH 336/379] api/package: bump version to 10.5.1

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index aab0c9a6..79a3fea3 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.5",
+    "version": "10.5.1",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From 38823ecb22df0f321f934e1a76be8ef933415243 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 24 Dec 2024 00:24:59 +0600
Subject: [PATCH 337/379] web/changelogs/10.5: rephrase some sentences

---
 web/changelogs/10.5.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/web/changelogs/10.5.md b/web/changelogs/10.5.md
index 49221260..10776b58 100644
--- a/web/changelogs/10.5.md
+++ b/web/changelogs/10.5.md
@@ -36,7 +36,7 @@ we're back to the battlefield against youtube's scraper flattener, but we're win
 ## web app (and ui/ux) improvements
 - added support for [instance access keys](/settings/instances#access-key)! now you can access private cobalt instances with no turnstile, directly from the web app.
 - redesigned the [remux page](/remux) to indicate better what remuxing does and what it's for.
-- majorly improved the reliability of turnstile. it no longer gets stuck in background, and cobalt always keeps track of its state and displays it in the omnibox.
+- majorly improved the reliability of turnstile. it no longer gets stuck in the background, and cobalt always keeps track of its state and displays it in the omnibox.
 - rewrote almost all error messages in an effort to make them easier to understand at a glance.
 - added more error messages to describe processing issues even better whenever possible.
 - added animations to omnibox icons that make them more lively and cute.
@@ -75,9 +75,10 @@ we're back to the battlefield against youtube's scraper flattener, but we're win
 as always, you can check [all commits since the last release on github](https://github.com/imputnet/cobalt/compare/c021293...41430ff) for *literally all changes!*
 
 ## thank you!
-our [github repo](https://github.com/imputnet/cobalt) reached over 20k stars recently, and cobalt is now used by over 150k people **daily**. both of these numbers are insane to think about, thank you so much for your support!
+our [github repo](https://github.com/imputnet/cobalt) reached over 20k stars recently, and around the same time the cobalt web app reached over 150k daily visitors. both of these numbers are insane to think about, thank you so much for your support!
 
-this is the last big update of 2024, the most transformative and exciting year for cobalt yet. we're already working on new cool features that'll come out next year :3
+this is the last big update of 2024, the most transformative and exciting year for cobalt yet.
+we're already working on new cool features that'll come out next year :3
 
 we hope you have amazing holidays and 2025!
 

From ac3716ae4aa8c0e5a509a581b85be6bfcc3bde13 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 27 Dec 2024 15:15:54 +0000
Subject: [PATCH 338/379] api: uninstall node-cache package

not used for a while anymore
---
 api/README.md    |  1 -
 api/package.json |  1 -
 pnpm-lock.yaml   | 17 -----------------
 3 files changed, 19 deletions(-)

diff --git a/api/README.md b/api/README.md
index d740fb21..a2aad207 100644
--- a/api/README.md
+++ b/api/README.md
@@ -99,7 +99,6 @@ cobalt also depends on:
 - [hls-parser](https://www.npmjs.com/package/hls-parser) to parse `m3u8` playlists for certain services.
 - [ipaddr.js](https://www.npmjs.com/package/ipaddr.js) to parse ip addresses (for rate limiting).
 - [nanoid](https://www.npmjs.com/package/nanoid) to generate unique (temporary) identifiers for each requested stream.
-- [node-cache](https://www.npmjs.com/package/node-cache) to cache stream info in server ram for a limited amount of time.
 - [psl](https://www.npmjs.com/package/psl) as the domain name parser.
 - [set-cookie-parser](https://www.npmjs.com/package/set-cookie-parser) to parse cookies that cobalt receives from certain services.
 - [undici](https://www.npmjs.com/package/undici) for making http requests.
diff --git a/api/package.json b/api/package.json
index 79a3fea3..c6f52769 100644
--- a/api/package.json
+++ b/api/package.json
@@ -37,7 +37,6 @@
         "hls-parser": "^0.10.7",
         "ipaddr.js": "2.2.0",
         "nanoid": "^5.0.9",
-        "node-cache": "^5.1.2",
         "set-cookie-parser": "2.6.0",
         "undici": "^5.19.1",
         "url-pattern": "1.0.3",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 4224fba3..035356e9 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -49,9 +49,6 @@ importers:
       nanoid:
         specifier: ^5.0.9
         version: 5.0.9
-      node-cache:
-        specifier: ^5.1.2
-        version: 5.1.2
       set-cookie-parser:
         specifier: 2.6.0
         version: 2.6.0
@@ -995,10 +992,6 @@ packages:
     resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==}
     engines: {node: '>= 8.10.0'}
 
-  clone@2.1.2:
-    resolution: {integrity: sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w==}
-    engines: {node: '>=0.8'}
-
   cluster-key-slot@1.1.2:
     resolution: {integrity: sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==}
     engines: {node: '>=0.10.0'}
@@ -1793,10 +1786,6 @@ packages:
     resolution: {integrity: sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==}
     engines: {node: '>= 0.6'}
 
-  node-cache@5.1.2:
-    resolution: {integrity: sha512-t1QzWwnk4sjLWaQAS8CHgOJ+RAfmHpxFWmc36IWTiWHQfs0w5JDMBS1b1ZxQteo0vVVuWJvIUKHDkkeK7vIGCg==}
-    engines: {node: '>= 8.0.0'}
-
   normalize-path@3.0.0:
     resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
     engines: {node: '>=0.10.0'}
@@ -3116,8 +3105,6 @@ snapshots:
     optionalDependencies:
       fsevents: 2.3.3
 
-  clone@2.1.2: {}
-
   cluster-key-slot@1.1.2:
     optional: true
 
@@ -3892,10 +3879,6 @@ snapshots:
 
   negotiator@0.6.3: {}
 
-  node-cache@5.1.2:
-    dependencies:
-      clone: 2.1.2
-
   normalize-path@3.0.0: {}
 
   npm-run-path@4.0.1:

From a14e51d8bd76ed716a724905e255130f143afe3d Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 27 Dec 2024 15:18:57 +0000
Subject: [PATCH 339/379] api: uninstall esbuild

also not used for a while anymore
---
 api/README.md    |   1 -
 api/package.json |   1 -
 pnpm-lock.yaml   | 221 -----------------------------------------------
 3 files changed, 223 deletions(-)

diff --git a/api/README.md b/api/README.md
index a2aad207..84c534ea 100644
--- a/api/README.md
+++ b/api/README.md
@@ -93,7 +93,6 @@ cobalt also depends on:
 - [content-disposition-header](https://www.npmjs.com/package/content-disposition-header) to simplify the provision of `content-disposition` headers.
 - [cors](https://www.npmjs.com/package/cors) to manage cross-origin resource sharing within expressjs.
 - [dotenv](https://www.npmjs.com/package/dotenv) to load environment variables from the `.env` file.
-- [esbuild](https://www.npmjs.com/package/esbuild) to minify the frontend files.
 - [express](https://www.npmjs.com/package/express) as the backbone of cobalt servers.
 - [express-rate-limit](https://www.npmjs.com/package/express-rate-limit) to rate limit api endpoints.
 - [hls-parser](https://www.npmjs.com/package/hls-parser) to parse `m3u8` playlists for certain services.
diff --git a/api/package.json b/api/package.json
index c6f52769..cd9a5f86 100644
--- a/api/package.json
+++ b/api/package.json
@@ -30,7 +30,6 @@
         "content-disposition-header": "0.6.0",
         "cors": "^2.8.5",
         "dotenv": "^16.0.1",
-        "esbuild": "^0.14.51",
         "express": "^4.21.2",
         "express-rate-limit": "^7.4.1",
         "ffmpeg-static": "^5.1.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 035356e9..c7f3b712 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -28,9 +28,6 @@ importers:
       dotenv:
         specifier: ^16.0.1
         version: 16.4.5
-      esbuild:
-        specifier: ^0.14.51
-        version: 0.14.54
       express:
         specifier: ^4.21.2
         version: 4.21.2
@@ -336,12 +333,6 @@ packages:
     cpu: [ia32]
     os: [linux]
 
-  '@esbuild/linux-loong64@0.14.54':
-    resolution: {integrity: sha512-bZBrLAIX1kpWelV0XemxBZllyRmM6vgFQQG2GdNb+r3Fkp0FOh1NJSvekXDs7jq70k4euu1cryLMfU+mTXlEpw==}
-    engines: {node: '>=12'}
-    cpu: [loong64]
-    os: [linux]
-
   '@esbuild/linux-loong64@0.21.5':
     resolution: {integrity: sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==}
     engines: {node: '>=12'}
@@ -1148,131 +1139,6 @@ packages:
   es6-promise@3.3.1:
     resolution: {integrity: sha512-SOp9Phqvqn7jtEUxPWdWfWoLmyt2VaJ6MpvP9Comy1MceMXqE6bxvaTu4iaxpYYPzhny28Lc+M87/c2cPK6lDg==}
 
-  esbuild-android-64@0.14.54:
-    resolution: {integrity: sha512-Tz2++Aqqz0rJ7kYBfz+iqyE3QMycD4vk7LBRyWaAVFgFtQ/O8EJOnVmTOiDWYZ/uYzB4kvP+bqejYdVKzE5lAQ==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [android]
-
-  esbuild-android-arm64@0.14.54:
-    resolution: {integrity: sha512-F9E+/QDi9sSkLaClO8SOV6etqPd+5DgJje1F9lOWoNncDdOBL2YF59IhsWATSt0TLZbYCf3pNlTHvVV5VfHdvg==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [android]
-
-  esbuild-darwin-64@0.14.54:
-    resolution: {integrity: sha512-jtdKWV3nBviOd5v4hOpkVmpxsBy90CGzebpbO9beiqUYVMBtSc0AL9zGftFuBon7PNDcdvNCEuQqw2x0wP9yug==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [darwin]
-
-  esbuild-darwin-arm64@0.14.54:
-    resolution: {integrity: sha512-OPafJHD2oUPyvJMrsCvDGkRrVCar5aVyHfWGQzY1dWnzErjrDuSETxwA2HSsyg2jORLY8yBfzc1MIpUkXlctmw==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [darwin]
-
-  esbuild-freebsd-64@0.14.54:
-    resolution: {integrity: sha512-OKwd4gmwHqOTp4mOGZKe/XUlbDJ4Q9TjX0hMPIDBUWWu/kwhBAudJdBoxnjNf9ocIB6GN6CPowYpR/hRCbSYAg==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [freebsd]
-
-  esbuild-freebsd-arm64@0.14.54:
-    resolution: {integrity: sha512-sFwueGr7OvIFiQT6WeG0jRLjkjdqWWSrfbVwZp8iMP+8UHEHRBvlaxL6IuKNDwAozNUmbb8nIMXa7oAOARGs1Q==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [freebsd]
-
-  esbuild-linux-32@0.14.54:
-    resolution: {integrity: sha512-1ZuY+JDI//WmklKlBgJnglpUL1owm2OX+8E1syCD6UAxcMM/XoWd76OHSjl/0MR0LisSAXDqgjT3uJqT67O3qw==}
-    engines: {node: '>=12'}
-    cpu: [ia32]
-    os: [linux]
-
-  esbuild-linux-64@0.14.54:
-    resolution: {integrity: sha512-EgjAgH5HwTbtNsTqQOXWApBaPVdDn7XcK+/PtJwZLT1UmpLoznPd8c5CxqsH2dQK3j05YsB3L17T8vE7cp4cCg==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [linux]
-
-  esbuild-linux-arm64@0.14.54:
-    resolution: {integrity: sha512-WL71L+0Rwv+Gv/HTmxTEmpv0UgmxYa5ftZILVi2QmZBgX3q7+tDeOQNqGtdXSdsL8TQi1vIaVFHUPDe0O0kdig==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [linux]
-
-  esbuild-linux-arm@0.14.54:
-    resolution: {integrity: sha512-qqz/SjemQhVMTnvcLGoLOdFpCYbz4v4fUo+TfsWG+1aOu70/80RV6bgNpR2JCrppV2moUQkww+6bWxXRL9YMGw==}
-    engines: {node: '>=12'}
-    cpu: [arm]
-    os: [linux]
-
-  esbuild-linux-mips64le@0.14.54:
-    resolution: {integrity: sha512-qTHGQB8D1etd0u1+sB6p0ikLKRVuCWhYQhAHRPkO+OF3I/iSlTKNNS0Lh2Oc0g0UFGguaFZZiPJdJey3AGpAlw==}
-    engines: {node: '>=12'}
-    cpu: [mips64el]
-    os: [linux]
-
-  esbuild-linux-ppc64le@0.14.54:
-    resolution: {integrity: sha512-j3OMlzHiqwZBDPRCDFKcx595XVfOfOnv68Ax3U4UKZ3MTYQB5Yz3X1mn5GnodEVYzhtZgxEBidLWeIs8FDSfrQ==}
-    engines: {node: '>=12'}
-    cpu: [ppc64]
-    os: [linux]
-
-  esbuild-linux-riscv64@0.14.54:
-    resolution: {integrity: sha512-y7Vt7Wl9dkOGZjxQZnDAqqn+XOqFD7IMWiewY5SPlNlzMX39ocPQlOaoxvT4FllA5viyV26/QzHtvTjVNOxHZg==}
-    engines: {node: '>=12'}
-    cpu: [riscv64]
-    os: [linux]
-
-  esbuild-linux-s390x@0.14.54:
-    resolution: {integrity: sha512-zaHpW9dziAsi7lRcyV4r8dhfG1qBidQWUXweUjnw+lliChJqQr+6XD71K41oEIC3Mx1KStovEmlzm+MkGZHnHA==}
-    engines: {node: '>=12'}
-    cpu: [s390x]
-    os: [linux]
-
-  esbuild-netbsd-64@0.14.54:
-    resolution: {integrity: sha512-PR01lmIMnfJTgeU9VJTDY9ZerDWVFIUzAtJuDHwwceppW7cQWjBBqP48NdeRtoP04/AtO9a7w3viI+PIDr6d+w==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [netbsd]
-
-  esbuild-openbsd-64@0.14.54:
-    resolution: {integrity: sha512-Qyk7ikT2o7Wu76UsvvDS5q0amJvmRzDyVlL0qf5VLsLchjCa1+IAvd8kTBgUxD7VBUUVgItLkk609ZHUc1oCaw==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [openbsd]
-
-  esbuild-sunos-64@0.14.54:
-    resolution: {integrity: sha512-28GZ24KmMSeKi5ueWzMcco6EBHStL3B6ubM7M51RmPwXQGLe0teBGJocmWhgwccA1GeFXqxzILIxXpHbl9Q/Kw==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [sunos]
-
-  esbuild-windows-32@0.14.54:
-    resolution: {integrity: sha512-T+rdZW19ql9MjS7pixmZYVObd9G7kcaZo+sETqNH4RCkuuYSuv9AGHUVnPoP9hhuE1WM1ZimHz1CIBHBboLU7w==}
-    engines: {node: '>=12'}
-    cpu: [ia32]
-    os: [win32]
-
-  esbuild-windows-64@0.14.54:
-    resolution: {integrity: sha512-AoHTRBUuYwXtZhjXZbA1pGfTo8cJo3vZIcWGLiUcTNgHpJJMC1rVA44ZereBHMJtotyN71S8Qw0npiCIkW96cQ==}
-    engines: {node: '>=12'}
-    cpu: [x64]
-    os: [win32]
-
-  esbuild-windows-arm64@0.14.54:
-    resolution: {integrity: sha512-M0kuUvXhot1zOISQGXwWn6YtS+Y/1RT9WrVIOywZnJHo3jCDyewAc79aKNQWFCQm+xNHVTq9h8dZKvygoXQQRg==}
-    engines: {node: '>=12'}
-    cpu: [arm64]
-    os: [win32]
-
-  esbuild@0.14.54:
-    resolution: {integrity: sha512-Cy9llcy8DvET5uznocPyqL3BFRrFXSVqbgpMJ9Wz8oVjZlh/zUSNbPRbov0VX7VxN2JH1Oa0uNxZ7eLRb62pJA==}
-    engines: {node: '>=12'}
-    hasBin: true
-
   esbuild@0.21.5:
     resolution: {integrity: sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==}
     engines: {node: '>=12'}
@@ -2514,9 +2380,6 @@ snapshots:
   '@esbuild/linux-ia32@0.23.0':
     optional: true
 
-  '@esbuild/linux-loong64@0.14.54':
-    optional: true
-
   '@esbuild/linux-loong64@0.21.5':
     optional: true
 
@@ -3225,90 +3088,6 @@ snapshots:
 
   es6-promise@3.3.1: {}
 
-  esbuild-android-64@0.14.54:
-    optional: true
-
-  esbuild-android-arm64@0.14.54:
-    optional: true
-
-  esbuild-darwin-64@0.14.54:
-    optional: true
-
-  esbuild-darwin-arm64@0.14.54:
-    optional: true
-
-  esbuild-freebsd-64@0.14.54:
-    optional: true
-
-  esbuild-freebsd-arm64@0.14.54:
-    optional: true
-
-  esbuild-linux-32@0.14.54:
-    optional: true
-
-  esbuild-linux-64@0.14.54:
-    optional: true
-
-  esbuild-linux-arm64@0.14.54:
-    optional: true
-
-  esbuild-linux-arm@0.14.54:
-    optional: true
-
-  esbuild-linux-mips64le@0.14.54:
-    optional: true
-
-  esbuild-linux-ppc64le@0.14.54:
-    optional: true
-
-  esbuild-linux-riscv64@0.14.54:
-    optional: true
-
-  esbuild-linux-s390x@0.14.54:
-    optional: true
-
-  esbuild-netbsd-64@0.14.54:
-    optional: true
-
-  esbuild-openbsd-64@0.14.54:
-    optional: true
-
-  esbuild-sunos-64@0.14.54:
-    optional: true
-
-  esbuild-windows-32@0.14.54:
-    optional: true
-
-  esbuild-windows-64@0.14.54:
-    optional: true
-
-  esbuild-windows-arm64@0.14.54:
-    optional: true
-
-  esbuild@0.14.54:
-    optionalDependencies:
-      '@esbuild/linux-loong64': 0.14.54
-      esbuild-android-64: 0.14.54
-      esbuild-android-arm64: 0.14.54
-      esbuild-darwin-64: 0.14.54
-      esbuild-darwin-arm64: 0.14.54
-      esbuild-freebsd-64: 0.14.54
-      esbuild-freebsd-arm64: 0.14.54
-      esbuild-linux-32: 0.14.54
-      esbuild-linux-64: 0.14.54
-      esbuild-linux-arm: 0.14.54
-      esbuild-linux-arm64: 0.14.54
-      esbuild-linux-mips64le: 0.14.54
-      esbuild-linux-ppc64le: 0.14.54
-      esbuild-linux-riscv64: 0.14.54
-      esbuild-linux-s390x: 0.14.54
-      esbuild-netbsd-64: 0.14.54
-      esbuild-openbsd-64: 0.14.54
-      esbuild-sunos-64: 0.14.54
-      esbuild-windows-32: 0.14.54
-      esbuild-windows-64: 0.14.54
-      esbuild-windows-arm64: 0.14.54
-
   esbuild@0.21.5:
     optionalDependencies:
       '@esbuild/aix-ppc64': 0.21.5

From 0f6516567191706faedff58395befad0b795d648 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Fri, 27 Dec 2024 17:17:08 +0000
Subject: [PATCH 340/379] api/package: bump version to 10.5.2

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index cd9a5f86..2205e1c5 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.5.1",
+    "version": "10.5.2",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From f07ebaa04cde3c3b401c999189944a657fdc1cf5 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 6 Jan 2025 15:38:58 +0600
Subject: [PATCH 341/379] web/settings/defaults: enable youtubeHLS by default

yolo #testinprod
---
 web/src/lib/settings/defaults.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/lib/settings/defaults.ts b/web/src/lib/settings/defaults.ts
index a4448aaa..8edc5a95 100644
--- a/web/src/lib/settings/defaults.ts
+++ b/web/src/lib/settings/defaults.ts
@@ -26,7 +26,7 @@ const defaultSettings: CobaltSettings = {
         videoQuality: "1080",
         youtubeVideoCodec: "h264",
         youtubeDubLang: "original",
-        youtubeHLS: false,
+        youtubeHLS: true,
     },
     privacy: {
         alwaysProxy: false,

From 937fddf3e97ba4635c34f2edd80c251298c80feb Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 7 Jan 2025 13:16:58 +0600
Subject: [PATCH 342/379] web/settings/defaults: roll back default hls

it seems to be doing more bad than good, we need to scale or finish the duck project first
---
 web/src/lib/settings/defaults.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/lib/settings/defaults.ts b/web/src/lib/settings/defaults.ts
index 8edc5a95..a4448aaa 100644
--- a/web/src/lib/settings/defaults.ts
+++ b/web/src/lib/settings/defaults.ts
@@ -26,7 +26,7 @@ const defaultSettings: CobaltSettings = {
         videoQuality: "1080",
         youtubeVideoCodec: "h264",
         youtubeDubLang: "original",
-        youtubeHLS: true,
+        youtubeHLS: false,
     },
     privacy: {
         alwaysProxy: false,

From ec019a1b500405a506bc6b9754e7937fec51c79f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 8 Jan 2025 10:54:07 +0600
Subject: [PATCH 343/379] api/schema: enable youtubeHLS by default

---
 api/src/processing/schema.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/schema.js b/api/src/processing/schema.js
index 48d8b058..2ba35152 100644
--- a/api/src/processing/schema.js
+++ b/api/src/processing/schema.js
@@ -46,6 +46,6 @@ export const apiSchema = z.object({
     tiktokH265: z.boolean().default(false),
     twitterGif: z.boolean().default(true),
 
-    youtubeHLS: z.boolean().default(false),
+    youtubeHLS: z.boolean().default(true),
 })
 .strict();

From b47987754a96022ba25cd1fe6e84205986ea368f Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 8 Jan 2025 10:56:59 +0600
Subject: [PATCH 344/379] web/settings/defaults: enable youtubeHLS by default
 (again)

---
 web/src/lib/settings/defaults.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/lib/settings/defaults.ts b/web/src/lib/settings/defaults.ts
index a4448aaa..8edc5a95 100644
--- a/web/src/lib/settings/defaults.ts
+++ b/web/src/lib/settings/defaults.ts
@@ -26,7 +26,7 @@ const defaultSettings: CobaltSettings = {
         videoQuality: "1080",
         youtubeVideoCodec: "h264",
         youtubeDubLang: "original",
-        youtubeHLS: false,
+        youtubeHLS: true,
     },
     privacy: {
         alwaysProxy: false,

From 7db31851d07f86aca29de7ee090bd7a80b017510 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 8 Jan 2025 10:58:49 +0600
Subject: [PATCH 345/379] api/package: bump version to 10.5.3

---
 api/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 2205e1c5..907f9701 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.5.2",
+    "version": "10.5.3",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",

From 50db4d342ab58c27b3f093b2f9681d3778df5ccb Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 8 Jan 2025 11:22:05 +0600
Subject: [PATCH 346/379] api & web: roll back the default hls change due to
 doubled CPU usage

---
 api/package.json                 | 2 +-
 api/src/processing/schema.js     | 2 +-
 web/package.json                 | 2 +-
 web/src/lib/settings/defaults.ts | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/package.json b/api/package.json
index 907f9701..fccbddff 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.5.3",
+    "version": "10.5.4",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",
diff --git a/api/src/processing/schema.js b/api/src/processing/schema.js
index 2ba35152..48d8b058 100644
--- a/api/src/processing/schema.js
+++ b/api/src/processing/schema.js
@@ -46,6 +46,6 @@ export const apiSchema = z.object({
     tiktokH265: z.boolean().default(false),
     twitterGif: z.boolean().default(true),
 
-    youtubeHLS: z.boolean().default(true),
+    youtubeHLS: z.boolean().default(false),
 })
 .strict();
diff --git a/web/package.json b/web/package.json
index 2cc25076..37a7bb49 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.5",
+    "version": "10.5.1",
     "type": "module",
     "private": true,
     "scripts": {
diff --git a/web/src/lib/settings/defaults.ts b/web/src/lib/settings/defaults.ts
index 8edc5a95..a4448aaa 100644
--- a/web/src/lib/settings/defaults.ts
+++ b/web/src/lib/settings/defaults.ts
@@ -26,7 +26,7 @@ const defaultSettings: CobaltSettings = {
         videoQuality: "1080",
         youtubeVideoCodec: "h264",
         youtubeDubLang: "original",
-        youtubeHLS: true,
+        youtubeHLS: false,
     },
     privacy: {
         alwaysProxy: false,

From ce7d553beb75647993e7bcab694fa00bfb8a75d9 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Sun, 12 Jan 2025 16:43:55 +0000
Subject: [PATCH 347/379] api/match-action: pass audio bitrate when creating
 tiktok stream

fixes #996
---
 api/src/processing/match-action.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 5c728626..64f86836 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -102,6 +102,7 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
                             filename: `${r.audioFilename}.${audioFormat}`,
                             isAudioOnly: true,
                             audioFormat,
+                            audioBitrate
                         })
                     }
                     break;

From ef687750b41af5807c84280aa12ee9bb9947ce85 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Sat, 18 Jan 2025 17:02:24 +0600
Subject: [PATCH 348/379] api/tiktok: update domain because dns records for
 main one are gone

closes #1057
---
 api/src/processing/services/tiktok.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/services/tiktok.js b/api/src/processing/services/tiktok.js
index 6978e071..6fec01d8 100644
--- a/api/src/processing/services/tiktok.js
+++ b/api/src/processing/services/tiktok.js
@@ -30,7 +30,7 @@ export default async function(obj) {
     if (!postId) return { error: "fetch.short_link" };
 
     // should always be /video/, even for photos
-    const res = await fetch(`https://tiktok.com/@i/video/${postId}`, {
+    const res = await fetch(`https://www.tiktok.com/@i/video/${postId}`, {
         headers: {
             "user-agent": genericUserAgent,
             cookie,

From 0378a1ae15ed6d1cefdded8efbd7e5a993b01491 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 20 Jan 2025 12:37:36 +0000
Subject: [PATCH 349/379] api/youtube: fix error when downloading stuff from
 WEB

---
 api/src/processing/services/youtube.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 6559978c..e0dc8594 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -491,12 +491,12 @@ export default async function (o) {
             filenameAttributes.resolution = `${video.width}x${video.height}`;
             filenameAttributes.extension = codecList[codec].container;
 
-            video = video.url;
-            audio = audio.url;
-
             if (innertubeClient === "WEB" && innertube) {
                 video = video.decipher(innertube.session.player);
                 audio = audio.decipher(innertube.session.player);
+            } else {
+                video = video.url;
+                audio = audio.url;
             }
         }
 

From ec0d7737926d5d4f7c4db0dc71964c9291452770 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 20 Jan 2025 12:38:12 +0000
Subject: [PATCH 350/379] api/youtube: use Math.min instead of ternary operator

---
 api/src/processing/services/youtube.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index e0dc8594..e16e86e7 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -240,7 +240,7 @@ export default async function (o) {
     const quality = o.quality === "max" ? 9000 : Number(o.quality);
 
     const normalizeQuality = res => {
-        const shortestSide = res.height > res.width ? res.width : res.height;
+        const shortestSide = Math.min(res.height, res.width);
         return videoQualities.find(qual => qual >= shortestSide);
     }
 

From 9bdcb9d8216940aea0b1d499e80478477683b182 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 18:51:37 +0600
Subject: [PATCH 351/379] api/utils: update getRedirectingURL to accept more
 statuses & dispatcher

---
 api/src/misc/utils.js | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/api/src/misc/utils.js b/api/src/misc/utils.js
index fd497d18..6bc72176 100644
--- a/api/src/misc/utils.js
+++ b/api/src/misc/utils.js
@@ -1,8 +1,16 @@
-export function getRedirectingURL(url) {
-    return fetch(url, { redirect: 'manual' }).then((r) => {
-        if ([301, 302, 303].includes(r.status) && r.headers.has('location'))
+const redirectStatuses = [301, 302, 303, 307, 308];
+
+export async function getRedirectingURL(url, dispatcher) {
+    const location = await fetch(url, {
+        redirect: 'manual',
+        dispatcher,
+    }).then((r) => {
+        if (redirectStatuses.includes(r.status) && r.headers.has('location')) {
             return r.headers.get('location');
+        }
     }).catch(() => null);
+
+    return location;
 }
 
 export function merge(a, b) {

From 63b2681017df728f1aeeffae393f5da5a663805a Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:04:31 +0600
Subject: [PATCH 352/379] api/match-action: always proxy photos

---
 api/src/processing/match-action.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 64f86836..1cd36eb2 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -47,7 +47,7 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
             });
 
         case "photo":
-            responseType = "redirect";
+            params = { type: "proxy" };
             break;
 
         case "gif":

From ed8f4353ea3346982d69eb2aadc4cfa5a8c26855 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:10:02 +0600
Subject: [PATCH 353/379] api/processing: add support for xiaohongshu

---
 api/src/processing/match-action.js         |   2 +
 api/src/processing/match.js                |  10 ++
 api/src/processing/service-config.js       |   8 ++
 api/src/processing/service-patterns.js     |   4 +
 api/src/processing/services/xiaohongshu.js | 123 +++++++++++++++++++++
 api/src/processing/url.js                  |  26 +++--
 6 files changed, 165 insertions(+), 8 deletions(-)
 create mode 100644 api/src/processing/services/xiaohongshu.js

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 1cd36eb2..0d87b5a8 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -83,6 +83,7 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
                 case "twitter":
                 case "snapchat":
                 case "bsky":
+                case "xiaohongshu":
                     params = { picker: r.picker };
                     break;
 
@@ -143,6 +144,7 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
                 case "ok":
                 case "vk":
                 case "tiktok":
+                case "xiaohongshu":
                     params = { type: "proxy" };
                     break;
 
diff --git a/api/src/processing/match.js b/api/src/processing/match.js
index 57f04b36..9fabf379 100644
--- a/api/src/processing/match.js
+++ b/api/src/processing/match.js
@@ -28,6 +28,7 @@ import snapchat from "./services/snapchat.js";
 import loom from "./services/loom.js";
 import facebook from "./services/facebook.js";
 import bluesky from "./services/bluesky.js";
+import xiaohongshu from "./services/xiaohongshu.js";
 
 let freebind;
 
@@ -239,6 +240,15 @@ export default async function({ host, patternMatch, params }) {
                 });
                 break;
 
+            case "xiaohongshu":
+                r = await xiaohongshu({
+                    ...patternMatch,
+                    h265: params.tiktokH265,
+                    isAudioOnly,
+                    dispatcher,
+                });
+                break;
+
             default:
                 return createResponse("error", {
                     code: "error.api.service.unsupported"
diff --git a/api/src/processing/service-config.js b/api/src/processing/service-config.js
index 81afaf39..86352f9a 100644
--- a/api/src/processing/service-config.js
+++ b/api/src/processing/service-config.js
@@ -166,6 +166,14 @@ export const services = {
         subdomains: ["m"],
         altDomains: ["vkvideo.ru", "vk.ru"],
     },
+    xiaohongshu: {
+        patterns: [
+            "explore/:id?xsec_token=:token",
+            "discovery/item/:id?xsec_token=:token",
+            "a/:shareId"
+        ],
+        altDomains: ["xhslink.com"],
+    },
     youtube: {
         patterns: [
             "watch?v=:id",
diff --git a/api/src/processing/service-patterns.js b/api/src/processing/service-patterns.js
index e8c46639..42f64d26 100644
--- a/api/src/processing/service-patterns.js
+++ b/api/src/processing/service-patterns.js
@@ -71,4 +71,8 @@ export const testers = {
 
     "bsky": pattern =>
         pattern.user?.length <= 128 && pattern.post?.length <= 128,
+
+    "xiaohongshu": pattern =>
+        pattern.id?.length <= 24 && pattern.token?.length <= 64
+        || pattern.shareId?.length <= 12,
 }
diff --git a/api/src/processing/services/xiaohongshu.js b/api/src/processing/services/xiaohongshu.js
new file mode 100644
index 00000000..d428aaf9
--- /dev/null
+++ b/api/src/processing/services/xiaohongshu.js
@@ -0,0 +1,123 @@
+import { extract, normalizeURL } from "../url.js";
+import { genericUserAgent } from "../../config.js";
+import { createStream } from "../../stream/manage.js";
+import { getRedirectingURL } from "../../misc/utils.js";
+
+const https = (url) => {
+    return url.replace(/^http:/i, 'https:');
+}
+
+export default async function ({ id, token, shareId, h265, isAudioOnly, dispatcher }) {
+    let noteId = id;
+    let xsecToken = token;
+
+    if (!noteId) {
+        const extractedURL = await getRedirectingURL(
+            `https://xhslink.com/a/${shareId}`,
+            dispatcher
+        );
+
+        if (extractedURL) {
+            const { patternMatch } = extract(normalizeURL(extractedURL));
+
+            if (patternMatch) {
+                noteId = patternMatch.id;
+                xsecToken = patternMatch.token;
+            }
+        }
+    }
+
+    if (!noteId || !xsecToken) return { error: "fetch.short_link" };
+
+    const res = await fetch(`https://www.xiaohongshu.com/explore/${noteId}?xsec_token=${xsecToken}`, {
+        headers: {
+            "user-agent": genericUserAgent,
+        },
+        dispatcher,
+    });
+
+    const html = await res.text();
+
+    let note;
+    try {
+        const initialState = html
+            .split('<script>window.__INITIAL_STATE__=')[1]
+            .split('</script>')[0]
+            .replace(/:undefined/g, ":null");
+
+        const data = JSON.parse(initialState);
+
+        const noteInfo = data?.note?.noteDetailMap;
+        if (!noteInfo) throw "no note detail map";
+
+        const currentNote = noteInfo[noteId];
+        if (!currentNote) throw "no current note in detail map";
+
+        note = currentNote.note;
+    } catch {
+        return { error: "fetch.empty" };
+    }
+
+    if (!note) return { error: "fetch.empty" };
+
+    const video = note.video;
+    const images = note.imageList;
+
+    const filenameBase = `xiaohongshu_${noteId}`;
+
+    if (video) {
+        const videoFilename = `${filenameBase}.mp4`;
+        const audioFilename = `${filenameBase}_audio`;
+
+        let videoURL;
+
+        if (h265 && !isAudioOnly && video.consumer?.originVideoKey) {
+            videoURL = `https://sns-video-bd.xhscdn.com/${video.consumer.originVideoKey}`;
+        }
+
+        if (!videoURL) {
+            const h264Streams = video.media?.stream?.h264;
+            if (!h264Streams) return { error: "fetch.empty" };
+
+            if (h264Streams.length > 1) {
+                videoURL = h264Streams.reduce((a, b) => Number(a?.videoBitrate) > Number(b?.videoBitrate) ? a : b).masterUrl;
+            } else {
+                videoURL = h264Streams[0].masterUrl;
+            }
+        }
+
+        if (!videoURL) return { error: "fetch.empty" };
+
+        return {
+            urls: https(videoURL),
+            filename: videoFilename,
+            audioFilename: audioFilename,
+        }
+    }
+
+    if (!images || images.length === 0) {
+        return { error: "fetch.empty" };
+    }
+
+    if (images.length === 1) {
+        return {
+            isPhoto: true,
+            urls: https(images[0].urlDefault),
+            filename: `${filenameBase}.jpg`,
+        }
+    }
+
+    const picker = images.map((image, i) => {
+        return {
+            type: "photo",
+            url: createStream({
+                service: "xiaohongshu",
+                type: "proxy",
+                url: https(image.urlDefault),
+                filename: `${filenameBase}_${i + 1}.jpg`,
+            })
+        }
+    });
+
+    return { picker };
+}
diff --git a/api/src/processing/url.js b/api/src/processing/url.js
index 8f0e7dc2..cfbbecc0 100644
--- a/api/src/processing/url.js
+++ b/api/src/processing/url.js
@@ -92,9 +92,14 @@ function aliasURL(url) {
                 url.hostname = 'vk.com';
             }
             break;
+
+        case "xhslink":
+            if (url.hostname === 'xhslink.com' && parts.length === 3) {
+                url = new URL(`https://www.xiaohongshu.com/a/${parts[2]}`);
+            }
     }
 
-    return url
+    return url;
 }
 
 function cleanURL(url) {
@@ -114,36 +119,41 @@ function cleanURL(url) {
             break;
         case "vk":
             if (url.pathname.includes('/clip') && url.searchParams.get('z')) {
-                limitQuery('z')
+                limitQuery('z');
             }
             break;
         case "youtube":
             if (url.searchParams.get('v')) {
-                limitQuery('v')
+                limitQuery('v');
             }
             break;
         case "rutube":
             if (url.searchParams.get('p')) {
-                limitQuery('p')
+                limitQuery('p');
             }
             break;
         case "twitter":
             if (url.searchParams.get('post_id')) {
-                limitQuery('post_id')
+                limitQuery('post_id');
+            }
+            break;
+        case "xiaohongshu":
+            if (url.searchParams.get('xsec_token')) {
+                limitQuery('xsec_token');
             }
             break;
     }
 
     if (stripQuery) {
-        url.search = ''
+        url.search = '';
     }
 
-    url.username = url.password = url.port = url.hash = ''
+    url.username = url.password = url.port = url.hash = '';
 
     if (url.pathname.endsWith('/'))
         url.pathname = url.pathname.slice(0, -1);
 
-    return url
+    return url;
 }
 
 function getHostIfValid(url) {

From ad6f29a3c83047de5b7f007d6cd103b03f9aac34 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:21:44 +0600
Subject: [PATCH 354/379] api/tests: add xiaohongshu tests

---
 api/src/util/tests/xiaohongshu.json | 58 +++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 api/src/util/tests/xiaohongshu.json

diff --git a/api/src/util/tests/xiaohongshu.json b/api/src/util/tests/xiaohongshu.json
new file mode 100644
index 00000000..425a6a2e
--- /dev/null
+++ b/api/src/util/tests/xiaohongshu.json
@@ -0,0 +1,58 @@
+[
+    {
+        "name": "long link video",
+        "url": "https://www.xiaohongshu.com/discovery/item/6789065900000000210035fc?source=webshare&xhsshare=pc_web&xsec_token=CBustnz_Twf1BSybpe5-D-BzUb-Bx28DPLb418TN9S9Kk&xsec_source=pc_share",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "picker with multiple live photos",
+        "url": "https://www.xiaohongshu.com/explore/67847fa1000000000203e6ed?xsec_token=CBzyP7Y44PPpsM20lgxqrIIJMHqOLemusDsRcmsX0cTpk",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "picker"
+        }
+    },
+    {
+        "name": "one photo",
+        "url": "https://www.xiaohongshu.com/explore/6788b56200000000210008c8?xsec_token=CBSDiWU4N-DgirHrOVbIWrlKfUNFHKwm-Wsjqz7dIMc_k",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "short link, might expire eventually",
+        "url": "https://xhslink.com/a/czn4z6c1tic4",
+        "canFail": true,
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "wrong note id",
+        "url": "https://www.xiaohongshu.com/discovery/item/6789065911100000210035fc?source=webshare&xhsshare=pc_web&xsec_token=CBustnz_Twf1BSybpe5-D-BzUb-Bx28DPLb418TN9S9Kk&xsec_source=pc_share",
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    },
+    {
+        "name": "short link, wrong id",
+        "url": "https://xhslink.com/a/aaaaaa",
+        "canFail": true,
+        "params": {},
+        "expected": {
+            "code": 400,
+            "status": "error"
+        }
+    }
+]

From cd466a418ac18b85d3685a3af34a0885ea138ba5 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:24:12 +0600
Subject: [PATCH 355/379] api/tests/bsky: fix expected photo test status

---
 api/src/util/tests/bsky.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/util/tests/bsky.json b/api/src/util/tests/bsky.json
index 840f1169..5a03538d 100644
--- a/api/src/util/tests/bsky.json
+++ b/api/src/util/tests/bsky.json
@@ -54,7 +54,7 @@
         "params": {},
         "expected": {
             "code": 200,
-            "status": "redirect"
+            "status": "tunnel"
         }
     },
     {

From cd0a2a47c9eb6a4a29c75db1cbcdfe55133d4b37 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:28:35 +0600
Subject: [PATCH 356/379] api/tests/pinterest: update expected photo status

---
 api/src/util/tests/pinterest.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/src/util/tests/pinterest.json b/api/src/util/tests/pinterest.json
index 2f15fb0b..6308adb4 100644
--- a/api/src/util/tests/pinterest.json
+++ b/api/src/util/tests/pinterest.json
@@ -54,7 +54,7 @@
         "params": {},
         "expected": {
             "code": 200,
-            "status": "redirect"
+            "status": "tunnel"
         }
     },
     {
@@ -63,7 +63,7 @@
         "params": {},
         "expected": {
             "code": 200,
-            "status": "redirect"
+            "status": "tunnel"
         }
     },
     {
@@ -72,7 +72,7 @@
         "params": {},
         "expected": {
             "code": 200,
-            "status": "redirect"
+            "status": "tunnel"
         }
     },
     {
@@ -81,7 +81,7 @@
         "params": {},
         "expected": {
             "code": 200,
-            "status": "redirect"
+            "status": "tunnel"
         }
     }
 ]
\ No newline at end of file

From de5eca19a5c3d82462b691b8831034985c98a847 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:30:11 +0600
Subject: [PATCH 357/379] api/utils: replace redirectStatuses array with a set

Co-authored-by: jj <log@riseup.net>
---
 api/src/misc/utils.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/misc/utils.js b/api/src/misc/utils.js
index 6bc72176..9978ceed 100644
--- a/api/src/misc/utils.js
+++ b/api/src/misc/utils.js
@@ -1,11 +1,11 @@
-const redirectStatuses = [301, 302, 303, 307, 308];
+const redirectStatuses = new Set([301, 302, 303, 307, 308]);
 
 export async function getRedirectingURL(url, dispatcher) {
     const location = await fetch(url, {
         redirect: 'manual',
         dispatcher,
     }).then((r) => {
-        if (redirectStatuses.includes(r.status) && r.headers.has('location')) {
+        if (redirectStatuses.has(r.status) && r.headers.has('location')) {
             return r.headers.get('location');
         }
     }).catch(() => null);

From 3cbed87c3ebaae58b3bab01a67c852d0f0c495cd Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:35:53 +0600
Subject: [PATCH 358/379] api/xiaohongshu: update initial state extraction
 regex

Co-authored-by: jj <log@riseup.net>
---
 api/src/processing/services/xiaohongshu.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/processing/services/xiaohongshu.js b/api/src/processing/services/xiaohongshu.js
index d428aaf9..4637358e 100644
--- a/api/src/processing/services/xiaohongshu.js
+++ b/api/src/processing/services/xiaohongshu.js
@@ -43,7 +43,7 @@ export default async function ({ id, token, shareId, h265, isAudioOnly, dispatch
         const initialState = html
             .split('<script>window.__INITIAL_STATE__=')[1]
             .split('</script>')[0]
-            .replace(/:undefined/g, ":null");
+            .replace(/:\s*undefined/g, ":null");
 
         const data = JSON.parse(initialState);
 

From 4963c9f128fc71cf822dca661e34f94f3dca9417 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:37:23 +0600
Subject: [PATCH 359/379] api/xiaohongshu: remove duplicated extraction error

Co-authored-by: jj <log@riseup.net>
---
 api/src/processing/services/xiaohongshu.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/api/src/processing/services/xiaohongshu.js b/api/src/processing/services/xiaohongshu.js
index 4637358e..6e141f5a 100644
--- a/api/src/processing/services/xiaohongshu.js
+++ b/api/src/processing/services/xiaohongshu.js
@@ -54,9 +54,7 @@ export default async function ({ id, token, shareId, h265, isAudioOnly, dispatch
         if (!currentNote) throw "no current note in detail map";
 
         note = currentNote.note;
-    } catch {
-        return { error: "fetch.empty" };
-    }
+    } catch {}
 
     if (!note) return { error: "fetch.empty" };
 

From e39b0ae7b3b09e1a0444810a6f35bf703f1ed604 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:41:02 +0600
Subject: [PATCH 360/379] api/xiaohongshu: deduplicate h264 stream extraction

reduce() isn't called on 1 item arrays, so this is just fine

Co-authored-by: jj <log@riseup.net>
---
 api/src/processing/services/xiaohongshu.js | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/api/src/processing/services/xiaohongshu.js b/api/src/processing/services/xiaohongshu.js
index 6e141f5a..45d7acc5 100644
--- a/api/src/processing/services/xiaohongshu.js
+++ b/api/src/processing/services/xiaohongshu.js
@@ -75,12 +75,9 @@ export default async function ({ id, token, shareId, h265, isAudioOnly, dispatch
 
         if (!videoURL) {
             const h264Streams = video.media?.stream?.h264;
-            if (!h264Streams) return { error: "fetch.empty" };
 
-            if (h264Streams.length > 1) {
+            if (h264Streams?.length) {
                 videoURL = h264Streams.reduce((a, b) => Number(a?.videoBitrate) > Number(b?.videoBitrate) ? a : b).masterUrl;
-            } else {
-                videoURL = h264Streams[0].masterUrl;
             }
         }
 

From 7488c74fafb92b73ac58772f661e5601e2bb5cac Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:46:12 +0600
Subject: [PATCH 361/379] api/xiaohongshu: clean up the h265-h264 if statement

Co-authored-by: jj <log@riseup.net>
---
 api/src/processing/services/xiaohongshu.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/api/src/processing/services/xiaohongshu.js b/api/src/processing/services/xiaohongshu.js
index 45d7acc5..bbb53ab1 100644
--- a/api/src/processing/services/xiaohongshu.js
+++ b/api/src/processing/services/xiaohongshu.js
@@ -71,9 +71,7 @@ export default async function ({ id, token, shareId, h265, isAudioOnly, dispatch
 
         if (h265 && !isAudioOnly && video.consumer?.originVideoKey) {
             videoURL = `https://sns-video-bd.xhscdn.com/${video.consumer.originVideoKey}`;
-        }
-
-        if (!videoURL) {
+        } else {
             const h264Streams = video.media?.stream?.h264;
 
             if (h264Streams?.length) {

From 9f0f885ae6b0b46fa129d5e4b7ade67750ff35c4 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 19:59:59 +0600
Subject: [PATCH 362/379] web/settings/video: update h265 toggle strings

because now it also applies to xiaohongshu
---
 web/i18n/en/settings.json                  |  6 +++---
 web/src/routes/settings/video/+page.svelte | 17 +++++++++--------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/web/i18n/en/settings.json b/web/i18n/en/settings.json
index c450b4b9..418410bf 100644
--- a/web/i18n/en/settings.json
+++ b/web/i18n/en/settings.json
@@ -40,9 +40,9 @@
     "video.twitter.gif.title": "convert looping videos to GIF",
     "video.twitter.gif.description": "GIF conversion is inefficient, converted file may be obnoxiously big and low quality.",
 
-    "video.tiktok.h265": "tiktok",
-    "video.tiktok.h265.title": "prefer HEVC/H265 format",
-    "video.tiktok.h265.description": "allows downloading videos in 1080p at cost of compatibility.",
+    "video.h265": "high efficiency video codec",
+    "video.h265.title": "allow h265 for videos",
+    "video.h265.description": "allows downloading videos from platforms like tiktok and xiaohongshu in higher quality at cost of compatibility.",
 
     "audio.format": "audio format",
     "audio.format.best": "best",
diff --git a/web/src/routes/settings/video/+page.svelte b/web/src/routes/settings/video/+page.svelte
index 9897d7eb..88f9a5ca 100644
--- a/web/src/routes/settings/video/+page.svelte
+++ b/web/src/routes/settings/video/+page.svelte
@@ -69,6 +69,15 @@
     />
 </SettingsCategory>
 
+<SettingsCategory sectionId="h265" title={$t("settings.video.h265")}>
+    <SettingsToggle
+        settingContext="save"
+        settingId="tiktokH265"
+        title={$t("settings.video.h265.title")}
+        description={$t("settings.video.h265.description")}
+    />
+</SettingsCategory>
+
 <SettingsCategory sectionId="twitter" title={$t("settings.video.twitter.gif")}>
     <SettingsToggle
         settingContext="save"
@@ -78,11 +87,3 @@
     />
 </SettingsCategory>
 
-<SettingsCategory sectionId="tiktok" title={$t("settings.video.tiktok.h265")}>
-    <SettingsToggle
-        settingContext="save"
-        settingId="tiktokH265"
-        title={$t("settings.video.tiktok.h265.title")}
-        description={$t("settings.video.tiktok.h265.description")}
-    />
-</SettingsCategory>

From 73f458a99913c794ac5600dfef824b71985e3449 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 20:01:55 +0600
Subject: [PATCH 363/379] docs/api: update tiktokH265 description

---
 docs/api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/api.md b/docs/api.md
index 6da93a44..fb1a1450 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -68,7 +68,7 @@ Content-Type: application/json
 | `alwaysProxy`                | `boolean` | `true / false`                     | `false`   | tunnels all downloads through the processing server, even when not necessary.   |
 | `disableMetadata`            | `boolean` | `true / false`                     | `false`   | disables file metadata when set to `true`.                                      |
 | `tiktokFullAudio`            | `boolean` | `true / false`                     | `false`   | enables download of original sound used in a tiktok video.                      |
-| `tiktokH265`                 | `boolean` | `true / false`                     | `false`   | changes whether 1080p h265 videos are preferred or not.                         |
+| `tiktokH265`                 | `boolean` | `true / false`                     | `false`   | allows h265 videos when enabled. applies to tiktok & xiaohongshu.               |
 | `twitterGif`                 | `boolean` | `true / false`                     | `true`    | changes whether twitter gifs are converted to .gif                              |
 | `youtubeHLS`                 | `boolean` | `true / false`                     | `false`   | specifies whether to use HLS for downloading video or audio from youtube.       |
 

From 035825bc0555fa2e1c2084a407ee14d04be97445 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 20 Jan 2025 14:38:55 +0000
Subject: [PATCH 364/379] api: cache original request parameters in stream

---
 api/src/processing/match-action.js | 3 ++-
 api/src/stream/manage.js           | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/processing/match-action.js b/api/src/processing/match-action.js
index 64f86836..19896ceb 100644
--- a/api/src/processing/match-action.js
+++ b/api/src/processing/match-action.js
@@ -15,7 +15,8 @@ export default function({ r, host, audioFormat, isAudioOnly, isAudioMuted, disab
             filename: r.filenameAttributes ?
                     createFilename(r.filenameAttributes, filenameStyle, isAudioOnly, isAudioMuted) : r.filename,
             fileMetadata: !disableMetadata ? r.fileMetadata : false,
-            requestIP
+            requestIP,
+            originalRequest: r.originalRequest
         },
         params = {};
 
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index 79b5c1db..3323ce5d 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -40,6 +40,7 @@ export function createStream(obj) {
             audioFormat: obj.audioFormat,
 
             isHLS: obj.isHLS || false,
+            originalRequest: obj.parameters
         };
 
     // FIXME: this is now a Promise, but it is not awaited

From 7767a5f5bb49d05b3e4d6f5a9fdf86e4a038c3a1 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 20 Jan 2025 14:46:55 +0000
Subject: [PATCH 365/379] api/youtube: add support for pinning client/itag

---
 api/src/processing/services/youtube.js | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index e16e86e7..3ee673b9 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -149,7 +149,7 @@ export default async function (o) {
         useHLS = false;
     }
 
-    let innertubeClient = "ANDROID";
+    let innertubeClient = o.innertubeClient || "ANDROID";
 
     if (cookie) {
         useHLS = false;
@@ -245,7 +245,7 @@ export default async function (o) {
     }
 
     let video, audio, dubbedLanguage,
-        codec = o.format || "h264";
+        codec = o.format || "h264", itag = o.itag;
 
     if (useHLS) {
         const hlsManifest = info.streaming_data.hls_manifest_url;
@@ -351,17 +351,21 @@ export default async function (o) {
             Number(b.bitrate) - Number(a.bitrate)
         ).forEach(format => {
             Object.keys(codecList).forEach(yCodec => {
+                const matchingItag = slot => !itag || itag[slot] === format.itag;
                 const sorted = sorted_formats[yCodec];
                 const goodFormat = checkFormat(format, yCodec);
                 if (!goodFormat) return;
 
-                if (format.has_video) {
+                if (format.has_video && matchingItag('video')) {
                     sorted.video.push(format);
-                    if (!sorted.bestVideo) sorted.bestVideo = format;
+                    if (!sorted.bestVideo)
+                        sorted.bestVideo = format;
                 }
-                if (format.has_audio) {
+
+                if (format.has_audio && matchingItag('audio')) {
                     sorted.audio.push(format);
-                    if (!sorted.bestAudio) sorted.bestAudio = format;
+                    if (!sorted.bestAudio)
+                        sorted.bestAudio = format;
                 }
             })
         });

From 19ade7c9053dc9323c35ccee25dffb25a6e19f27 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 20 Jan 2025 14:47:09 +0000
Subject: [PATCH 366/379] api/youtube: return internal metadata for replaying
 request

---
 api/src/processing/services/youtube.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index 3ee673b9..ff4a95cf 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -452,6 +452,18 @@ export default async function (o) {
         youtubeDubName: dubbedLanguage || false,
     }
 
+    itag = {
+        video: video.itag,
+        audio: audio.itag
+    };
+
+    const originalRequest = {
+        ...o,
+        dispatcher: undefined,
+        itag,
+        innertubeClient
+    };
+
     if (audio && o.isAudioOnly) {
         let bestAudio = codec === "h264" ? "m4a" : "opus";
         let urls = audio.url;
@@ -473,6 +485,7 @@ export default async function (o) {
             fileMetadata,
             bestAudio,
             isHLS: useHLS,
+            originalRequest
         }
     }
 
@@ -516,6 +529,7 @@ export default async function (o) {
             filenameAttributes,
             fileMetadata,
             isHLS: useHLS,
+            originalRequest
         }
     }
 

From 39752b2c5f00175eb07c700f97f886679f938853 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Mon, 20 Jan 2025 21:26:55 +0600
Subject: [PATCH 367/379] web/Omnibox: improve pasting links from clipboard

- `text/uri-list` type is now accepted (such as clipboard data from bluesky)
- http links are now allowed (such as those from rednote)
- rednote share link is properly extracted
---
 web/src/components/save/Omnibox.svelte | 25 ++++++++++++++-----------
 web/src/lib/clipboard.ts               | 17 +++++++++++++++++
 2 files changed, 31 insertions(+), 11 deletions(-)
 create mode 100644 web/src/lib/clipboard.ts

diff --git a/web/src/components/save/Omnibox.svelte b/web/src/components/save/Omnibox.svelte
index 8da051d4..c10db574 100644
--- a/web/src/components/save/Omnibox.svelte
+++ b/web/src/components/save/Omnibox.svelte
@@ -11,6 +11,7 @@
     import dialogs from "$lib/state/dialogs";
     import { link } from "$lib/state/omnibox";
     import { updateSetting } from "$lib/state/settings";
+    import { pasteLinkFromClipboard } from "$lib/clipboard";
     import { turnstileEnabled, turnstileSolved } from "$lib/state/turnstile";
 
     import type { Optional } from "$lib/types/generic";
@@ -41,7 +42,7 @@
 
     const validLink = (url: string) => {
         try {
-            return /^https:/i.test(new URL(url).protocol);
+            return /^https?\:/i.test(new URL(url).protocol);
         } catch {}
     };
 
@@ -59,22 +60,24 @@
         goto("/", { replaceState: true });
     }
 
-    const pasteClipboard = () => {
+    const pasteClipboard = async () => {
         if ($dialogs.length > 0 || isDisabled || isLoading) {
             return;
         }
 
-        navigator.clipboard.readText().then(async (text: string) => {
-            let matchLink = text.match(/https:\/\/[^\s]+/g);
-            if (matchLink) {
-                $link = matchLink[0];
+        const pastedData = await pasteLinkFromClipboard();
+        if (!pastedData) return;
 
-                if (!isBotCheckOngoing) {
-                    await tick(); // wait for button to render
-                    downloadButton.download($link);
-                }
+        const linkMatch = pastedData.match(/https?\:\/\/[^\s]+/g);
+
+        if (linkMatch) {
+            $link = linkMatch[0].split('，')[0];
+
+            if (!isBotCheckOngoing) {
+                await tick(); // wait for button to render
+                downloadButton.download($link);
             }
-        });
+        }
     };
 
     const changeDownloadMode = (mode: DownloadModeOption) => {
diff --git a/web/src/lib/clipboard.ts b/web/src/lib/clipboard.ts
new file mode 100644
index 00000000..221d17ae
--- /dev/null
+++ b/web/src/lib/clipboard.ts
@@ -0,0 +1,17 @@
+const allowedLinkTypes = new Set(["text/plain", "text/uri-list"]);
+
+export const pasteLinkFromClipboard = async () => {
+    const clipboard = await navigator.clipboard.read();
+
+    if (clipboard?.length) {
+        const clipboardItem = clipboard[0];
+        for (const type of clipboardItem.types) {
+            if (allowedLinkTypes.has(type)) {
+                const blob = await clipboardItem.getType(type);
+                const blobText = await blob.text();
+
+                return blobText;
+            }
+        }
+    }
+}

From c07940bfa4fc5b5c26d2892074b901ba928a5184 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 20 Jan 2025 15:46:03 +0000
Subject: [PATCH 368/379] api/itunnel: pass itunnel object by reference

---
 api/src/core/api.js      | 2 +-
 api/src/stream/stream.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/core/api.js b/api/src/core/api.js
index 153f2ca6..e4d3dfcf 100644
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -313,7 +313,7 @@ export const runAPI = async (express, app, __dirname, isPrimary = true) => {
             ...Object.entries(req.headers)
         ]);
 
-        return stream(res, { type: 'internal', ...streamInfo });
+        return stream(res, { type: 'internal', data: streamInfo });
     };
 
     app.get('/itunnel', itunnelHandler);
diff --git a/api/src/stream/stream.js b/api/src/stream/stream.js
index a6d41200..c7cf7b56 100644
--- a/api/src/stream/stream.js
+++ b/api/src/stream/stream.js
@@ -10,7 +10,7 @@ export default async function(res, streamInfo) {
                 return await stream.proxy(streamInfo, res);
 
             case "internal":
-                return internalStream(streamInfo, res);
+                return internalStream(streamInfo.data, res);
 
             case "merge":
                 return stream.merge(streamInfo, res);

From 600c7691414f07568e038cca7877426b4ab9057d Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 20 Jan 2025 15:55:26 +0000
Subject: [PATCH 369/379] api/stream: implement itunnel transplants

---
 api/src/misc/utils.js      |  4 +++
 api/src/stream/internal.js | 12 ++++++-
 api/src/stream/manage.js   | 71 ++++++++++++++++++++++++++++++++++++--
 3 files changed, 83 insertions(+), 4 deletions(-)

diff --git a/api/src/misc/utils.js b/api/src/misc/utils.js
index fd497d18..e15690b0 100644
--- a/api/src/misc/utils.js
+++ b/api/src/misc/utils.js
@@ -29,3 +29,7 @@ export function splitFilenameExtension(filename) {
         return [ parts.join('.'), ext ]
     }
 }
+
+export function zip(a, b) {
+    return a.map((value, i) => [ value, b[i] ]);
+}
diff --git a/api/src/stream/internal.js b/api/src/stream/internal.js
index 7d8bf4c9..8c94c485 100644
--- a/api/src/stream/internal.js
+++ b/api/src/stream/internal.js
@@ -7,7 +7,7 @@ const CHUNK_SIZE = BigInt(8e6); // 8 MB
 const min = (a, b) => a < b ? a : b;
 
 async function* readChunks(streamInfo, size) {
-    let read = 0n;
+    let read = 0n, chunksSinceTransplant = 0;
     while (read < size) {
         if (streamInfo.controller.signal.aborted) {
             throw new Error("controller aborted");
@@ -22,6 +22,16 @@ async function* readChunks(streamInfo, size) {
             signal: streamInfo.controller.signal
         });
 
+        if (chunk.statusCode === 403 && chunksSinceTransplant >= 3 && streamInfo.transplant) {
+            chunksSinceTransplant = 0;
+            try {
+                await streamInfo.transplant(streamInfo.dispatcher);
+                continue;
+            } catch {}
+        }
+
+        chunksSinceTransplant++;
+
         const expected = min(CHUNK_SIZE, size - read);
         const received = BigInt(chunk.headers['content-length']);
 
diff --git a/api/src/stream/manage.js b/api/src/stream/manage.js
index 3323ce5d..ebb5c6c7 100644
--- a/api/src/stream/manage.js
+++ b/api/src/stream/manage.js
@@ -9,6 +9,7 @@ import { env } from "../config.js";
 import { closeRequest } from "./shared.js";
 import { decryptStream, encryptStream } from "../misc/crypto.js";
 import { hashHmac } from "../security/secrets.js";
+import { zip } from "../misc/utils.js";
 
 // optional dependency
 const freebind = env.freebindCIDR && await import('freebind').catch(() => {});
@@ -40,7 +41,7 @@ export function createStream(obj) {
             audioFormat: obj.audioFormat,
 
             isHLS: obj.isHLS || false,
-            originalRequest: obj.parameters
+            originalRequest: obj.originalRequest
         };
 
     // FIXME: this is now a Promise, but it is not awaited
@@ -101,6 +102,7 @@ export function createInternalStream(url, obj = {}) {
         controller,
         dispatcher,
         isHLS: obj.isHLS,
+        transplant: obj.transplant
     });
 
     let streamLink = new URL('/itunnel', `http://127.0.0.1:${env.tunnelPort}`);
@@ -116,13 +118,17 @@ export function createInternalStream(url, obj = {}) {
     return streamLink.toString();
 }
 
-export function destroyInternalStream(url) {
+function getInternalTunnelId(url) {
     url = new URL(url);
     if (url.hostname !== '127.0.0.1') {
         return;
     }
 
-    const id = url.searchParams.get('id');
+    return url.searchParams.get('id');
+}
+
+export function destroyInternalStream(url) {
+    const id = getInternalTunnelId(url);
 
     if (internalStreamCache.has(id)) {
         closeRequest(getInternalStream(id)?.controller);
@@ -130,9 +136,68 @@ export function destroyInternalStream(url) {
     }
 }
 
+const transplantInternalTunnels = function(tunnelUrls, transplantUrls) {
+    if (tunnelUrls.length !== transplantUrls.length) {
+        return;
+    }
+
+    for (const [ tun, url ] of zip(tunnelUrls, transplantUrls)) {
+        const id = getInternalTunnelId(tun);
+        const itunnel = getInternalStream(id);
+
+        if (!itunnel) continue;
+        itunnel.url = url;
+    }
+}
+
+const transplantTunnel = async function (dispatcher) {
+    if (this.pendingTransplant) {
+        await this.pendingTransplant;
+        return;
+    }
+
+    let finished;
+    this.pendingTransplant = new Promise(r => finished = r);
+
+    try {
+        const handler = await import(`../processing/services/${this.service}.js`);
+        const response = await handler.default({
+            ...this.originalRequest,
+            dispatcher
+        });
+
+        if (!response.urls) {
+            return;
+        }
+
+        response.urls = [response.urls].flat();
+        if (this.originalRequest.isAudioOnly && response.urls.length > 1) {
+            response.urls = [response.urls[1]];
+        } else if (this.originalRequest.isAudioMuted) {
+            response.urls = [response.urls[0]];
+        }
+
+        const tunnels = [this.urls].flat();
+        if (tunnels.length !== response.urls.length) {
+            return;
+        }
+
+        transplantInternalTunnels(tunnels, response.urls);
+    }
+    catch {}
+    finally {
+        finished();
+        delete this.pendingTransplant;
+    }
+}
+
 function wrapStream(streamInfo) {
     const url = streamInfo.urls;
 
+    if (streamInfo.originalRequest) {
+        streamInfo.transplant = transplantTunnel.bind(streamInfo);
+    }
+
     if (typeof url === 'string') {
         streamInfo.urls = createInternalStream(url, streamInfo);
     } else if (Array.isArray(url)) {

From ee3ef60a20701adf40fa5b4bb89c6db37cd33af9 Mon Sep 17 00:00:00 2001
From: jj <log@riseup.net>
Date: Mon, 20 Jan 2025 20:12:21 +0000
Subject: [PATCH 370/379] api/youtube: expect one of itags to be empty

---
 api/src/processing/services/youtube.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/processing/services/youtube.js b/api/src/processing/services/youtube.js
index ff4a95cf..f0766b3f 100644
--- a/api/src/processing/services/youtube.js
+++ b/api/src/processing/services/youtube.js
@@ -351,7 +351,7 @@ export default async function (o) {
             Number(b.bitrate) - Number(a.bitrate)
         ).forEach(format => {
             Object.keys(codecList).forEach(yCodec => {
-                const matchingItag = slot => !itag || itag[slot] === format.itag;
+                const matchingItag = slot => !itag?.[slot] || itag[slot] === format.itag;
                 const sorted = sorted_formats[yCodec];
                 const goodFormat = checkFormat(format, yCodec);
                 if (!goodFormat) return;
@@ -453,8 +453,8 @@ export default async function (o) {
     }
 
     itag = {
-        video: video.itag,
-        audio: audio.itag
+        video: video?.itag,
+        audio: audio?.itag
     };
 
     const originalRequest = {

From 36d4608ee58b076912d5611594f2922fa77ab90a Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 21 Jan 2025 17:18:49 +0600
Subject: [PATCH 371/379] api/bluesky: add support for tenor gifs

---
 api/src/processing/services/bluesky.js | 61 ++++++++++++++++++++------
 api/src/util/tests/bsky.json           | 18 ++++++++
 2 files changed, 65 insertions(+), 14 deletions(-)

diff --git a/api/src/processing/services/bluesky.js b/api/src/processing/services/bluesky.js
index bc887437..598e9739 100644
--- a/api/src/processing/services/bluesky.js
+++ b/api/src/processing/services/bluesky.js
@@ -71,6 +71,24 @@ const extractImages = ({ getPost, filename, alwaysProxy }) => {
     return { picker };
 }
 
+const extractGif = ({ url, filename }) => {
+    const gifUrl = new URL(url);
+
+    if (!gifUrl || gifUrl.hostname !== "media.tenor.com") {
+        return { error: "fetch.empty" };
+    }
+
+    // remove downscaling params from gif url
+    // such as "?hh=498&ww=498"
+    gifUrl.search = "";
+
+    return {
+        urls: gifUrl,
+        isPhoto: true,
+        filename: `${filename}.gif`,
+    }
+}
+
 export default async function ({ user, post, alwaysProxy, dispatcher }) {
     const apiEndpoint = new URL("https://public.api.bsky.app/xrpc/app.bsky.feed.getPostThread?depth=0&parentHeight=0");
     apiEndpoint.searchParams.set(
@@ -102,22 +120,37 @@ export default async function ({ user, post, alwaysProxy, dispatcher }) {
     const embedType = getPost?.thread?.post?.embed?.$type;
     const filename = `bluesky_${user}_${post}`;
 
-    if (embedType === "app.bsky.embed.video#view") {
-        return extractVideo({
-            media: getPost.thread?.post?.embed,
-            filename,
-        })
-    }
+    switch (embedType) {
+        case "app.bsky.embed.video#view":
+            return extractVideo({
+                media: getPost.thread?.post?.embed,
+                filename,
+            });
 
-    if (embedType === "app.bsky.embed.recordWithMedia#view") {
-        return extractVideo({
-            media: getPost.thread?.post?.embed?.media,
-            filename,
-        })
-    }
+        case "app.bsky.embed.images#view":
+            return extractImages({
+                getPost,
+                filename,
+                alwaysProxy
+            });
 
-    if (embedType === "app.bsky.embed.images#view") {
-        return extractImages({ getPost, filename, alwaysProxy });
+        case "app.bsky.embed.external#view":
+            return extractGif({
+                url: getPost?.thread?.post?.embed?.external?.uri,
+                filename,
+            });
+
+        case "app.bsky.embed.recordWithMedia#view":
+            if (getPost?.thread?.post?.embed?.media?.$type === "app.bsky.embed.external#view") {
+                return extractGif({
+                    url: getPost?.thread?.post?.embed?.media?.external?.uri,
+                    filename,
+                });
+            }
+            return extractVideo({
+                media: getPost.thread?.post?.embed?.media,
+                filename,
+            });
     }
 
     return { error: "fetch.empty" };
diff --git a/api/src/util/tests/bsky.json b/api/src/util/tests/bsky.json
index 5a03538d..6e1d6b2b 100644
--- a/api/src/util/tests/bsky.json
+++ b/api/src/util/tests/bsky.json
@@ -57,6 +57,24 @@
             "status": "tunnel"
         }
     },
+    {
+        "name": "gif with a quoted post",
+        "url": "https://bsky.app/profile/imlunahey.com/post/3lgajpn5dtk2t",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
+    {
+        "name": "gif alone in a post",
+        "url": "https://bsky.app/profile/imlunahey.com/post/3lgah3ovxnc2q",
+        "params": {},
+        "expected": {
+            "code": 200,
+            "status": "tunnel"
+        }
+    },
     {
         "name": "several images",
         "url": "https://bsky.app/profile/did:plc:rai7s6su2sy22ss7skouedl7/post/3kzxuxbiul626",

From cecb8a4c5343b4b2cc166e8995dfb599fe222743 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 21 Jan 2025 17:25:45 +0600
Subject: [PATCH 372/379] api/package: bump version to 10.6

---
 api/package.json |  4 ++--
 pnpm-lock.yaml   | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/api/package.json b/api/package.json
index fccbddff..829106c3 100644
--- a/api/package.json
+++ b/api/package.json
@@ -1,7 +1,7 @@
 {
     "name": "@imput/cobalt-api",
     "description": "save what you love",
-    "version": "10.5.4",
+    "version": "10.6",
     "author": "imput",
     "exports": "./src/cobalt.js",
     "type": "module",
@@ -39,7 +39,7 @@
         "set-cookie-parser": "2.6.0",
         "undici": "^5.19.1",
         "url-pattern": "1.0.3",
-        "youtubei.js": "^12.2.0",
+        "youtubei.js": "^13.0.0",
         "zod": "^3.23.8"
     },
     "optionalDependencies": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index c7f3b712..9e12913a 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -56,8 +56,8 @@ importers:
         specifier: 1.0.3
         version: 1.0.3
       youtubei.js:
-        specifier: ^12.2.0
-        version: 12.2.0
+        specifier: ^13.0.0
+        version: 13.0.0
       zod:
         specifier: ^3.23.8
         version: 3.23.8
@@ -2286,8 +2286,8 @@ packages:
     resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
     engines: {node: '>=10'}
 
-  youtubei.js@12.2.0:
-    resolution: {integrity: sha512-G+50qrbJCToMYhu8jbaHiS3Vf+RRul+CcDbz3hEGwHkGPh+zLiWwD6SS+YhYF+2/op4ZU5zDYQJrGqJ+wKh7Gw==}
+  youtubei.js@13.0.0:
+    resolution: {integrity: sha512-b1QkN9bfgphK+5tI4qteSK54kNxmPhoedvMw0jl4uSn+L8gbDbJ4z52amNuYNcOdp4X/SI3JuUb+f5V0DPJ8Vw==}
 
   zod@3.23.8:
     resolution: {integrity: sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==}
@@ -4242,7 +4242,7 @@ snapshots:
 
   yocto-queue@0.1.0: {}
 
-  youtubei.js@12.2.0:
+  youtubei.js@13.0.0:
     dependencies:
       '@bufbuild/protobuf': 2.1.0
       jintr: 3.2.0

From 8d3db909d95b798e9a051cc2f023d08fe439baa2 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Tue, 21 Jan 2025 17:25:55 +0600
Subject: [PATCH 373/379] web/package: bump version to 10.6

---
 web/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/package.json b/web/package.json
index 37a7bb49..0c621f02 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@imput/cobalt-web",
-    "version": "10.5.1",
+    "version": "10.6",
     "type": "module",
     "private": true,
     "scripts": {

From 99265d594bc171b2881312782cb9551241f3882b Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 22 Jan 2025 14:41:44 +0600
Subject: [PATCH 374/379] api/readme: update list of supported services & list
 of dependencies

---
 api/README.md | 53 ++++++++++++++++++++++++---------------------------
 1 file changed, 25 insertions(+), 28 deletions(-)

diff --git a/api/README.md b/api/README.md
index 84c534ea..70d85de6 100644
--- a/api/README.md
+++ b/api/README.md
@@ -11,12 +11,9 @@ we recommend [deploying your own instance](/docs/run-an-instance.md) if you wish
 
 you can read [the api documentation here](/docs/api.md).
 
-> [!WARNING]
-> the v7 public api (/api/json) will be shut down on **november 11th, 2024**.
-> you can access documentation for it [here](https://github.com/imputnet/cobalt/blob/7/docs/api.md).
-
 ## supported services
-this list is not final and keeps expanding over time. if support for a service you want is missing, create an issue (or a pull request 👀).
+this list is not final and keeps expanding over time!
+if the desired service isn't supported yet, feel free to create an appropriate issue (or a pull request 👀).
 
 | service           | video + audio | only audio | only video | metadata | rich file names |
 | :--------         | :-----------: | :--------: | :--------: | :------: | :-------------: |
@@ -39,12 +36,13 @@ this list is not final and keeps expanding over time. if support for a service y
 | twitter/x         | ✅            | ✅         | ✅         | ➖         | ➖              |
 | vimeo             | ✅            | ✅         | ✅         | ✅         | ✅              |
 | vk videos & clips | ✅            | ❌         | ✅         | ✅         | ✅              |
+| xiaohongshu       | ✅            | ✅         | ✅         | ➖         | ➖              |
 | youtube           | ✅            | ✅         | ✅         | ✅         | ✅              |
 
 | emoji   | meaning                 |
 | :-----: | :---------------------- |
 | ✅      | supported               |
-| ➖      | impossible/unreasonable |
+| ➖      | unreasonable/impossible |
 | ❌      | not supported           |
 
 ### additional notes or features (per service)
@@ -71,36 +69,35 @@ as long as you:
 - provide a link to the license and indicate if changes to the code were made, and
 - release the code under the **same license**
 
-## acknowledgements
+## open source acknowledgements
 ### ffmpeg
-cobalt heavily relies on ffmpeg for converting and merging media files. it's an absolutely amazing piece of software offered for anyone for free, yet doesn't receive as much credit as it should.
+cobalt relies on ffmpeg for muxing and encoding media files. ffmpeg is absolutely spectacular and we're privileged to have an ability to use it for free, just like anyone else. we believe it should be way more recognized.
 
 you can [support ffmpeg here](https://ffmpeg.org/donations.html)!
 
-#### ffmpeg-static
-we use [ffmpeg-static](https://github.com/eugeneware/ffmpeg-static) to get binaries for ffmpeg depending on the platform.
-
-you can support the developer via various methods listed on their github page! (linked above)
-
 ### youtube.js
-cobalt relies on [youtube.js](https://github.com/LuanRT/YouTube.js) for interacting with the innertube api, it wouldn't have been possible without it.
+cobalt relies on **[youtube.js](https://github.com/LuanRT/YouTube.js)** for interacting with youtube's innertube api, it wouldn't have been possible without this package.
 
-you can support the developer via various methods listed on their github page! (linked above)
+you can support the developer via various methods listed on their github page!
+(linked above)
 
 ### many others
-cobalt also depends on:
+cobalt-api also depends on:
 
-- [content-disposition-header](https://www.npmjs.com/package/content-disposition-header) to simplify the provision of `content-disposition` headers.
-- [cors](https://www.npmjs.com/package/cors) to manage cross-origin resource sharing within expressjs.
-- [dotenv](https://www.npmjs.com/package/dotenv) to load environment variables from the `.env` file.
-- [express](https://www.npmjs.com/package/express) as the backbone of cobalt servers.
-- [express-rate-limit](https://www.npmjs.com/package/express-rate-limit) to rate limit api endpoints.
-- [hls-parser](https://www.npmjs.com/package/hls-parser) to parse `m3u8` playlists for certain services.
-- [ipaddr.js](https://www.npmjs.com/package/ipaddr.js) to parse ip addresses (for rate limiting).
-- [nanoid](https://www.npmjs.com/package/nanoid) to generate unique (temporary) identifiers for each requested stream.
-- [psl](https://www.npmjs.com/package/psl) as the domain name parser.
-- [set-cookie-parser](https://www.npmjs.com/package/set-cookie-parser) to parse cookies that cobalt receives from certain services.
-- [undici](https://www.npmjs.com/package/undici) for making http requests.
-- [url-pattern](https://www.npmjs.com/package/url-pattern) to match provided links with supported patterns.
+- **[content-disposition-header](https://www.npmjs.com/package/content-disposition-header)** to simplify the provision of `content-disposition` headers.
+- **[cors](https://www.npmjs.com/package/cors)** to manage cross-origin resource sharing within expressjs.
+- **[dotenv](https://www.npmjs.com/package/dotenv)** to load environment variables from the `.env` file.
+- **[express](https://www.npmjs.com/package/express)** as the backbone of cobalt servers.
+- **[express-rate-limit](https://www.npmjs.com/package/express-rate-limit)** to rate limit api endpoints.
+- **[ffmpeg-static](https://www.npmjs.com/package/ffmpeg-static)** to get binaries for ffmpeg depending on the platform.
+- **[hls-parser](https://www.npmjs.com/package/hls-parser)** to parse HLS playlists according to spec (very impressive stuff).
+- **[ipaddr.js](https://www.npmjs.com/package/ipaddr.js)** to parse ip addresses (used for rate limiting).
+- **[nanoid](https://www.npmjs.com/package/nanoid)** to generate unique identifiers for each requested tunnel.
+- **[set-cookie-parser](https://www.npmjs.com/package/set-cookie-parser)** to parse cookies that cobalt receives from certain services.
+- **[undici](https://www.npmjs.com/package/undici)** for making http requests.
+- **[url-pattern](https://www.npmjs.com/package/url-pattern)** to match provided links with supported patterns.
+- **[zod](https://www.npmjs.com/package/zod)** to lock down the api request schema.
+- **[@datastructures-js/priority-queue](https://www.npmjs.com/package/@datastructures-js/priority-queue)** for sorting stream caches for future clean up (without redis).
+- **[@imput/psl](https://www.npmjs.com/package/@imput/psl)** as the domain name parser, our fork of [psl](https://www.npmjs.com/package/psl).
 
 ...and many other packages that these packages rely on.

From 3be98a14b369289b4b50b2ec9147d76287c3f2e3 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 22 Jan 2025 14:46:09 +0600
Subject: [PATCH 375/379] readme: update some phrasing & add a link to bluesky

---
 README.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 8168a4df..9a5a05e7 100644
--- a/README.md
+++ b/README.md
@@ -14,9 +14,13 @@
         <a href="https://discord.gg/pQPt8HBUPu">
             💬 community discord server
         </a>
+        <br/>
         <a href="https://x.com/justusecobalt">
             🐦 twitter
         </a>
+        <a href="https://bsky.app/profile/cobalt.tools">
+            🦋 bluesky
+        </a>
     </p>
     <br/>
 </div>
@@ -34,11 +38,10 @@ this monorepo includes source code for api, frontend, and related packages:
 it also includes documentation in the [docs tree](/docs/):
 - [cobalt api documentation](/docs/api.md)
 - [how to run a cobalt instance](/docs/run-an-instance.md)
-- [how to protect a cobalt instance](/docs/protect-an-instance.md)
-- [how to configure a cobalt instance for youtube](/docs/configure-for-youtube.md)
+- [how to protect a cobalt instance](/docs/protect-an-instance.md) (recommended if you host a public instance)
 
 ### thank you
-cobalt is sponsored by [royalehosting.net](https://royalehosting.net/?partner=cobalt) and the main processing servers are hosted on their network. we really appreciate their kindness and support!
+cobalt is sponsored by [royalehosting.net](https://royalehosting.net/?partner=cobalt). a part of our infrastructure is hosted on their network. we really appreciate their kindness and support!
 
 ### ethics
 cobalt is a tool that makes downloading public content easier. it takes **zero liability**.
@@ -50,7 +53,7 @@ it can only download free & publicly accessible content.
 same content can be downloaded via dev tools of any modern web browser.
 
 ### contributing
-thank you for considering making a contribution to cobalt! please check the [contributing guidelines here](/CONTRIBUTING.md) before making a pull request.
+if you're considering contributing to cobalt, first of all, thank you! check the [contribution guidelines here](/CONTRIBUTING.md) before getting started, they'll help you do your best right away.
 
 ### licenses
 for relevant licensing information, see the [api](api/README.md) and [web](web/README.md) READMEs.

From 899d1efdea2d1b23cb88d9d33ca50245ff094a69 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Wed, 22 Jan 2025 14:46:30 +0600
Subject: [PATCH 376/379] web/about/general: update infra partner phrasing

---
 web/i18n/en/about/general.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/i18n/en/about/general.md b/web/i18n/en/about/general.md
index 2334ab8e..1f5e53fd 100644
--- a/web/i18n/en/about/general.md
+++ b/web/i18n/en/about/general.md
@@ -25,7 +25,7 @@ no ads, trackers, paywalls, or other nonsense. just a convenient web app that wo
 cobalt was created for public benefit, to protect people from ads and malware pushed by its alternatives.
 we believe that the best software is safe, open, and accessible.
 
-it's possible to keep the main instances up thanks to our long-standing infrastructure partner, [royalehosting.net]({partners.royalehosting})!
+a part of our infrastructure is provided by our long-standing partner, [royalehosting.net]({partners.royalehosting})!
 </section>
 
 <section id="privacy">

From 31f6ff9b87ee7cf23dce7bf9217f8901a6e59e08 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 23 Jan 2025 21:51:06 +0600
Subject: [PATCH 377/379] api/tests/loom: update test links

the old video is unavailable for an unknown reason. it's unplayable in a regular browser and also loom's own landing page.
---
 api/src/util/tests/loom.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/util/tests/loom.json b/api/src/util/tests/loom.json
index 1849a000..cc4273d3 100644
--- a/api/src/util/tests/loom.json
+++ b/api/src/util/tests/loom.json
@@ -1,7 +1,7 @@
 [
     {
         "name": "1080p video",
-        "url": "https://www.loom.com/share/313bf71d20ca47b2a35b6634cefdb761",
+        "url": "https://www.loom.com/share/d165fd054a294d8a8587807bcc50c885",
         "params": {},
         "expected": {
             "code": 200,
@@ -10,7 +10,7 @@
     },
     {
         "name": "1080p video (muted)",
-        "url": "https://www.loom.com/share/313bf71d20ca47b2a35b6634cefdb761",
+        "url": "https://www.loom.com/share/d165fd054a294d8a8587807bcc50c885",
         "params": {
             "downloadMode": "mute"
         },
@@ -21,7 +21,7 @@
     },
     {
         "name": "1080p video (audio only)",
-        "url": "https://www.loom.com/share/313bf71d20ca47b2a35b6634cefdb761",
+        "url": "https://www.loom.com/share/d165fd054a294d8a8587807bcc50c885",
         "params": {
             "downloadMode": "audio"
         },

From 7b31817fdb7501233d3eddc375db4311cbe4fc3c Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 23 Jan 2025 21:58:41 +0600
Subject: [PATCH 378/379] api/tests/xiaohongshu: update photo test link

---
 api/src/util/tests/xiaohongshu.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/util/tests/xiaohongshu.json b/api/src/util/tests/xiaohongshu.json
index 425a6a2e..de632a77 100644
--- a/api/src/util/tests/xiaohongshu.json
+++ b/api/src/util/tests/xiaohongshu.json
@@ -19,7 +19,7 @@
     },
     {
         "name": "one photo",
-        "url": "https://www.xiaohongshu.com/explore/6788b56200000000210008c8?xsec_token=CBSDiWU4N-DgirHrOVbIWrlKfUNFHKwm-Wsjqz7dIMc_k",
+        "url": "https://www.xiaohongshu.com/explore/676e132d000000000b016f68?xsec_token=ABRv6LKzizOFeSaf2HnnBkdBqniB5Ak1fI8tMAHzO31jA",
         "params": {},
         "expected": {
             "code": 200,

From 906d9293337a8916a4c7da8ca1ab792f925233c8 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 23 Jan 2025 22:00:02 +0600
Subject: [PATCH 379/379] api/tests/pinterest: update the gif link

because the id changed???
---
 api/src/util/tests/pinterest.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/util/tests/pinterest.json b/api/src/util/tests/pinterest.json
index 6308adb4..4760dd36 100644
--- a/api/src/util/tests/pinterest.json
+++ b/api/src/util/tests/pinterest.json
@@ -68,7 +68,7 @@
     },
     {
         "name": "regular gif",
-        "url": "https://www.pinterest.com/pin/814447913881127862/",
+        "url": "https://www.pinterest.com/pin/643170390530326178/",
         "params": {},
         "expected": {
             "code": 200,
@@ -77,7 +77,7 @@
     },
     {
         "name": "regular gif (.ca TLD)",
-        "url": "https://www.pinterest.ca/pin/814447913881127862/",
+        "url": "https://www.pinterest.ca/pin/643170390530326178/",
         "params": {},
         "expected": {
             "code": 200,