Merge branch 'v1'

update urls
Update 'installer/install.sh'
2018-05-16 02:22:09 -06:00 · 2018-05-16 02:21:05 -06:00 · 2018-04-10 04:44:23 +00:00 · 2018-04-10 04:42:47 +00:00 · 2017-12-11 22:24:26 +00:00 · 2017-12-11 22:14:04 +00:00
54 changed files with 24547 additions and 12 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,8 @@
 *session*
 *secret*
 var/*
 packages/assets/org.oauth3
 # Logs
 logs
 *.log
@ -30,6 +35,7 @@ build/Release
 # Dependency directories
 node_modules
 jspm_packages
 bower_components
 # Optional npm cache directory
 .npm
@ -42,3 +48,7 @@ jspm_packages
 # Output of 'npm pack'
 *.tgz
 # Dependency directory
 # https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git
 node_modules
--- a/.gitmodules
+++ b/.gitmodules
--- a/.jshintrc
+++ b/.jshintrc
@ -0,0 +1,17 @@
 { "node": true
 , "browser": true
 , "jquery": true
 , "strict": true
 , "indent": 2
 , "onevar": true
 , "laxcomma": true
 , "laxbreak": true
 , "eqeqeq": true
 , "immed": true
 , "undef": true
 , "unused": true
 , "latedef": true
 , "curly": true
 , "trailing": true
 , "esversion": 6
 }
--- a/API.md
+++ b/API.md
@ -0,0 +1,171 @@
 # API
 The API system is intended for use with Desktop and Mobile clients.
 It must be accessed using one of the following domains as the Host header:
 * localhost.alpha.daplie.me
 * localhost.admin.daplie.me
 * alpha.localhost.daplie.me
 * admin.localhost.daplie.me
 * localhost.daplie.invalid
 All requests require an OAuth3 token in the request headers.
 ## Tokens
 Some of the functionality of goldilocks requires the use of OAuth3 tokens to
 perform tasks like setting DNS records. Management of these tokens can be done
 using the following APIs.
 ### Get A Single Token
  * **URL** `/api/goldilocks@daplie.com/tokens/:id`
  * **Method** `GET`
  * **Reponse**: The token matching the specified ID. Has the following properties.
    * `id`: The hash used to identify the token. Based on several of the fields
      inside the decoded token.
    * `provider_uri`: The URI for the one who issued the token. Should be the same
      as the `iss` field inside the decoded token.
    * `client_uri`: The URI for the app authorized to use the token. Should be the
      same as the `azp` field inside the decoded token.
    * `scope`: The list of permissions granted by the token. Should be the same
      as the `scp` field inside the decoded token.
    * `access_token`: The encoded JWT.
    * `token`: The decoded token.
 ### Get All Tokens
  * **URL** `/api/goldilocks@daplie.com/tokens`
  * **Method** `GET`
  * **Reponse**: An array of the tokens stored. Each item looks the same as if it
    had been requested individually.
 ### Save New Token
  * **URL** `/api/goldilocks@daplie.com/tokens`
  * **Method** `POST`
  * **Body**: An object similar to an OAuth3 session used by the javascript
    library. The only important fields are `refresh_token` or `access_token`, and
    `refresh_token` will be used before `access_token`. (This is because the
    `access_token` usually expires quickly, making it meaningless to store.)
  * **Reponse**: The response looks the same as a single GET request.
 ### Delete Token
  * **URL** `/api/goldilocks@daplie.com/tokens/:id`
  * **Method** `DELETE`
  * **Reponse**: Either `{"success":true}` or `{"success":false}`, depending on
    whether the token was present before the request.
 ## Config
 ### Get All Settings
  * **URL** `/api/goldilocks@daplie.com/config`
  * **Method** `GET`
  * **Reponse**: The JSON representation of the current config. See the [README.md](/README.md)
    for the structure of the config.
 ### Get Group Setting
  * **URL** `/api/goldilocks@daplie.com/config/:group`
  * **Method** `GET`
  * **Reponse**: The sub-object of the config relevant to the group specified in
    the url (ie http, tls, tcp, etc.)
 ### Get Group Module List
  * **URL** `/api/goldilocks@daplie.com/config/:group/modules`
  * **Method** `GET`
  * **Reponse**: The list of modules relevant to the group specified in the url
    (ie http, tls, tcp, etc.)
 ### Get Specific Module
  * **URL** `/api/goldilocks@daplie.com/config/:group/modules/:modId`
  * **Method** `GET`
  * **Reponse**: The module with the specified module ID.
 ### Get Domain Group
  * **URL** `/api/goldilocks@daplie.com/config/domains/:domId`
  * **Method** `GET`
  * **Reponse**: The domains specification with the specified domains ID.
 ### Get Domain Group Modules
  * **URL** `/api/goldilocks@daplie.com/config/domains/:domId/modules`
  * **Method** `GET`
  * **Reponse**: An object containing all of the relevant modules for the group
    of domains.
 ### Get Domain Group Module Category
  * **URL** `/api/goldilocks@daplie.com/config/domains/:domId/modules/:group`
  * **Method** `GET`
  * **Reponse**: A list of the specific category of modules for the group of domains.
 ### Get Specific Domain Group Module
  * **URL** `/api/goldilocks@daplie.com/config/domains/:domId/modules/:group/:modId`
  * **Method** `GET`
  * **Reponse**: The module with the specified module ID.
 ### Change Settings
  * **URL** `/api/goldilocks@daplie.com/config`
  * **URL** `/api/goldilocks@daplie.com/config/:group`
  * **Method** `POST`
  * **Body**: The changes to be applied on top of the current config. See the
    [README.md](/README.md) for the settings. If modules or domains are specified
    they are added to the current list.
  * **Reponse**: The current config. If the group is specified in the URL it will
    only be the config relevant to that group.
 ### Add Module
  * **URL** `/api/goldilocks@daplie.com/config/:group/modules`
  * **URL** `/api/goldilocks@daplie.com/config/domains/:domId/modules/:group`
  * **Method** `POST`
  * **Body**: The module to be added. Can also be provided an array of modules
    to add multiple modules in the same request.
  * **Reponse**: The current list of modules.
 ### Add Domain Group
  * **URL** `/api/goldilocks@daplie.com/config/domains`
  * **Method** `POST`
  * **Body**: The domains names and modules for the new domain group(s).
  * **Reponse**: The current list of domain groups.
 ### Edit Module
  * **URL** `/api/goldilocks@daplie.com/config/:group/modules/:modId`
  * **URL** `/api/goldilocks@daplie.com/config/domains/:domId/modules/:group/:modId`
  * **Method** `PUT`
  * **Body**: The new parameters for the module.
  * **Reponse**: The editted module.
 ### Edit Domain Group
  * **URL** `/api/goldilocks@daplie.com/config/domains/:domId`
  * **Method** `PUT`
  * **Body**: The new domains names for the domains group. The module list cannot
    be editted through this route.
  * **Reponse**: The editted domain group.
 ### Remove Module
  * **URL** `/api/goldilocks@daplie.com/config/:group/modules/:modId`
  * **URL** `/api/goldilocks@daplie.com/config/domains/:domId/modules/:group/:modId`
  * **Method** `DELETE`
  * **Reponse**: The list of modules.
 ### Remove Domain Group
  * **URL** `/api/goldilocks@daplie.com/config/domains/:domId`
  * **Method** `DELETE`
  * **Reponse**: The list of domain groups.
 ## Socks5 Proxy
 ### Check Status
  * **URL** `/api/goldilocks@daplie.com/socks5`
  * **Method** `GET`
  * **Response**: The returned object will have up to two values inside
    * `running`: boolean value to indicate if the proxy is currently active
    * `port`: if the proxy is running this is the port it's running on
 ### Start Proxy
  * **URL** `/api/goldilocks@daplie.com/socks5`
  * **Method** `POST`
  * **Response**: Same response as for the `GET` request
 ### Stop Proxy
  * **URL** `/api/goldilocks@daplie.com/socks5`
  * **Method** `DELETE`
  * **Response**: Same response as for the `GET` request
--- a/12
+++ b/12
@ -0,0 +1,12 @@
 v1.1.5 - Implemented dns-01 ACME challenges
 v1.1.4 - Improved responsiveness to config updates
  * changed which TCP/UDP ports are bound to on config update
  * update tunnel server settings on config update
  * update socks5 setting on config update
 v1.1.3 - Better late than never... here's some stuff we've got
  * fixed (probably) network settings not being readable
  * supports timeouts in loopback check
  * loopback check less likely to fail / throw errors, will try again
  * supports ddns using audience of token
--- a/41
+++ b/41
@ -0,0 +1,41 @@
 Copyright 2017 Daplie, Inc
 This is open source software; you can redistribute it and/or modify it under the
 terms of either:
   a) the "MIT License"
   b) the "Apache-2.0 License"
 MIT License
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
   in the Software without restriction, including without limitation the rights
   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
   copies of the Software, and to permit persons to whom the Software is
   furnished to do so, subject to the following conditions:
   The above copyright notice and this permission notice shall be included in all
   copies or substantial portions of the Software.
   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
   SOFTWARE.
 Apache-2.0 License Summary
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
     http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/README.md
+++ b/README.md
@ -1,4 +1,653 @@
 Goldilocks
 ==========
-The webserver that's just right.
+The node.js netserver that's just right.
 * **HTTPS Web Server** with Automatic TLS (SSL) via ACME ([Let's Encrypt](https://letsencrypt.org))
  * Static Web Server
  * URL Redirects
  * SSL on localhost (with bundled localhost.daplie.me certificates)
  * Uses node cluster to take advantage of multiple CPUs (in progress)
 * **TLS** name-based (SNI) proxy
 * **TCP** port-based proxy
 * WS **Tunnel Server** (i.e. run on Digital Ocean and expose a home-firewalled Raspberry Pi to the Internet)
 * WS **Tunnel Client** (i.e. run on a Raspberry Pi and connect to a Daplie Tunnel)
 * UPnP / NAT-PMP forwarding and loopback testing (in progress)
 * Configurable via API
 * mDNS Discoverable (configure in home or office with mobile and desktop apps)
 * OAuth3 Authentication
 Install Standalone
 -------
 ### curl | bash
 ```bash
 curl -fsSL https://git.coolaj86.com/coolaj86/goldilocks.js/raw/v1.1/installer/get.sh | bash
 ```
 ### git
 ```bash
 git clone https://git.coolaj86.com/coolaj86/goldilocks.js
 pushd goldilocks.js
 git checkout v1.1
 bash installer/install.sh
 ```
 ### npm
 ```bash
 # v1 in git (unauthenticated)
 npm install -g git+https://git@git.coolaj86.com:coolaj86/goldilocks.js#v1
 # v1 in git (via ssh)
 npm install -g git+ssh://git@git.coolaj86.com:coolaj86/goldilocks.js#v1
 # v1 in npm
 npm install -g goldilocks@v1
 ```
 ### Uninstall
 Remove goldilocks and services:
 ```
 rm -rf /opt/goldilocks/ /srv/goldilocks/ /var/goldilocks/ /var/log/goldilocks/ /etc/tmpfiles.d/goldilocks.conf /etc/systemd/system/goldilocks.service
 ```
 Remove config as well
 ```
 rm -rf /etc/goldilocks/ /etc/ssl/goldilocks
 ```
 Usage
 -----
 ```bash
 goldilocks
 ```
 ```bash
 Serving /Users/foo/ at https://localhost.daplie.me:8443
 ```
 Install as a System Service (daemon-mode)
 We have service support for
 * systemd (Linux, Ubuntu)
 * launchd (macOS)
 ```bash
 curl https://git.coolaj86.com/coolaj86/goldilocks.js/raw/master/install.sh | bash
 ```
 Modules & Configuration
 -----
 Goldilocks has several core systems, which all have their own configuration and
 some of which have modules:
 * [http](#http)
  - [proxy (reverse proxy)](#httpproxy-how-to-reverse-proxy-ruby-python-etc)
  - [static](#httpstatic-how-to-serve-a-web-page)
  - [redirect](#httpredirect-how-to-redirect-urls)
 * [tls](#tls)
  - [proxy (reverse proxy)](#tlsproxy)
  - [acme](#tlsacme)
 * [tcp](#tcp)
  - [proxy](#tcpproxy)
  - [forward](#tcpforward)
 * [udp](#udp)
  - [forward](#udpforward)
 * [domains](#domains)
 * [tunnel_server](#tunnel_server)
 * [DDNS](#ddns)
 * [tunnel_client](#tunnel)
 * [mDNS](#mdns)
 * [socks5](#socks5)
 * api
 All modules require a `type` and an `id`, and any modules not defined inside the
 `domains` system also require a `domains` field (with the exception of the `forward`
 modules that require the `ports` field).
 ### http
 The HTTP system handles plain http (TLS / SSL is handled by the tls system)
 Example config:
 ```yml
 http:
  trust_proxy: true                 # allow localhost, 192.x, 10.x, 172.x, etc to set headers
  allow_insecure: false             # allow non-https even without proxy https headers
  primary_domain: example.com       # attempts to access via IP address will redirect here
  # An array of modules that define how to handle incoming HTTP requests
  modules:
    - type: static
      domains:
        - example.com
      root: /srv/www/:hostname
 ```
 ### http.proxy - how to reverse proxy (ruby, python, etc)
 The proxy module is for reverse proxying, typically to an application on the same machine.
 (Though it can also reverse proxy to other devices on the local network.)
 It has the following options:
 ```
 address     The DNS-resolvable hostname (or IP address) and port connected by `:` to proxy the request to.
            Takes priority over host and port if they are also specified.
            ex: locahost:3000
            ex: 192.168.1.100:80
 host        The DNS-resolvable hostname (or IP address) of the system to which the request will be proxied.
            Defaults to localhost if only the port is specified.
            ex: localhost
            ex: 192.168.1.100
 port        The port on said system to which the request will be proxied
            ex: 3000
            ex: 80
 ```
 Example config:
 ```yml
 http:
  modules:
    - type: proxy
      domains:
        - api.example.com
      host: 192.168.1.100
      port: 80
    - type: proxy
      domains:
        - www.example.com
      address: 192.168.1.16:80
    - type: proxy
      domains:
        - '*'
      port: 3000
 ```
 ### http.static - how to serve a web page
 The static module is for serving static web pages and assets and has the following options:
 ```
 root        The path to serve as a string.
            The template variable `:hostname` represents the HTTP Host header without port information
            ex: `root: /srv/www/example.com` would load the example.com folder for any domain listed
            ex: `root: /srv/www/:hostname` would load `/srv/www/example.com` if so indicated by the Host header
 index       Set to `false` to disable the default behavior of loading `index.html` in directories
            ex: `false`
 dotfiles    Set to `allow` to load dotfiles rather than ignoring them
            ex: `"allow"`
 redirect    Set to `false` to disable the default behavior of ensuring that directory paths end in '/'
            ex: `false`
 indexes     An array of directories which should be have indexes served rather than blocked
            ex: `[ '/' ]` will allow all directories indexes to be served
 ```
 Example config:
 ```yml
 http:
  modules:
    - type: static
      domains:
        - example.com
      root: /srv/www/:hostname
 ```
 ### http.redirect - how to redirect URLs
 The redirect module is for, you guessed it, redirecting URLs.
 It has the following options:
 ```
 status      The HTTP status code to issue (301 is usual permanent redirect, 302 is temporary)
            ex: 301
 from        The URL path that was used in the request.
            The `*` wildcard character can be used for matching a full segment of the path
            ex: /photos/
            ex: /photos/*/*/
 to          The new URL path which should be used.
            If wildcards matches were used they will be available as `:1`, `:2`, etc.
            ex: /pics/
            ex: /pics/:1/:2/
            ex: https://mydomain.com/photos/:1/:2/
 ```
 Example config:
 ```yml
 http:
  modules:
    - type: proxy
      domains:
        - example.com
      status: 301
      from: /archives/*/*/*/
      to: https://example.net/year/:1/month/:2/day/:3/
 ```
 ### tls
 The tls system handles encrypted connections, including fetching certificates,
 and uses ServerName Indication (SNI) to determine if the connection should be
 handled by the http system, a tls system module, or rejected.
 Example config:
 ```yml
 tls:
  modules:
    - type: proxy
      domains:
        - example.com
        - example.net
      address: '127.0.0.1:6443'
 ```
 Certificates are saved to `~/acme`, which may be `/var/www/acme` if Goldilocks is run as the www-data user.
 ### tls.proxy
 The proxy module routes the traffic based on the ServerName Indication (SNI) **without decrypting** it.
 It has the same options as the [HTTP proxy module](#httpproxy-how-to-reverse-proxy-ruby-python-etc).
 Example config:
 ```yml
 tls:
  modules:
    - type: proxy
      domains:
        - example.com
      address: '127.0.0.1:5443'
 ```
 ### tls.acme
 The acme module defines the setting used when getting new certificates.
 It has the following options:
 ```
 email              The email address for ACME certificate issuance
                   ex: john.doe@example.com
 server             The ACME server to use
                   ex: https://acme-v01.api.letsencrypt.org/directory
                   ex: https://acme-staging.api.letsencrypt.org/directory
 challenge_type     The ACME challenge to request
                   ex: http-01, dns-01, tls-01
 ```
 Example config:
 ```yml
 tls:
  modules:
    - type: acme
      domains:
        - example.com
        - example.net
      email: 'joe.shmoe@example.com'
      server: 'https://acme-staging.api.letsencrypt.org/directory'
      challenge_type: 'http-01'
 ```
 **NOTE:** If you specify `dns-01` as the challenge type there must also be a
 [DDNS module](#ddns) defined for all of the relevant domains (though not all
 domains handled by a single TLS module need to be handled by the same DDNS
 module). The DDNS module provides all of the information needed to actually
 set the DNS records needed to verify ownership.
 ### tcp
 The tcp system handles both *raw* and *tls-terminated* tcp network traffic
 (see the _Note_ section below the example). It may use port numbers
 or traffic sniffing to determine how the connection should be handled.
 It has the following options:
 ```
 bind      An array of numeric ports on which to bind
          ex: 80
 ```
 Example Config:
 ```yml
 tcp:
  bind:
    - 22
    - 80
    - 443
  modules:
    - type: forward
      ports:
        - 22
      address: '127.0.0.1:2222'
 ```
 _Note_: When tcp traffic comes into goldilocks it will be tested against the tcp modules.
 The connection may be handed to the TLS module if it appears to be a TLS/SSL/HTTPS connection
 and if the tls module terminates the traffic, the connection will be sent back to the TLS module.
 Due to the complexity of node.js' networking stack it is not currently possible to tell which
 port tls-terminated traffic came from, so only the SNI header (serername / domain name) may be used for
 modules matching terminated TLS.
 ### tcp.proxy
 The proxy module routes traffic **after tls-termination** based on the servername (domain name)
 contained in a SNI header. As such this only works to route TCP connections wrapped in a TLS stream.
 It has the same options as the [HTTP proxy module](#httpproxy-how-to-reverse-proxy-ruby-python-etc).
 This is particularly useful for routing ssh and vpn traffic over tcp port 443 as wrapped TLS
 connections in order to access one of your servers even when connecting from a harsh or potentially
 misconfigured network environment (i.e. hotspots in public libraries and shopping malls).
 Example config:
 ```yml
 tcp:
  modules:
    - type: proxy
      domains:
        - ssh.example.com      # Note: this domain would also listed in tls.acme.domains
      host: localhost
      port: 22
    - type: proxy
      domains:
        - vpn.example.com      # Note: this domain would also listed in tls.acme.domains
      host: localhost
      port: 1194
 ```
 _Note_: In same cases network administrators purposefully block ssh and vpn connections using
 Application Firewalls with DPI (deep packet inspection) enabled. You should read the ToS of the
 network you are connected to to ensure that you aren't subverting policies that are purposefully
 in place on such networks.
 #### Using with ssh
 In order to use this to route SSH connections you will need to use `ssh`'s
 `ProxyCommand` option. For example to use the TLS certificate for `ssh.example.com`
 to wrap an ssh connection you could use the following command:
 ```bash
 ssh user@example.com -o ProxyCommand='openssl s_client -quiet -connect example.com:443 -servername ssh.example.com'
 ```
 Alternatively you could add the following lines to your ssh config file.
 ```
 Host example.com
  ProxyCommand openssl s_client -quiet -connect example.com:443 -servername ssh.example.com
 ```
 #### Using with OpenVPN
 There are two strategies that will work well for you:
 1) [Use ssh](https://redfern.me/tunneling-openvpn-through-ssh/) with the config above to reverse proxy tcp port 1194 to you.
 ```bash
 ssh -L 1194:localhost:1194 example.com
 ```
 2) [Use stunnel]https://serverfault.com/questions/675553/stunnel-vpn-traffic-and-ensure-it-looks-like-ssl-traffic-on-port-443/681497)
 ```
 [openvpn-over-goldilocks]
 client = yes
 accept = 127.0.0.1:1194
 sni = vpn.example.com
 connect = example.com:443
 ```
 3) [Use stunnel.js](https://git.coolaj86.com/coolaj86/tunnel-client.js) as described in the "tunnel_server" section below.
 ### tcp.forward
 The forward module routes traffic based on port number **without decrypting** it.
 In addition to the same options as the [HTTP proxy module](#httpproxy-how-to-reverse-proxy-ruby-python-etc),
 the TCP forward modules also has the following options:
 ```
 ports       A numeric array of source ports
            ex: 22
 ```
 Example Config:
 ```yml
 tcp:
  bind:
    - 22
    - 80
    - 443
  modules:
    - type: forward
      ports:
        - 22
      port: 2222
 ```
 ### udp
 The udp system handles all udp network traffic. It currently only supports
 forwarding the messages without any examination.
 It has the following options:
 ```
 bind      An array of numeric ports on which to bind
          ex: 53
 ```
 Example Config:
 ```yml
 udp:
  bind:
    - 53
  modules:
    - type: forward
      ports:
        - 53
      address: '127.0.0.1:8053'
 ```
 ### udp.forward
 The forward module routes traffic based on port number **without decrypting** it.
 It has the same options as the [TCP forward module](#tcpforward).
 Example Config:
 ```yml
 udp:
  bind:
    - 53
  modules:
    - type: forward
      ports:
        - 53
      address: '127.0.0.1:8053'
 ```
 ### domains
 To reduce repetition defining multiple modules that operate on the same domain
 name the `domains` field can define multiple modules of multiple types for a
 single list of names. The modules defined this way do not need to have their
 own `domains` field. Note that the [tcp.forward](#tcpforward) module is not
 allowed in a domains group since its routing is not based on domains.
 Example Config
 ```yml
 domains:
  - names:
      - example.com
      - www.example.com
      - api.example.com
    modules:
      tls:
        - type: acme
          email: joe.schmoe@example.com
          challenge_type: 'http-01'
      http:
        - type: redirect
          from: /deprecated/path
          to: /new/path
        - type: proxy
          port: 3000
      dns:
        - type: 'dns@oauth3.org'
          token_id: user_token_id
  - names:
      - ssh.example.com
    modules:
      tls:
        - type: acme
          email: john.smith@example.com
          challenge_type: 'http-01'
      tcp:
        - type: proxy
          port: 22
      dns:
        - type: 'dns@oauth3.org'
          token_id: user_token_id
 ```
 ### tunnel\_server
 The tunnel server system is meant to be run on a publicly accessible IP address to server tunnel clients
 which are behind firewalls, carrier-grade NAT, or otherwise Internet-connect but inaccessible devices.
 It has the following options:
 ```
 secret          A 128-bit or greater string to use for signing tokens (HMAC JWT)
                ex: abc123
 servernames     An array of string servernames that should be captured as the
                tunnel server, ignoring the TLS forward module
                ex: api.tunnel.example.com
 ```
 Example config:
 ```yml
 tunnel_server:
  secret: abc123def456ghi789
  servernames:
    - 'api.tunnel.example.com'
 ```
 ### DDNS
 The DDNS module watches the network environment of the unit and makes sure the
 device is always accessible on the internet using the domains listed in the
 config. If the device has a public address or if it can automatically set up
 port forwarding the device will periodically check its public address to ensure
 the DNS records always point to it. Otherwise it will to connect to a tunnel
 server and set the DNS records to point to that server.
 The `loopback` setting specifies how the unit will check its public IP address
 and whether connections can reach it. Currently only `tunnel@oauth3.org` is
 supported. If the loopback setting is not defined it will default to using
 `oauth3.org`.
 The `tunnel` setting can be used to specify how to connect to the tunnel.
 Currently only `tunnel@oauth3.org` is supported. The token specified in the
 `tunnel` setting will be used to acquire the tokens that are used directly with
 the tunnel server. If the tunnel setting is not defined it will default to try
 using the tokens in the modules for the relevant domains.
 If a particular DDNS module has been disabled the device will still try to set
 up port forwarding (and connect to a tunnel if that doesn't work), but the DNS
 records will not be updated to point to the device. This is to allow a setup to
 be tested before transitioning services between devices.
 ```yaml
 ddns:
  disabled: false
  loopback:
    type: 'tunnel@oauth3.org'
    domain: oauth3.org
  tunnel:
    type: 'tunnel@oauth3.org'
    token_id: user_token_id
  modules:
    - type: 'dns@oauth3.org'
      token_id: user_token_id
      domains:
        - www.example.com
        - api.example.com
        - test.example.com
 ```
 ### mDNS
 enabled by default
 Although it does not announce itself, Goldilocks is discoverable via mDNS with the special query `_cloud._tcp.local`.
 This is so that it can be easily configured via Desktop and Mobile apps when run on devices such as a Raspberry Pi or
 SOHO servers.
 ```yaml
 mdns:
  disabled: false
  port: 5353
  broadcast: '224.0.0.251'
  ttl: 300
 ```
 You can discover goldilocks with `mdig`.
 ```
 npm install -g git+https://git.coolaj86.com/coolaj86/mdig.js.git
 mdig _cloud._tcp.local
 ```
 ### socks5
 Run a Socks5 proxy server.
 ```yaml
 socks5:
  enable: true
  port: 1080
 ```
 ### api
 See [API.md](/API.md)
@tigerbot: How are the APIs used (in terms of URL, Method, Headers, etc)?
 TODO
 ----
 * [ ] http - nowww module
 * [ ] http - Allow match styles of `www.*`, `*`, and `*.example.com` equally
 * [ ] http - redirect based on domain name (not just path)
 * [ ] tcp - bind should be able to specify localhost, uniquelocal, private, or ip
 * [ ] tcp - if destination host is omitted default to localhost, if dst port is missing, default to src
 * [ ] sys - `curl https://coolaj86.com/goldilocks | bash -s example.com`
 * [ ] oauth3 - `example.com/.well-known/domains@oauth3.org/directives.json`
 * [ ] oauth3 - commandline questionnaire
 * [x] modules - use consistent conventions (i.e. address vs host + port)
  * [x] tls - tls.acme vs tls.modules.acme
 * [ ] tls - forward should be able to match on source port to reach different destination ports
--- a/admin/public/index.html
+++ b/admin/public/index.html
@ -0,0 +1,415 @@
 <!DOCTYPE html>
 <html ng-app="com.daplie.cloud" ng-strict>
  <head>
    <link type="text/css" rel="stylesheet" href="/assets/com.bootstrapcdn/spacelab/bootstrap.css">
  </head>
  <body class="fade" ng-class="[ 'in' ]" ng-controller="LoginController as vm" ng-init="vm.setSimple()">
    <div class="container">
      <center>
        <h1>Welcome to Goldilocks!</h1>
        <span ng-if="vm.config">
          Server Name: '<span ng-bind="vm.config.device.hostname"></span>' running from
          <br/>
          <code><span ng-bind="vm.config.cwd"></span>/</code>
          <br/>
          iface: <span ng-bind="vm.admin.network.iface"></span>
          <br/>
          ipv4: <span ng-bind="vm.admin.network.ipv4"></span>
          <br/>
          ipv6: <span ng-bind="vm.admin.network.ipv6"></span>
        </span>
        <br/>
        <br/>
      </center>
    </div>
    <div class="container">
      <div class="row">
      <div class="col-sm-3">
        <ul class="nav nav-pills nav-stacked" ng-init="vm.admin.page = 'authn'">
          <li
            role="presentation"
            ng-class="{ active: 'authn' === vm.admin.page }"
            ><a
              href=""
              ng-click="vm.admin.page = 'authn'"
              ng-disabled="'authn' === vm.admin.page"
              >Authenticate</a></li>
          <li
            ng-if="vm.config"
            role="presentation"
            ng-class="{ active: 'network' === vm.admin.page }"
            ><a
              href=""
              ng-click="vm.admin.page = 'network'"
              ng-disabled="'network' === vm.admin.page"
              >Network</a></li>
          <li
            ng-if="vm.config"
            role="presentation"
            ng-class="{ active: 'domains' === vm.admin.page }"
            ><a
              href=""
              ng-click="vm.admin.page = 'domains'"
              ng-disabled="'domains' === vm.admin.page"
              >Domains</a></li>
          <li
            ng-if="vm.config"
            role="presentation"
            ng-class="{ active: 'plugins' === vm.admin.page }"
            ><a
              href=""
              ng-click="vm.admin.page = 'plugins'"
              ng-disabled="'plugins' === vm.admin.page"
              >Plugins</a></li>
        </ul>
        <div ng-if="vm.config">
          <ul class="nav nav-tabs">
            <li
              role="presentation"
              ng-class="{ active: !vm.admin.remote }"
              ><a
                href=""
                ng-click="vm.admin.remote = false"
                >Local Server</a></li>
            <li
              role="presentation"
              ng-class="{ active: vm.admin.remote }"
              ><a
                href=""
                ng-click="vm.admin.remote = true"
                >Remote Server</a></li>
          </ul>
          <div ng-if="!vm.admin.remote">
            <label>Server Address:</label>
            <input type="text" disabled value="127.0.0.1">
            <label>Server Name:</label>
            <input type="text" disabled value="localhost.admin.daplie.me">
          </div>
          <div ng-if="vm.admin.remote">
            <button
              type="button"
              class="btn btn-default"
              ng-click="vm.remote.scan()">Scan Local Network</button>
            <br/>
            <label>Server Address:</label>
            <input type="text" placeholder="i.e. 192.168.1.100">
            <br/>
            <label>Server Name:</label>
            <input type="text" placeholder="i.e. admin.goldilocks.invalid">
            <br/>
            <label>Root Certificate Validation (optional):</label>
            <br/>
            <textarea class="textarea" placeholder="paste the contents of a root.pem here"></textarea>
          </div>
        </div>
      </div>
      <div class="col-sm-9">
        <div ng-if="!vm.config || 'authn' === vm.admin.page">
          <p>In order to administer this server you must authenticate.</p>
          <button
            type="button"
            class="btn btn-default"
            ng-disabled="vm.advanced && !vm.providerUri"
            ng-click="vm.authenticate()"
            >Login</button>
          <button
            type="button"
            class="btn btn-link"
            ng-if="!vm.advanced"
            ng-click="vm.setAdvanced()"
            >advanced</button>
          <div ng-if="vm.advanced">
            <button
              type="button"
              class="btn btn-link"
              ng-click="vm.setSimple();"
              >simple</button>
            <input
              type="text"
              ng-change="vm.checkProviderUri(vm.myProviderUri)"
              ng-model="vm.myProviderUri">
            <br/>
            <small>todo: allow per-device authorization</small>
          </div>
          <br/>
          <br/>
          <button
            class="btn btn-success"
            ng-if="vm.config"
            ng-click="vm.admin.page = 'network'"
            >Next: Network Settings</button>
        </div>
        <div ng-if="vm.config">
          <div ng-init="siteconf = vm.config.global">
            <div ng-if="'network' === vm.admin.page">
              <h1>Server Name:</h1>
              <input
                type="text"
                ng-model="vm.admin.servername"
                />
              <button
                type="button"
                class="btn btn-primary"
                ng-click="vm.admin.setDeviceName(vm.admin.servername)"
                ng-disabled="vm.config.device.hostname === vm.admin.servername"
                >Save</button>
              <h1>Addresses:</h1>
              <table class="table">
                <tr>
                  <th>Interface</th>
                  <th>Address</th>
                  <th>Family</th>
                  <th>Scope</th>
                </tr>
                <tr ng-repeat="addr in vm.config.addresses">
                  <td ng-bind="addr.iface"></td>
                  <td ng-bind="addr.address"></td>
                  <td ng-bind="addr.family"></td>
                  <td><span
                    ng-if="'unicast' !== addr.range" ng-bind="addr.range"></span
                    ><strong ng-if="'unicast' === addr.range">Internet</strong>
                    <button
                      ng-if="vm.admin.network.iface !== addr.iface"
                      class="btn btn-primary"
                      type="button"
                      ng-click="vm.admin.setInterface(addr)"
                      >Use <span ng-bind="addr.iface"></span></button></td>
                  </td>
                </tr>
                <tr>
                  <td>OAuth3 Tunnel</td>
                  <td>(automatically assigned)</td>
                  <td>IPv4 + IPv6</td>
                  <td><strong>Internet</strong>
                    <button
                      type="button"
                      class="btn btn-success"
                      ng-if="'oauth3-tunnel' !== vm.admin.network.iface"
                      ng-click="vm.enableTunnel()"
                      >Enable</button>
                    <div ng-if="'oauth3-tunnel' === vm.admin.network.iface">
                      <button
                        ng-if="!vm.admin.tunnel.advanced"
                        type="button"
                        class="btn btn-link"
                        ng-click="vm.admin.tunnel.advanced = true"
                        >Show Advanced Options</button>
                      <button
                        ng-if="vm.admin.tunnel.advanced"
                        type="button"
                        class="btn btn-link"
                        ng-click="vm.admin.tunnel.advanced = false"
                        >Hide Advanced Options</button>
                    </div>
                  </td>
                </tr>
              </table>
              <div ng-if="'oauth3-tunnel' === vm.admin.network.iface">
                <div ng-if="vm.admin.tunnel.advanced">
                  <h2>OAuth3 Tunnel Options</h2>
                  <label><input
                    type="checkbox"
                    ng-model="vm.admin.tunnel.optimistic"
                    ng-change="vm.setTunnel()"> Prefer local network when available</label>
                  <br/>
                  <label>URL</label> <input
                    class"form-input"
                    type="url"
                    value="https://oauth3.org/api/org.oauth3.tunnel"
                    disabled />
                  <br/>
                  <label>Token (Bearer or JWT)</label> <textarea
                    class"form-input"
                    disabled />aaaaaaaaaa.bbbbbbbbbbb.cccccccccccc</textarea>
                  <br/>
                  <label>Shared Secret (Text or JWK)</label> <input
                    class"form-input"
                    type="text"
                    value="xxxx-xxxx-xxx-xxxxx"
                    disabled />
                  <br/>
                  <label>Private Key (PEM or JWK)</label> <textarea
                    class"form-input"
                    disabled />    {
              kty: "EC",
              crv: "P-256",
              x: "zCQ5BPHPCLZYgdpo1n-x_90P2Ij52d53YVwTh3ZdiMo",
              y: "pDfQTUx0-OiZc5ZuKMcA7v2Q7ZPKsQwzB58bft0JTko",
              ext: true,
          }
      -----BEGIN EC PARAMETERS-----
      BggqhkjOPQMBBw==
      -----END EC PARAMETERS-----
      -----BEGIN EC PRIVATE KEY-----
      MHcCAQEEIDm2RM5oZ8NPkn06MZlpz7yk6X0gJ7TeJGBAA3lJmJ/UoAoGCCqGSM49
      AwEHoUQDQgAE2aCepzyydsM4oxfGMrtham2Do1U3AZSFNiuTLKMYqXTnp2LqNTVA
      FdfmISGJve/PV53+MnCzwRcnrwQb1OfRMQ==
      -----END EC PRIVATE KEY-----</textarea>
                  <br/>
                </div>
              </div>
            </div>
            <div ng-if="'domains' === vm.admin.page">
              <h1>Managed Domains:</h1>
              <div ng-if="!vm.domains.length">
                You don't have any domains with this account.
                <br/>
                Try a different account?
                <br/>
                <input type="url" placeholder="https://daplie.domains">
                <button type="button"
                  class="btn"
                  disabled
                  >Login</button>
              </div>
              <div ng-if="vm.domains.length">
                <table class="table">
                  <tr>
                    <td><select
                      ng-if="vm.domains.length"
                      ng-model="vm.domains.add.domain"
                      ng-options="domain.domain as domain.domain for domain in vm.domains"
                      ><option
                        style="display:none" value="">-- select domain --</option
                        ></select></td>
                    <td><input
                      type="text"
                      placeholder="@"
                      ng-model="vm.domains.add.sub"
                      >.<input
                      type="text"
                      placeholder="example.com"
                      ng-model="vm.domains.add.domain"
                      ></td>
                    <td><button
                      type="button"
                      class="btn btn-success"
                      ng-click="vm.domains.add.commit(vm.domain.add.sub, vm.delta.domain)"
                      >Add</button></td>
                  </tr>
                </table>
                <table class="table">
                  <tr>
                    <th>Domain</th>
                    <th>Sub</th>
                    <th>Devices</th>
                  </tr>
                  <tr ng-repeat="d in vm.dns">
                    <td ng-bind="d.domain"></td>
                    <td ng-bind="d.name"></td>
                    <td>
                      <span ng-if="!d.domain">
                        <div ng-repeat="dev in d.devices">
                          <span ng-bind="dev"
                            ></span> <button
                            type="button"
                            class="btn btn-danger"
                            ng-click="vm.removeDevice(d, dev)"
                            >x</button>
                        </div>
                      </span>
                    </td>
                  </tr>
                </table>
              </div>
            </div>
            <div ng-if="'plugins' === vm.admin.page">
              <h1>Global Settings:</h1>
              <br/>
              <form class="form-inline">
              <div ng-repeat="path in siteconf.paths">
                <h2 ng-bind="path.$id"></h2>
                <div ng-repeat="module in path.modules">
                  <h3>{{module.$id}}</h3>
                  <div ng-repeat="(key, value) in module">
                    <label>{{key}}</label>: <input class="form-control" ng-model="module[key]" />
                  </div>
                </div>
                <br/>
                <br/>
                <br/>
              </div>
              </form>
              <h1>Per-Domain Settings:</h1>
              <div ng-repeat="siteconf in vm.config.sites">
                <h2 ng-bind="siteconf.$id"></h2>
                <div ng-repeat="path in siteconf.paths">
                  <h2 ng-bind="path.$id"></h2>
                  <div ng-repeat="module in path.modules">
                    <h3>{{module.$id}}</h3>
                    <div ng-repeat="(key, value) in module">
                      <label>{{key}}</label>: <input class="form-control" ng-model="module[key]" />
                    </div>
                  </div>
                  <br/>
                  <br/>
                  <br/>
                </div>
              </div>
              <div ng-init="defaultsconf = vm.config.defaults">
                <h1>Fallback Settings:</h1>
                <br/>
                <div ng-repeat="path in siteconf.paths">
                  <h2 ng-bind="path.$id"></h2>
                  <div ng-repeat="module in path.modules">
                    <h3>{{module.$id}}</h3>
                    <div ng-repeat="(key, value) in module">
                      <label>{{key}}</label>: <input class="form-control" ng-model="module[key]" />
                    </div>
                  </div>
                  <br/>
                  <br/>
                  <br/>
                </div>
              </div>
              <div ng-if="!vm._showvmconfig">
                <button class="btn-link" ng-click="vm._showvmconfig = true">show config as json</button>
              </div>
              <div ng-if="vm._showvmconfig">
                <button class="btn-link" ng-click="vm._showvmconfig = false">hide config</button>
                <pre><code ng-bind="vm.config | json">{{vm.config}}</code></pre>
              </div>
            </div>
          </div>
        </div>
      </div>
      </div>
    </div>
    <script src="/assets/com.jquery/jquery-3.1.1.js"></script>
    <script src="/assets/com.google/angular.1.6.2.min.js"></script>
    <script src="/assets/org.oauth3/oauth3.core.js"></script>
    <script src="/assets/org.oauth3/oauth3.ng.js"></script>
    <script src="/assets/org.oauth3/oauth3.domains.js"></script>
    <script src="/assets/org.oauth3/oauth3.dns.js"></script>
    <script src="/js/app.js"></script>
  </body>
 </html>
--- a/admin/public/js/app.js
+++ b/admin/public/js/app.js
@ -0,0 +1,301 @@
 angular.module('com.daplie.cloud', [ 'org.oauth3' ])
  .service('oauth3', [ 'Oauth3', function (Oauth3) {
    // for security this app should not store the refresh token
    // (the localhost.* domains should never store them)
    Oauth3.hooks.session._store = {};
    Oauth3.hooks.session._get = function (providerUri) {
      return Oauth3.PromiseA.resolve(Oauth3.hooks.session._store[providerUri]);
    };
    Oauth3.hooks.session._set = function (providerUri, session) {
      Oauth3.hooks.session._store[providerUri] = session;
      return Oauth3.PromiseA.resolve(session);
    };
    var auth = Oauth3.create();
    auth.setProvider('oauth3.org').then(function () {
      auth.checkSession().then(function (session) {
        console.log('hasSession?', session);
      });
    });
    window.oauth3 = auth; // debug
    return auth;
  } ])
  .controller('LoginController', [ '$scope', '$timeout', 'oauth3', function ($scope, $timeout, oauth3) {
    var vm = this;
    var OAUTH3 = window.OAUTH3;
    vm.admin = { network: { iface: null, ipv4: null, ipv6: null } };
    vm.admin.ipify = 'https://api.ipify.org?format=json';
    vm.clientUri = OAUTH3.clientUri(window.location);
    vm.setSimple = function () {
      vm.advanced = false;
      vm.providerUri = vm.providerUri || 'oauth3.org';
    };
    vm.setAdvanced = function () {
      vm.advanced = true;
      vm.myProviderUri = vm.providerUri;
    };
    vm.checkProviderUri = function (myProviderUri) {
      $timeout.cancel(vm.checkProviderTimeout);
      vm.providerUri = null;
      vm.checkProviderTimeout = $timeout(function () {
        //var providerUri = vm.providerUri;
        return oauth3.setProvider(myProviderUri).then(function (directives) {
          console.log('directives', directives);
          vm.providerUri = myProviderUri;
        }, function (err) {
          console.error('failed provider lookup', err);
          vm.checkProviderTimeout = null;
        });
      }, 250);
    };
    vm.sortDnsRecords = function (a, b) {
      if (a.sld !== b.sld) {
        return a.sld > b.sld ? 1 : -1;
      }
      if (a.tld !== b.tld) {
        return a.tld > b.tld ? 1 : -1;
      }
      // TODO normalize
      a.sub = a.sub || '';
      b.sub = b.sub || '';
      if (a.sub !== b.sub) {
        if (!a.sub) {
          return -1;
        }
        if (!b.sub) {
          return 1;
        }
        return a.sub > b.sub ? 1 : -1;
      }
      if (a.domain !== b.domain) {
        if (!a.domain) {
          return 1;
        }
        if (!b.domain) {
          return -1;
        }
      }
    };
    vm.viewDomains = function (config, domains, dns) {
      vm.dns = dns.slice(0);
      vm.domains = domains.slice(0);
      vm.domains.sort(vm.sortDnsRecords);
      vm.dns = vm.dns.filter(function (record) {
        if (-1 === [ 'A', 'AAAA', 'ANAME' ].indexOf(record.type)) {
          return false;
        }
        if (record.device !== config.device.hostname) {
          return false;
        }
        return true;
      });
      vm.dns.forEach(function (r) {
        vm.domains.forEach(function (d) {
          if (r.zone === d.domain) {
            r.sub = r.name.substr(0, r.name.length - (d.domain.length + 1));
            r.tld = d.tld;
            r.sld = d.sld;
          }
        });
      });
      vm.dns = vm.dns.concat(vm.domains);
      vm.dns.sort(vm.sortDnsRecords);
      vm.dns.forEach(function (r) {
        if (r.domain) {
          return;
        }
        r.devices = r.devices || [ r.device ];
        dns.forEach(function (r2) {
          if (r.name !== r2.name) {
            return;
          }
          if (-1 !== r.devices.indexOf(r2.device)) {
            return;
          }
          r.devices.push(r2.device);
        });
      });
      console.log('vm.dns');
      console.log(vm.dns);
      /*
      vm.domains.forEach(function (d) {
        d.devices = [];
        dns.forEach(function (r) {
          // 0 === r.name.split('').reverse().join('').indexOf(d.domain.split('').reverse().join(''))
          if (r.zone === d.domain) {
            d.devices.push({
              name: r.device
            });
          }
        });
      });
      */
    };
    vm.authenticate = function () {
      // TODO authorization redirect /api/org.oauth3.consumer/authorization_redirect/:provider_uri
      var opts = {
        type: 'popup'
      , scope: 'domains,dns'
      // , debug: true
      };
      return oauth3.authenticate(opts).then(function (session) {
        console.info("Authorized Session", session);
        return oauth3.api('domains.list').then(function (domains) {
          console.info("domains owned", domains);
          return oauth3.api('dns.list').then(function (dns) {
            console.info("dns records", dns);
            return OAUTH3.request({
              method: 'POST'
            , url: 'https://' + vm.clientUri + '/api/com.daplie.goldilocks/init'
            , session: session
            , data: {
                access_token: session.access_token
              , refresh_token: session.refresh_token
              , expires_in: session.expires_in
              , scope: session.scope
              , provider_uri: OAUTH3.uri.normalize(session.provider_uri)
              , client_uri: vm.clientUri
              , domains: domains.map(function (d) {
                  return {
                    id: d.id
                  , sub: d.sub
                  , sld: d.sld
                  , tld: d.tld
                  };
                })
              , jwk: null // TODO publish public key
              }
            }).then(function (resp) {
              // TODO resp should contain a token
              console.info('Initialized Goldilocks', resp);
              return OAUTH3.request({
                method: 'GET'
              , url: 'https://' + vm.clientUri + '/api/com.daplie.goldilocks/config'
              , session: session
              }).then(function (configResp) {
                console.log('config', configResp.data);
                vm.config = configResp.data;
                vm.config.addresses.forEach(function (addr) {
                  if (/unicast/.test(addr.range) || /internet/i.test(addr.range)) {
                    // TODO
                    // there could be more than one iface (ipv4 on one and ipv6 on the other)
                    // there could also be more than one valid public ip
                    if ("IPv4" === addr.family) {
                      vm.admin.network.iface = addr.iface;
                      vm.admin.network.ipv4 = addr.address;
                    }
                    else if ("IPv6" === addr.family) {
                      // IPv6 gives valid internet address even when behind a firewall
                      // IPv6 requires a loopback test
                      // TODO always do the loopback / firewall test anyway
                      vm.admin.network.ipv6 = addr.address;
                    }
                  }
                });
                vm.admin.servername = vm.config.device.hostname;
                //vm.config.ifaces
                //vm.config.addresses = [];
                vm.viewDomains(vm.config, domains, dns);
                if (vm.admin.network.iface) {
                  return resp;
                }
                // TODO try UPnP IGD / NAT-PMP / DNS-SD / PCP (ipv6) here
                // TODO two requests - one to {{ipv4.ipify.org}}, the other to {{ipv6.ipify.org}}
                vm.admin.network.iface = 'gateway';
                return OAUTH3.request({
                  method: 'POST'
                , url: 'https://' + vm.clientUri + '/api/com.daplie.goldilocks/request'
                , session: session
                , data: {
                    method: 'GET'
                  , url: 'https://api.ipify.org?format=json'
                  }
                }).then(function (ipResp) {
                  console.log('ip-response', ipResp);
                  vm.admin.network.ipv4 = ipResp.data.body.ipv4 || ipResp.data.body.ip;
                  vm.admin.network.ipv6 = ipResp.data.body.ipv6;
                  return resp;
                });
              });
            }, function (err) {
              console.error(err);
              window.alert("Initialization failed:" + err.message);
            });
          });
        });
      }, function (err) {
        console.error(err);
        window.alert("Authentication failed:" + err.message);
      });
    };
    vm.enableTunnel = function (/*opts*/) {
      return oauth3.request({
        method: 'POST'
      , url: 'https://' + vm.clientUri + '/api/com.daplie.goldilocks/tunnel'
      }).then(function (result) {
        // vm.admin.network.iface = 'oauth3-tunnel';
        return result;
      });
    };
    /*
    console.log('OAUTH3.PromiseA', OAUTH3.PromiseA);
    return oauth3.setProvider('oauth3.org').then(function () {
      return oauth3.authenticate({ windowType: 'background' }).then(function () {
        console.log('HELLO!!');
        //vm.authnUpdated = Date.now();
        vm.hasSession = true;
      }, function () {
        console.log('GOODBYE!!');
        //vm.authnUpdated = Date.now();
        vm.hasSession = false;
        $timeout(function () {
          console.log('GOODBYE!!');
          vm.hello = 'Nope!';
        }, 1);
      });
    });
    //*/
  }]);
 /*
 $(function () {
 'use strict';
 var ui = {
 function login() {
 }
 };
 var auth = window.OAUTH3.create();
 // TODO put explicit in dns record
 // TODO CCA record
 auth.setProvider('oauth3.org');
 $('body').on('click', '.js-login', login);
 });
 */
--- a/bin/goldilocks.js
+++ b/bin/goldilocks.js
@ -0,0 +1,458 @@
 #!/usr/bin/env node
 'use strict';
 var cluster = require('cluster');
 if (!cluster.isMaster) {
  require('../lib/worker.js');
  return;
 }
 var crypto = require('crypto');
 var PromiseA = require('bluebird');
 var fs = PromiseA.promisifyAll(require('fs'));
 var configStorage;
 function mergeSettings(orig, changes) {
  Object.keys(changes).forEach(function (key) {
    // TODO: use an API that can properly handle updating arrays.
    if (!changes[key] || (typeof changes[key] !== 'object') || Array.isArray(changes[key])) {
      orig[key] = changes[key];
    }
    else if (!orig[key] || typeof orig[key] !== 'object') {
      orig[key] = changes[key];
    }
    else {
      mergeSettings(orig[key], changes[key]);
    }
  });
 }
 function fixRawConfig(config) {
  var updated = false;
  // First converge all of the `bind` properties for protocols that are on top
  // of TCP to `tcp.bind`.
  if (config.tcp && config.tcp.bind && !Array.isArray(config.tcp.bind)) {
    config.tcp.bind = [ config.tcp.bind ];
    updated = true;
  }
  if (config.http && config.http.bind) {
    config.tcp = config.tcp || { bind: [] };
    config.tcp.bind = (config.tcp.bind || []).concat(config.http.bind);
    delete config.http.bind;
    updated = true;
  }
  if (config.tls && config.tls.bind) {
    config.tcp = config.tcp || { bind: [] };
    config.tcp.bind = (config.tcp.bind || []).concat(config.tls.bind);
    delete config.tls.bind;
    updated = true;
  }
  // Then we rename dns to udp since the only thing we currently do with those
  // modules is proxy the packets without inspecting them at all.
  if (config.dns) {
    config.udp = config.dns;
    delete config.dns;
    updated = true;
  }
  // Convert all 'proxy' UDP modules to 'forward' modules that specify which
  // incoming ports are relevant. Primarily to make 'proxy' modules consistent
  // in needing relevant domain names.
  if (config.udp && !Array.isArray(config.udp.bind)) {
    config.udp.bind = [].concat(config.udp.bind || []);
    updated = true;
  }
  if (config.udp && config.udp.modules) {
    if (!config.udp.bind.length || !Array.isArray(config.udp.modules)) {
      delete config.udp.modules;
      updated = true;
    } else {
      config.udp.modules.forEach(function (mod) {
        if (mod.type === 'proxy') {
          mod.type = 'forward';
          mod.ports = config.udp.bind.slice();
          updated = true;
        }
      });
    }
  }
  // This we take the old way of defining ACME options and put them into a tls module.
  if (config.tls) {
    var oldPropMap = {
      email:              'email'
    , acme_directory_url: 'server'
    , challenge_type:     'challenge_type'
    , servernames:        'approved_domains'
    };
    if (Object.keys(oldPropMap).some(config.tls.hasOwnProperty, config.tls)) {
      updated = true;
      if (config.tls.acme) {
        console.warn('TLS config has `acme` field and old style definitions');
      } else {
        config.tls.acme = {};
        Object.keys(oldPropMap).forEach(function (oldKey) {
          if (config.tls[oldKey]) {
            config.tls.acme[oldPropMap[oldKey]] = config.tls[oldKey];
          }
        });
      }
    }
    if (config.tls.acme) {
      updated = true;
      config.tls.acme.domains = config.tls.acme.approved_domains;
      delete config.tls.acme.approved_domains;
      config.tls.modules = config.tls.modules || [];
      config.tls.modules.push(Object.assign({}, config.tls.acme, {type: 'acme'}));
      delete config.tls.acme;
    }
  }
  // Then we make sure all modules have an ID and type, and makes sure all domains
  // are in the right spot and also have an ID.
  function updateModules(list) {
    if (!Array.isArray(list)) {
      return;
    }
    list.forEach(function (mod) {
      if (!mod.id) {
        mod.id = crypto.randomBytes(4).toString('hex');
        updated = true;
      }
      if (mod.name) {
        mod.type = mod.type || mod.name;
        delete mod.name;
        updated = true;
      }
    });
  }
  function moveDomains(name) {
    if (!config[name].domains) {
      return;
    }
    updated = true;
    var domList = config[name].domains;
    delete config[name].domains;
    if (!Array.isArray(domList)) {
      return;
    }
    if (!Array.isArray(config.domains)) {
      config.domains = [];
    }
    domList.forEach(function (dom) {
      updateModules(dom.modules);
      var strDoms = dom.names.slice().sort().join(',');
      var added = config.domains.some(function (existing) {
        if (strDoms !== existing.names.slice().sort().join(',')) {
          return;
        }
        existing.modules = existing.modules || {};
        existing.modules[name] = (existing.modules[name] || []).concat(dom.modules);
        return true;
      });
      if (added) {
        return;
      }
      var newDom = {
        id:    crypto.randomBytes(4).toString('hex')
      , names: dom.names
      , modules: {}
      };
      newDom.modules[name] = dom.modules;
      config.domains.push(newDom);
    });
  }
  [ 'udp', 'tcp', 'http', 'tls' ].forEach(function (key) {
    if (!config[key]) {
      return;
    }
    updateModules(config[key].modules);
    moveDomains(key);
  });
  return updated;
 }
 async function createStorage(filename, filetype) {
  var recase = require('recase').create({});
  var snakeCopy = recase.snakeCopy.bind(recase);
  var camelCopy = recase.camelCopy.bind(recase);
  var parse, dump;
  if (filetype === 'json') {
    parse = JSON.parse;
    dump  = function (arg) { return JSON.stringify(arg, null, '  '); };
  } else {
    var yaml = require('js-yaml');
    parse = function (text) { return yaml.safeLoad(text) || {}; };
    dump  = yaml.safeDump;
  }
  async function read() {
    var text;
    try {
      text = await fs.readFileAsync(filename);
    } catch (err) {
      if (err.code === 'ENOENT') {
        return {};
      }
      throw err;
    }
    var rawConfig = parse(text);
    if (fixRawConfig(rawConfig)) {
      await fs.writeFileAsync(filename, dump(rawConfig));
      text = await fs.readFileAsync(filename);
      rawConfig = parse(text);
    }
    return rawConfig;
  }
  var result = {
    read: function () {
      return read().then(camelCopy);
    }
  , save: function (changes) {
      if (!changes || typeof changes !== 'object' || Array.isArray(changes)) {
        return PromiseA.reject(new Error('invalid config'));
      }
      changes = snakeCopy(changes);
      return read()
        .then(snakeCopy)
        .then(function (current) {
          mergeSettings(current, changes);
          // TODO: validate/lint the config before we actually write it.
          return dump(current);
        })
        .then(function (newText) {
          return fs.writeFileAsync(filename, newText);
        })
        .then(function () {
          return result.read();
        })
        ;
    }
  };
  return result;
 }
 async function checkConfigLocation(cwd, configFile) {
  cwd = cwd || process.cwd();
  var path = require('path');
  var filename, text;
  if (configFile) {
    filename = path.resolve(cwd, configFile);
    try {
      text = await fs.readFileAsync(filename);
    } catch (err) {
      if (err.code !== 'ENOENT') {
        throw err;
      }
      if (path.extname(filename) === '.json') {
        return { name: filename, type: 'json' };
      } else {
        return { name: filename, type: 'yaml' };
      }
    }
  } else {
    // Note that `path.resolve` can handle both relative and absolute paths.
    var defLocations = [
      path.resolve(cwd, 'goldilocks.yml')
    , path.resolve(cwd, 'goldilocks.json')
    , path.resolve(cwd, 'etc/goldilocks/goldilocks.yml')
    , '/etc/goldilocks/goldilocks.yml'
    ];
    var ind;
    for (ind = 0; ind < defLocations.length; ind += 1) {
      try {
        text = await fs.readFileAsync(defLocations[ind]);
        filename = defLocations[ind];
        break;
      } catch (err) {
        if (err.code !== 'ENOENT') {
          throw err;
        }
      }
    }
    if (!filename) {
      filename = defLocations[0];
      text = '';
    }
  }
  try {
    JSON.parse(text);
    return { name: filename, type: 'json' };
  } catch (err) {}
  try {
    require('js-yaml').safeLoad(text);
    return { name: filename, type: 'yaml' };
  } catch (err) {}
  throw new Error('Could not load "' + filename + '" as JSON nor YAML');
 }
 async function createConfigStorage(args) {
  var result = await checkConfigLocation(args.cwd, args.config);
  console.log('config file', result.name, 'is of type', result.type);
  configStorage = await createStorage(result.name, result.type);
  return configStorage.read();
 }
 var tcpProm;
 function fillConfig(config, args) {
  config.debug = config.debug || args.debug;
  config.socks5 = config.socks5 || { enabled: false };
  // Use Object.assign to copy any real config values over the default values so we can
  // easily make sure all the fields we need exist .
  var mdnsDefaults = { disabled: false, port: 5353, broadcast: '224.0.0.251', ttl: 300 };
  config.mdns = Object.assign(mdnsDefaults, config.mdns);
  if (!Array.isArray(config.domains)) {
    config.domains = [];
  }
  function fillComponent(name, fillBind) {
    if (!config[name]) {
      config[name] = {};
    }
    if (!Array.isArray(config[name].modules)) {
      config[name].modules = [];
    }
    if (fillBind && !Array.isArray(config[name].bind)) {
      config[name].bind = [];
    }
  }
  fillComponent('udp',   true);
  fillComponent('tcp',   true);
  fillComponent('http',  false);
  fillComponent('tls',   false);
  fillComponent('ddns',  false);
  config.device = { hostname: require('os').hostname() };
  if (Array.isArray(config.tcp.bind) && config.tcp.bind.length) {
    return PromiseA.resolve(config);
  }
  // We need to make sure we only check once, because even though our workers can
  // all bind on the same port witout issue we cannot. This will lead to failure
  // to determine which ports will work once the first worker starts.
  if (!tcpProm) {
    tcpProm = new PromiseA(function (resolve, reject) {
      require('../lib/check-ports').checkTcpPorts(function (failed, bound) {
        var result = Object.keys(bound).map(Number);
        if (result.length > 0) {
          resolve(result);
        } else {
          reject(failed);
        }
      });
    });
  }
  return tcpProm.then(
    function (bound) {
      config.tcp.bind = bound;
      return config;
    }, function (failed) {
      Object.keys(failed).forEach(function (key) {
        console.log('[error bind]', key, failed[key].code);
      });
      return PromiseA.reject(new Error("could not bind to the default ports"));
    });
 }
 function run(args) {
  var workers = {};
  var cachedConfig;
  function updateConfig(config) {
    fillConfig(config, args).then(function (config) {
      cachedConfig = config;
      console.log('changed config', config);
      Object.keys(workers).forEach(function (key) {
        workers[key].send(cachedConfig);
      });
    });
  }
  process.on('SIGHUP', function () {
    configStorage.read().then(updateConfig).catch(function (err) {
      console.error('error updating config after SIGHUP', err);
    });
  });
  cluster.on('message', function (worker, message) {
    if (message.type !== 'com.daplie.goldilocks/config') {
      return;
    }
    configStorage.save(message.changes).then(updateConfig).catch(function (err) {
      console.error('error changing config', err);
    });
  });
  cluster.on('online', function (worker) {
    console.log('[worker]', worker.id, 'online');
    workers[worker.id] = worker;
    // Worker is listening
    worker.send(cachedConfig);
  });
  cluster.on('exit', function (worker) {
    delete workers[worker.id];
    cluster.fork();
  });
  createConfigStorage(args)
    .then(function (config) {
      return fillConfig(config, args);
    })
    .then(function (config) {
      console.log('config.tcp.bind', config.tcp.bind);
      cachedConfig = config;
      // TODO spin up multiple workers
      // TODO use greenlock-cluster
      cluster.fork();
    }).catch(function (err) {
      console.error(err);
      process.exit(1);
    })
    ;
 }
 function readEnv(args) {
  // TODO
  try {
    if (process.env.GOLDILOCKS_HOME) {
      process.chdir(process.env.GOLDILOCKS_HOME);
    }
  } catch (err) {}
  var env = {
    cwd: process.env.GOLDILOCKS_HOME || process.cwd()
  , debug: process.env.GOLDILOCKS_DEBUG && true
  };
  run(Object.assign({}, env, args));
 }
 var program = require('commander');
 program
  .version(require('../package.json').version)
  .option('-c --config <file>', 'Path to config file (Goldilocks.json or Goldilocks.yml) example: --config /etc/goldilocks/Goldilocks.json')
  .option('--debug', "Enable debug output")
  .parse(process.argv);
 readEnv(program);
--- a/dist/Library/LaunchDaemons/com.daplie.goldilocks.web.plist
+++ b/dist/Library/LaunchDaemons/com.daplie.goldilocks.web.plist
@ -0,0 +1,57 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
 	<key>Label</key>
 	<string>Goldilocks</string>
 	<key>ProgramArguments</key>
 	<array>
 		<string>/opt/goldilocks/bin/node</string>
 		<string>/opt/goldilocks/bin/goldilocks</string>
 		<string>--config</string>
 		<string>/etc/goldilocks/goldilocks.yml</string>
 	</array>
 	<key>EnvironmentVariables</key>
 	<dict>
 		<key>GOLDILOCKS_PATH</key>
 		<string>/opt/goldilocks</string>
 		<key>NODE_PATH</key>
 		<string>/opt/goldilocks/lib/node_modules</string>
 		<key>NPM_CONFIG_PREFIX</key>
 		<string>/opt/goldilocks</string>
 	</dict>
 	<key>UserName</key>
 	<string>root</string>
 	<key>GroupName</key>
 	<string>wheel</string>
 	<key>InitGroups</key>
 	<true/>
 	<key>RunAtLoad</key>
 	<true/>
 	<key>KeepAlive</key>
 	<dict>
 		<key>Crashed</key>
 		<true/>
 		<key>SuccessfulExit</key>
 		<false/>
 	</dict>
 	<key>SoftResourceLimits</key>
 	<dict>
 		<key>NumberOfFiles</key>
 		<integer>8192</integer>
 	</dict>
 	<key>HardResourceLimits</key>
 	<dict/>
 	<key>WorkingDirectory</key>
  <string>/srv/www</string>
 	<key>StandardErrorPath</key>
 	<string>/var/log/goldilocks/error.log</string>
 	<key>StandardOutPath</key>
 	<string>/var/log/goldilocks/info.log</string>
 </dict>
 </plist>
--- a/dist/etc/goldilocks/goldilocks.example.yml
+++ b/dist/etc/goldilocks/goldilocks.example.yml
@ -0,0 +1,106 @@
 tcp:
  bind:
    - 22
    - 80
    - 443
  modules:
    - type: forward
      ports:
        - 22
      address: '127.0.0.1:8022'
 udp:
  bind:
    - 53
  modules:
    - type: forward
      ports:
        - 53
      port: 5353
      # default host is localhost
 tls:
  modules:
    - type: proxy
      domains:
        - localhost.bar.daplie.me
        - localhost.foo.daplie.me
      address: '127.0.0.1:5443'
    - type: acme
      domains:
        - '*.localhost.daplie.me'
      email: 'guest@example.com'
      challenge_type: 'http-01'
 http:
  trust_proxy: true
  allow_insecure: false
  primary_domain: localhost.daplie.me
  modules:
    - type: redirect
      domains:
        - localhost.beta.daplie.me
      status: 301
      from: /old/path/*/other/*
      to: https://example.com/path/new/:2/something/:1
    - type: proxy
      domains:
        - localhost.daplie.me
      host: localhost
      port: 4000
    - type: static
      domains:
        - '*.localhost.daplie.me'
      root: '/srv/www/:hostname'
 domains:
  - names:
      - localhost.gamma.daplie.me
    modules:
      tls:
        - type: proxy
          port: 6443
  - names:
      - beta.localhost.daplie.me
      - baz.localhost.daplie.me
    modules:
      tls:
        - type: acme
          email: 'owner@example.com'
          challenge_type: 'tls-sni-01'
          # default server is 'https://acme-v01.api.letsencrypt.org/directory'
      http:
        - type: redirect
          from: /nowhere/in/particular
          to: /just/an/example
        - type: proxy
          address: '127.0.0.1:3001'
 mdns:
  disabled: false
  port: 5353
  broadcast: '224.0.0.251'
  ttl: 300
 tunnel_server:
  secret: abc123
  servernames:
    - 'tunnel.localhost.com'
 ddns:
  loopback:
    type: 'tunnel@oauth3.org'
    domain: oauth3.org
  tunnel:
    type: 'tunnel@oauth3.org'
    token: user_token_id
  modules:
    - type: 'dns@oauth3.org'
      token: user_token_id
      domains:
        - www.example.com
        - api.example.com
        - test.example.com
--- a/dist/etc/goldilocks/goldilocks.yml
+++ b/dist/etc/goldilocks/goldilocks.yml
--- a/dist/etc/systemd/system/goldilocks.service
+++ b/dist/etc/systemd/system/goldilocks.service
@ -0,0 +1,69 @@
 [Unit]
 Description=Goldilocks Internet Server
 Documentation=https://git.daplie.com/Daplie/goldilocks.js
 After=network-online.target
 Wants=network-online.target systemd-networkd-wait-online.service
 [Service]
 # Restart on crash (bad signal), and on 'clean' failure (error exit code)
 # Allow up to 3 restarts within 10 seconds
 # (it's unlikely that a user or properly-running script will do this)
 Restart=on-failure
 StartLimitInterval=10
 StartLimitBurst=3
 # The v8 VM will output a "clean" for JavaScript errors.
 # If we knew we were never going to accidentally exit cleanly
 # we would use on-abnormal:
 ; Restart=on-abnormal
 # User and group the process will run as
 # (www-data is the de facto standard on most systems)
 User=MY_USER
 Group=MY_GROUP
 # If we need to pass environment variables in the future
 Environment=GOLDILOCKS_PATH=/srv/www NODE_PATH=/opt/goldilocks/lib/node_modules NPM_CONFIG_PREFIX=/opt/goldilocks
 # Set a sane working directory, sane flags, and specify how to reload the config file
 WorkingDirectory=/opt/goldilocks
 ExecStart=/opt/goldilocks/bin/node /opt/goldilocks/bin/goldilocks --config /etc/goldilocks/goldilocks.yml
 ExecReload=/bin/kill -USR1 $MAINPID
 # Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
 # Unmodified goldilocks is not expected to use more than this.
 LimitNOFILE=1048576
 LimitNPROC=64
 # Use private /tmp and /var/tmp, which are discarded after goldilocks stops.
 PrivateTmp=true
 # Use a minimal /dev
 PrivateDevices=true
 # Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
 ProtectHome=true
 # Make /usr, /boot, /etc and possibly some more folders read-only.
 ProtectSystem=full
 # … except TLS/SSL, ACME, and Let's Encrypt certificates
 #   and /var/log/goldilocks, because we want a place where logs can go.
 #   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
 ReadWriteDirectories=/etc/goldilocks /etc/ssl /srv/www /var/log/goldilocks /opt/goldilocks
 # you may also want to add other directories such as /opt/goldilocks /etc/acme /etc/letsencrypt
 # Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
 ; ReadWritePaths=/etc/goldilocks /var/log/goldilocks
 # The following additional security directives only work with systemd v229 or later.
 # They further retrict privileges that can be gained.
 # Note that you may have to add capabilities required by any plugins in use.
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 NoNewPrivileges=true
 # Caveat: Some plugins need additional capabilities.
 # For example "upload" needs CAP_LEASE
 ; CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_LEASE
 ; AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_LEASE
 ; NoNewPrivileges=true
 [Install]
 WantedBy=multi-user.target
--- a/dist/etc/tmpfiles.d/goldilocks.conf
+++ b/dist/etc/tmpfiles.d/goldilocks.conf
@ -0,0 +1,5 @@
 # /etc/tmpfiles.d/goldilocks.conf
 # See https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
 # Type Path           Mode UID      GID      Age Argument
 d /run/goldilocks     0755 MY_USER  MY_GROUP -   -
--- a/installer/get.sh
+++ b/installer/get.sh
@ -0,0 +1,20 @@
 set -e
 set -u
 my_name=goldilocks
 # TODO provide an option to supply my_ver and my_tmp
 my_ver=master
 my_tmp=$(mktemp -d)
 mkdir -p $my_tmp/opt/$my_name/lib/node_modules/$my_name
 git clone https://git.coolaj86.com/coolaj86/goldilocks.js.git $my_tmp/opt/$my_name/lib/node_modules/$my_name
 echo "Installing to $my_tmp (will be moved after install)"
 pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name
  git checkout $my_ver
  source ./installer/install.sh
 popd
 echo "Installation successful, now cleaning up $my_tmp ..."
 rm -rf $my_tmp
 echo "Done"
--- a/installer/http-get.sh
+++ b/installer/http-get.sh
@ -0,0 +1,48 @@
 ###############################
 #                             #
 #         http_get            #
 # boilerplate for curl / wget #
 #                             #
 ###############################
 # See https://git.coolaj86.com/coolaj86/snippets/blob/master/bash/http-get.sh
 _h_http_get=""
 _h_http_opts=""
 _h_http_out=""
 detect_http_get()
 {
  set +e
  if type -p curl >/dev/null 2>&1; then
    _h_http_get="curl"
    _h_http_opts="-fsSL"
    _h_http_out="-o"
  elif type -p wget >/dev/null 2>&1; then
    _h_http_get="wget"
    _h_http_opts="--quiet"
    _h_http_out="-O"
  else
    echo "Aborted, could not find curl or wget"
    return 7
  fi
  set -e
 }
 http_get()
 {
  $_h_http_get $_h_http_opts $_h_http_out "$2" "$1"
  touch "$2"
 }
 http_bash()
 {
  _http_url=$1
  #dap_args=$2
  rm -rf dap-tmp-runner.sh
  $_h_http_get $_h_http_opts $_h_http_out dap-tmp-runner.sh "$_http_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh
 }
 detect_http_get
 ## END HTTP_GET ##
--- a/installer/install-for-launchd.sh
+++ b/installer/install-for-launchd.sh
@ -0,0 +1,17 @@
 set -u
 my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist"
 echo ""
 echo "Installing as launchd service"
 echo ""
 # See http://www.launchd.info/
 safe_copy_config "$my_app_dist/$my_app_launchd_service" "$my_root/$my_app_launchd_service"
 $sudo_cmd chown root:wheel "$my_root/$my_app_launchd_service"
 $sudo_cmd launchctl unload -w "$my_root/$my_app_launchd_service" >/dev/null 2>/dev/null
 $sudo_cmd launchctl load -w "$my_root/$my_app_launchd_service"
 echo "$my_app_name started with launchd"
--- a/installer/install-for-systemd.sh
+++ b/installer/install-for-systemd.sh
@ -0,0 +1,37 @@
 set -u
 my_app_systemd_service="etc/systemd/system/${my_app_name}.service"
 my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf"
 echo ""
 echo "Installing as systemd service"
 echo ""
 sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_service" > "$my_app_dist/$my_app_systemd_service.2"
 sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_service.2" > "$my_app_dist/$my_app_systemd_service"
 rm "$my_app_dist/$my_app_systemd_service.2"
 safe_copy_config "$my_app_dist/$my_app_systemd_service" "$my_root/$my_app_systemd_service"
 $sudo_cmd chown root:root "$my_root/$my_app_systemd_service"
 sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_tmpfiles" > "$my_app_dist/$my_app_systemd_tmpfiles.2"
 sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_tmpfiles.2" > "$my_app_dist/$my_app_systemd_tmpfiles"
 rm "$my_app_dist/$my_app_systemd_tmpfiles.2"
 safe_copy_config "$my_app_dist/$my_app_systemd_tmpfiles" "$my_root/$my_app_systemd_tmpfiles"
 $sudo_cmd chown root:root "$my_root/$my_app_systemd_tmpfiles"
 $sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null || true
 $sudo_cmd systemctl daemon-reload
 $sudo_cmd systemctl start "${my_app_name}.service"
 $sudo_cmd systemctl enable "${my_app_name}.service"
 echo ""
 echo ""
 echo "Fun systemd commands to remember:"
 echo "  $sudo_cmd systemctl daemon-reload"
 echo "  $sudo_cmd systemctl restart $my_app_name.service"
 echo ""
 echo "$my_app_name started with systemctl, check its status like so:"
 echo "  $sudo_cmd systemctl status $my_app_name"
 echo "  $sudo_cmd journalctl -xefu $my_app_name"
 echo ""
 echo ""
--- a/installer/install-system-service.sh
+++ b/installer/install-system-service.sh
@ -0,0 +1,37 @@
 safe_copy_config()
 {
  src=$1
  dst=$2
  $sudo_cmd mkdir -p $(dirname "$dst")
  if [ -f "$dst" ]; then
    $sudo_cmd rsync -a "$src" "$dst.latest"
    # TODO edit config file with $my_user and $my_group
    if [ "$(cat $dst)" == "$(cat $dst.latest)" ]; then
      $sudo_cmd rm $dst.latest
    else
      echo "MANUAL INTERVENTION REQUIRED: check the systemd script update and manually decide what you want to do"
      echo "diff $dst $dst.latest"
      $sudo_cmd chown -R root:root "$dst.latest"
    fi
  else
    $sudo_cmd rsync -a --ignore-existing "$src" "$dst"
  fi
  $sudo_cmd chown -R root:root "$dst"
  $sudo_cmd chmod 644 "$dst"
 }
 installable=""
 if [ -d "$my_root/etc/systemd/system" ]; then
  source ./installer/install-for-systemd.sh
  installable="true"
 fi
 if [ -d "/Library/LaunchDaemons" ]; then
  source ./installer/install-for-launchd.sh
  installable="true"
 fi
 if [ -z "$installable" ]; then
  echo ""
  echo "Unknown system service init type. You must install as a system service manually."
  echo '(please file a bug with the output of "uname -a")'
  echo ""
 fi
--- a/installer/install.sh
+++ b/installer/install.sh
@ -0,0 +1,150 @@
 #!/bin/bash
 set -e
 set -u
 ### IMPORTANT ###
 ###  VERSION  ###
 my_name=goldilocks
 my_app_pkg_name=com.coolaj86.goldilocks.web
 my_app_ver="v1.1"
 my_azp_oauth3_ver="v1.2.3"
 export NODE_VERSION="v8.9.3"
 if [ -z "${my_tmp-}" ]; then
  my_tmp="$(mktemp -d)"
  mkdir -p $my_tmp/opt/$my_name/lib/node_modules/$my_name
  echo "Installing to $my_tmp (will be moved after install)"
  git clone ./ $my_tmp/opt/$my_name/lib/node_modules/$my_name
  pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name
 fi
 #################
 export NODE_PATH=$my_tmp/opt/$my_name/lib/node_modules
 export PATH=$my_tmp/opt/$my_name/bin/:$PATH
 export NPM_CONFIG_PREFIX=$my_tmp/opt/$my_name
 my_npm="$NPM_CONFIG_PREFIX/bin/npm"
 #################
 my_app_dist=$my_tmp/opt/$my_name/lib/node_modules/$my_name/dist
 installer_base="https://git.coolaj86.com/coolaj86/goldilocks.js/raw/$my_app_ver"
 # Backwards compat
 # some scripts still use the old names
 my_app_dir=$my_tmp
 my_app_name=$my_name
 git checkout $my_app_ver
 mkdir -p "$my_tmp/opt/$my_name"/{lib,bin,etc}
 ln -s ../lib/node_modules/$my_name/bin/$my_name.js $my_tmp/opt/$my_name/bin/$my_name
 ln -s ../lib/node_modules/$my_name/bin/$my_name.js $my_tmp/opt/$my_name/bin/$my_name.js
 mkdir -p "$my_tmp/etc/$my_name"
 chmod 775 "$my_tmp/etc/$my_name"
 cat "$my_app_dist/etc/$my_name/$my_name.example.yml" > "$my_tmp/etc/$my_name/$my_name.example.yml"
 chmod 664 "$my_tmp/etc/$my_name/$my_name.example.yml"
 mkdir -p $my_tmp/srv/www
 mkdir -p $my_tmp/var/www
 mkdir -p $my_tmp/var/log/$my_name
 #
 # Helpers
 #
 source ./installer/sudo-cmd.sh
 source ./installer/http-get.sh
 #
 # Dependencies
 #
 echo $NODE_VERSION > /tmp/NODEJS_VER
 http_bash "https://git.coolaj86.com/coolaj86/node-installer.sh/raw/v1.1/install.sh"
 $my_npm install -g npm@4
 pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name
  $my_npm install
 popd
 pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name/packages/assets
  OAUTH3_GIT_URL="https://git.oauth3.org/OAuth3/oauth3.js.git"
  git clone ${OAUTH3_GIT_URL} oauth3.org || true
  ln -s oauth3.org org.oauth3
  pushd oauth3.org
    git remote set-url origin ${OAUTH3_GIT_URL}
    git checkout $my_azp_oauth3_ver
    #git pull
  popd
  mkdir -p jquery.com
  ln -s jquery.com com.jquery
  pushd jquery.com
    http_get 'https://code.jquery.com/jquery-3.1.1.js' jquery-3.1.1.js
  popd
  mkdir -p google.com
  ln -s google.com com.google
  pushd google.com
    http_get 'https://ajax.googleapis.com/ajax/libs/angularjs/1.6.2/angular.min.js' angular.1.6.2.min.js
  popd
  mkdir -p well-known
  ln -s well-known .well-known
  pushd well-known
    ln -snf ../oauth3.org/well-known/oauth3 ./oauth3
  popd
  echo "installed dependencies"
 popd
 #
 # System Service
 #
 source ./installer/my-root.sh
 echo "Pre-installation to $my_tmp complete, now installing to $my_root/ ..."
 set +e
 if type -p tree >/dev/null 2>/dev/null; then
  #tree -I "node_modules|include|share" $my_tmp
  tree -L 6 -I "include|share|npm" $my_tmp
 else
  ls $my_tmp
 fi
 set -e
 source ./installer/my-user-my-group.sh
 echo "User $my_user Group $my_group"
 source ./installer/install-system-service.sh
 $sudo_cmd chown -R $my_user:$my_group $my_tmp/*
 $sudo_cmd chown root:root $my_tmp/*
 $sudo_cmd chown root:root $my_tmp
 $sudo_cmd chmod 0755 $my_tmp
 # don't change permissions on /, /etc, etc
 $sudo_cmd rsync -a --ignore-existing $my_tmp/ $my_root/
 $sudo_cmd rsync -a --ignore-existing $my_app_dist/etc/$my_name/$my_name.yml $my_root/etc/$my_name/$my_name.yml
 # Change to admin perms
 $sudo_cmd chown -R $my_user:$my_group $my_root/opt/$my_name
 $sudo_cmd chown -R $my_user:$my_group $my_root/var/www $my_root/srv/www
 # make sure the files are all read/write for the owner and group, and then set
 # the setuid and setgid bits so that any files/directories created inside these
 # directories have the same owner and group.
 $sudo_cmd chmod -R ug+rwX $my_root/opt/$my_name
 find $my_root/opt/$my_name -type d -exec $sudo_cmd chmod ug+s {} \;
 echo ""
 echo "$my_name installation complete!"
 echo ""
 echo ""
 echo "Update the config at: /etc/$my_name/$my_name.yml"
 echo ""
 echo "Unistall: rm -rf /srv/$my_name/ /var/$my_name/ /etc/$my_name/ /opt/$my_name/ /var/log/$my_name/ /etc/tmpfiles.d/$my_name.conf /etc/systemd/system/$my_name.service /etc/ssl/$my_name"
--- a/installer/my-root.sh
+++ b/installer/my-root.sh
@ -0,0 +1,8 @@
 # something or other about android and tmux using PREFIX
 #: "${PREFIX:=''}"
 my_root=""
 if [ -z "${PREFIX-}" ]; then
  my_root=""
 else
  my_root="$PREFIX"
 fi
--- a/installer/my-user-my-group.sh
+++ b/installer/my-user-my-group.sh
@ -0,0 +1,19 @@
 if type -p adduser >/dev/null 2>/dev/null; then
  if [ -z "$(cat $my_root/etc/passwd | grep $my_app_name)" ]; then
    $sudo_cmd adduser --home $my_root/opt/$my_app_name --gecos '' --disabled-password $my_app_name
  fi
  my_user=$my_app_name
  my_group=$my_app_name
 elif [ -n "$(cat /etc/passwd | grep www-data:)" ]; then
  # Linux (Ubuntu)
  my_user=www-data
  my_group=www-data
 elif [ -n "$(cat /etc/passwd | grep _www:)" ]; then
  # Mac
  my_user=_www
  my_group=_www
 else
  # Unsure
  my_user=$(whoami)
  my_group=$(id -g -n)
 fi
--- a/installer/sudo-cmd.sh
+++ b/installer/sudo-cmd.sh
@ -0,0 +1,7 @@
 # Not every platform has or needs sudo, gotta save them O(1)s...
 sudo_cmd=""
 set +e
 if type -p sudo >/dev/null 2>/dev/null; then
  ((EUID)) && [[ -z "${ANDROID_ROOT-}" ]] && sudo_cmd="sudo"
 fi
 set -e
--- a/lib/admin/apis.js
+++ b/lib/admin/apis.js
@ -0,0 +1,585 @@
 'use strict';
 module.exports.dependencies = [ 'OAUTH3', 'storage.owners', 'options.device' ];
 module.exports.create = function (deps, conf) {
  var scmp = require('scmp');
  var crypto = require('crypto');
  var jwt = require('jsonwebtoken');
  var bodyParser = require('body-parser');
  var jsonParser = bodyParser.json({
    inflate: true, limit: '100kb', reviver: null, strict: true /* type, verify */
  });
  function handleCors(req, res, methods) {
    if (!methods) {
      methods = ['GET', 'POST'];
    }
    if (!Array.isArray(methods)) {
      methods = [ methods ];
    }
    res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*');
    res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
    res.setHeader('Access-Control-Allow-Credentials', 'true');
    if (req.method.toUpperCase() === 'OPTIONS') {
      res.setHeader('Allow', methods.join(', '));
      res.end();
      return true;
    }
    if (methods.indexOf('*') >= 0) {
      return false;
    }
    if (methods.indexOf(req.method.toUpperCase()) < 0) {
      res.statusCode = 405;
      res.setHeader('Content-Type', 'application/json');
      res.end(JSON.stringify({ error: { message: 'method '+req.method+' not allowed', code: 'EBADMETHOD'}}));
      return true;
    }
  }
  function makeCorsHandler(methods) {
    return function corsHandler(req, res, next) {
      if (!handleCors(req, res, methods)) {
        next();
      }
    };
  }
  function handlePromise(req, res, prom) {
    prom.then(function (result) {
      res.send(deps.recase.snakeCopy(result));
    }).catch(function (err) {
      if (conf.debug) {
        console.log(err);
      }
      res.statusCode = err.statusCode || 500;
      err.message = err.message || err.toString();
      res.end(JSON.stringify({error: {message: err.message, code: err.code}}));
    });
  }
  function isAuthorized(req, res, fn) {
    var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
    if (!auth) {
      res.statusCode = 401;
      res.setHeader('Content-Type', 'application/json;');
      res.end(JSON.stringify({ error: { message: "no token", code: 'E_NO_TOKEN', uri: undefined } }));
      return;
    }
    var id = crypto.createHash('sha256').update(auth.sub).digest('hex');
    return deps.storage.owners.exists(id).then(function (exists) {
      if (!exists) {
        res.statusCode = 401;
        res.setHeader('Content-Type', 'application/json;');
        res.end(JSON.stringify({ error: { message: "not authorized", code: 'E_NO_AUTHZ', uri: undefined } }));
        return;
      }
      req.userId = id;
      fn();
    });
  }
  function checkPaywall() {
    var url = require('url');
    var PromiseA = require('bluebird');
    var testDomains = [
      'daplie.com'
    , 'duckduckgo.com'
    , 'google.com'
    , 'amazon.com'
    , 'facebook.com'
    , 'msn.com'
    , 'yahoo.com'
    ];
    // While this is not being developed behind a paywall the current idea is that
    // a paywall will either manipulate DNS queries to point to the paywall gate,
    // or redirect HTTP requests to the paywall gate. So we check for both and
    // hope we can detect most hotel/ISP paywalls out there in the world.
    //
    // It is also possible that the paywall will prevent any unknown traffic from
    // leaving the network, so the DNS queries could fail if the unit is set to
    // use nameservers other than the paywall router.
    return PromiseA.resolve()
    .then(function () {
      var dns = PromiseA.promisifyAll(require('dns'));
      var proms = testDomains.map(function (dom) {
        return dns.resolve6Async(dom)
          .catch(function () {
            return dns.resolve4Async(dom);
          })
          .then(function (result) {
            return result[0];
          }, function () {
            return null;
          });
      });
      return PromiseA.all(proms).then(function (addrs) {
        var unique = addrs.filter(function (value, ind, self) {
          return value && self.indexOf(value) === ind;
        });
        // It is possible some walls might have exceptions that leave some of the domains
        // we test alone, so we might have more than one unique address even behind an
        // active paywall.
        return unique.length < addrs.length;
      });
    })
    .then(function (paywall) {
      if (paywall) {
        return paywall;
      }
      var request = deps.request.defaults({
        followRedirect: false
      , headers: {
          connection: 'close'
        }
      });
      var proms = testDomains.map(function (dom) {
        return request('http://'+dom).then(function (resp) {
          if (resp.statusCode >= 300 && resp.statusCode < 400) {
            return url.parse(resp.headers.location).hostname;
          } else {
            return dom;
          }
        });
      });
      return PromiseA.all(proms).then(function (urls) {
        var unique = urls.filter(function (value, ind, self) {
          return value && self.indexOf(value) === ind;
        });
        return unique.length < urls.length;
      });
    })
    ;
  }
  // This object contains all of the API endpoints written before we changed how
  // the API routing is handled. Eventually it will hopefully disappear, but for
  // now we're focusing on the things that need changing more.
  var oldEndPoints = {
    init: function (req, res) {
      if (handleCors(req, res, ['GET', 'POST'])) {
        return;
      }
      if ('POST' !== req.method) {
        // It should be safe to give the list of owner IDs to an un-authenticated
        // request because the ID is the sha256 of the PPID and shouldn't be reversible
        return deps.storage.owners.all().then(function (results) {
          var ids = results.map(function (owner) {
            return owner.id;
          });
          res.setHeader('Content-Type', 'application/json');
          res.end(JSON.stringify(ids));
        });
      }
      jsonParser(req, res, function () {
      return deps.PromiseA.resolve().then(function () {
        console.log('init POST body', req.body);
        var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
        var token = jwt.decode(req.body.access_token);
        var refresh = jwt.decode(req.body.refresh_token);
        auth.sub = auth.sub || auth.acx.id;
        token.sub = token.sub || token.acx.id;
        refresh.sub = refresh.sub || refresh.acx.id;
        // TODO validate token with issuer, but as-is the sub is already a secret
        var id = crypto.createHash('sha256').update(auth.sub).digest('hex');
        var tid = crypto.createHash('sha256').update(token.sub).digest('hex');
        var rid = crypto.createHash('sha256').update(refresh.sub).digest('hex');
        var session = {
          access_token: req.body.access_token
        , token: token
        , refresh_token: req.body.refresh_token
        , refresh: refresh
        };
        console.log('ids', id, tid, rid);
        if (req.body.ip_url) {
          // TODO set options / GunDB
          conf.ip_url = req.body.ip_url;
        }
        return deps.storage.owners.all().then(function (results) {
          console.log('results', results);
          var err;
          // There is no owner yet. First come, first serve.
          if (!results || !results.length) {
            if (tid !== id || rid !== id) {
              err = new Error(
                "When creating an owner the Authorization Bearer and Token and Refresh must all match"
              );
              err.statusCode = 400;
              return deps.PromiseA.reject(err);
            }
            console.log('no owner, creating');
            return deps.storage.owners.set(id, session);
          }
          console.log('has results');
          // There are onwers. Is this one of them?
          if (!results.some(function (token) {
            return scmp(id, token.id);
          })) {
            err = new Error("Authorization token does not belong to an existing owner.");
            err.statusCode = 401;
            return deps.PromiseA.reject(err);
          }
          console.log('has correct owner');
          // We're adding an owner, unless it already exists
          if (!results.some(function (token) {
            return scmp(tid, token.id);
          })) {
            console.log('adds new owner with existing owner');
            return deps.storage.owners.set(tid, session);
          }
        }).then(function () {
          res.setHeader('Content-Type', 'application/json;');
          res.end(JSON.stringify({ success: true }));
        });
      })
      .catch(function (err) {
        res.setHeader('Content-Type', 'application/json;');
        res.statusCode = err.statusCode || 500;
        res.end(JSON.stringify({ error: { message: err.message, code: err.code, uri: err.uri } }));
      });
      });
    }
  , request: function (req, res) {
      if (handleCors(req, res, '*')) {
        return;
      }
      isAuthorized(req, res, function () {
      jsonParser(req, res, function () {
        deps.request({
          method: req.body.method || 'GET'
        , url: req.body.url
        , headers: req.body.headers
        , body: req.body.data
        }).then(function (resp) {
          if (resp.body instanceof Buffer || 'string' === typeof resp.body) {
            resp.body = JSON.parse(resp.body);
          }
          return {
            statusCode: resp.statusCode
          , status: resp.status
          , headers: resp.headers
          , body: resp.body
          , data: resp.data
          };
        }).then(function (result) {
          res.send(result);
        });
      });
      });
    }
  , paywall_check: function (req, res) {
      if (handleCors(req, res, 'GET')) {
        return;
      }
      isAuthorized(req, res, function () {
        res.setHeader('Content-Type', 'application/json;');
        checkPaywall().then(function (paywall) {
          res.end(JSON.stringify({paywall: paywall}));
        }, function (err) {
          err.message = err.message || err.toString();
          res.statusCode = 500;
          res.end(JSON.stringify({error: {message: err.message, code: err.code}}));
        });
      });
    }
  , socks5: function (req, res) {
      if (handleCors(req, res, ['GET', 'POST', 'DELETE'])) {
        return;
      }
      isAuthorized(req, res, function () {
        var method = req.method.toUpperCase();
        var prom;
        if (method === 'POST') {
          prom = deps.socks5.start();
        } else if (method === 'DELETE') {
          prom = deps.socks5.stop();
        } else {
          prom = deps.socks5.curState();
        }
        res.setHeader('Content-Type', 'application/json;');
        prom.then(function (result) {
          res.end(JSON.stringify(result));
        }, function (err) {
          err.message = err.message || err.toString();
          res.statusCode = 500;
          res.end(JSON.stringify({error: {message: err.message, code: err.code}}));
        });
      });
    }
  };
  function handleOldApis(req, res, next) {
    if (typeof oldEndPoints[req.params.name] === 'function') {
      oldEndPoints[req.params.name](req, res);
    } else {
      next();
    }
  }
  var config = { restful: {} };
  config.restful.readConfig = function (req, res, next) {
    var part = new (require('./config').ConfigChanger)(conf);
    if (req.params.group) {
      part = part[req.params.group];
    }
    if (part && req.params.domId) {
      part = part.domains.findId(req.params.domId);
    }
    if (part && req.params.mod) {
      part = part[req.params.mod];
    }
    if (part && req.params.modGrp) {
      part = part[req.params.modGrp];
    }
    if (part && req.params.modId) {
      part = part.findId(req.params.modId);
    }
    if (part) {
      res.send(deps.recase.snakeCopy(part));
    } else {
      next();
    }
  };
  config.save = function (changer) {
    var errors = changer.validate();
    if (errors.length) {
      throw Object.assign(new Error(), errors[0], {statusCode: 400});
    }
    return deps.storage.config.save(changer);
  };
  config.restful.saveBaseConfig = function (req, res, next) {
    console.log('config POST body', JSON.stringify(req.body));
    if (req.params.group === 'domains') {
      next();
      return;
    }
    var promise = deps.PromiseA.resolve().then(function () {
      var update;
      if (req.params.group) {
        update = {};
        update[req.params.group] = req.body;
      } else {
        update = req.body;
      }
      var changer = new (require('./config').ConfigChanger)(conf);
      changer.update(update);
      return config.save(changer);
    }).then(function (newConf) {
      if (req.params.group) {
        return newConf[req.params.group];
      }
      return newConf;
    });
    handlePromise(req, res, promise);
  };
  config.extractModList = function (changer, params) {
    var err;
    if (params.domId) {
      var dom = changer.domains.find(function (dom) {
        return dom.id === params.domId;
      });
      if (!dom) {
        err = new Error("no domain with ID '"+params.domId+"'");
      } else if (!dom.modules[params.group]) {
        err = new Error("domains don't contain '"+params.group+"' modules");
      } else {
        return dom.modules[params.group];
      }
    } else {
      if (!changer[params.group] || !changer[params.group].modules) {
        err = new Error("'"+params.group+"' is not a valid settings group or doesn't support modules");
      } else {
        return changer[params.group].modules;
      }
    }
    err.statusCode = 404;
    throw err;
  };
  config.restful.createModule = function (req, res, next) {
    if (req.params.group === 'domains') {
      next();
      return;
    }
    var promise = deps.PromiseA.resolve().then(function () {
      var changer = new (require('./config').ConfigChanger)(conf);
      var modList = config.extractModList(changer, req.params);
      var update = req.body;
      if (!Array.isArray(update)) {
        update = [ update ];
      }
      update.forEach(modList.add, modList);
      return config.save(changer);
    }).then(function (newConf) {
      return config.extractModList(newConf, req.params);
    });
    handlePromise(req, res, promise);
  };
  config.restful.updateModule = function (req, res, next) {
    if (req.params.group === 'domains') {
      next();
      return;
    }
    var promise = deps.PromiseA.resolve().then(function () {
      var changer = new (require('./config').ConfigChanger)(conf);
      var modList = config.extractModList(changer, req.params);
      modList.update(req.params.modId, req.body);
      return config.save(changer);
    }).then(function (newConf) {
      return config.extractModule(newConf, req.params).find(function (mod) {
        return mod.id === req.params.modId;
      });
    });
    handlePromise(req, res, promise);
  };
  config.restful.removeModule = function (req, res, next) {
    if (req.params.group === 'domains') {
      next();
      return;
    }
    var promise = deps.PromiseA.resolve().then(function () {
      var changer = new (require('./config').ConfigChanger)(conf);
      var modList = config.extractModList(changer, req.params);
      modList.remove(req.params.modId);
      return config.save(changer);
    }).then(function (newConf) {
      return config.extractModList(newConf, req.params);
    });
    handlePromise(req, res, promise);
  };
  config.restful.createDomain = function (req, res) {
    var promise = deps.PromiseA.resolve().then(function () {
      var changer = new (require('./config').ConfigChanger)(conf);
      var update = req.body;
      if (!Array.isArray(update)) {
        update = [ update ];
      }
      update.forEach(changer.domains.add, changer.domains);
      return config.save(changer);
    }).then(function (newConf) {
      return newConf.domains;
    });
    handlePromise(req, res, promise);
  };
  config.restful.updateDomain = function (req, res) {
    var promise = deps.PromiseA.resolve().then(function () {
      if (req.body.modules) {
        throw Object.assign(new Error('do not add modules with this route'), {statusCode: 400});
      }
      var changer = new (require('./config').ConfigChanger)(conf);
      changer.domains.update(req.params.domId, req.body);
      return config.save(changer);
    }).then(function (newConf) {
      return newConf.domains.find(function (dom) {
        return dom.id === req.params.domId;
      });
    });
    handlePromise(req, res, promise);
  };
  config.restful.removeDomain = function (req, res) {
    var promise = deps.PromiseA.resolve().then(function () {
      var changer = new (require('./config').ConfigChanger)(conf);
      changer.domains.remove(req.params.domId);
      return config.save(changer);
    }).then(function (newConf) {
      return newConf.domains;
    });
    handlePromise(req, res, promise);
  };
  var tokens = { restful: {} };
  tokens.restful.getAll = function (req, res) {
    handlePromise(req, res, deps.storage.tokens.all());
  };
  tokens.restful.getOne = function (req, res) {
    handlePromise(req, res, deps.storage.tokens.get(req.params.id));
  };
  tokens.restful.save = function (req, res) {
    handlePromise(req, res, deps.storage.tokens.save(req.body));
  };
  tokens.restful.revoke = function (req, res) {
    var promise = deps.storage.tokens.remove(req.params.id).then(function (success) {
      return {success: success};
    });
    handlePromise(req, res, promise);
  };
  var app = require('express')();
  // Handle all of the API endpoints using the old definition style, and then we can
  // add middleware without worrying too much about the consequences to older code.
  app.use('/:name', handleOldApis);
  // Not all routes support all of these methods, but not worth making this more specific
  app.use('/', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE']), isAuthorized, jsonParser);
  app.get(   '/config',                                                 config.restful.readConfig);
  app.get(   '/config/:group',                                          config.restful.readConfig);
  app.get(   '/config/:group/:mod(modules)/:modId?',                    config.restful.readConfig);
  app.get(   '/config/domains/:domId/:mod(modules)?',                   config.restful.readConfig);
  app.get(   '/config/domains/:domId/:mod(modules)/:modGrp/:modId?',    config.restful.readConfig);
  app.post(  '/config',                                       config.restful.saveBaseConfig);
  app.post(  '/config/:group',                                config.restful.saveBaseConfig);
  app.post(  '/config/:group/modules',                        config.restful.createModule);
  app.put(   '/config/:group/modules/:modId',                 config.restful.updateModule);
  app.delete('/config/:group/modules/:modId',                 config.restful.removeModule);
  app.post(  '/config/domains/:domId/modules/:group',         config.restful.createModule);
  app.put(   '/config/domains/:domId/modules/:group/:modId',  config.restful.updateModule);
  app.delete('/config/domains/:domId/modules/:group/:modId',  config.restful.removeModule);
  app.post(  '/config/domains',                               config.restful.createDomain);
  app.put(   '/config/domains/:domId',                        config.restful.updateDomain);
  app.delete('/config/domains/:domId',                        config.restful.removeDomain);
  app.get(   '/tokens',         tokens.restful.getAll);
  app.get(   '/tokens/:id',     tokens.restful.getOne);
  app.post(  '/tokens',         tokens.restful.save);
  app.delete('/tokens/:id',     tokens.restful.revoke);
  return app;
 };
--- a/lib/admin/config.js
+++ b/lib/admin/config.js
@ -0,0 +1,398 @@
 'use strict';
 var validator = new (require('jsonschema').Validator)();
 var recase = require('recase').create({});
 var portSchema = { type: 'number', minimum: 1, maximum: 65535 };
 var moduleSchemas = {
  // the proxy module is common to basically all categories.
  proxy: {
    type: 'object'
  , oneOf: [
      { required: [ 'address' ] }
    , { required: [ 'port' ] }
    ]
  , properties: {
      address: { type: 'string' }
    , host:    { type: 'string' }
    , port:    portSchema
    }
  }
  // redirect and static modules are for HTTP
 , redirect: {
    type: 'object'
  , required: [ 'to', 'from' ]
  , properties: {
      to:     { type: 'string'}
    , from:   { type: 'string'}
    , status: { type: 'integer', minimum: 1, maximum: 999 }
  , }
  }
 , static: {
    type: 'object'
  , required: [ 'root' ]
  , properties: {
      root: { type: 'string' }
    }
  }
  // the acme module is for TLS
 , acme: {
    type: 'object'
  , required: [ 'email' ]
  , properties: {
      email:          { type: 'string' }
    , server:         { type: 'string' }
    , challenge_type: { type: 'string' }
    }
  }
  // the dns control modules for DDNS
 , 'dns@oauth3.org': {
    type: 'object'
  , required: [ 'token_id' ]
  , properties: {
      token_id: { type: 'string' }
    }
  }
 };
 // forward is basically the same as proxy, but specifies the relevant incoming port(s).
 // only allows for the raw transport layers (TCP/UDP)
 moduleSchemas.forward = JSON.parse(JSON.stringify(moduleSchemas.proxy));
 moduleSchemas.forward.required = [ 'ports' ];
 moduleSchemas.forward.properties.ports = { type: 'array', items: portSchema };
 Object.keys(moduleSchemas).forEach(function (name) {
  var schema = moduleSchemas[name];
  schema.id = '/modules/'+name;
  schema.required = ['id', 'type'].concat(schema.required || []);
  schema.properties.id   = { type: 'string' };
  schema.properties.type = { type: 'string', const: name };
  validator.addSchema(schema, schema.id);
 });
 function addDomainRequirement(itemSchema) {
  var result = Object.assign({}, itemSchema);
  result.required = (result.required || []).concat('domains');
  result.properties = Object.assign({}, result.properties);
  result.properties.domains = { type: 'array', items: { type: 'string' }, minLength: 1};
  return result;
 }
 function toSchemaRef(name) {
  return { '$ref': '/modules/'+name };
 }
 var moduleRefs = {
  http: [ 'proxy', 'static', 'redirect' ].map(toSchemaRef)
 , tls:  [ 'proxy', 'acme' ].map(toSchemaRef)
 , tcp:  [ 'forward' ].map(toSchemaRef)
 , udp:  [ 'forward' ].map(toSchemaRef)
 , ddns: [ 'dns@oauth3.org' ].map(toSchemaRef)
 };
 // TCP is a bit special in that it has a module that doesn't operate based on domain name
 // (ie forward), and a modules that does (ie proxy). It therefore has different module
 // when part of the `domains` config, and when not part of the `domains` config the proxy
 // modules must have the `domains` property while forward should not have it.
 moduleRefs.tcp.push(addDomainRequirement(toSchemaRef('proxy')));
 var domainSchema = {
  type: 'array'
 , items: {
    type: 'object'
  , properties: {
      id:      { type: 'string' }
    , names:   { type: 'array', items: { type: 'string' }, minLength: 1}
    , modules: {
        type: 'object'
      , properties: {
          tls:  { type: 'array', items: { oneOf: moduleRefs.tls }}
        , http: { type: 'array', items: { oneOf: moduleRefs.http }}
        , ddns: { type: 'array', items: { oneOf: moduleRefs.ddns }}
        , tcp:  { type: 'array', items: { oneOf: ['proxy'].map(toSchemaRef)}}
        }
      , additionalProperties: false
      }
    }
  }
 };
 var httpSchema = {
  type: 'object'
 , properties: {
    modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.http }) }
    // These properties should be snake_case to match the API and config format
  , primary_domain: { type: 'string' }
  , allow_insecure: { type: 'boolean' }
  , trust_proxy:    { type: 'boolean' }
    // these are forbidden deprecated settings.
  , bind:    { not: {} }
  , domains: { not: {} }
  }
 };
 var tlsSchema = {
  type: 'object'
 , properties: {
    modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.tls }) }
    // these are forbidden deprecated settings.
  , acme:    { not: {} }
  , bind:    { not: {} }
  , domains: { not: {} }
  }
 };
 var tcpSchema = {
  type: 'object'
 , required: [ 'bind' ]
 , properties: {
    bind:    { type: 'array', items: portSchema, minLength: 1 }
  , modules: { type: 'array', items: { oneOf: moduleRefs.tcp }}
  }
 };
 var udpSchema = {
  type: 'object'
 , properties: {
    bind:    { type: 'array', items: portSchema }
  , modules: { type: 'array', items: { oneOf: moduleRefs.udp }}
  }
 };
 var mdnsSchema = {
  type: 'object'
 , required: [ 'port', 'broadcast', 'ttl' ]
 , properties: {
    port:      portSchema
  , broadcast: { type: 'string' }
  , ttl:       { type: 'integer', minimum: 0, maximum: 2147483647 }
  }
 };
 var tunnelSvrSchema = {
  type: 'object'
 , properties: {
    servernames: { type: 'array', items: { type: 'string' }}
  , secret:      { type: 'string' }
  }
 };
 var ddnsSchema = {
  type: 'object'
 , properties: {
    loopback: {
      type: 'object'
    , required: [ 'type', 'domain' ]
    , properties: {
        type:   { type: 'string', const: 'tunnel@oauth3.org' }
      , domain: { type: 'string'}
      }
    }
  , tunnel: {
      type: 'object'
    , required: [ 'type', 'token_id' ]
    , properties: {
        type:  { type: 'string', const: 'tunnel@oauth3.org' }
      , token_id: { type: 'string'}
      }
    }
  , modules: { type: 'array', items: addDomainRequirement({ oneOf: moduleRefs.ddns })}
  }
 };
 var socks5Schema = {
  type: 'object'
 , properties: {
    enabled: { type: 'boolean' }
  , port:    portSchema
  }
 };
 var deviceSchema = {
  type: 'object'
 , properties: {
    hostname: { type: 'string' }
  }
 };
 var mainSchema = {
  type: 'object'
 , required: [ 'domains', 'http', 'tls', 'tcp', 'udp', 'mdns', 'ddns' ]
 , properties: {
    domains:domainSchema
  , http:   httpSchema
  , tls:    tlsSchema
  , tcp:    tcpSchema
  , udp:    udpSchema
  , mdns:   mdnsSchema
  , ddns:   ddnsSchema
  , socks5: socks5Schema
  , device: deviceSchema
  , tunnel_server: tunnelSvrSchema
  }
 , additionalProperties: false
 };
 function validate(config) {
  return validator.validate(recase.snakeCopy(config), mainSchema).errors;
 }
 module.exports.validate = validate;
 class IdList extends Array {
  constructor(rawList) {
    super();
    if (Array.isArray(rawList)) {
      Object.assign(this, JSON.parse(JSON.stringify(rawList)));
    }
    this._itemName = 'item';
  }
  findId(id) {
    return Array.prototype.find.call(this, function (dom) {
      return dom.id === id;
    });
  }
  add(item) {
    item.id = require('crypto').randomBytes(4).toString('hex');
    this.push(item);
  }
  update(id, update) {
    var item = this.findId(id);
    if (!item) {
      var error = new Error("no "+this._itemName+" with ID '"+id+"'");
      error.statusCode = 404;
      throw error;
    }
    Object.assign(this.findId(id), update);
  }
  remove(id) {
    var index = this.findIndex(function (dom) {
      return dom.id === id;
    });
    if (index < 0) {
      var error = new Error("no "+this._itemName+" with ID '"+id+"'");
      error.statusCode = 404;
      throw error;
    }
    this.splice(index, 1);
  }
 }
 class ModuleList extends IdList {
  constructor(rawList) {
    super(rawList);
    this._itemName = 'module';
  }
  add(mod) {
    if (!mod.type) {
      throw new Error("module must have a 'type' defined");
    }
    if (!moduleSchemas[mod.type]) {
      throw new Error("invalid module type '"+mod.type+"'");
    }
    mod.id = require('crypto').randomBytes(4).toString('hex');
    this.push(mod);
  }
 }
 class DomainList extends IdList {
  constructor(rawList) {
    super(rawList);
    this._itemName = 'domain';
    this.forEach(function (dom) {
      dom.modules = {
        http: new ModuleList((dom.modules || {}).http)
      , tls:  new ModuleList((dom.modules || {}).tls)
      , ddns: new ModuleList((dom.modules || {}).ddns)
      , tcp:  new ModuleList((dom.modules || {}).tcp)
      };
    });
  }
  add(dom) {
    if (!Array.isArray(dom.names) || !dom.names.length) {
      throw new Error("domains must have a non-empty array for 'names'");
    }
    if (dom.names.some(function (name) { return typeof name !== 'string'; })) {
      throw new Error("all domain names must be strings");
    }
    var modLists = {
      http: new ModuleList()
    , tls:  new ModuleList()
    , ddns: new ModuleList()
    , tcp:  new ModuleList()
    };
    // We add these after instead of in the constructor to run the validation and manipulation
    // in the ModList add function since these are all new modules.
    if (dom.modules) {
      Object.keys(modLists).forEach(function (key) {
        if (Array.isArray(dom.modules[key])) {
          dom.modules[key].forEach(modLists[key].add, modLists[key]);
        }
      });
    }
    dom.id = require('crypto').randomBytes(4).toString('hex');
    dom.modules = modLists;
    this.push(dom);
  }
 }
 class ConfigChanger {
  constructor(start) {
    Object.assign(this, JSON.parse(JSON.stringify(start)));
    delete this.device;
    delete this.debug;
    this.domains = new DomainList(this.domains);
    this.http.modules = new ModuleList(this.http.modules);
    this.tls.modules  = new ModuleList(this.tls.modules);
    this.tcp.modules  = new ModuleList(this.tcp.modules);
    this.udp.modules  = new ModuleList(this.udp.modules);
    this.ddns.modules = new ModuleList(this.ddns.modules);
  }
  update(update) {
    var self = this;
    if (update.domains) {
      update.domains.forEach(self.domains.add, self.domains);
    }
    [ 'http', 'tls', 'tcp', 'udp', 'ddns' ].forEach(function (name) {
      if (update[name] && update[name].modules) {
        update[name].modules.forEach(self[name].modules.add, self[name].modules);
        delete update[name].modules;
      }
    });
    function mergeSettings(orig, changes) {
      Object.keys(changes).forEach(function (key) {
        // TODO: use an API that can properly handle updating arrays.
        if (!changes[key] || (typeof changes[key] !== 'object') || Array.isArray(changes[key])) {
          orig[key] = changes[key];
        }
        else if (!orig[key] || typeof orig[key] !== 'object') {
          orig[key] = changes[key];
        }
        else {
          mergeSettings(orig[key], changes[key]);
        }
      });
    }
    mergeSettings(this, update);
    return validate(this);
  }
  validate() {
    return validate(this);
  }
 }
 module.exports.ConfigChanger = ConfigChanger;
--- a/lib/admin/index.js
+++ b/lib/admin/index.js
@ -0,0 +1,31 @@
 var adminDomains = [
  'localhost.alpha.daplie.me'
 , 'localhost.admin.daplie.me'
 , 'alpha.localhost.daplie.me'
 , 'admin.localhost.daplie.me'
 , 'localhost.daplie.invalid'
 ];
 module.exports.adminDomains = adminDomains;
 module.exports.create = function (deps, conf) {
  'use strict';
  var path = require('path');
  var express = require('express');
  var app = express();
  var apis = require('./apis').create(deps, conf);
  app.use('/api/goldilocks@daplie.com', apis);
  app.use('/api/com.daplie.goldilocks', apis);
  // Serve the static assets for the UI (even though it probably won't be used very
  // often since it only works on localhost domains). Note that we are using the default
  // .well-known directory from the oauth3 library even though it indicates we have
  // capabilities we don't support because it's simpler and it's unlikely anything will
  // actually use it to determine our API (it is needed to log into the web page).
  app.use('/.well-known', express.static(path.join(__dirname, '../../packages/assets/well-known')));
  app.use('/assets',      express.static(path.join(__dirname, '../../packages/assets')));
  app.use('/',            express.static(path.join(__dirname, '../../admin/public')));
  return require('http').createServer(app);
 };
--- a/lib/check-ports.js
+++ b/lib/check-ports.js
@ -0,0 +1,54 @@
 'use strict';
 function bindTcpAndRelease(port, cb) {
  var server = require('net').createServer();
  server.on('error', function (e) {
    cb(e);
  });
  server.listen(port, function () {
    server.close();
    cb();
  });
 }
 function checkTcpPorts(cb) {
  var bound = {};
  var failed = {};
  bindTcpAndRelease(80, function (e) {
    if (e) {
      failed[80] = e;
      //console.log(e.code);
      //console.log(e.message);
    } else {
      bound['80'] = true;
    }
    bindTcpAndRelease(443, function (e) {
      if (e) {
        failed[443] = e;
      } else {
        bound['443'] = true;
      }
      if (bound['80'] && bound['443']) {
        cb(null, bound);
        return;
      }
      console.warn("default ports 80 and 443 are not available, trying 8443");
      bindTcpAndRelease(8443, function (e) {
        if (e) {
          failed[8443] = e;
        } else {
          bound['8443'] = true;
        }
        cb(failed, bound);
      });
    });
  });
 }
 module.exports.checkTcpPorts = checkTcpPorts;
--- a/lib/ddns/challenge-responder.js
+++ b/lib/ddns/challenge-responder.js
@ -0,0 +1,122 @@
 'use strict';
 // Much of this file was based on the `le-challenge-ddns` library (which we are not using
 // here because it's method of setting records requires things we don't really want).
 module.exports.create = function (deps, conf, utils) {
  function getReleventSessionId(domain) {
    var sessId;
    utils.iterateAllModules(function (mod, domainList) {
      // We return a truthy value in these cases because of the way the iterate function
      // handles modules grouped by domain. By returning true we are saying these domains
      // are "handled" and so if there are multiple modules we won't be given the rest.
      if (sessId) { return true; }
      if (domainList.indexOf(domain) < 0) { return true; }
      // But if the domains are relevant but we don't know how to handle the module we
      // return false to allow us to look at any other modules that might exist here.
      if (mod.type !== 'dns@oauth3.org')  { return false; }
      sessId = mod.tokenId || mod.token_id;
      return true;
    });
    return sessId;
  }
  function get(args, domain, challenge, done) {
    done(new Error("Challenge.get() does not need an implementation for dns-01. (did you mean Challenge.loopback?)"));
  }
  // same as get, but external
  function loopback(args, domain, challenge, done) {
    var challengeDomain = (args.test || '') + args.acmeChallengeDns + domain;
    require('dns').resolveTxt(challengeDomain, done);
  }
  var activeChallenges = {};
  async function removeAsync(args, domain) {
    var data = activeChallenges[domain];
    if (!data) {
      console.warn(new Error('cannot remove DNS challenge for ' + domain + ': already removed'));
      return;
    }
    var session = await utils.getSession(data.sessId);
    var directives = await deps.OAUTH3.discover(session.token.aud);
    var apiOpts = {
      api: 'dns.unset'
    , session: session
    , type: 'TXT'
    , value: data.keyAuthDigest
    };
    await deps.OAUTH3.api(directives.api, Object.assign({}, apiOpts, data.splitDomain));
    delete activeChallenges[domain];
  }
  async function setAsync(args, domain, challenge, keyAuth) {
    if (activeChallenges[domain]) {
      await removeAsync(args, domain, challenge);
    }
    var sessId = getReleventSessionId(domain);
    if (!sessId) {
      throw new Error('no DDNS module handles the domain ' + domain);
    }
    var session = await utils.getSession(sessId);
    var directives = await deps.OAUTH3.discover(session.token.aud);
    // I'm not sure what role challenge is supposed to play since even in the library
    // this code is based on it was never used, but check for it anyway because ...
    if (!challenge || keyAuth) {
      console.warn(new Error('DDNS challenge missing challenge or keyAuth'));
    }
    var keyAuthDigest = require('crypto').createHash('sha256').update(keyAuth || '').digest('base64')
      .replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
    var challengeDomain = (args.test || '') + args.acmeChallengeDns + domain;
    var splitDomain = (await utils.splitDomains(directives.api, [challengeDomain]))[0];
    var apiOpts = {
      api: 'dns.set'
    , session: session
    , type: 'TXT'
    , value: keyAuthDigest
    , ttl: args.ttl || 0
    };
    await deps.OAUTH3.api(directives.api, Object.assign({}, apiOpts, splitDomain));
    activeChallenges[domain] = {
      sessId
    , keyAuthDigest
    , splitDomain
    };
    return new Promise(res => setTimeout(res, 1000));
  }
  // It might be slightly easier to use arguments and apply, but the library that will use
  // this function counts the arguments we expect.
  function set(a, b, c, d, done) {
    setAsync(a, b, c, d).then(result => done(null, result), done);
  }
  function remove(a, b, c, done) {
    removeAsync(a, b, c).then(result => done(null, result), done);
  }
  function getOptions() {
    return {
      oauth3: 'oauth3.org'
    , debug: conf.debug
    , acmeChallengeDns: '_acme-challenge.'
    };
  }
  return {
    getOptions
  , set
  , get
  , remove
  , loopback
  };
 };
--- a/lib/ddns/dns-ctrl.js
+++ b/lib/ddns/dns-ctrl.js
@ -0,0 +1,132 @@
 'use strict';
 module.exports.create = function (deps, conf, utils) {
  function dnsType(addr) {
    if (/^\d+\.\d+\.\d+\.\d+$/.test(addr)) {
      return 'A';
    }
    if (-1 !== addr.indexOf(':') && /^[a-f:\.\d]+$/i.test(addr)) {
      return 'AAAA';
    }
  }
  async function setDeviceAddress(session, addr, domains) {
    var directives = await deps.OAUTH3.discover(session.token.aud);
    // Set the address of the device to our public address.
    await deps.request({
      url: deps.OAUTH3.url.normalize(directives.api)+'/api/com.daplie.domains/acl/devices/' + conf.device.hostname
    , method: 'POST'
    , headers: {
        'Authorization': 'Bearer ' + session.refresh_token
      , 'Accept': 'application/json; charset=utf-8'
      }
    , json: {
        addresses: [
          { value: addr, type:  dnsType(addr) }
        ]
      }
    });
    // Then update all of the records attached to our hostname, first removing the old records
    // to remove the reference to the old address, then creating new records for the same domains
    // using our new address.
    var allDns = await deps.OAUTH3.api(directives.api, {session: session, api: 'dns.list'});
    var ourDns = allDns.filter(function (record) {
      if (record.device !== conf.device.hostname) {
        return false;
      }
      if ([ 'A', 'AAAA' ].indexOf(record.type) < 0) {
        return false;
      }
      return domains.indexOf(record.host) !== -1;
    });
    // Of all the DNS records referring to our device and the current list of domains determine
    // which domains have records with outdated address, and which ones we can just leave be
    // without updating them.
    var badAddrDomains = ourDns.filter(function (record) {
      return record.value !== addr;
    }).map(record => record.host);
    var goodAddrDomains = ourDns.filter(function (record) {
      return record.value === addr && badAddrDomains.indexOf(record.host) < 0;
    }).map(record => record.host);
    var requiredUpdates = domains.filter(function (domain) {
      return goodAddrDomains.indexOf(domain) < 0;
    });
    var oldDns = await utils.splitDomains(directives.api, badAddrDomains);
    var common = {
      api: 'devices.detach'
    , session: session
    , device: conf.device.hostname
    };
    await deps.PromiseA.all(oldDns.map(function (record) {
      return deps.OAUTH3.api(directives.api, Object.assign({}, common, record));
    }));
    if (conf.debug && badAddrDomains.length) {
      console.log('removed bad DNS records for ' + badAddrDomains.join(', '));
    }
    var newDns = await utils.splitDomains(directives.api, requiredUpdates);
    common = {
      api: 'devices.attach'
    , session: session
    , device: conf.device.hostname
    , ip: addr
    , ttl: 300
    };
    await deps.PromiseA.all(newDns.map(function (record) {
      return deps.OAUTH3.api(directives.api, Object.assign({}, common, record));
    }));
    if (conf.debug && requiredUpdates.length) {
      console.log('set new DNS records for ' + requiredUpdates.join(', '));
    }
  }
  async function getDeviceAddresses(session) {
    var directives = await deps.OAUTH3.discover(session.token.aud);
    var result = await deps.request({
      url: deps.OAUTH3.url.normalize(directives.api)+'/api/org.oauth3.dns/acl/devices'
    , method: 'GET'
    , headers: {
        'Authorization': 'Bearer ' + session.refresh_token
      , 'Accept': 'application/json; charset=utf-8'
      }
    , json: true
    });
    if (!result.body) {
      throw new Error('No response body in request for device addresses');
    }
    if (result.body.error) {
      throw Object.assign(new Error('error getting device list'), result.body.error);
    }
    var dev = result.body.devices.filter(function (dev) {
      return dev.name === conf.device.hostname;
    })[0];
    return (dev || {}).addresses || [];
  }
  async function removeDomains(session, domains) {
    var directives = await deps.OAUTH3.discover(session.token.aud);
    var oldDns = await utils.splitDomains(directives.api, domains);
    var common = {
      api: 'devices.detach'
    , session: session
    , device: conf.device.hostname
    };
    await deps.PromiseA.all(oldDns.map(function (record) {
      return deps.OAUTH3.api(directives.api, Object.assign({}, common, record));
    }));
  }
  return {
    getDeviceAddresses
  , setDeviceAddress
  , removeDomains
  };
 };
--- a/lib/ddns/index.js
+++ b/lib/ddns/index.js
@ -0,0 +1,326 @@
 'use strict';
 module.exports.create = function (deps, conf) {
  var dns = deps.PromiseA.promisifyAll(require('dns'));
  var network = deps.PromiseA.promisifyAll(deps.recase.camelCopy(require('network')));
  var equal = require('deep-equal');
  var utils = require('./utils').create(deps, conf);
  var loopback = require('./loopback').create(deps, conf, utils);
  var dnsCtrl = require('./dns-ctrl').create(deps, conf, utils);
  var challenge = require('./challenge-responder').create(deps, conf, utils);
  var tunnelClients = require('./tunnel-client-manager').create(deps, conf, utils);
  var loopbackDomain;
  var tunnelActive = false;
  async function startTunnel(tunnelSession, mod, domainList) {
    try {
      var dnsSession = await utils.getSession(mod.tokenId);
      var tunnelDomain = await tunnelClients.start(tunnelSession || dnsSession, domainList);
      var addrList;
      try {
        addrList = await dns.resolve4Async(tunnelDomain);
      } catch (e) {}
      if (!addrList || !addrList.length) {
        try {
          addrList = await dns.resolve6Async(tunnelDomain);
        } catch (e) {}
      }
      if (!addrList || !addrList.length || !addrList[0]) {
        throw new Error('failed to lookup IP for tunnel domain "' + tunnelDomain + '"');
      }
      if (!mod.disabled) {
        await dnsCtrl.setDeviceAddress(dnsSession, addrList[0], domainList);
      }
    } catch (err) {
      console.log('error starting tunnel for', domainList.join(', '));
      console.log(err);
    }
  }
  async function connectAllTunnels() {
    var tunnelSession;
    if (conf.ddns.tunnel) {
      // In the case of a non-existant token, I'm not sure if we want to throw here and prevent
      // any tunnel connections, or if we  want to ignore it and fall back to the DNS tokens
      tunnelSession = await deps.storage.tokens.get(conf.ddns.tunnel.tokenId);
    }
    await utils.iterateAllModules(function (mod, domainList) {
      if (mod.type !== 'dns@oauth3.org') { return null; }
      return startTunnel(tunnelSession, mod, domainList);
    });
    tunnelActive = true;
  }
  async function disconnectTunnels() {
    tunnelClients.disconnect();
    tunnelActive = false;
    await Promise.resolve();
  }
  async function checkTunnelTokens() {
    var oldTokens = tunnelClients.current();
    var newTokens = await utils.iterateAllModules(function checkTokens(mod, domainList) {
      if (mod.type !== 'dns@oauth3.org') { return null; }
      var domainStr = domainList.slice().sort().join(',');
      // If there is already a token handling exactly the domains this modules
      // needs handled remove it from the list of tokens to be removed. Otherwise
      // return the module and domain list so we can get new tokens.
      if (oldTokens[domainStr]) {
        delete oldTokens[domainStr];
      } else {
        return Promise.resolve({ mod, domainList });
      }
    });
    await Promise.all(Object.values(oldTokens).map(tunnelClients.remove));
    if (!newTokens.length) { return; }
    var tunnelSession;
    if (conf.ddns.tunnel) {
      // In the case of a non-existant token, I'm not sure if we want to throw here and prevent
      // any tunnel connections, or if we  want to ignore it and fall back to the DNS tokens
      tunnelSession = await deps.storage.tokens.get(conf.ddns.tunnel.tokenId);
    }
    await Promise.all(newTokens.map(function ({mod, domainList}) {
      return startTunnel(tunnelSession, mod, domainList);
    }));
  }
  var localAddr, gateway;
  async function checkNetworkEnv() {
    // Since we can't detect the OS level events when a user plugs in an ethernet cable to recheck
    // what network environment we are in we check our local network address and the gateway to
    // determine if we need to run the loopback check and router configuration again.
    var addr = await network.getPrivateIpAsync();
    // Until the author of the `network` package publishes the pull request we gave him
    // checking the gateway on our units fails because we have the busybox versions of
    // the linux commands. Gateway is realistically less important than address, so if
    // we fail in getting it go ahead and use the null value.
    var gw;
    try {
      gw = await network.getGatewayIpAsync();
    } catch (err) {
      gw = null;
    }
    if (localAddr === addr && gateway === gw) {
      return;
    }
    var loopResult = await loopback(loopbackDomain);
    var notLooped = Object.keys(loopResult.ports).filter(function (port) {
      return !loopResult.ports[port];
    });
    // if (notLooped.length) {
    //   // TODO: try to automatically configure router to forward ports to us.
    // }
    // If we are on a public address or all ports we are listening on are forwarded to us then
    // we don't need the tunnel and we can set the DNS records for all our domains to our public
    // address. Otherwise we need to use the tunnel to accept traffic. Also since the tunnel will
    // only be listening on ports 80 and 443 if those are forwarded to us we don't want the tunnel.
    if (!notLooped.length || (loopResult.ports['80'] && loopResult.ports['443'])) {
      if (tunnelActive) {
        await disconnectTunnels();
      }
    } else {
      if (!tunnelActive) {
        await connectAllTunnels();
      }
    }
    // Don't assign these until the end of the function. This means that if something failed
    // in the loopback or tunnel connection that we will try to go through the whole process
    // again next time and hopefully the error is temporary (but if not I'm not sure what the
    // correct course of action would be anyway).
    localAddr = addr;
    gateway = gw;
  }
  var publicAddress;
  async function recheckPubAddr() {
    await checkNetworkEnv();
    if (tunnelActive) {
      return;
    }
    var addr = await loopback.checkPublicAddr(loopbackDomain);
    if (publicAddress === addr) {
      return;
    }
    if (conf.debug) {
      console.log('previous public address',publicAddress, 'does not match current public address', addr);
    }
    publicAddress = addr;
    await utils.iterateAllModules(function setModuleDNS(mod, domainList) {
      if (mod.type !== 'dns@oauth3.org' || mod.disabled) { return null; }
      return utils.getSession(mod.tokenId).then(function (session) {
        return dnsCtrl.setDeviceAddress(session, addr, domainList);
      }).catch(function (err) {
        console.log('error setting DNS records for', domainList.join(', '));
        console.log(err);
      });
    });
  }
  function getModuleDiffs(prevConf) {
    var prevMods = {};
    var curMods = {};
    // this returns a Promise, but since the functions we use are synchronous
    // and change our enclosed variables we don't need to wait for the return.
    utils.iterateAllModules(function (mod, domainList) {
      if (mod.type !== 'dns@oauth3.org') { return; }
      prevMods[mod.id] = { mod, domainList };
      return true;
    }, prevConf);
    utils.iterateAllModules(function (mod, domainList) {
      if (mod.type !== 'dns@oauth3.org') { return; }
      curMods[mod.id] = { mod, domainList };
      return true;
    });
    // Filter out all of the modules that are exactly the same including domainList
    // since there is no required action to transition.
    Object.keys(prevMods).map(function (id) {
      if (equal(prevMods[id], curMods[id])) {
        delete prevMods[id];
        delete curMods[id];
      }
    });
    return {prevMods, curMods};
  }
  async function cleanOldDns(prevConf) {
    var {prevMods, curMods} = getModuleDiffs(prevConf);
    // Then remove DNS records for the domains that we are no longer responsible for.
    await Promise.all(Object.values(prevMods).map(function ({mod, domainList}) {
      // If the module was disabled before there should be any records that we need to clean up
      if (mod.disabled) { return; }
      var oldDomains;
      if (!curMods[mod.id] || curMods[mod.id].disabled || mod.tokenId !== curMods[mod.id].mod.tokenId) {
        oldDomains = domainList.slice();
      } else {
        oldDomains = domainList.filter(function (domain) {
          return curMods[mod.id].domainList.indexOf(domain) < 0;
        });
      }
      if (conf.debug) {
        console.log('removing old domains for module', mod.id, oldDomains.join(', '));
      }
      if (!oldDomains.length) {
        return;
      }
      return utils.getSession(mod.tokenId).then(function (session) {
        return dnsCtrl.removeDomains(session, oldDomains);
      });
    }).filter(Boolean));
  }
  async function setNewDns(prevConf) {
    var {prevMods, curMods} = getModuleDiffs(prevConf);
    // And add DNS records for any newly added domains.
    await Promise.all(Object.values(curMods).map(function ({mod, domainList}) {
      // Don't set any new records if the module has been disabled.
      if (mod.disabled) { return; }
      var newDomains;
      if (!prevMods[mod.id] || mod.tokenId !== prevMods[mod.id].mod.tokenId) {
        newDomains = domainList.slice();
      } else {
        newDomains = domainList.filter(function (domain) {
          return prevMods[mod.id].domainList.indexOf(domain) < 0;
        });
      }
      if (conf.debug) {
        console.log('adding new domains for module', mod.id, newDomains.join(', '));
      }
      if (!newDomains.length) {
        return;
      }
      return utils.getSession(mod.tokenId).then(function (session) {
        return dnsCtrl.setDeviceAddress(session, publicAddress, newDomains);
      });
    }).filter(Boolean));
  }
  function check() {
    recheckPubAddr().catch(function (err) {
      console.error('failed to handle all actions needed for DDNS');
      console.error(err);
    });
  }
  check();
  setInterval(check, 5*60*1000);
  var curConf;
  function updateConf() {
    if (curConf && equal(curConf.ddns, conf.ddns) && equal(curConf.domains, conf.domains)) {
      // We could update curConf, but since everything we care about is the same...
      return;
    }
    if (!curConf || !equal(curConf.ddns.loopback, conf.ddns.loopback)) {
      loopbackDomain = 'oauth3.org';
      if (conf.ddns && conf.ddns.loopback) {
        if (conf.ddns.loopback.type === 'tunnel@oauth3.org' && conf.ddns.loopback.domain) {
          loopbackDomain = conf.ddns.loopback.domain;
        } else {
          console.error('invalid loopback configuration: bad type or missing domain');
        }
      }
    }
    if (!curConf) {
      // We need to make a deep copy of the config so we can use it next time to
      // compare and see what setup/cleanup is needed to adapt to the changes.
      curConf = JSON.parse(JSON.stringify(conf));
      return;
    }
    cleanOldDns(curConf).then(function () {
      if (!tunnelActive) {
        return setNewDns(curConf);
      }
      if (equal(curConf.ddns.tunnel, conf.ddns.tunnel)) {
        return checkTunnelTokens();
      } else {
        return disconnectTunnels().then(connectAllTunnels);
      }
    }).catch(function (err) {
      console.error('error transitioning DNS between configurations');
      console.error(err);
    }).then(function () {
      // We need to make a deep copy of the config so we can use it next time to
      // compare and see what setup/cleanup is needed to adapt to the changes.
      curConf = JSON.parse(JSON.stringify(conf));
    });
  }
  updateConf();
  return {
    loopbackServer:     loopback.server
  , setDeviceAddress:   dnsCtrl.setDeviceAddress
  , getDeviceAddresses: dnsCtrl.getDeviceAddresses
  , recheckPubAddr:     recheckPubAddr
  , updateConf:         updateConf
  , challenge
  };
 };
--- a/lib/ddns/loopback.js
+++ b/lib/ddns/loopback.js
@ -0,0 +1,116 @@
 'use strict';
 module.exports.create = function (deps, conf) {
  var pending = {};
  async function _checkPublicAddr(host) {
    var result = await deps.request({
      method: 'GET'
    , url: deps.OAUTH3.url.normalize(host)+'/api/org.oauth3.tunnel/checkip'
    , json: true
    });
    if (!result.body) {
      throw new Error('No response body in request for public address');
    }
    if (result.body.error) {
      // Note that the error on the body will probably have a message that overwrites the default
      throw Object.assign(new Error('error in check IP response'), result.body.error);
    }
    if (!result.body.address) {
      throw new Error("public address resonse doesn't contain address: "+JSON.stringify(result.body));
    }
    return result.body.address;
  }
  async function checkPublicAddr(provider) {
    var directives = await deps.OAUTH3.discover(provider);
    return _checkPublicAddr(directives.api);
  }
  async function checkSinglePort(host, address, port) {
    var crypto = require('crypto');
    var token   = crypto.randomBytes(8).toString('hex');
    var keyAuth = crypto.randomBytes(32).toString('hex');
    pending[token] = keyAuth;
    var reqObj = {
      method: 'POST'
    , url: deps.OAUTH3.url.normalize(host)+'/api/org.oauth3.tunnel/loopback'
    , timeout: 20*1000
    , json: {
        address: address
      , port: port
      , token: token
      , keyAuthorization: keyAuth
      , iat: Date.now()
      , timeout: 18*1000
      }
    };
    var result;
    try {
      result = await deps.request(reqObj);
    } catch (err) {
      delete pending[token];
      if (conf.debug) {
        console.log('error making loopback request for port ' + port + ' loopback', err.message);
      }
      return false;
    }
    delete pending[token];
    if (!result.body) {
      if (conf.debug) {
        console.log('No response body in loopback request for port '+port);
      }
      return false;
    }
    // If the loopback requests don't go to us then there are all kinds of ways it could
    // error, but none of them really provide much extra information so we don't do
    // anything that will break the PromiseA.all out and mask the other results.
    if (conf.debug && result.body.error) {
      console.log('error on remote side of port '+port+' loopback', result.body.error);
    }
    return !!result.body.success;
  }
  async function loopback(provider) {
    var directives = await deps.OAUTH3.discover(provider);
    var address = await _checkPublicAddr(directives.api);
    if (conf.debug) {
      console.log('checking to see if', address, 'gets back to us');
    }
    var ports = require('../servers').listeners.tcp.list();
    var values = await deps.PromiseA.all(ports.map(function (port) {
      return checkSinglePort(directives.api, address, port);
    }));
    if (conf.debug && Object.keys(pending).length) {
      console.log('remaining loopback tokens', pending);
    }
    return {
      address: address
    , ports: ports.reduce(function (obj, port, ind) {
        obj[port] = values[ind];
        return obj;
      }, {})
    };
  }
  loopback.checkPublicAddr = checkPublicAddr;
  loopback.server = require('http').createServer(function (req, res) {
    var parsed = require('url').parse(req.url);
    var token = parsed.pathname.replace('/.well-known/cloud-challenge/', '');
    if (pending[token]) {
      res.setHeader('Content-Type', 'text/plain');
      res.end(pending[token]);
    } else {
      res.statusCode = 404;
      res.end();
    }
  });
  return loopback;
 };
--- a/lib/ddns/tunnel-client-manager.js
+++ b/lib/ddns/tunnel-client-manager.js
@ -0,0 +1,191 @@
 'use strict';
 module.exports.create = function (deps, config) {
  var stunnel = require('stunnel');
  var jwt = require('jsonwebtoken');
  var activeTunnels = {};
  var activeDomains = {};
  var customNet = {
    createConnection: function (opts, cb) {
      console.log('[gl.tunnel] creating connection');
      // here "reader" means the socket that looks like the connection being accepted
      // here "writer" means the remote-looking part of the socket that driving the connection
      var writer;
      function usePair(err, reader) {
        if (err) {
          process.nextTick(function () {
            writer.emit('error', err);
          });
          return;
        }
        var wrapOpts = Object.assign({localAddress: '127.0.0.2', localPort: 'tunnel-0'}, opts);
        wrapOpts.firstChunk = opts.data;
        wrapOpts.hyperPeek = !!opts.data;
        // Also override the remote and local address info. We use `defineProperty` because
        // otherwise we run into problems of setting properties with only getters defined.
        Object.defineProperty(reader, 'remoteAddress', { value: wrapOpts.remoteAddress });
        Object.defineProperty(reader, 'remotePort',    { value: wrapOpts.remotePort });
        Object.defineProperty(reader, 'remoteFamiliy', { value: wrapOpts.remoteFamiliy });
        Object.defineProperty(reader, 'localAddress',  { value: wrapOpts.localAddress });
        Object.defineProperty(reader, 'localPort',     { value: wrapOpts.localPort });
        Object.defineProperty(reader, 'localFamiliy',  { value: wrapOpts.localFamiliy });
        deps.tcp.handler(reader, wrapOpts);
        process.nextTick(function () {
          // this cb will cause the stream to emit its (actually) first data event
          // (even though it already gave a peek into that first data chunk)
          console.log('[tunnel] callback, data should begin to flow');
          cb();
        });
      }
      // We used to use `stream-pair` for non-tls connections, but there are places
      // that require properties/functions to be present on the socket that aren't
      // present on a JSStream so it caused problems.
      writer = require('socket-pair').create(usePair);
      return writer;
    }
  };
  function fillData(data) {
    if (typeof data === 'string') {
      data = { jwt: data };
    }
    if (!data.jwt) {
      throw new Error("missing 'jwt' from tunnel data");
    }
    var decoded = jwt.decode(data.jwt);
    if (!decoded) {
      throw new Error('invalid JWT');
    }
    if (!data.tunnelUrl) {
      if (!decoded.aud) {
        throw new Error('missing tunnelUrl and audience');
      }
      data.tunnelUrl = 'wss://' + decoded.aud + '/';
    }
    data.domains = (decoded.domains || []).slice().sort().join(',');
    if (!data.domains) {
      throw new Error('JWT contains no domains to be forwarded');
    }
    return data;
  }
  async function removeToken(data) {
    data = fillData(data);
    // Not sure if we might want to throw an error indicating the token didn't
    // even belong to a  server that existed, but since it never existed we can
    // consider it as "removed".
    if (!activeTunnels[data.tunnelUrl]) {
      return;
    }
    console.log('removing token from tunnel at', data.tunnelUrl);
    return activeTunnels[data.tunnelUrl].clear(data.jwt).then(function () {
      delete activeDomains[data.domains];
    });
  }
  async function addToken(data) {
    data = fillData(data);
    if (activeDomains[data.domains]) {
      // If already have a token with the exact same domains and to the same tunnel
      // server there isn't really a need to add a new one
      if (activeDomains[data.domains].tunnelUrl === data.tunnelUrl) {
        return;
      }
      // Otherwise we want to detach from the other tunnel server in favor of the new one
      console.warn('added token with the exact same domains as another');
      await removeToken(activeDomains[data.domains]);
    }
    if (!activeTunnels[data.tunnelUrl]) {
      console.log('creating new tunnel client for', data.tunnelUrl);
      // We create the tunnel without an initial token so we can append the token and
      // get the promise that should tell us more about if it worked or not.
      activeTunnels[data.tunnelUrl] = stunnel.connect({
        stunneld: data.tunnelUrl
      , net: customNet
        // NOTE: the ports here aren't that important since we are providing a custom
        // `net.createConnection` that doesn't actually use the port. What is important
        // is that any services we are interested in are listed in this object and have
        // a '*' sub-property.
      , services: {
          https: { '*': 443 }
        , http:  { '*': 80 }
        , smtp:  { '*': 25 }
        , smtps: { '*': 587 /*also 465/starttls*/ }
        , ssh:   { '*': 22 }
        }
      });
    }
    console.log('appending token to tunnel at', data.tunnelUrl, 'for domains', data.domains);
    await activeTunnels[data.tunnelUrl].append(data.jwt);
    // Now that we know the tunnel server accepted our token we can save it
    // to keep record of what domains we are handling and what tunnel server
    // those domains should go to.
    activeDomains[data.domains] = data;
    // This is mostly for the start, but return the host for the tunnel server
    // we've connected to (after stripping the protocol and path away).
    return data.tunnelUrl.replace(/^[a-z]*:\/\//i, '').replace(/\/.*/, '');
  }
  async function acquireToken(session, domains) {
    var OAUTH3 = deps.OAUTH3;
    // The OAUTH3 library stores some things on the root session object that we usually
    // just leave inside the token, but we need to pull those out before we use it here
    session.provider_uri = session.provider_uri || session.token.provider_uri || session.token.iss;
    session.client_uri = session.client_uri || session.token.azp;
    session.scope = session.scope || session.token.scp;
    console.log('asking for tunnel token from', session.token.aud);
    var opts = {
      api: 'tunnel.token'
    , session: session
    , data: {
        domains: domains
      , device: {
          hostname: config.device.hostname
        , id: config.device.uid || config.device.id
        }
      }
    };
    var directives = await OAUTH3.discover(session.token.aud);
    var tokenData = await OAUTH3.api(directives.api, opts);
    return addToken(tokenData);
  }
  function disconnectAll() {
    Object.keys(activeTunnels).forEach(function (key) {
      activeTunnels[key].end();
    });
  }
  function currentTokens() {
    return JSON.parse(JSON.stringify(activeDomains));
  }
  return {
    start:       acquireToken
  , startDirect: addToken
  , remove:      removeToken
  , disconnect:  disconnectAll
  , current:     currentTokens
  };
 };
--- a/lib/ddns/utils.js
+++ b/lib/ddns/utils.js
@ -0,0 +1,102 @@
 'use strict';
 module.exports.create = function (deps, conf) {
  async function getSession(id) {
    var session = await deps.storage.tokens.get(id);
    if (!session) {
      throw new Error('no user token with ID "' + id + '"');
    }
    return session;
  }
  function iterateAllModules(action, curConf) {
    curConf = curConf || conf;
    var promises = [];
    curConf.domains.forEach(function (dom) {
      if (!dom.modules || !Array.isArray(dom.modules.ddns) || !dom.modules.ddns.length) {
        return null;
      }
      // For the time being all of our things should only be tried once (regardless if it succeeded)
      // TODO: revisit this behavior when we support multiple ways of setting records, and/or
      // if we want to allow later modules to run if early modules fail.
      promises.push(dom.modules.ddns.reduce(function (prom, mod) {
        if (prom) { return prom; }
        return action(mod, dom.names);
      }, null));
    });
    curConf.ddns.modules.forEach(function (mod) {
      promises.push(action(mod, mod.domains));
    });
    return Promise.all(promises.filter(Boolean));
  }
  var tldCache = {};
  async function updateTldCache(provider) {
    var reqObj = {
      url: deps.OAUTH3.url.normalize(provider) + '/api/com.daplie.domains/prices'
    , method: 'GET'
    , json: true
    };
    var resp = await deps.OAUTH3.request(reqObj);
    var tldObj = {};
    resp.data.forEach(function (tldInfo) {
      if (tldInfo.enabled) {
        tldObj[tldInfo.tld] = true;
      }
    });
    tldCache[provider] = {
      time: Date.now()
    , tlds: tldObj
    };
    return tldObj;
  }
  async function getTlds(provider) {
    // If we've never cached the results we need to return the promise that will fetch the result,
    // otherwise we can return the cached value. If the cached value has "expired", we can still
    // return the cached value we just want to update the cache in parellel (making sure we only
    // update once).
    if (!tldCache[provider]) {
      tldCache[provider] = {
        updating: true
      , tlds: updateTldCache(provider)
      };
    }
    if (!tldCache[provider].updating && Date.now() - tldCache[provider].time > 24 * 60 * 60 * 1000) {
      tldCache[provider].updating = true;
      updateTldCache(provider);
    }
    return tldCache[provider].tlds;
  }
  async function splitDomains(provider, domains) {
    var tlds = await getTlds(provider);
    return domains.map(function (domain) {
      var split = domain.split('.');
      var tldSegCnt = tlds[split.slice(-2).join('.')] ? 2 : 1;
      // Currently assuming that the sld can't contain dots, and that the tld can have at
      // most one dot. Not 100% sure this is a valid assumption, but exceptions should be
      // rare even if the assumption isn't valid.
      return {
        tld: split.slice(-tldSegCnt).join('.')
      , sld: split.slice(-tldSegCnt - 1, -tldSegCnt).join('.')
      , sub: split.slice(0, -tldSegCnt - 1).join('.')
      };
    });
  }
  return {
    getSession
  , iterateAllModules
  , getTlds
  , splitDomains
  };
 };
--- a/lib/domain-utils.js
+++ b/lib/domain-utils.js
@ -0,0 +1,30 @@
 'use strict';
 module.exports.match = function (pattern, domainname) {
  // Everything matches '*'
  if (pattern === '*') {
    return true;
  }
  if (/^\*./.test(pattern)) {
    // get rid of the leading "*." to more easily check the servername against it
    pattern = pattern.slice(2);
    return pattern === domainname.slice(-pattern.length);
  }
  // pattern doesn't contains any wildcards, so exact match is required
  return pattern === domainname;
 };
 module.exports.separatePort = function (fullHost) {
  var match = /^(.*?)(:\d+)?$/.exec(fullHost);
  if (match[2]) {
    match[2] = match[2].replace(':', '');
  }
  return {
    host: match[1]
  , port: match[2]
  };
 };
--- a/lib/local-ip.js
+++ b/lib/local-ip.js
@ -0,0 +1,53 @@
 'use strict';
 var os = require('os');
 module.exports.find = function (opts) {
  opts = opts || {};
  opts.externals = opts.externals || [];
  var ifaceMap = os.networkInterfaces();
  var newMap = {};
  Object.keys(ifaceMap).forEach(function (iname) {
    var ifaces = ifaceMap[iname];
    ifaces = ifaces.filter(function (iface) {
      return opts.externals.some(function (ip) {
        if (ip.address === iface.address) {
          ip.external = true;
          return true;
        }
      }) || (!iface.internal && !/^fe80/.test(iface.address) && !/^[0:]+$/.test(iface.mac));
    });
    if (!ifaces.length) {
      return;
    }
    newMap[iname] = newMap[iname] || { ipv4: [], ipv6: [] };
    ifaces.forEach(function (addr) {
      addr.iface = iname;
      if ('IPv4' === addr.family) {
        newMap[iname].ipv4.push(addr);
      }
      else if ('IPv6' === addr.family) {
        newMap[iname].ipv6.push(addr);
      }
    });
  });
  return newMap;
  /*
 https://[2601:681:300:92c0:2477:d58a:d69e:51a0]:8443
  console.log('');
    console.log('');
    console.log(iname);
    console.log(ifaces);
    console.log('');
  */
 };
--- a/lib/mdns.js
+++ b/lib/mdns.js
@ -0,0 +1,203 @@
 'use strict';
 var PromiseA = require('bluebird');
 var queryName = '_cloud._tcp.local';
 var dnsSuite = require('dns-suite');
 function createResponse(name, ownerIds, packet, ttl, mainPort) {
  var rpacket = {
    header: {
      id: packet.header.id
    , qr: 1
    , opcode: 0
    , aa: 1
    , tc: 0
    , rd: 0
    , ra: 0
    , res1:  0
    , res2:  0
    , res3:  0
    , rcode: 0
  , }
  , question: packet.question
  , answer: []
  , authority: []
  , additional: []
  , edns_options: []
  };
  rpacket.answer.push({
    name: queryName
  , typeName: 'PTR'
  , ttl: ttl
  , className: 'IN'
  , data: name + '.' + queryName
  });
  var ifaces = require('./local-ip').find();
  Object.keys(ifaces).forEach(function (iname) {
    var iface = ifaces[iname];
    iface.ipv4.forEach(function (addr) {
      rpacket.additional.push({
        name: name + '.local'
      , typeName: 'A'
      , ttl: ttl
      , className: 'IN'
      , address: addr.address
      });
    });
    iface.ipv6.forEach(function (addr) {
      rpacket.additional.push({
        name: name + '.local'
      , typeName: 'AAAA'
      , ttl: ttl
      , className: 'IN'
      , address: addr.address
      });
    });
  });
  rpacket.additional.push({
    name: name + '.' + queryName
  , typeName: 'SRV'
  , ttl: ttl
  , className: 'IN'
  , priority: 1
  , weight: 0
  , port: mainPort
  , target: name + ".local"
  });
  rpacket.additional.push({
    name: name + '._device-info.' + queryName
  , typeName: 'TXT'
  , ttl: ttl
  , className: 'IN'
  , data: ["model=CloudHome1,1", "dappsvers=1"]
  });
  ownerIds.forEach(function (id) {
    rpacket.additional.push({
      name: name + '._owner-id.' + queryName
    , typeName: 'TXT'
    , ttl: ttl
    , className: 'IN'
    , data: [id]
    });
  });
  return dnsSuite.DNSPacket.write(rpacket);
 }
 module.exports.create = function (deps, config) {
  var socket;
  var nextBroadcast = -1;
  function handlePacket(message, rinfo) {
    // console.log('Received %d bytes from %s:%d', message.length, rinfo.address, rinfo.port);
    var packet;
    try {
      packet = dnsSuite.DNSPacket.parse(message);
    }
    catch (er) {
      // `dns-suite` actually errors on a lot of the packets floating around in our network,
      // so don't bother logging any errors. (We still use `dns-suite` because unlike `dns-js`
      // it can successfully craft the one packet we want to send.)
      return;
    }
    // Only respond to queries.
    if (packet.header.qr !== 0) {  return; }
    // Only respond if they were asking for cloud devices.
    if (packet.question.length !== 1)           { return; }
    if (packet.question[0].name !== queryName)  { return; }
    if (packet.question[0].typeName !== 'PTR')  { return; }
    if (packet.question[0].className !== 'IN' ) { return; }
    var proms = [
      deps.storage.mdnsId.get()
    , deps.storage.owners.all().then(function (owners) {
        // The ID is the sha256 hash of the PPID, which shouldn't be reversible and therefore
        // should be safe to expose without needing authentication.
        return owners.map(function (owner) {
          return owner.id;
        });
      })
    ];
    PromiseA.all(proms).then(function (results) {
      var resp = createResponse(results[0], results[1], packet, config.mdns.ttl, deps.tcp.mainPort);
      var now = Date.now();
      if (now > nextBroadcast) {
        socket.send(resp, config.mdns.port, config.mdns.broadcast);
        nextBroadcast = now + config.mdns.ttl * 1000;
      } else {
        socket.send(resp, rinfo.port, rinfo.address);
      }
    });
  }
  function start() {
    socket = require('dgram').createSocket({ type: 'udp4', reuseAddr: true });
    socket.on('message', handlePacket);
    return new Promise(function (resolve, reject) {
      socket.once('error', reject);
      socket.bind(config.mdns.port, function () {
        var addr = this.address();
        console.log('bound on UDP %s:%d for mDNS', addr.address, addr.port);
        socket.setBroadcast(true);
        socket.addMembership(config.mdns.broadcast);
        // This is supposed to be a local device discovery mechanism, so we shouldn't
        // need to hop through any gateways. This helps with security by making it
        // much more difficult for someone to use us as part of a DDoS attack by
        // spoofing the UDP address a request came from.
        socket.setTTL(1);
        socket.removeListener('error', reject);
        resolve();
      });
    });
  }
  function stop() {
    return new Promise(function (resolve, reject) {
      socket.once('error', reject);
      socket.close(function () {
        socket.removeListener('error', reject);
        socket = null;
        resolve();
      });
    });
  }
  function updateConf() {
    var promise;
    if (config.mdns.disabled) {
      if (socket) {
        promise = stop();
      }
    } else {
      if (!socket) {
        promise = start();
      } else if (socket.address().port !== config.mdns.port) {
        promise = stop().then(start);
      } else {
        // Can't check membership, so just add the current broadcast address to make sure
        // it's set. If it's already set it will throw an exception (at least on linux).
        try {
          socket.addMembership(config.mdns.broadcast);
        } catch (e) {}
        promise = Promise.resolve();
      }
    }
  }
  updateConf();
  return {
    updateConf
  };
 };
--- a/lib/servers.js
+++ b/lib/servers.js
@ -0,0 +1,179 @@
 'use strict';
 var serversMap = module.exports._serversMap = {};
 var dgramMap = module.exports._dgramMap = {};
 var PromiseA = require('bluebird');
 module.exports.addTcpListener = function (port, handler) {
  return new PromiseA(function (resolve, reject) {
    var stat = serversMap[port];
    if (stat) {
      if (stat._closing) {
        stat.server.destroy();
      } else {
        // We're already listening on the port, so we only have 2 options. We can either
        // replace the handler or reject with an error. (Though neither is really needed
        // if the handlers are the same). Until there is reason to do otherwise we are
        // opting for the replacement.
        stat.handler = handler;
        resolve();
        return;
      }
    }
    var enableDestroy = require('server-destroy');
    var net = require('net');
    var resolved;
    var server = net.createServer({allowHalfOpen: true});
    stat = serversMap[port] = {
      server: server
    , handler: handler
    , _closing: false
    };
    // Add .destroy so we can close all open connections. Better if added before listen
    // to eliminate any possibility of it missing an early connection in it's records.
    enableDestroy(server);
    server.on('connection', function (conn) {
      conn.__port = port;
      conn.__proto = 'tcp';
      stat.handler(conn);
    });
    server.on('close', function () {
      console.log('TCP server on port %d closed', port);
      delete serversMap[port];
    });
    server.on('error', function (e) {
      if (!resolved) {
        reject(e);
      } else if (handler.onError) {
        handler.onError(e);
      } else {
        throw e;
      }
    });
    server.listen(port, function () {
      resolved = true;
      resolve();
    });
  });
 };
 module.exports.closeTcpListener = function (port, timeout) {
  return new PromiseA(function (resolve) {
    var stat = serversMap[port];
    if (!stat) {
      resolve();
      return;
    }
    stat._closing = true;
    var timeoutId;
    if (timeout) {
      timeoutId = setTimeout(() => stat.server.destroy(), timeout);
    }
    stat.server.once('close', function () {
      clearTimeout(timeoutId);
      resolve();
    });
    stat.server.close();
  });
 };
 module.exports.destroyTcpListener = function (port) {
  var stat = serversMap[port];
  if (stat) {
    stat.server.destroy();
  }
 };
 module.exports.listTcpListeners = function () {
  return Object.keys(serversMap).map(Number).filter(function (port) {
    return port && !serversMap[port]._closing;
  });
 };
 module.exports.addUdpListener = function (port, handler) {
  return new PromiseA(function (resolve, reject) {
    var stat = dgramMap[port];
    if (stat) {
      // we'll replace the current listener
      stat.handler = handler;
      resolve();
      return;
    }
    var dgram = require('dgram');
    var server = dgram.createSocket({type: 'udp4', reuseAddr: true});
    var resolved = false;
    stat = dgramMap[port] = {
      server: server
    , handler: handler
    };
    server.on('message', function (msg, rinfo) {
      msg._size = rinfo.size;
      msg._remoteFamily = rinfo.family;
      msg._remoteAddress = rinfo.address;
      msg._remotePort = rinfo.port;
      msg._port = port;
      stat.handler(msg);
    });
    server.on('error', function (err) {
      if (!resolved) {
        delete dgramMap[port];
        reject(err);
      }
      else if (stat.handler.onError) {
        stat.handler.onError(err);
      }
      else {
        throw err;
      }
    });
    server.on('close', function () {
      delete dgramMap[port];
    });
    server.bind(port, function () {
      resolved = true;
      resolve();
    });
  });
 };
 module.exports.closeUdpListener = function (port) {
  var stat = dgramMap[port];
  if (!stat) {
    return PromiseA.resolve();
  }
  return new PromiseA(function (resolve) {
    stat.server.once('close', resolve);
    stat.server.close();
  });
 };
 module.exports.listUdpListeners = function () {
  return Object.keys(dgramMap).map(Number).filter(Boolean);
 };
 module.exports.listeners = {
  tcp: {
    add: module.exports.addTcpListener
  , close: module.exports.closeTcpListener
  , destroy: module.exports.destroyTcpListener
  , list: module.exports.listTcpListeners
  }
 , udp: {
    add: module.exports.addUdpListener
  , close: module.exports.closeUdpListener
  , list: module.exports.listUdpListeners
  }
 };
--- a/lib/socks5-server.js
+++ b/lib/socks5-server.js
@ -0,0 +1,91 @@
 'use strict';
 module.exports.create = function (deps, config) {
  var PromiseA = require('bluebird');
  var server;
  function curState() {
    var addr = server && server.address();
    if (!addr) {
      return PromiseA.resolve({running: false});
    }
    return PromiseA.resolve({
      running: true
    , port: addr.port
    });
  }
  function start(port) {
    if (server) {
      return curState();
    }
    server = require('socksv5').createServer(function (info, accept) {
      accept();
    });
    // It would be nice if we could use `server-destroy` here, but we can't because
    // the socksv5 library will not give us access to any sockets it actually
    // handles, so we have no way of keeping track of them or closing them.
    server.on('close', function () {
      server = null;
    });
    server.useAuth(require('socksv5').auth.None());
    return new PromiseA(function (resolve, reject) {
      server.on('error', function (err) {
        if (!port && err.code === 'EADDRINUSE') {
          server.listen(0);
        } else {
          server = null;
          reject(err);
        }
      });
      server.listen(port || 1080, function () {
        resolve(curState());
      });
    });
  }
  function stop() {
    if (!server) {
      return curState();
    }
    return new PromiseA(function (resolve, reject) {
      server.close(function (err) {
        if (err) {
          reject(err);
        } else {
          resolve(curState());
        }
      });
    });
  }
  var configEnabled = false;
  function updateConf() {
    var wanted = config.socks5 && config.socks5.enabled;
    if (configEnabled && !wanted) {
      stop().catch(function (err) {
        console.error('failed to stop socks5 proxy on config change', err);
      });
      configEnabled = false;
    }
    if (wanted && !configEnabled) {
      start(config.socks5.port).catch(function (err) {
        console.error('failed to start Socks5 proxy', err);
      });
      configEnabled = true;
    }
  }
  process.nextTick(updateConf);
  return {
    curState
  , start
  , stop
  , updateConf
  };
 };
--- a/lib/storage.js
+++ b/lib/storage.js
@ -0,0 +1,225 @@
 'use strict';
 var PromiseA = require('bluebird');
 var path = require('path');
 var fs = PromiseA.promisifyAll(require('fs'));
 var jwt = require('jsonwebtoken');
 var crypto = require('crypto');
 module.exports.create = function (deps, conf) {
  var hrIds = require('human-readable-ids').humanReadableIds;
  var scmp = require('scmp');
  var storageDir = path.join(__dirname, '..', 'var');
  function read(fileName) {
    return fs.readFileAsync(path.join(storageDir, fileName))
    .then(JSON.parse, function (err) {
      if (err.code === 'ENOENT') {
        return {};
      }
      throw err;
    });
  }
  function write(fileName, obj) {
    return fs.mkdirAsync(storageDir).catch(function (err) {
      if (err.code !== 'EEXIST') {
        console.error('failed to mkdir', storageDir, err.toString());
      }
    }).then(function () {
      return fs.writeFileAsync(path.join(storageDir, fileName), JSON.stringify(obj), 'utf8');
    });
  }
  var owners = {
    _filename: 'owners.json'
  , all: function () {
      return read(this._filename).then(function (owners) {
        return Object.keys(owners).map(function (id) {
          var owner = owners[id];
          owner.id = id;
          return owner;
        });
      });
    }
  , get: function (id) {
      // While we could directly read the owners file and access the id directly from
      // the resulting object I'm not sure of the details of how the object key lookup
      // works or whether that would expose us to timing attacks.
      // See https://codahale.com/a-lesson-in-timing-attacks/
      return this.all().then(function (owners) {
        return owners.filter(function (owner) {
          return scmp(id, owner.id);
        })[0];
      });
    }
  , exists: function (id) {
      return this.get(id).then(function (owner) {
        return !!owner;
      });
    }
  , set: function (id, obj) {
      var self = this;
      return read(self._filename).then(function (owners) {
        obj.id = id;
        owners[id] = obj;
        return write(self._filename, owners);
      });
    }
  };
  var confCb;
  var config = {
    save: function (changes) {
      deps.messenger.send({
        type: 'com.daplie.goldilocks/config'
      , changes: changes
      });
      return new deps.PromiseA(function (resolve, reject) {
        var timeoutId = setTimeout(function () {
          reject(new Error('Did not receive config update from main process in a reasonable time'));
          confCb = null;
        }, 15*1000);
        confCb = function (config) {
          confCb = null;
          clearTimeout(timeoutId);
          resolve(config);
        };
      });
    }
  };
  function updateConf(config) {
    if (confCb) {
      confCb(config);
    }
  }
  var userTokens = {
    _filename: 'user-tokens.json'
  , _cache: {}
  , _convertToken: function convertToken(id, token) {
      // convert the token into something that looks more like what OAuth3 uses internally
      // as sessions so we can use it with OAuth3. We don't use OAuth3's internal session
      // storage because it effectively only supports storing tokens based on provider URI.
      // We also use the token as the `access_token` instead of `refresh_token` because the
      // refresh functionality is closely tied to the storage.
      var decoded = jwt.decode(token);
      if (!decoded) {
        return null;
      }
      return {
        id:           id
      , access_token: token
      , token:        decoded
      , provider_uri: decoded.iss || decoded.issuer || decoded.provider_uri
      , client_uri:   decoded.azp
      , scope:        decoded.scp || decoded.scope || decoded.grants
      };
    }
  , all: function allUserTokens() {
      var self = this;
      if (self._cacheComplete) {
        return deps.PromiseA.resolve(Object.values(self._cache));
      }
      return read(self._filename).then(function (tokens) {
        // We will read every single token into our cache, so it will be complete once we finish
        // creating the result (it's set out of order so we can directly return the result).
        self._cacheComplete = true;
        return Object.keys(tokens).map(function (id) {
          self._cache[id] = self._convertToken(id, tokens[id]);
          return self._cache[id];
        });
      });
    }
  , get: function getUserToken(id) {
      var self = this;
      if (self._cache.hasOwnProperty(id) || self._cacheComplete) {
        return deps.PromiseA.resolve(self._cache[id] || null);
      }
      return read(self._filename).then(function (tokens) {
        self._cache[id] = self._convertToken(id, tokens[id]);
        return self._cache[id];
      });
    }
  , save: function saveUserToken(newToken) {
      var self = this;
      return read(self._filename).then(function (tokens) {
        var rawToken;
        if (typeof newToken === 'string') {
          rawToken = newToken;
        } else {
          rawToken = newToken.refresh_token || newToken.access_token;
        }
        if (typeof rawToken !== 'string') {
          throw new Error('cannot save invalid session: missing refresh_token and access_token');
        }
        var decoded = jwt.decode(rawToken);
        var idHash = crypto.createHash('sha256');
        idHash.update(decoded.sub || decoded.ppid || decoded.appScopedId || '');
        idHash.update(decoded.iss || decoded.issuer || '');
        idHash.update(decoded.aud || decoded.audience || '');
        var scope = decoded.scope || decoded.scp || decoded.grants || '';
        idHash.update(scope.split(/[,\s]+/mg).sort().join(','));
        var id = idHash.digest('hex');
        tokens[id] = rawToken;
        return write(self._filename, tokens).then(function () {
          // Delete the current cache so that if this is an update it will refresh
          // the cache once we read the ID.
          delete self._cache[id];
          return self.get(id);
        });
      });
    }
  , remove: function removeUserToken(id) {
      var self = this;
      return read(self._filename).then(function (tokens) {
        var present = delete tokens[id];
        if (!present) {
          return present;
        }
        return write(self._filename, tokens).then(function () {
          delete self._cache[id];
          return true;
        });
      });
    }
  };
  var mdnsId = {
    _filename: 'mdns-id'
  , get: function () {
      var self = this;
      return read("mdns-id").then(function (result) {
        if (typeof result !== 'string') {
          throw new Error('mDNS ID not present');
        }
        return result;
      }).catch(function () {
        return self.set(hrIds.random());
      });
    }
  , set: function (value) {
      var self = this;
      return write(self._filename, value).then(function () {
        return self.get();
      });
    }
  };
  return {
    owners: owners
  , config: config
  , updateConf: updateConf
  , tokens: userTokens
  , mdnsId: mdnsId
  };
 };
--- a/lib/tcp/http.js
+++ b/lib/tcp/http.js
@ -0,0 +1,543 @@
 'use strict';
 module.exports.create = function (deps, conf, tcpMods) {
  var PromiseA = require('bluebird');
  var statAsync = PromiseA.promisify(require('fs').stat);
  var domainMatches = require('../domain-utils').match;
  var separatePort = require('../domain-utils').separatePort;
  function parseHeaders(conn, opts) {
    // There should already be a `firstChunk` on the opts, but because we might sometimes
    // need more than that to get all the headers it's easier to always read the data off
    // the connection and put it back later if we need to.
    opts.firstChunk = Buffer.alloc(0);
    // First we make sure we have all of the headers.
    return new PromiseA(function (resolve, reject) {
      if (opts.firstChunk.includes('\r\n\r\n')) {
        resolve(opts.firstChunk.toString());
        return;
      }
      var errored = false;
      function handleErr(err) {
        errored = true;
        reject(err);
      }
      conn.once('error', handleErr);
      function handleChunk(chunk) {
        if (!errored) {
          opts.firstChunk = Buffer.concat([opts.firstChunk, chunk]);
          if (!opts.firstChunk.includes('\r\n\r\n')) {
            conn.once('data', handleChunk);
            return;
          }
          conn.removeListener('error', handleErr);
          conn.pause();
          resolve(opts.firstChunk.toString());
        }
      }
      conn.once('data', handleChunk);
    }).then(function (firstStr) {
      var headerSection = firstStr.split('\r\n\r\n')[0];
      var lines = headerSection.split('\r\n');
      var result = {};
      lines.slice(1).forEach(function (line) {
        var match = /([^:]*?)\s*:\s*(.*)/.exec(line);
        if (match) {
          result[match[1].toLowerCase()] = match[2];
        } else {
          console.error('HTTP header line does not match pattern', line);
        }
      });
      var match = /^([a-zA-Z]+)\s+(\S+)\s+HTTP/.exec(lines[0]);
      if (!match) {
        throw new Error('first line of "HTTP" does not match pattern: '+lines[0]);
      }
      result.method = match[1].toUpperCase();
      result.url = match[2];
      return result;
    });
  }
  function hostMatchesDomains(req, domainList) {
    var host = separatePort((req.headers || req).host).host.toLowerCase();
    return domainList.some(function (pattern) {
      return domainMatches(pattern, host);
    });
  }
  function determinePrimaryHost() {
    var result;
    if (Array.isArray(conf.domains)) {
      conf.domains.some(function (dom) {
        if (!dom.modules || !dom.modules.http) {
          return false;
        }
        return dom.names.some(function (domain) {
          if (domain[0] !== '*') {
            result = domain;
            return true;
          }
        });
      });
    }
    if (result) {
      return result;
    }
    if (Array.isArray(conf.http.modules)) {
      conf.http.modules.some(function (mod) {
        return mod.domains.some(function (domain) {
          if (domain[0] !== '*') {
            result = domain;
            return true;
          }
        });
      });
    }
    return result;
  }
  // We handle both HTTPS and HTTP traffic on the same ports, and we want to redirect
  // any unencrypted requests to the same port they came from unless it came in on
  // the default HTTP port, in which case there wont be a port specified in the host.
  var redirecters = {};
  var ipv4Re = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/;
  var ipv6Re = /^\[[0-9a-fA-F:]+\]$/;
  function redirectHttps(req, res) {
    var host = separatePort(req.headers.host);
    if (!redirecters[host.port]) {
      redirecters[host.port] = require('redirect-https')({ port: host.port });
    }
    // localhost and IP addresses cannot have real SSL certs (and don't contain any useful
    // info for redirection either), so we direct some hosts to either localhost.daplie.me
    // or the "primary domain" ie the first manually specified domain.
    if (host.host === 'localhost') {
      req.headers.host = 'localhost.daplie.me' + (host.port ? ':'+host.port : '');
    }
    // Test for IPv4 and IPv6 addresses. These patterns will match some invalid addresses,
    // but since those still won't be valid domains that won't really be a problem.
    if (ipv4Re.test(host.host) || ipv6Re.test(host.host)) {
      var dest;
      if (conf.http.primaryDomain) {
        dest = conf.http.primaryDomain;
      } else {
        dest = determinePrimaryHost();
      }
      if (dest) {
        req.headers.host = dest + (host.port ? ':'+host.port : '');
      }
    }
    redirecters[host.port](req, res);
  }
  function emitConnection(server, conn, opts) {
    server.emit('connection', conn);
    // We need to put back whatever data we read off to determine the connection was HTTP
    // and to parse the headers. Must be done after data handlers added but before any new
    // data comes in.
    process.nextTick(function () {
      conn.unshift(opts.firstChunk);
      conn.resume();
    });
    // Convenience return for all the check* functions.
    return true;
  }
  var acmeServer;
  function checkAcme(conn, opts, headers) {
    if (headers.url.indexOf('/.well-known/acme-challenge/') !== 0) {
      return false;
    }
    if (deps.stunneld.isClientDomain(separatePort(headers.host).host)) {
      deps.stunneld.handleClientConn(conn);
      process.nextTick(function () {
        conn.unshift(opts.firstChunk);
        conn.resume();
      });
      return true;
    }
    if (!acmeServer) {
      acmeServer = require('http').createServer(tcpMods.tls.middleware);
    }
    return emitConnection(acmeServer, conn, opts);
  }
  function checkLoopback(conn, opts, headers) {
    if (headers.url.indexOf('/.well-known/cloud-challenge/') !== 0) {
      return false;
    }
    return emitConnection(deps.ddns.loopbackServer, conn, opts);
  }
  var httpsRedirectServer;
  function checkHttps(conn, opts, headers) {
    if (conf.http.allowInsecure || conn.encrypted) {
      return false;
    }
    if (conf.http.trustProxy && 'https' === headers['x-forwarded-proto']) {
      return false;
    }
    if (!httpsRedirectServer) {
      httpsRedirectServer = require('http').createServer(redirectHttps);
    }
    return emitConnection(httpsRedirectServer, conn, opts);
  }
  var adminDomains;
  var adminServer;
  function checkAdmin(conn, opts, headers) {
    var host = separatePort(headers.host).host;
    if (!adminDomains) {
      adminDomains = require('../admin').adminDomains;
    }
    if (adminDomains.indexOf(host) !== -1) {
      if (!adminServer) {
        adminServer = require('../admin').create(deps, conf);
      }
      return emitConnection(adminServer, conn, opts);
    }
    if (deps.stunneld.isAdminDomain(host)) {
      deps.stunneld.handleAdminConn(conn);
      process.nextTick(function () {
        conn.unshift(opts.firstChunk);
        conn.resume();
      });
      return true;
    }
    return false;
  }
  var proxyServer;
  function createProxyServer() {
    var http = require('http');
    var agent = new http.Agent();
    agent.createConnection = deps.net.createConnection;
    var proxy = require('http-proxy').createProxyServer({
      agent: agent
    , toProxy: true
    });
    proxy.on('error', function (err, req, res) {
      res.statusCode = 502;
      res.setHeader('Connection', 'close');
      res.setHeader('Content-Type', 'text/html');
      res.end(tcpMods.proxy.getRespBody(err, conf.debug));
    });
    proxyServer = http.createServer(function (req, res) {
      proxy.web(req, res, req.connection.proxyOpts);
    });
    proxyServer.on('upgrade', function (req, socket, head) {
      proxy.ws(req, socket, head, socket.proxyOpts);
    });
  }
  function proxyRequest(mod, conn, opts, xHeaders) {
    if (!proxyServer) {
      createProxyServer();
    }
    conn.proxyOpts = {
      target: 'http://'+(mod.address || (mod.host || 'localhost')+':'+mod.port)
    , headers: xHeaders
    };
    return emitConnection(proxyServer, conn, opts);
  }
  function proxyWebsocket(mod, conn, opts, headers, xHeaders) {
    var index = opts.firstChunk.indexOf('\r\n\r\n');
    var body = opts.firstChunk.slice(index);
    var head = opts.firstChunk.slice(0, index).toString();
    var headLines = head.split('\r\n');
    // First strip any existing `X-Forwarded-*` headers (for security purposes?)
    headLines = headLines.filter(function (line) {
      return !/^x-forwarded/i.test(line);
    });
    // Then add our own `X-Forwarded` headers at the end.
    Object.keys(xHeaders).forEach(function (key) {
      headLines.push(key + ': ' +xHeaders[key]);
    });
    // Then convert all of the head lines back into a header buffer.
    head = Buffer.from(headLines.join('\r\n'));
    opts.firstChunk = Buffer.concat([head, body]);
    var newConnOpts = separatePort(mod.address || '');
    newConnOpts.port = newConnOpts.port || mod.port;
    newConnOpts.host = newConnOpts.host || mod.host || 'localhost';
    newConnOpts.servername = separatePort(headers.host).host;
    newConnOpts.data = opts.firstChunk;
    newConnOpts.remoteFamily  = opts.family  || conn.remoteFamily;
    newConnOpts.remoteAddress = opts.address || conn.remoteAddress;
    newConnOpts.remotePort    = opts.port    || conn.remotePort;
    tcpMods.proxy(conn, newConnOpts, opts.firstChunk);
  }
  function checkProxy(mod, conn, opts, headers) {
    var xHeaders = {};
    // Then add our own `X-Forwarded` headers at the end.
    if (conf.http.trustProxy && headers['x-forwarded-proto']) {
      xHeaders['X-Forwarded-Proto'] = headers['x-forwarded-proto'];
    } else {
      xHeaders['X-Forwarded-Proto'] = conn.encrypted ? 'https' : 'http';
    }
    var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean);
    proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress);
    xHeaders['X-Forwarded-For'] = proxyChain.join(', ');
    xHeaders['X-Forwarded-Host'] = headers.host;
    if ((headers.connection || '').toLowerCase() === 'upgrade') {
      proxyWebsocket(mod, conn, opts, headers, xHeaders);
    } else {
      proxyRequest(mod, conn, opts, xHeaders);
    }
    return true;
  }
  function checkRedirect(mod, conn, opts, headers) {
    if (!mod.fromRe || mod.fromRe.origSrc !== mod.from) {
      // Escape any characters that (can) have special meaning in regular expression
      // but that aren't the special characters we have interest in.
      var from = mod.from.replace(/[-\/\\^$+?.()|[\]{}]/g, '\\$&');
      // Then modify the characters we are interested in so they do what we want in
      // the regular expression after being compiled.
      from = from.replace(/\*/g, '(.*)');
      var fromRe = new RegExp('^' + from + '/?$');
      fromRe.origSrc = mod.from;
      // We don't want this property showing up in the actual config file or the API,
      // so we define it this way so it's not enumberable.
      Object.defineProperty(mod, 'fromRe', {value: fromRe, configurable: true});
    }
    var match = mod.fromRe.exec(headers.url);
    if (!match) {
      return false;
    }
    var to = mod.to;
    match.slice(1).forEach(function (globMatch, index) {
      to = to.replace(':'+(index+1), globMatch);
    });
    var status = mod.status || 301;
    var code = require('http').STATUS_CODES[status] || 'Unknown';
    conn.end([
      'HTTP/1.1 ' + status + ' ' + code
    , 'Date: ' + (new Date()).toUTCString()
    , 'Location: ' + to
    , 'Connection: close'
    , 'Content-Length: 0'
    , ''
    , ''
    ].join('\r\n'));
    return true;
  }
  var staticServer;
  var staticHandlers = {};
  var indexHandlers = {};
  function serveStatic(req, res) {
    var rootDir = req.connection.rootDir;
    var modOpts = req.connection.modOpts;
    if (!staticHandlers[rootDir]) {
      staticHandlers[rootDir] = require('express').static(rootDir, {
        dotfiles: modOpts.dotfiles
      , fallthrough: false
      , redirect: modOpts.redirect
      , index: modOpts.index
      });
    }
    staticHandlers[rootDir](req, res, function (err) {
      function doFinal() {
        if (err) {
          res.statusCode = err.statusCode;
        } else {
          res.statusCode = 404;
        }
        res.setHeader('Content-Type', 'text/html');
        if (res.statusCode === 404) {
          res.end('File Not Found');
        } else {
          res.end(require('http').STATUS_CODES[res.statusCode]);
        }
      }
      var handlerHandle = rootDir
        + (modOpts.hidden||'')
        + (modOpts.icons||'')
        + (modOpts.stylesheet||'')
        + (modOpts.template||'')
        + (modOpts.view||'')
        ;
      function pathMatchesUrl(pathname) {
        if (req.url === pathname) {
          return true;
        }
        if (0 === req.url.replace(/\/?$/, '/').indexOf(pathname.replace(/\/?$/, '/'))) {
          return true;
        }
      }
      if (!modOpts.indexes || ('*' !== modOpts.indexes[0] && !modOpts.indexes.some(pathMatchesUrl))) {
        doFinal();
        return;
      }
      if (!indexHandlers[handlerHandle]) {
        // https://www.npmjs.com/package/serve-index
        indexHandlers[handlerHandle] = require('serve-index')(rootDir, {
          hidden: modOpts.hidden
        , icons: modOpts.icons
        , stylesheet: modOpts.stylesheet
        , template: modOpts.template
        , view: modOpts.view
        });
      }
      indexHandlers[handlerHandle](req, res, function (_err) {
        err = _err || err;
        doFinal();
      });
    });
  }
  function checkStatic(modOpts, conn, opts, headers) {
    var rootDir = modOpts.root.replace(':hostname', separatePort(headers.host).host);
    return statAsync(rootDir)
      .then(function (stats) {
        if (!stats || !stats.isDirectory()) {
          return false;
        }
        if (!staticServer) {
          staticServer = require('http').createServer(serveStatic);
        }
        conn.rootDir = rootDir;
        conn.modOpts = modOpts;
        return emitConnection(staticServer, conn, opts);
      })
      .catch(function (err) {
        if (err.code !== 'ENOENT') {
          console.warn('errored stating', rootDir, 'for serving static files', err);
        }
        return false;
      })
      ;
  }
  // The function signature is as follows
  // function module(moduleOptions, tcpConnection, connectionOptions, headers) { ... }
  var moduleChecks = {
    proxy:    checkProxy
  , redirect: checkRedirect
  , static:   checkStatic
  };
  function handleConnection(conn) {
    var opts = conn.__opts;
    parseHeaders(conn, opts)
      .then(function (headers) {
        if (checkAcme(conn, opts, headers))  { return; }
        if (checkLoopback(conn, opts, headers))  { return; }
        if (checkHttps(conn, opts, headers)) { return; }
        if (checkAdmin(conn, opts, headers)) { return; }
        var prom = PromiseA.resolve(false);
        (conf.domains || []).forEach(function (dom) {
          prom = prom.then(function (handled) {
            if (handled) {
              return handled;
            }
            if (!dom.modules || !dom.modules.http) {
              return false;
            }
            if (!hostMatchesDomains(headers, dom.names)) {
              return false;
            }
            var subProm = PromiseA.resolve(false);
            dom.modules.http.forEach(function (mod) {
              if (moduleChecks[mod.type]) {
                subProm = subProm.then(function (handled) {
                  if (handled) { return handled; }
                  return moduleChecks[mod.type](mod, conn, opts, headers);
                });
              } else {
                console.warn('unknown HTTP module under domains', dom.names.join(','), mod);
              }
            });
            return subProm;
          });
        });
        (conf.http.modules || []).forEach(function (mod) {
          prom = prom.then(function (handled) {
            if (handled) {
              return handled;
            }
            if (!hostMatchesDomains(headers, mod.domains)) {
              return false;
            }
            if (moduleChecks[mod.type]) {
              return moduleChecks[mod.type](mod, conn, opts, headers);
            }
            console.warn('unknown HTTP module found', mod);
          });
        });
        prom.then(function (handled) {
          // XXX TODO SECURITY html escape
          var host = (headers.host || '[no host header]').replace(/</, '&lt;');
          // TODO specify filepath of config file or database connection, etc
          var msg = "Bad Gateway: Goldilocks accepted '" + host + "' but no module (neither static nor proxy) was designated to handle it. Check your config file.";
          if (!handled) {
            conn.end([
              'HTTP/1.1 502 Bad Gateway'
            , 'Date: ' + (new Date()).toUTCString()
            , 'Content-Type: text/html'
            , 'Content-Length: ' + msg.length
            , 'Connection: close'
            , ''
            , msg
            ].join('\r\n'));
          }
        });
      })
      ;
  }
  return {
    emit: function (type, value) {
      if (type === 'connection') {
        handleConnection(value);
      }
    }
  };
 };
--- a/lib/tcp/index.js
+++ b/lib/tcp/index.js
@ -0,0 +1,242 @@
 'use strict';
 module.exports.create = function (deps, config) {
  console.log('config', config);
  var listeners = require('../servers').listeners.tcp;
  var domainUtils = require('../domain-utils');
  var modules;
  var addrProperties = [
    'remoteAddress'
  , 'remotePort'
  , 'remoteFamily'
  , 'localAddress'
  , 'localPort'
  , 'localFamily'
  ];
  function nameMatchesDomains(name, domainList) {
    return domainList.some(function (pattern) {
      return domainUtils.match(pattern, name);
    });
  }
  function proxy(mod, conn, opts) {
    // First thing we need to add to the connection options is where to proxy the connection to
    var newConnOpts = domainUtils.separatePort(mod.address || '');
    newConnOpts.port = newConnOpts.port || mod.port;
    newConnOpts.host = newConnOpts.host || mod.host || 'localhost';
    // Then we add all of the connection address information. We need to prefix all of the
    // properties with '_' so we can provide the information to any connection `createConnection`
    // implementation but not have the default implementation try to bind the same local port.
    addrProperties.forEach(function (name) {
      newConnOpts['_' + name] = opts[name] || opts['_'+name] || conn[name] || conn['_'+name];
    });
    modules.proxy(conn, newConnOpts);
    return true;
  }
  function checkTcpProxy(conn, opts) {
    var proxied = false;
    // TCP Proxying (ie routing based on domain name [vs local port]) only works for
    // TLS wrapped connections, so if the opts don't give us a servername or don't tell us
    // this is the decrypted side of a TLS connection we can't handle it here.
    if (!opts.servername || !opts.encrypted) { return proxied; }
    proxied = config.domains.some(function (dom) {
      if (!dom.modules || !Array.isArray(dom.modules.tcp)) { return false; }
      if (!nameMatchesDomains(opts.servername, dom.names)) { return false; }
      return dom.modules.tcp.some(function (mod) {
        if (mod.type !== 'proxy') { return false; }
        return proxy(mod, conn, opts);
      });
    });
    proxied = proxied || config.tcp.modules.some(function (mod) {
      if (mod.type !== 'proxy') { return false; }
      if (!nameMatchesDomains(opts.servername, mod.domains)) { return false; }
      return proxy(mod, conn, opts);
    });
    return proxied;
  }
  function checkTcpForward(conn, opts) {
    // TCP forwarding (ie routing connections based on local port) requires the local port
    if (!conn.localPort) { return false; }
    return config.tcp.modules.some(function (mod) {
      if (mod.type !== 'forward')                { return false; }
      if (mod.ports.indexOf(conn.localPort) < 0) { return false; }
      return proxy(mod, conn, opts);
    });
  }
  // opts = { servername, encrypted, peek, data, remoteAddress, remotePort }
  function peek(conn, firstChunk, opts) {
    opts.firstChunk = firstChunk;
    conn.__opts = opts;
    // TODO port/service-based routing can do here
    // TLS byte 1 is handshake and byte 6 is client hello
    if (0x16 === firstChunk[0]/* && 0x01 === firstChunk[5]*/) {
      modules.tls.emit('connection', conn);
      return;
    }
    // This doesn't work with TLS, but now that we know this isn't a TLS connection we can
    // unshift the first chunk back onto the connection for future use. The unshift should
    // happen after any listeners are attached to it but before any new data comes in.
    if (!opts.hyperPeek) {
      process.nextTick(function () {
        conn.unshift(firstChunk);
      });
    }
    // Connection is not TLS, check for HTTP next.
    if (firstChunk[0] > 32 && firstChunk[0] < 127) {
      var firstStr = firstChunk.toString();
      if (/HTTP\//i.test(firstStr)) {
        modules.http.emit('connection', conn);
        return;
      }
    }
    console.warn('failed to identify protocol from first chunk', firstChunk);
    conn.destroy();
  }
  function tcpHandler(conn, opts) {
    function getProp(name) {
      return opts[name] || opts['_'+name] || conn[name] || conn['_'+name];
    }
    opts = opts || {};
    var logName = getProp('remoteAddress') + ':' + getProp('remotePort') + ' -> ' +
                  getProp('localAddress')  + ':' + getProp('localPort');
    console.log('[tcpHandler]', logName, 'connection started - encrypted: ' + (opts.encrypted || false));
    var start = Date.now();
    conn.on('timeout', function () {
      console.log('[tcpHandler]', logName, 'connection timed out', (Date.now()-start)/1000);
    });
    conn.on('end', function () {
      console.log('[tcpHandler]', logName, 'connection ended', (Date.now()-start)/1000);
    });
    conn.on('close', function () {
      console.log('[tcpHandler]', logName, 'connection closed', (Date.now()-start)/1000);
    });
    if (checkTcpForward(conn, opts)) { return; }
    if (checkTcpProxy(conn, opts))   { return; }
    // XXX PEEK COMMENT XXX
    // TODO we can have our cake and eat it too
    // we can skip the need to wrap the TLS connection twice
    // because we've already peeked at the data,
    // but this needs to be handled better before we enable that
    // (because it creates new edge cases)
    if (opts.hyperPeek) {
      console.log('hyperpeek');
      peek(conn, opts.firstChunk, opts);
      return;
    }
    function onError(err) {
      console.error('[error] socket errored peeking -', err);
      conn.destroy();
    }
    conn.once('error', onError);
    conn.once('data', function (chunk) {
      conn.removeListener('error', onError);
      peek(conn, chunk, opts);
    });
  }
  process.nextTick(function () {
    modules = {};
    modules.tcpHandler = tcpHandler;
    modules.proxy = require('./proxy-conn').create(deps, config);
    modules.tls   = require('./tls').create(deps, config, modules);
    modules.http  = require('./http').create(deps, config, modules);
  });
  function updateListeners() {
    var current = listeners.list();
    var wanted = config.tcp.bind;
    if (!Array.isArray(wanted)) { wanted = []; }
    wanted = wanted.map(Number).filter((port) => port > 0 && port < 65356);
    var closeProms = current.filter(function (port) {
      return wanted.indexOf(port) < 0;
    }).map(function (port) {
      return listeners.close(port, 1000);
    });
    // We don't really need to filter here since listening on the same port with the
    // same handler function twice is basically a no-op.
    var openProms = wanted.map(function (port) {
      return listeners.add(port, tcpHandler);
    });
    return Promise.all(closeProms.concat(openProms));
  }
  var mainPort;
  function updateConf() {
    updateListeners().catch(function (err) {
      console.error('Error updating TCP listeners to match bind configuration');
      console.error(err);
    });
    var unforwarded = {};
    config.tcp.bind.forEach(function (port) {
      unforwarded[port] = true;
    });
    config.tcp.modules.forEach(function (mod) {
      if (['forward', 'proxy'].indexOf(mod.type) < 0) {
        console.warn('unknown TCP module type specified', JSON.stringify(mod));
      }
      if (mod.type !== 'forward') { return; }
      mod.ports.forEach(function (port) {
        if (!unforwarded[port]) {
          console.warn('trying to forward TCP port ' + port + ' multiple times or it is unbound');
        } else {
          delete unforwarded[port];
        }
      });
    });
    // Not really sure what we can reasonably do to prevent this. At least not without making
    // our configuration validation more complicated.
    if (!Object.keys(unforwarded).length) {
      console.warn('no bound TCP ports are not being forwarded, admin interface will be inaccessible');
    }
    // If we are listening on port 443 make that the main port we respond to mDNS queries with
    // otherwise choose the lowest number port we are bound to but not forwarding.
    if (unforwarded['443']) {
      mainPort = 443;
    } else {
      mainPort = Object.keys(unforwarded).map(Number).sort((a, b) => a - b)[0];
    }
  }
  updateConf();
  var result =  {
    updateConf
  , handler: tcpHandler
  };
  Object.defineProperty(result, 'mainPort', {enumerable: true, get: () => mainPort});
  return result;
 };
--- a/lib/tcp/proxy-conn.js
+++ b/lib/tcp/proxy-conn.js
@ -0,0 +1,81 @@
 'use strict';
 function getRespBody(err, debug) {
  if (debug) {
    return err.toString();
  }
  if (err.code === 'ECONNREFUSED') {
    return 'The connection was refused. Most likely the service being connected to '
      + 'has stopped running or the configuration is wrong.';
  }
  return 'Bad Gateway: ' + err.code;
 }
 function sendBadGateway(conn, err, debug) {
  var body = getRespBody(err, debug);
  conn.write([
    'HTTP/1.1 502 Bad Gateway'
  , 'Date: ' + (new Date()).toUTCString()
  , 'Connection: close'
  , 'Content-Type: text/html'
  , 'Content-Length: ' + body.length
  , ''
  , body
  ].join('\r\n'));
  conn.end();
 }
 module.exports.getRespBody = getRespBody;
 module.exports.sendBadGateway = sendBadGateway;
 module.exports.create = function (deps, config) {
  function proxy(conn, newConnOpts, firstChunk, decrypt) {
    var connected = false;
    newConnOpts.allowHalfOpen = true;
    var newConn = deps.net.createConnection(newConnOpts, function () {
      connected = true;
      if (firstChunk) {
        newConn.write(firstChunk);
      }
      newConn.pipe(conn);
      conn.pipe(newConn);
    });
    // Listening for this largely to prevent uncaught exceptions.
    conn.on('error', function (err) {
      console.log('proxy client error', err);
    });
    newConn.on('error', function (err) {
      if (connected) {
        // Not sure how to report this to a user or a client. We can assume that some data
        // has already been exchanged, so we can't really be sure what we can send in addition
        // that wouldn't result in a parse error.
        console.log('proxy remote error', err);
      } else {
        console.log('proxy connection error', err);
        if (decrypt) {
          sendBadGateway(decrypt(conn), err, config.debug);
        } else {
          sendBadGateway(conn, err, config.debug);
        }
      }
    });
    // Make sure that once one side closes, no I/O activity will happen on the other side.
    conn.on('close', function () {
      newConn.destroy();
    });
    newConn.on('close', function () {
      conn.destroy();
    });
  }
  proxy.getRespBody = getRespBody;
  proxy.sendBadGateway = sendBadGateway;
  return proxy;
 };
--- a/lib/tcp/tls.js
+++ b/lib/tcp/tls.js
@ -0,0 +1,349 @@
 'use strict';
 module.exports.create = function (deps, config, tcpMods) {
  var path = require('path');
  var tls = require('tls');
  var parseSni = require('sni');
  var greenlock = require('greenlock');
  var localhostCerts = require('localhost.daplie.me-certificates');
  var domainMatches = require('../domain-utils').match;
  function extractSocketProp(socket, propName) {
    // remoteAddress, remotePort... ugh... https://github.com/nodejs/node/issues/8854
    var altName = '_' + propName;
    var value = socket[propName] || socket[altName];
    try {
      value = value || socket._handle._parent.owner.stream[propName];
      value = value || socket._handle._parent.owner.stream[altName];
    } catch (e) {}
    try {
      value = value || socket._handle._parentWrap[propName];
      value = value || socket._handle._parentWrap[altName];
      value = value || socket._handle._parentWrap._handle.owner.stream[propName];
      value = value || socket._handle._parentWrap._handle.owner.stream[altName];
    } catch (e) {}
    return value || '';
  }
  function nameMatchesDomains(name, domainList) {
    return domainList.some(function (pattern) {
      return domainMatches(pattern, name);
    });
  }
  var addressNames = [
    'remoteAddress'
  , 'remotePort'
  , 'remoteFamily'
  , 'localAddress'
  , 'localPort'
  ];
  function wrapSocket(socket, opts, cb) {
    var reader = require('socket-pair').create(function (err, writer) {
      if (typeof cb === 'function') {
        process.nextTick(cb);
      }
      if (err) {
        reader.emit('error', err);
        return;
      }
      writer.write(opts.firstChunk);
      socket.pipe(writer);
      writer.pipe(socket);
      socket.on('error', function (err) {
        console.log('wrapped TLS socket error', err);
        reader.emit('error', err);
      });
      writer.on('error', function (err) {
        console.error('socket-pair writer error', err);
        // If the writer had an error the reader probably did too, and I don't think we'll
        // get much out of emitting this on the original socket, so logging is enough.
      });
      socket.on('close', writer.destroy.bind(writer));
      writer.on('close', socket.destroy.bind(socket));
    });
    // We can't set these properties the normal way because there is a getter without a setter,
    // but we can use defineProperty. We reuse the descriptor even though we will be manipulating
    // it because we will only ever set the value and we set it every time.
    var descriptor = {enumerable: true, configurable: true, writable: true};
    addressNames.forEach(function (name) {
      descriptor.value = opts[name] || extractSocketProp(socket, name);
      Object.defineProperty(reader, name, descriptor);
    });
    return reader;
  }
  var le = greenlock.create({
    server: 'https://acme-v01.api.letsencrypt.org/directory'
  , challenges: {
      'http-01': require('le-challenge-fs').create({ debug: config.debug })
    , 'tls-sni-01': require('le-challenge-sni').create({ debug: config.debug })
    , 'dns-01': deps.ddns.challenge
    }
  , challengeType: 'http-01'
  , store: require('le-store-certbot').create({
      debug: config.debug
    , configDir: path.join(require('os').homedir(), 'acme', 'etc')
    , logDir: path.join(require('os').homedir(), 'acme', 'var', 'log')
    , workDir: path.join(require('os').homedir(), 'acme', 'var', 'lib')
    })
  , approveDomains: function (opts, certs, cb) {
      // This is where you check your database and associated
      // email addresses with domains and agreements and such
      // The domains being approved for the first time are listed in opts.domains
      // Certs being renewed are listed in certs.altnames
      if (certs) {
        // TODO make sure the same options are used for renewal as for registration?
        opts.domains = certs.altnames;
        cb(null, { options: opts, certs: certs });
        return;
      }
      function complete(optsOverride, domains) {
        if (!cb) {
          console.warn('tried to complete domain approval multiple times');
          return;
        }
        // // We can't request certificates for wildcard domains, so filter any of those
        // // out of this list and put the domain that triggered this in the list if needed.
        // domains = (domains || []).filter(function (dom) { return dom[0] !== '*'; });
        // if (domains.indexOf(opts.domain) < 0) {
        //   domains.push(opts.domain);
        // }
        domains = [ opts.domain ];
        // TODO: allow user to specify options for challenges or storage.
        Object.assign(opts, optsOverride, { domains: domains, agreeTos: true });
        cb(null, { options: opts, certs: certs });
        cb = null;
      }
      var handled = false;
      if (Array.isArray(config.domains)) {
        handled = config.domains.some(function (dom) {
          if (!dom.modules || !dom.modules.tls) {
            return false;
          }
          if (!nameMatchesDomains(opts.domain, dom.names)) {
            return false;
          }
          return dom.modules.tls.some(function (mod) {
            if (mod.type !== 'acme') {
              return false;
            }
            complete(mod, dom.names);
            return true;
          });
        });
      }
      if (handled) {
        return;
      }
      if (Array.isArray(config.tls.modules)) {
        handled = config.tls.modules.some(function (mod) {
          if (mod.type !== 'acme') {
            return false;
          }
          if (!nameMatchesDomains(opts.domain, mod.domains)) {
            return false;
          }
          complete(mod, mod.domains);
          return true;
        });
      }
      if (handled) {
        return;
      }
      cb(new Error('domain is not allowed'));
    }
  });
  le.tlsOptions = le.tlsOptions || le.httpsOptions;
  var secureContexts = {};
  var terminatorOpts = require('localhost.daplie.me-certificates').merge({});
  terminatorOpts.SNICallback = function (sni, cb) {
    sni = sni.toLowerCase();
    console.log("[tlsOptions.SNICallback] SNI: '" + sni + "'");
    var tlsOptions;
    // Static Certs
    if (/\.invalid$/.test(sni)) {
      sni = 'localhost.daplie.me';
    }
    if (/.*localhost.*\.daplie\.me/.test(sni)) {
      if (!secureContexts[sni]) {
        tlsOptions = localhostCerts.mergeTlsOptions(sni, {});
        if (tlsOptions) {
          secureContexts[sni] = tls.createSecureContext(tlsOptions);
        }
      }
      if (secureContexts[sni]) {
        console.log('Got static secure context:', sni, secureContexts[sni]);
        cb(null, secureContexts[sni]);
        return;
      }
    }
    le.tlsOptions.SNICallback(sni, cb);
  };
  var terminateServer = tls.createServer(terminatorOpts, function (socket) {
    console.log('(post-terminated) tls connection, addr:', extractSocketProp(socket, 'remoteAddress'));
    tcpMods.tcpHandler(socket, {
      servername: socket.servername
    , encrypted: true
      // remoteAddress... ugh... https://github.com/nodejs/node/issues/8854
    , remoteAddress: extractSocketProp(socket, 'remoteAddress')
    , remotePort:    extractSocketProp(socket, 'remotePort')
    , remoteFamily:  extractSocketProp(socket, 'remoteFamily')
    });
  });
  terminateServer.on('error', function (err) {
    console.log('[error] TLS termination server', err);
  });
  function proxy(socket, opts, mod) {
    var newConnOpts = require('../domain-utils').separatePort(mod.address || '');
    newConnOpts.port = newConnOpts.port || mod.port;
    newConnOpts.host = newConnOpts.host || mod.host || 'localhost';
    newConnOpts.servername = opts.servername;
    newConnOpts.data = opts.firstChunk;
    newConnOpts.remoteFamily  = opts.family  || extractSocketProp(socket, 'remoteFamily');
    newConnOpts.remoteAddress = opts.address || extractSocketProp(socket, 'remoteAddress');
    newConnOpts.remotePort    = opts.port    || extractSocketProp(socket, 'remotePort');
    tcpMods.proxy(socket, newConnOpts, opts.firstChunk, function () {
      // This function is called in the event of a connection error and should decrypt
      // the socket so the proxy module can send a 502 HTTP response.
      var tlsOpts = localhostCerts.mergeTlsOptions('localhost.daplie.me', {isServer: true});
      if (opts.hyperPeek) {
        return new tls.TLSSocket(socket, tlsOpts);
      } else {
        return new tls.TLSSocket(wrapSocket(socket, opts), tlsOpts);
      }
    });
    return true;
  }
  function terminate(socket, opts) {
    console.log(
      '[tls-terminate]'
    , opts.localAddress || socket.localAddress +':'+ opts.localPort || socket.localPort
    , 'servername=' + opts.servername
    , opts.remoteAddress || socket.remoteAddress
    );
    var wrapped;
    // We can't emit the connection to the TLS server until we know the connection is fully
    // opened, otherwise it might hang open when the decrypted side is destroyed.
    // https://github.com/nodejs/node/issues/14605
    function emitSock() {
      terminateServer.emit('connection', wrapped);
    }
    if (opts.hyperPeek) {
      // This connection was peeked at using a method that doesn't interferre with the TLS
      // server's ability to handle it properly. Currently the only way this happens is
      // with tunnel connections where we have the first chunk of data before creating the
      // new connection (thus removing need to get data off the new connection).
      wrapped = socket;
      process.nextTick(emitSock);
    }
    else {
      // The hyperPeek flag wasn't set, so we had to read data off of this connection, which
      // means we can no longer use it directly in the TLS server.
      // See https://github.com/nodejs/node/issues/8752 (node's internal networking layer == 💩 sometimes)
      wrapped = wrapSocket(socket, opts, emitSock);
    }
  }
  function handleConn(socket, opts) {
    opts.servername = (parseSni(opts.firstChunk)||'').toLowerCase() || 'localhost.invalid';
    // needs to wind up in one of 2 states:
    // 1. SNI-based Proxy / Tunnel (we don't even need to put it through the tlsSocket)
    // 2. Terminated (goes on to a particular module or route, including the admin interface)
    // 3. Closed (we don't recognize the SNI servername as something we actually want to handle)
    // We always want to terminate is the SNI matches the challenge pattern, unless a client
    // on the south side has temporarily claimed a particular challenge. For the time being
    // we don't have a way for the south-side to communicate with us, so that part isn't done.
    if (domainMatches('*.acme-challenge.invalid', opts.servername)) {
      terminate(socket, opts);
      return;
    }
    if (deps.stunneld.isClientDomain(opts.servername)) {
      deps.stunneld.handleClientConn(socket);
      if (!opts.hyperPeek) {
        process.nextTick(function () {
          socket.unshift(opts.firstChunk);
        });
      }
      return;
    }
    function checkModule(mod) {
      if (mod.type === 'proxy') {
        return proxy(socket, opts, mod);
      }
      if (mod.type !== 'acme') {
        console.error('saw unknown TLS module', mod);
      }
    }
    var handled = (config.domains || []).some(function (dom) {
      if (!dom.modules || !dom.modules.tls) {
        return false;
      }
      if (!nameMatchesDomains(opts.servername, dom.names)) {
        return false;
      }
      return dom.modules.tls.some(checkModule);
    });
    if (handled) {
      return;
    }
    handled = (config.tls.modules || []).some(function (mod) {
      if (!nameMatchesDomains(opts.servername, mod.domains)) {
        return false;
      }
      return checkModule(mod);
    });
    if (handled) {
      return;
    }
    // TODO: figure out all of the domains that the other modules intend to handle, and only
    // terminate those ones, closing connections for all others.
    terminate(socket, opts);
  }
  return {
    emit: function (type, socket) {
      if (type === 'connection') {
        handleConn(socket, socket.__opts);
      }
    }
  , middleware: le.middleware()
  };
 };
--- a/lib/tunnel-server-manager.js
+++ b/lib/tunnel-server-manager.js
@ -0,0 +1,131 @@
 'use strict';
 function httpsTunnel(servername, conn) {
  console.error('tunnel server received encrypted connection to', servername);
  conn.end();
 }
 function handleHttp(servername, conn) {
  console.error('tunnel server received un-encrypted connection to', servername);
  conn.end([
    'HTTP/1.1 404 Not Found'
  , 'Date: ' + (new Date()).toUTCString()
  , 'Connection: close'
  , 'Content-Type: text/html'
  , 'Content-Length: 9'
  , ''
  , 'Not Found'
  ].join('\r\n'));
 }
 function rejectNonWebsocket(req, res) {
  // status code 426 = Upgrade Required
  res.statusCode = 426;
  res.setHeader('Content-Type', 'application/json');
  res.send({error: { message: 'Only websockets accepted for tunnel server' }});
 }
 var defaultConfig = {
  servernames: []
 , secret: null
 };
 var tunnelFuncs = {
  // These functions should not be called because connections to the admin domains
  // should already be decrypted, and connections to non-client domains should never
  // be given to us in the first place.
  httpsTunnel:  httpsTunnel
 , httpsInvalid: httpsTunnel
  // These function should not be called because ACME challenges should be handled
  // before admin domain connections are given to us, and the only non-encrypted
  // client connections that should be given to us are ACME challenges.
 , handleHttp:         handleHttp
 , handleInsecureHttp: handleHttp
 };
 module.exports.create = function (deps, config) {
  var equal = require('deep-equal');
  var enableDestroy = require('server-destroy');
  var currentOpts = Object.assign({}, defaultConfig);
  var httpServer, wsServer, stunneld;
  function start() {
    if (httpServer || wsServer || stunneld) {
      throw new Error('trying to start already started tunnel server');
    }
    httpServer = require('http').createServer(rejectNonWebsocket);
    enableDestroy(httpServer);
    wsServer = new (require('ws').Server)({ server: httpServer });
    var tunnelOpts = Object.assign({}, tunnelFuncs, currentOpts);
    stunneld = require('stunneld').create(tunnelOpts);
    wsServer.on('connection', stunneld.ws);
  }
  function stop() {
    if (!httpServer || !wsServer || !stunneld) {
      throw new Error('trying to stop unstarted tunnel server (or it got into semi-initialized state');
    }
    wsServer.close();
    wsServer = null;
    httpServer.destroy();
    httpServer = null;
    // Nothing to close here, just need to set it to null to allow it to be garbage-collected.
    stunneld = null;
  }
  function updateConf() {
    var newOpts = Object.assign({}, defaultConfig, config.tunnelServer);
    if (!Array.isArray(newOpts.servernames)) {
      newOpts.servernames = [];
    }
    var trimmedOpts = {
      servernames: newOpts.servernames.slice().sort()
    , secret:      newOpts.secret
    };
    if (equal(trimmedOpts, currentOpts)) {
      return;
    }
    currentOpts = trimmedOpts;
    // Stop what's currently running, then if we are still supposed to be running then we
    // can start it again with the updated options. It might be possible to make use of
    // the existing http and ws servers when the config changes, but I'm not sure what
    // state the actions needed to close all existing connections would put them in.
    if (httpServer || wsServer || stunneld) {
      stop();
    }
    if (currentOpts.servernames.length && currentOpts.secret) {
      start();
    }
  }
  process.nextTick(updateConf);
  return {
    isAdminDomain: function (domain) {
      return currentOpts.servernames.indexOf(domain) !== -1;
    }
  , handleAdminConn: function (conn) {
      if (!httpServer) {
        console.error(new Error('handleAdminConn called with no active tunnel server'));
        conn.end();
      } else {
        return httpServer.emit('connection', conn);
      }
    }
  , isClientDomain: function (domain) {
      if (!stunneld) { return false; }
      return stunneld.isClientDomain(domain);
    }
  , handleClientConn: function (conn) {
      if (!stunneld) {
        console.error(new Error('handleClientConn called with no active tunnel server'));
        conn.end();
      } else {
        return stunneld.tcp(conn);
      }
    }
  , updateConf
  };
 };
--- a/lib/udp.js
+++ b/lib/udp.js
@ -0,0 +1,57 @@
 'use strict';
 module.exports.create = function (deps, config) {
  var listeners = require('./servers').listeners.udp;
  function packetHandler(port, msg) {
    if (!Array.isArray(config.udp.modules)) {
      return;
    }
    var socket = require('dgram').createSocket('udp4');
    config.udp.modules.forEach(function (mod) {
      if (mod.type !== 'forward') {
        // To avoid logging bad modules every time we get a UDP packet we assign a warned
        // property to the module (non-enumerable so it won't be saved to the config or
        // show up in the API).
        if (!mod.warned) {
          console.warn('found bad DNS module', mod);
          Object.defineProperty(mod, 'warned', {value: true, enumerable: false});
        }
        return;
      }
      if (mod.ports.indexOf(port) < 0) {
        return;
      }
      var dest = require('./domain-utils').separatePort(mod.address || '');
      dest.port = dest.port || mod.port;
      dest.host = dest.host || mod.host || 'localhost';
      socket.send(msg, dest.port, dest.host);
    });
  }
  function updateListeners() {
    var current = listeners.list();
    var wanted = config.udp.bind;
    if (!Array.isArray(wanted)) { wanted = []; }
    wanted = wanted.map(Number).filter((port) => port > 0 && port < 65356);
    current.forEach(function (port) {
      if (wanted.indexOf(port) < 0) {
        listeners.close(port);
      }
    });
    wanted.forEach(function (port) {
      if (current.indexOf(port) < 0) {
        listeners.add(port, packetHandler.bind(port));
      }
    });
  }
  updateListeners();
  return {
    updateConf: updateListeners
  };
 };
--- a/lib/worker.js
+++ b/lib/worker.js
@ -0,0 +1,64 @@
 'use strict';
 var config;
 var modules;
 // Everything that uses the config should be reading it when relevant rather than
 // just at the beginning, so we keep the reference for the main object and just
 // change all of its properties to match the new config.
 function update(conf) {
  var newKeys = Object.keys(conf);
  Object.keys(config).forEach(function (key) {
    if (newKeys.indexOf(key) < 0) {
      delete config[key];
    } else {
      config[key] = conf[key];
    }
  });
  console.log('config update', JSON.stringify(config));
  Object.values(modules).forEach(function (mod) {
    if (typeof mod.updateConf === 'function') {
      mod.updateConf(config);
    }
  });
 }
 function create(conf) {
  var PromiseA = require('bluebird');
  var OAUTH3 = require('../packages/assets/org.oauth3');
  require('../packages/assets/org.oauth3/oauth3.domains.js');
  require('../packages/assets/org.oauth3/oauth3.dns.js');
  require('../packages/assets/org.oauth3/oauth3.tunnel.js');
  OAUTH3._hooks = require('../packages/assets/org.oauth3/oauth3.node.storage.js');
  config = conf;
  var deps = {
    messenger: process
  , PromiseA: PromiseA
  , OAUTH3: OAUTH3
  , request: PromiseA.promisify(require('request'))
  , recase: require('recase').create({})
    // Note that if a custom createConnections is used it will be called with different
    // sets of custom options based on what is actually being proxied. Most notably the
    // HTTP proxying connection creation is not something we currently control.
  , net: require('net')
  };
  modules = {
    storage:  require('./storage').create(deps, conf)
  , socks5:   require('./socks5-server').create(deps, conf)
  , ddns:     require('./ddns').create(deps, conf)
  , mdns:     require('./mdns').create(deps, conf)
  , udp:      require('./udp').create(deps, conf)
  , tcp:      require('./tcp').create(deps, conf)
  , stunneld: require('./tunnel-server-manager').create(deps, config)
  };
  Object.assign(deps, modules);
  process.removeListener('message', create);
  process.on('message', update);
 }
 process.on('message', create);
--- a/package.json
+++ b/package.json
@ -1,21 +1,75 @@
 {
  "name": "goldilocks",
-  "version": "1.0.0-placeholder",
+  "version": "1.1.6",
-  "description": "The webserver that's just right.",
+  "description": "The node.js webserver that's just right, Greenlock (HTTPS/TLS/SSL via ACME/Let's Encrypt) and tunneling (RVPN) included.",
-  "keywords": [
+  "main": "bin/goldilocks.js",
    "greenlock"
  ],
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "repository": {
    "type": "git",
-    "url": "git@git.daplie.com:Daplie/goldilocks.git"
+    "url": "git.coolaj86.com:coolaj86/goldilocks.js.git"
  },
  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
  "license": "(MIT OR Apache-2.0)",
  "scripts": {
    "test": "node bin/goldilocks.js -p 8443 -d /tmp/"
  },
  "bin": {
    "goldilocks": "./bin/goldilocks.js"
  },
  "keywords": [
    "https",
    "local",
    "localhost",
    "development",
    "dev",
    "tls",
    "ssl",
    "cert",
    "certs",
    "certificate",
    "certificates",
    "http",
    "express",
    "connect",
    "serve",
    "server"
  ],
  "bugs": {
    "url": "https://git.coolaj86.com/coolaj86/goldilocks.js/issues"
  },
  "homepage": "https://git.coolaj86.com/coolaj86/goldilocks.js",
  "dependencies": {
-    "greenlock": "^2.1.11"
+    "bluebird": "^3.4.6",
    "body-parser": "1",
    "commander": "^2.9.0",
    "deep-equal": "^1.0.1",
    "dns-suite": "1",
    "express": "4",
    "finalhandler": "^0.4.0",
    "greenlock": "2.1",
    "http-proxy": "^1.16.2",
    "human-readable-ids": "1",
    "ipaddr.js": "v1.3",
    "js-yaml": "^3.8.3",
    "jsonschema": "^1.2.0",
    "jsonwebtoken": "^7.4.0",
    "le-challenge-fs": "2",
    "le-challenge-sni": "^2.0.1",
    "le-store-certbot": "2",
    "localhost.daplie.me-certificates": "^1.3.5",
    "network": "^0.4.0",
    "recase": "v1.0.4",
    "redirect-https": "^1.1.0",
    "request": "^2.81.0",
    "scmp": "1",
    "serve-index": "^1.7.0",
    "serve-static": "^1.10.0",
    "server-destroy": "^1.0.1",
    "sni": "^1.0.0",
    "socket-pair": "^1.0.3",
    "socksv5": "0.0.6",
    "stunnel": "1.0",
    "stunneld": "0.9",
    "tunnel-packer": "^1.3.0",
    "ws": "^2.3.1"
  }
 }
--- a/packages/assets/com.bootstrapcdn/spacelab/bootstrap.css
+++ b/packages/assets/com.bootstrapcdn/spacelab/bootstrap.css
--- a/packages/assets/com.bootstrapcdn/spacelab/bootstrap.min.css
+++ b/packages/assets/com.bootstrapcdn/spacelab/bootstrap.min.css
--- a/packages/assets/com.google/angular.1.6.2.min.js
+++ b/packages/assets/com.google/angular.1.6.2.min.js
@ -0,0 +1,332 @@
 /*
 AngularJS v1.6.2
 (c) 2010-2017 Google, Inc. http://angularjs.org
 License: MIT
 */
 (function(z){'use strict';function M(a,b){b=b||Error;return function(){var d=arguments[0],c;c="["+(a?a+":":"")+d+"] http://errors.angularjs.org/1.6.2/"+(a?a+"/":"")+d;for(d=1;d<arguments.length;d++){c=c+(1==d?"?":"&")+"p"+(d-1)+"=";var f=encodeURIComponent,e;e=arguments[d];e="function"==typeof e?e.toString().replace(/ \{[\s\S]*$/,""):"undefined"==typeof e?"undefined":"string"!=typeof e?JSON.stringify(e):e;c+=f(e)}return new b(c)}}function sa(a){if(null==a||Va(a))return!1;if(C(a)||E(a)||D&&a instanceof
 D)return!0;var b="length"in Object(a)&&a.length;return Y(b)&&(0<=b&&(b-1 in a||a instanceof Array)||"function"===typeof a.item)}function q(a,b,d){var c,f;if(a)if(y(a))for(c in a)"prototype"!==c&&"length"!==c&&"name"!==c&&a.hasOwnProperty(c)&&b.call(d,a[c],c,a);else if(C(a)||sa(a)){var e="object"!==typeof a;c=0;for(f=a.length;c<f;c++)(e||c in a)&&b.call(d,a[c],c,a)}else if(a.forEach&&a.forEach!==q)a.forEach(b,d,a);else if(Dc(a))for(c in a)b.call(d,a[c],c,a);else if("function"===typeof a.hasOwnProperty)for(c in a)a.hasOwnProperty(c)&&
 b.call(d,a[c],c,a);else for(c in a)ua.call(a,c)&&b.call(d,a[c],c,a);return a}function Ec(a,b,d){for(var c=Object.keys(a).sort(),f=0;f<c.length;f++)b.call(d,a[c[f]],c[f]);return c}function Fc(a){return function(b,d){a(d,b)}}function je(){return++qb}function Sb(a,b,d){for(var c=a.$$hashKey,f=0,e=b.length;f<e;++f){var g=b[f];if(F(g)||y(g))for(var h=Object.keys(g),k=0,l=h.length;k<l;k++){var m=h[k],n=g[m];d&&F(n)?ga(n)?a[m]=new Date(n.valueOf()):Wa(n)?a[m]=new RegExp(n):n.nodeName?a[m]=n.cloneNode(!0):
 Tb(n)?a[m]=n.clone():(F(a[m])||(a[m]=C(n)?[]:{}),Sb(a[m],[n],!0)):a[m]=n}}c?a.$$hashKey=c:delete a.$$hashKey;return a}function R(a){return Sb(a,va.call(arguments,1),!1)}function ke(a){return Sb(a,va.call(arguments,1),!0)}function Z(a){return parseInt(a,10)}function Ub(a,b){return R(Object.create(a),b)}function w(){}function Xa(a){return a}function ma(a){return function(){return a}}function Vb(a){return y(a.toString)&&a.toString!==na}function x(a){return"undefined"===typeof a}function v(a){return"undefined"!==
 typeof a}function F(a){return null!==a&&"object"===typeof a}function Dc(a){return null!==a&&"object"===typeof a&&!Gc(a)}function E(a){return"string"===typeof a}function Y(a){return"number"===typeof a}function ga(a){return"[object Date]"===na.call(a)}function y(a){return"function"===typeof a}function Wa(a){return"[object RegExp]"===na.call(a)}function Va(a){return a&&a.window===a}function Ya(a){return a&&a.$evalAsync&&a.$watch}function Ia(a){return"boolean"===typeof a}function le(a){return a&&Y(a.length)&&
 me.test(na.call(a))}function Tb(a){return!(!a||!(a.nodeName||a.prop&&a.attr&&a.find))}function ne(a){var b={};a=a.split(",");var d;for(d=0;d<a.length;d++)b[a[d]]=!0;return b}function wa(a){return P(a.nodeName||a[0]&&a[0].nodeName)}function Za(a,b){var d=a.indexOf(b);0<=d&&a.splice(d,1);return d}function xa(a,b){function d(a,b){var d=b.$$hashKey,e;if(C(a)){e=0;for(var f=a.length;e<f;e++)b.push(c(a[e]))}else if(Dc(a))for(e in a)b[e]=c(a[e]);else if(a&&"function"===typeof a.hasOwnProperty)for(e in a)a.hasOwnProperty(e)&&
 (b[e]=c(a[e]));else for(e in a)ua.call(a,e)&&(b[e]=c(a[e]));d?b.$$hashKey=d:delete b.$$hashKey;return b}function c(a){if(!F(a))return a;var b=e.indexOf(a);if(-1!==b)return g[b];if(Va(a)||Ya(a))throw Fa("cpws");var b=!1,c=f(a);void 0===c&&(c=C(a)?[]:Object.create(Gc(a)),b=!0);e.push(a);g.push(c);return b?d(a,c):c}function f(a){switch(na.call(a)){case "[object Int8Array]":case "[object Int16Array]":case "[object Int32Array]":case "[object Float32Array]":case "[object Float64Array]":case "[object Uint8Array]":case "[object Uint8ClampedArray]":case "[object Uint16Array]":case "[object Uint32Array]":return new a.constructor(c(a.buffer),
 a.byteOffset,a.length);case "[object ArrayBuffer]":if(!a.slice){var b=new ArrayBuffer(a.byteLength);(new Uint8Array(b)).set(new Uint8Array(a));return b}return a.slice(0);case "[object Boolean]":case "[object Number]":case "[object String]":case "[object Date]":return new a.constructor(a.valueOf());case "[object RegExp]":return b=new RegExp(a.source,a.toString().match(/[^/]*$/)[0]),b.lastIndex=a.lastIndex,b;case "[object Blob]":return new a.constructor([a],{type:a.type})}if(y(a.cloneNode))return a.cloneNode(!0)}
 var e=[],g=[];if(b){if(le(b)||"[object ArrayBuffer]"===na.call(b))throw Fa("cpta");if(a===b)throw Fa("cpi");C(b)?b.length=0:q(b,function(a,d){"$$hashKey"!==d&&delete b[d]});e.push(a);g.push(b);return d(a,b)}return c(a)}function qa(a,b){if(a===b)return!0;if(null===a||null===b)return!1;if(a!==a&&b!==b)return!0;var d=typeof a,c;if(d===typeof b&&"object"===d)if(C(a)){if(!C(b))return!1;if((d=a.length)===b.length){for(c=0;c<d;c++)if(!qa(a[c],b[c]))return!1;return!0}}else{if(ga(a))return ga(b)?qa(a.getTime(),
 b.getTime()):!1;if(Wa(a))return Wa(b)?a.toString()===b.toString():!1;if(Ya(a)||Ya(b)||Va(a)||Va(b)||C(b)||ga(b)||Wa(b))return!1;d=W();for(c in a)if("$"!==c.charAt(0)&&!y(a[c])){if(!qa(a[c],b[c]))return!1;d[c]=!0}for(c in b)if(!(c in d)&&"$"!==c.charAt(0)&&v(b[c])&&!y(b[c]))return!1;return!0}return!1}function $a(a,b,d){return a.concat(va.call(b,d))}function ab(a,b){var d=2<arguments.length?va.call(arguments,2):[];return!y(b)||b instanceof RegExp?b:d.length?function(){return arguments.length?b.apply(a,
 $a(d,arguments,0)):b.apply(a,d)}:function(){return arguments.length?b.apply(a,arguments):b.call(a)}}function Hc(a,b){var d=b;"string"===typeof a&&"$"===a.charAt(0)&&"$"===a.charAt(1)?d=void 0:Va(b)?d="$WINDOW":b&&z.document===b?d="$DOCUMENT":Ya(b)&&(d="$SCOPE");return d}function bb(a,b){if(!x(a))return Y(b)||(b=b?2:null),JSON.stringify(a,Hc,b)}function Ic(a){return E(a)?JSON.parse(a):a}function Jc(a,b){a=a.replace(oe,"");var d=Date.parse("Jan 01, 1970 00:00:00 "+a)/6E4;return da(d)?b:d}function Wb(a,
 b,d){d=d?-1:1;var c=a.getTimezoneOffset();b=Jc(b,c);d*=b-c;a=new Date(a.getTime());a.setMinutes(a.getMinutes()+d);return a}function ya(a){a=D(a).clone();try{a.empty()}catch(b){}var d=D("<div>").append(a).html();try{return a[0].nodeType===Ja?P(d):d.match(/^(<[^>]+>)/)[1].replace(/^<([\w-]+)/,function(a,b){return"<"+P(b)})}catch(c){return P(d)}}function Kc(a){try{return decodeURIComponent(a)}catch(b){}}function Lc(a){var b={};q((a||"").split("&"),function(a){var c,f,e;a&&(f=a=a.replace(/\+/g,"%20"),
 c=a.indexOf("="),-1!==c&&(f=a.substring(0,c),e=a.substring(c+1)),f=Kc(f),v(f)&&(e=v(e)?Kc(e):!0,ua.call(b,f)?C(b[f])?b[f].push(e):b[f]=[b[f],e]:b[f]=e))});return b}function Xb(a){var b=[];q(a,function(a,c){C(a)?q(a,function(a){b.push(ka(c,!0)+(!0===a?"":"="+ka(a,!0)))}):b.push(ka(c,!0)+(!0===a?"":"="+ka(a,!0)))});return b.length?b.join("&"):""}function cb(a){return ka(a,!0).replace(/%26/gi,"&").replace(/%3D/gi,"=").replace(/%2B/gi,"+")}function ka(a,b){return encodeURIComponent(a).replace(/%40/gi,
 "@").replace(/%3A/gi,":").replace(/%24/g,"$").replace(/%2C/gi,",").replace(/%3B/gi,";").replace(/%20/g,b?"%20":"+")}function pe(a,b){var d,c,f=Ka.length;for(c=0;c<f;++c)if(d=Ka[c]+b,E(d=a.getAttribute(d)))return d;return null}function qe(a,b){var d,c,f={};q(Ka,function(b){b+="app";!d&&a.hasAttribute&&a.hasAttribute(b)&&(d=a,c=a.getAttribute(b))});q(Ka,function(b){b+="app";var f;!d&&(f=a.querySelector("["+b.replace(":","\\:")+"]"))&&(d=f,c=f.getAttribute(b))});d&&(re?(f.strictDi=null!==pe(d,"strict-di"),
 b(d,c?[c]:[],f)):z.console.error("Angular: disabling automatic bootstrap. <script> protocol indicates an extension, document.location.href does not match."))}function Mc(a,b,d){F(d)||(d={});d=R({strictDi:!1},d);var c=function(){a=D(a);if(a.injector()){var c=a[0]===z.document?"document":ya(a);throw Fa("btstrpd",c.replace(/</,"&lt;").replace(/>/,"&gt;"));}b=b||[];b.unshift(["$provide",function(b){b.value("$rootElement",a)}]);d.debugInfoEnabled&&b.push(["$compileProvider",function(a){a.debugInfoEnabled(!0)}]);
 b.unshift("ng");c=db(b,d.strictDi);c.invoke(["$rootScope","$rootElement","$compile","$injector",function(a,b,c,d){a.$apply(function(){b.data("$injector",d);c(b)(a)})}]);return c},f=/^NG_ENABLE_DEBUG_INFO!/,e=/^NG_DEFER_BOOTSTRAP!/;z&&f.test(z.name)&&(d.debugInfoEnabled=!0,z.name=z.name.replace(f,""));if(z&&!e.test(z.name))return c();z.name=z.name.replace(e,"");$.resumeBootstrap=function(a){q(a,function(a){b.push(a)});return c()};y($.resumeDeferredBootstrap)&&$.resumeDeferredBootstrap()}function se(){z.name=
 "NG_ENABLE_DEBUG_INFO!"+z.name;z.location.reload()}function te(a){a=$.element(a).injector();if(!a)throw Fa("test");return a.get("$$testability")}function Nc(a,b){b=b||"_";return a.replace(ue,function(a,c){return(c?b:"")+a.toLowerCase()})}function ve(){var a;if(!Oc){var b=rb();(ta=x(b)?z.jQuery:b?z[b]:void 0)&&ta.fn.on?(D=ta,R(ta.fn,{scope:Oa.scope,isolateScope:Oa.isolateScope,controller:Oa.controller,injector:Oa.injector,inheritedData:Oa.inheritedData}),a=ta.cleanData,ta.cleanData=function(b){for(var c,
 f=0,e;null!=(e=b[f]);f++)(c=ta._data(e,"events"))&&c.$destroy&&ta(e).triggerHandler("$destroy");a(b)}):D=X;$.element=D;Oc=!0}}function eb(a,b,d){if(!a)throw Fa("areq",b||"?",d||"required");return a}function sb(a,b,d){d&&C(a)&&(a=a[a.length-1]);eb(y(a),b,"not a function, got "+(a&&"object"===typeof a?a.constructor.name||"Object":typeof a));return a}function La(a,b){if("hasOwnProperty"===a)throw Fa("badname",b);}function Pc(a,b,d){if(!b)return a;b=b.split(".");for(var c,f=a,e=b.length,g=0;g<e;g++)c=
 b[g],a&&(a=(f=a)[c]);return!d&&y(a)?ab(f,a):a}function tb(a){for(var b=a[0],d=a[a.length-1],c,f=1;b!==d&&(b=b.nextSibling);f++)if(c||a[f]!==b)c||(c=D(va.call(a,0,f))),c.push(b);return c||a}function W(){return Object.create(null)}function Yb(a){if(null==a)return"";switch(typeof a){case "string":break;case "number":a=""+a;break;default:a=!Vb(a)||C(a)||ga(a)?bb(a):a.toString()}return a}function we(a){function b(a,b,c){return a[b]||(a[b]=c())}var d=M("$injector"),c=M("ng");a=b(a,"angular",Object);a.$$minErr=
 a.$$minErr||M;return b(a,"module",function(){var a={};return function(e,g,h){if("hasOwnProperty"===e)throw c("badname","module");g&&a.hasOwnProperty(e)&&(a[e]=null);return b(a,e,function(){function a(b,d,e,f){f||(f=c);return function(){f[e||"push"]([b,d,arguments]);return J}}function b(a,d,f){f||(f=c);return function(b,c){c&&y(c)&&(c.$$moduleName=e);f.push([a,d,arguments]);return J}}if(!g)throw d("nomod",e);var c=[],f=[],p=[],r=a("$injector","invoke","push",f),J={_invokeQueue:c,_configBlocks:f,_runBlocks:p,
 requires:g,name:e,provider:b("$provide","provider"),factory:b("$provide","factory"),service:b("$provide","service"),value:a("$provide","value"),constant:a("$provide","constant","unshift"),decorator:b("$provide","decorator",f),animation:b("$animateProvider","register"),filter:b("$filterProvider","register"),controller:b("$controllerProvider","register"),directive:b("$compileProvider","directive"),component:b("$compileProvider","component"),config:r,run:function(a){p.push(a);return this}};h&&r(h);return J})}})}
 function ra(a,b){if(C(a)){b=b||[];for(var d=0,c=a.length;d<c;d++)b[d]=a[d]}else if(F(a))for(d in b=b||{},a)if("$"!==d.charAt(0)||"$"!==d.charAt(1))b[d]=a[d];return b||a}function xe(a){var b=[];return JSON.stringify(a,function(a,c){c=Hc(a,c);if(F(c)){if(0<=b.indexOf(c))return"...";b.push(c)}return c})}function ye(a){R(a,{bootstrap:Mc,copy:xa,extend:R,merge:ke,equals:qa,element:D,forEach:q,injector:db,noop:w,bind:ab,toJson:bb,fromJson:Ic,identity:Xa,isUndefined:x,isDefined:v,isString:E,isFunction:y,
 isObject:F,isNumber:Y,isElement:Tb,isArray:C,version:ze,isDate:ga,lowercase:P,uppercase:ub,callbacks:{$$counter:0},getTestability:te,reloadWithDebugInfo:se,$$minErr:M,$$csp:Ga,$$encodeUriSegment:cb,$$encodeUriQuery:ka,$$stringify:Yb});Zb=we(z);Zb("ng",["ngLocale"],["$provide",function(a){a.provider({$$sanitizeUri:Ae});a.provider("$compile",Qc).directive({a:Be,input:Rc,textarea:Rc,form:Ce,script:De,select:Ee,option:Fe,ngBind:Ge,ngBindHtml:He,ngBindTemplate:Ie,ngClass:Je,ngClassEven:Ke,ngClassOdd:Le,
 ngCloak:Me,ngController:Ne,ngForm:Oe,ngHide:Pe,ngIf:Qe,ngInclude:Re,ngInit:Se,ngNonBindable:Te,ngPluralize:Ue,ngRepeat:Ve,ngShow:We,ngStyle:Xe,ngSwitch:Ye,ngSwitchWhen:Ze,ngSwitchDefault:$e,ngOptions:af,ngTransclude:bf,ngModel:cf,ngList:df,ngChange:ef,pattern:Sc,ngPattern:Sc,required:Tc,ngRequired:Tc,minlength:Uc,ngMinlength:Uc,maxlength:Vc,ngMaxlength:Vc,ngValue:ff,ngModelOptions:gf}).directive({ngInclude:hf}).directive(vb).directive(Wc);a.provider({$anchorScroll:jf,$animate:kf,$animateCss:lf,$$animateJs:mf,
 $$animateQueue:nf,$$AnimateRunner:of,$$animateAsyncRun:pf,$browser:qf,$cacheFactory:rf,$controller:sf,$document:tf,$$isDocumentHidden:uf,$exceptionHandler:vf,$filter:Xc,$$forceReflow:wf,$interpolate:xf,$interval:yf,$http:zf,$httpParamSerializer:Af,$httpParamSerializerJQLike:Bf,$httpBackend:Cf,$xhrFactory:Df,$jsonpCallbacks:Ef,$location:Ff,$log:Gf,$parse:Hf,$rootScope:If,$q:Jf,$$q:Kf,$sce:Lf,$sceDelegate:Mf,$sniffer:Nf,$templateCache:Of,$templateRequest:Pf,$$testability:Qf,$timeout:Rf,$window:Sf,$$rAF:Tf,
 $$jqLite:Uf,$$Map:Vf,$$cookieReader:Wf})}])}function fb(a,b){return b.toUpperCase()}function wb(a){return a.replace(Xf,fb)}function Yc(a){a=a.nodeType;return 1===a||!a||9===a}function Zc(a,b){var d,c,f=b.createDocumentFragment(),e=[];if($b.test(a)){d=f.appendChild(b.createElement("div"));c=(Yf.exec(a)||["",""])[1].toLowerCase();c=ha[c]||ha._default;d.innerHTML=c[1]+a.replace(Zf,"<$1></$2>")+c[2];for(c=c[0];c--;)d=d.lastChild;e=$a(e,d.childNodes);d=f.firstChild;d.textContent=""}else e.push(b.createTextNode(a));
 f.textContent="";f.innerHTML="";q(e,function(a){f.appendChild(a)});return f}function X(a){if(a instanceof X)return a;var b;E(a)&&(a=S(a),b=!0);if(!(this instanceof X)){if(b&&"<"!==a.charAt(0))throw ac("nosel");return new X(a)}if(b){b=z.document;var d;a=(d=$f.exec(a))?[b.createElement(d[1])]:(d=Zc(a,b))?d.childNodes:[];bc(this,a)}else y(a)?$c(a):bc(this,a)}function cc(a){return a.cloneNode(!0)}function xb(a,b){b||gb(a);if(a.querySelectorAll)for(var d=a.querySelectorAll("*"),c=0,f=d.length;c<f;c++)gb(d[c])}
 function ad(a,b,d,c){if(v(c))throw ac("offargs");var f=(c=yb(a))&&c.events,e=c&&c.handle;if(e)if(b){var g=function(b){var c=f[b];v(d)&&Za(c||[],d);v(d)&&c&&0<c.length||(a.removeEventListener(b,e),delete f[b])};q(b.split(" "),function(a){g(a);zb[a]&&g(zb[a])})}else for(b in f)"$destroy"!==b&&a.removeEventListener(b,e),delete f[b]}function gb(a,b){var d=a.ng339,c=d&&hb[d];c&&(b?delete c.data[b]:(c.handle&&(c.events.$destroy&&c.handle({},"$destroy"),ad(a)),delete hb[d],a.ng339=void 0))}function yb(a,
 b){var d=a.ng339,d=d&&hb[d];b&&!d&&(a.ng339=d=++ag,d=hb[d]={events:{},data:{},handle:void 0});return d}function dc(a,b,d){if(Yc(a)){var c,f=v(d),e=!f&&b&&!F(b),g=!b;a=(a=yb(a,!e))&&a.data;if(f)a[wb(b)]=d;else{if(g)return a;if(e)return a&&a[wb(b)];for(c in b)a[wb(c)]=b[c]}}}function Ab(a,b){return a.getAttribute?-1<(" "+(a.getAttribute("class")||"")+" ").replace(/[\n\t]/g," ").indexOf(" "+b+" "):!1}function Bb(a,b){b&&a.setAttribute&&q(b.split(" "),function(b){a.setAttribute("class",S((" "+(a.getAttribute("class")||
 "")+" ").replace(/[\n\t]/g," ").replace(" "+S(b)+" "," ")))})}function Cb(a,b){if(b&&a.setAttribute){var d=(" "+(a.getAttribute("class")||"")+" ").replace(/[\n\t]/g," ");q(b.split(" "),function(a){a=S(a);-1===d.indexOf(" "+a+" ")&&(d+=a+" ")});a.setAttribute("class",S(d))}}function bc(a,b){if(b)if(b.nodeType)a[a.length++]=b;else{var d=b.length;if("number"===typeof d&&b.window!==b){if(d)for(var c=0;c<d;c++)a[a.length++]=b[c]}else a[a.length++]=b}}function bd(a,b){return Db(a,"$"+(b||"ngController")+
 "Controller")}function Db(a,b,d){9===a.nodeType&&(a=a.documentElement);for(b=C(b)?b:[b];a;){for(var c=0,f=b.length;c<f;c++)if(v(d=D.data(a,b[c])))return d;a=a.parentNode||11===a.nodeType&&a.host}}function cd(a){for(xb(a,!0);a.firstChild;)a.removeChild(a.firstChild)}function Eb(a,b){b||xb(a);var d=a.parentNode;d&&d.removeChild(a)}function bg(a,b){b=b||z;if("complete"===b.document.readyState)b.setTimeout(a);else D(b).on("load",a)}function $c(a){function b(){z.document.removeEventListener("DOMContentLoaded",
 b);z.removeEventListener("load",b);a()}"complete"===z.document.readyState?z.setTimeout(a):(z.document.addEventListener("DOMContentLoaded",b),z.addEventListener("load",b))}function dd(a,b){var d=Fb[b.toLowerCase()];return d&&ed[wa(a)]&&d}function cg(a,b){var d=function(c,d){c.isDefaultPrevented=function(){return c.defaultPrevented};var e=b[d||c.type],g=e?e.length:0;if(g){if(x(c.immediatePropagationStopped)){var h=c.stopImmediatePropagation;c.stopImmediatePropagation=function(){c.immediatePropagationStopped=
 !0;c.stopPropagation&&c.stopPropagation();h&&h.call(c)}}c.isImmediatePropagationStopped=function(){return!0===c.immediatePropagationStopped};var k=e.specialHandlerWrapper||dg;1<g&&(e=ra(e));for(var l=0;l<g;l++)c.isImmediatePropagationStopped()||k(a,c,e[l])}};d.elem=a;return d}function dg(a,b,d){d.call(a,b)}function eg(a,b,d){var c=b.relatedTarget;c&&(c===a||fg.call(a,c))||d.call(a,b)}function Uf(){this.$get=function(){return R(X,{hasClass:function(a,b){a.attr&&(a=a[0]);return Ab(a,b)},addClass:function(a,
 b){a.attr&&(a=a[0]);return Cb(a,b)},removeClass:function(a,b){a.attr&&(a=a[0]);return Bb(a,b)}})}}function Pa(a,b){var d=a&&a.$$hashKey;if(d)return"function"===typeof d&&(d=a.$$hashKey()),d;d=typeof a;return d="function"===d||"object"===d&&null!==a?a.$$hashKey=d+":"+(b||je)():d+":"+a}function fd(){this._keys=[];this._values=[];this._lastKey=NaN;this._lastIndex=-1}function gd(a){a=Function.prototype.toString.call(a).replace(gg,"");return a.match(hg)||a.match(ig)}function jg(a){return(a=gd(a))?"function("+
 (a[1]||"").replace(/[\s\r\n]+/," ")+")":"fn"}function db(a,b){function d(a){return function(b,c){if(F(b))q(b,Fc(a));else return a(b,c)}}function c(a,b){La(a,"service");if(y(b)||C(b))b=p.instantiate(b);if(!b.$get)throw za("pget",a);return n[a+"Provider"]=b}function f(a,b){return function(){var c=O.invoke(b,this);if(x(c))throw za("undef",a);return c}}function e(a,b,d){return c(a,{$get:!1!==d?f(a,b):b})}function g(a){eb(x(a)||C(a),"modulesToLoad","not an array");var b=[],c;q(a,function(a){function d(a){var b,
 c;b=0;for(c=a.length;b<c;b++){var e=a[b],f=p.get(e[0]);f[e[1]].apply(f,e[2])}}if(!m.get(a)){m.set(a,!0);try{E(a)?(c=Zb(a),b=b.concat(g(c.requires)).concat(c._runBlocks),d(c._invokeQueue),d(c._configBlocks)):y(a)?b.push(p.invoke(a)):C(a)?b.push(p.invoke(a)):sb(a,"module")}catch(e){throw C(a)&&(a=a[a.length-1]),e.message&&e.stack&&-1===e.stack.indexOf(e.message)&&(e=e.message+"\n"+e.stack),za("modulerr",a,e.stack||e.message||e);}}});return b}function h(a,c){function d(b,e){if(a.hasOwnProperty(b)){if(a[b]===
 k)throw za("cdep",b+" <- "+l.join(" <- "));return a[b]}try{return l.unshift(b),a[b]=k,a[b]=c(b,e),a[b]}catch(f){throw a[b]===k&&delete a[b],f;}finally{l.shift()}}function e(a,c,f){var g=[];a=db.$$annotate(a,b,f);for(var h=0,k=a.length;h<k;h++){var l=a[h];if("string"!==typeof l)throw za("itkn",l);g.push(c&&c.hasOwnProperty(l)?c[l]:d(l,f))}return g}return{invoke:function(a,b,c,d){"string"===typeof c&&(d=c,c=null);c=e(a,c,d);C(a)&&(a=a[a.length-1]);d=a;if(Ha||"function"!==typeof d)d=!1;else{var f=d.$$ngIsClass;
 Ia(f)||(f=d.$$ngIsClass=/^(?:class\b|constructor\()/.test(Function.prototype.toString.call(d)));d=f}return d?(c.unshift(null),new (Function.prototype.bind.apply(a,c))):a.apply(b,c)},instantiate:function(a,b,c){var d=C(a)?a[a.length-1]:a;a=e(a,b,c);a.unshift(null);return new (Function.prototype.bind.apply(d,a))},get:d,annotate:db.$$annotate,has:function(b){return n.hasOwnProperty(b+"Provider")||a.hasOwnProperty(b)}}}b=!0===b;var k={},l=[],m=new Gb,n={$provide:{provider:d(c),factory:d(e),service:d(function(a,
 b){return e(a,["$injector",function(a){return a.instantiate(b)}])}),value:d(function(a,b){return e(a,ma(b),!1)}),constant:d(function(a,b){La(a,"constant");n[a]=b;r[a]=b}),decorator:function(a,b){var c=p.get(a+"Provider"),d=c.$get;c.$get=function(){var a=O.invoke(d,c);return O.invoke(b,null,{$delegate:a})}}}},p=n.$injector=h(n,function(a,b){$.isString(b)&&l.push(b);throw za("unpr",l.join(" <- "));}),r={},J=h(r,function(a,b){var c=p.get(a+"Provider",b);return O.invoke(c.$get,c,void 0,a)}),O=J;n.$injectorProvider=
 {$get:ma(J)};var u=g(a),O=J.get("$injector");O.strictDi=b;q(u,function(a){a&&O.invoke(a)});return O}function jf(){var a=!0;this.disableAutoScrolling=function(){a=!1};this.$get=["$window","$location","$rootScope",function(b,d,c){function f(a){var b=null;Array.prototype.some.call(a,function(a){if("a"===wa(a))return b=a,!0});return b}function e(a){if(a){a.scrollIntoView();var c;c=g.yOffset;y(c)?c=c():Tb(c)?(c=c[0],c="fixed"!==b.getComputedStyle(c).position?0:c.getBoundingClientRect().bottom):Y(c)||(c=
 0);c&&(a=a.getBoundingClientRect().top,b.scrollBy(0,a-c))}else b.scrollTo(0,0)}function g(a){a=E(a)?a:Y(a)?a.toString():d.hash();var b;a?(b=h.getElementById(a))?e(b):(b=f(h.getElementsByName(a)))?e(b):"top"===a&&e(null):e(null)}var h=b.document;a&&c.$watch(function(){return d.hash()},function(a,b){a===b&&""===a||bg(function(){c.$evalAsync(g)})});return g}]}function ib(a,b){if(!a&&!b)return"";if(!a)return b;if(!b)return a;C(a)&&(a=a.join(" "));C(b)&&(b=b.join(" "));return a+" "+b}function kg(a){E(a)&&
 (a=a.split(" "));var b=W();q(a,function(a){a.length&&(b[a]=!0)});return b}function ea(a){return F(a)?a:{}}function lg(a,b,d,c){function f(a){try{a.apply(null,va.call(arguments,1))}finally{if(J--,0===J)for(;O.length;)try{O.pop()()}catch(b){d.error(b)}}}function e(){ia=null;h()}function g(){u=A();u=x(u)?null:u;qa(u,B)&&(u=B);H=B=u}function h(){var a=H;g();if(V!==k.url()||a!==u)V=k.url(),H=u,q(K,function(a){a(k.url(),u)})}var k=this,l=a.location,m=a.history,n=a.setTimeout,p=a.clearTimeout,r={};k.isMock=
 !1;var J=0,O=[];k.$$completeOutstandingRequest=f;k.$$incOutstandingRequestCount=function(){J++};k.notifyWhenNoOutstandingRequests=function(a){0===J?a():O.push(a)};var u,H,V=l.href,t=b.find("base"),ia=null,A=c.history?function(){try{return m.state}catch(a){}}:w;g();k.url=function(b,d,e){x(e)&&(e=null);l!==a.location&&(l=a.location);m!==a.history&&(m=a.history);if(b){var f=H===e;if(V===b&&(!c.history||f))return k;var h=V&&Aa(V)===Aa(b);V=b;H=e;!c.history||h&&f?(h||(ia=b),d?l.replace(b):h?(d=l,e=b.indexOf("#"),
 e=-1===e?"":b.substr(e),d.hash=e):l.href=b,l.href!==b&&(ia=b)):(m[d?"replaceState":"pushState"](e,"",b),g());ia&&(ia=b);return k}return ia||l.href.replace(/%27/g,"'")};k.state=function(){return u};var K=[],I=!1,B=null;k.onUrlChange=function(b){if(!I){if(c.history)D(a).on("popstate",e);D(a).on("hashchange",e);I=!0}K.push(b);return b};k.$$applicationDestroyed=function(){D(a).off("hashchange popstate",e)};k.$$checkUrlChange=h;k.baseHref=function(){var a=t.attr("href");return a?a.replace(/^(https?:)?\/\/[^/]*/,
 ""):""};k.defer=function(a,b){var c;J++;c=n(function(){delete r[c];f(a)},b||0);r[c]=!0;return c};k.defer.cancel=function(a){return r[a]?(delete r[a],p(a),f(w),!0):!1}}function qf(){this.$get=["$window","$log","$sniffer","$document",function(a,b,d,c){return new lg(a,c,b,d)}]}function rf(){this.$get=function(){function a(a,c){function f(a){a!==n&&(p?p===a&&(p=a.n):p=a,e(a.n,a.p),e(a,n),n=a,n.n=null)}function e(a,b){a!==b&&(a&&(a.p=b),b&&(b.n=a))}if(a in b)throw M("$cacheFactory")("iid",a);var g=0,h=
 R({},c,{id:a}),k=W(),l=c&&c.capacity||Number.MAX_VALUE,m=W(),n=null,p=null;return b[a]={put:function(a,b){if(!x(b)){if(l<Number.MAX_VALUE){var c=m[a]||(m[a]={key:a});f(c)}a in k||g++;k[a]=b;g>l&&this.remove(p.key);return b}},get:function(a){if(l<Number.MAX_VALUE){var b=m[a];if(!b)return;f(b)}return k[a]},remove:function(a){if(l<Number.MAX_VALUE){var b=m[a];if(!b)return;b===n&&(n=b.p);b===p&&(p=b.n);e(b.n,b.p);delete m[a]}a in k&&(delete k[a],g--)},removeAll:function(){k=W();g=0;m=W();n=p=null},destroy:function(){m=
 h=k=null;delete b[a]},info:function(){return R({},h,{size:g})}}}var b={};a.info=function(){var a={};q(b,function(b,f){a[f]=b.info()});return a};a.get=function(a){return b[a]};return a}}function Of(){this.$get=["$cacheFactory",function(a){return a("templates")}]}function Qc(a,b){function d(a,b,c){var d=/^\s*([@&<]|=(\*?))(\??)\s*([\w$]*)\s*$/,e=W();q(a,function(a,f){if(a in n)e[f]=n[a];else{var g=a.match(d);if(!g)throw fa("iscp",b,f,a,c?"controller bindings definition":"isolate scope definition");
 e[f]={mode:g[1][0],collection:"*"===g[2],optional:"?"===g[3],attrName:g[4]||f};g[4]&&(n[a]=e[f])}});return e}function c(a){var b=a.charAt(0);if(!b||b!==P(b))throw fa("baddir",a);if(a!==a.trim())throw fa("baddir",a);}function f(a){var b=a.require||a.controller&&a.name;!C(b)&&F(b)&&q(b,function(a,c){var d=a.match(l);a.substring(d[0].length)||(b[c]=d[0]+c)});return b}var e={},g=/^\s*directive:\s*([\w-]+)\s+(.*)$/,h=/(([\w-]+)(?::([^;]+))?;?)/,k=ne("ngSrc,ngSrcset,src,srcset"),l=/^(?:(\^\^?)?(\?)?(\^\^?)?)?/,
 m=/^(on[a-z]+|formaction)$/,n=W();this.directive=function V(b,d){eb(b,"name");La(b,"directive");E(b)?(c(b),eb(d,"directiveFactory"),e.hasOwnProperty(b)||(e[b]=[],a.factory(b+"Directive",["$injector","$exceptionHandler",function(a,c){var d=[];q(e[b],function(e,g){try{var h=a.invoke(e);y(h)?h={compile:ma(h)}:!h.compile&&h.link&&(h.compile=ma(h.link));h.priority=h.priority||0;h.index=g;h.name=h.name||b;h.require=f(h);var k=h,l=h.restrict;if(l&&(!E(l)||!/[EACM]/.test(l)))throw fa("badrestrict",l,b);k.restrict=
 l||"EA";h.$$moduleName=e.$$moduleName;d.push(h)}catch(m){c(m)}});return d}])),e[b].push(d)):q(b,Fc(V));return this};this.component=function(a,b){function c(a){function e(b){return y(b)||C(b)?function(c,d){return a.invoke(b,this,{$element:c,$attrs:d})}:b}var f=b.template||b.templateUrl?b.template:"",g={controller:d,controllerAs:mg(b.controller)||b.controllerAs||"$ctrl",template:e(f),templateUrl:e(b.templateUrl),transclude:b.transclude,scope:{},bindToController:b.bindings||{},restrict:"E",require:b.require};
 q(b,function(a,b){"$"===b.charAt(0)&&(g[b]=a)});return g}var d=b.controller||function(){};q(b,function(a,b){"$"===b.charAt(0)&&(c[b]=a,y(d)&&(d[b]=a))});c.$inject=["$injector"];return this.directive(a,c)};this.aHrefSanitizationWhitelist=function(a){return v(a)?(b.aHrefSanitizationWhitelist(a),this):b.aHrefSanitizationWhitelist()};this.imgSrcSanitizationWhitelist=function(a){return v(a)?(b.imgSrcSanitizationWhitelist(a),this):b.imgSrcSanitizationWhitelist()};var p=!0;this.debugInfoEnabled=function(a){return v(a)?
 (p=a,this):p};var r=!1;this.preAssignBindingsEnabled=function(a){return v(a)?(r=a,this):r};var J=10;this.onChangesTtl=function(a){return arguments.length?(J=a,this):J};var O=!0;this.commentDirectivesEnabled=function(a){return arguments.length?(O=a,this):O};var u=!0;this.cssClassDirectivesEnabled=function(a){return arguments.length?(u=a,this):u};this.$get=["$injector","$interpolate","$exceptionHandler","$templateRequest","$parse","$controller","$rootScope","$sce","$animate","$$sanitizeUri",function(a,
 b,c,f,n,I,B,L,N,G){function T(){try{if(!--za)throw ea=void 0,fa("infchng",J);B.$apply(function(){for(var a=[],b=0,c=ea.length;b<c;++b)try{ea[b]()}catch(d){a.push(d)}ea=void 0;if(a.length)throw a;})}finally{za++}}function s(a,b){if(b){var c=Object.keys(b),d,e,f;d=0;for(e=c.length;d<e;d++)f=c[d],this[f]=b[f]}else this.$attr={};this.$$element=a}function Q(a,b,c){xa.innerHTML="<span "+b+">";b=xa.firstChild.attributes;var d=b[0];b.removeNamedItem(d.name);d.value=c;a.attributes.setNamedItem(d)}function Ma(a,
 b){try{a.addClass(b)}catch(c){}}function ba(a,b,c,d,e){a instanceof D||(a=D(a));var f=Na(a,b,a,c,d,e);ba.$$addScopeClass(a);var g=null;return function(b,c,d){if(!a)throw fa("multilink");eb(b,"scope");e&&e.needsNewScope&&(b=b.$parent.$new());d=d||{};var h=d.parentBoundTranscludeFn,k=d.transcludeControllers;d=d.futureParentElement;h&&h.$$boundTransclude&&(h=h.$$boundTransclude);g||(g=(d=d&&d[0])?"foreignobject"!==wa(d)&&na.call(d).match(/SVG/)?"svg":"html":"html");d="html"!==g?D(ha(g,D("<div>").append(a).html())):
 c?Oa.clone.call(a):a;if(k)for(var l in k)d.data("$"+l+"Controller",k[l].instance);ba.$$addScopeInfo(d,b);c&&c(d,b);f&&f(b,d,d,h);c||(a=f=null);return d}}function Na(a,b,c,d,e,f){function g(a,c,d,e){var f,k,l,m,n,p,r;if(K)for(r=Array(c.length),m=0;m<h.length;m+=3)f=h[m],r[f]=c[f];else r=c;m=0;for(n=h.length;m<n;)k=r[h[m++]],c=h[m++],f=h[m++],c?(c.scope?(l=a.$new(),ba.$$addScopeInfo(D(k),l)):l=a,p=c.transcludeOnThisElement?ja(a,c.transclude,e):!c.templateOnThisElement&&e?e:!e&&b?ja(a,b):null,c(f,l,
 k,d,p)):f&&f(a,k.childNodes,void 0,e)}for(var h=[],k=C(a)||a instanceof D,l,m,n,p,K,r=0;r<a.length;r++){l=new s;11===Ha&&M(a,r,k);m=fc(a[r],[],l,0===r?d:void 0,e);(f=m.length?X(m,a[r],l,b,c,null,[],[],f):null)&&f.scope&&ba.$$addScopeClass(l.$$element);l=f&&f.terminal||!(n=a[r].childNodes)||!n.length?null:Na(n,f?(f.transcludeOnThisElement||!f.templateOnThisElement)&&f.transclude:b);if(f||l)h.push(r,f,l),p=!0,K=K||f;f=null}return p?g:null}function M(a,b,c){var d=a[b],e=d.parentNode,f;if(d.nodeType===
 Ja)for(;;){f=e?d.nextSibling:a[b+1];if(!f||f.nodeType!==Ja)break;d.nodeValue+=f.nodeValue;f.parentNode&&f.parentNode.removeChild(f);c&&f===a[b+1]&&a.splice(b+1,1)}}function ja(a,b,c){function d(e,f,g,h,k){e||(e=a.$new(!1,k),e.$$transcluded=!0);return b(e,f,{parentBoundTranscludeFn:c,transcludeControllers:g,futureParentElement:h})}var e=d.$$slots=W(),f;for(f in b.$$slots)e[f]=b.$$slots[f]?ja(a,b.$$slots[f],c):null;return d}function fc(a,b,c,d,e){var f=c.$attr,g;switch(a.nodeType){case 1:g=wa(a);Y(b,
 Ba(g),"E",d,e);for(var k,l,m,n,p=a.attributes,K=0,r=p&&p.length;K<r;K++){var A=!1,B=!1;k=p[K];l=k.name;m=k.value;k=Ba(l);(n=Ka.test(k))&&(l=l.replace(hd,"").substr(8).replace(/_(.)/g,function(a,b){return b.toUpperCase()}));(k=k.match(La))&&Z(k[1])&&(A=l,B=l.substr(0,l.length-5)+"end",l=l.substr(0,l.length-6));k=Ba(l.toLowerCase());f[k]=l;if(n||!c.hasOwnProperty(k))c[k]=m,dd(a,k)&&(c[k]=!0);ra(a,b,m,k,n);Y(b,k,"A",d,e,A,B)}"input"===g&&"hidden"===a.getAttribute("type")&&a.setAttribute("autocomplete",
 "off");if(!Ga)break;f=a.className;F(f)&&(f=f.animVal);if(E(f)&&""!==f)for(;a=h.exec(f);)k=Ba(a[2]),Y(b,k,"C",d,e)&&(c[k]=S(a[3])),f=f.substr(a.index+a[0].length);break;case Ja:ma(b,a.nodeValue);break;case 8:if(!Fa)break;jb(a,b,c,d,e)}b.sort(ka);return b}function jb(a,b,c,d,e){try{var f=g.exec(a.nodeValue);if(f){var h=Ba(f[1]);Y(b,h,"M",d,e)&&(c[h]=S(f[2]))}}catch(k){}}function id(a,b,c){var d=[],e=0;if(b&&a.hasAttribute&&a.hasAttribute(b)){do{if(!a)throw fa("uterdir",b,c);1===a.nodeType&&(a.hasAttribute(b)&&
 e++,a.hasAttribute(c)&&e--);d.push(a);a=a.nextSibling}while(0<e)}else d.push(a);return D(d)}function jd(a,b,c){return function(d,e,f,g,h){e=id(e[0],b,c);return a(d,e,f,g,h)}}function gc(a,b,c,d,e,f){var g;return a?ba(b,c,d,e,f):function(){g||(g=ba(b,c,d,e,f),b=c=f=null);return g.apply(this,arguments)}}function X(a,b,d,e,f,g,h,k,l){function m(a,b,c,d){if(a){c&&(a=jd(a,c,d));a.require=t.require;a.directiveName=L;if(B===t||t.$$isolateScope)a=sa(a,{isolateScope:!0});h.push(a)}if(b){c&&(b=jd(b,c,d));b.require=
 t.require;b.directiveName=L;if(B===t||t.$$isolateScope)b=sa(b,{isolateScope:!0});k.push(b)}}function n(a,e,f,g,l){function m(a,b,c,d){var e;Ya(a)||(d=c,c=b,b=a,a=void 0);V&&(e=N);c||(c=V?L.parent():L);if(d){var f=l.$$slots[d];if(f)return f(a,b,e,c,Q);if(x(f))throw fa("noslot",d,ya(L));}else return l(a,b,e,c,Q)}var p,t,u,G,J,N,T,L;b===f?(g=d,L=d.$$element):(L=D(f),g=new s(L,d));J=e;B?G=e.$new(!0):K&&(J=e.$parent);l&&(T=m,T.$$boundTransclude=l,T.isSlotFilled=function(a){return!!l.$$slots[a]});A&&(N=
 ca(L,g,T,A,G,e,B));B&&(ba.$$addScopeInfo(L,G,!0,!(I&&(I===B||I===B.$$originalDirective))),ba.$$addScopeClass(L,!0),G.$$isolateBindings=B.$$isolateBindings,t=oa(e,g,G,G.$$isolateBindings,B),t.removeWatches&&G.$on("$destroy",t.removeWatches));for(p in N){t=A[p];u=N[p];var Hb=t.$$bindings.bindToController;if(r){u.bindingInfo=Hb?oa(J,g,u.instance,Hb,t):{};var O=u();O!==u.instance&&(u.instance=O,L.data("$"+t.name+"Controller",O),u.bindingInfo.removeWatches&&u.bindingInfo.removeWatches(),u.bindingInfo=
 oa(J,g,u.instance,Hb,t))}else u.instance=u(),L.data("$"+t.name+"Controller",u.instance),u.bindingInfo=oa(J,g,u.instance,Hb,t)}q(A,function(a,b){var c=a.require;a.bindToController&&!C(c)&&F(c)&&R(N[b].instance,U(b,c,L,N))});q(N,function(a){var b=a.instance;if(y(b.$onChanges))try{b.$onChanges(a.bindingInfo.initialChanges)}catch(d){c(d)}if(y(b.$onInit))try{b.$onInit()}catch(e){c(e)}y(b.$doCheck)&&(J.$watch(function(){b.$doCheck()}),b.$doCheck());y(b.$onDestroy)&&J.$on("$destroy",function(){b.$onDestroy()})});
 p=0;for(t=h.length;p<t;p++)u=h[p],ta(u,u.isolateScope?G:e,L,g,u.require&&U(u.directiveName,u.require,L,N),T);var Q=e;B&&(B.template||null===B.templateUrl)&&(Q=G);a&&a(Q,f.childNodes,void 0,l);for(p=k.length-1;0<=p;p--)u=k[p],ta(u,u.isolateScope?G:e,L,g,u.require&&U(u.directiveName,u.require,L,N),T);q(N,function(a){a=a.instance;y(a.$postLink)&&a.$postLink()})}l=l||{};for(var p=-Number.MAX_VALUE,K=l.newScopeDirective,A=l.controllerDirectives,B=l.newIsolateScopeDirective,I=l.templateDirective,u=l.nonTlbTranscludeDirective,
 J=!1,N=!1,V=l.hasElementTranscludeDirective,G=d.$$element=D(b),t,L,T,O=e,Q,v=!1,Ma=!1,w,z=0,E=a.length;z<E;z++){t=a[z];var Na=t.$$start,M=t.$$end;Na&&(G=id(b,Na,M));T=void 0;if(p>t.priority)break;if(w=t.scope)t.templateUrl||(F(w)?($("new/isolated scope",B||K,t,G),B=t):$("new/isolated scope",B,t,G)),K=K||t;L=t.name;if(!v&&(t.replace&&(t.templateUrl||t.template)||t.transclude&&!t.$$tlb)){for(w=z+1;v=a[w++];)if(v.transclude&&!v.$$tlb||v.replace&&(v.templateUrl||v.template)){Ma=!0;break}v=!0}!t.templateUrl&&
 t.controller&&(A=A||W(),$("'"+L+"' controller",A[L],t,G),A[L]=t);if(w=t.transclude)if(J=!0,t.$$tlb||($("transclusion",u,t,G),u=t),"element"===w)V=!0,p=t.priority,T=G,G=d.$$element=D(ba.$$createComment(L,d[L])),b=G[0],la(f,va.call(T,0),b),T[0].$$parentNode=T[0].parentNode,O=gc(Ma,T,e,p,g&&g.name,{nonTlbTranscludeDirective:u});else{var ja=W();if(F(w)){T=[];var P=W(),jb=W();q(w,function(a,b){var c="?"===a.charAt(0);a=c?a.substring(1):a;P[a]=b;ja[b]=null;jb[b]=c});q(G.contents(),function(a){var b=P[Ba(wa(a))];
 b?(jb[b]=!0,ja[b]=ja[b]||[],ja[b].push(a)):T.push(a)});q(jb,function(a,b){if(!a)throw fa("reqslot",b);});for(var ec in ja)ja[ec]&&(ja[ec]=gc(Ma,ja[ec],e))}else T=D(cc(b)).contents();G.empty();O=gc(Ma,T,e,void 0,void 0,{needsNewScope:t.$$isolateScope||t.$$newScope});O.$$slots=ja}if(t.template)if(N=!0,$("template",I,t,G),I=t,w=y(t.template)?t.template(G,d):t.template,w=Ea(w),t.replace){g=t;T=$b.test(w)?kd(ha(t.templateNamespace,S(w))):[];b=T[0];if(1!==T.length||1!==b.nodeType)throw fa("tplrt",L,"");
 la(f,G,b);E={$attr:{}};w=fc(b,[],E);var Y=a.splice(z+1,a.length-(z+1));(B||K)&&aa(w,B,K);a=a.concat(w).concat(Y);da(d,E);E=a.length}else G.html(w);if(t.templateUrl)N=!0,$("template",I,t,G),I=t,t.replace&&(g=t),n=ga(a.splice(z,a.length-z),G,d,f,J&&O,h,k,{controllerDirectives:A,newScopeDirective:K!==t&&K,newIsolateScopeDirective:B,templateDirective:I,nonTlbTranscludeDirective:u}),E=a.length;else if(t.compile)try{Q=t.compile(G,d,O);var Z=t.$$originalDirective||t;y(Q)?m(null,ab(Z,Q),Na,M):Q&&m(ab(Z,Q.pre),
 ab(Z,Q.post),Na,M)}catch(ea){c(ea,ya(G))}t.terminal&&(n.terminal=!0,p=Math.max(p,t.priority))}n.scope=K&&!0===K.scope;n.transcludeOnThisElement=J;n.templateOnThisElement=N;n.transclude=O;l.hasElementTranscludeDirective=V;return n}function U(a,b,c,d){var e;if(E(b)){var f=b.match(l);b=b.substring(f[0].length);var g=f[1]||f[3],f="?"===f[2];"^^"===g?c=c.parent():e=(e=d&&d[b])&&e.instance;if(!e){var h="$"+b+"Controller";e=g?c.inheritedData(h):c.data(h)}if(!e&&!f)throw fa("ctreq",b,a);}else if(C(b))for(e=
 [],g=0,f=b.length;g<f;g++)e[g]=U(a,b[g],c,d);else F(b)&&(e={},q(b,function(b,f){e[f]=U(a,b,c,d)}));return e||null}function ca(a,b,c,d,e,f,g){var h=W(),k;for(k in d){var l=d[k],m={$scope:l===g||l.$$isolateScope?e:f,$element:a,$attrs:b,$transclude:c},n=l.controller;"@"===n&&(n=b[l.name]);m=I(n,m,!0,l.controllerAs);h[l.name]=m;a.data("$"+l.name+"Controller",m.instance)}return h}function aa(a,b,c){for(var d=0,e=a.length;d<e;d++)a[d]=Ub(a[d],{$$isolateScope:b,$$newScope:c})}function Y(b,c,f,g,h,k,l){if(c===
 h)return null;var m=null;if(e.hasOwnProperty(c)){h=a.get(c+"Directive");for(var n=0,p=h.length;n<p;n++)if(c=h[n],(x(g)||g>c.priority)&&-1!==c.restrict.indexOf(f)){k&&(c=Ub(c,{$$start:k,$$end:l}));if(!c.$$bindings){var K=m=c,r=c.name,A={isolateScope:null,bindToController:null};F(K.scope)&&(!0===K.bindToController?(A.bindToController=d(K.scope,r,!0),A.isolateScope={}):A.isolateScope=d(K.scope,r,!1));F(K.bindToController)&&(A.bindToController=d(K.bindToController,r,!0));if(A.bindToController&&!K.controller)throw fa("noctrl",
 r);m=m.$$bindings=A;F(m.isolateScope)&&(c.$$isolateBindings=m.isolateScope)}b.push(c);m=c}}return m}function Z(b){if(e.hasOwnProperty(b))for(var c=a.get(b+"Directive"),d=0,f=c.length;d<f;d++)if(b=c[d],b.multiElement)return!0;return!1}function da(a,b){var c=b.$attr,d=a.$attr;q(a,function(d,e){"$"!==e.charAt(0)&&(b[e]&&b[e]!==d&&(d=d.length?d+(("style"===e?";":" ")+b[e]):b[e]),a.$set(e,d,!0,c[e]))});q(b,function(b,e){a.hasOwnProperty(e)||"$"===e.charAt(0)||(a[e]=b,"class"!==e&&"style"!==e&&(d[e]=c[e]))})}
 function ga(a,b,d,e,g,h,k,l){var m=[],n,p,K=b[0],r=a.shift(),u=Ub(r,{templateUrl:null,transclude:null,replace:null,$$originalDirective:r}),t=y(r.templateUrl)?r.templateUrl(b,d):r.templateUrl,B=r.templateNamespace;b.empty();f(t).then(function(c){var f,A;c=Ea(c);if(r.replace){c=$b.test(c)?kd(ha(B,S(c))):[];f=c[0];if(1!==c.length||1!==f.nodeType)throw fa("tplrt",r.name,t);c={$attr:{}};la(e,b,f);var I=fc(f,[],c);F(r.scope)&&aa(I,!0);a=I.concat(a);da(d,c)}else f=K,b.html(c);a.unshift(u);n=X(a,f,d,g,b,
 r,h,k,l);q(e,function(a,c){a===f&&(e[c]=b[0])});for(p=Na(b[0].childNodes,g);m.length;){c=m.shift();A=m.shift();var G=m.shift(),J=m.shift(),I=b[0];if(!c.$$destroyed){if(A!==K){var N=A.className;l.hasElementTranscludeDirective&&r.replace||(I=cc(f));la(G,D(A),I);Ma(D(I),N)}A=n.transcludeOnThisElement?ja(c,n.transclude,J):J;n(p,c,I,e,A)}}m=null}).catch(function(a){a instanceof Error&&c(a)});return function(a,b,c,d,e){a=e;b.$$destroyed||(m?m.push(b,c,d,a):(n.transcludeOnThisElement&&(a=ja(b,n.transclude,
 e)),n(p,b,c,d,a)))}}function ka(a,b){var c=b.priority-a.priority;return 0!==c?c:a.name!==b.name?a.name<b.name?-1:1:a.index-b.index}function $(a,b,c,d){function e(a){return a?" (module: "+a+")":""}if(b)throw fa("multidir",b.name,e(b.$$moduleName),c.name,e(c.$$moduleName),a,ya(d));}function ma(a,c){var d=b(c,!0);d&&a.push({priority:0,compile:function(a){a=a.parent();var b=!!a.length;b&&ba.$$addBindingClass(a);return function(a,c){var e=c.parent();b||ba.$$addBindingClass(e);ba.$$addBindingInfo(e,d.expressions);
 a.$watch(d,function(a){c[0].nodeValue=a})}}})}function ha(a,b){a=P(a||"html");switch(a){case "svg":case "math":var c=z.document.createElement("div");c.innerHTML="<"+a+">"+b+"</"+a+">";return c.childNodes[0].childNodes;default:return b}}function pa(a,b){if("srcdoc"===b)return L.HTML;var c=wa(a);if("src"===b||"ngSrc"===b){if(-1===["img","video","audio","source","track"].indexOf(c))return L.RESOURCE_URL}else if("xlinkHref"===b||"form"===c&&"action"===b||"link"===c&&"href"===b)return L.RESOURCE_URL}function ra(a,
 c,d,e,f){var g=pa(a,e),h=k[e]||f,l=b(d,!f,g,h);if(l){if("multiple"===e&&"select"===wa(a))throw fa("selmulti",ya(a));if(m.test(e))throw fa("nodomevents");c.push({priority:100,compile:function(){return{pre:function(a,c,f){c=f.$$observers||(f.$$observers=W());var k=f[e];k!==d&&(l=k&&b(k,!0,g,h),d=k);l&&(f[e]=l(a),(c[e]||(c[e]=[])).$$inter=!0,(f.$$observers&&f.$$observers[e].$$scope||a).$watch(l,function(a,b){"class"===e&&a!==b?f.$updateClass(a,b):f.$set(e,a)}))}}}})}}function la(a,b,c){var d=b[0],e=
 b.length,f=d.parentNode,g,h;if(a)for(g=0,h=a.length;g<h;g++)if(a[g]===d){a[g++]=c;h=g+e-1;for(var k=a.length;g<k;g++,h++)h<k?a[g]=a[h]:delete a[g];a.length-=e-1;a.context===d&&(a.context=c);break}f&&f.replaceChild(c,d);a=z.document.createDocumentFragment();for(g=0;g<e;g++)a.appendChild(b[g]);D.hasData(d)&&(D.data(c,D.data(d)),D(d).off("$destroy"));D.cleanData(a.querySelectorAll("*"));for(g=1;g<e;g++)delete b[g];b[0]=c;b.length=1}function sa(a,b){return R(function(){return a.apply(null,arguments)},
 a,b)}function ta(a,b,d,e,f,g){try{a(b,d,e,f,g)}catch(h){c(h,ya(d))}}function oa(a,c,d,e,f){function g(b,c,e){!y(d.$onChanges)||c===e||c!==c&&e!==e||(ea||(a.$$postDigest(T),ea=[]),m||(m={},ea.push(h)),m[b]&&(e=m[b].previousValue),m[b]=new Ib(e,c))}function h(){d.$onChanges(m);m=void 0}var k=[],l={},m;q(e,function(e,h){var m=e.attrName,p=e.optional,r,A,u,B;switch(e.mode){case "@":p||ua.call(c,m)||(d[h]=c[m]=void 0);p=c.$observe(m,function(a){if(E(a)||Ia(a))g(h,a,d[h]),d[h]=a});c.$$observers[m].$$scope=
 a;r=c[m];E(r)?d[h]=b(r)(a):Ia(r)&&(d[h]=r);l[h]=new Ib(hc,d[h]);k.push(p);break;case "=":if(!ua.call(c,m)){if(p)break;c[m]=void 0}if(p&&!c[m])break;A=n(c[m]);B=A.literal?qa:function(a,b){return a===b||a!==a&&b!==b};u=A.assign||function(){r=d[h]=A(a);throw fa("nonassign",c[m],m,f.name);};r=d[h]=A(a);p=function(b){B(b,d[h])||(B(b,r)?u(a,b=d[h]):d[h]=b);return r=b};p.$stateful=!0;p=e.collection?a.$watchCollection(c[m],p):a.$watch(n(c[m],p),null,A.literal);k.push(p);break;case "<":if(!ua.call(c,m)){if(p)break;
 c[m]=void 0}if(p&&!c[m])break;A=n(c[m]);var I=A.literal,G=d[h]=A(a);l[h]=new Ib(hc,d[h]);p=a.$watch(A,function(a,b){if(b===a){if(b===G||I&&qa(b,G))return;b=G}g(h,a,b);d[h]=a},I);k.push(p);break;case "&":A=c.hasOwnProperty(m)?n(c[m]):w;if(A===w&&p)break;d[h]=function(b){return A(a,b)}}});return{initialChanges:l,removeWatches:k.length&&function(){for(var a=0,b=k.length;a<b;++a)k[a]()}}}var Da=/^\w/,xa=z.document.createElement("div"),Fa=O,Ga=u,za=J,ea;s.prototype={$normalize:Ba,$addClass:function(a){a&&
 0<a.length&&N.addClass(this.$$element,a)},$removeClass:function(a){a&&0<a.length&&N.removeClass(this.$$element,a)},$updateClass:function(a,b){var c=ld(a,b);c&&c.length&&N.addClass(this.$$element,c);(c=ld(b,a))&&c.length&&N.removeClass(this.$$element,c)},$set:function(a,b,d,e){var f=dd(this.$$element[0],a),g=md[a],h=a;f?(this.$$element.prop(a,b),e=f):g&&(this[g]=b,h=g);this[a]=b;e?this.$attr[a]=e:(e=this.$attr[a])||(this.$attr[a]=e=Nc(a,"-"));f=wa(this.$$element);if("a"===f&&("href"===a||"xlinkHref"===
 a)||"img"===f&&"src"===a)this[a]=b=G(b,"src"===a);else if("img"===f&&"srcset"===a&&v(b)){for(var f="",g=S(b),k=/(\s+\d+x\s*,|\s+\d+w\s*,|\s+,|,\s+)/,k=/\s/.test(g)?k:/(,)/,g=g.split(k),k=Math.floor(g.length/2),l=0;l<k;l++)var m=2*l,f=f+G(S(g[m]),!0),f=f+(" "+S(g[m+1]));g=S(g[2*l]).split(/\s/);f+=G(S(g[0]),!0);2===g.length&&(f+=" "+S(g[1]));this[a]=b=f}!1!==d&&(null===b||x(b)?this.$$element.removeAttr(e):Da.test(e)?this.$$element.attr(e,b):Q(this.$$element[0],e,b));(a=this.$$observers)&&q(a[h],function(a){try{a(b)}catch(d){c(d)}})},
 $observe:function(a,b){var c=this,d=c.$$observers||(c.$$observers=W()),e=d[a]||(d[a]=[]);e.push(b);B.$evalAsync(function(){e.$$inter||!c.hasOwnProperty(a)||x(c[a])||b(c[a])});return function(){Za(e,b)}}};var Aa=b.startSymbol(),Ca=b.endSymbol(),Ea="{{"===Aa&&"}}"===Ca?Xa:function(a){return a.replace(/\{\{/g,Aa).replace(/}}/g,Ca)},Ka=/^ngAttr[A-Z]/,La=/^(.+)Start$/;ba.$$addBindingInfo=p?function(a,b){var c=a.data("$binding")||[];C(b)?c=c.concat(b):c.push(b);a.data("$binding",c)}:w;ba.$$addBindingClass=
 p?function(a){Ma(a,"ng-binding")}:w;ba.$$addScopeInfo=p?function(a,b,c,d){a.data(c?d?"$isolateScopeNoTemplate":"$isolateScope":"$scope",b)}:w;ba.$$addScopeClass=p?function(a,b){Ma(a,b?"ng-isolate-scope":"ng-scope")}:w;ba.$$createComment=function(a,b){var c="";p&&(c=" "+(a||"")+": ",b&&(c+=b+" "));return z.document.createComment(c)};return ba}]}function Ib(a,b){this.previousValue=a;this.currentValue=b}function Ba(a){return a.replace(hd,"").replace(ng,fb)}function ld(a,b){var d="",c=a.split(/\s+/),
 f=b.split(/\s+/),e=0;a:for(;e<c.length;e++){for(var g=c[e],h=0;h<f.length;h++)if(g===f[h])continue a;d+=(0<d.length?" ":"")+g}return d}function kd(a){a=D(a);var b=a.length;if(1>=b)return a;for(;b--;){var d=a[b];(8===d.nodeType||d.nodeType===Ja&&""===d.nodeValue.trim())&&og.call(a,b,1)}return a}function mg(a,b){if(b&&E(b))return b;if(E(a)){var d=nd.exec(a);if(d)return d[3]}}function sf(){var a={},b=!1;this.has=function(b){return a.hasOwnProperty(b)};this.register=function(b,c){La(b,"controller");F(b)?
 R(a,b):a[b]=c};this.allowGlobals=function(){b=!0};this.$get=["$injector","$window",function(d,c){function f(a,b,c,d){if(!a||!F(a.$scope))throw M("$controller")("noscp",d,b);a.$scope[b]=c}return function(e,g,h,k){var l,m,n;h=!0===h;k&&E(k)&&(n=k);if(E(e)){k=e.match(nd);if(!k)throw od("ctrlfmt",e);m=k[1];n=n||k[3];e=a.hasOwnProperty(m)?a[m]:Pc(g.$scope,m,!0)||(b?Pc(c,m,!0):void 0);if(!e)throw od("ctrlreg",m);sb(e,m,!0)}if(h)return h=(C(e)?e[e.length-1]:e).prototype,l=Object.create(h||null),n&&f(g,n,
 l,m||e.name),R(function(){var a=d.invoke(e,l,g,m);a!==l&&(F(a)||y(a))&&(l=a,n&&f(g,n,l,m||e.name));return l},{instance:l,identifier:n});l=d.instantiate(e,g,m);n&&f(g,n,l,m||e.name);return l}}]}function tf(){this.$get=["$window",function(a){return D(a.document)}]}function uf(){this.$get=["$document","$rootScope",function(a,b){function d(){f=c.hidden}var c=a[0],f=c&&c.hidden;a.on("visibilitychange",d);b.$on("$destroy",function(){a.off("visibilitychange",d)});return function(){return f}}]}function vf(){this.$get=
 ["$log",function(a){return function(b,d){a.error.apply(a,arguments)}}]}function ic(a){return F(a)?ga(a)?a.toISOString():bb(a):a}function Af(){this.$get=function(){return function(a){if(!a)return"";var b=[];Ec(a,function(a,c){null===a||x(a)||(C(a)?q(a,function(a){b.push(ka(c)+"="+ka(ic(a)))}):b.push(ka(c)+"="+ka(ic(a))))});return b.join("&")}}}function Bf(){this.$get=function(){return function(a){function b(a,f,e){null===a||x(a)||(C(a)?q(a,function(a,c){b(a,f+"["+(F(a)?c:"")+"]")}):F(a)&&!ga(a)?Ec(a,
 function(a,c){b(a,f+(e?"":"[")+c+(e?"":"]"))}):d.push(ka(f)+"="+ka(ic(a))))}if(!a)return"";var d=[];b(a,"",!0);return d.join("&")}}}function jc(a,b){if(E(a)){var d=a.replace(pg,"").trim();if(d){var c=b("Content-Type");(c=c&&0===c.indexOf(pd))||(c=(c=d.match(qg))&&rg[c[0]].test(d));c&&(a=Ic(d))}}return a}function qd(a){var b=W(),d;E(a)?q(a.split("\n"),function(a){d=a.indexOf(":");var f=P(S(a.substr(0,d)));a=S(a.substr(d+1));f&&(b[f]=b[f]?b[f]+", "+a:a)}):F(a)&&q(a,function(a,d){var e=P(d),g=S(a);e&&
 (b[e]=b[e]?b[e]+", "+g:g)});return b}function rd(a){var b;return function(d){b||(b=qd(a));return d?(d=b[P(d)],void 0===d&&(d=null),d):b}}function sd(a,b,d,c){if(y(c))return c(a,b,d);q(c,function(c){a=c(a,b,d)});return a}function zf(){var a=this.defaults={transformResponse:[jc],transformRequest:[function(a){return F(a)&&"[object File]"!==na.call(a)&&"[object Blob]"!==na.call(a)&&"[object FormData]"!==na.call(a)?bb(a):a}],headers:{common:{Accept:"application/json, text/plain, */*"},post:ra(kc),put:ra(kc),
 patch:ra(kc)},xsrfCookieName:"XSRF-TOKEN",xsrfHeaderName:"X-XSRF-TOKEN",paramSerializer:"$httpParamSerializer",jsonpCallbackParam:"callback"},b=!1;this.useApplyAsync=function(a){return v(a)?(b=!!a,this):b};var d=this.interceptors=[];this.$get=["$browser","$httpBackend","$$cookieReader","$cacheFactory","$rootScope","$q","$injector","$sce",function(c,f,e,g,h,k,l,m){function n(b){function d(a,b){for(var c=0,e=b.length;c<e;){var f=b[c++],g=b[c++];a=a.then(f,g)}b.length=0;return a}function e(a,b){var c,
 d={};q(a,function(a,e){y(a)?(c=a(b),null!=c&&(d[e]=c)):d[e]=a});return d}function f(a){var b=R({},a);b.data=sd(a.data,a.headers,a.status,g.transformResponse);a=a.status;return 200<=a&&300>a?b:k.reject(b)}if(!F(b))throw M("$http")("badreq",b);if(!E(m.valueOf(b.url)))throw M("$http")("badreq",b.url);var g=R({method:"get",transformRequest:a.transformRequest,transformResponse:a.transformResponse,paramSerializer:a.paramSerializer,jsonpCallbackParam:a.jsonpCallbackParam},b);g.headers=function(b){var c=
 a.headers,d=R({},b.headers),f,g,h,c=R({},c.common,c[P(b.method)]);a:for(f in c){g=P(f);for(h in d)if(P(h)===g)continue a;d[f]=c[f]}return e(d,ra(b))}(b);g.method=ub(g.method);g.paramSerializer=E(g.paramSerializer)?l.get(g.paramSerializer):g.paramSerializer;c.$$incOutstandingRequestCount();var h=[],n=[];b=k.resolve(g);q(u,function(a){(a.request||a.requestError)&&h.unshift(a.request,a.requestError);(a.response||a.responseError)&&n.push(a.response,a.responseError)});b=d(b,h);b=b.then(function(b){var c=
 b.headers,d=sd(b.data,rd(c),void 0,b.transformRequest);x(d)&&q(c,function(a,b){"content-type"===P(b)&&delete c[b]});x(b.withCredentials)&&!x(a.withCredentials)&&(b.withCredentials=a.withCredentials);return p(b,d).then(f,f)});b=d(b,n);return b=b.finally(function(){c.$$completeOutstandingRequest(w)})}function p(c,d){function g(a){if(a){var c={};q(a,function(a,d){c[d]=function(c){function d(){a(c)}b?h.$applyAsync(d):h.$$phase?d():h.$apply(d)}});return c}}function l(a,c,d,e){function f(){p(c,a,d,e)}N&&
 (200<=a&&300>a?N.put(Q,[a,c,qd(d),e]):N.remove(Q));b?h.$applyAsync(f):(f(),h.$$phase||h.$apply())}function p(a,b,d,e){b=-1<=b?b:0;(200<=b&&300>b?B.resolve:B.reject)({data:a,status:b,headers:rd(d),config:c,statusText:e})}function K(a){p(a.data,a.status,ra(a.headers()),a.statusText)}function u(){var a=n.pendingRequests.indexOf(c);-1!==a&&n.pendingRequests.splice(a,1)}var B=k.defer(),L=B.promise,N,G,T=c.headers,s="jsonp"===P(c.method),Q=c.url;s?Q=m.getTrustedResourceUrl(Q):E(Q)||(Q=m.valueOf(Q));Q=r(Q,
 c.paramSerializer(c.params));s&&(Q=J(Q,c.jsonpCallbackParam));n.pendingRequests.push(c);L.then(u,u);!c.cache&&!a.cache||!1===c.cache||"GET"!==c.method&&"JSONP"!==c.method||(N=F(c.cache)?c.cache:F(a.cache)?a.cache:O);N&&(G=N.get(Q),v(G)?G&&y(G.then)?G.then(K,K):C(G)?p(G[1],G[0],ra(G[2]),G[3]):p(G,200,{},"OK"):N.put(Q,L));x(G)&&((G=td(c.url)?e()[c.xsrfCookieName||a.xsrfCookieName]:void 0)&&(T[c.xsrfHeaderName||a.xsrfHeaderName]=G),f(c.method,Q,d,l,T,c.timeout,c.withCredentials,c.responseType,g(c.eventHandlers),
 g(c.uploadEventHandlers)));return L}function r(a,b){0<b.length&&(a+=(-1===a.indexOf("?")?"?":"&")+b);return a}function J(a,b){if(/[&?][^=]+=JSON_CALLBACK/.test(a))throw ud("badjsonp",a);if((new RegExp("[&?]"+b+"=")).test(a))throw ud("badjsonp",b,a);return a+=(-1===a.indexOf("?")?"?":"&")+b+"=JSON_CALLBACK"}var O=g("$http");a.paramSerializer=E(a.paramSerializer)?l.get(a.paramSerializer):a.paramSerializer;var u=[];q(d,function(a){u.unshift(E(a)?l.get(a):l.invoke(a))});n.pendingRequests=[];(function(a){q(arguments,
 function(a){n[a]=function(b,c){return n(R({},c||{},{method:a,url:b}))}})})("get","delete","head","jsonp");(function(a){q(arguments,function(a){n[a]=function(b,c,d){return n(R({},d||{},{method:a,url:b,data:c}))}})})("post","put","patch");n.defaults=a;return n}]}function Df(){this.$get=function(){return function(){return new z.XMLHttpRequest}}}function Cf(){this.$get=["$browser","$jsonpCallbacks","$document","$xhrFactory",function(a,b,d,c){return sg(a,c,a.defer,b,d[0])}]}function sg(a,b,d,c,f){function e(a,
 b,d){a=a.replace("JSON_CALLBACK",b);var e=f.createElement("script"),m=null;e.type="text/javascript";e.src=a;e.async=!0;m=function(a){e.removeEventListener("load",m);e.removeEventListener("error",m);f.body.removeChild(e);e=null;var g=-1,r="unknown";a&&("load"!==a.type||c.wasCalled(b)||(a={type:"error"}),r=a.type,g="error"===a.type?404:200);d&&d(g,r)};e.addEventListener("load",m);e.addEventListener("error",m);f.body.appendChild(e);return m}return function(f,h,k,l,m,n,p,r,J,O){function u(){V&&V();t&&
 t.abort()}h=h||a.url();if("jsonp"===P(f))var H=c.createCallback(h),V=e(h,H,function(a,b){var e=200===a&&c.getResponse(H);v(A)&&d.cancel(A);V=t=null;l(a,e,"",b);c.removeCallback(H)});else{var t=b(f,h);t.open(f,h,!0);q(m,function(a,b){v(a)&&t.setRequestHeader(b,a)});t.onload=function(){var a=t.statusText||"",b="response"in t?t.response:t.responseText,c=1223===t.status?204:t.status;0===c&&(c=b?200:"file"===oa(h).protocol?404:0);var e=t.getAllResponseHeaders();v(A)&&d.cancel(A);V=t=null;l(c,b,e,a)};f=
 function(){v(A)&&d.cancel(A);V=t=null;l(-1,null,null,"")};t.onerror=f;t.onabort=f;t.ontimeout=f;q(J,function(a,b){t.addEventListener(b,a)});q(O,function(a,b){t.upload.addEventListener(b,a)});p&&(t.withCredentials=!0);if(r)try{t.responseType=r}catch(s){if("json"!==r)throw s;}t.send(x(k)?null:k)}if(0<n)var A=d(u,n);else n&&y(n.then)&&n.then(u)}}function xf(){var a="{{",b="}}";this.startSymbol=function(b){return b?(a=b,this):a};this.endSymbol=function(a){return a?(b=a,this):b};this.$get=["$parse","$exceptionHandler",
 "$sce",function(d,c,f){function e(a){return"\\\\\\"+a}function g(c){return c.replace(n,a).replace(p,b)}function h(a,b,c,d){var e=a.$watch(function(a){e();return d(a)},b,c);return e}function k(e,k,n,p){function H(a){try{var b=a;a=n?f.getTrusted(n,b):f.valueOf(b);return p&&!v(a)?a:Yb(a)}catch(d){c(Ca.interr(e,d))}}if(!e.length||-1===e.indexOf(a)){var q;k||(k=g(e),q=ma(k),q.exp=e,q.expressions=[],q.$$watchDelegate=h);return q}p=!!p;var t,s,A=0,K=[],I=[];q=e.length;for(var B=[],L=[];A<q;)if(-1!==(t=e.indexOf(a,
 A))&&-1!==(s=e.indexOf(b,t+l)))A!==t&&B.push(g(e.substring(A,t))),A=e.substring(t+l,s),K.push(A),I.push(d(A,H)),A=s+m,L.push(B.length),B.push("");else{A!==q&&B.push(g(e.substring(A)));break}n&&1<B.length&&Ca.throwNoconcat(e);if(!k||K.length){var N=function(a){for(var b=0,c=K.length;b<c;b++){if(p&&x(a[b]))return;B[L[b]]=a[b]}return B.join("")};return R(function(a){var b=0,d=K.length,f=Array(d);try{for(;b<d;b++)f[b]=I[b](a);return N(f)}catch(g){c(Ca.interr(e,g))}},{exp:e,expressions:K,$$watchDelegate:function(a,
 b){var c;return a.$watchGroup(I,function(d,e){var f=N(d);y(b)&&b.call(this,f,d!==e?c:f,a);c=f})}})}}var l=a.length,m=b.length,n=new RegExp(a.replace(/./g,e),"g"),p=new RegExp(b.replace(/./g,e),"g");k.startSymbol=function(){return a};k.endSymbol=function(){return b};return k}]}function yf(){this.$get=["$rootScope","$window","$q","$$q","$browser",function(a,b,d,c,f){function e(e,k,l,m){function n(){p?e.apply(null,r):e(u)}var p=4<arguments.length,r=p?va.call(arguments,4):[],J=b.setInterval,q=b.clearInterval,
 u=0,H=v(m)&&!m,V=(H?c:d).defer(),t=V.promise;l=v(l)?l:0;t.$$intervalId=J(function(){H?f.defer(n):a.$evalAsync(n);V.notify(u++);0<l&&u>=l&&(V.resolve(u),q(t.$$intervalId),delete g[t.$$intervalId]);H||a.$apply()},k);g[t.$$intervalId]=V;return t}var g={};e.cancel=function(a){return a&&a.$$intervalId in g?(g[a.$$intervalId].promise.catch(w),g[a.$$intervalId].reject("canceled"),b.clearInterval(a.$$intervalId),delete g[a.$$intervalId],!0):!1};return e}]}function lc(a){a=a.split("/");for(var b=a.length;b--;)a[b]=
 cb(a[b]);return a.join("/")}function vd(a,b){var d=oa(a);b.$$protocol=d.protocol;b.$$host=d.hostname;b.$$port=Z(d.port)||tg[d.protocol]||null}function wd(a,b){if(ug.test(a))throw kb("badpath",a);var d="/"!==a.charAt(0);d&&(a="/"+a);var c=oa(a);b.$$path=decodeURIComponent(d&&"/"===c.pathname.charAt(0)?c.pathname.substring(1):c.pathname);b.$$search=Lc(c.search);b.$$hash=decodeURIComponent(c.hash);b.$$path&&"/"!==b.$$path.charAt(0)&&(b.$$path="/"+b.$$path)}function mc(a,b){return a.slice(0,b.length)===
 b}function la(a,b){if(mc(b,a))return b.substr(a.length)}function Aa(a){var b=a.indexOf("#");return-1===b?a:a.substr(0,b)}function lb(a){return a.replace(/(#.+)|#$/,"$1")}function nc(a,b,d){this.$$html5=!0;d=d||"";vd(a,this);this.$$parse=function(a){var d=la(b,a);if(!E(d))throw kb("ipthprfx",a,b);wd(d,this);this.$$path||(this.$$path="/");this.$$compose()};this.$$compose=function(){var a=Xb(this.$$search),d=this.$$hash?"#"+cb(this.$$hash):"";this.$$url=lc(this.$$path)+(a?"?"+a:"")+d;this.$$absUrl=b+
 this.$$url.substr(1);this.$$urlUpdatedByLocation=!0};this.$$parseLinkUrl=function(c,f){if(f&&"#"===f[0])return this.hash(f.slice(1)),!0;var e,g;v(e=la(a,c))?(g=e,g=d&&v(e=la(d,e))?b+(la("/",e)||e):a+g):v(e=la(b,c))?g=b+e:b===c+"/"&&(g=b);g&&this.$$parse(g);return!!g}}function oc(a,b,d){vd(a,this);this.$$parse=function(c){var f=la(a,c)||la(b,c),e;x(f)||"#"!==f.charAt(0)?this.$$html5?e=f:(e="",x(f)&&(a=c,this.replace())):(e=la(d,f),x(e)&&(e=f));wd(e,this);c=this.$$path;var f=a,g=/^\/[A-Z]:(\/.*)/;mc(e,
 f)&&(e=e.replace(f,""));g.exec(e)||(c=(e=g.exec(c))?e[1]:c);this.$$path=c;this.$$compose()};this.$$compose=function(){var b=Xb(this.$$search),f=this.$$hash?"#"+cb(this.$$hash):"";this.$$url=lc(this.$$path)+(b?"?"+b:"")+f;this.$$absUrl=a+(this.$$url?d+this.$$url:"");this.$$urlUpdatedByLocation=!0};this.$$parseLinkUrl=function(b,d){return Aa(a)===Aa(b)?(this.$$parse(b),!0):!1}}function xd(a,b,d){this.$$html5=!0;oc.apply(this,arguments);this.$$parseLinkUrl=function(c,f){if(f&&"#"===f[0])return this.hash(f.slice(1)),
 !0;var e,g;a===Aa(c)?e=c:(g=la(b,c))?e=a+d+g:b===c+"/"&&(e=b);e&&this.$$parse(e);return!!e};this.$$compose=function(){var b=Xb(this.$$search),f=this.$$hash?"#"+cb(this.$$hash):"";this.$$url=lc(this.$$path)+(b?"?"+b:"")+f;this.$$absUrl=a+d+this.$$url;this.$$urlUpdatedByLocation=!0}}function Jb(a){return function(){return this[a]}}function yd(a,b){return function(d){if(x(d))return this[a];this[a]=b(d);this.$$compose();return this}}function Ff(){var a="!",b={enabled:!1,requireBase:!0,rewriteLinks:!0};
 this.hashPrefix=function(b){return v(b)?(a=b,this):a};this.html5Mode=function(a){if(Ia(a))return b.enabled=a,this;if(F(a)){Ia(a.enabled)&&(b.enabled=a.enabled);Ia(a.requireBase)&&(b.requireBase=a.requireBase);if(Ia(a.rewriteLinks)||E(a.rewriteLinks))b.rewriteLinks=a.rewriteLinks;return this}return b};this.$get=["$rootScope","$browser","$sniffer","$rootElement","$window",function(d,c,f,e,g){function h(a,b,d){var e=l.url(),f=l.$$state;try{c.url(a,b,d),l.$$state=c.state()}catch(g){throw l.url(e),l.$$state=
 f,g;}}function k(a,b){d.$broadcast("$locationChangeSuccess",l.absUrl(),a,l.$$state,b)}var l,m;m=c.baseHref();var n=c.url(),p;if(b.enabled){if(!m&&b.requireBase)throw kb("nobase");p=n.substring(0,n.indexOf("/",n.indexOf("//")+2))+(m||"/");m=f.history?nc:xd}else p=Aa(n),m=oc;var r=p.substr(0,Aa(p).lastIndexOf("/")+1);l=new m(p,r,"#"+a);l.$$parseLinkUrl(n,n);l.$$state=c.state();var J=/^\s*(javascript|mailto):/i;e.on("click",function(a){var f=b.rewriteLinks;if(f&&!a.ctrlKey&&!a.metaKey&&!a.shiftKey&&
 2!==a.which&&2!==a.button){for(var h=D(a.target);"a"!==wa(h[0]);)if(h[0]===e[0]||!(h=h.parent())[0])return;if(!E(f)||!x(h.attr(f))){var f=h.prop("href"),k=h.attr("href")||h.attr("xlink:href");F(f)&&"[object SVGAnimatedString]"===f.toString()&&(f=oa(f.animVal).href);J.test(f)||!f||h.attr("target")||a.isDefaultPrevented()||!l.$$parseLinkUrl(f,k)||(a.preventDefault(),l.absUrl()!==c.url()&&(d.$apply(),g.angular["ff-684208-preventDefault"]=!0))}}});lb(l.absUrl())!==lb(n)&&c.url(l.absUrl(),!0);var q=!0;
 c.onUrlChange(function(a,b){mc(a,r)?(d.$evalAsync(function(){var c=l.absUrl(),e=l.$$state,f;a=lb(a);l.$$parse(a);l.$$state=b;f=d.$broadcast("$locationChangeStart",a,c,b,e).defaultPrevented;l.absUrl()===a&&(f?(l.$$parse(c),l.$$state=e,h(c,!1,e)):(q=!1,k(c,e)))}),d.$$phase||d.$digest()):g.location.href=a});d.$watch(function(){if(q||l.$$urlUpdatedByLocation){l.$$urlUpdatedByLocation=!1;var a=lb(c.url()),b=lb(l.absUrl()),e=c.state(),g=l.$$replace,m=a!==b||l.$$html5&&f.history&&e!==l.$$state;if(q||m)q=
 !1,d.$evalAsync(function(){var b=l.absUrl(),c=d.$broadcast("$locationChangeStart",b,a,l.$$state,e).defaultPrevented;l.absUrl()===b&&(c?(l.$$parse(a),l.$$state=e):(m&&h(b,g,e===l.$$state?null:l.$$state),k(a,e)))})}l.$$replace=!1});return l}]}function Gf(){var a=!0,b=this;this.debugEnabled=function(b){return v(b)?(a=b,this):a};this.$get=["$window",function(d){function c(a){a instanceof Error&&(a.stack?a=a.message&&-1===a.stack.indexOf(a.message)?"Error: "+a.message+"\n"+a.stack:a.stack:a.sourceURL&&
 (a=a.message+"\n"+a.sourceURL+":"+a.line));return a}function f(a){var b=d.console||{},f=b[a]||b.log||w;a=!1;try{a=!!f.apply}catch(k){}return a?function(){var a=[];q(arguments,function(b){a.push(c(b))});return f.apply(b,a)}:function(a,b){f(a,null==b?"":b)}}return{log:f("log"),info:f("info"),warn:f("warn"),error:f("error"),debug:function(){var c=f("debug");return function(){a&&c.apply(b,arguments)}}()}}]}function vg(a){return a+""}function wg(a,b){return"undefined"!==typeof a?a:b}function zd(a,b){return"undefined"===
 typeof a?b:"undefined"===typeof b?a:a+b}function U(a,b){var d,c,f;switch(a.type){case s.Program:d=!0;q(a.body,function(a){U(a.expression,b);d=d&&a.expression.constant});a.constant=d;break;case s.Literal:a.constant=!0;a.toWatch=[];break;case s.UnaryExpression:U(a.argument,b);a.constant=a.argument.constant;a.toWatch=a.argument.toWatch;break;case s.BinaryExpression:U(a.left,b);U(a.right,b);a.constant=a.left.constant&&a.right.constant;a.toWatch=a.left.toWatch.concat(a.right.toWatch);break;case s.LogicalExpression:U(a.left,
 b);U(a.right,b);a.constant=a.left.constant&&a.right.constant;a.toWatch=a.constant?[]:[a];break;case s.ConditionalExpression:U(a.test,b);U(a.alternate,b);U(a.consequent,b);a.constant=a.test.constant&&a.alternate.constant&&a.consequent.constant;a.toWatch=a.constant?[]:[a];break;case s.Identifier:a.constant=!1;a.toWatch=[a];break;case s.MemberExpression:U(a.object,b);a.computed&&U(a.property,b);a.constant=a.object.constant&&(!a.computed||a.property.constant);a.toWatch=[a];break;case s.CallExpression:d=
 f=a.filter?!b(a.callee.name).$stateful:!1;c=[];q(a.arguments,function(a){U(a,b);d=d&&a.constant;a.constant||c.push.apply(c,a.toWatch)});a.constant=d;a.toWatch=f?c:[a];break;case s.AssignmentExpression:U(a.left,b);U(a.right,b);a.constant=a.left.constant&&a.right.constant;a.toWatch=[a];break;case s.ArrayExpression:d=!0;c=[];q(a.elements,function(a){U(a,b);d=d&&a.constant;a.constant||c.push.apply(c,a.toWatch)});a.constant=d;a.toWatch=c;break;case s.ObjectExpression:d=!0;c=[];q(a.properties,function(a){U(a.value,
 b);d=d&&a.value.constant&&!a.computed;a.value.constant||c.push.apply(c,a.value.toWatch);a.computed&&(U(a.key,b),a.key.constant||c.push.apply(c,a.key.toWatch))});a.constant=d;a.toWatch=c;break;case s.ThisExpression:a.constant=!1;a.toWatch=[];break;case s.LocalsExpression:a.constant=!1,a.toWatch=[]}}function Ad(a){if(1===a.length){a=a[0].expression;var b=a.toWatch;return 1!==b.length?b:b[0]!==a?b:void 0}}function Bd(a){return a.type===s.Identifier||a.type===s.MemberExpression}function Cd(a){if(1===
 a.body.length&&Bd(a.body[0].expression))return{type:s.AssignmentExpression,left:a.body[0].expression,right:{type:s.NGValueParameter},operator:"="}}function Dd(a){return 0===a.body.length||1===a.body.length&&(a.body[0].expression.type===s.Literal||a.body[0].expression.type===s.ArrayExpression||a.body[0].expression.type===s.ObjectExpression)}function Ed(a,b){this.astBuilder=a;this.$filter=b}function Fd(a,b){this.astBuilder=a;this.$filter=b}function pc(a){return y(a.valueOf)?a.valueOf():xg.call(a)}function Hf(){var a=
 W(),b={"true":!0,"false":!1,"null":null,undefined:void 0},d,c;this.addLiteral=function(a,c){b[a]=c};this.setIdentifierFns=function(a,b){d=a;c=b;return this};this.$get=["$filter",function(f){function e(a,b,c){return null==a||null==b?a===b:"object"!==typeof a||c||(a=pc(a),"object"!==typeof a)?a===b||a!==a&&b!==b:!1}function g(a,b,c,d,f){var g=d.inputs,h;if(1===g.length){var k=e,g=g[0];return a.$watch(function(a){var b=g(a);e(b,k,d.literal)||(h=d(a,void 0,void 0,[b]),k=b&&pc(b));return h},b,c,f)}for(var l=
 [],m=[],n=0,I=g.length;n<I;n++)l[n]=e,m[n]=null;return a.$watch(function(a){for(var b=!1,c=0,f=g.length;c<f;c++){var k=g[c](a);if(b||(b=!e(k,l[c],d.literal)))m[c]=k,l[c]=k&&pc(k)}b&&(h=d(a,void 0,void 0,m));return h},b,c,f)}function h(a,b,c,d,e){function f(a){return d(a)}function h(a,c,d){l=a;y(b)&&b(a,c,d);v(a)&&d.$$postDigest(function(){v(l)&&k()})}var k,l;return k=d.inputs?g(a,h,c,d,e):a.$watch(f,h,c)}function k(a,b,c,d){function e(a){var b=!0;q(a,function(a){v(a)||(b=!1)});return b}var f,g;return f=
 a.$watch(function(a){return d(a)},function(a,c,d){g=a;y(b)&&b(a,c,d);e(a)&&d.$$postDigest(function(){e(g)&&f()})},c)}function l(a,b,c,d){var e=a.$watch(function(a){e();return d(a)},b,c);return e}function m(a,b){if(!b)return a;var c=a.$$watchDelegate,d=!1,c=c!==k&&c!==h?function(c,e,f,g){f=d&&g?g[0]:a(c,e,f,g);return b(f,c,e)}:function(c,d,e,f){e=a(c,d,e,f);c=b(e,c,d);return v(e)?c:e},d=!a.inputs;a.$$watchDelegate&&a.$$watchDelegate!==g?(c.$$watchDelegate=a.$$watchDelegate,c.inputs=a.inputs):b.$stateful||
 (c.$$watchDelegate=g,c.inputs=a.inputs?a.inputs:[a]);return c}var n={csp:Ga().noUnsafeEval,literals:xa(b),isIdentifierStart:y(d)&&d,isIdentifierContinue:y(c)&&c};return function(b,c){var d,e,u;switch(typeof b){case "string":return u=b=b.trim(),d=a[u],d||(":"===b.charAt(0)&&":"===b.charAt(1)&&(e=!0,b=b.substring(2)),d=new qc(n),d=(new rc(d,f,n)).parse(b),d.constant?d.$$watchDelegate=l:e?d.$$watchDelegate=d.literal?k:h:d.inputs&&(d.$$watchDelegate=g),a[u]=d),m(d,c);case "function":return m(b,c);default:return m(w,
 c)}}}]}function Jf(){var a=!0;this.$get=["$rootScope","$exceptionHandler",function(b,d){return Gd(function(a){b.$evalAsync(a)},d,a)}];this.errorOnUnhandledRejections=function(b){return v(b)?(a=b,this):a}}function Kf(){var a=!0;this.$get=["$browser","$exceptionHandler",function(b,d){return Gd(function(a){b.defer(a)},d,a)}];this.errorOnUnhandledRejections=function(b){return v(b)?(a=b,this):a}}function Gd(a,b,d){function c(){return new f}function f(){var a=this.promise=new e;this.resolve=function(b){k(a,
 b)};this.reject=function(b){m(a,b)};this.notify=function(b){p(a,b)}}function e(){this.$$state={status:0}}function g(){for(;!v&&t.length;){var a=t.shift();if(!a.pur){a.pur=!0;var c=a.value,c="Possibly unhandled rejection: "+("function"===typeof c?c.toString().replace(/ \{[\s\S]*$/,""):x(c)?"undefined":"string"!==typeof c?xe(c):c);a.value instanceof Error?b(a.value,c):b(c)}}}function h(b){!d||b.pending||2!==b.status||b.pur||(0===v&&0===t.length&&a(g),t.push(b));!b.processScheduled&&b.pending&&(b.processScheduled=
 !0,++v,a(function(){var c,e,f;f=b.pending;b.processScheduled=!1;b.pending=void 0;try{for(var h=0,l=f.length;h<l;++h){b.pur=!0;e=f[h][0];c=f[h][b.status];try{y(c)?k(e,c(b.value)):1===b.status?k(e,b.value):m(e,b.value)}catch(n){m(e,n)}}}finally{--v,d&&0===v&&a(g)}}))}function k(a,b){a.$$state.status||(b===a?n(a,H("qcycle",b)):l(a,b))}function l(a,b){function c(b){g||(g=!0,l(a,b))}function d(b){g||(g=!0,n(a,b))}function e(b){p(a,b)}var f,g=!1;try{if(F(b)||y(b))f=b.then;y(f)?(a.$$state.status=-1,f.call(b,
 c,d,e)):(a.$$state.value=b,a.$$state.status=1,h(a.$$state))}catch(k){d(k)}}function m(a,b){a.$$state.status||n(a,b)}function n(a,b){a.$$state.value=b;a.$$state.status=2;h(a.$$state)}function p(c,d){var e=c.$$state.pending;0>=c.$$state.status&&e&&e.length&&a(function(){for(var a,c,f=0,g=e.length;f<g;f++){c=e[f][0];a=e[f][3];try{p(c,y(a)?a(d):d)}catch(h){b(h)}}})}function r(a){var b=new e;m(b,a);return b}function J(a,b,c){var d=null;try{y(c)&&(d=c())}catch(e){return r(e)}return d&&y(d.then)?d.then(function(){return b(a)},
 r):b(a)}function s(a,b,c,d){var f=new e;k(f,a);return f.then(b,c,d)}function u(a){if(!y(a))throw H("norslvr",a);var b=new e;a(function(a){k(b,a)},function(a){m(b,a)});return b}var H=M("$q",TypeError),v=0,t=[];R(e.prototype,{then:function(a,b,c){if(x(a)&&x(b)&&x(c))return this;var d=new e;this.$$state.pending=this.$$state.pending||[];this.$$state.pending.push([d,a,b,c]);0<this.$$state.status&&h(this.$$state);return d},"catch":function(a){return this.then(null,a)},"finally":function(a,b){return this.then(function(b){return J(b,
 w,a)},function(b){return J(b,r,a)},b)}});var w=s;u.prototype=e.prototype;u.defer=c;u.reject=r;u.when=s;u.resolve=w;u.all=function(a){var b=new e,c=0,d=C(a)?[]:{};q(a,function(a,e){c++;s(a).then(function(a){d[e]=a;--c||k(b,d)},function(a){m(b,a)})});0===c&&k(b,d);return b};u.race=function(a){var b=c();q(a,function(a){s(a).then(b.resolve,b.reject)});return b.promise};return u}function Tf(){this.$get=["$window","$timeout",function(a,b){var d=a.requestAnimationFrame||a.webkitRequestAnimationFrame,c=a.cancelAnimationFrame||
 a.webkitCancelAnimationFrame||a.webkitCancelRequestAnimationFrame,f=!!d,e=f?function(a){var b=d(a);return function(){c(b)}}:function(a){var c=b(a,16.66,!1);return function(){b.cancel(c)}};e.supported=f;return e}]}function If(){function a(a){function b(){this.$$watchers=this.$$nextSibling=this.$$childHead=this.$$childTail=null;this.$$listeners={};this.$$listenerCount={};this.$$watchersCount=0;this.$id=++qb;this.$$ChildScope=null}b.prototype=a;return b}var b=10,d=M("$rootScope"),c=null,f=null;this.digestTtl=
 function(a){arguments.length&&(b=a);return b};this.$get=["$exceptionHandler","$parse","$browser",function(e,g,h){function k(a){a.currentScope.$$destroyed=!0}function l(a){9===Ha&&(a.$$childHead&&l(a.$$childHead),a.$$nextSibling&&l(a.$$nextSibling));a.$parent=a.$$nextSibling=a.$$prevSibling=a.$$childHead=a.$$childTail=a.$root=a.$$watchers=null}function m(){this.$id=++qb;this.$$phase=this.$parent=this.$$watchers=this.$$nextSibling=this.$$prevSibling=this.$$childHead=this.$$childTail=null;this.$root=
 this;this.$$destroyed=!1;this.$$listeners={};this.$$listenerCount={};this.$$watchersCount=0;this.$$isolateBindings=null}function n(a){if(H.$$phase)throw d("inprog",H.$$phase);H.$$phase=a}function p(a,b){do a.$$watchersCount+=b;while(a=a.$parent)}function r(a,b,c){do a.$$listenerCount[c]-=b,0===a.$$listenerCount[c]&&delete a.$$listenerCount[c];while(a=a.$parent)}function J(){}function s(){for(;ia.length;)try{ia.shift()()}catch(a){e(a)}f=null}function u(){null===f&&(f=h.defer(function(){H.$apply(s)}))}
 m.prototype={constructor:m,$new:function(b,c){var d;c=c||this;b?(d=new m,d.$root=this.$root):(this.$$ChildScope||(this.$$ChildScope=a(this)),d=new this.$$ChildScope);d.$parent=c;d.$$prevSibling=c.$$childTail;c.$$childHead?(c.$$childTail.$$nextSibling=d,c.$$childTail=d):c.$$childHead=c.$$childTail=d;(b||c!==this)&&d.$on("$destroy",k);return d},$watch:function(a,b,d,e){var f=g(a);if(f.$$watchDelegate)return f.$$watchDelegate(this,b,d,f,a);var h=this,k=h.$$watchers,l={fn:b,last:J,get:f,exp:e||a,eq:!!d};
 c=null;y(b)||(l.fn=w);k||(k=h.$$watchers=[],k.$$digestWatchIndex=-1);k.unshift(l);k.$$digestWatchIndex++;p(this,1);return function(){var a=Za(k,l);0<=a&&(p(h,-1),a<k.$$digestWatchIndex&&k.$$digestWatchIndex--);c=null}},$watchGroup:function(a,b){function c(){h=!1;k?(k=!1,b(e,e,g)):b(e,d,g)}var d=Array(a.length),e=Array(a.length),f=[],g=this,h=!1,k=!0;if(!a.length){var l=!0;g.$evalAsync(function(){l&&b(e,e,g)});return function(){l=!1}}if(1===a.length)return this.$watch(a[0],function(a,c,f){e[0]=a;d[0]=
 c;b(e,a===c?e:d,f)});q(a,function(a,b){var k=g.$watch(a,function(a,f){e[b]=a;d[b]=f;h||(h=!0,g.$evalAsync(c))});f.push(k)});return function(){for(;f.length;)f.shift()()}},$watchCollection:function(a,b){function c(a){e=a;var b,d,g,h;if(!x(e)){if(F(e))if(sa(e))for(f!==n&&(f=n,t=f.length=0,l++),a=e.length,t!==a&&(l++,f.length=t=a),b=0;b<a;b++)h=f[b],g=e[b],d=h!==h&&g!==g,d||h===g||(l++,f[b]=g);else{f!==p&&(f=p={},t=0,l++);a=0;for(b in e)ua.call(e,b)&&(a++,g=e[b],h=f[b],b in f?(d=h!==h&&g!==g,d||h===
 g||(l++,f[b]=g)):(t++,f[b]=g,l++));if(t>a)for(b in l++,f)ua.call(e,b)||(t--,delete f[b])}else f!==e&&(f=e,l++);return l}}c.$stateful=!0;var d=this,e,f,h,k=1<b.length,l=0,m=g(a,c),n=[],p={},r=!0,t=0;return this.$watch(m,function(){r?(r=!1,b(e,e,d)):b(e,h,d);if(k)if(F(e))if(sa(e)){h=Array(e.length);for(var a=0;a<e.length;a++)h[a]=e[a]}else for(a in h={},e)ua.call(e,a)&&(h[a]=e[a]);else h=e})},$digest:function(){var a,g,k,l,m,p,r,u=b,q,w=[],x,ia;n("$digest");h.$$checkUrlChange();this===H&&null!==f&&
 (h.defer.cancel(f),s());c=null;do{r=!1;q=this;for(p=0;p<v.length;p++){try{ia=v[p],ia.scope.$eval(ia.expression,ia.locals)}catch(z){e(z)}c=null}v.length=0;a:do{if(p=q.$$watchers)for(p.$$digestWatchIndex=p.length;p.$$digestWatchIndex--;)try{if(a=p[p.$$digestWatchIndex])if(m=a.get,(g=m(q))!==(k=a.last)&&!(a.eq?qa(g,k):da(g)&&da(k)))r=!0,c=a,a.last=a.eq?xa(g,null):g,l=a.fn,l(g,k===J?g:k,q),5>u&&(x=4-u,w[x]||(w[x]=[]),w[x].push({msg:y(a.exp)?"fn: "+(a.exp.name||a.exp.toString()):a.exp,newVal:g,oldVal:k}));
 else if(a===c){r=!1;break a}}catch(D){e(D)}if(!(p=q.$$watchersCount&&q.$$childHead||q!==this&&q.$$nextSibling))for(;q!==this&&!(p=q.$$nextSibling);)q=q.$parent}while(q=p);if((r||v.length)&&!u--)throw H.$$phase=null,d("infdig",b,w);}while(r||v.length);for(H.$$phase=null;A<t.length;)try{t[A++]()}catch(E){e(E)}t.length=A=0;h.$$checkUrlChange()},$destroy:function(){if(!this.$$destroyed){var a=this.$parent;this.$broadcast("$destroy");this.$$destroyed=!0;this===H&&h.$$applicationDestroyed();p(this,-this.$$watchersCount);
 for(var b in this.$$listenerCount)r(this,this.$$listenerCount[b],b);a&&a.$$childHead===this&&(a.$$childHead=this.$$nextSibling);a&&a.$$childTail===this&&(a.$$childTail=this.$$prevSibling);this.$$prevSibling&&(this.$$prevSibling.$$nextSibling=this.$$nextSibling);this.$$nextSibling&&(this.$$nextSibling.$$prevSibling=this.$$prevSibling);this.$destroy=this.$digest=this.$apply=this.$evalAsync=this.$applyAsync=w;this.$on=this.$watch=this.$watchGroup=function(){return w};this.$$listeners={};this.$$nextSibling=
 null;l(this)}},$eval:function(a,b){return g(a)(this,b)},$evalAsync:function(a,b){H.$$phase||v.length||h.defer(function(){v.length&&H.$digest()});v.push({scope:this,expression:g(a),locals:b})},$$postDigest:function(a){t.push(a)},$apply:function(a){try{n("$apply");try{return this.$eval(a)}finally{H.$$phase=null}}catch(b){e(b)}finally{try{H.$digest()}catch(c){throw e(c),c;}}},$applyAsync:function(a){function b(){c.$eval(a)}var c=this;a&&ia.push(b);a=g(a);u()},$on:function(a,b){var c=this.$$listeners[a];
 c||(this.$$listeners[a]=c=[]);c.push(b);var d=this;do d.$$listenerCount[a]||(d.$$listenerCount[a]=0),d.$$listenerCount[a]++;while(d=d.$parent);var e=this;return function(){var d=c.indexOf(b);-1!==d&&(c[d]=null,r(e,1,a))}},$emit:function(a,b){var c=[],d,f=this,g=!1,h={name:a,targetScope:f,stopPropagation:function(){g=!0},preventDefault:function(){h.defaultPrevented=!0},defaultPrevented:!1},k=$a([h],arguments,1),l,m;do{d=f.$$listeners[a]||c;h.currentScope=f;l=0;for(m=d.length;l<m;l++)if(d[l])try{d[l].apply(null,
 k)}catch(n){e(n)}else d.splice(l,1),l--,m--;if(g)return h.currentScope=null,h;f=f.$parent}while(f);h.currentScope=null;return h},$broadcast:function(a,b){var c=this,d=this,f={name:a,targetScope:this,preventDefault:function(){f.defaultPrevented=!0},defaultPrevented:!1};if(!this.$$listenerCount[a])return f;for(var g=$a([f],arguments,1),h,k;c=d;){f.currentScope=c;d=c.$$listeners[a]||[];h=0;for(k=d.length;h<k;h++)if(d[h])try{d[h].apply(null,g)}catch(l){e(l)}else d.splice(h,1),h--,k--;if(!(d=c.$$listenerCount[a]&&
 c.$$childHead||c!==this&&c.$$nextSibling))for(;c!==this&&!(d=c.$$nextSibling);)c=c.$parent}f.currentScope=null;return f}};var H=new m,v=H.$$asyncQueue=[],t=H.$$postDigestQueue=[],ia=H.$$applyAsyncQueue=[],A=0;return H}]}function Ae(){var a=/^\s*(https?|ftp|mailto|tel|file):/,b=/^\s*((https?|ftp|file|blob):|data:image\/)/;this.aHrefSanitizationWhitelist=function(b){return v(b)?(a=b,this):a};this.imgSrcSanitizationWhitelist=function(a){return v(a)?(b=a,this):b};this.$get=function(){return function(d,
 c){var f=c?b:a,e;e=oa(d).href;return""===e||e.match(f)?d:"unsafe:"+e}}}function yg(a){if("self"===a)return a;if(E(a)){if(-1<a.indexOf("***"))throw Da("iwcard",a);a=Hd(a).replace(/\\\*\\\*/g,".*").replace(/\\\*/g,"[^:/.?&;]*");return new RegExp("^"+a+"$")}if(Wa(a))return new RegExp("^"+a.source+"$");throw Da("imatcher");}function Id(a){var b=[];v(a)&&q(a,function(a){b.push(yg(a))});return b}function Mf(){this.SCE_CONTEXTS=pa;var a=["self"],b=[];this.resourceUrlWhitelist=function(b){arguments.length&&
 (a=Id(b));return a};this.resourceUrlBlacklist=function(a){arguments.length&&(b=Id(a));return b};this.$get=["$injector",function(d){function c(a,b){return"self"===a?td(b):!!a.exec(b.href)}function f(a){var b=function(a){this.$$unwrapTrustedValue=function(){return a}};a&&(b.prototype=new a);b.prototype.valueOf=function(){return this.$$unwrapTrustedValue()};b.prototype.toString=function(){return this.$$unwrapTrustedValue().toString()};return b}var e=function(a){throw Da("unsafe");};d.has("$sanitize")&&
 (e=d.get("$sanitize"));var g=f(),h={};h[pa.HTML]=f(g);h[pa.CSS]=f(g);h[pa.URL]=f(g);h[pa.JS]=f(g);h[pa.RESOURCE_URL]=f(h[pa.URL]);return{trustAs:function(a,b){var c=h.hasOwnProperty(a)?h[a]:null;if(!c)throw Da("icontext",a,b);if(null===b||x(b)||""===b)return b;if("string"!==typeof b)throw Da("itype",a);return new c(b)},getTrusted:function(d,f){if(null===f||x(f)||""===f)return f;var g=h.hasOwnProperty(d)?h[d]:null;if(g&&f instanceof g)return f.$$unwrapTrustedValue();if(d===pa.RESOURCE_URL){var g=oa(f.toString()),
 n,p,r=!1;n=0;for(p=a.length;n<p;n++)if(c(a[n],g)){r=!0;break}if(r)for(n=0,p=b.length;n<p;n++)if(c(b[n],g)){r=!1;break}if(r)return f;throw Da("insecurl",f.toString());}if(d===pa.HTML)return e(f);throw Da("unsafe");},valueOf:function(a){return a instanceof g?a.$$unwrapTrustedValue():a}}}]}function Lf(){var a=!0;this.enabled=function(b){arguments.length&&(a=!!b);return a};this.$get=["$parse","$sceDelegate",function(b,d){if(a&&8>Ha)throw Da("iequirks");var c=ra(pa);c.isEnabled=function(){return a};c.trustAs=
 d.trustAs;c.getTrusted=d.getTrusted;c.valueOf=d.valueOf;a||(c.trustAs=c.getTrusted=function(a,b){return b},c.valueOf=Xa);c.parseAs=function(a,d){var e=b(d);return e.literal&&e.constant?e:b(d,function(b){return c.getTrusted(a,b)})};var f=c.parseAs,e=c.getTrusted,g=c.trustAs;q(pa,function(a,b){var d=P(b);c[("parse_as_"+d).replace(sc,fb)]=function(b){return f(a,b)};c[("get_trusted_"+d).replace(sc,fb)]=function(b){return e(a,b)};c[("trust_as_"+d).replace(sc,fb)]=function(b){return g(a,b)}});return c}]}
 function Nf(){this.$get=["$window","$document",function(a,b){var d={},c=!((!a.nw||!a.nw.process)&&a.chrome&&(a.chrome.app&&a.chrome.app.runtime||!a.chrome.app&&a.chrome.runtime&&a.chrome.runtime.id))&&a.history&&a.history.pushState,f=Z((/android (\d+)/.exec(P((a.navigator||{}).userAgent))||[])[1]),e=/Boxee/i.test((a.navigator||{}).userAgent),g=b[0]||{},h=g.body&&g.body.style,k=!1,l=!1;h&&(k=!!("transition"in h||"webkitTransition"in h),l=!!("animation"in h||"webkitAnimation"in h));return{history:!(!c||
 4>f||e),hasEvent:function(a){if("input"===a&&Ha)return!1;if(x(d[a])){var b=g.createElement("div");d[a]="on"+a in b}return d[a]},csp:Ga(),transitions:k,animations:l,android:f}}]}function Pf(){var a;this.httpOptions=function(b){return b?(a=b,this):a};this.$get=["$exceptionHandler","$templateCache","$http","$q","$sce",function(b,d,c,f,e){function g(h,k){g.totalPendingRequests++;if(!E(h)||x(d.get(h)))h=e.getTrustedResourceUrl(h);var l=c.defaults&&c.defaults.transformResponse;C(l)?l=l.filter(function(a){return a!==
 jc}):l===jc&&(l=null);return c.get(h,R({cache:d,transformResponse:l},a)).finally(function(){g.totalPendingRequests--}).then(function(a){d.put(h,a.data);return a.data},function(a){k||(a=zg("tpload",h,a.status,a.statusText),b(a));return f.reject(a)})}g.totalPendingRequests=0;return g}]}function Qf(){this.$get=["$rootScope","$browser","$location",function(a,b,d){return{findBindings:function(a,b,d){a=a.getElementsByClassName("ng-binding");var g=[];q(a,function(a){var c=$.element(a).data("$binding");c&&
 q(c,function(c){d?(new RegExp("(^|\\s)"+Hd(b)+"(\\s|\\||$)")).test(c)&&g.push(a):-1!==c.indexOf(b)&&g.push(a)})});return g},findModels:function(a,b,d){for(var g=["ng-","data-ng-","ng\\:"],h=0;h<g.length;++h){var k=a.querySelectorAll("["+g[h]+"model"+(d?"=":"*=")+'"'+b+'"]');if(k.length)return k}},getLocation:function(){return d.url()},setLocation:function(b){b!==d.url()&&(d.url(b),a.$digest())},whenStable:function(a){b.notifyWhenNoOutstandingRequests(a)}}}]}function Rf(){this.$get=["$rootScope","$browser",
 "$q","$$q","$exceptionHandler",function(a,b,d,c,f){function e(e,k,l){y(e)||(l=k,k=e,e=w);var m=va.call(arguments,3),n=v(l)&&!l,p=(n?c:d).defer(),r=p.promise,q;q=b.defer(function(){try{p.resolve(e.apply(null,m))}catch(b){p.reject(b),f(b)}finally{delete g[r.$$timeoutId]}n||a.$apply()},k);r.$$timeoutId=q;g[q]=p;return r}var g={};e.cancel=function(a){return a&&a.$$timeoutId in g?(g[a.$$timeoutId].promise.catch(w),g[a.$$timeoutId].reject("canceled"),delete g[a.$$timeoutId],b.defer.cancel(a.$$timeoutId)):
 !1};return e}]}function oa(a){Ha&&(ca.setAttribute("href",a),a=ca.href);ca.setAttribute("href",a);return{href:ca.href,protocol:ca.protocol?ca.protocol.replace(/:$/,""):"",host:ca.host,search:ca.search?ca.search.replace(/^\?/,""):"",hash:ca.hash?ca.hash.replace(/^#/,""):"",hostname:ca.hostname,port:ca.port,pathname:"/"===ca.pathname.charAt(0)?ca.pathname:"/"+ca.pathname}}function td(a){a=E(a)?oa(a):a;return a.protocol===Jd.protocol&&a.host===Jd.host}function Sf(){this.$get=ma(z)}function Kd(a){function b(a){try{return decodeURIComponent(a)}catch(b){return a}}
 var d=a[0]||{},c={},f="";return function(){var a,g,h,k,l;try{a=d.cookie||""}catch(m){a=""}if(a!==f)for(f=a,a=f.split("; "),c={},h=0;h<a.length;h++)g=a[h],k=g.indexOf("="),0<k&&(l=b(g.substring(0,k)),x(c[l])&&(c[l]=b(g.substring(k+1))));return c}}function Wf(){this.$get=Kd}function Xc(a){function b(d,c){if(F(d)){var f={};q(d,function(a,c){f[c]=b(c,a)});return f}return a.factory(d+"Filter",c)}this.register=b;this.$get=["$injector",function(a){return function(b){return a.get(b+"Filter")}}];b("currency",
 Ld);b("date",Md);b("filter",Ag);b("json",Bg);b("limitTo",Cg);b("lowercase",Dg);b("number",Nd);b("orderBy",Od);b("uppercase",Eg)}function Ag(){return function(a,b,d,c){if(!sa(a)){if(null==a)return a;throw M("filter")("notarray",a);}c=c||"$";var f;switch(tc(b)){case "function":break;case "boolean":case "null":case "number":case "string":f=!0;case "object":b=Fg(b,d,c,f);break;default:return a}return Array.prototype.filter.call(a,b)}}function Fg(a,b,d,c){var f=F(a)&&d in a;!0===b?b=qa:y(b)||(b=function(a,
 b){if(x(a))return!1;if(null===a||null===b)return a===b;if(F(b)||F(a)&&!Vb(a))return!1;a=P(""+a);b=P(""+b);return-1!==a.indexOf(b)});return function(e){return f&&!F(e)?Ea(e,a[d],b,d,!1):Ea(e,a,b,d,c)}}function Ea(a,b,d,c,f,e){var g=tc(a),h=tc(b);if("string"===h&&"!"===b.charAt(0))return!Ea(a,b.substring(1),d,c,f);if(C(a))return a.some(function(a){return Ea(a,b,d,c,f)});switch(g){case "object":var k;if(f){for(k in a)if("$"!==k.charAt(0)&&Ea(a[k],b,d,c,!0))return!0;return e?!1:Ea(a,b,d,c,!1)}if("object"===
 h){for(k in b)if(e=b[k],!y(e)&&!x(e)&&(g=k===c,!Ea(g?a:a[k],e,d,c,g,g)))return!1;return!0}return d(a,b);case "function":return!1;default:return d(a,b)}}function tc(a){return null===a?"null":typeof a}function Ld(a){var b=a.NUMBER_FORMATS;return function(a,c,f){x(c)&&(c=b.CURRENCY_SYM);x(f)&&(f=b.PATTERNS[1].maxFrac);return null==a?a:Pd(a,b.PATTERNS[1],b.GROUP_SEP,b.DECIMAL_SEP,f).replace(/\u00A4/g,c)}}function Nd(a){var b=a.NUMBER_FORMATS;return function(a,c){return null==a?a:Pd(a,b.PATTERNS[0],b.GROUP_SEP,
 b.DECIMAL_SEP,c)}}function Gg(a){var b=0,d,c,f,e,g;-1<(c=a.indexOf(Qd))&&(a=a.replace(Qd,""));0<(f=a.search(/e/i))?(0>c&&(c=f),c+=+a.slice(f+1),a=a.substring(0,f)):0>c&&(c=a.length);for(f=0;a.charAt(f)===uc;f++);if(f===(g=a.length))d=[0],c=1;else{for(g--;a.charAt(g)===uc;)g--;c-=f;d=[];for(e=0;f<=g;f++,e++)d[e]=+a.charAt(f)}c>Rd&&(d=d.splice(0,Rd-1),b=c-1,c=1);return{d:d,e:b,i:c}}function Hg(a,b,d,c){var f=a.d,e=f.length-a.i;b=x(b)?Math.min(Math.max(d,e),c):+b;d=b+a.i;c=f[d];if(0<d){f.splice(Math.max(a.i,
 d));for(var g=d;g<f.length;g++)f[g]=0}else for(e=Math.max(0,e),a.i=1,f.length=Math.max(1,d=b+1),f[0]=0,g=1;g<d;g++)f[g]=0;if(5<=c)if(0>d-1){for(c=0;c>d;c--)f.unshift(0),a.i++;f.unshift(1);a.i++}else f[d-1]++;for(;e<Math.max(0,b);e++)f.push(0);if(b=f.reduceRight(function(a,b,c,d){b+=a;d[c]=b%10;return Math.floor(b/10)},0))f.unshift(b),a.i++}function Pd(a,b,d,c,f){if(!E(a)&&!Y(a)||isNaN(a))return"";var e=!isFinite(a),g=!1,h=Math.abs(a)+"",k="";if(e)k="\u221e";else{g=Gg(h);Hg(g,f,b.minFrac,b.maxFrac);
 k=g.d;h=g.i;f=g.e;e=[];for(g=k.reduce(function(a,b){return a&&!b},!0);0>h;)k.unshift(0),h++;0<h?e=k.splice(h,k.length):(e=k,k=[0]);h=[];for(k.length>=b.lgSize&&h.unshift(k.splice(-b.lgSize,k.length).join(""));k.length>b.gSize;)h.unshift(k.splice(-b.gSize,k.length).join(""));k.length&&h.unshift(k.join(""));k=h.join(d);e.length&&(k+=c+e.join(""));f&&(k+="e+"+f)}return 0>a&&!g?b.negPre+k+b.negSuf:b.posPre+k+b.posSuf}function Kb(a,b,d,c){var f="";if(0>a||c&&0>=a)c?a=-a+1:(a=-a,f="-");for(a=""+a;a.length<
 b;)a=uc+a;d&&(a=a.substr(a.length-b));return f+a}function aa(a,b,d,c,f){d=d||0;return function(e){e=e["get"+a]();if(0<d||e>-d)e+=d;0===e&&-12===d&&(e=12);return Kb(e,b,c,f)}}function mb(a,b,d){return function(c,f){var e=c["get"+a](),g=ub((d?"STANDALONE":"")+(b?"SHORT":"")+a);return f[g][e]}}function Sd(a){var b=(new Date(a,0,1)).getDay();return new Date(a,0,(4>=b?5:12)-b)}function Td(a){return function(b){var d=Sd(b.getFullYear());b=+new Date(b.getFullYear(),b.getMonth(),b.getDate()+(4-b.getDay()))-
 +d;b=1+Math.round(b/6048E5);return Kb(b,a)}}function vc(a,b){return 0>=a.getFullYear()?b.ERAS[0]:b.ERAS[1]}function Md(a){function b(a){var b;if(b=a.match(d)){a=new Date(0);var e=0,g=0,h=b[8]?a.setUTCFullYear:a.setFullYear,k=b[8]?a.setUTCHours:a.setHours;b[9]&&(e=Z(b[9]+b[10]),g=Z(b[9]+b[11]));h.call(a,Z(b[1]),Z(b[2])-1,Z(b[3]));e=Z(b[4]||0)-e;g=Z(b[5]||0)-g;h=Z(b[6]||0);b=Math.round(1E3*parseFloat("0."+(b[7]||0)));k.call(a,e,g,h,b)}return a}var d=/^(\d{4})-?(\d\d)-?(\d\d)(?:T(\d\d)(?::?(\d\d)(?::?(\d\d)(?:\.(\d+))?)?)?(Z|([+-])(\d\d):?(\d\d))?)?$/;
 return function(c,d,e){var g="",h=[],k,l;d=d||"mediumDate";d=a.DATETIME_FORMATS[d]||d;E(c)&&(c=Ig.test(c)?Z(c):b(c));Y(c)&&(c=new Date(c));if(!ga(c)||!isFinite(c.getTime()))return c;for(;d;)(l=Jg.exec(d))?(h=$a(h,l,1),d=h.pop()):(h.push(d),d=null);var m=c.getTimezoneOffset();e&&(m=Jc(e,m),c=Wb(c,e,!0));q(h,function(b){k=Kg[b];g+=k?k(c,a.DATETIME_FORMATS,m):"''"===b?"'":b.replace(/(^'|'$)/g,"").replace(/''/g,"'")});return g}}function Bg(){return function(a,b){x(b)&&(b=2);return bb(a,b)}}function Cg(){return function(a,
 b,d){b=Infinity===Math.abs(Number(b))?Number(b):Z(b);if(da(b))return a;Y(a)&&(a=a.toString());if(!sa(a))return a;d=!d||isNaN(d)?0:Z(d);d=0>d?Math.max(0,a.length+d):d;return 0<=b?wc(a,d,d+b):0===d?wc(a,b,a.length):wc(a,Math.max(0,d+b),d)}}function wc(a,b,d){return E(a)?a.slice(b,d):va.call(a,b,d)}function Od(a){function b(b){return b.map(function(b){var c=1,d=Xa;if(y(b))d=b;else if(E(b)){if("+"===b.charAt(0)||"-"===b.charAt(0))c="-"===b.charAt(0)?-1:1,b=b.substring(1);if(""!==b&&(d=a(b),d.constant))var f=
 d(),d=function(a){return a[f]}}return{get:d,descending:c}})}function d(a){switch(typeof a){case "number":case "boolean":case "string":return!0;default:return!1}}function c(a,b){var c=0,d=a.type,k=b.type;if(d===k){var k=a.value,l=b.value;"string"===d?(k=k.toLowerCase(),l=l.toLowerCase()):"object"===d&&(F(k)&&(k=a.index),F(l)&&(l=b.index));k!==l&&(c=k<l?-1:1)}else c=d<k?-1:1;return c}return function(a,e,g,h){if(null==a)return a;if(!sa(a))throw M("orderBy")("notarray",a);C(e)||(e=[e]);0===e.length&&
 (e=["+"]);var k=b(e),l=g?-1:1,m=y(h)?h:c;a=Array.prototype.map.call(a,function(a,b){return{value:a,tieBreaker:{value:b,type:"number",index:b},predicateValues:k.map(function(c){var e=c.get(a);c=typeof e;if(null===e)c="string",e="null";else if("object"===c)a:{if(y(e.valueOf)&&(e=e.valueOf(),d(e)))break a;Vb(e)&&(e=e.toString(),d(e))}return{value:e,type:c,index:b}})}});a.sort(function(a,b){for(var c=0,d=k.length;c<d;c++){var e=m(a.predicateValues[c],b.predicateValues[c]);if(e)return e*k[c].descending*
 l}return m(a.tieBreaker,b.tieBreaker)*l});return a=a.map(function(a){return a.value})}}function Qa(a){y(a)&&(a={link:a});a.restrict=a.restrict||"AC";return ma(a)}function Lb(a,b,d,c,f){this.$$controls=[];this.$error={};this.$$success={};this.$pending=void 0;this.$name=f(b.name||b.ngForm||"")(d);this.$dirty=!1;this.$valid=this.$pristine=!0;this.$submitted=this.$invalid=!1;this.$$parentForm=Mb;this.$$element=a;this.$$animate=c;Ud(this)}function Ud(a){a.$$classCache={};a.$$classCache[Vd]=!(a.$$classCache[nb]=
 a.$$element.hasClass(nb))}function Wd(a){function b(a,b,c){c&&!a.$$classCache[b]?(a.$$animate.addClass(a.$$element,b),a.$$classCache[b]=!0):!c&&a.$$classCache[b]&&(a.$$animate.removeClass(a.$$element,b),a.$$classCache[b]=!1)}function d(a,c,d){c=c?"-"+Nc(c,"-"):"";b(a,nb+c,!0===d);b(a,Vd+c,!1===d)}var c=a.set,f=a.unset;a.clazz.prototype.$setValidity=function(a,g,h){x(g)?(this.$pending||(this.$pending={}),c(this.$pending,a,h)):(this.$pending&&f(this.$pending,a,h),Xd(this.$pending)&&(this.$pending=void 0));
 Ia(g)?g?(f(this.$error,a,h),c(this.$$success,a,h)):(c(this.$error,a,h),f(this.$$success,a,h)):(f(this.$error,a,h),f(this.$$success,a,h));this.$pending?(b(this,"ng-pending",!0),this.$valid=this.$invalid=void 0,d(this,"",null)):(b(this,"ng-pending",!1),this.$valid=Xd(this.$error),this.$invalid=!this.$valid,d(this,"",this.$valid));g=this.$pending&&this.$pending[a]?void 0:this.$error[a]?!1:this.$$success[a]?!0:null;d(this,a,g);this.$$parentForm.$setValidity(a,g,this)}}function Xd(a){if(a)for(var b in a)if(a.hasOwnProperty(b))return!1;
 return!0}function xc(a){a.$formatters.push(function(b){return a.$isEmpty(b)?b:b.toString()})}function Ra(a,b,d,c,f,e){var g=P(b[0].type);if(!f.android){var h=!1;b.on("compositionstart",function(){h=!0});b.on("compositionend",function(){h=!1;l()})}var k,l=function(a){k&&(e.defer.cancel(k),k=null);if(!h){var f=b.val();a=a&&a.type;"password"===g||d.ngTrim&&"false"===d.ngTrim||(f=S(f));(c.$viewValue!==f||""===f&&c.$$hasNativeValidators)&&c.$setViewValue(f,a)}};if(f.hasEvent("input"))b.on("input",l);else{var m=
 function(a,b,c){k||(k=e.defer(function(){k=null;b&&b.value===c||l(a)}))};b.on("keydown",function(a){var b=a.keyCode;91===b||15<b&&19>b||37<=b&&40>=b||m(a,this,this.value)});if(f.hasEvent("paste"))b.on("paste cut",m)}b.on("change",l);if(Yd[g]&&c.$$hasNativeValidators&&g===d.type)b.on("keydown wheel mousedown",function(a){if(!k){var b=this.validity,c=b.badInput,d=b.typeMismatch;k=e.defer(function(){k=null;b.badInput===c&&b.typeMismatch===d||l(a)})}});c.$render=function(){var a=c.$isEmpty(c.$viewValue)?
 "":c.$viewValue;b.val()!==a&&b.val(a)}}function Nb(a,b){return function(d,c){var f,e;if(ga(d))return d;if(E(d)){'"'===d.charAt(0)&&'"'===d.charAt(d.length-1)&&(d=d.substring(1,d.length-1));if(Lg.test(d))return new Date(d);a.lastIndex=0;if(f=a.exec(d))return f.shift(),e=c?{yyyy:c.getFullYear(),MM:c.getMonth()+1,dd:c.getDate(),HH:c.getHours(),mm:c.getMinutes(),ss:c.getSeconds(),sss:c.getMilliseconds()/1E3}:{yyyy:1970,MM:1,dd:1,HH:0,mm:0,ss:0,sss:0},q(f,function(a,c){c<b.length&&(e[b[c]]=+a)}),new Date(e.yyyy,
 e.MM-1,e.dd,e.HH,e.mm,e.ss||0,1E3*e.sss||0)}return NaN}}function ob(a,b,d,c){return function(f,e,g,h,k,l,m){function n(a){return a&&!(a.getTime&&a.getTime()!==a.getTime())}function p(a){return v(a)&&!ga(a)?d(a)||void 0:a}yc(f,e,g,h);Ra(f,e,g,h,k,l);var r=h&&h.$options.getOption("timezone"),q;h.$$parserName=a;h.$parsers.push(function(a){if(h.$isEmpty(a))return null;if(b.test(a))return a=d(a,q),r&&(a=Wb(a,r)),a});h.$formatters.push(function(a){if(a&&!ga(a))throw pb("datefmt",a);if(n(a))return(q=a)&&
 r&&(q=Wb(q,r,!0)),m("date")(a,c,r);q=null;return""});if(v(g.min)||g.ngMin){var s;h.$validators.min=function(a){return!n(a)||x(s)||d(a)>=s};g.$observe("min",function(a){s=p(a);h.$validate()})}if(v(g.max)||g.ngMax){var u;h.$validators.max=function(a){return!n(a)||x(u)||d(a)<=u};g.$observe("max",function(a){u=p(a);h.$validate()})}}}function yc(a,b,d,c){(c.$$hasNativeValidators=F(b[0].validity))&&c.$parsers.push(function(a){var c=b.prop("validity")||{};return c.badInput||c.typeMismatch?void 0:a})}function Zd(a){a.$$parserName=
 "number";a.$parsers.push(function(b){if(a.$isEmpty(b))return null;if(Mg.test(b))return parseFloat(b)});a.$formatters.push(function(b){if(!a.$isEmpty(b)){if(!Y(b))throw pb("numfmt",b);b=b.toString()}return b})}function Sa(a){v(a)&&!Y(a)&&(a=parseFloat(a));return da(a)?void 0:a}function zc(a){var b=a.toString(),d=b.indexOf(".");return-1===d?-1<a&&1>a&&(a=/e-(\d+)$/.exec(b))?Number(a[1]):0:b.length-d-1}function $d(a,b,d){a=Number(a);var c=(a|0)!==a,f=(b|0)!==b,e=(d|0)!==d;if(c||f||e){var g=c?zc(a):0,
 h=f?zc(b):0,k=e?zc(d):0,g=Math.max(g,h,k),g=Math.pow(10,g);a*=g;b*=g;d*=g;c&&(a=Math.round(a));f&&(b=Math.round(b));e&&(d=Math.round(d))}return 0===(a-b)%d}function ae(a,b,d,c,f){if(v(c)){a=a(c);if(!a.constant)throw pb("constexpr",d,c);return a(b)}return f}function Ac(a,b){function d(a,b){if(!a||!a.length)return[];if(!b||!b.length)return a;var c=[],d=0;a:for(;d<a.length;d++){for(var e=a[d],f=0;f<b.length;f++)if(e===b[f])continue a;c.push(e)}return c}function c(a){var b=a;C(a)?b=a.map(c).join(" "):
 F(a)&&(b=Object.keys(a).filter(function(b){return a[b]}).join(" "));return b}function f(a){var b=a;if(C(a))b=a.map(f);else if(F(a)){var c=!1,b=Object.keys(a).filter(function(b){b=a[b];!c&&x(b)&&(c=!0);return b});c&&b.push(void 0)}return b}a="ngClass"+a;var e;return["$parse",function(g){return{restrict:"AC",link:function(h,k,l){function m(a,b){var c=[];q(a,function(a){if(0<b||H[a])H[a]=(H[a]||0)+b,H[a]===+(0<b)&&c.push(a)});return c.join(" ")}function n(a){if(a===b){var c=t,c=m(c&&c.split(" "),1);
 l.$addClass(c)}else c=t,c=m(c&&c.split(" "),-1),l.$removeClass(c);w=a}function p(a){a=c(a);a!==t&&r(a)}function r(a){if(w===b){var c=t&&t.split(" "),e=a&&a.split(" "),f=d(c,e),c=d(e,c),f=m(f,-1),c=m(c,1);l.$addClass(c);l.$removeClass(f)}t=a}var s=l[a].trim(),v=":"===s.charAt(0)&&":"===s.charAt(1),s=g(s,v?f:c),u=v?p:r,H=k.data("$classCounts"),w=!0,t;H||(H=W(),k.data("$classCounts",H));"ngClass"!==a&&(e||(e=g("$index",function(a){return a&1})),h.$watch(e,n));h.$watch(s,u,v)}}}]}function Ob(a,b,d,c,
 f,e,g,h,k){this.$modelValue=this.$viewValue=Number.NaN;this.$$rawModelValue=void 0;this.$validators={};this.$asyncValidators={};this.$parsers=[];this.$formatters=[];this.$viewChangeListeners=[];this.$untouched=!0;this.$touched=!1;this.$pristine=!0;this.$dirty=!1;this.$valid=!0;this.$invalid=!1;this.$error={};this.$$success={};this.$pending=void 0;this.$name=k(d.name||"",!1)(a);this.$$parentForm=Mb;this.$options=Pb;this.$$parsedNgModel=f(d.ngModel);this.$$parsedNgModelAssign=this.$$parsedNgModel.assign;
 this.$$ngModelGet=this.$$parsedNgModel;this.$$ngModelSet=this.$$parsedNgModelAssign;this.$$pendingDebounce=null;this.$$parserValid=void 0;this.$$currentValidationRunId=0;this.$$scope=a;this.$$attr=d;this.$$element=c;this.$$animate=e;this.$$timeout=g;this.$$parse=f;this.$$q=h;this.$$exceptionHandler=b;Ud(this);Ng(this)}function Ng(a){a.$$scope.$watch(function(){var b=a.$$ngModelGet(a.$$scope);if(b!==a.$modelValue&&(a.$modelValue===a.$modelValue||b===b)){a.$modelValue=a.$$rawModelValue=b;a.$$parserValid=
 void 0;for(var d=a.$formatters,c=d.length,f=b;c--;)f=d[c](f);a.$viewValue!==f&&(a.$$updateEmptyClasses(f),a.$viewValue=a.$$lastCommittedViewValue=f,a.$render(),a.$$runValidators(a.$modelValue,a.$viewValue,w))}return b})}function Bc(a){this.$$options=a}function be(a,b){q(b,function(b,c){v(a[c])||(a[c]=b)})}var Og=/^\/(.+)\/([a-z]*)$/,ua=Object.prototype.hasOwnProperty,P=function(a){return E(a)?a.toLowerCase():a},ub=function(a){return E(a)?a.toUpperCase():a},Ha,D,ta,va=[].slice,og=[].splice,Pg=[].push,
 na=Object.prototype.toString,Gc=Object.getPrototypeOf,Fa=M("ng"),$=z.angular||(z.angular={}),Zb,qb=0;Ha=z.document.documentMode;var da=Number.isNaN||function(a){return a!==a};w.$inject=[];Xa.$inject=[];var C=Array.isArray,me=/^\[object (?:Uint8|Uint8Clamped|Uint16|Uint32|Int8|Int16|Int32|Float32|Float64)Array]$/,S=function(a){return E(a)?a.trim():a},Hd=function(a){return a.replace(/([-()[\]{}+?*.$^|,:#<!\\])/g,"\\$1").replace(/\x08/g,"\\x08")},Ga=function(){if(!v(Ga.rules)){var a=z.document.querySelector("[ng-csp]")||
 z.document.querySelector("[data-ng-csp]");if(a){var b=a.getAttribute("ng-csp")||a.getAttribute("data-ng-csp");Ga.rules={noUnsafeEval:!b||-1!==b.indexOf("no-unsafe-eval"),noInlineStyle:!b||-1!==b.indexOf("no-inline-style")}}else{a=Ga;try{new Function(""),b=!1}catch(d){b=!0}a.rules={noUnsafeEval:b,noInlineStyle:!1}}}return Ga.rules},rb=function(){if(v(rb.name_))return rb.name_;var a,b,d=Ka.length,c,f;for(b=0;b<d;++b)if(c=Ka[b],a=z.document.querySelector("["+c.replace(":","\\:")+"jq]")){f=a.getAttribute(c+
 "jq");break}return rb.name_=f},oe=/:/g,Ka=["ng-","data-ng-","ng:","x-ng-"],re=function(a){var b=a.currentScript,b=b&&b.getAttribute("src");if(!b)return!0;var d=a.createElement("a");d.href=b;if(a.location.origin===d.origin)return!0;switch(d.protocol){case "http:":case "https:":case "ftp:":case "blob:":case "file:":case "data:":return!0;default:return!1}}(z.document),ue=/[A-Z]/g,Oc=!1,Ja=3,ze={full:"1.6.2",major:1,minor:6,dot:2,codeName:"llamacorn-lovehug"};X.expando="ng339";var hb=X.cache={},ag=1;
 X._data=function(a){return this.cache[a[this.expando]]||{}};var Xf=/-([a-z])/g,Qg=/^-ms-/,zb={mouseleave:"mouseout",mouseenter:"mouseover"},ac=M("jqLite"),$f=/^<([\w-]+)\s*\/?>(?:<\/\1>|)$/,$b=/<|&#?\w+;/,Yf=/<([\w:-]+)/,Zf=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi,ha={option:[1,'<select multiple="multiple">',"</select>"],thead:[1,"<table>","</table>"],col:[2,"<table><colgroup>","</colgroup></table>"],tr:[2,"<table><tbody>","</tbody></table>"],td:[3,"<table><tbody><tr>",
 "</tr></tbody></table>"],_default:[0,"",""]};ha.optgroup=ha.option;ha.tbody=ha.tfoot=ha.colgroup=ha.caption=ha.thead;ha.th=ha.td;var fg=z.Node.prototype.contains||function(a){return!!(this.compareDocumentPosition(a)&16)},Oa=X.prototype={ready:$c,toString:function(){var a=[];q(this,function(b){a.push(""+b)});return"["+a.join(", ")+"]"},eq:function(a){return 0<=a?D(this[a]):D(this[this.length+a])},length:0,push:Pg,sort:[].sort,splice:[].splice},Fb={};q("multiple selected checked disabled readOnly required open".split(" "),
 function(a){Fb[P(a)]=a});var ed={};q("input select option textarea button form details".split(" "),function(a){ed[a]=!0});var md={ngMinlength:"minlength",ngMaxlength:"maxlength",ngMin:"min",ngMax:"max",ngPattern:"pattern",ngStep:"step"};q({data:dc,removeData:gb,hasData:function(a){for(var b in hb[a.ng339])return!0;return!1},cleanData:function(a){for(var b=0,d=a.length;b<d;b++)gb(a[b])}},function(a,b){X[b]=a});q({data:dc,inheritedData:Db,scope:function(a){return D.data(a,"$scope")||Db(a.parentNode||
 a,["$isolateScope","$scope"])},isolateScope:function(a){return D.data(a,"$isolateScope")||D.data(a,"$isolateScopeNoTemplate")},controller:bd,injector:function(a){return Db(a,"$injector")},removeAttr:function(a,b){a.removeAttribute(b)},hasClass:Ab,css:function(a,b,d){b=wb(b.replace(Qg,"ms-"));if(v(d))a.style[b]=d;else return a.style[b]},attr:function(a,b,d){var c=a.nodeType;if(c!==Ja&&2!==c&&8!==c&&a.getAttribute){var c=P(b),f=Fb[c];if(v(d))null===d||!1===d&&f?a.removeAttribute(b):a.setAttribute(b,
 f?c:d);else return a=a.getAttribute(b),f&&null!==a&&(a=c),null===a?void 0:a}},prop:function(a,b,d){if(v(d))a[b]=d;else return a[b]},text:function(){function a(a,d){if(x(d)){var c=a.nodeType;return 1===c||c===Ja?a.textContent:""}a.textContent=d}a.$dv="";return a}(),val:function(a,b){if(x(b)){if(a.multiple&&"select"===wa(a)){var d=[];q(a.options,function(a){a.selected&&d.push(a.value||a.text)});return d}return a.value}a.value=b},html:function(a,b){if(x(b))return a.innerHTML;xb(a,!0);a.innerHTML=b},
 empty:cd},function(a,b){X.prototype[b]=function(b,c){var f,e,g=this.length;if(a!==cd&&x(2===a.length&&a!==Ab&&a!==bd?b:c)){if(F(b)){for(f=0;f<g;f++)if(a===dc)a(this[f],b);else for(e in b)a(this[f],e,b[e]);return this}f=a.$dv;g=x(f)?Math.min(g,1):g;for(e=0;e<g;e++){var h=a(this[e],b,c);f=f?f+h:h}return f}for(f=0;f<g;f++)a(this[f],b,c);return this}});q({removeData:gb,on:function(a,b,d,c){if(v(c))throw ac("onargs");if(Yc(a)){c=yb(a,!0);var f=c.events,e=c.handle;e||(e=c.handle=cg(a,f));c=0<=b.indexOf(" ")?
 b.split(" "):[b];for(var g=c.length,h=function(b,c,g){var h=f[b];h||(h=f[b]=[],h.specialHandlerWrapper=c,"$destroy"===b||g||a.addEventListener(b,e));h.push(d)};g--;)b=c[g],zb[b]?(h(zb[b],eg),h(b,void 0,!0)):h(b)}},off:ad,one:function(a,b,d){a=D(a);a.on(b,function f(){a.off(b,d);a.off(b,f)});a.on(b,d)},replaceWith:function(a,b){var d,c=a.parentNode;xb(a);q(new X(b),function(b){d?c.insertBefore(b,d.nextSibling):c.replaceChild(b,a);d=b})},children:function(a){var b=[];q(a.childNodes,function(a){1===
 a.nodeType&&b.push(a)});return b},contents:function(a){return a.contentDocument||a.childNodes||[]},append:function(a,b){var d=a.nodeType;if(1===d||11===d){b=new X(b);for(var d=0,c=b.length;d<c;d++)a.appendChild(b[d])}},prepend:function(a,b){if(1===a.nodeType){var d=a.firstChild;q(new X(b),function(b){a.insertBefore(b,d)})}},wrap:function(a,b){var d=D(b).eq(0).clone()[0],c=a.parentNode;c&&c.replaceChild(d,a);d.appendChild(a)},remove:Eb,detach:function(a){Eb(a,!0)},after:function(a,b){var d=a,c=a.parentNode;
 if(c){b=new X(b);for(var f=0,e=b.length;f<e;f++){var g=b[f];c.insertBefore(g,d.nextSibling);d=g}}},addClass:Cb,removeClass:Bb,toggleClass:function(a,b,d){b&&q(b.split(" "),function(b){var f=d;x(f)&&(f=!Ab(a,b));(f?Cb:Bb)(a,b)})},parent:function(a){return(a=a.parentNode)&&11!==a.nodeType?a:null},next:function(a){return a.nextElementSibling},find:function(a,b){return a.getElementsByTagName?a.getElementsByTagName(b):[]},clone:cc,triggerHandler:function(a,b,d){var c,f,e=b.type||b,g=yb(a);if(g=(g=g&&g.events)&&
 g[e])c={preventDefault:function(){this.defaultPrevented=!0},isDefaultPrevented:function(){return!0===this.defaultPrevented},stopImmediatePropagation:function(){this.immediatePropagationStopped=!0},isImmediatePropagationStopped:function(){return!0===this.immediatePropagationStopped},stopPropagation:w,type:e,target:a},b.type&&(c=R(c,b)),b=ra(g),f=d?[c].concat(d):[c],q(b,function(b){c.isImmediatePropagationStopped()||b.apply(a,f)})}},function(a,b){X.prototype[b]=function(b,c,f){for(var e,g=0,h=this.length;g<
 h;g++)x(e)?(e=a(this[g],b,c,f),v(e)&&(e=D(e))):bc(e,a(this[g],b,c,f));return v(e)?e:this}});X.prototype.bind=X.prototype.on;X.prototype.unbind=X.prototype.off;var Rg=Object.create(null);fd.prototype={_idx:function(a){if(a===this._lastKey)return this._lastIndex;this._lastKey=a;return this._lastIndex=this._keys.indexOf(a)},_transformKey:function(a){return da(a)?Rg:a},get:function(a){a=this._transformKey(a);a=this._idx(a);if(-1!==a)return this._values[a]},set:function(a,b){a=this._transformKey(a);var d=
 this._idx(a);-1===d&&(d=this._lastIndex=this._keys.length);this._keys[d]=a;this._values[d]=b},delete:function(a){a=this._transformKey(a);a=this._idx(a);if(-1===a)return!1;this._keys.splice(a,1);this._values.splice(a,1);this._lastKey=NaN;this._lastIndex=-1;return!0}};var Gb=fd,Vf=[function(){this.$get=[function(){return Gb}]}],hg=/^([^(]+?)=>/,ig=/^[^(]*\(\s*([^)]*)\)/m,Sg=/,/,Tg=/^\s*(_?)(\S+?)\1\s*$/,gg=/((\/\/.*$)|(\/\*[\s\S]*?\*\/))/mg,za=M("$injector");db.$$annotate=function(a,b,d){var c;if("function"===
 typeof a){if(!(c=a.$inject)){c=[];if(a.length){if(b)throw E(d)&&d||(d=a.name||jg(a)),za("strictdi",d);b=gd(a);q(b[1].split(Sg),function(a){a.replace(Tg,function(a,b,d){c.push(d)})})}a.$inject=c}}else C(a)?(b=a.length-1,sb(a[b],"fn"),c=a.slice(0,b)):sb(a,"fn",!0);return c};var ce=M("$animate"),mf=function(){this.$get=w},nf=function(){var a=new Gb,b=[];this.$get=["$$AnimateRunner","$rootScope",function(d,c){function f(a,b,c){var d=!1;b&&(b=E(b)?b.split(" "):C(b)?b:[],q(b,function(b){b&&(d=!0,a[b]=c)}));
 return d}function e(){q(b,function(b){var c=a.get(b);if(c){var d=kg(b.attr("class")),e="",f="";q(c,function(a,b){a!==!!d[b]&&(a?e+=(e.length?" ":"")+b:f+=(f.length?" ":"")+b)});q(b,function(a){e&&Cb(a,e);f&&Bb(a,f)});a.delete(b)}});b.length=0}return{enabled:w,on:w,off:w,pin:w,push:function(g,h,k,l){l&&l();k=k||{};k.from&&g.css(k.from);k.to&&g.css(k.to);if(k.addClass||k.removeClass)if(h=k.addClass,l=k.removeClass,k=a.get(g)||{},h=f(k,h,!0),l=f(k,l,!1),h||l)a.set(g,k),b.push(g),1===b.length&&c.$$postDigest(e);
 g=new d;g.complete();return g}}}]},kf=["$provide",function(a){var b=this;this.$$registeredAnimations=Object.create(null);this.register=function(d,c){if(d&&"."!==d.charAt(0))throw ce("notcsel",d);var f=d+"-animation";b.$$registeredAnimations[d.substr(1)]=f;a.factory(f,c)};this.classNameFilter=function(a){if(1===arguments.length&&(this.$$classNameFilter=a instanceof RegExp?a:null)&&/(\s+|\/)ng-animate(\s+|\/)/.test(this.$$classNameFilter.toString()))throw ce("nongcls","ng-animate");return this.$$classNameFilter};
 this.$get=["$$animateQueue",function(a){function b(a,c,d){if(d){var h;a:{for(h=0;h<d.length;h++){var k=d[h];if(1===k.nodeType){h=k;break a}}h=void 0}!h||h.parentNode||h.previousElementSibling||(d=null)}d?d.after(a):c.prepend(a)}return{on:a.on,off:a.off,pin:a.pin,enabled:a.enabled,cancel:function(a){a.end&&a.end()},enter:function(f,e,g,h){e=e&&D(e);g=g&&D(g);e=e||g.parent();b(f,e,g);return a.push(f,"enter",ea(h))},move:function(f,e,g,h){e=e&&D(e);g=g&&D(g);e=e||g.parent();b(f,e,g);return a.push(f,
 "move",ea(h))},leave:function(b,c){return a.push(b,"leave",ea(c),function(){b.remove()})},addClass:function(b,c,g){g=ea(g);g.addClass=ib(g.addclass,c);return a.push(b,"addClass",g)},removeClass:function(b,c,g){g=ea(g);g.removeClass=ib(g.removeClass,c);return a.push(b,"removeClass",g)},setClass:function(b,c,g,h){h=ea(h);h.addClass=ib(h.addClass,c);h.removeClass=ib(h.removeClass,g);return a.push(b,"setClass",h)},animate:function(b,c,g,h,k){k=ea(k);k.from=k.from?R(k.from,c):c;k.to=k.to?R(k.to,g):g;k.tempClasses=
 ib(k.tempClasses,h||"ng-inline-animate");return a.push(b,"animate",k)}}}]}],pf=function(){this.$get=["$$rAF",function(a){function b(b){d.push(b);1<d.length||a(function(){for(var a=0;a<d.length;a++)d[a]();d=[]})}var d=[];return function(){var a=!1;b(function(){a=!0});return function(d){a?d():b(d)}}}]},of=function(){this.$get=["$q","$sniffer","$$animateAsyncRun","$$isDocumentHidden","$timeout",function(a,b,d,c,f){function e(a){this.setHost(a);var b=d();this._doneCallbacks=[];this._tick=function(a){c()?
 f(a,0,!1):b(a)};this._state=0}e.chain=function(a,b){function c(){if(d===a.length)b(!0);else a[d](function(a){!1===a?b(!1):(d++,c())})}var d=0;c()};e.all=function(a,b){function c(f){e=e&&f;++d===a.length&&b(e)}var d=0,e=!0;q(a,function(a){a.done(c)})};e.prototype={setHost:function(a){this.host=a||{}},done:function(a){2===this._state?a():this._doneCallbacks.push(a)},progress:w,getPromise:function(){if(!this.promise){var b=this;this.promise=a(function(a,c){b.done(function(b){!1===b?c():a()})})}return this.promise},
 then:function(a,b){return this.getPromise().then(a,b)},"catch":function(a){return this.getPromise()["catch"](a)},"finally":function(a){return this.getPromise()["finally"](a)},pause:function(){this.host.pause&&this.host.pause()},resume:function(){this.host.resume&&this.host.resume()},end:function(){this.host.end&&this.host.end();this._resolve(!0)},cancel:function(){this.host.cancel&&this.host.cancel();this._resolve(!1)},complete:function(a){var b=this;0===b._state&&(b._state=1,b._tick(function(){b._resolve(a)}))},
 _resolve:function(a){2!==this._state&&(q(this._doneCallbacks,function(b){b(a)}),this._doneCallbacks.length=0,this._state=2)}};return e}]},lf=function(){this.$get=["$$rAF","$q","$$AnimateRunner",function(a,b,d){return function(b,f){function e(){a(function(){g.addClass&&(b.addClass(g.addClass),g.addClass=null);g.removeClass&&(b.removeClass(g.removeClass),g.removeClass=null);g.to&&(b.css(g.to),g.to=null);h||k.complete();h=!0});return k}var g=f||{};g.$$prepared||(g=xa(g));g.cleanupStyles&&(g.from=g.to=
 null);g.from&&(b.css(g.from),g.from=null);var h,k=new d;return{start:e,end:e}}}]},fa=M("$compile"),hc=new function(){};Qc.$inject=["$provide","$$sanitizeUriProvider"];Ib.prototype.isFirstChange=function(){return this.previousValue===hc};var hd=/^((?:x|data)[:\-_])/i,ng=/[:\-_]+(.)/g,od=M("$controller"),nd=/^(\S+)(\s+as\s+([\w$]+))?$/,wf=function(){this.$get=["$document",function(a){return function(b){b?!b.nodeType&&b instanceof D&&(b=b[0]):b=a[0].body;return b.offsetWidth+1}}]},pd="application/json",
 kc={"Content-Type":pd+";charset=utf-8"},qg=/^\[|^\{(?!\{)/,rg={"[":/]$/,"{":/}$/},pg=/^\)]\}',?\n/,ud=M("$http"),Ca=$.$interpolateMinErr=M("$interpolate");Ca.throwNoconcat=function(a){throw Ca("noconcat",a);};Ca.interr=function(a,b){return Ca("interr",a,b.toString())};var Ef=function(){this.$get=["$window",function(a){function b(a){var b=function(a){b.data=a;b.called=!0};b.id=a;return b}var d=a.angular.callbacks,c={};return{createCallback:function(a){a="_"+(d.$$counter++).toString(36);var e="angular.callbacks."+
 a,g=b(a);c[e]=d[a]=g;return e},wasCalled:function(a){return c[a].called},getResponse:function(a){return c[a].data},removeCallback:function(a){delete d[c[a].id];delete c[a]}}}]},Ug=/^([^?#]*)(\?([^#]*))?(#(.*))?$/,tg={http:80,https:443,ftp:21},kb=M("$location"),ug=/^\s*[\\/]{2,}/,Vg={$$absUrl:"",$$html5:!1,$$replace:!1,absUrl:Jb("$$absUrl"),url:function(a){if(x(a))return this.$$url;var b=Ug.exec(a);(b[1]||""===a)&&this.path(decodeURIComponent(b[1]));(b[2]||b[1]||""===a)&&this.search(b[3]||"");this.hash(b[5]||
 "");return this},protocol:Jb("$$protocol"),host:Jb("$$host"),port:Jb("$$port"),path:yd("$$path",function(a){a=null!==a?a.toString():"";return"/"===a.charAt(0)?a:"/"+a}),search:function(a,b){switch(arguments.length){case 0:return this.$$search;case 1:if(E(a)||Y(a))a=a.toString(),this.$$search=Lc(a);else if(F(a))a=xa(a,{}),q(a,function(b,c){null==b&&delete a[c]}),this.$$search=a;else throw kb("isrcharg");break;default:x(b)||null===b?delete this.$$search[a]:this.$$search[a]=b}this.$$compose();return this},
 hash:yd("$$hash",function(a){return null!==a?a.toString():""}),replace:function(){this.$$replace=!0;return this}};q([xd,oc,nc],function(a){a.prototype=Object.create(Vg);a.prototype.state=function(b){if(!arguments.length)return this.$$state;if(a!==nc||!this.$$html5)throw kb("nostate");this.$$state=x(b)?null:b;this.$$urlUpdatedByLocation=!0;return this}});var Ta=M("$parse"),xg={}.constructor.prototype.valueOf,Qb=W();q("+ - * / % === !== == != < > <= >= && || ! = |".split(" "),function(a){Qb[a]=!0});
 var Wg={n:"\n",f:"\f",r:"\r",t:"\t",v:"\v","'":"'",'"':'"'},qc=function(a){this.options=a};qc.prototype={constructor:qc,lex:function(a){this.text=a;this.index=0;for(this.tokens=[];this.index<this.text.length;)if(a=this.text.charAt(this.index),'"'===a||"'"===a)this.readString(a);else if(this.isNumber(a)||"."===a&&this.isNumber(this.peek()))this.readNumber();else if(this.isIdentifierStart(this.peekMultichar()))this.readIdent();else if(this.is(a,"(){}[].,;:?"))this.tokens.push({index:this.index,text:a}),
 this.index++;else if(this.isWhitespace(a))this.index++;else{var b=a+this.peek(),d=b+this.peek(2),c=Qb[b],f=Qb[d];Qb[a]||c||f?(a=f?d:c?b:a,this.tokens.push({index:this.index,text:a,operator:!0}),this.index+=a.length):this.throwError("Unexpected next character ",this.index,this.index+1)}return this.tokens},is:function(a,b){return-1!==b.indexOf(a)},peek:function(a){a=a||1;return this.index+a<this.text.length?this.text.charAt(this.index+a):!1},isNumber:function(a){return"0"<=a&&"9">=a&&"string"===typeof a},
 isWhitespace:function(a){return" "===a||"\r"===a||"\t"===a||"\n"===a||"\v"===a||"\u00a0"===a},isIdentifierStart:function(a){return this.options.isIdentifierStart?this.options.isIdentifierStart(a,this.codePointAt(a)):this.isValidIdentifierStart(a)},isValidIdentifierStart:function(a){return"a"<=a&&"z">=a||"A"<=a&&"Z">=a||"_"===a||"$"===a},isIdentifierContinue:function(a){return this.options.isIdentifierContinue?this.options.isIdentifierContinue(a,this.codePointAt(a)):this.isValidIdentifierContinue(a)},
 isValidIdentifierContinue:function(a,b){return this.isValidIdentifierStart(a,b)||this.isNumber(a)},codePointAt:function(a){return 1===a.length?a.charCodeAt(0):(a.charCodeAt(0)<<10)+a.charCodeAt(1)-56613888},peekMultichar:function(){var a=this.text.charAt(this.index),b=this.peek();if(!b)return a;var d=a.charCodeAt(0),c=b.charCodeAt(0);return 55296<=d&&56319>=d&&56320<=c&&57343>=c?a+b:a},isExpOperator:function(a){return"-"===a||"+"===a||this.isNumber(a)},throwError:function(a,b,d){d=d||this.index;b=
 v(b)?"s "+b+"-"+this.index+" ["+this.text.substring(b,d)+"]":" "+d;throw Ta("lexerr",a,b,this.text);},readNumber:function(){for(var a="",b=this.index;this.index<this.text.length;){var d=P(this.text.charAt(this.index));if("."===d||this.isNumber(d))a+=d;else{var c=this.peek();if("e"===d&&this.isExpOperator(c))a+=d;else if(this.isExpOperator(d)&&c&&this.isNumber(c)&&"e"===a.charAt(a.length-1))a+=d;else if(!this.isExpOperator(d)||c&&this.isNumber(c)||"e"!==a.charAt(a.length-1))break;else this.throwError("Invalid exponent")}this.index++}this.tokens.push({index:b,
 text:a,constant:!0,value:Number(a)})},readIdent:function(){var a=this.index;for(this.index+=this.peekMultichar().length;this.index<this.text.length;){var b=this.peekMultichar();if(!this.isIdentifierContinue(b))break;this.index+=b.length}this.tokens.push({index:a,text:this.text.slice(a,this.index),identifier:!0})},readString:function(a){var b=this.index;this.index++;for(var d="",c=a,f=!1;this.index<this.text.length;){var e=this.text.charAt(this.index),c=c+e;if(f)"u"===e?(f=this.text.substring(this.index+
 1,this.index+5),f.match(/[\da-f]{4}/i)||this.throwError("Invalid unicode escape [\\u"+f+"]"),this.index+=4,d+=String.fromCharCode(parseInt(f,16))):d+=Wg[e]||e,f=!1;else if("\\"===e)f=!0;else{if(e===a){this.index++;this.tokens.push({index:b,text:c,constant:!0,value:d});return}d+=e}this.index++}this.throwError("Unterminated quote",b)}};var s=function(a,b){this.lexer=a;this.options=b};s.Program="Program";s.ExpressionStatement="ExpressionStatement";s.AssignmentExpression="AssignmentExpression";s.ConditionalExpression=
 "ConditionalExpression";s.LogicalExpression="LogicalExpression";s.BinaryExpression="BinaryExpression";s.UnaryExpression="UnaryExpression";s.CallExpression="CallExpression";s.MemberExpression="MemberExpression";s.Identifier="Identifier";s.Literal="Literal";s.ArrayExpression="ArrayExpression";s.Property="Property";s.ObjectExpression="ObjectExpression";s.ThisExpression="ThisExpression";s.LocalsExpression="LocalsExpression";s.NGValueParameter="NGValueParameter";s.prototype={ast:function(a){this.text=
 a;this.tokens=this.lexer.lex(a);a=this.program();0!==this.tokens.length&&this.throwError("is an unexpected token",this.tokens[0]);return a},program:function(){for(var a=[];;)if(0<this.tokens.length&&!this.peek("}",")",";","]")&&a.push(this.expressionStatement()),!this.expect(";"))return{type:s.Program,body:a}},expressionStatement:function(){return{type:s.ExpressionStatement,expression:this.filterChain()}},filterChain:function(){for(var a=this.expression();this.expect("|");)a=this.filter(a);return a},
 expression:function(){return this.assignment()},assignment:function(){var a=this.ternary();if(this.expect("=")){if(!Bd(a))throw Ta("lval");a={type:s.AssignmentExpression,left:a,right:this.assignment(),operator:"="}}return a},ternary:function(){var a=this.logicalOR(),b,d;return this.expect("?")&&(b=this.expression(),this.consume(":"))?(d=this.expression(),{type:s.ConditionalExpression,test:a,alternate:b,consequent:d}):a},logicalOR:function(){for(var a=this.logicalAND();this.expect("||");)a={type:s.LogicalExpression,
 operator:"||",left:a,right:this.logicalAND()};return a},logicalAND:function(){for(var a=this.equality();this.expect("&&");)a={type:s.LogicalExpression,operator:"&&",left:a,right:this.equality()};return a},equality:function(){for(var a=this.relational(),b;b=this.expect("==","!=","===","!==");)a={type:s.BinaryExpression,operator:b.text,left:a,right:this.relational()};return a},relational:function(){for(var a=this.additive(),b;b=this.expect("<",">","<=",">=");)a={type:s.BinaryExpression,operator:b.text,
 left:a,right:this.additive()};return a},additive:function(){for(var a=this.multiplicative(),b;b=this.expect("+","-");)a={type:s.BinaryExpression,operator:b.text,left:a,right:this.multiplicative()};return a},multiplicative:function(){for(var a=this.unary(),b;b=this.expect("*","/","%");)a={type:s.BinaryExpression,operator:b.text,left:a,right:this.unary()};return a},unary:function(){var a;return(a=this.expect("+","-","!"))?{type:s.UnaryExpression,operator:a.text,prefix:!0,argument:this.unary()}:this.primary()},
 primary:function(){var a;this.expect("(")?(a=this.filterChain(),this.consume(")")):this.expect("[")?a=this.arrayDeclaration():this.expect("{")?a=this.object():this.selfReferential.hasOwnProperty(this.peek().text)?a=xa(this.selfReferential[this.consume().text]):this.options.literals.hasOwnProperty(this.peek().text)?a={type:s.Literal,value:this.options.literals[this.consume().text]}:this.peek().identifier?a=this.identifier():this.peek().constant?a=this.constant():this.throwError("not a primary expression",
 this.peek());for(var b;b=this.expect("(","[",".");)"("===b.text?(a={type:s.CallExpression,callee:a,arguments:this.parseArguments()},this.consume(")")):"["===b.text?(a={type:s.MemberExpression,object:a,property:this.expression(),computed:!0},this.consume("]")):"."===b.text?a={type:s.MemberExpression,object:a,property:this.identifier(),computed:!1}:this.throwError("IMPOSSIBLE");return a},filter:function(a){a=[a];for(var b={type:s.CallExpression,callee:this.identifier(),arguments:a,filter:!0};this.expect(":");)a.push(this.expression());
 return b},parseArguments:function(){var a=[];if(")"!==this.peekToken().text){do a.push(this.filterChain());while(this.expect(","))}return a},identifier:function(){var a=this.consume();a.identifier||this.throwError("is not a valid identifier",a);return{type:s.Identifier,name:a.text}},constant:function(){return{type:s.Literal,value:this.consume().value}},arrayDeclaration:function(){var a=[];if("]"!==this.peekToken().text){do{if(this.peek("]"))break;a.push(this.expression())}while(this.expect(","))}this.consume("]");
 return{type:s.ArrayExpression,elements:a}},object:function(){var a=[],b;if("}"!==this.peekToken().text){do{if(this.peek("}"))break;b={type:s.Property,kind:"init"};this.peek().constant?(b.key=this.constant(),b.computed=!1,this.consume(":"),b.value=this.expression()):this.peek().identifier?(b.key=this.identifier(),b.computed=!1,this.peek(":")?(this.consume(":"),b.value=this.expression()):b.value=b.key):this.peek("[")?(this.consume("["),b.key=this.expression(),this.consume("]"),b.computed=!0,this.consume(":"),
 b.value=this.expression()):this.throwError("invalid key",this.peek());a.push(b)}while(this.expect(","))}this.consume("}");return{type:s.ObjectExpression,properties:a}},throwError:function(a,b){throw Ta("syntax",b.text,a,b.index+1,this.text,this.text.substring(b.index));},consume:function(a){if(0===this.tokens.length)throw Ta("ueoe",this.text);var b=this.expect(a);b||this.throwError("is unexpected, expecting ["+a+"]",this.peek());return b},peekToken:function(){if(0===this.tokens.length)throw Ta("ueoe",
 this.text);return this.tokens[0]},peek:function(a,b,d,c){return this.peekAhead(0,a,b,d,c)},peekAhead:function(a,b,d,c,f){if(this.tokens.length>a){a=this.tokens[a];var e=a.text;if(e===b||e===d||e===c||e===f||!(b||d||c||f))return a}return!1},expect:function(a,b,d,c){return(a=this.peek(a,b,d,c))?(this.tokens.shift(),a):!1},selfReferential:{"this":{type:s.ThisExpression},$locals:{type:s.LocalsExpression}}};Ed.prototype={compile:function(a){var b=this;a=this.astBuilder.ast(a);this.state={nextId:0,filters:{},
 fn:{vars:[],body:[],own:{}},assign:{vars:[],body:[],own:{}},inputs:[]};U(a,b.$filter);var d="",c;this.stage="assign";if(c=Cd(a))this.state.computing="assign",d=this.nextId(),this.recurse(c,d),this.return_(d),d="fn.assign="+this.generateFunction("assign","s,v,l");c=Ad(a.body);b.stage="inputs";q(c,function(a,c){var d="fn"+c;b.state[d]={vars:[],body:[],own:{}};b.state.computing=d;var h=b.nextId();b.recurse(a,h);b.return_(h);b.state.inputs.push(d);a.watchId=c});this.state.computing="fn";this.stage="main";
 this.recurse(a);d='"'+this.USE+" "+this.STRICT+'";\n'+this.filterPrefix()+"var fn="+this.generateFunction("fn","s,l,a,i")+d+this.watchFns()+"return fn;";d=(new Function("$filter","getStringValue","ifDefined","plus",d))(this.$filter,vg,wg,zd);this.state=this.stage=void 0;d.literal=Dd(a);d.constant=a.constant;return d},USE:"use",STRICT:"strict",watchFns:function(){var a=[],b=this.state.inputs,d=this;q(b,function(b){a.push("var "+b+"="+d.generateFunction(b,"s"))});b.length&&a.push("fn.inputs=["+b.join(",")+
 "];");return a.join("")},generateFunction:function(a,b){return"function("+b+"){"+this.varsPrefix(a)+this.body(a)+"};"},filterPrefix:function(){var a=[],b=this;q(this.state.filters,function(d,c){a.push(d+"=$filter("+b.escape(c)+")")});return a.length?"var "+a.join(",")+";":""},varsPrefix:function(a){return this.state[a].vars.length?"var "+this.state[a].vars.join(",")+";":""},body:function(a){return this.state[a].body.join("")},recurse:function(a,b,d,c,f,e){var g,h,k=this,l,m,n;c=c||w;if(!e&&v(a.watchId))b=
 b||this.nextId(),this.if_("i",this.lazyAssign(b,this.computedMember("i",a.watchId)),this.lazyRecurse(a,b,d,c,f,!0));else switch(a.type){case s.Program:q(a.body,function(b,c){k.recurse(b.expression,void 0,void 0,function(a){h=a});c!==a.body.length-1?k.current().body.push(h,";"):k.return_(h)});break;case s.Literal:m=this.escape(a.value);this.assign(b,m);c(b||m);break;case s.UnaryExpression:this.recurse(a.argument,void 0,void 0,function(a){h=a});m=a.operator+"("+this.ifDefined(h,0)+")";this.assign(b,
 m);c(m);break;case s.BinaryExpression:this.recurse(a.left,void 0,void 0,function(a){g=a});this.recurse(a.right,void 0,void 0,function(a){h=a});m="+"===a.operator?this.plus(g,h):"-"===a.operator?this.ifDefined(g,0)+a.operator+this.ifDefined(h,0):"("+g+")"+a.operator+"("+h+")";this.assign(b,m);c(m);break;case s.LogicalExpression:b=b||this.nextId();k.recurse(a.left,b);k.if_("&&"===a.operator?b:k.not(b),k.lazyRecurse(a.right,b));c(b);break;case s.ConditionalExpression:b=b||this.nextId();k.recurse(a.test,
 b);k.if_(b,k.lazyRecurse(a.alternate,b),k.lazyRecurse(a.consequent,b));c(b);break;case s.Identifier:b=b||this.nextId();d&&(d.context="inputs"===k.stage?"s":this.assign(this.nextId(),this.getHasOwnProperty("l",a.name)+"?l:s"),d.computed=!1,d.name=a.name);k.if_("inputs"===k.stage||k.not(k.getHasOwnProperty("l",a.name)),function(){k.if_("inputs"===k.stage||"s",function(){f&&1!==f&&k.if_(k.isNull(k.nonComputedMember("s",a.name)),k.lazyAssign(k.nonComputedMember("s",a.name),"{}"));k.assign(b,k.nonComputedMember("s",
 a.name))})},b&&k.lazyAssign(b,k.nonComputedMember("l",a.name)));c(b);break;case s.MemberExpression:g=d&&(d.context=this.nextId())||this.nextId();b=b||this.nextId();k.recurse(a.object,g,void 0,function(){k.if_(k.notNull(g),function(){a.computed?(h=k.nextId(),k.recurse(a.property,h),k.getStringValue(h),f&&1!==f&&k.if_(k.not(k.computedMember(g,h)),k.lazyAssign(k.computedMember(g,h),"{}")),m=k.computedMember(g,h),k.assign(b,m),d&&(d.computed=!0,d.name=h)):(f&&1!==f&&k.if_(k.isNull(k.nonComputedMember(g,
 a.property.name)),k.lazyAssign(k.nonComputedMember(g,a.property.name),"{}")),m=k.nonComputedMember(g,a.property.name),k.assign(b,m),d&&(d.computed=!1,d.name=a.property.name))},function(){k.assign(b,"undefined")});c(b)},!!f);break;case s.CallExpression:b=b||this.nextId();a.filter?(h=k.filter(a.callee.name),l=[],q(a.arguments,function(a){var b=k.nextId();k.recurse(a,b);l.push(b)}),m=h+"("+l.join(",")+")",k.assign(b,m),c(b)):(h=k.nextId(),g={},l=[],k.recurse(a.callee,h,g,function(){k.if_(k.notNull(h),
 function(){q(a.arguments,function(b){k.recurse(b,a.constant?void 0:k.nextId(),void 0,function(a){l.push(a)})});m=g.name?k.member(g.context,g.name,g.computed)+"("+l.join(",")+")":h+"("+l.join(",")+")";k.assign(b,m)},function(){k.assign(b,"undefined")});c(b)}));break;case s.AssignmentExpression:h=this.nextId();g={};this.recurse(a.left,void 0,g,function(){k.if_(k.notNull(g.context),function(){k.recurse(a.right,h);m=k.member(g.context,g.name,g.computed)+a.operator+h;k.assign(b,m);c(b||m)})},1);break;
 case s.ArrayExpression:l=[];q(a.elements,function(b){k.recurse(b,a.constant?void 0:k.nextId(),void 0,function(a){l.push(a)})});m="["+l.join(",")+"]";this.assign(b,m);c(b||m);break;case s.ObjectExpression:l=[];n=!1;q(a.properties,function(a){a.computed&&(n=!0)});n?(b=b||this.nextId(),this.assign(b,"{}"),q(a.properties,function(a){a.computed?(g=k.nextId(),k.recurse(a.key,g)):g=a.key.type===s.Identifier?a.key.name:""+a.key.value;h=k.nextId();k.recurse(a.value,h);k.assign(k.member(b,g,a.computed),h)})):
 (q(a.properties,function(b){k.recurse(b.value,a.constant?void 0:k.nextId(),void 0,function(a){l.push(k.escape(b.key.type===s.Identifier?b.key.name:""+b.key.value)+":"+a)})}),m="{"+l.join(",")+"}",this.assign(b,m));c(b||m);break;case s.ThisExpression:this.assign(b,"s");c(b||"s");break;case s.LocalsExpression:this.assign(b,"l");c(b||"l");break;case s.NGValueParameter:this.assign(b,"v"),c(b||"v")}},getHasOwnProperty:function(a,b){var d=a+"."+b,c=this.current().own;c.hasOwnProperty(d)||(c[d]=this.nextId(!1,
 a+"&&("+this.escape(b)+" in "+a+")"));return c[d]},assign:function(a,b){if(a)return this.current().body.push(a,"=",b,";"),a},filter:function(a){this.state.filters.hasOwnProperty(a)||(this.state.filters[a]=this.nextId(!0));return this.state.filters[a]},ifDefined:function(a,b){return"ifDefined("+a+","+this.escape(b)+")"},plus:function(a,b){return"plus("+a+","+b+")"},return_:function(a){this.current().body.push("return ",a,";")},if_:function(a,b,d){if(!0===a)b();else{var c=this.current().body;c.push("if(",
 a,"){");b();c.push("}");d&&(c.push("else{"),d(),c.push("}"))}},not:function(a){return"!("+a+")"},isNull:function(a){return a+"==null"},notNull:function(a){return a+"!=null"},nonComputedMember:function(a,b){var d=/[^$_a-zA-Z0-9]/g;return/^[$_a-zA-Z][$_a-zA-Z0-9]*$/.test(b)?a+"."+b:a+'["'+b.replace(d,this.stringEscapeFn)+'"]'},computedMember:function(a,b){return a+"["+b+"]"},member:function(a,b,d){return d?this.computedMember(a,b):this.nonComputedMember(a,b)},getStringValue:function(a){this.assign(a,
 "getStringValue("+a+")")},lazyRecurse:function(a,b,d,c,f,e){var g=this;return function(){g.recurse(a,b,d,c,f,e)}},lazyAssign:function(a,b){var d=this;return function(){d.assign(a,b)}},stringEscapeRegex:/[^ a-zA-Z0-9]/g,stringEscapeFn:function(a){return"\\u"+("0000"+a.charCodeAt(0).toString(16)).slice(-4)},escape:function(a){if(E(a))return"'"+a.replace(this.stringEscapeRegex,this.stringEscapeFn)+"'";if(Y(a))return a.toString();if(!0===a)return"true";if(!1===a)return"false";if(null===a)return"null";
 if("undefined"===typeof a)return"undefined";throw Ta("esc");},nextId:function(a,b){var d="v"+this.state.nextId++;a||this.current().vars.push(d+(b?"="+b:""));return d},current:function(){return this.state[this.state.computing]}};Fd.prototype={compile:function(a){var b=this;a=this.astBuilder.ast(a);U(a,b.$filter);var d,c;if(d=Cd(a))c=this.recurse(d);d=Ad(a.body);var f;d&&(f=[],q(d,function(a,c){var d=b.recurse(a);a.input=d;f.push(d);a.watchId=c}));var e=[];q(a.body,function(a){e.push(b.recurse(a.expression))});
 d=0===a.body.length?w:1===a.body.length?e[0]:function(a,b){var c;q(e,function(d){c=d(a,b)});return c};c&&(d.assign=function(a,b,d){return c(a,d,b)});f&&(d.inputs=f);d.literal=Dd(a);d.constant=a.constant;return d},recurse:function(a,b,d){var c,f,e=this,g;if(a.input)return this.inputs(a.input,a.watchId);switch(a.type){case s.Literal:return this.value(a.value,b);case s.UnaryExpression:return f=this.recurse(a.argument),this["unary"+a.operator](f,b);case s.BinaryExpression:return c=this.recurse(a.left),
 f=this.recurse(a.right),this["binary"+a.operator](c,f,b);case s.LogicalExpression:return c=this.recurse(a.left),f=this.recurse(a.right),this["binary"+a.operator](c,f,b);case s.ConditionalExpression:return this["ternary?:"](this.recurse(a.test),this.recurse(a.alternate),this.recurse(a.consequent),b);case s.Identifier:return e.identifier(a.name,b,d);case s.MemberExpression:return c=this.recurse(a.object,!1,!!d),a.computed||(f=a.property.name),a.computed&&(f=this.recurse(a.property)),a.computed?this.computedMember(c,
 f,b,d):this.nonComputedMember(c,f,b,d);case s.CallExpression:return g=[],q(a.arguments,function(a){g.push(e.recurse(a))}),a.filter&&(f=this.$filter(a.callee.name)),a.filter||(f=this.recurse(a.callee,!0)),a.filter?function(a,c,d,e){for(var n=[],p=0;p<g.length;++p)n.push(g[p](a,c,d,e));a=f.apply(void 0,n,e);return b?{context:void 0,name:void 0,value:a}:a}:function(a,c,d,e){var n=f(a,c,d,e),p;if(null!=n.value){p=[];for(var r=0;r<g.length;++r)p.push(g[r](a,c,d,e));p=n.value.apply(n.context,p)}return b?
 {value:p}:p};case s.AssignmentExpression:return c=this.recurse(a.left,!0,1),f=this.recurse(a.right),function(a,d,e,g){var n=c(a,d,e,g);a=f(a,d,e,g);n.context[n.name]=a;return b?{value:a}:a};case s.ArrayExpression:return g=[],q(a.elements,function(a){g.push(e.recurse(a))}),function(a,c,d,e){for(var f=[],p=0;p<g.length;++p)f.push(g[p](a,c,d,e));return b?{value:f}:f};case s.ObjectExpression:return g=[],q(a.properties,function(a){a.computed?g.push({key:e.recurse(a.key),computed:!0,value:e.recurse(a.value)}):
 g.push({key:a.key.type===s.Identifier?a.key.name:""+a.key.value,computed:!1,value:e.recurse(a.value)})}),function(a,c,d,e){for(var f={},p=0;p<g.length;++p)g[p].computed?f[g[p].key(a,c,d,e)]=g[p].value(a,c,d,e):f[g[p].key]=g[p].value(a,c,d,e);return b?{value:f}:f};case s.ThisExpression:return function(a){return b?{value:a}:a};case s.LocalsExpression:return function(a,c){return b?{value:c}:c};case s.NGValueParameter:return function(a,c,d){return b?{value:d}:d}}},"unary+":function(a,b){return function(d,
 c,f,e){d=a(d,c,f,e);d=v(d)?+d:0;return b?{value:d}:d}},"unary-":function(a,b){return function(d,c,f,e){d=a(d,c,f,e);d=v(d)?-d:-0;return b?{value:d}:d}},"unary!":function(a,b){return function(d,c,f,e){d=!a(d,c,f,e);return b?{value:d}:d}},"binary+":function(a,b,d){return function(c,f,e,g){var h=a(c,f,e,g);c=b(c,f,e,g);h=zd(h,c);return d?{value:h}:h}},"binary-":function(a,b,d){return function(c,f,e,g){var h=a(c,f,e,g);c=b(c,f,e,g);h=(v(h)?h:0)-(v(c)?c:0);return d?{value:h}:h}},"binary*":function(a,b,
 d){return function(c,f,e,g){c=a(c,f,e,g)*b(c,f,e,g);return d?{value:c}:c}},"binary/":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)/b(c,f,e,g);return d?{value:c}:c}},"binary%":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)%b(c,f,e,g);return d?{value:c}:c}},"binary===":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)===b(c,f,e,g);return d?{value:c}:c}},"binary!==":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)!==b(c,f,e,g);return d?{value:c}:c}},"binary==":function(a,b,d){return function(c,
 f,e,g){c=a(c,f,e,g)==b(c,f,e,g);return d?{value:c}:c}},"binary!=":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)!=b(c,f,e,g);return d?{value:c}:c}},"binary<":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)<b(c,f,e,g);return d?{value:c}:c}},"binary>":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)>b(c,f,e,g);return d?{value:c}:c}},"binary<=":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)<=b(c,f,e,g);return d?{value:c}:c}},"binary>=":function(a,b,d){return function(c,f,e,g){c=
 a(c,f,e,g)>=b(c,f,e,g);return d?{value:c}:c}},"binary&&":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)&&b(c,f,e,g);return d?{value:c}:c}},"binary||":function(a,b,d){return function(c,f,e,g){c=a(c,f,e,g)||b(c,f,e,g);return d?{value:c}:c}},"ternary?:":function(a,b,d,c){return function(f,e,g,h){f=a(f,e,g,h)?b(f,e,g,h):d(f,e,g,h);return c?{value:f}:f}},value:function(a,b){return function(){return b?{context:void 0,name:void 0,value:a}:a}},identifier:function(a,b,d){return function(c,f,e,g){c=
 f&&a in f?f:c;d&&1!==d&&c&&null==c[a]&&(c[a]={});f=c?c[a]:void 0;return b?{context:c,name:a,value:f}:f}},computedMember:function(a,b,d,c){return function(f,e,g,h){var k=a(f,e,g,h),l,m;null!=k&&(l=b(f,e,g,h),l+="",c&&1!==c&&k&&!k[l]&&(k[l]={}),m=k[l]);return d?{context:k,name:l,value:m}:m}},nonComputedMember:function(a,b,d,c){return function(f,e,g,h){f=a(f,e,g,h);c&&1!==c&&f&&null==f[b]&&(f[b]={});e=null!=f?f[b]:void 0;return d?{context:f,name:b,value:e}:e}},inputs:function(a,b){return function(d,
 c,f,e){return e?e[b]:a(d,c,f)}}};var rc=function(a,b,d){this.lexer=a;this.$filter=b;this.options=d;this.ast=new s(a,d);this.astCompiler=d.csp?new Fd(this.ast,b):new Ed(this.ast,b)};rc.prototype={constructor:rc,parse:function(a){return this.astCompiler.compile(a)}};var Da=M("$sce"),pa={HTML:"html",CSS:"css",URL:"url",RESOURCE_URL:"resourceUrl",JS:"js"},sc=/_([a-z])/g,zg=M("$compile"),ca=z.document.createElement("a"),Jd=oa(z.location.href);Kd.$inject=["$document"];Xc.$inject=["$provide"];var Rd=22,
 Qd=".",uc="0";Ld.$inject=["$locale"];Nd.$inject=["$locale"];var Kg={yyyy:aa("FullYear",4,0,!1,!0),yy:aa("FullYear",2,0,!0,!0),y:aa("FullYear",1,0,!1,!0),MMMM:mb("Month"),MMM:mb("Month",!0),MM:aa("Month",2,1),M:aa("Month",1,1),LLLL:mb("Month",!1,!0),dd:aa("Date",2),d:aa("Date",1),HH:aa("Hours",2),H:aa("Hours",1),hh:aa("Hours",2,-12),h:aa("Hours",1,-12),mm:aa("Minutes",2),m:aa("Minutes",1),ss:aa("Seconds",2),s:aa("Seconds",1),sss:aa("Milliseconds",3),EEEE:mb("Day"),EEE:mb("Day",!0),a:function(a,b){return 12>
 a.getHours()?b.AMPMS[0]:b.AMPMS[1]},Z:function(a,b,d){a=-1*d;return a=(0<=a?"+":"")+(Kb(Math[0<a?"floor":"ceil"](a/60),2)+Kb(Math.abs(a%60),2))},ww:Td(2),w:Td(1),G:vc,GG:vc,GGG:vc,GGGG:function(a,b){return 0>=a.getFullYear()?b.ERANAMES[0]:b.ERANAMES[1]}},Jg=/((?:[^yMLdHhmsaZEwG']+)|(?:'(?:[^']|'')*')|(?:E+|y+|M+|L+|d+|H+|h+|m+|s+|a|Z|G+|w+))(.*)/,Ig=/^-?\d+$/;Md.$inject=["$locale"];var Dg=ma(P),Eg=ma(ub);Od.$inject=["$parse"];var Be=ma({restrict:"E",compile:function(a,b){if(!b.href&&!b.xlinkHref)return function(a,
 b){if("a"===b[0].nodeName.toLowerCase()){var f="[object SVGAnimatedString]"===na.call(b.prop("href"))?"xlink:href":"href";b.on("click",function(a){b.attr(f)||a.preventDefault()})}}}}),vb={};q(Fb,function(a,b){function d(a,d,f){a.$watch(f[c],function(a){f.$set(b,!!a)})}if("multiple"!==a){var c=Ba("ng-"+b),f=d;"checked"===a&&(f=function(a,b,f){f.ngModel!==f[c]&&d(a,b,f)});vb[c]=function(){return{restrict:"A",priority:100,link:f}}}});q(md,function(a,b){vb[b]=function(){return{priority:100,link:function(a,
 c,f){if("ngPattern"===b&&"/"===f.ngPattern.charAt(0)&&(c=f.ngPattern.match(Og))){f.$set("ngPattern",new RegExp(c[1],c[2]));return}a.$watch(f[b],function(a){f.$set(b,a)})}}}});q(["src","srcset","href"],function(a){var b=Ba("ng-"+a);vb[b]=function(){return{priority:99,link:function(d,c,f){var e=a,g=a;"href"===a&&"[object SVGAnimatedString]"===na.call(c.prop("href"))&&(g="xlinkHref",f.$attr[g]="xlink:href",e=null);f.$observe(b,function(b){b?(f.$set(g,b),Ha&&e&&c.prop(e,f[g])):"href"===a&&f.$set(g,null)})}}}});
 var Mb={$addControl:w,$$renameControl:function(a,b){a.$name=b},$removeControl:w,$setValidity:w,$setDirty:w,$setPristine:w,$setSubmitted:w};Lb.$inject=["$element","$attrs","$scope","$animate","$interpolate"];Lb.prototype={$rollbackViewValue:function(){q(this.$$controls,function(a){a.$rollbackViewValue()})},$commitViewValue:function(){q(this.$$controls,function(a){a.$commitViewValue()})},$addControl:function(a){La(a.$name,"input");this.$$controls.push(a);a.$name&&(this[a.$name]=a);a.$$parentForm=this},
 $$renameControl:function(a,b){var d=a.$name;this[d]===a&&delete this[d];this[b]=a;a.$name=b},$removeControl:function(a){a.$name&&this[a.$name]===a&&delete this[a.$name];q(this.$pending,function(b,d){this.$setValidity(d,null,a)},this);q(this.$error,function(b,d){this.$setValidity(d,null,a)},this);q(this.$$success,function(b,d){this.$setValidity(d,null,a)},this);Za(this.$$controls,a);a.$$parentForm=Mb},$setDirty:function(){this.$$animate.removeClass(this.$$element,Ua);this.$$animate.addClass(this.$$element,
 Rb);this.$dirty=!0;this.$pristine=!1;this.$$parentForm.$setDirty()},$setPristine:function(){this.$$animate.setClass(this.$$element,Ua,Rb+" ng-submitted");this.$dirty=!1;this.$pristine=!0;this.$submitted=!1;q(this.$$controls,function(a){a.$setPristine()})},$setUntouched:function(){q(this.$$controls,function(a){a.$setUntouched()})},$setSubmitted:function(){this.$$animate.addClass(this.$$element,"ng-submitted");this.$submitted=!0;this.$$parentForm.$setSubmitted()}};Wd({clazz:Lb,set:function(a,b,d){var c=
 a[b];c?-1===c.indexOf(d)&&c.push(d):a[b]=[d]},unset:function(a,b,d){var c=a[b];c&&(Za(c,d),0===c.length&&delete a[b])}});var de=function(a){return["$timeout","$parse",function(b,d){function c(a){return""===a?d('this[""]').assign:d(a).assign||w}return{name:"form",restrict:a?"EAC":"E",require:["form","^^?form"],controller:Lb,compile:function(d,e){d.addClass(Ua).addClass(nb);var g=e.name?"name":a&&e.ngForm?"ngForm":!1;return{pre:function(a,d,e,f){var n=f[0];if(!("action"in e)){var p=function(b){a.$apply(function(){n.$commitViewValue();
 n.$setSubmitted()});b.preventDefault()};d[0].addEventListener("submit",p);d.on("$destroy",function(){b(function(){d[0].removeEventListener("submit",p)},0,!1)})}(f[1]||n.$$parentForm).$addControl(n);var r=g?c(n.$name):w;g&&(r(a,n),e.$observe(g,function(b){n.$name!==b&&(r(a,void 0),n.$$parentForm.$$renameControl(n,b),r=c(n.$name),r(a,n))}));d.on("$destroy",function(){n.$$parentForm.$removeControl(n);r(a,void 0);R(n,Mb)})}}}}}]},Ce=de(),Oe=de(!0),Lg=/^\d{4,}-[01]\d-[0-3]\dT[0-2]\d:[0-5]\d:[0-5]\d\.\d+(?:[+-][0-2]\d:[0-5]\d|Z)$/,
 Xg=/^[a-z][a-z\d.+-]*:\/*(?:[^:@]+(?::[^@]+)?@)?(?:[^\s:/?#]+|\[[a-f\d:]+])(?::\d+)?(?:\/[^?#]*)?(?:\?[^#]*)?(?:#.*)?$/i,Yg=/^(?=.{1,254}$)(?=.{1,64}@)[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+(\.[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+)*@[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?(\.[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?)*$/,Mg=/^\s*(-|\+)?(\d+|(\d*(\.\d*)))([eE][+-]?\d+)?\s*$/,ee=/^(\d{4,})-(\d{2})-(\d{2})$/,fe=/^(\d{4,})-(\d\d)-(\d\d)T(\d\d):(\d\d)(?::(\d\d)(\.\d{1,3})?)?$/,Cc=/^(\d{4,})-W(\d\d)$/,ge=/^(\d{4,})-(\d\d)$/,
 he=/^(\d\d):(\d\d)(?::(\d\d)(\.\d{1,3})?)?$/,Yd=W();q(["date","datetime-local","month","time","week"],function(a){Yd[a]=!0});var ie={text:function(a,b,d,c,f,e){Ra(a,b,d,c,f,e);xc(c)},date:ob("date",ee,Nb(ee,["yyyy","MM","dd"]),"yyyy-MM-dd"),"datetime-local":ob("datetimelocal",fe,Nb(fe,"yyyy MM dd HH mm ss sss".split(" ")),"yyyy-MM-ddTHH:mm:ss.sss"),time:ob("time",he,Nb(he,["HH","mm","ss","sss"]),"HH:mm:ss.sss"),week:ob("week",Cc,function(a,b){if(ga(a))return a;if(E(a)){Cc.lastIndex=0;var d=Cc.exec(a);
 if(d){var c=+d[1],f=+d[2],e=d=0,g=0,h=0,k=Sd(c),f=7*(f-1);b&&(d=b.getHours(),e=b.getMinutes(),g=b.getSeconds(),h=b.getMilliseconds());return new Date(c,0,k.getDate()+f,d,e,g,h)}}return NaN},"yyyy-Www"),month:ob("month",ge,Nb(ge,["yyyy","MM"]),"yyyy-MM"),number:function(a,b,d,c,f,e){yc(a,b,d,c);Zd(c);Ra(a,b,d,c,f,e);var g,h;if(v(d.min)||d.ngMin)c.$validators.min=function(a){return c.$isEmpty(a)||x(g)||a>=g},d.$observe("min",function(a){g=Sa(a);c.$validate()});if(v(d.max)||d.ngMax)c.$validators.max=
 function(a){return c.$isEmpty(a)||x(h)||a<=h},d.$observe("max",function(a){h=Sa(a);c.$validate()});if(v(d.step)||d.ngStep){var k;c.$validators.step=function(a,b){return c.$isEmpty(b)||x(k)||$d(b,g||0,k)};d.$observe("step",function(a){k=Sa(a);c.$validate()})}},url:function(a,b,d,c,f,e){Ra(a,b,d,c,f,e);xc(c);c.$$parserName="url";c.$validators.url=function(a,b){var d=a||b;return c.$isEmpty(d)||Xg.test(d)}},email:function(a,b,d,c,f,e){Ra(a,b,d,c,f,e);xc(c);c.$$parserName="email";c.$validators.email=function(a,
 b){var d=a||b;return c.$isEmpty(d)||Yg.test(d)}},radio:function(a,b,d,c){var f=!d.ngTrim||"false"!==S(d.ngTrim);x(d.name)&&b.attr("name",++qb);b.on("click",function(a){var g;b[0].checked&&(g=d.value,f&&(g=S(g)),c.$setViewValue(g,a&&a.type))});c.$render=function(){var a=d.value;f&&(a=S(a));b[0].checked=a===c.$viewValue};d.$observe("value",c.$render)},range:function(a,b,d,c,f,e){function g(a,c){b.attr(a,d[a]);d.$observe(a,c)}function h(a){n=Sa(a);da(c.$modelValue)||(m?(a=b.val(),n>a&&(a=n,b.val(a)),
 c.$setViewValue(a)):c.$validate())}function k(a){p=Sa(a);da(c.$modelValue)||(m?(a=b.val(),p<a&&(b.val(p),a=p<n?n:p),c.$setViewValue(a)):c.$validate())}function l(a){r=Sa(a);da(c.$modelValue)||(m&&c.$viewValue!==b.val()?c.$setViewValue(b.val()):c.$validate())}yc(a,b,d,c);Zd(c);Ra(a,b,d,c,f,e);var m=c.$$hasNativeValidators&&"range"===b[0].type,n=m?0:void 0,p=m?100:void 0,r=m?1:void 0,q=b[0].validity;a=v(d.min);f=v(d.max);e=v(d.step);var s=c.$render;c.$render=m&&v(q.rangeUnderflow)&&v(q.rangeOverflow)?
 function(){s();c.$setViewValue(b.val())}:s;a&&(c.$validators.min=m?function(){return!0}:function(a,b){return c.$isEmpty(b)||x(n)||b>=n},g("min",h));f&&(c.$validators.max=m?function(){return!0}:function(a,b){return c.$isEmpty(b)||x(p)||b<=p},g("max",k));e&&(c.$validators.step=m?function(){return!q.stepMismatch}:function(a,b){return c.$isEmpty(b)||x(r)||$d(b,n||0,r)},g("step",l))},checkbox:function(a,b,d,c,f,e,g,h){var k=ae(h,a,"ngTrueValue",d.ngTrueValue,!0),l=ae(h,a,"ngFalseValue",d.ngFalseValue,
 !1);b.on("click",function(a){c.$setViewValue(b[0].checked,a&&a.type)});c.$render=function(){b[0].checked=c.$viewValue};c.$isEmpty=function(a){return!1===a};c.$formatters.push(function(a){return qa(a,k)});c.$parsers.push(function(a){return a?k:l})},hidden:w,button:w,submit:w,reset:w,file:w},Rc=["$browser","$sniffer","$filter","$parse",function(a,b,d,c){return{restrict:"E",require:["?ngModel"],link:{pre:function(f,e,g,h){h[0]&&(ie[P(g.type)]||ie.text)(f,e,g,h[0],b,a,d,c)}}}}],Zg=/^(true|false|\d+)$/,
 ff=function(){function a(a,d,c){var f=v(c)?c:9===Ha?"":null;a.prop("value",f);d.$set("value",c)}return{restrict:"A",priority:100,compile:function(b,d){return Zg.test(d.ngValue)?function(b,d,e){b=b.$eval(e.ngValue);a(d,e,b)}:function(b,d,e){b.$watch(e.ngValue,function(b){a(d,e,b)})}}}},Ge=["$compile",function(a){return{restrict:"AC",compile:function(b){a.$$addBindingClass(b);return function(b,c,f){a.$$addBindingInfo(c,f.ngBind);c=c[0];b.$watch(f.ngBind,function(a){c.textContent=Yb(a)})}}}}],Ie=["$interpolate",
 "$compile",function(a,b){return{compile:function(d){b.$$addBindingClass(d);return function(c,d,e){c=a(d.attr(e.$attr.ngBindTemplate));b.$$addBindingInfo(d,c.expressions);d=d[0];e.$observe("ngBindTemplate",function(a){d.textContent=x(a)?"":a})}}}}],He=["$sce","$parse","$compile",function(a,b,d){return{restrict:"A",compile:function(c,f){var e=b(f.ngBindHtml),g=b(f.ngBindHtml,function(b){return a.valueOf(b)});d.$$addBindingClass(c);return function(b,c,f){d.$$addBindingInfo(c,f.ngBindHtml);b.$watch(g,
 function(){var d=e(b);c.html(a.getTrustedHtml(d)||"")})}}}}],ef=ma({restrict:"A",require:"ngModel",link:function(a,b,d,c){c.$viewChangeListeners.push(function(){a.$eval(d.ngChange)})}}),Je=Ac("",!0),Le=Ac("Odd",0),Ke=Ac("Even",1),Me=Qa({compile:function(a,b){b.$set("ngCloak",void 0);a.removeClass("ng-cloak")}}),Ne=[function(){return{restrict:"A",scope:!0,controller:"@",priority:500}}],Wc={},$g={blur:!0,focus:!0};q("click dblclick mousedown mouseup mouseover mouseout mousemove mouseenter mouseleave keydown keyup keypress submit focus blur copy cut paste".split(" "),
 function(a){var b=Ba("ng-"+a);Wc[b]=["$parse","$rootScope",function(d,c){return{restrict:"A",compile:function(f,e){var g=d(e[b]);return function(b,d){d.on(a,function(d){var e=function(){g(b,{$event:d})};$g[a]&&c.$$phase?b.$evalAsync(e):b.$apply(e)})}}}}]});var Qe=["$animate","$compile",function(a,b){return{multiElement:!0,transclude:"element",priority:600,terminal:!0,restrict:"A",$$tlb:!0,link:function(d,c,f,e,g){var h,k,l;d.$watch(f.ngIf,function(d){d?k||g(function(d,e){k=e;d[d.length++]=b.$$createComment("end ngIf",
 f.ngIf);h={clone:d};a.enter(d,c.parent(),c)}):(l&&(l.remove(),l=null),k&&(k.$destroy(),k=null),h&&(l=tb(h.clone),a.leave(l).done(function(a){!1!==a&&(l=null)}),h=null))})}}}],Re=["$templateRequest","$anchorScroll","$animate",function(a,b,d){return{restrict:"ECA",priority:400,terminal:!0,transclude:"element",controller:$.noop,compile:function(c,f){var e=f.ngInclude||f.src,g=f.onload||"",h=f.autoscroll;return function(c,f,m,n,p){var q=0,s,w,u,H=function(){w&&(w.remove(),w=null);s&&(s.$destroy(),s=null);
 u&&(d.leave(u).done(function(a){!1!==a&&(w=null)}),w=u,u=null)};c.$watch(e,function(e){var m=function(a){!1===a||!v(h)||h&&!c.$eval(h)||b()},w=++q;e?(a(e,!0).then(function(a){if(!c.$$destroyed&&w===q){var b=c.$new();n.template=a;a=p(b,function(a){H();d.enter(a,null,f).done(m)});s=b;u=a;s.$emit("$includeContentLoaded",e);c.$eval(g)}},function(){c.$$destroyed||w!==q||(H(),c.$emit("$includeContentError",e))}),c.$emit("$includeContentRequested",e)):(H(),n.template=null)})}}}}],hf=["$compile",function(a){return{restrict:"ECA",
 priority:-400,require:"ngInclude",link:function(b,d,c,f){na.call(d[0]).match(/SVG/)?(d.empty(),a(Zc(f.template,z.document).childNodes)(b,function(a){d.append(a)},{futureParentElement:d})):(d.html(f.template),a(d.contents())(b))}}}],Se=Qa({priority:450,compile:function(){return{pre:function(a,b,d){a.$eval(d.ngInit)}}}}),df=function(){return{restrict:"A",priority:100,require:"ngModel",link:function(a,b,d,c){var f=d.ngList||", ",e="false"!==d.ngTrim,g=e?S(f):f;c.$parsers.push(function(a){if(!x(a)){var b=
 [];a&&q(a.split(g),function(a){a&&b.push(e?S(a):a)});return b}});c.$formatters.push(function(a){if(C(a))return a.join(f)});c.$isEmpty=function(a){return!a||!a.length}}}},nb="ng-valid",Vd="ng-invalid",Ua="ng-pristine",Rb="ng-dirty",pb=M("ngModel");Ob.$inject="$scope $exceptionHandler $attrs $element $parse $animate $timeout $q $interpolate".split(" ");Ob.prototype={$$initGetterSetters:function(){if(this.$options.getOption("getterSetter")){var a=this.$$parse(this.$$attr.ngModel+"()"),b=this.$$parse(this.$$attr.ngModel+
 "($$$p)");this.$$ngModelGet=function(b){var c=this.$$parsedNgModel(b);y(c)&&(c=a(b));return c};this.$$ngModelSet=function(a,c){y(this.$$parsedNgModel(a))?b(a,{$$$p:c}):this.$$parsedNgModelAssign(a,c)}}else if(!this.$$parsedNgModel.assign)throw pb("nonassign",this.$$attr.ngModel,ya(this.$$element));},$render:w,$isEmpty:function(a){return x(a)||""===a||null===a||a!==a},$$updateEmptyClasses:function(a){this.$isEmpty(a)?(this.$$animate.removeClass(this.$$element,"ng-not-empty"),this.$$animate.addClass(this.$$element,
 "ng-empty")):(this.$$animate.removeClass(this.$$element,"ng-empty"),this.$$animate.addClass(this.$$element,"ng-not-empty"))},$setPristine:function(){this.$dirty=!1;this.$pristine=!0;this.$$animate.removeClass(this.$$element,Rb);this.$$animate.addClass(this.$$element,Ua)},$setDirty:function(){this.$dirty=!0;this.$pristine=!1;this.$$animate.removeClass(this.$$element,Ua);this.$$animate.addClass(this.$$element,Rb);this.$$parentForm.$setDirty()},$setUntouched:function(){this.$touched=!1;this.$untouched=
 !0;this.$$animate.setClass(this.$$element,"ng-untouched","ng-touched")},$setTouched:function(){this.$touched=!0;this.$untouched=!1;this.$$animate.setClass(this.$$element,"ng-touched","ng-untouched")},$rollbackViewValue:function(){this.$$timeout.cancel(this.$$pendingDebounce);this.$viewValue=this.$$lastCommittedViewValue;this.$render()},$validate:function(){if(!da(this.$modelValue)){var a=this.$$lastCommittedViewValue,b=this.$$rawModelValue,d=this.$valid,c=this.$modelValue,f=this.$options.getOption("allowInvalid"),
 e=this;this.$$runValidators(b,a,function(a){f||d===a||(e.$modelValue=a?b:void 0,e.$modelValue!==c&&e.$$writeModelToScope())})}},$$runValidators:function(a,b,d){function c(){var c=!0;q(k.$validators,function(d,f){var g=Boolean(d(a,b));c=c&&g;e(f,g)});return c?!0:(q(k.$asyncValidators,function(a,b){e(b,null)}),!1)}function f(){var c=[],d=!0;q(k.$asyncValidators,function(f,g){var h=f(a,b);if(!h||!y(h.then))throw pb("nopromise",h);e(g,void 0);c.push(h.then(function(){e(g,!0)},function(){d=!1;e(g,!1)}))});
 c.length?k.$$q.all(c).then(function(){g(d)},w):g(!0)}function e(a,b){h===k.$$currentValidationRunId&&k.$setValidity(a,b)}function g(a){h===k.$$currentValidationRunId&&d(a)}this.$$currentValidationRunId++;var h=this.$$currentValidationRunId,k=this;(function(){var a=k.$$parserName||"parse";if(x(k.$$parserValid))e(a,null);else return k.$$parserValid||(q(k.$validators,function(a,b){e(b,null)}),q(k.$asyncValidators,function(a,b){e(b,null)})),e(a,k.$$parserValid),k.$$parserValid;return!0})()?c()?f():g(!1):
 g(!1)},$commitViewValue:function(){var a=this.$viewValue;this.$$timeout.cancel(this.$$pendingDebounce);if(this.$$lastCommittedViewValue!==a||""===a&&this.$$hasNativeValidators)this.$$updateEmptyClasses(a),this.$$lastCommittedViewValue=a,this.$pristine&&this.$setDirty(),this.$$parseAndValidate()},$$parseAndValidate:function(){var a=this.$$lastCommittedViewValue,b=this;if(this.$$parserValid=x(a)?void 0:!0)for(var d=0;d<this.$parsers.length;d++)if(a=this.$parsers[d](a),x(a)){this.$$parserValid=!1;break}da(this.$modelValue)&&
 (this.$modelValue=this.$$ngModelGet(this.$$scope));var c=this.$modelValue,f=this.$options.getOption("allowInvalid");this.$$rawModelValue=a;f&&(this.$modelValue=a,b.$modelValue!==c&&b.$$writeModelToScope());this.$$runValidators(a,this.$$lastCommittedViewValue,function(d){f||(b.$modelValue=d?a:void 0,b.$modelValue!==c&&b.$$writeModelToScope())})},$$writeModelToScope:function(){this.$$ngModelSet(this.$$scope,this.$modelValue);q(this.$viewChangeListeners,function(a){try{a()}catch(b){this.$$exceptionHandler(b)}},
 this)},$setViewValue:function(a,b){this.$viewValue=a;this.$options.getOption("updateOnDefault")&&this.$$debounceViewValueCommit(b)},$$debounceViewValueCommit:function(a){var b=this.$options.getOption("debounce");Y(b[a])?b=b[a]:Y(b["default"])&&(b=b["default"]);this.$$timeout.cancel(this.$$pendingDebounce);var d=this;0<b?this.$$pendingDebounce=this.$$timeout(function(){d.$commitViewValue()},b):this.$$scope.$root.$$phase?this.$commitViewValue():this.$$scope.$apply(function(){d.$commitViewValue()})},
 $overrideModelOptions:function(a){this.$options=this.$options.createChild(a)}};Wd({clazz:Ob,set:function(a,b){a[b]=!0},unset:function(a,b){delete a[b]}});var cf=["$rootScope",function(a){return{restrict:"A",require:["ngModel","^?form","^?ngModelOptions"],controller:Ob,priority:1,compile:function(b){b.addClass(Ua).addClass("ng-untouched").addClass(nb);return{pre:function(a,b,f,e){var g=e[0];b=e[1]||g.$$parentForm;if(e=e[2])g.$options=e.$options;g.$$initGetterSetters();b.$addControl(g);f.$observe("name",
 function(a){g.$name!==a&&g.$$parentForm.$$renameControl(g,a)});a.$on("$destroy",function(){g.$$parentForm.$removeControl(g)})},post:function(b,c,f,e){function g(){h.$setTouched()}var h=e[0];if(h.$options.getOption("updateOn"))c.on(h.$options.getOption("updateOn"),function(a){h.$$debounceViewValueCommit(a&&a.type)});c.on("blur",function(){h.$touched||(a.$$phase?b.$evalAsync(g):b.$apply(g))})}}}}}],Pb,ah=/(\s+|^)default(\s+|$)/;Bc.prototype={getOption:function(a){return this.$$options[a]},createChild:function(a){var b=
 !1;a=R({},a);q(a,function(d,c){"$inherit"===d?"*"===c?b=!0:(a[c]=this.$$options[c],"updateOn"===c&&(a.updateOnDefault=this.$$options.updateOnDefault)):"updateOn"===c&&(a.updateOnDefault=!1,a[c]=S(d.replace(ah,function(){a.updateOnDefault=!0;return" "})))},this);b&&(delete a["*"],be(a,this.$$options));be(a,Pb.$$options);return new Bc(a)}};Pb=new Bc({updateOn:"",updateOnDefault:!0,debounce:0,getterSetter:!1,allowInvalid:!1,timezone:null});var gf=function(){function a(a,d){this.$$attrs=a;this.$$scope=
 d}a.$inject=["$attrs","$scope"];a.prototype={$onInit:function(){var a=this.parentCtrl?this.parentCtrl.$options:Pb,d=this.$$scope.$eval(this.$$attrs.ngModelOptions);this.$options=a.createChild(d)}};return{restrict:"A",priority:10,require:{parentCtrl:"?^^ngModelOptions"},bindToController:!0,controller:a}},Te=Qa({terminal:!0,priority:1E3}),bh=M("ngOptions"),ch=/^\s*([\s\S]+?)(?:\s+as\s+([\s\S]+?))?(?:\s+group\s+by\s+([\s\S]+?))?(?:\s+disable\s+when\s+([\s\S]+?))?\s+for\s+(?:([$\w][$\w]*)|(?:\(\s*([$\w][$\w]*)\s*,\s*([$\w][$\w]*)\s*\)))\s+in\s+([\s\S]+?)(?:\s+track\s+by\s+([\s\S]+?))?$/,
 af=["$compile","$document","$parse",function(a,b,d){function c(a,b,c){function e(a,b,c,d,f){this.selectValue=a;this.viewValue=b;this.label=c;this.group=d;this.disabled=f}function f(a){var b;if(!q&&sa(a))b=a;else{b=[];for(var c in a)a.hasOwnProperty(c)&&"$"!==c.charAt(0)&&b.push(c)}return b}var n=a.match(ch);if(!n)throw bh("iexp",a,ya(b));var p=n[5]||n[7],q=n[6];a=/ as /.test(n[0])&&n[1];var s=n[9];b=d(n[2]?n[1]:p);var v=a&&d(a)||b,u=s&&d(s),w=s?function(a,b){return u(c,b)}:function(a){return Pa(a)},
 x=function(a,b){return w(a,B(a,b))},t=d(n[2]||n[1]),z=d(n[3]||""),A=d(n[4]||""),K=d(n[8]),I={},B=q?function(a,b){I[q]=b;I[p]=a;return I}:function(a){I[p]=a;return I};return{trackBy:s,getTrackByValue:x,getWatchables:d(K,function(a){var b=[];a=a||[];for(var d=f(a),e=d.length,g=0;g<e;g++){var h=a===d?g:d[g],l=a[h],h=B(l,h),l=w(l,h);b.push(l);if(n[2]||n[1])l=t(c,h),b.push(l);n[4]&&(h=A(c,h),b.push(h))}return b}),getOptions:function(){for(var a=[],b={},d=K(c)||[],g=f(d),h=g.length,n=0;n<h;n++){var p=d===
 g?n:g[n],q=B(d[p],p),r=v(c,q),p=w(r,q),u=t(c,q),I=z(c,q),q=A(c,q),r=new e(p,r,u,I,q);a.push(r);b[p]=r}return{items:a,selectValueMap:b,getOptionFromViewValue:function(a){return b[x(a)]},getViewValueFromOption:function(a){return s?xa(a.viewValue):a.viewValue}}}}}var f=z.document.createElement("option"),e=z.document.createElement("optgroup");return{restrict:"A",terminal:!0,require:["select","ngModel"],link:{pre:function(a,b,c,d){d[0].registerOption=w},post:function(d,h,k,l){function m(a){var b=(a=t.getOptionFromViewValue(a))&&
 a.element;b&&!b.selected&&(b.selected=!0);return a}function n(a,b){a.element=b;b.disabled=a.disabled;a.label!==b.label&&(b.label=a.label,b.textContent=a.label);b.value=a.selectValue}function p(){var a=t&&r.readValue();if(t)for(var b=t.items.length-1;0<=b;b--){var c=t.items[b];v(c.group)?Eb(c.element.parentNode):Eb(c.element)}t=y.getOptions();var d={};z&&h.prepend(r.emptyOption);t.items.forEach(function(a){var b;if(v(a.group)){b=d[a.group];b||(b=e.cloneNode(!1),A.appendChild(b),b.label=null===a.group?
 "null":a.group,d[a.group]=b);var c=f.cloneNode(!1)}else b=A,c=f.cloneNode(!1);b.appendChild(c);n(a,c)});h[0].appendChild(A);s.$render();s.$isEmpty(a)||(b=r.readValue(),(y.trackBy||w?qa(a,b):a===b)||(s.$setViewValue(b),s.$render()))}var r=l[0],s=l[1],w=k.multiple;l=0;for(var u=h.children(),x=u.length;l<x;l++)if(""===u[l].value){r.hasEmptyOption=!0;r.emptyOption=u.eq(l);break}var z=!!r.emptyOption;D(f.cloneNode(!1)).val("?");var t,y=c(k.ngOptions,h,d),A=b[0].createDocumentFragment();r.generateUnknownOptionValue=
 function(a){return"?"};w?(r.writeValue=function(a){var b=a&&a.map(m)||[];t.items.forEach(function(a){a.element.selected&&-1===Array.prototype.indexOf.call(b,a)&&(a.element.selected=!1)})},r.readValue=function(){var a=h.val()||[],b=[];q(a,function(a){(a=t.selectValueMap[a])&&!a.disabled&&b.push(t.getViewValueFromOption(a))});return b},y.trackBy&&d.$watchCollection(function(){if(C(s.$viewValue))return s.$viewValue.map(function(a){return y.getTrackByValue(a)})},function(){s.$render()})):(r.writeValue=
 function(a){var b=t.selectValueMap[h.val()],c=t.getOptionFromViewValue(a);b&&b.element.removeAttribute("selected");c?(h[0].value!==c.selectValue&&(r.removeUnknownOption(),r.unselectEmptyOption(),h[0].value=c.selectValue,c.element.selected=!0),c.element.setAttribute("selected","selected")):z?r.selectEmptyOption():r.unknownOption.parent().length?r.updateUnknownOption(a):r.renderUnknownOption(a)},r.readValue=function(){var a=t.selectValueMap[h.val()];return a&&!a.disabled?(r.unselectEmptyOption(),r.removeUnknownOption(),
 t.getViewValueFromOption(a)):null},y.trackBy&&d.$watch(function(){return y.getTrackByValue(s.$viewValue)},function(){s.$render()}));z&&(r.emptyOption.remove(),a(r.emptyOption)(d),8===r.emptyOption[0].nodeType?(r.hasEmptyOption=!1,r.registerOption=function(a,b){""===b.val()&&(r.hasEmptyOption=!0,r.emptyOption=b,r.emptyOption.removeClass("ng-scope"),s.$render(),b.on("$destroy",function(){r.hasEmptyOption=!1;r.emptyOption=void 0}))}):r.emptyOption.removeClass("ng-scope"));h.empty();p();d.$watchCollection(y.getWatchables,
 p)}}}}],Ue=["$locale","$interpolate","$log",function(a,b,d){var c=/{}/g,f=/^when(Minus)?(.+)$/;return{link:function(e,g,h){function k(a){g.text(a||"")}var l=h.count,m=h.$attr.when&&g.attr(h.$attr.when),n=h.offset||0,p=e.$eval(m)||{},r={},s=b.startSymbol(),v=b.endSymbol(),u=s+l+"-"+n+v,H=$.noop,y;q(h,function(a,b){var c=f.exec(b);c&&(c=(c[1]?"-":"")+P(c[2]),p[c]=g.attr(h.$attr[b]))});q(p,function(a,d){r[d]=b(a.replace(c,u))});e.$watch(l,function(b){var c=parseFloat(b),f=da(c);f||c in p||(c=a.pluralCat(c-
 n));c===y||f&&da(y)||(H(),f=r[c],x(f)?(null!=b&&d.debug("ngPluralize: no rule defined for '"+c+"' in "+m),H=w,k()):H=e.$watch(f,k),y=c)})}}}],Ve=["$parse","$animate","$compile",function(a,b,d){var c=M("ngRepeat"),f=function(a,b,c,d,f,m,n){a[c]=d;f&&(a[f]=m);a.$index=b;a.$first=0===b;a.$last=b===n-1;a.$middle=!(a.$first||a.$last);a.$odd=!(a.$even=0===(b&1))};return{restrict:"A",multiElement:!0,transclude:"element",priority:1E3,terminal:!0,$$tlb:!0,compile:function(e,g){var h=g.ngRepeat,k=d.$$createComment("end ngRepeat",
 h),l=h.match(/^\s*([\s\S]+?)\s+in\s+([\s\S]+?)(?:\s+as\s+([\s\S]+?))?(?:\s+track\s+by\s+([\s\S]+?))?\s*$/);if(!l)throw c("iexp",h);var m=l[1],n=l[2],p=l[3],r=l[4],l=m.match(/^(?:(\s*[$\w]+)|\(\s*([$\w]+)\s*,\s*([$\w]+)\s*\))$/);if(!l)throw c("iidexp",m);var s=l[3]||l[1],v=l[2];if(p&&(!/^[$a-zA-Z_][$a-zA-Z0-9_]*$/.test(p)||/^(null|undefined|this|\$index|\$first|\$middle|\$last|\$even|\$odd|\$parent|\$root|\$id)$/.test(p)))throw c("badident",p);var u,w,x,t,y={$id:Pa};r?u=a(r):(x=function(a,b){return Pa(b)},
 t=function(a){return a});return function(a,d,e,g,l){u&&(w=function(b,c,d){v&&(y[v]=b);y[s]=c;y.$index=d;return u(a,y)});var m=W();a.$watchCollection(n,function(e){var g,n,r=d[0],u,y=W(),z,D,E,B,F,C,I;p&&(a[p]=e);if(sa(e))F=e,n=w||x;else for(I in n=w||t,F=[],e)ua.call(e,I)&&"$"!==I.charAt(0)&&F.push(I);z=F.length;I=Array(z);for(g=0;g<z;g++)if(D=e===F?g:F[g],E=e[D],B=n(D,E,g),m[B])C=m[B],delete m[B],y[B]=C,I[g]=C;else{if(y[B])throw q(I,function(a){a&&a.scope&&(m[a.id]=a)}),c("dupes",h,B,E);I[g]={id:B,
 scope:void 0,clone:void 0};y[B]=!0}for(u in m){C=m[u];B=tb(C.clone);b.leave(B);if(B[0].parentNode)for(g=0,n=B.length;g<n;g++)B[g].$$NG_REMOVED=!0;C.scope.$destroy()}for(g=0;g<z;g++)if(D=e===F?g:F[g],E=e[D],C=I[g],C.scope){u=r;do u=u.nextSibling;while(u&&u.$$NG_REMOVED);C.clone[0]!==u&&b.move(tb(C.clone),null,r);r=C.clone[C.clone.length-1];f(C.scope,g,s,E,v,D,z)}else l(function(a,c){C.scope=c;var d=k.cloneNode(!1);a[a.length++]=d;b.enter(a,null,r);r=d;C.clone=a;y[C.id]=C;f(C.scope,g,s,E,v,D,z)});m=
 y})}}}}],We=["$animate",function(a){return{restrict:"A",multiElement:!0,link:function(b,d,c){b.$watch(c.ngShow,function(b){a[b?"removeClass":"addClass"](d,"ng-hide",{tempClasses:"ng-hide-animate"})})}}}],Pe=["$animate",function(a){return{restrict:"A",multiElement:!0,link:function(b,d,c){b.$watch(c.ngHide,function(b){a[b?"addClass":"removeClass"](d,"ng-hide",{tempClasses:"ng-hide-animate"})})}}}],Xe=Qa(function(a,b,d){a.$watch(d.ngStyle,function(a,d){d&&a!==d&&q(d,function(a,c){b.css(c,"")});a&&b.css(a)},
 !0)}),Ye=["$animate","$compile",function(a,b){return{require:"ngSwitch",controller:["$scope",function(){this.cases={}}],link:function(d,c,f,e){var g=[],h=[],k=[],l=[],m=function(a,b){return function(c){!1!==c&&a.splice(b,1)}};d.$watch(f.ngSwitch||f.on,function(c){for(var d,f;k.length;)a.cancel(k.pop());d=0;for(f=l.length;d<f;++d){var s=tb(h[d].clone);l[d].$destroy();(k[d]=a.leave(s)).done(m(k,d))}h.length=0;l.length=0;(g=e.cases["!"+c]||e.cases["?"])&&q(g,function(c){c.transclude(function(d,e){l.push(e);
 var f=c.element;d[d.length++]=b.$$createComment("end ngSwitchWhen");h.push({clone:d});a.enter(d,f.parent(),f)})})})}}}],Ze=Qa({transclude:"element",priority:1200,require:"^ngSwitch",multiElement:!0,link:function(a,b,d,c,f){a=d.ngSwitchWhen.split(d.ngSwitchWhenSeparator).sort().filter(function(a,b,c){return c[b-1]!==a});q(a,function(a){c.cases["!"+a]=c.cases["!"+a]||[];c.cases["!"+a].push({transclude:f,element:b})})}}),$e=Qa({transclude:"element",priority:1200,require:"^ngSwitch",multiElement:!0,link:function(a,
 b,d,c,f){c.cases["?"]=c.cases["?"]||[];c.cases["?"].push({transclude:f,element:b})}}),dh=M("ngTransclude"),bf=["$compile",function(a){return{restrict:"EAC",terminal:!0,compile:function(b){var d=a(b.contents());b.empty();return function(a,b,e,g,h){function k(){d(a,function(a){b.append(a)})}if(!h)throw dh("orphan",ya(b));e.ngTransclude===e.$attr.ngTransclude&&(e.ngTransclude="");e=e.ngTransclude||e.ngTranscludeSlot;h(function(a,c){var d;if(d=a.length)a:{d=0;for(var e=a.length;d<e;d++){var g=a[d];if(g.nodeType!==
 Ja||g.nodeValue.trim()){d=!0;break a}}d=void 0}d?b.append(a):(k(),c.$destroy())},null,e);e&&!h.isSlotFilled(e)&&k()}}}}],De=["$templateCache",function(a){return{restrict:"E",terminal:!0,compile:function(b,d){"text/ng-template"===d.type&&a.put(d.id,b[0].text)}}}],eh={$setViewValue:w,$render:w},fh=["$element","$scope",function(a,b){function d(){h||(h=!0,b.$$postDigest(function(){h=!1;e.ngModelCtrl.$render()}))}function c(a){k||(k=!0,b.$$postDigest(function(){b.$$destroyed||(k=!1,e.ngModelCtrl.$setViewValue(e.readValue()),
 a&&e.ngModelCtrl.$render())}))}function f(a){a.prop("selected",!0);a.attr("selected",!0)}var e=this,g=new Gb;e.selectValueMap={};e.ngModelCtrl=eh;e.multiple=!1;e.unknownOption=D(z.document.createElement("option"));e.hasEmptyOption=!1;e.emptyOption=void 0;e.renderUnknownOption=function(b){b=e.generateUnknownOptionValue(b);e.unknownOption.val(b);a.prepend(e.unknownOption);f(e.unknownOption);a.val(b)};e.updateUnknownOption=function(b){b=e.generateUnknownOptionValue(b);e.unknownOption.val(b);f(e.unknownOption);
 a.val(b)};e.generateUnknownOptionValue=function(a){return"? "+Pa(a)+" ?"};e.removeUnknownOption=function(){e.unknownOption.parent()&&e.unknownOption.remove()};e.selectEmptyOption=function(){e.emptyOption&&(a.val(""),f(e.emptyOption))};e.unselectEmptyOption=function(){e.hasEmptyOption&&e.emptyOption.removeAttr("selected")};b.$on("$destroy",function(){e.renderUnknownOption=w});e.readValue=function(){var b=a.val(),b=b in e.selectValueMap?e.selectValueMap[b]:b;return e.hasOption(b)?b:null};e.writeValue=
 function(b){var c=a[0].options[a[0].selectedIndex];c&&c.removeAttribute("selected");e.hasOption(b)?(e.removeUnknownOption(),c=Pa(b),a.val(c in e.selectValueMap?c:b),f(D(a[0].options[a[0].selectedIndex]))):null==b&&e.emptyOption?(e.removeUnknownOption(),e.selectEmptyOption()):e.unknownOption.parent().length?e.updateUnknownOption(b):e.renderUnknownOption(b)};e.addOption=function(a,b){if(8!==b[0].nodeType){La(a,'"option value"');""===a&&(e.hasEmptyOption=!0,e.emptyOption=b);var c=g.get(a)||0;g.set(a,
 c+1);d()}};e.removeOption=function(a){var b=g.get(a);b&&(1===b?(g.delete(a),""===a&&(e.hasEmptyOption=!1,e.emptyOption=void 0)):g.set(a,b-1))};e.hasOption=function(a){return!!g.get(a)};var h=!1,k=!1;e.registerOption=function(a,b,f,g,h){if(f.$attr.ngValue){var k,q=NaN;f.$observe("value",function(a){var d,f=b.prop("selected");v(q)&&(e.removeOption(k),delete e.selectValueMap[q],d=!0);q=Pa(a);k=a;e.selectValueMap[q]=a;e.addOption(a,b);b.attr("value",q);d&&f&&c()})}else g?f.$observe("value",function(a){e.readValue();
 var d,f=b.prop("selected");v(k)&&(e.removeOption(k),d=!0);k=a;e.addOption(a,b);d&&f&&c()}):h?a.$watch(h,function(a,d){f.$set("value",a);var g=b.prop("selected");d!==a&&e.removeOption(d);e.addOption(a,b);d&&g&&c()}):e.addOption(f.value,b);f.$observe("disabled",function(a){if("true"===a||a&&b.prop("selected"))e.multiple?c(!0):(e.ngModelCtrl.$setViewValue(null),e.ngModelCtrl.$render())});b.on("$destroy",function(){var a=e.readValue(),b=f.value;e.removeOption(b);d();(e.multiple&&a&&-1!==a.indexOf(b)||
 a===b)&&c(!0)})}}],Ee=function(){return{restrict:"E",require:["select","?ngModel"],controller:fh,priority:1,link:{pre:function(a,b,d,c){var f=c[0],e=c[1];if(e){if(f.ngModelCtrl=e,b.on("change",function(){f.removeUnknownOption();a.$apply(function(){e.$setViewValue(f.readValue())})}),d.multiple){f.multiple=!0;f.readValue=function(){var a=[];q(b.find("option"),function(b){b.selected&&!b.disabled&&(b=b.value,a.push(b in f.selectValueMap?f.selectValueMap[b]:b))});return a};f.writeValue=function(a){q(b.find("option"),
 function(b){b.selected=!!a&&(-1!==Array.prototype.indexOf.call(a,b.value)||-1!==Array.prototype.indexOf.call(a,f.selectValueMap[b.value]))})};var g,h=NaN;a.$watch(function(){h!==e.$viewValue||qa(g,e.$viewValue)||(g=ra(e.$viewValue),e.$render());h=e.$viewValue});e.$isEmpty=function(a){return!a||0===a.length}}}else f.registerOption=w},post:function(a,b,d,c){var f=c[1];if(f){var e=c[0];f.$render=function(){e.writeValue(f.$viewValue)}}}}}},Fe=["$interpolate",function(a){return{restrict:"E",priority:100,
 compile:function(b,d){var c,f;v(d.ngValue)||(v(d.value)?c=a(d.value,!0):(f=a(b.text(),!0))||d.$set("value",b.text()));return function(a,b,d){var k=b.parent();(k=k.data("$selectController")||k.parent().data("$selectController"))&&k.registerOption(a,b,d,c,f)}}}}],Tc=function(){return{restrict:"A",require:"?ngModel",link:function(a,b,d,c){c&&(d.required=!0,c.$validators.required=function(a,b){return!d.required||!c.$isEmpty(b)},d.$observe("required",function(){c.$validate()}))}}},Sc=function(){return{restrict:"A",
 require:"?ngModel",link:function(a,b,d,c){if(c){var f,e=d.ngPattern||d.pattern;d.$observe("pattern",function(a){E(a)&&0<a.length&&(a=new RegExp("^"+a+"$"));if(a&&!a.test)throw M("ngPattern")("noregexp",e,a,ya(b));f=a||void 0;c.$validate()});c.$validators.pattern=function(a,b){return c.$isEmpty(b)||x(f)||f.test(b)}}}}},Vc=function(){return{restrict:"A",require:"?ngModel",link:function(a,b,d,c){if(c){var f=-1;d.$observe("maxlength",function(a){a=Z(a);f=da(a)?-1:a;c.$validate()});c.$validators.maxlength=
 function(a,b){return 0>f||c.$isEmpty(b)||b.length<=f}}}}},Uc=function(){return{restrict:"A",require:"?ngModel",link:function(a,b,d,c){if(c){var f=0;d.$observe("minlength",function(a){f=Z(a)||0;c.$validate()});c.$validators.minlength=function(a,b){return c.$isEmpty(b)||b.length>=f}}}}};z.angular.bootstrap?z.console&&console.log("WARNING: Tried to load angular more than once."):(ve(),ye($),$.module("ngLocale",[],["$provide",function(a){function b(a){a+="";var b=a.indexOf(".");return-1==b?0:a.length-
 b-1}a.value("$locale",{DATETIME_FORMATS:{AMPMS:["AM","PM"],DAY:"Sunday Monday Tuesday Wednesday Thursday Friday Saturday".split(" "),ERANAMES:["Before Christ","Anno Domini"],ERAS:["BC","AD"],FIRSTDAYOFWEEK:6,MONTH:"January February March April May June July August September October November December".split(" "),SHORTDAY:"Sun Mon Tue Wed Thu Fri Sat".split(" "),SHORTMONTH:"Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec".split(" "),STANDALONEMONTH:"January February March April May June July August September October November December".split(" "),
 WEEKENDRANGE:[5,6],fullDate:"EEEE, MMMM d, y",longDate:"MMMM d, y",medium:"MMM d, y h:mm:ss a",mediumDate:"MMM d, y",mediumTime:"h:mm:ss a","short":"M/d/yy h:mm a",shortDate:"M/d/yy",shortTime:"h:mm a"},NUMBER_FORMATS:{CURRENCY_SYM:"$",DECIMAL_SEP:".",GROUP_SEP:",",PATTERNS:[{gSize:3,lgSize:3,maxFrac:3,minFrac:0,minInt:1,negPre:"-",negSuf:"",posPre:"",posSuf:""},{gSize:3,lgSize:3,maxFrac:2,minFrac:2,minInt:1,negPre:"-\u00a4",negSuf:"",posPre:"\u00a4",posSuf:""}]},id:"en-us",localeID:"en_US",pluralCat:function(a,
 c){var f=a|0,e=c;void 0===e&&(e=Math.min(b(a),3));Math.pow(10,e);return 1==f&&0==e?"one":"other"}})}]),D(function(){qe(z.document,Mc)}))})(window);!window.angular.$$csp().noInlineStyle&&window.angular.element(document.head).prepend('<style type="text/css">@charset "UTF-8";[ng\\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak,.ng-hide:not(.ng-hide-animate){display:none !important;}ng\\:form{display:block;}.ng-animate-shim{visibility:hidden;}.ng-anchor{position:absolute;}</style>');
 //# sourceMappingURL=angular.min.js.map
--- a/packages/assets/com.jquery/jquery-3.1.1.js
+++ b/packages/assets/com.jquery/jquery-3.1.1.js
--- a/packages/assets/well-known/oauth3
+++ b/packages/assets/well-known/oauth3
@ -0,0 +1 @@
 ../org.oauth3/well-known/oauth3
--- a/var/.gitkeep
+++ b/var/.gitkeep