~evanj/cms

7bc6c63c9be5214a32ca44ef58317588c54bbeb6 — Evan M Jones 1 year, 7 days ago 7879ad8
WIP(rate limiting): Initial support for rate limiting. TODO: rate limit
for user to org.
M TODO => TODO +1 -1
@@ 7,9 7,9 @@ Pay logo: mybrandnewlogo.com
Doc pages: Contact, FAQ, Terms, Privacy 
Object storage implementation BYOB
Invite a user (the user will have access to all the same spaces -- to your "org" basically)
Restrict API requests for free users
Payment cancel/update settings
Depth option on APIs
No zero length varchar
Optional memcached
When editing existing references don't blow away prev inputs
Restrict API requests for free users (limit users<->org)

M cms.go => cms.go +14 -12
@@ 20,6 20,7 @@ import (
	"git.sr.ht/~evanj/cms/internal/s/cache"
	"git.sr.ht/~evanj/cms/internal/s/db"
	webhook "git.sr.ht/~evanj/cms/internal/s/hook"
	"git.sr.ht/~evanj/cms/internal/s/rl"
	libstripe "git.sr.ht/~evanj/cms/internal/s/stripe"
	"git.sr.ht/~evanj/cms/pkg/e3"
	"git.sr.ht/~evanj/security"


@@ 105,9 106,10 @@ func init() {
		applogger.Fatal(err)
	}

	rl := rl.New(log.New(w, "[cms:ratelimit] ", 0), cacher)
	fs := e3.New(e3user, e3pass, e3url)
	c := c.New(log.New(w, "[cms:content] ", 0), cacher, analyticsEnabled)
	libs := libstripe.New(stripeSuccessURL, stripeErrorURL, stripePK, stripeSK, cacher)
	c := c.New(log.New(w, "[cms:content] ", 0), rl, analyticsEnabled)
	libs := libstripe.New(stripeSuccessURL, stripeErrorURL, stripePK, stripeSK, rl)

	app = &App{
		applogger,


@@ 115,37 117,37 @@ func init() {
			"content": content.New(
				c,
				log.New(w, "[cms:content] ", 0),
				cacher,
				rl,
				fs,
				webhook.New(log.New(w, "[cms:hook] ", 0), cacher),
				webhook.New(log.New(w, "[cms:hook] ", 0), rl),
				url,
			),
			"contenttype": contenttype.New(
				c,
				log.New(w, "[cms:contenttype] ", 0),
				cacher,
				rl,
			),
			"space": space.New(
				c,
				log.New(w, "[cms:space] ", 0),
				cacher,
				rl,
			),
			"user": user.New(
				c,
				log.New(w, "[cms:user] ", 0),
				cacher,
				rl,
				signupEnabled,
				libs,
			),
			"hook": hook.New(
				c,
				log.New(w, "[cms:hook] ", 0),
				cacher,
				rl,
			),
			"file": file.New(
				c,
				log.New(w, "[cms:file] ", 0),
				cacher,
				rl,
				fs,
				url,
			),


@@ 153,17 155,17 @@ func init() {
			"redirect": redirect.New(
				c,
				log.New(w, "[cms:redirect] ", 0),
				cacher,
				rl,
			),
			"page": doc.New(
				c,
				log.New(w, "[cms:doc] ", 0),
				cacher,
				rl,
			),
			"stripe": http.StripPrefix("/stripe", stripe.New(
				c,
				log.New(w, "[cms:stripe] ", 0),
				cacher,
				rl,
				libs,
			)),
		},

M internal/c/c.go => internal/c/c.go +14 -5
@@ 12,6 12,7 @@ import (
	"strings"

	"git.sr.ht/~evanj/cms/internal/m/user"
	"git.sr.ht/~evanj/cms/internal/s/rl"
	"github.com/google/uuid"
)



@@ 44,16 45,23 @@ func New(log *log.Logger, db dber, analytics bool) *Controller {
	}
}

func wrapUserErr(err error) error {
	if errors.Is(err, rl.ErrHitLimit) {
		return err
	}
	return ErrNoLogin
}

// TODO: You know why this is bad, change it.
func (c *Controller) GetCookieUser2(w http.ResponseWriter, r *http.Request) (user.User, error) {
	cookie, err := r.Cookie(KeyUserLogin)
	if err != nil {
		return nil, err
		return nil, wrapUserErr(err)
	}

	user, err := c.db.UserGetFromToken(cookie.Value)
	if err != nil {
		return nil, err
		return nil, wrapUserErr(err)
	}

	return user, nil


@@ 61,12 69,15 @@ func (c *Controller) GetCookieUser2(w http.ResponseWriter, r *http.Request) (use

func (c *Controller) GetCookieUser(w http.ResponseWriter, r *http.Request) (user.User, error) {
	user, err := c.GetCookieUser2(w, r)
	if errors.Is(err, rl.ErrHitLimit) {
		return nil, err
	}
	if err != nil {
		// No user in cookie, lets check in basic auth.

		u, p, ok := r.BasicAuth()
		if !ok {
			return nil, fmt.Errorf("no user available")
			return nil, ErrNoLogin
		}

		user, err = c.db.UserGet(u, p)


@@ 179,6 190,4 @@ func (c *Controller) Redirect(w http.ResponseWriter, r *http.Request, to string)
		return
	}
	http.Redirect(w, r, to, http.StatusFound)
	// val := url.Values{"url": []string{to}}
	// http.Redirect(w, r, fmt.Sprintf("/redirect?%s", val.Encode()), http.StatusTemporaryRedirect)
}

M internal/c/content/content.go => internal/c/content/content.go +4 -4
@@ 94,7 94,7 @@ func (c *Content) upload(ctx context.Context, filename string, file io.Reader, u
func (c *Content) tree(w http.ResponseWriter, r *http.Request, spaceID, contenttypeID, contentID string) (user.User, space.Space, contenttype.ContentType, content.Content, error) {
	user, err := c.GetCookieUser(w, r)
	if err != nil {
		return nil, nil, nil, nil, ErrNoLogin
		return nil, nil, nil, nil, err
	}

	space, err := c.db.SpaceGet(user, spaceID)


@@ 121,7 121,7 @@ func (c *Content) create(w http.ResponseWriter, r *http.Request) {

	user, err := c.GetCookieUser(w, r)
	if err != nil {
		c.Error2(w, r, http.StatusBadRequest, ErrNoLogin)
		c.Error2(w, r, http.StatusBadRequest, err)
		return
	}



@@ 219,7 219,7 @@ func (c *Content) serve(w http.ResponseWriter, r *http.Request) {

	user, err := c.GetCookieUser(w, r)
	if err != nil {
		c.Error2(w, r, http.StatusBadRequest, ErrNoLogin)
		c.Error2(w, r, http.StatusBadRequest, err)
		return
	}



@@ 413,7 413,7 @@ func (c *Content) search(w http.ResponseWriter, r *http.Request) {

	user, err := c.GetCookieUser(w, r)
	if err != nil {
		c.Error2(w, r, http.StatusBadRequest, ErrNoLogin)
		c.Error2(w, r, http.StatusBadRequest, err)
		return
	}


M internal/c/contenttype/contenttype.go => internal/c/contenttype/contenttype.go +4 -4
@@ 60,7 60,7 @@ func New(c *c.Controller, log *log.Logger, db dber) *ContentType {
func (c *ContentType) tree(w http.ResponseWriter, r *http.Request) (user.User, space.Space, error) {
	user, err := c.GetCookieUser(w, r)
	if err != nil {
		return nil, nil, ErrNoLogin
		return nil, nil, err
	}

	spaceID := r.FormValue("space")


@@ 268,7 268,7 @@ func (c *ContentType) serve(w http.ResponseWriter, r *http.Request) {

	user, err := c.GetCookieUser(w, r)
	if err != nil {
		c.Error2(w, r, http.StatusBadRequest, ErrNoLogin)
		c.Error2(w, r, http.StatusBadRequest, err)
		return
	}



@@ 325,7 325,7 @@ func (c *ContentType) delete(w http.ResponseWriter, r *http.Request) {

	user, err := c.GetCookieUser(w, r)
	if err != nil {
		c.Error2(w, r, http.StatusBadRequest, ErrNoLogin)
		c.Error2(w, r, http.StatusBadRequest, err)
		return
	}



@@ 356,7 356,7 @@ func (c *ContentType) search(w http.ResponseWriter, r *http.Request) {

	user, err := c.GetCookieUser(w, r)
	if err != nil {
		c.Error2(w, r, http.StatusBadRequest, ErrNoLogin)
		c.Error2(w, r, http.StatusBadRequest, err)
		return
	}


M internal/c/hook/hook.go => internal/c/hook/hook.go +1 -1
@@ 49,7 49,7 @@ func New(c *c.Controller, log *log.Logger, db dber) *Content {
func (h *Content) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	user, err := h.GetCookieUser(w, r)
	if err != nil {
		h.Error2(w, r, http.StatusBadRequest, c.ErrNoLogin)
		h.Error2(w, r, http.StatusBadRequest, err)
		return
	}


M internal/c/space/space.go => internal/c/space/space.go +5 -5
@@ 58,7 58,7 @@ func (s *Space) serve(w http.ResponseWriter, r *http.Request) {

	user, err := s.GetCookieUser(w, r)
	if err != nil {
		s.Error2(w, r, http.StatusBadRequest, c.ErrNoLogin)
		s.Error2(w, r, http.StatusBadRequest, err)
		return
	}



@@ 97,7 97,7 @@ func (s *Space) create(w http.ResponseWriter, r *http.Request) {

	user, err := s.GetCookieUser(w, r)
	if err != nil {
		s.Error2(w, r, http.StatusBadRequest, errors.Wrap(c.ErrNoLogin, "can't create space"))
		s.Error2(w, r, http.StatusBadRequest, errors.Wrap(err, "can't create space"))
		return
	}



@@ 119,7 119,7 @@ func (s *Space) copy(w http.ResponseWriter, r *http.Request) {

	user, err := s.GetCookieUser(w, r)
	if err != nil {
		s.Error2(w, r, http.StatusBadRequest, errors.Wrap(c.ErrNoLogin, "can't copy space"))
		s.Error2(w, r, http.StatusBadRequest, errors.Wrap(err, "can't copy space"))
		return
	}



@@ 148,7 148,7 @@ func (s *Space) update(w http.ResponseWriter, r *http.Request) {

	user, err := s.GetCookieUser(w, r)
	if err != nil {
		s.Error2(w, r, http.StatusBadRequest, errors.Wrap(c.ErrNoLogin, "can't update space"))
		s.Error2(w, r, http.StatusBadRequest, errors.Wrap(err, "can't update space"))
		return
	}



@@ 175,7 175,7 @@ func (s *Space) delete(w http.ResponseWriter, r *http.Request) {

	user, err := s.GetCookieUser(w, r)
	if err != nil {
		s.Error2(w, r, http.StatusBadRequest, errors.Wrap(c.ErrNoLogin, "can't delete space"))
		s.Error2(w, r, http.StatusBadRequest, errors.Wrap(err, "can't delete space"))
		return
	}


M internal/c/user/user.go => internal/c/user/user.go +1 -2
@@ 17,7 17,6 @@ import (

var (
	indexHTML   = v.MustParse("html/index.html")
	ErrNoUser   = errors.New("incorrect user credentials")
	ErrNoSignup = errors.New("signups are forbidden at this time")
	ErrNoTier   = errors.New("invalid tier")
)


@@ 62,7 61,7 @@ func (l *User) login(w http.ResponseWriter, r *http.Request) {

	user, err := l.db.UserGet(username, password)
	if err != nil {
		l.Error2(w, r, http.StatusBadRequest, ErrNoUser)
		l.Error2(w, r, http.StatusBadRequest, err)
		return
	}


A internal/s/db/action.go => internal/s/db/action.go +27 -0
@@ 0,0 1,27 @@
package db

import (
	"time"

	"git.sr.ht/~evanj/cms/internal/m/org"
)

func (db *DB) ActionNew(o org.Org) error {
	_, err := db.Exec("INSERT INTO cms_action (ORG_ID) VALUES (?)", o.ID())
	return err
}

func (db *DB) ActionGetCount(o org.Org, from, to time.Time) (int, error) {
	var (
		count int
		q     = "SELECT COUNT(*) FROM cms_action WHERE cms_action.ORG_ID=? AND AT>? AND AT<?"
	)

	a := from.Format("2006-01-02 03:04:05")
	b := to.Format("2006-01-02 03:04:05")
	if err := db.QueryRow(q, o.ID(), a, b).Scan(&count); err != nil {
		return 0, err
	}

	return count, nil
}

M internal/s/db/migrations_embed.go => internal/s/db/migrations_embed.go +2 -0
@@ 22,6 22,8 @@ func init() {

	migrations["sql/00004.sql"] = tostring("Q1JFQVRFIFRBQkxFIGNtc19iaWxsaW5nICgKCUlEIElOVEVHRVIgUFJJTUFSWSBLRVkgQVVUT19JTkNSRU1FTlQsCiAgUEFZTUVOVF9DVVNUT01FUiB2YXJjaGFyKDI1NikgTk9UIE5VTEwsCiAgVElFUl9OQU1FIHZhcmNoYXIoMjU2KSBOT1QgTlVMTCwKICBPUkdfSUQgSU5URUdFUiBOT1QgTlVMTCwKICBDT05TVFJBSU5UIENNU19CSUxMSU5HX1RPX09SR19GSyBGT1JFSUdOIEtFWShPUkdfSUQpIFJFRkVSRU5DRVMgY21zX29yZyhJRCkKKTsKCg==")

	migrations["sql/00005.sql"] = tostring("Q1JFQVRFIFRBQkxFIGNtc19hY3Rpb24gKCAKCUlEIElOVEVHRVIgUFJJTUFSWSBLRVkgQVVUT19JTkNSRU1FTlQsCiAgQVQgVElNRVNUQU1QIE5PVCBOVUxMIERFRkFVTFQgQ1VSUkVOVF9USU1FU1RBTVAsCiAgT1JHX0lEIElOVEVHRVIgTk9UIE5VTEwsCiAgQ09OU1RSQUlOVCBDTVNfQUNUSU9OX1RPX09SR19GSyBGT1JFSUdOIEtFWShPUkdfSUQpIFJFRkVSRU5DRVMgY21zX29yZyhJRCkKKTsK")

}

func Get(name string) (string, bool) {

M internal/s/db/org.go => internal/s/db/org.go +13 -0
@@ 97,3 97,16 @@ func (db *DB) OrgUpdateTier(u user.User, o org.Org, t tier.Tier, paymentCustomer

	return tx.Commit()
}

func (db *DB) OrgGetSpaceCount(o org.Org) (int, error) {
	var (
		count int
		q     = "SELECT COUNT(*) FROM cms_space WHERE cms_space.ORG_ID=?"
	)

	if err := db.QueryRow(q, o.ID()).Scan(&count); err != nil {
		return 0, err
	}

	return count, nil
}

M internal/s/db/space.go => internal/s/db/space.go +1 -1
@@ 373,7 373,7 @@ func (db *DB) SpaceDelete(user user.User, space space.Space) error {
	}
	defer t.Rollback()

	if _, err := t.Exec(queryDeleteSpace, space.ID(), user.ID()); err != nil {
	if _, err := t.Exec(queryDeleteSpace, user.ID(), space.ID()); err != nil {
		return err
	}


A internal/s/db/sql/00005.sql => internal/s/db/sql/00005.sql +6 -0
@@ 0,0 1,6 @@
CREATE TABLE cms_action ( 
	ID INTEGER PRIMARY KEY AUTO_INCREMENT,
  AT TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
  ORG_ID INTEGER NOT NULL,
  CONSTRAINT CMS_ACTION_TO_ORG_FK FOREIGN KEY(ORG_ID) REFERENCES cms_org(ID)
);

A internal/s/rl/rl.go => internal/s/rl/rl.go +117 -0
@@ 0,0 1,117 @@
// Rate limiter.
package rl

import (
	"errors"
	"fmt"
	"log"
	"time"

	"git.sr.ht/~evanj/cms/internal/m/org"
	"git.sr.ht/~evanj/cms/internal/m/space"
	"git.sr.ht/~evanj/cms/internal/m/tier"
	"git.sr.ht/~evanj/cms/internal/m/user"
	"git.sr.ht/~evanj/cms/internal/s/cache"
)

var (
	requestLimits = map[string]int{
		// If not in map, unlimited.
		tier.Free.Name:     60,
		tier.Business.Name: 60,
	}

	spaceLimits = map[string]int{
		// If not in map, unlimited.
		tier.Free.Name:     1,
		tier.Business.Name: 5,
	}

	ErrHitLimit = errors.New("you have surpassed your usage limit: consider upgrading")
)

type RL struct {
	*cache.Cache

	log *log.Logger
	db  *cache.Cache // Or *db.DB depending on nest order.
}

func New(l *log.Logger, db *cache.Cache) RL {
	return RL{db, l, db}
}

// Limit requests made.

func (rl RL) requestLimit(o org.Org) error {
	limit, ok := requestLimits[o.Tier().Name]
	if !ok {
		// If not in map, unlimited.
		return rl.db.ActionNew(o)
	}

	// TODO: Time zone?
	now := time.Now()
	c, err := rl.db.ActionGetCount(o, now.Add(-1*time.Minute), now)
	if err != nil {
		return err
	}

	if c >= limit {
		return ErrHitLimit
	}

	return rl.db.ActionNew(o)
}

func (rl RL) UserGet(username, password string) (user.User, error) {
	u, e := rl.db.UserGet(username, password)
	if e != nil {
		return nil, e
	}
	return u, rl.requestLimit(u.Org())
}

func (rl RL) UserGetFromToken(token string) (user.User, error) {
	u, e := rl.db.UserGetFromToken(token)
	if e != nil {
		return nil, e
	}
	return u, rl.requestLimit(u.Org())
}

// Limit spaces created.

func (rl RL) spaceLimit(o org.Org, getter func() (space.Space, error)) (space.Space, error) {
	limit, ok := spaceLimits[o.Tier().Name]
	if !ok {
		// If not in map, unlimited.
		return getter()
	}

	c, err := rl.db.OrgGetSpaceCount(o)
	if err != nil {
		return nil, err
	}

	if c >= limit {
		return nil, fmt.Errorf("can't create new space: %w", ErrHitLimit)
	}

	return getter()
}

func (rl RL) SpaceNew(user user.User, name, desc string) (space.Space, error) {
	return rl.spaceLimit(user.Org(), func() (space.Space, error) {
		return rl.db.SpaceNew(user, name, desc)
	})
}

func (rl RL) SpaceCopy(user user.User, prevS space.Space, name, desc string) (space.Space, error) {
	return rl.spaceLimit(user.Org(), func() (space.Space, error) {
		return rl.db.SpaceCopy(user, prevS, name, desc)
	})
}

// TODO: Limit users created (and associated with org). Currently, no support
// for adding more users to an org.

A internal/s/rl/rl_test.go => internal/s/rl/rl_test.go +1 -0
@@ 0,0 1,1 @@
package rl_test

M internal/v/tmpls_embed.go => internal/v/tmpls_embed.go +5 -5
@@ 32,23 32,23 @@ func init() {

	tmpls["html/contact.html"] = tostring("PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ZW4+CjxoZWFkPgogIHt7IHRlbXBsYXRlICJodG1sL19oZWFkLmh0bWwiIH19CiAgPHRpdGxlPkNNUyB8IENvbnRhY3Q8L3RpdGxlPgo8L2hlYWQ+Cjxib2R5IGNsYXNzPSdwYWdlIGJnLWxpZ2h0Jz4KICA8c3R5bGU+e3sgdGVtcGxhdGUgImNzcy9tYWluLmNzcyIgfX08L3N0eWxlPgogIDxtYWluPgogICAge3sgdGVtcGxhdGUgImh0bWwvX2hlYWRlci5odG1sIiAkIH19CiAgICA8ZGl2IGNsYXNzPSJwcmljaW5nLWhlYWRlciBweC0zIHB5LTMgcHQtbWQtNSBwYi1tZC00IG14LWF1dG8gdGV4dC1jZW50ZXIiPgogICAgICA8aDEgY2xhc3M9ImRpc3BsYXktNCI+Q29udGFjdDwvaDE+CiAgICA8L2Rpdj4KICAgIDxkaXYgY2xhc3M9J2NvbnRhaW5lcic+CiAgICAgIDxkaXYgY2xhc3M9J3Jvdyc+CiAgICAgICAgPGRpdiBjbGFzcz0iY29sLTEyIG9mZnNldC0wIGNvbC1sZy04IG9mZnNldC1sZy0yIj4KICAgICAgICAgIFRPRE8KICAgICAgICA8L2Rpdj4KICAgICAgPC9kaXY+CiAgICA8L2Rpdj4KICAgIHt7IHRlbXBsYXRlICJodG1sL19mb290ZXIuaHRtbCIgJCB9fQogIDwvbWFpbj4KICB7eyB0ZW1wbGF0ZSAiaHRtbC9fc2NyaXB0cy5odG1sIiB9fQo8L2JvZHk+CjwvaHRtbD4K")

	tmpls["html/content.html"] = tostring("")
	tmpls["html/content.html"] = tostring("")

	tmpls["html/contenttype.html"] = tostring("")
	tmpls["html/contenttype.html"] = tostring("")

	tmpls["html/doc.html"] = tostring("")

	tmpls["html/faq.html"] = tostring("PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ZW4+CjxoZWFkPgogIHt7IHRlbXBsYXRlICJodG1sL19oZWFkLmh0bWwiIH19CiAgPHRpdGxlPkNNUyB8IEZBUTwvdGl0bGU+CjwvaGVhZD4KPGJvZHkgY2xhc3M9J3BhZ2UgYmctbGlnaHQnPgogIDxzdHlsZT57eyB0ZW1wbGF0ZSAiY3NzL21haW4uY3NzIiB9fTwvc3R5bGU+CiAgPG1haW4+CiAgICB7eyB0ZW1wbGF0ZSAiaHRtbC9faGVhZGVyLmh0bWwiICQgfX0KICAgIDxkaXYgY2xhc3M9InByaWNpbmctaGVhZGVyIHB4LTMgcHktMyBwdC1tZC01IHBiLW1kLTQgbXgtYXV0byB0ZXh0LWNlbnRlciI+CiAgICAgIDxoMSBjbGFzcz0iZGlzcGxheS00Ij5GQVE8L2gxPgogICAgPC9kaXY+CiAgICA8ZGl2IGNsYXNzPSdjb250YWluZXInPgogICAgICA8ZGl2IGNsYXNzPSdyb3cnPgogICAgICAgIDxkaXYgY2xhc3M9ImNvbC0xMiBvZmZzZXQtMCBjb2wtbGctOCBvZmZzZXQtbGctMiI+CiAgICAgICAgICBUT0RPCiAgICAgICAgPC9kaXY+CiAgICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICB7eyB0ZW1wbGF0ZSAiaHRtbC9fZm9vdGVyLmh0bWwiICQgfX0KICA8L21haW4+CiAge3sgdGVtcGxhdGUgImh0bWwvX3NjcmlwdHMuaHRtbCIgfX0KPC9ib2R5Pgo8L2h0bWw+Cg==")

	tmpls["html/hook.html"] = tostring("PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ZW4+CjxoZWFkPgogIHt7IHRlbXBsYXRlICJodG1sL19oZWFkLmh0bWwiIH19CiAgPHRpdGxlPkNNUyB8IHt7IC5TcGFjZS5OYW1lIH19IHwge3sgLkhvb2suVVJMIH19PC90aXRsZT4KPC9oZWFkPgo8Ym9keSBjbGFzcz0naG9vayBiZy1saWdodCc+CiAgPHN0eWxlPnt7IHRlbXBsYXRlICJjc3MvbWFpbi5jc3MiIH19PC9zdHlsZT4KICA8bWFpbj4KICAgIHt7IHRlbXBsYXRlICJodG1sL19oZWFkZXIuaHRtbCIgJCB9fQogICAgPGRpdiBjbGFzcz0icHJpY2luZy1oZWFkZXIgcHgtMyBweS0zIHB0LW1kLTUgcGItbWQtNCBteC1hdXRvIHRleHQtY2VudGVyIj4KICAgICAgPGgxIGNsYXNzPSJkaXNwbGF5LTQiPnt7IC5Ib29rLlVSTCB9fTwvaDE+CiAgICA8L2Rpdj4KICAgIDxhcnRpY2xlIGNsYXNzPWNvbnRhaW5lcj4KICAgICAgPGZvcm0gbWV0aG9kPVBPU1QgYWN0aW9uPScvaG9vaycgZW5jdHlwZT0nbXVsdGlwYXJ0L2Zvcm0tZGF0YSc+CiAgICAgICAgPGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9bWV0aG9kIHZhbHVlPURFTEVURSAvPgogICAgICAgIDxpbnB1dCByZXF1aXJlZCB0eXBlPWhpZGRlbiBuYW1lPXNwYWNlIHZhbHVlPSJ7eyAuU3BhY2UuSUQgfX0iIC8+CiAgICAgICAgPGlucHV0IHJlcXVpcmVkIHR5cGU9aGlkZGVuIG5hbWU9aG9vayB2YWx1ZT0ie3sgLkhvb2suSUQgfX0iIC8+CiAgICAgICAgPGRpdiBjbGFzcz0ibW9kYWwgZmFkZSIgaWQ9ImRlbGV0ZU1vZGFsIiB0YWJpbmRleD0iLTEiIHJvbGU9ImRpYWxvZyIgYXJpYS1sYWJlbGxlZGJ5PSJkZWxldGVNb2RhbExhYmVsIiBhcmlhLWhpZGRlbj0idHJ1ZSI+CiAgICAgICAgICA8ZGl2IGNsYXNzPSJtb2RhbC1kaWFsb2cgbW9kYWwtZGlhbG9nLXNjcm9sbGFibGUiPgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJtb2RhbC1jb250ZW50Ij4KICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJtb2RhbC1oZWFkZXIiPgogICAgICAgICAgICAgICAgPGg1IGNsYXNzPSJtb2RhbC10aXRsZSIgaWQ9ImRlbGV0ZU1vZGFsTGFiZWwiPkRlbGV0ZSB7eyAuSG9vay5VUkwgfX08L2g1PgogICAgICAgICAgICAgICAgPGJ1dHRvbiB0eXBlPSJidXR0b24iIGNsYXNzPSJjbG9zZSIgZGF0YS1kaXNtaXNzPSJtb2RhbCIgYXJpYS1sYWJlbD0iQ2xvc2UiPgogICAgICAgICAgICAgICAgICA8c3BhbiBhcmlhLWhpZGRlbj0idHJ1ZSI+JnRpbWVzOzwvc3Bhbj4KICAgICAgICAgICAgICAgIDwvYnV0dG9uPgogICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgIDxkaXYgY2xhc3M9Im1vZGFsLWZvb3RlciI+CiAgICAgICAgICAgICAgICA8YnV0dG9uIHR5cGU9ImJ1dHRvbiIgY2xhc3M9ImJ0biBidG4tc2Vjb25kYXJ5IiBkYXRhLWRpc21pc3M9Im1vZGFsIj5DbG9zZTwvYnV0dG9uPgogICAgICAgICAgICAgICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIGNsYXNzPSJidG4gYnRuLXByaW1hcnkiPkdvPC9idXR0b24+CiAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAgIDwvZm9ybT4KICAgIDwvZGl2PgogICAge3sgdGVtcGxhdGUgImh0bWwvX2Zvb3Rlci5odG1sIiAkIH19CiAgPC9tYWluPgogIHt7IHRlbXBsYXRlICJodG1sL19zY3JpcHRzLmh0bWwiIH19CiAgPHNjcmlwdD57eyB0ZW1wbGF0ZSAianMvbWFpbi5qcyIgJCB9fTwvc2NyaXB0Pgo8L2JvZHk+CjwvaHRtbD4K")
	tmpls["html/hook.html"] = tostring("PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ZW4+CjxoZWFkPgogIHt7IHRlbXBsYXRlICJodG1sL19oZWFkLmh0bWwiIH19CiAgPHRpdGxlPlNraXBwZXIgQ01TIHwge3sgLlNwYWNlLk5hbWUgfX0gfCB7eyAuSG9vay5VUkwgfX08L3RpdGxlPgo8L2hlYWQ+Cjxib2R5IGNsYXNzPSdob29rIGJnLWxpZ2h0Jz4KICA8c3R5bGU+e3sgdGVtcGxhdGUgImNzcy9tYWluLmNzcyIgfX08L3N0eWxlPgogIDxtYWluPgogICAge3sgdGVtcGxhdGUgImh0bWwvX2hlYWRlci5odG1sIiAkIH19CiAgICA8ZGl2IGNsYXNzPSJwcmljaW5nLWhlYWRlciBweC0zIHB5LTMgcHQtbWQtNSBwYi1tZC00IG14LWF1dG8gdGV4dC1jZW50ZXIiPgogICAgICA8aDEgY2xhc3M9ImRpc3BsYXktNCI+e3sgLkhvb2suVVJMIH19PC9oMT4KICAgIDwvZGl2PgogICAgPGFydGljbGUgY2xhc3M9Y29udGFpbmVyPgogICAgICA8Zm9ybSBtZXRob2Q9UE9TVCBhY3Rpb249Jy9ob29rJyBlbmN0eXBlPSdtdWx0aXBhcnQvZm9ybS1kYXRhJz4KICAgICAgICA8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1tZXRob2QgdmFsdWU9REVMRVRFIC8+CiAgICAgICAgPGlucHV0IHJlcXVpcmVkIHR5cGU9aGlkZGVuIG5hbWU9c3BhY2UgdmFsdWU9Int7IC5TcGFjZS5JRCB9fSIgLz4KICAgICAgICA8aW5wdXQgcmVxdWlyZWQgdHlwZT1oaWRkZW4gbmFtZT1ob29rIHZhbHVlPSJ7eyAuSG9vay5JRCB9fSIgLz4KICAgICAgICA8ZGl2IGNsYXNzPSJtb2RhbCBmYWRlIiBpZD0iZGVsZXRlTW9kYWwiIHRhYmluZGV4PSItMSIgcm9sZT0iZGlhbG9nIiBhcmlhLWxhYmVsbGVkYnk9ImRlbGV0ZU1vZGFsTGFiZWwiIGFyaWEtaGlkZGVuPSJ0cnVlIj4KICAgICAgICAgIDxkaXYgY2xhc3M9Im1vZGFsLWRpYWxvZyBtb2RhbC1kaWFsb2ctc2Nyb2xsYWJsZSI+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9Im1vZGFsLWNvbnRlbnQiPgogICAgICAgICAgICAgIDxkaXYgY2xhc3M9Im1vZGFsLWhlYWRlciI+CiAgICAgICAgICAgICAgICA8aDUgY2xhc3M9Im1vZGFsLXRpdGxlIiBpZD0iZGVsZXRlTW9kYWxMYWJlbCI+RGVsZXRlIHt7IC5Ib29rLlVSTCB9fTwvaDU+CiAgICAgICAgICAgICAgICA8YnV0dG9uIHR5cGU9ImJ1dHRvbiIgY2xhc3M9ImNsb3NlIiBkYXRhLWRpc21pc3M9Im1vZGFsIiBhcmlhLWxhYmVsPSJDbG9zZSI+CiAgICAgICAgICAgICAgICAgIDxzcGFuIGFyaWEtaGlkZGVuPSJ0cnVlIj4mdGltZXM7PC9zcGFuPgogICAgICAgICAgICAgICAgPC9idXR0b24+CiAgICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgICAgPGRpdiBjbGFzcz0ibW9kYWwtZm9vdGVyIj4KICAgICAgICAgICAgICAgIDxidXR0b24gdHlwZT0iYnV0dG9uIiBjbGFzcz0iYnRuIGJ0bi1zZWNvbmRhcnkiIGRhdGEtZGlzbWlzcz0ibW9kYWwiPkNsb3NlPC9idXR0b24+CiAgICAgICAgICAgICAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgY2xhc3M9ImJ0biBidG4tcHJpbWFyeSI+R288L2J1dHRvbj4KICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Rpdj4KICAgICAgPC9mb3JtPgogICAgPC9kaXY+CiAgICB7eyB0ZW1wbGF0ZSAiaHRtbC9fZm9vdGVyLmh0bWwiICQgfX0KICA8L21haW4+CiAge3sgdGVtcGxhdGUgImh0bWwvX3NjcmlwdHMuaHRtbCIgfX0KICA8c2NyaXB0Pnt7IHRlbXBsYXRlICJqcy9tYWluLmpzIiAkIH19PC9zY3JpcHQ+CjwvYm9keT4KPC9odG1sPgo=")

	tmpls["html/index.html"] = tostring("")
	tmpls["html/index.html"] = tostring("")

	tmpls["html/privacy.html"] = tostring("PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ZW4+CjxoZWFkPgogIHt7IHRlbXBsYXRlICJodG1sL19oZWFkLmh0bWwiIH19CiAgPHRpdGxlPkNNUyB8IFByaXZhY3k8L3RpdGxlPgo8L2hlYWQ+Cjxib2R5IGNsYXNzPSdwYWdlIGJnLWxpZ2h0Jz4KICA8c3R5bGU+e3sgdGVtcGxhdGUgImNzcy9tYWluLmNzcyIgfX08L3N0eWxlPgogIDxtYWluPgogICAge3sgdGVtcGxhdGUgImh0bWwvX2hlYWRlci5odG1sIiAkIH19CiAgICA8ZGl2IGNsYXNzPSJwcmljaW5nLWhlYWRlciBweC0zIHB5LTMgcHQtbWQtNSBwYi1tZC00IG14LWF1dG8gdGV4dC1jZW50ZXIiPgogICAgICA8aDEgY2xhc3M9ImRpc3BsYXktNCI+UHJpdmFjeTwvaDE+CiAgICA8L2Rpdj4KICAgIDxkaXYgY2xhc3M9J2NvbnRhaW5lcic+CiAgICAgIDxkaXYgY2xhc3M9J3Jvdyc+CiAgICAgICAgPGRpdiBjbGFzcz0iY29sLTEyIG9mZnNldC0wIGNvbC1sZy04IG9mZnNldC1sZy0yIj4KICAgICAgICAgIFRPRE8KICAgICAgICA8L2Rpdj4KICAgICAgPC9kaXY+CiAgICA8L2Rpdj4KICAgIHt7IHRlbXBsYXRlICJodG1sL19mb290ZXIuaHRtbCIgJCB9fQogIDwvbWFpbj4KICB7eyB0ZW1wbGF0ZSAiaHRtbC9fc2NyaXB0cy5odG1sIiB9fQo8L2JvZHk+CjwvaHRtbD4K")

	tmpls["html/redirect.html"] = tostring("PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ZW4+CjxoZWFkPgogIHt7IHRlbXBsYXRlICJodG1sL19oZWFkLmh0bWwiIH19CiAgPHRpdGxlPkNNUzwvdGl0bGU+CjwvaGVhZD4KPGJvZHkgY2xhc3M9J2luZGV4IGJnLWxpZ2h0Jz4KICA8c3R5bGU+e3sgdGVtcGxhdGUgImNzcy9tYWluLmNzcyIgfX08L3N0eWxlPgogIDxtYWluPgogICAge3sgdGVtcGxhdGUgImh0bWwvX2hlYWRlci5odG1sIiAkIH19CiAgICA8ZGl2IGNsYXNzPSJwcmljaW5nLWhlYWRlciBweC0zIHB5LTMgcHQtbWQtNSBwYi1tZC00IG14LWF1dG8gdGV4dC1jZW50ZXIiPgogICAgICA8aDEgY2xhc3M9ImRpc3BsYXktNCI+UmVkaXJlY3RpbmcuLi48L2gxPgogICAgPC9kaXY+CiAgICB7eyB0ZW1wbGF0ZSAiaHRtbC9fZm9vdGVyLmh0bWwiICQgfX0KICA8L21haW4+CiAge3sgdGVtcGxhdGUgImh0bWwvX3NjcmlwdHMuaHRtbCIgfX0KICA8c2NyaXB0PihmdW5jdGlvbigpe3NldFRpbWVvdXQoZnVuY3Rpb24oKXtsb2NhdGlvbi5ocmVmPSJ7ey5VUkx9fSI7fSw1MDApO30pKCk7PC9zY3JpcHQ+CjwvYm9keT4KPC9odG1sPgo=")

	tmpls["html/space.html"] = tostring("")
	tmpls["html/space.html"] = tostring("")

	tmpls["html/stripe.html"] = tostring("PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ZW4+CjxoZWFkPgogIHt7IHRlbXBsYXRlICJodG1sL19oZWFkLmh0bWwiIH19CiAgPHRpdGxlPkNNUyB8IERvY3M8L3RpdGxlPgo8L2hlYWQ+Cjxib2R5IGNsYXNzPSdwYWdlIGJnLWxpZ2h0Jz4KICA8c3R5bGU+e3sgdGVtcGxhdGUgImNzcy9tYWluLmNzcyIgfX08L3N0eWxlPgogIDxtYWluPgogICAge3sgdGVtcGxhdGUgImh0bWwvX2hlYWRlci5odG1sIiAkIH19CiAgICA8ZGl2IGNsYXNzPSJwcmljaW5nLWhlYWRlciBweC0zIHB5LTMgcHQtbWQtNSBwYi1tZC00IG14LWF1dG8gdGV4dC1jZW50ZXIiPgogICAgICA8aDEgY2xhc3M9ImRpc3BsYXktNCI+UHJvY2Vzc2luZy4uLjwvaDE+CiAgICA8L2Rpdj4KICAgIHt7IHRlbXBsYXRlICJodG1sL19mb290ZXIuaHRtbCIgJCB9fQogIDwvbWFpbj4KICB7eyB0ZW1wbGF0ZSAiaHRtbC9fc2NyaXB0cy5odG1sIiB9fQogIDxzY3JpcHQgc3JjPSIvL2pzLnN0cmlwZS5jb20vdjMvIj48L3NjcmlwdD4KICA8c2NyaXB0PgogICAgKGZ1bmN0aW9uKCkgeyAKICAgICAgdmFyIHN0cmlwZSA9IFN0cmlwZSgne3suU3RyaXBlUEt9fScpOwogICAgICB2YXIgY2hlY2tvdXRCdXR0b24gPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY2hlY2tvdXQtYnV0dG9uJyk7CiAgICAgIHN0cmlwZS5yZWRpcmVjdFRvQ2hlY2tvdXQoewogICAgICAgIHNlc3Npb25JZDogJ3t7LlN0cmlwZUNoZWNrb3V0U2Vzc2lvbklEfX0nCiAgICAgIH0pLnRoZW4oZnVuY3Rpb24gKHJlc3VsdCkgewogICAgICAgIGNvbnNvbGUubG9nKHJlc3VsdCkKICAgICAgICBhbGVydChyZXN1bHQuZXJyb3IubWVzc2FnZSk7CiAgICAgIH0pOwogICAgfSkoKTsKICA8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+Cg==")