From 899ba579fc55a04e95b780ffec5d20d0942dbda2 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Sat, 27 Mar 2021 14:03:10 +0100
Subject: [PATCH 001/174] feat(quic): compile and start quicer listener.

---
 apps/emqx/etc/emqx.conf          | 306 +++++++++++++++++++++++++++++++
 apps/emqx/src/emqx_listeners.erl |  17 +-
 rebar.config                     |   1 +
 rebar.config.erl                 |   1 +
 4 files changed, 324 insertions(+), 1 deletion(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index f6627bf1c..6be808264 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -2155,6 +2155,312 @@ listener.wss.external.allow_origin_absence = true
 ## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
 listener.wss.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
 
+
+##--------------------------------------------------------------------
+## External QUIC listener for MQTT Protocol
+
+## listener.quic.$name is the IP address and port that the MQTT/QUIC
+## listener will bind.
+##
+## Value: IP:Port | Port
+##
+## Examples: 8084, 127.0.0.1:8084, ::1:8084
+listener.quic.external = 4567
+
+## The path of WebSocket MQTT endpoint
+##
+## Value: URL Path
+listener.quic.external.mqtt_path = /mqtt
+
+## The acceptor pool for external MQTT/QUIC listener.
+##
+## Value: Number
+listener.quic.external.acceptors = 4
+
+## Maximum number of concurrent MQTT/Webwocket/SSL connections.
+##
+## Value: Number
+listener.quic.external.max_connections = 16
+
+## Maximum MQTT/QUIC connections per second.
+##
+## See: listener.tcp.$name.max_conn_rate
+##
+## Value: Number
+listener.quic.external.max_conn_rate = 1000
+
+## Simulate the {active, N} option for the MQTT/QUIC connections.
+##
+## Value: Number
+listener.quic.external.active_n = 100
+
+## Zone of the external MQTT/QUIC listener belonged to.
+##
+## Value: String
+listener.quic.external.zone = external
+
+## The access control rules for the MQTT/QUIC listener.
+##
+## See: listener.tcp.$name.access.<no>
+##
+## Value: ACL Rule
+listener.quic.external.access.1 = allow all
+
+## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
+## Set to false for WeChat MiniApp.
+##
+## Value: true | false
+## listener.quic.external.fail_if_no_subprotocol = true
+
+## Supported subprotocols
+##
+## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
+## listener.quic.external.supported_subprotocols = mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
+
+## Enable the Proxy Protocol V1/2 support.
+##
+## See: listener.tcp.$name.proxy_protocol
+##
+## Value: on | off
+## listener.quic.external.proxy_protocol = on
+
+## Sets the timeout for proxy protocol.
+##
+## See: listener.tcp.$name.proxy_protocol_timeout
+##
+## Value: Duration
+## listener.quic.external.proxy_protocol_timeout = 3s
+
+## TLS versions only to protect from POODLE attack.
+##
+## See: listener.ssl.$name.tls_versions
+##
+## Value: String, seperated by ','
+## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
+## listener.quic.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
+
+## Path to the file containing the user's private PEM-encoded key.
+##
+## See: listener.ssl.$name.keyfile
+##
+## Value: File
+listener.quic.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
+
+## Path to a file containing the user certificate.
+##
+## See: listener.ssl.$name.certfile
+##
+## Value: File
+listener.quic.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
+
+## Path to the file containing PEM-encoded CA certificates.
+##
+## See: listener.ssl.$name.cacert
+##
+## Value: File
+## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
+
+## Maximum number of non-self-issued intermediate certificates that
+## can follow the peer certificate in a valid certification path.
+##
+## See: listener.ssl.external.depth
+##
+## Value: Number
+## listener.quic.external.depth = 10
+
+## String containing the user's password. Only used if the private keyfile
+## is password-protected.
+##
+## See: listener.ssl.$name.key_password
+##
+## Value: String
+## listener.quic.external.key_password = yourpass
+
+## See: listener.ssl.$name.dhfile
+##
+## Value: File
+## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
+
+## See: listener.ssl.$name.verify
+##
+## Value: verify_peer | verify_none
+## listener.quic.external.verify = verify_peer
+
+## See: listener.ssl.$name.fail_if_no_peer_cert
+##
+## Value: false | true
+## listener.quic.external.fail_if_no_peer_cert = true
+
+## See: listener.ssl.$name.ciphers
+##
+## Value: Ciphers
+listener.quic.external.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
+
+## Ciphers for TLS PSK.
+## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
+## be configured at the same time.
+## See 'https://tools.ietf.org/html/rfc4279#section-2'.
+## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
+
+## See: listener.ssl.$name.secure_renegotiate
+##
+## Value: on | off
+## listener.quic.external.secure_renegotiate = off
+
+## See: listener.ssl.$name.reuse_sessions
+##
+## Value: on | off
+## listener.quic.external.reuse_sessions = on
+
+## See: listener.ssl.$name.honor_cipher_order
+##
+## Value: on | off
+## listener.quic.external.honor_cipher_order = on
+
+## See: listener.ssl.$name.peer_cert_as_username
+##
+## Value: cn | dn | crt | pem | md5
+## listener.quic.external.peer_cert_as_username = cn
+
+## See: listener.ssl.$name.peer_cert_as_clientid
+##
+## Value: cn | dn | crt | pem | md5
+## listener.quic.external.peer_cert_as_clientid = cn
+
+## TCP backlog for the QUIC connection.
+##
+## See: listener.tcp.$name.backlog
+##
+## Value: Number >= 0
+listener.quic.external.backlog = 1024
+
+## The TCP send timeout for the QUIC connection.
+##
+## See: listener.tcp.$name.send_timeout
+##
+## Value: Duration
+listener.quic.external.send_timeout = 15s
+
+## Close the QUIC connection if send timeout.
+##
+## See: listener.tcp.$name.send_timeout_close
+##
+## Value: on | off
+listener.quic.external.send_timeout_close = on
+
+## The TCP receive buffer(os kernel) for the QUIC connections.
+##
+## See: listener.tcp.$name.recbuf
+##
+## Value: Bytes
+## listener.quic.external.recbuf = 4KB
+
+## The TCP send buffer(os kernel) for the QUIC connections.
+##
+## See: listener.tcp.$name.sndbuf
+##
+## Value: Bytes
+## listener.quic.external.sndbuf = 4KB
+
+## The size of the user-level software buffer used by the driver.
+##
+## See: listener.tcp.$name.buffer
+##
+## Value: Bytes
+## listener.quic.external.buffer = 4KB
+
+## The TCP_NODELAY flag for QUIC connections.
+##
+## See: listener.tcp.$name.nodelay
+##
+## Value: true | false
+## listener.quic.external.nodelay = true
+
+## The compress flag for external QUIC connections.
+##
+## If this Value is set true,the websocket message would be compressed
+##
+## Value: true | false
+## listener.quic.external.compress = true
+
+## The level of deflate options for external QUIC connections.
+##
+## See: listener.quic.$name.deflate_opts.level
+##
+## Value: none | default | best_compression | best_speed
+## listener.quic.external.deflate_opts.level = default
+
+## The mem_level of deflate options for external QUIC connections.
+##
+## See: listener.quic.$name.deflate_opts.mem_level
+##
+## Valid range is 1-9
+## listener.quic.external.deflate_opts.mem_level = 8
+
+## The strategy of deflate options for external QUIC connections.
+##
+## See: listener.quic.$name.deflate_opts.strategy
+##
+## Value: default | filtered | huffman_only | rle
+## listener.quic.external.deflate_opts.strategy = default
+
+## The deflate option for external QUIC connections.
+##
+## See: listener.quic.$name.deflate_opts.server_context_takeover
+##
+## Value: takeover | no_takeover
+## listener.quic.external.deflate_opts.server_context_takeover = takeover
+
+## The deflate option for external QUIC connections.
+##
+## See: listener.quic.$name.deflate_opts.client_context_takeover
+##
+## Value: takeover | no_takeover
+## listener.quic.external.deflate_opts.client_context_takeover = takeover
+
+## The deflate options for external QUIC connections.
+##
+## See: listener.quic.$name.deflate_opts.server_max_window_bits
+##
+## Valid range is 8-15
+## listener.quic.external.deflate_opts.server_max_window_bits = 15
+
+## The deflate options for external QUIC connections.
+##
+## See: listener.quic.$name.deflate_opts.client_max_window_bits
+##
+## Valid range is 8-15
+## listener.quic.external.deflate_opts.client_max_window_bits = 15
+
+## The idle timeout for external QUIC connections.
+##
+## See: listener.quic.$name.idle_timeout
+##
+## Value: Duration
+## listener.quic.external.idle_timeout = 60s
+
+## The max frame size for external QUIC connections.
+##
+## Value: Number
+## listener.quic.external.max_frame_size = 0
+
+## Whether a WebSocket message is allowed to contain multiple MQTT packets
+##
+## Value: single | multiple
+listener.quic.external.mqtt_piggyback = multiple
+## Enable origin check in header for secure websocket connection
+##
+## Value: true | false (default false)
+listener.quic.external.check_origin_enable = false
+## Allow origin to be absent in header in secure websocket connection  when check_origin_enable is true
+##
+## Value: true | false (default true)
+listener.quic.external.allow_origin_absence = true
+## Comma separated list of allowed origin in header for secure websocket connection
+##
+## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
+listener.quic.external.check_origins = https://localhost:8084, https://127.0.0.1:8084
+
 ## CONFIG_SECTION_END=listeners ================================================
 
 ## CONFIG_SECTION_BGN=modules ==================================================
diff --git a/apps/emqx/src/emqx_listeners.erl b/apps/emqx/src/emqx_listeners.erl
index 1f3d1776b..d97fe32ed 100644
--- a/apps/emqx/src/emqx_listeners.erl
+++ b/apps/emqx/src/emqx_listeners.erl
@@ -139,7 +139,22 @@ start_listener(Proto, ListenOn, Options) when Proto == http; Proto == ws ->
 %% Start MQTT/WSS listener
 start_listener(Proto, ListenOn, Options) when Proto == https; Proto == wss ->
     start_http_listener(fun cowboy:start_tls/3, 'mqtt:wss', ListenOn,
-                        ranch_opts(Options), ws_opts(Options)).
+                        ranch_opts(Options), ws_opts(Options));
+
+%% MQTT over QUIC
+start_listener(quic, ListenOn, Options) ->
+    SSLOpts = proplists:get_value(ssl_options, Options),
+    ListenOpts = [ {cert, proplists:get_value(certfile, SSLOpts)}
+                 , {key, proplists:get_value(keyfile, SSLOpts)}
+                 , {alpn, ["mqtt"]}
+                 , {conn_acceptors, 32}
+                 ],
+    ConnectionOpts = [ {conn_callback, quicer_server_conn_callback}
+                     , {idle_timeout_ms, 5000}
+                     , {peer_unidi_stream_count, 1}
+                     , {peer_bidi_stream_count, 10}],
+    StreamOpts = [{stream_callback, quicer_echo_server_stream_callback}],
+    quicer:start_listener('mqtt:quic', ListenOn, {ListenOpts, ConnectionOpts, StreamOpts}).
 
 replace(Opts, Key, Value) -> [{Key, Value} | proplists:delete(Key, Opts)].
 
diff --git a/rebar.config b/rebar.config
index 109b680c5..eaa0ea6cf 100644
--- a/rebar.config
+++ b/rebar.config
@@ -54,6 +54,7 @@
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
     , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.1"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
+    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "quicer_application"}}}
     ]}.
 
 {xref_ignores,
diff --git a/rebar.config.erl b/rebar.config.erl
index 0248e6dab..a05b09686 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -241,6 +241,7 @@ relx_apps(ReleaseType) ->
     , compiler
     , runtime_tools
     , cuttlefish
+    , quicer
     , emqx
     , {mnesia, load}
     , {ekka, load}

From 70f22d2c1b980e885f96354fea35dae57fbd75ee Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 30 Mar 2021 23:39:09 +0200
Subject: [PATCH 002/174] feat(quic): reuse emqx_connection module for quic.

---
 apps/emqx/src/emqx_connection.erl      |  7 +++
 apps/emqx/src/emqx_listeners.erl       |  4 +-
 apps/emqx/src/emqx_quic_connection.erl | 26 ++++++++
 apps/emqx/src/emqx_quic_stream.erl     | 83 ++++++++++++++++++++++++++
 4 files changed, 118 insertions(+), 2 deletions(-)
 create mode 100644 apps/emqx/src/emqx_quic_connection.erl
 create mode 100644 apps/emqx/src/emqx_quic_stream.erl

diff --git a/apps/emqx/src/emqx_connection.erl b/apps/emqx/src/emqx_connection.erl
index ab91c02b4..6900e4f1e 100644
--- a/apps/emqx/src/emqx_connection.erl
+++ b/apps/emqx/src/emqx_connection.erl
@@ -416,6 +416,13 @@ handle_msg({Inet, _Sock, Data}, State) when Inet == tcp; Inet == ssl ->
     ok = emqx_metrics:inc('bytes.received', Oct),
     parse_incoming(Data, State);
 
+handle_msg({quic, Data, _Sock, _, _, _}, State) ->
+    ?LOG(debug, "RECV ~0p", [Data]),
+    Oct = iolist_size(Data),
+    inc_counter(incoming_bytes, Oct),
+    ok = emqx_metrics:inc('bytes.received', Oct),
+    parse_incoming(Data, State);
+
 handle_msg({incoming, Packet = ?CONNECT_PACKET(ConnPkt)},
            State = #state{idle_timer = IdleTimer}) ->
     ok = emqx_misc:cancel_timer(IdleTimer),
diff --git a/apps/emqx/src/emqx_listeners.erl b/apps/emqx/src/emqx_listeners.erl
index d97fe32ed..b3d6bf319 100644
--- a/apps/emqx/src/emqx_listeners.erl
+++ b/apps/emqx/src/emqx_listeners.erl
@@ -149,11 +149,11 @@ start_listener(quic, ListenOn, Options) ->
                  , {alpn, ["mqtt"]}
                  , {conn_acceptors, 32}
                  ],
-    ConnectionOpts = [ {conn_callback, quicer_server_conn_callback}
+    ConnectionOpts = [ {conn_callback, emqx_quic_connection}
                      , {idle_timeout_ms, 5000}
                      , {peer_unidi_stream_count, 1}
                      , {peer_bidi_stream_count, 10}],
-    StreamOpts = [{stream_callback, quicer_echo_server_stream_callback}],
+    StreamOpts = [],
     quicer:start_listener('mqtt:quic', ListenOn, {ListenOpts, ConnectionOpts, StreamOpts}).
 
 replace(Opts, Key, Value) -> [{Key, Value} | proplists:delete(Key, Opts)].
diff --git a/apps/emqx/src/emqx_quic_connection.erl b/apps/emqx/src/emqx_quic_connection.erl
new file mode 100644
index 000000000..b83522c6e
--- /dev/null
+++ b/apps/emqx/src/emqx_quic_connection.erl
@@ -0,0 +1,26 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_quic_connection).
+
+%% Callbacks
+-export([ new_conn/2
+        ]).
+
+new_conn(Conn, {_L, COpts, _S}) when is_map(COpts) ->
+    new_conn(Conn, maps:to_list(COpts));
+new_conn(Conn, COpts) ->
+    emqx_connection:start_link(emqx_quic_stream, Conn, COpts).
diff --git a/apps/emqx/src/emqx_quic_stream.erl b/apps/emqx/src/emqx_quic_stream.erl
new file mode 100644
index 000000000..e12d95f30
--- /dev/null
+++ b/apps/emqx/src/emqx_quic_stream.erl
@@ -0,0 +1,83 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% MQTT/QUIC Stream
+-module(emqx_quic_stream).
+
+%% emqx transport Callbacks
+-export([ type/1
+        , wait/1
+        , getstat/2
+        , fast_close/1
+        , ensure_ok_or_exit/2
+        , async_send/3
+        , setopts/2
+        , getopts/2
+        , peername/1
+        , sockname/1
+        , peercert/1
+        ]).
+
+wait(Conn) ->
+    quicer:accept_stream(Conn, []).
+
+type(_) ->
+    quic.
+
+peername(S) ->
+    quicer:peername(S).
+
+sockname(S) ->
+    quicer:sockname(S).
+
+peercert(_S) ->
+    nossl.
+
+getstat(Socket, Stats) ->
+    Res = quicer:getstats(Socket, Stats),
+    {ok, lists:keyreplace(send_pend, 1, Res, {send_pend, 0})}.
+
+setopts(_Socket, _Opts) ->
+    ok.
+
+getopts(_Socket, _Opts) ->
+    %% todo
+    { ok, [{high_watermark, 0},
+           {high_msgq_watermark, 0},
+           {sndbuf, 0},
+           {recbuf, 0},
+           {buffer,80000}]}.
+
+fast_close(Stream) ->
+    quicer:close_stream(Stream).
+
+-spec(ensure_ok_or_exit(atom(), list(term())) -> term()).
+ensure_ok_or_exit(Fun, Args = [Sock|_]) when is_atom(Fun), is_list(Args) ->
+    case erlang:apply(?MODULE, Fun, Args) of
+        {error, Reason} when Reason =:= enotconn; Reason =:= closed ->
+            fast_close(Sock),
+            exit(normal);
+        {error, Reason} ->
+            fast_close(Sock),
+            exit({shutdown, Reason});
+         Result -> Result
+    end.
+
+async_send(Stream, Data, Options) when is_list(Data) ->
+    async_send(Stream, iolist_to_binary(Data), Options);
+async_send(Stream, Data, _Options) when is_binary(Data) ->
+    {ok, _Len} = quicer:send(Stream, Data),
+    ok.

From 087aa1dd53bb87f45b997e6b07e9caecb73f252c Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Wed, 31 Mar 2021 13:45:40 +0200
Subject: [PATCH 003/174] feat(quic): handle stream close.

---
 apps/emqx/etc/emqx.conf            | 4 ++--
 apps/emqx/src/emqx_connection.erl  | 3 +++
 apps/emqx/src/emqx_quic_stream.erl | 4 +++-
 rebar.config                       | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index 6be808264..19100c41e 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -2164,8 +2164,8 @@ listener.wss.external.check_origins = "https://localhost:8084, https://127.0.0.1
 ##
 ## Value: IP:Port | Port
 ##
-## Examples: 8084, 127.0.0.1:8084, ::1:8084
-listener.quic.external = 4567
+## Examples: 14567, 127.0.0.1:14567, ::1:14567
+listener.quic.external = 14567
 
 ## The path of WebSocket MQTT endpoint
 ##
diff --git a/apps/emqx/src/emqx_connection.erl b/apps/emqx/src/emqx_connection.erl
index 6900e4f1e..8e3ee400b 100644
--- a/apps/emqx/src/emqx_connection.erl
+++ b/apps/emqx/src/emqx_connection.erl
@@ -738,6 +738,9 @@ handle_info({sock_error, Reason}, State) ->
     end,
     handle_info({sock_closed, Reason}, close_socket(State));
 
+handle_info({quic, closed, _Channel, ReasonFlag}, State) ->
+    handle_info({sock_closed, ReasonFlag}, State);
+
 handle_info(Info, State) ->
     with_channel(handle_info, [Info], State).
 
diff --git a/apps/emqx/src/emqx_quic_stream.erl b/apps/emqx/src/emqx_quic_stream.erl
index e12d95f30..a80af643a 100644
--- a/apps/emqx/src/emqx_quic_stream.erl
+++ b/apps/emqx/src/emqx_quic_stream.erl
@@ -62,7 +62,9 @@ getopts(_Socket, _Opts) ->
            {buffer,80000}]}.
 
 fast_close(Stream) ->
-    quicer:close_stream(Stream).
+    quicer:close_stream(Stream),
+    %% Stream might be closed already.
+    ok.
 
 -spec(ensure_ok_or_exit(atom(), list(term())) -> term()).
 ensure_ok_or_exit(Fun, Args = [Sock|_]) when is_atom(Fun), is_list(Args) ->
diff --git a/rebar.config b/rebar.config
index eaa0ea6cf..ac0604728 100644
--- a/rebar.config
+++ b/rebar.config
@@ -54,7 +54,7 @@
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
     , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.1"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
-    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "quicer_application"}}}
+    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "fix/getopt3-free-bin"}}}
     ]}.
 
 {xref_ignores,

From 570e096b5690ece5aba7ad01304b589b8909f639 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Sat, 3 Apr 2021 11:22:47 +0200
Subject: [PATCH 004/174] fix(quic): return empty list for dead 'Socket'

---
 apps/emqx/src/emqx_quic_stream.erl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/src/emqx_quic_stream.erl b/apps/emqx/src/emqx_quic_stream.erl
index a80af643a..1c99ad7da 100644
--- a/apps/emqx/src/emqx_quic_stream.erl
+++ b/apps/emqx/src/emqx_quic_stream.erl
@@ -47,8 +47,10 @@ peercert(_S) ->
     nossl.
 
 getstat(Socket, Stats) ->
-    Res = quicer:getstats(Socket, Stats),
-    {ok, lists:keyreplace(send_pend, 1, Res, {send_pend, 0})}.
+    case quicer:getstats(Socket, Stats) of
+        {error, _} -> [];
+        Res -> {ok, Res}
+    end.
 
 setopts(_Socket, _Opts) ->
     ok.

From 9570d01792fbdd91301dddf511037a9d8e1dcc83 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Mon, 5 Apr 2021 14:28:00 +0200
Subject: [PATCH 005/174] fix(quic): error handling for getstats.

- return {error, closed} instead
- quicer demo/3 branch.
---
 apps/emqx/src/emqx_quic_stream.erl | 2 +-
 rebar.config                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/src/emqx_quic_stream.erl b/apps/emqx/src/emqx_quic_stream.erl
index 1c99ad7da..056c5dd24 100644
--- a/apps/emqx/src/emqx_quic_stream.erl
+++ b/apps/emqx/src/emqx_quic_stream.erl
@@ -48,7 +48,7 @@ peercert(_S) ->
 
 getstat(Socket, Stats) ->
     case quicer:getstats(Socket, Stats) of
-        {error, _} -> [];
+        {error, _} -> {error, closed};
         Res -> {ok, Res}
     end.
 
diff --git a/rebar.config b/rebar.config
index ac0604728..67efca3f6 100644
--- a/rebar.config
+++ b/rebar.config
@@ -54,7 +54,7 @@
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
     , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.1"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
-    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "fix/getopt3-free-bin"}}}
+    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "demo/3"}}}
     ]}.
 
 {xref_ignores,

From 6dc4088f7e169744056cb63c8683c3f054055100 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Wed, 5 May 2021 12:41:12 +0200
Subject: [PATCH 006/174] chore(ci): disable centos7 build

---
 .github/workflows/build_slim_packages.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml
index 6c9bbf04a..53bbba702 100644
--- a/.github/workflows/build_slim_packages.yaml
+++ b/.github/workflows/build_slim_packages.yaml
@@ -18,7 +18,7 @@ jobs:
         - erl23.2.7.2-emqx-2
         os:
         - ubuntu20.04
-        - centos7
+        #- centos7
 
     container: emqx/build-env:${{ matrix.erl_otp }}-${{ matrix.os }}
 

From 06f9674ce3ce57d1fc0496729eacee744a8b46b7 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Wed, 5 May 2021 13:30:50 +0200
Subject: [PATCH 007/174] feat(quic): add quicer to application deps list.

---
 apps/emqx/src/emqx.app.src | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/emqx/src/emqx.app.src b/apps/emqx/src/emqx.app.src
index e909702ae..a6984370e 100644
--- a/apps/emqx/src/emqx.app.src
+++ b/apps/emqx/src/emqx.app.src
@@ -4,7 +4,7 @@
   {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, []},
-  {applications, [kernel,stdlib,gproc,gen_rpc,esockd,cowboy,sasl,os_mon]},
+  {applications, [kernel,stdlib,gproc,gen_rpc,esockd,cowboy,sasl,os_mon,quicer]},
   {mod, {emqx_app,[]}},
   {env, []},
   {licenses, ["Apache-2.0"]},

From 14057c033d5d5d1bc6746b5e60f70cda17fe1169 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Fri, 7 May 2021 13:43:48 +0200
Subject: [PATCH 008/174] feat(quic): support stop/start quic listeners.

---
 apps/emqx/src/emqx.erl           | 4 ++--
 apps/emqx/src/emqx_app.erl       | 3 +++
 apps/emqx/src/emqx_listeners.erl | 4 +++-
 rebar.config                     | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/apps/emqx/src/emqx.erl b/apps/emqx/src/emqx.erl
index 2d2e4eb52..449116738 100644
--- a/apps/emqx/src/emqx.erl
+++ b/apps/emqx/src/emqx.erl
@@ -239,10 +239,10 @@ reboot() ->
 
 -ifdef(EMQX_ENTERPRISE).
 default_started_applications() ->
-    [gproc, esockd, ranch, cowboy, ekka, emqx].
+    [gproc, esockd, ranch, cowboy, ekka, quicer, emqx].
 -else.
 default_started_applications() ->
-    [gproc, esockd, ranch, cowboy, ekka, emqx, emqx_modules].
+    [gproc, esockd, ranch, cowboy, ekka, quicer, emqx, emqx_modules].
 -endif.
 
 %%--------------------------------------------------------------------
diff --git a/apps/emqx/src/emqx_app.erl b/apps/emqx/src/emqx_app.erl
index 26b81c8e7..d786a42b9 100644
--- a/apps/emqx/src/emqx_app.erl
+++ b/apps/emqx/src/emqx_app.erl
@@ -49,6 +49,9 @@ start(_Type, _Args) ->
     ok = emqx_plugins:init(),
     _ = emqx_plugins:load(),
     _ = start_ce_modules(),
+    %% @fixme unsure why we need this.
+    quicer_nif:open_lib(),
+    quicer_nif:reg_open(),
     emqx_boot:is_enabled(listeners) andalso (ok = emqx_listeners:start()),
     register(emqx, self()),
     ok = emqx_alarm_handler:load(),
diff --git a/apps/emqx/src/emqx_listeners.erl b/apps/emqx/src/emqx_listeners.erl
index b3d6bf319..2d7a77e65 100644
--- a/apps/emqx/src/emqx_listeners.erl
+++ b/apps/emqx/src/emqx_listeners.erl
@@ -141,7 +141,7 @@ start_listener(Proto, ListenOn, Options) when Proto == https; Proto == wss ->
     start_http_listener(fun cowboy:start_tls/3, 'mqtt:wss', ListenOn,
                         ranch_opts(Options), ws_opts(Options));
 
-%% MQTT over QUIC
+%% Start MQTT/QUIC listener
 start_listener(quic, ListenOn, Options) ->
     SSLOpts = proplists:get_value(ssl_options, Options),
     ListenOpts = [ {cert, proplists:get_value(certfile, SSLOpts)}
@@ -253,6 +253,8 @@ stop_listener(Proto, ListenOn, _Opts) when Proto == http; Proto == ws ->
     cowboy:stop_listener(ws_name('mqtt:ws', ListenOn));
 stop_listener(Proto, ListenOn, _Opts) when Proto == https; Proto == wss ->
     cowboy:stop_listener(ws_name('mqtt:wss', ListenOn));
+stop_listener(quic, _ListenOn, _Opts) ->
+    quicer:stop_listener('mqtt:quic');
 stop_listener(Proto, ListenOn, _Opts) ->
     esockd:close(Proto, ListenOn).
 
diff --git a/rebar.config b/rebar.config
index 67efca3f6..b602005f6 100644
--- a/rebar.config
+++ b/rebar.config
@@ -54,7 +54,7 @@
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
     , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.1"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
-    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "demo/3"}}}
+    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "dev/william/main-prepare-emqx"}}}
     ]}.
 
 {xref_ignores,

From e062be2b0e1e4835358b6aa21d14b9d77cf372bf Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Sat, 8 May 2021 23:31:29 +0200
Subject: [PATCH 009/174] feat(quic): reload quicer lib before start listener

---
 apps/emqx/src/emqx_app.erl              | 3 ---
 apps/emqx/src/emqx_listeners.erl        | 3 +++
 apps/emqx/test/emqx_listeners_SUITE.erl | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/apps/emqx/src/emqx_app.erl b/apps/emqx/src/emqx_app.erl
index d786a42b9..26b81c8e7 100644
--- a/apps/emqx/src/emqx_app.erl
+++ b/apps/emqx/src/emqx_app.erl
@@ -49,9 +49,6 @@ start(_Type, _Args) ->
     ok = emqx_plugins:init(),
     _ = emqx_plugins:load(),
     _ = start_ce_modules(),
-    %% @fixme unsure why we need this.
-    quicer_nif:open_lib(),
-    quicer_nif:reg_open(),
     emqx_boot:is_enabled(listeners) andalso (ok = emqx_listeners:start()),
     register(emqx, self()),
     ok = emqx_alarm_handler:load(),
diff --git a/apps/emqx/src/emqx_listeners.erl b/apps/emqx/src/emqx_listeners.erl
index 2d7a77e65..d66606895 100644
--- a/apps/emqx/src/emqx_listeners.erl
+++ b/apps/emqx/src/emqx_listeners.erl
@@ -143,6 +143,9 @@ start_listener(Proto, ListenOn, Options) when Proto == https; Proto == wss ->
 
 %% Start MQTT/QUIC listener
 start_listener(quic, ListenOn, Options) ->
+    %% @fixme unsure why we need reopen lib and reopen config.
+    quicer_nif:open_lib(),
+    quicer_nif:reg_open(),
     SSLOpts = proplists:get_value(ssl_options, Options),
     ListenOpts = [ {cert, proplists:get_value(certfile, SSLOpts)}
                  , {key, proplists:get_value(keyfile, SSLOpts)}
diff --git a/apps/emqx/test/emqx_listeners_SUITE.erl b/apps/emqx/test/emqx_listeners_SUITE.erl
index 53f388dfa..41b9126b0 100644
--- a/apps/emqx/test/emqx_listeners_SUITE.erl
+++ b/apps/emqx/test/emqx_listeners_SUITE.erl
@@ -28,6 +28,7 @@ all() -> emqx_ct:all(?MODULE).
 init_per_suite(Config) ->
     NewConfig = generate_config(),
     application:ensure_all_started(esockd),
+    application:ensure_all_started(quicer),
     application:ensure_all_started(cowboy),
     lists:foreach(fun set_app_env/1, NewConfig),
     Config.

From f9a113477e059831655ba9c1a57a683a667a434f Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Sun, 9 May 2021 00:00:40 +0200
Subject: [PATCH 010/174] feat(quic): use quicer:getstat instead.

---
 apps/emqx/src/emqx_quic_stream.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/emqx/src/emqx_quic_stream.erl b/apps/emqx/src/emqx_quic_stream.erl
index 056c5dd24..22d194632 100644
--- a/apps/emqx/src/emqx_quic_stream.erl
+++ b/apps/emqx/src/emqx_quic_stream.erl
@@ -47,7 +47,7 @@ peercert(_S) ->
     nossl.
 
 getstat(Socket, Stats) ->
-    case quicer:getstats(Socket, Stats) of
+    case quicer:getstat(Socket, Stats) of
         {error, _} -> {error, closed};
         Res -> {ok, Res}
     end.

From 1ffd2cf2459479ed2e8c1465a9184999e4f6c904 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 11 May 2021 08:28:11 +0200
Subject: [PATCH 011/174] chore(config): adapt to new config format

---
 apps/emqx/etc/emqx.conf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index 19100c41e..bb4c76534 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -2170,7 +2170,7 @@ listener.quic.external = 14567
 ## The path of WebSocket MQTT endpoint
 ##
 ## Value: URL Path
-listener.quic.external.mqtt_path = /mqtt
+listener.quic.external.mqtt_path = "/mqtt"
 
 ## The acceptor pool for external MQTT/QUIC listener.
 ##
@@ -2244,14 +2244,14 @@ listener.quic.external.access.1 = allow all
 ## See: listener.ssl.$name.keyfile
 ##
 ## Value: File
-listener.quic.external.keyfile = {{ platform_etc_dir }}/certs/key.pem
+listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
 ## Path to a file containing the user certificate.
 ##
 ## See: listener.ssl.$name.certfile
 ##
 ## Value: File
-listener.quic.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
+listener.quic.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
 ## Path to the file containing PEM-encoded CA certificates.
 ##
@@ -2294,7 +2294,7 @@ listener.quic.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## See: listener.ssl.$name.ciphers
 ##
 ## Value: Ciphers
-listener.quic.external.ciphers = TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA
+listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
 
 ## Ciphers for TLS PSK.
 ## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
@@ -2459,7 +2459,7 @@ listener.quic.external.allow_origin_absence = true
 ## Comma separated list of allowed origin in header for secure websocket connection
 ##
 ## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
-listener.quic.external.check_origins = https://localhost:8084, https://127.0.0.1:8084
+listener.quic.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
 
 ## CONFIG_SECTION_END=listeners ================================================
 

From 5356668eaccb33a6e689455cf6dd9ca680df65b2 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Thu, 10 Jun 2021 16:18:16 +0200
Subject: [PATCH 012/174] feat(quic): adapt to hocon schema

---
 apps/emqx/etc/emqx.conf | 31 ++++---------------------------
 1 file changed, 4 insertions(+), 27 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index bb4c76534..fd6de554e 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -1841,7 +1841,7 @@ listener.ws.external.check_origins = "http://localhost:18083, http://127.0.0.1:1
 ##--------------------------------------------------------------------
 ## External WebSocket/SSL listener for MQTT Protocol
 
-## listener.wss.$name is the IP address and port that the MQTT/WebSocket/SSL
+## listener.wss.$name.endpoint is the IP address and port that the MQTT/WebSocket/SSL
 ## listener will bind.
 ##
 ## Value: IP:Port | Port
@@ -2159,18 +2159,13 @@ listener.wss.external.check_origins = "https://localhost:8084, https://127.0.0.1
 ##--------------------------------------------------------------------
 ## External QUIC listener for MQTT Protocol
 
-## listener.quic.$name is the IP address and port that the MQTT/QUIC
+## listener.quic.$name.endpoint is the IP address and port that the MQTT/QUIC
 ## listener will bind.
 ##
 ## Value: IP:Port | Port
 ##
 ## Examples: 14567, 127.0.0.1:14567, ::1:14567
-listener.quic.external = 14567
-
-## The path of WebSocket MQTT endpoint
-##
-## Value: URL Path
-listener.quic.external.mqtt_path = "/mqtt"
+listener.quic.external.endpoint = 14567
 
 ## The acceptor pool for external MQTT/QUIC listener.
 ##
@@ -2204,25 +2199,7 @@ listener.quic.external.zone = external
 ## See: listener.tcp.$name.access.<no>
 ##
 ## Value: ACL Rule
-listener.quic.external.access.1 = allow all
-
-## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
-## Set to false for WeChat MiniApp.
-##
-## Value: true | false
-## listener.quic.external.fail_if_no_subprotocol = true
-
-## Supported subprotocols
-##
-## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
-## listener.quic.external.supported_subprotocols = mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
-
-## Enable the Proxy Protocol V1/2 support.
-##
-## See: listener.tcp.$name.proxy_protocol
-##
-## Value: on | off
-## listener.quic.external.proxy_protocol = on
+listener.quic.external.access.1 = "allow all"
 
 ## Sets the timeout for proxy protocol.
 ##

From 14614fbe33ee27a26e705945261994f8534374b9 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 11 May 2021 22:52:25 +0200
Subject: [PATCH 013/174] feat(quic): adapt to new quicer API.

---
 apps/emqx/src/emqx_listeners.erl   | 2 ++
 apps/emqx/src/emqx_quic_stream.erl | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/emqx/src/emqx_listeners.erl b/apps/emqx/src/emqx_listeners.erl
index d66606895..6ee07e17b 100644
--- a/apps/emqx/src/emqx_listeners.erl
+++ b/apps/emqx/src/emqx_listeners.erl
@@ -150,6 +150,8 @@ start_listener(quic, ListenOn, Options) ->
     ListenOpts = [ {cert, proplists:get_value(certfile, SSLOpts)}
                  , {key, proplists:get_value(keyfile, SSLOpts)}
                  , {alpn, ["mqtt"]}
+                 , {peer_unidi_stream_count, 1}
+                 , {peer_bidi_stream_count, 10}
                  , {conn_acceptors, 32}
                  ],
     ConnectionOpts = [ {conn_callback, emqx_quic_connection}
diff --git a/apps/emqx/src/emqx_quic_stream.erl b/apps/emqx/src/emqx_quic_stream.erl
index 22d194632..4fbe2ed65 100644
--- a/apps/emqx/src/emqx_quic_stream.erl
+++ b/apps/emqx/src/emqx_quic_stream.erl
@@ -49,7 +49,7 @@ peercert(_S) ->
 getstat(Socket, Stats) ->
     case quicer:getstat(Socket, Stats) of
         {error, _} -> {error, closed};
-        Res -> {ok, Res}
+        Res -> Res
     end.
 
 setopts(_Socket, _Opts) ->

From e63f86e5f0882266a0d35ff1e0737609195c157f Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Wed, 12 May 2021 12:17:04 +0200
Subject: [PATCH 014/174] Revert "chore(ci): disable centos7 build"

This reverts commit 22e8da1b37492af7def46329ba97dd4cc7741bdf.
---
 .github/workflows/build_slim_packages.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml
index 53bbba702..6c9bbf04a 100644
--- a/.github/workflows/build_slim_packages.yaml
+++ b/.github/workflows/build_slim_packages.yaml
@@ -18,7 +18,7 @@ jobs:
         - erl23.2.7.2-emqx-2
         os:
         - ubuntu20.04
-        #- centos7
+        - centos7
 
     container: emqx/build-env:${{ matrix.erl_otp }}-${{ matrix.os }}
 

From 3200bbb301d816ed7112c676e99b56f3cea0d25b Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 1 Jun 2021 09:53:48 +0200
Subject: [PATCH 015/174] fix(build): test with centos branch

---
 rebar.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rebar.config b/rebar.config
index b602005f6..394296e23 100644
--- a/rebar.config
+++ b/rebar.config
@@ -54,7 +54,7 @@
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
     , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.1"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
-    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "dev/william/main-prepare-emqx"}}}
+    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "dev/william/main-prepare-emqx-centos7"}}}
     ]}.
 
 {xref_ignores,

From bb6459ba3ada82dc1f74be8c1db78ee6a9928a01 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Fri, 11 Jun 2021 08:20:23 +0200
Subject: [PATCH 016/174] build: add quic dep in app/emqx/rebar.config

---
 apps/emqx/rebar.config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config
index 7e649ae80..d30946a02 100644
--- a/apps/emqx/rebar.config
+++ b/apps/emqx/rebar.config
@@ -20,6 +20,7 @@
     , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
     , {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
+    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "dev/william/main-prepare-emqx-centos7"}}}
     ]}.
 
 {plugins, [rebar3_proper]}.

From 68844cefd9a119420a0dc5f73fc8d76109ebc082 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Fri, 11 Jun 2021 11:12:07 +0200
Subject: [PATCH 017/174] feat(quic): update emqx_schema for quic

---
 apps/emqx/etc/emqx.conf       | 220 +++++++++++++++++-----------------
 apps/emqx/src/emqx_schema.erl |  34 +++++-
 2 files changed, 143 insertions(+), 111 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index fd6de554e..b115964cf 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -2184,43 +2184,43 @@ listener.quic.external.max_connections = 16
 ## Value: Number
 listener.quic.external.max_conn_rate = 1000
 
-## Simulate the {active, N} option for the MQTT/QUIC connections.
-##
-## Value: Number
-listener.quic.external.active_n = 100
+# ## Simulate the {active, N} option for the MQTT/QUIC connections.
+# ##
+# ## Value: Number
+# listener.quic.external.active_n = 100
 
 ## Zone of the external MQTT/QUIC listener belonged to.
 ##
 ## Value: String
 listener.quic.external.zone = external
 
-## The access control rules for the MQTT/QUIC listener.
-##
-## See: listener.tcp.$name.access.<no>
-##
-## Value: ACL Rule
-listener.quic.external.access.1 = "allow all"
+# ## The access control rules for the MQTT/QUIC listener.
+# ##
+# ## See: listener.tcp.$name.access.<no>
+# ##
+# ## Value: ACL Rule
+# listener.quic.external.access.1 = "allow all"
 
-## Sets the timeout for proxy protocol.
-##
-## See: listener.tcp.$name.proxy_protocol_timeout
-##
-## Value: Duration
-## listener.quic.external.proxy_protocol_timeout = 3s
+# ## Sets the timeout for proxy protocol.
+# ##
+# ## See: listener.tcp.$name.proxy_protocol_timeout
+# ##
+# ## Value: Duration
+# ## listener.quic.external.proxy_protocol_timeout = 3s
 
-## TLS versions only to protect from POODLE attack.
-##
-## See: listener.ssl.$name.tls_versions
-##
-## Value: String, seperated by ','
-## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-## listener.quic.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
+# ## TLS versions only to protect from POODLE attack.
+# ##
+# ## See: listener.ssl.$name.tls_versions
+# ##
+# ## Value: String, seperated by ','
+# ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
+# ## listener.quic.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
 
-## Path to the file containing the user's private PEM-encoded key.
-##
-## See: listener.ssl.$name.keyfile
-##
-## Value: File
+# ## Path to the file containing the user's private PEM-encoded key.
+# ##
+# ## See: listener.ssl.$name.keyfile
+# ##
+# ## Value: File
 listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
 ## Path to a file containing the user certificate.
@@ -2230,100 +2230,100 @@ listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 ## Value: File
 listener.quic.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
-## Path to the file containing PEM-encoded CA certificates.
-##
-## See: listener.ssl.$name.cacert
-##
-## Value: File
-## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
+# ## Path to the file containing PEM-encoded CA certificates.
+# ##
+# ## See: listener.ssl.$name.cacert
+# ##
+# ## Value: File
+# ## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 
-## Maximum number of non-self-issued intermediate certificates that
-## can follow the peer certificate in a valid certification path.
-##
-## See: listener.ssl.external.depth
-##
-## Value: Number
-## listener.quic.external.depth = 10
+# ## Maximum number of non-self-issued intermediate certificates that
+# ## can follow the peer certificate in a valid certification path.
+# ##
+# ## See: listener.ssl.external.depth
+# ##
+# ## Value: Number
+# ## listener.quic.external.depth = 10
 
-## String containing the user's password. Only used if the private keyfile
-## is password-protected.
-##
-## See: listener.ssl.$name.key_password
-##
-## Value: String
-## listener.quic.external.key_password = yourpass
+# ## String containing the user's password. Only used if the private keyfile
+# ## is password-protected.
+# ##
+# ## See: listener.ssl.$name.key_password
+# ##
+# ## Value: String
+# ## listener.quic.external.key_password = yourpass
 
-## See: listener.ssl.$name.dhfile
-##
-## Value: File
-## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
+# ## See: listener.ssl.$name.dhfile
+# ##
+# ## Value: File
+# ## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
 
-## See: listener.ssl.$name.verify
-##
-## Value: verify_peer | verify_none
-## listener.quic.external.verify = verify_peer
+# ## See: listener.ssl.$name.verify
+# ##
+# ## Value: verify_peer | verify_none
+# ## listener.quic.external.verify = verify_peer
 
-## See: listener.ssl.$name.fail_if_no_peer_cert
-##
-## Value: false | true
-## listener.quic.external.fail_if_no_peer_cert = true
+# ## See: listener.ssl.$name.fail_if_no_peer_cert
+# ##
+# ## Value: false | true
+# ## listener.quic.external.fail_if_no_peer_cert = true
 
-## See: listener.ssl.$name.ciphers
-##
-## Value: Ciphers
+# ## See: listener.ssl.$name.ciphers
+# ##
+# ## Value: Ciphers
 listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
 
-## Ciphers for TLS PSK.
-## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
-## be configured at the same time.
-## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
+# ## Ciphers for TLS PSK.
+# ## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
+# ## be configured at the same time.
+# ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
+# ## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
 
-## See: listener.ssl.$name.secure_renegotiate
-##
-## Value: on | off
-## listener.quic.external.secure_renegotiate = off
+# ## See: listener.ssl.$name.secure_renegotiate
+# ##
+# ## Value: on | off
+# ## listener.quic.external.secure_renegotiate = off
 
-## See: listener.ssl.$name.reuse_sessions
-##
-## Value: on | off
-## listener.quic.external.reuse_sessions = on
+# ## See: listener.ssl.$name.reuse_sessions
+# ##
+# ## Value: on | off
+# ## listener.quic.external.reuse_sessions = on
 
-## See: listener.ssl.$name.honor_cipher_order
-##
-## Value: on | off
-## listener.quic.external.honor_cipher_order = on
+# ## See: listener.ssl.$name.honor_cipher_order
+# ##
+# ## Value: on | off
+# ## listener.quic.external.honor_cipher_order = on
 
-## See: listener.ssl.$name.peer_cert_as_username
-##
-## Value: cn | dn | crt | pem | md5
-## listener.quic.external.peer_cert_as_username = cn
+# ## See: listener.ssl.$name.peer_cert_as_username
+# ##
+# ## Value: cn | dn | crt | pem | md5
+# ## listener.quic.external.peer_cert_as_username = cn
 
-## See: listener.ssl.$name.peer_cert_as_clientid
-##
-## Value: cn | dn | crt | pem | md5
-## listener.quic.external.peer_cert_as_clientid = cn
+# ## See: listener.ssl.$name.peer_cert_as_clientid
+# ##
+# ## Value: cn | dn | crt | pem | md5
+# ## listener.quic.external.peer_cert_as_clientid = cn
 
-## TCP backlog for the QUIC connection.
-##
-## See: listener.tcp.$name.backlog
-##
-## Value: Number >= 0
-listener.quic.external.backlog = 1024
+# ## TCP backlog for the QUIC connection.
+# ##
+# ## See: listener.tcp.$name.backlog
+# ##
+# ## Value: Number >= 0
+# listener.quic.external.backlog = 1024
 
-## The TCP send timeout for the QUIC connection.
-##
-## See: listener.tcp.$name.send_timeout
-##
-## Value: Duration
-listener.quic.external.send_timeout = 15s
+# ## The TCP send timeout for the QUIC connection.
+# ##
+# ## See: listener.tcp.$name.send_timeout
+# ##
+# ## Value: Duration
+# listener.quic.external.send_timeout = 15s
 
-## Close the QUIC connection if send timeout.
-##
-## See: listener.tcp.$name.send_timeout_close
-##
-## Value: on | off
-listener.quic.external.send_timeout_close = on
+# ## Close the QUIC connection if send timeout.
+# ##
+# ## See: listener.tcp.$name.send_timeout_close
+# ##
+# ## Value: on | off
+# listener.quic.external.send_timeout_close = on
 
 ## The TCP receive buffer(os kernel) for the QUIC connections.
 ##
@@ -2424,19 +2424,19 @@ listener.quic.external.send_timeout_close = on
 ## Whether a WebSocket message is allowed to contain multiple MQTT packets
 ##
 ## Value: single | multiple
-listener.quic.external.mqtt_piggyback = multiple
+#listener.quic.external.mqtt_piggyback = multiple
 ## Enable origin check in header for secure websocket connection
 ##
 ## Value: true | false (default false)
-listener.quic.external.check_origin_enable = false
+#listener.quic.external.check_origin_enable = false
 ## Allow origin to be absent in header in secure websocket connection  when check_origin_enable is true
 ##
 ## Value: true | false (default true)
-listener.quic.external.allow_origin_absence = true
+#listener.quic.external.allow_origin_absence = true
 ## Comma separated list of allowed origin in header for secure websocket connection
 ##
 ## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
-listener.quic.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
+#listener.quic.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
 
 ## CONFIG_SECTION_END=listeners ================================================
 
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 316f4b77c..d1c163e58 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -282,6 +282,7 @@ fields("listener") ->
     , {"ssl", ref("ssl_listener")}
     , {"ws", ref("ws_listener")}
     , {"wss", ref("wss_listener")}
+    , {"quic", ref("quic_listener")}
     ];
 
 fields("tcp_listener") ->
@@ -296,6 +297,9 @@ fields("ws_listener") ->
 fields("wss_listener") ->
     [ {"$name", ref("wss_listener_settings")}];
 
+fields("quic_listener") ->
+    [ {"$name", ref("quic_listener_settings")}];
+
 fields("listener_settings") ->
     [ {"endpoint", t(union(ip_port(), integer()))}
     , {"acceptors", t(integer(), undefined, 8)}
@@ -356,6 +360,32 @@ fields("wss_listener_settings") ->
     Settings = lists:ukeymerge(1, Ssl, fields("ws_listener_settings")),
     lists:keydelete("high_watermark", 1, Settings);
 
+fields("quic_listener_settings") ->
+    Unsupported = [ "max_connections"
+                  , "max_conn_rate"
+                  , "active_n"
+                  , "access"
+                  , "proxy_protocol"
+                  , "proxy_protocol_timeout"
+                  , "backlog"
+                  , "send_timeout"
+                  , "send_timeout_close"
+                  , "recvbuf"
+                  , "sndbuf"
+                  , "buffer"
+                  , "high_watermark"
+                  , "tune_buffer"
+                  , "nodelay"
+                  , "reuseaddr"
+                  ],
+    lists:foldl(fun(K, Acc) ->
+                        lists:keydelete(K, 1, Acc)
+                end,
+                [ {"certfile", t(string(), "emqx.certfile", undefined)}
+                , {"keyfile", t(string(), "emqx.keyfile", undefined)}
+                | fields("listener_settings")],
+                Unsupported);
+
 fields("access") ->
     [ {"$id", t(string(), undefined, undefined)}];
 
@@ -772,7 +802,9 @@ tr_listeners(Conf) ->
     lists:flatten([TcpListeners("tcp", Name) || Name <- keys("listener.tcp", Conf)]
                ++ [TcpListeners("ws", Name) || Name <- keys("listener.ws", Conf)]
                ++ [SslListeners("ssl", Name) || Name <- keys("listener.ssl", Conf)]
-               ++ [SslListeners("wss", Name) || Name <- keys("listener.wss", Conf)]).
+               ++ [SslListeners("wss", Name) || Name <- keys("listener.wss", Conf)]
+               ++ [SslListeners("quic", Name) || Name <- keys("listener.quic", Conf)]
+                 ).
 
 tr_modules(Conf) ->
     Subscriptions = fun() ->

From af2faed10740b14071b78a8ab1fc5a4f52247890 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Mon, 14 Jun 2021 11:29:23 +0200
Subject: [PATCH 018/174] feat(quic): switch to deps on emqx quicer repo

---
 apps/emqx/rebar.config | 2 +-
 rebar.config           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config
index d30946a02..5719ec0af 100644
--- a/apps/emqx/rebar.config
+++ b/apps/emqx/rebar.config
@@ -20,7 +20,7 @@
     , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
     , {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
-    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "dev/william/main-prepare-emqx-centos7"}}}
+    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.2"}}}
     ]}.
 
 {plugins, [rebar3_proper]}.
diff --git a/rebar.config b/rebar.config
index 394296e23..413158842 100644
--- a/rebar.config
+++ b/rebar.config
@@ -54,7 +54,7 @@
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
     , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.1"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
-    , {quicer, {git, "https://github.com/qzhuyan/quic.git", {branch, "dev/william/main-prepare-emqx-centos7"}}}
+    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.2"}}}
     ]}.
 
 {xref_ignores,

From e34470f9f2e045f76ee4012788c16a6b4b130870 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 15 Jun 2021 09:23:11 +0200
Subject: [PATCH 019/174] feat(quic): remove unsupported configs.

---
 apps/emqx/etc/emqx.conf | 262 +++++++++-------------------------------
 1 file changed, 60 insertions(+), 202 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index b115964cf..f9c1d26ff 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -2184,43 +2184,21 @@ listener.quic.external.max_connections = 16
 ## Value: Number
 listener.quic.external.max_conn_rate = 1000
 
-# ## Simulate the {active, N} option for the MQTT/QUIC connections.
-# ##
-# ## Value: Number
-# listener.quic.external.active_n = 100
+## Simulate the {active, N} option for the MQTT/QUIC connections.
+## @todo
+## Value: Number
+## listener.quic.external.active_n = 100
 
 ## Zone of the external MQTT/QUIC listener belonged to.
 ##
 ## Value: String
 listener.quic.external.zone = external
 
-# ## The access control rules for the MQTT/QUIC listener.
-# ##
-# ## See: listener.tcp.$name.access.<no>
-# ##
-# ## Value: ACL Rule
-# listener.quic.external.access.1 = "allow all"
-
-# ## Sets the timeout for proxy protocol.
-# ##
-# ## See: listener.tcp.$name.proxy_protocol_timeout
-# ##
-# ## Value: Duration
-# ## listener.quic.external.proxy_protocol_timeout = 3s
-
-# ## TLS versions only to protect from POODLE attack.
-# ##
-# ## See: listener.ssl.$name.tls_versions
-# ##
-# ## Value: String, seperated by ','
-# ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-# ## listener.quic.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
-
-# ## Path to the file containing the user's private PEM-encoded key.
-# ##
-# ## See: listener.ssl.$name.keyfile
-# ##
-# ## Value: File
+## Path to the file containing the user's private PEM-encoded key.
+##
+## See: listener.ssl.$name.keyfile
+##
+## Value: File
 listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
 ## Path to a file containing the user certificate.
@@ -2230,214 +2208,94 @@ listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 ## Value: File
 listener.quic.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
-# ## Path to the file containing PEM-encoded CA certificates.
-# ##
-# ## See: listener.ssl.$name.cacert
-# ##
-# ## Value: File
-# ## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
+## Path to the file containing PEM-encoded CA certificates.
+## @todo
+## See: listener.ssl.$name.cacert
+##
+## Value: File
+## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 
-# ## Maximum number of non-self-issued intermediate certificates that
-# ## can follow the peer certificate in a valid certification path.
-# ##
-# ## See: listener.ssl.external.depth
-# ##
-# ## Value: Number
-# ## listener.quic.external.depth = 10
+## String containing the user's password. Only used if the private keyfile
+## is password-protected.
+## @todo
+## See: listener.ssl.$name.key_password
+##
+## Value: String
+## listener.quic.external.key_password = yourpass
 
-# ## String containing the user's password. Only used if the private keyfile
-# ## is password-protected.
-# ##
-# ## See: listener.ssl.$name.key_password
-# ##
-# ## Value: String
-# ## listener.quic.external.key_password = yourpass
+## See: listener.ssl.$name.verify
+## @todo
+## Value: verify_peer | verify_none
+## listener.quic.external.verify = verify_peer
 
-# ## See: listener.ssl.$name.dhfile
-# ##
-# ## Value: File
-# ## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
+## See: listener.ssl.$name.fail_if_no_peer_cert
+## @todo
+## Value: false | true
+## listener.quic.external.fail_if_no_peer_cert = true
 
-# ## See: listener.ssl.$name.verify
-# ##
-# ## Value: verify_peer | verify_none
-# ## listener.quic.external.verify = verify_peer
+## See: listener.ssl.$name.ciphers
+## @todo
+## Value: Ciphers
+listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256"
 
-# ## See: listener.ssl.$name.fail_if_no_peer_cert
-# ##
-# ## Value: false | true
-# ## listener.quic.external.fail_if_no_peer_cert = true
+## Ciphers for TLS PSK.
+## @todo
+## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
+## be configured at the same time.
+## See 'https://tools.ietf.org/html/rfc4279#section-2'.
+## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
 
-# ## See: listener.ssl.$name.ciphers
-# ##
-# ## Value: Ciphers
-listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
+## See: listener.ssl.$name.honor_cipher_order
+## @todo
+## Value: on | off
+## listener.quic.external.honor_cipher_order = on
 
-# ## Ciphers for TLS PSK.
-# ## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
-# ## be configured at the same time.
-# ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-# ## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
-
-# ## See: listener.ssl.$name.secure_renegotiate
-# ##
-# ## Value: on | off
-# ## listener.quic.external.secure_renegotiate = off
-
-# ## See: listener.ssl.$name.reuse_sessions
-# ##
-# ## Value: on | off
-# ## listener.quic.external.reuse_sessions = on
-
-# ## See: listener.ssl.$name.honor_cipher_order
-# ##
-# ## Value: on | off
-# ## listener.quic.external.honor_cipher_order = on
-
-# ## See: listener.ssl.$name.peer_cert_as_username
-# ##
-# ## Value: cn | dn | crt | pem | md5
-# ## listener.quic.external.peer_cert_as_username = cn
-
-# ## See: listener.ssl.$name.peer_cert_as_clientid
-# ##
-# ## Value: cn | dn | crt | pem | md5
-# ## listener.quic.external.peer_cert_as_clientid = cn
-
-# ## TCP backlog for the QUIC connection.
-# ##
-# ## See: listener.tcp.$name.backlog
-# ##
-# ## Value: Number >= 0
-# listener.quic.external.backlog = 1024
-
-# ## The TCP send timeout for the QUIC connection.
-# ##
-# ## See: listener.tcp.$name.send_timeout
-# ##
-# ## Value: Duration
+## The send timeout for the QUIC stream.
+## @todo
+##
+## Value: Duration
 # listener.quic.external.send_timeout = 15s
 
-# ## Close the QUIC connection if send timeout.
-# ##
-# ## See: listener.tcp.$name.send_timeout_close
-# ##
-# ## Value: on | off
-# listener.quic.external.send_timeout_close = on
-
-## The TCP receive buffer(os kernel) for the QUIC connections.
+## Close the QUIC connection if send timeout.
+## @todo
+## See: listener.tcp.$name.send_timeout_close
 ##
+## Value: on | off
+## listener.quic.external.send_timeout_close = on
+
+## The receive buffer for the QUIC connections.
+## @todo
 ## See: listener.tcp.$name.recbuf
 ##
 ## Value: Bytes
 ## listener.quic.external.recbuf = 4KB
 
 ## The TCP send buffer(os kernel) for the QUIC connections.
-##
+## @todo
 ## See: listener.tcp.$name.sndbuf
 ##
 ## Value: Bytes
 ## listener.quic.external.sndbuf = 4KB
 
 ## The size of the user-level software buffer used by the driver.
-##
+## @todo
 ## See: listener.tcp.$name.buffer
 ##
 ## Value: Bytes
 ## listener.quic.external.buffer = 4KB
 
-## The TCP_NODELAY flag for QUIC connections.
-##
-## See: listener.tcp.$name.nodelay
-##
-## Value: true | false
-## listener.quic.external.nodelay = true
-
-## The compress flag for external QUIC connections.
-##
-## If this Value is set true,the websocket message would be compressed
-##
-## Value: true | false
-## listener.quic.external.compress = true
-
-## The level of deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.level
-##
-## Value: none | default | best_compression | best_speed
-## listener.quic.external.deflate_opts.level = default
-
-## The mem_level of deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.mem_level
-##
-## Valid range is 1-9
-## listener.quic.external.deflate_opts.mem_level = 8
-
-## The strategy of deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.strategy
-##
-## Value: default | filtered | huffman_only | rle
-## listener.quic.external.deflate_opts.strategy = default
-
-## The deflate option for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.server_context_takeover
-##
-## Value: takeover | no_takeover
-## listener.quic.external.deflate_opts.server_context_takeover = takeover
-
-## The deflate option for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.client_context_takeover
-##
-## Value: takeover | no_takeover
-## listener.quic.external.deflate_opts.client_context_takeover = takeover
-
-## The deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.server_max_window_bits
-##
-## Valid range is 8-15
-## listener.quic.external.deflate_opts.server_max_window_bits = 15
-
-## The deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.client_max_window_bits
-##
-## Valid range is 8-15
-## listener.quic.external.deflate_opts.client_max_window_bits = 15
-
 ## The idle timeout for external QUIC connections.
-##
+## @todo
 ## See: listener.quic.$name.idle_timeout
 ##
 ## Value: Duration
 ## listener.quic.external.idle_timeout = 60s
 
 ## The max frame size for external QUIC connections.
-##
+## @todo
 ## Value: Number
 ## listener.quic.external.max_frame_size = 0
 
-## Whether a WebSocket message is allowed to contain multiple MQTT packets
-##
-## Value: single | multiple
-#listener.quic.external.mqtt_piggyback = multiple
-## Enable origin check in header for secure websocket connection
-##
-## Value: true | false (default false)
-#listener.quic.external.check_origin_enable = false
-## Allow origin to be absent in header in secure websocket connection  when check_origin_enable is true
-##
-## Value: true | false (default true)
-#listener.quic.external.allow_origin_absence = true
-## Comma separated list of allowed origin in header for secure websocket connection
-##
-## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
-#listener.quic.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
-
 ## CONFIG_SECTION_END=listeners ================================================
 
 ## CONFIG_SECTION_BGN=modules ==================================================

From fd785240f51a7b32ac46556aec261a15328a6838 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 15 Jun 2021 14:07:57 +0200
Subject: [PATCH 020/174] feat(quic): bump quicer to 0.0.3

---
 apps/emqx/rebar.config | 2 +-
 rebar.config           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config
index 5719ec0af..1a58efd5b 100644
--- a/apps/emqx/rebar.config
+++ b/apps/emqx/rebar.config
@@ -20,7 +20,7 @@
     , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
     , {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
-    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.2"}}}
+    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.3"}}}
     ]}.
 
 {plugins, [rebar3_proper]}.
diff --git a/rebar.config b/rebar.config
index 413158842..d8cee22b5 100644
--- a/rebar.config
+++ b/rebar.config
@@ -54,7 +54,7 @@
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
     , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.1"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
-    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.2"}}}
+    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.3"}}}
     ]}.
 
 {xref_ignores,

From 4e2e2d5635237b8626b124119a0655700edea729 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 15 Jun 2021 15:35:42 +0200
Subject: [PATCH 021/174] feat(quic): update emqx_schema for quic

---
 apps/emqx/src/emqx_schema.erl | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index d1c163e58..f8a5de183 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -361,9 +361,7 @@ fields("wss_listener_settings") ->
     lists:keydelete("high_watermark", 1, Settings);
 
 fields("quic_listener_settings") ->
-    Unsupported = [ "max_connections"
-                  , "max_conn_rate"
-                  , "active_n"
+    Unsupported = [ "active_n"
                   , "access"
                   , "proxy_protocol"
                   , "proxy_protocol_timeout"
@@ -381,8 +379,9 @@ fields("quic_listener_settings") ->
     lists:foldl(fun(K, Acc) ->
                         lists:keydelete(K, 1, Acc)
                 end,
-                [ {"certfile", t(string(), "emqx.certfile", undefined)}
-                , {"keyfile", t(string(), "emqx.keyfile", undefined)}
+                [ {"certfile", t(string(), undefined, undefined)}
+                , {"keyfile", t(string(), undefined, undefined)}
+                , {"ciphers", t(comma_separated_list(), undefined, "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256")}
                 | fields("listener_settings")],
                 Unsupported);
 

From b4a9d663aee800141cbfbcaba0fe7d5935b269c3 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Wed, 16 Jun 2021 15:08:56 +0200
Subject: [PATCH 022/174] feat(quic): quic conn idle_timeout default 1min

---
 apps/emqx/src/emqx_listeners.erl | 10 +++++-----
 apps/emqx/src/emqx_schema.erl    |  1 +
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/apps/emqx/src/emqx_listeners.erl b/apps/emqx/src/emqx_listeners.erl
index 6ee07e17b..c7d42e2e4 100644
--- a/apps/emqx/src/emqx_listeners.erl
+++ b/apps/emqx/src/emqx_listeners.erl
@@ -147,17 +147,17 @@ start_listener(quic, ListenOn, Options) ->
     quicer_nif:open_lib(),
     quicer_nif:reg_open(),
     SSLOpts = proplists:get_value(ssl_options, Options),
+    DefAcceptors = erlang:system_info(schedulers_online) * 8,
     ListenOpts = [ {cert, proplists:get_value(certfile, SSLOpts)}
                  , {key, proplists:get_value(keyfile, SSLOpts)}
                  , {alpn, ["mqtt"]}
-                 , {peer_unidi_stream_count, 1}
-                 , {peer_bidi_stream_count, 10}
-                 , {conn_acceptors, 32}
+                 , {conn_acceptors, proplists:get_value(acceptors, Options, DefAcceptors)}
+                 , {idle_timeout_ms, proplists:get_value(idle_timeout, Options, 60000)}
                  ],
     ConnectionOpts = [ {conn_callback, emqx_quic_connection}
-                     , {idle_timeout_ms, 5000}
                      , {peer_unidi_stream_count, 1}
-                     , {peer_bidi_stream_count, 10}],
+                     , {peer_bidi_stream_count, 10}
+                     ],
     StreamOpts = [],
     quicer:start_listener('mqtt:quic', ListenOn, {ListenOpts, ConnectionOpts, StreamOpts}).
 
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index f8a5de183..2660fa668 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -382,6 +382,7 @@ fields("quic_listener_settings") ->
                 [ {"certfile", t(string(), undefined, undefined)}
                 , {"keyfile", t(string(), undefined, undefined)}
                 , {"ciphers", t(comma_separated_list(), undefined, "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256")}
+                , {"idle_timeout", t(duration(), undefined, 60000)}
                 | fields("listener_settings")],
                 Unsupported);
 

From d1978aaaf278d9524e5456ac36758e23c4c582fb Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Thu, 17 Jun 2021 09:02:34 +0200
Subject: [PATCH 023/174] chore(quic): fix format

---
 apps/emqx/src/emqx_quic_stream.erl | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apps/emqx/src/emqx_quic_stream.erl b/apps/emqx/src/emqx_quic_stream.erl
index 4fbe2ed65..e5cd4c3fc 100644
--- a/apps/emqx/src/emqx_quic_stream.erl
+++ b/apps/emqx/src/emqx_quic_stream.erl
@@ -56,12 +56,12 @@ setopts(_Socket, _Opts) ->
     ok.
 
 getopts(_Socket, _Opts) ->
-    %% todo
-    { ok, [{high_watermark, 0},
-           {high_msgq_watermark, 0},
-           {sndbuf, 0},
-           {recbuf, 0},
-           {buffer,80000}]}.
+    %% @todo
+    {ok, [{high_watermark, 0},
+          {high_msgq_watermark, 0},
+          {sndbuf, 0},
+          {recbuf, 0},
+          {buffer,80000}]}.
 
 fast_close(Stream) ->
     quicer:close_stream(Stream),
@@ -77,7 +77,7 @@ ensure_ok_or_exit(Fun, Args = [Sock|_]) when is_atom(Fun), is_list(Args) ->
         {error, Reason} ->
             fast_close(Sock),
             exit({shutdown, Reason});
-         Result -> Result
+        Result -> Result
     end.
 
 async_send(Stream, Data, Options) when is_list(Data) ->

From 2582fdcfe8059099f48393fd73195e5257f0ebab Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 25 Jun 2021 14:49:25 +0800
Subject: [PATCH 024/174] feat(prometheus): Update the configuration file to
 hocon

---
 apps/emqx/src/emqx_schema.erl                 | 19 ++----------
 apps/emqx_prometheus/etc/emqx_prometheus.conf | 14 +++------
 .../priv/emqx_prometheus.schema               | 20 -------------
 .../src/emqx_prometheus.app.src               |  2 +-
 .../src/emqx_prometheus_app.erl               |  4 +--
 .../src/emqx_prometheus_schema.erl            | 30 +++++++++++++++++++
 6 files changed, 40 insertions(+), 49 deletions(-)
 delete mode 100644 apps/emqx_prometheus/priv/emqx_prometheus.schema
 create mode 100644 apps/emqx_prometheus/src/emqx_prometheus_schema.erl

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 4570528c2..8c1967ed3 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -55,7 +55,7 @@
 
 structs() -> ["cluster", "node", "rpc", "log", "lager",
               "acl", "mqtt", "zone", "listener", "module", "broker",
-              "plugins", "sysmon", "os_mon", "vm_mon", "alarm", "telemetry"]
+              "plugins", "sysmon", "os_mon", "vm_mon", "alarm"]
              ++ includes().
 
 -ifdef(TEST).
@@ -477,12 +477,6 @@ fields("alarm") ->
     , {"validity_period", t(duration_s(), undefined, "24h")}
     ];
 
-fields("telemetry") ->
-    [ {"enabled", t(boolean(), undefined, false)}
-    , {"url", t(string(), undefined, "https://telemetry-emqx-io.bigpar.vercel.app/api/telemetry")}
-    , {"report_interval", t(duration_s(), undefined, "7d")}
-    ];
-
 fields(ExtraField) ->
     Mod = list_to_atom(ExtraField++"_schema"),
     Mod:fields(ExtraField).
@@ -513,7 +507,6 @@ translation("emqx") ->
     , {"os_mon", fun tr_os_mon/1}
     , {"vm_mon", fun tr_vm_mon/1}
     , {"alarm", fun tr_alarm/1}
-    , {"telemetry", fun tr_telemetry/1}
     ].
 
 tr_cluster__discovery(Conf) ->
@@ -668,7 +661,7 @@ tr_zones(Conf) ->
 
 tr_listeners(Conf) ->
     Atom = fun(undefined) -> undefined;
-              (B) when is_binary(B)-> binary_to_atom(B);
+              (B) when is_binary(B)-> binary_to_atom(B, utf8);
               (S) when is_list(S) -> list_to_atom(S) end,
 
     Access = fun(S) ->
@@ -836,7 +829,7 @@ tr_modules(Conf) ->
 
 tr_sysmon(Conf) ->
     Keys = maps:to_list(conf_get("sysmon", Conf, #{})),
-    [{binary_to_atom(K), maps:get(value, V)} || {K, V} <- Keys].
+    [{binary_to_atom(K, utf8), maps:get(value, V)} || {K, V} <- Keys].
 
 tr_os_mon(Conf) ->
     [{cpu_check_interval, conf_get("os_mon.cpu_check_interval", Conf)}
@@ -859,12 +852,6 @@ tr_alarm(Conf) ->
     , {validity_period, conf_get("alarm.validity_period", Conf)}
     ].
 
-tr_telemetry(Conf) ->
-    [ {enabled,         conf_get("telemetry.enabled", Conf)}
-    , {url,             conf_get("telemetry.url", Conf)}
-    , {report_interval, conf_get("telemetry.report_interval", Conf)}
-    ].
-
 %% helpers
 
 options(static, Conf) ->
diff --git a/apps/emqx_prometheus/etc/emqx_prometheus.conf b/apps/emqx_prometheus/etc/emqx_prometheus.conf
index 92e0d850d..c450846fe 100644
--- a/apps/emqx_prometheus/etc/emqx_prometheus.conf
+++ b/apps/emqx_prometheus/etc/emqx_prometheus.conf
@@ -1,13 +1,7 @@
 ##--------------------------------------------------------------------
 ## emqx_prometheus for EMQ X
 ##--------------------------------------------------------------------
-
-## The Prometheus Push Gateway URL address
-##
-## Note: You can comment out this line to disable it
-prometheus.push.gateway.server = "http://127.0.0.1:9091"
-
-## The metrics data push interval (millisecond)
-##
-## Default: 15000
-prometheus.interval = 15000
+emqx_prometheus:{
+    push_gateway_server: "http://127.0.0.1:9091"
+    interval: "15s"
+}
diff --git a/apps/emqx_prometheus/priv/emqx_prometheus.schema b/apps/emqx_prometheus/priv/emqx_prometheus.schema
deleted file mode 100644
index d946813c5..000000000
--- a/apps/emqx_prometheus/priv/emqx_prometheus.schema
+++ /dev/null
@@ -1,20 +0,0 @@
-%% -*-: erlang -*-
-%% emqx_prometheus config
-
-{mapping, "prometheus.push.gateway.server", "emqx_prometheus.push_gateway", [
-  {datatype, string}
-]}.
-
-{mapping, "prometheus.interval", "emqx_prometheus.interval", [
-  {default, 5000},
-  {datatype, integer}
-]}.
-
-{mapping, "prometheus.collector.$name", "prometheus.collectors", [
-  {datatype, atom}
-]}.
-
-{translation, "prometheus.collectors", fun(Conf) ->
-  Collectors = cuttlefish_variable:filter_by_prefix("prometheus.collector", Conf),
-  lists:map(fun({_, Collector}) -> Collector end, Collectors)
-end}.
diff --git a/apps/emqx_prometheus/src/emqx_prometheus.app.src b/apps/emqx_prometheus/src/emqx_prometheus.app.src
index b96608edb..62105ff0b 100644
--- a/apps/emqx_prometheus/src/emqx_prometheus.app.src
+++ b/apps/emqx_prometheus/src/emqx_prometheus.app.src
@@ -1,6 +1,6 @@
 {application, emqx_prometheus,
  [{description, "Prometheus for EMQ X"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
+  {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_prometheus_sup]},
   {applications, [kernel,stdlib,prometheus]},
diff --git a/apps/emqx_prometheus/src/emqx_prometheus_app.erl b/apps/emqx_prometheus/src/emqx_prometheus_app.erl
index df0701551..9024bd583 100644
--- a/apps/emqx_prometheus/src/emqx_prometheus_app.erl
+++ b/apps/emqx_prometheus/src/emqx_prometheus_app.erl
@@ -28,8 +28,8 @@
 -define(APP, emqx_prometheus).
 
 start(_StartType, _StartArgs) ->
-    PushGateway = application:get_env(?APP, push_gateway, undefined),
-    Interval = application:get_env(?APP, interval, 5000),
+    PushGateway = emqx_config:get([?APP, push_gateway_server], undefined),
+    Interval = emqx_config:get([?APP, interval], 15000),
     emqx_prometheus_sup:start_link(PushGateway, Interval).
 
 stop(_State) ->
diff --git a/apps/emqx_prometheus/src/emqx_prometheus_schema.erl b/apps/emqx_prometheus/src/emqx_prometheus_schema.erl
new file mode 100644
index 000000000..486362e7b
--- /dev/null
+++ b/apps/emqx_prometheus/src/emqx_prometheus_schema.erl
@@ -0,0 +1,30 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+-module(emqx_prometheus_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+        , fields/1]).
+
+structs() -> ["emqx_prometheus"].
+
+fields("emqx_prometheus") ->
+    [ {push_gateway_server, emqx_schema:t(string())}
+    , {interval, emqx_schema:t(emqx_schema:duration_ms(), undefined, "15s")}
+    ].

From c9c6b69cc9cf0d3221e7c784aeef20104deb4110 Mon Sep 17 00:00:00 2001
From: turtleDeng <deng@emqx.io>
Date: Fri, 25 Jun 2021 17:06:30 +0800
Subject: [PATCH 025/174] chore: reset plugin conf generate (#5094)

* chore: reset plugin conf generate

* fix(plugin): check dialyzer fail

* chore: rm emqx_management_schema.erl file

* fix(plugin): check dialyzer fail

* fix(plugin): fix check ct fail

* fix(plugin): check dialyzer fail
---
 apps/emqx/src/emqx_config.erl  |  1 +
 apps/emqx/src/emqx_plugins.erl | 86 +++++++++++++++++++++++++++++++++-
 2 files changed, 86 insertions(+), 1 deletion(-)

diff --git a/apps/emqx/src/emqx_config.erl b/apps/emqx/src/emqx_config.erl
index 3d431f6a8..213eb7a8b 100644
--- a/apps/emqx/src/emqx_config.erl
+++ b/apps/emqx/src/emqx_config.erl
@@ -97,6 +97,7 @@ put_raw(KeyPath, Config) ->
     put_raw(deep_put(KeyPath, get_raw(), Config)).
 
 %%-----------------------------------------------------------------
+-dialyzer([{nowarn_function, [deep_get/2]}]).
 -spec deep_get(config_key_path(), map()) -> term().
 deep_get(ConfKeyPath, Map) ->
     do_deep_get(ConfKeyPath, Map, fun(KeyPath, Data) ->
diff --git a/apps/emqx/src/emqx_plugins.erl b/apps/emqx/src/emqx_plugins.erl
index 2f39edcb4..8abc2b21f 100644
--- a/apps/emqx/src/emqx_plugins.erl
+++ b/apps/emqx/src/emqx_plugins.erl
@@ -30,6 +30,8 @@
         , reload/1
         , list/0
         , find_plugin/1
+        , generate_configs/1
+        , apply_configs/1
         ]).
 
 -export([funlog/2]).
@@ -171,7 +173,15 @@ load_ext_plugin(PluginDir) ->
                       ?LOG(alert, "plugin_app_file_not_found: ~s", [AppFile]),
                       error({plugin_app_file_not_found, AppFile})
               end,
-    load_plugin_app(AppName, Ebin).
+    ok = load_plugin_app(AppName, Ebin),
+    try
+        ok = generate_configs(AppName, PluginDir)
+    catch
+        throw : {conf_file_not_found, ConfFile} ->
+            %% this is maybe a dependency of an external plugin
+            ?LOG(debug, "config_load_error_ignored for app=~p, path=~s", [AppName, ConfFile]),
+            ok
+    end.
 
 load_plugin_app(AppName, Ebin) ->
     _ = code:add_patha(Ebin),
@@ -236,6 +246,7 @@ plugin(AppName, Type) ->
 
 load_plugin(Name, Persistent) ->
     try
+        ok = ?MODULE:generate_configs(Name),
         case load_app(Name) of
             ok ->
                 start_app(Name, fun(App) -> plugin_loaded(App, Persistent) end);
@@ -351,5 +362,78 @@ plugin_type(backend) -> backend;
 plugin_type(bridge) -> bridge;
 plugin_type(_) -> feature.
 
+
 funlog(Key, Value) ->
     ?LOG(info, "~s = ~p", [string:join(Key, "."), Value]).
+
+generate_configs(App) ->
+    PluginConfDir = emqx:get_env(plugins_etc_dir),
+    PluginSchemaDir = code:priv_dir(App),
+    generate_configs(App, PluginConfDir, PluginSchemaDir).
+
+generate_configs(App, PluginDir) ->
+    PluginConfDir = filename:join([PluginDir, "etc"]),
+    PluginSchemaDir = filename:join([PluginDir, "priv"]),
+    generate_configs(App, PluginConfDir, PluginSchemaDir).
+
+generate_configs(App, PluginConfDir, PluginSchemaDir) ->
+    ConfigFile = filename:join([PluginConfDir, App]) ++ ".config",
+    case filelib:is_file(ConfigFile) of
+        true ->
+            {ok, [Configs]} = file:consult(ConfigFile),
+            apply_configs(Configs);
+        false ->
+            SchemaFile = filename:join([PluginSchemaDir, App]) ++ ".schema",
+            case filelib:is_file(SchemaFile) of
+                true ->
+                    AppsEnv = do_generate_configs(App),
+                    apply_configs(AppsEnv);
+                false ->
+                    SchemaMod = lists:concat([App, "_schema"]),
+                    ConfName = filename:join([PluginConfDir, App]) ++ ".conf",
+                    SchemaFile1 = filename:join([code:lib_dir(App), "ebin", SchemaMod]) ++ ".beam",
+                    do_generate_hocon_configs(App, ConfName, SchemaFile1)
+            end
+    end.
+
+do_generate_configs(App) ->
+    Name1 = filename:join([emqx:get_env(plugins_etc_dir), App]) ++ ".conf",
+    Name2 = filename:join([code:lib_dir(App), "etc", App]) ++ ".conf",
+    ConfFile = case {filelib:is_file(Name1), filelib:is_file(Name2)} of
+                   {true, _} -> Name1;
+                   {false, true} -> Name2;
+                   {false, false} -> error({config_not_found, [Name1, Name2]})
+               end,
+    SchemaFile = filename:join([code:priv_dir(App), App]) ++ ".schema",
+    case filelib:is_file(SchemaFile) of
+        true ->
+            Schema = cuttlefish_schema:files([SchemaFile]),
+            Conf = cuttlefish_conf:file(ConfFile),
+            cuttlefish_generator:map(Schema, Conf, undefined, fun ?MODULE:funlog/2);
+        false ->
+            error({schema_not_found, SchemaFile})
+    end.
+
+do_generate_hocon_configs(App, ConfName, SchemaFile) ->
+    SchemaMod = lists:concat([App, "_schema"]),
+    case {filelib:is_file(ConfName), filelib:is_file(SchemaFile)} of
+        {true, true} ->
+            {ok, RawConfig} = hocon:load(ConfName, #{format => richmap}),
+            _ = hocon_schema:check(list_to_atom(SchemaMod), RawConfig, #{atom_key => true,
+                                                                         return_plain => true}),
+            ok;
+            % emqx_config:update_config([App], Config);
+        {true, false} ->
+            error({schema_not_found, [SchemaFile]});
+        {false, true} ->
+            error({config_not_found, [ConfName]});
+        {false, false} ->
+            error({conf_and_schema_not_found, [ConfName, SchemaFile]})
+    end.
+
+apply_configs([]) ->
+    ok;
+apply_configs([{App, Config} | More]) ->
+    lists:foreach(fun({Key, _}) -> application:unset_env(App, Key) end, application:get_all_env(App)),
+    lists:foreach(fun({Key, Val}) -> application:set_env(App, Key, Val) end, Config),
+    apply_configs(More).

From 2d1008ceaf78d9ad3f661568f76964f5117c0dc2 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 25 Jun 2021 15:10:45 +0800
Subject: [PATCH 026/174] chore: move emqx_recon to emqx_modules plugin

---
 .../src/emqx_mod_recon.erl}                   |  30 ++++-
 apps/emqx_recon/.gitignore                    |  31 -----
 apps/emqx_recon/README.md                     |  61 ----------
 apps/emqx_recon/etc/emqx_recon.conf           |   4 -
 apps/emqx_recon/priv/emqx_recon.schema        |   9 --
 apps/emqx_recon/rebar.config                  |  18 ---
 apps/emqx_recon/src/emqx_recon.app.src        |  14 ---
 apps/emqx_recon/src/emqx_recon.erl            |  41 -------
 apps/emqx_recon/test/emqx_recon_SUITE.erl     | 114 ------------------
 data/loaded_modules.tmpl                      |   1 +
 data/loaded_plugins.tmpl                      |   1 -
 rebar.config.erl                              |   2 -
 12 files changed, 26 insertions(+), 300 deletions(-)
 rename apps/{emqx_recon/src/emqx_recon_cli.erl => emqx_modules/src/emqx_mod_recon.erl} (85%)
 delete mode 100644 apps/emqx_recon/.gitignore
 delete mode 100644 apps/emqx_recon/README.md
 delete mode 100644 apps/emqx_recon/etc/emqx_recon.conf
 delete mode 100644 apps/emqx_recon/priv/emqx_recon.schema
 delete mode 100644 apps/emqx_recon/rebar.config
 delete mode 100644 apps/emqx_recon/src/emqx_recon.app.src
 delete mode 100644 apps/emqx_recon/src/emqx_recon.erl
 delete mode 100644 apps/emqx_recon/test/emqx_recon_SUITE.erl

diff --git a/apps/emqx_recon/src/emqx_recon_cli.erl b/apps/emqx_modules/src/emqx_mod_recon.erl
similarity index 85%
rename from apps/emqx_recon/src/emqx_recon_cli.erl
rename to apps/emqx_modules/src/emqx_mod_recon.erl
index b4e3a52ab..38d046b10 100644
--- a/apps/emqx_recon/src/emqx_recon_cli.erl
+++ b/apps/emqx_modules/src/emqx_mod_recon.erl
@@ -14,13 +14,34 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
--module(emqx_recon_cli).
+-module(emqx_mod_recon).
 
--export([ cmd/1
-        , load/0
-        , unload/0
+-behaviour(emqx_gen_mod).
+
+%% emqx_gen_mod callbacks
+-export([ load/1
+        , unload/1
+        , description/0
         ]).
 
+-export([cmd/1]).
+
+
+%%--------------------------------------------------------------------
+%% Load/Unload
+%%--------------------------------------------------------------------
+
+-spec(load(list()) -> ok).
+load(_Env) ->
+    load().
+
+-spec(unload(list()) -> ok).
+unload(_Env) ->
+    unload().
+
+description() ->
+    "EMQ X Recon Module".
+
 load() ->
     emqx_ctl:register_command(recon, {?MODULE, cmd}, []).
 
@@ -69,4 +90,3 @@ remote_load(Module) -> remote_load(nodes(), Module).
 %% after OTP 23, it crashes with 'badarg' error
 remote_load([], _Module) -> ok;
 remote_load(Nodes, Module) -> recon:remote_load(Nodes, Module).
-
diff --git a/apps/emqx_recon/.gitignore b/apps/emqx_recon/.gitignore
deleted file mode 100644
index 3576f6e23..000000000
--- a/apps/emqx_recon/.gitignore
+++ /dev/null
@@ -1,31 +0,0 @@
-.rebar
-.eunit
-deps
-!deps/.placeholder
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-!ebin/.placeholder
-.exrc
-log/
-*.swp
-*.so
-.erlang.mk/
-logs/
-ct.coverdata
-test/ct.cover.spec
-.idea/
-emqx_recon.iml
-Mnesia.nonode@nohost/
-data/
-cover/
-emqx_recon.d
-eunit.coverdata
-.DS_Store
-_build/
-rebar.lock
-erlang.mk
-rebar3.crashdump
-.rebar3/
diff --git a/apps/emqx_recon/README.md b/apps/emqx_recon/README.md
deleted file mode 100644
index ca163be45..000000000
--- a/apps/emqx_recon/README.md
+++ /dev/null
@@ -1,61 +0,0 @@
-
-emqx-recon
-==========
-
-EMQ X Recon Debug/Optimize Plugin
-
-emqx_recon.conf
-----=----------
-
-```
-## Global GC Interval.
-##
-## Value: Duration
-##  - h: hour
-##  - m: minute
-##  - s: second
-##
-## Examples:
-##  - 2h:  2 hours
-##  - 30m: 30 minutes
-##  - 20s: 20 seconds
-##
-## Defaut: 5m
-recon.gc_interval = 5m
-```
-
-Load the Plugin
----------------
-
-```
-./bin/emqx_ctl plugins load emqx_recon
-```
-
-Commands
---------
-
-```
-./bin/emqx_ctl recon
-
-recon memory                            #recon_alloc:memory/2
-recon allocated                         #recon_alloc:memory(allocated_types, current|max)
-recon bin_leak                          #recon:bin_leak(100)
-recon node_stats                        #recon:node_stats(10, 1000)
-recon remote_load Mod                   #recon:remote_load(Mod)
-```
-
-GC
---
-
-When the plugin is loaded, global GC will run periodically.
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_recon/etc/emqx_recon.conf b/apps/emqx_recon/etc/emqx_recon.conf
deleted file mode 100644
index 1ca23bfc2..000000000
--- a/apps/emqx_recon/etc/emqx_recon.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-##--------------------------------------------------------------------
-## Recon Plugin
-##--------------------------------------------------------------------
-
diff --git a/apps/emqx_recon/priv/emqx_recon.schema b/apps/emqx_recon/priv/emqx_recon.schema
deleted file mode 100644
index 7436d0f8c..000000000
--- a/apps/emqx_recon/priv/emqx_recon.schema
+++ /dev/null
@@ -1,9 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx-recon config mapping
-
-%% @doc Global GC Interval
-%% {@configurable}
-%% {mapping, "recon.gc_interval", "emqx_recon.gc_interval", [
-%%  {datatype, {duration, s}}
-%% ]}.
-
diff --git a/apps/emqx_recon/rebar.config b/apps/emqx_recon/rebar.config
deleted file mode 100644
index 1a6f20d2b..000000000
--- a/apps/emqx_recon/rebar.config
+++ /dev/null
@@ -1,18 +0,0 @@
-{deps, [
-%% recon "https://github.com/ferd/recon" at root rebar.config
-]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info
-            ]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_recon/src/emqx_recon.app.src b/apps/emqx_recon/src/emqx_recon.app.src
deleted file mode 100644
index e25e2bbc5..000000000
--- a/apps/emqx_recon/src/emqx_recon.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_recon,
- [{description, "EMQ X Recon Plugin"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, []},
-  {applications, [kernel,stdlib,recon]},
-  {mod, {emqx_recon,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-recon"}
-          ]}
- ]}.
diff --git a/apps/emqx_recon/src/emqx_recon.erl b/apps/emqx_recon/src/emqx_recon.erl
deleted file mode 100644
index 67039c3ac..000000000
--- a/apps/emqx_recon/src/emqx_recon.erl
+++ /dev/null
@@ -1,41 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_recon).
-
--emqx_plugin(?MODULE).
-
--behaviour(application).
-
--export([start/2, stop/1]).
-
--behaviour(supervisor).
-
--export([init/1]).
-
--define(APP, ?MODULE).
--define(SUP, emqx_recon_sup).
-
-start(_StartType, _StartArgs) ->
-    emqx_recon_cli:load(),
-    supervisor:start_link({local, ?SUP}, ?MODULE, []).
-
-stop(_State) ->
-    emqx_recon_cli:unload().
-
-init([]) ->
-    {ok, {{one_for_one, 10, 100}, []}}.
-
diff --git a/apps/emqx_recon/test/emqx_recon_SUITE.erl b/apps/emqx_recon/test/emqx_recon_SUITE.erl
deleted file mode 100644
index 2abf8f709..000000000
--- a/apps/emqx_recon/test/emqx_recon_SUITE.erl
+++ /dev/null
@@ -1,114 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_recon_SUITE).
-
--compile(nowarn_export_all).
--compile(export_all).
-
--include_lib("eunit/include/eunit.hrl").
-
--define(output_patterns(V), ((V)++"")).
-
-all() -> [{group, cli}].
-
-groups() ->
-    [{cli, [sequence],
-      [cli_memory,
-       cli_allocated,
-       cli_bin_leak,
-       cli_node_stats,
-       cli_remote_load,
-       cli_usage]}
-    ].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_recon]),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_recon]).
-
-cli_memory(_) ->
-    mock_print(),
-    Output = emqx_recon_cli:cmd(["memory"]),
-    Zip = lists:zip(Output, [ ?output_patterns("usage/current")
-                            , ?output_patterns("usage/max")
-                            , ?output_patterns("used/current")
-                            , ?output_patterns("used/max")
-                            , ?output_patterns("allocated/current")
-                            , ?output_patterns("allocated/max")
-                            , ?output_patterns("unused/current")
-                            , ?output_patterns("unused/max")
-                            ]),
-    %ct:pal("=======~p", [Zip]),
-    [?assertMatch({match, _}, re:run(Line, Match, [{capture,all,list}]))
-     || {Line, Match} <- Zip],
-    unmock_print().
-
-cli_allocated(_) ->
-    mock_print(),
-    Output = emqx_recon_cli:cmd(["allocated"]),
-    Zip = lists:zip(Output, [ ?output_patterns("binary_alloc/current")
-                            , ?output_patterns("driver_alloc/current")
-                            , ?output_patterns("eheap_alloc/current")
-                            , ?output_patterns("ets_alloc/current")
-                            , ?output_patterns("fix_alloc/current")
-                            , ?output_patterns("ll_alloc/current")
-                            , ?output_patterns("sl_alloc/current")
-                            , ?output_patterns("std_alloc/current")
-                            , ?output_patterns("temp_alloc/current")
-                            , ?output_patterns("binary_alloc/max")
-                            , ?output_patterns("driver_alloc/max")
-                            , ?output_patterns("eheap_alloc/max")
-                            , ?output_patterns("ets_alloc/max")
-                            , ?output_patterns("fix_alloc/max")
-                            , ?output_patterns("ll_alloc/max")
-                            , ?output_patterns("sl_alloc/max")
-                            , ?output_patterns("std_alloc/max")
-                            , ?output_patterns("temp_alloc/max")
-                            ]),
-    ct:pal("=======~p", [Zip]),
-    [?assertMatch({match, _}, re:run(Line, Match, [{capture,all,list}]))
-     || {Line, Match} <- Zip],
-    unmock_print().
-
-cli_bin_leak(_) ->
-    mock_print(),
-    Output = emqx_recon_cli:cmd(["bin_leak"]),
-    [?assertMatch({match, _}, re:run(Line, "current_function", [{capture,all,list}]))
-     || Line <- Output],
-    unmock_print().
-
-cli_node_stats(_) ->
-    emqx_recon_cli:cmd(["node_stats"]).
-
-cli_remote_load(_) ->
-    emqx_recon_cli:cmd(["remote_load", "emqx_recon_cli"]).
-
-cli_usage(_) ->
-    emqx_recon_cli:cmd(["usage"]).
-
-mock_print() ->
-    catch meck:unload(emqx_ctl),
-    meck:new(emqx_ctl, [non_strict, passthrough]),
-    meck:expect(emqx_ctl, print, fun(Arg) -> emqx_ctl:format(Arg) end),
-    meck:expect(emqx_ctl, print, fun(Msg, Arg) -> emqx_ctl:format(Msg, Arg) end),
-    meck:expect(emqx_ctl, usage, fun(Usages) -> emqx_ctl:format_usage(Usages) end).
-
-unmock_print() ->
-    meck:unload().
-
diff --git a/data/loaded_modules.tmpl b/data/loaded_modules.tmpl
index f31e47900..8dfe6453e 100644
--- a/data/loaded_modules.tmpl
+++ b/data/loaded_modules.tmpl
@@ -1 +1,2 @@
 {emqx_mod_presence, true}.
+{emqx_mod_recon, true}.
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
index 5922f6dc5..c2b6311f2 100644
--- a/data/loaded_plugins.tmpl
+++ b/data/loaded_plugins.tmpl
@@ -1,7 +1,6 @@
 {emqx_management, true}.
 {emqx_dashboard, true}.
 {emqx_modules, {{enable_plugin_emqx_modules}}}.
-{emqx_recon, {{enable_plugin_emqx_recon}}}.
 {emqx_retainer, {{enable_plugin_emqx_retainer}}}.
 {emqx_rule_engine, {{enable_plugin_emqx_rule_engine}}}.
 {emqx_bridge_mqtt, {{enable_plugin_emqx_bridge_mqtt}}}.
diff --git a/rebar.config.erl b/rebar.config.erl
index 8ce3aa217..88148818e 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -188,7 +188,6 @@ overlay_vars_rel(RelType) ->
     [ {enable_plugin_emqx_rule_engine, RelType =:= cloud}
     , {enable_plugin_emqx_bridge_mqtt, RelType =:= edge}
     , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
-    , {enable_plugin_emqx_recon, true}
     , {enable_plugin_emqx_retainer, true}
     , {vm_args_file, VmArgs}
     ].
@@ -285,7 +284,6 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_auth_jwt
     , emqx_auth_mnesia
     , emqx_web_hook
-    , emqx_recon
     , emqx_rule_engine
     , emqx_sasl
     , emqx_statsd

From c24f3688c4eec0b16e2aef4f1d2fbbc5dcde9d4f Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 09:41:45 +0800
Subject: [PATCH 027/174] build: delete needless auth plugins

---
 apps/emqx_auth_http/.gitignore                |  25 --
 apps/emqx_auth_http/README.md                 | 100 -----
 apps/emqx_auth_http/etc/emqx_auth_http.conf   | 172 ---------
 .../emqx_auth_http/include/emqx_auth_http.hrl |  23 --
 .../emqx_auth_http/priv/emqx_auth_http.schema | 131 -------
 apps/emqx_auth_http/rebar.config              |  26 --
 apps/emqx_auth_http/src/emqx_acl_http.erl     |  88 -----
 .../emqx_auth_http/src/emqx_auth_http.app.src |  14 -
 apps/emqx_auth_http/src/emqx_auth_http.erl    | 112 ------
 .../emqx_auth_http/src/emqx_auth_http_app.erl | 158 --------
 .../emqx_auth_http/src/emqx_auth_http_cli.erl |  92 -----
 .../emqx_auth_http/src/emqx_auth_http_sup.erl |  29 --
 .../test/emqx_auth_http_SUITE.erl             | 257 -------------
 apps/emqx_auth_http/test/http_auth_server.erl | 152 --------
 apps/emqx_auth_jwt/.gitignore                 |  28 --
 apps/emqx_auth_jwt/README.md                  |  90 -----
 apps/emqx_auth_jwt/TODO.md                    |   2 -
 .../doc/hmac-vs-ecdsa-for-jwt.txt             |   3 -
 apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf     |  49 ---
 apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema  |  49 ---
 apps/emqx_auth_jwt/rebar.config               |  25 --
 apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src  |  14 -
 .../emqx_auth_jwt/src/emqx_auth_jwt.appup.src |  15 -
 apps/emqx_auth_jwt/src/emqx_auth_jwt.erl      |  99 -----
 apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl  |  81 -----
 apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl  | 224 ------------
 .../test/emqx_auth_jwt_SUITE.erl              | 166 ---------
 apps/emqx_auth_ldap/.gitignore                |  25 --
 apps/emqx_auth_ldap/README.md                 |  96 -----
 apps/emqx_auth_ldap/emqx.io.ldif              | 135 -------
 apps/emqx_auth_ldap/emqx.schema               |  46 ---
 apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf   |  76 ----
 .../emqx_auth_ldap/include/emqx_auth_ldap.hrl |  23 --
 .../emqx_auth_ldap/priv/emqx_auth_ldap.schema | 174 ---------
 apps/emqx_auth_ldap/rebar.config              |  25 --
 apps/emqx_auth_ldap/src/emqx_acl_ldap.erl     |  98 -----
 .../emqx_auth_ldap/src/emqx_auth_ldap.app.src |  14 -
 apps/emqx_auth_ldap/src/emqx_auth_ldap.erl    | 210 -----------
 .../emqx_auth_ldap/src/emqx_auth_ldap_app.erl |  78 ----
 .../emqx_auth_ldap/src/emqx_auth_ldap_cli.erl | 150 --------
 .../emqx_auth_ldap/src/emqx_auth_ldap_sup.erl |  35 --
 apps/emqx_auth_ldap/test/certs/cacert.pem     |  20 -
 apps/emqx_auth_ldap/test/certs/cert.pem       |  19 -
 .../emqx_auth_ldap/test/certs/client-cert.pem |  19 -
 apps/emqx_auth_ldap/test/certs/client-key.pem |  27 --
 apps/emqx_auth_ldap/test/certs/key.pem        |  27 --
 .../test/emqx_auth_ldap_SUITE.erl             | 152 --------
 .../emqx_auth_ldap_bind_as_user_SUITE.erl     | 112 ------
 apps/emqx_auth_mnesia/.gitignore              |  26 --
 apps/emqx_auth_mnesia/README.md               |   2 -
 .../etc/emqx_auth_mnesia.conf                 |  30 --
 .../include/emqx_auth_mnesia.hrl              |  38 --
 .../priv/emqx_auth_mnesia.schema              |  43 ---
 apps/emqx_auth_mnesia/rebar.config            |  17 -
 apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl | 104 ------
 .../src/emqx_acl_mnesia_api.erl               | 226 ------------
 .../src/emqx_acl_mnesia_cli.erl               | 270 --------------
 .../src/emqx_auth_mnesia.app.src              |  14 -
 .../src/emqx_auth_mnesia.appup.src            |  13 -
 .../emqx_auth_mnesia/src/emqx_auth_mnesia.erl | 109 ------
 .../src/emqx_auth_mnesia_api.erl              | 305 ----------------
 .../src/emqx_auth_mnesia_app.erl              |  68 ----
 .../src/emqx_auth_mnesia_cli.erl              | 194 ----------
 .../src/emqx_auth_mnesia_sup.erl              |  36 --
 .../test/emqx_acl_mnesia_SUITE.erl            | 293 ---------------
 .../test/emqx_auth_mnesia_SUITE.erl           | 318 ----------------
 apps/emqx_auth_mongo/.gitignore               |  24 --
 apps/emqx_auth_mongo/CHANGES                  |  31 --
 apps/emqx_auth_mongo/README.md                | 192 ----------
 apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf | 187 ----------
 .../include/emqx_auth_mongo.hrl               |  37 --
 .../priv/emqx_auth_mongo.schema               | 341 ------------------
 apps/emqx_auth_mongo/rebar.config             |  32 --
 apps/emqx_auth_mongo/src/emqx_acl_mongo.erl   |  91 -----
 .../src/emqx_auth_mongo.app.src               |  14 -
 apps/emqx_auth_mongo/src/emqx_auth_mongo.erl  | 138 -------
 .../src/emqx_auth_mongo_app.erl               |  88 -----
 .../src/emqx_auth_mongo_sup.erl               |  34 --
 .../test/emqx_auth_mongo_SUITE.erl            | 169 ---------
 .../emqx_auth_mongo_SUITE_data/ca-key.pem     |  27 --
 .../test/emqx_auth_mongo_SUITE_data/ca.pem    |  19 -
 .../client-cert.pem                           |  19 -
 .../emqx_auth_mongo_SUITE_data/client-key.pem |  27 --
 .../emqx_auth_mongo_SUITE_data/mongodb.pem    |  46 ---
 .../private_key.pem                           |  27 --
 .../emqx_auth_mongo_SUITE_data/public_key.pem |   9 -
 .../server-cert.pem                           |  19 -
 .../emqx_auth_mongo_SUITE_data/server-key.pem |  27 --
 apps/emqx_auth_mysql/.gitignore               |  31 --
 apps/emqx_auth_mysql/README.md                | 167 ---------
 apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf | 131 -------
 .../include/emqx_auth_mysql.hrl               |  23 --
 apps/emqx_auth_mysql/mqtt.sql                 |  41 ---
 .../priv/emqx_auth_mysql.schema               | 156 --------
 apps/emqx_auth_mysql/rebar.config             |  24 --
 apps/emqx_auth_mysql/src/emqx_acl_mysql.erl   | 119 ------
 .../src/emqx_auth_mysql.app.src               |  14 -
 apps/emqx_auth_mysql/src/emqx_auth_mysql.erl  |  91 -----
 .../src/emqx_auth_mysql_app.erl               |  74 ----
 .../src/emqx_auth_mysql_cli.erl               |  91 -----
 .../src/emqx_auth_mysql_sup.erl               |  40 --
 .../test/emqx_auth_mysql_SUITE.erl            | 235 ------------
 .../emqx_auth_mysql_SUITE_data/ca-key.pem     |  27 --
 .../test/emqx_auth_mysql_SUITE_data/ca.pem    |  19 -
 .../client-cert.pem                           |  19 -
 .../emqx_auth_mysql_SUITE_data/client-key.pem |  27 --
 .../private_key.pem                           |  27 --
 .../emqx_auth_mysql_SUITE_data/public_key.pem |   9 -
 .../server-cert.pem                           |  19 -
 .../emqx_auth_mysql_SUITE_data/server-key.pem |  27 --
 apps/emqx_auth_pgsql/.gitignore               |  20 -
 apps/emqx_auth_pgsql/README.md                | 183 ----------
 apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf | 132 -------
 .../include/emqx_auth_pgsql.hrl               |  23 --
 apps/emqx_auth_pgsql/mqtt.sql                 |  28 --
 .../priv/emqx_auth_pgsql.schema               | 184 ----------
 apps/emqx_auth_pgsql/rebar.config             |  21 --
 apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl   | 117 ------
 .../src/emqx_auth_pgsql.app.src               |  14 -
 apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl  |  91 -----
 .../src/emqx_auth_pgsql_app.erl               |  63 ----
 .../src/emqx_auth_pgsql_cli.erl               | 150 --------
 .../src/emqx_auth_pgsql_sup.erl               |  37 --
 .../test/emqx_auth_pgsql_SUITE.erl            | 221 ------------
 .../emqx_auth_pgsql_SUITE_data/ca-key.pem     |  27 --
 .../test/emqx_auth_pgsql_SUITE_data/ca.pem    |  19 -
 .../client-cert.pem                           |  19 -
 .../emqx_auth_pgsql_SUITE_data/client-key.pem |  27 --
 .../private_key.pem                           |  27 --
 .../emqx_auth_pgsql_SUITE_data/public_key.pem |   9 -
 .../server-cert.pem                           |  19 -
 .../emqx_auth_pgsql_SUITE_data/server-key.pem |  27 --
 apps/emqx_auth_redis/.gitignore               |  28 --
 apps/emqx_auth_redis/README.md                | 171 ---------
 apps/emqx_auth_redis/etc/emqx_auth_redis.conf | 131 -------
 .../include/emqx_auth_redis.hrl               |  23 --
 .../priv/emqx_auth_redis.schema               | 184 ----------
 apps/emqx_auth_redis/rebar.config             |  24 --
 apps/emqx_auth_redis/src/emqx_acl_redis.erl   |  86 -----
 .../src/emqx_auth_redis.app.src               |  14 -
 apps/emqx_auth_redis/src/emqx_auth_redis.erl  |  85 -----
 .../src/emqx_auth_redis_app.erl               |  70 ----
 .../src/emqx_auth_redis_cli.erl               |  89 -----
 .../src/emqx_auth_redis_sup.erl               |  43 ---
 .../test/emqx_auth_redis_SUITE.erl            | 186 ----------
 .../emqx_auth_redis_SUITE_data/certs/ca.crt   |  29 --
 .../emqx_auth_redis_SUITE_data/certs/ca.key   |  51 ---
 .../emqx_auth_redis_SUITE_data/certs/ca.txt   |   1 -
 .../certs/redis.crt                           |  23 --
 .../emqx_auth_redis_SUITE_data/certs/redis.dh |   8 -
 .../certs/redis.key                           |  27 --
 151 files changed, 11631 deletions(-)
 delete mode 100644 apps/emqx_auth_http/.gitignore
 delete mode 100644 apps/emqx_auth_http/README.md
 delete mode 100644 apps/emqx_auth_http/etc/emqx_auth_http.conf
 delete mode 100644 apps/emqx_auth_http/include/emqx_auth_http.hrl
 delete mode 100644 apps/emqx_auth_http/priv/emqx_auth_http.schema
 delete mode 100644 apps/emqx_auth_http/rebar.config
 delete mode 100644 apps/emqx_auth_http/src/emqx_acl_http.erl
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http.app.src
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http.erl
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http_app.erl
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http_cli.erl
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http_sup.erl
 delete mode 100644 apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl
 delete mode 100644 apps/emqx_auth_http/test/http_auth_server.erl
 delete mode 100644 apps/emqx_auth_jwt/.gitignore
 delete mode 100644 apps/emqx_auth_jwt/README.md
 delete mode 100644 apps/emqx_auth_jwt/TODO.md
 delete mode 100644 apps/emqx_auth_jwt/doc/hmac-vs-ecdsa-for-jwt.txt
 delete mode 100644 apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf
 delete mode 100644 apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema
 delete mode 100644 apps/emqx_auth_jwt/rebar.config
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
 delete mode 100644 apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl
 delete mode 100644 apps/emqx_auth_ldap/.gitignore
 delete mode 100644 apps/emqx_auth_ldap/README.md
 delete mode 100644 apps/emqx_auth_ldap/emqx.io.ldif
 delete mode 100644 apps/emqx_auth_ldap/emqx.schema
 delete mode 100644 apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
 delete mode 100644 apps/emqx_auth_ldap/include/emqx_auth_ldap.hrl
 delete mode 100644 apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema
 delete mode 100644 apps/emqx_auth_ldap/rebar.config
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl
 delete mode 100644 apps/emqx_auth_ldap/test/certs/cacert.pem
 delete mode 100644 apps/emqx_auth_ldap/test/certs/cert.pem
 delete mode 100644 apps/emqx_auth_ldap/test/certs/client-cert.pem
 delete mode 100644 apps/emqx_auth_ldap/test/certs/client-key.pem
 delete mode 100644 apps/emqx_auth_ldap/test/certs/key.pem
 delete mode 100644 apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl
 delete mode 100644 apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl
 delete mode 100644 apps/emqx_auth_mnesia/.gitignore
 delete mode 100644 apps/emqx_auth_mnesia/README.md
 delete mode 100644 apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf
 delete mode 100644 apps/emqx_auth_mnesia/include/emqx_auth_mnesia.hrl
 delete mode 100644 apps/emqx_auth_mnesia/priv/emqx_auth_mnesia.schema
 delete mode 100644 apps/emqx_auth_mnesia/rebar.config
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl
 delete mode 100644 apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
 delete mode 100644 apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl
 delete mode 100644 apps/emqx_auth_mongo/.gitignore
 delete mode 100644 apps/emqx_auth_mongo/CHANGES
 delete mode 100644 apps/emqx_auth_mongo/README.md
 delete mode 100644 apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
 delete mode 100644 apps/emqx_auth_mongo/include/emqx_auth_mongo.hrl
 delete mode 100644 apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema
 delete mode 100644 apps/emqx_auth_mongo/rebar.config
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_acl_mongo.erl
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_auth_mongo.app.src
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca-key.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/private_key.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/public_key.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-cert.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-key.pem
 delete mode 100644 apps/emqx_auth_mysql/.gitignore
 delete mode 100644 apps/emqx_auth_mysql/README.md
 delete mode 100644 apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
 delete mode 100644 apps/emqx_auth_mysql/include/emqx_auth_mysql.hrl
 delete mode 100644 apps/emqx_auth_mysql/mqtt.sql
 delete mode 100644 apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema
 delete mode 100644 apps/emqx_auth_mysql/rebar.config
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_acl_mysql.erl
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca-key.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/private_key.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/public_key.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem
 delete mode 100644 apps/emqx_auth_pgsql/.gitignore
 delete mode 100644 apps/emqx_auth_pgsql/README.md
 delete mode 100644 apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
 delete mode 100644 apps/emqx_auth_pgsql/include/emqx_auth_pgsql.hrl
 delete mode 100644 apps/emqx_auth_pgsql/mqtt.sql
 delete mode 100644 apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
 delete mode 100644 apps/emqx_auth_pgsql/rebar.config
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca-key.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/private_key.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/public_key.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem
 delete mode 100644 apps/emqx_auth_redis/.gitignore
 delete mode 100644 apps/emqx_auth_redis/README.md
 delete mode 100644 apps/emqx_auth_redis/etc/emqx_auth_redis.conf
 delete mode 100644 apps/emqx_auth_redis/include/emqx_auth_redis.hrl
 delete mode 100644 apps/emqx_auth_redis/priv/emqx_auth_redis.schema
 delete mode 100644 apps/emqx_auth_redis/rebar.config
 delete mode 100644 apps/emqx_auth_redis/src/emqx_acl_redis.erl
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis.app.src
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis.erl
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.key
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.txt
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.dh
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key

diff --git a/apps/emqx_auth_http/.gitignore b/apps/emqx_auth_http/.gitignore
deleted file mode 100644
index 557a3a337..000000000
--- a/apps/emqx_auth_http/.gitignore
+++ /dev/null
@@ -1,25 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_http.d
-data
-ct.cover.spec
-cover/
-ct.coverdata
-eunit.coverdata
-logs/
-erlang.mk
-_build/
-rebar.lock
-rebar3.crashdump
-etc/emqx_auth_http.conf.rendered
-.rebar3/
-*.swp
diff --git a/apps/emqx_auth_http/README.md b/apps/emqx_auth_http/README.md
deleted file mode 100644
index ed743334a..000000000
--- a/apps/emqx_auth_http/README.md
+++ /dev/null
@@ -1,100 +0,0 @@
-emqx_auth_http
-==============
-
-EMQ X HTTP Auth/ACL Plugin
-
-Build
------
-
-```
-make && make tests
-```
-
-Configure the Plugin
---------------------
-
-File: etc/emqx_auth_http.conf
-
-```
-##--------------------------------------------------------------------
-## Authentication request.
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Value: URL
-auth.http.auth_req = http://127.0.0.1:8080/mqtt/auth
-## Value: post | get | put
-auth.http.auth_req.method = post
-## Value: Params
-auth.http.auth_req.params = clientid=%c,username=%u,password=%P
-
-##--------------------------------------------------------------------
-## Superuser request.
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Value: URL
-auth.http.super_req = http://127.0.0.1:8080/mqtt/superuser
-## Value: post | get | put
-auth.http.super_req.method = post
-## Value: Params
-auth.http.super_req.params = clientid=%c,username=%u
-
-##--------------------------------------------------------------------
-## ACL request.
-##
-## Variables:
-##  - %A: 1 | 2, 1 = sub, 2 = pub
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %m: mountpoint
-##  - %t: topic
-##
-## Value: URL
-auth.http.acl_req = http://127.0.0.1:8080/mqtt/acl
-## Value: post | get | put
-auth.http.acl_req.method = get
-## Value: Params
-auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t
-```
-
-Load the Plugin
----------------
-
-```
-./bin/emqx_ctl plugins load emqx_auth_http
-```
-
-HTTP API
---------
-
-200 if ok
-
-4xx if unauthorized
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_http/etc/emqx_auth_http.conf b/apps/emqx_auth_http/etc/emqx_auth_http.conf
deleted file mode 100644
index 56e2055c0..000000000
--- a/apps/emqx_auth_http/etc/emqx_auth_http.conf
+++ /dev/null
@@ -1,172 +0,0 @@
-##--------------------------------------------------------------------
-## HTTP Auth/ACL Plugin
-##--------------------------------------------------------------------
-
-## HTTP URL API path for Auth Request
-##
-## Value: URL
-##
-## Examples: http://127.0.0.1:80/mqtt/auth, https://[::1]:80/mqtt/auth
-auth.http.auth_req.url = "http://127.0.0.1:80/mqtt/auth"
-
-## HTTP Request Method for Auth Request
-##
-## Value: post | get
-auth.http.auth_req.method = post
-
-## HTTP Request Headers for Auth Request, Content-Type header is configured by default.
-## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
-##
-## Examples: auth.http.auth_req.headers.accept = */*
-
-auth.http.auth_req.headers.content_type = "application/x-www-form-urlencoded"
-
-## Parameters used to construct the request body or query string parameters
-## When the request method is GET, these parameters will be converted into query string parameters
-## When the request method is POST, the final format is determined by content-type
-##
-## Available Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %p: sockport of server accepted
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Value: <K1>=<V1>,<K2>=<V2>,...
-auth.http.auth_req.params = "clientid=%c,username=%u,password=%P"
-
-## HTTP URL API path for SuperUser Request
-##
-## Value: URL
-##
-## Examples: http://127.0.0.1:80/mqtt/superuser, https://[::1]:80/mqtt/superuser
-auth.http.super_req.url = "http://127.0.0.1:80/mqtt/superuser"
-
-## HTTP Request Method for SuperUser Request
-##
-## Value: post | get
-auth.http.super_req.method = post
-
-## HTTP Request Headers for SuperUser Request, Content-Type header is configured by default.
-## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
-##
-## Examples: auth.http.super_req.headers.accept = */*
-auth.http.super_req.headers.content-type = "application/x-www-form-urlencoded"
-
-## Parameters used to construct the request body or query string parameters
-## When the request method is GET, these parameters will be converted into query string parameters
-## When the request method is POST, the final format is determined by content-type
-##
-## Available Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %p: sockport of server accepted
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Value: <K1>=<V1>,<K2>=<V2>,...
-auth.http.super_req.params = "clientid=%c,username=%u"
-
-## HTTP URL API path for ACL Request
-## Comment out this config to disable ACL checks
-##
-## Value: URL
-##
-## Examples: http://127.0.0.1:80/mqtt/acl, https://[::1]:80/mqtt/acl
-auth.http.acl_req.url = "http://127.0.0.1:80/mqtt/acl"
-
-## HTTP Request Method for ACL Request
-##
-## Value: post | get
-auth.http.acl_req.method = post
-
-## HTTP Request Headers for ACL Request, Content-Type header is configured by default.
-## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
-##
-## Examples: auth.http.acl_req.headers.accept = */*
-auth.http.acl_req.headers.content-type = "application/x-www-form-urlencoded"
-
-## Parameters used to construct the request body or query string parameters
-## When the request method is GET, these parameters will be converted into query string parameters
-## When the request method is POST, the final format is determined by content-type
-##
-## Available Variables:
-##  - %A: access (1 - subscribe, 2 - publish)
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %p: sockport of server accepted
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##  - %t: topic
-##
-## Value: <K1>=<V1>,<K2>=<V2>,...
-auth.http.acl_req.params = "access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m"
-
-## Time-out time for the request.
-##
-## Value: Duration
-## -h: hour, e.g. '2h' for 2 hours
-## -m: minute, e.g. '5m' for 5 minutes
-## -s: second, e.g. '30s' for 30 seconds
-##
-## Default: 5s
-auth.http.timeout = 5s
-
-## Connection time-out time, used during the initial request,
-## when the client is connecting to the server.
-##
-## Value: Duration
-## -h: hour, e.g. '2h' for 2 hours
-## -m: minute, e.g. '5m' for 5 minutes
-## -s: second, e.g. '30s' for 30 seconds
-##
-## Default: 5s
-auth.http.connect_timeout = 5s
-
-## Connection process pool size
-##
-## Value: Number
-auth.http.pool_size = 32
-
-##------------------------------------------------------------------------------
-## SSL options
-
-## Path to the file containing PEM-encoded CA certificates. The CA certificates
-## are used during server authentication and when building the client certificate chain.
-##
-## Value: File
-## auth.http.ssl.cacertfile = "{{ platform_etc_dir }}/certs/ca.pem"
-
-## The path to a file containing the client's certificate.
-##
-## Value: File
-## auth.http.ssl.certfile = "{{ platform_etc_dir }}/certs/client-cert.pem"
-
-## Path to a file containing the client's private PEM-encoded key.
-##
-## Value: File
-## auth.http.ssl.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem"
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-## auth.http.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.http.auth_req.url` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.http.ssl.server_name_indication = disable
diff --git a/apps/emqx_auth_http/include/emqx_auth_http.hrl b/apps/emqx_auth_http/include/emqx_auth_http.hrl
deleted file mode 100644
index 9c1216357..000000000
--- a/apps/emqx_auth_http/include/emqx_auth_http.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
-
--define(APP, emqx_auth_http).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_http/priv/emqx_auth_http.schema b/apps/emqx_auth_http/priv/emqx_auth_http.schema
deleted file mode 100644
index b248c7dc7..000000000
--- a/apps/emqx_auth_http/priv/emqx_auth_http.schema
+++ /dev/null
@@ -1,131 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_http config mapping
-{mapping, "auth.http.auth_req.url", "emqx_auth_http.auth_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.auth_req.method", "emqx_auth_http.auth_req", [
-  {default, post},
-  {datatype, {enum, [post, get]}}
-]}.
-
-{mapping, "auth.http.auth_req.headers.$field", "emqx_auth_http.auth_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.auth_req.params", "emqx_auth_http.auth_req", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_http.auth_req", fun(Conf) ->
-  case cuttlefish:conf_get("auth.http.auth_req.url", Conf, undefined) of
-    undefined -> cuttlefish:unset();
-    Url ->
-      Headers = cuttlefish_variable:filter_by_prefix("auth.http.auth_req.headers", Conf),
-      Params = cuttlefish:conf_get("auth.http.auth_req.params", Conf),
-      [{url, Url},
-       {method, cuttlefish:conf_get("auth.http.auth_req.method", Conf)},
-       {headers, [{K, V} || {[_, _, _, _, K], V} <- Headers]},
-       {params, [list_to_tuple(string:tokens(S, "=")) || S <- string:tokens(Params, ",")]}]
-  end
-end}.
-
-{mapping, "auth.http.super_req.url", "emqx_auth_http.super_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.super_req.method", "emqx_auth_http.super_req", [
-  {default, post},
-  {datatype, {enum, [post, get]}}
-]}.
-
-{mapping, "auth.http.super_req.headers.$field", "emqx_auth_http.super_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.super_req.params", "emqx_auth_http.super_req", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_http.super_req", fun(Conf) ->
-  case cuttlefish:conf_get("auth.http.super_req.url", Conf, undefined) of
-    undefined -> cuttlefish:unset();
-    Url ->
-      Headers = cuttlefish_variable:filter_by_prefix("auth.http.super_req.headers", Conf),
-      Params = cuttlefish:conf_get("auth.http.super_req.params", Conf),
-      [{url, Url},
-       {method, cuttlefish:conf_get("auth.http.super_req.method", Conf)},
-       {headers, [{K, V} || {[_, _, _, _, K], V} <- Headers]},
-       {params, [list_to_tuple(string:tokens(S, "=")) || S <- string:tokens(Params, ",")]}]
-  end
-end}.
-
-%% @doc URL for ACL checks. Example: http://127.0.0.1:80/mqtt/acl
-%% ACL checks are disabled for this plugin if this config is
-%% commented out from the config file, or when the overriding
-%% environment variable is set to empty string.
-{mapping, "auth.http.acl_req.url", "emqx_auth_http.acl_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.acl_req.method", "emqx_auth_http.acl_req", [
-  {default, post},
-  {datatype, {enum, [post, get]}}
-]}.
-
-{mapping, "auth.http.acl_req.headers.$field", "emqx_auth_http.acl_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.acl_req.params", "emqx_auth_http.acl_req", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_http.acl_req", fun(Conf) ->
-  case cuttlefish:conf_get("auth.http.acl_req.url", Conf, undefined) of
-    undefined -> cuttlefish:unset();
-    Url ->
-      Headers = cuttlefish_variable:filter_by_prefix("auth.http.acl_req.headers", Conf),
-      Params = cuttlefish:conf_get("auth.http.acl_req.params", Conf),
-      [{url, Url},
-       {method, cuttlefish:conf_get("auth.http.acl_req.method", Conf)},
-       {headers, [{K, V} || {[_, _, _, _, K], V} <- Headers]},
-       {params, [list_to_tuple(string:tokens(S, "=")) || S <- string:tokens(Params, ",")]}]
-  end
-end}.
-
-{mapping, "auth.http.timeout", "emqx_auth_http.timeout", [
-  {default, "5s"},
-  {datatype, [integer, {duration, ms}]}
-]}.
-
-{mapping, "auth.http.connect_timeout", "emqx_auth_http.connect_timeout", [
-  {default, "5s"},
-  {datatype, [integer, {duration, ms}]}
-]}.
-
-{mapping, "auth.http.pool_size", "emqx_auth_http.pool_size", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.http.ssl.cacertfile", "emqx_auth_http.cacertfile", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.ssl.certfile", "emqx_auth_http.certfile", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.ssl.keyfile", "emqx_auth_http.keyfile", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.ssl.verify", "emqx_auth_http.verify", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.http.ssl.server_name_indication", "emqx_auth_http.server_name_indication", [
-  {datatype, string}
-]}.
diff --git a/apps/emqx_auth_http/rebar.config b/apps/emqx_auth_http/rebar.config
deleted file mode 100644
index 01c0f4209..000000000
--- a/apps/emqx_auth_http/rebar.config
+++ /dev/null
@@ -1,26 +0,0 @@
-{deps, []}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
-{profiles,
- [{test,
-   [{deps,
-     [
-      {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "v1.2.2"}}}
-     ]}
-   ]}
- ]}.
diff --git a/apps/emqx_auth_http/src/emqx_acl_http.erl b/apps/emqx_auth_http/src/emqx_acl_http.erl
deleted file mode 100644
index aa98759b0..000000000
--- a/apps/emqx_auth_http/src/emqx_acl_http.erl
+++ /dev/null
@@ -1,88 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_http).
-
--include("emqx_auth_http.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--logger_header("[ACL http]").
-
--import(emqx_auth_http_cli,
-        [ request/6
-        , feedvar/2
-        ]).
-
-%% ACL callbacks
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-%%--------------------------------------------------------------------
-%% ACL callbacks
-%%--------------------------------------------------------------------
-
-check_acl(ClientInfo, PubSub, Topic, AclResult, Params) ->
-    return_with(fun inc_metrics/1,
-                do_check_acl(ClientInfo, PubSub, Topic, AclResult, Params)).
-
-do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Params) ->
-    ok;
-do_check_acl(ClientInfo, PubSub, Topic, _AclResult, #{acl := ACLParams = #{path := Path}}) ->
-    ClientInfo1 = ClientInfo#{access => access(PubSub), topic => Topic},
-    case check_acl_request(ACLParams, ClientInfo1) of
-        {ok, 200, <<"ignore">>} -> ok;
-        {ok, 200, _Body}    -> {stop, allow};
-        {ok, _Code, _Body}  -> {stop, deny};
-        {error, Error}      ->
-            ?LOG(error, "Request ACL path ~s, error: ~p", [Path, Error]),
-            ok
-    end.
-
-description() -> "ACL with HTTP API".
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-inc_metrics(ok) ->
-    emqx_metrics:inc(?ACL_METRICS(ignore));
-inc_metrics({stop, allow}) ->
-    emqx_metrics:inc(?ACL_METRICS(allow));
-inc_metrics({stop, deny}) ->
-    emqx_metrics:inc(?ACL_METRICS(deny)).
-
-return_with(Fun, Result) ->
-    Fun(Result), Result.
-
-check_acl_request(#{pool_name := PoolName,
-                    path := Path,
-                    method := Method,
-                    headers := Headers,
-                    params := Params,
-                    timeout := Timeout}, ClientInfo) ->
-    request(PoolName, Method, Path, Headers, feedvar(Params, ClientInfo), Timeout).
-
-access(subscribe) -> 1;
-access(publish)   -> 2.
-
diff --git a/apps/emqx_auth_http/src/emqx_auth_http.app.src b/apps/emqx_auth_http/src/emqx_auth_http.app.src
deleted file mode 100644
index b2c3221e6..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_http,
- [{description, "EMQ X Authentication/ACL with HTTP API"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_http_sup]},
-  {applications, [kernel,stdlib,ehttpc]},
-  {mod, {emqx_auth_http_app, []}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-http"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_http/src/emqx_auth_http.erl b/apps/emqx_auth_http/src/emqx_auth_http.erl
deleted file mode 100644
index aba0a5d8d..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http.erl
+++ /dev/null
@@ -1,112 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_http).
-
--include("emqx_auth_http.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("emqx/include/types.hrl").
-
--logger_header("[Auth http]").
-
--import(emqx_auth_http_cli,
-        [ request/6
-        , feedvar/2
-        ]).
-
-%% Callbacks
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo, AuthResult, #{auth  := AuthParms = #{path := Path},
-                                super := SuperParams}) ->
-    case authenticate(AuthParms, ClientInfo) of
-        {ok, 200, <<"ignore">>} ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore)), ok;
-        {ok, 200, Body}  ->
-            emqx_metrics:inc(?AUTH_METRICS(success)),
-            IsSuperuser = is_superuser(SuperParams, ClientInfo),
-            {stop, AuthResult#{is_superuser => IsSuperuser,
-                                auth_result => success,
-                                anonymous   => false,
-                                mountpoint  => mountpoint(Body, ClientInfo)}};
-        {ok, Code, _Body} ->
-            ?LOG(error, "Deny connection from path: ~s, response http code: ~p",
-                 [Path, Code]),
-            emqx_metrics:inc(?AUTH_METRICS(failure)),
-            {stop, AuthResult#{auth_result => http_to_connack_error(Code),
-                               anonymous   => false}};
-        {error, Error} ->
-            ?LOG(error, "Request auth path: ~s, error: ~p", [Path, Error]),
-            emqx_metrics:inc(?AUTH_METRICS(failure)),
-            %%FIXME later: server_unavailable is not right.
-            {stop, AuthResult#{auth_result => server_unavailable,
-                               anonymous   => false}}
-    end.
-
-description() -> "Authentication by HTTP API".
-
-%%--------------------------------------------------------------------
-%% Requests
-%%--------------------------------------------------------------------
-
-authenticate(#{pool_name := PoolName,
-               path := Path,
-               method := Method,
-               headers := Headers,
-               params := Params,
-               timeout := Timeout}, ClientInfo) ->
-   request(PoolName, Method, Path, Headers, feedvar(Params, ClientInfo), Timeout).
-
--spec(is_superuser(maybe(map()), emqx_types:client()) -> boolean()).
-is_superuser(undefined, _ClientInfo) ->
-    false;
-is_superuser(#{pool_name := PoolName,
-               path := Path,
-               method := Method,
-               headers := Headers,
-               params := Params,
-               timeout := Timeout}, ClientInfo) ->
-    case request(PoolName, Method, Path, Headers, feedvar(Params, ClientInfo), Timeout) of
-        {ok, 200, _Body}   -> true;
-        {ok, _Code, _Body} -> false;
-        {error, Error}     -> ?LOG(error, "Request superuser path ~s, error: ~p", [Path, Error]),
-                              false
-    end.
-
-mountpoint(Body, #{mountpoint := Mountpoint}) ->
-    case emqx_json:safe_decode(Body, [return_maps]) of
-        {error, _} -> Mountpoint;
-        {ok, Json} when is_map(Json) ->
-            maps:get(<<"mountpoint">>, Json, Mountpoint);
-        {ok, _NotMap} -> Mountpoint
-    end.
-
-http_to_connack_error(400) -> bad_username_or_password;
-http_to_connack_error(401) -> bad_username_or_password;
-http_to_connack_error(403) -> not_authorized;
-http_to_connack_error(429) -> banned;
-http_to_connack_error(503) -> server_unavailable;
-http_to_connack_error(504) -> server_busy;
-http_to_connack_error(_) -> server_unavailable.
diff --git a/apps/emqx_auth_http/src/emqx_auth_http_app.erl b/apps/emqx_auth_http/src/emqx_auth_http_app.erl
deleted file mode 100644
index 7d4781f7c..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http_app.erl
+++ /dev/null
@@ -1,158 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_http_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_http.hrl").
-
--export([ start/2
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application Callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_http_sup:start_link(),
-    translate_env(),
-    load_hooks(),
-    {ok, Sup}.
-
-stop(_State) ->
-    unload_hooks().
-
-%%--------------------------------------------------------------------
-%% Internel functions
-%%--------------------------------------------------------------------
-
-translate_env() ->
-    lists:foreach(fun translate_env/1, [auth_req, super_req, acl_req]).
-
-translate_env(EnvName) ->
-    case application:get_env(?APP, EnvName) of
-        undefined -> ok;
-        {ok, Req} ->
-            {ok, PoolSize} = application:get_env(?APP, pool_size),
-            {ok, ConnectTimeout} = application:get_env(?APP, connect_timeout),
-            URL = proplists:get_value(url, Req),
-            {ok, #{host := Host,
-                   path := Path0,
-                   port := Port,
-                   scheme := Scheme}} = emqx_http_lib:uri_parse(URL),
-            Path = path(Path0),
-            MoreOpts = case Scheme of
-                        http ->
-                            [{transport_opts, emqx_misc:ipv6_probe([])}];
-                        https ->
-                            CACertFile = application:get_env(?APP, cacertfile, undefined),
-                            CertFile = application:get_env(?APP, certfile, undefined),
-                            KeyFile = application:get_env(?APP, keyfile, undefined),
-                            Verify = case application:get_env(?APP, verify, fasle) of
-                                         true -> verify_peer;
-                                         false -> verify_none
-                                     end,
-                            SNI = case application:get_env(?APP, server_name_indication, undefined) of
-                                    "disable" -> disable;
-                                    SNI0 -> SNI0
-                                  end,
-                            TLSOpts = lists:filter(
-                                        fun({_, V}) ->
-                                            V =/= <<>> andalso V =/= undefined
-                                        end, [{keyfile, KeyFile},
-                                              {certfile, CertFile},
-                                              {cacertfile, CACertFile},
-                                              {verify, Verify},
-                                              {server_name_indication, SNI}]),
-                            NTLSOpts = [ {versions, emqx_tls_lib:default_versions()}
-                                       , {ciphers, emqx_tls_lib:default_ciphers()}
-                                       | TLSOpts
-                                       ],
-                            [{transport, ssl}, {transport_opts, emqx_misc:ipv6_probe(NTLSOpts)}]
-                        end,
-            PoolOpts = [{host, Host},
-                        {port, Port},
-                        {pool_size, PoolSize},
-                        {pool_type, random},
-                        {connect_timeout, ConnectTimeout},
-                        {retry, 5},
-                        {retry_timeout, 1000}] ++ MoreOpts,
-            Method = proplists:get_value(method, Req),
-            Headers = proplists:get_value(headers, Req),
-            NHeaders = ensure_content_type_header(Method, emqx_http_lib:normalise_headers(Headers)),
-            NReq = lists:keydelete(headers, 1, Req),
-            {ok, Timeout} = application:get_env(?APP, timeout),
-            application:set_env(?APP, EnvName, [{path, Path},
-                                                {headers, NHeaders},
-                                                {timeout, Timeout},
-                                                {pool_name, list_to_atom("emqx_auth_http/" ++ atom_to_list(EnvName))},
-                                                {pool_opts, PoolOpts} | NReq])
-    end.
-
-load_hooks() ->
-    case application:get_env(?APP, auth_req) of
-        undefined -> ok;
-        {ok, AuthReq} ->
-            ok = emqx_auth_http:register_metrics(),
-            PoolOpts = proplists:get_value(pool_opts, AuthReq),
-            PoolName = proplists:get_value(pool_name, AuthReq),
-            {ok, _} = ehttpc_sup:start_pool(PoolName, PoolOpts),
-            case application:get_env(?APP, super_req) of
-                undefined ->
-                    emqx_hooks:put('client.authenticate', {emqx_auth_http, check, [#{auth => maps:from_list(AuthReq),
-                                                                                     super => undefined}]});
-                {ok, SuperReq} ->
-                    PoolOpts1 = proplists:get_value(pool_opts, SuperReq),
-                    PoolName1 = proplists:get_value(pool_name, SuperReq),
-                    {ok, _} = ehttpc_sup:start_pool(PoolName1, PoolOpts1),
-                    emqx_hooks:put('client.authenticate', {emqx_auth_http, check, [#{auth => maps:from_list(AuthReq),
-                                                                                     super => maps:from_list(SuperReq)}]})
-            end
-    end,
-    case application:get_env(?APP, acl_req) of
-        undefined -> ok;
-        {ok, ACLReq} ->
-            ok = emqx_acl_http:register_metrics(),
-            PoolOpts2 = proplists:get_value(pool_opts, ACLReq),
-            PoolName2 = proplists:get_value(pool_name, ACLReq),
-            {ok, _} = ehttpc_sup:start_pool(PoolName2, PoolOpts2),
-            emqx_hooks:put('client.check_acl', {emqx_acl_http, check_acl, [#{acl => maps:from_list(ACLReq)}]})
-    end,
-    ok.
-
-unload_hooks() ->
-    emqx:unhook('client.authenticate', {emqx_auth_http, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_http, check_acl}),
-    _ = ehttpc_sup:stop_pool('emqx_auth_http/auth_req'),
-    _ = ehttpc_sup:stop_pool('emqx_auth_http/super_req'),
-    _ = ehttpc_sup:stop_pool('emqx_auth_http/acl_req'),
-    ok.
-
-ensure_content_type_header(Method, Headers)
-  when Method =:= post orelse Method =:= put ->
-    Headers;
-ensure_content_type_header(_Method, Headers) ->
-    lists:keydelete("content-type", 1, Headers).
-
-path("") ->
-    "/";
-path(Path) ->
-    Path.
-
diff --git a/apps/emqx_auth_http/src/emqx_auth_http_cli.erl b/apps/emqx_auth_http/src/emqx_auth_http_cli.erl
deleted file mode 100644
index 979ac475d..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http_cli.erl
+++ /dev/null
@@ -1,92 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_http_cli).
-
--include("emqx_auth_http.hrl").
-
--export([ request/6
-        , feedvar/2
-        , feedvar/3
-        ]).
-
-%%--------------------------------------------------------------------
-%% HTTP Request
-%%--------------------------------------------------------------------
-
-request(PoolName, get, Path, Headers, Params, Timeout) ->
-    NewPath = Path ++ "?" ++ binary_to_list(cow_qs:qs(bin_kw(Params))),
-    reply(ehttpc:request(ehttpc_pool:pick_worker(PoolName), get, {NewPath, Headers}, Timeout));
-
-request(PoolName, post, Path, Headers, Params, Timeout) ->
-    Body = case proplists:get_value("content-type", Headers) of
-               "application/x-www-form-urlencoded" ->
-                   cow_qs:qs(bin_kw(Params));
-               "application/json" -> 
-                   emqx_json:encode(bin_kw(Params))
-           end,
-    reply(ehttpc:request(ehttpc_pool:pick_worker(PoolName), post, {Path, Headers, Body}, Timeout)).
-
-reply({ok, StatusCode, _Headers}) ->
-    {ok, StatusCode, <<>>};
-reply({ok, StatusCode, _Headers, Body}) ->
-    {ok, StatusCode, Body};
-reply({error, Reason}) ->
-    {error, Reason}.
-
-%% TODO: move this conversion to cuttlefish config and schema
-bin_kw(KeywordList) when is_list(KeywordList) ->
-    [{bin(K), bin(V)} || {K, V} <- KeywordList].
-
-bin(Atom) when is_atom(Atom) ->
-    list_to_binary(atom_to_list(Atom));
-bin(Int) when is_integer(Int) ->
-    integer_to_binary(Int);
-bin(Float) when is_float(Float) ->
-    float_to_binary(Float, [{decimals, 12}, compact]);
-bin(List) when is_list(List)->
-    list_to_binary(List);
-bin(Binary) when is_binary(Binary) ->
-    Binary.
-
-%%--------------------------------------------------------------------
-%% Feed Variables
-%%--------------------------------------------------------------------
-
-feedvar(Params, ClientInfo = #{clientid := ClientId,
-                               protocol := Protocol,
-                               peerhost := Peerhost}) ->
-    lists:map(fun({Param, "%u"}) -> {Param, maps:get(username, ClientInfo, null)};
-                 ({Param, "%c"}) -> {Param, ClientId};
-                 ({Param, "%r"}) -> {Param, Protocol};
-                 ({Param, "%a"}) -> {Param, inet:ntoa(Peerhost)};
-                 ({Param, "%P"}) -> {Param, maps:get(password, ClientInfo, null)};
-                 ({Param, "%p"}) -> {Param, maps:get(sockport, ClientInfo, null)};
-                 ({Param, "%C"}) -> {Param, maps:get(cn, ClientInfo, null)};
-                 ({Param, "%d"}) -> {Param, maps:get(dn, ClientInfo, null)};
-                 ({Param, "%A"}) -> {Param, maps:get(access, ClientInfo, null)};
-                 ({Param, "%t"}) -> {Param, maps:get(topic, ClientInfo, null)};
-                 ({Param, "%m"}) -> {Param, maps:get(mountpoint, ClientInfo, null)};
-                 ({Param, Var})  -> {Param, Var}
-              end, Params).
-
-feedvar(Params, Var, Val) ->
-    lists:map(fun({Param, Var0}) when Var0 == Var ->
-                      {Param, Val};
-                 ({Param, Var0}) ->
-                      {Param, Var0}
-              end, Params).
-
diff --git a/apps/emqx_auth_http/src/emqx_auth_http_sup.erl b/apps/emqx_auth_http/src/emqx_auth_http_sup.erl
deleted file mode 100644
index 798a8a92e..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http_sup.erl
+++ /dev/null
@@ -1,29 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_http_sup).
-
--behaviour(supervisor).
-
--export([start_link/0]).
-
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    {ok, {{one_for_all, 0, 1}, []}}.
diff --git a/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl b/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl
deleted file mode 100644
index ef692e886..000000000
--- a/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl
+++ /dev/null
@@ -1,257 +0,0 @@
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-
--module(emqx_auth_http_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("common_test/include/ct.hrl").
--include_lib("eunit/include/eunit.hrl").
-
--define(APP, emqx_auth_http).
-
--define(USER(ClientId, Username, Protocol, Peerhost, Zone),
-        #{clientid => ClientId, username => Username, protocol => Protocol,
-          peerhost => Peerhost, zone => Zone}).
-
--define(USER(ClientId, Username, Protocol, Peerhost, Zone, Mountpoint),
-        #{clientid => ClientId, username => Username, protocol => Protocol,
-          peerhost => Peerhost, zone => Zone, mountpoint => Mountpoint}).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    [
-     {group, http_inet},
-     {group, http_inet6},
-     {group, https_inet},
-     {group, https_inet6},
-     pub_sub_no_acl,
-     no_hook_if_config_unset
-    ].
-
-groups() ->
-    Cases = emqx_ct:all(?MODULE),
-    [{Name, Cases} || Name <- [http_inet, http_inet6, https_inet, https_inet6]].
-
-init_per_group(GrpName, Cfg) ->
-    [Scheme, Inet] = [list_to_atom(X) || X <- string:tokens(atom_to_list(GrpName), "_")],
-    ok = setup(Scheme, Inet),
-    Cfg.
-
-end_per_group(_GrpName, _Cfg) ->
-    teardown().
-
-init_per_testcase(pub_sub_no_acl, Cfg) ->
-    Scheme = http,
-    Inet = inet,
-    http_auth_server:start(Scheme, Inet),
-    Fun = fun(App) -> set_special_configs(App, Scheme, Inet, no_acl) end,
-    emqx_ct_helpers:start_apps([emqx_auth_http], Fun),
-    ?assert(is_hooked('client.authenticate')),
-    ?assertNot(is_hooked('client.check_acl')),
-    Cfg;
-init_per_testcase(no_hook_if_config_unset, Cfg) ->
-    setup(http, inet),
-    Cfg;
-init_per_testcase(_, Cfg) ->
-    %% init per group
-    Cfg.
-
-end_per_testcase(pub_sub_no_acl, _Cfg) ->
-    teardown();
-end_per_testcase(no_hook_if_config_unset, _Cfg) ->
-    teardown();
-end_per_testcase(_, _Cfg) ->
-    %% teardown per group
-    ok.
-
-setup(Scheme, Inet) ->
-    http_auth_server:start(Scheme, Inet),
-    Fun = fun(App) -> set_special_configs(App, Scheme, Inet, normal) end,
-    emqx_ct_helpers:start_apps([emqx_auth_http], Fun),
-    ?assert(is_hooked('client.authenticate')),
-    ?assert(is_hooked('client.check_acl')).
-
-teardown() ->
-    http_auth_server:stop(),
-    application:stop(emqx_auth_http),
-    ?assertNot(is_hooked('client.authenticate')),
-    ?assertNot(is_hooked('client.check_acl')),
-    emqx_ct_helpers:stop_apps([emqx]).
-
-set_special_configs(emqx, _Scheme, _Inet, _AuthConfig) ->
-    application:set_env(emqx, allow_anonymous, true),
-    application:set_env(emqx, enable_acl_cache, false),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(emqx_auth_http, Scheme, Inet, PluginConfig) ->
-    [application:unset_env(?APP, Par) || Par <- [acl_req, auth_req]],
-    ServerAddr = http_server(Scheme, Inet),
-
-    AuthReq = #{method => get,
-                url => ServerAddr ++ "/mqtt/auth",
-                headers => [{"content-type", "application/json"}],
-                params => [{"clientid", "%c"}, {"username", "%u"}, {"password", "%P"}]},
-    SuperReq = #{method => post,
-                 url => ServerAddr ++ "/mqtt/superuser",
-                 headers => [{"content-type", "application/json"}],
-                 params => [{"clientid", "%c"}, {"username", "%u"}]},
-    AclReq = #{method => post,
-               url => ServerAddr ++ "/mqtt/acl",
-               headers => [{"content-type", "application/json"}],
-               params => [{"access", "%A"}, {"username", "%u"}, {"clientid", "%c"}, {"ipaddr", "%a"}, {"topic", "%t"}, {"mountpoint", "%m"}]},
-
-    Scheme =:= https andalso set_https_client_opts(),
-
-    application:set_env(emqx_auth_http, auth_req, maps:to_list(AuthReq)),
-    application:set_env(emqx_auth_http, super_req, maps:to_list(SuperReq)),
-    case PluginConfig of
-        normal -> ok = application:set_env(emqx_auth_http, acl_req, maps:to_list(AclReq));
-        no_acl -> ok
-    end.
-
-%% @private
-set_https_client_opts() ->
-    SSLOpt = emqx_ct_helpers:client_ssl_twoway(),
-    application:set_env(emqx_auth_http, cacertfile, proplists:get_value(cacertfile, SSLOpt, undefined)),
-    application:set_env(emqx_auth_http, certfile, proplists:get_value(certfile, SSLOpt, undefined)),
-    application:set_env(emqx_auth_http, keyfile, proplists:get_value(keyfile, SSLOpt, undefined)),
-    application:set_env(emqx_auth_http, verify, true),
-    application:set_env(emqx_auth_http, server_name_indication, "disable").
-
-%% @private
-http_server(http, inet) -> "http://127.0.0.1:8991"; % ipv4
-http_server(http, inet6) -> "http://localhost:8991"; % test hostname resolution
-http_server(https, inet) -> "https://localhost:8991"; % test hostname resolution
-http_server(https, inet6) -> "https://[::1]:8991". % ipv6
-
-%%------------------------------------------------------------------------------
-%% Testcases
-%%------------------------------------------------------------------------------
-
-t_check_acl(Cfg) when is_list(Cfg) ->
-    SuperUser = ?USER(<<"superclient">>, <<"superuser">>, mqtt, {127,0,0,1}, external),
-    deny = emqx_access_control:check_acl(SuperUser, subscribe, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(SuperUser, publish, <<"anytopic">>),
-
-    User1 = ?USER(<<"client1">>, <<"testuser">>, mqtt, {127,0,0,1}, external),
-    UnIpUser1 = ?USER(<<"client1">>, <<"testuser">>, mqtt, {192,168,0,4}, external),
-    UnClientIdUser1 = ?USER(<<"unkonwc">>, <<"testuser">>, mqtt, {127,0,0,1}, external),
-    UnnameUser1= ?USER(<<"client1">>, <<"unuser">>, mqtt, {127,0,0,1}, external),
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(User1, publish, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(UnIpUser1, subscribe, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(UnClientIdUser1, subscribe, <<"users/testuser/1">>),
-    deny  = emqx_access_control:check_acl(UnnameUser1, subscribe, <<"$SYS/testuser/1">>),
-
-    User2 = ?USER(<<"client2">>, <<"xyz">>, mqtt, {127,0,0,1}, external),
-    UserC = ?USER(<<"client2">>, <<"xyz">>, mqtt, {192,168,1,3}, external),
-    allow = emqx_access_control:check_acl(UserC, publish, <<"a/b/c">>),
-    deny = emqx_access_control:check_acl(User2, publish, <<"a/b/c">>),
-    deny  = emqx_access_control:check_acl(User2, subscribe, <<"$SYS/testuser/1">>).
-
-t_check_auth(Cfg) when is_list(Cfg) ->
-    User1 = ?USER(<<"client1">>, <<"testuser1">>, mqtt, {127,0,0,1}, external, undefined),
-    User2 = ?USER(<<"client2">>, <<"testuser2">>, mqtt, {127,0,0,1}, exteneral, undefined),
-    User3 = ?USER(<<"client3">>, undefined, mqtt, {127,0,0,1}, exteneral, undefined),
-
-    {ok, #{auth_result := success,
-           anonymous := false,
-           is_superuser := false}} = emqx_access_control:authenticate(User1#{password => <<"pass1">>}),
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User1#{password => <<"pass">>}),
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User1#{password => <<>>}),
-
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(User2#{password => <<"pass2">>}),
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User2#{password => <<>>}),
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User2#{password => <<"errorpwd">>}),
-
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User3#{password => <<"pwd">>}).
-
-pub_sub_no_acl(Cfg) when is_list(Cfg) ->
-    {ok, T1} = emqtt:start_link([{host, "localhost"},
-                                 {clientid, <<"client1">>},
-                                 {username, <<"testuser1">>},
-                                 {password, <<"pass1">>}]),
-    {ok, _} = emqtt:connect(T1),
-    emqtt:publish(T1, <<"topic">>, <<"body">>, [{qos, 0}, {retain, true}]),
-    timer:sleep(1000),
-    {ok, T2} = emqtt:start_link([{host, "localhost"},
-                                 {clientid, <<"client2">>},
-                                 {username, <<"testuser2">>},
-                                 {password, <<"pass2">>}]),
-    {ok, _} = emqtt:connect(T2),
-    emqtt:subscribe(T2, <<"topic">>),
-    receive
-        {publish, _Topic, Payload} ->
-            ?assertEqual(<<"body">>, Payload)
-        after 1000 -> false end,
-    emqtt:disconnect(T1),
-    emqtt:disconnect(T2).
-
-t_pub_sub(Cfg) when is_list(Cfg) ->
-    {ok, T1} = emqtt:start_link([{host, "localhost"},
-                                 {clientid, <<"client1">>},
-                                 {username, <<"testuser1">>},
-                                 {password, <<"pass1">>}]),
-    {ok, _} = emqtt:connect(T1),
-    emqtt:publish(T1, <<"topic">>, <<"body">>, [{qos, 0}, {retain, true}]),
-    timer:sleep(1000),
-    {ok, T2} = emqtt:start_link([{host, "localhost"},
-                                 {clientid, <<"client2">>},
-                                 {username, <<"testuser2">>},
-                                 {password, <<"pass2">>}]),
-    {ok, _} = emqtt:connect(T2),
-    emqtt:subscribe(T2, <<"topic">>),
-    receive
-        {publish, _Topic, Payload} ->
-            ?assertEqual(<<"body">>, Payload)
-        after 1000 -> false end,
-    emqtt:disconnect(T1),
-    emqtt:disconnect(T2).
-
-no_hook_if_config_unset(Cfg) when is_list(Cfg) ->
-    ?assert(is_hooked('client.authenticate')),
-    ?assert(is_hooked('client.check_acl')),
-    application:stop(?APP),
-    [application:unset_env(?APP, Par) || Par <- [acl_req, auth_req]],
-    application:start(?APP),
-    ?assertEqual([], emqx_hooks:lookup('client.authenticate')),
-    ?assertNot(is_hooked('client.authenticate')),
-    ?assertNot(is_hooked('client.check_acl')).
-
-is_hooked(HookName) ->
-    Callbacks = emqx_hooks:lookup(HookName),
-    F = fun(Callback) ->
-                case emqx_hooks:callback_action(Callback) of
-                    {emqx_auth_http, check, _} ->
-                        'client.authenticate' = HookName, % assert
-                        true;
-                    {emqx_acl_http, check_acl, _} ->
-                        'client.check_acl' = HookName, % assert
-                        true;
-                    _ ->
-                        false
-                end
-        end,
-    case lists:filter(F, Callbacks) of
-        [_] -> true;
-        [] -> false
-    end.
diff --git a/apps/emqx_auth_http/test/http_auth_server.erl b/apps/emqx_auth_http/test/http_auth_server.erl
deleted file mode 100644
index 54c4d38b3..000000000
--- a/apps/emqx_auth_http/test/http_auth_server.erl
+++ /dev/null
@@ -1,152 +0,0 @@
--module(http_auth_server).
-
--export([ start/2
-        , stop/0
-        ]).
-
--define(SUPERUSER, [[{"username", "superuser"}, {"clientid", "superclient"}]]).
-
--define(ACL, [[{<<"username">>, <<"testuser">>},
-               {<<"clientid">>, <<"client1">>},
-               {<<"access">>, <<"1">>},
-               {<<"topic">>, <<"users/testuser/1">>},
-               {<<"ipaddr">>, <<"127.0.0.1">>},
-               {<<"mountpoint">>, <<"null">>}],
-              [{<<"username">>, <<"xyz">>},
-               {<<"clientid">>, <<"client2">>},
-               {<<"access">>, <<"2">>},
-               {<<"topic">>, <<"a/b/c">>},
-               {<<"ipaddr">>, <<"192.168.1.3">>},
-               {<<"mountpoint">>, <<"null">>}],
-              [{<<"username">>, <<"testuser1">>},
-               {<<"clientid">>, <<"client1">>},
-               {<<"access">>, <<"2">>},
-               {<<"topic">>, <<"topic">>},
-               {<<"ipaddr">>, <<"127.0.0.1">>},
-               {<<"mountpoint">>, <<"null">>}],
-              [{<<"username">>, <<"testuser2">>},
-               {<<"clientid">>, <<"client2">>},
-               {<<"access">>, <<"1">>},
-               {<<"topic">>, <<"topic">>},
-               {<<"ipaddr">>, <<"127.0.0.1">>},
-               {<<"mountpoint">>, <<"null">>}]]).
-
--define(AUTH, [[{<<"clientid">>, <<"client1">>},
-                {<<"username">>, <<"testuser1">>},
-                {<<"password">>, <<"pass1">>}],
-               [{<<"clientid">>, <<"client2">>},
-                {<<"username">>, <<"testuser2">>},
-                {<<"password">>, <<"pass2">>}]]).
-
-%%------------------------------------------------------------------------------
-%% REST Interface
-%%------------------------------------------------------------------------------
-
--rest_api(#{ name   => auth
-           , method => 'GET'
-           , path   => "/mqtt/auth"
-           , func   => authenticate
-           , descr  => "Authenticate user access permission"
-           }).
-
--rest_api(#{ name   => is_superuser
-           , method => 'GET'
-           , path   => "/mqtt/superuser"
-           , func   => is_superuser
-           , descr  => "Is super user"
-           }).
-
--rest_api(#{ name   => acl
-           , method => 'GET'
-           , path   => "/mqtt/acl"
-           , func   => check_acl
-           , descr  => "Check acl"
-           }).
-
--rest_api(#{ name   => auth
-           , method => 'POST'
-           , path   => "/mqtt/auth"
-           , func   => authenticate
-           , descr  => "Authenticate user access permission"
-           }).
-
--rest_api(#{ name   => is_superuser
-           , method => 'POST'
-           , path   => "/mqtt/superuser"
-           , func   => is_superuser
-           , descr  => "Is super user"
-           }).
-
--rest_api(#{ name   => acl
-           , method => 'POST'
-           , path   => "/mqtt/acl"
-           , func   => check_acl
-           , descr  => "Check acl"
-           }).
-
--export([ authenticate/2
-        , is_superuser/2
-        , check_acl/2
-        ]).
-
-authenticate(_Binding, Params) ->
-    return(check(Params, ?AUTH)).
-
-is_superuser(_Binding, Params) ->
-    return(check(Params, ?SUPERUSER)).
-
-check_acl(_Binding, Params) ->
-    return(check(Params, ?ACL)).
-
-return(allow) -> {200, <<"allow">>};
-return(deny) -> {400, <<"deny">>}.
-
-start(http, Inet) ->
-    application:ensure_all_started(minirest),
-    Handlers = [{"/", minirest:handler(#{modules => [?MODULE]})}],
-    Dispatch = [{"/[...]", minirest, Handlers}],
-    minirest:start_http(http_auth_server, #{socket_opts => [Inet, {port, 8991}]}, Dispatch);
-
-start(https, Inet) ->
-    application:ensure_all_started(minirest),
-    Handlers = [{"/", minirest:handler(#{modules => [?MODULE]})}],
-    Dispatch = [{"/[...]", minirest, Handlers}],
-    minirest:start_https(http_auth_server, #{socket_opts => [Inet, {port, 8991} | certopts()]}, Dispatch).
-
-%% @private
-certopts() ->
-    Certfile = filename:join(["etc", "certs", "cert.pem"]),
-    Keyfile = filename:join(["etc", "certs", "key.pem"]),
-    CaCert = filename:join(["etc", "certs", "cacert.pem"]),
-    [{verify, verify_peer},
-     {certfile, emqx_ct_helpers:deps_path(emqx, Certfile)},
-     {keyfile, emqx_ct_helpers:deps_path(emqx, Keyfile)},
-     {cacertfile, emqx_ct_helpers:deps_path(emqx, CaCert)}] ++ emqx_ct_helpers:client_ssl().
-
-stop() ->
-    minirest:stop_http(http_auth_server).
-
--spec check(HttpReqParams :: list(), DefinedConf :: list()) -> allow | deny.
-check(_Params, []) ->
-    %ct:pal("check auth_result: deny~n"),
-    deny;
-check(Params, [ConfRecord|T]) ->
-    % ct:pal("Params: ~p, ConfRecord:~p ~n", [Params, ConfRecord]),
-    case match_config(Params, ConfRecord) of
-        not_match ->
-            check(Params, T);
-        matched -> allow
-     end.
-
-match_config([], _ConfigColumn) ->
-    %ct:pal("match_config auth_result: matched~n"),
-    matched;
-
-match_config([Param|T], ConfigColumn) ->
-    %ct:pal("Param: ~p, ConfigColumn:~p ~n", [Param, ConfigColumn]),
-    case lists:member(Param, ConfigColumn) of
-        true ->
-            match_config(T, ConfigColumn);
-        false ->
-           not_match
-    end.
diff --git a/apps/emqx_auth_jwt/.gitignore b/apps/emqx_auth_jwt/.gitignore
deleted file mode 100644
index 62e4fbb25..000000000
--- a/apps/emqx_auth_jwt/.gitignore
+++ /dev/null
@@ -1,28 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_jwt.d
-data/
-.DS_Store
-cover/
-ct.coverdata
-eunit.coverdata
-logs/
-test/ct.cover.spec
-emq_auth_jwt.d
-erlang.mk
-_build/
-rebar.lock
-rebar3.crashdump
-etc/emqx_auth_jwt.conf.rendered
-.rebar3/
-*.swp
-Mnesia.nonode@nohost/
diff --git a/apps/emqx_auth_jwt/README.md b/apps/emqx_auth_jwt/README.md
deleted file mode 100644
index 9675ae87c..000000000
--- a/apps/emqx_auth_jwt/README.md
+++ /dev/null
@@ -1,90 +0,0 @@
-
-# emqx-auth-jwt
-
-EMQ X JWT Authentication Plugin
-
-Build
------
-
-```
-make && make tests
-```
-
-Configure the Plugin
---------------------
-
-File: etc/plugins/emqx_auth_jwt.conf
-
-```
-## HMAC Hash Secret.
-##
-## Value: String
-auth.jwt.secret = emqxsecret
-
-## From where the JWT string can be got
-##
-## Value: username | password
-## Default: password
-auth.jwt.from = password
-
-## RSA or ECDSA public key file.
-##
-## Value: File
-## auth.jwt.pubkey = etc/certs/jwt_public_key.pem
-
-## Enable to verify claims fields
-##
-## Value: on | off
-auth.jwt.verify_claims = off
-
-## The checklist of claims to validate
-##
-## Value: String
-## auth.jwt.verify_claims.$name = expected
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-# auth.jwt.verify_claims.username = %u
-```
-
-Load the Plugin
----------------
-
-```
-./bin/emqx_ctl plugins load emqx_auth_jwt
-```
-
-Example
--------
-
-```
-mosquitto_pub -t 'pub' -m 'hello' -i test -u test -P eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiYm9iIiwiYWdlIjoyOX0.bIV_ZQ8D5nQi0LT8AVkpM4Pd6wmlbpR9S8nOLJAsA8o
-```
-
-Algorithms
-----------
-
-The JWT spec supports several algorithms for cryptographic signing. This plugin currently supports:
-
-* HS256 - HMAC using SHA-256 hash algorithm
-* HS384 - HMAC using SHA-384 hash algorithm
-* HS512 - HMAC using SHA-512 hash algorithm
-
-* RS256 - RSA with the SHA-256 hash algorithm
-* RS384 - RSA with the SHA-384 hash algorithm
-* RS512 - RSA with the SHA-512 hash algorithm
-
-* ES256 - ECDSA using the P-256 curve
-* ES384 - ECDSA using the P-384 curve
-* ES512 - ECDSA using the P-512 curve
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
diff --git a/apps/emqx_auth_jwt/TODO.md b/apps/emqx_auth_jwt/TODO.md
deleted file mode 100644
index dfd730e0a..000000000
--- a/apps/emqx_auth_jwt/TODO.md
+++ /dev/null
@@ -1,2 +0,0 @@
-1. Notice for the [Critical vulnerabilities in JSON Web Token](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/)
-
diff --git a/apps/emqx_auth_jwt/doc/hmac-vs-ecdsa-for-jwt.txt b/apps/emqx_auth_jwt/doc/hmac-vs-ecdsa-for-jwt.txt
deleted file mode 100644
index 88fa5ebde..000000000
--- a/apps/emqx_auth_jwt/doc/hmac-vs-ecdsa-for-jwt.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-
-https://crypto.stackexchange.com/questions/30657/hmac-vs-ecdsa-for-jwt
-
diff --git a/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf b/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf
deleted file mode 100644
index e0e6d48dd..000000000
--- a/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-##--------------------------------------------------------------------
-## JWT Auth Plugin
-##--------------------------------------------------------------------
-
-## HMAC Hash Secret.
-##
-## Value: String
-auth.jwt.secret = emqxsecret
-
-## RSA or ECDSA public key file.
-##
-## Value: File
-#auth.jwt.pubkey = "etc/certs/jwt_public_key.pem"
-
-## The JWKs server address
-##
-## see: http://self-issued.info/docs/draft-ietf-jose-json-web-key.html
-##
-#auth.jwt.jwks.endpoint = "https://127.0.0.1:8080/jwks"
-
-## The JWKs refresh interval
-##
-## Value: Duration
-#auth.jwt.jwks.refresh_interval = 5m
-
-## From where the JWT string can be got
-##
-## Value: username | password
-## Default: password
-auth.jwt.from = password
-
-## Enable to verify claims fields
-##
-## Value: on | off
-auth.jwt.verify_claims.enable = off
-
-## The checklist of claims to validate
-##
-## Configuration format: auth.jwt.verify_claims.$name = $expected
-##   - $name: the name of the field in the JWT payload to be verified
-##   - $expected: the expected value
-##
-## The available placeholders for $expected:
-##   - %u: username
-##   - %c: clientid
-##
-## For example, to verify that the username in the JWT payload is the same
-## as the client (MQTT protocol) username
-#auth.jwt.verify_claims.username = "%u"
\ No newline at end of file
diff --git a/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema b/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema
deleted file mode 100644
index 10b2daa5e..000000000
--- a/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema
+++ /dev/null
@@ -1,49 +0,0 @@
-%%-*- mode: erlang -*-
-
-{mapping, "auth.jwt.secret", "emqx_auth_jwt.secret", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.jwt.jwks.endpoint", "emqx_auth_jwt.jwks", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.jwt.jwks.refresh_interval", "emqx_auth_jwt.refresh_interval", [
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "auth.jwt.from", "emqx_auth_jwt.from", [
-  {default, password},
-  {datatype, atom}
-]}.
-
-{mapping, "auth.jwt.pubkey", "emqx_auth_jwt.pubkey", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.jwt.signature_format", "emqx_auth_jwt.jwerl_opts", [
-  {default, "der"},
-  {datatype, {enum, [raw, der]}}
-]}.
-
-{mapping, "auth.jwt.verify_claims.enable", "emqx_auth_jwt.verify_claims", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.jwt.verify_claims.$name", "emqx_auth_jwt.verify_claims", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_jwt.verify_claims", fun(Conf) ->
-    case cuttlefish:conf_get("auth.jwt.verify_claims.enable", Conf) of
-        false -> cuttlefish:unset();
-        true ->
-            lists:foldr(
-              fun({["auth","jwt","verify_claims", Name], Value}, Acc) ->
-                      [{list_to_atom(Name), list_to_binary(Value)} | Acc];
-                 ({["auth","jwt","verify_claims"], _Value}, Acc) ->
-                      Acc
-              end, [], cuttlefish_variable:filter_by_prefix("auth.jwt.verify_claims", Conf))
-   end
-end}.
diff --git a/apps/emqx_auth_jwt/rebar.config b/apps/emqx_auth_jwt/rebar.config
deleted file mode 100644
index 3ec554950..000000000
--- a/apps/emqx_auth_jwt/rebar.config
+++ /dev/null
@@ -1,25 +0,0 @@
-{deps,
- [
-  {jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.1"}}}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
-{profiles,
- [{test,
-   [{deps, []}
-   ]}
- ]}.
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src
deleted file mode 100644
index 7d784e3b2..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_jwt,
- [{description, "EMQ X Authentication with JWT"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_jwt_sup]},
-  {applications, [kernel,stdlib,jose]},
-  {mod, {emqx_auth_jwt_app, []}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-jwt"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
deleted file mode 100644
index b9831bb6f..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
+++ /dev/null
@@ -1,15 +0,0 @@
-%% -*-: erlang -*-
-{VSN,
- [
-    {"4.3.0", [
-      {load_module, emqx_auth_jwt_svr, brutal_purge, soft_purge, []}
-    ]},
-    {<<".*">>, []}
- ],
- [
-    {"4.3.0", [
-      {load_module, emqx_auth_jwt_svr, brutal_purge, soft_purge, []}
-    ]},
-    {<<".*">>, []}
- ]
-}.
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
deleted file mode 100644
index ba37eac2b..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
+++ /dev/null
@@ -1,99 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_jwt).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--logger_header("[JWT]").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-%%--------------------------------------------------------------------
-%% Authentication callbacks
-%%--------------------------------------------------------------------
-
-check(ClientInfo, AuthResult, #{pid := Pid,
-                                from := From,
-                                checklists := Checklists}) ->
-    case maps:find(From, ClientInfo) of
-        error ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {ok, undefined} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {ok, Token} ->
-            case emqx_auth_jwt_svr:verify(Pid, Token) of
-                {error, not_found} ->
-                    ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-                {error, not_token} ->
-                    ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-                {error, Reason} ->
-                    ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-                    {stop, AuthResult#{auth_result => Reason, anonymous => false}};
-                {ok, Claims} ->
-                    {stop, maps:merge(AuthResult, verify_claims(Checklists, Claims, ClientInfo))}
-            end
-    end.
-
-description() -> "Authentication with JWT".
-
-%%------------------------------------------------------------------------------
-%% Verify Claims
-%%--------------------------------------------------------------------
-
-verify_claims(Checklists, Claims, ClientInfo) ->
-    case do_verify_claims(feedvar(Checklists, ClientInfo), Claims) of
-        {error, Reason} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-            #{auth_result => Reason, anonymous => false};
-        ok ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(success)),
-            #{auth_result => success, anonymous => false, jwt_claims => Claims}
-    end.
-
-do_verify_claims([], _Claims) ->
-    ok;
-do_verify_claims([{Key, Expected} | L], Claims) ->
-    case maps:get(Key, Claims, undefined) =:= Expected of
-        true -> do_verify_claims(L, Claims);
-        false -> {error, {verify_claim_failed, Key}}
-    end.
-
-feedvar(Checklists, #{username := Username, clientid := ClientId}) ->
-    lists:map(fun({K, <<"%u">>}) -> {K, Username};
-                 ({K, <<"%c">>}) -> {K, ClientId};
-                 ({K, Expected}) -> {K, Expected}
-              end, Checklists).
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl
deleted file mode 100644
index e501b0af4..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl
+++ /dev/null
@@ -1,81 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_jwt_app).
-
--behaviour(application).
-
--behaviour(supervisor).
-
--emqx_plugin(auth).
-
--export([start/2, stop/1]).
-
--export([init/1]).
-
--define(APP, emqx_auth_jwt).
-
-start(_Type, _Args) ->
-    {ok, Sup} = supervisor:start_link({local, ?MODULE}, ?MODULE, []),
-
-    {ok, Pid} = start_auth_server(jwks_svr_options()),
-    ok = emqx_auth_jwt:register_metrics(),
-    AuthEnv0 = auth_env(),
-    AuthEnv1 = AuthEnv0#{pid => Pid},
-
-    _ = emqx:hook('client.authenticate', {emqx_auth_jwt, check, [AuthEnv1]}),
-    {ok, Sup, AuthEnv1}.
-
-stop(AuthEnv) ->
-    emqx:unhook('client.authenticate', {emqx_auth_jwt, check, [AuthEnv]}).
-
-%%--------------------------------------------------------------------
-%% Dummy supervisor
-%%--------------------------------------------------------------------
-
-init([]) ->
-    {ok, {{one_for_all, 1, 10}, []}}.
-
-start_auth_server(Options) ->
-    Spec = #{id => jwt_svr,
-             start => {emqx_auth_jwt_svr, start_link, [Options]},
-             restart => permanent,
-             shutdown => brutal_kill,
-             type => worker,
-             modules => [emqx_auth_jwt_svr]},
-    supervisor:start_child(?MODULE, Spec).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-auth_env() ->
-    Checklists = [{atom_to_binary(K, utf8), V}
-                  || {K, V} <- env(verify_claims, [])],
-    #{ from => env(from, password)
-     , checklists => Checklists
-     }.
-
-jwks_svr_options() ->
-    [{K, V} || {K, V}
-             <- [{secret, env(secret, undefined)},
-                 {pubkey, env(pubkey, undefined)},
-                 {jwks_addr, env(jwks, undefined)},
-                 {interval, env(refresh_interval, undefined)}],
-             V /= undefined].
-
-env(Key, Default) ->
-    application:get_env(?APP, Key, Default).
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
deleted file mode 100644
index b9d19bf57..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
+++ /dev/null
@@ -1,224 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_jwt_svr).
-
--behaviour(gen_server).
-
--include_lib("emqx/include/logger.hrl").
--include_lib("jose/include/jose_jwk.hrl").
-
--logger_header("[JWT-SVR]").
-
-%% APIs
--export([start_link/1]).
-
--export([verify/2]).
-
-%% gen_server callbacks
--export([ init/1
-        , handle_call/3
-        , handle_cast/2
-        , handle_info/2
-        , terminate/2
-        , code_change/3
-        ]).
-
--type options() :: [option()].
--type option() :: {secret, list()}
-                | {pubkey, list()}
-                | {jwks_addr, list()}
-                | {interval, pos_integer()}.
-
--define(INTERVAL, 300000).
-
--record(state, {static, remote, addr, tref, intv}).
-
-%%--------------------------------------------------------------------
-%% APIs
-%%--------------------------------------------------------------------
-
--spec start_link(options()) -> gen_server:start_ret().
-start_link(Options) ->
-    gen_server:start_link(?MODULE, [Options], []).
-
--spec verify(pid(), binary())
-    -> {error, term()}
-     | {ok, Payload :: map()}.
-verify(S, JwsCompacted) when is_binary(JwsCompacted) ->
-    case catch jose_jws:peek(JwsCompacted) of
-        {'EXIT', _} -> {error, not_token};
-        _ -> gen_server:call(S, {verify, JwsCompacted})
-    end.
-
-%%--------------------------------------------------------------------
-%% gen_server callbacks
-%%--------------------------------------------------------------------
-
-init([Options]) ->
-    ok = jose:json_module(jiffy),
-    {Static, Remote} = do_init_jwks(Options),
-    Intv = proplists:get_value(interval, Options, ?INTERVAL),
-    {ok, reset_timer(
-           #state{
-              static = Static,
-              remote = Remote,
-              addr = proplists:get_value(jwks_addr, Options),
-              intv = Intv})}.
-
-%% @private
-do_init_jwks(Options) ->
-    K2J = fun(K, F) ->
-              case proplists:get_value(K, Options) of
-                  undefined -> undefined;
-                  V ->
-                     try F(V) of
-                         {error, Reason} ->
-                             ?LOG(warning, "Build ~p JWK ~p failed: {error, ~p}~n",
-                                  [K, V, Reason]),
-                             undefined;
-                         J -> J
-                     catch T:R:_ ->
-                         ?LOG(warning, "Build ~p JWK ~p failed: {~p, ~p}~n",
-                              [K, V, T, R]),
-                         undefined
-                     end
-              end
-          end,
-    OctJwk = K2J(secret, fun(V) ->
-                             jose_jwk:from_oct(list_to_binary(V))
-                         end),
-    PemJwk = K2J(pubkey, fun jose_jwk:from_pem_file/1),
-    Remote = K2J(jwks_addr, fun request_jwks/1),
-    {[J ||J <- [OctJwk, PemJwk], J /= undefined], Remote}.
-
-handle_call({verify, JwsCompacted}, _From, State) ->
-    handle_verify(JwsCompacted, State);
-
-handle_call(_Req, _From, State) ->
-    {reply, ok, State}.
-
-handle_cast(_Msg, State) ->
-    {noreply, State}.
-
-handle_info({timeout, _TRef, refresh}, State = #state{addr = Addr}) ->
-    NState = try
-                 State#state{remote = request_jwks(Addr)}
-             catch _:_ ->
-                 State
-             end,
-    {noreply, reset_timer(NState)};
-
-handle_info(_Info, State) ->
-    {noreply, State}.
-
-terminate(_Reason, State) ->
-    _ = cancel_timer(State),
-    ok.
-
-code_change(_OldVsn, State, _Extra) ->
-    {ok, State}.
-
-%%--------------------------------------------------------------------
-%% Internal funcs
-%%--------------------------------------------------------------------
-
-handle_verify(JwsCompacted,
-              State = #state{static = Static, remote = Remote}) ->
-    try
-        Jwks = case emqx_json:decode(jose_jws:peek_protected(JwsCompacted), [return_maps]) of
-                   #{<<"kid">> := Kid} when Remote /= undefined ->
-                       [J || J <- Remote, maps:get(<<"kid">>, J#jose_jwk.fields, undefined) =:= Kid];
-                   _ -> Static
-               end,
-        case Jwks of
-            [] -> {reply, {error, not_found}, State};
-            _ ->
-                {reply, do_verify(JwsCompacted, Jwks), State}
-        end
-    catch
-        Class : Reason : Stk ->
-            ?LOG(error, "Handle JWK crashed: ~p, ~p, stacktrace: ~p~n",
-                        [Class, Reason, Stk]),
-            {reply, {error, invalid_signature}, State}
-    end.
-
-request_jwks(Addr) ->
-    case httpc:request(get, {Addr, []}, [], [{body_format, binary}]) of
-        {error, Reason} ->
-            error(Reason);
-        {ok, {_Code, _Headers, Body}} ->
-            try
-                JwkSet = jose_jwk:from(emqx_json:decode(Body, [return_maps])),
-                {_, Jwks} = JwkSet#jose_jwk.keys, Jwks
-            catch _:_ ->
-                ?LOG(error, "Invalid jwks server response: ~p~n", [Body]),
-                error(badarg)
-            end
-    end.
-
-reset_timer(State = #state{addr = undefined}) ->
-    State;
-reset_timer(State = #state{intv = Intv}) ->
-    State#state{tref = erlang:start_timer(Intv, self(), refresh)}.
-
-cancel_timer(State = #state{tref = undefined}) ->
-    State;
-cancel_timer(State = #state{tref = TRef}) ->
-    _ = erlang:cancel_timer(TRef),
-    State#state{tref = undefined}.
-
-do_verify(_JwsCompated, []) ->
-    {error, invalid_signature};
-do_verify(JwsCompacted, [Jwk|More]) ->
-    case jose_jws:verify(Jwk, JwsCompacted) of
-        {true, Payload, _Jws} ->
-            Claims = emqx_json:decode(Payload, [return_maps]),
-            case check_claims(Claims) of
-                {false, <<"exp">>} ->
-                    {error, {invalid_signature, expired}};
-                NClaims ->
-                    {ok, NClaims}
-            end;
-        {false, _, _} ->
-            do_verify(JwsCompacted, More)
-    end.
-
-check_claims(Claims) ->
-    Now = os:system_time(seconds),
-    Checker = [{<<"exp">>, fun(ExpireTime) ->
-                               Now < ExpireTime
-                           end},
-               {<<"iat">>, fun(IssueAt) ->
-                               IssueAt =< Now
-                           end},
-               {<<"nbf">>, fun(NotBefore) ->
-                               NotBefore =< Now
-                           end}
-              ],
-    do_check_claim(Checker, Claims).
-
-do_check_claim([], Claims) ->
-    Claims;
-do_check_claim([{K, F}|More], Claims) ->
-    case maps:take(K, Claims) of
-        error -> do_check_claim(More, Claims);
-        {V, NClaims} ->
-            case F(V) of
-                true -> do_check_claim(More, NClaims);
-                _ -> {false, K}
-            end
-    end.
diff --git a/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl b/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl
deleted file mode 100644
index d4f562b6f..000000000
--- a/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl
+++ /dev/null
@@ -1,166 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_jwt_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--define(APP, emqx_auth_jwt).
-
-all() ->
-    [{group, emqx_auth_jwt}].
-
-groups() ->
-    [{emqx_auth_jwt, [sequence], [ t_check_auth
-                                 , t_check_claims
-                                 , t_check_claims_clientid
-                                 , t_check_claims_username
-                                 , t_check_claims_kid_in_header
-                                 ]}
-    ].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_auth_jwt], fun set_special_configs/1),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_auth_jwt]).
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, enable_acl_cache, false),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    AclFilePath = filename:join(["test", "emqx_SUITE_data", "acl.conf"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath)),
-    application:set_env(emqx, acl_file,
-                        emqx_ct_helpers:deps_path(emqx, AclFilePath));
-
-set_special_configs(emqx_auth_jwt) ->
-    application:set_env(emqx_auth_jwt, secret, "emqxsecret"),
-    application:set_env(emqx_auth_jwt, from, password);
-
-set_special_configs(_) ->
-    ok.
-
-sign(Payload, Header, Key) when is_map(Header) ->
-    Jwk = jose_jwk:from_oct(Key),
-    Jwt = emqx_json:encode(Payload),
-    {_, Token} = jose_jws:compact(jose_jwt:sign(Jwk, Header, Jwt)),
-    Token;
-
-sign(Payload, Alg, Key) ->
-    Jwk = jose_jwk:from_oct(Key),
-    Jwt = emqx_json:encode(Payload),
-    {_, Token} = jose_jws:compact(jose_jwt:sign(Jwk, #{<<"alg">> => Alg}, Jwt)),
-    Token.
-
-%%------------------------------------------------------------------------------
-%% Testcases
-%%------------------------------------------------------------------------------
-
-t_check_auth(_) ->
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{clientid, <<"client1">>},
-                {username, <<"plain">>},
-                {exp, os:system_time(seconds) + 3}], <<"HS256">>, <<"emqxsecret">>),
-    ct:pal("Jwt: ~p~n", [Jwt]),
-
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := #{<<"clientid">> := <<"client1">>}}}, Result0),
-
-    ct:sleep(3100),
-    Result1 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result after 1000ms: ~p~n", [Result1]),
-    ?assertMatch({error, _}, Result1),
-
-    Jwt_Error = sign([{client_id, <<"client1">>},
-                      {username, <<"plain">>}], <<"HS256">>, <<"secret">>),
-    ct:pal("invalid jwt: ~p~n", [Jwt_Error]),
-    Result2 = emqx_access_control:authenticate(Plain#{password => Jwt_Error}),
-    ct:pal("Auth result for the invalid jwt: ~p~n", [Result2]),
-    ?assertEqual({error, invalid_signature}, Result2),
-    ?assertMatch({error, _}, emqx_access_control:authenticate(Plain#{password => <<"asd">>})).
-
-t_check_claims(_) ->
-    application:set_env(emqx_auth_jwt, verify_claims, [{sub, <<"value">>}]),
-    application:stop(emqx_auth_jwt), application:start(emqx_auth_jwt),
-
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{client_id, <<"client1">>},
-                {username, <<"plain">>},
-                {sub, value},
-                {exp, os:system_time(seconds) + 3}], <<"HS256">>, <<"emqxsecret">>),
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result0),
-    Jwt_Error = sign([{clientid, <<"client1">>},
-                       {username, <<"plain">>}], <<"HS256">>, <<"secret">>),
-    Result2 = emqx_access_control:authenticate(Plain#{password => Jwt_Error}),
-    ct:pal("Auth result for the invalid jwt: ~p~n", [Result2]),
-    ?assertEqual({error, invalid_signature}, Result2).
-
-t_check_claims_clientid(_) ->
-    application:set_env(emqx_auth_jwt, verify_claims, [{clientid, <<"%c">>}]),
-    application:stop(emqx_auth_jwt), application:start(emqx_auth_jwt),
-    Plain = #{clientid => <<"client23">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{clientid, <<"client23">>},
-                {username, <<"plain">>},
-                {exp, os:system_time(seconds) + 3}], <<"HS256">>, <<"emqxsecret">>),
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result0),
-    Jwt_Error = sign([{clientid, <<"client1">>},
-                      {username, <<"plain">>}], <<"HS256">>, <<"secret">>),
-    Result2 = emqx_access_control:authenticate(Plain#{password => Jwt_Error}),
-    ct:pal("Auth result for the invalid jwt: ~p~n", [Result2]),
-    ?assertEqual({error, invalid_signature}, Result2).
-
-t_check_claims_username(_) ->
-    application:set_env(emqx_auth_jwt, verify_claims, [{username, <<"%u">>}]),
-    application:stop(emqx_auth_jwt), application:start(emqx_auth_jwt),
-
-    Plain = #{clientid => <<"client23">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{client_id, <<"client23">>},
-                {username, <<"plain">>},
-                {exp, os:system_time(seconds) + 3}], <<"HS256">>, <<"emqxsecret">>),
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result0),
-    Jwt_Error = sign([{clientid, <<"client1">>},
-                      {username, <<"plain">>}], <<"HS256">>, <<"secret">>),
-    Result3 = emqx_access_control:authenticate(Plain#{password => Jwt_Error}),
-    ct:pal("Auth result for the invalid jwt: ~p~n", [Result3]),
-    ?assertEqual({error, invalid_signature}, Result3).
-
-t_check_claims_kid_in_header(_) ->
-    application:set_env(emqx_auth_jwt, verify_claims, []),
-    Plain = #{clientid => <<"client23">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{clientid, <<"client23">>},
-                {username, <<"plain">>},
-                {exp, os:system_time(seconds) + 3}],
-               #{<<"alg">> => <<"HS256">>,
-                 <<"kid">> => <<"a_kid_str">>}, <<"emqxsecret">>),
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result0).
diff --git a/apps/emqx_auth_ldap/.gitignore b/apps/emqx_auth_ldap/.gitignore
deleted file mode 100644
index eb8f0639f..000000000
--- a/apps/emqx_auth_ldap/.gitignore
+++ /dev/null
@@ -1,25 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_ldap.d
-data/
-cover/
-ct.coverdata
-eunit.coverdata
-logs/
-test/ct.cover.spec
-.DS_Store
-_build/
-rebar.lock
-erlang.mk
-rebar3.crashdump
-.rebar3/
-etc/emqx_auth_ldap.conf.rendered
diff --git a/apps/emqx_auth_ldap/README.md b/apps/emqx_auth_ldap/README.md
deleted file mode 100644
index c4d56c839..000000000
--- a/apps/emqx_auth_ldap/README.md
+++ /dev/null
@@ -1,96 +0,0 @@
-emqx_auth_ldap
-==============
-
-EMQ X LDAP Authentication Plugin
-
-Build
------
-
-```
-make
-```
-
-Load the Plugin
----------------
-
-```
-# ./bin/emqx_ctl plugins load emqx_auth_ldap
-```
-
-Generate Password
----------------
-
-```
-slappasswd -h '{ssha}' -s public
-```
-
-Configuration Open LDAP
------------------------
-
-vim /etc/openldap/slapd.conf
-
-```
-include         /etc/openldap/schema/core.schema
-include         /etc/openldap/schema/cosine.schema
-include         /etc/openldap/schema/inetorgperson.schema
-include         /etc/openldap/schema/ppolicy.schema
-include         /etc/openldap/schema/emqx.schema
-
-database bdb
-suffix "dc=emqx,dc=io"
-rootdn "cn=root,dc=emqx,dc=io"
-rootpw {SSHA}eoF7NhNrejVYYyGHqnt+MdKNBh4r1w3W
-
-directory       /etc/openldap/data
-```
-
-If the ldap launched with error below:
-```
-Unrecognized database type (bdb)
-5c4a72b9 slapd.conf: line 7: <database> failed init (bdb)
-slapadd: bad configuration file!
-```
-
-Insert lines to the slapd.conf
-```
-modulepath /usr/lib/ldap
-moduleload back_bdb.la
-```
-
-Import EMQX User Data
-----------------------
-
-Use ldapadd
-```
-# ldapadd -x -D "cn=root,dc=emqx,dc=io" -w public -f emqx.com.ldif
-```
-
-Use slapadd
-```
-# sudo slapadd -l schema/emqx.io.ldif -f slapd.conf
-```
-
-Launch slapd
-```
-# sudo slapd -d 3
-```
-
-Test
------
-After configure slapd correctly and launch slapd successfully.
-You could execute
-
-``` bash
-# make tests
-```
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_ldap/emqx.io.ldif b/apps/emqx_auth_ldap/emqx.io.ldif
deleted file mode 100644
index f9833cd88..000000000
--- a/apps/emqx_auth_ldap/emqx.io.ldif
+++ /dev/null
@@ -1,135 +0,0 @@
-## create emqx.io
-
-dn:dc=emqx,dc=io
-objectclass: top
-objectclass: dcobject
-objectclass: organization
-dc:emqx
-o:emqx,Inc.
-
-# create testdevice.emqx.io
-dn:ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectclass:organizationalUnit
-ou:testdevice
-
-# create user admin
-dn:uid=admin,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: simpleSecurityObject
-objectClass: account
-userPassword:: e1NIQX1XNnBoNU1tNVB6OEdnaVVMYlBnekczN21qOWc9
-uid: admin
-
-## create user=mqttuser0001,
-#         password=mqttuser0001,
-#         passhash={SHA}mlb3fat40MKBTXUVZwCKmL73R/0=
-#         base64passhash=e1NIQX1tbGIzZmF0NDBNS0JUWFVWWndDS21MNzNSLzA9
-dn:uid=mqttuser0001,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0001
-isEnabled: TRUE
-mqttAccountName: user1
-mqttPublishTopic: mqttuser0001/pub/1
-mqttPublishTopic: mqttuser0001/pub/+
-mqttPublishTopic: mqttuser0001/pub/#
-mqttSubscriptionTopic: mqttuser0001/sub/1
-mqttSubscriptionTopic: mqttuser0001/sub/+
-mqttSubscriptionTopic: mqttuser0001/sub/#
-mqttPubSubTopic: mqttuser0001/pubsub/1
-mqttPubSubTopic: mqttuser0001/pubsub/+
-mqttPubSubTopic: mqttuser0001/pubsub/#
-userPassword:: e1NIQX1tbGIzZmF0NDBNS0JUWFVWWndDS21MNzNSLzA9
-
-## create user=mqttuser0002
-#         password=mqttuser0002,
-#         passhash={SSHA}n9XdtoG4Q/TQ3TQF4Y+khJbMBH4qXj4M
-#         base64passhash=e1NTSEF9bjlYZHRvRzRRL1RRM1RRRjRZK2toSmJNQkg0cVhqNE0=
-dn:uid=mqttuser0002,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0002
-isEnabled: TRUE
-mqttAccountName: user2
-mqttPublishTopic: mqttuser0002/pub/1
-mqttPublishTopic: mqttuser0002/pub/+
-mqttPublishTopic: mqttuser0002/pub/#
-mqttSubscriptionTopic: mqttuser0002/sub/1
-mqttSubscriptionTopic: mqttuser0002/sub/+
-mqttSubscriptionTopic: mqttuser0002/sub/#
-mqttPubSubTopic: mqttuser0002/pubsub/1
-mqttPubSubTopic: mqttuser0002/pubsub/+
-mqttPubSubTopic: mqttuser0002/pubsub/#
-userPassword:: e1NTSEF9bjlYZHRvRzRRL1RRM1RRRjRZK2toSmJNQkg0cVhqNE0=
-
-## create user mqttuser0003
-#         password=mqttuser0003,
-#         passhash={MD5}ybsPGoaK3nDyiQvveiCOIw==
-#         base64passhash=e01ENX15YnNQR29hSzNuRHlpUXZ2ZWlDT0l3PT0=
-dn:uid=mqttuser0003,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0003
-isEnabled: TRUE
-mqttPublishTopic: mqttuser0003/pub/1
-mqttPublishTopic: mqttuser0003/pub/+
-mqttPublishTopic: mqttuser0003/pub/#
-mqttSubscriptionTopic: mqttuser0003/sub/1
-mqttSubscriptionTopic: mqttuser0003/sub/+
-mqttSubscriptionTopic: mqttuser0003/sub/#
-mqttPubSubTopic: mqttuser0003/pubsub/1
-mqttPubSubTopic: mqttuser0003/pubsub/+
-mqttPubSubTopic: mqttuser0003/pubsub/#
-userPassword:: e01ENX15YnNQR29hSzNuRHlpUXZ2ZWlDT0l3PT0=
-
-## create user mqttuser0004
-#         password=mqttuser0004,
-#         passhash={MD5}2Br6pPDSEDIEvUlu9+s+MA==
-#         base64passhash=e01ENX0yQnI2cFBEU0VESUV2VWx1OStzK01BPT0=
-dn:uid=mqttuser0004,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0004
-isEnabled: TRUE
-mqttPublishTopic: mqttuser0004/pub/1
-mqttPublishTopic: mqttuser0004/pub/+
-mqttPublishTopic: mqttuser0004/pub/#
-mqttSubscriptionTopic: mqttuser0004/sub/1
-mqttSubscriptionTopic: mqttuser0004/sub/+
-mqttSubscriptionTopic: mqttuser0004/sub/#
-mqttPubSubTopic: mqttuser0004/pubsub/1
-mqttPubSubTopic: mqttuser0004/pubsub/+
-mqttPubSubTopic: mqttuser0004/pubsub/#
-userPassword: {MD5}2Br6pPDSEDIEvUlu9+s+MA==
-
-## create user mqttuser0005
-#         password=mqttuser0005,
-#         passhash={SHA}jKnxeEDGR14kE8AR7yuVFOelhz4=
-#         base64passhash=e1NIQX1qS254ZUVER1IxNGtFOEFSN3l1VkZPZWxoejQ9
-objectClass: top
-dn:uid=mqttuser0005,ou=testdevice,dc=emqx,dc=io
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0005
-isEnabled: TRUE
-mqttPublishTopic: mqttuser0005/pub/1
-mqttPublishTopic: mqttuser0005/pub/+
-mqttPublishTopic: mqttuser0005/pub/#
-mqttSubscriptionTopic: mqttuser0005/sub/1
-mqttSubscriptionTopic: mqttuser0005/sub/+
-mqttSubscriptionTopic: mqttuser0005/sub/#
-mqttPubSubTopic: mqttuser0005/pubsub/1
-mqttPubSubTopic: mqttuser0005/pubsub/+
-mqttPubSubTopic: mqttuser0005/pubsub/#
-userPassword: {SHA}jKnxeEDGR14kE8AR7yuVFOelhz4=
-
diff --git a/apps/emqx_auth_ldap/emqx.schema b/apps/emqx_auth_ldap/emqx.schema
deleted file mode 100644
index 55f92269b..000000000
--- a/apps/emqx_auth_ldap/emqx.schema
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-# Preliminary Apple OS X Native LDAP Schema
-# This file is subject to change.
-#
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.1.3 NAME 'isEnabled'
-	EQUALITY booleanMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.1 NAME ( 'mqttPublishTopic' 'mpt' )
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.2 NAME ( 'mqttSubscriptionTopic' 'mst' )
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.3 NAME ( 'mqttPubSubTopic' 'mpst' )
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.4 NAME ( 'mqttAccountName' 'man' )
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-
-
-objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4 NAME 'mqttUser'
-	AUXILIARY
-	MAY ( mqttPublishTopic $ mqttSubscriptionTopic $ mqttPubSubTopic $ mqttAccountName) )
-
-objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.2 NAME 'mqttDevice'
-	SUP top
-	STRUCTURAL
-	MUST ( uid )
-	MAY ( isEnabled ) )
-
-objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.3 NAME 'mqttSecurity'
-	SUP top
-	AUXILIARY
-	MAY ( userPassword $ userPKCS12 $ pwdAttribute $ pwdLockout ) )
diff --git a/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf b/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
deleted file mode 100644
index b457229e3..000000000
--- a/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
+++ /dev/null
@@ -1,76 +0,0 @@
-##--------------------------------------------------------------------
-## LDAP Auth Plugin
-##--------------------------------------------------------------------
-
-## LDAP server list, seperated by ','.
-##
-## Value: String
-auth.ldap.servers = "127.0.0.1"
-
-## LDAP server port.
-##
-## Value: Port
-auth.ldap.port = 389
-
-## LDAP pool size
-##
-## Value: String
-auth.ldap.pool = 8
-
-## LDAP Bind DN.
-##
-## Value: DN
-auth.ldap.bind_dn = "cn=root,dc=emqx,dc=io"
-
-## LDAP Bind Password.
-##
-## Value: String
-auth.ldap.bind_password = public
-
-## LDAP query timeout.
-##
-## Value: Number
-auth.ldap.timeout = 30s
-
-## Device DN.
-##
-## Variables:
-##
-## Value: DN
-auth.ldap.device_dn = "ou=device,dc=emqx,dc=io"
-
-## Specified ObjectClass
-##
-## Variables:
-##
-## Value: string
-auth.ldap.match_objectclass = mqttUser
-
-## attributetype for username
-##
-## Variables:
-##
-## Value: string
-auth.ldap.username.attributetype = uid
-
-## attributetype for password
-##
-## Variables:
-##
-## Value: string
-auth.ldap.password.attributetype = userPassword
-
-## Whether to enable SSL.
-##
-## Value: true | false
-auth.ldap.ssl.enable = false
-
-#auth.ldap.ssl.certfile = "etc/certs/cert.pem"
-
-#auth.ldap.ssl.keyfile = "etc/certs/key.pem"
-
-#auth.ldap.ssl.cacertfile = "etc/certs/cacert.pem"
-
-#auth.ldap.ssl.verify = "verify_peer"
-
-#auth.ldap.ssl.server_name_indication = your_server_name
diff --git a/apps/emqx_auth_ldap/include/emqx_auth_ldap.hrl b/apps/emqx_auth_ldap/include/emqx_auth_ldap.hrl
deleted file mode 100644
index 8950c0ec8..000000000
--- a/apps/emqx_auth_ldap/include/emqx_auth_ldap.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
-
--define(APP, emqx_auth_ldap).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema b/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema
deleted file mode 100644
index f9c3bf16b..000000000
--- a/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema
+++ /dev/null
@@ -1,174 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_ldap config mapping
-
-{mapping, "auth.ldap.servers", "emqx_auth_ldap.ldap", [
-  {default, "127.0.0.1"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.port", "emqx_auth_ldap.ldap", [
-  {default, 389},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.ldap.pool", "emqx_auth_ldap.ldap", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.ldap.bind_dn", "emqx_auth_ldap.ldap", [
-  {datatype, string},
-  {default, "cn=root,dc=emqx,dc=io"}
-]}.
-
-{mapping, "auth.ldap.bind_password", "emqx_auth_ldap.ldap", [
-  {datatype, string},
-  {default, "public"}
-]}.
-
-{mapping, "auth.ldap.timeout", "emqx_auth_ldap.ldap", [
-  {default, "30s"},
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "auth.ldap.ssl.enable", "emqx_auth_ldap.ldap", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.ldap.ssl.certfile", "emqx_auth_ldap.ldap", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.ssl.keyfile", "emqx_auth_ldap.ldap", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.ssl.cacertfile", "emqx_auth_ldap.ldap", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.ssl.verify", "emqx_auth_ldap.ldap", [
-  {default, verify_none},
-  {datatype, {enum, [verify_none, verify_peer]}}
-]}.
-
-{mapping, "auth.ldap.ssl.server_name_indication", "emqx_auth_ldap.ldap", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_ldap.ldap", fun(Conf) ->
-    A2N = fun(A) -> case inet:parse_address(A) of {ok, N} -> N; _ -> A end end,
-    Servers = [A2N(A) || A <- string:tokens(cuttlefish:conf_get("auth.ldap.servers", Conf), ",")],
-    Port = cuttlefish:conf_get("auth.ldap.port", Conf),
-    Pool = cuttlefish:conf_get("auth.ldap.pool", Conf),
-    BindDN = cuttlefish:conf_get("auth.ldap.bind_dn", Conf),
-    BindPassword = cuttlefish:conf_get("auth.ldap.bind_password", Conf),
-    Timeout = cuttlefish:conf_get("auth.ldap.timeout", Conf),
-    Filter = fun(Ls) -> [E || E = {_, V} <- Ls, V /= undefined]end,
-    SslOpts = fun() ->
-                [{certfile, cuttlefish:conf_get("auth.ldap.ssl.certfile", Conf)},
-                 {keyfile, cuttlefish:conf_get("auth.ldap.ssl.keyfile", Conf)},
-                 {cacertfile, cuttlefish:conf_get("auth.ldap.ssl.cacertfile", Conf, undefined)},
-                 {verify, cuttlefish:conf_get("auth.ldap.ssl.verify", Conf, undefined)},
-                 {server_name_indication, case cuttlefish:conf_get("auth.ldap.ssl.server_name_indication", Conf, undefined) of
-                                            "disable" -> disable;
-                                            SNI -> SNI
-                                          end}]
-              end,
-    Opts = [{servers, Servers},
-            {port, Port},
-            {timeout, Timeout},
-            {bind_dn, BindDN},
-            {bind_password, BindPassword},
-            {pool, Pool},
-            {auto_reconnect, 2}],
-    case cuttlefish:conf_get("auth.ldap.ssl.enable", Conf) of
-        true  -> [{ssl, true}, {sslopts, Filter(SslOpts())}|Opts];
-        false -> [{ssl, false}|Opts]
-    end
-end}.
-
-{mapping, "auth.ldap.device_dn", "emqx_auth_ldap.device_dn", [
-  {default, "ou=device,dc=emqx,dc=io"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.match_objectclass", "emqx_auth_ldap.match_objectclass", [
-  {default, "mqttUser"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.custom_base_dn", "emqx_auth_ldap.custom_base_dn", [
-  {default, "${username_attr}=${user},${device_dn}"},
-  {datatype, string}
-]}.
-
-%% auth.ldap.filters.1.key = "objectClass"
-%% auth.ldap.filters.1.value = "mqttUser"
-%% auth.ldap.filters.1.op = "and"
-%% auth.ldap.filters.2.key = "uiAttr"
-%% auth.ldap.filters.2.value "someAttr"
-%% auth.ldap.filters.2.op = "or"
-%% auth.ldap.filters.3.key = "someKey"
-%% auth.ldap.filters.3.value = "someValue"
-%% The configuratation structure sent to the application:
-%%   [{"objectClass","mqttUser"},"and",{"uiAttr","someAttr"},"or",{"someKey","someAttr"}]
-%% The resulting LDAP filter would look like this:
-%% ==> "|(&(objectClass=Class)(uiAttr=someAttr)(someKey=someValue))"
-{translation, "emqx_auth_ldap.filters",
-fun(Conf) ->
-        Settings = cuttlefish_variable:filter_by_prefix("auth.ldap.filters", Conf),
-        Keys = [{Num, {key, V}} || {["auth","ldap","filters", Num, "key"], V} <- Settings],
-        Values = [{Num, {value, V}} || {["auth","ldap","filters", Num, "value"], V} <- Settings],
-        Ops = [{Num, {op, V}} || {["auth","ldap","filters", Num, "op"], V} <- Settings],
-        RawFilters = Keys ++ Values ++ Ops,
-        Filters =
-            lists:foldl(
-              fun({Num,{T,V}}, Acc)->
-                      maps:update_with(Num,
-                                       fun(F)->
-                                               maps:put(T,V,F)
-                                       end,
-                                       #{T=>V}, Acc)
-              end, #{}, RawFilters),
-        Order=lists:usort(maps:keys(Filters)),
-        lists:reverse(
-          lists:foldl(
-            fun(F,Acc)->
-                    case F of
-                        #{key:=K, op:=Op, value:=V} -> [Op,{K,V}|Acc];
-                        #{key:=K, value:=V} -> [{K,V}|Acc]
-                    end
-            end,
-            [],
-            lists:map(fun(K) -> maps:get(K, Filters) end, Order)))
-end}.
-
-{mapping, "auth.ldap.filters.$num.key", "emqx_auth_ldap.filters", [
-    {datatype, string}
-]}.
-
-{mapping, "auth.ldap.filters.$num.value", "emqx_auth_ldap.filters", [
-    {datatype, string}
-]}.
-
-{mapping, "auth.ldap.filters.$num.op", "emqx_auth_ldap.filters", [
-    {datatype, {enum, [ "or", "and" ] } }
-]}.
-
-
-{mapping, "auth.ldap.bind_as_user", "emqx_auth_ldap.bind_as_user", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.ldap.username.attributetype", "emqx_auth_ldap.username_attr", [
-  {default, "uid"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.password.attributetype", "emqx_auth_ldap.password_attr", [
-  {default, "userPassword"},
-  {datatype, string}
-]}.
diff --git a/apps/emqx_auth_ldap/rebar.config b/apps/emqx_auth_ldap/rebar.config
deleted file mode 100644
index 811468a7b..000000000
--- a/apps/emqx_auth_ldap/rebar.config
+++ /dev/null
@@ -1,25 +0,0 @@
-{deps,
- [{eldap2, {git, "https://github.com/emqx/eldap2", {tag, "v0.2.2"}}}
- ]}.
-
-{profiles,
- [{test,
-   [{deps, []}
-   ]}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
diff --git a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
deleted file mode 100644
index 25287052c..000000000
--- a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
+++ /dev/null
@@ -1,98 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_ldap).
-
--include("emqx_auth_ldap.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eldap/include/eldap.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--import(proplists, [get_value/2]).
-
--import(emqx_auth_ldap_cli, [search/4]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) ->
-    case do_check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) of
-        ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
-        {stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
-        {stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
-    end.
-
-do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
-    ok;
-
-do_check_acl(#{username := Username}, PubSub, Topic, _NoMatchAction,
-             #{device_dn         := DeviceDn,
-               match_objectclass := ObjectClass,
-               username_attr     := UidAttr,
-               custom_base_dn    := CustomBaseDN,
-               pool := Pool} = Config) ->
-
-    Filters = maps:get(filters, Config, []),
-
-    ReplaceRules = [{"${username_attr}", UidAttr},
-                    {"${user}", binary_to_list(Username)},
-                    {"${device_dn}", DeviceDn}],
-
-    Filter = emqx_auth_ldap:prepare_filter(Filters, UidAttr, ObjectClass, ReplaceRules),
-
-    Attribute = case PubSub of
-                    publish   -> "mqttPublishTopic";
-                    subscribe -> "mqttSubscriptionTopic"
-                end,
-    Attribute1 = "mqttPubSubTopic",
-    ?LOG(debug, "[LDAP] search dn:~p filter:~p, attribute:~p",
-         [DeviceDn, Filter, Attribute]),
-
-    BaseDN = emqx_auth_ldap:replace_vars(CustomBaseDN, ReplaceRules),
-
-    case search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of
-        {error, noSuchObject} ->
-            ok;
-        {ok, #eldap_search_result{entries = []}} ->
-            ok;
-        {ok, #eldap_search_result{entries = [Entry]}} ->
-            Topics = get_value(Attribute, Entry#eldap_entry.attributes)
-                ++ get_value(Attribute1, Entry#eldap_entry.attributes),
-            match(Topic, Topics);
-        Error ->
-            ?LOG(error, "[LDAP] search error:~p", [Error]),
-            {stop, deny}
-    end.
-
-match(_Topic, []) ->
-    ok;
-
-match(Topic, [Filter | Topics]) ->
-    case emqx_topic:match(Topic, list_to_binary(Filter)) of
-        true  -> {stop, allow};
-        false -> match(Topic, Topics)
-    end.
-
-description() ->
-    "ACL with LDAP".
-
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
deleted file mode 100644
index 1b76c32c8..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_ldap,
- [{description, "EMQ X Authentication/ACL with LDAP"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_ldap_sup]},
-  {applications, [kernel,stdlib,eldap2,ecpool]},
-  {mod, {emqx_auth_ldap_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-ldap"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
deleted file mode 100644
index 9163362c7..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
+++ /dev/null
@@ -1,210 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap).
-
--include("emqx_auth_ldap.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eldap/include/eldap.hrl").
--include_lib("emqx/include/logger.hrl").
-
--import(proplists, [get_value/2]).
-
--import(emqx_auth_ldap_cli, [search/3]).
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        , prepare_filter/4
-        , replace_vars/2
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{username := Username, password := Password}, AuthResult,
-      State = #{password_attr := PasswdAttr, bind_as_user := BindAsUserRequired, pool := Pool}) ->
-    CheckResult =
-        case lookup_user(Username, State) of
-            undefined -> {error, not_found};
-            {error, Error} -> {error, Error};
-            Entry ->
-                PasswordString = binary_to_list(Password),
-                ObjectName = Entry#eldap_entry.object_name,
-                Attributes = Entry#eldap_entry.attributes,
-                case BindAsUserRequired of
-                    true ->
-                        emqx_auth_ldap_cli:post_bind(Pool, ObjectName, PasswordString);
-                    false ->
-                        case get_value(PasswdAttr, Attributes) of
-                            undefined ->
-                                logger:error("LDAP Search State: ~p, uid: ~p, result:~p",
-                                             [State, Username, Attributes]),
-                                {error, not_found};
-                            [Passhash1] ->
-                                format_password(Passhash1, Password, ClientInfo)
-                        end
-                end
-        end,
-    case CheckResult of
-        ok ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(success)),
-            {stop, AuthResult#{auth_result => success, anonymous => false}};
-        {error, not_found} ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {error, ResultCode} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-            ?LOG(error, "[LDAP] Auth from ldap failed: ~p", [ResultCode]),
-            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
-    end.
-
-lookup_user(Username, #{username_attr := UidAttr,
-                        match_objectclass := ObjectClass,
-                        device_dn := DeviceDn,
-                        custom_base_dn := CustomBaseDN, pool := Pool} = Config) ->
-
-    Filters = maps:get(filters, Config, []),
-
-    ReplaceRules = [{"${username_attr}", UidAttr},
-                    {"${user}", binary_to_list(Username)},
-                    {"${device_dn}", DeviceDn}],
-
-    Filter = prepare_filter(Filters, UidAttr, ObjectClass, ReplaceRules),
-
-    %% auth.ldap.custom_base_dn = "${username_attr}=${user},${device_dn}"
-    BaseDN = replace_vars(CustomBaseDN, ReplaceRules),
-
-    case search(Pool, BaseDN, Filter) of
-        %% This clause seems to be impossible to match. `eldap2:search/2` does
-        %% not validates the result, so if it returns "successfully" from the
-        %% LDAP server, it always returns `{ok, #eldap_search_result{}}`.
-        {error, noSuchObject} ->
-            undefined;
-        %% In case no user was found by the search, but the search was completed
-        %% without error we get an empty `entries` list.
-        {ok, #eldap_search_result{entries = []}} ->
-            undefined;
-        {ok, #eldap_search_result{entries = [Entry]}} ->
-            Attributes = Entry#eldap_entry.attributes,
-            case get_value("isEnabled", Attributes) of
-                undefined ->
-                    Entry;
-                [Val] ->
-                    case list_to_atom(string:to_lower(Val)) of
-                        true -> Entry;
-                        false -> {error, username_disabled}
-                    end
-            end;
-        {error, Error} ->
-            ?LOG(error, "[LDAP] Search dn: ~p, filter: ~p, fail:~p", [DeviceDn, Filter, Error]),
-            {error, username_or_password_error}
-    end.
-
-check_pass(Password, Password, _ClientInfo) -> ok;
-check_pass(_, _, _) -> {error, bad_username_or_password}.
-
-format_password(Passhash, Password, ClientInfo) ->
-    case do_format_password(Passhash, Password) of
-        {error, Error2} ->
-            {error, Error2};
-        {Passhash1, Password1} ->
-            check_pass(Passhash1, Password1, ClientInfo)
-    end.
-
-do_format_password(Passhash, Password) ->
-    Base64PasshashHandler =
-    handle_passhash(fun(HashType, Passhash1, Password1) ->
-                            Passhash2 = binary_to_list(base64:decode(Passhash1)),
-                            resolve_passhash(HashType, Passhash2, Password1)
-                    end,
-                    fun(_Passhash, _Password) ->
-                            {error, password_error}
-                    end),
-    PasshashHandler = handle_passhash(fun resolve_passhash/3, Base64PasshashHandler),
-    PasshashHandler(Passhash, Password).
-
-resolve_passhash(HashType, Passhash, Password) ->
-    [_, Passhash1] = string:tokens(Passhash, "}"),
-    do_resolve(HashType, Passhash1, Password).
-
-handle_passhash(HandleMatch, HandleNoMatch) ->
-    fun(Passhash, Password) ->
-            case re:run(Passhash, "(?<={)[^{}]+(?=})", [{capture, all, list}, global]) of
-                {match, [[HashType]]} ->
-                    HandleMatch(list_to_atom(string:to_lower(HashType)), Passhash, Password);
-                _ ->
-                    HandleNoMatch(Passhash, Password)
-            end
-    end.
-
-do_resolve(ssha, Passhash, Password) ->
-    D64 = base64:decode(Passhash),
-    {HashedData, Salt} = lists:split(20, binary_to_list(D64)),
-    NewHash = crypto:hash(sha, <<Password/binary, (list_to_binary(Salt))/binary>>),
-    {list_to_binary(HashedData), NewHash};
-do_resolve(HashType, Passhash, Password) ->
-    Password1 = base64:encode(crypto:hash(HashType, Password)),
-    {list_to_binary(Passhash), Password1}.
-
-description() -> "LDAP Authentication Plugin".
-
-prepare_filter(Filters, _UidAttr, ObjectClass, ReplaceRules) ->
-    SubFilters =
-        lists:map(fun({K, V}) ->
-                          {replace_vars(K, ReplaceRules), replace_vars(V, ReplaceRules)};
-                     (Op) ->
-                          Op
-                  end, Filters),
-    case SubFilters of
-        [] -> eldap2:equalityMatch("objectClass", ObjectClass);
-        _List -> compile_filters(SubFilters, [])
-    end.
-
-
-compile_filters([{Key, Value}], []) ->
-    compile_equal(Key, Value);
-compile_filters([{K1, V1}, "and", {K2, V2} | Rest], []) ->
-    compile_filters(
-      Rest,
-      eldap2:'and'([compile_equal(K1, V1),
-                    compile_equal(K2, V2)]));
-compile_filters([{K1, V1}, "or", {K2, V2} | Rest], []) ->
-    compile_filters(
-      Rest,
-      eldap2:'or'([compile_equal(K1, V1),
-                   compile_equal(K2, V2)]));
-compile_filters(["and", {K, V} | Rest], PartialFilter) ->
-    compile_filters(
-      Rest,
-      eldap2:'and'([PartialFilter,
-                    compile_equal(K, V)]));
-compile_filters(["or", {K, V} | Rest], PartialFilter) ->
-    compile_filters(
-      Rest,
-      eldap2:'or'([PartialFilter,
-                   compile_equal(K, V)]));
-compile_filters([], Filter) ->
-    Filter.
-
-compile_equal(Key, Value) ->
-    eldap2:equalityMatch(Key, Value).
-
-replace_vars(CustomBaseDN, ReplaceRules) ->
-    lists:foldl(fun({Pattern, Substitute}, DN) ->
-                        lists:flatten(string:replace(DN, Pattern, Substitute))
-                end, CustomBaseDN, ReplaceRules).
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
deleted file mode 100644
index ed43c8d26..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
+++ /dev/null
@@ -1,78 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_ldap.hrl").
-
-%% Application callbacks
--export([ start/2
-        , prep_stop/1
-        , stop/1
-        ]).
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_ldap_sup:start_link(),
-    _ = if_enabled([device_dn, match_objectclass,
-                username_attr, password_attr,
-                filters, custom_base_dn, bind_as_user],
-               fun load_auth_hook/1),
-    _ = if_enabled([device_dn, match_objectclass,
-                username_attr, password_attr,
-                filters, custom_base_dn, bind_as_user],
-               fun load_acl_hook/1),
-    {ok, Sup}.
-
-prep_stop(State) ->
-    emqx:unhook('client.authenticate',{emqx_auth_ldap, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_ldap, check_acl}),
-    State.
-
-stop(_State) ->
-    ok.
-
-load_auth_hook(DeviceDn) ->
-    ok = emqx_auth_ldap:register_metrics(),
-    Params = maps:from_list(DeviceDn),
-    emqx:hook('client.authenticate', {emqx_auth_ldap, check, [Params#{pool => ?APP}]}).
-
-load_acl_hook(DeviceDn) ->
-    ok = emqx_acl_ldap:register_metrics(),
-    Params = maps:from_list(DeviceDn),
-    emqx:hook('client.check_acl', {emqx_acl_ldap, check_acl, [Params#{pool => ?APP}]}).
-
-if_enabled(Cfgs, Fun) ->
-    case get_env(Cfgs) of
-        {ok, []} -> ok;
-        {ok, InitArgs} -> Fun(InitArgs)
-    end.
-
-get_env(Cfgs) ->
-   get_env(Cfgs, []).
-
-get_env([Cfg | LeftCfgs], ENVS) ->
-    case application:get_env(?APP, Cfg) of
-        {ok, ENV} ->
-            get_env(LeftCfgs, [{Cfg, ENV} | ENVS]);
-        undefined ->
-            get_env(LeftCfgs, ENVS)
-    end;
-get_env([], ENVS) ->
-   {ok, ENVS}.
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
deleted file mode 100644
index 412754664..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
+++ /dev/null
@@ -1,150 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_cli).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_ldap.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
-%% ecpool callback
--export([connect/1]).
-
--export([ search/3
-        , search/4
-        , post_bind/3
-        , init_args/1
-        ]).
-
--import(proplists,
-        [ get_value/2
-        , get_value/3
-        ]).
-
-%%--------------------------------------------------------------------
-%% LDAP Connect/Search
-%%--------------------------------------------------------------------
-
-connect(Opts) ->
-    Servers      = get_value(servers, Opts, ["localhost"]),
-    Port         = get_value(port, Opts, 389),
-    Timeout      = get_value(timeout, Opts, 30),
-    BindDn       = get_value(bind_dn, Opts),
-    BindPassword = get_value(bind_password, Opts),
-    LdapOpts     = case get_value(ssl, Opts, false)of
-                       true ->
-                           SslOpts = get_value(sslopts, Opts),
-                           [{port, Port}, {timeout, Timeout}, {sslopts, SslOpts}];
-                       false ->
-                           [{port, Port}, {timeout, Timeout}]
-                   end,
-    ?LOG(debug, "[LDAP] Connecting to OpenLDAP server: ~p, Opts:~p ...", [Servers, LdapOpts]),
-
-    case eldap2:open(Servers, LdapOpts) of
-        {ok, LDAP} ->
-            try eldap2:simple_bind(LDAP, BindDn, BindPassword) of
-                ok -> {ok, LDAP};
-                {error, Error} ->
-                    ?LOG(error, "[LDAP] Can't authenticated to OpenLDAP server: ~p", [Error]),
-                    {error, Error}
-            catch
-                error:Reason ->
-                    ?LOG(error, "[LDAP] Can't authenticated to OpenLDAP server: ~p", [Reason]),
-                    {error, Reason}
-            end;
-        {error, Reason} ->
-            ?LOG(error, "[LDAP] Can't connect to OpenLDAP server: ~p", [Reason]),
-            {error, Reason}
-    end.
-
-search(Pool, Base, Filter) ->
-    ecpool:with_client(Pool,
-        fun(C) ->
-                case application:get_env(?APP, bind_as_user) of
-                    {ok, true} ->
-                        {ok, Opts} = application:get_env(?APP, ldap),
-                        BindDn       = get_value(bind_dn, Opts),
-                        BindPassword = get_value(bind_password, Opts),
-                        try eldap2:simple_bind(C, BindDn, BindPassword) of
-                            ok ->
-                                eldap2:search(C, [{base, Base},
-                                                  {filter, Filter},
-                                                  {deref, eldap2:derefFindingBaseObj()}]);
-                            {error, Error} ->
-                                {error, Error}
-                        catch
-                            error:Reason -> {error, Reason}
-                        end;
-                    {ok, false} ->
-                        eldap2:search(C, [{base, Base},
-                                          {filter, Filter},
-                                          {deref, eldap2:derefFindingBaseObj()}])
-                end
-        end).
-
-search(Pool, Base, Filter, Attributes) ->
-    ecpool:with_client(Pool,
-        fun(C) ->
-                case application:get_env(?APP, bind_as_user) of
-                    {ok, true} ->
-                        {ok, Opts} = application:get_env(?APP, ldap),
-                        BindDn       = get_value(bind_dn, Opts),
-                        BindPassword = get_value(bind_password, Opts),
-                        try eldap2:simple_bind(C, BindDn, BindPassword) of
-                            ok ->
-                                eldap2:search(C, [{base, Base},
-                                                  {filter, Filter},
-                                                  {attributes, Attributes},
-                                                  {deref, eldap2:derefFindingBaseObj()}]);
-                            {error, Error} ->
-                                {error, Error}
-                        catch
-                            error:Reason -> {error, Reason}
-                        end;
-                    {ok, false} ->
-                        eldap2:search(C, [{base, Base},
-                                          {filter, Filter},
-                                          {attributes, Attributes},
-                                          {deref, eldap2:derefFindingBaseObj()}])
-                end
-        end).
-
-post_bind(Pool, BindDn, BindPassword) ->
-    ecpool:with_client(Pool,
-                       fun(C) ->
-                               try eldap2:simple_bind(C, BindDn, BindPassword) of
-                                   ok -> ok;
-                                   {error, Error} ->
-                                       {error, Error}
-                               catch
-                                   error:Reason -> {error, Reason}
-                               end
-                       end).
-
-
-init_args(ENVS) ->
-    DeviceDn = get_value(device_dn, ENVS),
-    ObjectClass = get_value(match_objectclass, ENVS),
-    UidAttr = get_value(username_attr, ENVS),
-    PasswdAttr = get_value(password_attr, ENVS),
-    {ok, #{device_dn => DeviceDn,
-           match_objectclass => ObjectClass,
-           username_attr => UidAttr,
-           password_attr => PasswdAttr}}.
-
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl
deleted file mode 100644
index 56b3eea9d..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl
+++ /dev/null
@@ -1,35 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_ldap.hrl").
-
--export([start_link/0]).
-
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    %% LDAP Connection Pool.
-    {ok, Server} = application:get_env(?APP, ldap),
-    PoolSpec = ecpool:pool_spec(?APP, ?APP, emqx_auth_ldap_cli, Server),
-    {ok, {{one_for_one, 10, 100}, [PoolSpec]}}.
-
diff --git a/apps/emqx_auth_ldap/test/certs/cacert.pem b/apps/emqx_auth_ldap/test/certs/cacert.pem
deleted file mode 100644
index 604fd2362..000000000
--- a/apps/emqx_auth_ldap/test/certs/cacert.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDUTCCAjmgAwIBAgIJAPPYCjTmxdt/MA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV
-BAYTAkNOMREwDwYDVQQIDAhoYW5nemhvdTEMMAoGA1UECgwDRU1RMQ8wDQYDVQQD
-DAZSb290Q0EwHhcNMjAwNTA4MDgwNjUyWhcNMzAwNTA2MDgwNjUyWjA/MQswCQYD
-VQQGEwJDTjERMA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UE
-AwwGUm9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcgVLex1
-EZ9ON64EX8v+wcSjzOZpiEOsAOuSXOEN3wb8FKUxCdsGrsJYB7a5VM/Jot25Mod2
-juS3OBMg6r85k2TWjdxUoUs+HiUB/pP/ARaaW6VntpAEokpij/przWMPgJnBF3Ur
-MjtbLayH9hGmpQrI5c2vmHQ2reRZnSFbY+2b8SXZ+3lZZgz9+BaQYWdQWfaUWEHZ
-uDaNiViVO0OT8DRjCuiDp3yYDj3iLWbTA/gDL6Tf5XuHuEwcOQUrd+h0hyIphO8D
-tsrsHZ14j4AWYLk1CPA6pq1HIUvEl2rANx2lVUNv+nt64K/Mr3RnVQd9s8bK+TXQ
-KGHd2Lv/PALYuwIDAQABo1AwTjAdBgNVHQ4EFgQUGBmW+iDzxctWAWxmhgdlE8Pj
-EbQwHwYDVR0jBBgwFoAUGBmW+iDzxctWAWxmhgdlE8PjEbQwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAQEAGbhRUjpIred4cFAFJ7bbYD9hKu/yzWPWkMRa
-ErlCKHmuYsYk+5d16JQhJaFy6MGXfLgo3KV2itl0d+OWNH0U9ULXcglTxy6+njo5
-CFqdUBPwN1jxhzo9yteDMKF4+AHIxbvCAJa17qcwUKR5MKNvv09C6pvQDJLzid7y
-E2dkgSuggik3oa0427KvctFf8uhOV94RvEDyqvT5+pgNYZ2Yfga9pD/jjpoHEUlo
-88IGU8/wJCx3Ds2yc8+oBg/ynxG8f/HmCC1ET6EHHoe2jlo8FpU/SgGtghS1YL30
-IWxNsPrUP+XsZpBJy/mvOhE5QXo6Y35zDqqj8tI7AGmAWu22jg==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_ldap/test/certs/cert.pem b/apps/emqx_auth_ldap/test/certs/cert.pem
deleted file mode 100644
index 092390b1d..000000000
--- a/apps/emqx_auth_ldap/test/certs/cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER
-MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB
-MB4XDTIwMDUwODA4MDcwNVoXDTMwMDUwNjA4MDcwNVowPzELMAkGA1UEBhMCQ04x
-ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBlNlcnZl
-cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNeWT3pE+QFfiRJzKmn
-AMUrWo3K2j/Tm3+Xnl6WLz67/0rcYrJbbKvS3uyRP/stXyXEKw9CepyQ1ViBVFkW
-Aoy8qQEOWFDsZc/5UzhXUnb6LXr3qTkFEjNmhj+7uzv/lbBxlUG1NlYzSeOB6/RT
-8zH/lhOeKhLnWYPXdXKsa1FL6ij4X8DeDO1kY7fvAGmBn/THh1uTpDizM4YmeI+7
-4dmayA5xXvARte5h4Vu5SIze7iC057N+vymToMk2Jgk+ZZFpyXrnq+yo6RaD3ANc
-lrc4FbeUQZ5a5s5Sxgs9a0Y3WMG+7c5VnVXcbjBRz/aq2NtOnQQjikKKQA8GF080
-BQkCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL
-BQADggEBAJefnMZpaRDHQSNUIEL3iwGXE9c6PmIsQVE2ustr+CakBp3TZ4l0enLt
-iGMfEVFju69cO4oyokWv+hl5eCMkHBf14Kv51vj448jowYnF1zmzn7SEzm5Uzlsa
-sqjtAprnLyof69WtLU1j5rYWBuFX86yOTwRAFNjm9fvhAcrEONBsQtqipBWkMROp
-iUYMkRqbKcQMdwxov+lHBYKq9zbWRoqLROAn54SRqgQk6c15JdEfgOOjShbsOkIH
-UhqcwRkQic7n1zwHVGVDgNIZVgmJ2IdIWBlPEC7oLrRrBD/X1iEEXtKab6p5o22n
-KB5mN+iQaE+Oe2cpGKZJiJRdM+IqDDQ=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_ldap/test/certs/client-cert.pem b/apps/emqx_auth_ldap/test/certs/client-cert.pem
deleted file mode 100644
index 09d855221..000000000
--- a/apps/emqx_auth_ldap/test/certs/client-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER
-MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB
-MB4XDTIwMDUwODA4MDY1N1oXDTMwMDUwNjA4MDY1N1owPzELMAkGA1UEBhMCQ04x
-ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBkNsaWVu
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMy4hoksKcZBDbY680u6
-TS25U51nuB1FBcGMlF9B/t057wPOlxF/OcmbxY5MwepS41JDGPgulE1V7fpsXkiW
-1LUimYV/tsqBfymIe0mlY7oORahKji7zKQ2UBIVFhdlvQxunlIDnw6F9popUgyHt
-dMhtlgZK8oqRwHxO5dbfoukYd6J/r+etS5q26sgVkf3C6dt0Td7B25H9qW+f7oLV
-PbcHYCa+i73u9670nrpXsC+Qc7Mygwa2Kq/jwU+ftyLQnOeW07DuzOwsziC/fQZa
-nbxR+8U9FNftgRcC3uP/JMKYUqsiRAuaDokARZxVTV5hUElfpO6z6/NItSDvvh3i
-eikCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL
-BQADggEBABchYxKo0YMma7g1qDswJXsR5s56Czx/I+B41YcpMBMTrRqpUC0nHtLk
-M7/tZp592u/tT8gzEnQjZLKBAhFeZaR3aaKyknLqwiPqJIgg0pgsBGITrAK3Pv4z
-5/YvAJJKgTe5UdeTz6U4lvNEux/4juZ4pmqH4qSFJTOzQS7LmgSmNIdd072rwXBd
-UzcSHzsJgEMb88u/LDLjj1pQ7AtZ4Tta8JZTvcgBFmjB0QUi6fgkHY6oGat/W4kR
-jSRUBlMUbM/drr2PVzRc2dwbFIl3X+ZE6n5Sl3ZwRAC/s92JU6CPMRW02muVu6xl
-goraNgPISnrbpR6KjxLZkVembXzjNNc=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_ldap/test/certs/client-key.pem b/apps/emqx_auth_ldap/test/certs/client-key.pem
deleted file mode 100644
index 2b3f30cf6..000000000
--- a/apps/emqx_auth_ldap/test/certs/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzLiGiSwpxkENtjrzS7pNLblTnWe4HUUFwYyUX0H+3TnvA86X
-EX85yZvFjkzB6lLjUkMY+C6UTVXt+mxeSJbUtSKZhX+2yoF/KYh7SaVjug5FqEqO
-LvMpDZQEhUWF2W9DG6eUgOfDoX2milSDIe10yG2WBkryipHAfE7l1t+i6Rh3on+v
-561LmrbqyBWR/cLp23RN3sHbkf2pb5/ugtU9twdgJr6Lve73rvSeulewL5BzszKD
-BrYqr+PBT5+3ItCc55bTsO7M7CzOIL99BlqdvFH7xT0U1+2BFwLe4/8kwphSqyJE
-C5oOiQBFnFVNXmFQSV+k7rPr80i1IO++HeJ6KQIDAQABAoIBAGWgvPjfuaU3qizq
-uti/FY07USz0zkuJdkANH6LiSjlchzDmn8wJ0pApCjuIE0PV/g9aS8z4opp5q/gD
-UBLM/a8mC/xf2EhTXOMrY7i9p/I3H5FZ4ZehEqIw9sWKK9YzC6dw26HabB2BGOnW
-5nozPSQ6cp2RGzJ7BIkxSZwPzPnVTgy3OAuPOiJytvK+hGLhsNaT+Y9bNDvplVT2
-ZwYTV8GlHZC+4b2wNROILm0O86v96O+Qd8nn3fXjGHbMsAnONBq10bZS16L4fvkH
-5G+W/1PeSXmtZFppdRRDxIW+DWcXK0D48WRliuxcV4eOOxI+a9N2ZJZZiNLQZGwg
-w3A8+mECgYEA8HuJFrlRvdoBe2U/EwUtG74dcyy30L4yEBnN5QscXmEEikhaQCfX
-Wm6EieMcIB/5I5TQmSw0cmBMeZjSXYoFdoI16/X6yMMuATdxpvhOZGdUGXxhAH+x
-xoTUavWZnEqW3fkUU71kT5E2f2i+0zoatFESXHeslJyz85aAYpP92H0CgYEA2e5A
-Yozt5eaA1Gyhd8SeptkEU4xPirNUnVQHStpMWUb1kzTNXrPmNWccQ7JpfpG6DcYl
-zUF6p6mlzY+zkMiyPQjwEJlhiHM2NlL1QS7td0R8ewgsFoyn8WsBI4RejWrEG9td
-EDniuIw+pBFkcWthnTLHwECHdzgquToyTMjrBB0CgYEA28tdGbrZXhcyAZEhHAZA
-Gzog+pKlkpEzeonLKIuGKzCrEKRecIK5jrqyQsCjhS0T7ZRnL4g6i0s+umiV5M5w
-fcc292pEA1h45L3DD6OlKplSQVTv55/OYS4oY3YEJtf5mfm8vWi9lQeY8sxOlQpn
-O+VZTdBHmTC8PGeTAgZXHZUCgYA6Tyv88lYowB7SN2qQgBQu8jvdGtqhcs/99GCr
-H3N0I69LPsKAR0QeH8OJPXBKhDUywESXAaEOwS5yrLNP1tMRz5Vj65YUCzeDG3kx
-gpvY4IMp7ArX0bSRvJ6mYSFnVxy3k174G3TVCfksrtagHioVBGQ7xUg5ltafjrms
-n8l55QKBgQDVzU8tQvBVqY8/1lnw11Vj4fkE/drZHJ5UkdC1eenOfSWhlSLfUJ8j
-ds7vEWpRPPoVuPZYeR1y78cyxKe1GBx6Wa2lF5c7xjmiu0xbRnrxYeLolce9/ntp
-asClqpnHT8/VJYTD7Kqj0fouTTZf0zkig/y+2XERppd8k+pSKjUCPQ==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_ldap/test/certs/key.pem b/apps/emqx_auth_ldap/test/certs/key.pem
deleted file mode 100644
index 6c338216e..000000000
--- a/apps/emqx_auth_ldap/test/certs/key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAs15ZPekT5AV+JEnMqacAxStajcraP9Obf5eeXpYvPrv/Stxi
-sltsq9Le7JE/+y1fJcQrD0J6nJDVWIFUWRYCjLypAQ5YUOxlz/lTOFdSdvotevep
-OQUSM2aGP7u7O/+VsHGVQbU2VjNJ44Hr9FPzMf+WE54qEudZg9d1cqxrUUvqKPhf
-wN4M7WRjt+8AaYGf9MeHW5OkOLMzhiZ4j7vh2ZrIDnFe8BG17mHhW7lIjN7uILTn
-s36/KZOgyTYmCT5lkWnJeuer7KjpFoPcA1yWtzgVt5RBnlrmzlLGCz1rRjdYwb7t
-zlWdVdxuMFHP9qrY206dBCOKQopADwYXTzQFCQIDAQABAoIBAQCuvCbr7Pd3lvI/
-n7VFQG+7pHRe1VKwAxDkx2t8cYos7y/QWcm8Ptwqtw58HzPZGWYrgGMCRpzzkRSF
-V9g3wP1S5Scu5C6dBu5YIGc157tqNGXB+SpdZddJQ4Nc6yGHXYERllT04ffBGc3N
-WG/oYS/1cSteiSIrsDy/91FvGRCi7FPxH3wIgHssY/tw69s1Cfvaq5lr2NTFzxIG
-xCvpJKEdSfVfS9I7LYiymVjst3IOR/w76/ZFY9cRa8ZtmQSWWsm0TUpRC1jdcbkm
-ZoJptYWlP+gSwx/fpMYftrkJFGOJhHJHQhwxT5X/ajAISeqjjwkWSEJLwnHQd11C
-Zy2+29lBAoGBANlEAIK4VxCqyPXNKfoOOi5dS64NfvyH4A1v2+KaHWc7lqaqPN49
-ezfN2n3X+KWx4cviDD914Yc2JQ1vVJjSaHci7yivocDo2OfZDmjBqzaMp/y+rX1R
-/f3MmiTqMa468rjaxI9RRZu7vDgpTR+za1+OBCgMzjvAng8dJuN/5gjlAoGBANNY
-uYPKtearBmkqdrSV7eTUe49Nhr0XotLaVBH37TCW0Xv9wjO2xmbm5Ga/DCtPIsBb
-yPeYwX9FjoasuadUD7hRvbFu6dBa0HGLmkXRJZTcD7MEX2Lhu4BuC72yDLLFd0r+
-Ep9WP7F5iJyagYqIZtz+4uf7gBvUDdmvXz3sGr1VAoGAdXTD6eeKeiI6PlhKBztF
-zOb3EQOO0SsLv3fnodu7ZaHbUgLaoTMPuB17r2jgrYM7FKQCBxTNdfGZmmfDjlLB
-0xZ5wL8ibU30ZXL8zTlWPElST9sto4B+FYVVF/vcG9sWeUUb2ncPcJ/Po3UAktDG
-jYQTTyuNGtSJHpad/YOZctkCgYBtWRaC7bq3of0rJGFOhdQT9SwItN/lrfj8hyHA
-OjpqTV4NfPmhsAtu6j96OZaeQc+FHvgXwt06cE6Rt4RG4uNPRluTFgO7XYFDfitP
-vCppnoIw6S5BBvHwPP+uIhUX2bsi/dm8vu8tb+gSvo4PkwtFhEr6I9HglBKmcmog
-q6waEQKBgHyecFBeM6Ls11Cd64vborwJPAuxIW7HBAFj/BS99oeG4TjBx4Sz2dFd
-rzUibJt4ndnHIvCN8JQkjNG14i9hJln+H3mRss8fbZ9vQdqG+2vOWADYSzzsNI55
-RFY7JjluKcVkp/zCDeUxTU3O6sS+v6/3VE11Cob6OYQx3lN5wrZ3
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl b/apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl
deleted file mode 100644
index 52bed9cf4..000000000
--- a/apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl
+++ /dev/null
@@ -1,152 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--define(PID, emqx_auth_ldap).
-
--define(APP, emqx_auth_ldap).
-
--define(DeviceDN, "ou=test_device,dc=emqx,dc=io").
-
--define(AuthDN, "ou=test_auth,dc=emqx,dc=io").
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    [{group, nossl}, {group, ssl}].
-
-groups() ->
-    Cases = emqx_ct:all(?MODULE),
-    [{nossl, Cases}, {ssl, Cases}].
-
-init_per_group(GrpName, Cfg) ->
-    Fun = fun(App) -> set_special_configs(GrpName, App) end,
-    emqx_ct_helpers:start_apps([emqx_auth_ldap], Fun),
-    Cfg.
-
-end_per_group(_GrpName, _Cfg) ->
-    emqx_ct_helpers:stop_apps([emqx_auth_ldap]).
-
-%%--------------------------------------------------------------------
-%% Cases
-%%--------------------------------------------------------------------
-
-t_check_auth(_) ->
-    MqttUser1 = #{clientid => <<"mqttuser1">>,
-                  username => <<"mqttuser0001">>,
-                  password => <<"mqttuser0001">>,
-                  zone => external},
-    MqttUser2 = #{clientid => <<"mqttuser2">>,
-                  username => <<"mqttuser0002">>,
-                  password => <<"mqttuser0002">>,
-                  zone => external},
-    MqttUser3 = #{clientid => <<"mqttuser3">>,
-                  username => <<"mqttuser0003">>,
-                  password => <<"mqttuser0003">>,
-                  zone => external},
-    MqttUser4 = #{clientid => <<"mqttuser4">>,
-                  username => <<"mqttuser0004">>,
-                  password => <<"mqttuser0004">>,
-                  zone => external},
-    MqttUser5 = #{clientid => <<"mqttuser5">>,
-                  username => <<"mqttuser0005">>,
-                  password => <<"mqttuser0005">>,
-                  zone => external},
-    NonExistUser1 = #{clientid => <<"mqttuser6">>,
-                      username => <<"mqttuser0006">>,
-                      password => <<"mqttuser0006">>,
-                      zone => external},
-    NonExistUser2 = #{clientid => <<"mqttuser7">>,
-                      username => <<"mqttuser0005">>,
-                      password => <<"mqttuser0006">>,
-                      zone => external},
-    ct:log("MqttUser: ~p", [emqx_access_control:authenticate(MqttUser1)]),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser1)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser2)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser3)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser4)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser5)),
-    ?assertEqual({error, not_authorized}, emqx_access_control:authenticate(NonExistUser1)),
-    ?assertEqual({error, bad_username_or_password}, emqx_access_control:authenticate(NonExistUser2)).
-
-t_check_acl(_) ->
-    MqttUser = #{clientid => <<"mqttuser1">>, username => <<"mqttuser0001">>, zone => external},
-    NoMqttUser = #{clientid => <<"mqttuser2">>, username => <<"mqttuser0007">>, zone => external},
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/#">>),
-
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/#">>),
-
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/#">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/#">>),
-
-    deny = emqx_access_control:check_acl(NoMqttUser, publish, <<"mqttuser0001/req/mqttuser0001/+">>),
-    deny = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/req/mqttuser0002/+">>),
-    deny = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/req/+/mqttuser0002">>),
-    ok.
-
-%%--------------------------------------------------------------------
-%% Helpers
-%%--------------------------------------------------------------------
-
-set_special_configs(_, emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    AclFilePath = filename:join(["test", "emqx_SUITE_data", "acl.conf"]),
-    application:set_env(emqx, acl_file,
-		        emqx_ct_helpers:deps_path(emqx, AclFilePath)),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(Ssl, emqx_auth_ldap) ->
-    case Ssl == ssl of
-        true ->
-            LdapOpts = application:get_env(emqx_auth_ldap, ldap, []),
-            Path = emqx_ct_helpers:deps_path(emqx_auth_ldap, "test/certs/"),
-            SslOpts = [{verify, verify_peer},
-                       {fail_if_no_peer_cert, true},
-                       {server_name_indication, disable},
-                       {keyfile, Path ++ "/client-key.pem"},
-                       {certfile, Path ++ "/client-cert.pem"},
-                       {cacertfile, Path ++ "/cacert.pem"}],
-            LdapOpts1 = lists:keystore(ssl, 1, LdapOpts, {ssl, true}),
-            LdapOpts2 = lists:keystore(sslopts, 1, LdapOpts1, {sslopts, SslOpts}),
-            LdapOpts3 = lists:keystore(port, 1, LdapOpts2, {port, 636}),
-            application:set_env(emqx_auth_ldap, ldap, LdapOpts3);
-        _ ->
-            ok
-    end,
-    application:set_env(emqx_auth_ldap, device_dn, "ou=testdevice, dc=emqx, dc=io").
-
diff --git a/apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl b/apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl
deleted file mode 100644
index 24c03fdaf..000000000
--- a/apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl
+++ /dev/null
@@ -1,112 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_bind_as_user_SUITE).
-
--compile(nowarn_export_all).
--compile(export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--define(PID, emqx_auth_ldap).
-
--define(APP, emqx_auth_ldap).
-
--define(DeviceDN, "ou=test_device,dc=emqx,dc=io").
-
--define(AuthDN, "ou=test_auth,dc=emqx,dc=io").
-
-all() ->
-    [check_auth,
-     check_acl].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_auth_ldap], fun set_special_configs/1),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_auth_ldap]).
-
-check_auth(_) ->
-    MqttUser1 = #{clientid => <<"mqttuser1">>,
-                  username => <<"user1">>,
-                  password => <<"mqttuser0001">>,
-                  zone => external},
-    MqttUser2 = #{clientid => <<"mqttuser2">>,
-                  username => <<"user2">>,
-                  password => <<"mqttuser0002">>,
-                  zone => external},
-    NonExistUser1 = #{clientid => <<"mqttuser3">>,
-                      username => <<"user3">>,
-                      password => <<"mqttuser0003">>,
-                      zone => external},
-    ct:log("MqttUser: ~p", [emqx_access_control:authenticate(MqttUser1)]),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser1)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser2)),
-    ?assertEqual({error, not_authorized}, emqx_access_control:authenticate(NonExistUser1)).
-
-check_acl(_) ->
-    MqttUser = #{clientid => <<"mqttuser1">>, username => <<"user1">>, zone => external},
-    NoMqttUser = #{clientid => <<"mqttuser2">>, username => <<"user7">>, zone => external},
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/#">>),
-
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/#">>),
-
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/#">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/#">>),
-
-    deny = emqx_access_control:check_acl(NoMqttUser, publish, <<"mqttuser0001/req/mqttuser0001/+">>),
-    deny = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/req/mqttuser0002/+">>),
-    deny = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/req/+/mqttuser0002">>),
-    ok.
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    AclFilePath = filename:join(["test", "emqx_SUITE_data", "acl.conf"]),
-    application:set_env(emqx, acl_file,
-		        emqx_ct_helpers:deps_path(emqx, AclFilePath)),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(emqx_auth_ldap) ->
-    application:set_env(emqx_auth_ldap, bind_as_user, true),
-    application:set_env(emqx_auth_ldap, device_dn, "ou=testdevice, dc=emqx, dc=io"),
-    application:set_env(emqx_auth_ldap, custom_base_dn, "${device_dn}"),
-    %% auth.ldap.filters.1.key = mqttAccountName
-    %% auth.ldap.filters.1.value = ${user}
-    %% auth.ldap.filters.1.op = and
-    %% auth.ldap.filters.2.key = objectClass
-    %% auth.ldap.filters.1.value = mqttUser
-    application:set_env(emqx_auth_ldap, filters, [{"mqttAccountName", "${user}"},
-                                                  "and",
-                                                  {"objectClass", "mqttUser"}]);
-
-set_special_configs(_App) ->
-    ok.
-
diff --git a/apps/emqx_auth_mnesia/.gitignore b/apps/emqx_auth_mnesia/.gitignore
deleted file mode 100644
index a4d9fea0a..000000000
--- a/apps/emqx_auth_mnesia/.gitignore
+++ /dev/null
@@ -1,26 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_mnesia.d
-data/
-_build/
-.DS_Store
-cover/
-ct.coverdata
-eunit.coverdata
-logs/
-test/ct.cover.spec
-rebar.lock
-rebar3.crashdump
-erlang.mk
-.*.swp
-.rebar3/
-etc/emqx_auth_mnesia.conf.rendered
diff --git a/apps/emqx_auth_mnesia/README.md b/apps/emqx_auth_mnesia/README.md
deleted file mode 100644
index 8b4c145a8..000000000
--- a/apps/emqx_auth_mnesia/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-emqx_auth_mnesia
-===============
diff --git a/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf b/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf
deleted file mode 100644
index 758df1a9c..000000000
--- a/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | sha512
-auth.mnesia.password_hash = sha256
-
-##--------------------------------------------------------------------
-## ClientId Authentication
-##--------------------------------------------------------------------
-
-## Examples
-##auth.client.1.clientid = id
-##auth.client.1.password = passwd
-##auth.client.2.clientid = "dev:devid"
-##auth.client.2.password = passwd2
-##auth.client.3.clientid = "app:appid"
-##auth.client.3.password = passwd3
-##auth.client.4.clientid = "client~!@#$%^&*()_+"
-##auth.client.4.password = "passwd~!@#$%^&*()_+"
-
-##--------------------------------------------------------------------
-## Username Authentication
-##--------------------------------------------------------------------
-
-## Examples:
-##auth.user.1.username = admin
-##auth.user.1.password = public
-##auth.user.2.username = feng@emqtt.io
-##auth.user.2.password = public
-##auth.user.3.username = "name~!@#$%^&*()_+"
-##auth.user.3.password = "pwsswd~!@#$%^&*()_+"
diff --git a/apps/emqx_auth_mnesia/include/emqx_auth_mnesia.hrl b/apps/emqx_auth_mnesia/include/emqx_auth_mnesia.hrl
deleted file mode 100644
index 034bd4f30..000000000
--- a/apps/emqx_auth_mnesia/include/emqx_auth_mnesia.hrl
+++ /dev/null
@@ -1,38 +0,0 @@
--define(APP, emqx_auth_mnesia).
-
--type(login():: {clientid, binary()}
-              | {username, binary()}).
-
--record(emqx_user, {
-          login :: login(),
-          password :: binary(),
-          created_at :: integer()
-        }).
-
--record(emqx_acl, {
-          filter:: {login() | all, emqx_topic:topic()},
-          action :: pub | sub | pubsub,
-          access :: allow | deny,
-          created_at :: integer()
-         }).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_mnesia/priv/emqx_auth_mnesia.schema b/apps/emqx_auth_mnesia/priv/emqx_auth_mnesia.schema
deleted file mode 100644
index 87d6bf47f..000000000
--- a/apps/emqx_auth_mnesia/priv/emqx_auth_mnesia.schema
+++ /dev/null
@@ -1,43 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_mnesia config mapping
-
-{mapping, "auth.mnesia.password_hash", "emqx_auth_mnesia.password_hash", [
-  {default, sha256},
-  {datatype, {enum, [plain, md5, sha, sha256, sha512]}}
-]}.
-
-{mapping, "auth.client.$id.clientid", "emqx_auth_mnesia.clientid_list", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.client.$id.password", "emqx_auth_mnesia.clientid_list", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mnesia.clientid_list", fun(Conf) ->
-  ClientList = cuttlefish_variable:filter_by_prefix("auth.client", Conf),
-  lists:foldl(
-       fun({["auth", "client", Id, "clientid"], ClientId}, AccIn) ->
-        [{ClientId, cuttlefish:conf_get("auth.client." ++ Id ++ ".password", Conf)} | AccIn];
-       (_, AccIn) ->
-        AccIn
-       end, [], ClientList)
-end}.
-
-{mapping, "auth.user.$id.username", "emqx_auth_mnesia.username_list", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.user.$id.password", "emqx_auth_mnesia.username_list", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mnesia.username_list", fun(Conf) ->
-  Userlist = cuttlefish_variable:filter_by_prefix("auth.user", Conf),
-  lists:foldl(
-    fun({["auth", "user", Id, "username"], Username}, AccIn) ->
-        [{Username, cuttlefish:conf_get("auth.user." ++ Id ++ ".password", Conf)} | AccIn];
-       (_, AccIn) ->
-        AccIn
-       end, [], Userlist)
-end}.
diff --git a/apps/emqx_auth_mnesia/rebar.config b/apps/emqx_auth_mnesia/rebar.config
deleted file mode 100644
index 4c695ec69..000000000
--- a/apps/emqx_auth_mnesia/rebar.config
+++ /dev/null
@@ -1,17 +0,0 @@
-{deps,
- [ ]}.
-
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
diff --git a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl
deleted file mode 100644
index c21955182..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl
+++ /dev/null
@@ -1,104 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mnesia).
-
--include("emqx_auth_mnesia.hrl").
-
--include_lib("stdlib/include/ms_transform.hrl").
-
--define(TABLE, emqx_acl).
-
-%% ACL Callbacks
--export([ init/0
-        , register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
-init() ->
-    ok = ekka_mnesia:create_table(emqx_acl, [
-            {type, bag},
-            {disc_copies, [node()]},
-            {attributes, record_info(fields, emqx_acl)},
-            {storage_properties, [{ets, [{read_concurrency, true}]}]}]),
-    ok = ekka_mnesia:copy_table(emqx_acl, disc_copies).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo = #{ clientid := Clientid }, PubSub, Topic, _NoMatchAction, _Params) ->
-    Username = maps:get(username, ClientInfo, undefined),
-
-    Acls = case Username of
-               undefined ->
-                   emqx_acl_mnesia_cli:lookup_acl({clientid, Clientid}) ++
-                   emqx_acl_mnesia_cli:lookup_acl(all);
-               _ ->
-                   emqx_acl_mnesia_cli:lookup_acl({clientid, Clientid}) ++
-                   emqx_acl_mnesia_cli:lookup_acl({username, Username}) ++
-                   emqx_acl_mnesia_cli:lookup_acl(all)
-           end,
-
-    case match(ClientInfo, PubSub, Topic, Acls) of
-        allow ->
-            emqx_metrics:inc(?ACL_METRICS(allow)),
-            {stop, allow};
-        deny ->
-            emqx_metrics:inc(?ACL_METRICS(deny)),
-            {stop, deny};
-        _ ->
-            emqx_metrics:inc(?ACL_METRICS(ignore)),
-            ok
-    end.
-
-description() -> "Acl with Mnesia".
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%-------------------------------------------------------------------
-
-match(_ClientInfo,  _PubSub, _Topic, []) ->
-    nomatch;
-match(ClientInfo, PubSub, Topic, [ {_, ACLTopic, Action, Access, _} | Acls]) ->
-    case match_actions(PubSub, Action) andalso match_topic(ClientInfo, Topic, ACLTopic) of
-        true -> Access;
-        false -> match(ClientInfo, PubSub, Topic, Acls)
-    end.
-
-match_topic(ClientInfo, Topic, ACLTopic) when is_binary(Topic) ->
-    emqx_topic:match(Topic, feed_var(ClientInfo, ACLTopic)).
-
-match_actions(_, pubsub) -> true;
-match_actions(subscribe, sub) -> true;
-match_actions(publish, pub) -> true;
-match_actions(_, _) -> false.
-
-feed_var(ClientInfo, Pattern) ->
-    feed_var(ClientInfo, emqx_topic:words(Pattern), []).
-feed_var(_ClientInfo, [], Acc) ->
-    emqx_topic:join(lists:reverse(Acc));
-feed_var(ClientInfo = #{clientid := undefined}, [<<"%c">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [<<"%c">>|Acc]);
-feed_var(ClientInfo = #{clientid := ClientId}, [<<"%c">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [ClientId |Acc]);
-feed_var(ClientInfo = #{username := undefined}, [<<"%u">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [<<"%u">>|Acc]);
-feed_var(ClientInfo = #{username := Username}, [<<"%u">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [Username|Acc]);
-feed_var(ClientInfo, [W|Words], Acc) ->
-    feed_var(ClientInfo, Words, [W|Acc]).
diff --git a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl
deleted file mode 100644
index 63e8fedd1..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl
+++ /dev/null
@@ -1,226 +0,0 @@
-%c%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mnesia_api).
-
--include("emqx_auth_mnesia.hrl").
-
--include_lib("stdlib/include/ms_transform.hrl").
-
--import(proplists, [ get_value/2
-                   , get_value/3
-                   ]).
-
--import(minirest,  [return/1]).
-
--rest_api(#{name   => list_clientid,
-            method => 'GET',
-            path   => "/acl/clientid",
-            func   => list_clientid,
-            descr  => "List available mnesia in the cluster"
-           }).
-
--rest_api(#{name   => list_username,
-            method => 'GET',
-            path   => "/acl/username",
-            func   => list_username,
-            descr  => "List available mnesia in the cluster"
-           }).
-
--rest_api(#{name   => list_all,
-            method => 'GET',
-            path   => "/acl/$all",
-            func   => list_all,
-            descr  => "List available mnesia in the cluster"
-           }).
-
--rest_api(#{name   => lookup_clientid,
-            method => 'GET',
-            path   => "/acl/clientid/:bin:clientid",
-            func   => lookup,
-            descr  => "Lookup mnesia in the cluster"
-           }).
-
--rest_api(#{name   => lookup_username,
-            method => 'GET',
-            path   => "/acl/username/:bin:username",
-            func   => lookup,
-            descr  => "Lookup mnesia in the cluster"
-           }).
-
--rest_api(#{name   => add,
-            method => 'POST',
-            path   => "/acl",
-            func   => add,
-            descr  => "Add mnesia in the cluster"
-           }).
-
--rest_api(#{name   => delete_clientid,
-            method => 'DELETE',
-            path   => "/acl/clientid/:bin:clientid/topic/:bin:topic",
-            func   => delete,
-            descr  => "Delete mnesia in the cluster"
-           }).
-
--rest_api(#{name   => delete_username,
-            method => 'DELETE',
-            path   => "/acl/username/:bin:username/topic/:bin:topic",
-            func   => delete,
-            descr  => "Delete mnesia in the cluster"
-           }).
-
--rest_api(#{name   => delete_all,
-            method => 'DELETE',
-            path   => "/acl/$all/topic/:bin:topic",
-            func   => delete,
-            descr  => "Delete mnesia in the cluster"
-           }).
-
-
--export([ list_clientid/2
-        , list_username/2
-        , list_all/2
-        , lookup/2
-        , add/2
-        , delete/2
-        ]).
-
-list_clientid(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(
-                  fun({emqx_acl, {{clientid, Clientid}, Topic}, Action, Access, CreatedAt}) -> {{clientid,Clientid}, Topic, Action,Access, CreatedAt} end),
-    return({ok, emqx_auth_mnesia_api:paginate(emqx_acl, MatchSpec, Params, fun emqx_acl_mnesia_cli:comparing/2, fun format/1)}).
-
-list_username(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(
-                  fun({emqx_acl, {{username, Username}, Topic}, Action, Access, CreatedAt}) -> {{username, Username}, Topic, Action,Access, CreatedAt} end),
-    return({ok, emqx_auth_mnesia_api:paginate(emqx_acl, MatchSpec, Params, fun emqx_acl_mnesia_cli:comparing/2, fun format/1)}).
-
-list_all(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(
-                  fun({emqx_acl, {all, Topic}, Action, Access, CreatedAt}) -> {all, Topic, Action,Access, CreatedAt}end
-                 ),
-    return({ok, emqx_auth_mnesia_api:paginate(emqx_acl, MatchSpec, Params, fun emqx_acl_mnesia_cli:comparing/2, fun format/1)}).
-
-
-lookup(#{clientid := Clientid}, _Params) ->
-    return({ok, format(emqx_acl_mnesia_cli:lookup_acl({clientid, urldecode(Clientid)}))});
-lookup(#{username := Username}, _Params) ->
-    return({ok, format(emqx_acl_mnesia_cli:lookup_acl({username, urldecode(Username)}))}).
-
-add(_Bindings, Params) ->
-    [ P | _] = Params,
-    case is_list(P) of
-        true -> return(do_add(Params, []));
-        false ->
-            Re = do_add(Params),
-            case Re of
-                #{result := ok} -> return({ok, Re});
-                #{result := <<"ok">>} -> return({ok, Re});
-                _ -> return({error, {add, Re}})
-            end
-    end.
-
-do_add([ Params | ParamsN ], ReList) ->
-    do_add(ParamsN, [do_add(Params) | ReList]);
-
-do_add([], ReList) ->
-    {ok, ReList}.
-
-do_add(Params) ->
-    Clientid = get_value(<<"clientid">>, Params, undefined),
-    Username = get_value(<<"username">>, Params, undefined),
-    Login = case {Clientid, Username} of
-                {undefined, undefined} -> all;
-                {_, undefined} -> {clientid, urldecode(Clientid)};
-                {undefined, _} -> {username, urldecode(Username)}
-            end,
-    Topic = urldecode(get_value(<<"topic">>, Params)),
-    Action = urldecode(get_value(<<"action">>, Params)),
-    Access = urldecode(get_value(<<"access">>, Params)),
-    Re = case validate([login, topic, action, access], [Login, Topic, Action, Access]) of
-        ok ->
-            emqx_acl_mnesia_cli:add_acl(Login, Topic, erlang:binary_to_atom(Action, utf8), erlang:binary_to_atom(Access, utf8));
-        Err -> Err
-    end,
-    maps:merge(#{topic => Topic,
-                 action => Action,
-                 access => Access,
-                 result => format_msg(Re)
-                }, case Login of
-                     all -> #{all => '$all'};
-                     _ -> maps:from_list([Login])
-                   end).
-
-delete(#{clientid := Clientid, topic := Topic}, _) ->
-    return(emqx_acl_mnesia_cli:remove_acl({clientid, urldecode(Clientid)}, urldecode(Topic)));
-delete(#{username := Username, topic := Topic}, _) ->
-    return(emqx_acl_mnesia_cli:remove_acl({username, urldecode(Username)}, urldecode(Topic)));
-delete(#{topic := Topic}, _) ->
-    return(emqx_acl_mnesia_cli:remove_acl(all, urldecode(Topic))).
-
-%%------------------------------------------------------------------------------
-%% Interval Funcs
-%%------------------------------------------------------------------------------
-format({{clientid, Clientid}, Topic, Action, Access, _CreatedAt}) ->
-    #{clientid => Clientid, topic => Topic, action => Action, access => Access};
-format({{username, Username}, Topic, Action, Access, _CreatedAt}) ->
-    #{username => Username, topic => Topic, action => Action, access => Access};
-format({all, Topic, Action, Access, _CreatedAt}) ->
-    #{all => '$all', topic => Topic, action => Action, access => Access};
-format(List) when is_list(List) ->
-    format(List, []).
-
-format([L | List], Relist) ->
-    format(List, [format(L) | Relist]);
-format([], ReList) -> lists:reverse(ReList).
-
-validate([], []) ->
-    ok;
-validate([K|Keys], [V|Values]) ->
-   case do_validation(K, V) of
-       false -> {error, K};
-       true  -> validate(Keys, Values)
-   end.
-do_validation(login, all) ->
-    true;
-do_validation(login, {clientid, V}) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(login, {username, V}) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(topic, V) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(action, V) when is_binary(V) ->
-    case V =:= <<"pub">> orelse V =:= <<"sub">> orelse V =:= <<"pubsub">> of
-        true -> true;
-        false -> false
-    end;
-do_validation(access, V) when V =:= <<"allow">> orelse V =:= <<"deny">> ->
-    true;
-do_validation(_, _) ->
-    false.
-
-format_msg(Message)
-  when is_atom(Message);
-       is_binary(Message) -> Message;
-
-format_msg(Message) when is_tuple(Message) ->
-    iolist_to_binary(io_lib:format("~p", [Message])).
-
-urldecode(S) ->
-    emqx_http_lib:uri_decode(S).
diff --git a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
deleted file mode 100644
index 302a81637..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
+++ /dev/null
@@ -1,270 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mnesia_cli).
-
--include("emqx_auth_mnesia.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("stdlib/include/ms_transform.hrl").
--define(TABLE, emqx_acl).
-
-%% Acl APIs
--export([ add_acl/4
-        , lookup_acl/1
-        , all_acls/0
-        , all_acls/1
-        , remove_acl/2
-        ]).
-
--export([cli/1]).
--export([comparing/2]).
-%%--------------------------------------------------------------------
-%% Acl API
-%%--------------------------------------------------------------------
-
-%% @doc Add Acls
--spec(add_acl(login() | all, emqx_topic:topic(), pub | sub | pubsub, allow | deny) ->
-        ok | {error, any()}).
-add_acl(Login, Topic, Action, Access) ->
-    Filter = {Login, Topic},
-    Acl = #?TABLE{
-             filter = Filter,
-             action = Action,
-             access = Access,
-             created_at = erlang:system_time(millisecond)
-            },
-    ret(mnesia:transaction(
-          fun() ->
-                  OldRecords = mnesia:wread({?TABLE, Filter}),
-                  case Action of
-                      pubsub ->
-                          update_permission(pub, Acl, OldRecords),
-                          update_permission(sub, Acl, OldRecords);
-                      _ ->
-                          update_permission(Action, Acl, OldRecords)
-                  end
-          end)).
-
-%% @doc Lookup acl by login
--spec(lookup_acl(login() | all) -> list()).
-lookup_acl(undefined) -> [];
-lookup_acl(Login) ->
-    MatchSpec = ets:fun2ms(fun({?TABLE, {Filter, ACLTopic}, Action, Access, CreatedAt})
-                                 when Filter =:= Login ->
-                                   {Filter, ACLTopic, Action, Access, CreatedAt}
-                           end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec)).
-
-%% @doc Remove acl
--spec(remove_acl(login() | all, emqx_topic:topic()) -> ok | {error, any()}).
-remove_acl(Login, Topic) ->
-    ret(mnesia:transaction(fun mnesia:delete/1, [{?TABLE, {Login, Topic}}])).
-
-%% @doc All logins
--spec(all_acls() -> list()).
-all_acls() ->
-    all_acls(clientid) ++
-    all_acls(username) ++
-    all_acls(all).
-
-all_acls(clientid) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {{clientid, Clientid}, Topic}, Action, Access, CreatedAt}) ->
-                          {{clientid, Clientid}, Topic, Action, Access, CreatedAt}
-                  end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec));
-all_acls(username) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {{username, Username}, Topic}, Action, Access, CreatedAt}) ->
-                          {{username, Username}, Topic, Action, Access, CreatedAt}
-                  end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec));
-all_acls(all) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {all, Topic}, Action, Access, CreatedAt}) ->
-                          {all, Topic, Action, Access, CreatedAt}
-                  end
-                 ),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec)).
-
-%%--------------------------------------------------------------------
-%% ACL Cli
-%%--------------------------------------------------------------------
-
-cli(["list"]) ->
-    [print_acl(Acl) || Acl <- all_acls()];
-
-cli(["list", "clientid"]) ->
-    [print_acl(Acl) || Acl <- all_acls(clientid)];
-
-cli(["list", "username"]) ->
-    [print_acl(Acl) || Acl <- all_acls(username)];
-
-cli(["list", "_all"]) ->
-    [print_acl(Acl) || Acl <- all_acls(all)];
-
-cli(["add", "clientid", Clientid, Topic, Action, Access]) ->
-    case validate(action, Action) andalso validate(access, Access) of
-        true ->
-            case add_acl(
-                   {clientid, iolist_to_binary(Clientid)},
-                   iolist_to_binary(Topic),
-                   list_to_existing_atom(Action),
-                   list_to_existing_atom(Access)
-                  ) of
-                ok -> emqx_ctl:print("ok~n");
-                {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-            end;
-        _ ->
-             emqx_ctl:print("Error: Input is illegal~n")
-    end;
-
-cli(["add", "username", Username, Topic, Action, Access]) ->
-    case validate(action, Action) andalso validate(access, Access) of
-        true ->
-            case add_acl(
-                   {username, iolist_to_binary(Username)},
-                   iolist_to_binary(Topic),
-                   list_to_existing_atom(Action),
-                   list_to_existing_atom(Access)
-                  ) of
-                ok -> emqx_ctl:print("ok~n");
-                {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-            end;
-        _ ->
-             emqx_ctl:print("Error: Input is illegal~n")
-    end;
-
-cli(["add", "_all", Topic, Action, Access]) ->
-    case validate(action, Action) andalso validate(access, Access) of
-        true ->
-            case add_acl(
-                   all,
-                   iolist_to_binary(Topic),
-                   list_to_existing_atom(Action),
-                   list_to_existing_atom(Access)
-                  ) of
-                ok -> emqx_ctl:print("ok~n");
-                {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-            end;
-        _ ->
-             emqx_ctl:print("Error: Input is illegal~n")
-    end;
-
-cli(["show", "clientid", Clientid]) ->
-    [print_acl(Acl) || Acl <- lookup_acl({clientid, iolist_to_binary(Clientid)})];
-
-cli(["show", "username", Username]) ->
-    [print_acl(Acl) || Acl <- lookup_acl({username, iolist_to_binary(Username)})];
-
-cli(["del", "clientid", Clientid, Topic])->
-    cli(["delete", "clientid", Clientid, Topic]);
-
-cli(["delete", "clientid", Clientid, Topic])->
-    case remove_acl({clientid, iolist_to_binary(Clientid)}, iolist_to_binary(Topic)) of
-         ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-cli(["del", "username", Username, Topic])->
-    cli(["delete", "username", Username, Topic]);
-
-cli(["delete", "username", Username, Topic])->
-    case remove_acl({username, iolist_to_binary(Username)}, iolist_to_binary(Topic)) of
-         ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-cli(["del", "_all", Topic])->
-    cli(["delete", "_all", Topic]);
-
-cli(["delete", "_all", Topic])->
-    case remove_acl(all, iolist_to_binary(Topic)) of
-         ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-cli(_) ->
-    emqx_ctl:usage([ {"acl list clientid", "List clientid acls"}
-                   , {"acl list username", "List username acls"}
-                   , {"acl list _all", "List $all acls"}
-                   , {"acl show clientid <Clientid>", "Lookup clientid acl detail"}
-                   , {"acl show username <Username>", "Lookup username acl detail"}
-                   , {"acl aad clientid <Clientid> <Topic> <Action> <Access>", "Add clientid acl"}
-                   , {"acl add Username <Username> <Topic> <Action> <Access>", "Add username acl"}
-                   , {"acl add _all <Topic> <Action> <Access>", "Add $all acl"}
-                   , {"acl delete clientid <Clientid> <Topic>", "Delete clientid acl"}
-                   , {"acl delete username <Username> <Topic>", "Delete username acl"}
-                   , {"acl delete _all <Topic>", "Delete $all acl"}
-                   ]).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-comparing({_, _, _, _, CreatedAt1},
-          {_, _, _, _, CreatedAt2}) ->
-    CreatedAt1 >= CreatedAt2.
-
-ret({atomic, ok})     -> ok;
-ret({aborted, Error}) -> {error, Error}.
-
-validate(action, "pub") -> true;
-validate(action, "sub") -> true;
-validate(action, "pubsub") -> true;
-validate(access, "allow") -> true;
-validate(access, "deny") -> true;
-validate(_, _) -> false.
-
-print_acl({{clientid, Clientid}, Topic, Action, Access, _}) ->
-    emqx_ctl:print(
-        "Acl(clientid = ~p topic = ~p action = ~p access = ~p)~n",
-        [Clientid, Topic, Action, Access]
-      );
-print_acl({{username, Username}, Topic, Action, Access, _}) ->
-    emqx_ctl:print(
-        "Acl(username = ~p topic = ~p action = ~p access = ~p)~n",
-        [Username, Topic, Action, Access]
-      );
-print_acl({all, Topic, Action, Access, _}) ->
-    emqx_ctl:print(
-        "Acl($all topic = ~p action = ~p access = ~p)~n",
-        [Topic, Action, Access]
-     ).
-
-update_permission(Action, Acl0, OldRecords) ->
-    Acl = Acl0 #?TABLE{action = Action},
-    maybe_delete_shadowed_records(Action, OldRecords),
-    mnesia:write(Acl).
-
-maybe_delete_shadowed_records(_, []) ->
-    ok;
-maybe_delete_shadowed_records(Action1, [Rec = #emqx_acl{action = Action2} | Rest]) ->
-    if Action1 =:= Action2 ->
-            ok = mnesia:delete_object(Rec);
-       Action2 =:= pubsub ->
-            %% Perform migration from the old data format on the
-            %% fly. This is needed only for the enterprise version,
-            %% delete this branch on 5.0
-            mnesia:delete_object(Rec),
-            mnesia:write(Rec#?TABLE{action = other_action(Action1)});
-       true ->
-            ok
-    end,
-    maybe_delete_shadowed_records(Action1, Rest).
-
-other_action(pub) -> sub;
-other_action(sub) -> pub.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
deleted file mode 100644
index 8ff574ab5..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_mnesia,
- [{description, "EMQ X Authentication with Mnesia"},
-  {vsn, "4.3.1"}, % strict semver, bump manually
-  {modules, []},
-  {registered, []},
-  {applications, [kernel,stdlib,mnesia]},
-  {mod, {emqx_auth_mnesia_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-mnesia"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
deleted file mode 100644
index 5b26c962c..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
+++ /dev/null
@@ -1,13 +0,0 @@
-%% -*-: erlang -*-
-{VSN,
- [
-   {"4.3.0", [
-     {restart_application, emqx_auth_mnesia}
-   ]}
- ],
- [
-   {"4.3.0", [
-     {restart_application, emqx_auth_mnesia}
-   ]}
- ]
-}.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
deleted file mode 100644
index 905bcaaf0..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
+++ /dev/null
@@ -1,109 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia).
-
--include("emqx_auth_mnesia.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("emqx/include/types.hrl").
-
--include_lib("stdlib/include/ms_transform.hrl").
-
--define(TABLE, emqx_user).
-%% Auth callbacks
--export([ init/1
-        , register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
-init(#{clientid_list := ClientidList, username_list := UsernameList}) ->
-    ok = ekka_mnesia:create_table(?TABLE, [
-            {disc_copies, [node()]},
-            {attributes, record_info(fields, emqx_user)},
-            {storage_properties, [{ets, [{read_concurrency, true}]}]}]),
-    _ = [ add_default_user({{clientid, iolist_to_binary(Clientid)}, iolist_to_binary(Password)})
-      || {Clientid, Password} <- ClientidList],
-    _ = [ add_default_user({{username, iolist_to_binary(Username)}, iolist_to_binary(Password)})
-      || {Username, Password} <- UsernameList],
-    ok = ekka_mnesia:copy_table(?TABLE, disc_copies).
-
-%% @private
-add_default_user({Login, Password}) when is_tuple(Login) ->
-    emqx_auth_mnesia_cli:add_user(Login, Password).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{ clientid := Clientid
-                    , password := NPassword
-                    }, AuthResult, #{hash_type := HashType}) ->
-    Username = maps:get(username, ClientInfo, undefined),
-    MatchSpec = ets:fun2ms(fun({?TABLE, {clientid, X}, Password, InterTime}) when X =:= Clientid-> Password;
-                              ({?TABLE, {username, X}, Password, InterTime}) when X =:= Username andalso X =/= undefined -> Password
-                           end),
-    case ets:select(?TABLE, MatchSpec) of
-        [] ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore)),
-            ok;
-        List ->
-            case match_password(NPassword, HashType, List)  of
-                false ->
-                    ?LOG(error, "[Mnesia] Auth from mnesia failed: ~p", [ClientInfo]),
-                    emqx_metrics:inc(?AUTH_METRICS(failure)),
-                    {stop, AuthResult#{anonymous => false, auth_result => password_error}};
-                _ ->
-                    emqx_metrics:inc(?AUTH_METRICS(success)),
-                    {stop, AuthResult#{anonymous => false, auth_result => success}}
-            end
-    end.
-
-description() -> "Authentication with Mnesia".
-
-match_password(Password, HashType, HashList) ->
-    lists:any(
-      fun(Secret) ->
-        case is_salt_hash(Secret, HashType) of
-            true ->
-                <<Salt:4/binary, Hash/binary>> = Secret,
-                Hash =:= hash(Password, Salt, HashType);
-            _ ->
-                Secret =:= hash(Password, HashType)
-        end
-      end, HashList).
-
-hash(undefined, HashType) ->
-    hash(<<>>, HashType);
-hash(Password, HashType) ->
-    emqx_passwd:hash(HashType, Password).
-
-hash(undefined, SaltBin, HashType) ->
-    hash(<<>>, SaltBin, HashType);
-hash(Password, SaltBin, HashType) ->
-    emqx_passwd:hash(HashType, <<SaltBin/binary, Password/binary>>).
-
-is_salt_hash(_, plain) ->
-    true;
-is_salt_hash(Secret, HashType) ->
-    not (byte_size(Secret) == len(HashType)).
-
-len(md5) -> 32;
-len(sha) -> 40;
-len(sha256) -> 64;
-len(sha512) -> 128.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl
deleted file mode 100644
index 07ff3bdf5..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl
+++ /dev/null
@@ -1,305 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_api).
-
--include_lib("stdlib/include/qlc.hrl").
--include_lib("stdlib/include/ms_transform.hrl").
-
--define(TABLE, emqx_user).
-
--import(proplists, [get_value/2]).
--import(minirest,  [return/1]).
--export([paginate/5]).
-
--export([ list_clientid/2
-        , lookup_clientid/2
-        , add_clientid/2
-        , update_clientid/2
-        , delete_clientid/2
-        ]).
-
--rest_api(#{name   => list_clientid,
-            method => 'GET',
-            path   => "/auth_clientid",
-            func   => list_clientid,
-            descr  => "List available clientid in the cluster"
-           }).
-
--rest_api(#{name   => lookup_clientid,
-            method => 'GET',
-            path   => "/auth_clientid/:bin:clientid",
-            func   => lookup_clientid,
-            descr  => "Lookup clientid in the cluster"
-           }).
-
--rest_api(#{name   => add_clientid,
-            method => 'POST',
-            path   => "/auth_clientid",
-            func   => add_clientid,
-            descr  => "Add clientid in the cluster"
-           }).
-
--rest_api(#{name   => update_clientid,
-            method => 'PUT',
-            path   => "/auth_clientid/:bin:clientid",
-            func   => update_clientid,
-            descr  => "Update clientid in the cluster"
-           }).
-
--rest_api(#{name   => delete_clientid,
-            method => 'DELETE',
-            path   => "/auth_clientid/:bin:clientid",
-            func   => delete_clientid,
-            descr  => "Delete clientid in the cluster"
-           }).
-
--export([ list_username/2
-        , lookup_username/2
-        , add_username/2
-        , update_username/2
-        , delete_username/2
-        ]).
-
--rest_api(#{name   => list_username,
-            method => 'GET',
-            path   => "/auth_username",
-            func   => list_username,
-            descr  => "List available username in the cluster"
-           }).
-
--rest_api(#{name   => lookup_username,
-            method => 'GET',
-            path   => "/auth_username/:bin:username",
-            func   => lookup_username,
-            descr  => "Lookup username in the cluster"
-           }).
-
--rest_api(#{name   => add_username,
-            method => 'POST',
-            path   => "/auth_username",
-            func   => add_username,
-            descr  => "Add username in the cluster"
-           }).
-
--rest_api(#{name   => update_username,
-            method => 'PUT',
-            path   => "/auth_username/:bin:username",
-            func   => update_username,
-            descr  => "Update username in the cluster"
-           }).
-
--rest_api(#{name   => delete_username,
-            method => 'DELETE',
-            path   => "/auth_username/:bin:username",
-            func   => delete_username,
-            descr  => "Delete username in the cluster"
-           }).
-
-%%------------------------------------------------------------------------------
-%% Auth Clientid Api
-%%------------------------------------------------------------------------------
-
-list_clientid(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(fun({?TABLE, {clientid, Clientid}, Password, CreatedAt}) -> {?TABLE, {clientid, Clientid}, Password, CreatedAt} end),
-    return({ok, paginate(?TABLE, MatchSpec, Params, fun emqx_auth_mnesia_cli:comparing/2, fun({?TABLE, {clientid, X}, _, _}) -> #{clientid => X} end)}).
-
-lookup_clientid(#{clientid := Clientid}, _Params) ->
-    return({ok, format(emqx_auth_mnesia_cli:lookup_user({clientid, urldecode(Clientid)}))}).
-
-add_clientid(_Bindings, Params) ->
-    [ P | _] = Params,
-    case is_list(P) of
-        true -> return(do_add_clientid(Params, []));
-        false ->
-            Re = do_add_clientid(Params),
-            case Re of
-                ok -> return(ok);
-                {error, Error} -> return({error, format_msg(Error)})
-            end
-    end.
-
-do_add_clientid([ Params | ParamsN ], ReList ) ->
-    Clientid = urldecode(get_value(<<"clientid">>, Params)),
-    do_add_clientid(ParamsN, [{Clientid, format_msg(do_add_clientid(Params))} | ReList]);
-
-do_add_clientid([], ReList) ->
-    {ok, ReList}.
-
-do_add_clientid(Params) ->
-    Clientid = urldecode(get_value(<<"clientid">>, Params)),
-    Password = urldecode(get_value(<<"password">>, Params)),
-    Login = {clientid, Clientid},
-    case validate([login, password], [Login, Password]) of
-        ok ->
-            emqx_auth_mnesia_cli:add_user(Login, Password);
-        Err -> Err
-    end.
-
-update_clientid(#{clientid := Clientid}, Params) ->
-    Password = get_value(<<"password">>, Params),
-    case validate([password], [Password]) of
-        ok -> return(emqx_auth_mnesia_cli:update_user({clientid, urldecode(Clientid)}, urldecode(Password)));
-        Err -> return(Err)
-    end.
-
-delete_clientid(#{clientid := Clientid}, _) ->
-    return(emqx_auth_mnesia_cli:remove_user({clientid, urldecode(Clientid)})).
-
-%%------------------------------------------------------------------------------
-%% Auth Username Api
-%%------------------------------------------------------------------------------
-
-list_username(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(fun({?TABLE, {username, Username}, Password, CreatedAt}) -> {?TABLE, {username, Username}, Password, CreatedAt} end),
-    return({ok, paginate(?TABLE, MatchSpec, Params, fun emqx_auth_mnesia_cli:comparing/2, fun({?TABLE, {username, X}, _, _}) -> #{username => X} end)}).
-
-lookup_username(#{username := Username}, _Params) ->
-    return({ok, format(emqx_auth_mnesia_cli:lookup_user({username, urldecode(Username)}))}).
-
-add_username(_Bindings, Params) ->
-    [ P | _] = Params,
-    case is_list(P) of
-        true -> return(do_add_username(Params, []));
-        false ->
-            case do_add_username(Params) of
-                ok -> return(ok);
-                {error, Error} -> return({error, format_msg(Error)})
-            end
-    end.
-
-do_add_username([ Params | ParamsN ], ReList ) ->
-    Username = urldecode(get_value(<<"username">>, Params)),
-    do_add_username(ParamsN, [{Username, format_msg(do_add_username(Params))} | ReList]);
-
-do_add_username([], ReList) ->
-    {ok, ReList}.
-
-do_add_username(Params) ->
-    Username = urldecode(get_value(<<"username">>, Params)),
-    Password = urldecode(get_value(<<"password">>, Params)),
-    Login = {username, Username},
-    case validate([login, password], [Login, Password]) of
-        ok ->
-            emqx_auth_mnesia_cli:add_user(Login, Password);
-        Err -> Err
-    end.
-
-update_username(#{username := Username}, Params) ->
-    Password = get_value(<<"password">>, Params),
-    case validate([password], [Password]) of
-        ok -> return(emqx_auth_mnesia_cli:update_user({username, urldecode(Username)}, urldecode(Password)));
-        Err -> return(Err)
-    end.
-
-delete_username(#{username := Username}, _) ->
-    return(emqx_auth_mnesia_cli:remove_user({username, urldecode(Username)})).
-
-%%------------------------------------------------------------------------------
-%% Paging Query
-%%------------------------------------------------------------------------------
-
-paginate(Tables, MatchSpec, Params, ComparingFun, RowFun) ->
-    Qh = query_handle(Tables, MatchSpec),
-    Count = count(Tables, MatchSpec),
-    Page = page(Params),
-    Limit = limit(Params),
-    Cursor = qlc:cursor(Qh),
-    case Page > 1 of
-        true  ->
-            _ = qlc:next_answers(Cursor, (Page - 1) * Limit),
-            ok;
-        false -> ok
-    end,
-    Rows = qlc:next_answers(Cursor, Limit),
-    qlc:delete_cursor(Cursor),
-    #{meta  => #{page => Page, limit => Limit, count => Count},
-      data  => [RowFun(Row) || Row <- lists:sort(ComparingFun, Rows)]}.
-
-query_handle(Table, MatchSpec) when is_atom(Table) ->
-    Options = {traverse, {select, MatchSpec}},
-    qlc:q([R|| R <- ets:table(Table, Options)]);
-query_handle([Table], MatchSpec) when is_atom(Table) ->
-    Options = {traverse, {select, MatchSpec}},
-    qlc:q([R|| R <- ets:table(Table, Options)]);
-query_handle(Tables, MatchSpec) ->
-    Options = {traverse, {select, MatchSpec}},
-    qlc:append([qlc:q([E || E <- ets:table(T, Options)]) || T <- Tables]).
-
-count(Table, MatchSpec) when is_atom(Table) ->
-    [{MatchPattern, Where, _Re}] = MatchSpec,
-    NMatchSpec = [{MatchPattern, Where, [true]}],
-    ets:select_count(Table, NMatchSpec);
-count([Table], MatchSpec) when is_atom(Table) ->
-    [{MatchPattern, Where, _Re}] = MatchSpec,
-    NMatchSpec = [{MatchPattern, Where, [true]}],
-    ets:select_count(Table, NMatchSpec);
-count(Tables, MatchSpec) ->
-    lists:sum([count(T, MatchSpec) || T <- Tables]).
-
-page(Params) ->
-    binary_to_integer(proplists:get_value(<<"_page">>, Params, <<"1">>)).
-
-limit(Params) ->
-    case proplists:get_value(<<"_limit">>, Params) of
-        undefined -> 10;
-        Size      -> binary_to_integer(Size)
-    end.
-
-%%------------------------------------------------------------------------------
-%% Interval Funcs
-%%------------------------------------------------------------------------------
-
-format([{?TABLE, {clientid, ClientId}, Password, _InterTime}]) ->
-    #{clientid => ClientId,
-      password => Password};
-
-format([{?TABLE, {username, Username}, Password, _InterTime}]) ->
-    #{username => Username,
-      password => Password};
-
-format([]) ->
-    #{}.
-
-validate([], []) ->
-    ok;
-validate([K|Keys], [V|Values]) ->
-   case do_validation(K, V) of
-       false -> {error, K};
-       true  -> validate(Keys, Values)
-   end.
-
-do_validation(login, {clientid, V}) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(login, {username, V}) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(password, V) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(_, _) ->
-    false.
-
-format_msg(Message)
-  when is_atom(Message);
-       is_binary(Message) -> Message;
-
-format_msg(Message) when is_tuple(Message) ->
-    iolist_to_binary(io_lib:format("~p", [Message])).
-
-urldecode(S) ->
-    emqx_http_lib:uri_decode(S).
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
deleted file mode 100644
index 91f4bdf4f..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
+++ /dev/null
@@ -1,68 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_mnesia.hrl").
-
-%% Application callbacks
--export([ start/2
-        , prep_stop/1
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_mnesia_sup:start_link(),
-    emqx_ctl:register_command(clientid, {emqx_auth_mnesia_cli, auth_clientid_cli}, []),
-    emqx_ctl:register_command(user, {emqx_auth_mnesia_cli, auth_username_cli}, []),
-    emqx_ctl:register_command(acl, {emqx_acl_mnesia_cli, cli}, []),
-    _ = load_auth_hook(),
-    _ = load_acl_hook(),
-    {ok, Sup}.
-
-prep_stop(State) ->
-    emqx:unhook('client.authenticate', {emqx_auth_mnesia, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_mnesia, check_acl}),
-    emqx_ctl:unregister_command(clientid),
-    emqx_ctl:unregister_command(user),
-    emqx_ctl:unregister_command(acl),
-    State.
-
-stop(_State) ->
-    ok.
-
-load_auth_hook() ->
-    ClientidList = application:get_env(?APP, clientid_list, []),
-    UsernameList = application:get_env(?APP, username_list, []),
-    ok = emqx_auth_mnesia:init(#{clientid_list => ClientidList, username_list => UsernameList}),
-    ok = emqx_auth_mnesia:register_metrics(),
-    Params = #{
-            hash_type => application:get_env(emqx_auth_mnesia, password_hash, sha256)
-            },
-    emqx:hook('client.authenticate', {emqx_auth_mnesia, check, [Params]}).
-
-load_acl_hook() ->
-    ok = emqx_acl_mnesia:init(),
-    ok = emqx_acl_mnesia:register_metrics(),
-    emqx:hook('client.check_acl', {emqx_acl_mnesia, check_acl, [#{}]}).
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
deleted file mode 100644
index d89e6836c..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
+++ /dev/null
@@ -1,194 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_cli).
-
--include("emqx_auth_mnesia.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("stdlib/include/ms_transform.hrl").
--define(TABLE, emqx_user).
-%% Auth APIs
--export([ add_user/2
-        , update_user/2
-        , remove_user/1
-        , lookup_user/1
-        , all_users/0
-        , all_users/1
-        ]).
-%% Cli
--export([ auth_clientid_cli/1
-        , auth_username_cli/1
-        ]).
-
-%% Helper
--export([comparing/2]).
-
-%%--------------------------------------------------------------------
-%% Auth APIs
-%%--------------------------------------------------------------------
-
-%% @doc Add User
--spec(add_user(tuple(), binary()) -> ok | {error, any()}).
-add_user(Login, Password) ->
-    User = #emqx_user{
-              login = Login,
-              password = encrypted_data(Password),
-              created_at = erlang:system_time(millisecond)
-             },
-    ret(mnesia:transaction(fun insert_user/1, [User])).
-
-insert_user(User = #emqx_user{login = Login}) ->
-    case mnesia:read(?TABLE, Login) of
-        []    -> mnesia:write(User);
-        [_|_] -> mnesia:abort(existed)
-    end.
-
-%% @doc Update User
--spec(update_user(tuple(), binary()) -> ok | {error, any()}).
-update_user(Login, NewPassword) ->
-    ret(mnesia:transaction(fun do_update_user/2, [Login, encrypted_data(NewPassword)])).
-
-do_update_user(Login, NewPassword) ->
-    case mnesia:read(?TABLE, Login) of
-        [#emqx_user{} = User] ->
-            mnesia:write(User#emqx_user{password = NewPassword});
-        [] -> mnesia:abort(noexisted)
-    end.
-
-%% @doc Lookup user by login
--spec(lookup_user(tuple()) -> list()).
-lookup_user(undefined) -> [];
-lookup_user(Login) ->
-    Re = mnesia:dirty_read(?TABLE, Login),
-    lists:sort(fun comparing/2, Re).
-
-%% @doc Remove user
--spec(remove_user(tuple()) -> ok | {error, any()}).
-remove_user(Login) ->
-    ret(mnesia:transaction(fun mnesia:delete/1, [{?TABLE, Login}])).
-
-%% @doc All logins
--spec(all_users() -> list()).
-all_users() -> mnesia:dirty_all_keys(?TABLE).
-
-all_users(clientid) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {clientid, Clientid}, Password, CreatedAt}) ->
-                          {?TABLE, {clientid, Clientid}, Password, CreatedAt}
-                  end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec));
-all_users(username) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {username, Username}, Password, CreatedAt}) ->
-                          {?TABLE, {username, Username}, Password, CreatedAt}
-                  end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec)).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-comparing({?TABLE, _, _, CreatedAt1},
-          {?TABLE, _, _, CreatedAt2}) ->
-    CreatedAt1 >= CreatedAt2.
-
-ret({atomic, ok})     -> ok;
-ret({aborted, Error}) -> {error, Error}.
-
-encrypted_data(Password) ->
-    HashType = application:get_env(emqx_auth_mnesia, password_hash, sha256),
-    SaltBin = salt(),
-    <<SaltBin/binary, (hash(Password, SaltBin, HashType))/binary>>.
-
-hash(undefined, SaltBin, HashType) ->
-    hash(<<>>, SaltBin, HashType);
-hash(Password, SaltBin, HashType) ->
-    emqx_passwd:hash(HashType, <<SaltBin/binary, Password/binary>>).
-
-salt() ->
-    {_AlgHandler, _AlgState} = rand:seed(exsplus, erlang:timestamp()),
-    Salt = rand:uniform(16#ffffffff), <<Salt:32>>.
-
-%%--------------------------------------------------------------------
-%% Auth Clientid Cli
-%%--------------------------------------------------------------------
-
-auth_clientid_cli(["list"]) ->
-    [emqx_ctl:print("~s~n", [ClientId])
-     || {?TABLE, {clientid, ClientId}, _Password, _CreatedAt} <- all_users(clientid)
-    ];
-
-auth_clientid_cli(["add", ClientId, Password]) ->
-    case add_user({clientid, iolist_to_binary(ClientId)}, iolist_to_binary(Password)) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_clientid_cli(["update", ClientId, NewPassword]) ->
-    case update_user({clientid, iolist_to_binary(ClientId)}, iolist_to_binary(NewPassword)) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_clientid_cli(["del", ClientId]) ->
-    auth_clientid_cli(["delete", ClientId]);
-
-auth_clientid_cli(["delete", ClientId]) ->
-    case  remove_user({clientid, iolist_to_binary(ClientId)}) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_clientid_cli(_) ->
-    emqx_ctl:usage([{"clientid list", "List clientid auth rules"},
-                    {"clientid add <Username> <Password>", "Add clientid auth rule"},
-                    {"clientid update <Username> <NewPassword>", "Update clientid auth rule"},
-                    {"clientid delete <Username>", "Delete clientid auth rule"}]).
-
-%%--------------------------------------------------------------------
-%% Auth Username Cli
-%%--------------------------------------------------------------------
-
-auth_username_cli(["list"]) ->
-    [emqx_ctl:print("~s~n", [Username])
-     || {?TABLE, {username, Username}, _Password, _CreatedAt} <- all_users(username)
-    ];
-
-auth_username_cli(["add", Username, Password]) ->
-    case add_user({username, iolist_to_binary(Username)}, iolist_to_binary(Password)) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_username_cli(["update", Username, NewPassword]) ->
-    case update_user({username, iolist_to_binary(Username)}, iolist_to_binary(NewPassword)) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-auth_username_cli(["del", Username]) ->
-    auth_username_cli(["delete", Username]);
-
-auth_username_cli(["delete", Username]) ->
-    case  remove_user({username, iolist_to_binary(Username)}) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_username_cli(_) ->
-    emqx_ctl:usage([{"user list", "List username auth rules"},
-                    {"user add <Username> <Password>", "Add username auth rule"},
-                    {"user update <Username> <NewPassword>", "Update username auth rule"},
-                    {"user delete <Username>", "Delete username auth rule"}]).
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl
deleted file mode 100644
index 3784eaaf6..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl
+++ /dev/null
@@ -1,36 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_mnesia.hrl").
-
--export([start_link/0]).
-
-%% Supervisor callbacks
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-%%--------------------------------------------------------------------
-%% Supervisor callbacks
-%%--------------------------------------------------------------------
-
-init([]) ->
-    {ok, {{one_for_one, 10, 100}, []}}.
\ No newline at end of file
diff --git a/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl b/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
deleted file mode 100644
index f7994387b..000000000
--- a/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
+++ /dev/null
@@ -1,293 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mnesia_SUITE).
-
--compile(nowarn_export_all).
--compile(export_all).
-
--include("emqx_auth_mnesia.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--import(emqx_ct_http, [ request_api/3
-                      , request_api/5
-                      , get_http_data/1
-                      , create_default_app/0
-                      , delete_default_app/0
-                      , default_auth_header/0
-                      ]).
-
--define(HOST, "http://127.0.0.1:8081/").
--define(API_VERSION, "v4").
--define(BASE_PATH, "api").
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-groups() ->
-    [].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_modules, emqx_management, emqx_auth_mnesia], fun set_special_configs/1),
-    create_default_app(),
-    Config.
-
-end_per_suite(_Config) ->
-    delete_default_app(),
-    emqx_ct_helpers:stop_apps([emqx_modules, emqx_management, emqx_auth_mnesia]).
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, true),
-    application:set_env(emqx, enable_acl_cache, false),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(_App) ->
-    ok.
-
-%%------------------------------------------------------------------------------
-%% Testcases
-%%------------------------------------------------------------------------------
-
-t_management(_Config) ->
-    clean_all_acls(),
-    ?assertEqual("Acl with Mnesia", emqx_acl_mnesia:description()),
-    ?assertEqual([], emqx_acl_mnesia_cli:all_acls()),
-
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/%c">>, sub, allow),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/+">>, pub, deny),
-    ok = emqx_acl_mnesia_cli:add_acl({username, <<"test_username">>}, <<"topic/%u">>, sub, deny),
-    ok = emqx_acl_mnesia_cli:add_acl({username, <<"test_username">>}, <<"topic/+">>, pub, allow),
-    ok = emqx_acl_mnesia_cli:add_acl(all, <<"#">>, pubsub, deny),
-    %% Sleeps below are needed to hide the race condition between
-    %% mnesia and ets dirty select in check_acl, that make this test
-    %% flaky
-    timer:sleep(100),
-
-    ?assertEqual(2, length(emqx_acl_mnesia_cli:lookup_acl({clientid, <<"test_clientid">>}))),
-    ?assertEqual(2, length(emqx_acl_mnesia_cli:lookup_acl({username, <<"test_username">>}))),
-    ?assertEqual(2, length(emqx_acl_mnesia_cli:lookup_acl(all))),
-    ?assertEqual(6, length(emqx_acl_mnesia_cli:all_acls())),
-
-    User1 = #{zone => external, clientid => <<"test_clientid">>},
-    User2 = #{zone => external, clientid => <<"no_exist">>, username => <<"test_username">>},
-    User3 = #{zone => external, clientid => <<"test_clientid">>, username => <<"test_username">>},
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"topic/test_clientid">>),
-    deny  = emqx_access_control:check_acl(User1, publish,   <<"topic/A">>),
-    deny  = emqx_access_control:check_acl(User2, subscribe, <<"topic/test_username">>),
-    allow = emqx_access_control:check_acl(User2, publish,   <<"topic/A">>),
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"topic/test_clientid">>),
-    deny  = emqx_access_control:check_acl(User3, subscribe, <<"topic/test_username">>),
-    deny  = emqx_access_control:check_acl(User3, publish,   <<"topic/A">>),
-    deny  = emqx_access_control:check_acl(User3, subscribe, <<"topic/A/B">>),
-    deny  = emqx_access_control:check_acl(User3, publish,   <<"topic/A/B">>),
-
-    %% Test merging of pubsub capability:
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pubsub, deny),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    deny  = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pub, allow),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    allow = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pubsub, allow),
-    timer:sleep(100),
-    allow = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    allow = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, sub, deny),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    allow = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pub, deny),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    deny  = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-
-    %% Test implicit migration of pubsub to pub and sub:
-    ok = emqx_acl_mnesia_cli:remove_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>),
-    ok = mnesia:dirty_write(#emqx_acl{
-                               filter = {{clientid, <<"test_clientid">>}, <<"topic/mix">>},
-                               action = pubsub,
-                               access = allow,
-                               created_at = erlang:system_time(millisecond)
-                              }),
-    timer:sleep(100),
-    allow = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    allow = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pub, deny),
-    timer:sleep(100),
-    allow = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    deny  = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, sub, deny),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    deny  = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-
-    ok = emqx_acl_mnesia_cli:remove_acl({clientid, <<"test_clientid">>}, <<"topic/%c">>),
-    ok = emqx_acl_mnesia_cli:remove_acl({clientid, <<"test_clientid">>}, <<"topic/+">>),
-    ok = emqx_acl_mnesia_cli:remove_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:remove_acl({username, <<"test_username">>}, <<"topic/%u">>),
-    ok = emqx_acl_mnesia_cli:remove_acl({username, <<"test_username">>}, <<"topic/+">>),
-    ok = emqx_acl_mnesia_cli:remove_acl(all, <<"#">>),
-    timer:sleep(100),
-
-    ?assertEqual([], emqx_acl_mnesia_cli:all_acls()).
-
-t_acl_cli(_Config) ->
-    meck:new(emqx_ctl, [non_strict, passthrough]),
-    meck:expect(emqx_ctl, print, fun(Arg) -> emqx_ctl:format(Arg) end),
-    meck:expect(emqx_ctl, print, fun(Msg, Arg) -> emqx_ctl:format(Msg, Arg) end),
-    meck:expect(emqx_ctl, usage, fun(Usages) -> emqx_ctl:format_usage(Usages) end),
-    meck:expect(emqx_ctl, usage, fun(Cmd, Descr) -> emqx_ctl:format_usage(Cmd, Descr) end),
-
-    clean_all_acls(),
-
-    ?assertEqual(0, length(emqx_acl_mnesia_cli:cli(["list"]))),
-
-    emqx_acl_mnesia_cli:cli(["add", "clientid", "test_clientid", "topic/A", "pub", "deny"]),
-    emqx_acl_mnesia_cli:cli(["add", "clientid", "test_clientid", "topic/A", "pub", "allow"]),
-    R1 = emqx_ctl:format("Acl(clientid = ~p topic = ~p action = ~p access = ~p)~n",
-                         [<<"test_clientid">>, <<"topic/A">>, pub, allow]),
-    ?assertEqual([R1], emqx_acl_mnesia_cli:cli(["show", "clientid", "test_clientid"])),
-    ?assertEqual([R1], emqx_acl_mnesia_cli:cli(["list", "clientid"])),
-
-    emqx_acl_mnesia_cli:cli(["add", "username", "test_username", "topic/B", "sub", "deny"]),
-    R2 = emqx_ctl:format("Acl(username = ~p topic = ~p action = ~p access = ~p)~n",
-                         [<<"test_username">>, <<"topic/B">>, sub, deny]),
-    ?assertEqual([R2], emqx_acl_mnesia_cli:cli(["show", "username", "test_username"])),
-    ?assertEqual([R2], emqx_acl_mnesia_cli:cli(["list", "username"])),
-
-    emqx_acl_mnesia_cli:cli(["add", "_all", "#", "pub", "allow"]),
-    emqx_acl_mnesia_cli:cli(["add", "_all", "#", "pubsub", "deny"]),
-    ?assertMatch(["",
-                  "Acl($all topic = <<\"#\">> action = pub access = deny)",
-                  "Acl($all topic = <<\"#\">> action = sub access = deny)"],
-                 lists:sort(string:split(emqx_acl_mnesia_cli:cli(["list", "_all"]), "\n", all))
-                ),
-    ?assertEqual(4, length(emqx_acl_mnesia_cli:cli(["list"]))),
-
-    emqx_acl_mnesia_cli:cli(["del", "clientid", "test_clientid", "topic/A"]),
-    emqx_acl_mnesia_cli:cli(["del", "username", "test_username", "topic/B"]),
-    emqx_acl_mnesia_cli:cli(["del", "_all", "#"]),
-    ?assertEqual(0, length(emqx_acl_mnesia_cli:cli(["list"]))),
-
-    meck:unload(emqx_ctl).
-
-t_rest_api(_Config) ->
-    clean_all_acls(),
-
-    Params1 = [#{<<"clientid">> => <<"test_clientid">>,
-                 <<"topic">> => <<"topic/A">>,
-                 <<"action">> => <<"pub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"clientid">> => <<"test_clientid">>,
-                 <<"topic">> => <<"topic/B">>,
-                 <<"action">> => <<"sub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"clientid">> => <<"test_clientid">>,
-                 <<"topic">> => <<"topic/C">>,
-                 <<"action">> => <<"pubsub">>,
-                 <<"access">> => <<"deny">>
-                }],
-    {ok, _} = request_http_rest_add([], Params1),
-    {ok, Re1} = request_http_rest_list(["clientid", "test_clientid"]),
-    ?assertMatch(4, length(get_http_data(Re1))),
-    {ok, _} = request_http_rest_delete(["clientid", "test_clientid", "topic", "topic/A"]),
-    {ok, _} = request_http_rest_delete(["clientid", "test_clientid", "topic", "topic/B"]),
-    {ok, _} = request_http_rest_delete(["clientid", "test_clientid", "topic", "topic/C"]),
-    {ok, Res1} = request_http_rest_list(["clientid"]),
-    ?assertMatch([], get_http_data(Res1)),
-
-    Params2 = [#{<<"username">> => <<"test_username">>,
-                 <<"topic">> => <<"topic/A">>,
-                 <<"action">> => <<"pub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"username">> => <<"test_username">>,
-                 <<"topic">> => <<"topic/B">>,
-                 <<"action">> => <<"sub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"username">> => <<"test_username">>,
-                 <<"topic">> => <<"topic/C">>,
-                 <<"action">> => <<"pubsub">>,
-                 <<"access">> => <<"deny">>
-                }],
-    {ok, _} = request_http_rest_add([], Params2),
-    {ok, Re2} = request_http_rest_list(["username", "test_username"]),
-    ?assertMatch(4, length(get_http_data(Re2))),
-    {ok, _} = request_http_rest_delete(["username", "test_username", "topic", "topic/A"]),
-    {ok, _} = request_http_rest_delete(["username", "test_username", "topic", "topic/B"]),
-    {ok, _} = request_http_rest_delete(["username", "test_username", "topic", "topic/C"]),
-    {ok, Res2} = request_http_rest_list(["username"]),
-    ?assertMatch([], get_http_data(Res2)),
-
-    Params3 = [#{<<"topic">> => <<"topic/A">>,
-                 <<"action">> => <<"pub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"topic">> => <<"topic/B">>,
-                 <<"action">> => <<"sub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"topic">> => <<"topic/C">>,
-                 <<"action">> => <<"pubsub">>,
-                 <<"access">> => <<"deny">>
-                }],
-    {ok, _} = request_http_rest_add([], Params3),
-    {ok, Re3} = request_http_rest_list(["$all"]),
-    ?assertMatch(4, length(get_http_data(Re3))),
-    {ok, _} = request_http_rest_delete(["$all", "topic", "topic/A"]),
-    {ok, _} = request_http_rest_delete(["$all", "topic", "topic/B"]),
-    {ok, _} = request_http_rest_delete(["$all", "topic", "topic/C"]),
-    {ok, Res3} = request_http_rest_list(["$all"]),
-    ?assertMatch([], get_http_data(Res3)).
-
-%%------------------------------------------------------------------------------
-%% Helpers
-%%------------------------------------------------------------------------------
-
-clean_all_acls() ->
-    [ mnesia:dirty_delete({emqx_acl, Login})
-      || Login <- mnesia:dirty_all_keys(emqx_acl)].
-
-%%--------------------------------------------------------------------
-%% HTTP Request
-%%--------------------------------------------------------------------
-
-request_http_rest_list(Path) ->
-    request_api(get, uri(Path), default_auth_header()).
-
-request_http_rest_lookup(Path) ->
-    request_api(get, uri(Path), default_auth_header()).
-
-request_http_rest_add(Path, Params) ->
-    request_api(post, uri(Path), [], default_auth_header(), Params).
-
-request_http_rest_delete(Path) ->
-    request_api(delete, uri(Path), default_auth_header()).
-
-uri() -> uri([]).
-uri(Parts) when is_list(Parts) ->
-    NParts = [b2l(E) || E <- Parts],
-    ?HOST ++ filename:join([?BASE_PATH, ?API_VERSION, "acl"| NParts]).
-
-b2l(B) -> binary_to_list(emqx_http_lib:uri_encode(iolist_to_binary(B))).
diff --git a/apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl b/apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl
deleted file mode 100644
index c5c0eb727..000000000
--- a/apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl
+++ /dev/null
@@ -1,318 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%% http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_SUITE).
-
--compile(nowarn_export_all).
--compile(export_all).
-
--include("emqx_auth_mnesia.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--import(emqx_ct_http, [ request_api/3
-                      , request_api/5
-                      , get_http_data/1
-                      , create_default_app/0
-                      , delete_default_app/0
-                      , default_auth_header/0
-                      ]).
-
--define(HOST, "http://127.0.0.1:8081/").
--define(API_VERSION, "v4").
--define(BASE_PATH, "api").
-
--define(TABLE, emqx_user).
--define(CLIENTID,  <<"clientid_for_ct">>).
--define(USERNAME,  <<"username_for_ct">>).
--define(PASSWORD,  <<"password">>).
--define(NPASSWORD, <<"new_password">>).
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-groups() ->
-    [].
-
-init_per_suite(Config) ->
-    ok = emqx_ct_helpers:start_apps([emqx_management, emqx_auth_mnesia], fun set_special_configs/1),
-    create_default_app(),
-    Config.
-
-end_per_suite(_Config) ->
-    delete_default_app(),
-    emqx_ct_helpers:stop_apps([emqx_management, emqx_auth_mnesia]).
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, true),
-    application:set_env(emqx, enable_acl_cache, false),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(_App) ->
-    ok.
-
-%%------------------------------------------------------------------------------
-%% Testcases
-%%------------------------------------------------------------------------------
-
-t_management(_Config) ->
-    clean_all_users(),
-
-    ok = emqx_auth_mnesia_cli:add_user({username, ?USERNAME}, ?PASSWORD),
-    {error, existed} = emqx_auth_mnesia_cli:add_user({username, ?USERNAME}, ?PASSWORD),
-    ?assertMatch([{?TABLE, {username, ?USERNAME}, _, _}],
-                 emqx_auth_mnesia_cli:all_users(username)
-                ),
-
-    ok = emqx_auth_mnesia_cli:add_user({clientid, ?CLIENTID}, ?PASSWORD),
-    {error, existed} = emqx_auth_mnesia_cli:add_user({clientid, ?CLIENTID}, ?PASSWORD),
-    ?assertMatch([{?TABLE, {clientid, ?CLIENTID}, _, _}],
-                 emqx_auth_mnesia_cli:all_users(clientid)
-                ),
-
-    ?assertEqual(2, length(emqx_auth_mnesia_cli:all_users())),
-
-    ok = emqx_auth_mnesia_cli:update_user({username, ?USERNAME}, ?NPASSWORD),
-    {error, noexisted} = emqx_auth_mnesia_cli:update_user(
-                          {username, <<"no_existed_user">>}, ?PASSWORD
-                         ),
-
-    ok = emqx_auth_mnesia_cli:update_user({clientid, ?CLIENTID}, ?NPASSWORD),
-    {error, noexisted} = emqx_auth_mnesia_cli:update_user(
-                          {clientid, <<"no_existed_user">>}, ?PASSWORD
-                         ),
-
-    ?assertMatch([{?TABLE, {username, ?USERNAME}, _, _}],
-                 emqx_auth_mnesia_cli:lookup_user({username, ?USERNAME})
-                ),
-    ?assertMatch([{?TABLE, {clientid, ?CLIENTID}, _, _}],
-                 emqx_auth_mnesia_cli:lookup_user({clientid, ?CLIENTID})
-                ),
-
-    User1 = #{username => ?USERNAME,
-              clientid => undefined,
-              password => ?NPASSWORD,
-              zone     => external},
-
-    {ok, #{auth_result := success,
-           anonymous := false}} = emqx_access_control:authenticate(User1),
-
-    {error, password_error} = emqx_access_control:authenticate(
-                               User1#{password => <<"error_password">>}
-                              ),
-
-    ok = emqx_auth_mnesia_cli:remove_user({username, ?USERNAME}),
-    {ok, #{auth_result := success,
-           anonymous := true }} = emqx_access_control:authenticate(User1),
-
-    User2 = #{clientid => ?CLIENTID,
-              password => ?NPASSWORD,
-              zone     => external},
-
-    {ok, #{auth_result := success,
-           anonymous := false}} = emqx_access_control:authenticate(User2),
-
-    {error, password_error} = emqx_access_control:authenticate(
-                               User2#{password => <<"error_password">>}
-                              ),
-
-    ok = emqx_auth_mnesia_cli:remove_user({clientid, ?CLIENTID}),
-    {ok, #{auth_result := success,
-           anonymous := true }} = emqx_access_control:authenticate(User2),
-
-    [] = emqx_auth_mnesia_cli:all_users().
-
-t_auth_clientid_cli(_) ->
-    clean_all_users(),
-
-    HashType = application:get_env(emqx_auth_mnesia, password_hash, sha256),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(["add", ?CLIENTID, ?PASSWORD]),
-    [{_, {clientid, ?CLIENTID},
-      <<Salt:4/binary, Hash/binary>>,
-      _}] = emqx_auth_mnesia_cli:lookup_user({clientid, ?CLIENTID}),
-    ?assertEqual(Hash, emqx_passwd:hash(HashType, <<Salt/binary, ?PASSWORD/binary>>)),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(["update", ?CLIENTID, ?NPASSWORD]),
-    [{_, {clientid, ?CLIENTID},
-      <<Salt1:4/binary, Hash1/binary>>,
-      _}] = emqx_auth_mnesia_cli:lookup_user({clientid, ?CLIENTID}),
-    ?assertEqual(Hash1, emqx_passwd:hash(HashType, <<Salt1/binary, ?NPASSWORD/binary>>)),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(["del", ?CLIENTID]),
-    ?assertEqual([], emqx_auth_mnesia_cli:lookup_user(?CLIENTID)),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(["add", "user1", "pass1"]),
-    emqx_auth_mnesia_cli:auth_clientid_cli(["add", "user2", "pass2"]),
-    ?assertEqual(2, length(emqx_auth_mnesia_cli:auth_clientid_cli(["list"]))),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(usage).
-
-t_auth_username_cli(_) ->
-    clean_all_users(),
-
-    HashType = application:get_env(emqx_auth_mnesia, password_hash, sha256),
-
-    emqx_auth_mnesia_cli:auth_username_cli(["add", ?USERNAME, ?PASSWORD]),
-    [{_, {username, ?USERNAME},
-      <<Salt:4/binary, Hash/binary>>,
-      _}] = emqx_auth_mnesia_cli:lookup_user({username, ?USERNAME}),
-    ?assertEqual(Hash, emqx_passwd:hash(HashType, <<Salt/binary, ?PASSWORD/binary>>)),
-
-    emqx_auth_mnesia_cli:auth_username_cli(["update", ?USERNAME, ?NPASSWORD]),
-    [{_, {username, ?USERNAME},
-      <<Salt1:4/binary, Hash1/binary>>,
-      _}] = emqx_auth_mnesia_cli:lookup_user({username, ?USERNAME}),
-    ?assertEqual(Hash1, emqx_passwd:hash(HashType, <<Salt1/binary, ?NPASSWORD/binary>>)),
-
-    emqx_auth_mnesia_cli:auth_username_cli(["del", ?USERNAME]),
-    ?assertEqual([], emqx_auth_mnesia_cli:lookup_user(?USERNAME)),
-
-    emqx_auth_mnesia_cli:auth_username_cli(["add", "user1", "pass1"]),
-    emqx_auth_mnesia_cli:auth_username_cli(["add", "user2", "pass2"]),
-    ?assertEqual(2, length(emqx_auth_mnesia_cli:auth_username_cli(["list"]))),
-
-    emqx_auth_mnesia_cli:auth_username_cli(usage).
-
-
-t_clientid_rest_api(_Config) ->
-    clean_all_users(),
-
-    {ok, Result1} = request_http_rest_list(["auth_clientid"]),
-    [] = get_http_data(Result1),
-
-    Params1 = #{<<"clientid">> => ?CLIENTID, <<"password">> => ?PASSWORD},
-    {ok, _} = request_http_rest_add(["auth_clientid"], Params1),
-
-    Path =  ["auth_clientid/" ++ binary_to_list(?CLIENTID)],
-    Params2 = #{<<"clientid">> => ?CLIENTID, <<"password">> => ?NPASSWORD},
-    {ok, _} = request_http_rest_update(Path, Params2),
-
-    {ok, Result2} = request_http_rest_lookup(Path),
-    ?assertMatch(#{<<"clientid">> := ?CLIENTID}, get_http_data(Result2)),
-
-    Params3 = [ #{<<"clientid">> => ?CLIENTID, <<"password">> => ?PASSWORD}
-              , #{<<"clientid">> => <<"clientid1">>, <<"password">> => ?PASSWORD}
-              , #{<<"clientid">> => <<"clientid2">>, <<"password">> => ?PASSWORD}
-              ],
-    {ok, Result3} = request_http_rest_add(["auth_clientid"], Params3),
-    ?assertMatch(#{ ?CLIENTID := <<"{error,existed}">>
-                  , <<"clientid1">> := <<"ok">>
-                  , <<"clientid2">> := <<"ok">>
-                  }, get_http_data(Result3)),
-
-    {ok, Result4} = request_http_rest_list(["auth_clientid"]),
-    ?assertEqual(3, length(get_http_data(Result4))),
-
-    {ok, _} = request_http_rest_delete(Path),
-    {ok, Result5} = request_http_rest_lookup(Path),
-    ?assertMatch(#{}, get_http_data(Result5)).
-
-t_username_rest_api(_Config) ->
-    clean_all_users(),
-
-    {ok, Result1} = request_http_rest_list(["auth_username"]),
-    [] = get_http_data(Result1),
-
-    Params1 = #{<<"username">> => ?USERNAME, <<"password">> => ?PASSWORD},
-    {ok, _} = request_http_rest_add(["auth_username"], Params1),
-
-    Path =  ["auth_username/" ++ binary_to_list(?USERNAME)],
-    Params2 = #{<<"username">> => ?USERNAME, <<"password">> => ?NPASSWORD},
-    {ok, _} = request_http_rest_update(Path, Params2),
-
-    {ok, Result2} = request_http_rest_lookup(Path),
-    ?assertMatch(#{<<"username">> := ?USERNAME}, get_http_data(Result2)),
-
-    Params3 = [ #{<<"username">> => ?USERNAME, <<"password">> => ?PASSWORD}
-              , #{<<"username">> => <<"username1">>, <<"password">> => ?PASSWORD}
-              , #{<<"username">> => <<"username2">>, <<"password">> => ?PASSWORD}
-              ],
-    {ok, Result3} = request_http_rest_add(["auth_username"], Params3),
-    ?assertMatch(#{ ?USERNAME := <<"{error,existed}">>
-                  , <<"username1">> := <<"ok">>
-                  , <<"username2">> := <<"ok">>
-                  }, get_http_data(Result3)),
-
-    {ok, Result4} = request_http_rest_list(["auth_username"]),
-    ?assertEqual(3, length(get_http_data(Result4))),
-
-    {ok, _} = request_http_rest_delete(Path),
-    {ok, Result5} = request_http_rest_lookup([Path]),
-    ?assertMatch(#{}, get_http_data(Result5)).
-
-t_password_hash(_) ->
-    clean_all_users(),
-    {ok, Default} = application:get_env(emqx_auth_mnesia, password_hash),
-    application:set_env(emqx_auth_mnesia, password_hash, plain),
-
-    %% change the password_hash to 'plain'
-    application:stop(emqx_auth_mnesia),
-    ok = application:start(emqx_auth_mnesia),
-
-    Params = #{<<"username">> => ?USERNAME, <<"password">> => ?PASSWORD},
-    {ok, _} = request_http_rest_add(["auth_username"], Params),
-
-    %% check
-    User = #{username => ?USERNAME,
-             clientid => undefined,
-             password => ?PASSWORD,
-             zone     => external},
-    {ok, #{auth_result := success,
-           anonymous := false}} = emqx_access_control:authenticate(User),
-
-    application:set_env(emqx_auth_mnesia, password_hash, Default),
-    application:stop(emqx_auth_mnesia),
-    ok = application:start(emqx_auth_mnesia).
-
-%%------------------------------------------------------------------------------
-%% Helpers
-%%------------------------------------------------------------------------------
-
-clean_all_users() ->
-    [ mnesia:dirty_delete({emqx_user, Login})
-      || Login <- mnesia:dirty_all_keys(emqx_user)].
-
-%%--------------------------------------------------------------------
-%% HTTP Request
-%%--------------------------------------------------------------------
-
-request_http_rest_list(Path) ->
-    request_api(get, uri(Path), default_auth_header()).
-
-request_http_rest_lookup(Path) ->
-    request_api(get, uri([Path]), default_auth_header()).
-
-request_http_rest_add(Path, Params) ->
-    request_api(post, uri(Path), [], default_auth_header(), Params).
-
-request_http_rest_update(Path, Params) ->
-    request_api(put, uri([Path]), [], default_auth_header(), Params).
-
-request_http_rest_delete(Login) ->
-    request_api(delete, uri([Login]), default_auth_header()).
-
-uri() -> uri([]).
-uri(Parts) when is_list(Parts) ->
-    NParts = [b2l(E) || E <- Parts],
-    ?HOST ++ filename:join([?BASE_PATH, ?API_VERSION | NParts]).
-
-%% @private
-b2l(B) when is_binary(B) ->
-    binary_to_list(B);
-b2l(L) when is_list(L) ->
-    L.
diff --git a/apps/emqx_auth_mongo/.gitignore b/apps/emqx_auth_mongo/.gitignore
deleted file mode 100644
index a6635ffa0..000000000
--- a/apps/emqx_auth_mongo/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.DS_Store
-.erlang.mk/
-emqx_auth_mongo.d
-ct.coverdata
-logs/
-test/ct.cover.spec
-data/
-cover/
-eunit.coverdata
-_build/
-rebar.lock
-erlang.mk
-etc/emqx_auth_mongo.conf.rendered
-.rebar3
diff --git a/apps/emqx_auth_mongo/CHANGES b/apps/emqx_auth_mongo/CHANGES
deleted file mode 100644
index 4bddd63a9..000000000
--- a/apps/emqx_auth_mongo/CHANGES
+++ /dev/null
@@ -1,31 +0,0 @@
-
-2.0.7 (2017-01-20)
-------------------
-
-Tag 2.0.7 - use `cuttlefish:unset()` for commented ACL/super config
-
-2.0.1 (2016-11-30)
-------------------
-
-Tag 2.0.1
-
-2.0-beta.1 (2016-08-24)
------------------------
-
-gen_conf
-
-1.1.3-beta (2016-08-19)
------------------------
-
-Bump version to 1.1.3
-
-1.1.2-beta (2016-06-30)
------------------------
-
-Bump version to 1.1.2
-
-1.1-beta (2016-05-28)
----------------------
-
-First public release
-
diff --git a/apps/emqx_auth_mongo/README.md b/apps/emqx_auth_mongo/README.md
deleted file mode 100644
index 3bacfca5b..000000000
--- a/apps/emqx_auth_mongo/README.md
+++ /dev/null
@@ -1,192 +0,0 @@
-emqx_auth_mongo
-===============
-
-EMQ X Authentication/ACL with MongoDB
-
-Build the Plugin
-----------------
-
-```
-make & make tests
-```
-
-Configuration
--------------
-
-File: etc/emqx_auth_mongo.conf
-
-```
-## MongoDB Topology Type.
-##
-## Value: single | unknown | sharded | rs
-auth.mongo.type = single
-
-## Sets the set name if type is rs.
-##
-## Value: String
-## auth.mongo.rs_set_name =
-
-## MongoDB server list.
-##
-## Value: String
-##
-## Examples: 127.0.0.1:27017,127.0.0.2:27017...
-auth.mongo.server = 127.0.0.1:27017
-
-## MongoDB pool size
-##
-## Value: Number
-auth.mongo.pool = 8
-
-## MongoDB login user.
-##
-## Value: String
-## auth.mongo.login =
-
-## MongoDB password.
-##
-## Value: String
-## auth.mongo.password =
-
-## MongoDB AuthSource
-##
-## Value: String
-## Default: mqtt
-## auth.mongo.auth_source = admin
-
-## MongoDB database
-##
-## Value: String
-auth.mongo.database = mqtt
-
-## MongoDB write mode.
-##
-## Value: unsafe | safe
-## auth.mongo.w_mode =
-
-## Mongo read mode.
-##
-## Value: master | slave_ok
-## auth.mongo.r_mode =
-
-## MongoDB topology options.
-auth.mongo.topology.pool_size = 1
-auth.mongo.topology.max_overflow = 0
-## auth.mongo.topology.overflow_ttl = 1000
-## auth.mongo.topology.overflow_check_period = 1000
-## auth.mongo.topology.local_threshold_ms = 1000
-## auth.mongo.topology.connect_timeout_ms = 20000
-## auth.mongo.topology.socket_timeout_ms = 100
-## auth.mongo.topology.server_selection_timeout_ms = 30000
-## auth.mongo.topology.wait_queue_timeout_ms = 1000
-## auth.mongo.topology.heartbeat_frequency_ms = 10000
-## auth.mongo.topology.min_heartbeat_frequency_ms = 1000
-
-## Authentication query.
-auth.mongo.auth_query.collection = mqtt_user
-
-auth.mongo.auth_query.password_field = password
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.mongo.auth_query.password_hash = sha256
-
-## sha256 with salt suffix
-## auth.mongo.auth_query.password_hash = sha256,salt
-
-## sha256 with salt prefix
-## auth.mongo.auth_query.password_hash = salt,sha256
-
-## bcrypt with salt prefix
-## auth.mongo.auth_query.password_hash = salt,bcrypt
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20
-
-auth.mongo.auth_query.selector = username=%u
-
-## Enable superuser query.
-auth.mongo.super_query = on
-
-auth.mongo.super_query.collection = mqtt_user
-
-auth.mongo.super_query.super_field = is_superuser
-
-auth.mongo.super_query.selector = username=%u
-
-## Enable ACL query.
-auth.mongo.acl_query = on
-
-auth.mongo.acl_query.collection = mqtt_acl
-
-auth.mongo.acl_query.selector = username=%u
-```
-
-Load the Plugin
----------------
-
-```
-./bin/emqx_ctl plugins load emqx_auth_mongo
-```
-
-MongoDB Database
-----------------
-
-```
-use mqtt
-db.createCollection("mqtt_user")
-db.createCollection("mqtt_acl")
-db.mqtt_user.ensureIndex({"username":1})
-```
-
-mqtt_user Collection
---------------------
-
-```
-{
-    username: "user",
-    password: "password hash",
-    salt: "password salt",
-    is_superuser: boolean (true, false),
-    created: "datetime"
-}
-```
-
-For example:
-```
-db.mqtt_user.insert({username: "test", password: "password hash", salt: "password salt", is_superuser: false})
-db.mqtt_user.insert({username: "root", is_superuser: true})
-```
-
-mqtt_acl Collection
--------------------
-
-```
-{
-    username: "username",
-    clientid: "clientid",
-    publish: ["topic1", "topic2", ...],
-    subscribe: ["subtop1", "subtop2", ...],
-    pubsub: ["topic/#", "topic1", ...]
-}
-```
-
-For example:
-
-```
-db.mqtt_acl.insert({username: "test", publish: ["t/1", "t/2"], subscribe: ["user/%u", "client/%c"]})
-db.mqtt_acl.insert({username: "admin", pubsub: ["#"]})
-```
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf b/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
deleted file mode 100644
index c59c80643..000000000
--- a/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+++ /dev/null
@@ -1,187 +0,0 @@
-##--------------------------------------------------------------------
-## MongoDB Auth/ACL Plugin
-##--------------------------------------------------------------------
-
-## MongoDB Topology Type.
-##
-## Value: single | unknown | sharded | rs
-auth.mongo.type = single
-
-## The set name if type is rs.
-##
-## Value: String
-## auth.mongo.rs_set_name =
-
-## MongoDB server list.
-##
-## Value: String
-##
-## Examples: "127.0.0.1:27017,127.0.0.2:27017,..."
-auth.mongo.server = "127.0.0.1:27017"
-
-## MongoDB pool size
-##
-## Value: Number
-auth.mongo.pool = 8
-
-## MongoDB login user.
-##
-## Value: String
-# auth.mongo.username =
-
-## MongoDB password.
-##
-## Value: String
-## auth.mongo.password =
-
-## MongoDB AuthSource
-##
-## Value: String
-## Default: mqtt
-## auth.mongo.auth_source = admin
-
-## MongoDB database
-##
-## Value: String
-auth.mongo.database = mqtt
-
-## MongoDB query timeout
-##
-## Value: Duration
-## auth.mongo.query_timeout = 5s
-
-## Whether to enable SSL connection.
-##
-## Value: on | off
-## auth.mongo.ssl.enable = off
-
-## SSL keyfile.
-##
-## Value: File
-## auth.mongo.ssl.keyfile =
-
-## SSL certfile.
-##
-## Value: File
-## auth.mongo.ssl.certfile =
-
-## SSL cacertfile.
-##
-## Value: File
-## auth.mongo.ssl.cacertfile =
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-## auth.mongo.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.mongo.server` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.mongo.ssl.server_name_indication = disable
-
-## MongoDB write mode.
-##
-## Value: unsafe | safe
-## auth.mongo.w_mode =
-
-## Mongo read mode.
-##
-## Value: master | slave_ok
-## auth.mongo.r_mode =
-
-## MongoDB topology options.
-auth.mongo.topology.pool_size = 1
-auth.mongo.topology.max_overflow = 0
-## auth.mongo.topology.overflow_ttl = 1000
-## auth.mongo.topology.overflow_check_period = 1000
-## auth.mongo.topology.local_threshold_ms = 1000
-## auth.mongo.topology.connect_timeout_ms = 20000
-## auth.mongo.topology.socket_timeout_ms = 100
-## auth.mongo.topology.server_selection_timeout_ms = 30000
-## auth.mongo.topology.wait_queue_timeout_ms = 1000
-## auth.mongo.topology.heartbeat_frequency_ms = 10000
-## auth.mongo.topology.min_heartbeat_frequency_ms = 1000
-
-## -------------------------------------------------
-## Auth Query
-## -------------------------------------------------
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.mongo.auth_query.password_hash = sha256
-
-## sha256 with salt suffix
-## auth.mongo.auth_query.password_hash = "sha256,salt"
-
-## sha256 with salt prefix
-## auth.mongo.auth_query.password_hash = "salt,sha256"
-
-## bcrypt with salt prefix
-## auth.mongo.auth_query.password_hash = "salt,bcrypt"
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mongo.auth_query.password_hash = "pbkdf2,sha256,1000,20"
-
-## Authentication query.
-auth.mongo.auth_query.collection = mqtt_user
-
-## Password mainly fields
-##
-## Value:  password | password,salt
-auth.mongo.auth_query.password_field = password
-
-## Authentication Selector.
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## auth.mongo.auth_query.selector = {Field}={Placeholder}
-auth.mongo.auth_query.selector = "username=%u"
-
-## -------------------------------------------------
-## Super User Query
-## -------------------------------------------------
-auth.mongo.super_query.collection = mqtt_user
-auth.mongo.super_query.super_field = is_superuser
-#auth.mongo.super_query.selector.1 = username=%u, clientid=%c
-auth.mongo.super_query.selector = "username=%u"
-
-## ACL Selector.
-##
-## Multiple selectors could be combined with '$or'
-##   when query acl from mongo.
-##
-## e.g.
-##
-## With following 2 selectors configured:
-##
-## auth.mongo.acl_query.selector.1 = "username=%u"
-## auth.mongo.acl_query.selector.2 = "username=$all"
-##
-## And if a client connected using username 'ilyas',
-##   then the following mongo command will be used to
-##   retrieve acl entries:
-##
-## db.mqtt_acl.find({$or: [{username: "ilyas"},  {username: "$all"}]});
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##
-## Examples:
-##
-## auth.mongo.acl_query.selector.1 = "username=%u,clientid=%c"
-## auth.mongo.acl_query.selector.2 = "username=$all"
-## auth.mongo.acl_query.selector.3 = "clientid=$all"
-auth.mongo.acl_query.collection = mqtt_acl
-auth.mongo.acl_query.selector = "username=%u"
diff --git a/apps/emqx_auth_mongo/include/emqx_auth_mongo.hrl b/apps/emqx_auth_mongo/include/emqx_auth_mongo.hrl
deleted file mode 100644
index 97ecf9973..000000000
--- a/apps/emqx_auth_mongo/include/emqx_auth_mongo.hrl
+++ /dev/null
@@ -1,37 +0,0 @@
-
--define(APP, emqx_auth_mongo).
-
--define(DEFAULT_SELECTORS, [{<<"username">>, <<"%u">>}]).
-
--record(superquery, {collection = <<"mqtt_user">>,
-                     field      = <<"is_superuser">>,
-                     selector   = {<<"username">>, <<"%u">>}}).
-
--record(authquery, {collection = <<"mqtt_user">>,
-                    field      = <<"password">>,
-                    hash       = sha256,
-                    selector   = {<<"username">>, <<"%u">>}}).
-
--record(aclquery, {collection = <<"mqtt_acl">>,
-                   selector   = {<<"username">>, <<"%u">>}}).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore  = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema b/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema
deleted file mode 100644
index cd8c03015..000000000
--- a/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema
+++ /dev/null
@@ -1,341 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_mongo config mapping
-
-{mapping, "auth.mongo.type", "emqx_auth_mongo.server", [
-  {default, single},
-  {datatype, {enum, [single, unknown, sharded, rs]}}
-]}.
-
-{mapping, "auth.mongo.rs_set_name", "emqx_auth_mongo.server", [
-  {default, "mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.server", "emqx_auth_mongo.server", [
-  {default, "127.0.0.1:27017"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.pool", "emqx_auth_mongo.server", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mongo.login", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.username", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.password", "emqx_auth_mongo.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.database", "emqx_auth_mongo.server", [
-  {default, "mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.auth_source", "emqx_auth_mongo.server", [
-  {default, "mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.ssl.enable", "emqx_auth_mongo.server", [
-  {default, off},
-  {datatype, {enum, [on, off, true, false]}} %% FIXME: ture/false is compatible with 4.0-4.2 version format, plan to delete in 5.0
-]}.
-
-{mapping, "auth.mongo.ssl.keyfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.ssl.certfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.ssl.cacertfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.ssl.verify", "emqx_auth_mongo.server", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.mongo.ssl.server_name_indication", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mongo.ssl_opts.keyfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mongo.ssl_opts.certfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mongo.ssl_opts.cacertfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.w_mode", "emqx_auth_mongo.server", [
-  {default, undef},
-  {datatype, {enum, [safe, unsafe, undef]}}
-]}.
-
-{mapping, "auth.mongo.r_mode", "emqx_auth_mongo.server", [
-  {default, undef},
-  {datatype, {enum, [master, slave_ok, undef]}}
-]}.
-
-{mapping, "auth.mongo.topology.$name", "emqx_auth_mongo.server", [
-  {datatype, integer}
-]}.
-
-{translation, "emqx_auth_mongo.server", fun(Conf) ->
-  H = cuttlefish:conf_get("auth.mongo.server", Conf),
-  Hosts = string:tokens(H, ","),
-  Type0 = cuttlefish:conf_get("auth.mongo.type", Conf),
-  Pool = cuttlefish:conf_get("auth.mongo.pool", Conf),
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  Login = cuttlefish:conf_get("auth.mongo.username", Conf,
-                              cuttlefish:conf_get("auth.mongo.login", Conf, "")
-                             ),
-  Passwd = cuttlefish:conf_get("auth.mongo.password", Conf),
-  DB = cuttlefish:conf_get("auth.mongo.database", Conf),
-  AuthSrc = cuttlefish:conf_get("auth.mongo.auth_source", Conf),
-  R = cuttlefish:conf_get("auth.mongo.w_mode", Conf),
-  W = cuttlefish:conf_get("auth.mongo.r_mode", Conf),
-  Login0 = case Login =:= [] of
-    true -> [];
-    false -> [{login, list_to_binary(Login)}]
-  end,
-  Passwd0 = case Passwd =:= [] of
-    true -> [];
-    false -> [{password, list_to_binary(Passwd)}]
-  end,
-  W0 = case W =:= undef of
-    true -> [];
-    false -> [{w_mode, W}]
-  end,
-  R0 = case R =:= undef  of
-    true -> [];
-    false -> [{r_mode, R}]
-  end,
-  Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  SslOpts = fun(Prefix) ->
-                Verify = case cuttlefish:conf_get(Prefix ++ ".verify", Conf, false) of
-                             true -> verify_peer;
-                             false -> verify_none
-                         end,
-                Filter([{verify, Verify},
-                        {server_name_indication, case cuttlefish:conf_get(Prefix ++ ".server_name_indication", Conf, undefined) of
-                                                   "disable" -> disable;
-                                                   SNI -> SNI
-                                                 end},
-                        {keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
-                        {certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)}])
-            end,
-
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  GenSsl = case cuttlefish:conf_get("auth.mongo.ssl.cacertfile", Conf, undefined) of
-               undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}];
-               _ -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl")}]
-           end,
-
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  Ssl = case cuttlefish:conf_get("auth.mongo.ssl.enable", Conf) of
-          on -> GenSsl;
-          off -> [];
-          true -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}];
-          false -> []
-        end,
-
-  WorkerOptions = [{database, list_to_binary(DB)}, {auth_source, list_to_binary(AuthSrc)}]
-                    ++ Login0 ++ Passwd0 ++ W0 ++ R0 ++ Ssl,
-
-  Vars = cuttlefish_variable:fuzzy_matches(["auth", "mongo", "topology", "$name"], Conf),
-  Options = lists:map(fun({_, Name}) ->
-    Name2 = case Name of
-      "local_threshold_ms"          -> "localThresholdMS";
-      "connect_timeout_ms"          -> "connectTimeoutMS";
-      "socket_timeout_ms"           -> "socketTimeoutMS";
-      "server_selection_timeout_ms" -> "serverSelectionTimeoutMS";
-      "wait_queue_timeout_ms"       -> "waitQueueTimeoutMS";
-      "heartbeat_frequency_ms"      -> "heartbeatFrequencyMS";
-      "min_heartbeat_frequency_ms"  -> "minHeartbeatFrequencyMS";
-      _ -> Name
-    end,
-    {list_to_atom(Name2), cuttlefish:conf_get("auth.mongo.topology."++Name, Conf)}
-  end, Vars),
-
-  Type = case Type0 =:= rs of
-    true -> {Type0, list_to_binary(cuttlefish:conf_get("auth.mongo.rs_set_name", Conf))};
-    false -> Type0
-  end,
-  [{type, Type},
-   {hosts, Hosts},
-   {options, Options},
-   {worker_options, WorkerOptions},
-   {auto_reconnect, 1},
-   {pool_size, Pool}]
-end}.
-
-%% The mongodb operation timeout is specified by the value of `cursor_timeout` from application config,
-%% or `infinity` if `cursor_timeout` not specified
-{mapping, "auth.mongo.query_timeout", "mongodb.cursor_timeout", [
-  {datatype, string}
-]}.
-
-{translation, "mongodb.cursor_timeout", fun(Conf) ->
-  case cuttlefish:conf_get("auth.mongo.query_timeout", Conf, undefined) of
-      undefined -> infinity;
-      Duration ->
-          case cuttlefish_duration:parse(Duration, ms) of
-              {error, Reason} -> error(Reason);
-              Ms when is_integer(Ms) -> Ms
-          end
-  end
-end}.
-
-{mapping, "auth.mongo.auth_query.collection", "emqx_auth_mongo.auth_query", [
-  {default, "mqtt_user"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.auth_query.password_field", "emqx_auth_mongo.auth_query", [
-  {default, "password"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.auth_query.password_hash", "emqx_auth_mongo.auth_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.auth_query.selector", "emqx_auth_mongo.auth_query", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mongo.auth_query", fun(Conf) ->
-  case cuttlefish:conf_get("auth.mongo.auth_query.collection", Conf) of
-    undefined -> cuttlefish:unset();
-    Collection ->
-      PasswordField = cuttlefish:conf_get("auth.mongo.auth_query.password_field", Conf),
-      PasswordHash = cuttlefish:conf_get("auth.mongo.auth_query.password_hash", Conf),
-      SelectorStr = cuttlefish:conf_get("auth.mongo.auth_query.selector", Conf),
-      SelectorList =
-          lists:map(fun(Selector) ->
-                  case string:tokens(Selector, "=") of
-                      [Field, Val] -> {list_to_binary(Field), list_to_binary(Val)};
-                      _ -> {<<"username">>, <<"%u">>}
-                  end
-              end, string:tokens(SelectorStr, ", ")),
-
-      PasswordFields = [list_to_binary(Field) || Field <- string:tokens(PasswordField, ",")],
-      HashValue =
-        case string:tokens(PasswordHash, ",") of
-              [Hash]           -> list_to_atom(Hash);
-              [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
-              [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
-              _                -> plain
-        end,
-      [{collection, Collection},
-       {password_field, PasswordFields},
-       {password_hash, HashValue},
-       {selector, SelectorList}]
-    end
-end}.
-
-{mapping, "auth.mongo.super_query", "emqx_auth_mongo.super_query", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.mongo.super_query.collection", "emqx_auth_mongo.super_query", [
-  {default, "mqtt_user"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.super_query.super_field", "emqx_auth_mongo.super_query", [
-  {default, "is_superuser"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.super_query.selector", "emqx_auth_mongo.super_query", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mongo.super_query", fun(Conf) ->
-  case cuttlefish:conf_get("auth.mongo.super_query.collection", Conf) of
-    undefined -> cuttlefish:unset();
-    Collection  ->
-      SuperField = cuttlefish:conf_get("auth.mongo.super_query.super_field", Conf),
-      SelectorStr = cuttlefish:conf_get("auth.mongo.super_query.selector", Conf),
-      SelectorList =
-          lists:map(fun(Selector) ->
-                  case string:tokens(Selector, "=") of
-                      [Field, Val] -> {list_to_binary(Field), list_to_binary(Val)};
-                      _ -> {<<"username">>, <<"%u">>}
-                  end
-              end, string:tokens(SelectorStr, ", ")),
-      [{collection, Collection}, {super_field, SuperField}, {selector, SelectorList}]
-  end
-end}.
-
-{mapping, "auth.mongo.acl_query", "emqx_auth_mongo.acl_query", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.mongo.acl_query.collection", "emqx_auth_mongo.acl_query", [
-  {default, "mqtt_user"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.acl_query.selector", "emqx_auth_mongo.acl_query", [
-  {default, ""},
-  {datatype, string}
-]}.
-{mapping, "auth.mongo.acl_query.selector.$id", "emqx_auth_mongo.acl_query", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mongo.acl_query", fun(Conf) ->
-  case cuttlefish:conf_get("auth.mongo.acl_query.collection", Conf) of
-    undefined -> cuttlefish:unset();
-    Collection  ->
-      SelectorStrList =
-        lists:map(
-            fun
-                ({["auth","mongo","acl_query","selector"], ConfEntry}) ->
-                    ConfEntry;
-                ({["auth","mongo","acl_query","selector", _], ConfEntry}) ->
-                    ConfEntry
-            end,
-            cuttlefish_variable:filter_by_prefix("auth.mongo.acl_query.selector", Conf)),
-      SelectorListList =
-          lists:map(
-            fun(SelectorStr) ->
-                lists:map(fun(Selector) ->
-                        case string:tokens(Selector, "=") of
-                            [Field, Val] -> {list_to_binary(Field), list_to_binary(Val)};
-                            _ -> {<<"username">>, <<"%u">>}
-                        end
-                    end, string:tokens(SelectorStr, ", "))
-            end,
-            SelectorStrList),
-      [{collection, Collection}, {selector, SelectorListList}]
-  end
-end}.
diff --git a/apps/emqx_auth_mongo/rebar.config b/apps/emqx_auth_mongo/rebar.config
deleted file mode 100644
index f44e69543..000000000
--- a/apps/emqx_auth_mongo/rebar.config
+++ /dev/null
@@ -1,32 +0,0 @@
-{deps,
-  %% NOTE: mind poolboy version when updating mongodb-erlang version
- [{mongodb, {git,"https://github.com/emqx/mongodb-erlang", {tag, "v3.0.7"}}},
-  %% mongodb-erlang uses a special fork https://github.com/comtihon/poolboy.git
-  %% (which has overflow_ttl feature added).
-  %% However, it references `{branch, "master}` (commit 9c06a9a on 2021-04-07).
-  %% By accident, We have always been using the upstream fork due to
-  %% eredis_cluster's dependency getting resolved earlier.
-  %% Here we pin 1.5.2 to avoid surprises in the future.
-  {poolboy, {git, "https://github.com/emqx/poolboy.git", {tag, "1.5.2"}}}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed,
-            {parse_transform}
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions
-              ]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
diff --git a/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl b/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl
deleted file mode 100644
index 653600395..000000000
--- a/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl
+++ /dev/null
@@ -1,91 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mongo).
-
--include("emqx_auth_mongo.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
-%% ACL callbacks
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _State) ->
-    ok;
-
-check_acl(ClientInfo, PubSub, Topic, _AclResult, Env = #{aclquery := AclQuery}) ->
-    #aclquery{collection = Coll, selector = SelectorList} = AclQuery,
-    Pool = maps:get(pool, Env, ?APP),
-    SelectorMapList =
-        lists:map(fun(Selector) ->
-            maps:from_list(emqx_auth_mongo:replvars(Selector, ClientInfo))
-        end, SelectorList),
-    case emqx_auth_mongo:query_multi(Pool, Coll, SelectorMapList) of
-        [] -> ok;
-        Rows ->
-            try match(ClientInfo, Topic, topics(PubSub, Rows)) of
-                matched -> emqx_metrics:inc(?ACL_METRICS(allow)),
-                           {stop, allow};
-                nomatch -> emqx_metrics:inc(?ACL_METRICS(deny)),
-                           {stop, deny}
-            catch
-                _Err:Reason->
-                    ?LOG(error, "[MongoDB] Check mongo ~p ACL failed, got ACL config: ~p, error: :~p",
-                                [PubSub, Rows, Reason]),
-                    emqx_metrics:inc(?ACL_METRICS(ignore)),
-                    ignore
-            end
-    end.
-
-
-match(_ClientInfo, _Topic, []) ->
-    nomatch;
-match(ClientInfo, Topic, [TopicFilter|More]) ->
-    case emqx_topic:match(Topic, feedvar(ClientInfo, TopicFilter)) of
-        true  -> matched;
-        false -> match(ClientInfo, Topic, More)
-    end.
-
-topics(publish, Rows) ->
-    lists:foldl(fun(Row, Acc) ->
-        Topics = maps:get(<<"publish">>, Row, []) ++ maps:get(<<"pubsub">>, Row, []),
-        lists:umerge(Acc, Topics)
-    end, [], Rows);
-
-topics(subscribe, Rows) ->
-    lists:foldl(fun(Row, Acc) ->
-        Topics = maps:get(<<"subscribe">>, Row, []) ++ maps:get(<<"pubsub">>, Row, []),
-        lists:umerge(Acc, Topics)
-    end, [], Rows).
-
-feedvar(#{clientid := ClientId, username := Username}, Str) ->
-    lists:foldl(fun({Var, Val}, Acc) ->
-                    feedvar(Acc, Var, Val)
-                end, Str, [{"%u", Username}, {"%c", ClientId}]).
-
-feedvar(Str, _Var, undefined) ->
-    Str;
-feedvar(Str, Var, Val) ->
-    re:replace(Str, Var, Val, [global, {return, binary}]).
-
-description() -> "ACL with MongoDB".
-
diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo.app.src b/apps/emqx_auth_mongo/src/emqx_auth_mongo.app.src
deleted file mode 100644
index ab0b4ff56..000000000
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_mongo,
- [{description, "EMQ X Authentication/ACL with MongoDB"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_mongo_sup]},
-  {applications, [kernel,stdlib,mongodb,ecpool]},
-  {mod, {emqx_auth_mongo_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-mongo"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl b/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
deleted file mode 100644
index cd1d21b42..000000000
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
+++ /dev/null
@@ -1,138 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mongo).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_mongo.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("emqx/include/types.hrl").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--export([ replvar/2
-        , replvars/2
-        , connect/1
-        , query/3
-        , query_multi/3
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{password := Password}, AuthResult,
-      Env = #{authquery := AuthQuery, superquery := SuperQuery}) ->
-    #authquery{collection = Collection, field = Fields,
-               hash = HashType, selector = Selector} = AuthQuery,
-    Pool = maps:get(pool, Env, ?APP),
-    case query(Pool, Collection, maps:from_list(replvars(Selector, ClientInfo))) of
-        undefined -> emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {error, Reason} ->
-            ?LOG(error, "[MongoDB] Can't connect to MongoDB server: ~0p", [Reason]),
-            ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-            {stop, AuthResult#{auth_result => not_authorized, anonymous => false}};
-        UserMap ->
-            Result = case [maps:get(Field, UserMap, undefined) || Field <- Fields] of
-                        [undefined] -> {error, password_error};
-                        [PassHash] ->
-                            check_pass({PassHash, Password}, HashType);
-                        [PassHash, Salt|_] ->
-                            check_pass({PassHash, Salt, Password}, HashType)
-                     end,
-            case Result of
-                ok ->
-                    ok = emqx_metrics:inc(?AUTH_METRICS(success)),
-                    {stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
-                                       anonymous => false,
-                                       auth_result => success}};
-                {error, Error} ->
-                    ?LOG(error, "[MongoDB] check auth fail: ~p", [Error]),
-                    ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-                    {stop, AuthResult#{auth_result => Error, anonymous => false}}
-            end
-    end.
-
-check_pass(Password, HashType) ->
-    case emqx_passwd:check_pass(Password, HashType) of
-        ok -> ok;
-        {error, _Reason} -> {error, not_authorized}
-    end.
-
-description() -> "Authentication with MongoDB".
-
-%%--------------------------------------------------------------------
-%% Is Superuser?
-%%--------------------------------------------------------------------
-is_superuser(_Pool, undefined, _ClientInfo) ->
-    false;
-is_superuser(Pool, #superquery{collection = Coll, field = Field, selector = Selector}, ClientInfo) ->
-    case query(Pool, Coll, maps:from_list(replvars(Selector, ClientInfo))) of
-        undefined -> false;
-        {error, Reason} ->
-            ?LOG(error, "[MongoDB] Can't connect to MongoDB server: ~0p", [Reason]),
-            false;
-        Row ->
-            case maps:get(Field, Row, false) of
-                true   -> true;
-                _False -> false
-            end
-    end.
-
-replvars(VarList, ClientInfo) ->
-    lists:map(fun(Var) -> replvar(Var, ClientInfo) end, VarList).
-
-replvar({Field, <<"%u">>}, #{username := Username}) ->
-    {Field, Username};
-replvar({Field, <<"%c">>}, #{clientid := ClientId}) ->
-    {Field, ClientId};
-replvar({Field, <<"%C">>}, #{cn := CN}) ->
-    {Field, CN};
-replvar({Field, <<"%d">>}, #{dn := DN}) ->
-    {Field, DN};
-replvar(Selector, _ClientInfo) ->
-    Selector.
-
-%%--------------------------------------------------------------------
-%% MongoDB Connect/Query
-%%--------------------------------------------------------------------
-
-connect(Opts) ->
-    Type = proplists:get_value(type, Opts, single),
-    Hosts = proplists:get_value(hosts, Opts, []),
-    Options = proplists:get_value(options, Opts, []),
-    WorkerOptions = proplists:get_value(worker_options, Opts, []),
-    mongo_api:connect(Type, Hosts, Options, WorkerOptions).
-
-query(Pool, Collection, Selector) ->
-    ecpool:with_client(Pool, fun(Conn) -> mongo_api:find_one(Conn, Collection, Selector, #{}) end).
-
-query_multi(Pool, Collection, SelectorList) ->
-    lists:reverse(lists:flatten(lists:foldl(fun(Selector, Acc1) ->
-        Batch = ecpool:with_client(Pool, fun(Conn) ->
-                  case mongo_api:find(Conn, Collection, Selector, #{}) of
-                      [] -> [];
-                      {ok, Cursor} ->
-                          mc_cursor:foldl(fun(O, Acc2) -> [O|Acc2] end, [], Cursor, 1000)
-                  end
-                end),
-        [Batch|Acc1]
-    end, [], SelectorList))).
diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl b/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
deleted file mode 100644
index b8d9431c2..000000000
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
+++ /dev/null
@@ -1,88 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mongo_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_mongo.hrl").
-
--import(proplists, [get_value/3]).
-
-%% Application callbacks
--export([ start/2
-        , prep_stop/1
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_mongo_sup:start_link(),
-    with_env(auth_query, fun reg_authmod/1),
-    with_env(acl_query,  fun reg_aclmod/1),
-    {ok, Sup}.
-
-prep_stop(State) ->
-    ok = emqx:unhook('client.authenticate', {emqx_auth_mongo, check}),
-    ok = emqx:unhook('client.check_acl', {emqx_acl_mongo, check_acl}),
-    State.
-
-stop(_State) ->
-    ok.
-
-reg_authmod(AuthQuery) ->
-    emqx_auth_mongo:register_metrics(),
-    SuperQuery = r(super_query, application:get_env(?APP, super_query, undefined)),
-    ok = emqx:hook('client.authenticate', {emqx_auth_mongo, check,
-                                           [#{authquery => AuthQuery, superquery => SuperQuery, pool => ?APP}]
-                                          }).
-
-reg_aclmod(AclQuery) ->
-    emqx_acl_mongo:register_metrics(),
-    ok = emqx:hook('client.check_acl', {emqx_acl_mongo, check_acl, [#{aclquery => AclQuery, pool => ?APP}]}).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-with_env(Name, Fun) ->
-    case application:get_env(?APP, Name) of
-        undefined    -> ok;
-        {ok, Config} -> Fun(r(Name, Config))
-    end.
-
-r(super_query, undefined) ->
-    undefined;
-r(super_query, Config) ->
-    #superquery{collection = list_to_binary(get_value(collection, Config, "mqtt_user")),
-                field      = list_to_binary(get_value(super_field, Config, "is_superuser")),
-                selector   = get_value(selector, Config, ?DEFAULT_SELECTORS)};
-
-r(auth_query, Config) ->
-    #authquery{collection = list_to_binary(get_value(collection, Config, "mqtt_user")),
-               field      = get_value(password_field, Config, [<<"password">>]),
-               hash       = get_value(password_hash, Config, sha256),
-               selector   = get_value(selector, Config, ?DEFAULT_SELECTORS)};
-
-r(acl_query, Config) ->
-    #aclquery{collection = list_to_binary(get_value(collection, Config, "mqtt_acl")),
-              selector   = get_value(selector, Config, [?DEFAULT_SELECTORS])}.
-
diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl b/apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl
deleted file mode 100644
index 3f27cb1dd..000000000
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl
+++ /dev/null
@@ -1,34 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mongo_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_mongo.hrl").
-
--export([start_link/0]).
-
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    {ok, PoolEnv} = application:get_env(?APP, server),
-    PoolSpec = ecpool:pool_spec(?APP, ?APP, ?APP, PoolEnv),
-    {ok, {{one_for_all, 10, 100}, [PoolSpec]}}.
-
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl
deleted file mode 100644
index a988e87bb..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl
+++ /dev/null
@@ -1,169 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mongo_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("common_test/include/ct.hrl").
--include_lib("eunit/include/eunit.hrl").
-
--define(APP, emqx_auth_mongo).
-
--define(POOL(App),  ecpool_worker:client(gproc_pool:pick_worker({ecpool, App}))).
-
--define(MONGO_CL_ACL, <<"mqtt_acl">>).
--define(MONGO_CL_USER, <<"mqtt_user">>).
-
--define(INIT_ACL, [{<<"username">>, <<"testuser">>, <<"clientid">>, <<"null">>, <<"subscribe">>, [<<"#">>]},
-                   {<<"username">>, <<"dashboard">>, <<"clientid">>, <<"null">>, <<"pubsub">>, [<<"$SYS/#">>]},
-                   {<<"username">>, <<"user3">>, <<"clientid">>, <<"null">>, <<"publish">>, [<<"a/b/c">>]}]).
-
--define(INIT_AUTH, [{<<"username">>, <<"plain">>, <<"password">>, <<"plain">>, <<"salt">>, <<"salt">>, <<"is_superuser">>, true},
-                    {<<"username">>, <<"md5">>, <<"password">>, <<"1bc29b36f623ba82aaf6724fd3b16718">>, <<"salt">>, <<"salt">>, <<"is_superuser">>, false},
-                    {<<"username">>, <<"sha">>, <<"password">>, <<"d8f4590320e1343a915b6394170650a8f35d6926">>, <<"salt">>, <<"salt">>, <<"is_superuser">>, false},
-                    {<<"username">>, <<"sha256">>, <<"password">>, <<"5d5b09f6dcb2d53a5fffc60c4ac0d55fabdf556069d6631545f42aa6e3500f2e">>, <<"salt">>, <<"salt">>, <<"is_superuser">>, false},
-                    {<<"username">>, <<"pbkdf2_password">>, <<"password">>, <<"cdedb5281bb2f801565a1122b2563515">>, <<"salt">>, <<"ATHENA.MIT.EDUraeburn">>, <<"is_superuser">>, false},
-                    {<<"username">>, <<"bcrypt_foo">>, <<"password">>, <<"$2a$12$sSS8Eg.ovVzaHzi1nUHYK.HbUIOdlQI0iS22Q5rd5z.JVVYH6sfm6">>, <<"salt">>, <<"$2a$12$sSS8Eg.ovVzaHzi1nUHYK.">>, <<"is_superuser">>, false}
-                    ]).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    emqx_ct_helpers:start_apps([emqx_auth_mongo], fun set_special_confs/1),
-    init_mongo_data(),
-    Cfg.
-
-end_per_suite(_Cfg) ->
-    deinit_mongo_data(),
-    emqx_ct_helpers:stop_apps([emqx_auth_mongo]).
-
-set_special_confs(emqx) ->
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, enable_acl_cache, false);
-set_special_confs(_App) ->
-    ok.
-
-init_mongo_data() ->
-    %% Users
-    {ok, Connection} = ?POOL(?APP),
-    mongo_api:delete(Connection, ?MONGO_CL_USER, {}),
-    ?assertMatch({{true, _}, _}, mongo_api:insert(Connection, ?MONGO_CL_USER, ?INIT_AUTH)),
-    %% ACLs
-    mongo_api:delete(Connection, ?MONGO_CL_ACL, {}),
-    ?assertMatch({{true, _}, _}, mongo_api:insert(Connection, ?MONGO_CL_ACL, ?INIT_ACL)).
-
-deinit_mongo_data() ->
-    {ok, Connection} = ?POOL(?APP),
-    mongo_api:delete(Connection, ?MONGO_CL_USER, {}),
-    mongo_api:delete(Connection, ?MONGO_CL_ACL, {}).
-
-%%--------------------------------------------------------------------
-%% Test cases
-%%--------------------------------------------------------------------
-
-t_check_auth(_) ->
-    Plain = #{zone => external, clientid => <<"client1">>, username => <<"plain">>},
-    Plain1 = #{zone => external, clientid => <<"client1">>, username => <<"plain2">>},
-    Md5 = #{zone => external, clientid => <<"md5">>, username => <<"md5">>},
-    Sha = #{zone => external, clientid => <<"sha">>, username => <<"sha">>},
-    Sha256 = #{zone => external, clientid => <<"sha256">>, username => <<"sha256">>},
-    Pbkdf2 = #{zone => external, clientid => <<"pbkdf2_password">>, username => <<"pbkdf2_password">>},
-    Bcrypt = #{zone => external, clientid => <<"bcrypt_foo">>, username => <<"bcrypt_foo">>},
-    User1 = #{zone => external, clientid => <<"bcrypt_foo">>, username => <<"user">>},
-    reload({auth_query, [{password_hash, plain}]}),
-    %% With exactly username/password, connection success
-    {ok, #{is_superuser := true}} = emqx_access_control:authenticate(Plain#{password => <<"plain">>}),
-    %% With exactly username and wrong password, connection fail
-    {error, _} = emqx_access_control:authenticate(Plain#{password => <<"error_pwd">>}),
-    %% With wrong username and wrong password, emqx_auth_mongo auth fail, then allow anonymous authentication
-    {error, _} = emqx_access_control:authenticate(Plain1#{password => <<"error_pwd">>}),
-    %% With wrong username and exactly password, emqx_auth_mongo auth fail, then allow anonymous authentication
-    {error, _} = emqx_access_control:authenticate(Plain1#{password => <<"plain">>}),
-    reload({auth_query, [{password_hash, md5}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Md5#{password => <<"md5">>}),
-    reload({auth_query, [{password_hash, sha}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha#{password => <<"sha">>}),
-    reload({auth_query, [{password_hash, sha256}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha256#{password => <<"sha256">>}),
-    %%pbkdf2 sha
-    reload({auth_query, [{password_hash, {pbkdf2, sha, 1, 16}}, {password_field, [<<"password">>, <<"salt">>]}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Pbkdf2#{password => <<"password">>}),
-    reload({auth_query, [{password_hash, {salt, bcrypt}}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Bcrypt#{password => <<"foo">>}),
-    {error, _} = emqx_access_control:authenticate(User1#{password => <<"foo">>}).
-
-t_check_acl(_) ->
-    {ok, Connection} = ?POOL(?APP),
-    User1 = #{zone => external, clientid => <<"client1">>, username => <<"testuser">>},
-    User2 = #{zone => external, clientid => <<"client2">>, username => <<"dashboard">>},
-    User3 = #{zone => external, clientid => <<"client2">>, username => <<"user3">>},
-    User4 = #{zone => external, clientid => <<"$$client2">>, username => <<"$$user3">>},
-    3 = mongo_api:count(Connection, ?MONGO_CL_ACL, {}, 17),
-    %% ct log output
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(User1, subscribe, <<"$SYS/testuser/1">>),
-    deny = emqx_access_control:check_acl(User2, subscribe, <<"a/b/c">>),
-    allow = emqx_access_control:check_acl(User2, subscribe, <<"$SYS/testuser/1">>),
-    allow = emqx_access_control:check_acl(User3, publish, <<"a/b/c">>),
-    deny = emqx_access_control:check_acl(User3, publish, <<"c">>),
-    deny = emqx_access_control:check_acl(User4, publish, <<"a/b/c">>).
-
-t_acl_super(_) ->
-    reload({auth_query, [{password_hash, plain}, {password_field, [<<"password">>]}]}),
-    {ok, C} = emqtt:start_link([{clientid, <<"simpleClient">>},
-                                {username, <<"plain">>},
-                                {password, <<"plain">>}]),
-    {ok, _} = emqtt:connect(C),
-    timer:sleep(10),
-    emqtt:subscribe(C, <<"TopicA">>, qos2),
-    timer:sleep(1000),
-    emqtt:publish(C, <<"TopicA">>, <<"Payload">>, qos2),
-    timer:sleep(1000),
-    receive
-        {publish, #{payload := Payload}} ->
-        ?assertEqual(<<"Payload">>, Payload)
-    after
-        1000 ->
-        ct:fail({receive_timeout, <<"Payload">>}),
-        ok
-    end,
-    emqtt:disconnect(C).
-
-%%--------------------------------------------------------------------
-%% Utils
-%%--------------------------------------------------------------------
-
-reload({Par, Vals}) when is_list(Vals) ->
-    application:stop(?APP),
-    {ok, TupleVals} = application:get_env(?APP, Par),
-    NewVals =
-    lists:filtermap(fun({K, V}) ->
-        case lists:keymember(K, 1, Vals) of
-        false ->{true, {K, V}};
-        _ -> false
-        end
-    end, TupleVals),
-    application:set_env(?APP, Par, lists:append(NewVals, Vals)),
-    application:start(?APP).
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca-key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca-key.pem
deleted file mode 100644
index e9717011e..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0kGUBi9NDp65jgdxKfizIfuSr2wpwb44yM9SuP4oUQSULOA2
-4iFpLR/c5FAYHU81y9Vx91dQjdZfffaBZuv2zVvteXUkol8Nez7boKbo2E41MTew
-8edtNKZAQVvnaHAC2NCZxjchCzUCDEoUUcl+cIERZ8R48FBqK5iTVcMRIx1akwus
-+dhBqP0ykA5TGOWZkJrLM9aUXSPQha9+wXlOpkvu0Ur2nkX8PPJnifWao9UShSar
-ll1IqPZNCSlZMwcFYcQNBCpdvITUUYlHvMRQV64bUpOxUGDuJkQL3dLKBlNuBRlJ
-BcjBAKw7rFnwwHZcMmQ9tan/dZzpzwjo/T0XjwIDAQABAoIBAQCSHvUqnzDkWjcG
-l/Fzg92qXlYBCCC0/ugj1sHcwvVt6Mq5rVE3MpUPwTcYjPlVVTlD4aEEjm/zQuq2
-ddxUlOS+r4aIhHrjRT/vSS4FpjnoKeIZxGR6maVxk6DQS3i1QjMYT1CvSpzyVvKH
-a+xXMrtmoKxh+085ZAmFJtIuJhUA2yEa4zggCxWnvz8ecLClUPfVDPhdLBHc3KmL
-CRpHEC6L/wanvDPRdkkzfKyaJuIJlTDaCg63AY5sDkTW2I57iI/nJ3haSeidfQKz
-39EfbnM1A/YprIakafjAu3frBIsjBVcxwGihZmL/YriTHjOggJF841kT5zFkkv2L
-/530Wk6xAoGBAOqZLZ4DIi/zLndEOz1mRbUfjc7GQUdYplBnBwJ22VdS0P4TOXnd
-UbJth2MA92NM7ocTYVFl4TVIZY/Y+Prxk7KQdHWzR7JPpKfx9OEVgtSqV0vF9eGI
-rKp79Y1T4Mvc3UcQCXX6TP7nHLihEzpS8odm2LW4txrOiLsn4Fq/IWrLAoGBAOVv
-6U4tm3lImotUupKLZPKEBYwruo9qRysoug9FiorP4TjaBVOfltiiHbAQD6aGfVtN
-SZpZZtrs17wL7Xl4db5asgMcZd+8Hkfo5siR7AuGW9FZloOjDcXb5wCh9EvjJ74J
-Cjw7RqyVymq9t7IP6wnVwj5Ck48YhlOZCz/mzlnNAoGAWq7NYFgLvgc9feLFF23S
-IjpJQZWHJEITP98jaYNxbfzYRm49+GphqxwFinKULjFNvq7yHlnIXSVYBOu1CqOZ
-GRwXuGuNmlKI7lZr9xmukfAqgGLMMdr4C4qRF4lFyufcLRz42z7exmWlx4ST/yaT
-E13hBRWayeTuG5JFei6Jh1MCgYEAqmX4LyC+JFBgvvQZcLboLRkSCa18bADxhENG
-FAuAvmFvksqRRC71WETmqZj0Fqgxt7pp3KFjO1rFSprNLvbg85PmO1s+6fCLyLpX
-lESTu2d5D71qhK93jigooxalGitFm+SY3mzjq0/AOpBWOn+J/w7rqVPGxXLgaHv0
-l+vx+00CgYBOvo9/ImjwYii2jFl+sHEoCzlvpITi2temRlT2j6ulSjCLJgjwEFw9
-8e+vvfQumQOsutakUVyURrkMGNDiNlIv8kv5YLCCkrwN22E6Ghyi69MJUvHQXkc/
-QZhjn/luyfpB5f/BeHFS2bkkxAXo+cfG45ApY3Qfz6/7o+H+vDa6/A==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
deleted file mode 100644
index 00b31d8a4..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAeugAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowPDE6MDgGA1UEAwwxTXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DQV9DZXJ0aWZpY2F0ZTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJBlAYvTQ6euY4HcSn4syH7kq9s
-KcG+OMjPUrj+KFEElCzgNuIhaS0f3ORQGB1PNcvVcfdXUI3WX332gWbr9s1b7Xl1
-JKJfDXs+26Cm6NhONTE3sPHnbTSmQEFb52hwAtjQmcY3IQs1AgxKFFHJfnCBEWfE
-ePBQaiuYk1XDESMdWpMLrPnYQaj9MpAOUxjlmZCayzPWlF0j0IWvfsF5TqZL7tFK
-9p5F/DzyZ4n1mqPVEoUmq5ZdSKj2TQkpWTMHBWHEDQQqXbyE1FGJR7zEUFeuG1KT
-sVBg7iZEC93SygZTbgUZSQXIwQCsO6xZ8MB2XDJkPbWp/3Wc6c8I6P09F48CAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADKz6bIpP5anp
-GgLB0jkclRWuMlS4qqIt4itSsMXPJ/ezpHwECixmgW2TIQl6S1woRkUeMxhT2/Ay
-Sn/7aKxuzRagyE5NEGOvrOuAP5RO2ZdNJ/X3/Rh533fK1sOTEEbSsWUvW6iSkZef
-rsfZBVP32xBhRWkKRdLeLB4W99ADMa0IrTmZPCXHSSE2V4e1o6zWLXcOZeH1Qh8N
-SkelBweR+8r1Fbvy1r3s7eH7DCbYoGEDVLQGOLvzHKBisQHmoDnnF5E9g1eeNRdg
-o+vhOKfYCOzeNREJIqS42PHcGhdNRk90ycigPmfUJclz1mDHoMjKR2S5oosTpr65
-tNPx3CL7GA==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
deleted file mode 100644
index aad1404ca..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAzANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0N1oXDTMwMDYwOTAzMzg0N1owQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DbGllbnRfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVYSWpOvCTupz82fc85Opv
-EQ7rkB8X2oOMyBCpkyHKBIr1ZQgRDWBp9UVOASq3GnSElm6+T3Kb1QbOffa8GIlw
-sjAueKdq5L2eSkmPIEQ7eoO5kEW+4V866hE1LeL/PmHg2lGP0iqZiJYtElhHNQO8
-3y9I7cm3xWMAA3SSWikVtpJRn3qIp2QSrH+tK+/HHbE5QwtPxdir4ULSCSOaM5Yh
-Wi5Oto88TZqe1v7SXC864JVvO4LuS7TuSreCdWZyPXTJFBFeCEWSAxonKZrqHbBe
-CwKML6/0NuzjaQ51c2tzmVI6xpHj3nnu4cSRx6Jf9WBm+35vm0wk4pohX3ptdzeV
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAByQ5zSNeFUH
-Aw7JlpZHtHaSEeiiyBHke20ziQ07BK1yi/ms2HAWwQkpZv149sjNuIRH8pkTmkZn
-g8PDzSefjLbC9AsWpWV0XNV22T/cdobqLqMBDDZ2+5bsV+jTrOigWd9/AHVZ93PP
-IJN8HJn6rtvo2l1bh/CdsX14uVSdofXnuWGabNTydqtMvmCerZsdf6qKqLL+PYwm
-RDpgWiRUY7KPBSSlKm/9lJzA+bOe4dHeJzxWFVCJcbpoiTFs1je1V8kKQaHtuW39
-ifX6LTKUMlwEECCbDKM8Yq2tm8NjkjCcnFDtKg8zKGPUu+jrFMN5otiC3wnKcP7r
-O9EkaPcgYH8=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
deleted file mode 100644
index 6789d0291..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1WElqTrwk7qc/Nn3POTqbxEO65AfF9qDjMgQqZMhygSK9WUI
-EQ1gafVFTgEqtxp0hJZuvk9ym9UGzn32vBiJcLIwLninauS9nkpJjyBEO3qDuZBF
-vuFfOuoRNS3i/z5h4NpRj9IqmYiWLRJYRzUDvN8vSO3Jt8VjAAN0klopFbaSUZ96
-iKdkEqx/rSvvxx2xOUMLT8XYq+FC0gkjmjOWIVouTraPPE2antb+0lwvOuCVbzuC
-7ku07kq3gnVmcj10yRQRXghFkgMaJyma6h2wXgsCjC+v9Dbs42kOdXNrc5lSOsaR
-49557uHEkceiX/VgZvt+b5tMJOKaIV96bXc3lQIDAQABAoIBAF7yjXmSOn7h6P0y
-WCuGiTLG2mbDiLJqj2LTm2Z5i+2Cu/qZ7E76Ls63TxF4v3MemH5vGfQhEhR5ZD/6
-GRJ1sKKvB3WGRqjwA9gtojHH39S/nWGy6vYW/vMOOH37XyjIr3EIdIaUtFQBTSHd
-Kd71niYrAbVn6fyWHolhADwnVmTMOl5OOAhCdEF4GN3b5aIhIu8BJ7EUzTtHBJIj
-CAEfjZFjDs1y1cIgGFJkuIQxMfCpq5recU2qwip7YO6fk//WEjOPu7kSf5IEswL8
-jg1dea9rGBV6KaD2xsgsC6Ll6Sb4BbsrHMfflG3K2Lk3RdVqqTFp1Fn1PTLQE/1S
-S/SZPYECgYEA9qYcHKHd0+Q5Ty5wgpxKGa4UCWkpwvfvyv4bh8qlmxueB+l2AIdo
-ZvkM8gTPagPQ3WypAyC2b9iQu70uOJo1NizTtKnpjDdN1YpDjISJuS/P0x73gZwy
-gmoM5AzMtN4D6IbxXtXnPaYICvwLKU80ouEN5ZPM4/ODLUu6gsp0v2UCgYEA3Xgi
-zMC4JF0vEKEaK0H6QstaoXUmw/lToZGH3TEojBIkb/2LrHUclygtONh9kJSFb89/
-jbmRRLAOrx3HZKCNGUmF4H9k5OQyAIv6OGBinvLGqcbqnyNlI+Le8zxySYwKMlEj
-EMrBCLmSyi0CGFrbZ3mlj/oCET/ql9rNvcK+DHECgYAEx5dH3sMjtgp+RFId1dWB
-xePRgt4yTwewkVgLO5wV82UOljGZNQaK6Eyd7AXw8f38LHzh+KJQbIvxd2sL4cEi
-OaAoohpKg0/Y0YMZl//rPMf0OWdmdZZs/I0fZjgZUSwWN3c59T8z7KG/RL8an9RP
-S7kvN7wCttdV61/D5RR6GQKBgDxCe/WKWpBKaovzydMLWLTj7/0Oi0W3iXHkzzr4
-LTgvl4qBSofaNbVLUUKuZTv5rXUG2IYPf99YqCYtzBstNDc1MiAriaBeFtzfOW4t
-i6gEFtoLLbuvPc3N5Sv5vn8Ug5G9UfU3td5R4AbyyCcoUZqOFuZd+EIJSiOXfXOs
-kVmBAoGBAIU9aPAqhU5LX902oq8KsrpdySONqv5mtoStvl3wo95WIqXNEsFY60wO
-q02jKQmJJ2MqhkJm2EoF2Mq8+40EZ5sz8LdgeQ/M0yQ9lAhPi4rftwhpe55Ma9dk
-SE9X1c/DMCBEaIjJqVXdy0/EeArwpb8sHkguVVAZUWxzD+phm1gs
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem
deleted file mode 100644
index 1fe94891a..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcEnEm5hqP1EbEJycOz8Ua
-NWp29QdpFUzTWhkKGhVXk+0msmNTw4NBAFB42moY44OU8wvDideOlJNhPRWveD8z
-G2lxzJA91p0UK4et8ia9MmeuCGhdC9jxJ8X69WNlUiPyy0hI/ZsqRq9Z0C2eW0iL
-JPXsy4X8Xpw3SFwoXf5pR9RFY5Pb2tuyxqmSestu2VXT/NQjJg4CVDR3mFcHPXZB
-4elRzH0WshExEGkgy0bg20MJeRc2Qdb5Xx+EakbmwroDWaCn3NSGqQ7jv6Vw0doy
-TGvS6h6RHBxnyqRfRgKGlCoOMG9/5+rFJC00QpCUG2vHXHWGoWlMlJ3foN7rj5v9
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ5zt2rj4Ag6
-zpN59AWC1Fur8g8l41ksHkSpKPp+PtyO/ngvbMqBpfmK1e7JCKZv/68QXfMyWWAI
-hwalqZkXXWHKjuz3wE7dE25PXFXtGJtcZAaj10xt98fzdqt8lQSwh2kbfNwZIz1F
-sgAStgE7+ZTcqTgvNB76Os1UK0to+/P0VBWktaVFdyub4Nc2SdPVnZNvrRBXBwOD
-3V8ViwywDOFoE7DvCvwx/SVsvoC0Z4j3AMMovO6oHicP7uU83qsQgm1Qru3YeoLR
-+DoVi7IPHbWvN7MqFYn3YjNlByO2geblY7MR0BlqbFlmFrqLsUfjsh2ys7/U/knC
-dN/klu446fI=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAnBJxJuYaj9RGxCcnDs/FGjVqdvUHaRVM01oZChoVV5PtJrJj
-U8ODQQBQeNpqGOODlPMLw4nXjpSTYT0Vr3g/MxtpccyQPdadFCuHrfImvTJnrgho
-XQvY8SfF+vVjZVIj8stISP2bKkavWdAtnltIiyT17MuF/F6cN0hcKF3+aUfURWOT
-29rbssapknrLbtlV0/zUIyYOAlQ0d5hXBz12QeHpUcx9FrIRMRBpIMtG4NtDCXkX
-NkHW+V8fhGpG5sK6A1mgp9zUhqkO47+lcNHaMkxr0uoekRwcZ8qkX0YChpQqDjBv
-f+fqxSQtNEKQlBtrx1x1hqFpTJSd36De64+b/QIDAQABAoIBAFiah66Dt9SruLkn
-WR8piUaFyLlcBib8Nq9OWSTJBhDAJERxxb4KIvvGB+l0ZgNXNp5bFPSfzsZdRwZP
-PX5uj8Kd71Dxx3mz211WESMJdEC42u+MSmN4lGLkJ5t/sDwXU91E1vbJM0ve8THV
-4/Ag9qA4DX2vVZOeyqT/6YHpSsPNZplqzrbAiwrfHwkctHfgqwOf3QLfhmVQgfCS
-VwidBldEUv2whSIiIxh4Rv5St4kA68IBCbJxdpOpyuQBkk6CkxZ7VN9FqOuSd4Pk
-Wm7iWyBMZsCmELZh5XAXld4BEt87C5R4CvbPBDZxAv3THk1DNNvpy3PFQfwARRFb
-SAToYMECgYEAyL7U8yxpzHDYWd3oCx6vTi9p9N/z0FfAkWrRF6dm4UcSklNiT1Aq
-EOnTA+SaW8tV3E64gCWcY23gNP8so/ZseWj6L+peHwtchaP9+KB7yGw2A+05+lOx
-VetLTjAOmfpiUXFe5w1q4C1RGhLjZjjzW+GvwdAuchQgUEFaomrV+PUCgYEAxwfH
-cmVGFbAktcjU4HSRjKSfawCrut+3YUOLybyku3Q/hP9amG8qkVTFe95CTLjLe2D0
-ccaTTpofFEJ32COeck0g0Ujn/qQ+KXRoauOYs4FB1DtqMpqB78wufWEUpDpbd9/h
-J+gJdC/IADd4tJW9zA92g8IA7ZtFmqDtiSpQ0ekCgYAQGkaorvJZpN+l7cf0RGTZ
-h7IfI2vCVZer0n6tQA9fmLzjoe6r4AlPzAHSOR8sp9XeUy43kUzHKQQoHCPvjw/K
-eWJAP7OHF/k2+x2fOPhU7mEy1W+mJdp+wt4Kio5RSaVjVQ3AyPG+w8PSrJszEvRq
-dWMMz+851WV2KpfjmWBKlQKBgQC++4j4DZQV5aMkSKV1CIZOBf3vaIJhXKEUFQPD
-PmB4fBEjpwCg+zNGp6iktt65zi17o8qMjrb1mtCt2SY04eD932LZUHNFlwcLMmes
-Ad+aiDLJ24WJL1f16eDGcOyktlblDZB5gZ/ovJzXEGOkLXglosTfo77OQculmDy2
-/UL2WQKBgGeKasmGNfiYAcWio+KXgFkHXWtAXB9B91B1OFnCa40wx+qnl71MIWQH
-PQ/CZFNWOfGiNEJIZjrHsfNJoeXkhq48oKcT0AVCDYyLV0VxDO4ejT95mGW6njNd
-JpvmhwwAjOvuWVr0tn4iXlSK8irjlJHmwcRjLTJq97vE9fsA2MjI
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/private_key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/private_key.pem
deleted file mode 100644
index 8fbf6bdec..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/private_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1zVmMhPqpSPMmYkKh5wwlRD5XuS8YWJKEM6tjFx61VK8qxHE
-YngkC2KnL5EuKAjQZIF3tJskwt0hAat047CCCZxrkNEpbVvSnvnk+A/8bg/Ww1n3
-qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XAPy7ZjzecAF9SDV6WSiPeAxUX2+hN
-dId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGwcnkKCUikiBqr2ijSIgvRtBfZ9fBG
-jFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtPnBtTytmqTy9V/BRgsVKUoksm6wsx
-kUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h+wIDAQABAoIBAEQcrHmRACTADdNS
-IjkFYALt2l8EOfMAbryfDSJtapr1kqz59JPNvmq0EIHnixo0n/APYdmReLML1ZR3
-tYkSpjVwgkLVUC1CcIjMQoGYXaZf8PLnGJHZk45RR8m6hsTV0mQ5bfBaeVa2jbma
-OzJMjcnxg/3l9cPQZ2G/3AUfEPccMxOXp1KRz3mUQcGnKJGtDbN/kfmntcwYoxaE
-Zg4RoeKAoMpK1SSHAiJKe7TnztINJ7uygR9XSzNd6auY8A3vomSIjpYO7XL+lh7L
-izm4Ir3Gb/eCYBvWgQyQa2KCJgK/sQyEs3a09ngofSEUhQJQYhgZDwUj+fDDOGqj
-hCZOA8ECgYEA+ZWuHdcUQ3ygYhLds2QcogUlIsx7C8n/Gk/FUrqqXJrTkuO0Eqqa
-B47lCITvmn2zm0ODfSFIARgKEUEDLS/biZYv7SUTrFqBLcet+aGI7Dpv91CgB75R
-tNzcIf8VxoiP0jPqdbh9mLbbxGi5Uc4p9TVXRljC4hkswaouebWee0sCgYEA3L2E
-YB3kiHrhPI9LHS5Px9C1w+NOu5wP5snxrDGEgaFCvL6zgY6PflacppgnmTXl8D1x
-im0IDKSw5dP3FFonSVXReq3CXDql7UnhfTCiLDahV7bLxTH42FofcBpDN3ERdOal
-58RwQh6VrLkzQRVoObo+hbGlFiwwSAfQC509FhECgYBsRSBpVXo25IN2yBRg09cP
-+gdoFyhxrsj5kw1YnB13WrrZh+oABv4WtUhp77E5ZbpaamlKCPwBbXpAjeFg4tfr
-0bksuN7V79UGFQ9FsWuCfr8/nDwv38H2IbFlFhFONMOfPmJBey0Q6JJhm8R41mSh
-OOiJXcv85UrjIH5U0hLUDQKBgQDVLOU5WcUJlPoOXSgiT0ZW5xWSzuOLRUUKEf6l
-19BqzAzCcLy0orOrRAPW01xylt2v6/bJw1Ahva7k1ZZo/kOwjANYoZPxM+ZoSZBN
-MXl8j2mzZuJVV1RFxItV3NcLJNPB/Lk+IbRz9kt/2f9InF7iWR3mSU/wIM6j0X+2
-p6yFsQKBgQCM/ldWb511lA+SNkqXB2P6WXAgAM/7+jwsNHX2ia2Ikufm4SUEKMSv
-mti/nZkHDHsrHU4wb/2cOAywMELzv9EHzdcoenjBQP65OAc/1qWJs+LnBcCXfqKk
-aHjEZW6+brkHdRGLLY3YAHlt/AUL+RsKPJfN72i/FSpmu+52G36eeQ==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/public_key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/public_key.pem
deleted file mode 100644
index f9772b533..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/public_key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zVmMhPqpSPMmYkKh5ww
-lRD5XuS8YWJKEM6tjFx61VK8qxHEYngkC2KnL5EuKAjQZIF3tJskwt0hAat047CC
-CZxrkNEpbVvSnvnk+A/8bg/Ww1n3qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XA
-Py7ZjzecAF9SDV6WSiPeAxUX2+hNdId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGw
-cnkKCUikiBqr2ijSIgvRtBfZ9fBGjFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtP
-nBtTytmqTy9V/BRgsVKUoksm6wsxkUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h
-+wIDAQAB
------END PUBLIC KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-cert.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-cert.pem
deleted file mode 100644
index a2f9688df..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcEnEm5hqP1EbEJycOz8Ua
-NWp29QdpFUzTWhkKGhVXk+0msmNTw4NBAFB42moY44OU8wvDideOlJNhPRWveD8z
-G2lxzJA91p0UK4et8ia9MmeuCGhdC9jxJ8X69WNlUiPyy0hI/ZsqRq9Z0C2eW0iL
-JPXsy4X8Xpw3SFwoXf5pR9RFY5Pb2tuyxqmSestu2VXT/NQjJg4CVDR3mFcHPXZB
-4elRzH0WshExEGkgy0bg20MJeRc2Qdb5Xx+EakbmwroDWaCn3NSGqQ7jv6Vw0doy
-TGvS6h6RHBxnyqRfRgKGlCoOMG9/5+rFJC00QpCUG2vHXHWGoWlMlJ3foN7rj5v9
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ5zt2rj4Ag6
-zpN59AWC1Fur8g8l41ksHkSpKPp+PtyO/ngvbMqBpfmK1e7JCKZv/68QXfMyWWAI
-hwalqZkXXWHKjuz3wE7dE25PXFXtGJtcZAaj10xt98fzdqt8lQSwh2kbfNwZIz1F
-sgAStgE7+ZTcqTgvNB76Os1UK0to+/P0VBWktaVFdyub4Nc2SdPVnZNvrRBXBwOD
-3V8ViwywDOFoE7DvCvwx/SVsvoC0Z4j3AMMovO6oHicP7uU83qsQgm1Qru3YeoLR
-+DoVi7IPHbWvN7MqFYn3YjNlByO2geblY7MR0BlqbFlmFrqLsUfjsh2ys7/U/knC
-dN/klu446fI=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-key.pem
deleted file mode 100644
index a1dfd5f78..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAnBJxJuYaj9RGxCcnDs/FGjVqdvUHaRVM01oZChoVV5PtJrJj
-U8ODQQBQeNpqGOODlPMLw4nXjpSTYT0Vr3g/MxtpccyQPdadFCuHrfImvTJnrgho
-XQvY8SfF+vVjZVIj8stISP2bKkavWdAtnltIiyT17MuF/F6cN0hcKF3+aUfURWOT
-29rbssapknrLbtlV0/zUIyYOAlQ0d5hXBz12QeHpUcx9FrIRMRBpIMtG4NtDCXkX
-NkHW+V8fhGpG5sK6A1mgp9zUhqkO47+lcNHaMkxr0uoekRwcZ8qkX0YChpQqDjBv
-f+fqxSQtNEKQlBtrx1x1hqFpTJSd36De64+b/QIDAQABAoIBAFiah66Dt9SruLkn
-WR8piUaFyLlcBib8Nq9OWSTJBhDAJERxxb4KIvvGB+l0ZgNXNp5bFPSfzsZdRwZP
-PX5uj8Kd71Dxx3mz211WESMJdEC42u+MSmN4lGLkJ5t/sDwXU91E1vbJM0ve8THV
-4/Ag9qA4DX2vVZOeyqT/6YHpSsPNZplqzrbAiwrfHwkctHfgqwOf3QLfhmVQgfCS
-VwidBldEUv2whSIiIxh4Rv5St4kA68IBCbJxdpOpyuQBkk6CkxZ7VN9FqOuSd4Pk
-Wm7iWyBMZsCmELZh5XAXld4BEt87C5R4CvbPBDZxAv3THk1DNNvpy3PFQfwARRFb
-SAToYMECgYEAyL7U8yxpzHDYWd3oCx6vTi9p9N/z0FfAkWrRF6dm4UcSklNiT1Aq
-EOnTA+SaW8tV3E64gCWcY23gNP8so/ZseWj6L+peHwtchaP9+KB7yGw2A+05+lOx
-VetLTjAOmfpiUXFe5w1q4C1RGhLjZjjzW+GvwdAuchQgUEFaomrV+PUCgYEAxwfH
-cmVGFbAktcjU4HSRjKSfawCrut+3YUOLybyku3Q/hP9amG8qkVTFe95CTLjLe2D0
-ccaTTpofFEJ32COeck0g0Ujn/qQ+KXRoauOYs4FB1DtqMpqB78wufWEUpDpbd9/h
-J+gJdC/IADd4tJW9zA92g8IA7ZtFmqDtiSpQ0ekCgYAQGkaorvJZpN+l7cf0RGTZ
-h7IfI2vCVZer0n6tQA9fmLzjoe6r4AlPzAHSOR8sp9XeUy43kUzHKQQoHCPvjw/K
-eWJAP7OHF/k2+x2fOPhU7mEy1W+mJdp+wt4Kio5RSaVjVQ3AyPG+w8PSrJszEvRq
-dWMMz+851WV2KpfjmWBKlQKBgQC++4j4DZQV5aMkSKV1CIZOBf3vaIJhXKEUFQPD
-PmB4fBEjpwCg+zNGp6iktt65zi17o8qMjrb1mtCt2SY04eD932LZUHNFlwcLMmes
-Ad+aiDLJ24WJL1f16eDGcOyktlblDZB5gZ/ovJzXEGOkLXglosTfo77OQculmDy2
-/UL2WQKBgGeKasmGNfiYAcWio+KXgFkHXWtAXB9B91B1OFnCa40wx+qnl71MIWQH
-PQ/CZFNWOfGiNEJIZjrHsfNJoeXkhq48oKcT0AVCDYyLV0VxDO4ejT95mGW6njNd
-JpvmhwwAjOvuWVr0tn4iXlSK8irjlJHmwcRjLTJq97vE9fsA2MjI
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mysql/.gitignore b/apps/emqx_auth_mysql/.gitignore
deleted file mode 100644
index bc6fa0f2f..000000000
--- a/apps/emqx_auth_mysql/.gitignore
+++ /dev/null
@@ -1,31 +0,0 @@
-.eunit
-deps
-*.so
-.iml
-.idea
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_mysql.d
-ct.coverdata
-logs/
-test/ct.cover.spec
-test/*.beam
-cover/
-eunit.coverdata
-data
-.placeholder
-_build/
-rebar.lock
-erlang.mk
-rebar3.crashdump
-etc/emqx_auth_mysql.conf.rendered
-.rebar3/
-*.swp
-.DS_Store
diff --git a/apps/emqx_auth_mysql/README.md b/apps/emqx_auth_mysql/README.md
deleted file mode 100644
index e55a2103f..000000000
--- a/apps/emqx_auth_mysql/README.md
+++ /dev/null
@@ -1,167 +0,0 @@
-emqx_auth_mysql
-===============
-
-Authentication, ACL with MySQL Database.
-
-Notice: changed mysql driver to [mysql-otp](https://github.com/mysql-otp/mysql-otp).
-
-Features
----------
-
-- Full *Authentication*, *Superuser*, *ACL* support
-- IPv4, IPv6 and TLS support
-- Connection pool by [ecpool](https://github.com/emqx/ecpool)
-- Completely cover MySQL 5.7, MySQL 8 in our tests
-
-Build Plugin
--------------
-
-make && make tests
-
-Configure Plugin
-----------------
-
-File: etc/emqx_auth_mysql.conf
-
-```
-## MySQL server address.
-##
-## Value: Port | IP:Port
-##
-## Examples: 3306, 127.0.0.1:3306, localhost:3306
-auth.mysql.server = 127.0.0.1:3306
-
-## MySQL pool size.
-##
-## Value: Number
-auth.mysql.pool = 8
-
-## MySQL username.
-##
-## Value: String
-## auth.mysql.username =
-
-## MySQL Password.
-##
-## Value: String
-## auth.mysql.password =
-
-## MySQL database.
-##
-## Value: String
-auth.mysql.database = mqtt
-
-## Variables: %u = username, %c = clientid
-
-## Authentication query.
-##
-## Note that column names should be 'password' and 'salt' (if used).
-## In case column names differ in your DB - please use aliases,
-## e.g. "my_column_name as password".
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
-## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.mysql.password_hash = sha256
-
-## sha256 with salt prefix
-## auth.mysql.password_hash = salt,sha256
-
-## bcrypt with salt only prefix
-## auth.mysql.password_hash = salt,bcrypt
-
-## sha256 with salt suffix
-## auth.mysql.password_hash = sha256,salt
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mysql.password_hash = pbkdf2,sha256,1000,20
-
-## Superuser query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
-
-## ACL query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %a: ipaddr
-##  - %u: username
-##  - %c: clientid
-## Note: You can add the 'ORDER BY' statement to control the rules match order
-auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
-
-```
-
-Import mqtt.sql
----------------
-
-Import mqtt.sql into your database.
-
-Load Plugin
------------
-
-./bin/emqx_ctl plugins load emqx_auth_mysql
-
-Auth Table
-----------
-
-Notice: This is a demo table. You could authenticate with any user table.
-
-```sql
-CREATE TABLE `mqtt_user` (
-  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
-  `username` varchar(100) DEFAULT NULL,
-  `password` varchar(100) DEFAULT NULL,
-  `salt` varchar(35) DEFAULT NULL,
-  `is_superuser` tinyint(1) DEFAULT 0,
-  `created` datetime DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `mqtt_username` (`username`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-```
-
-ACL Table
-----------
-
-```sql
-CREATE TABLE `mqtt_acl` (
-  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
-  `allow` int(1) DEFAULT NULL COMMENT '0: deny, 1: allow',
-  `ipaddr` varchar(60) DEFAULT NULL COMMENT 'IpAddress',
-  `username` varchar(100) DEFAULT NULL COMMENT 'Username',
-  `clientid` varchar(100) DEFAULT NULL COMMENT 'ClientId',
-  `access` int(2) NOT NULL COMMENT '1: subscribe, 2: publish, 3: pubsub',
-  `topic` varchar(100) NOT NULL DEFAULT '' COMMENT 'Topic Filter',
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-```
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
diff --git a/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf b/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
deleted file mode 100644
index 1c3d40059..000000000
--- a/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+++ /dev/null
@@ -1,131 +0,0 @@
-##--------------------------------------------------------------------
-## MySQL Auth/ACL Plugin
-##--------------------------------------------------------------------
-
-## MySQL server address.
-##
-## Value: Port | IP:Port
-##
-## Examples: 3306, 127.0.0.1:3306, localhost:3306
-auth.mysql.server = "127.0.0.1:3306"
-
-## MySQL pool size.
-##
-## Value: Number
-auth.mysql.pool = 8
-
-## MySQL username.
-##
-## Value: String
-#auth.mysql.username =
-
-## MySQL password.
-##
-## Value: String
-#auth.mysql.password =
-
-## MySQL database.
-##
-## Value: String
-auth.mysql.database = mqtt
-
-## MySQL query timeout
-##
-## Value: Duration
-## auth.mysql.query_timeout = 5s
-
-## Variables: %u = username, %c = clientid
-
-## Authentication query.
-##
-## Note that column names should be 'password' and 'salt' (if used).
-## In case column names differ in your DB - please use aliases,
-## e.g. "my_column_name as password".
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.mysql.auth_query = "select password from mqtt_user where username = '%u' limit 1"
-## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.mysql.password_hash = sha256
-
-## sha256 with salt prefix
-## auth.mysql.password_hash = "salt,sha256"
-
-## bcrypt with salt only prefix
-## auth.mysql.password_hash = "salt,bcrypt"
-
-## sha256 with salt suffix
-## auth.mysql.password_hash = "sha256,salt"
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mysql.password_hash = "pbkdf2,sha256,1000,20"
-
-## Superuser query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.mysql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1"
-
-## ACL query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %a: ipaddr
-##  - %u: username
-##  - %c: clientid
-##
-## Note: You can add the 'ORDER BY' statement to control the rules match order
-auth.mysql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
-
-## Mysql ssl configuration.
-##
-## Value: on | off
-## auth.mysql.ssl.enable = off
-
-## CA certificate.
-##
-## Value: File
-#auth.mysql.ssl.cacertfile  = /path/to/ca.pem
-
-## Client ssl certificate.
-##
-## Value: File
-#auth.mysql.ssl.certfile = /path/to/your/clientcert.pem
-
-## Client ssl keyfile.
-##
-## Value: File
-#auth.mysql.ssl.keyfile = /path/to/your/clientkey.pem
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-#auth.mysql.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.mysql.server` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.mysql.ssl.server_name_indication = disable
diff --git a/apps/emqx_auth_mysql/include/emqx_auth_mysql.hrl b/apps/emqx_auth_mysql/include/emqx_auth_mysql.hrl
deleted file mode 100644
index fca431e81..000000000
--- a/apps/emqx_auth_mysql/include/emqx_auth_mysql.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
-
--define(APP, emqx_auth_mysql).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_mysql/mqtt.sql b/apps/emqx_auth_mysql/mqtt.sql
deleted file mode 100644
index 9635bee58..000000000
--- a/apps/emqx_auth_mysql/mqtt.sql
+++ /dev/null
@@ -1,41 +0,0 @@
-
-DROP TABLE IF EXISTS `mqtt_acl`;
-
-CREATE TABLE `mqtt_acl` (
-  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
-  `allow` int(1) DEFAULT NULL COMMENT '0: deny, 1: allow',
-  `ipaddr` varchar(60) DEFAULT NULL COMMENT 'IpAddress',
-  `username` varchar(100) DEFAULT NULL COMMENT 'Username',
-  `clientid` varchar(100) DEFAULT NULL COMMENT 'ClientId',
-  `access` int(2) NOT NULL COMMENT '1: subscribe, 2: publish, 3: pubsub',
-  `topic` varchar(100) NOT NULL DEFAULT '' COMMENT 'Topic Filter',
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-
-LOCK TABLES `mqtt_acl` WRITE;
-
-INSERT INTO `mqtt_acl` (`id`, `allow`, `ipaddr`, `username`, `clientid`, `access`, `topic`)
-VALUES
-	(1,1,NULL,'$all',NULL,2,'#'),
-	(2,0,NULL,'$all',NULL,1,'$SYS/#'),
-	(3,0,NULL,'$all',NULL,1,'eq #'),
-	(4,1,'127.0.0.1',NULL,NULL,2,'$SYS/#'),
-	(5,1,'127.0.0.1',NULL,NULL,2,'#'),
-	(6,1,NULL,'dashboard',NULL,1,'$SYS/#');
-
-UNLOCK TABLES;
-
-
-DROP TABLE IF EXISTS `mqtt_user`;
-
-CREATE TABLE `mqtt_user` (
-  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
-  `username` varchar(100) DEFAULT NULL,
-  `password` varchar(100) DEFAULT NULL,
-  `salt` varchar(35) DEFAULT NULL,
-  `is_superuser` tinyint(1) DEFAULT 0,
-  `created` datetime DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `mqtt_username` (`username`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
-
diff --git a/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema b/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema
deleted file mode 100644
index fba25f41f..000000000
--- a/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema
+++ /dev/null
@@ -1,156 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_mysql config mapping
-{mapping, "auth.mysql.server", "emqx_auth_mysql.server", [
-  {default, {"127.0.0.1", 3306}},
-  {datatype, [integer, ip, string]}
-]}.
-
-{mapping, "auth.mysql.pool", "emqx_auth_mysql.server", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.mysql.username", "emqx_auth_mysql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.password", "emqx_auth_mysql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.database", "emqx_auth_mysql.server", [
-  {default, "mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.query_timeout", "emqx_auth_mysql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.ssl.enable", "emqx_auth_mysql.server", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.mysql.ssl.cafile", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.ssl.cacertfile", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mysql.ssl.certfile", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.ssl.keyfile", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.ssl.verify", "emqx_auth_mysql.server", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.mysql.ssl.server_name_indication", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mysql.server", fun(Conf) ->
-  {MyHost, MyPort} =
-  case cuttlefish:conf_get("auth.mysql.server", Conf) of
-    {Ip, Port} -> {Ip, Port};
-    S          -> case string:tokens(S, ":") of
-                    [Domain]       -> {Domain, 3306};
-                    [Domain, Port] -> {Domain, list_to_integer(Port)}
-                  end
-    end,
-  Pool = cuttlefish:conf_get("auth.mysql.pool", Conf),
-  Username = cuttlefish:conf_get("auth.mysql.username", Conf),
-  Passwd = cuttlefish:conf_get("auth.mysql.password", Conf),
-  DB = cuttlefish:conf_get("auth.mysql.database", Conf),
-  Timeout = case cuttlefish:conf_get("auth.mysql.query_timeout", Conf) of
-                "" -> 300000;
-                Duration ->
-                    case cuttlefish_duration:parse(Duration, ms) of
-                      {error, Reason} -> error(Reason);
-                      Ms when is_integer(Ms) -> Ms
-                  end
-            end,
-  Options = [{pool_size, Pool},
-             {auto_reconnect, 1},
-             {host, MyHost},
-             {port, MyPort},
-             {user, Username},
-             {password, Passwd},
-             {database, DB},
-             {encoding, utf8},
-             {query_timeout, Timeout},
-             {keep_alive, true}],
-  Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  Options1 =
-      case cuttlefish:conf_get("auth.mysql.ssl.enable", Conf) of
-            true ->
-                %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-                CA = cuttlefish:conf_get(
-                        "auth.mysql.ssl.cacertfile", Conf,
-                        cuttlefish:conf_get("auth.mysql.ssl.cafile", Conf, undefined)
-                     ),
-                Cert = cuttlefish:conf_get("auth.mysql.ssl.certfile", Conf, undefined),
-                Key = cuttlefish:conf_get("auth.mysql.ssl.keyfile", Conf, undefined),
-                Verify = case cuttlefish:conf_get("auth.mysql.ssl.verify", Conf, false) of
-                             true -> verify_peer;
-                             false -> verify_none
-                         end,
-                SNI = case cuttlefish:conf_get("auth.mysql.ssl.server_name_indication", Conf, undefined) of
-                        "disable" -> disable;
-                        SNI0 -> SNI0
-                      end,
-                Options ++ [{ssl, Filter([{server_name_indication, SNI},
-                                          {cacertfile, CA},
-                                          {certfile, Cert},
-                                          {keyfile, Key},
-                                          {verify, Verify}
-                                         ])
-                            }];
-            _ ->
-                Options
-      end,
-  case inet:parse_address(MyHost) of
-      {ok, IpAddr} when tuple_size(IpAddr) =:= 8 ->
-          [{tcp_options, [inet6]} | Options1];
-      _ ->
-          Options1
-  end
-end}.
-
-{mapping, "auth.mysql.auth_query", "emqx_auth_mysql.auth_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.password_hash", "emqx_auth_mysql.password_hash", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.super_query", "emqx_auth_mysql.super_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.acl_query", "emqx_auth_mysql.acl_query", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mysql.password_hash", fun(Conf) ->
-  HashValue = cuttlefish:conf_get("auth.mysql.password_hash", Conf),
-    case string:tokens(HashValue, ",") of
-        [Hash]           -> list_to_atom(Hash);
-        [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
-        [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
-        _                -> plain
-    end
-end}.
diff --git a/apps/emqx_auth_mysql/rebar.config b/apps/emqx_auth_mysql/rebar.config
deleted file mode 100644
index b86500e8f..000000000
--- a/apps/emqx_auth_mysql/rebar.config
+++ /dev/null
@@ -1,24 +0,0 @@
-{deps,
- [
-  {mysql, {git, "https://github.com/emqx/mysql-otp", {tag, "1.7.1"}}}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed,
-            {parse_transform}
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions
-              ]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl b/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl
deleted file mode 100644
index ef4acea94..000000000
--- a/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl
+++ /dev/null
@@ -1,119 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mysql).
-
--include("emqx_auth_mysql.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
-%% ACL Callbacks
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) ->
-    case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of
-        ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
-        {stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
-        {stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
-    end.
-
-do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
-    ok;
-do_check_acl(Pool, ClientInfo, PubSub, Topic, _NoMatchAction, #{acl_query := {AclSql, AclParams}}) ->
-    case emqx_auth_mysql_cli:query(Pool, AclSql, AclParams, ClientInfo) of
-        {ok, _Columns, []} -> ok;
-        {ok, _Columns, Rows} ->
-            Rules = filter(PubSub, compile(Rows)),
-            case match(ClientInfo, Topic, Rules) of
-                {matched, allow} -> {stop, allow};
-                {matched, deny}  -> {stop, deny};
-                nomatch          -> ok
-            end;
-        {error, Reason} ->
-            ?LOG(error, "[MySQL] do_check_acl error: ~p~n", [Reason]),
-            ok
-    end.
-
-match(_ClientInfo, _Topic, []) ->
-    nomatch;
-
-match(ClientInfo, Topic, [Rule|Rules]) ->
-    case emqx_access_rule:match(ClientInfo, Topic, Rule) of
-        nomatch ->
-            match(ClientInfo, Topic, Rules);
-        {matched, AllowDeny} ->
-            {matched, AllowDeny}
-    end.
-
-filter(PubSub, Rules) ->
-    [Term || Term = {_, _, Access, _} <- Rules,
-             Access =:= PubSub orelse Access =:= pubsub].
-
-compile(Rows) ->
-    compile(Rows, []).
-compile([], Acc) ->
-    Acc;
-compile([[Allow, IpAddr, Username, ClientId, Access, Topic]|T], Acc) ->
-    Who  = who(IpAddr, Username, ClientId),
-    Term = {allow(Allow), Who, access(Access), [topic(Topic)]},
-    compile(T, [emqx_access_rule:compile(Term) | Acc]).
-
-who(_, <<"$all">>, _) ->
-    all;
-who(null, null, null) ->
-    throw(undefined_who);
-who(CIDR, Username, ClientId) ->
-    Cols = [{ipaddr, b2l(CIDR)}, {user, Username}, {client, ClientId}],
-    case [{C, V} || {C, V} <- Cols, not empty(V)] of
-        [Who] -> Who;
-        Conds -> {'and', Conds}
-    end.
-
-allow(1)  -> allow;
-allow(0)  -> deny;
-allow(<<"1">>)  -> allow;
-allow(<<"0">>)  -> deny.
-
-access(1) -> subscribe;
-access(2) -> publish;
-access(3) -> pubsub;
-access(<<"1">>) -> subscribe;
-access(<<"2">>) -> publish;
-access(<<"3">>) -> pubsub.
-
-topic(<<"eq ", Topic/binary>>) ->
-    {eq, Topic};
-topic(Topic) ->
-    Topic.
-
-description() ->
-    "ACL with Mysql".
-
-b2l(null) -> null;
-b2l(B)    -> binary_to_list(B).
-
-empty(null) -> true;
-empty("")   -> true;
-empty(<<>>) -> true;
-empty(_)    -> false.
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src b/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
deleted file mode 100644
index 8a0d116cc..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_mysql,
- [{description, "EMQ X Authentication/ACL with MySQL"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_mysql_sup]},
-  {applications, [kernel,stdlib,mysql,ecpool]},
-  {mod, {emqx_auth_mysql_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-mysql"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
deleted file mode 100644
index eba7ef081..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
+++ /dev/null
@@ -1,91 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql).
-
--include("emqx_auth_mysql.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("emqx/include/types.hrl").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--define(EMPTY(Username), (Username =:= undefined orelse Username =:= <<>>)).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{password := Password}, AuthResult,
-      #{auth_query  := {AuthSql, AuthParams},
-        super_query := SuperQuery,
-        hash_type   := HashType,
-        pool := Pool}) ->
-    CheckPass = case emqx_auth_mysql_cli:query(Pool, AuthSql, AuthParams, ClientInfo) of
-                    {ok, [<<"password">>], [[PassHash]]} ->
-                        check_pass({PassHash, Password}, HashType);
-                    {ok, [<<"password">>, <<"salt">>], [[PassHash, Salt]]} ->
-                        check_pass({PassHash, Salt, Password}, HashType);
-                    {ok, _Columns, []} ->
-                        {error, not_found};
-                    {error, Reason} ->
-                        ?LOG(error, "[MySQL] query '~p' failed: ~p", [AuthSql, Reason]),
-                        {error, Reason}
-                end,
-    case CheckPass of
-        ok ->
-            emqx_metrics:inc(?AUTH_METRICS(success)),
-            {stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
-                                anonymous => false,
-                                auth_result => success}};
-        {error, not_found} ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore)), ok;
-        {error, ResultCode} ->
-            ?LOG(error, "[MySQL] Auth from mysql failed: ~p", [ResultCode]),
-            emqx_metrics:inc(?AUTH_METRICS(failure)),
-            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
-    end.
-
-%%--------------------------------------------------------------------
-%% Is Superuser?
-%%--------------------------------------------------------------------
-
--spec(is_superuser(atom(), maybe({string(), list()}), emqx_types:client()) -> boolean()).
-is_superuser(_Pool, undefined, _ClientInfo) -> false;
-is_superuser(Pool, {SuperSql, Params}, ClientInfo) ->
-    case emqx_auth_mysql_cli:query(Pool, SuperSql, Params, ClientInfo) of
-        {ok, [_Super], [[1]]} ->
-            true;
-        {ok, [_Super], [[_False]]} ->
-            false;
-        {ok, [_Super], []} ->
-            false;
-        {error, _Error} ->
-            false
-    end.
-
-check_pass(Password, HashType) ->
-    case emqx_passwd:check_pass(Password, HashType) of
-        ok -> ok;
-        {error, _Reason} -> {error, not_authorized}
-    end.
-
-description() -> "Authentication with MySQL".
-
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
deleted file mode 100644
index ec1e25e6b..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
+++ /dev/null
@@ -1,74 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_mysql.hrl").
-
--import(emqx_auth_mysql_cli, [parse_query/1]).
-
-%% Application callbacks
--export([ start/2
-        , prep_stop/1
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_mysql_sup:start_link(),
-    _ = if_enabled(auth_query, fun load_auth_hook/1),
-    _ = if_enabled(acl_query,  fun load_acl_hook/1),
-
-    {ok, Sup}.
-
-prep_stop(State) ->
-    emqx:unhook('client.authenticate', {emqx_auth_mysql, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_mysql, check_acl}),
-    State.
-
-stop(_State) ->
-    ok.
-
-load_auth_hook(AuthQuery) ->
-    ok = emqx_auth_mysql:register_metrics(),
-    SuperQuery = parse_query(application:get_env(?APP, super_query, undefined)),
-    {ok, HashType} = application:get_env(?APP, password_hash),
-    Params = #{auth_query  => AuthQuery,
-               super_query => SuperQuery,
-               hash_type   => HashType,
-               pool => ?APP},
-    emqx:hook('client.authenticate', {emqx_auth_mysql, check, [Params]}).
-
-load_acl_hook(AclQuery) ->
-    ok = emqx_acl_mysql:register_metrics(),
-    emqx:hook('client.check_acl', {emqx_acl_mysql, check_acl, [#{acl_query => AclQuery, pool =>?APP}]}).
-
-%%--------------------------------------------------------------------
-%% Internal function
-%%--------------------------------------------------------------------
-
-if_enabled(Cfg, Fun) ->
-    case application:get_env(?APP, Cfg) of
-        {ok, Query} -> Fun(parse_query(Query));
-        undefined   -> ok
-    end.
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
deleted file mode 100644
index cf3be3426..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
+++ /dev/null
@@ -1,91 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql_cli).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_mysql.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ parse_query/1
-        , connect/1
-        , query/4
-        ]).
-
-%%--------------------------------------------------------------------
-%% Avoid SQL Injection: Parse SQL to Parameter Query.
-%%--------------------------------------------------------------------
-
-parse_query(undefined) ->
-    undefined;
-parse_query(Sql) ->
-    case re:run(Sql, "'%[ucCad]'", [global, {capture, all, list}]) of
-        {match, Variables} ->
-            Params = [Var || [Var] <- Variables],
-            {re:replace(Sql, "'%[ucCad]'", "?", [global, {return, list}]), Params};
-        nomatch ->
-            {Sql, []}
-    end.
-
-%%--------------------------------------------------------------------
-%% MySQL Connect/Query
-%%--------------------------------------------------------------------
-
-connect(Options) ->
-    case mysql:start_link(Options) of
-        {ok, Pid} -> {ok, Pid};
-        ignore -> {error, ignore};
-        {error, Reason = {{_, {error, econnrefused}}, _}} ->
-            ?LOG(error, "[MySQL] Can't connect to MySQL server: Connection refused."),
-            {error, Reason};
-        {error, Reason = {ErrorCode, _, Error}} ->
-            ?LOG(error, "[MySQL] Can't connect to MySQL server: ~p - ~p", [ErrorCode, Error]),
-            {error, Reason};
-        {error, Reason} ->
-            ?LOG(error, "[MySQL] Can't connect to MySQL server: ~p", [Reason]),
-            {error, Reason}
-    end.
-
-query(Pool, Sql, Params, ClientInfo) ->
-    ecpool:with_client(Pool, fun(C) -> mysql:query(C, Sql, replvar(Params, ClientInfo)) end).
-
-replvar(Params, ClientInfo) ->
-    replvar(Params, ClientInfo, []).
-
-replvar([], _ClientInfo, Acc) ->
-    lists:reverse(Acc);
-
-replvar(["'%u'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(username, ClientInfo) | Acc]);
-replvar(["'%c'" | Params], ClientInfo = #{clientid := ClientId}, Acc) ->
-    replvar(Params, ClientInfo, [ClientId | Acc]);
-replvar(["'%a'" | Params], ClientInfo = #{peerhost := IpAddr}, Acc) ->
-    replvar(Params, ClientInfo, [inet_parse:ntoa(IpAddr) | Acc]);
-replvar(["'%C'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(cn, ClientInfo)| Acc]);
-replvar(["'%d'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(dn, ClientInfo)| Acc]);
-replvar([Param | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [Param | Acc]).
-
-safe_get(K, ClientInfo) ->
-    bin(maps:get(K, ClientInfo, "undefined")).
-
-bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
-bin(B) when is_binary(B) -> B;
-bin(X) -> X.
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl
deleted file mode 100644
index 70f4987a3..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl
+++ /dev/null
@@ -1,40 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_mysql.hrl").
-
--export([start_link/0]).
-
-%% Supervisor callbacks
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-%%--------------------------------------------------------------------
-%% Supervisor callbacks
-%%--------------------------------------------------------------------
-
-init([]) ->
-    %% MySQL Connection Pool.
-    {ok, Server} = application:get_env(?APP, server),
-    PoolSpec = ecpool:pool_spec(?APP, ?APP, emqx_auth_mysql_cli, Server),
-    {ok, {{one_for_one, 10, 100}, [PoolSpec]}}.
-
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl
deleted file mode 100644
index 0ae81435d..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl
+++ /dev/null
@@ -1,235 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--define(APP, emqx_auth_mysql).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--define(DROP_ACL_TABLE, <<"DROP TABLE IF EXISTS mqtt_acl">>).
-
--define(CREATE_ACL_TABLE, <<"CREATE TABLE mqtt_acl ("
-                            "   id int(11) unsigned NOT NULL AUTO_INCREMENT,"
-                            "   allow int(1) DEFAULT NULL COMMENT '0: deny, 1: allow',"
-                            "   ipaddr varchar(60) DEFAULT NULL COMMENT 'IpAddress',"
-                            "   username varchar(100) DEFAULT NULL COMMENT 'Username',"
-                            "   clientid varchar(100) DEFAULT NULL COMMENT 'ClientId',"
-                            "   access int(2) NOT NULL COMMENT '1: subscribe, 2: publish, 3: pubsub',"
-                            "   topic varchar(100) NOT NULL DEFAULT '' COMMENT 'Topic Filter',"
-                            "   PRIMARY KEY (`id`)"
-                            ") ENGINE=InnoDB DEFAULT CHARSET=utf8mb4">>).
-
--define(INIT_ACL, <<"INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)"
-                    "VALUES (1,1,'127.0.0.1','u1','c1',1,'t1'),"
-                           "(2,0,'127.0.0.1','u2','c2',1,'t1'),"
-                           "(3,1,'10.10.0.110','u1','c1',1,'t1'),"
-                           "(4,1,'127.0.0.1','u3','c3',3,'t1')">>).
-
--define(DROP_AUTH_TABLE, <<"DROP TABLE IF EXISTS `mqtt_user`">>).
-
--define(CREATE_AUTH_TABLE, <<"CREATE TABLE `mqtt_user` ("
-                             "`id` int(11) unsigned NOT NULL AUTO_INCREMENT,"
-                             "`username` varchar(100) DEFAULT NULL,"
-                             "`password` varchar(100) DEFAULT NULL,"
-                             "`salt` varchar(100) DEFAULT NULL,"
-                             "`is_superuser` tinyint(1) DEFAULT 0,"
-                             "`created` datetime DEFAULT NULL,"
-                             "PRIMARY KEY (`id`),"
-                             "UNIQUE KEY `mqtt_username` (`username`)"
-                             ") ENGINE=InnoDB DEFAULT CHARSET=utf8mb4">>).
-
--define(INIT_AUTH, <<"INSERT INTO mqtt_user (id, is_superuser, username, password, salt)"
-                     "VALUES (1, 1, 'plain', 'plain', 'salt'),"
-                            "(2, 0, 'md5', '1bc29b36f623ba82aaf6724fd3b16718', 'salt'),"
-                            "(3, 0, 'sha', 'd8f4590320e1343a915b6394170650a8f35d6926', 'salt'),"
-                            "(4, 0, 'sha256', '5d5b09f6dcb2d53a5fffc60c4ac0d55fabdf556069d6631545f42aa6e3500f2e', 'salt'),"
-                            "(5, 0, 'pbkdf2_password', 'cdedb5281bb2f801565a1122b2563515', 'ATHENA.MIT.EDUraeburn'),"
-                            "(6, 0, 'bcrypt_foo', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.HbUIOdlQI0iS22Q5rd5z.JVVYH6sfm6', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.'),"
-                            "(7, 0, 'bcrypt', '$2y$16$rEVsDarhgHYB0TGnDFJzyu5f.T.Ha9iXMTk9J36NCMWWM7O16qyaK', 'salt'),"
-                            "(8, 0, 'bcrypt_wrong', '$2y$16$rEVsDarhgHYB0TGnDFJzyu', 'salt')">>).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    emqx_ct_helpers:start_apps([emqx_auth_mysql], fun set_special_configs/1),
-    init_mysql_data(),
-    Cfg.
-
-end_per_suite(_) ->
-    deinit_mysql_data(),
-    emqx_ct_helpers:stop_apps([emqx_auth_mysql]),
-    ok.
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, "test/emqx_SUITE_data/loaded_plugins"));
-
-set_special_configs(_App) ->
-    ok.
-
-init_mysql_data() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?APP})),
-    %% Users
-    ok = mysql:query(Pid, ?DROP_AUTH_TABLE),
-    ok = mysql:query(Pid, ?CREATE_AUTH_TABLE),
-    ok = mysql:query(Pid, ?INIT_AUTH),
-
-    %% ACLs
-    ok = mysql:query(Pid, ?DROP_ACL_TABLE),
-    ok = mysql:query(Pid, ?CREATE_ACL_TABLE),
-    ok = mysql:query(Pid, ?INIT_ACL).
-
-deinit_mysql_data() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?APP})),
-    ok = mysql:query(Pid, ?DROP_AUTH_TABLE),
-    ok = mysql:query(Pid, ?DROP_ACL_TABLE).
-
-%%--------------------------------------------------------------------
-%% Test cases
-%%--------------------------------------------------------------------
-
-t_check_acl(_) ->
-    User0 = #{zone => external,peerhost => {127,0,0,1}},
-    deny  = emqx_access_control:check_acl(User0, subscribe, <<"t1">>),
-    User1 = #{zone => external, clientid => <<"c1">>, username => <<"u1">>, peerhost => {127,0,0,1}},
-    User2 = #{zone => external, clientid => <<"c2">>, username => <<"u2">>, peerhost => {127,0,0,1}},
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"t1">>),
-    deny  = emqx_access_control:check_acl(User2, subscribe, <<"t1">>),
-
-    User3 = #{zone => external, peerhost => {10,10,0,110}, clientid => <<"c1">>, username => <<"u1">>},
-    User4 = #{zone => external, peerhost => {10,10,10,110}, clientid => <<"c1">>, username => <<"u1">>},
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
-    deny  = emqx_access_control:check_acl(User3, subscribe, <<"t2">>),%% nomatch -> ignore -> emqx acl
-    deny  = emqx_access_control:check_acl(User4, subscribe, <<"t1">>),%% nomatch -> ignore -> emqx acl
-    User5 = #{zone => external, peerhost => {127,0,0,1}, clientid => <<"c3">>, username => <<"u3">>},
-    allow = emqx_access_control:check_acl(User5, subscribe, <<"t1">>),
-    allow = emqx_access_control:check_acl(User5, publish, <<"t1">>).
-
-t_acl_super(_Config) ->
-    reload([{password_hash, plain},
-            {auth_query, "select password from mqtt_user where username = '%u' limit 1"}]),
-    {ok, C} = emqtt:start_link([{host, "localhost"},
-                                {clientid, <<"simpleClient">>},
-                                {username, <<"plain">>},
-                                {password, <<"plain">>}]),
-    {ok, _} = emqtt:connect(C),
-    timer:sleep(10),
-    emqtt:subscribe(C, <<"TopicA">>, qos2),
-    timer:sleep(1000),
-    emqtt:publish(C, <<"TopicA">>, <<"Payload">>, qos2),
-    timer:sleep(1000),
-    receive
-        {publish, #{payload := Payload}} ->
-            ?assertEqual(<<"Payload">>, Payload)
-    after
-        1000 ->
-            ct:fail({receive_timeout, <<"Payload">>}),
-            ok
-    end,
-    emqtt:disconnect(C).
-
-t_check_auth(_) ->
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    Md5 = #{clientid => <<"md5">>, username => <<"md5">>, zone => external},
-    Sha = #{clientid => <<"sha">>, username => <<"sha">>, zone => external},
-    Sha256 = #{clientid => <<"sha256">>, username => <<"sha256">>, zone => external},
-    Pbkdf2 = #{clientid => <<"pbkdf2_password">>, username => <<"pbkdf2_password">>, zone => external},
-    BcryptFoo = #{clientid => <<"bcrypt_foo">>, username => <<"bcrypt_foo">>, zone => external},
-    User1 = #{clientid => <<"bcrypt_foo">>, username => <<"user">>, zone => external},
-    Bcrypt = #{clientid => <<"bcrypt">>, username => <<"bcrypt">>, zone => external},
-    BcryptWrong = #{clientid => <<"bcrypt_wrong">>, username => <<"bcrypt_wrong">>, zone => external},
-    reload([{password_hash, plain}]),
-    {ok,#{is_superuser := true}} =
-        emqx_access_control:authenticate(Plain#{password => <<"plain">>}),
-    reload([{password_hash, md5}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Md5#{password => <<"md5">>}),
-    reload([{password_hash, sha}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Sha#{password => <<"sha">>}),
-    reload([{password_hash, sha256}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Sha256#{password => <<"sha256">>}),
-    reload([{password_hash, bcrypt}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(BcryptWrong#{password => <<"password">>}),
-    %%pbkdf2 sha
-    reload([{password_hash, {pbkdf2, sha, 1, 16}},
-            {auth_query, "select password, salt from mqtt_user where username = '%u' limit 1"}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Pbkdf2#{password => <<"password">>}),
-    reload([{password_hash, {salt, bcrypt}}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(BcryptFoo#{password => <<"foo">>}),
-    {error, _} = emqx_access_control:authenticate(User1#{password => <<"foo">>}),
-    {error, not_authorized} = emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}).
-
-t_comment_config(_) ->
-    application:stop(?APP),
-    [application:unset_env(?APP, Par) || Par <- [acl_query, auth_query]],
-    application:start(?APP).
-
-t_placeholders(_) ->
-    ClientA = #{username => <<"plain">>, clientid => <<"plain">>, zone => external},
-
-    reload([{password_hash, plain},
-            {auth_query, "select password from mqtt_user where username = '%u' and 'a_cn_val' = '%C' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, cn => undefined}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, cn => <<"a_cn_val">>}),
-
-    reload([{auth_query, "select password from mqtt_user where username = '%c' and 'a_dn_val' = '%d' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, dn => undefined}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, dn => <<"a_dn_val">>}),
-
-    reload([{auth_query, "select password from mqtt_user where username = '%u' and '192.168.1.5' = '%a' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, peerhost => {192,168,1,5}}).
-
-%%--------------------------------------------------------------------
-%% Internal funcs
-%%--------------------------------------------------------------------
-
-reload(Config) when is_list(Config) ->
-    application:stop(?APP),
-    [application:set_env(?APP, K, V) || {K, V} <- Config],
-    application:start(?APP).
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca-key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca-key.pem
deleted file mode 100644
index e9717011e..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0kGUBi9NDp65jgdxKfizIfuSr2wpwb44yM9SuP4oUQSULOA2
-4iFpLR/c5FAYHU81y9Vx91dQjdZfffaBZuv2zVvteXUkol8Nez7boKbo2E41MTew
-8edtNKZAQVvnaHAC2NCZxjchCzUCDEoUUcl+cIERZ8R48FBqK5iTVcMRIx1akwus
-+dhBqP0ykA5TGOWZkJrLM9aUXSPQha9+wXlOpkvu0Ur2nkX8PPJnifWao9UShSar
-ll1IqPZNCSlZMwcFYcQNBCpdvITUUYlHvMRQV64bUpOxUGDuJkQL3dLKBlNuBRlJ
-BcjBAKw7rFnwwHZcMmQ9tan/dZzpzwjo/T0XjwIDAQABAoIBAQCSHvUqnzDkWjcG
-l/Fzg92qXlYBCCC0/ugj1sHcwvVt6Mq5rVE3MpUPwTcYjPlVVTlD4aEEjm/zQuq2
-ddxUlOS+r4aIhHrjRT/vSS4FpjnoKeIZxGR6maVxk6DQS3i1QjMYT1CvSpzyVvKH
-a+xXMrtmoKxh+085ZAmFJtIuJhUA2yEa4zggCxWnvz8ecLClUPfVDPhdLBHc3KmL
-CRpHEC6L/wanvDPRdkkzfKyaJuIJlTDaCg63AY5sDkTW2I57iI/nJ3haSeidfQKz
-39EfbnM1A/YprIakafjAu3frBIsjBVcxwGihZmL/YriTHjOggJF841kT5zFkkv2L
-/530Wk6xAoGBAOqZLZ4DIi/zLndEOz1mRbUfjc7GQUdYplBnBwJ22VdS0P4TOXnd
-UbJth2MA92NM7ocTYVFl4TVIZY/Y+Prxk7KQdHWzR7JPpKfx9OEVgtSqV0vF9eGI
-rKp79Y1T4Mvc3UcQCXX6TP7nHLihEzpS8odm2LW4txrOiLsn4Fq/IWrLAoGBAOVv
-6U4tm3lImotUupKLZPKEBYwruo9qRysoug9FiorP4TjaBVOfltiiHbAQD6aGfVtN
-SZpZZtrs17wL7Xl4db5asgMcZd+8Hkfo5siR7AuGW9FZloOjDcXb5wCh9EvjJ74J
-Cjw7RqyVymq9t7IP6wnVwj5Ck48YhlOZCz/mzlnNAoGAWq7NYFgLvgc9feLFF23S
-IjpJQZWHJEITP98jaYNxbfzYRm49+GphqxwFinKULjFNvq7yHlnIXSVYBOu1CqOZ
-GRwXuGuNmlKI7lZr9xmukfAqgGLMMdr4C4qRF4lFyufcLRz42z7exmWlx4ST/yaT
-E13hBRWayeTuG5JFei6Jh1MCgYEAqmX4LyC+JFBgvvQZcLboLRkSCa18bADxhENG
-FAuAvmFvksqRRC71WETmqZj0Fqgxt7pp3KFjO1rFSprNLvbg85PmO1s+6fCLyLpX
-lESTu2d5D71qhK93jigooxalGitFm+SY3mzjq0/AOpBWOn+J/w7rqVPGxXLgaHv0
-l+vx+00CgYBOvo9/ImjwYii2jFl+sHEoCzlvpITi2temRlT2j6ulSjCLJgjwEFw9
-8e+vvfQumQOsutakUVyURrkMGNDiNlIv8kv5YLCCkrwN22E6Ghyi69MJUvHQXkc/
-QZhjn/luyfpB5f/BeHFS2bkkxAXo+cfG45ApY3Qfz6/7o+H+vDa6/A==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
deleted file mode 100644
index 00b31d8a4..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAeugAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowPDE6MDgGA1UEAwwxTXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DQV9DZXJ0aWZpY2F0ZTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJBlAYvTQ6euY4HcSn4syH7kq9s
-KcG+OMjPUrj+KFEElCzgNuIhaS0f3ORQGB1PNcvVcfdXUI3WX332gWbr9s1b7Xl1
-JKJfDXs+26Cm6NhONTE3sPHnbTSmQEFb52hwAtjQmcY3IQs1AgxKFFHJfnCBEWfE
-ePBQaiuYk1XDESMdWpMLrPnYQaj9MpAOUxjlmZCayzPWlF0j0IWvfsF5TqZL7tFK
-9p5F/DzyZ4n1mqPVEoUmq5ZdSKj2TQkpWTMHBWHEDQQqXbyE1FGJR7zEUFeuG1KT
-sVBg7iZEC93SygZTbgUZSQXIwQCsO6xZ8MB2XDJkPbWp/3Wc6c8I6P09F48CAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADKz6bIpP5anp
-GgLB0jkclRWuMlS4qqIt4itSsMXPJ/ezpHwECixmgW2TIQl6S1woRkUeMxhT2/Ay
-Sn/7aKxuzRagyE5NEGOvrOuAP5RO2ZdNJ/X3/Rh533fK1sOTEEbSsWUvW6iSkZef
-rsfZBVP32xBhRWkKRdLeLB4W99ADMa0IrTmZPCXHSSE2V4e1o6zWLXcOZeH1Qh8N
-SkelBweR+8r1Fbvy1r3s7eH7DCbYoGEDVLQGOLvzHKBisQHmoDnnF5E9g1eeNRdg
-o+vhOKfYCOzeNREJIqS42PHcGhdNRk90ycigPmfUJclz1mDHoMjKR2S5oosTpr65
-tNPx3CL7GA==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
deleted file mode 100644
index aad1404ca..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAzANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0N1oXDTMwMDYwOTAzMzg0N1owQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DbGllbnRfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVYSWpOvCTupz82fc85Opv
-EQ7rkB8X2oOMyBCpkyHKBIr1ZQgRDWBp9UVOASq3GnSElm6+T3Kb1QbOffa8GIlw
-sjAueKdq5L2eSkmPIEQ7eoO5kEW+4V866hE1LeL/PmHg2lGP0iqZiJYtElhHNQO8
-3y9I7cm3xWMAA3SSWikVtpJRn3qIp2QSrH+tK+/HHbE5QwtPxdir4ULSCSOaM5Yh
-Wi5Oto88TZqe1v7SXC864JVvO4LuS7TuSreCdWZyPXTJFBFeCEWSAxonKZrqHbBe
-CwKML6/0NuzjaQ51c2tzmVI6xpHj3nnu4cSRx6Jf9WBm+35vm0wk4pohX3ptdzeV
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAByQ5zSNeFUH
-Aw7JlpZHtHaSEeiiyBHke20ziQ07BK1yi/ms2HAWwQkpZv149sjNuIRH8pkTmkZn
-g8PDzSefjLbC9AsWpWV0XNV22T/cdobqLqMBDDZ2+5bsV+jTrOigWd9/AHVZ93PP
-IJN8HJn6rtvo2l1bh/CdsX14uVSdofXnuWGabNTydqtMvmCerZsdf6qKqLL+PYwm
-RDpgWiRUY7KPBSSlKm/9lJzA+bOe4dHeJzxWFVCJcbpoiTFs1je1V8kKQaHtuW39
-ifX6LTKUMlwEECCbDKM8Yq2tm8NjkjCcnFDtKg8zKGPUu+jrFMN5otiC3wnKcP7r
-O9EkaPcgYH8=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
deleted file mode 100644
index 6789d0291..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1WElqTrwk7qc/Nn3POTqbxEO65AfF9qDjMgQqZMhygSK9WUI
-EQ1gafVFTgEqtxp0hJZuvk9ym9UGzn32vBiJcLIwLninauS9nkpJjyBEO3qDuZBF
-vuFfOuoRNS3i/z5h4NpRj9IqmYiWLRJYRzUDvN8vSO3Jt8VjAAN0klopFbaSUZ96
-iKdkEqx/rSvvxx2xOUMLT8XYq+FC0gkjmjOWIVouTraPPE2antb+0lwvOuCVbzuC
-7ku07kq3gnVmcj10yRQRXghFkgMaJyma6h2wXgsCjC+v9Dbs42kOdXNrc5lSOsaR
-49557uHEkceiX/VgZvt+b5tMJOKaIV96bXc3lQIDAQABAoIBAF7yjXmSOn7h6P0y
-WCuGiTLG2mbDiLJqj2LTm2Z5i+2Cu/qZ7E76Ls63TxF4v3MemH5vGfQhEhR5ZD/6
-GRJ1sKKvB3WGRqjwA9gtojHH39S/nWGy6vYW/vMOOH37XyjIr3EIdIaUtFQBTSHd
-Kd71niYrAbVn6fyWHolhADwnVmTMOl5OOAhCdEF4GN3b5aIhIu8BJ7EUzTtHBJIj
-CAEfjZFjDs1y1cIgGFJkuIQxMfCpq5recU2qwip7YO6fk//WEjOPu7kSf5IEswL8
-jg1dea9rGBV6KaD2xsgsC6Ll6Sb4BbsrHMfflG3K2Lk3RdVqqTFp1Fn1PTLQE/1S
-S/SZPYECgYEA9qYcHKHd0+Q5Ty5wgpxKGa4UCWkpwvfvyv4bh8qlmxueB+l2AIdo
-ZvkM8gTPagPQ3WypAyC2b9iQu70uOJo1NizTtKnpjDdN1YpDjISJuS/P0x73gZwy
-gmoM5AzMtN4D6IbxXtXnPaYICvwLKU80ouEN5ZPM4/ODLUu6gsp0v2UCgYEA3Xgi
-zMC4JF0vEKEaK0H6QstaoXUmw/lToZGH3TEojBIkb/2LrHUclygtONh9kJSFb89/
-jbmRRLAOrx3HZKCNGUmF4H9k5OQyAIv6OGBinvLGqcbqnyNlI+Le8zxySYwKMlEj
-EMrBCLmSyi0CGFrbZ3mlj/oCET/ql9rNvcK+DHECgYAEx5dH3sMjtgp+RFId1dWB
-xePRgt4yTwewkVgLO5wV82UOljGZNQaK6Eyd7AXw8f38LHzh+KJQbIvxd2sL4cEi
-OaAoohpKg0/Y0YMZl//rPMf0OWdmdZZs/I0fZjgZUSwWN3c59T8z7KG/RL8an9RP
-S7kvN7wCttdV61/D5RR6GQKBgDxCe/WKWpBKaovzydMLWLTj7/0Oi0W3iXHkzzr4
-LTgvl4qBSofaNbVLUUKuZTv5rXUG2IYPf99YqCYtzBstNDc1MiAriaBeFtzfOW4t
-i6gEFtoLLbuvPc3N5Sv5vn8Ug5G9UfU3td5R4AbyyCcoUZqOFuZd+EIJSiOXfXOs
-kVmBAoGBAIU9aPAqhU5LX902oq8KsrpdySONqv5mtoStvl3wo95WIqXNEsFY60wO
-q02jKQmJJ2MqhkJm2EoF2Mq8+40EZ5sz8LdgeQ/M0yQ9lAhPi4rftwhpe55Ma9dk
-SE9X1c/DMCBEaIjJqVXdy0/EeArwpb8sHkguVVAZUWxzD+phm1gs
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/private_key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/private_key.pem
deleted file mode 100644
index 8fbf6bdec..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/private_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1zVmMhPqpSPMmYkKh5wwlRD5XuS8YWJKEM6tjFx61VK8qxHE
-YngkC2KnL5EuKAjQZIF3tJskwt0hAat047CCCZxrkNEpbVvSnvnk+A/8bg/Ww1n3
-qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XAPy7ZjzecAF9SDV6WSiPeAxUX2+hN
-dId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGwcnkKCUikiBqr2ijSIgvRtBfZ9fBG
-jFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtPnBtTytmqTy9V/BRgsVKUoksm6wsx
-kUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h+wIDAQABAoIBAEQcrHmRACTADdNS
-IjkFYALt2l8EOfMAbryfDSJtapr1kqz59JPNvmq0EIHnixo0n/APYdmReLML1ZR3
-tYkSpjVwgkLVUC1CcIjMQoGYXaZf8PLnGJHZk45RR8m6hsTV0mQ5bfBaeVa2jbma
-OzJMjcnxg/3l9cPQZ2G/3AUfEPccMxOXp1KRz3mUQcGnKJGtDbN/kfmntcwYoxaE
-Zg4RoeKAoMpK1SSHAiJKe7TnztINJ7uygR9XSzNd6auY8A3vomSIjpYO7XL+lh7L
-izm4Ir3Gb/eCYBvWgQyQa2KCJgK/sQyEs3a09ngofSEUhQJQYhgZDwUj+fDDOGqj
-hCZOA8ECgYEA+ZWuHdcUQ3ygYhLds2QcogUlIsx7C8n/Gk/FUrqqXJrTkuO0Eqqa
-B47lCITvmn2zm0ODfSFIARgKEUEDLS/biZYv7SUTrFqBLcet+aGI7Dpv91CgB75R
-tNzcIf8VxoiP0jPqdbh9mLbbxGi5Uc4p9TVXRljC4hkswaouebWee0sCgYEA3L2E
-YB3kiHrhPI9LHS5Px9C1w+NOu5wP5snxrDGEgaFCvL6zgY6PflacppgnmTXl8D1x
-im0IDKSw5dP3FFonSVXReq3CXDql7UnhfTCiLDahV7bLxTH42FofcBpDN3ERdOal
-58RwQh6VrLkzQRVoObo+hbGlFiwwSAfQC509FhECgYBsRSBpVXo25IN2yBRg09cP
-+gdoFyhxrsj5kw1YnB13WrrZh+oABv4WtUhp77E5ZbpaamlKCPwBbXpAjeFg4tfr
-0bksuN7V79UGFQ9FsWuCfr8/nDwv38H2IbFlFhFONMOfPmJBey0Q6JJhm8R41mSh
-OOiJXcv85UrjIH5U0hLUDQKBgQDVLOU5WcUJlPoOXSgiT0ZW5xWSzuOLRUUKEf6l
-19BqzAzCcLy0orOrRAPW01xylt2v6/bJw1Ahva7k1ZZo/kOwjANYoZPxM+ZoSZBN
-MXl8j2mzZuJVV1RFxItV3NcLJNPB/Lk+IbRz9kt/2f9InF7iWR3mSU/wIM6j0X+2
-p6yFsQKBgQCM/ldWb511lA+SNkqXB2P6WXAgAM/7+jwsNHX2ia2Ikufm4SUEKMSv
-mti/nZkHDHsrHU4wb/2cOAywMELzv9EHzdcoenjBQP65OAc/1qWJs+LnBcCXfqKk
-aHjEZW6+brkHdRGLLY3YAHlt/AUL+RsKPJfN72i/FSpmu+52G36eeQ==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/public_key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/public_key.pem
deleted file mode 100644
index f9772b533..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/public_key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zVmMhPqpSPMmYkKh5ww
-lRD5XuS8YWJKEM6tjFx61VK8qxHEYngkC2KnL5EuKAjQZIF3tJskwt0hAat047CC
-CZxrkNEpbVvSnvnk+A/8bg/Ww1n3qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XA
-Py7ZjzecAF9SDV6WSiPeAxUX2+hNdId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGw
-cnkKCUikiBqr2ijSIgvRtBfZ9fBGjFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtP
-nBtTytmqTy9V/BRgsVKUoksm6wsxkUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h
-+wIDAQAB
------END PUBLIC KEY-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem
deleted file mode 100644
index a2f9688df..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcEnEm5hqP1EbEJycOz8Ua
-NWp29QdpFUzTWhkKGhVXk+0msmNTw4NBAFB42moY44OU8wvDideOlJNhPRWveD8z
-G2lxzJA91p0UK4et8ia9MmeuCGhdC9jxJ8X69WNlUiPyy0hI/ZsqRq9Z0C2eW0iL
-JPXsy4X8Xpw3SFwoXf5pR9RFY5Pb2tuyxqmSestu2VXT/NQjJg4CVDR3mFcHPXZB
-4elRzH0WshExEGkgy0bg20MJeRc2Qdb5Xx+EakbmwroDWaCn3NSGqQ7jv6Vw0doy
-TGvS6h6RHBxnyqRfRgKGlCoOMG9/5+rFJC00QpCUG2vHXHWGoWlMlJ3foN7rj5v9
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ5zt2rj4Ag6
-zpN59AWC1Fur8g8l41ksHkSpKPp+PtyO/ngvbMqBpfmK1e7JCKZv/68QXfMyWWAI
-hwalqZkXXWHKjuz3wE7dE25PXFXtGJtcZAaj10xt98fzdqt8lQSwh2kbfNwZIz1F
-sgAStgE7+ZTcqTgvNB76Os1UK0to+/P0VBWktaVFdyub4Nc2SdPVnZNvrRBXBwOD
-3V8ViwywDOFoE7DvCvwx/SVsvoC0Z4j3AMMovO6oHicP7uU83qsQgm1Qru3YeoLR
-+DoVi7IPHbWvN7MqFYn3YjNlByO2geblY7MR0BlqbFlmFrqLsUfjsh2ys7/U/knC
-dN/klu446fI=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem
deleted file mode 100644
index a1dfd5f78..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAnBJxJuYaj9RGxCcnDs/FGjVqdvUHaRVM01oZChoVV5PtJrJj
-U8ODQQBQeNpqGOODlPMLw4nXjpSTYT0Vr3g/MxtpccyQPdadFCuHrfImvTJnrgho
-XQvY8SfF+vVjZVIj8stISP2bKkavWdAtnltIiyT17MuF/F6cN0hcKF3+aUfURWOT
-29rbssapknrLbtlV0/zUIyYOAlQ0d5hXBz12QeHpUcx9FrIRMRBpIMtG4NtDCXkX
-NkHW+V8fhGpG5sK6A1mgp9zUhqkO47+lcNHaMkxr0uoekRwcZ8qkX0YChpQqDjBv
-f+fqxSQtNEKQlBtrx1x1hqFpTJSd36De64+b/QIDAQABAoIBAFiah66Dt9SruLkn
-WR8piUaFyLlcBib8Nq9OWSTJBhDAJERxxb4KIvvGB+l0ZgNXNp5bFPSfzsZdRwZP
-PX5uj8Kd71Dxx3mz211WESMJdEC42u+MSmN4lGLkJ5t/sDwXU91E1vbJM0ve8THV
-4/Ag9qA4DX2vVZOeyqT/6YHpSsPNZplqzrbAiwrfHwkctHfgqwOf3QLfhmVQgfCS
-VwidBldEUv2whSIiIxh4Rv5St4kA68IBCbJxdpOpyuQBkk6CkxZ7VN9FqOuSd4Pk
-Wm7iWyBMZsCmELZh5XAXld4BEt87C5R4CvbPBDZxAv3THk1DNNvpy3PFQfwARRFb
-SAToYMECgYEAyL7U8yxpzHDYWd3oCx6vTi9p9N/z0FfAkWrRF6dm4UcSklNiT1Aq
-EOnTA+SaW8tV3E64gCWcY23gNP8so/ZseWj6L+peHwtchaP9+KB7yGw2A+05+lOx
-VetLTjAOmfpiUXFe5w1q4C1RGhLjZjjzW+GvwdAuchQgUEFaomrV+PUCgYEAxwfH
-cmVGFbAktcjU4HSRjKSfawCrut+3YUOLybyku3Q/hP9amG8qkVTFe95CTLjLe2D0
-ccaTTpofFEJ32COeck0g0Ujn/qQ+KXRoauOYs4FB1DtqMpqB78wufWEUpDpbd9/h
-J+gJdC/IADd4tJW9zA92g8IA7ZtFmqDtiSpQ0ekCgYAQGkaorvJZpN+l7cf0RGTZ
-h7IfI2vCVZer0n6tQA9fmLzjoe6r4AlPzAHSOR8sp9XeUy43kUzHKQQoHCPvjw/K
-eWJAP7OHF/k2+x2fOPhU7mEy1W+mJdp+wt4Kio5RSaVjVQ3AyPG+w8PSrJszEvRq
-dWMMz+851WV2KpfjmWBKlQKBgQC++4j4DZQV5aMkSKV1CIZOBf3vaIJhXKEUFQPD
-PmB4fBEjpwCg+zNGp6iktt65zi17o8qMjrb1mtCt2SY04eD932LZUHNFlwcLMmes
-Ad+aiDLJ24WJL1f16eDGcOyktlblDZB5gZ/ovJzXEGOkLXglosTfo77OQculmDy2
-/UL2WQKBgGeKasmGNfiYAcWio+KXgFkHXWtAXB9B91B1OFnCa40wx+qnl71MIWQH
-PQ/CZFNWOfGiNEJIZjrHsfNJoeXkhq48oKcT0AVCDYyLV0VxDO4ejT95mGW6njNd
-JpvmhwwAjOvuWVr0tn4iXlSK8irjlJHmwcRjLTJq97vE9fsA2MjI
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_pgsql/.gitignore b/apps/emqx_auth_pgsql/.gitignore
deleted file mode 100644
index 672d34c0c..000000000
--- a/apps/emqx_auth_pgsql/.gitignore
+++ /dev/null
@@ -1,20 +0,0 @@
-ebin
-.rebar
-.eunit
-.DS_Store
-.erlang.mk/
-deps/
-emqx_auth_pgsql.d
-ct.coverdata
-logs/
-test/ct.cover.spec
-test/*.beam
-data/
-.DS_Store
-cover/
-eunit.coverdata
-_build/
-rebar.lock
-erlang.mk
-*.conf.rendered
-.rebar3/
diff --git a/apps/emqx_auth_pgsql/README.md b/apps/emqx_auth_pgsql/README.md
deleted file mode 100644
index a8f5d723f..000000000
--- a/apps/emqx_auth_pgsql/README.md
+++ /dev/null
@@ -1,183 +0,0 @@
-emqx_auth_pgsql
-===============
-
-Authentication/ACL with PostgreSQL Database.
-
-Build Plugin
-------------
-
-make && make tests
-
-Configuration
--------------
-
-File: etc/emqx_auth_pgsql.conf
-
-```
-## PostgreSQL server address.
-##
-## Value: Port | IP:Port
-##
-## Examples: 5432, 127.0.0.1:5432, localhost:5432
-auth.pgsql.server = 127.0.0.1:5432
-
-## PostgreSQL pool size.
-##
-## Value: Number
-auth.pgsql.pool = 8
-
-## PostgreSQL username.
-##
-## Value: String
-auth.pgsql.username = root
-
-## PostgreSQL password.
-##
-## Value: String
-## auth.pgsql.password =
-
-## PostgreSQL database.
-##
-## Value: String
-auth.pgsql.database = mqtt
-
-## PostgreSQL database encoding.
-##
-## Value: String
-auth.pgsql.encoding = utf8
-
-## Whether to enable SSL connection.
-##
-## Value: true | false
-auth.pgsql.ssl.enable = false
-
-## SSL keyfile.
-##
-## Value: File
-## auth.pgsql.ssl_opts.keyfile =
-
-## SSL certfile.
-##
-## Value: File
-## auth.pgsql.ssl_opts.certfile =
-
-## SSL cacertfile.
-##
-## Value: File
-## auth.pgsql.ssl_opts.cacertfile =
-
-## Authentication query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##
-auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.pgsql.password_hash = sha256
-
-## sha256 with salt prefix
-## auth.pgsql.password_hash = salt,sha256
-
-## sha256 with salt suffix
-## auth.pgsql.password_hash = sha256,salt
-
-## bcrypt with salt prefix
-## auth.pgsql.password_hash = salt,bcrypt
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.pgsql.password_hash = pbkdf2,sha256,1000,20
-
-## Superuser query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
-
-## ACL query. Comment this query, the ACL will be disabled.
-##
-## Value: SQL
-##
-## Variables:
-##  - %a: ipaddress
-##  - %u: username
-##  - %c: clientid
-auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
-```
-
-Load Plugin
------------
-
-./bin/emqx_ctl plugins load emqx_auth_pgsql
-
-Auth Table
-----------
-
-Notice: This is a demo table. You could authenticate with any user table.
-
-```sql
-CREATE TABLE mqtt_user (
-  id SERIAL primary key,
-  is_superuser boolean,
-  username character varying(100),
-  password character varying(100),
-  salt character varying(40)
-)
-```
-
-ACL Table
----------
-
-```sql
-CREATE TABLE mqtt_acl (
-  id SERIAL primary key,
-  allow integer,
-  ipaddr character varying(60),
-  username character varying(100),
-  clientid character varying(100),
-  access  integer,
-  topic character varying(100)
-)
-
-INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
-VALUES
-	(1,1,NULL,'$all',NULL,2,'#'),
-	(2,0,NULL,'$all',NULL,1,'$SYS/#'),
-	(3,0,NULL,'$all',NULL,1,'eq #'),
-	(5,1,'127.0.0.1',NULL,NULL,2,'$SYS/#'),
-	(6,1,'127.0.0.1',NULL,NULL,2,'#'),
-	(7,1,NULL,'dashboard',NULL,1,'$SYS/#');
-```
-**allow:** Client's permission to access a topic. '0' means that the client does not have permission to access the topic, '1' means that the client have permission to access the topic.
-
-**ipaddr:** Client IP address. For all ip addresses it can be '$all' or 'NULL'. 
-
-**username:** Client username. For all users it can be '$all' or 'NULL'. 
-
-**clientid:** Client id. For all client ids it can be '$all' or 'NULL'. 
-	
-**access:** Operations that the client can perform. '1' means that the client can subscribe to a topic, '2' means that the client can publish to a topic, '3' means that the client can subscribe and can publish to a topic.
-
-**topic:** Topic name. Topic wildcards are supported. 
-
-**Notice that only one value allowed for ipaddr, username and clientid fields.**
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf b/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
deleted file mode 100644
index 6f7018210..000000000
--- a/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+++ /dev/null
@@ -1,132 +0,0 @@
-##--------------------------------------------------------------------
-## PostgreSQL Auth/ACL Plugin
-##--------------------------------------------------------------------
-
-## PostgreSQL server address.
-##
-## Value: Port | IP:Port
-##
-## Examples: 5432, "127.0.0.1:5432", "localhost:5432"
-auth.pgsql.server = "127.0.0.1:5432"
-
-## PostgreSQL pool size.
-##
-## Value: Number
-auth.pgsql.pool = 8
-
-## PostgreSQL username.
-##
-## Value: String
-auth.pgsql.username = root
-
-## PostgreSQL password.
-##
-## Value: String
-#auth.pgsql.password =
-
-## PostgreSQL database.
-##
-## Value: String
-auth.pgsql.database = mqtt
-
-## PostgreSQL database encoding.
-##
-## Value: String
-auth.pgsql.encoding = utf8
-
-## Whether to enable SSL connection.
-##
-## Value: on | off
-auth.pgsql.ssl.enable = off
-
-## TLS version.
-##
-## Available enum values:
-##    tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
-##
-## Value: String, seperated by ','
-#auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1
-
-## SSL keyfile.
-##
-## Value: File
-#auth.pgsql.ssl.keyfile =
-
-## SSL certfile.
-##
-## Value: File
-#auth.pgsql.ssl.certfile =
-
-## SSL cacertfile.
-##
-## Value: File
-#auth.pgsql.ssl.cacertfile =
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-#auth.pgsql.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.pgsql.server` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.pgsql.ssl.server_name_indication = disable
-
-## Authentication query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.pgsql.auth_query = "select password from mqtt_user where username = '%u' limit 1"
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.pgsql.password_hash = sha256
-
-## sha256 with salt prefix
-## auth.pgsql.password_hash = "salt,sha256"
-
-## sha256 with salt suffix
-## auth.pgsql.password_hash = "sha256,salt"
-
-## bcrypt with salt prefix
-## auth.pgsql.password_hash = "salt,bcrypt"
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.pgsql.password_hash = "pbkdf2,sha256,1000,20"
-
-## Superuser query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.pgsql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1"
-
-## ACL query. Comment this query, the ACL will be disabled.
-##
-## Value: SQL
-##
-## Variables:
-##  - %a: ipaddress
-##  - %u: username
-##  - %c: clientid
-##
-## Note: You can add the 'ORDER BY' statement to control the rules match order
-auth.pgsql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
diff --git a/apps/emqx_auth_pgsql/include/emqx_auth_pgsql.hrl b/apps/emqx_auth_pgsql/include/emqx_auth_pgsql.hrl
deleted file mode 100644
index b86692752..000000000
--- a/apps/emqx_auth_pgsql/include/emqx_auth_pgsql.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
--define(APP, emqx_auth_pgsql).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore  = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
-
diff --git a/apps/emqx_auth_pgsql/mqtt.sql b/apps/emqx_auth_pgsql/mqtt.sql
deleted file mode 100644
index 933b0058a..000000000
--- a/apps/emqx_auth_pgsql/mqtt.sql
+++ /dev/null
@@ -1,28 +0,0 @@
-
-CREATE TABLE mqtt_user (
-  id SERIAL primary key,
-  is_superuser boolean,
-  username character varying(100),
-  password character varying(100),
-  salt character varying(40)
-);
-
-CREATE TABLE mqtt_acl (
-  id SERIAL primary key,
-  allow integer,
-  ipaddr character varying(60),
-  username character varying(100),
-  clientid character varying(100),
-  access  integer,
-  topic character varying(100)
-);
-
-INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
-VALUES
-	(1,1,NULL,'$all',NULL,2,'#'),
-	(2,0,NULL,'$all',NULL,1,'$SYS/#'),
-	(3,0,NULL,'$all',NULL,1,'eq #'),
-	(5,1,'127.0.0.1',NULL,NULL,2,'$SYS/#'),
-	(6,1,'127.0.0.1',NULL,NULL,2,'#'),
-	(7,1,NULL,'dashboard',NULL,1,'$SYS/#');
-
diff --git a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
deleted file mode 100644
index 2be9b0670..000000000
--- a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
+++ /dev/null
@@ -1,184 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_pgsl config mapping
-
-{mapping, "auth.pgsql.server", "emqx_auth_pgsql.server", [
-  {default, {"127.0.0.1", 5432}},
-  {datatype, [integer, ip, string]}
-]}.
-
-{mapping, "auth.pgsql.pool", "emqx_auth_pgsql.server", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.pgsql.database", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.username", "emqx_auth_pgsql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.password", "emqx_auth_pgsql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.encoding", "emqx_auth_pgsql.server", [
-  {default, utf8},
-  {datatype, atom}
-]}.
-
-{mapping, "auth.pgsql.ssl.enable", "emqx_auth_pgsql.server", [
-  {default, off},
-  {datatype, {enum, [on, off, true, false]}} %% FIXME: true/fasle is compatible with 4.0-4.2 version format, plan to delete in 5.0
-]}.
-
-{mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [
-  {default, "tlsv1.3,tlsv1.2,tlsv1.1"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.ssl.keyfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.ssl.certfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.ssl.cacertfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.ssl.verify", "emqx_auth_pgsql.server", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.pgsql.ssl.server_name_indication", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.pgsql.ssl_opts.keyfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.pgsql.ssl_opts.certfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.pgsql.ssl_opts.cacertfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.pgsql.ssl_opts.tls_versions", "emqx_auth_pgsql.server", [
-  {default, "tlsv1.2"},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_pgsql.server", fun(Conf) ->
-  {PgHost, PgPort} =
-  case cuttlefish:conf_get("auth.pgsql.server", Conf) of
-    {Ip, Port} -> {Ip, Port};
-    S          -> case string:tokens(S, ":") of
-                    [Domain]       -> {Domain, 5432};
-                    [Domain, Port] -> {Domain, list_to_integer(Port)}
-                  end
-    end,
-  Pool = cuttlefish:conf_get("auth.pgsql.pool", Conf),
-  Username = cuttlefish:conf_get("auth.pgsql.username", Conf),
-  Passwd = cuttlefish:conf_get("auth.pgsql.password", Conf, ""),
-  DB = cuttlefish:conf_get("auth.pgsql.database", Conf),
-  Encoding = cuttlefish:conf_get("auth.pgsql.encoding", Conf),
-
-  Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  SslOpts = fun(Prefix) ->
-                Verify = case cuttlefish:conf_get(Prefix ++ ".verify", Conf, false) of
-                             true -> verify_peer;
-                             false -> verify_none
-                         end,
-                Filter([{keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
-                        {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
-                        {verify,     Verify},
-                        {server_name_indication, case cuttlefish:conf_get(Prefix ++ ".server_name_indication", Conf, undefined) of
-                                                   "disable" -> disable;
-                                                   SNI -> SNI
-                                                 end},
-                        {versions, [list_to_existing_atom(Value)
-                                    || Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}])
-            end,
-
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  GenSsl = case cuttlefish:conf_get("auth.pgsql.ssl.cacertfile", Conf, undefined) of
-               undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
-               _ -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl")}]
-           end,
-
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  Ssl = case cuttlefish:conf_get("auth.pgsql.ssl.enable", Conf) of
-          on -> GenSsl;
-          off -> [];
-          true -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
-          false -> []
-        end,
-
-  TempHost = case inet:parse_address(PgHost) of
-      {ok, IpAddr} ->
-          IpAddr;
-      _ ->
-          PgHost
-  end,
-  [{pool_size, Pool},
-   {auto_reconnect, 1},
-   {host, TempHost},
-   {port, PgPort},
-   {username, Username},
-   {password, Passwd},
-   {database, DB},
-   {encoding, Encoding}] ++ Ssl
-end}.
-
-{mapping, "auth.pgsql.auth_query", "emqx_auth_pgsql.auth_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.password_hash", "emqx_auth_pgsql.password_hash", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.pbkdf2_macfun", "emqx_auth_pgsql.pbkdf2_macfun", [
-  {datatype, atom}
-]}.
-
-{mapping, "auth.pgsql.pbkdf2_iterations", "emqx_auth_pgsql.pbkdf2_iterations", [
-  {datatype, integer}
-]}.
-
-{mapping, "auth.pgsql.pbkdf2_dklen", "emqx_auth_pgsql.pbkdf2_dklen", [
-  {datatype, integer}
-]}.
-
-{mapping, "auth.pgsql.super_query", "emqx_auth_pgsql.super_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.acl_query", "emqx_auth_pgsql.acl_query", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_pgsql.password_hash", fun(Conf) ->
-  HashValue = cuttlefish:conf_get("auth.pgsql.password_hash", Conf),
-  case string:tokens(HashValue, ",") of
-    [Hash]           -> list_to_atom(Hash);
-    [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
-    [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
-    _                -> plain
-  end
-end}.
diff --git a/apps/emqx_auth_pgsql/rebar.config b/apps/emqx_auth_pgsql/rebar.config
deleted file mode 100644
index 3155bbef3..000000000
--- a/apps/emqx_auth_pgsql/rebar.config
+++ /dev/null
@@ -1,21 +0,0 @@
-{deps,
- [{epgsql, {git, "https://github.com/epgsql/epgsql", {tag, "4.4.0"}}}
- ]}.
-
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions
-              ]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl b/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl
deleted file mode 100644
index 099ce4438..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl
+++ /dev/null
@@ -1,117 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_pgsql).
-
--include("emqx_auth_pgsql.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
-%% ACL callbacks
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) ->
-    case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of
-        ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
-        {stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
-        {stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
-    end.
-
-do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
-    ok;
-do_check_acl(Pool, ClientInfo, PubSub, Topic, _NoMatchAction, #{acl_query := {AclSql, AclParams}}) ->
-    case emqx_auth_pgsql_cli:equery(Pool, AclSql, AclParams, ClientInfo) of
-        {ok, _, []} -> ok;
-        {ok, _, Rows} ->
-            Rules = filter(PubSub, compile(Rows)),
-            case match(ClientInfo, Topic, Rules) of
-                {matched, allow} -> {stop, allow};
-                {matched, deny}  -> {stop, deny};
-                nomatch          -> ok
-            end;
-        {error, Reason} ->
-            ?LOG(error, "[Postgres] do_check_acl error: ~p~n", [Reason]),
-            ok
-    end.
-
-match(_ClientInfo, _Topic, []) ->
-    nomatch;
-
-match(ClientInfo, Topic, [Rule|Rules]) ->
-    case emqx_access_rule:match(ClientInfo, Topic, Rule) of
-        nomatch -> match(ClientInfo, Topic, Rules);
-        {matched, AllowDeny} -> {matched, AllowDeny}
-    end.
-
-filter(PubSub, Rules) ->
-    [Term || Term = {_, _, Access, _} <- Rules,
-             Access =:= PubSub orelse Access =:= pubsub].
-
-compile(Rows) ->
-    compile(Rows, []).
-compile([], Acc) ->
-    Acc;
-compile([{Allow, IpAddr, Username, ClientId, Access, Topic}|T], Acc) ->
-    Who  = who(IpAddr, Username, ClientId),
-    Term = {allow(Allow), Who, access(Access), [topic(Topic)]},
-    compile(T, [emqx_access_rule:compile(Term) | Acc]).
-
-who(_, <<"$all">>, _) ->
-    all;
-who(null, null, null) ->
-    throw(undefined_who);
-who(CIDR, Username, ClientId) ->
-    Cols = [{ipaddr, b2l(CIDR)}, {user, Username}, {client, ClientId}],
-    case [{C, V} || {C, V} <- Cols, not empty(V)] of
-        [Who] -> Who;
-        Conds -> {'and', Conds}
-    end.
-
-allow(1)        -> allow;
-allow(0)        -> deny;
-allow(<<"1">>)  -> allow;
-allow(<<"0">>)  -> deny.
-
-access(1)       -> subscribe;
-access(2)       -> publish;
-access(3)       -> pubsub;
-access(<<"1">>) -> subscribe;
-access(<<"2">>) -> publish;
-access(<<"3">>) -> pubsub.
-
-topic(<<"eq ", Topic/binary>>) ->
-    {eq, Topic};
-topic(Topic) ->
-    Topic.
-
-description() ->
-    "ACL with Postgres".
-
-b2l(null) -> null;
-b2l(B)    -> binary_to_list(B).
-
-empty(null) -> true;
-empty("")   -> true;
-empty(<<>>) -> true;
-empty(_)    -> false.
-
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
deleted file mode 100644
index e97487e21..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_pgsql,
- [{description, "EMQ X Authentication/ACL with PostgreSQL"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_pgsql_sup]},
-  {applications, [kernel,stdlib,epgsql,ecpool]},
-  {mod, {emqx_auth_pgsql_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-pgsql"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
deleted file mode 100644
index f8f365cd7..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
+++ /dev/null
@@ -1,91 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql).
-
--include("emqx_auth_pgsql.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-%%--------------------------------------------------------------------
-%% Auth Module Callbacks
-%%--------------------------------------------------------------------
-
-check(ClientInfo = #{password := Password}, AuthResult,
-      #{auth_query  := {AuthSql, AuthParams},
-        super_query := SuperQuery,
-        hash_type   := HashType,
-        pool := Pool}) ->
-    CheckPass = case emqx_auth_pgsql_cli:equery(Pool, AuthSql, AuthParams, ClientInfo) of
-                    {ok, _, [Record]} ->
-                        check_pass(erlang:append_element(Record, Password), HashType);
-                    {ok, _, []} ->
-                        {error, not_found};
-                    {error, Reason} ->
-                        ?LOG(error, "[Postgres] query '~p' failed: ~p", [AuthSql, Reason]),
-                        {error, not_found}
-                end,
-    case CheckPass of
-        ok ->
-            emqx_metrics:inc(?AUTH_METRICS(success)),
-            {stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
-                                anonymous => false,
-                                auth_result => success}};
-        {error, not_found} ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore)), ok;
-        {error, ResultCode} ->
-            ?LOG(error, "[Postgres] Auth from pgsql failed: ~p", [ResultCode]),
-            emqx_metrics:inc(?AUTH_METRICS(failure)),
-            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
-    end.
-
-%%--------------------------------------------------------------------
-%% Is Superuser?
-%%--------------------------------------------------------------------
-
--spec(is_superuser(atom(),undefined | {string(), list()}, emqx_types:client()) -> boolean()).
-is_superuser(_Pool, undefined, _Client) ->
-    false;
-is_superuser(Pool, {SuperSql, Params}, ClientInfo) ->
-    case emqx_auth_pgsql_cli:equery(Pool, SuperSql, Params, ClientInfo) of
-        {ok, [_Super], [{true}]} ->
-            true;
-        {ok, [_Super], [_False]} ->
-            false;
-        {ok, [_Super], []} ->
-            false;
-        {error, _Error} ->
-            false
-    end.
-
-check_pass(Password, HashType) ->
-    case emqx_passwd:check_pass(Password, HashType) of
-        ok -> ok;
-        {error, _Reason} -> {error, not_authorized}
-    end.
-
-description() -> "Authentication with PostgreSQL".
-
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
deleted file mode 100644
index 571fd0c4b..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
+++ /dev/null
@@ -1,63 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_pgsql.hrl").
-
--import(emqx_auth_pgsql_cli, [parse_query/2]).
-
-%% Application callbacks
--export([ start/2
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_pgsql_sup:start_link(),
-    if_enabled(auth_query, fun(AuthQuery) ->
-        SuperQuery = parse_query(super_query, application:get_env(?APP, super_query, undefined)),
-        {ok, HashType}  = application:get_env(?APP, password_hash),
-        AuthEnv = #{auth_query => AuthQuery,
-                    super_query => SuperQuery,
-                    hash_type => HashType,
-                    pool => ?APP},
-        ok = emqx_auth_pgsql:register_metrics(),
-        ok = emqx:hook('client.authenticate', {emqx_auth_pgsql, check, [AuthEnv]})
-    end),
-    if_enabled(acl_query, fun(AclQuery) ->
-        ok = emqx_acl_pgsql:register_metrics(),
-        ok = emqx:hook('client.check_acl', {emqx_acl_pgsql, check_acl, [#{acl_query => AclQuery, pool => ?APP}]})
-    end),
-    {ok, Sup}.
-
-stop(_State) ->
-    ok = emqx:unhook('client.authenticate', {emqx_auth_pgsql, check}),
-    ok = emqx:unhook('client.check_acl', {emqx_acl_pgsql, check_acl}).
-
-if_enabled(Par, Fun) ->
-    case application:get_env(?APP, Par) of
-        {ok, Query} -> Fun(parse_query(Par, Query));
-        undefined   -> ok
-    end.
-
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
deleted file mode 100644
index 7dde566a2..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
+++ /dev/null
@@ -1,150 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql_cli).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_pgsql.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([connect/1]).
--export([parse_query/2]).
--export([ equery/4
-        , equery/3
-        ]).
-
--type client_info() :: #{username := _,
-                         clientid := _,
-                         peerhost := _,
-                         _ => _}.
-
-%%--------------------------------------------------------------------
-%% Avoid SQL Injection: Parse SQL to Parameter Query.
-%%--------------------------------------------------------------------
-
-parse_query(_Par, undefined) ->
-    undefined;
-parse_query(Par, Sql) ->
-    case re:run(Sql, "'%[ucCad]'", [global, {capture, all, list}]) of
-        {match, Variables} ->
-            Params = [Var || [Var] <- Variables],
-            {atom_to_list(Par), Params};
-        nomatch ->
-            {atom_to_list(Par), []}
-    end.
-
-pgvar(Sql, Params) ->
-    Vars = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(Params))],
-    lists:foldl(fun({Param, Var}, S) ->
-            re:replace(S, Param, Var, [{return, list}])
-        end, Sql, lists:zip(Params, Vars)).
-
-%%--------------------------------------------------------------------
-%% PostgreSQL Connect/Query
-%%--------------------------------------------------------------------
-
-%% Due to a bug in epgsql the caluse for `econnrefused` is not recognised by
-%% dialyzer, result in this error:
-%% The pattern {'error', Reason = 'econnrefused'} can never match the type ...
-%% https://github.com/epgsql/epgsql/issues/246
--dialyzer([{nowarn_function, [connect/1]}]).
-connect(Opts) ->
-    Host     = proplists:get_value(host, Opts),
-    Username = proplists:get_value(username, Opts),
-    Password = proplists:get_value(password, Opts),
-    case epgsql:connect(Host, Username, Password, conn_opts(Opts)) of
-        {ok, C} ->
-            conn_post(C),
-            {ok, C};
-        {error, Reason = econnrefused} ->
-            ?LOG(error, "[Postgres] Can't connect to Postgres server: Connection refused."),
-            {error, Reason};
-        {error, Reason = invalid_authorization_specification} ->
-            ?LOG(error, "[Postgres] Can't connect to Postgres server: Invalid authorization specification."),
-            {error, Reason};
-        {error, Reason = invalid_password} ->
-            ?LOG(error, "[Postgres] Can't connect to Postgres server: Invalid password."),
-            {error, Reason};
-        {error, Reason} ->
-            ?LOG(error, "[Postgres] Can't connect to Postgres server: ~p", [Reason]),
-            {error, Reason}
-    end.
-
-conn_post(Connection) ->
-    lists:foreach(fun(Par) ->
-        Sql0 = application:get_env(?APP, Par, undefined),
-        case parse_query(Par, Sql0) of
-            undefined -> ok;
-            {_, Params} ->
-                Sql = pgvar(Sql0, Params),
-                epgsql:parse(Connection, atom_to_list(Par), Sql, [])
-        end
-    end,  [auth_query, acl_query, super_query]).
-
-conn_opts(Opts) ->
-    conn_opts(Opts, []).
-conn_opts([], Acc) ->
-    Acc;
-conn_opts([Opt = {database, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([Opt = {ssl, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([Opt = {port, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([Opt = {timeout, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([Opt = {ssl_opts, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([_Opt|Opts], Acc) ->
-    conn_opts(Opts, Acc).
-
--spec(equery(atom(), string() | epgsql:statement(), Parameters::[any()]) -> {ok, ColumnsDescription :: [any()], RowsValues :: [any()]} | {error, any()} ).
-equery(Pool, Sql, Params) ->
-    ecpool:with_client(Pool, fun(C) -> epgsql:prepared_query(C, Sql, Params) end).
-
--spec(equery(atom(), string() | epgsql:statement(), Parameters::[any()], client_info()) ->  {ok, ColumnsDescription :: [any()], RowsValues :: [any()]} | {error, any()} ).
-equery(Pool, Sql, Params, ClientInfo) ->
-    ecpool:with_client(Pool, fun(C) -> epgsql:prepared_query(C, Sql, replvar(Params, ClientInfo)) end).
-
-replvar(Params, ClientInfo) ->
-    replvar(Params, ClientInfo, []).
-
-replvar([], _ClientInfo, Acc) ->
-    lists:reverse(Acc);
-
-replvar(["'%u'" | Params], ClientInfo = #{username := Username}, Acc) ->
-    replvar(Params, ClientInfo, [Username | Acc]);
-replvar(["'%c'" | Params], ClientInfo = #{clientid := ClientId}, Acc) ->
-    replvar(Params, ClientInfo, [ClientId | Acc]);
-replvar(["'%a'" | Params], ClientInfo = #{peerhost := IpAddr}, Acc) ->
-    replvar(Params, ClientInfo, [inet_parse:ntoa(IpAddr) | Acc]);
-replvar(["'%C'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(cn, ClientInfo)| Acc]);
-replvar(["'%d'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(dn, ClientInfo)| Acc]);
-replvar([Param | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [Param | Acc]).
-
-safe_get(K, ClientInfo) ->
-    bin(maps:get(K, ClientInfo, undefined)).
-
-bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
-bin(B) when is_binary(B) -> B;
-bin(X) -> X.
-
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl
deleted file mode 100644
index 21d005dc2..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl
+++ /dev/null
@@ -1,37 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_pgsql.hrl").
-
-%% API
--export([start_link/0]).
-
-%% Supervisor callbacks
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    %% PgSQL Connection Pool
-    {ok, Opts} = application:get_env(?APP, server),
-    PoolSpec = ecpool:pool_spec(?APP, ?APP, emqx_auth_pgsql_cli, Opts),
-    {ok, {{one_for_one, 10, 100}, [PoolSpec]}}.
-
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl
deleted file mode 100644
index 6c4cd2eb3..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl
+++ /dev/null
@@ -1,221 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--define(POOL, emqx_auth_pgsql).
-
--define(APP, emqx_auth_pgsql).
-
--include_lib("emqx/include/emqx.hrl").
-
--include_lib("eunit/include/eunit.hrl").
-
--include_lib("common_test/include/ct.hrl").
-
-%%setp1 init table
--define(DROP_ACL_TABLE, "DROP TABLE IF EXISTS mqtt_acl").
-
--define(CREATE_ACL_TABLE, "CREATE TABLE mqtt_acl (
-                           id SERIAL primary key,
-                           allow integer,
-                           ipaddr character varying(60),
-                           username character varying(100),
-                           clientid character varying(100),
-                           access  integer,
-                           topic character varying(100))").
-
--define(INIT_ACL, "INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
-                   VALUES
-                   (1,1,'127.0.0.1','u1','c1',1,'t1'),
-                   (2,0,'127.0.0.1','u2','c2',1,'t1'),
-                   (3,1,'10.10.0.110','u1','c1',1,'t1'),
-                   (4,1,'127.0.0.1','u3','c3',3,'t1')").
-
--define(DROP_AUTH_TABLE, "DROP TABLE IF EXISTS mqtt_user").
-
--define(CREATE_AUTH_TABLE, "CREATE TABLE mqtt_user (
-                            id SERIAL primary key,
-                            is_superuser boolean,
-                            username character varying(100),
-                            password character varying(100),
-                            salt character varying(40))").
-
--define(INIT_AUTH, "INSERT INTO mqtt_user (id, is_superuser, username, password, salt)
-                     VALUES
-                     (1, true, 'plain', 'plain', 'salt'),
-                     (2, false, 'md5', '1bc29b36f623ba82aaf6724fd3b16718', 'salt'),
-                     (3, false, 'sha', 'd8f4590320e1343a915b6394170650a8f35d6926', 'salt'),
-                     (4, false, 'sha256', '5d5b09f6dcb2d53a5fffc60c4ac0d55fabdf556069d6631545f42aa6e3500f2e', 'salt'),
-                     (5, false, 'pbkdf2_password', 'cdedb5281bb2f801565a1122b2563515', 'ATHENA.MIT.EDUraeburn'),
-                     (6, false, 'bcrypt_foo', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.HbUIOdlQI0iS22Q5rd5z.JVVYH6sfm6', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.'),
-                     (7, false, 'bcrypt', '$2y$16$rEVsDarhgHYB0TGnDFJzyu5f.T.Ha9iXMTk9J36NCMWWM7O16qyaK', 'salt')").
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_auth_pgsql]),
-    drop_acl(),
-    drop_auth(),
-    init_auth(),
-    init_acl(),
-    set_special_configs(),
-    Config.
-
-end_per_suite(Config) ->
-    emqx_ct_helpers:stop_apps([emqx_auth_pgsql]),
-    Config.
-
-set_special_configs() ->
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, enable_acl_cache, false).
-
-t_comment_config(_) ->
-    AuthCount = length(emqx_hooks:lookup('client.authenticate')),
-    AclCount = length(emqx_hooks:lookup('client.check_acl')),
-    application:stop(?APP),
-    [application:unset_env(?APP, Par) || Par <- [acl_query, auth_query]],
-    application:start(?APP),
-    ?assertEqual([], emqx_hooks:lookup('client.authenticate')),
-    ?assertEqual(AuthCount - 1, length(emqx_hooks:lookup('client.authenticate'))),
-    ?assertEqual(AclCount - 1, length(emqx_hooks:lookup('client.check_acl'))).
-
-t_placeholders(_) ->
-    ClientA = #{username => <<"plain">>, clientid => <<"plain">>, zone => external},
-    reload([{password_hash, plain},
-            {auth_query, "select password from mqtt_user where username = '%u' and 'a_cn_val' = '%C' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, cn => undefined}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, cn => <<"a_cn_val">>}),
-
-    reload([{auth_query, "select password from mqtt_user where username = '%c' and 'a_dn_val' = '%d' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, dn => undefined}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, dn => <<"a_dn_val">>}),
-
-     reload([{auth_query, "select password from mqtt_user where username = '%u' and '192.168.1.5' = '%a' limit 1"}]),
-     {error, not_authorized} =
-         emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-     {ok, _} =
-         emqx_access_control:authenticate(ClientA#{password => <<"plain">>, peerhost => {192,168,1,5}}).
-
-t_check_auth(_) ->
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    Md5 = #{clientid => <<"md5">>, username => <<"md5">>, zone => external},
-    Sha = #{clientid => <<"sha">>, username => <<"sha">>, zone => external},
-    Sha256 = #{clientid => <<"sha256">>, username => <<"sha256">>, zone => external},
-    Pbkdf2 = #{clientid => <<"pbkdf2_password">>, username => <<"pbkdf2_password">>, zone => external},
-    BcryptFoo = #{clientid => <<"bcrypt_foo">>, username => <<"bcrypt_foo">>, zone => external},
-    User1 = #{clientid => <<"bcrypt_foo">>, username => <<"user">>, zone => external},
-    Bcrypt = #{clientid => <<"bcrypt">>, username => <<"bcrypt">>, zone => external},
-    BcryptWrong = #{clientid => <<"bcrypt_wrong">>, username => <<"bcrypt_wrong">>, zone => external},
-    reload([{password_hash, plain}]),
-    {ok,#{is_superuser := true}} =
-        emqx_access_control:authenticate(Plain#{password => <<"plain">>}),
-    reload([{password_hash, md5}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Md5#{password => <<"md5">>}),
-    reload([{password_hash, sha}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Sha#{password => <<"sha">>}),
-    reload([{password_hash, sha256}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Sha256#{password => <<"sha256">>}),
-    reload([{password_hash, bcrypt}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(BcryptWrong#{password => <<"password">>}),
-    %%pbkdf2 sha
-    reload([{password_hash, {pbkdf2, sha, 1, 16}},
-            {auth_query, "select password, salt from mqtt_user where username = '%u' limit 1"}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Pbkdf2#{password => <<"password">>}),
-    reload([{password_hash, {salt, bcrypt}}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(BcryptFoo#{password => <<"foo">>}),
-    {error, _} = emqx_access_control:authenticate(User1#{password => <<"foo">>}),
-    {error, not_authorized} = emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}).
-
-t_check_acl(_) ->
-    User1 = #{zone => external, peerhost => {127,0,0,1}, clientid => <<"c1">>, username => <<"u1">>},
-    User2 = #{zone => external, peerhost => {127,0,0,1}, clientid => <<"c2">>, username => <<"u2">>},
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"t1">>),
-    deny = emqx_access_control:check_acl(User2, subscribe, <<"t1">>),
-    User3 = #{zone => external, peerhost => {10,10,0,110}, clientid => <<"c1">>, username => <<"u1">>},
-    User4 = #{zone => external, peerhost => {10,10,10,110}, clientid => <<"c1">>, username => <<"u1">>},
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
-    deny = emqx_access_control:check_acl(User3, subscribe, <<"t2">>),%% nomatch -> ignore -> emqx acl
-    deny = emqx_access_control:check_acl(User4, subscribe, <<"t1">>),%% nomatch -> ignore -> emqx acl
-    User5 = #{zone => external, peerhost => {127,0,0,1}, clientid => <<"c3">>, username => <<"u3">>},
-    allow = emqx_access_control:check_acl(User5, subscribe, <<"t1">>),
-    allow = emqx_access_control:check_acl(User5, publish, <<"t1">>).
-
-t_acl_super(_) ->
-    reload([{password_hash, plain}, {auth_query, "select password from mqtt_user where username = '%u' limit 1"}]),
-    {ok, C} = emqtt:start_link([{host, "localhost"}, {clientid, <<"simpleClient">>},
-                                {username, <<"plain">>}, {password, <<"plain">>}]),
-    {ok, _} = emqtt:connect(C),
-    timer:sleep(10),
-    emqtt:subscribe(C, <<"TopicA">>, qos2),
-    emqtt:publish(C, <<"TopicA">>, <<"Payload">>, qos2),
-    timer:sleep(1000),
-    receive
-        {publish, #{payload := Payload}} ->
-            ?assertEqual(<<"Payload">>, Payload)
-    after
-        1000 ->
-           ct:fail({receive_timeout, <<"Payload">>}),
-            ok
-    end,
-    emqtt:disconnect(C).
-
-reload(Config) when is_list(Config) ->
-    application:stop(?APP),
-    [application:set_env(?APP, K, V) || {K, V} <- Config],
-    application:start(?APP).
-
-init_acl() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
-    {ok, [], []} = epgsql:squery(Pid, ?DROP_ACL_TABLE),
-    {ok, [], []} = epgsql:squery(Pid, ?CREATE_ACL_TABLE),
-    {ok, _} = epgsql:equery(Pid, ?INIT_ACL).
-
-drop_acl() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
-    {ok, [], []}= epgsql:squery(Pid, ?DROP_ACL_TABLE).
-
-init_auth() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
-    {ok, [], []} = epgsql:squery(Pid, ?DROP_AUTH_TABLE),
-    {ok, [], []} = epgsql:squery(Pid, ?CREATE_AUTH_TABLE),
-    {ok, _} = epgsql:equery(Pid, ?INIT_AUTH).
-
-drop_auth() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
-    {ok, [], []} = epgsql:squery(Pid, ?DROP_AUTH_TABLE).
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca-key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca-key.pem
deleted file mode 100644
index e9717011e..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0kGUBi9NDp65jgdxKfizIfuSr2wpwb44yM9SuP4oUQSULOA2
-4iFpLR/c5FAYHU81y9Vx91dQjdZfffaBZuv2zVvteXUkol8Nez7boKbo2E41MTew
-8edtNKZAQVvnaHAC2NCZxjchCzUCDEoUUcl+cIERZ8R48FBqK5iTVcMRIx1akwus
-+dhBqP0ykA5TGOWZkJrLM9aUXSPQha9+wXlOpkvu0Ur2nkX8PPJnifWao9UShSar
-ll1IqPZNCSlZMwcFYcQNBCpdvITUUYlHvMRQV64bUpOxUGDuJkQL3dLKBlNuBRlJ
-BcjBAKw7rFnwwHZcMmQ9tan/dZzpzwjo/T0XjwIDAQABAoIBAQCSHvUqnzDkWjcG
-l/Fzg92qXlYBCCC0/ugj1sHcwvVt6Mq5rVE3MpUPwTcYjPlVVTlD4aEEjm/zQuq2
-ddxUlOS+r4aIhHrjRT/vSS4FpjnoKeIZxGR6maVxk6DQS3i1QjMYT1CvSpzyVvKH
-a+xXMrtmoKxh+085ZAmFJtIuJhUA2yEa4zggCxWnvz8ecLClUPfVDPhdLBHc3KmL
-CRpHEC6L/wanvDPRdkkzfKyaJuIJlTDaCg63AY5sDkTW2I57iI/nJ3haSeidfQKz
-39EfbnM1A/YprIakafjAu3frBIsjBVcxwGihZmL/YriTHjOggJF841kT5zFkkv2L
-/530Wk6xAoGBAOqZLZ4DIi/zLndEOz1mRbUfjc7GQUdYplBnBwJ22VdS0P4TOXnd
-UbJth2MA92NM7ocTYVFl4TVIZY/Y+Prxk7KQdHWzR7JPpKfx9OEVgtSqV0vF9eGI
-rKp79Y1T4Mvc3UcQCXX6TP7nHLihEzpS8odm2LW4txrOiLsn4Fq/IWrLAoGBAOVv
-6U4tm3lImotUupKLZPKEBYwruo9qRysoug9FiorP4TjaBVOfltiiHbAQD6aGfVtN
-SZpZZtrs17wL7Xl4db5asgMcZd+8Hkfo5siR7AuGW9FZloOjDcXb5wCh9EvjJ74J
-Cjw7RqyVymq9t7IP6wnVwj5Ck48YhlOZCz/mzlnNAoGAWq7NYFgLvgc9feLFF23S
-IjpJQZWHJEITP98jaYNxbfzYRm49+GphqxwFinKULjFNvq7yHlnIXSVYBOu1CqOZ
-GRwXuGuNmlKI7lZr9xmukfAqgGLMMdr4C4qRF4lFyufcLRz42z7exmWlx4ST/yaT
-E13hBRWayeTuG5JFei6Jh1MCgYEAqmX4LyC+JFBgvvQZcLboLRkSCa18bADxhENG
-FAuAvmFvksqRRC71WETmqZj0Fqgxt7pp3KFjO1rFSprNLvbg85PmO1s+6fCLyLpX
-lESTu2d5D71qhK93jigooxalGitFm+SY3mzjq0/AOpBWOn+J/w7rqVPGxXLgaHv0
-l+vx+00CgYBOvo9/ImjwYii2jFl+sHEoCzlvpITi2temRlT2j6ulSjCLJgjwEFw9
-8e+vvfQumQOsutakUVyURrkMGNDiNlIv8kv5YLCCkrwN22E6Ghyi69MJUvHQXkc/
-QZhjn/luyfpB5f/BeHFS2bkkxAXo+cfG45ApY3Qfz6/7o+H+vDa6/A==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem
deleted file mode 100644
index 00b31d8a4..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAeugAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowPDE6MDgGA1UEAwwxTXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DQV9DZXJ0aWZpY2F0ZTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJBlAYvTQ6euY4HcSn4syH7kq9s
-KcG+OMjPUrj+KFEElCzgNuIhaS0f3ORQGB1PNcvVcfdXUI3WX332gWbr9s1b7Xl1
-JKJfDXs+26Cm6NhONTE3sPHnbTSmQEFb52hwAtjQmcY3IQs1AgxKFFHJfnCBEWfE
-ePBQaiuYk1XDESMdWpMLrPnYQaj9MpAOUxjlmZCayzPWlF0j0IWvfsF5TqZL7tFK
-9p5F/DzyZ4n1mqPVEoUmq5ZdSKj2TQkpWTMHBWHEDQQqXbyE1FGJR7zEUFeuG1KT
-sVBg7iZEC93SygZTbgUZSQXIwQCsO6xZ8MB2XDJkPbWp/3Wc6c8I6P09F48CAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADKz6bIpP5anp
-GgLB0jkclRWuMlS4qqIt4itSsMXPJ/ezpHwECixmgW2TIQl6S1woRkUeMxhT2/Ay
-Sn/7aKxuzRagyE5NEGOvrOuAP5RO2ZdNJ/X3/Rh533fK1sOTEEbSsWUvW6iSkZef
-rsfZBVP32xBhRWkKRdLeLB4W99ADMa0IrTmZPCXHSSE2V4e1o6zWLXcOZeH1Qh8N
-SkelBweR+8r1Fbvy1r3s7eH7DCbYoGEDVLQGOLvzHKBisQHmoDnnF5E9g1eeNRdg
-o+vhOKfYCOzeNREJIqS42PHcGhdNRk90ycigPmfUJclz1mDHoMjKR2S5oosTpr65
-tNPx3CL7GA==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem
deleted file mode 100644
index aad1404ca..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAzANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0N1oXDTMwMDYwOTAzMzg0N1owQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DbGllbnRfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVYSWpOvCTupz82fc85Opv
-EQ7rkB8X2oOMyBCpkyHKBIr1ZQgRDWBp9UVOASq3GnSElm6+T3Kb1QbOffa8GIlw
-sjAueKdq5L2eSkmPIEQ7eoO5kEW+4V866hE1LeL/PmHg2lGP0iqZiJYtElhHNQO8
-3y9I7cm3xWMAA3SSWikVtpJRn3qIp2QSrH+tK+/HHbE5QwtPxdir4ULSCSOaM5Yh
-Wi5Oto88TZqe1v7SXC864JVvO4LuS7TuSreCdWZyPXTJFBFeCEWSAxonKZrqHbBe
-CwKML6/0NuzjaQ51c2tzmVI6xpHj3nnu4cSRx6Jf9WBm+35vm0wk4pohX3ptdzeV
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAByQ5zSNeFUH
-Aw7JlpZHtHaSEeiiyBHke20ziQ07BK1yi/ms2HAWwQkpZv149sjNuIRH8pkTmkZn
-g8PDzSefjLbC9AsWpWV0XNV22T/cdobqLqMBDDZ2+5bsV+jTrOigWd9/AHVZ93PP
-IJN8HJn6rtvo2l1bh/CdsX14uVSdofXnuWGabNTydqtMvmCerZsdf6qKqLL+PYwm
-RDpgWiRUY7KPBSSlKm/9lJzA+bOe4dHeJzxWFVCJcbpoiTFs1je1V8kKQaHtuW39
-ifX6LTKUMlwEECCbDKM8Yq2tm8NjkjCcnFDtKg8zKGPUu+jrFMN5otiC3wnKcP7r
-O9EkaPcgYH8=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem
deleted file mode 100644
index 6789d0291..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1WElqTrwk7qc/Nn3POTqbxEO65AfF9qDjMgQqZMhygSK9WUI
-EQ1gafVFTgEqtxp0hJZuvk9ym9UGzn32vBiJcLIwLninauS9nkpJjyBEO3qDuZBF
-vuFfOuoRNS3i/z5h4NpRj9IqmYiWLRJYRzUDvN8vSO3Jt8VjAAN0klopFbaSUZ96
-iKdkEqx/rSvvxx2xOUMLT8XYq+FC0gkjmjOWIVouTraPPE2antb+0lwvOuCVbzuC
-7ku07kq3gnVmcj10yRQRXghFkgMaJyma6h2wXgsCjC+v9Dbs42kOdXNrc5lSOsaR
-49557uHEkceiX/VgZvt+b5tMJOKaIV96bXc3lQIDAQABAoIBAF7yjXmSOn7h6P0y
-WCuGiTLG2mbDiLJqj2LTm2Z5i+2Cu/qZ7E76Ls63TxF4v3MemH5vGfQhEhR5ZD/6
-GRJ1sKKvB3WGRqjwA9gtojHH39S/nWGy6vYW/vMOOH37XyjIr3EIdIaUtFQBTSHd
-Kd71niYrAbVn6fyWHolhADwnVmTMOl5OOAhCdEF4GN3b5aIhIu8BJ7EUzTtHBJIj
-CAEfjZFjDs1y1cIgGFJkuIQxMfCpq5recU2qwip7YO6fk//WEjOPu7kSf5IEswL8
-jg1dea9rGBV6KaD2xsgsC6Ll6Sb4BbsrHMfflG3K2Lk3RdVqqTFp1Fn1PTLQE/1S
-S/SZPYECgYEA9qYcHKHd0+Q5Ty5wgpxKGa4UCWkpwvfvyv4bh8qlmxueB+l2AIdo
-ZvkM8gTPagPQ3WypAyC2b9iQu70uOJo1NizTtKnpjDdN1YpDjISJuS/P0x73gZwy
-gmoM5AzMtN4D6IbxXtXnPaYICvwLKU80ouEN5ZPM4/ODLUu6gsp0v2UCgYEA3Xgi
-zMC4JF0vEKEaK0H6QstaoXUmw/lToZGH3TEojBIkb/2LrHUclygtONh9kJSFb89/
-jbmRRLAOrx3HZKCNGUmF4H9k5OQyAIv6OGBinvLGqcbqnyNlI+Le8zxySYwKMlEj
-EMrBCLmSyi0CGFrbZ3mlj/oCET/ql9rNvcK+DHECgYAEx5dH3sMjtgp+RFId1dWB
-xePRgt4yTwewkVgLO5wV82UOljGZNQaK6Eyd7AXw8f38LHzh+KJQbIvxd2sL4cEi
-OaAoohpKg0/Y0YMZl//rPMf0OWdmdZZs/I0fZjgZUSwWN3c59T8z7KG/RL8an9RP
-S7kvN7wCttdV61/D5RR6GQKBgDxCe/WKWpBKaovzydMLWLTj7/0Oi0W3iXHkzzr4
-LTgvl4qBSofaNbVLUUKuZTv5rXUG2IYPf99YqCYtzBstNDc1MiAriaBeFtzfOW4t
-i6gEFtoLLbuvPc3N5Sv5vn8Ug5G9UfU3td5R4AbyyCcoUZqOFuZd+EIJSiOXfXOs
-kVmBAoGBAIU9aPAqhU5LX902oq8KsrpdySONqv5mtoStvl3wo95WIqXNEsFY60wO
-q02jKQmJJ2MqhkJm2EoF2Mq8+40EZ5sz8LdgeQ/M0yQ9lAhPi4rftwhpe55Ma9dk
-SE9X1c/DMCBEaIjJqVXdy0/EeArwpb8sHkguVVAZUWxzD+phm1gs
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/private_key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/private_key.pem
deleted file mode 100644
index 8fbf6bdec..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/private_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1zVmMhPqpSPMmYkKh5wwlRD5XuS8YWJKEM6tjFx61VK8qxHE
-YngkC2KnL5EuKAjQZIF3tJskwt0hAat047CCCZxrkNEpbVvSnvnk+A/8bg/Ww1n3
-qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XAPy7ZjzecAF9SDV6WSiPeAxUX2+hN
-dId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGwcnkKCUikiBqr2ijSIgvRtBfZ9fBG
-jFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtPnBtTytmqTy9V/BRgsVKUoksm6wsx
-kUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h+wIDAQABAoIBAEQcrHmRACTADdNS
-IjkFYALt2l8EOfMAbryfDSJtapr1kqz59JPNvmq0EIHnixo0n/APYdmReLML1ZR3
-tYkSpjVwgkLVUC1CcIjMQoGYXaZf8PLnGJHZk45RR8m6hsTV0mQ5bfBaeVa2jbma
-OzJMjcnxg/3l9cPQZ2G/3AUfEPccMxOXp1KRz3mUQcGnKJGtDbN/kfmntcwYoxaE
-Zg4RoeKAoMpK1SSHAiJKe7TnztINJ7uygR9XSzNd6auY8A3vomSIjpYO7XL+lh7L
-izm4Ir3Gb/eCYBvWgQyQa2KCJgK/sQyEs3a09ngofSEUhQJQYhgZDwUj+fDDOGqj
-hCZOA8ECgYEA+ZWuHdcUQ3ygYhLds2QcogUlIsx7C8n/Gk/FUrqqXJrTkuO0Eqqa
-B47lCITvmn2zm0ODfSFIARgKEUEDLS/biZYv7SUTrFqBLcet+aGI7Dpv91CgB75R
-tNzcIf8VxoiP0jPqdbh9mLbbxGi5Uc4p9TVXRljC4hkswaouebWee0sCgYEA3L2E
-YB3kiHrhPI9LHS5Px9C1w+NOu5wP5snxrDGEgaFCvL6zgY6PflacppgnmTXl8D1x
-im0IDKSw5dP3FFonSVXReq3CXDql7UnhfTCiLDahV7bLxTH42FofcBpDN3ERdOal
-58RwQh6VrLkzQRVoObo+hbGlFiwwSAfQC509FhECgYBsRSBpVXo25IN2yBRg09cP
-+gdoFyhxrsj5kw1YnB13WrrZh+oABv4WtUhp77E5ZbpaamlKCPwBbXpAjeFg4tfr
-0bksuN7V79UGFQ9FsWuCfr8/nDwv38H2IbFlFhFONMOfPmJBey0Q6JJhm8R41mSh
-OOiJXcv85UrjIH5U0hLUDQKBgQDVLOU5WcUJlPoOXSgiT0ZW5xWSzuOLRUUKEf6l
-19BqzAzCcLy0orOrRAPW01xylt2v6/bJw1Ahva7k1ZZo/kOwjANYoZPxM+ZoSZBN
-MXl8j2mzZuJVV1RFxItV3NcLJNPB/Lk+IbRz9kt/2f9InF7iWR3mSU/wIM6j0X+2
-p6yFsQKBgQCM/ldWb511lA+SNkqXB2P6WXAgAM/7+jwsNHX2ia2Ikufm4SUEKMSv
-mti/nZkHDHsrHU4wb/2cOAywMELzv9EHzdcoenjBQP65OAc/1qWJs+LnBcCXfqKk
-aHjEZW6+brkHdRGLLY3YAHlt/AUL+RsKPJfN72i/FSpmu+52G36eeQ==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/public_key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/public_key.pem
deleted file mode 100644
index f9772b533..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/public_key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zVmMhPqpSPMmYkKh5ww
-lRD5XuS8YWJKEM6tjFx61VK8qxHEYngkC2KnL5EuKAjQZIF3tJskwt0hAat047CC
-CZxrkNEpbVvSnvnk+A/8bg/Ww1n3qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XA
-Py7ZjzecAF9SDV6WSiPeAxUX2+hNdId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGw
-cnkKCUikiBqr2ijSIgvRtBfZ9fBGjFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtP
-nBtTytmqTy9V/BRgsVKUoksm6wsxkUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h
-+wIDAQAB
------END PUBLIC KEY-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem
deleted file mode 100644
index a2f9688df..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcEnEm5hqP1EbEJycOz8Ua
-NWp29QdpFUzTWhkKGhVXk+0msmNTw4NBAFB42moY44OU8wvDideOlJNhPRWveD8z
-G2lxzJA91p0UK4et8ia9MmeuCGhdC9jxJ8X69WNlUiPyy0hI/ZsqRq9Z0C2eW0iL
-JPXsy4X8Xpw3SFwoXf5pR9RFY5Pb2tuyxqmSestu2VXT/NQjJg4CVDR3mFcHPXZB
-4elRzH0WshExEGkgy0bg20MJeRc2Qdb5Xx+EakbmwroDWaCn3NSGqQ7jv6Vw0doy
-TGvS6h6RHBxnyqRfRgKGlCoOMG9/5+rFJC00QpCUG2vHXHWGoWlMlJ3foN7rj5v9
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ5zt2rj4Ag6
-zpN59AWC1Fur8g8l41ksHkSpKPp+PtyO/ngvbMqBpfmK1e7JCKZv/68QXfMyWWAI
-hwalqZkXXWHKjuz3wE7dE25PXFXtGJtcZAaj10xt98fzdqt8lQSwh2kbfNwZIz1F
-sgAStgE7+ZTcqTgvNB76Os1UK0to+/P0VBWktaVFdyub4Nc2SdPVnZNvrRBXBwOD
-3V8ViwywDOFoE7DvCvwx/SVsvoC0Z4j3AMMovO6oHicP7uU83qsQgm1Qru3YeoLR
-+DoVi7IPHbWvN7MqFYn3YjNlByO2geblY7MR0BlqbFlmFrqLsUfjsh2ys7/U/knC
-dN/klu446fI=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem
deleted file mode 100644
index a1dfd5f78..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAnBJxJuYaj9RGxCcnDs/FGjVqdvUHaRVM01oZChoVV5PtJrJj
-U8ODQQBQeNpqGOODlPMLw4nXjpSTYT0Vr3g/MxtpccyQPdadFCuHrfImvTJnrgho
-XQvY8SfF+vVjZVIj8stISP2bKkavWdAtnltIiyT17MuF/F6cN0hcKF3+aUfURWOT
-29rbssapknrLbtlV0/zUIyYOAlQ0d5hXBz12QeHpUcx9FrIRMRBpIMtG4NtDCXkX
-NkHW+V8fhGpG5sK6A1mgp9zUhqkO47+lcNHaMkxr0uoekRwcZ8qkX0YChpQqDjBv
-f+fqxSQtNEKQlBtrx1x1hqFpTJSd36De64+b/QIDAQABAoIBAFiah66Dt9SruLkn
-WR8piUaFyLlcBib8Nq9OWSTJBhDAJERxxb4KIvvGB+l0ZgNXNp5bFPSfzsZdRwZP
-PX5uj8Kd71Dxx3mz211WESMJdEC42u+MSmN4lGLkJ5t/sDwXU91E1vbJM0ve8THV
-4/Ag9qA4DX2vVZOeyqT/6YHpSsPNZplqzrbAiwrfHwkctHfgqwOf3QLfhmVQgfCS
-VwidBldEUv2whSIiIxh4Rv5St4kA68IBCbJxdpOpyuQBkk6CkxZ7VN9FqOuSd4Pk
-Wm7iWyBMZsCmELZh5XAXld4BEt87C5R4CvbPBDZxAv3THk1DNNvpy3PFQfwARRFb
-SAToYMECgYEAyL7U8yxpzHDYWd3oCx6vTi9p9N/z0FfAkWrRF6dm4UcSklNiT1Aq
-EOnTA+SaW8tV3E64gCWcY23gNP8so/ZseWj6L+peHwtchaP9+KB7yGw2A+05+lOx
-VetLTjAOmfpiUXFe5w1q4C1RGhLjZjjzW+GvwdAuchQgUEFaomrV+PUCgYEAxwfH
-cmVGFbAktcjU4HSRjKSfawCrut+3YUOLybyku3Q/hP9amG8qkVTFe95CTLjLe2D0
-ccaTTpofFEJ32COeck0g0Ujn/qQ+KXRoauOYs4FB1DtqMpqB78wufWEUpDpbd9/h
-J+gJdC/IADd4tJW9zA92g8IA7ZtFmqDtiSpQ0ekCgYAQGkaorvJZpN+l7cf0RGTZ
-h7IfI2vCVZer0n6tQA9fmLzjoe6r4AlPzAHSOR8sp9XeUy43kUzHKQQoHCPvjw/K
-eWJAP7OHF/k2+x2fOPhU7mEy1W+mJdp+wt4Kio5RSaVjVQ3AyPG+w8PSrJszEvRq
-dWMMz+851WV2KpfjmWBKlQKBgQC++4j4DZQV5aMkSKV1CIZOBf3vaIJhXKEUFQPD
-PmB4fBEjpwCg+zNGp6iktt65zi17o8qMjrb1mtCt2SY04eD932LZUHNFlwcLMmes
-Ad+aiDLJ24WJL1f16eDGcOyktlblDZB5gZ/ovJzXEGOkLXglosTfo77OQculmDy2
-/UL2WQKBgGeKasmGNfiYAcWio+KXgFkHXWtAXB9B91B1OFnCa40wx+qnl71MIWQH
-PQ/CZFNWOfGiNEJIZjrHsfNJoeXkhq48oKcT0AVCDYyLV0VxDO4ejT95mGW6njNd
-JpvmhwwAjOvuWVr0tn4iXlSK8irjlJHmwcRjLTJq97vE9fsA2MjI
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_redis/.gitignore b/apps/emqx_auth_redis/.gitignore
deleted file mode 100644
index 71ecbe89a..000000000
--- a/apps/emqx_auth_redis/.gitignore
+++ /dev/null
@@ -1,28 +0,0 @@
-.rebar/
-.eunit/
-.erlang.mk/
-emqttd_auth_redis.d
-deps/
-ct.coverdata
-logs/
-test/ct.cover.spec
-ebin/
-*.o
-*.beam
-*.plt
-erl_crash.dump
-data
-emqx_auth_redis.d
-cover/
-eunit.coverdata
-_build/
-rebar.lock
-erlang.mk
-*.conf.rendered
-.rebar3/
-*.swp
-rebar.lock
-/.idea/
-.DS_Store
-/.ci/redis/nodes.*.conf
-/.ci/redis/*.log
\ No newline at end of file
diff --git a/apps/emqx_auth_redis/README.md b/apps/emqx_auth_redis/README.md
deleted file mode 100644
index 9aa851f88..000000000
--- a/apps/emqx_auth_redis/README.md
+++ /dev/null
@@ -1,171 +0,0 @@
-emqx_auth_redis
-===============
-
-EMQ X Redis Authentication/ACL Plugin
-
-Features
----------
-
-- Full *Authentication*, *Superuser*, *ACL* support
-- IPv4, IPv6 support
-- Connection pool by [ecpool](https://github.com/emqx/ecpool)
-- Support `single`, `sentinel`, `cluster` deployment structures of Redis
-- Completely cover Redis 5, Redis 6 in our tests
-
-
-Build Plugin
-------------
-
-```
-make && make tests
-```
-
-Configure Plugin
-----------------
-
-File: etc/emqx_auth_redis.conf
-
-```
-## Redis server address.
-##
-## Value: Port | IP:Port
-##
-## Redis Server: 6379, 127.0.0.1:6379, localhost:6379, Redis Sentinel: 127.0.0.1:26379
-auth.redis.server = 127.0.0.1:6379
-
-## redis sentinel cluster name
-## auth.redis.sentinel = mymaster
-
-## Redis pool size.
-##
-## Value: Number
-auth.redis.pool = 8
-
-## Redis database no.
-##
-## Value: Number
-auth.redis.database = 0
-
-## Redis password.
-##
-## Value: String
-## auth.redis.password =
-
-## Authentication query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Examples:
-##  - HGET mqtt_user:%u password
-##  - HMGET mqtt_user:%u password
-##  - HMGET mqtt_user:%u password salt
-auth.redis.auth_cmd = HMGET mqtt_user:%u password
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.redis.password_hash = plain
-
-## sha256 with salt prefix
-## auth.redis.password_hash = salt,sha256
-
-## sha256 with salt suffix
-## auth.redis.password_hash = sha256,salt
-
-## bcrypt with salt prefix
-## auth.redis.password_hash = salt,bcrypt
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.redis.password_hash = pbkdf2,sha256,1000,20
-
-## Superuser query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
-
-## ACL query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-auth.redis.acl_cmd = HGETALL mqtt_acl:%u
-```
-
-SuperUser
----------
-
-```
-HSET mqtt_user:<username> is_superuser 1
-```
-
-User Hash with Password Salt
-----------------------------
-
-Set a 'user' hash with 'password' 'salt' field, for example:
-
-```
-HMSET mqtt_user:<username> password "password" salt "salt"
-```
-
-User Set with Password
------------------------
-
-Set a 'user' Set with 'password' field for example:
-
-```
-HSET mqtt_user:<username> password "password"
-```
-
-ACL Rule Hash
--------------
-
-The plugin uses a redis hash to store ACL rules:
-
-```
-HSET mqtt_acl:<username> topic1 1
-HSET mqtt_acl:<username> topic2 2
-HSET mqtt_acl:<username> topic3 3
-```
-
-NOTE: 1: subscribe, 2: publish, 3: pubsub
-
-Subscription Hash
------------------
-
-NOTICE: Move to emqx_backend_redis...
-
-The plugin could store the static subscriptions into a redis Hash:
-
-```
-HSET mqtt_sub:<username> topic1 0
-HSET mqtt_sub:<username> topic2 1
-HSET mqtt_sub:<username> topic3 2
-```
-
-Load Plugin
------------
-
-```
-./bin/emqx_ctl plugins load emqx_auth_redis
-```
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_redis/etc/emqx_auth_redis.conf b/apps/emqx_auth_redis/etc/emqx_auth_redis.conf
deleted file mode 100644
index 62a6e4fe1..000000000
--- a/apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+++ /dev/null
@@ -1,131 +0,0 @@
-##--------------------------------------------------------------------
-## Redis Auth/ACL Plugin
-##--------------------------------------------------------------------
-## Redis Server cluster type
-## single    Single redis server
-## sentinel  Redis cluster through sentinel
-## cluster   Redis through cluster
-auth.redis.type = single
-
-## Redis server address.
-##
-## Value: Port | IP:Port
-##
-## Single Redis Server: 127.0.0.1:6379, localhost:6379
-## Redis Sentinel: "127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379"
-## Redis Cluster: "127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379"
-auth.redis.server = "127.0.0.1:6379"
-
-## Redis sentinel cluster name.
-##
-## Value: String
-## auth.redis.sentinel = mymaster
-
-## Redis pool size.
-##
-## Value: Number
-auth.redis.pool = 8
-
-## Redis database no.
-##
-## Value: Number
-auth.redis.database = 0
-
-## Redis password.
-##
-## Value: String
-## auth.redis.password =
-
-## Redis query timeout
-##
-## Value: Duration
-## auth.redis.query_timeout = 5s
-
-## Authentication query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Examples:
-##  - "HGET mqtt_user:%u password"
-##  - "HMGET mqtt_user:%u password"
-##  - "HMGET mqtt_user:%u password salt"
-auth.redis.auth_cmd = "HMGET mqtt_user:%u password"
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.redis.password_hash = plain
-
-## sha256 with salt prefix
-## auth.redis.password_hash = "salt,sha256"
-
-## sha256 with salt suffix
-## auth.redis.password_hash = "sha256,salt"
-
-## bcrypt with salt prefix
-## auth.redis.password_hash = "salt,bcrypt"
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.redis.password_hash = "pbkdf2,sha256,1000,20"
-
-## Superuser query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-auth.redis.super_cmd = "HGET mqtt_user:%u is_superuser"
-
-## ACL query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-auth.redis.acl_cmd = "HGETALL mqtt_acl:%u"
-
-## Redis ssl configuration.
-##
-## Value: on | off
-# auth.redis.ssl.enable = off
-
-## CA certificate.
-##
-## Value: File
-#auth.redis.ssl.cacertfile = path/to/your/cafile.pem
-
-## Client ssl certificate.
-##
-## Value: File
-# auth.redis.ssl.certfile = path/to/your/certfile
-
-## Client ssl keyfile.
-##
-## Value: File
-# auth.redis.ssl.keyfile = path/to/your/keyfile
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-#auth.redis.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.redis.server` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.redis.ssl.server_name_indication = disable
\ No newline at end of file
diff --git a/apps/emqx_auth_redis/include/emqx_auth_redis.hrl b/apps/emqx_auth_redis/include/emqx_auth_redis.hrl
deleted file mode 100644
index 204d8ef70..000000000
--- a/apps/emqx_auth_redis/include/emqx_auth_redis.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
-
--define(APP, emqx_auth_redis).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_redis/priv/emqx_auth_redis.schema b/apps/emqx_auth_redis/priv/emqx_auth_redis.schema
deleted file mode 100644
index db758d8c0..000000000
--- a/apps/emqx_auth_redis/priv/emqx_auth_redis.schema
+++ /dev/null
@@ -1,184 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_redis config mapping
-
-{mapping, "auth.redis.type", "emqx_auth_redis.server", [
-  {default, single},
-  {datatype, {enum, [single, sentinel, cluster]}}
-]}.
-
-{mapping, "auth.redis.server", "emqx_auth_redis.server", [
-  {default, "127.0.0.1:6379"},
-  {datatype, [string]}
-]}.
-
-{mapping, "auth.redis.sentinel", "emqx_auth_redis.server", [
-  {default, ""},
-  {datatype, string},
-  hidden
-]}.
-
-{mapping, "auth.redis.pool", "emqx_auth_redis.server", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.redis.database", "emqx_auth_redis.server", [
-  {default, 0},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.redis.password", "emqx_auth_redis.server", [
-  {default, ""},
-  {datatype, string},
-  hidden
-]}.
-
-{mapping, "auth.redis.ssl.enable", "emqx_auth_redis.options", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.redis.ssl.cacertfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.ssl.certfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.ssl.keyfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.ssl.verify", "emqx_auth_redis.options", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.redis.ssl.server_name_indication", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.redis.cafile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.redis.certfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.redis.keyfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_redis.options", fun(Conf) ->
-   Ssl = cuttlefish:conf_get("auth.redis.ssl.enable", Conf, false),
-   Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-   case Ssl of
-       true ->
-           %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-           CA = cuttlefish:conf_get(
-                    "auth.redis.ssl.cacertfile", Conf,
-                    cuttlefish:conf_get("auth.redis.cafile", Conf, undefined)
-                ),
-           Cert = cuttlefish:conf_get(
-                    "auth.redis.ssl.certfile", Conf,
-                    cuttlefish:conf_get("auth.redis.certfile", Conf, undefined)
-                  ),
-           Key = cuttlefish:conf_get(
-                    "auth.redis.ssl.keyfile", Conf,
-                    cuttlefish:conf_get("auth.redis.keyfile", Conf, undefined)
-                 ),
-           Verify = case cuttlefish:conf_get("auth.redis.ssl.verify", Conf, false) of
-                         true -> verify_peer;
-                         false -> verify_none
-                     end,
-           SNI = case cuttlefish:conf_get("auth.redis.ssl.server_name_indication", Conf, undefined) of
-                   "disable" -> disable;
-                   SNI0 -> SNI0
-                 end,
-           [{options, [{ssl_options,
-                        Filter([{cacertfile, CA},
-                                {certfile, Cert},
-                                {keyfile, Key},
-                                {verify, Verify},
-                                {server_name_indication, SNI}
-                               ])
-                       }]}];
-       _ -> [{options, []}]
-   end
-end}.
-
-{translation, "emqx_auth_redis.server", fun(Conf) ->
-  Fun = fun(S) ->
-    case string:split(S, ":", trailing) of
-      [Domain]       -> {Domain, 6379};
-      [Domain, Port] -> {Domain, list_to_integer(Port)}
-    end
-  end,
-  Servers = cuttlefish:conf_get("auth.redis.server", Conf),
-  Type = cuttlefish:conf_get("auth.redis.type", Conf),
-  Server = case Type of
-    single ->
-      {Host, Port} = Fun(Servers),
-      [{host, Host}, {port, Port}];
-    _ ->
-      S = string:tokens(Servers, ","),
-      [{servers, [Fun(S1) || S1 <- S]}]
-  end,
-  Pool = cuttlefish:conf_get("auth.redis.pool", Conf),
-  Passwd = cuttlefish:conf_get("auth.redis.password", Conf),
-  DB = cuttlefish:conf_get("auth.redis.database", Conf),
-  Sentinel = cuttlefish:conf_get("auth.redis.sentinel", Conf),
-  [{type, Type},
-   {pool_size, Pool},
-   {auto_reconnect, 1},
-   {database, DB},
-   {password, Passwd},
-   {sentinel, Sentinel}] ++ Server
-end}.
-
-{mapping, "auth.redis.query_timeout", "emqx_auth_redis.query_timeout", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_redis.query_timeout", fun(Conf) ->
-  case cuttlefish:conf_get("auth.redis.query_timeout", Conf) of
-      "" -> infinity;
-      Duration ->
-          case cuttlefish_duration:parse(Duration, ms) of
-              {error, Reason} -> error(Reason);
-              Ms when is_integer(Ms) -> Ms
-          end
-  end
-end}.
-
-{mapping, "auth.redis.auth_cmd", "emqx_auth_redis.auth_cmd", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.password_hash", "emqx_auth_redis.password_hash", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.super_cmd", "emqx_auth_redis.super_cmd", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.acl_cmd", "emqx_auth_redis.acl_cmd", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_redis.password_hash", fun(Conf) ->
-  HashValue = cuttlefish:conf_get("auth.redis.password_hash", Conf),
-  case string:tokens(HashValue, ",") of
-    [Hash]           -> list_to_atom(Hash);
-    [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
-    [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
-    _                -> plain
-  end
-end}.
diff --git a/apps/emqx_auth_redis/rebar.config b/apps/emqx_auth_redis/rebar.config
deleted file mode 100644
index 750f07809..000000000
--- a/apps/emqx_auth_redis/rebar.config
+++ /dev/null
@@ -1,24 +0,0 @@
-{deps,
-  %% NOTE: mind poolboy version when updating eredis_cluster version
-  %% poolboy version may clash with emqx_auth_mongo
- [
-  {poolboy, {git, "https://github.com/emqx/poolboy.git", {tag, "1.5.2"}}}
- ]}.
-
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions
-              ]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_auth_redis/src/emqx_acl_redis.erl b/apps/emqx_auth_redis/src/emqx_acl_redis.erl
deleted file mode 100644
index 47f5acbba..000000000
--- a/apps/emqx_auth_redis/src/emqx_acl_redis.erl
+++ /dev/null
@@ -1,86 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_redis).
-
--include("emqx_auth_redis.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo, PubSub, Topic, AclResult, Config) ->
-    case do_check_acl(ClientInfo, PubSub, Topic, AclResult, Config) of
-        ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
-        {stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
-        {stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
-    end.
-
-do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Config) ->
-    ok;
-do_check_acl(ClientInfo, PubSub, Topic, _AclResult,
-             #{acl_cmd := AclCmd, timeout := Timeout, type := Type, pool := Pool}) ->
-    case emqx_auth_redis_cli:q(Pool, Type, AclCmd, ClientInfo, Timeout) of
-        {ok, []} -> ok;
-        {ok, Rules} ->
-            case match(ClientInfo, PubSub, Topic, Rules) of
-                allow   -> {stop, allow};
-                nomatch -> {stop, deny}
-            end;
-        {error, Reason} ->
-            ?LOG(error, "[Redis] do_check_acl error: ~p", [Reason]),
-            ok
-    end.
-
-match(_ClientInfo, _PubSub, _Topic, []) ->
-    nomatch;
-match(ClientInfo, PubSub, Topic, [Filter, Access | Rules]) ->
-    case {match_topic(Topic, feed_var(ClientInfo, Filter)),
-          match_access(PubSub, b2i(Access))} of
-        {true, true} -> allow;
-        {_, _} -> match(ClientInfo, PubSub, Topic, Rules)
-    end.
-
-match_topic(Topic, Filter) ->
-    emqx_topic:match(Topic, Filter).
-
-match_access(subscribe, Access) ->
-    (1 band Access) > 0;
-match_access(publish, Access) ->
-    (2 band Access) > 0.
-
-feed_var(#{clientid := ClientId, username := Username}, Str) ->
-    lists:foldl(fun({Var, Val}, Acc) ->
-                feed_var(Acc, Var, Val)
-        end, Str, [{"%u", Username}, {"%c", ClientId}]).
-
-feed_var(Str, _Var, undefined) ->
-    Str;
-feed_var(Str, Var, Val) ->
-    re:replace(Str, Var, Val, [global, {return, binary}]).
-
-b2i(Bin) -> list_to_integer(binary_to_list(Bin)).
-
-description() -> "Redis ACL Module".
-
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis.app.src b/apps/emqx_auth_redis/src/emqx_auth_redis.app.src
deleted file mode 100644
index 419131566..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_redis,
- [{description, "EMQ X Authentication/ACL with Redis"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_redis_sup]},
-  {applications, [kernel,stdlib,eredis,eredis_cluster,ecpool]},
-  {mod, {emqx_auth_redis_app, []}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-redis"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis.erl b/apps/emqx_auth_redis/src/emqx_auth_redis.erl
deleted file mode 100644
index 318a8b23a..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.erl
+++ /dev/null
@@ -1,85 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis).
-
--include("emqx_auth_redis.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{password := Password}, AuthResult,
-      #{auth_cmd  := AuthCmd,
-        super_cmd := SuperCmd,
-        hash_type := HashType,
-        timeout   := Timeout,
-        type      := Type,
-        pool      := Pool}) ->
-    CheckPass = case emqx_auth_redis_cli:q(Pool, Type, AuthCmd, ClientInfo, Timeout) of
-                    {ok, PassHash} when is_binary(PassHash) ->
-                        check_pass({PassHash, Password}, HashType);
-                    {ok, [undefined|_]} ->
-                        {error, not_found};
-                    {ok, [PassHash]} ->
-                        check_pass({PassHash, Password}, HashType);
-                    {ok, [PassHash, Salt|_]} ->
-                        check_pass({PassHash, Salt, Password}, HashType);
-                    {error, Reason} ->
-                        ?LOG(error, "[Redis] Command: ~p failed: ~p", [AuthCmd, Reason]),
-                        {error, not_found}
-                end,
-    case CheckPass of
-        ok ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(success)),
-            IsSuperuser = is_superuser(Pool, Type, SuperCmd, ClientInfo, Timeout),
-            {stop, AuthResult#{is_superuser => IsSuperuser,
-                               anonymous    => false,
-                               auth_result  => success}};
-        {error, not_found} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {error, ResultCode} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-            ?LOG(error, "[Redis] Auth from redis failed: ~p", [ResultCode]),
-            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
-    end.
-
-description() -> "Authentication with Redis".
-
--spec(is_superuser(atom(), atom(), undefined|list(), emqx_types:client(), timeout()) -> boolean()).
-is_superuser(_Pool, _Type, undefined, _ClientInfo, _Timeout) -> false;
-is_superuser(Pool, Type, SuperCmd, ClientInfo, Timeout) ->
-    case emqx_auth_redis_cli:q(Pool, Type, SuperCmd, ClientInfo, Timeout) of
-        {ok, undefined} -> false;
-        {ok, <<"1">>}   -> true;
-        {ok, _Other}    -> false;
-        {error, _Error} -> false
-    end.
-
-check_pass(Password, HashType) ->
-    case emqx_passwd:check_pass(Password, HashType) of
-        ok -> ok;
-        {error, _Reason} -> {error, not_authorized}
-    end.
-
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl b/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
deleted file mode 100644
index 3f0b6ce26..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
+++ /dev/null
@@ -1,70 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_redis.hrl").
-
--export([ start/2
-        , stop/1
-        ]).
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_redis_sup:start_link(),
-    _ = if_cmd_enabled(auth_cmd, fun load_auth_hook/1),
-    _ = if_cmd_enabled(acl_cmd,  fun load_acl_hook/1),
-    {ok, Sup}.
-
-stop(_State) ->
-    emqx:unhook('client.authenticate', {emqx_auth_redis, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_redis, check_acl}),
-    %% Ensure stop cluster pool if the server type is cluster
-    eredis_cluster:stop_pool(?APP).
-
-load_auth_hook(AuthCmd) ->
-    SuperCmd = application:get_env(?APP, super_cmd, undefined),
-    {ok, HashType} = application:get_env(?APP, password_hash),
-    {ok, Timeout} = application:get_env(?APP, query_timeout),
-    Type = proplists:get_value(type, application:get_env(?APP, server, [])),
-    Config = #{auth_cmd => AuthCmd,
-               super_cmd => SuperCmd,
-               hash_type => HashType,
-               timeout => Timeout,
-               type => Type,
-               pool => ?APP},
-    ok = emqx_auth_redis:register_metrics(),
-    emqx:hook('client.authenticate', {emqx_auth_redis, check, [Config]}).
-
-load_acl_hook(AclCmd) ->
-    {ok, Timeout} = application:get_env(?APP, query_timeout),
-    Type = proplists:get_value(type, application:get_env(?APP, server, [])),
-    Config = #{acl_cmd => AclCmd,
-               timeout => Timeout,
-               type => Type,
-               pool => ?APP},
-    ok = emqx_acl_redis:register_metrics(),
-    emqx:hook('client.check_acl', {emqx_acl_redis, check_acl, [Config]}).
-
-if_cmd_enabled(Par, Fun) ->
-    case application:get_env(?APP, Par) of
-        {ok, Cmd} -> Fun(Cmd);
-        undefined -> ok
-    end.
-
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl b/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
deleted file mode 100644
index 52ac39a7b..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
+++ /dev/null
@@ -1,89 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis_cli).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_redis.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--import(proplists, [get_value/2, get_value/3]).
-
--export([ connect/1
-        , q/5
-        ]).
-
-%%--------------------------------------------------------------------
-%% Redis Connect/Query
-%%--------------------------------------------------------------------
-
-connect(Opts) ->
-    Sentinel = get_value(sentinel, Opts),
-    Host = case Sentinel =:= "" of
-        true -> get_value(host, Opts);
-        false ->
-            _ = eredis_sentinel:start_link(get_value(servers, Opts), get_value(options, Opts, [])),
-            "sentinel:" ++ Sentinel
-    end,
-    case eredis:start_link(Host,
-                           get_value(port, Opts, 6379),
-                           get_value(database, Opts, 0),
-                           get_value(password, Opts, ""),
-                           3000,
-                           5000,
-                           get_value(options, Opts, [])) of
-            {ok, Pid} -> {ok, Pid};
-            {error, Reason = {connection_error, _}} ->
-                ?LOG(error, "[Redis] Can't connect to Redis server: Connection refused."),
-                {error, Reason};
-            {error, Reason = {authentication_error, _}} ->
-                ?LOG(error, "[Redis] Can't connect to Redis server: Authentication failed."),
-                {error, Reason};
-            {error, Reason} ->
-                ?LOG(error, "[Redis] Can't connect to Redis server: ~p", [Reason]),
-                {error, Reason}
-    end.
-
-%% Redis Query.
--spec(q(atom(), atom(), string(), emqx_types:credentials(), timeout())
-      -> {ok, undefined | binary() | list()} | {error, atom() | binary()}).
-q(Pool, Type, CmdStr, Credentials, Timeout) ->
-    Cmd = string:tokens(replvar(CmdStr, Credentials), " "),
-    case Type of
-        cluster -> eredis_cluster:q(Pool, Cmd);
-        _ -> ecpool:with_client(Pool, fun(C) -> eredis:q(C, Cmd, Timeout) end)
-    end.
-
-replvar(Cmd, Credentials = #{cn := CN}) ->
-    replvar(repl(Cmd, "%C", CN), maps:remove(cn, Credentials));
-replvar(Cmd, Credentials = #{dn := DN}) ->
-    replvar(repl(Cmd, "%d", DN), maps:remove(dn, Credentials));
-replvar(Cmd, Credentials = #{clientid := ClientId}) ->
-    replvar(repl(Cmd, "%c", ClientId), maps:remove(clientid, Credentials));
-replvar(Cmd, Credentials = #{username := Username}) ->
-    replvar(repl(Cmd, "%u", Username), maps:remove(username, Credentials));
-replvar(Cmd, _) ->
-    Cmd.
-
-repl(S, _Var, undefined) ->
-    S;
-repl(S, Var, Val) ->
-    NVal = re:replace(Val, "&", "\\\\&", [global, {return, list}]),
-    re:replace(S, Var, NVal, [{return, list}]).
-
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl b/apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl
deleted file mode 100644
index ef81eef86..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl
+++ /dev/null
@@ -1,43 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_redis.hrl").
-
--export([start_link/0]).
-
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    {ok, Server} = application:get_env(?APP, server),
-    {ok, {{one_for_one, 10, 100}, pool_spec(Server)}}.
-
-pool_spec(Server) ->
-    Options = application:get_env(?APP, options, []),
-    case proplists:get_value(type, Server) of
-        cluster ->
-            {ok, _} = eredis_cluster:start_pool(?APP, Server ++ Options),
-            [];
-        _ ->
-            [ecpool:pool_spec(?APP, ?APP, emqx_auth_redis_cli, Server ++ Options)]
-    end.
-
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl
deleted file mode 100644
index 24d3b20bd..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl
+++ /dev/null
@@ -1,186 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
-
--include_lib("common_test/include/ct.hrl").
-
--include_lib("eunit/include/eunit.hrl").
-
--define(APP, emqx_auth_redis).
-
--define(POOL(App), ecpool_worker:client(gproc_pool:pick_worker({ecpool, App}))).
-
--define(INIT_ACL, [{"mqtt_acl:test1", "topic1", "2"},
-                   {"mqtt_acl:test2", "topic2", "1"},
-                   {"mqtt_acl:test3", "topic3", "3"}]).
-
--define(INIT_AUTH, [{"mqtt_user:plain", ["password", "plain", "salt", "salt", "is_superuser", "1"]},
-                    {"mqtt_user:special&symbol", ["password", "plain", "salt", "salt", "is_superuser", "0"]},
-                    {"mqtt_user:md5", ["password", "1bc29b36f623ba82aaf6724fd3b16718", "salt", "salt", "is_superuser", "0"]},
-                    {"mqtt_user:sha", ["password", "d8f4590320e1343a915b6394170650a8f35d6926", "salt", "salt", "is_superuser", "0"]},
-                    {"mqtt_user:sha256", ["password", "5d5b09f6dcb2d53a5fffc60c4ac0d55fabdf556069d6631545f42aa6e3500f2e", "salt", "salt", "is_superuser", "0"]},
-                    {"mqtt_user:pbkdf2_password", ["password", "cdedb5281bb2f801565a1122b2563515", "salt", "ATHENA.MIT.EDUraeburn", "is_superuser", "0"]},
-                    {"mqtt_user:bcrypt_foo", ["password", "$2a$12$sSS8Eg.ovVzaHzi1nUHYK.HbUIOdlQI0iS22Q5rd5z.JVVYH6sfm6", "salt", "$2a$12$sSS8Eg.ovVzaHzi1nUHYK.", "is_superuser", "0"]},
-                    {"mqtt_user:bcrypt", ["password", "$2y$16$rEVsDarhgHYB0TGnDFJzyu5f.T.Ha9iXMTk9J36NCMWWM7O16qyaK", "salt", "salt", "is_superuser", "0"]}]).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    emqx_ct_helpers:start_apps([emqx_auth_redis], fun set_special_configs/1),
-    init_redis_rows(),
-    Cfg.
-
-end_per_suite(_Cfg) ->
-    deinit_redis_rows(),
-    emqx_ct_helpers:stop_apps([emqx_auth_redis]).
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, enable_acl_cache, false);
-set_special_configs(_App) ->
-    ok.
-
-init_redis_rows() ->
-    %% Users
-    [q(["HMSET", Key|FiledValue]) || {Key, FiledValue} <- ?INIT_AUTH],
-    %% ACLs
-    Result = [q(["HSET", Key, Filed, Value]) || {Key, Filed, Value} <- ?INIT_ACL],
-    ct:pal("redis init result: ~p~n", [Result]).
-
-deinit_redis_rows() ->
-    AuthKeys = [Key || {Key, _Filed, _Value} <- ?INIT_AUTH],
-    AclKeys = [Key || {Key, _Value} <- ?INIT_ACL],
-    q(["DEL" | AuthKeys]),
-    q(["DEL" | AclKeys]).
-
-%%--------------------------------------------------------------------
-%% Cases
-%%--------------------------------------------------------------------
-
-t_check_auth(_) ->
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    SpecialSymbol = #{clientid => <<"special_symbol">>, username => <<"special&symbol">>, zone => external},
-    Md5 = #{clientid => <<"md5">>, username => <<"md5">>, zone => external},
-    Sha = #{clientid => <<"sha">>, username => <<"sha">>, zone => external},
-    Sha256 = #{clientid => <<"sha256">>, username => <<"sha256">>, zone => external},
-    Pbkdf2 = #{clientid => <<"pbkdf2_password">>, username => <<"pbkdf2_password">>, zone => external},
-    BcryptFoo = #{clientid => <<"bcrypt_foo">>, username => <<"bcrypt_foo">>, zone => external},
-    User1 = #{clientid => <<"bcrypt_foo">>, username => <<"user">>, zone => external},
-    User3 = #{clientid => <<"client3">>, zone => external},
-    Bcrypt = #{clientid => <<"bcrypt">>, username => <<"bcrypt">>, zone => external},
-    {error, _} = emqx_access_control:authenticate(User3#{password => <<>>}),
-    reload([{password_hash, plain}]),
-    {ok, #{is_superuser := true}} = emqx_access_control:authenticate(Plain#{password => <<"plain">>}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(SpecialSymbol#{password => <<"plain">>}),
-    reload([{password_hash, md5}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Md5#{password => <<"md5">>}),
-    reload([{password_hash, sha}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha#{password => <<"sha">>}),
-    reload([{password_hash, sha256}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha256#{password => <<"sha256">>}),
-    reload([{password_hash, bcrypt}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}),
-    %%pbkdf2 sha
-    reload([{password_hash, {pbkdf2, sha, 1, 16}}, {auth_cmd, "HMGET mqtt_user:%u password salt"}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Pbkdf2#{password => <<"password">>}),
-    reload([{password_hash, {salt, bcrypt}}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(BcryptFoo#{password => <<"foo">>}),
-    {error,_} = emqx_access_control:authenticate(User1#{password => <<"foo">>}),
-    {error, _} = emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}).
-
-t_check_auth_hget(_) ->
-    q(["HSET", "mqtt_user:hset", "password", "hset"]),
-    q(["HSET", "mqtt_user:hset", "is_superuser", "1"]),
-    reload([{password_hash, plain}, {auth_cmd, "HGET mqtt_user:%u password"}]),
-    Hset = #{clientid => <<"hset">>, username => <<"hset">>, zone => external},
-    {ok, #{is_superuser := true}} = emqx_access_control:authenticate(Hset#{password => <<"hset">>}).
-
-t_check_acl(_) ->
-    User1 = #{zone => external, clientid => <<"client1">>, username => <<"test1">>},
-    User2 = #{zone => external, clientid => <<"client2">>, username => <<"test2">>},
-    User3 = #{zone => external, clientid => <<"client3">>, username => <<"test3">>},
-    User4 = #{zone => external, clientid => <<"client4">>, username => <<"$$user4">>},
-    deny = emqx_access_control:check_acl(User1, subscribe, <<"topic1">>),
-    allow = emqx_access_control:check_acl(User1, publish, <<"topic1">>),
-
-    deny = emqx_access_control:check_acl(User2, publish, <<"topic2">>),
-    allow = emqx_access_control:check_acl(User2, subscribe, <<"topic2">>),
-    allow = emqx_access_control:check_acl(User3, publish, <<"topic3">>),
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"topic3">>),
-    deny = emqx_access_control:check_acl(User4, publish, <<"a/b/c">>).
-
-t_acl_super(_) ->
-    reload([{password_hash, plain}]),
-    {ok, C} = emqtt:start_link([{host,      "localhost"},
-                                {clientid, <<"simpleClient">>},
-                                {username,  <<"plain">>},
-                                {password,  <<"plain">>}]),
-    {ok, _} = emqtt:connect(C),
-    timer:sleep(10),
-    emqtt:subscribe(C, <<"TopicA">>, qos2),
-    timer:sleep(1000),
-    emqtt:publish(C, <<"TopicA">>, <<"Payload">>, qos2),
-    timer:sleep(1000),
-    receive
-        {publish, #{payload := Payload}} ->
-        ?assertEqual(<<"Payload">>, Payload)
-    after
-        1000 ->
-            ct:fail({receive_timeout, <<"Payload">>}),
-            ok
-    end,
-    emqtt:disconnect(C).
-
-t_check_cluster_connection(_) ->
-    ?assertMatch({error, _Reason}, reload([{server, [{type,cluster},
-                                           {pool_size,8},
-                                           {auto_reconnect,1},
-                                           {database,0},
-                                           {password,[]},
-                                           {sentinel,[]},
-                                           {servers,[{"wrong",6379},{"wrong",6380},{"wrong",6381}]}]}])).
-
-
-%%--------------------------------------------------------------------
-%% Internal funcs
-%%--------------------------------------------------------------------
-
-reload(Config) when is_list(Config) ->
-    application:stop(?APP),
-    [application:set_env(?APP, K, V) || {K, V} <- Config],
-    application:start(?APP).
-
-q(Cmd) ->
-    {ok, Server} = application:get_env(?APP, server),
-    case proplists:get_value(type, Server) of
-        cluster ->
-            eredis_cluster:q(emqx_auth_redis, Cmd);
-        _ ->
-            {ok, Connection} = ?POOL(?APP),
-            eredis:q(Connection, Cmd)
-    end.
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
deleted file mode 100644
index b46bef4e5..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE5jCCAs4CCQCc1DzEYETfKTANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
-ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAx
-MDI5MDEzNDE2WhcNMzAxMDI3MDEzNDE2WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0
-MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQC/RxC/zQ6+ThI2l+LT5tpuvljE7CPca5erahTjv1Pq
-mbmHYIVlige9jvZKR/AaaHuhNRT6C4PDpD98TgrhSLSgMMFImoFMSnmFEOVave3O
-y1qV9vtoHLMB9hO+t7P98KRi1sCoMdPIE/o5uEGSd4YgWbk3NllAV6me108UniWU
-yZMCSEKmV9OpfQ+YfHFolESV92ajdViDbtRBjfDNwD7qb8zgigxIJvBzEnWF4RZl
-4+KIiyoJ55AQ3omdEi0QwiRRRONFtB6kRSqjGS8genGnycX1ZNPRB8JeG3ESuFj9
-1WQUD0EMBXFB5agHoZjvtFwxOkUkA4XbcnpKddHGKRt4BAbm+YcizJaT7mRytGWZ
-UoTrDWz8/Cc0BlwAfPEk6ogU/sLSZpdxjxwprCNB89UOI+q7ng7CYiFnxY9HHZeg
-GCJxYfvpKM/eOT9mSLUug8EGITd0j2cusflO4Q243clPyRbTSSr39Pcpy8rfKApF
-HkUuGIpa/qgAbez+lPlIydzpbrTgrnHvL1P6fCYTnHkcgSn8glBIKv3vh4zQd6df
-JvcLv3WEka9+lyoCvJ0QH+/ITqrToyWa8g9fR3ajTlyMANesKxQejo80zCwk/0ns
-SFKRIJc6vfnUJ12Vdxpmm1LeoJZnCYODNUeeksL1ahHCBGq4M8UJ+ycUM6N4ndWE
-6QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAg0BaIi7lzrNb7xC42c+GJVrBq8Qf8
-7CBzP8SXYGUavQIYNRrtH8UgTOwaju9vOn3zoY8L59N6e+Icyt+Oh1FENcQMCZ2l
-SP79iaY9A/dRV56p6NqNd3VWH+EuRGbQVatLdhJf3l5+W1z3Dum1YXmIn26acawF
-GZVqLalgvLqPzPHHWEqz9RnmcvTu3w9YVb4NgbmY4byCb6mB2avt0iWQrY/fZSMe
-FvRXurr0jwyIXBncqnXu97sCeccNc+fo3qZC1xxH9iXOIzrRg0ud7VGMTKcNLTTc
-GqnbjNT8BC96Qp2Bs8J+JGZa3mT/usKBq2TT/3q6oKevuc23u/a5s1rztnqZgIe5
-RzfevJ79xdva6DMSq/8Yyd3I8hrs3oZKJbAce6ux01RsrCcY2O7gi4dAMoEGumxW
-CS9XLchNy7QxQ+J2AKBZXd6AZjvTvloDGz/yC5EbdK/MnLz8oApK5Z8U/huEilFa
-AymVWQWpmlX2KxW0nkCperlb7lcbPS+ZuH0+Zd9HOvqr9cpYMrwpF54q4vnzUQkR
-Hsxoapv/FBsVoxtcOqrcxwGpYWCsV0VBnv9+1fzzZ83aK7CHDIeGVuKPyjkhHzLy
-v7Ljuqg400wH0WB9pyEdK+O3F+xO3zJgf4o0JptOKOFBVVSkZWTrqlDjjbcnXBmh
-dwgj2xYeigqHJA==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.key b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.key
deleted file mode 100644
index b615a8c1e..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.key
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAv0cQv80Ovk4SNpfi0+babr5YxOwj3GuXq2oU479T6pm5h2CF
-ZYoHvY72SkfwGmh7oTUU+guDw6Q/fE4K4Ui0oDDBSJqBTEp5hRDlWr3tzstalfb7
-aByzAfYTvrez/fCkYtbAqDHTyBP6ObhBkneGIFm5NzZZQFepntdPFJ4llMmTAkhC
-plfTqX0PmHxxaJRElfdmo3VYg27UQY3wzcA+6m/M4IoMSCbwcxJ1heEWZePiiIsq
-CeeQEN6JnRItEMIkUUTjRbQepEUqoxkvIHpxp8nF9WTT0QfCXhtxErhY/dVkFA9B
-DAVxQeWoB6GY77RcMTpFJAOF23J6SnXRxikbeAQG5vmHIsyWk+5kcrRlmVKE6w1s
-/PwnNAZcAHzxJOqIFP7C0maXcY8cKawjQfPVDiPqu54OwmIhZ8WPRx2XoBgicWH7
-6SjP3jk/Zki1LoPBBiE3dI9nLrH5TuENuN3JT8kW00kq9/T3KcvK3ygKRR5FLhiK
-Wv6oAG3s/pT5SMnc6W604K5x7y9T+nwmE5x5HIEp/IJQSCr974eM0HenXyb3C791
-hJGvfpcqArydEB/vyE6q06MlmvIPX0d2o05cjADXrCsUHo6PNMwsJP9J7EhSkSCX
-Or351CddlXcaZptS3qCWZwmDgzVHnpLC9WoRwgRquDPFCfsnFDOjeJ3VhOkCAwEA
-AQKCAgBF1jSPUtcnNGoB9MKki40FEgpnG7CcMcxWkYy++oQxC59phhwuTo807pWN
-2WYYvj0lRrQ59ypMrBNh1zyxtFH+is6HK6I5sJddtiWHVAEXl7ejOWHhSVkyRh4/
-a+MTvGDIlZAR2N9yFZkuqc+HIoyeEyREvFsp2tfbXtFIvdUK1e4Oz0NGaJqnLzoa
-epUNkdTYzFN1Ksr+ceCdbq2U8bQG9HrhIIYLcewol3zBPMVoviNfpy/aHenDvvyP
-lKtPixKneXdhY7osT/SZSACk4w/MKydTyVRs5WBZ67sFErmrM9YuXMNrGDGZ1bfb
-0Wx9WGSwtI258G9XCB0OQqYsq6WTMaEei+z8l0iarZi1l2bz2F89J+IBYM8RqSsa
-E30F8AtEG32QJUfK3F6k6N4uLx6JZduJgLyzsSh6q51ghAJ8kD1vUkEeXffCzynp
-hzwRHUw5O1jNLEBdKYHpSyszlFX6qbzR1YXypzZs/aehZi5d89eBKN8X/Fnbi9a2
-Q0MqpZ5J/1hH7zadJFibNyuOCP4CNO3Hm18PjyEFRrCMbSF293kY9GoiOlQiwNAT
-MqrsyLYgHPCXKXpG/R60lyHEfWKO9sOjyh+mSbv3QfNZS32Fweuo0R/vGYmkmtGn
-wpn2IeSmX8ychdQrSemJjwzjUl/EUN0lGRAlHEt4ZDf52vHZ4QKCAQEA9k7b2vpU
-g3S3GRCMzhl8GKZloNSbnR/ZHE8b9PVNahp0bQcZj+1yimF35p27VZR662ZBoKLy
-/MLyPT+ZyynykwypcTVA5U9CABpSlyZMeezLnFlBXeHHMeoXcBZfFqHeXSsNYbhW
-OStf4BGwKf7m/V0P/QL9mNsA/iq2uugC1gHoyp422YUIQQvKkBiFyMl34Zp2URsX
-yIwb9aVyg2GogKDtbDPIwW89l3BCBiwalvjR6UotbXh3PQgYbsv62rTJ8AN+E+XH
-eSQPnmPR6EXtX2nDuov996qlbja+JQE3SAls4EXLbrLyjSlObjcvkA59r+kZgNIY
-g88hv7e9ublfqwKCAQEAxs3d9Zmjh9ByCT6jOUVnRMqw0+lVyVOs0kp7nOCb4HKM
-CnupZuJQHQVQt7VhgD7FrALmYwkpt2e/WllN9bPFHRJcsw+SylOqyPil9G4DO5XZ
-YPvk6PeQ/c0cbREKhsYNXqj5fWdq5pRd8rE72rK82mhdGQtAAN7NOEW5fo5tqHDK
-D079SZmpcgd8Wz9luNpnZRpNhO3ccKV5yf0S1LZOZBbG9t875OVNhxlQY5wwIBXv
-8ab13zcFKG21tWvLzz80vgkMIp0A9xh0XznIRnH3NnBZB80Yubg4sIaWvX7bqZ4X
-EE9HGeiamw6c6Sm/Lvh/H659ri95l7C9TgAfAA7puwKCAQEAgJ/N0BzJ5ZwdwckS
-vs4wL+81QzfDy9nF1zK4tsMjGjWWdxkuECs/lWQw6Q2VtqtDRYqw2uI9YiGrvrBn
-7+CH/KKwGZ5ltVoebU9Rsf0eEs3FxnAV4qD1FOvaMX59SaReKulAo7dPz6sG9kxG
-YqfqmITwxH+7TwePDSvhINnoITn+B1F38z+1f8JYlcc4lhIfuIChKNmtId2I/E7Z
-7iIhjIp9cfPY8qrUzzCgSfjeKdjmRZ2m+3PdUNHZcIK1DWE700r/nARylqBuR5h5
-FYLu4tSokdJpXdyPZ27O/SQValkBslzAT57Da1QW0RegjuoCWMqxtsQAaVTRmvyo
-50QW4QKCAQBLJFbn1MmFtRjVO7KwG/Z7fu01O7WsIg9pcLOmSRNB06nw8GrIM3Q6
-c97dgRY4RgGrEXGJL1ZwNyuRd73Kx8cSRPV6zMEb7mHYEnuPluFr7Si7ypnsIF7S
-P2umIdHLvSIijFW4u5UhUCTubWUFNZfCKb4+kA0CBzSkN150Yls6Vl9ZR+7emdD9
-A61SQ/Ur2IlKIpX4T3uJrFILMbejZMDefel4OEpIKw+Rp9TFwaxDBGer/AJk+0Pc
-0xLiXrsrO2WxCnRmxNcvjjO2Jn33em4JSo+sLi5RTDtJJaXmPAPE6bcn9/8U4OFH
-CE/wpVHY7B4ImIhyhQk9d5Ul3U/aUsivAoIBAG8zk3CnFAnii1ENxhPtE8GCinvs
-NdsluVtvUgMcA8gNzvqLHLQCoIy/b1wkqxPVsdTq1gZ7+FX9D9LzW9JxrWeEZqVV
-jrUQIbls6HZei7i5x0tPwh1shOZiijgY24I6HDX9QRKZ7H7lLw0HfJI9YBI1Hl8E
-naOtCuzFiaYEPfbGQACL8/UuoOZaD31JQda2EGYysGRxxJ2ZNPJIphCrwRb/nQBG
-7WwCSCzu0peFNhZPVvkWHaFN73Uv/MmgFkp8RZzw9TEENB05wluCZB1TYJAOe65n
-HnRWSDvWYR4lzMtq5WASFLC0WrFTiJKRCuKPljjoTptbXsJKyskW/t/+XPM=
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.txt b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.txt
deleted file mode 100644
index cf4e2aba5..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.txt
+++ /dev/null
@@ -1 +0,0 @@
-BFFAA2A065DFA6FC
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
deleted file mode 100644
index 5eefadf62..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID1zCCAb8CCQC/+qKgZd+m/DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
-ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAx
-MDI5MDEzNDE2WhcNMjExMDI5MDEzNDE2WjAmMRMwEQYDVQQKDApSZWRpcyBUZXN0
-MQ8wDQYDVQQDDAZTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDSs3bQ9sYi2AhFuHU75Ryk1HHSgfzA6pQAJilmJdTy0s5vyiWe1HQJaWkMcS5V
-GVzGMK+c+OBqtXtDDninL3betg1YPMjSCOjPMOTC1H9K7+effwf7Iwpnw9Zro8mb
-TEmMslIYhhcDedzT9Owli4QAgbgTn4l1BYuKX9CLrrKFtnr21miKu3ydViy9q7T1
-pib3eigvAyk7X2fadHFArGEttsXrD6cetPPkSF/1OLWNlqzUKXzhSyrBXzO44Kks
-fwR/EpTiES9g4dNOL2wvKS/YE1fNKhiCENrNxTXQo1l0yOdm2+MeyOeHFzRuS0b/
-+uGDFOPPi04KXeO6dQ5olBCPAgMBAAEwDQYJKoZIhvcNAQELBQADggIBADn0E2vG
-iQWe8/I7VbBdPhPNupVNcLvew10eIHxY2g5vSruCSVRQTgk8itVMRmDQxbb7gdDW
-jnCRbxykxbLjM9iCRljnOCsIcTi7qO7JRl8niV8dtEpPOs9lZxEdNXjIV1iZoWf3
-arBbPQSyQZvTQHG6qbFnyCdMMyyXGGvEPGQDaBiKH+Ko1qeAbCi0zupChYvxmtZ8
-hSTPlMFezDT9bKoNY0pkJSELfokEPU/Pn6Lz/NVbdzmCMjVa/xmF3s31g+DGhz95
-4AyOnCr6o0aydPVVV3pB/BCezNXPUxpp53BG0w/K2f2DnKYCvGvJbqDAaJ8bG/J1
-EFSOmwobdwVxJz3KNubmo1qJ6xOl/YT7yyqPRQRM1SY8nZW+YcoJSZjOe8wJVlob
-d0bOwN1C3HQwomyMWes187bEQP6Y36HuEbR1fK8yIOzGsGDKRFAFwQwMgw2M91lr
-EJIP5NRD3OZRuiYDiVfVhDZDaNahrAMZUcPCgeCAwc4YG6Gp2sDtdorOl4kIJYWE
-BbBZ0Jplq9+g6ciu5ChjAW8iFl0Ae5U24MxPGXnrxiRF4WWxLeZMVLXLDvlPqReD
-CHII5ifyvGEt5+RhqtZC/L+HimL+5wQgOlntqhUdLb6yWRz7YW37PFMnUXU3MXe9
-uY7m73ZLluXiLojcZxU2+cx89u5FOJxrYtrj
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.dh b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.dh
deleted file mode 100644
index f7dd0569d..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.dh
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEAo2dgOzTnLK7c8AjkiTXxdmo2MJsyzTlNXUDxLfl2hgwic6benyQ3
-9iL95wKjYg2YpMhzbwux50D+9XeVkRatf1pRi/N9H911f90MO6penzUx/dxfOepN
-qoGK/T9xO8e6aFCYOoQjJaZzQYC0HixJVadZd7wRlHkZ3siNKUU5QK68KaN3JE3J
-R3yZ9A7MU/TVdwZyVIyoWF2+WJMQW+qaezoqiuVKZXXzzoqbj14ZrtPRmO26vMV/
-bmMuHwPsk9dL7tKnTWEOrs6NVHIQW+RxJuRE9wGa0qqzHAzysEQ8q9QYPRvGo5y+
-XRWosl1bHG4+EmvXsCCs35bcbKToi3NFWwIBAg==
------END DH PARAMETERS-----
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key
deleted file mode 100644
index b76303f14..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpgIBAAKCAQEA0rN20PbGItgIRbh1O+UcpNRx0oH8wOqUACYpZiXU8tLOb8ol
-ntR0CWlpDHEuVRlcxjCvnPjgarV7Qw54py923rYNWDzI0gjozzDkwtR/Su/nn38H
-+yMKZ8PWa6PJm0xJjLJSGIYXA3nc0/TsJYuEAIG4E5+JdQWLil/Qi66yhbZ69tZo
-irt8nVYsvau09aYm93ooLwMpO19n2nRxQKxhLbbF6w+nHrTz5Ehf9Ti1jZas1Cl8
-4UsqwV8zuOCpLH8EfxKU4hEvYOHTTi9sLykv2BNXzSoYghDazcU10KNZdMjnZtvj
-Hsjnhxc0bktG//rhgxTjz4tOCl3junUOaJQQjwIDAQABAoIBAQCP7CJ27nm9B0/v
-P+ZkeUWtmaf+IOhjZlieGXMh4SmqjDCSz8QO0BRK8YPeCdmaK27huhPa521ztm9y
-CIqFuLg7vKM06KBMR+Wu0TkRlFE3ANR4cC8lbnQHGRB4CjMGL3/16UCGm+FQcIdV
-CPHdW4VZS0JPtSQRmS4N4RD0uOocxqGcVbCRqnJoNp1zyXhookgHfZsC3b3cgzC7
-qvI9F1oY4Yg4b9Lw5sNi3JXWtFth8JFOPyImRcE0ngcGZK4iWjiufNKWVeTmSmVy
-njMZfj8xKSpfqO3sOTbJMdrH1v5pMrAR/Ed748HheXuL15Ur9n88683hMMATZInn
-YzIqNSrBAoGBAO94YBB1hN+jSKw+2FbAhuuM0gWHREmLQuaF2vjeVXL3r6YofFmf
-+oJNgoOWXsv4KO2MgKDv4qrz7RohhhQpOFm5PpapSH/di7u6KsbJLYSxv/TEqQFE
-NPyGywwNDIkn1wPlnX3LXp26puj2Gtn21Z0trUrpgsDM99BaTBbqTR2xAoGBAOE+
-tw0GHD/6CRPfoBIgVilS/sUJ5VJYTTKo/y6ozovCAq4bt5LkYmAOy6q8paHb58Oc
-J890+LEPhelM/ZJDDz9oQFfq5LvuzgNfzDRyIhgDSpghtFrdDxQZP1X1lSdh+MFW
-gx0k9h8VuIPksBsIgcmUtyCYitxLFep/0tAA/GI/AoGBAMxexEVntjWSScROgh1P
-hBXlAZycO4g0ZK0OEboRLYXHos1AghePM6Ee+0LIAzE6IdvR7DjtYVoagQCrGZ19
-LE1Ojf7QjEIr1kQpdrZeHQ3BERyY9c9R4ZKeiw1G2ar4KEV4Ifeop6AfGrF4z6Oz
-R80znVBwhxl6FAhp98QaxCORAoGBAInkc/nEKN09u/rvpzYRl83aol+MDFjZ+ACw
-lvBApZnHnw5pp3uE13jI9gRDUv8A+iS1X2XQzULQJwHJgV7eMOJ3dxSbl4Y5zuMf
-7YqZ6KdctHjoAVqzBD0gq7Z7DuG6R6hMxx27d/VVvcz43preHV6D7YxF9pSgXv1d
-XXi7ccbPAoGBAIeLzCYd+JGufHwbq7oNvSyXJjGMjsAQuErUQ0xXwo7VAyOere2P
-Dwk67wq6vsmn38EAs7IkXDgIoTD9z69DNtcjr/3fARYfmDSWyHscRwyUaJ15WQcZ
-TCXAPf70Vf0KGBpRkgD+Qnq+lMZ3dr1uINGdalI4AWsXje0dPKpd+W8U
------END RSA PRIVATE KEY-----

From 09e995a1b2c414704093559388b854f39fb86f9d Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 10:01:51 +0800
Subject: [PATCH 028/174] build: delete needless auth plugins

---
 README-CN.md                                  |  2 +-
 README-JP.md                                  |  2 +-
 README-RU.md                                  |  2 +-
 README.md                                     |  2 +-
 apps/emqx_authentication/rebar.config         |  5 ++--
 apps/emqx_management/test/emqx_mgmt_SUITE.erl | 10 +++----
 .../test/emqx_mgmt_api_SUITE.erl              | 26 +++++++++----------
 deploy/docker/README.md                       | 23 ++++++++--------
 rebar.config.erl                              |  8 ------
 9 files changed, 36 insertions(+), 44 deletions(-)

diff --git a/README-CN.md b/README-CN.md
index 7d2888327..2a9dcebf6 100644
--- a/README-CN.md
+++ b/README-CN.md
@@ -101,7 +101,7 @@ make dialyzer
 
 ##### 要分析特定的应用程序，（用逗号分隔的应用程序列表）
 ```
-DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_auth_jwt,emqx_auth_ldap make dialyzer
+DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 ```
 
 ## 社区
diff --git a/README-JP.md b/README-JP.md
index b7afe8195..580a76268 100644
--- a/README-JP.md
+++ b/README-JP.md
@@ -95,7 +95,7 @@ make dialyzer
 
 ##### 特定のアプリケーションのみ解析する（アプリケーション名をコンマ区切りで入力）
 ```
-DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_auth_jwt,emqx_auth_ldap make dialyzer
+DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 ```
 
 ## コミュニティ
diff --git a/README-RU.md b/README-RU.md
index cddaba4a5..5001f3fd3 100644
--- a/README-RU.md
+++ b/README-RU.md
@@ -104,7 +104,7 @@ make dialyzer
 
 ##### Статический анализ части приложений (список через запятую)
 ```
-DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_auth_jwt,emqx_auth_ldap make dialyzer
+DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 ```
 
 ## Сообщество
diff --git a/README.md b/README.md
index 8d8ed8731..f76d7ae0a 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,7 @@ make dialyzer
 
 ##### To Analyse specific apps, (list of comma separated apps)
 ```
-DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_auth_jwt,emqx_auth_ldap make dialyzer
+DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 ```
 
 ## Community
diff --git a/apps/emqx_authentication/rebar.config b/apps/emqx_authentication/rebar.config
index 0a0af8c29..89bd1f54a 100644
--- a/apps/emqx_authentication/rebar.config
+++ b/apps/emqx_authentication/rebar.config
@@ -1,4 +1,5 @@
-{deps, []}.
+{deps, [{jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.1"}}}
+       ]}.
 
 {edoc_opts, [{preprocess, true}]}.
 {erl_opts, [warn_unused_vars,
@@ -15,4 +16,4 @@
 
 {cover_enabled, true}.
 {cover_opts, [verbose]}.
-{cover_export_enabled, true}.
\ No newline at end of file
+{cover_export_enabled, true}.
diff --git a/apps/emqx_management/test/emqx_mgmt_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
index 6826e050b..84d5f2ebb 100644
--- a/apps/emqx_management/test/emqx_mgmt_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
@@ -53,7 +53,7 @@ groups() ->
        ]}].
 
 apps() ->
-    [emqx_management, emqx_auth_mnesia, emqx_modules].
+    [emqx_management, emqx_retainer, emqx_modules].
 
 init_per_suite(Config) ->
     application:set_env(ekka, strict_mode, true),
@@ -317,12 +317,12 @@ t_plugins_cmd(_) ->
     meck:expect(emqx_plugins, reload, fun(_) -> ok end),
     ?assertEqual(emqx_mgmt_cli:plugins(["list"]), ok),
     ?assertEqual(
-       emqx_mgmt_cli:plugins(["unload", "emqx_auth_mnesia"]),
-       "Plugin emqx_auth_mnesia unloaded successfully.\n"
+       emqx_mgmt_cli:plugins(["unload", "emqx_retainer"]),
+       "Plugin emqx_retainer unloaded successfully.\n"
       ),
     ?assertEqual(
-       emqx_mgmt_cli:plugins(["load", "emqx_auth_mnesia"]),
-       "Plugin emqx_auth_mnesia loaded successfully.\n"
+       emqx_mgmt_cli:plugins(["load", "emqx_retainer"]),
+       "Plugin emqx_retainer loaded successfully.\n"
       ),
     ?assertEqual(
        emqx_mgmt_cli:plugins(["unload", "emqx_management"]),
diff --git a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
index d4d284e69..22d4f51ef 100644
--- a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
@@ -285,61 +285,61 @@ t_nodes(_) ->
     meck:unload(emqx_mgmt).
 
 t_plugins(_) ->
-    application:ensure_all_started(emqx_auth_mnesia),
+    application:ensure_all_started(emqx_retainer),
     {ok, Plugins1} = request_api(get, api_path(["plugins"]), auth_header_()),
     [Plugins11] = filter(get(<<"data">>, Plugins1), <<"node">>, atom_to_binary(node(), utf8)),
-    [Plugin1] = filter(maps:get(<<"plugins">>, Plugins11), <<"name">>, <<"emqx_auth_mnesia">>),
-    ?assertEqual(<<"emqx_auth_mnesia">>, maps:get(<<"name">>, Plugin1)),
+    [Plugin1] = filter(maps:get(<<"plugins">>, Plugins11), <<"name">>, <<"emqx_retainer">>),
+    ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin1)),
     ?assertEqual(true, maps:get(<<"active">>, Plugin1)),
 
     {ok, _} = request_api(put,
                           api_path(["plugins",
-                                    atom_to_list(emqx_auth_mnesia),
+                                    atom_to_list(emqx_retainer),
                                     "unload"]),
                           auth_header_()),
     {ok, Error1} = request_api(put,
                                api_path(["plugins",
-                                         atom_to_list(emqx_auth_mnesia),
+                                         atom_to_list(emqx_retainer),
                                          "unload"]),
                                auth_header_()),
     ?assertEqual(<<"not_started">>, get(<<"message">>, Error1)),
     {ok, Plugins2} = request_api(get,
                                  api_path(["nodes", atom_to_list(node()), "plugins"]),
                                  auth_header_()),
-    [Plugin2] = filter(get(<<"data">>, Plugins2), <<"name">>, <<"emqx_auth_mnesia">>),
-    ?assertEqual(<<"emqx_auth_mnesia">>, maps:get(<<"name">>, Plugin2)),
+    [Plugin2] = filter(get(<<"data">>, Plugins2), <<"name">>, <<"emqx_retainer">>),
+    ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin2)),
     ?assertEqual(false, maps:get(<<"active">>, Plugin2)),
 
     {ok, _} = request_api(put,
                           api_path(["nodes",
                                     atom_to_list(node()),
                                     "plugins",
-                                    atom_to_list(emqx_auth_mnesia),
+                                    atom_to_list(emqx_retainer),
                                     "load"]),
                           auth_header_()),
     {ok, Plugins3} = request_api(get,
                                  api_path(["nodes", atom_to_list(node()), "plugins"]),
                                  auth_header_()),
-    [Plugin3] = filter(get(<<"data">>, Plugins3), <<"name">>, <<"emqx_auth_mnesia">>),
-    ?assertEqual(<<"emqx_auth_mnesia">>, maps:get(<<"name">>, Plugin3)),
+    [Plugin3] = filter(get(<<"data">>, Plugins3), <<"name">>, <<"emqx_retainer">>),
+    ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin3)),
     ?assertEqual(true, maps:get(<<"active">>, Plugin3)),
 
     {ok, _} = request_api(put,
                           api_path(["nodes",
                                     atom_to_list(node()),
                                     "plugins",
-                                    atom_to_list(emqx_auth_mnesia),
+                                    atom_to_list(emqx_retainer),
                                     "unload"]),
                           auth_header_()),
     {ok, Error2} = request_api(put,
                                api_path(["nodes",
                                          atom_to_list(node()),
                                          "plugins",
-                                         atom_to_list(emqx_auth_mnesia),
+                                         atom_to_list(emqx_retainer),
                                          "unload"]),
                                auth_header_()),
     ?assertEqual(<<"not_started">>, get(<<"message">>, Error2)),
-    application:stop(emqx_auth_mnesia).
+    application:stop(emqx_retainer).
 
 t_acl_cache(_) ->
     ClientId = <<"client1">>,
diff --git a/deploy/docker/README.md b/deploy/docker/README.md
index 5702b622c..f243c7a4b 100644
--- a/deploy/docker/README.md
+++ b/deploy/docker/README.md
@@ -136,16 +136,16 @@ Default environment variable ``EMQX_LOADED_PLUGINS``, including
 EMQX_LOADED_PLUGINS="emqx_recon,emqx_retainer,emqx_management,emqx_dashboard"
 ```
 
-For example, set ``EMQX_LOADED_PLUGINS= emqx_auth_redis,emqx_auth_mysql`` to load these two plugins.
+For example, set ``EMQX_LOADED_PLUGINS= emqx_retainer,emqx_rule_engine`` to load these two plugins.
 
 You can use comma, space or other separator that you want.
 
 All the plugins defined in ``EMQX_LOADED_PLUGINS`` will be loaded.
 
 ```bash
-EMQX_LOADED_PLUGINS="emqx_auth_redis,emqx_auth_mysql"
-EMQX_LOADED_PLUGINS="emqx_auth_redis emqx_auth_mysql"
-EMQX_LOADED_PLUGINS="emqx_auth_redis | emqx_auth_mysql"
+EMQX_LOADED_PLUGINS="emqx_retainer,emqx_rule_engine"
+EMQX_LOADED_PLUGINS="emqx_retainer emqx_rule_engine"
+EMQX_LOADED_PLUGINS="emqx_retainer | emqx_rule_engine"
 ```
 
 #### EMQ X Plugins Configuration
@@ -155,8 +155,8 @@ The environment variables which with ``EMQX_`` prefix are mapped to all emqx plu
 Example:
 
 ```bash
-EMQX_AUTH__REDIS__SERVER   <--> auth.redis.server
-EMQX_AUTH__REDIS__PASSWORD <--> auth.redis.password
+EMQX_RETAINER__STORAGE_TYPE <--> retainer.storage_type
+EMQX_RETAINER__MAX_PAYLOAD_SIZE <--> retainer.max_payload_size
 ```
 
 Don't worry about where to find the configuration file of emqx plugins, this docker image will find and config them automatically using some magic.
@@ -166,15 +166,14 @@ All plugin of emqx project could config in this way, following the environment v
 Assume you are using redis auth plugin, for example:
 
 ```bash
-#EMQX_AUTH__REDIS__SERVER="redis.at.yourserver"
-#EMQX_AUTH__REDIS__PASSWORD="password_for_redis"
+#EMQX_RETAINER__STORAGE_TYPE = "ram"
+#EMQX_RETAINER.MAX_PAYLOAD_SIZE = 1MB
 
 docker run -d --name emqx -p 18083:18083 -p 1883:1883 -p 4369:4369 \
     -e EMQX_LISTENER__TCP__EXTERNAL=1883 \
-    -e EMQX_LOADED_PLUGINS="emqx_auth_redis" \
-    -e EMQX_AUTH__REDIS__SERVER="your.redis.server:6379" \
-    -e EMQX_AUTH__REDIS__PASSWORD="password_for_redis" \
-    -e EMQX_AUTH__REDIS__PASSWORD_HASH=plain \
+    -e EMQX_LOADED_PLUGINS="emqx_retainer" \
+    -e EMQX_RETAINER__STORAGE_TYPE = "ram" \
+    -e EMQX_RETAINER__MAX_PAYLOAD_SIZE = 1MB \
     emqx/emqx:latest
 ```
 
diff --git a/rebar.config.erl b/rebar.config.erl
index 88148818e..7a473cc6a 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -279,10 +279,6 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_coap
     , emqx_stomp
     , emqx_authentication
-    , emqx_auth_http
-    , emqx_auth_mysql
-    , emqx_auth_jwt
-    , emqx_auth_mnesia
     , emqx_web_hook
     , emqx_rule_engine
     , emqx_sasl
@@ -294,10 +290,6 @@ relx_plugin_apps(ReleaseType) ->
 
 relx_plugin_apps_per_rel(cloud) ->
     [ emqx_lwm2m
-    , emqx_auth_ldap
-    , emqx_auth_pgsql
-    , emqx_auth_redis
-    , emqx_auth_mongo
     , emqx_lua_hook
     , emqx_exhook
     , emqx_exproto

From ecc450e94227766ca174a0df40aebb1cee5b270a Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 10:58:16 +0800
Subject: [PATCH 029/174] chore: delete import and export feature

---
 apps/emqx_authentication/rebar.config         |   3 +-
 apps/emqx_connector/rebar.config              |  16 +-
 .../src/emqx_mgmt_api_data.erl                | 186 -----
 apps/emqx_management/src/emqx_mgmt_cli.erl    |  31 -
 .../src/emqx_mgmt_data_backup.erl             | 739 ------------------
 .../test/emqx_auth_mnesia_migration_SUITE.erl | 176 -----
 .../make_data.sh                              | 134 ----
 .../v4.0.11-no-auth.json                      |  23 -
 .../v4.0.11.json                              |  28 -
 .../v4.0.13.json                              |  37 -
 .../v4.1.5.json                               |  58 --
 .../v4.2.10-no-auth.json                      |  29 -
 .../v4.2.10.json                              |  53 --
 .../v4.2.11.json                              |  58 --
 rebar.config                                  |   1 -
 15 files changed, 16 insertions(+), 1556 deletions(-)
 delete mode 100644 apps/emqx_management/src/emqx_mgmt_api_data.erl
 delete mode 100644 apps/emqx_management/src/emqx_mgmt_data_backup.erl
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl
 delete mode 100755 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/make_data.sh
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11-no-auth.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.13.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.1.5.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10-no-auth.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.11.json

diff --git a/apps/emqx_authentication/rebar.config b/apps/emqx_authentication/rebar.config
index 89bd1f54a..73696b033 100644
--- a/apps/emqx_authentication/rebar.config
+++ b/apps/emqx_authentication/rebar.config
@@ -1,5 +1,4 @@
-{deps, [{jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.1"}}}
-       ]}.
+{deps, []}.
 
 {edoc_opts, [{preprocess, true}]}.
 {erl_opts, [warn_unused_vars,
diff --git a/apps/emqx_connector/rebar.config b/apps/emqx_connector/rebar.config
index 53b5c63e8..633b427cf 100644
--- a/apps/emqx_connector/rebar.config
+++ b/apps/emqx_connector/rebar.config
@@ -4,7 +4,21 @@
 ]}.
 
 {deps, [
-  {mysql, {git, "https://github.com/emqx/mysql-otp", {tag, "1.7.1"}}}
+  {jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.1"}}},
+  {eldap2, {git, "https://github.com/emqx/eldap2", {tag, "v0.2.2"}}},
+  {mysql, {git, "https://github.com/emqx/mysql-otp", {tag, "1.7.1"}}},
+  {epgsql, {git, "https://github.com/epgsql/epgsql", {tag, "4.4.0"}}},
+  %% NOTE: mind poolboy version when updating mongodb-erlang version
+  {mongodb, {git,"https://github.com/emqx/mongodb-erlang", {tag, "v3.0.7"}}},
+  %% NOTE: mind poolboy version when updating eredis_cluster version
+  {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.6"}}},
+  %% mongodb-erlang uses a special fork https://github.com/comtihon/poolboy.git
+  %% (which has overflow_ttl feature added).
+  %% However, it references `{branch, "master}` (commit 9c06a9a on 2021-04-07).
+  %% By accident, We have always been using the upstream fork due to
+  %% eredis_cluster's dependency getting resolved earlier.
+  %% Here we pin 1.5.2 to avoid surprises in the future.
+  {poolboy, {git, "https://github.com/emqx/poolboy.git", {tag, "1.5.2"}}}
 ]}.
 
 {shell, [
diff --git a/apps/emqx_management/src/emqx_mgmt_api_data.erl b/apps/emqx_management/src/emqx_mgmt_api_data.erl
deleted file mode 100644
index e389a1313..000000000
--- a/apps/emqx_management/src/emqx_mgmt_api_data.erl
+++ /dev/null
@@ -1,186 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mgmt_api_data).
-
--include_lib("emqx/include/emqx.hrl").
-
--include_lib("kernel/include/file.hrl").
-
--include("emqx_mgmt.hrl").
-
--rest_api(#{name   => export,
-            method => 'POST',
-            path   => "/data/export",
-            func   => export,
-            descr  => "Export data"}).
-
--rest_api(#{name   => list_exported,
-            method => 'GET',
-            path   => "/data/export",
-            func   => list_exported,
-            descr  => "List exported file"}).
-
--rest_api(#{name   => import,
-            method => 'POST',
-            path   => "/data/import",
-            func   => import,
-            descr  => "Import data"}).
-
--rest_api(#{name   => download,
-            method => 'GET',
-            path   => "/data/file/:filename",
-            func   => download,
-            descr  => "Download data file to local"}).
-
--rest_api(#{name   => upload,
-            method => 'POST',
-            path   => "/data/file",
-            func   => upload,
-            descr  => "Upload data file from local"}).
-
--rest_api(#{name   => delete,
-            method => 'DELETE',
-            path   => "/data/file/:filename",
-            func   => delete,
-            descr  => "Delete data file"}).
-
--export([ export/2
-        , list_exported/2
-        , import/2
-        , download/2
-        , upload/2
-        , delete/2
-        ]).
-
--export([ get_list_exported/0
-        , do_import/1
-        ]).
-
-export(_Bindings, _Params) ->
-    case emqx_mgmt_data_backup:export() of
-        {ok, File = #{filename := Filename}} ->
-            minirest:return({ok, File#{filename => filename:basename(Filename)}});
-        Return -> minirest:return(Return)
-    end.
-
-list_exported(_Bindings, _Params) ->
-    List = [ rpc:call(Node, ?MODULE, get_list_exported, []) || Node <- ekka_mnesia:running_nodes() ],
-    NList = lists:map(fun({_, FileInfo}) -> FileInfo end, lists:keysort(1, lists:append(List))),
-    minirest:return({ok, NList}).
-
-get_list_exported() ->
-    Dir = emqx:get_env(data_dir),
-    {ok, Files} = file:list_dir_all(Dir),
-    lists:foldl(
-        fun(File, Acc) ->
-            case filename:extension(File) =:= ".json" of
-                true ->
-                    FullFile = filename:join([Dir, File]),
-                    case file:read_file_info(FullFile) of
-                        {ok, #file_info{size = Size, ctime = CTime = {{Y, M, D}, {H, MM, S}}}} ->
-                            CreatedAt = io_lib:format("~p-~p-~p ~p:~p:~p", [Y, M, D, H, MM, S]),
-                            Seconds = calendar:datetime_to_gregorian_seconds(CTime),
-                            [{Seconds, [{filename, list_to_binary(File)},
-                                        {size, Size},
-                                        {created_at, list_to_binary(CreatedAt)},
-                                        {node, node()}
-                                       ]} | Acc];
-                        {error, Reason} ->
-                            logger:error("Read file info of ~s failed with: ~p", [File, Reason]),
-                            Acc
-                    end;
-                false -> Acc
-            end
-        end, [], Files).
-
-import(_Bindings, Params) ->
-    case proplists:get_value(<<"filename">>, Params) of
-        undefined ->
-            Result = import_content(Params),
-            minirest:return(Result);
-        Filename ->
-            case proplists:get_value(<<"node">>, Params) of
-                undefined ->
-                    Result = do_import(Filename),
-                    minirest:return(Result);
-                Node ->
-                    case lists:member(Node,
-                          [ erlang:atom_to_binary(N, utf8) || N <- ekka_mnesia:running_nodes() ]
-                         ) of
-                        true -> minirest:return(rpc:call(erlang:binary_to_atom(Node, utf8), ?MODULE, do_import, [Filename]));
-                        false -> minirest:return({error, no_existent_node})
-                    end
-            end
-    end.
-
-do_import(Filename) ->
-    FullFilename = fullname(Filename),
-    emqx_mgmt_data_backup:import(FullFilename, "{}").
-
-download(#{filename := Filename}, _Params) ->
-    FullFilename = fullname(Filename),
-    case file:read_file(FullFilename) of
-        {ok, Bin} ->
-            {ok, #{filename => list_to_binary(Filename),
-                   file => Bin}};
-        {error, Reason} ->
-            minirest:return({error, Reason})
-    end.
-
-upload(Bindings, Params) ->
-    do_upload(Bindings, maps:from_list(Params)).
-
-do_upload(_Bindings, #{<<"filename">> := Filename,
-                       <<"file">> := Bin}) ->
-    FullFilename = fullname(Filename),
-    case file:write_file(FullFilename, Bin) of
-        ok ->
-            minirest:return({ok, [{node, node()}]});
-        {error, Reason} ->
-            minirest:return({error, Reason})
-    end;
-do_upload(Bindings, Params = #{<<"file">> := _}) ->
-    do_upload(Bindings, Params#{<<"filename">> => tmp_filename()});
-do_upload(_Bindings, _Params) ->
-    minirest:return({error, missing_required_params}).
-
-delete(#{filename := Filename}, _Params) ->
-    FullFilename = fullname(Filename),
-    case file:delete(FullFilename) of
-        ok ->
-            minirest:return();
-        {error, Reason} ->
-            minirest:return({error, Reason})
-    end.
-
-import_content(Content) ->
-    File = dump_to_tmp_file(Content),
-    do_import(File).
-
-dump_to_tmp_file(Content) ->
-    Bin = emqx_json:encode(Content),
-    Filename = tmp_filename(),
-    ok = file:write_file(fullname(Filename), Bin),
-    Filename.
-
-fullname(Name) ->
-    filename:join(emqx:get_env(data_dir), Name).
-
-tmp_filename() ->
-    Seconds = erlang:system_time(second),
-    {{Y, M, D}, {H, MM, S}} = emqx_mgmt_util:datetime(Seconds),
-    io_lib:format("emqx-export-~p-~p-~p-~p-~p-~p.json", [Y, M, D, H, MM, S]).
diff --git a/apps/emqx_management/src/emqx_mgmt_cli.erl b/apps/emqx_management/src/emqx_mgmt_cli.erl
index 77fe96182..e70def3ee 100644
--- a/apps/emqx_management/src/emqx_mgmt_cli.erl
+++ b/apps/emqx_management/src/emqx_mgmt_cli.erl
@@ -38,7 +38,6 @@
         , trace/1
         , log/1
         , mgmt/1
-        , data/1
         , acl/1
         ]).
 
@@ -544,36 +543,6 @@ stop_listener(#{listen_on := ListenOn} = Listener, _Input) ->
                            [ID, ListenOnStr, Reason])
     end.
 
-%%--------------------------------------------------------------------
-%% @doc data Command
-
-data(["export"]) ->
-    case emqx_mgmt_data_backup:export() of
-        {ok, #{filename := Filename}} ->
-            emqx_ctl:print("The emqx data has been successfully exported to ~s.~n", [Filename]);
-        {error, Reason} ->
-            emqx_ctl:print("The emqx data export failed due to ~p.~n", [Reason])
-    end;
-
-data(["import", Filename]) ->
-    data(["import", Filename, "--env", "{}"]);
-data(["import", Filename, "--env", Env]) ->
-    case emqx_mgmt_data_backup:import(Filename, Env) of
-        ok ->
-            emqx_ctl:print("The emqx data has been imported successfully.~n");
-        {error, import_failed} ->
-            emqx_ctl:print("The emqx data import failed.~n");
-        {error, unsupported_version} ->
-            emqx_ctl:print("The emqx data import failed: Unsupported version.~n");
-        {error, Reason} ->
-            emqx_ctl:print("The emqx data import failed: ~0p while reading ~s.~n", [Reason, Filename])
-    end;
-
-data(_) ->
-    emqx_ctl:usage([{"data import <File> [--env '<json>']",
-                     "Import data from the specified file, possibly with overrides"},
-                    {"data export", "Export data"}]).
-
 %%--------------------------------------------------------------------
 %% @doc acl Command
 
diff --git a/apps/emqx_management/src/emqx_mgmt_data_backup.erl b/apps/emqx_management/src/emqx_mgmt_data_backup.erl
deleted file mode 100644
index 71a92686e..000000000
--- a/apps/emqx_management/src/emqx_mgmt_data_backup.erl
+++ /dev/null
@@ -1,739 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mgmt_data_backup).
-
--include("emqx_mgmt.hrl").
--include_lib("emqx_rule_engine/include/rule_engine.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("kernel/include/file.hrl").
-
--ifdef(EMQX_ENTERPRISE).
--export([ export_modules/0
-        , export_schemas/0
-        , export_confs/0
-        , import_modules/1
-        , import_schemas/1
-        , import_confs/2
-        ]).
--endif.
-
--export([ export_rules/0
-        , export_resources/0
-        , export_blacklist/0
-        , export_applications/0
-        , export_users/0
-        , export_auth_mnesia/0
-        , export_acl_mnesia/0
-        , import_resources_and_rules/3
-        , import_rules/1
-        , import_resources/1
-        , import_blacklist/1
-        , import_applications/1
-        , import_users/1
-        , import_auth_clientid/1 %% BACKW: 4.1.x
-        , import_auth_username/1 %% BACKW: 4.1.x
-        , import_auth_mnesia/2
-        , import_acl_mnesia/2
-        , to_version/1
-        ]).
-
--export([ export/0
-        , import/2
-        ]).
-
-%%--------------------------------------------------------------------
-%% Data Export and Import
-%%--------------------------------------------------------------------
-
-export_rules() ->
-    lists:map(fun(#rule{id = RuleId,
-                        rawsql = RawSQL,
-                        actions = Actions,
-                        enabled = Enabled,
-                        description = Desc}) ->
-                   [{id, RuleId},
-                    {rawsql, RawSQL},
-                    {actions, actions_to_prop_list(Actions)},
-                    {enabled, Enabled},
-                    {description, Desc}]
-               end, emqx_rule_registry:get_rules()).
-
-export_resources() ->
-    lists:map(fun(#resource{id = Id,
-                            type = Type,
-                            config = Config,
-                            created_at = CreatedAt,
-                            description = Desc}) ->
-                   NCreatedAt = case CreatedAt of
-                                    undefined -> null;
-                                    _ -> CreatedAt
-                                end,
-                   [{id, Id},
-                    {type, Type},
-                    {config, maps:to_list(Config)},
-                    {created_at, NCreatedAt},
-                    {description, Desc}]
-               end, emqx_rule_registry:get_resources()).
-
-export_blacklist() ->
-    lists:map(fun(#banned{who = Who, by = By, reason = Reason, at = At, until = Until}) ->
-                  NWho = case Who of
-                             {peerhost, Peerhost} -> {peerhost, inet:ntoa(Peerhost)};
-                             _ -> Who
-                         end,
-                  [{who, [NWho]}, {by, By}, {reason, Reason}, {at, At}, {until, Until}]
-              end, ets:tab2list(emqx_banned)).
-
-export_applications() ->
-    lists:map(fun({_, AppID, AppSecret, Name, Desc, Status, Expired}) ->
-                  [{id, AppID}, {secret, AppSecret}, {name, Name}, {desc, Desc}, {status, Status}, {expired, Expired}]
-              end, ets:tab2list(mqtt_app)).
-
-export_users() ->
-    lists:map(fun({_, Username, Password, Tags}) ->
-                  [{username, Username}, {password, base64:encode(Password)}, {tags, Tags}]
-              end, ets:tab2list(mqtt_admin)).
-
-export_auth_mnesia() ->
-    case ets:info(emqx_user) of
-        undefined -> [];
-        _ ->
-            lists:map(fun({_, {Type, Login}, Password, CreatedAt}) ->
-                          [{login, Login}, {type, Type}, {password, base64:encode(Password)}, {created_at, CreatedAt}]
-                      end, ets:tab2list(emqx_user))
-    end.
-
-export_acl_mnesia() ->
-    case ets:info(emqx_acl) of
-        undefined -> [];
-        _ ->
-            lists:map(fun({_, Filter, Action, Access, CreatedAt}) ->
-                          Filter1 = case Filter of
-                              {{Type, TypeValue}, Topic} ->
-                                  [{type, Type}, {type_value, TypeValue}, {topic, Topic}];
-                              {Type, Topic} ->
-                                  [{type, Type}, {topic, Topic}]
-                          end,
-                          Filter1 ++ [{action, Action}, {access, Access}, {created_at, CreatedAt}]
-                      end, ets:tab2list(emqx_acl))
-    end.
-
--ifdef(EMQX_ENTERPRISE).
-export_modules() ->
-    case ets:info(emqx_modules) of
-        undefined -> [];
-        _ ->
-           lists:map(fun({_, Id, Type, Config, Enabled, CreatedAt, Description}) ->
-                          [{id, Id},
-                           {type, Type},
-                           {config, Config},
-                           {enabled, Enabled},
-                           {created_at, CreatedAt},
-                           {description, Description}
-                          ]
-                      end, ets:tab2list(emqx_modules))
-    end.
-
-export_schemas() ->
-    case ets:info(emqx_schema) of
-        undefined -> [];
-        _ ->
-            [emqx_schema_api:format_schema(Schema) || Schema <- emqx_schema_registry:get_all_schemas()]
-    end.
-
-export_confs() ->
-    case ets:info(emqx_conf_info) of
-        undefined -> {[], []};
-        _ ->
-            {lists:map(fun({_, Key, Confs}) ->
-                case Key of
-                    {_Zone, Name} ->
-                        [{zone, list_to_binary(Name)},
-                         {confs, confs_to_binary(Confs)}];
-                    {_Listener, Type, Name} ->
-                        [{type, list_to_binary(Type)},
-                         {name, list_to_binary(Name)},
-                         {confs, confs_to_binary(Confs)}];
-                    Name ->
-                        [{name, list_to_binary(Name)},
-                         {confs, confs_to_binary(Confs)}]
-                end
-            end, ets:tab2list(emqx_conf_b)),
-            lists:map(fun({_, {_Listener, Type, Name}, Status}) ->
-                [{type, list_to_binary(Type)},
-                 {name, list_to_binary(Name)},
-                 {status, Status}]
-            end, ets:tab2list(emqx_listeners_state))}
-    end.
-
-confs_to_binary(Confs) ->
-    [{list_to_binary(Key), list_to_binary(Val)} || {Key, Val} <-Confs].
-
--endif.
-
-import_rule(#{<<"id">> := RuleId,
-              <<"rawsql">> := RawSQL,
-              <<"actions">> := Actions,
-              <<"enabled">> := Enabled,
-              <<"description">> := Desc}) ->
-    Rule = #{id => RuleId,
-             rawsql => RawSQL,
-             actions => map_to_actions(Actions),
-             enabled => Enabled,
-             description => Desc},
-    try emqx_rule_engine:create_rule(Rule)
-    catch throw:{resource_not_initialized, _ResId} ->
-        emqx_rule_engine:create_rule(Rule#{enabled => false})
-    end.
-
-map_to_actions(Maps) ->
-    [map_to_action(M) || M <- Maps].
-
-map_to_action(Map = #{<<"id">> := ActionInstId, <<"name">> := Name, <<"args">> := Args}) ->
-    #{id => ActionInstId,
-      name => any_to_atom(Name),
-      args => Args,
-      fallbacks => map_to_actions(maps:get(<<"fallbacks">>, Map, []))}.
-
-
-import_rules(Rules) ->
-    lists:foreach(fun(Rule) ->
-                      import_rule(Rule)
-                  end, Rules).
-
-import_resources(Reources) ->
-    lists:foreach(fun(Resource) ->
-                      import_resource(Resource)
-                  end, Reources).
-
-import_resource(#{<<"id">> := Id,
-                  <<"type">> := Type,
-                  <<"config">> := Config,
-                  <<"created_at">> := CreatedAt,
-                  <<"description">> := Desc}) ->
-    NCreatedAt = case CreatedAt of
-                     null -> undefined;
-                     _ -> CreatedAt
-                 end,
-    emqx_rule_engine:create_resource(#{id => Id,
-                                       type => any_to_atom(Type),
-                                       config => Config,
-                                       created_at => NCreatedAt,
-                                       description => Desc}).
-import_resources_and_rules(Resources, Rules, FromVersion)
-  when FromVersion =:= "4.0" orelse
-       FromVersion =:= "4.1" orelse
-       FromVersion =:= "4.2" ->
-    Configs = lists:foldl(fun compatible_version/2 , [], Resources),
-    lists:foreach(fun(#{<<"actions">> := Actions} = Rule) ->
-                      NActions = apply_new_config(Actions, Configs),
-                      import_rule(Rule#{<<"actions">> := NActions})
-                  end, Rules);
-import_resources_and_rules(Resources, Rules, _FromVersion) ->
-    import_resources(Resources),
-    import_rules(Rules).
-
-%% 4.2.5 +
-compatible_version(#{<<"id">> := ID,
-                     <<"type">> := <<"web_hook">>,
-                     <<"config">> := #{<<"connect_timeout">> := ConnectTimeout,
-                                       <<"content_type">> := ContentType,
-                                       <<"headers">> := Headers,
-                                       <<"method">> := Method,
-                                       <<"pool_size">> := PoolSize,
-                                       <<"request_timeout">> := RequestTimeout,
-                                       <<"url">> := URL}} = Resource, Acc) ->
-    CovertFun = fun(Int) ->
-        list_to_binary(integer_to_list(Int) ++ "s")
-    end,
-    Cfg = make_new_config(#{<<"pool_size">> => PoolSize,
-                            <<"connect_timeout">> => CovertFun(ConnectTimeout),
-                            <<"request_timeout">> => CovertFun(RequestTimeout),
-                            <<"url">> => URL}),
-    {ok, _Resource} = import_resource(Resource#{<<"config">> := Cfg}),
-    NHeaders = maps:put(<<"content-type">>, ContentType, covert_empty_headers(Headers)),
-    [{ID, #{headers => NHeaders, method => Method}} | Acc];
-% 4.2.0
-compatible_version(#{<<"id">> := ID,
-                    <<"type">> := <<"web_hook">>,
-                    <<"config">> := #{<<"headers">> := Headers,
-                                    <<"method">> := Method,%% 4.2.0 Different here
-                                    <<"url">> := URL}} = Resource, Acc) ->
-    Cfg = make_new_config(#{<<"url">> => URL}),
-    {ok, _Resource} = import_resource(Resource#{<<"config">> := Cfg}),
-    NHeaders = maps:put(<<"content-type">>, <<"application/json">> , covert_empty_headers(Headers)),
-    [{ID, #{headers => NHeaders, method => Method}} | Acc];
-
-%% bridge mqtt
-%% 4.2.0 - 4.2.5 bridge_mqtt, ssl enabled from on/off to true/false
-compatible_version(#{<<"type">> := <<"bridge_mqtt">>,
-                     <<"id">> := ID, %% begin 4.2.0.
-                     <<"config">> := #{<<"ssl">> := Ssl} = Config} = Resource, Acc) ->
-    NewConfig = Config#{<<"ssl">> := flag_to_boolean(Ssl),
-                        <<"pool_size">> => case maps:get(<<"pool_size">>, Config, undefined) of %% 4.0.x, compatible `pool_size`
-                                                undefined -> 8;
-                                                PoolSize -> PoolSize
-                                            end},
-    {ok, _Resource} = import_resource(Resource#{<<"config">> := NewConfig}),
-    [{ID, NewConfig} | Acc];
-
-% 4.2.3, add :content_type
-compatible_version(#{<<"id">> := ID,
-                    <<"type">> := <<"web_hook">>,
-                    <<"config">> := #{<<"headers">> := Headers,
-                                      <<"content_type">> := ContentType,%% 4.2.3 Different here
-                                      <<"method">> := Method,
-                                      <<"url">> := URL}} = Resource, Acc) ->
-    Cfg = make_new_config(#{<<"url">> => URL}),
-    {ok, _Resource} = import_resource(Resource#{<<"config">> := Cfg}),
-    NHeaders = maps:put(<<"content-type">>, ContentType, covert_empty_headers(Headers)),
-    [{ID, #{headers => NHeaders, method => Method}} | Acc];
-% normal version
-compatible_version(Resource, Acc) ->
-    {ok, _Resource} = import_resource(Resource),
-    Acc.
-
-make_new_config(Cfg) ->
-    Config = #{<<"pool_size">> => 8,
-               <<"connect_timeout">> => <<"5s">>,
-               <<"request_timeout">> => <<"5s">>,
-               <<"cacertfile">> => <<>>,
-               <<"certfile">> => <<>>,
-               <<"keyfile">> => <<>>,
-               <<"verify">> => false},
-    maps:merge(Cfg, Config).
-
-apply_new_config(Actions, Configs) ->
-    apply_new_config(Actions, Configs, []).
-
-apply_new_config([], _Configs, Acc) ->
-    Acc;
-apply_new_config(Actions, [], []) ->
-    Actions;
-apply_new_config([Action = #{<<"name">> := <<"data_to_webserver">>,
-                             <<"args">> := #{<<"$resource">> := ID,
-                                            <<"path">> := Path,
-                                            <<"payload_tmpl">> := PayloadTmpl}} | More], Configs, Acc) ->
-    case proplists:get_value(ID, Configs, undefined) of
-        undefined ->
-            apply_new_config(More, Configs, [Action | Acc]);
-        #{headers := Headers, method := Method} ->
-            Args = #{<<"$resource">> => ID,
-                     <<"body">> => PayloadTmpl,
-                     <<"headers">> => Headers,
-                     <<"method">> => Method,
-                     <<"path">> => Path},
-            apply_new_config(More, Configs, [Action#{<<"args">> := Args} | Acc])
-    end;
-
-apply_new_config([Action = #{<<"args">> := #{<<"$resource">> := ResourceId,
-                                             <<"forward_topic">> := ForwardTopic,
-                                             <<"payload_tmpl">> := PayloadTmpl},
-                           <<"fallbacks">> := _Fallbacks,
-                           <<"id">> := _Id,
-                           <<"name">> := <<"data_to_mqtt_broker">>} | More], Configs, Acc) ->
-            Args = #{<<"$resource">> => ResourceId,
-                     <<"payload_tmpl">> => PayloadTmpl,
-                     <<"forward_topic">> => ForwardTopic},
-            apply_new_config(More, Configs, [Action#{<<"args">> := Args} | Acc]).
-
-
-actions_to_prop_list(Actions) ->
-    [action_to_prop_list(Act) || Act <- Actions].
-
-action_to_prop_list({action_instance, ActionInstId, Name, FallbackActions, Args}) ->
-    [{id, ActionInstId},
-     {name, Name},
-     {fallbacks, actions_to_prop_list(FallbackActions)},
-     {args, Args}].
-
-import_blacklist(Blacklist) ->
-    lists:foreach(fun(#{<<"who">> := Who,
-                        <<"by">> := By,
-                        <<"reason">> := Reason,
-                        <<"at">> := At,
-                        <<"until">> := Until}) ->
-                      NWho = case Who of
-                                 #{<<"peerhost">> := Peerhost} ->
-                                     {ok, NPeerhost} = inet:parse_address(Peerhost),
-                                     {peerhost, NPeerhost};
-                                 #{<<"clientid">> := ClientId} -> {clientid, ClientId};
-                                 #{<<"username">> := Username} -> {username, Username}
-                             end,
-                     emqx_banned:create(#banned{who = NWho, by = By, reason = Reason, at = At, until = Until})
-                  end, Blacklist).
-
-import_applications(Apps) ->
-    lists:foreach(fun(#{<<"id">> := AppID,
-                        <<"secret">> := AppSecret,
-                        <<"name">> := Name,
-                        <<"desc">> := Desc,
-                        <<"status">> := Status,
-                        <<"expired">> := Expired}) ->
-                      NExpired = case is_integer(Expired) of
-                                     true -> Expired;
-                                     false -> undefined
-                                 end,
-                      emqx_mgmt_auth:force_add_app(AppID, Name, AppSecret, Desc, Status, NExpired)
-                  end, Apps).
-
-import_users(Users) ->
-    lists:foreach(fun(#{<<"username">> := Username,
-                        <<"password">> := Password,
-                        <<"tags">> := Tags}) ->
-                      NPassword = base64:decode(Password),
-                      emqx_dashboard_admin:force_add_user(Username, NPassword, Tags)
-                  end, Users).
-
-import_auth_clientid(Lists) ->
-    case ets:info(emqx_user) of
-        undefined -> ok;
-        _ ->
-            lists:foreach(fun(#{<<"clientid">> := Clientid, <<"password">> := Password}) ->
-                                  mnesia:dirty_write({emqx_user, {clientid, Clientid}
-                                                               , base64:decode(Password)
-                                                               , erlang:system_time(millisecond)})
-                          end, Lists)
-    end.
-
-import_auth_username(Lists) ->
-    case ets:info(emqx_user) of
-        undefined -> ok;
-        _ ->
-            lists:foreach(fun(#{<<"username">> := Username, <<"password">> := Password}) ->
-                            mnesia:dirty_write({emqx_user, {username, Username}, base64:decode(Password), erlang:system_time(millisecond)})
-                          end, Lists)
-    end.
-
--ifdef(EMQX_ENTERPRISE).
-import_auth_mnesia(Auths, FromVersion) when FromVersion =:= "4.0" orelse
-                                            FromVersion =:= "4.1" ->
-    do_import_auth_mnesia_by_old_data(Auths);
-import_auth_mnesia(Auths, _) ->
-    do_import_auth_mnesia(Auths).
-
-import_acl_mnesia(Acls, FromVersion) when FromVersion =:= "4.0" orelse
-                                          FromVersion =:= "4.1" ->
-    do_import_acl_mnesia_by_old_data(Acls);
-
-import_acl_mnesia(Acls, _) ->
-    do_import_acl_mnesia(Acls).
--else.
-import_auth_mnesia(Auths, FromVersion) when FromVersion =:= "4.3" ->
-    do_import_auth_mnesia(Auths);
-import_auth_mnesia(Auths, _FromVersion) ->
-    do_import_auth_mnesia_by_old_data(Auths).
-
-import_acl_mnesia(Acls, FromVersion) when FromVersion =:= "4.3" ->
-    do_import_acl_mnesia(Acls);
-import_acl_mnesia(Acls, _FromVersion) ->
-    do_import_acl_mnesia_by_old_data(Acls).
-
--endif.
-
-do_import_auth_mnesia_by_old_data(Auths) ->
-    case ets:info(emqx_user) of
-        undefined -> ok;
-        _ ->
-            CreatedAt = erlang:system_time(millisecond),
-            lists:foreach(fun(#{<<"login">> := Login,
-                                <<"password">> := Password}) ->
-                            mnesia:dirty_write({emqx_user, {get_old_type(), Login}, base64:decode(Password), CreatedAt})
-                          end, Auths)
-    end.
-
-
-do_import_auth_mnesia(Auths) ->
-    case ets:info(emqx_user) of
-        undefined -> ok;
-        _ ->
-            lists:foreach(fun(#{<<"login">> := Login,
-                                <<"type">> := Type,
-                                <<"password">> := Password } = Map) ->
-                            CreatedAt = maps:get(<<"created_at">>, Map, erlang:system_time(millisecond)),
-                            mnesia:dirty_write({emqx_user, {any_to_atom(Type), Login}, base64:decode(Password), CreatedAt})
-                          end, Auths)
-    end.
-
-do_import_acl_mnesia_by_old_data(Acls) ->
-    case ets:info(emqx_acl) of
-        undefined -> ok;
-        _ ->
-            CreatedAt = erlang:system_time(millisecond),
-            lists:foreach(fun(#{<<"login">> := Login,
-                                <<"topic">> := Topic,
-                                <<"allow">> := Allow,
-                                <<"action">> := Action}) ->
-                            Allow1 = case any_to_atom(Allow) of
-                                         true -> allow;
-                                         false -> deny
-                                     end,
-                            mnesia:dirty_write({emqx_acl, {{get_old_type(), Login}, Topic}, any_to_atom(Action), Allow1, CreatedAt})
-                          end, Acls)
-    end.
-do_import_acl_mnesia(Acls) ->
-    case ets:info(emqx_acl) of
-        undefined -> ok;
-        _ ->
-            lists:foreach(fun(Map = #{<<"action">> := Action,
-                                      <<"access">> := Access}) ->
-                            Topic = maps:get(<<"topic">>, Map),
-                            Login = case maps:get(<<"type_value">>, Map, undefined) of
-                                undefined ->
-                                    all;
-                                Value ->
-                                    {any_to_atom(maps:get(<<"type">>, Map)), Value}
-                            end,
-                            emqx_acl_mnesia_cli:add_acl(Login, Topic, any_to_atom(Action), any_to_atom(Access))
-                          end, Acls)
-    end.
-
--ifdef(EMQX_ENTERPRISE).
--dialyzer({nowarn_function, [import_modules/1]}).
-import_modules(Modules) ->
-    case ets:info(emqx_modules) of
-        undefined ->
-            ok;
-        _ ->
-           lists:foreach(fun(#{<<"id">> := Id,
-                               <<"type">> := Type,
-                               <<"config">> := Config,
-                               <<"enabled">> := Enabled,
-                               <<"created_at">> := CreatedAt,
-                               <<"description">> := Description}) ->
-                            _ = emqx_modules:import_module({Id, any_to_atom(Type), Config, Enabled, CreatedAt, Description})
-                         end, Modules)
-    end.
-
-
-import_schemas(Schemas) ->
-    case ets:info(emqx_schema) of
-        undefined -> ok;
-        _ -> [emqx_schema_registry:add_schema(emqx_schema_api:make_schema_params(Schema)) || Schema <- Schemas]
-    end.
-
-import_confs(Configs, ListenersState) ->
-    case ets:info(emqx_conf_info) of
-        undefined -> ok;
-        _ ->
-            emqx_conf:import_confs(Configs, ListenersState)
-    end.
-
--endif.
-
-any_to_atom(L) when is_list(L) -> list_to_atom(L);
-any_to_atom(B) when is_binary(B) -> binary_to_atom(B, utf8);
-any_to_atom(A) when is_atom(A) -> A.
-
-to_version(Version) when is_integer(Version) ->
-    integer_to_list(Version);
-to_version(Version) when is_binary(Version) ->
-    binary_to_list(Version);
-to_version(Version) when is_list(Version) ->
-    Version.
-
-export() ->
-    Seconds = erlang:system_time(second),
-    Data = do_export_data() ++ [{date, erlang:list_to_binary(emqx_mgmt_util:strftime(Seconds))}],
-    {{Y, M, D}, {H, MM, S}} = emqx_mgmt_util:datetime(Seconds),
-    Filename = io_lib:format("emqx-export-~p-~p-~p-~p-~p-~p.json", [Y, M, D, H, MM, S]),
-    NFilename = filename:join([emqx:get_env(data_dir), Filename]),
-    ok = filelib:ensure_dir(NFilename),
-    case file:write_file(NFilename, emqx_json:encode(Data)) of
-        ok ->
-            case file:read_file_info(NFilename) of
-                {ok, #file_info{size = Size, ctime = {{Y1, M1, D1}, {H1, MM1, S1}}}} ->
-                    CreatedAt = io_lib:format("~p-~p-~p ~p:~p:~p", [Y1, M1, D1, H1, MM1, S1]),
-                    {ok, #{filename => list_to_binary(NFilename),
-                           size => Size,
-                           created_at => list_to_binary(CreatedAt),
-                           node => node()
-                          }};
-                Error -> Error
-            end;
-        Error -> Error
-    end.
-
-do_export_data() ->
-    Version = string:sub_string(emqx_sys:version(), 1, 3),
-    [{version, erlang:list_to_binary(Version)},
-     {rules, export_rules()},
-     {resources, export_resources()},
-     {blacklist, export_blacklist()},
-     {apps, export_applications()},
-     {users, export_users()},
-     {auth_mnesia, export_auth_mnesia()},
-     {acl_mnesia, export_acl_mnesia()}
-     ] ++ do_export_extra_data().
-
--ifdef(EMQX_ENTERPRISE).
-do_export_extra_data() ->
-    {Configs, State} = export_confs(),
-    [{modules, export_modules()},
-     {schemas, export_schemas()},
-     {configs, Configs},
-     {listeners_state, State}
-    ].
--else.
-do_export_extra_data() -> [].
--endif.
-
--ifdef(EMQX_ENTERPRISE).
-import(Filename, OverridesJson) ->
-    case file:read_file(Filename) of
-        {ok, Json} ->
-            Imported = emqx_json:decode(Json, [return_maps]),
-            Overrides = emqx_json:decode(OverridesJson, [return_maps]),
-            Data = maps:merge(Imported, Overrides),
-            Version = to_version(maps:get(<<"version">>, Data)),
-            read_global_auth_type(Data),
-            try
-                do_import_data(Data, Version),
-                logger:debug("The emqx data has been imported successfully"),
-                ok
-            catch Class:Reason:Stack ->
-                logger:error("The emqx data import failed: ~0p", [{Class, Reason, Stack}]),
-                {error, import_failed}
-            end;
-        Error -> Error
-    end.
--else.
-import(Filename, OverridesJson) ->
-    case file:read_file(Filename) of
-        {ok, Json} ->
-            Imported = emqx_json:decode(Json, [return_maps]),
-            Overrides = emqx_json:decode(OverridesJson, [return_maps]),
-            Data = maps:merge(Imported, Overrides),
-            Version = to_version(maps:get(<<"version">>, Data)),
-            read_global_auth_type(Data),
-            case is_version_supported(Data, Version) of
-                true  ->
-                    try
-                        do_import_data(Data, Version),
-                        logger:debug("The emqx data has been imported successfully"),
-                        ok
-                    catch Class:Reason:Stack ->
-                        logger:error("The emqx data import failed: ~0p", [{Class, Reason, Stack}]),
-                        {error, import_failed}
-                    end;
-                false ->
-                    logger:error("Unsupported version: ~p", [Version]),
-                    {error, unsupported_version, Version}
-            end;
-        Error -> Error
-    end.
--endif.
-
-do_import_data(Data, Version) ->
-    do_import_extra_data(Data, Version),
-    import_resources_and_rules(maps:get(<<"resources">>, Data, []), maps:get(<<"rules">>, Data, []), Version),
-    import_blacklist(maps:get(<<"blacklist">>, Data, [])),
-    import_applications(maps:get(<<"apps">>, Data, [])),
-    import_users(maps:get(<<"users">>, Data, [])),
-    import_auth_clientid(maps:get(<<"auth_clientid">>, Data, [])),
-    import_auth_username(maps:get(<<"auth_username">>, Data, [])),
-    import_auth_mnesia(maps:get(<<"auth_mnesia">>, Data, []), Version),
-    import_acl_mnesia(maps:get(<<"acl_mnesia">>, Data, []), Version).
-
--ifdef(EMQX_ENTERPRISE).
-do_import_extra_data(Data, _Version) ->
-    _ = import_confs(maps:get(<<"configs">>, Data, []), maps:get(<<"listeners_state">>, Data, [])),
-    _ = import_modules(maps:get(<<"modules">>, Data, [])),
-    _ = import_schemas(maps:get(<<"schemas">>, Data, [])),
-    ok.
--else.
-do_import_extra_data(_Data, _Version) -> ok.
--endif.
-
-covert_empty_headers([]) -> #{};
-covert_empty_headers(Other) -> Other.
-
-flag_to_boolean(<<"on">>) -> true;
-flag_to_boolean(<<"off">>) -> false;
-flag_to_boolean(Other) -> Other.
-
--ifndef(EMQX_ENTERPRISE).
-is_version_supported(Data, Version) ->
-    case { maps:get(<<"auth_clientid">>, Data, [])
-         , maps:get(<<"auth_username">>, Data, [])
-         , maps:get(<<"auth_mnesia">>, Data, [])} of
-        {[], [], []} -> lists:member(Version, ?VERSIONS);
-        _ -> is_version_supported2(Version)
-    end.
-
-is_version_supported2("4.1") ->
-    true;
-is_version_supported2("4.3") ->
-    true;
-is_version_supported2(Version) ->
-    case re:run(Version, "^4.[02].\\d+$", [{capture, none}]) of
-        match ->
-            try lists:map(fun erlang:list_to_integer/1, string:tokens(Version, ".")) of
-                [4, 2, N] -> N >= 11;
-                [4, 0, N] -> N >= 13;
-                _ -> false
-            catch
-                _ : _ -> false
-            end;
-        nomatch ->
-            false
-    end.
--endif.
-
-read_global_auth_type(Data) ->
-    case {maps:get(<<"auth_mnesia">>, Data, []), maps:get(<<"acl_mnesia">>, Data, [])} of
-        {[], []} ->
-            %% Auth mnesia plugin is not used:
-            ok;
-        _ ->
-            do_read_global_auth_type(Data)
-    end.
-
--ifdef(EMQX_ENTERPRISE).
-do_read_global_auth_type(Data) ->
-    case Data of
-        #{<<"auth.mnesia.as">> := <<"username">>} ->
-            application:set_env(emqx_auth_mnesia, as, username);
-        #{<<"auth.mnesia.as">> := <<"clientid">>} ->
-            application:set_env(emqx_auth_mnesia, as, clientid);
-        _ ->
-            ok
-    end.
-
--else.
-do_read_global_auth_type(Data) ->
-    case Data of
-        #{<<"auth.mnesia.as">> := <<"username">>} ->
-            application:set_env(emqx_auth_mnesia, as, username);
-        #{<<"auth.mnesia.as">> := <<"clientid">>} ->
-            application:set_env(emqx_auth_mnesia, as, clientid);
-        _ ->
-            logger:error("While importing data from EMQX versions prior to 4.3 "
-                         "it is necessary to specify the value of \"auth.mnesia.as\" parameter "
-                         "as it was configured in etc/plugins/emqx_auth_mnesia.conf.\n"
-                         "Use the following command to import data:\n"
-                         "  $ emqx_ctl data import <filename> --env '{\"auth.mnesia.as\":\"username\"}'\n"
-                         "or\n"
-                         "  $ emqx_ctl data import <filename> --env '{\"auth.mnesia.as\":\"clientid\"}'",
-                         []),
-            error(import_failed)
-    end.
--endif.
-
-get_old_type() ->
-    {ok, Type} = application:get_env(emqx_auth_mnesia, as),
-    Type.
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl
deleted file mode 100644
index 7c249b66b..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl
+++ /dev/null
@@ -1,176 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_migration_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("eunit/include/eunit.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/emqx_mqtt.hrl").
--include_lib("emqx_auth_mnesia/include/emqx_auth_mnesia.hrl").
-
-matrix() ->
-    [{ImportAs, Version} || ImportAs <- [clientid, username]
-                          , Version <- ["v4.2.10", "v4.1.5"]].
-
-all() ->
-    [t_import_4_0, t_import_4_1, t_import_4_2].
-
-groups() ->
-    [{username, [], cases()}, {clientid, [], cases()}].
-
-cases() ->
-    [t_import].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_management, emqx_dashboard, emqx_auth_mnesia]),
-    application:set_env(ekka, strict_mode, true),
-    ekka_mnesia:start(),
-    emqx_mgmt_auth:mnesia(boot),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_modules, emqx_management, emqx_dashboard, emqx_auth_mnesia]),
-    ekka_mnesia:ensure_stopped().
-
-init_per_testcase(_, Config) ->
-    Config.
-
-end_per_testcase(_, _Config) ->
-    {atomic,ok} = mnesia:clear_table(emqx_acl),
-    {atomic,ok} = mnesia:clear_table(emqx_user),
-    ok.
--ifdef(EMQX_ENTERPRISE).
-t_import_4_0(Config) ->
-    Overrides = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch(ok, do_import("e4.0.10.json", Config, Overrides)),
-    timer:sleep(100),
-    ct:pal("---~p~n", [ets:tab2list(emqx_user)]),
-    test_import(username, {<<"emqx_username">>, <<"public">>}),
-    test_import(clientid, {<<"emqx_c">>, <<"public">>}),
-
-    Overrides1 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(username)}),
-    ?assertMatch(ok, do_import("e4.0.10.json", Config, Overrides1)),
-    timer:sleep(100),
-    test_import(username, {<<"emqx_c">>, <<"public">>}),
-    test_import(username, {<<"emqx_username">>, <<"public">>}).
-t_import_4_1(Config) ->
-    Overrides = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch(ok, do_import("e4.1.1.json", Config, Overrides)),
-    timer:sleep(100),
-    test_import(clientid, {<<"emqx_c">>, <<"public">>}),
-    test_import(clientid, {<<"emqx_c">>, <<"public">>}),
-
-    Overrides1 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(username)}),
-    ?assertMatch(ok, do_import("e4.1.1.json", Config, Overrides1)),
-    timer:sleep(100),
-    test_import(username, {<<"emqx_c">>, <<"public">>}),
-    test_import(clientid, {<<"emqx_clientid">>, <<"public">>}).
-
-t_import_4_2(Config) ->
-    ?assertMatch(ok, do_import("e4.2.9.json", Config, "{}")),
-    timer:sleep(100),
-    test_import(username, {<<"emqx_c">>, <<"public">>}),
-    test_import(clientid, {<<"emqx_clientid">>, <<"public">>}).
-
--else.
-t_import_4_0(Config) ->
-    ?assertMatch(ok, do_import("v4.0.11-no-auth.json", Config)),
-    timer:sleep(100),
-    ?assertMatch(0, ets:info(emqx_user, size)),
-
-    ?assertMatch({error, unsupported_version, "4.0"}, do_import("v4.0.11.json", Config)),
-
-    ?assertMatch(ok, do_import("v4.0.13.json", Config)),
-    timer:sleep(100),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}).
-
-t_import_4_1(Config) ->
-    Overrides = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch(ok, do_import("v4.1.5.json", Config, Overrides)),
-    timer:sleep(100),
-    test_import(clientid, {<<"user_mnesia">>, <<"public">>}),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}),
-
-    Overrides1 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(username)}),
-    ?assertMatch(ok, do_import("v4.1.5.json", Config, Overrides1)),
-    timer:sleep(100),
-    test_import(username, {<<"user_mnesia">>, <<"public">>}),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}).
-
-t_import_4_2(Config) ->
-    ?assertMatch(ok, do_import("v4.2.10-no-auth.json", Config)),
-    timer:sleep(100),
-    ?assertMatch(0, ets:info(emqx_user, size)),
-
-    Overrides = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch({error, unsupported_version, "4.2"}, do_import("v4.2.10.json", Config, Overrides)),
-
-    Overrides1 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch(ok, do_import("v4.2.11.json", Config, Overrides1)),
-    timer:sleep(100),
-    test_import(clientid, {<<"user_mnesia">>, <<"public">>}),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}),
-
-    Overrides2 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(username)}),
-    ?assertMatch(ok, do_import("v4.2.11.json", Config, Overrides2)),
-    timer:sleep(100),
-    test_import(username, {<<"user_mnesia">>, <<"public">>}),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}),
-
-    ?assertMatch([#emqx_acl{
-                     filter = {{Type,<<"emqx_c">>}, <<"Topic/A">>},
-                     action = pub,
-                     access = allow
-                    },
-                  #emqx_acl{
-                     filter = {{Type,<<"emqx_c">>}, <<"Topic/A">>},
-                     action = sub,
-                     access = allow
-                    }],
-                 lists:sort(ets:tab2list(emqx_acl))).
--endif.
-
-do_import(File, Config) ->
-    do_import(File, Config, "{}").
-
-do_import(File, Config, Overrides) ->
-    mnesia:clear_table(emqx_acl),
-    mnesia:clear_table(emqx_user),
-    Filename = filename:join(proplists:get_value(data_dir, Config), File),
-    emqx_mgmt_data_backup:import(Filename, Overrides).
-
-test_import(username, {Username, Password}) ->
-    [#emqx_user{password = _}] = ets:lookup(emqx_user, {username, Username}),
-    Req = #{clientid => <<"anyname">>,
-            username => Username,
-            password => Password},
-    ?assertMatch({stop, #{auth_result := success}},
-                 emqx_auth_mnesia:check(Req, #{}, #{hash_type => sha256}));
-test_import(clientid, {ClientID, Password}) ->
-    [#emqx_user{password = _}] = ets:lookup(emqx_user, {clientid, ClientID}),
-    Req = #{clientid => ClientID,
-            password => Password},
-    ?assertMatch({stop, #{auth_result := success}},
-                 emqx_auth_mnesia:check(Req, #{}, #{hash_type => sha256})).
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/make_data.sh b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/make_data.sh
deleted file mode 100755
index e31729784..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/make_data.sh
+++ /dev/null
@@ -1,134 +0,0 @@
-#!/bin/bash
-set -eux pipefail
-# Helper script for creating data export files
-
-container() {
-    version="${1}"
-    if [ -z ${2+x} ]; then
-        ee=""
-    else
-        ee="-ee"
-    fi
-    container="emqx/emqx${ee}:${version}"
-    docker rm -f emqx || true
-    docker run "$container" true # Make sure the image is cached locally
-    docker run --rm -e EMQX_LOADED_PLUGINS="emqx_auth_mnesia emqx_auth_clientid emqx_management" \
-           --name emqx -p 8081:8081 "$container" emqx foreground &
-    sleep 7
-}
-
-create_acls () {
-    url="${1}"
-    curl -f -v "http://localhost:8081/$url" -u admin:public -d@- <<EOF
-[
-  {
-    "login":"emqx_c",
-    "topic":"Topic/A",
-    "action":"pub",
-    "allow": true
-  },
-  {
-    "login":"emqx_c",
-    "topic":"Topic/A",
-    "action":"sub",
-    "allow": true
-  }
-]
-EOF
-}
-
-create_user () {
-    url="${1}"
-    curl -f -v "http://localhost:8081/api/v4/$url" -u admin:public -d@- <<EOF
-{
-    "login": "emqx_c",
-    "password": "emqx_p",
-    "is_superuser": true
-}
-EOF
-}
-
-export_data() {
-    filename="${1}"
-
-    docker exec emqx emqx_ctl data export
-    docker exec emqx sh -c 'cat data/*.json' | jq > "$filename.json"
-    cat "${filename}.json"
-}
-
-
-collect_4_2_no_mnesia_auth () {
-    container "4.2.10"
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "v4.2.10-no-auth"
-}
-
-collect_4_2 () {
-    container "4.2.10"
-    create_acls "api/v4/mqtt_acl"
-    create_user mqtt_user
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "v4.2.10"
-}
-
-
-collect_e4_2 () {
-    container "4.2.5" "ee"
-    # Add ACLs:
-    docker exec emqx emqx_ctl acl add username emqx_c Topic/A pubsub allow
-    # Create users
-    docker exec emqx emqx_ctl user add emqx_c emqx_p
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "e4.2.5"
-}
-
-collect_e4_1 () {
-    container "4.1.1" "ee"
-    # Add ACLs:
-    create_acls "api/v4/emqx_acl"
-    # Create users
-    create_user "auth_user"
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "e4.1.1"
-}
-
-collect_4_1 () {
-    container "v4.1.5"
-    create_acls "api/v4/emqx_acl"
-    create_user auth_user
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "v4.1.5"
-}
-
-collect_4_0 () {
-    container "v4.0.11"
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "v4.0.11"
-}
-
-collect_4_0
-collect_4_1
-collect_4_2
-collect_4_2_no_mnesia_auth
-collect_e4_2
-collect_e4_1
-
-docker kill emqx
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11-no-auth.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11-no-auth.json
deleted file mode 100644
index 8dad197dd..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11-no-auth.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-  "version": "4.0",
-  "users": [],
-  "schemas": [],
-  "rules": [],
-  "resources": [],
-  "date": "2021-04-10 11:45:26",
-  "blacklist": [],
-  "auth_username": [],
-  "auth_mnesia": [],
-  "auth_clientid": [],
-  "apps": [
-    {
-      "status": true,
-      "secret": "public",
-      "name": "Default",
-      "id": "admin",
-      "expired": "undefined",
-      "desc": "Application user"
-    }
-  ],
-  "acl_mnesia": []
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11.json
deleted file mode 100644
index a701d0944..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "version": "4.0",
-  "users": [],
-  "schemas": [],
-  "rules": [],
-  "resources": [],
-  "date": "2021-04-10 11:45:26",
-  "blacklist": [],
-  "auth_username": [],
-  "auth_mnesia": [],
-  "auth_clientid": [
-    {
-      "password": "9Sv2tzJlNDlmNWZhYWQ5Yzc4MWUwNmFhZWI4NjFlMDM2OWEzYmE1OTkxOTBhOGQ4N2Y3MzExY2ZiZmIxNTFkMTdkZmY=",
-      "clientid": "emqx_clientid"
-    }
-  ],
-  "apps": [
-    {
-      "status": true,
-      "secret": "public",
-      "name": "Default",
-      "id": "admin",
-      "expired": "undefined",
-      "desc": "Application user"
-    }
-  ],
-  "acl_mnesia": []
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.13.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.13.json
deleted file mode 100644
index 9c602a0e3..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.13.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-    "version":"4.0.13",
-    "users":[
-        {
-            "username":"admin",
-            "tags":"administrator",
-            "password":"p6C65OF0BQhvPmCziM2yRa8JN5o="
-        }
-    ],
-    "schemas":[],
-    "rules":[],
-    "resources":[],
-    "date":"2021-04-16 11:20:00",
-    "blacklist":[],
-    "auth_username":[
-        {
-            "username":"user_for_test",
-            "password":"ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU="
-        }
-    ],
-    "auth_clientid":[
-        {
-            "password":"JBgSnzIxOWNiMDU1ZWFiNDAwMjVhOTQzZThlZjkxN2JlZWE4MGE4YzlmM2I5MjQ4OGI1NjllY2Q4NGQ4NjhjYzQ1NDM=",
-            "clientid":"client_for_test"
-        }
-    ],
-    "apps":[
-        {
-            "status":true,
-            "secret":"public",
-            "name":"Default",
-            "id":"admin",
-            "expired":"undefined",
-            "desc":"Application user"
-        }
-    ]
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.1.5.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.1.5.json
deleted file mode 100644
index 3d3b9aa7e..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.1.5.json
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  "version": "4.1",
-  "users": [
-    {
-      "username": "admin",
-      "tags": "administrator",
-      "password": "R0TpDmJtE/d5rIXAm6YY61RI0mg="
-    }
-  ],
-  "schemas": [],
-  "rules": [],
-  "resources": [],
-  "date": "2021-04-07 14:28:58",
-  "blacklist": [],
-  "auth_username": [
-    {
-      "username":"user_for_test",
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU="
-    }
-  ],
-  "auth_mnesia": [
-    {
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU=",
-      "login": "user_mnesia",
-      "is_superuser": true
-    }
-  ],
-  "auth_clientid": [
-    {
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU=",
-      "clientid": "client_for_test"
-    }
-  ],
-  "apps": [
-    {
-      "status": true,
-      "secret": "public",
-      "name": "Default",
-      "id": "admin",
-      "expired": "undefined",
-      "desc": "Application user"
-    }
-  ],
-  "acl_mnesia": [
-    {
-      "topic": "Topic/A",
-      "login": "emqx_c",
-      "allow": true,
-      "action": "sub"
-    },
-    {
-      "topic": "Topic/A",
-      "login": "emqx_c",
-      "allow": true,
-      "action": "pub"
-    }
-  ]
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10-no-auth.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10-no-auth.json
deleted file mode 100644
index 446a46f07..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10-no-auth.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "version": "4.2",
-  "date": "2021-04-12 10:41:10",
-  "rules": [],
-  "resources": [],
-  "blacklist": [],
-  "apps": [
-    {
-      "id": "admin",
-      "secret": "public",
-      "name": "Default",
-      "desc": "Application user",
-      "status": true,
-      "expired": "undefined"
-    }
-  ],
-  "users": [
-    {
-      "username": "admin",
-      "password": "e5M8oWEwQVqjdqceQIthC+3cPoY=",
-      "tags": "administrator"
-    }
-  ],
-  "auth_clientid": [],
-  "auth_username": [],
-  "auth_mnesia": [],
-  "acl_mnesia": [],
-  "schemas": []
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10.json
deleted file mode 100644
index 1ccc6ce9d..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10.json
+++ /dev/null
@@ -1,53 +0,0 @@
-{
-  "version": "4.2",
-  "date": "2021-04-12 10:40:58",
-  "rules": [],
-  "resources": [],
-  "blacklist": [],
-  "apps": [
-    {
-      "id": "admin",
-      "secret": "public",
-      "name": "Default",
-      "desc": "Application user",
-      "status": true,
-      "expired": "undefined"
-    }
-  ],
-  "users": [
-    {
-      "username": "admin",
-      "password": "8Vd7+gVg2J3nE1Xjyxqd59sA5mo=",
-      "tags": "administrator"
-    }
-  ],
-  "auth_clientid": [
-    {
-      "clientid": "emqx_clientid",
-      "password": "UNb0e2RhNDc3NWIyNjg5Yjg4ZDExOTVhNWFkY2MzNGFmNzY2OTNmNmRlYzE4Y2ZiZjRjNzIyMWZlZTljZmEyZDE5Yzc="
-    }
-  ],
-  "auth_username": [],
-  "auth_mnesia": [
-    {
-      "login": "emqx_c",
-      "password": "ceb5e917f7930ae8f0dc3ceb496a428f7e644736eebca36a2b8f6bbac756171a",
-      "is_superuser": true
-    }
-  ],
-  "acl_mnesia": [
-    {
-      "login": "emqx_c",
-      "topic": "Topic/A",
-      "action": "sub",
-      "allow": true
-    },
-    {
-      "login": "emqx_c",
-      "topic": "Topic/A",
-      "action": "pub",
-      "allow": true
-    }
-  ],
-  "schemas": []
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.11.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.11.json
deleted file mode 100644
index 52a91ac68..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.11.json
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  "version": "4.2.11",
-  "date": "2021-04-12 10:40:58",
-  "rules": [],
-  "resources": [],
-  "blacklist": [],
-  "apps": [
-    {
-      "id": "admin",
-      "secret": "public",
-      "name": "Default",
-      "desc": "Application user",
-      "status": true,
-      "expired": "undefined"
-    }
-  ],
-  "users": [
-    {
-      "username": "test",
-      "password": "8Vd7+gVg2J3nE1Xjyxqd59sA5mo=",
-      "tags": "administrator"
-    }
-  ],
-  "auth_clientid": [
-    {
-      "clientid": "client_for_test",
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU="
-    }
-  ],
-  "auth_username": [
-    {
-      "username": "user_for_test",
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU="
-    }
-  ],
-  "auth_mnesia": [
-    {
-      "login": "user_mnesia",
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU=",
-      "is_superuser": true
-    }
-  ],
-  "acl_mnesia": [
-    {
-      "login": "emqx_c",
-      "topic": "Topic/A",
-      "action": "sub",
-      "allow": true
-    },
-    {
-      "login": "emqx_c",
-      "topic": "Topic/A",
-      "action": "pub",
-      "allow": true
-    }
-  ],
-  "schemas": []
-}
diff --git a/rebar.config b/rebar.config
index 66d24fe91..1d871d944 100644
--- a/rebar.config
+++ b/rebar.config
@@ -35,7 +35,6 @@
 {deps,
     [ {gpb, "4.11.2"} %% gpb only used to build, but not for release, pin it here to avoid fetching a wrong version due to rebar plugins scattered in all the deps
     , {ehttpc, {git, "https://github.com/emqx/ehttpc", {tag, "0.1.6"}}}
-    , {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.7"}}}
     , {gproc, {git, "https://github.com/uwiger/gproc", {tag, "0.8.0"}}}
     , {jiffy, {git, "https://github.com/emqx/jiffy", {tag, "1.0.5"}}}
     , {cowboy, {git, "https://github.com/emqx/cowboy", {tag, "2.8.2"}}}

From 503088186e591df65bbb2dc4a94ef7876af0d6f8 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 10:58:34 +0800
Subject: [PATCH 030/174] chore(CI): update ci env

---
 .github/workflows/run_test_cases.yaml | 43 ---------------------------
 1 file changed, 43 deletions(-)

diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml
index 3fbe88c40..812058111 100644
--- a/.github/workflows/run_test_cases.yaml
+++ b/.github/workflows/run_test_cases.yaml
@@ -56,64 +56,21 @@ jobs:
         - name: docker compose up
           if: env.EDITION == 'opensource'
           env:
-            MYSQL_TAG: 8
-            REDIS_TAG: 6
-            MONGO_TAG: 4
-            PGSQL_TAG: 13
-            LDAP_TAG: 2.4.50
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           run: |
             docker-compose \
                 -f .ci/docker-compose-file/docker-compose.yaml \
-                -f .ci/docker-compose-file/docker-compose-ldap-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-mongo-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
                 up -d --build
         - name: docker compose up
           if: env.EDITION == 'enterprise'
           env:
-            MYSQL_TAG: 8
-            REDIS_TAG: 6
-            MONGO_TAG: 4
-            PGSQL_TAG: 13
-            LDAP_TAG: 2.4.50
-            OPENTSDB_TAG: latest
-            INFLUXDB_TAG: 1.7.6
-            DYNAMODB_TAG: 1.11.477
-            TIMESCALE_TAG: latest-pg11
-            CASSANDRA_TAG: 3.11.6
-            RABBITMQ_TAG: 3.7
-            KAFKA_TAG: 2.5.0
-            PULSAR_TAG: 2.3.2
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           timeout-minutes: 20
           run: |
             docker-compose \
                 -f .ci/docker-compose-file/docker-compose.yaml \
-                -f .ci/docker-compose-file/docker-compose-ldap-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-mongo-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
                 -f .ci/docker-compose-file/docker-compose-enterprise.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-cassandra-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-dynamodb-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-influxdb-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-kafka-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-opentsdb-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-pulsar-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-rabbit-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-timescale-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-mysql-client.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-pgsql-and-timescale-client.yaml \
                 up -d --build
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-            while [ $(docker ps -a --filter name=client --filter exited=0 | wc -l) \
-                 != $(docker ps -a --filter name=client | wc -l) ]; do
-              sleep 5
-            done
         - name: run eunit
           run: |
             docker exec -i erlang bash -c "make eunit"

From 55613593f0e30064cff2e1e4386b050e34193649 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 11:35:26 +0800
Subject: [PATCH 031/174] chore: delete import and export feature

---
 apps/emqx_connector/rebar.config              |   2 +-
 ...x_bridge_mqtt_data_export_import_SUITE.erl | 184 -----------------
 .../409.json                                  |  68 ------
 .../415.json                                  |  70 -------
 .../420.json                                  |  70 -------
 .../430.json                                  |  76 -------
 .../ee4010.json                               |  68 ------
 .../ee410.json                                |  70 -------
 .../ee411.json                                |  70 -------
 .../ee420.json                                | 119 -----------
 .../ee425.json                                | 123 -----------
 .../ee430.json                                | 123 -----------
 .../test/emqx_mgmt_api_SUITE.erl              |  33 ---
 .../emqx_webhook_data_export_import_SUITE.erl | 194 ------------------
 .../409.json                                  |  43 ----
 .../415.json                                  |  42 ----
 .../422.json                                  |  43 ----
 .../423.json                                  |  44 ----
 .../425.json                                  |  47 -----
 .../430.json                                  |  52 -----
 .../ee4010.json                               |  43 ----
 .../ee410.json                                |  43 ----
 .../ee411.json                                |  43 ----
 .../ee420.json                                |  92 ---------
 .../ee425.json                                | 102 ---------
 .../ee430.json                                |  98 ---------
 26 files changed, 1 insertion(+), 1961 deletions(-)
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE.erl
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/409.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/415.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/420.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/430.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee4010.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee410.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee411.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee420.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee425.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee430.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE.erl
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/409.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/415.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/422.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/423.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/425.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/430.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee4010.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee410.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee411.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee420.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee425.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee430.json

diff --git a/apps/emqx_connector/rebar.config b/apps/emqx_connector/rebar.config
index 633b427cf..b12bd3edb 100644
--- a/apps/emqx_connector/rebar.config
+++ b/apps/emqx_connector/rebar.config
@@ -11,7 +11,7 @@
   %% NOTE: mind poolboy version when updating mongodb-erlang version
   {mongodb, {git,"https://github.com/emqx/mongodb-erlang", {tag, "v3.0.7"}}},
   %% NOTE: mind poolboy version when updating eredis_cluster version
-  {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.6"}}},
+  {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.7"}}},
   %% mongodb-erlang uses a special fork https://github.com/comtihon/poolboy.git
   %% (which has overflow_ttl feature added).
   %% However, it references `{branch, "master}` (commit 9c06a9a on 2021-04-07).
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE.erl b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE.erl
deleted file mode 100644
index 5667cb73f..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE.erl
+++ /dev/null
@@ -1,184 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_bridge_mqtt_data_export_import_SUITE).
--include_lib("eunit/include/eunit.hrl").
--include_lib("emqx_rule_engine/include/rule_engine.hrl").
--compile([export_all, nowarn_export_all]).
-
-% -define(EMQX_ENTERPRISE, true).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    application:load(emqx_modules),
-    application:load(emqx_bridge_mqtt),
-    emqx_ct_helpers:start_apps([emqx_rule_engine, emqx_management]),
-    Cfg.
-
-end_per_suite(Cfg) ->
-    emqx_ct_helpers:stop_apps([emqx_management, emqx_rule_engine]),
-    Cfg.
-
-get_data_path() ->
-    emqx_ct_helpers:deps_path(emqx_management, "test/emqx_bridge_mqtt_data_export_import_SUITE_data/").
-
-import(FilePath, Version) ->
-    ok = emqx_mgmt_data_backup:import(get_data_path() ++ "/" ++ FilePath, <<"{}">>),
-    timer:sleep(500),
-    lists:foreach(fun(#resource{id = Id, config = Config} = _Resource) ->
-        case Id of
-            <<"bridge">> ->
-                test_utils:resource_is_alive(Id),
-                handle_config(Config, Version, bridge);
-            <<"rpc">> ->
-                test_utils:resource_is_alive(Id),
-                handle_config(Config, Version, rpc);
-            _ -> ok
-        end
-    end, emqx_rule_registry:get_resources()).
-
-%%--------------------------------------------------------------------
-%% Cases
-%%--------------------------------------------------------------------
-
--ifndef(EMQX_ENTERPRISE).
-
-t_import420(_) ->
-    import("420.json", 420),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_import430(_) ->
-    import("430.json", 430),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_import409(_) ->
-    import("409.json", 409),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_import415(_) ->
-    import("415.json", 415),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-
-handle_config(Config, 420, bridge) ->
-    ?assertEqual(false, maps:get(<<"ssl">>, Config));
-
-handle_config(Config, 430, bridge) ->
-    ?assertEqual(false, maps:get(<<"ssl">>, Config));
-
-handle_config(Config, 420, rpc) ->
-    handle_config(Config, 430, rpc);
-
-handle_config(Config, 409, rpc) ->
-    handle_config(Config, 420, rpc);
-
-handle_config(Config, 415, rpc) ->
-    handle_config(Config, 420, rpc);
-
-handle_config(Config, 409, bridge) ->
-    handle_config(Config, 420, bridge);
-
-handle_config(Config, 415, bridge) ->
-    handle_config(Config, 420, bridge);
-
-handle_config(Config, 430, rpc) ->
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"address">>, Config)),
-    ?assertEqual(32, maps:get(<<"batch_size">>, Config)),
-    ?assertEqual(<<"off">>, maps:get(<<"disk_cache">>, Config)),
-    ?assertEqual(<<"bridge/emqx/${node}/">>, maps:get(<<"mountpoint">>, Config)),
-    ?assertEqual(<<"30s">>, maps:get(<<"reconnect_interval">>, Config)),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-
-handle_config(_, _, _) -> ok.
-
--endif.
-
--ifdef(EMQX_ENTERPRISE).
-
-t_importee4010(_) ->
-    import("ee4010.json", ee4010),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee410(_) ->
-    import("ee410.json", ee410),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee411(_) ->
-    import("ee411.json", ee411),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee420(_) ->
-    import("ee420.json", ee420),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee425(_) ->
-    import("ee425.json", ee425),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee430(_) ->
-    import("ee430.json", ee430),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-%%--------------------------------------------------------------------
-%% handle_config
-%%--------------------------------------------------------------------
-
-handle_config(Config, ee4010, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee410, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee411, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee420, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee425, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee430, bridge) ->
-    ?assertEqual(false, maps:get(<<"ssl">>, Config));
-
-handle_config(Config, ee430, rpc) ->
-    ?assertEqual(<<"off">>, maps:get(<<"disk_cache">>, Config));
-
-handle_config(Config, ee435, Id) ->
-    handle_config(Config, ee430, Id).
--endif.
-
-remove_resources() ->
-    timer:sleep(500),
-    lists:foreach(fun(#resource{id = Id}) ->
-        emqx_rule_engine:delete_resource(Id)
-    end, emqx_rule_registry:get_resources()),
-    timer:sleep(500).
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/409.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/409.json
deleted file mode 100644
index cb50a31af..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/409.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-    "version": "4.0",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "m/GtjNgri9GILklefVJH8BeTnNE="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "user",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "password": "passwd",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "bridge_aws",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": true,
-                "address": "127.0.0.1:1883"
-            }
-        },
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        }
-    ],
-    "date": "2021-03-30 13:38:39",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/415.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/415.json
deleted file mode 100644
index 176ac1f71..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/415.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "3W+nHOkCZLFspENkIvHKzCbHxHI="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        },
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "user",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "pool_size": 8,
-                "password": "passwd",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "client",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": true,
-                "append": true,
-                "address": "127.0.0.1:1883"
-            }
-        }
-    ],
-    "date": "2021-03-30 13:52:53",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/420.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/420.json
deleted file mode 100644
index 9922e459f..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/420.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-03-23 23:22:30",
-    "rules": [],
-    "resources": [
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": null,
-            "description": "rpc"
-        },
-        {
-            "id": "bridge",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": "etc/certs/cacert.pem",
-                "certfile": "etc/certs/client-cert.pem",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": "etc/certs/client-key.pem",
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": "off",
-                "username": ""
-            },
-            "created_at": null,
-            "description": "bridge"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "mOTRLWt85F7GW+CSiBuRUZiRANw=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_clientid": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/430.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/430.json
deleted file mode 100644
index 4f535bfb7..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/430.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-    "version": "4.3",
-    "rules": [],
-    "resources": [
-        {
-            "id": "brigde",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": {
-                    "filename": "etc/certs/cacert.pem",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "etc/certs/client-cert.pem",
-                    "file": ""
-                },
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": {
-                    "filename": "etc/certs/client-key.pem",
-                    "file": ""
-                },
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": false,
-                "username": ""
-            },
-            "created_at": 1616635569139,
-            "description": "brigde"
-        },
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": 1616635583552,
-            "description": "rpc"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "q8v7hISIMz+iKn/ZuAaogvAxKbA=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "date": "2021-03-25 09:26:34"
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee4010.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee4010.json
deleted file mode 100644
index fedd35884..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee4010.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-    "version": "4.0",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "GCX5nvOMK0hbiMB4AUyc25wI8fU="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "user",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "password": "passwd",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "bridge_aws",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": true,
-                "address": "127.0.0.1:1883"
-            }
-        },
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        }
-    ],
-    "date": "2021-04-13 13:57:23",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee410.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee410.json
deleted file mode 100644
index 8a6f7129b..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee410.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "atdwlByxL9/9P3CoFJ60drhodkY="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        },
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "pool_size": 8,
-                "password": "",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "client",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": false,
-                "append": true,
-                "address": "127.0.0.1:1883"
-            }
-        }
-    ],
-    "date": "2021-04-13 11:30:21",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee411.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee411.json
deleted file mode 100644
index 6bbd3ac7b..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee411.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "tsYtP3TylchkM7J7YTc46Di0kPk="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        },
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "pool_size": 8,
-                "password": "",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "client",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": false,
-                "append": true,
-                "address": "127.0.0.1:1883"
-            }
-        }
-    ],
-    "date": "2021-04-13 16:37:18",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee420.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee420.json
deleted file mode 100644
index 3b56495d1..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee420.json
+++ /dev/null
@@ -1,119 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-04-13 11:35:13",
-    "modules": [
-        {
-            "id": "module:b9294d70",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:c7c7b692",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:486adc4b",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:411cf85d",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:127b92c3",
-            "type": "hot_confs",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        }
-    ],
-    "rules": [],
-    "resources": [
-        {
-            "id": "bridge",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": "etc/certs/cacert.pem",
-                "certfile": "etc/certs/client-cert.pem",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": "etc/certs/client-key.pem",
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": "off",
-                "username": ""
-            },
-            "created_at": null,
-            "description": "bridge"
-        },
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": null,
-            "description": "rpc"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "bx1P63qGDhKvZYdltxX4NVY2kS4=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee425.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee425.json
deleted file mode 100644
index c6a80b9f6..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee425.json
+++ /dev/null
@@ -1,123 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-04-13 16:42:34",
-    "modules": [
-        {
-            "id": "module:3dc04a9c",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:5128901f",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:9d1596c8",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:43d43410",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        }
-    ],
-    "rules": [],
-    "resources": [
-        {
-            "id": "bridge",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": false,
-                "username": "",
-                "verify": false
-            },
-            "created_at": null,
-            "description": "bridge"
-        },
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": null,
-            "description": "rpc"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "Hd8AMmbFs+LsqQXQxaV/WqLoGEk=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": [],
-    "configs": [],
-    "listeners_state": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee430.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee430.json
deleted file mode 100644
index 2b7e66013..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee430.json
+++ /dev/null
@@ -1,123 +0,0 @@
-{
-    "version": "4.3",
-    "rules": [],
-    "resources": [
-        {
-            "id": "bridge",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": false,
-                "username": "",
-                "verify": false
-            },
-            "created_at": 1618304391051,
-            "description": "bridge"
-        },
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": 1618304406842,
-            "description": "rpc"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "qq8hg9pOkmYiHqzi3+bcUaK2CGA=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "modules": [
-        {
-            "id": "module:aabeddbf",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:cbe6d976",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:46375e06",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:091eb7c3",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        }
-    ],
-    "schemas": [],
-    "configs": [],
-    "listeners_state": [],
-    "date": "2021-04-13 17:59:52"
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
index 22d4f51ef..d372596ed 100644
--- a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
@@ -537,39 +537,6 @@ t_stats(_) ->
     ?assertEqual(<<"undefined">>, get(<<"message">>, Return)),
     meck:unload(emqx_mgmt).
 
-t_data(_) ->
-    ok = emqx_rule_registry:mnesia(boot),
-    ok = emqx_dashboard_admin:mnesia(boot),
-    application:ensure_all_started(emqx_rule_engine),
-    application:ensure_all_started(emqx_dashboard),
-    {ok, Data} = request_api(post, api_path(["data","export"]), [], auth_header_(), [#{}]),
-    #{<<"filename">> := Filename, <<"node">> := Node} = emqx_ct_http:get_http_data(Data),
-    {ok, DataList} = request_api(get, api_path(["data","export"]), auth_header_()),
-    ?assertEqual(true, lists:member(emqx_ct_http:get_http_data(Data), emqx_ct_http:get_http_data(DataList))),
-
-    ?assertMatch({ok, _}, request_api(post, api_path(["data","import"]), [], auth_header_(), #{<<"filename">> => Filename, <<"node">> => Node})),
-    ?assertMatch({ok, _}, request_api(post, api_path(["data","import"]), [], auth_header_(), #{<<"filename">> => Filename})),
-    application:stop(emqx_rule_engine),
-    application:stop(emqx_dahboard),
-    ok.
-
-t_data_import_content(_) ->
-    ok = emqx_rule_registry:mnesia(boot),
-    ok = emqx_dashboard_admin:mnesia(boot),
-    application:ensure_all_started(emqx_rule_engine),
-    application:ensure_all_started(emqx_dashboard),
-    {ok, Data} = request_api(post, api_path(["data","export"]), [], auth_header_(), [#{}]),
-    #{<<"filename">> := Filename} = emqx_ct_http:get_http_data(Data),
-    Dir = emqx:get_env(data_dir),
-    {ok, Bin} = file:read_file(filename:join(Dir, Filename)),
-    Content = emqx_json:decode(Bin),
-    %% TODO: enable when 5.0 if we are still using data export/import
-    %?assertMatch({ok, "{\"code\":0}"}, request_api(post, api_path(["data","import"]), [], auth_header_(), Content)),
-    ?assertMatch({ok, "{\"message\":\"5.0\",\"code\":\"unsupported_version\"}"},
-                 request_api(post, api_path(["data","import"]), [], auth_header_(), Content)),
-    application:stop(emqx_rule_engine),
-    application:stop(emqx_dahboard).
-
 request_api(Method, Url, Auth) ->
     request_api(Method, Url, [], Auth, []).
 
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE.erl b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE.erl
deleted file mode 100644
index 2965b7ad0..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE.erl
+++ /dev/null
@@ -1,194 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_webhook_data_export_import_SUITE).
--include_lib("eunit/include/eunit.hrl").
--include_lib("emqx_rule_engine/include/rule_engine.hrl").
--compile([export_all, nowarn_export_all]).
-
-% -define(EMQX_ENTERPRISE, true).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    application:load(emqx_modules),
-    application:load(emqx_web_hook),
-    emqx_ct_helpers:start_apps([emqx_rule_engine, emqx_management]),
-    ok = emqx_rule_registry:mnesia(boot),
-    ok = emqx_rule_engine:load_providers(),
-    Cfg.
-
-end_per_suite(Cfg) ->
-    emqx_ct_helpers:stop_apps([emqx_management, emqx_rule_engine]),
-    Cfg.
-
-get_data_path() ->
-    emqx_ct_helpers:deps_path(emqx_management, "test/emqx_webhook_data_export_import_SUITE_data/").
-
-remove_resource(Id) ->
-    emqx_rule_registry:remove_resource(Id),
-    emqx_rule_registry:remove_resource_params(Id).
-
-import(FilePath, Version) ->
-    ok = emqx_mgmt_data_backup:import(get_data_path() ++ "/" ++ FilePath, <<"{}">>),
-    lists:foreach(fun(#resource{id = Id, config = Config} = _Resource) ->
-        case Id of
-            <<"webhook">> ->
-                test_utils:resource_is_alive(Id),
-                handle_config(Config, Version),
-                remove_resource(Id);
-            _ -> ok
-        end
-    end, emqx_rule_registry:get_resources()).
-
-%%--------------------------------------------------------------------
-%% Cases
-%%--------------------------------------------------------------------
--ifdef(EMQX_ENTERPRISE).
-
-t_importee4010(_) ->
-    import("ee4010.json", ee4010),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee410(_) ->
-    import("ee410.json", ee410),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee411(_) ->
-    import("ee411.json", ee411),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee420(_) ->
-    import("ee420.json", ee420),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee425(_) ->
-    import("ee425.json", ee425),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee430(_) ->
-    import("ee430.json", ee430),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-%%--------------------------------------------------------------------
-%% handle_config
-%%--------------------------------------------------------------------
-handle_config(Config, 409) ->
-    handle_config(Config, 422);
-
-handle_config(Config, 415) ->
-    handle_config(Config, 422);
-
-handle_config(Config, 422) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"POST">>, maps:get(<<"method">>, Config)),
-    ?assertEqual(#{"k" => "v"}, maps:get(<<"headers">>, Config));
-
-handle_config(Config, 423) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"POST">>, maps:get(<<"method">>, Config)),
-    ?assertEqual("application/json", maps:get(<<"content_type">>, Config)),
-    ?assertEqual(#{"k" => "v"}, maps:get(<<"headers">>, Config));
-
-handle_config(Config, 425) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"POST">>, maps:get(<<"method">>, Config)),
-    ?assertEqual(#{"k" => "v"}, maps:get(<<"headers">>, Config)),
-    ?assertEqual(5, maps:get(<<"connect_timeout">>, Config)),
-    ?assertEqual(5, maps:get(<<"request_timeout">>, Config)),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-
-handle_config(Config, 430) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"POST">>, maps:get(<<"method">>, Config)),
-    ?assertEqual(#{"k" => "v"}, maps:get(<<"headers">>, Config)),
-    ?assertEqual("5s", maps:get(<<"connect_timeout">>, Config)),
-    ?assertEqual("5s", maps:get(<<"request_timeout">>, Config)),
-    ?assertEqual(false, maps:get(<<"verify">>, Config)),
-    ?assertEqual(true, is_map(maps:get(<<"cacertfile">>, Config))),
-    ?assertEqual(true, is_map(maps:get(<<"certfile">>, Config))),
-    ?assertEqual(true, is_map(maps:get(<<"keyfile">>, Config))),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-handle_config(_, _) -> ok.
--endif.
-
--ifndef(EMQX_ENTERPRISE).
-
-t_import422(_) ->
-    import("422.json", 422),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import423(_) ->
-    import("423.json", 423),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import425(_) ->
-    import("425.json", 425),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import430(_) ->
-    import("430.json", 430),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import409(_) ->
-    import("409.json", 409),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import415(_) ->
-    import("415.json", 415),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-%%--------------------------------------------------------------------
-%% handle_config
-%%--------------------------------------------------------------------
-
-handle_config(Config, ee4010) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config));
-
-handle_config(Config, ee410) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config));
-
-handle_config(Config, ee411) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config));
-
-handle_config(Config, ee420) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config));
-
-handle_config(Config, ee425) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"5s">>, maps:get(<<"connect_timeout">>, Config)),
-    ?assertEqual(<<"5s">>, maps:get(<<"request_timeout">>, Config)),
-    ?assertEqual(false, maps:get(<<"verify">>, Config)),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-
-handle_config(Config, ee435) ->
-    handle_config(Config, ee430);
-
-handle_config(Config, ee430) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"5s">>, maps:get(<<"connect_timeout">>, Config)),
-    ?assertEqual(<<"5s">>, maps:get(<<"request_timeout">>, Config)),
-    ?assertEqual(false, maps:get(<<"verify">>, Config)),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-
-handle_config(Config, _) ->
-    io:format("|>=> :~p~n", [Config]).
-
--endif.
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/409.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/409.json
deleted file mode 100644
index 01591e107..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/409.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.0",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "m/GtjNgri9GILklefVJH8BeTnNE="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "webhook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            }
-        }
-    ],
-    "date": "2021-03-30 13:38:39",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/415.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/415.json
deleted file mode 100644
index ca6d7dd05..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/415.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "3W+nHOkCZLFspENkIvHKzCbHxHI="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "webhook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "url": "http://www.emqx.io",
-                "method": "POST",
-                "headers": {
-                    "k": "v"
-                }
-            }
-        }
-    ],
-    "date": "2021-03-30 13:52:53",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/422.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/422.json
deleted file mode 100644
index 4bddd6344..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/422.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-03-23 23:22:30",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            },
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "mOTRLWt85F7GW+CSiBuRUZiRANw=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_clientid": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/423.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/423.json
deleted file mode 100644
index c9f8edbad..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/423.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-03-23 23:29:24",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            },
-            "content_type": "application/json",
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "mOTRLWt85F7GW+CSiBuRUZiRANw=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_clientid": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/425.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/425.json
deleted file mode 100644
index 7893c4624..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/425.json
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-03-24 14:51:22",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            },
-            "content_type": "application/json",
-            "connect_timeout" : 5,
-            "request_timeout" : 5,
-            "pool_size" : 8,
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "mOTRLWt85F7GW+CSiBuRUZiRANw=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_clientid": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/430.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/430.json
deleted file mode 100644
index 9472152f9..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/430.json
+++ /dev/null
@@ -1,52 +0,0 @@
-{
-    "version": "4.3",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "connect_timeout": "5s",
-                "pool_size": 8,
-                "request_timeout": "5s",
-                "url": "http://www.emqx.io",
-                "verify": false
-            },
-            "created_at": 1616581851001,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "q8v7hISIMz+iKn/ZuAaogvAxKbA=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "date": "2021-03-24 18:31:21"
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee4010.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee4010.json
deleted file mode 100644
index d979d1d0d..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee4010.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.0",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "GCX5nvOMK0hbiMB4AUyc25wI8fU="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "web_hook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "url": "http://www.emqx.io",
-                "method": "POST",
-                "headers": {
-                    "k": "v"
-                }
-            }
-        }
-    ],
-    "date": "2021-04-13 13:57:23",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee410.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee410.json
deleted file mode 100644
index e97427e01..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee410.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "atdwlByxL9/9P3CoFJ60drhodkY="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "webhook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "url": "http://www.emqx.io",
-                "method": "POST",
-                "headers": {
-                    "k": "v"
-                }
-            }
-        }
-    ],
-    "date": "2021-04-13 11:30:21",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee411.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee411.json
deleted file mode 100644
index ed7fab854..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee411.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "tsYtP3TylchkM7J7YTc46Di0kPk="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "web_hook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "url": "http://www.emqx.io",
-                "method": "POST",
-                "headers": {
-                    "k": "v"
-                }
-            }
-        }
-    ],
-    "date": "2021-04-13 16:37:18",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee420.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee420.json
deleted file mode 100644
index 52ad0c83f..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee420.json
+++ /dev/null
@@ -1,92 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-04-13 11:35:13",
-    "modules": [
-        {
-            "id": "module:b9294d70",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:c7c7b692",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:486adc4b",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:411cf85d",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:127b92c3",
-            "type": "hot_confs",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        }
-    ],
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            },
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "bx1P63qGDhKvZYdltxX4NVY2kS4=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee425.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee425.json
deleted file mode 100644
index 46a1870bf..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee425.json
+++ /dev/null
@@ -1,102 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-04-13 16:42:34",
-    "modules": [
-        {
-            "id": "module:3dc04a9c",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:5128901f",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:9d1596c8",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:43d43410",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        }
-    ],
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "connect_timeout": "5s",
-                "headers": {
-                    "k": "v"
-                },
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "method": "POST",
-                "pool_size": 8,
-                "request_timeout": "5s",
-                "url": "http://www.emqx.io",
-                "verify": false
-            },
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "Hd8AMmbFs+LsqQXQxaV/WqLoGEk=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": [],
-    "configs": [],
-    "listeners_state": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee430.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee430.json
deleted file mode 100644
index 36986f24b..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee430.json
+++ /dev/null
@@ -1,98 +0,0 @@
-{
-    "version": "4.3",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "connect_timeout": "5s",
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "pool_size": 8,
-                "request_timeout": "5s",
-                "url": "http://www.emqx.io",
-                "verify": false
-            },
-            "created_at": 1618304340172,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "qq8hg9pOkmYiHqzi3+bcUaK2CGA=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "modules": [
-        {
-            "id": "module:aabeddbf",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:cbe6d976",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:46375e06",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:091eb7c3",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        }
-    ],
-    "schemas": [],
-    "configs": [],
-    "listeners_state": [],
-    "date": "2021-04-13 17:59:52"
-}
\ No newline at end of file

From f227f5c0230cb67dfbc647dbedfd740bba883b34 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 13:52:41 +0800
Subject: [PATCH 032/174] chore(CI): delete compatibility test suite

---
 .github/workflows/run_cts_tests.yaml | 407 ---------------------------
 1 file changed, 407 deletions(-)
 delete mode 100644 .github/workflows/run_cts_tests.yaml

diff --git a/.github/workflows/run_cts_tests.yaml b/.github/workflows/run_cts_tests.yaml
deleted file mode 100644
index 487d8fae7..000000000
--- a/.github/workflows/run_cts_tests.yaml
+++ /dev/null
@@ -1,407 +0,0 @@
-name: Compatibility Test Suite
-
-on:
-  push:
-    tags:
-      - v*
-      - e*
-  pull_request:
-
-jobs:
-  ldap:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        ldap_tag:
-        - 2.4.50
-        network_type:
-        - ipv4
-        - ipv6
-
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker compose up
-        env:
-          LDAP_TAG: ${{ matrix.ldap_tag }}
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-ldap-tcp.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-      - name: setup
-        if: matrix.network_type == 'ipv4'
-        run: |
-          echo EMQX_AUTH__LDAP__SERVERS=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ldap) >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv6'
-        run: |
-          echo EMQX_AUTH__LDAP__SERVERS=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' ldap) >> "$GITHUB_ENV"
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
-          export HOCON_ENV_OVERRIDE_PREFIX=EMQX_
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_ldap"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_ldap-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_ldap${{ matrix.ldap_tag }}_${{ matrix.network_type }}
-          path: _build/test/logs
-
-  mongo:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        mongo_tag:
-        - 3
-        - 4
-        network_type:
-        - ipv4
-        - ipv6
-        connect_type:
-        - tls
-        - tcp
-
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker-compose up
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-mongo-${{ matrix.connect_type }}.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-      - name: setup
-        env:
-          MONGO_TAG: ${{ matrix.mongo_tag }}
-        if: matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__MONGO__SSL__ENABLE=on
-          EMQX_AUTH__MONGO__SSL__CACERTFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
-          EMQX_AUTH__MONGO__SSL__CERTFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
-          EMQX_AUTH__MONGO__SSL__KEYFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
-          EMQX_AUTH__MONGO__SSL__VERIFY=true
-          EMQX_AUTH__MONGO__SSL__SERVER_NAME_INDICATION=disable
-          EOF
-      - name: setup
-        env:
-          MONGO_TAG: ${{ matrix.mongo_tag }}
-        if: matrix.connect_type == 'tcp'
-        run: |
-          echo EMQX_AUTH__MONGO__SSL__ENABLE=off >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv4'
-        run: |
-          echo "EMQX_AUTH__MONGO__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mongo):27017" >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv6'
-        run: |
-          echo "EMQX_AUTH__MONGO__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mongo):27017" >> "$GITHUB_ENV"
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
-          export HOCON_ENV_OVERRIDE_PREFIX=EMQX_
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_mongo"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_mongo-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_mongo${{ matrix.mongo_tag }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
-          path: _build/test/logs
-
-  mysql:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        mysql_tag:
-        - 5.7
-        - 8
-        network_type:
-        - ipv4
-        - ipv6
-        connect_type:
-        - tls
-        - tcp
-
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker-compose up
-        timeout-minutes: 5
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-mysql-${{ matrix.connect_type }}.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-          while [ $(docker ps -a --filter name=client --filter exited=0 | wc -l) \
-                 != $(docker ps -a --filter name=client | wc -l) ]; do
-              sleep 5
-          done
-      - name: setup
-        env:
-          MYSQL_TAG: ${{ matrix.mysql_tag }}
-        if: matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-            EMQX_AUTH__MYSQL__SSL__ENABLE=on
-            EMQX_AUTH__MYSQL__USERNAME=ssluser
-            EMQX_AUTH__MYSQL__PASSWORD=public
-            EMQX_AUTH__MYSQL__DATABASE=mqtt
-            EMQX_AUTH__MYSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
-            EMQX_AUTH__MYSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
-            EMQX_AUTH__MYSQL__SSL__KEYFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
-            EMQX_AUTH__MYSQL__SSL__VERIFY=true
-            EMQX_AUTH__MYSQL__SSL__SERVER_NAME_INDICATION=disable
-          EOF
-      - name: setup
-        env:
-          MYSQL_TAG: ${{ matrix.mysql_tag }}
-        if: matrix.connect_type == 'tcp'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-            EMQX_AUTH__MYSQL__USERNAME=root
-            EMQX_AUTH__MYSQL__PASSWORD=public
-            EMQX_AUTH__MYSQL__DATABASE=mqtt
-            EMQX_AUTH__MYSQL__SSL__ENABLE=off
-          EOF
-      - name: setup
-        if: matrix.network_type == 'ipv4'
-        run: |
-          echo "EMQX_AUTH__MYSQL__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql):3306" >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv6'
-        run: |
-          echo "EMQX_AUTH__MYSQL__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mysql):3306" >> "$GITHUB_ENV"
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
-          export HOCON_ENV_OVERRIDE_PREFIX=EMQX_
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_mysql"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_mysql-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_mysql${{ matrix.mysql_tag }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
-          path: _build/test/logs
-
-  pgsql:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        pgsql_tag:
-        - 9
-        - 10
-        - 11
-        - 12
-        - 13
-        network_type:
-        - ipv4
-        - ipv6
-        connect_type:
-        - tls
-        - tcp
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker-compose up
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-pgsql-${{ matrix.connect_type }}.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-      - name: setup
-        env:
-          PGSQL_TAG: ${{ matrix.pgsql_tag }}
-        if: matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__PGSQL__SSL__ENABLE=on
-          EMQX_AUTH__PGSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem
-          EMQX_AUTH__PGSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem
-          EMQX_AUTH__PGSQL__SSL__KEYFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem
-          EMQX_AUTH__PGSQL__SSL__VERIFY=true
-          EMQX_AUTH__PGSQL__SSL__SERVER_NAME_INDICATION=disable
-          EOF
-      - name: setup
-        env:
-          PGSQL_TAG: ${{ matrix.pgsql_tag }}
-        if: matrix.connect_type == 'tcp'
-        run: |
-          echo EMQX_AUTH__PGSQL__SSL__ENABLE=off >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv4'
-        run: |
-          echo "EMQX_AUTH__PGSQL__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pgsql):5432" >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv6'
-        run: |
-          echo "EMQX_AUTH__PGSQL__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' pgsql):5432" >> "$GITHUB_ENV"
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export EMQX_AUTH__PGSQL__USERNAME=root \
-                 EMQX_AUTH__PGSQL__PASSWORD=public \
-                 EMQX_AUTH__PGSQL__DATABASE=mqtt \
-                 CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_ \
-                 HOCON_ENV_OVERRIDE_PREFIX=EMQX_
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_pgsql"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_pgsql-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_pgsql${{ matrix.pgsql_tag }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
-          path: _build/test/logs
-
-  redis:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        redis_tag:
-        - 5
-        - 6
-        network_type:
-        - ipv4
-        - ipv6
-        connect_type:
-        - tls
-        - tcp
-        node_type:
-        - single
-        - sentinel
-        - cluster
-        exclude:
-        - redis_tag: 5
-          connect_type: tls
-
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker-compose up
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-redis-${{ matrix.node_type }}-${{ matrix.connect_type }}.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-      - name: setup
-        env:
-          REDIS_TAG: ${{ matrix.redis_tag }}
-        if: matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__SSL__ENABLE=on
-          EMQX_AUTH__REDIS__SSL__CACERTFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
-          EMQX_AUTH__REDIS__SSL__CERTFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
-          EMQX_AUTH__REDIS__SSL__KEYFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key
-          EMQX_AUTH__REDIS__SSL__VERIFY=true
-          EMQX_AUTH__REDIS__SSL__SERVER_NAME_INDICATION=disable
-          EOF
-      - name: setup
-        env:
-          REDIS_TAG: ${{ matrix.redis_tag }}
-        if: matrix.connect_type == 'tcp'
-        run: |
-          echo EMQX_AUTH__REDIS__SSL__ENABLE=off >> "$GITHUB_ENV"
-      - name: get server address
-        run: |
-          ipv4_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' redis)
-          ipv6_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' redis)
-          cat <<-EOF >> "$GITHUB_ENV"
-          redis_ipv4_address=$ipv4_address
-          redis_ipv6_address=$ipv6_address
-          EOF
-      - name: setup
-        if: matrix.node_type == 'single' && matrix.connect_type == 'tcp'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=single
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:6379
-          EOF
-      - name: setup
-        if: matrix.node_type == 'single' && matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=single
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:6380
-          EOF
-      - name: setup
-        if: matrix.node_type == 'sentinel' && matrix.connect_type == 'tcp'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=sentinel
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:26379
-          EMQX_AUTH__REDIS__SENTINEL=mymaster
-          EOF
-      - name: setup
-        if: matrix.node_type == 'sentinel' && matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=sentinel
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:26380
-          EMQX_AUTH__REDIS__SENTINEL=mymaster
-          EOF
-      - name: setup
-        if: matrix.node_type == 'cluster' && matrix.connect_type == 'tcp'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=cluster
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:7000
-          EOF
-      - name: setup
-        if: matrix.node_type == 'cluster' && matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=cluster
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:8000
-          EOF
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
-          export EMQX_AUTH__REIDS__PASSWORD=public
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_redis"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_redis-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_redis${{ matrix.redis_tag }}_${{ matrix.node_type }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
-          path: _build/test/logs

From c79e478c42bf16a575c578325cd6164d0cf868e1 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 17:36:32 +0800
Subject: [PATCH 033/174] chore: delete internal acl code

---
 apps/emqx/src/emqx_access_rule.erl            | 152 ------------------
 apps/emqx/src/emqx_schema.erl                 |   3 +-
 apps/emqx/test/emqx_SUITE_data/loaded_modules |   3 +-
 .../emqx/test/emqx_access_SUITE_data/acl.conf |  15 --
 .../acl_deny_action.conf                      |   3 -
 apps/emqx/test/emqx_access_rule_SUITE.erl     |  97 -----------
 apps/emqx_coap/test/emqx_coap_SUITE.erl       |  23 ++-
 .../src/emqx_mod_acl_internal.erl             | 122 --------------
 apps/emqx_modules/src/emqx_modules.erl        |  18 ---
 .../test/emqx_mod_acl_internal_SUITE.erl      |  64 --------
 apps/emqx_modules/test/emqx_modules_SUITE.erl |   3 +-
 deploy/charts/emqx/values.yaml                |   1 -
 deploy/docker/README.md                       |   3 +-
 13 files changed, 19 insertions(+), 488 deletions(-)
 delete mode 100644 apps/emqx/src/emqx_access_rule.erl
 delete mode 100644 apps/emqx/test/emqx_access_SUITE_data/acl.conf
 delete mode 100644 apps/emqx/test/emqx_access_SUITE_data/acl_deny_action.conf
 delete mode 100644 apps/emqx/test/emqx_access_rule_SUITE.erl
 delete mode 100644 apps/emqx_modules/src/emqx_mod_acl_internal.erl
 delete mode 100644 apps/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl

diff --git a/apps/emqx/src/emqx_access_rule.erl b/apps/emqx/src/emqx_access_rule.erl
deleted file mode 100644
index 5a607dd16..000000000
--- a/apps/emqx/src/emqx_access_rule.erl
+++ /dev/null
@@ -1,152 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2017-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_access_rule).
-
-%% APIs
--export([ match/3
-        , compile/1
-        ]).
-
--export_type([rule/0]).
-
--type(acl_result() :: allow | deny).
-
--type(who() :: all | binary() |
-               {client, binary()} |
-               {user, binary()} |
-               {ipaddr, esockd_cidr:cidr_string()}).
-
--type(access() :: subscribe | publish | pubsub).
-
--type(rule() :: {acl_result(), all} |
-                {acl_result(), who(), access(), list(emqx_topic:topic())}).
-
--define(ALLOW_DENY(A), ((A =:= allow) orelse (A =:= deny))).
--define(PUBSUB(A), ((A =:= subscribe) orelse (A =:= publish) orelse (A =:= pubsub))).
-
-%% @doc Compile Access Rule.
-compile({A, all}) when ?ALLOW_DENY(A) ->
-    {A, all};
-
-compile({A, Who, Access, Topic}) when ?ALLOW_DENY(A), ?PUBSUB(Access), is_binary(Topic) ->
-    {A, compile(who, Who), Access, [compile(topic, Topic)]};
-
-compile({A, Who, Access, TopicFilters}) when ?ALLOW_DENY(A), ?PUBSUB(Access) ->
-    {A, compile(who, Who), Access, [compile(topic, Topic) || Topic <- TopicFilters]}.
-
-compile(who, all) ->
-    all;
-compile(who, {ipaddr, CIDR}) ->
-    {ipaddr, esockd_cidr:parse(CIDR, true)};
-compile(who, {client, all}) ->
-    {client, all};
-compile(who, {client, ClientId}) ->
-    {client, bin(ClientId)};
-compile(who, {user, all}) ->
-    {user, all};
-compile(who, {user, Username}) ->
-    {user, bin(Username)};
-compile(who, {'and', Conds}) when is_list(Conds) ->
-    {'and', [compile(who, Cond) || Cond <- Conds]};
-compile(who, {'or', Conds}) when is_list(Conds) ->
-    {'or', [compile(who, Cond) || Cond <- Conds]};
-
-compile(topic, {eq, Topic}) ->
-    {eq, emqx_topic:words(bin(Topic))};
-compile(topic, Topic) ->
-    Words = emqx_topic:words(bin(Topic)),
-    case pattern(Words) of
-        true  -> {pattern, Words};
-        false -> Words
-    end.
-
-pattern(Words) ->
-    lists:member(<<"%u">>, Words) orelse lists:member(<<"%c">>, Words).
-
-bin(L) when is_list(L) ->
-    list_to_binary(L);
-bin(B) when is_binary(B) ->
-    B.
-
-%% @doc Match access rule
--spec(match(emqx_types:clientinfo(), emqx_types:topic(), rule())
-      -> {matched, allow} | {matched, deny} | nomatch).
-match(_ClientInfo, _Topic, {AllowDeny, all}) when ?ALLOW_DENY(AllowDeny) ->
-    {matched, AllowDeny};
-match(ClientInfo, Topic, {AllowDeny, Who, _PubSub, TopicFilters})
-    when ?ALLOW_DENY(AllowDeny) ->
-    case match_who(ClientInfo, Who)
-         andalso match_topics(ClientInfo, Topic, TopicFilters) of
-        true  -> {matched, AllowDeny};
-        false -> nomatch
-    end.
-
-match_who(_ClientInfo, all) ->
-    true;
-match_who(_ClientInfo, {user, all}) ->
-    true;
-match_who(_ClientInfo, {client, all}) ->
-    true;
-match_who(#{clientid := ClientId}, {client, ClientId}) ->
-    true;
-match_who(#{username := Username}, {user, Username}) ->
-    true;
-match_who(#{peerhost := undefined}, {ipaddr, _Tup}) ->
-    false;
-match_who(#{peerhost := IP}, {ipaddr, CIDR}) ->
-    esockd_cidr:match(IP, CIDR);
-match_who(ClientInfo, {'and', Conds}) when is_list(Conds) ->
-    lists:foldl(fun(Who, Allow) ->
-                  match_who(ClientInfo, Who) andalso Allow
-                end, true, Conds);
-match_who(ClientInfo, {'or', Conds}) when is_list(Conds) ->
-    lists:foldl(fun(Who, Allow) ->
-                  match_who(ClientInfo, Who) orelse Allow
-                end, false, Conds);
-match_who(_ClientInfo, _Who) ->
-    false.
-
-match_topics(_ClientInfo, _Topic, []) ->
-    false;
-match_topics(ClientInfo, Topic, [{pattern, PatternFilter}|Filters]) ->
-    TopicFilter = feed_var(ClientInfo, PatternFilter),
-    match_topic(emqx_topic:words(Topic), TopicFilter)
-        orelse match_topics(ClientInfo, Topic, Filters);
-match_topics(ClientInfo, Topic, [TopicFilter|Filters]) ->
-   match_topic(emqx_topic:words(Topic), TopicFilter)
-       orelse match_topics(ClientInfo, Topic, Filters).
-
-match_topic(Topic, {eq, TopicFilter}) ->
-    Topic == TopicFilter;
-match_topic(Topic, TopicFilter) ->
-    emqx_topic:match(Topic, TopicFilter).
-
-feed_var(ClientInfo, Pattern) ->
-    feed_var(ClientInfo, Pattern, []).
-feed_var(_ClientInfo, [], Acc) ->
-    lists:reverse(Acc);
-feed_var(ClientInfo = #{clientid := undefined}, [<<"%c">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [<<"%c">>|Acc]);
-feed_var(ClientInfo = #{clientid := ClientId}, [<<"%c">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [ClientId |Acc]);
-feed_var(ClientInfo = #{username := undefined}, [<<"%u">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [<<"%u">>|Acc]);
-feed_var(ClientInfo = #{username := Username}, [<<"%u">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [Username|Acc]);
-feed_var(ClientInfo, [W|Words], Acc) ->
-    feed_var(ClientInfo, Words, [W|Acc]).
-
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 8c1967ed3..83e611ee0 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -823,8 +823,7 @@ tr_modules(Conf) ->
         [{emqx_mod_subscription, Subscriptions()}],
         [{emqx_mod_rewrite, Rewrites()}],
         [{emqx_mod_topic_metrics, []}],
-        [{emqx_mod_delayed, []}],
-        [{emqx_mod_acl_internal, [{acl_file, conf_get("acl.acl_file", Conf)}]}]
+        [{emqx_mod_delayed, []}]
     ]).
 
 tr_sysmon(Conf) ->
diff --git a/apps/emqx/test/emqx_SUITE_data/loaded_modules b/apps/emqx/test/emqx_SUITE_data/loaded_modules
index 49effa0c5..f31e47900 100644
--- a/apps/emqx/test/emqx_SUITE_data/loaded_modules
+++ b/apps/emqx/test/emqx_SUITE_data/loaded_modules
@@ -1,2 +1 @@
-{emqx_mod_acl_internal, true}.
-{emqx_mod_presence, true}.
\ No newline at end of file
+{emqx_mod_presence, true}.
diff --git a/apps/emqx/test/emqx_access_SUITE_data/acl.conf b/apps/emqx/test/emqx_access_SUITE_data/acl.conf
deleted file mode 100644
index e5730b4c5..000000000
--- a/apps/emqx/test/emqx_access_SUITE_data/acl.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-{allow, {ipaddr, "127.0.0.1"}, subscribe, ["$SYS/#", "#"]}.
-
-{allow, {user, "testuser"}, subscribe, ["a/b/c", "d/e/f/#"]}.
-
-{allow, {user, "admin"}, pubsub, ["a/b/c", "d/e/f/#"]}.
-
-{allow, {client, "testClient"}, subscribe, ["testTopics/testClient"]}.
-
-{allow, all, subscribe, ["clients/%c"]}.
-
-{allow, all, pubsub, ["users/%u/#"]}.
-
-{deny, all, subscribe, ["$SYS/#", "#"]}.
-
-{deny, all}.
diff --git a/apps/emqx/test/emqx_access_SUITE_data/acl_deny_action.conf b/apps/emqx/test/emqx_access_SUITE_data/acl_deny_action.conf
deleted file mode 100644
index c7f933ce7..000000000
--- a/apps/emqx/test/emqx_access_SUITE_data/acl_deny_action.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-{deny, {user, "emqx"}, pubsub, ["acl_deny_action"]}.
-{deny, {user, "pub_deny"}, publish, ["pub_deny"]}.
-{allow, all}.
\ No newline at end of file
diff --git a/apps/emqx/test/emqx_access_rule_SUITE.erl b/apps/emqx/test/emqx_access_rule_SUITE.erl
deleted file mode 100644
index 93c84a958..000000000
--- a/apps/emqx/test/emqx_access_rule_SUITE.erl
+++ /dev/null
@@ -1,97 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2019-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_access_rule_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("eunit/include/eunit.hrl").
-
-all() -> emqx_ct:all(?MODULE).
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:boot_modules([router, broker]),
-    emqx_ct_helpers:start_apps([]),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([]).
-
-t_compile(_) ->
-    Rule1 = {allow, all, pubsub, <<"%u">>},
-    Compile1 = {allow, all, pubsub, [{pattern,[<<"%u">>]}]},
-
-    Rule2 = {allow, {ipaddr, "127.0.0.1"}, pubsub, <<"%c">>},
-    Compile2 = {allow, {ipaddr, {{127,0,0,1}, {127,0,0,1}, 32}}, pubsub, [{pattern,[<<"%c">>]}]},
-
-    Rule3 = {allow, {'and', [{client, <<"testClient">>}, {user, <<"testUser">>}]}, pubsub, [<<"testTopics1">>,  <<"testTopics2">>]},
-    Compile3 = {allow, {'and', [{client, <<"testClient">>}, {user, <<"testUser">>}]}, pubsub, [[<<"testTopics1">>],  [<<"testTopics2">>]]},
-
-    Rule4 = {allow, {'or', [{client, all}, {user, all}]}, pubsub, [ <<"testTopics1">>,  <<"testTopics2">>]},
-    Compile4 = {allow, {'or', [{client, all}, {user, all}]}, pubsub, [[<<"testTopics1">>],  [<<"testTopics2">>]]},
-
-    ?assertEqual(Compile1, emqx_access_rule:compile(Rule1)),
-    ?assertEqual(Compile2, emqx_access_rule:compile(Rule2)),
-    ?assertEqual(Compile3, emqx_access_rule:compile(Rule3)),
-    ?assertEqual(Compile4, emqx_access_rule:compile(Rule4)).
-
-t_match(_) ->
-    ClientInfo1 = #{zone => external,
-                    clientid => <<"testClient">>,
-                    username => <<"TestUser">>,
-                    peerhost => {127,0,0,1}
-                   },
-    ClientInfo2 = #{zone => external,
-                    clientid => <<"testClient">>,
-                    username => <<"TestUser">>,
-                    peerhost => {192,168,0,10}
-                   },
-    ClientInfo3 = #{zone => external,
-                    clientid => <<"testClient">>,
-                    username => <<"TestUser">>,
-                    peerhost => undefined
-                   },
-    ?assertEqual({matched, deny}, emqx_access_rule:match([], [], {deny, all})),
-    ?assertEqual({matched, allow}, emqx_access_rule:match([], [], {allow, all})),
-    ?assertEqual(nomatch, emqx_access_rule:match(ClientInfo1, <<"Test/Topic">>,
-                                                    emqx_access_rule:compile({allow, {user, all}, pubsub, []}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"Test/Topic">>,
-                                                            emqx_access_rule:compile({allow, {client, all}, pubsub, ["$SYS/#", "#"]}))),
-    ?assertEqual(nomatch, emqx_access_rule:match(ClientInfo3, <<"Test/Topic">>,
-                                                    emqx_access_rule:compile({allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"Test/Topic">>,
-                                                            emqx_access_rule:compile({allow, {ipaddr, "127.0.0.1"}, subscribe, ["$SYS/#", "#"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo2, <<"Test/Topic">>,
-                                                            emqx_access_rule:compile({allow, {ipaddr, "192.168.0.1/24"}, subscribe, ["$SYS/#", "#"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"d/e/f/x">>,
-                                                            emqx_access_rule:compile({allow, {user, "TestUser"}, subscribe, ["a/b/c", "d/e/f/#"]}))),
-    ?assertEqual(nomatch, emqx_access_rule:match(ClientInfo1, <<"d/e/f/x">>,
-                                                    emqx_access_rule:compile({allow, {user, "admin"}, pubsub, ["d/e/f/#"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"testTopics/testClient">>,
-                                                            emqx_access_rule:compile({allow, {client, "testClient"}, publish, ["testTopics/testClient"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"clients/testClient">>,
-                                                            emqx_access_rule:compile({allow, all, pubsub, ["clients/%c"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(#{username => <<"user2">>}, <<"users/user2/abc/def">>,
-                                                            emqx_access_rule:compile({allow, all, subscribe, ["users/%u/#"]}))),
-    ?assertEqual({matched, deny}, emqx_access_rule:match(ClientInfo1, <<"d/e/f">>,
-                                                            emqx_access_rule:compile({deny, all, subscribe, ["$SYS/#", "#"]}))),
-    ?assertEqual(nomatch, emqx_access_rule:match(ClientInfo1, <<"Topic">>,
-                                                    emqx_access_rule:compile({allow, {'and', [{ipaddr, "127.0.0.1"}, {user, <<"WrongUser">>}]}, publish, <<"Topic">>}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"Topic">>,
-                                                            emqx_access_rule:compile({allow, {'and', [{ipaddr, "127.0.0.1"}, {user, <<"TestUser">>}]}, publish, <<"Topic">>}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"Topic">>,
-                                                            emqx_access_rule:compile({allow, {'or', [{ipaddr, "127.0.0.1"}, {user, <<"WrongUser">>}]}, publish, ["Topic"]}))).
diff --git a/apps/emqx_coap/test/emqx_coap_SUITE.erl b/apps/emqx_coap/test/emqx_coap_SUITE.erl
index 440b80ebd..73c9ef162 100644
--- a/apps/emqx_coap/test/emqx_coap_SUITE.erl
+++ b/apps/emqx_coap/test/emqx_coap_SUITE.erl
@@ -266,11 +266,18 @@ t_kick_1(_Config) ->
 
 % mqtt connection kicked by coap with same client id
 t_acl(Config) ->
-    %% Update acl file and reload mod_acl_internal
-    Path = filename:join([testdir(proplists:get_value(data_dir, Config)), "deny.conf"]),
-    ok = file:write_file(Path, <<"{deny, {user, \"coap\"}, publish, [\"abc\"]}.">>),
-    OldPath = emqx:get_env(acl_file),
-    emqx_mod_acl_internal:reload([{acl_file, Path}]),
+    OldPath = emqx:get_env(plugins_etc_dir),
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
+    Conf = #{<<"authz">> =>
+             #{<<"rules">> =>
+               [#{<<"principal">> =>#{<<"username">> => <<"coap">>},
+                  <<"permission">> => deny,
+                  <<"topics">> => [<<"abc">>],
+                  <<"action">> => <<"publish">>}
+               ]}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    application:ensure_all_started(emqx_authz),
 
     emqx:subscribe(<<"abc">>),
     URI = "coap://127.0.0.1/mqtt/adbc?c=client1&u=coap&p=secret",
@@ -282,9 +289,9 @@ t_acl(Config) ->
         ok
     end,
 
-    application:set_env(emqx, acl_file, OldPath),
-    file:delete(Path),
-    emqx_mod_acl_internal:reload([{acl_file, OldPath}]).
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
+    application:set_env(emqx, plugins_etc_dir, OldPath),
+    application:stop(emqx_authz).
 
 t_stats(_) ->
     ok.
diff --git a/apps/emqx_modules/src/emqx_mod_acl_internal.erl b/apps/emqx_modules/src/emqx_mod_acl_internal.erl
deleted file mode 100644
index 8956229ea..000000000
--- a/apps/emqx_modules/src/emqx_mod_acl_internal.erl
+++ /dev/null
@@ -1,122 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mod_acl_internal).
-
--behaviour(emqx_gen_mod).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--logger_header("[ACL_INTERNAL]").
-
-%% APIs
--export([ check_acl/5
-        , rules_from_file/1
-        ]).
-
-%% emqx_gen_mod callbacks
--export([ load/1
-        , unload/1
-        , reload/1
-        , description/0
-        ]).
-
--type(acl_rules() :: #{publish   => [emqx_access_rule:rule()],
-                       subscribe => [emqx_access_rule:rule()]}).
-
-%%--------------------------------------------------------------------
-%% API
-%%--------------------------------------------------------------------
-
-load(Env) ->
-    Rules = rules_from_file(proplists:get_value(acl_file, Env)),
-    emqx_hooks:add('client.check_acl', {?MODULE, check_acl, [Rules]},  -1).
-
-unload(_Env) ->
-    emqx_hooks:del('client.check_acl', {?MODULE, check_acl}).
-
-reload(Env) ->
-    emqx_acl_cache:is_enabled() andalso (
-        lists:foreach(
-            fun(Pid) -> erlang:send(Pid, clean_acl_cache) end,
-        emqx_cm:all_channels())),
-    unload(Env), load(Env).
-
-description() ->
-    "EMQ X Internal ACL Module".
-%%--------------------------------------------------------------------
-%% ACL callbacks
-%%--------------------------------------------------------------------
-
-%% @doc Check ACL
--spec(check_acl(emqx_types:clientinfo(), emqx_types:pubsub(), emqx_topic:topic(),
-                emqx_access_rule:acl_result(), acl_rules())
-      -> {ok, allow} | {ok, deny} | ok).
-check_acl(Client, PubSub, Topic, _AclResult, Rules) ->
-    case match(Client, Topic, lookup(PubSub, Rules)) of
-        {matched, allow} -> {ok, allow};
-        {matched, deny}  -> {ok, deny};
-        nomatch          -> ok
-    end.
-
-%%--------------------------------------------------------------------
-%% Internal Functions
-%%--------------------------------------------------------------------
-lookup(PubSub, Rules) ->
-    maps:get(PubSub, Rules, []).
-
-match(_Client, _Topic, []) ->
-    nomatch;
-match(Client, Topic, [Rule|Rules]) ->
-    case emqx_access_rule:match(Client, Topic, Rule) of
-        nomatch ->
-            match(Client, Topic, Rules);
-        {matched, AllowDeny} ->
-            {matched, AllowDeny}
-    end.
-
--spec(rules_from_file(file:filename()) -> map()).
-rules_from_file(AclFile) ->
-    case file:consult(AclFile) of
-        {ok, Terms} ->
-            Rules = [emqx_access_rule:compile(Term) || Term <- Terms],
-            #{publish   => [Rule || Rule <- Rules, filter(publish, Rule)],
-              subscribe => [Rule || Rule <- Rules, filter(subscribe, Rule)]};
-        {error, eacces} ->
-            ?LOG(alert, "Insufficient permissions to read the ~s file", [AclFile]),
-            #{};
-        {error, enoent} ->
-            ?LOG(alert, "The ~s file does not exist", [AclFile]),
-            #{};
-        {error, Reason} ->
-            ?LOG(alert, "Failed to read ~s: ~p", [AclFile, Reason]),
-            #{}
-    end.
-
-filter(_PubSub, {allow, all}) ->
-    true;
-filter(_PubSub, {deny, all}) ->
-    true;
-filter(publish, {_AllowDeny, _Who, publish, _Topics}) ->
-    true;
-filter(_PubSub, {_AllowDeny, _Who, pubsub, _Topics}) ->
-    true;
-filter(subscribe, {_AllowDeny, _Who, subscribe, _Topics}) ->
-    true;
-filter(_PubSub, {_AllowDeny, _Who, _, _Topics}) ->
-    false.
-
diff --git a/apps/emqx_modules/src/emqx_modules.erl b/apps/emqx_modules/src/emqx_modules.erl
index 3de9c6ba3..262e700ab 100644
--- a/apps/emqx_modules/src/emqx_modules.erl
+++ b/apps/emqx_modules/src/emqx_modules.erl
@@ -80,17 +80,6 @@ unload(ModuleName) ->
     end.
 
 -spec(reload(module()) -> ok | ignore | {error, any()}).
-reload(emqx_mod_acl_internal) ->
-    Modules = emqx:get_env(modules, []),
-    Env = proplists:get_value(emqx_mod_acl_internal, Modules, undefined),
-    case emqx_mod_acl_internal:reload(Env) of
-        ok ->
-            ?LOG(info, "Reload ~s module successfully.", [emqx_mod_acl_internal]),
-            ok;
-        {error, Error} ->
-            ?LOG(error, "Reload module ~s failed, cannot start for ~0p", [emqx_mod_acl_internal, Error]),
-            {error, Error}
-    end;
 reload(_) ->
     ignore.
 
@@ -197,13 +186,6 @@ cli(["unload", Name]) ->
             emqx_ctl:print("Unload module ~s error: ~p.~n", [Name, Reason])
     end;
 
-cli(["reload", "emqx_mod_acl_internal" = Name]) ->
-    case emqx_modules:reload(list_to_atom(Name)) of
-        ok ->
-            emqx_ctl:print("Module ~s reloaded successfully.~n", [Name]);
-        {error, Reason} ->
-            emqx_ctl:print("Reload module ~s error: ~p.~n", [Name, Reason])
-    end;
 cli(["reload", Name]) ->
     emqx_ctl:print("Module: ~p does not need to be reloaded.~n", [Name]);
 
diff --git a/apps/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl b/apps/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl
deleted file mode 100644
index 3edcd31fa..000000000
--- a/apps/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl
+++ /dev/null
@@ -1,64 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mod_acl_internal_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx_mqtt.hrl").
--include_lib("eunit/include/eunit.hrl").
-
-all() -> emqx_ct:all(?MODULE).
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:boot_modules(all),
-    emqx_ct_helpers:start_apps([]),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([]).
-
-t_load_unload(_) ->
-    ?assertEqual(ok, emqx_mod_acl_internal:unload([])),
-    ?assertEqual(ok, emqx_mod_acl_internal:load([])),
-    ?assertEqual({error,already_exists}, emqx_mod_acl_internal:load([])).
-
-t_check_acl(_) ->
-    Rules=#{publish => [{allow,all}], subscribe => [{deny, all}]},
-    ?assertEqual({ok, allow}, emqx_mod_acl_internal:check_acl(clientinfo(), publish,  <<"t">>, [], Rules)),
-    ?assertEqual({ok, deny}, emqx_mod_acl_internal:check_acl(clientinfo(), subscribe,  <<"t">>, [], Rules)),
-    ?assertEqual(ok, emqx_mod_acl_internal:check_acl(clientinfo(), connect,  <<"t">>, [], Rules)).
-
-t_reload_acl(_) ->
-    ?assertEqual(ok, emqx_mod_acl_internal:reload([])).
-
-%%--------------------------------------------------------------------
-%% Helper functions
-%%--------------------------------------------------------------------
-
-clientinfo() -> clientinfo(#{}).
-clientinfo(InitProps) ->
-    maps:merge(#{zone       => zone,
-                 protocol   => mqtt,
-                 peerhost   => {127,0,0,1},
-                 clientid   => <<"clientid">>,
-                 username   => <<"username">>,
-                 password   => <<"passwd">>,
-                 is_superuser => false,
-                 peercert   => undefined,
-                 mountpoint => undefined
-                }, InitProps).
diff --git a/apps/emqx_modules/test/emqx_modules_SUITE.erl b/apps/emqx_modules/test/emqx_modules_SUITE.erl
index dc76e8eb7..0ce8b0c5f 100644
--- a/apps/emqx_modules/test/emqx_modules_SUITE.erl
+++ b/apps/emqx_modules/test/emqx_modules_SUITE.erl
@@ -49,8 +49,7 @@ t_load(_) ->
     ?assertEqual(ok, emqx_modules:load()),
     ?assertEqual({error, not_found}, emqx_modules:load(not_existed_module)),
     ?assertEqual({error, not_started}, emqx_modules:unload(emqx_mod_rewrite)),
-    ?assertEqual(ignore, emqx_modules:reload(emqx_mod_rewrite)),
-    ?assertEqual(ok, emqx_modules:reload(emqx_mod_acl_internal)).
+    ?assertEqual(ignore, emqx_modules:reload(emqx_mod_rewrite)).
 
 t_list(_) ->
     ?assertMatch([{_, _} | _ ], emqx_modules:list()).
diff --git a/deploy/charts/emqx/values.yaml b/deploy/charts/emqx/values.yaml
index 0e6f24a66..3e145aafe 100644
--- a/deploy/charts/emqx/values.yaml
+++ b/deploy/charts/emqx/values.yaml
@@ -87,7 +87,6 @@ emqxLoadedPlugins: >
   {emqx_bridge_mqtt, false}.
 
 emqxLoadedModules: >
-  {emqx_mod_acl_internal, true}.
   {emqx_mod_presence, true}.
   {emqx_mod_delayed, false}.
   {emqx_mod_rewrite, false}.
diff --git a/deploy/docker/README.md b/deploy/docker/README.md
index f243c7a4b..4c89a73cd 100644
--- a/deploy/docker/README.md
+++ b/deploy/docker/README.md
@@ -97,12 +97,11 @@ For example, set mqtt tcp port to 1883
 
 Default environment variable ``EMQX_LOADED_MODULES``, including
 
-+ ``emqx_mod_acl_internal``
 + ``emqx_mod_presence``
 
 ```bash
 # The default EMQX_LOADED_MODULES env
-EMQX_LOADED_MODULES="emqx_mod_acl_internal,emqx_mod_acl_internal"
+EMQX_LOADED_MODULES="emqx_mod_presence"
 ```
 
 For example, set ``EMQX_LOADED_MODULES=emqx_mod_delayed,emqx_mod_rewrite`` to load these two modules.

From 6063fc72f71763a2640cd89cb9a42edfb7f280f0 Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Fri, 25 Jun 2021 16:27:33 +0200
Subject: [PATCH 034/174] chore(authentication): Migrate to RLOG

---
 apps/emqx_authentication/include/emqx_authentication.hrl | 2 ++
 apps/emqx_authentication/src/emqx_authentication.erl     | 9 ++++++---
 apps/emqx_authentication/src/emqx_authentication_app.erl | 3 +++
 .../src/emqx_authentication_mnesia.erl                   | 8 +++++---
 .../test/emqx_authentication_SUITE.erl                   | 6 ++----
 5 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/apps/emqx_authentication/include/emqx_authentication.hrl b/apps/emqx_authentication/include/emqx_authentication.hrl
index 09d3c5fc4..814c03eb4 100644
--- a/apps/emqx_authentication/include/emqx_authentication.hrl
+++ b/apps/emqx_authentication/include/emqx_authentication.hrl
@@ -39,3 +39,5 @@
         , services :: [{service_name(), #service{}}]
         , created_at :: integer()
         }).
+
+-define(AUTH_SHARD, emqx_authentication_shard).
diff --git a/apps/emqx_authentication/src/emqx_authentication.erl b/apps/emqx_authentication/src/emqx_authentication.erl
index ab7b8537c..a3d0241c0 100644
--- a/apps/emqx_authentication/src/emqx_authentication.erl
+++ b/apps/emqx_authentication/src/emqx_authentication.erl
@@ -56,6 +56,9 @@
 -define(CHAIN_TAB, emqx_authentication_chain).
 -define(SERVICE_TYPE_TAB, emqx_authentication_service_type).
 
+-rlog_shard({?AUTH_SHARD, ?CHAIN_TAB}).
+-rlog_shard({?AUTH_SHARD, ?SERVICE_TYPE_TAB}).
+
 %%------------------------------------------------------------------------------
 %% Mnesia bootstrap
 %%------------------------------------------------------------------------------
@@ -370,7 +373,7 @@ validate_other_service_params([#{type := Type, params := Params} = ServiceParams
         {error, not_found} ->
             {error, {not_found, {service_type, Type}}}
     end.
-    
+
 no_duplicate_names(Names) ->
     no_duplicate_names(Names, #{}).
 
@@ -423,7 +426,7 @@ extract_services([ServiceName | More], Services, Acc) ->
         false ->
             {error, {not_found, {service, ServiceName}}}
     end.
-    
+
 move_service_to_the_front_(ServiceName, Services) ->
     move_service_to_the_front_(ServiceName, Services, []).
 
@@ -513,7 +516,7 @@ trans(Fun) ->
     trans(Fun, []).
 
 trans(Fun, Args) ->
-    case mnesia:transaction(Fun, Args) of
+    case ekka_mnesia:transaction(?AUTH_SHARD, Fun, Args) of
         {atomic, Res} -> Res;
         {aborted, Reason} -> {error, Reason}
     end.
diff --git a/apps/emqx_authentication/src/emqx_authentication_app.erl b/apps/emqx_authentication/src/emqx_authentication_app.erl
index 2d395def7..3bea3c3d6 100644
--- a/apps/emqx_authentication/src/emqx_authentication_app.erl
+++ b/apps/emqx_authentication/src/emqx_authentication_app.erl
@@ -20,6 +20,8 @@
 
 -emqx_plugin(?MODULE).
 
+-include("emqx_authentication.hrl").
+
 %% Application callbacks
 -export([ start/2
         , stop/1
@@ -27,6 +29,7 @@
 
 start(_StartType, _StartArgs) ->
     {ok, Sup} = emqx_authentication_sup:start_link(),
+    ok = ekka_rlog:wait_for_shards([?AUTH_SHARD], infinity),
     ok = emqx_authentication:register_service_types(),
     {ok, Sup}.
 
diff --git a/apps/emqx_authentication/src/emqx_authentication_mnesia.erl b/apps/emqx_authentication/src/emqx_authentication_mnesia.erl
index 53dc4dd73..09307e38f 100644
--- a/apps/emqx_authentication/src/emqx_authentication_mnesia.erl
+++ b/apps/emqx_authentication/src/emqx_authentication_mnesia.erl
@@ -51,7 +51,7 @@
         salt_rounds => #{
             order => 3,
             type => number,
-            default => 10 
+            default => 10
         }
     }
 }).
@@ -72,6 +72,8 @@
 
 -define(TAB, mnesia_basic_auth).
 
+-rlog_shard({?AUTH_SHARD, ?TAB}).
+
 %%------------------------------------------------------------------------------
 %% Mnesia bootstrap
 %%------------------------------------------------------------------------------
@@ -231,7 +233,7 @@ import(UserGroup, [#{<<"user_id">> := UserID,
 import(_UserGroup, [_ | _More]) ->
     {error, bad_format}.
 
-%% Importing 5w users needs 1.7 seconds 
+%% Importing 5w users needs 1.7 seconds
 import(UserGroup, File, Seq) ->
     case file:read_line(File) of
         {ok, Line} ->
@@ -330,7 +332,7 @@ trans(Fun) ->
     trans(Fun, []).
 
 trans(Fun, Args) ->
-    case mnesia:transaction(Fun, Args) of
+    case ekka_mnesia:transaction(?AUTH_SHARD, Fun, Args) of
         {atomic, Res} -> Res;
         {aborted, Reason} -> {error, Reason}
     end.
diff --git a/apps/emqx_authentication/test/emqx_authentication_SUITE.erl b/apps/emqx_authentication/test/emqx_authentication_SUITE.erl
index d110d940a..d9f9ace8b 100644
--- a/apps/emqx_authentication/test/emqx_authentication_SUITE.erl
+++ b/apps/emqx_authentication/test/emqx_authentication_SUITE.erl
@@ -28,6 +28,7 @@ all() ->
     emqx_ct:all(?MODULE).
 
 init_per_suite(Config) ->
+    application:set_env(ekka, strict_mode, true),
     emqx_ct_helpers:start_apps([emqx_authentication]),
     Config.
 
@@ -40,7 +41,7 @@ t_chain(_) ->
     ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
     ?assertEqual({error, {already_exists, {chain, ChainID}}}, ?AUTH:create_chain(#{id => ChainID})),
     ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:lookup_chain(ChainID)),
-    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
     ?assertMatch({error, {not_found, {chain, ChainID}}}, ?AUTH:lookup_chain(ChainID)),
     ok.
 
@@ -186,6 +187,3 @@ t_multi_mnesia_service(_) ->
     ?assertEqual(ok, ?AUTH:authenticate(ClientInfo2)),
     ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
     ok.
-
-
-

From 1063f2cae5b48bceff1eb48c09516753c64a46a5 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Mon, 28 Jun 2021 09:24:57 +0800
Subject: [PATCH 035/174] chore(plugins): rm emqx-lua-hook plugin

---
 apps/emqx_lua_hook/.gitignore                 |  19 -
 apps/emqx_lua_hook/README.md                  | 338 ---------
 apps/emqx_lua_hook/etc/emqx_lua_hook.conf     |   4 -
 apps/emqx_lua_hook/examples.lua               |  71 --
 apps/emqx_lua_hook/include/emqx_lua_hook.hrl  |  18 -
 apps/emqx_lua_hook/priv/emqx_lua_hook.schema  |   1 -
 apps/emqx_lua_hook/rebar.config               |  21 -
 apps/emqx_lua_hook/src/emqx_lua_hook.app.src  |  14 -
 apps/emqx_lua_hook/src/emqx_lua_hook.erl      | 199 -----
 apps/emqx_lua_hook/src/emqx_lua_hook_app.erl  |  40 -
 apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl  |  88 ---
 apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl  |  35 -
 apps/emqx_lua_hook/src/emqx_lua_script.erl    | 342 ---------
 .../test/emqx_lua_hook_SUITE.erl              | 693 ------------------
 rebar.config.erl                              |   4 +-
 15 files changed, 1 insertion(+), 1886 deletions(-)
 delete mode 100644 apps/emqx_lua_hook/.gitignore
 delete mode 100644 apps/emqx_lua_hook/README.md
 delete mode 100644 apps/emqx_lua_hook/etc/emqx_lua_hook.conf
 delete mode 100644 apps/emqx_lua_hook/examples.lua
 delete mode 100644 apps/emqx_lua_hook/include/emqx_lua_hook.hrl
 delete mode 100644 apps/emqx_lua_hook/priv/emqx_lua_hook.schema
 delete mode 100644 apps/emqx_lua_hook/rebar.config
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook.app.src
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook.erl
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook_app.erl
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_script.erl
 delete mode 100644 apps/emqx_lua_hook/test/emqx_lua_hook_SUITE.erl

diff --git a/apps/emqx_lua_hook/.gitignore b/apps/emqx_lua_hook/.gitignore
deleted file mode 100644
index af616ea1a..000000000
--- a/apps/emqx_lua_hook/.gitignore
+++ /dev/null
@@ -1,19 +0,0 @@
-deps/
-ebin/
-_rel/
-.erlang.mk/
-*.d
-data/
-*.iml
-.idea/
-logs/
-*.beam
-.DS_Store
-erlang.mk
-_build/
-rebar.lock
-rebar3.crashdump
-bbmustache/
-*.conf.rendered
-.rebar3
-*.swp
diff --git a/apps/emqx_lua_hook/README.md b/apps/emqx_lua_hook/README.md
deleted file mode 100644
index a3f65a094..000000000
--- a/apps/emqx_lua_hook/README.md
+++ /dev/null
@@ -1,338 +0,0 @@
-
-# emqx-lua-hook
-
-This plugin makes it possible to write hooks in lua scripts.
-
-Lua virtual machine is implemented by [luerl](https://github.com/rvirding/luerl) which supports Lua 5.2. Following features may not work properly:
-* label and goto
-* tail-call optimisation in return
-* only limited standard libraries
-* proper handling of `__metatable`
-
-For the supported functions, please refer to luerl's [project page](https://github.com/rvirding/luerl).
-
-Lua scripts are stored in 'data/scripts' directory, and will be loaded automatically. If a script is changed during runtime, it should be reloaded to take effect.
-
-Each lua script could export several functions binding with emqx hooks, triggered by message publish, topic subscribe, client connect, etc. Different lua scripts may export same type function, binding with a same event. But their order being triggered is not guaranteed.
-
-To start this plugin, run following command:
-
-```shell
-bin/emqx_ctl plugins load emqx_lua_hook
-```
-
-
-## NOTE
-
-* Since lua VM is run on erlang VM, its performance is poor. Please do NOT write long or complicated lua scripts which may degrade entire system.
-* It's hard to debug lua script in emqx environment. Recommended to unit test your lua script in your host first. If everything is OK, deploy it to emqx 'data/scripts' directory.
-* Global variable will lost its value for each call. Do NOT use global variable in lua scripts.
-
-
-# Example
-
-Suppose your emqx is installed in /emqx, and the lua script directory should be /emqx/data/scripts.
-
-Make a new file called "test.lua" and put following code into this file:
-
-```lua
-function on_message_publish(clientid, username, topic, payload, qos, retain)
-    return topic, "hello", qos, retain
-end
-
-function register_hook()
-    return "on_message_publish"
-end
-```
-
-Execute following command to start emq-lua-hook and load scripts in 'data/scripts' directory.
-
-```
-/emqx/bin/emqx_ctl plugins load emqx_lua_hook
-```
-
-Now let's take a look at what will happend.
-
-- Start a mqtt client, such as mqtt.fx.
-- Subscribe a topic="a/b".
-- Send a message, topic="a/b", payload="123"
-- Subscriber will get a message with topic="a/b" and payload="hello". test.lua modifies the payload.
-
-If there are "test1.lua", "test2.lua" and "test3.lua" in /emqx/data/scripts, all these files will be loaded once emq-lua-hook get started.
-
-If test2.lua has been changed, restart emq-lua-hook to reload all scripts, or execute following command to reload test2.lua only:
-
-```
-/emqx/bin/emqx_ctl luahook reload test2.lua
-```
-
-
-# Hook API
-
-You can find all example codes in the `examples.lua` file.
-
-## on_client_connected
-
-```lua
-function on_client_connected(clientId, userName, returncode)
-    return 0
-end
-```
-This API is called after a mqtt client has establish a connection with broker.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* returncode : a string, has following values
-    - success : Connection accepted
-    - Others is failed reason
-
-### Output
-Needless
-
-## on_client_disconnected
-
-```lua
-function on_client_disconnected(clientId, username, error)
-    return
-end
-```
-This API is called after a mqtt client has disconnected.
-
-### Input
-* clientId : a string, mqtt client id.
-* username : a string mqtt username
-* error :   a string, denote the disconnection reason.
-
-### Output
-Needless
-
-## on_client_subscribe
-
-```lua
-function on_client_subscribe(clientId, username, topic)
-    -- do your job here
-    if some_condition then
-        return new_topic
-    else
-        return false
-    end
-end
-```
-This API is called before mqtt engine process client's subscribe command. It is possible to change topic or cancel it.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt message's topic
-
-### Output
-* new_topic :   a string, change mqtt message's topic
-* false :    cancel subscription
-
-
-## on_client_unsubscribe
-
-```lua
- function on_client_unsubscribe(clientId, username, topic)
-    -- do your job here
-    if some_condition then
-        return new_topic
-    else
-        return false
-    end
-end
-```
-This API is called before mqtt engine process client's unsubscribe command. It is possible to change topic or cancel it.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt message's topic
-
-### Output
-* new_topic :   a string, change mqtt message's topic
-* false :    cancel unsubscription
-
-
-## on_session_subscribed
-
-```lua
-function on_session_subscribed(ClientId, Username, Topic)
-    return
-end
-```
-This API is called after a subscription has been done.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt's topic filter.
-
-### Output
-Needless
-
-
-## on_session_unsubscribed
-
-```lua
-function on_session_unsubscribed(clientid, username, topic)
-    return
-end
-```
-This API is called after a unsubscription has been done.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt's topic filter.
-
-### Output
-Needless
-
-## on_message_delivered
-
-```lua
-function on_message_delivered(clientid, username, topic, payload, qos, retain)
-    -- do your job here
-    return topic, payload, qos, retain
-end
-```
-This API is called after a message has been pushed to mqtt clients.
-
-### Input
-* clientId : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt message's topic
-* payload :  a string, mqtt message's payload
-* qos :     a number, mqtt message's QOS (0, 1, 2)
-* retain :   a boolean, mqtt message's retain flag
-
-### Output
-Needless
-
-## on_message_acked
-
-```lua
-function on_message_acked(clientId, username, topic, payload, qos, retain)
-    return
-end
-```
-This API is called after a message has been acknowledged.
-
-### Input
-* clientId : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt message's topic
-* payload :  a string, mqtt message's payload
-* qos :     a number, mqtt message's QOS (0, 1, 2)
-* retain :   a boolean, mqtt message's retain flag
-
-### Output
-Needless
-
-## on_message_publish
-
-```lua
-function on_message_publish(clientid, username, topic, payload, qos, retain)
-    -- do your job here
-    if some_condition then
-        return new_topic, new_payload, new_qos, new_retain
-    else
-        return false
-    end
-end
-```
-This API is called before publishing message into mqtt engine. It's possible to change message or cancel publish in this API.
-
-### Input
-* clientid : a string, mqtt client id of publisher.
-* username : a string, mqtt username of publisher
-* topic :   a string, mqtt message's topic
-* payload :  a string, mqtt message's payload
-* qos :     a number, mqtt message's QOS (0, 1, 2)
-* retain :   a boolean, mqtt message's retain flag
-
-### Output
-* new_topic :   a string, change mqtt message's topic
-* new_payload :  a string, change mqtt message's payload
-* new_qos :      a number, change mqtt message's QOS
-* new_retain :   a boolean, change mqtt message's retain flag
-* false :        cancel publishing this mqtt message
-
-## register_hook
-
-```lua
-function register_hook()
-    return "hook_name"
-end
-
--- Or register multiple callbacks
-
-function register_hook()
-    return "hook_name1", "hook_name2", ... , "hook_nameX"
-end
-```
-
-This API exports hook(s) implemented in its lua script.
-
-### Output
-* hook_name must be a string, which is equal to the hook API(s) implemented. Possible values:
- - "on_client_connected"
- - "on_client_disconnected"
- - "on_client_subscribe"
- - "on_client_unsubscribe"
- - "on_session_subscribed"
- - "on_session_unsubscribed"
- - "on_message_delivered"
- - "on_message_acked"
- - "on_message_publish"
-
-# management command
-
-## load
-
-```shell
-emqx_ctl luahook load script_name
-```
-This command will load lua file "script_name" in 'data/scripts' directory, into emqx hook.
-
-## unload
-
-```shell
-emqx_ctl luahook unload script_name
-```
-This command will unload lua file "script_name" out of emqx hook.
-
-## reload
-
-```shell
-emqx_ctl luahook reload script_name
-```
-This command will reload lua file "script_name" in 'data/scripts'. It is useful if a lua script has been modified and apply it immediately.
-
-## enable
-
-```shell
-emqx_ctl luahook enable script_name
-```
-This command will rename lua file "script_name.x" to "script_name", and load it immediately.
-
-## disable
-
-```shell
-emqx_ctl luahook disable script_name
-```
-This command will unload this script, and rename lua file "script_name" to "script_name.x", which will not be loaded during next boot.
-
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_lua_hook/etc/emqx_lua_hook.conf b/apps/emqx_lua_hook/etc/emqx_lua_hook.conf
deleted file mode 100644
index f0256afae..000000000
--- a/apps/emqx_lua_hook/etc/emqx_lua_hook.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-##--------------------------------------------------------------------
-## EMQ X Lua Hook
-##--------------------------------------------------------------------
-
diff --git a/apps/emqx_lua_hook/examples.lua b/apps/emqx_lua_hook/examples.lua
deleted file mode 100644
index bc36eb771..000000000
--- a/apps/emqx_lua_hook/examples.lua
+++ /dev/null
@@ -1,71 +0,0 @@
---
--- Given all funcation names needed register to system
---
-function register_hook()
-    return "on_client_connected",
-           "on_client_disconnected",
-           "on_client_subscribe",
-           "on_client_unsubscribe",
-           "on_session_subscribed",
-           "on_session_unsubscribed",
-           "on_message_delivered",
-           "on_message_acked",
-           "on_message_publish"
-end
-
-----------------------------------------------------------------------
--- Callback Functions 
-
-function on_client_connected(clientid, username, returncode)
-    print("Lua: on_client_connected - " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_client_disconnected(clientid, username, reason)
-    print("Lua: on_client_disconnected - " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_client_subscribe(clientid, username, topic)
-    print("Lua: on_client_subscribe - " .. clientid)
-    -- do your job here
-    return topic
-end
-
-function on_client_unsubscribe(clientid, username, topic)
-    print("Lua: on_client_unsubscribe - " .. clientid)
-    -- do your job here
-    return topic
-end
-
-function on_session_subscribed(clientid, username, topic)
-    print("Lua: on_session_subscribed - " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_session_unsubscribed(clientid, username, topic)
-    print("Lua: on_session_unsubscribed - " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_message_delivered(clientid, username, topic, payload, qos, retain)
-    print("Lua: on_message_delivered - " .. clientid)
-    -- do your job here
-    return topic, payload, qos, retain
-end
-
-function on_message_acked(clientid, username, topic, payload, qos, retain)
-    print("Lua: on_message_acked- " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_message_publish(clientid, username, topic, payload, qos, retain)
-    print("Lua: on_message_publish - " .. clientid)
-    -- do your job here
-    return topic, payload, qos, retain
-end
diff --git a/apps/emqx_lua_hook/include/emqx_lua_hook.hrl b/apps/emqx_lua_hook/include/emqx_lua_hook.hrl
deleted file mode 100644
index fb7010c2b..000000000
--- a/apps/emqx_lua_hook/include/emqx_lua_hook.hrl
+++ /dev/null
@@ -1,18 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--define(LOG(Level, Format, Args), emqx_logger:Level("Lua Hook: " ++ Format, Args)).
-
diff --git a/apps/emqx_lua_hook/priv/emqx_lua_hook.schema b/apps/emqx_lua_hook/priv/emqx_lua_hook.schema
deleted file mode 100644
index 8b1378917..000000000
--- a/apps/emqx_lua_hook/priv/emqx_lua_hook.schema
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/apps/emqx_lua_hook/rebar.config b/apps/emqx_lua_hook/rebar.config
deleted file mode 100644
index 97a06a77c..000000000
--- a/apps/emqx_lua_hook/rebar.config
+++ /dev/null
@@ -1,21 +0,0 @@
-{deps,
- [{luerl, {git, "https://github.com/emqx/luerl", {tag, "v0.3.1"}}}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed,
-            {parse_transform}
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook.app.src b/apps/emqx_lua_hook/src/emqx_lua_hook.app.src
deleted file mode 100644
index 627c8e29d..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_lua_hook,
- [{description, "EMQ X Lua Hooks"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, []},
-  {applications, [kernel,stdlib]},
-  {mod, {emqx_lua_hook_app,[]}},
-  {env,[]},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-lua-hook"}
-          ]}
- ]}.
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook.erl b/apps/emqx_lua_hook/src/emqx_lua_hook.erl
deleted file mode 100644
index 6e7810827..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook.erl
+++ /dev/null
@@ -1,199 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook).
-
--behaviour(gen_server).
-
--include("emqx_lua_hook.hrl").
--include_lib("luerl/src/luerl.hrl").
-
--export([ start_link/0
-        , stop/0
-        ]).
-
--export([ load_scripts/0
-        , unload_scripts/0
-        , load_script/1
-        , unload_script/1
-        ]).
-
--export([ init/1
-        , handle_call/3
-        , handle_cast/2
-        , handle_info/2
-        , terminate/2
-        , code_change/3
-        ]).
-
--export([lua_dir/0]).
-
--define(SERVER, ?MODULE).
-
--record(state, {loaded_scripts = []}).
-
-start_link() ->
-    gen_server:start_link({local, ?SERVER}, ?MODULE, {}, []).
-
-stop() ->
-    gen_server:call(?SERVER, stop).
-
-load_scripts() ->
-    gen_server:call(?SERVER, load_scripts).
-
-unload_scripts() ->
-    gen_server:call(?SERVER, unload_scrips).
-
-load_script(ScriptName) ->
-    gen_server:call(?SERVER, {load_script, ScriptName}).
-
-unload_script(ScriptName) ->
-    gen_server:call(?SERVER, {unload_script, ScriptName}).
-
-lua_dir() ->
-    filename:join([emqx:get_env(data_dir, "data"), "scripts"]).
-
-%%-----------------------------------------------------------------------------
-%% gen_server callbacks
-%%-----------------------------------------------------------------------------
-
-init({}) ->
-    {ok, #state{}}.
-
-handle_call(stop, _From, State) ->
-    {stop, normal, ok, State};
-
-handle_call(load_scripts, _From, State) ->
-    {reply, ok, State#state{loaded_scripts = do_loadall()}, hibernate};
-
-handle_call(unload_scrips, _From, State=#state{loaded_scripts = Scripts}) ->
-    do_unloadall(Scripts),
-    {reply, ok, State#state{loaded_scripts = []}, hibernate};
-
-handle_call({load_script, ScriptName}, _From, State=#state{loaded_scripts = Scripts}) ->
-    {Ret, NewScripts} = case do_load(ScriptName) of
-                            error -> {error, Scripts};
-                            {ScriptName, LuaState} ->
-                                case lists:member({ScriptName, LuaState}, Scripts) of
-                                    true  -> {ok, Scripts};
-                                    false -> {ok, lists:append([{ScriptName, LuaState}], Scripts)}
-                                end
-                        end,
-    {reply, Ret, State#state{loaded_scripts = NewScripts}, hibernate};
-
-handle_call({unload_script, ScriptName}, _From, State=#state{loaded_scripts = Scripts}) ->
-    case proplists:get_all_values(ScriptName, Scripts) of
-        [] ->
-            {reply, ok, State, hibernate};
-        LuaStates ->
-            lists:foreach(fun(LuaState) ->
-                              % Unload first! If this gen_server has been crashed, loaded_scripts will be empty
-                              do_unload({ScriptName, LuaState})
-                          end, LuaStates),
-            NewScripts = proplists:delete(ScriptName, Scripts),
-            {reply, ok, State#state{loaded_scripts = NewScripts}, hibernate}
-    end;
-
-handle_call(Request, From, State) ->
-    ?LOG(error, "Unknown Request=~p from ~p", [Request, From]),
-    {reply, ignored, State, hibernate}.
-
-handle_cast(Msg, State) ->
-    ?LOG(error, "unexpected cast: ~p", [Msg]),
-    {noreply, State, hibernate}.
-
-handle_info(Info, State) ->
-    ?LOG(error, "unexpected info: ~p", [Info]),
-    {noreply, State}.
-
-terminate(_Reason, #state{loaded_scripts = Scripts}) ->
-    do_unloadall(Scripts),
-    ok.
-
-code_change(_OldVsn, State, _Extra) ->
-    {ok, State}.
-
-%% ------------------------------------------------------------------
-%% Internal Function Definitions
-%% ------------------------------------------------------------------
-
-do_loadall() ->
-    FileList = filelib:wildcard(filename:join([lua_dir(), "*.lua"])),
-    List = [do_load(X) || X <- FileList],
-    [X || X <- List, is_tuple(X)].
-
-do_load(FileName) ->
-    case catch luerl:dofile(FileName) of
-        {'EXIT', St00} ->
-            ?LOG(error, "Failed to load lua script ~p due to error ~p", [FileName, St00]),
-            error;
-        {_Ret, St0=#luerl{}} ->
-            case catch luerl:call_function([register_hook], [], St0) of
-                {'EXIT', St1} ->
-                    ?LOG(error, "Failed to execute register_hook function in lua script ~p, which has syntax error, St1=~p", [FileName, St1]),
-                    error;
-                {Ret1, St1} ->
-                    ?LOG(debug, "Register lua script ~p", [FileName]),
-                    _ = do_register_hooks(Ret1, FileName, St1),
-                    {FileName, St1};
-                Other ->
-                    ?LOG(error, "Failed to load lua script ~p, register_hook() raise exception ~p", [FileName, Other]),
-                    error
-            end;
-        Exception ->
-            ?LOG(error, "Failed to load lua script ~p with error ~p", [FileName, Exception]),
-            error
-    end.
-
-do_register(<<"on_message_publish">>, ScriptName, St) ->
-    emqx_lua_script:register_on_message_publish(ScriptName, St);
-do_register(<<"on_message_delivered">>, ScriptName, St) ->
-    emqx_lua_script:register_on_message_delivered(ScriptName, St);
-do_register(<<"on_message_acked">>, ScriptName, St) ->
-    emqx_lua_script:register_on_message_acked(ScriptName, St);
-do_register(<<"on_client_connected">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_connected(ScriptName, St);
-do_register(<<"on_client_subscribe">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_subscribe(ScriptName, St);
-do_register(<<"on_client_unsubscribe">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_unsubscribe(ScriptName, St);
-do_register(<<"on_client_disconnected">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_disconnected(ScriptName, St);
-do_register(<<"on_session_subscribed">>, ScriptName, St) ->
-    emqx_lua_script:register_on_session_subscribed(ScriptName, St);
-do_register(<<"on_client_authenticate">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_authenticate(ScriptName, St);
-do_register(<<"on_client_check_acl">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_check_acl(ScriptName, St);
-do_register(Hook, ScriptName, _St) ->
-    ?LOG(error, "Discard unknown hook ~p ScriptName=~p", [Hook, ScriptName]).
-
-do_register_hooks([], _ScriptName, _St) ->
-    ok;
-do_register_hooks([H|T], ScriptName, St) ->
-    _ = do_register(H, ScriptName, St),
-    do_register_hooks(T, ScriptName, St);
-do_register_hooks(Hook = <<$o, $n, _Rest/binary>>, ScriptName, St) ->
-    do_register(Hook, ScriptName, St);
-do_register_hooks(Hook, ScriptName, _St) ->
-    ?LOG(error, "Discard unknown hook type ~p from ~p", [Hook, ScriptName]).
-
-do_unloadall(Scripts) ->
-    lists:foreach(fun do_unload/1, Scripts).
-
-do_unload(Script) ->
-    emqx_lua_script:unregister_hooks(Script),
-    ok.
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook_app.erl b/apps/emqx_lua_hook/src/emqx_lua_hook_app.erl
deleted file mode 100644
index 6b0ec3574..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook_app.erl
+++ /dev/null
@@ -1,40 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook_app).
-
--behaviour(application).
-
--emqx_plugin(?MODULE).
-
--export([ start/2
-        , stop/1
-        , prep_stop/1
-        ]).
-
-start(_Type, _Args) ->
-    {ok, Sup} = emqx_lua_hook_sup:start_link(),
-    emqx_lua_hook:load_scripts(),
-    emqx_lua_hook_cli:load(),
-    {ok, Sup}.
-
-prep_stop(State) ->
-    emqx_lua_hook:unload_scripts(),
-    emqx_lua_hook_cli:unload(),
-    State.
-
-stop(_State) ->
-    ok.
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl b/apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl
deleted file mode 100644
index 83c6fc5ef..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl
+++ /dev/null
@@ -1,88 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook_cli).
-
--export([ load/0
-        , cmd/1
-        , unload/0
-        ]).
-
--include("emqx_lua_hook.hrl").
--include_lib("luerl/src/luerl.hrl").
-
--define(PRINT(Format, Args), io:format(Format, Args)).
--define(PRINT_CMD(Cmd, Descr), io:format("~-48s# ~s~n", [Cmd, Descr])).
--define(USAGE(CmdList), [?PRINT_CMD(Cmd, Descr) || {Cmd, Descr} <- CmdList]).
-
-load() ->
-    emqx_ctl:register_command(luahook, {?MODULE, cmd}, []).
-
-unload() ->
-    emqx_ctl:unregister_command(luahook).
-
-cmd(["load", Script]) ->
-    case emqx_lua_hook:load_script(fullname(Script)) of
-        ok -> emqx_ctl:print("Load ~p successfully~n", [Script]);
-        error -> emqx_ctl:print("Load ~p error~n", [Script])
-    end;
-
-cmd(["reload", Script]) ->
-    FullName = fullname(Script),
-    emqx_lua_hook:unload_script(FullName),
-    case emqx_lua_hook:load_script(FullName) of
-        ok -> emqx_ctl:print("Reload ~p successfully~n", [Script]);
-        error -> emqx_ctl:print("Reload ~p error~n", [Script])
-    end;
-
-cmd(["unload", Script]) ->
-    emqx_lua_hook:unload_script(fullname(Script)),
-    emqx_ctl:print("Unload ~p successfully~n", [Script]);
-
-cmd(["enable", Script]) ->
-    FullName = fullname(Script),
-    case file:rename(fullnamedisable(Script), FullName) of
-        ok -> case emqx_lua_hook:load_script(FullName) of
-                  ok ->
-                      emqx_ctl:print("Enable ~p successfully~n", [Script]);
-                  error ->
-                      emqx_ctl:print("Fail to enable ~p~n", [Script])
-              end;
-        {error, Reason} ->
-            emqx_ctl:print("Fail to enable ~p due to ~p~n", [Script, Reason])
-    end;
-
-cmd(["disable", Script]) ->
-    FullName = fullname(Script),
-    emqx_lua_hook:unload_script(FullName),
-    case file:rename(FullName, fullnamedisable(Script)) of
-        ok ->
-            emqx_ctl:print("Disable ~p successfully~n", [Script]);
-        {error, Reason} ->
-            emqx_ctl:print("Fail to disable ~p due to ~p~n", [Script, Reason])
-    end;
-
-cmd(_) ->
-    emqx_ctl:usage([{"luahook load <Script>",    "load lua script into hook"},
-                    {"luahook unload <Script>",  "unload lua script from hook"},
-                    {"luahook reload <Script>",  "reload lua script into hook"},
-                    {"luahook enable <Script>",  "enable lua script and load it into hook"},
-                    {"luahook disable <Script>", "unload lua script out of hook and disable it"}]).
-
-fullname(Script) ->
-    filename:join([emqx_lua_hook:lua_dir(), Script]).
-fullnamedisable(Script) ->
-    fullname(Script)++".x".
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl b/apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl
deleted file mode 100644
index a10e5731c..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl
+++ /dev/null
@@ -1,35 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook_sup).
-
--behaviour(supervisor).
-
--export([start_link/0]).
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init(_Args) ->
-    {ok, {{one_for_one, 10, 3600},
-          [#{id       => lua_hook,
-             start    => {emqx_lua_hook, start_link, []},
-             restart  => permanent,
-             shutdown => 5000,
-             type     => worker,
-             modules  => [emqx_lua_hook]}]}}.
-
diff --git a/apps/emqx_lua_hook/src/emqx_lua_script.erl b/apps/emqx_lua_hook/src/emqx_lua_script.erl
deleted file mode 100644
index ffc53fc8d..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_script.erl
+++ /dev/null
@@ -1,342 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_script).
-
--include("emqx_lua_hook.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/emqx_mqtt.hrl").
-
--export([ register_on_message_publish/2
-        , register_on_client_connected/2
-        , register_on_client_disconnected/2
-        , register_on_client_subscribe/2
-        , register_on_client_unsubscribe/2
-        , register_on_message_acked/2
-        , register_on_message_delivered/2
-        , register_on_session_subscribed/2
-        , register_on_session_unsubscribed/2
-        , register_on_client_authenticate/2
-        , register_on_client_check_acl/2
-        , unregister_hooks/1
-        ]).
-
--export([ on_client_connected/4
-        , on_client_disconnected/5
-        , on_client_authenticate/4
-        , on_client_check_acl/6
-        , on_client_subscribe/5
-        , on_client_unsubscribe/5
-        , on_session_subscribed/5
-        , on_session_unsubscribed/5
-        , on_message_publish/3
-        , on_message_delivered/4
-        , on_message_acked/4
-        ]).
-
--define(EMPTY_USERNAME, <<"">>).
-
--define(HOOK_ADD(A, B),      emqx:hook(A, B)).
--define(HOOK_DEL(A, B),      emqx:unhook(A, B)).
-
-register_on_client_connected(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.connected', {?MODULE, on_client_connected, [ScriptName, LuaState]}).
-
-register_on_client_disconnected(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.disconnected', {?MODULE, on_client_disconnected, [ScriptName, LuaState]}).
-
-register_on_client_authenticate(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.authenticate', {?MODULE, on_client_authenticate, [ScriptName, LuaState]}).
-
-register_on_client_check_acl(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.check_acl', {?MODULE, on_client_check_acl, [ScriptName, LuaState]}).
-
-register_on_client_subscribe(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.subscribe', {?MODULE, on_client_subscribe, [ScriptName, LuaState]}).
-
-register_on_client_unsubscribe(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.unsubscribe', {?MODULE, on_client_unsubscribe, [ScriptName, LuaState]}).
-
-register_on_session_subscribed(ScriptName, LuaState) ->
-    ?HOOK_ADD('session.subscribed', {?MODULE, on_session_subscribed, [ScriptName, LuaState]}).
-
-register_on_session_unsubscribed(ScriptName, LuaState) ->
-    ?HOOK_ADD('session.unsubscribed', {?MODULE, on_session_unsubscribed, [ScriptName, LuaState]}).
-
-register_on_message_publish(ScriptName, LuaState) ->
-    ?HOOK_ADD('message.publish', {?MODULE, on_message_publish, [ScriptName, LuaState]}).
-
-register_on_message_delivered(ScriptName, LuaState) ->
-    ?HOOK_ADD('message.delivered', {?MODULE, on_message_delivered, [ScriptName, LuaState]}).
-
-register_on_message_acked(ScriptName, LuaState) ->
-    ?HOOK_ADD('message.acked', {?MODULE, on_message_acked, [ScriptName, LuaState]}).
-
-unregister_hooks({ScriptName, LuaState}) ->
-    ?HOOK_DEL('client.connected',     {?MODULE, on_client_connected,     [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.disconnected',  {?MODULE, on_client_disconnected,  [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.authenticate',  {?MODULE, on_client_authenticate,  [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.check_acl',     {?MODULE, on_client_check_acl,     [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.subscribe',     {?MODULE, on_client_subscribe,     [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.unsubscribe',   {?MODULE, on_client_unsubscribe,   [ScriptName, LuaState]}),
-    ?HOOK_DEL('session.subscribed',   {?MODULE, on_session_subscribed,   [ScriptName, LuaState]}),
-    ?HOOK_DEL('session.unsubscribed', {?MODULE, on_session_unsubscribed, [ScriptName, LuaState]}),
-    ?HOOK_DEL('message.publish',      {?MODULE, on_message_publish,      [ScriptName, LuaState]}),
-    ?HOOK_DEL('message.delivered',    {?MODULE, on_message_delivered,    [ScriptName, LuaState]}),
-    ?HOOK_DEL('message.acked',        {?MODULE, on_message_acked,        [ScriptName, LuaState]}).
-
-on_client_connected(ClientInfo = #{clientid := ClientId, username := Username},
-                    ConnInfo, _ScriptName, LuaState) ->
-    ?LOG(debug, "Client(~s) connected, ClientInfo:~n~p~n, ConnInfo:~n~p~n",
-                [ClientId, ClientInfo, ConnInfo]),
-    case catch luerl:call_function([on_client_connected], [ClientId, Username], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_connected(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Lua function on_client_connected() caught exception, ~p", [Other]),
-            ok
-    end.
-
-on_client_disconnected(ClientInfo = #{clientid := ClientId, username := Username},
-                       ReasonCode, ConnInfo, _ScriptName, LuaState) ->
-    ?LOG(debug, "Client(~s) disconnected due to ~p, ClientInfo:~n~p~n, ConnInfo:~n~p~n",
-                [ClientId, ReasonCode, ClientInfo, ConnInfo]),
-    case catch luerl:call_function([on_client_disconnected], [ClientId, Username, ReasonCode], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_disconnected(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Lua function on_client_disconnected() caught exception, ~p", [Other]),
-            ok
-    end.
-
-on_client_authenticate(#{clientid := ClientId,
-                         username := Username,
-                         peerhost := Peerhost,
-                         password := Password}, Result, _ScriptName, LuaState) ->
-    case catch luerl:call_function([on_client_authenticate],
-                                   [ClientId, Username, inet:ntoa(Peerhost), Password], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_authenticate(), which has syntax error, St=~p", [St]),
-            ok;
-        {[<<"ignore">>], _St} ->
-            ok;
-        {[<<"ok">>], _St} ->
-            {stop, Result#{auth_result => success}};
-        Other ->
-            ?LOG(error, "Lua function on_client_authenticate() caught exception, ~p", [Other]),
-            ok
-    end.
-
-on_client_check_acl(#{clientid := ClientId,
-                      username := Username,
-                      peerhost := Peerhost,
-                      password := Password}, Topic, PubSub, _Result, _ScriptName, LuaState) ->
-    case catch luerl:call_function([on_client_check_acl], [ClientId, Username, inet:ntoa(Peerhost), Password, Topic, PubSub], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_check_acl(), which has syntax error, St=~p", [St]),
-            ok;
-        {[<<"ignore">>],_St} ->
-            ok;
-        {[<<"allow">>], _St} ->
-            {stop, allow};
-        {[<<"deny">>], _St} ->
-            {stop, deny};
-        Other ->
-            ?LOG(error, "Lua function on_client_check_acl() caught exception, ~p", [Other]),
-            ok
-    end.
-
-on_client_subscribe(#{clientid := ClientId, username := Username}, _Properties, TopicFilters, _ScriptName, LuaState) ->
-    NewTopicFilters =
-        lists:foldr(fun(TopicFilter, Acc) ->
-                        case on_client_subscribe_single(ClientId, Username, TopicFilter, LuaState) of
-                            false -> Acc;
-                            NewTopicFilter -> [NewTopicFilter | Acc]
-                        end
-                    end, [], TopicFilters),
-    case NewTopicFilters of
-        [] -> stop;
-        _ -> {ok, NewTopicFilters}
-    end.
-
-on_client_subscribe_single(_ClientId, _Username, TopicFilter = {<<$$, _Rest/binary>>, _SubOpts}, _LuaState) ->
-    %% ignore topics starting with $
-    TopicFilter;
-on_client_subscribe_single(ClientId, Username, TopicFilter = {Topic, SubOpts}, LuaState) ->
-    ?LOG(debug, "hook client(~s/~s) will subscribe: ~p~n", [ClientId, Username, Topic]),
-    case catch luerl:call_function([on_client_subscribe], [ClientId, Username, Topic], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_subscribe(), which has syntax error, St=~p", [St]),
-            TopicFilter;
-        {[false], _St} ->
-            false;   % cancel this topic's subscription
-        {[NewTopic], _St} ->
-            ?LOG(debug, "LUA function on_client_subscribe() return ~p", [NewTopic]),
-            {NewTopic, SubOpts};  % modify topic
-        Other ->
-            ?LOG(error, "Lua function on_client_subscribe() caught exception, ~p", [Other]),
-            TopicFilter
-    end.
-
-on_client_unsubscribe(#{clientid := ClientId, username := Username}, _Properties, TopicFilters, _ScriptName, LuaState) ->
-    NewTopicFilters =
-        lists:foldr(fun(TopicFilter, Acc) ->
-                        case on_client_unsubscribe_single(ClientId, Username, TopicFilter, LuaState) of
-                            false -> Acc;
-                            NewTopicFilter -> [NewTopicFilter | Acc]
-                        end
-                    end, [], TopicFilters),
-    case NewTopicFilters of
-        [] -> stop;
-        _ -> {ok, NewTopicFilters}
-    end.
-
-on_client_unsubscribe_single(_ClientId, _Username, TopicFilter = {<<$$, _Rest/binary>>, _SubOpts}, _LuaState) ->
-    %% ignore topics starting with $
-    TopicFilter;
-on_client_unsubscribe_single(ClientId, Username, TopicFilter = {Topic, SubOpts}, LuaState) ->
-    ?LOG(debug, "hook client(~s/~s) unsubscribe ~p~n", [ClientId, Username, Topic]),
-    case catch luerl:call_function([on_client_unsubscribe], [ClientId, Username, Topic], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_unsubscribe(), which has syntax error, St=~p", [St]),
-            TopicFilter;
-        {[false], _St} ->
-            false;   % cancel this topic's unsubscription
-        {[NewTopic], _} ->
-            ?LOG(debug, "Lua function on_client_unsubscribe() return ~p", [NewTopic]),
-            {NewTopic, SubOpts};  % modify topic
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_client_unsubscribe() caught exception, ~p", [Topic, Other]),
-            TopicFilter
-    end.
-
-on_session_subscribed(#{}, <<$$, _Rest/binary>>, _SubOpts, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    ok;
-on_session_subscribed(#{clientid := ClientId, username := Username},
-                      Topic, SubOpts, _ScriptName, LuaState) ->
-    ?LOG(debug, "Session(~s/s) subscribed ~s with subopts: ~p~n", [ClientId, Username, Topic, SubOpts]),
-    case catch luerl:call_function([on_session_subscribed], [ClientId, Username, Topic], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_session_subscribed(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_session_subscribed() caught exception, ~p", [Topic, Other]),
-            ok
-    end.
-
-on_session_unsubscribed(#{}, <<$$, _Rest/binary>>, _SubOpts, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    ok;
-on_session_unsubscribed(#{clientid := ClientId, username := Username},
-                        Topic, _SubOpts, _ScriptName, LuaState) ->
-    ?LOG(debug, "Session(~s/~s) unsubscribed ~s~n", [ClientId, Username, Topic]),
-    case catch luerl:call_function([on_session_unsubscribed], [ClientId, Username, Topic], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_session_unsubscribed(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_session_unsubscribed() caught exception, ~p", [Topic, Other]),
-            ok
-    end.
-
-on_message_publish(Message = #message{topic = <<$$, _Rest/binary>>}, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    {ok, Message};
-on_message_publish(Message = #message{from = ClientId,
-                                      qos = QoS,
-                                      flags = Flags = #{retain := Retain},
-                                      topic = Topic,
-                                      payload = Payload,
-                                      headers = Headers},
-                   _ScriptName, LuaState) ->
-    Username = maps:get(username, Headers, ?EMPTY_USERNAME),
-    ?LOG(debug, "Publish ~s~n", [emqx_message:format(Message)]),
-    case catch luerl:call_function([on_message_publish], [ClientId, Username, Topic, Payload, QoS, Retain], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_message_publish(), which has syntax error, St=~p", [St]),
-            {ok, Message};
-        {[false], _St} ->
-            {stop, Message};
-        {[NewTopic, NewPayload, NewQos, NewRetain], _St} ->
-            ?LOG(debug, "Lua function on_message_publish() return ~p", [{NewTopic, NewPayload, NewQos, NewRetain}]),
-            {ok, Message#message{topic = NewTopic, payload = NewPayload,
-                                 qos = round(NewQos), flags = Flags#{retain => to_retain(NewRetain)}}};
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_message_publish caught exception, ~p", [Topic, Other]),
-            {ok, Message}
-    end.
-
-on_message_delivered(#{}, #message{topic = <<$$, _Rest/binary>>}, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    ok;
-on_message_delivered(#{clientid := ClientId, username := Username},
-                   Message = #message{topic = Topic, payload = Payload, qos = QoS, flags = Flags = #{retain := Retain}},
-                   _ScriptName, LuaState) ->
-    ?LOG(debug, "Message delivered to client(~s): ~s~n",
-                [ClientId, emqx_message:format(Message)]),
-    case catch luerl:call_function([on_message_delivered], [ClientId, Username, Topic, Payload, QoS, Retain], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_message_delivered(), which has syntax error, St=~p", [St]),
-            ok;
-        {[false], _St} ->
-            ok;
-        {[NewTopic, NewPayload, NewQos, NewRetain], _St} ->
-            {ok, Message#message{topic = NewTopic, payload = NewPayload,
-                                 qos = round(NewQos), flags = Flags#{retain => to_retain(NewRetain)}}};
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_message_delivered() caught exception, ~p", [Topic, Other]),
-            ok
-    end.
-
-on_message_acked(#{}, #message{topic = <<$$, _Rest/binary>>}, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    ok;
-on_message_acked(#{clientid := ClientId, username := Username},
-                 Message = #message{topic = Topic, payload = Payload, qos = QoS, flags = #{retain := Retain}}, _ScriptName, LuaState) ->
-    ?LOG(debug, "Message acked by client(~s): ~s~n",
-                [ClientId, emqx_message:format(Message)]),
-    case catch luerl:call_function([on_message_acked], [ClientId, Username, Topic, Payload, QoS, Retain], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_message_acked(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_message_acked() caught exception, ~p", [Topic, Other]),
-            ok
-    end.
-
-to_retain(0) -> false;
-to_retain(1) -> true;
-to_retain("true") -> true;
-to_retain("false") -> false;
-to_retain(<<"true">>) -> true;
-to_retain(<<"false">>) -> false;
-to_retain(true) -> true;
-to_retain(false) -> false;
-to_retain(Num) when is_float(Num) ->
-    case round(Num) of 0 -> false; _ -> true end.
diff --git a/apps/emqx_lua_hook/test/emqx_lua_hook_SUITE.erl b/apps/emqx_lua_hook/test/emqx_lua_hook_SUITE.erl
deleted file mode 100644
index 5e6681aed..000000000
--- a/apps/emqx_lua_hook/test/emqx_lua_hook_SUITE.erl
+++ /dev/null
@@ -1,693 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/emqx_mqtt.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
-all() ->
-    [case01, case02, case03, case04,
-     case11, case12, case13,
-     case21, case22,
-     case31, case32,
-     case41, case42, case43,
-     case51, case52, case53,
-     case61, case62,
-     case71, case72, case73,
-     case81, case82, case83,
-     case101,
-     case110, case111, case112, case113, case114, case115,
-     case201, case202, case203, case204, case205,
-     case301, case302
-    ].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_lua_hook], fun set_special_configs/1),
-    Config.
-
-end_per_suite(Config) ->
-    emqx_ct_helpers:stop_apps([emqx_lua_hook]),
-    Config.
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, modules, []);
-set_special_configs(_App) ->
-    ok.
-
-init_per_testcase(_, Config) ->
-    ok = filelib:ensure_dir(filename:join([emqx_lua_hook:lua_dir(), "a"])),
-    emqx_lua_hook:start_link(),
-    Config.
-
-end_per_testcase(_, _Config) ->
-    emqx_lua_hook:stop(),
-    AllScripts = filelib:wildcard(filename:join([emqx_lua_hook:lua_dir(), "*"])),
-    [file:delete(Filename) || Filename <- AllScripts].
-
-case01(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(ClientId, Username, topic, payload, qos, retain)"
-            "\n    return topic, \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{from = <<"myclient">>, qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{username => <<"tester">>}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{payload = <<"hello">>}, Ret).
-
-case02(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{from = <<"myclient">>, qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{username => <<"tester">>}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret).
-
-case03(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =  "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{from = <<"myclient">>, qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{username => <<"tester">>}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret).
-
-case04(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    if clientid == \"broker\" then"
-            "\n        return topic, \"hello broker\", qos, retain"
-            "\n    else"
-            "\n        return false"     % return false to stop hook
-            "\n    end"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{from = <<"broker">>, qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{username => <<"tester">>}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{payload = <<"hello broker">>}, Ret).
-
-case11(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_delivered(clientid, username, topic, payload, qos, retain)"
-            "\n    return false"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_delivered\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.delivered', [#{clientid => <<"myclient">>, username => <<"myuser">>}], Msg),
-    ?assertEqual(Msg, Ret),
-    ok = file:delete(ScriptName).
-
-case12(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_delivered(clientid, username, topic, payload, qos, retain)"
-            "\n    return topic, \"hello broker\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_delivered\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.delivered', [#{clientid => <<"myclient">>, username => <<"myuser">>}], Msg),
-    ?assertEqual(Msg#message{payload = <<"hello broker">>}, Ret).
-
-case13(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_delivered(clientid, username, topic, payload, qos, retain)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_delivered\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.delivered', [#{clientid => <<"myclient">>, username => <<"myuser">>}], Msg),
-    ?assertEqual(Msg, Ret).
-
-case21(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_acked(clientid, username, topic, payload, qos, retain)"
-            "\n    return true"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_acked\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run('message.acked', [#{clientid => <<"myclient">>, username => <<"myuser">>}, Msg]),
-    ?assertEqual(ok, Ret).
-
-case22(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_acked(clientid, username, topic, payload, qos, retain)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_acked\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run('message.acked', [#{clientid => <<"myclient">>, username => <<"myuser">>}, Msg]),
-    ?assertEqual(ok, Ret),
-    ok = file:delete(ScriptName).
-
-case31(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_connected(clientid, username)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_connected\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    ?assertEqual(ok, 
-                 emqx_hooks:run('client.connected', 
-                                [#{clientid => <<"myclient">>, username => <<"tester">>}, #{}])).
-
-case32(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_connected(clientid, username)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_connected\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    ?assertEqual(ok, 
-                 emqx_hooks:run('client.connected', 
-                                [#{clientid => <<"myclient">>, username => <<"tester">>}, #{}])).
-
-case41(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_subscribe(clientid, username, topic)"
-            "\n    if topic == \"a/b/c\" then"
-            "\n        topic = \"a1/b1/c1\";"
-            "\n    end"
-            "\n    return topic"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual([{<<"a1/b1/c1">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}], Ret).
-
-case42(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_subscribe(clientid, username, topic)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual(TopicTable, Ret).
-
-case43(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_subscribe(clientid, username, topic)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual(TopicTable, Ret).
-
-case51(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_unsubscribe(clientid, username, topic)"
-            "\n    if topic == \"a/b/c\" then"
-            "\n        topic = \"a1/b1/c1\";"
-            "\n    end"
-            "\n    return topic"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_unsubscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.unsubscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual([{<<"a1/b1/c1">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}], Ret).
-
-case52(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_unsubscribe(clientid, username, topic)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_unsubscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.unsubscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual(TopicTable, Ret).
-
-case53(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_unsubscribe(clientid, username, topic)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_unsubscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.unsubscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual(TopicTable, Ret).
-
-case61(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_disconnected(clientid, username, reasoncode)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_disconnected\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    ?assertEqual(ok, 
-                 emqx_hooks:run('client.disconnected', 
-                                [#{clientid => <<"myclient">>, username => <<"tester">>}, 0])).
-
-case62(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_disconnected(clientid, username, reasoncode)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_disconnected\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    ?assertEqual(ok, 
-                 emqx_hooks:run('client.disconnected', 
-                                [#{clientid => <<"myclient">>, username => <<"tester">>}, 0])).
-
-case71(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_subscribed(clientid, username, topic)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_subscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case72(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_subscribed(clientid, username, topic)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_subscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case73(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_subscribed(clientid, username, topic)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_subscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case81(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_unsubscribed(clientid, username, topic)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_unsubscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.unsubscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case82(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_unsubscribed(clientid, username, topic)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_unsubscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.unsubscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case83(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_unsubscribed(clientid, username, topic)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_unsubscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.unsubscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case101(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    ScriptName2 = filename:join([emqx_lua_hook:lua_dir(), "mn.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return topic, \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code),
-
-    Code2 =    "function on_client_subscribe(clientid, username, topic)"
-            "\n    if topic == \"a/b/c\" then"
-            "\n        topic = \"a1/b1/c1\";"
-            "\n    end"
-            "\n    return topic"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName2, Code2), ok = emqx_lua_hook:load_scripts(),
-
-    Ret = emqx_hooks:run_fold('message.publish',[], #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}}),
-    ?assertEqual(#message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"hello">>, headers = #{}}, Ret),
-
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret2 = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual([{<<"a1/b1/c1">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}], Ret2).
-
-case110(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{topic = <<"changed/topic">>, payload = <<"hello">>}, Ret).
-
-case111(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =  " function on_message_publish(topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    emqx_ctl:run_command(["luahook", "unload", ScriptName]),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret).
-
-case112(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =  " function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    emqx_ctl:run_command(["luahook", "unload", "abc.lua"]),
-    timer:sleep(100),
-    emqx_ctl:run_command(["luahook", "load", "abc.lua"]),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{topic = <<"changed/topic">>, payload = <<"hello">>}, Ret).
-
-case113(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    ScriptDisabled = ScriptName ++ ".x",
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-                "\n    return \"changed/topic\", \"hello\", qos, retain"
-                "\nend"
-                "\n"
-                "\nfunction register_hook()"
-                "\n    return \"on_message_publish\""
-                "\nend",
-    ok = file:write_file(ScriptName, Code),
-    file:delete(ScriptDisabled),
-    emqx_ctl:run_command(["luahook", "disable", "abc.lua"]),   % this command will rename "abc.lua" to "abc.lua.x"
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret),
-    true = filelib:is_file(ScriptDisabled).
-
-case114(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua.x"]),     % disabled script
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    emqx_ctl:run_command(["luahook", "enable", "abc.lua"]),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{topic = <<"changed/topic">>, payload = <<"hello">>}, Ret).
-
-case115(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "function on_client_subscribe(ClientId, Username, Topic)"
-            "\n    return \"play/football\""
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\", \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    emqx_ctl:run_command(["luahook", "reload", "abc.lua"]),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{topic = <<"changed/topic">>, payload = <<"hello">>}, Ret),
-
-    TopicTable = [{<<"d/+/e">>, [{qos, 2}]}],
-    Ret2 = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual([{<<"play/football">>, [{qos, 2}]}], Ret2).
-
-case201(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_subscribed(clientid, username, topic)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction on_session_subscribed1()"  % register_hook() is missing
-            "\n    return \"on_session_subscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case202(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function abc(clientid, username, topic)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\n9/0",   % error code
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case203(_Config) ->
-    file:del_dir(emqx_lua_hook:lua_dir()),  % if this dir is not exist, what will happen?
-    emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case204(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return topic, payload .. \"_Z\", qos, retain"
-            "\nend"
-            "\n"
-            "function on_client_subscribe(ClientId, Username, Topic)"
-            "\n    return \"play/football\""
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\", \"on_client_subscribe\", \"on_message_publish\""  % if 2 on_message_publish() are registered, what will happend?
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{payload = <<"123_Z">>}, Ret).
-
-case205(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return topic, \"hello\", qos, retain"
-            "\nend_with_error"  %% syntax error
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\", \"on_client_subscribe\", \"on_message_publish\""  % if 2 on_message_publish() are registered, what will happend?
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret).
-
-case301(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =   "function on_client_authenticate(clientid, username, peerhost, password)"
-           "\n    return \"ok\""
-           "\nend"
-           "\n"
-           "\nfunction register_hook()"
-           "\n    return \"on_client_authenticate\""
-           "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    ClientInfo = #{clientid => undefined,
-                   username => <<"test">>,
-                   peerhost => {127, 0, 0, 1},
-                   password => <<"mqtt">>
-                  },
-    Result = #{auth_result => success, anonymous => true},
-    ?assertEqual(Result#{auth_result => success},
-                 emqx_hooks:run_fold('client.authenticate', [ClientInfo], Result)).
-
-case302(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =   "function on_client_check_acl(clientid, username, peerhost, password, topic, pubsub)"
-           "\n    return \"allow\""
-           "\nend"
-           "\n"
-           "\nfunction register_hook()"
-           "\n    return \"on_client_check_acl\""
-           "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    ClientInfo = #{clientid => undefined,
-                   username => <<"test">>,
-                   peerhost => {127, 0, 0, 1},
-                   password => <<"mqtt">>
-                  },
-    ?assertEqual(allow, emqx_hooks:run_fold('client.check_acl',
-                                            [ClientInfo, publish, <<"mytopic">>], deny)).
diff --git a/rebar.config.erl b/rebar.config.erl
index 7a473cc6a..754735d4a 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -256,8 +256,7 @@ relx_apps(ReleaseType) ->
     ++ [{N, load} || N <- relx_plugin_apps(ReleaseType)].
 
 relx_apps_per_rel(cloud) ->
-    [ luerl
-    , xmerl
+    [ xmerl
     | [{observer, load} || is_app(observer)]
     ];
 relx_apps_per_rel(edge) ->
@@ -290,7 +289,6 @@ relx_plugin_apps(ReleaseType) ->
 
 relx_plugin_apps_per_rel(cloud) ->
     [ emqx_lwm2m
-    , emqx_lua_hook
     , emqx_exhook
     , emqx_exproto
     , emqx_prometheus

From 5aa4565e84a2f300fc77e92021c82bb59abea3eb Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Thu, 10 Jun 2021 11:29:31 +0800
Subject: [PATCH 036/174] chore: remove lager schema info

---
 priv/emqx.schema | 2470 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 2470 insertions(+)
 create mode 100644 priv/emqx.schema

diff --git a/priv/emqx.schema b/priv/emqx.schema
new file mode 100644
index 000000000..2d67c9677
--- /dev/null
+++ b/priv/emqx.schema
@@ -0,0 +1,2470 @@
+%%-*- mode: erlang -*-
+%% EMQ X R4.0 config mapping
+
+%%--------------------------------------------------------------------
+%% Cluster
+%%--------------------------------------------------------------------
+
+%% @doc Cluster name
+{mapping, "cluster.name", "ekka.cluster_name", [
+  {default, emqxcl},
+  {datatype, atom}
+]}.
+
+%% @doc Cluster discovery
+{mapping, "cluster.discovery", "ekka.cluster_discovery", [
+  {default, manual},
+  {datatype, atom}
+]}.
+
+%% @doc Clean down node from the cluster
+{mapping, "cluster.autoclean", "ekka.cluster_autoclean", [
+  {datatype, {duration, ms}}
+]}.
+
+%% @doc Cluster autoheal
+{mapping, "cluster.autoheal", "ekka.cluster_autoheal", [
+  {datatype, flag},
+  {default, off}
+]}.
+
+%%--------------------------------------------------------------------
+%% Cluster by static node list
+
+{mapping, "cluster.static.seeds", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+%%--------------------------------------------------------------------
+%% Cluster by UDP Multicast
+
+{mapping, "cluster.mcast.addr", "ekka.cluster_discovery", [
+  {default, "239.192.0.1"},
+  {datatype, string}
+]}.
+
+{mapping, "cluster.mcast.ports", "ekka.cluster_discovery", [
+  {default, "4369"},
+  {datatype, string}
+]}.
+
+{mapping, "cluster.mcast.iface", "ekka.cluster_discovery", [
+  {datatype, string},
+  {default, "0.0.0.0"}
+]}.
+
+{mapping, "cluster.mcast.ttl", "ekka.cluster_discovery", [
+  {datatype, integer},
+  {default, 255}
+]}.
+
+{mapping, "cluster.mcast.loop", "ekka.cluster_discovery", [
+  {datatype, flag},
+  {default, on}
+]}.
+
+{mapping, "cluster.mcast.sndbuf", "ekka.cluster_discovery", [
+  {datatype, bytesize},
+  {default, "16KB"}
+]}.
+
+{mapping, "cluster.mcast.recbuf", "ekka.cluster_discovery", [
+  {datatype, bytesize},
+  {default, "16KB"}
+]}.
+
+{mapping, "cluster.mcast.buffer", "ekka.cluster_discovery", [
+  {datatype, bytesize},
+  {default, "32KB"}
+]}.
+
+%%--------------------------------------------------------------------
+%% Cluster by DNS A Record
+
+{mapping, "cluster.dns.name", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+%% @doc The erlang distributed protocol
+{mapping, "cluster.proto_dist", "ekka.proto_dist", [
+  {default, "inet_tcp"},
+  {datatype, {enum, [inet_tcp, inet6_tcp, inet_tls]}},
+  hidden
+]}.
+
+{mapping, "cluster.dns.app", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+%%--------------------------------------------------------------------
+%% Cluster using etcd
+
+{mapping, "cluster.etcd.server", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+{mapping, "cluster.etcd.prefix", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+{mapping, "cluster.etcd.node_ttl", "ekka.cluster_discovery", [
+  {datatype, {duration, ms}},
+  {default, "1m"}
+]}.
+
+{mapping, "cluster.etcd.ssl.keyfile", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+{mapping, "cluster.etcd.ssl.certfile", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+{mapping, "cluster.etcd.ssl.cacertfile", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+%%--------------------------------------------------------------------
+%% Cluster on K8s
+
+{mapping, "cluster.k8s.apiserver", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+{mapping, "cluster.k8s.service_name", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+{mapping, "cluster.k8s.address_type", "ekka.cluster_discovery", [
+  {datatype, {enum, [ip, dns, hostname]}}
+]}.
+
+{mapping, "cluster.k8s.app_name", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+{mapping, "cluster.k8s.namespace", "ekka.cluster_discovery", [
+  {datatype, string}
+]}.
+
+{mapping, "cluster.k8s.suffix", "ekka.cluster_discovery", [
+    {datatype, string},
+    {default, ""}
+  ]}.
+
+{translation, "ekka.cluster_discovery", fun(Conf) ->
+  Strategy = cuttlefish:conf_get("cluster.discovery", Conf),
+  Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
+  IpPort = fun(S) ->
+             [Addr, Port] = string:tokens(S, ":"),
+             {ok, Ip} = inet:parse_address(Addr),
+             {Ip, Port}
+           end,
+  Options = fun(static) ->
+                 [{seeds, [list_to_atom(S) || S <- string:tokens(cuttlefish:conf_get("cluster.static.seeds", Conf, ""), ",")]}];
+               (mcast) ->
+                 {ok, Addr} = inet:parse_address(cuttlefish:conf_get("cluster.mcast.addr", Conf)),
+                 {ok, Iface} = inet:parse_address(cuttlefish:conf_get("cluster.mcast.iface", Conf)),
+                 Ports = [list_to_integer(S) || S <- string:tokens(cuttlefish:conf_get("cluster.mcast.ports", Conf), ",")],
+                 [{addr, Addr}, {ports, Ports}, {iface, Iface},
+                  {ttl, cuttlefish:conf_get("cluster.mcast.ttl", Conf, 1)},
+                  {loop, cuttlefish:conf_get("cluster.mcast.loop", Conf, true)}];
+               (dns) ->
+                 [{name, cuttlefish:conf_get("cluster.dns.name", Conf)},
+                  {app, cuttlefish:conf_get("cluster.dns.app", Conf)}];
+               (etcd) ->
+                 SslOpts = fun(Conf) ->
+                              Options = cuttlefish_variable:filter_by_prefix("cluster.etcd.ssl", Conf),
+                              lists:map(fun({["cluster", "etcd", "ssl", Name], Value}) ->
+                                            {list_to_atom(Name), Value}
+                                        end, Options)
+                            end,
+                 [{server, string:tokens(cuttlefish:conf_get("cluster.etcd.server", Conf), ",")},
+                  {prefix, cuttlefish:conf_get("cluster.etcd.prefix", Conf, "emqcl")},
+                  {node_ttl, cuttlefish:conf_get("cluster.etcd.node_ttl", Conf, 60)},
+                  {ssl_options, SslOpts(Conf)}];
+               (k8s) ->
+                 [{apiserver, cuttlefish:conf_get("cluster.k8s.apiserver", Conf)},
+                  {service_name, cuttlefish:conf_get("cluster.k8s.service_name", Conf)},
+                  {address_type, cuttlefish:conf_get("cluster.k8s.address_type", Conf, ip)},
+                  {app_name, cuttlefish:conf_get("cluster.k8s.app_name", Conf)},
+                  {namespace, cuttlefish:conf_get("cluster.k8s.namespace", Conf)},
+                  {suffix, cuttlefish:conf_get("cluster.k8s.suffix", Conf, "")}];
+               (manual) ->
+                 [ ]
+            end,
+  {Strategy, Filter(Options(Strategy))}
+end}.
+
+%%--------------------------------------------------------------------
+%% Node
+%%--------------------------------------------------------------------
+
+%% @doc Node name
+{mapping, "node.name", "vm_args.-name", [
+  {default, "emqx@127.0.0.1"},
+  {override_env, "NODE_NAME"}
+]}.
+
+%% @doc Specify SSL Options in the file if using SSL for erlang distribution
+{mapping, "node.ssl_dist_optfile", "vm_args.-ssl_dist_optfile", [
+  {datatype, string},
+  hidden
+]}.
+
+%% @doc Secret cookie for distributed erlang node
+{mapping, "node.cookie", "vm_args.-setcookie", [
+  {default, "emqxsecretcookie"},
+  {override_env, "NODE_COOKIE"}
+]}.
+
+{mapping, "node.data_dir", "emqx.data_dir", [
+  {datatype, string}
+]}.
+
+%% @doc http://erlang.org/doc/man/heart.html
+{mapping, "node.heartbeat", "vm_args.-heart", [
+  {datatype, flag},
+  hidden
+]}.
+
+{translation, "vm_args.-heart", fun(Conf) ->
+    case cuttlefish:conf_get("node.heartbeat", Conf) of
+        true  -> "";
+        false -> cuttlefish:invalid("should be 'on' or comment the line!")
+    end
+end}.
+
+%% @doc More information at: http://erlang.org/doc/man/erl.html
+{mapping, "node.async_threads", "vm_args.+A", [
+  {datatype, integer},
+  {validators, ["range:0-1024"]}
+]}.
+
+%% @doc Erlang Process Limit
+{mapping, "node.process_limit", "vm_args.+P", [
+  {datatype, integer},
+  hidden
+]}.
+
+%% @doc The maximum number of concurrent ports/sockets.
+%% Valid range is 1024-134217727
+{mapping, "node.max_ports", "vm_args.+Q", [
+  {datatype, integer},
+  {validators, ["range4ports"]},
+  {override_env, "MAX_PORTS"}
+]}.
+
+{validator, "range4ports", "must be 1024 to 134217727",
+ fun(X) -> X >= 1024 andalso X =< 134217727 end}.
+
+%% @doc http://www.erlang.org/doc/man/erl.html#%2bzdbbl
+{mapping, "node.dist_buffer_size", "vm_args.+zdbbl", [
+  {datatype, bytesize},
+  {commented, "32MB"},
+  hidden,
+  {validators, ["zdbbl_range"]}
+]}.
+
+{translation, "vm_args.+zdbbl",
+ fun(Conf) ->
+  ZDBBL = cuttlefish:conf_get("node.dist_buffer_size", Conf, undefined),
+  case ZDBBL of
+    undefined -> undefined;
+    X when is_integer(X) -> cuttlefish_util:ceiling(X / 1024); %% Bytes to Kilobytes;
+    _ -> undefined
+  end
+ end}.
+
+{validator, "zdbbl_range", "must be between 1KB and 2097151KB",
+ fun(ZDBBL) ->
+  %% 2097151KB = 2147482624
+  ZDBBL >= 1024 andalso ZDBBL =< 2147482624
+ end
+}.
+
+%% @doc Global GC Interval
+{mapping, "node.global_gc_interval", "emqx.global_gc_interval", [
+  {datatype, {duration, s}}
+]}.
+
+%% @doc http://www.erlang.org/doc/man/erlang.html#system_flag-2
+{mapping, "node.fullsweep_after", "vm_args.-env ERL_FULLSWEEP_AFTER", [
+  {default, 1000},
+  {datatype, integer},
+  hidden,
+  {validators, ["positive_integer"]}
+]}.
+
+{validator, "positive_integer", "must be a positive integer",
+  fun(X) -> X >= 0 end}.
+
+%% Note: OTP R15 and earlier uses -env ERL_MAX_ETS_TABLES,
+%% R16+ uses +e
+%% @doc The ETS table limit
+{mapping, "node.max_ets_tables",
+  cuttlefish:otp("R16", "vm_args.+e", "vm_args.-env ERL_MAX_ETS_TABLES"), [
+  {default, 256000},
+  {datatype, integer},
+  hidden
+]}.
+
+%% @doc Set the location of crash dumps
+{mapping, "node.crash_dump", "vm_args.-env ERL_CRASH_DUMP", [
+  {default, "{{crash_dump}}"},
+  {datatype, file},
+  hidden
+]}.
+
+%% @doc http://www.erlang.org/doc/man/kernel_app.html#net_ticktime
+{mapping, "node.dist_net_ticktime", "vm_args.-kernel net_ticktime", [
+  {datatype, integer},
+  hidden
+]}.
+
+%% @doc http://www.erlang.org/doc/man/kernel_app.html
+{mapping, "node.dist_listen_min", "kernel.inet_dist_listen_min", [
+  {commented, 6369},
+  {datatype, integer},
+  hidden
+]}.
+
+%% @see node.dist_listen_min
+{mapping, "node.dist_listen_max", "kernel.inet_dist_listen_max", [
+  {commented, 6369},
+  {datatype, integer},
+  hidden
+]}.
+
+{mapping, "node.backtrace_depth", "emqx.backtrace_depth", [
+  {default, 16},
+  {datatype, integer}
+]}.
+
+%%--------------------------------------------------------------------
+%% RPC
+%%--------------------------------------------------------------------
+
+%% RPC Mode.
+{mapping, "rpc.mode", "emqx.rpc_mode", [
+  {default, async},
+  {datatype, {enum, [sync, async]}}
+]}.
+
+{mapping, "rpc.async_batch_size", "gen_rpc.max_batch_size", [
+  {default, 256},
+  {datatype, integer}
+]}.
+
+{mapping, "rpc.port_discovery", "gen_rpc.port_discovery", [
+  {default, stateless},
+  {datatype, {enum, [manual, stateless]}}
+]}.
+
+%% RPC server port.
+{mapping, "rpc.tcp_server_port", "gen_rpc.tcp_server_port", [
+  {default, 5369},
+  {datatype, integer}
+]}.
+
+%% Number of tcp connections when connecting to RPC server
+{mapping, "rpc.tcp_client_num", "gen_rpc.tcp_client_num", [
+  {default, 0},
+  {datatype, integer},
+  {validators, ["range:gt_0_lt_256"]}
+]}.
+
+{translation, "gen_rpc.tcp_client_num", fun(Conf) ->
+  case cuttlefish:conf_get("rpc.tcp_client_num", Conf) of
+    0 -> max(1, erlang:system_info(schedulers) div 2);
+    V -> V
+  end
+end}.
+
+%% Client connect timeout
+{mapping, "rpc.connect_timeout", "gen_rpc.connect_timeout", [
+  {default, "5s"},
+  {datatype, {duration, ms}}
+]}.
+
+%% Client and Server send timeout
+{mapping, "rpc.send_timeout", "gen_rpc.send_timeout", [
+  {default, 5000},
+  {datatype, {duration, ms}}
+]}.
+
+%% Authentication timeout
+{mapping, "rpc.authentication_timeout", "gen_rpc.authentication_timeout", [
+  {default, 5000},
+  {datatype, {duration, ms}}
+]}.
+
+%% Default receive timeout for call() functions
+{mapping, "rpc.call_receive_timeout", "gen_rpc.call_receive_timeout", [
+  {default, 15000},
+  {datatype, {duration, ms}}
+]}.
+
+%% Socket keepalive configuration
+{mapping, "rpc.socket_keepalive_idle", "gen_rpc.socket_keepalive_idle", [
+  {default, 7200},
+  {datatype, {duration, s}}
+]}.
+
+%% Seconds between probes
+{mapping, "rpc.socket_keepalive_interval", "gen_rpc.socket_keepalive_interval", [
+  {default, 75},
+  {datatype, {duration, s}}
+]}.
+
+%% Probes lost to close the connection
+{mapping, "rpc.socket_keepalive_count", "gen_rpc.socket_keepalive_count", [
+  {default, 9},
+  {datatype, integer}
+]}.
+
+%% Size of TCP send buffer
+{mapping, "rpc.socket_sndbuf", "gen_rpc.socket_sndbuf", [
+  {default, "1MB"},
+  {datatype, bytesize}
+]}.
+
+%% Size of TCP receive buffer
+{mapping, "rpc.socket_recbuf", "gen_rpc.socket_recbuf", [
+  {default, "1MB"},
+  {datatype, bytesize}
+]}.
+
+%% Size of TCP receive buffer
+{mapping, "rpc.socket_buffer", "gen_rpc.socket_buffer", [
+  {default, "1MB"},
+  {datatype, bytesize}
+]}.
+
+{validator, "range:gt_0_lt_256", "must greater than 0 and less than 256",
+  fun(X) -> X >= 0 andalso X < 256 end
+}.
+
+%% Force client to use server listening port, because we do no provide
+%% per-node listening port manual mapping from configs.
+%% i.e. all nodes in the cluster should agree to the same
+%% listening port number.
+{translation, "gen_rpc.tcp_client_port", fun(_, _, Conf) ->
+    cuttlefish:conf_get("rpc.tcp_server_port", Conf)
+end}.
+
+%%--------------------------------------------------------------------
+%% Log
+%%--------------------------------------------------------------------
+
+{mapping, "log.to", "kernel.logger", [
+  {default, file},
+  {datatype, {enum, [file, console, both]}}
+]}.
+
+{mapping, "log.level", "kernel.logger", [
+  {default, warning},
+  {datatype, {enum, [debug, info, notice, warning, error, critical, alert, emergency, all]}}
+]}.
+
+{mapping, "log.primary_log_level", "kernel.logger_level", [
+   {default, warning},
+   {datatype, {enum, [debug, info, notice, warning, error, critical, alert, emergency, all]}}
+]}.
+
+{mapping, "log.dir", "kernel.logger", [
+  {default, "log"},
+  {datatype, string}
+]}.
+
+{mapping, "log.file", "kernel.logger", [
+  {default, "emqx.log"},
+  {datatype, file}
+]}.
+
+{mapping, "log.chars_limit", "kernel.logger", [
+  {default, -1},
+  {datatype, integer}
+]}.
+
+{mapping, "log.supervisor_reports", "kernel.logger", [
+  {default, error},
+  {datatype, {enum, [error, progress]}},
+  hidden
+]}.
+
+%% @doc Maximum depth in Erlang term log formatting
+%% and message queue inspection.
+{mapping, "log.max_depth", "kernel.error_logger_format_depth", [
+  {default, 20},
+  {datatype, [{enum, [unlimited]}, integer]}
+]}.
+
+%% @doc format logs as JSON objects
+{mapping, "log.formatter", "kernel.logger", [
+  {default, text},
+  {datatype, {enum, [text, json]}}
+]}.
+
+%% @doc format logs in a single line.
+{mapping, "log.single_line", "kernel.logger", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "log.rotation", "kernel.logger", [
+  {default, on},
+  {datatype, flag}
+]}.
+
+{mapping, "log.rotation.size", "kernel.logger", [
+  {default, "10MB"},
+  {datatype, bytesize}
+]}.
+
+{mapping, "log.size", "kernel.logger", [
+  {default, infinity},
+  {datatype, [bytesize, atom]}
+]}.
+
+{mapping, "log.rotation.count", "kernel.logger", [
+  {default, 5},
+  {datatype, integer}
+]}.
+
+{mapping, "log.$level.file", "kernel.logger", [
+  {datatype, file}
+]}.
+
+{mapping, "log.sync_mode_qlen", "kernel.logger", [
+  {default, 100},
+  {datatype, integer}
+]}.
+
+{mapping, "log.drop_mode_qlen", "kernel.logger", [
+  {default, 3000},
+  {datatype, integer}
+]}.
+
+{mapping, "log.flush_qlen", "kernel.logger", [
+  {default, 8000},
+  {datatype, integer}
+]}.
+
+{mapping, "log.overload_kill", "kernel.logger", [
+  {default, on},
+  {datatype, flag}
+]}.
+
+{mapping, "log.overload_kill_mem_size", "kernel.logger", [
+  {default, "30MB"},
+  {datatype, bytesize}
+]}.
+
+{mapping, "log.overload_kill_qlen", "kernel.logger", [
+  {default, 20000},
+  {datatype, integer}
+]}.
+
+{mapping, "log.overload_kill_restart_after", "kernel.logger", [
+  {default, "5s"},
+  {datatype, [{duration, ms}, atom]}
+]}.
+
+{mapping, "log.burst_limit", "kernel.logger", [
+  {default, "disabled"},
+  {datatype, string}
+]}.
+
+{mapping, "log.error_logger", "kernel.error_logger", [
+  {default, silent},
+  {datatype, {enum, [silent]}},
+  hidden
+]}.
+
+{translation, "kernel.logger_level", fun(_, _, Conf) ->
+    cuttlefish:conf_get("log.level", Conf)
+end}.
+
+{translation, "kernel.logger", fun(Conf) ->
+    LogTo = cuttlefish:conf_get("log.to", Conf),
+    LogLevel = cuttlefish:conf_get("log.level", Conf),
+    LogType = case cuttlefish:conf_get("log.rotation", Conf) of
+                  true -> wrap;
+                  false -> halt
+              end,
+    CharsLimit = case cuttlefish:conf_get("log.chars_limit", Conf) of
+                     -1 -> unlimited;
+                     V -> V
+                 end,
+    SingleLine = cuttlefish:conf_get("log.single_line", Conf),
+    FmtName = cuttlefish:conf_get("log.formatter", Conf),
+    Formatter =
+    case FmtName of
+        json ->
+            {emqx_logger_jsonfmt,
+                  #{chars_limit => CharsLimit,
+                    single_line => SingleLine
+                   }};
+        text ->
+            {emqx_logger_textfmt,
+                  #{template =>
+                      [time," [",level,"] ",
+                       {clientid,
+                          [{peername,
+                              [clientid,"@",peername," "],
+                              [clientid, " "]}],
+                          [{peername,
+                              [peername," "],
+                              []}]},
+                       msg,"\n"],
+                    chars_limit => CharsLimit,
+                    single_line => SingleLine
+                   }}
+    end,
+    {BustLimitOn, {MaxBurstCount, TimeWindow}} =
+        case string:tokens(cuttlefish:conf_get("log.burst_limit", Conf), ", ") of
+            ["disabled"] -> {false, {20000, 1000}};
+            [Count, Window] ->
+                {true, {list_to_integer(Count),
+                        case cuttlefish_duration:parse(Window, ms) of
+                          Secs when is_integer(Secs) -> Secs;
+                          {error, Reason1} -> error(Reason1)
+                        end}}
+        end,
+    FileConf =  fun(Filename) ->
+                  BasicConf =
+                  #{type => LogType,
+                    file => filename:join(cuttlefish:conf_get("log.dir", Conf), Filename),
+                    max_no_files => cuttlefish:conf_get("log.rotation.count", Conf),
+                    sync_mode_qlen => cuttlefish:conf_get("log.sync_mode_qlen", Conf),
+                    drop_mode_qlen => cuttlefish:conf_get("log.drop_mode_qlen", Conf),
+                    flush_qlen => cuttlefish:conf_get("log.flush_qlen", Conf),
+                    overload_kill_enable => cuttlefish:conf_get("log.overload_kill", Conf),
+                    overload_kill_qlen => cuttlefish:conf_get("log.overload_kill_qlen", Conf),
+                    overload_kill_mem_size => cuttlefish:conf_get("log.overload_kill_mem_size", Conf),
+                    overload_kill_restart_after => cuttlefish:conf_get("log.overload_kill_restart_after", Conf),
+                    burst_limit_enable => BustLimitOn,
+                    burst_limit_max_count => MaxBurstCount,
+                    burst_limit_window_time => TimeWindow
+                    },
+                  MaxNoBytes = case LogType of
+                    wrap -> cuttlefish:conf_get("log.rotation.size", Conf);
+                    halt -> cuttlefish:conf_get("log.size", Conf)
+                  end,
+                  BasicConf#{max_no_bytes => MaxNoBytes}
+                end,
+
+    Filters = case cuttlefish:conf_get("log.supervisor_reports", Conf) of
+                  error -> [{drop_progress_reports, {fun logger_filters:progress/2, stop}}];
+                  progress -> []
+              end,
+
+    %% For the default logger that outputs to console
+    DefaultHandler =
+        if LogTo =:= console orelse LogTo =:= both ->
+                [{handler, console, logger_std_h,
+                    #{level => LogLevel,
+                      config => #{type => standard_io},
+                      formatter => Formatter,
+                      filters => Filters
+                     }
+                 }];
+           true ->
+                [{handler, default, undefined}]
+        end,
+
+    %% For the file logger
+    FileHandler =
+        if LogTo =:= file orelse LogTo =:= both ->
+              [{handler, file, logger_disk_log_h,
+                    #{level => LogLevel,
+                      config => FileConf(cuttlefish:conf_get("log.file", Conf)),
+                      formatter => Formatter,
+                      filesync_repeat_interval => no_repeat,
+                      filters => Filters
+                     }}];
+           true -> []
+        end,
+
+    %% For creating additional log files for specific log levels.
+    AdditionalLogFiles =
+        lists:foldl(
+          fun({[_, Level, _] = K, Filename}, Acc) when LogTo =:= file; LogTo =:= both ->
+                case cuttlefish_variable:is_fuzzy_match(K, ["log", "$level", "file"]) of
+                  true -> [{Level, Filename} | Acc];
+                  false -> Acc
+                end;
+             ({_K, _V}, Acc) ->
+               Acc
+          end, [], Conf),
+    AdditionalHandlers =
+        [{handler, list_to_atom("file_for_"++Level), logger_disk_log_h,
+            #{level => list_to_atom(Level),
+              config => FileConf(Filename),
+              formatter => Formatter,
+              filesync_repeat_interval => no_repeat}}
+          || {Level, Filename} <- AdditionalLogFiles],
+
+    DefaultHandler ++ FileHandler ++ AdditionalHandlers
+end}.
+
+%%--------------------------------------------------------------------
+%% Authentication/ACL
+%%--------------------------------------------------------------------
+
+%% @doc Allow anonymous authentication.
+{mapping, "allow_anonymous", "emqx.allow_anonymous", [
+  {default, false},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc ACL nomatch.
+{mapping, "acl_nomatch", "emqx.acl_nomatch", [
+  {default, deny},
+  {datatype, {enum, [allow, deny]}}
+]}.
+
+%% @doc Default ACL file.
+{mapping, "acl_file", "emqx.acl_file", [
+  {datatype, string},
+  hidden
+]}.
+
+%% @doc Enable ACL cache for publish.
+{mapping, "enable_acl_cache", "emqx.enable_acl_cache", [
+  {default, on},
+  {datatype, flag}
+]}.
+
+%% @doc ACL cache time-to-live.
+{mapping, "acl_cache_ttl", "emqx.acl_cache_ttl", [
+  {default, "1m"},
+  {datatype, {duration, ms}}
+]}.
+
+%% @doc ACL cache size.
+{mapping, "acl_cache_max_size", "emqx.acl_cache_max_size", [
+  {default, 32},
+  {datatype, integer},
+  {validators, ["range:gt_0"]}
+]}.
+
+%% @doc Action when acl check reject current operation
+{mapping, "acl_deny_action", "emqx.acl_deny_action", [
+  {default, ignore},
+  {datatype, {enum, [ignore, disconnect]}}
+]}.
+
+%% @doc Flapping detect policy
+{mapping, "flapping_detect_policy", "emqx.flapping_detect_policy", [
+  {datatype, string},
+  {default, "30,1m,5m"}
+]}.
+
+{translation, "emqx.flapping_detect_policy", fun(Conf) ->
+    Policy = cuttlefish:conf_get("flapping_detect_policy", Conf),
+    [Threshold, Duration, Interval] = string:tokens(Policy, ", "),
+    ParseDuration = fun(S, Dur) ->
+                        case cuttlefish_duration:parse(S, Dur) of
+                            I when is_integer(I) -> I;
+                            {error, Reason} -> error(Reason)
+                        end
+                    end,
+    #{threshold => list_to_integer(Threshold),
+      duration  => ParseDuration(Duration, ms),
+      banned_interval => ParseDuration(Interval, s)
+     }
+end}.
+
+{validator, "range:gt_0", "must greater than 0",
+  fun(X) -> X > 0 end
+}.
+
+%%--------------------------------------------------------------------
+%% MQTT Protocol
+%%--------------------------------------------------------------------
+
+%% @doc Max Packet Size Allowed, 1MB by default.
+{mapping, "mqtt.max_packet_size", "emqx.max_packet_size", [
+  {default, "1MB"},
+  {datatype, bytesize},
+  {override_env, "MAX_PACKET_SIZE"}
+]}.
+
+%% @doc Set the Max ClientId Length Allowed.
+{mapping, "mqtt.max_clientid_len", "emqx.max_clientid_len", [
+  {default, 65535},
+  {datatype, integer}
+]}.
+
+%% @doc Set the Maximum topic levels.
+{mapping, "mqtt.max_topic_levels", "emqx.max_topic_levels", [
+  {default, 0},
+  {datatype, integer}
+]}.
+
+%% @doc Set the Maximum QoS allowed.
+{mapping, "mqtt.max_qos_allowed", "emqx.max_qos_allowed", [
+  {default, 2},
+  {datatype, integer},
+  {validators, ["range:0-2"]}
+]}.
+
+%% @doc Set the Maximum Topic Alias.
+{mapping, "mqtt.max_topic_alias", "emqx.max_topic_alias", [
+  {default, 65535},
+  {datatype, integer}
+]}.
+
+%% @doc Whether the server supports MQTT retained messages.
+{mapping, "mqtt.retain_available", "emqx.retain_available", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Whether the Server supports MQTT Wildcard Subscriptions.
+{mapping, "mqtt.wildcard_subscription", "emqx.wildcard_subscription", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Whether the Server supports MQTT Shared Subscriptions.
+{mapping, "mqtt.shared_subscription", "emqx.shared_subscription", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
+{mapping, "mqtt.ignore_loop_deliver", "emqx.ignore_loop_deliver", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Whether to parse the MQTT frame in strict mode
+{mapping, "mqtt.strict_mode", "emqx.strict_mode", [
+  {default, false},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Specify the response information returned to the client
+{mapping, "mqtt.response_information", "emqx.response_information", [
+  {datatype, string}
+]}.
+
+%%--------------------------------------------------------------------
+%% Zones
+%%--------------------------------------------------------------------
+
+%% @doc Idle timeout of the MQTT connection.
+{mapping, "zone.$name.idle_timeout", "emqx.zones", [
+  {default, "15s"},
+  {datatype, {duration, ms}}
+]}.
+
+{mapping, "zone.$name.allow_anonymous", "emqx.zones", [
+  {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "zone.$name.acl_nomatch", "emqx.zones", [
+  {datatype, {enum, [allow, deny]}}
+]}.
+
+%% @doc Enable ACL check.
+{mapping, "zone.$name.enable_acl", "emqx.zones", [
+  {default, off},
+  {datatype, flag}
+]}.
+
+%% @doc Action when acl check reject current operation
+{mapping, "zone.$name.acl_deny_action", "emqx.zones", [
+  {default, ignore},
+  {datatype, {enum, [ignore, disconnect]}}
+]}.
+
+%% @doc Enable Ban.
+{mapping, "zone.$name.enable_ban", "emqx.zones", [
+  {default, off},
+  {datatype, flag}
+]}.
+
+%% @doc Enable per connection statistics.
+{mapping, "zone.$name.enable_stats", "emqx.zones", [
+  {default, off},
+  {datatype, flag}
+]}.
+
+%% @doc Publish limit of the MQTT connections.
+{mapping, "zone.$name.publish_limit", "emqx.zones", [
+  {datatype, string}
+]}.
+
+%% @doc Max Packet Size Allowed, 64K by default.
+{mapping, "zone.$name.max_packet_size", "emqx.zones", [
+  {datatype, bytesize}
+]}.
+
+%% @doc Set the Max ClientId Length Allowed.
+{mapping, "zone.$name.max_clientid_len", "emqx.zones", [
+  {datatype, integer}
+]}.
+
+%% @doc Set the Maximum topic levels.
+{mapping, "zone.$name.max_topic_levels", "emqx.zones", [
+  {datatype, integer}
+]}.
+
+%% @doc Set the Maximum QoS allowed.
+{mapping, "zone.$name.max_qos_allowed", "emqx.zones", [
+  {datatype, integer},
+  {validators, ["range:0-2"]}
+]}.
+
+%% @doc Set the Maximum topic alias.
+{mapping, "zone.$name.max_topic_alias", "emqx.zones", [
+  {datatype, integer}
+]}.
+
+%% @doc Whether the server supports retained messages.
+{mapping, "zone.$name.retain_available", "emqx.zones", [
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Whether the Server supports Wildcard Subscriptions.
+{mapping, "zone.$name.wildcard_subscription", "emqx.zones", [
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Whether the Server supports Shared Subscriptions.
+{mapping, "zone.$name.shared_subscription", "emqx.zones", [
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Server Keepalive
+{mapping, "zone.$name.server_keepalive", "emqx.zones", [
+  {datatype, integer}
+]}.
+
+%% @doc Keepalive backoff
+{mapping, "zone.$name.keepalive_backoff", "emqx.zones", [
+  {default, 0.75},
+  {datatype, float}
+]}.
+
+%% @doc Max Number of Subscriptions Allowed.
+{mapping, "zone.$name.max_subscriptions", "emqx.zones", [
+  {default, 0},
+  {datatype, integer}
+]}.
+
+%% @doc Upgrade QoS according to subscription?
+{mapping, "zone.$name.upgrade_qos", "emqx.zones", [
+  {default, off},
+  {datatype, flag}
+]}.
+
+%% @doc Max number of QoS 1 and 2 messages that can be “inflight” at one time.
+%% 0 is equivalent to maximum allowed
+{mapping, "zone.$name.max_inflight", "emqx.zones", [
+  {default, 0},
+  {datatype, integer},
+  {validators, ["range:1-65535"]}
+]}.
+
+%% @doc Retry interval for redelivering QoS1/2 messages.
+{mapping, "zone.$name.retry_interval", "emqx.zones", [
+  {default, "30s"},
+  {datatype, {duration, s}}
+]}.
+
+%% @doc Max Packets that Awaiting PUBREL, 0 means no limit
+{mapping, "zone.$name.max_awaiting_rel", "emqx.zones", [
+  {default, 0},
+  {datatype, integer}
+]}.
+
+%% @doc Awaiting PUBREL timeout
+{mapping, "zone.$name.await_rel_timeout", "emqx.zones", [
+  {default, "300s"},
+  {datatype, {duration, s}}
+]}.
+
+%% @doc Ignore loop delivery of messages
+{mapping, "zone.$name.ignore_loop_deliver", "emqx.zones", [
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Session Expiry Interval
+{mapping, "zone.$name.session_expiry_interval", "emqx.zones", [
+  {default, "2h"},
+  {datatype, {duration, s}}
+]}.
+
+%% @doc Max queue length. Enqueued messages when persistent client
+%% disconnected, or inflight window is full. 0 means no limit.
+{mapping, "zone.$name.max_mqueue_len", "emqx.zones", [
+  {default, 1000},
+  {datatype, integer}
+]}.
+
+%% @doc Topic Priorities, comma separated topic=priority pairs,
+%% where priority should be integer in range 1-255 (inclusive)
+%% 1 being the lowest and 255 being the highest.
+%% default value `none` to indicate no priority table, hence all
+%% messages are treated equal, which means either highest ('infinity'),
+%% or lowest (0) depending on mqueue_default_priority config.
+{mapping, "zone.$name.mqueue_priorities", "emqx.zones", [
+  {default, "none"},
+  {datatype, string}
+]}.
+
+%% @doc Default priority for topics not in priority table.
+{mapping, "zone.$name.mqueue_default_priority", "emqx.zones", [
+  {default, lowest},
+  {datatype, {enum, [highest, lowest]}}
+]}.
+
+%% @doc Queue Qos0 messages?
+{mapping, "zone.$name.mqueue_store_qos0", "emqx.zones", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "zone.$name.enable_flapping_detect", "emqx.zones", [
+  {datatype, flag},
+  {default, off}
+]}.
+
+{mapping, "zone.$name.rate_limit.conn_messages_in", "emqx.zones", [
+  {datatype, string}
+]}.
+
+{mapping, "zone.$name.rate_limit.conn_bytes_in", "emqx.zones", [
+  {datatype, string}
+]}.
+
+{mapping, "zone.$name.conn_congestion.alarm", "emqx.zones", [
+  {datatype, flag},
+  {default, off}
+]}.
+
+{mapping, "zone.$name.conn_congestion.min_alarm_sustain_duration", "emqx.zones", [
+  {default, "1m"},
+  {datatype, {duration, ms}}
+]}.
+
+{mapping, "zone.$name.quota.conn_messages_routing", "emqx.zones", [
+  {datatype, string}
+]}.
+
+{mapping, "zone.$name.quota.overall_messages_routing", "emqx.zones", [
+  {datatype, string}
+]}.
+
+%% @doc Force connection/session process GC after this number of
+%% messages | bytes passed through.
+%% Numbers delimited by `|'. Zero or negative is to disable.
+{mapping, "zone.$name.force_gc_policy", "emqx.zones", [
+   {datatype, string}
+ ]}.
+
+%% @doc Max message queue length and total heap size to force shutdown
+%% connection/session process.
+%% Message queue here is the Erlang process mailbox, but not the number
+%% of queued MQTT messages of QoS 1 and 2.
+%% Zero or negative is to disable.
+{mapping, "zone.$name.force_shutdown_policy", "emqx.zones", [
+  {default, "default"},
+  {datatype, string}
+]}.
+
+{mapping, "zone.$name.mountpoint", "emqx.zones", [
+  {datatype, string}
+]}.
+
+%% @doc Use username replace client id
+{mapping, "zone.$name.use_username_as_clientid", "emqx.zones", [
+  {default, false},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Whether to parse the MQTT frame in strict mode
+{mapping, "zone.$name.strict_mode", "emqx.zones", [
+  {default, false},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Specify the response information returned to the client
+{mapping, "zone.$name.response_information", "emqx.zones", [
+  {datatype, string}
+]}.
+
+%% @doc Whether to bypass the authentication step
+{mapping, "zone.$name.bypass_auth_plugins", "emqx.zones", [
+  {default, false},
+  {datatype, {enum, [true, false]}}
+]}.
+
+{translation, "emqx.zones", fun(Conf) ->
+  Ratelimit = fun(Val) ->
+                [L, D] = string:tokens(Val, ", "),
+                Limit = case cuttlefish_bytesize:parse(L) of
+                            Sz when is_integer(Sz) -> Sz;
+                            {error, Reason1} -> error(Reason1)
+                        end,
+                Duration = case cuttlefish_duration:parse(D, s) of
+                               Secs when is_integer(Secs) -> Secs;
+                               {error, Reason} -> error(Reason)
+                           end,
+                {Limit, Duration}
+              end,
+  Mapping = fun(["publish_limit"], Val) ->
+                    %% XXX: Deprecated at v4.2
+                    {publish_limit, Ratelimit(Val)};
+               (["force_gc_policy"], Val) ->
+                    [Count, Bytes] = string:tokens(Val, "| "),
+                    GcPolicy = case cuttlefish_bytesize:parse(Bytes) of
+                                   {error, Reason} ->
+                                       error(Reason);
+                                   Bytes1 ->
+                                       #{bytes => Bytes1,
+                                         count => list_to_integer(Count)}
+                               end,
+                    {force_gc_policy, GcPolicy};
+               (["force_shutdown_policy"], "default") ->
+                    {DefaultLen, DefaultSize} =
+                        case WordSize = erlang:system_info(wordsize) of
+                            8 -> % arch_64
+                                {10000, cuttlefish_bytesize:parse("64MB")};
+                            4 -> % arch_32
+                                {1000, cuttlefish_bytesize:parse("32MB")}
+                        end,
+                    {force_shutdown_policy, #{message_queue_len => DefaultLen,
+                                              max_heap_size => DefaultSize div WordSize
+                                             }};
+               (["force_shutdown_policy"], Val) ->
+                    [Len, Siz] = string:tokens(Val, "| "),
+                    MaxSiz = case WordSize = erlang:system_info(wordsize) of
+                                8 -> % arch_64
+                                  (1 bsl 59) - 1;
+                                4 -> % arch_32
+                                  (1 bsl 27) - 1
+                             end,
+                    ShutdownPolicy =
+                      case cuttlefish_bytesize:parse(Siz) of
+                          {error, Reason} ->
+                              error(Reason);
+                          Siz1 when Siz1 > MaxSiz ->
+                              cuttlefish:invalid(io_lib:format("force_shutdown_policy: heap-size ~s is too large", [Siz]));
+                          Siz1 ->
+                              #{message_queue_len => list_to_integer(Len),
+                                max_heap_size => Siz1 div WordSize}
+                      end,
+                    {force_shutdown_policy, ShutdownPolicy};
+               (["mqueue_priorities"], Val) ->
+                    case Val of
+                        "none" -> {mqueue_priorities, none}; % NO_PRIORITY_TABLE
+                        _ ->
+                            MqueuePriorities = lists:foldl(fun(T, Acc) ->
+                                                %% NOTE: space in "= " is intended
+                                                [Topic, Prio] = string:tokens(T, "= "),
+                                                P = list_to_integer(Prio),
+                                                (P < 0 orelse P > 255) andalso error({bad_priority, Topic, Prio}),
+                                                maps:put(iolist_to_binary(Topic), P, Acc)
+                                        end, #{}, string:tokens(Val, ",")),
+                            {mqueue_priorities, MqueuePriorities}
+                    end;
+               (["mountpoint"], Val) ->
+                   {mountpoint, iolist_to_binary(Val)};
+               (["response_information"], Val) ->
+                   {response_information, iolist_to_binary(Val)};
+               (["rate_limit", "conn_messages_in"], Val) ->
+                   {ratelimit, {conn_messages_in, Ratelimit(Val)}};
+               (["rate_limit", "conn_bytes_in"], Val) ->
+                   {ratelimit, {conn_bytes_in, Ratelimit(Val)}};
+               (["conn_congestion", "alarm"], Val) ->
+                   {conn_congestion_alarm_enabled, Val};
+               (["conn_congestion", "min_alarm_sustain_duration"], Val) ->
+                   {conn_congestion_min_alarm_sustain_duration, Val};
+               (["quota", "conn_messages_routing"], Val) ->
+                   {quota, {conn_messages_routing, Ratelimit(Val)}};
+               (["quota", "overall_messages_routing"], Val) ->
+                   {quota, {overall_messages_routing, Ratelimit(Val)}};
+               ([Opt], Val) ->
+                    {list_to_atom(Opt), Val}
+            end,
+  maps:to_list(
+    lists:foldl(
+      fun({["zone", Name | Opt], Val}, Zones) ->
+              NVal = Mapping(Opt, Val),
+              maps:update_with(list_to_atom(Name),
+                               fun(Opts) ->
+                                   case NVal of
+                                       {Key, Rl} when Key == ratelimit;
+                                                      Key == quota ->
+                                           Rls = proplists:get_value(Key, Opts, []),
+                                           lists:keystore(Key, 1, Opts, {Key, [Rl|Rls]});
+                                       _ ->
+                                           [NVal|Opts]
+                                   end
+                               end, [NVal], Zones)
+      end, #{}, lists:usort(cuttlefish_variable:filter_by_prefix("zone.", Conf))))
+end}.
+
+%%--------------------------------------------------------------------
+%% Listeners
+%%--------------------------------------------------------------------
+
+%%--------------------------------------------------------------------
+%% TCP Listeners
+
+{mapping, "listener.tcp.$name", "emqx.listeners", [
+  {datatype, [integer, ip]}
+]}.
+
+{mapping, "listener.tcp.$name.acceptors", "emqx.listeners", [
+  {default, 8},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.tcp.$name.max_connections", "emqx.listeners", [
+  {default, 1024},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.tcp.$name.max_conn_rate", "emqx.listeners", [
+  {datatype, integer}
+]}.
+
+{mapping, "listener.tcp.$name.active_n", "emqx.listeners", [
+  {default, 100},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.tcp.$name.zone", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.tcp.$name.rate_limit", "emqx.listeners", [
+  {default, undefined},
+  {datatype, string}
+]}.
+
+{mapping, "listener.tcp.$name.access.$id", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.tcp.$name.proxy_protocol", "emqx.listeners", [
+  {datatype, flag}
+]}.
+
+{mapping, "listener.tcp.$name.proxy_protocol_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}}
+]}.
+
+%% The proxy-protocol protocol can get the certificate CN through tcp
+{mapping, "listener.tcp.$name.peer_cert_as_username", "emqx.listeners", [
+  {datatype, {enum, [cn]}}
+]}.
+
+%% The proxy-protocol protocol can get the certificate CN through tcp
+{mapping, "listener.tcp.$name.peer_cert_as_clientid", "emqx.listeners", [
+  {datatype, {enum, [cn]}}
+]}.
+
+{mapping, "listener.tcp.$name.backlog", "emqx.listeners", [
+  {datatype, integer},
+  {default, 1024}
+]}.
+
+{mapping, "listener.tcp.$name.send_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}},
+  {default, "15s"}
+]}.
+
+{mapping, "listener.tcp.$name.send_timeout_close", "emqx.listeners", [
+  {datatype, flag},
+  {default, on}
+]}.
+
+{mapping, "listener.tcp.$name.recbuf", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.tcp.$name.sndbuf", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.tcp.$name.buffer", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.tcp.$name.high_watermark", "emqx.listeners", [
+   {datatype, bytesize},
+   {default, "1MB"}
+ ]}.
+
+{mapping, "listener.tcp.$name.tune_buffer", "emqx.listeners", [
+  {datatype, flag},
+  hidden
+]}.
+
+{mapping, "listener.tcp.$name.nodelay", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  hidden
+]}.
+
+{mapping, "listener.tcp.$name.reuseaddr", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  hidden
+]}.
+
+%%--------------------------------------------------------------------
+%% SSL Listeners
+
+{mapping, "listener.ssl.$name", "emqx.listeners", [
+  {datatype, [integer, ip]}
+]}.
+
+{mapping, "listener.ssl.$name.acceptors", "emqx.listeners", [
+  {default, 8},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ssl.$name.max_connections", "emqx.listeners", [
+  {default, 1024},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ssl.$name.max_conn_rate", "emqx.listeners", [
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ssl.$name.active_n", "emqx.listeners", [
+  {default, 100},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ssl.$name.zone", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.rate_limit", "emqx.listeners", [
+  {default, undefined},
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.access.$id", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.proxy_protocol", "emqx.listeners", [
+  {datatype, flag}
+]}.
+
+{mapping, "listener.ssl.$name.proxy_protocol_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}}
+]}.
+
+{mapping, "listener.ssl.$name.backlog", "emqx.listeners", [
+  {default, 1024},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ssl.$name.send_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}},
+  {default, "15s"}
+]}.
+
+{mapping, "listener.ssl.$name.send_timeout_close", "emqx.listeners", [
+  {datatype, flag},
+  {default, on}
+]}.
+
+{mapping, "listener.ssl.$name.recbuf", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.ssl.$name.sndbuf", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.ssl.$name.buffer", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.ssl.$name.high_watermark", "emqx.listeners", [
+   {datatype, bytesize},
+   {default, "1MB"}
+ ]}.
+
+{mapping, "listener.ssl.$name.tune_buffer", "emqx.listeners", [
+  {datatype, flag},
+  hidden
+]}.
+
+{mapping, "listener.ssl.$name.nodelay", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  hidden
+]}.
+
+{mapping, "listener.ssl.$name.reuseaddr", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  hidden
+]}.
+
+{mapping, "listener.ssl.$name.tls_versions", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.ciphers", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.psk_ciphers", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.handshake_timeout", "emqx.listeners", [
+  {default, "15s"},
+  {datatype, {duration, ms}}
+]}.
+
+{mapping, "listener.ssl.$name.depth", "emqx.listeners", [
+  {default, 10},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ssl.$name.key_password", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.dhfile", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.keyfile", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.certfile", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.cacertfile", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ssl.$name.verify", "emqx.listeners", [
+  {datatype, atom}
+]}.
+
+{mapping, "listener.ssl.$name.fail_if_no_peer_cert", "emqx.listeners", [
+  {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "listener.ssl.$name.secure_renegotiate", "emqx.listeners", [
+  {datatype, flag}
+]}.
+
+{mapping, "listener.ssl.$name.reuse_sessions", "emqx.listeners", [
+  {default, on},
+  {datatype, flag}
+]}.
+
+{mapping, "listener.ssl.$name.honor_cipher_order", "emqx.listeners", [
+  {datatype, flag}
+]}.
+
+{mapping, "listener.ssl.$name.peer_cert_as_username", "emqx.listeners", [
+  {datatype, {enum, [cn, dn, crt, pem, md5]}}
+]}.
+
+{mapping, "listener.ssl.$name.peer_cert_as_clientid", "emqx.listeners", [
+  {datatype, {enum, [cn, dn, crt, pem, md5]}}
+]}.
+
+%%--------------------------------------------------------------------
+%% MQTT/WebSocket Listeners
+
+{mapping, "listener.ws.$name", "emqx.listeners", [
+  {datatype, [integer, ip]}
+]}.
+
+{mapping, "listener.ws.$name.mqtt_path", "emqx.listeners", [
+  {default, "/mqtt"},
+  {datatype, string}
+]}.
+
+{mapping, "listener.ws.$name.acceptors", "emqx.listeners", [
+  {default, 8},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ws.$name.max_connections", "emqx.listeners", [
+  {default, 1024},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ws.$name.max_conn_rate", "emqx.listeners", [
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ws.$name.active_n", "emqx.listeners", [
+  {default, 100},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ws.$name.zone", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ws.$name.rate_limit", "emqx.listeners", [
+  {default, undefined},
+  {datatype, string}
+]}.
+
+{mapping, "listener.ws.$name.access.$id", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.ws.$name.fail_if_no_subprotocol", "emqx.listeners", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "listener.ws.$name.supported_subprotocols", "emqx.listeners", [
+  {default, "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"},
+  {datatype, string}
+]}.
+
+{mapping, "listener.ws.$name.proxy_address_header", "emqx.listeners", [
+  {default, "X-Forwarded-For"},
+  {datatype, string}
+]}.
+
+{mapping, "listener.ws.$name.proxy_port_header", "emqx.listeners", [
+  {default, "X-Forwarded-Port"},
+  {datatype, string}
+]}.
+
+{mapping, "listener.ws.$name.proxy_protocol", "emqx.listeners", [
+  {datatype, flag}
+]}.
+
+{mapping, "listener.ws.$name.proxy_protocol_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}}
+]}.
+
+{mapping, "listener.ws.$name.backlog", "emqx.listeners", [
+  {default, 1024},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.ws.$name.send_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}},
+  {default, "15s"}
+]}.
+
+{mapping, "listener.ws.$name.send_timeout_close", "emqx.listeners", [
+  {datatype, flag},
+  {default, on}
+]}.
+
+{mapping, "listener.ws.$name.recbuf", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.sndbuf", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.buffer", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.tune_buffer", "emqx.listeners", [
+  {datatype, flag},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.nodelay", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.compress", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.deflate_opts.level", "emqx.listeners", [
+  {datatype, {enum, [none, default, best_compression, best_speed]}},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.deflate_opts.mem_level", "emqx.listeners", [
+  {datatype, integer},
+  {validators, ["range:1-9"]},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.deflate_opts.strategy", "emqx.listeners", [
+  {datatype, {enum, [default, filtered, huffman_only, rle]}},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.deflate_opts.server_context_takeover", "emqx.listeners", [
+  {datatype, {enum, [takeover, no_takeover]}},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.deflate_opts.client_context_takeover", "emqx.listeners", [
+  {datatype, {enum, [takeover, no_takeover]}},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.deflate_opts.server_max_window_bits", "emqx.listeners", [
+  {datatype, integer},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.deflate_opts.client_max_window_bits", "emqx.listeners", [
+  {datatype, integer},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.idle_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.max_frame_size", "emqx.listeners", [
+  {datatype, integer},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.mqtt_piggyback", "emqx.listeners", [
+  {datatype, {enum, [single, multiple]}},
+  {default, multiple},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.peer_cert_as_username", "emqx.listeners", [
+  {datatype, {enum, [cn]}}
+]}.
+
+{mapping, "listener.ws.$name.peer_cert_as_clientid", "emqx.listeners", [
+  {datatype, {enum, [cn]}}
+]}.
+
+{mapping, "listener.ws.$name.check_origin_enable", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  {default, false},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.allow_origin_absence", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  {default, true},
+  hidden
+]}.
+
+{mapping, "listener.ws.$name.check_origins", "emqx.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
+%%--------------------------------------------------------------------
+%% MQTT/WebSocket/SSL Listeners
+
+{mapping, "listener.wss.$name", "emqx.listeners", [
+  {datatype, [integer, ip]}
+]}.
+
+{mapping, "listener.wss.$name.mqtt_path", "emqx.listeners", [
+  {default, "/mqtt"},
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.acceptors", "emqx.listeners", [
+  {default, 8},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.wss.$name.max_connections", "emqx.listeners", [
+  {default, 1024},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.wss.$name.max_conn_rate", "emqx.listeners", [
+  {datatype, integer}
+]}.
+
+{mapping, "listener.wss.$name.active_n", "emqx.listeners", [
+  {default, 100},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.wss.$name.zone", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.rate_limit", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.fail_if_no_subprotocol", "emqx.listeners", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "listener.wss.$name.supported_subprotocols", "emqx.listeners", [
+  {default, "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"},
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.access.$id", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.proxy_address_header", "emqx.listeners", [
+  {default, "X-Forwarded-For"},
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.proxy_port_header", "emqx.listeners", [
+  {default, "X-Forwarded-Port"},
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.proxy_protocol", "emqx.listeners", [
+  {datatype, flag}
+]}.
+
+{mapping, "listener.wss.$name.proxy_protocol_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}}
+]}.
+
+%%{mapping, "listener.wss.$name.handshake_timeout", "emqx.listeners", [
+%%  {default, "15s"},
+%%  {datatype, {duration, ms}}
+%%]}.
+
+{mapping, "listener.wss.$name.backlog", "emqx.listeners", [
+  {default, 1024},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.wss.$name.send_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}},
+  {default, "15s"}
+]}.
+
+{mapping, "listener.wss.$name.send_timeout_close", "emqx.listeners", [
+  {datatype, flag},
+  {default, on}
+]}.
+
+{mapping, "listener.wss.$name.recbuf", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.sndbuf", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.buffer", "emqx.listeners", [
+  {datatype, bytesize},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.tune_buffer", "emqx.listeners", [
+  {datatype, flag},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.nodelay", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.tls_versions", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.ciphers", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.psk_ciphers", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.keyfile", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.certfile", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.cacertfile", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.dhfile", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.depth", "emqx.listeners", [
+  {default, 10},
+  {datatype, integer}
+]}.
+
+{mapping, "listener.wss.$name.key_password", "emqx.listeners", [
+  {datatype, string}
+]}.
+
+{mapping, "listener.wss.$name.verify", "emqx.listeners", [
+  {datatype, atom}
+]}.
+
+{mapping, "listener.wss.$name.fail_if_no_peer_cert", "emqx.listeners", [
+  {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "listener.wss.$name.secure_renegotiate", "emqx.listeners", [
+  {datatype, flag}
+]}.
+
+{mapping, "listener.wss.$name.reuse_sessions", "emqx.listeners", [
+  {default, on},
+  {datatype, flag}
+]}.
+
+{mapping, "listener.wss.$name.honor_cipher_order", "emqx.listeners", [
+  {datatype, flag}
+]}.
+
+{mapping, "listener.wss.$name.peer_cert_as_username", "emqx.listeners", [
+  {datatype, {enum, [cn, dn, crt, pem, md5]}}
+]}.
+
+{mapping, "listener.wss.$name.peer_cert_as_clientid", "emqx.listeners", [
+  {datatype, {enum, [cn, dn, crt, pem, md5]}}
+]}.
+
+{mapping, "listener.wss.$name.compress", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.deflate_opts.level", "emqx.listeners", [
+  {datatype, {enum, [none, default, best_compression, best_speed]}},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.deflate_opts.mem_level", "emqx.listeners", [
+  {datatype, integer},
+  {validators, ["range:1-9"]},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.deflate_opts.strategy", "emqx.listeners", [
+  {datatype, {enum, [default, filtered, huffman_only, rle]}},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.deflate_opts.server_context_takeover", "emqx.listeners", [
+  {datatype, {enum, [takeover, no_takeover]}},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.deflate_opts.client_context_takeover", "emqx.listeners", [
+  {datatype, {enum, [takeover, no_takeover]}},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.deflate_opts.server_max_window_bits", "emqx.listeners", [
+  {datatype, integer},
+  {validators, ["range:8-15"]},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.deflate_opts.client_max_window_bits", "emqx.listeners", [
+  {datatype, integer},
+  {validators, ["range:8-15"]},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.idle_timeout", "emqx.listeners", [
+  {datatype, {duration, ms}},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.max_frame_size", "emqx.listeners", [
+  {datatype, integer},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.mqtt_piggyback", "emqx.listeners", [
+  {datatype, {enum, [single, multiple]}},
+  {default, multiple},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.check_origin_enable", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  {default, false},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.allow_origin_absence", "emqx.listeners", [
+  {datatype, {enum, [true, false]}},
+  {default, true},
+  hidden
+]}.
+
+{mapping, "listener.wss.$name.check_origins", "emqx.listeners", [
+  {datatype, string},
+  hidden
+]}.
+
+{translation, "emqx.listeners", fun(Conf) ->
+
+    Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
+
+    Atom = fun(undefined) -> undefined; (S) -> list_to_atom(S) end,
+
+    Access = fun(S) ->
+                 [A, CIDR] = string:tokens(S, " "),
+                 {list_to_atom(A), case CIDR of "all" -> all; _ -> CIDR end}
+             end,
+
+    AccOpts = fun(Prefix) ->
+                  case cuttlefish_variable:filter_by_prefix(Prefix ++ ".access", Conf) of
+                      [] -> [];
+                      Rules -> [{access_rules, [Access(Rule) || {_, Rule} <- Rules]}]
+                  end
+              end,
+
+    RateLimit = fun(undefined) ->
+                        undefined;
+                   (Val) ->
+                        [L, D] = string:tokens(Val, ", "),
+                        Limit = case cuttlefish_bytesize:parse(L) of
+                                    Sz when is_integer(Sz) -> Sz;
+                                    {error, Reason} -> error(Reason)
+                                end,
+                        Duration = case cuttlefish_duration:parse(D, s) of
+                                       Secs when is_integer(Secs) -> Secs;
+                                       {error, Reason1} -> error(Reason1)
+                                   end,
+                        {Limit, Duration}
+                end,
+
+        CheckOrigin = fun(S) ->
+                        Origins = string:tokens(S, ","),
+                        [ list_to_binary(string:trim(O)) || O <- Origins]
+                      end,
+
+        WsOpts = fun(Prefix) ->
+                          case cuttlefish_variable:filter_by_prefix(Prefix ++ ".check_origins", Conf) of
+                              [] -> undefined;
+                              Rules ->
+                                    OriginList = [CheckOrigin(Rule) || {_, Rule} <- Rules],
+                                    lists:flatten(OriginList)
+                          end
+                      end,
+
+    LisOpts = fun(Prefix) ->
+                  Filter([{acceptors, cuttlefish:conf_get(Prefix ++ ".acceptors", Conf)},
+                          {mqtt_path, cuttlefish:conf_get(Prefix ++ ".mqtt_path", Conf, undefined)},
+                          {max_connections, cuttlefish:conf_get(Prefix ++ ".max_connections", Conf)},
+                          {max_conn_rate, cuttlefish:conf_get(Prefix ++ ".max_conn_rate", Conf, undefined)},
+                          {active_n, cuttlefish:conf_get(Prefix ++ ".active_n", Conf, undefined)},
+                          {tune_buffer, cuttlefish:conf_get(Prefix ++ ".tune_buffer", Conf, undefined)},
+                          {zone, Atom(cuttlefish:conf_get(Prefix ++ ".zone", Conf, undefined))},
+                          {rate_limit, RateLimit(cuttlefish:conf_get(Prefix ++ ".rate_limit", Conf, undefined))},
+                          {proxy_protocol, cuttlefish:conf_get(Prefix ++ ".proxy_protocol", Conf, undefined)},
+                          {proxy_address_header, list_to_binary(string:lowercase(cuttlefish:conf_get(Prefix ++ ".proxy_address_header", Conf, "")))},
+                          {proxy_port_header, list_to_binary(string:lowercase(cuttlefish:conf_get(Prefix ++ ".proxy_port_header", Conf, "")))},
+                          {proxy_protocol_timeout, cuttlefish:conf_get(Prefix ++ ".proxy_protocol_timeout", Conf, undefined)},
+                          {fail_if_no_subprotocol, cuttlefish:conf_get(Prefix ++ ".fail_if_no_subprotocol", Conf, undefined)},
+                          {supported_subprotocols, string:tokens(cuttlefish:conf_get(Prefix ++ ".supported_subprotocols", Conf, ""), ", ")},
+                          {peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)},
+                          {peer_cert_as_clientid, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_clientid", Conf, undefined)},
+                          {compress, cuttlefish:conf_get(Prefix ++ ".compress", Conf, undefined)},
+                          {idle_timeout, cuttlefish:conf_get(Prefix ++ ".idle_timeout", Conf, undefined)},
+                          {max_frame_size, cuttlefish:conf_get(Prefix ++ ".max_frame_size", Conf, undefined)},
+                          {mqtt_piggyback, cuttlefish:conf_get(Prefix ++ ".mqtt_piggyback", Conf, undefined)},
+                          {check_origin_enable, cuttlefish:conf_get(Prefix ++ ".check_origin_enable", Conf, undefined)},
+                          {allow_origin_absence, cuttlefish:conf_get(Prefix ++ ".allow_origin_absence", Conf, undefined)},
+                          {check_origins, WsOpts(Prefix)} | AccOpts(Prefix)])
+              end,
+    DeflateOpts = fun(Prefix) ->
+                      Filter([{level, cuttlefish:conf_get(Prefix ++ ".deflate_opts.level", Conf, undefined)},
+                              {mem_level, cuttlefish:conf_get(Prefix ++ ".deflate_opts.mem_level", Conf, undefined)},
+                              {strategy, cuttlefish:conf_get(Prefix ++ ".deflate_opts.strategy", Conf, undefined)},
+                              {server_context_takeover, cuttlefish:conf_get(Prefix ++ ".deflate_opts.server_context_takeover", Conf, undefined)},
+                              {client_context_takeover, cuttlefish:conf_get(Prefix ++ ".deflate_opts.client_context_takeover", Conf, undefined)},
+                              {server_max_windows_bits, cuttlefish:conf_get(Prefix ++ ".deflate_opts.server_max_window_bits", Conf, undefined)},
+                              {client_max_windows_bits, cuttlefish:conf_get(Prefix ++ ".deflate_opts.client_max_window_bits", Conf, undefined)}])
+                  end,
+    TcpOpts = fun(Prefix) ->
+                  Filter([{backlog, cuttlefish:conf_get(Prefix ++ ".backlog", Conf, undefined)},
+                          {send_timeout, cuttlefish:conf_get(Prefix ++ ".send_timeout", Conf, undefined)},
+                          {send_timeout_close, cuttlefish:conf_get(Prefix ++ ".send_timeout_close", Conf, undefined)},
+                          {recbuf,  cuttlefish:conf_get(Prefix ++ ".recbuf", Conf, undefined)},
+                          {sndbuf,  cuttlefish:conf_get(Prefix ++ ".sndbuf", Conf, undefined)},
+                          {buffer,  cuttlefish:conf_get(Prefix ++ ".buffer", Conf, undefined)},
+                          {high_watermark,  cuttlefish:conf_get(Prefix ++ ".high_watermark", Conf, undefined)},
+                          {nodelay, cuttlefish:conf_get(Prefix ++ ".nodelay", Conf, true)},
+                          {reuseaddr, cuttlefish:conf_get(Prefix ++ ".reuseaddr", Conf, undefined)}])
+              end,
+    SplitFun = fun(undefined) -> undefined; (S) -> string:tokens(S, ",") end,
+    MapPSKCiphers = fun(PSKCiphers) ->
+                      lists:map(
+                          fun("PSK-AES128-CBC-SHA") -> {psk, aes_128_cbc, sha};
+                             ("PSK-AES256-CBC-SHA") -> {psk, aes_256_cbc, sha};
+                             ("PSK-3DES-EDE-CBC-SHA") -> {psk, '3des_ede_cbc', sha};
+                             ("PSK-RC4-SHA") -> {psk, rc4_128, sha}
+                          end, PSKCiphers)
+                    end,
+    SslOpts = fun(Prefix) ->
+                  Versions = case SplitFun(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf, undefined)) of
+                                undefined -> undefined;
+                                L -> [list_to_atom(V) || V <- L]
+                            end,
+                  TLSCiphers = cuttlefish:conf_get(Prefix++".ciphers", Conf, undefined),
+                  PSKCiphers = cuttlefish:conf_get(Prefix++".psk_ciphers", Conf, undefined),
+                  Ciphers =
+                    case {TLSCiphers, PSKCiphers} of
+                      {undefined, undefined} ->
+                        cuttlefish:invalid(Prefix++".ciphers or "++Prefix++".psk_ciphers is absent");
+                      {TLSCiphers, undefined} ->
+                        SplitFun(TLSCiphers);
+                      {undefined, PSKCiphers} ->
+                        MapPSKCiphers(SplitFun(PSKCiphers));
+                      {_TLSCiphers, _PSKCiphers} ->
+                        cuttlefish:invalid(Prefix++".ciphers and "++Prefix++".psk_ciphers cannot be configured at the same time")
+                    end,
+                  UserLookupFun =
+                    case PSKCiphers of
+                      undefined -> undefined;
+                      _ -> {fun emqx_psk:lookup/3, <<>>}
+                    end,
+                  Filter([{versions, Versions},
+                          {ciphers, Ciphers},
+                          {user_lookup_fun, UserLookupFun},
+                          {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)},
+                          {depth, cuttlefish:conf_get(Prefix ++ ".depth", Conf, undefined)},
+                          {password, cuttlefish:conf_get(Prefix ++ ".key_password", Conf, undefined)},
+                          {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)},
+                          {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
+                          {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
+                          {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
+                          {verify,     cuttlefish:conf_get(Prefix ++ ".verify", Conf, undefined)},
+                          {fail_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".fail_if_no_peer_cert", Conf, undefined)},
+                          {secure_renegotiate, cuttlefish:conf_get(Prefix ++ ".secure_renegotiate", Conf, undefined)},
+                          {reuse_sessions, cuttlefish:conf_get(Prefix ++ ".reuse_sessions", Conf, undefined)},
+                          {honor_cipher_order, cuttlefish:conf_get(Prefix ++ ".honor_cipher_order", Conf, undefined)}])
+              end,
+
+    Listen_fix = fun({Ip, Port}) -> case inet:parse_address(Ip) of
+                                      {ok, R} -> {R, Port};
+                                            _ -> {Ip, Port}
+                                    end;
+                     (Other) -> Other
+                 end,
+
+    TcpListeners = fun(Type, Name) ->
+                      Prefix = string:join(["listener", Type, Name], "."),
+                      ListenOnN = case cuttlefish:conf_get(Prefix, Conf, undefined) of
+                          undefined -> [];
+                          ListenOn  -> Listen_fix(ListenOn)
+                      end,
+                      [#{ proto => Atom(Type)
+                        , name => Name
+                        , listen_on => ListenOnN
+                        , opts => [ {deflate_options, DeflateOpts(Prefix)}
+                                  , {tcp_options, TcpOpts(Prefix)}
+                                  | LisOpts(Prefix)
+                                  ]
+                        }
+                      ]
+                   end,
+    SslListeners = fun(Type, Name) ->
+                       Prefix = string:join(["listener", Type, Name], "."),
+                       case cuttlefish:conf_get(Prefix, Conf, undefined) of
+                           undefined ->
+                               [];
+                           ListenOn ->
+                               [#{ proto => Atom(Type)
+                                 , name => Name
+                                 , listen_on => Listen_fix(ListenOn)
+                                 , opts => [ {deflate_options, DeflateOpts(Prefix)}
+                                           , {tcp_options, TcpOpts(Prefix)}
+                                           , {ssl_options, SslOpts(Prefix)}
+                                           | LisOpts(Prefix)
+                                           ]
+                                 }
+                               ]
+                       end
+                   end,
+
+    lists:flatten([TcpListeners(Type, Name) || {["listener", Type, Name], ListenOn}
+                                               <- cuttlefish_variable:filter_by_prefix("listener.tcp", Conf)
+                                               ++ cuttlefish_variable:filter_by_prefix("listener.ws", Conf)]
+                  ++
+                  [SslListeners(Type, Name) || {["listener", Type, Name], ListenOn}
+                                               <- cuttlefish_variable:filter_by_prefix("listener.ssl", Conf)
+                                               ++ cuttlefish_variable:filter_by_prefix("listener.wss", Conf)])
+end}.
+
+%%--------------------------------------------------------------------
+%% Modules
+%%--------------------------------------------------------------------
+
+{mapping, "modules.loaded_file", "emqx.modules_loaded_file", [
+  {datatype, string}
+]}.
+
+{mapping, "module.presence.qos", "emqx.modules", [
+  {default, 1},
+  {datatype, integer},
+  {validators, ["range:0-2"]}
+]}.
+
+{mapping, "module.subscription.$id.topic", "emqx.modules", [
+  {datatype, string}
+]}.
+
+{mapping, "module.subscription.$id.qos", "emqx.modules", [
+  {default, 1},
+  {datatype, integer},
+  {validators, ["range:0-2"]}
+]}.
+
+{mapping, "module.subscription.$id.nl", "emqx.modules", [
+  {default, 0},
+  {datatype, integer},
+  {validators, ["range:0-1"]}
+]}.
+
+{mapping, "module.subscription.$id.rap", "emqx.modules", [
+  {default, 0},
+  {datatype, integer},
+  {validators, ["range:0-1"]}
+]}.
+
+{mapping, "module.subscription.$id.rh", "emqx.modules", [
+  {default, 0},
+  {datatype, integer},
+  {validators, ["range:0-2"]}
+]}.
+
+{mapping, "module.rewrite.rule.$id", "emqx.modules", [
+  {datatype, string}
+]}.
+
+{mapping, "module.rewrite.pub.rule.$id", "emqx.modules", [
+  {datatype, string}
+]}.
+
+{mapping, "module.rewrite.sub.rule.$id", "emqx.modules", [
+  {datatype, string}
+]}.
+
+{translation, "emqx.modules", fun(Conf, _, Conf1) ->
+  Subscriptions = fun() ->
+      List = cuttlefish_variable:filter_by_prefix("module.subscription", Conf),
+      TopicList = [{N, Topic}|| {[_,"subscription",N,"topic"], Topic} <- List],
+      [{iolist_to_binary(T), #{ qos => cuttlefish:conf_get("module.subscription." ++ N ++ ".qos", Conf, 0),
+                                nl  => cuttlefish:conf_get("module.subscription." ++ N ++ ".nl", Conf, 0),
+                                rap => cuttlefish:conf_get("module.subscription." ++ N ++ ".rap", Conf, 0),
+                                rh  => cuttlefish:conf_get("module.subscription." ++ N ++ ".rh", Conf, 0)
+                                }} || {N, T} <- TopicList]
+  end,
+  Rewrites = fun() ->
+      Rules = cuttlefish_variable:filter_by_prefix("module.rewrite.rule", Conf),
+      PubRules = cuttlefish_variable:filter_by_prefix("module.rewrite.pub.rule", Conf),
+      SubRules = cuttlefish_variable:filter_by_prefix("module.rewrite.sub.rule", Conf),
+      TotalRules = lists:append(
+                     [ {["module", "rewrite", "pub", "rule", I], Rule} || {["module", "rewrite", "rule", I], Rule} <- Rules] ++ PubRules,
+                     [ {["module", "rewrite", "sub", "rule", I], Rule} || {["module", "rewrite", "rule", I], Rule} <- Rules] ++ SubRules
+                    ),
+      lists:map(fun({[_, "rewrite", PubOrSub, "rule", I], Rule}) ->
+                    [Topic, Re, Dest] = string:tokens(Rule, " "),
+                    {rewrite, list_to_atom(PubOrSub), list_to_binary(Topic), list_to_binary(Re), list_to_binary(Dest)}
+                end, TotalRules)
+  end,
+  lists:append([
+    [{emqx_mod_presence, [{qos, cuttlefish:conf_get("module.presence.qos", Conf, 1)}]}],
+    [{emqx_mod_subscription, Subscriptions()}],
+    [{emqx_mod_rewrite, Rewrites()}],
+    [{emqx_mod_topic_metrics, []}],
+    [{emqx_mod_delayed, []}],
+    [{emqx_mod_acl_internal, [{acl_file, cuttlefish:conf_get("acl_file", Conf1)}]}]
+  ])
+end}.
+
+%%-------------------------------------------------------------------
+%% Plugins
+%%-------------------------------------------------------------------
+
+{mapping, "plugins.etc_dir", "emqx.plugins_etc_dir", [
+  {datatype, string}
+]}.
+
+{mapping, "plugins.loaded_file", "emqx.plugins_loaded_file", [
+  {datatype, string}
+]}.
+
+{mapping, "plugins.expand_plugins_dir", "emqx.expand_plugins_dir", [
+  {datatype, string}
+]}.
+
+%%--------------------------------------------------------------------
+%% Broker
+%%--------------------------------------------------------------------
+
+{mapping, "broker.sys_interval", "emqx.broker_sys_interval", [
+  {datatype, {duration, ms}},
+  {default, "1m"}
+]}.
+
+{mapping, "broker.sys_heartbeat", "emqx.broker_sys_heartbeat", [
+  {datatype, {duration, ms}},
+  {default, "30s"}
+]}.
+
+{mapping, "broker.enable_session_registry", "emqx.enable_session_registry", [
+  {default, on},
+  {datatype, flag}
+]}.
+
+{mapping, "broker.session_locking_strategy", "emqx.session_locking_strategy", [
+  {default, quorum},
+  {datatype, {enum, [local,leader,quorum,all]}}
+]}.
+
+%% @doc Shared Subscription Dispatch Strategy.
+{mapping, "broker.shared_subscription_strategy", "emqx.shared_subscription_strategy", [
+  {default, round_robin},
+  {datatype,
+   {enum,
+    [random, %% randomly pick a subscriber
+     round_robin, %% round robin alive subscribers one message after another
+     sticky, %% pick a random subscriber and stick to it
+     hash, %% hash client ID to a group member
+     hash_clientid,
+     hash_topic
+    ]}}
+]}.
+
+%% @doc Enable or disable shared dispatch acknowledgement for QoS1 and QoS2 messages
+{mapping, "broker.shared_dispatch_ack_enabled", "emqx.shared_dispatch_ack_enabled",
+ [ {default, false},
+   {datatype, {enum, [true, false]}}
+ ]}.
+
+{mapping, "broker.route_batch_clean", "emqx.route_batch_clean", [
+  {default, on},
+  {datatype, flag}
+]}.
+
+%% @doc Performance toggle for subscribe/unsubscribe wildcard topic.
+%%      Change this toggle only when there are many wildcard topics.
+%% key:   mnesia translational updates with per-key locks. recommended for single node setup.
+%% tab:   mnesia translational updates with table lock. recommended for multi-nodes setup.
+%% global: global lock protected updates. recommended for larger cluster.
+%% NOTE: when changing from/to 'global' lock, it requires all nodes in the cluster
+%%
+{mapping, "broker.perf.route_lock_type", "emqx.route_lock_type", [
+  {default, key},
+  {datatype, {enum, [key, tab, global]}}
+]}.
+
+%% @doc Enable trie path compaction.
+%% Enabling it significantly improves wildcard topic subscribe rate,
+%% if wildcard topics have unique prefixes like: 'sensor/{{id}}/+/',
+%% where ID is unique per subscriber.
+%%
+%% Topic match performance (when publishing) may degrade if messages
+%% are mostly published to topics with large number of levels.
+%%
+%% NOTE: This is a cluster-wide configuration.
+%% It rquires all nodes to be stopped before changing it.
+{mapping, "broker.perf.trie_compaction", "emqx.trie_compaction", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%%--------------------------------------------------------------------
+%% System Monitor
+%%--------------------------------------------------------------------
+
+%% @doc Long GC, don't monitor in production mode for:
+%% https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421
+{mapping, "sysmon.long_gc", "emqx.sysmon", [
+  {default, 0},
+  {datatype, [integer, {duration, ms}]}
+]}.
+
+%% @doc Long Schedule(ms)
+{mapping, "sysmon.long_schedule", "emqx.sysmon", [
+  {default, 240},
+  {datatype, [integer, {duration, ms}]}
+]}.
+
+%% @doc Large Heap
+{mapping, "sysmon.large_heap", "emqx.sysmon", [
+  {default, "8MB"},
+  {datatype, bytesize}
+]}.
+
+%% @doc Monitor Busy Port
+{mapping, "sysmon.busy_port", "emqx.sysmon", [
+  {default, false},
+  {datatype, {enum, [true, false]}}
+]}.
+
+%% @doc Monitor Busy Dist Port
+{mapping, "sysmon.busy_dist_port", "emqx.sysmon", [
+  {default, true},
+  {datatype, {enum, [true, false]}}
+]}.
+
+{translation, "emqx.sysmon", fun(Conf) ->
+    Configs = cuttlefish_variable:filter_by_prefix("sysmon", Conf),
+    [{list_to_atom(Name), Value} || {[_, Name], Value} <- Configs]
+end}.
+
+%%--------------------------------------------------------------------
+%% Operating System Monitor
+%%--------------------------------------------------------------------
+
+{mapping, "os_mon.cpu_check_interval", "emqx.os_mon", [
+  {default, 60},
+  {datatype, {duration, s}}
+]}.
+
+{mapping, "os_mon.cpu_high_watermark", "emqx.os_mon", [
+  {default, "80%"},
+  {datatype, {percent, float}}
+]}.
+
+{mapping, "os_mon.cpu_low_watermark", "emqx.os_mon", [
+  {default, "60%"},
+  {datatype, {percent, float}}
+]}.
+
+{mapping, "os_mon.mem_check_interval", "emqx.os_mon", [
+  {default, 60},
+  {datatype, {duration, s}}
+]}.
+
+{mapping, "os_mon.sysmem_high_watermark", "emqx.os_mon", [
+  {default, "70%"},
+  {datatype, {percent, float}}
+]}.
+
+{mapping, "os_mon.procmem_high_watermark", "emqx.os_mon", [
+  {default, "5%"},
+  {datatype, {percent, float}}
+]}.
+
+{translation, "emqx.os_mon", fun(Conf) ->
+    [{cpu_check_interval, cuttlefish:conf_get("os_mon.cpu_check_interval", Conf)},
+     {cpu_high_watermark, cuttlefish:conf_get("os_mon.cpu_high_watermark", Conf) * 100},
+     {cpu_low_watermark, cuttlefish:conf_get("os_mon.cpu_low_watermark", Conf) * 100},
+     {mem_check_interval, cuttlefish:conf_get("os_mon.mem_check_interval", Conf)},
+     {sysmem_high_watermark, cuttlefish:conf_get("os_mon.sysmem_high_watermark", Conf) * 100},
+     {procmem_high_watermark, cuttlefish:conf_get("os_mon.procmem_high_watermark", Conf) * 100}]
+end}.
+
+%%--------------------------------------------------------------------
+%% VM Monitor
+%%--------------------------------------------------------------------
+{mapping, "vm_mon.check_interval", "emqx.vm_mon", [
+  {default, 30},
+  {datatype, {duration, s}}
+]}.
+
+{mapping, "vm_mon.process_high_watermark", "emqx.vm_mon", [
+  {default, "80%"},
+  {datatype, {percent, float}}
+]}.
+
+{mapping, "vm_mon.process_low_watermark", "emqx.vm_mon", [
+  {default, "60%"},
+  {datatype, {percent, float}}
+]}.
+
+{translation, "emqx.vm_mon", fun(Conf) ->
+    [{check_interval, cuttlefish:conf_get("vm_mon.check_interval", Conf)},
+     {process_high_watermark, cuttlefish:conf_get("vm_mon.process_high_watermark", Conf) * 100},
+     {process_low_watermark, cuttlefish:conf_get("vm_mon.process_low_watermark", Conf) * 100}]
+end}.
+
+%%--------------------------------------------------------------------
+%% Alarm
+%%--------------------------------------------------------------------
+{mapping, "alarm.actions", "emqx.alarm", [
+  {default, "log,publish"},
+  {datatype, string}
+]}.
+
+{mapping, "alarm.size_limit", "emqx.alarm", [
+  {default, 1000},
+  {datatype, integer}
+]}.
+
+{mapping, "alarm.validity_period", "emqx.alarm", [
+  {default, "24h"},
+  {datatype, {duration, s}}
+]}.
+
+{translation, "emqx.alarm", fun(Conf) ->
+    [{actions, [list_to_atom(Action) || Action <- string:tokens(cuttlefish:conf_get("alarm.actions", Conf), ",")]},
+     {size_limit, cuttlefish:conf_get("alarm.size_limit", Conf)},
+     {validity_period, cuttlefish:conf_get("alarm.validity_period", Conf)}]
+end}.
+
+%%--------------------------------------------------------------------
+%% Telemetry
+%%--------------------------------------------------------------------
+{mapping, "telemetry.enabled", "emqx.telemetry", [
+  {default, false},
+  {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "telemetry.url", "emqx.telemetry", [
+  {default, "https://telemetry-emqx-io.bigpar.vercel.app/api/telemetry"},
+  {datatype, string}
+]}.
+
+{mapping, "telemetry.report_interval", "emqx.telemetry", [
+  {default, "7d"},
+  {datatype, {duration, s}}
+]}.
+
+{translation, "emqx.telemetry", fun(Conf) ->
+  [ {enabled,         cuttlefish:conf_get("telemetry.enabled", Conf)}
+  , {url,             cuttlefish:conf_get("telemetry.url", Conf)}
+  , {report_interval, cuttlefish:conf_get("telemetry.report_interval", Conf)}
+  ]
+end}.

From 7af4b80ef4e7bee89ca15b9cbd1d9f2457a3bd57 Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Thu, 10 Jun 2021 10:24:38 +0800
Subject: [PATCH 037/174] fix(lwm2m): base64 decode for opaque value

---
 apps/emqx_lwm2m/src/emqx_lwm2m.app.src     |  2 +-
 apps/emqx_lwm2m/src/emqx_lwm2m.appup.src   |  8 ++++++++
 apps/emqx_lwm2m/src/emqx_lwm2m_message.erl |  5 ++++-
 apps/emqx_lwm2m/test/emqx_lwm2m_SUITE.erl  | 11 +++++++----
 4 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m.app.src b/apps/emqx_lwm2m/src/emqx_lwm2m.app.src
index 19fabc526..209499fc5 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m.app.src
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m.app.src
@@ -1,6 +1,6 @@
 {application,emqx_lwm2m,
              [{description,"EMQ X LwM2M Gateway"},
-              {vsn, "4.3.1"}, % strict semver, bump manually!
+              {vsn, "4.3.2"}, % strict semver, bump manually!
               {modules,[]},
               {registered,[emqx_lwm2m_sup]},
               {applications,[kernel,stdlib,lwm2m_coap]},
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m.appup.src b/apps/emqx_lwm2m/src/emqx_lwm2m.appup.src
index fb22c843d..db46dd42e 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m.appup.src
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m.appup.src
@@ -1,13 +1,21 @@
 %% -*-: erlang -*-
 {VSN,
   [
+    {"4.3.1", [
+      {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []}
+    ]},
     {"4.3.0", [
+      {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []},
       {load_module, emqx_lwm2m_protocol, brutal_purge, soft_purge, []}
     ]},
     {<<".*">>, []}
   ],
   [
+    {"4.3.1", [
+      {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []}
+    ]},
     {"4.3.0", [
+      {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []},
       {load_module, emqx_lwm2m_protocol, brutal_purge, soft_purge, []}
     ]},
    {<<".*">>, []}
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_message.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_message.erl
index 2dc9fa08a..6b8bc8d50 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m_message.erl
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_message.erl
@@ -197,7 +197,10 @@ value_ex(K, Value) when K =:= <<"Integer">>; K =:= <<"Float">>; K =:= <<"Time">>
 value_ex(K, Value) when K =:= <<"String">> ->
     Value;
 value_ex(K, Value) when K =:= <<"Opaque">> ->
-    Value;
+    %% XXX: force to decode it with base64
+    %%      This may not be a good implementation, but it is
+    %%      consistent with the treatment of Opaque in value/3
+    base64:decode(Value);
 value_ex(K, <<"true">>) when K =:= <<"Boolean">> -> <<1>>;
 value_ex(K, <<"false">>) when K =:= <<"Boolean">> -> <<0>>;
 
diff --git a/apps/emqx_lwm2m/test/emqx_lwm2m_SUITE.erl b/apps/emqx_lwm2m/test/emqx_lwm2m_SUITE.erl
index 257502f2f..7f2f37466 100644
--- a/apps/emqx_lwm2m/test/emqx_lwm2m_SUITE.erl
+++ b/apps/emqx_lwm2m/test/emqx_lwm2m_SUITE.erl
@@ -40,6 +40,7 @@ all() ->
     , {group, test_grp_4_discover}
     , {group, test_grp_5_write_attr}
     , {group, test_grp_6_observe}
+    , {group, test_grp_8_object_19}
     ].
 
 suite() -> [{timetrap, {seconds, 90}}].
@@ -98,9 +99,9 @@ groups() ->
         ]},
         {test_grp_8_object_19, [RepeatOpt], [
             case80_specail_object_19_1_0_write,
-            case80_specail_object_19_0_0_notify,
-            case80_specail_object_19_0_0_response,
-            case80_normal_object_19_0_0_read
+            case80_specail_object_19_0_0_notify
+            %case80_specail_object_19_0_0_response,
+            %case80_normal_object_19_0_0_read
         ]},
         {test_grp_9_psm_queue_mode, [RepeatOpt], [
             case90_psm_mode,
@@ -1655,6 +1656,7 @@ case80_specail_object_19_1_0_write(Config) ->
                     <<"value">> => base64:encode(<<12345:32>>)
                 }
                },
+
     CommandJson = emqx_json:encode(Command),
     test_mqtt_broker:publish(CommandTopic, CommandJson, 0),
     timer:sleep(50),
@@ -1663,7 +1665,7 @@ case80_specail_object_19_1_0_write(Config) ->
     Path2 = get_coap_path(Options2),
     ?assertEqual(put, Method2),
     ?assertEqual(<<"/19/1/0">>, Path2),
-    ?assertEqual(<<12345:32>>, Payload2),
+    ?assertEqual(<<3:2, 0:1, 0:2, 4:3, 0, 12345:32>>, Payload2),
     timer:sleep(50),
 
     test_send_coap_response(UdpSock, "127.0.0.1", ?PORT, {ok, changed}, #coap_content{}, Request2, true),
@@ -1672,6 +1674,7 @@ case80_specail_object_19_1_0_write(Config) ->
     ReadResult = emqx_json:encode(#{
                                 <<"requestID">> => CmdId, <<"cacheID">> => CmdId,
                                 <<"data">> => #{
+                                    <<"reqPath">> => <<"/19/1/0">>,
                                     <<"code">> => <<"2.04">>,
                                     <<"codeMsg">> => <<"changed">>
                                 },

From 501b9c94358d25cf34e4e0962907b07aaa86eb55 Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Fri, 11 Jun 2021 09:56:11 +0800
Subject: [PATCH 038/174] fix(minirest): encode response message failed (#4965)

---
 .ci/fvt_tests/http_server/rebar.config | 2 +-
 rebar.config                           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.ci/fvt_tests/http_server/rebar.config b/.ci/fvt_tests/http_server/rebar.config
index 29cc392ea..314679264 100644
--- a/.ci/fvt_tests/http_server/rebar.config
+++ b/.ci/fvt_tests/http_server/rebar.config
@@ -1,7 +1,7 @@
 {erl_opts, [debug_info]}.
 {deps, 
  [
-    {minirest, {git, "https://github.com/emqx/minirest.git", {tag, "0.3.5"}}}
+    {minirest, {git, "https://github.com/emqx/minirest.git", {tag, "0.3.6"}}}
  ]}.
 
 {shell, [
diff --git a/rebar.config b/rebar.config
index 03a36570f..ae1d1e83a 100644
--- a/rebar.config
+++ b/rebar.config
@@ -42,7 +42,7 @@
     , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.10.1"}}}
     , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.1"}}}
     , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v4.0.1"}}} % TODO: delete when all apps moved to hocon
-    , {minirest, {git, "https://github.com/emqx/minirest", {tag, "0.3.5"}}}
+    , {minirest, {git, "https://github.com/emqx/minirest", {tag, "0.3.6"}}}
     , {ecpool, {git, "https://github.com/emqx/ecpool", {tag, "0.5.1"}}}
     , {replayq, {git, "https://github.com/emqx/replayq", {tag, "0.3.2"}}}
     , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}

From 8352fa6f311b114659a7e473af1523f93d9546ea Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Fri, 11 Jun 2021 11:08:24 +0800
Subject: [PATCH 039/174] fix(mqttsn): fix proto_name to MQTT-SN instead of
 MQTT (#4961)

---
 apps/emqx/include/emqx_mqtt.hrl      |  2 ++
 apps/emqx/src/emqx.appup.src         | 27 +++++++++++++++++++--------
 apps/emqx_sn/src/emqx_sn.appup.src   |  6 ++++++
 apps/emqx_sn/src/emqx_sn_gateway.erl | 10 ++++++----
 4 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/apps/emqx/include/emqx_mqtt.hrl b/apps/emqx/include/emqx_mqtt.hrl
index e6e9bffe5..5dd9a317c 100644
--- a/apps/emqx/include/emqx_mqtt.hrl
+++ b/apps/emqx/include/emqx_mqtt.hrl
@@ -30,11 +30,13 @@
 %% MQTT Protocol Version and Names
 %%--------------------------------------------------------------------
 
+-define(MQTT_SN_PROTO_V1, 1).
 -define(MQTT_PROTO_V3, 3).
 -define(MQTT_PROTO_V4, 4).
 -define(MQTT_PROTO_V5, 5).
 
 -define(PROTOCOL_NAMES, [
+    {?MQTT_SN_PROTO_V1, <<"MQTT-SN">>}, %% XXX:Compatible with emqx-sn plug-in
     {?MQTT_PROTO_V3, <<"MQIsdp">>},
     {?MQTT_PROTO_V4, <<"MQTT">>},
     {?MQTT_PROTO_V5, <<"MQTT">>}]).
diff --git a/apps/emqx/src/emqx.appup.src b/apps/emqx/src/emqx.appup.src
index b51a7f3b7..8c778ef36 100644
--- a/apps/emqx/src/emqx.appup.src
+++ b/apps/emqx/src/emqx.appup.src
@@ -1,12 +1,17 @@
 %% -*- mode: erlang -*-
 {VSN,
-  [{"4.3.2",
-    [{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
+  [
+   {"4.3.3",
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]}]},
+   {"4.3.2",
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
      {load_module,emqx_channel,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]},
      {load_module,emqx_connection,brutal_purge,soft_purge,[]}]},
    {"4.3.1",
-    [{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_frame,brutal_purge,soft_purge,[]},
      {load_module,emqx_cm,brutal_purge,soft_purge,[]},
@@ -18,7 +23,8 @@
      {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
    {"4.3.0",
-    [{load_module,emqx_logger_jsonfmt,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_logger_jsonfmt,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_congestion,brutal_purge,soft_purge,[]},
      {load_module,emqx_connection,brutal_purge,soft_purge,[]},
@@ -34,13 +40,17 @@
      {apply,{emqx_metrics,upgrade_retained_delayed_counter_type,[]}},
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
    {<<".*">>,[]}],
-  [{"4.3.2",
-    [{load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
+  [{"4.3.3",
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]}]},
+   {"4.3.2",
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
      {load_module,emqx_channel,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]},
      {load_module,emqx_connection,brutal_purge,soft_purge,[]}]},
    {"4.3.1",
-    [{load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_frame,brutal_purge,soft_purge,[]},
      {load_module,emqx_cm,brutal_purge,soft_purge,[]},
@@ -52,7 +62,8 @@
      {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
    {"4.3.0",
-    [{load_module,emqx_logger_jsonfmt,brutal_purge,soft_purge,[]},
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_logger_jsonfmt,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_congestion,brutal_purge,soft_purge,[]},
diff --git a/apps/emqx_sn/src/emqx_sn.appup.src b/apps/emqx_sn/src/emqx_sn.appup.src
index a6a1a6c84..2bd6f5646 100644
--- a/apps/emqx_sn/src/emqx_sn.appup.src
+++ b/apps/emqx_sn/src/emqx_sn.appup.src
@@ -1,11 +1,17 @@
 %% -*-: erlang -*-
 {VSN,
  [
+   {"4.3.2", [
+     {load_module, emqx_sn_gateway, brutal_purge, soft_purge, []}
+   ]},
    {<<"4.3.[0-1]">>, [
      {restart_application, emqx_sn}
    ]}
  ],
  [
+   {"4.3.2", [
+     {load_module, emqx_sn_gateway, brutal_purge, soft_purge, []}
+   ]},
    {<<"4.3.[0-1]">>, [
      {restart_application, emqx_sn}
    ]}
diff --git a/apps/emqx_sn/src/emqx_sn_gateway.erl b/apps/emqx_sn/src/emqx_sn_gateway.erl
index 2339961cf..9a8c68583 100644
--- a/apps/emqx_sn/src/emqx_sn_gateway.erl
+++ b/apps/emqx_sn/src/emqx_sn_gateway.erl
@@ -826,15 +826,17 @@ do_connect(ClientId, CleanStart, WillFlag, Duration, State) ->
                                    clean_start = CleanStart,
                                    username    = State#state.username,
                                    password    = State#state.password,
+                                   proto_name  = <<"MQTT-SN">>,
                                    keepalive   = Duration,
-                                   properties  = OnlyOneInflight
+                                   properties  = OnlyOneInflight,
+                                   proto_ver   = 1
                                   },
     case WillFlag of
         true -> State0 = send_message(?SN_WILLTOPICREQ_MSG(), State),
                 NState = State0#state{connpkt  = ConnPkt,
-                                     clientid = ClientId,
-                                     keepalive_interval = Duration
-                                    },
+                                      clientid = ClientId,
+                                      keepalive_interval = Duration
+                                     },
                 {next_state, wait_for_will_topic, NState};
         false ->
             NState = State#state{clientid = ClientId,

From 0451f89c2222f96ddc6797a7422e998f49da0d61 Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Thu, 10 Jun 2021 19:59:10 +0200
Subject: [PATCH 040/174] chore(conf): change default number of gen_rpc
 connections to 1

---
 apps/emqx/etc/emqx.conf | 4 ++--
 priv/emqx.schema        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index f6627bf1c..b75e12a59 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -350,8 +350,8 @@ rpc.port_discovery = stateless
 ## Number of outgoing RPC connections.
 ##
 ## Value: Interger [0-256]
-## Defaults to NumberOfCPUSchedulers / 2 when set to 0
-#rpc.tcp_client_num = 0
+## Default = 1
+#rpc.tcp_client_num = 1
 
 ## RCP Client connect timeout.
 ##
diff --git a/priv/emqx.schema b/priv/emqx.schema
index 2d67c9677..142a9acf4 100644
--- a/priv/emqx.schema
+++ b/priv/emqx.schema
@@ -376,7 +376,7 @@ end}.
 
 {translation, "gen_rpc.tcp_client_num", fun(Conf) ->
   case cuttlefish:conf_get("rpc.tcp_client_num", Conf) of
-    0 -> max(1, erlang:system_info(schedulers) div 2);
+    0 -> 1; %% keep allowing 0 for backward compatibility
     V -> V
   end
 end}.

From c1d2bae833f06478e1d25e51d5636f7f67364f48 Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Wed, 9 Jun 2021 11:40:52 +0200
Subject: [PATCH 041/174] fix(auth_ldap): Handle missing attributes

Fixes: #4953
---
 apps/emqx_auth_ldap/src/emqx_acl_ldap.erl        | 11 +++--------
 apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src |  8 ++++++++
 2 files changed, 11 insertions(+), 8 deletions(-)
 create mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src

diff --git a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
index 25287052c..8324f6414 100644
--- a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
+++ b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
@@ -27,10 +27,6 @@
         , description/0
         ]).
 
--import(proplists, [get_value/2]).
-
--import(emqx_auth_ldap_cli, [search/4]).
-
 -spec(register_metrics() -> ok).
 register_metrics() ->
     lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
@@ -70,14 +66,14 @@ do_check_acl(#{username := Username}, PubSub, Topic, _NoMatchAction,
 
     BaseDN = emqx_auth_ldap:replace_vars(CustomBaseDN, ReplaceRules),
 
-    case search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of
+    case emqx_auth_ldap_cli:search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of
         {error, noSuchObject} ->
             ok;
         {ok, #eldap_search_result{entries = []}} ->
             ok;
         {ok, #eldap_search_result{entries = [Entry]}} ->
-            Topics = get_value(Attribute, Entry#eldap_entry.attributes)
-                ++ get_value(Attribute1, Entry#eldap_entry.attributes),
+            Topics = proplists:get_value(Attribute, Entry#eldap_entry.attributes, [])
+                ++ proplists:get_value(Attribute1, Entry#eldap_entry.attributes, []),
             match(Topic, Topics);
         Error ->
             ?LOG(error, "[LDAP] search error:~p", [Error]),
@@ -95,4 +91,3 @@ match(Topic, [Filter | Topics]) ->
 
 description() ->
     "ACL with LDAP".
-
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
new file mode 100644
index 000000000..8b70bf484
--- /dev/null
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
@@ -0,0 +1,8 @@
+%% -*- mode: erlang -*-
+{VSN,
+  [{"4.3.0",
+    [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
+   {<<".*">>,[]}],
+  [{"4.3.0",
+    [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
+   {<<".*">>,[]}]}.

From 2bc586b93054c91e97996e67e4ebc5de746bacfa Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Fri, 11 Jun 2021 11:48:44 +0800
Subject: [PATCH 042/174] fix(ws): avoid funcation_clause for un-inited
 websocket

---
 apps/emqx/src/emqx.appup.src         | 10 ++++++++--
 apps/emqx/src/emqx_ws_connection.erl |  5 ++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/apps/emqx/src/emqx.appup.src b/apps/emqx/src/emqx.appup.src
index 8c778ef36..53e77a103 100644
--- a/apps/emqx/src/emqx.appup.src
+++ b/apps/emqx/src/emqx.appup.src
@@ -2,9 +2,12 @@
 {VSN,
   [
    {"4.3.3",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]}]},
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]}
+    ]},
    {"4.3.2",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
      {load_module,emqx_channel,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]},
@@ -41,9 +44,12 @@
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
    {<<".*">>,[]}],
   [{"4.3.3",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]}]},
+    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]}
+    ]},
    {"4.3.2",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
      {load_module,emqx_channel,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]},
diff --git a/apps/emqx/src/emqx_ws_connection.erl b/apps/emqx/src/emqx_ws_connection.erl
index 7bc68c271..d686e1611 100644
--- a/apps/emqx/src/emqx_ws_connection.erl
+++ b/apps/emqx/src/emqx_ws_connection.erl
@@ -403,7 +403,10 @@ websocket_close(Reason, State) ->
 
 terminate(Reason, _Req, #state{channel = Channel}) ->
     ?LOG(debug, "Terminated due to ~p", [Reason]),
-    emqx_channel:terminate(Reason, Channel).
+    emqx_channel:terminate(Reason, Channel);
+
+terminate(_Reason, _Req, _UnExpectedState) ->
+    ok.
 
 %%--------------------------------------------------------------------
 %% Handle call

From 56ac459b7f876d309cf0e0f7132b9f9773bdbd73 Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Tue, 15 Jun 2021 20:48:07 +0800
Subject: [PATCH 043/174] fix(modules): fix start/stop exhook module failure

---
 apps/emqx_exhook/src/emqx_exhook.app.src    |  2 +-
 apps/emqx_exhook/src/emqx_exhook.appup.src  | 12 ++++++++++--
 apps/emqx_exhook/src/emqx_exhook_server.erl |  9 ++++++++-
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/apps/emqx_exhook/src/emqx_exhook.app.src b/apps/emqx_exhook/src/emqx_exhook.app.src
index 452d2a742..e703cfe5e 100644
--- a/apps/emqx_exhook/src/emqx_exhook.app.src
+++ b/apps/emqx_exhook/src/emqx_exhook.app.src
@@ -1,6 +1,6 @@
 {application, emqx_exhook,
  [{description, "EMQ X Extension for Hook"},
-  {vsn, "4.3.1"},
+  {vsn, "4.3.2"},
   {modules, []},
   {registered, []},
   {mod, {emqx_exhook_app, []}},
diff --git a/apps/emqx_exhook/src/emqx_exhook.appup.src b/apps/emqx_exhook/src/emqx_exhook.appup.src
index 2811c1554..26e84d88f 100644
--- a/apps/emqx_exhook/src/emqx_exhook.appup.src
+++ b/apps/emqx_exhook/src/emqx_exhook.appup.src
@@ -1,14 +1,22 @@
 %% -*-: erlang -*-
 {VSN,
  [
+    {"4.3.1", [
+      {load_module, emqx_exhook_server, brutal_purge, soft_purge, []}
+    ]},
     {"4.3.0", [
-      {load_module, emqx_exhook_pb, brutal_purge, soft_purge, []}
+      {load_module, emqx_exhook_pb, brutal_purge, soft_purge, []},
+      {load_module, emqx_exhook_server, brutal_purge, soft_purge, []}
     ]},
     {<<".*">>, []}
  ],
  [
+    {"4.3.1", [
+      {load_module, emqx_exhook_server, brutal_purge, soft_purge, []}
+    ]},
     {"4.3.0", [
-      {load_module, emqx_exhook_pb, brutal_purge, soft_purge, []}
+      {load_module, emqx_exhook_pb, brutal_purge, soft_purge, []},
+      {load_module, emqx_exhook_server, brutal_purge, soft_purge, []}
     ]},
     {<<".*">>, []}
  ]
diff --git a/apps/emqx_exhook/src/emqx_exhook_server.erl b/apps/emqx_exhook/src/emqx_exhook_server.erl
index 848a3f59d..f4965e4ca 100644
--- a/apps/emqx_exhook/src/emqx_exhook_server.erl
+++ b/apps/emqx_exhook/src/emqx_exhook_server.erl
@@ -122,7 +122,7 @@ channel_opts(Opts) ->
     Scheme = proplists:get_value(scheme, Opts),
     Host = proplists:get_value(host, Opts),
     Port = proplists:get_value(port, Opts),
-    SvrAddr = lists:flatten(io_lib:format("~s://~s:~w", [Scheme, Host, Port])),
+    SvrAddr = format_http_uri(Scheme, Host, Port),
     ClientOpts = case Scheme of
                      https ->
                          SslOpts = lists:keydelete(ssl, 1, proplists:get_value(ssl_options, Opts, [])),
@@ -133,6 +133,13 @@ channel_opts(Opts) ->
                  end,
     {SvrAddr, ClientOpts}.
 
+format_http_uri(Scheme, Host0, Port) ->
+    Host = case is_tuple(Host0) of
+               true -> inet:ntoa(Host0);
+               _ -> Host0
+           end,
+    lists:flatten(io_lib:format("~s://~s:~w", [Scheme, Host, Port])).
+
 -spec unload(server()) -> ok.
 unload(#server{name = Name, hookspec = HookSpecs}) ->
     _ = do_deinit(Name),

From bcedd7fe9eefe04b95cdbcdb4975c54b9d37523b Mon Sep 17 00:00:00 2001
From: tigercl <zhouzb@emqx.io>
Date: Thu, 17 Jun 2021 16:12:08 +0800
Subject: [PATCH 044/174] fix(query string): support query string in path
 (#4981)

---
 apps/emqx_auth_http/src/emqx_auth_http.app.src   |  2 +-
 apps/emqx_auth_http/src/emqx_auth_http.appup.src | 16 ++++++++++++++++
 apps/emqx_auth_http/src/emqx_auth_http_app.erl   | 13 ++++++++-----
 apps/emqx_web_hook/src/emqx_web_hook.app.src     |  2 +-
 apps/emqx_web_hook/src/emqx_web_hook.appup.src   | 12 +++++++-----
 apps/emqx_web_hook/src/emqx_web_hook_actions.erl | 14 +++++++++++---
 apps/emqx_web_hook/src/emqx_web_hook_app.erl     | 13 ++++++++-----
 7 files changed, 52 insertions(+), 20 deletions(-)
 create mode 100644 apps/emqx_auth_http/src/emqx_auth_http.appup.src

diff --git a/apps/emqx_auth_http/src/emqx_auth_http.app.src b/apps/emqx_auth_http/src/emqx_auth_http.app.src
index b2c3221e6..305487171 100644
--- a/apps/emqx_auth_http/src/emqx_auth_http.app.src
+++ b/apps/emqx_auth_http/src/emqx_auth_http.app.src
@@ -1,6 +1,6 @@
 {application, emqx_auth_http,
  [{description, "EMQ X Authentication/ACL with HTTP API"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
+  {vsn, "4.3.1"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_auth_http_sup]},
   {applications, [kernel,stdlib,ehttpc]},
diff --git a/apps/emqx_auth_http/src/emqx_auth_http.appup.src b/apps/emqx_auth_http/src/emqx_auth_http.appup.src
new file mode 100644
index 000000000..620194064
--- /dev/null
+++ b/apps/emqx_auth_http/src/emqx_auth_http.appup.src
@@ -0,0 +1,16 @@
+%% -*-: erlang -*-
+
+{VSN,
+  [
+    {"4.3.0", [
+     {restart_application, emqx_auth_http}
+    ]},
+    {<<".*">>, []}
+  ],
+  [
+    {"4.3.0", [
+     {restart_application, emqx_auth_http}
+    ]},
+    {<<".*">>, []}
+  ]
+}.
diff --git a/apps/emqx_auth_http/src/emqx_auth_http_app.erl b/apps/emqx_auth_http/src/emqx_auth_http_app.erl
index 7d4781f7c..51e376f6a 100644
--- a/apps/emqx_auth_http/src/emqx_auth_http_app.erl
+++ b/apps/emqx_auth_http/src/emqx_auth_http_app.erl
@@ -54,10 +54,9 @@ translate_env(EnvName) ->
             {ok, ConnectTimeout} = application:get_env(?APP, connect_timeout),
             URL = proplists:get_value(url, Req),
             {ok, #{host := Host,
-                   path := Path0,
                    port := Port,
-                   scheme := Scheme}} = emqx_http_lib:uri_parse(URL),
-            Path = path(Path0),
+                   scheme := Scheme} = URIMap} = emqx_http_lib:uri_parse(URL),
+            Path = path(URIMap),
             MoreOpts = case Scheme of
                         http ->
                             [{transport_opts, emqx_misc:ipv6_probe([])}];
@@ -151,8 +150,12 @@ ensure_content_type_header(Method, Headers)
 ensure_content_type_header(_Method, Headers) ->
     lists:keydelete("content-type", 1, Headers).
 
-path("") ->
+path(#{path := "", 'query' := Query}) ->
+    "?" ++ Query;
+path(#{path := Path, 'query' := Query}) ->
+    Path ++ "?" ++ Query;
+path(#{path := ""}) ->
     "/";
-path(Path) ->
+path(#{path := Path}) ->
     Path.
 
diff --git a/apps/emqx_web_hook/src/emqx_web_hook.app.src b/apps/emqx_web_hook/src/emqx_web_hook.app.src
index 97624a900..e1cfda173 100644
--- a/apps/emqx_web_hook/src/emqx_web_hook.app.src
+++ b/apps/emqx_web_hook/src/emqx_web_hook.app.src
@@ -1,6 +1,6 @@
 {application, emqx_web_hook,
  [{description, "EMQ X WebHook Plugin"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
+  {vsn, "4.3.2"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_web_hook_sup]},
   {applications, [kernel,stdlib,ehttpc]},
diff --git a/apps/emqx_web_hook/src/emqx_web_hook.appup.src b/apps/emqx_web_hook/src/emqx_web_hook.appup.src
index b92284b64..ae6e9e1ae 100644
--- a/apps/emqx_web_hook/src/emqx_web_hook.appup.src
+++ b/apps/emqx_web_hook/src/emqx_web_hook.appup.src
@@ -2,14 +2,16 @@
 
 {VSN,
   [
-    {"4.3.0", [
-     {load_module, emqx_web_hook_actions, brutal_purge, soft_purge, []}
-   ]},
+    {<<"4.3.[0-1]">>, [
+     {restart_application, emqx_web_hook},
+     {apply,{emqx_rule_engine,refresh_resource,[web_hook]}}
+    ]},
     {<<".*">>, []}
   ],
   [
-    {"4.3.0", [
-     {load_module, emqx_web_hook_actions, brutal_purge, soft_purge, []}
+    {<<"4.3.[0-1]">>, [
+     {restart_application, emqx_web_hook},
+     {apply,{emqx_rule_engine,refresh_resource,[web_hook]}}
     ]},
     {<<".*">>, []}
   ]
diff --git a/apps/emqx_web_hook/src/emqx_web_hook_actions.erl b/apps/emqx_web_hook/src/emqx_web_hook_actions.erl
index f8e4d8f08..8bb1c7de0 100644
--- a/apps/emqx_web_hook/src/emqx_web_hook_actions.erl
+++ b/apps/emqx_web_hook/src/emqx_web_hook_actions.erl
@@ -292,7 +292,7 @@ parse_action_params(Params = #{<<"url">> := URL}) ->
         Headers = headers(maps:get(<<"headers">>, Params, undefined)),
         NHeaders = ensure_content_type_header(Headers, Method),
         #{method => Method,
-          path => path(filename:join(CommonPath, maps:get(<<"path">>, Params, <<>>))),
+          path => merge_path(CommonPath, maps:get(<<"path">>, Params, <<>>)),
           headers => NHeaders,
           body => maps:get(<<"body">>, Params, <<>>),
           request_timeout => cuttlefish_duration:parse(str(maps:get(<<"request_timeout">>, Params, <<"5s">>))),
@@ -306,8 +306,16 @@ ensure_content_type_header(Headers, Method) when Method =:= post orelse Method =
 ensure_content_type_header(Headers, _Method) ->
     lists:keydelete("content-type", 1, Headers).
 
-path(<<>>) -> <<"/">>;
-path(Path) -> Path.
+merge_path(CommonPath, <<>>) ->
+    CommonPath;
+merge_path(CommonPath, Path0) ->
+    case emqx_http_lib:uri_parse(Path0) of
+        {ok, #{path := Path1, 'query' := Query}} ->
+            Path2 = filename:join(CommonPath, Path1),
+            <<Path2/binary, "?", Query/binary>>;
+        {ok, #{path := Path1}} ->
+            filename:join(CommonPath, Path1)
+    end.
 
 method(GET) when GET == <<"GET">>; GET == <<"get">> -> get;
 method(POST) when POST == <<"POST">>; POST == <<"post">> -> post;
diff --git a/apps/emqx_web_hook/src/emqx_web_hook_app.erl b/apps/emqx_web_hook/src/emqx_web_hook_app.erl
index 492af628d..580742c47 100644
--- a/apps/emqx_web_hook/src/emqx_web_hook_app.erl
+++ b/apps/emqx_web_hook/src/emqx_web_hook_app.erl
@@ -42,10 +42,9 @@ stop(_State) ->
 translate_env() ->
     {ok, URL} = application:get_env(?APP, url),
     {ok, #{host := Host,
-           path := Path0,
            port := Port,
-           scheme := Scheme}} = emqx_http_lib:uri_parse(URL),
-    Path = path(Path0),
+           scheme := Scheme} = URIMap} = emqx_http_lib:uri_parse(URL),
+    Path = path(URIMap),
     PoolSize = application:get_env(?APP, pool_size, 32),
     MoreOpts = case Scheme of
                    http ->
@@ -89,9 +88,13 @@ translate_env() ->
     NHeaders = set_content_type(Headers),
     application:set_env(?APP, headers, NHeaders).
 
-path("") ->
+path(#{path := "", 'query' := Query}) ->
+    "?" ++ Query;
+path(#{path := Path, 'query' := Query}) ->
+    Path ++ "?" ++ Query;
+path(#{path := ""}) ->
     "/";
-path(Path) ->
+path(#{path := Path}) ->
     Path.
 
 set_content_type(Headers) ->

From 8a3ac7c878a6bbd0142adc5bc4eee9685b005f48 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Mon, 28 Jun 2021 10:48:33 +0800
Subject: [PATCH 045/174] chore(plugins): rm emqx-sasl plugin

---
 apps/emqx_sasl/.gitignore                     |  26 --
 apps/emqx_sasl/README.md                      |   2 -
 apps/emqx_sasl/etc/emqx_sasl.conf             |   0
 apps/emqx_sasl/include/emqx_sasl.hrl          |  19 --
 apps/emqx_sasl/priv/emqx_sasl.schema          |   0
 apps/emqx_sasl/rebar.config                   |  19 --
 apps/emqx_sasl/src/emqx_sasl.app.src          |  14 -
 apps/emqx_sasl/src/emqx_sasl.appup.src        |  13 -
 apps/emqx_sasl/src/emqx_sasl.erl              |  56 ----
 apps/emqx_sasl/src/emqx_sasl_api.erl          | 227 -------------
 apps/emqx_sasl/src/emqx_sasl_app.erl          |  46 ---
 apps/emqx_sasl/src/emqx_sasl_cli.erl          |  82 -----
 apps/emqx_sasl/src/emqx_sasl_scram.erl        | 310 ------------------
 apps/emqx_sasl/test/emqx_sasl_scram_SUITE.erl | 140 --------
 rebar.config.erl                              |   1 -
 15 files changed, 955 deletions(-)
 delete mode 100644 apps/emqx_sasl/.gitignore
 delete mode 100644 apps/emqx_sasl/README.md
 delete mode 100644 apps/emqx_sasl/etc/emqx_sasl.conf
 delete mode 100644 apps/emqx_sasl/include/emqx_sasl.hrl
 delete mode 100644 apps/emqx_sasl/priv/emqx_sasl.schema
 delete mode 100644 apps/emqx_sasl/rebar.config
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl.app.src
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl.appup.src
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl.erl
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl_api.erl
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl_app.erl
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl_cli.erl
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl_scram.erl
 delete mode 100644 apps/emqx_sasl/test/emqx_sasl_scram_SUITE.erl

diff --git a/apps/emqx_sasl/.gitignore b/apps/emqx_sasl/.gitignore
deleted file mode 100644
index dce59c219..000000000
--- a/apps/emqx_sasl/.gitignore
+++ /dev/null
@@ -1,26 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-data/
-*.swp
-*.swo
-.erlang.mk/
-emqx_sasl.d
-erlang.mk
-rebar3.crashdump
-_build
-cover/
-ct.coverdata
-eunit.coverdata
-logs/
-rebar.lock
-test/ct.cover.spec
-etc/emqx_sasl.conf.rendered
-.rebar3/
\ No newline at end of file
diff --git a/apps/emqx_sasl/README.md b/apps/emqx_sasl/README.md
deleted file mode 100644
index 3284fb38c..000000000
--- a/apps/emqx_sasl/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-# emqx-sasl
-Simple Authentication and Security Layer
diff --git a/apps/emqx_sasl/etc/emqx_sasl.conf b/apps/emqx_sasl/etc/emqx_sasl.conf
deleted file mode 100644
index e69de29bb..000000000
diff --git a/apps/emqx_sasl/include/emqx_sasl.hrl b/apps/emqx_sasl/include/emqx_sasl.hrl
deleted file mode 100644
index a1658f2b8..000000000
--- a/apps/emqx_sasl/include/emqx_sasl.hrl
+++ /dev/null
@@ -1,19 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--define(APP, emqx_sasl).
-
--define(SCRAM_AUTH_TAB, scram_auth).
\ No newline at end of file
diff --git a/apps/emqx_sasl/priv/emqx_sasl.schema b/apps/emqx_sasl/priv/emqx_sasl.schema
deleted file mode 100644
index e69de29bb..000000000
diff --git a/apps/emqx_sasl/rebar.config b/apps/emqx_sasl/rebar.config
deleted file mode 100644
index 318f82a0b..000000000
--- a/apps/emqx_sasl/rebar.config
+++ /dev/null
@@ -1,19 +0,0 @@
-{deps,
- [{pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warnings_as_errors,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_sasl/src/emqx_sasl.app.src b/apps/emqx_sasl/src/emqx_sasl.app.src
deleted file mode 100644
index f490a6af5..000000000
--- a/apps/emqx_sasl/src/emqx_sasl.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_sasl,
- [{description, "EMQ X SASL"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_sasl_sup]},
-  {applications, [kernel,stdlib,pbkdf2]},
-  {mod, {emqx_sasl_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-sasl"}
-          ]}
- ]}.
diff --git a/apps/emqx_sasl/src/emqx_sasl.appup.src b/apps/emqx_sasl/src/emqx_sasl.appup.src
deleted file mode 100644
index df881fc05..000000000
--- a/apps/emqx_sasl/src/emqx_sasl.appup.src
+++ /dev/null
@@ -1,13 +0,0 @@
-%% -*-: erlang -*-
-{VSN,
- [
-   {"4.3.0", [
-     {restart_application, emqx_sasl}
-   ]}
- ],
- [
-   {"4.3.0", [
-     {restart_application, emqx_sasl}
-   ]}
- ]
-}.
diff --git a/apps/emqx_sasl/src/emqx_sasl.erl b/apps/emqx_sasl/src/emqx_sasl.erl
deleted file mode 100644
index 61fd34134..000000000
--- a/apps/emqx_sasl/src/emqx_sasl.erl
+++ /dev/null
@@ -1,56 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_sasl).
-
--include_lib("emqx/include/logger.hrl").
-
--export([ load/0
-        , unload/0
-        , init/0
-        , check/3
-        , supported/0
-        ]).
-
-load() ->
-    emqx:hook('client.enhanced_authenticate', {?MODULE, check, []}).
-
-unload() ->
-    emqx:unhook('client.enhanced_authenticate', {?MODULE, check}).
-
-init() ->
-    emqx_sasl_scram:init().
-
-check(Method, Data, Cache) ->
-    try
-        case Method of
-            <<"SCRAM-SHA-1">> ->
-                case emqx_sasl_scram:check(Data, Cache) of
-                    {ok, NData, NCache} -> {ok, {ok, NData, NCache}};
-                    {continue, NData, NCache} -> {ok, {continue, NData, NCache}};
-                    Re -> {stop, Re}
-                end;
-            _ ->
-                {error, unsupported_mechanism}
-        end
-    catch
-        _Class:_Reason:Stack ->
-            ?LOG(error, "[emqx_sasl] authentication failed: ~0p", [Stack]),
-            {error, authentication_failed}
-    end.
-
-supported() ->
-    [<<"SCRAM-SHA-1">>].
diff --git a/apps/emqx_sasl/src/emqx_sasl_api.erl b/apps/emqx_sasl/src/emqx_sasl_api.erl
deleted file mode 100644
index a69ac557d..000000000
--- a/apps/emqx_sasl/src/emqx_sasl_api.erl
+++ /dev/null
@@ -1,227 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_sasl_api).
-
--include("emqx_sasl.hrl").
-
--import(minirest, [ return/0
-                  , return/1
-                  ]).
-
--rest_api(#{name   => add,
-            method => 'POST',
-            path   => "/sasl",
-            func   => add,
-            descr  => "Add authentication information"}).
-
--rest_api(#{name   => delete,
-            method => 'DELETE',
-            path   => "/sasl",
-            func   => delete,
-            descr  => "Delete authentication information"}).
-
--rest_api(#{name   => update,
-            method => 'PUT',
-            path   => "/sasl",
-            func   => update,
-            descr  => "Update authentication information"}).
-
--rest_api(#{name   => get,
-            method => 'GET',
-            path   => "/sasl",
-            func   => get,
-            descr  => "Get authentication information"}).
-
--export([ add/2
-        , delete/2
-        , update/2
-        , get/2
-        ]).
-
-add(_Bindings, Params) ->
-    case pipeline([fun ensure_required_add_params/1,
-                   fun validate_params/1,
-                   fun do_add/1], Params) of
-        ok ->
-            return();
-        {error, Reason} ->
-            return({error, Reason})
-    end.
-
-delete(_Bindings, Params) ->
-    case pipeline([fun ensure_required_delete_params/1,
-                   fun validate_params/1,
-                   fun do_delete/1], Params) of
-        ok ->
-            return();
-        {error, Reason} ->
-            return({error, Reason})
-    end.
-
-update(_Bindings, Params) ->
-    case pipeline([fun ensure_required_add_params/1,
-                   fun validate_params/1,
-                   fun do_update/1], Params) of
-        ok ->
-            return();
-        {error, Reason} ->
-            return({error, Reason})
-    end.
-
-get(Bindings, Params) when is_list(Params) ->
-    get(Bindings, maps:from_list(Params));
-
-get(_Bindings, #{<<"mechanism">> := Mechanism0,
-                 <<"username">> := Username0}) ->
-    Mechanism = urldecode(Mechanism0),
-    Username = urldecode(Username0),
-    case Mechanism of
-        <<"SCRAM-SHA-1">> ->
-            case emqx_sasl_scram:lookup(Username) of
-                {ok, AuthInfo = #{salt := Salt}} ->
-                    return({ok, AuthInfo#{salt => base64:decode(Salt)}});
-                {error, Reason} ->
-                    return({error, Reason})
-            end;
-        _ ->
-            return({error, unsupported_mechanism})
-    end;
-get(_Bindings, #{<<"mechanism">> := Mechanism}) ->
-    case urldecode(Mechanism) of
-        <<"SCRAM-SHA-1">> ->
-            Data = #{Mechanism => mnesia:dirty_all_keys(?SCRAM_AUTH_TAB)},
-            return({ok, Data});
-        _ ->
-            return({error, <<"Unsupported mechanism">>})
-    end;
-
-get(_Bindings, _Params) ->
-    Data = lists:foldl(fun(Mechanism, Acc) ->
-                           case Mechanism of
-                               <<"SCRAM-SHA-1">> ->
-                                   [#{Mechanism => mnesia:dirty_all_keys(?SCRAM_AUTH_TAB)} | Acc]
-                           end
-                       end, [], emqx_sasl:supported()),
-    return({ok, Data}).
-
-ensure_required_add_params(Params) when is_list(Params) ->
-    case proplists:get_value(<<"mechanism">>, Params) of
-        undefined ->
-            {missing, missing_required_param};
-        Mechaism ->
-            ensure_required_add_params(Mechaism, Params)
-    end.
-
-ensure_required_add_params(<<"SCRAM-SHA-1">>, Params) ->
-    Required = [<<"username">>, <<"password">>, <<"salt">>],
-    case erlang:map_size(maps:with(Required, maps:from_list(Params))) =:= erlang:length(Required) of
-        true -> ok;
-        false -> {missing, missing_required_param}
-    end;
-ensure_required_add_params(_, _) ->
-    {error, unsupported_mechanism}.
-
-ensure_required_delete_params(Params) when is_list(Params) ->
-    case proplists:get_value(<<"mechanism">>, Params) of
-        undefined ->
-            {missing, missing_required_param};
-        Mechaism ->
-            ensure_required_delete_params(Mechaism, Params)
-    end.
-
-ensure_required_delete_params(<<"SCRAM-SHA-1">>, Params) ->
-    Required = [<<"username">>],
-    case erlang:map_size(maps:with(Required, maps:from_list(Params))) =:= erlang:length(Required) of
-        true -> ok;
-        false -> {missing, missing_required_param}
-    end;
-ensure_required_delete_params(_, _) ->
-    {error, unsupported_mechanism}.
-
-validate_params(Params) ->
-    Mechaism = proplists:get_value(<<"mechanism">>, Params),
-    validate_params(Mechaism, Params).
-
-validate_params(<<"SCRAM-SHA-1">>, []) ->
-    ok;
-validate_params(<<"SCRAM-SHA-1">>, [{<<"username">>, Username} | More]) when is_binary(Username) ->
-    validate_params(<<"SCRAM-SHA-1">>, More);
-validate_params(<<"SCRAM-SHA-1">>, [{<<"username">>, _} | _]) ->
-    {error, invalid_username};
-validate_params(<<"SCRAM-SHA-1">>, [{<<"password">>, Password} | More]) when is_binary(Password) ->
-    validate_params(<<"SCRAM-SHA-1">>, More);
-validate_params(<<"SCRAM-SHA-1">>, [{<<"password">>, _} | _]) ->
-    {error, invalid_password};
-validate_params(<<"SCRAM-SHA-1">>, [{<<"salt">>, Salt} | More]) when is_binary(Salt) ->
-    validate_params(<<"SCRAM-SHA-1">>, More);
-validate_params(<<"SCRAM-SHA-1">>, [{<<"salt">>, _} | _]) ->
-    {error, invalid_salt};
-validate_params(<<"SCRAM-SHA-1">>, [{<<"iteration_count">>, IterationCount} | More]) when is_integer(IterationCount) ->
-    validate_params(<<"SCRAM-SHA-1">>, More);
-validate_params(<<"SCRAM-SHA-1">>, [{<<"iteration_count">>, _} | _]) ->
-    {error, invalid_iteration_count};
-validate_params(<<"SCRAM-SHA-1">>, [_ | More]) ->
-    validate_params(<<"SCRAM-SHA-1">>, More).
-
-do_add(Params) ->
-    Mechaism = proplists:get_value(<<"mechanism">>, Params),
-    do_add(Mechaism, Params).
-
-do_add(<<"SCRAM-SHA-1">>, Params) ->
-    Username = proplists:get_value(<<"username">>, Params),
-    Password = proplists:get_value(<<"password">>, Params),
-    Salt = proplists:get_value(<<"salt">>, Params),
-    IterationCount = proplists:get_value(<<"iteration_count">>, Params, 4096),
-    emqx_sasl_scram:add(Username, Password, Salt, IterationCount);
-do_add(_, _) ->
-    {error, unsupported_mechanism}.
-
-do_delete(Params) ->
-    Mechaism = proplists:get_value(<<"mechanism">>, Params),
-    do_delete(Mechaism, Params).
-
-do_delete(<<"SCRAM-SHA-1">>, Params) ->
-    Username = proplists:get_value(<<"username">>, Params),
-    emqx_sasl_scram:delete(Username);
-do_delete(_, _) ->
-    {error, unsupported_mechanism}.
-
-do_update(Params) ->
-    Mechaism = proplists:get_value(<<"mechanism">>, Params),
-    do_update(Mechaism, Params).
-
-do_update(<<"SCRAM-SHA-1">>, Params) ->
-    Username = proplists:get_value(<<"username">>, Params),
-    Password = proplists:get_value(<<"password">>, Params),
-    Salt = proplists:get_value(<<"salt">>, Params),
-    IterationCount = proplists:get_value(<<"iteration_count">>, Params, 4096),
-    emqx_sasl_scram:update(Username, Password, Salt, IterationCount);
-do_update(_, _) ->
-    {error, unsupported_mechanism}.
-
-pipeline([], _) ->
-    ok;
-pipeline([Fun | More], Params) ->
-    case Fun(Params) of
-        ok ->
-            pipeline(More, Params);
-        {error, Reason} ->
-            {error, Reason}
-    end.
-
-urldecode(S) ->
-    emqx_http_lib:uri_decode(S).
diff --git a/apps/emqx_sasl/src/emqx_sasl_app.erl b/apps/emqx_sasl/src/emqx_sasl_app.erl
deleted file mode 100644
index 0ce3dc076..000000000
--- a/apps/emqx_sasl/src/emqx_sasl_app.erl
+++ /dev/null
@@ -1,46 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_sasl_app).
-
--behaviour(application).
-
--emqx_plugin(?MODULE).
-
--export([ start/2
-        , stop/1
-        ]).
-
--behaviour(supervisor).
-
--export([init/1]).
-
-start(_Type, _Args) ->
-    ok = emqx_sasl:init(),
-    _ = emqx_sasl:load(),
-    emqx_sasl_cli:load(),
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-stop(_State) ->
-    emqx_sasl_cli:unload(),
-    emqx_sasl:unload().
-
-%%--------------------------------------------------------------------
-%% Dummy supervisor
-%%--------------------------------------------------------------------
-
-init([]) ->
-    {ok, { {one_for_all, 1, 10}, []} }.
diff --git a/apps/emqx_sasl/src/emqx_sasl_cli.erl b/apps/emqx_sasl/src/emqx_sasl_cli.erl
deleted file mode 100644
index 01e862373..000000000
--- a/apps/emqx_sasl/src/emqx_sasl_cli.erl
+++ /dev/null
@@ -1,82 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_sasl_cli).
-
--include("emqx_sasl.hrl").
-
-%% APIs
--export([ load/0
-        , unload/0
-        , cli/1
-        ]).
-
-load() ->
-    emqx_ctl:register_command(sasl, {?MODULE, cli}, []).
-
-unload() ->
-    emqx_ctl:unregister_command(sasl).
-
-cli(["scram", "add", Username, Password, Salt]) ->
-    cli(["scram", "add", Username, Password, Salt, "4096"]);
-cli(["scram", "add", Username, Password, Salt, IterationCount]) ->
-    case emqx_sasl_scram:add(list_to_binary(Username),
-                                list_to_binary(Password),
-                                list_to_binary(Salt),
-                                list_to_integer(IterationCount)) of
-        ok ->
-            emqx_ctl:print("Authentication information added successfully~n");
-        {error, already_existed} ->
-            emqx_ctl:print("Authentication information already exists~n")
-    end;
-
-cli(["scram", "delete", Username0]) ->
-    Username = list_to_binary(Username0),
-    ok = emqx_sasl_scram:delete(Username),
-    emqx_ctl:print("Authentication information deleted successfully~n");
-
-cli(["scram", "update", Username, Password, Salt]) ->
-    cli(["scram", "update", Username, Password, Salt, "4096"]); 
-cli(["scram", "update", Username, Password, Salt, IterationCount]) ->
-    case emqx_sasl_scram:update(list_to_binary(Username),
-                                list_to_binary(Password),
-                                list_to_binary(Salt),
-                                list_to_integer(IterationCount)) of
-        ok ->
-            emqx_ctl:print("Authentication information updated successfully~n");
-        {error, not_found} ->
-            emqx_ctl:print("Authentication information not found~n")
-    end;
-
-cli(["scram", "lookup", Username0]) ->
-    Username = list_to_binary(Username0),
-    case emqx_sasl_scram:lookup(Username) of
-        {ok, #{username := Username,
-                stored_key := StoredKey,
-                server_key := ServerKey,
-                salt := Salt,
-                iteration_count := IterationCount}} ->
-            emqx_ctl:print("Username: ~s, Stored Key: ~s, Server Key: ~s, Salt: ~s, Iteration Count: ~p~n",
-                            [Username, StoredKey, ServerKey, base64:decode(Salt), IterationCount]);
-        {error, not_found} ->
-            emqx_ctl:print("Authentication information not found~n")
-    end;
-
-cli(_) ->
-    emqx_ctl:usage([{"sasl scram add <Username> <Password> <Salt> [<IterationCount>]", "Add SCRAM-SHA-1 authentication information"},
-                    {"sasl scram delete <Username>", "Delete SCRAM-SHA-1 authentication information"},
-                    {"sasl scram update <Username> <Password> <Salt> [<IterationCount>]", "Update SCRAM-SHA-1 authentication information"},
-                    {"sasl scram lookup <Username>", "Check if SCRAM-SHA-1 authentication information exists"}]).
diff --git a/apps/emqx_sasl/src/emqx_sasl_scram.erl b/apps/emqx_sasl/src/emqx_sasl_scram.erl
deleted file mode 100644
index beb415568..000000000
--- a/apps/emqx_sasl/src/emqx_sasl_scram.erl
+++ /dev/null
@@ -1,310 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_sasl_scram).
-
--include("emqx_sasl.hrl").
-
--export([ init/0
-        , add/3
-        , add/4
-        , update/3
-        , update/4
-        , delete/1
-        , lookup/1
-        , check/2
-        , make_client_first/1]).
-
--record(?SCRAM_AUTH_TAB, {
-            username,
-            stored_key,
-            server_key,
-            salt,
-            iteration_count :: integer()
-        }).
-
--ifdef(TEST).
--compile(export_all).
--compile(nowarn_export_all).
--endif.
-
-init() ->
-    ok = ekka_mnesia:create_table(?SCRAM_AUTH_TAB, [
-            {disc_copies, [node()]},
-            {attributes, record_info(fields, ?SCRAM_AUTH_TAB)},
-            {storage_properties, [{ets, [{read_concurrency, true}]}]}]),
-    ok = ekka_mnesia:copy_table(?SCRAM_AUTH_TAB, disc_copies).
-
-add(Username, Password, Salt) ->
-    add(Username, Password, Salt, 4096).
-
-add(Username, Password, Salt, IterationCount) ->
-    case lookup(Username) of
-        {error, not_found} ->
-            do_add(Username, Password, Salt, IterationCount);
-        _ ->
-            {error, already_existed}
-    end.
-
-update(Username, Password, Salt) ->
-    update(Username, Password, Salt, 4096).
-
-update(Username, Password, Salt, IterationCount) ->
-    case lookup(Username) of
-        {error, not_found} ->
-            {error, not_found};
-        _ ->
-            do_add(Username, Password, Salt, IterationCount)
-    end.
-
-delete(Username) ->
-    ret(mnesia:transaction(fun mnesia:delete/3, [?SCRAM_AUTH_TAB, Username, write])).
-
-lookup(Username) ->
-    case mnesia:dirty_read(?SCRAM_AUTH_TAB, Username) of
-        [#scram_auth{username = Username,
-                     stored_key = StoredKey,
-                     server_key = ServerKey,
-                     salt = Salt,
-                     iteration_count = IterationCount}] ->
-            {ok, #{username => Username,
-                   stored_key => StoredKey,
-                   server_key => ServerKey,
-                   salt => Salt,
-                   iteration_count => IterationCount}};
-        [] ->
-            {error, not_found}
-    end.
-
-do_add(Username, Password, Salt, IterationCount) ->
-    SaltedPassword = pbkdf2_sha_1(Password, Salt, IterationCount),
-    ClientKey = client_key(SaltedPassword),
-    ServerKey = server_key(SaltedPassword),
-    StoredKey = crypto:hash(sha, ClientKey),
-    AuthInfo = #scram_auth{username = Username,
-                           stored_key = base64:encode(StoredKey),
-                           server_key = base64:encode(ServerKey),
-                           salt = base64:encode(Salt),
-                           iteration_count = IterationCount},
-    ret(mnesia:transaction(fun mnesia:write/3, [?SCRAM_AUTH_TAB, AuthInfo, write])).
-
-ret({atomic, ok})     -> ok;
-ret({aborted, Error}) -> {error, Error}.
-
-check(Data, Cache) when map_size(Cache) =:= 0 ->
-    check_client_first(Data);
-check(Data, Cache) ->
-    case maps:get(next_step, Cache, undefined) of
-        undefined -> check_server_first(Data, Cache);
-        check_client_final -> check_client_final(Data, Cache);
-        check_server_final -> check_server_final(Data, Cache)
-    end.
-
-check_client_first(ClientFirst) ->
-    ClientFirstWithoutHeader = without_header(ClientFirst),
-    Attributes = parse(ClientFirstWithoutHeader),
-    Username = proplists:get_value(username, Attributes),
-    ClientNonce = proplists:get_value(nonce, Attributes),
-    case lookup(Username) of
-        {error, not_found} ->
-            {error, not_found};
-        {ok, #{stored_key := StoredKey0,
-               server_key := ServerKey0,
-               salt := Salt0,
-               iteration_count := IterationCount}} ->
-            StoredKey = base64:decode(StoredKey0), 
-            ServerKey = base64:decode(ServerKey0),
-            Salt = base64:decode(Salt0),
-            ServerNonce = nonce(),
-            Nonce = list_to_binary(binary_to_list(ClientNonce) ++ binary_to_list(ServerNonce)),
-            ServerFirst = make_server_first(Nonce, Salt, IterationCount),
-            {continue, ServerFirst, #{next_step => check_client_final,
-                                      client_first_without_header => ClientFirstWithoutHeader,
-                                      server_first => ServerFirst,
-                                      stored_key => StoredKey,
-                                      server_key => ServerKey,
-                                      nonce => Nonce}}
-    end.
-
-check_client_final(ClientFinal, #{client_first_without_header := ClientFirstWithoutHeader,
-                                  server_first := ServerFirst,
-                                  server_key := ServerKey,
-                                  stored_key := StoredKey,
-                                  nonce := OldNonce}) ->
-    ClientFinalWithoutProof = without_proof(ClientFinal),
-    Attributes = parse(ClientFinal),
-    ClientProof = base64:decode(proplists:get_value(proof, Attributes)),
-    NewNonce = proplists:get_value(nonce, Attributes),
-    Auth0 = io_lib:format("~s,~s,~s", [ClientFirstWithoutHeader, ServerFirst, ClientFinalWithoutProof]),
-    Auth = iolist_to_binary(Auth0),
-    ClientSignature = hmac(StoredKey, Auth),
-    ClientKey = crypto:exor(ClientProof, ClientSignature),
-    case NewNonce =:= OldNonce andalso crypto:hash(sha, ClientKey) =:= StoredKey of
-        true ->
-            ServerSignature = hmac(ServerKey, Auth),
-            ServerFinal = make_server_final(ServerSignature),
-            {ok, ServerFinal, #{}};
-        false ->
-            {error, invalid_client_final}
-    end.
-
-check_server_first(ServerFirst, #{password := Password,
-                                  client_first := ClientFirst}) ->
-    Attributes = parse(ServerFirst),
-    Nonce = proplists:get_value(nonce, Attributes),
-    ClientFirstWithoutHeader = without_header(ClientFirst),
-    ClientFinalWithoutProof = serialize([{channel_binding, <<"biws">>}, {nonce, Nonce}]),
-    Auth = list_to_binary(io_lib:format("~s,~s,~s", [ClientFirstWithoutHeader, ServerFirst, ClientFinalWithoutProof])),
-    Salt = base64:decode(proplists:get_value(salt, Attributes)),
-    IterationCount = binary_to_integer(proplists:get_value(iteration_count, Attributes)),
-    SaltedPassword = pbkdf2_sha_1(Password, Salt, IterationCount),
-    ClientKey = client_key(SaltedPassword),
-    StoredKey = crypto:hash(sha, ClientKey),
-    ClientSignature = hmac(StoredKey, Auth),
-    ClientProof = base64:encode(crypto:exor(ClientKey, ClientSignature)),
-    ClientFinal = serialize([{channel_binding, <<"biws">>},
-                             {nonce, Nonce},
-                             {proof, ClientProof}]),
-    {continue, ClientFinal, #{next_step => check_server_final,
-                              password => Password,
-                              client_first => ClientFirst,
-                              server_first => ServerFirst}}.
-
-check_server_final(ServerFinal, #{password := Password,
-                                  client_first := ClientFirst,
-                                  server_first := ServerFirst}) ->
-    NewAttributes = parse(ServerFinal),
-    Attributes = parse(ServerFirst),
-    Nonce = proplists:get_value(nonce, Attributes),
-    ClientFirstWithoutHeader = without_header(ClientFirst),
-    ClientFinalWithoutProof = serialize([{channel_binding, <<"biws">>}, {nonce, Nonce}]),
-    Auth = list_to_binary(io_lib:format("~s,~s,~s", [ClientFirstWithoutHeader, ServerFirst, ClientFinalWithoutProof])),
-    Salt = base64:decode(proplists:get_value(salt, Attributes)),
-    IterationCount = binary_to_integer(proplists:get_value(iteration_count, Attributes)),
-    SaltedPassword = pbkdf2_sha_1(Password, Salt, IterationCount),
-    ServerKey = server_key(SaltedPassword),
-    ServerSignature = hmac(ServerKey, Auth),
-    case base64:encode(ServerSignature) =:= proplists:get_value(verifier, NewAttributes) of
-        true ->
-            {ok, <<>>, #{}};
-        false -> 
-            {stop, invalid_server_final}
-    end.
-
-make_client_first(Username) ->
-    list_to_binary("n,," ++ binary_to_list(serialize([{username, Username}, {nonce, nonce()}]))).
-
-make_server_first(Nonce, Salt, IterationCount) ->
-    serialize([{nonce, Nonce}, {salt, base64:encode(Salt)}, {iteration_count, IterationCount}]).
-
-make_server_final(ServerSignature) ->
-    serialize([{verifier, base64:encode(ServerSignature)}]).
-
-nonce() ->
-    base64:encode([$a + rand:uniform(26) || _ <- lists:seq(1, 10)]).
-
-pbkdf2_sha_1(Password, Salt, IterationCount) ->
-    {ok, Bin} = pbkdf2:pbkdf2(sha, Password, Salt, IterationCount),
-    pbkdf2:to_hex(Bin).
-
--if(?OTP_RELEASE >= 23).
-hmac(Key, Data) ->
-    HMAC = crypto:mac_init(hmac, sha, Key),
-    HMAC1 = crypto:mac_update(HMAC, Data),
-    crypto:mac_final(HMAC1).
--else.
-hmac(Key, Data) ->
-    HMAC = crypto:hmac_init(sha, Key),
-    HMAC1 = crypto:hmac_update(HMAC, Data),
-    crypto:hmac_final(HMAC1).
--endif.
-
-client_key(SaltedPassword) ->
-    hmac(<<"Client Key">>, SaltedPassword).
-
-server_key(SaltedPassword) ->
-    hmac(<<"Server Key">>, SaltedPassword).
-
-without_header(<<"n,,", ClientFirstWithoutHeader/binary>>) ->
-    ClientFirstWithoutHeader;
-without_header(<<GS2CbindFlag:1/binary, _/binary>>) ->
-    error({unsupported_gs2_cbind_flag, binary_to_atom(GS2CbindFlag, utf8)}).
-
-without_proof(ClientFinal) ->
-    [ClientFinalWithoutProof | _] = binary:split(ClientFinal, <<",p=">>, [global, trim_all]),
-    ClientFinalWithoutProof.
-
-parse(Message) ->
-    Attributes = binary:split(Message, <<$,>>, [global, trim_all]),
-    lists:foldl(fun(<<Key:1/binary, "=", Value/binary>>, Acc) ->
-                    [{to_long(Key), Value} | Acc]
-                end, [], Attributes).
-
-serialize(Attributes) ->
-    iolist_to_binary(
-        lists:foldl(fun({Key, Value}, []) ->
-                        [to_short(Key), "=", to_list(Value)];
-                       ({Key, Value}, Acc) ->
-                        Acc ++ [",", to_short(Key), "=", to_list(Value)]
-                     end, [], Attributes)).
-
-to_long(<<"a">>) ->
-    authzid;
-to_long(<<"c">>) ->
-    channel_binding;
-to_long(<<"n">>) ->
-    username;
-to_long(<<"p">>) ->
-    proof;
-to_long(<<"r">>) ->
-    nonce;
-to_long(<<"s">>) ->
-    salt;
-to_long(<<"v">>) ->
-    verifier;
-to_long(<<"i">>) ->
-    iteration_count;
-to_long(_) ->
-    error(test).
-
-to_short(authzid) ->
-    "a";
-to_short(channel_binding) ->
-    "c";
-to_short(username) ->
-    "n";
-to_short(proof) ->
-    "p";
-to_short(nonce) ->
-    "r";
-to_short(salt) ->
-    "s";
-to_short(verifier) ->
-    "v";
-to_short(iteration_count) ->
-    "i";
-to_short(_) ->
-    error(test).
-
-to_list(V) when is_binary(V) ->
-    binary_to_list(V);
-to_list(V) when is_list(V) ->
-    V;
-to_list(V) when is_integer(V) ->
-    integer_to_list(V);
-to_list(_) ->
-    error(bad_type).
-
diff --git a/apps/emqx_sasl/test/emqx_sasl_scram_SUITE.erl b/apps/emqx_sasl/test/emqx_sasl_scram_SUITE.erl
deleted file mode 100644
index 202b0da2a..000000000
--- a/apps/emqx_sasl/test/emqx_sasl_scram_SUITE.erl
+++ /dev/null
@@ -1,140 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_sasl_scram_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("common_test/include/ct.hrl").
--include_lib("eunit/include/eunit.hrl").
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_sasl]),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([]).
-
-all() -> emqx_ct:all(?MODULE).
-
-t_crud(_) ->
-    Username = <<"test">>,
-    Password = <<"public">>,
-    Salt = <<"emqx">>,
-    IterationCount = 4096,
-    EncodedSalt = base64:encode(Salt),
-    SaltedPassword = emqx_sasl_scram:pbkdf2_sha_1(Password, Salt, IterationCount),
-    ClientKey = emqx_sasl_scram:client_key(SaltedPassword),
-    ServerKey = base64:encode(emqx_sasl_scram:server_key(SaltedPassword)),
-    StoredKey = base64:encode(crypto:hash(sha, ClientKey)),
-
-    {error, not_found} = emqx_sasl_scram:lookup(Username),
-    ok = emqx_sasl_scram:add(Username, Password, Salt),
-    {error, already_existed} = emqx_sasl_scram:add(Username, Password, Salt),
-
-    {ok, #{username := Username,
-           stored_key := StoredKey,
-           server_key := ServerKey,
-           salt := EncodedSalt,
-           iteration_count := IterationCount}} = emqx_sasl_scram:lookup(Username),
-
-    NewSalt = <<"new salt">>,
-    NewEncodedSalt = base64:encode(NewSalt),
-    emqx_sasl_scram:update(Username, Password, NewSalt),
-    {ok, #{username := Username,
-           salt := NewEncodedSalt}} = emqx_sasl_scram:lookup(Username),
-    emqx_sasl_scram:delete(Username),
-    {error, not_found} = emqx_sasl_scram:lookup(Username).
-
-t_scram(_) ->
-    AuthMethod = <<"SCRAM-SHA-1">>,
-    [AuthMethod] = emqx_sasl:supported(),
-
-    Username = <<"test">>,
-    Password = <<"public">>,
-    Salt = <<"emqx">>,
-    ok = emqx_sasl_scram:add(Username, Password, Salt),
-    ClientFirst = emqx_sasl_scram:make_client_first(Username),
-
-    {ok, {continue, ServerFirst, Cache}} = emqx_sasl:check(AuthMethod, ClientFirst, #{}),
-
-    {ok, {continue, ClientFinal, ClientCache}} = emqx_sasl:check(AuthMethod, ServerFirst, #{password => Password, client_first => ClientFirst}),
-
-    {ok, {ok, ServerFinal, #{}}} = emqx_sasl:check(AuthMethod, ClientFinal, Cache),
-
-    {ok, _} = emqx_sasl:check(AuthMethod, ServerFinal, ClientCache).
-
-%t_proto(_) ->
-%    process_flag(trap_exit, true),
-%
-%    Username = <<"username">>,
-%    Password = <<"password">>,
-%    Salt = <<"emqx">>,
-%    AuthMethod = <<"SCRAM-SHA-1">>,
-%
-%    {ok, Client0} = emqtt:start_link([{clean_start, true},
-%                                     {proto_ver, v5},
-%                                     {enhanced_auth, #{method => AuthMethod,
-%                                                       params => #{username => Username,
-%                                                                   password => Password,
-%                                                                   salt => Salt}}},
-%                                     {connect_timeout, 6000}]),
-%    {error,{not_authorized,#{}}} = emqtt:connect(Client0),
-%
-%    ok = emqx_sasl_scram:add(Username, Password, Salt),
-%    {ok, Client1} = emqtt:start_link([{clean_start, true},
-%                                     {proto_ver, v5},
-%                                     {enhanced_auth, #{method => AuthMethod,
-%                                                       params => #{username => Username,
-%                                                                   password => Password,
-%                                                                   salt => Salt}}},
-%                                     {connect_timeout, 6000}]),
-%    {ok, _} = emqtt:connect(Client1),
-%
-%    timer:sleep(200),
-%    ok = emqtt:reauthentication(Client1, #{params => #{username => Username,
-%                                                       password => Password,
-%                                                       salt => Salt}}),
-%
-%    timer:sleep(200),
-%    ErrorFun = fun (_State) -> {ok, <<>>, #{}} end,
-%    ok = emqtt:reauthentication(Client1, #{params => #{},function => ErrorFun}),
-%    receive
-%        {disconnected,ReasonCode2,#{}} ->
-%            ?assertEqual(ReasonCode2, 135)
-%    after 500 ->
-%        error("emqx re-authentication failed")
-%    end,
-%
-%    {ok, Client2} = emqtt:start_link([{clean_start, true},
-%                                     {proto_ver, v5},
-%                                     {enhanced_auth, #{method => AuthMethod,
-%                                                       params => #{},
-%                                                       function =>fun (_State) -> {ok, <<>>, #{}} end}},
-%                                     {connect_timeout, 6000}]),
-%    {error,{not_authorized,#{}}} = emqtt:connect(Client2),
-%
-%    receive_msg(),
-%    process_flag(trap_exit, false).
-
-receive_msg() ->
-    receive
-        {'EXIT', Msg} -> 
-            ct:print("==========+~p~n", [Msg]), 
-            receive_msg()
-    after 200 -> ok
-    end.
diff --git a/rebar.config.erl b/rebar.config.erl
index 754735d4a..987f72c67 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -280,7 +280,6 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_authentication
     , emqx_web_hook
     , emqx_rule_engine
-    , emqx_sasl
     , emqx_statsd
     ]
     ++ relx_plugin_apps_per_rel(ReleaseType)

From a610c3d1f300e2c2f037c7f9bb06d5d98f56a997 Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Thu, 17 Jun 2021 16:45:44 +0800
Subject: [PATCH 046/174] fix(rule): delete resource failed when searching
 dependent rules (#4996)

---
 .../src/emqx_rule_engine.app.src              |  2 +-
 .../src/emqx_rule_engine.appup.src            | 20 ++++++++++++++-----
 .../src/emqx_rule_registry.erl                |  7 +++++--
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src
index 83b2d7632..aebb73150 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src
+++ b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src
@@ -1,6 +1,6 @@
 {application, emqx_rule_engine,
  [{description, "EMQ X Rule Engine"},
-  {vsn, "4.3.2"}, % strict semver, bump manually!
+  {vsn, "4.3.3"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_rule_engine_sup, emqx_rule_registry]},
   {applications, [kernel,stdlib,rulesql,getopt]},
diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
index 446e082b7..554fe2fd8 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
+++ b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
@@ -1,21 +1,31 @@
 %% -*-: erlang -*-
-{"4.3.2",
+{"4.3.3",
  [ {"4.3.0",
-    [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []},
-      {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
+    [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []}
+    , {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
+    , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
     ]},
    {"4.3.1",
     [ {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
+    , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
+    ]},
+   {"4.3.2",
+    [ {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
     ]},
    {<<".*">>, []}
  ],
  [
    {"4.3.0",
-    [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []},
-      {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
+    [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []}
+    , {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
+    , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
     ]},
    {"4.3.1",
     [ {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
+    , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
+    ]},
+   {"4.3.2",
+    [ {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
     ]},
    {<<".*">>, []}
  ]
diff --git a/apps/emqx_rule_engine/src/emqx_rule_registry.erl b/apps/emqx_rule_engine/src/emqx_rule_registry.erl
index 4ec5d1cb7..2ebca47e4 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_registry.erl
+++ b/apps/emqx_rule_engine/src/emqx_rule_registry.erl
@@ -392,8 +392,11 @@ find_rules_depends_on_resource(ResId) ->
     end, [], get_rules()).
 
 search_action_despends_on_resource(ResId, Actions) ->
-    lists:search(fun(#action_instance{args = #{<<"$resource">> := ResId0}}) ->
-        ResId0 =:= ResId
+    lists:search(fun
+        (#action_instance{args = #{<<"$resource">> := ResId0}}) ->
+            ResId0 =:= ResId;
+        (_) ->
+            false
     end, Actions).
 
 %%------------------------------------------------------------------------------

From c1b21633623154aefa2059b334a093fd607b0dbd Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Sat, 19 Jun 2021 17:02:43 +0800
Subject: [PATCH 047/174] feat(rules): remove stats update from
 rule_engine_registry (#5029)

---
 .../src/emqx_rule_engine.appup.src             |  6 ++++++
 .../src/emqx_rule_registry.erl                 | 18 +-----------------
 2 files changed, 7 insertions(+), 17 deletions(-)

diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
index 554fe2fd8..f8411e0b5 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
+++ b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
@@ -4,13 +4,16 @@
     [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
+    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
     ]},
    {"4.3.1",
     [ {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
+    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
     ]},
    {"4.3.2",
     [ {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
+    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
     ]},
    {<<".*">>, []}
  ],
@@ -19,13 +22,16 @@
     [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
+    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
     ]},
    {"4.3.1",
     [ {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
+    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
     ]},
    {"4.3.2",
     [ {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
+    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
     ]},
    {<<".*">>, []}
  ]
diff --git a/apps/emqx_rule_engine/src/emqx_rule_registry.erl b/apps/emqx_rule_engine/src/emqx_rule_registry.erl
index 2ebca47e4..2d029f8e3 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_registry.erl
+++ b/apps/emqx_rule_engine/src/emqx_rule_registry.erl
@@ -93,13 +93,6 @@
 
 -define(REGISTRY, ?MODULE).
 
-%% Statistics
--define(STATS,
-        [ {?RULE_TAB, 'rules.count', 'rules.max'}
-        , {?ACTION_TAB, 'actions.count', 'actions.max'}
-        , {?RES_TAB, 'resources.count', 'resources.max'}
-        ]).
-
 -define(T_CALL, 10000).
 
 %%------------------------------------------------------------------------------
@@ -442,8 +435,6 @@ delete_resource_type(Type) ->
 %%------------------------------------------------------------------------------
 
 init([]) ->
-    %% Enable stats timer
-    ok = emqx_stats:update_interval(rule_registery_stats, fun update_stats/0),
     _TableId = ets:new(?KV_TAB, [named_table, set, public, {write_concurrency, true},
                                  {read_concurrency, true}]),
     {ok, #{}}.
@@ -469,7 +460,7 @@ handle_info(Info, State) ->
     {noreply, State}.
 
 terminate(_Reason, _State) ->
-    emqx_stats:cancel_update(rule_registery_stats).
+    ok.
 
 code_change(_OldVsn, State, _Extra) ->
     {ok, State}.
@@ -478,13 +469,6 @@ code_change(_OldVsn, State, _Extra) ->
 %% Private functions
 %%------------------------------------------------------------------------------
 
-update_stats() ->
-    lists:foreach(
-      fun({Tab, Stat, MaxStat}) ->
-              Size = mnesia:table_info(Tab, size),
-              emqx_stats:setstat(Stat, MaxStat, Size)
-      end, ?STATS).
-
 get_all_records(Tab) ->
     %mnesia:dirty_match_object(Tab, mnesia:table_info(Tab, wild_pattern)).
     ets:tab2list(Tab).

From 8e08e83090fa08e8a01676cc477b7b9e21741d31 Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Mon, 21 Jun 2021 11:37:46 +0800
Subject: [PATCH 048/174] fix(appup): relup for emqx_rule_registry failed

---
 apps/emqx_rule_engine/src/emqx_rule_engine.appup.src | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
index f8411e0b5..01c07c124 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
+++ b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
@@ -4,16 +4,16 @@
     [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
+    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
     ]},
    {"4.3.1",
     [ {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
+    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
     ]},
    {"4.3.2",
     [ {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
+    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
     ]},
    {<<".*">>, []}
  ],
@@ -22,16 +22,16 @@
     [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
+    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
     ]},
    {"4.3.1",
     [ {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
     , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
+    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
     ]},
    {"4.3.2",
     [ {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {supervisor, restart_child, [emqx_rule_engine_sup, emqx_rule_registry]}}
+    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
     ]},
    {<<".*">>, []}
  ]

From c7ebc12ce11eb60a0f685e6cd6d46f0a047b3134 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Thu, 17 Jun 2021 19:29:36 +0800
Subject: [PATCH 049/174] feat(lwm2m): add emqx_lwm2m http API

---
 apps/emqx_lwm2m/src/emqx_lwm2m.appup.src      |  22 +--
 apps/emqx_lwm2m/src/emqx_lwm2m_api.erl        | 162 ++++++++++++++++++
 apps/emqx_lwm2m/src/emqx_lwm2m_cm.erl         | 153 +++++++++++++++++
 apps/emqx_lwm2m/src/emqx_lwm2m_cm_sup.erl     |  41 +++++
 apps/emqx_lwm2m/src/emqx_lwm2m_sup.erl        |   9 +-
 apps/emqx_lwm2m/src/emqx_lwm2m_xml_object.erl |  11 ++
 .../src/emqx_lwm2m_xml_object_db.erl          |   8 +-
 7 files changed, 386 insertions(+), 20 deletions(-)
 create mode 100644 apps/emqx_lwm2m/src/emqx_lwm2m_api.erl
 create mode 100644 apps/emqx_lwm2m/src/emqx_lwm2m_cm.erl
 create mode 100644 apps/emqx_lwm2m/src/emqx_lwm2m_cm_sup.erl

diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m.appup.src b/apps/emqx_lwm2m/src/emqx_lwm2m.appup.src
index db46dd42e..b6d49302f 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m.appup.src
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m.appup.src
@@ -1,23 +1,13 @@
 %% -*-: erlang -*-
 {VSN,
   [
-    {"4.3.1", [
-      {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []}
-    ]},
-    {"4.3.0", [
-      {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []},
-      {load_module, emqx_lwm2m_protocol, brutal_purge, soft_purge, []}
-    ]},
-    {<<".*">>, []}
+    {<<"4.3.[0-1]">>, [
+      {restart_application, emqx_lwm2m}
+    ]}
   ],
   [
-    {"4.3.1", [
-      {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []}
-    ]},
-    {"4.3.0", [
-      {load_module, emqx_lwm2m_message, brutal_purge, soft_purge, []},
-      {load_module, emqx_lwm2m_protocol, brutal_purge, soft_purge, []}
-    ]},
-   {<<".*">>, []}
+    {<<"4.3.[0-1]">>, [
+      {restart_application, emqx_lwm2m}
+    ]}
   ]
 }.
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_api.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_api.erl
new file mode 100644
index 000000000..6018aa7c7
--- /dev/null
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_api.erl
@@ -0,0 +1,162 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_lwm2m_api).
+
+-import(minirest,  [return/1]).
+
+-rest_api(#{name   => list,
+            method => 'GET',
+            path   => "/lwm2m_channels/",
+            func   => list,
+            descr  => "A list of all lwm2m channel"
+           }).
+
+-rest_api(#{name   => list,
+            method => 'GET',
+            path   => "/nodes/:atom:node/lwm2m_channels/",
+            func   => list,
+            descr  => "A list of lwm2m channel of a node"
+           }).
+
+-rest_api(#{name   => lookup_cmd,
+            method => 'GET',
+            path   => "/lookup_cmd/:bin:ep/",
+            func   => lookup_cmd,
+            descr  => "Send a lwm2m downlink command"
+           }).
+
+-rest_api(#{name   => lookup_cmd,
+            method => 'GET',
+            path   => "/nodes/:atom:node/lookup_cmd/:bin:ep/",
+            func   => lookup_cmd,
+            descr  => "Send a lwm2m downlink command of a node"
+           }).
+
+-export([ list/2
+        , lookup_cmd/2
+        ]).
+
+list(#{node := Node }, Params) ->
+    case Node = node() of
+        true -> list(#{}, Params);
+        _ -> rpc_call(Node, list, [#{}, Params])
+    end;
+
+list(#{}, _Params) ->
+    Channels = emqx_lwm2m_cm:all_channels(),
+    return({ok, format(Channels)}).
+
+lookup_cmd(#{ep := Ep, node := Node}, Params) ->
+    case Node = node() of
+        true -> lookup_cmd(#{ep => Ep}, Params);
+        _ -> rpc_call(Node, lookup_cmd, [#{ep => Ep}, Params])
+    end;
+
+lookup_cmd(#{ep := Ep}, Params) ->
+    MsgType = proplists:get_value(<<"msgType">>, Params),
+    Path0 = proplists:get_value(<<"path">>, Params),
+    case emqx_lwm2m_cm:lookup_cmd(Ep, Path0, MsgType) of
+        [] -> return({ok, []});
+        [{_, undefined} | _] -> return({ok, []});
+        [{{IMEI, Path, MsgType}, undefined}] ->
+            return({ok, [{imei, IMEI},
+                         {'msgType', IMEI},
+                         {'code', <<"6.01">>},
+                         {'codeMsg', <<"reply_not_received">>},
+                         {'path', Path}]});
+        [{{IMEI, Path, MsgType}, {Code, CodeMsg, Content}}] ->
+            Payload1 = format_cmd_content(Content, MsgType),
+            return({ok, [{imei, IMEI},
+                         {'msgType', IMEI},
+                         {'code', Code},
+                         {'codeMsg', CodeMsg},
+                         {'path', Path}] ++ Payload1})
+    end.
+
+rpc_call(Node, Fun, Args) ->
+    case rpc:call(Node, ?MODULE, Fun, Args) of
+        {badrpc, Reason} -> {error, Reason};
+        Res -> Res
+    end.
+
+format(Channels) ->
+    lists:map(fun({IMEI, #{lifetime := LifeTime,
+                           peername := Peername,
+                           version := Version,
+                           reg_info := RegInfo}}) ->
+        ObjectList = lists:map(fun(Path) ->
+            [ObjId | _] = path_list(Path),
+            case emqx_lwm2m_xml_object:get_obj_def(binary_to_integer(ObjId), true) of
+                {error, _} ->
+                    {Path, Path};
+                ObjDefinition ->
+                    ObjectName = emqx_lwm2m_xml_object:get_object_name(ObjDefinition),
+                    {Path, list_to_binary(ObjectName)}
+            end
+        end, maps:get(<<"objectList">>, RegInfo)),
+        {IpAddr, Port} = Peername,
+        [{imei, IMEI},
+         {lifetime, LifeTime},
+         {ip_address, iolist_to_binary(ntoa(IpAddr))},
+         {port, Port},
+         {version, Version},
+         {'objectList', ObjectList}]
+    end, Channels).
+
+format_cmd_content(undefined, _MsgType) -> [];
+format_cmd_content(Content, <<"discover">>) ->
+    [H | Content1] = Content,
+    {_, [HObjId]} = emqx_lwm2m_coap_resource:parse_object_list(H),
+    [ObjId | _]= path_list(HObjId),
+    ObjectList = case Content1 of
+        [Content2 | _] ->
+            {_, ObjL} = emqx_lwm2m_coap_resource:parse_object_list(Content2),
+            ObjL;
+        [] -> []
+    end,
+    R = case emqx_lwm2m_xml_object:get_obj_def(binary_to_integer(ObjId), true) of
+        {error, _} ->
+            lists:map(fun(Object) -> {Object, Object} end, ObjectList);
+        ObjDefinition ->
+            lists:map(fun(Object) ->
+                [_, _,  ResId| _] = path_list(Object),
+                Operations = case emqx_lwm2m_xml_object:get_resource_operations(binary_to_integer(ResId), ObjDefinition) of
+                    "E" -> [{operations, list_to_binary("E")}];
+                    Oper -> [{'dataType', list_to_binary(emqx_lwm2m_xml_object:get_resource_type(binary_to_integer(ResId), ObjDefinition))},
+                             {operations, list_to_binary(Oper)}]
+                end,
+                [{path, Object},
+                 {name, list_to_binary(emqx_lwm2m_xml_object:get_resource_name(binary_to_integer(ResId), ObjDefinition))}
+                ] ++ Operations
+            end, ObjectList)
+    end,
+    [{content, R}];
+format_cmd_content(Content, _) ->
+    [{content, Content}].
+
+ntoa({0,0,0,0,0,16#ffff,AB,CD}) ->
+    inet_parse:ntoa({AB bsr 8, AB rem 256, CD bsr 8, CD rem 256});
+ntoa(IP) ->
+    inet_parse:ntoa(IP).
+
+path_list(Path) ->
+    case binary:split(binary_util:trim(Path, $/), [<<$/>>], [global]) of
+        [ObjId, ObjInsId, ResId, ResInstId] -> [ObjId, ObjInsId, ResId, ResInstId];
+        [ObjId, ObjInsId, ResId] -> [ObjId, ObjInsId, ResId];
+        [ObjId, ObjInsId] -> [ObjId, ObjInsId];
+        [ObjId] -> [ObjId]
+    end.
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_cm.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_cm.erl
new file mode 100644
index 000000000..16e938b84
--- /dev/null
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_cm.erl
@@ -0,0 +1,153 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_lwm2m_cm).
+
+-export([start_link/0]).
+
+-export([ register_channel/5
+        , update_reg_info/2
+        , unregister_channel/1
+        ]).
+
+-export([ lookup_channel/1
+        , all_channels/0
+        ]).
+
+-export([ register_cmd/3
+        , register_cmd/4
+        , lookup_cmd/3
+        , lookup_cmd_by_imei/1
+        ]).
+
+%% gen_server callbacks
+-export([ init/1
+        , handle_call/3
+        , handle_cast/2
+        , handle_info/2
+        , terminate/2
+        , code_change/3
+        ]).
+
+-define(LOG(Level, Format, Args), logger:Level("LWM2M-CM: " ++ Format, Args)).
+
+%% Server name
+-define(CM, ?MODULE).
+
+-define(LWM2M_CHANNEL_TAB, emqx_lwm2m_channel).
+-define(LWM2M_CMD_TAB, emqx_lwm2m_cmd).
+
+%% Batch drain
+-define(BATCH_SIZE, 100000).
+
+%% @doc Start the channel manager.
+start_link() ->
+    gen_server:start_link({local, ?CM}, ?MODULE, [], []).
+
+%%--------------------------------------------------------------------
+%% API
+%%--------------------------------------------------------------------
+
+register_channel(IMEI, RegInfo, LifeTime, Ver, Peername) ->
+    Info = #{
+        reg_info => RegInfo,
+        lifetime => LifeTime,
+        version => Ver,
+        peername => Peername
+    },
+    true = ets:insert(?LWM2M_CHANNEL_TAB, {IMEI, Info}),
+    cast({registered, {IMEI, self()}}).
+
+update_reg_info(IMEI, RegInfo) ->
+    case lookup_channel(IMEI) of
+        [{_, RegInfo0}] ->
+            true = ets:insert(?LWM2M_CHANNEL_TAB, {IMEI, RegInfo0#{reg_info => RegInfo}}),
+            ok;
+        [] ->
+            ok
+    end.
+
+unregister_channel(IMEI) when is_binary(IMEI) ->
+    true = ets:delete(?LWM2M_CHANNEL_TAB, IMEI),
+    ok.
+
+lookup_channel(IMEI) ->
+    ets:lookup(?LWM2M_CHANNEL_TAB, IMEI).
+
+all_channels() ->
+    ets:tab2list(?LWM2M_CHANNEL_TAB).
+
+register_cmd(IMEI, Path, Type) ->
+    true = ets:insert(?LWM2M_CMD_TAB, {{IMEI, Path, Type}, undefined}).
+
+register_cmd(_IMEI, undefined, _Type, _Result) ->
+    ok;
+register_cmd(IMEI, Path, Type, Result) ->
+    true = ets:insert(?LWM2M_CMD_TAB, {{IMEI, Path, Type}, Result}).
+
+lookup_cmd(IMEI, Path, Type) ->
+    ets:lookup(?LWM2M_CMD_TAB, {IMEI, Path, Type}).
+
+lookup_cmd_by_imei(IMEI) ->
+    ets:select(?LWM2M_CHANNEL_TAB, [{{{IMEI, '_', '_'}, '$1'}, [], ['$_']}]).
+
+%% @private
+cast(Msg) -> gen_server:cast(?CM, Msg).
+
+%%--------------------------------------------------------------------
+%% gen_server callbacks
+%%--------------------------------------------------------------------
+
+init([]) ->
+    TabOpts = [public, {write_concurrency, true}, {read_concurrency, true}],
+    ok = emqx_tables:new(?LWM2M_CHANNEL_TAB, [set, compressed | TabOpts]),
+    ok = emqx_tables:new(?LWM2M_CMD_TAB, [set, compressed | TabOpts]),
+    {ok, #{chan_pmon => emqx_pmon:new()}}.
+
+handle_call(Req, _From, State) ->
+    ?LOG(error, "Unexpected call: ~p", [Req]),
+    {reply, ignored, State}.
+
+handle_cast({registered, {IMEI, ChanPid}}, State = #{chan_pmon := PMon}) ->
+    PMon1 = emqx_pmon:monitor(ChanPid, IMEI, PMon),
+    {noreply, State#{chan_pmon := PMon1}};
+
+handle_cast(Msg, State) ->
+    ?LOG(error, "Unexpected cast: ~p", [Msg]),
+    {noreply, State}.
+
+handle_info({'DOWN', _MRef, process, Pid, _Reason}, State = #{chan_pmon := PMon}) ->
+    ChanPids = [Pid | emqx_misc:drain_down(?BATCH_SIZE)],
+    {Items, PMon1} = emqx_pmon:erase_all(ChanPids, PMon),
+    ok = emqx_pool:async_submit(fun lists:foreach/2, [fun clean_down/1, Items]),
+    {noreply, State#{chan_pmon := PMon1}};
+
+handle_info(Info, State) ->
+    ?LOG(error, "Unexpected info: ~p", [Info]),
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    emqx_stats:cancel_update(chan_stats).
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+%%--------------------------------------------------------------------
+%% Internal functions
+%%--------------------------------------------------------------------
+
+clean_down({_ChanPid, IMEI}) ->
+    unregister_channel(IMEI).
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_cm_sup.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_cm_sup.erl
new file mode 100644
index 000000000..b55f4f33c
--- /dev/null
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_cm_sup.erl
@@ -0,0 +1,41 @@
+
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_lwm2m_cm_sup).
+
+-behaviour(supervisor).
+
+-export([start_link/0]).
+
+-export([init/1]).
+
+start_link() ->
+    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
+
+init([]) ->
+    CM = #{id => emqx_lwm2m_cm,
+           start => {emqx_lwm2m_cm, start_link, []},
+           restart => permanent,
+           shutdown => 5000,
+           type => worker,
+           modules => [emqx_lwm2m_cm]},
+    SupFlags = #{strategy => one_for_one,
+                 intensity => 100,
+                 period => 10
+                },
+    {ok, {SupFlags, [CM]}}.
+
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_sup.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_sup.erl
index d28e00874..0546e0080 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m_sup.erl
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_sup.erl
@@ -29,4 +29,11 @@ start_link() ->
     supervisor:start_link({local, ?MODULE}, ?MODULE, []).
 
 init(_Args) ->
-    {ok, { {one_for_all, 10, 3600}, [?CHILD(emqx_lwm2m_xml_object_db)] }}.
+    CmSup = #{id => emqx_lwm2m_cm_sup,
+              start => {emqx_lwm2m_cm_sup, start_link, []},
+              restart => permanent,
+              shutdown => infinity,
+              type => supervisor,
+              modules => [emqx_lwm2m_cm_sup]
+            },
+    {ok, { {one_for_all, 10, 3600}, [?CHILD(emqx_lwm2m_xml_object_db), CmSup] }}.
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_xml_object.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_xml_object.erl
index 5931ae75e..dd9911407 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m_xml_object.erl
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_xml_object.erl
@@ -21,9 +21,11 @@
 
 -export([ get_obj_def/2
         , get_object_id/1
+        , get_object_name/1
         , get_object_and_resource_id/2
         , get_resource_type/2
         , get_resource_name/2
+        , get_resource_operations/2
         ]).
 
 -define(LOG(Level, Format, Args),
@@ -42,6 +44,10 @@ get_object_id(ObjDefinition) ->
     [#xmlText{value=ObjectId}] = xmerl_xpath:string("ObjectID/text()", ObjDefinition),
     ObjectId.
 
+get_object_name(ObjDefinition) ->
+    [#xmlText{value=ObjectName}] = xmerl_xpath:string("Name/text()", ObjDefinition),
+    ObjectName.
+
 
 get_object_and_resource_id(ResourceNameBinary, ObjDefinition) ->
     ResourceNameString = binary_to_list(ResourceNameBinary),
@@ -60,3 +66,8 @@ get_resource_name(ResourceIdInt, ObjDefinition) ->
     ResourceIdString = integer_to_list(ResourceIdInt),
     [#xmlText{value=Name}] = xmerl_xpath:string("Resources/Item[@ID=\""++ResourceIdString++"\"]/Name/text()", ObjDefinition),
     Name.
+
+get_resource_operations(ResourceIdInt, ObjDefinition) ->
+    ResourceIdString = integer_to_list(ResourceIdInt),
+    [#xmlText{value=Operations}] = xmerl_xpath:string("Resources/Item[@ID=\""++ResourceIdString++"\"]/Operations/text()", ObjDefinition),
+    Operations.
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_xml_object_db.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_xml_object_db.erl
index b974c148c..012d0a649 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m_xml_object_db.erl
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_xml_object_db.erl
@@ -58,7 +58,7 @@ find_objectid(ObjectId) ->
                         false -> ObjectId
                     end,
     case ets:lookup(?LWM2M_OBJECT_DEF_TAB, ObjectIdInt) of
-        [] -> error(no_xml_definition);
+        [] -> {error, no_xml_definition};
         [{ObjectId, Xml}] -> Xml
     end.
 
@@ -121,8 +121,10 @@ load(BaseDir) ->
                true  -> BaseDir++"*.xml";
                false -> BaseDir++"/*.xml"
            end,
-    AllXmlFiles = filelib:wildcard(Wild),
-    load_loop(AllXmlFiles).
+    case filelib:wildcard(Wild) of
+        [] -> error(no_xml_files_found, BaseDir);
+        AllXmlFiles -> load_loop(AllXmlFiles)
+    end.
 
 load_loop([]) ->
     ok;

From f3617aa08299e777fac92909293eb8562cccf19d Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Mon, 21 Jun 2021 10:01:06 +0800
Subject: [PATCH 050/174] chore: upgrade lwm2m_coap to 1.1.4

---
 apps/emqx_lwm2m/rebar.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/emqx_lwm2m/rebar.config b/apps/emqx_lwm2m/rebar.config
index fbfcdc02f..92648be28 100644
--- a/apps/emqx_lwm2m/rebar.config
+++ b/apps/emqx_lwm2m/rebar.config
@@ -1,5 +1,5 @@
 {deps,
- [{lwm2m_coap, {git, "https://github.com/emqx/lwm2m-coap", {tag, "v1.1.2"}}}
+ [{lwm2m_coap, {git, "https://github.com/emqx/lwm2m-coap", {tag, "v1.1.4"}}}
  ]}.
 
 {profiles,

From 36685cc945a8ee13088c72b2aeeaa74b98440160 Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Mon, 21 Jun 2021 09:29:34 +0200
Subject: [PATCH 051/174] chore(relup): add relup dependency injection

---
 rebar.config.erl            |   7 ++
 scripts/inject-deps.escript | 141 ++++++++++++++++++++++++++++++++++++
 2 files changed, 148 insertions(+)
 create mode 100755 scripts/inject-deps.escript

diff --git a/rebar.config.erl b/rebar.config.erl
index 0248e6dab..543333895 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -126,23 +126,30 @@ prod_compile_opts() ->
 prod_overrides() ->
     [{add, [ {erl_opts, [deterministic]}]}].
 
+relup_deps(Profile) ->
+    {post_hooks, [{"(linux|darwin|solaris|freebsd|netbsd|openbsd)", compile, "scripts/inject-deps.escript " ++ atom_to_list(Profile)}]}.
+
 profiles() ->
     Vsn = get_vsn(),
     [ {'emqx',          [ {erl_opts, prod_compile_opts()}
                         , {relx, relx(Vsn, cloud, bin)}
                         , {overrides, prod_overrides()}
+                        , relup_deps('emqx')
                         ]}
     , {'emqx-pkg',      [ {erl_opts, prod_compile_opts()}
                         , {relx, relx(Vsn, cloud, pkg)}
                         , {overrides, prod_overrides()}
+                        , relup_deps('emqx-pkg')
                         ]}
     , {'emqx-edge',     [ {erl_opts, prod_compile_opts()}
                         , {relx, relx(Vsn, edge, bin)}
                         , {overrides, prod_overrides()}
+                        , relup_deps('emqx-edge')
                         ]}
     , {'emqx-edge-pkg', [ {erl_opts, prod_compile_opts()}
                         , {relx, relx(Vsn, edge, pkg)}
                         , {overrides, prod_overrides()}
+                        , relup_deps('emqx-edge-pkg')
                         ]}
     , {check,           [ {erl_opts, common_compile_opts()}
                         ]}
diff --git a/scripts/inject-deps.escript b/scripts/inject-deps.escript
new file mode 100755
index 000000000..e0c50d772
--- /dev/null
+++ b/scripts/inject-deps.escript
@@ -0,0 +1,141 @@
+#!/usr/bin/env escript
+
+%% This script injects implicit relup dependencies for emqx applications.
+%%
+%% By 'implicit', it means that it is not feasible to define application
+%% dependencies in .app.src files.
+%%
+%% For instance, during upgrade/downgrade, emqx_dashboard usually requires
+%% a restart after (but not before) all plugins are upgraded (and maybe
+%% restarted), however, the dependencies are not resolvable at build time
+%% when relup is generated.
+%%
+%% This script is to be executed after compile, with the profile given as the
+%% first argument. For each dependency, it modifies the .app file to
+%% have the `relup_deps` list extended to application attributes.
+%%
+%% The `relup_deps` application attribute is then picked up by (EMQ's fork of)
+%% `relx` when top-sorting apps to generate relup instructions
+
+-mode(compile).
+
+usage() ->
+  "Usage: " ++ escript:script_name() ++ " emqx|emqx-edge".
+
+-type app() :: atom().
+-type deps_overlay() :: {re, string()} | app().
+
+%% deps/0 returns the dependency overlays.
+%% {re, Pattern} to match application names using regexp pattern
+-spec deps(string()) -> [{app(), [deps_overlay()]}].
+deps("emqx-edge" ++ _) ->
+  %% special case for edge
+  base_deps() ++ [{{re, ".+"}, [{exclude, emqx_reloader}]}];
+deps(_Profile) ->
+  base_deps().
+
+base_deps() ->
+  [ {emqx_dashboard, [{re, "emqx_.*"}]}
+  , {emqx_management, [{re, "emqx_.*"}, {exclude, emqx_dashboard}]}
+  , {{re, "emqx_.*"}, [emqx]}
+  ].
+
+main([Profile | _]) ->
+  ok = inject(Profile);
+main(_Args) ->
+  io:format(standard_error, "~s", [usage()]),
+  erlang:halt(1).
+
+expand_names({Name, Deps}, AppNames) ->
+  Names = match_pattern(Name, AppNames),
+  [{N, Deps} || N <- Names].
+
+%% merge k-v pairs with v1 ++ v2
+merge([], Acc) -> Acc;
+merge([{K, V0} | Rest], Acc) ->
+  V = case lists:keyfind(K, 1, Acc) of
+        {K, V1} -> V1 ++ V0;
+        false -> V0
+      end,
+  NewAcc = lists:keystore(K, 1, Acc, {K, V}),
+  merge(Rest, NewAcc).
+
+expand_deps([], _AppNames, Acc) -> Acc;
+expand_deps([{exclude, Dep} | Deps], AppNames, Acc) ->
+  Matches = expand_deps([Dep], AppNames, []),
+  expand_deps(Deps, AppNames, Acc -- Matches);
+expand_deps([Dep | Deps], AppNames, Acc) ->
+  NewAcc = add_to_list(Acc, match_pattern(Dep, AppNames)),
+  expand_deps(Deps, AppNames, NewAcc).
+
+inject(Profile) ->
+  LibDir = lib_dir(Profile),
+  AppNames = list_apps(LibDir),
+  Deps0 = lists:flatmap(fun(Dep) -> expand_names(Dep, AppNames) end, deps(Profile)),
+  Deps1 = merge(Deps0, []),
+  Deps2 = lists:map(fun({Name, DepsX}) ->
+                        NewDeps = expand_deps(DepsX, AppNames, []),
+                        {Name, NewDeps}
+                    end, Deps1),
+  lists:foreach(fun({App, Deps}) -> inject(App, Deps, LibDir) end, Deps2).
+
+%% list the profile/lib dir to get all apps
+list_apps(LibDir) ->
+  Apps = filelib:wildcard("*", LibDir),
+  lists:foldl(fun(App, Acc) -> [App || is_app(LibDir, App)] ++ Acc end, [], Apps).
+
+is_app(_LibDir, "." ++ _) -> false; %% ignore hidden dir
+is_app(LibDir, AppName) ->
+  filelib:is_regular(filename:join([ebin_dir(LibDir, AppName), AppName ++ ".app"])) orelse
+  error({unknown_app, AppName}). %% wtf
+
+lib_dir(Profile) ->
+  filename:join(["_build", Profile, lib]).
+
+ebin_dir(LibDir, AppName) -> filename:join([LibDir, AppName, "ebin"]).
+
+inject(App0, DepsToAdd, LibDir) ->
+  App = str(App0),
+  AppEbinDir = ebin_dir(LibDir, App),
+  [AppFile0] = filelib:wildcard("*.app", AppEbinDir),
+  AppFile = filename:join(AppEbinDir, AppFile0),
+  {ok, [{application, AppName, Props}]} = file:consult(AppFile),
+  Deps0 = case lists:keyfind(relup_deps, 1, Props) of
+              {_, X} -> X;
+              false -> []
+          end,
+  %% merge extra deps, but do not self-include
+  Deps = add_to_list(Deps0, DepsToAdd) -- [App0],
+  case Deps =:= [] of
+    true -> ok;
+    _ ->
+      NewProps = lists:keystore(relup_deps, 1, Props, {relup_deps, Deps}),
+      AppSpec = {application, AppName, NewProps},
+      AppSpecIoData = io_lib:format("~p.", [AppSpec]),
+      io:format(user, "updated_relup_deps for ~p~n", [App]),
+      file:write_file(AppFile, AppSpecIoData)
+  end.
+
+str(A) when is_atom(A) -> atom_to_list(A).
+
+match_pattern({re, Re}, AppNames) ->
+  Match = fun(AppName) -> re:run(AppName, Re) =/= nomatch end,
+  AppNamesToAdd = lists:filter(Match, AppNames),
+  AppsToAdd = lists:map(fun(N) -> list_to_atom(N) end, AppNamesToAdd),
+  case AppsToAdd =:= [] of
+    true  -> error({nomatch, Re});
+    false -> AppsToAdd
+  end;
+match_pattern(NameAtom, AppNames) ->
+  case lists:member(str(NameAtom), AppNames) of
+    true  -> [NameAtom];
+    false -> error({notfound, NameAtom})
+  end.
+
+%% Append elements to list without duplication. No reordering.
+add_to_list(List, []) -> List;
+add_to_list(List, [H | T]) ->
+  case lists:member(H, List) of
+    true -> add_to_list(List, T);
+    false -> add_to_list(List ++ [H], T)
+  end.

From c7fe49c20092ac71784da42be360ff2914bc56ae Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Mon, 21 Jun 2021 09:47:00 +0200
Subject: [PATCH 052/174] test(ci): add plugin list status check after relup
 new vsn install

---
 .ci/fvt_tests/relup.lux                          | 10 +++++++++-
 apps/emqx_dashboard/src/emqx_dashboard.appup.src | 16 ++++++++++++++++
 scripts/inject-deps.escript                      |  3 +++
 3 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 apps/emqx_dashboard/src/emqx_dashboard.appup.src

diff --git a/.ci/fvt_tests/relup.lux b/.ci/fvt_tests/relup.lux
index 33c35cb3e..91c11d3ae 100644
--- a/.ci/fvt_tests/relup.lux
+++ b/.ci/fvt_tests/relup.lux
@@ -43,7 +43,7 @@
     !sed -i '/emqx_telemetry/d' data/loaded_plugins
 
     !./bin/emqx start
-    ?EMQ X (.*) is started successfully!
+    ?EMQ X .* is started successfully!
     ?SH-PROMPT
 
     !./bin/emqx_ctl cluster join emqx@127.0.0.1
@@ -99,6 +99,10 @@
     """
     ?SH-PROMPT
 
+    !./bin/emqx_ctl plugins list | grep emqx_management
+    ?Plugin\(emqx_management.*active=true\)
+    ?SH-PROMPT
+
 [shell emqx2]
     !echo "" > log/emqx.log.1
     ?SH-PROMPT
@@ -120,6 +124,10 @@
     """
     ?SH-PROMPT
 
+    !./bin/emqx_ctl plugins list | grep emqx_management
+    ?Plugin\(emqx_management.*active=true\)
+    ?SH-PROMPT
+
 [shell bench]
     ???publish complete
     ??SH-PROMPT:
diff --git a/apps/emqx_dashboard/src/emqx_dashboard.appup.src b/apps/emqx_dashboard/src/emqx_dashboard.appup.src
new file mode 100644
index 000000000..678bd3b22
--- /dev/null
+++ b/apps/emqx_dashboard/src/emqx_dashboard.appup.src
@@ -0,0 +1,16 @@
+%% -*- mode: erlang -*-
+{VSN,
+ [ {"4.3.0",
+    %% load all plugins
+    %% NOTE: this depends on the fact that emqx_dashboard is always
+    %% the last application gets upgraded
+    [ {apply, {emqx_plugins, load, []}}
+    ]},
+   {<<".*">>, []}
+ ],
+ [ {"4.3.0",
+    [ {apply, {emqx_plugins, load, []}}
+    ]},
+   {<<".*">>, []}
+ ]
+}.
diff --git a/scripts/inject-deps.escript b/scripts/inject-deps.escript
index e0c50d772..1465acc8f 100755
--- a/scripts/inject-deps.escript
+++ b/scripts/inject-deps.escript
@@ -35,6 +35,9 @@ deps(_Profile) ->
   base_deps().
 
 base_deps() ->
+  %% make sure emqx_dashboard depends on all other emqx_xxx apps
+  %% so the appup instructions for emqx_dashboard is always the last
+  %% to be executed
   [ {emqx_dashboard, [{re, "emqx_.*"}]}
   , {emqx_management, [{re, "emqx_.*"}, {exclude, emqx_dashboard}]}
   , {{re, "emqx_.*"}, [emqx]}

From ab7590106108d5866cc24e747c9cb8b5e827e59f Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Wed, 23 Jun 2021 08:50:20 +0800
Subject: [PATCH 053/174] fix(coap): fix coap uri format (#5059)

---
 apps/emqx_lwm2m/rebar.config                     | 2 +-
 apps/emqx_lwm2m/src/emqx_lwm2m_coap_resource.erl | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/emqx_lwm2m/rebar.config b/apps/emqx_lwm2m/rebar.config
index 92648be28..23b03eaa4 100644
--- a/apps/emqx_lwm2m/rebar.config
+++ b/apps/emqx_lwm2m/rebar.config
@@ -1,5 +1,5 @@
 {deps,
- [{lwm2m_coap, {git, "https://github.com/emqx/lwm2m-coap", {tag, "v1.1.4"}}}
+ [{lwm2m_coap, {git, "https://github.com/emqx/lwm2m-coap", {tag, "v1.1.5"}}}
  ]}.
 
 {profiles,
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_coap_resource.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_coap_resource.erl
index de83643a8..f94c2bc72 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m_coap_resource.erl
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_coap_resource.erl
@@ -48,11 +48,11 @@
 -define(LOG(Level, Format, Args), logger:Level("LWM2M-RESOURCE: " ++ Format, Args)).
 
 -dialyzer([{nowarn_function, [coap_discover/2]}]).
-% we use {'absolute', string(), [{atom(), binary()}]} as coap_uri()
+% we use {'absolute', list(binary()), [{atom(), binary()}]} as coap_uri()
 % https://github.com/emqx/lwm2m-coap/blob/258e9bd3762124395e83c1e68a1583b84718230f/src/lwm2m_coap_resource.erl#L61
 % resource operations
 coap_discover(_Prefix, _Args) ->
-    [{absolute, "mqtt", []}].
+    [{absolute, [<<"mqtt">>], []}].
 
 coap_get(ChId, [?PREFIX], Query, Content, Lwm2mState) ->
     ?LOG(debug, "~p ~p GET Query=~p, Content=~p", [self(),ChId, Query, Content]),

From 96c07a505583cd7038e3be2e997341655e443cf7 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Tue, 22 Jun 2021 09:30:52 +0800
Subject: [PATCH 054/174] chore(CI): upload rebar3.crashdump file when slim
 build failure

---
 .github/workflows/build_slim_packages.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml
index 6c9bbf04a..bf85578c5 100644
--- a/.github/workflows/build_slim_packages.yaml
+++ b/.github/workflows/build_slim_packages.yaml
@@ -38,6 +38,11 @@ jobs:
       run: make ${EMQX_NAME}-zip
     - name: build deb/rpm packages
       run: make ${EMQX_NAME}-pkg
+    - uses: actions/upload-artifact@v1
+      if: failure()
+      with:
+        name: rebar3.crashdump
+        path: ./rebar3.crashdump
     - name: pakcages test
       run: |
         export CODE_PATH=$GITHUB_WORKSPACE
@@ -94,6 +99,11 @@ jobs:
         make ensure-rebar3
         sudo cp rebar3 /usr/local/bin/rebar3
         make ${EMQX_NAME}-zip
+    - uses: actions/upload-artifact@v1
+      if: failure()
+      with:
+        name: rebar3.crashdump
+        path: ./rebar3.crashdump
     - name: test
       run: |
         pkg_name=$(basename _packages/${EMQX_NAME}/emqx-*.zip)

From 8da6d5cf1688993663d5e71cf25f5196c9fb5b53 Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Wed, 23 Jun 2021 09:45:24 +0800
Subject: [PATCH 055/174] fix(emqx_cm): catch noproc exception from rpc_call
 (#5048)

---
 apps/emqx/src/emqx.appup.src | 14 ++++++++++----
 apps/emqx/src/emqx_cm.erl    |  3 +++
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/apps/emqx/src/emqx.appup.src b/apps/emqx/src/emqx.appup.src
index 53e77a103..a8b6136bb 100644
--- a/apps/emqx/src/emqx.appup.src
+++ b/apps/emqx/src/emqx.appup.src
@@ -3,7 +3,8 @@
   [
    {"4.3.3",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]}
+     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
+     {load_module,emqx_cm,brutal_purge,soft_purge,[]}
     ]},
    {"4.3.2",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
@@ -11,7 +12,9 @@
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
      {load_module,emqx_channel,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]},
-     {load_module,emqx_connection,brutal_purge,soft_purge,[]}]},
+     {load_module,emqx_connection,brutal_purge,soft_purge,[]},
+     {load_module,emqx_cm,brutal_purge,soft_purge,[]}
+    ]},
    {"4.3.1",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
@@ -45,7 +48,8 @@
    {<<".*">>,[]}],
   [{"4.3.3",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]}
+     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
+     {load_module,emqx_cm,brutal_purge,soft_purge,[]}
     ]},
    {"4.3.2",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
@@ -53,7 +57,9 @@
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
      {load_module,emqx_channel,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]},
-     {load_module,emqx_connection,brutal_purge,soft_purge,[]}]},
+     {load_module,emqx_connection,brutal_purge,soft_purge,[]},
+     {load_module,emqx_cm,brutal_purge,soft_purge,[]}
+    ]},
    {"4.3.1",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
diff --git a/apps/emqx/src/emqx_cm.erl b/apps/emqx/src/emqx_cm.erl
index b15a2ff79..6eb375aba 100644
--- a/apps/emqx/src/emqx_cm.erl
+++ b/apps/emqx/src/emqx_cm.erl
@@ -294,6 +294,9 @@ do_discard_session(ClientId, Pid) ->
         _ : {noproc, _} -> % emqx_connection: gen_server:call
             ?tp(debug, "session_already_gone", #{pid => Pid}),
             ok;
+        _ : {'EXIT', {noproc, _}} -> % rpc_call/3
+            ?tp(debug, "session_already_gone", #{pid => Pid}),
+            ok;
         _ : {{shutdown, _}, _} ->
             ?tp(debug, "session_already_shutdown", #{pid => Pid}),
             ok;

From 8c0c6974d9feb3445eb1c456ed67c7e8760a86f9 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Wed, 23 Jun 2021 11:08:14 +0800
Subject: [PATCH 056/174] fix: Ignore repeatedly receiving connection packet in
 the wait_will_msg/wait_will_topic/connected state

---
 apps/emqx_sn/src/emqx_sn_gateway.erl         | 36 +++++---------------
 apps/emqx_sn/test/emqx_sn_protocol_SUITE.erl | 13 -------
 2 files changed, 9 insertions(+), 40 deletions(-)

diff --git a/apps/emqx_sn/src/emqx_sn_gateway.erl b/apps/emqx_sn/src/emqx_sn_gateway.erl
index 9a8c68583..1bccf0c1a 100644
--- a/apps/emqx_sn/src/emqx_sn_gateway.erl
+++ b/apps/emqx_sn/src/emqx_sn_gateway.erl
@@ -250,8 +250,9 @@ wait_for_will_topic(cast, {incoming, ?SN_ADVERTISE_MSG(_GwId, _Radius)}, _State)
     % ignore
     keep_state_and_data;
 
-wait_for_will_topic(cast, {incoming, ?SN_CONNECT_MSG(Flags, _ProtoId, Duration, ClientId)}, State) ->
-    do_2nd_connect(Flags, Duration, ClientId, State);
+wait_for_will_topic(cast, {incoming, ?SN_CONNECT_MSG(_Flags, _ProtoId, _Duration, _ClientId)}, _State) ->
+    ?LOG(warning, "Receive connect packet in wait_for_will_topic state", []),
+    keep_state_and_data;
 
 wait_for_will_topic(cast, {outgoing, Packet}, State) ->
     {keep_state, handle_outgoing(Packet, State)};
@@ -275,9 +276,9 @@ wait_for_will_msg(cast, {incoming, ?SN_ADVERTISE_MSG(_GwId, _Radius)}, _State) -
     % ignore
     keep_state_and_data;
 
-%% XXX: ?? Why we will handling the 2nd CONNECT packet ??
-wait_for_will_msg(cast, {incoming, ?SN_CONNECT_MSG(Flags, _ProtoId, Duration, ClientId)}, State) ->
-    do_2nd_connect(Flags, Duration, ClientId, State);
+wait_for_will_msg(cast, {incoming, ?SN_CONNECT_MSG(_Flags, _ProtoId, _Duration, _ClientId)}, _State) ->
+    ?LOG(warning, "Receive connect packet in wait_for_will_msg state", []),
+    keep_state_and_data;
 
 wait_for_will_msg(cast, {outgoing, Packet}, State) ->
     {keep_state, handle_outgoing(Packet, State)};
@@ -365,8 +366,9 @@ connected(cast, {incoming, ?SN_ADVERTISE_MSG(_GwId, _Radius)}, State) ->
     % ignore
     {keep_state, State};
 
-connected(cast, {incoming, ?SN_CONNECT_MSG(Flags, _ProtoId, Duration, ClientId)}, State) ->
-    do_2nd_connect(Flags, Duration, ClientId, State);
+connected(cast, {incoming, ?SN_CONNECT_MSG(_Flags, _ProtoId, _Duration, _ClientId)}, _State) ->
+    ?LOG(warning, "Receive connect packet in wait_for_will_topic state", []),
+    keep_state_and_data;
 
 connected(cast, {outgoing, Packet}, State) ->
     {keep_state, handle_outgoing(Packet, State)};
@@ -845,26 +847,6 @@ do_connect(ClientId, CleanStart, WillFlag, Duration, State) ->
             handle_incoming(?CONNECT_PACKET(ConnPkt), NState)
     end.
 
-do_2nd_connect(Flags, Duration, ClientId, State = #state{sockname = Sockname,
-                                                         peername = Peername,
-                                                         channel  = Channel}) ->
-    emqx_logger:set_metadata_clientid(ClientId),
-    #mqtt_sn_flags{will = Will, clean_start = CleanStart} = Flags,
-    NChannel = case CleanStart of
-                   true ->
-                       emqx_channel:terminate(normal, Channel),
-                       emqx_sn_registry:unregister_topic(ClientId),
-                       emqx_channel:init(#{socktype => udp,
-                                           sockname => Sockname,
-                                           peername => Peername,
-                                           peercert => ?NO_PEERCERT,
-                                           conn_mod => ?MODULE
-                                          }, ?DEFAULT_CHAN_OPTIONS);
-                   false -> Channel
-               end,
-    NState = State#state{channel = NChannel},
-    do_connect(ClientId, CleanStart, Will, Duration, NState).
-
 handle_subscribe(?SN_NORMAL_TOPIC, TopicName, QoS, MsgId,
                  State=#state{channel = Channel}) ->
     ClientId = emqx_channel:info(clientid, Channel),
diff --git a/apps/emqx_sn/test/emqx_sn_protocol_SUITE.erl b/apps/emqx_sn/test/emqx_sn_protocol_SUITE.erl
index a953a45e7..0947bdaca 100644
--- a/apps/emqx_sn/test/emqx_sn_protocol_SUITE.erl
+++ b/apps/emqx_sn/test/emqx_sn_protocol_SUITE.erl
@@ -98,19 +98,6 @@ t_connect(_) ->
     ?assertEqual(<<2, ?SN_DISCONNECT>>, receive_response(Socket)),
     gen_udp:close(Socket).
 
-t_do_2nd_connect(_) ->
-    {ok, Socket} = gen_udp:open(0, [binary]),
-    ClientId = ?CLIENTID,
-    send_connect_msg(Socket, ClientId),
-    ?assertEqual(<<3, ?SN_CONNACK, 0>>, receive_response(Socket)),
-    timer:sleep(100),
-    send_connect_msg(Socket, <<"client_id_other">>),
-    ?assertEqual(<<3, ?SN_CONNACK, 0>>, receive_response(Socket)),
-
-    send_disconnect_msg(Socket, undefined),
-    ?assertEqual(<<2, ?SN_DISCONNECT>>, receive_response(Socket)),
-    gen_udp:close(Socket).
-
 t_subscribe(_) ->
     Dup = 0,
     QoS = 0,

From bde9d052a5b2829a99cca89ae9495e63f720c9da Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Wed, 23 Jun 2021 16:23:31 +0800
Subject: [PATCH 057/174] feat(lwm2m): fix check dialyzer fail

---
 .../emqx_lwm2m/src/emqx_lwm2m_cmd_handler.erl |  1 +
 apps/emqx_lwm2m/src/emqx_lwm2m_protocol.erl   | 74 ++++++++++++-------
 2 files changed, 50 insertions(+), 25 deletions(-)

diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_cmd_handler.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_cmd_handler.erl
index 2d208bdb4..b3251a275 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m_cmd_handler.erl
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_cmd_handler.erl
@@ -23,6 +23,7 @@
 -export([ mqtt2coap/2
         , coap2mqtt/4
         , ack2mqtt/1
+        , extract_path/1
         ]).
 
 -export([path_list/1]).
diff --git a/apps/emqx_lwm2m/src/emqx_lwm2m_protocol.erl b/apps/emqx_lwm2m/src/emqx_lwm2m_protocol.erl
index 55f992da6..34c72dcca 100644
--- a/apps/emqx_lwm2m/src/emqx_lwm2m_protocol.erl
+++ b/apps/emqx_lwm2m/src/emqx_lwm2m_protocol.erl
@@ -103,6 +103,7 @@ init(CoapPid, EndpointName, Peername = {_Peerhost, _Port}, RegInfo = #{<<"lt">>
                 emqx_cm:register_channel(EndpointName, CoapPid, conninfo(Lwm2mState1))
             end),
             emqx_cm:insert_channel_info(EndpointName, info(Lwm2mState1), stats(Lwm2mState1)),
+	    emqx_lwm2m_cm:register_channel(EndpointName, RegInfo, LifeTime, Ver, Peername),
 
             {ok, Lwm2mState1#lwm2m_state{life_timer = emqx_lwm2m_timer:start_timer(LifeTime, {life_timer, expired})}};
         {error, Error} ->
@@ -120,10 +121,8 @@ post_init(Lwm2mState = #lwm2m_state{endpoint_name = _EndpointName,
     _ = send_to_broker(<<"register">>, #{<<"data">> => RegInfo}, Lwm2mState),
     Lwm2mState#lwm2m_state{mqtt_topic = Topic}.
 
-update_reg_info(NewRegInfo, Lwm2mState = #lwm2m_state{
-        life_timer = LifeTimer, register_info = RegInfo,
-        coap_pid = CoapPid}) ->
-
+update_reg_info(NewRegInfo, Lwm2mState=#lwm2m_state{life_timer = LifeTimer, register_info = RegInfo,
+                                                    coap_pid = CoapPid, endpoint_name = Epn}) ->
     UpdatedRegInfo = maps:merge(RegInfo, NewRegInfo),
 
     _ = case proplists:get_value(update_msg_publish_condition,
@@ -134,6 +133,7 @@ update_reg_info(NewRegInfo, Lwm2mState = #lwm2m_state{
             %% - report the registration info update, but only when objectList is updated.
             case NewRegInfo of
                 #{<<"objectList">> := _} ->
+		    emqx_lwm2m_cm:update_reg_info(Epn, NewRegInfo),
                     send_to_broker(<<"update">>, #{<<"data">> => UpdatedRegInfo}, Lwm2mState);
                 _ -> ok
             end
@@ -151,7 +151,8 @@ update_reg_info(NewRegInfo, Lwm2mState = #lwm2m_state{
                            register_info = UpdatedRegInfo}.
 
 replace_reg_info(NewRegInfo, Lwm2mState=#lwm2m_state{life_timer = LifeTimer,
-                                                     coap_pid = CoapPid}) ->
+                                                     coap_pid = CoapPid,
+                                                     endpoint_name = EndpointName}) ->
     _ = send_to_broker(<<"register">>, #{<<"data">> => NewRegInfo}, Lwm2mState),
 
     %% - flush cached donwlink commands
@@ -161,7 +162,7 @@ replace_reg_info(NewRegInfo, Lwm2mState=#lwm2m_state{life_timer = LifeTimer,
     UpdatedLifeTimer = emqx_lwm2m_timer:refresh_timer(
                             maps:get(<<"lt">>, NewRegInfo), LifeTimer),
 
-    _ = send_auto_observe(CoapPid, NewRegInfo),
+    _ = send_auto_observe(CoapPid, NewRegInfo, EndpointName),
 
     ?LOG(debug, "Replace RegInfo to: ~p", [NewRegInfo]),
     Lwm2mState#lwm2m_state{life_timer = UpdatedLifeTimer,
@@ -174,15 +175,20 @@ send_ul_data(EventType, Payload, Lwm2mState=#lwm2m_state{coap_pid = CoapPid}) ->
     Lwm2mState.
 
 auto_observe(Lwm2mState = #lwm2m_state{register_info = RegInfo,
-                                       coap_pid = CoapPid}) ->
-    _ = send_auto_observe(CoapPid, RegInfo),
+                                       coap_pid = CoapPid,
+                                       endpoint_name = EndpointName}) ->
+    _ = send_auto_observe(CoapPid, RegInfo, EndpointName),
     Lwm2mState.
 
-deliver(#message{topic = Topic, payload = Payload}, Lwm2mState = #lwm2m_state{coap_pid = CoapPid, register_info = RegInfo, started_at = StartedAt}) ->
+deliver(#message{topic = Topic, payload = Payload},
+        Lwm2mState = #lwm2m_state{coap_pid = CoapPid,
+                                  register_info = RegInfo,
+                                  started_at = StartedAt,
+                                  endpoint_name = EndpointName}) ->
     IsCacheMode = is_cache_mode(RegInfo, StartedAt),
     ?LOG(debug, "Get MQTT message from broker, IsCacheModeNow?: ~p, Topic: ~p, Payload: ~p", [IsCacheMode, Topic, Payload]),
     AlternatePath = maps:get(<<"alternatePath">>, RegInfo, <<"/">>),
-    deliver_to_coap(AlternatePath, Payload, CoapPid, IsCacheMode),
+    deliver_to_coap(AlternatePath, Payload, CoapPid, IsCacheMode, EndpointName),
     Lwm2mState.
 
 get_info(Lwm2mState = #lwm2m_state{endpoint_name = EndpointName, peername = {PeerHost, _},
@@ -238,20 +244,21 @@ time_now() -> erlang:system_time(millisecond).
 %% Deliver downlink message to coap
 %%--------------------------------------------------------------------
 
-deliver_to_coap(AlternatePath, JsonData, CoapPid, CacheMode) when is_binary(JsonData)->
+deliver_to_coap(AlternatePath, JsonData, CoapPid, CacheMode, EndpointName) when is_binary(JsonData)->
     try
         TermData = emqx_json:decode(JsonData, [return_maps]),
-        deliver_to_coap(AlternatePath, TermData, CoapPid, CacheMode)
+        deliver_to_coap(AlternatePath, TermData, CoapPid, CacheMode, EndpointName)
     catch
         C:R:Stack ->
             ?LOG(error, "deliver_to_coap - Invalid JSON: ~p, Exception: ~p, stacktrace: ~p",
                 [JsonData, {C, R}, Stack])
     end;
 
-deliver_to_coap(AlternatePath, TermData, CoapPid, CacheMode) when is_map(TermData) ->
+deliver_to_coap(AlternatePath, TermData, CoapPid, CacheMode, EndpointName) when is_map(TermData) ->
     ?LOG(info, "SEND To CoAP, AlternatePath=~p, Data=~p", [AlternatePath, TermData]),
     {CoapRequest, Ref} = emqx_lwm2m_cmd_handler:mqtt2coap(AlternatePath, TermData),
-
+    MsgType = maps:get(<<"msgType">>, Ref),
+    emqx_lwm2m_cm:register_cmd(EndpointName, emqx_lwm2m_cmd_handler:extract_path(Ref), MsgType),
     case CacheMode of
         false ->
             do_deliver_to_coap(CoapPid, CoapRequest, Ref);
@@ -266,7 +273,12 @@ deliver_to_coap(AlternatePath, TermData, CoapPid, CacheMode) when is_map(TermDat
 send_to_broker(EventType, Payload = #{}, Lwm2mState) ->
     do_send_to_broker(EventType, Payload, Lwm2mState).
 
-do_send_to_broker(EventType, Payload, Lwm2mState) ->
+do_send_to_broker(EventType, #{<<"data">> := Data} = Payload, #lwm2m_state{endpoint_name = EndpointName} = Lwm2mState) ->
+    ReqPath = maps:get(<<"reqPath">>, Data, undefined),
+    Code = maps:get(<<"code">>, Data, undefined),
+    CodeMsg = maps:get(<<"codeMsg">>, Data, undefined),
+    Content = maps:get(<<"content">>, Data, undefined),
+    emqx_lwm2m_cm:register_cmd(EndpointName, ReqPath, EventType, {Code, CodeMsg, Content}),
     NewPayload = maps:put(<<"msgType">>, EventType, Payload),
     Topic = uplink_topic(EventType, Lwm2mState),
     publish(Topic, emqx_json:encode(NewPayload), _Qos = 0, Lwm2mState#lwm2m_state.endpoint_name).
@@ -281,7 +293,7 @@ auto_observe_object_list(Expected, Registered) ->
     Expected1 = lists:map(fun(S) -> iolist_to_binary(S) end, Expected),
     lists:filter(fun(S) -> lists:member(S, Expected1) end, Registered).
 
-send_auto_observe(CoapPid, RegInfo) ->
+send_auto_observe(CoapPid, RegInfo, EndpointName) ->
     %% - auto observe the objects
     case proplists:get_value(auto_observe, lwm2m_coap_responder:options(), false) of
         false ->
@@ -292,25 +304,37 @@ send_auto_observe(CoapPid, RegInfo) ->
                             maps:get(<<"objectList">>, RegInfo, [])
                            ),
             AlternatePath = maps:get(<<"alternatePath">>, RegInfo, <<"/">>),
-            auto_observe(AlternatePath, Objectlists, CoapPid)
+            auto_observe(AlternatePath, Objectlists, CoapPid, EndpointName)
     end.
 
-auto_observe(AlternatePath, ObjectList, CoapPid) ->
+auto_observe(AlternatePath, ObjectList, CoapPid, EndpointName) ->
     ?LOG(info, "Auto Observe on: ~p", [ObjectList]),
     erlang:spawn(fun() ->
-            observe_object_list(AlternatePath, ObjectList, CoapPid)
+            observe_object_list(AlternatePath, ObjectList, CoapPid, EndpointName)
         end).
 
-observe_object_list(AlternatePath, ObjectList, CoapPid) ->
+observe_object_list(AlternatePath, ObjectList, CoapPid, EndpointName) ->
     lists:foreach(fun(ObjectPath) ->
-        observe_object_slowly(AlternatePath, ObjectPath, CoapPid, 100)
+        [ObjId| LastPath] = emqx_lwm2m_cmd_handler:path_list(ObjectPath),
+        case ObjId of
+            <<"19">> ->
+                [ObjInsId | _LastPath1] = LastPath,
+                case ObjInsId of
+                    <<"0">> ->
+                        observe_object_slowly(AlternatePath, <<"/19/0/0">>, CoapPid, 100, EndpointName);
+                    _ ->
+                        observe_object_slowly(AlternatePath, ObjectPath, CoapPid, 100, EndpointName)
+                end;
+            _ ->
+                observe_object_slowly(AlternatePath, ObjectPath, CoapPid, 100, EndpointName)
+        end
     end, ObjectList).
 
-observe_object_slowly(AlternatePath, ObjectPath, CoapPid, Interval) ->
-    observe_object(AlternatePath, ObjectPath, CoapPid),
+observe_object_slowly(AlternatePath, ObjectPath, CoapPid, Interval, EndpointName) ->
+    observe_object(AlternatePath, ObjectPath, CoapPid, EndpointName),
     timer:sleep(Interval).
 
-observe_object(AlternatePath, ObjectPath, CoapPid) ->
+observe_object(AlternatePath, ObjectPath, CoapPid, EndpointName) ->
     Payload = #{
         <<"msgType">> => <<"observe">>,
         <<"data">> => #{
@@ -318,7 +342,7 @@ observe_object(AlternatePath, ObjectPath, CoapPid) ->
         }
     },
     ?LOG(info, "Observe ObjectPath: ~p", [ObjectPath]),
-    deliver_to_coap(AlternatePath, Payload, CoapPid, false).
+    deliver_to_coap(AlternatePath, Payload, CoapPid, false, EndpointName).
 
 do_deliver_to_coap_slowly(CoapPid, CoapRequestList, Interval) ->
     erlang:spawn(fun() ->

From 22f1e8d7eda93814bab6f33437572d9fee7493af Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Wed, 23 Jun 2021 16:50:28 +0800
Subject: [PATCH 058/174] chore(review): review 4.3.4

---
 apps/emqx/src/emqx.appup.src                     | 6 ++++--
 apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/apps/emqx/src/emqx.appup.src b/apps/emqx/src/emqx.appup.src
index a8b6136bb..0b2b9b2d5 100644
--- a/apps/emqx/src/emqx.appup.src
+++ b/apps/emqx/src/emqx.appup.src
@@ -4,7 +4,8 @@
    {"4.3.3",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]}
+     {load_module,emqx_cm,brutal_purge,soft_purge,[]},
+     {load_module,emqx_app,brutal_purge,soft_purge,[]}
     ]},
    {"4.3.2",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
@@ -49,7 +50,8 @@
   [{"4.3.3",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]}
+     {load_module,emqx_cm,brutal_purge,soft_purge,[]},
+     {load_module,emqx_app,brutal_purge,soft_purge,[]}
     ]},
    {"4.3.2",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
index 8b70bf484..9750f3cf1 100644
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
@@ -1,8 +1,8 @@
 %% -*- mode: erlang -*-
 {VSN,
   [{"4.3.0",
-    [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
+    [{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]},
    {<<".*">>,[]}],
   [{"4.3.0",
-    [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
+    [{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]},
    {<<".*">>,[]}]}.

From 4b1bb915164977d27a9beed296213f7045ac0fae Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Wed, 23 Jun 2021 19:02:04 +0800
Subject: [PATCH 059/174] chore: fix inject deps notfound emqx_reloader

---
 scripts/inject-deps.escript | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/scripts/inject-deps.escript b/scripts/inject-deps.escript
index 1465acc8f..359462a66 100755
--- a/scripts/inject-deps.escript
+++ b/scripts/inject-deps.escript
@@ -25,15 +25,6 @@ usage() ->
 -type app() :: atom().
 -type deps_overlay() :: {re, string()} | app().
 
-%% deps/0 returns the dependency overlays.
-%% {re, Pattern} to match application names using regexp pattern
--spec deps(string()) -> [{app(), [deps_overlay()]}].
-deps("emqx-edge" ++ _) ->
-  %% special case for edge
-  base_deps() ++ [{{re, ".+"}, [{exclude, emqx_reloader}]}];
-deps(_Profile) ->
-  base_deps().
-
 base_deps() ->
   %% make sure emqx_dashboard depends on all other emqx_xxx apps
   %% so the appup instructions for emqx_dashboard is always the last
@@ -74,7 +65,7 @@ expand_deps([Dep | Deps], AppNames, Acc) ->
 inject(Profile) ->
   LibDir = lib_dir(Profile),
   AppNames = list_apps(LibDir),
-  Deps0 = lists:flatmap(fun(Dep) -> expand_names(Dep, AppNames) end, deps(Profile)),
+  Deps0 = lists:flatmap(fun(Dep) -> expand_names(Dep, AppNames) end, base_deps()),
   Deps1 = merge(Deps0, []),
   Deps2 = lists:map(fun({Name, DepsX}) ->
                         NewDeps = expand_deps(DepsX, AppNames, []),

From e4cb11fb43fac6a3a726de90eaebcb23ff349ffb Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Wed, 23 Jun 2021 13:35:49 +0200
Subject: [PATCH 060/174] chore: add more info in error message

---
 scripts/inject-deps.escript | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/scripts/inject-deps.escript b/scripts/inject-deps.escript
index 359462a66..e5cd47140 100755
--- a/scripts/inject-deps.escript
+++ b/scripts/inject-deps.escript
@@ -23,7 +23,6 @@ usage() ->
   "Usage: " ++ escript:script_name() ++ " emqx|emqx-edge".
 
 -type app() :: atom().
--type deps_overlay() :: {re, string()} | app().
 
 base_deps() ->
   %% make sure emqx_dashboard depends on all other emqx_xxx apps
@@ -80,8 +79,8 @@ list_apps(LibDir) ->
 
 is_app(_LibDir, "." ++ _) -> false; %% ignore hidden dir
 is_app(LibDir, AppName) ->
-  filelib:is_regular(filename:join([ebin_dir(LibDir, AppName), AppName ++ ".app"])) orelse
-  error({unknown_app, AppName}). %% wtf
+  Path = filename:join([ebin_dir(LibDir, AppName), AppName ++ ".app"]),
+  filelib:is_regular(Path) orelse error({unknown_app, AppName, Path}). %% wtf
 
 lib_dir(Profile) ->
   filename:join(["_build", Profile, lib]).

From 1ecd0a54b9f1e4b8105cbd13d8211deabeb82d66 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Wed, 23 Jun 2021 20:14:47 +0800
Subject: [PATCH 061/174] chore(CI): add DIAGNOSTIC=1 when build windows

---
 .github/workflows/build_packages.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index 2090f722e..4b23affd8 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -83,6 +83,7 @@ jobs:
     - name: build
       env:
         PYTHON: python
+        DIAGNOSTIC: 1
       run: |
         $env:PATH = "${{ steps.install_erlang.outputs.erlpath }}\bin;$env:PATH"
 

From 9471f5ae07c1f929731f8a613de47502aa63bef8 Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Wed, 23 Jun 2021 15:24:14 +0200
Subject: [PATCH 062/174] fix(script): exclude non-edge apps in relup
 dependency

---
 scripts/inject-deps.escript | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/scripts/inject-deps.escript b/scripts/inject-deps.escript
index e5cd47140..0b6371342 100755
--- a/scripts/inject-deps.escript
+++ b/scripts/inject-deps.escript
@@ -23,6 +23,29 @@ usage() ->
   "Usage: " ++ escript:script_name() ++ " emqx|emqx-edge".
 
 -type app() :: atom().
+-type deps_overlay() :: {re, string()} | app().
+
+%% deps/0 returns the dependency overlays.
+%% {re, Pattern} to match application names using regexp pattern
+-spec deps(string()) -> [{app(), [deps_overlay()]}].
+deps("emqx-edge" ++ _) ->
+  %% special case for edge
+  base_deps() ++ [{{re, ".+"}, [{exclude, App} || App <- edge_excludes()]}];
+deps(_Profile) ->
+  base_deps().
+
+edge_excludes() ->
+    [ emqx_lwm2m
+    , emqx_auth_ldap
+    , emqx_auth_pgsql
+    , emqx_auth_redis
+    , emqx_auth_mongo
+    , emqx_lua_hook
+    , emqx_exhook
+    , emqx_exproto
+    , emqx_prometheus
+    , emqx_psk_file
+    ].
 
 base_deps() ->
   %% make sure emqx_dashboard depends on all other emqx_xxx apps
@@ -64,7 +87,7 @@ expand_deps([Dep | Deps], AppNames, Acc) ->
 inject(Profile) ->
   LibDir = lib_dir(Profile),
   AppNames = list_apps(LibDir),
-  Deps0 = lists:flatmap(fun(Dep) -> expand_names(Dep, AppNames) end, base_deps()),
+  Deps0 = lists:flatmap(fun(Dep) -> expand_names(Dep, AppNames) end, deps(Profile)),
   Deps1 = merge(Deps0, []),
   Deps2 = lists:map(fun({Name, DepsX}) ->
                         NewDeps = expand_deps(DepsX, AppNames, []),

From d7da6b2379c167af9b13a75bb81d851b1f716650 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Wed, 23 Jun 2021 21:08:39 +0800
Subject: [PATCH 063/174] chore(CI): delete needless link when build packages

---
 .github/workflows/build_packages.yaml | 8 +++++---
 deploy/docker/Dockerfile              | 4 +++-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index 4b23affd8..b983eaa67 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -169,9 +169,11 @@ jobs:
     - name: build
       run: |
         . $HOME/.kerl/${{ matrix.erl_otp }}/activate
-        make -C source ensure-rebar3
-        sudo cp source/rebar3 /usr/local/bin/rebar3
-        make -C source ${{ matrix.profile }}-zip
+        cd source
+        make ensure-rebar3
+        sudo cp rebar3 /usr/local/bin/rebar3
+        rm -rf _build/${{ matrix.profile }}/lib
+        make ${{ matrix.profile }}-zip
     - name: test
       run: |
         cd source
diff --git a/deploy/docker/Dockerfile b/deploy/docker/Dockerfile
index 4e25a001d..9e0ba9d5b 100644
--- a/deploy/docker/Dockerfile
+++ b/deploy/docker/Dockerfile
@@ -26,7 +26,9 @@ COPY . /emqx
 ARG PKG_VSN
 ARG EMQX_NAME=emqx
 
-RUN cd /emqx && make $EMQX_NAME
+RUN cd /emqx \
+    && rm -rf _build/$EMQX_NAME/lib \
+    && make $EMQX_NAME
 
 FROM $RUN_FROM
 

From ce324a190bf3fe193d239f05527b36281c4a59f1 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Thu, 24 Jun 2021 11:42:46 +0800
Subject: [PATCH 064/174] docs(docker): fix env name error

---
 deploy/docker/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/docker/README.md b/deploy/docker/README.md
index 5702b622c..c94794513 100644
--- a/deploy/docker/README.md
+++ b/deploy/docker/README.md
@@ -83,7 +83,7 @@ These environment variables will ignore for configuration file.
 
 The list is incomplete and may changed with [etc/emqx.conf](https://github.com/emqx/emqx/blob/master/etc/emqx.conf) and plugin configuration files. But the mapping rule is similar.
 
-If set ``EMQX_NAME`` and ``EMQX_HOST``, and unset ``EMQX_NODE__NAME``, ``EMQX_NODE__NAME=$EMQX_NAME@$EMQX_HOST``.
+If set ``EMQX_NAME`` and ``EMQX_HOST``, and unset ``EMQX_NODE_NAME``, ``EMQX_NODE_NAME=$EMQX_NAME@$EMQX_HOST``.
 
 For example, set mqtt tcp port to 1883
 

From 2f7373dd1cce6e0c739384bfc96b3c9c5f519d79 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Thu, 24 Jun 2021 14:54:05 +0800
Subject: [PATCH 065/174] chore(CI): update events that trigger workflows

---
 .github/workflows/apps_version_check.yaml   | 5 ++++-
 .github/workflows/build_slim_packages.yaml  | 2 ++
 .github/workflows/check_deps_integrity.yaml | 5 ++++-
 .github/workflows/elvis_lint.yaml           | 5 ++++-
 .github/workflows/run_cts_tests.yaml        | 2 ++
 .github/workflows/run_fvt_tests.yaml        | 2 ++
 .github/workflows/run_gitlint.yaml          | 5 ++++-
 .github/workflows/run_test_cases.yaml       | 2 ++
 .github/workflows/shellcheck.yaml           | 5 ++++-
 9 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/apps_version_check.yaml b/.github/workflows/apps_version_check.yaml
index 4975e5c11..aac7c91d3 100644
--- a/.github/workflows/apps_version_check.yaml
+++ b/.github/workflows/apps_version_check.yaml
@@ -1,6 +1,9 @@
 name: Check Apps Version
 
-on: [pull_request]
+on:
+  pull_request:
+    types:
+      - ready_for_review
 
 jobs:
   check_apps_version:
diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml
index bf85578c5..aa101d056 100644
--- a/.github/workflows/build_slim_packages.yaml
+++ b/.github/workflows/build_slim_packages.yaml
@@ -6,6 +6,8 @@ on:
       - v*
       - e*
   pull_request:
+    types:
+      - ready_for_review
   workflow_dispatch:
 
 jobs:
diff --git a/.github/workflows/check_deps_integrity.yaml b/.github/workflows/check_deps_integrity.yaml
index 0aa8f7903..3c72dcb0c 100644
--- a/.github/workflows/check_deps_integrity.yaml
+++ b/.github/workflows/check_deps_integrity.yaml
@@ -1,6 +1,9 @@
 name: Check Rebar Dependencies
 
-on: [pull_request]
+on:
+  pull_request:
+    types:
+      - ready_for_review
 
 jobs:
   check_deps_integrity:
diff --git a/.github/workflows/elvis_lint.yaml b/.github/workflows/elvis_lint.yaml
index 1fdbeba87..6e95fe752 100644
--- a/.github/workflows/elvis_lint.yaml
+++ b/.github/workflows/elvis_lint.yaml
@@ -1,6 +1,9 @@
 name: Elvis Linter
 
-on: [pull_request]
+on:
+  pull_request:
+    types:
+      - ready_for_review
 
 jobs:
   build:
diff --git a/.github/workflows/run_cts_tests.yaml b/.github/workflows/run_cts_tests.yaml
index bfa1d1394..3e33376ce 100644
--- a/.github/workflows/run_cts_tests.yaml
+++ b/.github/workflows/run_cts_tests.yaml
@@ -6,6 +6,8 @@ on:
       - v*
       - e*
   pull_request:
+    types:
+      - ready_for_review
 
 jobs:
   ldap:
diff --git a/.github/workflows/run_fvt_tests.yaml b/.github/workflows/run_fvt_tests.yaml
index 035c0d0e3..44d6aac52 100644
--- a/.github/workflows/run_fvt_tests.yaml
+++ b/.github/workflows/run_fvt_tests.yaml
@@ -6,6 +6,8 @@ on:
       - v*
       - e*
   pull_request:
+    types:
+      - ready_for_review
 
 jobs:
     docker_test:
diff --git a/.github/workflows/run_gitlint.yaml b/.github/workflows/run_gitlint.yaml
index 01b35461f..0cefc4f13 100644
--- a/.github/workflows/run_gitlint.yaml
+++ b/.github/workflows/run_gitlint.yaml
@@ -1,6 +1,9 @@
 name: Run gitlint
 
-on: [pull_request]
+on:
+  pull_request:
+    types:
+      - ready_for_review
 
 jobs:
   run_gitlint:
diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml
index 3fbe88c40..0ece640dc 100644
--- a/.github/workflows/run_test_cases.yaml
+++ b/.github/workflows/run_test_cases.yaml
@@ -6,6 +6,8 @@ on:
       - v*
       - e*
   pull_request:
+    types:
+      - ready_for_review
 
 jobs:
     run_static_analysis:
diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml
index 2084f3863..3905074ce 100644
--- a/.github/workflows/shellcheck.yaml
+++ b/.github/workflows/shellcheck.yaml
@@ -1,6 +1,9 @@
 name: Shellcheck
 
-on: [pull_request]
+on:
+  pull_request:
+    types:
+      - ready_for_review
 
 jobs:
   shellcheck:

From 05150ce58bcd60b12000250665ee85ad2373056b Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 19:22:36 +0800
Subject: [PATCH 066/174] revert: chore(CI): update events that trigger
 workflows

This reverts commit 002cbb6d8bce61fbbf1b174284ac78e539598062
---
 .github/workflows/apps_version_check.yaml   | 5 +----
 .github/workflows/build_slim_packages.yaml  | 2 --
 .github/workflows/check_deps_integrity.yaml | 5 +----
 .github/workflows/elvis_lint.yaml           | 5 +----
 .github/workflows/run_cts_tests.yaml        | 2 --
 .github/workflows/run_fvt_tests.yaml        | 2 --
 .github/workflows/run_gitlint.yaml          | 5 +----
 .github/workflows/run_test_cases.yaml       | 2 --
 .github/workflows/shellcheck.yaml           | 5 +----
 9 files changed, 5 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/apps_version_check.yaml b/.github/workflows/apps_version_check.yaml
index aac7c91d3..4975e5c11 100644
--- a/.github/workflows/apps_version_check.yaml
+++ b/.github/workflows/apps_version_check.yaml
@@ -1,9 +1,6 @@
 name: Check Apps Version
 
-on:
-  pull_request:
-    types:
-      - ready_for_review
+on: [pull_request]
 
 jobs:
   check_apps_version:
diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml
index aa101d056..bf85578c5 100644
--- a/.github/workflows/build_slim_packages.yaml
+++ b/.github/workflows/build_slim_packages.yaml
@@ -6,8 +6,6 @@ on:
       - v*
       - e*
   pull_request:
-    types:
-      - ready_for_review
   workflow_dispatch:
 
 jobs:
diff --git a/.github/workflows/check_deps_integrity.yaml b/.github/workflows/check_deps_integrity.yaml
index 3c72dcb0c..0aa8f7903 100644
--- a/.github/workflows/check_deps_integrity.yaml
+++ b/.github/workflows/check_deps_integrity.yaml
@@ -1,9 +1,6 @@
 name: Check Rebar Dependencies
 
-on:
-  pull_request:
-    types:
-      - ready_for_review
+on: [pull_request]
 
 jobs:
   check_deps_integrity:
diff --git a/.github/workflows/elvis_lint.yaml b/.github/workflows/elvis_lint.yaml
index 6e95fe752..1fdbeba87 100644
--- a/.github/workflows/elvis_lint.yaml
+++ b/.github/workflows/elvis_lint.yaml
@@ -1,9 +1,6 @@
 name: Elvis Linter
 
-on:
-  pull_request:
-    types:
-      - ready_for_review
+on: [pull_request]
 
 jobs:
   build:
diff --git a/.github/workflows/run_cts_tests.yaml b/.github/workflows/run_cts_tests.yaml
index 3e33376ce..bfa1d1394 100644
--- a/.github/workflows/run_cts_tests.yaml
+++ b/.github/workflows/run_cts_tests.yaml
@@ -6,8 +6,6 @@ on:
       - v*
       - e*
   pull_request:
-    types:
-      - ready_for_review
 
 jobs:
   ldap:
diff --git a/.github/workflows/run_fvt_tests.yaml b/.github/workflows/run_fvt_tests.yaml
index 44d6aac52..035c0d0e3 100644
--- a/.github/workflows/run_fvt_tests.yaml
+++ b/.github/workflows/run_fvt_tests.yaml
@@ -6,8 +6,6 @@ on:
       - v*
       - e*
   pull_request:
-    types:
-      - ready_for_review
 
 jobs:
     docker_test:
diff --git a/.github/workflows/run_gitlint.yaml b/.github/workflows/run_gitlint.yaml
index 0cefc4f13..01b35461f 100644
--- a/.github/workflows/run_gitlint.yaml
+++ b/.github/workflows/run_gitlint.yaml
@@ -1,9 +1,6 @@
 name: Run gitlint
 
-on:
-  pull_request:
-    types:
-      - ready_for_review
+on: [pull_request]
 
 jobs:
   run_gitlint:
diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml
index 0ece640dc..3fbe88c40 100644
--- a/.github/workflows/run_test_cases.yaml
+++ b/.github/workflows/run_test_cases.yaml
@@ -6,8 +6,6 @@ on:
       - v*
       - e*
   pull_request:
-    types:
-      - ready_for_review
 
 jobs:
     run_static_analysis:
diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml
index 3905074ce..2084f3863 100644
--- a/.github/workflows/shellcheck.yaml
+++ b/.github/workflows/shellcheck.yaml
@@ -1,9 +1,6 @@
 name: Shellcheck
 
-on:
-  pull_request:
-    types:
-      - ready_for_review
+on: [pull_request]
 
 jobs:
   shellcheck:

From 8f15a41f542fbf3d9c75c4ef56394144ba570e0e Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Fri, 25 Jun 2021 19:00:57 +0800
Subject: [PATCH 067/174] fix(shared_sub): failed to clean the
 emqx_shared_subscription tab

A trick that fixes the issue that we demonitored the shared subscriber
too early if it not unsubscribed all of the topics.
---
 apps/emqx/src/emqx_shared_sub.erl | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/apps/emqx/src/emqx_shared_sub.erl b/apps/emqx/src/emqx_shared_sub.erl
index 4707f63db..865aeda18 100644
--- a/apps/emqx/src/emqx_shared_sub.erl
+++ b/apps/emqx/src/emqx_shared_sub.erl
@@ -336,9 +336,13 @@ handle_info({mnesia_table_event, {write, NewRecord, _}}, State = #state{pmon = P
     #emqx_shared_subscription{subpid = SubPid} = NewRecord,
     {noreply, update_stats(State#state{pmon = emqx_pmon:monitor(SubPid, PMon)})};
 
-handle_info({mnesia_table_event, {delete_object, OldRecord, _}}, State = #state{pmon = PMon}) ->
-    #emqx_shared_subscription{subpid = SubPid} = OldRecord,
-    {noreply, update_stats(State#state{pmon = emqx_pmon:demonitor(SubPid, PMon)})};
+%% The subscriber may have subscribed multiple topics, so we need to keep monitoring the PID until
+%% it `unsubscribed` the last topic.
+%% The trick is we don't demonitor the subscriber here, and (after a long time) it will eventually
+%% be disconnected.
+% handle_info({mnesia_table_event, {delete_object, OldRecord, _}}, State = #state{pmon = PMon}) ->
+%     #emqx_shared_subscription{subpid = SubPid} = OldRecord,
+%     {noreply, update_stats(State#state{pmon = emqx_pmon:demonitor(SubPid, PMon)})};
 
 handle_info({mnesia_table_event, _Event}, State) ->
     {noreply, State};

From 95e7a4dd7bbe248d7ef3a2895083adbc65a6002a Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Fri, 25 Jun 2021 19:20:06 +0800
Subject: [PATCH 068/174] chore(appup): update the appup for 4.3.5

---
 apps/emqx/src/emqx.appup.src | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/apps/emqx/src/emqx.appup.src b/apps/emqx/src/emqx.appup.src
index 0b2b9b2d5..4f9f00673 100644
--- a/apps/emqx/src/emqx.appup.src
+++ b/apps/emqx/src/emqx.appup.src
@@ -1,14 +1,20 @@
 %% -*- mode: erlang -*-
 {VSN,
   [
+   {"4.3.4",
+    [{load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
+     {load_module,emqx_app,brutal_purge,soft_purge,[]}
+    ]},
    {"4.3.3",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_cm,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]}
     ]},
    {"4.3.2",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
      {load_module,emqx_channel,brutal_purge,soft_purge,[]},
@@ -18,6 +24,7 @@
     ]},
    {"4.3.1",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_frame,brutal_purge,soft_purge,[]},
@@ -31,6 +38,7 @@
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
    {"4.3.0",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
      {load_module,emqx_logger_jsonfmt,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_congestion,brutal_purge,soft_purge,[]},
@@ -47,14 +55,21 @@
      {apply,{emqx_metrics,upgrade_retained_delayed_counter_type,[]}},
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
    {<<".*">>,[]}],
-  [{"4.3.3",
+  [
+   {"4.3.4",
+    [{load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
+     {load_module,emqx_app,brutal_purge,soft_purge,[]}
+    ]},
+   {"4.3.3",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_cm,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]}
     ]},
    {"4.3.2",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
      {load_module,emqx_channel,brutal_purge,soft_purge,[]},
@@ -64,6 +79,7 @@
     ]},
    {"4.3.1",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_frame,brutal_purge,soft_purge,[]},
@@ -77,6 +93,7 @@
      {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
    {"4.3.0",
     [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
+     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
      {load_module,emqx_logger_jsonfmt,brutal_purge,soft_purge,[]},
      {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
      {load_module,emqx_connection,brutal_purge,soft_purge,[]},

From ff54fbd1d120a828825ad6f8b3776fbf618d510d Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Mon, 28 Jun 2021 09:35:39 +0800
Subject: [PATCH 069/174] fix(shared_sub): discard all unexpected msgs

---
 apps/emqx/src/emqx_shared_sub.erl | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/apps/emqx/src/emqx_shared_sub.erl b/apps/emqx/src/emqx_shared_sub.erl
index 865aeda18..97aa778f3 100644
--- a/apps/emqx/src/emqx_shared_sub.erl
+++ b/apps/emqx/src/emqx_shared_sub.erl
@@ -352,8 +352,7 @@ handle_info({'DOWN', _MRef, process, SubPid, _Reason}, State = #state{pmon = PMo
     cleanup_down(SubPid),
     {noreply, update_stats(State#state{pmon = emqx_pmon:erase(SubPid, PMon)})};
 
-handle_info(Info, State) ->
-    ?LOG(error, "Unexpected info: ~p", [Info]),
+handle_info(_Info, State) ->
     {noreply, State}.
 
 terminate(_Reason, _State) ->

From 07ade268f98e4886f15ed5891c02b2e8c0764b23 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Thu, 17 Jun 2021 15:11:26 +0800
Subject: [PATCH 070/174] chore: mv emqx_connector to emqx_data_bridge

---
 apps/emqx_connector/.gitignore                | 19 ----------
 apps/emqx_connector/README.md                 | 27 --------------
 apps/emqx_connector/etc/emqx_connector.conf   |  4 ---
 .../emqx_connector/priv/emqx_connector.schema |  2 --
 apps/emqx_connector/rebar.config              | 13 -------
 .../emqx_connector/src/emqx_connector.app.src | 17 ---------
 apps/emqx_connector/src/emqx_connector.erl    | 16 ---------
 .../emqx_connector/src/emqx_connector_app.erl | 31 ----------------
 .../emqx_connector/src/emqx_connector_sup.erl | 36 -------------------
 .../include/emqx_data_bridge.hrl}             |  0
 .../priv/emqx_data_bridge.schema              | 16 ---------
 apps/emqx_data_bridge/rebar.config            |  1 +
 .../src/connector}/emqx_connector_ldap.erl    |  2 +-
 .../src/connector}/emqx_connector_mongo.erl   |  2 +-
 .../src/connector}/emqx_connector_mysql.erl   |  0
 .../src/connector}/emqx_connector_pgsql.erl   |  0
 .../src/connector}/emqx_connector_redis.erl   |  2 +-
 .../connector}/emqx_connector_schema_lib.erl  |  2 +-
 .../src/emqx_data_bridge.app.src              |  3 +-
 .../emqx_data_bridge/src/emqx_data_bridge.erl |  5 +--
 apps/emqx_resource/priv/emqx_resource.schema  |  2 --
 data/loaded_plugins.tmpl                      |  3 --
 rebar.config.erl                              |  9 ++---
 23 files changed, 13 insertions(+), 199 deletions(-)
 delete mode 100644 apps/emqx_connector/.gitignore
 delete mode 100644 apps/emqx_connector/README.md
 delete mode 100644 apps/emqx_connector/etc/emqx_connector.conf
 delete mode 100644 apps/emqx_connector/priv/emqx_connector.schema
 delete mode 100644 apps/emqx_connector/rebar.config
 delete mode 100644 apps/emqx_connector/src/emqx_connector.app.src
 delete mode 100644 apps/emqx_connector/src/emqx_connector.erl
 delete mode 100644 apps/emqx_connector/src/emqx_connector_app.erl
 delete mode 100644 apps/emqx_connector/src/emqx_connector_sup.erl
 rename apps/{emqx_connector/include/emqx_connector.hrl => emqx_data_bridge/include/emqx_data_bridge.hrl} (100%)
 delete mode 100644 apps/emqx_data_bridge/priv/emqx_data_bridge.schema
 rename apps/{emqx_connector/src => emqx_data_bridge/src/connector}/emqx_connector_ldap.erl (99%)
 rename apps/{emqx_connector/src => emqx_data_bridge/src/connector}/emqx_connector_mongo.erl (99%)
 rename apps/{emqx_connector/src => emqx_data_bridge/src/connector}/emqx_connector_mysql.erl (100%)
 rename apps/{emqx_connector/src => emqx_data_bridge/src/connector}/emqx_connector_pgsql.erl (100%)
 rename apps/{emqx_connector/src => emqx_data_bridge/src/connector}/emqx_connector_redis.erl (99%)
 rename apps/{emqx_connector/src => emqx_data_bridge/src/connector}/emqx_connector_schema_lib.erl (99%)
 delete mode 100644 apps/emqx_resource/priv/emqx_resource.schema

diff --git a/apps/emqx_connector/.gitignore b/apps/emqx_connector/.gitignore
deleted file mode 100644
index f1c455451..000000000
--- a/apps/emqx_connector/.gitignore
+++ /dev/null
@@ -1,19 +0,0 @@
-.rebar3
-_*
-.eunit
-*.o
-*.beam
-*.plt
-*.swp
-*.swo
-.erlang.cookie
-ebin
-log
-erl_crash.dump
-.rebar
-logs
-_build
-.idea
-*.iml
-rebar3.crashdump
-*~
diff --git a/apps/emqx_connector/README.md b/apps/emqx_connector/README.md
deleted file mode 100644
index 879669f93..000000000
--- a/apps/emqx_connector/README.md
+++ /dev/null
@@ -1,27 +0,0 @@
-# emqx_connector
-
-This application is a collection of `connectors`.
-
-A `connector` is a callback module of `emqx_resource` that maintains the data related to
-external resources. Put all resource related callback modules in a single application is good as
-we can put some util functions/modules here for reusing purpose.
-
-For example, a mysql connector is an emqx resource that maintains all the mysql connection
-related parameters (configs) and the TCP connections to the mysql server.
-
-An mysql connector can be used as following:
-
-```
-(emqx@127.0.0.1)5> emqx_resource:list_instances_verbose().
-[#{config =>
-       #{auto_reconnect => true,cacertfile => [],certfile => [],
-         database => "mqtt",keyfile => [],password => "public",
-         pool_size => 1,
-         server => {{127,0,0,1},3306},
-         ssl => false,user => "root",verify => false},
-   id => <<"mysql-abc">>,mod => emqx_connector_mysql,
-   state => #{poolname => 'mysql-abc'},
-   status => started}]
-(emqx@127.0.0.1)6> emqx_resource:query(<<"mysql-abc">>, {sql, <<"SELECT count(1)">>}).
-{ok,[<<"count(1)">>],[[1]]}
-```
diff --git a/apps/emqx_connector/etc/emqx_connector.conf b/apps/emqx_connector/etc/emqx_connector.conf
deleted file mode 100644
index db4402d47..000000000
--- a/apps/emqx_connector/etc/emqx_connector.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-##--------------------------------------------------------------------
-## EMQ X CONNECTOR Plugin
-##--------------------------------------------------------------------
-
diff --git a/apps/emqx_connector/priv/emqx_connector.schema b/apps/emqx_connector/priv/emqx_connector.schema
deleted file mode 100644
index b8476c4d9..000000000
--- a/apps/emqx_connector/priv/emqx_connector.schema
+++ /dev/null
@@ -1,2 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_connector config mapping
diff --git a/apps/emqx_connector/rebar.config b/apps/emqx_connector/rebar.config
deleted file mode 100644
index 53b5c63e8..000000000
--- a/apps/emqx_connector/rebar.config
+++ /dev/null
@@ -1,13 +0,0 @@
-{erl_opts, [
-  nowarn_unused_import,
-  debug_info
-]}.
-
-{deps, [
-  {mysql, {git, "https://github.com/emqx/mysql-otp", {tag, "1.7.1"}}}
-]}.
-
-{shell, [
-  % {config, "config/sys.config"},
-    {apps, [emqx_connector]}
-]}.
diff --git a/apps/emqx_connector/src/emqx_connector.app.src b/apps/emqx_connector/src/emqx_connector.app.src
deleted file mode 100644
index a821b8f13..000000000
--- a/apps/emqx_connector/src/emqx_connector.app.src
+++ /dev/null
@@ -1,17 +0,0 @@
-{application, emqx_connector,
- [{description, "An OTP application"},
-  {vsn, "0.1.0"},
-  {registered, []},
-  {mod, {emqx_connector_app, []}},
-  {applications,
-   [kernel,
-    stdlib,
-    emqx_resource,
-    ecpool
-   ]},
-  {env,[]},
-  {modules, []},
-
-  {licenses, ["Apache 2.0"]},
-  {links, []}
- ]}.
diff --git a/apps/emqx_connector/src/emqx_connector.erl b/apps/emqx_connector/src/emqx_connector.erl
deleted file mode 100644
index dd0359348..000000000
--- a/apps/emqx_connector/src/emqx_connector.erl
+++ /dev/null
@@ -1,16 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
--module(emqx_connector).
diff --git a/apps/emqx_connector/src/emqx_connector_app.erl b/apps/emqx_connector/src/emqx_connector_app.erl
deleted file mode 100644
index 4bbad75cf..000000000
--- a/apps/emqx_connector/src/emqx_connector_app.erl
+++ /dev/null
@@ -1,31 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_connector_app).
-
--behaviour(application).
-
--emqx_plugin(?MODULE).
-
--export([start/2, stop/1]).
-
-start(_StartType, _StartArgs) ->
-    emqx_connector_sup:start_link().
-
-stop(_State) ->
-    ok.
-
-%% internal functions
diff --git a/apps/emqx_connector/src/emqx_connector_sup.erl b/apps/emqx_connector/src/emqx_connector_sup.erl
deleted file mode 100644
index 603b9a8ad..000000000
--- a/apps/emqx_connector/src/emqx_connector_sup.erl
+++ /dev/null
@@ -1,36 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
--module(emqx_connector_sup).
-
--behaviour(supervisor).
-
--export([start_link/0]).
-
--export([init/1]).
-
--define(SERVER, ?MODULE).
-
-start_link() ->
-    supervisor:start_link({local, ?SERVER}, ?MODULE, []).
-
-init([]) ->
-    SupFlags = #{strategy => one_for_all,
-                 intensity => 0,
-                 period => 1},
-    ChildSpecs = [],
-    {ok, {SupFlags, ChildSpecs}}.
-
-%% internal functions
diff --git a/apps/emqx_connector/include/emqx_connector.hrl b/apps/emqx_data_bridge/include/emqx_data_bridge.hrl
similarity index 100%
rename from apps/emqx_connector/include/emqx_connector.hrl
rename to apps/emqx_data_bridge/include/emqx_data_bridge.hrl
diff --git a/apps/emqx_data_bridge/priv/emqx_data_bridge.schema b/apps/emqx_data_bridge/priv/emqx_data_bridge.schema
deleted file mode 100644
index c9cb3f2c0..000000000
--- a/apps/emqx_data_bridge/priv/emqx_data_bridge.schema
+++ /dev/null
@@ -1,16 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_data_bridge config mapping
-
-{mapping, "emqx_data_bridge.bridges", "emqx_data_bridge.bridges", [
-  {default, []},
-  {datatype, string}
-]}.
-
-% fields("emqx_data_bridge") ->
-%     [
-%         {bridges,
-%           [fun(mapping) -> "emqx_data_bridge.bridges";
-%               (type) -> list();
-%               (_) -> undefined
-%            end]}
-%     ]
\ No newline at end of file
diff --git a/apps/emqx_data_bridge/rebar.config b/apps/emqx_data_bridge/rebar.config
index cf4cfcf1b..2778ec974 100644
--- a/apps/emqx_data_bridge/rebar.config
+++ b/apps/emqx_data_bridge/rebar.config
@@ -1,5 +1,6 @@
 {erl_opts, [debug_info]}.
 {deps, []}.
+% {extra_src_dirs, [{"src", [{recursive, true}]}]}.
 
 {shell, [
   % {config, "config/sys.config"},
diff --git a/apps/emqx_connector/src/emqx_connector_ldap.erl b/apps/emqx_data_bridge/src/connector/emqx_connector_ldap.erl
similarity index 99%
rename from apps/emqx_connector/src/emqx_connector_ldap.erl
rename to apps/emqx_data_bridge/src/connector/emqx_connector_ldap.erl
index 3b0af5aa7..322bce1ef 100644
--- a/apps/emqx_connector/src/emqx_connector_ldap.erl
+++ b/apps/emqx_data_bridge/src/connector/emqx_connector_ldap.erl
@@ -15,7 +15,7 @@
 %%--------------------------------------------------------------------
 -module(emqx_connector_ldap).
 
--include("emqx_connector.hrl").
+-include("emqx_data_bridge.hrl").
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_data_bridge/src/connector/emqx_connector_mongo.erl
similarity index 99%
rename from apps/emqx_connector/src/emqx_connector_mongo.erl
rename to apps/emqx_data_bridge/src/connector/emqx_connector_mongo.erl
index 26a36dd0a..9e22e5ac5 100644
--- a/apps/emqx_connector/src/emqx_connector_mongo.erl
+++ b/apps/emqx_data_bridge/src/connector/emqx_connector_mongo.erl
@@ -15,7 +15,7 @@
 %%--------------------------------------------------------------------
 -module(emqx_connector_mongo).
 
--include("emqx_connector.hrl").
+-include("emqx_data_bridge.hrl").
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
diff --git a/apps/emqx_connector/src/emqx_connector_mysql.erl b/apps/emqx_data_bridge/src/connector/emqx_connector_mysql.erl
similarity index 100%
rename from apps/emqx_connector/src/emqx_connector_mysql.erl
rename to apps/emqx_data_bridge/src/connector/emqx_connector_mysql.erl
diff --git a/apps/emqx_connector/src/emqx_connector_pgsql.erl b/apps/emqx_data_bridge/src/connector/emqx_connector_pgsql.erl
similarity index 100%
rename from apps/emqx_connector/src/emqx_connector_pgsql.erl
rename to apps/emqx_data_bridge/src/connector/emqx_connector_pgsql.erl
diff --git a/apps/emqx_connector/src/emqx_connector_redis.erl b/apps/emqx_data_bridge/src/connector/emqx_connector_redis.erl
similarity index 99%
rename from apps/emqx_connector/src/emqx_connector_redis.erl
rename to apps/emqx_data_bridge/src/connector/emqx_connector_redis.erl
index 3eebbcf87..1037afede 100644
--- a/apps/emqx_connector/src/emqx_connector_redis.erl
+++ b/apps/emqx_data_bridge/src/connector/emqx_connector_redis.erl
@@ -15,7 +15,7 @@
 %%--------------------------------------------------------------------
 -module(emqx_connector_redis).
 
--include("emqx_connector.hrl").
+-include("emqx_data_bridge.hrl").
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
diff --git a/apps/emqx_connector/src/emqx_connector_schema_lib.erl b/apps/emqx_data_bridge/src/connector/emqx_connector_schema_lib.erl
similarity index 99%
rename from apps/emqx_connector/src/emqx_connector_schema_lib.erl
rename to apps/emqx_data_bridge/src/connector/emqx_connector_schema_lib.erl
index 03572d91d..aaacd0e80 100644
--- a/apps/emqx_connector/src/emqx_connector_schema_lib.erl
+++ b/apps/emqx_data_bridge/src/connector/emqx_connector_schema_lib.erl
@@ -15,7 +15,7 @@
 %%--------------------------------------------------------------------
 -module(emqx_connector_schema_lib).
 
--include("emqx_connector.hrl").
+-include("emqx_data_bridge.hrl").
 -include_lib("typerefl/include/types.hrl").
 
 -export([ relational_db_fields/0
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge.app.src b/apps/emqx_data_bridge/src/emqx_data_bridge.app.src
index 360511d9b..edfcd4a9d 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge.app.src
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge.app.src
@@ -5,7 +5,8 @@
   {mod, {emqx_data_bridge_app, []}},
   {applications,
    [kernel,
-    stdlib
+    stdlib,
+    ecpool
    ]},
   {env,[]},
   {modules, []},
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge.erl b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
index 5877cd3dd..54a228763 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
@@ -25,8 +25,9 @@
         ]).
 
 load_bridges() ->
-    Bridges = proplists:get_value(bridges,
-        application:get_all_env(emqx_data_bridge), []),
+    ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?MODULE]) ++ ".conf",
+    {ok, #{<<"emqx_data_bridge">> := RawConfig}} = hocon:load(ConfFile),
+    Bridges = maps:get(<<"bridges">>, RawConfig, []),
     emqx_data_bridge_monitor:ensure_all_started(Bridges).
 
 resource_type(<<"mysql">>) -> emqx_connector_mysql;
diff --git a/apps/emqx_resource/priv/emqx_resource.schema b/apps/emqx_resource/priv/emqx_resource.schema
deleted file mode 100644
index 8246dc6a7..000000000
--- a/apps/emqx_resource/priv/emqx_resource.schema
+++ /dev/null
@@ -1,2 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx-resource config mapping
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
index 5ac46e0e3..d0dac7fe1 100644
--- a/data/loaded_plugins.tmpl
+++ b/data/loaded_plugins.tmpl
@@ -5,7 +5,4 @@
 {emqx_retainer, {{enable_plugin_emqx_retainer}}}.
 {emqx_telemetry, {{enable_plugin_emqx_telemetry}}}.
 {emqx_rule_engine, {{enable_plugin_emqx_rule_engine}}}.
-{emqx_resource, {{enable_plugin_emqx_resource}}}.
-{emqx_connector, {{enable_plugin_emqx_connector}}}.
-{emqx_data_bridge, {{enable_plugin_emqx_data_bridge}}}.
 {emqx_bridge_mqtt, {{enable_plugin_emqx_bridge_mqtt}}}.
diff --git a/rebar.config.erl b/rebar.config.erl
index 543333895..24020ad45 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -193,9 +193,6 @@ overlay_vars_rel(RelType) ->
              end,
     [ {enable_plugin_emqx_rule_engine, RelType =:= cloud}
     , {enable_plugin_emqx_bridge_mqtt, RelType =:= edge}
-    , {enable_plugin_emqx_resource, true}
-    , {enable_plugin_emqx_connector, true}
-    , {enable_plugin_emqx_data_bridge, true}
     , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
     , {enable_plugin_emqx_recon, true}
     , {enable_plugin_emqx_retainer, true}
@@ -254,6 +251,8 @@ relx_apps(ReleaseType) ->
     , {emqx_plugin_libs, load}
     , observer_cli
     , emqx_http_lib
+    , emqx_resource
+    , emqx_data_bridge
     ]
     ++ [emqx_modules || not is_enterprise()]
     ++ [emqx_license || is_enterprise()]
@@ -291,10 +290,8 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_auth_mnesia
     , emqx_web_hook
     , emqx_recon
-    , emqx_resource
-    , emqx_connector
-    , emqx_data_bridge
     , emqx_rule_engine
+    , emqx_data_bridge
     , emqx_sasl
     ]
     ++ [emqx_telemetry || not is_enterprise()]

From 786fd6fe3e4a7692935d6529a7a20e7db9ba5805 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Thu, 17 Jun 2021 18:05:43 +0800
Subject: [PATCH 071/174] feat(connector): mysql and pgsql query support params

---
 .../src/connector/emqx_connector_mysql.erl             |  4 +++-
 .../src/connector/emqx_connector_pgsql.erl             | 10 ++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/apps/emqx_data_bridge/src/connector/emqx_connector_mysql.erl b/apps/emqx_data_bridge/src/connector/emqx_connector_mysql.erl
index e90d5f171..61e13901e 100644
--- a/apps/emqx_data_bridge/src/connector/emqx_connector_mysql.erl
+++ b/apps/emqx_data_bridge/src/connector/emqx_connector_mysql.erl
@@ -71,8 +71,10 @@ on_stop(InstId, #{poolname := PoolName}) ->
     emqx_plugin_libs_pool:stop_pool(PoolName).
 
 on_query(InstId, {sql, SQL}, AfterQuery, #{poolname := PoolName} = State) ->
+    on_query(InstId, {sql, SQL, []}, AfterQuery, #{poolname := PoolName} = State);
+on_query(InstId, {sql, SQL, Params}, AfterQuery, #{poolname := PoolName} = State) ->
     logger:debug("mysql connector ~p received sql query: ~p, at state: ~p", [InstId, SQL, State]),
-    case Result = ecpool:pick_and_do(PoolName, {mysql, query, [SQL]}, no_handover) of
+    case Result = ecpool:pick_and_do(PoolName, {mysql, query, [SQL, Params]}, no_handover) of
         {error, Reason} ->
             logger:debug("mysql connector ~p do sql query failed, sql: ~p, reason: ~p", [InstId, SQL, Reason]),
             emqx_resource:query_failed(AfterQuery);
diff --git a/apps/emqx_data_bridge/src/connector/emqx_connector_pgsql.erl b/apps/emqx_data_bridge/src/connector/emqx_connector_pgsql.erl
index 329138ab1..0ff0d6779 100644
--- a/apps/emqx_data_bridge/src/connector/emqx_connector_pgsql.erl
+++ b/apps/emqx_data_bridge/src/connector/emqx_connector_pgsql.erl
@@ -31,7 +31,7 @@
 
 -export([connect/1]).
 
--export([query/2]).
+-export([query/3]).
 
 -export([do_health_check/1]).
 
@@ -74,8 +74,10 @@ on_stop(InstId, #{poolname := PoolName}) ->
     emqx_plugin_libs_pool:stop_pool(PoolName).
 
 on_query(InstId, {sql, SQL}, AfterQuery, #{poolname := PoolName} = State) ->
+    on_query(InstId, {sql, SQL, []}, AfterQuery, #{poolname := PoolName} = State);
+on_query(InstId, {sql, SQL, Params}, AfterQuery, #{poolname := PoolName} = State) ->
     logger:debug("postgresql connector ~p received sql query: ~p, at state: ~p", [InstId, SQL, State]),
-    case Result = ecpool:pick_and_do(PoolName, {?MODULE, query, [SQL]}, no_handover) of
+    case Result = ecpool:pick_and_do(PoolName, {?MODULE, query, [SQL, Params]}, no_handover) of
         {error, Reason} ->
             logger:debug("postgresql connector ~p do sql query failed, sql: ~p, reason: ~p", [InstId, SQL, Reason]),
             emqx_resource:query_failed(AfterQuery);
@@ -100,8 +102,8 @@ connect(Opts) ->
     Password = proplists:get_value(password, Opts),
     epgsql:connect(Host, Username, Password, conn_opts(Opts)).
 
-query(Conn, SQL) ->
-    epgsql:squery(Conn, SQL).
+query(Conn, SQL, Params) ->
+    epgsql:equery(Conn, SQL, Params).
 
 conn_opts(Opts) ->
     conn_opts(Opts, []).

From 271869b817f891eb7755be223f4c3c6b57e0abe7 Mon Sep 17 00:00:00 2001
From: turtleDeng <deng@emqx.io>
Date: Thu, 17 Jun 2021 19:10:38 +0800
Subject: [PATCH 072/174] Revert "chore: mv emqx_connector to emqx_data_bridge"

This reverts commit d640e2ccfa68a1c0529ef302b3eadc627d07f5e5.
---
 apps/emqx_connector/.gitignore                | 19 ++++++++++
 apps/emqx_connector/README.md                 | 27 ++++++++++++++
 apps/emqx_connector/etc/emqx_connector.conf   |  4 +++
 .../include/emqx_connector.hrl}               |  0
 .../emqx_connector/priv/emqx_connector.schema |  2 ++
 apps/emqx_connector/rebar.config              | 13 +++++++
 .../emqx_connector/src/emqx_connector.app.src | 17 +++++++++
 apps/emqx_connector/src/emqx_connector.erl    | 16 +++++++++
 .../emqx_connector/src/emqx_connector_app.erl | 31 ++++++++++++++++
 .../src}/emqx_connector_ldap.erl              |  2 +-
 .../src}/emqx_connector_mongo.erl             |  2 +-
 .../src}/emqx_connector_mysql.erl             |  0
 .../src}/emqx_connector_pgsql.erl             |  0
 .../src}/emqx_connector_redis.erl             |  2 +-
 .../src}/emqx_connector_schema_lib.erl        |  2 +-
 .../emqx_connector/src/emqx_connector_sup.erl | 36 +++++++++++++++++++
 .../priv/emqx_data_bridge.schema              | 16 +++++++++
 apps/emqx_data_bridge/rebar.config            |  1 -
 .../src/emqx_data_bridge.app.src              |  3 +-
 .../emqx_data_bridge/src/emqx_data_bridge.erl |  5 ++-
 apps/emqx_resource/priv/emqx_resource.schema  |  2 ++
 data/loaded_plugins.tmpl                      |  3 ++
 rebar.config.erl                              |  9 +++--
 23 files changed, 199 insertions(+), 13 deletions(-)
 create mode 100644 apps/emqx_connector/.gitignore
 create mode 100644 apps/emqx_connector/README.md
 create mode 100644 apps/emqx_connector/etc/emqx_connector.conf
 rename apps/{emqx_data_bridge/include/emqx_data_bridge.hrl => emqx_connector/include/emqx_connector.hrl} (100%)
 create mode 100644 apps/emqx_connector/priv/emqx_connector.schema
 create mode 100644 apps/emqx_connector/rebar.config
 create mode 100644 apps/emqx_connector/src/emqx_connector.app.src
 create mode 100644 apps/emqx_connector/src/emqx_connector.erl
 create mode 100644 apps/emqx_connector/src/emqx_connector_app.erl
 rename apps/{emqx_data_bridge/src/connector => emqx_connector/src}/emqx_connector_ldap.erl (99%)
 rename apps/{emqx_data_bridge/src/connector => emqx_connector/src}/emqx_connector_mongo.erl (99%)
 rename apps/{emqx_data_bridge/src/connector => emqx_connector/src}/emqx_connector_mysql.erl (100%)
 rename apps/{emqx_data_bridge/src/connector => emqx_connector/src}/emqx_connector_pgsql.erl (100%)
 rename apps/{emqx_data_bridge/src/connector => emqx_connector/src}/emqx_connector_redis.erl (99%)
 rename apps/{emqx_data_bridge/src/connector => emqx_connector/src}/emqx_connector_schema_lib.erl (99%)
 create mode 100644 apps/emqx_connector/src/emqx_connector_sup.erl
 create mode 100644 apps/emqx_data_bridge/priv/emqx_data_bridge.schema
 create mode 100644 apps/emqx_resource/priv/emqx_resource.schema

diff --git a/apps/emqx_connector/.gitignore b/apps/emqx_connector/.gitignore
new file mode 100644
index 000000000..f1c455451
--- /dev/null
+++ b/apps/emqx_connector/.gitignore
@@ -0,0 +1,19 @@
+.rebar3
+_*
+.eunit
+*.o
+*.beam
+*.plt
+*.swp
+*.swo
+.erlang.cookie
+ebin
+log
+erl_crash.dump
+.rebar
+logs
+_build
+.idea
+*.iml
+rebar3.crashdump
+*~
diff --git a/apps/emqx_connector/README.md b/apps/emqx_connector/README.md
new file mode 100644
index 000000000..879669f93
--- /dev/null
+++ b/apps/emqx_connector/README.md
@@ -0,0 +1,27 @@
+# emqx_connector
+
+This application is a collection of `connectors`.
+
+A `connector` is a callback module of `emqx_resource` that maintains the data related to
+external resources. Put all resource related callback modules in a single application is good as
+we can put some util functions/modules here for reusing purpose.
+
+For example, a mysql connector is an emqx resource that maintains all the mysql connection
+related parameters (configs) and the TCP connections to the mysql server.
+
+An mysql connector can be used as following:
+
+```
+(emqx@127.0.0.1)5> emqx_resource:list_instances_verbose().
+[#{config =>
+       #{auto_reconnect => true,cacertfile => [],certfile => [],
+         database => "mqtt",keyfile => [],password => "public",
+         pool_size => 1,
+         server => {{127,0,0,1},3306},
+         ssl => false,user => "root",verify => false},
+   id => <<"mysql-abc">>,mod => emqx_connector_mysql,
+   state => #{poolname => 'mysql-abc'},
+   status => started}]
+(emqx@127.0.0.1)6> emqx_resource:query(<<"mysql-abc">>, {sql, <<"SELECT count(1)">>}).
+{ok,[<<"count(1)">>],[[1]]}
+```
diff --git a/apps/emqx_connector/etc/emqx_connector.conf b/apps/emqx_connector/etc/emqx_connector.conf
new file mode 100644
index 000000000..db4402d47
--- /dev/null
+++ b/apps/emqx_connector/etc/emqx_connector.conf
@@ -0,0 +1,4 @@
+##--------------------------------------------------------------------
+## EMQ X CONNECTOR Plugin
+##--------------------------------------------------------------------
+
diff --git a/apps/emqx_data_bridge/include/emqx_data_bridge.hrl b/apps/emqx_connector/include/emqx_connector.hrl
similarity index 100%
rename from apps/emqx_data_bridge/include/emqx_data_bridge.hrl
rename to apps/emqx_connector/include/emqx_connector.hrl
diff --git a/apps/emqx_connector/priv/emqx_connector.schema b/apps/emqx_connector/priv/emqx_connector.schema
new file mode 100644
index 000000000..b8476c4d9
--- /dev/null
+++ b/apps/emqx_connector/priv/emqx_connector.schema
@@ -0,0 +1,2 @@
+%%-*- mode: erlang -*-
+%% emqx_connector config mapping
diff --git a/apps/emqx_connector/rebar.config b/apps/emqx_connector/rebar.config
new file mode 100644
index 000000000..53b5c63e8
--- /dev/null
+++ b/apps/emqx_connector/rebar.config
@@ -0,0 +1,13 @@
+{erl_opts, [
+  nowarn_unused_import,
+  debug_info
+]}.
+
+{deps, [
+  {mysql, {git, "https://github.com/emqx/mysql-otp", {tag, "1.7.1"}}}
+]}.
+
+{shell, [
+  % {config, "config/sys.config"},
+    {apps, [emqx_connector]}
+]}.
diff --git a/apps/emqx_connector/src/emqx_connector.app.src b/apps/emqx_connector/src/emqx_connector.app.src
new file mode 100644
index 000000000..a821b8f13
--- /dev/null
+++ b/apps/emqx_connector/src/emqx_connector.app.src
@@ -0,0 +1,17 @@
+{application, emqx_connector,
+ [{description, "An OTP application"},
+  {vsn, "0.1.0"},
+  {registered, []},
+  {mod, {emqx_connector_app, []}},
+  {applications,
+   [kernel,
+    stdlib,
+    emqx_resource,
+    ecpool
+   ]},
+  {env,[]},
+  {modules, []},
+
+  {licenses, ["Apache 2.0"]},
+  {links, []}
+ ]}.
diff --git a/apps/emqx_connector/src/emqx_connector.erl b/apps/emqx_connector/src/emqx_connector.erl
new file mode 100644
index 000000000..dd0359348
--- /dev/null
+++ b/apps/emqx_connector/src/emqx_connector.erl
@@ -0,0 +1,16 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+-module(emqx_connector).
diff --git a/apps/emqx_connector/src/emqx_connector_app.erl b/apps/emqx_connector/src/emqx_connector_app.erl
new file mode 100644
index 000000000..4bbad75cf
--- /dev/null
+++ b/apps/emqx_connector/src/emqx_connector_app.erl
@@ -0,0 +1,31 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_connector_app).
+
+-behaviour(application).
+
+-emqx_plugin(?MODULE).
+
+-export([start/2, stop/1]).
+
+start(_StartType, _StartArgs) ->
+    emqx_connector_sup:start_link().
+
+stop(_State) ->
+    ok.
+
+%% internal functions
diff --git a/apps/emqx_data_bridge/src/connector/emqx_connector_ldap.erl b/apps/emqx_connector/src/emqx_connector_ldap.erl
similarity index 99%
rename from apps/emqx_data_bridge/src/connector/emqx_connector_ldap.erl
rename to apps/emqx_connector/src/emqx_connector_ldap.erl
index 322bce1ef..3b0af5aa7 100644
--- a/apps/emqx_data_bridge/src/connector/emqx_connector_ldap.erl
+++ b/apps/emqx_connector/src/emqx_connector_ldap.erl
@@ -15,7 +15,7 @@
 %%--------------------------------------------------------------------
 -module(emqx_connector_ldap).
 
--include("emqx_data_bridge.hrl").
+-include("emqx_connector.hrl").
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
diff --git a/apps/emqx_data_bridge/src/connector/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl
similarity index 99%
rename from apps/emqx_data_bridge/src/connector/emqx_connector_mongo.erl
rename to apps/emqx_connector/src/emqx_connector_mongo.erl
index 9e22e5ac5..26a36dd0a 100644
--- a/apps/emqx_data_bridge/src/connector/emqx_connector_mongo.erl
+++ b/apps/emqx_connector/src/emqx_connector_mongo.erl
@@ -15,7 +15,7 @@
 %%--------------------------------------------------------------------
 -module(emqx_connector_mongo).
 
--include("emqx_data_bridge.hrl").
+-include("emqx_connector.hrl").
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
diff --git a/apps/emqx_data_bridge/src/connector/emqx_connector_mysql.erl b/apps/emqx_connector/src/emqx_connector_mysql.erl
similarity index 100%
rename from apps/emqx_data_bridge/src/connector/emqx_connector_mysql.erl
rename to apps/emqx_connector/src/emqx_connector_mysql.erl
diff --git a/apps/emqx_data_bridge/src/connector/emqx_connector_pgsql.erl b/apps/emqx_connector/src/emqx_connector_pgsql.erl
similarity index 100%
rename from apps/emqx_data_bridge/src/connector/emqx_connector_pgsql.erl
rename to apps/emqx_connector/src/emqx_connector_pgsql.erl
diff --git a/apps/emqx_data_bridge/src/connector/emqx_connector_redis.erl b/apps/emqx_connector/src/emqx_connector_redis.erl
similarity index 99%
rename from apps/emqx_data_bridge/src/connector/emqx_connector_redis.erl
rename to apps/emqx_connector/src/emqx_connector_redis.erl
index 1037afede..3eebbcf87 100644
--- a/apps/emqx_data_bridge/src/connector/emqx_connector_redis.erl
+++ b/apps/emqx_connector/src/emqx_connector_redis.erl
@@ -15,7 +15,7 @@
 %%--------------------------------------------------------------------
 -module(emqx_connector_redis).
 
--include("emqx_data_bridge.hrl").
+-include("emqx_connector.hrl").
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
diff --git a/apps/emqx_data_bridge/src/connector/emqx_connector_schema_lib.erl b/apps/emqx_connector/src/emqx_connector_schema_lib.erl
similarity index 99%
rename from apps/emqx_data_bridge/src/connector/emqx_connector_schema_lib.erl
rename to apps/emqx_connector/src/emqx_connector_schema_lib.erl
index aaacd0e80..03572d91d 100644
--- a/apps/emqx_data_bridge/src/connector/emqx_connector_schema_lib.erl
+++ b/apps/emqx_connector/src/emqx_connector_schema_lib.erl
@@ -15,7 +15,7 @@
 %%--------------------------------------------------------------------
 -module(emqx_connector_schema_lib).
 
--include("emqx_data_bridge.hrl").
+-include("emqx_connector.hrl").
 -include_lib("typerefl/include/types.hrl").
 
 -export([ relational_db_fields/0
diff --git a/apps/emqx_connector/src/emqx_connector_sup.erl b/apps/emqx_connector/src/emqx_connector_sup.erl
new file mode 100644
index 000000000..603b9a8ad
--- /dev/null
+++ b/apps/emqx_connector/src/emqx_connector_sup.erl
@@ -0,0 +1,36 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+-module(emqx_connector_sup).
+
+-behaviour(supervisor).
+
+-export([start_link/0]).
+
+-export([init/1]).
+
+-define(SERVER, ?MODULE).
+
+start_link() ->
+    supervisor:start_link({local, ?SERVER}, ?MODULE, []).
+
+init([]) ->
+    SupFlags = #{strategy => one_for_all,
+                 intensity => 0,
+                 period => 1},
+    ChildSpecs = [],
+    {ok, {SupFlags, ChildSpecs}}.
+
+%% internal functions
diff --git a/apps/emqx_data_bridge/priv/emqx_data_bridge.schema b/apps/emqx_data_bridge/priv/emqx_data_bridge.schema
new file mode 100644
index 000000000..c9cb3f2c0
--- /dev/null
+++ b/apps/emqx_data_bridge/priv/emqx_data_bridge.schema
@@ -0,0 +1,16 @@
+%%-*- mode: erlang -*-
+%% emqx_data_bridge config mapping
+
+{mapping, "emqx_data_bridge.bridges", "emqx_data_bridge.bridges", [
+  {default, []},
+  {datatype, string}
+]}.
+
+% fields("emqx_data_bridge") ->
+%     [
+%         {bridges,
+%           [fun(mapping) -> "emqx_data_bridge.bridges";
+%               (type) -> list();
+%               (_) -> undefined
+%            end]}
+%     ]
\ No newline at end of file
diff --git a/apps/emqx_data_bridge/rebar.config b/apps/emqx_data_bridge/rebar.config
index 2778ec974..cf4cfcf1b 100644
--- a/apps/emqx_data_bridge/rebar.config
+++ b/apps/emqx_data_bridge/rebar.config
@@ -1,6 +1,5 @@
 {erl_opts, [debug_info]}.
 {deps, []}.
-% {extra_src_dirs, [{"src", [{recursive, true}]}]}.
 
 {shell, [
   % {config, "config/sys.config"},
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge.app.src b/apps/emqx_data_bridge/src/emqx_data_bridge.app.src
index edfcd4a9d..360511d9b 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge.app.src
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge.app.src
@@ -5,8 +5,7 @@
   {mod, {emqx_data_bridge_app, []}},
   {applications,
    [kernel,
-    stdlib,
-    ecpool
+    stdlib
    ]},
   {env,[]},
   {modules, []},
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge.erl b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
index 54a228763..5877cd3dd 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
@@ -25,9 +25,8 @@
         ]).
 
 load_bridges() ->
-    ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?MODULE]) ++ ".conf",
-    {ok, #{<<"emqx_data_bridge">> := RawConfig}} = hocon:load(ConfFile),
-    Bridges = maps:get(<<"bridges">>, RawConfig, []),
+    Bridges = proplists:get_value(bridges,
+        application:get_all_env(emqx_data_bridge), []),
     emqx_data_bridge_monitor:ensure_all_started(Bridges).
 
 resource_type(<<"mysql">>) -> emqx_connector_mysql;
diff --git a/apps/emqx_resource/priv/emqx_resource.schema b/apps/emqx_resource/priv/emqx_resource.schema
new file mode 100644
index 000000000..8246dc6a7
--- /dev/null
+++ b/apps/emqx_resource/priv/emqx_resource.schema
@@ -0,0 +1,2 @@
+%%-*- mode: erlang -*-
+%% emqx-resource config mapping
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
index d0dac7fe1..5ac46e0e3 100644
--- a/data/loaded_plugins.tmpl
+++ b/data/loaded_plugins.tmpl
@@ -5,4 +5,7 @@
 {emqx_retainer, {{enable_plugin_emqx_retainer}}}.
 {emqx_telemetry, {{enable_plugin_emqx_telemetry}}}.
 {emqx_rule_engine, {{enable_plugin_emqx_rule_engine}}}.
+{emqx_resource, {{enable_plugin_emqx_resource}}}.
+{emqx_connector, {{enable_plugin_emqx_connector}}}.
+{emqx_data_bridge, {{enable_plugin_emqx_data_bridge}}}.
 {emqx_bridge_mqtt, {{enable_plugin_emqx_bridge_mqtt}}}.
diff --git a/rebar.config.erl b/rebar.config.erl
index 24020ad45..543333895 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -193,6 +193,9 @@ overlay_vars_rel(RelType) ->
              end,
     [ {enable_plugin_emqx_rule_engine, RelType =:= cloud}
     , {enable_plugin_emqx_bridge_mqtt, RelType =:= edge}
+    , {enable_plugin_emqx_resource, true}
+    , {enable_plugin_emqx_connector, true}
+    , {enable_plugin_emqx_data_bridge, true}
     , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
     , {enable_plugin_emqx_recon, true}
     , {enable_plugin_emqx_retainer, true}
@@ -251,8 +254,6 @@ relx_apps(ReleaseType) ->
     , {emqx_plugin_libs, load}
     , observer_cli
     , emqx_http_lib
-    , emqx_resource
-    , emqx_data_bridge
     ]
     ++ [emqx_modules || not is_enterprise()]
     ++ [emqx_license || is_enterprise()]
@@ -290,8 +291,10 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_auth_mnesia
     , emqx_web_hook
     , emqx_recon
-    , emqx_rule_engine
+    , emqx_resource
+    , emqx_connector
     , emqx_data_bridge
+    , emqx_rule_engine
     , emqx_sasl
     ]
     ++ [emqx_telemetry || not is_enterprise()]

From 22b0fa0b92ccce22989e6c10bc862c6bc874e012 Mon Sep 17 00:00:00 2001
From: DDDHuang <904897578@qq.com>
Date: Thu, 10 Jun 2021 16:59:27 +0800
Subject: [PATCH 073/174] chore: more node info

---
 .../src/emqx_mgmt_api_nodes.erl               | 28 +++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/apps/emqx_management/src/emqx_mgmt_api_nodes.erl b/apps/emqx_management/src/emqx_mgmt_api_nodes.erl
index 2be151aaa..c24e46de9 100644
--- a/apps/emqx_management/src/emqx_mgmt_api_nodes.erl
+++ b/apps/emqx_management/src/emqx_mgmt_api_nodes.erl
@@ -41,6 +41,30 @@ get(#{node := Node}, _Params) ->
 format(Node, {error, Reason}) -> #{node => Node, error => Reason};
 
 format(_Node, Info = #{memory_total := Total, memory_used := Used}) ->
-    Info#{memory_total := emqx_mgmt_util:kmg(Total),
-          memory_used  := emqx_mgmt_util:kmg(Used)}.
+    {ok, SysPathBinary} = file:get_cwd(),
+     SysPath = list_to_binary(SysPathBinary),
+     ConfigPath = <<SysPath/binary, "/etc/emqx.conf">>,
+     LogPath = case log_path() of
+                   undefined ->
+                       <<"not found">>;
+                   Path0 ->
+                       Path = list_to_binary(Path0),
+                       <<SysPath/binary, Path/binary>>
+               end,
+     Info#{ memory_total := emqx_mgmt_util:kmg(Total)
+          , memory_used := emqx_mgmt_util:kmg(Used)
+          , sys_path => SysPath
+          , config_path => ConfigPath
+          , log_path => LogPath}.
 
+log_path() ->
+    Configs = logger:get_handler_config(),
+    get_log_path(Configs).
+
+get_log_path([#{id := file} = LoggerConfig | _LoggerConfigs]) ->
+    Config = maps:get(config, LoggerConfig),
+    maps:get(file, Config);
+get_log_path([_LoggerConfig | LoggerConfigs]) ->
+    get_log_path(LoggerConfigs);
+get_log_path([]) ->
+    undefined.

From 1fca3cd1b5f43cee98722ae2fcffe9e6bf6e9f19 Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Thu, 17 Jun 2021 16:35:03 +0200
Subject: [PATCH 074/174] chore(rebar.config): use hocon 0.6.0

hocon 0.6.0 added supports for sensitive config flagging
sub-struct type checking, and remote struct referencing
---
 apps/emqx/rebar.config | 2 +-
 rebar.config           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config
index a33aa2e64..693e96c74 100644
--- a/apps/emqx/rebar.config
+++ b/apps/emqx/rebar.config
@@ -16,7 +16,7 @@
     , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.10.1"}}}
     , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.1"}}}
     , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v4.0.1"}}} %% todo delete when plugins use hocon
-    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.1"}}}
+    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.6.0"}}}
     , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
     , {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
diff --git a/rebar.config b/rebar.config
index ae1d1e83a..db95d94ae 100644
--- a/rebar.config
+++ b/rebar.config
@@ -52,7 +52,7 @@
     , {observer_cli, "1.6.1"} % NOTE: depends on recon 2.5.1
     , {getopt, "1.0.1"}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
-    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.5.1"}}}
+    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.6.0"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
     ]}.
 

From 62df9f03ada00cb58ca6c3eebf9a2948e4d19ecc Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Thu, 17 Jun 2021 16:46:45 +0200
Subject: [PATCH 075/174] fix(emqx_schema): add 'sensitive' flag for passowrd
 configs

---
 apps/emqx/src/emqx_schema.erl | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index bee052926..cb631ea22 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -113,7 +113,11 @@ fields("rlog") ->
 fields("node") ->
     [ {"name", t(string(), "vm_args.-name", "emqx@127.0.0.1", "EMQX_NODE_NAME")}
     , {"ssl_dist_optfile", t(string(), "vm_args.-ssl_dist_optfile", undefined)}
-    , {"cookie", t(string(), "vm_args.-setcookie", "emqxsecretcookie", "EMQX_NODE_COOKIE")}
+    , {"cookie", hoconsc:t(string(), #{mapping => "vm_args.-setcookie",
+                                       default => "emqxsecretcookie",
+                                       sensitive => true,
+                                       override_env => "EMQX_NODE_COOKIE"
+                                      })}
     , {"data_dir", t(string(), "emqx.data_dir", undefined)}
     , {"heartbeat", t(flag(), undefined, false)}
     , {"async_threads", t(range(1, 1024), "vm_args.+A", undefined)}
@@ -1098,7 +1102,10 @@ ssl(Mapping, Defaults) ->
     , {"honor_cipher_order", t(flag(), M("honor_cipher_order"), D("honor_cipher_order"))}
     , {"handshake_timeout", t(duration(), M("handshake_timeout"), D("handshake_timeout"))}
     , {"depth", t(integer(), M("depth"), D("depth"))}
-    , {"password", t(string(), M("key_password"), D("key_password"))}
+    , {"password", hoconsc:t(string(), #{mapping => M("key_password"),
+                                         default => D("key_password"),
+                                         sensitive => true
+                                        })}
     , {"dhfile", t(string(), M("dhfile"), D("dhfile"))}
     , {"server_name_indication", t(union(disable, string()), M("server_name_indication"),
                                    D("server_name_indication"))}

From 3475967c40afda8a1a91a0b33c55857f9886f8f2 Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Thu, 17 Jun 2021 17:14:57 +0200
Subject: [PATCH 076/174] chore(bin/emqx): print env override when generating
 config

---
 bin/emqx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/emqx b/bin/emqx
index 3e54dc17b..a5f76ac72 100755
--- a/bin/emqx
+++ b/bin/emqx
@@ -230,7 +230,7 @@ generate_config() {
     ## ths command populates two files: app.<time>.config and vm.<time>.args
     ## disable SC2086 to allow EMQX_LICENSE_CONF_OPTION to split
     # shellcheck disable=SC2086
-    call_hocon -t "$NOW_TIME" -s emqx_schema -c "$RUNNER_ETC_DIR"/emqx.conf $EMQX_LICENSE_CONF_OPTION -d "$RUNNER_DATA_DIR"/configs generate
+    call_hocon -v -t "$NOW_TIME" -s emqx_schema -c "$RUNNER_ETC_DIR"/emqx.conf $EMQX_LICENSE_CONF_OPTION -d "$RUNNER_DATA_DIR"/configs generate
 
     ## filenames are per-hocon convention
     local CONF_FILE="$CONFIGS_DIR/app.$NOW_TIME.config"

From f5c48634200965c4c3fc5081ee7d0b2a3b2c0b44 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Fri, 18 Jun 2021 15:09:26 +0800
Subject: [PATCH 077/174] fix(connector): add nullable for sentinel_name in
 redis schema

---
 apps/emqx_connector/src/emqx_connector_redis.erl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/emqx_connector/src/emqx_connector_redis.erl b/apps/emqx_connector/src/emqx_connector_redis.erl
index 3eebbcf87..1514f4c33 100644
--- a/apps/emqx_connector/src/emqx_connector_redis.erl
+++ b/apps/emqx_connector/src/emqx_connector_redis.erl
@@ -130,6 +130,7 @@ redis_sentinel_fields() ->
     ].
 
 sentinel_name(type) -> binary();
+sentinel_name(nullable) -> true;
 sentinel_name(_) -> undefined.
 
 redis_type(type) -> hoconsc:enum([single, sentinel, cluster]);

From 64a63ab892147e139f5c1c508f49123c840908c9 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Tue, 15 Jun 2021 22:28:26 +0800
Subject: [PATCH 078/174] chore(hooks): emqx_hooks no longer accept anonymous
 functions

---
 apps/emqx/src/emqx_hooks.erl | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/apps/emqx/src/emqx_hooks.erl b/apps/emqx/src/emqx_hooks.erl
index 95ef33fdd..ae170dcd5 100644
--- a/apps/emqx/src/emqx_hooks.erl
+++ b/apps/emqx/src/emqx_hooks.erl
@@ -66,8 +66,8 @@
 %%     equal priority values.
 
 -type(hookpoint() :: atom()).
--type(action() :: function() | {function(), [term()]} | mfargs()).
--type(filter() :: function() | mfargs()).
+-type(action() :: mfargs()).
+-type(filter() :: mfargs()).
 
 -record(callback, {
           action :: action(),
@@ -118,8 +118,6 @@ add(HookPoint, Action) when is_function(Action); is_tuple(Action) ->
 
 -spec(add(hookpoint(), action(), filter() | integer() | list())
       -> ok_or_error(already_exists)).
-add(HookPoint, Action, InitArgs) when is_function(Action), is_list(InitArgs) ->
-    add(HookPoint, #callback{action = {Action, InitArgs}, priority = 0});
 add(HookPoint, Action, Filter) when is_function(Filter); is_tuple(Filter) ->
     add(HookPoint, #callback{action = Action, filter = Filter, priority = 0});
 add(HookPoint, Action, Priority) when is_integer(Priority) ->
@@ -197,10 +195,6 @@ safe_execute(Fun, Args) ->
     end.
 
 %% @doc execute a function.
-execute(Fun, Args) when is_function(Fun) ->
-    erlang:apply(Fun, Args);
-execute({Fun, InitArgs}, Args) when is_function(Fun) ->
-    erlang:apply(Fun, Args ++ InitArgs);
 execute({M, F, A}, Args) ->
     erlang:apply(M, F, Args ++ A).
 
@@ -284,8 +278,6 @@ del_callback(Action, [#callback{action = Action} | Callbacks], Acc) ->
     del_callback(Action, Callbacks, Acc);
 del_callback(Action = {M, F}, [#callback{action = {M, F, _A}} | Callbacks], Acc) ->
     del_callback(Action, Callbacks, Acc);
-del_callback(Func, [#callback{action = {Func, _A}} | Callbacks], Acc) ->
-    del_callback(Func, Callbacks, Acc);
 del_callback(Action, [Callback | Callbacks], Acc) ->
     del_callback(Action, Callbacks, [Callback | Acc]).
 

From 46fe77687c64f1094bf55eaf1821aae9a15a411f Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Wed, 16 Jun 2021 11:40:13 +0800
Subject: [PATCH 079/174] chore(dialyzer): fix dialyzer error

---
 apps/emqx/src/emqx.erl                               |  4 +---
 apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl       |  8 ++++----
 apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl   |  8 ++++----
 apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl     | 11 ++++++-----
 apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl     |  8 ++++----
 apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl     |  8 ++++----
 apps/emqx_auth_redis/src/emqx_auth_redis_app.erl     |  8 ++++----
 apps/emqx_authentication/src/emqx_authentication.erl |  4 ++--
 apps/emqx_psk_file/src/emqx_psk_file.erl             |  4 ++--
 apps/emqx_retainer/src/emqx_retainer.erl             |  8 ++++----
 apps/emqx_sasl/src/emqx_sasl.erl                     |  4 ++--
 11 files changed, 37 insertions(+), 38 deletions(-)

diff --git a/apps/emqx/src/emqx.erl b/apps/emqx/src/emqx.erl
index 2d2e4eb52..886753a7f 100644
--- a/apps/emqx/src/emqx.erl
+++ b/apps/emqx/src/emqx.erl
@@ -198,9 +198,7 @@ hook(HookPoint, Action) ->
 hook(HookPoint, Action, Priority) when is_integer(Priority) ->
     emqx_hooks:add(HookPoint, Action, Priority);
 hook(HookPoint, Action, Filter) when is_function(Filter); is_tuple(Filter) ->
-    emqx_hooks:add(HookPoint, Action, Filter);
-hook(HookPoint, Action, InitArgs) when is_list(InitArgs) ->
-    emqx_hooks:add(HookPoint, Action, InitArgs).
+    emqx_hooks:add(HookPoint, Action, Filter).
 
 -spec(hook(emqx_hooks:hookpoint(), emqx_hooks:action(), emqx_hooks:filter(), integer())
       -> ok | {error, already_exists}).
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
index c999d5c95..ed43c8d26 100644
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
+++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
@@ -41,8 +41,8 @@ start(_StartType, _StartArgs) ->
     {ok, Sup}.
 
 prep_stop(State) ->
-    emqx:unhook('client.authenticate', fun emqx_auth_ldap:check/3),
-    emqx:unhook('client.check_acl', fun emqx_acl_ldap:check_acl/5),
+    emqx:unhook('client.authenticate',{emqx_auth_ldap, check}),
+    emqx:unhook('client.check_acl', {emqx_acl_ldap, check_acl}),
     State.
 
 stop(_State) ->
@@ -51,12 +51,12 @@ stop(_State) ->
 load_auth_hook(DeviceDn) ->
     ok = emqx_auth_ldap:register_metrics(),
     Params = maps:from_list(DeviceDn),
-    emqx:hook('client.authenticate', fun emqx_auth_ldap:check/3, [Params#{pool => ?APP}]).
+    emqx:hook('client.authenticate', {emqx_auth_ldap, check, [Params#{pool => ?APP}]}).
 
 load_acl_hook(DeviceDn) ->
     ok = emqx_acl_ldap:register_metrics(),
     Params = maps:from_list(DeviceDn),
-    emqx:hook('client.check_acl', fun emqx_acl_ldap:check_acl/5 , [Params#{pool => ?APP}]).
+    emqx:hook('client.check_acl', {emqx_acl_ldap, check_acl, [Params#{pool => ?APP}]}).
 
 if_enabled(Cfgs, Fun) ->
     case get_env(Cfgs) of
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
index 09de5640d..91f4bdf4f 100644
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
@@ -42,8 +42,8 @@ start(_StartType, _StartArgs) ->
     {ok, Sup}.
 
 prep_stop(State) ->
-    emqx:unhook('client.authenticate', fun emqx_auth_mnesia:check/3),
-    emqx:unhook('client.check_acl', fun emqx_acl_mnesia:check_acl/5),
+    emqx:unhook('client.authenticate', {emqx_auth_mnesia, check}),
+    emqx:unhook('client.check_acl', {emqx_acl_mnesia, check_acl}),
     emqx_ctl:unregister_command(clientid),
     emqx_ctl:unregister_command(user),
     emqx_ctl:unregister_command(acl),
@@ -60,9 +60,9 @@ load_auth_hook() ->
     Params = #{
             hash_type => application:get_env(emqx_auth_mnesia, password_hash, sha256)
             },
-    emqx:hook('client.authenticate', fun emqx_auth_mnesia:check/3, [Params]).
+    emqx:hook('client.authenticate', {emqx_auth_mnesia, check, [Params]}).
 
 load_acl_hook() ->
     ok = emqx_acl_mnesia:init(),
     ok = emqx_acl_mnesia:register_metrics(),
-    emqx:hook('client.check_acl', fun emqx_acl_mnesia:check_acl/5, [#{}]).
+    emqx:hook('client.check_acl', {emqx_acl_mnesia, check_acl, [#{}]}).
diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl b/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
index bff779cf0..b8d9431c2 100644
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
+++ b/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
@@ -41,8 +41,8 @@ start(_StartType, _StartArgs) ->
     {ok, Sup}.
 
 prep_stop(State) ->
-    ok = emqx:unhook('client.authenticate', fun emqx_auth_mongo:check/3),
-    ok = emqx:unhook('client.check_acl', fun emqx_acl_mongo:check_acl/5),
+    ok = emqx:unhook('client.authenticate', {emqx_auth_mongo, check}),
+    ok = emqx:unhook('client.check_acl', {emqx_acl_mongo, check_acl}),
     State.
 
 stop(_State) ->
@@ -51,12 +51,13 @@ stop(_State) ->
 reg_authmod(AuthQuery) ->
     emqx_auth_mongo:register_metrics(),
     SuperQuery = r(super_query, application:get_env(?APP, super_query, undefined)),
-    ok = emqx:hook('client.authenticate', fun emqx_auth_mongo:check/3,
-                   [#{authquery => AuthQuery, superquery => SuperQuery, pool => ?APP}]).
+    ok = emqx:hook('client.authenticate', {emqx_auth_mongo, check,
+                                           [#{authquery => AuthQuery, superquery => SuperQuery, pool => ?APP}]
+                                          }).
 
 reg_aclmod(AclQuery) ->
     emqx_acl_mongo:register_metrics(),
-    ok = emqx:hook('client.check_acl', fun emqx_acl_mongo:check_acl/5, [#{aclquery => AclQuery, pool => ?APP}]).
+    ok = emqx:hook('client.check_acl', {emqx_acl_mongo, check_acl, [#{aclquery => AclQuery, pool => ?APP}]}).
 
 %%--------------------------------------------------------------------
 %% Internal functions
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
index 7d696ed52..ec1e25e6b 100644
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
+++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
@@ -42,8 +42,8 @@ start(_StartType, _StartArgs) ->
     {ok, Sup}.
 
 prep_stop(State) ->
-    emqx:unhook('client.authenticate', fun emqx_auth_mysql:check/3),
-    emqx:unhook('client.check_acl', fun emqx_acl_mysql:check_acl/5),
+    emqx:unhook('client.authenticate', {emqx_auth_mysql, check}),
+    emqx:unhook('client.check_acl', {emqx_acl_mysql, check_acl}),
     State.
 
 stop(_State) ->
@@ -57,11 +57,11 @@ load_auth_hook(AuthQuery) ->
                super_query => SuperQuery,
                hash_type   => HashType,
                pool => ?APP},
-    emqx:hook('client.authenticate', fun emqx_auth_mysql:check/3, [Params]).
+    emqx:hook('client.authenticate', {emqx_auth_mysql, check, [Params]}).
 
 load_acl_hook(AclQuery) ->
     ok = emqx_acl_mysql:register_metrics(),
-    emqx:hook('client.check_acl', fun emqx_acl_mysql:check_acl/5, [#{acl_query => AclQuery, pool =>?APP}]).
+    emqx:hook('client.check_acl', {emqx_acl_mysql, check_acl, [#{acl_query => AclQuery, pool =>?APP}]}).
 
 %%--------------------------------------------------------------------
 %% Internal function
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
index e08b990b4..571fd0c4b 100644
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
+++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
@@ -43,17 +43,17 @@ start(_StartType, _StartArgs) ->
                     hash_type => HashType,
                     pool => ?APP},
         ok = emqx_auth_pgsql:register_metrics(),
-        ok = emqx:hook('client.authenticate', fun emqx_auth_pgsql:check/3, [AuthEnv])
+        ok = emqx:hook('client.authenticate', {emqx_auth_pgsql, check, [AuthEnv]})
     end),
     if_enabled(acl_query, fun(AclQuery) ->
         ok = emqx_acl_pgsql:register_metrics(),
-        ok = emqx:hook('client.check_acl', fun emqx_acl_pgsql:check_acl/5, [#{acl_query => AclQuery, pool => ?APP}])
+        ok = emqx:hook('client.check_acl', {emqx_acl_pgsql, check_acl, [#{acl_query => AclQuery, pool => ?APP}]})
     end),
     {ok, Sup}.
 
 stop(_State) ->
-    ok = emqx:unhook('client.authenticate', fun emqx_auth_pgsql:check/3),
-    ok = emqx:unhook('client.check_acl', fun emqx_acl_pgsql:check_acl/5).
+    ok = emqx:unhook('client.authenticate', {emqx_auth_pgsql, check}),
+    ok = emqx:unhook('client.check_acl', {emqx_acl_pgsql, check_acl}).
 
 if_enabled(Par, Fun) ->
     case application:get_env(?APP, Par) of
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl b/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
index 8f8ffb751..3f0b6ce26 100644
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
+++ b/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
@@ -33,8 +33,8 @@ start(_StartType, _StartArgs) ->
     {ok, Sup}.
 
 stop(_State) ->
-    emqx:unhook('client.authenticate', fun emqx_auth_redis:check/3),
-    emqx:unhook('client.check_acl', fun emqx_acl_redis:check_acl/5),
+    emqx:unhook('client.authenticate', {emqx_auth_redis, check}),
+    emqx:unhook('client.check_acl', {emqx_acl_redis, check_acl}),
     %% Ensure stop cluster pool if the server type is cluster
     eredis_cluster:stop_pool(?APP).
 
@@ -50,7 +50,7 @@ load_auth_hook(AuthCmd) ->
                type => Type,
                pool => ?APP},
     ok = emqx_auth_redis:register_metrics(),
-    emqx:hook('client.authenticate', fun emqx_auth_redis:check/3, [Config]).
+    emqx:hook('client.authenticate', {emqx_auth_redis, check, [Config]}).
 
 load_acl_hook(AclCmd) ->
     {ok, Timeout} = application:get_env(?APP, query_timeout),
@@ -60,7 +60,7 @@ load_acl_hook(AclCmd) ->
                type => Type,
                pool => ?APP},
     ok = emqx_acl_redis:register_metrics(),
-    emqx:hook('client.check_acl', fun emqx_acl_redis:check_acl/5, [Config]).
+    emqx:hook('client.check_acl', {emqx_acl_redis, check_acl, [Config]}).
 
 if_cmd_enabled(Par, Fun) ->
     case application:get_env(?APP, Par) of
diff --git a/apps/emqx_authentication/src/emqx_authentication.erl b/apps/emqx_authentication/src/emqx_authentication.erl
index 90a234386..ab7b8537c 100644
--- a/apps/emqx_authentication/src/emqx_authentication.erl
+++ b/apps/emqx_authentication/src/emqx_authentication.erl
@@ -85,13 +85,13 @@ mnesia(copy) ->
     ok = ekka_mnesia:copy_table(?SERVICE_TYPE_TAB, ram_copies).
 
 enable() ->
-    case emqx:hook('client.authenticate', fun emqx_authentication:authenticate/1) of
+    case emqx:hook('client.authenticate', {emqx_authentication, authenticate, []}) of
         ok -> ok;
         {error, already_exists} -> ok
     end.
 
 disable() ->
-    emqx:unhook('client.authenticate', fun emqx_authentication:authenticate/1),
+    emqx:unhook('client.authenticate', {emqx_authentication, authenticate}),
     ok.
 
 authenticate(#{chain_id := ChainID} = ClientInfo) ->
diff --git a/apps/emqx_psk_file/src/emqx_psk_file.erl b/apps/emqx_psk_file/src/emqx_psk_file.erl
index ced11b0da..3afd6dc73 100644
--- a/apps/emqx_psk_file/src/emqx_psk_file.erl
+++ b/apps/emqx_psk_file/src/emqx_psk_file.erl
@@ -38,11 +38,11 @@ load(Env) ->
     {ok, PskFile} = file:open(get_value(path, Env), [read, raw, binary, read_ahead]),
     preload_psks(PskFile, bin(get_value(delimiter, Env))),
     _ = file:close(PskFile),
-    emqx:hook('tls_handshake.psk_lookup', fun ?MODULE:on_psk_lookup/2, []).
+    emqx:hook('tls_handshake.psk_lookup', {?MODULE, on_psk_lookup, []}).
 
 %% Called when the plugin application stop
 unload() ->
-    emqx:unhook('tls_handshake.psk_lookup', fun ?MODULE:on_psk_lookup/2).
+    emqx:unhook('tls_handshake.psk_lookup', {?MODULE, on_psk_lookup}).
 
 on_psk_lookup(ClientPSKID, UserState) ->
     case ets:lookup(?TAB, ClientPSKID) of
diff --git a/apps/emqx_retainer/src/emqx_retainer.erl b/apps/emqx_retainer/src/emqx_retainer.erl
index 340e6929d..9e6f60013 100644
--- a/apps/emqx_retainer/src/emqx_retainer.erl
+++ b/apps/emqx_retainer/src/emqx_retainer.erl
@@ -56,13 +56,13 @@
 %%--------------------------------------------------------------------
 
 load(Env) ->
-    _ = emqx:hook('session.subscribed', fun ?MODULE:on_session_subscribed/3, []),
-    _ = emqx:hook('message.publish', fun ?MODULE:on_message_publish/2, [Env]),
+    _ = emqx:hook('session.subscribed', {?MODULE, on_session_subscribed, []}),
+    _ = emqx:hook('message.publish', {?MODULE, on_message_publish, [Env]}),
     ok.
 
 unload() ->
-    emqx:unhook('message.publish', fun ?MODULE:on_message_publish/2),
-    emqx:unhook('session.subscribed', fun ?MODULE:on_session_subscribed/3).
+    emqx:unhook('message.publish', {?MODULE, on_message_publish}),
+    emqx:unhook('session.subscribed', {?MODULE, on_session_subscribed}).
 
 on_session_subscribed(_, _, #{share := ShareName}) when ShareName =/= undefined ->
     ok;
diff --git a/apps/emqx_sasl/src/emqx_sasl.erl b/apps/emqx_sasl/src/emqx_sasl.erl
index 7010ae902..61fd34134 100644
--- a/apps/emqx_sasl/src/emqx_sasl.erl
+++ b/apps/emqx_sasl/src/emqx_sasl.erl
@@ -26,10 +26,10 @@
         ]).
 
 load() ->
-    emqx:hook('client.enhanced_authenticate', fun ?MODULE:check/3, []).
+    emqx:hook('client.enhanced_authenticate', {?MODULE, check, []}).
 
 unload() ->
-    emqx:unhook('client.enhanced_authenticate', fun ?MODULE:check/3).
+    emqx:unhook('client.enhanced_authenticate', {?MODULE, check}).
 
 init() ->
     emqx_sasl_scram:init().

From 227c8e626bf042825914593e74196550a6841a3e Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Wed, 16 Jun 2021 13:44:31 +0800
Subject: [PATCH 080/174] chore(appup): update appup file

---
 apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src  |  2 +-
 .../emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src | 13 +++++++++++++
 apps/emqx_psk_file/src/emqx_psk_file.app.src        |  2 +-
 apps/emqx_psk_file/src/emqx_psk_file.appup.src      | 13 +++++++++++++
 apps/emqx_retainer/src/emqx_retainer.app.src        |  2 +-
 apps/emqx_retainer/src/emqx_retainer.appup.src      |  8 ++++----
 apps/emqx_sasl/src/emqx_sasl.app.src                |  2 +-
 apps/emqx_sasl/src/emqx_sasl.appup.src              | 13 +++++++++++++
 8 files changed, 47 insertions(+), 8 deletions(-)
 create mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
 create mode 100644 apps/emqx_psk_file/src/emqx_psk_file.appup.src
 create mode 100644 apps/emqx_sasl/src/emqx_sasl.appup.src

diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
index f51395f2c..8ff574ab5 100644
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
@@ -1,6 +1,6 @@
 {application, emqx_auth_mnesia,
  [{description, "EMQ X Authentication with Mnesia"},
-  {vsn, "4.3.0"}, % strict semver, bump manually
+  {vsn, "4.3.1"}, % strict semver, bump manually
   {modules, []},
   {registered, []},
   {applications, [kernel,stdlib,mnesia]},
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
new file mode 100644
index 000000000..5b26c962c
--- /dev/null
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
@@ -0,0 +1,13 @@
+%% -*-: erlang -*-
+{VSN,
+ [
+   {"4.3.0", [
+     {restart_application, emqx_auth_mnesia}
+   ]}
+ ],
+ [
+   {"4.3.0", [
+     {restart_application, emqx_auth_mnesia}
+   ]}
+ ]
+}.
diff --git a/apps/emqx_psk_file/src/emqx_psk_file.app.src b/apps/emqx_psk_file/src/emqx_psk_file.app.src
index b8a6f08a0..ef18c8b69 100644
--- a/apps/emqx_psk_file/src/emqx_psk_file.app.src
+++ b/apps/emqx_psk_file/src/emqx_psk_file.app.src
@@ -1,6 +1,6 @@
 {application, emqx_psk_file,
  [{description,"EMQX PSK Plugin from File"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
+  {vsn, "4.3.1"}, % strict semver, bump manually!
   {modules,[]},
   {registered,[emqx_psk_file_sup]},
   {applications,[kernel,stdlib]},
diff --git a/apps/emqx_psk_file/src/emqx_psk_file.appup.src b/apps/emqx_psk_file/src/emqx_psk_file.appup.src
new file mode 100644
index 000000000..c34a3f71a
--- /dev/null
+++ b/apps/emqx_psk_file/src/emqx_psk_file.appup.src
@@ -0,0 +1,13 @@
+%% -*-: erlang -*-
+{VSN,
+ [
+   {"4.3.0", [
+     {restart_application, emqx_psk_file}
+   ]}
+ ],
+ [
+   {"4.3.0", [
+     {restart_application, emqx_psk_file}
+   ]}
+ ]
+}.
diff --git a/apps/emqx_retainer/src/emqx_retainer.app.src b/apps/emqx_retainer/src/emqx_retainer.app.src
index c3ffb9f90..c5ca7599d 100644
--- a/apps/emqx_retainer/src/emqx_retainer.app.src
+++ b/apps/emqx_retainer/src/emqx_retainer.app.src
@@ -1,6 +1,6 @@
 {application, emqx_retainer,
  [{description, "EMQ X Retainer"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
+  {vsn, "4.3.2"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_retainer_sup]},
   {applications, [kernel,stdlib]},
diff --git a/apps/emqx_retainer/src/emqx_retainer.appup.src b/apps/emqx_retainer/src/emqx_retainer.appup.src
index a17e6ee2f..759ec56bd 100644
--- a/apps/emqx_retainer/src/emqx_retainer.appup.src
+++ b/apps/emqx_retainer/src/emqx_retainer.appup.src
@@ -1,14 +1,14 @@
 %% -*-: erlang -*-
 {VSN,
   [
-    {"4.3.0", [
-      {load_module, emqx_retainer, brutal_purge, soft_purge, []}
+    {<<"4.3.[0-1]">>, [
+      {restart_application, emqx_retainer}
     ]},
     {<<".*">>, []}
   ],
   [
-    {"4.3.0", [
-      {load_module, emqx_retainer, brutal_purge, soft_purge, []}
+    {<<"4.3.[0-1]">>, [
+      {restart_application, emqx_retainer}
     ]},
     {<<".*">>, []}
   ]
diff --git a/apps/emqx_sasl/src/emqx_sasl.app.src b/apps/emqx_sasl/src/emqx_sasl.app.src
index b079376d9..f490a6af5 100644
--- a/apps/emqx_sasl/src/emqx_sasl.app.src
+++ b/apps/emqx_sasl/src/emqx_sasl.app.src
@@ -1,6 +1,6 @@
 {application, emqx_sasl,
  [{description, "EMQ X SASL"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
+  {vsn, "4.3.1"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_sasl_sup]},
   {applications, [kernel,stdlib,pbkdf2]},
diff --git a/apps/emqx_sasl/src/emqx_sasl.appup.src b/apps/emqx_sasl/src/emqx_sasl.appup.src
new file mode 100644
index 000000000..df881fc05
--- /dev/null
+++ b/apps/emqx_sasl/src/emqx_sasl.appup.src
@@ -0,0 +1,13 @@
+%% -*-: erlang -*-
+{VSN,
+ [
+   {"4.3.0", [
+     {restart_application, emqx_sasl}
+   ]}
+ ],
+ [
+   {"4.3.0", [
+     {restart_application, emqx_sasl}
+   ]}
+ ]
+}.

From b21959b0c3b7ba14af63a2d549053d216fdc0d3a Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Wed, 16 Jun 2021 17:18:08 +0800
Subject: [PATCH 081/174] test: fix tests error

---
 apps/emqx/test/emqx_SUITE.erl                 | 25 +++++++-------
 apps/emqx/test/emqx_access_control_SUITE.erl  | 12 +++----
 apps/emqx/test/emqx_hooks_SUITE.erl           | 29 ++++++++--------
 .../test/emqx_acl_mnesia_SUITE.erl            | 12 -------
 apps/emqx_exproto/test/emqx_exproto_SUITE.erl | 33 ++++++++++---------
 5 files changed, 50 insertions(+), 61 deletions(-)

diff --git a/apps/emqx/test/emqx_SUITE.erl b/apps/emqx/test/emqx_SUITE.erl
index 714f4e0a5..4213a5aac 100644
--- a/apps/emqx/test/emqx_SUITE.erl
+++ b/apps/emqx/test/emqx_SUITE.erl
@@ -117,12 +117,12 @@ t_emqx_pubsub_api(_) ->
     ?assertEqual([], emqx:topics()).
 
 t_hook_unhook(_) ->
-    ok = emqx:hook(test_hook, fun ?MODULE:hook_fun1/1, []),
-    ok = emqx:hook(test_hook, fun ?MODULE:hook_fun2/1, []),
+    ok = emqx:hook(test_hook, {?MODULE, hook_fun1, []}),
+    ok = emqx:hook(test_hook, {?MODULE, hook_fun2, []}),
     ?assertEqual({error, already_exists},
-                    emqx:hook(test_hook, fun ?MODULE:hook_fun2/1, [])),
-    ok = emqx:unhook(test_hook, fun ?MODULE:hook_fun1/1),
-    ok = emqx:unhook(test_hook, fun ?MODULE:hook_fun2/1),
+                    emqx:hook(test_hook, {?MODULE, hook_fun2, []})),
+    ok = emqx:unhook(test_hook, {?MODULE, hook_fun1}),
+    ok = emqx:unhook(test_hook, {?MODULE, hook_fun2}),
 
     ok = emqx:hook(emqx_hook, {?MODULE, hook_fun8, []}, 8),
     ok = emqx:hook(emqx_hook, {?MODULE, hook_fun2, []}, 2),
@@ -134,21 +134,20 @@ t_hook_unhook(_) ->
     ok = emqx:unhook(emqx_hook, {?MODULE, hook_fun10, []}).
 
 t_run_hook(_) ->
-    ok = emqx:hook(foldl_hook, fun ?MODULE:hook_fun3/4, [init]),
     ok = emqx:hook(foldl_hook, {?MODULE, hook_fun3, [init]}),
-    ok = emqx:hook(foldl_hook, fun ?MODULE:hook_fun4/4, [init]),
-    ok = emqx:hook(foldl_hook, fun ?MODULE:hook_fun5/4, [init]),
+    ok = emqx:hook(foldl_hook, {?MODULE, hook_fun4, [init]}),
+    ok = emqx:hook(foldl_hook, {?MODULE, hook_fun5, [init]}),
     [r5,r4] = emqx:run_fold_hook(foldl_hook, [arg1, arg2], []),
     [] = emqx:run_fold_hook(unknown_hook, [], []),
 
-    ok = emqx:hook(foldl_hook2, fun ?MODULE:hook_fun9/2),
+    ok = emqx:hook(foldl_hook2, {?MODULE, hook_fun9, []}),
     ok = emqx:hook(foldl_hook2, {?MODULE, hook_fun10, []}),
     [r9] = emqx:run_fold_hook(foldl_hook2, [arg], []),
 
-    ok = emqx:hook(foreach_hook, fun ?MODULE:hook_fun6/2, [initArg]),
-    {error, already_exists} = emqx:hook(foreach_hook, fun ?MODULE:hook_fun6/2, [initArg]),
-    ok = emqx:hook(foreach_hook, fun ?MODULE:hook_fun7/2, [initArg]),
-    ok = emqx:hook(foreach_hook, fun ?MODULE:hook_fun8/2, [initArg]),
+    ok = emqx:hook(foreach_hook, {?MODULE, hook_fun6, [initArg]}),
+    {error, already_exists} = emqx:hook(foreach_hook, {?MODULE, hook_fun6, [initArg]}),
+    ok = emqx:hook(foreach_hook, {?MODULE, hook_fun7, [initArg]}),
+    ok = emqx:hook(foreach_hook, {?MODULE, hook_fun8, [initArg]}),
     ok = emqx:run_hook(foreach_hook, [arg]),
 
     ok = emqx:hook(foreach_filter1_hook, {?MODULE, hook_fun1, []}, {?MODULE, hook_filter1, []}, 0),
diff --git a/apps/emqx/test/emqx_access_control_SUITE.erl b/apps/emqx/test/emqx_access_control_SUITE.erl
index b9ae2c2cb..e4a888d14 100644
--- a/apps/emqx/test/emqx_access_control_SUITE.erl
+++ b/apps/emqx/test/emqx_access_control_SUITE.erl
@@ -50,16 +50,11 @@ t_check_acl(_) ->
     ?assertEqual(allow, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)).
 
 t_bypass_auth_plugins(_) ->
-    AuthFun = fun(#{zone := bypass_zone}, AuthRes) ->
-                      {stop, AuthRes#{auth_result => password_error}};
-                 (#{zone := _}, AuthRes) ->
-                      {stop, AuthRes#{auth_result => success}}
-              end,
     ClientInfo = clientinfo(),
     emqx_zone:set_env(bypass_zone, allow_anonymous, true),
     emqx_zone:set_env(zone, allow_anonymous, false),
     emqx_zone:set_env(bypass_zone, bypass_auth_plugins, true),
-    emqx:hook('client.authenticate', AuthFun, []),
+    emqx:hook('client.authenticate',{?MODULE, auth_fun, []}),
     ?assertMatch({ok, _}, emqx_access_control:authenticate(ClientInfo#{zone => bypass_zone})),
     ?assertMatch({ok, _}, emqx_access_control:authenticate(ClientInfo)).
 
@@ -67,6 +62,11 @@ t_bypass_auth_plugins(_) ->
 %% Helper functions
 %%--------------------------------------------------------------------
 
+auth_fun(#{zone := bypass_zone}, AuthRes) ->
+             {stop, AuthRes#{auth_result => password_error}};
+auth_fun(#{zone := _}, AuthRes) ->
+             {stop, AuthRes#{auth_result => success}}.
+
 clientinfo() -> clientinfo(#{}).
 clientinfo(InitProps) ->
     maps:merge(#{zone       => zone,
diff --git a/apps/emqx/test/emqx_hooks_SUITE.erl b/apps/emqx/test/emqx_hooks_SUITE.erl
index d40030122..49ba88934 100644
--- a/apps/emqx/test/emqx_hooks_SUITE.erl
+++ b/apps/emqx/test/emqx_hooks_SUITE.erl
@@ -40,15 +40,15 @@ all() -> emqx_ct:all(?MODULE).
     
 t_add_del_hook(_) ->
     {ok, _} = emqx_hooks:start_link(),
-    ok = emqx:hook(test_hook, fun ?MODULE:hook_fun1/1, []),
-    ok = emqx:hook(test_hook, fun ?MODULE:hook_fun2/1, []),
+    ok = emqx:hook(test_hook, {?MODULE, hook_fun1, []}),
+    ok = emqx:hook(test_hook, {?MODULE, hook_fun2, []}),
     ?assertEqual({error, already_exists},
-                 emqx:hook(test_hook, fun ?MODULE:hook_fun2/1, [])),
-    Callbacks = [{callback, {fun ?MODULE:hook_fun1/1, []}, undefined, 0},
-                 {callback, {fun ?MODULE:hook_fun2/1, []}, undefined, 0}],
+                 emqx:hook(test_hook, {?MODULE, hook_fun2, []})),
+    Callbacks = [{callback, {?MODULE, hook_fun1, []}, undefined, 0},
+                 {callback, {?MODULE, hook_fun2, []}, undefined, 0}],
     ?assertEqual(Callbacks, emqx_hooks:lookup(test_hook)),
-    ok = emqx:unhook(test_hook, fun ?MODULE:hook_fun1/1),
-    ok = emqx:unhook(test_hook, fun ?MODULE:hook_fun2/1),
+    ok = emqx:unhook(test_hook, {?MODULE, hook_fun1}),
+    ok = emqx:unhook(test_hook, {?MODULE, hook_fun2}),
     timer:sleep(200),
     ?assertEqual([], emqx_hooks:lookup(test_hook)),
 
@@ -71,21 +71,20 @@ t_add_del_hook(_) ->
 
 t_run_hooks(_) ->
     {ok, _} = emqx_hooks:start_link(),
-    ok = emqx:hook(foldl_hook, fun ?MODULE:hook_fun3/4, [init]),
     ok = emqx:hook(foldl_hook, {?MODULE, hook_fun3, [init]}),
-    ok = emqx:hook(foldl_hook, fun ?MODULE:hook_fun4/4, [init]),
-    ok = emqx:hook(foldl_hook, fun ?MODULE:hook_fun5/4, [init]),
+    ok = emqx:hook(foldl_hook, {?MODULE, hook_fun4, [init]}),
+    ok = emqx:hook(foldl_hook, {?MODULE, hook_fun5, [init]}),
     [r5,r4] = emqx:run_fold_hook(foldl_hook, [arg1, arg2], []),
     [] = emqx:run_fold_hook(unknown_hook, [], []),
 
-    ok = emqx:hook(foldl_hook2, fun ?MODULE:hook_fun9/2),
+    ok = emqx:hook(foldl_hook2, {?MODULE, hook_fun9, []}),
     ok = emqx:hook(foldl_hook2, {?MODULE, hook_fun10, []}),
     [r9] = emqx:run_fold_hook(foldl_hook2, [arg], []),
 
-    ok = emqx:hook(foreach_hook, fun ?MODULE:hook_fun6/2, [initArg]),
-    {error, already_exists} = emqx:hook(foreach_hook, fun ?MODULE:hook_fun6/2, [initArg]),
-    ok = emqx:hook(foreach_hook, fun ?MODULE:hook_fun7/2, [initArg]),
-    ok = emqx:hook(foreach_hook, fun ?MODULE:hook_fun8/2, [initArg]),
+    ok = emqx:hook(foreach_hook, {?MODULE, hook_fun6, [initArg]}),
+    {error, already_exists} = emqx:hook(foreach_hook, {?MODULE, hook_fun6, [initArg]}),
+    ok = emqx:hook(foreach_hook, {?MODULE, hook_fun7, [initArg]}),
+    ok = emqx:hook(foreach_hook, {?MODULE, hook_fun8, [initArg]}),
     ok = emqx:run_hook(foreach_hook, [arg]),
 
     ok = emqx:hook(foreach_filter1_hook, {?MODULE, hook_fun1, []}, {?MODULE, hook_filter1, []}, 0),
diff --git a/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl b/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
index 8ace680da..f7994387b 100644
--- a/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
+++ b/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
@@ -50,18 +50,6 @@ end_per_suite(_Config) ->
     delete_default_app(),
     emqx_ct_helpers:stop_apps([emqx_modules, emqx_management, emqx_auth_mnesia]).
 
-init_per_testcase(t_check_acl_as_clientid, Config) ->
-    emqx:hook('client.check_acl', fun emqx_acl_mnesia:check_acl/5, [#{key_as => clientid}]),
-    Config;
-
-init_per_testcase(_, Config) ->
-    emqx:hook('client.check_acl', fun emqx_acl_mnesia:check_acl/5, [#{key_as => username}]),
-    Config.
-
-end_per_testcase(_, Config) ->
-    emqx:unhook('client.check_acl', fun emqx_acl_mnesia:check_acl/5),
-    Config.
-
 set_special_configs(emqx) ->
     application:set_env(emqx, allow_anonymous, true),
     application:set_env(emqx, enable_acl_cache, false),
diff --git a/apps/emqx_exproto/test/emqx_exproto_SUITE.erl b/apps/emqx_exproto/test/emqx_exproto_SUITE.erl
index 70484c30e..db64c7438 100644
--- a/apps/emqx_exproto/test/emqx_exproto_SUITE.erl
+++ b/apps/emqx_exproto/test/emqx_exproto_SUITE.erl
@@ -234,10 +234,8 @@ t_hook_connected_disconnected(Cfg) ->
     ConnAckBin = frame_connack(0),
 
     Parent = self(),
-    HookFun1 = fun(_, _) -> Parent ! connected, ok end,
-    HookFun2 = fun(_, _, _) -> Parent ! disconnected, ok end,
-    emqx:hook('client.connected', HookFun1),
-    emqx:hook('client.disconnected', HookFun2),
+    emqx:hook('client.connected', {?MODULE, hook_fun1, [Parent]}),
+    emqx:hook('client.disconnected',{?MODULE, hook_fun2, [Parent]}),
 
     send(Sock, ConnBin),
     {ok, ConnAckBin} = recv(Sock, 5000),
@@ -260,8 +258,8 @@ t_hook_connected_disconnected(Cfg) ->
     SockType =/= udp andalso begin
         {error, closed} = recv(Sock, 5000)
     end,
-    emqx:unhook('client.connected', HookFun1),
-    emqx:unhook('client.disconnected', HookFun2).
+    emqx:unhook('client.connected', {?MODULE, hook_fun1}),
+    emqx:unhook('client.disconnected', {?MODULE, hook_fun2}).
 
 t_hook_session_subscribed_unsubscribed(Cfg) ->
     SockType = proplists:get_value(listener_type, Cfg),
@@ -280,10 +278,8 @@ t_hook_session_subscribed_unsubscribed(Cfg) ->
     {ok, ConnAckBin} = recv(Sock, 5000),
 
     Parent = self(),
-    HookFun1 = fun(_, _, _) -> Parent ! subscribed, ok end,
-    HookFun2 = fun(_, _, _) -> Parent ! unsubscribed, ok end,
-    emqx:hook('session.subscribed', HookFun1),
-    emqx:hook('session.unsubscribed', HookFun2),
+    emqx:hook('session.subscribed', {?MODULE, hook_fun3, [Parent]}),
+    emqx:hook('session.unsubscribed', {?MODULE, hook_fun4, [Parent]}),
 
     SubBin = frame_subscribe(<<"t/#">>, 1),
     SubAckBin = frame_suback(0),
@@ -310,8 +306,8 @@ t_hook_session_subscribed_unsubscribed(Cfg) ->
     end,
 
     close(Sock),
-    emqx:unhook('session.subscribed', HookFun1),
-    emqx:unhook('session.unsubscribed', HookFun2).
+    emqx:unhook('session.subscribed', {?MODULE, hook_fun3}),
+    emqx:unhook('session.unsubscribed', {?MODULE, hook_fun4}).
 
 t_hook_message_delivered(Cfg) ->
     SockType = proplists:get_value(listener_type, Cfg),
@@ -335,19 +331,26 @@ t_hook_message_delivered(Cfg) ->
     send(Sock, SubBin),
     {ok, SubAckBin} = recv(Sock, 5000),
 
-    HookFun1 = fun(_, Msg) -> {ok, Msg#message{payload = <<"2">>}} end,
-    emqx:hook('message.delivered', HookFun1),
+    emqx:hook('message.delivered', {?MODULE, hook_fun5, []}),
 
     emqx:publish(emqx_message:make(<<"t/dn">>, <<"1">>)),
     PubBin1 = frame_publish(<<"t/dn">>, 0, <<"2">>),
     {ok, PubBin1} = recv(Sock, 5000),
 
     close(Sock),
-    emqx:unhook('message.delivered', HookFun1).
+    emqx:unhook('message.delivered', {?MODULE, hook_fun5}).
 
 %%--------------------------------------------------------------------
 %% Utils
 
+hook_fun1(_, _, Parent) -> Parent ! connected, ok.
+hook_fun2(_, _, _, Parent) -> Parent ! disconnected, ok.
+
+hook_fun3(_, _, _, Parent) -> Parent ! subscribed, ok.
+hook_fun4(_, _, _, Parent) -> Parent ! unsubscribed, ok.
+
+hook_fun5(_, Msg) -> {ok, Msg#message{payload = <<"2">>}}.
+
 rand_bytes() ->
     crypto:strong_rand_bytes(rand:uniform(256)).
 

From 0dd068135dcb864a0761e9895d41e606dfa26d68 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 18 Jun 2021 16:14:31 +0800
Subject: [PATCH 082/174] chore(hooks): delete is_function()

---
 apps/emqx/src/emqx.erl       | 2 +-
 apps/emqx/src/emqx_hooks.erl | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/emqx/src/emqx.erl b/apps/emqx/src/emqx.erl
index 886753a7f..9c42e96a3 100644
--- a/apps/emqx/src/emqx.erl
+++ b/apps/emqx/src/emqx.erl
@@ -197,7 +197,7 @@ hook(HookPoint, Action) ->
       -> ok | {error, already_exists}).
 hook(HookPoint, Action, Priority) when is_integer(Priority) ->
     emqx_hooks:add(HookPoint, Action, Priority);
-hook(HookPoint, Action, Filter) when is_function(Filter); is_tuple(Filter) ->
+hook(HookPoint, Action, {_M, _F, _A} = Filter ) ->
     emqx_hooks:add(HookPoint, Action, Filter).
 
 -spec(hook(emqx_hooks:hookpoint(), emqx_hooks:action(), emqx_hooks:filter(), integer())
diff --git a/apps/emqx/src/emqx_hooks.erl b/apps/emqx/src/emqx_hooks.erl
index ae170dcd5..242d85be2 100644
--- a/apps/emqx/src/emqx_hooks.erl
+++ b/apps/emqx/src/emqx_hooks.erl
@@ -118,7 +118,7 @@ add(HookPoint, Action) when is_function(Action); is_tuple(Action) ->
 
 -spec(add(hookpoint(), action(), filter() | integer() | list())
       -> ok_or_error(already_exists)).
-add(HookPoint, Action, Filter) when is_function(Filter); is_tuple(Filter) ->
+add(HookPoint, Action, {_M, _F, _A} = Filter) ->
     add(HookPoint, #callback{action = Action, filter = Filter, priority = 0});
 add(HookPoint, Action, Priority) when is_integer(Priority) ->
     add(HookPoint, #callback{action = Action, priority = Priority}).
@@ -185,12 +185,12 @@ filter_passed(undefined, _Args) -> true;
 filter_passed(Filter, Args) ->
     execute(Filter, Args).
 
-safe_execute(Fun, Args) ->
-    try execute(Fun, Args) of
+safe_execute({M, F, A}, Args) ->
+    try execute({M, F, A}, Args) of
         Result -> Result
     catch
         Error:Reason:Stacktrace ->
-            ?LOG(error, "Failed to execute ~0p: ~0p", [Fun, {Error, Reason, Stacktrace}]),
+            ?LOG(error, "Failed to execute ~0p: ~0p", [{M, F, A}, {Error, Reason, Stacktrace}]),
             ok
     end.
 

From 87cc94ad28293718804d050231f100c97c143cb4 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 18 Jun 2021 18:08:31 +0800
Subject: [PATCH 083/174] chore(hooks): update type

---
 apps/emqx/src/emqx_hooks.erl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/src/emqx_hooks.erl b/apps/emqx/src/emqx_hooks.erl
index 242d85be2..3709c64d3 100644
--- a/apps/emqx/src/emqx_hooks.erl
+++ b/apps/emqx/src/emqx_hooks.erl
@@ -66,8 +66,8 @@
 %%     equal priority values.
 
 -type(hookpoint() :: atom()).
--type(action() :: mfargs()).
--type(filter() :: mfargs()).
+-type(action() :: {module(), atom(), [term()] | undefined}).
+-type(filter() :: {module(), atom(), [term()] | undefined}).
 
 -record(callback, {
           action :: action(),

From d4784a0d331d8ffbadad90d75fd18829ad782fc7 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Sat, 19 Jun 2021 09:25:53 +0800
Subject: [PATCH 084/174] chore(CI): upload logs when emqx ct failed

---
 .github/workflows/run_emqx_app_tests.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/run_emqx_app_tests.yaml b/.github/workflows/run_emqx_app_tests.yaml
index 3fa30b484..56089ffcf 100644
--- a/.github/workflows/run_emqx_app_tests.yaml
+++ b/.github/workflows/run_emqx_app_tests.yaml
@@ -24,3 +24,9 @@ jobs:
             ./rebar3 eunit -v
             ./rebar3 ct -v
             ./rebar3 proper -d test/props
+        - uses: actions/upload-artifact@v1
+          if: failure()
+          with:
+            name: logs
+            path: apps/emqx/_build/test/logs
+

From f004e36e28571cc1fce8647ec8ec4c8c20d4c25f Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Sat, 19 Jun 2021 12:02:01 +0800
Subject: [PATCH 085/174] feat(plugins): Support load plugins of hocon
 configuration format

---
 apps/emqx/rebar.config                        |   1 +
 apps/emqx/src/emqx_plugins.erl                | 117 ++++++++++--------
 apps/emqx/test/emqx_plugins_SUITE.erl         |  20 ++-
 .../emqx_hocon_plugin/Makefile                |  26 ++++
 .../etc/emqx_hocon_plugin.conf                |   3 +
 .../emqx_hocon_plugin/rebar.config            |  23 ++++
 .../src/emqx_hocon_plugin.app.src             |  15 +++
 .../src/emqx_hocon_plugin_app.erl             |  42 +++++++
 .../src/emqx_hocon_plugin_schema.erl          |  15 +++
 9 files changed, 205 insertions(+), 57 deletions(-)
 create mode 100644 apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/Makefile
 create mode 100644 apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/etc/emqx_hocon_plugin.conf
 create mode 100644 apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/rebar.config
 create mode 100644 apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin.app.src
 create mode 100644 apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin_app.erl
 create mode 100644 apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin_schema.erl

diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config
index 693e96c74..17ba58d37 100644
--- a/apps/emqx/rebar.config
+++ b/apps/emqx/rebar.config
@@ -28,6 +28,7 @@
    {test,
        [{deps,
            [ meck
+           , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.6.0"}}}
            , {bbmustache,"1.10.0"}
            , {emqx_ct_helpers, {git,"https://github.com/zmstone/emqx-ct-helpers", {branch,"hocon"}}}
            , {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3.1"}}}
diff --git a/apps/emqx/src/emqx_plugins.erl b/apps/emqx/src/emqx_plugins.erl
index 6ef3d2d21..7df1f368c 100644
--- a/apps/emqx/src/emqx_plugins.erl
+++ b/apps/emqx/src/emqx_plugins.erl
@@ -175,7 +175,7 @@ load_ext_plugin(PluginDir) ->
               end,
     ok = load_plugin_app(AppName, Ebin),
     try
-        ok = load_plugin_conf(AppName, PluginDir)
+        ok = generate_configs(AppName)
     catch
         throw : {conf_file_not_found, ConfFile} ->
             %% this is maybe a dependency of an external plugin
@@ -199,21 +199,6 @@ load_plugin_app(AppName, Ebin) ->
         {error, {already_loaded, _}} -> ok
     end.
 
-load_plugin_conf(AppName, PluginDir) ->
-    Priv = filename:join([PluginDir, "priv"]),
-    Etc  = filename:join([PluginDir, "etc"]),
-    ConfFile = filename:join([Etc, atom_to_list(AppName) ++ ".conf"]),
-    Conf = case filelib:is_file(ConfFile) of
-               true -> cuttlefish_conf:file(ConfFile);
-               false -> throw({conf_file_not_found, ConfFile})
-           end,
-    Schema = filelib:wildcard(filename:join([Priv, "*.schema"])),
-    ?LOG(debug, "loading_extra_plugin_config conf=~s, schema=~s", [ConfFile, Schema]),
-    AppsEnv = cuttlefish_generator:map(cuttlefish_schema:files(Schema), Conf),
-    lists:foreach(fun({AppName1, Envs}) ->
-        [application:set_env(AppName1, Par, Val) || {Par, Val} <- Envs]
-    end, AppsEnv).
-
 ensure_file(File) ->
     case filelib:is_file(File) of false -> write_loaded([]); true -> ok end.
 
@@ -246,41 +231,6 @@ load_plugins(Names, Persistent) ->
                       load_plugin(Plugin#plugin.name, Persistent)
                   end, NeedToLoad).
 
-generate_configs(App) ->
-    ConfigFile = filename:join([emqx:get_env(plugins_etc_dir), App]) ++ ".config",
-    case filelib:is_file(ConfigFile) of
-        true ->
-            {ok, [Configs]} = file:consult(ConfigFile),
-            Configs;
-        false ->
-            do_generate_configs(App)
-    end.
-
-do_generate_configs(App) ->
-    Name1 = filename:join([emqx:get_env(plugins_etc_dir), App]) ++ ".conf",
-    Name2 = filename:join([code:lib_dir(App), "etc", App]) ++ ".conf",
-    ConfFile = case {filelib:is_file(Name1), filelib:is_file(Name2)} of
-                   {true, _} -> Name1;
-                   {false, true} -> Name2;
-                   {false, false} -> error({config_not_found, [Name1, Name2]})
-               end,
-    SchemaFile = filename:join([code:priv_dir(App), App]) ++ ".schema",
-    case filelib:is_file(SchemaFile) of
-        true ->
-            Schema = cuttlefish_schema:files([SchemaFile]),
-            Conf = cuttlefish_conf:file(ConfFile),
-            cuttlefish_generator:map(Schema, Conf, undefined, fun ?MODULE:funlog/2);
-        false ->
-            error({schema_not_found, SchemaFile})
-    end.
-
-apply_configs([]) ->
-    ok;
-apply_configs([{App, Config} | More]) ->
-    lists:foreach(fun({Key, _}) -> application:unset_env(App, Key) end, application:get_all_env(App)),
-    lists:foreach(fun({Key, Val}) -> application:set_env(App, Key, Val) end, Config),
-    apply_configs(More).
-
 %% Stop plugins
 stop_plugins(Names) ->
     _ = [stop_app(App) || App <- Names],
@@ -296,8 +246,7 @@ plugin(AppName, Type) ->
 
 load_plugin(Name, Persistent) ->
     try
-        Configs = ?MODULE:generate_configs(Name),
-        ?MODULE:apply_configs(Configs),
+        ok = ?MODULE:generate_configs(Name),
         case load_app(Name) of
             ok ->
                 start_app(Name, fun(App) -> plugin_loaded(App, Persistent) end);
@@ -416,3 +365,65 @@ plugin_type(_) -> feature.
 
 funlog(Key, Value) ->
     ?LOG(info, "~s = ~p", [string:join(Key, "."), Value]).
+
+generate_configs(App) ->
+    PluginConfDir = filename:join([code:lib_dir(App), "etc"]),
+    PluginSchemaDir = filename:join([code:lib_dir(App), "priv"]),
+    ConfigFile = filename:join([PluginConfDir, App]) ++ ".config",
+    case filelib:is_file(ConfigFile) of
+        true ->
+            {ok, [Configs]} = file:consult(ConfigFile),
+            apply_configs(Configs);
+        false ->
+            SchemaFile = filename:join([PluginSchemaDir, App]) ++ ".schema",
+            case filelib:is_file(SchemaFile) of
+                true ->
+                    AppsEnv = do_generate_configs(App),
+                    apply_configs(AppsEnv);
+                false ->
+                    SchemaMod = lists:concat([App, "_schema"]),
+                    ConfName = filename:join([PluginConfDir, App]) ++ ".conf",
+                    SchemaFile1 = filename:join([code:lib_dir(App), "ebin", SchemaMod]) ++ ".beam",
+                    do_generate_hocon_configs(App, ConfName, SchemaFile1)
+            end
+    end.
+
+do_generate_configs(App) ->
+    Name1 = filename:join([emqx:get_env(plugins_etc_dir), App]) ++ ".conf",
+    Name2 = filename:join([code:lib_dir(App), "etc", App]) ++ ".conf",
+    ConfFile = case {filelib:is_file(Name1), filelib:is_file(Name2)} of
+                   {true, _} -> Name1;
+                   {false, true} -> Name2;
+                   {false, false} -> error({config_not_found, [Name1, Name2]})
+               end,
+    SchemaFile = filename:join([code:priv_dir(App), App]) ++ ".schema",
+    case filelib:is_file(SchemaFile) of
+        true ->
+            Schema = cuttlefish_schema:files([SchemaFile]),
+            Conf = cuttlefish_conf:file(ConfFile),
+            cuttlefish_generator:map(Schema, Conf, undefined, fun ?MODULE:funlog/2);
+        false ->
+            error({schema_not_found, SchemaFile})
+    end.
+
+do_generate_hocon_configs(App, ConfName, SchemaFile) ->
+    SchemaMod = lists:concat([App, "_schema"]),
+    case {filelib:is_file(ConfName), filelib:is_file(SchemaFile)} of
+        {true, true} ->
+            {ok, RawConfig} = hocon:load(ConfName),
+            Config = hocon_schema:check_plain(list_to_atom(SchemaMod), RawConfig, #{atom_key => true}),
+            emqx_config_handler:update_config(emqx_config_handler, Config);
+        {true, false} ->
+            error({schema_not_found, [SchemaFile]});
+        {false, true} ->
+            error({config_not_found, [SchemaFile]});
+        {false, false} ->
+            error({conf_and_schema_not_found, [ConfName, SchemaFile]})
+    end.
+
+apply_configs([]) ->
+    ok;
+apply_configs([{App, Config} | More]) ->
+    lists:foreach(fun({Key, _}) -> application:unset_env(App, Key) end, application:get_all_env(App)),
+    lists:foreach(fun({Key, Val}) -> application:set_env(App, Key, Val) end, Config),
+    apply_configs(More).
diff --git a/apps/emqx/test/emqx_plugins_SUITE.erl b/apps/emqx/test/emqx_plugins_SUITE.erl
index 6d8847f43..6a76cb9d2 100644
--- a/apps/emqx/test/emqx_plugins_SUITE.erl
+++ b/apps/emqx/test/emqx_plugins_SUITE.erl
@@ -30,11 +30,16 @@ init_per_suite(Config) ->
 
     DataPath = proplists:get_value(data_dir, Config),
     AppPath = filename:join([DataPath, "emqx_mini_plugin"]),
+    HoconPath = filename:join([DataPath, "emqx_hocon_plugin"]),
     Cmd = lists:flatten(io_lib:format("cd ~s && make", [AppPath])),
+    CmdPath = lists:flatten(io_lib:format("cd ~s && make", [HoconPath])),
 
     ct:pal("Executing ~s~n", [Cmd]),
     ct:pal("~n ~s~n", [os:cmd(Cmd)]),
 
+    ct:pal("Executing ~s~n", [CmdPath]),
+    ct:pal("~n ~s~n", [os:cmd(CmdPath)]),
+
     put(loaded_file, filename:join([DataPath, "loaded_plugins"])),
     emqx_ct_helpers:boot_modules([]),
     emqx_ct_helpers:start_apps([], fun(_) -> set_special_cfg(DataPath) end),
@@ -55,6 +60,7 @@ t_load(_) ->
 
     ?assertEqual({error, not_found}, emqx_plugins:load(not_existed_plugin)),
     ?assertEqual({error, not_started}, emqx_plugins:unload(emqx_mini_plugin)),
+    ?assertEqual({error, not_started}, emqx_plugins:unload(emqx_hocon_plugin)),
 
     application:set_env(emqx, expand_plugins_dir, undefined),
     application:set_env(emqx, plugins_loaded_file, undefined),
@@ -78,7 +84,8 @@ t_list(_) ->
     ?assertMatch([{plugin, _, _, _, _, _, _, _} | _ ], emqx_plugins:list()).
 
 t_find_plugin(_) ->
-    ?assertMatch({plugin, emqx_mini_plugin, _, _, _, _, _, _}, emqx_plugins:find_plugin(emqx_mini_plugin)).
+    ?assertMatch({plugin, emqx_mini_plugin, _, _, _, _, _, _}, emqx_plugins:find_plugin(emqx_mini_plugin)),
+    ?assertMatch({plugin, emqx_hocon_plugin, _, _, _, _, _, _}, emqx_plugins:find_plugin(emqx_hocon_plugin)).
 
 t_plugin_type(_) ->
     ?assertEqual(auth, emqx_plugins:plugin_type(auth)),
@@ -92,11 +99,15 @@ t_with_loaded_file(_) ->
 
 t_plugin_loaded(_) ->
     ?assertEqual(ok, emqx_plugins:plugin_loaded(emqx_mini_plugin, false)),
-    ?assertEqual(ok, emqx_plugins:plugin_loaded(emqx_mini_plugin, true)).
+    ?assertEqual(ok, emqx_plugins:plugin_loaded(emqx_mini_plugin, true)),
+    ?assertEqual(ok, emqx_plugins:plugin_loaded(emqx_hocon_plugin, false)),
+    ?assertEqual(ok, emqx_plugins:plugin_loaded(emqx_hocon_plugin, true)).
 
 t_plugin_unloaded(_) ->
     ?assertEqual(ok, emqx_plugins:plugin_unloaded(emqx_mini_plugin, false)),
-    ?assertEqual(ok, emqx_plugins:plugin_unloaded(emqx_mini_plugin, true)).
+    ?assertEqual(ok, emqx_plugins:plugin_unloaded(emqx_mini_plugin, true)),
+    ?assertEqual(ok, emqx_plugins:plugin_unloaded(emqx_hocon_plugin, false)),
+    ?assertEqual(ok, emqx_plugins:plugin_unloaded(emqx_hocon_plugin, true)).
 
 t_plugin(_) ->
     try
@@ -105,7 +116,8 @@ t_plugin(_) ->
         _Error:Reason:_Stacktrace ->
             ?assertEqual({plugin_not_found,not_existed_plugin}, Reason)
     end,
-    ?assertMatch({plugin, emqx_mini_plugin, _, _, _, _, _, _}, emqx_plugins:plugin(emqx_mini_plugin, undefined)).
+    ?assertMatch({plugin, emqx_mini_plugin, _, _, _, _, _, _}, emqx_plugins:plugin(emqx_mini_plugin, undefined)),
+    ?assertMatch({plugin, emqx_hocon_plugin, _, _, _, _, _, _}, emqx_plugins:plugin(emqx_hocon_plugin, undefined)).
 
 t_filter_plugins(_) ->
     ?assertEqual([name1, name2], emqx_plugins:filter_plugins([name1, {name2,true}, {name3, false}])).
diff --git a/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/Makefile b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/Makefile
new file mode 100644
index 000000000..e0ed250e1
--- /dev/null
+++ b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/Makefile
@@ -0,0 +1,26 @@
+## shallow clone for speed
+
+REBAR_GIT_CLONE_OPTIONS += --depth 1
+export REBAR_GIT_CLONE_OPTIONS
+
+REBAR = rebar3
+all: compile
+
+compile:
+	$(REBAR) compile
+	cp -r _build/default/lib/emqx_hocon_plugin/ebin ./
+
+clean: distclean
+
+ct: compile
+	$(REBAR) as test ct -v
+
+eunit: compile
+	$(REBAR) as test eunit
+
+xref:
+	$(REBAR) xref
+
+distclean:
+	@rm -rf _build
+	@rm -f ebin/ data/app.*.config data/vm.*.args rebar.lock
diff --git a/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/etc/emqx_hocon_plugin.conf b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/etc/emqx_hocon_plugin.conf
new file mode 100644
index 000000000..e1f7bc5b9
--- /dev/null
+++ b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/etc/emqx_hocon_plugin.conf
@@ -0,0 +1,3 @@
+emqx_hocon_plugin: {
+    name: test
+}
diff --git a/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/rebar.config b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/rebar.config
new file mode 100644
index 000000000..888a03bc4
--- /dev/null
+++ b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/rebar.config
@@ -0,0 +1,23 @@
+{deps, [{hocon, {git, "https://github.com/emqx/hocon", {tag, "0.6.0"}}}]}.
+
+{edoc_opts, [{preprocess, true}]}.
+{erl_opts, [warn_unused_vars,
+            warn_shadow_vars,
+            warn_unused_import,
+            warn_obsolete_guard,
+            debug_info,
+            {parse_transform}]}.
+
+{xref_checks, [undefined_function_calls, undefined_functions,
+               locals_not_used, deprecated_function_calls,
+               warnings_as_errors, deprecated_functions]}.
+{cover_enabled, true}.
+{cover_opts, [verbose]}.
+{cover_export_enabled, true}.
+
+{profiles,
+    [{test, [
+        {deps, [ {emqx_ct_helper, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "v1.1.4"}}}
+               ]}
+    ]}
+]}.
diff --git a/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin.app.src b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin.app.src
new file mode 100644
index 000000000..d09f01b1c
--- /dev/null
+++ b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin.app.src
@@ -0,0 +1,15 @@
+{application, emqx_hocon_plugin,
+ [{description, "An EMQ X plugin for hocon testcase"},
+  {vsn, "0.1"},
+  {modules, []},
+  {registered, []},
+  {mod, {emqx_hocon_plugin_app, []}},
+  {applications,
+   [kernel,
+    stdlib,
+    typerefl
+   ]},
+  {env,[]},
+  {licenses, ["Apache 2.0"]},
+  {links, []}
+ ]}.
diff --git a/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin_app.erl b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin_app.erl
new file mode 100644
index 000000000..04191aac8
--- /dev/null
+++ b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin_app.erl
@@ -0,0 +1,42 @@
+%%%-------------------------------------------------------------------
+%% @doc emqx_mini_plugin public API
+%% @end
+%%%-------------------------------------------------------------------
+
+-module(emqx_hocon_plugin_app).
+
+-behaviour(application).
+-behaviour(supervisor).
+
+-emqx_plugin(?MODULE).
+
+%% Application APIs
+-export([ start/2
+        , stop/1
+        ]).
+
+%% Supervisor callback
+-export([init/1]).
+
+
+%% -- Application
+
+start(_StartType, _StartArgs) ->
+    {ok, Sup} = start_link(),
+    {ok, Sup}.
+
+stop(_State) ->
+    ok.
+
+%% --- Supervisor
+
+start_link() ->
+    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
+
+init([]) ->
+    SupFlags = #{strategy => one_for_all,
+                 intensity => 0,
+                 period => 1},
+    ChildSpecs = [],
+    {ok, {SupFlags, ChildSpecs}}.
+
diff --git a/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin_schema.erl b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin_schema.erl
new file mode 100644
index 000000000..fab74b5e8
--- /dev/null
+++ b/apps/emqx/test/emqx_plugins_SUITE_data/emqx_hocon_plugin/src/emqx_hocon_plugin_schema.erl
@@ -0,0 +1,15 @@
+-module(emqx_hocon_plugin_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-export([structs/0, fields/1]).
+
+-behaviour(hocon_schema).
+
+structs() -> ["emqx_hocon_plugin"].
+
+fields("emqx_hocon_plugin") ->
+    [{name, fun name/1}].
+
+name(type) -> binary();
+name(_) -> undefined.

From e2d96e46a03ff2f37d673f1fc2f3770e85d8844d Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Sat, 19 Jun 2021 16:27:21 +0800
Subject: [PATCH 086/174] change resource,connectors,data_bridges as normal
 apps (#5034)

---
 apps/emqx/rebar.config                        |  2 +-
 apps/emqx_connector/etc/emqx_connector.conf   |  4 --
 .../emqx_connector/priv/emqx_connector.schema |  2 -
 .../emqx_connector/src/emqx_connector_app.erl |  2 -
 .../src/emqx_connector_ldap.erl               |  7 +--
 .../src/emqx_connector_mongo.erl              |  9 ++--
 .../src/emqx_connector_mysql.erl              |  9 +++-
 .../src/emqx_connector_pgsql.erl              |  7 +--
 .../src/emqx_connector_redis.erl              |  7 +--
 .../etc/emqx_data_bridge.conf                 | 18 ++++----
 .../priv/emqx_data_bridge.schema              | 16 -------
 .../emqx_data_bridge/src/emqx_data_bridge.erl | 29 ++++++------
 .../src/emqx_data_bridge_app.erl              |  2 -
 .../src/emqx_data_bridge_monitor.erl          |  5 +--
 .../src/emqx_data_bridge_schema.erl           | 23 ++++++++++
 apps/emqx_resource/etc/emqx_resource.conf     |  3 --
 apps/emqx_resource/include/emqx_resource.hrl  |  2 +
 apps/emqx_resource/priv/emqx_resource.schema  |  2 -
 apps/emqx_resource/src/emqx_resource.erl      | 45 +++++++++----------
 apps/emqx_resource/src/emqx_resource_app.erl  |  2 -
 .../src/emqx_resource_schema.erl              | 34 --------------
 data/loaded_plugins.tmpl                      |  3 --
 rebar.config                                  |  2 +-
 rebar.config.erl                              | 10 ++---
 24 files changed, 103 insertions(+), 142 deletions(-)
 delete mode 100644 apps/emqx_connector/etc/emqx_connector.conf
 delete mode 100644 apps/emqx_connector/priv/emqx_connector.schema
 delete mode 100644 apps/emqx_data_bridge/priv/emqx_data_bridge.schema
 create mode 100644 apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
 delete mode 100644 apps/emqx_resource/etc/emqx_resource.conf
 delete mode 100644 apps/emqx_resource/priv/emqx_resource.schema
 delete mode 100644 apps/emqx_resource/src/emqx_resource_schema.erl

diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config
index 17ba58d37..b5065dc3a 100644
--- a/apps/emqx/rebar.config
+++ b/apps/emqx/rebar.config
@@ -16,7 +16,7 @@
     , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.10.1"}}}
     , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.1"}}}
     , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v4.0.1"}}} %% todo delete when plugins use hocon
-    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.6.0"}}}
+    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.7.0"}}}
     , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
     , {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
diff --git a/apps/emqx_connector/etc/emqx_connector.conf b/apps/emqx_connector/etc/emqx_connector.conf
deleted file mode 100644
index db4402d47..000000000
--- a/apps/emqx_connector/etc/emqx_connector.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-##--------------------------------------------------------------------
-## EMQ X CONNECTOR Plugin
-##--------------------------------------------------------------------
-
diff --git a/apps/emqx_connector/priv/emqx_connector.schema b/apps/emqx_connector/priv/emqx_connector.schema
deleted file mode 100644
index b8476c4d9..000000000
--- a/apps/emqx_connector/priv/emqx_connector.schema
+++ /dev/null
@@ -1,2 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_connector config mapping
diff --git a/apps/emqx_connector/src/emqx_connector_app.erl b/apps/emqx_connector/src/emqx_connector_app.erl
index 4bbad75cf..64e6b8109 100644
--- a/apps/emqx_connector/src/emqx_connector_app.erl
+++ b/apps/emqx_connector/src/emqx_connector_app.erl
@@ -18,8 +18,6 @@
 
 -behaviour(application).
 
--emqx_plugin(?MODULE).
-
 -export([start/2, stop/1]).
 
 start(_StartType, _StartArgs) ->
diff --git a/apps/emqx_connector/src/emqx_connector_ldap.erl b/apps/emqx_connector/src/emqx_connector_ldap.erl
index 3b0af5aa7..ca5ff2482 100644
--- a/apps/emqx_connector/src/emqx_connector_ldap.erl
+++ b/apps/emqx_connector/src/emqx_connector_ldap.erl
@@ -19,8 +19,7 @@
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
--export([ schema/0
-        ]).
+-export([structs/0, fields/1]).
 
 %% callbacks of behaviour emqx_resource
 -export([ on_start/2
@@ -36,7 +35,9 @@
 
 -export([search/4]).
 %%=====================================================================
-schema() ->
+structs() -> [""].
+
+fields("") ->
     redis_fields() ++
     emqx_connector_schema_lib:ssl_fields().
 
diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl
index 26a36dd0a..841cc0a2a 100644
--- a/apps/emqx_connector/src/emqx_connector_mongo.erl
+++ b/apps/emqx_connector/src/emqx_connector_mongo.erl
@@ -19,9 +19,6 @@
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
--export([ schema/0
-        ]).
-
 %% callbacks of behaviour emqx_resource
 -export([ on_start/2
         , on_stop/2
@@ -32,9 +29,13 @@
 
 -export([connect/1]).
 
+-export([structs/0, fields/1]).
+
 -export([mongo_query/5]).
 %%=====================================================================
-schema() ->
+structs() -> [""].
+
+fields("") ->
     mongodb_fields() ++
     mongodb_topology_fields() ++
     mongodb_rs_set_name_fields() ++
diff --git a/apps/emqx_connector/src/emqx_connector_mysql.erl b/apps/emqx_connector/src/emqx_connector_mysql.erl
index 61e13901e..afe249682 100644
--- a/apps/emqx_connector/src/emqx_connector_mysql.erl
+++ b/apps/emqx_connector/src/emqx_connector_mysql.erl
@@ -28,15 +28,20 @@
 
 -export([connect/1]).
 
--export([schema/0]).
+-export([structs/0, fields/1]).
 
 -export([do_health_check/1]).
 
 %%=====================================================================
-schema() ->
+%% Hocon schema
+structs() -> [""].
+
+fields("") ->
     emqx_connector_schema_lib:relational_db_fields() ++
     emqx_connector_schema_lib:ssl_fields().
 
+%%=====================================================================
+
 on_jsonify(#{server := Server}= Config) ->
     Config#{server => emqx_connector_schema_lib:ip_port_to_string(Server)}.
 
diff --git a/apps/emqx_connector/src/emqx_connector_pgsql.erl b/apps/emqx_connector/src/emqx_connector_pgsql.erl
index 0ff0d6779..827a9606c 100644
--- a/apps/emqx_connector/src/emqx_connector_pgsql.erl
+++ b/apps/emqx_connector/src/emqx_connector_pgsql.erl
@@ -18,8 +18,7 @@
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
--export([ schema/0
-        ]).
+-export([structs/0, fields/1]).
 
 %% callbacks of behaviour emqx_resource
 -export([ on_start/2
@@ -36,7 +35,9 @@
 -export([do_health_check/1]).
 
 %%=====================================================================
-schema() ->
+structs() -> [""].
+
+fields("") ->
     emqx_connector_schema_lib:relational_db_fields() ++
     emqx_connector_schema_lib:ssl_fields().
 
diff --git a/apps/emqx_connector/src/emqx_connector_redis.erl b/apps/emqx_connector/src/emqx_connector_redis.erl
index 1514f4c33..32ec81616 100644
--- a/apps/emqx_connector/src/emqx_connector_redis.erl
+++ b/apps/emqx_connector/src/emqx_connector_redis.erl
@@ -19,8 +19,7 @@
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
--export([ schema/0
-        ]).
+-export([structs/0, fields/1]).
 
 %% callbacks of behaviour emqx_resource
 -export([ on_start/2
@@ -37,7 +36,9 @@
 -export([cmd/3]).
 
 %%=====================================================================
-schema() ->
+structs() -> [""].
+
+fields("") ->
     redis_fields() ++
     redis_sentinel_fields() ++
     emqx_connector_schema_lib:ssl_fields().
diff --git a/apps/emqx_data_bridge/etc/emqx_data_bridge.conf b/apps/emqx_data_bridge/etc/emqx_data_bridge.conf
index 0ca529699..696cadf05 100644
--- a/apps/emqx_data_bridge/etc/emqx_data_bridge.conf
+++ b/apps/emqx_data_bridge/etc/emqx_data_bridge.conf
@@ -3,7 +3,7 @@
 ##--------------------------------------------------------------------
 
 emqx_data_bridge.bridges: [
-#    {name: "mysql"
+#    {name: "mysql_bridge_1"
 #     type: mysql
 #     config: {
 #        server: "192.168.0.172:3306"
@@ -15,7 +15,7 @@ emqx_data_bridge.bridges: [
 #        ssl: false
 #     }
 #    }
-#   , {name: "pgsql"
+#   , {name: "pgsql_bridge_1"
 #     type: pgsql
 #     config: {
 #        server: "192.168.0.172:5432"
@@ -27,7 +27,7 @@ emqx_data_bridge.bridges: [
 #        ssl: false
 #     }
 #    }
-#   , {name: "mongodb_single"
+#   , {name: "mongodb_bridge_single"
 #     type: mongo
 #     config: {
 #        servers: "192.168.0.172:27017"
@@ -40,7 +40,7 @@ emqx_data_bridge.bridges: [
 #        ssl: false
 #     }
 #    }
-#  ,{name: "mongodb_rs"
+#  ,{name: "mongodb_bridge_rs"
 #   type: mongo
 #   config: {
 #      servers: "127.0.0.1:27017"
@@ -54,7 +54,7 @@ emqx_data_bridge.bridges: [
 #      ssl: false
 #   }
 #  }
-#  ,{name: "mongodb_shared"
+#  ,{name: "mongodb_bridge_shared"
 #   type: mongo
 #   config: {
 #      servers: "127.0.0.1:27017"
@@ -77,7 +77,7 @@ emqx_data_bridge.bridges: [
 #      min_heartbeat_frequency_ms: 10s
 #   }
 #  }
-#  , {name: "redis_single"
+#  , {name: "redis_bridge_single"
 #    type: redis
 #    config: {
 #       servers: "192.168.0.172:6379"
@@ -89,7 +89,7 @@ emqx_data_bridge.bridges: [
 #       ssl: false
 #    }
 #   }
-#  ,{name: "redis_sentinel"
+#  ,{name: "redis_bridge_sentinel"
 #   type: redis
 #   config: {
 #      servers: "127.0.0.1:6379, 127.0.0.2:6379, 127.0.0.3:6379"
@@ -100,7 +100,7 @@ emqx_data_bridge.bridges: [
 #      ssl: false
 #   }
 #  }
-#  ,{name: "redis_cluster"
+#  ,{name: "redis_bridge_cluster"
 #   type: redis
 #   config: {
 #      servers: "127.0.0.1:6379, 127.0.0.2:6379, 127.0.0.3:6379"
@@ -111,7 +111,7 @@ emqx_data_bridge.bridges: [
 #      ssl: false
 #   }
 #  }
-#  , {name: "ldap"
+#  , {name: "ldap_bridge_1"
 #    type: ldap
 #    config: {
 #       servers: "192.168.0.172"
diff --git a/apps/emqx_data_bridge/priv/emqx_data_bridge.schema b/apps/emqx_data_bridge/priv/emqx_data_bridge.schema
deleted file mode 100644
index c9cb3f2c0..000000000
--- a/apps/emqx_data_bridge/priv/emqx_data_bridge.schema
+++ /dev/null
@@ -1,16 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_data_bridge config mapping
-
-{mapping, "emqx_data_bridge.bridges", "emqx_data_bridge.bridges", [
-  {default, []},
-  {datatype, string}
-]}.
-
-% fields("emqx_data_bridge") ->
-%     [
-%         {bridges,
-%           [fun(mapping) -> "emqx_data_bridge.bridges";
-%               (type) -> list();
-%               (_) -> undefined
-%            end]}
-%     ]
\ No newline at end of file
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge.erl b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
index 5877cd3dd..2c5b52d8e 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
@@ -25,23 +25,24 @@
         ]).
 
 load_bridges() ->
-    Bridges = proplists:get_value(bridges,
-        application:get_all_env(emqx_data_bridge), []),
+    ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?MODULE]) ++ ".conf",
+    {ok, RawConfig} = hocon:load(ConfFile, #{format => richmap}),
+    #{emqx_data_bridge := #{bridges := Bridges}} =
+        hocon_schema:check(emqx_data_bridge_schema, RawConfig,
+            #{atom_key => true, return_plain => true}),
     emqx_data_bridge_monitor:ensure_all_started(Bridges).
 
-resource_type(<<"mysql">>) -> emqx_connector_mysql;
-resource_type(<<"pgsql">>) -> emqx_connector_pgsql;
-resource_type(<<"mongo">>) -> emqx_connector_mongo;
-resource_type(<<"redis">>) -> emqx_connector_redis;
-resource_type(<<"ldap">>) -> emqx_connector_ldap.
-
-
-bridge_type(emqx_connector_mysql) -> <<"mysql">>;
-bridge_type(emqx_connector_pgsql) -> <<"pgsql">>;
-bridge_type(emqx_connector_mongo) -> <<"mongo">>;
-bridge_type(emqx_connector_redis) -> <<"redis">>;
-bridge_type(emqx_connector_ldap) -> <<"ldap">>.
+resource_type(mysql) -> emqx_connector_mysql;
+resource_type(pgsql) -> emqx_connector_pgsql;
+resource_type(mongo) -> emqx_connector_mongo;
+resource_type(redis) -> emqx_connector_redis;
+resource_type(ldap) -> emqx_connector_ldap.
 
+bridge_type(emqx_connector_mysql) -> mysql;
+bridge_type(emqx_connector_pgsql) -> pgsql;
+bridge_type(emqx_connector_mongo) -> mongo;
+bridge_type(emqx_connector_redis) -> redis;
+bridge_type(emqx_connector_ldap) -> ldap.
 
 name_to_resource_id(BridgeName) ->
     <<"bridge:", BridgeName/binary>>.
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge_app.erl b/apps/emqx_data_bridge/src/emqx_data_bridge_app.erl
index 4ff96e34e..90ab8056f 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge_app.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge_app.erl
@@ -17,8 +17,6 @@
 
 -behaviour(application).
 
--emqx_plugin(?MODULE).
-
 -export([start/2, stop/1]).
 
 start(_StartType, _StartArgs) ->
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge_monitor.erl b/apps/emqx_data_bridge/src/emqx_data_bridge_monitor.erl
index 521d9721c..d408a8062 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge_monitor.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge_monitor.erl
@@ -69,9 +69,8 @@ load_bridges(Configs) ->
 
 %% TODO: move this monitor into emqx_resource
 %% emqx_resource:check_and_create_local(ResourceId, ResourceType, Config, #{keep_retry => true}).
-load_bridge(#{<<"name">> := Name, <<"type">> := Type,
-              <<"config">> := Config}) ->
-    case emqx_resource:check_and_create_local(
+load_bridge(#{name := Name, type := Type, config := Config}) ->
+    case emqx_resource:create_local(
             emqx_data_bridge:name_to_resource_id(Name),
             emqx_data_bridge:resource_type(Type), Config) of
         {ok, _} -> ok;
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl b/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
new file mode 100644
index 000000000..2c974029c
--- /dev/null
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
@@ -0,0 +1,23 @@
+-module(emqx_data_bridge_schema).
+
+-export([structs/0, fields/1]).
+
+-define(BRIDGE_FIELDS(T),
+    [{name, hoconsc:t(typerefl:binary())},
+     {type, hoconsc:t(typerefl:atom(T))},
+     {config, hoconsc:t(hoconsc:ref(list_to_atom("emqx_connector_"++atom_to_list(T)), ""))}]).
+
+-define(TYPES, [mysql, pgsql, mongo, redis, ldap]).
+-define(BRIDGES, [hoconsc:ref(T) || T <- ?TYPES]).
+
+structs() -> [emqx_data_bridge].
+
+fields(emqx_data_bridge) ->
+    [{bridges, #{type => hoconsc:array(hoconsc:union(?BRIDGES)),
+                 default => []}}];
+
+fields(mysql) -> ?BRIDGE_FIELDS(mysql);
+fields(pgsql) -> ?BRIDGE_FIELDS(pgsql);
+fields(mongo) -> ?BRIDGE_FIELDS(mongo);
+fields(redis) -> ?BRIDGE_FIELDS(redis);
+fields(ldap) -> ?BRIDGE_FIELDS(ldap).
diff --git a/apps/emqx_resource/etc/emqx_resource.conf b/apps/emqx_resource/etc/emqx_resource.conf
deleted file mode 100644
index 1f038ef8b..000000000
--- a/apps/emqx_resource/etc/emqx_resource.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-##--------------------------------------------------------------------
-## EMQ X Resource Plugin
-##--------------------------------------------------------------------
diff --git a/apps/emqx_resource/include/emqx_resource.hrl b/apps/emqx_resource/include/emqx_resource.hrl
index 123854bc9..5e73e1cf4 100644
--- a/apps/emqx_resource/include/emqx_resource.hrl
+++ b/apps/emqx_resource/include/emqx_resource.hrl
@@ -15,6 +15,8 @@
 %%--------------------------------------------------------------------
 -type resource_type() :: module().
 -type instance_id() :: binary().
+-type raw_resource_config() :: binary() | raw_term_resource_config().
+-type raw_term_resource_config() :: #{binary() => term()} | [raw_term_resource_config()].
 -type resource_config() :: term().
 -type resource_spec() :: map().
 -type resource_state() :: term().
diff --git a/apps/emqx_resource/priv/emqx_resource.schema b/apps/emqx_resource/priv/emqx_resource.schema
deleted file mode 100644
index 8246dc6a7..000000000
--- a/apps/emqx_resource/priv/emqx_resource.schema
+++ /dev/null
@@ -1,2 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx-resource config mapping
diff --git a/apps/emqx_resource/src/emqx_resource.erl b/apps/emqx_resource/src/emqx_resource.erl
index 859ff083e..1fce5e122 100644
--- a/apps/emqx_resource/src/emqx_resource.erl
+++ b/apps/emqx_resource/src/emqx_resource.erl
@@ -84,7 +84,7 @@
         % , inc_counter/3 %% increment the counter by a given integer
         ]).
 
--define(EXT, "*.spec").
+-define(HOCON_CHECK_OPTS, #{atom_key => true, nullable => false}).
 
 -optional_callbacks([ on_query/4
                     , on_health_check/2
@@ -267,50 +267,49 @@ call_jsonify(Mod, Config) ->
         true -> ?SAFE_CALL(Mod:on_jsonify(Config))
     end.
 
--spec check_config(resource_type(), binary() | term()) ->
+-spec check_config(resource_type(), raw_resource_config()) ->
     {ok, resource_config()} | {error, term()}.
 check_config(ResourceType, RawConfig) when is_binary(RawConfig) ->
     case hocon:binary(RawConfig, #{format => richmap}) of
         {ok, MapConfig} ->
-            do_check_config(ResourceType, MapConfig);
+            case ?SAFE_CALL(hocon_schema:check(ResourceType, MapConfig, ?HOCON_CHECK_OPTS)) of
+                {error, Reason} -> {error, Reason};
+                Config -> {ok, hocon_schema:richmap_to_map(Config)}
+            end;
         Error -> Error
     end;
 check_config(ResourceType, RawConfigTerm) ->
-    check_config(ResourceType, jsx:encode(#{config => RawConfigTerm})).
-
--spec do_check_config(resource_type(), map()) -> {ok, resource_config()} | {error, term()}.
-do_check_config(ResourceType, MapConfig) ->
-    case ?SAFE_CALL(emqx_resource_schema:check(ResourceType, MapConfig)) of
+    case ?SAFE_CALL(hocon_schema:check_plain(ResourceType, RawConfigTerm, ?HOCON_CHECK_OPTS)) of
         {error, Reason} -> {error, Reason};
-        Config -> {ok, maps:get(config, hocon_schema:richmap_to_map(Config))}
+        Config -> {ok, Config}
     end.
 
--spec check_and_create(instance_id(), resource_type(), binary() | term()) ->
+-spec check_and_create(instance_id(), resource_type(), raw_resource_config()) ->
     {ok, resource_data()} | {error, term()}.
-check_and_create(InstId, ResourceType, Config) ->
-    check_and_do(ResourceType, Config,
+check_and_create(InstId, ResourceType, RawConfig) ->
+    check_and_do(ResourceType, RawConfig,
         fun(InstConf) -> create(InstId, ResourceType, InstConf) end).
 
--spec check_and_create_local(instance_id(), resource_type(), binary() | term()) ->
+-spec check_and_create_local(instance_id(), resource_type(), raw_resource_config()) ->
     {ok, resource_data()} | {error, term()}.
-check_and_create_local(InstId, ResourceType, Config) ->
-    check_and_do(ResourceType, Config,
+check_and_create_local(InstId, ResourceType, RawConfig) ->
+    check_and_do(ResourceType, RawConfig,
         fun(InstConf) -> create_local(InstId, ResourceType, InstConf) end).
 
--spec check_and_update(instance_id(), resource_type(), binary() | term(), term()) ->
+-spec check_and_update(instance_id(), resource_type(), raw_resource_config(), term()) ->
     {ok, resource_data()} | {error, term()}.
-check_and_update(InstId, ResourceType, Config, Params) ->
-    check_and_do(ResourceType, Config,
+check_and_update(InstId, ResourceType, RawConfig, Params) ->
+    check_and_do(ResourceType, RawConfig,
         fun(InstConf) -> update(InstId, ResourceType, InstConf, Params) end).
 
--spec check_and_update_local(instance_id(), resource_type(), binary() | term(), term()) ->
+-spec check_and_update_local(instance_id(), resource_type(), raw_resource_config(), term()) ->
     {ok, resource_data()} | {error, term()}.
-check_and_update_local(InstId, ResourceType, Config, Params) ->
-    check_and_do(ResourceType, Config,
+check_and_update_local(InstId, ResourceType, RawConfig, Params) ->
+    check_and_do(ResourceType, RawConfig,
         fun(InstConf) -> update_local(InstId, ResourceType, InstConf, Params) end).
 
-check_and_do(ResourceType, Config, Do) when is_function(Do) ->
-    case check_config(ResourceType, Config) of
+check_and_do(ResourceType, RawConfig, Do) when is_function(Do) ->
+    case check_config(ResourceType, RawConfig) of
         {ok, InstConf} -> Do(InstConf);
         Error -> Error
     end.
diff --git a/apps/emqx_resource/src/emqx_resource_app.erl b/apps/emqx_resource/src/emqx_resource_app.erl
index d2c499490..e3ef9f3d2 100644
--- a/apps/emqx_resource/src/emqx_resource_app.erl
+++ b/apps/emqx_resource/src/emqx_resource_app.erl
@@ -20,8 +20,6 @@
 
 -include("emqx_resource.hrl").
 
--emqx_plugin(?MODULE).
-
 -export([start/2, stop/1]).
 
 start(_StartType, _StartArgs) ->
diff --git a/apps/emqx_resource/src/emqx_resource_schema.erl b/apps/emqx_resource/src/emqx_resource_schema.erl
deleted file mode 100644
index 6cdd13e11..000000000
--- a/apps/emqx_resource/src/emqx_resource_schema.erl
+++ /dev/null
@@ -1,34 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_resource_schema).
-
--export([check/2]).
-
--export([structs/0, fields/1]).
-
--behaviour(hocon_schema).
-
-check(SchemaMod, Conf) ->
-    _ = erlang:erase(res_schema_mod),
-    erlang:put(res_schema_mod, SchemaMod),
-    hocon_schema:check(?MODULE, Conf, #{atom_key => true, nullable => false}).
-
-structs() -> ["config"].
-
-fields("config") ->
-    SchemaMod = erlang:get(res_schema_mod),
-    SchemaMod:schema().
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
index 5ac46e0e3..d0dac7fe1 100644
--- a/data/loaded_plugins.tmpl
+++ b/data/loaded_plugins.tmpl
@@ -5,7 +5,4 @@
 {emqx_retainer, {{enable_plugin_emqx_retainer}}}.
 {emqx_telemetry, {{enable_plugin_emqx_telemetry}}}.
 {emqx_rule_engine, {{enable_plugin_emqx_rule_engine}}}.
-{emqx_resource, {{enable_plugin_emqx_resource}}}.
-{emqx_connector, {{enable_plugin_emqx_connector}}}.
-{emqx_data_bridge, {{enable_plugin_emqx_data_bridge}}}.
 {emqx_bridge_mqtt, {{enable_plugin_emqx_bridge_mqtt}}}.
diff --git a/rebar.config b/rebar.config
index db95d94ae..0c4a11071 100644
--- a/rebar.config
+++ b/rebar.config
@@ -52,7 +52,7 @@
     , {observer_cli, "1.6.1"} % NOTE: depends on recon 2.5.1
     , {getopt, "1.0.1"}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
-    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.6.0"}}}
+    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.7.0"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
     ]}.
 
diff --git a/rebar.config.erl b/rebar.config.erl
index 543333895..cbcf734f6 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -193,9 +193,6 @@ overlay_vars_rel(RelType) ->
              end,
     [ {enable_plugin_emqx_rule_engine, RelType =:= cloud}
     , {enable_plugin_emqx_bridge_mqtt, RelType =:= edge}
-    , {enable_plugin_emqx_resource, true}
-    , {enable_plugin_emqx_connector, true}
-    , {enable_plugin_emqx_data_bridge, true}
     , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
     , {enable_plugin_emqx_recon, true}
     , {enable_plugin_emqx_retainer, true}
@@ -254,6 +251,9 @@ relx_apps(ReleaseType) ->
     , {emqx_plugin_libs, load}
     , observer_cli
     , emqx_http_lib
+    , emqx_resource
+    , emqx_connector
+    , emqx_data_bridge
     ]
     ++ [emqx_modules || not is_enterprise()]
     ++ [emqx_license || is_enterprise()]
@@ -291,9 +291,6 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_auth_mnesia
     , emqx_web_hook
     , emqx_recon
-    , emqx_resource
-    , emqx_connector
-    , emqx_data_bridge
     , emqx_rule_engine
     , emqx_sasl
     ]
@@ -371,6 +368,7 @@ etc_overlay(ReleaseType) ->
 extra_overlay(cloud) ->
     [ {copy,"{{base_dir}}/lib/emqx_lwm2m/lwm2m_xml","etc/"}
     , {copy, "{{base_dir}}/lib/emqx_psk_file/etc/psk.txt", "etc/psk.txt"}
+    , {copy, "{{base_dir}}/lib/emqx_data_bridge/etc/emqx_data_bridge.conf", "etc/plugins/emqx_data_bridge.conf"}
     ];
 extra_overlay(edge) ->
     [].

From 205e588b226b6002e2b9643cb97d237126ee974f Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Sat, 19 Jun 2021 16:30:11 +0800
Subject: [PATCH 087/174] fix(plugins): fix load plugin generate hocon configs
 fail

---
 apps/emqx/src/emqx_plugins.erl | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/apps/emqx/src/emqx_plugins.erl b/apps/emqx/src/emqx_plugins.erl
index 7df1f368c..bda537f47 100644
--- a/apps/emqx/src/emqx_plugins.erl
+++ b/apps/emqx/src/emqx_plugins.erl
@@ -175,7 +175,7 @@ load_ext_plugin(PluginDir) ->
               end,
     ok = load_plugin_app(AppName, Ebin),
     try
-        ok = generate_configs(AppName)
+        ok = generate_configs(AppName, PluginDir)
     catch
         throw : {conf_file_not_found, ConfFile} ->
             %% this is maybe a dependency of an external plugin
@@ -367,8 +367,16 @@ funlog(Key, Value) ->
     ?LOG(info, "~s = ~p", [string:join(Key, "."), Value]).
 
 generate_configs(App) ->
-    PluginConfDir = filename:join([code:lib_dir(App), "etc"]),
-    PluginSchemaDir = filename:join([code:lib_dir(App), "priv"]),
+    PluginConfDir = emqx:get_env(plugins_etc_dir),
+    PluginSchemaDir = code:priv_dir(App),
+    generate_configs(App, PluginConfDir, PluginSchemaDir).
+
+generate_configs(App, PluginDir) ->
+    PluginConfDir = filename:join([PluginDir, "etc"]),
+    PluginSchemaDir = filename:join([PluginDir, "priv"]),
+    generate_configs(App, PluginConfDir, PluginSchemaDir).
+
+generate_configs(App, PluginConfDir, PluginSchemaDir) ->
     ConfigFile = filename:join([PluginConfDir, App]) ++ ".config",
     case filelib:is_file(ConfigFile) of
         true ->
@@ -410,13 +418,14 @@ do_generate_hocon_configs(App, ConfName, SchemaFile) ->
     SchemaMod = lists:concat([App, "_schema"]),
     case {filelib:is_file(ConfName), filelib:is_file(SchemaFile)} of
         {true, true} ->
-            {ok, RawConfig} = hocon:load(ConfName),
-            Config = hocon_schema:check_plain(list_to_atom(SchemaMod), RawConfig, #{atom_key => true}),
+            {ok, RawConfig} = hocon:load(ConfName, #{format => richmap}),
+            Config = hocon_schema:check(list_to_atom(SchemaMod), RawConfig, #{atom_key => true,
+                                                                              return_plain => true}),
             emqx_config_handler:update_config(emqx_config_handler, Config);
         {true, false} ->
             error({schema_not_found, [SchemaFile]});
         {false, true} ->
-            error({config_not_found, [SchemaFile]});
+            error({config_not_found, [ConfName]});
         {false, false} ->
             error({conf_and_schema_not_found, [ConfName, SchemaFile]})
     end.

From 83561024502b551f9242d87917705a127eb47162 Mon Sep 17 00:00:00 2001
From: DDDHuang <904897578@qq.com>
Date: Thu, 17 Jun 2021 21:51:11 +0800
Subject: [PATCH 088/174] chore: support statsd

---
 apps/emqx_statsd/.gitignore              |  19 +++
 apps/emqx_statsd/LICENSE                 | 191 +++++++++++++++++++++++
 apps/emqx_statsd/README.md               |   9 ++
 apps/emqx_statsd/etc/emqx_statsd.conf    |  42 +++++
 apps/emqx_statsd/include/emqx_statsd.hrl |   9 ++
 apps/emqx_statsd/priv/emqx_statsd.schema |  53 +++++++
 apps/emqx_statsd/rebar.config            |   7 +
 apps/emqx_statsd/src/emqx_statsd.app.src |  16 ++
 apps/emqx_statsd/src/emqx_statsd.erl     | 101 ++++++++++++
 apps/emqx_statsd/src/emqx_statsd_app.erl |  38 +++++
 apps/emqx_statsd/src/emqx_statsd_sup.erl |  60 +++++++
 rebar.config.erl                         |   1 +
 12 files changed, 546 insertions(+)
 create mode 100644 apps/emqx_statsd/.gitignore
 create mode 100644 apps/emqx_statsd/LICENSE
 create mode 100644 apps/emqx_statsd/README.md
 create mode 100644 apps/emqx_statsd/etc/emqx_statsd.conf
 create mode 100644 apps/emqx_statsd/include/emqx_statsd.hrl
 create mode 100644 apps/emqx_statsd/priv/emqx_statsd.schema
 create mode 100644 apps/emqx_statsd/rebar.config
 create mode 100644 apps/emqx_statsd/src/emqx_statsd.app.src
 create mode 100644 apps/emqx_statsd/src/emqx_statsd.erl
 create mode 100644 apps/emqx_statsd/src/emqx_statsd_app.erl
 create mode 100644 apps/emqx_statsd/src/emqx_statsd_sup.erl

diff --git a/apps/emqx_statsd/.gitignore b/apps/emqx_statsd/.gitignore
new file mode 100644
index 000000000..f1c455451
--- /dev/null
+++ b/apps/emqx_statsd/.gitignore
@@ -0,0 +1,19 @@
+.rebar3
+_*
+.eunit
+*.o
+*.beam
+*.plt
+*.swp
+*.swo
+.erlang.cookie
+ebin
+log
+erl_crash.dump
+.rebar
+logs
+_build
+.idea
+*.iml
+rebar3.crashdump
+*~
diff --git a/apps/emqx_statsd/LICENSE b/apps/emqx_statsd/LICENSE
new file mode 100644
index 000000000..e16434416
--- /dev/null
+++ b/apps/emqx_statsd/LICENSE
@@ -0,0 +1,191 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2021, DDDHuang <904897578@qq.com>.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/apps/emqx_statsd/README.md b/apps/emqx_statsd/README.md
new file mode 100644
index 000000000..f9097a58e
--- /dev/null
+++ b/apps/emqx_statsd/README.md
@@ -0,0 +1,9 @@
+emqx_statsd
+=====
+
+An OTP application
+
+Build
+-----
+
+    $ rebar3 compile
diff --git a/apps/emqx_statsd/etc/emqx_statsd.conf b/apps/emqx_statsd/etc/emqx_statsd.conf
new file mode 100644
index 000000000..27c08d343
--- /dev/null
+++ b/apps/emqx_statsd/etc/emqx_statsd.conf
@@ -0,0 +1,42 @@
+##--------------------------------------------------------------------
+ ## Statsd for EMQ X
+ ##--------------------------------------------------------------------
+
+ ## The statsd server host
+ ## 
+ ## Default: "127.0.0.1"
+ statsd.host = "127.0.0.1"
+
+ ## The statsd server port
+ ## 
+ ## Default: "127.0.0.1"
+ statsd.port = 8125
+
+ ## statsd prefix
+ ##
+ ## Default: emqx
+ # statsd.prefix = emqx
+
+ ## statsd tag key
+ ##
+ # statsd.tag.1.key = from
+
+ ## statsd tag value
+ ##
+ # statsd.tag.1.value = emqx
+
+ ## statsd batch_size
+ ## 
+ ## Default: 10
+ statsd.batch_size = 10
+
+ ## statsd sample time interval
+ ## 
+ ## Default: 10s
+ statsd.sample_time_interval = 10s
+
+ ## statsd flush time interval
+ ## 
+ ## Default: 10s
+ statsd.flush_time_interval = 10s
+ 
\ No newline at end of file
diff --git a/apps/emqx_statsd/include/emqx_statsd.hrl b/apps/emqx_statsd/include/emqx_statsd.hrl
new file mode 100644
index 000000000..68f94487a
--- /dev/null
+++ b/apps/emqx_statsd/include/emqx_statsd.hrl
@@ -0,0 +1,9 @@
+-define(APP, emqx_statsd).
+
+-define(DEFAULT_HOST, {127, 0, 0, 1}).
+-define(DEFAULT_PORT, 8125).
+-define(DEFAULT_PREFIX, undefined).
+-define(DEFAULT_TAGS, []).
+-define(DEFAULT_BATCH_SIZE, 10).
+-define(DEFAULT_SAMPLE_TIME_INTERVAL, 10000).
+-define(DEFAULT_FLUSH_TIME_INTERVAL, 10000).
\ No newline at end of file
diff --git a/apps/emqx_statsd/priv/emqx_statsd.schema b/apps/emqx_statsd/priv/emqx_statsd.schema
new file mode 100644
index 000000000..b509b4065
--- /dev/null
+++ b/apps/emqx_statsd/priv/emqx_statsd.schema
@@ -0,0 +1,53 @@
+%% emqx_statsd config
+
+ {mapping, "statsd.host", "emqx_statsd.host", [
+   {default, "127.0.0.1"},
+   {datatype, string}
+ ]}.
+
+ {mapping, "statsd.port", "emqx_statsd.port", [
+   {default, 8125},
+   {datatype, integer}
+ ]}.
+
+ {mapping, "statsd.prefix", "emqx_statsd.prefix", [
+   {datatype, string}
+ ]}.
+
+ {mapping, "statsd.tag.$id.key", "emqx_statsd.tag", [
+   {datatype, string}
+ ]}.
+
+ {mapping, "statsd.tag.$id.value", "emqx_statsd.tag", [
+   {datatype, string}
+ ]}.
+
+ {mapping, "statsd.batch_size", "emqx_statsd.batch_size", [
+   {default, 10},
+   {datatype, integer}
+ ]}.
+
+ {mapping, "statsd.sample_time_interval", "emqx_statsd.sample_time_interval", [
+   {default, "2s"},
+   {datatype, {duration, ms}}
+ ]}.
+
+ {mapping, "statsd.flush_time_interval", "emqx_statsd.flush_time_interval", [
+   {default, "10s"},
+   {datatype, {duration, ms}}
+ ]}.
+
+ {translation, "emqx_stasd.host", fun(Conf) ->
+   {ok, IPAddress} = inet:parse_address(cuttlefish:conf_get("statsd.host", Conf, "127.0.0.1")),
+   IPAddress
+ end}.
+
+ {translation, "emqx_statsd.tag", fun(Conf) ->
+   Tags = cuttlefish_variable:filter_by_prefix("statsd.tag", Conf),
+   lists:foldl(
+     fun({["statsd", "tag", Id, "key"], Key}, AccIn) ->
+         [{Key, cuttlefish:conf_get("statsd." ++ Id ++ ".value", Conf)} | AccIn];
+        (_, AccIn) ->
+         AccIn
+     end, [], Tags)
+ end}.
diff --git a/apps/emqx_statsd/rebar.config b/apps/emqx_statsd/rebar.config
new file mode 100644
index 000000000..e997b1577
--- /dev/null
+++ b/apps/emqx_statsd/rebar.config
@@ -0,0 +1,7 @@
+{erl_opts, [debug_info]}.
+{deps, [{estatsd, {git, "https://github.com/emqx/estatsd", {tag, "0.1.0"}}}]}.
+
+{shell, [
+  % {config, "config/sys.config"},
+    {apps, [emqx_statsd]}
+]}.
diff --git a/apps/emqx_statsd/src/emqx_statsd.app.src b/apps/emqx_statsd/src/emqx_statsd.app.src
new file mode 100644
index 000000000..04338fd62
--- /dev/null
+++ b/apps/emqx_statsd/src/emqx_statsd.app.src
@@ -0,0 +1,16 @@
+{application, emqx_statsd,
+ [{description, "An OTP application"},
+  {vsn, "0.1.0"},
+  {registered, []},
+  {mod, {emqx_statsd_app, []}},
+  {applications,
+   [kernel,
+    stdlib,
+    estatsd
+   ]},
+  {env,[]},
+  {modules, []},
+
+  {licenses, ["Apache 2.0"]},
+  {links, []}
+ ]}.
diff --git a/apps/emqx_statsd/src/emqx_statsd.erl b/apps/emqx_statsd/src/emqx_statsd.erl
new file mode 100644
index 000000000..133c32321
--- /dev/null
+++ b/apps/emqx_statsd/src/emqx_statsd.erl
@@ -0,0 +1,101 @@
+%%--------------------------------------------------------------------
+ %% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+ %%
+ %% Licensed under the Apache License, Version 2.0 (the "License");
+ %% you may not use this file except in compliance with the License.
+ %% You may obtain a copy of the License at
+ %%
+ %%     http://www.apache.org/licenses/LICENSE-2.0
+ %%
+ %% Unless required by applicable law or agreed to in writing, software
+ %% distributed under the License is distributed on an "AS IS" BASIS,
+ %% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ %% See the License for the specific language governing permissions and
+ %% limitations under the License.
+ %%--------------------------------------------------------------------
+
+ -module(emqx_statsd).
+
+ -behaviour(gen_server).
+
+ -ifdef(TEST).
+ -compile(export_all).
+ -compile(nowarn_export_all).
+ -endif.
+
+ -include_lib("emqx/include/logger.hrl").
+
+ %% Interface
+ -export([start_link/1]).
+
+ %% Internal Exports
+ -export([ init/1
+         , handle_call/3
+         , handle_cast/2
+         , handle_info/2
+         , code_change/3
+         , terminate/2
+         ]).
+
+ -record(state, {
+           timer                :: reference(),
+           sample_time_interval :: pos_integer(),
+           flush_time_interval  :: pos_integer(),
+           estatsd_pid          :: pid()
+         }).
+
+ start_link(Opts) ->
+     gen_server:start_link({local, ?MODULE}, ?MODULE, [Opts], []).
+
+ init([Opts]) ->
+     SampleTimeInterval = proplists:get_value(sample_time_interval, Opts),
+     FlushTimeInterval = proplists:get_value(flush_time_interval, Opts),
+     Ref = erlang:start_timer(SampleTimeInterval, self(), sample_timeout),
+     Pid = proplists:get_value(estatsd_pid, Opts),
+     {ok, #state{timer = Ref,
+                 sample_time_interval = SampleTimeInterval,
+                 flush_time_interval = FlushTimeInterval,
+                 estatsd_pid = Pid}}.
+
+ handle_call(_Req, _From, State) ->
+     {noreply, State}.
+
+ handle_cast(_Msg, State) ->
+     {noreply, State}.
+
+ handle_info({timeout, Ref, sample_timeout}, State = #state{sample_time_interval = SampleTimeInterval,
+                                                            flush_time_interval = FlushTimeInterval,
+                                                            estatsd_pid = Pid,
+                                                            timer = Ref}) ->
+     ?LOG(debug, "emqx statsd submit"),
+     Metrics = emqx_metrics:all() ++ emqx_stats:getstats() ++ emqx_vm_data(),
+     SampleRate = SampleTimeInterval / FlushTimeInterval,
+     StatsdMetrics = [{gauge, trans_metrics_name(Name), Value, SampleRate, []} || {Name, Value} <- Metrics],
+     estatsd:submit(Pid, StatsdMetrics),
+     {noreply, State#state{timer = erlang:start_timer(SampleTimeInterval, self(), sample_timeout)}};
+
+ handle_info(_Msg, State) ->
+     {noreply, State}.
+
+ code_change(_OldVsn, State, _Extra) ->
+     {ok, State}.
+
+ terminate(_Reason, _State) ->
+     ok.
+
+ %%------------------------------------------------------------------------------
+ %% Internale function
+ %%------------------------------------------------------------------------------
+ trans_metrics_name(Name) ->
+     Name0 = atom_to_binary(Name, utf8),
+     binary_to_atom(<<"emqx.", Name0/binary>>, utf8).
+
+ emqx_vm_data() ->
+     Idle = case cpu_sup:util([detailed]) of
+                {_, 0, 0, _} -> 0; %% Not support for Windows
+                {_Num, _Use, IdleList, _} -> proplists:get_value(idle, IdleList, 0)
+            end,
+     RunQueue = erlang:statistics(run_queue),
+     [{run_queue, RunQueue},
+      {cpu_idle, Idle},
+      {cpu_use, 100 - Idle}] ++ emqx_vm:mem_info().
diff --git a/apps/emqx_statsd/src/emqx_statsd_app.erl b/apps/emqx_statsd/src/emqx_statsd_app.erl
new file mode 100644
index 000000000..45d2c9708
--- /dev/null
+++ b/apps/emqx_statsd/src/emqx_statsd_app.erl
@@ -0,0 +1,38 @@
+%%--------------------------------------------------------------------
+ %% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+ %%
+ %% Licensed under the Apache License, Version 2.0 (the "License");
+ %% you may not use this file except in compliance with the License.
+ %% You may obtain a copy of the License at
+ %%
+ %%     http://www.apache.org/licenses/LICENSE-2.0
+ %%
+ %% Unless required by applicable law or agreed to in writing, software
+ %% distributed under the License is distributed on an "AS IS" BASIS,
+ %% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ %% See the License for the specific language governing permissions and
+ %% limitations under the License.
+ %%--------------------------------------------------------------------
+
+ -module(emqx_statsd_app).
+
+ -behaviour(application).
+
+-include_lib("emqx/include/logger.hrl").
+
+ -emqx_plugin(?MODULE).
+
+ -export([ start/2
+         , stop/1
+         ]).
+
+start(_StartType, _StartArgs) ->
+    {ok, Sup} = emqx_statsd_sup:start_link(),
+    emqx_statsd_sup:start_statsd(),
+    ?LOG(info, "emqx statsd start: successfully"),
+    {ok, Sup}.
+
+ stop(_) ->
+    emqx_statsd_sup:stop_statsd(),
+    ?LOG(info, "emqx statsd stop: successfully"),
+    ok.
diff --git a/apps/emqx_statsd/src/emqx_statsd_sup.erl b/apps/emqx_statsd/src/emqx_statsd_sup.erl
new file mode 100644
index 000000000..e72f43225
--- /dev/null
+++ b/apps/emqx_statsd/src/emqx_statsd_sup.erl
@@ -0,0 +1,60 @@
+%%%-------------------------------------------------------------------
+%% @doc emqx_statsd top level supervisor.
+%% @end
+%%%-------------------------------------------------------------------
+
+-module(emqx_statsd_sup).
+
+-behaviour(supervisor).
+
+-include("emqx_statsd.hrl").
+
+-export([start_link/0]).
+
+-export([start_statsd/0, stop_statsd/0]).
+
+-export([init/1]).
+
+ start_link() ->
+     supervisor:start_link({local, ?MODULE}, ?MODULE, []).
+
+ init([]) ->
+    {ok, { {one_for_one, 10, 100}, []} }.
+
+start_statsd() ->
+    {ok, Pid} = supervisor:start_child(?MODULE, estatsd_child_spec()),
+    {ok, _Pid1} = supervisor:start_child(?MODULE, emqx_statsd_child_spec(Pid)).
+
+stop_statsd() ->
+    supervisor:terminate_child(emqx_statsd_sup, emqx_statsd),
+    supervisor:terminate_child(emqx_statsd_sup, estatsd).
+%%==============================================================================================
+%% internal
+estatsd_child_spec() ->
+    #{id       => estatsd
+    , start    => {estatsd, start_link, [estatsd_options()]}
+    , restart  => permanent
+    , shutdown => 5000
+    , type     => worker
+    , modules  => [estatsd]}.
+
+estatsd_options() ->
+    Host = application:get_env(?APP, host, ?DEFAULT_HOST),
+    Port = application:get_env(?APP, port, ?DEFAULT_PORT),
+    Prefix = application:get_env(?APP, prefix, ?DEFAULT_PREFIX),
+    Tags = application:get_env(?APP, tags, ?DEFAULT_TAGS),
+    BatchSize = application:get_env(?APP, batch_size, ?DEFAULT_BATCH_SIZE),
+    [{host, Host}, {port, Port}, {prefix, Prefix}, {tags, Tags}, {batch_size, BatchSize}].
+
+emqx_statsd_child_spec(Pid) ->
+    #{id       => emqx_statsd
+    , start    => {emqx_statsd, start_link, [emqx_statsd_options(Pid)]}
+    , restart  => permanent
+    , shutdown => 5000
+    , type     => worker
+    , modules  => [emqx_statsd]}.
+
+emqx_statsd_options(Pid) ->
+    SampleTimeInterval = application:get_env(?APP, sample_time_interval, ?DEFAULT_SAMPLE_TIME_INTERVAL),
+    FlushTimeInterval = application:get_env(?APP, flush_time_interval, ?DEFAULT_FLUSH_TIME_INTERVAL),
+    [{estatsd_pid, Pid}, {sample_time_interval, SampleTimeInterval}, {flush_time_interval, FlushTimeInterval}].
diff --git a/rebar.config.erl b/rebar.config.erl
index cbcf734f6..d62b1852c 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -293,6 +293,7 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_recon
     , emqx_rule_engine
     , emqx_sasl
+    , emqx_statsd
     ]
     ++ [emqx_telemetry || not is_enterprise()]
     ++ relx_plugin_apps_per_rel(ReleaseType)

From 9bc3b4684a6d3d2d15799c61647011dff1c2adb6 Mon Sep 17 00:00:00 2001
From: DDDHuang <904897578@qq.com>
Date: Sat, 19 Jun 2021 10:42:20 +0800
Subject: [PATCH 089/174] refactor(config): support hocon

---
 apps/emqx_statsd/etc/emqx_statsd.conf       | 47 ++++--------------
 apps/emqx_statsd/priv/emqx_statsd.schema    | 53 ---------------------
 apps/emqx_statsd/src/emqx_statsd_app.erl    |  6 +--
 apps/emqx_statsd/src/emqx_statsd_schema.erl | 38 +++++++++++++++
 apps/emqx_statsd/src/emqx_statsd_sup.erl    | 40 +++++++++++-----
 5 files changed, 77 insertions(+), 107 deletions(-)
 delete mode 100644 apps/emqx_statsd/priv/emqx_statsd.schema
 create mode 100644 apps/emqx_statsd/src/emqx_statsd_schema.erl

diff --git a/apps/emqx_statsd/etc/emqx_statsd.conf b/apps/emqx_statsd/etc/emqx_statsd.conf
index 27c08d343..c714bbb2e 100644
--- a/apps/emqx_statsd/etc/emqx_statsd.conf
+++ b/apps/emqx_statsd/etc/emqx_statsd.conf
@@ -2,41 +2,12 @@
  ## Statsd for EMQ X
  ##--------------------------------------------------------------------
 
- ## The statsd server host
- ## 
- ## Default: "127.0.0.1"
- statsd.host = "127.0.0.1"
-
- ## The statsd server port
- ## 
- ## Default: "127.0.0.1"
- statsd.port = 8125
-
- ## statsd prefix
- ##
- ## Default: emqx
- # statsd.prefix = emqx
-
- ## statsd tag key
- ##
- # statsd.tag.1.key = from
-
- ## statsd tag value
- ##
- # statsd.tag.1.value = emqx
-
- ## statsd batch_size
- ## 
- ## Default: 10
- statsd.batch_size = 10
-
- ## statsd sample time interval
- ## 
- ## Default: 10s
- statsd.sample_time_interval = 10s
-
- ## statsd flush time interval
- ## 
- ## Default: 10s
- statsd.flush_time_interval = 10s
- 
\ No newline at end of file
+emqx_statsd:{
+    # statsd server
+    server: "127.0.0.1:8125"
+    batch_size: 10
+    prefix: "emqx"
+    tags: {"from": "emqx"}
+    sample_time_interval: "10s"
+    flush_time_interval: "10s"
+}
diff --git a/apps/emqx_statsd/priv/emqx_statsd.schema b/apps/emqx_statsd/priv/emqx_statsd.schema
deleted file mode 100644
index b509b4065..000000000
--- a/apps/emqx_statsd/priv/emqx_statsd.schema
+++ /dev/null
@@ -1,53 +0,0 @@
-%% emqx_statsd config
-
- {mapping, "statsd.host", "emqx_statsd.host", [
-   {default, "127.0.0.1"},
-   {datatype, string}
- ]}.
-
- {mapping, "statsd.port", "emqx_statsd.port", [
-   {default, 8125},
-   {datatype, integer}
- ]}.
-
- {mapping, "statsd.prefix", "emqx_statsd.prefix", [
-   {datatype, string}
- ]}.
-
- {mapping, "statsd.tag.$id.key", "emqx_statsd.tag", [
-   {datatype, string}
- ]}.
-
- {mapping, "statsd.tag.$id.value", "emqx_statsd.tag", [
-   {datatype, string}
- ]}.
-
- {mapping, "statsd.batch_size", "emqx_statsd.batch_size", [
-   {default, 10},
-   {datatype, integer}
- ]}.
-
- {mapping, "statsd.sample_time_interval", "emqx_statsd.sample_time_interval", [
-   {default, "2s"},
-   {datatype, {duration, ms}}
- ]}.
-
- {mapping, "statsd.flush_time_interval", "emqx_statsd.flush_time_interval", [
-   {default, "10s"},
-   {datatype, {duration, ms}}
- ]}.
-
- {translation, "emqx_stasd.host", fun(Conf) ->
-   {ok, IPAddress} = inet:parse_address(cuttlefish:conf_get("statsd.host", Conf, "127.0.0.1")),
-   IPAddress
- end}.
-
- {translation, "emqx_statsd.tag", fun(Conf) ->
-   Tags = cuttlefish_variable:filter_by_prefix("statsd.tag", Conf),
-   lists:foldl(
-     fun({["statsd", "tag", Id, "key"], Key}, AccIn) ->
-         [{Key, cuttlefish:conf_get("statsd." ++ Id ++ ".value", Conf)} | AccIn];
-        (_, AccIn) ->
-         AccIn
-     end, [], Tags)
- end}.
diff --git a/apps/emqx_statsd/src/emqx_statsd_app.erl b/apps/emqx_statsd/src/emqx_statsd_app.erl
index 45d2c9708..cd998b158 100644
--- a/apps/emqx_statsd/src/emqx_statsd_app.erl
+++ b/apps/emqx_statsd/src/emqx_statsd_app.erl
@@ -28,11 +28,11 @@
 
 start(_StartType, _StartArgs) ->
     {ok, Sup} = emqx_statsd_sup:start_link(),
-    emqx_statsd_sup:start_statsd(),
+    {ok, _} = emqx_statsd_sup:start_statsd(),
     ?LOG(info, "emqx statsd start: successfully"),
     {ok, Sup}.
 
- stop(_) ->
-    emqx_statsd_sup:stop_statsd(),
+stop(_) ->
+    ok = emqx_statsd_sup:stop_statsd(),
     ?LOG(info, "emqx statsd stop: successfully"),
     ok.
diff --git a/apps/emqx_statsd/src/emqx_statsd_schema.erl b/apps/emqx_statsd/src/emqx_statsd_schema.erl
new file mode 100644
index 000000000..fc45b41fc
--- /dev/null
+++ b/apps/emqx_statsd/src/emqx_statsd_schema.erl
@@ -0,0 +1,38 @@
+-module(emqx_statsd_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+        , fields/1]).
+
+structs() -> ["emqx_statsd"].
+
+fields("emqx_statsd") ->
+    [ {server, fun server/1}
+    , {prefix, fun prefix/1}
+    , {tags, map()}
+    , {batch_size, fun batch_size/1}
+    , {sample_time_interval, fun duration_s/1}
+    , {flush_time_interval,  fun duration_s/1}].
+
+server(type) -> string();
+server(default) -> "192.168.1.1:8125";
+server(not_nullable) -> true;
+server(_) -> undefined.
+
+prefix(type) -> string();
+prefix(default) -> "emqx";
+prefix(not_nullable) -> false;
+prefix(_) -> undefined.
+
+batch_size(type) -> integer();
+batch_size(not_nullable) -> true;
+batch_size(default) -> 10;
+batch_size(_) -> undefined.
+
+duration_s(type) -> emqx_schema:duration_s();
+duration_s(not_nullable) -> true;
+duration_s(default) -> "10s";
+duration_s(_) -> undefined.
diff --git a/apps/emqx_statsd/src/emqx_statsd_sup.erl b/apps/emqx_statsd/src/emqx_statsd_sup.erl
index e72f43225..91356f00f 100644
--- a/apps/emqx_statsd/src/emqx_statsd_sup.erl
+++ b/apps/emqx_statsd/src/emqx_statsd_sup.erl
@@ -19,15 +19,15 @@
      supervisor:start_link({local, ?MODULE}, ?MODULE, []).
 
  init([]) ->
-    {ok, { {one_for_one, 10, 100}, []} }.
+    {ok, {{one_for_one, 10, 100}, []}}.
 
 start_statsd() ->
     {ok, Pid} = supervisor:start_child(?MODULE, estatsd_child_spec()),
     {ok, _Pid1} = supervisor:start_child(?MODULE, emqx_statsd_child_spec(Pid)).
 
 stop_statsd() ->
-    supervisor:terminate_child(emqx_statsd_sup, emqx_statsd),
-    supervisor:terminate_child(emqx_statsd_sup, estatsd).
+    ok = supervisor:terminate_child(?MODULE, emqx_statsd),
+    ok = supervisor:terminate_child(?MODULE, estatsd).
 %%==============================================================================================
 %% internal
 estatsd_child_spec() ->
@@ -39,22 +39,36 @@ estatsd_child_spec() ->
     , modules  => [estatsd]}.
 
 estatsd_options() ->
-    Host = application:get_env(?APP, host, ?DEFAULT_HOST),
-    Port = application:get_env(?APP, port, ?DEFAULT_PORT),
-    Prefix = application:get_env(?APP, prefix, ?DEFAULT_PREFIX),
-    Tags = application:get_env(?APP, tags, ?DEFAULT_TAGS),
-    BatchSize = application:get_env(?APP, batch_size, ?DEFAULT_BATCH_SIZE),
+    Server = get_conf(server, {?DEFAULT_HOST, ?DEFAULT_PORT}),
+    {Host, Port} = host_port(Server),
+    Prefix = get_conf(prefix, ?DEFAULT_PREFIX),
+    Tags = tags(get_conf(tags, ?DEFAULT_TAGS)),
+    BatchSize = get_conf(batch_size, ?DEFAULT_BATCH_SIZE),
     [{host, Host}, {port, Port}, {prefix, Prefix}, {tags, Tags}, {batch_size, BatchSize}].
 
+host_port({Host, Port}) -> {Host, Port};
+host_port(Server) ->
+    case string:tokens(Server, ":") of
+        [Domain]       -> {Domain, ?DEFAULT_PORT};
+        [Domain, Port] -> {Domain, list_to_integer(Port)}
+    end.
+
+tags(Map) ->
+    Tags = maps:to_list(Map),
+    [{atom_to_binary(Key, utf8), Value} || {Key, Value} <- Tags].
+
 emqx_statsd_child_spec(Pid) ->
     #{id       => emqx_statsd
-    , start    => {emqx_statsd, start_link, [emqx_statsd_options(Pid)]}
+    , start    => {emqx_statsd, start_link, [[{estatsd_pid, Pid} | emqx_statsd_options()]]}
     , restart  => permanent
     , shutdown => 5000
     , type     => worker
     , modules  => [emqx_statsd]}.
 
-emqx_statsd_options(Pid) ->
-    SampleTimeInterval = application:get_env(?APP, sample_time_interval, ?DEFAULT_SAMPLE_TIME_INTERVAL),
-    FlushTimeInterval = application:get_env(?APP, flush_time_interval, ?DEFAULT_FLUSH_TIME_INTERVAL),
-    [{estatsd_pid, Pid}, {sample_time_interval, SampleTimeInterval}, {flush_time_interval, FlushTimeInterval}].
+emqx_statsd_options() ->
+    SampleTimeInterval = get_conf(sample_time_interval, ?DEFAULT_SAMPLE_TIME_INTERVAL),
+    FlushTimeInterval = get_conf(flush_time_interval, ?DEFAULT_FLUSH_TIME_INTERVAL),
+    [{sample_time_interval, SampleTimeInterval}, {flush_time_interval, FlushTimeInterval}].
+
+get_conf(Key, Default) ->
+    emqx_config:get([?APP, Key], Default).

From 8f8ff6ce6ddbed4844218fccdd5e604f1191708d Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 21 Jun 2021 10:05:26 +0800
Subject: [PATCH 090/174] chore(emqx edge): fix emqx edge running error

---
 rebar.config.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rebar.config.erl b/rebar.config.erl
index d62b1852c..98bbde4ca 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -369,7 +369,6 @@ etc_overlay(ReleaseType) ->
 extra_overlay(cloud) ->
     [ {copy,"{{base_dir}}/lib/emqx_lwm2m/lwm2m_xml","etc/"}
     , {copy, "{{base_dir}}/lib/emqx_psk_file/etc/psk.txt", "etc/psk.txt"}
-    , {copy, "{{base_dir}}/lib/emqx_data_bridge/etc/emqx_data_bridge.conf", "etc/plugins/emqx_data_bridge.conf"}
     ];
 extra_overlay(edge) ->
     [].
@@ -386,6 +385,7 @@ emqx_etc_overlay_common() ->
     [{"{{base_dir}}/lib/emqx/etc/acl.conf", "etc/acl.conf"},
      {"{{base_dir}}/lib/emqx/etc/emqx.conf", "etc/emqx.conf"},
      {"{{base_dir}}/lib/emqx/etc/ssl_dist.conf", "etc/ssl_dist.conf"},
+     {"{{base_dir}}/lib/emqx_data_bridge/etc/emqx_data_bridge.conf", "etc/plugins/emqx_data_bridge.conf"},
      %% TODO: check why it has to end with .paho
      %% and why it is put to etc/plugins dir
      {"{{base_dir}}/lib/emqx/etc/acl.conf.paho", "etc/plugins/acl.conf.paho"}].

From cd5431e71df2d9c81bbcdb8079bf7101e6c5e199 Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Mon, 21 Jun 2021 11:52:14 +0200
Subject: [PATCH 091/174] chore(emqx_lwm2m): pin lwm2m-coap v2.0.0

v2.0.0 has emqx_http_lib added as a rebar dependency
v1.* is for emqx v4.3.*
---
 apps/emqx_lwm2m/rebar.config | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/emqx_lwm2m/rebar.config b/apps/emqx_lwm2m/rebar.config
index 23b03eaa4..7700071ed 100644
--- a/apps/emqx_lwm2m/rebar.config
+++ b/apps/emqx_lwm2m/rebar.config
@@ -1,5 +1,7 @@
 {deps,
- [{lwm2m_coap, {git, "https://github.com/emqx/lwm2m-coap", {tag, "v1.1.5"}}}
+  %% lwm2m-coap v.1.* is for emqx v4.3.*
+  %% lwm2m-coap v.2.* is for emqx v5.*
+ [{lwm2m_coap, {git, "https://github.com/emqx/lwm2m-coap", {tag, "v2.0.0"}}}
  ]}.
 
 {profiles,

From 871f23f047dfa0196227301948b1055a8d491ab5 Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Tue, 22 Jun 2021 11:34:53 +0200
Subject: [PATCH 092/174] build: do not allow user override PKG_VSN

We have an assertion in code, allowing user to override
will compile but not run.
---
 apps/emqx/src/emqx_app.erl |  9 ++++++++-
 build                      |  2 +-
 rebar.config.erl           | 12 +-----------
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/apps/emqx/src/emqx_app.erl b/apps/emqx/src/emqx_app.erl
index fe21edff5..234f42645 100644
--- a/apps/emqx/src/emqx_app.erl
+++ b/apps/emqx/src/emqx_app.erl
@@ -122,7 +122,14 @@ get_release() ->
             release_in_macro();
         {_, Vsn} -> %% For emqx release build
             VsnStr = release_in_macro(),
-            1 = string:str(Vsn, VsnStr), %% assert
+            case string:str(Vsn, VsnStr) of
+                1 -> ok;
+                _ ->
+                    erlang:error(#{ reason => version_mismatch
+                                  , source => VsnStr
+                                  , built_for => Vsn
+                                  })
+            end,
             Vsn
     end.
 
diff --git a/build b/build
index be7813e66..ec533793e 100755
--- a/build
+++ b/build
@@ -12,7 +12,7 @@ ARTIFACT="$2"
 # ensure dir
 cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")"
 
-PKG_VSN="${PKG_VSN:-$(./pkg-vsn.sh)}"
+PKG_VSN="$(./pkg-vsn.sh)"
 export PKG_VSN
 
 if [ "$(uname -s)" = 'Darwin' ]; then
diff --git a/rebar.config.erl b/rebar.config.erl
index 98bbde4ca..fef4c864d 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -413,18 +413,8 @@ find_conf_files(App) ->
         false -> []
     end.
 
-env(Name, Default) ->
-    case os:getenv(Name) of
-        "" -> Default;
-        false -> Default;
-        Value -> Value
-    end.
-
 get_vsn() ->
-    PkgVsn = case env("PKG_VSN", false) of
-                 false -> os:cmd("./pkg-vsn.sh");
-                 Vsn -> Vsn
-             end,
+    PkgVsn = os:cmd("./pkg-vsn.sh"),
     re:replace(PkgVsn, "\n", "", [{return ,list}]).
 
 maybe_dump(Config) ->

From 39e4d348f685d005667ef09741bdb692aa690693 Mon Sep 17 00:00:00 2001
From: Rory Z <zhanghongtong@foxmail.com>
Date: Wed, 23 Jun 2021 10:55:38 +0800
Subject: [PATCH 093/174] feat: add authz (#4852)

* feat(authorization): add authorization api

* feat(authorization): add check function

* feat(authorization): use hocon config file

* feat(authz): add mysql connector

* feat(authz): support pgsql

* feat(connector): support redis

* chore(authz): use "publish/subscribe/all" instead of "pub/sub/pubsub"
---
 apps/emqx_authz/.gitignore                    |  19 ++
 apps/emqx_authz/README.md                     | 130 +++++++++
 apps/emqx_authz/etc/emqx_authz.conf           |  47 ++++
 apps/emqx_authz/include/emqx_authz.hrl        |  19 ++
 apps/emqx_authz/rebar.config                  |   7 +
 apps/emqx_authz/src/emqx_authz.app.src        |  16 ++
 apps/emqx_authz/src/emqx_authz.erl            | 261 ++++++++++++++++++
 apps/emqx_authz/src/emqx_authz_api.erl        |  91 ++++++
 apps/emqx_authz/src/emqx_authz_app.erl        |  20 ++
 apps/emqx_authz/src/emqx_authz_mysql.erl      | 141 ++++++++++
 apps/emqx_authz/src/emqx_authz_pgsql.erl      | 145 ++++++++++
 apps/emqx_authz/src/emqx_authz_redis.erl      |  97 +++++++
 apps/emqx_authz/src/emqx_authz_schema.erl     | 104 +++++++
 apps/emqx_authz/src/emqx_authz_sup.erl        |  35 +++
 apps/emqx_authz/test/emqx_authz_SUITE.erl     | 168 +++++++++++
 apps/emqx_authz/test/emqx_authz_api_SUITE.erl | 130 +++++++++
 .../test/emqx_authz_mysql_SUITE.erl           | 117 ++++++++
 .../test/emqx_authz_pgsql_SUITE.erl           | 117 ++++++++
 .../test/emqx_authz_redis_SUITE.erl           | 108 ++++++++
 apps/emqx_management/src/emqx_mgmt_http.erl   |  22 +-
 data/loaded_modules.tmpl                      |   1 -
 rebar.config                                  |   2 +-
 rebar.config.erl                              |   2 +
 23 files changed, 1782 insertions(+), 17 deletions(-)
 create mode 100644 apps/emqx_authz/.gitignore
 create mode 100644 apps/emqx_authz/README.md
 create mode 100644 apps/emqx_authz/etc/emqx_authz.conf
 create mode 100644 apps/emqx_authz/include/emqx_authz.hrl
 create mode 100644 apps/emqx_authz/rebar.config
 create mode 100644 apps/emqx_authz/src/emqx_authz.app.src
 create mode 100644 apps/emqx_authz/src/emqx_authz.erl
 create mode 100644 apps/emqx_authz/src/emqx_authz_api.erl
 create mode 100644 apps/emqx_authz/src/emqx_authz_app.erl
 create mode 100644 apps/emqx_authz/src/emqx_authz_mysql.erl
 create mode 100644 apps/emqx_authz/src/emqx_authz_pgsql.erl
 create mode 100644 apps/emqx_authz/src/emqx_authz_redis.erl
 create mode 100644 apps/emqx_authz/src/emqx_authz_schema.erl
 create mode 100644 apps/emqx_authz/src/emqx_authz_sup.erl
 create mode 100644 apps/emqx_authz/test/emqx_authz_SUITE.erl
 create mode 100644 apps/emqx_authz/test/emqx_authz_api_SUITE.erl
 create mode 100644 apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
 create mode 100644 apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
 create mode 100644 apps/emqx_authz/test/emqx_authz_redis_SUITE.erl

diff --git a/apps/emqx_authz/.gitignore b/apps/emqx_authz/.gitignore
new file mode 100644
index 000000000..f1c455451
--- /dev/null
+++ b/apps/emqx_authz/.gitignore
@@ -0,0 +1,19 @@
+.rebar3
+_*
+.eunit
+*.o
+*.beam
+*.plt
+*.swp
+*.swo
+.erlang.cookie
+ebin
+log
+erl_crash.dump
+.rebar
+logs
+_build
+.idea
+*.iml
+rebar3.crashdump
+*~
diff --git a/apps/emqx_authz/README.md b/apps/emqx_authz/README.md
new file mode 100644
index 000000000..0fddac9b0
--- /dev/null
+++ b/apps/emqx_authz/README.md
@@ -0,0 +1,130 @@
+# emqx_authz
+
+## Configure
+
+File: etc/pulgins/authz.conf
+
+```json
+authz:{
+    rules: [
+       {
+           type: mysql
+           config: {
+              server: "127.0.0.1:3306"
+              database: mqtt
+              pool_size: 1
+              username: root
+              password: public
+              auto_reconnect: true
+              ssl: false
+           }
+           sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or clientid = '%c'"
+       },
+       {
+           type: pgsql
+           config: {
+              server: "127.0.0.1:5432"
+              database: mqtt
+              pool_size: 1
+              username: root
+              password: public
+              auto_reconnect: true
+              ssl: false
+           }
+           sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
+       },
+       {
+           type: redis
+           config: {
+              servers: "127.0.0.1:6379"
+              database: 0
+              pool_size: 1
+              password: public
+              auto_reconnect: true
+              ssl: false
+           }
+           cmd: "HGETALL mqtt_acl:%u"
+       },
+       {
+					 principal: {username: "^admin?"}
+           permission: allow
+           action: subscribe
+           topics: ["$SYS/#"]
+       },
+       {
+           permission: deny
+           action: subscribe
+           topics: ["$SYS/#"]
+       },
+       {
+           permission: allow
+           action: all
+           topics: ["#"]
+       }
+    ]
+}
+```
+
+## Database Management
+
+#### Mysql
+
+Create Example Table
+
+```sql
+CREATE TABLE `mqtt_acl` (
+  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
+  `ipaddress` VARCHAR(60) NOT NULL DEFAULT '',
+  `username` VARCHAR(100) NOT NULL DEFAULT '',
+  `clientid` VARCHAR(100) NOT NULL DEFAULT '',
+  `action` ENUM('publish', 'subscribe', 'all') NOT NULL,
+  `permission` ENUM('allow', 'deny') NOT NULL,
+  `topic` VARCHAR(100) NOT NULL DEFAULT '',
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+```
+
+Sample data in the default configuration:
+
+```sql
+-- Only 127.0.0.1 users can subscribe to system topics
+INSERT INTO mqtt_acl (ipaddress, username, clientid, action, permission, topic) VALUES ('127.0.0.1', '', '', 'subscribe', 'allow', '$SYS/#');
+```
+
+#### Pgsql
+
+Create Example Table
+
+```sql
+CREATE TYPE ACTION AS ENUM('publish','subscribe','all');
+CREATE TYPE PERMISSION AS ENUM('allow','deny');
+
+CREATE TABLE mqtt_acl (
+  id SERIAL PRIMARY KEY,
+  ipaddress CHARACTER VARYING(60) NOT NULL DEFAULT '',
+  username CHARACTER VARYING(100) NOT NULL DEFAULT '',
+  clientid CHARACTER VARYING(100) NOT NULL DEFAULT '',
+  action ACTION,
+  permission PERMISSION,
+  topic CHARACTER VARYING(100) NOT NULL
+);
+
+```
+
+Sample data in the default configuration:
+
+```sql
+-- Only 127.0.0.1 users can subscribe to system topics
+INSERT INTO mqtt_acl (ipaddress, username, clientid, action, permission, topic) VALUES ('127.0.0.1', '', '', 'subscribe', 'allow', '$SYS/#');
+```
+
+#### Redis
+
+Sample data in the default configuration:
+
+```
+HSET mqtt_acl:emqx '$SYS/#' subscribe
+```
+
+A rule of Redis ACL defines `publish`, `subscribe`, or `all `information. All lists in the rule are **allow** lists.
+
diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf
new file mode 100644
index 000000000..b97bc12f0
--- /dev/null
+++ b/apps/emqx_authz/etc/emqx_authz.conf
@@ -0,0 +1,47 @@
+authz:{
+    rules: [
+       # {
+       #     type: mysql
+       #     config: {
+       #        server: "127.0.0.1:3306"
+       #        database: mqtt
+       #        pool_size: 1
+       #        username: root
+       #        password: public
+       #        auto_reconnect: true
+       #        ssl: false
+       #     }
+       #     sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or clientid = '%c'"
+       # },
+       # {
+       #     type: pgsql
+       #     config: {
+       #        server: "127.0.0.1:5432"
+       #        database: mqtt
+       #        pool_size: 1
+       #        username: root
+       #        password: public
+       #        auto_reconnect: true
+       #        ssl: false
+       #     }
+       #     sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
+       # },
+       # {
+       #     type: redis
+       #     config: {
+       #        servers: "127.0.0.1:6379"
+       #        database: 0
+       #        pool_size: 1
+       #        password: public
+       #        auto_reconnect: true
+       #        ssl: false
+       #     }
+       #     cmd: "HGETALL mqtt_acl:%u"
+       # },
+       {
+           permission: allow
+           action: all
+           topics: ["#"]
+       }
+    ]
+}
diff --git a/apps/emqx_authz/include/emqx_authz.hrl b/apps/emqx_authz/include/emqx_authz.hrl
new file mode 100644
index 000000000..ca595525d
--- /dev/null
+++ b/apps/emqx_authz/include/emqx_authz.hrl
@@ -0,0 +1,19 @@
+-type(rule() :: #{binary() => any()}).
+-type(rules() :: [rule()]).
+
+-define(APP, emqx_authz).
+
+-define(ALLOW_DENY(A), ((A =:= allow) orelse (A =:= deny))).
+-define(PUBSUB(A), ((A =:= subscribe) orelse (A =:= publish) orelse (A =:= all))).
+
+-record(acl_metrics, {
+        allow = 'client.acl.allow',
+        deny = 'client.acl.deny',
+        ignore = 'client.acl.ignore'
+    }).
+
+-define(METRICS(Type), tl(tuple_to_list(#Type{}))).
+-define(METRICS(Type, K), #Type{}#Type.K).
+
+-define(ACL_METRICS, ?METRICS(acl_metrics)).
+-define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_authz/rebar.config b/apps/emqx_authz/rebar.config
new file mode 100644
index 000000000..ba38cc642
--- /dev/null
+++ b/apps/emqx_authz/rebar.config
@@ -0,0 +1,7 @@
+{erl_opts, [debug_info, nowarn_unused_import]}.
+{deps, []}.
+
+{shell, [
+  % {config, "config/sys.config"},
+    {apps, [emqx_authz]}
+]}.
diff --git a/apps/emqx_authz/src/emqx_authz.app.src b/apps/emqx_authz/src/emqx_authz.app.src
new file mode 100644
index 000000000..10801eca1
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz.app.src
@@ -0,0 +1,16 @@
+{application, emqx_authz,
+ [{description, "An OTP application"},
+  {vsn, "0.1.0"},
+  {registered, []},
+  {mod, {emqx_authz_app, []}},
+  {applications,
+   [kernel,
+    stdlib,
+    emqx_connector
+   ]},
+  {env,[]},
+  {modules, []},
+
+  {licenses, ["Apache 2.0"]},
+  {links, []}
+ ]}.
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
new file mode 100644
index 000000000..0880ef4ae
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -0,0 +1,261 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz).
+
+-include("emqx_authz.hrl").
+-include_lib("emqx/include/logger.hrl").
+
+-logger_header("[AuthZ]").
+
+-export([ register_metrics/0
+        , init/0
+        , compile/1
+        , lookup/0
+        , update/1
+        , check_authz/5
+        , match/4
+        ]).
+
+-spec(register_metrics() -> ok).
+register_metrics() ->
+    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
+
+init() ->
+    ok = register_metrics(),
+    Conf = filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'),
+    {ok, RawConf} = hocon:load(Conf),
+    #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:check_plain(emqx_authz_schema, RawConf),
+    ok = application:set_env(?APP, rules, Rules),
+    NRules = [compile(Rule) || Rule <- Rules],
+    ok = emqx_hooks:add('client.check_acl', {?MODULE, check_authz, [NRules]},  -1).
+
+lookup() ->
+    application:get_env(?APP, rules, []).
+
+update(Rules) ->
+    ok = application:set_env(?APP, rules, Rules),
+    NRules = [compile(Rule) || Rule <- Rules],
+    Action = find_action_in_hooks(),
+    ok = emqx_hooks:del('client.check_acl', Action),
+    ok = emqx_hooks:add('client.check_acl', {?MODULE, check_authz, [NRules]},  -1),
+    ok = emqx_acl_cache:empty_acl_cache().
+
+%%--------------------------------------------------------------------
+%% Internal functions
+%%--------------------------------------------------------------------
+
+find_action_in_hooks() ->
+    Callbacks = emqx_hooks:lookup('client.check_acl'),
+    [Action] = [Action || {callback,{?MODULE, check_authz, _} = Action, _, _} <- Callbacks ],
+    Action.
+
+create_resource(#{<<"type">> := DB,
+                  <<"config">> := Config
+                 } = Rule) ->
+    ResourceID = iolist_to_binary([io_lib:format("~s_~s",[?APP, DB]), "_", integer_to_list(erlang:system_time())]),
+    case emqx_resource:check_and_create(
+            ResourceID,
+            list_to_existing_atom(io_lib:format("~s_~s",[emqx_connector, DB])),
+            Config)
+    of
+        {ok, _} ->
+            Rule#{<<"resource_id">> => ResourceID};
+        {error, already_created} ->
+            Rule#{<<"resource_id">> => ResourceID};
+        {error, Reason} ->
+            error({load_sql_error, Reason})
+    end.
+
+-spec(compile(rule()) -> rule()).
+compile(#{<<"topics">> := Topics,
+          <<"action">> := Action,
+          <<"permission">> := Permission,
+          <<"principal">> := Principal
+         } = Rule) when ?ALLOW_DENY(Permission), ?PUBSUB(Action), is_list(Topics) ->
+    NTopics = [compile_topic(Topic) || Topic <- Topics],
+    Rule#{<<"principal">> => compile_principal(Principal),
+          <<"topics">> => NTopics
+         };
+
+compile(#{<<"principal">> := Principal,
+          <<"type">> := redis
+         } = Rule) ->
+    NRule = create_resource(Rule),
+    NRule#{<<"principal">> => compile_principal(Principal)};
+
+compile(#{<<"principal">> := Principal,
+          <<"type">> := DB,
+          <<"sql">> := SQL
+         } = Rule) when DB =:= mysql;
+                        DB =:= pgsql ->
+    Mod = list_to_existing_atom(io_lib:format("~s_~s",[?APP, DB])),
+    NRule = create_resource(Rule),
+    NRule#{<<"principal">> => compile_principal(Principal),
+           <<"sql">> => Mod:parse_query(SQL)
+          }.
+
+compile_principal(all) -> all;
+compile_principal(#{<<"username">> := Username}) ->
+    {ok, MP} = re:compile(bin(Username)),
+    #{<<"username">> => MP};
+compile_principal(#{<<"clientid">> := Clientid}) ->
+    {ok, MP} = re:compile(bin(Clientid)),
+    #{<<"clientid">> => MP};
+compile_principal(#{<<"ipaddress">> := IpAddress}) ->
+    #{<<"ipaddress">> => esockd_cidr:parse(b2l(IpAddress), true)};
+compile_principal(#{<<"and">> := Principals}) when is_list(Principals) ->
+    #{<<"and">> => [compile_principal(Principal) || Principal <- Principals]};
+compile_principal(#{<<"or">> := Principals}) when is_list(Principals) ->
+    #{<<"or">> => [compile_principal(Principal) || Principal <- Principals]}.
+
+compile_topic(<<"eq ", Topic/binary>>) ->
+    compile_topic(#{<<"eq">> => Topic});
+compile_topic(#{<<"eq">> := Topic}) ->
+    #{<<"eq">> => emqx_topic:words(bin(Topic))};
+compile_topic(Topic) when is_binary(Topic)->
+    Words = emqx_topic:words(bin(Topic)),
+    case pattern(Words) of
+        true  -> #{<<"pattern">> => Words};
+        false -> Words
+    end.
+
+pattern(Words) ->
+    lists:member(<<"%u">>, Words) orelse lists:member(<<"%c">>, Words).
+
+bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
+bin(B) when is_binary(B) -> B;
+bin(L) when is_list(L) -> list_to_binary(L);
+bin(X) -> X.
+
+b2l(B) when is_list(B) -> B;
+b2l(B) when is_binary(B) -> binary_to_list(B).
+
+%%--------------------------------------------------------------------
+%% ACL callbacks
+%%--------------------------------------------------------------------
+
+%% @doc Check ACL
+-spec(check_authz(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), emqx_permission_rule:acl_result(), rules())
+      -> {ok, allow} | {ok, deny} | deny).
+check_authz(#{username := Username,
+              peerhost := IpAddress
+             } = Client, PubSub, Topic, DefaultResult, Rules) ->
+    case do_check_authz(Client, PubSub, Topic, Rules) of
+        {matched, allow} ->
+            ?LOG(info, "Client succeeded authorizationa: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
+            emqx_metrics:inc(?ACL_METRICS(allow)),
+            {stop, allow};
+        {matched, deny} ->
+            ?LOG(info, "Client failed authorizationa: Username: ~p, IP: ~p, Topic: ~p, Permission: deny", [Username, IpAddress, Topic]),
+            emqx_metrics:inc(?ACL_METRICS(deny)),
+            {stop, deny};
+        nomatch ->
+            ?LOG(info, "Client failed authorizationa: Username: ~p, IP: ~p, Topic: ~p, Reasion: ~p", [Username, IpAddress, Topic, "no-match rule"]),
+            DefaultResult
+    end.
+
+do_check_authz(Client, PubSub, Topic,
+               [Connector = #{<<"principal">> := Principal,
+                              <<"type">> := DB} | Tail] ) ->
+    case match_principal(Client, Principal) of
+        true ->
+            Mod = list_to_existing_atom(io_lib:format("~s_~s",[emqx_authz, DB])),
+            case Mod:check_authz(Client, PubSub, Topic, Connector) of
+                nomatch -> do_check_authz(Client, PubSub, Topic, Tail);
+                Matched -> Matched
+            end;
+        false -> do_check_authz(Client, PubSub, Topic, Tail)
+    end;
+do_check_authz(Client, PubSub, Topic,
+               [#{<<"permission">> := Permission} = Rule | Tail]) ->
+    case match(Client, PubSub, Topic, Rule) of
+        true -> {matched, Permission};
+        false -> do_check_authz(Client, PubSub, Topic, Tail)
+    end;
+do_check_authz(_Client, _PubSub, _Topic, []) -> nomatch.
+
+match(Client, PubSub, Topic,
+      #{<<"principal">> := Principal,
+        <<"topics">> := TopicFilters,
+        <<"action">> := Action
+       }) ->
+    match_action(PubSub, Action) andalso
+    match_principal(Client, Principal) andalso
+    match_topics(Client, Topic, TopicFilters).
+
+match_action(publish, publish) -> true;
+match_action(subscribe, subscribe) -> true;
+match_action(_, all) -> true;
+match_action(_, _) -> false.
+
+match_principal(_, all) -> true;
+match_principal(#{username := undefined}, #{<<"username">> := _MP}) ->
+    false;
+match_principal(#{username := Username}, #{<<"username">> := MP}) ->
+    case re:run(Username, MP) of
+        {match, _} -> true;
+        _ -> false
+    end;
+match_principal(#{clientid := Clientid}, #{<<"clientid">> := MP}) ->
+    case re:run(Clientid, MP) of
+        {match, _} -> true;
+        _ -> false
+    end;
+match_principal(#{peerhost := undefined}, #{<<"ipaddress">> := _CIDR}) ->
+    false;
+match_principal(#{peerhost := IpAddress}, #{<<"ipaddress">> := CIDR}) ->
+    esockd_cidr:match(IpAddress, CIDR);
+match_principal(ClientInfo, #{<<"and">> := Principals}) when is_list(Principals) ->
+    lists:foldl(fun(Principal, Permission) ->
+                  match_principal(ClientInfo, Principal) andalso Permission
+                end, true, Principals);
+match_principal(ClientInfo, #{<<"or">> := Principals}) when is_list(Principals) ->
+    lists:foldl(fun(Principal, Permission) ->
+                  match_principal(ClientInfo, Principal) orelse Permission
+                end, false, Principals);
+match_principal(_, _) -> false.
+
+match_topics(_ClientInfo, _Topic, []) ->
+    false;
+match_topics(ClientInfo, Topic, [#{<<"pattern">> := PatternFilter}|Filters]) ->
+    TopicFilter = feed_var(ClientInfo, PatternFilter),
+    match_topic(emqx_topic:words(Topic), TopicFilter)
+        orelse match_topics(ClientInfo, Topic, Filters);
+match_topics(ClientInfo, Topic, [TopicFilter|Filters]) ->
+   match_topic(emqx_topic:words(Topic), TopicFilter)
+       orelse match_topics(ClientInfo, Topic, Filters).
+
+match_topic(Topic, #{<<"eq">> := TopicFilter}) ->
+    Topic == TopicFilter;
+match_topic(Topic, TopicFilter) ->
+    emqx_topic:match(Topic, TopicFilter).
+
+feed_var(ClientInfo, Pattern) ->
+    feed_var(ClientInfo, Pattern, []).
+feed_var(_ClientInfo, [], Acc) ->
+    lists:reverse(Acc);
+feed_var(ClientInfo = #{clientid := undefined}, [<<"%c">>|Words], Acc) ->
+    feed_var(ClientInfo, Words, [<<"%c">>|Acc]);
+feed_var(ClientInfo = #{clientid := ClientId}, [<<"%c">>|Words], Acc) ->
+    feed_var(ClientInfo, Words, [ClientId |Acc]);
+feed_var(ClientInfo = #{username := undefined}, [<<"%u">>|Words], Acc) ->
+    feed_var(ClientInfo, Words, [<<"%u">>|Acc]);
+feed_var(ClientInfo = #{username := Username}, [<<"%u">>|Words], Acc) ->
+    feed_var(ClientInfo, Words, [Username|Acc]);
+feed_var(ClientInfo, [W|Words], Acc) ->
+    feed_var(ClientInfo, Words, [W|Acc]).
+
diff --git a/apps/emqx_authz/src/emqx_authz_api.erl b/apps/emqx_authz/src/emqx_authz_api.erl
new file mode 100644
index 000000000..6b4ed6c74
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz_api.erl
@@ -0,0 +1,91 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_api).
+
+-include("emqx_authz.hrl").
+
+-rest_api(#{name   => lookup_authz,
+            method => 'GET',
+            path   => "/authz",
+            func   => lookup_authz,
+            descr  => "Lookup Authorization"
+           }).
+
+-rest_api(#{name   => update_authz,
+            method => 'PUT',
+            path   => "/authz",
+            func   => update_authz,
+            descr  => "Rewrite authz list"
+           }).
+
+-rest_api(#{name   => append_authz,
+            method => 'POST',
+            path   => "/authz/append",
+            func   => append_authz,
+            descr  => "Add a new rule at the end of the authz list"
+           }).
+
+-rest_api(#{name   => push_authz,
+            method => 'POST',
+            path   => "/authz/push",
+            func   => push_authz,
+            descr  => "Add a new rule at the start of the authz list"
+           }).
+
+-export([ lookup_authz/2
+        , update_authz/2
+        , append_authz/2
+        , push_authz/2
+        ]).
+
+lookup_authz(_Bindings, _Params) ->
+    minirest:return({ok, emqx_authz:lookup()}).
+
+update_authz(_Bindings, Params) ->
+    Rules = get_rules(Params),
+    minirest:return(emqx_authz:update(Rules)).
+
+append_authz(_Bindings, Params) ->
+    Rules = get_rules(Params),
+    NRules = lists:append(emqx_authz:lookup(), Rules),
+    minirest:return(emqx_authz:update(NRules)).
+
+push_authz(_Bindings, Params) ->
+    Rules = get_rules(Params),
+    NRules = lists:append(Rules, emqx_authz:lookup()),
+    minirest:return(emqx_authz:update(NRules)).
+
+%%------------------------------------------------------------------------------
+%% Interval Funcs
+%%------------------------------------------------------------------------------
+
+get_rules(Params) ->
+    % #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:check_plain(emqx_authz_schema, #{<<"authz">> => Params}),
+    {ok, Conf} = hocon:binary(jsx:encode(#{<<"authz">> => Params}), #{format => richmap}),
+    CheckConf = hocon_schema:check(emqx_authz_schema, Conf),
+    #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:richmap_to_map(CheckConf),
+    Rules.
+
+%%--------------------------------------------------------------------
+%% EUnits
+%%--------------------------------------------------------------------
+
+-ifdef(TEST).
+-include_lib("eunit/include/eunit.hrl").
+
+
+-endif.
diff --git a/apps/emqx_authz/src/emqx_authz_app.erl b/apps/emqx_authz/src/emqx_authz_app.erl
new file mode 100644
index 000000000..460d7cbf9
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz_app.erl
@@ -0,0 +1,20 @@
+%%%-------------------------------------------------------------------
+%% @doc emqx_authz public API
+%% @end
+%%%-------------------------------------------------------------------
+
+-module(emqx_authz_app).
+
+-behaviour(application).
+
+-export([start/2, stop/1]).
+
+start(_StartType, _StartArgs) ->
+    {ok, Sup} = emqx_authz_sup:start_link(),
+    ok = emqx_authz:init(),
+    {ok, Sup}.
+
+stop(_State) ->
+    ok.
+
+%% internal functions
diff --git a/apps/emqx_authz/src/emqx_authz_mysql.erl b/apps/emqx_authz/src/emqx_authz_mysql.erl
new file mode 100644
index 000000000..c1ab20125
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz_mysql.erl
@@ -0,0 +1,141 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_mysql).
+
+-include("emqx_authz.hrl").
+-include_lib("emqx/include/emqx.hrl").
+-include_lib("emqx/include/logger.hrl").
+
+%% ACL Callbacks
+-export([ description/0
+        , parse_query/1
+        , check_authz/4
+        ]).
+
+-ifdef(TEST).
+-compile(export_all).
+-compile(nowarn_export_all).
+-endif.
+
+description() ->
+    "AuthZ with Mysql".
+
+parse_query(undefined) ->
+    undefined;
+parse_query(Sql) ->
+    case re:run(Sql, "'%[ucCad]'", [global, {capture, all, list}]) of
+        {match, Variables} ->
+            Params = [Var || [Var] <- Variables],
+            {re:replace(Sql, "'%[ucCad]'", "?", [global, {return, list}]), Params};
+        nomatch ->
+            {Sql, []}
+    end.
+
+check_authz(Client, PubSub, Topic,
+            #{<<"resource_id">> := ResourceID,
+              <<"sql">> := {SQL, Params}
+             }) ->
+    case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of
+        {ok, _Columns, []} -> nomatch;
+        {ok, Columns, Rows} ->
+            do_check_authz(Client, PubSub, Topic, Columns, Rows);
+        {error, Reason} ->
+            ?LOG(error, "[AuthZ] Query mysql error: ~p~n", [Reason]),
+            nomatch
+    end.
+
+do_check_authz(_Client, _PubSub, _Topic, _Columns, []) ->
+    nomatch;
+do_check_authz(Client, PubSub, Topic, Columns, [Row | Tail]) ->
+    case match(Client, PubSub, Topic, format_result(Columns, Row)) of
+        {matched, Permission} -> {matched, Permission};
+        nomatch -> do_check_authz(Client, PubSub, Topic, Columns, Tail)
+    end.
+
+format_result(Columns, Row) ->
+    L = [ begin
+              K = lists:nth(I, Columns),
+              V = lists:nth(I, Row),
+              {K, V}
+          end || I <- lists:seq(1, length(Columns)) ],
+    maps:from_list(L).
+
+match(Client, PubSub, Topic,
+      #{<<"permission">> := Permission,
+        <<"action">> := Action,
+        <<"clientid">> := ClientId,
+        <<"username">> := Username,
+        <<"ipaddress">> := IpAddress,
+        <<"topic">> := TopicFilter
+       }) ->
+    Rule = #{<<"principal">> => principal(IpAddress, Username, ClientId),
+             <<"topics">> => [TopicFilter],
+             <<"action">> => Action,
+             <<"permission">> =>  Permission
+            },
+    #{<<"simple_rule">> :=
+      #{<<"permission">> := NPermission} = NRule
+     } = hocon_schema:check_plain(
+            emqx_authz_schema,
+            #{<<"simple_rule">> => Rule},
+            #{},
+            [simple_rule]),
+    case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of
+        true -> {matched, NPermission};
+        false -> nomatch
+    end.
+
+principal(CIDR, Username, ClientId) ->
+    Cols = [{<<"ipaddress">>, CIDR}, {<<"username">>, Username}, {<<"clientid">>, ClientId}],
+    case [#{C => V} || {C, V} <- Cols, not empty(V)] of
+        [] -> throw(undefined_who);
+        [Who] -> Who;
+        Conds -> #{<<"and">> => Conds}
+    end.
+
+empty(null) -> true;
+empty("")   -> true;
+empty(<<>>) -> true;
+empty(_)    -> false.
+
+replvar(Params, ClientInfo) ->
+    replvar(Params, ClientInfo, []).
+
+replvar([], _ClientInfo, Acc) ->
+    lists:reverse(Acc);
+
+replvar(["'%u'" | Params], ClientInfo, Acc) ->
+    replvar(Params, ClientInfo, [safe_get(username, ClientInfo) | Acc]);
+replvar(["'%c'" | Params], ClientInfo = #{clientid := ClientId}, Acc) ->
+    replvar(Params, ClientInfo, [ClientId | Acc]);
+replvar(["'%a'" | Params], ClientInfo = #{peerhost := IpAddr}, Acc) ->
+    replvar(Params, ClientInfo, [inet_parse:ntoa(IpAddr) | Acc]);
+replvar(["'%C'" | Params], ClientInfo, Acc) ->
+    replvar(Params, ClientInfo, [safe_get(cn, ClientInfo)| Acc]);
+replvar(["'%d'" | Params], ClientInfo, Acc) ->
+    replvar(Params, ClientInfo, [safe_get(dn, ClientInfo)| Acc]);
+replvar([Param | Params], ClientInfo, Acc) ->
+    replvar(Params, ClientInfo, [Param | Acc]).
+
+safe_get(K, ClientInfo) ->
+    bin(maps:get(K, ClientInfo, "undefined")).
+
+bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
+bin(B) when is_binary(B) -> B;
+bin(L) when is_list(L) -> list_to_binary(L);
+bin(X) -> X.
+
diff --git a/apps/emqx_authz/src/emqx_authz_pgsql.erl b/apps/emqx_authz/src/emqx_authz_pgsql.erl
new file mode 100644
index 000000000..edea8102f
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz_pgsql.erl
@@ -0,0 +1,145 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_pgsql).
+
+-include("emqx_authz.hrl").
+-include_lib("emqx/include/emqx.hrl").
+-include_lib("emqx/include/logger.hrl").
+
+%% ACL Callbacks
+-export([ description/0
+        , parse_query/1
+        , check_authz/4
+        ]).
+
+-ifdef(TEST).
+-compile(export_all).
+-compile(nowarn_export_all).
+-endif.
+
+description() ->
+    "AuthZ with pgsql".
+
+parse_query(undefined) ->
+    undefined;
+parse_query(Sql) ->
+    case re:run(Sql, "'%[ucCad]'", [global, {capture, all, list}]) of
+        {match, Variables} ->
+            Params = [Var || [Var] <- Variables],
+            Vars = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(Params))],
+            NSql = lists:foldl(fun({Param, Var}, S) ->
+                       re:replace(S, Param, Var, [{return, list}])
+                   end, Sql, lists:zip(Params, Vars)),
+            {NSql, Params};
+        nomatch ->
+            {Sql, []}
+    end.
+
+check_authz(Client, PubSub, Topic,
+            #{<<"resource_id">> := ResourceID,
+              <<"sql">> := {SQL, Params}
+             }) ->
+    case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of
+        {ok, _Columns, []} -> nomatch;
+        {ok, Columns, Rows} ->
+            do_check_authz(Client, PubSub, Topic, Columns, Rows);
+        {error, Reason} ->
+            ?LOG(error, "[AuthZ] Query pgsql error: ~p~n", [Reason]),
+            nomatch
+    end.
+
+do_check_authz(_Client, _PubSub, _Topic, _Columns, []) ->
+    nomatch;
+do_check_authz(Client, PubSub, Topic, Columns, [Row | Tail]) ->
+    case match(Client, PubSub, Topic, format_result(Columns, Row)) of
+        {matched, Permission} -> {matched, Permission};
+        nomatch -> do_check_authz(Client, PubSub, Topic, Columns, Tail)
+    end.
+
+format_result(Columns, Row) ->
+    L = [ begin
+              {column, K, _, _, _, _, _, _, _} = lists:nth(I, Columns),
+              V = lists:nth(I, tuple_to_list(Row)),
+              {K, V}
+          end || I <- lists:seq(1, length(Columns)) ],
+    maps:from_list(L).
+
+match(Client, PubSub, Topic,
+      #{<<"permission">> := Permission,
+        <<"action">> := Action,
+        <<"clientid">> := ClientId,
+        <<"username">> := Username,
+        <<"ipaddress">> := IpAddress,
+        <<"topic">> := TopicFilter
+       }) ->
+    Rule = #{<<"principal">> => principal(IpAddress, Username, ClientId),
+             <<"topics">> => [TopicFilter],
+             <<"action">> => Action,
+             <<"permission">> =>  Permission
+            },
+    #{<<"simple_rule">> :=
+      #{<<"permission">> := NPermission} = NRule
+     } = hocon_schema:check_plain(
+            emqx_authz_schema,
+            #{<<"simple_rule">> => Rule},
+            #{},
+            [simple_rule]),
+    case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of
+        true -> {matched, NPermission};
+        false -> nomatch
+    end.
+
+principal(CIDR, Username, ClientId) ->
+    Cols = [{<<"ipaddress">>, CIDR}, {<<"username">>, Username}, {<<"clientid">>, ClientId}],
+    case [#{C => V} || {C, V} <- Cols, not empty(V)] of
+        [] -> throw(undefined_who);
+        [Who] -> Who;
+        Conds -> #{<<"and">> => Conds}
+    end.
+
+empty(null) -> true;
+empty("")   -> true;
+empty(<<>>) -> true;
+empty(_)    -> false.
+
+replvar(Params, ClientInfo) ->
+    replvar(Params, ClientInfo, []).
+
+replvar([], _ClientInfo, Acc) ->
+    lists:reverse(Acc);
+
+replvar(["'%u'" | Params], ClientInfo, Acc) ->
+    replvar(Params, ClientInfo, [safe_get(username, ClientInfo) | Acc]);
+replvar(["'%c'" | Params], ClientInfo = #{clientid := ClientId}, Acc) ->
+    replvar(Params, ClientInfo, [ClientId | Acc]);
+replvar(["'%a'" | Params], ClientInfo = #{peerhost := IpAddr}, Acc) ->
+    replvar(Params, ClientInfo, [inet_parse:ntoa(IpAddr) | Acc]);
+replvar(["'%C'" | Params], ClientInfo, Acc) ->
+    replvar(Params, ClientInfo, [safe_get(cn, ClientInfo)| Acc]);
+replvar(["'%d'" | Params], ClientInfo, Acc) ->
+    replvar(Params, ClientInfo, [safe_get(dn, ClientInfo)| Acc]);
+replvar([Param | Params], ClientInfo, Acc) ->
+    replvar(Params, ClientInfo, [Param | Acc]).
+
+safe_get(K, ClientInfo) ->
+    bin(maps:get(K, ClientInfo, "undefined")).
+
+bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
+bin(B) when is_binary(B) -> B;
+bin(L) when is_list(L) -> list_to_binary(L);
+bin(X) -> X.
+
diff --git a/apps/emqx_authz/src/emqx_authz_redis.erl b/apps/emqx_authz/src/emqx_authz_redis.erl
new file mode 100644
index 000000000..7a85b26af
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz_redis.erl
@@ -0,0 +1,97 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_redis).
+
+-include("emqx_authz.hrl").
+-include_lib("emqx/include/emqx.hrl").
+-include_lib("emqx/include/logger.hrl").
+
+%% ACL Callbacks
+-export([ check_authz/4
+        , description/0
+        ]).
+
+-ifdef(TEST).
+-compile(export_all).
+-compile(nowarn_export_all).
+-endif.
+
+description() ->
+    "AuthZ with redis".
+
+check_authz(Client, PubSub, Topic,
+            #{<<"resource_id">> := ResourceID,
+              <<"cmd">> := CMD 
+             }) ->
+    NCMD = string:tokens(replvar(CMD, Client), " "),
+    case emqx_resource:query(ResourceID, {cmd, NCMD}) of
+        {ok, []} -> nomatch;
+        {ok, Rows} ->
+            do_check_authz(Client, PubSub, Topic, Rows);
+        {error, Reason} ->
+            ?LOG(error, "[AuthZ] Query redis error: ~p", [Reason]),
+            nomatch
+    end.
+
+do_check_authz(_Client, _PubSub, _Topic, []) ->
+    nomatch;
+do_check_authz(Client, PubSub, Topic, [TopicFilter, Action | Tail]) ->
+    case match(Client, PubSub, Topic, 
+               #{topics => TopicFilter,
+                 action => Action
+                }) 
+    of
+        {matched, Permission} -> {matched, Permission};
+        nomatch -> do_check_authz(Client, PubSub, Topic, Tail)
+    end.
+
+match(Client, PubSub, Topic, 
+      #{topics := TopicFilter,
+        action := Action
+       }) ->
+    Rule = #{<<"principal">> => all,
+             <<"topics">> => [TopicFilter],
+             <<"action">> => Action,
+             <<"permission">> => allow
+            },
+    #{<<"simple_rule">> := NRule
+     } = hocon_schema:check_plain(
+            emqx_authz_schema,
+            #{<<"simple_rule">> => Rule},
+            #{},
+            [simple_rule]),
+    case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of
+        true -> {matched, allow};
+        false -> nomatch
+    end.
+
+replvar(Cmd, Client = #{cn := CN}) ->
+    replvar(repl(Cmd, "%C", CN), maps:remove(cn, Client));
+replvar(Cmd, Client = #{dn := DN}) ->
+    replvar(repl(Cmd, "%d", DN), maps:remove(dn, Client));
+replvar(Cmd, Client = #{clientid := ClientId}) ->
+    replvar(repl(Cmd, "%c", ClientId), maps:remove(clientid, Client));
+replvar(Cmd, Client = #{username := Username}) ->
+    replvar(repl(Cmd, "%u", Username), maps:remove(username, Client));
+replvar(Cmd, _) ->
+    Cmd.
+
+repl(S, _Var, undefined) ->
+    S;
+repl(S, Var, Val) ->
+    NVal = re:replace(Val, "&", "\\\\&", [global, {return, list}]),
+    re:replace(S, Var, NVal, [{return, list}]).
diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl
new file mode 100644
index 000000000..1801583c8
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz_schema.erl
@@ -0,0 +1,104 @@
+-module(emqx_authz_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-type action() :: publish | subscribe | all.
+-type permission() :: allow | deny.
+
+-reflect_type([ permission/0
+              , action/0
+              ]).
+
+-export([structs/0, fields/1]).
+
+structs() -> [authz].
+
+fields(authz) ->
+    [ {rules, rules()}
+    ];
+fields(redis_connector) ->
+    [ {principal, principal()}
+    , {type, #{type => hoconsc:enum([redis])}}
+    , {config, #{type => map()}}
+    , {cmd, query()}
+    ];
+fields(sql_connector) ->
+    [ {principal, principal() }
+    , {type, #{type => hoconsc:enum([mysql, pgsql])}}
+    , {config, #{type => map()}}
+    , {sql, query()}
+    ];
+fields(simple_rule) ->
+    [ {permission,   #{type => permission()}}
+    , {action,   #{type => action()}}
+    , {topics,   #{type => union_array(
+                             [ binary()
+                             , hoconsc:ref(eq_topic) 
+                             ]
+                            )}}
+    , {principal, principal()}
+    ];
+fields(username) ->
+    [{username, #{type => binary()}}];
+fields(clientid) ->
+    [{clientid, #{type => binary()}}];
+fields(ipaddress) ->
+    [{ipaddress, #{type => string()}}];
+fields(andlist) ->
+    [{'and', #{type => union_array(
+                         [ hoconsc:ref(username)
+                         , hoconsc:ref(clientid)
+                         , hoconsc:ref(ipaddress)
+                         ])
+              }
+     }
+    ];
+fields(orlist) ->
+    [{'or', #{type => union_array(
+                         [ hoconsc:ref(username)
+                         , hoconsc:ref(clientid)
+                         , hoconsc:ref(ipaddress)
+                         ])
+              }
+     }
+    ];
+fields(eq_topic) ->
+    [{eq, #{type => binary()}}].
+
+
+%%--------------------------------------------------------------------
+%% Internal functions
+%%--------------------------------------------------------------------
+
+union_array(Item) when is_list(Item) ->
+    hoconsc:array(hoconsc:union(Item)).
+
+rules() -> 
+    #{type => union_array(
+                [ hoconsc:ref(simple_rule)
+                , hoconsc:ref(sql_connector)
+                , hoconsc:ref(redis_connector)
+                ])
+    }.
+
+principal() ->
+    #{default => all,
+      type => hoconsc:union(
+                [ all
+                , hoconsc:ref(username)
+                , hoconsc:ref(clientid)
+                , hoconsc:ref(ipaddress)
+                , hoconsc:ref(andlist)
+                , hoconsc:ref(orlist)
+                ])
+     }.
+
+query() ->
+    #{type => binary(),
+      validator => fun(S) ->
+                         case size(S) > 0 of
+                             true -> ok;
+                             _ -> {error, "Request query"}
+                         end
+                       end
+     }.
diff --git a/apps/emqx_authz/src/emqx_authz_sup.erl b/apps/emqx_authz/src/emqx_authz_sup.erl
new file mode 100644
index 000000000..11a9eb71b
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz_sup.erl
@@ -0,0 +1,35 @@
+%%%-------------------------------------------------------------------
+%% @doc emqx_authz top level supervisor.
+%% @end
+%%%-------------------------------------------------------------------
+
+-module(emqx_authz_sup).
+
+-behaviour(supervisor).
+
+-export([start_link/0]).
+
+-export([init/1]).
+
+-define(SERVER, ?MODULE).
+
+start_link() ->
+    supervisor:start_link({local, ?SERVER}, ?MODULE, []).
+
+%% sup_flags() = #{strategy => strategy(),         % optional
+%%                 intensity => non_neg_integer(), % optional
+%%                 period => pos_integer()}        % optional
+%% child_spec() = #{id => child_id(),       % mandatory
+%%                  start => mfargs(),      % mandatory
+%%                  restart => restart(),   % optional
+%%                  shutdown => shutdown(), % optional
+%%                  type => worker(),       % optional
+%%                  modules => modules()}   % optional
+init([]) ->
+    SupFlags = #{strategy => one_for_all,
+                 intensity => 0,
+                 period => 1},
+    ChildSpecs = [],
+    {ok, {SupFlags, ChildSpecs}}.
+
+%% internal functions
diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl
new file mode 100644
index 000000000..88e250377
--- /dev/null
+++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl
@@ -0,0 +1,168 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_authz.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    ok = emqx_ct_helpers:start_apps([emqx_authz], fun set_special_configs/1),
+    Config.
+
+end_per_suite(_Config) ->
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
+    emqx_ct_helpers:stop_apps([emqx_authz]).
+
+set_special_configs(emqx) ->
+    application:set_env(emqx, allow_anonymous, true),
+    application:set_env(emqx, enable_acl_cache, false),
+    application:set_env(emqx, acl_nomatch, deny),
+    ok;
+set_special_configs(emqx_authz) ->
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
+    Conf = #{<<"authz">> => #{<<"rules">> => []}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
+-define(RULE1, #{<<"principal">> => all,
+                 <<"topics">> => [<<"#">>],
+                 <<"action">> => all,
+                 <<"permission">> => deny}
+       ).
+-define(RULE2, #{<<"principal">> =>
+                    #{<<"ipaddress">> => <<"127.0.0.1">>},
+                 <<"topics">> =>
+                        [#{<<"eq">> => <<"#">>},
+                         #{<<"eq">> => <<"+">>}
+                        ] ,
+                 <<"action">> => all,
+                 <<"permission">> => allow}
+       ).
+-define(RULE3,#{<<"principal">> => 
+                    #{<<"and">> => [#{<<"username">> => "^test?"},
+                                    #{<<"clientid">> => "^test?"}
+                                   ]},
+                <<"topics">> => [<<"test">>],
+                <<"action">> => publish,
+                <<"permission">> => allow}
+       ).
+-define(RULE4,#{<<"principal">> => 
+                    #{<<"or">> => [#{<<"username">> => <<"^test">>},
+                                   #{<<"clientid">> => <<"test?">>}
+                                  ]},
+                <<"topics">> => [<<"%u">>,<<"%c">>],
+                <<"action">> => publish,
+                <<"permission">> => deny}
+       ).
+
+
+%%------------------------------------------------------------------------------
+%% Testcases
+%%------------------------------------------------------------------------------
+t_compile(_) ->
+    ?assertEqual(#{<<"permission">> => deny,
+                   <<"action">> => all,
+                   <<"principal">> => all,
+                   <<"topics">> => [['#']]
+                  },emqx_authz:compile(?RULE1)),
+    ?assertEqual(#{<<"permission">> => allow,
+                   <<"action">> => all,
+                   <<"principal">> =>
+                        #{<<"ipaddress">> => {{127,0,0,1},{127,0,0,1},32}},
+                   <<"topics">> => [#{<<"eq">> => ['#']},
+                                    #{<<"eq">> => ['+']}]
+                  }, emqx_authz:compile(?RULE2)),
+    ?assertMatch(
+       #{<<"permission">> := allow,
+         <<"action">> := publish,
+         <<"principal">> := 
+                #{<<"and">> := [#{<<"username">> := {re_pattern, _, _, _, _}},
+                                #{<<"clientid">> := {re_pattern, _, _, _, _}}
+                               ]
+                 },
+         <<"topics">> := [[<<"test">>]]
+        }, emqx_authz:compile(?RULE3)),
+    ?assertMatch(
+       #{<<"permission">> := deny,
+         <<"action">> := publish,
+         <<"principal">> :=
+                #{<<"or">> := [#{<<"username">> := {re_pattern, _, _, _, _}},
+                               #{<<"clientid">> := {re_pattern, _, _, _, _}}
+                              ]
+                 },
+              <<"topics">> := [#{<<"pattern">> := [<<"%u">>]},
+                               #{<<"pattern">> := [<<"%c">>]}
+                              ]
+        }, emqx_authz:compile(?RULE4)),
+    ok.
+
+t_authz(_) ->
+    ClientInfo1 = #{clientid => <<"test">>,
+                    username => <<"test">>,
+                    peerhost => {127,0,0,1}
+                   },
+    ClientInfo2 = #{clientid => <<"test">>,
+                    username => <<"test">>,
+                    peerhost => {192,168,0,10}
+                   },
+    ClientInfo3 = #{clientid => <<"test">>,
+                    username => <<"fake">>,
+                    peerhost => {127,0,0,1}
+                   },
+    ClientInfo4 = #{clientid => <<"fake">>,
+                    username => <<"test">>,
+                    peerhost => {127,0,0,1}
+                   },
+
+    Rules1 = [emqx_authz:compile(Rule) || Rule <- [?RULE1, ?RULE2]],
+    Rules2 = [emqx_authz:compile(Rule) || Rule <- [?RULE2, ?RULE1]],
+    Rules3 = [emqx_authz:compile(Rule) || Rule <- [?RULE3, ?RULE4]],
+    Rules4 = [emqx_authz:compile(Rule) || Rule <- [?RULE4, ?RULE1]],
+
+    ?assertEqual(deny,
+        emqx_authz:check_authz(ClientInfo1, subscribe, <<"#">>, deny, [])),
+    ?assertEqual({stop, deny},
+        emqx_authz:check_authz(ClientInfo1, subscribe, <<"+">>, deny, Rules1)),
+    ?assertEqual({stop, allow},
+        emqx_authz:check_authz(ClientInfo1, subscribe, <<"+">>, deny, Rules2)),
+    ?assertEqual({stop, allow},
+        emqx_authz:check_authz(ClientInfo1, publish, <<"test">>, deny, Rules3)),
+    ?assertEqual({stop, deny},
+        emqx_authz:check_authz(ClientInfo1, publish, <<"test">>, deny, Rules4)),
+    ?assertEqual({stop, deny},
+        emqx_authz:check_authz(ClientInfo2, subscribe, <<"#">>, deny, Rules2)),
+    ?assertEqual({stop, deny},
+        emqx_authz:check_authz(ClientInfo3, publish, <<"test">>, deny, Rules3)),
+    ?assertEqual({stop, deny},
+        emqx_authz:check_authz(ClientInfo3, publish, <<"fake">>, deny, Rules4)),
+    ?assertEqual({stop, deny},
+        emqx_authz:check_authz(ClientInfo4, publish, <<"test">>, deny, Rules3)),
+    ?assertEqual({stop, deny},
+        emqx_authz:check_authz(ClientInfo4, publish, <<"fake">>, deny, Rules4)),
+    ok.
diff --git a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
new file mode 100644
index 000000000..4871e0d7f
--- /dev/null
+++ b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
@@ -0,0 +1,130 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_api_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_authz.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+-import(emqx_ct_http, [ request_api/3
+                      , request_api/5
+                      , get_http_data/1
+                      , create_default_app/0
+                      , delete_default_app/0
+                      , default_auth_header/0
+                      ]).
+
+-define(HOST, "http://127.0.0.1:8081/").
+-define(API_VERSION, "v4").
+-define(BASE_PATH, "api").
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    ok = emqx_ct_helpers:start_apps([emqx_authz, emqx_management], fun set_special_configs/1),
+    create_default_app(),
+    Config.
+
+end_per_suite(_Config) ->
+    delete_default_app(),
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
+    emqx_ct_helpers:stop_apps([emqx_authz, emqx_management]).
+
+set_special_configs(emqx) ->
+    application:set_env(emqx, allow_anonymous, true),
+    application:set_env(emqx, enable_acl_cache, false),
+    ok;
+set_special_configs(emqx_authz) ->
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
+    Conf = #{<<"authz">> => #{<<"rules">> => []}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+
+    ok;
+
+set_special_configs(_App) ->
+    ok.
+
+%%------------------------------------------------------------------------------
+%% Testcases
+%%------------------------------------------------------------------------------
+
+t_api(_Config) ->
+    Rule1 = #{<<"principal">> =>
+                    #{<<"and">> => [#{<<"username">> => <<"^test?">>},
+                                    #{<<"clientid">> => <<"^test?">>}
+                                   ]},
+              <<"action">> => <<"subscribe">>,
+              <<"topics">> => [<<"%u">>],
+              <<"permission">> => <<"allow">>
+            },
+    {ok, _} = request_http_rest_add(["authz/push"], #{rules => [Rule1]}),
+    {ok, Result1} = request_http_rest_lookup(["authz"]),
+    ?assertMatch([Rule1 | _ ], get_http_data(Result1)),
+
+    Rule2 = #{<<"principal">> => #{<<"ipaddress">> => <<"127.0.0.1">>},
+              <<"action">> => <<"publish">>,
+              <<"topics">> => [#{<<"eq">> => <<"#">>},
+                               #{<<"eq">> => <<"+">>}
+                              ],
+              <<"permission">> => <<"deny">>
+            },
+    {ok, _} = request_http_rest_add(["authz/append"], #{rules => [Rule2]}),
+    {ok, Result2} = request_http_rest_lookup(["authz"]),
+    ?assertEqual(Rule2#{<<"principal">> => #{<<"ipaddress">> => "127.0.0.1"}},
+                 lists:last(get_http_data(Result2))),
+
+    {ok, _} = request_http_rest_update(["authz"], #{rules => []}),
+    {ok, Result3} = request_http_rest_lookup(["authz"]),
+    ?assertEqual([], get_http_data(Result3)),
+    ok.
+
+%%--------------------------------------------------------------------
+%% HTTP Request
+%%--------------------------------------------------------------------
+
+request_http_rest_list(Path) ->
+    request_api(get, uri(Path), default_auth_header()).
+
+request_http_rest_lookup(Path) ->
+    request_api(get, uri([Path]), default_auth_header()).
+
+request_http_rest_add(Path, Params) ->
+    request_api(post, uri(Path), [], default_auth_header(), Params).
+
+request_http_rest_update(Path, Params) ->
+    request_api(put, uri([Path]), [], default_auth_header(), Params).
+
+request_http_rest_delete(Login) ->
+    request_api(delete, uri([Login]), default_auth_header()).
+
+uri() -> uri([]).
+uri(Parts) when is_list(Parts) ->
+    NParts = [b2l(E) || E <- Parts],
+    ?HOST ++ filename:join([?BASE_PATH, ?API_VERSION | NParts]).
+
+%% @private
+b2l(B) when is_binary(B) ->
+    binary_to_list(B);
+b2l(L) when is_list(L) ->
+    L.
diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
new file mode 100644
index 000000000..4f2148522
--- /dev/null
+++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
@@ -0,0 +1,117 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_mysql_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_authz.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
+    meck:expect(emqx_resource, check_and_create, fun(_, _, _) -> {ok, meck_data} end ),
+    ok = emqx_ct_helpers:start_apps([emqx_authz], fun set_special_configs/1),
+    Config.
+
+end_per_suite(_Config) ->
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
+    emqx_ct_helpers:stop_apps([emqx_authz, emqx_resource]),
+    meck:unload(emqx_resource).
+
+set_special_configs(emqx) ->
+    application:set_env(emqx, allow_anonymous, false),
+    application:set_env(emqx, enable_acl_cache, false),
+    application:set_env(emqx, acl_nomatch, deny),
+    application:set_env(emqx, plugins_loaded_file,
+                        emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
+    ok;
+set_special_configs(emqx_authz) ->
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
+    Conf = #{<<"authz">> =>
+             #{<<"rules">> =>
+               [#{<<"config">> =>#{<<"meck">> => <<"fake">>},
+                  <<"principal">> => all,
+                  <<"sql">> => <<"fake sql">>,
+                  <<"type">> => mysql}
+               ]}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
+-define(COLUMNS, [ <<"ipaddress">>
+                 , <<"username">>
+                 , <<"clientid">>
+                 , <<"action">>
+                 , <<"permission">>
+                 , <<"topic">>
+                 ]).
+-define(RULE1, [[<<"127.0.0.1">>, <<>>, <<>>, <<"all">>, <<"deny">>, <<"#">>]]).
+-define(RULE2, [[<<"127.0.0.1">>, <<>>, <<>>, <<"all">>, <<"allow">>, <<"eq #">>]]).
+-define(RULE3, [[<<>>, <<"^test">>, <<"^test">> ,<<"subscribe">>, <<"allow">>, <<"test/%c">>]]).
+-define(RULE4, [[<<>>, <<"^test">>, <<"^test">> ,<<"publish">>, <<"allow">>, <<"test/%u">>]]).
+
+%%------------------------------------------------------------------------------
+%% Testcases
+%%------------------------------------------------------------------------------
+
+t_authz(_) ->
+    ClientInfo1 = #{clientid => <<"test">>,
+                    username => <<"test">>,
+                    peerhost => {127,0,0,1},
+                    zone => zone
+                   },
+    ClientInfo2 = #{clientid => <<"test_clientid">>,
+                    username => <<"test_username">>,
+                    peerhost => {192,168,0,10},
+                    zone => zone
+                   },
+    ClientInfo3 = #{clientid => <<"test_clientid">>,
+                    username => <<"fake_username">>,
+                    peerhost => {127,0,0,1},
+                    zone => zone
+                   },
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end),
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"#">>)), % nomatch
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end),
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"+">>)),
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end),
+    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)),
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"+">>)),
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end),
+    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo2, publish,   <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_username">>)),
+    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, publish,   <<"test/test_username">>)),
+    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo3, subscribe, <<"test">>)), % nomatch
+    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo3, publish,   <<"test">>)), % nomatch
+    ok.
+
diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
new file mode 100644
index 000000000..dcc820a4c
--- /dev/null
+++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
@@ -0,0 +1,117 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_pgsql_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_authz.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
+    meck:expect(emqx_resource, check_and_create, fun(_, _, _) -> {ok, meck_data} end ),
+    ok = emqx_ct_helpers:start_apps([emqx_authz], fun set_special_configs/1),
+    Config.
+
+end_per_suite(_Config) ->
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
+    emqx_ct_helpers:stop_apps([emqx_authz, emqx_resource]),
+    meck:unload(emqx_resource).
+
+set_special_configs(emqx) ->
+    application:set_env(emqx, allow_anonymous, false),
+    application:set_env(emqx, enable_acl_cache, false),
+    application:set_env(emqx, acl_nomatch, deny),
+    application:set_env(emqx, plugins_loaded_file,
+                        emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
+    ok;
+set_special_configs(emqx_authz) ->
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
+    Conf = #{<<"authz">> =>
+             #{<<"rules">> =>
+               [#{<<"config">> =>#{<<"meck">> => <<"fake">>},
+                  <<"principal">> => all,
+                  <<"sql">> => <<"fake sql">>,
+                  <<"type">> => pgsql}
+               ]}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
+-define(COLUMNS, [ {column, <<"ipaddress">>, meck, meck, meck, meck, meck, meck, meck}
+                 , {column, <<"username">>, meck, meck, meck, meck, meck, meck, meck}
+                 , {column, <<"clientid">>, meck, meck, meck, meck, meck, meck, meck}
+                 , {column, <<"action">>, meck, meck, meck, meck, meck, meck, meck}
+                 , {column, <<"permission">>, meck, meck, meck, meck, meck, meck, meck}
+                 , {column, <<"topic">>, meck, meck, meck, meck, meck, meck, meck}
+                 ]).
+-define(RULE1, [{<<"127.0.0.1">>, <<>>, <<>>, <<"all">>, <<"deny">>, <<"#">>}]).
+-define(RULE2, [{<<"127.0.0.1">>, <<>>, <<>>, <<"all">>, <<"allow">>, <<"eq #">>}]).
+-define(RULE3, [{<<>>, <<"^test">>, <<"^test">> ,<<"subscribe">>, <<"allow">>, <<"test/%c">>}]).
+-define(RULE4, [{<<>>, <<"^test">>, <<"^test">> ,<<"publish">>, <<"allow">>, <<"test/%u">>}]).
+
+%%------------------------------------------------------------------------------
+%% Testcases
+%%------------------------------------------------------------------------------
+
+t_authz(_) ->
+    ClientInfo1 = #{clientid => <<"test">>,
+                    username => <<"test">>,
+                    peerhost => {127,0,0,1},
+                    zone => zone
+                   },
+    ClientInfo2 = #{clientid => <<"test_clientid">>,
+                    username => <<"test_username">>,
+                    peerhost => {192,168,0,10},
+                    zone => zone
+                   },
+    ClientInfo3 = #{clientid => <<"test_clientid">>,
+                    username => <<"fake_username">>,
+                    peerhost => {127,0,0,1},
+                    zone => zone
+                   },
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end),
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"#">>)), % nomatch
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end),
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"+">>)),
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end),
+    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)),
+    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"+">>)),
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end),
+    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo2, publish,   <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_username">>)),
+    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, publish,   <<"test/test_username">>)),
+    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo3, subscribe, <<"test">>)), % nomatch
+    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo3, publish,   <<"test">>)), % nomatch
+    ok.
+
diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
new file mode 100644
index 000000000..e4b49dd5a
--- /dev/null
+++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
@@ -0,0 +1,108 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_redis_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_authz.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
+    meck:expect(emqx_resource, check_and_create, fun(_, _, _) -> {ok, meck_data} end ),
+    ok = emqx_ct_helpers:start_apps([emqx_authz], fun set_special_configs/1),
+    Config.
+
+end_per_suite(_Config) ->
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
+    emqx_ct_helpers:stop_apps([emqx_authz, emqx_resource]),
+    meck:unload(emqx_resource).
+
+set_special_configs(emqx) ->
+    application:set_env(emqx, allow_anonymous, true),
+    application:set_env(emqx, enable_acl_cache, false),
+    application:set_env(emqx, acl_nomatch, deny),
+    application:set_env(emqx, plugins_loaded_file,
+                        emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
+    ok;
+set_special_configs(emqx_authz) ->
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
+    Conf = #{<<"authz">> =>
+             #{<<"rules">> =>
+               [#{<<"config">> =>#{<<"meck">> => <<"fake">>},
+                  <<"principal">> => all,
+                  <<"cmd">> => <<"fake cmd">>,
+                  <<"type">> => redis}
+               ]}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
+-define(RULE1, [<<"test/%u">>, <<"publish">>]).
+-define(RULE2, [<<"test/%c">>, <<"publish">>]).
+-define(RULE3, [<<"#">>, <<"subscribe">>]).
+
+%%------------------------------------------------------------------------------
+%% Testcases
+%%------------------------------------------------------------------------------
+
+t_authz(_) ->
+    ClientInfo = #{clientid => <<"clientid">>,
+                   username => <<"username">>,
+                   peerhost => {127,0,0,1},
+                   zone => zone
+                   },
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, []} end),
+    % nomatch
+    ?assertEqual(deny,
+                 emqx_access_control:check_acl(ClientInfo, subscribe, <<"#">>)),
+    ?assertEqual(deny,
+                 emqx_access_control:check_acl(ClientInfo, publish, <<"#">>)),
+
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE1 ++ ?RULE2} end),
+    % nomatch
+    ?assertEqual(deny,
+        emqx_access_control:check_acl(ClientInfo, subscribe, <<"+">>)),
+    % nomatch
+    ?assertEqual(deny,
+        emqx_access_control:check_acl(ClientInfo, subscribe, <<"test/username">>)),
+
+    ?assertEqual(allow,
+        emqx_access_control:check_acl(ClientInfo, publish, <<"test/clientid">>)),
+    ?assertEqual(allow,
+        emqx_access_control:check_acl(ClientInfo, publish, <<"test/clientid">>)),
+
+    meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE3} end),
+
+    ?assertEqual(allow,
+        emqx_access_control:check_acl(ClientInfo, subscribe, <<"#">>)),
+    % nomatch
+    ?assertEqual(deny,
+        emqx_access_control:check_acl(ClientInfo, publish, <<"#">>)),
+    ok.
+
diff --git a/apps/emqx_management/src/emqx_mgmt_http.erl b/apps/emqx_management/src/emqx_mgmt_http.erl
index da5a75027..b902e486e 100644
--- a/apps/emqx_management/src/emqx_mgmt_http.erl
+++ b/apps/emqx_management/src/emqx_mgmt_http.erl
@@ -84,10 +84,15 @@ listener_name(Proto) ->
     list_to_atom(atom_to_list(Proto) ++ ":management").
 
 http_handlers() ->
+    Apps = [ App || {App, _, _} <- application:which_applications(),
+                    case re:run(atom_to_list(App), "^emqx") of
+                        {match,[{0,4}]} -> true;
+                        _ -> false
+                    end],
     Plugins = lists:map(fun(Plugin) -> Plugin#plugin.name end, emqx_plugins:list()),
-    [{"/api/v4", minirest:handler(#{apps   => Plugins ++ [emqx_modules] -- ?EXCEPT_PLUGIN,
+    [{"/api/v4", minirest:handler(#{apps   => Plugins ++ Apps -- ?EXCEPT_PLUGIN,
                                     except => ?EXCEPT,
-                                    filter => fun filter/1}),
+                                    filter => fun(_) -> true end}),
                  [{authorization, fun authorize_appid/1}]}].
 
 %%--------------------------------------------------------------------
@@ -119,19 +124,6 @@ authorize_appid(Req) ->
          _  -> false
     end.
 
--ifdef(EMQX_ENTERPRISE).
-filter(_) ->
-    true.
--else.
-filter(#{app := emqx_modules}) -> true;
-filter(#{app := App}) ->
-    case emqx_plugins:find_plugin(App) of
-        false -> false;
-        Plugin -> Plugin#plugin.active
-    end.
--endif.
-
-
 format(Port) when is_integer(Port) ->
     io_lib:format("0.0.0.0:~w", [Port]);
 format({Addr, Port}) when is_list(Addr) ->
diff --git a/data/loaded_modules.tmpl b/data/loaded_modules.tmpl
index 25ecbd4bf..f31e47900 100644
--- a/data/loaded_modules.tmpl
+++ b/data/loaded_modules.tmpl
@@ -1,2 +1 @@
-{emqx_mod_acl_internal, true}.
 {emqx_mod_presence, true}.
diff --git a/rebar.config b/rebar.config
index 0c4a11071..d670769c6 100644
--- a/rebar.config
+++ b/rebar.config
@@ -8,7 +8,7 @@
 
 {edoc_opts, [{preprocess,true}]}.
 {erl_opts, [warn_unused_vars,warn_shadow_vars,warn_unused_import,
-            warn_obsolete_guard,compressed,
+            warn_obsolete_guard,compressed, nowarn_unused_import,
             {d, snk_kind, msg}]}.
 
 {xref_checks,[undefined_function_calls,undefined_functions,locals_not_used,
diff --git a/rebar.config.erl b/rebar.config.erl
index fef4c864d..99293ef77 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -249,6 +249,7 @@ relx_apps(ReleaseType) ->
     , {mnesia, load}
     , {ekka, load}
     , {emqx_plugin_libs, load}
+    , emqx_authz
     , observer_cli
     , emqx_http_lib
     , emqx_resource
@@ -386,6 +387,7 @@ emqx_etc_overlay_common() ->
      {"{{base_dir}}/lib/emqx/etc/emqx.conf", "etc/emqx.conf"},
      {"{{base_dir}}/lib/emqx/etc/ssl_dist.conf", "etc/ssl_dist.conf"},
      {"{{base_dir}}/lib/emqx_data_bridge/etc/emqx_data_bridge.conf", "etc/plugins/emqx_data_bridge.conf"},
+     {"{{base_dir}}/lib/emqx_authz/etc/emqx_authz.conf", "etc/plugins/authz.conf"},
      %% TODO: check why it has to end with .paho
      %% and why it is put to etc/plugins dir
      {"{{base_dir}}/lib/emqx/etc/acl.conf.paho", "etc/plugins/acl.conf.paho"}].

From b4d9af0e85c15c54d07088678161699a8076c940 Mon Sep 17 00:00:00 2001
From: turtleDeng <deng@emqx.io>
Date: Wed, 23 Jun 2021 17:12:24 +0800
Subject: [PATCH 094/174] feat(telemetry): Update the configuration file to
 hocon (#5064)

---
 apps/emqx_management/src/emqx_mgmt.erl        | 42 ----------
 apps/emqx_telemetry/etc/emqx_telemetry.conf   | 31 +-------
 .../emqx_telemetry/include/emqx_telemetry.hrl |  5 ++
 .../emqx_telemetry/priv/emqx_telemetry.schema | 17 ----
 .../emqx_telemetry/src/emqx_telemetry.app.src |  2 +-
 .../src/emqx_telemetry.appup.src              | 15 ----
 apps/emqx_telemetry/src/emqx_telemetry.erl    | 77 ++-----------------
 .../emqx_telemetry/src/emqx_telemetry_api.erl | 12 +--
 .../emqx_telemetry/src/emqx_telemetry_app.erl | 14 +++-
 .../src/emqx_telemetry_schema.erl             | 13 ++++
 .../test/emqx_telemetry_SUITE.erl             | 17 ++--
 data/loaded_plugins.tmpl                      |  1 -
 rebar.config.erl                              |  4 +-
 13 files changed, 58 insertions(+), 192 deletions(-)
 create mode 100644 apps/emqx_telemetry/include/emqx_telemetry.hrl
 delete mode 100644 apps/emqx_telemetry/priv/emqx_telemetry.schema
 delete mode 100644 apps/emqx_telemetry/src/emqx_telemetry.appup.src
 create mode 100644 apps/emqx_telemetry/src/emqx_telemetry_schema.erl

diff --git a/apps/emqx_management/src/emqx_mgmt.erl b/apps/emqx_management/src/emqx_mgmt.erl
index bfba34603..ce83b9b71 100644
--- a/apps/emqx_management/src/emqx_mgmt.erl
+++ b/apps/emqx_management/src/emqx_mgmt.erl
@@ -101,16 +101,6 @@
         , delete_banned/1
         ]).
 
--ifndef(EMQX_ENTERPRISE).
-
--export([ enable_telemetry/0
-        , disable_telemetry/0
-        , get_telemetry_status/0
-        , get_telemetry_data/0
-        ]).
-
--endif.
-
 %% Common Table API
 -export([ item/2
         , max_row_limit/0
@@ -498,38 +488,6 @@ create_banned(Banned) ->
 delete_banned(Who) ->
     emqx_banned:delete(Who).
 
-
-
-%%--------------------------------------------------------------------
-%% Telemtry API
-%%--------------------------------------------------------------------
-
--ifndef(EMQX_ENTERPRISE).
-
-enable_telemetry() ->
-    lists:foreach(fun enable_telemetry/1,ekka_mnesia:running_nodes()).
-
-enable_telemetry(Node) when Node =:= node() ->
-    emqx_telemetry:enable();
-enable_telemetry(Node) ->
-    rpc_call(Node, enable_telemetry, [Node]).
-
-disable_telemetry() ->
-    lists:foreach(fun disable_telemetry/1,ekka_mnesia:running_nodes()).
-
-disable_telemetry(Node) when Node =:= node() ->
-    emqx_telemetry:disable();
-disable_telemetry(Node) ->
-    rpc_call(Node, disable_telemetry, [Node]).
-
-get_telemetry_status() ->
-    [{enabled, emqx_telemetry:is_enabled()}].
-
-get_telemetry_data() ->
-    emqx_telemetry:get_telemetry().
-
--endif.
-
 %%--------------------------------------------------------------------
 %% Common Table API
 %%--------------------------------------------------------------------
diff --git a/apps/emqx_telemetry/etc/emqx_telemetry.conf b/apps/emqx_telemetry/etc/emqx_telemetry.conf
index 326ef0508..bbe4a2fd4 100644
--- a/apps/emqx_telemetry/etc/emqx_telemetry.conf
+++ b/apps/emqx_telemetry/etc/emqx_telemetry.conf
@@ -1,28 +1,3 @@
-##--------------------------------------------------------------------
-## Telemetry
-##--------------------------------------------------------------------
-
-## Enable telemetry
-##
-## Value: true | false
-##
-## Default: true
-telemetry.enabled = true
-
-## The destination URL for the telemetry data report
-##
-## Value: String
-##
-## Default: "https://telemetry.emqx.io/api/telemetry"
-telemetry.url = "https://telemetry.emqx.io/api/telemetry"
-
-## Interval for reporting telemetry data
-##
-## Value: Duration
-## -d: day
-## -h: hour
-## -m: minute
-## -s: second
-##
-## Default: 7d
-telemetry.report_interval = 7d
+emqx_telemetry:{
+    enabled: true
+}
diff --git a/apps/emqx_telemetry/include/emqx_telemetry.hrl b/apps/emqx_telemetry/include/emqx_telemetry.hrl
new file mode 100644
index 000000000..334173015
--- /dev/null
+++ b/apps/emqx_telemetry/include/emqx_telemetry.hrl
@@ -0,0 +1,5 @@
+%% The destination URL for the telemetry data report
+-define(TELEMETRY_URL, "https://telemetry.emqx.io/api/telemetry").
+
+%% Interval for reporting telemetry data, Default: 7d
+-define(REPORT_INTERVAR, 604800).
diff --git a/apps/emqx_telemetry/priv/emqx_telemetry.schema b/apps/emqx_telemetry/priv/emqx_telemetry.schema
deleted file mode 100644
index 87f502234..000000000
--- a/apps/emqx_telemetry/priv/emqx_telemetry.schema
+++ /dev/null
@@ -1,17 +0,0 @@
-%%-*- mode: erlang -*-
-%% Retainer config mapping
-
-{mapping, "telemetry.enabled", "emqx_telemetry.enabled", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "telemetry.url", "emqx_telemetry.url", [
-  {default, "https://telemetry.emqx.io/api/telemetry"},
-  {datatype, string}
-]}.
-
-{mapping, "telemetry.report_interval", "emqx_telemetry.report_interval", [
-  {default, "7d"},
-  {datatype, {duration, s}}
-]}.
\ No newline at end of file
diff --git a/apps/emqx_telemetry/src/emqx_telemetry.app.src b/apps/emqx_telemetry/src/emqx_telemetry.app.src
index e65678c37..0f6bee95c 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry.app.src
+++ b/apps/emqx_telemetry/src/emqx_telemetry.app.src
@@ -1,6 +1,6 @@
 {application, emqx_telemetry,
  [{description, "EMQ X Telemetry"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
+  {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_telemetry_sup]},
   {applications, [kernel,stdlib]},
diff --git a/apps/emqx_telemetry/src/emqx_telemetry.appup.src b/apps/emqx_telemetry/src/emqx_telemetry.appup.src
deleted file mode 100644
index 27998f0d5..000000000
--- a/apps/emqx_telemetry/src/emqx_telemetry.appup.src
+++ /dev/null
@@ -1,15 +0,0 @@
-%% -*- mode: erlang -*-
-{VSN,
- [
-   {"4.3.0", [
-     {load_module, emqx_telemetry, brutal_purge, soft_purge, []}
-   ]},
-   {<<".*">>, []}
- ],
- [
-   {"4.3.0", [
-     {load_module, emqx_telemetry, brutal_purge, soft_purge, []}
-   ]},
-   {<<".*">>, []}
- ]
-}.
diff --git a/apps/emqx_telemetry/src/emqx_telemetry.erl b/apps/emqx_telemetry/src/emqx_telemetry.erl
index 3e8d3ffd3..ea4017dc9 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry.erl
+++ b/apps/emqx_telemetry/src/emqx_telemetry.erl
@@ -24,7 +24,7 @@
 -include_lib("kernel/include/file.hrl").
 -include_lib("snabbkaffe/include/snabbkaffe.hrl").
 
--logger_header("[Telemetry]").
+-include("emqx_telemetry.hrl").
 
 %% Mnesia bootstrap
 -export([mnesia/1]).
@@ -82,7 +82,7 @@
           timer = undefined :: undefined | reference()
         }).
 
-%% The count of 100-nanosecond intervals between the UUID epoch 
+%% The count of 100-nanosecond intervals between the UUID epoch
 %% 1582-10-15 00:00:00 and the UNIX epoch 1970-01-01 00:00:00.
 -define(GREGORIAN_EPOCH_OFFSET, 16#01b21dd213814000).
 
@@ -140,16 +140,11 @@ get_telemetry() ->
 %% is very small, it should be safe to ignore.
 -dialyzer([{nowarn_function, [init/1]}]).
 init([Opts]) ->
-    State = #state{url = get_value(url, Opts),
-                   report_interval = timer:seconds(get_value(report_interval, Opts))},
+    State = #state{url = ?TELEMETRY_URL,
+                   report_interval = timer:seconds(?REPORT_INTERVAR)},
     NState = case mnesia:dirty_read(?TELEMETRY, ?UNIQUE_ID) of
                  [] ->
-                     Enabled = case search_telemetry_enabled() of
-                                   {error, not_found} ->
-                                       get_value(enabled, Opts);
-                                   {M, F} ->
-                                       erlang:apply(M, F, [])
-                               end,
+                     Enabled = proplists:get_value(enabled, Opts, true),
                      UUID = generate_uuid(),
                      mnesia:dirty_write(?TELEMETRY, #telemetry{id = ?UNIQUE_ID,
                                                                uuid = UUID,
@@ -237,14 +232,6 @@ official_version(Version) ->
 ensure_report_timer(State = #state{report_interval = ReportInterval}) ->
     State#state{timer = emqx_misc:start_timer(ReportInterval, time_to_report_telemetry_data)}.
 
-license() ->
-    case search_telemetry_license() of
-        {error, not_found} ->
-            [{edition, <<"community">>}];
-        {M, F} ->
-            erlang:apply(M, F, [])
-    end.
-
 os_info() ->
     case erlang:system_info(os_type) of
         {unix,darwin} ->
@@ -348,7 +335,7 @@ generate_uuid() ->
 get_telemetry(#state{uuid = UUID}) ->
     OSInfo = os_info(),
     [{emqx_version, bin(emqx_app:get_release())},
-     {license, license()},
+     {license, [{edition, <<"community">>}]},
      {os_name, bin(get_value(os_name, OSInfo))},
      {os_version, bin(get_value(os_version, OSInfo))},
      {otp_version, bin(otp_version())},
@@ -375,58 +362,6 @@ report_telemetry(State = #state{url = URL}) ->
 httpc_request(Method, URL, Headers, Body) ->
     httpc:request(Method, {URL, Headers, "application/json", Body}, [], []).
 
-ignore_lib_apps(Apps) ->
-    LibApps = [kernel, stdlib, sasl, appmon, eldap, erts,
-               syntax_tools, ssl, crypto, mnesia, os_mon,
-               inets, goldrush, gproc, runtime_tools,
-               snmp, otp_mibs, public_key, asn1, ssh, hipe,
-               common_test, observer, webtool, xmerl, tools,
-               test_server, compiler, debugger, eunit, et,
-               wx],
-    [AppName || {AppName, _, _} <- Apps, not lists:member(AppName, LibApps)].
-
-search_telemetry_license() ->
-    search_function(telemetry_license).
-
-search_telemetry_enabled() ->
-    search_function(telemetry_enabled).
-
-search_function(Name) ->
-    case search_attrs(Name) of
-        [] ->
-            {error, not_found};
-        Callbacks ->
-            case lists:filter(fun({M, F}) ->
-                                  erlang:function_exported(M, F, 0)
-                              end, Callbacks) of
-                [] -> {error, not_found};
-                [{M, F} | _] -> {M, F}
-            end
-    end.
-
-search_attrs(Name) ->
-    Apps = ignore_lib_apps(application:loaded_applications()),
-    search_attrs(Name, Apps).
-
-search_attrs(Name, Apps) ->
-    lists:foldl(fun(App, Acc) ->
-                    {ok, Modules} = application:get_key(App, modules),
-                    Attrs = lists:foldl(fun(Module, Acc0) ->
-                                                case proplists:get_value(Name, module_attributes(Module), undefined) of
-                                                    undefined -> Acc0;
-                                                    Attrs0 -> Acc0 ++ Attrs0
-                                                end
-                                            end, [], Modules),
-                    Acc ++ Attrs
-                end, [], Apps).
-
-module_attributes(Module) ->
-    try Module:module_info(attributes)
-    catch
-        error:undef -> [];
-        error:Reason -> error(Reason)
-    end.
-
 bin(L) when is_list(L) ->
     list_to_binary(L);
 bin(B) when is_binary(B) ->
diff --git a/apps/emqx_telemetry/src/emqx_telemetry_api.erl b/apps/emqx_telemetry/src/emqx_telemetry_api.erl
index a6e4f220a..8bb97086e 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry_api.erl
+++ b/apps/emqx_telemetry/src/emqx_telemetry_api.erl
@@ -51,15 +51,15 @@
 %%--------------------------------------------------------------------
 
 cli(["enable"]) ->
-    emqx_mgmt:enable_telemetry(),
+    enable_telemetry(),
     emqx_ctl:print("Enable telemetry successfully~n");
 
 cli(["disable"]) ->
-    emqx_mgmt:disable_telemetry(),
+    disable_telemetry(),
     emqx_ctl:print("Disable telemetry successfully~n");
 
 cli(["get", "status"]) ->
-    case emqx_mgmt:get_telemetry_status() of
+    case get_telemetry_status() of
         [{enabled, true}] ->
             emqx_ctl:print("Telemetry is enabled~n");
         [{enabled, false}] ->
@@ -67,7 +67,7 @@ cli(["get", "status"]) ->
     end;
 
 cli(["get", "data"]) ->
-    {ok, TelemetryData} = emqx_mgmt:get_telemetry_data(),
+    {ok, TelemetryData} = get_telemetry_data(),
     case emqx_json:safe_encode(TelemetryData, [pretty]) of
         {ok, Bin} ->
             emqx_ctl:print("~s~n", [Bin]);
@@ -97,7 +97,7 @@ enable(_Bindings, Params) ->
     end.
 
 get_status(_Bindings, _Params) ->
-    return(get_telemetry_status()).
+    return({ok, get_telemetry_status()}).
 
 get_data(_Bindings, _Params) ->
     return(get_telemetry_data()).
@@ -119,7 +119,7 @@ disable_telemetry(Node) ->
     rpc_call(Node, ?MODULE, disable_telemetry, [Node]).
 
 get_telemetry_status() ->
-    {ok, [{enabled, emqx_telemetry:is_enabled()}]}.
+    [{enabled, emqx_telemetry:is_enabled()}].
 
 get_telemetry_data() ->
     emqx_telemetry:get_telemetry().
diff --git a/apps/emqx_telemetry/src/emqx_telemetry_app.erl b/apps/emqx_telemetry/src/emqx_telemetry_app.erl
index 5effededa..8a5b34627 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry_app.erl
+++ b/apps/emqx_telemetry/src/emqx_telemetry_app.erl
@@ -18,16 +18,22 @@
 
 -behaviour(application).
 
--emqx_plugin(?MODULE).
+-define(APP, emqx_telemetry).
 
 -export([ start/2
         , stop/1
         ]).
 
 start(_Type, _Args) ->
-    emqx_ctl:register_command(telemetry, {emqx_telemetry_api, cli}),
-    Env = application:get_all_env(emqx_telemetry),
-    emqx_telemetry_sup:start_link(Env).
+    %% TODO
+    %% After the relevant code for building hocon configuration will be deleted
+    %% Get the configuration using emqx_config:get
+    ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?APP]) ++ ".conf",
+    {ok, RawConfig} = hocon:load(ConfFile),
+    Config = hocon_schema:check_plain(emqx_telemetry_schema, RawConfig, #{atom_key => true}),
+    emqx_config_handler:update_config(emqx_config_handler, Config),
+    Enabled = emqx_config:get([?APP, enabled], true),
+    emqx_telemetry_sup:start_link([{enabled, Enabled}]).
 
 stop(_State) ->
     emqx_ctl:unregister_command(telemetry),
diff --git a/apps/emqx_telemetry/src/emqx_telemetry_schema.erl b/apps/emqx_telemetry/src/emqx_telemetry_schema.erl
new file mode 100644
index 000000000..1a60ac946
--- /dev/null
+++ b/apps/emqx_telemetry/src/emqx_telemetry_schema.erl
@@ -0,0 +1,13 @@
+-module(emqx_telemetry_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+        , fields/1]).
+
+structs() -> ["emqx_telemetry"].
+
+fields("emqx_telemetry") ->
+    [{enabled, emqx_schema:t(boolean(), undefined, false)}].
diff --git a/apps/emqx_telemetry/test/emqx_telemetry_SUITE.erl b/apps/emqx_telemetry/test/emqx_telemetry_SUITE.erl
index 9431cd325..39dcbf68c 100644
--- a/apps/emqx_telemetry/test/emqx_telemetry_SUITE.erl
+++ b/apps/emqx_telemetry/test/emqx_telemetry_SUITE.erl
@@ -29,11 +29,20 @@ all() -> emqx_ct:all(?MODULE).
 
 init_per_testcase(_, Config) ->
     emqx_ct_helpers:boot_modules(all),
-    emqx_ct_helpers:start_apps([emqx_modules, emqx_telemetry]),
+    emqx_ct_helpers:start_apps([emqx_telemetry], fun set_special_configs/1),
     Config.
 
 end_per_testcase(_, _Config) ->
-    emqx_ct_helpers:stop_apps([emqx_telemetry, emqx_modules]).
+    emqx_ct_helpers:stop_apps([emqx_telemetry]).
+
+set_special_configs(emqx_telemetry) ->
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_telemetry, "test")),
+    Conf = #{<<"emqx_telemetry">> => #{<<"enabled">> => true}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_telemetry.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
 
 t_uuid(_) ->
     UUID = emqx_telemetry:generate_uuid(),
@@ -41,9 +50,7 @@ t_uuid(_) ->
     ?assertEqual(5, length(Parts)),
     {ok, UUID2} = emqx_telemetry:get_uuid(),
     emqx_telemetry:stop(),
-    emqx_telemetry:start_link([{enabled, true},
-                               {url, "https://telemetry.emqx.io/api/telemetry"},
-                               {report_interval, 7 * 24 * 60 * 60}]),
+    emqx_telemetry:start_link([{enabled, true}]),
     {ok, UUID3} = emqx_telemetry:get_uuid(),
     ?assertEqual(UUID2, UUID3).
 
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
index d0dac7fe1..5922f6dc5 100644
--- a/data/loaded_plugins.tmpl
+++ b/data/loaded_plugins.tmpl
@@ -3,6 +3,5 @@
 {emqx_modules, {{enable_plugin_emqx_modules}}}.
 {emqx_recon, {{enable_plugin_emqx_recon}}}.
 {emqx_retainer, {{enable_plugin_emqx_retainer}}}.
-{emqx_telemetry, {{enable_plugin_emqx_telemetry}}}.
 {emqx_rule_engine, {{enable_plugin_emqx_rule_engine}}}.
 {emqx_bridge_mqtt, {{enable_plugin_emqx_bridge_mqtt}}}.
diff --git a/rebar.config.erl b/rebar.config.erl
index 99293ef77..3b44f6956 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -196,7 +196,6 @@ overlay_vars_rel(RelType) ->
     , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
     , {enable_plugin_emqx_recon, true}
     , {enable_plugin_emqx_retainer, true}
-    , {enable_plugin_emqx_telemetry, true}
     , {vm_args_file, VmArgs}
     ].
 
@@ -256,6 +255,7 @@ relx_apps(ReleaseType) ->
     , emqx_connector
     , emqx_data_bridge
     ]
+    ++ [emqx_telemetry || not is_enterprise()]
     ++ [emqx_modules || not is_enterprise()]
     ++ [emqx_license || is_enterprise()]
     ++ [bcrypt || provide_bcrypt_release(ReleaseType)]
@@ -296,7 +296,6 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_sasl
     , emqx_statsd
     ]
-    ++ [emqx_telemetry || not is_enterprise()]
     ++ relx_plugin_apps_per_rel(ReleaseType)
     ++ relx_plugin_apps_enterprise(is_enterprise())
     ++ relx_plugin_apps_extra().
@@ -387,6 +386,7 @@ emqx_etc_overlay_common() ->
      {"{{base_dir}}/lib/emqx/etc/emqx.conf", "etc/emqx.conf"},
      {"{{base_dir}}/lib/emqx/etc/ssl_dist.conf", "etc/ssl_dist.conf"},
      {"{{base_dir}}/lib/emqx_data_bridge/etc/emqx_data_bridge.conf", "etc/plugins/emqx_data_bridge.conf"},
+     {"{{base_dir}}/lib/emqx_telemetry/etc/emqx_telemetry.conf", "etc/plugins/emqx_telemetry.conf"},
      {"{{base_dir}}/lib/emqx_authz/etc/emqx_authz.conf", "etc/plugins/authz.conf"},
      %% TODO: check why it has to end with .paho
      %% and why it is put to etc/plugins dir

From 198e3c03e0ca90b5cf0c39cbf5701fa0d90fe8ff Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 21 Jun 2021 17:18:50 +0200
Subject: [PATCH 095/174] feat(emqx_management): mqtt_app shard

---
 apps/emqx/rebar.config                        |  2 +-
 apps/emqx_management/include/emqx_mgmt.hrl    |  4 +++-
 apps/emqx_management/src/emqx_mgmt_app.erl    |  3 +++
 apps/emqx_management/src/emqx_mgmt_auth.erl   | 24 ++++++++++++-------
 .../test/emqx_auth_mnesia_migration_SUITE.erl |  3 ++-
 apps/emqx_management/test/emqx_mgmt_SUITE.erl |  1 +
 rebar.config                                  |  3 ++-
 7 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config
index b5065dc3a..5d48e06a3 100644
--- a/apps/emqx/rebar.config
+++ b/apps/emqx/rebar.config
@@ -13,7 +13,7 @@
     , {jiffy, {git, "https://github.com/emqx/jiffy", {tag, "1.0.5"}}}
     , {cowboy, {git, "https://github.com/emqx/cowboy", {tag, "2.8.2"}}}
     , {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.8.0"}}}
-    , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.10.1"}}}
+    , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.10.2"}}}
     , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.1"}}}
     , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v4.0.1"}}} %% todo delete when plugins use hocon
     , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.7.0"}}}
diff --git a/apps/emqx_management/include/emqx_mgmt.hrl b/apps/emqx_management/include/emqx_mgmt.hrl
index 6d510ed0c..b952332c5 100644
--- a/apps/emqx_management/include/emqx_mgmt.hrl
+++ b/apps/emqx_management/include/emqx_mgmt.hrl
@@ -32,4 +32,6 @@
 -define(ERROR14, 114). %% OldPassword error
 -define(ERROR15, 115). %% bad topic
 
--define(VERSIONS, ["4.0", "4.1", "4.2", "4.3"]).
\ No newline at end of file
+-define(VERSIONS, ["4.0", "4.1", "4.2", "4.3"]).
+
+-define(MANAGEMENT_SHARD, emqx_management_shard).
diff --git a/apps/emqx_management/src/emqx_mgmt_app.erl b/apps/emqx_management/src/emqx_mgmt_app.erl
index 33d5b2d0e..824e218f2 100644
--- a/apps/emqx_management/src/emqx_mgmt_app.erl
+++ b/apps/emqx_management/src/emqx_mgmt_app.erl
@@ -24,8 +24,11 @@
         , stop/1
         ]).
 
+-include("emqx_mgmt.hrl").
+
 start(_Type, _Args) ->
     {ok, Sup} = emqx_mgmt_sup:start_link(),
+    ok = ekka_rlog:wait_for_shards([?MANAGEMENT_SHARD], infinity),
     _ = emqx_mgmt_auth:add_default_app(),
     emqx_mgmt_http:start_listeners(),
     emqx_mgmt_cli:load(),
diff --git a/apps/emqx_management/src/emqx_mgmt_auth.erl b/apps/emqx_management/src/emqx_mgmt_auth.erl
index c05cbf581..3998f6006 100644
--- a/apps/emqx_management/src/emqx_mgmt_auth.erl
+++ b/apps/emqx_management/src/emqx_mgmt_auth.erl
@@ -46,6 +46,10 @@
 
 -type(appsecret() :: binary()).
 
+-include("emqx_mgmt.hrl").
+
+-rlog_shard({?MANAGEMENT_SHARD, mqtt_app}).
+
 %%--------------------------------------------------------------------
 %% Mnesia Bootstrap
 %%--------------------------------------------------------------------
@@ -102,7 +106,7 @@ add_app(AppId, Name, Secret, Desc, Status, Expired) when is_binary(AppId) ->
                      _  -> mnesia:abort(alread_existed)
                  end
              end,
-    case mnesia:transaction(AddFun) of
+    case ekka_mnesia:transaction(?MANAGEMENT_SHARD, AddFun) of
         {atomic, ok} -> {ok, Secret1};
         {aborted, Reason} -> {error, Reason}
     end.
@@ -116,7 +120,7 @@ force_add_app(AppId, Name, Secret, Desc, Status, Expired) ->
                                         status = Status,
                                         expired = Expired})
              end,
-    case mnesia:transaction(AddFun) of
+    case ekka_mnesia:transaction(?MANAGEMENT_SHARD, AddFun) of
         {atomic, ok} -> ok;
         {aborted, Reason} -> {error, Reason}
     end.
@@ -154,7 +158,8 @@ lookup_app(AppId) when is_binary(AppId) ->
 update_app(AppId, Status) ->
     case mnesia:dirty_read(mqtt_app, AppId) of
         [App = #mqtt_app{}] ->
-            case mnesia:transaction(fun() -> mnesia:write(App#mqtt_app{status = Status}) end) of
+            Fun = fun() -> mnesia:write(App#mqtt_app{status = Status}) end,
+            case ekka_mnesia:transaction(?MANAGEMENT_SHARD, Fun) of
                 {atomic, ok} -> ok;
                 {aborted, Reason} -> {error, Reason}
             end;
@@ -166,10 +171,12 @@ update_app(AppId, Status) ->
 update_app(AppId, Name, Desc, Status, Expired) ->
     case mnesia:dirty_read(mqtt_app, AppId) of
         [App = #mqtt_app{}] ->
-            case mnesia:transaction(fun() -> mnesia:write(App#mqtt_app{name = Name,
-                                                                       desc = Desc,
-                                                                       status = Status,
-                                                                       expired = Expired}) end) of
+            case ekka_mnesia:transaction(
+                   ?MANAGEMENT_SHARD,
+                   fun() -> mnesia:write(App#mqtt_app{name = Name,
+                                                      desc = Desc,
+                                                      status = Status,
+                                                      expired = Expired}) end) of
                 {atomic, ok} -> ok;
                 {aborted, Reason} -> {error, Reason}
             end;
@@ -179,7 +186,7 @@ update_app(AppId, Name, Desc, Status, Expired) ->
 
 -spec(del_app(appid()) -> ok | {error, term()}).
 del_app(AppId) when is_binary(AppId) ->
-    case mnesia:transaction(fun mnesia:delete/1, [{mqtt_app, AppId}]) of
+    case ekka_mnesia:transaction(?MANAGEMENT_SHARD, fun mnesia:delete/1, [{mqtt_app, AppId}]) of
         {atomic, Ok} -> Ok;
         {aborted, Reason} -> {error, Reason}
     end.
@@ -207,4 +214,3 @@ is_authorized(AppId, AppSecret) ->
 
 is_expired(undefined) -> true;
 is_expired(Expired)   -> Expired >= erlang:system_time(second).
-
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl
index 838529f03..7c249b66b 100644
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl
+++ b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl
@@ -40,6 +40,7 @@ cases() ->
 
 init_per_suite(Config) ->
     emqx_ct_helpers:start_apps([emqx_management, emqx_dashboard, emqx_auth_mnesia]),
+    application:set_env(ekka, strict_mode, true),
     ekka_mnesia:start(),
     emqx_mgmt_auth:mnesia(boot),
     Config.
@@ -172,4 +173,4 @@ test_import(clientid, {ClientID, Password}) ->
     Req = #{clientid => ClientID,
             password => Password},
     ?assertMatch({stop, #{auth_result := success}},
-                 emqx_auth_mnesia:check(Req, #{}, #{hash_type => sha256})).
\ No newline at end of file
+                 emqx_auth_mnesia:check(Req, #{}, #{hash_type => sha256})).
diff --git a/apps/emqx_management/test/emqx_mgmt_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
index 6bac9b4c7..6826e050b 100644
--- a/apps/emqx_management/test/emqx_mgmt_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
@@ -56,6 +56,7 @@ apps() ->
     [emqx_management, emqx_auth_mnesia, emqx_modules].
 
 init_per_suite(Config) ->
+    application:set_env(ekka, strict_mode, true),
     ekka_mnesia:start(),
     emqx_mgmt_auth:mnesia(boot),
     emqx_ct_helpers:start_apps(apps()),
diff --git a/rebar.config b/rebar.config
index d670769c6..6bf220ac4 100644
--- a/rebar.config
+++ b/rebar.config
@@ -1,3 +1,4 @@
+%% -*- mode:erlang -*-
 %% This config file is the very basic config to compile emqx
 %% This allows emqx to be used as a dependency for other applications
 %% such as emqx module/plugin develpments and tests.
@@ -39,7 +40,7 @@
     , {jiffy, {git, "https://github.com/emqx/jiffy", {tag, "1.0.5"}}}
     , {cowboy, {git, "https://github.com/emqx/cowboy", {tag, "2.8.2"}}}
     , {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.8.0"}}}
-    , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.10.1"}}}
+    , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.10.2"}}}
     , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.1"}}}
     , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v4.0.1"}}} % TODO: delete when all apps moved to hocon
     , {minirest, {git, "https://github.com/emqx/minirest", {tag, "0.3.6"}}}

From b88c71b4819e8556db8495d3ffe16ac7c33359d3 Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 21 Jun 2021 17:41:06 +0200
Subject: [PATCH 096/174] feat(dashboard): Introduce dashboard RLOG shard

---
 apps/emqx_dashboard/include/emqx_dashboard.hrl    |  2 ++
 apps/emqx_dashboard/src/emqx_dashboard_admin.erl  | 13 +++++++------
 apps/emqx_dashboard/src/emqx_dashboard_app.erl    |  3 +++
 apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl |  3 +--
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/apps/emqx_dashboard/include/emqx_dashboard.hrl b/apps/emqx_dashboard/include/emqx_dashboard.hrl
index 6cb759c9b..891a723f7 100644
--- a/apps/emqx_dashboard/include/emqx_dashboard.hrl
+++ b/apps/emqx_dashboard/include/emqx_dashboard.hrl
@@ -19,3 +19,5 @@
 -type(mqtt_admin() :: #mqtt_admin{}).
 
 -define(EMPTY_KEY(Key), ((Key == undefined) orelse (Key == <<>>))).
+
+-define(DASHBOARD_SHARD, emqx_dashboard_shard).
diff --git a/apps/emqx_dashboard/src/emqx_dashboard_admin.erl b/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
index c70308744..202914982 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_admin.erl
@@ -22,6 +22,8 @@
 
 -include("emqx_dashboard.hrl").
 
+-rlog_shard({?DASHBOARD_SHARD, mqtt_admin}).
+
 -boot_mnesia({mnesia, [boot]}).
 -copy_mnesia({mnesia, [copy]}).
 
@@ -78,7 +80,7 @@ start_link() ->
 -spec(add_user(binary(), binary(), binary()) -> ok | {error, any()}).
 add_user(Username, Password, Tags) when is_binary(Username), is_binary(Password) ->
     Admin = #mqtt_admin{username = Username, password = hash(Password), tags = Tags},
-    return(mnesia:transaction(fun add_user_/1, [Admin])).
+    return(ekka_mnesia:transaction(?DASHBOARD_SHARD, fun add_user_/1, [Admin])).
 
 force_add_user(Username, Password, Tags) ->
     AddFun = fun() ->
@@ -86,7 +88,7 @@ force_add_user(Username, Password, Tags) ->
                                           password = Password,
                                           tags = Tags})
              end,
-    case mnesia:transaction(AddFun) of
+    case ekka_mnesia:transaction(?DASHBOARD_SHARD, AddFun) of
         {atomic, ok} -> ok;
         {aborted, Reason} -> {error, Reason}
     end.
@@ -108,11 +110,11 @@ remove_user(Username) when is_binary(Username) ->
                     end,
                     mnesia:delete({mqtt_admin, Username})
             end,
-    return(mnesia:transaction(Trans)).
+    return(ekka_mnesia:transaction(?DASHBOARD_SHARD, Trans)).
 
 -spec(update_user(binary(), binary()) -> ok | {error, term()}).
 update_user(Username, Tags) when is_binary(Username) ->
-    return(mnesia:transaction(fun update_user_/2, [Username, Tags])).
+    return(ekka_mnesia:transaction(?DASHBOARD_SHARD, fun update_user_/2, [Username, Tags])).
 
 %% @private
 update_user_(Username, Tags) ->
@@ -145,7 +147,7 @@ update_pwd(Username, Fun) ->
                     end,
                     mnesia:write(Fun(User))
             end,
-    return(mnesia:transaction(Trans)).
+    return(ekka_mnesia:transaction(?DASHBOARD_SHARD, Trans)).
 
 
 -spec(lookup_user(binary()) -> [mqtt_admin()]).
@@ -225,4 +227,3 @@ add_default_user(Username, Password) ->
         [] -> add_user(Username, Password, <<"administrator">>);
         _  -> ok
     end.
-
diff --git a/apps/emqx_dashboard/src/emqx_dashboard_app.erl b/apps/emqx_dashboard/src/emqx_dashboard_app.erl
index 12a829490..c966ef5fe 100644
--- a/apps/emqx_dashboard/src/emqx_dashboard_app.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_app.erl
@@ -24,8 +24,11 @@
         , stop/1
         ]).
 
+-include("emqx_dashboard.hrl").
+
 start(_StartType, _StartArgs) ->
     {ok, Sup} = emqx_dashboard_sup:start_link(),
+    ok = ekka_rlog:wait_for_shards([?DASHBOARD_SHARD], infinity),
     emqx_dashboard:start_listeners(),
     emqx_dashboard_cli:load(),
     {ok, Sup}.
diff --git a/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl b/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
index 4a8ca7311..be77d474b 100644
--- a/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
+++ b/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
@@ -99,7 +99,7 @@ t_rest_api(_Config) ->
     ok.
 
 t_cli(_Config) ->
-    [mnesia:dirty_delete({mqtt_admin, Admin}) ||  Admin <- mnesia:dirty_all_keys(mqtt_admin)],
+    [ekka_mnesia:dirty_delete(mqtt_admin, Admin) ||  Admin <- mnesia:dirty_all_keys(mqtt_admin)],
     emqx_dashboard_cli:admins(["add", "username", "password"]),
     [{mqtt_admin, <<"username">>, <<Salt:4/binary, Hash/binary>>, _}] =
         emqx_dashboard_admin:lookup_user(<<"username">>),
@@ -160,4 +160,3 @@ api_path(Path) ->
 
 json(Data) ->
     {ok, Jsx} = emqx_json:safe_decode(Data, [return_maps]), Jsx.
-

From 44412549abe084cfdb2cce76763592eedd9a61dd Mon Sep 17 00:00:00 2001
From: DDDHuang <44492639+DDDHuang@users.noreply.github.com>
Date: Fri, 25 Jun 2021 09:18:52 +0800
Subject: [PATCH 097/174] fix: statsd hocon schema & add test suit (#5060)

---
 apps/emqx_statsd/etc/emqx_statsd.conf       |  4 +--
 apps/emqx_statsd/include/emqx_statsd.hrl    |  6 ++---
 apps/emqx_statsd/src/emqx_statsd_schema.erl | 22 ++++++++++------
 apps/emqx_statsd/src/emqx_statsd_sup.erl    | 17 +++++-------
 apps/emqx_statsd/test/emqx_statsd_SUITE.erl | 29 +++++++++++++++++++++
 5 files changed, 54 insertions(+), 24 deletions(-)
 create mode 100644 apps/emqx_statsd/test/emqx_statsd_SUITE.erl

diff --git a/apps/emqx_statsd/etc/emqx_statsd.conf b/apps/emqx_statsd/etc/emqx_statsd.conf
index c714bbb2e..a2daa5521 100644
--- a/apps/emqx_statsd/etc/emqx_statsd.conf
+++ b/apps/emqx_statsd/etc/emqx_statsd.conf
@@ -3,8 +3,8 @@
  ##--------------------------------------------------------------------
 
 emqx_statsd:{
-    # statsd server
-    server: "127.0.0.1:8125"
+    host: "127.0.0.1"
+    port: 8125
     batch_size: 10
     prefix: "emqx"
     tags: {"from": "emqx"}
diff --git a/apps/emqx_statsd/include/emqx_statsd.hrl b/apps/emqx_statsd/include/emqx_statsd.hrl
index 68f94487a..d88dbccbd 100644
--- a/apps/emqx_statsd/include/emqx_statsd.hrl
+++ b/apps/emqx_statsd/include/emqx_statsd.hrl
@@ -3,7 +3,7 @@
 -define(DEFAULT_HOST, {127, 0, 0, 1}).
 -define(DEFAULT_PORT, 8125).
 -define(DEFAULT_PREFIX, undefined).
--define(DEFAULT_TAGS, []).
+-define(DEFAULT_TAGS, #{}).
 -define(DEFAULT_BATCH_SIZE, 10).
--define(DEFAULT_SAMPLE_TIME_INTERVAL, 10000).
--define(DEFAULT_FLUSH_TIME_INTERVAL, 10000).
\ No newline at end of file
+-define(DEFAULT_SAMPLE_TIME_INTERVAL, 10).
+-define(DEFAULT_FLUSH_TIME_INTERVAL, 10).
\ No newline at end of file
diff --git a/apps/emqx_statsd/src/emqx_statsd_schema.erl b/apps/emqx_statsd/src/emqx_statsd_schema.erl
index fc45b41fc..5600739e7 100644
--- a/apps/emqx_statsd/src/emqx_statsd_schema.erl
+++ b/apps/emqx_statsd/src/emqx_statsd_schema.erl
@@ -10,29 +10,35 @@
 structs() -> ["emqx_statsd"].
 
 fields("emqx_statsd") ->
-    [ {server, fun server/1}
+    [ {host, fun host/1}
+    , {port, fun port/1}
     , {prefix, fun prefix/1}
     , {tags, map()}
     , {batch_size, fun batch_size/1}
     , {sample_time_interval, fun duration_s/1}
     , {flush_time_interval,  fun duration_s/1}].
 
-server(type) -> string();
-server(default) -> "192.168.1.1:8125";
-server(not_nullable) -> true;
-server(_) -> undefined.
+host(type) -> string();
+host(default) -> "127.0.0.1";
+host(nullable) -> false;
+host(_) -> undefined.
+
+port(type) -> integer();
+port(default) -> 8125;
+port(nullable) -> true;
+port(_) -> undefined.
 
 prefix(type) -> string();
 prefix(default) -> "emqx";
-prefix(not_nullable) -> false;
+prefix(nullable) -> true;
 prefix(_) -> undefined.
 
 batch_size(type) -> integer();
-batch_size(not_nullable) -> true;
+batch_size(nullable) -> false;
 batch_size(default) -> 10;
 batch_size(_) -> undefined.
 
 duration_s(type) -> emqx_schema:duration_s();
-duration_s(not_nullable) -> true;
+duration_s(nullable) -> false;
 duration_s(default) -> "10s";
 duration_s(_) -> undefined.
diff --git a/apps/emqx_statsd/src/emqx_statsd_sup.erl b/apps/emqx_statsd/src/emqx_statsd_sup.erl
index 91356f00f..e33ea5493 100644
--- a/apps/emqx_statsd/src/emqx_statsd_sup.erl
+++ b/apps/emqx_statsd/src/emqx_statsd_sup.erl
@@ -15,6 +15,8 @@
 
 -export([init/1]).
 
+-export([estatsd_options/0]).
+
  start_link() ->
      supervisor:start_link({local, ?MODULE}, ?MODULE, []).
 
@@ -39,20 +41,13 @@ estatsd_child_spec() ->
     , modules  => [estatsd]}.
 
 estatsd_options() ->
-    Server = get_conf(server, {?DEFAULT_HOST, ?DEFAULT_PORT}),
-    {Host, Port} = host_port(Server),
+    Host =  get_conf(host, ?DEFAULT_HOST),
+    Port =  get_conf(port, ?DEFAULT_PORT),
     Prefix = get_conf(prefix, ?DEFAULT_PREFIX),
     Tags = tags(get_conf(tags, ?DEFAULT_TAGS)),
     BatchSize = get_conf(batch_size, ?DEFAULT_BATCH_SIZE),
     [{host, Host}, {port, Port}, {prefix, Prefix}, {tags, Tags}, {batch_size, BatchSize}].
 
-host_port({Host, Port}) -> {Host, Port};
-host_port(Server) ->
-    case string:tokens(Server, ":") of
-        [Domain]       -> {Domain, ?DEFAULT_PORT};
-        [Domain, Port] -> {Domain, list_to_integer(Port)}
-    end.
-
 tags(Map) ->
     Tags = maps:to_list(Map),
     [{atom_to_binary(Key, utf8), Value} || {Key, Value} <- Tags].
@@ -66,8 +61,8 @@ emqx_statsd_child_spec(Pid) ->
     , modules  => [emqx_statsd]}.
 
 emqx_statsd_options() ->
-    SampleTimeInterval = get_conf(sample_time_interval, ?DEFAULT_SAMPLE_TIME_INTERVAL),
-    FlushTimeInterval = get_conf(flush_time_interval, ?DEFAULT_FLUSH_TIME_INTERVAL),
+    SampleTimeInterval = get_conf(sample_time_interval, ?DEFAULT_SAMPLE_TIME_INTERVAL) * 1000,
+    FlushTimeInterval = get_conf(flush_time_interval, ?DEFAULT_FLUSH_TIME_INTERVAL) * 1000,
     [{sample_time_interval, SampleTimeInterval}, {flush_time_interval, FlushTimeInterval}].
 
 get_conf(Key, Default) ->
diff --git a/apps/emqx_statsd/test/emqx_statsd_SUITE.erl b/apps/emqx_statsd/test/emqx_statsd_SUITE.erl
new file mode 100644
index 000000000..2855e8ee5
--- /dev/null
+++ b/apps/emqx_statsd/test/emqx_statsd_SUITE.erl
@@ -0,0 +1,29 @@
+-module(emqx_statsd_SUITE).
+
+-compile(export_all).
+-compile(nowarn_export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("eunit/include/eunit.hrl").
+
+init_per_suite(Config) ->
+    emqx_ct_helpers:start_apps([emqx_statsd]),
+    Config.
+
+end_per_suite(_Config) ->
+    emqx_ct_helpers:stop_apps([emqx_statsd]).
+
+all() -> 
+    emqx_ct:all(?MODULE).
+
+t_statsd(_) ->
+    {ok, Socket} = gen_udp:open(8125),
+    receive
+        {udp, _Socket, _Host, _Port, Bin} ->
+            ?assert(length(Bin) > 50)
+    after
+        11*1000 ->
+            ?assert(true, failed)
+    end,
+    gen_udp:close(Socket).
+

From 36c7785fd0d9633bc516bd47e7a478d75d2bad9f Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Fri, 25 Jun 2021 11:47:18 +0800
Subject: [PATCH 098/174] The config handler phase2 (#5052)

* refator(config_handler): handle and validate the updates to raw_configs

* fix(hocon): update hocon to 0.8.0

* refactor(config_handler): check and apply envs only in top-level handler

* refactor(config_handler): update config from top level to bottom level

* refactor(emqx_data_bridge): move configs to emqx.conf

* fix(emqx_schema): remove the extra config path

* fix(config_handler): load the emqx.conf when starting emqx_config_handler

* fix(data_bridge): API not working

* feat(config_handler): save updated configs to emqx_override.conf

* fix(config_handler): cannot find the emqx.conf and emqx_override.conf

* fix(emqx_config): cannot find the correct path for etc dir

* fix(test): load load emqx_schema foreign refereced apps

* refactor(emqx_plugin): do not generate configs before load plugins

All configs (including the configs for plugins) now should go into
the `emqx.conf`.

* fix(tests): update the test cases for plugins

* fix(tests): don't include schema from apps when testing

* fix(tests): use emqx-ct-helper branch hocon
---
 .github/workflows/run_cts_tests.yaml          |  10 +-
 apps/emqx/etc/emqx.conf                       |   9 +-
 apps/emqx/rebar.config                        |   5 +-
 apps/emqx/rebar3                              | Bin 0 -> 1019824 bytes
 apps/emqx/src/emqx_config.erl                 |  20 ++
 apps/emqx/src/emqx_config_handler.erl         | 214 ++++++++++++------
 apps/emqx/src/emqx_plugins.erl                |  85 +------
 apps/emqx/src/emqx_schema.erl                 |  23 +-
 .../emqx_data_bridge/src/emqx_data_bridge.erl |  46 +++-
 .../src/emqx_data_bridge_api.erl              |  46 ++--
 .../src/emqx_data_bridge_app.erl              |  14 +-
 .../src/emqx_data_bridge_schema.erl           |  23 --
 .../src/emqx_data_bridge_sup.erl              |   7 +-
 apps/emqx_management/src/emqx_mgmt_http.erl   |   2 +-
 apps/emqx_resource/examples/demo.md           |   6 +-
 apps/emqx_telemetry/src/emqx_telemetry.erl    |  13 ++
 .../emqx_telemetry/src/emqx_telemetry_app.erl |   7 -
 .../src/emqx_telemetry_schema.erl             |  13 --
 rebar.config                                  |   2 +-
 rebar.config.erl                              |   3 +-
 20 files changed, 310 insertions(+), 238 deletions(-)
 create mode 100755 apps/emqx/rebar3
 delete mode 100644 apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
 delete mode 100644 apps/emqx_telemetry/src/emqx_telemetry_schema.erl

diff --git a/.github/workflows/run_cts_tests.yaml b/.github/workflows/run_cts_tests.yaml
index bfa1d1394..487d8fae7 100644
--- a/.github/workflows/run_cts_tests.yaml
+++ b/.github/workflows/run_cts_tests.yaml
@@ -50,7 +50,7 @@ jobs:
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
           docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_ldap"
-          docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_ldap"
+          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_ldap-ct"
       - uses: actions/upload-artifact@v1
         if: failure()
         with:
@@ -120,7 +120,7 @@ jobs:
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
           docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_mongo"
-          docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_mongo"
+          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_mongo-ct"
       - uses: actions/upload-artifact@v1
         if: failure()
         with:
@@ -203,7 +203,7 @@ jobs:
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
           docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_mysql"
-          docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_mysql"
+          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_mysql-ct"
       - uses: actions/upload-artifact@v1
         if: failure()
         with:
@@ -278,7 +278,7 @@ jobs:
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
           docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_pgsql"
-          docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_pgsql"
+          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_pgsql-ct"
       - uses: actions/upload-artifact@v1
         if: failure()
         with:
@@ -399,7 +399,7 @@ jobs:
           printenv > .env
           docker exec -i erlang sh -c "make ensure-rebar3"
           docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_redis"
-          docker exec --env-file .env -i erlang sh -c "./rebar3 ct --dir apps/emqx_auth_redis"
+          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_redis-ct"
       - uses: actions/upload-artifact@v1
         if: failure()
         with:
diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index b75e12a59..3387a6439 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -203,6 +203,11 @@ node.cookie = "emqxsecretcookie"
 ## Value: Folder
 node.data_dir = "{{ platform_data_dir }}"
 
+## The config file dir for the node
+##
+## Value: Folder
+node.etc_dir = "{{ platform_etc_dir }}"
+
 ## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable
 ## heartbeat, or set the value as 'on'
 ##
@@ -457,8 +462,8 @@ log.file = emqx.log
 ## and Erlang process message queue inspection.
 ##
 ## Value: Integer or 'unlimited' (without quotes)
-## Default: 20
-#log.max_depth = 20
+## Default: 80
+#log.max_depth = 80
 
 ## Log formatter
 ## Value: text | json
diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config
index 5d48e06a3..22f31a345 100644
--- a/apps/emqx/rebar.config
+++ b/apps/emqx/rebar.config
@@ -16,7 +16,7 @@
     , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.10.2"}}}
     , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.5.1"}}}
     , {cuttlefish, {git, "https://github.com/emqx/cuttlefish", {tag, "v4.0.1"}}} %% todo delete when plugins use hocon
-    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.7.0"}}}
+    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.9.0"}}}
     , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
     , {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
@@ -28,9 +28,8 @@
    {test,
        [{deps,
            [ meck
-           , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.6.0"}}}
            , {bbmustache,"1.10.0"}
-           , {emqx_ct_helpers, {git,"https://github.com/zmstone/emqx-ct-helpers", {branch,"hocon"}}}
+           , {emqx_ct_helpers, {git,"https://github.com/emqx/emqx-ct-helpers", {branch,"hocon"}}}
            , {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3.1"}}}
            ]},
          {extra_src_dirs, [{"test",[recursive]}]}
diff --git a/apps/emqx/rebar3 b/apps/emqx/rebar3
new file mode 100755
index 0000000000000000000000000000000000000000..edb85b3c9ce6f8c013f1b57c2e348c5e96e270d0
GIT binary patch
literal 1019824
zcmaI7Ly#^^)TLWCPuaF@pR#S+wr$(CZQC|a*~VM$ukXDPH~vBQAY<psK@Qer?^yXH
z2@!*<vlD}nr5%H*og1O4v$2z<g9{898KIJ?k)aa{AqzbdD?JOHsjZ_29p``NM1(ZX
zMlP;|G(t=;3euops6aqKP(b%?BT5wc&#0&WsR>{pApHNTk&&&dvx}jzg(-vS|GxkK
z*Yt)C4z>!i*29c&y>IGJ`LauT?zAzk;Y)*FuzVAdX&GBhjj2OW-*?X9g{IAd<!`0s
z;KnX(;*Ei=On!4g-+#Tp=a=a~Pxv<h(#qP?8GS@WP-GDCOY#k)GN9LY5QN9YB1DAv
zbSOTdVD*zk@i+efg?0Xa3_6bwdo0<n%yflNV%gJKv0dCh5CvK%x_Hv7CoX7%o6Ck?
zEi|W;s7+dFY{k6u{;`lA8z`ufj^=VM$M*XRtYP`k-xuxGT$>fQWc@Yrv)o>sV$Ci?
z?3;ayczv*Pt<6Bzuj2E?G;{AhEEGWVZT<lMpAHR(<$ezQXH5wc5D>xt-611WLt7sW
zZ4aE)+;xD&YvUz~7=B_x$TTTQQoyxI4A=&A;dqyZAXJ3LKRH@WY#!n!(h^5{QeY8~
z5;_bK>Fq)c$oA(w+k$r6?%lHPUBAy8l<jce)6duKx4!FPepmlr7Lswp;USFq9G2gw
z{-2-p;>vKu*id2P{h4D5M7gf;agjnl9#oiK?A%;kjq9$|OU3g3BUWoUilqwo-CKk1
zCC4kf-c{To?e)yeS`M0AWkr7`b$ia7A66RJIl<b!LUS-19g1r=^jt<?oNLb1EaDq$
zJRBFfF1cn{KcBWG)id^m@=UYo+)QgacI$7saz)EI@f^AGRji6O^eq7H4R_tL1A0yw
z&w^td4^rK_cFDh(Z5WrX!qXX5be!9n2Pxyl%nR;ZuTn+-y$c<6`>wg3Wg;c+rhk{t
zMRMEC3459q9X_{z%Wt_^o<z{vTNikW7}&d`Z``VnxLdK-FKBIUpp}0rSyOyjOe&Y5
z1-7d=!a-)uFJW)O)>hok^VO^yb}d_dDdu?s*A&aOYg_(pjF!38yO|*UIGkR}mb>|u
zD}@hh&t_V|uI0FxqhIdQmj^f3s*y0OTe{@-nJ6_AJJ*WUGI4sth`A7z@3%AWRJiP3
ztr665oY~(GZ#be;zmTu-S$8dZxsxZ@=nN0hY(4Y;8ICwa*SsE*{T@ir&Wv}@r4BTQ
z_`006s$L${()Wh-*{es06TR2st0HS%WNf^t?f{)l+j@e&HAodZ>Z&GI%zP6l1rcP|
zs(n4plc^9yRWCq8;_L2M=$rGe<%<0P8QP6>L56Wx_%0O@`N_WPp3v!CcHI>2okXXm
zC?0TcR<mr$lG|U@%HJj&aNp4wx8woxt97h$zaCNSp!J#ITE)90n}k!#e-fBSl3^cu
zt38TP=~fcm;0f4K?C?--&=vp6zD@nMPUuecG8Xilys+ziH4hyeWE*(<B>dC~XuVvN
z3J(aZagyYFQ`x?_>%uz-H0BbyVk8ssSj@%QN2Nrxo0AMkR}dlK(AlJrK}2D;Mr#Kd
zQNiHZ{csEq+${U;u1&ehuU(<eeHS9EE9(o#puVxoNc)bsXdHFxfc75;DyD&qymf}H
z-6A&Cbgpy7W72Q$^IK_mnBTB4Zp-2{y6ZGv!9Qt^pdlMOU37IEC=VmX0-bb~5Fij<
z6*FzTf{Ryzi-eaLyT`?0TWhOxU>93I2xjvzxGP(f2ey^>$}PAl&QA^SRss%=Exv+<
zmRo+sTi?U)etk7(l+^X+;j4=Oz%!5y4=i|oW#EKumZR9N;wnsdCpgFPn)tP6LtSz^
z@JuiB_S(O9Q)V&EU$sAD+h%EOW8*T}UV@P(q1QCxCmkLG-+jIYW?^;AxZ#_bfrG`u
zD${13D?xiR+3-;xqgxQQX<S^1%JU^yp3-Zy2PD+B-nnF4vwY0Dx02Pz&?#%<FUeYl
zkg=E$jr6!}ppHf&ZtNjuRJOYw@~X1K41-rMoc%Hkqnj`{%wKMa*2BN1_muYi)70&*
z@%T-DZETNet@LdY3UU{2YH@cITpzTr!e!`DHV6&Uqs%yHqh6lrW-Z93G0MpF599<5
z8#&xFEe(%o>;;I6jXluGtPmicx4k)PU=UFJW~13C@y;4q-X#MoU#7oMEd%{J?47fe
zO~FNl!-mxZ{0go8SGNoI+zjH!Tn`fo5t9^^j+pM4YYvCI;7(9{)%b0(n5$Us>OsvE
zkHW^0t1Aqxc<YMD*sZ?2;>RtP*8pQ^j(jwTh?(pvagcqvCin#S4bz+aWk*PdB$_aP
z7&3@_prjM;JD3XEAJVU+iDK;^J#gVTF0lIzRcy>eh<1<G5znUq(=X8l8$H@K!0WMy
z7wN2hqv+bcS+bxXre80XZGOr-6R*+PtbRu!9a!wUCD~qiFN1m64zCcV3$tNk_74EF
zh;A&gOcA2xBW=A{xIGN!^q7Q~XD3Rkw#J|obPwBg0K4v%XZ8F93#d#R!a0GpPxrX}
zaTj!E+PFOk4N9C$Otkj~>9m}DMC3J}CR1ajO_a86V#*;x?0(i{SXE}tUhC*zSA8^n
zQ<v-w<Xw6<OP}$mjr<^tY3a-qy!73MmOsp?X<~A6>8Gw(;h=O_tpx+Kpsy53rlvw#
z%#f@lCK;198%ON}^}o>S<LBQ%KF-qteWaQmd(ZLXhs<4|a5AF<1*EXXoi_n_s63N<
zVAs96M?8_dGe(9$$$iuW5c_Vm5#H<1AxR3Zxp{3cEoiWxS$66{LszV_2J0{@BRG<M
zv83a^x9z&3*wQ*g<k>ZXshl9*Je|W7w2e^rDr+81X9qHCyzO(7JfjjW=^MoliD*nh
zQw($>o*c<ZY$ev@rr6A-GMRGI&Rm;xlk_Vxa2fuxQM<HW*)Fjf^lH(a%w9bFJKP3N
zyXZ+b#=>?<)rU`u$V^oaiqwChJ?KN>$Wqf-`*2{SPfwi#3}Q#68nedT4}50aQ+&X_
z+=%5T>T>*XJr9dW1&gBXQ>gy}sQSFaqNYn6T}Fs^6<t7f2kkLBY3Xb_Tx5=3BQT8@
z6XmbMcrm-1(v?B@{I*+10-q5cZT{fL-r{S~qc9plb7l=Lp0Q|dr>f1Vg9}nlT4H+g
zP&E>hFP|80q)Bc+$aG~0E6%4YrODtlfygE|<lGBYU<yTk=9fq`s%BnI3e1~)^w4%<
zOtp=Rdv^inKo9X=gncA;X_ufp@)Eh}De01^)Z}jQ89e>7&XJ-R&4um&Z<2x$WqUEz
zJaTs%^)SL&OyBTfsz{}OijC`Re8S&%9*~LZhHB^He7B3;FLlTSrN1NB%s=Gx6P;2;
z-^@2$9O>BL=p}vyu4<}>$#4@N>9gApdrTT1pZlBEk!T8R^gUn>-NG}f2k#10hl{h|
z$xHRx^j2APcDU(7<?SkwNb9ZG<CUP@-!IQG{a#}_X}K1U7rUQ~j_yS#vbw_nE2<jc
z;@3NN_oBZ2y?XZI6p^K<!jMuXqZUyHGjY%J75_)`38;tVf<W@48!NtCfoqwOtDBg)
z<}2=6x-im&MMf?@`m>y(yjs_XF`>y8wF!(`ZA`GOh|*-aDLZ*JiPfqJCe4y`RZN@r
zujD(Dli%NCwNYQ}`PuYfmFPY2CZ0;-)D<mPMZa}mXJOpG+k76TZ4IMB#`#1DL9-1L
zzoMwDc@*SoT4Hw)$=%-|4gn^31t9l8BeIr0Q9hZ?0ZA^j<x1W=^0t#s?@F<UaBzhX
z6HGqY3J2j&ff}ok+t}hSEGqwsO?Iy4!4QQzA(?VfnQ}v%tc01ALzM=n%K2xV_SrP{
z&S=10O*+VrN?}D^y1gSBIM_`W!S3XvXIk#8EEOsUfLzLK%7!!p@?SrRcz~{`5)g&?
zvak?_f?NEckPFU+@%u4|@F1rTA+pPO;{Ew;qL)HA!FUjK9UntHMh3zZ=P(OZlyIeb
zlbKvX)SF@yOK#5`p)<2rP)!Y@q9Bz~%kVCBj>)p%-$}=ycGZFvItB{98=$`lfTc;g
zFpTIV8l$kJ&6^Y;NLd`N2%ej`k#^M$U~1lwG+6p#!wZ-<nQtCwZ8i}-($q#+52&Kb
zWL*h|XJ}J-No2w4v@MopP9Ja`9EU?ZaKrdrM-}4F=EZFKHVfi7UCE7{NMdKHwswqw
zBYsA}k|V}ZFIUxq%rypc+F%U4jg@%E_R1CNK=i9T_R52D6S9O7Wj=X)td($Y(aOZx
z{5)=043ZEe)}mI6g{(-SXvtRI$19jAGGs~^HXLrg9ab?Uxq@I8d4oIn^Fmw~|7$LZ
z2*<pY4-^$yC6Q;zLbQMUXrm%Vl^x)@o-N}AfWl7?7R<*+oySTNrw%i7XXMl$YUI?q
z&z255oiXVdg$7trIbBjLSCh&O4}hN|{M|;G%C5$WIL$H`E{Lu?NnC_i;CQn1VM<>$
zi`pzL9l|-8J+Oai6|s1Usj&r`h_j$qFgO)nDs>J<AcJEjg)~ccf|2fVB;=wpT^Lgf
zNarYzEG{WYV5vTfwqYZErs|)mm!$}+18kLMw1O+xx*eOU9yGCbLycEmi4l^Zq6E3~
z;LS4r!1E*)aYB=~Dmu;tp^Y1i_6}j~keouiMZXW)9%{z&luxc1_tj=dlFk+*2L8MA
z4Wmj@R(eP|By-5_z6=;AP`jUQL|Y`bf7Z+l$($m+uK7?o7K54a0nqNTvjkQ5XTEUQ
zZatf#ry{3IlrgEcP;P|c!h{wkS=tX`)05mjsY{k4C(iK)HUFMIh?o;|i&qYAYf`q3
zMg$V~DC4rRhCs>jTt;y(i(G^84H-D#Ge}RD-*c2?moc}SU(qzQ-acHgBqC+5M>S;3
zp%d5O!Zen@oKTRI2+5g#t$f7fzq0&jQhFgo(Z2_(8LDzEg6|vC6v@sRbpr7LyGW^v
zl(#_SiXn2tV%ygUnHNIl+O7x4DWj*MVyAM``M)&uTYXk1^?S*or!{h4*K_0hqhhHF
zin)%5TFYuxUWYg+i+CxTSu#HZj4S%~vyh@GrJ`k)Xvbt$$aqo_%e^?Z|Jdo?DnOA;
z9`V08DiD}66Y7!-+nOWeR^Agp((%cAd_h|{5JZhn!k-Yw`VT-&hI!{dclJWrG1NIq
zBXM-0U{{FCE81%yn`dC{Ub%;|RIHm<=!Gj)Y*Mn6H+ROEj<KZKn$T8GnZn?EY@L0B
zc=QYQRBmLUW0^%am->=9qThI@bE56i<*fs#toFn%f~Z#inOB$>fNw;M(+k`4qp2Bd
zXl+JT?>ylPIFS=8R%_nT#n5sIcQ%GDri7|Tu5&80n^!InS5Z+PWysN=izWa@bHtP@
zZXU4yMEj8wxw#Y7(%(|~gH69k-CJHN{XikpR65puWx`iq7azdk6=Lyoo;<+d4U$YW
zs*OZkj0ulWUJ)Hxei!8<8knFJy+KNP%L8lbJz(X%0IosFV*7zOloRy-QeH&9H%A!=
z0R8r~2uWS~XQ)@0t$bPJh_KGRFKQq&;GDQ8R6L772&1SMavZzx^WE%w<6_4J5nhLI
z9Ke344nYy$H^qC8t6$)nB*0|!ofQlLBlR$Yp<xb1jrldYhZ<+#oK_-IjDovRX?B=Q
z44Kk&$l{9%+6|G^#E*@ST6a|ApyyHBFCDVU6xNp|UW%oC5Z+Q{Fkhs{aDOKynw7yp
zez+3-sOtB3)$dz3-7~4pe^kRZ-9xL5f30Hh?gh+2F7ozw5cdTL84ds037VR|#;(i<
zabcW1>}x-WN74@^=x_83vB(p8XOlYERB;Zjnxpft6XX*n)NytGd;4$ga9%{sur=Tc
z+*f^NU}T<ej~`aX#t`i4fGuqO?A+BkiwZ8C@iyH;%L8F+hnHwCnEj5*c4;9@ae9gN
z<N{&n$69l^vSYlvpwCptBT#)GzUPw2Rwq>u0?v`jnq8aA|2k56&0tR=Fnv4Q2V#Cn
zS5vD)lwSBOfAi3q)zV*9_C;R{t={@e8egE!$~WT%)&5{hq~93#t)9=mVX)chY5yk-
z<g08<{|x{wnh8aDQRfMgVkU_7bg`F!z3@_&<i9oGE3XALE~)>sF8Q-=x#SN^eIWL>
zCil>$22;{g{9qcNueE$;TZ(x4m-LWIe`(w1z9k84t38$UIe94p&{Rz}s-98yzyKL*
z<N+P~L}P(~F~bbS_ru%MMMp`0SuXt3<HW7pZlS_P%ne_3<55A$%>3Yjv<>!>i9gBy
z@)>lJ4)a{I%qLgSC>3=L=U9|fx;WuJC??M-q9UR4fk&6m7~_NKoD0vkFX}+oWi<9c
zWDDr>XM;W#Yc`RqoZtVz29bQ)U;n4z<uw4qw+}i*S>6x4v;2{bFA&Yk6=L^Vi}t|(
zNID#K4s>T;OmcKs#AdRUyymhhE~n(<jqTe8Q(kBBwH?qgrd}~F6<i17^lf@jq}Nh;
z&b-9|Q?cYS>gg|Gl!a)wNXtj8R?8pXj}+@LZR8%M>Tx7W`^V9^9}qXDUMYY|I^q-V
z*UX3%N%s6DKr!n6y+0T9;`b0Z)_*n6NYHU8&N@sRMZk<VOsz}f-yqq?(D!zC_=)|y
z2mJu*!e2EScxtKCjYKg@rt<aUiA1Z*4NU(_u!$(wd~O)~dyjf9?8U@NmPs7g>L_|&
zjP{^RZDZ*lAXyE3O2#%&l6*M+&%oe4a?D>Q5O#UsF_}%%07d3$<f`0n*L$+w*8l7w
z9l2Rtaog`S3Ncf1OwY)QSs<LP?xthc*CJv5Gf@V+-vwrys8fmvkgyYSCXO!vNgp3L
zJx?(rUco_7=@sl(SDf$v7v({m`q#ga+OP6KAAtOIl0fhMH1H0}t!u7$#5nUcbyOd)
zPnz(2rF*E34KrU|71V^fr*b5R)w@1R72PKg@>u-P{|2z;eCN#gGLu-RT51p7pz%W~
zCm>=7nO!8ZiI3PPzLtF8Q5yhy(>`H8&<)q>SN_iELSU9a^!$QdaU=eq90z(q#Q!A*
z;{^upR~InwkECZqo*4lE;_?0Q2=YS+eiG2rvHrosF;wSQ><1j*cK}F+k;KW?j_m*N
z!l$Y49?1TNKMMpUBwgn7{-A5{fpc{*e@7~K;K!FvpPkzam{@(uGoZZrKLD61^C3?1
zbsy^gzW4tZ)cyYEszSS<ielg9T}oC_Tx?|KA<>I4BoC+zk%FSI3dNC&U}m#~MT~$?
zLWks#q8yWx!hj4#McG*+O$I?85O+o0*3rl}1r+HxP0<lM1>;VYey+>R+FfnGt+jjJ
z$@_o5=<9#0udYaIC-RD)rjP@{V>|H|NN69mk}aVtrncRCM4$deZfeOK*TzX4I+BO)
z88K>)P4xWIjB0^@XCrJEoo+hy*IrC8I4~zs%`rJRBR;_f2n<sjiz)y?S3QT01;;C+
zBn0M<<L>~g@N?WNA>md(0;1t8c`oB~_GB!(n=vx7PL6#v<vd4ZEWLs4&TtfSh;7xQ
z*z$`!6~WFQJi5yk8r(1e;0jbggSmXAx+z<({Vkxco{kw`)bZ{(fcX1fq&|PiV9_8k
z&gYUaRH(74E>A$i_y7a|6?o?=txp({@S++3(b(J~e@%CT@hJs4Lcb)0f4BUVegW~x
zCXhzO2}GC{6by8Y>SKD4PF>3k={nmk?5apPB?94x<whB%gUFDMKn4DasXD8~tAHAA
zM&oGJrWDb^wdA}*l3VbZAHmQNn;f?xRbt$ByX1&ZuxN9HHXCS!hXQs{5tuI2*qs9H
zhPD!)2E71=Ix;>mK2UFf<sLd4H>{n&4}2Mn6yMK&?*wI1G<KA{h%f8R&04SQ41+Dj
zdS4wR&Ye!>8|)=%o{$yFNhZo&d_5=3+~h5IjN>87{^@kVQ#g=E=8>Wy)J!()Mnj0X
zNs?QZm>;)pvs<D}x75zdFWO#C)4%!!9+d{QI6lNr$B0ZY4gM&o`mjCqZBY>Q#a>Tf
zR!XKc=E%zrpTxR#$LcSqz(0`}2u0<+HsBwGOU=v6pH8G3Hu&(NRPv<fFVy9-N8znf
z)xKRn(07(DZJrDMdLEQRYc7`;w!|j7(1S3WS@8}bXbsn+lu(+De*pvkE!DF|tQ&C7
z@CXP>!=&bLRV*FO0@@6_Up-k8Ex9d2K&L>ZxTBI?g%Pq=Eh!gtZV+l0rYi)+ST2?J
z%$kk621lAF1MN3!HZsrS0Q>WlqcWBadDZ$1ObGVnuh^MGpDWrwaUFFHy;{E%FB};X
z_1qh%AAYDZSX4c`#8z>EGpurb_|W=UiX+7eiPHnUOPsmnYVm|90gg8zWH{x9&{AJM
z0I6-uX!YS2OziOkWNiuR$9iwIQH(G*Jqve%ZY3mD<|4hQRk2)acEJuaxXlRt>^Xig
zz&G#!s529X;E)-c<o%%<37VLHW`z)_;0$$lgwO-kC$H{_M(p4!ajMv}6{5zaFmJgm
z6o=?K56M{<e0m)U-eYT6=B*}%&3UX?P1^;cm`CQ_FEE0}7sjB~0P9i?KxW=iL#?g)
zP6S#F#%K7W(hfwDNvDxw6JBIOL+Rn5v*zLsri)8d?Zn<hnPp488mZ#!p<WVr7JR^(
z>HZI{9Uel_(akwJN<TV{?;qwFY!lA%C<x_L0VxE78po+_n~OW?Y8>;uasdk-NHju6
zu`u*_$e-KOv>amAn@UfIT*@2{k7`b~`agwT#h&S?ULzsQJ>vt`LKYAs<l_}w3RLMl
zYvJebVajze1+MtOOucB(>JA+3c+fpGYOfB1pc}JyP-Zq9_xa{pTsw2f(HjY^VCJ*{
zGzcpY8zvMdH<OO-hMXh6%qOskO~W}Z`jqBi_f|=FNRe0$2l<6eaIW@HSUmh2xE-vF
z&4L|#KaZ`)Is^!{Kue%95=Q;UI&b(Kpc!0)Kf?UEa5*qC#beznvscSGda{m7yuOse
z$$vc8@8EJE5M=T9R=I|fXS;L4AouctB1dH0|NQNypNiUTgnFnW?HEIwaKM8zqCV_E
z4&366J1SY3`sflgd<a?Mw`50y>TQDXkcJpwWxPKIV}#Wp#e_H-EE*`nD)Whf-XH!l
z9=s;MHt<?G%n&%)&T!C1u^V^rZa^UKE4HkcgQEx{W4d8%W6Uv%8k}WhJ`wjsT)se9
z8*WM8E!kggVP8JpUoY984`B<dl=p9oJETPs7(pFw(0?%G-9eR)ll&z@!8d%IWEp+U
zm^2T9PG`!uYQR>mCC~J^l+Ah}|8Ye5EvY1TrkcwWJ`4BGgPj!*c>kGU{O*QL8(6C}
zc$f)))iczx#Vq4@u_MNeGt4mmP#cSe3qK>qRrYWTW^d?=8e5wRJq1K22;@&32Jw9E
zqTOc<1Hj5KPH`~z6E8yFH)HJQU*Vo&3%@<ta3PPfh5dZa9KK@m(UwlOn{bD@S%m$1
zW}Hwc1xjcWFt(PBGM9Lr0d0oaypQLrZ#Oeo2_>;}8=U1w&&g>uSg?E9{w1!G<s1wL
zXp{B(la%r96O+FA_yV4f0IA#Hh_Iq4d?v+QUJr}Ux%~YOyab<Z7!<K`z7Ctk4d2?Q
zQ=MDKla&Di+)lprH{2epsnOXZc8pVZzn+uaQCIDD-#Y<ax3)JS&*$aIZgoB1e~+<v
zXY!b2zFjHZrM>xL>M0D{J&g``)4`9+%td1G{he~}6;~B<Bowx}8r+=rONAm=?d)P?
zy%^t<E9-TvtyhdyE){BS23_?(8iq=D*L%6>a_^1SYwwnx$z^nWA4WU-adWW@SzVu2
zYr8uiJIh_$ZRRsi!}HId(>JSqfRW?3bc9D2UvjJI$XS{?wp05L@zT%YOTVu@*{8T+
zqAL0_wk}XM=^xepSw6<M$sKR!|2FJzmgGlx{g=xwry}Mq*iVHl9H9>`_~a}y<~4D%
zTe1z*?E311)EhFnpxG0r=cF1;Ph4<nBWt(dG$sJ)29PlKpjgu%{eW1*FLQ%ptUb6_
z?=X%)zNs$(h-vdLaf4#apM=l(+&18A<kMgJ4T-Szz!T<tQv(sKejpph>CiobV9c^s
z|Abs<EeZi`X=|1MLu_w?unWyOgREyg8S|ca*j*YGmPUU<1z34?lv+}OL8YO>Nmtdu
zbn47c#^1mw@Je}`jD*|=hyH<ynn)C1uT@UK8u@vAh5zyK(pFc~WtG#Mmwy#Ut9U|n
z9W;=tcrKXKJsDY!j;e;Hmb$WrjutaJV{2IpJ)p2A=PF4}T|0-pt)j1{h_trEMaR%r
zl(4p_hO)MT^6N^PZ|HWif3UZvs-vi{gte#S=~s_A@k4Ayb$uN@J<XZVUt6MVePwA2
zCSw3t^ytEV{EJ-cK}0zVgYFjpDUyO)8^(mA%!Ah+(PB?a`=Q9e<7C7f5>Kw7O)P&$
zz!y+ERA)b~-_O|oS>*P)ZsS9__x4@2veq#Z>b$=Nkg=t=(rC0pzO^9uIPWOxXytiq
zceRMM!B6%#5PhjzdyjsrxoN#WU-7#;nX}LGahl!8cSFZWWpIC;?BTgK+LD%b^;!r^
zQB4(|S9AXTIqGhDKe{>OIfQr+dAK_id&oaDbIk5g-XXh1e~a)Q^*tnd=<pEgq15|R
zAGJP0FsglsXG9bMH6nFO<W__P8A<X`LU$q8LmF(7gnCGRBMG^bNQ#t7ii~j~y%d=b
zM=UbwkR&daBt9WRnhr;fm^?nAp(G<EK}1D?R+6=nAX$>Ol6YYPktvEjVbqksD~m0O
zk|~`>G>;tI^EWLq)dbBmwnu0!Y1IT?Q+zF%WAf7k^gX~whCNAsf_zD;EdlhHkV`l&
zDft-3DauEBE}{9DmrI;JLHZcGQ_e1-yGvBuD+Iro#!LKLZ?}@-l0Nr*_xaWf@tdDd
z`L6VB)%SzYH-cY<pzQ4O{llVHkYRQDS*lm6e(~x>^TVcB(S8Zz+<zhcT>2&b#q1l+
zw^vUhE)nI}`l0^!jL>nXALxHRevA2{0zLmXOJDzo2VnkJjZK|gEX^$cUpC<X6aNnw
zkihgG7=RS|_66hETqRf_-OkEXy5M3VmMqjZH;1hGC&|Vl_Sak0SVY2g+R-as{?0CC
z&a%ps)Y>DKUrEGg__i7sEo>_}o6ljRxr#%IBw4B}B8qL#?b^g&!g{jG-Ys@9H2ubH
z5W0zxk8zVTWMnJSym2}LUmFIQk6KUfXWBgzl)?TS-U`2HNyT)>B8;}QxoSNFNO~@Y
z>^q43%k$vHC!}V0Cy93mXVh9BINbHq%@3*dW=+Iq(b{sW+%$x0*xDivY;ZmDgcrV2
z6po24KJ^*e0^4dCpn4r&F6;t>Ph~wg{#gj%#h?P1{>j$=pH5L4m+*hq0|RyZx3K<C
zPW^8{Kqd`b0ab3}_wM}Fg0w^ko0q#J{x<2B^YR=b9ziG}!49dUyBj<asYDtffuH*?
z;Og_|hvjb0=k@*eX~xgp+}zxa2z$#1$iOx?rl%#VB|VQ32<RRF%U{-78;-Gp5M^xp
zF25<1Yr9xu$lj)5hp#~3j8g&GRT~aD1G>8oY;_axQh#lAVHEw|e$P<EHB?ZS@yoM{
zvJP%`bYo+U;My8&xZ%aA-L)mq-2TG+D_{vE_*(zA?|SqL0`g@){R=y%zYtI$g9L*N
z3M3H@2_%7BXtrb+1oRG4;j;A$(UU>A&>u&yd}&Wn3Pd=!GE#B`{wPHi5Wzy%aP9#t
zSSiDST0{(_pez-Lkcw%M2rWot1q8JFGYeS}ToQ2qI~folsZ=rYn_aT}clF_M;kzA~
z45Qs&@r41?U+BBNydUUy8S~e2rr+S3Aod$0rT^fYXa4u`SHF1T^E;m6*I%#WceU|%
zIpCMq;b-~$*Yn$&vPywL7pMUnF~I0~iou*7@;f$jX&lF0e;*t+4~12~CK)BjudZ!Q
zj;V!_$;*&ce+R`C)nH?rlp(fhAV9uvou<>8=ZE<UZETNmIk<B<Tx8c%hn1Bzr~i7O
zVe$IfkODD%e*Se(HIy&(Wp}h<xAO(005hg)@BJ>ZN6y8C2?9uxmYtI>lwwetR*$wu
zeVKVzvaijiM!+?|rEQxN1jw;v+TFz*9M=yW-G1l%fRRZ|4u~x3)|nSoiE9`!q~iVx
zx5I_hv)4PhK3p5x*$GcS(ib|a46tW_jLbuZ=IE`x&AO_b%{}vBF*CH*2}0g~b^yn7
zi!<Eju|%BIq^g1=+}vQ;r(YfSj#hl>gX^6s&3EC$+nJVtlq`ZraCNQJDwPNwaHooz
zGXFBSXt~bj&4LULhUxLgdkTWa16!FXWGQK>=A@H3wqW5!bYr_<y|)Uo->)iI3oZa>
zu%1){{z)m%Zl*k6l<;*$k%>{UPN8%WWUM&Qyh1Q0YF)JCP#O!!u_;j_-SSQi#_Y)4
z>>D<<PXKC(nYJ8`ajyWM&DDR~oNQIIVDyn3=g?x!C?%!9hpi9>&bA9?Dr`7)*Tunf
z7S_7UTmCy6UW*?NA2#pJdR*}P6Ix&&PletS?}JE{#TCO*eS)qI?D#h#C*nJ#v1v|p
z+nwfvT)ltH_2j)sDMGro2-AqTHs{Qjcuv)nq1q_@YTBlfLI(RD)jMwqMVyDJ8tW;j
z%j$2!G@ZWp_(%eqXG$f!@RyqY@~%1>DoXegD(8?&mcEJ-0ecMp$;T*?k@sgdoe_al
za_?lMwHP4arb+8F+nwUT*}Bl3SUcHu@5Y{68<sLF3#ON_NHc#_Fvq^0xE(A0E8N%G
z<5P@F!*3xndRsl!54_6E62d7*#IH|{jI^xi81ti2AHwoYpe(GwfvaQ*iXd?>Y>ZKw
zQ*h(;%|f3Fga#tTDW25mo2kP)bhZ5(`5*4P?2+BUY11oQcFXl5DOC}u{Hd9SCI{J=
zUZLBMPzXZz+K{#+Y~JmfN>;Hzy{Yqx#=8Y9%dqNQpRZ7WO~es#EVcoaVj=OXPtpnD
zY4?i-k1!j@edLIk+4Sdp%pWr*RFFG4Mwb-EzaS?n4y=4z#}OZ7U;8_=Ki5`Natc`t
zV%$zw+3qmK5Mg+2Q@)b=3>don9i9wyD58RY)fXsM-7z4bfWKrMH>t&hQsH1lQ>Xm@
zmZG$md)p$WZ-5jG<U0`t2nAe^+%nL89PO?``=_5Wm))K!_6mHb&*K6O2JKYRf5S!E
zIoay4fMWiM&(^?ib)-EAm|Q1%WhgUjdFu7-1wnmuRNePH@<5!%nW$wBC+?Ph{?U6t
z<gDM~qSv^i+}EyN$j-$r)Io!pBygJG@lm<AB_*xvUhK7;=vwO10^Xo50rf~-q&R;y
zce`#APuDxce@H)XYU~^Kc^faQ$eR8s8}BV73T~hbj;Y_kWH%%2M-oIv7^7VQQOY{n
zlO8RG7g3b~P1c_89U4%Y7g)Z;L2kdu^*cj|Ub00=2yK`0p--$b^-FNLOhS^PeLe3Z
zrji4{>sbU-ER|3RWfK2*R3U?)lTy>Fqcn@`F^$wmrjwt^lU0YR_OoR7?J=0TcO|mB
zmcn{vlkV0tAXiBhVx8)iJ^<|lF*zcK-&Dwbc?cqV>IM>{oaZYgzC#I&aSGOdl$rcD
z#UP|hS779%TXuxH2OdgTl?Wk~C;U5*=Nw|}Crn!|`#?Jpw%xZ*mc#RlaANtXCQd>f
zoNJmt344v-S+6a(K)A@(No$O@_?l-F5N{~E_3}+JQh6F=77Y&1ocP@2j3m#NM2ULi
z$6^&rv|1x$pA-;8%@jk^K2S*}%<xSLNISrZw{}fLr*(>prCyV`5W8b%PaG03BtFc}
zA9NfEYMh-eVb2Ytnjz*u-o>OJamz$2<L#tP6}TX<AX+nEvgE!2`>$)y(Mj$%6ZXi?
zoNNy^fmlxKD@q+R1PnfSpN@Y9!b~HZYDt8uRqv1J4VR*70gX~!r*|RTj;V0N<xkIe
zyO$C;+f_I{GH^aIxaC+@<d1_akZv2@aTCn=H%h|u)%;s8qzCB((a=~C*n)k5*SXBG
zw?TbI0CdFEzV@2{4!%Bd%->b7do4eJy_*eVNu~M>?aPqG^z!VuCXRyy43sKsF1;o0
zH-BEN%YzAeuGlK;WDGoF3cU?G-B(zE$9?uVM49hab%jz{?K|>jo&C`d(s9%{b)Z?N
zp2FrRz5zWv&%O7K!uUlBihq^4V_|VG+y^I#uF=j@-1z_xJ|DZdn+SGHZGT6a%&sZ)
z;EpkXh(1$5H9|~;Y?ur>8p29oe-u>zvEZ=lz?8rxmlMNf%i*~d!A3x%yWRNEJLR#e
zOGIqyW>yyb`ueIewx=>_#u8z#BEUzwP<mzNf($mm89P59tgY;DDpE;$q@r{I%ds6A
zf30aB0+JDv;qJaxFF?`tx0%|F*TaAyt5=kRKmQdSK~r<rkHf~C{xQ?(tPg=?4_-~g
zkWn`G4#VTwOCLql!<>#3`Wox5j$DuMG{2}3xFTpD+fM2}x$TxKMiPM8PNRvwUz7~U
zf;_Zo-_cQgq4*bt5By)Wl$FVZs$s9kf(5F992kcw;LU-Y0&&!tE!6pgEmT%+{<8*<
znWk-g;0jv2Py4f0wk>VA)F4cF?AKQ_y+k42saF;3eglq$)k4@XC2x-KnRQw-OgAQT
zw~34=O5-a;ET^S$xH$6<Z%Z;A5-xww{B%Kwu`I52j*yXKjpJTSB}kG;&Mw=;ThSbL
z60or@%<!V3UGJ7X9K;`C<fv_6`G$|mbi&kK0in8mM6m){r;Eo6uPf;$(2#{`lDA5?
z2>K+UBHmoWGVuH~EoA%|xmk^UB6$>U#B8p|74qH%Lp?q;=Q)IU4YsVx@Y0Lc>6EVP
z3<Ia(8l#Vv4sF^(&mNM_OwQ7zO?d{CQrL;tt5!ti2kXs8E1)x2RM|k~`H2nv!@UNa
zXfQUaF?U3atzX{klva13zv-1pCB|aLIaePhT#mhYV)r7(zglpmlP3eQzG_w+9qfOI
z2*b8{g41cjPFRP~S+!<pU?u$L0moaHT1|@hqfBa@o=$}SLD{A3H6Da_ACd5MvO+iW
zDncR6Bkz^(wQ7_IoTgSa?s@O;i_hhh>K8F~SVY>S8vPeszIIp2FeXAOjQ*g<tnM<Y
z7aNQ1Rp4ZE8>yi7G7BUTUc^kI`5>dck&6OXX2eyAoOGw6DmS(-mR?*k3;rUM+LPzM
zG?+J&vCP+T6l38F;KtEjdrYrG;@b?&Z@bQ`@VMhWu%$t%=Igs*E8wpGf}<nT<Pw5<
zC%7WI2ss}9HJi~)wIQRu7Tkube~v4qK1uz>SeF=WnK`<Scc#?YidOM?+DFmc%)7%s
zB758_c>T8BCZY5LsB(sfibRQIPnF(a#Q_xzS`cqW#eu#hAo&V)=Ie$Z%WpKy_PZ+?
z2TLou9-9_hWk0r%@A9!mT!9CPFtdtaGec;xyq_X=3uZChVsLxm@$u@7;VvH7IidsF
z1%u0F7GLK?VJ6tHlPbK(K!~>Vrkp>#w5)KU0wwJFu$<&v<0$(3Ix9a|zanzf*d$~I
zkjbOWgX|PPSBt8Cq)H?gg)O|~mR_LJl7Sb@KAG49AVdL38^Ayks_DC5$K{t)`3b<#
zBeK>=r7z_E@u8^7z+ow)vd7<*fN9cW_|!iKDRpN*;rw>-+(TU2-i=jNSFKUHL2Qk@
zX<j`~w>!i$DW`PcIVLDo>rQN|TjUCUaq)Tt6CHDldv%JW<AObdai$IVw6-pm<#Ja7
z>#zS2xSTc}ciLXPAa{9?i+c;dDaRT^a7P3$hT8l7sJ*Y?J5iIoGm_{VlE5`W2|)<{
zF(nuKm<tZfUc+1ici#KZ0&!zBXs=k~kWvf?otkCi_bg^CYw3vo*q_$kRZK%b6BhvV
zhm>%{0~qw5=_O92CkjC1xFsxtEyp;$!6)L|hok%wr(j4Sw0b;YFqG4H7X0&TKKLIC
z0O~&cmS#vD1yDA_(R)xN&27{o>m93|g&xo=Dmx58E5o#K4S`D2ogAo@MIw%oUiRxE
z7-Gc5!omVFNb2=oQiHiNcL=qok*jgWiAz~T9r1f9y=AMB)s|eo&|9bB{!QH-qTBJT
ziK*S}BhhMvUPp-_@V{C&O@@2kqP494uED?fk#k#pZm4+oHDtFsWL?j}6QFm?0gmXQ
z>G4sVa(vCz###H_rmj2Kt1s^RHc(&*c83v@mk4Rbl?4<spvxQ~26HS}bTUmSGeie_
z@d?!OCN_hj`>$K{9~3#cC7DGPqcFjE&H7|g7raR$FX*bi>FW0z?Ea6jYO(PqA8zTB
ze6|7?+8{Ie&b2b<o_?@T7JN|VD~D{ekJ2Qy5=0zRB9H1-YlndXipJ8IeGK+=mPGhx
z(R$7yyd6E9^RH=tS7?#lfZbfmh2~%#0eZ#PRQdTi2n5mIpttS5Db#AP5uj}DafaJC
zM5E!_RevSB^QGdhAWiIExvV5zu3-<X*;9*nhzL*O(Wf4lV96izg@dT=tF!x)*P^G_
zto2=SidLg^uK5(Kr@NRhk!(jz=_i_=GHmj*F&^1hx>X`U>yW~qw?3eDC*H^05dO+<
z1~=ih#IcD|SApWSnqD3nN1&!D21C>~J8m>6hklbw`8GP&_blyME#2~pfBLoP9^$TX
z5B3sLUOh#RTj_~PY?P|y+~zP5=j2OloKl92jp&rfM^V~6l0x53Uu3_PalUUtFScYa
zs$1@>T|yDM0#{k8XYXX45nz|P#&|U5Lw}E*f2#AQ{u_^<XsD$36_DD8h}9jW+0pX1
z^Gcm0LE0p=ny6U*`;*u?^RnW|-@5XBaHJ{mq-|!c$(YI%-WXTTMh?2NJgGd`)xlBY
zvxxg*Xv}p~o3dUbgA;8*Z8th9w1&VRL7K0;i^}svi9G0euUCkDye{dSi|!%y0LsT^
zBbGUNq4gDyD6lTnWlV39;76*X$b6cO>x;N$zi9EuXD<>idM8Z%PT}UHQx!pZomi<4
zNC+p=I&;ONCJ%5AU_8rWfOa&}L(jdgB45gB6aiZakN9@&akrN(_kfL*Rq`g0An1yG
ztH>P0z&GT=iLl|xqyT@D(N3+swa_}o^35Y?m6BRq@HWlys+#e6;$P&TK-C2)HqV!~
z<INg&20av)rMmi53r$KmlCe=(4*wAr)55Ctc%&mW$ni+yly^N0>RGI^en9I{)TU*4
zi*yvbxlni}?ic*6NV|tVWi^|luvGikJLvLXW`H${E1au`M5*#lW@c&X)i=d<*!bQZ
zS)s<C*Y4<1wn<#+jV^a0@i}_ejVN2}SCVhqW32W)fnf76p^-j-gBLF&%{ixcuFt3+
z(dg!<FlY4*{!MMS-D5gU=`0d=k<4ku*A}I_Qy^8S{5W8IIPniLT&;gS5Fu$>=8|&_
zwNTw8Lub?8(|u^pzCCfar%$}y-iLvb=K*Yeat9TI7bi`BpqYJVgLyHw>=Dqg5fKi7
z*)P{iWT-^LnSYBZ;6|X<T;*W*6}iKoobUTjGg#R<oJOZP`#iLdAp0hXZ2}=CB+>*0
z(ap~?VT<8@j00)u_p%??GxQzs1ya_Cwx>Xpk+&~8|0Zc+Je!xpd=`0Zl;;)|$YWD%
z?e1h{!hbd!Y>;)5ezm^aC2x2BPk<kaD^_^dT55YmFz-Tm-L9WPKQq2$z1`Cx$JUXe
z{I1UJ=y#~Q8m8??=+Y^|f-w%;ZOuMv*flXB&<i`*RJfLa1O@-p(6x&O+D$E)xsdtp
z(NFagR)>11|9Q>d{jlQs&Fc9CYa<(x-`R0{&U&S)E8C4Y)}Gs3Nc6$u<8v|g_9k;E
z^5Z~a2v6gM$yG1Vu8r8sma#XVZ8vBA#+I@eGCq)J%NC%EKc+yQ_Ow1ZS8bm8THf`;
ziSu+K1Q71V>3vNv^&e{_+tb3z!u(5`W$IBt5V^Q_o0Wm*6;CC9k4|1j!aF)U$-xBM
zm{>9L2I84y8>#a4I4`N!uX=vfVDAD*w(zwSn9&S$Q4$>`WYqfV>f(JjHglaOB;!_M
z&rniTjZ5avTYjerFer%ulNqIi>HxrpPw(|hpxESjKB~bLeFIdDGe9K1RaIXss_wZ3
zPVSmNG%ncVMAgRL_z$R4kVM1~MjI-wCDX%QGb~c+rjQ%4kN1@qx*9#vo2RjXFB-^w
z-q~oJIu{hs_!@*oss|VT^xF+0LHWMK23yWimU4lkf&t3-J_u#DOpV}54LDua`Yz5B
z^-p26=-H|q@<B!5g&N6c;#E88B`y&>&M75NHVN$!4ooq@c%^widz7aq_nS#akINvk
zEke56?_f99^!^SXkt18Ew6h?u4eVnb+AC8|Q#8zK4UIBu#|HKxi9>rPj+48*Ei;n8
zvexyDM|hF*%5jXG{oAsdU~QOSC82%wBgSiAN`f?LJ@5IG=9hydZVIm)CN<Md#sFZT
zTdhuO-T}XbV|KX~kuV)UJp@MGZIg@bc|=TQyEsPo>^>31Fgi3$aLo_IgLf8fo#d+o
z|EI}bY2QcM=13N=<jD{o7DY#$me0ruZaeRe={spc)()F4=zG5LeUq|p9r?QRDSC?(
zvaY66(K$QxW8%S{TAyJ+;1PO><>>HlJs0<16fbeijy`B*Hx6?Li6tVDX6WGl2ARPG
zSfF8O?u?f@(Q|sg3z~i;vzH8`hOS3%v#JNb;Sr7(=uvg+DIUFE)n+?v!i=nF{IFK6
zd-Uoof1NTl4xRsl5R&rRr_^QbAE5wN=c6^FZ{i26mFz?v3Qkqmo8ZrxI}G$)SJ}E3
zBGdli6XA~#wj6Ogc+9rF=Vl&gr{*n{NDd@H5^TguomqhQek-3~ptd)q6S^*tIuOm)
zp?hc$^E5w@0zO)VxL`o+ABLNb&uPPY`wsi39-7tD*W8J>YtefKro{DD3RI(>fT}NL
zELt8^JygAs=Q-A_v}0kx&{)vxD&-cAk`p>Izm@M&F>Xe^zak7XL?uIqkN2jH3d&E$
zB%j*EGN$1V0W|)MhB>i!376z?VZTs~A^>lM-Bf_X1uyHjIzB?L*Ji8NomMjft!hi2
zw=;}kLUAU;M52i)_tLQ=edpl_@h2)c{}p&wd()4M^~ZgaIKle`znwBY;hNx8I^=H`
zh)?jm`(MZB7uU5054eXrGz8|?C{afHFd<bpAj$lNSImDym{`_Y>sjG*GUMv%j+SO1
z5d6YiU)Dh}Nk=7#so3tM>IAZ^g#@rS9v#p*9w^t&bVCu}2!j>9WHuj14(MSjtIq!p
zX_dm#&TDHgsbU3t?oY6?&$foW07m&FO^`L=o$C{DvqlJ`Nz|yql3I<H!AoQKQBpot
z@LR^uA0-($NS-5q$p-hk{AuL=qc>Sf*Vx9k>N7%#Aw8DeqT$)y5y%?K!i$!1cSccO
zw@I6nWW-rJXeT~4xx0C$3>>A{?)kQ{Hx-9A`#g6bY?;j|#~z%7#V<wgA_M0u(B(@+
zl`cAS+@Sk|35ALbg0H&}%%QcK{)$R%P+)s^$IpG*J?w9MsI7QsSutuUQ{C?;dhJ8_
z2(=-;6u-4c!p=^;)K|qEtsW0Mn|pgkTi8129xH5(!Pa|w6p{OwAu{`s=(R~$P(~@z
z%!y^tc8M+JnKtiT)%NF15jn&h7!qyceasHmT0HuaQgFDI7eN>1od4Fj9Vm@>f6HJk
zy}W*35FHfC6Ux^aJYm@aN{yMPzXL#ZjuW1B(O=JYT(y<~qOov~Cfc3j>(ib+^HRCB
z*7V&|chvQY#E`DSEv;Bqd+|`hVuViDZy()AlLSNWFYzeNItMpnkNeLUSj4EAo@GZI
z5$)Fh;*WkRnVYsk4ZBL&=9i%wX}3pQ#N9*Zm(+6kfNok6#RxwtaK4osI!Lxw&7UP1
zV$$-0BWIt_=8}A{<Ip6Y|NJH@Y&G1GHAV^(W6S^w%v`?@HhA%!h79EHeM-+XLGg<8
zr{SG>{siJZ#00I<RP_o?b$AY+%5cacc3iz{<1k+w`VO|*m_WYuX>Aj0Ma`<Yv<trA
zD90h&wA%v)+_(ZF??P$sU7(Cn4H`u}k}#UL5gnK=s_TMCaA}4o?x1|iNfuNvj>fnh
zv$N^@b=&qGGZGi&A-5<r?Kp*#d_pSh+hbuhXRO#iG*6SBKqtsoU2aG<rDVfFq&~P+
zK;uhSsm?U`be{IsM2<b68wR={)fYHWCV^v+=y-dSpodHXLnX@!Y}IV8<Rd19X%$fh
z5?GY!gkGuM4P(tmV%~~ZD@HdNt2wBX$1xuBxT{IA66F1(7B)9_Cg;@`H~f9{N_|1{
z=lj#HuKpXeQqHvP9jK*+FXTz0QFpCcUy%Z+%WKh`xV#dFmGQtqS3Mi9KoDyRYIW?M
zus4!X9SNec?2YeeHrAIP-vRZfx#>ufY2GLb#QYpcYD6XvvR{zAs@;V3nV9w8vWO_t
z^==Ej))<tq&cCmg!7S<6wKnsZnrSfJx|}zqr8yt2ksmiP+Sa)h7wM5xJLXC|4etv9
z<ue}293#vyP6Is&%LFj(6m>LAwe&y9W^ulV_*Mz#o?+U5OIJ0@SiWt0#nmcmJS+Nr
z*GlQARrQqsk{%y}t#nR&fG0Oa9a)dFYBZ2bvaoANrM=Tu-NDt*g^FGiE{Zk39e5qy
zw*BbBLy~Uz;oK_FJbI!6E+&zO48LM>7&BG#B-}hG`F7o@XRT$uw7QK6utm;V&hfFy
zmV^O5$a;#!Bb$KP$V24Jv8F^y$ISy6E)R^>vOH3Jat}mSflPL$RWQp}Cv6sRvfi$$
z<-y`Qr<4t8YMBl0p!~VE8avuk!|~IUAEBgHx3fm&0{{F?zD(BM=c7~#K1a(OeaQpX
zZWVX<1z<J?eBba;QC6~z#Oh=%{Zfj!L2kYBgv;tWqJ+vT1m2QvF3w|FWeWNRVf1Mr
zDpG>kSR}dVi9OWRvli`LP9~DwLmT5k&zrXxU=cK2!Q3K2v8uQd)mhEd$!NFU3#Vzm
z-iu>datW5J22i`vR!K*T;p@|xbSW&Q`O7-hDJPXXeMmA13sNd&w4Sz-xty(5x5qKU
zuhWD~QrjbIf)nr6zYivc^~cv6AhuczIKv*C&Jj^KJ<d0_hwY*Nec414*Yr|kkXOdQ
zd}a%QIso%u1|64|-TH)4lYSfgq>Q(OCa4Nb<{_<Wk*<mRfDheBIYaK@K@-51Ba<G(
z{$bsHXueEH*0a8v_Y!-rW3vVU6q`psqHRQR5sWwzJe=;~s%+Y>=>Gh(UDb*$t%Aod
zJ?kA>cqe(v#c@z{qW#c$VIv4<vSNe;-7k;rd$4BxPTX5ybs+`JCX-%I3IaT88-ApE
zP!(QZ!Ztf1Axgz{V~1Y@fIlHUXXc_o2L~tgEq6*kzlLSLO^NyPq5hQd23y{+DCeEr
zK`Uh7JfXZs+j)}#q8n!1@WTls9wS$8p#w6Ua|eMDv97jP83gW_@%!ZwQm{sQbBauB
zbZmbgjqj=nLj`ohcvY>Icyi97D$P#5EB*=HEL{lCLfU4^`Ko(nZKU~XJ3_6~XtEfo
zNP*TQ2vYwoDcVi{Vo;klk;Xn|4<|YHI{IhBQ)Y=5rY^>KeHHj9xcfNieFqCBSGjxW
zwIEjhmYUF7r=F@s+uhK4qyt^LMqJjRY-G8BD5eocoXWDw=x8WfLPu?!tzrci+GpZ9
zKflZQ(KGx9mJebvxZQ?d56yh(XgAhSh5Hf(ouMU#&&XYzUv{aRcxqOc?Yw}^83mZA
zC8<c2FHDE+v3}3E;;!Z{5CI!H>!DLWW5Wxa3od<k2MZw-gPvMNuNGQdnYY?8&lYtD
zVe0;98Xz&W>J=oO?V<+xAxfuuy=inl$)J%G&07ER?6K+ibNzO%(jQw(Lb^3t%8riS
zjg-u|c7)z=g7EOa05U+$zqqTX5fxOLmtZP+7^-;)hz%enNTib2_iK665@)p;1Y{NY
zakR;=O=6`jFUOUDNifrkozs==8Q%$KZkoZ5l&<n^<zITJ85?d2ncsfb$#?&;C+-X;
z{AU9C1naswj-}{XL=h(&klu$BWD|*@)Yd#cSJz5V;x2Mvk7$j0kv-|t5j^DIFYc=N
zd^K^2%n4G><J-{UJzo^PnCXETPqprjZ1{QJ>@EaPXf;(aDKSUCZV<q04yM}7S(=Ru
zN~}pe5*GG*s3;vC6Ip3xlaiAWofSN-3-Buvv;2Pm00960001EW-%+@0XX5~CFOQHC
zyk%~Cwsd6q)Hx**2w?>G2DCBCM-74UrNV7O-k^^0$Jv0zX4co|6dkWzc6=!(UAWWG
zY~8+Ij;~K8w2Z6Dzo!I;@4O#C0i4)IBGW)+PEUXE5kX4}5ncow)D>@@oND^b@Xc1Z
z#(mP_IiIh%X|nY0VWVmQK@U@+&8Wh3h#F_lN8?FJ1cIXm*UXZTsMhV@92%oEj$*}Z
zR2={;2xvB=HSBdECNLH!qzqde)~{1uAe8{`MWGn%g$&nwizauZBbjjEu!-uDnDMTD
z>_eq|s|Zn^#}fo$Y+LPBO)Z?3-y&g7Wgb1Zty=*WWMqqz1J?^>FzS;(etu-O($3tE
zsp;+0BQ0HB6cE<U-2^>?=G%g`sieyG@QJ}wESHOU;98Aa_*L~FNGMnmm07P;6Gdq2
zEHi`L%tKme3l>wHQlI8p=C#f?JW2ZH;>G}RjRA345PuE5(Uk7MrWdlQ2qE~xX5MLS
zN$vTY=x=a@B!qN!bxpu5&H$ioQrBXYIXS|xTZoG;?9b!Rk#K}()I3e}Vt>J@jacbG
zctXQoEBA}}yqeC`-^Ihle!m_>0wDSk7sM8`wKcUeCi)IMB1L0+XLG~nz@W6yuggQA
zsIX#6ia$aS3M{`+m5qt%H@W(A^1tpu{~(Ti?&wf#7OwYBsEM`L7vLc!k$KyxKf1Fb
z`rdLzAB*)J|FXkXXe>bEkmn@OGmqbyyR@%KZ2rY=T&#t|eziSkHg$Gh%9O5-T97ef
zZh$ew#8UXjeusew3x@5Uw-fkb|LTbKk)Azte3W3zpP9d_=j*ljoPZzkyEwKf5Wolo
zU?HdA2-Rb^lqKg#ycg+C-2E!a27Q8rRiEw#iv0xJy5dvK@Eb^$3q5SwdX@!SA`k%R
z>*|(#J=mb*G$@Niv+Rx9^>`yso%o_vH@e8c&4e*h?bpL+RWh>=sRIe6PI;TpCV}*1
z5^%paiGHh62QvOpL{R1BNc{f}lVJXLnZ!R_+8}(z9L!7|mK(4#)K9D?5PG1JNh1~5
zhc8Xp=1n1QZ@ZB_n?E=#f+iYXaq1Nmaa8Ta@L2jf6DvRjOhDO&=77SxH3oQ73cF=X
zDM<vndd4bNxFP^GDlG!u2af4-jq+bLiOw$+Eje`W0)5A(zPvzr-vncN-}Yxq8$Ox^
zo}?X#g|tiUp|+&W`OC&Y3Ocdn1DW=Yeu}VfO8MWL>GiHRDRFnQVUo{xzJIEc#Tw@r
zNG^Xtc4VYLCRa%KX>aJG^U;x?%|#%V;$G8c8g*IHlt1am0uTM#VURuTKbzS;8AYE)
z?JiL-Anm1@!kO*Q{srz2Gu!`<?qd3P*#*;IO0m(E`=Z;UBQzEsNC*up^($=F<*Uw2
z<+7;}?t*yxQ<xj;%*)S#KAO4W3fY{!jVDy)r$f$WXw9n?z*eb*JtX+q5B4r=w3?M$
zU>{!D=isoU>~WeMC6aqM=kAy{2V%bujd-XyW;<|bd-UHJdeb>MDp?x|o)s<;zuKue
zZlm*=9zgGRchgpf2_wE8lHQwcxl%P)2l{#OYfO`|(Uq2T#h#amPU>7!7vI1*YG%dB
zmWW5F@>Lk2fkFUEZ5My?W*DJZY>}hJ<hN==Dx{`b=q42x{yd5lx4wr}@)N%89Pep;
zM0qKmml2EWc8>F1X1Uj$aQnF%-mS_!&JZUSvcqv90GYJ+uVBT~0_s!pXKo!jRrQyt
zRGd)X1xM||$wMPKg-EwWUVHFNlZX?(SUR+96|Np)e$6CWSt0o)V$YGQd>4nr!DkY1
zMK0J+!p)6Rkwo9u?F?B))W|BKx*sR8=Zs;`XiAgh6_($hphEJ&Ldpx6xQ3Kzbt_HS
zT3u870w@PBz0Wl{GUhRTpscPES)Nm8;nuWbMiV)cDGm4iOp9jW$02faMP*8@wL!L_
z5dB+%#_^#OjN7Rq>6N&`>5bJ32&EPJOsTqfK$-98GR~5`1N<wy{p|(}Vr;jXolsaO
zqrsWCZP1-qxsTIIxq&?QXk?%@!BYi||0yZf`ZyRxn*Azu@Y9A_Q6V}dCcy&2ABM_z
zDb`^Axya=q>jc)fV!flZ|C$w_-|y`XSl#N-6+WW>XD?Kl$cU3oW|D5sJN{K00VzSn
zc8riOlN>rdW~q273h@!UX2-Y|4({OmGTz4Avua;P{l)Y)ACpTn^jxr%>%E}j$Hp&t
zOhM80p|5@2E{+rnvOh)xhdcDRI4}9<UBF4;lsK=%r5k;#rR}Ahg6x3uDM*Ri1Wp1e
z138K2?wzoPVFoz3HosEB_y7x;TcEWw^ieAy8gUKXh1QG0Yq3Y_Q!$1MWYvh%p1t5~
zVnAk)|Jhc|2(;LAIH=vCMjxo)*JJj)&$x0*QV8<_E7(-2zGCm7abJp0blYxJ>0w@+
zkb)F00%=;uygkX=$K~Gd7p4@6vdq3H2xxP;woESPlNZTDE*cIzfiXMdljCqFGa$eu
zVz;)CX@pMycvqly(Qum~i`AM4vYT6x4tc_6NjAwD)EVzDH|Z-{qHCZ^+iGPL0%dcG
zs-(M2*JElpH5SVLA(QCqt-F7E4uLO_T-O#HiMj&Pv5-nI&^I)NV*K#<h&&llZ_2*c
z>0~Qgi$US=UY10i9a-zf^A`C<dx7CxkWhFn7tzXTSWaHsN4_Q##16Tv!mvKPni)E_
zFEEoP{7FMhtapMo?3fr7NOlKyy?bc&v>Cc9vqZqV13((@X`vKe`7P&vo(_Tr`3H#Y
zl@f!4KVlvaZN~e${@;XH#(x)L8UGTo4agwj1e>`o>D)^n68IVui}`tS@BOadFhTge
zzPya^zTNxOW<j5voF5@|O><d&JsN;techY9a@u^Bzu$%us#9F1@b()i<xoL&hT*5V
zRIkr4I)`ROU;8w~;AN1QH)X3)^9Qi3q>k>OV^%YbsL4qobL%E~>GjseCZU5{N5ntN
zbalChgtfMesbkMpMpr>rWifv7>+D#iFS546MyQ|nqQDUW<*jlnNT8}f^rqM@fqF>V
z<1tH6Jn`oWp+QfAu32-Bpm&<hI4o8%icWfE_Kr8XD<Ha~jlTm{>-}YLEvr>ImYjFM
zn)FEA6wy9&n?h<OQ$2Mp`HMR7Yy0&<qpKZ1q{zL@uCS0B4wJAu!)xGc*Lx2wmmBBc
zo1@ig1h+)hy7v^Pv%nLF7%;6-u=TyYVaji($`4|tsE4r&n8;;cd@&Xt2N^9Jm8d(&
z_Vlmf_t+JBTWpmd{U+4+M!N8ECaQZ>YOQ|0HcDj7x#O6h=3Wu8s(6MQzB()qbcL~E
z*yX_1gKu^<mIP&|{bru&4#^Nr-hM@U79;*WwHfm%m&p-i7{w~;oT{-a<%*638c-gP
zcUlQ?LuqwlRbewc2J&LRl{gRonissrhzid{GI;Zl)G?=2M$gMhWmFros@c~!Uprfd
zk8v*^d<Eu#Qh2!r-npl+V}U3Brx3eUNkj1(hen(-kU_zO_VjZo>TA9~Lo7!U%n5H@
z5`pe%W(F*CHqF}L{bUpjp@3tdXIa4X_8Gwry8=@N?1Vo42dd5nVQN+<my{aMh4+r-
zVP>19jL_7;dJdano{A+gl9Z=XbJ_8`er%&@W^jJHW79|&wz>$ZT9<^c-<+O$FnArX
z%_iHyqMyuZsaP-<Zc1>#HNClw3@oTt*ZFF(zMOk$B>Zki-k;c{51H?LRO}>!ijaKq
zvD_qanH5p%l!(^gKDMQF_)a4u-q)WxS<+L(zK(Oe(PhZ(-kd9r{n&=XSk!A@@4Z_{
zvMvY8*ON+3zk#5c^;GK!uructiA$S(YXaSzQ%XN){%=K7YFdc2f{TKE9w99Ko%15;
zoqWCe_zQ+|5|=E27He3&HezoD1gX<6_24HNrwmg_<28VM#p_N-!bU!hrJgKgm9edx
zNxhapW255Y#UD+JCg1UStxr?$F?>yq;k(YLo15>2QILUQk&N};*}f1q3!iO=A(x@u
zE*7z5XYpH49KRL0mq#u1QVnK>kML)+!srC2M@Nml5)e-~=#5e-*qlIEgXYs*#<<(l
zOL?$RtG!ak+*Zum`g;jPPo5)xEFvM<nfR7EmTE!_HbS@^BTfwIrL_nAfl>or{)53@
z7LdAkp&`tyOSGsC^ORr4?N6MzNmf$KOf<jr8Hy?6wG=|hI~9qOKTmC}pHO4|G_^VX
z1+m00RN&q%!oB4e`9PCL$93?#sg3o|p*?X%r0+)gggr=A2}NTmW4B*H2#bpSN<vXd
zgh<rZ$>x`}5)m6CTYCp%qhHU$fua)rDDz9*U*mw^$tWiD>y`j^04snKz{$eF%<|*d
z#rGsD2Q#zAzq>jAV45VoFW1qBXphx4|D~libi++DAEVe(iR_d7<H1*GvTj(C>>&$E
zKVSICj!MQYM?afE@`VVe%rBqD)AFQ<y)cRmV<tJLtAky2v62wwa9P<AE&7%gP-P0D
zV%T@yYcj^>D*+V#mC-LAj8?wcofV_UH8&V~GF1^#Cuj21a%dU|U@%}mc68w9I{^Lt
zE?)pezq#hp%x=x@09-^w_p)0AuHno_g#=j{KS>9I8lQkt@(yVYYYA#SSJVwJ@k67h
zdDABrA||NEGzpM~kQKB_ZL8GRkvK2I=hpJrg76^yxSSR5yYh}tJ*s?OsUb=!a(-VC
z41RLz{!dQb@`uGCi0rh2`ZIS28jJ5dipc-brAz<1H4hdQ^GBEbVI!3S+pk-+U{GOx
zEAeY4=+BwoEsBMa>6cjbcfbB~^1t|Lf92d0A@>{xO|Fm720eJL;Gw?MiNMnO)rt2V
zYVy4EZxV=OMk}!O-hVONR~2H}+Yma@SM!KADvw5dB)N>M(Kj1>BEy9aacpD)8|O19
zyyB1`dtMys{mRu4Y5+yfTF`_+rrC{3Mgb=b$EOk77s0D1tj$Q87*EJ-j+ZB_x5i{9
zCasYXqPKm+nhBza;JW#+EWhbPyPu)l_-Cxp)h$G~i-SDE7n64M9=mPvt=5Vg;+_#m
zkQ|RDH7@#IYX=cLWpxFY=ZTUikk<DRHKAkUIr=UGYK~RYq+D0pT!VR^GND(rh3R6x
z_>QQ?-FUUhff=%_TE=6wTe8(~Zk3a<HGV#Az(ZAyZ&<1Mwh`Fqkk`aoCUUlx$(C!Y
z6!yhl#fCnlS6)yUJ>ew3mm?`%R#pR6>>Pqk!UfRwnti+Ih#1Q0Zbu*ErOV7hY;pjM
z)ij8VV+Y#tJ?E|enGRYmSQYI4!%6hI4Qvfmt-cAgMKuJMagut+XV&|Vi&T*~$ia5L
zFePbD_*q;*;6PcQd}hh7m%y_q)uo*|H4m-}bLagLCmvS;$k%~m%;Fb=)<$Tw?rN{5
zq@W~v6OC{T5!`q$Y9j{KDl!B`+-wknv9*+{jT=5hq%WcF!`n8|FPYkW3`edHKnnxH
zw)1z3O^%($q5Qy3zyvvuX2?S&UHRK7oqu6?zq10*k4N3e+ufMMo9+MXJz%Ps^Sdo2
ze_G&AyuUyB@!rIJqQXd42Ut$5`Ht3jz{*lZ-m5(^*IDC~Qq2;cU{8>+37bX?haKGx
zrIZ=R_Rf(F<k$*QEZ*gHd*P(IM4b+gs8m-BAygIB+PqrsdY2`B`||w5bXLA<DB|4R
z9wBx&ruO>X3|i?nA?nm9z*IT$+9v+ZJS4NT5)jFYW*H)SJF~@Y#XEnksm!xSVK`xv
zv&qf(qChy-AT8wDk-3cW%SxhnGM`eDPI2(Sw2IJAUDw<mv_J8cNh{x{p_kgO7u~Mf
z0rtC31VxX#;=x02-WYnk9DnWW3AC5;4#AbBoBXyCCY#7|nHx14C1OJWN8H^Z$HlzA
zLCf23fZ#z5mx`vuszS%Q1ANk>@zCdioc#eL-K<<tyZhu~c<Hm8(<GaD#*PQrsttsB
z!wL+vxO(uR2b!L{QJJ~WX>7mr5!SNRsUlrO>blOEJ>Qtpz<bl90z_$%$EjujDWr5X
z(ubg=g;b5YR8_o!;a2oe#THs{#I2qz>}o8Q8R^WH<14~SvP3Y~642HY-|a<R&v41y
z7)SErT0W@(T9x<x1E(AtT5+G<t}+5z9O?9diM+ff&R#*P>xR<_DIAKzC9GeVh`G7U
zC}|Q_kg*SmXvpRWix13KrS_r+Kwr*ENOTxC?clt&$tn5bw<p49H48EaW9kpC@v#8u
z+54wFvFLewF3t}YL(x)aXkr|LC;sFeKmgvqpX?w2;GPpuaNtVDuKEtYx?M;(NO9Yz
zS&yv^<C7WwSn@+uRFozXvbDFfwg2vQ8Cd{KKUV%|o~}IaBq9<~`RAw9MTCTYnT;_q
zK5x=xWnzBT0gOK-|K}U{50pU}idakv?(JzeKcqjA>=%Gv9>m01T#)|RC9&BcP*4AX
z5Rg*P(mmlSP?Lax){-3t(+Xkg^l&fa02HA<2BbXi8!br1O;(PG)sgH4dU(kOY<dkl
z4T$6R&$(5D<IvRK(eWD@GzWFIS0;VSMoQ?6<Qo?3)01~z{XI#3M#Z1j_~WjFpG@J`
z<3M3M{GsfJ`!lEugVUB|=T*GHqG~ut)vLC*DlK-F{T#!4)e)}{ufCW%BlwRK$VY<!
zcrQt*D5U%Jg5xRDYgh?dX0LcA@J4UQd5Um+(KXLe5Uoy(!#)O=TtluIq(x{wZ%+k3
zeG&?XPeS3BBMDF{4b&qnZLXJp_bn5C|8@QUBsYKbKmC8S{}mJkehtb#Rc2;<GD;R^
z_FuFrGvJrx|Bgofl^}^`Gv;5PmFbwP+ZSE5JYW_Zk-mQOru{t~@8?gh>p_JJEzqiF
z$Etie<4^+ryHo;Xgq!y0<G?t#I(DQrL)o00W4*F{an=-l9<8;Dl$kI=`@Zbp51(JZ
zKI+EXH_XFC%RI$3oeES20hyKfIIOW=ePzp({c)N*M4%+&{m|P_)*jG=dD8YVi!@Mo
zV?0WuridkD+DX{3J)8E26%%jpDNo}Lkv?c1a#xP|EO$;OfoZyX6_oODI2Ra1<#6g8
zxQuB7sYjd8@<Hb1gHs@zCm#ehA|}B~4e+nawa|wRT_L8C?0ToMqmG=(pjr}7bPSW6
z<%(Vkn`aE_vqA#d&gw%UAG9=G?$_#V%QPQlqnUhERr@p&Z2m1Q2nAH^g9)m0xyu_C
zvOxclxw4EHoNQuRZ`Venrun_1udcPqLjjXaJ+ANaqxF|Zp%g2QLhjJF(%^Tpaa=~F
zqnpssc?~jxI3R#bP`1>aH55BQQu2^!%!ECn+(wxtoy#<RF>vd{=Es3NbPVdCXM+q8
ziog>kTByQ9;%iv&<_nZ<8u7+gQkA($zmlw7Q=3p65y`oHl7x+J-v-gM6VRD{C&x*G
zMln>w?ck^^2I=O@Spq;6-UbVMmxM|#h}f*ylYTd{g}1_U^L7?OlF+m$1%S6q`)LU)
zQPrgHQ7c^K!sVYF8~zy^*Ltnfn=>qzO&1V8<i!r3M9oXGe&W!dUj7g4Wm2h)8iL7`
zi26{_6WeNn2`-=Fbh|A_>z?%m?dI)N7~f+ob+lpld|jy$FnoJ_5W}^kb-&Jq>h+*9
z9!k3yB3tjOMdK%@E-`ZN<}Zfd%;=QCCe9+O3dY)abO>E{3v-C<s=#_1uk4FgNZ{Wy
zlZ!?e#ZheX(HkZ$rbqC8!-Adz9exw!w>Ag{DK9to7&ilVx)_w5I(OJuX|};hk<en+
z_`!ebz}=MB!1NvYw*B75*3mnZODP(j?ENbKa}K52`$n^Y#lC2Ho|@a(CA{7A%=Jci
z`{<2=o>JHAL$vZfA@D9^PAV*rZoisL@OI<lBwb@io?B>EdXEg$dt5~AersPY6~tlg
z^-2&1l5){OQJx$;=~>}A9eOQv6X<mc>W4lB{g!Hn$8NZcZ7Yj}muQ3h7>NPr>ZRqn
z()#h%6WqgjiEt!Erl!L5%?p!Z0<|Wv8n<sq3(s(>9#_)+6X+*iuEsUSR)TXI_vctu
zj~JkI$KY;~kFvDcx;R%Obzgzwbj(&d8i-@M#F@wF<E<q6I4VVB;dP&bj(;c+atcz!
za)+UZ#$(Hlz4r?vk(xk|BVQf@g~R;l4+JI4Diaod{23&{gjU#lD3LM=vjQ4W-tZdJ
zCLHq;4|<x8JEidTloINK-uZ=;$*Y?$CqyWbb>*tnB8Iu;&ZS+q&w?cOiA9l5|ImJ6
zzSGX?P^Xz@$?pV-=YJhapZ8UNM=8~>DE*hz2n*nMYUDZjKis;1AVoxMO67WrNZGP<
zsUk6ll1PkRF1bhH4@1@Fy(Vjkl4u6Q6-!ckOP4rsoCU=?KzSG%p{RCf5ccp{6VZ}U
z!BBuZbmZu$ArgCv1#+pi55l`kB=Km-yM%NNdf)fvTx{wOQp9f}&;hW^3N{r55_h{@
zFwsN2H}cP!@~1WanH2f4{%^Z`sE%BqH>O{e<Z%ps&43!abi92hXNfE-T8l>vWYF5)
zy}LI8nR*Qmt8LHMQw9PcY-@qt0Fd2!TKg!&r1JT|GjE&Z*XFkt&V)xp(-vuaZG47=
zGP9oaG`G=R-L^1(RwC<9N@V#-iS+(rl^(R|Qy4x>see==|8rgc<luiYOm=2YX3pOX
z^GEW3xOIP}J+2X#^J(4;jlXy}G7T)+rN?b?S>L><EI7K6)Q;^@6|=;0v2;GWkKf`&
z?83-`HR)DK$inmw9920z!?*`BxFCU6+B3$K6=+_2C7N7@JJ4ifpkrRG`{@OU*PYei
zxxoDK_}<-1eevTeP&9lb1S#ybR@tK<<43l09a9k4%phg`dv}iGhYf6?M%!FD11CqG
zoSOmixH=nmlKyW5xtlf1v5aqN@WCDnCBfMD0}GgG?l)$YSv;`|B+dG3N~RhIbK^q}
zJCoZYuJIR00>~Wu!FVl7spE$an>5!SbjizD)CM|9l`?Ttkh?iDym*7G3K98(JVCx{
zfxMy`diOdTk!yhY0hyfj;I5@tk9WZnYo?}j%E=Yfo@9`#oA8u&o4)iWi?%^t^u7{w
z_CU|<AP|GiGH{=uqjtH6Y{}<^uYh#|-@w{OUjd*joe$o<P$_v>w1WJ#*R~v#QnEf@
zd40v!LOc)fM(drl<mvHfym9QQc7f_A9Q)?BvMV6t8x&bt@7TAxFSRk+i5*trV7}!T
zTC^p_S@3;pGgeMtxquI)0J|f{DIzx?>arg6+)&p|E<Ze_A84DyRp+4@KEob}x1==0
z9=qG8_%`@D-8=q)#WX-R_3*CN6`I+u#iYpj7}wztrx3n}1eGX31xA+EO1AobECaeF
zkNG(GH|_BoMwY>#A@eTW-zX@e#3i0^_>jXFssD3~{ArE<fc7B5LQbH*rO3o1Ah6T_
zl4u|QnykVsUM-5L61Ub4^p2dyF))VL)#7V&cwsVkJyvWhLGd-eX6&_cY9#^kxE6k~
z$!2u|BpefG(E)Ci+dO`To$zMZa?f=lVHk(dOW?plv0`4)nzn5cvn!8`d0IXg;sHA5
z@(;bfsf>=DPOp30t3Q*9e9g4H!#2#!Zv*SYf+cTN3`MN<ky{Zt5%zwY;A)gIbxE}x
zJa1?0c#F`CdRUC8U&@p;ywZAXD2>%x%72xkWJ474+6n8xy^h6xjg-<wt0Cqfh@AiJ
zDKp|wwqJW5(d}hD9nMZyV6`LS?SL^zfda7DvII%zhxtRxa<7#mLuT|wQmE)Y#7F^+
z<*44~=xvdguAf>aarvtsUdy~(^UZ6~sXIbni(iH!^jcR=g(Y5z&w{z#$(MM~26)(Y
zsmXCluBY=2!89hiT8sh8{-`j_G|1|C!HYOgGj~B@^$~(43FE*{9f!%y4Ynb~8&N@=
z_k-1Zo-qA{Y@@x}R48iVgYesLbK$r)8Ev#VnllzamAdTfGdD=EDH%b#6w#xfk8HwJ
zVSP4bYdUfa^<!F;&Db3+8sa`>=LV597*iq~HDn9wZJBn}FABi+Ooi*?w%riM(##1%
z>a<XoFZAx8DvE0y`h1~MBOa-OP`;&nsTgBd3Pzwx+5AL#FfxE27||2up?**v8YsYz
zRu|7;od548oEblnR8D{q@u|Rfl0wMo+vr>C|GL%-2?zTlgGlI!f{bJUk{>w5{k}Z>
z#8V<gHwQ;!YX>4ldLkoZA_aPBdPYhB`S$=c9Kqj8{f1TJ-=NBf2|)kBV1&OF6cG}j
z`*rb}3Bbb0#LUF}EKry@pEqbTvNLf2o~NS!yPN-)Uxg99hFqUr;_Uos6;bKb!I0Xo
zLaZ;}^7uiQ`J0gZJ`Qs%BW8|c&vY^HPE8!2MdmTWwPOnZ)Jsqw2tWS4>WyOgVtjuJ
z%eN~xn6WhTedPqzS=hic$wde7jXlbQl%A7NGtPw6=)wG)%N!!ePUC6CENdS|1{Cm{
z#k}B~TKnKG9aJ$iyo6#2mAU$?g~7@)N;8V3Loxl|<%8)c_=FRnkRxNy!M%CIC@gUB
zsj>?1)OVb=H;p)*_gIiyj^gZS^tC>O0kM*-cV{M_H&KMo(2MzGg8_f$*f&*q8i=ZU
z+{0(&HPfC9M>2i6T<Gq*4ce?1m*SFaA|}%<DQca621?;9@rz+=@#!2X?+0}<2LI&L
zw4mQ{@lOl<%Lh)L{`%m2tXk-H=^y(Y^lj~Frn{oggtS3MdlH%xko`@yH%zUZoIkX}
zm9h0zh{YQ&5qQn6&_C>BGjV`=qg?_y(5hDxL#*GHV<p1nKc*&K(NLz(kPYK6cXF+z
z2v_xN@wrqxlp4`q;sJZU)D{Ws2;3!)PF%t~=gG#gsT$nGf3YuZctfUdFuUm0fM<09
zf<OIYSvltL1+o|qy^dpz9{>OV|Nj60AphS<;TuIlkt533H@hSldmUzM^L<}l`3N&z
zuTM<im#vh%%>b*cAVM%oktww75LZhwmsx_0kdMz>%|_%6*Q@i3EQ69Y5Lvs1om^Yv
z(Ol7bO-bIh1L_-&q`29yoL84UxAS~%ni=2+!SDnN%wOandG6{U^N>2o-*KYgf5Si{
z{B9>t0}bPE1)s&*b77*V0mt-vUVIO)J}-)W=LOrdZu~#;8h<4)i-~NyUgQ~&CB`@p
zaCrGlzU@pm22c3f34=5PQhuBr-yb|sMM)zF#|y(JppoUY967j_eq_c}U>;`{0qcvP
zlEa6yOiPaD$B;Z_B>GjUbcsuej*%wS?`+}4-05qeCdPtxcQVLsL87y;={PW4V-;zu
z>DvZ<4KdQXdGoqPu5m{mIH%kQS?ApSPcI6&Z$_&gy)3BiDe(rX_o=_A+8EW1ccNP(
zw9_Mq4(NQ9e>g=j<l=taGG?nj2)CK8Ezu;sp<101Ca9X>e0utR!mMQSD|D+1Ydg6g
zR1XHNFp)~BFtW?3b{&41jwN3>(<LN>Dp=g$#Y1M-{$6dAv=j*A!WNIXALSL6pR+jE
z>uS_o&Kde%mM(mQz*W!(nXi?+t6G|oH+JiVUX=Yo^cK-5eE~W`@^Ts2>8?9>m&amW
z9=s-}sHh>jJh_Iq*X6;i+2?*)1utPT7|p{|3qmBLY)oWMF?tZ)sEGC812NvrDRF#>
zQ@O8amiAwoL&}!A@B1eBzQxl4WbN_Ii01lqxxR<$jHHL=bf6lg_J?mYdgVD3@6d=T
z`&`nPeRy<4UtV=r=La$O?diZbv(lD{b_Rkt`Q#ju-J+LmnR?r}y!;9l#^C9(iK+j2
z8M>5cpdGqk+)KE-1|Z2%R(gb$2I)uhsVM`iVsT9rvwTeZ&$zkpK+JEGkkyvXoAD-v
z2zxsMU{LcrZvJV3|I9(XERifY?uOHKt^v;pAl|W!1Bm(>u2u*sGxu@QWXEFK&rtJj
z8gm)}Ve=?yxC?KzWbAqiuitLxhlVZ#-yAJp@5d#7suC4EpE4**d|)(1Ggpg&DT6&>
zC+(M$ue<Qd+Vr^E8Wv=tlYkp~lz>YoV7a%kNeXiVZLs|WJ#?>YjK;psadEDXp|(|T
z4G#;3`%;e1ySCpQ2g672TNvR!?u)+b7GNCn50h&BN~%!N>zsNnQswFaI3Zt_hhDkP
z?XEM^-JJ;B5LLAgU2!CItd9pGwjR?uygh!1bH*|9)`Vw<hGh1Dc!^w~WycfPF}4{~
z;_q_vX{R^B%oNGAP=W4qPinOHhY8D#da>Ds@xWA>gmgry$P*w9F??juasjN$;6__G
zuIRzBCD6`1=z;BfADsa`L10`QMU7VWqQ<tCfPDfhoN1%QX`zSsaH%s|Hw>idc-WBW
z-1#6h(O9u`DzZ~m1z9b@jIt|<Bg#E~g4&``68nq`c;-5_d;s_Iw1rZ9JC4kGe8SaT
z0PM>EA}tnB;oilHHkeM3F@o)ch4U!QdFjuYNBWqpXiQ3QAk^^$aY2{fr@L|B2<pqJ
zQ1tXS89)kCy(ZLK#mT}22vokPti6}EMmqvMGYrElBIIKNKuNrk^j%3QuVf`Nk{dq}
z#xV^%BFfv$9zj0~OqM5~0eBLaSicI)#q^`s=b%;C|0f;CAB5)jZ^!<d&}9Dp?b!b}
zUgNI>=ZC1q#EmWr6ia68ettEWx9Vk)K>2q*{c;{r(?k?4OepiDN)qHqBq^Dqlbs*4
zWO3<f5jf6q$j$JIG{AQV!o@$NBsub#5AN5y7DBYm0O>%(oKd<f+|kWcAJm2Flbz$B
zekvVPIEEu@Y5srQy#-Vp+nP3vB)A2FyE`=Q9^BpC-90$LEx0?u3GPmC_uwu;f_s1;
zlAL>U?qufNxg+bJ4_5bLS5@!oqW1gL^LqM$Cy>K!OsNHVbeU{*)1-1+)mcG!>N$}(
z#Y|HAdHO@UCqMfRbe#Nroe5l&#GMUKq!?A~8Of5qX<_VV1gUOeh^Qn?RLKSlt0SGb
zR}uK$H7%L;pT{blKMC%sk=z+MIbDO{>RQ4pcKg*KDA|F5=bcqxfW9<<OH&J(39!K=
zT7Do4p&T<S|K^sxSm_EEY6$;3;QVSX%IU@fyHNpI7t&XZo?*`*v-2n5{Otk%3gIM1
zn|dFK^feL(`<47W^&4{ZOdNB%bV<1MQZ5ZX>o`iHEZ0PKR_41VqjZtSsHh{Zsrr=a
zKt~?Dlo7kpEX58<gKTuLEN})GX!5O-z2cmM8YqXTUJtv|S&fYMNAE-H77vZGM<a|l
znlsozR!Nso65HdZpmH~Tk{x52QlqqkSinkE<DkmNjVI9uf_LcEn6bEh3)Es-d&Ugj
z*N)EBqKz(iP8jBV_!NOk*Kz0Rv@rQ@L#5K$&56T;Rt9Tl;nLU@_rf<W89e{>$H+x8
zd}GLo8A&xPbgT$xjjmWCE_!ou&ncH!zg8B>5$#?aDbCekhB#>WJo*_<HCHP1XZvFq
z!1ra)6L8r4B%B_Q2@l7@dv5=T8+w0Ez5Q7b9twtBSdmXk81Ier)0=>xoPwy3r~sdW
zAReEhf{3)7sDdh<fHV!2gu)w|U!+C&jR4<|K<4Me@Z^~A<fNq)euhxd(K7>>=osjj
z{+9kr$Hc_O^u!kbH@?GPQN6hwl;b`J2j`R{23QU-PsMLFI+0ERi2NQ(M%+QZhj#jK
z>7h%ER3NglUFi3!3jX~k=2a5qUv`BwS$necX<jKe`XXniMp~99i9wz22ixdNxqhls
zZ^_oIIOPMOEG=ZuIdFwK&}QGbKl0`*WlX^+4kB?^%JvPw-De8+^U^LOm*T3mIw<Qn
zCQT{ZI6pWl^STP)vUA(dyHl0Q-;WC;U~^rghKL+$eqYab^}2(wu&Xp#@J&_aEY)xi
z`ML~3nZ}@R1S%S{N5Xbca=9cU<T+J?nh`}gYDzkeQ<|6&9p4JiT{qYfX00cN5c8FR
zKF0<d8sUzy<LhZh<!F|cRx?ZznNwyGu&8buU;|4hqqX-7R^aWr-ZYgov|%>+;~bn-
z?>DV#KXKTcT0|#64hwsrwVySm!_S14f!C_Rk3ho+=WlV>w|MlXFlFi{u=6>h4pGKC
zQ$*wA%*8q38Jmp4wyezHLYgJ7582!1(t03z*U1Bfw8RyX;Ent9`cCmWd=JuIt#pFi
zVQ`Ee;w2v$8bl+&QmilAoS+%|hUqTXH;>b%-ocMi9%4E*Y_cg{UuR+07kL9o`0iAC
zLDn||GHGEi<kBOqqN|{Quz?g3z*Z~3=X&8a3_Un4Rh2gn^TNOI%4Z;pXWCw3;BU;^
zfZ?mW4t(eATIB2cyOIm*{k$2HBfH62Z%5&H47<sL%+O{3B_=m6s=S&%WTMgt3{QzZ
z9A2&~Sn}#nU&izr*Q*sJ@;+@Jx`<xbX~LN3u;ncSeF8=A%K#%-RFBulm{a@rxXG7V
z38r-z#JNya?|HPDOF|En3%GZDLeP}i-Z^0K_kK}F(vG}=_!8|9ejz+j%rSH4VkE`v
z@x=eWyjZ>$)&FLB_u4kbm{wS<uHg}f!rn#*(57}u>zcO~4l{RCsm~I|V))L+OhX;g
zuAx+)vtsG`8+{u~z-CiKBB^I1F3OtCt5eVwVm*3N5;S`Mj7K1Lq{d{)bLslmHUt#|
zlu;w(9X98*X<nyMI5TQ1bwb~^18xUb@toWmKMY>HUDnI12>rV3YZM~I4#4H{9xNqo
zgwdKEt56znwymsj%#tbO6+rDIn;Vr2RqxZE;^)p}a1)}rg2EG0@HCUAJMr=4cVIQN
zC;i&<wmxDuk9{^VD>V#3adJWYfH&%N*h+aq5ALmUOhvxsaGGBe#m-hOhpkHK{kUMW
z+WW8a$kvmBkd9W3QJOd}Mp;&H3XCekw(-o4zKKXVB=UbGx27@cz4I71q9Ygz0P-~Q
zgW*4KVT|s=*pnXcw3CFk3Hu<@^dal@<(<l#q}OFd&@rZ&<iuimgOp1lM&Kwe$jY{u
z2N%NrXX$h-Zqr^wrJK$7_d`~GyD$ZHd=}tKEt~-fv=h%v&iIMR=|2Io_zyq^2L3k;
zZsHdhRFM0_l>&|gFKnpiW{5|PCvL5;YiMCg_q0lXgp;x<INF(;x*Fo~n_8G!+8bKn
zIT_+97@9v<6*Mz7$K$ipwRbSJdtyoAj&_cgj!$zaDDsOc@QKq=11Nt4trCgrKJAeI
z!Gp|o?Om;{@FWfG%njX4pHKOHr{oi7WBd`UO8s+!Klb1~`+3Bz&3~EU`E&Bm=fk7>
zS)z@Oo(aH8&&2c{`Wff|e;fY4dC`Bx4nH~q7>b(ACzGfUS^Ve1-4nbgt#%$$Wa7A^
z;*|Jj(chBzhezK6W3$7r8?e@eHSY%9gc23g<Xo_9@<yN$yZSleay(iTboVG-S09GF
z$tkvw_=Y{Ucx2Ktx>+=Gtaz2pIOS)~@)oP}p$7Cod8E0zruz^GUY>>GNoryI?gB;!
zAHt+s0&ns|@s(5ERzQt|snQa3^AYM5qrBj#Nm(6McJAk;5H}=|2|)T*SHHoRhRpUW
z$P97751@GakI5=^MJRa%6EM(jzk_PYE5Kx4o?N7|<mg3eQ6;3>-palD41Ks4#rvip
zt|?}E%$u=R$OR4;C`M@Q>zA7YY1H3gtszfuNI(zg5~qR&(>42{9E`AX-@jC)k%DLK
zgg&BdEm1>UYt$Ua403{?5V2QF*~4DRz}w#~W)rdjVK{?=bPdS4Riuxpz$as~o~qvq
zu6#nAMRTuV8d{67<=mdU>yQLF)e}NKL?wJooNT3|Y6b7?W@CeWWhgcFvy^m~IcnXN
z-EOH7Lk+Qf@#?iiVcPvEY-3r&Tv3ntO-xf+aeV?OC`O||Pke)*9cxv7Ry@~xch7cw
zd5OToQ)q=a*_dg9JlK$v7&vYPxbn~aQj4c_^h$dMH+wZ{C`SBtXI_&PbOPUUBT!E)
z35#Qmu1oLWA*@KKy->j+E5q(&+B4$AM{Dna($rojw}HI5=;+KK(8`9-dQLun+51HP
zx}LD6_-BU<D9;Zo;&0OD&4}KmZ`UJFqIfk`{3HAb{UV4GihpY~0Rt=H=<+i+jfU@6
zqV>1!zotFV|4~Hind;HgF?}z}`0Mb$?L2=)=w{y~w7p9Fa;)bk!5MfXZ^i<B3eOoh
zV!cR0-qIc1*zd=6^>skK$5Pb3x?d;<lM#uhBUn)Re6He-*--orVqL`cRi70{dfG~`
zA<Kt%mmF`<YI|4!dT*i=Og;DkM4PZM!RGqQ-D@jSg|98-S9M1&QE9O`Teb-#uwyO|
zK4m!_m@Ri(ti)F<@$$FpMFX;^kz+F_@W3Fg%q+L|>sqIdPmte+Zc8;H4T+O#C2^u^
zM*4U$a7j<{U><1j9CJ!ITAhBFPMfC&*9Ymb`x4tMAsQzgB-gjFYwCMF#Hdbi9FQN}
zA_8S;<YU>_XK)9+cD}Yem%g;1K1Gp4f{ckH5l!x!J{|27&1ZvtmAe%q-t25lw}f?1
zX9J6x1akw!hE9Q61F%(`hA&fD<Dz9u8O^wKdDj`^X2)$5nTqmCCo(<Q+PHO9Sd9ZF
z**J7msHcoI=QO{0d*+=v1Cb4Z_#i||Q{OcRId&@^j8L0-U`iE*5kHfVMNwnvO``i3
z8O7IhZ58v>hu)<oM0cjepKXx<+s0Lay!XMLrvl@zR%i`r4MwzIH&nFIwFJ7TsTu|q
zeN&|u37C;+AQz9DbUJe;w&cfR^^?5M(N6KAE^)<#<EKl|&%FyVohE=~i~`UURIggr
z#+EdPO3m7Q>t>BGAYPMXiyG+<^jER{0Wv-X0H3^niyQo4-^(R(0G@kifm8ZWJ}n?9
z02P4Zmx_rve^gAgGqka`H+8VKbEUCxbotSP%fj(L?27S-M&@)Q@{%g6?1U1NvQqw9
z{B6}QVE5bIzu}E$=&uj0Tsx=&r(kV7XD?m)p<hUSsu+o}c_>$CryouN7@)SnZ>=-j
zgERBm!C};zsm=gxncywa*umnO8PMVRdx(BeW7!w%e|Is}i<$(!ouar2vs+j_5~g1B
zN@Fwx4tA!*+2?^il_=eAMB!}AI$LSxpo@jdP^DEF2;-FLcHf;&v$F${E8Zt4KDa|w
z!)@EkhH=Mly<%;xUgc;iZc``qI6lEHY~LS*#xOFsZo<oWsc$k}qo^=9llV1Q%7L^e
zHMAGD;|as(!;yMNOK$asL~J@(rOyKJfcKRz%$Jl}<GdA(TR#u`&7pmzfe)aLPPaii
zSeES<Z~@7a?7Pwa^j<{>#aYdvh_@L$1JF=$g^0Se@kqpr?PfMEjRsW|g}u*<vyz4L
zCK@66G<<DbTqu24kUwEhFzM{TXd2}9^n(~t(eg;czzt7~^-WIWULJQ+>HVX7(uLvI
zV^uQa*{HZ&B>zJHj@^+F#~6K#X3o8716*nfM7EwTHTpy0_b719tQ|7TkpmP_j96d!
zVpFxyX|4rDlN{cczp&nTp;l2$QT)(57GFERCT0L;r6bwGFZJj$Pc(p8JsZzvQFa1X
zl<y%DiYGB@FjJo(R4z46p~RjU)AG@qXcfwHXJC3@_nqP*GsRl0NldSi-5Ypse0mGw
zUP5m_sQo7_2flow4W~~pmmgS;1ZI&j+tGv|K`yXm>+Vj~htUD|r-VDUKZor6G@wBt
zf$>@Dx>;NOt)?v!!jBDq%T)S%>pJFN%5?oQ{I5*?@5Go*6o;@#=g7l8bcDEz7q|<F
z>zC_YQe!Sa*y2wB?drEAlinS(S!wQZ<@Ng%<*4H&3TmP(-0vb-Zltbmv}pV5o!J;L
zWDXM1+B61bQDiz^`;_T{eezjgvm!6YxuwzgXWEbj{34i>2fgfuRzqv^PRUAlsb>L}
z%3D6aNqb`t#Xo8Bd{sJjq!Ld%v!CV}6;3&7q}WBZK~`u3B@B1WqKf!PofJzZMIp^3
z$)E;82eju1B*pQGJr?nOzlu;AK9XI2P-@7ggxEs-R7t40xhSGML+R{hE77+aD5t5s
z=I2xk;KrxhUi<V?|NE_<c1U10;^BZ!p4&}#0zDP`Q;_4oe191J=Waa%Kox-W_gnwt
z%Yp)fgYpBtAWz8e;qz*TP1yy;RO&gE%WI^rMBJUAnZ51r{#;~<YwyFsk!a5LmLacO
zDj>oe)kIHF+2f50b`{H(F~q*n@_+X37S}G!f~B*R00O|@+w`V>La%UX|5JdV=o1YB
z!3SD>7oCGz7k)ztmKRfkk!Yf8ce|D~c8BGn^Fbh~yZ+PDA*mooC$Xtj@i+TD6xX#>
z5A0E|QD(#RiA1ng03OpO9M3FF@QH=-J+UzIzu&%zc&301DEO@amuq#BrVy5YOkMn!
z|IPIOb9eBssa9!x26d{KgqV-3Y|=r<pt+7LQnREb*tc?s@FjEvvtAMyrqAuxc>Z5v
zD^lKpcBwCj?e<+qInAj{Z%FKdF-s05mvF&EQASUJq3e{eym5W!<6El6vI;wt_CZ3<
zX-^=n?!~ywrQ+)J#0SxLUs%2jc$R6zNs1)%l;Npa2F1-W*2`fCM3uK$ylkj-soNXd
zWamVb*LxH@b#G;QS%}EEac1D4N5usssz&xe|E4K$$&eJpmSbM*3U_|^3STiw8vdZn
zcP+zwPH?j6SUd2LlZq{1o@e>MPI2Egr*vWIZFwWs$hT!_CZ|#OYZqKIW?3OpUG*>N
zqsQ5b9&d?5tZA#eNBwCi?_p&TEbg>1n=w7R%QzB&>7pN@mCuta8<f8kAHh0}AAda`
z3CLfy`ciG0wPJe7&|^xIfRvsWSgwrV!_qHb)#P;<J)Sy-b{=gt?<f61KS?6*PU{HY
zzzt8^!r&e9Aj=m$7-$NVMPM5Gd2aEGboNVB-q@q`_YeWMt@;IO3<rY_0&zDMrgF@^
z<ksI5K{asiGFpW9cSMEbprwKdAVpU%ba77FXhQ6)yj35S*>4=_bELEn4$1W9B<)X!
zd{A``hxZp3@&~#-L0V1~AQbMasUfLQ6~q$971m^pAtny3Jgs>qsC`t)jRvFG;$Go6
zkUlK!fBdIAKK?3<<uJz*fb*9sAR_k+TXG-8{Wpx{ewTAtRNx&6=aRFUJvF?2k?6*;
z2LxK402kA&R&YrbW*1mk@y*NrUf<RwFHm(9um+1ziKJ%fdttWiosszx+GJDMyw_}{
z_THJ^ZVT-e@;oz!N^>I2@tu=l6bz_q9UY;5sf!<EfQkRW<IN~Za<uEtuz2^5Za(VZ
zSs`LfjCuYpt$g$+9hLGS5Lq<!cj0=f`n9Fi%gJ{nS3sognu;tAN&PZj8>%#KHmHcd
z9!StTS7%^+5!b})p1;QmMClROooXUU7PQeSgl3Un7jh@PUllqHt{dX79V8>Mn#=2F
z@8d(#xsnM(E~~V}K*msZ*^Z`|GmP@(u>kp4hR9AD&-`K*JKI~oFy&;cvHI=na;g3b
zTnBB|OWD1YTdM3=Q-#!|7=jfaE2V5<+f{^SOu+`_2df^;`G)yCJtW}Y+PS)^4r__Q
zm829V+Pl83J|AkR2ZyP2(5UaV4$6wkKQFpzGiE=>K-R;l%V_1QApdBbg?OrhfG!UT
zz^umzzD#XN0FB6jJi~r^=2fq3VvT1Qf`IL5%pg_yA7$rhggKMvo3xvk@lF&}?+qV^
zi?gPpCu5Q+)CWf$4LJI6<D420^`d>0dK69vzhpAZorF?)yg)UuI4U3@7LBQ00YaTu
z@zng<jafcEu8oh-dvn$Z0!0emeKONKxq1hwWAWS)<OxYZpTmKFLDJErwlFBR^<$S1
zf$ex^^?`p>Xa8lmqx%h#GOz;Z=ve;CNcz{7p-LBT+X0v94cm{x-ZBmzR-b2soX(R>
zu2k@KZXEo9X-hz;112*C+@vaV$Cw*|Tf-Mb`oK|{CC<MF5%zNLvs~1mUyGWQFV8kO
zv103{=RWu{=WU58Z3?d4+*hOAI?Si0FtO3zmgC8QS-6dPSAMwpcp!`(DZ>iBm>tNb
za@{yxcq3vAi2oYvqGcVNBijxLFv=1%YE;<I>3V-7viLZ@3!wI(cCcZZ4I;Wq|D<Zw
zWFLrnN-soKFK}CjT{KXAnn46dEq-OIp=J8G7Y8!P8d4_1YQ1nrt%up&i=(jSylUJB
zpBhLw!^4Z`h3EarTY{T|h$P}gnMHD65$wN&B>rea?-&o7VPa!xAXHO(D-ooiAbw{V
zN<3vz<BQ6|=ysAN!(%3dE88Y(D!Ps>6Uha5VSXbD7q9NiO1P{&akJ@@j~Rj>+ejoH
zCCt59#-Duq4zg4#*^#{y+AP?`>5VX&p+z`f1cz7h;CW5H%<M}lmR(Ts(l5H1AXXQr
z$K92O>UE2^u^P_lNO@jzrE#a%F&xXG8tMaTa_TxCUtftI<=kcP##z!SeB+<&6~ZMf
zor4##NuG0bu^qP)V05%nR_z4QAkiToB}7Mw2olJf+8l(qBYY*WD?o0imsO~#1u+#>
zR{weAb?2DkX~5;D7y)M^-S&oEzS#s99Z)MVyRy7-k4A*_01M2J233aZ{ZCP?Ck?-;
zqyVoO6AmzD?gPWd=vDAH1^-7W;`n8$3(Egem{&+jQh{1dK=O~p4h@6ACx9o%C#r_`
z$F65NdhVn_&-UHV_q`MLb90WrRsH=hP5xJ$q|w&fO(MX`s}ISty~hI!C?S#xhOh}C
znYR$5E->giMak@L+dU#QIwGG~Q}xvXGfkZ=DsCYJ?h8~Rl_C}~w3RKkDdqdw4yyOS
z@7D>YK-*QmISU^|aytk#mN14(vN{<@l=oQ!7*uREsxQo~rhsMYkvuKLazw}R(7!gf
zlcO2tFFzbDK}F&3U>Ha9BP41|1Dd(91gjBdO?Y3o^WN?_qq=QFM;fYg&Lzt&)U>1v
zjdJb3e+kkaU+E+vi4e~beVgh9pS03S$RvmZqVZ5ukdj0^uXRSy#dfhtK{MHd`^loH
z8_Nv%r5No*cSivuiKbEB1PJ~OS{>MhRFZW;v4rgIs0>=Sa~~Tdm1s15Qb7|cs%yDg
z_jb-FRYPGWKdr)DCg`N5&0)Nr6frQi8k27Xjb9bRD5dt!DmK2=CM8ev-`Yw-j0WPE
z*?QbeR)5K}^>Oc%5{}Qibb6OV7Wu{7%11uWQoCN{rt^mR1C8ioeSBvacvVV}%C~(?
ztYvDO^@M0ZR`5o%Vgc!l_+eCO=&e4nDs=(V(m(=3^VV>0+W5hd7MxfV7>Ryq!yFSe
zc%zdcRf%$>$2oZHtPe=MW)8UMwA+~S4d#x#kYiD~EB~O0EyNd{7B<t7^N(FhyuGDz
z*^ryo0m31;`(&h=es~{W^jjz;hYDT%H2?Ske7yfN-8Zg0y6->jCSy7q<X>QC4z&g9
zBwGTwe^`s2>&h_vY_35GApgZwg#EMY#UHITXpF2Z9cT>gX$@@j?P-5!*#VCdTR9_?
zI_^r9HB3n*$PR&dcV<s+F8KhwUI?QP-1fpaFD+5~9vJENAX)EAz(cLxgq1|>UAv>;
zTSJ)ZN|w<Q_|b6d8}zHl1DsO;VnCh0oAl#>`lGr>Cl)95ORJ!>k9zb3F|h1r5wDG4
zsO24$4RNL`mk510@{9;cjUgk~oQnj84P_w?WmO)w*=`1f{d18|oSJgK=5l<}KB{Dh
ze}z`pZ`g{qmXo`9i*_^FjFiIW#@IN?cXvx4LQzK<0B!2W+BzIU18q|pP7?hU=K`1#
zYHlVW#cH(x9g7`56b6U46m)0F$n&BB4;FMc{>E2uifuI$NOLxE+aulBzAKsHsyH-@
z{q+%Jvm9J-00030{{R3W|KDQr3toS0PeIcd<&pi7YnivwSXM6tQf_8A2+_XmMT|=d
zg`aS2nhiAG5!R*LCIOSHsi;wJ+)P=*k(72=F*eg*!@RsT%vs=I@gw*$vuMX~uX&2s
z;>1ZfPj+>Kxvy$4y{K*HiT7<dxF*V2QqPS?sua76?ZNGw3}uDyQpEe^EWE612}1GI
z0jSZoS$QK}G(WFdEBmC~ni-2?a|w1_ovH4rz<Y=7%t<IBp)81xGxLJz@l*2H>i(|B
z?N`D_p^@ESWoZ(6X^%oLt|$9z5r}ymA5e<=#dHE_8;=0an+ogo{z)p{MM$Bt?9w8a
zp|w@dSZw`-#pX{~EdNI@C0~Tm@(JDz)i?U9P5Qo}K>vuw(tjo%<N(qi!~;*%%E8di
z%J8{-oWA3a^eIDoLtQ(46Fgx%YeyS8<R=~cJ0*b;m6sF#K}b~oU^>hIMmjnGBLnLX
zTm9dM|NSTYOHFc@$o~8_%UMb~r7{^-VC!Pt3TsrD73a2crpuLMXZFK|nbjqbG}*$k
zNr1(hnA!^c``3u(ZMYMAbSe0r;|!dQA{R@pD^>N6h$r~T;vFFYwx(i6Mi!BtoHlKx
z<OE=6o9)})W$WURbxEGFpc#|G32&1`2<3NK%cP;K{b<HTmBYLpYUgRkSi{{xZSXN2
zPXU~_k!4Hs`o;Sw(wz~n#63r$cOPq<Y0fL%#a1N{iD7KQpEUe6d7=ZPxv%JL2vuTX
zJi$4-vdblb;IZfWwg)up*6N8qYrz_ft`<&598r3%+Y7nLv?SeQ2y1Z5a|jVAcXd|<
zSG`*x;E9pU5OF)}Eb*|+j_G%Bb`{tu&7e1;FF*S%y{x8~;rmho>=XwD|9NG)1re8t
zmJHQmBC(?Y(!kkDn5A)~L{-Zq&C6~kxEqX*oLiN9iR6N)|5d(Pjs!2RP*ze+KD(?{
z07trqT|VMV7u7><Sr=qz(8%yH+Lx8w?qXQt_Ae2?_3W+6AiWicai|(_*onXeh8P1(
zsoOGFgEw{n02(57z8r}kJaj^`bI5&%8e9BcU}pP)@@37uJi+X&JuY|~z#&v1LJ_p+
zl<d@oYnI1_9=XqYX0Y5x2@6H`c(t&O%s)jiMyk2y`hd1$6I3d-Jr~N}vqUOu_1J81
z!5|?0FV(JdtybN3uie@Nw)chz>cddE{E}kzJIqzYRVi$)ERY$4srZaxibqNgQKIXp
z5n^@iyJbo{eW@hgP;ZZ*I*Fg)xg%kFS2>|m%2oiqhl;QC?nDMob$?`4^-E(v@=-uq
zq`&v&=9l+Ti>N7jn1aVfaT9N?JNGz_a7PDc%1BQN%lpdiJv@_d30~|!&Ux*<rzEIA
zg^N55VN_T7{0+EYp`o5+C?tp>Sc2N0(|6@-yz<LNs-~+?b-hv?zO8h91ormP<DK5Q
zY-|V&guW7-83C1wiP){=0bv9w>Feek%Iv;2l8cbN!GloXk`}v~5&cIa#l1~6lv08-
zVq+vjTXq8wW_fWN$XQpphy7IAd3TQ`WFR!Hv+hkBw(e0Vli*rH@^4wd`NJkZ#ivdu
z)ljU)VR(y_Nw9&B3<>AT#Zfla-<3`<$a`#IOIl86RrK;(Z}XBeY2=XAfrsyeGeqqW
zX57i7x>^WLS0h)&TY09y#Ix7SQS;2GuiZg(`acjA<OI)`n605vR1^s4s!!rBa)djb
zQtyU4uAnklaLM1f5Atb0E@qGEvaZF~muQBv%sNgpv?skPOXKUXbM$Wo;p5jfCK8Dq
zPa$mu=V_>y_HmG1bE`W{BV2D?ohEyM#7PI5zT{>R*#nN&<Fzat!9$k*0&Fx-fzi3;
zAUNd<s=$i+g7!lMj&k-eZ<?nb!Td5B>2tDp?-SH?J-x(!MqvQ`$$;up^b6n#%l)C+
zfj_Bs4km_H_H=K)dybwEkVC}K!otwXR3DE|U)R9U^63v<D}%qIps1C-gQ<h#b5g7Q
z_aIZ6U&2d&&I0<Mo8^!8qTfw&Pq6(1yjcJ&bN~hxI{F_5KV}BN&*A^Ai}`o_1JRj$
zyW+n78td0|uaW``q#%iD)A(qi%9x}b;wohg%)`yMd2Hg2U%nCkV8<%s6bGUfQAU=2
zLoJnbL?vP^K}^0oZmYh6-QmbmJ$vi!#-C~irKI-O6uQV8lE}idL+GDTHGidt)dbMK
zNkqVKsZE=3_ic9xcri&7zezDS9zoG#%`VXs%rA^1YR4c=rRQjGpKdJNxqcxa|L&_C
z{&Ly{u^)H3ia718F%ld;2;k+KBk;1xAqB3a1SACPfq1C_D%p<Xh@hbzKI$L=A6ytx
zB5SgOWy-+%+dU8!g7?okMeqP$Fz6@#aQ3&g{ErbuAO2TX0PlB#{ImjC{xh@uJ4>04
zj-Kw9rTl&Pf9FE}ir;iz7xG{Rf8*qQp~)4+T>hTjmD5P=$dV0M6r;Ls)Ju|3zAg%A
z1Brs{1Kr7cpbfHvGJL)f-1&PCM0H?4_=a-rq_tB-KW|Ae?v;{{J6S>IbRUmH$Iuw+
z7X-~1&q2J2$e=)w<FuS8V3XKit6vTd$~PlP0td0g5@Yf=6MT-yiPvJEqhH|OJw`A*
zbXcR!fBTV?v5DLxrFImuZ)+0jTacll1Jt5Dmc}q|1=dupf0%^Ks7XYDYFQ_#ly5fE
z((7~F$4ckvK-wZJ4<gc?o<WlBtp{Up{m+81OYEwKY$|TiNp@VR{#rr!_0#86-{x%O
zq+RM;I4MKp5-+O8O-AuvdrD|%?}Tn$F!`Xf%)WxCGisd_8}U;HV(;>~Mjec1)*R3I
z?1;G*O1kGJ!gnu-4pvH<B-LRfyi}9nBagUM5hkKZCxE&U*5jrhFHR1S@|V&>*Ww&W
zh|2Q<-cMV-4h>!+PUMQN^*ow8k(KqJCh0R()m<$ytEXUo^}<c2h2FoFcF}Hn78^x)
zQ`iWP=RCgqV+62U9=w~u1uR<NTv^cct$zo5yD1s<DXfWX(MFzgPi_=k7E34{p>PKz
z#J<&)OUkV8H-Ee&QS@3wp^7^}MU=uE!;(~R_&xJQTpBRDgMc8!P3i^hm$aM5ppzsF
zJKmkc{8^}s(Eqf3>sQdRMK<p1>u+(?v>RhZGfO+OB~pO?9lvpGvQ!W+LQoN6Jk^^;
zVb+AunzrZ*Y^kOZI;FdQyT@M>gQB>Y1%sG5uj>h~qGE4g*Sjkiu~>LY!qej#Rv{0;
z;8U)I)VeLJ@i_%bT0B)r9^{MkC9KY#B){VBTTFcXNlf-3=hOPA6O-N>wTD~k^S1sA
zLCg_W1PYcA*PQANNQ-v?F^|FVq%J;@#v4Ko3K4U#rt4zok`ACxi{>!SIAOD*ySUAa
zaCa(p{SBGkC-L>;&+Fvo7&e|nx-st3p!CGBf<%<@)k0=%V$fH~ksT!%-Nt9uj1#x^
z`e8>X<psGy6xaKR2X@s**OZ=Na_yo13OBUe8;S*sMip~w+Mlb!R2fxsi={1^aM2bV
zi$4!W5680V!hwU~iVGo}Ah(9U)8G)J^l^o+Hq8)~NszpPQ_^gYGwWpT!Zhi>pjZ@6
zZmk^YCf>aTZJ577v3l=+fkoE$jbvyRD@rL}+nW7F^RP=WbObzYPLXsrCL$LK1TXxF
zki=|}J46T6g(c}SNaR3Q4duX>{XTqo*1RE(&(17>Z0R}c@l)PXJ~!0v88N2dI=<<*
z0bYudeqwp{c<t;TqfU~EBIY7&2i)re<|`wUxUrF75np|sDn9;#>;$s8x>AIPqpthT
zfVVIz0k%|rLJd363@E`+ue#OREdPRv|B$}47C*hU`B|r&dD1B-o}LMff7Irk855Hx
zhVQ3m`BtQb82;tgbp!kSi17Y3-$vq>vgC?Zrf!A~)_?9&{XI16k2D%2oM!-awEXvK
zc>Ix-1B!(C^T6+MT!sdCQicxB)^_GUyo&^A@K4zJ+#8G;z{>D!D16?)$o$KO|37@q
zzk>Fb8<*?tX>S;Vv;fR_17jWnb{t1wkE1&c<FNiA4fDeH+YS6%c;YGZDeetPnsX`M
z;<Ns|l%$ipjesU@NQ`{ZxFbqlqRxcg{I4m*M+Hzo3GdX3(iX}4*O|cgZ6w8JI;xcF
zv-nt3#_#C7B3HH7DtO={P(*cR!NSpQibxQODJI9pjl(g8T7?1AG<M_N`tv*bu5UcW
z^@)N5Xc&3OCFDXW^4r(nlLa@ltKVSH?U0r}CW9n&^vFb~fKas*HZZC}wfT!Zt~^v_
z?9ZjICK4WeFn30wSQskhz{(9=6tdSs*E11R-i-3)Z{nXh)?Mw$;WEn6JV*N))E|y2
zNS;LR2txOjoTSejWV=RB(2E6GjnE``ihEg#wEUPCrdbkoP%^s;XADej=`v<i*)i$j
zHUPuerK&CdfpM{AM^0(0YRl1mmhb(`MNQL<I9P#(Z+`J?aqbr0YSKt{J+mI<Zf_dp
zaw(?ygdp)A2r_Hc0pZQTFw?U(*MV~P^G7AJG~iWI4`Yz?Hb;rKO52tTHOk_PTU5lz
zed#nVQrGjT=>b#&%4Zl`ebJ#9zVU8d%`%9lpW)PmLfQ98ZVCHq%Y9n;fpV{B9so4G
z6GE3;5svq#Lk(kr>O)`%I!%5|by~*D!UstrC%IY352ayx5p0UmY$y#C`e~1K{{giB
z9m;F76xcwzGI=6Gns2ABu|ABm!`=TI<o~mXeusA3Jh+j~FKs-m)4^(=Ky>dUx?iJG
zhf2$vBcOgW^zTIwjapvlC5Z_lv9_53(PGQIiY$(=$wSicd2I>j<NFFTM5;$RZ%Gg5
z%?hOIxw<nn%a>5Ro@*#68WpU4hOyBAo&NbdZ`yPT9e)=te1n-gK3p{Toqk8#mKKd=
z#z1bqa=6Qe86HTa_}8?{$=GTQN+V3{<=QrqS{vjigk*NAwZ)xbMkH9yR3uJJp=9}{
znKv94giG%b9Qva`mEP}sY!seCOn61Gku4f)u~Qc--bkH0&k!o{;mxBOXAic)=Nh`r
z51eiV%Fqjkx)_5eBlgbvxq;RavaB<k+PxXIJ`|hpL|j$0IIb5!e2qKU7P=h7xtMWo
z$YX*`)C=CA;~(em`oL1{#xPg2R1TD5lDH)k<0dD2r;AhY+~p)c*wfo~ruW#bg_w|@
zY{FN6lE~AIxlTX;rvMNaHuTxnADIkMdtR)1!uu9j*EU-C2{;djM5AV<tGl3Z39d8P
zEv*?1Bu(~rlib6aybvm@ol6O8MQ^R>IYr;l02!eAY%K;p*UvQ1>v;MpAKf~gA0g3k
zJ1$hG`LG*tHe_TvQ9~&nwEL?w7}MkE=2sph-LDJt)bEam%hD>*AO*Xkv+Pj63D;&q
zQ=NQT7BGP@)8;sK(!U!5qx#UZ4p-CAN)-9*1a*3Xb-O3HQTrLx%N?Q#exNu(KV7#`
zs|~zQy|_8E`Hvca?4M!tXW?=v7+i5XT{CNET|7}Yz2~0hZWgBcZcl{wdDD0B{27N2
z3Ii{%#wR2y_dSW~2?&42nLH75HUJAF1H*Uk=&!^7iBtZS*R-ygTc$vKn73v`cPD<J
zI%^(=p!~MR-3iD!40_a~AYh0@b`y{59n6f%#?CnfTH5@08Ohgu`Ni|786+{7D9*0)
z`H2YFX!ga5ibvMvu10EY?*@<-u{2Eh>aNZXW6-5V%v7$b@?{{L0!HDc<oyTe*DcKc
z^RRerx9Wq1D0ro8I$voWYj+Y-Z@BM0C9NfCkAh&$ZkJBDtnl(O5vwI_8b)UAID%vH
zz5TIBMeRgu9y#LDJBIpz4|d@~pyGF`J_K&f+`OcOP2jcRY%Fn9OP!WX1A&?lPcae~
z0!KA0&9DdpS|kWwT{D<6Zl-h9<!l<@8`dxb>f>aMQ2FQMFMef}G$@5)Xf=aF7uGUo
zgxc4dJ0-_`zw?^b*k6M#s;Xl<eaWG4k0Ps-Y-f-zO0Jly-z0r3j87U7TD5#Dk<FS5
zW^;Vb_v(O0IGo2W@P^|)*P2ouX!Vh;!3-R39~<j3+b(L*m+O^p=tNTn#Yg;Y{eU!A
z^rNdL7^bMMkV9$siy_3hT<)gKZ+LOq(j>I62>qlS!QtCd#;dWvAiQ`O(22~Js4pE|
zi-I36gX-0EualXW(!HHVUYN}YlvUWz+t}}amr0Drau+cI!|1=p=~L+}C6E`S9blZr
zwOy^DTg$!hP)F9C4PI6=Fc40Gc$9G13CQiIaJxH`B*aW&V9cbsD1_#j(p($$&sazA
z)DD@!!`ZN}dltQhC()~U61}vatjehZPtM`^U7%3aH6g}jXZt^j-Tz*f0scRl9x&29
zlPD$tfZ^E^#K87rNC#k```>JO@crxjmAHOJt-}%{qL@jj7+A--^I$znyr^VLlp?Kv
zrRhFF92?||Ok##f*Hoa6k5Bm-UMfTFq(W`eb%vgha!r0HNl?RGy0p11Pz+i;L9O6Y
z<iNunb{HRQB^~*mFGQpc?>x&5Q+Y~L=CRTEGhq^LAJ4|}qqVwog}GIIzroeo0G|*X
zx$Rg3;kSMtZK*5kl{WuUdxNGr{s_~{DJN{twETMI5Lsip*{Op1I0asN(96B^{Rc9B
zXPz`d%*t9W@7LfGG}2eoP$;l1MglCJgaWQzya5*y<ns~9rLcJ~0)uegZG4fRPU#B;
z)pyxnMHjPbqBUnQP>CruZHvS_@)ha*A+E9jX#n(h>HHbc@E_0yCip&PeXaGJgBuPb
z<Pll9jrYl1zv<8L8|mehxC^XI@`>_H>n<-R84hx%qz|{M$G25U@F-(>{gHd;DtX=G
z(l#;aMUjAmOU{O<F1LM{WbEpV?WbB4IC&S`ne0GX5H=rj&X356_<#qpD4?+MwZU7h
zzWZwgA&zVp{`aU3icrfk#*#+k`H%N=?KK5CAtOc?@B+j6l*;b<LS{uYa-Yu+*DOoP
zqg+H9*9ePpf)8qn<J+snv#}G>-A=7|ZC6ZA3?)b2zFd(vEX+HuNO)m`ECiZ3HPNO}
zovGp>XFab(qBr$<A(+k@>zJT(QV)x1Si%%p0V67Lc^^l6z`1uYf=j?OHCbhhh+_ql
zH{O$})TdX<wlN6lStok`q!WcdNwDJ&>3xAFHZ=2(607v*6l4H^=EqZuRKUd4N*7P)
z>CH;t^l6>{drHI~4lfuO0ioyC?@E79eWnMnKK(KPSO9c?t9S5o_&;{uzs!!&G#^Ib
z!F{PZ{Zf*p0`4G@G6EU<HbxxP7vB~^ZdTU72BlNcR5AkDGNTO!vvW1acm}3ql%VXR
zvjT;<M2NhcTh~{b<tkg^jxU;AU$ba)t|&PB39-$Jv9t0|&JHrC-;5%U+R<X`C+sHO
z+{ff9cuUAl$raOxu0##jYq#<&XAMZ=O%d<<lgrmt1mQm3&PQcH6;ku@RGgrZe??KH
zVid(F0GllcngF$PqhH@Mk+h<UH*_CRy**uD`U;@B8xkt{q`z<N#Z1X)j~MH<GDMPo
zVy7u%s2XWn6{tmT-GvrX6Bk+T#<Hv?$kEHZc4R!xHkqJquZJ!|9f$>X=a7geYJdE4
z0<$7Brw-F*GRU++ZHDz+Z;?3ErR{pxvtFY=PFg#kx&hC8)O_gz_T0DbywZpUf$TCt
z%{?9^5*VG@!pe(H1<b$?*w3#^GJ1)=Coq@g3(80lwaG^)A47JVj+9bKON9XnYVmiN
zRo>e+g0SXVOvhdv^{JaLY=RMqW9Fff2z1Q!b)=lY5~W)FO0iW!h~G{08sbn#^sLnO
zta*jJz(*!`IOa}`N`s*}3E@^Nf`P>8o#xCrOz6U4yk)(CfZJ%-r1TqCGV8A`P>`o_
zp*QC8^>P@yTdRGk(_pg@0eyp{Vr{E~AcxS<!3TL{higpd@)-Xz{O<)Ceob51c%Z%~
z8-uQCtj+$^23GVkEar~(Kf@`0`}yBks)&0U&G!QbmwnmdxsKoDoBP{?E~imSH{y9U
zyHt)Qlw+oz&AQTDh}2Hpp$2VFy73&!BaN-onz;@F5t41=uqZPH`*%7?GcuPNca89Y
z1$AG2{ftpR1MMaA7*m8Q9(Hgjr&E~=wkNfJZjOGxe}S<|Op(0U%g21x=kU^>Eskvl
znj@F=7UHu8&h-l&xmRRlppQrLMnHLDj3`EL?;&%`(v2~!`Jm0gkWwN8Y+qK>h6ful
zkUJ?Pzq%&9t>k&XIs%J%2EZt7BhbX0Y$JXtxfYG#m6XBxCT3uYSJc8gaP|dz7rh)4
zoYHmPlE<e|*jKpngE*C_wI<GLt5bu0;AI!=G!ZOyW5D79<j!Gi36Z{P*Ror|nP@vE
zUYbxecR9jvTptMCdVqT)`?T6Dy_H%+h#DF8GS=u{rJqbldtYMmeq>F5CF5$3h&a4$
zkwz6{#|iKOdrz>ZS~`zTL(m!C5Ei&<)ND_vjc=guEpm~`iN+P%C&Gu#+o<*Mpv0Ed
zH>#D6ZXkp(kNUpurFThaQnbfT_GfTtX3`xISDlcqStN~XJKhzs!O<ijC?M!paq~)o
zpg~X>#$(g26$RnEmav^}ytilC2Ex&U@(oR@BhvR{$nwCSSN7+&osPx`n>Y$xtENH7
zhl6wC;l-GCr1;w%hrvg;srKDzo;`8*Pgr#G^z#0J%CJBmLS4y$o_=J;-rxKwqs6D~
z&tV9Eqzod#3R->7#-hR#wbG~ggP}kp;mR8t;yuUW82;E#V`b<-Yhh@tYeDT`XlH5v
ztgQSv5<sR;{%pCY$NSS%c+_}C)^>QhKTy`q&;ZZT-Vo2)%EFb70YLYI22uR{#D84I
zmKsk`;76RrAI&G27`{isvHTb^JrDmMxWa$Of9H?XKh|i;=e}++wy&sd1cE_yt{!YE
zyiwojadHaMosoH|J{<~%9w04`U<pn{nw5DyEsU-!;V}?Hy5|6MWE~IrpnqVa`6TDg
zW&LSy72mLD>&xO^Z0JoD3WIYG;r(Yr1?u#7FqXo<Kzva2%Uv~-;WK>2FZ!Dn(Ymgm
zxA=uuu*&3<P;0HRJl5J?#g2mpIc|mr=Y}{7EnDgyfn40xtPDL!Jw6m}=Ys&$lV;zs
zfYrD|-0zcyipAcn-R4J-K<vJaHnFt-Y)w*v4^p30N5ZF0tW!27g7FpXxgr2R!1o3B
z6E7k8$xFoK!^r-P3$OKmdSw9E{^^zRvoH%N68S&5GK9aI3!alK0W5SZ^h`{Q--AG(
zCVCn&JrDoyU*KP9JB|Leb_?k+=Icpc0KoZ9d-U~jd>H-nx>723qYsz9u5I?ZU{HCa
zpR2Sd1*Nd;W~As(?Ly$M{LshDyuE=0amssllG_lKNwIQFXrTgI%*^4m49~Efr>EY9
z+u&DM(eH$2PY1ApRMbxhk8Jjfe&WbqzEki}Zav<$>U6DShgMvdNkpMX(x7!w>gbHE
zI#t^wP0k>i?Kv1rA@<!E>ii_w9hTq*W=`=cqY%nUgu{Aa>J>WwRU~-Zg}inu_c<!n
zwrPnJy@a0gUfu3i6Js-aXj!W4PMv3sd<6r+mgT4oC&ul1igB&qd3fGOJqgKGl@bF+
zM9}Nn@K}AKT-$#sq{qyT#BB`c$YY1YRCdZDJR=IxsQ7p4jcW#Wd{3<_4?%d~WFY7Z
z9W(P}8r5L?S0w`D7f6rcY?SS%Ez&k&g|vI9pP&`er!eCa88{0{^|FDSid9Xmz_2|(
zHM|K={D?TEy8wkQBz(4irQgB(k~eRn?z|?MxvenBDd>gb3(C|$FANq=PwG63&r`u#
z11%+77N0FYPM<l!4|4>u5~NwgB!A*+^Tjme`2eq3^lhsWd7!4Wr<rTae|Hbeu3VCh
z-ldKERVs9DS~C9GaSAlRWuap+P~f3iKY5_L6RW>B{E-7u1!B9F>%fgl>dr5I1cuWz
zP{BUezBA@g7NG=L0r>N`mleTTUJicAqO*%q?ja)9p@Nss>W$fxdSmniBT_$&6HvhX
z-atUWf`p?&Z=W8g|E9#K<evo&@d>%V3ml}VfuYrR*9RR1fb54H;QwtKo{XcOg{l5?
zz@Nj<a%g|gmS6<X(J?<sG{X<$!>_~t?$iBc_gjM4Z@D5LcZJQN?ns?BPkBN(+{CEp
zD8j<a3%lsd3!I(&Noq@c_+cUT6;+ztuA2=#PBSe-3xvPuIpMte3h{cp@(s%Q-q<Y;
zt=7VzJzrTfP`MZ-Z)M3Ehj=G-+GbYD0R}tHF+|naCJ_^OMrw7xoaF-eKxB>jvEP|=
zFLhpD>0lgQE*+V&irQv4W^!>lEX*ks0~-MwR07SJymP}F!F&HfW;`EN>SSw65fR-1
zi52<rk8;g#GKy)<{p^k$z30IgFg5$;^?M|TON{7-$CtSS5t!E+a@~$}WGV*-J}9lS
zd@N=}Vk6#VGuljaD?&_6RW%CWE<Gt9;0A+tKYk_7lKIBceXt<R_I$eLJ@e2pau4OQ
zENVr9gbY_joa)<`9@O~LKyARr*;?)&G)}JwPNHCA7K+};8Vz|kf$p0XP_UvWIKi5S
z=-xD6es#LHp<E*8yoSP2=f?_FqE*Di%A%?1McKYC;*5?ktp)C=2}lcuhh~jc*xg%9
z=OS*FCpnxhW-IFEl~5?Ite%^@p0!)RYPM`K)IJJgqA;TUdRb+7%n<%Ik<U~JUI5GV
zHl=1v*KBw|d`==ts2Eu_OIU%N#*a)Jt24XU4iyM2LhvAToq@}19{tUxo?X`pLC>ku
z)RK0b-JzxSl?bT%eK$qsr9GiP0w(azzXUfMwyWu%^ZDl%Y~P#5#_V_HjK9wLo!%mR
zy98DK>OE_zq~_HYT!I3+uSlRmSdl@}XSIhQ;BJ+?qzXa>!a6f-JmoE5Jw5;c0RR60
z03iS0)Jez%$3ZKFD8~nk3?Hb@rP(XUF?BoSO&mxwE`~Gw<ZWcnQrT%(ghLPh_Q<d8
z$q>_gGa7LCrdHm%aLDcTqurv2azm}`LsK-YFPE9_ajomUO%k~zGY5DLC+y!|gw8?5
z@qFeXw8R*vAVQyeSA}}yVpXUzPB__%bZAHHrCDKbGv)=B0O?Qet&4rD^=My`xe;8C
zWsBUiOy`BTxMrF1ac4Kf(M6(Ih$DHV?IoI~Br+#TGP=x*<jQ1g!%#VGPL&sA#O+49
zbe;{Xjtv+EJ~MWxRo$R;Os`yAvRA(V!o0j!R8}|}N#obO87(&wCk;qTL_EoyHF}73
ziLc+m7~X!Or_D=zxp@t3jDphRTThREbJO6uh&#Ohu^4U%b3t&^Z3kpMPV<}TvAn5n
zoTDqWmf|)mR&1dvLwcXBgR7TpaBZJiJ)qBwwaY4fjRj@zrJjU3qVQpUb(M-zujrW<
zq6s9O?Xl&xl<?imyRY3Uyy&^u`8VPMEQ=;;(xdyG1`f;B$aCik3K+ClvkA5eQ4w=^
zY4Vg_#gXfKfMyw%qZ8p8kGE7W4ouRjMc*Kt+lgZt?0nlck6JSIFuey-%Bw4>Ev*~i
z20luChFgOtxYc=rTakZ++rBq7zk^$`zsA3xo@!7eoWJ9rfVHKiq1|`W&+o97mF|zS
z%fAf&ThH~EwUK4emwA%7rWk}ytYvk5D+{F~je|A)=j4}Q$mV8`AIstd?2>M3G~b4F
z@UPLyIE?$iz8y}%FBVuYDb)(FI)e<sRikgo-jBW6)qpy9Oq}>=TU9NeAr*KO-Q02@
zO%DhXN7YjPB;R=nk`O+pN7+V%s~5h~RZlK1>cSbL6GZSWX`Z>SGkc0k0mzui%DxRm
z<v4d~t2~>;ZD5r-4;|&=zV4`uhxfu#?Zy2F;{eg310kj+0}`U<Ct%`Bz!HdN#_F_i
zOZ7fxR+Fgc=L~g_vye@qs7*a->5h+~a1N*i<90!2Zor~L)k3a4s1@^xIN++cj`;5k
zm!gzL?uzqt(mti#$d!k-1l~ka5<(F=aa=L1^#h%m-iT+fN;P}Nu=#^uy|M9p09V_p
zC>ci^I%V1t6@?g3>gT$HNAn2f=s@a}jO>?&WBG!c1!uORM>EI-ChJPoN6dPDE1n;$
zkvg#f%N8K!@OD}?u#-m$MnmqL>q^e|WG|=WUX&4o?2Ipn9qH@t@?#RVcH`hK&S`^;
zPCMPC{nk-y<{<;LLn|KMCu56a2v9dgZ!aOK`22Gm?zPL$kZTMEl=`#uS{XO(?(i<w
z3C%IdH>rqGE^gj|$g_41sfrFR6^(0FHZK~bGaF61+#l(V?YX#ODJr1(;4&X1gAC1G
z8LDUhC7?ZggWf)Q3>Nw|*S(d0heV+-g4yYJKnq(IMSuB0{OubjbX^=$vSBTSBjV-_
zh^QO#*)kJ|wOAmPBN`e{dAYD!4e-67#-vc0*jZoi6<tW6m{Qo++an#PEU_--+No99
z_Vtl3V_1j7xy$SC+D9u+52&dzhYpI8tBQ1dF{wGa{JE4v;&D<P>n8!jIuL$QlMxCh
zl1A;C4xqd_U*CCl;yR~-?RMm&Y0AYN_Ae2qTizBP=CCu4sk+Y}%A7H^9qzxDr0dl=
zpFasqT^CvJ>1MeDL%4NRHKG$HpLa^e`r=!5l-wYD6-1b98mGs(rRdE(s{rzN(x5pq
zMQHt5&|gg5@F*B&>2*HdAX*-AHS7)WarVSHP@h9Y7KKQJ;R4d9bz)SH{nkKrR6GUQ
z7%_QJ=mX6GhC{u3!CqSRMU_l%w(Z;52c*{@4!L5*_#LLYoK@|IBZXQOS&wda-_!3U
zsJtLpX6+hkw(MtMH-j?e$?V&+iwx5bAZ)SZj8BhS6_qH;ZlJ(SW%hA7?AjGtCsBRl
zh%@IHEIW+gpQfubsCkn>AQ_Rkz2SAK-c&X`Am(GP1$`#F=0N$ylQe%WNmS}O&wGIw
z9!p;@q@TgqoD;#Xr*yes7$qY77@Wm6<Fxo2-$h600T7EO<d&58(QSnWD_9<;*xDj1
zHRob6ZWP9}SnAht8;hZ@=gQY;js8}F&p_+&1hh6!K&$doJqAjQ5C2DSRrv+*q$KEY
z09ZfF=g9I7y1EW{28MQcQif0O7P?kXX!l0~3n&cUZ}<PbC*lvE+Owj{N=HY>M*rLy
ziJt!F5J1nW_CI*$zXINkUeDkgB60Q!20tb$(}P9G+zr_RVoKL~2(H!ljsEX?-sKK#
z_tVJd_7maUD;n8qQg!Q?yr`S&lp|pc%AMih{m?ngGn^PxrSMuMUU6FHA)qu@-%BI#
zGGd!F+88w&1e9uV#>nAt$@sBDH(XyDKE)ChKyp+(fs2rN)9r;~>H{i#h+`6NmnB(A
z($i?6Z8`ICyaFkru=GsJ)R6>@n~xIT>uabcI9Qs%CvqstZxq}CgPeZsH~p~l-AU`s
zE_@75Yi+ceTe*ocFvv@*x2ayNCS#Q!-15iiT0BEkNCm1I8QxFkCn9SkZ%@KI&VA!c
zOyDjeUWkmQDR+m_KG82^xk+&}l^`P_o}WHNv=LO?Sh3e)xxlxGieOUfpCsI$Y;Scb
z;U`lu$`i7*0hvX(5m)%886Xxo>NOx(@=C1+Pd1!3NH~G5eYCNiADA~u1RvTwf8suV
zdc0LAO>`CdLneU~>sSXTpxGvp%5i9{J4}{?D;C0lMAxIC%P{hFD*jl}J*pjOWJ^le
zww8Q)L)wvV(^~Vo9iKXW?4%$|?Dz^Ko8}H-Q8M;`WdT&cyAa=2e(;%7R$u%1K=m!o
z$#m{~j`VZTs+$uJBnObkrmU@7AXlspMtngUI?5ktAU`$UCy(ai@^&>1sX-}<bFeze
z*6WA*$D(X2o&8JR{)b|qsKj)lZ-qk`A$O$pZ2+qRj^6?As56z7Qma%|tv^s~v2Z`^
zgi~)o1~&L)ZFLib%SY1*XwhYc?vm2ZAP^6*Iwp_~o&L5@yRpktlZ8mcY7bV~WgagV
zJ<cqSJwJqhotqs|LESARFS8d3+({X*BF{3=Mn}3T14DR}?MabTB$kdzLI9R`JV6@i
z{lLdJ(H4~FCHSqRKCgxW#`n`5_~rjc-CKawv1E<fIKkb5y9I)~I|P^D?(VL^U4y&3
zd+^}y5ZqmZ1cLq$n{&>bnR92p`R2d(*-x{(x~jUH-K*ZNT2*T;lPzLjO|XFue^!JA
zrC~?*S0BaUG?F$>i@CHhrHMYaUwp<mMIf)sMF&cr)fKl270w3cS8G%k%7C$aR1R-l
zO1J4$rCbSB9od2wGK;Q)%odmDLq|bGZ<)XQU}y2zQJ10jsZdj)EM3jSA?}l{VZg0~
zr`oacfGzxOaN&Jg3loc|Xut(5^66ec19!fZi%PijRLo|Rk*sft+1`1Am4Xf3SB7Fr
z(b{1=olQ0uL*3%IMf0-w!@G2cw}I3KqpEfNITf>@AJ#};$25^pWW`iqo`<($^JF(N
zMR0k)e5nz*FMX}N?juAFwIQIk7F%Z=nS^W^U-oX)=p-?zwRUIC^ZEu!7*%}8`~}ZW
zh?AwXw}3Ra0a$P`zwcWyI6NwU*vpB9376nE!@0YXpEXE`0hI|eJSM();499OHlrwt
z=LmJI`rtr|OW;a@VXS{GxM1_nta9deo+-6-A&msi*(VC%o@<%gJJXaF#X3Hmeb&r_
zIz55+3BJH;zrdTt`bY4p{A>7oHkbW|KY~BU-_LF*6`nBtPoJURTt>4nJZlu_p0P_$
zNB`Y!{D1S>e+A!Gx-5A(tJ_y<$_Hj$IWoI`6xBmw3}+RZ=dit4oN_pUFN{7}a+ZEf
z8}c>;Ck-&NW=pq^BM<_uI4bQ`O`}*&xnt{z&A&u5MBjNW`T|;QbbE;5$mv$Pa?zCT
zH0z;`WAjiYzLy)v>IF^4Vt2K<<(Rh(Lh-~qBV}*2dZ%cuo1tZH--9p~`bbC{!W+gR
z5^LIV8?xv*RYG%vT61u|gFO0?=!Nz#X1Y$p1CpGzTe8WYTiLhewJHp7Ad0~s<bx3S
z#;=GzXgR%1xavo^N9|yIDQ|zmKe<&VIkMy0*(0ef^QJgS@J%KzZ;OZ=inSh;fAto1
z>qrh}2f1%n?cfVS2Yvz~Tr`j=i<F)_PfCNAhrwGjqY{_85cMdmGp;2E8*Y1&clLaJ
zM@q5KV0>9ASDRMVD>jxY%sfG#{BmYLLoM@TOo=JI3JqpWYx52GjLOagy*F7iV1~gf
z3z3OkVbbP(VkLu5w+QMGI(VhG2`pV68f94AeRiz$X}R@khj!GgpWV7+I<Qv1xqTN6
z4IHsnZK4=2re@pQ$BL<YI6JH~<S@H~KVX}GouM^0gz*TRb-n=GC7me^u>x8jF%m^<
zj)X^G<E>UM{FDjDJ?|o{ig4XYytcj6+(T~__SBKOXmz2<pn)&av|7gEiiIQCxV3$s
zqGdUpqw2o}U-{CT-e|?L0mc++#M{je>UfLq75@yrG>NI8bbT7I><NHu!8tqNS1#8(
zNh{L)a`6<L102E$)N3fNpQF#U=Oc+x_1n|s)nS3zRULs+eCuEmG#QrIbw75Jz5AF#
zPEEev*9mw=zfVy#1o7fZ->_$RWwMSkzh!6~)=IO1aC|UI67r(YWou5Csbgy8jv)R@
zOMRdGwNh1!QcGBz6uf<#h%2W|KqiMB!N)srPp`$Uk_VFxE1HVEaO3q?#_!%kd{}yr
zX!i+yuhcGtSDu0kbj_$B`dVnJ{WK#E2#&tn`aF%${eAsC+a!b!82-H$XBl1l#Bo^O
z=}wKe8|08xzq8l%gZLGrFGeu!E#%y+XYy%Ql4&QX*b%Q5GR=4q0-wbsArJ^ukN(n<
ztmFJU)2f0SK$gb1eF`(f_@MV`&1>@0n<h>tVl9+OoID;q?e-HEw?;IFhast7MH!P`
zzM89!Wu3-}zRGLVf4#+N&L$%MVsVoUk*w97QEh(})dLCBWR`0-?T*U6ssnkN5O_h=
z5{k>|HOw-77;3%9j!)7%IM)t-2?Y=|7BQJ=<*XpP$@Es7H?uwF^?^i|T2VRPeyVSI
zo5uu-O^{m0Un$ii(koRl>n<W)zQ^X~k-3z*WIO8XKKO`(jT-CH>%nIoWAO&1o@S-!
zNYPKE1lweZ)p&Ew*{O8|v@H|*%F7kskd#LGd0Ld<2{kx0-heqjjKZ~)MOR6vn-so6
zItE*R75ilNyQxv>pNrR_kTAb5#F8^MwD@IR_Z@4pjI>BJ2;VgUkbf)n^C0kV5B`{{
ze4_2|o!_w1(9<$JM}qs$U-2JI9SRG=#@)KBx9zcx<6oyk)lIwNM6-z~W1Z^IQnkB~
zJ-p0UtF9Z0-w~Wrx*2yg=g(>n&}V?eby+&#pwH}1mB_K=jb-ud$MHQFPZNy}cpm`G
z<|k&5o~j%p5w8vAFZQnvT{*YOMUwZy2k-^NNR};@Cw#`zmH*x~AT7X_F=D^PLJ#c+
z2;Q~$>)ZRJb$7)6BR9RtK~Un5w{sag8tRfzJ}IgW<QWho_$E3)G}aTf5o-JFYfcb;
z1@_VGeQNh2Copyd1uxbux<yBNp_}uyjXz(puTczsr93x?WPWxHxb-9=YfoFi4>6%&
z$-#<)1X<>*BFlx^Wk>+}on7ny*+XOauZzjQa>ak_MzEpBc{0L`7&e`n6$1-6rz~lU
z6&wO}K)15d|2kN)Lve)f#y0axpYIW;1E9*n7WT0he+xaQXwI6uV5)H>6#HM51o;Zr
zQo)9G9?x4yi`!QEevWM4>E9WFiU80E0^tKJMrURq<&6SYY<J<uN8TVSQUM<xb4*$c
z6qq?QXDv4Y;gJ^jkuoN~?a4k9o~XCL1Oh-SGR#AXTE2OI=n8e6?)wacm?t1aJZ&gH
z^o?pEiQOviyC<yQE)NHJ4UznQsYKxKHGn^U$rnhFlKPH#V){0=`p&;X=paFTKkz+-
z&d+WX5{kT$KAwV{psc*Cf}H$MBN$q0npfW+3h}qRZ;Hd`$N3K?N52oCY3P2r`}rXu
zEOhkWgMR#9bgTb>Krc(=RSLfv5$?E56IsgjsC;@;+%sJ_zHMt=wv;jht$n|c5d_=-
zihQUza;(n1j$b`;H5Kf<n(gC36+fok^*M2oI7+wJlP0^yYP~m;KIOcPT1~D}v)Y}`
zGniq++4&D1(Am}?{HI1SKE^rNi8?H<GWO`|CjGTo{=IWjCc{kBr<Ywk057&=>zXd$
zD0>kff?h`IdsZL>XEj&s8@<M3RKDuA;ExbphntlWPt4k*&=wAr6?-FzZuMnGV8-Io
z=YzRY3(?$Lk^PgdETMOSCTv3Eg~<~A+VkV;iYDmKqlERRQNr@mD52+vTms&k)7)hb
z$P{2U>%lStQ~lAk<$w8k%gXWozapCd>{kD3JmQ6@kH!Ssx$vTTtV9vU;b@q2QoK~!
zM|-^pPXdBU4`Oj7D1C^t@bJrM$KvP7${AN?G6YKDdDfn0HjEn0ycYM=Y+b%OhqFR<
z%Bbsg%dtaLyhsSH^<BGu^qQzC9lZt5Y_QLP=q8Z_9L*0%rvb>WUp8^Wr#5AJ5DbN0
z$PD@;%X2r=KX{m>Jffzex5$Ju=H(mo*%&V18&pmuI{~*#v+WL@E;gr$Ka_*UG2$w!
z)IW}V<*a{I_eFlGZwHZ0qD(xvUM;Dn9*=XtlYpVjgWbpgP+$j8Qb;bDUhC?8s~mHr
zE&n-Pr`*Xx(Sx0&aj$8pR?Ko&FZ9Y9UD;3!yNpw;VaPG(+Xv_|V>nE>b7B%xdh;s_
z;Tv22Ef3gSgGzEYI$vFdpe~q>7<n2Dq>@Q@=KKS7HZw-G1>RZ2`9e{sl}}#55HUL8
zwFaZafy2HHmE1Y3aC1Ou2Z-XaZs(?;g&L?nLk))OyGW@+s@{|0)kmt2%UiZ3gzQuR
zZHx+b5Tc(%m0o&AGi}R6!=974V@aSj_aE|;jJ5G<@)QaPTqN!&2Bb;jD#{md-P`HD
zu9Vh?*jD1B=6@+(b4o0%d;@|LGesgKCjG8zxz(xu&Jbm-U(pu_PIqQc=fjMq0`<OH
z57`S4V%7#&%EB}8cr0*k7}?9Clh@vGe-=tX&bdvch*E4+-fQhsa(n7o6|lkJzZ6R0
zr|V6%DL0tWD?oSNM15%6ZrSv~>(N9oPt19Kl=L(p1;sez&$1k(0q@C<aM=KvvmEZ^
zq}zRydrT!igyKtOg)8Vpog1TkY7X4!DuTK{DcF0XKmmqluHZzDajZ$B_J#;S;gKlG
zLW6?x7)m1D^9qpVJ#s8RIK-`1;W1V*VrWK^Mt*{cvUv#ii`%|&!E$sIy+}kjTQchI
zbt1_-rNh$;!3TosgV*5`bAsBS9r2b04mJ@Xp-km%FrXvWVcU6@xMq3QI^Cbfd~BdU
z8zKZjryz;jFsw9BTdx#ZFReA2g>oRO>(93+BG&PnK5i{b7$C@uCYBwd)$LkGg)WOe
zEHPSVp^(1E8r9w)X|l{VB*s_YUc!c=Ho|20E<f}!^qWeMv8!xM^a^_Pbiz<`7Sp1R
z<|z|rrg+ugtJ4Roe#N9Zuu4n}ShMsJJjD@!du(y~kaOy$iF?Rz#?rHpYNZkA>M}m5
zmT|t*up&ULkSvWb{85e6bge?_9Q+u7dP+H9P?k4#|3Y~7SdUl1Ele3Gc1b7oW8<+3
znVoNLa(!ekH2BJ85R)C<3|U7-1=MPacqi7(-G*_ku+Y2LS>DByx&l^RVUJYwA4(%!
zYpnvyxG+X}$UfcmMK-A?5?sn|D|O=r(()e%V$b%3bMTvB=c6yXbE1CM`8p6;aQ}??
z#V5>vdcu7B56p`feH~cPwOqx$lKi9!?4SB~nD_gws|G$=Od5>u>_il{(bu-qx51Op
zw$L@ww|(0EX^8@k1TLp-W?*TfNBfcn{X0Jq_@yMI1f-rjisHuR#&-I8zZ5x01V8fr
zn(@y)(tp7C|4Z)kuK*vlD<3@p`L?nIhG?mKRKU<Kk&-#vozM!vx>;_e>xKd`;*BT#
z+m>`In|f`}{x@)F`J5XSAlk=|2=Toa{#=kZTxwrqwi#UJkWF_|s{Jy&T^!1-BWDlq
zVQx~)ZdNM1FOWUHwsz&cmhw#Wti3bjw`qX}m<c*CeKmO$k${C<?6I|BardcUGn#0g
z-&ChT;eNlP*{m+)95yUzGug~I@!Cm*MsT`x4TeKd>y9o?hP2tRbAY<ebYG~q7cZj{
zSASXL#fKcp!ZRNsX5WL|p?4zuhLScE$!aa)m}J3f1g<s333JD*GCrLULXzfOi8rxm
z^KSHtyc}UNM^JTY<*#&Kt|<0#H}9!;C6@~(u4k(d)qE&?%Q<RU^eC#-dRp*!(NMa_
zeEXr{0*dYHE<Ybm&?nzPq|b9rYe8BKp=57Mkg-!BcdQRaVV5`y<1$5BIIhZTVF<+A
z5#AlXW&bjnwXRxU1wtSj>lI_X8!oQ@ISQD{$_{8h#1MttSQe;hc17AmL8vVwn@ro&
zYOFJ>=oNmE@CaE7n4m+OH#%v}bXm=y^tS1RxW6^cUfv3-|LUhlo~7F{zCh1xdNyh`
z9A1QXx+Cb;rj&<y!S%FiY$n31ozBWLcrVM(OcIK0nia(+-lR6c-&Kh7ZXIEBYLKO-
z47F9u%;yVl`O5tn;G4=lfH-gRK6Chnmmaeu9L~|vP5oPdhx|M(<Xc}R(_~g9!HWzK
zBc3w2)h<7pK^zYB^}Zqt<`OS~1Bt5SZC1sM2SW57^@lX-B%8_>3;{E3#;l|oR77Ky
z(6w2voR_<=fiKFmvEeZ(azb3XA3*cg+GqM6(#j$zKX4{qf3k&860*okxtJxLjGbrp
zvB8?OUCk0s1ZGj67Ig+7$Lc*y#=`<9GFEh|V!dPY&8SUr3u~i}(IKs8okv42YvF(}
zdh|`^n4W<G-cU?Kz8XJ}>T3xgtgjR0clJ~Ja1afZ*|Td@AdXu3G7)lD?p1VCCIq@Y
zw0?o>AYuK>k7RzGn2%$WIwv`<5K#$+p~!&4Mqnno`1ZhFfx#B<di>4`bEtMMa*5!D
zeFlav!km>V!IF1gQp}|S&c1g)0u~!MUDz!I<hp#D*pCw~%GtC9(YPul8qJC7%`-Hl
z+_TMggh*}7VHR6?Uxe-I>EDV2ODA-Dixgq+DIW4hNcRDNfyb(&voUii&uSf{nzwn+
zD{5aa#bu2ExG=@S5>{WzEFeJR+#=(veQq+(u3Qyqs#s&YBYxOpz}a$h=n2|Ny(rZ9
znFS5hOIS&VBZRxly|-2FZN27@F`>C*?RD6#Y?AM@W-ZL1J_ftp;GK7EZVkf}3`Rv)
zy7?W}A{!gPdhZO6^ik!>c;a_3%K3qbsi&7VVQShv1OELJ;3J;^|0BKxJZLheVp=#p
z-8w6HOTMGM+8+V0^ZUN>5BnoXBxnI+L*s7|QbjFve|c_2f`4ABtM`=k%`c{|r8zDB
zH<ObmJfi=q@zdeLcO$~@fhg!{o_S68TX-}6Nd8yu;jh5lwjF6}wA{3*F2+GaKx0gQ
z_%WZDx*wnOEclc1$2IbNPNiapq~S7GOkbET8r*Zt92V4rw>|OZ*u_=OX9EZmo0>DA
z9I|k-xIJkoxgM?Qg^H-k3O40NF;*X|KG-Lk*wVcphZlgSUhzH$_uaN*H@9A=g2p_?
zo9@TM)+MJJIn<Esi@C<vPG&d&?a???ec61_KRR5(z@u5|VsPx(CsJUbsF*IV6b?;U
zFO^R-_x5<eRehthUrJ+(affzrK1O3PJi=?fE-Ha1(z(;Ax303Q)&!je7(VRN6mt$W
zsC(e0Hy3=ARk4CMFWu|{h%JRh6rdZv_*8QlCa}G_lffJttw0hzPuq)G715lJ+l3j1
zOF5*?nNqB^2uf&IL~242dRHCBfer}{oXYBa4go>&#x5eKt67Mc21#}U%WrUYV0Fv3
zr%s}y+0r-{0X7ARgX)q5Fep9R-`7lNn;+26b+5bu0T^<}itUWJ!mp}AsBiK-n+~;l
z#j90Rsf#WU`_e(j<BM0t?XF%P{df@gT1)*le-3&>o+IEI+<Rzz>?(P3;vlmvSXmii
zyH=8tI$rx_mlDk|?*8UUUIawdEqLhz+U@}xR04<<H*tGz-9voME<71i%gSQ^5UGzd
zf|{v#cbPcd?Gag(9*`u7mz&0~6R@c+=L)N^w=n-LSJj8J8{QMv>U!cU)P~$U9}>#2
z;H3Tx%uU*J?uBNpXkAg5otaqxVH<izaBoK)%dEcMCy6CC_B*LTLu+nsBa^>{ViHvs
z&|NJ}i9<KQB!uB~-ZM9yk-whc=-}rm!<N33y^CaTN=P&|?d`}fFv=laO#Mn)M&sA`
z#ZZEcD?*u-Ku+MGPaSyRNZQ3+2OrX_&(>f(15`_MH@7Cgyx_{5F~v<KcqWS_@!Too
zLSh0BY8m7>G+Fqa4NN;S-3g5{b=j)*+1pK%c*|&M^SCf0m!v8tWEZeAqDBY=>Dd>R
z4M8rxgxY-MTiL@|c)YXYDSC7JB$*+|v*H+4(!AE3+!9uV{?KBJ?<R)m-uuG5fQZME
zYCkr`v!j_<Wo3Z(!$$#pv8zD0Y%MxRh9)hs-6}C|Uotju%iF-8TQu1TDj@ZWDS7>7
zU9f>r&J4`bP{C8ER-D^{OvRaGBBua9K)}C1Cw>BF{YWgN8S`FP3}(g9z@ti)cZ_}W
zg8c$Sckkq*Jb+9_Fh&1})6n#O00?^ZNV#ZW`FV6=UG=s$+=L&%j`Yh-%-B?n%*K?;
z<VpaXlQB3cKC^zv=41XFHtXCz36fmK`ylmZKOJnki402lqW}N^|Nj60AphSa#g2s=
z_)(1d5HZXMz&g@cx!t-TbJb>}DZ<?lnXI>8PxHJoW^k&T;o#)#$&2=p95<Ik-{F^n
z!wVyn25^Fp+c%G%8+be`{`j9z!%gE2*!>gC3U8awG;$ajJ9FTsiv?|dr})$UpAr#|
z2Io5w(SFtVon<%uUqbo6a0~xHQMZ&o*A(0UbqnQ*KXKaHYI{zv{<4{2f4L{Qc`WwJ
z>ChO|2W?duA&)ew^y6?{XtYCctIJVeY961IU2a};_R`55WMw9&RAByNcqB8M<+8y1
zOw(Ha5yM5oM_{b%b*_K4l~*r_<b2KS{#3@qJA|NXtV7=XrsvP53QC*L%(xN7#;I64
zAtB;zF9MlD14)~<1H+{K@^!za(JdRqz<nO7gos!&E50%H%mAWcHBkMi7uJv_y;v|U
znswB>I4<gm2H4Q&A0ZhUNLi3n7~DM$&~h!mp0uUvR!xfb?7SfQ>E#~&BufrI<OrDU
z^L9Q$VMY^~UL`if&DI~M_W#$PBi;Z1qV(5hJ59{P42!O&{Z&ShrDFDvLLcxUUxZy^
z$oJm{E}WO0u?0nOxNH}Ly)+#yq1x4eAQJeXljJdzUEr}QZ;uCBB3+-N`_hbNaUK_=
zau#R#es*>6y$^HQAuhk<lIyF97V6yBn}rRfY*UFjb;NtgrT|*eT8~orqUcwKk;U3z
zDG_HM_G<Q`=}c?S6?fG!heNT8V?km?&l#!WHbl*r95-%7-_(>SfEPx@R@V?ViJJ?a
zekrVqrK!0WR|q8)Q$%+2P93(5o<tP`gASD*kHCRwMa$gAAGr6~f^YW8h3qmU`(lfX
z%qis18Gsyw&md6_CkUM<n)#tArMr^ehurVqdc8>!$m5~MZf{s@!`<98A|8REMf`E)
z$TzbcEkm;Rmarna2eeE3hUn8l?i}4AVxD`g3zTRp6`Hn=6m&?e?+p2T3C{!#84m;7
zt|Kb6p&4?@@Wg$47OolB9OhQ?_?mhJUif=5*%7JCo53I}Gq#+GF4f`oSHlQXa3;QP
zQfsQ6!dpw!loLW(FiJi>r<vxWT@Uk3+X$YYkK<xQ%GEsmY9(zY%!{CiA=w^L2G$je
zg!USfINkoNGCVQU5~-5c`XP{_PYNDSVfGwZaBEfIVm~03E(Z2NPUz-U>SG8&<C{4M
z!JOrsh9spWOn2GzaAp3$cR6V!)0U-6Fg?sqBZp|rEk{j<V~(&c^|z{7a|RaGjLchf
zb<cPgduozGPvSQGqgg^_s@!0&WYmfZln)bSm>vEO@B07K2Jtr^XTNIj+S=ONJau?Q
z1^$l_|6jU|e}H+6o#qk&{iERqZl&9>O2t9}Do~WO6R1acyYyNeSxo~E+^t1SL1(C;
z9y!R=Fm<50Lgi&3l`pXruwg7>!J<9QJ-{sBnhNtC5Ekp68e@WZaLNwwGZ{puRLe|f
zX5_5@s<aP|wG^%;fXZY_FlYHVkAz`UZ2JC*F)4A*J3$~*#5eYKQhkIQR%iA$%WgrZ
zqfs{6X&Ug+%5NKedf|6i_LNAN+^07g{8@o$+?eD}X|{B9*%H_5ve}avZgA$|qpdZf
zkn)#uETV_#W-jp!dSCCy>6+*ZM#loyJX1dDiSltzBIWT@oMN!pW>^jP4GG&i%abnN
z{E_nil}Gv4r2jA7#$VBXZino(EH{&lXkZM(`LziSt-M!ysXTA3@Jd|4RJj*bBjl+4
zeNe7D(ai<{G-Y!v8WepSh6FEIBtQ$a1pEVd?GBa&fdZ|5e9I)-1dh)6!oHbwD7P<k
z+-UtE@alkhCbBqY(9#h=g{)h7lvyPU()b?Yi*|qtEJ}oVM=Pe}vJvNiMQ^KZ2s<kU
z<MM2y^tPos=jyXmD{_U4;>TF+^L`#n?D5u^rpZ8xrqnhYmABUH+*9Y{kPl=h*~fE<
z<-n5>TJ>kqnUyU;LAW%-oq5zc^kt|(jshw>?;tty1*n}HxIvoLG6L2x%Volc4`1C}
zKbW7gxfO+M8phIw{adsj=@e^BR5)u`&}u96Xn9*3&y@d1zbfBoKai^sy3xmLVN9BD
zk8r}_&ty4~+T+B6Z5)>sZA{H#mh28P6_i^^%N*Q~KU8cs9D<cJ(<U-OXV4Mce*T*6
zq<v#5%70vX19-vK(Nc_6?r52$x7NL!l5gBzXG4q<s8{;Us_}Z98LWT-yg)=L=)tvf
zNgn1dGefFezjjfUY`K^fs{co}zDgu3rca~C7my6os^a(HDOn%p0BzLHB|4U1E3sg@
zbX!X=kZ*$yvv^^}hx!zG#w>t~hM~iQ5);i%IcUmRRxF#dTgmZAi|rnf2%MJVWfgFI
zYUS~OkIUMn-Yzo_b$S+okTy*^Hs~y%xuuX1AlaIYl3WIp@BE3?5Hj^;G7wq*g3IG{
zcHwagaK<R23HBeGsK{^H2H&q>IFLy2GWM2lwe^f`e`%b5%sK)iq5R7F6@T$3*Ps1C
z(b3V+F@3YqWcY3JKX|3T(wbBc!onMd?<2?O(@{XaW%4u<@2$3EBSemR#PG}=C^@cn
zNOjo@!7MhVUATdg6EE-1ed){*EdE%sLcA<F=S>GCuspC3T9R#n>cgI=_l7R$78RAn
z<A8sC(oXE74x}yQl4!N!L<OW@sx`-Q_Fy~RIUp+@KPKb2Ty^DfcZ{(&7iuk;Q0DS}
z5X2FG1E^52|E02UE2bqNK78YS;RM+LJS)Ti64Pi(X(^ALGbIo=!{ZH}vHRq)_T`7_
z9hxy_LVp`=L2?mgBTL6T>UXW+5|-s7U4lqa$W~wxxarpc#+9%qok17}`&im{E@r`t
zGr&-3Bp(o$rsP?RNwVqp?cdE)4Z}%o0*{}d#ABL9b^}Gm7y#i{3NMEwiFq|DMAT-z
zZl9qyocHL;uK^J_5Wd}3YP^Czb)~Fqw<7Q4(V=1&F<vC(5IJy#a4s~TFQ7>n^|ApD
z%u^LAvvGEN0gSI-R=<XoTS<{cyKDe*)o!<Iz5K|jJQPQQ7~&VJ__Em49!h`{fsDgd
zyM8^wP-^RtLtM+tSdj$>P&G_pw|Av|$dQmi)ZXn&0>S~+@)0jJGANMe>I2>Z;|@Xz
z!H6Q~azBkZJh0#J=f_ag+Kwu&Kr=1RNU7MXFI1&~tl%Iw_FnF7qS8kv{atQY2VNcv
zbz@6N5B-xVvsLkh|JM4+9<;IMf_)(VGfc2Vb;?M*#@UoVdOG~3HDS=6ds~Ybpdhi7
z%}6WMlml+ltf{TDn|lkzT**;aeM6q=33Qp$Ul3F8VohcoVY?<9IX~UXwpH(7^41G~
zMSXjZEp3bIOO|mj1!M)f@FJd-yKFX>vRlW8{yr2Q?E#w^tCETOQ>;yY^3#zMBi*rD
zykHdVBoF_Dn*NUtw?iLjP=~U$d+d<5Oi!{=_JJReLi9E#J0^C0Z$-!9C7cZoitaDM
zXmPBNOBa_7k;LDjXgAl-MLAkyywhqrRm!bRfx3zyP#|r818B~k2s4G9tZVps>=<Ui
zp!vO2Ug^=@v2KYXw?6S`m4C$8i^m2BWQ*l3(!*k>TDitL?p?gE69ui>LIVMzzUN;*
zXBZ_D;JhPAh6jnVZU@6%%$RI^o4=7j<>`~U5=xmu7f$#76p({}BAx#ub!P%AIE(9@
z1^^%KIUR|!kMEbQ(+(NLb|@SWLTLG1@z<i=V&iodS}>+}rXhYrdi6oD#l*s@9HSnh
zExmh?J@Z!{uxKwPMdHV-qfg;jxfo2a+&`TWlr<S&(AVUND2&6wlI$MVK~d%VF%I7=
z_oa^ybE%LsG;;cmRO(MDM@7B0$M0}V`|7f$l{#4pf_~w4pb--xCq_ViEkem9;a{Ta
zIS7`hto2DrKQ>HY{L0gV)YHAp>k?eNjw{7lJ`v>2z0%i&i$4RcfFc8t>bsz1#<P(I
zN_N$Jl2iM?bF%Rt!5`i4KugQQ$od=5{z(1@uk=@-%`79X0z_X_4CEF%_*%YxKxn<5
zG_GxcuUS-1DzjyQi8@8)E?pt#*y6;dwXO%0?B<_5^D?~j5f{aCIu-|Ua2wedq+^At
z8Z|w5qkkcRVdN7%8kx{te*fu2&9nrBjp*02fQ`a=_e^)wDmLOmb6J6s>sE`~#XQ@n
zNbNjeWW2MTfb781(u~l@JSbvW;vH1L>A?oZchK4Fr)z6>D(WL%*5=ou#a!$k8fLu!
zZ*vb+tGhL{C}=avnRoHn(hKNbK@UM-Po{;dH;X46cfT}pJ(SDaLuSlg8TLwt7P-Z`
z_}nJea5EihE!K-$`oNo1?W2C?`}QPPk$;4|G_+Wut?O15aETB<QwbovbIb(k2x$Y6
z(reLhJGN>Vhroj3ns@4K02w?iSOKxe__D#@=(U_i#Y7Q)N5VGEhM_`lvPB6-fkK`j
z*cc((!hyaz1p>k;yVQXB1w)th<|Ba07qv1%EkE1OoA8yyWz*43NFC6ttn)RjinYaz
zMK<{CK8!oGD=zpJ4RkNuvFV~v#B^*%HyksYrx7q601aQP@<MeUpjcezV9aF|m#>q`
zzNG{TeuYf*wT%y`jij$9V%37hU5;w&D4{x5*U0lL<Hbr~w-#e`yPGkVb}Z`H!7@}i
z7YMwdzLGRcxyYGv9qJheOe9c`6*XWf2g>Zf1=^z>O9z!UtwT}Oo?OQ!8&vD$F3vv#
zZPbbvH$Q}j^~bA&>cEIKnW|<^`>$l`ea(r<uIfcw18b01yH%6vONO)_9{`JbO?cTO
zr(UR4X_-Wx_Kg7Rd<{9ewV+r8li(nS3qlQ65*LBn_0`_zu*q}W<SPrz=2vp|C>zL?
zgDK>+YQe+M&M{-T<ELBe5PrNq{ER?A7nkz!i>h&)D;_jIZ<6X4WsJaOg+OK*C?_>Y
zoNT`P-qb+2_A@6SBKer|pn$-BF)!@>F$*qjYNjSeSkkzA0|s_&8{5yQYQkXhq5v*R
zh!v10e)p9P^!6q(ScuzN8kX3e{kVjKzS`+H-U44WOLY{8l4KK(WOgz=;@P%e<08z<
zdA;&WD`tdWAkZ}F)`*uoqXUAV$yPdr0i3q!sdO`T?Yv|X9MZPX5P#pTQML=K5z=-w
zyn2)gi%EYhkNyDHdg9@0%D-Wiu%K>V1)~h^heF6Y^LeF^1a3y8w>ppDlAc*5Ryf`D
z13HT3;|#K%kLU!XA^rj!qplVi!A51Q&#+(K(rdUKLs^Ta*M4r7VzxWoT<tCRh@jke
z^}wP)s(r-U>+&p@&H<s=a#fOku3#*^udc5vY{H1Q9Az(nu|)EuH3RWzEY7_7i#g+c
zcjRvIJEY(UlKdN#DZU7EVgyp{`mLoM`n@ozG-K$;J`|y3cRDiY3U@a4S@sP5GtfFI
zX;PQI!g#a649>`aL{=L&r62RZ0$SSNgO-_&nStSNp#7fw4_@i7K%3Dj4IjRDX2w$k
zlH%7$JFrN#iBJf_fvM23qeO#ERMUClw;cLvt%GyLdt0hhIKb>sRkTBFx+&r?pv2QV
z$^VcOI8hdGf-$XR{#35tfMcoz2ymWglDz;(s5}R2<Jwlqq5cbOBuwq;=+MpA9`UVC
ze;UXzG!Mpu?v*Ckl=iTIjX)MZ!yB&N;#H&+Q1pb+n9IuOnmfYD(djNy(bY7L<QLf?
z>J<2^cdSKn^X?v_FCpZb)j>f<GsPl89K2yNuP1tu9aSTlz~3cvf!)Yz=yvA;Jml`l
zV#?M=v)TYd=(JR5p<3iE5q|_WSULw8=UJBw@xQR#^2s3e)d1<ZjBKId>^dnhZe~f&
z$%z}+nKy0+j4K=Ll400~E_%cdSB?-<+tg0VpV*^t3X|bvLpjb;4lh(&?*1A{uoWn1
zy%d#b=913Inc$}Jr4`jEL!%6e@J<D;h`@oWKNB8%b5ejXGBCY|Vte*7sagr=HBHb9
zO!=(Z1j54?j##nk+T(*kDVkYgQAsEGMWU!L3R<+uX#4F-{l3g~SB8vl!P7}-hTySr
zh~m=wDZ?xbLfG>g+uoX5yPvLfiM#h?Q}@L>587shOG*&kYHWhE+F<69Qi-Z0y3DFU
z;MIG+Z<P8BgQXG3hlx<X6Sa_Lc44v-3YGv|Iz)DoD|{~ZZ-F*De&$>w3x2IwFr5QU
zkK-87DrM-;K#P8(YJbP&(yQs%JFqgU*@@W2qdrAf)L=3@je;VSK$yE7sfwN`zER4T
z?M=%RIJ|e;1rjF`0@xb{II2ny7AIt2hb?u~QP)@lqdlbSF-z?j8iz$eXk_ZA=wL;U
z^spwCN9c%t^D=a|MZbTP`=TFh@u0W49fX=n=(VvyCuYRMA=l)<`!)wiVwgf#AgsbM
zc1@`EcWj(`Yi;>dk}VQlpU8U%(8sz<Y=FGEi`cT*2;ym%Ug&n(BR6W1QK=fOq81u>
z6Utm3$bF(scHOH_eRB|qI{H<eC0LXu;^^}M#)accT676Rd9&A+`d=3~5AhE*E-pd_
zwDjf2t@SRx=4HR5XQH=0&2iF{EcL-(W)KbARW3<Ab5LPAL%Jwmh3M6$FuPh!Eo<@@
zBeSGFu5liYr0=YDxVbzvO9hO)NsIiFVlyf{--)})h$nX@Kfa>vlLxd;%(Co9N2OsK
zDXY%cHNyF3?JI^a_H>r?5brH7a%am-ze={Q0gzV<C>y(Q${_%W_+_9>TLGabI(P-t
zQ3y$<-lVqJfm-@<b-5vMHSUtRy0MXQu?E|rn{jh5yPsqlN@ER*RA;P<(rmxko>}8L
zxvoadt5Yh@BNhGCLRFrRB8l(J({RBkI1p<>;F7b5PV>TMTvp%I>BZ^B`hFA}#-b()
zpx4^!eAeu_K0(&;2{)SGLHk0Deo*I?W;NX(;mYv~WzZ<Rc9yn3S2TR1*|!KAFy9;w
zgFr%qJm>$0kOG3=fJ*z#Pa6Xx%Xhc#G|!G|f3BDNpPl`$^l!0#?D3Wq?9}X|dFSMe
zt)u8ATt#!&5*b`Cg&UibR?Z%VxP*6I;yx0EGhP%z-+AAgci8BVw(Of8>;w<Vb45yz
zdQHXN?$&xwA$QjmDiA9!R7!uT(9%<OF&+i3w}fdO;Ig!{*)O7@u+?c5jneKzcz^|_
zxH7?81VVw)Kry-7@b0MXPSt}j%T`VRC+)?Iqtv#uHsk+%#TW#?ns%s=$xM(H00R0-
z*u4g;QHR`sY@mKE<}&9!aAKpCU+uQYewg&#-13kmIP4OXO{y0SDtIh68SH(xy_DRH
zT~ZAZbvRJes6%%$j)Gl^6Mp3>)n};mkJEAJxTo?2E}`JxA>vNs`Wr^%=Ymzf%7f54
z9*^I%Dr;uPFk8U?d&d0Mee0jrcwVQ7jR%52^Bgn_>YK;t3Mya_K)}D#?EQ)Aj>M5+
z;k}4I1#jvrF0e?guFw)F`3BrZ*GX{J%^NP)Do)9xbi$VSb5pgG<9nXGmCTq-NdJ-(
zyfJ6M7N;wWPeil~Ab@!vP?9=H7e7hC4Wa8kCc?o+ncAbS;op5C=@qWe8&$Hg_V}<S
z5i88zUv8dR({UK|r3Q|rc3p3gcr<U}AW1DTv-`#J{r3FyjEW$1SN+FY<dYhNM_82F
z%gcqHmIIai)3*eL9QyJ-C<QJ4X~RBoMlROxg4Uqc_7O0RUJMzh9j5W73DA+atOr0^
za~^D}<V-Ad5BDr<c{ZL)2}GYz)T49dW6VLhS2FYRReaFGK6`*bs5lL9%};%9f4xub
z?>S^(@sBWTfPd$s(ffD8{&W2&Bs76Mm7McaBQdvq_CTm_V`XD(tB)tAZ{uLBt8a@Z
zY_20hi~H?~gFr!}{;lv2uRQwCb!drc2){QwEO{z<eKUPIecc~(ncur9X4<y4cyvF5
zZPPr5Zl$69=4X-qIr(e7>;DZm`BxYy(wxWC+_jC`npeBX+7{kAH&W07#Rkf$PF6n0
z2`*<Sy@UBUCxUTo9MO+=hhGGaaa5sJqTj1|1mx!GMuj=^q0#Fjx;LutjX}kW9(lrd
zo5PKw++U<Dm_^7~;JRCPjI8ci<0U3~6QZPxx&*2T-C2eAWOZf`V>Ie%<M=>t9rAIq
zFF)SxxpbQqT1)K@IyGyR_by+|4YqpF=UTk?Ic2!PFWwKg$>7dercpidmoSM{<rgS`
zN5R?xRP0XpybVScRfN}FFGnK7Uj>B_tF+b*=P=hE=JxK~#wyM7;br)oCSy;PC4*b5
zh}60Y>+Gjgr?hl`E?^Ce5P_`e-hZnv(WZ>Y1mK*JL0}p>eWpFp@M_Ro?9bXVEpV1L
z6t3N_4O5T#SBbP6f`YYoZ%2ol()Wv_Fj&fq+)yOW>$1agFT%eF6z1>Z$Ch#d=%5Ck
z0)4pCCfue^rg1T4(s3;XA@o(!UtgdM-XWG_){)a}o(I$+&&ngU-ex24=&;0&wZanv
zXIR;PMDg1CFzfP3)!q%%g<RN!r+^m8ahQj_Mn>3$8eu~iVL8=cEM!{V;KoN`-|ZuL
z5aym`^~gG?Z~tp9CqEsFe$5UiT|1?A5p?K8)`Og(m$l9+VJIn|kYT>KfGhSA_<&Mz
zBomWxqE{F4yY=-I>qWq3x20gF(k#r6VNe%we7>dka@ZU$#gGCe4M)nf`1l+$QHsVJ
z><x`K2>p+DsfiI+icIpL+}}0ns^7F0`M(7mga+faFx9rv{uwF|5}H|%O5VOJ-9{Tv
zkWUzo&)CekJKfkEPhQ{jIU1FTv6;S&F`k1yo`|uFxxU@E6fbpm8Z|8m4bk^Dh5dX6
z!>1F-eP1GOs%`6RX@Mu9Z)2+OV*D%a0yOT=a{p|}J3S3O&GY0ME5ma%XS(Mk{g34T
zoBz~b4Zqeexnn?OaQt-SHC&)B(ZPMnJj&g!rh-j#b@^Ev-&}R}=ml}Ur<V7UWn~3_
z^Jd8p+#z77?RBj9kb6F7voKtO)pe*Jj$L@PIVR6|B21ILMPH$5QoAp0`2hdm0VTt3
zM7$|r@-(d2iz3x%J3szOud>WQ)w1e+jX~5TM}fY~FY-ns%MtOEA5?jOp!Lw&Yh#Aj
zJ|h{7Ks%p|N0Ak4W+2Ma*kXi7tc8MSbvB8e?&G2q91{=a2wh_moK(Z|e|SaI(EUnn
z3hP>3ucb3agDjt$^m91QB!x6+w!+-t4y#;yLRzT2P6$cGm3x@mW>1;{pMtmWPL)!a
z!4<e0HPf~<7WV=_QFoiauyeID)|JWy(xKTk_qsA}>@go#V`%}MpJ=?$!yDQNmBCUw
zVcfl_`V}$|f{ZCR^>t^deKSA*mV&&I&701(>at}Hnd3nuH$YEcSaq5AX-Lp@)Vbnc
zS*@5X;|8dq1r)jmZq$LYS7!7=RjL6Y3u_^T(H>8tcqqa%h1h5lwh-=ynnd3Q-!+bD
zCt2#7ZFdfG*^53z<gW*H8_uQ*AxY9YuoG3MA?W)Td!ArVT{rKPsHoMe2&*ZKDAW*G
ztExhsjxJ_s>+KiL8bRvjuflL=lus5-c$~;&Y|Bt8M5Ca|4b~gL8i-$iwHJ@vLA2@>
z{F@{D--Nc=Sf~;mOObb0yCJ1`7?PaWm6ZSIJ*Pjd@lWD%{T!cxGP7Ms)C;Z)+7m_8
zIm+&0eS(kCKR;6j%i+QyKU5zdD|TCjj1+M?l1u<jd?3?`!luD)&~+==W~{xL)OOgO
z0e>@KoK)rO;us@{hLTP+mVku#*pxwiFDV{yJ)%~WfC;(^ASCAPl}jH&ws^!cxw6Hz
z_i(Gcr0pv;As>gNjl>n<W!xGgT+7Hmq0+>uc2dnJJj||u1XcmDaIgD?Ef6x%(qnA|
zQ_e)dfKcXzYqP3s);$<A3y*e$SX@IS^R+>*QzQTibx5fUqa1jFsZrTiNe*z5;TND*
zL#*5mExD71B!K>TauZtYZv37K!OgKRJIGkYarq~rE^L&88{gh>*QCx{r8uaB@=G6w
z)7VI?Jc?fR6dKN%mjEHGv!N2_E4>)Bl;ceiVG%Z>AD``wn6ks4>I98+c^rugtVAJK
zCoCS*%0!e}zCatM+v;!Y<1f9Z4*y)fevxp4h>Q2BJs;YyJMw~^DvqS`RjYXMLFGhn
z|AG?|91cXPc?3W@(0s=Yu8Rvqm)Le7MSOZt$UU>BCff*$vj3ZMYp9w}XI4__bVwT&
z`HEZf^ZbLp3}<9r`{oxECmp5^^S2&NejF2WA0=9?*96D!2@PS8>~BZ)4GB`qDj>!o
z9<dqP9th)^Cs=PdpE}Pq3+&m&mTK5_9=p}v3`byUM9+#a4jOMzmZv@<-ValJfY?^l
zj4NuP&#tWAHa8)|alaKD(5IIR^H1ARNNA|1&XTdVoTY{S6Mld6vVfm@S${kFOBv<x
z&HdxI5V<VRt0x%0jnU|Sll=Ej{Fh;CTMtN2@w3m3NfbO%yA@EQ)b3C4+vL1ls3xL9
zb!krziB3CnCv4o{%`ceix3=A!_d{#FL&`+zN&pu1?GGs=G&=$=@$@O*6$o<$5ysM>
zMtbflf{W~6l(h*ORx)FPQ9LYvEphj`)%dU(5pUS~COk|JT#-e=n1P8CN#sOoebN9Y
zXY^&g1{3{M4Ok00;Ju@-G=Sh`sQNBpv&RGD+L5$tAx#*@Bt*E8p?VufJi1&HxlZ?h
zhD}Fr+|&Y9Mh&hp@ZtWt^k-;}(~@&Js#C1XBQsW3TQAf;*$TqpRj$P)4&jU@#^Ch?
zqmb6EHk;##o7^MBqq_w3LK25XvN!N}Sd*Tpj#NjMURR<`a-dD>M!i#g_Nd%JDj`>B
z!c*d(CxV>0Bsdcaw3pd%CayJrS3CN#LMOu{CS#eZnKgBFlj)I9sYp!a+=4>sK3W`d
z;sdbuXBw?b`%qV~QJynpl)T=w)cz;{00960001EW-vhzQ6(ZNzWH`Sl*XW?kl*+$_
zx5`PU<wqb>-%H=Lgz`GaDG%KBoe&d<|B^FfZ|p1fiflB-EnD0gHRY4}eRzFWmod-u
z>KY1WcB_zN)kezt!zvlXcsX*FsZ&JwMJb>r#OT*LQ{2Y<ZZI=<O7?((sY<ACmOn&3
z3Ihg#nS9Z#iZrPP$^!~)s}}a4n47*aa$=PD4q0v*&cCPVZ$cRTwo`f<q09nMeHoDy
z2R(go<64Bai-h=xcJK|Lt($5(l0+BKFCI@Pp^Y|UL<zVBNG+SpmwgOI3Wi|rE|b8v
z9Fe0AQh8kyDSWpc@9;a+Pd9ND>+K6OHGxPTXM3+Cm!+<+u!P!Oq<CHtFrH#mj+q+1
zswh}(=V502;;W{%QO@V|klzm@y$|E-@I~gtN3O@^5%#Spb%e_d^fsydh6JRRjm~fs
z_)KnFU!v(z7sht6I08$zCGEO}XdkzO7YQ&4`6|<wFL-hrXjTkpsk%luriYyp{tZYp
zuhoTMg!!j2i<Ds-)xy9;O6>wPd+%uFd6Cw8@nO?eabVWkUHSbYyMvW_^dX%T&w2>q
z0O#=DEW_PK``J^d*@l_B5=RXj3zmVs0T`OBRF<A+3uGtf7t)BQlpm3^3=`XlyJ@qA
z<qL7UC(9TU8JO>SC*G808$;4}06jwzSl3Q8+SH<YVDG;7BHW+;m9ry+ac<CEwN+$*
zL&PLO6W>USEfgLJ#aJ?@6%LWvaDYQ0T3r1oO!RFydSQa-c-n)OfDL{l#?i-1+Rv;a
zfssV^@~EXF7uUwfdaSqE4Iiv{dP%X`y57p&=<1K1W5J?cn))kApigbWgy*KJMlCuJ
zNpts5+|Jdf)Xr>=&Fx}@pjeBP*6)8(4xEZ?L#>|MD^b>#@5A~q&@r&qh$kMw788`4
zG1NBs#XiSA&iw5&Kn0%w%KHRR^6vlzf^Pk1VGQLJf8*Cyo>x?nSCWdK_os;_6cYFk
zuF+!Ay!@`%N0L{3!rX7y|NijrNJqm&$NaRh(9{3YchNF_A20teT=K6dTLHSzcM#fT
z5sZHlE|Fpli7RV$WbU03-#sfXDJVL~!&i&QV21J0E{9gr4=DbSpB_?fA|*7uzQK8c
za@yo9+@R~25)eFks(K7)Mf!_ExdH6ps<75;N;+0XSvE4CYgg1B^ah<7VdAKfQw&6j
zQr*i*ZhKAg(@YvHij0Ijl$PUr45ridDE^3>ff;yGQSp<dj?aEp$piZZD*Sim{+70T
z%z}ldOua*a_Bc&uV2{bBTxf^dMb>UT*jZPidnmOWGnv|#2v?w%*!KvnV>I9&$txfv
zNftM<3ZhJKKSl`#s%<4SSm&Z(^t;(33|ZMpQ6*zX3EaOW%Xnz=H|e`kgHl@TdE?Mm
zOfY8)mwTZC6vQo+M&Ny%WhY0$DMxCIZ5B@VN)LcUSDQ&PTd1Dfy_%}TJTfabYh-lZ
zdk35WBW|w&zlhu;kEJ!7Tnyj98MnH#7Q%3OW(r*BoML{PfLUwsT^(Eo++JU-XPZJ4
zsLLoPO1tGU#Ct%WSq97@p4`)hWW(u%DE53`r&y94l^55Pb~OMX94igT;kzq^VP=NW
z^w{n76Nk}#tq^Um$U!ZEOw&%9+bEh<+odCTt*is8B<ev5eY5Gx%Z^RaLaHhs%+?}9
z0}J9sM*1WM&%s7DO(6Lyac~@8hi7a@!-Cy`5=@Y+(aN~fE&j0OC#1pumuxwIc11NA
z-Z`AaVNY+>&H?HAqIQ&JSjpsHi3>CKLCunJ23gM)(ev&jW18Uuw43o^c%&Pv;_<Cy
zP0V+>#lH!w*e&Th&NT)}gpAHBCZ&EU@vhBx$_l4c_~BkGm45ZCu}km;KIFWyv8@eE
zE5pP4kkU>Z#@Q^NlP#9sTtD36QHDcqvIpqTivE)Q3RhTDpK{&7Tr8(o;8)&B;_Fw|
zt)V%`3WAMj4lN1==^6=y#a!rFWpJjFfp)T5HR!nF-ES`Jy~u1x<Amsyx_xyW<G{Nt
zySk=0kqX@GnD&rHu5r~NqlLRX4^>5FU(YWRv-8Ed$5-7;S?m3sQ$hqsjLZ>FB>0M+
zF43T*HE8DS`<H=qp9$;;%5w8QAsUNoWdj{k9!}{-Lus_Wb}-GZBWaER{seg@t|!#O
zs<Rb$z@UpjHWd50^yFmGOG#w!O~bx^$=;n;ZEc_6*OHF(xyF5+!0@imZ+s9-w?lkq
z(mo#epr@NOVG?Q4TMZpv(VeT!IlG^v<vjEgb`l+<L|1Y~Ns;)s7}yda?dO!~c9gpN
z0&~DS`C~e7be*4p#Nw3^dUsW`0qC@CGZC#Re(1%Cw4c`Gj@72@U?1M9HqsswA}Pd|
zHKsbC?mciE$z!Vprk8RU-%*nXR3CJ@=!b3_MGQxyA~brxQ~Xd^MF}<rGW<kR@L3vf
z@X05dHvLd<Xmr-+@q6a1{;>zj_mgM9&=9=*{BLD>MOA2j@eCSV`i<!G;oqwCpOb$h
zqM+Q52?NHb4=X)0J@YSs{z(2uuJKpIOfD>L(-w;_e;sd-WT!bc7k59pzG-lRiz`h3
zQ6PIIX&JXxehJ0Rm=VFUsSi5b1Rdv7#2jifya<!pscv<oiW(8~Z1&6`gmvR*KpWo*
z_XP>B;k!x8{_FWVSnmlzzXD970?yqF0kf9OkAuLip<GA+zAIuP?HdG;yL-&}=;D<S
zFobVCK_uqTe9?3J=6T-R9*n>$asa<$ONGo-<Tox+G<S}4+N!N#|I{oVMwXeMo&Nzy
zl6ah=?5GTwpurRmj)qJ=)^qiE1kxaNoQKMSpgi?u2PnpbW&2tBwQDsH->q~ZHdPE9
zVR26fT=e5u7Rsd@gf-TqAd>GkiN^J6AQt2uYF&XXSi`BVFHlC0%HfXPid9**5Aps?
zZ+t*Zeot^PeY_SkJXbuI1v$!0Cfs=7E5vlmqMRPS1KzBSSpG>sKlAV=_H#m}-Us&8
zOk!}6;{G7J#}^S^ZS8UT=f{U{j9O9yJ87$VKJSixVQEU)9QT~sQc8BanL39}wvXEU
zAWMzmF@8C$f^qi&?8~ie!J9;orR%RXA=25BIzguaL^nQs9RWAfROA#Y)-HM`v!q(O
zFbgB1mtnY(L3C)>w)_nfDlz`rGi&yc`_2Xqfl}57AjC6}DlRcwjc?F+;414HFPEhj
zSF20d5v;U)#rQ1}@!H9)A=~x86Vn@L@JS+iY23kHP=Y<lH#i_5h&7ERjrh+r4Uj*N
zk)53t+w0fQ>&LZqbsebnZC@K0o9S!onHyWY=C#o^GIp@EeXaXb3#Ipzu+cVlc`i#!
zt!raPgZt}jfc{87&St4=YxVPVzv=u=1k`M-Fq6h8e0jV7Zi{Is6o<RzpX(p~w1zjJ
z?f1DGZ$Oi$gu&CM0|xSR;8|g=^sG$(c}qY*Pbp*^Z$NkeUI2RlI{-@n8vtVfJpk>e
z4ex2wfBMV+^w;Jo&lteqY14hm(|!6r2e5d`lYL4Z0l54sYxb1JdpZ~Y)93Be9@*2r
z;Zu&qw>sLt%E>?d)qOf@`BcO5sl?H@Jm<f-n&4CE=X!QeC7zFb&wur;mMDPG)3*!&
z0{{~M4FK)ahw*7o5P%$j`dhv<fZWr!{<rfOJ)OZ0zzTp3;PunT@!N;`+m&<y9G>>{
z0c>e#e*H#(s6>Av1ZMh%#<phKy2h3kn!40RcIGq+&p$dYh$M|TjaY_AhLFF&|3r2)
z_4I9?<j3sq-s#T^Qm_#~o`Coc`ne>}PdWONQBpiDQ2Ne2zoCc#@+Nt}kvN&bSOnv|
zgm%4HyhQCn<SHmNY>)HUS-de^3yAPs>q0I0eDYjbVdC^82TjanSZ2W;SeU@Y0BWoo
z{i04t0rNHKCkQIclRjipyh1&JN9q~-A~Ojs9t=@_dENQ-p$`UIQUWfjb0+U7d8R$T
z0+K4d>N^sNa^ube80{jrMPOR?$KXmm#t6oot~d(kOrdCp`NV0k!2#1U{a$T-J)aR1
z1mFv|O4vSsi)IjZVMoPK;<^L?<a|G=>JCz*+U6yFmV)`>Dul%AN)lC4djN<o9Y^vP
znrX@<bsnYZ@-zg%9XQr{4_{dz<ItCYkV^;$!LV?0+{0j&NqKim=TYh_2$v`eCg+I*
zj&>CUBmys(JbaU!O0J#;b+9w^#52Cqd}erv*c8*P&1Y8ca;&skL2HxKKm=N~2}|~J
zi9!*)-m7F~HHuDjERN?N(IUJ`!^k^cQ&?-?ABFMVM61to%UxC=20I>V4^ZQoAByEx
zSY_;O@NKP8A9nEpv^fsg*2FHW_3I&7+3rZ%!vPXbrzkKlR2@AObo5LhO`=n$*zi5>
zPB3^KhljoNsgrcJ;_Jhl`|wzL1QfE8O#1&v-do4TwWRC9IDz02T!SV^<L>Sb0fN)G
zySrO(f@>fIceen+gL{DB4#6Ehi0qx&lbOt!JLleWe%~L^tGZTGMX!3Edad4<Hng3U
zdVb^8M0jA%iL$_xM5^N)<x0j{9hRQ=FT8Lv5;Ct<!#9ynhY=-|7=@pO25>xRN#^(a
zy79f1B=>D^hXIMM4Vo<tY18|wvLyf09;zVmBY7D#DlET^j@`prchLDM?V_Nut+64Y
z4vj6%k02><RHS>|<=gvTRTp{s@7fXz9UFj+j_GT30OQZi|CTX-xA|vfcYwf5_-jy`
zqn*BQw@qVuZ>{9veN`YV`?<|c%xSH_`32|9of~fYR05b2w<#aQCSOxCIF-;Tt^Qbn
zMz#o-e)6VK(uaN=p8DqUP)0DC*GgE|VV3W-W+XpKffHp<jWEV2$M;FXfjr^V!XD`E
zGRrL*rORvFSY0%j7`Xzk<OB8~6(d0Eeeg0d2HcG7Mef6sFQmuW9xsy4m_3>2V`bb5
zy&m3xK+~b-^C;|cl<t#LywZ%u#DP#V`q0yHS%aGKx(4}q&4fz7TN=i2AL(s?GzpC|
zoRd@<C`#`0JW!y8n=YQ8-@;a_Y1Nx&alY*e$Z)oJkIRK4hxyq*@>;|d-F=8HvPkfY
zaJNhg@q!mKw_S3L#&17rJKCm!w4BBnWO0D#u2fsW$m^SPAQ-}O*r0-}m`GuqivOe&
z7zMc^_=urxrtT4Nthk&Re!HHv9&R-`Z9CjxE^%-onC}!KI)swa+>{-6-QFF{8sVsQ
zy{QjtE>*kyy@7Uh8N^=CT0mWr0q@&&<Xvwe@X%93)r~eN<fgenFEAM(uhUBr+3w^u
z0&mw9!ME!ENlWu;<6Rf*f(8;R^onjPW+@d2To_s9j3^Tx<!{9rhFvIlo3ow}EUd5)
zAlqI=!U6@d;N8xlK$RHWOW|vePm160tGF>Ehq-EYfTxBzr~X^c(yGMslG50dWx@&A
zqL0$bIW!jhyT8(=$e=W>)`1M&J{Hp{80<JM2IZiqP8`OXv|D%57ZmNUpXo?elAwgR
zn<Jy0rBwB<HKvhANMd#8H@UP<G9#G#+gQB)kY#>)X{+biXyN<_H#H<3J47LOs$rT*
zsSLR@AG|`Dqs}jeSkt5J6h%ICi^{O^mRa(oc5t{tESh7K5+M;M{!FKqqvLtClUe0c
z%P%*h<(l>ciE(cWPiGc8>0Gadg)2rH4J&mO>tW9HN@KE;E;i+9LbXu}u1~a;_mN(P
zc3|^=@>SPI=&Nd+kZE({v<OEvzjECM41JO+=^U?qBdKoPvq9Iq!3rgsiM_NnGLORc
z0{hMj!N-2BrU%*#VgHWx;I(x}jVA*75UFt!aq9D3$WvjF!rj&{V;oC6d-3X#sM7e#
z?AxXL@eT1$k?Riy0_^nTx+&}z@R;gHSbSL(SeZEn%{DJg5r(cHHe?(pfuK$Sa4y_L
zx(A+m)^I)Pg0pYQv+SEKytyY^w{c!0TD@c}59x39$K1AXsW?;1gl@^_k3P~SPFO+9
zgie-rXpL~c$sz3$*}WsME$nZ9vuOz%kqmq<>tB_fp@7n_6sU9LU5q5G(<De#`<}~g
z(1V2O5*HdFnTxo0pN=-H5T$9Km*SezFufdA#(<<l0c#VV5`BNoywsE0@aD)2$6h#l
zRUBh8XY%nweNGX84}`!y<39h!xZp6p$A9Ho*}n~{_;Gv@4o;BzTYSXV@QEMw?cj*+
z-~O5o@~5Z>hHoMLLdsuDRer0N`BkxEWdblVe=8XNXY;>d#NP#FBp&!NTGi9m05T$)
z+#m*<bsH0Jd=f@nU=8D0VNQ{x<A`k&!)MT`*CDU5Y>8_kUV}7pausHpT}?QXN)&zR
z*PjXErmRJT8D*SfIME$m9KhP#!<3PHQM`md0jG|xHpO1sfvJzb%urqx>?jS_G97D*
znqY~NeVdpM(T~2PZN$9$$hGFAC1%%v&Nu9XHDjPO##TvaR5-3OUokO@Cd(n-^e{C%
zt+8BQvq5eM`?IDl?6O6)FU{<Db%W|<CbyMk!h~5@_#9UIF|XajY~v3*_x-JkD9Ntz
zA-HifrV#t&eRbXTLKWg7^Hs98bRefLq&mniEsAz8Cgsjd-+WgxKuPYu5yF3#7kD%_
zL{b;^85T`{iA{(*^JEh4C&Ry^BJa6x;-&XEz<UJX9hl+mm*MRl;Ay6>^B`mD8{2%X
zc<4-{PyJ_kQvqqN@6VBx9`Nua?_a(?%llV`hikt3U-b7sLdp*p_fM5dhU@!+xPRke
zNl*!J2@3K2A*0#>ZGaAz-@NT+#<q3<;S9kH{=ZR^exAU+089J5tz~mRzLws@=voX~
zdOBM4T0jS_hcUm3xxWZJVcd09<IIT-+Q&w=ho-H#<-Ej~Bijx<rJVnKF!q52X0vTj
z38xY;{So^XN-h^YhkCzUqJ@xxRBSkx*^zNWe?h(sxy#mNfGzEPQJ6K+p_*yQ0;jZ6
zNx2^oEx69H?-^b5V7B?7rD!a@u;sdSSVpcN77O$txDd?q0DHFuEn^jsS&OM$8)6CB
zG5gob3pJQ`0s^wdE`qLKoaH73xbjB5N5AyQ)XjWI2pIBdU*R{uEnU)=Mj%_~WhAS5
z6g>GzPmh({9-m>$;_X~|qKuuCcd(blTv7t%OWI~{zPhlxEq86Gw1G*kQJQS@#<y!^
ztCsDbYQc%N(w`hqDONpj3Cly!$vv0g{J|wh|Ew<OKSuVC`fYId{}|bSB@zZECf1*b
z<ZJUkJ>2hDWVBp-&_!h5KKbb-JMDz5P%snw2h-WxSrDVQpTUvwSY#iiONkrBGF2!H
z$Li$~DwoX5Iqf{-IuaF?<%V4lRthCIZ%2}XkCGRd3jC}g&0Iy)tHs6(p{4H8pZ(!^
zJ}>?>v)_d1Q8YfIFd<1>j$DK|_P#8Su?Ci>P<t2XE4iMh8#cw2jmj{dD1EqPC6tk{
zJxcwEqm|gZB1~%HyD7F1L__bI;83eTddbW>OyOeH;$mlHlMe3QJU5`r>0!-Sz$2)I
zp*hOiFqAKdBls-LJ(bhmtJX>9wIQ069&3DyH8*AJ=G_}VAF*3O4+->RTwA+QL8{Vn
zXrV1dg75snBG~ue$diA@A~!Q=9qE91q9%NPw(A1Dr(&NE{QjOrM!&O2AHcgC;O&*+
zk>M8L@}J?5e~Uf@GWarh0=WJy`uJzu;h8WC=w8T4aVK)|vigXIVjP4Pr!5FtSiT96
zNtS(YFy#>rsIsElTr%!DvYI7C4;X^~(p(5?@AuIoU8<!<n<M3@7jH?^Xev83VU<^V
zgqi4esInGg#xC1)Y@zfuSfQn<DHSP+O(t-URBd&Qe*JKvK<x4;()j5t#Ps^h7uUeC
zgy#Nh8rXi)XG{?1+EM8CTzq#=39!1&wtW;Ja#tjYrNYDNKdRgA=qt*a52q+y8MiaH
zhc$Bg=bFNj!GDf<tzGQ#fg~YBM=L7AAQ~o+c_1{In)_64Om<9_qRIELpTbokz<i1<
z$ZB#cYJj`0w>8p2?SrNraPsAC_R<4)K;Lr*_`TY*{XMmVqSr-+?Jf_9WN+})vh|wy
zU#+|LKO0en=!gM?-;j;Pr|=^j%gz=Ev@td}wlxLXn%dj`9FHaRmr$&S2u~Z}4<{BK
zCg8~*qrreafw3|*=Cw7Y0RjQUn1~N4wdnv1-+!w;yzyWZrepaLh5G+!YQH0=Zo<}`
z&z%wl&`xnjf_qnw;qL4rbQ;QZx1LTFWCH13wj(fP;-_F;qq6kOy22!BoLllCuZ>^E
zh3j6_S?#vVxevvxnQa3k78~7L<dZ*IxB?GZ%UZMO_jSvSKI<s7F~{BQ#MUzxr{Lz%
zBd)qtez3H=amCyyRM~|hl%NN^P`?>?yOw!v)ff?NJDZT_MpVqzb|M;RM&6W8YUiy~
zdS-vhm7{MuA+!FGw+L~LezY+JMd5W%@D&oCl*fPvfigUimH#QBFTrU&0mQ2<#~`MT
zyDjO=P$?cg9Km+MF;a)#n(#?{aRdE<mz^oTi|-!=CGALOA8_MRO`G9mN_-<H?~r?W
z<iDa!p&Y7lZz<!p3_ukg9FX?pON^l<0)!sANg=oaoIfmY;9!4Tf&Os?{>K%>A6Jk5
zxPtjRE7<*0ay?yXg@1=7QX{33eOuH}W-^YLHoKzN8IdWg91~y5+Dbxf(5Qf>6W21-
z^(>x^$DN`AiI>Qvqoh>c5pywqN?Buhj#(2gPgXIb^V!O~u-FipRHi$J94OSNtSomB
zK^~=1A5QFX^+sh$Vj5wA5E5SMBa~VWE9{*3I_#1_K5P?Acqo}JZi_lfDR{A9<Uo4$
zH3^9Bm6vOFwy_#dUZcj{Ud@&XuCiMdvY4(_FxXJ^RH$T}f;|a>dR(0=K}az+&lOt4
z0;ynkYti2*fMKn9(b<okud{dN0C!|_Y*RF71I7$3GPsW=8?4>GNfL+nz7Oxv(jl^|
z-@Yxr^M6e+I>XPw==5w%%>NUE(HVYA3QhJgUv!BrNs2$aI25`!O_Pk*)?5#K;s3nt
z6r`+~oTP{+1s8HUI%st)Uo{m2u`C>5%_si+%QGq^@CniO&upx_hc7vK1RG<xbPA*g
z;G4e?lD|L@^n}0;d@~u3#vC~$=9+1Lg>7nEcK$IRhU!pZyd6!jHsH-^=ySH2YzD>Y
zOB?JnVszY~C{s^^)pirFQj(*E0HL58EKmDD0)jFeSX&bHI^bt2#cu6U0}P(Uenke`
zC@}V1Pge)FEQ0uI*5az}7(2YQy2@4UR9fZX&)b^nk|<ViW`cwT$WzByrz0uyEbEum
z@98+i?~z;7g?*x-bqQVT22U{Ii(m2Y*;l~N95{4*Oi<ooDr|!j#kSmj?ETfguFSO`
zJKi*7TmGWCII`$9dBQDdS*biot<(w*ksXdl>z=0ZGt!cm6L>Qt&OJv7l%E3v=OI)P
z4^+qW{Us7hNFnfhg!2>TeadmH(o;@Ltm)=lA>UAq*7b^<_8y+D7uAXKG(M?mGe6#f
zDcL!yT8B)_#Sc-Cn~3r5w~INgo5>}Gv~yPT;N|v_AVUUNEb{PmiGVPTpNyU<a(i>l
zh?yi+>?3ilZCeg^6N~iq4}#J~Ph&0<H^bm#bE}oFn8GQ#xC=<v2ETEg%;Jg<=szT5
zq&A68O~M`mENMtXlxl?%dN{Um#rX^iCvk8()mml_!Ru!^;ZsV-wC5<IsXthBH2^-4
zs`q&2`;O(mD;+KUbD=vKIy?Z*H<Y09+dEr5EMh(dYBp8|I%Wn2dX_(O-oat~=>8$4
z|7}fE06jB+m7evhO2GJY^FKb`?<}})W?<u<$S%hnYNk5SLD9P;A0Ro@f+SVRGY^o6
zl%`|qHzu84jyq39>PiyR&a-k&e15x$OEv3+ycuC6hi=n##1OcWq4D_TXBFsYfRlj^
z7Doyx%&4`Narql-YAf#b4;>-PUnm|QJG{;e4OA*;N4>7$CTEEtUVba{Y+t*9tA?!|
z0aPSW14U+5;8G=X_ae0!S%gd-^>u;9laNvtT$NOzyP$aHmWEzvSIa=X$su}^2@Ny2
zg9;0_B~v;YHV|^OdDhk)EQ0`)jZ~W_sQU6<`7F3MK7d_6OuXabmv>gEAlqdp3@#EA
zO6QQ_62_$`6%@=b(K_U8rA!|mFhb8_uuXoVa5X(iKcZ=q!FYyr)Ze?YePdcclax;F
zV*xQH4;n+w6>#lwy|B-ZmutFTNBH5aDI+iLCT}g6WU4=m(QN4{?KBEDQJqqh<>M%4
zEVv@xpvP8AE+Yt2MxqTqsBB0tHm9CJe?XaiF+0Mcgd_rqZm8>lsh2Cv1B0MQuh{~x
z>q5TowJ|#_0j0*GMmqEe#c|9MMmB+~8?SvKObDR-VN}1s;HXtIKBc{5zunC=l-=30
zLTr$0DL6d?AmLw^5=-Lz%H1?y$O!TI(7_CDpK)!kn67#Eke=?GHsXtSuQD4U-xy>K
z;y9H1>6b~e$+rUPzl2GEl~&jM6NdSdQABD7?p7`L&dYabr4cSjOCvZ<+y9l&Y!Jey
zd`u9L?|F5#_m`L?CwU5&7$a*lEgdeOJjoGdq1udmf5>?bn?B{e+Mqr|N|lqRWKBYU
z+Wq*j(d0a)upIimR{CszcgVYD6U#+0q<*?duZD*1sVoG2m94Ck_xW__BZMY9*TkR{
zg8{W(`1$?FZ#WO1REVTrk9ZMv^bLtv@n!b<Vm+cVKh$tc2|+_0W5$jCvI@oWDR(V0
znf296Qyk#{0e&rRP-q234WRp3h;3$)q8b6E02=vwf5fUFS8R^h8ax12K&ij&ysDIS
zN@EqZ<QNwL01o)1ZZ~i4yKDUw@yRF!(6@v^7AabSb$#02j60U2?lYoV+m(@x)cLrN
z3vtJ@j0n9TCa%j~(KY}80RR6003iS0h||G~2jFfmF;kMA%uID0+UpE@6g%jNyYK>I
z0?+Zi!U9$UCSD<2D^O`~Jki0<;udfnVAEDKIXMg_12ys$&0^T-fru(cW<=)R8WO-F
z0FQ};yOZNmIp(ui?8|80?$H}C?_W7*erJ@r+oX|TB?w=Q!1QSmPNN}1F1F9($u=@=
zcC=8pr1f-TPolhvFs<xh6O-{V7y3u2H&lq+r{49k4ebprK&O!a=Q}YDY+tx9^G-Y6
zhf<Q*^FEa4ZE7>Sdu!yH8$v^=xN>ie3IvyjLQR&>IT}7mP3j-YHLtxZP}`*2gKD&G
zLDhv#@2X4qzsRukzhYPhRsh3K4EweDA0O{`3_IDSdDaF!=6EGQbbNebys}3RI-4Cp
zu%ZfIzi#g<|B$5$U9<rYx;L!2^izE5R=aj|fDeUjiZaxlg#H(}XDnh>tAlWEdk5kT
zwgBMKIIVBB$MX6~T7mY(=s{|<UC0V<e4)D6X4NrWV7A<Kmq(^$go5K(LYoppG&d%#
z{a8_eSYKR;B9z$_6l%Eo-69#5YAZ>-x3zPmpsW!|tX6FW@&P5EPBvfPQ|9ru1A18`
zY0u+;m>s{-h(?K)m!Q(nT%XWFVqtT(Y_A^6ZJ<J9ULqVkA67(n=UhCi#Ns#9)pY!v
zrL<E$ZHzI_ULv?F-kG-ILhiO|Kl!eYbbY}Tb{0`8M*3~WfGf?RDyT^fd@Z!MM<^=}
z>l&;|BG(?#M)nEZley3x#)y<>xFF~l;YPkAR_U0J29S-$drajAI)q<+sydodvBlqv
zWrJuLooAh|RM;`b&GP7YwSr?+beMH<b@oKxz&Kq@E^7%L(-2DBbKI;-s)FIO&bCJL
z=4(XyNjwQo8Z}V)D44^At?(%*UcGn7E4S?|X=w61$4mW(Ix)jHhNhG9#Vtk!yaE|2
zObSk46wY<{q4hsZS|&@f!s`|4mN18A*}}q~5H;DoliIQY7n|+U!qe63x|xgGVc0t{
zue1Od&38|bmD+2%RzefL&UB!!l`@n0ml(Fk%ki^rw9kof%2EB9Wcz$=b`jgZ!mtWj
zL?`v7?DA|>(WPb}J^LRC_n{8s(>8PLJYAk#*PK*eq2urr<hI&qAeC9~HOed(6@r`7
zSkshrEEi=r!6D~W-iepHA|VmvsqmGz79UfoPKY1{9TCY<0(!LrN`wpWcG=ZSW9J2z
z`5tAp?chz^$W%{=452;lUF)rKb@bpP(Dd!94r7Zi<%##^v(%1U+PJtPww`vc;1X`B
z^ec(PMSO)~QnJ5??@|mV9)j`Q;kHmQn1o7(r@A~(I_zy!!WHEQ*O%0FeFoJvZ`D!c
z{HtI*be*hj^G&p?@erKhZhE&!ylmPNcn%#41c+g~wyWX%e5kxk`9dDGZoe^INJQxi
z8Q1iJi~3CVh*`Ark`<Zhj?|a>(4}SOCgS!@pAZ#6N036XBf@l&LuUjPUUvQX4t;U!
zyTY?!7pd(r=q1rJ;)v3mbd!$}<>lJP*~CLnw`0{@jOP$rcvT8bRb{8M6BjLR!$F<N
zpQ6u4r@F#OsjW+h0@N_qV9nQFeI998TX3@=@@X?-ld63E!a%oQJW{j$k{qJU8Qm_i
zzqyETo=h8eTUjnQdut_|C+|+@(}9|l8U0g%y~4M9d*UcCoEp~eo1HJ;2O8l$zIkcf
z4>gqJu9*0&hYcI6MB<sik)DRyizV7+yp{ZkA=sg`mPv1zgPtxj_`=sulrtXmQPX>N
zHN2-AneVnK9D<^1!V8j7X4A8-gRl(MzuKmR{<iAQgURM=OaS6n4eqD3EZ;+^AEToF
z=n<Ax_?c%P&NV*dC!k{leD#ts0=^ZbWM*Pi`%ew?I~B20)-{cTX=tG%Y#<_eH@lTN
z@tA)rkK4-^F*i>&uqRSTzyo9}!1)<?6BkQjutCjgh;l$oijjm7L|9A=7&l;qg`HR@
z7}sCg{ndDhE7Pe5g-9^nCj@7Gg2WN^`dd%!mZI%-PF6}2+SRDXN_RV!FUF~R<|PfR
zU%^d6%s{W<V=gyQg1x=OT~x30eak1>h;1FduDeQIzP;c!I9s6BOLrhid<2Pl=5t}|
z4A(p<f!jKa&Kbj}KfKob6oVKfSd+l?O`%1eMA&Y&&02|`6s`XV8dDODbl4XCYl?u(
zC>TEW%Ejfw%P&2!S$uQ(%ivu>=p49X*s+u8`l=}A-{?gFAotIs+v+c^Nu5Jg_(+KY
z9$Rmh>m!5`8UDmSzwG{n{m0|Q-3=3#dkUsZTIut~h%mG}s*D*C_4a*l>JrE;J5lu`
zZfWQ)^UjKxL1Lzt)jam(S}^eg8Mn>6a4%7m&SQLfDK|BFlvP4mna_l<B`F5d_-c2R
zCH-=EyK76|JU6z2Flj#@L!rMwXfOLj?<YuQ*(Z#+Wx$6hbMWF#E<8M<&itD+4R>HB
zC&v0)CF%W)uH6rUo{A^gpI?1(QzCvvS?!&@Xf92K<7K#0M3@ezt23T(C$LN1HlsoL
z%%7(axEFv386K&%u$O+^vWIu|dc`yHxt|jff|;1YKDs(kSX`r|{)*iOZ{U<P2tT2p
zD1{Of9=NSCeWViKAUfdvAknluMEBlfF8h0guL>-30)NNyUz5iGOn(A^m?9kl0PfpS
zUq~rqGaU=MrvRdFf(JIAo}G@_{jyh}v7+Ilp#?B7FtIYx1K5~Ze)9eNxar|oF3`g6
zhyC?usfP~0Mo<4OrRdjC;GdfRcPH~Zktpv&#~aEVs{K{W&QjTIOF52oShb$_qO7p*
zaWgPIqpAYyczNdVj0hh2j#J|YWt_iKer28r79IIyT<eip@Z@4)BjNk9&%SaY#!?{h
zYL>LEf*#ojD^UY4_C8&8;R}h(k=H!}P0uC5JK>|ImAs)S`W#Y3T&WC<2vB?#BS1ON
zChU|Acv?U3#T`|pRb#~0R8+E~Al*w%oxQ0ikC?}coIxF-CIn6cn&nZS*@%k>u^>}t
ze?Lvc+_T*pcLR7W9XVnpoMqwVWv(G6-K5zPv~Kmx{$QL%0NHg$GJ$uV2m!=)Hd{1Q
zdg5ry=$4FZ3f66WAU-GXG#it|Hvnl}k^3#X1Br|`QRgxu*m+E>2w}tR7{aJg-CT!@
zpU<*_qVwEr%E%#fGEH?O_pZPBJ}L5H0ye+SnRvoRXc-dpCD6M(i*4|X^A7Xs!+~0;
z>JnI?YxIybnvAN@DV!#SR_O+h(BNQ6vgMWEsH0k(Wnrve+FoO;_$%?4b3vjdIw2id
zX{4!TCO1i}%6Z6^Y^e0^s(}@PNen1>mpD5mcq8m<BphA+RP)bq8SSyqD)4A)O^{c$
z>1zw2OCQ!f;!hPiy%=RFUVK53wZ;I{uQ};89+wv-KQF&sWDC=*e@qxV@9JB7x2zmq
zgS^QRc39S?k(%>Z^7(W*=1En$#IFtv%TEQdcc(iU>;@mXvRcLVfPpa&{c}qD<tP3H
zndz~sO<=2bu9#%di#5EUGc<kC+^H9^2r{Tl3ru)pyHIr9-rOeRa~#<8dy!noBQ(bm
z?Rqp%4N480Evs8m*|gtfF_OmE%g^Vf79j)%%Uhc~;l#r8Jx`(pHXrjOO@BF33na4k
zlIr`+n#|L1`57QJ7%&P%!onO*04sZL!*5iW(Il-lgV|#G+I#3GsaX?UbO0H>u9fm-
z<wnpMH*;}~?hU@~yp<CYuBiG<V-9P*;jR+5rpm$?IIpC4&WMa&9t=MW+BHc2doNoV
znpWOvWLMEG7qHgRZ3<Ab7j|u}w#4Q!aW`!44bPTOeU_;bw4@25VlQv0vZoxdYo*Fr
zWs)!PM75pCmX2=nhmtm|UWvI(tTw?S%u*kPw`?!xxc7C%S#Qi_yLG-lw~L0r2`J1V
zR^Y8Jyp?nqyo#l7WlDG8u~?0?$jBwjs-<cke(ryhXVhH}`n=4{4zJcWZhfz&i}VYK
zBuKeO_2W?7qgL58(z?%&=9vxdSl$dbDC$%7kXK1WdjRi7sTb>{8$EOQh$8tMbJ+;C
z(w5VQ3@jmc-Z^-*m_EtauIjpuR-}E7Ois$;Bq?W7der|y1MR>>6#ec!bah!cV#G^X
z;R>!6(AP5Ms){1qjIK`R$}u#yTLu(P19)gH8Lwz*YH1=4(L(w+tK6>4QsLe##y|M;
zm;gQyboU&N^<66k`KyrR9rv^NB2Om>;QuDRaEJoU%zzfgdW3v>I{HBK`wJZleL{Jl
zEl|fs&xlaW;$DQYvwz@2+poSdnm;os{K)PAj>__1`6~~!`rze%u;qW{`G-?;bPSAa
zOka7P?rRplZ_WR)^ZuO}m#+Y_Op|*Waj88;9mjo6^-NKEpw3Sx_JzzVuFw^MBm3ZR
zxs`U7k&qxMXZ#wJIRPi}km$8Z(Q(8ac1l5}TIf?FJf#6vxi4WPbp9p2J?@*1CA-+J
zsTda(sjRYyxoXZ)UL`EWxubMfRb()!oND`WozEBIHMZ&T!Dg()b}Zn!lUTyf4w$ti
z$f$hMhMbPz5%qH90E-vT$x)!Ewwf??Uze(~xHs<|5z6ta`R>Qm8>1iSrlu#d`DE7E
z(S(k5K6a)3(hWPq<qVq?gZqZU#x_bIDQ{TH->)v;?iCtu*QfbHK7F%FtYk1fa}xbm
zg5{)JA2saY^ypuP2d;j1{{;iQ1ODX$zPVBSH>f(|PtzXdP_9m)LOk8$BL#>&bmK$Z
zKd}r>0HhB%jiJrg7oa@=$_Ii5sQ>NN(#8+~>HV$O`&+N~_g?RBy}ywD2=<-%7F{iP
z%EJO!_{F7hS@6RR>PftNWKa-^TEP<nNX<1yi7DTjWx?lfb3v&mvUl~jCoy^!AaqOP
zE?%yD8h~$ZA-OeMH+>J^4V5Mxu0xS)a<h7>yM@UqouQCg&YrUUCMD`gwUp0iI7rca
zvy=YwzErWwFJNzOtiX3eh~5;V28gvY*fs}p*o9&Ukx4#@^1U^5ACS^BygUL&iFbku
zFEiYY;Au{m0XwOHp*@leTzJ+O=LXte$n4URW$SYGs;w$16RrFeLpuCE@h1aUza}9J
zC@#+4I!DG=y<3Akbll59%U)un-3e8xNr_UWoaf>o$@+8YY!budleG`hpW40jr+m*I
z+~2jWz2{upV?^_4Z*>bHj^;W*|BgtG{^mRt9S4Bz8zAZV41pGU#yW%oI`_hqj)e}P
zKJZWHx}LEmA%(P<Frggv*U}9v%+z9(KOFIoQ3)RWalm^COx9l4%vjI%ub-u30x*2L
zlS&zA2(%}Bhzha&9u{&ht$nTC@DLW_0JPDuu>qP9Qs`0Mt8;&TO#Gq4+WvliLiYlm
zosQk#jqzjRK-(W_Y`{^WgaoMh1O&b*hX6VN3q8Y+niF(ioAlqkkN>~?R(?l<6~tXK
zO9}jOK_b4qr+64gzP2Rza!0R2+M{dlcq1XL0=0WU@~dKjSj6ZU?*+^Z1e4$)xY;b<
zNVvSys|gWIoz{!;Gx$t_SkJ#~5pjk_9%H;0g^;a<P_}K5Wg~-v8US?Ro|S<<&V$jO
zVdqcmD)+2-5{KJ$!B`dRKc1+WA)4W_jsdLAvaiKITIF{y**yvo)z|Pri<xR&xvP-1
zIdnL!(BPMK9*X5Qg#&4xGDVPnw!=Nr?~{cIWI%OHOVYqboob)u>P~Rkv)avDbDOmu
zq>j~HFrPSKZRUC74~td%b_&Lx->PG4zYn3C@huARYq(m}*lLNLFGG>*<ljkf8Q}f-
z8_gj@JOQA2qX6}^boBIie|kdy6@O?(d#K<$mN!Bz30`W$2TobZn;PK&&u_=NoB$30
zyYDIaPMko&L16(v0M$?Dm43TK08Brf0Heev{}&h5ujn;HRNV*kR7$j#O^GSR%S9n^
zT<xyRnxmf$CRTG|X1^I!U1Jn~>c(AWAcOBSV@ylmQa}nzbfhxwr)^5e)sD0-riBo=
zfleZU&38eoOs!b_dTL;rIii^C{+6Fo8+lSw+5&4`bRKOwKK8UKaG9G<pwh?pZ)voP
z&un)=*@45h@P*^tun|tb5*^n}SS!msU)dKXjZF!jHD+zzd5NIh1(aKr4GL=EAAioZ
zdQqQ7Q_*{D8x8ijS<+ye@V2h6D$#ST8uhYQLTY+XK^ThTgLF}hnzx79GYJz&p|C@u
z9J<IrGhj;U8|^rDdC!yKf=3odd+HZKTpqQS7T_!VzsR)tw}RP&R;}?9afr+Q2sD62
z#Z?dzkdgWxh43RLK|qFvN>Wjf=7;L~7!_XusAvBm(+~<+nw#5O{H(eP@O{hS#|B`c
zzyARM7}&msZ2r{z?;iel3^9bxCSN9BQQxWR)1e_>%q{@*lIS{&Z=7XLn8?)+d#m|n
z85Z|!A%RPx_*7$usEV&(pw7b~z4?NhnK6T-?UW8#$S#IU#jEooII(xNz+|jyhA$GS
zZDN8y_<hSUD@vTCBIFtKijc1>8gSwhoYe5V2V4P12YNHRa;}=CgRy+ROI`Q2Ns@;A
z5H+kR(-RmZzaf)eb|?@QkrfXW8J^H>!`h&Coy`hL<xw5(b*27TP);<nI@p)~C*o0=
z>rcibve*`4Ypn<<ctWpvHT8TseV<_`nhwsZns8iOKA9xA5l7mV_IbiyNDilPP&7_b
zY6>pfM$P$TPLPot+y3fTrI=y;^BsYZuibdP&k+--SPx)#I0ygh$M^5QTuJt9!NNMB
zvaT49?#HnF3;J8Qd#YxS>VvgRdd1_?TwXzU&IsA~SR=5H^jqdtW<G5=B}wnYxDCtw
z_<m%zKm6MI8l1AtOoKs7zZ%F9Y>DaMbn+=nlmLq-B4+#G5@T;bdKm&mX<~I{?ur}I
zZ3$2FLtbNoj1l|ECJn4Wb&1MLT_d-eo9qz3j6&V!=P-ecUraz7k|~urZ$VfFpPC&=
zzpJ(rMlp-pV;tW}idq+Jj-<007Xv#5TRkS&cAJh@%D>wQxkwbbV^RZq2hkUz9%xM&
z)s$1|0^gK$qVg03nh1kOoNX9V>~UT-i}xFiuy+ia-V|<m?&RAb#o;Uu`18ES-#rGw
z^nMlG^dQe@{W>WJ+%J-H!2OYw<Il4YUz2itd;1@!(7WH;S?O8tr3J=cWCi(epTO@h
zSn6R@n*$!ZmNyT>8YPa*8<^*&s*mPcg^V<J+cMtTpuFTyddy^lc&;$Sw<rkuz7n^c
zj{k{>KLfEtIjkk(DygiDe?W7~YZ@d&{AOgx0LaJ=)gd=0q*AY!HH%%(?fcx)i>roH
zpR(xXed5oezE{9y+gxk8ae9;?LTTlbi}IB>+wO|;UjzcGz0VSauCY`&o?EVn9489h
z;vJkPWC!7~;J$qI*?}}k_B=!JPB7Bp=?MLY_5!Gu>#LTdBKK%rFm=jNrtFv`0ex+a
z@=N+V4u}#dUXzQi<^88OrhTi3p{($Gu-CVUuhRi^b7u0ui%{=o;zisS;Pp{B!O(wV
z@V6lQ6Qm}r>SW>bp=yURE{eWbn9Glta_fJ!2Xc-(a?LCR*9XEqQZylyjczXG<EkUm
z_l2e1;B8HyAol@?_r%<ptmlGw2J<IPAg?NXr0qYPf$X?llI>s*aPOb-K!V|jW_qSj
ze!Kk~a@tH|ZD@bg#2^iw!rx`X2c!@`55`!Tf7D10vsp2zMUbyvteLRh_~l-$<G@EV
zf+F8|Om~DTG&a8jicRY5G*^5V8#UhwXUqM{>mk@TFJy!luFRcP5B-ScixK;;+&I=v
zdPQ{FUCu|NAqZ*-{T7)OpLFrgbA;G_TKE7Xxv(>HH>SX!*>k9iN9@a)(0PHSOI`>h
zo*d=;uo_XW&@c9}5pe5@zz})0JAxKP0A2Ec!IparHr!+IyMY-TLa_C(DD?OV1hSHU
z1o5I`DOni10PQRZ6@hw24~ZfTje!rgT)v<8pofKTZ~l+g|BpWgj*9jD#vf(5rGa*i
zmNuq8oIk8|0DAg|BdK3APtdb{1?jiu|MU6%4#Ue=?%6i=@4xh*1)i9KN-tXQLf4y<
zYj~ciQ&*^U$!Qhj(C6v|R$Cwji~ztA&L@pkGBMdSO!S>UfT|X9(uuRWjX;b@P;3xt
zaX@GFOWDpI70YxfkE`Xy2VWi)7>zv*P$eIPA#W_Su<^wO*era`+8kN5v&U+Bmgb7C
z2!S&xz*eM0(Yb`(aNN35%qqsv@8F-#CNz?hc8C%tckZ@A?RiqDwf!W$jC#1fKZ@T`
zlC&q1)pGVr|5XHjf-3j8w)7e##jcn$szkl$EbWEOC|mC>!4#v-NhR+f9ccT`JTf(g
z20^XtuqIZX@jNsGMXzk!MV?}xVt}kr{)O1T<dlBoFwh5mM{?RZu-g#Xxa7woY=8F8
z46Hveocp$j_#-G+ZuXt-kZ5YCrcJ4n;PNNj5}2E(qL)q2I_i`ls*tk7$>$&Y=nd`7
z!?8H?sS}r%Ch@(@wfa0Z<k<Ig6y&p+GVP)<JpA;#79wxiX{a}E@8Vd7-rX)$oFq~U
z`Gu_V!%W(N(VhiQC2ls7kBNlW!wcg&4x;7Y*5%N3q)^y_Gu|;^k-gc3x2xe!_~5WX
z9-nP6w^)40r{4Qo+1J);B>;Pbj<24!nHp8i!BTod+8cpK9h^7=rP<&GvUneON9D6;
z)bSXf*%TW^M;*vhlc=F`dv@4H3TD%j9+QJHQI_$>tzT@UC<S2&Pt-7;czk3_nr1za
zJCmV$C@uPs4dV9x$N#&N$S#32q>INz@o!3s{_G-EQurxzAfJJOv5ooHb^TKW%1`eS
z%Gv<UjqlgK&^KlKYh*7Q9V0z}p7C46%L5p{HUCq?{DYF9@BmF5^i=SnOlPJVcFt&*
zUUb|6-J=w;m(X0RikI0F{U}?<Xj&T)SOv5+qHBei0#1cPEbUF@15|4wOW13AwOll`
zP8~9{$A~#bl1etFad^_0{BchGESynG$-w87f06c*N+?}gk(rpt<NzS;Cbzuf#S@&r
z*9QN-Bq#>VQDBg)T1j^+e~XCLiJ3{j=MHka6;_2wNKYKb<qxzKy)c|Csgvuq!Us2*
zOV(fje$_yMF}a2MQ5br)k3k+PTq#=orYF$URbPB!E>tax^)FwnhT<>lHCK5LSb~K)
zKUj;z0X~qz_jFG4eHoaCp$V7e!tVX0;5>luUwK47Qk%h{{^Ak+yb9<549q{Rg0Id0
z#1Oyp>vf<k<ZIpX&CQ*phb*5KE^<00HBNo;bje_N_9>iDy_ni^J!YEO%EV|eLN421
z-4G%JiNsQa!lx}kWlEG1wR*8RN@~F$P60CspCn7>)t4;)$9>0?o+CLg_Q<4q-o15A
zn!aS67gRxCJrC=i7F~jWLXL;u?dwlkQ~yqhuOFOPf;uWZbS=2VplkE)`6g%K%t%H1
zqESllxeJK${IOD;*;T#%oNnmCV@LXJ-F~v9<c4>;zLJ$tE`V;zmR%^RggV>~y659s
zjS46jDTykS297#JbkH=UVyT#idq>Z$!>a1ppv4@o_i3UdA;YO@9bNYYT9_J=rY>yr
zs1Aoz_9&#uv|dFT!O+&8e}dYiN#d5v8z%06&0`fctGKvxF9=XsuAlICa;z8F67@Wt
zYJO^t-!jZ>_TuHiUJjNb_6hii!`fn46KBP!sKiqDxo7lS2jLWcAa@Ra8#K6@Fm-Lh
zQO$U{648GBCrOZmE3`OrhL#Nh5#f<XiBGgSk~~J%c3HP}K=C<6mBnDXBw0Yxf)HA5
z7cC7oZA1XvNUM**dy@D;%sOK|bUH#7Jbkbqt9Gc;J61Gm8!NNjR6@B@P3SXEH;L~0
z5qP{Ie)X)D|JbKyOd--qni~7Y+fs0n1Jo{_|1-!Ejp<hBo=ssx%k9>?x96Wu%bi22
z4S%JbrM4R8!VyoCod^}=0_Bm(r-Taievj9`g~wO7U4@DilCCuSO5s*5ZVCO<?g}wA
zxfBPAaOZa_!WiQx@~1U|8;=BAF#Sdzdku7=+<+)S>ICwAsv=3_?3n7lvPz?MiuWaC
zo_9kuMh$vn&;0sP?uUiKkIOG6YPjd?kG2_kr?R|HoOo!*-&{{;jcGz4U=-c*eOWEH
zxfJwa;NPHrai$!m%Tv!^ngaLIg9b?UQb7i!+{q&oK9M@S7B3>Jqx4352#^!e4WXOg
zvCA~?lCX=wsu@iiWA!FK#WK$w70=_tBhfNV!)>`oq?>D`rt*|gDI;vQk5uLpp(@o=
zk)RgegS@T96$gVw8*1b0y$WL@a`$09%vX%UVv311H(~EAA8H5=h}lT)L1fQ!sm=W2
zBz$?zLc1E`ceHQ|F`a3YK})g(69+XO*Skm(zwLG!1KF@^yGcE4&o;SEGCL)$CGaY3
z2#u{p$x1X)g|0GXPy97_Jb*wOY7gh>t+)15Y!O}mH~m<QUX~Sw*vsi(Tt$n<L8lF?
z^KD|bs12&hYgf29%l9S2wzi>L3Ye0V0va)MtKMo>`kI*<^Nyx}I%qdGty?sQIX-wN
z>j3NG?t+o26wjYX2Q#OQ91aQaSc?!IPDPvP!dQWf59=VQ!Wl$^F6TYZPU8z`gcvf7
z?|$aRc+;{El|A>O)1Qm`)omK(=jvJ*BP?7@fd|Q0_MS>5@9Bo|JDs}8K(OJCB~t%Y
zJQn;{xbDxCygzf@cOlZ)!tiHCz1K$>|I|dkHUC4S{7zJ@^y_E9pfQa#Gu4sL*v=kw
zj+I=E^-Anh(ia52GSpv!T7JnQc1oM<=Z8;ysGSOs?)URwq8h|cyJaq5aAXpkVv5J+
zV%~5;m>L(!G%*gHzHVSIc2*ldp0I96ihOFCR1;(u2#2p#mqvYApz!=tg9CSr<fBJn
z00030{{R3W|KIpoPjSagiiqnIL21l^ea$2WN+c4zf@L_9i|_qg=aG20c5AN>4xTD}
zY5^u#PG9g^hr2h$jeTs+&?J94f0H{zh5$mj%_;naOS^?fcH|QopIjOm3qM4*mC9S3
zz+LJ~*S#><<$Qx+tUkVrIYDNf!6irGZuisUXm945S;hk!k0ZDzO_k`sA{A(Yk@b|B
z_ZC^am8CASNV0Yv-M`50^)HC3!7AlXT;9IFnV3#aW_+JgNslI#m$R_boY#CVFdN14
zv67xfRtcL)+CjjYa6iUT8r_N}u)Ph>{8L{Q`52Y*u)G4h;D~K^2M#1qO*cAak1w2V
zcAarcm1rE)Wm3OZpKYLLw`5lWTr@8u5!CAwFq^p;s46PsBhd{!P{CVOrGe!!n;Je@
zg{d@C1cCjGE){5RUh^VeZO(iIB;z<)w7H!nr=Iz<TcCdeHhR`PO_q973Fbwl?0}W(
zIk}-oUsnb+yZbPeh8Y&SL6!SWl%-Eu^P`wqG?9ZWmM)<*&MwCi{kJg-r^dcM+J|EN
zjJs+eivGAyn4{rdUgj3H%>D{gj*d{|Wcg)of3>{+A1wC=V<*r?&sfLoZ$QQTHEi$?
zP(3vNL!<l-RHryHhS1M5(NCa=`v^eGmu-ch1jVQt#7NO5KDO5sP|1AYqmNa&M9EV}
zSb9Z(AAptju8O)&3qIt1i9eGwJ#_=FF3Vw=x;R(wfVI{pe{<|c_xuI1sQ!o5f)CHl
ziy*&Tjz1nuTKyuM6Urg-=Bc`i%Q*v2?S5jyGGW^UMetzkRh`i8GA{=5nBAAhbW6|4
zOp+y4iVF$3>xEn(kD8K=(Tm-s3H3Ud9N3}3dRT6{MD{ig9Pn(>4-;~#x?P;7`QJVF
ze0lqkOeWjFo2f*wUJ)M`Ko3k^<BZXim3CQXAG7GkzPcD;DJFSVpaM=z0WW6nSwk^n
z-x9I>3Bj4}mpgUL2Zd10-V&a4e8knnxJHuG*jN80Q2nr@z9>9~Kp1F+zk|IQtAC<J
z+2m@J_(E)?5|2g7liXbxN<-j701dZoIhngmOn!C8v!nu|1hlgGu+f5G^eI!4v4bbY
zQ#mikJmn&GF+s~>^qLyab-a?&%0BX2E#<pIk-C#--dgTd;FHWOODJK3a4=PJOiyY6
zZoE;058p#Q-!<%r=n*J?X^I{U)~I_eeOSftuH14IHcNK-lw*TN@cpa-Yd(Xr=z%#7
zLpXdGk2Xu{Xs@{kqX&GtjYB9-y3LI|6Q2-RJS}c{lC2m~nV5)>Nael>BXW;aQom}=
z1X!AyG_WeR7-xa9^vOXBNE$RdhJF=9)l;HG*f@>^xBUlD9o>U!{~lD6|HzNw{rYbg
z`gfb<BUETU8)Fws3!R@bcq!;v+S%Fa>zDz5b~xDS*cccC&Gi4qmO@1+W}!#(!=DO{
zO8@6=e;ncbi}e%ur)`Chno#724}=Xs2LSwV-m?5$hwOjw)PINjaX9vlXBW~-C(T$1
zS`k4CWduBZgXx5*=9KK+i0+(crVgxn)6Cj$lQmz0c$L$tdY%SekO~B>8{^0)MJ`$|
zPf^25Tb_1{O;;abD;GbnwnN(<ydqo1uE&d~G2wU-8!V!HN1731rQkc`XNT5qm<D0Q
zz7WByh9@pPC=kW5t~>!^)hEB_>R!yg-bi;LboyR<5LFfIxmQ1<$U@zGB+wjekSZ!S
zcYWR;Q_RgkI-A`*ziN+>rXC)=mSI6;yUaA4bUOK?_pp#KeY{oRJQ#wQfPb}_ZG--n
z4qsu<nBqbpZ5MGlS%12!qEY&F^E28GC0u)6Z47@fCALsc$baiVX^Ixe!aLAOz;o81
ztXgyNltbhw-(TTgf;rdE(RhvnE8XzvBTEFGo*TbUT2sv415-GB)alxDUD!s`!xjOH
zK~D!!=LH6r7%L!B2`I-~&NaKo+nV;GE$QtJqkL$aeE408p4AY#OEtPEp}a@mYC1EC
zqcO8fAH=OZ>;%pBAF|;tvMqR=Y!7EHR1*<f7|&9bG4u*u1Yvo@ckb2AJ|C!KKY6~c
zKf@u*qkZc^N2vL3EW9AzL3d%iJN&N2k9SXJKU{_@N#}#Diy#YgAKx^&Qj#^~>*%sj
zR8v1YMGDaGvC11Ms-d)U-r}6mBTc_CssZd+UD=1!m}?uB<9F9>PQA4R3pIq7B2%%R
zA-rxAmklqYsDHry;yv!??s4Dw4{`tMzY{$40Khl!Q2u$_|1sSE$IbY+$HsTtz^_kV
zU4xZbs;7%ir#dfX)qv|LW44P_Pxf*#(F6;eWf~{XhhX2J5~fs&Inq-q-_-4d%@JSP
zd?MFL*gIA8+p)l^3#R(yr#^0XWvbN~{02!rSXk+})*g4wb49UO;#|o_1q|yP!&-G4
zp90#hGgY+NtnxUg^hlq@Il6U6SkrUSTtQN|WPsqYUITmT)wMIoYaP2mG9O;OqjDP)
zEcnFUF$DX5maEX<Hq`@NPpt|qAmBW&M#@1A-$9eHbt7ImF{I*)XU;&=Cwe-!sKL)#
z$mgc-#9j_3#tvsK>#4&yR4MB&O4#AWkCBZ%f>0fLjexK=f8D-A5P9%#q1+9Qo*-`;
z;Mw7Bl&$+V^J4+DI{B|qj;wk~Dg$mAo5+zw;N#CW<^UP1xkwRXuB!p_KI83JsXglf
zqe<#YdPo47+#1#J2WpErLh)$Oo!SsXSGpxbny@%<G8%zYak^84D!7K4B^FQOdXQ`c
zSNSW`29AzVXF2JC$YVojtZq(W7kE(j&KK+EYyJR?B$5uK&k$#y4?V};!QS!XvFygK
z>Z_s<I<k(^bF+He$J<^Sy(;VbNYJ@+nc^|%QFZ`LU47lso6|Cs04d(Mg-HPx*`(+M
zLu5TV?2b46q%>cLYX}yE_`1ur4@O_;F$b^rnY$bP$?M)15$@0SB2{hmFPQB#Ni$Cj
zAZa|=(DR>N$%aPw8$VRI2k*H@dFMUKi~b?Xeg7@YV1F$Yd5;-n5lcZGeSK#dJxlZN
zK%oQBegg`Hh$Z3I&i`{{|BsmE@6g<0t^4TUQkC%xrw23p%uDRWCb2JSZYQAtD2Ly{
zn!i{&`PQi)j&w%ltkvr-deAaRZfNPf<4YM@RRHmN0hY4qk{9&#(Gz<wHaXYT3#Mv2
z>HKgX)Rk(Ud~n~(tmY7O6VLg_?bTRlkiA>&Zy{nigx%=jk3bBFyTgsmnZuAVYevg)
zwJTXK!NNX{&Iv=$!*XwHxOKZ-l|EO<iPkliBZbt#7W59I$`^=#x=_gOorFNyiJQNv
zfnS}L27qPzco5`uC85zzzvHhfK*|WFOb!}V$zk=3$D(W_B?#0#ee7aZ!CX7Fg=+mp
zL9LeX^~Vkza88(QF}jz=!WExI{w*}KC;3Ao8B$d5pEg1ASrE3x&LGbJ3eAbL8qVVv
z395$RItLycP;~axnS>ECz`)A0+?2+tP1>PZwY@>RFxyI2{uxNub1?hbn>S^X#ix_=
zsC^1Z9wEZR370iA&yfovOUb=1HqzBLS<(wu7R)OAF;cmvNo1U(m?pF!w!M4{lEA2|
zkdCJ!yC7_NcWp>B^3!+H3XD(^RX)5zVTZ|S61;&zXK71bq0ioB-I&rpqVhny2HQ#>
zxPvyrm?e&6rFID)Ry;6X)?(;&;c|st?)B7STV1lR?{vUq_(=7IR<h`<Z2hCm+m2*$
zMW{|s_wh%FOSrcl7`26(r(;jb1z_N$PV-DF6a9d_E<sC6g3T|_ws21#Qua#$e4xbu
zK9F=j()#ucjBbv*KmGW3v7CiJM=dJR2>|%Mp@UsYN8iR+pOC^92qe_Ax3K|Q*b&|@
zejA{zEuoGb;kPibd*$>&S=D)f3+?w_${zs?kf<<xtn@654D_rlbT|O4ZwN!-6Cf1$
z<AZ<WC<RBw|6bfgz(~hj7ieQ^Z20{M4)sGmIMyGL6c07o8Sd5V2l%rBSQvgZ|F``+
zzw<t{E+~(#uqQhRRie(`wN+z<vhZQX$%|}bq*4Y&FquKo(}?IEi9xiu3o@5k_cy7*
z*p5&83*JSkkS=I4M_3KNv=+ddp4opna)r~xUe#BW-7lC2UrdC~Q|F={Z9kQR!WxVf
zQsXtUL~p5_5;YNo^ti%KKiW?F=yVWMM!Wp!P#4EX9f`zO@8O1c%U^$je=D6`2V1P2
zQ6wa<S8vc{^!cJ0`>l5aKA)5QXxlA_QfZ*#26-eCo+Lw2!gT`8Yrht%p6r(4*T`tQ
zdgr~bgI-`H?h1h?cyI>b2Zc2sM)|!0GERX=y4TQQs8PDWVv+!|S*l#}LEXtFE)XJA
z4{mT6swg=yIQXiG=EhpN-lV4!2*~y{G@7|2yxtoKBe+VDD-N}4B2Tw&H7#_HG}xHb
zV23Xqe;+>HotoNaJ~Y%Kx3YZR&dOXok!QbF;wPXH6AfnqJ<oynns}nHjcGPJgY?d(
z$^mcQe3Qz6O5SfsDEcGr>M8@?Cujx5>~}sKNi4LV<}&m**XEjvul4=$IP-d-=KbzW
zH%zfPJF_bIuR>wCwI0cL>2{1kTDNrQubgN4Zg8U{zr`P8mZG&j4W~Hu%|{*4X^UzQ
zZDoAL7bYP&Ym9Oy8=FGtt7^OJmU(z^Gj}F7D)1shS+AFiYn4e^brYeNu>ZM43?<@^
z^nTwG^`rd3m5%^W_b*_ea6i#w9ZYWu{_Ln3yJ_*R;(>Y$6cddmz<Uwu>**rzX@K{H
z*DvqM^e)fwF8N=E9G{;U?XNoq*S9!WW&k6A{(E7AhghjU17LB#=M%KDG&9z7{>$Wl
zl_=jU$kS>*nqnF<R`@PbCI5hS0UO@*(hUJujKrCIO8A{6rK)_870T8e*GaO1qUEA?
z)?1jmoo!XO4@?K2FgFhjS4--JKEurS3L?J8KyZu_a$(TYil;IPZ4-I*I+?3=r|)Fk
zC)$r`xS5$%*@jMCg!&yuj-K2$ENGGEj(u8RCc%LxN?F~CzNg{D(`U!EY#OgOi1HSj
zxcIT{lB`OM%w#ph2JfyAG}fp@CcW8JL8@#`^$1VtgdVXW99wztTB-32neyk`aZ%8M
zncLgM!Gw$IefaQHB|1ivsV)2h_KYf37x%QtZ7!D%zq+i;!=LOj$E0dT4=}tR!%}WQ
z>kfIgUL)~3mZ^1`ow6;pT$TY(JYOxh2Yi3`c>S$KNTrJ3b`H<b-n(~!>UtY7OQvtf
zYHgfMadz2OH2RX?1&+%|gWOJ=q;t|CQh<TFzuw3z&C*YEJ{LVi&+lLB7To4>N<4J6
z=H@(jo!5zp!n4*u!N9*M1nXvg7~o9X>4W7C6YN&5=nzyq-*(i$XfaDS5mTI)u}^AZ
z`#M;iodz`szoj)gmJw%}ye1UilK*aflO<Uek2>oDY_IRd3wG;9qvdyPCAbs>S)ZN)
zdAzrZ6Gx{2gQ)N_=skXod7{+kfTxaA!V=Err(wJ7p4!Mx$D7H;<BF|zUc-<1)7u_)
zRE7H;Rpx$2W%;qAX3y|@<dhZ9{N0XP{67ImlmPN?K>7nggq8+B%*nuiw5QUuG5x%!
zer^8m`-gtFtCoQDS+P9#QWIx4bBcA(_QWPQWg2gq?SmJz;U+7Ol&{z0pm<^Vroucn
z_h?QZPU-Y?{g9a0OLI~8Lp9~1x7lIKsyn@jVg@~y>McR&B$sx8KZ)fsa)l!|VLTI&
zX~m;yD;oVXzi5RCgwn{6kmbN|sL`fKgr&qxoB)KGB-n<>I<ipm2Wg%TJAH^l`0#^?
z0504PA*2_D6QdiGt6QC*(2f&wYv7(CqHm;(?CUlg)1<MiPv|95%(bx|U-hTje`+Bc
zcopNs=4`7;iqQLV+Ytr2PoGc3CZ<5PeH+F>pK*k(#sL`y-a)7%znIIUq{<yg8~Xxj
z=cQYT$5J)s^iZ<2n%F|V!T-nIUw~D)ZSCVQ-Q6JFAh8zR-5`xf=c1*%yOHj0LAnH_
zOE74py97}h5fJ_$xVP@@IiB<W-t%4O{kU9S%xBFtpJy@WJ?=5aoMQ~cH++4rp2ZnN
ztAkHe+MpNoQ7zXAW(8N5$p+{;_dmd9DBlAYQ{wZWn(SFuR@I?`eT75XSiUCw$sO)8
z)h3`Q7NW|EL(O8->o{rSmEXJM{e*z6k5$!{80N%f=Q<_5DO+_~kKEh%^Tc?JG{zCB
z7Vasuu7hX29i^Md#>GdlX-A3~gV&p04QGGjruhJ$Gwyj$XL;q38)aGzIAV3BcG96Q
z%egjx%6^WZ%tBjb0@Jiw8m_f|rjb>n(LjZtHXi#@%!@WY1y1rN?+-&+E@VagTz=<L
zGeG|Pt6|5(^{w7Ziai)%wG?S+z@XU*n_VteJZJRpta`JjV)h$W{X$uWT2p`O)^VmE
zdaq~t0YnxqKEQAFj#Xy?ep9}`?33$PSKwFue-1nTKghNJJg>%JRFboI<#X>bEo{|q
zxq3>q33`dg>2A$b<6q$LW!Gt$WLa!>H|d1FM=c+sKwY5X(S4&(*jdk5MmhQjb|G)b
zJW!wYJsL7*3B_>G`V)_$EPi`Td)DJpuRbFZxT8yOAIhQo465)8EB7DA^>HiUZ1Z`$
zON@(KNId=E<o~evS&pX}ChJKiV9$nzo05V)=4%Wc`$7C7TVdbl)7?l^LmAJCv18TK
zsD`wMAvpd#tj{#b;XeB}Z!;}Prq$Jp=R@;O&oPM$@ovxgyyyKevO_(^UI6IjDO1m?
zbuJ|J_(CiLZ3tdO>!hC?hionIfKwDX4m$&n{H;=I4jloXUN{S@7T{$Vvt$ZtK4jm?
ze%T_+-n1XVT1M-MFV@}&LsQW4RDN}TA=x@1X7VSL)<wFKT{ac1u{8_KK$r#=h#ut%
z^3k~(G7*9qp*^~R9RwupmEq<$Qe&J5Z!i$T-KzK@eavN#*hsx<*|wj^8XpUMt)(!<
zMuuwKW9)=i;;XU3-YcY-3~*dqXBxOnp%LkO)|XW^ti@HBuDIZhmr^gzd*W92{xg9G
zOu+eY#LSDAt$5GiZ1{XFg#_{On?d0lZ4=sK9Fx03%9Q$Crcl70=tKX$g(kH_USO=|
zTs<6ixib|4vIkSh3Q`eF3pLtf&di;8*GNy_-o0rTso|UBWXIQ>x)1P&oW2V_1gm<k
zi6f=gzWn+)ViJGD>#uGouAigq{@hHJ))bdl6u({YcRn6SBm`-9khLx7+XB3;bIbx{
z1+w0p#lLeMeQR*CuxtK5jQl&o85nbag-Tpj9Q+;!WKrF9Pn^XrarzQX>rLfmp&NK~
zSof;~HM`F)Z7vCi_5}=LQ(1B8SUkC#lrabh51;f-Q70@<OD!`B%plm$=ci)N_~nHh
zd011sggq*M_W`L!*xkYU@vOV6@D^MshIa^)3A&M$>N#JgeMbw^RoC-*Wam|$$<K9W
zZF$G5e%755HabyD5BgNq!U$M_2-WIM`Qa(uJG^YYiNfaIPF;MYy#~!nk~yR?@wqXw
zhw`35;;LyQ(A2_J^$&<x+j=1TsXRMvXL*m{8C7Yd%9xjX$^`mf$H}R1b5iV#fqz+o
z7klu)xMLYvGlaaQ{9gVgbv^cB@kJp1)=q9{otSxGz+u>kBTUH~#CKf_G(n2guW%a&
z+(RBR5P%a~wPBW{mDN)obH(PqlbzXrF}fgGzu)3_qG36Nud)?|{aWUAiH+F$J>j9{
z;Nn-q7TGOwQ828Uc|q$j>^X+oIP!a|d1sIWbqsd3j~Es_5N8QcKP-@uz_`FbRt@Z?
zUUW1mAO_Q3jy7$t&J=b_nqw@@?w#OAeDtuLgn0Kc1do;hic-#HO)8wAk2h@`_0^fv
zD7cVjlv{hmknB(?PG{m;xm>saZtQrq;ky62FH`}fcU1d~PabNr0@4`r`Q*sDy*FXM
z%av9d>hlU{iS_-bI6IOBxOYK-Cjh@gfL|5Nw<tirrvSe~KU8yT6B{A(KbBH~Uo61y
z2~hG|zT@k)C-B4CyB5)+(h{V?03a(XCkqFFQTf5O_-1-&?r39gZonvM;NS={cPCW^
z0@&F}B{*0}Rk*(M4LlN$u(R<^;Heeq1CX(~Bgo#~z#3#jDt`T0Lvv%00V$B}di-xG
zwn_go;=kjgBO(N$JUyWDsEZw1tFGQ?Rdck0{#C*X*CHewnQXaGo{rZjg*aZ>O;UPz
z(a44zCvWjB%brb~#ClcO9SYW>xCW&s7SNDMipY3M@f?eL)*?MoaxF{5T<H7i)kqK{
z_bd+b<wp_lLDZ@0v%I)v{l^vVmhh#0bf3(mO#!}??m!%FE$@9org<y)@&jO}zkJh+
zFKzAgL4qAZ`8*mI8nS$}l(Ti%P8G<Z%}fp*t&c+1MGijbej)~tr@rPK=^?Z7+i81D
zy+ODpLYgI6RTiLO%fSAwl7p@8E$=DI)7@3qu=6N!hM9~;Zy`d1O@X{P2HAtRXDJPI
zSBD24B_vEa@#^;%f*`+`bH2`UwScbc1-gdqxEBX4H+k?av=O@n4rbe;XmqhN#n1z%
z*Tmh03z#s|*-%V8q@Nil4@-2rW!ftm6{Tpwv`Rgm;tsHV&%OseQrfaQ+Yhnr`PF}>
zOG}x(B88{CnLVDOm_%xxT_U9h&1|g@*oE+j3EvNGK+)-9TN7sxee%<;Vko1*m7s_N
zbb{!_6Fzxx9{fTQ33-=copnEQvXILJufVDJ@^@yUQZ=(594I$qeN+n?d<8P|`Q+@o
z)O&Kq-*C|kPQYa4NlkBM5Bl43#HaBtCXuabJV%;|<=p$Kp;?>SZ*C<@4bE<)uNDT$
z<22PQGp%~{X~B1jafE9^mk}|=OTcROf;#l&wd9Av1Ng&WT}%FpyF)rEJG`IHYozr4
zYEUWtESE(9Lbno_TiEGlof;b$|21IQnpEOO?Xb1CF#$PTH*fq1H^|{&;b3J0aB%$*
z5(&7;pa^9Dv&!gg^FMLR-*LpNB+Dn;r|0{5>`Oj!GfUmdlU@yI{SdmfqVzoq7B#O3
zb!gLE(Fx2o)GO;rMb;uvHx{*uAmf;i(bo(oS?su`p^)sJ@hf?w!Y&#?Yj3qD*mTnQ
zcht=&Rdw>cDCd;Xezh;lfkOGLy*tq5>r=&}>dijpQAUj@cLez)b7hE9j+C8?Gpqn4
zPLhE*PM=9X#`T`2B>}ce(<1?sk+CD8Azec@R9hGUQasJU&-VAItl}N9;`1G<QA$J5
zC^Ym)q46a@nmvibc%^gk?tV=iAL-DtUL|Q;j<b*R`VK*`0jt2KN1b2}>XW=C3!A18
zY8zpz&?3dJ7DkB2@i_PJqia5<rw_y&gCi~C^P>uIQ4BCgBaJ{@-cx%gKODtZsZelu
zSxG+zo#_Ub`}*dbXMaqM=@A}IJkN#X)QD>mkfixOlAca#xlx!VC8_h&;@4;LMdYQK
zx*Ig%US@Rpo8gT!=r3>?Q!_CsB|i7AOl3duc^U2aShME6{c+hRO0;rjteGpuGzmM&
zHj%{_;Il_QW3<sg4Xv>Oh@v{>SJuhrqP=j`HsMDvzGl;wB2S1PV)778b+|?goAMDS
z7*}{8_P(D659KCE4mK8^;0-~tK11zmmBMQ0elVUT+z_2aWRw&?oe1L!G|S?I;q?s@
zH{hmtc~2}Kd!6t!4)EfRBX$9PJHIeV!2gNN1-<?7jGY)vz<a{6gRss)5{1B+8Q@oR
ztF8NG0sPVdekpefyI(Yb`3H@i;)lu_CVyGK-)s&eTL*yl57FR?#PVQ@U<P0gU?4D?
zztr^<xxQk3{o765PUmk|*uXfyT{i%;2Q#|vX?54*`a!_BzSZI6{FPaN>y`7RZoaqo
zL%A$veJ;ea`NB|{8dNpe`|6Rr>%jTT9+v%0E#o8(7QCH87MICYv4#$Gdfz5~3v18x
zvGR-VcljH}be<#2T*UtOuV_G(=Q!9sOm>0m^;c&FlC8!pFHWce^JqklNvpar(a_(b
zVK<A!(2t5OCsBU@N@0AZpBaD|awIO1od}`*;>H#yz$EtmBw8VwU687ld(MbH#*$R8
zM;SvtnSs76GkHPkAm3!RYcwFS$fP)n3Uv#SH5P=R**&d_F<;p&k3vGNi#%5wwKL&o
zyD+Li34LfKe=H|$5;bx)iby3ab*U8CCsOGPH8kvPEWLKHn730c*FjITSyv6p>uK3f
zIV!b<HL7cz;gvfRA_r)p7wti#^g%#MJqu0`nxCED&U5y4@H)<b>Jg9HY$A-v+MaY8
zv9Dfm65AB<T2Z(3noDir51`%ljgRV;19jT^HF8~u0&7kn*(7Vq&dFh36VKyH66%>W
zjS=L{pjQ{PPz<cKg<LfyG@R;?%8cu6wwif>4zP(wc}f_!rYtGTk{^jlmTTbclYwj(
z2HEtV3hf{A6?D^5L|)RciVEf6@_pFmt+Fr5Z<3MK#gRIyY3YxQ>&?tAv*&1G^JTLv
ziHPfH#QnJAta3~V9$8ENUe;5sFY_!P>jfyt+FAj_8-Xt~@n$>P=$aVxu7#uIEjb`U
zfnEQAlRZ*_%loTEAoo4c2N4tZ)@!WthqqW%_*$z`X8oZ`<exqM(B*%;ct;JaKrZ0-
z4Q7@foBzvq``t$I8!G1*HyBrPoa2swhQL>}Szn=@(R<57?Jp!CL|@i~XF};wzGjkL
z*7uiKR(^)$CuwUnZ#?qhm?0n4pC9RdMe<|=Rxp~|3tmiLmq@r}=}`+qW)j`AB(udZ
znnbQ_m`Q<w*VG!w4hvQNThu54*nPWN5u;H0ucV7;Pt18wUiZ_+u4jfDsB@M%V$C@&
z@qDspX397pe$jr+54H@$`riM3g-Q_*jzi?UFbXM8M*vztrN3Qq?pBQe00960001EW
z-$D!%i~g4S>n5l;GqZIrYJI1gY?rH8tlbJy>5Fn9Y^f0lpaH&aWAbjf%X8y2_jbKb
z%-wXub7ZR}RdbvY$QkRcfOtFSKJy@d-2YKvZuFk4&r>FG%8CbyXGUoe3oG;YT7G%B
zOK7%3vGlSZY4>xIs<`xvBrtg4vRcgGU|Lw#SC$)&P0e786$J=m$NT%J;q4BlG665e
zJY1J5t*vYz>7KB1i+4X+Yf`r=y}(G?QR!n`qqJ&DFgl-8F*AKA5YRZpPS!nOb~!lH
zrBeDPCVXp8M<OzD-u)3R0W;CUTQE-H=#OHLCsk;Zy$?;Hh_NTblj_D6<Y)@y?m0L(
zAK|8Uk+`F*GQyQ35HeixJySzLjrHdE(5)`rw#>xnsUOiTtb|FCIry2yG6DQ)>Lvp#
z2@fyTXt2;AFGH~FfB`dB^QT!go5jFS(C`mhX{YQ5#|#xg#2@041Ax=D^{*r!3F_Ts
z4MPF=Lm^z_?BKgwyUSY?N?uYB|DRR>kx~Pqf13d)SR^<RCu0L!kb@%-2Y_{JwIDw*
zH?p^J02z_WIT|zlkYw?X>mWuI_v`g<^9OEjsx^H(1N}p(9kg%85s1;@TURDCr#o<R
z06BoyW;>AUdyFpNuKC~bkiWz9)@k&iQTa^pRPmC?`B3aa5%p<mp^<HQdc`YNA+N_t
z*10HRpO!H*6GW8LTAhL%8J?mL#W&zRk7Rf{bgpgJG_!O0-aC4YnW*NeQ^?fw+;!fe
zR2hlk0DP~GTnxg*$1+D#FAE>AG6iu9IeBAw`eLLgz7#fX%<(l)EwYj)S;|C#-5O|S
z-Ms8jqh)~bEyh32np0DOO!k14x=KCg45#eTc%z7B^rW<epem3c_>10)YDMdU5rj7r
zcHSh#_dJhPtjYCW-`^Pb)Twya)hD+O4L<!*{i2h??c%JTG9dA=-a-j{*yY_8M(!7a
zfOG$QO;yQ9&M>T^(m7X%^=I{WnvO5P``@uFU!(Rdiip19e_by{kxSrSME`=#?5Es`
zzwB`D*4V}ZVEFxgqJAL~21ZbHnI_)UdJ4S0;J-qqO^k=?Z=ZSV)+idYSJ1Y5uuGQG
zGCr;YbMi@K2Vj*`TJmbYGW<*s(ZNDsn@Px<q(are?E@1W=Oo2pWOf@-^>TsJY|e@*
zR&_HWT>;(+Mspq()+&&_U+C)j611~=C!xl{Y5UqoDnsqSJ#TN4+O{vx$<W_Gf<Lq^
zMvEi9$L2>|o<YzJ#rF}y;2kl{p&n1j!To*lkahmDk(cU$t(FyYQ(qeH8QLQ9a}0<a
zuuQreY>dwG5A~M}q|ePh5}UN)s`POk%P%KzY9{RD@QfyYOxW!tQNa#fbfV2q_UYl?
zfIm5-yXrIBZZC3>zwJ#TK}fr6>b>!4sr{pT8IOKW81uc%4ko#bfvth{UxM7fpL4!D
zO!Yk)6BF}W+8EFu<S8nAn+ot6-)sOb02@08+ieW~56%DJoqq?~uP&v9gfY;(ujSHN
zBQ&wZ3pQhLMi$ja$<PXLzb=-&BPm{+_58fE*a$h3@aU_Ky=SDL9=NF^cG4;YU&w65
zYw#yshbDbN;ztmDJoSb(m1i041smhOfRsbzhWO}`@hOgjs*CVf47u2>iNKkTdk3Ek
zQ-h5J+vnry1D-lJVUj!_lott#Cf{TtI7o!Afvy*mcgZDfEjf@!@KP*4hDH`wkg)qo
zE1+@?HN`jyB9ggxHpE*6Ok=n1kAN8ii#<qy1Ibmh!GO7kt?a#o)EJt0_r92=b|Xb7
zxc4m$M#LMB!RP3FhWfA+0{4Zi6MW$xH`Lm=*s#MXo<oH63WWVCx<c#pfkI7T@Ho%t
zzEN6E8~lm-^M!vaOU)lyqH?)#Oqhxvl8|M<oDqF&BJbs*o|0GC$@g(vkRZzqafyb7
zORFj9twd!>LG(1CYe@H^QkE8dCdYK&+TFGi2W1t)>Re<4FH?L<t^Ymm{O0lz6Cxp-
zw$&q<^T<#|y+p$HkI%^KLA626S*VTW>+bi$6?uqSky|`e6%m_6D%EoE{K`S8yKQS3
z?L9%yglkl7=BVC&bX|FZ6a_CmZ{(qAo&-Vmv{hMS%ZvSWzw#>|zsqUMvCrrqsTNN+
zzZ9I=CkLt^7Y?)FDLHFkS)qQ|(esUT5)J4MO1YBDVnkkZ35b`kPlAo0#Y~UHj}oSl
z7W%ZXK_SLHmrMSx8S>x;b!^wD16-pH?-q3sknjHrJINopP4*8W!$g*{u{O25evvBL
z{1EkyiTl&_KS&ICm&uMD$bS7|1>OV!vfMV=*jZS(HUIZ+^gB?MU2!#RnLtRd=G867
zd=ZLv`?AvNb_vn?i879e{A4D`-u!Y>5Pp0<wjLs5I7)L_ty?j;iH^E!bvkF?9FmsQ
zSDc*jVKJ|2;zM!`652%)QvSzz9BmXi)z<aZG=khJ@Y~NU-aFQGfwZ5rdv?19zRkk9
zIA&5HrH9LQIqW6wNmDi<meO5CgNY_jSq441r$b@F+gQk=)E``$TaxADoX}Nd^;~#w
zq92B9V;pJakXP=pVq{MMO($lc27i{5W5X1LE>DbmhX{xLj>Uty-5#(-OgwcxYS;dE
z2yQOzpDUj`Hx(iV;_9Gn+blmzMAv)Fm#_UGK<l6uKioG0G2|9h)Bws~Sp1NGK~mqZ
zfP*42!B?>oGOg<u0g)mM7b({=Gy93=p8uwW_zq5lLQu|Ojcu!DQu8b8$Dbr3tT*YI
zl4|i;Kh$MEt>OHX@-(@Dslk+Hyh!>hVLZq=ON4oj+$v4sKogt0+HUf`()-7RDIL@F
zN4fqU69d9|6yT0rY7wYSOs09HP@FRvh-0{9OVP=0Y&L;X5Tva4HrT|nV{MOobpu7a
z=tiwDu+|Ks%Ftr60u^8ECE18)habMOQaD5B!N!*8eoGRd#VCyNQPETwlb`HaLU^gX
zXJ_?!@w<8&=HzGAOGGOpgbXBND;I6Cxf$p0=u{knvsI=<QFPuJ`P&isI=(ttfv}v`
zyxBk+1o%V0x&}|pEpVW~Qj#M7s=R9cSRh3XNDLsn)d8_p91RQ{NsU4Fr1GHa|E&zH
zjX~Dmc?A-Q{Fm?lVC>zUNag~tvRvz=*H+>;&H`LF*{?~36?knh{wMGKJEvl=#-@!^
zseo)oePdY`;@X$#SI=~!>$%bVCo7efc$dMXEQV&5VMNhWOR=ah%E{k@Jr?aLX<R1>
zlQnHMklOt^x}+bv-h`)5+wF3{yo$4wbHP}HUP66Mw&|49bAn^jx3l4J+%!Gu{orID
zg37R^bkboyBD9OtXR3AEG5{7S)vAw^=DO6WyayyK)S16Qi1i+CPr=LKV@H8P9Rj$6
zbgI#lGAL>RH6BCSLXR3i<tb;^Nb@_cuSdJm0M1luGN~Z&l69QTxfr!Y)c0I(Q#r{L
zbdJewEP63;^l{Y=Kqf`SfLN|hE}~$lz-9s}SKZ9YH;Vf2Fhi6-8j(B(d39mqIlfx<
zHl~ZTpTfcPLX?)-r@cq&XxYm@UsWmv&(Gwa@Rk5HeLplUwFS>R`;(W6r$B2$qu=1$
z6o6}|jp=Zk-jdnJg_Y_71`XG^(#8AwMhEM<O{=fYd=!HP^4Rc@;LT{!3D=gJv;`!a
zSp@OkXayc0S~~XFJ1(zA<jAx}nJ{mcv(J!@h58%pVURbp3{Mp7RH}wjQSuc(uC}KW
z6i_enQLD73?z`N4Bc!b)=7-?AATy}ePBbz7{Ne7N^A)07eP!!;iFvF<vY9Uy2T`rh
z3%V4JLeevTeM8oQop;T!#n!z;SVf!f;@GDAjxUIGO0|hk@*nUve&)VYwUYsU34bSI
z<y#M-EI=9{dFLJ!1n~dh9R&X19kjJHw{Zs9n}N)YnXIjDxA@IL4$L=ocNuRt{28wo
z<UiKmW6fAXu!+J}>i5eyXxX9=Jq<%Y{Ay?Dsj!SGeVm`aqV@9RR4q5}Ap|zOqS7v7
zE2T$hFz=VTmN@vNrjw3m6#6i3k?8VDqi(*e=b2J%JHn!VB;JxjgzN5buSz4F%CUO7
z-kb3G!xnGQ_-o;9pjuBW3WST`(e>3mym*L~1C85?MB#H3|1pC=scl|dxILD#jwEtR
zZ^(lzH9Ikzn@57s>dRY?jF`8yB`-_VUX&TK8M0%_V)3X2GzCY+74;p#QmMYdQOA(+
zckRcT#`ULW)FCBttGFDu#lcAom}2L?Qr2-I#OcLU8<KqE1X7k+*sCgDLr6kAFYj8R
z3apu5YxUN!O5fX?+I)4emCWTG*7oL{8`nV4ewHV83IvW%RIXT{j^HWVl40jSFRp|i
z^ybM|$zsPuqNgL3^0?LJ)Lo^n>RP=Iir2HCaT8wE=;cV`MX_yBTS*a@n#Dmc`#Wf+
z&%tWJJ@(3+j3S%9z#=W}5?>VD1glY6>pF#QawCXjJIvBr<J7X0S!7TT7t-Wto_7+1
z;}o$)x}4J`%gGP#h{-UUQQQzmlXPv69|a9`b1p867*(lriZgnIXS73agVb0*bEEar
z(vw~5R6Uem1hM<mut|^A43j=Sj#q41D|IcOevJSMDKhEo@ymDNc|?r(DIg+~cvQLI
z4UtV%%HsrJ{iz+oT+@XYi~h!k%5d--rvyI09}4?gh<&{k=`hm53~OL$fAdHb|JK<5
zv;4R`$WhM5$dXjn#E}We31I)`!9!wFHL&h(cIYm5bneczcC$1$Fz&9kB&GeeAwl;&
zYc3=b!}sxo?G3Emu0Qatf|jI>l`$QuL~pF)Ps84&7Q3k<!w%qL0p3sq*SCb{x6S`U
z-{f~1T@R(ML!0bltnS>S)#MoKQGhrx-zU>)<0XP{pI3la0js2)t4BOz33>#cT94ZS
z3V}2y*(A~}eW?gB2dKwBqJf-7N)hgbwioV?Zff6jOIQWk>dYL1$533z14_J?X^b{M
z8uR5e4zL<s;>284HGZ9Z+R>39ir6rrQIz#?n3BZSt#X!I6&d6-jV+u2Ua7lt619I-
zZhT3aHmUvLvWNuEI6uN!t(=&bR-Y+^>V0V?NuRL<>2q5jz6Gh-B$emfE^7oUFL45$
zleL&%;A01!ng<=H7MC2b6_+#=L0;Gd^Q(F~L#11O5z+x;d&!jQl(`-XS^D4<a#X~*
z;~oSg*wcu7ae(MAG&-n%A|2nHna1xmG!7Sb5Fe_1jZ|3-m`wVWf8v?XCqkT(3_c~W
zoDOt2=;G838}QKUso!tHE0-z1^b?{;U_N*9WTurhr1bMgJT}-Tv~D!u`rvnFn9Hka
zIF<nFS>AZ;f67c{TSG?OX|F^Q$<Q4b)2$iZJakkHD*TW#at>W1;e<_LVH0Eo@ZFop
zBB3MfvZ_+l(23FFeTobiYWMOP+|LYX9gwglE&5`h)J(?g(N>6UlsldnvY*v-7<R}X
z)Yv%NR^LSTWrh<POgaHFP;9eZ6gcD*K{awzWPBWV@(lU||5hO)hvCc{7(I@N23=qy
z{kiUm-J%$ER?h}<Y#ozRqOX#LETE{$FgJcbeQL1B$VpH`viinS3cXhL0<T{PcPECJ
zeJ?2@QOHrHOfhI<L&|D@%17q+>gRYcTmbg1F@y3DWN&`s1GsY!e6RnDiSzvp(x390
z0C@mhw;h1AMszo>Ku*%1hqzYBBy8+S4Q@lh+(E{qP7WYa8*3{!;PryIHI?}O82o!x
z)7!k>q>A?Dj}7eI{!xa&8+DKE?gSI?CUNig;J2G&yIg++zy1Hym;DF1*@_>!dn(Tu
zr=u`xPwAG$@n3>(;LGr1LCT)#(~wRFgqfeI_NC$Js?i%Sz??+M@Rp<Tf%s!Wp~98`
z2DKGB;Kd#bo;7W+Kn7sJ6*JKu!(rtQh&0lKt6L;}=dujDzvTPX0Q@R{@0oo3T~Pu@
zf-(T;<?7^U0W<*W05u%=>n~>tVm3850gwSm0I=5&j{*rn0EHF3K1L8+7WKrkd&t*f
zTndlD1D^>%^~WZxm5r$l)3uIeeiQ8QZTHpL;oG&Fk^U4FwK%a~KNVT8)iX&)hq(Ir
z?yOhW|C9{Q3=9B*0GN;=;Zf^ra(O%ySt`EZ2vmwCWpI8V%HKm2NHJXY&XXNx@U3}k
z4Dzg%ln4<@sR#rREQ4Q)n}Yih0XBw)Mb_?wMh%fNL#o}|mvoEw=nXvVMive`){%K+
zN*Rl%g6Zd(&~B)@^_r@iuECgl2Sy=+9%HgvOfpE67i$;<y+nT_?biR;66N~Wmnav2
z<93NM|1r3lwfXhm-oe1?UrFW524MLq{`7|$<p0ON-|q<ir2(gIH8|U>;UsqY)g#SF
z3W|67PhuxyQUcsJ9^rFE_MWU82i4`-oqud?ntA&GtgfHYq41@-T_OoLUyT@S#(R{r
z2Qocmi*yFjEaV3My&)vlk)C=uq)K8VwhHRotAwj>+&(>;Lg}g%kMCgEOvAnJ0mkVr
z%<8(#x^jp{;1j~oc5?h#WM#cQ#4t<`Om?w%e$7dYMVN=!&f5GnqLT#N$g9!&iNizZ
zO+uE&k?IdFFwxxtKkBNUuw}!6AEHsg;L6PG6S<pMrs$g#Oz(~|`S0)T!f%TWU|Xy}
zTC<LoWvhX`Jb|-FXwsWoV%-na|Dr{MUUz|W@ZzC`FICi?MfG1UBN|-J%%vo=RWK&H
zwqaSEVMmf-|GJ^~O`VWAJ*|S=U@-MqOK>rIV=ec^3k7+uzlpucR>A0u^2{nAQZkd*
z=rHYzGfQG@wM$D`T3huRkgU%y@u4P4b=P=xkw)3R(d$MzB8?cC-54BN63q&<b3a8c
zB&#?3{N2Y!tF^0S1C-obU$IRjj_#okKXAzRlK8^^@u{BS_`cxjlB4>4yiC8k9@?3N
z<U-pIWkhYT=z9~h^Xrj&6D(B$8|o|3?QOZG?fgXb<6PU5RoXlX7J|_oCRRqJThj$N
zM}8xTSSVg^6WOLmqir4hJTkmnQw*lWLsDXTKLi8%*xUE6y46AhWOt$CVC)VWQ{tcR
zy!AKO=h{$6PNCO~x=CwVb8To;T))`wBp6@KkrV>h%H;=2UR`~GZp)w5iNEBD`O`Nl
z39`Ax?>BUF12}KN3;2USf9mj0u*(5pyTvZ!AD{Ra_>$%K%E5o{qyGb{$F6?=6%t!?
zz3f8>C%WP8XaI+@m$*8jOq7QzFORhzHbjSF(GV50*DI;Umx@M&^ki_JX&h6Cmm}1@
zkAMJLszV)}{KkgDy10*44A~#%MZ@y=WTj$>6nCf>-{~{8lKr~@=-7Jf>Pl+oR5j(0
z<`>}kXKm<e6Te8qYMi7|^d5d8qWMfSG<1(7c1+^wfs7o4(Yci#*DRB8d<n`%<{Xf)
zCZ`yW&~5o82LyoUVP%@5)ya9l66+Y8UT#L0R<^{uhS#w$MtLxstYrdE{V;}KHxI`l
zHe@B0LZOD=5HHg;@zP%tFUH-n)dx?0E>XN)SC{rqmicqc`QM1Q;^*oAZct((Ihq-`
zID+nI>CeJ5zqTAn#mt?}Zw`ok=NLpx=0Eu9$C3WYGNA;J-!7ATw;%Xpk^JD>Wc@wU
z{$Kk-zoXWgb{dBB*(t4gSC4yHE+&4j1zJ2S4vT2g*z(PQc3iB6Yln6wZq+5A{KANd
zXnjUOkvFB5EFBcD8HDH87B37kRvc=`6VXNS^m-ad)U6PpACdQS$nkg<jtm7?h8BxK
zU^?14Ac$x{oZiE-6j`*<Yqs>y%hcMGX(a}?pOtld&+FskMFLevoxW73StiM^);L*3
ztxO9J6f&8brffZ-pV}dl)=och-||so_fE2mijSvx9rt3pOsFHf>(qBh=SXvI&@s43
zzzR|2RcqWJK8*bak~Ww5OQ?4(R)bn6pUpDnsIa9%bGJ%PQ!<tgCxEmD=vJmlQQWDo
zyTmEE|3^t7%B@Nh^fNxLU7ZOaINmpc{M?|?{wt;<5SmH^mBGh_^>H7et(TyfsOY#Z
zoKeQU*c4M*?89M0*tHN-+P)7P4(Z<gK@fpK87JqyXcJY8plt~&)njo2T3(u=(r!AD
zdyBks9jt6x!lCV!_d%7kyEVt%r6z+O4?jKce{I@1kU@ag*wZZyxv!6+_*SC#(8cX@
z1NIWv>`P|a93(*(YR73Rj2Ykz0r4E2a4b2WdGQN~g9dFH$gm@r?esN!|J7Xh&Mh$f
zF@bSg%VxWx(nl3XFSe{2c0=BzzqsPwcxW(&P~4*}r|$vnLhar@1*^<p_}SKIn!Ck@
zu*+@EnXYoMm%$iHH<ZH~I4(qB$i^Ya4qj1abW>FsBJ!H$u8n61<U5hUenG809jGwC
zPtC8MUNQObXQm7Mm*Dj`&~W~5g63afwf~OC{09t{H<97*k(jx!>>6?zj?)gkv6v5`
zfDGFQrqqlCq0C5LAi~{q8NEHw**5;*D%(A4rP?#Cyf_%%A!KATZPmT7)cU-+*0#em
zG>?5eKdt&}dDkxR>}k{CIb2`t$T?l&zl)Z%DKG%orln61-lvF$!EmHg^yL>nF_<|R
zz~tHzoIhPsm((iWK<I8g_6<*FN4^)vryA@+`zrUyZJ~aHt7;Eq8|ed~+SPtFl`Akk
zbp4T@sDz6-mC?COR~!;-Rtgp6RZXBy=BtWUOgb@S8m*_BW*Hct9|<zqL#XFR=VCG4
za2Uije_dWL$c?)NiCt!$fM4S#D||vz(v62o^1B3s|FR0h^&eJY{sp%B?|t;&@zUIi
zuHhphR&{O`*0T?<Ln4dEW#(Z*w~e0wQwq6ah*O4`jPCDAw20M&<#x~_N!yYoW*c`D
z#bZE#sDt|o!}iW519NOE6$p|AVZ<f|KG>sqtpRDz2@N)AVZ|Kc$jyr(L#;B6`jux=
zXg1;GYz68DFgklp19VsqA<=g%hE-NZnmP0nd|wzCS!v;VFA60PKSS;!qqPmadPi+#
zr4L0VujcKw+nyk`@SJGgHVRrVv@rdk>(lm#knm$eE~1Apy^xYhr1%#eXox6=70zny
zdM<4O(%>rmDO8Zol$u0!vtiqA>kYNMg3WTY!agu%7Ed~dPoRmsHbjC~3n%_($%=a1
zUOmZ`ha@7Lvz!HLB?t%td>DVlON_mkLl1pD++AC<D;QEYcV`w8bm7g5H?7SgTkYE<
zOHh(A8fEs4$G8`%*v32G%KPo1LiJGAvL*Eul>!#c3>+rEJP8WhMbS;9m7%AJMtj2K
z8QcSrHG|{=LJ>ob`}(yOhvN(#nJ5wkHq3(V;b;4!dF%`qb`$kym?~3GI)!>CF>y5Q
zUp_Yn?{TjV05|iB63$J)>!i}Y*t-mX2=PQl9%6#imJvc0*zq&ipqzcRgu)10Bk*u8
z>R31kRw^9{@wK#|*Us~=ucJ)E2%dd>L7Wc;2Zu}VuMO0Z2xmkMPIsIZKOYyWb}uz!
z46aEfU+%pBGUN16@2Nk=2YhtK8;366wHUYwkRiR>?jePN#<7L?>+u)f9{{AR@O_U2
z0Tb?~5}k^)q&yHGfP0G_wC|Tll@%0JzZZAm0B{1>fSlKuV!JKg_-FI~ZSda#=s9bX
zcR!WPlls{@+IywyG4Dsn$BdiD;@^*#1se!i=&PHl20m!9P=$cLT1-!)uh4;wmg%PT
z**(91=C=Q`d=E{9GA6=g;A!ZyO3i$*t+r-~Pg)Kh47mP&x`qt75TM%D-uqzQJr|Iy
z>c}5g&IWbF-*LTVZ>Z@U&hV2dU8@1tCW_We?Wr!G4JG>!1LyC12*?-Ri1Dvbqm}-s
zHCckjg>o4!r<E?TEqq)B=h!_Q%G%&L>9{x-I3kMT#GOkeM7!<!8ij$0J2NuE8i$aX
z+8=FY6_kJg)uH=YN9z=AWw_a0_I!a842(dFc6BtvL4YMBC3irHd2*qQwN~L@22kG*
z09uMnpQVzn-S-TBS0fUFIBc0Sz4ogkFao25VNC27r%v-5KA_Med$|FINf!CTd3-m?
z)+fAL@u-T@l$e%SF!sCfW4XDjLV*LDcr1>5Qr4*1vg4nL$Kr#HRg;bE6(`h&&Pd}S
z^3uC0;^lGFoO5j59=|0c8DeH^!Cwspo@x;I!S^Q@Ilk2I(R!o)q{iv%JqY+&4IBG-
z^UpxxccEPEAvLWyZeL2*+Cr)34QMC`>w&OP9CZXStvQZ%ieZmiuvSrnEB2oWyv%`r
zlP@*0G;6#WS3gu~FKQd{r8|%hv(!5-U0o&q%(g2Q1^6Z1RA(!ROINSfK|U1QbRo+b
z&5*QB%{);QjQhdKrz%Z(X))DDdLjWgM_}pz{?Jv|AWHepqy4QQN$twUWH8+|n9-KZ
zzd}j(=Xzrl0J7V?MFLSXCu>tP7XwmNkQK<t<}s<L4HLud`RKcHV~9v(AVpc}-#ba!
zfGpS0y2;FUb0miK$L4?h{=YjGvrL8hDQY&9)yed2If)mK{Nv0qW~@Ua$JgLw7M$CG
zim<ZOTJWM)WLXyd6OhOH=FxBV$k#|VKU<IkpEF<|EM0<Gh+c(&`sxWfi{&1Z+meL?
z50V|j;4!EPvtCVO<R$XWY?-#h<ruHN6L~Jan|yR~JXtS;4e`h;<&ms@%iBrhG)z{N
z5rZ%86O*pBX{?{Yf(MBnByd$e-Emd24cA5sP$K(`&d(OCyDs%M+0UO{4u1!9V%ZCw
z`$-b>T`d_+0vf_JC2w<^7^Vb3Fqv;^a?;`xFW2h*@nn>ydz-M*KAiMlTwI4#KWa&2
z=KG?=igv!!(!*-bE{dX*6w+w7=c?hb;=D>7(LvEbcxL{&qXtUcT@|dNP35G1bNQ4n
zA2?caNv3SvTV%TD1PhaZ<)_w1vj!fG+i77p*#H0l|Nj60AphScd!F#f%Nw1wTI92#
z72dlccryVXs}tgA!}3C-S@>cSauH!-o78ZD$uELJ?rv3u;Bljw{BYQXXyA;sEY438
zk!#)4&SBA9(QTHaUpAvs5jfJX6Q&5KE|P`3PlT~RsI`!E2A%K>MH}McdmzxhB^V7L
zCVR=y-gaeR_T2Q|3)crxgQn|ioll-qn5<;RII*RaaNG}1OK8g6c@tiJN)@K9*}xo0
z^4N{CSlO&QkbT7@$_Rz(!32KIh8t%wd8X=Js&ET{*$?uD80m9^>A`XwHN1F-8aI=R
zpomN!0O^~&`Yx=vVW3RuVZoq)0A>K=O@>VPJGbpMq+ns7P3a-8by_U(s;-v^4?RC=
zxgsTg!BgohBAi0|o8Y?sG<<D<iUznqqIA=~U-K7dQi^&SeaCT&R5o2JFqP@-gQ99m
zSTPIwzQQN281E&gAKk;G*L6$JMxZw>q7sBLf9TL1ZX$I~=cn!n^D1MT_C1#=_5J;c
zdO=Y9DTmIJs3;-Q5d7_3nhyRtZd57{Get+W3?vONO@847DrLAONd{~n{zN;hTHgzd
z`s5?MfS_i(&S@(@bY}#Fs&@b6&)fWGXFH4~v<bWq=SP*8Dmq%>up?cR*^=I+myHoU
zF+gSaNUz{FM>NzIBISs#Jm>ht2q#0-*q*L^x?OlL$DwHI)Ov{(O3$p6CgkIEXH3S&
z)>RAkN~6VRc+<@rTQb{<;iv}j#4C*WD}V&{I31J**h+lgXvr8QS*8c`K`WyO$_Th=
z7X(#`5bNOiMx11FVm;|fspu#U88FeROvSXiV%#AQ897^n#1fW~WEnEL<AT@>UZXaq
z%ZMspvhjE|Zqdy-m-GWpvFv>Nh&iMj$%VB;{NLl*MF@w9ZF)b_dfFI;xm9e{E%~vQ
zAk(lS%6~f{YhDAbyL^7-!76a#<<9$qs>?WH90Y=k>BCc+hJiMsIxFKCpQE)Ntx3)b
z5tR7?0vpdz)m|LyWp^{CQ=WF@0=_U_*J63204Opz)2IV~>0zy})o)P)0>=eNgFegf
z-_Q6;j{yH*+wT-T<3{r-yxBRs7E572MY*8{l`=~GUH!oW;M^)DsG@F$*OKo>!~bT!
z{!u#s6X(x&NbeG;-3ZEC^#{mubKc~8P#f@v=KtH^zf*rs`&(ME6iqO%_Qu?HC=Q+z
zynGV0kKs^+Uy3%Hkq2_rbP-VUdU!HN(J=l|?@=}9g9&LA>tl<MccYP`G<_>q9N8(L
z98CE>dgJto7>pq-m?PfRaoV=`D5uZlr4k-LNd%&4f6QZSo#1&~L-<0!LqZn(Sh~Vn
zB7E2}Di;Z2@YBU+bfcxop^q3?y9pK6{dqJ15p0s+gA>cf=;t0tg<KyNBxfgdxGzGB
z4=3pz_up&g@n$PF7e$J*cPWAr=ZyS!=i6N#WEc(@Ip7S_p-PuX?bVh(x9Tkha0}^F
z^sMMmtLzODQotEJO~7x4G8Eb&;j(qXfUzqE;OS7&6y9wa6$1S7{+%ec1~?C7_cvvv
za={N-bcdc<2Qk{J0|am0CV}F*R%Y39SaJZtOn;uyV_~xWw!O~yZHjKgckQj1jU2E4
z-5k?nx^DdxG4sni{6fWgxQjrMqbi@6Ja8H|Bi=cl4@PxFg8A%ue$XTHE<pJdb~xke
zz*|4fQwIvoVo&J9ujITaBQQO)9C8j&Pu8o**Ln|`3a2Sn8|7t4i>)Cjv&r>MJtBzg
z;d_DFTW;CDlKkblh_G1vl2?%C1W1Ttn?_W{J~ac4&Ve5(PP|~BiF=PN*0yhjH@tnC
zXL?_G;yGxKTh1sa)-7HcRdqh#MfON^v5G_Y>np&HCsgB<7)iXI9X$DSYk_S-Ncl_x
zQiF3p&K=zg1o3B+o49JjIotZ_MJKC~T6A47`dFEa$#Ny}*qH`B;CfQ;9<@FMV#uTS
zlP%Sv$AV_-ibA;t)ozelc8%1h*GP@|9w&D>w+fCrAobUHhHJg&Pu)gB`G;DrVrJ%#
z-E17q9ll!^kVtUf6c|%$gIhNjfP;k_$PQ!$+$1Dm`LX#w9QAj|>^IvVc=xWB&57Ed
zc&DyyTYH)MBf6x)a-JuSs}R|mewJpx(Q;39Qrs2ZV{?k-`-Y$AS2&nsVVk6eP<GrJ
z7&h5tZQ-c$`9kjDANawda>d|}p<f2q9gOG_6DPg(wHo9F#y1?~43{Kgcon9-vFs0g
z7|vR<Nsg_8v-bvfM_q3#4<QA9VO1}~W=?7~2oYPes5!e#Y8Afb^AXE}E?XO+tB#1)
zAPRZ(gP2J#7Q9+S28;G5f>`Kbq$n;}_52BNA)l#;Cu;P;c5LWrsjTS*@QiS&1O>!M
zaZafFsVbml>NbrS4kK|?ytU8K3E(;<4714__q(FZ=gxQ@!7Sb(vjyPS^v{q;@bOZZ
zJEo3OqYeB(c|!a|lY0&wV0;TC9e|eaFFWLN6>$8|rp^C{#r0Qtfer(&A1nnPd@2GC
zesc*7_E&%nf+UW!I}xc|&Ns;VaM*!*P&hu5xbd#djDz3XnnW&qcLbH}v2LNV(ICd@
zF8z$n2hK}Oh?lQ<1;{OD448bz?fK^c%fxa*_>riS86yDzj}(nLuf8TEI=Nidybq>4
zpun-Dm5<Kiw$b(X7rs!uleXr=s_)BYCsrKpjJB{9gD`wuL1ZReT&n(Fr4)7)=41j3
z1~C@WiNVUg-XJjzIid-9^LSD9?ZU>?J9xNcqxDXvs^?<V9n>9_YJe=>2@ZOEs3UFS
zt09KxSHoXJgwQ9@DPBl*kd+kBGJeHAt&+cg1kfV8K#yf>6W;a6Om@0TPV7i}#Jv4N
zV)Dh>^o?&3^7tCC``3W|o>xkk-~Q#1C5fM?*ZwH2>SEg8(l&<wFjt~d-xG%;V8W_P
ztAJ!dZr@X^A!1^P+St0;o12<BlHNJ#*uPhBMa0BckXBI@CzY^qvNpc8OT?{>ZR{OD
z#^1N1ATdd9``iuuBbky)3V(N3uzx!+$^l?yWBZ<}>ZZxfesf^-zv*FrCuLqM)Pkk+
zbIgAkk+!fzlP1}jx?j_G%Hl^SnkbisPeFz)zOdR)sHCP<5&xd^>b~XH_;wrp{8Od-
zlP28;+WHXv$Ak7Byp0F)Ah@)*1s3?7;4d7CCQrKO-?kJ))TbIWg6HLrKNyGRk1ao~
zgR?WPwB0AP^gii!$)t4fSVM|jp5|Cijet%?{3s5Df7Jyx``JDxsWdTU_{qx#0|#Vh
zlgPPybw+vFKJl1<{al*a=_>}c(Ab<M1=uRuhmm;qlEt2c%`f3vZ_@8Zb0Yu){ilSm
zq?z1>*NQJ!jo)-?*vT@G6>E7d5sfhUrFT!6eQr&<S7uv{gM~P&-$V_5SD-`*pa4Mp
zhURZj4*q8Xrxwz?f}^F%ZDcNix&gh7tj0Vz;aYUS--iK*0{7>{2EQ2r>{rN_&Ambl
zv9A5nDOxRcNZUcgGypGrmH<XrQ1DDzA)23f_km4oOTozjHDCbk6;bH9BR)xxcx#oF
z(iaZz*<(2t9$^J7$)Wd%j14{bnU1}ZeY_T^WmvO(M-CY!(2HPmj;?2??D`rIn0THo
z=MSn#AB(=w2e_NEYWJp&oHBANJDf+BCR1tKPs0&EljmFY17<@Oop)T)g{sX2PAEb)
ztOVv4ag?I-fG^|8z7sR6<^Q7M7+5P2E0F~D+?SzYc@=GCHgA(Q8a&AmM*wV<u#m$K
zFHcU{xdT1ldV{EWRkMvlrB}cyI@p}<kxG5W3!7~1Uc8-o=H--ui?&4s<eP1-s2hd)
z`h|Ljd=kmZQbRCXMO8WQtaPJP`k%MCf_^}fq{w&Nz+qxY+Jg)nLH48%46KdJKn~Zx
zeuo(>Caj8qm5GhL@eg$aL=_$=h$-A`2+5g0Hg~*6(Dz6lO!B+;#6?AabFPf_TCe*D
z`&|De&-o8Fx*#Pzn4Jdvv4hT?)?#tSpBbhe3n(MP3<`t!BrhXS@)3bUec~UDf=@<T
za#}k(cL}FIhSZnkh`^!1DTlW^k~yMPth)>)v=+2tW`@_$D%3(`O<n2c5Bp-luv;?*
zv-OwAQzyG(d@1~v%*<_J$;E^oDVNkSx8Lj5e>)@z1lxtwaxZ)CieUddbn&WQ0t+7D
zEN8<Du8$z374NA-EA=aVq|Cw8>>+Jbz;YWFa2o=EbrjDhUCinpBOzI9<b|0o|J(+T
z(^utko^**ljbr2`c+<w*{NWW50}qb+bR74)8!p<u=Aw=36*+jfBGq5B+H`5-Y)InZ
zuEqe(mj22`hClBWk$uzJuO|=hdpU3w8!M-qiE$v6W0GSMWdZ^KOt*7L^Y<>ltW)vb
zB>bU}#%;Ot?+fn#7tioJ=2&a-jsraIn|g8|u|;BVi6&`b;maAu7$2)cEfjN$UF3Rp
z1G&C{p3Wfrl|RzGG$lm>>ah6<10DQ13{*yhJW(CoVYWEZZHFN)1{i91cl*z0iY%vH
z@nhzB6obOmZ`LMAI7Y&GP9u$0ur$m+B9Hl4zHfwFSFl)5F*28eZezM)ZP-fIFh4cL
zuZTBD62l&|uM%vr@Y<2`iRyk<YIk47Tv&yzzN)Dg2BD`){8(7WI!xSypO-q)v1@&F
z#H$8<{QMCMd7AIQ+*hP6A6>}gL0&Md5E@&qk|)-+G|nkXOVF!i&j==h$oc5%({Ory
zpB}xi1Vl4SK;%^;kuQz?7{2xA;wJ+PoP$lur_6+u(hnCiRSN-&<$k~Tm2WM_Z_!>k
z;yI$h!grSAwN=Pu4RUm_v2t*@P5N{<eSgf}50m%D+<h}9e?dSmDr7gGtAFq*Wqj@+
z8D!D9R!FqA$+vZ+0dlE#*V2rl;#hJ|X5#8l*AGa63CM18cDGhsY7S+%5PySLm71u8
zvP0AudKIEb=-;)v#NykYgDBbG4ctvNW${(OC38bE*S@w3Dj@2qw-pzC@IVX$2S&>!
zu$P{8B$lj{7R1n>q0KrhFkUn18oaKc9rNz0Gl`|v<71-Kd;JLY1MN;FdeY&XhfPOu
z=z)q$t-fwW1?>zwgAJSb81?ePj+O$AC5~sS7!;m=ZI~M_njOD;9*+Dm_}c<2kXf#@
zv$p8KR11fxRbfK?_?xCy3-*U(3sc=6&R-Yk%T=l6<ansp+-z%;0sNtet|1S72X}ct
z#&Cbo5+cMW0d@$9b^gDpo__x^+5Trf{qOJn6aM*U;^4pG8Gk1(hJ_*`>{ny&eOBtc
zrwWxaR?^<N5w61<a{eN85P6kZ5GH9ak4`bQVwN{oy~<I^?(IjB*ayOwCH+$t!7gGi
zG)$5eb?e3%Y{iCVI1@$8`2an3waR;B4|1oPxjhN9@+mV90&r4FaXdxSv9+F8u*F`E
z8&cy*qzQiL{IVaT{-MkrIbzlxU|}+`B$01BXEuEWB^BnfP``C<`dE0Yg}aqy+7M#D
z`YFFPXT}Qi%2*zCL|>ztXy`J9K;bAQw}s?0u<_j55~@pN!D6E3F{Mt#f|)X|T{T5Y
zXplran*w80dEYo0{^*le&<1v}4wCEP_!zBF4+iBk3Z=?kP=CG?7f%3w5kH6v#7FB9
zeR9~G1wti&60$Z)4$X&uw=4f9E~Ib8#SQHW<nZP21ati$F0O@yjj@f<ZCdKvN&9Ke
zek&yeQnJ!d?rlwSKX<Jlvd5Di3t1EO{~$O}di=D0SIv`58T4fWdD-enATr(|mI<Oq
z9@fsLBbv(q?kTY!LI*P`vv5T0oRoOWe&0f~vn6Xk7$Z<Z?&D_WP-wyxYsbU)l)==E
zQ(Rn&^p^7&Z(a&Y;>zW9!6d=Io4pj|lMr5fwDJ&@kGGRBo_(52x$IN_4ii8=fxV8B
zMAp@O<^Y20O`>xAo-LI|2B~S!r!Nue21jwuUV?#9YR})Vmrd*+<3B9YJdYu)jQ_As
zIBuG(1BKFt7*K>8&;-E9>1D-+ZbCkP3GKW(B@=bQhMV6<M%xAu2NJ(@ZF^+ERmQsl
z4!ThaI<6%|%e7Kaa3>{TACecm9}f?EaD>^vce-8pS1BR$Ga=t)UqHaby-jEGy<V)n
zt&RP+N%+2F4T*_%+vB_G_I*1X2n28fx!G7){>Y;Q1ah;p+*GXn-@MoFP+Q5)G*xD$
zW)5Swj%h|&t1$J3O!9PJpDQd3a;tS)S3(7TPWxE%{bzA{hz~%6Njg@!!Iz#0oZhI-
zEGf%G$(7MB=LWcv4rd82ls=mE4O<s@QjS!J^d~7AF)dv>U8WT4Ni!v`a<dvgAuiC1
z88zjrnZ6WmQY(gkVh>FmF)tS6FET9ML8QMog3FNj;iRxLF2A>{7)~Eq9||qWEenTj
zqom=CN}Ri&81yCnxO886E;WU}Fqi;|o%Kw%5DEsH5a_#Gif7s7F*!5%g_U&TxYdG{
z(GTjpN_#vbe?^;UwM4{8*JIpems_=Y00HkFMyfP(sO(oo!x4wgXm`;&)Mf(w(g2u$
z*mzhFP%y+$V4`5c|FYFsDF)Rg>@5{AE6)wFvlHmPF*s20?MToyju`>hT7C{q4plJ4
z4>)%CHdlYTi&Z2=g}*`eU$Qlg2;hXg3UpPFU8dYCNRSbga3FW_Jo{HGEgr>V>BrUt
z&V|aiafkC9Zup1kfOFP9qb$HiiDTE45!01dKXV!+ks35P;uE5dOR>85iBbXyw^q4u
zwlFq!h;z(llLn4Q9-oA#_>ng5kegt{TJab)MJ6@sBl8PM@0#JLi1>Co1yOTHXH(fB
z*vJit&-Kf7qV=+jSlM6ZsFB-?BpqR<LPvP$0D*&}+`fkQp1xF<Zn02PGR2l@V~1Uv
za7y8H17OY4Wm@%`zmZhS1AKm??bFqrLTD+E<NLwg6(pVqMo@`_tY*w6)fm^bU#CcS
zpg=(~V^u~XwmeVas-*Q2=LW>r0ETS5264_Eh>`Z5Xv5(YmW%l8eW1b982&4WrT$%D
z-Ng?<Vxs)i<0lAT<Mu}gvjN!IHUAgy^g94QEAU%Se0zL?^`uMT)%c2Q;-d`VW#m*L
zN?h((R+Fu^<$y{<?XZyxN-cxhC3JLQLL%$E#uujx#eU62QhnJ(t!+<AgasNCKGG44
zKN*E2g4}(KY)Ys;2~+;6|M(K6(u7J1DhW|1zZs_+PGLmi6ifS{Ul%;}@z>Bd!B0DF
zfFf4P0%ord@!1w%gy22&rS2J?>#$i|$mxp3$uUNk6>A|r**r5^Fe!5`u*=`!NHBAE
zDX88=VfJ%hskaZ_&9jWyL!BMd5Nx(@5u?mlb*TMZsm?4yomt}845oY_`&PwM5|JYa
z#iRr-8HY{1)8w=7>PK7Em+?zXwAdOU%`g7f04&1NfO7`*^-@RHz5DBDIUyoV(aL`l
zz^eZafB_#BWR@TCDBEk*7v+QSie4!3x@=``k7a8wiGw_lUumt_D%K=GV^v7Mj1q>$
za7ge*q9FU)g65--rfGkif>O5A<TLMXqccW$bQKD1E>Z$**Z;hX`aM%!q{WrpTx0cO
zYKteC>ixAxc`wxIDzZxQ@u^W$nc%8+znTxF62M2T7H8id;9&EhtaX)3#4UiKCT=iR
z=FrnOozCcmc0}AXr5J^~2;HiP@L2{Nae9C4W0_&h5(5CNKEW=GvR#Z`37yCunMlB>
z79Fr47*PW((?{kaB%7C;CJcx3a*j-)UFrTm>fSmok7Vl>4(=Y@-QmGqgS)#s1c%_k
zCAb6v1b6q~9ta*FxLa^{3-UpdnaRv#X3jnDdC&ds9}hpOyP9gA?zL*~U3;%G#IgaM
zxa^Y3dRxKvE_{tb5;v9ReVtj;9`HWHqpd#qV5^TlfVlBHfH7u1rINkeY?L5W`#A8N
zOX5$q`u|>uE$e@|#Fph(4q^W-=*0R!D6Id5dgA~7Kl_h%2ni%4r5j7C9&F);B$v#b
zM-#U&P9ycw9VPIUDrA;X04n*}QArO&ur|>qRbj4RRpe#8a&1MeWYt}yCxq(m!LwNt
z162JXJ-F<th0CQ514tevlpXOtb)^8ZHR?$0w4Jkz==V(GQ_l=76eLF?H*MvmKLwk+
zciWy<%^^F^x@$|SjJ|0_b<QY1%_Kc8!-+A)SUUv=J&3AbeX=^wS&exQ+;GahzZAN|
z7P@;nS$uqc$Wu1|BAN*k7l*&!kpz?Q_4L!bVk(91$Z=5d)o?@6SKQ`){dc0x)Sj{*
z;!5FD#y&l3Gj;g<6w-5zFU_Hj33^DIk2&Z~$iCtxDeC_lm5pAb#(D4OcN-4@P$$ng
zu7S%Qck}oOx4kBj0O%SFO<^U_^K8#0(l$Gv=eQEF?{?;;yC9bszzf?Neb|UMp-q7D
z)GeDBpfElLDul!mUAVgPh|z#FCxDygwX)`hvz}T9kLJgyzii)IoE0csdPC6r(Fm2@
zr#E&#)1MLs#U^4FcAgY?HaiqkXhgsb%v?fER<F;~*8&E(kQAMxde&>h-<T>cq&aXw
z#|O=i7I9$VHs6=ZisHdu>Rj8vBEwuhMY2Jxj=R|q1Y?{XOp({2s7VbN)jY^~Da>yl
zQ49YZ9{dXvi<n(q3VCR!u`XPoQ?iiTd7Rd{HX|fcwo(lSpPAONphN(>lArFUO`79k
zq>21JLyJdlBYEI9f(LGc{LXF6GUKWQ<9oZ}r}Tqtv($gwk_X^Z@V{MA#rm&SUHq1G
z^7E>TU#N?L?XRfo|DpfoA7%2=55IV;k0p0!52a+NJ3t`{!@|*6n;ltdikXS4v)#Zj
zVZL|v8bG9tW5!wEk%r2{8L8`yX9cbe9wX5OZyOMbjSUAju-Va=M+&EStK}bs=myv9
zXhLtnp1v}!B(#GIkp|IVv%hsK14DVn>z@vElw5R);~AX2nK5N&43{PEzTY%Lqz6~8
znX=e$Bd-ZlmQcAxw*|Us5VSzuGbz(9WrR0B6r|Q5A=_sLfs2zO(KSvVJ>X$ykMp6;
zbcgY_H%2RVCZH{;Rq-V?)M;2sG=98=LjM93Yqs;0dyt&aIIlIO`4<jxGCZgpZ+Cv$
zolWw9-aGwU&vlP@-0_ruD*@kKQ+TLsu;1;LAqLB$=0s#iRZQ+@MB$3mCRr6-b91<5
zItFJg+@iesdSnoUZ*PXQ99Oj;kJBk#YFEx_)5sn+yWprUbYddNzmaiG0IAJ+x=Jr)
z2YdXJwUAIjF3_&B0j_hMR)m<iM>3ZxQgMj`TLis}R+O3Ow4UDj4FnGn0ea^J+E(Y3
z{Z)^H$08a%Y60)91$j-zjz&WQ{`hBUBj^;A9{q+h4xFHdx@LDGuk*WNe%G~PL>rz+
zY*(kyPPQsS4F5IOCp(4&iS=7|OrVVdJ?+3(LWTsXK7)dz6MQsIqlU@q^O3pB@ac2{
z7j$u=Lru3#C+9Hwo}SUvKBDi*0sDD~+H8?p9Mr3zhwkAjVP=nBjQ0accszJ9M!y(A
z#nl$K<~69ChL&YB*PR)ECjk35wJbkuoc%8rr2GPF#=nB~|K7;|1j3d&RQLNakC&z;
zen##+f{L_@=l+lc`V&Cv7Rf?LWd}~Tah`+vfJQezUEpRQlfHe_aGMN3a&tyNYAol8
z%Bv>~LsR<}Z-A%wK*GMfu-e$JQ$_<rdwaU1Q}L?JC_oEU`c-#r!_teb5-^^W?qIQ{
zMv5MgWx#7A9fdY^TOt<KS0P7n(0-Fm3=Tlddj}$ROV5GxS?r(3Cz&ku<GAWhVS$?A
zi2|>u=&i8E11%1+#4NU$c3U~Cb48|1M4`qu2{I$Lb6i!B^LkE%y!cRA_GUD5A!#+C
z<>m60Pf3l<%_RKH5_35mmh;AE$b<v6>tz30*0T4D#UrPP;I?)w{}u>o#^nU!Q9}<S
zS@ks~zC52!>}87i83;9Oy=dlZnPtxc<qODKB<l)~?BM3~yVJLs@!XsdKv_1)BQ2v^
zqtQr2cqL>8snNz^6mW0wO*4Uo8Ds}fu0ir#Qxq+xXAC(ny(dQ#mvfd|#+2<6SU6i=
zZ<m$`Rz}$@-4IH%7%~NmPbA6ob#KT(J-L|aK1ei3bgqdb(g{f~I<0d_=wruB?6psI
z`6yXjhMDewOndWQpus1422F#Z_UfITH?mlwy@Q6jV!NRN(_UWh2nVq3^-_hP31wlD
z{2oAw=&9~>5pMfx?BV4Z^~H9di^xP>^ldI2HP%xgUhhM}^f(9|tB(Vc*}~yP$eUFQ
z8f)nun+Qa>8e8g*N&M{qU$Eu}Am)7E4o4Pyj9#gcUh?l`V4sQoFtI5*n>#psHID^E
ze_5{sLBaU#u%fx;gMszC(n?ka03!>4or#f|^()qXX#VF0`lodK&Z8i&Q5S{__TI~m
z#Ai+27foy%GIkA;kvR^yTGk1rAgZP8Y|rS?dGLD%%@EsNN-;sG5wB@n{mwV*&FYnp
zL51=-u5Lg>@s2X3$*=U?8*0}wQEGPdd50}Ot$(@J*~5L8n$Dt`5z~Jt9&;A}4aU1Z
z4YMNKI2Xru6TQXALi7orQ-(Ysr5rVuaYi3bR9a84G)8pOPeV>^D<rgDJ7aD>Q39XU
zv{7u;uZC?$jI#{EG!h+R6SVKZf+1+Et>!A$&fV0gt|nSS(A}60U;%p;wI8>B{Ly!J
zIzwXjyi#&aIAGn%<uxc>vac0uK_`O|exM%=)hP?KORw^fK)L7^AT6;)KOfw`p2AI+
zeHy!fz1+{sp}m7kjLH{*FsW`JpQXbe+pmhZB|FX>h%@+!3+Qz3X(DEkil=61AO~u6
zHX;oaqqknw>o%$y444$paPebA39qYh5qiv+ti(LB;>IxUb@(Pxh&c!OBU>YS$g6jv
zxByF`ZA!L)7&DV5KlVES00960001EW-**nWQMp6>FFJZP1-aMc0!K+0_Qz-bjuO45
zol2!*MvGyetjlqiAtE915|iz=q^5E%M3M0w0BJy$zdy;R2A;gnB<6>4n3c@kZ~zZ$
zPv2@+FBZ98r@tJsOBS)J??eq}cLfm^JLuG&gxn9}APTI6Lr{BmVOJnVce_1-|K0N_
zelXhpPZDI&(?7Pa3e<3Fa`g+RG~>KaxDHhNU4H9NJBWaPRlVc`@Bp~Lq4WYAfz*K>
z{xE<JK=Xt2CBb*E#NOD}#^G^0G*>!@$JhH;=j3M@{SI9|OXMT82upE*mA3+3ax}WS
z2Koho7UmeRj^Y#A{@Vfy7&dApaw-HCUCk8cYSDAiNGt`MxJ_6&dZ|<RUc%Al)1Hkk
z_U+&ZRD+QLw)(~CA7Sb^C{_F!Wda*{I;o~7@$L8T<THo_D(rv_v3$!7igZ+w@fZ8&
zU!=EbyGDg!FUhShFx(}$+v?^-O_f{%*Vv5e&GSnVec&nKbW6j+5{-6cYVe(7GzWQO
zjW2m<clX)UKE0w<D|Gcbk*M3h9y^>ko^OwIX~?+oOds@M9<NeEfJh@FO`B#@v)8Hs
z7S^RuuS+EoNCVca$sE(Q6W=o)to6ediM-C(xTNCVG_eLNh;ddsNQnU8L<Bn^s?4~0
zykZqi)8z$jyqlGJ0ac{?LPt<AVxqW%OAk-8Jc}dM_>reMHdP~6Gilvh4IX>_D3hRl
z*a_(|Bu5yFI~b6gEM?W;JBj{MO?0rH<8WdIMfMR|3qIfaa7c>_9RWw{4kS;AVoJSe
zKK4FUM7U-EeRs~fK>AE6SkT+_Y-39)DA?eJy3zW!*CBxG@U^$kQGsMk3ug>ec>N(w
zMmkwv=J6ulyjmLbUVGA9cp?Ly<z{hZVE-9Pb|(oQi1;Y2(PM7T5-Fav^7x(M(-Ckg
z(=flY!EK1Cw-$K2tI&;9Qaez39D{uZQ*_pkEZ*|K;tdZhp7~3ja3ep?vojsp@;}nJ
z@V~^azxfWo9e&hi{3(e8m{@)!@yF(WYM6iAQh9aXGn51#*}6cE7EOpNCPu5TPTN05
z5QVDASk;%GSC!<WTqr43t<B9r=5QN6Fo^`pn@D1mbqcj7S)$$GdH%%Ijm>YUy_5$+
z+g0)54U7@yc~n9iW=cJ+8hmg(1;Yqfrk_dsU;EE0(44@NJHtG0MWVNNNu!(MUB_V4
zpt8T3F^GzZ>%&jps^X^ZKLJ8%)fj58hSqDIuTC^ltV@4WWwS!&938e~fC!w%jF3GZ
z!z91Z65inNrpIkDn?}96umHqoExjfe*#E9<Pl*3RpGMfs2(?H4eoO8ebRm4sBA7z0
zayOASqeXnYA<As;tShT~0H?$Uh2SfajTGks-+N`896NLBPrxL{Rb*q&XF!$L+M&Cx
z0BliItEo?!bkNY1KWJ9>GY7{UrI1BtK#X-&y2#DK!oqmKgb7U6Z_S6jy2z5QWE_}6
zpZQojXp%B^t8?ER&rA7Y!!yr7t&Eg8N1&Uh2~MsL1Ox$613%8e#h|s!{;4^9&Kd~3
zO9UB(;2{Kz0Rf^ZhsbpS$N(t2o5=xzUv-#-N<{RNn+Pr6g;(hvD`wU&!w<OUjZd|U
z<qt@_OAA%vZLUgQ&gk<cICJMj*WiSa%@}7wS+%byeXj45lJbspcGr80w^(y5h6mpu
zqhyt^w48~R=`1(YX&AFBikY&r{(P|g-=uI&QujC6#`2zZ94BoqCOVs(8;AS9qwt@0
z_!)%*|7R$iyy0`K$5Cn90{Z&e)cBcFx!-ByM;$PC*|ZlXW!#%8o;UU`>>$(B2G~#P
zFSqnQ4h+hNbjvYVFH3l0(3`8*@EG|}fA;fVCkl#qxwH?Qs9%S7T1Wi~8O{Ga!)x|8
z47v4OihLa;uT?b7V|G8ZH?lwZyo+8?H`na}<d?=M+MqzhjLYZ-rIP1C%38o9In(BA
z1Ko(+6C_EFbcILT{hBXzR+sF#!ZcmT(bF!WaMXg@*5-v=to>5jFJjK<ca6Jc7-v-S
zhaCR#ahBHD9n_tUdak79(BzAYIwKrI!Y>6S7prLSK6GjKDRZVLo4<{mIjAh>P7AU`
zrZ%=kRbap(8M0v@mctK|jU?`H6fne5&VM@3yCg3+bc791fsZNo4Vd!lCo*cHts@;*
z%B%z5E{Vw|NpBCVmO!x(9ioF#iBswyd^>CLF1K=405Xu=`NASy&=Q7yaPoy5W6b+S
zY5<Yg@VEdwsdo03c3M~Li(%ngK>V}Fs3Pd@KnFbubJ~R*mr3v$i&RNoXHEhXBB0?`
zvs6R9=Pc4NRt*_EZLgQSh^v%K>`7%ru13%f%8lBAQn&ijEfU~|ru2^K#p_lDm)Tj+
zPJ66nFML!s8?su6%Svx;K$d{H08ZD~Rsusn6<c+^Ca1GxC!E=i$KoWKz2(EI?bp0+
z%kjOB-muIAeM>wr8{>CxSg5Srdm@XxAsE0BNO#Hq{Etk|_lrgdGzzwmxv9CMz9qpU
zgX%jzE`<NG&_?&e0-KPc(y#I%YTvXY000gqz}KQIj<3~Ok4*+<0K?;Ml>g%a{>isp
zEZd5ggY;8<H(+3V9_72+JxcQ&(5JaO-SM)Uza8Ug=+Y*WlQ`99K0@)=#WL_^ykh;v
z`!}P62*x8+(~OZ}YZuPt$nMo~ZNXUu4SNoBZm{5tewm&jPXQm1(wC{&>s_H4ZsnT2
zjTdX>4gGpnUg>X3>ig^}Jg?7Ok;I}%6U$14oq>wrMW@4?Cs@?%q6#UZYql-<0E0yu
z<!JxG-J*zj0uX$^W`^Rf1k*E7x~q{KgU4f371p)b+ACnYi)KGgw#%-}@of0!7DJ2w
zD1K-BZBjUH!whMC*VJM=Dlli!jP(&O-I*3-GWUd^`6^-(CRGik>gP3{q_jg|?SD_<
zA+I9aoyP8Zc3Cp&#eFBLUO@1l>pUO6+$=1bB=jd*1$g@uCTyIoe%*YM9Z>0U1lpgc
z)rCfQ;dq-vB-0)72N8Xf9kFmd6R_s{Q6#GfgjS=s25w&F%v!A7t=}%m%-25QthN;|
zJ6_uXKKcY4irF8_sUy~jfv1M4iwCT62zyjfQZT0;7;3#0eHPevU2novsIED<l85FX
z+D|=@Sk5Lk^jSsnYzP6?o-wHFP^eMS-s;&Inb=ze(^|EnJ5wh+msz+>m8U2iBn$zW
z`M?hj;PSj2L=!Mn)RP?}L%k%lrdPel>mx6tL$7!k!;Rl<c~q!6ZGWht;AllP#_2hC
zeq#Y0?hG>(4FehhF-utky`SRC!t$sR3ex)ksSgj3D)|m6;9@N@3mE>SNEp}SQV~+;
zKSIj#uY$Laum58N=WAu+Z;}j;3iU=0ryivl9=ZL8oaSGz5HmM5BM@+Kcww(^ZD>p&
ztn#N=GT^tM6T=V9|MK1Z6Ii<j)*RNqj5V&&(lX{QuKDowek2vIv7_o3k7YK^gvKe?
zHP7X*=&Y@b98SnC5K!kFor|5|o^@o;mKcyG^}UeDQAB3nKM}XGi}p0EDazID$o9XK
zHIQ$){IEOA9`hM|4Kf<GlR`lGOTR`is;Av1ORKa!6i*8$yPT#o19o^-H;M4uyke^-
zPc=Ym8&G!Sp%VlIh-8fQgM0+!a$U887ceDM$LZF!aTIAh6Fy>rqh*^p3^RkGXl2-q
zYIrEm>KHAv1p!n**O1;(dLtjXa=gj}M)DvxseM)Ja@+@<&t3#=^uE<ZJI=p7gA^}F
z8%qv`0C_;5(Hcgcy-u?K8(0ki`hURY-!83J@OGGkT(*h=jU|v_K>{Bb8c}!r&d~U2
zho7Js2MauYZZbKI`;`eeq$=Soq39)*X<;h{qZ2=(YJ13u+cc7K1j}{mjc|49v=oD6
zUG(NNnuscw!P(D>u67e^gt0&~%0X{QjLt($1{RXpKISu5m?shUq`DAM+dliOEXtsd
zd7$<ofL;c0p3Z<q+_SM_jK<X8iiMrdbJ?d8$`Gmt8B7ZcuBA}hc?F&D2~{@@xy6Ik
zkiA(b+iR7K8oD#y9BwOYr43QFuEz;ETKQPae5#2GSQ9~LjDTVGw8554J4!FLNfI53
z{#`%bGqYX@^7av}i*3SsGvs9M<kr+1Z>=Q5kGrCUq~xaQY$s2AUn)%&TyD{!WI1o*
zOFW{v>H*DV4``16j%G-%C6y>ak&28L7QO1x-G5p$*Z-g5=eM1Pe!b$yGNgY2!vBR^
z_$S=1a4jR*FXU&BW~mm+Wk$j{NA+gr>?04p(FB4b7yx>mCj+Qeym;1W{zNrpC7ftJ
z2%P_k57giwwqNVwM=m>&l?jt>uqr2Vv`F_<yttS9wPIP2GZSTQupHpVUJ}~)P3V_J
zE&CLcj$UpqiRuAn)>_1jlC3grn;KT1ZCjlYTW^5Q1E%wZ5Y-q9USN!W%4`u`A-6bv
z%XBFYsTVq?`;ODUHKR~M>Lu@xtgfY#PP!ypbm|<@y4B!QtO$$#yN^{*jnKO_DN`9+
zkN2-fVFbsDY6Tc)V8;$Fea0KZ)%dEhH^nJ3ZD$xj=PxSJj-{YwAoBMlcyy}0vZ6Z5
z$p0<ef-K0fsC<%YG&#&#!N%^0ujKip{5#zKw8Kwu+n>x<D29RzeLXLfEUQp{x>yQ&
z=IRQWMS^i7N$uZ8TR+}?ciN7x)?a6p?B=+UKv{%T{n<7><D=B8#Mfcbwkt&lI4!RW
z?hVIRA@oMGT2nNkj>aQCE1pIeUi0P6zB5@gFq!ydEf9W8TfOZpk(Q#iLapA$PrOG<
z;VaDRsuV+(u;eY4&vtM);i`wWP`nBM(Yja&ot<8MW?7h*s-9JGh*J*yf^M@@Roqga
z5Mvy)#D$xN)BAbeP8sUct*PMldUnf|Xv>g$qk3mjRX`gyN!Ie*)}p9K^*a(sFu*Qt
zGfb;+t6Y7-$xZ?ga!Jptt^{V?aA@wXt?{@xtA$70Ha_6C_5rtPza*<|EUlqWiQGl5
z>D^!-0yzGNTjT#JXnxbq`}K;iQ=YLAfw<7WjNSjzZTu5{OW;ulSD$%nRRo>X>Rs6(
z=akNo#l9*$9Xuo8pit9;z4V?bK#gP6=dP}x@DB-@OM`~>LwAdeDh}CjRn%her#eSS
zU}SX~SeWO|&pfdBLU^p8znDfaiN8`YeTQK*f~=`~rG~-MB>FLf_3F9TSUEdyJ9bAH
z)ASTQ#vKJhRi58OhqX|fKFb@lJN4vHC#%V$Oi4KEdl>tfRK4MdD3&f4<sgELp*1V$
z9&rzb1SU(Ot)O8>jm!oVU!*+_^pr$S`;7JL?CEiIh8Lv)FNsR|fJ6e%DO`IhW>!_v
zJ3VpW%iqQ1s#G;s#_tv89oBxx=ZixdzR!5G1F4JQEc<WaS9mA0>@=p|mw{G3G%t@Z
z<;1E7;dl7`X@{TSHxs^Tab@rDv%Q0xQEcmly~z~gs^ANQ(x9E=@#zJXs<eT@rxf*Y
z@p@XwQfjNCJbvQBYVj=QSoxycDqXHc$Wx|1{)=8v+_CF*WHbcLJXI9I7rOUEEAjsL
zTgC@LON;HM;#Jx^l~7bWWP2_xFZrlXYROovbc2Cv#5L1^z><o1NZSW$yxt$#1a@5;
zneF({#_kB#UWeh$8yvOBnbul1pB&*ohh>F8^J4QT(6n+pLKe~Un<NKqksOR~=`f`-
zLt6CSfMqgiMS**2ed2|0h=_L`j!kN18JSb74^%OdMV5hRmr}CQan+G1UrP-EIY_rI
zSDAMWEli(z__#$Nm=nMk%>Dtx8ov}arl@O7(!U26%JGIY|EzQVXUFt+GE3j<v!G$g
zMIX0vvbHj|cKl}@Cq@Rw$87=`nV6U!k@;iue?GuJg%#hD*6j{tzQ}jK7}Qh`>HQRl
z45_r6e7qrY{_4bID`!zklr<Y02*(RgH6*;_!zaSeGbDUs)L+u*GGaGqa9)3E#Rdve
zOdQNRgC=xxzAvcla)^}`xj+<WyUte^*S7G1P&p2{0w2DxC6azuD^Sl^S8-U;k<4d%
zt2pmdIA!Q^KBZ`#QEcH)Vy_g~HB#A!1MliHQEh7g2}CC&3qOujR#3L~wsmeG$ck*W
zS2gp?o2!9kKE*IgDbFNDNEl1>FQz^3ODaBkzl)!90zyOGvY5<Xb`c#69RI>_a?Q}f
zTuAZ7Rti_VyNo8q$|ScY+{m+<z#@gqrzVpBiK%38VBLW69jf9MX#0dNuFxbjJ^5Ra
zml<#`N|XXo=ft^=-V7onrSE3BX}641y%1b;U&yH`ETbqcjw)ua9XDekbDO*1I=K~2
z`qcQ$#oFdbP{|_U5UwPCOF?IA+`@jr;sRUm>1obtjh$&B{`QJ=yCDCasmQ~eB+6%(
zT)IZsr%!7Ik?-$8yDv|AWEhotyR7=^`9TP=RmFNUU&$w)H!uO=AD@#q)`BJNHbxgf
zLm&gk%Me5z-oxRo2yl(^b8dud&zP(NmqREdXu(G?CBM&&`=X3#EfrBJiO}56F0B*k
zk8ASrgWj8W3L0R+5piw_?a|zE#Fg-;uJ3w1+9e2oCe$=Aa4<lrm(5iXQ^S4DXb@RU
zipuqG2{nNv9TK73$5F73&ZV|7eqrDYkvINXOpxDO;+m{?PzNwC8|dhyc2-*D$K;aj
z=7^3dv!zg7zXa`QP-xcYk}mZ&f`*uG+ya@Tb<AuuWOyn$?HxYs0=uUw`%U<YtPX5i
z5!cB5i}?QR&!&*~Yi(%NVn8pquAuL+*DTCiT?q5v=MfhK7CEVG!o!}U%u|_!7>V;>
zVFX2irU@$4%J$!h3OKPG+&^(*6=qE85(&^=At}fEEcPZrRWw%F4MCtnh~%XG4(oaA
ztK0V6nb&$cJ`#xp$zmp$)lXcN5b9{?C7TMgHTAs0f^wD=45?bCxB~c5@9=7j`94U_
zcvicyP-fA&CFl`loxUWOq1}Gx$i0P-&4hr6)Pw>wu?9cdT8*5!EKJ-s0BNmX8(ie~
znFMcL8)5^WfOp8WXQLQkMJ{P(ElH&X49Pru>9lH^MV8E$$@pI4gAWD+qDrCv0WI`>
z9lrBOYmQpF!Rn-B^o#Id?*vb)enlCbvh&LLfcW|uW$=2E{mCwNJVR_`uDE5j;^RgC
zaot3EIAzUs_E|bU`z^76{zgiaNIZ7s`jg5|Kq9e>_OVz7GVC036jYQ_Gzhoo+IX+=
zQmy36UD44h7~Yc9VaF%%JI(SXZ3{GQ9Ts;7b1-?=B8z&n$+_xsFNn<@URPe-0FR2U
z+YKTD?~{l5-xmwRp=kLrE|KO0(s-OAKc>>50DM6a9%$*}`<}>u%%=vJ{oY6+1rUET
zQg9R<_3cf}jV+A`l#C6{tZgi9OwE7Ylb8_z_-3?F{?_eVZY$&8i|c*WhGApkVEDRh
z|6}vNcqhI<1b?=e;2td|$Zxurj6HW-cDbMdC9p_Fi-Xb!Js=oCd>KVwxO3AEJ2Ga*
zrmU$IqrQ-2^ZFmAZtCu?kqezs<np;MEKwcylqu4u_JIMt#)~w;;mDJ|)~Im+B{kV`
z_S#VIl1L<ds<cDaed2{V4zP_ZD;J@<FWI5on@lSN4ayq33eI8HoqZPV%Q|hsT~Sx>
zdz;M3i`c_;0B&sJmV}AHb8jcl4WQF);c<4T)CRZgAXa%x9Y7X?lLuV2$_G~l>FQg@
z%Cnt3%2L&2-gh>TvUzJ1j_%E5ts|kG*oznRE(NP?+!}?2SZ6Uwm*-&O!s-1sZ=(ww
zj-cst(5cIb8Jo~!p>&`kU?7kzpAP_^_dl>#t8VS5!Fl|^Q%&XKxk<$L@CC0n06sC_
zEFzx}fKQP3Py1w8W?TIC9<A@g3;ugb{fS8imcsWc<x?+~az?TF$%*<*5>OD9tZG4q
zD-_l21$`ynK(~&?lwVLr{DC+NuQRxSnn7!XS{<}0-)_}Bp$UGk(zX2nj}-ruPnmP7
zpIc*Q_Zc&K#55BB=?x8)G^$sgfi@lK=o1(MEL^iI^t#jL&^-$Ed1<szbibZT<8E5F
zoWdr>K&yGx?7m9^0T{Ex(=U!KD%x(YXIHoZpK0S-&g`O|4TR&reF7asxur~`_Jnx*
zGx9S^O;O1CFaZl=@ccExLV<U2gmLvRKQR}fOq4Xut?+PsZ03Don}MMY(o6I%GI?Bw
zYBHy04BG0lmLEyvExs$fK`TQ1?h-vddh8=FfIjfTqq(yASG-{OS7r1{X2t}fHUvWY
zMn<j#qV_f~Y-xU%y9R?o@$2dT14?-K3HX5$zBd0mH}Owwu#hsjt%@O@p}8}uD;Buj
zGJn5%V2X2UY*wXem#*X7xR)fpW$VqOf?)`0GjlvJ%;yEHM5Kf`Rp~R<_JT*!tJ}GQ
z*QE#xq?+J4y#;l}hgY7Rjd<nlQ^Mpng=}gUL1dFtwC4rrwfOd|GP&q{#tAXARMy&=
zcdwRU7QEKNQI~i6ImcI!Gf`-#BFc1;dD0=lAZxU8jM+hj6Y;Y2^c+73<k%Zv8+^dG
z(Zv#M0hTw;FD1sXxN!j~koNNKxGvJT$>7iK!$iBQ>^abJfZKO&etYhk&{P3onu!WG
zpRU#=<PObiK%v_p0HLThgyhNY_~G)t+B_=K-*G!0yX-3)v;lmYe_(@=&hnAyF)1Xw
zD*b+*jJx@Ki?PoDpYZQ&5CHJ;_5Nv}4AX4m|H@PSmxzE-@}#nlH~I#-D+3}d!a1D@
z{HazH9>xV^E)O*3RggE5wfX8Bbih4xw4puw{s0b87H%v>Hp97Fr_$v48iN{0=D?uA
zY^<<Db*peMN%goda0#)id3aro^x%+G9~1E=&a1+dPyuVSUV^pY)Q?;<wilj>WCTx@
zNQ<l;0@jlVQ=lz<;qx!w!(JoeS-v?4g6l-k4=vgEqmH|bi1D}Q*df^V+w=PvZw=YB
zBSTi>K)pJ8E_Fv{x1x{aC~>cf6@>6YjBZHY96cQvSwC+46MrS5)P83%;<MbGROs<I
zgST))uY5l+!md)M39rMYQ6yK?Q)#G{upyM;dd)VcJrV))0}%ioe6#P{w<F5MTJB<O
zk0(oy#~-|iOfUIUuD$Q?pWgRvp<z%^AHx?e_WD+~UyHlG7E%8e!+=J?R#SL5N1*uq
z<Zqekk3kSx0QI*>2g$cyzf|G=txhikfPsOHf%%&%HVfdP31DGjV|YxW|Np~H{!?5g
zfdsD^^<BeacUTU24LgkaNsUZC4ILq_me3-hwkNUUosQ=_iQ3!}{L&?Gw3Q^yX;a7N
z+TM|rDS_D2$#4l)PKXq0tH$MC5(%zpOC1cJ-qh7$ZTwtFfy4cofvkGj;{ac)Y3pGG
zWKgDfU0HpN!_}+kq77WGrp=+#=d{coD`NUM5hwaW12*Xr1+nGQGaCiWZuac?0t4K!
zNH2GKa>Hr^`}>%<rg_*xzqs)R(rh?PLaP=VC1LKIB7j1M6oa5+8l7s85`{C<RGypR
zB3q4y;60t`jLcmj4j6ZXYqnV0+TBHO6vQ?yB;6DCBfM$v^%ytcy*~axJ9;~2{5|y|
z4d9dfKPx}%lFj4+H}r=}9yC}5Ee_YJ-m1a=TJ(U65BlIo0jSd{)5!x#e<(lv(;Gmq
z_E#0eKtCgnXjBdmAZ*hw5;#}TdYTzC((wjYB#PvdzD6=pbRFW@)Nki*@?A_>j&Ki=
znrp>ABc8)8@{RP?6e?$nH2}{psMDcpa;2cX6rE(-)|GZbW^Kfu%<usfA;_Y!Do6$L
z<f9yX@_O;MH^w12*eG>_dKD*{W~6@b<)95i;^=zI2wv17)Kgb2;v(sh8A5#NMAww%
zA@VfDB%D`p<sn7_40Z69Q6$+(T6U2Qjh;BzvliY6giTwsxwZVKm7xU{s|RnfhIz~r
z_wy;Tmbt4AE0L0iJowk=H=e!BoZ_r52tQ^{>>NW}2ET>!N95Y?lserd_Yi#V=;0dz
z)%y;FwCOP@OY%S(1P>O(_aYr2+&?k}$B!C<;tY?`v9A~dSG2J<w%7l$^#1FCZ<NmX
zOJtSd(J}zAF>)|}lYRZ6`9Jy7|AfjYbP1M}zC*Y--9p!BY&T-f&0gNLEL_Vr`KAS}
zAUM)tHjJX<0%qALpzSQMZ~dR$XyM)mS8bwWe2mup68w3)RYuzbn{4!j>)yKmXVtY5
z%Fa_xij5q1e^&FVTOFt7EZW4;C>dgkml%deN?c?qPMYz8mG`BGGQ0B}aWa13UK`^4
zJs*H7l{8Fnd2X(@xS>;h>TC~zLRX2EJbFqmqwt=*u^&?!(kE`({*nS5_o=4dj?)~H
z58>UiVE3ytzJ&a|2Am~3y8|^<A2~Oz=Z+%qejo`Q5&71~PK?&%e(xPl<}fzjz21Hy
z^c+-=z)m$N<)kG&ikK&aWO;^gw&NQrnI69WKOqk38{(irAtlla)%-_wxPOEw_)qiW
z2ZOHA>`_%Eai^0uGRXkDuT2*xXh)dKF4%Jhi_q$e=sj5ai-!^3Nm1W;A3P6>)@60N
zn61Lb+&-;Dy4AN6YNe>+#BHs5wwcyC#{g+po)SL6EXo+wWlVCBF5v;{5XoVK9%f(N
zEZO6B>F(D-A(ITXZOT_^3X0wFbmnqHoFsY}*Wy~A<KX!Q;R|qxDdcyA1h#^9J~P~J
zSzB^7;VdlQ;zzq*T^$HE$jGD)z=p@pO$#UM><Y>mmY!;NRv^#yaplvcJk<buQM)^7
zxYEE<0}2_vIg^rnZc>d=44tb)#>_N=-9F}p#Tfxp$Y?!#BTJe#&Di}$!?t))>Jcb9
zkCD#@pa}kzsV(=z+bkjXgQBsb@H1KIZ+SA0N=Ls4&cLAH{W?KCv$3*zVg1YG^BA*y
zCcy9&KTH4s0RR6003iS0kC`|CW<~(>*TkG3oBs<V{u8XKs_wi-ttt-CJXCXFt(-#W
zC0mWYNbQFlo=|$6-S1N^ZEZDZ8WFvHYeU0HW-bqwNH#Z)V`10z_9b4*yoY61n5n4*
z@1<QiCV2rAY;IhuWEkwVast=XCQ*i@9lL9Be2jTju;(_R8F<3eH$fx%tW8$rDygdb
zZEY&Ij6>Pe5$}m7!}Cw3NQ>iFZP`z2INzmk#gjeD%4iZ-x0fOY1Ocg?%e3H_shE^~
z6wvOelBQA?DZ-z@TjA%K{rIvz#ygp99`=n<${f*!QRt%n0&1)RYWhosUdepI-mZ$h
z{*E}kPY8!awwH_j(w@5$*G1FKUP{L~TdvpB6HX))4&Pw)nEChHyp`@Co@h1~plSR$
ziGp4=t(mC_LhSd5`V$0y0x>iGg8ar+S#8%Uuxj)wJ(QiU811D`qZW5xT9T|<yTPo~
z2|95OYiIn`fDNz3&<<pCU@jyQj`>otOGKX=4nm6VDDb%?mr0jij>`_cO`t*);85tC
zpH6~5cnwrqN!Mp4NFr!iUd74#acf4b6SaTq3IZWUPCR6uAzrt4i>;7L-8ep$v9~IX
zm(xJ)gLsJnyj>1sA$?b{(=&b)6jPo|B~rxxBhKUL>sfJ?#@xF+0hW%XSNgrLx))gy
zi4xSe%O$?3pgC9<OJ5LW$d=%`(F&8V0orwrXHfb{1?A&JLBcEv2OI_W6z`crBN0@A
z(CCM9_j_%Lo;KgMSi*ojKny$s;0vDeV8{l1gBUPa*WYC=3rhboK|rG*%D=Et(Kj-8
z_*K>EyFe5O3i7X~e#uB<`nAl9nStZsC)4*OzsDwkm6=)NKQ+uhEiVkH3Zf|`uP2O-
zO7Gw8b*DY!kT9;=M0>?N3#T6KI22O{%3lI3$xzf39&I*70FMQ<g5@rQuDudc%a@4t
zaYw)Cy>TvnZEbUH<jt*ZBuu(#3s9!|kli{0rPF<dimNa+eyW?&W)>xjSvHU?LN*=S
z0e0)>NW^^mA~n?wrNExv6U`Z#8SMyb?kwJ!FTQK@$6A$OOg15`gTp8?_pK7J%u=}>
zgw1lG$~zT}DPM%~j8GSpfx>{Ds{1qe1kIc1o6Vk~sRUE8=||t@mddpCKQ)eJlZ*jB
z03Gg0el-i@?o(F5L)B@_=~A;l=Up)}nwZSF|6JpFRe0_AVDkHx97%e#ic~W$aGTPX
zX_pJT1C)6QS)|YC4~}%nmS0I<>R3-sKefhWGSB1k4}RULsEm>!@4|ms*PFTT-k>1p
zm-=)MOhH3kB`^Lag%6r?YECv99;Im^E_*RFv86bP>D58CPZ@R>kz&tz_kR4-@(&&^
z3O$E|*3NqVxm#3D1bb>g=z!N-SfNV}hSL@?vEnlCN+be0vxopUP<v)X4!N&jl?l~8
zEOVw&&G#)wEloQVS$fxP!Wg|yPY%PpuNr~fjV22UsmffojiiBI`)Fk*zca%J<`v4g
zj-vJaPM3d$sOQ}~BiV_Dmtws6=CG5Efp)zPb$nbYq>?lD{5#*+#1|;;fnTHl%o0A!
z-x7^|rU5<^0H4wCCT)w_6A-{-T<`U-*~Y*CpFk`hKLKmkZ)LwG1de9rzgImpw6S(@
zG<SUA_}~TU8yXthI(|+3`r6f);Lk7b?=F_Ju{1YyC7}O<lO$)aZ|L~oR}m;WKJ<EA
zZleRx{*VGq_?tL9o!tu?r^gXYzj|BW)ZuL%e$SJ?aq4j!%98Ih-Y@&~ri^b`v}Wu2
zfrkOs-{KOc0Auf;cE}LV7X1%F*Z0rd^K~sowj`ZK>bmXN=E6j|h?seQgL0-rv!>i{
zdU$w+@XLu_9+$SBB6()gIV2I)Mr*qLS~7_RLq(Ju`K&)uFnO-C2K!`dap29qwqFx?
z*C*%a2v#KYl5UoH5O4ZE`=^z>3dJo#3)eJ3pGG?k^&XkOtaR$QVMi&1T@W;<wm#wB
z@g|==%N2r4(@<828HZC4`%s#8Oz-_+n^BGhIi9Y4`TmIbl{|aev5AV)27-KijsmQ-
zxO^NdPiv+mEFx}TqEz9DJ<{vd?enCWeC<5x+En0DhbKKV#2}kj+nA09Ph$It2wGzE
z)T@0hS`uB|3XUa66fPWZ8)Vk=ae=KX;Jk&}OGk;>bQ=RasAK3hJ##|m6PH`bZD_R%
z-GlC+=Ou3<&d64+Z3V5Fb{SILU$?LJnq%>_J(nS}+AmU*?iv<or{0!D4$|2Xp0Yek
z03J=BQVs!6#LP^0{sc%Z9(b|ucUEq|F=VN_A~g~X1OI{o`)%tj*0ZBN=Pz85`gP_M
zXo8?Rwp2KTQ<2Nf#G15@{4vvpm~amB=1m5oO-qi{l{+t61hA{yL_TB?_3O&CQ^YJ_
zG>lVGG$MtfzfMThi`60?(jbr5fdK=5&4$Ni&bm{Os*fAVI1>Ro;mGR_MKS~AEZWKS
zkvS~!tZ$iApQ%zEd&PQ^O|=HD0D0zd8N3nT3s(DJ45s}uOF{jw%u<X$%u?)+1<Ak7
zQtaQBzyCwS{No}xMxSIX+!NX|5Xz841fQN#Da-&|$h0C#p@0*5pAtsAD3R8zKr$@6
zJ5L-8POW4;bSh3qKPJFSeI=y+y`rV{kxb9C=QbF%&@i;OTf7I*T~&x%bMHmaFST#8
zXYNzQHImnv)=A!6@HJ>s<G8WBpD?{EGLZ|lqR^v0nAGd&e%%z#8hzq*Ig5nSne6P;
zURn!m;p0{y?6(58Ua!&~%N8kSXGpY*ZVV9@BDomZr2)NG{#jS&IZ_eqRlttW)+MOJ
z@z$MILfDx@+4FavAIG$SsiioUE92s51%oEXtD>IOTA~~+%%68&2J?M-aTe1NJs$FE
zIBIv!Y9aW&vE7?cIFQ@qR!y|xnAz<+SC5jNvJ15S*^i{uYxrN@rme^ia4N!zt;09>
zzH<UsSVuw$ur~w&T>@pLCcp&Vbj-uA=~Xc~d_g*A+77R;_o|BbQ~piX3~u?S3Sy;2
zAt$RnfvNUNq8de<MHbw-3}-5aRob()wb`Df`!(-L7{l~?rVNAz8dTKn_^Of2>XzfM
zH+Wc)xR%-aZ1sT-Oq20%Qi)&sW=r|3WPEBc)s2J5B1hUsLv(KvmXN9h9Vt2(zlD__
zl(T?jxQd>EjWp5%>EH|{;Ij@l<>8#Td#U-VSLe%s{#+=N^QaIb3zPw93>xB8D!J$v
zF2c{3JGh$P13cvbpOQb%QGdbTSpEi0Vp2?`pkw>P=OCS!BA;TP|Bk<Z*5N<L-;BP0
zM&(!j=7mO+P6OA>FSXOA2ctJ#M-lexWIaD=BZGyj7B$kod}rS)k^_Q4t{m+0(rNn*
zvo|`y+=ky}_zgtejIK1DX{G<|w9t*SoX@()yIwdLd&Ns92nYeuH?Uupe92xbhusn3
z>lu6KZje=7Fh(WFjj`D&pT`ioT*SFvU(%8VnWzAqbJ<*&6cE))`Sc@>Eh-K$JSEf(
z`@%C-#`EZ#RPcv5+E>0n=cCfRly)=hvWyqv9<k|=K!?7J8d1%}l+U4!7np&NEs&du
z3Xc_8<~@wPMSQ}3#<j`6{LWehi(tS;EqsqoIC5g^HQz=B%_8RnQP`Y+BazMU<!Tql
z7U(PPj)om&H!JT%k~2%7FPHJ<v6?%#BQ{6QW^gP<#Km>W86cme1u^F?U#P2OUFD0r
zUY5bvBc*%PTI?|o*N_>oV+FxpZr;+3MtMO*Q{hf{Y6bWuma{|hZRuRGK&<u}SgU&F
z$;DkX^dzlEWCDGdFllwwKjFq%uJ_f_PVd;75^KiHM0$#8T^WdN#w*5#^{Q6;jZSj+
z0l5L>N;Ia{$PwXu1G=DZyq%9CLqXd4OM_PX<*e7Z10iG@Q0&8llW^W>?_6>?gQUVk
za>hmCk7*F=o0N#!faJ`drJhzESY7VU9DS}hSd5NTqJkl9C&TPiKm;=$_eI=(&+zea
zX9lpb2mT&@@G|PY@i!=Eja=v-8Qkk%eha@Zg2JHS{9UFI!((mO*O!&_4=?NAgvJ>F
zOb`AEJJYw+C&tGn+xO=G{TuwJNI|Q9b(~^@>dp1BDGVppB9gaJ+`CUrAKiw|Dc{hM
zDDji9Utk5ysY&%`lMBWVr}>3+tb&7RKFN{CvjufrX&>V(nk?ahzyOQ5^()>sna032
z3prE8N@zISbK>!sUWm2el0<JGk8Cz(=ZqWXQD&7{bX8@b!kbbz7FQ!k@GR2xOxv1}
z-t}`V=(e2Nr<4ew0)Kj?v_3jx3=wL`hCDgE+u=?iAe6P&pN_t4XFP~&!f@dPgxT{F
zM6D)H95)x4Y_kj2Y3Z{`|F(86+5XyqZnJ3~5IKBipVEg4w>VroJPFDWkU0zC_H0ZY
z8`h5<ndP;2TI?$dO_xH?)}y|w^7#TQJj|mq0G?m<s(`*_1^v<n00n-vk{uq*WE(>V
z+h6Tu8xs?Uhp*cB(Ng|1?fL>?ee(@`fsh^=a1S4--`oQrfX^3z&)ARdK{u99r-HGi
z`8T8A`e#P}5B9!+D}nxlFJY^1@A&YWgTo7}pLz`sA8P`ATiXZcK;OX9n84xTtdYLG
z5rLzzz1717)<%zRhmrX=4fcnN9-I>z0>j_EQMTWG2nU+4{eO2~e|ACW07O6d7id56
zFX#-cewc?sC9U>GDeJ*8cR4r;4&(hT`VSTXKBeCmICB9$S>8YGli}l^?c?)*9c8}X
z$mx$oU_S{Tg^WF|zB_#zlZQE$?P-q@Ic?^lKr(M?!{OFhsKc|ORxWLu;IF@l{n;D?
ze(;N^T)NEtAqjqS<=`3l%`UxSp@TaJkE8WETIx;?U1zHbxg51YLyII1x3ZQ1E=h|o
zfvEPlkf$4(+2TuSd0Q7%Tqe9*;KXFukI-PU-Hj31FRmr5D!e10RO*wl^zO9VC*9_d
zT!tsK+iS;57!yG_Lk5&cIT(E0QHbOlL@YBJQ?EfS#mO8aM;vwr0GaFC>O?`8@n`V2
z+XFG#Xq^fe+k}G^N9+DRYYhc~6vxjrw2@Pa@uu_Fpe^#e(t{|6j)SGgc0a7FyA87v
zhe$ZGUOldXvObXdgE<R=^*uuS$2A{-`_DDRVgF7;9QIEd;;=~1zUoi^s3HD~3JENR
zfPld7-rHZ69=|6^F#M=+&i<pq`Ty0M`$zR5{*+Ve<!z@R9BE;ph!&9^Kk$@xsyht)
zh*jY0lOk=o5Htpux8TDcY>7UK(<&Jb)L5H|z$k9_OOdoS*~@Gnp_ZO1y+wxZaI0j}
zTbT(~J|R*&S(qC-@C(cgi<M0?J5Goa@h9(gYW+OGLKCV3VPx#vCRUyweWjn~L?D+R
z-EC66<6;1!au|Yzvdxf%m!5dbetu5QsAdCk_Pp-PQ|hwX!hs1xU5Bt4u*7`!{C;#7
zR{7$s)KeGE@F9e0!IcEqBKkCVpoN39MDZiq#bQTk?1XC34{Ma4uA(ry4U${@y2;#m
zLrA;Z=2O;L%n%7uBBvHcI{cI2bT;XGzuUlnNS{bYf+psDa|E%wQbu{;o8vVM$bR?F
z<>&6-mNXp!_5k*D)^z4T#=nv_e|TI!Jgr|I*4OpThwIWA0|9@!@-f{1ch~)dIv`bU
zfDe;4@3XHb+`ELl2W2}yoIg<;$gOF5DsBeqw7I^oy$g(>HxVv}AxkC$^m)BJXTP<{
zQAwcn_6E7GTUO&VSP#rguNF+=<oxJ;YiGS<U=8id=K~`rBJ=cJOBNj+%pf!`-^^>g
zhtGpfYzGT1f~7yv;vBMMQ-%s!P~^8%JGiMSGPVXi$DZR}(m?G>ojy_*0}vX6Snh5S
zI_xHaWGu0jq@!X)UN-;_=Ft=&qR@=3L6Q{_#p_*0={SyMzEx~KE-+ilw0=KnS&@a1
z+PY)5p>kY${F$1a6UwLhdB9`~?H(UiZKdJLnE{ROn8gzTxg!q0w74zSHwj;5Gi)Dh
zLdys0Q2HzC5dD27!e0r0{Z^*+>v3gkb0=eahp%Gf-<^790Mo;V<=2f4erW#Z2Kpzr
zzDh}<y_ffRdagndOPz9~qC=QsZSvFJhYyk&g^up3WfEjJQ)fDP)|j)7u(B+gj4(i-
zXLsD3S+)x`mL@hcRAUdLvK&=ng#aLUS~AoDWRAXWuukbV(t`rD>8RjOb!!Dbx<{(%
zGtW^$UeR>`<q`?uNJ03nYYq-ecz}*#I*=b0CV0`6$?OE-kvLmu*KBGEH_UZpfZ3=-
zL?V*qh<DIU3Iq`?$p-f6Rc~h)wgJT>x;8)IMz*3xttghP*vF`sc{4ZXbkEf?qzlq^
z!?oEWf_*>3|6bwZ?lb3wg)__WO!$rth6O`6UIRBa#l&-^u0qYpOd4#=flT1@B=u&t
z=YiE$z712`y(&!wtZKKsm?wL%WCgF;FJ;@ciNJ^Bx0g%0l$U&{Df~FEPu&USpR_2j
z4}LUp%|G=~SsC_&5|!7KvlyBc!_wxx=s!2Uusn*p1m<E?@#S#SY^D#!Zq0bNdG8e-
zwg_^hC!>ZWwUfn%NbUC)$YDCx%Kr(uN%5gAKa^lhiR^1QeJFX7shDw?SpCYN%Dwxy
zEcXFQeS1RBim|!To{LF9<M6-2k9iOC1nmB}2UsGzuwWqZO)|aO(#z$RMu<6GP<t%~
z=8j!m+9e*ND5CXGyLEK)>ZQ{eY^_Qxa}JEMVW4<SmAxWIQ(8UBa=m8F`3<a4ztz+H
zO-_c>iSqJwHtUzeG%W+WJ?>Lcc0}sm)zAF2!ygNDe&UFmw09AoOfS({>uwH}mY0)C
zQ(tnaCGnH6Y4jJNiQiYfaAnG%x3WcNj=nSXjNDCH)A21(#;2bflZQaQD@Nm`Vd*lw
znM2%x%PJi982B_yFHhI`RAXTibD6hmAe(Z7&c6^G;Nqm@K#`!%zVrmnU{vrWVOl8<
zXW00)GaLpr8oVy+@(oorfMjUN5Y}A{>n^cD5V<1y)WdA0XS0lEyVtX{k%|Wnb&ff%
z2E#Gm0-^ieDN5(6<{tD&cDxkT9=#=UFwYUWZJ`B-0%00|zNy^ti3a}SBJug0i_Ch0
ztTLzK=Y!+Zv~G_nwK7Vg_`0R$Xu5KzT~(x^14^NjtpGPY!&PmjVDxE*!kLK^3>N#L
zAZmI;Vt;M_Fh14vS2u~#6lCU!W0CPfEfM2l71<P&N2u?X*HY&%BXe!YCZV`FaggA1
zE!i$ggo0=&x~Cj{tA=ePR2x|+$<sqO3G;%CShWYH(2Bb&$@ycH*(t*1t>>SbDq7lU
zk@-u%(5Ug$Qz?)x`I3Yee*!l>60hVu!-HJAgm(Z5UVIf0w3Rtm=81vqcdLRfKsQe5
z`!eyA;oPoZhz5u}2duuZQcQ;GAnmn+d>preLxhSHI)57!#cHU9nBwg2M`h)suFI`V
z8mZh*WV)VZ8d5X(xyLv(o~6KOBPzr6s*0kUF^{DCK)7IL52P#iSEMWauW{k`v@j49
z)Sq(UKT__0XqbN@++0-U^sKHW{IC>4xykkxYR&5G)Qo9+wdN<-Qmy*EPjQ8Pi@I>V
zCwO)clR3+*NG_Y~fKtKFJaqBe;g$RR-l_viG5Y~xaeG8;;inRB?M-+~;@Xzbo-85a
zQ!~I%#wv{pGNm));t4y=%l2Wg?FOK_VM5-FcPAen7tkRV#H{nE@f4t$anrvb#PFhU
z&RNz+ug%@M#7mrYus(&(B(&V0DGZ1)DLZ$2?mN>!1j&LhBzVMfZL#l3O*+7dv}#r6
zQ0atQGF<6mij~cQBM)P$;&;og4L3M{*hu{bf5Dwm;TE^C8a$(tP$y?1&dlpDF?CKD
zl6PYS3XUaq-djd7ezF=$h`<O99RyfP5zcI3ywG0ywUsaYY;yC^yAv&KB{y@ZHxsi+
z?cp!--wko}401P-c&r=rEjPc+YgRReS-m6Ot1(BMqrehr2ErYVuU<~zYGX5+;ECOb
zSw5pEg;8m>3niu$hzR^3so*|kSA-ven#<*<F{uV5-z6n5?KLG}YM)85sOMLZ+T(ts
z=wPpY_Sy~I34ZWmO=}uPnK`piv)V#w1Eo)OH{R-02b^9wRBenHEoK$Xn!->WuqX$V
zY#5A{Hj5tXYs=O_lKNJ3LZeS6-#pkJKiYEEGZnj}8{c7`Mi$ff*6TGtBHhU09(O7o
z1+O_7(+Br|iEw8c=?cqX>t2z`J8D^hjJ8chx=s9!aDUq2Um#otm-X)I#kyGjUc1hG
zmR%9t_W>sqYJuf2HxZQ_kwVHvM*dpn1;cOIxv$soS=NL;d%MP(WjA)F@hmfc1c-zx
zQOD&RT<|6O-?FR^F?7vYwB}6`LoO%ibZ9_2737vV)7R=X3yD}9#NRu_wMT5e{&LGu
z`@nWc!byN5tXCZEvfO!3#=CEdth|YAb6}UWK`DX1^ruIE@|fuGlp9Y`YY|}Isei$Z
zI-S%j;iuj<qj<~I$cm8^fPgx`Ph0Htx_%lcTnsV)%Ncv%(JXXVvws$`z`}&HO~6<H
zj@(kId`Lq$uhU9>ANjFv+JUt?9QYJ9diIFN^G4mLSYnY_QX5sGI1y69)CButiyQM$
z5g7S1{NXWVNQ(Ln+B?k~ozj$S`a8uOw5D`u6K7BS0x|}?oH}2w)=HWjfC%fE*T5>g
ziSgIT&8p7krJf#`!WJz&7MhX00@*x#+Ru05w=mqU^tpBunoT;CKpg~tnL*RjjD){f
z+AHzlgxtg=u-Gj6etKOI2O(6;+!&gy2amZ!Ti$)LAQ?P^b$&cJwrP5m7FGw!5;EQ+
zi^t>jJzvJtyrF9Co!MEOPN&6J_07UyaoD9dA{J6*VxI>~5k@?B)-97|eJtFJiW_;y
zH~O9EKIDnDYegaS_wZe>GcJc?+hngtOkGimg$z2}(LAOwsXbb_4}8S^jc`GLnN|Ks
zxq|;17ycG||MmFqclTiguzbz+`_8vNHvc1I{FB2vGk{?TxIIND#!~UrT;#T7U$v`s
zi5_dpn3B58e^vvsB~1tc`D#Xu-h_j)8O$X#g?$sO*22>+d%aUHxBS3+HJAb+m2_gy
z@1!I*x;vp)5QF7uN=br944rJ>QP8t?v^Z5-xr1O@Z#UJF<9*%dBTvHXpI$yiWtnah
z$#S>viEiyxrv5k_&znqUG_W}6hiTU*vpzQNUV!;gd7)=_M2B5*O-nY6_D+tN^~Pkq
zKO&n0^GR(SFh?{D{2e>pCtR?%=hD132>)MoR~;7B*6vA3!C@Gh0Tj_8XK0W{8YG1y
z-Q6G((jg!zAdMnOmvl-=w@65LN~v_+A<j9Rb3C8-yU+d3eeV1-&suvwd(ED;e!unB
zdS5j1e0p%GHrLDnyCRV5lO_$_C~pRS4f84y@?8ZKoB3=O-f7M%G<F}|1g8}O=y$C;
zx+NR4x%~^WQH09>E3&C`jxi1nILt=X#|F4&xf+zWcRu(7+5GT^AE=OQvk=pHCJm(!
zh+O2WSQ7lXP)Azb$TxS4l6recG{u(d3sZZ>1xZjJ#7nJ9T0K-KqE6<(T-A4=Wu*Uh
zeD85s?Saj33opmV64WT&inNIUUUnDGC*sjLX_TRiX>HgIg|Q+CE!_b5n>VN4u9Skr
zG4xk7W$kxS`C0-Mut!0~H5T#n&F_?qGiOc0O5@(*mRImoy5>oilqbxQmu4?SzO8TZ
z&K=#p^9%>YeBgBawZ_^rg)%x2QXW^Dsr~ZEhsA0cR&b`e42#wa3?_d=jVIA9<PN~h
zf%z>03;^3e&M38wHGPaS)@Q=vzFB!X&Bsdvy<@VhYYnJ|9?2aGEN9lID5w`oI2>S3
zmu>|SGdZQdMBNws-O?AaJg=g1c~F82%5h;$gr1o;4KA*otM<Zjij*dHlqQyXm!)$I
z^v|rdwg!d<wg#4Z23Ja9{FW#FkI()+{Qa{3=Z=W;jM&UjW)@cFGcaE^+0L5(A7ANb
z+))};DlBx+Y(Z-!J{c*^rGmQN=mZcnW?%bq5{DR?%z5`{_lBq;qYRkj9m#{{zPc#?
zg0@rGa~9;$GH(|?N*~R&Lgl;Zds7txHXKbIVmQ&X#&tKNbU~wHpSOGIPQ9esa``5t
zN5eei_%Q-~5WYY$d5O9Xk7*yp-HIZl7fGV96n3(}R*yLmPj9*<rmlHxxd<-aF&63b
z^HzHk82oM);&F1@#y|Icb!d*lOQ|gR;5i_Sc<F)6tI?by(}8L(C7X6<XZNsiS8|Wf
zo>h-%8UQB?5i`3Ua|Va395@gUYngmbKgJ|?mHZ^ayj8M}yHr}GWW$SZP;Tz`j|_KQ
zb@=|&nsxTilixt0hTinRJ)4><OT`o3@yEq-m0OI%=8RI)6g^t}3{$surGyWCYOY%D
z|K{@ftnIj>2_m4}fZ~v%D|0ZyxLFyY$Vez*Kdi&?30g3OOiA0jueTJAjY^rRMcnRU
z`{2{N(cYJbN~*;4*yy{3)xH^t?iTkHifBg{Kludd?cjFMAco7Cf7imFiLkE&CPBI7
zW{b6($Tn}@54I7@X(ee}j*mmo2A*2GX#r#;NQ*!UE^SI9wTV&rW^uzw%Ug58!83sS
z+_m{N-a>W?&$Fu1AwAprWSBC2)mb^OXnRlH-A7zk-mO7z*ZYjHepGYxR{oN}-bgb8
z*fEkIe~}$@xO(cm?kkxt=dqctE*Z(Fg&NDFAUM@ktk;7mT$$iK7OH*kn`&{fOWp`p
z80X^+PjbVLyDHY~MYTtF^KEYXssT^H?yAK+XUxP6XC`(yGlBn3&$7A#VMP%bJ{0c)
z!dQa(`WG9opb(4(N_~Ms^51$z9PJHkE#Vuol9JqSrFJfhyCVaM|9YRW00030{{grU
zNATb|GA}a@vYmyevvRVW7Z1DI{O5nr&nTg6mxN{ED*_4w*VF^GHHvC;+^&*?TczC-
z@c@?SREV@|#H$*~>WDRDlG)Inc?&t!!DvXNsz-r@^C)A~ad~?!2PXrVFI+I!TDfIY
zmVb#k$-cccOli4U3)e9*PJjm|M<+`YKQ!rCvZ>tIP~3xj)S^^<bC4*#6YbizZQHhO
z+uprv+qP}<u5H`6YukMLy{cEQep8cllIc{c^52~9K8Gc13?z$)({>8YfQUR3UuncC
z6cScZqtzwgvc|?vGw<K{wfZ8NnyRpnu-VIrmeVRNNQ;fC?Hp%hHjEN}ckJPss6ofh
z?SN}>+M+88zwluYSdF#j-Co#JHr?J=BU^`~Velq67b;n4?-o#UNmDQtzi;z4C?*o^
zU@<er75cA2acU=y9gQ^wTz#b;nfyIYkf(1?;QUr5hWUz7=5`P~ixl=4tMU@A6bXNX
z_j7djV|R!!uP~4AYp_YDN|v8DsQcGzu!7)c^37Ffzc%w<`nqljlxWG<%Y(x=%<9lM
z*QjlRW`kEr)!6*@^wu`-em>@#{dqXp`r)8G+nV$FCOq*nfXcs^mMk*-t><;f_xOB0
zG}z8w^>#ioBQ23JByqC{zjU;!{FLwR30yCeZUsiW5Es~DDG{q{BoXgt+1y7Vi8)X2
zXqAasr&w#dz;*OXr|q2W#l|}5V{Ewaur^!kkVJ?=DL*8QUsSqj6Br_tQ^=jK&7qzg
z%-M4@dHNYBBa$jMLD;Lykx3{65?r__2it;xn;rDq(MII|@?$m|)rC(DNB(Y6#uQ<l
z1WQMZbHo>m1N*)bIju!0ESI!(kUj?BPh_m@0hPs)JJbkXDAfxJ36#Gw2bJq(&_N<%
z;608EyBI>8rEg|wXsl!P`JaHx?<Iv$UKU#$c=5rin;o}dQ~LFOf;ajz4svL&(=S1`
zHXUaiT*~CU%Ex{&>q!V!bY$QTRyB$kW2^5!LNYOTqa5AU8mQ3*!y%RNXH+++`3G1r
zdZsmKzr<WiHvB;BP@Pbz8s!k+76wNBB>6VZrA|QoASp+Sc9QxFc<P&X+A$1zQ>bNb
zjl#5#bW(4wx8;G3bdyZ7P@Rn8t!=9VFtNtNX=vMruKa7!zX;Fz-kRC}G;z3*9!|aU
zA#~gu?Fe1sk-bV<U|A~KcWf4y$iqV%KDF&#&Vm|rU8d+d{+xC*eL{B1Erripp|qGT
z_RNdges-Ki2F<XyHGD+vda!Lnd7~^hE?=5AB4nN3(nq8H`a4~C^`v1H9bu3a+Yi_B
zD>#PL?0d#!XzV8Om(E=fgvvVv^%xmnuzSe&Y>HDr-RQ;nADv*rI#1XQC}O^FU4L&p
zLc$NXovpr2OgtyGhcV&O>Vaybo81S&>g72;GmN0QvOPj=tN=lY+$S9OP@nb@JHv~g
z<X5q=Zcw3dB)SBLzviL}tPj`UXdmu1d4XqX^GIxSW^e&l+bs+<qOS&sdEc)uV_6nQ
zB)1D?pg(zB<hxEw#xE~m{wP~q#rwRVaCFH5GU?2USJoRh?hT!kM0!m;nVS)kq&1TA
znA*xoc=-p?nmF3p=?SOHr}PTRf9!pIhBZXBo>gaduSEx^XapT_n3Y^1=3nn&`#P|-
zT{ZadSr*#ULfE$f+&(BsB-_L<`FIP(P(2_Y#2ezWqr1s-ji*ZY6941|6p6|^?Tc9z
zpz_vEHC<&P_V_FgFowHD@XK{aboWxA4XaZq9lHI)A_F+$)_;4&;Ya9fN&ok8RkAnj
zPU+07w8P5(fW4`hnRR-~BvdQHmMyu<Ku1S6K@I$QY!Yg}gKkmS?fG;=wZF}ajp+nt
zOGn3%sA-5}9^X?x<<yr|&A`#8`qSI9BCp&&E@8U=hFV*!P#6I5Xn9urZq-0yDzw6b
zvxAkw3AMBi*@CqiL$wfNoyt8_FUmtM=?!%_QlLN${4%9{5VY%I2G*JCmMKYSPiPot
z+KZYm=Fk==BPSAu@@8zy@0IvkZ(TcYJEp?FiM~rOMVqNP6WP|XfZ+99UaC{LLnsjV
z`j@VVj9@st;!U*$w!xKikjY0oJ*YtXP^RY~KcEn7)<DP*9>gP$QnmIr$(^0*VX*H&
z$j36f9iw@)=sF4Y6u!l$Al?W4P6fGFlg+n2FSLpI7hxs@aZ!#yAdDs}#1bFi=yH{>
z=4X^D#}hYOh%7Bj2$xz_So3tqhqHZu@gDsVt9=f0&h-I^dl>{oJ*BMwGO>aQgu1|2
z9O-^lIC4KNG`dtaFLTK_CEPEsAGAifqLCMU64J*~!iR`g+P2iMZ~36|0*d0b8%||Y
zvw6M+8o^0Ej<vY8`=fpB50Id@cJZnB=5Mn_SPBVssDSF}psk8C{#C9@w9XPqr=Ef>
zb4P(u$w!(xc(}C~B<XW3mnmoRD%;e(fcOIAzCz})TQ)78z><o<zG6|SnzOUPKz7|1
z^|vT?$^i5VG%fK^ru_QZ)O1Ud+wuN$4`s4YDMCG-lhg!nzLv+)=wDFC_ZF?YDMe`I
z+a^&Qa*~-)9t(y0`=o5_42NO$DPvsy9#N4ywWCYCll&Fhw(>Mb*paxQtbF%60NA~G
zGGM4O7-Tk6d^`Zeo!u&l(yI$K*vjCLEde&wkBaELv&2`ED4Ql7B&a9p*l}J3#k=2q
zBY#mw>;y;%u{ab`Jt}3G?zCQ(CJCO3Ym%-_Cp(UFR{c|r9B+XClwrQyS{JY>?_Q=g
zTes;3n*hV1KVh2MiDD&UjLVHuOJF7|=>)ycjBN$k@=ox3d--gYm){v2+=kvZN@AZ>
zbdT|n4QCEIAW>6oX|f?vru)BMlj|xV0!`Pf5<rS>M31+*PF$>d7Pjn0v5WqjYm@u|
z@In?5^T^2ZX(ZzbgqWS7EKbY5;v{_s4GLu1toGcMjCqQ$Q^UT2#6qrhsr^zqKsC=S
zwC7`yAYr%f+Ot*Q{$_TXSKEgf&o9Xi9N-=>Ne<}9rRU<zL-$B4+Q+CJq!$5?fDu%x
z`4g50;z)qK-s)N3fS$?OB{g@ZvUe#zqhzTS`qbqBUDGb~p{3*txWc`;mV=Mx@@3g@
zo(We0_RO-F0?-wxmg<3hT}9BqhL#$sb1A!R6OqC5vF00uDxx}kPwSQON5xYOBOcy-
z@dhUl!6&<#)k8hfc%7Nq3l0!0C`4L-hsGF(b0h@GW4h#tEcwHWTB7H`3i)i|JBi!q
zNqAV}yF1aP2ebzn2;MUl&J7mJUiMj%D(c}fO2S7QyXCea0m<tI<mgh3TAUL!wrCrI
z2teSA)<}c)Mw7)x$hW_15uLHCVZBY1UeU>#2%%(wyiaBFnIcrq(^L#O_+wIU)zY@@
zvA{FM?=KFX<-yWVX(2}S3J81nB0Bt;As2pT5NG;Dvi1JK=xDDGq#xGxyuc+u4|Pav
zWC#y0+`d;LJsTdD3MQcqy2)R>aW*{*pZa)L<`|L}1tT7_7Jt~)L{5d-@Kcm{)OtJP
zo&fa}#jlua%-njvh05Re9IsO+*FJNfrK8c=TfI=p;dHkyKb=uNbx9UCNEcX`7lKp(
zmuK{<Zh}&yob-0YqEe$vM2)Gy_$y$CXazl`-W$6r0<(HN5$cSd5-wzJSovvXAs3P8
zWc^m?mt)sX8TpPeb(MzebQ^L^*d{T#$~VBLmUYVXg}oDBK8Q)V%Kr>fR*g1*@wr{s
zZS@y7LEFpyrsZF0WO{z(P+qoA83J;j!8J79BoC|O=J&o=RY1tRoeC^pe_jS`(?ru;
zWj4%eCADU32*`pAv5f<NFQKxSP!%K8xgLhT&PfmR0oJDfaA!Gw!emAwV*Z_Z+!!j_
z=Lj8VG~yre%c(lp-`e%KOJZi6M&rwYX`MP@v{bJN<oCXXC&0O=c#WRo*r5NMOg4G*
zskWKT=57pnIx-oE6<u=_r+(x~<tk=Uioa4XKV*42n%sftAS%f?MMTY@Q4(>4^_u;}
zkB;4}Ph6so3BQ+rS~Sz9*xou`xhia~3<iOT39Eal>is9JhP;)Vy^3z8fwwpD{c6^D
z>0zG(&X^&AD?GP=C;VG*E`n?oL1Qs+-$T6G1k+Y&FDLR(b+-oTf<0(0kOcuAo0f|0
zTAL$cV2eSXsry`>y^)rZf2_rlbYch@%y5>twHuA4MVZH)THVG2`$Zx1^rK<m1R=>y
z8ej|Z=bx}s#CCN=IiA!gm~GemCXisMxSdco(7Su5WbPuOIXGr~&K`m<Oj!L0J^@Uk
zl5O-SbFgYH7*muEq)AU8gETl8caFZWbc4S|T6pJq*atMuEW3^z1v-jr>hTp*B`Oqm
zluft5gP+Y_9v6Tkno&@vvY9FHHe6e-*DjkjV%b_DZFx9Q{*ul4(=-O=b9~H8eB@#c
zIC${TkuVQTW12R`Emz}sam{?92V;S5zQKC;oxGqEK_hJY6MS^1_#~A6pl%rr*jhee
z=76g{Xd1YTIW+L!ly;7q+Pl}R^7#pt66%yJaF>yrhvr#)aGQg>E(dQ;4l{d9NBuJT
zzoN~zjIp~&j(h$gZ~nxBOIb&1GBe9{O9GnQB@p@a?3S$QEr*;|3d2b!H)50&gH4Pm
zw1XYG9GBG9!vppc7l<53-IK`0g7&1P7s%5{_)BHD_h!5$Wi{;NXsIF(x|e<(!lqpf
z_p1L=yhJo+e<Vg$Tp39a+wr#X2u2Sh7ltz(JzYLe-s4VAv75EMsV?TQbv{b&r@dB6
zJEutH<ED^L&#V{{QLLv~ngI4o9!@Dme`&^<z6vo!y<_UkpYRfWYqrLYGSO=HWHb$+
zird@nwB$T`F(1;KE`U>8yiHtSCQORd4gtzx^%?#JjTrmPJuQaK(fbyZt+Jm|KZ>|D
z#*$UZ#$w(LJsp%5vMsU^6olUhkggrt%gda~mgDw|o|&+9TwK-6a|UAtz<L?^rZ(dz
z8!C2-0rt3j99v=)MyzS-IXB!Nte6%}ba6SCE}jQ*lXoEp=2&=mLbXIj?w+M;$4a|(
zH+%C#A;oy26~wbD7JF(0P;8Rbe=&}O!{X22M6?N7$dt<bK;u(KTFBTNtNi}eg8ViB
zK^GUNUqcaO^V<Vj0GR*)yE@zb--#UpfSD^4*~ReCrDq^L-cP&kkCm0Mq@CHXC-(pM
z2X{4fa<;U$vjzZVr(>pLvH}n>GPnHo(GRi!HUWS&F*W*Qu5W2)X0PwcXaay}>SUvD
zXyokTWN7T7Z)|U3`rn}-cJ_9r|DF0f{@vkX>SSwaXX)%>Y5d<;Kob)H1bGz&eI^Ed
zK{*k9K_PjyUoIpWOFPrwE%?9f|2;6j1MvSQ4gHV^caTVssF2tI3evzJD8FkE0Jp9~
zN&pqBODn&#V!&UPp<iokMsI3lX-98tMrY{YU>nCM56lP?^70)?;hYKFKp4Dc0iNEG
zL*+8f$=lXW;^d9X@zlE-as(2QLg<mV+jK&A;$LelGtXhKX63Qb9<~qh5LfLcKs-W6
zktUQW0gJ#C-}8N@^iTrvWsrAiEK0&*WJqu-+xbIJ4@OnW3oHsz>VSW%P(Y|xNoRas
z24F<M&G|#>XdH9S(5OQ|_yoq_TP0t$gBa<Fc|F@Ea|RN-is#da_^PVzZDJ69gjdGj
z+R24DOEmi)&LabE``DK~>Ad*qtC2Qhma)uHSLa39*#Y>!Hvp3OVtk7P0FaIa0095L
zH(+FHXxozErlP$5Ji18GJ`jT92^;*&3`GzxV6h;o0Cv_51|h0|nH^40t};&$nXHIN
z!=gAMI2^_W6&`4W35tsgI*RyYXh?HIvIPx%@nY8P=c~D%>pXkXdBf?o>+sAgZGOW#
zf)Op0@hh>Gl=9C$q~E{}C}~u5B)qtEw9I7hS8;<e`|<D=X5L-SLdiQ=gM>UHDFZJP
zF(;P>EjKe01s^jPaaNLWM9e%`tjy#eM}&fzl!}Xtx0DM?>>w)Wfk8S3Cb3Jv{y=*{
zpms5GyE9zySo$GMLb1CYSQ<tWN-p3MQDA{WLi#O<U9*LYr;@u=b+G_KW<MmTb!2Re
zT$+ehe>^}0sdFJyQXydMKMAPR`!;KYcw%xYtRPKSB$x5@c6nk3KZD776Fy9F)iUF=
zeG{%EvAspeLvtCR7<uw}Mw4p9T?p|%`NkO#rbNk-g-PQY_&xBqq{f5k9GMil$XOHc
zz*bCb`tDc3v<GGT<%k%Ugpf?3n1aSicc0!wIX#Wg_S<n~+<S~H+rC;Mz`4<7iI!{1
z9bd0trO;rr^u&oVuVLXPrG1dI222n@tI8t8_+)|<-F>tAF{5w~^n2x#eOzQi<0fRe
zefVSsz9##Y0wh9V{jV&3LInB7k|vHYIsCHugDT%F5jdg!i4@*Q5Z;)u0+pzjG3Ng;
zOFQb(fhU>*yJa*>V}0N2(~4q<FG;b%D*9Q%0XKy`>d8|@fPwf^^-0w6QzM!qf=x{_
z0Hg#9>RD1rOhG3du-kd&Zm~R4@+)krZ9rs=jg7%AxUjhC0*;jqN)UB5Qd?yv(9Db^
z7s6M!5R$^sL8*rmO&$%v9b!nw16v?U?-NPS{M!%vbnfT4H1H=vVF|?75F&$P2;|o=
zq(Ws0z}HYB{ipK<)^H{QXbI5QkRn5B@>y@CC~#XtR|eVU#N1IKCeWY)uIfoR5fIXb
zQL9&~5>+WR%GAND4i+FR#5IU}yMeE`SGXA)F+d-OC>$`7L`)+TA(Uh`w2n#H9@v>n
zF*FA&5Jw&M8E<96We$=kL_Dc7Bwd*X8PnaF$)C44LZ-<TPau$IU5NnTVS_DD5`11s
zu>1qX%LB|8SYAmei8%EgEWzleUr8(vkqVdwq`{J8jhWW=D$wU+UP(0jmC5AebMj4i
zrX_>KoC9t8_(7V9L8n4w29;whG!l8RxFi^6L&+uT(Il#YB&vxds*xnBnIx*AB&w+-
zXmCl?U`f<)Nm2oks(xQcq$*IPDp;f{V5CkQ5?4@(YC3lbPmRPtj$?!-q*?ND$W>6L
zeIf7*Cq^LZK7Uk-LLFa5b0QtcBdDl$_<<C~+P~>xggT%{Qc)gM1FDL(UFj#p*|AP3
z!(A}{tSHoVr{D>7aE~5`KT!rSDb%&6=m~UykItjs7zS7sXEdhB5o$x6Vuro3{%ugK
z>P$(Rh~x)BHK#&Qgd1>D&FK;469uA{3z$dvheEh0_TPH|N=oJD69e(8)C*DML*Foj
zJq|Oz$y|TlNc%@4nD`UDc?^lf6GoyOC%^|rD-?6Y4Ir3A6P0)*M-m{TP|g;4gJcv+
znBt`nj=_jlKAa*1PAQ7yiI*Xm1Q4}&xBv>KQYht#4?;8wAsXY!5?GK%vK-I<^3o_4
zbH+)S1h41ISO+K~v_hF~Ku1S1XeXc1FklT_DwKBi6(g9%q2cMKqe3!P8?5M*7*4BV
z{jU)>#580QkDnM23d89$aTbn+W(|e1g2A>4kTdvj2Gh=iUVGN*Pdx!^?OZmfat7bb
z22UOO{wc@y{AsZ}{ZZa#(9mIrL0^R}8vZl*`csKb_9MMbAW0lD2<anN3Oy?c<{>vj
z!K`i22;nT4@dlJ6oK8JKgO<)Su%%$u-iLzFie;(>ErV!yO`+Z1myB>6z;ppx8qFZ@
zD1)&G&w%YB9e6LGmCs`$evbrhZ@$+(g(9I=a1GLRdlh|X3#NSAQ6IOb3l;_r%qP=N
zkK^L~hH<+<3cl030-<-tpm)ebGj4AeA5B_=%0u#x;|l@rAT6Os?Y8keHJi#J%0B{d
z5SSQX5D@uII}ai{_z{%L(Llq1fdR6ZeolhuB_E)O=wPAG1VLX=|JnZFUizJ*EN0-z
z9RL}WEbO*LLjP7Xs2cjCjnxp5w?nTPHB;O>wC@L;fV;JU&3(;%osHP3|KLcezsff~
zzV5a>UJu!&_tYPHy;GJg3x{{7p|@6rHWF8q&Tsc>=jab_1okBEKMnPda+yE&pPx~e
z=-}3M2?3b`T1G>)D@p5KpTKt!hRikK_P;Vc-pa9GEw6)co#(aY8K4_vGd`kD!ze|n
zo3>qM)7vEi2H6t*T2t|?3-PQ<2@k+<mg5pKND?}MvrKAYVq6w~+$Djq!lDNDn*LG_
zM4>R5O+NneT{)&51lK2Th)YJ=K|;pbQ8EJXA)em>@iJ0#<v`D<L|`CF11kd~|HB|x
zb(q?R5(%c5YAinupVIhuCnnHv7lDB)Z0A{QXdz<et&~j2;U8j7W{MGroMmVd?Vr!|
z<QG3&CPHQ^CR(Hv@<S(!U?I}JM}mQw6F&cWQXyyz5bFqu0mDtihWE)b=)s2({SX?{
z!oRxnpys65uH-Ixkvnt#l5x>vJ#)>IF?P`>1aGHU<XoHLvgNiUYxnQK`1v3B&$P_K
z=DOKqT|LV{Mb3!4C+s2y%!uTq{Y5M;=e>Gsn4bqB|H<}=u`+(o;S<<LR8*ejlG6KM
zDavop)$i68vvE!1kk^OK!tyYCb+-&Kofd~|8C$F7(s&5hy0`(6&RP;|t^Fsj<Wy8C
zaW~ykF_%m^e8`TIyTW(9KM`j7Zu)QYyw`4>6}DwT=Lh#J#XT-v61VnA71Vv&YI3Dm
z3IzL%;`&kRK<&DDVJ|S-+ufXtCDuia<~E`&Jwn}=SIvuyt9d9I&*{xIu<*V-c#ih!
z=OU)r0WMyLCaR@{&bG}zb5VkMJ=XKl+~eCvwX|XQI!*V|pIX~*$46fej4#|f*>9H9
z+h!aNqijE`dAq|Fs_x;S(=a~Y*BxoCd?8sCCzwRoZGyHa&PAB6l{_^cYqpnV{^aJ~
zr5}7$uVNfWH;G)Tu`L{->-H#On`tuL-QPVb3g0=UjnTlt&$zK@(~n<qKBh6WVsP+i
zIBJ<J9L~?CW(S9L@3PS^);#JKpc32M%I;hRT`r5KsGETcy=1;k&iGIhHA(!~Sj$5S
z@8#-8%R?#n>$)Tzs@qB)SMM!|$X1)GocsG<m-(q^x{(@tc8+gF5hZTMEOxz6nT{2v
z?mpsivXiZB32zAN$lqOITK-vyNve39@#HTg@2y`+>}t8&r3GKw7W$Cexp2Kyc{N;%
znDdvO>>P)tYaE<4a~&;~-oy9)v;7y)Y-$>~OQ(<ZcvgN~2bw)vHRoGiv&|1_t6fkQ
zFU%kJ-$t&PU_UjbyVtUV*Z*2oc|U+mqWn&*9=$f3TjlJkYU=E@N)yoB_U`Ypf>Z%p
z??(8%pqqnmbL!MQV=Q{#$Dhg;CbO>J?5CuOMj|!8Z<F!5y=Qy+GHBUjHtEr>nBrTE
z@~&?g>ZCg=W<1>MKO!_%zxSh0<OXSZaeDppd%!EyITJlhHtPrJBui|%hcw#Ef>5PM
zJ3qzSTAb9Equ(X4;_mmFtwRV!*5N1?V!P=^J>}CTZa}}NgfB?rHaU48F^^jCE?2N*
zaR_E)mZSI{EXSX~cN2B|+`M<HcJuJRiKQx|JZGPdJEw!CQuI|mFki|ja(wLYH?r6&
za$qZ1t;u}xZ9h63>z)k?gi;RfDE)4i^X^wOU=(lpESWrpEgEf?4^w6~6FA#iPh~gS
zbK{quvp06)7ji$wO0J_f2+TKlD~30(hy^EGv(41~KKE2l>E9f@s`%?{td$}%Inj;k
zI6V%p(w0%hqsg+Y^XTMrH7`t^`c)qXu%lD8$ZnoHb-YzozF8%4+k()uj25Ylxb3rQ
zKSO5X$#wo+ZL&deuj}PZC?0(Ys2yqi#vBlC{Df|wc>5Q2R9Z3B+_9*hj?0v1dtLeB
z{zlNhw<hLaY-Md+C?q{?n@x(OeZah(A0@$E8N$3;&n=moIeZ0V=$luZ_@M6A1{M4n
zB}bCL-rGwX#<aS_O;&M!23vF6E~y(Gz{f{k2YArJBL_>v=9#txA2SA~>HKFSxzo$h
zzWYPS_kL96<0>0tB>QU0Sfsf%qu1D!-grO0-Oxm?hwf6&$Jun@6%qd=-W$)Q+SX$p
z{imX|f`sx<uZIHHU5_J&{JF2?n8uDptnfx%8s{_QQ{A)>j@_jX_G9O<6#O9jKObXY
zrz|j{Gqp|miMoVOPg-^ox3b3X{k?!8+7V(ehZB9`H1cU#QofW>y9tMs8U)3y4U6*@
zudxZ&^yepxWbV_1-9}-A5V1zk>tHoSXqFTQ>ZPqKl3m(mo|C`VHG!%-K=nn#v_7{F
ztx2C9ZN|VC-@1dNtnVSFGEcYFAM&?p+K69#m6w~}z9t;@ttVe&_^jS@{12jCO?DSv
ziw(6Mw+(=Ey&P=$ANz~vUH#7IAxU1PR!(55JEV#1H$aLSQl{^qzH8oc7b4+yH?x{h
z!14x3;P>JssE|ZrMr#4quRfX9T(O3DIRiWse#Vv|fN;#aX3m_VO_8_Ir1QY59&Q+e
z)QsR%9>U4TDGT(0BIc&9xi|bv$%V{+{t5zl$vq4efo%0quLVe59XO@&!*XnNdv(6O
z;HGeXyBc}^Awu5OeN|ae-tC}NkM0gp^?)SD@=kdfdyB^?4U_A->Hx>Hed<Hu=kuuf
z41Isnn83_n;qI@w;y+HUZ+lhKQ$mNud*yrE8k`<l1(h@GSH*=aTBRcgIsJDNk*B6d
z>zt&81P-fS)(9%MyECJLKCNbfY90BalEQ`~L%9S4U8`|!sDwn$uaiUe7!QAR8;3>4
zR^97;`d*|@7p(MRHw}ZsbzD`ohO|b8XX?o=O&(uUwMsAz(;-25Q^9Y=&x@?UqFt>@
zL%Z{E=>N)j<o_vCRsu)s3Hv>j?^_`JqTfz?N&DUWjat~xtT*!-ZjiwJO|6|BN8U2>
zn3W70%3B^+h+|LP5d;X1$@co-%kp&3VLGy<Or=O?JSXN`Buo8lDqG`c>@O-H9{jnS
zu3YE65p@mHsDGTdGp#V|@<>a=%ie0-Dqh8*+;uVw%xxRVl(HJfYpr@}WnY!hGt<0B
zimt}-M^B|U?kqTkVmflT>7?xwhW&BnCcN)KiOuSOGsIzSu(8B)fhwX1R(q<1vi&6?
z_2!kL(-wU4{$!#iAXS_BD-{g4cr}04dyXCbadeB|8O=?rH~Mt2O|Os<-qGzbZ6te3
z(FH53nj%_r|1+p5w`lvgM>1h>ysn5Zs<~uOKUWXSWyP~q_S-U-;nZH(7=EeL#>%BJ
zTJLg(En}u5s=KJmB~rZ)Jd1`pTj=OYW+iqVS!=j|pO+r~l1I|R(&2p8I^Y;`KH<1y
zSvyGtU&11FD23|}(gB-h1@yNKADDid?I~{~u~6cRc`Si+t06pfn%Q_QiQJ#pFP&5y
zFZ}hl*tmvGDNTIe+AhuJ@4=O+xe`mFbJo2KHuPZ2cQz(7;XI<1QwfajH7bY!C};3q
z7Ko!~BFIZ>CWyeJVw;x*J>yCQ4vb!ixSX}vGxekLeX<MdRW`K0DHF0v)t4WcnJO!>
ze8+m`EQhQW>(8w17&JegkMfDuXNzQ@K5<)ss|!(i(Jd_IaI6wbx+;a!A_GYyTCJLP
z_O%i^hR5fYyRp!{qRunJupZd7_GD7#zEd91ZyUQb+!(G=t?K94mZ5v+ylz$2wL9qi
zw0WH=-Gwp7ONb%bzIg4*sPZV}B|6=CkfLe2_ByX5{Nz}Edg2+3A>>CbHtlxy9rB}0
z&Mm<YjycYxp>`Ov({8t#SMwbrtJot+=G#%D@T>pGXQ2+5le177xcm(1dgzUbdQQS7
zg$C>*u2Q&uE@6&S*Cx!&8zy$fN>|bO*4=fopfG36__^!9KvfL~lP0ftW3dZty%s;V
zuv=NG?0W>UekQ*ZBTn7dJMMN@YHAn0zGMC9Z=T9btAzX-U`vuOu0819P9j%vGI5=C
z?wi_vVJrE{ar;SHzV5%d<Z{i-sp?YhFEz9EMZZLgJym}O()fEkJG5n~eGfra^>|wO
zT!oyTH{-rOb~|BQYxNcX{5fJDk;}@stT<*bNdK0P^8yWPdQG;Nb1_2W3;em!Ams>G
zAS52cXbi3<z#c=34B9U+p#a?%(4hdH2y86CvEWvLKouNTfNVzI0L=-M6C%$)P@rA{
z!VStSD4Ih&Wq2fB0$~+`Rp51j;DT5dXi>mafm0Pwox>}~+JMdpnGx8Yvn+=`59Z2u
zJ;ibP_T!=Y1pi-ftP03tVT$?}ER+HO_zyJv|L~yxf2btge+XH&Cb&cLFy1Vm_w4qY
z*-44p0^rl@EnUnY@HFB8Wh4P2w$;Ru(xFsWXRyc;dJIKF;aa^|gF1>=%t$2cu-^O{
zb)@O>bXUg9?vHQ4=4D#^OM1JZU+2eFZ`wAEPUBQcax;acZ;o37d(T!*a&j|(uh-3$
zy=^#nA>qmniuJ8{V8W^1orU_|O^s~7MjwQzR!3k!Xsm<vA%1{GJ>}N(Y^y*Qp<xHx
z0+NK3)3kq6V$xwRtfb_j(5oMm<WBr&+ft&5(jgmose4&*O6IXZCiyhZSYeY!b0n+J
zaEAw9)SXgmB)#GEr#ssIbajsSx>Qf*+gp2e%<h=yD=$r-pNZo)HFTC&gWRGC?y-(*
zV|#i_y0m5vrm<jC)}IXXrlcw7aOANRPibna0G*IBpt0rpT&`oku%$k!nzq)R8wT)m
zO?HCbRs0KZ6l2G>vzwRax?KnhUS>nvBDaHMLk{C6bLMQuq0dRpRjd_fOy}Jx9r(uk
zlX0ar)=S(SHlWT{k5<Bx9e^m81ThWFyVy&X#D9Nts$ugJE?Ivi8;DWOqET9<WJ)|^
zREVb~(3LH#g=I>-VqAy^$550pX?PZOtWDk%sQ^t^lI10dbLtuPrE|?|NqveA4Xv=D
zt4O$A5`A+_M99~PN}0OFN)t>?qAF<69MT1eH`PhPYlA8b^ORx09W{tUvmE}az=S!h
zQG{w6YFu2P3|?g_f@yxjuk<Txrk6EP%z|#7B;XdI1=>F4dM;V`lLuWXL!bt}`S|Q}
zWCkAm;gD0E+F)L(2JW23!eFJ&pQfoir9Wg)k9!5X8)7*cN_R3EEiVFyy5PM?5KSs;
z(&WjSbD6fc>WgC*2&EBXM)5>k))U;;L)_L=+}1NI?3OX4k4p#%p7bEA+RF&upRw5`
zOQwasVh%pA5yfW=>D5c&*SOpr&Lc?LXH<%xl3E0W8Y5&8kC%M19WHW4MGZwk?LaBw
zKqbqDYjRp^!<`)y{#g$=@XjiaeW-}%l!C~qL;$8%zalfE8k(?$IXncdjzmY+GC-b{
z(;L(23ZEO$efM9^$<6u8wRvftk0BIwsYY$sqEn4_0|&1aD5Mx|pj9ck46c+CFnc-L
z@oE$vHwa1V{NOVR7BXH2IQxOXWvkLukMS_%Fh5)tbZ3shg=_Jo?P9)%agcZ&G%u`-
za0xwLg60gpJxlgkxYbYOjaUFT92x)#1g)faq`^D0&m3S0U%>oFcHRZTH|dWPIf)lK
zN{AE%fT}=y=JMUT0>~E4*onUp9Kn)IH1aTf5Kbl3Zr+@x=ho2EU&vDrxFYIJYZGiv
zvD)+rL`}nx1ZrjcZGA2dS<%BK;#O;=<O8mwonRPg-S>XSuRVWX2Niyf;;3M(sVA&<
zvD^fDmh=<Gdy|yIqdj)i;MAy`H@?i!PZbFg-7+VqDb6W9;_bvTE2RqB>Ph6qqlnXc
z5ac67We<T|d%#%IH!H?89;=phG%4}JRt2y^PP7RT7ypn(1P_-s+~8DGIuLDI3R^;L
z(0)ARem*y)6!fW8Zm})R1Cx6~hYJq`NN}NK9FPP>V8nl*Zh7*jJQ?e>>u}BS$yWr>
zro@#E3UEYqA;nt{v?NEh%WrinZ!Z_ek*CK{=l}JQ9U<*qVm*w@6bQ=7B}r)RF+fFg
z6i6Kuj~F4R#naw^&C!2?=@7IdyTlR{ZNiJKP^3$xy2K(Bt&$@ul+X}xRWjm^Bhe~l
zO53>@=@Jh@I+|5GnwLA8zkgOa9n+|2DfZ%Z7a}W!D*P4Cf`KA=#TrTg@G15TgnT-h
z$5b*_DVR$!iQcdmi-AhDq0;F>_%x!W4_^@&>EaJWr6TQ>l)T*o^#DB!mm#|cUOBl2
z;6r?G7=++klq~T&whYlG#G5tL#wsA-(((cNk+R4LM$#Jfd_fAN$*-@kG67IZpt#|*
z!ck%s;411VYn$Gf%DYC9I&5svo6KG^N>?Od1k04*1H4JbdU2$-6cOgch3`2+=R7ZY
zDyG!Ljr`=J5NXo#LHZSul8HF90+~QYB^Y4)8-9?rS^HKT`(~ho;-pQCMTr^?SX<Zw
zH{|_mTM;9jkPFBuw5%0X@D*PpC@a}f>Cc-l3O+wYepwD6c;^YR6!3FmX;?MJJ-`aZ
z&PbSUSS9P>1I=Qdt_(o<O=i)?3Tx&JS{lfFk;0LIXtQO?{Q@UN+K8mK04rOpWTNg>
zy#wVaD=7$y|47BmG1i))-ZFdm&-phG_DGbdmhAhpxv9*snNspRk1#Pjk06~~DO__y
z*s8xmQh-5LsspI+qY9Kxn1!7o1a#sv%?Dr=z=4oc;=G~8ZlI=|rr8=krx@fB6i_$(
zDP_K!$_F6}j2G(59#dii(cyu?x+Y<%4!=|pRrBN_P2#*=K_+A|I;zziQz<)i@B<+y
z?=W2=3+M8PZn;;TJI@ockg@I&bs5eGauW=im$lGwy>fpk)kTu1+(!C~P@UO_E{m;x
z`+zq#*&X~W@sM&rIhO!ugEKw*TZB)AP~F<zB=TC(cfpAuWKGx%2EqHMn*Wz>*(lPH
zC=wV9)f$9MUA+}}d$BL)gCKeq<o!#5coqn{4zN2%_SDkrbYfT%6OUMUXZ`i;_NW(v
zSNC%2ab61LT_3GdXsIl3jjKPxypQ!0MrgKvrhJ5Xruoy1t<V>G9PN?@x*f45K|=3f
zCRKp#;3T^Hg)E(`(t?x3mK&U3n|j&<AP^9e2V$nB<;p|Bpf04D6N0TL;8)DkF2c~4
zkK!9kXjVNv-13_Zf~_6E#R(E+{;4`sAF!i6a}IhbvASfK526)1V1VniNgbFP9oe%$
zw;e(deP@84=#i*OU`n)oC1%`2jW#1J3Vm{byq^?`7`2f-Uiu=1v`qFK?p`{eZPI^r
z60+NcC^L<8p-YF%V?98J5t2$BC<RvFh)Sp~JA5Kkgi4)MsePk{zeD4rHeviw0A!U4
zZ>1E&EoI*j_nMa%kY;bS;qB8?s4giRCm5wR4ImHk%%ISG$6ui5W!qx$E#yrM;<XcU
zyPN@2F&(CTv`blL4Nmash&{l`KCIary?}kaJw0g`rpF7rfIUtdC;Jmkf~XD2Q`)Ey
zL3@EmEc3}}X>t!r;<QGs+Dma}vv_ktqgS`Z_JiZ`J)gWASm+Gy_}HzH^HWafMggvS
zQRo42n-o<qYR|6X78K&TA>x~%7rpRX(;~SCJm*v3v^%n~6UEexYT{ajXTbgdk!%;_
z=n7Ma{VWm>2zCej*d3$TGmuqSr|rH>u!B(O23s7FsBH_r-IUq;9f0CckYPwTc&E<X
zy3IH5V*bWCCE|rskbKnmkl?`18Pqv*j>W!JMLP`2yH5xjk=KF{zc7r(g`qHv{5D6t
zuN#m25i!U11aD0(*U$VxTo61C@x5GF?*?9QB2Lo+v2c{O7Ebgr*ca3FT<0-b`+VXp
zDSjr8=uxt2NitDhQ{sJhQ7tmDhtuTfY!HE$*hks*X;!YMBPR5z7R(;O+Zx0BLi(7U
zIs@95@f){bP-|#W#sVi7nB5QAwF|iCnU7;ud@jKUN_N=1I>$Z??9ADMq6gqi48lk5
zWl8LI>f~RQx@MUBkB6_$V#gbFytW?UV~AuoLwbj}YurUb%BQHpmvnGX`s;rDZPzM<
zc57cM?Vh1F#BU~}?LfHE=45aWjUL>+j|*dg_7JgPk2i_?uv5n1yhL3rbxl++SaB=T
z`^H~Mh9P}$*j~ZYi~T7VeBD6v9z((m&^E2dSb@jVoNwSyS_y^Cd{vLExi*?Ot<aA)
zO7!72T9vp{+z;rJPJ^!(2%psrFOqAYS)ob9Zu=Kg<{to=Pr?Fx4X?O?ZhS3?)^q&z
zwB$HK6@J3U16~k=z~^@j)Z}=lSJlBfq2xq)6sf!k4KA#Hb0nM~gHDi9qE{UtkN$U|
zzypM6g7}={G&XwhqfhGi7j2<lrHkZgFZ-vzbbBZI!h1f#r>m*+q{O=#7NCXp3CQb2
z-sJWgqr|U#ccD)~AmjwE^T!>i`}~02`uVw61drrdbgh%sfi}0y1^knEry@M(=pJ^!
zfw)Lx(ra~Wpv--K!1|x?j}?-0F>-{D?ASuoZ*pTGen=gQHN6a=ufK_MehBZK!k^<K
zPVM|8@yD-=$4zA4=n}8?LO%=iy+5D;06#y;>X1At7aw`XIhGXBwhHUGjx1);rlqE#
zHj3)O;R90!mu8_9sA3@$1<{4Nx@lV!QWaGaB?Y2wqUUNG&0kc@wl_aBoLhd*e>!`2
zz4=a<Pd<8Pzj<yRy283I1j1mI9Q^y7#h|#>aD9RRo)AF*U>m{1BCr79kdbl_85M(M
zmk6woS`do;%g0Hqh(JAQ0)yVUfmFYEgZ;oEBD8W}$Ic}9g8ldd3l$y#C6JqjO*{Ln
zFazM{=$^}WiWR#BZ19`lQL!q%6XL7CAqV_GNP=?R;i!&~!TwUb!mMqr*#YA8q4mKC
ztm`cGBA`|Ih1}}*k%dhoMgoS#3#2Sw+XPi_97UWIDD?!A#**`Cff;PMi7X(78^lov
zFa#?$DoTOE%qiw`On{*QLs&XhGTR`;t}SAeC<Aeu*)V5fBgh*s_`li!fh&?hAo2>4
zFopC9+YoBJakD`nq6PvG3e-ntUrLx0e9*VW&*uY;08ar^7;_a$NeJB{{DxM!c<!JT
zxNkAS1p)toCpaZfA|G*kXaz<S-y+IF;F0UoWdMAu(ltuWk<6J$YuOZ{C5SAgsv<;4
zk`xG)Lm&ow@PHtjl5E%%vMGj@Qy(l4&Y4Pg*c8$!#+B0_EEpp_iK$c}Dk1!VP)kxg
z_u4mB^ji{FfQTH4OObdB7=jci1Ot(ePbw!QS5)4aFK&p9{O+HJ$QOX7m;)SN2{EX#
zmrY7IV~F4?$EAdTjJFVGkR(%ZQ)zmJfD%cFg|UpgK8q!=k(aL}5Ou;l9yiq>NHcU8
z!~M=R1eqsaBUnMG{z*G9a7*WealOOJ_Z`pYAxA2V9|s{H%8rlL0NAAMPiO%02q8@W
zv_0qp3jQ=Eg+K)Evjyn~n~^x)y$}5~-pP&!=`)4s4<*jnFH&T{ihv9y`=)p0Aj}Zh
zCxOT%AveBn8&9<kv<zp22*Cuw_M=uFkrC?L-u0GzT|r+@#0#L-UNA>~iZCe*u!)Gy
z!2o8P_qUK>NvvQtL4p;Ri-zn6WDGGt#w<x7=YwmRbpe_F&C-_uj}=d7kD2n5_Xdij
zG4TSxEF5zJG1SvC9D@gC03%W`pw<7#Mofq}Jw|CSluo4P`Uk(!o3pis_-&1kxIy&B
z)aL)f2FC=isUnI5vKgq$F7J(G1<h2t*eKw6DUg{>xMn94whhNt78tyVYypAGA}g-&
zB!|GGIumBXiSO@M^}S<D84k=rg#uA(0LzBiGOQ;jm6(lEphNOnGzuRB!t~rF>OZ6`
zxNq4fhXtZ6zHl6KUJye-^9D!2f~#S2x|b5v&1Gav4NB@bAV39`?Kj6H;>2bi>lwQd
z9gPWvNZ?PmN5bsiAOqprZ`KO1JkaNl04jrGkivS!UBn2L0T;Sz!|>(}@qnlgkxOT8
zyk8#UFFJ+-l<JD`g=vsj-!GE|+EGppk%Zolco({dSwsi0&t$ePAvgtM8wuLa9Khp1
zST9OzSO7rn`|S3YBAj~9Dab%QS~^&%!;k<LwCQkP^k+t=l;Bz*92}(6I3@6C3K)0|
zb`Tk$ft(K)R1ZTV5Xc_JB;SBd?Ky+uw!cpa<<-al6YALeL_mbdS<u@raIgJma{SBi
zx(PC3j7bQ_J=I@4m?mg1kAWFSk@<5ZeI9PY1Ft-J*gr}<Tv!P}o$4<nB!T;mo1Ktc
zIKPAy0m#Rsres1>;sd=}BZLkKKzJs6KcI%7S;5Nms6QqYkY9EF-YC>UJVCw*A_(}`
z#h(CvS0j_pmqmK)>}CUmUIm0Z28D%x2soF~B%iF3CdDRX3DH`l0%-m-Xh8kYHt``M
z!1A9?OUnouQ2uK96fTzpg_Byf(KvzV6I!)^E3yMNCXr$#!ErFVDHK{HH*Qm7<$V(9
ze&kImBtRyq(EW&h@SnX~j_nd8W2Pt|;zpz3lcp$O^*T=e^F~u<*KrGxJ{TrNJY9@z
zV*bxauuwdBChUlTMWc`Sn$i)3BE*geI1f293DHA9Kztyh6Djh6Tc6UYaajf=cAVw1
z-qn*D1q5)`!0i;_KmFzV6BS866HRZMBKX?5<HnQBhL<5^9+x3v1k_jx@SF(Qzt)Ea
zFk<G12kwX-4D-j}O#dJr)F=l;C=;e%l6Vk4O6(qDK#Ebc_E+BbOg>>TFA&uq!&G`0
zD~$~b1Y=A%z@a%RKopA$_eY;cUam_(&U?T2nbcea1WpJGBx+7=NNBmlhnalwNaewA
z?(gEEig|Q<t%$!|JqX1lU>O~JU|Mton9lV<0!(v(b9{+Gxp{zPLw3A>H9(RFDTe+!
zLN=j3-}sNJn{z5E*k9$kz~2N)Lkr`O1{9j0>rSk|w18zn8%AjBahRpIBMgn8Kvaw|
z@qQ_o;6egy&^3_Rget<$n`H!4#2{`VI*^lzOCVKcfPSM4U95CS4-Ilkk)s+Q?9Te9
zWrOW0<X$vg{h$CMh?!AWXpP#&-T|rXz*K&?z}3cP6lzCj);?>*4lq9ED9uO`n{^Fg
zM05hAsnLKuH>1eQT?ihiJw?DcD))T*9n>vm1uP7n$UVi8=YstNH%uMw0r~^w+oLFe
z?g178p=3o=jvt#vw8+r6c5GQqbK7Iea#;<X<CR-Iot>S-LF#}_TwOf18Xa-e>RumH
z=Z71XAEk#B)8iX{-s()T@+h?L@1yPRrzA`{>D{lLg0=#pTgmI3sL(btoQEwoTT7oq
zy~L9)<V4K?)#V(oj@_>npFU@&?U_(Z{p%hchmm%U$tQUt)VlF5E=Hlv@&5ja!h)k|
z%kC7-IHO|%bE@F+?I>&uy(He3WjTAkcZH&oe^y?rMB9^Tt|7IQwNdX%8*?XF<q8yq
zFRUMEYulL$K3zs{QDM@h%GgUjK~0u4ch9zd#S6l%aGoJa6K*>ztm}d@(DXYft<K6m
zD`4kDN=>;(I$}=hT1TE8M-SL<!{D`FzsgiwdvaoI-2*Wi>UQ4Ve%dX9aZ18lCCSO-
zA)8=cVYQXuyGtjga#gdeIuSG;uCA{cmHJU9qQooXRar{TG~Su$rHkmJ8oLucH$PKL
ziS6@X9jyp&7-i0>m9my|ok-Uu-o>60RJspGZ?Ti1cd=F<x(*#VN<54Lwv}gZ6Ucvc
zvwUVrMas6Ta;jDxLMojZ?RP5A`g`pt`9_H)*l3w|t8f%<8|qr<Jr+n7K3yvBG9WLo
z#u|Dk1^=dT)@9}@N>{eQyor8i@+YUYdT2O24mOOOj^U~}Ie<TMuh*q8|7qB+welV>
z%ifY~X%+733}fo0`ynXIBYOLszpv0$yjo**?@IA7_Iw;>opGOphJD;m+5hOR-f?K#
z@cQder)q+o;okNU_)lDQ#TP!*o=IHIS*r2eC`trK^D6?`1Qo5SZ<w+aI!PhEIN*XD
zr#8#ebh8>g$2NKe<OJH$(QZd_-r#{ys*a*aUG@Yr`17#XJ-aapcRDt*mb5IqFHu3P
zcxX80;J$Fd2<;)MFv+wNfgg|EvQhz{D^lu!+@Z|LV?MzWvaka3v%DhPVts}p;|zZ6
zRWdu6h0Z>CX)jOmz=VZr;E)9{3_ULE-gtS>z9F1kqWJ(4Y2Tr#(CC#T+x71nd{~t7
zRJqn4X4(U>_*|(8G2a;88qwEREvvH*1D}LuSt`fUYrSpGgy&WJ*S`+DH}C6lZH+yA
z(=zNoT`bewudbTHB!py>$u><SK5g}Elgyg#jg1q(6%y+hs#S_Q{eM4v)s($$)U8s?
z+<yc6NZQ=H7cOqF>W6<4yZ*Ssv|UHoo5tIo>@?3@6YiEPEKUr_He>mgP!PIkO%HUo
zTzqCpA+=z@l$^t^Ho2;KXsb<kw#YH&@En!5Pd~oYnzyv;q2~2SVHusoRB=?bEnbZ&
z!ar0-wE%UBHsM3ji}~^`+3vThaE;s4GqtKJvHZs8&O*~BH5Gwl2xTAQe<^ddoKD+@
zqJxf3VE37=zK%<|DP08KXE8}^y>ric;D5&dl;5)%V{RG3th~`1*WTq1Wj0L>7$0*7
z--H*WSzS-8^v)8<vUkVtHQMVX1iT-u?fGt`o`_OOhg8tOW2sN4BfI*T)!UCs&$Ogv
zbKhWLTbRd?=|d14QfA94)Y>OwmFsbSl1d<PQ54AQF>GyMZ_+g6$y^|9?iT*a*V9E)
zM4l-XYT#W@7iOhov)k9%)KUGtx={F>8lFiPDMga%!nRnNV~(vfGTtpu(t(|%RX)zp
zQMlR{lO}iZDO@mvJ+t2dLv;LT8n3ecJb=ev99LhlXIUYb$z9a+R0xuYVVR$!-OjEP
z_QY?|Rege2KLh$IROLCJJ<P7h)Ww&}qk&R=U-x;LfU&)JD77NoAiZYoDi8YZ=z6Be
zz5*V}KNWq4wh!=0yK+C<mX1!-gnbWL|HzTda!3fCQ2$d))2S@naL}fGiqB&HHdRWy
zxVE89rOQxTPBvLBUo)xS(U)IN#zR&xx<+Ku^wfS?T3A@A?-W$!@gCEPbz<iA%kH;&
zHzq4Ka<a2)5C5;jeNFDvyTyXZkfGWXixL98;?sIevbAq1bilC;q&wF~QJQpNyHW4#
z@KSW8fZWY`bIsX3IlrxmRUSuEL9%>uM;}8cyiOaN!ZN#1|3%RBR1h~sxC{gq-?HW9
z9&X>o`r~T+uVvA428(funLzBJW9Hn@q$zw#)(F&lQ?J+w82z+TM98ef#m#k_1$|?&
z%?uL$BjNn>;o8fPI>>h8MUn-jCXdx~!#{P5EZdm~pH2OyhT*W|<IEg%w5I%N`nJKV
zGw8_qVp$i%O`6Wbu}7N1d3;52xt1q9H;raSl|sM_k>LjQ1h4mepb5L2#QgCTmso7-
zWN*n~>q%2L<*TFv`#&|(dd%)cBjQZu=@#}|@~wI4{37h#5~nC0OTsx|vh-aKa*cyJ
z&pBhI!q7k+Bv4OScPel~?Lto)URM2DPF;T+ObO1M5Un>l!oYDt)brCL4u3$dYwj^s
zdZ%t-=c(ln&Okt^9dzN=BkCwd<a)I@84OPbQzdcLRghElYr5iXXZ7vYgAVHSyp1Pv
zINg@<BvOo?VY-}6a2`uk7b2br^YWUH7IW7tAIpbI{Y+(+V`^ebNhw;n`Lu8xUhiUT
z&<D4G6ZF~ncZM(MAsMGEcLaQ6NSx?N+|1C0SJBE>4v_Soq{jwa$MXqa2HwW#Cc}d%
zCSC28qiZibGPO~#tOuo9DuIQNk~$tdHCBsN-(FWi)eB2jqa!`9(Pzq@gjcI%(DpO8
zvSO@7(Lkl&(Uds&lF`DlrkiQ`Gl<o|X@hB@7};2Sgo`X&J|5v0G@;wN__toTns$u|
zW6V!iof>BSRBt`R&;D#z4&^cn&*s4iB0{SoscbI3pj25#TaVjiOIRx&(Oew7b+z8O
zUwFYzWc}UjrC}{LU%OL_Wo2%&Osg?n|5G{d$ZVFH;+(2#OV}n#z3WrMPRd(Z#lC;0
zJhFE&mVaq$?iE!_Ej{2C#t?F2%kKE7k{fGnf4j>lH~u6NOz53F;e0P0mzTHj)?D>T
z_VLch=I1Sk%<SKfMP)g&?PZ%#6+V!saNk<|XE!;sGi>xFO7^(H)%R|N6Y1UQMQ%3`
zr^db4w-?AO>aJ;X?Q_vyO-&Q|vw5jg^r6MO+gW;2yAA)ZnE_`($<!)!S@Gj5K6V*J
z8Oe0RuG~cKq<-}$#opxBGSO+GXuW{Udb?VZy>~>1?4wzKZV+5EF*zP*uBV7b%S*i1
zOwlQiQLgOpacIr|VeA}&M2W&QTefZ6wr$(CZR?d^*|u%lwr$%rue)b4-J70>TxDeB
z;%@TZKhJl*tA7@Bx+9bdgX3p`&Ip#9=2XHNW*aXldtJ*$Dmq^Dw(+4*(!8IRaOdt8
zQTpxTOTC$OTG_W)*u|}sgD|!xiwt-e6tGvhhj=P+Qrju@j(es@p|o%}wk$^JvLj}C
zqZBj0r4fytD%cFPkw##5xz!7v?|(&_o^U>>^b}#1+|Li_s%FQ$RC{SO)m?cP9n)Sb
zI;cjMx3ip$NsrLQonbn0LkY;PFA}Jp+P>u5HjY>rDJ)v&^p~*`#oe`1I981ZU8)f|
zSV&75>Bk!dqf=6DGg39r?v{yJy}0PvSNAIQ&SJpV1)ATralg@BK3UIGCv$vWuYVJ)
zQ3>&#Gg>7t&#kXvevY2}+P_^ca#LI?8+Kx1<a4rjYa)zocI%&araXl!HIO&`)us%u
zcK5xf4z5?=X_Eg)p|4$ZjY>G{-E?P&UlE1<%o+`jic60=o*@^j+FjFiwmu)fWJu^X
zRc?8(y3-3v8xG$`wo<aBSW&w=r4|v7nhIPG6jXho&P>UBoXUHkKWopfh&I{xVQSL5
zhv#hNs7<_th#aT#x=P(9xmP1tIIooRL{!Usi^@(Wx~cDaY=hkbGKYGbYI7n5()xS|
z@2BK~@xQWubVSqRf1z0M)17%*{hcHkC#WS45YK*HI$^oaL9)Jy;?g}a7y8?1#&_Ph
zmxFG(nV!Iu71g@^(bu(#KS@%q;#*lM>Q@AI+CHzlf~fi<M<0;@AbElE-L3u+9Q9(M
z@T!E*Au?6HSdTGA?LC;vB~Novd48sLs&Z$>P*H8%09py|SKg^&+33J7OVscbd7fhD
zwNlPqXmbFiTZo!@p?X`&(P7J->>hC4<pAX?Z66c&T3OQyIj<V2OP6{xR5?|aQ$KQ)
zACyOUC6K~-`Cj?hwKKJ;s%AQ>q?}<^6OKn!f}?-XhWJWyLU^46G#Oi<*CMP7@%Jj}
zrY#I)TKz}D_vQkz#$`RbgMF?;YM8F#5rz7SlJd~7qB|YeMZGev!Ai%pR@cNEmX2no
z5X-BAxQ?z-8K+<&Vx!CA*$Mx$CFHK=!TD+hP|;ImL)tt$!Pz9R!LhFBDtV;+9q70L
ztT_MQr#AJ0IyMC<$XSU^?fuzr&J(9>#Y#a*J(0x6d*^ZW%<kibp)s<cjxC1c`6h?*
z)}5dI42oDPGisU1kZ{0K!KbfmE1}uE`$c#pxDK-0o)7!o-dBlI#l?-Q@oDdHm3N4>
zL`vLgO%AF+w>GZw=n}?LV@IWfrF5-Z;ST}PpF|Zr-ZLiG+3HuP0@(8ul47-8%jvl-
zGv~{rj$N0PZ?rdq42DUMm^Zoj(EurPBNkEr)BG7s!|LIc@S&i>6+PJvwiL=)5t+u*
zw$4N97?2y7)IelUnU{TlZO6dB%2x+JgV#`T7<=Cfg3z*-vdhpOHBS8Hv(*Y;#XoWh
z$FjrHi=e~yQ@I*jxkrwP9`9?B>{9ed^!SN*ISNnri^c=}uv3Njq(SL-x$5jAKmQRK
z`~4MF^5$5)#y=r9uBUX~xN;pM47Y?sp0ErVpU7|BcrqJ|B|WZ75QcjsBh<1^AJ99M
z;#4K#j1>u^3{{szIYyA>{Pg|&e)O)nbmpD?-g@=b%{~3$8B1%2{Su|D*;)-QvzAJ2
z8q>82<joK2LOjXT?J1Y_yuP>!7~go#A6C>zNx=Ai`eqbrO;|3?KG8xGzc}-qPffUH
zO7vsMIrYtG%RTMaUt*YOI!WFu7!A_b71{B;pKjiCD-n#M3p?j{<I4Bf%K=MW3+}X|
zx!2-+p<k5FEW81wz;AqLNi+F4;`OoCbF57I6`pTtMeZR<(hQdyuzZ2SW!(qP23&aA
zp7Wq!`MDF;40qMoNxiy#dFbAzQzc85YV>@P3k?Cok6S6@wRnVNKMio=jWk|z)opqr
zI@RwHd9wssxGKf~m2XqUF+4&pO-lRx^U=P~Pqb(_dC%AzR}lugseSuNjXaAZu-->S
z)2opSUB`9NdU|4hehZNf(9Vdqt6ZEQLNY&`!8Hr)3^6SDB9)yHiEgOLmUt6XxqFUn
zPRpP9ch_0&zMDsc9Ho#2*{Xb`ct%N%ma)}+Mw(XV5$`egbFf=b@NJ55{$#Q1xGi|*
z6MygdL=^lLjC4Q4R7`$We5v8^#}#wa6|;oHa`-;jqwmibRWawv8IXpPdKyz>7H3PA
zB%)krkoXs=SFSOtDE)wGRq7@a(>_w2^UvjV66^Z#cCDJqjfecoZYZ96k=s0IJ&V8m
zvh3oKUJSn5$@{FxB|=whhvvWZh2yeao}v}owEnXh$Yc1xuyc&be0BZWxi8epryrl@
zAxT0}s(p&E>IA8=ai;n{$;-f@3(u|xR<lX<Dg|%N_>jqjyn{_<CXoIz+h{C{dPmH1
zNv%NRDftcJ!ZK$LGaNn*-^i6kSMrH>(?f<w4*lPL&iyR2xo_gojdlKK47ulmqK3<1
z=k(f@KG=8v`C%m~_=m>SDhRo4Y#uH~vvPJ{)t2ZdbY4ZR<9_3W5&A`ESzS{viB5Ks
zw+1sI<!lQgMe?$7qZ6UWV(qEG7I(KyqMF1<seNxbKr=%z+MTaV_v4eP_0XL;+6jU`
zU5+k(m4#e4rv)E<WEO6Ii+hV-OK7%pf4Ug&48LfMm>uf=J!9loUAX6}{86E_jyC+A
zIv>5eBF8(3p^eF5GDq;qb(vmeW?gL8X5*<axNa%l>@3Da8N9ZiB4G>a`6fA~ayyq8
zkbpr{<D3uhnWAwtG=&@66%R(3zyMPEwhx0wfK6l=-D8+cHaAhVZTUbyo>uM))ob7c
z$H?OmuCPjn`xJ9So63$(Q+)}Y<(ebBGn799k!LM!F+}(RzN7vZ%cnkZ-+61s<jA20
zaFnQOF%JQ|ckHMQ9mZ31<KH2?ER7P0oqU5@sT9i66vA`?U<<t75U0B55qp6#q)}8?
zyAfz<CR$~c7h<fUJpFaB;E%^+r=@c#vg<aJK)9Eb70w<f{<fcL&ZO7gjGx6bL~F}n
z6ar6<>fsFCyYpShu7x(W8#3VdI`W3e^9hMml+q%-f-rU5>cfTdj~VnU5s@?P#-J#C
zWr#OyzN<NdSZ`NUlvq-0D;gdaZ25xaEI@V<IdVY{ibV#c{L(A*&qjPFEa{T<fYO33
z!dC8a;4g+)=#IBo-EB1e&;x!J+`p)|Y?tkXqV4Db#-RCbGMb}@->vP9Nv0?UU31;>
z<;2T2oG3fcU5Ek+ji^yn-_y~NC8?*k2wDee`5GZZJ1@t%vMTshfY|_}>F7}oZP&G;
z^4;guS!cR7GPHf=PnK;Z{RMhn5GtcGGVQW50Lm-$O$|5Q4Ts%fZ5%c2keI`P8yz-o
z73qb`4)qY3o2<;Ekabq$7jHm-UMTrOn1)Bu1I%D}$=%k&2>5I5DXPHNBgO#qh~346
zC(nX??ELG&r{m+te35YAZQG}S9P@XhRpkCICSRDUb~9(-zs|L>VbCyn@jK0hy`8-b
z@s}`#AJM(wvufS%FB~lij#^OZ^^<@-FkIFb@%u=92v=WbL6s%-4?Z6Reyq478b%+d
zugL8Adb(G!DV9jHPf$0zYvuM7y~4h;9PhfyTt9J8jR!p-IX|+qo{PLr%a0<Eh&ye<
zmYY6aRInvqo8O<^#_keW&J*9G^EpUF(0N+GEoQtc_FyVAJWJe^OaV6R?;x3F3y*LQ
z>dh1)QZy4f7$qg-yD<k#vtx%_1}oz1j%g;C)^3PR64(GE&dItNT+y`-UGeXfRo_4e
z$2uY!{)rIIpsTyY<4q-$p&<W(a-3-W>Rv>-LWoHl_IK@02duF>B5dQMVOB;LR<Zza
z8Q9KdibKsA4mJ{s0%!H+$SA_3v}n&#XV0}I8mB}bcFedcFy>j(y}8D+PR;Tfz>fHC
z^{J_)0jaG7a~%XiZn-+u)%|7Xr0fn}%{+Th3N9-i64{;`rW0JsB8BXJ=v$NvzeylV
zD96(B&jSbA2`QgVNZNV;*O8uyz`Oe<o?ECqg<d!<=_xh-he|3!p}`guuQoQsV>jOA
z<W}egD^~(Rl^`OZGDmciI;rBAJ3n-q<7Vuj%ngtB-M+3&m@a_`V|8c{*<Tp5vOwDX
zDZUg#%rMn*s~uk`g5CW!Ocdw?)q4kqH!K9Ig!NJgR))#ebgrtF#7FQ&@oD-1VnXxl
z<kt>}u~Yy~rW?h|VzyniT}hdh$N0^~X|Rav9Du*l1UO6K#Yu+<$8p?a=@1910Qo$K
z$25FyJu!0-1U2MB1qR`rs1{S82h2t<s!hKnM;v^4aDW=?AZIm)W!o3N4;G&sDP{ng
z)7p_F4=@Il;9Ur5fnR5dyZ>za!rCr;4g$OhN-@b7!01$%n&>?1RndnMwPJaHJ>*}C
zU&ckhlbYJ|KygE{^I-2??OjuJuq?Q+g*`S&??YXCL0otQN@cC3a2x~($<K@c|BzB{
zE9b7vjNl7N^pN01GxWy5>4C(#b+*A^3tfl`4bAnki;7ZTk&9lBgToOEMO(1OH7cUA
zE9uH#hr#rGF`qQ`f$8u6xd5|+aud$`Sgca9!ntE!jnXP8pZ{19VI^MUiFu(Ww7ADi
zDBU1kYTgSv;)rXbpkZHr&X~848f>xSaOJVS6?`eVD6eY8Q6Ul#j3KNPpZVP`lQ2Wu
z|C^FC)#IOQMfESw&SzM{<R~mNL(yh<Z3?s&i*LdYmdb2LjhGm1h^pU!7@T1S<EvZw
z?UmF*?QaxB&#zbRXnk1a(0@_Yir@bf9|OhWpCTr}Nn?%Q&i-kld#dR;1mtJ&Z9Kjj
zZb^)8#@@_(yOt&)DY>7XuVUc*_v1GKRO-W>Qd=TDk9Z(>zK8&gIV7k=!7{KaUcv=}
z83I@46CYWISX60n_9{OtTtf02{lC+{Uk{T`F#p5=sXzb#ME^nmx>)EtnHriH8rhis
zUroUObLT&V0Wp7N?FI=DLSH#Sjbdz6FG_S<lDz`l%tavv*TlfU7)h*5j&DfIE4b*Q
zU^?I5Po|9(8M!J|TQEXq5@qtDFK{DpwZ&U82(oRu*dElM@PI!-CTxVV{=lZCje=aE
z_u<42&0@o8$Euv*XN;bdE6FfuO~m&_*j0<cO>n{7xD+a;pb{5-`_EiZA#KA@1|TQJ
zG<N4Hk6lQciHHlqCtE^@&#OM*P4@%Z7Fj+ip3_(Yor>r_hdrUQUxOkL&Yy^>$|ZF#
zFoQUgQxH&YSiJvr-}RBBQg~PN7hL+HJrT-_Lj5{Ej8W$v(3ybtZ}sGQ(z&BNm6)~V
z)<c%9uf`=vck52ieLZIFwEypGnT2Wu2m=8CVDQf|!1%we<v$gKt;2sPA)GBtZEXG%
zv#wUxw!tw+&B;8>j%iKL*3@6Qj4|iE9IB4t9S2j&1o`o>h5wUyP-9%46!NS$^0MY_
z?8X)e3>&N5H&9XMrHFx5KT<{_MDR|EN=08SA@VmbDL{p)fJ#J#=gz1Z6}=oj%ipal
z#}$VZzRJbz=l$esmvfi%S93bnhtn;9;Dv{o!{=&=(fB|zh+vl(qM(x1bZW?z^{*TW
zvlUPBEE*Cev0j!UGp3aEt<tj$5&QK7*@?<shEY?N*%E3@NPa`Hj#l=9lU2sV>^-P%
z%%S;xP{n8z>9j(+lHxKYZLc*|tvRw-cEzQqF2zyQ2%9+lPUXphHiW&WZEzM~$+J&+
zUCiXbmguqqvz6L3CTr8mpq3VNL9~o9Y-2uJj7mWn+sd0=f$L&N#fc9qX|PnF^nCJ!
z`9p`BplOT>4tkkN)ue@Jp$32HjBxtG^ZF1=QF2~Kr@Oio5<N*YCSPWnyifsYmLRD6
zsk0+Nx|9W`mipq0t)m=uU08*AGmeVCJ6kTDsl$QtJMUrzqWc!|ypI+s#HxILFOK4S
zQomQ9M*=fv<n5kBeIS8MJ)Vw<od^nwUjAQ!#}I*u5}A9(zam>e>_H%;<#UlWXT(I+
zG*m$XvFQ;9`bp!GaWoSWP{jS=7G`PrBt-~7T7}c~Ug^}S0~F)52*HMO7=lQ35Kx5*
zX~U%wT{Q8aMGj4znzMh7f;98qyd!k>O+t7{NQvSrPk@H~NfIx!Xp9vUNCJHpb@Dyf
z!^hmQMM6mMl|%pqk0649YY+PHnUeda)C_#7>nP&gtNSiF?!w;5<~&UohB*t{x=uO+
z9wS`tP2<>u67b|if)PD&B&Qg7;qF0PqS<a&CL475OO*KG*q~3qY+eA%Yr~r6T?DVU
zWBN8!URZ!Gjk83pI=XJSSmb~?$x2A4t{-kBc5FI42rR)~Qn1{5&yn^7q3c@Rynz;s
zdPngw??8wUf+B#BWZ4`bC>sKzj$ed9^t(C2EGqr1SE^xD38-Sssw@JT;`2-fG2$Z(
z$530bB!wm7<IyAF2;H%-Y^qYpJ9%xJfWC}@oLYfbLdNsCS1JI^Ez?jfEz@x0_bMZL
z>7;;^$f#>Tt2W5@Vwsv!>+3+_90yrYG2z7Tm}_Sz8Xy})gja&J``2#~U<al8%}zw@
zIAD-0`>|`7;%nHnFXEjd@PW$(7nfn46Z7i4KY6d80MgcOA*Jf#=Llp)z({pQU&>VB
zBzagU1UW+(l+daYgjBZ-^X$t@79JS(X*WaY9mjyIlb8pPqK7k%;TGysBUW2JK84km
zTh}fyrN5CzIW?<(T2ciGZfbQ<LB5+=ZJ{32*T3PBk9H;Fe*=TQ-~|0j^ETpD1%Gfs
z-*JNi%1}GjAe9j=UR@x74dz4<$@2f{X$cA#U=O!*VjU59)i~#bB{UHglKOj1-$V`{
zQOd{=Jkn13<T8Naro*jRz;QBwXNYyM8!9*rtY0)Ua8ZCBB+mf0TG~xCNpx{d<1J^c
zL{s`SCU6>pmNELn$DwXWsNV!M1;eZIl+|p<DysguQG=QrUert^ODb{QQBIh)ZqGy7
zuZEl{`*qwloF$zV(`3)A%!?}>lB$_?&aH;bvrV$1G^Ry|_UBW4#;lqT6eJxNdiKfg
zEu&yQiBS6;E`}lv<_R@iplV>1P-$*F+(bv$uW5p*EC>b$F<QXp)h+Y3yA_f-UHo66
zShu0qKQO#c&a4WBV!MQAx~$hLJ;U9mxR1uXbI&gV;I4!5m%lCkf)!1Y0IbQ!*Nh^{
zXAUWEQJs4g00pVDleIcHW|KuY3iHS4E5({azkM)abY&sjg&17Drf$Q*WP(RGtp)+x
zH{7e$0bqclfoxvhA==`6hTvSnft#<ku(JB>OkBhHg#&Hc^WV0tzCCiR@nMf@ly>vm
z)M9eym>hDHqG6BTXWHTz$FRjdzu9b=kD6Uou8weSVsz4Z+u*ETF=CtB4!+UVacQ#~
z>pRXYNly1+)dqf_e=RQ^9c@!GTxXYe8Y3ekuXe5)4~e(x#e5O0JRC`Xy}cUI`*z_(
zHS;v`OvH`Q4KtlJCl-4yEp<Cxdii=mX7?cdOq=df%dVQd4_bb#Sf_5WkMhTEZ{lkA
zuw!ZC`6_DQ*>^3vJ+(8NqubFFT?ezr(ri2Q{(NxWFaPRkbvgUq!9e-mq;_-Oe~SM;
ztVT$DxrJ7E?<Y3P+bdUgmqy^H9&Zkf`&>MoU~-yaaNR5)!>BO}7ejvNFq&^4aU58!
zo^4LwkNdMVQCS-eVy~K+7mhkB-&M^&l-B!yb9%(AKD2Wd+&I`5z2=1;LxTwnS0I;9
zBkKB!@-Cyxr!>iQ!2bY~N?{h#7m|Kv{X*Bxo`mIyZ{!^-r7LM|Z=v`l$u_Qet262^
zC|}^@^H>@A!v8F;LjS&*30^BWX$4Py9W%c9eSR&Y`~6b0y9Ru|?EZKhj)>Kjp1!xf
zwBmI=tmlf9zuNyCM!wb7-h9uZ=YC||X0H?Te{_CC$)9x2e09}4216IN#{FKc)AKk!
z51D5~Jnts6!R=B`{Tl$dKAm4tTJCZGMfQJlj&rmB{+8eMs_`s5>>F-yc-gJIW&OQ#
zae)}f3Gq*L&?Ii*Q_ggrXarw}@J{>Y@ebjgAaaZNM)J<$?awjFH8Z{f`9yuue4)uS
zNUWNesna)iZ5h%t=<WAQ>>l%r>Yn18^-I<L=~ay;`1v0pEhjt7^hgW<00s&G0Gj`O
zYhh++X=86^<N2SvifB!12W-)tRgV!h^D8)G$q^3tGy+hd*hI-91nv<-qIEnZ38RA$
z_Az5i8tT8K`F{^EG#qe%_Hna7nELkspbhQUNx>%@TD{{CQnokA*LB-QchDm%Dm&tq
zRJUJ0U1!JsB9&=Xa9zB={(fKhXZB}zuDttHsttp;*z79pEM7mp?>@f!+_n@?9F8ZL
zmQ2rQCF3wRwhQsGFUQNWYZhmv&&ESK=YobXQfAJkn08voog}u~_~BD(rdR2<NGY|e
z)MJfKW!b(zf_B=Z(E4v+F;llYDc8i0YZM2h%aM;x`*4{jCm65eL}*nhl`BYfoEo+B
zkgk_xTeC$C>#&)oG=_F1QKy}&fyu5Md@!qVS{}c$qrA{gXuKCS?@pv<T7$gVqUZm$
zZYWC#r(5qzwhOW|SYfd$A)hiLKE<R+sUm5l)(kOoBh_vR5>0b}tV+(;e18&^P-aV{
zPpSeCui-8?Pp3qs8kW{@(!iC5D?c3;v~}&8NYRx`Z&_9g*9e^m^=ZgD0JOoGRK0S9
zH@KZdL+{^5Ugz1WZ!?iadC^wYZ(jEIs<))kyfaiLoh9n?L$LL)SCP<cxz42!$QAmt
zc9`tc!H}L>1-#y{)caV2JJo1Lxp=_j3@luAPZ9@Qebo3_onU)1u?`tkG=&4hAnjBW
zV4KiyGS=j@0s>t+N|cFDt@0``$$BDVBA^WQ!{Dqm+#&_LK2Ts(oFx;JN!rO6?$h*5
z8U@*qp&Z&Y4EKO(&G<l^IjeGQQm#k^e#x{uO&7{t1g6?B8A_xSo_=d?g+_I()|fS=
zNfyLlNjh0vm5e3`Tjb<sBZbFq8>jgwLa2K`Wr16Hq)bztxDsfTuhOzm4O4Hl3ISiY
zR1-#|Iu>WjY_z-46AS5VwG@O+>oGC>Bu7fpKr3rDc}UwOCzb4j*8xs8+E{*XB1^k2
z>)>9(LuaEmV4|a@GX9`4Zv_UD>mzSq4`yi)<<J@3=Y{l#dUT4Nxp0ryENW`ovN+K!
zy@5g1wk|U&A~F?H32*<dVuzGCYd9p^GKWQ4#=b>gXS<W5+6`2)hu@lBp}9z^g!jgm
zh1i^Gm_$B``VuAxI$m}RTuHSg#+Z@&3P^{~s^o<b6up0rXf{)HiurR|XV~iOLQ5$Z
zJF7uz-%pV7_oz*^p~0;YdS4Z}iCk7bKg!O5za1N`^zY$uXyjuWp-K{WJya<VLg*1i
zMGFh5tcIy_h&x)l8M$(y?2VixdV*_N)Cg2DWMecHnxVY$23EBR7GmOnNyM{6Ej>Br
zV3Q`>_gLIgTe6x)gtUVh<?V+7;^73VofEPDFpx33Gn#B#ITHHL*eyuAPKHzmhwKjg
zmpS@FH9Dl{8NpQ4{6L^lVdMj=+S@#>#(S8CZYE{k8ah1o<YDo^5h{%iD`-noCEfE%
z&Fw@n5xkZ4s;i|g5_gADK9Djea<{Rhy6tq;veg}ThgF6gZmF5bpXX{9CT$D1^X;lE
z8p7SKI00YF<kE!0=^IXW3-47SZm`*?E_C;LHF!sbCTrdA(v{=@Zl9hOb_a86zSmy%
z`X6X%WE62r2%Sm@tEk!2GQT{Fi99S8ps+IV;Q)FHi`W%}wPL7`142>sPi8*xSL!v;
zX9F4dh?#hO)ojFZapw*U$H=v{4vYo9s3$Q#>s9lYDXjqov3;AtFpI8o@SqRy0_N-0
zrk+TKg4xI!#omI;1|qJ~?}>N?mzkh(>JEx?Cx)^8)31xMugwCg)?rc7t#`LKe{W*^
z=F7%#b2*5`==^=?*085q(bFJ(YBxX13EM0;wyE*n2kXTN&0PaVi!ofWUPFp76O0N(
zW}@H<i!oa<1_l(A*qLwlvG)@dV~Q(lbyHEbK1?0MLw3Jw3tC{$@m3~|?RP~JvzuQb
zI7K=q&5piM3V-a(#x0`h#)u}S#4@1FAFvH)I7pi)2=pxI*2n?%$dkkHNf?Y1bvfwW
zC80cc0g*rmf<(1&5Nx1_<qQF!$P&h;JVZDslCyXOxSDxTBqf$?+>jUwxDA|zFkn;^
z^_H>>JeYICBG7{tATNE&@}~%LdJ_piRFrEtOYq@l16NhtO1N;H&|n4)+V(8f(bhVx
zi+Iw!h=An=F11PA1{84W{)-DP?i$B2CLA4bsODIsP~nurJud|v@AkXOUQv%V!qosH
zR1HzC^NG4GHhFciD5vmI^nHV9^_4&EGlWzTb^&RZ-e**f$SE7bwa~`MbR&a37Ua69
z$=q53$K$<-59$o>9VB2VcN(nlUk9cft1Aavd+`iME<)|t-WKK#$Y@7f2*YGr(c->;
z<Tla`cwBhB{)!i+h@bM@MWyanRSj!i$6u!5tSv4JulD7zPUS4unaeKcu%>Q0`_jg-
zKKAu)<)}7uSmQbYA62P=6ihER6A7;-x0OjbDn<>7@*<*#8#y|X6qgEhQ*K1H2(L~r
zJOgQtUfziHI;~i97cJK2Tox(@R;?nx>CjR>K?jO>TgYsP*rzPD9U*g{PZxBt(NP+%
zh-#7Uh)AG!NZ@Z1#AD2mdj1h$vuL7U!Y=T&5Pd4a>`)|NZ<eCi#LTM|R7M^X`<Xsp
z{YZxP60wQl5D8vdeZ~m5{F+erg3-0(<y+~M>HNN6KP&8j!QhVjP*uyTSGQ;t=-50b
zbIf^(5Pp!YLL2~faFkckgBS0E{9xz_Gd){H7SnnmF|r7@H4+F%_O3C)VRNnX_r`57
ztQ4?w8<X8634A(#5K}jF37&>qkMM)n-(8SpkJ278&?w9d?iTE5$8}TC)st$45Q&?g
zHr(!GC5WfJ@r$@VggY0j>QD_NIXPd+BYSPKu;M8T(cp(4c)?ry2@-4l(@nI!!snaw
zGD&^bx9Wm01snK8EzIWzn9W`kXdrP_*a~GL@X8hpw|?~cSIsm-U#WnwUi#RYm;>R3
z0Vezjh*%+xkeV)1z;2mXP!|S&-iNF5I`bO~(n}rBs>SQ{Z*^pe+9nlWtKhY5Ue7e4
zZ=D@;RcAMzai=ib;SpNa)meV00`#URE8PbIF=@s8_5KdSHXQhcOKDdq9Hhx9&-P50
zurHPK>|Fo{&I#4_fa*fBU`(Y-<+1{KH!)SMf{UvHa<?$qSM2RUu|IpQu0mvJ0A+I!
z+$8(LHV|e`>FZtmyGnPzY5j4h=GDtk3rso9Bq1jnd<7!!+HHIrJ2(eP;C3NacPeCO
zD(XZIrdO)K%iWV40cK8{2Z!)&mT9<qfgFevIyQv_{~5mULsg0UD3*&cNHY@nF#r@X
zNqlF23F}F`V6V`|lY&NSLBt&*E-N#|`4f8wN(iYq3j5ZGJGOJ29ZGw96~s+-$&gqq
z059hoU-(ue0k(z5t2aBeMqTAGV7QGbE!4h$d@_!JWVj9RnVQPN7>;aYt?|F{#acnd
zRhS?r%U(t<*z2ajWb)&Z32<xy6>vUS3LD`{!;vjVFD`O`a7(ULk_el!4YY1T{goI~
zf7tdxA>2A(eXF32Rcx%#6$Nr9?OH*Z*Ngu^pZT<@PJw0kRS5q^qY^pps7t@MtrvX{
zQ$d$bA*R|BX3?md)j0QAngGp?EXGC}-K~o|=4h%h9tL=;Z+x!n7{U>JKeG3!1=|}J
zS|Yv~vN6WUR=qH(I;2Uiup6L#syqRwE*{*4kOqI;;XW?bIl@?ou-l;reC#8Jtn2$s
z-p+;5Rp0_HmT$!IlrT*`6mt_rJP^F`U-ozIzp&C7*yBp`92a4)`O?H4;o?n4@tp)G
zb`kaKATl>*!Bt}L3@6|ij}tJo&_!1{N30(V+@5RP>-6!Fc3EzsSEmKHh6ShRDy|yW
z`H5}t<bzf`RRmk+fll;_<4h7+ChU0OTc?6>Iu*y;I+K)jrq`#20Bg6zaP9b7yWo-H
z?JMwk$A(v)0LxF9et5PjW6K2);5x)mHBP(EW5EQHK}U=?vxx2uWRh%Ji@`FwN5qR7
zh0Imj(@k+>WWG9ja;3+LUJ3+pmksAknJdS~H#d27aUGqQ$7Lg`_>2R~DU;A7rUn{V
zf$H&y;W$P@Q7j3Mf9yU;dUa3E_X#F|wu$G3;mO$y%kM*i)Lc9?606_ptbpx+?W`TO
zIhQ2i@e`)os_`yM!sBc?Usl2cx=gbMSHtc7-YCcTRF4^T`V}r1m}($##R%j_&Il3h
zVF7ZT#we1;1agTVpUMfa$u)MD=KIBv{=tJFzOl~*rRL|%K%N=P2Kc^e1hWP>=wppl
z#Sw-&lHw|De5967$a?5g(6gK*F`3Vv;Ti~xaNPQ5`J;~5IOwcfVEq@>w2SEDkq$<P
z?QR~dzKo1hWU}$SW%Gws7qP9miL_oSJJR|Iuk*%EaMnQ9oV;Z5g?kZ-Hy$cc;;7M1
zjgaeCh2$U)O51^9z#2?ZKr@TTPJxC~13(d+EdghK__>ATB1>p3<Qi&wucqPA{Xs+z
z$H~J~52E5VCU-oUrR0C9C%2dQ{w(p0D`m!bkr$4D>gpY|6ef0jAzXIR?Q=-6O>t=h
z#2Wt_uM7(mPm(V6spIYFg^lK>q@~*cyyP<*B{+(BLgoU>K@KUdaW8eR*up>>y38Xe
zI1A|hVa^FjwDCeftX9?mC<-H09|A%50_fy%df;*k@n~3-?1PfovHGAI>6GIlZy>x?
zbvPxP1`M5r^Z0f;j)eHuUM75I4d(#~=Z%i<-H|*^AGqOV*d5TDRLbU;+L99<o}4hV
zdK8}LZb}cE`!h+w9O}Y2F&#hPwZvT5U@+omHe%(aWkS{4f4Z;;?fU`iu<ue=gSa8o
z$&SkeDT?1u`l9w+Pt2G*$(Y9r6$_rX{p>YXY#cyY@K=>0^_Kg{Fka61^96@DxbrwV
z;)x3**?hqHDf`S?<2ur(EIdchsA~|JxIQCC@?V_9{RB|;nEd1nz5veiNX3|?>d=V8
z#D`gY7nM^4g;fA9EK}t}I55l6f2aCo$W%|>C**YqUqxSQGTH+5#U0KQ<pVd&k6(wU
z;Nrk;o4_W*AIW4lSe5;0u90G-(TC-5xGdZ_P5o(GzyoIg3xIgiBc$gveso^iKPLu6
zY;XAWMQlwbb`-MnZybO-mSMYM;cesOp6?2^AB(g<O+0@6WFH|oVuBp#I!Bpk48+bk
zY_Qcpd@gGN@SiY>U4HWrFeF9y->!OZ!`~o8?X_NuC-?~1!7Fb9E*#wWI0NH&H4Ztx
zNOMW+klpY_2AgI9KNxLbqSaSlfOTHS6+&hkvN!K=oFIKO#0Pk-FqW4*PPFAgNM4K;
z<gT>=1_rhrd488MWKq`5*`Fi<zOBvLsPASoe7EVJwDfOA=1=m*C*r`bA=XdHRh#6@
z?OubId#uLXTE^Q@Ec7e}qFpm9hyEo$y9>kBr8us0dE$r3H+GY(uyqQBl3V%v_=7Sg
zZ+~7;-OiJ<S)((^J=z8wCI~XJa2(EM3}n@!4H&Ok%Lot7h=Vr(<@eF}exBFHD1Y*P
z2hR}mRep{mOOJchrMX#c9}I@vz;0`{IsLZkUvxN6w18%yckxm1F2kl7f1_FXUAWM`
z$KNX<!EgGijkiFl704qTI>f9gz|%xKFFl+2CR!twpvtIW@VHyN^EGuvy&{a#+{a6g
zjsjkTm6*DW9}t&Q<0s`6Yd%w6H4)(?{qS^34*>XWeIp`(Ur&jjs?48_P8a{sab3%M
zOCPesVBkVqR9$1gW4)|g$fH%p59yH)eMW`gNy{!v|3%qf5V}A6cwT_7&!Hh31#v^j
zJt#G{nZ=U~@?{n>g}J47c)wlWEIV$!!<(n>9-m)7Jl}(>PjNu+w&dSD9D^`Th(YXm
zBaaaFRdIfF@w?|O?5DkbCq8hWyutNw6MghRuE5~GfwGEKs(8sNA8hs}F#E-z9sCzg
z1H);c|7xIpYQ#Mj<3#5-u-AzN3DBPm>mjuRzbM6ir(k}Zv+2Qg^?!y5EB8a)_a^B(
z&QpoJxVI?pcgBCz+@o9NByCjA(EHw*#C``nzB8F&E11uue`_XNnaBJ&xCm~E#D5k8
z-+JBVdL#LA?b~!Vrhf!FT?-<1!xGo*hK$4$UR$+W><5s#y74Okp_Q}ayy}KE)IB(=
zH3Bny#|C?mDz^vC?<%`|rD3zGkMU@O-IuRcJ$x{#)e2`jGJKZ?4L@O7KV@@hyEWKX
z*OpJe$?86MzW}QQ<H#31tz&*#z29v7#bJN9SzER=3ukrlW_UGTSI+$XW8mPI_V_*i
z{HS`oBy`t~w8E&3R4mQi)UL}fuRZX>zhJB!?&O@msKorpf6|S-ren3!>jup_X!LNf
za+F%V)ao_Ve%!I<W@;~MFmrtV0^6$^-~aw6v{s$$&64DaF{+=~uiUhzkYFq6siQQX
zkQL(A8L>sxPBLYXHd4jNXr(&f#&~5oNtr06KJjOogp)O^j!u%!w7FurqN%cA!PL63
zxAnWZwfDn#*O~A1)wlQd)$`=F=W&V~X7Gp+hB?e3#38BgoktU=kHJbhB1h(qybMuA
zrEwHA2tJc^2#Lp%ETJys!W9HNLsMEqhMzoSPs-PR0H`7rIjii2z`+t<eItCi5n`n&
zj&}J1gc?Z6AFMy&WATjhG83^x*`KOE=%a*X^n(n<`2u?pYb960T4Oi<4)U3N&TD10
z)ca)48mGg223-l!GbbAOS#HjJO;|nba3x<h<?zXiz1sVf9-SmX3$C60nRgtj*uS#O
zI_2iE70kGrs)totRh@ke(WktE>Co&?$?QCn=($pA&QWf%*e<$yTGr($S>^6V!TaL&
zpT|o44@{KKOv{#}PP>-g?s2|KA4j!!G0(pXJPOGzRjgvmyo60^gL7PrwjzjI^Q%nm
z4izEV<-_-r4)ZiKTF0DJQVZwj5mva4h|=9FJj%5x&hnWYls>oxhb7BbO68VQ-19ay
z`^!gJD342qhQ+-#`MxIIV)+y@?IT?Fl|2qDqh_yqw{G8oOgDt4!6RAEWVU+6++eRu
zX+t~9T;A8m&C|7qU4B(msS%^8CvhCG&t^-V?3UCxN@^7)YWHd?R}_vdbWrsZ6A7jG
zidXdT7ClZSC8y;rCmNIMp@~A|tefUpS|*n}ZBnIkU2lP>KSA9!4VBPgR8U|o6@I?k
z>7RF**m5a!qU@!uc)m$i`H>cK*`{x5zV4W}La+N$%|iO@$hLp)=Z52Ejw4SWuy(f=
zqiSrME}iI)OL<kKZrRt^T1=DT+|}Gy<}rAz(>KU#lk_Ds_P#Ce5?Ky2x}GSUlU48U
zqm*M=##r?-U-+PK<1wp$Y*J~)77u2memhJ@!wS_L=&9kO7Hi|Y_fK9;Ji@*zqE4>0
zw>j6f*7e26wWq)Pi4dW2w7nm1pEkRklxXZVF7~p$OLoi8^kS#qv3p_CK)(1kIJp`Q
z`d1UlCe%&v9CY=L%3nEZZ#_=yid*Cp&o`(_ucB0+@429Zan|vbd`tjv34?#9Hu=r3
zFtQuz1_ZepWkZ0MYRM_iY*vvT%KdZVrN3_>Fq=*#2hb|kU&q8UIAtXAn?peux8XPG
z!#>tSEVMea`wIQI2%}GwA^TPAi9nQS39E{<MD7Z;&Qj9S1k@&Ng<7;>!bhXm2@t!v
z5zm=&yp+{iFE`ziMsdAbwx>NMZK_6<6j9nsKI!<wrmgMv$R$AT3pm0qITrm+vfTB$
zIR0uR^a@!8af~d;B_LR$qY<J)c)IcUskEu2S&*ZMtcjA1gpl41dhR0%@nw4I8$1ev
z0x1?LOdR&oXS@)K*4t<aBhkx79E~#G;CIyfV;U;%0~vNnP-KqFBaF~RMxe!KCfgeC
zzQv3~d0Ibf%-C#4_qY{1SwzOjdR@aDa=tsmdpmet+?>k$;@NyGEPG#vP}kFiet#{P
zGfl=T>qKc&=HN<82cc<DrmSNznWh#C$95mIHFZei^;~vOWiwx=HoLAv+$24Bm48oI
zjM=zd1jY&L<6N<Apzqa3WLpMC$oFJUPwk4sKA!rgX7G6gvcL6HX}|{7fvpHagb0z`
z5kM6X!W{?#2@(X?8c-Jrl3j)9#shoC!-M7p1Uul!^+{3$JCy}caloVJp<UzyX6!LF
z^{ZNh%bf*TJK$dAfqLb`|AVyJpn(}6;tVmw_CULWcK2Aj`W?$+4i(|a4@g)>#yLP`
z=YdLz3s^S_aAyWME#hK1;7<#w=|tS0`i9T`@U<cNGXBdXh6?G#5up^KBr1eawt+G`
zlHUk%ni<304Et&Xgx^u19ZK?q7JFdL8bGQYa8`+-t{CI88AG=i0#p#9kLHnC_5WjT
z@f-WT{zof=d!M;7^1nigH*5fafBw1u1wGOKM@cyRE8h4oP(ssJ1$#9)cOD{*oX2bq
zf?+L;5eW?VKpH57k%7Qu-3RmEoa6_95LQD&B9i4{!;Vh^r*yq&y=~mfmelTw!*P~P
zvT?_zk=L@Zb7tkbWWDXaWZW_9n#?W}Z&Pw6qr-A>S~9a+p1IHBjpMyA%h~gG+kN-D
zd$-g5hDQ>+)ux&(B6-oaX5~iBa!wH8!x%*HDZOi9XFuZX-ct<t;7*Sb0gZV6sb0Zk
zffzQNcVQ<ffS*cqk?6oL4dEG?(4S!$87@jtzXAi&Bj~WBfoTI9Dun1qm<Sco*D^83
zk&(hvX@s}{W65(=$<%&Ca<*U5Q6n1kd!eq%h-bbGBk=DiK7w!g!x#noHr{xrdb*@~
zdBc&PJjJ+?XM@`Peh2RfB*~{l*@;gXZ3?+{V=^dsmyyOpcu=Hjm{>M<tCX>27JuUw
zc1G3{h;O8529t@Y^y$$QNQSD(>`Ti~k%NrX&Tti0C~>|6k<wEe1?(*{yqK#R^>R~>
zB)zCnfgle;Y{Wc;4dDL!caDIJ%yW1c@Q)(aiAXKUhZ2$&8Ad`F?_goRg1{5VGoZhM
zj196-1{Or<%kTh#0f!M|!o|ImgPdhNX#xf$mT^C({NQ}rDzpQbzsnkVY#_A$L>f5)
zsw@?@<B0;(Ns1&MC7Nt<CZ{WfAfu|~5%3r)yaeJ}Usk4}DSk&p8d7Lu`~taf4+cpy
zKL^@GUzMuy4i`T*b!9bRt*Ja}lj;g7OhtaR-b5bQMn*A=&D=%`Q=PE2{zM+y#zryB
zMP9Y`L>}J8M==b}99IgHML<ixRntL&f@UFCXLP;BTqeXH_Psx%!zheMkfKi26%`34
zy;H=YWZ|S)F^Z6p3Cu^xkU=qmsia4}%mmy590@UvT*id*4>0|YbdiMzK3LL2p1hMV
zkaj`R`??^SsI?22tq(<e7)2@dKGemf2SGXJABRF%lTaw+2B6cAH0##2#TV9`g5r)x
z5?$)%K1t+*szl2Ye>jQFW4k=Ac4rfmX#^a(<Qy7Rx?00)iQ;CgJgE4BSWC@WRaJPR
zSx*m?xejSlcy{|x6fOnd*dq5fC|0)mj-2!M-q>R6njNbe=SNVE=19R_aD`8}!HA7n
z90<t5m`wsrn8}3U#-PY1<DnBqO|aF1s*E0BDg__Xlf!@zax_gffR)Co*wWIMkBX0l
zYWJF;<*58vVo(`uXNcNBsr<NNZe`^$^IgpP2O!N9UX<>gnWZYC4Qa!W`e#hFKnA&}
z{P<$v8+k4Z7`p!sc}V5a7!Y7gl)sTayKpduSt=WCNDbExJeBV%bmap@Gx(-rV#_Js
zTQb;u@OrwsF`ikVB^@;hoFiXS3nrGo_^YS^1YlyPT?YZeWwDjqi<@He1ej15mujSD
zALw|+I;RWJ;FzLtB$!R6$ylZ6!lpS}{g#@BX5iZ{APhxnhOuFom&2BrgnEUiiMFJG
zQk2}03GO#ov!#zegiO{P;vqov`@%&#*VRwWLdXN!$_$|aS;>n;=mGASx7dU`+8Oa+
z19QO_LRU=!5th=>C1SEU;yqEL_L8lkrghQ>+9ek>8f1%-HE{`A(2>1svAsVUE9J#X
z0uB`^;UY^1HOQnc*6p*}tXQm}(Dj{AolRr0E#@^^tj*oQEdH|;STDPr$!HcHD_5N;
z!}!=l-7{LgC6&GHg=m%TD|Z0kZ$KcMVhM4)PoP7@sScJ3Vdq4?yHG8=PzB0;8@V*F
zxKyaP+`UvLw%SYD;8QW{65FG;<g8U^vIQ=bz)GM|Tw?(>KLROn=L%+L2;wqW=tK*)
zgb8+&_2W1R9Jl~`)Uz;H=NZ)Id$@&Um#^39W=`5LcXBY(;n;Cur&Oz>MrvWOm)w_D
zV&LiF!Q>KSNTuNj^EL(*Io}<^FiwRaEN~jM391U*4U~{{P@Bju1hQBYZ$!sAiqPRZ
z#S~_w=_Kg=)i?l%LNgtgd6;X@Lt()bJq>J71zsruwa$bWTWD|G_Xs#Wj^J2EbR5uZ
z+3R8;B@)8)j1bv*(Bnk9b|Tq8Cbvi5NS0_j8XG!~aUy{tL<)Ud9>3@ZD=<tLZ@)(~
z6nD#Vc1zu{8HtlEIS2HZZ$D2qsJA40e`*x(g<8r?bYeoBSkAjq2t~pdJnaIx%E}GU
zwd&BVGdz_6(n<=dQActprUHcSYtv2+fMvK*R1JA%*lAD@9Si@XXZuyx%6Cl+`p@@O
zNmll~k@qr7&XPyQ0uZtl#j9A!5(35=(qah#ODkdlD`TS{F&7&Ov0Xygq%3W5>Lb*-
z6ygS$KQjzby@Ie&O|%4Y$V(-JZNSrokS~;mp_ymqjaIf^h{dHxi+k(C#m9<^Keyh1
zk^RNgW`LCe!kj$ulU4+M;<OGUJ&f08GS8z@1?LgJDzLo?VoS*5+QvG1&X_$vH<i$2
zirGJa6@~eO>gedjQ+<&YOj)2sIioXz;%MhZ3o~79mWixIuD$F%vflf*bc@a1|DZq#
z#JX;_*%3&m1&KtLrY|$*%y2f*<xdqzmg}2a#@u77L<h=^1H*pEA0}{P*}QC{3C<mb
z;W{7G9wunB?#c8$Wg7k8k|XQxzH@WBfIba*MKLrt#T*XslIWspw-S_^4;N4!Nq_=e
z0xDdYW+2684iQ175T9H{L6vcYWD;Flb1DWA*exW00Z;@saOFyYHS}-_xv=<J3@V6D
z7(?Q7EpFvt!i&9WSOjdqf}MUA3WV5ULaIc<qtza$0Yc%WM3>;~@<D{l{beWwy8sIp
z23e?~uwlZB1j3`&1}LLon0bi>SvND@FpDsEPyrjD2sH4;3IT{HVUB<AK#zeEiYL^P
z=vba%F^*s>n+2%HBp^`Kg%bHZK+qjWaB@@^Y??%nOK@9HXM?Fnq#_e=0SMXbw^1Wt
zqlIIPhapVWMjax<9FSeeyq*$+nFnNrA>aZmSnPM9M$nBCzLE-yht7j4kPbT|Ik)3p
z3?%f*s{s%}7qD?;@P!h&JwWI&foP{FC-5?jpe5NhH}_%~T4@7-*yfRZ<xT^%!i2}4
zn<fh^1S!i;!s9C(bOpM|$w8LM3s&c%_V-fn#I0ivUR&RjF=T#H@HkdY*g-q(_orvT
zaAMdjH>KH>3e@I{$<EodIDiIj9=vul!yZ=rw|SBN3;0z$crwmlM^CXUyhq6kQU0Wy
z?1u#bTL5e*kV5SXE%A54th!+I+bCJKe1U$ks#@*&GRY4*B5%)_-<In4-=(ec&1ZAS
z6~7m>S`yGib-6<6E3~d0R-g|Sq{8RIyl|Y_2mkKBS904oP7J)A-&(o0(bx&w@hJtK
zLy6<#ze##|v&J17dkSuc?w8ncaq%6CeA_eXlH2tmad*}D`*BX(`?(xS&WHK=etLzv
zIUQAd#Kv{5(^5^R@xEbbzc)Vb-*Nwb`7_B*ub*gVBe44OwEF?y<L4xNGB-K0`9u7Z
zf4droW((c>b`)BzUlgtL>f^(dr~U8eH43}w=}&1r`R^6>^|$=-cl~)fb-ngEyyL8H
zThAr8F8nUV&x>@ou{yu+1>?T{6Mk`)?&JO+{H}vvo87|u)LWU~!RAJKdn}JtXY-Fy
z?=U@%W&dAX@I&@Lt3OHKE0^c@QE1dyT_$Kueh#;~D{(rSGhGYR<?cMKho$YEJ8^X0
zkKyzX_+4qwai6ojpFyqm;VcQi@U4DsUuIy9ADZVq?lry7)k*fg@5HMQ`aHS5pXKs+
zUnj@*I(VL@2c^^JwW)qD2fupV)Q63|xBmWfNSr=Cqqn__kDTw_qa%C{vgaE;TRXoS
ze{w}OMmj(Id8~Nvwg$cNx;|U0(W&(;x2`=80!R4~ep)&--9Pj5n?}Ozn!7M5cPuG<
zy_eb>UEX=a{d#C0uh8{hzm5vE!*+48oqRrdZ(FwIyWeM5AN9K*ulvufN9U$XZ{L14
zZsWEe(Ma{aS}zgLJ9GH$XI)QEp8Ox0V^L>$mG``6pPrs|KK^#5W3%)7U8S;j$m4Wg
zc@EyMBAZWi#`%04=ic_T9@YCu1l7c&pDsK~^}JAVGJ`BsA4&4FDL-+bb0_oJaVPa)
z^BYO+LN-XAw^BH_?Lsstp05VCCH24->7J`oT}mEfTB&`Yk*?nRJyj>51hyPG0L<Pj
zze8C0v!r2wXdayD3U9tIApbsI())ZugLC6$r8(Ha#rErn4de{GSiXTH_*1mSNtD;t
zsV<SY<PWLO&TA4c^u|$?M~ihO4;C`|_o<&FkMh(9s9@g3sa5z}^|LWUPxLMT`OjfT
zybq;|rqniA0BM(s3D-xcZ;3bgEyt+RJryd1VnE6uTo)et5qRG*#C}+V%klZ#hlA;|
zdLO0!J}*cwR!&addN*^_o_Jg@%55h@uf{(5uciNvrsVLJ<jUH3JP6-+=Hk(;Kl@0{
ze};4IZhT$YP8XANSFI1Vvl}fw_d?uuz7E7?`6h0kJil&o?f7(V{Z=}w_jo+dWStLO
zbjmq)@^kxgp56nJ!+E9hQwZ5W{b}#L4U9fCz|#KI`=*@`!C@+(NeWjhP%Q(vw}53T
zBx*uKEp#nINzQjt3A7oDwNk{b5Qkd|SSd7H3IbV*+=xeRCPv?g=29TP5aP9fz7X}b
zK(G}SwgB&dy%y=5gLueOJQC$&2^*Q$V+nl82gnd1L=i=b%>O>Coda}1z!lOLb}yuK
zf$u=a6?@GmKJ$Ab@PhCK=8gUV;|+=}urDw^yPb1%0UDk^JcD#W$`+E(XZ8>DKpgr7
z{_iOMICa>A(?1k{?q5IR{|Ab1V`y&bq;F(sY;9_1@?R%RHD4PXan#*z&QG`5*72?D
zb#!jWhL;>;_Mf)qS^aurCO&_gM_Z&)s-`8r-RkS+Rrk?ty*gn*OR0sV1Oru~X`w!`
zV`&5`b%YQV0Z5P~ejwRuF@!)VNLykMkV;8F$PkalR!BJzrJubbcjnva+wNU&d$Sue
zhut5uu={Q-?6d7fYrHEHj8%p~hHF$vXD5=%;lz7JVQj_&WGy!nnw+#1CCS#Dh3SI(
zw!e#8W^A>nm>Y!C0$Lk=hv!!^TP%Q?5~U;0kn%*fMU7ewV{i&cvnDXSi0scU6U_PP
z#99{$^)X}Z3yVH{$x9>8NhwcgXAdQIRg^=RjEls~_ggOYDXa(Okm|nO+_{Sl)=p+T
z$<gMC#9C~bGiZTUR{25fLy@Pj&PR4qdJ}0g3J*lWv+10(O>E#k;|Y=wK%!&^Vf&MS
zV-oUfq@IHFFt%dS={<i`Ux+fNPul`XO^Gz9X%U1++F91J?UK(pFE|80HFP9K_;ch*
zE%1mpY{;@%n@z@LxYEJ#d0BJlN-StE8zse{B0X;H)>;a5$o>yu?-(OW0A`7{t=qP3
z+qP}nwr%%q+qSLSwr$(qo}KsdGLyHnsY+E+NhS58@|{oTobUSN(ej0)x`zprOi0e{
z@(8fQ{8tPf&}s^aq9l2;Dj9Pt3z16m2~4#WBnyjRVyu*rd9S~t2OSBr7*3zTsgwX)
zO;!P-p2UPxF`|T@!9a!cZO^tbkVJ4^OW>0*O3ct^&`cpSK;rP>al@#tpcM>ME|z6z
z5soJU?P{^l6q-$36(QnMTGsw5nk@9;?&6rq#xA{-aQ|qPqpj2x)o%?V!fmA-nF0gV
zZu5vMj3_Y?bO?vdY`WC#UEu!_QVy{E#j#vE{K0f?I-t~K3Whu<6BD`TZa|J3T0BV@
zkH_2K1oYX%A*LBc5ak(Ng>fKwh7hPO(j#6mX~5GEvK4`l4)wE)@uXiK1PQ5*&dv@7
zkC!5*6jdD|l5odGQxxu_g)d8l(Tj}6Pjnfgfz;vx)&4a!yXxs%UD<HMpQGFbiRc&$
z$h+@ZrRjmse%HRNyyU)%EIZ-u6z>ukqTLhWW~Z#!R%EFnT&f0JS{8sTpQu1bM_hxB
z|0{`*t$SxczG^eIlY7W5!)VmHsHJ*(=D%^atA*-;UQe~WFPm^w*9-!6(n{L~v>iX-
z2$)-huqGp%{wfj}xQr54V2vWYNCJ|8EEKIy2QrL*WxyW@pe#Z&q%#Z9gEWw$X(!MI
z6>&7)0(H^Xyy=>95#qSkxlJaqi1X~rNFH2;vVO4}D8GmMl#0j}KVAf-f&EMlg2Y`G
zF8|g5^$H{=4sSRBL)k=d9)I2vbAiu%uSyGXL@3-Z92vo`*(a>>2jEDb>U5$-S71>g
z69m3~(=+NpXdn}R4;ESwHn9s4hB?tL{1`JjLefu~xSGL%9L7V)KEb`x7%><DFpjYT
z!leug(xom}&_sImpJR%;0aWI%F4C|Kv91R36yq5<+FYSAvH_FJ8a5$=fl?H}Vx~BH
zYGDzI;e-#u2Hs=XSM|4V6trnFZhqtu@jM;ca^Xu=nrUBeWR8zrjJSHbI~%Y}x{Q*P
zg{6h*5`%zgyXAhh2#?_3BLG$KPS6wW;3iV^C}@w{Kb|<+4S0e!0q7Up<DWjoi~1st
z(?sT(`PdyN&3$5{oTm^tcnxiirxrxSEl0Rvo>7(lA*AZ&_!AJ+F{rJ$)PLB0WnTD+
zP+R*^(2dk(?--(;YTG3}>qAUE8<$|9=mD%r&l3i!h7IwRVcUcy05m3byZ$*=gA$px
zvuak_q@}9Y;82E!n2Hw<lBO=5Tm^}C(GXT$snFJGm%4z^+xQ1qZNaW+#@eEE9MU3;
zktO_{%=;T{!j4Le8GHf%D{~7mC;&%D2rj3u{VJ39vJfK=Ae5>@92wa^;<!~kz`7n}
z<5pAKilZUMJ&)qtH#z^~Vmc}v8hgUO?C&lh$*+xXmAzw%Is}hse|f<_E)Z|DQ)k&T
z*RQm5uJU|a@g@XUf?H&eqN6cf%&x5vzx=V^31)hgm4uHi9&@mAJc%(%xBtq*vG4eb
znf-<uFEgFBEWbB7k(Dsw4126JIL*0~ncWN*Hae{RIbE~WA;FLafSAF<<#c|;B8KAa
zt>>ciny5z&?ZLUYgUj{MTvgg(IwLj1jTN)$eZCfF`k49iKJm!6OHE(<X<(%C6SpWP
z#ru)6(tNqM*co-vdpD`la$bzL&6&p4Lc9sL<NaZo>v8LK<Z`V?_fp*J{yuU)V;cjP
zb?epZE4Z2~Z?&_<@@Y!Ep}RTH^>dor`{TH9l<~VT+`RSOf1On9H+17;u=^q>o6F;K
zd{Ek|xAXX#r2BP$+uFk&a$y%z(>>SvlYpgCo8CEjvi*_duj<;}$d!%m>Ur(zDS5Hw
zsdqIj`{kS~D4Pr1U6LMhw^s@qndMA^;Y^-Z0F^l~85P#M;l-u>oZha-5-j%g?4pF+
z7iW=lC*;YQ+ialU_L2BE<9s6l6WpjA2VSA=BtCVjpU5zS;@muvwRyE=0E^ZQZRmVK
zT8B7IMp$&@z9S);U9KQJKTbrIPmlaKR%j5I<Fq_DLC(@GYXE-Vcts;C2oY(Wxscb~
zFyZHG*EUe?23dK7k2Qag{^b$DyO-1J`EW+>t|Q~Fey7{_`%}_HXt0!aS+%Ka_SrD^
zV!arPPTbGO`e3K^#)t4Vs@z7;Q|sgTs=Z@$24$(s!+qsG_IJw#SZn&)n%XFp_C$@-
zHz}Rh^Nh>~FKdm+4JYo}`zi+P>wUi2Pxn{CzPRHp33^}byXAFa_9X1%J;0TXd)9z`
z@bg6IMu%i;3P5jk<>60Hy4?xa8*WeL&Y;~%=c~^r!Vkm`!8Zf%SlokBSAVH{Qtr{o
zYvHHE_rj;d_u@~r+z;4)O<)v-&1V#U4XdMn&7CR#@6B;rJ0}CD|0EF>r^r}u3L}q>
zK9gRok(RGan?B4D%eGh)uoBA>k_*dc6-_11Hsymr3Pc@Lb!(a7Y&3K$XhAB^0infH
z(xy}bC9o?5AQL<d6{GOr^GXE=6RMOci)#}F`vZe-TbrKQ4iO-xZck_KeDr!eKU})M
zAC~_K-cKWolbMtWrsIx9cwiMQ(;5#kW7%1R^%-Mj8HIi9Go>lqeze)5xTW%(3%2Jq
z<xoW@>gVY=SyPpTr&)<utFa}9T$0{#^O<sm23?3lo0MnDUh3$w1vlkh&8fFlc=T2x
zqO!<2vl1ACk{NRfvImz!Og}@1k5E^=;$N~t@oqi5Qm>q}T&7G~ZyqOCX;d`_GmwR!
zRF0_=M5-wa;h?G2Vs!~BINF<iRHGJym(g~FVY1^W0mSurd`}eOY&IKakz_4Tc6&+0
zRhcT)9uyA03UDLLyP^WZ0zkqbKvb_+(?0~ubHpZ&q^FV6V3;UJBqNMaAPhl~8;f2i
z#&?N`T5Q8FyOA8qj+<y0AO3f_00S81Ao2&9nZ{`?##$Pg*p&BP{VrgD8Y)t-E_q5k
z8coM|ct`oTAg>I>w803`iKJs75>mimxuW=D4s*6>e6wPCJ7zf`63VGpvlC?th_W1p
zPC4q$*cr{eap0HFnUz-X(WjJWS2I^yK(kBpOGBG0CBn@}5f>7)k`dGzA|sfE!nm>w
z1)l$NM;Ol<f2}kMaTe_!fiUZAW7R>_gCXA8cRTB|7cqis+r=<AmV})M$6{I(BO&{5
zR`!A7^inCN8)gTXfObw{kH!JR@-g+xS^KXV+c;g!jIj3w_2}&f5eQ2M!r)6eAzD7t
z0O26sYN&jh-cgYatrxa+_=%8TfOUL2N?bG;I=rYLLx<abGQ*;rfBm9ep632d<$kuZ
zoZ%Li_w#DIW3`ttU!cpJJKxjT68N%gJIu1^LuVOY;gco>**f!4aI?JZ2=dX?BD<zq
zfp(tLKxSWJGTSV=Sgr@%5%<y`U3gWoTrN>D$C*n9wpRJGJz@0s!ymUX(z(W}fVQPR
z3OQ`R>iw4{Aw3@t1KRYp&(n0QmDIFS(=6_xjB(G{(}T(qygmXAVVAJ5kx<cz$)|tq
z7@t&zRfL%6aG#rXEy@knM(ERU-Ns>qEzQi@KFmlmBnI|skf}+HQlT0W>%EypCIvO{
zn~AwhQQ})yF|a?QV#W|XzbK2NL#cjScS1Kcc!PFQ)B7-G2I(s7esFSQx4n6ejoszl
z+3WLoUWg}KpXuh?P5E=@xS}VQ>t6h}aYVNBGyHk@@&H`QS99@kHqeO0#HP#Xc>8`y
zL}UJSF~7X$rF-|pl`F^7%9w`X=Vbldi3e5<ev#?7<IB>$#C5+8KA+CF;w!DE^_LUM
zByP|GW>D*NPh~AEI()+c{Cb4(y1)AsfH(Yii02CvcR=KhD0iUYjYzkPc4tv#fOB%2
z{<DMf2>)Lr6R8y#?$U2mQvYQ+Q~ci})BneAE>^R%#xld`<&)iax_I(-t3Tk3sO2b?
z$!zMGPHzzo>4`~lADf@1rcpK`a=nz=U#*|oYG)QnW)3RHC#bL>#ICR><`)l%@Nbg4
z&EE<g3ai07vK#iNXSlKou3#YMz3n<-o8}lxmdtv5-TvsF`S8l!dFYCBVSB%HBBMCx
zcQikoTw^*8DJ75e4J#<aB`}(nIn(6K%%L?`8p%>6r*F4zEJ2$e)_4)*tnI&yrc#?s
zmkCX0WvNk|v}9^8NHvl4$gi?ea<{FhI#UuQF|(A(s7Z6K*JhlwVdA~4LTS_r*Z2Bm
zGDkOhmMd<Lm>A&-F*OIa<e^M~X?iszEQg{u&aU@aTZX1fU};(f-H@&`S6XQ*SpI`8
z0@H?ZD^VstYp23o*yyw?DWWS1_?@e?Q-+o>wJSQo9!yRmPpb`^Qy#)Bn2%XS#W!0|
z2zsIh%0fe*4O@hF1_D>m+$BdU)mf5eQ`L2(lEjJfsvS$q=>0<>`1nATT$2R6_)CHF
zcWIJhlnI5-geB5(C#2(E`KluDDFBk$?k;+Ec;VhRvf&WbUg1qaLmC1SHKK|?qRFy6
z`Zi0N$TtE{#L$qlpY$=9m$EV9D42X+0-9lfiZZ)G6`6U8u3QKT4^IS&eWX97Kh{w2
zcj_-GUzK9L=ixaf$uK~N;1i_wCr1sDAwjo!Jo+|Nvi7b*Q_p!r(=hlW+_&{z0H(1p
zADu3?0KF~>0Zd7++qQA1?-Fa7lBlb8-gbNJ@L9tu`j$?(Go)e#+*nr^jMW8^qUMjQ
zq5#96Y=i0znhI&h-HIdsu;zj%S|WGvJ_;857R?KPX#VqBPpyDQhVA1fR&JSdV(7)c
zsVejjBQ=wN6R;?^;{037{5VaUynoF>uY<a`;~ThlVMoBa^U<yOhXEtxZp7$QiR$u$
z)zKtx2_v6~;&Pie1*4+n1yQdQ5GC0L#;O<xU@32nc5^Eu!x1f~SR#ayg^R@h4eOq$
zU`gMF;~Au{h9fJ*OLfsc{6lK^T4JnKYzE$K5DBh8z{=RpwGJ1<5G@GwZqDO0C|)g~
zee&E`0|`z=PB=l(SLBhmsO2xV33%6LRgGgp9CYF>M=b#{C@}Eq+u^^g*)V96otpR*
z4^{wp5NRPdcjNlQm34}ih~F~k*eYm%T&8~F&o&7cI0n282MPv-X;{7*9|(;cy8)?i
z_)P$cNGK{#2-;rvupa@?-HRLLM|bv(!y?GKnulWv@?|V`J-T0?89gfeGtG1H{w3Ty
zvFw+9f@OY*8CHq^XGOhQDi9M%B{LDo<-Jcg5vWrF%DbV+Ur4c!qTFGoqp0sX5eQDA
zZxJlzG8C1IdG`ttygx6Iu}K51DP4Rxe~HwqTPF#hOM`29kX!*(0lNadeujltx!)6{
zzgrpHO$o=j?AlKG_X@`e?|6{ovLsNT*`UJ3AxunhO3aP>D-<Z**;#>~{Aexn_q3sz
zBRJ$dGx!-1bzMgNG$|wmdq7auAjWGsB*gU(swMKWE>em5HJrA}>C8X>R;>3%td~-t
zuQi$Xq@#n`Lix38O_M$T4YGFCwZF!>X4ukZJbz`o_|_!>f}53{RwL)0CH9EIeweKi
z_fE%z9ZQ8AOO+fCXk(nY<m^iiK-|;>(2)P^l|-+?QY=M^Q=-=>g}JHLZOZr4E1VK`
zkJ_S8U50aCMt3Fj;Ci^f{2Pq@2d`y|QQ`czbW3cO5n4P>1kgUXU`s5aPjivOH^mjN
zGGKQpYRyJl*N9B!i`zE=LyP?2qf-ACNT^<)_C7Xf6qi0D+QV^_6p<TX8EgcBTYLna
zPkiJ`AIF#%hBS%c`ONY5#Ttu=DD7%>d+<g>U+kYZ9mc^0`Km#nQB`JDTs*_FBZM@8
zJDECFzk@eo|HeOD^p~JFh}aW&1ne2U<9{J(ySif6&wmEl#b6Gm^ks<gXdOoxn2<P-
zth50?){ZjMl`VNPCGU#8%I_ZEhhB%~?iybT4vfwg?~sgqjARb@{0v!3zE39XbgQTd
zf6lOaeXo|QwZ>+uOYYzBloIW)I>*%3;Wv9<Kd0Dido`aVsisCXf4kc0cEY*5-&3dP
z@>v&LZu!>S-mk+@JhroZo^`$z<bEGYe&15kCD$z-kHc2E*&hbGK`4AKpKi40WGk`0
z(lW`6Cu}oA7z>LIHoBC%rzd}@hjkevpM?@i6CcA?Zg$=VLt1+M9!GE2Yri@9@bIXn
z`?6M^&FcLoNZc1@QX)Mn&c=}Hk>WPg%dLTo7qd^bbIv0$JxMuPbjDB`6kcg1)u2q9
z;xl78`EY*O%7Hy%n(<VoP$|DwP2~6FQOEUejS3Z~7&LO(zKeYYTzmj>eJeZMW!O16
zQ~fq~#l)ZA$M;iq-Ct7hPKiJ7e7+y=7g#txK6;%_hr0(<a-aCq-0l~HC~t)`Zob~{
zn`lK|52Zana#zh^Q9N{?P30eUYB}wEt`~1|c%2-+n{w4#)z;i^x*WZq%b9mG)LANE
zda*IR4<9|7A6D?+UMExmF*QkQmHSaYx?f7WUMB~GbypzX76VsYi_0uho=K=}<fV>Z
zn@XDiZjnNp^lSq>Q!@5u?Zj?5oqaloy1TlEirS%6_R!ktmG)_EbPiFQDA$xPDz@of
zZ$HzBB47V4H<*zvOOpTw0KorsccJ;e=LXJ>2DVP7c8>pPGFh!8WxXhho^$8UR##+P
zr^b&bA0_`sfc0VuEI?kRi*-%KpFg87WM%(pnsnR!sv0jI|IXZ;idGz=EdGz-pH0Ge
z!u+f@fMP|eJ98ogd;$;^k{S;D-M)Z3L;Vo;!#?rclT5#!n^wP>&$X#93IIarqiboq
zk*y9)0D6)Bsg=$AE}6vwO?vU|W|ajB4cFr0ignpR&u6a@%L)Tw8^wC<fr=Ux17<W8
zm7wB?OAeIE(>d-AjfR3DR%NF;llZo`(A$C`vGSyBNFl9`-@g>m(2$npC|hAcMeIIQ
zmmj71{fG>PWJbCOu^!&=UBD~+3Mfxq1PI_Vui4<%bx{yEWOWp#RoGv!(Vt`pZdmOd
zDC%eNAgfPEAx?@K>hEC`%u0lTUJSlOD!Q&{n~JDlhv>XwZ?v$8EVO2fxuJk;RBRO_
znQA<eYYaQ{E<~DI{DhG^>Pi~Qn>N8p23HQsf(v763Yg<p@@>1bsvt-Dd_dN~;1+k)
zyZ_!au)FwvJUpubK->}$dQK9;4=cGo`yMn5Tgcwh(hEX0VbJO;e!TiO#7NH~F+@PB
z2;$5#)gaKd>7RXi_@A>3VQ%kzDHyatbXhjw%NG^{hQL-JkUoDaJ4jzuxnj&o9c1cZ
z>_}6n)jo{Kc4QiYT(r$X{skVzmllQDXnfRnLxMmCs>j8Ir%C=FnX<vXO+-t9$M>-f
zEShQtv%=%3c(yPvz&K;=6}ZQ+7<|SdWWe=<zfU0%{cUHI+pXZ8zB?Z-cXqu$0_|0g
ze@QynYHP#-dLnd*#abr~5Hyw&u1~8*t16^~roH|wh6!lR*EbvY?4F4-Xb_VuF>Mle
zH;s*?LNVXKTrn}8mYBMW+)p<-la@H<#d4;aSs9~~Gkw(^mS*+_J*%XvcGS?9Em%C-
z<N18EI3Ax?Q!$W+`1!ow93DOvJU{Ez(0o)pERI7%J=~5oDh)(kMd?*<HBtF?etxa}
zj1`|0+Hlc|_IP#K4JyyPw&11aYUKWfC$;rlsKiwX8@2t+|5QJ-(RtAF{L1dUdiO(u
z*VEhR)%TP*=a1QWyWji*Eo~*gIJIIsC%rO@2geh&-%i-&Z=alzTgv5?YTt$Zulc%Z
z2i&m-7yy7XBmltgrrrPlnw{hS9(rV}{^}2@VemGZ(K)el?Yo=#v?kS?ZMp2T=eWa?
z0uGMV;2bPMLQ5o=3%RW{Ha@R5GHtA_4FN`0byVNW6Gwp$C@VyaL+@J>96{pFv!ZY(
z>r>9NDypPIX_oWX$%Am?_xmj;?cXEU&+|D=yY>8h(3zReWPN_3#SscuZB9lkkadai
zM#SH;1kdKzUDLF;>9!c66l&UP>T&^ytdOgXL#HZKrOHgyS4$}jHjh6WUhXIEVVVXp
z+vH`oC`6p;&N-rDDag?Uj`w6JSp?=<sAZGyMul#u+N^h&ak|c_S98^vDHAR=EYT0-
zY%n8+UU1qvq*3@0KhmOt`pl9<fxYU{Thmpg(L{*_J;gU7R&&}`U*0ii<XA{Vg{pPw
zw?WGeKGKS4o<}$@*e=3uRb?P_rnJ*zvY^?FvJj@O-C`<i)ju_$v1AvR&|V&3O2vm-
z2nB=PO=is9jyHFJ5Jcfk+jpNu#77&bjoW5kX;XXdUIWbU3+Hib#i>*`oM1eUwjJke
z=XEJDAPn>d^W>SooIHF1L_sf><{#ptAcv}mj+mg1H#lIMAfhnq1(1m7Ll&9G>62D^
z|6x~>$)~q$0>EYmP|olMbNbUh3@BYD#t#N*)x%0={R%V0yr&6dv0mx^$my2VL1R5&
ze6NyTu0cCGYzNII`V$Te&>Gz08q)GLkX3h(#vcwzD1)r7^>@!ARfd6O>JTz@(3eMa
zE_^XmCslPVcv4Y=HRg*YVJ;BAr5??MwCvJsbtl{+lC=3i&Y-+IshgH$C&gGmx}kTE
zf`TNRF-nO#oFa4(?@tG+sUq3Zsf5U{%GH!%YLW)JUdiN6v<0SAIW;VQs?6>L%p03w
zbiF&5Ea9x}3!7|!aab>k<Oo-uzbv`G$)L0h1IN_u(0tS4mEEX$e-<yP%ie(^o~k4I
z7?ENw_DxQrCrCZ?h`eSO_y-q%R^mHIy_bil@cHnaZQJ;ruE3>1QJ|JoH*bS7#MVpE
zqMVff_@E*m@!vq~d~)o$BH-CnU(}n?F(8DO55l80i$Hh$d~@mJwKqepzmmYobLqF#
ziDq>$ph|kuBj(v5Cg|bgm?*--XeRc!{(F7l%;BR*w|Noe=<EJe<VEFzX7=KyjmRH{
zT<in_*wXS)GS9=YsI`T|2ML1bFscES0Ig1J{^wCT2>7srj|>taaOLV!<jH&_j_hG6
z$Wf&M+c-)!&90z{ml1PQM)L^vVXmE!NEoCIse{TP5l~1fg-K9dILZ@a<e5npykt~n
zPL%Ubls1RTCR=D;6MHa}Q<fO-ZGXn{V5a!HyNAUo3U_P8SZ(#CTiNosT}*XU%rNyi
zS2gOm)m2mIl!i<(idN8+mUk)VY0CWmp?&ay#|;bdLXqf!;14FQikY3Z;KQ}j|MDGb
z>p-cv(6gU5ojyr&Dwp2AOmB6?`U>=c{z8cM4FJM%1<<P_O2dt0B|))g>+1y2oxB8u
z^gRdRK-iljoI~6S(6hYK?S1A0_(4!NikY#aJ7ouX-3t9M!A(`QSf;~UhJ#;#2Qff7
z3kmcvqaWz=G?~#LzlI*m#95{GUDxO?Nfjq5P}*d+2HWwtkumsvf2OUqTE)m!!Rv6$
zcRvs2dYkRcXLN+%Iu#4<eGt`Or`i3ybyxRp^CvJ#e@%ctydchZ52@V9&DgjMH=At~
zzU6M8dt&6HZR4%wxH;pR5r*f&?LU0*)8j&Th6VY$Zr*%A&NzAGF4IhFL#ZJ2%+_fk
zWfq)#Re8R=V)eRLJ`ZiFJtq8il^&d2QBZ%j_Kl|F`u{BY6WM`^kj5FuMYqzIPRsR=
zgc0{^3k({;s^L-5GRsslqGt6O*@MMg@j!8$^bGESJJQ>1S*k{V$ew{aXdYjh4_b6|
z)Cb1?_P??1<N8ke88dX%ne*GEE<oG9EuYTW{JtLCPsx3bUwXTJeM*0B_e%A~AEWi&
zUSIC>x!87k3qHT<zkWV1(?^wBQ~ACI@S^c{I+?w{#S-$}dfsm@ocP=ynZjyvFt7MC
zYgyb#cWP?6T^>?C(JV`s4rWZ{zK-3(rrg+WJ}-W^3*5lsd=EPB)xI6BrlwD3j!NGK
zq3}rTy`a8cMsr_$dpsoOMLZ?=6vhw?4nf9}k`4_VBeO`&#yIXt6iK3tBdC)wH3;Mo
z!usaqXyc=dQ<#6^eDNRg{wrbyTxH2W{Pw=Xf4fX%zldexXzga;X!0L|c{X;oPX8%O
zXkw&i;N)ayq-Sm6<ov(Ut5`+H8d(Lohsn+F7)Z<1ELG7w!Gi6Ni-p@n+$!Z*%WMrl
z1?Yw-jH_D*QzzHe<s>7M7CAu)pp_tDuy{0v&E`24A`EZ%tv)drqDLJfA`&7JaeuHd
zk_ZfD1Vc_|_V9hELn7VF<lFSybi3Kj_Ssf*DNg>bvYXt>G_BbwNARqge`tJ$%tVWg
z=|YDo*Qz``2y{a>t{U0bq5)D}q@{y$v%RiM;BD#x%y4d!ixx@fS&@_JnmkZN@r3C1
z4KnouKq?A}ez}N~VDZ|oz)q}W*?DkPno4dpjv{b}<zcqqEJLM>#57}+$^<wDEA4pk
zu!s`Hg{3Bw<FO)nw(hO&ie%ybRdsvAT!#6UAtj}tHQ8mD*n=GCEKr$|dzx7Y>X7&t
z@&I9yJ&CG18N=APr~+b#2yX^Vlx+cDz+XVNF{nbsq;eR*=HN7L)(D?#e)@j5WQP;x
z)D8wjqlJQ6tOxa7krL$05wS!&12&{X64P;<)!6hTTgW2BN$aC4a&d`>YjW|3o(j#O
z>;lW&{b{P4brc3gl_cR~?MtY#w~A*HH>jqXb~25<2@t2s`>QV0r3h6QQy)cg?e;j5
zfZTlnf_18ha`EvMBGF-8$kO0sahL0kMmodLgDs~jdmY0zdy=6AoPu?@EvbItK)G9H
z9r3-Qa8P2#tX*BB5U+TARY5@;&8Y&fDA}l}Ha87}KQm054U*(QJj5Ca&%2JF27ZJX
zAqGxQv}mFDfPtxMf=>v-FOb4P6OjDj{8g*Szdqy0;J(EZ5q)C*c2&WuhVNdpIPdr5
zXGl7<0}{Y}EbR~l=lPi`5`dj$xij>eNDs1kYGn27H))bEWCEB7u>8z!!Ni-8c@Lw6
zqNgOIm_^`bTJ^$epnZVe0DJ&muCtA3fT+OeGkUFkc)GiKVEQ~ijx&0VYdJwnnvMPl
zdD{nSUaUT<fP^`{fABq@q5OB(Cc2$w+@DfCSw!U0o;)@8pTxajsZZH<hZnu8R=6&n
z`kqr^*UggD3j4J(d2rueTHs$S;9@)?M{u&nOc^mqlJ=V0Ctcr`r?bgit8FqjT=p|7
ztu|^J%1%D?#d6bev}a$0rf5g&^{==p7REtU1>6T%Poa%&Pe<0dYQNdJ9Z$E{pxtQs
z9uCtPF!@E70=e_kO)4=<@I6Z@G?(Y3g<42QM_R0z9Qk2XSQum=Wy?}wAKCBiEVXu8
zYR;LYm<LM)0MGT2LGMDfm9G-BR8pFlG!(Be>sJ$DhdYyS-^W8!LpsTAxKx))V+z$b
zTN>^j%{3NM+6s;j8?J|3Y?$HLjse#c7c?5xgDaS;Qjz>Nv8Vo>n}}2&ReMZ!oi75h
z!cbSn7Eb--555xVMX`pX2U*zQOj*@+`8flWP-ACt`0l@Pw)l)K*D7JL&+jauZ0{g)
zJ-5?d;e9)u511;lf2~bM()s!{-a-5tQjnT$Ee{eE`5lMUD{<B2=JNQyJ$I(BUSqw^
zkD8^1WO@cVl}^8Odn<J<I2g%XTugag|2&O~p^28ve19(t@AmY6@4?H?WLtU+wC^yb
z<5_okeXY9n-r{}Vt~Xwc=Jfcy^#{G!>V8&#ob;ww-duVC!=;$^xdGvb{_x5)|D^F7
z63ZeQ1Fwm5iYGcJ;1tDOl6w6^z##P+qcRRQmdHW=KI!`YZ-g4~ZJg8j-<a9-yYxi-
zKg3NV8)H3dJG1``nyP-*NGmwKZYS(FA=uj9aI*NpPO*4nfktGepHOWxkRu0T4b*^O
zh!t0>XrukSr6)}Bwv`R?9r?{Fph63PTI84;^EE1H%~j^>p#`dz&4CE(C9;{6#LL%l
zUj><~O|BKsKGPgA6W^!IQn_6(Jv%eM;_x@!of8{RZ~d~dm0t#O#G7cW@YZ|mO@RmO
z&7x8xiS5eNnR3t_uG-?!X4r-4k7YtL7a8$Wc(t^DA(f)iRWb|?VMp(R^SKz`#d|1=
zVbK;;h$5^5?&iHoZ?MO(+JnbV;y9rT-waug=wk{*@i8VWN1HC^gVSe*QA1@(tMQ0T
zd0DgOkVZgcj~hLR9?Fgvqpbzyi1ch2b0<ig>(b^}csUePrjREEpTt=WGBSFI)8tSZ
zHKW%wQkN%J3+@#0oX&6VV~}0+`dTN|8hYt<&y9*i&gLyqN3d5i<t(sIE(3TH+unAV
z^YCW<iKX^+Xb=_6(=L?>$@MAdRS}ALDwy)}0jU5E03zKgOS$j*_wDOT!$-8>A<CYV
zOYvbrT<7!`!=V&7D(3U>3&(8t{LLKCH`ATcW~Oq4W)>*{D>%z8;Wp7aLOycF)~M3-
zI3C^?YiCK;DK6d7x`n%|+GQ`)ouUW<xANgqI*uy*OY*!>w}|kmHGsRUR0Y~<<ebNv
z69r9Dpcqqdlu_ofuae926vO0E5LP51I*COh{&h(fW?jOB+XkCZ!GQunblQkHQKkeX
z6B`t4V7kdWKvx2|U<;h1R+OzmSw1Zj-*muaANdrV0BS^dQkn3iG{iu#sn75O#@kdS
z%cL38rI>W5G*DHgxvwBQt3F4_!2hE}RvBmgJ&C%;JK#Y1TiO+u$;Y-SCkiCjmX>k0
zUBEacb5DKvS@|z0|KnZC0h(nVa)1WQV(S{>sNx1&o#Jau=#{&g4SKt)rZ(9;(K!64
zmdFdwBTcw*2vparBVv(Ah%OjI>u41Bt2<6jqJE~Z6)p8pAmqJei+Y=$KKaU3R$@EU
zjX-Adw8*v(l)nq6GjGu$7anRdIH#?0QCP=hpjyMQeKigYBVe4Pn7JWozzU%#ZqiXb
z9)wb_G?xLvScm}@b9}k-J_UMLsv^B+4YHSykvifqu8~-Ou75p_ifBF4Sp+zTGh&=m
zS#q20fp6Zikk^%|B$Vyd+vW%&aAuVo8LZO)O7-_pet`p6!2<D_h;l5UjBw%)I6h`P
zXd1{7tCl+n`a_?ubvkNmYBXplYxrKiKyYhI)W#B~S}V2f%PyE<_!cqjUjP_jM}J~{
z`AyLR|3QCTe!M)j&Cpv`c4e|GqJb?`+jmJ672|?`(EV2nhHb=UFwH^wQ&91;U_<r|
zToj=^O=6o2)V#sBaN-qC`h?uS%uZ54{r}SiB24%iG3K8_g=n~12wz;eAo0J-gj0V?
zEq9e)U%4hIDP*|Md^z#{3Gn~-vk(wKvB4ez-T}G^FY%j;_kVOM+KHFA=}>5WfE?n6
z`=8l_^3pm$qAt?F5Vkq+f|+9LfN6$P*atePyD$-<xWne=slZ3OJn2Stv**2#jOnng
zX{0~1LiR4S4?xea8JDb-VkFOTp<4k^dJf&~(ks>%ok?7BLskG(KrQvsJC;jG(Ud@A
zu^3~%F7f_dZ?ap#16BY^0ZssL=i%02`>+0>@fYIgwTCZ&s5gf<z9aeYIu<DZxB;N$
ztxbzv@_sz6KdE~o_1U}t1FT)U0i0V;x%xxc184$*;MaKtZJA-emf5eyvTb}dykK%|
zo4<H?WlLSQZCpP@F>7pEym)A3wszljMsjKyjmK8H*39VQ-8gTtL)b*&>}chfjdr_w
zyS4Y=s9icNF4GOam`Im2gClS`Fkr-uF5JCl&t($br9Y$j5lqTzlS|h~xO#srYkj8k
zZH4Pq=VrW}yVWvx-Q^fP+ta3fG<r2isP(i|JgwnjzZ=rLJZ4V#jyQbWOQ<^Kc8?5y
zqj~9GI@Pnqbzjpwx6{{J4VGBcJ#hR2I?j<&mVH%T8d%3r_Z)T-7MSk0{LgpuL$B}k
z?dGcbjja!eV-QJC-|NySb7B10g;;yV6i$C^jUqLlt>CYBtSl;jIWpN<M3ySL9C5Sq
zWET1g)X@-Pkj}y}oj!DZL5{=#52Y%7j3TvDvegS(bP*q`_N1}WcQR`txv7jFE7N5d
z72f7*6ME-e0A*py$t&MgR&>rJs*<M1_PZR1U9^ln>b(e2InGhb7d+e--cAk|KF^2)
zSJ(o^YTZp1wm*(*cH8UX!j{zA^m;a10T#m<eAor9g$3W&Le>4hem|L>j-cr2&sW2P
znH@jJqvYGd^eNMoX*xdXcRE`<uFjX|B`LXX*B9@uFK9dH6+Q2so*D{8pNGpOpRnzO
zpSq{3r=HR7pkJNKnG;=~*Tr8c(u3x6qK^-FUM{BxYpF&LKE{OY-uvyVh2F19=eL(Q
z8>rakEuX6(c-k(fs~aA_H;C@HY9hHlU<fqJTaSQ`*AufDL@#sgLj(>%L}Dq~_@qMz
z#|-bJETWS!lzX0gZjbaX!J35Jc#eBckEqYY&(KYho5YuYABRHs3Rr}6@ll5xhggRa
z_vCN$KaH82egOZqmfF<OyVL*e{((UKcIE%4oWR!g|7ijGL}Q7e<UXyRV2mbBUcLA5
zHN4ERmmkDE3_HwUka)Rq$cE_0UXV~KMqD+%&|bW{W<POui=$|7G|3Ck%{BE6K*AN_
z<3J=sH52>c%c}g8FQ!udnuV7~lA{RXV+I2iRQR(!b2=o%Ls4~S?|e*sZhQTDOs&QF
zSQ@|(-1k3TE|QgADv2Q=#u5dCtv3m_=xal)nyRu{+lVxV8(^wz%tO0oa#0^ec~}+8
zG>&^14VP-9TD(y=nj*W=or!LD`~`K;s9pDZrSW1zw0WN}VX`|Q#RrI9KTkA$(;=vS
za2sg5FTtDKIJR8a+ZR<W$((wHHGB!v=_w{zptkZDw9;akYR#fkW9ikMa)cjT#n;D>
zo1Ig(vI1~6DxSX9WQl5S0OQhReW@~cZ5bA0GF1@z#|7eJT;{-`Pu5q~hkcw7nx0oC
z(JqsYf*1?bLs%A(!A-Ezv3RB=A@etGN!Ufe8PPX17@Ixzy)2GFAvr|yT!P^rvdS~(
zgD-k_gIv1Ffakji!{6N|%FyXp-kZZu>ijrKNR3tU7}1(=)x*dxg!X-z3WB-v*YtB`
zOoF#W8t@b`<2_4ePz={Bm$*kpr0rj%)oMGl_OFF#RZM14vSU%&F$FTUpll^Ay_!}L
zpZyoRLBNxO&zF)1K*>V68gQ?!8Gy=ge0exbKR%UD&!zMjVgONCMTaK(v|hJJ4mSb0
z4#`uHJxh!!IS&UIR?yVAUB>27Xb<joBi#MAQy^G1z1r!0>S*gxgjE-E&3?5fEEoA4
zDKLaR*%b}<j(!!|)@`v)0)|o&x!p*xezNPjy%}HRUr>u2IqTcg?du`%6bY9~uY>~l
z(rE(EuKq0E8$uk!(1CU=guzO;+pSRHzmQ<S0Z2u`2_kD28emT@5Z3>zF&OC|w&3iK
z#=5_28;2Z^KWQGly--#^TJ3;r*+nM#!m_H%H_?yN=#uwBV%{e3@}>cL{nrKnM|R;W
zzL0Nl8MKQ}M9e)F7!KF}SJCG{H&aw3bO=)>@{%FceJ4qWvfd(?dLalXRyz=5Glq7+
zf03VT1+U6Ua^R?g9gRm2X+N1fPT1n!HXa=$0-7B)e=LFHc>KUc&LJcML^vIx9e-A0
z6iCNey3dF{!CO142poj_dRL&V1*?L`Ilg45T{svQ^+Xx4bkjeKh?xeA6R>zIPYk;Y
zjhQEp!!v%HY<g<trX3<10ayp9XGTS~?c&Cb{*wo|yUv$UAkN`jJp(sv8rEbr)jw{9
zi|g_mCTUiENdW&8oVi%CAc*m@!oL)YSU6olq`jYti?9m;x2akL{qy#G&kpCY&obmg
z>r)4CdE}%I1nmG-TGKuc^v1H^OOxKJ|B6Q4wm%<rb0rY`8`#Tqg;&|Emy7Sf&{rnl
zspFGaJuWIP(53SgK|L($1~f^V8>(evILH>Re+ksX*Ue5Kt(10j>LNDlC2P?}_k>y9
z)uu6i;z-r8J+l~^?`;JR@#pcqHmG(=cTM%>jZN3*84KPPOqQ?J>X8X=huk(Lrn29u
zJ4$Hpt#1OsT-XyNKgrZ!E+($TdLz)_2gxMotg1A82wJ7^8XczlIq-ehD&b`$=*HIT
z4zFe=O_B*7eS$u%ycX@v^9OXQ;=IHG?rpyQPQ76|9R;h5Qg3ktGGASI@?Wjxl4MUF
zO5^izq^gbVWy8Jb9FNDfJ&O=s-&;}$Q^)k#i9E4xGt}Lsq6{6{frt%<9@WNOLl1IT
z(nms9u?h6?Ii>N@L`KG|*wU$JzBZMmjLs|3xuo{2D$8$@%@qds1CKI-rANx}m$E;<
zqp3isvFB@u+gVL>!~2*DsguX3AE|Z*XMmWAWy#l<{r+)geEe<UN4=L-V%qk{x$)%0
z@6B=NU>|zJg3Dunj)}O@!|&{#%(koPX_D&3n+fghQEPuX&Tn;YoA1K!;9iOh&r|FB
zYp!)*PD%*6mGAWfz9!q_Ud->~z~yH!Dt%#R%lF{^HqXcFd4Jq+ry5J{=a}cYd&lSc
z*8QxHtG4UsyLG$gd*zJpN6G!^cR3q$Cf2r(4e*_^!%L(;^bMFOfgFR3!ZBDn-pDxA
z_#YvM2rgkRiH9PwiDS;Hag28kw<v7_T|8aF$-k9wA=WXse=lQE#$lg<zqob&b47rB
z``;Wh(A@bMbbrw)_!pi2$BOmWD#OCs<UcFc)ZdC#1-ozOX??4^p<%_955u}Om0<+^
z0zD;{v^9otmH}K^IH;-hnX{vL#nBB%E0EpS93N0fJvu873juLXyu=Tm7?Yu2*pN7Q
z==VTiP$*Q0jtnTf`>0V{okfq9>2ce6`SR`I+kUye?>LWmnu6ePYYNd^X*rjp75Jwb
zh>&rUT)1b>nIb`KB3DaYJmASmT{%{lI$fcV&L%S^Y$xDsrHV0YeFm7eSb0`~yhK1v
zidH`Ve9JST?*up`DVZxH$2mnk7)cAe=dM|-!Q35>$y8BwF^JLZpFy&P8@B%JEUIc9
z;Vj_YnK5f3#+<%<IR6nd+frbm0w<LbtD+GZVzKzR9ZXn0xG2$>CVg}UW&fgFSyVj!
zGkt_PMKZe-JkLfEAd`ZlNt!;3(-eLjUYb;Ie5TC2gJm`~FYr>*UMlz^DOVm(HI-?p
ztO(_(Yb`6O$g*akJII{RLvk_Sq|BKrGrkv$D2Mhm=IK7)(Q$|8HoLfqK0_HZ74vfq
z&%BO_xm#==1|EgLg{B<n*vo*>;mR<C&l)GEA1p{1uG_g9&=uMTX-@qQ>S9BEUk~$<
z4*ETWmCr&0(b~esVuv2p8qITKJ%SZ=5yVBoUMN#kG{%2HKvaXM?@xd(5a9(HSGZbJ
zW5JGXcou$a2tLUl@qe}tLZ)RT@~v}IpdDvC14$4DK)CxR!a~|pj9a23#}1y5NEE_D
z=zHR()R`BNEN~9SLju~v;bZ7TeX-~VeW{4Y2qt9YUX(Ms|LSpvqOp+rWYN|9X^194
z$G7t?PduJgV`)StQ4YZB*kEwM4ynl|X`mi#B|F1IfHh*#bJhcn{=@jQEs(yeG#(+L
z`Gvp<F5nZ}osJ9}(MH#@xzUy$*(tyQ3UTflJgh(MHo!p~K$GII0;qYlO4~GyCLD*5
zecasuXgn3&n**Q4KRH8O1nvy1h%hV};}eG8+dmmx2c@cC%{AdqXf6F)I(9q#afLB(
zd-p>lyQ9e@3lSf5Pb3lBq!mC7cRMJg8GuNuCgj{B?*f0kAFaD-1nx4wPH>o}3I~<>
z65+)Z2gvr+Ezl)A_X9|1?O3-1n4XR5(~&OR`*_HwYibW@7kpMzINk_|0xSZHmfMs8
z=+L#xQUkZZV4Yw=8fcqqBCi=+<_v8gFbWqTeIlmpE>8&{s}6XkZ=H5_|A%VhC78}t
zfZgD+Ghq{HO8z?=zAgglkgN|rHw2ggzrXMTb$7h4S}HG2(ZBt(){_=T`A#!LCF?V0
zvxwpufbu3ov%tv)!%6{=iEHq5o4aOwC(<V+vom8wK4!l!U{7DVhjLs@#+S~S^%?D`
z>K13?r@h9@BYc)rT_{D9GiN@O)a!cokqnWwB90VI&X!}TC!k6)B~=rY^%+8|E&VMs
zt!{iVh2UqNnT8WDhO2DI?2%9bu&`JWq6Be0V!`>e^g-}*=$)P3<Ae3tZ>eTJoem|x
zcZ+(LlZ5?%Jr{>Ai=DAzF}G|^CtHCzGKXs&qW6jRgz06XxGml;qt6z*eT<`U1lY@u
z#WkllSh#N2x=V<2X)&)Vvq$~7mv_r0my~IHxkT5tB~+oyypq4rA$iq4UqU;+k4Iyr
zvdUle6L(*C-`~$HlGxrCGC9TEY~+=igw-(kqx+yV(5M+L&Z6K+qWM6U`i2a`$P^@2
z7!;JF1NO8Nn%fLADan6bx;7h4Qb2fK&j<|H5rNC{C4Lpe_qMGGF{~oT94ImuGk4{L
zkg(}CNZ8T$<fR2vB9DwRa9K(7g_G9)X2n%{{cH2Zl#k~+1fOmAnKfAW@)L&c+lreV
z-|hi{xqRZ;qBoeCtq-E3$+fkj)qc|$CB$`WZs}-!!+iFOM{cp{VsgAz=z4ne8l~j@
zJmWvIea>EpdJ3U(v+ma!Reg-(^?ka0?T=#9i(#(n9MNTeP>t|14e#XkY;js}xml5_
zU1GVe*7&)&>FxHgoq)F6`M&0EZ7;PtxLZgQ^HF)P&EM<E8P`&K@w+4Xb*z{c(|o_M
z)9vzlIemKIYyG+<b2>|zq9a^Pm*3qKr7QgC9e%T$3Howptr>K3;K>Qox+TOOnz)1d
zB-f1)a!1jP>bw=D-jiXER8sHP;116noH@{OXWI@ka)*XHF#DOo&X4H*Z`BinD}g>G
z0RVu%5CFjM?f*E5GB$AjPjJdo*Re-ZOI7VO>CAi%SdL?0C2*c6{!Ze@2PF;?nn>In
zLNbH}LQFKUp0mXwX(1s_&qX)oo&$Ie#se2%%t&8nDJyw)P#WaD98{%gtSR@&(1E&v
zZ)}ENd^f=>jm&uAd3kQ836RcmNm(rIwDa3>>vekHq<VqJ-LPsDq5T!u5gU9%63DE+
z_MbBKYMo;a6;1SLG+@ro7C#0h;;@yCC2q_tB~?0^vZm$WO_r1St3|qi7J6^NnVe<U
z5(;1Jc(&`iv;8j3n8_59@Q47*nk^SwDtfy6K6mIo-E`8ZWZIoRRnj<+UgT2RKN(9#
zHhTVG)_4XjQ&@i2m5#%inK5~CPBx$P)(D$~Y&8l+l8-l$VRU9q$-$A#6!Ul}9{X@l
zRQ}+-oVD9=)xLOQTKM}>f0H~2a=$0Dq>rR)Drq?s($Wzi>AKbVa>kFGVl<K_XPSNi
z(<E~=shzu`gE<)&XFQiBj2g83an}8OGBxr7P5Pm6WbV$G*G`so?`c!s((yDgebSbM
zv63WlBc^<Fwk>^<xt<8eYSaJ?(^09gusrIC1Dn;5Y=_$y(=l0tUynkK2b0ZWR_We&
zVf-oov8cT{!;*yOS(%ro2h@jobas|IU69sphFI)5q4w+f&YQD2M4RYkmEM6eiJ?)H
z(Tw%*er@saFLMHJIwsrQx4GxU-*mhR_EwR3qLL}puDB<njjG;;sS%x_16f(xF_&pJ
z6IqKylbF`DWYJ8S10BuminTXSywAAFH%VUX0(;HV;L4NWiIpO9AKKxVLKZZ=c}x=y
z<9i;`+Q&OqH9WdX0;MYkm0a$F3niOxUX|F#a>)WcCg)z<Ii!wGy}JwAt=Uf$ZYZ?T
zB(UhVy+qgG6UJiq?1$*dso;{=913V2=A-j;$2an^WKZ#I%Q^3trX9xz;Rf3StYq|7
zexvk}oz&2aERA%pA=5Mu16R0oFYSze0;m`2M>Mq=J$u)N0aMl;aoh^bPcx~4Af&^2
z!R!ZUJTi7x_zz~5y!HZ2zplq>o#*2wPBbtm?{ZLOnsY}GYz6L@eyu~+ONf5gZv^-a
zEoRUxUh`v+lM1I@*QY+$H2Bdn^s*k_w5eY3mX8l@N07Kb&b$GmAe>gabNp^j?vwe0
zpxmg;ypm0PmdPl1)(7zSb=4wX05rY8Xk=|o<TuzOeOocaKf!wENFJ-pwQY}N?{~f-
zE7={Dk8KJg9xO_|4(Llp5n6LYRKDDI2N8Or0n&f1A)P3s|HeQjmD3}u4;j_Z*ijwS
zSG8Yi&Q+thTD1GCmK5YF%-IM#YehYCt-b?jau`%{8(pkud-CrTcRrCTSghzcW75z?
z{V<{QRzI5ip9C+b-9R(q%&K~df?20AIrhfE&Au%Wz;PZnC+=1`*(RFE_9asgn?Omd
zUGT1sLDp(LlbgpGt_d-UG(4{42`9_IC6af=#ZtUd8i#%mI>ySsJ!R$KE7R)O^jYo(
zXVVGg_YbM<Qw)$$vm2qn0W<5}P25YD&=H_P*b38~iuT6spZh{<2*hoZL(*o2B9-19
zn`+QP+ID`1A(VN;`!4Hh$p6t)Vc}4Entv|m_3D*t*3~ZQAZBJ8*OXZGEY^*ENMqF-
z*K4^W$p@7Sdz($=of45thT+*Wks*Mf#d#<x?@|&~2(OPZY*IC9QZZ~=8roH*cTEYt
zdObEQ*@hax#yeK=Ly&zR{1zvKxD#eKIK2G}eF8O%4}&~7d_RaUj2DVWOS|Vl(be?X
zg;g+N2%p0P&zELA7LafVAq6)^(SDnASj0x6rtT<VTb@2NWl*lMPTB0vu<a?o4mFpG
zF$ZlIwKYp{9ZGv=bb1inIyRdMt{Bw>>j0HNYaSQw#Yuqqr#owQ8&1KYbe);H$*^*^
z$mTRki^<jE$e(mfLB<hp1$8cFr7rA~4R<yfV|#ic&b+$gjt2sP&7CLGWs0$e>M`cj
zJ)*5Ku+1rGh>Ln3hnWM5=(=FYK#;l_te>nov{<!VX8n4&?J92(tS8lgxdJQZzCgl@
zJwFp><C}k-wtE?tN4PS~@=2jO2d=9##)@pG2#g+oo@oG%@~athzSxFH`THXEb4AVD
zOI51paz#v456uj$bk|2><{FBp^XJFYRnyb8X0=^_#|uapKE*JitlFPMso5%2i|R(u
zRe4twbfe0cGC12|9kOy5qfa$5YjlNO0@Ej%7Qm}`S$B05(u=1~&T{F_5da>O?D7JL
z&xM3v=gx~DuSKX2alS;Nx>o*v<V68dUvis3^4V#C3wPCyf<vETZ3hxuJ^~Fcd1KGN
zt?_dUXuArbE=t@z#UEIjKOO?YL2wqBK#D((1b-2d$2<_tQ=We&6r@ZAXtU!>1;`WV
zRkFEZ<rSah3xVY;4-GE=EQ~erOJ`^FK`6Nj2~J7RE8$>kr!s36D{%1Kgq^x+x>8Y#
z4LfyxJAU^z(CEk-$u@lZOP0dU2k!-*i9+GL&a_GB^#zQ~oFE)CjUZAHMi94Hu>d+Y
zg^7^lGh1={o7dx%$iv*gBV4&@0m7=(A-|mz%fPZ!dT055M^h%-p(xySkUyQ871-Km
ze(k+z;Yq^mLJ7byu@LQ@gWx#8cT6BsVH6nE$PdDKGJ%$zK}^<hEn?)9SZsNXGz{%g
z9Q<^D8iLZ*GBHRpcDAP3+@%_b^14j^Q!s-P`2vu=VG;VqVc-vZSF3O`4D}y^n-G0~
z5E$-EwY0l+#tL+P6lPLPF!@1%xjdeQ)Cv@Y=jo@_b`)3GHE^KYAVa#Y8A!g{z7LTB
z-zM?Z9r%6)W4;dh+SEHujI}sIt{BLV-v^SbKG2%=f!XqIOC`t4Wj^9Q%n(7&Omnb7
z%qBt9CU|wpu=B~VH6_;aj=}l}BCt?!RBS=aY(dm)L8`W33Tt^OSm2c<X^IQo`HSBE
zSyIvW3{wNUj0c4dD4EZ%B8-BEYx1aIodml0NimIEDp{HVYG`LFmJqmV)!|4~`(;!;
zh9X&-f6P>eXsGtdX=C^46AxVxB^{e-5~b1BkIGE*G;cz!BishZAm&^WuV9g!?N(tS
zIm1A*g&<`2Sh@EG^x9g60X}aH=&%oh@jQ1|g%ph=!ixUIvb^D1!Rurgtc=^*IG|mN
zOAXjk4!m>pEB*P`4eeJJUm&60Mn+*v05Iy*Z6Amf>$NK!yPGrlXA?<gyeqY^4U`RZ
z>j8+oc_${%*vxMph(|=gA^&}L2O7^|APo2QpB%s38|0~&jAPd4Z0ssUK`m6m66+g}
z$p0ejoq|LGx@^s|ZQIr<+qP}nwr$&|Y}>X^*|vG>pYEB6+Ydc2nU5Kf5t*@b=UVG)
zSt_$9o@SkMnkvp~gneX@x&uu$45Ep_Hv)eRM&^C)BX0uEF2&tVqI*TWN-VQT`%FNW
zJ&<(Fbe7zi;IjK8xj^u;VjEB2<x+-u5SQQ(j_i9GKsdoJjTy#ifYEN*e^Xfzvn=}q
z^vMt;NA!s)EAF`q6T(LEnIX$yFW9{Mg?)|*_CDG%$Z`d@c$sn<3Mt4X*wHZ#NsPx(
zUBheY;?f8$`ZvXBX+nWMx*)}9NYbV{q_&z<SW&+lwd{Ng*J#NM(j^jk#*@HA!Ov2m
zjB`(E|Ez=iX36y#G*=FD)-2d88=3c^uWgvw;4a#20EE#^C--+%5oB}AVY^m~i`IXS
z=XPve!p72))7|mM!4mMrC8k6NIC%1+9nefmXHH9J(daV;izih_K9yvDY8!j-*XG`R
zW9Q8vePWRt@WwPAJ)(G5AwBj7sM`av&z(F*{)n{AI1MC&&uD2cqOHEkrjup(kgAz?
zU#dFjK=iRZPgz(CEf&L$M<sVb(<#!^E6~$>?jd=4Kz1iH$3f;-V0*3)Xb2}uJr>Bm
z;@}$+PZ&>agwL)+6neP?7gSmimjc^kx`C*%?=^te%;EOSoyP7;R+sdc3F+*SuYs*A
z@`<Irb8LJ9-6~llGiTo_!B5Sx-Z5{GnXara;B3xC-7^Q9@fgNFhqo`AJV4)Hqx`De
z;ZdsG%w{~@plUbAa5v<k{P6tSwIPlfLY!DaK<TwrxOS;ZsX^3;)Ar6ky+P8(D@C;b
z*3z+8rB^Mg#lWSby6v}oR-o4$6#BrTUm<7@f_`s&c10f4B$(Cgoy!{CPyN{(KVT4=
znL^e{7veD-r_4{cLYr}kbi!qOUp+a2^?v5;Z;$Qt#zM}%P*+&B5Sgx3RtBAMp`T)M
zAWR?Tn9_7gCuMJ3!7-(rq1m5O-4|9pkKLWBnTW1J!EWa+J9EH`>!pC~cA1f}fg<<D
z4E`zn2|5q0Rd#Sg=rM&p<JJ<lYYcfr`<)tW4q!7M;a;hT-fy*jL-Xx0NO}lE?cvy<
zXy|s`GKNh)b&c<ceCZqAF_XmttJ*g=oV={tWn*Y7EUTjPfP7&-g~#xAbviG3$gLcu
zH?LHUy3UDyc2swzvPWVp3EBR}XDN?O14Su}O*8#x5J964Y`BfKr(ZXUa{1#9kF3kB
z{Wq=m=;omrb+by<K8mVM1a*_D4&!%dY=fDYA|803!=qm9?km@b#xg+>TPf&Lk@3h<
z+%8RSg{GnNXX@fNk9<}ys0k#pRtTmPIrm#FXw#8ll%qUO079_|?K{3?EQ%F))`<5(
zX=v8b1$XK}LPjx3-zB-M7soXeriq3ahHzL#TLFBttX90Km+YRTY96C{f~#JFdle-$
z-U%nXgma^~!{yB20*jij<pM=Bio8zNh!$})OBhxsiCc*r!l(ZDs{eoX;<o5r!8;kP
zoM_bDEo6yn87Wd(FhP<6i$)Z3_;(Wo>!%E>5<{A){t94LN@!G-c1cm*C{A>OMJ3$Z
z1`Ml{GFz$K1Bv*_M0PHtyig4DNIJ~wGpdf?YNjajpa1!VKM48C5cZae6jq}`2C*w5
z?_WqlRMEz8AGeMwD{9>=dmm!ce@gI_59DbE!`-oeD#8rb4%@mDjO?}U1AN9{g!H0*
z?A;8(@7@dxyn^3Rd={nq^M#Y|>Ivh1t9&BhMd1(jM)2I;?Bl({&qM!EdhY%$?^BX}
zH9^Q-;Cvcb9P5YRwwWIymLCZ78-^?)_)I{vWBZ&(kOMJ@_-fLk3Lg!;4W`|fn;=T{
z$oLARq>ohKHnOty(11BuKkw<H8Q=e_`)Vfpips=%TNa8@2_&Z+K)i_z_HCTd$78T7
zmpZJp;nV{dvmdMnzQ>z2?!%PyK|5$ZZ)Z>D7m`Y2KVWCy_X7w3@bi<c2Ca^=y1s3I
z#z72|VS;vt<YFIDwHwecq60ETGufbv&@TdOiK5LA9;p3?Y$M(<TGZxGsSI08j4Q1~
zG$U2@kQ9vg&vznAglm%JLVEt8U{Vv~a%uZo=}rdEE<q>vH{Yz&ao0)KjaToB_X$(f
z<gw!_>HWv%CO36&*^KIH6Ia5{;?Q*PyzM_*JLu>x?HYn+j_l#W@}@c=5?}0~X9&fj
z9YrzP-iG@RZ69k{>K_;ruhNJtc;boY=rpJP^5K<*y&wf}H41SZII}+tZxoBnRBp|o
zUbO_MT%p^LXz0zC$Rxvd_41Ro)t|mm(}v*BUlnktDxh<f?bDyWT;zjEQjLR)GWFQG
zGAL~Qi&FJz0^2=j*W_ny!ZIB@>TjlhbclAWPmarh#H>JAD}P6#+~)h63dD53)m+<?
zofw6-w@;_+7{3I8*?uXNKV8mcoy%z+pAXt}KR`jbt@q&OjPNWDZ~_|__N+h;wiDj`
zwCY8r`t<5=K`i_F$ZEx+mrKGp%EYdgM7o!#@en|5+|+*IBlwDGHwZdCLb@|x#2wyY
zoMSB<hmCI?wf*H;#)5%^?dajP3j0Eq72TQ2^q>^MQG8Pzuf#B%n{r|XWH&~03BIhI
zDRu=Ln)z4^g&Ue(n>f^d$(CFj{U-h4zmp7ioNl8IH2MH60~~sr2LbEE9yiRw0Ic#q
z1(!1XmCHvol^=tc?;Wr?zPKOUQ@)Y>ou@^p(J`^+_slkH425dm=2+f}<<)*vlY2ko
zxq9FE{N5DNR@MZ`)`e45dW|GitgQ`!HqA3>txlEMo{W|O>8MX;o5h(Xl^nG!Q(b!S
z^i}O|_TNWofBwN&GHu;G`QL`5bFA#*3E2uO`#>tLf|`EFip$^*F!J~0oVIqblcovT
zaw~h;Mlf=f>Jt{tUjeS=iQb-L_=?*54I#B(rX|nT&~ymmvgd}>QckI+oEw5m+257L
ztqPX4NuA7YZ_VZTlKDGJ09@7{*z;#Eux3#9rH5D7n(!Na`OXwRA(I>nqO5nA6qk|7
zX?bdU6{P@X%j3$-DclNBNUX&hJD$OxvhEi?;L-&Mr8i*fi$;67?itj?h3~zU1xv-L
zn>0h+UKA1@+Ui;@nVnWxZ{r}QQ$IUf|HiMxL#?+}^TgFm@d???;zcRdswA?rO9HOi
z|4d|7|JKurkrNS4?1N}G5%5sykd%@;MnuaC11|XzN^g{FrIuH`^m>lzTLhFYSATkk
zP3Q1GcwOusedxC@t9j?v$7!0`ay_AYmS>G*{k`tB`QXL);x2UqFhEM#?s%Voo$%<k
z`4~^V`MP6$J$1fR={{Cch?5pkmcd16J2WQvo>b;m)!JH@?aqj%)9!GWnPiOK8Z9MO
z)alC6s_L~bg>InUBx8-;;BXIEI4-f$UKHO()kTbX%vE#eM)G^z=Pu*R3+j=Aw&jlK
zBZz|NNbm9Mt|C6e3YAnb&}i^q!Touq4?D*?d&6Z#EXZ#<K7rvUwlJtz8Y-?Dz^5T2
zu*jKDBT?f_Y^sK1?=Yk~K;t3=7TZ5wZD+>)MpAD5f({<xYqEdP*@Ales}KElRd*3;
z;KCeBFdXQn98ldU(t-xtIoJa$hq%>3h}%8A!PBBZZFyMjMc5-Nhlx%`M6UsHrmF`B
z+qiKCt49Xgt+@lW!o?h|ZYgXbdy=x^#F)#uVB-+W1d<wr`$2)#LZOW*p?(sk{08#l
z8nijxfPVgV=5VLGe;>HI6>DD!cwh@vK5Si887@#4D%6h#NYL*>2_WHAZ5LyRkjBEM
zyiqe;#StH#^YRVDF6UxTJtg&cBfsLY4d%;%QsTp@CXW}dtrPAJ<>$J8*D8yA^P|4?
zm;Z3`iwH2R&IYO;Ic59=3gn564HGD5x#HPZ!wo$R^XsWG?DT?8f4F7*BntSEFGrm8
zTDqCtt6@HpVrIV8ZeGE3oYy9m|6Nq`O;Rv=7n=iFHU8!ds(C~9mO=VV5?K9$>>-2v
zJ~NA2sq?vFgI!GjMrG+|WBS1j>bWC-O|8+}>wBVxQO&jkuiE+4ui1HP^p<O+!ALg|
zsGGY1H`c(IdJ>&$|JFMG8O-;C*M9Q~boesMw^Lx)!4Etd=EP)<)+lp?)T|K^Xq%ei
z-x==r779EzF{v_}s+u6RYEK1N&E(g9hv4`z&A_C1=oWx0;$Sh~AY_6wni5)SN@TrS
z&{u-MKJBDQr(ZZ+{_A0|n+VQ?0&cWxn^pjVK?Y`s;n@i@8Kgq*jS%WPc?}jizz>7i
zIw=nY!x4b-`p<*{T6KKvpNTqR6`UK)0Klj$3s8c1IK-rn!2*Xn*Z~sQNypz(91L^x
z_%ZuVVQR=ARH>>o)B@!0LP*Y}RpWq}{pK~LdSi5wb%PF4p`|O+a)?p|m?;3Wd01dJ
zm`%r_8O!|1P^5DMJv7sHm%kdegmja%n5asBiB_neWp0I5f>Z@kC7`IOJSp0@`DPG1
zK*AV@4#Sx<aQ@CU6x7c_6`aZJry6QF6k>$y;*z<5CYpD_Ms#h8vaAG*kj=GWvv>*^
zL7QL7OFLL%KE}o(L=_DiI=B~Hg|2{9&kzZI@5T2vu=!<Y>g{Clb<p!|S`r9otx~1$
zvHPLdbq#_==pd76hmZ%$-ns!|8iE;=t729Jg}~vHG>O7i2h2_J7Z8I%R+CoZP?#SQ
z2)H0LZSH_}0g1vQX~7GWeADf6-!$zr+H>FAxT0U!XGovhp+1~KknZHGNsEd^D_#CQ
z?*)W42rR7gRKG=J(1a$g>z8};=9#obG=|qiry0e#HyU$%D2w;7rt-^(nH!IUOuvRl
z-q?)*Avwip1R?hXn@l(2G3WX0WYpE4I#{r$;eyS?A%xJVf`c0cHUMIRh>RzWlI>pH
zWkE0yJ`6ep?JDai1W91b;x-4C&j_HR6C`(^6Sa>_bl}dK*?+}2qUgC;b>}wfkz%Y<
z;Do?{*V92A3c8^|FnZ3%2NVKgkQN_;w2pb-iRA#)EClBPsYTjb7LGO%q#Sj2Fk)oY
zpAr#@>X)EokH8L1GIC%t8j<fyAmN1UqX0?-+>`*|m@0x4zsnaT$bl$MTCj(b<^?5_
zE9QgIqF3(wD^D2({)Lgvz+Pf#O_)K;s6*-QNRw+gsATn<&sT<d+XR$7lTHr&gdxZS
z+NTaw3KS1f2NX_90Nck7R0_y|7!OAf>kk8O8K^B0PmO#4lSmzOn28s4(_&Bp_D|A2
z74RRlJ*!bJoPt|Ic_&~rIX@tRoIk98hCdAeGDID)H~|4RKM^1t{02ySBB2`G2wdVM
zVo>PKz>JUk2qJeQz^r6{qm;cZY_3tCN4>i(*Nh(q`r0k`$R$W>M6d}MfOMZUfCR`C
zP`q@XH2@P}JAfiYI<P(xpa%dA$P{S2BtNhJI0y<rx?mqSfD)v=#~d-i5`Z8yqbp(o
zoyzH_k9$92R~^7kQec$iZ6Q|Int$5RzSqCIg|Is&Y&z4ahk#*8bu<8RVtqn?3y{r4
z>Lv(&PQWMtV}v>kelkEQ0BQ1FT>v-aIuw7wJ|+NGph!StMEQMzEP-+u!L&idz{Y)n
zxc3{-g%qnEPOY)G`RLa7*+n$Z+~B{7vg8nTi1^e72QI_1#&PJWsUag5`yuYQ>ivnh
z^t9w)5`So*X=7LGu?0a%77k9I^KJ4?k;*A$25r|iZB;`XVaT<n5@clO*RKynvmAcE
z^^$iv*LoP0Em2^}p2D%0sg1Z4Y(}Ub{oSl#mj7Vw9ZL4;pb<(e#chJ|5&GWw_T~lZ
z`PS}04WEL)c+ANn7y&XKafkcw;$*1Ypk#qx1umAhn^<?ZP91z#aLZO0&P7orVrkr4
zvTYiP>T8_|$N}6L`=jDLHgW@sFdwVnJvuSSf*x2#Q)@gmz!2`pg9r0wkh?G*Pmpv$
zf%WE-UfkS6FPBUNaq}C2X8yrYv+#E8JE2?#|8D&teJu`<ivj0>eG6ke)`Z^x9&u(^
z0R%CEF{*hv?MsDZlMF%{_H@?Aok?GPuikBswFZ9*0b%QvEpu94MH4K`($IkANdmMd
zVY!#AefUAdfr=?eFJed9z{Tn;ug5M3k;kd-A7o({4GOa|6f?gpqQHZeSvbTJyCT~N
zllQ`TBK&r<_&oUI9!RDZIg(pZFE_tyfs(XQY<0P4*H0MxApz^M+$5Uu{W8TFIbIjA
zl6JZUMjPoE{}ya<j4OJDI2S4(&EmAYn7bzAsJ4>S%mrjR`6XxP{Tb869C?>uX7^d=
z==C~K95wooz~HeOdxYrVFl!StnbBcbyJ}El?dxz+PFdzU{WawL(-cRH?Z|eub9?rY
zw)0q=W^)qOiT}xc6*4t`V>g4N<hN5&gNQH9=W-SSjqR%4akq_l5f@3NXYqhbyWxF5
zspj{w@bvt`NiQqC?dS7@-8fXCMsJFd_d!JWKCnNXVCUh;sT9VFUVL9$rpj_7x$dBE
zVo+nTJod!v6xQw@YIap*wrb<k{^lhl;Mn-F`37?FK)>}$NBC3Sl`4fg3YX(8{^EJR
zhh2%Cdya{e<9QG!*Bjye9wj4IGt|`c>0q(ZqLvpfrd4@Wgr)+6n`7s0SmZEaVzo5J
zqg69PSMf^me6OLm+`zWe^F7{wMQw^rw~gRb=mg__K2Ip35fzsgcMa*WyAFJ0#06c1
zziG$K+Q=|*H(lyd!;|;*_TeObL3NT?KDHtzb{KrKcDs9<yru-Uno+WvHOr^bTaLn$
zXzR{xr?t7@a8tF@{?^=(8@;i4eIO^<%shh2<s#ek<2`vPeOIJI?RMCEm5IE;QL~p5
zStrvw6f(=VWZx2I^ZGoTr*i4LTc&{Rx6JJNRG#}#=iY9$X?#U=x}N_L^*4w&W*_Uc
z8l^VCmuk4OAWzx>^bsv`vLH{`f%1`Qc(Q;^Ui#UBX_#Y<TtWJovNSzAECL0&=Qm)K
zHo(v^bqXb^ku7(B`$1x68P&Yr`IC3+9}Q0)(AHql**BSMP<2la+It}x(_s94ydrLA
zOHCw9I+ei7QZcn$+)dl9i`?uAG`Jgyx4HmMXfn%ETJ2w*5@wUMD!L@o<fR%~EqasW
z0e(t7Jsnl8W%>55susHO?ovli%2XfIWvJb(%47XWp>OE_Je+e9t;Cf8QATSeYl3)K
zkQs?3A-G_=%h%(R<y$V3BO|LJTx?%-pJqB=RIw80p=qxI@I9-?dWO6~Am1oFEAtmB
z6iSUl&4Yt8!Xwb;(bV;-flnrX{Cu<d!UmZef&!PxGNVnVm_)1vt-b&9&5lW%cB(Z<
zzzl-CgYe~=1;%Iw=`&k#1gx%6PX*e{Lo`^%bdBim<0jsUIbn#*3_)XMZM|zDPhxOb
zH9A&_o*<Cs9)%cI3pF$*mK%XqI*VJOvSg3z-`YOK&@x>rV$P3A!0D<V7N(7z`S9mY
zAJ#bvVivuI1y}W1xL50hKY4nJ{-s9j9_{eu&NBF1N#?qkvDG`mZxwvw_PKBzlazt2
z7aq656UU}Ke=EYJls~t06XnjViQz`GA1$dHrKW}^oXn`I-8r!6R9OAvS|XmyjB)$w
zs-!;VnKGrblUo0q7NE4C?>rSD)85E;jKu{d*W&%LNjW(?smRv0`J{k-*;o;o*fmz0
zo9U+1&o&xoEj4$bzB(|loG_EoM9=r-Nq?MYm<}^f;f}1z>^FIJWfe`&T0BTM<}bYl
z{U#5<xtk9n*$?7L0S=85Dp?+ASsuVF5A9+PH!}#@268nAQ*95OeT$GQ2>%#_tt$Ww
z(}w^vND(~<B0Yd2eV_?5>VgrH<pAA)5f_mjJl+PJ(uU2<i0#A(zw8bGT?fHIBZ{c<
z3es7hRtO165q{W|Xc%6yj3VfOA_<A|8?c-&3^i(zJs^QIsPO53b4T1Wyn0%oELnu|
z8T-H<*2o@&%q~o|A#t`Qww^51UR>%^Oc*d_ObD(rZ_y!5XIV^US&C*^(zzu2a>~n7
zM0Z|_cV6V{DL_9iWM}RVW)U9x^Wo(CKdftH%s}9dzn0(IUoqhSDzvaL`Y*F@j<Sw4
zjtI`qI>)tZY#d#ucTiiO&>}+Hfe_;7m>_g1T5XeJVd+`@=8S{a<`rJ2m%Q|E`fd`L
zs)Pqa(a>CvK~X=r)rbCJLHa9!h4>N~S+hh;W;%ssg+<ZGx>1d;PlfFL><?S-&&j8m
zTPPgf^)CC*3vkev+)Jkz-X8n46BR5VPSm;RR0vt_lLtZkT=pqS?gKUlD0%%w6n5#1
zmXgR?3oUj=Dt3&PhSG}>S4l>ai0wd&X+i0QNUYWRn%zOupP;|3$NGmQS@Vh-+9<1v
zaL>cl$=6QN==Ochg_MI13Y#qp9EU|u+4?x0^}%Wzl(Jf$tRY3An60k!yoI1%?N_$@
z@@87xRxKg_ylZlXALYGhbEs}PLx@@%AyQ1KO!!HN=>ItJ6G{eihDfBRfuZCh{V5FB
z501WF2nHIFVh@Q1M=4>0{y@uT0^n$O5#Z$j5TS5j8f&8KYdrT5X98q|IUaviLZC_X
zz`_QjCN)$~@v)4OM(c*b@9Tk0H3%|6FsWPV5MX|FbkCt#c&#)JNoyI{1=ENMR;iO&
z@i;>Vg&=CjQV{i*m$kiBtjlInj3}RjO3FUBQV2?vZV9<<g8<2Zc(m__f}#$W$3tZ1
zFDD5UZkL=;K@^A$f8Z}C69he~pio;>(u9qW$3#RAke3Rknov{fiG}#Z!hk|N1s5sP
zf(L`C1O`WiTk*T=hZXzAP$j#$o8UsgC)!M`R`Sa~C$o<0Sk?hf@S7`Y<-@d_X?rbo
zMt_|}m#LK}D+VaLyUO9w8G6BkW6+f<3W759L|cqqv)|C8-=czkr+~Iq0IV`x9@T!J
zAA`s3ESk|avN2s&gHbI<*HVw^D9JZg<fF@_HTsfLbz-1Fo9^XI&)UZu<XYeldR)=^
zQdq?{=yqW}P1P`P`44C98BnuMoNpd1-gK}o50)wFmV(qe*^e-G!!n3m^S?;#_<HPZ
zu1;Lhf784f%Sw5|nFEnGVGd4gaIoc2o7jaLWMuNBNndZ-jr`ryrz3w91Y%xuE%%6|
zKDW5ByqR)P9f`8%Chrvk&^ZxSk}@JM8m_~0Ibm8G$Bwj_URnpXPn*mXjsCt+7;SdS
zW*lw~#o<DWlr@e?##?aEo-EyzpGb$8Z?#lybYL+pS!}8}NsWWtvWqqtQPjXaIdI)E
z)3&wr4TGZzEo;mD)r^J9wB&3gZuUe-1i@WgDG@t&EZiM2*YaqNxFuhHT#nlUioAbJ
zmSt(l`6Vlsj@r)ZdE$_&@@dz6y`HFD$PK)xd2P=4kjEB`-5ZUU0BfPE&1kp39lKu?
zSlNGdL#G_U1_ex)L=DdBruANQw{%_|l@7LkzkcONjiPOTU4=~s6cr`ZJ5^>$O~+hU
z_qUJFzh6}^>V1*q{u~d7btZb*>b5(bR9~d|;lAF{-=1NM=@sB78F<d#LSE-Br~k;2
zporp@WAg-iD&Ttp!4?v-1i}>%o5S#g<%%&D7lAOzV`Z3Qt^asw`uz{UfKY&p!NTu_
zMe_fXQDFRgVOiMO8aR6VcSeDYHHrvE?iP<Hn@w%bzY=*0QfhSJ#WgNZ3M!=5)znac
z=G29y;KvR(E}NH*R=2G!>LrXe6vliMYLb1)gJ!G<(4`4@UL-yQ!g+k81^mz<@%T85
zC5XcCLdF@IDE$NY=&UZbo1O>m2W}7MkL?C>O*Ek09Aukv9Tlr;4-A01xZvH<i1b1-
znm^T(Bm5FLFJoVpoK{21-PEwi4W+|J!nKf%9f6(7xYXIPtElp#Q}@qfrd8<h_FHTF
z#v+t`p=1|ZA!IFep-SqlP%zn&FGk`4Uk$0lcuGE4Ue(UhN;1%{m}kjJ9%GcI3RKm`
ze=aG~5{Zr6x`H~I0s-|a!_7c!c|DMvB$64%L}~co84Z_%v}2Ya*aIM?6z-|li6&bK
zN;x+BP>D&JA&^e$2QmFgnrLWPMzDEevPtZ@k<w+g3_XO5nLKEM4~F@pp(rp=e*r>7
zu1<Ln>DgQ3_d!I=**n~zj2QLID2$dT5JXebhdVHe!t7YW3Fh)Jl0h!d_Iel$Vpj^O
zJBX&TM{@EYjtGi##8>4->|R93soX;*@|t7o$UO}FQyL!>llaIP)NfJBXdDfRy9u!(
z<!wGx#M`CWjugDcc_wcX33s6PzAVF+#zQ@V)9>#8#NJ(F`$D?%PAH&6I7oy!5|U;>
zZS?Zt5!ammjW&L&08vkVl*t9?kTUcKOxO7=YV;r=&Syk@F@qQ?Qx%I6BazE@BF;Rg
zn9TJyZL8USnEr=hG&S*ijLcEM!pEe=j9XwKV#zf^hMZW<1%sJROcRV#lqdd15rL~}
ziBfk{Oe$e^Y>NdFD~K1K#%dGvZzeRtUf_QEdbWz+Ui+40EtUle_f^k2-jGNcl0_)C
z>K@-?zG(MG6?7T0m8qY47JTrs(K|Y=Y`t`F=#;ga$vRoFn5k8uJ!O;B+kA~x6rhrF
z)VKARKg*BCiWp&AzM)U_zCRx@y<PACpJ8Q92W;N_NmJUstAEZNp{*{-BYUw&chl)b
z!2Bre_O<&LaDIH^)|&Q=^XdB?1wG>H^Y*o@BkB87(sCVxi_fd;yKgo}G}DXjpK=DW
z{5Ti7q?sz<)g@6B>!}WE|5bY3bqbMP?fp0xAlDR?Rk4kMjiu*EnNg)x<Cf6<2QIhB
z-Hwk{nkm$?ziD_m;T)?hb!KkdSWzC3mLU=-p02DeBLP`GLIW7ndV7O{$ympsY-Fdo
zs)lUrGCU)7Z)r(a9+fFZm;!CKA`^+oNM^=TRb1(Skg0cN94wY};V+6pNu5^q+?Jy<
zPk{-lcU0>xori=Z1;hBE%&u<TBOg1=mr<Y^GDtVb)17S!O|6Y3na=TQ9E^>g;s6~@
z%}<v@0zB*T3fTLxip>{4^2dhnB(5%$*9d&f)cfhE4QkM)*FjWu=DQiE{^FR?cn&og
zd@LL;-;br)a#C4)(aj|_^pwSI?xu&m$p_|MmY6KP`|i4zX3dv_&&^)!wB67B7UIpu
zN@+{|T@u&HbaTxg80S`1?TpR$Ba_GX5LkGT#Fsoi--D5BW-;H$?_2VR^_u3{1TNuk
zrSMq+`;WiQy~LqmNY-I;{jwB;B$pu?Yw&CXIGaGN0|u{1o1l6D9_&y%fd{ub?00;f
zV10W3x81NL;-~gM!NA^F|9c&0`v1B)ax^^bQPezda`C3S*vbn^@DRjtV2Oca5U_AJ
z)h=+HAPGtOw2L@AMTw_HW?=}h8`Z)7y{?(`kNC0*xKnFsZC9>U@O1fIW>!DhQl&&5
zuwM-QC4sy1q?Ra|fOchFcWG(4_u;V<4oagUr|R+0^BcY4+J4z?65hG)R~0CycYSib
zKBs}JMFx3k3?wk_Hl@iHFOiA!U{aw#+Z>y1niAhk4OLnfo=L&3Wum1vYmZVLuaXpA
z0A0kLJR&bQ8Ie>ablEKSpiYw`29U`dzP%I2f|)1b9{iRT2B48GBQ#4bNf}*t13x@|
zBCk@O|BPnO9@A+2Wyu}M8p~8tSsY1vxG|<MZe?h1Ry8nJNFFZSJx&$=L8S94h)iv8
zU{09GbO-~&HQVxNV#J+g?I1_i)1ffoE=`FwPD0|IjxKFLWS}}8z?jv-h-nH80jVT6
zl{t*!crh<#IIo|QzHU1kPtPc~@Ypxqpvmk}Ce%(JD^^;+b6iYlq`r5o2dCMmi~`E2
zH=N0|M<>58MW>c4D?GK!7+2&p9N*0oU9{&_#Ch6h9g-dD4!M_{Bg7t0-xhE3uS}dk
zvwz9QJ-92(7>}Z^(D!Pr*Z6BaFP*vK%oE{Utj^MSU9U}b0csSz%iIY17y^!uE+EgA
z%3t=<@Ed$~Go$LzVy=lP2Q^=m8%!JccXC80l~MpmB}1H%_1w}jGeq!Iq)k3jFgQ@r
zR^Q$8w2J}4l!Wy>MAwi^kugaP8X2^l45!|(2mps#FqOHjihB|izG-9%FYO8u#CocV
zff^aJbrP}+iFKviV*xkD_&~8qzkQF8f>nW`<$?mi8YXkPsgEQLGOdA9oa|skjNUID
z&`EXwfdjgA@J@S`J7#%dBRlpF9_#>?b#973E=8&1x;+gpCF)eBDTGg&h|YtKM{5&X
z5cHS?i((yHThH4zZ*!AFmdEr<(^5hE3BSW;?1$yXO{GO=ZRt}_roIy!j-){OH|nND
zr2KaVkSD5nN;$)@N~bVlv!#GRrW)c3ycBjQX|)v6(r#Uc0&Wd6n3|Z^aK3>=b08Jg
zNO3nDgH0z%Y+Zikv!VQyTQ;<Npks`CDJKR?v8d1!HsEqP3`WJj*T^9lJ9)?+YMbQk
zYG$%t%WeW)1}sw6UDd<b-C6!mX01=2yUaZ`ST}%V6@N68T5R8l82|M)r39!*wl#oY
zzbwpKkEA0)NSQ8^;9y5IVFNSm<{J<Z#h^Ek&GfjXF*^4@Hr<zLtN`nzt`d?26dwh$
z>w0FwM;ihfs1nsoNSBLCbKnL1d1N7lgw3oFhT{Bxv;)dereD<!SMy1vC802Er7dI0
zkoY<Q-s0CUJ1SSo_+L4ev6=?$%n0hS*Yw))23ENSSB+jhVf5H2W>F<@;cqJ2k@bRJ
zo$5>GfP0k>YVI0aw*)+V!?@*`z(}?D<S-SidpF__A1lq+7%IVBksA~VE8m#K0z)?p
z#Cb&ZDJc2P5}}MUmSDznV5o-lLhr(gb(cxkKQH4u)lw!tv*Z0TYoY%D;WKzD7YRvX
z{WjO_|6Za&f{6(?_#>v%>G3$5?j?8ecfZv;N?j;ET=}pq&y5o54R-%*@KGBTm+CPK
zH-sl>_GQAWZzOk>2bwgw{RQ57*=-K%_<>*#Q?h9rj(!ES1?;2ENJLlLwcTWE=1Zg`
zZnUWaAa(+<BGmsQJ01YF@-Gh^dJp4oV?Ca}F`YiGqVO*Yh$Q1g1?+M*fl6csnn+_r
zoJSp`&yYhMBhm78mnH$MHg$B?LMSKUO}`ChK~tgHf<5$TP#n#@nOUG6b0%j~+f3bY
zvA9c-M23Ca_pfA<Sf2@LE_Xvb1^R9Qrnh~tDq{l#A)zbuWusV<S~$sAIM@IxfpxQz
z?xjkN%(zV=Yxo1K_U`eh4q$bsgzd$1_2CPI#Q{2Gz($(CAM>l*+BYCOnbQ5a#n1BM
zcV(wfCDnH&^|uv<1;`KDt)5mjztCnh_pV9}xCt;d%dTa@s>Z!(LRC=G#F%26tY*-?
zs<N%fk*Cx)N#av}72vALa|wx^z!RFXUEN^}(YpRCR<S1Nz730a<-{i0U~9va4eQ3l
z6dFLEtW5}e8&*7YO-?jT7|B0^@fyj*4z)H$(w93<LT+v3=&D;PJGSxe1p;E37J*qF
zFlw71TZ_4x(hLeVz$WZNc)@JE+ks|ufBUN-hPF@)4bZ#Q0c~z}B}5Dh2k3iDb-Zdt
zTM6mcRz2@uQc%s2a*7}dBuA~F<t2BJz9m)Y!i8(U%gHq?rF~ig!Ksx3Rr``|tK|!v
zNyXJ7l+NZdiCtr36IbK(_vVZ^_F+Ay;<kaEYbW~sDgbG*#51x2<{5!Kq(B81rUvYa
zR=;POSb|%4abCh70!IFZtc2z-s0>;pc7hB3HPEDvu!N^CtPEnL(;YB`XMg+Js@=~)
zSTNAwKm@ZQHDZ@GepvUwP4;Im0O#-onO#(%+C4arJP^v8!9iehv3ur*c5a+72X?rF
z`E@=@e3bF;`*{On=-ru|M0oK`yUs$$Zr`*f4PS8*a2Ry!0iowKP)#hrA0;T|-sS3X
zu}Me<Lj>4s`ve@2EUea;RgDp@!@kDaM<FmXI3ZbfJu!^4z%DnzZL!KdXh~QCDr4OE
zMBpQU+aYl_l-u&XeLbz{$37WY!oldrzz;fme23(JYIJO&M<aEcW5qbA5+K@1#B=go
zqw%m7VRcrX2#z(a{jL41tN@-%E&p_TqznO~Fh?=h0SUqNv!*Qt7`(muOv$asKFK%;
zLtuzm00MOg)aOXZOC*R{6nSqTiIc%)dWD=yt0Xq^ilQ&Ub`4$&rBtW|q>(e@-B=8E
zWk+rSbZWy$MlsfbZ9n{RYqRJ29ltcH_@dkdHWHbMBo4azyn`&jdc7U$8uepLjxg4t
z89oHk^r-QZE(!60vdatte3t~fM^ndFY%IuFtuSWrH7Mq_DyFTB6E-5qA@tD47}`*&
zS+D=OP2!5p%Jwx7UpZBn%hR%z_Ko?9pA(R%Sf}FmJL3KAbkL&vit_%fJwoP7kn<JG
zbyx9KCm{_Yvp<c)UK)A|7C30jWif|Yg$xpP@L9`8)W$bB1Sl<=&kvq0!|;G0!VMLV
zQ|)j^aJ9Tk_U`bGlVI4gU&{rETFf7uJcEwL0V*q+!)i-}dx18N5XUnD8Y3deVzJx{
z4J^V#7(XzfWX~IhZ9>JeKpE!{jrAu3Lw+9Oe3O7IZBv5kQ_BsulSv;zOrHejbpncO
zV?=NB-&AamlXD%DGa!{)Z$-*R(bJ~lqDLL~SQ8F66#Oh(9iJ7KH!KU@Z5y0HY;@a%
z{E!aw#xuw>Iiw&U(dW$Tyx2+(E|8hT>4btz4ylNVy75uzM_PIjVK)L`gt|=IrN+?x
z?K=s8NkHim^i)lvm$*`38|n<*jdB5mT7jGgV_zjIx5v>7;A2GGa-Dd%LIaF|3EvAg
zGwPSeq^H*s>N^ioqaCjHi=*het4+{L_JCdHvwY!68glKHyfbwz_bB^T+9c{J7ESmE
z>S?|vt|3A_R>UY)11iu5DPp0FM}eVtfqc8$Vh}rw>ElFtVnzl6x`!YllUT%S143Tj
z<uN1zNPv;32>?x^5KF`x2Xuoah9G?^Hny6>?$LAnWAacRh7Ztz3#MX=hhPCN&zy{>
zh=(?(o8u1CK5~RLXM7Ryg*?Fr&^*7@neljBZil^>$%Y4N<~+Rmd|^D~YV-axhb30!
z5{t9Kb%@O#=fKA4&BkG9<1lpYe7l9yh+ZD|0B<;nQ}4=te(tu^{4ZgU;N%4emg5i{
zhaH~dRR}Jdc#{`~W#Ge~RRLV~_n@6u?7HLJlWe@?HoagmngWZkk7&#s%#z55f4~Ai
z+2c9g?0@1B1brChXmRvHn=_x((_3+nJy*p{A{K=_l-nJ1Utd7Y9Bk7cctfA)XyflX
zW*3NLkFG1a_Z~yI9Xq3)C|n;gHMu>dG_=9n0U_qotm+)RL0wmqZwHYM9;vnKiR2#N
zQ+rpBjlMlha+`|qf+>SO2FmklA*GeQKBTp84<8lboJe`Yi_pp0Z=O&+<$Ie|un(E+
z@OqH4GC4ByGCA^mrMlm(dvHCSQ&YBlH~+IHdg8LVGwD6K=llMCBeZ!X%DO89=Y5Nk
z1Iy!3@^+s+Q$Fe80KUH-z&aZ*`qz+C)<SMc_qiOsl2XgfYS(Ud8_Mo%WdGA#3wam#
zYdw6UX1#mp+4V5_;e)2n>FzMm9|_4*^>P2&wBxDGd;C0n8{Hr1-=XUU8NZwwwqLpR
zp6)Cgo$2B9I=jqkG@Ie&@H)5*8-F>q$j4~)06L}ESzzW5Yo9LS2j|cO*_eIfp5vV{
zq8r4)KY+K#iEfNKh||x=9%YB-*nw#Be{ct%LBGx(_naxJp14z>cj_r^RBzJP`DS+&
z#c>%1J##0t;xk6w6SJeTqU&ZyS$`V=ukHLfDIy;o>1Z`6fZw<Mrz_}n<FH6o?6~ew
zV0l&XtYXtblQ!CWjyg9M1jLAkj`HcGLx>-damVnj&?>Jm)yGGC&xbBMDY>ppgU&V>
zQfM-%cp#`G)gRd$TvVdWxsAkzoS@jTmMANtB~9%^WSFt1PL~u=ZmxP~@z%xr*P2Er
zG7GiWByZ6U2A4ZTdpt7ZU|{1%D3tcok4QDZR{Au8%weaN7mka5CAaH-6P<0wxmoq)
z)1*9T?t5k?(?}|F=7*vh_uoq=bFE!zQSI06L>HSa-#-RQpOfb1;g(z_F^iuR8KX4U
zu7@wH+3vT=G_lO*F7mC{XExK-shg)Bm$MHp_^#UTi}#n`SS=my*Q}kNmsLGJ&ugup
zCw#s~JiPOrmvbvS9nFTi*R1V`L;1mKx0#>8+LT&vcTbs*^j}6W-`8Wxi{Gons+b?b
z&*$(U!ycECM!JMUkNwF>L*LDZ=7ucSsj1~0-G-RkqCiI)++xrp0*_!4iwu52*{Q`l
z=sQMEvDq2NJBv?f4?q24rE{cikzUbG@lN4R$xabpsoh-O0$-7zke|R#iJ#O@Y>(Ja
zM30=^0{m(3V%%x%ncsrk8NRc`%Q^F-Ww+?d1?)SK&f>|b)RU@DMvtgorQHhKxz^*8
zXWDl4%lW@2fiHhwalWe2$F|%#u_s2JTJ*<4U&XvRsrPu^Dz>v}7NNL#2ToBX=f|J!
ztRLwA`&mA<3d}U{+pV<!?N*ZhFFsZ?Lp^6l6BDQZ?p6L*o@(Q7p6YYlnXI41Um@%u
zV;eUq73+CpO$snds}MnNfR@Fa&d$Y|85-tBS``x1IdP)m1PrH;c*y}^EZBGdTYYO7
zdTw!uh|r<nczx0l;R>*rA&gm_(ze&&J2JED_8pELw^<%$FSi3|txm+qLol$9)<>^@
zd7=<oU{;mIXUeWLM;yr=YlTYt3q-;Xpmv;zi<?UzIdEAmJPI_yWPcjPgK~l4CtJ)Z
ziZbYiHO>(ypA|7X&Cd+Z(=$_GJvc^l2Qq8I%8wMtFXy^=B&eM&72`@-tTOGd67}02
zorOyGJZ;(K9*mYCJ4Pm1_SY%l5~Gbyq;x5avN|w>6E`Qis?lXKnX00@VI;*<s*h$q
zqTSuhO3hu!IOjdJ${-;5`r1jI?HKCd>aYY16$v(CK|&}c#3k#52|82|m#B&v{uGLL
z|8u|}o&XSajGl<~1Q1K0ff=Rn)#6dP7t46(MuW0uNBB}kG-Y>4M&9Z7Df8L4SjX&B
zr1WBS#Y)#RR1Fu8WEd3<@JgKqU?ZGTlYmr#tH5Q-I)c(W=mFI;=vRw3-jlQjL<uDQ
z0m}mYCdz^q_LG1p9GW3RW>{@_<8LZdMI55&OjK4DNM48KH|9UDAQ2fBP#LjiB!aC}
z2cvDFpejlvSYbxoP?(3X1xB_?QWQYI&cFbzf~+GWn~<;&Maarf2Ulm-pIlXCJHQfA
zbkIQyU_ibghHzN#fUBWl4Uf=RYYmBr;kN*kq(;t4T*xM<(TB)aB?-5&L}5-&o`KpY
ze&HWeYLkRiI|g+i6&J{dZQAgvRNLoeFppgVh8?KbEO;K1whnzTa<Bi#Z5G^nD)R=E
zchXnU?@n>*2fPU%1p28Co4$LH$mbOG&aqkh;B?-PHE}z_WUHhxbI+86hJWH!{hEf4
zvH8KDQ|+sL=fk@(!NR_B`7t^9Y)w@evP%B(=f1<rCoj)TW1WNAr+4DTBNhVf{wtsF
z0dY;eNp#}e>cQyB7e~ZXtQWswk+|m>nByz=q>tNq?ogaApP2hh)0<Eo$@6~UJEv23
z%iHmM{(!p2!sl~^U5>zrrA!9Pb)K^1tQ_l_c1zqV)W%}w@%8mxMimU`pJZmb5>e8U
z10i>SpjD@5$4W9oXCEe=9F!CPoC}GDW^M;4t;|z0n@;|<V*bKB%~r3<wUNlA_#jWB
zBTrc{CNc$@TaGjLA5|7<o|?sIRhI5Hi|FA!vg`$%Ov!(5+?NxJsqA-QM;NLbH0RC{
zt>=UuB{d;B=IWWU`7S>N1Mcg5g6Kn|^P%-sfUsO1_86QvTVDHP^Dch^t}9^mcwU0V
z6TiNiy*7-(_}Ef-xW3alerU#X-Y$h7(D{0o9Rd6tO{-f?2Ya?iJoYp0jIwHTv$!1Z
zj=hTN(QEhK;`pj+ZE&Ntd0lN!OD^uKx2-BU;j1@2PiA-c*n2;o;(R~u1dUI`9Y;UR
z=<u!V9<E_z&BQd(YVp3GTb$23zvP~xYkNHIuD1?W=|4Gd7xe~8+}wHq@skbuzhdDE
z{6s$%ZiprEh$|%mosm->lLVNATjF($*~Sxb>LmiC6DjYZ*2PT62=B2xl5ohtztvX1
z{|8bL2O;d9@%Mju>X!@szlF`1Svc#tI@$jB9ccC6nbK=HohEm#W>Py0O;qQhu2KTU
zP#HZK5zWbx2_VLuTRFC6IXPQ1GxrFFnfp<~5RtWrf%=9-7@*R^(OB4k_!tn0;i3t<
zSp<kE39k@$n`g>ze;pE;U$UKgAJT7TrZQUd8{r7=^p&g*a$;OpX(1c{gXfC<Q^QM~
zxmt+K43)GZ433zANh6{S%pti_mpl(V24gie?TC`tY<QCfBb*ZtW!C0pXeGRUk($PP
z_1QLOrje~Iy(K0w?t%{%sfcV!%Ci`rGqLL#>T$Ls)yv4D=*RlltHmr_sWJZ|deXH9
z%b5M*YT1lR4qOSaTOBp0V#^!@3!XL(Xn2;*jD(ndia>qxOD}l=qnqZE>OX}4MP7hi
zzQWSx2D@m_%pq$Ea3)P*Yf7_uG24z;S_fw`OTZHPg0L5uKRWVP@I$em%kwISuxltF
zrnZ$6KNOrLD~%AJ3xj6nZG~WW*f&8c{e_%dmccL(Lo5t4Po7C4ZI&303>FgK=gdC6
zO22UBe3d6ZYCtxw*sUv6ymbDcRIDow2E=l00D_fl%o~NBHNtEVP^A*aiw{Lr8JR)g
zKjH3&6_7PU27qptQ7(8WOr$E`n^$ZYvT<vWw~TAdf#*Rx5*?XTDADw{Oo$_djXUw4
z#8rB=6p2|8@-L)HY#gnX7hj6>_^Wai&)}xnKTRi^pq=fXV%m=hh_P9Y(;mERYyN70
z$uZjJ8XLh9*#<qB4mYm~*q{%|WU_~rs=Z_p%6U~Ne6GDK#HS=n1A;cnX<!qc{6yI4
zLvfDaIwaUz#cn7b9JDtSPb}$8fe<K8i3DSW+Q0bfPbUilPD!k+-;C;lEF8KuMii%Y
zs)vN*KxEJAuw)vFQ>DCgwJgaWxG^lqqFz|;)dv%ou}uk8w4_L(d>BqTCxrOOfVkwk
z(H}7!s}9wZNI{+|95lR8tytIA#)SZv3RbMIk<X$&6Hy|W57Us^BG$=KFAbR-q;QON
z6svwsg&M04XhCHxTLsdrGvl~V0v=F_gy-9UGyrE=CX`JP$5{|Ud8wh@+XcB}q7}6^
z$;Fpra-oUvob$o|Nsw)Z?hiq5AP|_FcZSTJ;{zN*z&$1$Z#X;qh=g!?hKd(DEZac^
zzxcMIVhhjQrJ1t*jUs2ZYD|xQV&FbI+j_<t#RH?&qoTEljgA6C{W#~PCMkD`;a<+Q
z@F@5St9NvJyP3M*Y1ZB0K8UVk7K>lOLz=^Lca`u5d}j4eD@n!7w)epSd9T&y?Z$fx
z`S@^O&rr)`)V9Za5<U7&hs{W4iX6+*F4$(guDi}p;P&iX=wN5zNmctlc`Zzj=CaET
zwVw4mQ<u7f%Z3c{v&kJXu+{FCqv?y=kNv((VEUGBu9wQlem(l$-p4rVG%op_6B(~K
z9#3~ZC@pMwIm}E<znbfTjZr<0CTF+13_acrujlpt_Kbfiy1^Svkk8UmU5ywAHTP7q
z>zdA}tAuiC{55yZu5?3#%r&DPzJ5hET6HZo%<9Lyyb)_R*_hc9^KV<snloEmhE-e{
zxw)G>SNwdy@p#qrJ%Y1`wCJhAyy@TwOFQtU58lWf$DCW<>HS~SEYxLYQ-CbCsxm&)
z&Z}wT8@m&X@o^k&#z+dxxhswu7(nCc-JF$2BdkzWZ5fZg-F_eUrMdn;^jQQoa`^lS
z8`&x4G3|>bD_Mfg45*d{rB%^dSkaNrSQSib>e5%eG4s>^!SotADE*jZPo~p@8<REx
zF5TjDR(+XGtn{(Q|652}2&l8U;Pl^{tEk3i-R2Ca#olog&LK>E9vK<vuNZr8h4HYz
zvlIF_iSNm&wW0O-C=;6qyW7rbygZ||N=tgKZhf-rIe6{4!iMwxl6EuRD|0_QLXU!?
z*8CD<yRp)8lzjJnE>kMo;wyPr$V+p(();d{>ixd$@LMl@9_Dhz+tU6s-m}!f*<AiP
zaQBp#S2pY8v@`wm#pdgC`?AxT?fGT67^l_-pR4&y(ACIrSTOr^ns-5Vvvnj`9H}i=
znusk9`<M917%fBQI3A5DZd2fz1X_Z;J<2(O)R<C3^qO!|0$w7XWM2H{XAchQ2lW50
zyOWg$Eu4ROSeL)GH_`u6cmIcB@Lxsuudc})MGd9L?Z(!%OykPfwm7^cdL1RDdffpz
z>({^4X_~b0$s&V%*Wa-|wK+Xw>S~&UA45PSK?^}OEI+X(Z(RUyVPS#)=|v$qAI7U3
zDOX4km?{X`oLsFe`HyRHUDbO*_w_jUW6P<>i9MU^%P!gmgut6TZ5Gb#Dgp)|f2fW|
z^eC`Yvt`+MzK}9aXauGV+qJ-$y#tBv@1;=|TugFgrU>y83oNr@VT-nHVX5j;8L{g+
z%kv*K*x`9|fn}+Yhs7m2ZdWk<tO9ueef-JMAivbfxe0`TuF0@qR>a5*?pP^9wANOn
zU`V(m*Tcvl?^&`Y51<GR5PL_UGLL~1guK(VIet$9#yL8149RiGWa8@dU<F}sjlg0n
zP%@6-y<aPO>~1l2NH8Pf3RB)bjjS`A5=xqQd~st6$%X__yK#J)Y>}?>J1CROnm0b)
zKIt62r^YAF&7VhH$lUY7^eM)#TJ3>H`i>&Py<iBx)1K%s`XY9Ot?|0k$Io!q)u4e3
z_UQ^ypuStxhS+0u7hBp1;Mcw!V<^ULP{KVe03%vqemaaj4-91QSj;u*<uVb(Zj-D7
zUEo$VtL>gxKt}G-xhVi(uXSWs3ciaE<k}OMyInl+mR3y+_F1;@2oP76H6IwvhBD-5
zpoSJ3&p%UExtbis08Oh4UqLfLdH6GyFC%HkKb}{o;}@gMiX{y;oinCzvG3nw4{_He
zr6pMJFyYQ_&aTBiGv({i4cuj9asH7&?%nDos?`)qCHgnD3Y8A?)@UxI7_ELBVrnL=
zPN0*lKC(H0<H;rye+QC_EF~oiN(zhCDP?jb>lwGzSS$osD^yaKoven6b6G`~O{Nvh
ziEXcxMpU}|$tLZkGiLm!n3dBlyEfolHO{g!RW%xUGx1HfP)*U}aBp<*HZX2JeDkSC
zVvHMUy*3iXdgh0CxP1AXZK>6CIXm0#2k6DrrVDD*I<A~|0=72C_ERSYc9)sUVs$!v
z9GTvZ|2W@G&Z;$4&4|^~WMgi4Apa~m*<6LXtwb;XxWBHqZ-w=~UR}SP*4!oF;?wJB
zn0t-aoV>`z)q2`Ljm3O?lDon6Y-niw3Zsj}@VB{ttgg57Zad*!yP^ByD;j?Q+_67f
zQ^6lVL2duM5WPUP23#Dq*#9DegCf5E2QMp#On%kv_q=}omWuydnP}%|{2y`8f0c><
zrAEwK=lPEs@%ri>b{_~{#tF~OA1x~LQlU@zOfmrpKND~A3g^<H)oW`j$S^ulH8Wma
z#KKTCqQ9qLUca!}$NaE>`&W$^4lk3*B4fE96tNGEg>970^Sn_h_vinUBf6P^>0z9K
z^!;e<@PC?ba(t5j?2@G%6UdTDOD#SY4`R8q?(X#^TauUFW$V#XxFT`&B-@%tbLfQ9
zPBz6Ga7H9&u(9y9FjX*W97}5)(^Oh&W?ZGCJ!`RB&FG(3Z(y{anJ!7=rIjp2$M{e(
z7rj}3nc&z@35&MkCO1r31HPH_aHS8(I!@5qq?yUk=Ji8viD!J6<3}WRW3;ESZ=gyX
z#fa1FJ5_Omg~`AI1MC!<9rkY%DQ}c33*_EL&w=F&lZ0>%i$^2AlTaXQB)GFnhhiEC
z1|FdD6CD6ba3-61p{xIm12uFP;9eZPuL2NGho-N)8AI1dguZ2DmmA45+C$1Ht7mM}
z>>o9rCvS~19-qDi{nvSBvi8VyOQa2Nw*b=vv`rwz^3ADX@_+dH##m9JCfj4%wr$(C
z?y>H%ZQHhO+qP}nHs1X*FPY5zm}F;ny3_wU)wR~Hs<ncyF}h?|lG9*Z$H0ichy-KE
zS5eI|90(mU5d#P(AW*wRsAYiGSLwh(<FD-M?eQFl_RsbMmQmD@>5A?+$CeS~^0Z-(
zEg;FMzIcu<Ak<~sH7Ax|RaWYQDiz;I$5;_+QXZU>Y)Q1U2Wo|C!U3dM0mfJ-fu#Kg
zYK3p&c@sXG$Ew;!rLp5YldcqcBtx>C@)}gHQUa%|AllX1vr+%t6&OW#;2%n`onEL?
zC97yqMZIQgYoA=};N019CPPup9ai#8d+fHI(Wl%klm4)hwzYt)dah0HzR^#?WclRH
zg3az67`U=3mp{IZBy2sCvRX=e*gKD1s^>M#4tkB#Y&E{~;yf`Nn&*Z_Zs<(u?_fN8
z*juu=yNovq+X>c(OdXY}p91E#9crk+XHU1KmterwF}Lj7<n;$S^2Xcp`*N%CxjMTt
z^fXfx>43BNmo8y$PicX&!>TN}4taApEh<#EJAK?C5{tqT2WM4bBc=7H$WAZjRh1TY
z7FPD9bFvS(WPi~CvclelWDL8=$r{q`PaW6kuq0_!<h!r_;-#`bk#t`|Zq`F(@xcx#
zZc2$EBfIk!in3-YJz|n)%##;96=$f@W=UkM(^Ow{pc)mxV;5qN%jgacw|&E7s;6b_
zmH<m1n9qIUb4Bg==5v>E!V3Hj70H3W^sgIm8SFnzytC(47;;g6{IjgLhoiiAJ5$ke
zySEVIVtqONIyRkK+DN5_)%*SuTf}^6Y{o0C{7p`j_~Xvi{q^-yy!^O&)5VU*=MuR6
z_H>w`@F<{f`MxkG-8ys&zrBX<-tBDsTFcMZ;pMQOxa-@7#KBk*<=xiOytQ(01ve!d
z!**>&zw;H|`?g&P-nj^VquuHG`mLqzbNzX5`}W*PJ~NLm#eRkjqYM11E`47EamI)u
z$hZ`qBLJ>QA5qB15)@NlWCnsOZbacf5+A~_posN1{@#}i?0?&TTrVhK-~Ds=8)F0j
zApSqVhTVUo4KEEyFYM*?RWq@d#<{?H@tA9pAj-oPFwtoa;yyS?9xWFX2#`P-_?Wc_
zl1ZorW0Lfw6ot?tYpGZaprloyL?Lr?=}wfCYtdG7O5Rp2kK67)EuM|rR<9Q~F0G%x
zJ7fQn()Xu((fiG<=k9aUcgAH1kbge15ptn=>`E;@9LUBEBnZ&$&6sH^y40{{cZsPK
zX`!ypROp4{@<dOILou9$8Jlv&@w3ePOUt@pc}{JM`eW;HWpfv!7Ul7VDfO}!8F%Td
zDVk8DGY>Z!)3QgsZdFpWX0hgN*-2yMvgUn@mziRBU{S^_t;wTUO<MKk@mEiaS9202
zdX#1l%cLcAy7%$<yHvYItxEKlR>X6RcF%pqX~etB9lbzzd}Y$($Q!He7ASY+W4cl&
zeRD->Bq{C4SlPMOLu;$41Lubo^~xEsN??{3_Bh4qMrGu&JIBaG@;R2F0(>&nx(ucE
z<cy#iq~=V;wr=I=X=&u~y40vpbHenh#k-~!r5@eV>63-e4u!hIdmNOWxD6sxL%K&#
zw{F&~I@)CvM~U<>FX8br=VwH*QhES;=~HM}D_Q|Vid#$4Y!W(pNqF-{evT>#X+clF
z8N*SB95$N{r95({?%3+Ab<W-sHKYY@<gvC-i^k09Q}D2d8JphhjHshK&Jm9vEzULU
z?*{h#2^Gd-G)8u?<J2LFX=U=eV?(iMP;o~9vkAK8yF`0Jb<*TJ4X!uDih2dEC;DXT
zRthEU$*dp|rDemi3@j8e?993M^3=e3yBFk3T$4k+HpGZwe7g*%`h+|+r8aLVHXxLm
z4d*8R9jZhq7gqwB(r(k+pGQ;&$?OeIh&iXp&kVQ9D_LDHmwFuhh+e9-=v-Cm8_Iq%
z65Sg5AEs7zovJdrh}w{LH`OW9N<*Yd!!A|EO!eWm`@NRxO2SaxVA^^8%kW(Lk7z%)
z%0Bj5Abd^Gn-TUQJ=%YNDAu{``&7@hO`!3qfM(y<IWqJjTos%ODczZ)k!rWbO{<PF
z!n5SMe0Bfq@lL~MPW$D-jGbm$A!|ZkvNx9X2zJxa**z%A5@tWyjQo-p6Kv~*E+jS(
z)rxaAb0MF0*1Sw?1w7kgb8l>+GHlwea9>Vih!Mp^i;$71&&0g(d!{}Fl_orw%gljf
zsp__qO$8ia%5XMBh^kN4o(#a>+js#1?BUZW6Dj63=bq~If<<#jau)RsH&<3fM4M8=
ztg^a~Q>0aNAR%_Bk~7yJoA5GnnC`{1D3=%MRfMl;!$w^hCrIhct<13F=X#Bu4!Ns&
zNG4)n($NL9A_x~%Yir4KcNwjeL^s#wL(?<&68%KHSJkJfxE#X*!e_}dcRY`r)`~gV
zIOLuj^dq6VOFAv?@+UiGZqif$J6031t&)-e0@lP5OPki}rEbb>6e?>%GeG-NZ8#U+
z0D7H)`=H~n84?(a%p*${lkvko$Y{~vRI5C7yX^<bJu=o7vI99GME7`>Aav9i-84i+
zag3a^RxC}Aqj3FI<(3f-Z_8DSD)}A&1UpNuX&nN`RL#PLxH`EU7#D9?q?J!3HnS^j
zcPN5Awk9bJGRRSN*EgQ=I0*hA5^lqd0VXJUs6nW8ukP~tRf!cylChcCwHiAZ15s%5
zAV5Sl2&w*Ki51i<55(OMZ)x4q`c)|tK(Ln8=8OlRbO#4#WiXORuudPy?m)yvk^|))
zN^~G6f8%Wdq1oU9V(|zz3mUR@EP(!h6^Xw2xgnW|)ci#5s>Xaqs~)Al+6_7S>TSqS
zy1R4XiRw~1eQc5|(q?AP*qZE?RuT<-0Rg^`=@!*!&GWzF)#U4%5@!KhLHNy)tS<4!
zmk<zN!?eSMPeI0)o4^$af7n6wN>z~NizLqSCHbPFx<ncr!_gr*yk4e^L(|bdlIli+
zjl!FV6Cn4`L0iNcV6RJf2U;(+?rdYv0WD?NKZj9da;WO?%F-eq;(;C<w2QS16vM)2
z?8j%6lQFhO=$F^VcFdw|=LfrsNKorUdg;=)V@M!tn+fC_Rz-$6_-1U`4R+CbCDw~e
z7+O0aCOTByyrpih)QjX)8hoOyulI%U_fs#moPFG5(~dT+e9}i+;?o&@+EMvjWn6K+
z97{%=@?E80G)cc2P=WkpyFIb-m)DNFy(&jU@Oj09;V$D-jd;DZ`9~5zis+$~x-jHD
z_F>()l=rgcG#XN4&8@m(bCB)wEx}xDQ?2wvYwDAX1H&HO=Q@aqg6=fo&w-+K<_Bv7
zpw)?bxSdy9ElW{#!3Xu<<jA{xWLonbOIK|>{BPitOHt;P6>*A<(Z$O1>#6-$2Q52A
z*VJ%hu7fJ;zX=^1@Bx|QjK|2jkp&|$>2^hHCBUElnd_{=t+}Y;_X-)QOSd476qGmW
z41QsOlk!}|wTBqn4@+8yL%E|P-De>3om=gzbGwl2#c=vRr5SMzJcw*0Ts?Dd*8tF@
z%lHB0u1d8)7T|{U#7Ol;D77f~o`sqxv|qnOP1df`FTX$Y8p6xlo+x8UXS(PQKxkIr
z2(S)qfl8zi<znScPw4=id4#ng-TMR@<2}IuJc-SpHxmM~zL1S0fdm!W_5|(jh2QBb
zxtSyO^jT)^vzuRmu{1!^uMzYrHbjPbi5amEzfF(d?J@Ln@@CAe9DJQrl@*J!oj-2l
z9AeUY^)u{N&oTCJXEG5dN{`_yGK(Nhcj;+BBK9Dp=x*82WhPSGTTyi}7Rwt)vv2|u
ziwL2fw&4Y+s2ts3<SJ^KF2)u$j=ssPz}ceoZ)mLWP^^=>2BpMupFs?M3Qx*=fG0BY
zWiL%hTgg~E{%MGhVn-Om!C`Pc6$bVPbnMH4i%&@h>@;|JGC!cDCx-)IOKbqY;(fA#
zZ=;^F33LycBC?IWhgk=8<(6|BGv$(!hh;31vBnu0IG5hMMlbtTI3S_C99c|q?#WGG
zEHELoa5Od#H)*pF<7B}wPLL2X6XFOn%_c!(cwJj@c_i78(>?oR!Ewg(Ey?&doJ+2R
z&fyGc$(O5?%h3^Rmw25G_#<M3EoX5pr&}z_v>xHE3biMUO3c48+9#1(Owtv%M9(Dc
zo}kE?7BFWwvQZ?^O3>d3DyxxESAkQ(tWC*}8eQBZMc+mmN<l2osHWHjrwJ}IF+peN
zCP$N%E!fCwreV+|YF5xA0DaLY#k|}KvgA84E%KgdA;@lx%S(fC<dy0JdlAu7=}e`I
zC|oLVd7$q7HRBpU)eAzkOFiBYbpErPLQskpYN;?HLqfIktW?dOe&Pacd_)0vFwKS3
z7f32)Y0V417d6@nFxo1glL9A|UL#f0D_=ZF+>Ns<Se->J<{otPtYqKh0cl7D3*bVR
z%&>cI@|4xZ5}&s+AzFB|n4mIPcnZc=IIv1<e{!ZJ9}CxdfZ_dmBJ7&wK{Ipv#l_XX
zL&gnzOR{;h3Yn|Z%B)P>N)vy-&X`-}bX`2#6yG^#c>0Sinl?bCf!b>y4Hq%M=qyxL
zxq({i_(nTkI%T&c0Q5|C%7mrrRgkZ_xK+Z1bqgaHyLIpZE{g;gcELRxsrG6cRMCRa
zui_4)NE;YnZ!Dzs<*pN98<^!BZm!5PbNY5}ZS%|DK9BPpjzcj+5&Io*s>~+;{br|L
z2&~9lpH2H;Z1a9yV_3V^M73b_E`}TC(VAb)==S{c3cW2nU62}sdwOWKxT@jvD1g)f
zw;hRx4PEM4G4P1Ka4i6}N>hydk{tZ9@fCIx_s@=OjJJx=Z$j#lHoDDA-pl@2gW$Ka
z?(gL_0d-0~21^;bWVFjsbh@=#I_X4c1lk1P43*VtU>8`z;<7txnC^`+!%w-2<`#If
z8Q%f<Bty9FR98ar{^sTN!W85Y`p@#Jo!%|2fBl%}T!1-19K8#40}*7=neX0SQ5J*3
zeGPF*d^WrC<{SN_6~2bQINPlyiE@feicIXBC+At1+%2p>=JVJgUYBLC;0~GVZi3{n
zSXa*!@Xr>vCM4ZUqh6mrgC_o>pgJ$BAaO>8Afs#zFsB;A^x+rsMM-Kh+#+AML5i|>
z{$>0jV1-4TB6|y*VekduEqAdC;#b%V@b#=R!2`Y9JL?zE1-nxOz;B*TM>dMhn6-9g
zOjRl`EI%b{5ESQ;l|Au^<^>QOH~8@n$pa@m>(7AQ6NFgYe*?ecr44v`?l<^}W4<u9
z9Q-n%Z|GvVc*eizlLJt1RNSCkJX~6y*Ry;^{1I`nOyQp=)~2)m5sV(Mw*ttVLDuDP
zj`EGz!kFAhf}hP#)O7Opn4x6w#Qu#N;adan2d!H*yAqZN0^-JB4rEPJn>;sR#PngD
zR$xqL27FkQcrGnKUKdeX!nGeOT=(C}RF2nKSrdl*sSEry9?JG_YwE4!w#dDCy;N<E
zfst!}b^5;X58?C8=eH`9H~#)Ab(K;uJ{)wtlb^wnHvxYmZ?-aaAL*@+a1tUJ4Q40B
zk?HQ3gO?2Hf7r+Sfh@W_Osa`}om%@^BjLY!5NC0jn(ZB>+=aSoHr(RsifYeR{}{+r
zg%)8J4fQ3<t3Q;zNWpy})^!tS$C$qmoy-60jrRPq1o6wVaI@H9xk0v;puv|7Nq!ne
zDZf;|T{@hfOyF%y?5oX+Sxc8C4En;wWCZB^N5P~iD&15eBeqHg#5db}2~rPGt_~Jq
z6RCi8bpWkL>7LLq)@2cJp}I}4p<sk>V~{_j<$3MA<rzb4l<mhpns;TAzoI_&dH(V6
z2&)0ZHU56^B*ECz`<4&*KMM_OC;iT5t1y`+gNdx++nn(@42KQ!nABtcu={He>+@em
z=jWWd71rE3-RGwq;Eq>mE&CiQC81W_br))Qr*6dhWGRqLe#bm3p50BTih}BfvUfu=
z&P}cgSglkXl!tws)htX&#o3ql)VjNkarbwM;?G`T>>1@@<~msi)0s$^Yw<&<w$=`F
zYQR7iVLdIC^>i3;w6krrWA&0U>ZM(;R<MUv;c+~Pc0{liX{gxcX7r`YGqG0qSV4)h
zD6Q%Gz#T^;G(uAIr5oY@ClcjFtNMOw?slMH_F<^xlOO7fY5qY|eBPK;qUZFEPX3<C
z@*>KApVM5hJ<aybDe<`g<#h~^JA6dAKapzc`Hs%=@-O6mYK%Yi2b?8>YO7ctTFtIR
z;D50a_9{yg_bM%X+g5T1^sbM|Szem?Jow1hujAqZHfqV=9#eM9a`;Dj^EY1?Zqb`S
z`;J?cDB&M%FA6&fp;nG}Lso2I9#8G~;DVnwu|CNl&INi&*Ec1o20pKizPJ%c1MnIk
zqaQla;B1zJX6L>g9YwGnZr99}e^;_YtkxcJbJuX28E&&#_U9<V-F~UVdo%ZT3k-wr
zd&$?c6>`9yJf9+!;-Wr#Mtt-dT9I+Yy!rd}=92ZKJNHsYbo2C#GF<62Z{hU2Kj$HS
z0ih1SJFZi?QOo!Y=HU(nZeR2F!ShIBeJR#;5cojnVih#z-jJieH5vjzf<|(O-sGKW
z1I*3eAK(=QuzStUd`cG9zns#3Wk|b>Z`bfMj4z+$zN3zU*K$eUVrjQ1le1iN2+1WJ
z&UD|wnE<A31w226=Zhx+wzO;O`5*E*+W5)TQ3p&;Ew1F_cKW&?Pkzm@8x)LuLx=#5
zrt`iZCHheIu@%s62R2#&ndA#_0o{q?d>IGiiNwg4kFy4TiLhwx*a2TtiN8embgd42
zVs5~<ru)8^A$~dS_-zk<G#du{u0tSwfsu2T)^?>{Yy?UaEq&4JMZs&J)iSQcIty9a
zJWIDJTms1&Yi>GS#Z{BPx{YrEZ(-bi2@hKC3Z}Y!hJSXlO%i#f_$d)-HjV>6Nnxn%
zO!X)EWA0M*Po+De=`{v*8<r;gRj0VAhh`jk8otpnO!8(2YJIWxdjY=b&6pJ*e^FKt
z_8j7#XNkX1M6#4JaYWKI(sx?<Nyxh8Cbf|^uZ<@LhuP0LniM%Hp|5&}h`?WXM1G|+
z$9oIveTP#Z#%KtB!N#_+K3%U8{7~Xde+AtQ+^M9_bkU_=e4c@qYxNgvms*ZaM{E7^
zy1wPdWBi=qs(yp96zrwg4n%03F$EtIC(S_I*5U7bjqt&Z5Y@i8gs{0;d47p};dPE?
zjXOq7Kk&6L`kK(|-*)5O1a<>_`LjC0%U`kSy$l{r6_dAL4+0bi!N1i4r4%Y@P4*Q#
zSQk6IP$10*gLXw^@~I-XQm%SXzr6W;81y$@f^7DAz*x2A4F+lbz{*WSq*E?3U&S-o
zYXrmApfcRGuvs)~gy78r^K;xf@giH#_mw7ZW%p@e`T6s{aI7w)L!0_vn(yQ4!HlU@
zh$(R|k>+_J%$2Z>dG8sDoU4eg1ACfcb~qNn2ECtnq#GXf|6rzw-Z}e@<veX4BzQxF
zMO4D(RBuGBnwg-)hRWG$hRRwA!HbHPP6YNll57IBfYzlut&VgArj-A&4!E5I<0jRD
zzpCzY$$!-@g(WJ12UY?l+4vgPJ%78SLytTmu#q1XPzd$6#M0mzJ3M1PwG8A<@CI2E
z)%Ps-^4k3UH~04YTbv55khF?A+8YbMuT|7h7X~Dzmg7mv0}{Z)LKh@%BOLbDQV-Nn
zxdV!}rUQdzgn*AoPFO8=ZJH%hNH(HwA>*YW%NlM?2JdW<VII|A#5!-D{f05RhBbQL
ze)WD4&YUh;%Iz33c$@Rt8|yfu6UO{ROE`}R?WiK&#mqTtF70B$W}0Jire*2yWV{@&
zf3``Gw^+j^c3{R7)uUvzdZ;q$9r8mJMHeuy7zlnIo*~;<9wQ>W3+KeB;HhX*paw&R
zi_O92S+uQN@<({mY9);+(~x=*WzLg!t7eqD+1M23Y?MQ|d0CBG$ug#S!KM<bdLfIA
zb_4385Y`*~j34qt(pa9`K%TOKczw>b{|pI3HoR#AJ;<a4>*Geestoyl$uAB9H%{s~
zNb~YK`K61hdP2>7wSve^b*E1vBmWjKy_g^oFUcO`<C34~@J$iZ<g6Dsy;RU7D*rZ^
zcBC=}M%WivAHDB$9Pp+8jA1$6{LFUXj0t1fL2PLPdz$U36~GyIf)M#-Fi2yWab*s^
z@618MuttVRyKri+KO?KMf_QcgzJCuYEyMQAyC0TE|Ew3h4M`txo*SmHyuv6eAK!mo
zl|l0?s%{b%1@l=T2T%#8d~H0bl~B|iGo4hkW)Zyihj6O`ULBXzL9+=6c@+CYF|8fT
zL{6X@JQ|09SAgtC;S$5F*wmOya5C%0NiM|SwWxxPbT6}_FSNC(U;f$B4p*P84ukX!
z6AVrIYhR!0!(N~8ESA8F#i2Y==u3qG_M7GDuNPQ)rsNk*L2k6?7$9~e4?GS2At}B%
z%P4YoxH0^U=Sju~d_KK1Q8<6vP*6fM%@Dqnp+y*f^c(Y-kI9y!Z3%yBl_g;h{w(P?
z#Xv5B7sNi-{a`q~Z-|N$+))SSm!kfny`JfOYA&<>x!ca4Gt0JHvpPZj;4^7mKOcx4
zbCicI&ll`q%fI{C<7uDc-_e44BOG@!Ok~kn@+*t8apd{*?f<+0_S>g$Vuo;}@Z=vT
zZ+U@cks^C|Y+*jIawNrfrEZ)db}B>aPjE92u`Ghq)YkWdx#5#N6PkCBk1j;IY+0{z
zzv%~Om&eHWa4E)e1$Co5Ound&g4;?kdy(7$Zw90E{CV(atw-qLXVm}p3>d>a*hH~k
zjxGHO;enpDx^N;)<!p|7D~*rs|71E$C6XWQO1qbiE7ix7{ULE+z9rL(+KOpsd`2fs
zeP&3ylRF}2tSy-l>H_~mt{CL1{{>M6sZ8#ty%HNe^r=7&b~%1@JytxzP_P)HeIsgN
zKBg5v$qY;Get*#MU?YZ*jdsLzYEQBg=<FyC`QnF3UpHeDNE+uoGwRV%4)Qs=lpcD|
z-giUHWplKetbd!n6?~}+EKSlS2f1?0pQOJVLR2g6BMIpfn&t&}p{)|YYkO0QxY`Yr
zBJ+gJ@S{cgrkm!)Hj=9zuq#UTOZs4&w5MhCFdF|W3)$mOmK*#fP5LI6?nPF!2|qIC
zP1pC?RSdG*=KrM@>GyS$Z2QwSGadc>{CxBAQL8CmVVV0kzEgCb+BYim_^SFPR5pC>
zBz1-E*?nV^_Zo2{%0;jE^t50^ncHPSx^pJ0t<XIF<H6h=eH*>y_-gyC<L)9j8apZ3
zv|}fG8M)jE7w;#hK&6#!Kr>_NZ~DXFYiJMWQ+B>Bw72{jw$Lu@huYk0zI6L1*_^B2
z3*WWt#$i*fIsM{KF|YJz(hJ$O_(ovUty%5-PXX^T%2X$nql{<73*t2EHSq>_lb%`Z
zoJR?(_CIw<=zq8LX0VG~rK~cSDJvH$Tc@RG(m#-EC`YApsb3%(s1NY}t{iK|OZ-r5
zkne(ZqYOU$YlUaGz?CCu-TKK=cb%rZ9}iKM{ZtB$uo|2*$*dX?+AE@v9}l-hLQluL
z?B`{ax5SvI6TD>k^uKD-L(O<}upq|S94V9O7Xb*V1+-6|;6C@7$<2C4Kjo&LZt)MR
z=E`JU&u+b=j|i_qa?2b3Zn7hx^iH2&1<RX7Fj%R{sma`Znwvm=UrZD-K+DHURXZVQ
zt-aOx^Vb#7G!~AZ)BgQEV6~Ms#mmd{S3mTZcM&6Mshu<Ucd!ieMaIUT-qGvMj@%-R
z)SJgSt8?=>V>W1xjoUpZ<XB!e9V06#Xd0>^>5dJ)7dZRYRyTI-)9&Z|_BrBm5Ra`c
zZ&=&1QuDucgI2CaI$Di);9q|jsIV)&ZoJl&|JgT@a5p<XI(Cx^3yp}S<d#jW(y|s8
zD_%=t^4hX*ZkGObUe19`2H=9TkK%T}SP8YhjKtXcZ#|GY(y(TZdam#~eDvAoa{Krw
zd;d#Q8}+NMu#s4Q5PclB{V&o_t<WR+q-V7mJszSr*<JB68Xaa`Q$Gew<*U<w9%2$N
z6U0DmRA@5zS@$o_a~jpFw0d+k<4z4uV|P2A588V!|EAuS;ag?F(i=D53DH-UCU@em
z@7|6Tgtt6t&1m)1d(Enp)FWD<Od7XWMJzX@PYv@_1=1RIUxBtHUz>ohdtMp2gy@*;
z)@SmBz@LWmgp)s_<cuu3gUue*^TeJ$3h7Rf+mZXmr9MK<xTE?;eY%nRM$jK_dx7c=
zuiokY5bX}NKJxhl;UAB_eSQi5F#d++9^~H1zw5o_zMp<U|B(Jh{AT-3*53KvZ+^l3
z>h|&P2%#eyhG9?{iq=yg!o^c142dXGn?!&qQnk6MK*ZBG3>nT7uY~E|cWF?sL`EAX
zu2HpwXB)<@k?){<4kOyD;2_^dybgyR5Zeo7A@w4O9snv5I1FhR9Iw8s`b57zuD-$b
zMB47pKI%O>e}VS+k3NE|%+A!$uK#h#!Zi_JBU~A6so!M?tTx5gVAtwLYmhtnTU`~-
z+PH3o_6h2lW}h;Y@Q0|ev7aU>_z#^Hod(@EzG@l8@Bb2AqHau29sDN|CV}#Q7YrQ?
z|GUva!`lkm6tj0yC!v$Z*7d%9dgEzun$uZ_etKArKg(%z*yg~e#3suH{~BxaRQh75
zUfK5v7>w#NLakq+sH{&=6dE{xKp;56n}ATP<=cO#qI|JPGK^6XK`2ZS4Afet@3xz}
zR5v4^kfytR^>*~}lehQPJ=Zg<-+OQy=5U1w_}lYy61;^823sG)B-`w)aM+2gGPS+S
zzF;RUgD%&CCxa?l4y*Ldq26#Qw%CC*5Sx9%utxz8ms;f^9jq`-`grtmQamykS(_@+
zU=dc-sKRaw;e6$=Tzhy=dR-nP`gp*MPKzqiXm}uLxw6z(>e(n*n`{)gkOXU3WgJ6R
zRjxs_ls|d;@m$Ctf?dvJQiv;cfxOYEbV!OXd*V2%-XU?B+GI2~#oZzdJn+UNVs#oU
z2<Jq}eH$S{?zE;{s3d_|tns~mVEfLf>7;XubGE9o)3GYyR)za`#+|$)U<L!3))*#)
zkU!7_$;g+kAX~`Nh*Y`4v6;C_9NK}YG9!meeQ3~PKVqv>GDh53GJGs2?iK)j0j0g4
zxo^Z<EG%*?<C(M^)@ap9KM`kX;VheNnM-|sa3)AE-g9>4>NlnFm&bGbweaHS@hUm2
z%5XE%zmegN!_*=gX|Ts+#6aZlE?gp7@hdDTo??-L$i0YnYg-wb64uggJ-fF^gae{z
zV-KW~NWM!@N*}hALZbQVU$RSWew9ChHYO^L8S3Nl4EB!QX7-enq8ySjc6g)%<@pe$
zqTq+xR&->eNg5Pr&WsFuY^APtRdq`|I;R~s2El))qeip#d5v|_ng-;kPs8nCOslO~
zP0uzwr=*>0cJ;3xOvVexzc>o-BT`Z>RsX@cVAPXjuGP-7CRPa%)8OQjNaq?dNZ`sQ
zt~0?A4TI))tPxFy7L#!C1&&vapSzPyp2d9oh7&cG9A;an3J{c7%DuacEsd@fw!Au_
zPRgb^!6|Bk1JHRFx}7UP^>NrxcaF*Q0B9eI1aYjra>W|F-MW74K11<dIORA4Q_7J2
zJF@mvr@2RCyBrSKb>!iBQoEQADXt{GV5cSv$D!4xC@W*o+}O8vvqrA!;5xrmBpccb
zR?t@39TU3^tME|dxFmo-wJ?@9aVNpHiq<iev5CMOt<MWlrVKS2r3caNMqhcMgZD)`
zRBP|vBnZb80d$s-x{)2t2nZ<~5L$k9#b^e=2yY0g@-Y^=>tO5Paj=gBXd*H-ppYPA
z-5v_i_8c|5RsYUSKtkPQLwzRQ!ne@Lv;doul`91>6d3XV)&s--7KCky_&J4yG>b??
zYMyza;+C#ZPLo(W@u5YN+7wC)?4A){5D~R((1rNp)Hv5ystuL=RYmQ@0nbdKB`drj
z?iV%g8XY+U6|<!kdj-O@#;7oQwN4Waf&r6|fS0Ne0~fAm2@zs7q-!0%0@l{6PV+`+
zw9QZBg&uO^5SYdjm$lOnnUMtqu~Ud-WNBk3#yAh&4v5R2t>#etfDzXFxC#b)S_gM{
zYM(|?+hb}10u^cXKVzfQCAGLeT%xd16C&L_;!C$GOx^d<4xyml!YBBaVvuPPp+A=&
zB8C);B`H!O+2=%-ENhGpdTEmSc;?G~Y8}9S=)=J@4hAn;t$`W&8ze^QLdJ&e=`m+i
zTq2m<*nqOE5O^%2kP!p#ade@L&^VZOX{(m_NM1py&_1o^4nB6<R?S3;Pk<O!L1Hs1
zKk!MCFpJ|-eS|1(fHYWx5z1KJF;6xyiXy!o<|K(56>33ODJ9>51uze=UgKxp5JEXK
z`e68pE2F+H;|l1wDpUd-$s~%9Heiu?A!oJuu2%-fp<-z>6xs%7A^Y05ks+30Xr$l=
z)(3Ycp34m=oZH!#z~`C?w38-Fjey}vm(Z=<WuDGLOdAFDNl^V5NouCBk#n1@5)L&m
z9CDq-Z46~;P)$1n^{K)%^lWcD77_l2vpx%TA89NhmMXb`UKvB8Eri4uNWvqHxEE(5
z9_j3G9Y@R^8wVEfT(N;460d6kG0syz2d9AS4GHe-7DJ+8fKk>cpqiLU)VQ!bR&`oD
zR`uawtk#*IeQ!a^o{$La%le{p^}GfPty{lmO0wyS$K`31b=X<#2;`%!8PxhJ+!b2c
zB`%W>yipaz2Cl*+)QnlLftN)L-!RZ0X-slqh8!%f_=fUttB`df9O2TJ*)E?BG{877
z4k1!BYwUwlC}(545OzE=P;-MQ>nMzdvvx8o6voEgnDS_5wy7TCzH8oiqj{@f%c_>E
zW`p0{*y{KE4t1Ngd<>&}%b%tqIS@8*z%YMAB;BbhA4}t<$l5B4anqzW$4U4EOA-oY
zk;@-nj5MC%Jr^XbH)!S3)0=Yut@q^sV3uROE29MQtHXkzC{z+~OIrC0gVY!_bR`KO
z1THczF4iv6=#oKphP2R$&8`CdoHo$i1XP%crj9Pq*1^kSZ_28M@f>d)P?#w-@s&BV
zv1D#t@DGrB4{~Of)KOBB$}d{U-=d(_1T6s;lmn!J78^fXqco8Pz8G(yunk1AwpDwi
z8OKp9ltq(lslz(QgZOvGc{oMlhki`I$BdR<kS3pUl#VvrsZouC=o6IHFSQszQB|K1
zY-yxL4YmMoQdM_$je(YRtCYT6jBGl~L`bs~5`V(@Wt<d~u3;?U!t3V}e<&(L3>;|&
zd9ewQwYNtaD~W~7U);2{qK^m3ImYgF5F=a@I1bn{<n*Qf;YOd&Se*!9=|cj@0_d|^
zo(kx+$*d2&udqHD0b)k+&qz;7u<r<{Tv^l%=tyJ^M%XeB<yHn%%DX`+h~b8=*$_?m
zHFGU^4E|8fT!Q@!;ovDigU9r92k>g*Zv9uxAaR&dC|r^;uy-wy1>2#3p~hL%&Kif2
z44Ww64FjN_r)U`AwQIB58FB*;C`2Or3nHGrqDoP84=t34n&bvc<v)K|G8Y(psecia
zo0TNI0#CC~60HZvzlL;t0Pzjj>S&R{_nOC=7j7nNMw0<8D|VQ5e>}r+?KyXm)zfN{
z^>PU&r^!a2kH|8dPS5H6!5MPmGO}9G%<;`SV=KL(7wpoyXe+FBpik#|weZ8#)QJ<5
zWLdbVckon+<6f%gy&%7>Pb%;J!eMlo^^QElv-#HF%)h_BKc$XC2ZOttNE^%HXiZLk
zHg3$6C?oZ5Ij&QFw4=_ws&`UrIvcFlKJ}DiooD=l;?(hj8LCCAR{ibL<k3Vaj=nL=
zl`+R^6eE@t8q>0I{~A_^evL1rb$-RWXD0snIj6?qdG6lI_5C@QvSPO9@*(Bhu3cm~
zdvrE7-vKj-OMiTh&PLC;xG#I!N&l<a)BL#%@AF0dxQp!MpT-tb5@QOTT+mE2h#-t#
z{QGAd?V<djJUskthQ~|)Rf~<Yqxil}k;cFyp?tT2v5C<v8nxs+21#d00DMg*B>thC
zvXCWvA$rQ}eW^*YLT*b{=9qcLm*r%X>b**L45P5vVIFHzj>*49N%0m-R=uHJMtuZB
zTGipWMw@N>FN!0%lBkgiy^JhiGF|1(`A3^)gFCPKIL5MfPi*_FQguE^zmrh{<S#r-
z=gF^SGh!pMf`z9?*2u)_%us&a<xy~H&s=L!O{e>3Wj&rC&c&@Q=L#OjYhu>vTK}sY
zzi+PF(}N>=%I_0>uB~U*Xa6zn@!rd5Oqeiwi|o`*&(BqHscz4Gva$Ye=2qnH@6AF=
zGH~>&N$&RJoYuqbpzQ}&t_HW)WuULu={vD$@9Qgn&zzf^@!8%gy<VoZo=y*|orPD?
z^~tki?^okf^sbMGquGG(;qmM4?}Zlq7wf}J?^>?!`JE}E!g?2A&Mb2)KX<n0SjQ0f
zu=r4vS=izM`S9q_;(_T9`Os`Q^MU*Q<N^9H^a1;@ZRBj2`q1eR=RNwt<$=}#{*dc%
zZ}@HaFUsycv(L=zXXY2I&w<`S>UV-~d+&7bMDIxN%I&l3o3~G|-m@+8><_-?FZlnQ
zP<S5mSXF@m0MJMMzd3;8Uu&1Y4*%8c{Eq`DucG?S&Pv`4_uL(vl6VCjA##)0*nNfJ
z+6gW2ZAwmwLjZzH`5SW2NZZ+28F34A&}(jlOIeN%ecY?H%!_RgwYX$!^!}uUtf*;G
zCpVv05L#EHX*A0wb7?NgRd<-5>hdEW+ANl=cid)s?r@&IcAjpz-ZqE2TxrhQJ9`EO
z`d|AG*zk|u*V^H%#x#qt)K23pJE*R^(ba~te<-fZrjs9zt2C!b4=*YkG9^l#K+g-2
zaplO2Iyx>Vrf<n~5un;C-c67*n_v9VNRdHrqJ#h*S(2QKDGK`8@mW;q*B+a;5b7=M
zwP4Dbu>7iCKD-Ziv#F4pJZ9oFsK`rK0_~BPKyAvfueOs}To6*5TwM%ncj8esRuf8$
z>`s4kB16xXEMZP^C$tZnkU@w9yH|Np$Wp9iJ)^ToK?_wr=%`|mGJ<J-7otlqMj)Nb
zNcd}h^zOt`dJN4W`&oXZli?g+opQ=e!<-(zo&<(S&OBMtB-B*ZyP<<Pym%}}ngxzJ
z>(P2(<DmWk{(N9WVMxK8Z@;BP9!8}8H6{EB)C8uxB$`+)dUPDU9iWP$+Fv!vO7yxd
zC<s^aPt0iSTq>F(B7%cN+JF$}L`AaB9;w#pmX5QG6kKsX#F)?uj5?Fzo~k=a%1Z{H
zb=`p|_j*1^7xoH74hpKE@KjR#HW7~VY_Cf&6vJVc{F#3!_smD>Kwj%uaoJK$*hOH`
z$mE__)vnA$(m8Fpj^gZ3qs)s^GOmitKf(JC$O<H*gFO8Nu<HaCGq9Y7q1?;)B0fpW
zu<=={+A`b6*(b9Y-DyHCR8k6iAqAvqfj&5ptPgWAlKwW;@v47km9Q{=-X$QHAjygS
zy2f><5p{Cq5V&eEUZMy8TBMgmc_hJjW+2n}zN0f4YB6}ZpRPVw1N{NPVd69j_JFfv
z6$P5329t@vb5)M|IkrT^lHb^+jKyrph$#g^9s%<Kao24OgNiaK2s`JUg;vW8xdICW
zLzSxN6>$Kz1>y~X3&X5LV}O<7$qQd<#|N6)3kr|PHhGDBr)AByP>Bnsi0eOf1P>Ie
zW7ION<oyOrQ2&ZKCI7MdtKQHX<wLy4rc_-l#Rv_Qog}d^Z;^P7zGtI{1^mj0%gQ)N
zX0ax0oR7Y7AVb;!jN()i0bFsUJPI;~&cVuDdQzaw%)y$<%^IlOC~QOQyw^amX6UDF
zD&v~AZnAuNMKI}|5W5unr$VJxQbD4yPLd!R_Trx&u7A~mVs|WyLM0<|EEbJwp^+Se
zMS+;?k{Ktn=8mA+$CMqW<Hr~j_YhWIy_$04@{$!OvlieF@C#9F@<phq0cs~3mhD@@
zMxDSeCrG70lz1ievSnIFxzhH)(sW$JG*GPZ7;$&)eEguX7Lj0vR>}lZCcj(?qiMO+
zNR`Fkjg@~*pGKi&mIf<ps0&h|^HQPv8U%89^~rs7D&s?7@!3zb;?>DfD@<aR&P!l0
zSNf}JR8HK37W6Aq(5#OstN+=3dgka(j;Oet{gu_*mC-qz=Y?7aJ@rvKx*O(jo95`~
zQB0%IMuo+X^9vnl<K*z#y^c~C|0#p#+t#c6{gc0{T==|H7KrKWguqVQl!@lC4KUQO
zr~$>QT(-_-(gOD-9qf_{wLM;wGa<4)fK;qf!JX#eUF?CY>?%lQ=HDGB?(up)25Vju
z%HsN;_n21xD4M}9dQd@C3*>L29Fz{;EgD#95MaAE?UxAI8VA3qGbv#d;^9_<gTX?@
zdQ>+E0doV?MD{zYRzd2PJgX@@GFHc$1ERCBEx~qaqAbX}KeLxX8!v_y#foR1<>;4m
zb@;2}A1>>SS7zRKsET9ztvb|oRyQeFgXA%>Me0DLA-ES^jKT9!3&6aEQ-Oet1G<X$
z?Zfu-qCkiu*~w3lKkyZtR69i7BqO${7vSyTQ$@;sW=@K&OMlkME7iQzDQwk}vIXVE
zumRpk^?_#P`D3%#g?0hjk|+}NOQcNhN(a0nZ{cWj)=7XMk<Y$K+`)|X+580L!pwl5
z=y^a_>2(a~fL>NkeNZ*~P~WXMM?##SA$p(#q0=;@W#+<YSO619qIrVzBn(jTG_3)n
zbr#Pk$ycuro2V*udn{DxwpONakz+gH!<dJ1P{EZy1sR4IDDrN5%>z7_({fEnu;7#{
z^E)aH6As%cMV^APK&(6p><hUqQRS52Eq$q(=yHK7;%<tE^sPaU<lDihEb9*z*2UNa
zveX2y*t{gt4s;Q`OKLz#z|n6JM&^gb1`(^-tHAct1n=4TAx%o50aS4+qJc|yE~C|z
zX6~rrf)Y9qi|m|`YyI)(8dFQDtge#bYhZ0sQB$QCfvqn)5q4p!D)h&?2kFd_+gN7^
zEhU`Y3?^l3lajUo%q(xc)Sdu*MZ|>#QehUjzDvvoTPj1D5t{Yezy!jn!v$6R=<*<M
z(&54iU|<RgZyU#`gKE_AvLarmeM;oz+1QqK>4$0nkFs5zH(}5Po_+lo$4yX80Zv%2
zgmPiap^Zx^RA7{V=A}V--`OW_m97XsxL%xBvkM)h31IcWubTfvTRpRJ5V#<BeK_;W
z!~r?v9!8#syMUE8$niP1+=E^8$Ny)U$&la;%a|;Jij*jsC9XI(fYm!I$Y`_&JxWfG
zlPhHB6*1?23L82QZ-^5<9G;4q4D;p?Xpd_R+yRGST@X4Y(LHB;XXh7+juOKMp6+i%
zovtvJBvs<h0>~{jCTk*8S1G_|N+dEfV&)=rLO85Q1Ta5XM+c9dTEn8#vEU@Rj5bCR
z%aYP8iEI6<gz7q@P5sY^u-m>bi|s*Rdp~YgZJTY6O%)Q$X$-QByb4Oc@h>^ZX<s~%
zcF4eAimiOmgrj-F7c?^Groe%9+dj@nKlZ(~ja9J7*Qee<Xs#rltw%LhX#->z)&mvc
zy89@!_(l{?>3DehIFwkp#YZ}+bF<Uwu^u89(1wY^bc?XTLZ@RczNwXanPLxg<$tpT
zh$ValjtU!UG2)!dWM^ApZ!obBqNFmjK;G-=x;<lsf6_MY@?i0Bo)e9p)KvxYI^nbL
z;v1av-+=n$aT>=tD5Xb$?5D&{&Z+Hi(BL7K;qp(uj%tP#oFvy@a#PYey^h)lAmfE>
zV0_RYvhCKH5{n-=%|J2$rbTiED+APY$PSs-4c8Ri&C_X8##@*^JD9#Nn7ozKuV@<o
zXqA*UnBQ?6zRQ}anN^QG1`saF!)-tb<NLL2g}GvX!&*gEqic5O--ej5AF-Jw5Vm4q
zkR84w36~s}Gajra9gnkQ(J0t>&%NODXNC>e4DB&HQod|hmefqf9^bmmxb8US@OYUs
zy=2ancj8-nb&KnEw&q_e9vtfNE)VPY&OV&jkqH`QF*$774COGlDZW#%g!*SPxG8=6
zm|4Pn>zXy>#|l`o9pTPl!MbBNsfKi6Zb%8k2?~dF(I`;Nd9~!qC{7bDf{^1(m;NEA
zb?A-m`B>k4OT5)#*6UV4<$wQqax#<lK+3r`egSH(W&9!IoKm&EdUA1L)FIOXP|d+o
zRR-l}><>SGi%OXtLEaE)Vn|(nC<af_=HWH?l5`Me&y*u$Le^x_8)MXYU|8KBKSjzp
zd$VF<-A|t*J8UcuAWz15HEUn0caw`GV`66ZlbV*|%lTa)PnRn)A#Y01+w?tWm&L7k
zOkdX);+}f`f`{Q{|M9*IDqV~#_rEVE+3In0Kw+}t_IdFKXQySYZiVZ@dm-dOf>^>c
zKX3arrF<XDk(cY5i-phj{ke+B^}TCWeTCrX?5&?;y&Dd6JF?n+O1Fld&Gy_ouH21q
zzUrdU_WB5QZjKIQO`YLk?|Q{Om*-90+<L89f1Wq>{p^PZzxBL0eATVuWMFGJy?;!d
zX<|X;!^+CU(sH)m|JnUk^*V^v+u6%@(eZv?l*jix9lq>;{q67l81t`n*s^1)2Aqv;
zAD&e-!h2xb3iPzchugDu1G()hbVHBXW9-7-jd?xbzT@k{-wlU9porP$z#GNN8TjJ`
za(c(;g)_TfyZ3o7`9<)<#TVV{k3Rr^D1O&^|9XG;CjLhG#qz`WL+OLYADTN#zo&Pg
zx371|ewX=X{RRHz>4n)F`5W~cP`eL*=ltcWo?N-{*Phl<vIb4P(z3d8@Yuy&XS>Fk
zZueJ_GUk)~f07c*1t>o~L;!#+0ssK2|6`KrzetImoq>bn|K}!2e;}=})je|d;|{Ph
zjAA*GjHUTT@HSFt7qKFfXx?$c6Gj@0|Fn?c-wP@pg%u1<@^}r8SIj65%PNg>vK_9)
zA3Wo&8*14`m^5nGUSgSN8g}{{<O%qpX_aa{3Ha%(in`2;x^DhX^C%frYqo*poJ_y=
z{JQ;q{`!U(zWxMiQAl|e7FK%ec^b4O7vT6xDlT!<iVnKdI%`e_H^yu0POgt4Nk&hb
z$7^8BTBS>d*6-1jAkWLlJc^AHw@WnT9Y5>~k?~|mh&!B8$)GxykBN|>%aJZ%R@ETj
z{v$6ZA<te!fwvBzt{rI$4&i0?hY=)=hloZKXb$mCJ~WBa^M5`yNaCH2n}ry$<;=@r
z3Q-?qG`W@Yj}zjZvc}P%Z?aOBh}@?&YQy?v1sxCE54zOir;N!W*CRx**i;4VtM%*F
ztmqPD$sU5gki4+zM8py`IdCP-VHC92?f%6fJ+Y)XTh<K9o~<r7s4ww&(IA532}>6;
z?BBupdl|CY`Z^5?vvRBcoSCBL;q^Or+EmCx4r2!_aI8hm^BSNfQDXDBX>^Bhrz~7v
z^|=9eJ9HZHg;S_Q0J?z;;&wBpgxO7p4CV~UzxyO90K_g_2{9J?B3vce&pbW|Yn-DR
zWSG($iQ!FZh|?sI<t*EE6v^SJi5ey}jYDArTi;B-JlWB*KlO$i^q-YqXyjO}2ub6p
zi!n*|8SW5<{#ieUk4g`QlI!(#gfUHxe_(Blbbq(Vu>Te$0+VQ`=o8G~`BL)y9fYGz
zojjT|BQepaWk|LBiUn<*auJ6z$U+D0>R9@H^H2JN=X(w^IfvA1zZJVJjFfb%$c4;?
z)5lFoD&@X>nJazdK=3XCHfmg>f~IeMul`vLs)(kmgd|%8t*JdpD>1mRvOy(H4*`xA
z@{3L?`_ugMTUat#k`uK2AX0TgZU~wihU!MNl6Y+&nfsb4ThnFUvc*+-|9(V(K81%x
z7N12v&!jhOd;SlLWt;-bKKlFR76{FyP+E*L&&|3|d~NyN^F?K|)IPG!V&$N1qsV0Q
zur5x8;o`!~a=aNtr0^yQP<NO;;vAj(S7Qa57bKoWFUOzIjZ8m68Lj^19;Q`Sky5yl
zDb`WHI>@vZHPMQX=f;o%@KzF5RB{*9KchK;2k<4e<LwfVKPP6J6^-w?N*R{wByvL?
zK`-?~Jxz{GFodVj6*Lfvh_#2YQ)S|<G_}s5Ci0$~KxfobtD))ZEtFs9VHf$xNv_rZ
z@pCZxM>oD3rXT$!_?sTY8Tc!`>HzTXKdPo3)r%C1RSlt}wbgFuNcQJ#*LhwIhy+AH
zu-u=y*=G6S=E^2`8S)si{iqW1g07_cDk1oSAunF9h+17jD#=C<F#+l=NGT|ECC`ni
zx|6d%0(I-7EC0GMXj?}UIj}OdCW*1W0bsRh?$68FU`D3|*qMS8d!TlLP{Ww{J$kHB
zKS1r$LQ@sGROouin57>8my(KJs02(k4P1t`PG(8K!7g9GzW`Ori6^tgMwXg2ZOJM|
zP(ek6&c}~Z4#Y!5P#t2EObBS?69cxXGUz~R<GK?<vkidWL+MvKsen$hBB0Gzk0D5u
zH@T}sr|(fuWgQ4mw`Q1|f|N%m23a!<5s*vb0->7i6$#V{@1<vNVPRE+VQ6ayBEv1~
z!+xRc(n?jxKf6e}lxv|Z<x%xxA&H}4^;cotj+Yh|?@7>RooTXL3D;3asf$m-;CJl}
zG7W}44~2T%<>P%S$a|H+yY++TBN@VE);dS5v)SM_!iJdPjd1nPO!Cx3*u*PxtBey1
ziL6pq3}7@q=S5QPE(Z!;t$^V!`)f@Ss$lEHP=?Xau$`H4`cb=MSx3wQ?XAv30jL4i
zar!{}iQ!g*2!II0>;mdX#{7GR<+8Oj!OCo-Xl^RBqckHa1u#H*pl#9Lz7*g{N#H1m
z1uFBZ6(k;FB&d7DxInsQ5FE;cPC7ivfl>o0w2E`oqQ4zstRey+R6jAUM|Ya84!X5v
z0KGQIy;V`Tyq6CD@0;!h2D9N-1M1VZbyO#Bj<=y+S<GEj{ITXr@EFFl0Vn3O*lXF;
zxwQMU_XR8P5ForMFz6DnPP+yd3uNK~*3JgT6Le08``&lpVQ1j_1qcukvjU_5FW~t_
z2!P9_3El@52ghoc9Wc@9Zj|U2dRfJ-;_evPrp?vwoHdo8s9dtCguoRLvvR0V$+1KQ
z=bSp_yjV5~(@e!PfXm7;J;_y}N8rVDcB6ZS6Ga=+Cy7e4w|6r?4|eBCY*i#Kj!n<;
z_D3v?_-acRm$h$!Y^-XBqXMKzUOW@v9@rh<=KjJ@UnPE*awlW|W11`|(;LS<>ic<c
z1Fx<@PdrmlAp`_tZ35R%h)1FjczTPV3RgQS5|XNXetfro8*w97hl#2Jar{-lcy9Jz
zA4i)(S($-gkVS$?n}MVgXkHFb1TBaw;5_P8+?(Jqn)O~t+N%=@{~?AugU0wBF;9(|
zy1-w%Kadq%Kryh+Aa7kUEj)*59&w{2>ja>(2}MwSm@A5lcx`wKly}{r19lkfj1{@Q
z5{1NM5b+!l*ctwj5H`6$tp>%YUwmqW4s+eHmlOaJ*dpIST53_uEz}lhaM}zBEN4lI
z$1tu5h&r40@2w8x#n?)D(cGA8V8T}r3USKh!YmxL0uCx4CGLvi({hOJ8*L0vaSS(v
zUF#j!Kx(mC%FsMGU=kJrhGjD44RQxpjLBBc4-$K((-_wQ*OLhs8?XiqhXOoAvJ@~Y
zcbqY2WvDF$eJ4b)TNH&4UTP#nH7=?IOazP@Q_&2dbQ57Hj^k|-rh7!4TqP7H^$_lx
zF6)HBN-+qe%Koc3NybEhl%oX23WQO8WOlMac~~1XTJ?h_6I$WALCe-_t!XhWfwmm&
ztQ3_CfrdO|(Wq_qV)<#zZ%AncLT*fcyqH#dBl&tTK<G<X8U(uGdGpXCWC5_+S@zB|
zcJ_i!&i9Q;i1jwhS}|$0D2y}+tK}pygB&lm<S+F3g*tn=Q1A_qtu)jve)GVjS$rqN
zu>9yQoB4d3ZIT>Il8>zA$(blo0Xajr&<dExAPRPl(n5~PRwI)rTM`YH?EKWiltD1R
zFJ<|`@+^@5kFR$O5+&%eMccM*+qP}nwr%UQ?LKYWwr%^gZN2_xZoG(@xbOX{s;v5v
zl^MHgXRfu^I#{brj@#(3#Ji=kZ9^fV3r&Z*4H3h{bp<e_M`(z$-u4+`!^&Auguv+T
z8~bXBBEu3aa0M!WhX8G*NXyOEZ5zz#$GwKRb`Z_rmMtn=-=Bf_vv;;j%Ul7AAG&{U
zDWTjImA72u8*k$vQ^#1|#Mp0;1327PpR=sUj&TKEbV?(pYV!!h<^_n&OYbbd_^-?I
zaR5jxkL_CzK(Oi&6ZZ<R_=E5#FVvF%PZ!I36eJ#i15_`Dz)BFKE7UJ8m2>)>k>;k8
z4&#S3;9F}^_Jxc46mTRM-xaZ2pa`#0wAv-`aUsYvP%Ao{(L|WfYtQI_$?}vA=5>Pk
zj}T06ZeA}Q2W%XDykN_K$^<UeZ&im2M0#-rUF9hBR1DoXm`}%a>M|z5#=Bpna(GD3
z=zvst)^N_bT<9}Vtk)b!9KZt;%YZaiZ(fm}KpfCB#ltbw<L={RLAlPw^A5tsRsxX=
z)fElqF{mH!p#gH|`JfC-3K<8vBM6A+V+wU$qg>OV7*!4BNlh}LzPXq*7v6)fu)t>E
z1!Egqd{WAVey;oBY-jWzLd^!!Hl4s27~bh1H<{+(IShP>X?;^<d);$lU5^>q2?ofC
zROo9fi`O<t9Pn)zV3#EjIe^C`K#vs=IiSZTOqU&zp+F6m`9oaXI{*gY9+nKDf2F0%
zHb@abPp5|fOOJ)Xzv}>YUlNxSwU3E}@+|ZWKIhWchD{lK0$O$nJ?0HP9DC^Lm>1sY
zl~Ef34t0$INPRK1I>5gvVB>N)87C=kVlaYH7p#HPw`>4GGHE%69bF#el`yJ$W?Cqb
zWycKfV}?`dh*5$eX4FIc1@qoy`G5|CFi)#8CNS|?WcRMfk-+z`$ZsW)F~Ik<F$}k+
z-gWWV1NuGQN}6p8(uP{VgJ8h)iwsl-9OGR`Vc}KK3|%I1cUI8m<)HdvC$4BXlQjgN
ztPCVfqaMH+_F?l9uWRA7Xnx3d@DEwET&-G<Hl!RYjnf0WhWj^7x8O7nf=qw<Foqv$
z8aen>5W;Z9pf&lWPF|fc!h-kUjDTltw})BAm^9=<5J|0XkT|2taXp~vh(UVAj-+0d
zL3(9sNIxms{ZlThL-2`SS?-!c;E_K?5A-2_uO3KdNIwbs>6K32(r$r4@`3_sUj2gj
zp@W<EzJ_|88FW1CL2igW07r<RccgD|U|K<UrEh6qW`bT2cwmj|LDeDo0F5I-;S<^{
zlHYpCvHMXE`1u~BqJL~d{DX+v<!{vn_{B0fl@IU<Uni3_@ku`!`sw@28uko>^oysk
zsP@Srzu8PzOd$CM9eDJu`u`w*!cJ7RBl*SbsT(Y5-8u&OM>APBhKxdf!(vR*zGC#-
zE16xTI>he1{<u@qdc^ECGN`58_J{zUZt8Nxp_<p`{JU}8PI<f7l~cXSt+C#v_mcB<
z^uLd|IjqmJ*Sjs2^Lae%ZQJpD=r2L{$NVyXkBfc3mA4MZP{XQuc$UGHh4Ft#;mz~$
z`WVjpnTEI5*==k(Zq)r}j;?SxwS6L=N$%%zxwMBjtKGWkzkR2!|IzxsS?hP*{XP2S
z&i{Q`?JqIxE56J5@w~eWhk|S^@8iV$G|)fm@AA?M&;N8GP2XErupb?$%Wg&Q>qU7B
z{1~l^55a#s<--0^nxnp4**cr|wYseD^Nk(mZ_jR`txpE!UB6AlX%t(^8n)7=X>1z%
zr<puP!P&Pj6MMy{?j+!8tJ>W53VTJ*a9ZA4PU|DASzY5JxS3qzBcS>D*L0@Z(OOsA
zdR?n`C9`>@Txfc^q#3W8l_H7r`p|FUvf#tOrf>?rr8i-3?F6h4e6yU~gFEKQqz8LM
z>$l(V`2F?M%OIn(gunN{sjRNon-iz%zmA8%ZF*B*BVAYHzl?BILxPW`evn6<+DbXc
zxWuP<N4J)?nB5RF4*5=roTp63acYT~%r~JyeZZb(N$bN8TQG*RXG&wUSmfW_b}%>C
zv+-JeC34zs*0FQaA)fvchMy6G<@NiJzcm{qI@xUFtZkVXocxjYl&R<gz>QYq`A%WV
zixp|sXmg;eJeG!z{#{zeeAcLsjLkN`rm+A^%P7IdzUeeE@@UDB7{@Z&(kRKGVI@V*
zi_xa>Adg$_TacvyRi>*YTKXtuh;U`nj5H-~y^|+r^#P&2$uOcXlTjZ3>>D0_>esLX
zTNXOA<Obw-f8dzVU2%F}rKq>kx7a$me`~-Jwe)s(-!El`rTL|!$m71xmj7{UIK1({
z*=XSZcuBjUW7_rgw=O7u7?5oF*@%l=^}g}v_?Q^w@8()?*keAK!T%OiJ-(+qEv@xm
zb3Y;<=xy?C+4=cA57z%)rSJWkA4l(bh^Ftk;o)2I|JVJ(@9R4~F_5NvdLZlyf7AQu
z&VOqEx!6b>7zxY&^{U?MbxOYb^CvFvEA0EC7B5_GE=@w1c7cWU<&Dd9rEPjptwFCP
zv)b@tE#(r+4YxC4dy1|4?K-cKhi0j6avim5tj5guQp*jvGxDjCsWSz({;O(4u7R>;
zjBlE6uxIGEQY-w6_!;ek_qpf?@IR#_xD&i^fPxqS`?kAsIsyd>5^gp5`6pmWUvH_h
zX6sXHuHdAxl@PQA_sBS*5TUWp<AZU?=DA(3x5v|=)a=(hYtBb~nY7qwG@6X1Bn7hp
zblqH0Y_ypyU2#rqN?bHb$dww2`3%aY3ktu~(Y~lSGEFwjPX8nc?s2JlF8C_s3-$5J
zW2U7u4kl5W8GO|PPyYY8P2;WM2YUUhC@ll~|8Mr>VrXOiU&wJzn!gS5DsJD6PueSQ
z5;%HZ5<+6U^d(8i=PjulBuz+HJO(>#2moMpa018OFb9YEYEP4hsWRF|McH5By5<hJ
zX3N&^{t{V0Ra{;6FokfDPSprYEF|p8WZ4fz+hAE6tc?=io6jzc3H)su-<zJBhcCa~
zmr-6(`c1cMyF-qJR@SA)qS3X^gu~ZLoKaTp<~u~<L=GAgB4*G?kC8DBawNpTITvvr
zO^yT^c~Ka`L{6P_#sx=SvU5pYZNQ6!GB(5vIgFWl6Q%;uM<HJ?D;ep{lDog(e^c3@
z4#yKje5w?r$%(vVqR6YS#AA-eG<5#_HCHp!N2`OOD8bDCm&uXJ0>}AuB*9`NQuX3t
zq@``BsYx|2A#V+eoFGCLeb`Yj-1Jzn^=v~M7B>W&cHAcweySqKg~x3Y0ckrRAjX9h
z9>Pd&gBAJ`Rc_+KRUr5&;*^4#)=EY@m(D-O#8};0MoUWTiEPkxRnYWRpkh0Iy*fkm
zpnmmIjW@OIr|*NU-5-7_E5;f}eH%>WxV~#m5KK_%Ii8Gjtre*bQ7S=5I0ad9kj$Yh
zm^gG-Q68kaZ#k-$ArU2H%6K8%A0E{pnNTS4Ip^C#SSMMR@h^UwaFfp}j%&*@QXW+j
z33UiV{Ip9Y{;V7TH55o{g4AzChI7lF;&YtHo1DtS2<ZU{c*)qC@-v7N8k_R7@V#V<
zvR9MM>s#EJzw;CO8);Lc;1qxB6^pq%Z|V(^S<&lFaMAXGB)RBbLg_}Rq%%GeWft+p
zl<1+XO+vAJwZ<`mbgB}uJ#D%u&jxUO@&rXX+x|HndXC71?u-DhU!I34!W}n4M`YP3
z!HZYrS&<MUOP7wDB0ZXDNSOUXqI}Pqz!Wb~ycp?N2rr!d=wV`3nhI7r$Wu~9XbG6J
zdx;#S>@SE?ir}stR8BQpE$7xM<)4XYisHay6Im14Jrq|6-M>NN)+C`}KyVphsQsT~
z<z-0CadA}P11e!nsOwMhI8YNoo|}}47mOxE<CL)j%E=Pkuz$SDrBi=l;GiXNt-FA~
ziB<*51k0vN$Al?0NDZmtDYAd1ct|PLsN<PQ)5mPt0ddzFp*I?XD=KXO+&l#uJ~X}c
zlTY^*ms={03X#G$RjKaE%!td;y+GDCg|PMxlfsye`X!a3-I3`1vR{9ZJBA3r!Xz#p
z2qwUW*rmI&mPi(l!A9MoQR3R_yrYCa9TOm9O5(be)$YFWED&==#q0{|kxzQ&g-T@r
za`;v-iBFslUL3{RA`2#kOr^;Oips68Se9rg>Y=EoseQ%kel6)1tV8NTKGyNC&UfE%
zg<AG0#g@#9oNcOs+T3Nq3p9U#$h3?ZIiLkoK&ncBO^a%pj}X;a*Y^@7!T;bD(1G$T
zWD26buM6n1)|J(v<C0Z0rNokfcP=^cY=~?Jjl)Vo^SsNT33bR_G;Qc;9?hFMBeubN
zs27M}c{UA;s0y41xR^t-&TA1o33vrG-CI;fRs^yDoPjD07V#ld3akJ^nijQWlz~YQ
z$2+i{D<UrgX~O^I$9_tW>=MWffHCoH$r=Oyi#Y}t4Y7qs%xm*if0-wxc~cvJ5(q&+
z1OcxEp!6DW4WOA(T5II*?pcC<`qugIid8}!UjgnC_~!BONxO~6Wwe?K)KAbnwKMK=
z(F!><{!9Vr$f#?yRpAJF2-or_=_;v_TVob(1b4H<mHLK0-Jki8TSHE6$=|#>3j^Qa
z21kE(<;!Lk$KHfz%4+J)H6~mGmvg7jgFeeVZk2gwutzv<m2qd<Ytj+_P}k;!Z5NNd
z3QsnkT72d*$KU<fw3$NXSey6b7<ziw-|kqk##tu%SLqKy9qY8WhTqTrOvt|ACYW}0
z)_4E4;JfF~O_Pt`BK1bCj_UsHbSeH-W|iBw%bClS(h;`!67`O%v3*Xu{A=x}pW^qH
zdgqTr^`rC;R=bMdhL7QDZto+#&!6j`LuGQkxWCUPx!e5LvfRe5PgysYW&HAVJ^pu7
zopE{Uqp@n%Wt&NdYO&~R8Dl?iZ;i8g?%y#Fr<wedpKr&rH2!k!&X`B3v)0@aq>I{u
z6B%~LG^Sp#5Qe+;U84*OYPh3FsZa656Oi&|F5U&wTl0kbBflQ^(XBW}A86NU4@pVg
zU+*AmZX4f0$2TD#CS<uw@XnyP)qyK+S)|Hf`7y^T7Jz(M$0WQ=#imLLj<j4xQ-7Oe
zX6lG==Zh}IUi8_jM@RQ}Omq=!(fFrW-<Z!Ff5z5aco3gX?Q|WYp9X24%O$jeC$E-J
zOq#cx7{BGQkyrQWu$P@2Ve^>m7N97mNJ<wEHw<eI{mbTN?Ov)4vX0(Ij2tmmDo4W%
zI<AS$PxLQ!&Mc_UKO{LKZVlw+?~t2iNB!d!a@St|tV8R*&aL0%QvU4cAfq}Dv^V04
zdGF2#d)!W)j4uMO?&_uc+n=S(m*}#GNbkO>NjjR2z3rd1w)#J(es0RLV`=4<ulv5_
z`Tv}R2G9C^*yHye@-XnU-8?no=ho<2Z^2Fvg;Cq-^ZPx_E@1b5AB6Rp94>gjT>D<F
zaQkn+m-;`b>+{{>WV^r81DyLrYJWE$&lF?3A56DlD|eyV4+49j@BCrqiA?eUn>{GK
z!{H12588u%C;f`!2dzJ(e)sVT{Auii@aF*71LJ0}^Ue+DyZ3a=@qZVabk|A^g8oY3
z8vIIY{=zx{rcO5QhEArxLLIiY_IA$nrbd=_^rpuDukw11vaSS*B1#Xlx_ge!Wk+-%
zMYE*=S$k!w89zg32i-zTMmc6=XCt$Ej;otnPR0|skO(yb6A8YN?7}%AO_Ud-Z-mz^
zDFyzeD1=Xa1Vk0YM?&3omGzs2?tj#8b8fP|Pq&;a<yO!D<Cp%qaLREsy$b^bID>4$
zq`$aUIB5a2I_4O0RJ@9`lTO`clYnyc=$aNb1Zaz3LMx2uCWA$Cu%e(9BE?a|Y9w&9
zyLwZv_+(iqAfhph`)2_JJ~7G}5J{9Mz|5cEh-gB?4H&J!=7%;k%H5k9t8M5+mtl26
zXCfF`)6&R9trG*(mrd9?f^SLMjcMg$YEt;e6i-7H5*=b}0Fwn|BWPyNL1~h*t1Sis
zETaQAwc{%cR$-0=q%j~nf+@mlT4<72Lj)~mDwX2baiPqg+5lw+%wGr#*fv<IyXy>|
z{|Lq>-j<Tt#Lr<NcQF<eAu;FFS^g<I^L$1;a{F`l%MHB!2tVdLuOMGcviF*2esh~U
zvgg>G&mO!1c=Cqn2Jjf@!b|#Ve=x@qD&q}K!fT983-D!j0F4<qUwEubi8=Gq;C1>@
z*{tu}Zy?&dCFHZyhIj5|Os=NFNYfg8)G&}ZaKM2cXAz?0njlC{AqXIGBBT-Pz=P(a
zB@a@G9j6kS6gpJ>vtQUSmel!Do{4li<fdStjJk6IEg~vemtc2Lm}r(X6cGC;hhA!c
zj}I3*R?}faJkqj^p?FeU7QlXR--3a@1PnuE>4Dc8yx`AKVEZ+Uf~1ZRFd<MW5#?%}
zAEvUp#mnY$EP<tKQsHyP7eC;E8}}HO9n?>r*j%(PzWc~nVtaq5ak4m@*7&|(G|p7r
zcJIS{h|7(I!^y|b%E;2ma!$|D43Nj$mX?rv#WWKu<B5e%dozK4|E#~J+j;-6xqWsL
z{nG1~&d9dxiESr06MJ;Iq^84L?W&n~0<P~b(z^4QnhNreW~Q!QOF!e|NLQ;kTg$3T
z)GeILz<G*!>&}4PZE1F&;dH`qXpsG*4S9?GKl5#lcG?4t-<1LIZx~Vhe}>Tij4L`r
z2M1rJeyc$SnC=(qm|3!d%NA{TQ-+mAFz#d|9Bo+<T<$SDamcTiam~&Yx@wtt8h%Oo
zM6m4_xL7%iE+8lU%zUPTi=aPNWHqL|8WCZ2`1MYPv}V%Wh)K_CNvLqv3oa;|0!ET@
zA7Z(74H5eYoL+i7s1K2&bZgzgWh(|$xW)`AgXt){GUn9ine&g~ilH^);Ok9X{kApy
z;{Ytisa4FDTqm2)I6F(KM0*YEBPym*e;Q2Xh&kfBO|JcORP=oiJAmf~Rrup8R#7m=
z<Nj{bS)bIs?cxW8O#%d}UPPW&S~|hI3*co(jo%w2ugihBVEG=vN8C9{S`0x&Fp!oX
zfg9pgd$=3!HtDGD{G`y_r+oCk%Db?}i{kYrQp-YidqBrNI|TtgfZ{)l9T%>agj&Y$
zG8)Cxr*HWB=7rlRpC3AFvJuzq;Zn|8>+V#w^4PwjG}`~q*)dN%Sk?d449<r9KeOX%
z_iH3!X76Nc=;C7P^nbo^zh60fTT4S5eG5}VhySM2rs~>ks-Ohe>XScR9XMWOwOF^p
zxzDT!Z4BEgHGcqZlQo%QVXp%Pg$rhpU7xTzN?peE!luL)1cs<!2x|aw^~Vd`*75cY
z4h;$j5roVM+=hSvN1`JbMO*=r5ze^A{M!-G;JWKR&GnvfpXF>}_B`Do6zrQdCm(T-
z^>+UQ8FULcrscZgW~JJxk-=wxiXLywi_wg`TH)QGOs$<zp}K1?I;l2%UnMc@#@kwK
zhud&ovwW~z(k}EI^`N#?p&m8k=cwRzB~Ek1R)JW%;~?cU>~=DI#Uw++xPBg#7Ny#Z
zQwtijrP^Bc&u?<ml)JK`*{R4#c5_DO3QR$^Hr+aS%iPMMPDyIZeqb9Xxl;57K&y<G
z0)jIi1>}t<I}~Et8k1!3l;|$<uPuT|j$}ksNv-ro9UT)Hrs5*fLl300a&}|}SrL=4
zqZx@088r4dOvV(p@;ap>6(6ZQVQT)A0HUsJ`aw`$T2psNTRNwxxP0JdaXtJz2h+kN
zEODNx5}kGYfJSiKVq)hO#c|_066gAh*S<*%gV`8O>?fusznlvbA@N^Cs@!YuQxifl
zv<zuY$!GK$eO~NEbj`?yrYRi&k?+E)%5E4;8aM?<vLfUVhhxVuiYX3KM0yh}izY!#
z(7x#J#J|%>cMDcYucfAi&-U$6EqbC}Xpk;%RG=avM>NaGnpPu?$%H>P(1__W@(A1f
zla2)VT*vL{OR<ztkc{yq%6AR^?`|YiL%jr+vxth8lVw;SDou(h1aZU#Wi=zBq3`JZ
zLg*<TVz#B<#oHnXDbE=5n2CY&y);SqEoHbC)DdvurzQZVG76YRiX6%~TkfxEo^5ja
zfek%SJ1a01ITk8ce+5OC?G(@MQ`j_^MT@!1Yeb3U(+ffOSIm}NS<)8`dgw~B1gC+4
zNbv|B0fgk4nR$9@oA4vkNp`{_?0{sj3^X<(1ZW_3fjc?oy!6lFo9F{>N74m+ijkdo
zKw8lx@)kTfgk&g+0XzfGuq3TX>ssA4mlgS-d#6838zp8<5vdu<L5dv;U`EwMHD*{7
z&%ugRwPnqGiZ3Kg$nxx%Blv*Vkedu{Np1k&YtWp@$cYEI#n$UGY2Kt>62_DkJtDD-
zjKvJryBCn)+Ry?v04Wj_*_C$OBlxK&MogClWE&Wl1MFr{1(JYe<JtgHPYkjEV*b5@
z9N3oFL?vLR7F7{^OmyT+nr>W*70;@B5y*kV{1*1}dFYiTDB3ecl*^w(a7hJyvC~%i
z#>04EdD4TqLSpG@;y+ephHQ`w)~F^;H(?rN0%wcBkuGN;?xh30KvY*`>^+zzvXdW#
z&BqvlbdY!)nPT69{uZXFVVGduhi;n)s<5%A0AwDt!#=(jmZd95YWxcdEnsBD%{I`)
zJ?R4RfIRN%j!?(F$K{E<m4oy)96qdq8B8e5M^14OV<mJBQn)>Lze8V*I|u5;2eSmV
z1XL6diB~0HM4()%)hp;V9B!j++Bfbn!T}fD_n3zIU@eek|8;4-8xme+bO~!IcbKXb
zL||Ro#n_N6pvO7q6lcM4UXidU3c;b!5iih#yZKDKE=%DU#4V6j{|DZqFC@-!4Q>hl
zLNegakN*<JL&1X#_jKntTlwHSO0_izSWc5KT!SowLv&e`*Y$?-X0iLH7w%F*Cj0$<
zuYU{99Bw5H$b0BY`_+85hVwzl#Kqa`!6Cnr)+67kJz)yfsGSC(RHJz-)M%VaKJ6;;
z6b$;giy_|WqIl`iX0Rq%+0?pbt<0l5iZ`nPEAC2mcKO#=@qqxU^}{>qt(JXVu6%()
z+u#23rxhFi9#^q-r7W$=bAROrD5K+gchKw=-2s8gar4p-+fE*Ta`0vrzWZ^?{H9e(
znDOlZ`%jC$q^)|7RPzS;tp7Dh<!P_%_SX(QeAjE;+vee}@8=gQ%l-U(p5C{e!QYpc
zc4hJCFW}y8rB9PXIm>yz#UwvVkK1Vb19={9r<>+D{<t1iekQkLzK*NVP5V3d@7Md3
z);yk<<2(7;F7N9NYyH`rb*GbATjI2;qy5nkqtRU9IhhvVALJ18P=C6e#S2eh3lCm4
z2mI?kU=N7WJBXdA*8QvWeViUx`GcI_3_bS2gPv~B`?lKyKX*h_XXIh6AO3SU1n__R
zv-d%~Q{DWg4iCR+#D6iX{;xkN)Bn}_pCrOI;Xg?Pg2>GqR6%2%a6#J62Hrd1*>niO
zy0&*D4dfLSdeZOKEG=o9)|@CebC)4{R^sRm(}+Pn$kC+wRHJE_%t=08sWwxLL_=V|
z%jt(*bt+)lY<dgL7npTeRH(8cX@OO=x=MWDqyJ0nkgH8@ma*wufMiLh5ZoT@-QN6{
zfw}|1Rz-T_aNqq(SPowx>^X0d^WWI-DJ2CyIlffKM4%2N0ulrWwHND#FA#ZG)wU>;
zdHgYDM=$zUY+gokFUw6wWH#SyZKMjnV5=AP`4_EH4wPObP8dhA3wq?WNALOM!}P#^
zG&3i+|H~5~wfPm={a0E$fDQnF@;{l^{~DnGvwHcjRtG10b0<^h|F-jR(R_19R!>zc
zpI9k6FrT0^Yz#$7?gKHTAR;wLRnR~qA_?e^520BTqQVB%RB9rLM-U>2ZcGaKtK6M2
zBQwj#D>G~IOq!IDTWxO0m9*>pPCquz`S9WM(w#_42vMq|`m*i5>)zYhr9SaZJlYZ}
zq&*W`@`Age&R<WAa{g^ffzq*Z!73H{Zc_ZaQ1oinQm@XfUI8|&SE%$Rt*t=4Ejfm6
z@6fu>JuQVUzPBON&gMBZrB2Xk*QoJ&Bdt>?fMjJmTqc)Kn;eD^Sqv={XS>jw&9I@=
ze<YLlW)4kMd$D?|$*^iyghaoWwit0<HyVsiuJqJ0A9rcyp<Wp^Nxyln7`Cw#tMzoP
z{WtAZ?3Jcoom%N-uta_Ad7D0&>ZIo=xm`JfCZ)ly!-q|mJXmbxUH}ta+F3feyl#`T
zJd@_cB0mU}V)wd3vEog=EM%DwV+XWTCTjItqZXBRs!9*;lk@~cGi&i=HMn?t=?d9O
zY~KB_7^<X)c}<sWrPsW}nnSzN73h|f)GS69?j5c{SAU6i=YsZm>}}S49>cClhq!Ys
zMhf5RLOE#cCRvpHQrDCQf4f)(cH%D2uTQ(wU32EdsDEXRot15uTzHjOkyf1|?bWRa
z7~MPotw)moj@Io|q-VJVUd*6PtPUN324g*JQ(dFD)=Wfj*GC8dZk|x_lC56ti8$0Z
zc`_riDFzIp_2o0Xc&|r0ioS;Me7@e8t7Sb^vA)<`V_BQay{P*r#r(v~t0X@{noa_&
zwMZpUhR7C6ah<weFciB&DI&%|J9bhggM>8(c_X#1X-|NVN=+j4J;|DBBy~0}gcpKZ
z0<G8Fsb;6*yrVm<NHWo|*S@V^q*7AF(O8#$l0&@|yYAEzD3ClMpePoS2A;%?!M;JN
z*P{*fetf0SBG)oJrb}CBdjICoE?d;9i?t@fzZuYJ%NAlWFIFjL-|0e-?m%~{s--~J
zE!t(|xI&xxl|$U!et$`G&N~+YQVWP$zJAh|2-@E_u!xw@dqsgZROnfdXuZF0=sG*Y
z+u>d#loG+(DH48w5?}StUatiugEX~^DmXK(68WW_%O_5y!PO;S$-ig`$5O3FuS^!~
z7|Ry(DYJ%FH=Cei_Mnrd>v}ItEm%c6>hF_T*SSeI&4wulp8kGLr8=PT{E<ljnT{yE
zSW?X{Dv5dli>{s&UTaq^PERvSiyijJuA#ZdnGoku)VkQTHtUvJ{v7p*Q7O(=&VK)X
z%Z6UvJZ(}BXLB(wZ5a$q>vL!I3*=qPJ{@8ARX#J0RLX-MMUxfiGYc`v&j-xvtb?r@
z%r3-BEi`2+wpwRw)4?m+4(zb2>f)8U?`a*X(ugnn7QYpRa(CQ*1*1O?(g5$dyr@uW
zrIp>33w@;@sS#(5)nXQ|vwzKd8UX_x<_ERe$)pSm@(4dI@?=>}`7?Kk(p_!XhyO7}
zT6S26v@J|W@AqqG9+kQ`PN}@}RhjjO&bGqW1>$7R50BQ{LS0>1>P(2yxy4e%8#~bm
zM?uVbP091{2@Eum`NXn}P`%odJwvGx<*GgFD=6ltXtW?PgGb}y-ZWb<duTtl-H6hc
zJ<$m1G4$OlE$_}FX8KYZ_XPXQ>g}oZ>x2KUqwt$s?#pHhy|+MIdE5rr+I$4hN~tD~
zU@9wNR0ZEf_!tp{VlzAznI8Mh17Gt!DI_akkSHjW*_3nAB^IrlZ;K3uuE12P;JSiF
z9>7FlNb=KU8sDAKM4IUVs5M+)Bx>A1>huFehI_W+W+YphK;2dPEZAlNa-|KY1!$2a
zs}$uN`c-uM2Z0`<BNe4AE5(6LpE<RmKj|KP+%2FhIi0l%?0Qi}g2QV-_v8t1a1GyB
z+C}9nR4DCDy$*XpJ6U{nR7lN4Zy2hSwW0G2!&Xc%tD1P##gN=cC{2j_^gdoynJ$<<
zs?r)%gOQb8(C6*?c4ogj!4RKzaB29^BCiJ*SuPC^uUMSuGF@~Y$WjWQHuMsjht9IG
z!py5p&VU;HJ?lA7ueR%BbC`7>Xq#dA<TJOKn0{J4b0$FW(4u<z7h#+Ki&Kx5p|#rF
zuD1_bup;(zHQr=UIEoQ7fiv%z%|1KWJXnNS8|(}l#EgvA+&=b{F4-;thjwM{X<ze7
ztPz?S458HKiKon8FAEl{49n>zOBZZ0_6Zg(a-<tQj&9f7TKftv=n9lUS*7JTV@qGu
zc{!0`Msp1LFEE|xah45=1&eN<brL-`fOkPvLt(y6m~i$!1ShYg$ZWXHqLM5O)>0+M
z9?D|)Cyr|(cu37^8x4g7hYt}z0`$k&c)LgrcCpuP17f=Mh=;avdlEUHmM5XKhtTRM
zAvROO#%jb<GX->U#@z(E?P$viJ{UL=KRY46J+yG&psscEO#n}5ApT3Uk>R7M<c-)%
zr8Ts??eP9;jIDDsDyLf|hJUX#fr8-DHqNpM8FnXD3?6y2i5Od9{UYZ7ZqUC6G#@2x
z$w)c^X(9XrICl-?7R)ypc>{^M{h9symXaL51FFeMpTQBlwpu=Hz>}}RJ8&O-xLxBJ
zm_{0se1=LwLS`VINGdE)Rv{*!u<TB_&^9pZdxoPRnr7VyCpshE_%yXUiQt&gn7m47
z-HbDEHOy9db|Xy@0G-2_j9O=(4J<$yUSe*yBbMwC%RyL_;C6G?QuaDUclaW@Tv4C*
zAa=7hA}29rF_DWXsY@TatLzKi(Cxmg$!mt*b~ZMyd~Q<kDi1aw4_M8W#PWy806qk#
zk3T5QS)&}&2F3eV^z1Yb3qP#SR4@|S45L8SqVet^8KdXM*yT}tCskU(KL97_L0!>V
zvXQT1CEkNbqGiF~@i5j-8+~s**m>}_r<Bc3%(DLw@<2(0#{6*vPTthoAR*Z`*jEG$
zp7PmbNqW|VGJ6h4{37OoJy@t%))uskX?M$gb^TL_5Em@nhY=hYolIgpmd2P@Obo^>
z?g6$~w<yFNRwgd48qNfxoLJL?zWChAj)7h%qhP_<FQnv(EO~yw#~nZlHG=YHSDMt4
zvtr{s<GKaI{I~dmC00p?go@~(F+4&c5BG0VkhPNt%E6%15h501eP*K&5m7h;!+GN%
zjSDI-H?TTfJ{bJ#CB)hqxDj6FDR^e2O!tZ;$y>jOz?GmC9#O_Trw`lCl=%wyqBv!N
zC8MjDO)aAXYF1<X&ZvO8N@|wGO=QGy>f2=-$X(s6oWUKV$Rpxq$XZLejAO_AV%<9h
zg!AjKydfXoKfh7<uS|TkHNtbwd>4KeJnQR7Aj#fjo!!Ad6qgJ+i~>uC5>-l_Glz4E
zYlxn32->^jEtkekkvTRCdWhg?6lD3YA!EiwI%5<?0lqjI<$1VI>q!pez;u76ABw7V
z3SldiDJF}`bt(N&OgX2>9|`?*43Po*N4<3svR#l5JYJ9mJfL)7BZ{UL`(7~Z2%HgG
zp>@HudmNBpgr87U)Z>K<J>`Q^r$0j~$irVDMTd=9Y;0N`_=@A0Q(|F58_we$CoZs{
zU@?VBvL@>O#i!g1RI(n)xXHqD63|n}f!yDmLF*E>Fkyk9-}EizS1rdkQ#G)eMRy0>
zyI~4smt;qjC+~5VoglPuf@8)fVaBInItVp!p?~wAGs7R@0(t(vhq$0#tzm=}33%xy
zPBvmONPsy7Z155lgaEW4PJmt@1B>_BA)hxGG>+IQ=Q?+&?LNo4vQ35e*KaTtKGhT=
z#6Z^b!D%W^7|CLyE>tCx0%-y*{t?t6s-K;pC*-P3VpQhQvT5dQd5r*3ZzlW>2|~dK
zky76tl&8FmjQx}}wTa*_CWy{W7DnZKRLSPgQP~?R{Ac;b2DhzTli@t-Kp?9qgqN33
zG=-aoEiOU5fik+Tl|A2g_IEay^rjSr4fRx0*^zt>Wj&wrWy)suHMufw9+Ph{HOo%Q
z&G#=cPvt?rv)W~^P3RiO8Ho-tAs@fU>H@+~*;F9sXwZ(7OeHuj4;2@^1^-ne7y}M?
z_7)HS_SW=2llYf)XAG`DtNRmAJn}<DZ=9#ZQm^qMy|7mnD>E^}#W3sQWf*PKQrRq^
zZY*hD|Fw5DL+0rDUhDy9A&(LBQ^Pk!4Y4HG1-EoErHRBHtbg4O>F@o_eBOv&e*jO{
zIp`~(?&12PnzAwN&Ub;opoRQb%;^Px966NFU11%E1RnSyL!%EUGzZZXm2ul5uKE|Y
zNVEhg$X<fd3J_0C>&Ni)6g4~%xp1%OBGFU{XObxH|Ju0MMrh6!)(kgQ4CLx&i|G@m
z4L4C8mu!_NRzk8E*+8pjX2GObyY&CKrn`n}uI{_S_F0OTeO#(?JcHm^54|}zX@x}!
z&pI!O(9DbI2?IkGSPr3WN<?&sNx<$^h3~I|D9(Odx~_R6J<r76LK_?lT>yRn;nvZ^
z$eqdGJ-jb|f_|a+D;k~_SPCz?c?rD=K}F6MDQ*s&J;3gd2km0l&0*gHOdo+>en-$t
zh7;r<PxiJ^{9U;#LD194_NNcAhuoLu^Trk+PoPAvKh?oC!G5CrZpa;W&Frl>bvS;r
z?g+Qe?5&yI;~LzZgKo>+cYfE@5&e$ii>@5nU7l>C`sDr6)KUHJ(L21MzC2!;HQlh-
z5mfHw=Eyf&Ba_$>t<`o`M|Yy#;t?>>zyZFYg)4LP(_9SyCyn5}|A67+Z%F@_YuhI3
zChleUPMj2Y(Bf|kf?mqN$#+3s@Fj3ULmEOheCFvFyv!F5j8bx$g@KXu!{D26LtS`p
zVV(3`5wKsFE$rput2j$do%&J1h|H+W`%c0xK-%GFR7b!kXq9g@Y&&s+zBLiJ#Fr=p
zpWWgHSu<bHa0+z1??Opiz#FnsH*P-lV>>qT#7jcMT5%6~Qz&Y?cNf)Rm_4LcIK+>N
zosf#<yR^qkFfqO_t{7?ME;$9=vQCg6WF(nI0*Gw^--n=cC`IZ>PrRWd=k4H0fEaM*
zqoCbieyb<JVEFmI@Kvt4uU9mehn#;kyKviINJH{mbG!uLd=~<(-I3Sq*CE$Wa4x;;
zL2*GJi*hc#uG}u%BoVvU0<E%epEEh_AKTmo-bKLMH?D<mUjVYnb0WYj#7^`45NN0j
zqIg%y!2WB1&g#h1vs&{a+6|61=;ZzY1>GTap9y_P#kK-NcVZ9!9!5E?eYghrg~t8<
zYB4O^l!q|dk|S9v2W;6si~c$WPiiHU&<Wj=Tac#?^8W>X4mXPSMb^I5hVoYa1`ug{
zQAk<1<hNDRs>4qRoZY0l>Mya+gWlCS(_R>odukcj85rW5>J0JpCp+CQL#=9PZJ)?%
zRmeaQu4&o`uf6ZJXol`Vd3Jk<HIfV;bN3p>4H6gUGP<D$)joJ6Tl=6MFPZ(7ly--`
z)GZ1#x0nMAHb&atMGz7p7u%03X078STiY^!j-AG=0r+TzHpudeVf%XRj7ye)<R5z3
z+1<^I90&O7w9U{6%c0jgKSJ&L5%xA)P}1M2ksC1q`Zg8^Dmm`scU>C)Hhc7QEamd7
z1>WZ04Z7Cnn*X}EnlmMd@b5(K@b6{r(BFaF{=ohBT?D#q+Vx}3-9e4;wR$y&8&B~4
zA;)`ilH)z~vjw@WYP_{>Ps(I9B12xM5ymUhOV|O~sePG@Zvb9GKL)Ru;_?IWBx_!8
zJ*Lv(f7z(NZ*fl*N0t|%-*H?krN4h!mzqygZdvlmc}BhT$mL`?E~+YPz9tBZkFUS)
z5wf`Y;`7|ga1VyZe+7vNaL4fW0m0HU(i+_z{Bh2=+;q6b&U}fWcjfCw6zV<UFv2e_
zd)c}qL&Qw@ER3H7vHtRfVAB)2xC;O8$2<fMo2H}=Uy4%gJ>lc$ccbN3Pg%`c1$h-q
zmI?7hIuI;K3)R{x`5rQHOjtog9A%dRsK=^Y00N^Q01~kJRj3ZCP_&E{R0IW8R68L^
zjWX5BH@J|9D(WEmeZ<N#Me7EWXD4M@zx%?hdirwxx56^}fz%mHY-F90tlxxlQ-92k
zsXk4_Es>RqP@7}Oi<voDz^+(nJ?aZ1up6J)l;al&AY`tOO?7GskL;#N)w<vivoWgu
zHCRrb0R1*fut`ywi8Ym^@?KWjF*C|i>VQ~-ADW^nPu_}$DpH|)!k?5g!;q`m8)+Hu
zD63*sBJ9jq#Y~7vGD$d)Hh~f+)HX2^9?x7!yrbP&8J?05E5R`8R%QF`1F7oUIEay)
z;Aa7eCv+Zx83uQ`%$OZ%1L%B+O?|j4qHwY;8C$wZHSx!$9kIG2)5pxT&LR6CBa<B2
z35kAU*+r_;%(@pi@!cLtHwHH+<#zu%H3wtwf}|6nwvkbmqyihciMv)ghc@Fbx;tiR
z9eX|dPDw)U)=?+%@hdOo=Le<9UutCuFX%I<$ODqEv1wW+)Y04d?4YThAc<CPQq9wl
zDJo9O4chvNjn$zYLSD9dcl0DTt_a&*JEyeBZgI7ST$+j{F}hO>Z#gk0E!yHh6WDp2
zT|@7NQ8l$;KN*=$NYZbeg&<xuDr<Q$0t689bKx;j20uTZcBmVKbCEvyNQw>w4Tv2-
znrRLMiL&t1mgG&uF^G_+mE03o(tl<noyvcJ1?@B62nF#ogF%3&K4+F@Yx_gbeR{Bu
zeP#?Awdfl+3Yt<+`OI?nRZiRUF!4osKXneLJ`bmz$kMMIiJorXNh*3T#yeR-vYx2s
zX+|y7vP@1itx8I>-qe+RQTweLKV_KZOEhiW8*fO%Uq0yfdaVU{a>#>MP!(qU?;*Sv
zxO#fR*Lm<2?1T+uIi(3oIMJHqBv=urQDPa-Up<vAW>*&LmAL4daB{0iS8cRflguK@
zdg5l9b5^<+R~5SB^>)wNAN}B`k$<~lOQZ?hm`=lKBIx(tw609&^juTw_2>C!Vfp;E
z7W2MmJLRzY;?H#~wdb?;TIMn;Xy&3MH`P{baGV;ySFh~4V&#|7-r3Trw=c|cSlY|4
zk~6-%#j~b$nMFmS7rtl8){Bgx!K|^m8>vX#7!|s{mImirZOc+TKe888P>mi!PUUjW
zcLCRpiNS5c3rY*P)1eRfIiZ@<+x={;rat>IZ)y&n#<fCG-UpYh<LL3ZCq8yj&ABdi
zgD-i>1uVIIOPIRsjpnOGC!2q?pH;(fyI;v=x<1>Izc<r!IvLGtxwhbu>TJt$?Ti^~
z6dR8_1nt#b&uX%D;As*$u3g6i%l5=gc<C=6SSnUmZue)ZbNp`ZCe|6phwZDX2RFM{
zrhV}Y@}+%~`gB&E_JL>l-|{4Lk$U}mz5iXpL<VHbxXeIIxTxA<(D1={u)a5qck1$s
zM}5g_(rv`}6J*W4uoha*4d2th3E>KBVq_b$4)4b;w>d>ysjZz#()Od8<+85lV?fVi
z>hn|WoEaH;=Y$~}>oH8V)C*gi@^WWf(#<xv6XwNBP1JelPg2desU}bVPsRDVmVy>X
z|Js_1%;y!hwq5_SsLb=^MjyKkuUg?mbk@`sQRj5XQ+oHj_$yo0PWk6P$IaP(Q@qt>
zT<8?GkC7Z_Xe^9NWTMF2pAYP`bvyZyb=4izwo7QvIrh_3E6*?!jn6ew=u)nl$QPcH
zrm}}P`}K<6_LGP64yw{uV|DiC)2F9xYtMqa1NXs}*d0`a#?I;!nOL{M$gB4|ZW+Ub
zZ8;5B)jw@ZyXM{&!+RBuCBo6~5LLalyPmxiL}NV@Cw0!k=eoNKnWP^ngE=<`Z#tFm
z)<|e0=x?dLTQ9Hm!;_xOzh0OUeylFe!m;IV7)cMRhp6JAE8nZ%?z#5%aN2qe?Ja#@
zeaGa=_qF)tP$TI0EZpMYoXi)yZLBH07HGv=&lK`k?Mt<G&I`2};<d%){8)RMWpgQT
zYmKd(q;`@=%g)ZNTWg-!<ewOA?`C#;e;<Xz2PTH=Y0cfZRT}kAS({8v;{3_p8^0!k
zgTA=Y>I>kp@;n*JWf8;KY2DW6j9zOPzQU$&wNXojk(A`VUHTb%E-z1@Tgh?kz1vS)
z%jz0VWyCIu=J`1zbq>Ml?)0lM8Hgmh4Q8$F&$<Kn0MA?nDLd8eV7q2ry8L_{red3e
zv8jK0Xz)56V>f79bagqNgi4&fp0EYgK4_5rB}U5MUSuH)qWpO(Pfmm0G!4E#Ym3bX
zQ~h~<^c8%G1+kXd5vB@!Ap333H3e=Vk3TValALh+VLHMvg3g*!`ISo)YX~6<{8;-<
zyskqPXMQ=m5czm~_B6+WAVrpNKQ$PVuHV}S(l6X$1{hDbH^qd>4~IKTzm79Jl&7rj
z=ljiqF0frCh1sjgOSAgAl=u>R61;McAA9ZDK`)P38R=!GFO5X0_&L;3C=8Ndxc<aT
zlAzw3(AMVSM_uK!@C+09tIacqum}Yi*tvgWna{ax6M(Q|6-#Bakt<nAtX#0Zx;#bj
zSoP3F!M3@aF?*(%B#YQB4qX_7==5r?YwU8gbbN>sV7erypa;ez0#(rY^o=9n)vbw6
zMXZ)1!)5?&WBNob=PFa2iDEX^BuxL3QEg#lmBlQJQS8p(qn763=cY@T?fc$Dsr+<E
zR4R{R5wqSv<$T*3nk&=5{KdDDjWHPdX^@~Axi~C*!V2zJE&4+`jg5;q{X@pA29ntO
z2mQ!=d09dvxN7KB3eDBG0B3}af^;K0_=)TE4cwlhRFzkDtxe&{$8$1L8#m_kZYdm;
zmM#~+JLa8=b!+_it>jkui##gTGTOWIv=f$R*CsFZinFn3vvO$xL;eQ6fGH35&_@;-
zAEj%pyW!I4J>y`aA+B0haacI&=lQOy+)+-G2;zn<<@1F}vXXc<tSoP@7vIqTzBGm0
zZ4VkJCWLVhP>%s^q#q<5NZF7GM1Vjh$RHh#*??>+2q7IdPl&<?%n$+AnGlCa05$;u
zxIQ14m_(3?Ce$<@DB6&)Du6{Id^sL)Jsw(rkUbv!O#y^d0jkpw{xX!REU@U77$;oW
z0nDlZZf1b9Ed0R%kWL6#CrGRfXmyWkE7;5;^y3x)uOHbW*!&jAFWl`F_&Y>>4$!~f
z`W1V44U~2cNz(_udJfC>);HOR{W1`44V!=H&m3wB2LyN#I$XaY2aY&FxE}}B=pILQ
z03ZiwFarp%BbQ%Lo)Lv#*gi&}Rg4(y%pgXLC@vNQVr+WIcpHGS10!93aT`pUF;~qH
zy#uP50a?u;JtMX=13G&lWN$yu)TpdRglHRRs}bb&kgi5lrz5;y^hX^|?<iE&(3b~9
z<*j(t$lxn7-mv~H2Hq&L2hznY&B~$YWi-@f_}4rle;Bp{@`M3?^5BaCV2T5PUjWeB
zqyJCH5AgqF=A5H%CC>aNlaarmC))4P+|<S1!R5a(yZ=7_FMv~_)9#lgwe^4+WVUR#
z662dMx)LV_wr+&WhC~|gf=>K{$9jg)MAR4R-o@?oR4kI+Wkkjvd{Ss<d~K}(JT|0J
zgYuEBe2;=hgp}@s8%3E5y5?iXR*S<s{ro9DT(zsz+PZDrY8yZqP8!s<kG6lC*UwNy
z!2rU}vUilw#O8on|1q4jZVsq?C={b-V_doeOTu6Ce0Eqoov$3K{t@=x6SJ~jWR;-1
zJ6kqtdRdbFUVFA$)EnA*8n&>VRk;V5PQW#f;K-xm*V+#7KSzM^(pWOz@Ryh51^|Hm
ze;)xOQ$yPj4Qr2IJKz-$k`Ikn4&pzF@zCQTh#>K@WC=nv<YC5>Q9=O(@xNv+)e^?q
zznHJ&45$R-kb-b~dYE+h0#bgHi~FYRnOo<att9<fj%|RFRDmtUZC?24`d2gm^Vf_-
z4~yjLtZ@$Ksn5#|?{2$I_w)M`-Yj1c|Gc}bzO8xd=wjD!aNvnzryA8NS_*SY1#dFt
zNmzrio149|Wv#s5E7Y4+^#+qt#ahN?x_lz*W{OY=#|BI4!}17K@fTmG5~ZpZ)iWP<
zV~=mfKuC3nFL8#@vK{cLM+qB=B-g#D%!#w`Tsl2!I8(}e@!^{lt3D2H#hSa!5w)9f
zjW404GRGE^(%6!fTfJ$muLFtxRI?n4GaKKfP9JNJLJ&rp&$1=4FlHGhC?n-nSt|6~
zMo__VsWZwIFl*-h3Kg<jIJZ77wW^gX(5^&}QnhEK&G1=c<0Tg+x6061_NvrsqD;Gu
zF%F#x85C@Z6?Hat>!|xCDsNI&?BchNZOoclE*sly@FLm6;Vn~Enpo3OG^_VgP17Y^
z3Y1&P+C0QZwrpB<3cvo8+NEQs#^fd4n#jZ*zY6W<dcj72!?qIj_zJrcg{jq!Of}0+
z7q|YD3Y-(rEJDfgRH0a{owRn5JkC{Y+~j%}cT#Yo^S$Z<y9lO&x3|~kxi7lbzc!5i
zIU<)6?kY6tX1AE-uVTXU6;)+-$PUqr()qW+e$T-L8>~lJ73Ly0@8&Sj#PTB@mR1>*
zhjpcy>#;afstg<0J#z4|gc6_fbx^;~Bb<r2QwGJRENC~!CbpH#ECOX_R`2nFH!wJ~
zJjb?JqUE`M-9)azd(ZWx49rGo({XKG8Rhjzs=Jw3u#-mkWq=jY>j;v9Z=>X}g1f0e
zuvqJks00CD#ZDL!x#{DV=9^j*9XZaUq-Yya;JsuvP0X=xt7@Rz=FWCIj;6ANP_JH2
z`71j$>Z|7HH*VYRJ4TmLk@AzEo^3vbl0sAT7eTLM9H#c~ZIucoN8uYBOrh1!RGV@J
z#<);6b5YD*x+Y0$>w>1;8WUy;=W8G7em;Olb>DR=6;JDoZntRN_>2AQJ0&|HpSJ^v
zUr>5Q$KQ3;Qcw&1jLJl~wN}5i$J%#w{gie}TQ^#aEJ_pe#fFesv02@PcI>4C_Q68k
zjW%QwNYp%|%K9u(6>lLQZm9ZLs+>l;2mc~pPyb1?kaL71;N~twXib>q&&Ny9Xwg;#
zTe(Ht%93MG0Y(;DWft0nZ6={gt+7Y!N8V-`7WTX9bc`*FH(RDy@7a8)6;v&iOs%nJ
zY|eh{IhYGKi*EftagM_BqFn{0ETr?2kR3A&p_e#NTk_-Ojs>CRNcEREuMl;3kDPt9
z!6bM$j1HzQatfD}o(Z}3@**ROq%1O$Ua0Szx4b2n#tTVgmYKimhd-MiiA=$9PAV)J
zLXi<<7--=R5IJ`xe2$@bo5(PE3i=+`A$DC0wbplQksh;=ZHnqHTX!fjx}0Y?p*_h?
z6<HT|Jsw<})4*pvE>8~W;1$)n|8TFleU641R^yu7M1MYp*@|FpMA`n~JYap2ooYaX
zPN4|urVDB?R9j*&)7WZkTK$u>SK78J8;6z5Id~`^8ySvXKVf1=Em1sWaP>k(v%sc<
z<|QHGIuK4=DjS1~c+7Xkv07l<DR{okw|cC^<DCkA*Jh&Uu`pVai4?R@7afBM0Scax
ztR1#@m&3ca9Keo<$d?SnkBBZim-c0<s)K`2;9rE1H$rgUiGZL@Un#m7+GL4#@{#KB
zkm}Hw&AH5(=R|XfvsXuLS$k_LAFRcM(ndOre!~02{^}SNfg(a<pPD9PPnCNI_Bo^W
z$><HHf4T5!9!MQ|ZBO`p$TsueACIN)h!fXzu%i&sg`&g8VTtMAlKQ^Hkd43OT^+d+
zRsrCP7$Ycdc3I*P5buDJWI7Fh1xWzoJy2R;=Iz*CkwR(1r4Zxy;yg&z#iLc@?pPt-
zu~<a~OFdpH#Ym>qGrx-sdx(hq6KEp2N@go0wdR21pYBzmv;q4gAuQ#V#nr;zJolDE
zQWz|K+W7o(*&ruOFolyGMwYfYL#s1c{la44JHD&!URyl^{lz0q>M!s?6F(Uln?%AK
z={%%Q!0A0@N+FOksC{681j>1K4W$z%ohPA~Hz$q*)XO*%;G#GJuux9|=D<bKY)*}2
z^{@^JL#Rm@Gez4fh)~e`n<B&@a)C?6%6laJ7)?S&W>79%E0}FEU>-yFbT%QH0tK`o
z9zmIgtYvG>Fd%W62q29JSj81W^P!I(w>T`8Sf=3~C`#yuSOWMi3G3dUOycL>rH~Y~
zb_!*wY-pE~vd}qgK(}<l3Zgg3$U}3HPx4vjP*k-ph;Wha$|7JO8p&|=D68QH&*d66
z`Z6z<f*Cep9;5^Qgv|&ru~a_rls_QdZ$s-lEedhipsrNVZka}0hMZ3-P|(06JjCW9
zH)%nghoGAHqz%Gg^x{}{CRY?xuxoEAt#O4{7dZN8ZTkf8l!_l1_V6uiY?c&@Y=sWL
zHKo(Gr!W6aqavm~ddf_Y5|L3Jx@ce%dE>%GMhwr0ZwFE(!a7WFf&W&vO&SEW_uo+F
z#>M%vgq9K#_<sP1KzF|fCcRO<G1SXr3ft(g3;aGU1Ya&dg*jsJ&FW^AZ(b@s<CpnY
z63J!VyeHHb((Aj8(1T+kzR6)1f_}f2g2m}%EvY8bv#{_IECSv@G%yet4CIIu8$qaJ
z5_WIe6AJTg^%ZSKMzcmpFey8_8&uO_Yh_To-A#eT0Hwg72%@Iermd92E`r|tT%H=`
zGNrH{hh4laq_E9!hVrq+VV59A=K+7cB3l*yRoUiAeucs=cUYJvpyrBhzO~vmGuc<2
zs?i!ku+~VlWxewvm=jZoUZ;dw0#HlNuSB#!gj^s=bE>gGW)~ckQcP-9chOxjqc9;U
zqr9(11faw`77Mt%S)wZQD?!yK)G1NZWo7At&ku)rzv^E}LxU#bT7yj@G&OAvJM2>0
zXXauuIJbrLhk4xVUq!;FC?|t~DTl425ccu`g~b<6;3UC|3LB8<kB|p2&A&QJLg#ys
zfCpz@&g*6Jwnq8o)#lVE3QHnvl#6W++klW8$i<a0z72TY2E5Lcfz~Nt^YFrW%W?(`
zAFf6D_INMfp|I@^ivX!{T^vS0A}(03Bd}gaV7&@p1=UsEJVjs)iW;hGE#L)KuXb2;
z9#*FoU^OVQ8l1yw)Wzxypm#N4^_p3%P9<xnVRfT)_nJCZcZB)1Zm?y3g0uO#Y$0an
z<>%Vdi8oOa&PWXOcN4&`LjWkK*E=kRpsv9NpYG;2sC}v#iSeB{iR?5}{icR0vor2r
z+HV?Ze5DDZgSw(w7TNz+l1v_SSkED!n9&1-H0;4?h3%aEx*^K1SH)*42yb-QX6Q1Z
z>!xmgYhBka=-NfPJn??h!r^EaGP^5nw29&Vv=$Pm8W4=C5f4&g<4E0>7VBu3-wgPq
zWLSgAP(t@&=e<Q?H>1WV>=tqxKI6oL>buLe<|c*R8s#@4t7Oe>4(o+A7oZ~E9^<!R
zN#3TW+ENx)<$zE_Zk@u?j6#mXE~n*V@hqVwyHo%wL!a^83LB!cVpI)8ff5A%idmHC
z$pN4QRsjhqs2e6EWM+{taE7WSBoZ=pB<!Y*B}6XdQJAtYf${}-^}*^3VYMCOIar;8
z)q<=J!PrK5jq(wP_0KaVR5vEtAs~BXPc+O&XN?J+!I-!-X0&e1n8OC3b}dqukMS|6
z9fMkfP6t7$mX09_+8QigpcoYpql@?+|HXW-!uHJODL_Whft~H09rLf89V|5J!6ozR
z!B%O>xWkgLAPftNF+L6p#!t6kn`=RZET~8eO0eJ#g_XK_+1uw;^%yUMwJgsy*xt(~
zm^JK#R|3Hz5>U02L7@mDT&8=qVC6Gdf5(}uubj#H?b7<H!>)q$o!HlFF+KqkCZq`j
z#0iU6som$Wt3lHR5BJCT0nkjkG=T1Yg&nZahhLLRkNPj=2jSbD{&oB=zs2u{kB1a?
zkS<j0njP9Ph21H?ckIxPE9@@$eeDkIq{8l&->DtiDTN(s*9_Uc4#&q0^89u^;x`rM
zpTj00&kmofpNG>JpSJjYr2jsN{(C;-_bTijENn?Q>8`1Jg?}Ri4z_5YD(pV+5o8ZL
zY$yD>48Biw^83}~art{v{+^P*pUPjRh4}+$0t&kyI!NFH=lGb0p$_VN-eEUDP&Wik
zck%}@th-InZ5F%D61PF6dI-(A3VX0F?4i1_Wz_kC!)}DI7^3}fj6Z^CKRz4nhZXjS
zg+9D}eCaTv`zRv*7$S~+>rr^xtZ_$SkGWqjDQw35dR}3V*HwMdVK+f~52PQ7@h2et
z=~?MV6!wILKBPY_G5RDlJf*NF+dOVQZbr1fipK9_0afkrK;Bc0xmz&jpqV%Kv|C-j
z<gi^(xdqX2+Hr4Xx6Y>ZHcG3-pCy&g(pL8jGWcbMJ%jZ6kXf*NS*G#X`ti}fF{w&*
zx5-R?#bLKYbT8<>+RdLs;nuNsp3_^qaPD*+f6i@=I&27(mxJ>8ZvLXAyokS`w_5mZ
zjp?)WFStg(80AORdd$A&uwn3C0p6Fo`8VslUzfZugSVG|Lt$SJ^OyD3OBMDFR}`ZE
zvMcJFQU0}tsDE-;2BHMQ|IfnTXX4=dErtDy!*<gsYUj5s{%y0(u!Jr*NcWab$D}N3
z=J(OGXsl!24J(TX{;odkUe6*4Z^RTywp_=)>#!WNm=1N{hPp_z;8=tI>M)zsVFNm5
z@$W?13?cM*U0oz7cd`+jx?V-|cj`u5bt7k0H(FQs9jJ>pr}%dj_KL&CNF6qd@3vVf
zq01+l2yF*+CQ5@V?`q4t+T_gzX9hDktr;|F@Hgv|XVkf;uJhj<wwDy)H1R!b(n6PK
zySP*ofug9qR25uZh0}FeG%0n-N%!6wNdzMeeJg0+bJ#fPL$3baVMXZM3f14ood~&n
zRbl_(uo4Yo{?+yr@;E?7m{G8=1aG;;z)9zhyL}o9VlP*N4y$-QT^AkVuW2)CNMFle
zYh6ZnR?%v>+Nv!ETkNpfA)hwm4Ph!GqVz;126VbA2BXs!f>eW7KkVi|05~HmZT%5Q
zp70u7+bLv0Ro=YiX7C!ZgEu%ZEwC8(5hFEPSF&+af8M>Q%a!*7$liux`JWEk55KO2
zUq2*#szE{v?)378cL18AE>7raiXEUw6!*~#gH7~k=1cL{v4Vc&u!AHAXn4Jw|5$HJ
zrTX;r0KG&-<Wb6WA#o>=_A@jsFv`#pt%i!hyWF^8_qzL#&p_(Twfwjl)eI}4hSI`}
zh_vgQd#>cKL(6f89U@|!0yX*4mv}w|FozuWIl7i2I^HHTp@IdBp~xKLkE8rYdN=<G
zmSc+CtzTyEAud>?;wlIan{;wAD476+pMc4fD`;{DJx=}9VfVt_?eP3(G5!YX?HdbU
zdT>O*QT7)&%69S-@=k9h%p^NcPqcO+4XwN6{&k|0|D2w4<m1iU<UER>izaG*Vewzb
zJNYjm$$edu)$%^zd5LzMo{iWluxuedLw6svW~In{|FV<+DniWiQHPihOXgGmh<Sm8
zUp2ObDakmzkddfpbNDr)0YiVY(9rwm=~_L<a#m}9)5(9k(Ao#21g8DJA{NN`ZNuiz
z|0A2<*u;NILH;j?O(UsSBdNaw0I+qwsj!m{dyoc^^f%k-NjfMO0I>QHme@Nn{x*{T
zw)?h9$p>ZvSfgLS<a;sx7AD_P>xV{qk$jk{0xe|u6h3Wu9QKIU>WZUbn&DB{Ti~UI
z`8E_#`+J8y3jNn$fxgqt|DfXR-KSzzsj~i=!24rZQh%OT%xBR5o7`AUdSr#NY1mB|
ze;j4-lNf&&M!l;N+8ahEOfMPkgG2E14^jSmwSMK&<(2DQ@RBiqbl4YR%nlgyUN`@f
zii!bag7n(Uj<~|#hw%5$BK$oF|5KFzaiQ?{!ArtFaM%+Nel5cP=NSJ0az6O`*VDhq
z*VDfeH0p_ck`jv|Z0PiDq-0UqQa`Eu#ieb$mI51;=D&vdDO!<2U?eg-d`de$H&BOF
zYiIp2wNCS)!=8ePDVX@T82=C^en=)-Fj1H>{*m5;e}mqtyZJ{Z!Pj(Ogr7!E{zuRf
z$9MfDI?2|kb3HG8GlN8bgk(Y4#}4}vlwF6QA+8@o*~hBUZpoX3dx>!F_6Zg=RryXE
z#3j;U&$Rp>00030|AbZtSQA;-&X52@2?P?Qh!_Y$5C#GX7(iqo6sZCMlqM}muOSqX
z)m7XD%UZB7h;^lipxD8-h`=HuV#Bs}nu-<O1*QCV!nn(R-~aqS4~Kc@+;i@E&$;KG
zfeCBS(rK<7x|@L;!;Rv~WVw;u=qQV<&Y?qaKL+oXQCAdlAb7xr+Rw5D!f|4exK1pZ
zz=_2a@~N+c1=PVvSd*?7V?-S!$Ecu@7+hW;8@Yu}rhi8kbd=0M>10$$M+F8bmj@Oo
zOzIGy`kL%Wrn4}3Pk}6F3xh|VLMT~{jM90i0uxZ70G&J&o`J!83uI|1<L}MDD$wCe
zG$zgE0GW<b$VD^`2JfRV5eM3SnhV(t)~CA|(CID|APgXGFpEBw+n@>!Fx@ZZ7d6EU
zMB0zj!r%iG8nS>E`F#h<-<~w!`HF`6x(K8TQYBEm1_>=9L+~36J_rgH$b{e_6yl;X
z0#t@2=SzJD!EZ76SA5AAg5U9}pXiQsA*k4UE=c)MfowX;Rio3G=`KQn0Ht%$82Xgg
zdu3l=l<bTb!wojTIig$!$}&I&z^?-2X>COP0Lnq3t5MV#7+eX;p=D3~2*Dp{9Fi-O
z>?Y$zf#8oe)X!vFAWSDRiQz=1fkL4eTqRFqg1;+eX)uEV!ZTgS3>F?9M4|{#9$6NU
zKq2@OkNTF*rw$90X};h<q`|9!FJ5;t1%H77gy3P&I2e4`hX(Th4EW(C`GUbUAnzq$
z`A-h@FR*^ZhX&7t;J>V>BjBwTylF%52tpkNZ*|~p76gx)QNNO@Bz$`rI>>x3SUL()
z(*X~d7D<BOub}GRF!&hQIuvX@2I`E;(B(MP2?!p?;CfsS+IE7E$blB)3hcOutOl&E
zz@$!YrA{88PTr(WD(E9J3PwN-5VFEtAYllo)uam37Zou02nm#eBF*UdKe^f?5X2_&
z5Ev|yAvT19wgaIVWLXfJ39)5RE*WKUQ9271(B)7>31X9#nH;=obZ|Z=Kx5Hu5CyU=
z5d1K>_+fzKL%E>)PRavI2Iy}VXk}tU3LlXb(3rlC0wLK&$YM!TWXl4L3zr3gkf#)K
zJnA@^hsfi!F!&UH1Z;U_8s~cor>7s+Y3XsXVGKUw!GhQdfEPF_wju_f1$7HUA+{19
zp@J3_2u%=W0Z0h&W1&JKma+*#6)1!O6CsTm=_rh$yTow0Q^`_I5LL2*J|Cgc57Gs8
z0z_2<1@%<{^;Ln`D#{!bC4&h7NHL^L8>R}P1`49~-vw!u7KDYrl0jFJWkC!M#8$<(
zr!i4LknSS*9-4*^1u4@hnrdKoJS}w$J_phY2N~1(h=z3HAczLtj*e(Z$uR)AnGhQs
z`3#mLiz_feW^fhqQ2`58C;+F+1r2CO1~IfC_6$4#IBz%D2owXE1F>gL8L$Zh4Gcc-
z0fK5`@C7_5sHGMknGN<82-%3XK*7-nnWYdSkm4vdqNA`vV2{j#*xCRK6gc>*4PXFp
z1jL>N>We3c3RzRz>zE+31#~J<qe6-cT?Wq<gD+Azhyjg5b7j)qC~jbMN(U8twlWh`
zTUu&-%v=I3fD%)ZhQBg>|Jz3wgMY($gDTJABl@5RxPU8@i}Th~2;oXG;H|H)f@_cH
zL2M?#T%5O_f(_RM$AGuq-|b1Cs**m@iZWniH~sHyK^~Vu<YgeT0Ut4BDRVe#6uepJ
z3~2{9OX-8AxFS!3XPY2%$)E7M0<vL(Y+67zQ^^4ggUlfITzt;64S5I)Y~AX^^o7_)
z7~BS8M3EpiTbV?{;NRs*u<ky@n9Q^U+(7HGj1Xg%f+q&I<6k6}8d;qLHZevOJg3k+
z4896>hynYX%ty?~$~2mkR0kk6hl6m)c4UO3fqp_v6?G5<Vw=*KBo~Twh#3QF*I+Qj
zfG+}wO0zcOAm%{dDV>RIbK2h{54XPV1FRu7_@s5<J!OHxT_AQW@V5jIxPVK}#o!x2
z83!Qvtlj_~;83hExEm<rfzn!;#6%T!Knc3#Ij}x>D9OSgFR*>Lbnug>5}S{afJYLj
z3?Ee|V<fP<0mQbM(t?P#cy*-<On5HDwgVqYu#y5+7Vr^!ybg}i+4A?N6C@43kMqE%
zlTMz>)t-mgfv+WdA^1cC-&DZPfsdeIJ~DA%>42R2b`$Ol!kG!2P#)rlJ3D?akzyK%
zwhw$13?a4?25$m8ri0!Q@DXRS3WtLaeV{Fn^+oCUe-jj9hzY>lF#rn`4s`$@Dqyr2
zuu!f67~#@J0t<)$k3k_=JM$11Jh02Z0&kiM?25tJAaDjKgBu@N^iLVGK^fd=D9y#K
zp7Kux7V!{Qd@pwlmH@X*Pyr7<;`y%%NI(TVa8Cy1pX@z(h!^hY^)C{VDH7gTB-l(0
zHuF&??#NBBV#GoG@OJdW+tC-a<6?-t7`2>Y;tRf__ytr{$N%diyPa?YH}jS}Z8gO9
z1MYac`D4Cd+iZ}UkdFjO$EFPuNVf&z>qG~Gn$8i}AOT=}1w!lqQzTHJsG&?lrNf<!
z`GNunr`ItMXyt$oVh8aMe=?mc%*qTPfgksjbnt|F0b~P_1tJGT1_%s90SH9smHz{O
zw^5mf83e{{W=yl634~18C=z-c>rb;cm}X-!&Bk&X=1#-BX;^6*o<EI`9ievuA|S9c
z5SMAO+@|qdG|ks@+MfQ?^a0a22Tjv2on{|Q;1D7fZW93{avFzd($o)bBO>(6fy7S3
zafC096Q*%aoEA5ETHNGmdL;s90g>R?B^N(y(sttflBWD1TLR;+eDEif*l!GoE3wB}
zASh|7H%=3n0;Hb6IIlVa<Mu~@&<Kp5z5Fy@lxg*o`7W-KRGga*5nDW^hkS?{L2~Q(
z60d|TyjOL>l3Q+h;Fbu_D;!3vQ1Z^4@9XQRr&?m{pMFe#eC9&;Ir`p-J*IoSYm^U|
ze|xc4HZ3VMewEE%f8?iL)65rbd_1I-eY$r}b4JQ<g*UY{0+*#7`f@|(i`MI3Gv7!O
zM%4#G%a2_ht@=y5GJkDcKs`H{Ece09e6_I2Pp5?OSFLJN=7)U62k`@^uIJ5lND6oN
zP}0-jbbbq^*l%3e1gF0^60&U&5;T4EvAvbe2zglVefg(b>vLG#%vw@R6RPm?VetB|
z$?n@KK34dDzGwM%#g)AzaZ~NbqsJRm&Et1<cTFaR8xMVc?QC}bhNrQ;yD`sQSYx=F
z+qC_+SpVXOBS*!zCPYtel~#`$hK%`MS@Z0uBqia9g6ci<s--LcB$2$*VnCf_+KK+p
zCeB&-A9c+num^Z%5H|Q-NS``S2){3>gpC7urVus@z%!oETmRFe5bvMfh44EYLtqo|
zj3SN^pE1jb{qg%APT)BN2E74k5g7NSgJ&3_S0Z{7@3jdaONd?p8IuBuetJh>yr+hM
z2nqWEAby0t4~Q?}`vS;f0zU@gL)bq6;!WVYK)eXwn*_$~ZvgQia0?K3g2QhF#(ggm
zcL>Lg#Qnf+P6BZtd@Fz~B=7+s_5|JwWC4LOAhraD5+F7N-Ux(G*c1V=CU7ATgs{m0
zVoK=oSztow@v}7|Fg{xh37+^F&LuE@RxH8>pKp2u#_P%?P2Foe*V&}0yX`<=c_NQl
zq^X&K_l7pHCx^f|A2T3Ygs(9WO~RK&Jn>qoIA&$xy}Ed<bh^dMh)CpYajJCerP4@8
zS&piK!yi_Kgp4{JQmN`r#0})4Bw6uknNk}OiJmBlN=-~dW71M$lar&wW@(vmiHRhE
zdn%Z#GA7b}$+(+*c5J3NAuTnDBs<@XYi23crKM*9l^8doi%5#1*l0;yL_+HFG!coG
z6P1}7AxV{pV?`0!QJG>9NmZ(f%}r0s%!-IgPX2Brj*k+h<q$^d)BO@sa9a_HF<rS_
zk{W}D6_He=>ga^!5ix*z{C_xS#>S*&ibNz$sZtc14ir&Y|Jr~qT}q1<rzOW`#YV(Q
zqHqT_aaLwROco%NoFIytvZPJtKAq{5>hB!Yq{@^8u{a?$E<&6h8}mJiBsD89{cl=$
z`5+KWNs^inlO~Fd05PSygd~!_xi~Y%JR(|>kSsD6#V(JMBxji?Cq$da#b$wu<E!6I
z4gVk0gw&X1i758Fx$ggMKGh%MG)ZPmY!V6i|7j4=EH*Pak>ng52kr`*zt)!o1*hkh
zUoXfj4Y-TtNCMMLWl}e`RoC5QJH{XU#Zh)lS^r?NjDEw8v)_UQk|j&50`H<5I%bAx
z>KrUut+cy(ahR^YwqcRy#!xTUmTJF&;=$^8Yo5=-?Rnd7zArz2>5<J{&4JPA3AkYA
zUl-oIFSucI_T3&VlP=$YRd#8;O1@OFW$$?S{EW!TQcpYYip-k{W>veDQkO5c+_lJH
z=8f8Hx_x<OV`<83)41|^^Zg!gyMFk|nU?)+{>K|F9^b*PH*QL;Y<<<aW0v?qWt$e3
zdEnQfFJC8hYOC!63j@sO`#oBgZYS3IqPj{)>t?8gzo!pdcW^hq;q>jRXJ<|<79X%L
zxn@&wdEE<T%L|*e_hOIy*gLHT?3WupcJ}^RXc}97=&$$v7}jq+`Ly8TpQlQ4Ztp*x
z<9XozyY08J=;OZ1hLWA-T3VmqGe&Z(Msn&Vata!|cV3M<=3kaLcj${?DDc(If(zKI
z{_OdCuJzxw%<8i6c-(jNmrk$P6Dz9ttheKSvroN#SJt)i%$9qMq%ZputHR>{s(iI-
z|IUY%$xn>451cty>7=(S<5TtV%DGF@J95LUBf2`<85WLx$b+$sK^>pZl5X4cZlBx}
zX7uc9Xlc^@cQ;dAyrD-87QM61e%)BI6&fgvZ@29m&#n33?^bEEcf|scec$!Brm^c^
z)pJkynd}w58)}dJTrR4xX)q7k_kwrp;=94lBSpf6FD=!4NcuXy9cPa0xIOO-<F>_O
zqr#fXlEsvgZ#7Hbu&dYI|4hdg`Q;}&GOrddRX;aKs*gv)lSlzJflo>E^uzN=8f%X^
z&}yGvo8vsRkfs>+(#~z+d-IHKH%b#duV=6Ca!>5at(raZ&Hea^n=OvHFPNv>MC&Ad
zx&2JT{5#7YFSu<ivrp4`rA!@9^B8Zbw{~dzjUojVYf~OyWk>Ge%V#RIKl*Q)Cv(HB
zt5heRzO+(}qB+-+Lf1MNw9vfdP0^@!^s}6zmiM$ybMB-uCsJ`w-!EO6A!=9oZ!Mk+
zKdezpx%=cuKu}(b@wr#YkmPf*?S;bT9(!u-quVzqwn{A<_WpE5`S2jGR^RH>0Of|b
zO4Pqotyr_tgjRje)_QT=*ecZzPaXOl?2SVAVqLMHxE<UWkEd%-9O9Tfy;56!;9@~=
zTc&=&@I3yoR`|J*h9@D#JF9oS*ZR_|0IwL`>uny#-uHoi(arDnk>SL(w81@v6I@s4
z$@gsSF$asIqbZDzv7V3-`4)2{$KY?5)SCp>f*HL_47Zjh=GIh{$YF_fZ`d^*b&Z|*
zHR1>UHu~fj<KIfp_5|^~H}=0@8*hE=a@!fFhb-zTw-fh2y$m{Sq?FQ@QU93zy1m`7
zkY4<8>&!N)a!+n<^epZ3!;6NxR-AU%s-kd*772cMAv|&;qeEry(k{lM(DBLTJ=G67
z!prQ_7W_UGkr<XD?($O<cU?}ZcE1?V@H)#P=&<6Mdz+GTexH|{@Fl*bCqDa5_OtS(
z4lCl%Z2!e7W&h)IPfxN`LPBF^S=)K6_p_+Of1gi~ukkyWFWLGr>aSn@5#OqPTHx0>
z8D@Xu?7623VZC8bf3AR@c+~tBlHt3C8kq2O?D^9UPme^0-<@aA-e7CHEF-JoVzbgF
z>mpm*$ko^KmK~Dp`;fPnt*7yPY&d%2S+7Oz9nID|Y=>cOyY4Zi5A{l3!@sW?Wkeb2
z71nLdkZdbDQnInZ_Nt6^NoPYyR0vY@^SE&dRnjGr*-%0q<YB+k=V%K$MMLH#vRP%x
zs8Q5w$_YtPmEs6*U5Grtnc<bc{_>{4{2Rr#O^@3#V~%%mAh(r*2sbv}x&B~Farcs>
zz?{bWePIj>2I==Z@%;gTao!!BuRCXsH?HutytmOUHy<l<9pC7+P?)uS-(uMhmR1jE
z90;yIFfV1oq{13*I6GsaI3VKJ@%k%`OA`e5dK&#NzkHbH(Wlh6G*9FA4q?F;kG!oK
zZ4b}ikGM30=0i=>@%g4^T#pqk*<Cpq9NKwGV|!+0>&q%*B;nT`zQS-%$G7HXacw_T
zj`@2FxA+Zwi!8S3<8_XnYJaZfx_I-0GL;8qy2G6C;sf=SYwIh^^5?n8zIe_q)pgU1
zKM1Yv9#db_ziY7F^filgE90>0aQeGgQG4vym2O%K*0u&(F4I*#7xt~UGdjwLXOn*O
znu1Tb?(^-EPKVQRo^u1sDmFNl7rN;kkTa7H`rv3d<X$qkUZ37R=xe<vKBxC)x^Fc<
z>fz<_I-b4N<<HK;!kGhA&sJ{lt*R~EccN`<`)Px+S{sL0>gl|onr{!ZlTAHDb#f2u
zermbvp{}DP|7g>}GwUS|yVa~_Y0c*>;+o9SuKGPl=R%#+@)Rpk(83*e#_P_U`)$*T
z86R@|b<b#hO57drcJ1o44X1A{_t=o)bWyjzMdy0)+ncAdU6ww-C|`UvdBg244q|?S
z;?q66@F%$edQZkx%&gybb3-Nivys~p>P+=5A7w-f^aGx48QN;hv{X|%`2sun>`%k4
ziIYWsCAQ{qUphx34v&OA!TJoIg)RQ39<-Akv{S$K^QiH<`>M*J2Va)tF7Srt4((4|
z6mAR8>JBRD`ADk2)Uu_~Kwtder%v%)(NVo>izUwejha}J?`E~5{bgGln|V;*{f*UH
z;q=zAPx)Bt7SgZhmH7``R$sVA>J6W%cHUX-0azy4th<tTf4fz8#lZ7+EN=CcydO4Y
zWQ)0p{y#dEy}nhG5`Cce=On#|%>GyJR@=ob3)Q!Yr<MEKw_fdET_Wd~PW5|b^?AW_
z?Gx7;<$|z#`-@MF1bRzaJBPeh&kEcE>)d(zYOuZcaaQ^<ojc(M3y)dE50x#7p`E{E
zyDQ$MW+X}9KKjC*&2@H9o8GKUeLT8y>wX2ToQ0%wqtE4Bsa`5N@b!grcH4)k4mGZ+
zyxOOq?9`=ZoZ(n|NH+BaI$3DG#CPtAG(GzZX8I?an4e|L@ZU8{<GXu5x)?h?(QsCe
zUTfMc7c6>~qBem4ZjIdH(!|{0wAM6QF8I#QYVE?GWE5Bb;Ju>Ps|pTnS{|u3|E2!X
z^)7~7vtO<^-1pY$-F^H}+8h@<GwZ=bi+gvYj~;3L<ChJGXKRT2HD(PpP#$Fz|9Ez8
zx%79<>|IUEvTTn#->G`>>fF-P_gZT%c6sa6X5UH;i3pKB++*C;v?X)TkCSioyGGi+
zu26h%kKTT1*_V;c;f1{cp5gUgCbbmu{EN%xtSq-!F!SXK=h~{XUgugmycf;9E4gQ9
z)%hm1DB%fn$>#aASj|e^p@!!{fBcrJe5!0sq0^<vStt6b8D(h7j~gguen=oWVb!y1
zTTjjB2c|E2X3#B~zpeS3>&v{hTe;o-!JeK}vy;5+(ROTC^D=`8e_g6)-XSxqLuX@4
zD`Mq#?)=COYr7XNw|-ap?)r@yhS!RBnOCj5n(1F^`m^yWo3cg1iOiU&H3O0(oZ!^%
zw#?(4(fo$O?FAJc`5R`$r#bEwv%U-|W^6d#oI7%|*?-Y7PMSrKrb>K}=IgIB#>UpF
zZc?=fid<Vu>v9Ov>~a_h$ecJXQ@*OD?rcay<BXCEfzSGTisCB{7w!&)=9kW{PjSlM
zw&S4Eo#w%1#Y@7kj@uM9>}c^ad4ANkd=`9dF)ww4(G%CwX5~MY!_|*S8SRtv78LB*
zIvH3v8Tgq0IWXpe(l4lP?zU65+NW&I;t$S?l9-MrY7QTH`DMv)=@M^A3T76*=$X#h
zhnvhp4tkx^79G6XyWD;8v7Zt{1Zvq-*DqF)vimTr4-;2z>G&LTU#y_3wm$UpFz>!b
z*1-^RQm<8wtFGKP{non68+IxstWx~x%9f8oO5<vNHNk6F4rJGCe{|eG^`2#9-5+M_
zkA;j640U@Q+WhGH*M`}j^3VTPd}UAWR^QS`TRAztQSX|X|A5vNhl~x-SRdcfTF<X_
z7ylewX1AZ0Q)tKRcI#28Xe7Ifjdt|=m|oxGRc3d97o~KjV~^J_cGoliQ0Qx*U(2Yf
zugQo$@!a`J=g0%EyjEyy=DWhcmXIQLQq0S`zM>OBPtpE>ye(JhAA6cxd(O;NQLV4n
zYiX97qjV#lDPGWjudP($M8nLNpKLc?d&3y4ij7?6wmO*lw&eN|d+(jkKc0&Z-W$~;
zsH@$4wQe9JIPFfyis~I-Qi^|oSZgeMu2kqH(EaN+W1F|1(KSgS2R)QK`9A;v0RR60
z03iS0(l!vKsi6m9rRklLI3XmBukJVadj{b$Vk1=S#(2q%T(KLCirokmyRj`%?=#tO
z0vr<T!#4T{DS!dEfJwa@qeOsLI_!jonNF!8G^El>XL}}JhNj&371r_}CJ61g5!>-@
ztn9nZcD$R|@ou9XLrTT~*aYpgDJHpz+i8>0PMe_iHYr%Z0U)Yx6XXG|VN%~FArdxW
z4c>z_c#m0wd}J-T$hjw|q`AuOg(|x@=KWr-vU`mxyBE@f<4xk<8<(<>3Q+vL3j7=X
zz7>3lBlX_Pw~Cw5R*@g@I(1~fxLMpUZpQn?I@Dv_FK#yP7b{E??rYeLs9Cs@+ALm4
z?Jo)b*n&Lt$A(SrkICf~83)^q%J{LU3^pTbwp?C4Y;yn*mJj38;)e~JwTJmx(8K&J
z=wW^arJAB!c}NMK7Kg-jvLc7GTjD_366<=4!qienE?Z7Js>GS0D%<cBF^-rmF;R8~
z`v|Q?AHk6G2(2?8iE=5yo2@ZZTiwJ_Oyi8f`iSOMgQ~Z3Rd400-pW<Im8yCxSM^pZ
z+15}psGpx=RsJ-X#H_O|R>U?4yxU@}Y~#SY&9o`r2AGRB#oHV-fNhFXknzW;VIRYr
zjK^q^q#A0|c$4uM;KFD4F>w#|n7q@_%Ge&y-7X&kZ<h|sb!ONOhhSc}bH~`u9b-Fp
zjO}jtYzEZT6A{zF0mu_TZ%<%$pJ1D_C%EFCpuVLV>eJy*$Pg({ZLo>lZ^Wv6I#%V=
zZsHp}!19^7<uJHvBa%-Wg6nCn!>73ppXNGzng-X?kZGvbpOf2ypBrxro{0xNV|x1W
z8Ioq65gvUJ#+de7&%koCRXT6}6)GYsAevK8lG3llisDzeqNqnb#%%a2b45{Mnvg`<
zjHp@2@xKx)ihq|${JTg3w06G{w7z60GhQNP#!H4W<0XrRUJ^CLW<<@FGGj-#T?9nP
z4x9*g7-Dq?kJTMKR(J4N-9ck@2Tz1MC|K<X6CufQFURrvGR$!=$2NJH=eU<mIqqdC
z$Gz;J0W8O%;$<hr?VSJ$c4FM#$#8oo$L*a|6+6K%e-R}N+dECLt(bfz8udy{jEVAV
z0+qkUKldeY`D#4yRTEskO2Xw;0WO6xwjKJb2r?o2ui-N3HUGgu!u9L%La)oU!0V=q
zb3FB%?Bbl1mMKV)-Jrkj;w$9Wg&XwOd3e3f!|U~^oWSaMgIMzoW8!-=9`vTkl5Y|#
zy(w5y7-LF&Z_>m^(%vqV_JrMqQ$>Jrmze5y;Z%pm3pl^aaF@EvawWM7?^brX^tA<O
zsR~m)rx0hh8k$K8c*m+P;2-bcaCrw<g!sq1u}R-GZuMe!f0x5MXbKNZ-esJ>Cv%=+
z+lu$_dhh8+9s=sY3Fmw4QL*>h5>><D6#UTCds_3&&HO=$_hU!!bn!k+I`7Add7mep
z_f1b2ydNwE8-(XvKEPsrK(0ac_T&TDTa6xa`+$o00TwZmXm`x<?rvCjH@EKYaH)u|
z-KY=owL4@3iuxg5<3sK)AHvS+G`5x3{t<9s>{xrOI~Avvg~lGdd)Z^Ci1zS`Xb*?%
zJsh(4gcVU-HS7UCw+APrJ#^=}hZhZdbUlEohCM>nu!mO-duY`F@8Ca<hJCD55K!~(
z_ag84IQAYj=78|c3(@-;svwDwq1L!E`6LY4PjnSr%&7bXTD%A8LIR(JS_^&RlbDT9
zVm8#UzWP@q?aGmxvt|C6;3p<oFcJ2Xl5qW2UIhM`<k~;G__rX@5}(FnK9$RlPfg_q
zp32G(v%H@Q<;SN&x$!CY-A}piekz_`{1;Kcf8k;SI@ModnD|RX^)I9x`U^#`zl6pQ
ze|q$PiDvi4i|>^+yVrEcvlqnPUaY&lFqsSM)Rha7tD{-S!$5m*x(8Y)gzV*J*vrkZ
zH%b}&2R@(EB=&g(uRi0Svqy_QM~_5*j(&3!iM}tUu+LN{?jtqeKA}z&#@O#x_hI$!
zqky>2jqX;(a<WPBSc@x4{+u?wjtM65qB7`^FJ;1|44eI++i;N5y~+HrK%57Ac%>T(
z!Om5_IxTjVVx3SYpQr>~@K8k<O}cCft1~H#&4WGWGZsCd-s(VcBzj}fjZQFIDkp+2
z0taC$Mg-6bKp|*Fhb@3ADB0jz^pGW&)4e^AMS2*2*-#Hj_ApD<LzJwCC|M6tvL1qD
zJ&<IO-I|tcQRbk?9^=%#y=0Tt(^T(`WrFuI3*Ji<yq73=FH!Jbg5bSGlLoEuCm3Ec
z8G|3=3L2%;Hr>@5xkYcV{qg^Xdhg9PK|!l{_!iEHxCz0?>u{1}ob{?nk2!$kqNuF~
zQaXSnkD!g~<N#PwN5UK+T|Py_#rr4S+XoTp)4g!&V<=c6f?yz%sgLM)eMG<OBl=w*
z!SDLW0oO+gxIQkw%hc`t$cd@fhRxQGnXMl^It?3{-TKk3P|!$sL(y2YAqoc@PEvLE
zL2&FrzK{}39PCdGb}L?s<Qn~vCi}aIBe-jzYc-Ti`kRrbzvuz|MGxpNdO&}{1N!sb
z1XxV}#){heFtm;GTKLhdKlE^<nZuE04tEp1)xORz6X_-=7$DjB@W2fv6MX}3Tf8R2
z)=l>vfkqx7ZZm=&aStcbsQ3%4V4S4&Bk;B<Xrep2u$i0v2+{0ENLxJJ@l9sQZ^o8P
z;)p&H4m(nz=J?DU_=~E*;&fQxM3S+N;>J2E#2v|6N713(-!lgjB$Xc(>zAtMXr`W{
zr8@|(1M#MYeaFaKHs7rBZ6;rKnsOPD)1zfhj|QB!qScQ<s~^+7Y;=qnX^uhW#T|mz
z9V2?(F#^~eBc~fZR3jo88t(y#VUFjXbG+#`M0b804gI!Zuj}>k-OIQ6j@LZWa6c0C
zqAL<2(}~PLCz=g(qL>O!6s>cjXq^)U>zoJ<-i2oH6GX3B()0kNkO4+S9blGifGFDl
zQMLi1Yy%>^<NJa}dp?%;e2pwkH=6lx6!~uy`EL~YZ)C^GUMu#$MyAt7p=xYoN6SGg
zFR2>kblWJFRE;u3HG-;vR|7+WlVI=P^msUEgeSy76FMaJ=|Gnof?RG$h123-41D#r
znG!uRh77fedzSBVWcqGcfOuVzdj%qYmy7(}c-Kehm~-RFXz0ntxI5WW$uJuGmtRko
zUE*Z9emPl;hm*y4IN4OcoWiwzily8;6^%UAsH9UZN@6tro<x7Dtg=&Om7OZ8>{L-@
zr<zpu&s=5yY&_f7y{DmV>S=J1(|EOd8ad|=+u%{ZZu=g$&QQeEP@{E*T6WPxF-8t$
z8Xro}|HYNXTY#`nz{sI4xd#Xug*-4+G~!Uvh(pbH0=oMQp?*07-wb$7^l~6*jPD1c
z2JxulOhoNWOYw9jFNw~Sizj)c_0j-O3)wzX$a!bFm2VI5>)xeTk<efN2eahs1LKR|
z!?i32+UD24hm_+N`jZ~%(U!2wa2Bt-qOZ<WVuVf%P=Z%gBW*gYCVo2-Jc1F#?MRF{
zBeB^>G7K2$(jOWJt->#`#U4P2JwqKWz^a~+GG2RwL)3$Zo+F(EdjdtbpTq5Pj!Rxk
z6EunsLF>LzT#KXdDx;X%Mu}=0WmFsM0fa=gjS|&1N=OQ-Eyc=2A8^h^Je=E&Hw6Xb
z{6*s0O252)5E+vq@2Byaohqi@(OkWwA*s>6q>f7(nV_T1f}V#2J+GUBo+m7FUbqO6
zVvIi<)Xrnzv@wcQ8ZZahIX{kf4xbYcd>UT-A|dDm6M{~#A?O4<f=;j^XywVm>)!Ww
zB8S9@74$-P4imY<O~mm$k;U^wA^S}fcYG7!j*pN`vVrg+hoG_NIld4&v9j?j;wK6|
zIuRUS@mRPJIp2lddz(-&6g;dJ>@+7K+LOp7*Ce#oB=M3<wf1PsbhT&NoBUVRqT}01
zE`Ps>*X~r2VWG&<0qA5Nb(6(otiT_pVB<|;x|kyP!xXdarht70=IkQ2?Y#(|e1i6=
z@KBPHna+KBI-ERR0@3M$?@YJ)&Lv2NmvrBEE)kZx#C#rnDMQms;mk`Jlc4i5NS5KL
zgUeCj2El)97K5o{0#gTrX^MlFLm-n*7oYub?11PPk#v71awKiCYXsY<DH1p?C!28G
zG%*})65^&w#L*_{<g7{F6*h^`*d*7GO?)riWN><4P<(XNj6$Hf($!kC%yF}8zFKoR
zSh?h^1?=xL9KBkw6<QcmEz;h+1+Ca(*_*e>GPOv1^A@IBEbL67XrIZq)-$E8^-Q|8
zo@v}#XA!lmWow<~JBF;hwU$R#+*)UuKC?nlWbxLTXswOANSp0iCWnUR_V>UsCr45a
zWh4P?O9*VOzx$C;w`4-yQbp7)*-*D+K;4oZJWEE@-JgjZb<5pU4R(QY6eO{0l^Nca
z1=lKzcw3h6wk$__S;X5i2i7u+et=w^9Jyv=d1f<DoGl^OY~<auEyy)nmS?tvT(c`6
z*IWTS=5pkkD<Rihid=Jz$km0Yby<+Bi{nw3j9l`_ipbT)^w}l2R~I=H<ghT`4hs;9
zq@C@26D-UZcD6VY=i6XmzCDWP8^eEpCi3uK&`lL!?^_VrBDT*07XAwa`z#Q{e}NSK
z3*>NFAcp?}YZ0{&IrT#1dkd{Ue+foJzkrdp^ow{tTm-(*E$r}?VAU;QuD!%1ubm7V
zy*iAHG;Hp!<7{0APnkJeOEFtZ8Cy#Y`{AYfWAAvJfvJCC+Wi;Pvo^~R>&q<Ivy3Ck
zG8ud1kq3qEJH^-&a=6Tm-gYWO%FPH;_T#2d0+^dk0CThL=<H^8OMqeEW&wNH2>3Z_
zLfi&1Hyg2Oe<pHly5%eB68qaN0#e<=km?ozscsRG>J|y9Zjq7d77?j#u_Dz96ap)d
zr>>}oR4XbV)vX*7ZnY!TDy+Iy3=&pJNVQ5rs#Qi%Sk2j5Z9u9(O?N@UcSVGy4eeSk
z)LJamS|-$5!5{QnL`N1n^W|1Ll6?;$SY{nwW*u8*UARnqm$44MYd>i4m!+7yj$rP(
zkP{;RdgdkT8R7;EZ@>(1U<_|C;Qt1~%LeoaBj)FB#?RfR46q5g#3oAy*u-&tlbiwM
zkrgt)rb-#$M<@f}D5bAF2*%4G|0ChW2N*PeWX9<qRY(HiRQ)%;_5BfkWeCUO`(>$U
zu-z}%=6>cz_iI-rcMqzqR~j5(3umhj1k<QTJ;+8r7>@LMxMMwtgn!Wggr5G>OiAG9
zp{S2L#KXuT!Y!ec?;kd~!o#+F|8NCUKMcLZ++B{?hm_GT|JcMHdZKrSEjh{-Ds3IH
z))pZnZ(%O7MR1WV#6?IS|0R@f>_?EXAF*uE9}yOf-dRY*c$DMFqiR4?Ht!U>Ac05C
zoc#n%|B0LEql=}qV$UbTJnkn3X0~!>wg&%()3=&g`8PEA-`qs+kQFg3{>{M1PdOt$
zjZ+1r@KZA{+tB=NZlZ6<3;LuaAhylG&SRV%{l3ALT){zA-D75EwxikG6%2;VcvKiG
z+YPKd&RKapF1;Xy$00N1DZMA)K>cFCv4uIA;@QEwXF{HzK+C9MJ#u=OE}j^_PXw!>
z^6E)M?ny-MNfm_}Ej4<m5|0sl5^yEnFg(Spy{FuS_*rD#_p_*$#AKdkD?e@edD733
zI6p_^f9~I*XmPv)Y)19xmE?Jb^ZblOo@b+@azf`hKK41=vHJ7my8C%F^?B8&BE=!U
zgM2=$iuhuBMw8<@h96_R$l&rt=^26-aVUYFUq+F^vgJ!CTSE7eil>)M8S^F6Tcd(b
z`4{ak!5t7!Xgg$vuyS@VX~~Q5;tKy|>4|vNNFNV>IX=)1`1V@ce9!ti309TC#GMkg
zot)ZEk=o9-M5-%O`a0=Vb%BYmNYq~8)Ls#(z0#(p<iAdGb(y?Ae{jL{U-Rj|7N`GO
z$@X0-8eT`yfY3<_hu2Nv@VYG=UN?oq>-KQ?je#Q^55HmY@EcP+ydl}(4X(sDL?yn_
z79ix;NwKO0Ong(K_9mzHrbz8g<#PGL*GaAlI`CT(wYNC6w?t}hsc0><w0xcP>fLOK
zM#O*c`Trr#{|_bI5Gf+wW)TrR^B`@h-Zn+V+ZFF<-lqE|IJa-Ukk7Ptl)KVm<h*T<
zoLwU4H6(K4R}045qg^cZ?h<w?yDZzIUFHJ!9aIFoQ|XbCcZ8MSG1R>8@|yQux#oS>
z%-?^a`TwbZds#{cB-s1vgCQa}?{RM4llLa?nYno%&41rb^jF;Ey<Zm22)8F9SMM9R
z`hauwfwV>Wz|7NbG<&z3I0W$I5fVAtZQ$rbX7dlFLeGDnAFA{s9zKfdUmnYUK(S1J
z#3zOGA57u=hl=6+2V*$@p<+1y!5+?kG%-(q2k}QCqW{Qr{6`_K{%DElKbrmFPskR3
z>c%f6|0FE_Cxd(J;SRe;4(dIO#ULSktUB@q{DZrX5yg)yhxx|_{yyRSeIkeXCno;>
zEb#YdMDfo)f3|@Cvw^=)nf5=G!s}B@c!9U{@%Y+{;)`fesvq~7!fUUse%x!SANShB
z<})KtSWTZXg??r^7x^3x{M>Xd@;TDt=hkzP&%<+(xQ^Ku7e|olK16k2h2xQZ@HoLv
z$9^t>2uY6cSLO)7T_s2OtH}}mYIB6YnjGP;c1QS|fhT&r@;AC+_#1smu-Di|egpJ3
zSGbr9H2ptF)Bn@`B>q1UQNrXGZ0HweeEt$G|7G`=|1zY>t({CFYa1vER@W0ntLqM<
z)pe(6b#Ip0>d90E-pGx05<Hk0+)^gtFElj0YVykhug$Ykbo-Nx-ADH(M+`U7sBWGa
zG&)1bq~XK5G3j){;K^!e@MLwj4X%fZ{+6uaYJm?lBx{6UT=<PJCLmX}hGWTO@TQFT
z*AU4%X@0%A<V*HKzA09xl4tfZd1f!0XZA9AW-q&E_O^0H{jxVVKyRq)-hyBDW_}4^
zP4}{`w{EO+@~*N=0k;wt?k#y^Z{)(gnF|{xosK7wt-EQ~V9D_hKrV7XH+Lp_pzQX2
zxYpqd^^$!gx9?+f`@SZ(@5kJ}pEUnKi`(}{ZeP<`a%M<3z<QkQ=lv}=z#et;vsJp=
z{9{Soi#}}-$<yC^hpP}C|3oFg>iQ>I)#?d`SLb+L6N`lzMW@|=s)BpYVTh~4!o~ei
z1f&i#uW}e(g%a#jD(lE9y8hSJ#iV+qWI_I00X<H(;E}>_1z@Mmf=5~{c%=L@0^M$V
zFhKVoQ0Odobe8q5H{-M$$r8^v(&QOOVa<^GEqN5P*->Vj9mQ=1x_VFW7@zF(4Nw$%
z4tjl@o@IKrgHx0o@o0R@mPBuWOCGJ1k}c4t+Ll7G-6=D{k0uM^8a8=!TcY>1<<hlz
z^*{Z82<I9QR}F-#2E;;x5?c8{bHUBf_JcHHJI&=xv83;?@r#sW>SR_Q&%WvAc2~{F
zvj->i5R=&&$Qxi=|8b-`z?TaAYP8DEIY<T#EH@p;%zd2M&yO=JOm~fJcgHF{8}={B
z<B=rCLvXByq>eW;aJ-p;<1qttt?uCFKnXXiIc^R#;pRY$o7J?_hMNPW_nSoD?(s%2
z2Odb&L6(z017s!z)n_C{I;^NY(2m+nBZ#p40(QuZkx7~a2AYz<N!ZLZ37o`y^CYux
zo@DmTlelk!u5RUrlaN3sS@Hv;D8=F+f?0zQ`9VBC3^M13LH7JG$d(@lBd!J$t_C9(
z1{;uca5s^ZQ4{h55^S*9qJzzTFqk6YKaRi^QpaFh>KM#Y$0;m2PBClc6tgZ*F-J#0
zP;+a_D(IDW$x~rgL1zo}wRxn=z}u;2-cH55Q8v1haL$wxP7Q~{GffHSOq_6PXs0dV
zoLMp9uos$nb4&^6Ok2W{NtqJPnWls@%$PBTv6qUW^@p+b)r6kD`IscbY?6qSs`c+>
zj5LHNl65~xjW}fuGo`HI)KPFy4rh)(-0b+n&5l3Z?D)gE<AW}edw9T(Aec7-$vuLn
zo)PBMGs2#FM%Yr%S%|B%2v=tz7S1vt@mbwOVn(e}>N(47nX}CHJj<GT{=W*$Q%`a~
zghDw0W~H-4Tpc6fYApwiF(zCcgK@Q%cG_@tOhsHB!^9tB!PPM~G?Gb~aMeocd`9Yg
zMe3YPskxZ-Ul$HZoo|BZ3yctbfgPeRVC!FChUg1yl8BTzL|;$=qQ_Q%=&>e<9!Gr+
zL-aV`r2u>5%-%oF3<TrM5Iv4qj;|%5_qcAL_jm#u<B>|nbMzi>M(^=<^d8@qI2fY0
z1mY7Aa}x-26A&j8445{do0!I^RRZw|X4_3LTYQ2Q#3#_9G(i6$G*bcXD@bod`w1f2
zPeN!<j3V7!Oftd#Bzki}k!2DSWs(KCCz&vEl0Ab=q8WtEuFV#5-VTj}&t#(tFbYj(
zqD(fs>twn!<UTM3`M{LQ(J{rm+!XE~02ii+KW0r%wYq_D{V~<#22<(v2X%v~Om|Z)
zZZOs422<^BFtuVKA@gC%{*VvGh{dBWHfj@l)Wyui7n@Cdu^9p`mX4CWv()IxspK>`
zVVYuNVlmT_oeS=OrwPy7B&W3{>MqivoY6oCQ0v7@!FNI?r>m6ZFEuukpHZHPLSQ-y
z0sU6UoHvLav`mi}ZpCX|0!Lk<${(!+VI}lVNj<QaHcQ%H&hwLGwncYcAsuU`<*WR(
zo2VK={)P`H=?2IU?!jtFp<mi3)6U_d8Lxyyu2f=-$-DaH7;!cW1iq5wuPc!Pu9RMq
zs#|-wo%;Dvr_3*Zt`t~~9t^nBX&{zyP;zx3B}Y*@SAY6K`Lk9J>8lT#OGqFGv8smk
z#~}uDX9^g_p+<3xMsWlQL7yr791?z54^41rlbh)0TP)*3DU-Qoe=O7)or!FXyXpdB
z5ir)z$mBCc$G1HtR43@Y3FsXcQ1D$R$>tb2Y-5b(Z59+jk4aq^ZP4hh3x95j9}P{S
zWioa>XAtulf_a&?L{$T!W>+v>J5n%oU|cC?DmXAEXmHq!*(o#DqPPVPZINx-f&#q7
z>1n0F)eXwf7P$b)p#sF94yh2ynF^6yr9vdfU`<UqV4O3T<PAWuFL{EGlma<>O_Hlv
zlZY%CYm%I?CdpZAlJ<%U#zEN5+_0S~3U``3vAyy|cOHdC-WnR{s5Z}dih(~L)iYqU
z=|e!Ag}Pj3Zl*oM_hNZ|iU7bPufYTD!SXb>=bZ%Vm(0~+HdjrQ;efe1m})vizYfE<
zgA5hkysDe&>$JV0nk4?<jkj3P%zZ<3rlQwik$Pqp95~DMUMEC1=CcqG&2sR=B(q4N
zGYc7VmRRVh*1DFQ!lF!`J0l}-sAvdQqs~HK_drs@pQ9v;`Vhw>A=IhpLyCH+sUj{$
zx*}`MhNEUHU>={DgH02M$ZYZ!D&1hV<7~=!Ts6;;s^+<J)vVt_ik?rMD=~@tu_sFq
zg5F@7?CL&*blG67D+~eXk6mO$=(D(03X`r1l6HlWLNs}msUo@xRYX`L^U%n7-Pg!G
zn?~kI8kt8%gc<=THxGEgJnDAy1kZwqInTil17D2<y_z7v)kyHGMFdc-b;Zo=OtHjY
zZ5|K^0q1H}`2b$8j!oN2+Ee0Z6Oz|54PVPN3^a8uj^}F;Yu6Go=mo!GgXD**xlh{Y
zh1Wv7#y*8!shV8aeV<xrlXxNigBX9IN|#Ut3kgTq_>4or_zS7=F{7e+7aBry5fgQh
zR<2RjMfeXo&uElIW}_@7Dp-t!T`a0#u|)-oBTwcf`*o;fmouaE8;|Qu75jCSUWBK7
zy=71xLDw~k1UYzccRRRSa6f2}0KuIc+}+*X-QC^YgS!*lEx3Pqp6|Us-dlC=RPUNS
z-8Da^rh4z`HLLfM(#VeKMp+zajBMYUGGb&sypLnb&$)iF8tq*kn6~bde8E=oF@D0H
zm3~|%5F9u_ebl9-GgDa1!QbN9Xszt@zlI&%kAmN^c4TULK-uludEu5kTZh+1$@-AQ
z7nOynVm8s#qXX;o_@;Js{%BESuVUr|dx8J;A86Ke`WD`qNYnogodaLxzF#1xX<@UO
zWyCPlM{4d<_mOk6Mr=_2+^3!;=MM9;O&Fu(9-;=^!MDDvk6+mPtsg|LA24|=S6J_f
zbP(d=Gy-fs?hhT7{Z={&0i7FvG3hj*x&zs0Yi*Lbyy%TXboz*#gWxgf>D<l{_BrW8
zN9MLfI#X(FC}#98h$P+f($&AWxu5y$y{b<{e`c$n`BPMO(fX@>&(Q{Em{M_1$^c~5
z)aoZ>1}9|<@z%cm^6|iPXnsas+A=7_Nw=cHTC;9W%3nSH&uycY^ku7RX<VAK8Pzaa
zm7=nh<juKV1JcY3BXsS>IwTe1UNbOK8Xj?iYB!U=@gcRBS!{JEe9!O!+RN~N+9hF^
zIkEbjkd;&L^=f)K-Sx}IYlD5OU8IlQQwaNAZqT}A#g{wihOTu+F<rj)<aGtOGV5(i
z=I&f+c;cP}skKJPSh=iqh?f*0M%O;*>gM6J-svplEsvS%j7+vGh#op6RkowpHAK@U
zKcK8_>kemHc@J#&t+LD^%6CVX4_g0q${#!V&x53>AHz`VNy&Hj1)dTxly*Zh*7^O4
zctD}(`mRNAobGI8h1Mj2Luhaz@v_pZl+~3f<mTd;Z7ICo5r^yYT2x63nLD(Nn$Zb&
z_ZJ%WZ?M;$My6w}zWac;vipGGd85wS`{)NhUIwzqAB_4to?Y(*@fE&D_N-04XS;g1
zSU2L*C+QvNeKsVX3FzI~Y10gozz|sO42Fi)hxUL;=iipi#ISW^wIdI-_ol_!lZR4e
z-0Q?e*ua~APRG+o%4Tx^p{@{D8cfG>3|@o~*Y;L<bvDH}+3~7f<;aa4tG-1tk1-$n
zh>T<IsWe2zr;ykW-7PWGtpI4TnX`J&(>T3~ylseWguj9+tSYRBS^s4MK+<9_pIqEX
z(KOrk{h9rX?TOJ5q+KKs4&#vscqq*{mi<DpDPYuAs}Vz9w=gQ!q%oOYY=tfmelFr(
zsp+jcW6yA=_-7_()MW(n?AQU;oxwX91!Yqvy0|63Olzp%q^f^W?s{WNO*B*P+l-H;
z;KhjW8<LgwfmIQ=qLvAwD9viPAXK$ks?CV1S&Z}ut8_s~P%}PFEXwgWa&jB7P|GmH
z6TEaQYS%4OkCZX4Z~QhDPmRC1u*J=%`Y@9E%J4?(v4{uCCNw@*7~gCnVNhh@1x%+g
zV^}{(FtkI_D*tVOb>1RrxM3>vyV$&jaaZpV;BwMXu?`WnP9gcKG<p6t?gG|hmu#5k
zp8z*BNlg89;)M2F@6;ac%VICI!KrM@qN|#u01EMJZ$&?<HRU}VH%EIt=PVreU2XSA
zdbaZrRt`(`6Qu%^B3qC9T(-8VOHN#n_KD#EiV@7Qgx>8;0cutpuw*@}EiZT%PBwm1
zA0{30QM}xoiYOlEUw9Yg7i{urdk6MCX0r_%9?vVr^@#@*s&`($r%l7t5_rRwyiZs+
z<?L8!7e1DxZRIp$c&yngy)uj=+uM;91)0f%cYbPVx-LcQmv@*&>WiwmCWn1ka@Y4a
zV8u1D>1|FROs_WdJ4AjS(HRFF(f$3%%z8X}V5jG|d4x(w%RU0^xY2IkDiM{7h2GV+
zdUo3@xDrdkx;4MT5YjTUSoP?mCgRZPA0Wbq=$3{i`BsYnm>uChy#12jC0ZUKdeAuD
zA`nI&5!qJ!J$qP4w<D0Abpz*h8`u9xApU)i2S21Z8}>Akl6;J!)gTnAP|lYG$Iq1n
z+Y)vg3&gpOy||8}u>0&^{2e3mUvsYYNF`$Wl&P>DTs}V}7A_HF+!#C8$GN@PGB3G%
zWqmiuG4Mo-^v?<{%1Vlsa*-S<@GSbeV50Z6@d06ejeafwsU|dquO^k_AzZ|$h9#=6
z)DtUfy;}z5O)n@=H|hxz@`(=XiBsgya%yjlh#$qOF8kO+`fuh7UG~w}^dDQ>q;5W9
z`v+aV*EUeprGqx`=skUu-ePPw1ars-1pc))xPe{+bmv;qnJuBUHX@=nVcf2Xy`ZJ7
z;CCIudqY!CdBi_2T3@OiUnxY+Y~*KN*28CBwCEc@mJq6JGFl6Qrq=yGJ15_ctj2t{
zuydT;2?Wo?e^HMKPgfK>I(@IdFLx_{Jo%vw-xXE)#FZA5^PYrXj=a(p@vdg7?rP46
z3{~4v!8lv7qrCj-I);br$rJdZ18=k7OW_}Oa;(*W|LAp!^z1^`#llt2R5EiNt-t1y
z3f_*BdyW3J=8_8*DS$`0`tB6a?NT5}Y}j!#C0{9C^qRa`EWECBa?9)fWh1BVV$%As
zqobovV4cy*&KAk%*S1=nBIXHT$!amA*a{2#N$l(}%x_F8>D>4Il49rk0R{EA)Ua4m
zj9dsE37#|7T=t2J?e3Lj5AO?6`1p33kHg)!K|6Zv>&Lpipg<o*g-@Rt?3XTjuQpZg
zlEmz^c5mi4$uD<f9gI^3=0d;lCvH7{5!)gD#oO|)wE&#_Ibc_L@>V<HuF7H6@lqp`
z5yU7c)N*9(NlGfKUwPd?_XyoOS|Vw@WT#IS9BYcf^Um?|Xj5$83nKy*nmHDFog;li
zne(E}xuTf2eM!dmCGjue+9iD3zH4#*WQ30nF4;J@Wb><l(v5j<Nx+=G=@HKNf&_c-
z{Ead7-09y=f`Rx8BMQq|IGvflhvV=E=79B6&-KbZ*Jtm?M2d@^YB%CrKPV0lqBQPF
zuis9uJxr{VoBTLP-sb!%K9}mnGnSfcBguPgd*!R_XOYWl*e9|0O1(s13YK@$W04Ol
zz7<7x;S~gk3ZhL_)Lkp=iuj{9_B-9zZj0V!IXXX1j7Sv6+!OoBW3>WPN1ArnC1fnQ
znpByu)C4manq_p_@x|q9=wrdKf|S|~GOg=ukqtaC2EinHw&HBvQi@a{)YObdjWCqT
z2d1jMy--!{q<#XM0scAcE<PA$oRe>5nNUm;;qR*9{`NBO4SH+m+wI%_f7$w==djJG
zQx)?Z?l6nOzUx@}9>6l+D?8b`X4!iRWOj*+kYK||>rinlQlRM`!&)#&FY-1S^9PSe
z!`xG<ow`*nh{@a^YLvlw>*#^w+Ov_je3p_@wU&QdGfod!)d9c2h<EG6cy(mIIHMkh
z3(!3|qkd4R?r)GwG&nr6U=6gFNTs*Z@WIO7Q<@%+St0xAXPttZofHe3vNbFOf@Js?
zaenL$?gZ&HW|JoGv=96%NTaH!$#e#6>Qq>oOscR+({?IE7nbuTiR9Myj6|C@NOCIA
zQBqo=e`Q5^9fI0hGXGvcF2{#vFy}{3-8YXfAg;07`<=6w1f}rUk<@*S*(sOuwNLv2
ze}|9SiN)w#-|~FM1eMyTT#D|h$ZDTWv8Cu*@xe)Da#Yl;TMqv<@|*$tM>C2~1Ctf>
z9Zw@Ni*f~Lw?2gveEkAh5~EY-uQIVOcBp{CC_KSH>|Y_m!FfukeKo<?tAP<pUL^fa
zk~<IIsek8<w%Q#EU{-n2rupBtE_|0K-d(U-_!}bA%%>VFT8e}+QtHDKu`=+ZjaxS@
zwuiF+tX(6mm13{!jJC7=;fEv7->88&o6<1O$s!aQ<|@fn>b4!*ECTmNgrmDMo0+}R
z1#Z>hc30EpOeG6WGiq#^`dgm>KA{XLJ})a-R@*PDp@e?>f}$It$4l{RA&F^R(X}^r
z;wIeh)bpd<O%WjO^D>I}MaVZI01Yv)GC2E(blz27QFJxohg8IlPa`66FzVjnuX=Pf
zHm#rE|IQvR|2!5vA8DON<gO?T-uoWI5=tb4d#|+4$>Mb~on5s0DyocZj3f~P>!q|a
z03GhBt*=Cf8(IkaRmYZtP!`FFL3yJtKQFqe(`AI_={_D#l<0R5`R1GobD0gRte0%_
zLdz(wd6~^na(|WAe3FwFq0+FO^!c8+38C3P&-xAmnbA+7R`2(7ODU(gEKMyIW*Yuy
zIZ7@Y=E;}AbHJfG1%z_Exq`T(Lgn>aC@~s31sjsS5u9qg0feR&@>O1sTh8RSAtppt
zQ1}(8%(hbZX#(r`4N(Ch^y-RV(mrmen)-mpaE@im_k=GZ+d8sYg&W`A{x*T)6C&f0
z42|G^#DDQhkw;zb0XzzdSmsfUiF9)$i*CcpB4bln*B*5FCjpjBoBY!?9Nt(%DS;`l
z74|1<yzpXhVgR@hbkR)w32&5ibK`b!q|?AlFoZ`P^5gf$ooZ&BHMZyTA9y=sXacHR
z=BP!A!82Vq-_>MKfPJ#OK;XcGYpI<F|H5{T+1j^p9q@0#XGami%H{dAONE%{#LP=1
z<2UwRsPoQ4BvRJeOT1&$6K6Kg34L;JU|GmGHNM)8GTTu1%Yl5Hobjt`svI@lDg+>a
zaaMh(U8?Khd>6?8GJwFz0emSikal_&`iS(%iC93;og=IwEkETLOWoW-JS7{q6PNfm
z8T2@Bv*6))&Am$oH(R!0Te4$Ou(0>fZY$*Ygf~=Td@=4zmWIs^2R-1o9W5hktiXC6
z*fjyu{teUlL(e~L6W~g+qH^~w<E^J8XY89(d#0LIBh5wx#nQV(<E8Jtd<1**uMpGr
zGfNMHGjk$b`Ice*j}Sh*tu4`O-`W^Xq7HXB@#pZWnvZatvEMvu?G);w9P5LmZiNY=
zpcz5XRva!8cB`X6sc$25A&=b%aTtaB?64<Zkr_NZ3m*T7>`8X_&b>lNFtSl~W#Gu%
zVpeT=BSTIl`Ye*4!06uFxY?<Y#3>wwx2a{t3niv0xK(&=mBXnT{ej!I7c!i<rD>OF
zqvErVjXenl{0K$2;d)OlwWPmvxL-g&6wS+32J^VF+kEloXxLi@#yU>qyqnkH|916i
ze4i$j*+VO`YbGT&+qcWK<!6ungRdps+hm8k9Pb!awqh_0=~DQ?lU*?EYFvIZWzxxA
z$ggWVeIptfd1TE)%ra!;LLTpuFTaTqbWbfR0T-!Qm_WOSF{$K1wmcVPdm04Qh6vNm
zwC~<JQyv16MoqAEPo=En2F(mm@`bSpj#Y+?eUy`;$_KO4!2Ry?29*N`k7i2-lvTw4
z(Nf0_RFKSca9Ew0{pXo>ms&^7qsjuW%0dUq$hTFjXaZGwy#ETPmf44~FLHjYFmNJY
z6cq-ZsNPofam+WH<8P_`XdwE{5v(__@j>-Pz!;rNh#Y7a!Zq0}hA~!4w8pW=1wg-|
zb^?b4k9h_aJ)>B)Pv+i1IP%d)7DogF1l-!aXfKU<IJ2a79W5wz!~Op#6ENx0Rk{H6
zu9VqNb%q`7(thBi<b83+1LdZC6-Dx4#=z~4WcN(_A)-zSqcc0X`-qUSQ;qi2E-KBU
zJ_AzirJpEQcxA}TXNg)!bB+#boQtRWqdodFeZn}isA!IlF=YvC9q$-4$2a-gXcQ(k
zE@f#mhdyNqg{g`NRy?}S(y4F`->XLfwM<p>Tk#xz4jQ-9{ErOF>NVrUA`op~hV+&R
z62PrxOxd6N2EFq?C-&9!s_QwqU^ZrJY^bI*4~qsY;Th%%6>ILQ-L=YH1kW}o-&RL-
ztQk&d>EOD=*%%ajxAD=wtew+wjm1U(g+)VIX~w_tjGklI`<#^;zw-^F26G(6;y4$<
zt1{e}KM(hRirFP$*$^C~J<;>dVI{K^JC`+rIm2VR0!UVy(wSJ^0Hf+_yLH`4tT%)~
z=b6{g^QzU1ar`LW`qHQsT%I7N#psQ49r0E3dQp!?(L~I(EQ>$k7Y3yMSxVm!i};gh
zn8yl)&|C;9vs*#~x{-3|LU#*Cp<vpDMgDa6wqE6KxJYlf(C&_i?Gj;M&ZaCVH?*5X
z{@j6zV>IRc)%Vk%qai=#*RC(K7PRh4YLYypUUehuUW`i_@VX)0H{Ok%O1X?6$z^r8
z+Hz}UOq}w3)kk+_7$yE!kpT4q9l`esOQ|Y_0AygTV}0fl-a1qZ`DXBQV*--lbEAs%
zL{=Zr&oz%rtG!b>%1H*BMxE}@(muRu^HlQq((2Tz@!Yk+W~$@ZC!5NYy1^+O3pjdk
zfiSL&H?oWu{hfCTjSawVlIqBpE&hle{1Xg-J0d5{v>5J-ebS!QIf8N-nmmv21oFkT
zU26|~)yFX^mNhQ^jrL8aSfn*ANb&AupmaC%QCFRnvK?WJu=JU((3G<<<zrHCGSN5i
zdeJBc9v9;Vbq<**0lfuyn@W8YmY!L%O+xkyoUQ#Z)j)e{UR+uM8Ml&CQ(W^p!zfMQ
zCo@)prE)wU4!rqi4`7K-xw|;=<f<dBhNf%BaZi=zY`v3{#Ai9B+XG91?PM|uI>Y=;
zA2x>Bseh#fpAW^qZO8sPTF1D63V1nbKt$9~WsEH_hr}EB^UDtcfM|*5l$S_@9qwjG
z_8S9{>RLCH?Nl_G1}TB*S<iI*nNF@RvR&HHJZ^M>e0YI8?1MZ}35T^9DM4W*;g=-m
z1Uft2%b<yQotqvex*mh*l_AiHshFa)hKZ|iilp|34{7xaG~SAjKI8)x5_vLOA%L^t
z3)mDCMA`a<6~5U(R&$Jn-E!MkpMZ(R-~pL>qB{@Wbi3ElHXw49d!<*cn60hh;Hspb
z^c9xEc#jyNhg-(HaK(dy{V*!OWixazV!FjfT)~GT&7Xuf0bh>ULY^@Q`aXrN0QFa(
zV0)q}mTcTK6IMldQF6H<xEGl(OfxuHTQXTYIFxz5RW)C}X&iR^i)EXMpWN>B!mgs3
zWZ~U1gBIqTB%CQL($*kCU4|ir8m^>J>!JKTqkP<nUK-M;xm!2Eosy`KvBIO+?1?w-
zH=@!EpHVDZ_JniOxIdG1mQY_d!^z-1qx(U&@a>CVL|TT?7G%DehbwqXdOAV+_`6pm
z{E^3z_UlqMMLBaVa;$bI_<Oh>%Do-@cER<o(*b2wZo#zAw|+}CYoQL{HTywnDQ=q7
zOt4m1IR~aCWxz47IG$$i!z^$9p=p)aYyN^CzGw<nkwte}Z;|R#L)H@?_{I7WiKcZ$
zbKg*4bULp#po)`sMe{dzStr(bn&CGPmPJ*WA<<D#c5syu!gV)MiCzT^66_|T*Oq(?
zm)8k>G3E2QySSsk&FcNHxclm-Tb#v>60tC~|1d$*g6_ZLo-Pyc;LqE1Ln;%9DhG~B
zDwt3VIntg=lAlWQ{XqZ0o#AuRp!7Kh_i64-VeDnp%NMvFRYlm#&6>wumS#pzEH_mP
zuxlIp%ia|lUzp&5mgYhCE_0O~iv9JEF4vuI`uLyv$FC|IAuFwlTti-JDjOs6b|m{p
zf+teykD$I+UxY1f1BK#J3dwF?58to~>LTiti1=DmG=o{1ox4F{gf&8T1KlWx&s_VU
z|HAwfK4uK}r1bG5cV%(K*$M1K<>QPv;Z&e<xG+^z@&}T{BB%*3ET+~*)F5WgSQD?%
zs=sJ@67w?|Af<^Av`=%|m(?~WV;$;}FOwr%2<&TOC|Oa9W6M|z&#|!bB~jax>xKK6
z{40xVi*a$lW1FjD;(JHC+JAW52=H(|%dJRB-Nr-4I=^PQu=yd#khkgy6)wq?&)PtN
z<(QO*dA)k%-|A7{=$F*{9MtAUq7{gKKFKtGY)H-_@3=i|pi`22J`X>Wjoh|&`NuCh
zEPHc@*zDPpV*s3a5@*W2Vo^i&Ud%b1TS(@Md|V`)d(_3MG6=ZoG40eUW2U<d!Kx*&
zDW_86ZSq}KguYgW^Zs<gECbP65(h$8tC`Wx(x_}@Bh~tJ;&5a5Psm0T!Y=-zbMcJQ
zQrFImjXG}nB=-^DrX0^3?d$c@CtL()6(ocl*xCdF0`mADlK4LdB;P-0?w>)T1H=Im
z04abfKn<V)umD&C>;N7BFF-IL6c7VQ0^|b<0jYpAKsF#3Pz<O8)C1Z81Ar;OG+-XE
z2v`AZ19ky>fD6DS;0kaLcmmu2Zh`PXL?99n4@dwc29f}&fy_V_AP?{xkPXNI<N}HT
zC4t|8%0NS)5zrI}208+rfo?!wpdT<27!OPU<^T(U<-mGi2e1v;0&D_y0lR_yz+vDN
za0$2tJOf?>FM$uhN8l6i4FnBB0^xv&L8KrO5Cez_#0U}q34sJb@*qW!0!Rg<4$=Vq
z1ZjfwK?Wd0kO{~NWDT+f*@5gq&L9tvC&&*J015#mfRaEdpe#@hC=XN)ss+`98bM8<
zW>5#H6VwIj1`UHoKvSR@&?aaLbObsEoq(P|AD~Y#1Q-eo2Zjfufib|CU_3AZm;_7?
zrUcV~X~A@01~3zt7c2l40n35q!Kz?2upsy+*Z^z@HV0dPoxtv3Pp~gI2pk3u2S<XV
zz;WOta56X*oCD4U=YxyDCEyBhCAbRk6QBdZ$n0Qm#H?rN1hzD0Ha0OeaI$n{wgek8
z|Bpt+e@6dDqQb=9@_&mu=)lzED?&p+2!DZqApG~r{|V1KgN;q>9saMf#s723^dDsh
zhg(!OV}1QPTYINFCk8;1zP^4aq@i=PfBswjMB)N@ci}?hVEx3~T>jHUXQSuT{$OTi
z;o$zcVcwg6{KQ-5V5Vy;nv1o!3|N6qgG|d@Nx@K;&&S;y#2;Vl;4MQp^X5v5t?%ob
zCOiQcoQQ;C$4d=N{DO;xB%W54CNV@5DVL><hfKJEml}jeM40Mp3?U6dgEsOHK)aQL
z6@r8vhN=yPFbaTfU=jZ=;+sa+T1flFxYf)WGBg>|kebvK`WZPCFK$Jy8cUxOpOhPd
zm0mR)dfe2v+{8be{n<F#cR>rX?&nbEeqdl=VqhTR>JctYR@~j}{%qP$UX`W>DG|n%
z-_-|y_Q5wQrc&^eF$ihsLI;CLYOvW}{3Cd{o_`ZWOly6STo`~rsMYOE=z6jMV31#1
zB@gPv7>0f;#)`UqywRBGqcg>llYO$t&!1D-ZeU?v>{@rzSoeqeg?vMOV`KK(^fSCO
zJij5*8x<tw!TA2(r1*5zbd+f5SOz0gu7GlHJEeMWPi3&FLb$h#xuzjlA<SFBG+vP5
zGC~AFznl|LF*PAO1(XK`oqVS(r9do9tinxgjaO;Fiww0#%`AbFGx*5_I!WuT4Yfvr
zcu~$ZoZ8UW`=mf1m)*AsVKP11UII@sw;T;4J~Koi+TcV;+kt#~roFh$e$O>1zw;00
ztn)0tnyWHuG*o5Lo7|L-oL9dKZfY;%=w-4N$nGsv!3QPVwCUnFO>Sg5xS=Apo3fF#
zYdsh?M3x<%YRMz2s<^cfrT5>JANSKo1DO$%4Bxhn>h5?i^f0`GeqZdaE@h!QpU1v2
zat>7%U*BTjU|;s`%W5GOx!}+edfN7Tb+6BvQ44w`TXr@+QA}@cV${G}2|B*b$K~+1
zP*(AdPav4V9t3uN;wqIBHO826c^LjJFUAsTs9wM|8*59_<vGG)S)D(Ax_864JF=4A
zD05x5y;yMb8{YOH+W$E4NwqSuRA+9tQ9hYNmBIIUfVt%BwoJxf|8cYUub#CYmg3#f
zw}W2b?E0sM{N%{p$i!*UxXb6^#O8KGubY?G0{P{(O;zEKFEv#@B+qrUcYnNxC1ne`
zkOb4*a{1}|eIaT+`yl>b>MC#@uQE;lCZPR4eVPBCiRkcOm6_N&ga8(_V3!<Gwh)bP
zN!D5I&N#qyLRQ>_*l#+6E;e+ubLl6eUfY|~lk)IOqrs6b{Nh4*Fkju0N%T1Bh4JJy
zfDdc6o)}-Wyc0dMS@Mcn!~PcHi4ahR=DPm)Y(dS7RTmJ4OQrx?Xjc1q=3)Tx{-DM8
z66eJc?W@}vl;oaaa5j|WSzF?n5h?Y0C>`I6Nef{HF2%IV;zhhOSn{TExpJ;uEg^r)
zw5!<yHq<0A)uaCJxYIrIDrZ9r0b$7s0YUWt9d{i58+al$02&y}4~lG%!J~hAzo^>c
zA-5WkqM_LmEzxEuseSc}MM6UYP>b|c<xA_#<inU~BUDYB>zo*B;b=B4G+Y0uXkI)W
zXkIE(tE>6-y71t0X?#88ef7GP6O+N~aOm>jFr7tdw-)(5j&=bp11$mHXgU%-thS0g
zj&`K0-#pEXqgIW;)bvR99vk|Mt!JT>`JP2<0>(0F)|5M4Ry!&gDxq$)X~mFnc~wWF
zV$m=Oe^RoeVr%^Lywam+wHKRUvQor+DXBpk90U-zx}>V?($Ah!9cxe4LQ0}uDq1j1
zGfG&iN~&y>HZv)LZSIF9;p&=DGp}1iL^~N)I~k{!t6WevXxYiFT=`{aWvwr&4zBN@
zz-UIu${zB_O2K8Qu3Ri+PmzuyrERElUK&hpFzske<oqFxEZMag<T6^cV#t=NO=qS5
zdvP#b_Pi)Qmo#j4H?Ki!9Pyl1A!8G319lx^KB<;CG$5Na5DuYqxiW-;1jbXa)1wXM
zpVo8k3KTGoqE^SuDY>pql*KvLq=L@TR17i)_3?<jduqi${}f7U?M?T)-_vx$A4p4q
zf6L%pxpu4!#|L{I7@wvF(`EbS&d{cI%riMI>;O2g%o(N!<qDJTl%yt&xVocLflnj&
zdi}V3Z4iS4e@+I&p9F+^E?3;h=6|$@^dsL7I&Nt|#eB+x-II<!2aeVY`BB!TSJIR+
zS>E`rOaq%LP%S)Q1377i$Ng7XckjY_)J&jzLiOD6%e&5KA?m1l-;W}~QqS3jSeBBI
zZkeOEz)~2a&!j5lm#$G~T7-9-@cu7hedC{M`$q^}NeY*Im~M1g{c1p+pI&}j{L@t}
z_l{Utm8)oQ1WJ_T)&s;;645=_8X5Xg*a?Kd8)C@_a1!dF$UG922@9`OM_hg`yd^9s
z0(~FdoQlzqgFI5DZI-f(90M%VAQ!-jdB~VQNGGYlN`M)OxtH2T$!N+`HTa6GTzPLv
zg%@eKrNp92;Xt^Du&K%su*eq0f2AH-@dwX&a3&T(QqpikIom{-Aq}UtleOB<%!D-g
z3lHXS)8EV|-DtwSHCF{!<`K9(K34@{<`JB|sT)E!<`R-&ryD|`O%AM@PvqG@G0LqE
z2$%wEV`FdJkc3|9>9{bWM9IUNvc(lnSovUTU5skL%qXX_d;tYPRbp%GKo{j!y<cN%
zz6s0{+3h3RY#nZusWCJeDsDkB&xQvR5S`hCgKp;hLb7}inNY#+yN~k5nmrm|$gm2R
z%GyDAAAYWHM-bwMV(3WInvc{9;>2Fq^J`(oz$>WJhiZstRn(Q2g+t$#8Lm_aYG;d3
z5CRh!7I#r}l!yhrZyzO<1od{u*2niAI@Jbob{f(`xYiqGMVNRgX8;aT4y6{7F)#;O
zEmZ$sr#|uF^o|&WB$TB-BI_um3fT%NT;!oa0Iw&l|E!^>G@=Lvt{Ct;#t?+5Mtb<y
zy+$#8TxOQU0W4DCfGvZ#K&acoyn}rz@>04GxYn>nX|-r~2P%-gYi>q4nqA>{MhK*o
z_(Av9);KImdFoNv>lp1{qNp#JjDz31z3JlPzQ>Zod?^kl93{I|mi$^93a_7BUiVep
z7uSdbX{fZX>Z`RQ^b4idkgG7-SK1_GeaaPa!&Y3>FPpmhPK5-3phe}-e1gHJYg@y>
zOyki&h%j<U6=7y<|9mB$O-RUS;Y(QG4oG@X`hXP0PfYYfDk&F7==OP4{r;#x#bog)
zE($?>vndg3DSKD6@vpH3<YBX^aG=}S7(0rNC+ZYsCOSi;Kz>b$$U(H<SeHYtXd(1*
zq^+#f@!$Jhzq29$#rzKRDd~UoPD$nG{wyQ+XF-h%9}wG6-DIL<m7^RE;MImfNX+Fc
z41yn4t=A8okCV~N%Jp?!q}?j|WBCi8j(jwP3^0ScCR(byA~b&VDi!sBN<6%?gKk4F
zU8WUUyCryd9m-KJ9~t8Cq%ngDl}?@?R=2{Vkt<y&Od8586B&ag3d0sZK=Bn{H0m$u
zk2lOhTo^S`QD+|h@u*=U)y70>Wu<*|%x4}J;>n#oVGd035s9yRtf-P$0eye+_K^mI
zG5zTGL@d$UV+VVG8A7?TLl)#6eP=@N$C}Y4pFp(52n^>tUH5=Hgkmv9S@ZGa`5I-4
zY?%efwMC#Frm=q#zlKOMQ08F8OH}kGTfk)%{0WaG9Xvoo#_>deAu*`Ln#flj6#Ap!
ztqkOa_O)WfaM6m36qD;1%!2uQPzhy+M-n@j=Y~)aFR`@GSQIl4k_v%VG#?76G;<;%
zZpa6F0&PsLI*~+;KG-T5o7KOAG#VUmzCcU<GgjVywAs&6neUDk+J450kQllwBfPl;
zbD$Fxt7!i#lWsU+APhKjAq_?d8S$Tk|DKMoP)MeRZ|<0SiK!-f+Y}K%=g!+Kv=(xc
z+ZsK9u_4WYfsx1YtTf2M09$}55|}*4Aq>&k2WAY!E=aj)#Eu2U-kuOvi#(7<u;=dT
z>QnpHv}D#iVzNk-g<4wjOBz2K8PAHhPehEO?VT`+tMP<$WEL6@th3m%aA_0h<{S3+
z4U~~m`v~UB;I1%+(aBJVlptYLU&j{^gZ#;`<&8zt*jcfD!V6IPf8=2Sl*46I4e$|W
z5Nu#GCrR<X?q2`pr%4z{Q2K4m8~h7FNW7s>4^sstq(oG1k1T|}AdHYDHegoxyYP29
z)Qj8f@FMY>I!q!o**MJcTG6TRe>BoD-6=yyhl~x3E8uyV5G6~D$g5^tElS1l16p8V
zLKFicUqf#;u*qX`{{0eqh-V+^rKrjX--#f~^^L4l?VFhQU&EUnWVkk4ih%s>0i7(`
z%Mr+pI78dXFXgH!*ttq5NYtMW@4>k(_NAm3srHIM{#ZCKdYksmQT;2QIlshlt|pRF
zZ6qz`9!x3pA7nUYV~#2m8Ms|qbqT_36d5B@^%vTHX}8j2Tp4^{LqBZcd2VR)RpxXS
z-z2t>B+~rIcvf0J41iiB!5?BR*bDmMpD5E`N?vZQ(g9vSi4-uQ%T*(BV#s9vpzS!2
z?=)0_p)Y<~JBG}Rtj@Gi6KnZfJIqw!GMhln;EIIc?f2p;VD=Fp2RumNJq3%V4(za#
z1@eqWj0I3WQ?TO%((gb`A<@qMy`1O=6K?Tc+beuI7RT*0h20t#2UA`$4>O`L@z)5~
z-J<^T%*D+?jK4NUpd7`QUm->0ihL;a@Q|L|af{GSEkX!2c`(F*B@s91+Sjjy6@#NJ
zkgS4{8{J1M{YD8v6#L!9@s}e6KM4wmMPF>SkMvtTrv4NZ56cA_EKe*#^$*Ffx6fWg
z@)H53*;2FFg$U`mnWGX4q~B7}I&TZp;4Ibugxx&v1QH!oBaB1K%nSQCVb<X$(k;vm
zk`M7{G{Q{|(uv#EA+QlmdNuKfY6$l|*Z9gXVeTQ0{>$Gkd<u{x2rz5N2=eW?dZYTs
z@WGlQwQpJo+YnRU4F0T07&V%a%qTR;q(aG^Xm-UEyD9oyz7F%bTe1aV_|k63k^viX
zth!?5s$q@z42CE=y;`uhuzxgtnPaHUA$1YWl*wWWI1ujQW55g11;xphXipmCL`SYj
zsGN4!mN1dZGwekCr4i)1hYoY1mEyOV)9}EMI;Ml|=%+YYrh^_~X-<0%Tn=P>IuS^}
z{P$OTo;n$x4K==ITmGIP^)58)PKu31mf5~bB+}(xS*XreTUS3LwFNPj`&5Li^0(@$
z5Sm|1l|coB;&UPg?by3mJ6U8*p{`UY>F8MkHH8Jt#G`)d`sM}nom0qgX-LNf_ez5m
zo+M3Z1hgD&l&2cyjMhkXWC~op0Sjz)(UQB{^jV0leY4VMLr)buUp~<{M|Xm9IWaPA
z%*nX^I(+Z9iPVUM4B;9c>*QBuVW2DggZs(lhh7>G#jE-R8w@TyUgUyUk!VFAffcb5
zZyT7qSVFp^vN3mq(H`pXRqgHn2dab_wDsEuQ29yp{>98j^$$YC6-WL0BnHFqLU34!
zIt!`rBuwMpO3E%;yZD;~IMd}Bh!@lyf$%{l7waox5t+c4<STWjLBprqOU^eQCZv!X
zHwAz)MXwx#irNi#>Q{80!?+Ts;W?S*8OpcYRs5$Ek?BbN?Z(b;%0KC1UkoLjH7~pd
z=kGkKTK;vXXzpwdo?2io1(sT?FvYsLpMvf9&q!g}z*ey@-igApU%a~RMfeh-gj92f
zppvnTN8lZ8Hh-1y$3gjo3R8RtYuNh{LsaAlzxLxZ%wSe_L&+oDP~hL2`uHUS+9~~e
z*!-@@ub+}Mz>;0twDxzd#l1G@e`(^q>(-%}PDB~bz7V1N35oUAe62S0tHHYd9c01m
zoo?HsN_o!cCnOQug79(khFL(gh-15(UtU#)yc}Qq-F|3Fv8FP6L-YQHZLzTEcX|C@
z$57UXqWCucIf*5n;9W%JgG~!V_N&RJ`4w=;Ohs_*^pZ1_Z`<Lrf08q9-Sg7ugRG+2
zi?^8ce*bOGG=F3(TZ5J9h#1REg@5JUy6MfAtG}8^f{Gt_|9$ww`F=3*X`F0x7_Oe^
z+Xfa18x{%GX4E>5?MP$@ry^6gXJ7Z<@%*m?Yn+JD8ZOM=T(91m3zm(2-uWJ}KBwo#
zp|zclsb4MEK3)d3)-T<v`D1IH%-;(ieLT{W7(UsJlBTDz4Mi97g!H^WLoQ2VwtX6l
zSZWm?EZ_0+^Tatn`=2DXPaC#0GdpIzbS!F5f1~!Cow*l1Jz_=>FP5p4wm4+51*TVi
zYGq|wu<PWWeW(!}x&H$o&Et$}NVAfBD&#YJxx)xOU~cYfsS(~hHTGaW<o=E6`!nZ3
z2`~*?OSMZfNofuip$EWcn6ck-n<^*9*Vj7ZB)e6VI1E+2q{3HMGFX?l;bym8yCUsu
z9@eR4%o=7>*oPsh!G+xL%fh^j%>@f92S}UhN6^VWZS&8n)Y(PTvJ9FohG1g;z?Tn3
z+kv}4OQ@sW7ZM_Z%Eb{l^(lxl?JAq=eUL$V&p|hVKQ(Vq)x19^jC=V!nD)8!|5;In
zlpn!N$J(#)WYmU@m2Z9)y&6HV4<I11eQYCe4~X!1r8&=PQqt7hoS#zns<z|QHP+d-
zc#^zWoP6bWc)Z#GeycxPc}6HZNXX_*Kqiy;Dv<$2B?gN5vDVXBH&z!zoOMxs;TqIt
zgL=}w5(2)eCdyg%KE1n~k07r7nFQzjku=wR9CL=6{XVWM*yQ43x4>+Z-PE-Frq!YM
z?TI_%(=Yt)?x9|(g`bIO{oP#8;$Fz()Rd|x$?oww>V+}GM%D<WywQv1{EZ{Y=>o&m
zZ6kP~<Iy-P&1e4pG8|dmhDjrPiK&HqtaeqtL&&?sqOWLD)5<yLu=|@3@~7$CCWXL1
z4xOAi{_{h&8|q~Z6KVd|+sgEW_xs4D)~1gj5!dVN%CVOss<GGRW6dGT{Kis%rq^r>
zwEMWHB+|*xw$f@6mrlo!x7Dn3la6@ByTtd|cN5K<RJfG!{GKfb)`zj?*0*5wit%mu
zD{cZs9@Sgtt(c!JJ=*PDyDyixtKr|=#OR$B0d5wjSJa<U(@Qax9ag*~rQORM?(Qd#
z^S^RL_BOLOHznR(8_(zb2Jwep){kIow%YAhe0^*W*(??k#ezI~d|J0WEUS&hMT@3v
z9u`ZR>N6s?+IxJh%T>A;pU!J?!nq%|-4CO@5X*(SJ?gh!_XAzJp9c4{UIsP>LK^+z
zcsD_P?}sBxr7e{J*)#W{cH7><sVn6(;#XI_X%?MlYyCDio%n8T4|50O`|`TQ3T4>D
z8odU~zG#T$N6+r>SD`<mC!&OI_X{FvNH_%%FUCWainQS`+znq!?S8{4tu{2nBIlfu
z|BxDfAQ9~Mh^oGON$b9{!b2A_8+y%wc{9W>vh;LwFkayJtZLaJ^e(%MdD<Il!G3ge
zNx0dR&)ZvzL301BcO_bGW)^yK;W|I2*6ADD`<F--vg)?inmvo@QWyEfpC6KLBhop{
zxTeho3NY`%Bp#(kb7O+uXO&JNSGp@ct@J<I&EE(F0Ekz*u2mjQN$(?dG$ai76I+`c
zoeozgP>;U@1lyGFOb@fmg{+Mki=jjp<$JKKZ;`y6vdv@Mc4JLVR@tfT&T4pdEgtZ<
zFMN7k8joycV}@-U-m~Zjt`sk)xvafjZldaFI+p{Hl~~Qf4i}AX1Mpjzc#POBxV;a0
ztQ;Sf9^?6HJXd3iCZ(VdQK{vwe5xNxtk}DGFau81Q8nW_E^EBP%)--$nv7m+ZiR5)
zZ391hN)#{a>lM)-UCx!FICPPxUps5MN$X36)nz|9jJ+;;y5dQ?RcxExKRPZ4u8~$}
zXuxsYf)75p`B@|`H*1Lj7dkE7KhHf*pMq0uma}<0%&r&AlIUror$2YErB+M01PcN*
zlU!d(xE*ZR=PE2Xfshdv(N*<qG~HT)r`1!%o~u=d^A28jE$oWTG*hLE?++F$>u#>=
zS#QO;23{l|&diq;jyYYy?NaQrG9jH0?h1WQ19>;y$)R6A+R)!uu8@9I-z=NAoS~%X
z-D-$(Jkcgh2V3C;J!czoUm2}4xvq*OuiuwF$JAF8i$^}6{9z9J#{P02)}@^I==E{k
zCiJ$NG>kp9mD6?-Qd_vRntc>u`l{D<qN}OWW&V-(<F=x%K;&vO$;8s-lO=R&U90(R
zl;!5*F<|;iPqSShpEl2}=SThLhOFQ?)9-^E1}8v`6N8dVbp-9_aQsqTkKnWOezNO&
z^U}tMk?N|+Yx-KH{SRkLhbi@HF17gnL!xPq3YIbEZ!H$vFx!<z74zRr+csv3UPvY#
zudFlAtZ!K5wtcK(03FWy+csL{58>5!RY1*ipG!rs#ZmZLMe@P559On|wRu{1F<ZWa
zlZu<dLufx%4Ais^{(5^!=5srTwL+do*`^-*-wW=rjEtfv8llSf>%pTE3eSo|LT$Ti
zfp(H-r}Od5ifV`7R5wCwBexHjm)>HXw(frnP~W?IU&aSYhD|osF`S+?7RCqs&geFe
zE;qdwH_vYEnvL4NO;6KRT&+6!Z~VNDc_aMY9s9fCFieyCFfg$#!<@k9<2jh7>*4U#
zK$hB@{?f9#CxJun?v{1By29Hk;OP84*RzcO_d}mpxx+@amu#}cONmCb%~q4~&+`co
z!R1=r{MFZOn4B*0O#U6sl~2Qy*6lEz{1XEw?^Wh!_VIm}%P1@34w($^PGxW2tI;&P
zlH>y-rOT|QkAlB6vdv#4bn87*g=iCL52N)SYuw~+W0u>AJuWr!l^EPe+ZEm%g+A`;
z?v$@A*6S~~6y0vUHRqbFGO&PW_gvGo6*39M#L|)HWgtRnmKdE9ly1Sl5f_Ui1Trhr
z2@yiumr7mwpcg*%-5gmhBjqWq@}j}g>}8CiK%NrkjKW`o{*|eyQU`?iSo*Ry?+PF9
z-@cXbC+*i*Z>bgvY6{hxdF{@=JOyE-aLWs2-Mw-<Ss9ox5KM8(3%S`ZCn3<C8JkJ(
zM8BjJkPH3v`m@_G*ws_R{Bz4u9Lq5P-{Eclyt48YG{haCn4P&9<?&%5`Nv{6c4B@E
z4sL(F?VLAjY+O%%lbu6Kh{T}ON^oPLla!&64QR5PVb#&i7asv!;zCy^XLbxFehLx1
z-nKWosbK$bvpd*ZK!h{O=BlY0_cGd?_#qY_P~yX7vdFWon7uEZeis!J!d>0uh4ylr
zSAj9$@WVT%gUJy!+vM#HB%Py_l5OSlI1nVCvQAQ!v-NI!a4(SV@hrr#J^p#{`41TX
z{Didpns6B#XrDu$Lqt&W`*Ek!Fdc&`GyVSQO%Qpf`}#?H-l_$Cn3)ULsz4!@#CbUB
zkf))kFc!7(-A;o$#==alA?kdp_16q@8&wng9_V;u8l#CKvc~j_rx0=b>*`94pE?vu
zWM`C(2VEzy%XQY!A$c>#>SqZ~3;lFcqj;v_tk-}k?x*Rd0lOX^ugdqiOI14ERpdSH
zSSz(rt`YKeIhVTG=Rep20GLWfv?c6KA4H!zik#mm+~hx{{seTg#9AqhHV=}olOw`4
zyh4}1Lf37Q2%E`DEbd+HqZPoR2o3$bQTgbF)RoY&O}A(}JP{e455S)a7`_(36+D<5
z^$s>gPGv#`CWUBxf46V!{W&JKb}qJWS1f$bB7R@1=Dm`ss;ych!F(FpX~}pnAP5Cz
zVRO+VVKNd(R&)M?$N-z)(zW$QGuS{QT3J+4!nNu-ZvO9ALB<Yj`XVWD8mpJDu21;@
zH&qM%)8b;<e?@@gcC}qqnUsVfU?GoYjfRa<M&L2<62e9}Qb)Ayy+>dw3g$&O&W_rb
zr*-WA{DzUuSJB!y!)ae;uB>zb3-R*|y!({Be$G)T+O<OPGs{akvTJ%5IeKG}u`eBr
z+-$h>&oxvIR+b&W3M9r@h*uVM?I(r!@8B9~&neNuZK3^M9mz_pd$A6}FsW$nOlo6#
zI>zV6_%YME*6B8WrN)c&$JO;ry4<NVvf*$U_p)YZPvPM2)zFRBS0<z$B^_^yXzy}{
zTdbo}CDbyJH;ln)4BO#SF2E-s@(uK_h4Sz2kHun0+$5}FS)A_s?9XgM;m+4apbaKa
zlqFZDPazH4{3zL$yd8qSb;+}H^L+bebllRHw_Pk^O(E99_+j_d9Jg>svYbg~qttv_
z_xk>0^=8f0q_Yy|)C%F4i{DVv2v&e}I~e>aV0!wvbhNi_AiVAbv7Y8QinziSU~IW)
zHab8hgTKY3p7V>LrQ$7_%!UNyBwm*;GY2ap?}x;vAnkWyFCoGd5uSXJth0df^Sl|K
zw-&nQ{2S$O;hEf*&Ahm)&<gLO)qGZR#gi>X3ECY|@GnREy-d7Y<fIZ(c4a8*m>Hy2
zNGLXELpEn+HfJtMqmqYu_DlKntUBZKxh@wnHsfU-%vmOnz>b+)tW2a16Sl%A<CUnc
zi{dS36&smy94Z3(4$k^bJ7E2{<fIa(tC9<#KPS5KKA1uxyE*ud0|9U_N<1-3JU&ZY
z(I<e+yH;Sdf|0`O!6H@lr@KWRcoFo?#>AUh`}x6K&tsP0^n2vi+px%0k;qjOY!}XU
z6=t$oV~$y`?<r4?h!iiSPY$Q<Dc2Nv_K(B-s`Um0pX21!)Z#6D=2sExnVJ-xgU_F;
z*O1^6ag*r<uh@OBwN1g_^v18dS81=3%C|n+&ag7NT-U2s4TmXQ?mxp)Hia94?A4OW
z&Na80AAyap@N2k4XeFHi=j=I20!RHA%zvQ-c%R&-+^_Go|Mo3A?DXM4bM*mJDDZTn
z(qvxwrpum9j5#q}7iY=&uiO=Ctpql`1!4I|vyQO%+jQKzZ-y`21gfVqY9v{e+>@@b
z^Kz|#k2c0Lh%5oR--&eL8GkV|#|mG+xrwZoP&||4gYGw>@dj|JjGhetmfb|${ka)>
z@>{Waf)%UXUSYko;s5f=$@_Z3Wa)F>bwIUwRy0_DMrGyC;ts)zf9r<0^XQwj4P9r$
zLK5o6{wzH4eC<bDnlG^sDAyAnW@3uz)8;~frK>=Ryhy`bfkmddtT!w>_<PAI1GH{~
zH5?(0K{yg$=_+A1M9+GBjeLW302R*AGN`_b7@=;*P?JurC;#O=9rj&QC0CDKpwpC@
zMo*TOMla^w`giJbjnQXK#)n=@`~x3#RI(sk(yj>ieb!7qSN;<(e9BS)Uu(dj-?m6M
zAC`<r>q?+ef6Oc@HE{t6M{-qw@v1pz3M0}NW-YlHdy4|5<lFLq9bg_4yVil=9qMdY
z*TP%CHAMBk@8Fq~RM_8m6eJ$bXE^olBn0Uf3SG6&Ujoa|QXiNDz{Sq|?7B~5LYR<$
zMDoiASflZdj@`t~OjjgvXMi|{_eW^S7C|xxloeWVW!hG#Qf|Y6Jk)GGz=J)Ik+G+Y
zp(hO@qDg)n&mzF`-K>EIKd}WurBl>X_TKaN18xj}y@f9b9dnS}<F|I>pM8NZYPVvp
zxF~?_Ew(%HD>Uw-W&i84Y~l?ucU#o45np4!LAv3GU_NRQl772i4Ixdd14~~Lu~B5#
z^2eNTNf3ydV{t3W!juA>QyVefLdfhi5E`(Sxuk42V}wwt7kj^2$U9Ir7xSX4%oDO!
zgix>s1?&9ix(o=kQ|yfyrP&1ZA~^}{OFbblaK{ci`mD>~r(fF4ryp8nM%rjuq_>>t
zVxElP0Iq)RUr}1$Z0D^@&FHsD^kC>McSh{FaZg=$g!OLE_ioF6`OwXLe>`uR^k{AF
zd-mZV`<$ozjM2RPq@DWYFwYzF;2=|sncGY{jWM|?^GGbboE=>7+QzrRk3N4*eSS1j
zB#ich`AnS?l0+#tUUaOqTXd9@vWrxcA7NmLch^EF{g)oFfv_>XpH#(9U!y(|6l+P%
zNc5)!Ll4fOOQARFD<=4Au!a4?#3nOPohnJFr!xL+u$T;4*a^9DcvoCG%t5pNouu^q
zPA~;xBZ?_F!F~OPX>3T`qA;;n$6dU4ILM#P!Wu)s9lHl=xaLU<8o@Bz34=Are|Ckc
zX{@}$<jt?>ZSm#rQ1HcbgL<f)8pVi;(Nj1MRY;}Lr%oid6bmB_{3Pb~5$tF6PDI<2
z`i^M4C8Z=v;Ba6>G%!-vY4k~w@gbtJ54-#M<?%BR%c~6+I!D87)Q55^HsMz=<p(Ze
z8Wl}d!@lu3121?gJ^|3MU&tz(K1<!Oql!V6hi8Y-;1%9I`jvVd$bzRJVsd88v*^l}
zIXB=m?jFEv($kk&Z$kYKSTD<L7Tn~mBFa|ShrhL3)6~jtroJp`Ju7jh6AD7mpYp=z
zJ`$WC6?#RC^)Z$BNW*$QYCSvhtgsZkf6^9B@c%4aeGIzE07<fbO3=npcYjytslA*o
z+VUam)HCeVqyG1;%wb{rq<n%`<Qfc9KUi^x@-3*I`V)yC{ab<5ZloLKusBfw6%DRa
zZ-@Sy+&Pi}hM1JM*>%15u&We7HcTc=M{YxFJkM|EURn1YDrqJ=80UR6&hv)k0Al0C
z4cZ)u*Dt){X7>#5HhwUK^6xPht`Z?m3czfmpSh~lGrrS(c047sIqV}l+8ii;>T1Tf
z6#haL>fuivVMh=NN5`-#h>2rztIQt7h4AiPMe#&6PI_g>-Qiw0cl3?$-dY&5-0bF%
zvsXXSp|8gYaaW(rSg3kERP@dao;5o@*W~4^+>zKi#PaqWv)1(r`Z#?W_X%M5$0KYY
zI<{k3pC!FEfRjEL)V!^OF=!?OpXIQBJbl51*8&ou98g7hBJf`)k!e+b6{1yN=axxu
z#!)44n;w^&^K+wV{@Rs%k8C3to4gGxC3A>4N;+X)zHa8?JU*pMkKW;o?4C?bjBE5-
zARr<&3sXwK0%v>?R|(>7-m6y(-FM@AcOuwY@l%Kj`toubYE&dvCki3Q0x35$^0%{2
z{)o*c3w~0;@!29fDV=rIDm`p_N7~|V3Vq`MXl8;^6>X(c`94^eX7=i!>1=Ff$+(%a
zK|{ShQy9#VRyb>H>{ZVhmC7M+Q)jRpNTVp)7mtw;rJ5O;y)7Mr<T;zJnzg^=XEG;V
zV$jIWwkAFe8?XdgAVAS9X;+*H6r9#bnM$bB63sCLc!huM#ni&X=hVRcW!yX5i<!R_
z>jzASY!vpPNspJv96vG&Jt9E7cxJeH>5`Z2jp-0K)bWQDs7uXtV@a9_D1*OLJ>yR`
ze~$*9Z|YOaHAQZy20WEX&ar{oJNQ&NjGy^8o34w&@K+q%oOl~U3~0r8|7|}><r2`O
zQ*m$~nBYAK$iID@z<=HaKa~)C6pv7SI?CeCQ=$JKzTN^hk|4|0Hrr)pXfrdj+e~fd
z?lLnoGcz+YGcz-^8QRQkW@dcenc4U6jNbkwWhqlisiab5#JQ2*J%@#yf$c&AtKS-H
zc%y|O@sXYeUK#JX6-Hnaon-l(q}CU$j{KT2Jirkp6=YG#1d3wC^I3*Utu;r_R)946
z6{i_mWKb#H@%Id}$zTwd$WORrk`w(z9jt=4cCO<yHJat<oC1#TnGsPf=EwS1S`FdP
z4E%zuCc`p?{0V<JHSamqtWjAf{oN?&)^W{tIBmk5)6FS6>uAo^l=X|BH_PkNJ*Qi_
zy&26arZ9~4CK@7%vy5^C8jhk2eyv9tVCw58JJHtk5dGrw-8kqWZGK^uzc37NbEVYy
zo$+JVUBqwb;DxTW+RVA(05v&iqdr+Jv*|V`DnoWf{B&t+nWOLEHA8seH|64U=fd3O
z7#JTce8;5tu0RGlV#DmygtM~poub}0&~r6&cFPisr~!efImjT|sC}B5@;dVhI@kA^
zTi14gX%gX@TqT67XMX2R>Cbb~T`UpmO$k(Ux^uOeJ_8#{mk+}pY1xHFNLP8v#@>9r
z9EU(MquX24tuA(F*wkq=q}qGA`{rQ}B$lh%HQN4Gi^;6#?yk};(a$3s&aP+ueUPGl
z&lg9sxgA1CR0}wGi?@`7dzXjVLUlnl3BP7v&%?1O<E#2*$oq~7NaC?OhQwnnvOgUP
zqHifFvmtXzT&gevjyB}{fD;BR&whEc?)7-8l#DR@wzwmixkW6#Mm82rPE;3QD!6md
zgpfTQ!)mx;hdsufJw`))B)Nj)8BViEa#{0>3~oUCDuh$heS*B~>;lwf<&WU%17OE2
zusJc<0)DufSpK!K!UBEoR}X60jyz(JE!jf)Bx(dyt_3>LI5!PYHPnldtzXl$u3bT0
zOtLGM>|R*(O8B(fMsK~mE4I@+<sc^)@g~{gSXqFWO&}gqAFFHnTUb9Hn3_wKmDaNc
zr<2gi^v@IUB4O>V&!gYkCXb$35&UB@qE{Vn5`hiX7|iXVOzkjE+JQY|QKHO*IAM!%
z^NH6tuH+tG+w<bqsu0~{KNrcD#fVh}=SX;01w^BLeqY#H=l!DQHsIcUt(Fj)v7U%L
zJ%7`(iC({_@L9@ez|_}_OvK{sZ&lSB%-al|SWkU30K~z*bOlNTTazC|)n{xs0M$33
z&a5HVl$ss|Cke!tq<VPw;u6LQ;!XIdwh2xr&QT~+TxjPC?ps5!DYPtmWRcmMDr400
z-LFs=3})zgl!dA#$XMQqy0uYV8T;2P5IR!?;%+Ol(LTcYc$&{;-MMJc=}x_BP!wv6
zCXMRDTCNBkK*!y_#oVKo_5?m_QU4Z4VHB#P3nPppuYPmHd{%{ZO0L(n(R-d)#M(2Y
z&U2!+Z=aW<O^|cMArIokb#{j~jH18&eeW4AYRrKtjXL*Y!YCTS>Q@;pJ;X?p%k?6G
z=LKVz)AsQ|UfttGS_ar<zZTGTdnG#H=YEp>mimBAp2cX3e@S{c$m#bproyeeb&>%t
zLaW*Q*vClvO<E!-ZvL$JLyx44ujSYWSMuS>dw^i*6WsojHsot-;a}u8;@9bae`3B)
z^uLZT@|zzZ01yI*e9_+$07<}?)d)ZaAPbNK$O9AriU6fA@>m_91<(fQ0rUaJ026@u
zKlpGPfIYwg;0$m9xc`e3_XdOk;{U~n7ku&JrGPR(1)v&G184v=0y+SlfF8ggU<fb{
zm;}rKW&!hnRlpwL?28(|1v~&=0WW}eY6xn`FKQfx8krhE{q2h!$NwV7$*9Sx>A&c4
z4r-n+dYq41h+6oI9v7t+qZS7|0(<~|0ACQ+|Ba0PZ?4(lA2<BpD~2yV`ai);nH`+9
zbl5LK8UX}^<m<2bzc>FoA?={!Xk%;h4_q<pmxm_W2<GM_lmtmd26U+ZHy9#hVG;<0
z?si{Z$S4w}eN5DNkUl|ug3uaRszmkjU$7jQ=olCks{53sRJj=YdAVYu6)MQ{75Nyo
zx>a57CL(7=k2#xL8#>*46KOV6&j(*7KK@vYS)f9tR7Af8=5z?@{fSb+gk}n_zg6*Q
zQ3Fk#uHBo&Wf#ku+-Zxn^O8<5l3}Z)(vwAZ>?KcrhN=_^tBmr9W>gj&!2{f@REkS1
zFv?CG#X8q>6{(GML#Kp`=8v6{%fja&f|4tjzM*4=DJ9A2Ss9xbN>y2FmaAJUQ12v}
zg`EH-VZGi`9}G8DDYi07;<-lvPpqzB*+%{<3=0%$RE_FQ&cgY`vc<siKRZS=WkMyj
z`(DWRDa?)pGjNr41PeZHU<>w;5XAer1lVjZ*r1)D!vm=(q|BL2sa8>XT*4gnqpFB<
z`a3Ytl%$ycMDUo{kYvFvAj3hkq3jgBX@;2r*mf+hDA7!y)JOr5tr)nTam?rg5UNZW
zIPu8-+cJTm%zAa~47mZsbeYGIq{0QMk@yf{w#34zDL)KmMsxeT$yA73VFH<KDd_rw
zWc(S38x%E!5lrm^TUmu&IHUwQ^zq<a0a09)%;pmC^iU@0CUIs`!lF?2VaePv%nAL$
zOs*kz&|z^=eMQOGV<Ga`(vp!`*q)$`tyc)U08|43+>1KHf~hOtYp^iIus(E|Ko%4W
zj)NE`Ze3%p5J_|}Jsca=I%d!@;R7Nn3zE%<xex^?nLM-w@O|9@^x!h_)VdKBf-kES
zab&3BKx&!4Okm!Ep|%jk%h=Eo@ZXqwF~6c*G!enbxOx-A#9{7c`l6c$a6(bkMPn(V
zc>L-|A(r+`;B>>g;=nKyhau3RQO3mIP@-c9d7@ZxeXZzw!MTtX(bhwP95O+d3OC~v
zE+tBHSOVpOsFiJ5N*VM)=K^Ate`vT_!e8~-b46wivaOHMCD4mzg+6obuwe>|4%?>g
zh}xpm=9o595Ng0HbBV*^OJu^3@kGoVhc@}1#}Lse^ZAjrOUC08k4DAru>`jFqo)Xv
zbAwA(8<5TVksa2>7sDyK2#2nfBDYJ1zUl<d$O`jDqC+9;Lx=yy$m0!E)ex9Z;Kl{%
zMDhorFkU@Hhf?LaSVqqt+(GUL>PO2b5M^N`4Fc%Pg4I2dI0kbkgAAgk8VD8Cr4nKK
zSkm>G((%ir5sP*qQ=k?tF_3D{)v6#|<AUk}1fgm{h(J}rbB!~uSV6X#AE0|Cu?6%J
z{8?m}H$ad<+S`2US11U+-@5k8hbx=_ys3KEBlXinN#dl*z>G4;G-<;2+#0{!TZh_r
zQLOZ4^MKD)a4BqB5%vxie|4f@cHQWZ5O#x_8Q?9nmNENIMRRkqS*1wkSxB@AdbxHy
zIS&73+@f+|>E^2iu!8)t{GK|^*x$?^6Eex4z9K;2YyN=7o}X%!zcps5JmEko_^@=^
zB+AE85xQv@k0(6mWL7Nx4eDHR8N+)Kr?$p>Ekl_!NT`jP+E33cEH}n@hZJIq249n5
zJ5w7{ZQ|zU`iA3q{@c#cA_`eOUj8TsAeijWwftTG*w0uvosy*MT{L*9q)bL2nG^yI
zpH7j?_NSW;N+6QuV~+{#A48e|&1=2D-K}T|;?iWECLvnoN`KMM1cDD88)ZgYzhc1|
z|3EVG<@5&5h`xR<Lv+G7E@wL(CffIB%%Rznhv$Kyab+ZRs^e_5){0XRJuFV=zkPVq
zgMmYCjB;{r2^&hEET7}z8wTR9q4u(C!_7-o-qrk3B?9=^bZfaAbX!^ue9hL_a^^5J
zTw9H#2Qupo{04=G3tLH90~j^q8#Lt7R_E}z(NjXyE&ktKnx?$iZx3rFmy0u^6vv$@
z&|~4$moO(=(ziI~<J(%s%l57|4NIbH9(qor_N%>{Bi@=FUZYya1Ym&=i=WDEZ-Wgh
z{9DeL>xTSm^|y+@T`ufmSp63sr4Vb4dO|*HE1i9qZ`J#=f+i2gL|zB+R$m8BH>{W3
zostt*v!YL@$sbD$k)|i~tzaiS1hS83fXQz)Hz(M@&kgX(6d->593tLr?z8##qHck&
zE{Vpf#oq=$9KIDKuToYyS}{_8I)#&b_tuh=YKi!Kuj2l@pp?S!nND>v*dad+Jml;_
zu3jg;AoQ6OQ$4pYepP=g!Vn9i6kcCciV?nT2NH<t%r3UQwUY$ldhrIl87Lm#m(v5`
zJ(4xAH3=Qe7u7pX)B;isZvHN=e$|(1`MtSE{nAYq6czO2u)mk8^|2nfy&5iT4TDtq
z6*V!NC;$HLa-faKhDHywP3v5tEpsy+JlKCNU(H67jEDB9r(0wl?rL_rxUoZtkI06C
zw7c(7XUE!;+H&_$3HkL=aX@~;zw_8y&>zy&Y86b%qv`pTPJ!QbAim!Ao>l8=kWlQ}
zefIFTy%O0vLgy3CD>Fx(UBMVbb`pb7>(r&t9k$0&A^kQ$%W(c8=#Mv7S9{s_6xqjB
z(Z3_|nzo~P<>s(Ytw33xgKe+-zD({e#u`3qCTsZGqxgl<w)FGa9(wx^tGJ^|k&KS)
zx_oaNEvV<$-x-?$Ee-oRH(O6~9o_9MHF}u`_)RYe7SHWhkIJh&PzYHe{4}QPPS>Mr
zsb!QKE)enIHdUrG8=W}HDmywVV1&2tLoRzO10R!<Q6Y$5q(zs<-b1BMb?3PA+x0`l
z_PCmkN>;_wM@pKubP4B67UP8HMT_p<TgeT9w&w_COkS(9!g>O0MzSX6`hIrJ^s;Nn
z-(UsPIB1qG8$%Dc`YwTBb=!)nE-Z!`bPe}bVt#8s9L*<-9}5V~+?1^^x6_?d(PuJl
zpS1^zcRPr$n?=sME(lclUG4-24~ZtDzmd`d)8CZS-#lfz&x3Hzu^z+ND6Lw&#4If9
ztsA*@VAxkJkKulN^RgKc>k7@G<FO{@xj3>tw@1XwJ#MZ2c6_WR_G(tfb3V_h<tlod
z)Oql`#iIG3snMg$1`*)uerHE+rq;=JEV0m8eKxFOE_-&}KHr*k)D1Qbb%6Cq`;GAC
zqKU@GvLXuqxVh|N(~2`PX@5%E=RCHBw@>dnp$kb`AgWT@$_p6qdx)^fyUSujZ)iWh
zFW}KF?cHi-d&X0I;B;hN=KkXz>4iH^{oU!6D7yQ6=MNwTc3z82XRUIyWc;>3x<)lw
zTkkQ;jN0V=djG!0cq?t;d7~~knH}G+LR)gvsqp92sq5q&cgMWblGpR%%(WsV(j+db
zWsgyUpLLDvhRd{zb;%_p(vlx|u(Jufn|!YbEQeV@*ALJdE!rDx6?}DprQ<mT?U8~A
zp*hwwgQtp_KL}zk_{#LgnXoe1N%vp94S^rGw~SL${MtQ}j}!uR%nUij{EjZ`!rB+g
zX}JfI4(@V6RulApL38qB$)?+jS;GSjoMc^~GOge3%62-!-=gy4-;Jm-t7`b&zE82z
z@O2zN&XfL0UU{?uj;MPPpz@<8J?LL8v?vpL2J)g>gQRq_AiVtufuHdqaJk)pW-aAc
zA$B5g;>Rdq$PHE+C`D0WcH(AFenBb^EYB}iGANZUjr;t>L5zRH{r4Um-|Ksg@UOnV
zZK!|t;Mg1K>)HQP)fzaO>KN;pS$=&vIQ~P_YN=>guBl-2H?Iv+TKyW4OV@5`RBLZm
z({Py;O=BC?GMj9NZ;u54!pO~bn$6O=xa5Gu$N~H^1-<3>daUqYEjeJpDpnqTSnc5e
zfE^BoMB=%g%(p**5XyRJs91K<9_<u-bBDJ%mv38#pPFZWBO)6hs^05MTOPGQfpu^Y
z3`h{R)!i3WL$c&d!I(@rN;FKdj8G%-6-T-vQ8uGOx-`iX&tJ+UT%m>-^zq}APGY~y
zxxLU1d(EUM>iVvX7b(h@EmV|mS7fy*fICJkMcNemG}m)UnFKNW=s?LG9_fm*n@oZ~
zN%mrYR3?j!N!-^pc>oS&hRvw=b)D7e;H9+cJZXLL%eCdlM$eh~vyuxe`R2!|+8me}
zGqiK&Bm#aB*oqb67<@`>7s_a`Aa{z5(|D>Dkbzn-U_&@~lbjBTC8!_+24d7CoZBdd
z+Qwvle-(pGL)i##6ynLi#dCw<!wy2kXila*jHbZO@Kuu0hCq=>;p&08(KsS(HInmm
zlv1g8W1xOKCZc8^<Z<d(I%-(-m=V?A)Y1jW6*<GjT%ruvKAR=#GPf>NQ|hAi@yBr+
z*nEWYRr6Fwd7>QHdIAd>db(cx8rwxrI517UaU?CI3Y&&WCbvZAczU`%{2IGOS9LXu
zo_~^A-L18_Tj4R++7%Bh`g>{g8fY-i(~jfmw@B89Fk7o~N9*$qYo)gUj>u)>vCgU2
zENhRjE#(Z4>6cqP_&9)l7XuXW6MqBGl|Wqh{{%XvGSEYf8=%y$DAu;X7MD(T5SweU
z+GwBwic2?ivm{iagnjxpr?xFK(z^cWYMBlrP&I>VK}ljlhCN6%e=DqN4ksA(1LGVI
zqssdOLe&H+riD6<z0HjHlc759cbkTOAp0ikpf9B(eI(<?ha={r5Cj}pfP(l1X|x*z
zY#wG_v@Q01;E3IBaq2}53t!Dw6jRzI1+%pl%tGKJDOZ>`beJ82_8UENHy|(k>Iq*1
zCdQ&3ts5#Y{)!<Gw%-5=_wRKJ6d;CAwSQNW_OITo_I5X3P1wY2p)pVD{Pj0wm}%Lp
zs2>Hhs%$*pKV%)5FyC)9#`A80o|K-15*|G5TbFiCFFig+hrm3A<>8J>R`rNWzC+J(
ztH(Ee?1_-AR@GBa9!Da!NBt}ZCN_uOwh3ta0M<N@so=JSv_35#y3cml=tfQ*Fd=pV
z3X5L$)=_QeyOZ|dm&IcMFRM5u2y5DSY5+X6HqzEgKi&K7K+`M2ctBW^z{tq!gNgVR
zj`f}fB?f(p3M;k3hk{A2!xERPp(|UM@$DaxBR9{JvkPEP1ASQ1`{mo>=ks-r{O7{w
zFP=Sq(5-jZzYPWb?`7p{D}OLjw$8YZy`QhJdZxvEaA3XdFK3^hSUGJV#R@i&{CzI%
zG&jA*u8*@!Olrbtr*%Hf+%H3_2+5~(RG-zIKOXz{EGVZnPde`z(T=Wk2C-Pugg$@N
zB3U-R+_Q@yS^D!YLv`qa@WVg$^HU83Tp@d+@<Yb-a>?}CrTQNcBHY@d`hJ4``y}Q<
zC3E!z0|HX}Ri5K~mFNF4iP;-D+PnQ@0<!{oS)wnYY{fL#Z2b*#X)(cNBD8q0?9H)Q
z<lxVUxlik0t-`I=j8!iS7r0nFxbkvxL9j*-4_XUOEasX)Zx)mhrTvMZxY1Y!VfHgO
zIecEFNU@NH+$XlQP^?N_I9(yE_@uMzN1fzU`o_u^7sJ|<=H_v@T)klhPx`@xdj76i
z(^V3o*IEESaF?6d<ub!&c}uHFp=F)A^7kz@7MFmtm+NG7kJUNN2x$!}{dY;!tjwl_
zL(sM0EF0A5s_rZkbX8cS)f3$SN4@ye?=_=fGfbH>)!MTknQw+Uaq<F<5SleVWZ?Qn
zCi+FMQRtSMVaA*2hV5lDv#K;9OmLI4zBNaViFG4Yb_;vY$RR`{n$)W_4YLlxwj#+d
zLq6&q@6Zj3{e8;`4Io6QbF>p16q}E;N^O%N7(2(AG(@;e)k7*qEQGv?C7i-B`o#=~
zFltP<hB{}Qmx|wPSzR~VP!l`qK|wdL#}afi>z{_(>;)|&i05c0aUn+fGnsXQS)@?D
zm!Q3y3@9OQC>bOUx2Zx5g!r_tVA3mwS0O`@pc6%15y;G9>O77-HWqGG-B0V+<zU@m
zk9rR_!`Zh+p_@&mLj<py`@>T2A{0Aj{H>>{iaP_AFRx$A%J>D=EI_Z5cY@4VDn~8W
zJJuZYdn#PzK&56MQ}h`m7RHDnH9_cY`ye!S*iZZ<xU*z6{ON5~;qaKj=T?A^rp&=^
z$Zq@~1zr{$9&jaZ1whWML|nmhIa`!lEx}WA)YX}ARo*&1FpmCRwLh7>xpV}lKGMi}
z3}*)n=;RDl!6Wo*Cw(y6AzX7C;j1Dkmx@%<j9VU`LdS9in$%2h&Jp1)It>+AAn8xW
zsvdkAxJlL34sJRcd|kO@I%sZJkHNYUS8ux<wE7~QRwAcjy!+DYtHqd_qk@S(7Yh3e
z296{DMLY7}(+rvP20>r|t8%pV=L5<8*`QDE%P_=H>@Wf>rf^IDetF=1s2o>;59+=L
z2X=QOHbaZohXj}8+f}bvsfhSz4xge3&D?khqmUl}LkUe>NSS|3tYxv3gs*3Zv4ueL
z!*!yepN2Qkpd2d7uU3)1@aTLF1^+bX5TE#}jJwJi0w4?&lCy9Of*x1@0pnlvEk4d<
z$X)D#eyOdywpIHS^Q%G?HHeSW_p*nGm-LJO%Eu%jGZIqz(|$1ftgEU?=@daM87&c+
zAKoMtL$dhmv>PLTM}wNCQXwM5Sf3`1khWU1$jrM!bp-ZQW%&<jSl$V>4nk`+m>NQT
zu%)8o35NY6&4o5~xeWLz&xQ!B4@64nuQ_6;=Y?tEoiLQubPm;OcbTEe+D&|tyl|Pg
z+CG$WfDu*yuv*<uduoeZ>Y}>67n1PINGfxh{3A?99y$);l?=%h97zmZiB$xK0Seva
zL0AM=({MHt9C@MSbjY@rTHyj%4|mtP6{BSc_zYh?G^Rj$S)O}y=SQgvZGIZH-rAzU
znW7d=U;cVwi!zOJ(n{a?CI2F;Un*|7W0EMT!_IaI`Ggb<8Oi-ZzjP0!kTAdJ3PdaH
z8r`WW?(Pp5TI1;@VNtH1#uAL6&hF*E@&*~fGy0W6PZ??^J8nT;X`lZzxyvo|cp_!l
zg|X<o;SLqmX7-0#evh^7Agv5)Oed;}hK2g>4`0WbqQ^X3D_lZ4->=U~XMKU%@vN<_
z)UQuDAyZP=KVgajcoZY!E(_O^<Yh;fwO5jn9d2?ZL}x9#+V>rT)zZ>eJ^rcmOBKGP
zU1(k+Jk1(?;Ey_4ki4&bK9anwn9|Mj(Q~0_aB*O+Dmt+yD75TN>yX+HRETCpBpn`{
zjdOiUYMmHTs#q&H!wzz~2f-~5*Q7gqsS;6FH4Cg38jSktS9J`Q&#UgcG7xMU;r(2F
z!vkS$w`k34Bh5i(t*}>~?R~fswsPBe0?G>~e@}dIJBy%`ZYZtVT!tVi-Fvv+6Rlcz
z5K;;xJfj%W%Ez4yTS(NkYdk!APEn@hnVoJ1u1jK=6455;J`O=9><6ppT9nctztsl@
zyNtC^XGLHwO^UW0-qjKodRgBPVZUOwV<5CH14G-wi4(S<dC-OU9mpk9%-`>oGe8!w
zH^lgIixf!L$bP|IDWuXm2IeWC?)vy`_FSr^nqUO)2&OanCWE+Jm`Qx|GuJcNdKzu~
zs}r&S%(L~~%%yn#>rvKkROI9n)CHqh^^+b%(Yyy_i4Cw%cjV}o%94jDA_T{*Z8oJG
zS)x_2Pv?^@$#?GX9yd_$M^YZFEJwF41XK{SqSNoCa{MT<P4k;y@i8;+xMdf4Za)=Y
zzr{+K>i|#-ANJXTLtgkx4Prm0u4e9y=H)D<%d`q_a=S6+qf3!JxFvA*&+}a3Svh0t
z03&cjJ=weshbztGz@KmTS^~%4H6BKAH);s@yxOPNa5wDU2mChJ*=_Iy(C&I}Y79yq
zeXgR8moDCK2v`SMd_1m$rXOk$vJg5wNsyo3JqJv*+gW;?Jdd2OnzSzO=J~EapeukM
z_brc%A3K*L)*IdP30|LF57)1^rkkG!w?A)Fw9h{mF)n9C#+sDh*J}1rPkwCS`n+E#
zyNp!tZ?av!zrjsA6(8&o3hYm7FDLO}x3WDG9_+Y2NrMNWkE)eqx>KcKOQfEx38|NM
zLl&l;6mH3?Tpl%9p<Un>Hw@ONNVC3q(_ZrLG5=wDv@?3#{K9Fi3*KKIK6;<Jy}Z8P
z7SyWV&TL70%NxT!+Z9_nL@d^u5jGeY(t%f?{Q<P{^SKr8t_VC;mt)M{euhp7yibk#
z{Lq;=ul9!W`rL2R!H?xn*L+CX86^i!IpbG+9At03-44!pg!x4fK7110@4MI_l*-AH
zvfB2n`4sK8e$Jg!npl_G;CsHx|IzSi{9AMv1l)Yl;(gi@dF}B!o1a#<_L{Jmj1mZn
z1;466T7O_c5?DK$U^T^1k23!<bpC;>$Z9T<p#TkAVBLsupAQqBpGD<I@Iyz`j4k{j
z4{%4u6WSe)m`8ob?g+sb5S@QG1GvM#<K+pHBZkfrXMFn)--XAJXO4ldnlJLJ=0p8=
zxn$4!51sT=#ljL@3@>M;Yx6?;@@Vs-sf&MwpKN=jeI{3M&=T&4(3l$$SvX<y+Qquv
z`Nl<?3p72Hn1yK67-SR|Aozxf8AizuNngS;ENn0oGb#**W&z|HZU-ElaByYQ|CFL9
z>vNa$b4kW{CBWhUY}>1tcD1dXwZ|G1q!tQfMnVlg(K=b9RK7ulJ}i>AVm~;_`zPo4
z3tb_CdtB0DBw2$Qc)bG62nIYpxf0YIwZlxwSKlP{pP5QMpGB5eMTU~%$iUGD6GwJ|
zOfjQl6^0xGs9C0!d=Go7EM3-BA|?97tNr>_3K7|oNFjOR5IPzoceLW9*&8FC6I!x1
zC0R38Ni<jbL|Q|IqJ=!Ulq7a#aqW#<9QSW(O;zMVU0RvxRM>xtl1yZ}1bLm+FeDR!
z8}4h4r5*bm{niO<s&M3zUB5{J)bvk6CyrQ2ZgTI=DNHG@L<nvZXC_1dx6A~BIMSj?
zx&B3|g9BX2VKf8UbR&iU<2qr07Vmm^5;o%iNi^C|{{k+81az)okFOi-)^QVdZBb3A
z^$>iqjIRXKe(YAkZ{fCy3sjxuLTU#Ble$P4Sd^Syh(x75I!wF80O4bj-(py979|7=
zJ3xVV+ssgrGz5xye3HH+INmbH2Vz0yik@ImlsIm9I=*x|_{c{RL=qk}Syz@!c-zFZ
z^UFSp$H`J2G-jSjag;W3!mX{D!ItF4qv)P`AS*NiAmNO3G~M66HT1<!LIkQssrf0G
zlm8B8rX41WZ-N5XFDLCV$54U~y#^9%09oQI?_uea&rqf3p?Kx+5Xb}zbmCj}BS?ZJ
zfKm|&w1X0s$PG!cS!(#EBpVWqjGAUG1SFf~u|#n!g|@mBh8gBytY%jVo9Y&X2jMb{
z+S6z-5Nx1gAX+T@@n+BjSR=bPZkY?xy<B)23@%)t{x}SBK@KII)vre5LMAm5$o5Y^
zAr`8?nP;VP^lT<oY#P}#?jOxK#!PcN&2z82|A3OK)VS_P^i61(h%@=xSnGIsXgla@
zH~#B1d5O7npfC<QtPY$+h_0C(74h3C*}5yd;V@zCyPByEmfyTrba*~Wo6>DRUq;(v
zr;m!ke@-&XDq`<+-igCUDv9~Z6xtk2N{|;zCq!W2ZS+{E(2#q7+b`mtZQ#Uo+QaH@
zsOdJJ-9OviBB*|{dIu`!$m16xO&ZHpzU@Q5@0uVzwE<3FA`-gqrLAF*-n^bv7O*fn
zpwwAG?o!_^vK*duva+5#-`Oe&B-fG=5)qH0xCega_65-P^c20fwbLzj`|S7c9-0S&
zW+-G!eJc){C%)O1MYAgCxtl2aT`waY01iG_XBZS$J8iVb5wQ|liRab_CA89Yj(>g&
z)jQX1814#3YIn26(P;4@ZQ@C3<m0%NbQH2y?EHbUk)Wph&fD@ivkaXvcq)RC((rwp
za#OXo>m|sE@cmBevdDG%+G2d`%;)Sif{&#-!Z*7I6O!`a5~lle_h5(n`7HTXCx(un
z>DB6eJFcOmLxeMD{psdmDW*y1E#$&90*{>9<M+5!@@t=uPJ;umH=9~+yS!DsIxeA=
z;sVhclQX0vA!B@U_u}uxE~Z14CKlG;i=9=_C#-+35Ow&@7;(QUL<o2gkZ=Dv<>{Cj
zx$5ZIn*Fmx{N-bb>w?j9`-tb$6J5i%)n>Q)c0`_1Xr@WI#HF2ZH_|PckSd%WRE>ta
zYMc3#u9=Y8b=xM}kW^f*s-dd|A+fLU5&(+!jR+$+@QHZwrvW6C`g4Iq0I}3;@Dp*V
zLWk@(qRpl5Muz^m+b*4)$IZvC$0nP-JTDFI>KC1W0dNoK%pdODQ=F4_nl>|Xg(i_f
zjubZeW&^}xv=(?w^rW<V4v^6M5pq8lQ(5sum@CUP7bOJL*v?3g{S7h}8-1qexFFeb
zMu9jFn#1YZ1L$UyDcNjQkzS&iW0NA-Na%E{#n76ZYHWw~W@{i7$9qJ&{JRsCek3%G
zv-QeT*;A?q`oqi)zeZ*Ct&`NBb*Jbu<{%B+H)}Kf4G%6DgO-DVk-d1}&7kZUnKO~Q
zdwHN~m3mkZToQc(Hp_p+o0c$*ANGwa#)RH(aZJpOWz}@+@CUMyRNLaesU6@^r)V}F
zf>lbm?nwTT#F`KTH##^d?;?;psQ<CZbk_AEe4D1WYfTJo@35lVXUi)_y<BNW2C^%m
zF{}qlk$8{WoYes7{GiYVI>R$C21P{i-Ggd(PYRHVOr=gCO)o!bcs7B)$55HRn4WAP
zgZogf$(J*Zc^KJfhX1=NC`khNoBeu>rK5Qm3B9V7z$WxFXTQ~A-#H*`_idxr1{L_B
z39<@_zE2Lk8J(o5Q4%ZI0IXK3DApw}X)RD9o$w-*@ra?6!>EW<Gf3o1K}I3cpp%<I
zJof?jN3>279*^G!y{2|6rd}@`raI90-IVrIIs+5-1IMj5Dc4Yan8_s30e|o?5|vR8
z86Z`rv@i>ETE|u6xjy1OW+`>zp2jbVm?igX+ETo3WRrU8?D4aDqVrD#n)dKz^IvL<
zsRpR!gkXJWowZJjBM0I=CMlsoLk4K`1E;{n7Iamm!*BRvRqT@t@*825*Kt7-$O(Q3
zXYOtKCoHtK)D}AMY9Hz!=`w*0e`8WAoJkDV#KTmvi-_1~d{*X(CmQEb7*oyn4Qp2g
zl|k6IJLj<L!knWPqh}*lAn#WXA&n&#juR(^#XxN=n*W|Pa+;v8qJdIC#U?i}vkxQN
zs8AG=PmEOq9tl-dAfn(`J*$fjwg7QwcVwulTgfA&tfHr<ysH}l+rB(S1|o_K;b2FP
zzM(pnk;?~bwIUm$z=diJcnl;KvC`%B5vmk1ueC;&RL@Z@xd%TE_{ParDmj*0+&nWM
zI7}n8PdwnBjIY%0Dk7+Lg2tKaT}M!6o2}e_veWL{NVi{vq9rM&Bn%r>N`+A=O<fPm
zw}lM8v@K3O&HSoRPKlv%$rBkMqIKLspzniy-P$*FKQl*xZM7S|oSO;lU(9L2VC}kE
zqa!LcRfCt3Xz~V2NpF^U(>mz2PH3sNqu@4-tF;aTs;(Dpp0f;*#6kS)2U-T#CUz`?
zWIJ0vP1(FsxR4=Y<Rn9|2kJTm(WHiESe2(#2rH-FI}5hD<~lrohMs2?a~%TY_jrBW
zNK>3|^Ss46yLPw}c>Y%Qbx_gFww6f8?q*o%&S}Vjrhrn;m%&MeU(ia>C?$h~h~%n2
zAjwXBH{eNNhoxWhg?zNu!|yGS%fNFh1(>l~gs$X{rjxaqs{_fL1W|IwWSMRlB$I+6
z0}TPfLmq>v!d{j6a#$_krEr2;UHR34^QbTvtr46lwuyfe|H9k_uuET}eCIp+h2;YB
zD+JN;R3D7y1Utd{nkx?7LohT-5?hAPju|kA8Qae**UqKAD6nl0BG<3AB5t&2pPS^i
zuCeIf6|>P0FEkWeN!X5%Y-PKB{<D2~Y#09mmCC)($t0&0e6<<8jEQ(z1GGJ4oxGKP
zgDw<g0DUZ<Q#X%S=Lu)KH3Z*7;7#sE>#E6wfBI=n5QPX{)Ynr`DA)V|nhY$6H~TmV
z)@yLrf)DTJ={~y?v=r($k_yti0!mLEN%60~mY;)`HKE5f+bt@CD<{tlp8=v`nc1)(
zexHB62H=Vs1kR7+v%98uS4?nY&yGnqeGtZRpwxG-&u~gZwf2wg#JXfCT|2i|q}h}j
zA3U5`+Lj_3{)|uOiL4c9<HL7sG^E@W6c5x=`e|#ca<@N*SX9p_G`$5S2s|$2^<=g^
zy-E!H$Z_|+R1MeG_OylnB=I=5sUg^*cw0YxxE|3qeNI)X;(cq_%JSU3Pt#WRynfa=
z)c)S#HP1Ul8L;)e^R$0Q-|KZXC)-2+q3gY=d+~eA)~AH^{!4E`$))FeR36r*$Kykt
zz(+gND``W;<%rEjnYvrqDKBSwhW@?g-9!EjUDEw2M#IU?)MR!R!Sunm+qac7P7hDo
z849EdH<sO>xfDoiN9XC==f6*^SvF2Sf}!w6jO*klm?t9{;Wp@0$@}74Kai@so$uCm
zsxy$@lRQjr%AKyZFZdQgnHD#0k?{P17_QQp`)_MJXjvQ3ZF!?+Xq7`~yOtzyw4)|I
z7@hec!96#Re}VEJf6rbAbh5Xw_+-0Zs-zhSe{E{1zLvbLoB*fp`LW*bNP(Z%&tWdZ
zKYDx)MRYRUzr1q`+BL9t#RZO#dg9+SpP+rTH9x984rW`t9rO<)&bNMh-+s6GV8M8v
zt`jlIe%*2TzV*Q=HE6&nG^Xg<6C5(M@mlMW$7LWvUq*Ug7-vZ)TbR@sCrc*Y97`}K
zPlZD?U>JBt91}nCdv_0T17H!N7)586h~5j64L9_|BbJYok2l!kdPa8(&Lk-rHTi8a
z+OP*d^8O!^!m+s374*wB^Xcm#_}?Ujj)l=bcb<)uHDu6)(6ctE8<oo=wcrWKj18WN
z6f=U<iN7U?RRyUwf@T~6TWY1%sI077R3$^HD8vi=sruL}b^?%eP=*GNVob>>hM~RF
z$_Y&eM`H5B1_w<u>7`c(C8st!Os2X_j9rXxn}?-9w$GsCtwgF&OF=>Ike4wjHTyWI
z@!^N|bwe6Q(Bl%q*+-H%O7=prBgy;oO4sp~_Eg!hk*KYh=%|^<!i!z$%Fx4=M3u-+
zJz;`L;_|0bQ^O^MxL3c?CZfhEuxZNB_`9(&Z(*a6gHT~fGN%%L6JqvD>!&F`A7>si
zm(D{l*o4C-NLN{$03%@O1e9k64W;g=WH)oxqt~?MtxeMP^GZ7s1UtKSF87swX!^y{
zUsc$xZcZrrWBOizDC65Mb48m-)gvOJA&oC+D-|GSGF;UoYL0nuC!{dWdL)WC4ffaJ
zVE{)=U%iu07L;bPUbY-bOn8j+xMdJZ|1^3bE0eA&d{`Sh@W4&Mj;IK(F@l);w}@a^
z4)L-l88NX}!8MSbhU7|0S}qBwdYNd(@cRpcN$8T~Ms*S~a^fn63~fi;u?h<A?>ACr
zowp5?)_uE;h{D6>F}zyr^iJ+{LO*zBtdv~(!>=~`YD2M{yr>Q#6bqr(zRS(-N@k#u
z*2c@$mY}oilohzs>XEwZ5me}~9nfICkYGZaHJ#J#dq3(0`Q2wZL3X}=cE_&%S#{ib
z0DPWC%0Do?JM>~vJOad-ykI4T3Th(jGOPN=iIXxTdh3Z7_+H-SW#HAAB$K><cfdd$
zM|Ri=j;``uYpUG2wv3xDVMQe;hZm`s{c$#BF(h-+;kx2*w$EjthxhP1t~64f^wP-1
zrSZYsP|nVP7}C`IT?zpr?}xMS)6wI`yBg<e{povTjPm#|kgdxmX@XYhl=as+zN_Hz
zyH2l-mJg|+pVzBZ6Rb9)TU}ZsFY+7CQ*VCNKWT^Wb7+5z@_|+eStru1;|%6WsRT6>
z5t<8DQAMuCMm`kqJAz~hnasBN{JS3CINdJp00RMW{Car)3#j}bZ*1&Y|67mi*y<Tr
z=$RP(^WC$Oh6K7IHb1KgV{`@Ag(*J_M<c&Pew1|ts;EJ8b${V_F*@qRnbCTdlZ$ay
zT9a%%M{>MB%UPc|$8QE?EuzL0cdE+V5D6IfI``UM21ZCB6w%o<E8*+j$7z?3Pk}9$
zsp&iTz*P|6vaXNncdZu%N)TPdy#6Zp=fKq60i3Yuz=DFmtuVX!+TGdJQHDh-k-(wI
ze988F0x>W5{=6_f_Vip)?(#uVZ#vq1|Kf^xJQqp~Ne1@obZq&E`f6@bc8ug*BNWL)
zb~E9?zba!%zw}oUe@owlDh1I!BY1$c$I-NJ(L$iUX^269^##X4g>|&dVrx|fb*q=h
z8=7IRzM)@SL;HrXm{KCBO4M<fG8wT+>PPnNTp$P3i4opCmm=nrgd?)hRUYSc`6>9`
zc<{}@@JK2LBgCR>fFpp0<qEQhAEag(S|#e2$i>c6e}@z#06Sp<1fK(MdW|^_;}D`C
z5qvwaKqzXhO?|ytLXD(wP{%WtsL9Ph31$|A?hq}JV7-nbN0ErRP;#I7A=Y=Epe~rE
zRoBg~Su7|%-G(TlUmeKbvy!VVL^g~j7v`I6ZW#O$9B<E@(c1J?kOM=BDy7CrD`dOY
z?FBezcAlK=<;FSPjRWa*z2ieczRXmGq@f*;+r#-~gA$L^dksLME$q!m6SjwM{a3e;
zU2kgLua&R2ul5b=JLCz3hF<Qy4_iyk<4Iz`JbqNPH1Po*#CA~2jp2mQOYFtAR#Nt3
z(qKOq7(YssFO7X(4*%q}{~2uh?m~#4=e<|XZ)~h3ox)RcIt9=7>Mrzzym#Sq*+qcw
z(KE~}?!~(8eO|78GpQo*#B29~(7^Ki;H39BS*%gF21m;X#_kgxlatZyTH|!idDqOw
zNFps4KlxdYQduKqk?m_r)Qrkj7oZ!;k)L(-0r~GkKmGak`15P%zkLn;FZ0v?|DmsA
z<6>=O|BnaYU(U-PJ9{Tbr>dyteZ9R3fWdWCvEgf+GK}jm$h2$7u+f#U<Ff1LeYY|(
zI_|U~a!nYu*}}Pr%*3bsdH=VaiTJmCsoa}*_=CH7)Puo9^aKAn)aJzb%=vhgi}km}
zxy<>0*fuxM=VuOfI(p}pyOQbU4oy8%m%+nFItvzqfJ01x>T44j8=$9B_mUMB_Ll0>
z&`i*7=Wh2-?9iM|<({1|<kImf`)T?0`Kc}Y1-TW2hWPt}6!ghJQ{)kWi-&L*PZSsT
z7Z;Cpf+0W=$&Seg^1+UcRril6OoGBp0(2)qS>aLx<H4}eWJH2wMUoB!Su%pZVFmHr
zeq)2+;;P`nj?m>S1vQ<S05qs>AS6N#;;-Y2u7j)OLdkD4DKP2MrMCG>mX7+?>B&(y
zn3dI<Q4;{I1Y1u)Lj3(eb_3JkWrP#3v9Y*dn5PY|&}?<rK`>Etc|nw*F;!r6jdfud
zs9`}Nv;WI7`T;bE5E<METh%ueFlH>K-ymX!eBc}I;5P?`%t}(1rb(+Xu@^XYE4Tu$
z(1a&pTqktyKl}Rv#2{w^H8w3zFjJM8lAD+qG!&9$idpWYZ8YKb)@)yDsUQx~{$t2^
z;v!m7%t-R5S}@v_&VJg|!|^bk4In6ZBYB4)Bbz?0xiRdJ*rBcnm@;!%Jub8Xf7%kZ
z4#~|Szztze8DJnOi4r?!ItALs`#&9~V^6B#Ocy+X6R(BzCM!wLe*bcqmNX0ehrRU9
zmkGBe)Gr4<1HJ+}sFcDxnOsXV2as6HnpA^TkGRuV(3sO5m+Bv@gmRyM+nG2eIujg5
zR}o&vgL-~m2{5KkdD&Kr^|%6$t{)T7vLT<&-cIV++OB4m2?NsRR^j=3svwZk<xtn}
z>&^SE0y3Ihtl8J9=Tx)mjsHwGT#$U8jK92?Sk8L9q^zg{Jy?JHq`CEa4&)B_g80vH
z>1`(-s%)$5u^l#UH}2gX!tcTF$ZX5($$<TbQ?e(vBU#SZ7PjHn7WV(Xe%KpX8tFOw
zbN%pA(UQUYiQe7dl9JUiWAAdwu*@+m83LUsG2Aa@kdHWjJ_B+75CUzrTR)CCzRmJ|
zV&Wzxy;`V@y*c*RoLoJHs(Jx^)Sy(pm!PT4RUcs_uc}2OxzZo32=)c2g6k<3Kt?*(
zXxr_E!^QKIi=6ev)P@Hkc<!FAa^dxgc!Se-5E)1iT?fIM2&b|4y4K=BM{fEN1e{{S
zKP?xC<n>ZKk^$<&3KNn1$bWW>OMv4PbK$ec$Dt(%E7AqWt{stVd<BXvW<*k`r%@#h
zEO84DGD^|+hDPZYsqOj2U|Kk0^jCxM+za#-#fl`S$F1r5XyG`li9$HTf6NlGnfCjq
zYD$YU<L^_`!pPCttC3pE@EXV@$usQ37&5{c8q}N+o*FA9_eT=ywHM9O(*qD(Tr^pU
z5R#ou;#V5+l;@*m+Nv5&k$Mqnut0#USx8V8I@#ayg0U_2fVvgEw$I4$Arf4JHoe?J
zffq2BJEW-F&oFrudfBR(Dc~ez`MBy}<9ZV?$w#nf``C((*W~^aqE%EIa55U*7{MBn
zBD6XbFy1XN0VHLpZX^`0iXp!;fZMj{mwTaw(oDjd&2VdCVqv8E$m-v!M6u}9+e8TP
zoDw2KI{im$LqIYEeDMaiA*YoPTdQV82&$`K!vlpG7cJd{HVM(mLDdVa^>E-C5g8@(
zRmj`J*r#B*{bnnvfxTGBsha$718S&KAM#5Lr&^4)>r}?#Ri|tjp%bp&@LwT#u8~{4
z`=WIWszkB*kF1qk@Ispuddv&G%*vRjC2T@|X_N8;S8M?JnusSxXk68lzIgv=$Or_b
z;MiWx5(5VK6)Pk)^WAg1SDK^ISRi(ZS43=yfmhZ5rp8~4Vp!g{)i9}Fsr?h-kW>p4
zy|t?Ff^fVcCOC^d2ZQjqwXCq-)}R-x_wRQXO!9w>fGx(mlIFN&LSM!;4A32T2In0I
zPnNeU&xj08wm3})Vy&HD;^g*&B-?jDM@{9=FcR1D)Q0AufdR0vCzt#9XmxK891%*c
zOBV&&?&XI2FgM}U&NeJS>+x|bKh?Pk)SUGF`6?r-n;7)RL5x;4|B{N@_oFtWE?k{b
z8>Gyqu(!^;+>*Sv5mFz5^SvoNs;Zi0huydim+n$698E3Fx2cBbsq-)#_6Mtz)w*tF
zjS5tc=tW-d?V<3R+Z3onAVD@a_xywRJ;rfMOpp3TJ1X}_--PDv-wg1d9cF)%WnMq>
zaf0!zaB*doOFmEX8u5=E$wAN9=ljKnwx0(cgRulIz0GwtPCSZwF3XO-ena{^w~zkx
zu&e71Ly6@?y7!NQ2C$<FjyFMqnk^kaeC{6R{Aro9n^suOaA)ba$q(zyb}Y9N51V~O
z$A_Ky60g0Oj~ksv<st_g8^SWr0;i8JkFbo{Wcdq@9E(deb!(JLdiLD?8p=0^zi1!h
zEl@vd06?9Ozpr_e(?A^wId9i{Y3irxzni<HB?9GIAGnKr>JFn9KNXKPpwoL_9%CIS
zK~{rL6!^kP5blZaai}6*W-5-@*&^lgTV}9%0w`wG90{}p6OKqgKEeK7Bj}gsnDu^X
z1l=!<K={9E1Sf}omj==QBa}e`RG;C4WcMj@KKyCWf8uFwXP%^ZU4<bK*}>f$pkc3Q
zt}jU=E#z$n&`~tEGne!f(zmm7^HzlYXEuYmr?Iv=|G(lH1QdS!cREA%A3?fa5Ksr-
zRIJbyY)E5RCIB^niDm-D$l2BeIlFATq_@|U>5s1@)o;I9y=dx&va;H;vih>JYnc$W
z$_ubD#2vr|?AQfV{{`YO;st0wEBG5c1U9%a1rq>+nu%fpV8nrdfoZE?i{UKK<m|-A
zgy{@&lCB1#^pmN<Px7~<-#=G%YEg^?7KOO_s|f&61m%RGE~>e{uI4t;Aa6pSyr7>Q
zxT>h{weLStAo~850<niOy$*(K1vW@0I00XjmTSpDH3@(<Au<-#XKnlCd;cQ1U?;fm
zmTL)B%9H9w#OzFkTbPYO1DybUY;-e92bz`!KgfsS5RZmRKt@IeW0-A_x#y5zGC5a3
zs}-}kcfHcaGACra#!Ac)4ZU)xN;z8VOu+YYS5iR{vK`pW_v0dvY9e`&o6TbJ3@20E
z>xTQ=m<hvCD4nL`{wziw0PJ{}KN21?s$LA9|9O;H;S~o@S}NQ(QQQIXH#v?BHT;Cp
zkejYtHpsvMwep#o$!L}R6*KTw_uMT#Y5y!O1u8L7ywrqInx1BAVtU+ImwkzKk#$Vp
zR#IvjVl0^h8f5e#oV&OSs|^w7s+Ga}%QW%*?;T+^oI}9ickYzRjoKc~Ck@EYTmR#A
z=tK3p2$vuN9|7*aYQED`H3ZTLaD;sK%&F8>liRmzQdhahWPMtU6%^|nt!f^JzZ%YI
zq86wvI5v1s8E$I2D{Fj)F}q59(xRN2I0Hy1SdkK~7qF3ivA+4hXWnGOW*TQ=W;SPP
zXKrSOWlF-s|Hs-M(8G@5^tHCPejT{~&%tkCWB<=Z{a>1RW&8ir#M=;qmFxe~#G}t*
zWuDY!W?@C#<brbA>c%|(kJ0_l@DV2PfPch~;Mx3l{0QPd;zuCA;zzKtG5#4if?&+T
z1i)ct;`x_$)YXLtiGX3E;9`Okfxv)B#qpO87Z!waJHYfc#UU~V)5nbU@JmGro7__e
z{Z#;3j}$I+W2wLau0oHNIJuXg2BtFIh)3mBuP<jdbKJRtNaD~^+3Bd4bV;srTb5xj
zDm!lPPS9hZ%TE<|_w?Icy9@^jO~8kxbry^N9(b~LoKMhKPAktmG)3>-(!d)PL+sb1
z*Y4#7G5{(<;S9dXUjCX%h<yi_%q~sUaOajrHFnQ7&R~aLujB4hKH4`SSxFIoSkV|W
zZ3bZTv^8uSUGV}ooLx+65VSh`35q!;q(=13;RxJ8(#?AU;Y34+-!qgO9WIIK7vzqU
z@o8JjO&V?DV6@C;+%Ip2FHg@_xhQJf2Bs7ni~}bBlFHh9(dNK***YP30w45B=7EdD
zr}E&R=T_Vk3n|Mx?+#9LdT3S0?O2~%0<Rt8J<I7PQ$>@E7at$(_ec>Yx|jO_7L0*}
z2oG5p<+ZN&<&f?eQ-sB4OVZ{O_fcLm{KpfAr&13d*{&mAEA^(UG4U!j-QT5`yf+kG
z6<@CF;J{EbEylZU83fdFpT2Xmn@Nk$rLb0U64GkHF<N)M=t`x%?D|OAEh;mVT&}(!
zo37ke+cw<D$44wZ?`3gu(Ldhl=V)gHt=SBh!<16g@OdRK9h%7e{&i^)$EZn>rR8q)
zOhy~vWCM1wzK~(<q-J#8_S@di;51y@-lT%xRk3Mj<uLLm{_OXf{rA-mr(YX4ghn*&
z#3m`WMLJua(}!368L#AC#+91gP7bNRF0%tijLjr1u*|o-R_?qHrOw4VjJ-Rkny#Uy
z>rruP+JMqA8Rzi`<2zdksU054*P9oRxQE$HnftlGhr8h{hp`}rA3C2h%n8=iSNxBL
zCJyEIKW{hY#zs9B;#n>)sV0vRbO`G#b+#`A&<0I9VO7-LUZ*wNa^+7r_x98EGqQbr
zjvsn~>?~@gA*YQt>69Hh6AgMN-2<qUSD$7%!QnVD4bIAq94;#e&95bd^FQx-x42fs
zZgmaUhPrTGZFred1Pt0@`Y6Aull0(!OkRR!UEI)#W2~u4*s0^;x4oIXpuv-!8jIgb
zht5=c+<|?ofTFF2`b@stIp6p>nENxMGO?kwXSWsj$^-XdcX2iN|B9#)T$wunAzIO9
z9%+0eSt14}SQ@(2jA<0e{1|Z3vyOG8JdAI`eMo`xso3_>X3Bcq){OAJuAbSwq@?79
zyIOf(Ffg<KTTsFe#ah&a<LRvdAYjWPYdtku2wa2Ww76V1Z`LZR<1v~n&M?^!`&dZ1
zzn@;tf4pOCsH=W3&Q1ESyp|i0NKjB+w@kl3A%39$F<Xr*$S0|(gMct4{BPU9U;V^7
zj(Yzr;yr;LuDHOYC0Fse1=S@Sk3=fjTLqdD+0$~IAI|uccHip^DrySN*MTpgyvf7$
z=3S{c<aT+;xk18i5K@4F0>n!o9K8b7jFCpJ!e*Xyip}Tgjn}JB_j~udkI!K=87+0k
z1LcOpH1}inW7`i07Xn;_pzKXPK98f{#FyD#c{746=<&r+nU;Dh{93hH=6wyBPf7!2
zY6Q)4130Dg^6Cpx0Qg^{&K&bJ49)xPS~Og}r4heE8ruerIp{~4;MgnFYEQEp+{Ho^
zs#{>i^%^HZcxu*+#w#)#;jH%+zbl!cmnRKL5b<kPwPxdLm8)l)EE#pw&2N==EXHe@
zs&C#Tj|W21gj#SoNjP_@n9^a;m9)a6q?j_p^0lj*CbgTS*tOfuIVYD#DTg7_W-3xK
ztPNqb{8Ub+`KeJhPpdtM(*N>}7R7a<Jmu%o!&$jjK$G6z#!|0Uhst~`waWhkO+d20
z)GcRKEj0>lOpMMJ8coktJf~$VOID>CZJ&+Q>{`QFWo_0`mBa^zg_o?VYlppMr*SIk
z*wE9pc@?Bey<Bjsmb)Amf(z9~8J4h0eW_8Xx#iAXd$};9qlIi$tI>v2g5IuLaSI*g
zJ!`RQN5uDNJXi{FzvD7*wP_<1<*2(_t5)hOP@>$bT8=^+xMrylD^(o3=)nM`xNJG$
z#cHFt5^dF2>Wx!%$%`VYwpCp2^SpS|fydjH^;H@Jba}yR6kHF4@<6Ro>e(ubR=p%I
zy3T-CsrBGl(W)ZCmb0y7d3J|ZhF%S)V$}<-U2N1#t~9dk9XMj_9NOBdSIC_fQonr%
z6mRds-YIZy=;Q~{kd%F1HC$`dy=A4*wChm>m)0<SjVhujij7*+v0c|LQA`(YM|qSI
zyWFZjT50x;jKqkyKz4>tITg>26dR2dyA-7q!)0N*WG`zr+=^Fe)WgMU!?jrxi9-yL
zBFH!c*t4A&#0Lo3DwSfbddXg@pgJSK1HteS=@vnuT247^3A<|IyGY-1t5TB7l~Sa*
zj9|G@IAamw`Vkv@37>k=PFT%mbyWy2h|Ho3lO*7u;A7pb0@<TM!c&&S7FWHX(0NBG
z;p8|pwpvwB_(PDonZ(H5w2cv(E_NAx*R7hZJkqGtdAn5wDG>ps>@9ctSEJ}z)yR_Y
zuvTe^yAZ;5P121)3JwSkL86?EFSaVx4oyLSa1~OTp;$!gk?WPJT(+qV)X*`g_zQu=
zZm$fsaiVnE$A;k6rgb`Kifqwxg&k3tM{9qe7dRYGS+Q3kwc&U&gh&~bQKbm)3{hpF
zevz-8WE@z(mpqfWlq0w^Li#tB27B^2AZ$RlvwEBo>sA-<Qb>sAHmen{&~m9G1wLqa
z{XGs13kC&^$cwtIMWSq^_!KTb$QH3Bb@~IRix|ZNIFKwiTOJP(^;XSxDn<6F?KE(@
zq!b&?RaGREh?I&bbQ&b|I62X0d9n6OaB?C-?V#RL+X#SBVV>pmcU}v?3^<`)yp0r_
z4a6C|ESBR~t8%GwQo2r_+CLTVMJEEdjiR_#Y&YJsUG2F@?1jofdT<m_&#qN(TIkTh
zZUb6YP*=fQ)1gv{IQ0SX3=02}PdC-=Qyn2aXNKO1N{aNfyvtSAF0q52MCxEI@O9ER
z*+IC$+uy;nZhl`z;K5z(5K?k?k}15@sFteA;^~IdA25j|7${MUyW8**sT^-BCNg6~
zmm}D#l{#rv#p64GzK+J#$%Y}aS#%`G3{V?!_?_5D$v#;r+Tn(`Y&(P9@+FVaqr~tw
zT5hpYk*)e_tg{)VoDq-?R6A`Nb#y{HqYCqc!-qtwis#He-9$^XOa1FqqX!-h!%by7
zCcdedqitu!p>`KJ*lrP^wM%&*@CQ{twbEF38}IrG8*QBnjTP@cr@VvQYJoaW%w4H8
zh0$>Vq0(rs=ogz-o%Blv1=$`S5a#y8(2qV)AR0!rfts~~&~zrWNHDEMtwooFY!(E^
zt_JfSafnyJWdsUmcZeI><7lVT554o~K=9-h+EYlPy<OK2O_d3K07PwQ>9(2?+dd7K
zMzDqIC~2p2O?#+`2NndI#N{TFIs+o2-4{*`cxa!bW`8NOVA-(F66}dD$U3o)b+mNF
z>yI%(wd-!n5xBSz*LjiY#cIP0;T0Ft^g&%QPG1G_gd@o)`0e3=80eOPOP@cgwsyG_
zRTF|bvvi{>1c<RC-nL1+*Q%Ha1-PN}YGVU2Zj@50c&a4h6BaLZY{_ZVf;Vc#wwnbc
zd+>z!qas=zchIq({r1e|xw>aGQ!Ngk7{xl8`9H}9RwHv|X1%2LjAg7Pyn{qDKpV<*
zsurwEtvXQB!J$m2sJqC%o2HVPOPW`ggekNtFE*SF*cQoZxX5a`_Lj`${c}&YbK4YT
zbjF=7R?7s_*`Dz>VxT)E2`^}wATigkfzXT?Fku#<_GT{Kk6yMnGVzS(bv5tLtiu~J
zB8q$Vw)ct5`p=UtGBks(6$-8VFcb=Dq2TYUp^*Fvt&-+zeM47iQfl%Uc|X_X)U+JZ
zr)4c|JfR=ZpGcnHJ3c*o>>dohEy);pBK-j~7m{_!<RR0TP4}f|Zw;k&GpEUZDw+!U
zDW+*5DbGVGqJof;eS-*wAS|pC4B0n{U<yKWonXp-o(OqCI1|?lQ&-Hi>@O(VF3r?t
zWk^-h`jcA7%;kY5<^{og*5C>GfXwwI8#?y&H(&b4>x*yw_kXF{|EPmpQ-}DVs`DY~
zyqQ~o2``wrCYD#t+!-tv%-mTlZ=1REST35m7qBqR%)LtMpqaZs>yVjyn^v6!`OTwR
zN@5A9PD(-bi?V-)v^gWRVH^FkeM9O-Lt>j;o=orLp#@_upUtV8a&k`3Nx8I{W14Pe
zW&gaAs@<~2uaFHjN#389Q`t4XIh$8EnOWUDB>OK!4MQ`uxs;w$lR4Sc<)IKXN#cq@
zQfV`QA!5@^iCy8JzeSeV7XMW!aHS@(E6qMVlH%JWw$;BtI4HhtlJArc%6w<i%=7Ij
zzC&W$5&iTC-<ei7O>wa7puK_pfi$tHTX{-N5Fs_echZHsB(`&cUnNiRw8X9&=Ue3o
zz7^V}1KP0vHiT`%fn5`PSRXJ_raTPQ{fmlLYnXCkl3$IqyIO8i+Kuq5b#=R`?$D?B
zH4?kpR8zR>ntr}Jf0qokcI)a6e5ci`%sxoGR${wNH3>VfHD#q7GL^I`>t-Tr4$EQl
zNCkes&Syw(H4T@HOmYLFu9Gi9)XWIKZbluB=gnz3f7q1AOnuly9%mI(Pr(1O&jytg
zzscZZluu(YeHXu8-N7>wyB^n@%HbzX&1XZ3cI0=+$vHzrMG4}fLF<fpSO??a@Ze#e
z>4@$flRQh_&L+(izro;pBz8k!bXHfl_$(3C79_T(i=s4uF=<oDA{h>wW3rIAQ8D?A
z>k{Rh(vfJuCi%??KAMedCY21*ifxK&P5gJVX3mgl)pLqCGCIQdX4TzsEk*n}hQP37
zR6C=Yp*ANOC0O_3&NeQa(}BpstlQxGF}RA>ai495t4HAK8{;XHTq!4fc7<Xb`Nt&R
z2iG6$X)gRAx(h!Dzb5&Fx`pqT*u(@ssA$v$6nTgOzi$Lb)Z`jJkhrK0PbV~eAD`5}
zq9YR~)3H6Kx;x;TG}{OE`)rHw;sKvsd0Rqa2O*zyoATLK=ypBw@TN6Br8m{>)4Guz
z;Wua14DyZY=VsKI&$b;+ot2pBv+dwFP&kKz!kLlSw9j@B5|_+O@M(P@g=9`pGP4x2
z`CXKQn%O6EP|2DJk%M4H{CDEqC>%38$>-pR!<`&Fj2v9!httr9T&642=>;Sq+;$bR
z?-p?rGD`7TS|r+nHmfA`IU^keQASr3hR@+D`OTiN5C6Ym&-rW@G};U0&~tJ!ybHY%
z7kK1W)L4AMq?DVMjj?Ij97c(tCKi-wxhb33yM1=GqVe02C38(ZcQ;Znfy6(Y8_Q8;
z4=q5ztxy8XZ9cmOa<Xva?HN8#l{BAZiP&C#M{J%SiA~^R@FNnIQGPUbBfm2?&hxP>
zzbiJzk4fwfQyrswj+p8=tw&AuMq2MQ)d^bjrn-;TyG(VG)?=o+pVoO(JwPi|-3|E%
zA^)BUelJ?aeG<EOoZpR<xNks1HC+o!4z2O~<&>y5rJOPqWWjYTbsmTA7v4JVvk}~K
z6A%yJ5XvM0mg^CqnKk}k_oN|CW`dIsijxod>;{~?8Hk4``9p~OLvk~|pdt8hY6{LZ
z;8+um&EE|N9}XJN9_Uo)2|evAqOoC*)G)AbXm4w?!*~bfbb59SpTqdvjZY#i-bN_7
z5m$|})C(ww6F%DuJq|&Sg27Kv98M&erjGFi^+s-~6MRwK$BXJDFRA;vtsdY@>Nqb;
zYytOdB2QWXk_0RQ*i1kXz!e0P0Bj+^25=<-O8~YKPzJD#fMuU$p};g0s8EIE*mgZ)
z@D+(Y;<GWLpjWT#<2C(|o}GD&SM#sRgYzT2IzQ;M@yEjX3-X|>rSh}cblRM0AFcZA
z#vW2E(?hF`@kex22V~cMHUSB<klh$CHR|;_wgb-D7uDYO+2mtk?V>y;52BClk7^7_
zaRAHUByS>K&7fsrqhq5R)Vr`rW0N+fb%asZ<Y^tDOovds8p4Af#=V~K(cb9^pV({X
z*Ta`+hcE~m<|THJr9$WyO`lECEB-E@-2@A6hXqbN1O;yvI>$<2y&1X=VNt_q-oZrR
z`pg9TQLuX%?ozbfB-{Kc-uf~>`654c7e779S1tbNyZE~Y`FnQq$6n*_eLsKSA$~?;
zEvT@Q+;$ScRRo*@ARKubz%T);0Co}ZD1fU8csGD+2zU>G-2^-a;93IS3*b5e-UncW
zfHMHDC*b`)I|N1VL>v0RB!3+4eq6X)bRvU4PD97zV(9oFhK>(O?1SU{@hqD0lM;J;
zf<J+J2J(q<{(d;=LjnH7KAXm!dEEKr1ply3Pn)cWCOreke|eHWMUU`P^ay{%<R6vT
zM}imkDLld&m8O=auBqg(plNQ&>7tZB+T{}OGO8C^8d(H6Z1Ru8)lWeHJvATm*<mPf
z7vlHvNq!DSofAgQ;Mlyu&&?c|;pc==pMX)Hk=Q3j_&HrYHqOt@52O}o*qcw7>O2&l
zjiy+_;9sN&ei27@@K0h2`IN*yiCkJ%_*tLLA^aOF$`t>!#LiX};05?8022E&9G%ez
zk#jlRv}uh$-ELNivZ<Zb=JGmCqKTY(45O$l%*7ia9+aoW_h$mt;@W~auaxs}&s;uD
zXO#9CF}@Cp;hfz<6YL~^mfZU+x%U}^e^z481de+a?iG&wY<J%?=YFYY&Skg0bI_%O
z=O*~)V4W|q&yDks!91Vi$wWyZzO#vJc2?b*)rBUv!P;a{fx%|eBws@y)_UiUHJU%x
z;MFbs^O!-tAhFMDn9eT?J$c~^W?CsPtUFAB%P#lV7ZELr{+EIw95&Dt{w%yg*fpp@
z>v^Buj@-B(>GEYT-jFu?vKTD&h{?Yyv9I{-4x-}VSNHL6$%o__B+PS^FwZ5=sK@!&
z)MNbX>OB93`T+l?#J)DdpVQS{rg|JHBL{bUy@NZpj{Am|T9{Smv)L}@o796ln{OHX
zyOd$i!57E*w;|&@68pB6H|ES>0z95e=lWpdcY1Kg+PLqI@#kbMZ?^F|&{?3LgLQkT
z#Gm)s5!mz~%JF*!f1cz#4_hAM-&Y^zFF@Xl>Iwb>iG6>PKaURkyq-c+MMKr_lpZ~r
zVw)xQ!apJ13DOl3d-0!;@*r)I*bhX>-*r@DS4!-MK05|2PQdR!TH`OvNH!{9gTG8I
z=4D~{OECP$5_?HB*m<;ye_7){Yu5{Ix*HQ-ZG`_6^XL@+iNt;^`0fd?KL=J~KM~#c
z<&Nn;#Ubk6Kf`sj{v7PIzT&fcp-chFK*TGg3{4e%$V(&bv-=(k8yC~JhV)L`x(}1z
z1)tqt3(F}jq#qB<XF}4fo?`|jcsNzthns%kv*WmQ0e=413H~bT<TZ)CI?jIqfv+Lj
zcolyov0wV^0ph}A`>P55YjC|Tv0sn#UxMrPxM7gUG$z{Na?_+4=RwrYRt-OH)#IX?
z2JxIdgt-UZ`VG|68@=`P2G!FWVxIpEYU;NV`;9qF^@yJ^VT1o3GJiW{z%Os$4l0J<
z`RrjRvk1cP_wm1omw%G~F}ok1RNTl<XG8PTS^NY_BXQHg&k1v8*k>p33+O*4`5&Oc
zg+PN5egW-;epx2uCsT+^0rC40{VJfw@duDa*#0cBKjLEQGwFFVixSB8T)Pll`zKuc
z*Uq(nz4ThE_u4;!EaLuWvJ*c&G4Ka={$-5+PLF_9VhG#`GWM^ypVl{hwg{t(;QF^o
z{&)SL&i_um@^1$JcZvNCX`DqG<LAZSvlINS8O$?gdWKY0OW8=C|EI*>BHB3rUjP6A
z|NnGY3w&Hfx!;r7Z6}8;oXxBRtF)(_Ej=NfvgK@=q@{GSo8(ZS7}$8Vh#JiD=!+H`
z9zqHUjToK=37Qdbqb-6wq}W=k-bd^0eZP=<ub@^1DTwd-e(<{gZ_Y`Y)Z8DWb7tn7
zZ@%aM`(~djsgh7$Nd=y=E5V%Z^oth%R#7B^mh^K$Q8=aM^mC=6aLY3NT=^JnIVOFs
zCH<_Rle8|pXz_W?`)ca#K4tN5x1_%#R;9md@$WRJpBF9Z=RN!d7XPjaO2=+Ita*h_
zbX)v;E$Q#$#1Aa~{pR#xoH*>s^kIl|xMcAkMC31MemTf52l<QD^byu=pIl^aUp{@L
zZ)IQlNQ1K1rGIE&oPNpTKWs@K!Iei!b=}>Hb*NHO1zF|glqjeYyK>N(aJojl(7qyM
zp%vPTLc0?GZ-tgh3YBCdj?(;!WIp|h%6cjpsGLx&qzWw6E$g7;ODg2cn6UT}r`PFn
zMQC3cvM!f}_PkJF`DM+ogtS-WE&fVt`d6%-1*Nw1&w~}|qk&rt66IpxK=z~MmF4u&
zh6DCh=^xqa)34ea(m%F0rhj5@O8?Z}oc@``e^gEX+8ed6sB^a}kyM^geV!_1)kRG6
ztLEnOBrfw*mZc!8Yw=gB>EFyoe;Mf4&qDv>YWlac(O(1l4YSbyq?-QSZ1h8*-#82X
zPpj$Q&qjYQ=r_$m|FdfP53|uP1O4V%=zk6)1}g&?QQ23ge_?M)|I*^WsHXoIG3kz(
z*b5Aoc5u0R7B0W6%Xcd;sYF(l5GL%((Q5inNpOe=M;uoz#L+FY96gGVnuAY^|EiFF
znJJH=;@1d|vy6uv1j}#Y*?KekZ9LmxX1|MP8_n$Z@obZs{UM%hHnTs*v#ZVQPw{Mv
znf+Pwtq8ZRkmt2(`gP&j4Rr|@sVp?VCh4Z%bn;P@HiQi7)h8h1>-fO%hUOo}(Q9z@
z%~qL0q<TS{OnNKu=N7$0spvW7yiAr>mSnPF0+ITby<R5l4brkV${Kr<WEOv`D(8q7
z><`yDy{hb~AZg-r8<~qyI;BVi%THA0+?iw)mi@<*Syjnrl2J5Xdpuc9Ro2cV`zFY)
zJD!YHr9G4EMUY*8JQ*;8&B3STrwZvem@$q&2UZS@Ca|(UH=gyI8INbznptf;yUxt)
zcy_&+ouK&*F!8o-%de}-27<08*$~(jOiBo{7TF*GRhcA#m0-n^BPdt_SgfG=N6vTJ
z<b1XQe{PW_M3FgOUd|UQg`AI|Z;)wwo~*b0bXCsxpl8u@OL>_ge`Oka?PhtRU63c)
ztrAL}=(u^rd1tQ1gM<ZvFxLFWWPWoqg|)rNQ#qDNW^$U}l+3SfCj$ZgI$(_s%?FZs
z`L3#bCqr~q<vTi#+BwL=6tVG&9o-$7YzFdf2fK5savsau4J2!moac1_ssrK^fX~fI
zXYDhZ-?BNy5>7&_OR>R(h0P5129xgQ)>RUwKWR2mhm5ENM)%x0*WssD<*6hN-9s8o
zO21=<^pFdzhe>?H+EE?=-7|uhqWxT^Kr|mscFQviO~zbbn0fte(e+c7%8?u&o8_*N
zsk`c(-aKVqA@nB8gXN1h`8GIoLFCZ9TtLoTV4RtSGf%esEWTNNH)!A11UkFH@=rF?
zhGuz!IB5dFRvJ^mu=4tqs3_Lc**__034-2k1Z_(U?GkF3Wrj7sBk9V;Re9PNfm)3y
zjw!D=)*TebdP~Kzt>xm_V4vo94y3m7`4x&gWeEaAgkfKYDi14)=DWZnN8o2s-e6nv
zyQeK>v6R*P9$Ip^<8&Pb;N-%7=sp~Fgt;&o*5<<+^B)Rrm<1M%d8&te7JDGmlNrv8
zY5wsj)E1I&Nm{s9^U;A+9@60!P>e=FbT5KPO$AY>sPQ^0fcr6)sSuw}P&l<o7shs{
zXOBw;cVX~(@)Q{T?UsK^?5F-?eyX2<z29yeL0|I_+UGLMe+SIm3~StHa{Hag3tBxD
z0ZHS0B<y(@7id04qYEKuTnMFT|Fjsl?>DER)hB@r*SVITYm$qYT~QX{&LaGsuKB01
zcRltNH%XuN3?}*bYt(!kdp7`4&Zz4($k9W-3UY{9Br7O2*GP~BZL$F63)7V^kn#l+
zZA~!1S(e{akV`zrO>`FGAj))@c>lBsqg)j4g*e_Hm=^CnsDkocy_Ubkq)Tp!fjR!5
zIo^Szrhh`N^-Shk&s9lzrsfYJ-<GdWwn+&ggGk6G83=pcD!J71CB9AUFRkx|)@N==
zHpykoKD{cJp~THoHKto_lljsL{JB)wh%WE+c9SnV!qSv4X?>YaZ1OOk75lnlny+a;
zfIu7JBPglKXU&>_23EciR$ksJ+eN!5_f=&xL3Z8X)=UyWjo7cKvM`N90qCZ@9@W>6
zCP4G*T$j71RX`?X0S%f@OfJD1KzFjyX9?ZApncbL7j=<~x{Qlj;G(lFzoja>j-mTX
zLid#h-CKd~Z9w-Gmfw0jWEOD2=Vn9qos&K+cuM3{1$4Wjl<SDly_B0o_bd?=bKSWN
za{J*3+l$Arz3Al(w&#HDVEp+gEgzYQ?F5yYKN?~CD$8%1P0%kGL9>kRc`U;A&e^d2
z@oBP?;7>$Y3$`m_TqluB6liAu$q3W2ztUWroq6pSqid(^lchVJI_{3$Q+J#l$4+)S
zp08??3N8$%yD%gdhQ@{Gz=f+V{~Xm3sD6?S@u7M=JSCP7TK?+#L9kFwI1aGu@s3ed
zSWMDhkj;XC2!us=fq<kG!_d<PNKkWj(P}4bM`ITvi$XZm{7W>RtN9*;@^*m9ngMy9
z%NH_lu{=+ZA(n&7-nkC4_`Etax&pBNWw`N@0eQZ|=QFWbo-dM)>vXb^x3GE#LY!~@
zy+HGQV0sH0i?!(l5!49qYX!frAkt66z#Z--EdN5y_k;4*yyYXtE~E|!gFuYcIcUSs
zcmvhZt9})=<FBf+JNA3jo^5W$1>M*r#V*qPYv8m4oGxyWWl;y0vaIRdaqZU;H=b$h
zq7GeN428?h@*?p5Yg0Z%&@X$KO0a8b@CFm58}JbfCa%ZOZOg#~*!;~vsvDXIW)S5q
zsi5ox_}6oS&8Z;Koe0*Y=;$RWIv}C}2|)hoxfKllmPCEG=6?rKham!VdN(6&pFxB;
zL6NClMb<r5WWB>hwza>=1}jB2+EZi`=#+LBitIp+w8Gn^wn8pyD^Y<B`HC`9Z!Z$=
z5GE^e(Sc;I{8XE)Ao?m4eNIUYdFl{ufIPJobOVPpKbTZ<OzjPD=Im&{tZFxj%-#$(
zzX1*pw8=hj=rbJ3AX`;Zy8=)~Z2CoJm*#&T5q=1SADSXOr=-RLbucCz5L9#zMTD1u
z@Ukhw)g?82jBrFyPx22DVJ`@KkEM?0|F}8jB=QNiE;ZyN`lG`vP+nPOJc^Xs2SuhI
zWRdP4#PJVK-J_5;0a-1&=pm7*X#P(T<p)6dfho#%lp|2O5oKeo$n<Fb&k^POLHYhE
z%3_Ifa*DE1P>c635#^<zymY#jg(<r=t`Sr(|25L`eIR__bi&**!ixlf&c8*3mw@mR
zLnvrh^M6NDT+t@iVSSx3(;)-QY_I13fp|yb@E&HV8n#Nl*Ye+^_Qug~x+>88C$MXq
z<-eEePP<Tt5cP*f4mg_s7x-@0{F$U9uW`1T?CnenVPLHRC6Q8m9j>QXz69dY_&(@E
z<E1bFjqiuaX#4<-OydXP78-luT^cV#IMDbZ#1D;VGQUA1oN|E1%QgQda^z#k5xmx2
z3VM6QqrgYdL-%Lr=J}!}@+xMJX#U@jbfisQ2}5jT`KVXeC<rOsK1!=NSyoRa3$>(u
zC@23D`Dz0WZZH-^Sqmb{+6TOdv~iuF%JaVw>3Wc^XD;dvsIw!E6U*~0;M(c&V>%hV
zrO8ZJLJ(#zviz%@e1Z&^4U_dQHr9h9>A3+y(6|v=5FT&R{5j}-C-mNoI<ciewacq7
zl2=>))pZF+HCiN938?ivymzr`oJ;c#L5K!8-Qx7RU9K0}cZDLZLP(o$8w}s7`FFti
zZeZp$b&#6@&c6#dPg3I7jtR;npehgn6d%_7Fo^E~nr^Gg>kLF~&7-qny#S+U07fqW
zjGQbr30}oCEZ;-OEjH~Rw1>gIkGb#kI-OaBPslrk=w!ka@gHCZjp_?gE$NSINk33Y
z^B2cc4nKogwS6!~Ke;^z-ao{NCe2^Mumn94CB+d0=?$8{JdiTym4KqJYzLA{Z%qQ<
zKcerY_&jd?)y*jn7!m=srC5$)3L*y(?8o4LX7obw=!L>UdMTMVNiysSYj2qLNa+X*
z3NVU-ovo-`&qy~K`kzEq>RPH&(40WaXpiLS^bir`_-jE%4!<rg(?2z3`g+ZO278ag
z?Kh|zZ%$s`X!#$}{O7a?C*0U72UuNio^rRHp{HkYL$CQS5PA7YL;Vt&a5L4-?BoQ)
z_LOrp$yofwmNDb|qtWhBvu4^TI5UHdUtwd%G)MlL=1>QxI+J)uWj(Jm=TRbcf#+}L
zx(WK%;mZc(O~w~X<V^w|`fcPIMlmpXj(K7vpO26J4o4kD_!4v`1Jj=6s5ajSg>RbN
zC}5*QL=TD^5yk@r`4MLN=-*$6J1u{^=6`^dK8>ioxmn(VjX%a0!`ipB$U&_9iB=Yx
zl|d<o7*a{|KSSoTFvQgK+m}DIRBn%UU&Ai?{@14O-m3ZQxauKXwWC=MgYg@X;Y`aP
zZjm1)<{y>vHmtsh)q2anZK<T1{}yHi%m0}66F6MO;gJ(vNBdSJRF=Hq*B}`##$cxq
z6>PD*qqdS=BJW`K0wg7QUHc3YEr;nsO8Ikz_LIQCmR5N?YiGhM$lJXEdAm!U42}o2
z70bUJVWIsL&b1E6JB@FAd8eSQJJ8lf0ePqP=NL({U^!=d%H>N%CjKdt-tGPz1Xvr~
z(Umv96J|quB<0Gx5vq4-e=byd7@v2y%1@Y|2&?igk*CLb2~V(cQMi3g@}53>WI*1t
zmCyIK`SRnn51{PaGayIJ0>(i;zi-EOIXZfD+m3CE<)|U}I7tZkMw{flIPa+5Sb#DN
zKtIXJyDk4-?Q{BVVui=Hq}Y(dZo{*`cd#$PE_D)7`{hj?V^haIQIL1VzvSJg{aWbo
z2$FEDF0V{tncsT@rhOZszZL^>gfC5I1g*HTIw0?lLF;~iNA%(~k$W*B_kMV14bGlm
zQ1_GCuLJu>@%gE`-d=i+my<JI<aAFu@_st<{t~IPs6hi#!z($sY`lPirV$I4KTc0X
zQ^rTS5kn^;1XliK+0pb{6cRdFK(=ZBBnZ7`N>1~V@g1rk@ktg^mt3F6$xmxP19=~V
zybt{U^43RosW)~hkX`B{yF3`%<v~%Hd>9CN=%b}h_85u9U*1a+Ke$9bL`u(8FFU(>
z55dIeL5#N<6MshgCqv}N5rvRo0vW(OUru-eloKa9uJ#)SQf3ujrYZ=a7o$$%d@wl$
z;eEFD-%dHOA}MZ5i9}+MO*ZdS0)AHe^Ki?PNZ-#<C0>(&*6+Z}^@29}1$H)*Pc$f3
z?##<wmcKJ<L7ouyJng^J2)S!&DSjV6>Y-6bgTf+Cr$(F}Ax@7Ir-$?M^OpZ`bnJ1%
zX};m~`KhIt(__R*JsUyPBiLcjn$Jg@<rALy`T{Oy&qCh|pzi|1<uT0GV&<CJ;}C$l
zk0+oKjZbQSA(Z_hl>K5=K1t6q0!9Bc`2BNj@+mYyyC)m1-BF`OEjr$0Yg^HVJcZR*
zh}}3u9G}*{2aZpH<Cg~H9up?bat~{gd&HW=iGyICn=Jk41N=qfaM>BGwlV~-ojwk)
zVX|o`(Ej4_l%h%hP)Ym#I9_6y3>++Lzi~X(OOug<ecC@`9I$}N*bthOetH^^%lmSw
zTu>!MaS!?y?Ki>stF*twT%D|a2zNWX-L46g|EI(Lu!5?OLLcVnH_4Eyy?K-Gf$=UR
z@Yt(;39Y__(ED;#?qw79(*ts^!Qf`O7slBeK)DHo;8LTHXtXYaK4%(zMC06r&?j&7
z5skIAE)-g36cUY%wJtO|%V;DT*9<|Uz-S~IFB;mW{la)^kS6O6?$Cbocxsd;mmdV0
zEgw%!(B#(I%XY?Z#rtw<M?r1tP<_beiYoP+ABe})P6WVmxb*AVZ;33>_|ie)JmYp9
zfC2VE>9KHlh8bcb(9fRxwBHKd_d@rtROP-%_kFSM`=I+i=&t>?>58wIuK3Csil040
z@m13mKWDn)t0xt&-2u&2todQmygk<Z)q^{=UmQ>ErpfE=P-u78fjy!9Wr**EL0Cd9
z=nJ=nJHq?Iols~GxpKeuOHgMY)cI;v?vK>jAFHz;>g+e_bWB&LbGkZRGt>!ZsB`Xg
zb=FK*=e#L(9uUsNVAtr5(EiGCatgJBB>bB8&xeHjkwRZ@mS1D0iMSx{fAK}7`y5ew
z3clCU_iB84RLKn5VUc3}gcMg9^n(6{2D`Hv)A!eS^t=840RRC1|8!Xid=%9g-^ts+
z?iz8zTMeMX*jdYH96CB1B}C-08?qz%G?IAW84ZdcXf%t8P3l6TO<RwkcnsPu3f8*?
ztXdS2L%_R;_l>u;YGb`m`v2ZcVxkDYWafLv|9#i{j)@!ft;3>@{eWJt*9o3Wtje)m
zG?x^d4K=uCt@5qIONJ&Ma5U?IeeBgN7n@LNKgfq~+ooBog~_nw!6A<0TlMXwPHX~?
z4|DN;ZK;Uu&0G+IrGyz3JSkj;iKuR`ueR5)arRo~WLSh(+G}}YwQn8KUaH5&B+I#O
z7?W7k6e(5;u5j!cEMbW*-<r~18c|C`|LL_roy;_Aoo_XO(Fb+STHj``(_<qUud>&%
zN_!oc@~y^ealqb8Tg!dx$ZJatysur0*@t*8b~ql8>~N9jB7q(%(~bFDFt81tkBaJY
z7r}5U6CBz)nrL0<bq=((8oFYnD;@hb_|`FCVGUT=*k*4CS=fL>Ht>TZWx5VX-<k>?
ztPoLNYS<5B<tE=c7Ms=@n)PtCy@?&j>`fKIupe1$KdM=eKu2b!y~#|BzyXi;QOh%|
z#ci`UiP%V<t+F>kkDIawM}`O?SX%Iu()MxSbd+F8D9g8w2N5Nih&Tbn;C<}Jl2Q7_
zgvN#n;6El(ygXW-6lttEF>2T=1%s-&FjH#iBn;hKw4X|KC-B(J)+FxEqzp5Ya@<P$
z2{RYVX4tZ9rTus|7poWhvhnu6H0$wjN=yvsCo1hHK_7vKn~O~mdj!KzigH--U%iU0
zfE%VsvBcMAk&89p{HDRW(5$CGHG(=>QCocL6zFdqUY{=7TlnI{a#51aaJ?bJjpht@
zS~Fa9WO)6R8Q!!c!wYw1csD#`%jVcf^XV#k3lzHLX_#l(X2GV3hNx&xiq@3qNQ*0L
z#rj6!=7rfQ_(E~lQn3WbHvhyQrh&GJh8}s+w@&SyPk~PP)@i+T8g$yXruWjdplf~W
z^j^9Vbfa(0AUr*$>vcWQLn@cdrE=+9ZLSfnwiH?^!G8_^qq*p4`<e1-qSF-I6$`nT
z#>jZ(sq%DrZFyt)G~b#T753}n?PoRX8NsKCB=5gKlt7v@VA2o8G<drSs6A+8u!C#$
zEGc6t$XQ_L)Jpp~mKasEU!2yHNYQGIR-cUN*;qZ^eqOVl!||H+e5L)u(s+YlOGPIa
z3t4$*`NFOi;ag|ooV$zmEAW}S5EI}h*nCzXx{2FB+A>pJIwDC6mVR4pzl<R9GBb+y
zODP<hVS1E2F=^rsq}0)8<7mO$U{ts%7^KV4ed`>AvmV{i>kQuicD_)wUu8hjyY&pK
zH|y%5-SxSA&V(+_I>Ur&;plAWGOT?OE>@+aBNuxqq|R2<%iz$1sIOr3ND@Mgz8bD+
zRn%*~m4{P4gxA-L_G{#nc(^#d%6`o(>lVFs$ha+?g5|-ZFu8DR;Q>&*Z_T00SF}H1
zxM|=vnqf^)K}#~j3h4|JIOyD7w+r3yJVn<kL)MDrSaBZolZ~?Onoj$T3K4hht?{(I
zRkOAV)(Lfk1$gKAfeC8iz2$J;xkMK2cRR_>oeHc|JO!`|2&|SZ)2uga`|W&9-hR76
z>}$U{(SA#_-Xz4vpF3cA-nV`m#Ekb<uwdQOGHh`kQUJ28SAuDf05Z4tUW7bo?EGE8
z%X<TO`2-s;Bwq4tbFg>3{f=h6MI5BJb9_M^(#h4Tw`oTSZ1+yl{x>IB-ib)Ty9#id
zdFm!a=^S+r=EWQb@%i1*u=AB+-wUY@MZF)!r8Y(VJDlrO)CXadI#*Hu@vV#C5E~HX
zKTO*nG0JkB?%&0S>9M^u>!Y;&F;bsCiP7NigTaq|tLrc$hCToFtv_J<MqJFEGV=OV
z=rJ529cKF@c>lE0{sfm)Z;8}3v0P#k!bVhuiR4fRF8v8sk=y>yxBdjEhk^R3&|KW)
zLBjrAvp(~!OK2R-em>UznoVTchNAsh)=8``t8Wq|&6%v;n#md+l+HU;h~#O}P}^>Q
z(H$G};)UCSe;sVJ{RL}<@JB(AO9$&sn)OAy{bhGgD@}a~wu7n5)YO-w?XNTwzgk_4
zAC2+L)%aJw)s1xD6D?=zP47u1U9wD?;$|s0uGg%u)AnafBt}ur{>HZ!fc-}x*0)9b
z8x>|s5GxkD)%N%9IQu(SWZVdH(|6g#s*Gzi;H@Ds3Tu!m2RSy%neU2NDH5x62TOH?
z1cunaf&D#LI|h7Qp-lOMZ(T_z!4}(!_77lSl_+r$pOE|jD>cBDIrZgHVJ1a3rD}+U
z$oV%`%Lp4MOTxNGmheOccHnC3SaB6r+)n}~!%#@K@#?`wtRi$tRq$+cG%td!YztUA
z6x*&LZFw5bBeP^twxy;o4kIe^k(un$4d1#};iy>ArNh;I&=bQ5iE1y5kX{KGMJeS0
zcM&9fRM)&{UNWXf*m<&)>G6ey2&Xq=ULj)Ai?i3XLd5OBTcOMl#Dbet0$+z~m%yV9
zMc2qEO0MhLQF5U?G{W~D#>0%MIJ!Pq|7Wsvlm+aR&S&E#*cs$oe*rs>ft|s5IVfN!
z*2hk)mz`K2JF%a#Qv^ItDfY2b?8i>==j<#F*5A;dofxq*Nb};pbtBk$9PA{7#s?X)
zO!Ic|ttB*QXkJ-f?!b%)n<IAwXL`i!kV9C(x0a$n?%`&*VaK@`jet2I4<Y0oG;b&0
zx(Ogp09g-^hiYEAZ~c`9fjl%X%L8Oi$O6boLcaM&WNhGbF&ZK#3AtSJcJ{4X0P-Y|
zcgf40p+c;x;1LvlSXD7c?#x40cjkq5xtp`bj2HMmayPCGF%WK&?Q$5635*Tn8n%s>
z!!>W1h;M^|hWD#}ZXK-0GE`<J+4N;psOMr+QFZv%ZG)Xywp#9vE3i8=;Pkv*jxaX!
z_yjguj?gG991Ba`t{i$qrQ9_c-{xC)kezDLZ3OLzw`<s!c)JZkZL4{^0~k@w8|hnj
zLclE$a8#8XNoW&DAA4vX{Qqy5dKwDcBQFh7;9R*U!!`O9O8*Ig3Vu}<F_fqLJ>Z`M
z;5bDZu}Rgk5@orpL|HCPN2WB-46bk`PmI9A<FRm=;ycwhj;pO>mEn$+dz%x@Y(rY^
zO+T*4vY`>2xaS<XSKuEtrnD-ACVw3_<Y>+Nbq6L20q>*xy<6(tx0YXAIxpfBc*LDr
zO524S3c42=8&d8ava~|6R0$#IQt#ticR>x$LPK_y+^0`NztOxgzV#1GJ%_!&$;&Z;
zhW2CVSPV)qq?Ws(mfsv8o!}}s)pCE>asMEcIdXqq!{z=JBJsT3H!(t1Y2LmFHNJIE
z49diT`^}N*K-Nm>np%f+S%J=H!TGqcX_D;T?Mj9PX_9P==2c<S3BdiQl5BslMUoxh
zTPwl-3t)e2QI6;JiCrl4bH{Cy2ckh@*>-tgeav<bjvzcAh&Bno8?-XR=uMyZA^2{r
zmNjJMgUHI&jvS|X)qyn+f|d0qoeW9=b4pI7hQx>*V#oc8lW~0uDWW6HQaWI$N|C6@
z?`kl|G%$Z6m|vx~9M~quE8Z&QcyOc(QRgVoOb!k718U9qHaUTsNN8<>sfjJ*s0V>t
z5_&?I09LD&D6k)d3SLBdm{^p8Z%v$YfD{Z}gp=Vd*}5K=ItiA`s?LG_#~sy3l=Kd$
zEGV;@m+`GNfO-i~*`ll^C`xY}>5Wr*t8GYB73CpRNtfyMbW`GvDY8*958SK`O3r%a
zCACF4iI!n|wVcey$w_>xN|T)IFsUJN4s~dFYfg++P*KQq62}Gct#v`haw(6+tKbO%
z{<;8PSNM~PK<#DE0Bj3dzHYR9i(4HzIa`yJlPj7MFUz{bE7D7(<-wX)*DiB~H4W8~
zo=8Wf%ykSmB1L&<AWMN{X*ET2R297IgQJ#Z<1TAa=jGbv<R3Rr?ik*L&2qb&AL`qj
z4mW$)+|+-wj?ITD^^gkpH<f%F4nyzd9bA-$E7*ublM67hkpScS0gPhD<f5!stxO9A
zQn$`AbBR}TZjOhJX=2SGVKusziWcwCklLgu8Bz}`>adX7ps2$`YNMj+L+TMl9pPJ#
z!Z%*Sm7a2dY+%7Bjp=J(r7k_<TaUqNb$BF7u_*|14OQ|8hFE>1=ApNJ9J{w-_mO$o
zNO^p&JPN5wRdC)>bL25h$Gztrcqv%&XdW+!#GW*FbbxRS#eqi6o9bIn0O<`N9eaR0
zf%Se`c@k-RiX%^CHB6p}aI~j9E-^|TuX)E!-`vaNzrf>ezO@;lY2S$E9j^k_Q$zvn
zgep0;FEZj@od`_2Z72EG7CI1jxhXGC3L@mmy;=6;IkLGo)i<-kXn6{<r*A#I-Eaof
zQ-Vh`Npq6sq4jwN;BVsmQ*Ak&n4ezJ6yH~#7O%q3e)2TUJ1tbw^iUzE`_{AA^A?OU
zqbO%H74yOZbXG%RN>R>oTM{E%<t#q2EQ0XxTvW(&t7R*NxK;{rGaY$`=FJQuS1UrC
zGS?Y>G$pXWgtPRfCJKCsw{s1>kq^VOi}Li~jMMqV9h(f*(`MZI25MtX`Uo{CF{Oc@
z-YC!Zt>>f0j`L?UR?9r{MxOG2gi}CuWS(+I9>%JWXCimBXx^DcnKvO&#xxKe^V!4{
zYVm7bH0L61B47jZEZ=$o63v)_cDWI?hHt$X)n{KP8rje$@OIYBM)lRP-;^Jj6@}}x
zsQI&JHde}WSmM`IPSC(Pn5J9P3Qdv0(K$YU2A*?#>m}&<9q9R7Dk*cZaaq9|sP$qh
zDmAdvlkz;@dO2Dz+h!z-@&e{0DpZMb-ppjBoQp$>@_cS2Mo<i`mgi^3;m65jBS~~r
z937RZT=12sGkZVXiG&(XDv0xY%bmF)e;42+;_J7*^(y#!w_fww%Ic}vKnsuZ-&I|i
z3B1>E7oIK3E@lL#R2SrRB)Y#<%Xu)u?*k(g<;6Vsyn>9`;@Yy{*0{0&|2sss#}Adi
zi=Qtq)Vy|TXMnmDs1H=j`2d)&syMVS5sbgl_Yur2PeM!dh2l+Ad^PG@txIhi%TnhC
zErI9Xg>Y{La2<f_=nwbyPvELC_RcTEUD$>ENqFyKALQ!<UgwWaMxRJbNdF$LevS~5
z>Z1`5(h32_El@v=){7b@+?MyFhWsNPltjmwMd&CGK281m5K)vDk%g&%#dQO=8#qNu
zK_Pn2tAuX1h!l3J^i`Wh=Ju@*4iQ7^VZr%OB2}y%ke;5M;F_Kn0iB)~hY|NbD&qbg
zHY0!Rf<bBa55Dyw?EXFi(I2muf8bQ2h2N<^LW$-DO<t)XFF`c<lW%>D#UEhtC1d4v
zd?GiIi5HpU@MC1mNH$~Y4SBgJ+Z1V@BNsKdAWF5?w8}*lv7zxf^3wQp*&UxPuZ*88
z7si|ARq<ANb$ph*Cf*{ijW<YN^Dd=r1#Ii6>A*G-pCK=cpD8cbyvsUiMxTq{kusx+
zm_#o|A4~oVK9S+Bk5cYay)9ZUF%dI8^g)k4j4SRhCxqBAV>=L^P&HbVe;x>NgPQ3N
z(fxDw7J$7gG;hH#viHA$y}t~^J_0kJ4#2+Rm)ZL)V6Qk3V!4{>4{@b}FzUAh@i`p%
z=Av9Y5aMjid@%rG;V(mc89>}H5aJEYd^G^#s$YiqI)J!wAOwAa`(^;d)qyU$w*&EQ
zpw1-&A?Wk%cLN}<Q4nL-YzN}|K%GkmLM%`-{UNRmxQK1fsy_r6Hx0ztL(TNZ@D)Z=
z3^fS+Bgoj7Xx^f}x9igKPn7+x53gyDx~6{)sZSL3myr5YQN@t@Oi_zN>I+5P5K><$
z>c)`zMo~*b>N`a(4XN)HbyG<Fps2t4);8Sp55fP<Rr0TFh@oS?iThpz5pVKXc?X-w
zxH(qdhECMYrsW;k@WY6wk$KwWEod{6e6+lUFYvt*^_3)v?IqNGk6FNZP@5lu4Gf3}
z`d*aQjAQ)bQXbI@$p}BTG+`GatUQ1%C0O4ZM1Rzq5S?1H=+OvQq|w6}s-D|5@0K=s
zYk2Cd3otoY{e3Q}E#UMQD*}lHAaMnf>;;MU2f5Yv5^9<S)8SVLFA;2|xt?UW_BP0E
zD&QT0*&X`rL}<O;_sVGGAU5NDEZQ-6_apB=bCXU74<Th7#Hx47Ah`w91Wr`%+!z)n
z>pP%$3fg!2-cGQ~N3hG^it<hrY3oG^@BJ`PDgW+jy5ms7M+Q+v``=Nk!PO|2d3w~C
zeQ32@K^5Bys@Rq}a=GR$3o5h~sMvh3Ty=lT`-Xbc64kKd%u+}G110VXU=cfa`QA{l
z^D%PNKPu(j^zlO-&vT~wD+$iOyG(uUQMD6T;JE+)td{p6o!&#ezQT4XMN<}aqrR66
zlCr9Xl8g>SvbhI4DOug?dpqO6|3dzMR>^zW5S{$;Waw*`z%TC){qp|MFYnJ{{uDA2
zp3PjHP=ON;zymehHDl#{YzgCds9cto_fhhlM*314eQ#K>dKgw;IaaO=@mGfUE3;vr
z&Cx7HRbRFe8&8F(!<8oQ3#k!`x<90LRn#iq+YQq6KpK=RtH>;?Dnyf9T`$*a-s->x
zt9W8lSwyF=0KT_-V8M;FbR${tK}W99ya$7&8<hn|D(p3VLlxuY2F+XBhqnGlcUjlx
zE+xuY*7b9iQNdC4=VM8KK9=hp`H<$V4{$cAqYQP_Lw!RPnzup!KL7v#|No3w3w#vS
z)t|}Th0U1INoFMo0s|8SvLuXdkR%WtvPt$r7z}QF0D_AF9n_1_#5a*33O?%tU$<Hp
zMQyDwT73J}`hEO<pSHI3*@tbdwzXAjTT$!#_5IJ?Nisz3?^AB}%$ak~`<#33xMmA8
zofc-N+ijM0vgu0A()s^NK5-G#`IC}Qrr)O|pHfn3ykqM8r;YwoY(Dd!s`B#w&pQ35
zb^fy!rdcWfDa&}WOtV{<3w~Z&@~QoCFHx6vEPydvEH3yzXRc8NVN6MRdT8J7GMDtI
z#@;0M;{TZBPR#V5E%?8z?li`FC00wd>quVRA9oXVv7}W5_c&G&viDfb@~T-yvZ7k@
zX%NQ?{x3+JnFnjzY42oNV>c|+v$1Tf(uMq=OMbv;Gq3YsNIqQwzx1++N(P3bO;6{~
zNInBrzYD9MP5I9;9ebYZ_n$WtwQM12{=B7oIs^9k8U70kHEf*OA2$<q015ko<Tdn6
z)GUMt-@Pb#3cTL~?_V|gFOo-JB#-{O)Blame_iy<i}2`RcxL&(PwQoxDfuk;<);Pz
zk1TII+3dfp^WPBlARSzoaj|orMGTFx{%?)l{_k}D+kXG0&O~iyp_ZHOzoh5J*qxHs
z_QyN-0A+bB>1AS`1vP8Q?UL6)+dVP(G|4Jr6-miw7k&DQ@~K<&DN@F$$~u)cEP4sZ
zcH1HZ10!I5m-7FR)^+}S&taoX|5rNygEGJ^8t^LXG<NI!WyQ=KW=5&;N0`Zxc&|u)
zpo+|^*hYvyNq!Lg_HS3`e=hicVtb5guLMS$nHJWQYheT31^+dt$C%XOc$-uHYnzR!
zWp3VcU>hu~_HwW=9W%>2QvP3<F~_vEw(1fGVL#sTV(cQ*mb^aZii6C&M#dzwu~08d
z8Tl8_sA4L4UMtJ@c&y8_sy)Z@a*BU<y_aeAG7vE*X8Z4WjCgt$a`|8q>H2T5dCY&K
zDsMFSe>Lj;zZrA<*LD6^(xNrgqN2K@zM>UgmwYZM;w7z$B-lvafB=*>`~T4S-$raG
zk~b>ydPK}Y71XOeO~9FI&+A^b<F(>tno2~;AcA=@PmEFoZ$P!TpjxB<rqP5o*Z;fD
z--L)mzi!|Bp?!b<CX(hMlDACHY-1(qw$?Q1e1b}<kW}(RNbhF<UpoJX>%UDNdK-yb
z<^R)opOF9by2y=jTTDkD{7VHOj{v+a`JvRC_DJp_BR;To{!WAcE?dBybjp9%DV^=5
z*(iiT=kFH$Jr;7J%(h!B6Uk1|l6(Pz^nS{Jj~O3^;f`hhtinA$i>}h567M~adQB!_
zCpsYE-;%dN*vA0h2RFnPl_PoEXfv@m<$u78PnBtsw*%vQ2vJGei&=5c{|H+?@Qe?c
z%A*e@&k`SWnU5O$FIicqR}ovlkUbW1$nw%j&#8v~l5<2IKMTQc$t?df=t^k?x%I#<
zD!yEVmlGR>&YH07!EWFR9bG`^aOQabV>t8^oqtSOfE0<Py;eqAb?W>RuiBylalol#
zw4F%0LPHdUhK<wwPmRg`7drn`g>*4lW!h$23~Z8VaH8Ho9d~gI%u@d6&`;-|Rd&M0
z&&hnqVi8$iC=bxvFYEmeaY~?11RCTbl7S9O=(j|2AI{le>jA45v0^s~P(@3Y*a;xx
zk{^cmUwC>js?7GN@=$_EEeAB6$fo^LVl*?}rz%ORDhX6^+Yq!=6^Ze_I)Q@GWDAj?
z{SCDMbg07>Rg6`dAWBG{gSamtxwOnQ)!EbqM;z8D%HZ)aMUSV%7|R%6^n1B8&k^NS
z`5IjqH6>U~?4t*U5=$KS@oHjWPS=@wP=>wCs8X-WB|n1lE*JwL<cx1geq>2yP2AN3
zv&?nLSf;{-#zR$q6e8ByD3Z{mYEYA^Ax*}TCS#Q*70{#-nm|a!aNAp_Y<A(9qxbSm
zrGn7t;5s8oC#&SkkZpA-u`hH*QFt*2*f{zNR7*lAnLr!%1tnT_Fjn&A%9JW-Nv4dG
zd<9Gy4f_2GVv?gO(rt0<OtFq!F)=eQBPLSbi3!GJF<uYGOMVP|y|htGfQ1u^7S0m;
zTSk>0Oh9SD32>v0;OwtdMs)=fC11HHqX&~<;E7OtB^~F%WXV@Sd?`rnNbMdA2Oi!i
zrh@&nK?hC?9hef;P7PBIAYbRn0gYk`NS#4a2c(j(R)$W&BRMCk)l_gJ&yZf2U-IM#
z)XQ;d!!(E|!~v3bLp1~R(+lDNOPy*?i-qId%4b@vo?NY{$<51&nyP`)1I3KegRttw
z%+j=&sRuKtCxZRVQMQ<+2Q}uN&h}Sv5TBMc)(rp4(4X{PDD@9MIthxcS>h&gdXSQQ
zEi@^ECbJ46MVgp<>|srI=31;Ly8k2lT()}%E&1`N*)Bb(mHY(oEeGE^SJYBts;xp9
zh}lL`AR%UBGJqy0qt^xq2#(<(VJ42y^uU#T-4cL$aG>NTf(PZ>K?RX!bjq`QCMD7t
zV=|hAN0a7BOYEI`kPcl^FZs#XQh_aV3gTdPrExqBNGWk}WQ$N+4i2}>m3%$6R6^5+
zf|$$H^oh~R#FXJ>dd1w#lycMUL>p+gbFdhPzjU2bu;|dzt(R@vwr$(CZQJ%<wr$&M
zFWa_l>+W;@r>m;2B$cXE=F`YbcaQ##O>t&5!eBT{hU`#c$Kv0E-x=}W3#hsf8A!$1
z4ADMetZK!lRgCl;Y3Se_K<AUmGAt*x0piNy+_rnjsa5l2_lvzMrLH{<L`m84u@v}N
zrTwsM>J459LFaXv0kgAkj{)cpQ;rnew<#Sh+IFZjnUxhHmOvDdElOfLOaHYe8tg)!
zC(le3#JCL;-c1zjhvB)#F;NiF)M2MAh4;tOMu1MKt;`V|oLgRKFis^T=EVgPC?nu$
zURI1N;SQPS_mb}krbM87I-0!+Jv6Db&?J1>fHq6`!A(gII^9_lK2GplRnv<tNmp6M
z6im&8N*!W}QWGt(Vf<mER;j}?N+7^S01@fTSt|7gJ0S4<1>0gKo5$RgUyZ?lW8@;m
zw22ymlCT3Mf9XEAyspJUFkb)o2exXi=)2yNMjV&&!&BKt_Y=-<(jPCSX&f)HseECQ
zq~IeeQxgh|#dQ;;A-Nvpi7@>mY=Eeor1!@nAObBkSKN3+qkO>}xg_4awM$J=JVjus
z1ii8^x;|;?D&fngoD<E8&JG2)JuU)HM?7SgGW9GFezXAHjbkLqf>Hc@07(cX)`8K(
zn-iVhalvISRv5?Z3N8F{z_6!~n7w3c<gLaI{o1XKsRnyxpxHQo+ibzh^6$N~Xju{1
zA83S6V$wbb;2W7FjHoA}&ck7v@R3LoSP72ulu+&786m3n8BQZgq7GHjL=QV!F(k@D
z4T7@p4xJ}ioz%)^9-o-3w6B974?e}TNrs7foNe+C(HXfV#>ouAP8?l$r?paW-9O{M
zNUo2l;^oEkn4P7Pew22j-j$Y>oif`=NmER1-q$(*ZV$?9rpks@9GfsxX^EHjIZPf$
zEOY$5pkVcmcN%8m<<NStN5*39t0ssm-Q1s>9vhw>yA&&UVv9KLf%amzr;b3)(mlLS
zoqnlJ)@YEXZ)&UJq!O#NckW)EyM$8xD))g->4P~)U5!TVSsZ5Uu&eaT6vT-t4c6*G
zS{&*O(s)E=uG;`OO#ZBcnl>S99B*j-OFNAnVY%|quE-sbD||2Nph@8%DplRQw_+?a
z3oCpW(l%*e8qA@Uu|OfWwnd_5>!!_S&8=j#497IN#j0C9agAlnPx!w4eNT?$+U0aU
zCnOWqm7u7OuB!Kmn$iYa(QT`7Z2K#pqK=vm$HQ%Az}<Wn7VJ&hSIXb(EALM4p$|==
zm^S08++qB8w0%~qM<=b#Ha6`hi!Lsdze}@8AdOq?SgCgn;atv9mocTYukh|!7;0BQ
za(P%Kh|3~Sm$D)AdH&cYR(W2lp|nt5RE?-{`hbI1BX(W~K8`x#F!~*+6ffN^=-fT|
zS`MAryZeR5=a(c!v^AO!Nz(5ytUV`Pq~~1>#jLP4*QYo^R?=L0YyK+GYMSx`VpPg&
zO&r*3PM0$Pz=)$g(Q8&KB*-sboT&~xEo<qI8&Iy?z#{7fWx`jN#LaiY7KEn2M4X^g
zDhw;ZxV_r2rRkC>kMOmBC&zq2?lz6wLNIa)yL{r=pkrx9W(&;>7>f>PtFo~qleplM
z?Kq$ZbW0RT3si}ZYlF6mzR5<V_7>2usnHbP4aT_9Xuh6f<58Q?>V5i^s9^Tg;H)~8
zmR_fNc6P2(spo#mum-3bH<yiTd0pBU+f{ZzP8rM&i(R~BVcVKKgJN!=I&b1GVC6Sp
zE|<h}PfvO4!LntdKfVewqu_I@WjgB(P7P@sRRo`F0t^a&$5VcfjF3RArDhSEHAxdG
zKnj)bnt&ju?gM^;)Yug>*580mUG}J^9I}S_25lVL#e?*-A8bp9-H1TDMvkTtH1qR;
z4A2J2?T%@l7Vo1&6b&!*mgI6q^OSYZOfHB05_x9#qHBCzgwxUbCJuKPwli<B8y;+>
z^Qm=>mhE(^8OD`pXY0}^*b%3B`=h^}UJi1CHgr~do+BzHgGvmY?j%Ld&<8<;o#RnA
zDs$WHiFU$*Ivhc9V#PVc=O55U#Pcb{np)K}I1rmL#~nuU-}@35kG*kR=t{p9B+p_*
z#7Jczb?ya(Hrtoq0zDkOSMgbcle4;&0W<J<H;VFELuKB}i=g|9z8B|%ca~*d8$|El
z?O$?2Uu|p=lPX`jj+C4~3za<Ceuy}Jj5vOgcseQwY5uXq_z_rw6`qcQIv=rcUJfMB
zr268#XZhh`O8S+29}zWP4w^k{NSy}{bH(7vlDnx`OdEoRI{StpD-Ip~_nxMR&}iz2
z!q0<pG^@c?r1;_Ni+5()!R=^x_1T&SSkUD58RwOenAM}hG7Yl6n1;h0`&iHO$~KF^
z)|bP}#lx<N>Vfls1}?tA34}%1Vhoi)MVCb}b`(sVdhjMa?Qs~s;xitQF{Q!tu|-o4
zpU-<_oQIeOW&n@dz6X)0)h+=L_NmOdV4YxRKy#xZXV;1RFi$iri`rPjwra?!ykP8(
z(nGYfQxZQC{@u*;6AU+I<t)kvD=b{cMc<B(kZPTXw)-o74MRR`Y8wW!=-e*QKe}++
z_{xj#aO1zxe0b#4G@$E|DGjo5K-+(*!WkD^Hf_VnaMDY)PHaof+cZh#u!YsDGho%=
zjUD*a;O)|wNmN|___?F}z2<nw8;uuDf|kuo%?Q?gcZr+&$UWi*yB5s<_RFZad2Qbi
z3dav#y%?aO{6*PmSAG~3%mh1!e<AY4DIUER^-7bO6OZNuxDBI;$K<SfgN{a~25{4U
z66J3ff5;1Pp!3+_o}lYfhrdbsf;7MiSl9gfrSR|zR*IO8kIL9(QizsLR^Nx;pi==3
zKPCdp@EG7(uhVosMETwZzF;M`$*p`q_>nEZ`$1?>F3wMb%;q*FZpY6wL2bVnEKd51
zZ;%=236qYp=;T}GYMIIA`I5P8WV_4N;I_?ay;{RxVeYD*un&z+U&U?hs=sULx*;?V
z+`0ChuN$lyWonROa2*_)Br<fYARWdLG-`MqJ}l(n1Hw;QO#BvrAn#KeekW6%iBLO~
ziTh_6XHZWB{2(c^zlLxtE+uyC81ZWmLH@1~V)_8$O5EiV>J=~0)#UHa5Rp?nl;I#g
zUZA?zo++Y-YRK;eL@#~e&^e-}dH7w21~!q?Ec87}S|Eg<azr13wKPaCM-22pTFBGi
z$0&$jYVk3wrPIo>ohsrF`{+3x<oW##gkHGI4@54Q15=aRSj4wd2p?yV9lXI$<87os
zdstUuUpEn#F51FbTtwU(m~+e9Z9>=qZsMnSkv(zZJL3%pIlJg9UoxUsO<RuNJZMV_
zF?z9=UZla|*-ON?>4+Zt*m_3>J$%tUd7}GH))4-o4;}0Y{140^aZBO%QgWiV1qi=9
zg<nAo4_}y-wlLSlDk5)k%i&*zrjKL@*=Gojrvg4^pfVx{Taeo5Hy<Am|2>Fr@cj>n
z=>d?o9MK->;X)vevU2Dys*rJ!iBG#~j+IG5oFOmDka2K&gJWS2cZj6yJc}V$nQzB>
z{OovFi3t5TR{oF*|8_!IvJl8V0BfO$Jd8oFw=R1M_iDB+ed!H(efTby##o~Touv$3
zv=M<tb^l1O#nbRN@#X;#ii6WoKM#f@&Io&=yWjsNkW^D4b>yYjMt`5xah#|dMU!jb
zq!c9`BgeL&*cDf_3CR{Jh4#@bm4uq}hn29Tn>CayTVx<Lg(lG0g_9x1A7<ve^V(j2
z-?RO8{qoFnnNKq^PH{41a*311kFF9a+rOfW{mGeBOw`a8>2iFSZ}Lnlm&Wt@zhO!z
za(s{>GyJ10SLJ>@@ce@;*~d?QIBv?AQMum3w&aaBdX#e+aUWCh%{GdZzbO26O-iY9
z4xZcd#+pxmKU(Kz19?wqGi0v4_6pqNqJ6<LE&i^o($$SuY?*n_?OwDrgv<45Li(|H
zhNN6kE3VhhCGuB~e{XjHjOGm0WmLBIttqj+m`(xZ38FQ7wpyCq-5FfUvR73)Eth`d
zbkbUEee$lBc3-fM*jY?JGSW8&+#<6-ZkfXox4zl+RDXRa_hWo!L_4<0`n3s;<7<U6
zH`e_0B)l>D?pu~Hcv($Z;l@sj@~dL8vmW*GbaxI=GHqYW2_7w5+O;Cz!FXQ>039OF
zyzGE832UXQTv6I4`~O|-_5a2!en0k(nEtsFZm>^Q@{)6H=F|=O)Y)G0m)g|4u1M-?
zZ<Dv8fc*y*<{#fEnDS`-e#m*0BlY!v;u(EU)S)&TKYI|3T6RD1ZrzmEHmOZTeO(ZC
z7TFu<<<qT9%k|awmZ{?Me24cs%*tuGe36&y<YJ`Lb?2ATNmE_6A8n~>>O|9ptCpDW
zENId?7yAt0xVu~1I)kRus&l=>Rf)<pr2-87H?bt%9~+^hF6+di-Q}tyQoOKR{TxR3
zm*Ma5g-;QBBci&-Fdg1uChBsjsUk)yr=o8_^mgHM#t)%u7v07L{B-O)^|+I@M`qG_
zP$wnpC^IXV3Yc2>n{0J^d->%d&}~Gis2X%LukBNA^GAG6yn0)QHz&-@YWH>_BZ<<l
zUEKxiaZf|-B~DebT~d|S1RY7nIA3{qo;RQCK;2uoAz|c+Xpw);GEc{ktjQP3?D<gC
zf!U1|cl8&EjkL3*jG>0C%wo!Qr?yVq#+tp2<ytpp@$-)L=}R-In)_taP-mz;{aLL8
z<974P%()hJglzfmq<L}6htQ#_`)o%Rd@^=#Zw8N>oJo&YYSPNGrD0{q0Ds;N*LK&-
zY+71&w6q((&)SVC!=6g2o;!8gy?)%u4tr!I94=ms2?<V{9)i4<QfL6r?&@XywPZzn
z1;tJo(n)RO!B|)_4mG|D@B9_#l12^k!JX4lF&3-5F?oqh*+3fmBs*9Y4t@vob$nqd
z8u@4+%!r6L+0UDe%ca2OO{{W)pgKHs-Q+VO@-CL|jBea5c9JanY&zRcy?^H{P3_Z{
zz@k{)7BlCEZZ2upu{WqF+q$o7U7i6}bERFzO5j%a+o+fPA^b;(=;3tmDg6@6m`u!>
z_2Kt`G^@2Wl`9ATzT<N(wrMfz%^T!<eKq1D)h$QgE#B6J)6UTR=gAvP+4l`|pRJQi
zi`*6C?buO}V@D+1BX1iXgYx5x*4n=kEAosL+y^&1NopB}r?2N~E$2?=k0Y_6u<T(O
zcdVfre+)QS#>&a^g^XMRHar!UlKn%0P??#q)7Qxe@(19%`w2OWWJf`#TkZ!Q_p>#k
z{iO2KL!p?Cowb!pOO5ml7t^xl@!xarnxd)HSQ%c<%|dZ8*ZSF%lVD8ou96J#Yz_Rg
z{W}i%d&$Y25VIQThKDC@yAe6=Fzh3E=uBt&$Dx8cW@+B(6fvwLm<pE9moJr}i~#pd
z-`2cw<ffKs+U_c3d>8E#Gdp$-Nz43)pVm95Q>Fau>pxYl;(E^3eg!*hhZ9c&zF?s2
z@=)s6IbMAO?Yn^tJ)cmg$_FM%{8m}X^jKEx)4GgImxL8J*fwb<jg1a+6~lh`$5&4~
zUa1Xj`sb-;G9H#iY{kA+RiYSYS}7XZGP|srC}w<6osUJe_j!|Xm_0FJd^9oD)(?Ny
zz39w+Wjj(^I(n)XWpB=oA9zNRI8K>b_jvDlkez2Ze}8f3I&R%>o^w9EPjh!V;@xky
zb3R>9@wPkYsn4AF#!N`eE8OGvaE4qMW;=p4fjK{!R}#N}#(gp25AJt(#Ej(0GP8Np
zVfG#aV?Ler#xy6+$J*)5wMTq8W{s)`tT}QV?fG8hM|wP9sxpGOUNv)2mN=R=D4ve~
zkwR7fbLDb6WtC6huwu5A5^wsbs&GJa{5fn~yq4#~xA4gx@wvd=Q!}LgHIeZiRU^ai
z{L}xWEG{>UF2nD(B!17gh&I!f;kPG~&gM*Ku<`euXz`UN{)zWK?sI`%kofdaX7}z>
zjLCPJGw9qOcNZmUVN3s>vxzlj+1bpR#Czbe+T`QkxATPNJvyE5kSFi_pX$n3ziq8~
zjpI4CntUXj{(13WJ#CP=eQfxUxpmSHKgYd+H}pzsY8I#Rl%bzVq_3HWy{U3Y^|8#M
z=8(45p3(eRA;NW5ejCn+Rkbkp>M4SQs>vqR*Q%=G(bGzz-b%aB9XZTnqTQ$A6=#h9
z<Amb6rT&j7HP(@A2{=o6E_&0{OUOMt+Sp4tx$hHbiFWENGkfPTKDkG8ZaE{Ko_ln^
z@S5=iJN8ly#C_Z7GIP~E8TZI}Yn(Z8Sd>oo$g?kl%o)za+waM|=)w0Jn_bcnDC6#!
z_YAIy5^w%3*qSt2pG&YgupWEPHUpg=_Rz4P2er==evXzq8fVE64=%&*c4ZE#TpE~N
zl8fGNT+DYm>&c<4k4Josd<*ycn(=Z#a}C%Q_xZy|P0fAaf9tD$BmH@n7x(_9H#F>1
zt>Rx6=QR=MlxkFbd(ziIzidnwpJv6KHTu>t8P){fW#(Ykqrw)u>kex^o;FiKYHmrV
z%t3Fu>M^6l_Y;@Uphv}g;GEzTzt4AB(m21BX2lWHbYyv-j+pA_w~+lLv?`UMPF-to
z3%Kjr_p4b(_IS2aY3MW2b9**cf<{ZLJks7J4}MvU1^3nWR{KNk>r-&r$;wm$33doO
z(lJ@Bqb@mH&!<v364x(Grl`6t4Wnv?<I7)UGy2$G#|-Da_9{HsuxJhq?Bx%qVtW^L
zshDknwoPyJ(^86Y`g^i*(mErhd-HveQe!ySKhL!3=KO4w)N_$`HnJTLix0ZG5+cV}
z;O;bBQ7xXbg2mtVb{iEp%joee%%|t?!q!znt24TyCb`k}MQ&~`qsTSHWSDr@W<UvG
z7+5c%K}3VB6N)-0WmtniVuL;y0%2I^AhAYH0?{xiM<^wMrWBGih`1k<K#H*6szADh
zS{VvH$h+U5K>bDTgSrvorl^=4Emaux7G6&Eg0eguSeVM8v4kcbK`g4PD33Bce?XzA
z&w>CeN<A;ujCvXgS6I|8<ASUnjaQh5K@b+Lcp!%uId2q$K|K=r`B&H|F`cF~+Wc>m
zQEEE%Nwla@hKFu7QeGsiQPCQWADTZ9rUHm=K;xV47nvU@RX(`_cuxS>8T1FRY(8vQ
z(7XZ69Jp~HAp_81zeGOtQvgIvAZ0qhRKJP=aCHD{I;0t(wgI?VFlRqNIxqlE0I>!L
zT5yR0rUPJYKd=X&{T^`8fLT507qpN7#TppU09ZYu4bTq(%oV`C0d)jG*8m;@FkC<|
z0U}A@&>jQ_*n$9+1bD|D(irf2K7bBbXg)-80Fwi%4)}3CkV=sD9$P!~O|bYLV>z(=
z0QDTePJq}Q97{0T9ik6V%^tJ``0fDw9r8p!eL28!J@*@cw~*=@^h+34J^U5)=K!Dr
za;2bcIdJ#@q5^u90}4w(m;(+Dd~5+`HUzn_v<2*S0dO`v`XH$T<rjG8;IRX#4k)1x
z@T#Ew8ThKOKL$wfz8(fp(H>em@=bUH17vCc&>aL1RQ!NSI#~RWiwBn3AWb@~^B$)M
zo?ZaDAze2Jv;iYcU`aiUUZDCus|PNU1{}2^YB%uhp!XeLbr`$>tPhN}A+8T3r4RV-
zAbdTjUx@7;b|N7tiMXyJJ4rr&0@X$6QUV)RR9F$B1<8V_mjpg0p|MHS)SSr^d1g>4
zku(eNdLieTy-EB@5vT>Blj!8UR5MfuvH4MGHiAg*82US*KgvI{kSqm?t@s}c^o`h;
z0+8g0L<J_UsJMb5h@wLZVABGd<lvbiX$tt`A|aKKC`HW9pxQ#GCjegY=QIAL7{0>U
zGw9R;w(5v315z3T)-B-IK`agA*I_LU@Jl0Mn~>NB(A=mpV`U!1-$-)<YaZy$1J5-;
z?)^{?K)tA(dnlNDtZqE;0|1<;Hp7sjd%JG%vOVHA2EGX7dqSM>Lq{sPAw~~=zF6iv
z&Ft_;N4nk^=zCC|u(~}XouIn?%XS>~J!cN=-QiaUR=*JIJ7b;b%RA;ToW6c~M_|9;
z-2<^NK>tB~NA90Ue?-o6p=3$+LLn7N`h{>9!XXKNrie2n;zDr|rl@oTU?VZIB+9>u
z90`^tTn$9dV>Aa6Xn#omrc@JDL6TUHX&s1lN6>4^vn5O)=_5(CCOHI2fUJwYB>IvB
z;*g9VfpAL7CBZnQnj}FV5m6F|7N_fwn-*uQBvLs=FC}t4#B`Iu9>H1?=8e%)l}$85
zqguFEN-bOXS4x5_(sCukm368V7gYe_N{=ccTS-lyiC9UNDO+<zZz!U7X4mFZpHp>a
z&XhV=@aBlGD%xL&2U{>~%MG2$VTl%<<8`Lp6hX2?jw~9pq~sQtondB*Hd)g3h&);X
z(iV$0C+n50QWl^#N2ShdHz)3tz+2GP6u{35KS3<#Ydwj45%r?;4yP10A^h<F@BD~2
zMGL<PAOL{!|1Uqn%+kix&d~OM#^{?W=~^r*p!Bl0@sDfSrox0xg}1|DqDh-`R|h53
zu5gxXu|>z*u9j+BWv;N*Y>TjMn^2vFDVZ4vncfWJWBd?&6lO)qM@0oGBchhR6$Vih
zQta4dV0-Ozzt6nSaB`0GYP&VF0|rph0`9WqA-w<rP+_oX&)}Y;N&P9NfOMjvWq8+6
ziZ}wHER7H)OpK-6J_-`E%3Vl89RuA?pOq>!q8iguo&GKPLsmp`lG4pdjuNV)$56~v
zXcHrC)VY{ALjskEfOu>&LUL4`zGZrelsuML&!2<<5YXZwhc%Vw2!l2RVVOequdmoi
zE%W4$;PDiT151(HP5|7ZfNO?hx<RZCh5&k=FwC@&-ZA6}0l4rE<dLvjn^OH_KflJy
zYp@_-R&FEyot?=+?%<g|UYMr+`c2a(H;yU)u?x<Hg|5WKYcls!He%)>uv_Z#b`*I4
zkGf{A08Mr?P@MT6ET+Y5EFw$vfVL%y0U77J0{2v0bIqEAmQ%XuQImahRD>yG0Le`A
z1gO?U9+Ik4BNh@&yoN_Zx)6cz#LdWGP#2@c)EO(D2*W`E3^3Wn4#`s#vE{^e(bLHm
z-M4V$zy+OIF<$qKT4pZrj~)cCY>23+)IOm_Y2$kfmdt($ehINW0)z5?Fx!3^ok`7#
zRn6zJmH4HO`7#R5>mK05m5wY40F|jp=Qx?*<u>hH$FADv-iyuG!+>Y#6sh;kBNDVr
zw8!a<)<{fGc7|H_&YVjn184KJh~+^6h|PipjmHLY)kQjMgD>N~nYpa_+d$^?mkr{j
z_2?w_*T!9`*4K5#$tBBMhwJ&f9(nSjTcLqV{WiJ3uiZJYol9Kc5I<WQyvsg?A0y#A
zf6!|)zUlMeZMarF_#F2aroLA)cYTKshstU>%>4;pwMI>^yF@W>nfCe*8qQvU%2ic(
zmj!AHR+O=S{*T%0&H#U07XMKsApTLJ{@)}C3l|rM|I*cDRs3y`RdM<*FIV)~*R1t5
z+YIv;fELBNYiR6%4>rYU`76;{EeC<FU3+Z7uXQ{0#2FF9$P9)5fEn$%?3Lz2782SZ
zF#KRB_x}~xgO3Cr4um0vIKba41oTyxYfban`Rtv2eeAvM-F?03xqEnEikc{~@@1u8
zp@>aE5tT2bs3ehp3EOycDVJ45BFoUvI!Kc0WrK87q${{<WSk*Q%ui9D6JcATiKG>(
z5=?N?CgGf+6xFn+lGM?mrl%@E%dn0`9%7m~mJ}g+WXzR*=;+2d{JYY9^ie!GDjc*%
zl(FH-Nhwh{a2Obbf}AKN@ka<z@aX8dR746g@{7wjnm`P8ArnV0l@t@f%_+qGa08T*
z)I6ABT89R0KXaADR!N9(zFp&tF$F!XumU3w6)hoI2>GNK!&NDn+_gheMuOLh7sM?{
z2di?<APccL2US^zSGoH=GJn~k#TaF{77PaAMVT&UYmFOymG<wkfNQ2kWhIb`I)FKC
zKslO%L14Vux>!IUZr3=_*&t$mqeyrl;%AP)Fd0Mxq9J!aqnO@5ho1WY!w%$9{`k4d
zkXZV{i*r}C-IX~Y;ac0h4t?vY;ojhgS2w~w=5#w?d1T7~1FlMrGytv|H%#j*VNUv0
zh}Ighz;rr6m8}nKc~9o~s06Q#(}4|>;N2Qq5FNxQ@4h(R8nkbJfR9*+&risTtA#EY
zpz9n=aKeqkEVd0AwY2$zCK@rf8(~ZgM*A{i60?pgfC~OHl`!F~qRG5lLqo*PGY%*k
zcWY7ybXTC)>J*vAM?II25{3#TQa!@L>AJE39>;M%+Gu&n86I!YcMrh4dqd!pS$Ybp
za`SqWtw4!h5N`AOOGHRBrlq8br#V<caE<yA*mXYoDDp;oV84(7$r#}r2^kPGAa5W$
z!V$8}g6A|{djAllSJsU63kq*(DP=~zS`%!q%M13&#fH&#yo<KAT98mqUh(L(pS*xV
zbIZ}q!t!~phr@u90`O}l?xyq%d`>jXOrd)UTCbC_m%8C+4D&;GUv=LWC*!Q4hZ0BY
z(M9RY=W332=83+id(rEoQ6-Yg7L*)v95v|Rfj02Gd{!^5SNnzM@#{Kv7#<%6&StlL
ze3{?TRrq}v>Ml50pSv+l>c#FZ%kP}H)$qqiU>>|)WDH$ZpRN`@#l1_e2BS~s?N#6K
zsQnC=@BK@MXpj9?PDXEXs-kge7Z~G^@?#~A)4Qeh^7jwh(_#knu5Pbuc^`cfr?c)?
z*8{Y8Mo;x6lfUD7{{$`g;B4*3bvX3p#S1GQ<|JpTpXw(iuu@a%BeEB6wU;gCH%tpw
zh82n^nX#q0jPVAHB2+W^@Rdl&5_g?^*UM?z*Q#_|>PyX)A9ItJ>$XutC`Vb`<*$G0
ziUQ~C^!*H_zASA_Gt}R#3z$Sd>&`NxPtZw(tlQ7MxZA86b@%x9kAq3v?WrGmIR6&7
zZF%&s%(WbMC;MZ#(bf@W|0}3n2r#)VZI^t{>y~+dD!FHcK>x}ba%wj%{;qee6DIEN
z`%&o}Xt-2A99|cbx9Z&=2jx#~?iZLTOkaTRS&xsFZqPs7$|{_!J5o=d;*6p)jLfka
zGwm4c%t;y3$xQN$^2~UpF_h+G(;x8v`<5W2_)Nt8pB75|(?Y_3N#y^VxcVP0)c?=H
z_`iy%s-kPNse;lw<C@tnyP3sdeWn%?%Dkjh;vrjEgDKHQ8F`LEU^PC3N5CJu*y(yW
z)gT=%P^F@({I0FaVw)PK0^$uwrV2`!g5C<rau0CfVN@RuTOr&H;Js&lAikBw#nSZj
zp6fmHn&W)a;Ho?uhYyqwN}fn8AD_NX48ULrAQ1o0NKl#*`fr%0+GU+&d_i`7a^^WD
z<#A9+Ms8(6nyRefDbzAnw$c=vFeO?{wrQo-w04yxXOGni0ppfyk93|ZbyxxRwW##6
z6eqcEw2?*Vgo?Og4N6QBr}C_&)$~<+JoA_)s*-9A1*!gcCNV5!Xrj^5T4QaBPo^FP
zD~}yjZAXQ^b=IPEYU$CEl;$nT_i^Tn?jN&d<8UI=Dx^O|xGHkqYu8|Ev`y3tI`{r3
z<$6j04kcsN2y4DJK?s1O1lS!w@a7l;;mjB#4EQ5P2=Nad3V#*R$n$AENCFH|z&)ps
z^yg*|82%+N8ySuwB}v#`2tt@BNM**XnPlYJMQDO4;2t?RqKxP8pTfTx2PYtgG%;p{
z2mt}}0wj_fzZChf2eX9LlVVu1Q4cj0r6LHpvSUY@6pe_|5keh^qKw?aM7hhOl#u90
zO(?>Zfs)xx`2sw_7S%^aMhTMI9&7vAk(8eykxn$7aJnu8k!({*ryJc;MD^!%6-eOP
zT+|HEu0_@JQ6;A??nD`TX`m>S?SoYCWexu<9UPbQM2U_uUw%&-RpCntNtJ_N%)ol5
zkU$WeG{O_YtWye@A0J%1)`cK8+1e*KATYLNGZY$P-oKdEB@0f~u@T%O7<5B`=fma-
zdX8M~x)P0G=Wnlk3#Hs6A>O+~$FOs3%?xn_?jetfAV$9vVA3?V@me_EcE{>|cfYi%
zYmsjFzHp5%5Hs%7_Hb@@+RM49|CV=8CB{#H8w%_Z0w9;(<9tVsoK(8_X5^>z%gzZ2
zVDt;`ks4&DPe!^UxN!M(p5p%S1<{R`W`pC%4Y_f?{E%G(PRP?Od7rs96O!XO*zA2h
z#(vZ$s}_8vA6`1T=)$45rwOuacIJ4@jjO+wsU}$+f&@dOlRdusFy_t5_)k~&?Bv`$
zZsT;Vy1&$V(RZ{s)z6m2u9K@Ln#Ug==50Yj=mXu2?$+!AC9IHJ#x*lnoqSBQV!Lu@
zHz{nMW`{m-2EB|_i_0t$TsDx#nx(s?0A$yxo`qEqIGk@BHqF|{_BlMYD8Di2?4}oh
z)RxPjpQvs#T{I(ESa%AWn*m_pRwbXuTykPk-A^TPi!M_)_4|4da4~QI=hDbkkXX^0
zj(t82h8D2bw&|t#jJx~G`T2dkbnqwLPQ`|+wZGEY`n(YRehQt&FFV_+@9;U1Jz2eM
z(Ayv1nk;Dd@wz%b{DtSX9Os*ZU+^FPRu5bG%KLd*xOiQNRk!nNd;0s?gP+W|)qS6W
z^Yyy)m1RET&r|;hA0zg`UnoqHMx#k&aJzmx1*6mFn<k7i`|JSk1n+2gL$Ese>=^G9
zpRo3SaH1*HyBrGtZQURk|9>Dn2P6Ie{Kq)|SF?OHKK+$P|KW8=ysJI-q|^-{070CD
zkVf~hGRlOVa1Emo2!KLa;001kthF^#P0ly=00j3!5>7<Nq6y*Bc{*(u*;wN37E5WT
z*|vMLrrAFIOg67ur+*Up4QDex>yPd<{rMhpIGs<XUVUaWm|x{~b-TEEbLD2Qdw99M
zrg*V=@LpO+4?P|II5V->;7X)`D}=n3%HLvzO4C`Dic$(r?xPgtOc%{MJ5=aWA3CBm
zE%BJ9mPEMt?N~?`GX6Xz>~BUcCa+skQr@M-Dm5fBM;}Y7HL_3-V3B&aqNCe_&Kt~(
znb%ZMiucV^oGykIoCHcPN~k))W7!axPk_muK0?PXrI0xio64mM?9!Y<{mapZ;?!bJ
zz?4m%$5<v)Q#PezjiD|8OaZ71Og_OCLu+y=&@2W@t>>}gBoC~cRWheYW@Q+PM)f;c
zG2~3fr^TKS=Fd>1MVsb*;g@GLk)_a{$drf?HL$hDqBoB06<!%os<JI;Zo(sI9`;6M
z&}H#SdMK}_1I&pX3UF~}(zTd{*K&XcoJxKUUZGNIs?g`g$`lO;vn$icf>9B7Bu<By
zw2MeRh#8LIgrz)m%x7D!iJ@?^snErx(Ez3eon>z9bkbF+OBdn3R@Low@ixCj(`^tF
zikrQfj#Rd^Uk8?`i`m74S=VnCzQcWV^6j;K`aw#_S+-_X0E(w)j&)4?tngbUhZonS
zyxT1v6cqIEGEh6o2zxjOCs8Oti!!Ik#iB%kLsQPx_1~!?H$C<w0HEGRFlt(2(F{gq
z?1vpl2#b$)&+C*BDI={{+(l}A&Q-0$r;D9GC?McbdRwm%`?&m7O4huhEtxjV+d6w>
z7%&(2sIW;VBN9t7Yl;w&$MA&O>jsbN5HjvmVS-vmlhNO@wrt|q2r>m06l9^^Iv)#S
z#`jiZF!3*7)}mRBIxSeEh>6$I<+JEFbCJ<gr6{F3RP)beB~mpkAI20CoHVFSa3ynG
zcYG3RRLsD^r8rRrPEv~<8jlkiUPy3KsaFApfSx!Kp)+23JCtz1yh@YCv|bVl(2W!j
zYVoc`p3`UG0MkZZuWGptFJJ!#ZE;#kLQWn3P1*3Y^yXZGo|+MN6YRc{va0Qn>JQxy
zkxng`Q0PDJ>J(I8hE+m7Ga^5e(y;}Vq+Gr_Fw;bI1|^={U&^4>?HzFG1=?)j&;v^b
zK936Ah<4z@0j%JBh`NC34+OQIo<OiK)nHic7%W$0z!XTLa;j%hVqeq39>D6j5NQ-c
zb6RW^YnQ=FfdC`Zy-+%jI{upI-0u|NqME!^F?;_!@Bl@f3+!}+L54uzTNyqiR;SrZ
zZ&_UCRN5+6k40-b^dwH9hCwq0TYb{zzG(frn28&>7YbjQ58}oajsnx-zNnnJD6e6e
z<uFNI1TEswlN3DGnp0GswJDj28+I;!m)Z1#U76=P2^Ja=$<Oe?Vj4mYjyk@l*@n5L
ziyHmNy7w4k^SB|8QostL9wMoxRd^1QC|Z$bK?M6F_Jk(8NUWy|d)_Q-p%>ftuQMn>
zU0*nK2j#`$u;6CSql&M-%qAg3PPHfYV^C*aqHobtkC^n&8XA%6{4N3yB3YR$YvCxb
zRnZGw1|n&K<<Y{^<<r+?Gpi5T2GWY-u*KOI`J6xL%Cn)2`uPce;-pth6qSGmL{7Yb
z7$0hx{70NOkLrcuD;3^0_Pp>?+5NELLr1zLL@z3tjHCLY;2_WeQUvQ@&?1k(>`)!+
zm!OJ{7_*n^^IT6<P=6816FPEfR6JG?ez0G;=)B8vbn4%-0742r{sUzcg%ZR7pke@v
z`wsT0G>FoEg|({OrwX*zPv0MbWnh|x{6eHwfqDVqIed^NX!bibF8b={ISZM3f<cL;
zegHfpLIC1)DC;nVqqlYhAM5J_XbKI`tY{GEKv`59Iy=Qd0M&X>*(kELLFzpdXxjXm
zU;eo&P;C$~#|qNbN9)XZzy#3<MZlOppFX3g@XN&QU#vm2d>7D{&F>l_Y%L<i9Z|9>
zs{*`K%YshNig`Qoqvd$2*nl90(xBQvRXVU$G}@DCN*O^oUX!3*VBq~_cUryKts$&A
zVGK}+sK^Plp)exx<<pQy4BCWiOzF)aWHmPPEdeQAm9?#bGY;tBAd`WU*3P<uxB=pD
zF6YhC8^z2MWm0*iBV7kO9M_9P_pKfjwJ)K|?Z25G#q=_VKP8T;^$tl&MAfqOsP%JB
z8fRLuZS!^$n+C*pmlHmyhO30@h))c%YgBE{z=o^Ptw<-KfS0gd!YZ$I5$7OANlTF%
zYqOh>U5fP(7S&he)!Roo&AY;*?^YY|U#6YRUngokoMZN#W84s3mQlMhRSdS+hPZNF
zY4us~%Kjns%SjB|i!<D+K)*yH^{vjm?Lx@)^G4S?(I4sn;9AjzmrK--R~uv{T+^!p
zQ9AB3rzKEV0@UbS@(K*wqH9>9j}mmX(M738L{w{30^Lvu?ioB*guSsZ-~f)?yV-<?
zUus%d$~-B--QjAC;|4XC@gJ3C)Rk1)-^^Ab*L#=Cb}4oC%k&Q|dq-S@D@2@$m=4xC
zn}GhS&~Cs}i^~lX?jgH7T*!OaZuha&Z)AgA-0!p@whqg$$gT6&JOXQEZAm26n^ymp
zLL0OVLH4;Uhl(QLMsJv<d!-zqTc%v)5x>!`QU6lZyU2Wj(V~?~o=Sr>ket<s*|iKc
zVw=Q(A2c64a5iADrGgE!4HfniYVbGUB<{oDDLX&QGr4{<Fv!+`OAS2<4m0WB8(<ha
z5RDeBA86HN4&-D$7|0w)>o{tlS~p-vt+;W>cB2;I4uosGh?M8bThG4RjT03}j(4J3
z238Pdf};}E2Bqkq#r|xujajL}lRnd31Xr&>URLQVAYrO!u|ut#Bdz}n&NK-Kf1K?d
zp|us{{7y4!(kr-u!aWmij*jUgcMUl^_v~)uoUNPc4&0n8r~ky3A!o;sqZ2qsMPQPx
z7t$=@`OXH}aUxz~uHtzHdt@252iWKD%!g{R`DTgvrOxb1M{Z5lCFaqC+tU@?pj*EA
z<$P04kS)Nh9oXy*)4SYclWv@OBn&4AuZ9y8o@$jH$w>r3fqTJrPRKQy4Y7tc>`Efp
zuC3<gp+*<B=f<H&J@`NK<3scK@i|_$8w8%fA_`CC4O!6eZEYI?=Nd8RncIIOcM{NM
zh&RHO-SCwFyo~@{AIXL}e+A&VC*4i*k|QMK66s1!qJ5P8;q#2_E!4gYYI(EJi=xzB
zlz~H}W$}hjLDcva+6^1y62urj{mXAMt*4nYCgj?cV=J2AhTJC4fXku|@cNr<*W9wq
zqA6~JQk*+<;}hZ%y&Al^NMUhNVa_zOJe@2SGMCUspnlV^omx<1<OodG<7|jWx@rQ&
zr83_bDK#gAO$8jdDmZYNkgO^=j-I0a7`D6*l22qU-$1*6O^boe<Ux>yZAO{}ut28u
zQ3y#$v-le!VoH!tOxmsHn)iY_XNKT;PRf91^S$0{J}zH`fkp#AX8pN2=9#4}8ed~T
z9Aeh}L2=Nj_JeW|u02N_0^5;W9CA{-MsiRLG&)$aESKyJauABHm$Dx`Qb}`o)P#2%
ziqo7Fs+FcWbxJBZYFc2vvaCch9X=+O(Aaov4c9d$*3bbAk~&ylgM>QB7WiNV(6Mx!
z`XA~B&hb!UD+JgE=(RtG&fI+?JL8K$jynRrN)0DO3sG**T5^gSdf1HyMT4}kQR?sA
zG)N)<lX3S>uZxe+O#*K1A-B$``;;pV5lbMRDg<`~w+T7fGvUAuP~J+gd=eSI$-B$i
z{rLciO5~85BnJ&LY~uX@ClSP=VY7EcJ#i3e{{~pS+tQIZjrAywH9Vp4C=Prap>UT@
zm|F*os^bQs#~78OYgLHOSAiFFVz6;y@HQQ|WLof%4je&89N`Lai0Yr<u0O$tLDzsw
z*nrQGXtaTW{e`f%=C2y0Mo?0JlXZ#mL)t_cXcX`P5K(R^=Y*Nzp<hTDnjoimj2^;i
z>E$+__lt*iBz1la2k}s^^yY5Bu9eCBmlph{YT@HKH{uIkib8xf>pulP(Z+&C@2|53
zoThr82OR0wzIXh7p2U7g41AFqyj1$J8Q+ohV3BViD*^N7h36tvc-K~sXTs``d<0`h
zDjpYp{zBHj^sCVu$_J@FT~Q9a3|?dvr1IK6lvN-2uTcKb8{P9?Cf_t+toYj9@0z3g
z54;#tqXn#<CO?OvG-)Z&-KAWYtV{y>d7=B4hUc9h&DQMABL4sxmdVmpZ&2FUfzZvx
zj}%&{wJset{;TS`X7b3cF_ZC|Pjj1#@8QfycRiX&UuSUN%5eL$r6w0E5Rd}-@KCP>
zu-eu>I0u>5@;r1KtY`iy)}5e7dI>TJV+AtWI*8@+&!|Vgq)aZ`)zn-9+g`Mv<Nc=5
z{A)Q3#P}uQ8YiUjOLH=<90DoxKp3;nX#;C~Nh<o!eouUl;TKh0UoQ)t8vM2c6}~-5
zmRHI(@(Q#}*n6kv$p<F77u0e{PY?;d2W&%zq;QQAL*~kQ;pNw>rd~F#`W3X5OPpx$
zBHT&@7|AY4`$|u+V>xIBG6|fxX`rsd@*blqpyvuTMy>Jh)cRW$VY)<1P~--PSRGJf
z0pRq@YOUR4mXf&YAcP1`TnQshqlw+5eqlSg@KE_z&q-Q(oR&6~=AgMSupAdi)0|+g
zu27meq$lieJmGyEv>Mo{OF5?g{M)}CP!HhSKB+Z*NVNgLz27R@%sBeEJ3X9~yxX@7
zs{>I;|Dnz6WBWbygVl+z%Mf2#_;LDGwl61N^ccS$wL4jaZo;)Uwzbh+1RJ2M*MPIE
z#V>3WzYEW|ecMO_@cX&wvo+4yzEE|tH<kN~V$nb=3d6nCzXhdt$Cf{~<#0*Q`pCPP
zC-y-D?2d9SnSG$%Ujxp)5O~FPdx9S)EPW!gL$g@^*dy?(ar%un0KK}eh)k6HLOV(<
z)2Rijl-^x(ZW<Fih*uEp7{KVeIVZOP(YFAF?kb+#LvbrPm%E5pgmc?K!%uarKe(3@
zQGMcT?x5UZzy?P>^joMZrU*Nu1l{q1Z+aR2dG)vZ=+SM4FHrmB2G5_)q5L5GpBOn|
z5jVG@<D&%cfd-?79ef%$;fr6u24|xyps9BH2Kza{*Icvolit<OU*e3_uL0zk164F`
zgH^77*&ioEz9k^Zz4QZvAq!FAhvt&eR|u{ekzSs1Et~9p<wA#ocwvb7g=zG-js`+t
z1&`r#lu!onES2~Y)kU6?4-l_Rl;4!M`(nX(1vcUl4W%*Y!vfF;@LF6Cv4-W|oJG|?
znk}~ac;yaFE%Bv-4==!9P9iQn=)wAb#OjszKH=`Z$rr!M_CCWO$YO_}9tMXuKLsUH
zEML<>u0->Np+-RV0XOJZi+sD$uEQ;wz^;+uHb92ucsBw&Ec`F>uiNH-Y7FFoHgW=9
z%rD<(4UK<;>htQ3`$BcUqtT}I%-UmrrRvKvQD|3NQ-2esSg`Wnk3oMBm%k?29`%u5
zs(@{;zu1@hV1BCn-u`~H^mOwRu7<Pv5%YNRc=}l%1|UL@iW~TWtbB0~<bv^Z3A`R=
zih%CQd87Vthf+p$yKdl?^;iW*E$`&TczY99+DuAQuJOAc{&<Sr<n^In!Dwt1A-r_a
z{XiP@fwvuz(|W|8;X-MPOll99XC+&~-p;ayW^`M}q#1ml7NGZs4+h;CKq>Qvd<PrQ
z2Rwu4zsGxZN2UHs)}sqHql^4jkIEOF>4R`X7y1%>sP_Pp{*t8wjQjnwpwv9!2ju`O
zLW%rZQu<P@NfVrdpZ%H+pxR(rye)eDcvta#_vZWpLby*zV@*y@E?n~mT(A*5^?`E3
zvw`)G;G<3x(G%-Of^-qE{)*RQ&W#0)<gxr<?yUH(RHnV>fxqcPd^X|b3DWq_AEw>C
zXWZzA&HjG>kMli64O&HI8H+C*xN#PMivc1cs3?EhjfW))-iH9(GY0#QwB|~W76gQc
z0ys|Czj;3yrK#~t-R6|FSt;?=EJM}JD8m<KscIL)PbbEf^ul(Oy-_!PvtLWq2d!$g
z&pF@s*SEjFyymyx_^uDt`so#8G>KJ}lxmF;N8C9!U=?driDpe!(=LBGWl816Efo(*
za(K`!=+MVmb9mr$EA}kkdrm=z9`$o<0OQFbj=Y!S&3^>RwFN0djaD1hU~_DMEwLnO
zD7Kfz-4aTLZ?q}4SH`0WrUB07yg66tkKHhiZ!V5V?~(;e@u!ofGt{CNRc?}*Y7!Sw
z4x7)8Oov{Q<n#bHW$Ig8EjBIJ{8q;4>N{!*Wf|%k&9n|ZIEQriV?LL^soXb3a<0JI
zz_<MTkNl<`h7vCabS=?rfAB~Zn4pzN@lUcqCn2JdFe)ZEr2?|6T##%5qYc6|YFZc|
zDzWv#YLW;!$-GN|=s@WbHvFYiZtd5Nmx#GMaW7PbdDja-q=`vLIh1G>Wb8;Knln^R
z1#^idT=7ng9l|qSurh>P9>7d017&hHZCiR<*<rQObGkuWH4T{EEjG>9gj^f(ZQ>yd
zX=PZaPlgR|Y!glbP--)OW=d+gJi&`Q2t><g9(AIY#sL#f0#Qo1wA+_t$-xCP;gy;%
zNX%+oS0#Zhpbap2ucTs*ND3;QQS%}#^_PWqRdJcrP^*%L5LzG#y*5y*5RY}UTZYQT
zh%3|N;slls5tcV=|6(eBO>G`<!Fa7gM6Hf{BQ#?KeXOPQ_JKWLGo1MnpW)?vK?kJ@
zBuv-N=?7bc3*uu4e!DoK1my-0bcsve;dO-Q$LRz)9(@e`Q5Mnu6=g8S=>Xx-Psk-#
zhxvogh0nPEi_--koB4Wigt4Rp#fpo&(;N@836SFh(`ssfy|!=2X}5;t>I7snIlxxF
z{Zd?ajXcDrL7o?MP00Z+Y>;8-lOgQ-fN4Q3APqD<*kafTuppHXR%Mt-ca$#KZh^h8
zS}-D^+UP-EU0h`$y)v$qt_jOr6cEHM)Le3A!Wm(WQz+X)U9mv8oILDYmWdlDV_mq|
zyh2%#%ECHRSUOx0sYEV5MqX&!EQcn%#1$dsOo92uW+qZ8Pko-1;xeBa$I0}=AYLkm
zCJ<*%5Y8-#NgT>i9j7AspiX;lrQ<Pj;t-96UzU{guc1$jb*C_FwBko8K-f{JKV1;&
z5H)?>Y9`@}rqYs^r5H3&4T%ymh+*f@4<KxhLHQ@9FzRd2@|{%FMvT+Ki04cZz+V8M
zAASyV4wQh1ofsb6<$0di_g_V#I}1Kul)r9qlzipnuwd*H7zKaUVkswpk<T+-{z~IW
z$A2uG|7z&>BI(hd&u7`*!+WO8*QM95F9z$U_KOS<A420i2VI=#)E_Q<6zWLw&I9Tl
z!GlKpmjEM;@YFMv$i4p!#ECmbI^og18H3Z`J)Za$_K@g^*H9;*8$9N*!H$LJgz(gx
z8Ql|v=Y-(&^Bv=X!DDKW$EVNw-y;gKI$;e+oc#27x7^6@-p<6Q<7Nk+*1*YxzlaRL
zyZ5;LE=O$ui*t)m6rz5(`JSs}KJe*LKWGAs4`u?0A9X;b1iwfM0bfi8Ob^fjJX7zW
zdx}S=0PzIBI1G@U$Oc3YivcbGeRB3hr`BuG3ZS>&>tWg6tpJ68wEsB!)5IZ-ytNQF
zEezjUu+7vw#u;I)yduld?|>d+EvbIVUVm6^r75P%?|HSJ?7M&YL3AiK-EX}Wafaib
zH2JbV4?><h-4u>2BjexYar@8H?t5w%QM>5~?nl^;yUXu7Wly{>`MczWNZ!6`tuGbl
zaih`dAkO$(b2&e`oKIKcMoPoI?7k0|1io&S#b1A1bcQu)YJaKQbh40|S--tRiPOzs
z+OpQkE?xWT!=HW6g+yEHN*)e=R`azQF8!&!EKIDs-oeN9dK1`ONJjh48dxvluddn6
zbw2(${@6woHnLlP>1i*}e{}5_g-0GiS$Z~~?<rjoeb(qT?a$G(HhY20wAE_5nkr?!
z*`IDpqxY%ds^lwaG0XH8u=aGV{=K?BkGJD(wEh&wcmEN~(QtP@U5>4~eCo<FmI`D0
zIc@fzcup?&(**C8T3_>CFD?Bm_{(Ps+3Dpq^Hmf-e{!1Z@@yA<le#dyjo|n8)gEc?
zZTiz~w%p&90gM%txC?u2V|VRop+Aou{Gy}rYby}#)5Qs8r|+gocnkRjci;OAa})i@
z?tR*&-|PKEaI<S3@aZti4|qi2kIw+-NlbwJ&K<yV<PA_UrVmyOv4i(RV}O!d$0fj&
zpR{+aN__8gm&*e5-Tew9KI1*baMWE#LU_t+O!1)Ak8sot4kM-qgb~t>kPy-G0BXN`
zWWDEZ2jJw_hBM~b*Ngt{AprEy2XHmk1n`|;4sav*uc$9(H~Kkp`EV;G@5A5i?<PLe
zgLt-|3F`W@4JABtDxC1h3nzpZmOc8wC#e80G~>#-eCYU?+nM0r5m4c$3{p`!IQ)yC
zYex9W{9EU)hHj_FYv}KESCM+AWJjRf{B_>a6txu=O|7eAy8LdZuIE@%HCL3<(T=8)
z!d_HJLO=QzBkfPb@E1G%^84j?T|wT~Q&BH;w5CJqN5`V0YwU17%KCBQkyrU~Sn2G>
za%%X~{WY{t1WXOJgPOo76M=z+kkQbfB0*1K(A)obP{)I=Vx8ly0=ZN;ZZGCElNl>b
zN5h}`a2@kioGvBL-*Yw4O4?dBjec?!oOOw`CPwFF&wF)6rZ+L``y`f;9%ZK6gLAXM
zy$yQZJv^KZ#*gc%rp~<PV{4w}^eQ8CoPNVi#?#V$k<r{^bE^`S`d2Z};hmgPv7rx)
zw22knM_t5k^)7Ghx6V0{nN!wn!q|k&eEfA1`AE_!P>00&!KFinF3o(xZk<?teE9*)
zvq*>BK9N5~exmG%?7iAYu9rYRnSOlw0rs6OWsR9708APBTJX>k-Kq@Ab&iB9n{2_5
zC54GAwRDjtQyRb2(}gHUrfkkgOKP$_d}VIk1yEN?ea`jCu`_UG9{o)1L%uV#SLE`X
zuQRPz@O3e`IS}t3r8@rH(JLsoEbScigVeT^{oM6~*S27HA^M4XL+W;p?SmLOogdmD
za4O!_hzZ(^u$md#98t!6o+j+s<h~ldiIMwqHmv>+O=w9IP3nNtTCfdJ))<~qe4`Ot
zifSX3+Vn~NyA58}BwM4c4Y+q`&&0(#UTfO5xqVacm9SfOjsf{PrCV5z@##A03+iX4
zuJQk(>l}kK`Jz7`+vX&hU}BpSXJXs7ZCexDw(aDJor!JdiH*%~|F3pyx9ZfbuG`hO
z>UQ;u+vj}G=Sx?WylHH6VOE`pRhHhQUmb;2;j;L%$-KG~s}f-0(+pt~&Mu8#UTj{j
z*^yGtWK)$=cxbub9M=42ja0KoH4oE@e2sMqkk|R~e~A(@;r^whu!Df?nEwAn3E$;C
zdjlgY1GE28DtfDJIw^^#sJ%(LO0`WT*F+<*6URSGL=QlwUn4G$4*v$j!Dl837*(5Z
zrlXZw?ofk*#(~ITG;pQZ?`vS0;*3tr7Vyug@W@fNJT}m4QPkp5d6TeN<iDJ_P`-T2
zxq8c|(b%EZ*gVeS_wns@dUZa(IE(=2-@f<D!6oeBwASU>yR*5tdGW3tTy%C-?Mz&B
z($JZjDQD4?pgE?2q~o!hgs=)#ox)O9LOffH)TPENLCu<*yeQDDu*gT1SssUE)H}m#
zU2>H%CzoMkbr52SQnAsc$xJM<T#A+$v{-6+NL}=xQ(nA}RA8l9B-d_UVqabR^o%@Y
z7D>omymb<@>9JC%!~;mSckYPD|BJ4n-fo;#Do_8h{z+jsrQo94@A1uCt;K~B`FGCr
zpx@}RD!+(j`RJ%UC$pkQ2U}5N7mB$cTCHp!Z$e0xt=U|ZViwp=t~7xMm|@GJ$?zsF
zD^|=+vFWw0Jf98Ceb^(gPia>AhR9krqAfINwzC8C^#hHzIhi~k-iJ;kTn+E%uK{y^
z!&!)M33G9#5cCMYyEf+z%#Xf1J}Q?t*^U`}Sl@SFQ1>Po^!PZq>jft=q&iZjRH%#l
znlzbNdo`*phOqEWo7HnpE0Uw4&&_>Rt1CPt(*Cm1tZLU+sit-iBLB`L!J?_U!qco0
zd<j5a$W@wvBvC7e<0{0XHkZBn8DsGHo4q#UMdNRj{`N(aChcN{racs#Zlx;CBFGof
zV-;5#opNN!a#VKSv@xQ4&X!`@Qh;i+{xPUXtY{zOVg>FFH00Ue<npC-CHT9Fo_5B&
zP*D_LSj0!nEqTN_RY)F=Y%J_gZ&AIq2H#?*5;CKjvUO*!vubVC`Eiyb+F%9hX>6G(
z9fIApbj#uro`M+dB>oj%Kfh6(J%jO@4p)rT3U=O=4E6ltx=W>=YL%@G1SrkLt-HGK
zV-La7i?uDDOxG%f-OkjKr$?hGy`7BH&Q#75$Ia44I+_ivb<65%?3iidC1ToCWYyx!
zp54E7I)}XUaMQv~JHw*Ys@{kUQysmaLRUCh)y9J5LCwNHb~b}*!aQ|3<)QO@{D^;@
zFm0_0Z#Td`Z2nyV>>a<xWNhy3^{j2q7r7cTyP`R0_b$JQ`}dyewi2XBz12VUTSx+x
z<{uql9Om0*^7tl?2n<~7PmrWSX1i3gcQu#>u4YeB2!n!t<S&qRB^(im<5!5qlbAyT
zPRS{f$1zzdO^?Tu*G)<l#|#(t!MJO7a~D#gYfj-r(sM7%CS8gY`R+sqcb-5d{0$fy
zNY|QH*zp|d$rDx#y*m0bT>ye-^Uxf$>{tDa8=&5K<tFDh2Wz+I@tdfYE))Zk7nyTQ
z&J3PFp{r0g-}Q<2tm328G(EMcRS>oNy0_|l67GAx#QG8GK+}-q`2tlme~Pba$@&dg
z7ub`I>`GNOn!C-5;*t1452kPygVwnEzf)D3`*$+2Es773UTJAcfKp@4pw1PC_I&Lz
zJT|K>Ba1ewvJOH_bZ0s22}m>4UGx!I>#5&KR?)>T+Qkq_8e|$m{Km{uot4>#9nn{o
zt<KphY5l>ew}wo$9?uSBwASpkXC6{kB!)_{;lizE^i+(%Y+ZltMr(JUuso;>k6N|q
zi|0U__ugHd(zSJ_PJ1K139RteW)`PSTmue-Umx$HMw7wW?N;~>GMhzi0d$!n+7VWC
z%!<x4g%qQ?YJdh+;_Jadd*@-XLd8lUZ!XTl$(lI2U})zSQCo>vFyHDvdPLkPRz0dr
z%lgS&APNS@uB1=RAKbg6Y0}gz0#9Rw);_)gn+>Ws;?{$N6ct4H$7u=|B{;&wOBo8p
zqos31(>@T^Q;opiD-#+1AK`}Fm4y;?imnG7lWK6yXkHpJYVMbwNA=1|cPoCxY&tZh
z2g)4hsI=*m{VB>;i5s~sm!3^LrYdw+nC>dSg=0(CzKMDKDVCPwE$_c8{Ia`}<a{ZF
zc^xfD(+*YvnNz9CWrQPPKKNC4bMYMB&)&G^o&4LQUjsnHIkS)I7jHtpKwzmvk)gP;
z83Eu>_s^+>^LU{|i37@*#A%8N`L0?~*-x_ai&P~)m3PIJS^|u+dCaG=nZl968KZ}d
z=8DI%$9s6z8kmFx3^0cV9WkZp13Bh-9Z?Z67q<pcF&gK0A&ly|^4L)~hkMDtXya*e
zXGvd?J*C{E#`pVYdcmoFsD|T2ECNNHhYsZXYG?}N+1@XHLbRX2MBy*Ka*2UIKMR(}
zi+-Q`reBye_6A@W{H@_d;=O-43zX|1c}+4Gx`Ee=bm#zc9dw>5#K80uihu)+A3;T0
zP$T^N6(~3q6Cr|{a`Hr+f*M<c_QxGIH|_RGT0;71bpKxb$fk?_g~Be}VMjVWDa#!4
zm2~_1;njS=_Z81MJ=Iu=84Ee2m}H(Nn=BLM$^=R=;|3Dx6H1IKn4>zO=RgY0s0B5`
z@UKU7(8v&?0@S3WP@oAhv{N{XY5EhB6YS*R4<`T{^eispRn#cjKqghJvxtxaNN+Ky
zFUYQMBzXzQM1aaX^7R`DWd4@3oOV9vI4_MqzmssVWH>c$gbK1qY$3`-f2y$+Miqx3
zN_P&iw=2qL@YMT~1VP}6*bT)B4OHM|46!RQK`G}j2Fg&Z3R)QPUVM<e9z|37FVLsv
zF`*1I67c-{8`hmEn>&9FmP@II#QJ7Pu+2SK=W*dHtU8|1>uHq)2uJkEE~3e|?f59)
zBdpzElN^XUqCU?ZnQ|N`>pwY>Iv944b>PG+n^W4axTqL*;9&}pt=sV7Kb6Dc^(Q`}
z?NDC#4`=}nvw)BJeShQKcQTa7Wgq*DkZ_osC;2XLULeSfS6sYXa84U9Z4nCw(D?+N
z(}y<<SGS)NwDZdJ=W*Ue$VC^6$Ro@Srgx8&1Ddzcd0)_$xm$k+AqMc9F=R`##%CAj
zN(AugcLL)rjg5c8o9o$+P_>SI)LC(v#kYYg@UaWOXe`{6yCHs-4wPHPzvNfv`0Y@k
z(?mtH_O$im5;XED=vZgxB~LmQW(3latOaXLW<H<Kn6fFA0Ipkj3%Oegi8QN3y~Xmc
z(X7D>3ILk7fIA#X!F!fe6Ljtkqm-|J4TZ48eU#J_vVb%jg>gWfiXQ?MQAlLO*fBxW
z83SpG-;p=z=Pwj~*_$^y8aa9IHo(^y2A3s+=z(%tme?}}KwJ|mr{vjuLg)l(ME~tc
z|83W{j2gC#cZ+-+BiDT77B=cI(a!7z0Z`g^3TmIhB_bC5<K*o5zWcW}gc%rtds)Cj
z%CE!A95JLsmO%7n`&5|S91HAa+zG9t%Pldg9|3Li@-}8q3H3YR;YPuzVCnbdHPAmI
z`8m(3z(y#4bQ6Wg!S_SM@+Xy|^>gDhJK;_)Y!Hx{0iiK;)KQX}j7{zd07i8a1}lf}
zB#yE>ZX7QlyYLvfMsRtDLBa=tvxKP{ETLzik6;`e{K#q?!elEWdq3Nr<M-g}PGD#|
zR;ou0&gWAxs9@O}g%8jGM1A!*3`qSh;n&4l!jX(aK5$lhRyS3&F^DlQBf*W1hO}H*
zgo)F`#r3mu^+T&|j9A?4P$Or9^!2gVCXoySV!!kY9n!T;7oBl+Q4S=NrFnlQ%8jW6
z*Q$5dvE)b+e|Le7io?itBp$=)x%~PHx@L=H2-r^aKO`l0rY>|Y+O<*?jPLCVERxOk
zj=q+o>_Jd1bqN+=|D!tVBNVfN;k>iLX&aAUU%rFo$cICc>n+7E`uxh=PV&#-R1WoX
z2$zB6y_|&|wZ}mXh6-j|8_caoFd-S`U5YqzL=R$E#DKcwo$+O4lK6#|kQ;K+X9=-d
zx6T$oqq8?oogO%l;f{I@|Fg@q3T~Vqt<M8#mrCK$0gA<FGLofCkrx(63`BUEtRf_z
z_Qar%Q9=@`;;%=35Akb?9lDOXK{2eCPB)RdhL$NZ2+nD3QE<}Fg?Wbv>5-Biau0tU
zkQKZE4>8<h_&&@HSjN0|^gR8HJ*ypaZA}RRx%iM3&9q5vl13g0)W2HLqXYviH7`oR
zW}9QRsPr9)xuo6`cyy$^;y2<uim6Bv`XCK@KeZkEX~A*ax%k(GovC0Ll5#hYtGW}g
zAgqi98;v6%DmTp7L+(_4$EE6i+!i*zpU?^raU7Q#9+o!H3#jOSdOG>ui(hXkqw0d7
z(f^K7&7616E*;BzMweK?DH>yqFetW|`=b=|JqkjBM+&&G+?QvQByN~a*fuhhUrEsp
z=56sI#hs#(&up{WOZ-ZdG!1|1z@N>|iE?mIzAjD9M<C^bg$CKe@Gud9=>x?PZ(Hi3
z`{k?vH}GM<Kz?5$buy(Yluv<$>khuV9@lr@=yW~YBkX{cmjhlVMbT~~*nR%{BkOy-
z@JJQRcFdP;mj`Od1G(gZpvt0VIut-PidC=NAmz>>U@{qR1XmB`$ngw~FagoQ%iU2o
zXHO@A-ZUW9>E=-LM$ly2<oSx&J8pM^#ruhh9;62uWLr+gaeF|`?V3;j`D{AJB~;Go
z#)7^l467#$sV7X=8y9=KDTZPE2KM}#&wMLtztYK@g}&!|R+@&NbJ!&m$UlIL+oKT*
zL<NZUJ(28av5%3$Z(}3%<l>$nO|GO|tF+>s&S;9*d-v-55|O;8?P={?{&at9|MNp@
zD~EHd$Jm<B0fpDVdaC`u_z0xy1lRk$#O%GenF5;Ww|WuabRFy@@5q(r#+7Dw2$C_4
zj&*Jn?AOmp$%6D5um>mN16%M(&SR)LXObX^hqMd>=n%;9v`>1M<b=w7#uda!G8V&?
zY(yjYQ-?t^#&6gQW_5H+6N%k-Xk!0jmFR6kqKO*lAhsSkcmM}~NE6&!(gwG*umACn
zOiycRCOB`PDwk_%ChcJv=8F^nrLGrne$_tDG-lT|Th8mf(rk8ZWtWcHBIFx%Eudf>
z_%H-F(91ODHUK9zCS?Fw(``1A``6CUs^4wQE{F#<#A^p~1HAVwrRwMVy2&k~b(hd5
zxWQTU7ve7V^s^r7XEw_xcCcFZO)l!^uw^Ghsy>f-=XQO|n-18+X#6!Eu*=2WFY>h4
zEXiA$DdBAt_)EA{{W#m12Ph!SqSM4<M~M*q=}V*$6)IbuAmBfBi47`<@<sHYO;~Wc
zhdzcV*6??GVHtu&RuMGxjecHGQt%p~YXh{Y2|P6H`5BsPU?f~Dgq$;C(O;2hS>`=h
zoS48EQmFVhI0zIGR1`r-WfV|Mz(b#v3Ixz;yE2EKx$%cza7{(c{zuQ#s|qGM+#7sQ
zFgx~nW90h>JSkLu<NT}kR0$i4cLo+r$cNZp>zvKJX1jmK=-j_hZV=$COg`1qmrIu2
zV8~#7$WUMr;P6*UV8O-Y;-{RPGOdj7cr%w;XzoYwVYBT{@0!Ho*md=)*{~pZWdNR5
z=(x4D^BE&hyiOD+=S^6CoTmZx9RFT4GmddWY1vwEO8Os)#me&;5ZPwtzXA1&*hddb
z*oT;BQFopvQZPEi;Z)(Essevbgj76IW<@I+!e#*#4I#7S6}P<kQa0SEDbyUp8O0@^
z>SgV}_1Km5wsh=BUL$*6C52MUuYl+s+A3S*O`<BgznnvqJVR!a*}G9os+eE#W<l4s
zem1G>mVj_jH7)7Ba+3lfGM5%#*jsRn*h&xjcx+0jScRKRwHqu8j<ADkYC>*u3~{7)
zh!UM6$!t6q5cD*DON9mtpzxugCkra*{1ewhe|o~sP#ZG1$|nSivGC#JygS0>uf6vO
z5If1>e=QXB`)c~+y#LcN=RbFAUf;76lhSPQ0qd@pi%xfr*Tiz~5zG&TmScm~!B1mu
zn__V7ZtF~Da);hN_0ZrEB!f?EPEBl{({zt0J8SJ2WJ(G(MWF_e!SgRw?kZxwF+9z5
zSb^}y`4g8OD8wu<N7)4T_gl@GS4NBWt<lG)lvaOAK?;a5)R#^g3c<n@O+J~^XKPb*
zS1J&?V>??w54N4uRr9n<{JT6;l9=>FK?Rf<fA|r6MDfoOJU<gZ@4Pxl@U_(16Tc1#
ze2FgQGik76(ZmN&qqW1zR&;3{^ZYW>C3CQ2%4GAgu}UHA0m*og?7UCU)Q8(kXRJe|
zVXIsns95E8*f8+ajH!|P(;2@(R&2@4nj2Dm27Jkk?gKZ>rE}typuyH{c_X$;3G-YT
z&@pJRx%*vtU!vA0q*DwH_X-J6V4yCxD#T29wzW&k46xs!ox&GqP!kc27@|*D=}*F;
ztFMIdp<joH=+-ghpuP|b*-VQ<gf-(a6c9c^8tQ?rcU!yH?c*n^%Wb{SMtY>jeiI$q
zI;?4jug}DAO&r*|)CaoOyR`ypoa^^(>VbEm4{@(24DL5?(9%lo&0x=Dz$Y=zp&j^i
ze`vNQJ^6ir^+XX~XA#~)(*F*}MgOi2_{Eh!C$`E)+!Z$oGDIM3^dM}H>aS9<cwRbe
zx?*gP9adMOY}Uo0)&EwG%j#!TjP%z1!@95;(3mi<Sr~Vu3=1TnyyY7#zp$?v%xY;g
zo+Ou`F|EE)h)x;?ZmUsM45%H*8bm@%AMDw%Rf7Q!m{Qxox}Kwko;4B6JSeG>oxj0<
zO3+^|Wznt4YInQdVEObH!VFsA4O*7zKKxnM1>IUW<lBSj`vsM2G^m!VlDyEv7W=@1
zrTR(B*%{Q|V=i!uprDJP8k3+Jlc5@&*!(Yn#A}}Zvm6RRTxI=!)~_(?KB(#+SYp<)
zj{tQ-n}zo4h^-AdKP?`@&jB+_P?@7roTFbb@}qKvGS1jc%=s_u(fy~}^{2dPpN46l
zI#PZk`8-93AqoS+H5FmARc<goGbMNVPcSDRJ;lAp_n*Hf&{y8TTc4m;-uQ$Bnohw^
z_?V?n#0Rzo;QW}9Cc+C1VLyz7zN{8PW)IO|^5W<|%2IykdY6!&f#;0ROMci(^pPAU
zdVVMg3H&(?GYEm0`E{?<x)CrtI34?`L5C1V_(6GfA}(XNAnM4&5SHEI)TAzecJ~yv
z`6!|JMNp&@oypk4%?}kLzT1~F+e>zTw}I$VzaigScZycW465pDajGXl!!?J7!j%ko
zl}k3}eKJ?sc{+pDUPwq+TAAn8YiP&gLo5z<f_sCKGuRFm>Hfs@_mMeKOMm`LsaFZd
z=xelK!Z^*P=)mx!yoa#DZ&~Ln=S1Ls(U0t2YmpG+Q&vTm;@(T;RQd#2w%mV~$fkp!
z#5qnGb}M-{H|dh9NyofgS36O>0t@#Zr;#S_Aim0;9|E_LN}ToRFOq%{*05Kk0b_vQ
zEGW%7w|{FQlK$oV2DDO3iwnpCqhSv*Lc=*TCpeQ{4Uy*D_d!fXEr5t#24$&#?~+j9
zz~sG;>Xl^1WNabfR=!o!!@y-2UcO`L7cXoa*9NqMEO;p3!*swX`q-B=fUe)14uemK
zW`K|h3qyg?Acmvw*Uk;p(_5OfpMyft3vn!I@Z3dlakR(nf}iqOo9b8_ySSJ={{%Rq
zyVt-wyAB5q>xuco2#702-;q{VA^7@O$RcV>VyEFRX|;3A(^rIYK-{1K`ZWnUA4bB<
zUlAx;yrh>8he@E|Sn&r@YEF0L!5LY5j=VNL#&W23jrRaIiJJI8>|oL(*#QAo-KiLH
zB}4;Q6f^<zAURDH8Jqkd0a9GiBzhHNCv0FkE~lM;U7id_zjdKO%QO};cVo!LYOHv+
z5WOIb%UYH5cbo+dTJ8i`5dN^$OpPMS<qP^pOvdIeX;CL?QAe&8G#wl=yF_fDBOg?%
z0RG(561bQeu&8q<IuO(N(;#KVIdk&pUF6dF*{Q)p0VAkpNaXl88g%DQA`fcEp7F2M
zd)%}O$FvLMsN93PtUWRZcT-kg$QaIuI$L%hEKfbq?m;Zz(f!rce|J3HMz%I#&J7lh
z^PZ9o2Bal+9MXqAK4@5AyEQ59lQzIS<OU+GI|w`U7A4f>qQnm<Cf>|r;%74@Gu<7^
zxN12B*lMAH$;%;)T|&NVv|E{VN=jWgt;k4X4~`SqsKXn#FTvSIDPN-McCFs@1_0U5
zQziHb!OsZ&&xpQcdW4>>{2J$9L+?5T?(>yMkGlj{&K6tPS@r05@?f{}%bW&X$Y0sm
z+wY)Tyuhsm*?Y9dPQy>Hwq49n5{(c3DJG(>c#mE#N-a|N(_=rfDm&Y&H7ciNBFD_!
z)Tz0RBWz<9i2f+z{YBz^B0Al@QJje^m1hvn%4-&uCtux?tB=lq0Vb(lz~kb&{cFXx
zr#pdwTR*79FR+RyaO5o6mE4U5__Jp-70_SrqAI^%d@I1_b8Dz~auqYLRG)nLaoDLo
zm-FAFuet<w{mv))>HJhS=?13dlk0;Y)RHS<-ZGUsq8SYqQrEWLUV35i^X!%UX^>UB
zq-_<w{`FhNajRdBajEC4O*;pYslxA*NQ^T|j57<~-p)Xe{l+Ep3oCzWK}-nndDdW-
zm=5K5TZ0<Y0C>malLgJc6J7iIxyC2$imM2%=*J^Iwf7!-`qkcluC`CT8Q%#wW<E_E
zIa$BL4UOZ3Cp*#k#-h^*Z>Ycg8XiYc>mo@5(Ni(Ft?;TjJiHb2M>Z>@{Axb`wCZ))
zJmw<_{!H(#ab817XGf+iC6t%ti9crzA0?q&<_b<WTJt7k*_6-h0j*jFIq#+A|7TEb
zudzR>xm%+VPz8;7E(qYBG$1@`KzjRLF!OuC)T)~c7jml*<BvE)AF2AD<O#T3703o8
za%-H1o|vlR)q6tyZY=eg)@Ki-bNkc>Fk`~28ZH8jZIvpZsXEWAE~|vLk6C;!!{`q(
zL_&H*z9NMGBFT!9ENIvK#3T3{Uh&k|b>7z%MeCbyv<0)=6*bp|dL>CZ+x3*}0i;oj
zcGhN^cL9tNs2S^s2#j`wTlVfmep~+~2a}TRhDBZri#{9BlaMu|O1P64kj`Ne<<rpD
zpZWzf!>OZV^$r;j9yaJkRuyiriIbd<L_Qb+G*9bPJF1d<T~9v`TIn|v9_GJycuqO?
zT5iZ!rH*{uFn~}P|A00?{r7>zIAr|*Ri6;PDpkX~Y0xud!jnt8BcCG9P;HbDC-Cex
zi(+(7ZKtacwsXEj+@QsQaa{$gcRt-FnrD5nYy&4%AA$O*UGd84yR36t0E_Iw-FdW9
zjE~*R?FCidk5k@{Eg8g+45fEu3F0+_)AS%YP$P)gBZOGfe7daf!lwQK)a!Bf+b3A4
z2{Kx9>2*0h;;V$|L>k_?S7HCaDrwb!t;ec$JQ+5bw%XTL8OhgRtXM1A76jhRt~a<h
zFL-$$b+K<<^8N5qLwD_#=?&Xj9vpKAJ9g15A3hhF+Vq$L(Up2eg!DGl^CdN48<^QC
z8MX}hQuf{=e(%2FQh1gdJdPRIhR=1mc1x7;^QZdNhkAYV{#zZTjfS9e6duvmM!*xD
zcQI}`2;+e=WCVmuI_g(9YV=DH7U;65Rh~WtpE~yKC|Wqo#%zJ301ZN)<``7kWodt1
z=F(slrE1U=Z=EM1gw^;S;`EDegI7;4{LEA0=E93{II-Bq9bZZoK9N;ev3h_7%hWeS
zG7F7B``X*t&D;pI*Mu^c)qi^}b$cs&TkttMc+>EPYWl`qQtXPV%^&+$)Lv7A@xO^q
zbjiS{3k-uqTK+{`4z~S&<($){!($0d#BLkafcF-4?Z|=vN{SPQ%&9e=K}Vi#+eRdT
zuOp<)Id;3fTN$q2+&Uhcl;f^|BT9C7Ut|L}6Ddjt&cqvc!21=XcnX2aM>>#MDH3xi
z*x{lD{9JBW-kR7N&RedE^wpj^<+k40jaZSN(mDk&uHO}EmM4~Zy0fjxnZ0RrBPNsQ
zm&pqH8H0J}WfX6hk##U1{L{7KE&{8uZ!}n+l|H)cXK$;GUOvF<hGG)pg0q~%a5O=K
z_%g-{$rpVMUT@il9p0auBMIHL7XVxspG!E^<WfgtI9k|)u!2qNVTOdPE6$r%Thxxo
z_+7p+SA-%p2NwPTZ6Ao|K3eqvg2Z@TY$4G)v}fbPPUmGi`q2ICY~h76uv$+jHSH*y
zd74rHITsCI!8S6tfO^V5@Z<L`PvLdTR4jB`gnel)>TV0wnrHyO%t{bD{4V^gKsFKT
zvmZFrh6tj8C*($udMc8ET=2|oisws}yd#F6IYI7fA5l*#2l`_?%)pb~o*%ZzGgg|X
z>3S&F?6v)RC}4JWqs0K6b+Ta<)@<;Jf8A84KNdgVLN;S&X=f%4){mr~xrNKJ5&b5~
zHYIH6=wy6F`ZF904j4PI;BQ7NAWv^NZ`_tqpU54&Eq(W*o0*;Ul5X3YsPp5`T|48c
zHUYZK9b`PRZ2B$>TY!tZ0LRp^1<US?M=#2jo7J1|kBh16wC%@V+^!A0Aq+4gKhxQ>
zR9fgJEzc>|u~umj(l|hm_E_~G(xUnbMEyO;j*vxoA{;Ya#Q&MMzX=!NVu<~nl{CF2
z$NSuaxtBtq9TMF@QK${4I$G41i!&0C$>~o;Zy}pX9YB*hj91U71!bDT?J0W)wg#qM
zG_p>mf<80TEgUPHC?zeJ;hIaW+_Kt%N@+@7W6P3GsbL5f!_ZLZLLtbc-L@u}*MV4{
zM)W2Zy{zR;$!71ubN5CCYS6%1ISkiOj!QQo5qs{sP|@NW=VDs)pkZm9(m&$d8;rc7
zv@lO;86>D?4f!LT=MP%gLJv}6%$BlEsr8dpN;3QW2;=W|daX+Ms+qpELO!i!OLxBb
zF9-3Rgz#4P@RnZ2&Q0ZLkhah>rHBaDlaU^eaYuj^3>GJ2Nil<OZv87^sQ2@+0;ZWv
z230FJHoRH^qnIahrIo#<Kr&esTeMQe=H=!shr?~{55Mon{`AX{*9_NFmeY(6u!oGx
zh|Lr^{ubgf;6Pr{x?mwmL_2BPhms2+tI@J5XWEC1s|X`Agj1nD9Ivu=fk>@5T^3j+
zDSm!mQ{fDry;WV0BhY9ODy*N|cDVU7v>1YP(iBcm9#Ku%NzzsHt5Rf3*x9^FYs+jo
zt*anIN7;GcXC0rdN3D8bKihczTv@`fE`VO>B9Q<ohnQ<Fh_ZHwZNB{j&nmj_7G(vr
zwTmd=Qe6Ly&LFbfG=Ylu(L&2DhU@;iBM3eYvRXYl(wy!uvSJo$_#VUt+l?41Y9=KS
z){0=OH_YE3XzkN~PFSl8oM7tVF6y-S4Qc!PMChWlJ~33HbQEMTY`FhY5@D{Owt8dG
z{AhN}p2<Uhii_=w?Km{DcSMjKXVMFJG4<}*Fl-UrPt)Q@!XByq5u-Hw?Kr#N_UToi
zn4EE<!mSZuRpFGYx_PRe{aHm#Sh|3za%#%$Q$f9{T`Ffq`=gV2fufED>7_~Z=9_wS
z-~`4~S&zjUaLKK<dDO=~Yq~-wskG99P=`x!i#-fc_%5oh+wtxZ>&>s%BTuV`v2vUs
zBgy`%fiYL34zNUeLGsS6mGp(Z6;ipy8;w#KBNFt@SEphIBq58j1+^E|tHRh}4ZO|M
z=>b0d$U~{t6UU7z-GDV@B#M=2_{Hjb81=#t-jLl6+-$l%SrzKclo1G>36Z>L(MT>{
z1>U0ispMLkx2K%5SOAMbWh?1)NLSGY+=SK<4U9@1rpP-oQKN`7CN!NNCJNCQhrF3G
zMmFIkoH5^T2-P5fTkH5w!tffDgaEoQ5(1tQm~}vcVFpbG;z?jF<@*_XX6Z89QY;M*
z;m;2Pc!U%TDgf#^>y%sMG=UFfC)zpPkP5(Xc@c9?FYehYrdiwsPCnhr_Qgy2h)4Oz
zHsMcXb^b~R%_AoOO>{loSepHh1PRtTnTJyc{LffLM0U$6@Rd@j1G^Jih^U)e7lnuh
z8V9TxawAitg7=udng!qVz(QU@=dfA~xx*fZ2@ZR>9&)3`GOKi#V>~Ck`f9MZr9y`w
zR@xtkQ8lOprA*k>banVic1dY;RE7j9YXOd~Roc_C$>T4ChZjoI(_4-u5%=QBjz?;A
z$4^_1v4@B6f<`*>(?Usi;;r8Bhwp#><>s&vu#46g0;(dzB}3Kul9m6i1Ice?Jcoll
z6X1$5F8USl&LvH-R%8GYmw#=PhA77eLW??7WGlRii+l@`eG<-gWvJzf1S-f>wAsqF
zwu-QBi)^i`ekFKf{@HYx=p`xF69qc8IVKMMY|dCoBBM<@vq4j8vrE1I*&*_o-oiAH
z=m4>OvPC&;6!3A80yHf2o69Z#5u>TS?;$7Zdt<&)EM8J0|LI10|9yQJvvX|`+>>mz
zRI51UTRh}#xwNg-sQCA@OtJC4g6(ZetI?**^of-ngpEdM%GYhwFC4buU0l69V(dv~
z4(EaC%z!l>2!FvZ8i4Z|e<)x;FMzU=tLx|0-rLK{j`FD+)C(=`OZhm#f`b6^Van_K
zu6}^@WBk@nwAKW&^}RN=Z9GC84<AAee&?)Sm@S;EA~&rJE^vYvoIJcjFAXiaHv)|}
zN5^*~BH}3+Ud01c7K;lal}Wc63i>m!Qj_I@O2Pi+J1ftP6r%{v_GsvTfP=LtjX1l{
z%Cp0upRB3loQ8(BNZgOf$xAK97EuE6t|<)&qzO-5Zc?vhSYosY{p-5IcNk;D6j#W-
z5!aW&#+nl9p7Q(Y)bxy{>t~JGp2}DhdF`d5Eq+yff1L&te&dW3e0ecG`64x>WRBa8
zV`-Z8O=Ho@h3vw)tWm>efl=i`L9Z8^=acE|+gym*CW^Z@2`s%;7G7ZTc3!e@g_QeG
z+(t~fHv`NV6DSFIpAIH?I@6`rQ?shvm|j}4qTlz1u6Y<ZhA7(kc=&L@Vt<237Wtpc
zY;5cZ8<zIFJAn~Vvn%%YR(*?#@8RXu^{DzwfiH1t=Nd6F5Uohsg!ZO;*M@kIwtRbW
z_d`|nb7i8=U7BjFQnO|Fg=_UnTUKY8vgXlqPU5IyZUeGA{cKqL<2(CYwQ&yDyWwi*
z9^U_=zTNSjSAO$5IukwQOY)};4-bxLU87#g<0~k!!%a-6;UAPS0W1fdRj{-XQJO*m
zV?pcC%wbT3enY{K&q^?n$6Hs`Yd^2U_{HKhN0_fc#4u)946tQbT7$8&uS2L=N3SKZ
z(iZd<4a3v(s!$l7*+{cRDeQmdSdzA7SXrZ$wDj3^Rk4?HW`-q;RnV=K(?K??)Md<y
z*wD3UQc{RTH7QF!NVF(QBT7(EmY640V=DP1MBrs2xM}Uy#0blfxkb2}|5IAeIIFzQ
zZ($Lwyp%!wN7lcnY9US$IUg*-L!KbwCAz&vCQ3XfXr#1bi|@+0x&TdumkD=7NV{_o
z(aFk=_|H|IkZbXe5ktUQKroL}MbvOfkSBH$HB}1+bnJkaJBsH0{%u2#hYlM%I5%)m
ziGym&$(i3i^7TinV?p+vGuy_xnb4(h*@Jt5W>3wMl2K#cBdV%&GS=EjUxf2c-beky
zXWXN;PG{<{Zos3g`O_!IC0EDe9bP8<r4CHKTn)EG62cw?8Vh+4d4B;CoD}?7`6J?4
z9umx14HCxpAD$7r9mDBLo{?OgusH0v${S>i@*8}OFDnselObHNAXQ1=!!nhYesI{t
zFI)fVcCg$B`_m!Be_Z1FKFF!U8+qPyT4|d-A?c;iUxC9%q|b6F?@>rDFl=M-bzO#R
zbb5qYg(anxxPdf?mpX~sh)^)U;*n4UiNW)*0!ZYv3xDg8Dj9{S8zC=^Mk+Lln(5mB
znj)$iz9MXDYd0%9Hsxb5`)!FXLIGuie8*MntB8IDi&h<rFfnxgDqOG5MTTo~XN9aS
zDE~m^3o(_13x>_DQOknzh6m35!tqP%4ei7F4*k7S+HUZ)5Uv>8wC!EOGxO@ncVdZa
zBACv|4vYqqe2pnQz<JK_R}}f`#_+VD8jTn;(F$c3r+9B<d<qsFH!U-Ub;A}N)VnbX
zWtXe(7dSp5#4>E}8-`W;P9UO9hsr#@a1QzAP7pWEONKWXxnT?6aa^$Er2G<QJPTGO
zH?3QSCG{VvCUwVD;Q21~p55NC&n^X^F9nD$^@!V!CWmR8{dTu6^~zemw41(o``J>D
z9v&G);7MWN^mAm-p!>qIYa3rtuMOaxRRtjUt#`k;pepalbQjgB5}pzMVDQ~AHE61N
z$rxGXse(2`GMx!^C$@iue3d3IpM^%TwjhO;>Z@O<@LX25=&ET|)pO*#LT$D{#GWVY
z7vs@@yJ2lG+u!>kFFQ_woDq~QV>XuIc1Q-~2TI-5sT)CdzdgWe>8I^@f^&dPW{pJS
zqpYz(E=y`_3hEB|6c6R6%#Seu&PjxHRBCFN7l&ZJF>5tw+Lh1QrOIE>ptjX|vu@sK
zK9dx4&5KT;nlTK}oLvxMRs?6<j%`TTZzwL+RLVLuZA*>}=bwucp5Ds+6RFp?CBmD(
zb=iq&|Il?-rliy2m`3Y2OWP+qgyDZK?rJ?71`kfyx7CMq{26LZEX=0FJ0%^o1soTC
zh7{E!KI^s>irm!NY+!H<7%F9Tq^GP%Z$lOk)p)60he{5IP;1+F$IMu`f5Lfc5uCBZ
zxoD|tws*L6c04q7sMy;ag4(_<gKW>KgKcPsWM0z!BUAzBo!a+;ztOpivExB-9V!RT
z!vR&l6$E?e4#jd)Q>Tz5nWWM#_z+91k-mW>PU^BpWs`I5<?TUEzoKUdc==hJtdCAe
z(hFHi5T<dMIC;>a2*qPUvS;xa!3M(>5C@U>1#o5zVF;FY+n7QJ!|cw2_Pwn$Uv`f8
zIRnmH2hD*-nHPnL0}kTRvi#hIKF%dhy!iW=M7d7h&PNW?UF*=b_x<GjpK32VGnM+a
zGw}SphkL2K>6Ry{6L$i~=}%hyOyym%xs3!2gEP3XsXNCQ%M77aJMN$dW(3%RzT-@X
z9tr#2qv!-P{=CySQt>04Iba^a`w{VBFC7@?B(YA{PVxKo&s=>>iyc|}f1g)JJ`jR7
z1|6^tei8J-v`6jp$Mf*9-JK)8ppKNs6FFx8hzB}tAl~ZK6bfDKw6Pqx)(CfBBaO(8
z+VHZUWmad|fwzb3yN|ZE6P*F32u6f#54iu0*f|g&Y7E~v#h-J<25XNj7qHZ&7_EJ=
z5iAePSjG<CD2+Sd_?jB-gu@+kiXnhqez6AmZb5L26bbX81N%d#3A|<kh>l|j&Ph!M
z%(<VMj-73LZ%>|Wn65$IwK(!}UJ~x?JRM&%dxu`wbp5h=M_<r-N>T-8toDu^aKeGi
zwAf7HWid&tt3H)8V{>L0r{k+Nkfk50nKqLfOAO5Oc#c(+58B%uN8}@xZ5x?U6y0+L
zC*Dg}V!s%!Do(u(WL?*W6vBSR(t1^@#osJhvhjG$<RUj@%p{axNem|9V@{s*jxJI-
z^yi}vPqbqfNNEzP&siR|=-|$o^+=z~-#CmgTlqIHLt7ORP1jcubZvM)4zIrXPLDCL
z<#N&Vv06Kf<(dhn-hUkG&X207VPASWSGyi-&1^-rFtp=n-8ec7`L~>F#o1&lDj3-&
z8r?S0w_>e3+Qp7rvW~4;s9Ko!y$^0zO<wVpt8~YgPT-m7Iu%2{rG7F!y834OyJCKt
zFkAr{O=W7K*5ORWHaWZLUdtz5=#;cxu~~KBWS1jn5o@!$*L5p((iDIPZ@x~)di-DC
zt(1JX=L8#C9i?Ld;4kIXOBa$Jzr0N>B-Q&11sA86w$>c_?NB!-NnW(JIF-36e%>5C
zRMJ3~)~>g`ujqkRUg@<9Tn>&t(0IuZ-Y!I!Ae*vXtpkNhgCdq`_I!JRxwn(ymP;&j
z^t_DsS+>4)^hF_jH_FPbplWt(>Dua6@0WthBbX62$PEmlzOC1;+w0|v%lQ9h1|D&V
z4y8}C=NT(w2s&Bln2i)mI~N_j1epE0s_vfyN^R}VN$%HJwa>d>b#I?ewIXf0rx9l~
zxbqF&PhLzuqgcXfY8Kjz7h>ukLS6N`6zFo=%t!teKY7v<`Zd%V={zFq*<r+0l^dir
zUY!#yVVDrg;C}1I>sDh|FJD=&R@@GIX4X?Pqc8UE>NAfZ2%E1A`zIpdNX6{7aIxJV
zM}NP_%Q2CCiHx?LC~e1l(U|#;RrIF(f;tX<N>pNKsY%m9`*J<-aw-wfW$~IAGPMF?
z`0?dW1+%QjJ-j?zmOJ_3dvJTbAH7GaUH$0w_=<LN3roT({DEaX_Ub9Np;TGBsn=)`
zeY&BhI;gkWYhy#W@)5>8Qp$((d41D;?jrd_HZ#g?uFi8>wcYn*i*%;+RhTFf7`8#M
zi$J}?MQJ|y>zCN&m-E0a&j(A1=|?&S3+MT}8@YhqhtbC1>aneB`%NBK=LYfX$%7Q%
zw2L?Eq47laGSpCXXOf%6S^6n3yS<B&7wE8YRgemh^KIu`oHdb#nvVFJQ_P^ReQ0Lw
zmF(n|z8|A9T@BQD;LGhXbA%jG9W~J&L1+)&FD1ctkUn+;^}FH?^^Vzxju$2PLVBSd
zaU+K3`b2H;-?xfy<ScQ&<1Bd^MTk8mykQ>6e7=ih<dZ7(%+VQ89Hn|smtc}D8G&bf
z$r;McJg_VHB_7ZQizC=~&p&bKPH^D<{Zz^zQ+MmIgS1+1Jwd5p?5;b=0p<5Jd%}KB
zJn8q+3-+<6-OSNOo@NM#-<*X;k9YP_+St?Vzhg|Bt>4&lu=IWhMq}=gMG|Ny0+95h
zeyFunY_1-_TSU$_2NRUX9+P(*Q~bUi6O_I5+hVTKS+g&JlH9{#+7-1AXG!PC9RU&G
zWQyt1jv@AxKYpC4TiDC7i=YrXF6Ob72kKDJE!&nr3EA~9%~R&kon8z(wj7$<N!sUN
zFYOgD#&qci9b4{e!&Q=n=7Ep|z3C$QLkd3DVoJS6*lmU)OK!k?h-nkkh|@OYhG4|`
zD`qe43f(o<B)WqjQHN{<p^$y#fpLH{_8`qL&nq<fuE^@+e-cO8iC*%Hq8K9#DC2N2
z;pJt;p-NRhsp5vziUv*;B>(-DW@#Hh=H#V!e+dwRBah6cWRmKivzC^L1FFSHhHxj<
zl#7<Ll*y!}Rim1so9`8R!DoJUUrw&_y=~rc9bZgW0Sp~l)oHs4mlh3vAf0dR@;ulg
zozLgLxjxHodR1Ah5z;4{@VMb#m1D&XcxO88o8GnlLwGB^8S7H`In6Mon^<@6Uc%Bx
zgIT>Q3JCoGQkL$SO=R0OuP4mISyNFQtz~7{87Rv7dMXC8kxyjUs`F`!m*TF5vTd_9
zjR^k}>HKT7GI?6ENIU9A74{{-Wf;Rdm}0r27^z+0g++ne5}5VX#5m;;rJY&HppSKk
z`{%`+g>*nisGDcDy}f<)tG2{KT&qK>Y-TV+v}AWp>+NV2abc*bpoq6J-N0pH(pe-9
zS}VioROyjnt$nucm?xe#>iD`YyzW|B>SDv$ISVU^ob$*8eo3@jXZvtPKDRA~&cS7Z
zUTrgWJ)WidSA-1D)4yqCYpoqOy4vx#lef8KzU?fB_u<Yl0rDXt%j`BTldU+l{ji!-
zmKC&Ze&!wXf8+jx9qs@?K4KKT4kdmgow3(htPf)8FXvu8&9<(F*WW9PUO!NUp@42l
z(c+oA&$83}JfUyK;*A&gA_ZyWrctQ?g1=PO0~mk;kuLg_NH_&5)u;!<s1=gOaPR^#
z0#uj1B2LojNU4H9<_<dVKQlz5o@F*LZ1z&x=sqzn_j1}8_)LDCl84-<2sVTvBz?}S
ziH+|vOUA~}IW`fH<|Z>aW<@7EI2L@<-!mHIr&9rre`)_lnWSs~q&ehn7ratUJk<4&
zUmCAH@X#Rji%&I4v`(SB&3IR78TYyk=%ND-lJ0=(<g+{r5#NXCpFn>Y5C``W!vw*E
zhvKAxvKX*;fk7Dy!=f1XNvcCG)?qCTiq~PX_hGHTLhmwOg!tIQSnfh(1smn<XtjZ)
z=D|+)i?$(E+rw+_KsEL2+z-{9gn)f8q7VUyy$OPtAO@Mx#0_Zq<5-xWa)oJ1^zo(#
zwI_#YCkMZA`iJU)#cdcg*L>P>i)~N>eKBpgxNf_?RsEjtNHa#@?0YlrVZ1kRF64f2
zML#e^z$w#S=g~2QP%%XFS%ZICki`@;u?CdPDrbnmCQ1A;E>1PaB3HsYoUb%i{D#mk
zn=>UVL00EcSCp_dCA-ekugT=f)A>k-of2P`+T1hw$c~&yRTQE-N6IcNJ10!b^JN!1
zIp^S=MtTO+%(+;WWd0Moy!YR1V{zM~zZe8180~K35E%Y&Cl0fx40GTVw`Ywz!1?jb
zOr-7|ZRCtd<jStj0=Uxe2<eU%YfsxbV5;3}e#Ud$sBR6ezkv7+i$7B?*YB}x^gX=u
zaop&TD|0OBAj${*)5okBSY)A=6s;()5J@g~RLM`NlzfQQELN?wY?k%Omo2yZr?FU;
zv55H4X{q9--08Y-wI&6BSqtvWKv?v4_Q|a-Pz-%4|IzfLg!BQ1PjlqVoljJ5Il{9f
zr~3HBm`@F#TiDD(iD6dMGoOCZ#52NISk0d4mnN+r=>JLDUC`YNW5xsl`ArT2Lj3<E
z?S414Ia!$5ni&5Nv{J*%8)MmJYi={S##o295*5Z88o7#b#VQ?@Mt3+ARD*VyHyE(K
z@-|ze8dbDu;s%ib>IK@n&zbh@5)oZbIPzzKwWvIkwH#k@S!SUqB60Xn1}oy9j1mjH
z^{<03-{a}Yh5^gxkJ!fzpzra<UE9<2WL(TT@Cpe6t9os=)%V=fY`Nlho`nW63TJ+*
zQN-?rNI{aU@@=~i`$7U80v5~akUIG?ukKh1dU{f#C4F*K@tilHob|XtcF*3@nRlHt
z?|FCPJvfRrSuwE?pj?tpP?B}y*us`+Pa(A`;yFL2ir08Jr%bXe4PNEpmr{BctEg`2
ztUQBlksYigU33?s?2%wrug#@rA9$)vGB^)lmQow1ORws+TsL8x%f^xB3i@`Xy$#Ve
zq)a9f1)1VHNTo}SI*fnCuW8gs8O6Ah<=ZQnTjA0jH4Zy636+d+WKaHsaM)Ow4nZ7;
zQo&i?u#hHeGOSqKp1v_jE5cJDdi;z|pLQ+z@8k%FfHsBVSXZ!IrM8+mfx$!cnxghQ
zJKhrS6k5Mz?n?_a_L->5m`sk^Cr3^%j$di87{uh;suKlNKTqXkNWAIq+4q#hnraR=
z9A;4~iq@9*WDc%6`kE)86v{iJl@CeeyBEddOsG<qYqvbu6LN${ssxg*j!8;fR+Qxb
z#KI-8rHo~DcA3JPP@}H!QjUY8WdQylJbZKw?L-8ug!5G6;nNmp?Z#)MiSqUGl1d&{
z?aTX%Shz+i_YSVkl`wy%&}f9l2SP`^2pLr<k7F@cf3iz+0qRxP9x(V{HBmqF;)QJ0
z7Dnk>@Mdnzq7FUXvHDjBp3`_Rgf%XdwhvW83=5dAV$IrFA|uOH{UZIB^1Vs+@nPAn
zJuW57rDKbu3d@qT@R=WBF;nyHf42Q&3<**4<rGM(o){4~$HhyP3c9Mo2SrqYpjNh1
zmIB*f6%Lyvt<dcTV%<;U&(w@Wlp-8e_9lCFCbbgW45VI`claOAh*Y*$23r|CUn-V1
zC&0h$<F!_cRkM}DYU4F6#^Y&~79=SKk*=&*mS}8ZdRW^8NHy-ws0ay{&q+R>Njh{z
zQ!bQCrmQ%P5v1zu!F3rvqqo`BFPTK|5z=C1Dfcj@&~XyvQ$=Rb#z<#glmYb#ZJ)EN
z2G^|C8<4VUvnpWb6PxGB6)`zpLKaF&+2%{N1!5fAeTi~vQ3BA?*yU`%I5T4zv!}i5
ze>-79yXjB2ffWaNE~+!J@Mp*zzzd5u2b~WS>MX>5&R^B!-w35HE=vB&)RaUza$ek)
zlQQ~Yrs_ICRSLJd=T07QPK|N`5dMi`{)L*8?b-L?_Tv`RxUxj5JKrY1JblS}&^DY^
z(<g&m=68x|t7Zxz?3!5T6n8OZ(~ts>d2rApGsPtZ3(DqVPD{FhTSGjTt;I)!pHpW_
z(pYFqLwT|_so@B?Sm8sJYBITgimT_Df$NpQl0i=N6tj(n51I2%eYKe1Ku|vYM%T{e
zyhB52)u5&IV_hpC;|$I%YyBiOya>`shYcf-;Yz>6sOS2>Z`-a=SHT=Rb1%R=J-uJ*
z)Vz$xuKMUdjUiJ(o`Hjqyccng8+8eepkY!HQWSquBfk^1MUY!Vn~wbM##_Xtip&<&
zBp~Z)N*6>!Y}F1}6eJayM?{zRb!nG&0)dP5oXlkqxsaW2yn%GUxdcN4gR>AavAwCe
zb}Fwoukl*dOMkdx^{0eWvT}h|-UtSv#QIHqwsBY*Aq(D=fF&<&djQ*-OiU{swn51n
z`5K$8#Fi|2%J6zBd{A=+R`LRjV)ZO7KmKNca=a1`yoMo?_GF4TQncxyxoo9P$R<C2
z%N*>qecVZW7dTyRD$t@4)orBzN9F@%?nRgHpKWv8n;dt>X?D%O?q*$lw$`jM?h{$=
z#)V^hbc7BNY^{G7EWB$D?&@ZFX;~Slj~bfRhs2b$D{rjGdZ7}RiSw*3Q>={Qb+v>~
zp{=LPr6c3a-?_(XArCu>h6VP*VWgl|+SL0JDCc)F1PxqQrfdv9C-yvJW(3HkRYO*7
z@OrnF)hsu7$2E5>`pG826;PR2-y_Tu^xW7nmNf(}N6XY#)*b1XbvVhn6&mBR5ScQ#
z7T{?e6Z#hr@qqv6bjY~{rsJW_sYgT;X2heHNr&+X>PKVhGsy?TnW$5cEcXWti-kS&
z97TrIG4Y{GmWhy6DlrG;HE)|xnL37IhVg_qRt$P+u}CY)@${q@<%@s+kg^0Pb1yug
zxUk-rH<l5(cg{kN%5)7s0dr`i=;#2@;q{h_0hisI*jFlUGOdF6W8B);JY%+hzJPtR
zTsNU$`q-_!E$Hr*Fgm7W>9CjzJ#r4<<HBTf*^!vkoLC&{C4yb&scKDAv_7u>tQ5X7
zRrp3%5S7<{GPk}?lngn#UsTolUXXR_(9XLfGj9>hJ>Sw~&X#A?3EhgC4+yau6qBm9
z$*5m)7+|s)H0O?4swTgOYJ%Hd<L!iNja|Te;4J<=z(}&JOdf(XM~1lEa_vxh-lO>F
znle-#biGjB5C?aLHEcDEtIg<%tXQ@z^k_bivV71~tXxi@IS-+)Epb*ee_u+>+iHuj
z@Qyj)AZZjGy<iuwa$wOqH*@7NX<5>9qBFs&{x4dlr>wJcS36!O4Q)+1luR$FSswEz
zZF74f$E~Z!t1448)aV*(XjleQbfnU&=bpL8FR;eHzfUUWPSEsfx8O_DrE{|u1NqE8
z7^$2Axy5c|c5P6D?Z*T?t$jBM+x~S!_j9Kq!kX4LpbhCF)s-1aDYwh=**~4i1q$ZO
zKICy{IDy4Ajs89SQZIS7@Jc+|%0+#RYN&~tDo|OiEW>W${me2bri%XTgeT%N@^DY5
z%Ite~&8mf1{Xqug3`70qwx~@wCJx5z)oi9US3XqBSW|hY_*b30ghslATK`7;UF%BH
zmbP|lqbUkZ>rA~t8;l{W7`s$&@)eGNO<?#Xy%)4qOGNje8IbtVHD;Ucg}Sb=tqS_&
zZ@EFCc2D)qP_nlRBh_OSRwv38JsgKV@j*DLD-_+DH&1#<#V|#lNCha~x-<4!ip()r
zNh}MW?8|hbz3X{N-mqIg6?u!+Et~qgX>i8~YUkz_#m5#!S?ix(mOp2gHqBdGM-QsE
z>wnG>_jfy%x{p0|5K}32x`GI?2MvKp^>*DW+jK~@C{LDq{4qcmk#Rbi@&85FIR$4H
zb=^9)-LdVYW81cE+v(W0(?Q3!Z98vl+s?`NovZ)Uf2vlkwQqLq%Q^R0V~&SLHWEWa
zeA?(h&2kvp)vlDdQS-^dCy!*lT6fJ_AoJoPGiN^fQGM+)F4EfzQbiFfGH?XFNBr)w
z8jx}TnrNTyd89YyeQpM^DAO}){lPbO?O+Zx0@W<4wjXgyrjo^7R{hq!c63!?Ylj*2
zqGjKjruX`h6Z@FdXzOOpBg*Yd^2jKwmE9<~dA4mKw%7HLTboM%7=4g6tIredv5fr7
zOxfRgQq14G(5MuXU2vNBiIaLS$Agm#4;p6+AsT*FtTOdgfp^6WG)h!1XKt!|D>-zY
z*bx01$a!H#vGZ39qO>0-aT_?|R3}NOCch|i{~Pj{fC?_|tVMG0d!Mob(nRY1UnSRg
zE0C(~sxh^BBSV`{MJL7p0@u9g#6GsnXsmL&F3?9_ZjQ~CDe9=9@JL_o<^~*Y%PS{(
zjN2v+j-#gh{tdA>1*rjSg5v&X<=qj|?SO;SJw65vBU&T&!Fb->T+y-Xf6$9Pi&lUK
zonBZ&nXbeI?gOB%+bH3_#?5LyQtngHdJy(7((SfikWI9&^c=N7s{ceX1f!jiygH@3
zvvMDivwoB)&>I;WDcoVf4QDnqL$;W@sT?Y%>1n}@SCaH?ZGQf%ZV`fII_WO6>9{1w
z#|M69`1Oif=&@&_B0C+8q||f=euqKDm~Dnvzf6HjasG#9pSbY{4aTZ0Fa6rxJL`MU
z8|UbG`|wq|2`EprQO7aFUUj%`{B#rwBtKQ(J*bJs%kXky*r%M}U)?q@T^=QTu5vtB
zB4W`P96=G&5<e{QcMGX~#Q7{Q?g{WxaKWea2>DQvB)@>S$iMjUJOC5DMs2maW}ryL
zVo`0`w?IMs#1bC64HH(z?K#`ds*ydqmSIgDSBCKWJ#qj3btcECzpQaqA4Lb2MGX+A
z*;@4YMvVw+o)*O(t1ARgHd=P~HuwoXNNg<wM|15?MxQbYm~rPi?%ONN!<u<>2D5$k
znwW@BqHx6(agZ+4|E5h<kMWaypzv4DvHd&6c>+?{XUF9m_i*CDo!hnH-YoXp$Ul{I
zZ9}sr5mkiPQfJsR9)?ov=TFb6W?Z*0W?#g~_@R!o^7$-B-p6i7NC|*lDDq1#JQDNc
zr1@YhSn?O#K#Am~`5+GH3C(%tDM%TB)<8~vr9D(0h!ScezdGABCZ;Kbl%?!>J_DY7
zR62XLj?UBsOuOh1hKW)hVe{>Nj>NQGV{V`9$8Fd5F89qyBR?f4$Y?wR8PTDrm(s{I
zi$~1M)V2q2xjV<n?U>gzo|DdlFktxnQ-<?q$!%LY?m9BKrBagdOPWOaKMk<i>im-#
zD%tXqe*7FA33t|Z<9Vqcl<~Y87q0eoGZKDqvw8w~kNNyb9~}9<H=mq{Z_Z-`K#c^m
z$DfB+WpvN^T2~CDHG$4Rx!w5`n_3%DGt+D8N6?}jgs+mbSD=?sEc0?yYx+`ONEXnQ
zFJzyMk{xlLdDUZY@+)EJ?=__UU>9hs_8(MFg^`~tiTn_5*hD^@)ZP7is@$@geut#@
zB-oX4Cyu6%?1}uq6>yc^*y#F&a%y8|)+}p2Du9ow1NnY(*erJ6H3i;F<H#rXM1F8B
zgvOc~iTBn5-Q*8eivf!h_KQ>=y07O%e)to@{FaMU<iIb%JC;9Uz+JW@@~97SiT)t7
zSo!vAxA$P5Ne44P)Ie{kcs&BM{L){v`NRb;ZYn-uLkwQ#$J~B0#c%1k%1ob82QvdF
zNYULm=-VVD?Df}E77u~UUgA#Bh0M|21nB&PBu)JOjD=I0ruQ|8{wQqds~?QiTUCHg
z?!u|$`qzX5hW_Dzskp*Dir-mzlNQc$fRC&LhCVY~HvX8%yt$)rebU0bPyUYmPUd&_
zG5t`0Vfv@fu<d7L!DrY(O`scCqyFUTsXWyh*_b}4El8vOTjQA5S_%54dSVa4+NZ@{
z&E*R>+M&PH*DnEa;LqV$ed3cI6QEHh!k(t}bU2#@&e?A_#mXD*_K>CEvGw0y{H>Wx
z_dsTTi0Bsp>~DRZ2_UuGotGf8EpzL1kDdWOk}Ynkt%Vowt@|V2M~e~E3$V?Au7~Wa
zVsR{99}Pmron&_ikbuzCW`UjQIuw^G^nK2FLQ)au_zJ>c>s<P?ho5vR2fUstIrg)M
zHdmhp1pS>;WQmfI(*WA%2lV(9*N>%KIS+fh<5;fF8o6za7Q0S4e!q~bcmMdCZs>B!
z0pOE|?~)Oot81Q|uTKo8#RY%Rw(SLf_>7yEo?zVD2Ymqq@3$GE{oF6*@cmQ%P!*of
zu=x5Ce*&k`g&tTcueTN=aQjVr!C{`ytawFve;lXTh3!B%?>BZr&Y77NB29UJ)Wq9|
z8lm~zFH?!}iUpkb;1Yjmr@WC@;)6dW{=oIy`#$*fGYkBXfOAJaSit^ijj)?{T^9u4
z@K!$r&f{$&zJvEmIvy{V4;*lHYEGoh`^h<qF>}lk-@)?<XVOrT7rJqJDlf?9`IZ!K
z2PGGE=G=lgKx$&y%S%BfPl53GcXMH#m#EtxKizy`XJYskB&QGGUgwd+|7O|VLdR+@
z*Ryxx@OjJr&kdbt*z^VM?7`q-hy3;GQ|i*&Xco;E;(t7ZDf9jcDynFZH;~~ThTtx*
z2?~q>5ELfHgarp_Fj=_TnIYhK3fh=%eWs3>?gX$=L6I~_lmRDDrBp&0g&EesQjB-T
zj3uma*($w`<kHbhLA1(3_3xS7k1h5`EYI&(*(}dn?%Rh)L7=Wzc0I{a3n(yy)lRaq
z!y4S=RE@<!BhxdwOEs=_Tpje!75;ZGC#r?v+7pkdTpu3CZg-qHcWWVB+8z@bPh2y1
zuH%CtD^UYDh0o?X_u4$J*M<!|O(q4)sjRn*^m6m{b<HK#CHieMUhh>@I3V(qij5B$
zsqy7~+mI{^TW@RY(tzK%j70Zcb)f_~<vpH<ibL}g#YxS8`b^m7&{>z78IX6;`sT&>
z<O<)Oh~>2HSgtbyz1CW~GtH0531zaF1q|o8bKP?@Y~HAzHk1<Q$QT{e93Ez8H!i-1
z_rn;bFs`7*(2|-2!`qw2J%)8|QT&pi3YLpc?mKP-r|il2oMA^dN!*cFC2mT{GvKC}
z`ob$^8jb1#BTZQ{^r`xkNCV9iSYv>QB&E2Nbcm8OC45tIrgT-Y5T&=2VAuH3AzE#=
z40uClCXA7$R9Am}?Fbp|hypOJxZ)QrY!gHM2g>2VGWv9P_@yQmujW(1hGq=T;pCBM
zGU`OI>EB^X@EM#_kAX~vY?q|2OlQWdhyJLXt(=M#%W*Acy1TLZcYgjyyq<Ilv`J-a
z)z?&%nA>e?!(mx_N~K?q<Jm&KY&E}6LO2sN+W^TGDi+R<*iGZRuUwwe0b&`ZyTAV(
zpJnSCEZ%gojTF!-+-9k`d3x%AoH++yn|{{Jja4#bS_H*9M<<F%^xwA*R_g3l!&ddf
zt6>ntR{nCjLPV9+_D?}j`I@~E@v?C)cSnCcX{;)d_%N?q?+S!S>qgwJe5{u1VQsVD
zZ`E0Tr99ogpmV<(@6YrR<^W9AgZm~t!ggm<mf^tSP<8#bisAj`BlUTDOtM{l_u}30
z8niadHnyo57Csx#aFWPemHVadW_9&#9?V4qh9Zw5L7b4-5)nNri9JTzApu@Sx@5u*
z5at^7oR@5uL_8$}Js^IKgiAO#iT)579s|9D%m5c>2B&8v*w_WX0cN5F@rMHW^TR}h
z77@gy4f2oxq9W{sg^>tyQ3%4g6Mz(3g&8t{z=w+m)y@ZN?vq;u?%44y4ct@!UQz&c
zt;Ib13!J&bh#R2BfspqHep(2}Wq|V}MEV8~u8(meSep@|@CGaQFE7^~kBcC3djS^j
zEY2qr5~eXDNT?B(*bWX>3{xu#Dw5;xe+JZM2IO|V&k7-$=|OF!13s*TaiXnwG<Dd|
z26R_LpB_M2H%Rz>W;R3n9w_p=zZwm3nvE&kzCr(|-pbR+k%~wBLpI|D0{S`r7qZ!p
z-s)!R<ZNkg_kS@#(Hg!E$|FrHUS!^vUSmzw0zM&72S5>y#3X`1VGe>2sCT9c5>UV<
zn(b`;^)7Q=%#;E@$|wPARZ=o(ngXMx&^$REYu=Rg{A{CTQl}@2Z;t1;IoJKybtnJU
z_I38AcMTbE&Pa6eW`p?*XU{gLx7$$jh}+|<4^9)EHamYkV6AKV_}t<rM$8^!;`TxC
z(_#%vQvS@8MV~qo&x=WW{PYysxw6aX?9heY*mNz%X^iqfcEW~Wq3XfppTgXFC^O)8
zGJQJN!L7W3d!f3ruo8!i#Xe<R)l9;dMWf_+^#+p#mCIS!g63SUyYd(#aN0tT;ef~4
zaz(5{kKQEG_>x3bT0ZO5+=VT%W$=#~ObEEw8^-%l2TiOoqFbwHUj#547Q61r;)2@J
z?80jSy8cv7gk{S8P+hYWQyi2qASlC$+&UntQB^ALAnI2>u#cI*#9f?8Bqx^=^#XFk
zM#6%wTwue1i#}IYT|Fc^5y-^poJ_X@)%m4yJX4nreG2GaLxtVUnM-wY%OY3Agpjp+
zar%Nd=Ajt8K*AVjxZpt<m<)|_GYIigJcNn3J>J*>IrDJ;#%h%ta3IL3W_$<wd6b<-
z23?ezWE8(Pb2*VSk3GkON4s=z?GG!lGH9nMK5ta}t&&QWHZDaPeISWS2t$99R3qyK
z?2(i^Le~RTE4vt+UC3QcsO?{UpHS{L?L%axXCGbt23@3$q?|+Pwo#teOj?86`_!qE
zT9B&^XTiEoJ@!#=3d=Rp=uoPgc{;vh$mv)oJM94%`NLg0;S!veaNK=rZf><^nKfSP
zSe%+-5r(uHR}wx$YAo6UYP)6sUG^9Rs$Z$_0)MsoRP!9l%M`v1RZPpn({#pY);|sc
ziKH=#b6pp?<-EnQx1`A89I80*U7AZ=E%OlhXlYT$?hmnHE-WNldj$M00J@z3J*~(e
z>Pt1~w!B4HG~!1B>cgn2UjwsIZE`$HtKiIPmIbI;lwwdRCQj~w#l~BqEExn$dB@eM
z<Bxlsl*>^m(42>bT#e8x2hWkkjhYGfoKB*p{Xf=(;K1oQAEslwJ)^y|kip(cx#(n=
z(}ePimsWr(V{vGFVW7%of9=kE`lR_I7f&_V=1!-L$zgdkPzf;zayiSrK(Ei$iQx&#
zs9x74!e}N-o;HIxZ=GSp3+wr_DXx3z%I^*W0QhZUR+;C~Bs~KhyKcenOk>@vjRknG
za=pYg0Za-(`8`V-iAcp2!8OssY0O95Fm8|L1PCz}a8x;qGNn*Tapr&YZ}4_u)(o4Z
z?5gg-)%G{PX$CwRiVIT4Fex4ih6q`I<n@@_&>;t3i1UN;tT8UlQJM*^T@*tV5k{rQ
zQfYG;Xg|#XCt+gU6mIMvz)*+drU*FLY;CM1$nHiRz#XA_EUB7J@;2Ykz96{*t=2R;
zRRnxxYM={V{A;UwYfh?;eR(~C0!KL#qQ48C?qsV~L2Hv+oZl*iMYKzWX<>F4V>4fE
z)Q#W-G|RWEr7yNJM9>uWS7~6@`LF={GIvi)ojljqn-}JGD`UsRv9!>@{cCCuyuIKM
z#rM>U&%y7PY1AP#t-uLlQk1L;E4sPmRW+0b62eI2Di(}|0zX-J%f|KCSK|-=-#u%G
zD{9Kx)=@7;DGL6jD9d7QX|BvgimK=T0-)55OjdKUqmT#i*N};Sd$*E#a0&hU{kt6g
zZE<;3++>(d0E1+OzEhN;TXY~HZ7&BIo_AOn^BeZao)lG|?01UYhrN@ov{DBI5pD3;
zwt!f7L&*%7+^f&;Gv#M0zA1twAy%Y)ckxmF%Z${WcjSJw85~5EWmA1n$LQJ}@GVh>
zetnKRQy)2zhMGdMs(){Z?`WchM0915jHSMKI$OR8VM4p3+e={TOEEkm>5*HD90g!G
zJpt2~!6EcFo`0imFk?SJRgTO1!lhO>yi}nWKn$l)X$;>xQg^-uIPSSq(*M0NDZJ+y
z&{(h>dI%^Qz=m|8NrYJloW$LzvYiJuh3oU8Dv-T&1t2sX1+mWMgP38i(ypRhKn3iE
zoWBrrQJ}2L>`P{qK{-JQC;=-G%7h{T!3M0nQaVZMKq=Bo-GHN222KsJWx=u?2TrZ8
z+>$l09WMbMey_oiI6t!4LuN^%_|zHSBV<iMX5IIinV{=SX`g8rz#2F&n!(O>D%~50
zlCWvJ@E|GvK{;C~*fC5vFuv{iNiYxG-fh(}Ygq3y#nKU5xwTu1U?g0ZxI(#U?d02_
z3|`OKnaJ*PU%Nn9<tBKd*B?_?03o=fAc_o+R(urAgUMF%K@$RfL}%0HLN0wJrnFl@
z!zjSe{}uCU5mHmcluUU`4d*MMMzcd`LuLcOC%d4}q63wO?OoW+kpknW(`=ND093x4
zsm{@9w%+SE%o;Zw8n`h1(P~P3jvP(fX1&wPs^UNnw`lw{QGqiSo_oSZP~?R;bNq{t
zm_h-v#>gwv)JjdXVcgKs3%mT%W&Ogd!iu&fjs@n=P7n02`!`SM<UUi7i@2%{MJ41L
zG;smKyCY-WnpuUxg3>D5^`en(J!)Cz8ax*yDvx1<-sswz4{@pBPJ}RY40*6DSD{ad
zO;lM>gy1*fCPoy38)7KLk}a}ptuesBMLQV5O$74q^p&MDT>tXwg`R^81&0>SzO@Da
zp>=-M?fbY7p5ZeQKv6`4+$M(|Ah7C{HDs{u6z&?djIzR|M*171P0~`t7Vqd8b=kgw
zZ&rg-X7v+eTPTd_8ygSetNv57o2s%2@^yIP1Gt|}?pC%DVm+7q0@(cn%rGl<F17<|
zp}cl;WuT=LjIUtOtYQWd0-X!YmIW}tKEkaA1ewK+4j%`J-|La3)X|%yKpb%o%&(fC
zH?Fnnlo@zh6-<_rF7Hrhh13Lw3CgAoiu^1zs7=R5NP=H5po`>)=+7!m{lR2~tLAfr
z+#R)CJKDRlh8nQeSXOSt%2Oz|q}Q!`ss8#@>y}{;8XpvFE9?Zu0%Sd#1+;a^)`9qB
zdA4iepIp+<qWjU8<1?c4g|v(Kd@By+J*&)s+&qwl2IW1PbpYk95li?YZqtk)gHYj1
zP5Fmbezj2VLK&+=tVHcb*NWR^@{t1M2eV{IEsheAELy1Hq>Nx3H)aB-YRFG&j7k2V
zCG5-WHg0m!N%SiYbm}u^Y}GZ>?f^8n_)j37!yAG9sASLRm|fN;B4-3}B?WD__K`_k
zRuTmhg}085x5bnhPM3>~%e>)jiNiYbM_{sOiGjlTV(9H)(T)|0ISqjB?F@8Qaa>9S
zAob};+JaNAwIoDECkU#rgl#C##)T$wrMSM!V{;e2ae&-bmLVbWjUU{VRa+t#RNkC}
z(!64p1#Cj_$7gNNn{4!xe$*Grsps68KX79&;Aim=3gSBm;seDq0RgItZ&ZnP$kvms
zwIm1&K{EJ5?9l}vj{WruF#~LR1lV?naBkw^SxJJlw&F&gP~3nLY(-5hvur_4pas}$
zZW~3|_J}7;#uU>7Ca7M@$GQ_NQGOUvjalTh)(wKS%@87-QRc->iYuA1JTdK1VhJUe
z`10$#xx)_YiZ39U|8^>l@Q59%*|m^xqhS#6A2?Qb9cv3SKsiDSv8+>TnGSY{4tDaV
z@Iy;igcdz%JCc1U1o{Lq{lQ?ap3h&2+JV1_wM&JXu39mqtRg7M!%F1<cp$2*Y<3Oe
zeXG6(l?Jzt5vGC7;_<c6X#>!3M%lFmQ~02luKBw49*R~tXw?R@Y&y1}O;N#k%>X2e
zny_5GWv#^7g?%k)sm4cIW)p`f#sxEOK}*nV*@?Z8(g046Q0&>|DZeE3fu^U|&iU?m
zd7)!&rwjtJO6H-8or#?qWVX{-f4Nm;_YY=6@y%O#sETp9dl~de;S$c!oFk277qQSB
zB{?o#(N4`$53-#_vknm&rT&5MeE(<vUnurd#<O?ueu1_7Y|?@UpGdFJQ3PoT-{IH_
zyk>~s0nkhL!de64-2F52mL*;Mv4Grun}N~z%TLzk=Y`!h(=S>eUg$s8Ku>6fGh9ui
z2H6kff0~YD{{$;<fyL)F1MF%qbb$DWVGXP({Ozdxb8lFDKi-37J<obbE;#M)kPT<N
zlk`#D#A5v<SD$U4z|vh9fP#ADR}pz!l>Z=<dV7NN)6oB+kOwm}G2NFiN@3OnFmQi-
zD*QVXS6xN4<czZ9eE*i3$jvG`q{Y~D?DvDaseA1)Xec4%einA~GrGkzar?J<@qyOB
zayiT&WA0s(mfj_2MEgZ-#~r9&57`|av(+n>_h?O3Gr=EY8$T@S9%tk}B9}gdk4T0P
zc3BeB4W_<O0DE!Yx_0c?RFgq7`pH`09Z-u|2YWFR^qx3{0Ms4x=h`%?hx9hb`Sug;
zXZOt&_OV3NUmJLi9DI(9x<>D12YZ2NEYhC{ZB%K&kcSE%08-pCo|QUKB{vAIU;Fci
zQ)G1pTNft%7;G{cl4ZYdl64?>jW>)@pZEejm@|-3zey9rfDedKzu~0<<;WBBUku|+
z2j2|IWHuzrac}UPh`{}?y<=f8KU$!hmBLW@s+$#6P%@$h7~wpWGTYzERM&6<?)5lR
zuoB1Mq?<uS-tiA+5)N!LBt`1b-gy1Jd8C*&Y%qV=fb;XTKLWvA#=u>WfpwjD^@IeB
z@$;D&>{*!YS?spVI@^P-f#`!&aGjH6h0c)R`E(H9!d`Hub^ok9!i##<&DH(!k`$Qo
zR=CGs^kGpskxWB61MfFu^bTY6PP1i0F!)Uw%TDW;f$+nUKSBB<`*@>Y1ay(*g5_gY
z@`4Vg4HUkh=>k+pl+guZW?#zZZ7=@wqJ4!hv3D6Y9Fg~cw(@Oj5-*VSDg*YE^`cH+
z4U`0`LxQw~Xy<&$NI|@$1bGU^Rx<Bd74=0JzAL!*VhUw|J7r@wP53jjp}lZ)`kK3q
z8c1UnQBzOj3paDqb$i)o3UpkO`=RuKuH$b(-_LSMu&F2A#y14RYrrIswRZ1X4c%96
zquWx`6Ao>1g<W?wv3ppT5a$K@`0oujwC=(E1MI3L%x8OSy6|Xy^oQiG=q$bAsiWut
zbVqb!-?&=qbVpd0FYPQ<!ZT8lPrhc98hImv00NPuJKsCtPI*3uZHj_Iffd|vBf)-D
z(dHyX0UTLBiv|({Cm<O=lUqcxg18)t@e%qY0%J-7l&6TP*uW>X*{_@-{)DwWF8O46
z-Aj4Jchvr`DKpjCEeQGK?R|eFq|!V9LGDe|fZ5DT*emAw>oL;pF;<;?NNFL)_awmp
z%ge7A;FjA$#_(kyj+H^#nnBi&7+iv)t8W}1H|$Eh^(%@C=i128FN22t9bcqeWqpkg
z#JkVeruVN8nr{9cH~lz$<4Adr>lxJP_XV?=JxTz26F~BngpNx52B_D3s3)w({q~&u
zm4N-8;r%5q?XCvu8`f}z?kmQp+jrmL9-gc8ZyiS_I>}=)kG$k-{%2q<zt)F#+qE_Y
z==NT>@)jSH5<C0#dwtk9RR+p`h+Hr}A7f@Ehs|b({OdMnM>P6?i?;R@6{XzAZ_*0}
zHgCOZ5z}|;r5Assrxh`nA<z%&TN%!M-rgAxL<cHRtZ&HwN}Fo18fZ)S+lD{aNzn)w
z*e|V3O&Z*LCudgOdu+|SUQqA@=9y4d9Pxi@`4)T(&N30f6d~C~8q>5Ko6??UJ5$xH
zA~mV4q$0~+%Nr+GKEKTon>@On-`B3Wo&Daqd%pKSj<Z?9CUdd1RCZ&XDlj_6wHJl>
zY+74GNVv`Kp!X<nUyaCXk~q6OVtpbk=nHB{&86hCHus-2T$t&`rW16zZbL-GACx%j
z*J-ZyR8jfmJ~Gt{Nt3wsHujIm`+MpV%aGbnxiZ*)t5nsBYpP6FIk_#Rlxyiwn?s9i
zp;oHCE`|-(&<UyMbh7?-@dz=cor&iiA7xKLR36&IeZ{`t97^co%0SGRMT@<-kMw>;
zn>69i1IZ{Fj#?_i{lY=G5=R61qk|y>KShIWScgSf+;0Tgh?GDxeuds62#NZ)K_)D?
zTQEqJ!(t@(vYdM<9b}@j{jYrrgNMY1{ej-kN4*H$MFJdvr}g4=6zQK}U|wp`90|mq
z_LHBS4sd8cjA%cAbI=A360>n%m#Oe;D~RaRKLulbN|I1;|GW`IyOdKClxS6!PZX?8
zSwYt7q1dr-4q-dHH)x<1nuUkm4GrLO7HQE@+pF)tD3o}>WaA@{$ATypCe4$wh{v9o
zP`&trlotBkLLp8mA<zx0UCfWw*DJ)CsNc%Bc|^z6sTv^$rCdo+iMrxgwi3o1?lxEX
z-3Dt?cxjeqqzUwiOJl_1-bZZ*4P4I+A7WZxa#7L1Hr-Qyh236%?m2ejY8iY$V(BCE
z_~|s=&*sEu|I20DLY*59V(KsEiCvVEqu8IV==+@gqiyIw;kp+_^%P2#dlyAv7)e1?
zm=r(9rfytPo|JZO-Zm97bhtl0#5G!ieWV3hZuRUh`@lo0I8Ckve|-lhe)h3v>EMkG
zZ$OMm_#wrXV3qcl;}X+9xa?~b5)D&OaZcfuL?)HQ{9{j3V%J6|x@vh3b4C+b8+bh?
zZKlFaI+=4^D{s7*Bd3xYHfBJ@>eYe*?cApKB>VTy4s(&NCdT+Z+lM{n^y^R_;h;S2
z;7q>8rowH~EzfrT#i1A{11sgN)K5V7p9;oSX@7uGB!s)BlN7Hl#(_sV%z^1F|F&ce
z+ljtQJ%pYP0gkwzYh;hcB9eEya_4vg4VNc4<W7uUOe3f2R=L)s0;aKer`1Kcbt_5r
zZtM%4{znc;k0cw_9IlZK2#pO$2xv{uwqWE+Kxe2n*<iI8PeeVI!Po4VH4;5|zwUEX
z%P!v5o};u#d3hZzp;z{}J1wUD9<`f0hJ9~FR^)3@zaR)zmz^7RG4!5n>_)r|RYZ!T
zn~owr4qO+oFcWSY6+k9p$Pr^HI%Bd4;8KqvCNeoRX`XrWP%C6x=}aa`ao%6tHJbj~
zmiY5HU^}uD?&s48tp}i+WSln}h`gzl+A`6KOB&&CmQJL8bZO^72Ic9b*uFtLcKKAX
zZ%7(1yfaKs2i@oacP2PFz|Gc&KAuQn#AlB@Y3w_Q83<>mumfdp<=z_3o<QG<UN2}s
z>90`ZaNZ%T3=9B=hMD0Msy$j-7Dz^`eN9sYhP+l6nmU|y_~ouPImrsMJPo1nf|9H-
zZ78;{HNZhF_Xr1h9|L@^uoR6xp6rk$plhS>&mBAUbTglsv)_SP(A2A@TgH>;%TnWC
zH23%cR1L#|iyC=B((_-LpnRD?;fNhbdG-t$APD&m-*>h+MIy7{0@l5Ax~O#1La%~A
z<OHr)pr5f#btCg)ro4RCUECOMDm6;IBngTM50`9|;w0JKMCGXSA_+05jd}#j;`wBE
zu|YD*xoi?@8hX9D8|0Tp5uPc|0)Py0D3)>n7RKg7Hr_=gEg}~5!5rF#x$va7OZ~6A
zUodOw`BM<4Z?m*iQ>4V;PggAXd~+y9edof1jB%WEc1*QP#!PYntUSN?`h73Mm&QhR
z99suDGhJ0Og|ALEa*q;FI(eP{(cMfFM#}L)r~QNM>ZjXfBmT8i9{8fYtB>Y}5)m3J
zF=(`hOXqS&<>8NEAidOp&igG)vHoWq>`ZT|0kiDg<<34|4AfLvIKEAvVm)B)kLRBV
z!u^>);~>=ZgjU5#GXZ0viv(~*6-jssp=>!RVbO@W`+q%#fWd3{KXM0xoJ*K&AtjRX
z^Xuihfe4Iy#n0b@7{c&;^s&c1a(uuebrc#MsV`ryI_K%drqq++is_CORAw9}i>uDs
zf_=Gv6C-$+$hifm;%hXSt3dwX$gF5-HPedLytsBZ4+a98v99gokSh!2x*=qNEx0~g
z%xeC6YEZlj?1u=sAfOdQ$(0BEg6wOrH`sKkCn&uYa5euyki9~bLho<~D1QI&!ScyL
z9xZ%ZCH+I+m!TlH53U7Re(^lUheA?6bcV6RSdCPi3JO1^%OM2Vz>IFVr{J-f#GMyG
zm?#q&6{wgDh>q<SfIY(Ezw4iogtnK+#Rhs|m-2qg`%Wr6&yPLl=OR!k)Fe(yJ5UYT
zg__j6v`~&Ql`{%Rq9`R(aEQ;-ViD<PC*`x0y=p{Lz>RAn=QGDk<&Le)n2O!##Nym~
zogaV=W<lS+ainy&GQaJOdoT-2?&8Xq;}ic)LIYBSdfQr3ui8DQ%J~55hUrtc>atO*
zy(l6&FG*4+^hP%Myr!;TF#&aP!Zv9zjDS-iIWo8r<a$N^Nfd=wBk_^otx94Mm;$we
zI>3tAP{_#!zarbo1)dJvV9dz|wc~TJ?A1)bsZPrKqYV^MG(z*MGmJIlueSqbAzxic
zUqlW&3eMjoSc7J$NwHy?LbwJ2zrrgk*ST6RHHx&}a;Qq?{gk=Tl)4-7?WL1?!=lpz
zb4D#VG0j`4Cw(!1`|r0QMlU&vo<Kz=te6OOr!VI5wu(9Q0ZMfW^}bTD=(|oSL4!^7
zkG3nAXjgWOWnI2wEN)n_XjgThD7cNnd!L}e6ig9}kGQ7iEaZiXq-~-jlyJ_g>h;S^
zBAl8eegQR@dT4iDh81{#NX`ZjKq+3fJdF-Eb(7U3$<+zgWWtb$2hnoaAXC}J35Nr(
zwXAoD_&LxHq#Ul)(u%bv>rG;Cobw-~MmQ5_5BBh%7}i5vmR)TS5<e^|FsL(cjuF~c
z5+F?k{dUZpaoi0ZXQNPiWwRCPhKdwGwlUj#{0vidhXbcZ#7Hxay_a1l9vEM?^X@Q+
z9d&O^O%!unSVdw3<V@CWszpox<50mcz%>k-o*rbw;U?F3xTX#f?#NX|uOEtGS2Qdv
z%W{yK1D(A$3;}m0%o~m4N9+!yAMfYJQ)d~;c65Yu>I8zra8tqfyDtils}7Ef*@uUM
zTLZCaRH77!$`GL#m9i&QobHU)pqciut;rBzP5+_+$|u!9DSa(dok)fWGUnJfmJ--E
zA3M$*U0W&WRAcPaNwt)<jYzMo<RWsf_zJFNCnxw8e(^A==puuEqk|hgB*Y>N8-fw2
zWuZ9xqYwPDL#Pr(`i>*~>=JzGCd3_isQNnu3226&Z!~TNWmS(S&$#vd%Zq+M@q4tH
ze_+%cY!_M3!z6x2QP5)uuXXEqLXhW(Adv&v8l5@$Py++&*o-mSzobvt+=H4YmF0tn
zCzbh=^hEksF3=}R=!l?xzXSfm5L{e<AJc&5EGAPn^e1tsqa7@kT$mqUR2D>B8kQdf
z{yi2xNL(8nV(5rXC}jV>=n<r~)+pn$7x{p1e%>@=h@V!zSvKTb861TWe~9JAth`w(
z<O6EPk>UvjV>ZyI$G=mAPma(Ip=;AN*HCfb1@}Nd+JRQJyYz0}hc>vD06(~am#>Cj
zen@Y$N2uEs!#AKeSW~s|_!)5fnSQCesW-i^_p{Z^(dUQi7LxyZzc@!3t-3?Zj9YmJ
zN^A7bc^aV0?0H8Hclcz@j4MESTR4!m(fSW@2b#2}J)Ww+4nA#SLniZ}UrnZ>yg!VS
zs3v*m{JXc+eZMY~x#o|k>Z|y7h0G-9cCC+m*(qw+tQQW$Ml6rx+)uwhmRcA}YQD)P
z{$<-Xuj(>;hMjv={!mw5l^%A@oL;x;^JXqJ(`U_hX}^crW4*Qc5BX~E53O;ymt#Jv
zSZ|H8YBisiM_cF*R0$}(y7Vt-CTQbq*2v_m&rHv2RlSLx3r=jiNI9vmH-SUQrsd?X
zKX#Vpp6udMa{NX&oO*YEk?49_8&5x4JDzAvtyVqo^{LLa8%Xi1vpk!d`^(y}7#lxT
zUZ2x%c78*iTa`Ji7C1vv*f;>1^SGC6=EFBY&)HUZmDa0FhuJ#1y%j81GKLU+%(}k3
zijDp66DXcP&SR=n=i+KMyN8*{yoDB6K86n>gA+Hx4ehUDe4R!S-6oFM<!P<`$X@$4
zv$QGTblOdq-inU*JM?@mM=y#hTnjg@^R9dB46mLrz5E-mlq;@}(uB!d9@kzC&nK_R
zb0`Za++;XuhAZv;+T9M9$O(cMqo>+<|D7$=S|7gNUfZ_My&Nabu&~*q->+2jpnA)X
zm@QdvpDSvvvAad_>{xU}&KJ%HY%B@e+xSagH13=#Z>v;&-^`lR$oaT_IK36`&vF0j
zs%=qS8!NAo+btNy3phs1rE0}ouKlgxHNsV9f;AHa6YA?;nX%)_oV{x{i)fmObppvk
zE5sje2>ccRx8E*pc>ciExCLiiF3;$LhMkN2A`5`5!qmR*_`B<g3}Fk~m}}GJ2L(S9
z>tI13;GMne{<rPd7SJVA=yvdO&@Ov^87;>0j^gk>=a+nFof|aVzUDjB0PJ5^bF7(K
zJGgzoLdsz(VioKJXIdBN;EbSmx*?A=7gMyklXz&|@a3=JhLy1!APblQ4tvOf^pzl5
z`lI>CCDi?m8OB_1x(tY!cC+Y_2KrRP2jqcTyft39_59zaSUuZnp||T>!G;fW;ky>0
z=RGmOw=q~^dMCS&LNToruyw?Sg~DQ)FSp>FFJTi2G62MH!N|QDQ?oqlw%01%-%=Pb
zqY`wVZIVgihd9(GnFj}Q5;HTB-flY6Pz)Q&@zy+iwlacdYk%IdV87XIhW^+}?X=&w
z$dHVbcv2k3NG&*ZRwMYcml|sBOszOEf9G22eNon^d%G!V>9xDNaHXY~IxXOSd^J*j
zEHL``<f8%p%}(3u+H#v@;LnT>HnCSDxgTUle96H+iP|`ekym%exB5;;nD$UqW8bSp
z%WK@5Eu})IR-k5OPirrqETnbNMrN$|j|?ULB$|z7RX=!{4z8{#kI8k3c2d21wUo+p
zql??}v9y&Ads>_&41_>i<DH9DZ#!7DjCfhEy@W)i_AERt%5D`8+6TvvX(9Od3pq^H
z5<q@)?&FY>!l+1~<RT@8`1KPSrZXyyqSc4!7-lmnQ=*wcGr%~5<uS@@kkVpAhL{G@
zS0a7%PY8u5P<4{2K;s0@gy8kd?ZWP++9YxUXu~E%Vv|MN>NaGW$Ept8*09>THbnhY
zuE_Yw+|%+>!^SP0{#B0sy0hSv&!v=4g*}kGWA&`=)W~IEh>tofzH<UF)FkSstc(#%
z<c)P4V7JL_QRyf9C)7-^A6DGKV+)a3kir+oSg_j4Wz9pD%IsUxtYvapvacn$6~rxU
zH4@1F^|kcpN=Nu>=|Z|>fid+j>6Dc#XFA{c)Tljvy5#;O$^|AzIO+tYJ)6GRv@yH7
zsG>AaZFcEF^$puMr(3k5k>?G;H_xshZ??*XdsDC{-}{8GJrBR=_X8BK?977n15B4(
z&HTDnI!3jqm29I%RmfAm*@8(`S86_QIhl1=6Q35pZ9JO-PCmLt$ePVm$<zvlrKnb2
zvy66i)$FpRy|wBZ_gcpq`6Y>MRI}{*-^;}(3w>+IM*F71HKxmCwUV5<X-mvT>9v|Q
z^vlerFt-KFJ=n*H?tk4H`mozwd|5MB)`!k7TJLE3-1?CE=KAj2Bz#LN18FDcr_y(i
z%SMf24<+9~|I=JDO2Y`b1P%mr00ji}pMhj2QzJts22&$TI|e5feG5|$eJ4|MOJ^4+
z&;QQy*{bTw;HskK0y=7+5x5yIXlcJ?0796}y}cNhalb+7ii@>LZOafdFX%6Tv<=*I
zHbogNNe}<lMM#xP=7bU(JqlU}E@ArCRoTi|S(VozF7f3<+h$_fV*hM0$5%Qgw%G@h
z+3z{m+4ni#=I&2C&b2Z7H<#5{)1W!00adso+xr~T`X*pPg>NdOv*Jc&jZBw|`@#{W
z_>tn|4=Q>DT{Vh{K^WAG<04jrzm`@2q`6SCXJR%US_X`a4$RD~7{BI}n+MYkPR2y2
zQ{}K0L@Oa~l<P!zLgE-lnzn4{)CS9|s$ezgD=to2a)-_{Xq84$04O+bt@x6sRNN^v
z|BOg(73L+1P=hiI#hICTbHhcTMM+Mh{~i;7$j3>Yt14>>n21)X{?ZoRQ)J_YJva?b
zV7#y-DLjT3A69P9*?TRUlMvVLh@XUu9SIdOesk$g3F&pk=UD{g!C$PDh_*8tB_%W>
z&=8f$2Un`0xIS{=qJzSaqs&dV;ztgJp}w{=;YY-w#hjcfAizO(!KUMeT?NuOE;oTS
zgIC6<$&4M9CwYikr^yz}?|Lk$*j5XMtbBmh?;en1&*Db1<_W_7I#84wODw-oRG3kU
zyVx`7-ln3;v?*!ylUkSyjOAIQx&{Z-Ot?v^($%k!jrnMt?;^P-{%gj(WieYlYNx$*
zUURR{xKKv(o6D|i!>9bH|1Mv`193(W&CwTyt@vK}BtA!I6qV|Tz_6=!?RoWh#<AX1
zpX5C8+tz7r1C!jVD}o-X_pFnj^U$%`0#Z@)yts?1x9OeAQWc`2K`8duqZNcTz!!Dk
z{|7N4C;DUlI<(U3@Z^_v2i=U}G5kwP*jmOoN7u27F`7~$(9B&C=S6k|12tGo9=eY#
zg^uril0W+6?C2m~&RBINuMrnY6i4N8`wM3&)CNbW*3T%H5n(D(0oJks)B2uF8b>3e
z1LA?6T+#S6HCXH>Nt=g>K3httHARyg;8q0a0=VIKP%qn~R?NE9VNmIYgT6M^E6BDW
ztCs;?2^i6lE{87(RcQ?DTS*>PmR)EnO|4b$Yf-Mi8dJ@t#<uhgn&v~s;;m@zTQV~{
za!OcvX+IE~mcdHu$*vMwyY<r4a)FX~1_(B=XSSl$cR46Mx~wN;bwlY9s?C9{ix5~m
zX=YmDsXmNxo6H^0r4B;;)!G=`54Ewi|ATNII%rin6_73qV7U<_DsP?}{5@+<(imDm
zcS1$l?7^z~zz~(?dC}5bB#Lq79y!Ic^>N)EFfx@$eW_@&3ImoTIF*V}huk+|vZoc+
z*s5wHDh>5UjbQo8zj!gRSpG<vT9S!NX>s7O@vkj@>`@ZabHgrxkS3o9(4T@6&YjGL
zut4zI9YN}wThimq$gP2&9`l<18p7#eh;TLDr_1RfilCPev=TsN5dNyS9QKyg>v8m+
zzAe%t828$IRaSW<%7|Q<Fa$bTqK;D``@YzaYyDY~u0Ixilp2)6ya7typo96&e*kC*
zcZBK9hNCce<@Ek(Z|Sh4m2>15dREF_|2lB+;3CY#_@Q3K1S7Jt>snvNRI=(mU)y(M
zd~kXE>3MP-u~f~v&9U+FxEjxj^Ly=1>p)Gy#l@6?!<(L~bF}5>TCfbdTDss66|+@D
zko~s@5Y^ekZu#)@`9?*o?&*0y%Lr`H=i~5lS?PXZ%<;^*HrSqIqQ4$X6_9>cw0qu>
zfGfxV__gMxXI^_eYVX#cUHCn(T+vYYaebD)=R^eMs*kqCrS^Cz`f;ebuzR-e%mb=w
zyyXyl9@lYpxj*}6zE<D2W?}hjAXFRXXTZNV^nA+pRc?=;^)lZTyIe1x5F5DpZ+x+M
z{dboi@t?OD<h!5VwDX!Pzd}H!zU1>w88O1Hk=)a@d)ON8_a)HF$Z;g_ED5Vb$h0LO
z0b=c=^z*_`iG;rh#YY<sIPZ8O;su$1Op{;{NobNuaGYYXNdW)<ry^)-q$UUbR0BA8
zARwIoPepLB|8F%gRr9sMG5^(bpL6-_>N5p6_W3RAG}UICxj04^o5ZRK&`w*lr6N0D
z16Iy39x-2uaen%kBQwP@OnC|sYmn7)SA7Gg2~<+(0fYO}U}s7X4wWMN!h$Qq35JHQ
z`Yb_30lDowUMc%c%iDeIyLJ5fnH%@a=jLbnO*kTH<l^+6){=%8>zG~G>$qX@qc`%~
zOpZi}5yi2HaoUj|MJH;|tHJR%4aH#(*?1A<GMKSwDrZZhNrAL_meJUx)O$883Sfo|
zPTCL~w?-S$8=5&d{k0jC1{jCNj~?2DITfUX;i*q1CroFGm5ced>d?1F4ez5DstnPg
z-5>hYC)zclQmQ1jUC8(>Yd9R34;i=F%%_y4kJN*gDAFE9RVOng$^U|P9phSv&>6GP
zsiIAyONoN5QXTQ=msyIWHf4zq8)Pe|aVM&apP*1$g(%v*0cdrnOQr*iBbZe-daWYV
zBRR7xO`NI9iPjO(#Jdjyx!~?kGI13~CSE<5t;r){DKqHSWgW>-sVs_h1|-d$A&T#&
z$;{wKxe@}GBTs$k52*x&%OPZN(Amc$WKy8Hh|#DIL)(1H6Iu2&S#s=)E-SRz!_I&q
zA%ssOf6WWa{%wzdhhw5)vxe6h;Oghe6n<RL6SXwaYl0_h^zu{l?VKEGz5<Hb*HPqf
zXIB5r0S5pV+|-kCe{3?>(6dA9X_5yDg|ZfelTvGxYaf>iqA}w}IKm*a&gQ&zFxP0e
z59lX**5khRFgo$ekTbRM*^Fm8z2qsro{kEdzUJ?!s$vfWg0gyKLO^QBh&92;bD3(Y
z+{qo9YGyc7D+D@OM0hWHx+b8OssACa@afZXdD)(O6|Jd8l`XOmn$<!vEenG(jHI+8
z#r4orBkJd(I8*A#Ap!T$JFIk;`ve(b&`iVoDw@tC(MqSpZfgo6ML!?zrb_9t*>ri~
zt)Je$LD^I%QwYZ(9cR3K0XuKjUWy=0H0*2FHeI5uz{tlSjVfOh1O>^gF`Hw^)<sr{
z<EI{7TSm9_5nU+6#=O#o-hVF0#0|HietF$sCK8N+3yUay5z(Jzw;}40Al+W}?tkGG
zjDg7(B6{#14|b{v@%Zq6V6D1gKMd?vRyTU-(jfeIsS=VtLZJL1vTMK4(*aa3zLQ`>
z1b${k&U5GK3L;yWA_zM0q`*TLF9c*(AU)L|O!&Jco@ngaG6jU^Zs9F3kYNW_t8}bN
zE++*|Ee@zntMpa6USHj#X!SclbsM9Fr;GMCw7Gzm$_!Ts<<cKDj9D<g4#GAw*rqvB
zZQ4eR#EW>(#dg{z0RtTP3l(A|9Qe@qW)=fTZO9*hnQc|b8d0V6v0{gMa|x&jHd0lP
zqfMg%B(F~YG2%+1Z!4IWnW05*+q6*5pTcsUGmX?hfg0%9<LO%SE{udl#!KzT(U2fg
zv9RUCR9Ii7k{wI%WLqW7I4<9U5S5nB(L#FID#*QJAhKZ*wOp5SX+e05%t{_u%^!2d
zyfFAd3o0~zBBm`F5McdM@tu^;XQE;mp<NbWt6W{9=yq?xTfAs9ZU+mlPSvCP)7w;m
zG>gGD&W0+>2`X5|*|+6G^T3R^cPgtI<;E}p`}7Ua<?YWwz}f~c+XOBP@UzcJp_PgZ
z@YX+7D(|Zh&LNDIPMIkpAUCF3xUgl>E`kQ|&Tiqq0~4FMc(D(=V9l5n>4(NlVVr^I
z>80z}(1)D7!U}G`7xB$tSi;7=5i3a$F@XRct`_WXEToqh!9)4hk;)SvwQ+YIoO!Sb
z{rdKv#@IcJ)MI*CB<y9@tGABkkZuM-5h@MS=pXN(>{{szeg%7z7DyZKM%1!Gcs5Fr
z2+vc-iG_!4Q3=O;SmgPoi5I%C3jN_*W0fc-z=y1=K*Z4?`J{iao)iN0?&n#vBJxP}
z3JtK=No%%5&1{?!%fm{<-<cCZ_jJgMBwT{*ya8&MsS62Jb36s<<KwVtQ1FNwE@aTK
zz)}zgdKA=+R9Y;JfqA}m!%v{L0#oqiS<?&SQi|gODdiK0(Xw!fBX`&sINSsFuy?6f
zSF!xlB_$0C`f#X$4fPllvhOy7Ub-Dd=!ZlR4hx3F0k;RdE4ciJwf-|RE~q<A0A#WR
z-h{3}xhn_IA;|hqdD0-K`>&k65!cZ6q*K0EDSci5*LMI{HRJtXucB!_smC$Tj^Qra
zYrjyYQI}Xl&tDKmdj?;2M-0q3OL*Kg<U=w{?@&>`@w=RZ3q5V1D~4tSHA77Agi#fT
z)Qla|AJ&f!i{0$n|8%y2#-<o%WaQ<8HrV{HeGcdQVeP+8bob7@KHU+!o=yTx&o9)w
z;%K}4_ZQ-p->yFHji0xx#pKRR6u;MweBP2@R~O=RS*H%J3TU|84!sn-D~`3U(Qj|C
zr+K!q3*pCS6mp#j=Z~$*YYO?E-+a6?<Z5^;^}IF*tu~+vn7crWqF!4Xem~lSTbjM_
zRlnhp)&dr%i_N{;bc$9-oLSFmNrs@srT=v?n#xVI`9H4Q=IXx7`!K%)^!;wn5=gk+
zvMk4)x3{Od$ILj7E&N;kPoSQMOvqt7QudW^zBfLc4vP6bw&uE$w!dBOR%U!%?(~z6
zkDppP|7^dE9k%2u@MYP56gkxIUM?6@XzB61taI1MefwHnXFa>=rh9(ur*yS1ZH-)h
zKDS<9j?#4Nf9<c%=RG3kzTL==wCG;EI-bohA#TNif4x@~Zu8#0J$|KpL+vVT|6cQc
z*$bOs+4$Th<?g|~>do;$i`xym@%wPK*<t02o@fos>%I2?_DAIp$s1<ayWT;4G5x^i
zi_q^cxv}(t$QwGoeZIkYfqV&jA?^<Lk7U@VdBN_E^$+!rB^Zv|33>tAiX`Yo^}u!C
zwd=$m2>ycnpMSF{?D?ZvxIjRq^guxP|7-8!V(9cU1Z?x)_9a;3-5pIew?@jf#6EIE
zBgZNtng^zw$iSj>wr{qxvXfGwZ&X+`M6RSGk@X?!%8D>t4oT6curRh5IezZ;H}%=e
z+6dhFMf?861^vJU=lj0X2k296ZUg_dU$^Qe5wLrzaPifrU(fTq-^Q7&yX`evFuJ)n
zq*wD3N5?W0h_@J0aGdt|?LoRP$7#{{K$%W8lWwzeY}I1(n9rF*eIl<B<XxGPD0Wkh
z=K|A`P<uK<%B9rMw1-KI8)q7IG#h*zcQYgsJ4CkAQY^=ikrM|u*S<*UFttV6#E_E%
zX-dT^9YCm$o?^k+&C9<y)1FE#$8tS%?`xT>q{7E+Nk#&5!cBS@UsBZ>fh{EA;)HfP
z+vHz*H7nXg%#R5%Wow%wo33bl-*w^dkFmZUk^4|(&9XAOSgooXJr|3CbEsFNoOzj5
ziT)_5&1NX$(D?>yi&2U8Sa~|xZK|ou9ARQzjylOnX``jo?7VVUh1_$NUcG(@WX7B(
z#m118GjR%#GHip45{lzXF4gS7m@;AZFCFsIXY7~#$;nPgLDGhO97RCQTBjT&`ymYs
zZF!NH%{Hk(|Kq;oD9HLlx{|UJwU7<Rxd$xtSsm9WJR3+#U6Lz}klb7Yzl1+EO1<D1
zhGmWmCGNrWKN+S|?~*bt0jzp(?uGD|lybS*hIk_KSX~Ed+*TXYO0muKmiwVQ4w6hE
zYJ12h^o9_m%N+y&y-K+$7^8M<QB?6QRfrWZ0#c4oX?Do(#_YpiJKl|LSNa|m{k|eo
zkI4S)EC5oAH8xb%!{(nb894vO{#9#%81xc2OF;&dm~iKE9<Ko?l&yeX6Rxy!wTtBk
zjYuarEmCWIcvV=<y@hmXPJocPb--SdFwZ}%nQj>Bb;xo+eGUZ!TeRts-q1_MDcC|h
zr#EW~eqJmb-Z+;rl$=LnB(@ZSdIRTyLS1?VSVf8vz_RSnlg_sI;V&FFSf)#Pwx#R%
z{+Jb&@LMeTy&Ri;g9}Vw&=5x&8G$f*AiE;r&QZc1yt?thrG2I9KZ1|;Y=Jrx%*;Py
z9?3DkxXroQobQTFs1Bn;cK3))Qk6rZ)A~{{_@B?FZKO;;lF-%kB{dp7aGe4De)4Xp
z^<zIA9h~y$W9Z3F6^L}f1e3Z0m7_kMEE&S(LR0TXjp=_dV=zW~qbh?MjIyKo=Dv)g
z{-A~8^~DD5*|9ZNf60UbpAyGc4||bKe(oX(2Q9ptFn(7+tSXIi#rTN^TM@QB;ZvHV
zn;W>9@F=*7EjJe7vKCm9rQ!X$o#z(t$2O{S;QP&I^MBYnr`TSAuHDzRZR20twr$&P
zckS-l_AYj9+qP}nZqI(-oSW}ECs`MBF_}!VCM%gd>-VgWxw<4YQ&mag1zF+=3`eAt
z37aOq?DEx|mM}?_@kC%P`jkuOiOKroCf1j-V%cZIT5Z7%G#>M#s0?eqPAvE_tB<xi
z>=AYMVdsIfQ+<=8@^s{+Fxs}Yx-%N!XlY<+_wwTGo%AAj8xCEOC9OZ!F-u*_pl-wF
z3Xn&<N;&zuNLko0Kq{nE0{ytXkPB_bL+U0fUM$69iK}tur%iCj!{+KR(=+jYc3w-3
z7lR!v;#Cf-fS(;x{wySvB<?>LA9wPMM<GAq0gYYVU5oJ*-zfDD48$?3*{f^^#xMh4
zWvPRI-Lvluq4DQ`Pud3gWj^h-5>4*4CQ$|b+`#4j44OnnR<Je#m_@71Mj4m<RCdm+
zfkQpA60M(Q0$L%O4@wq~GBrDmpDRj=vVJW#f{o$BVe#5aBYQx#D#%eAUaL;2CF;Of
zfg~7}-mr#~dw>9ihNj46T5Cn3vlX8PtmoU$yH3nkego@0t%RZHKLwbTD{~@Udnmlk
ze{3~qR=Up+!qZ5no$GVrEGGN;sw*yd%p0(kyH~2uP?v%w-j<=0+wW)^(rBg8b-78R
z!w)R4oVjPcef75K6|Nao>~vrnz-k94&a*#?h^iMkyrT~+C?e=E>J_R4v!yy$G(G&v
z6^S&mo!?Kj7b@O3FdplIbFkhQZ79jG4&ZemC&M!Db<q}u!HHtKOP<(uc@vl8<$0_B
z^={TQrHf9uoCVK<$9RDJx@=~|ykS;lT8-wIA>HkvHMmh>>KO73QP@6VpN-C{rl<GK
zb(vSzQxJI~XEUm!>$ql{SRR3yg+4@9VpoK-j~5@bz7grUX2ua%IE7Rr>ntV^Q!1x}
zE-;R+lJLIXhH^t{UOtLeja|zC0yu<wqo6g^CSNjh5neY8k|=8OY}A)h^d=YM@D$Z6
zy_d|Q4)=ORfed!UbXbzJ5w>2cwITmG1y<?Sa$ZvqUXQOq!#l0d5|JK@KFx>1;Vt+r
zs}=@Ve}^mc0$T8kmjubLgRCA`k3B6K=;*RS$ne2je6J_a-et{45x^+wzCe}->V2|!
znRBqgV==zX6@ya~aY+f#5u|i{J+|s>%IJKP>z#316OOlz96e?$WEExKF^dAyf*K71
z%VVfYd;Mfr38s9LPLOk1_HkbRY%Xwk74|~z5nFzPNuZa#C4blMmR<SfM!a1?>kDCk
zVSsruu}*PFWkAMo+`c*fC+~iUM5o9y7}OWO+$twX<jHP5Wb~1GRjap<fNq@*F4K1v
zAnxu)lgUh^bt2>xC@7nSB--36UvEk=CI<3GCX){h1DlzCue=RlIFJ!r{x?@{%tc1-
z0;VgCZ9sw>p(#9B1x-JSy3u4^tG0D$m&q6zGzwvxnBinXY#BI{F-I>}jF#TmjY39b
z+$-<5G*8}GB)9uoas<?s&!x1pBV;yhjo|x>v^LN-#5+chliX2Oi$p)7B>cOeASHk!
zs1mf9#5rstl{A93?ozd#ja605NsErW304FnYpeRQDfmjbV;(>jEOPa)BWm1?7DwA(
zFm*_;`QCE2HGd=yVhYyUfC=kHWj_w`Ac%<=`tBpx`6ML&onb4w!jBJYqmeklt*sI@
zNJHrMe5q50B!=&i2GO@-Vqb71@cOyJTQ%KWRYS7v)IotJXhJ=lb@9DQwhd&Y(n*UW
zwmL8f+H=;-W)@W|%d{~k1#=AAs|r9{-YK8BG69|TukS(*pcA!n1<(m!VNa_Xv5`>R
zyXdvAnqUvug0QRy^sW3st$gAUf;6bm4-!~b0CC1ae688I6UpnO0?@X1s@oCZ2>*zv
ztQE|A{`Sc5{VHik1#X3Qw=en~<YcTgYyU7TW5~6Gl)w>W7;CNkcPf4u?U&Jfgl#Z3
zanwL<4`sl+oFnS`qwI|gpQ<&V-7$GLa@84of?XvWrdH3o-t6(39pK_gJT%Z*XOWzC
zj`02H>HX;-C<7mfIK03btK4R`d`2ae74DDLqfiQe+LQNYNOJ*q3!%{x=ulblQ@bq?
z;7Ua2%tpPl*`zKnf5V={d(Nvff4-zC_(jCCB4FVQ$Zq%yI8BSQ3mSNhbqsR%9k@&`
zX{Brs2DC#coR_f^8;-*yyC-EA<Fm1iplRxy+<E!m=;swv87?!$hdWh0+b2C1Wc1M{
z#}GWE_|7YHNAiCrLAJ1qt8i@g3b#B&MlyQ+7z_;8>0pPfxo6{Vbv^h5m%AR)sfs7R
zN}b0&G!_&6M8m599iaWqf~(D7J+S@F%b|8pAzN(FqgK4RwHT=V?Xu_|IH3F2A)IM;
zV#@xp-}d55nK&Dtl@CB@s~y&9*?-e&^o<cvsLo?R#yc4)-nLxDxW^&U$qNA|!PZF-
z?k>gZsMc_Rf2bPS_yS<-6ZoWsCAh3)^jdwICJS!WBOLwTznr^m%Z$fxFQ?W~BIqV0
zbmIcU{)KLn>%X@MUH!ZI*Dka8tm4hRON(g~%{q<8=(H=z2Q#&!7Vi!x)P6h)O7LB9
z7%)@y(t1e%wFT4LRq@8B49nKz?L^@gMoBJ*@In8?zi2?#_aa=@mFU#8{;b?|RczgX
zxYVp;`Vt5wVpk*2g?_W^ec%iSzFJ}97erqO_7D|6coWuc0_@i_;VuFK@%7b;YYIwm
z{p}lw&@It!ddo*<h6pi6<S*ErB|udVxqIv7x6K=I<m2Bqg6_<{?Onh~Zi!N&*ag>i
z35?Z-FJ5wvSqw?+;LbsqT3x2R&*BqiL3WTxeN*X?#rJox**^E1>AdlU12mOv!F}x?
zmj$jx+SFY2dX1=Z%@DwnB$?*{RUjv#_zb^<{EaRzfeK_!%t+mzkB>PQE1|~@2mK=0
zpUzN_Wl?<OiKCmE8Z2pxj^wsj`H~RLfyXRMz31uf8gH+U^MeHU+%^eO^HIB*xBG##
z?VETEuTsD+D-jP%xLApx%f@|DuY|W56YRxcF?^~FS=A*k?v+}VlIV}vh;?+t-|95|
zGzkOPKr}}T&~i#76pT%aKfs9Uk4=OLnzs^!u5aBIJ57uaw*J}Mfk`#YlED4;=tR=o
zJcp?P2YrPh0(8fNdX58Vg=YyGx1=FGRK5O`M$510S*Kr>Yw#D_t>=&8wIlv2{B#n1
z=?DGh<Q6=T%s@KlFpC?~r)AF9u`QE^RvE5p3)U#J5tr;UGt}wZ%c|p(>iP>}_Y=L*
zaOn12?y<*r$_#l9--j4}?xhV6ZCmXuw&sehmDYSXxb!n0z18>=?-8ZngN+A=ZM&VE
zKLFqXLuMC^Zb^sn1+5<d4pi8cg|rp*zzxrQn7NfWUvh8<-e$wtlhAbs(-z2#QAE57
z5<?^g!Q{9N7j-u^2<fks5B`G%ik!fQcFhef0RhAh(?ZWVKv?Y*>q*m}g9uvfcKc_+
zd{RlU%$0DM`j-Gm*Xfr^8Xw44gXH0FbDv9grL9l26U=?F7heAs$qYq^%)~_Q*$^-s
z%kc$5i6>vjNi)>l1Q870^{KeBZy*AE;qvxNtOdXT*NEOTmF0cD7hRviUz<D2uJU}3
z2h?9R<%1dzs7^lHN<oX=H?adT3>iu}Ab_DUcF=190_KeEzPz%TThy&jCp9KkY3wE8
z?y^@TFIm$#%2y{zF8ws;&7>fY&VO}jhl)=3=|D;4hWUW;ohgL+S6Gjx3q{Er?7JCP
zjC{rOd2wrBUSahcTD$pg0b;^kg~&^27MjpMMj@YIK8>$%{>^@^QF((JCkMIUPcsCU
z{~YlQU2`7i!_60yzV9f_k&LMdS#t$*>Cbj&`exxjtrGaajTF-&_lgK#RM@Nnc+Z%6
zL!yWI*nQd9`9CN{f-Ad%1rXIqyw_1b;drI){4v^9vV0LhtbTa^p2Z;ECO!HAdv)TK
z3xFrQntLJpk=)McKC|{~39WZ7?z=5vMdSj{G5^TdgKSt>UDTftAkbW5KyMvH?pz>h
z&j(o7rEJe&-xFV23)qc@cQxhJF?3vdMPNzXcg`15>v!ZEaO;x;A5LNRb`O{_%)j`7
zWjr_dI2uc$K5q3<$jy=c6eFC%p9==~0gNEn+R_}0B~ZRM%@~3|M0UTeqY6Aj-(j=|
zoL#1WJ~cLZmo3H-O?n0DK@mT(1>4#IA6}LbL#Ov73a5L2HG*qMWN95YH(C{~iqp^l
z-t<Mf1>?_5H6jlJAR+=RjA@ZP|0bhTqeb$dps(2gvO=^+3YIS_-pG9M<f;!HW<O$%
zJ{!p>$3Njd{c!?VAOvVL{yDLH#n|BtjEt?>f0u+PoZW~%n+N3$JaTDd@xzqF0cn*I
zUp!eE@NIv;13TL%_8c4NO?&2v1<oaEOj>*ye}_(Nhor`d9O_Jk1$td*9n`zj_B60J
z6(YUBE-unAl&OvD^GW~yQkUeps1R)X#7J<xYx(0zRs$FnaiA6XR*=T{l0DjSfcln6
z>w+Is5WeS$m;F+DDN_3MgI2!-^T%}W(daqrDqYUB7bRc2*;MM_^*rwq(cq~4h3Ps^
zZk<AQz~@+)=(%HdBfPx8_!_)EWwL)>^pi5NO-ko{Hc&>$-TpRmeo8%~b|aDj2+m7e
zmiqL`@{09;<onSyB~<bfCv!0M-PI%IzpX(gO!CChK5<GN^xv;H5b9-#e<~XgNJ0}T
zpSQ`#hdSp}2f<{G@go*(bL-DU6j=xRQd_nD31!%hOYd**`)ZI7x@A(kuF-QRuvG}W
zI?)di5c<-MSJm+3{9DInomBWP@-F&i!SJm!>$g|0;B+ZQ*P}b$6Q3Df{8>=~*6Meh
z=8+^M^}eM1-L#ktBDMhK*h8VaFIUzLrWHBb{jB+jv_`SZ-y{9(6;l~L`aO<L^gw?4
zvtnLx2(y9KtZwRmAW|^4lNd=LY;qy`jEe<2NeeaRfd7pvMH;6U-)It<ztG>?pU3p-
z`fN_CC(kbg?eiNGTA$%bHf7k=lSHuH_g?fi9R+!D%M%)fIl?FSu?@&UXro7Dm*`uK
z>RB%62LW<><j5(QYzn46W?q=&E$5A|>wDYGAmH9j@f);xr?9p*XYiR2^;4(lrX?|q
z*-y{3$73x`unTz6!{(Kc?9eDqbS0gkhT3%9U!sRkNTnv^XLiV6q5c~h9s*B3cz{sv
z8C^HR;njaw7vh$V_lcpT9F<V-{^Yo4zZrNjE5B!zj!2+eoMJEPOW`T-gED|B0kAg>
z-tV$|cf$6$Lxv_4C+aI$m`H|C`+Zamvh<DlAFf9)6<SwrgJ9&vD$ly+{Im#eMN{}o
zWM0aQf9km_CB!?SEbv&CdN8V;EZK33dn~>{2zgv_j8{M;q)0ZSI`Pig<!)O?=BN5A
zd*)>2J;&ka%iyPJT3@76+rE;0uSpJFt%P|mEN7p>fezK4MlQv^Gqq0Jfwczt_&gIv
zo_Q}-JYvzhq9tcojfckCi*j3+P10$^hcTrrFlK!%`ygj3g>PxtxoJEEVqqlP4$bWo
zN&lbaf?iE)mz)wQs{PM`NmGpMU#qv~epM;Lc$MK_sSiFn<n#xz+CvwL6sXo$XdYTd
zZmj1L`V^aAJs_kyFrB5yB$k0ZDa?D_fA)zT49i{jz1lKMheS_lLJ8<&V5tah34*G$
zr)w1F?MV-%hkUJC5KsLZssDibT9&qsyjQJ2nX$S7<h~>&%AnGq<Jg3e$i0$z3&@ly
zc$c8QlMhwyqZ2_gZo|dX#m4~Bxh?S!F^nmRAksM0&<W5CtioL6p~<Y+j*Z!*joC5Q
zh(czveE8`XD+Rxx++Fk0gOnW)JYx@rMQ5;OaOI=3#dNllv^{9JQrJ^4QUED}<RS|3
zxGEWr^n}A3q(6b>sP6z(y}5?$Ek*?g8d#~$46+{dd%qng+()`N{P#fB=R|J&__%y!
zQjbDs@oVWLin0?48iJ4eVXR|`0z#3aj~s`q3rs0K)P#m#6vP%^@?zHt=m9Q6)=>R^
zYpWK9a0h*f+#<6LTyRN~BAmaTZPA`*_AR9EC*J^JX`XhIe|oXhbsEWjc*n3XNen{V
zoKFwRTxS`EJ|`(9@9B~zT@piT;%`$Dy>N-{sIg}Jl2peUY{>koil(1XdW29Kg!&iA
z^+|t^iB6yIkYu#bCt`&bHRGSI@uUVbb(B35S=>k=AJ{*vW$yd^VeU;GQqQ-@bH3i-
z+0Ge9^VRsAzIPL!Ic_CYgFL*NW3iW9Lda9gw_y6U$_%|)?@9mSrBvB0z*K^iXV>4(
zxn*yGI9mebMcQ2DgX!lV%cbMRe{Zp>KszJy9b)sgrQ-#-m(ZQ?UK?*Q-lqMxpb*Io
zy*s(}u!`A<_=JmXNU<Oi7;C!JF=(@}WZk$pZFT!RwxGwo;22*WGkxe2$T1TaPtmc%
zeQc3uZ@6q6jcA2bZ?~6WpPbvoN6XORA7tR9_;52DjyZleahT6qK~!VIuau3@{As*C
z-9!fTgLnWN>+&1KczXIPHHqCN=LTAR7=t+1e<L(mo3N8!Op=!l>2ru9%9Zu_)jZ1#
z8A$2C!BVDkRM#l{Fw>kZ-TJ$^USi^Vel1K~F-L*(t9MUSfgGN#%QUncvB}bv0}Ret
zM>H69d_`CRTel1I;6XdMiEA9Q&!vaB#zGyRv9SY<?(I*}@MC(*`Fzjk%qNZw!-?D4
zDN!?`FEcnz1}&qs3N;J4px85!kRKs~PD$nS2!|e;%L?B6&$oWtGA7C*e3OJoRrX0o
zq=X6zxFpHXzif*bX1?~bG^X^b<PoZ_=8^FB@*H-Sxaf>Wv!d;$y43COKDMm2w;ay8
zR=g$1^cp9fp0BR$mgeNyot9P~(uOy1<*1i%`Rlh<<6G`znuotMI6llx$3%-A`kN&R
z?f?qqHG1Lf!b=<SdN#{`*46_4;@W|3OWXhWHB5|li8M-eH+nl>kw<!3A7xX_8}4L-
zw)L-xqt<v$vtJ@58u}$42Sgi9di~i=yeJO_(~$<=Yd!~HaX^WmN~J}+2_qL#3^lpx
z!~9pi&6dL_q-oWn@-!VS=Mz;1)yE~Ko2>UC$qSfp$`cwGH*G9N<v-#%34KnbvFEC1
z_)U)PFm-(K%)9R-3;1^vX+vn{toXMrr)4(+Kb!*XH06T=Ez@e-bJk`-*5grueA}NL
z-*(b_>(77{<K}C1TW9J9P8H^}p}|5|kGwAE4vvkPMYw-<gkvLC&@CD~kYBz-Ew1)E
zBj>wc=zHa`cI^M$LV4MS^+yWEi6`C0?~E{?(Ux!st@BiDIu$sLa;#Vys=m)Dk>Snn
zLaUKCs%-iyY~Au!_@*nHYP?=0TIZ?}{@mm;bmedr-cWBO1CA9;x^{-zF;<?qwtU(&
zf@p|(=y+I$IZlQ)qH5N^YbDvfO%-oTKlkTLA_it+@ZNTVd6wZD1W+_AbMUqW9<(@i
zHrr>~!}cUjr4G1Q;;W(Q-4RxOTL>jzfX>>}s@=}sQ>)K%PH$A~M%eV^n&5rW)!2ts
z{aUU$NP9$^pua+Ip8vb?X@_ZssoZT8QK`7V!h68_@uN)L=+pj@8P9|H+Qe3NVy@v!
z0NF(I$LUn-2X?mM`^1@^uz5wo_}ie2WVWG!8O<bBQEtRSE7t1Nq>RFZcj6>GJLd^?
zwqf&NuA!rE=5+1L2=AA>d&{=Ts@F|u?v@d6o5Krk!iW2Htmw?O<n^i6MbJ~NJJvn1
zYAmNf@L$!@HQ&k94|ffgL9FMWe{3PAm_)-zq!~#TwpN5X(#XhU%=<gJ^w`!fqqQTI
zC$uCOudB9sofg8-(6$IATi%?Wp^IVJJQfaDb5+jLE5oY#X7~eL(4e)=X_?0Y|D<CJ
zc-giRkNM$VyAPR`1u4XZtgU)dUmmg~{EiobD7J6Lo!hla*Dus8ycJhXuItT;r-j^i
z&(v<hHWo+sFH{9wxfA~ElhQtMN{DI}8t-n#s^t=Mr>&epqYgUQAefgG-Dk!(1s~b-
z%xIJgN&`=|9{wR)WsyIpH`Fpm-*2O<T2s@0v2aAqqGFe$g2oDX5u{Ee(}O9ks1D3w
z(d58n@n8vOrV!A?4P$tT(#r|1i9*g&1YEMQNvMZ(ZKCC)Zpu>C@mWP-n<R*m_+^xF
zqb~D;I8vxyQu;|RhwyKLnPU?1ff%<$kb1MAzKkKwv&gdf_^!d%h7iZIkd=MF5Cce9
z5CcYFfBQf?dm+UKIA5`cg9&AW6rqBtBEr0oK<jFe_6?cH`fF<O5)Hx0252Nh+2SFv
z^8;hz!Ly7g4+R02K_FBiB&(o9iXh>;jLAY=s=Z2_&?kE&*`YR$`0@jCt>8<JxH$R9
znY-kjK`XZy+kKF)u$g<LotRCcb_o&hg@LQ$tY|5P39EXn=u?CGg~d>XDVFr>5uk(L
zg<Ypa2q=(IB13z|4oaB(ef*lj+ld|_+wT8c)^u}d+yTV`0*d%2YZCoGvZjlXxtW2P
zv#o)vnX}!0h0SP98&A}crDabuZ*|L4X<A1VBCQ4xut-BAF=NQYSo*bbbXikpa5~Zn
zL&ns2Qxr={Q7Gs(T+2*Zd%?u!Gje)XxvUZn%PjqQc5=Cm$HeA%zpwW{J8_Q^KmI3^
z)zQ(Rzw;zI8dxmMr#nwNZ*tvU&a={f@kY_+=;3p?C9gDl@gD9F#FgsNuKN~$_vso`
zb8c!(qqnf_7Z<@DPAqW5A|M<``W|(%F!HL>q-936;kOx6mlpaK5Nh*#rBJ}XRZaaN
z-H>=V(nXDaiL)iCJDxuk&mJ3pt7=Oq&}-}dcJ|wVyX;SK@enbwG)=mE+AmhZVLy%>
z@~N{j`4RMYQW0TYPo_2dfaP)nDjCJl5-r@0`62~f$Uf=5JpL~9XEfMcHn>ho>iScx
zTjyoz$=Ooo-)cp*!@=7)=da=PH~WG%C92jU$(#1L`LO=TYFfpBT|imgg%s3x9?`(+
zLb1>4SIbcp7kL`tBf_DCGyfW8RhDT3>s6(dRi=vzM$*@+^=2FDZm>;3da#X^YpqvN
zXWOO#D{qy*;RF>CGcRkRO<01nKbM5Z_2o=z_&urV?;aRTkjJv~fmune7U;Os%~HDw
z#At+*d~e2|GPyQqgQ*6}1j11--iO@qbQ^+`8^%LHuxpp!6pdlKx-nRtLJrLB5#(^5
z>`)Fm)vi<}zMK{~6Z<xH$4r#~6^)RirDv<K<ziMUp*Z<p>E@31-bYyBOx5YNXfHII
zkHX<|p~L!O(AL~z0rXhso9d1=L8n$w?$$;7FP0<=m0q`n_<qt%2<|kQx_+{z)oP>2
zN|sRFrtv0)^&NAJkLpP+=Y{p-^`p>C%SfN2M5UjpeQpdI!dU}9XcC!h{AkNC+AYPU
zKHB41%I)yvN3cbY`Nc^KI{kA$G~I@eJ?#o7#5twBk(|r6kCv&+cD>Pt(tGVeC4{gu
zwPmQ~zfs|ZcHm-W1#uUEakirC^Q)^5O6H5|utOleGD8W{BRP+jH1m%)RpVIX0=*@(
z!_>_CX;{`ZC9CI$%`@>!ass>yNfV~UHKVGvk=a$cl*22on(bOkw%mWUt0NKK*wdLl
z@<rOBp>0^1Cg0^YE-)rXtuZmo^e?pOPet$R<F0E)ap^V8LJKu*#qgo)bWKj6!tmzs
z6qEM@=Am^}MLgsQh#pCJ+s?oT!QgwNWm-v41z)&lP}N&CXNe3Qp$#3SqC->AVPIQk
z^SOJ?%gEVvrs}w?6ZFav>L(WQClw_$E40mBmSQH!Tro6mMDQ$JmU=(%s;B!uia+@}
z^@bJpr*=o~mdE4v?EnG+97#8QI#_-WU`u_WTD$$9?(7O}Fn;2t`*Xw>vQbkD8mG4U
zurE{Qus$xDA+z9)s_B?_-gIybOIb}!F{F@>)yX9jvc<6A@O|YFmF*Fb0kW6Q!heFM
zd*y>?C%l5;4=wj?nF^SMEQ|#xU7fP&m3A%O*<#;76N=~q)`3@n7hVjdrHGqRy2!sl
z5IsQ)1k-7q>?zyUCZ2$W818?q!e*~-u4L|lQczkEtbjV<jn)oa(N$NfYIc$*8L1=c
z3}?vwRpWCiHD1kuQ4n2I-ddqK9f}75=gEK2KfT=AF%e8#F;uV`!E>GjX4W#NNrowT
zw3iWTPN#O51$s$!=9`wwq1?qHt`0YX7Gek-Q}{y{LQHE*0AdDpwZa@UeeX=snz$>4
zDz$1e;Lcm==-}LA2F<-OVS>3bZF6`D6E$nL%gSkA#Dflt0Nd@2wr#V2$STNG%3Y;#
zB9(<WY6UKQRaUC^E7vMw?+K=00=x^3gdLN_U5uw=Sl6olh<?*hL)#X-K*K#VSG2UO
zn7)~}js#c)-5|c{4Wx3*qMu>1nxs*VC-sbdGTFhMX3K7k8Xt*O4{Q(m)@CJIR%4w%
zi&En)25v<}l4@fjaDEXeLzn{@8Q(`2uB@rB-MiGvbcAoW_Cfk~*IHQPy$U33K#wBC
zSx`smHXwtz<|;qB0=Qdag(cUU;J~KPw(Sfyj_1=#NG^aHNZ*NoF^g_l$}&9P=o0K>
z+C3Gh-;D~rcPF+UVFU9PGr)HpXs`tHo^h@0agZlPwpE2%5W$OBxAupZ*PXc!J!@nE
ztJyKtTc|?@s|@BMNRoWNwsOa@h>GmgCma>}TJ8af8PptzMLGg^5(qIV2q4%)6XGs6
zquL5z7JpdGs<6rnYmDVI+JH0G&`!QE(9UwHJ*|$s&X>T8ahX%!gvz(;-`-(-kVTOr
zUGysuTPmV~dWZi(*_{zoN#2PkhO2~j6kWEDOyLElU9rSaIZf*?tG2CN*sRUW7IaHQ
z!v)IvZ#bfqt7<aG7P`w7SS{5K9pP(tz2q&h&e(cf)b2Of)h8m9=0kS-w!a8<NvIK9
z-fSI#vlnc%q#8MS(x|_JY2~`XsV{|{`g82jSlc_8NSjFUJq|(J4>1T=HiSKzBPOOW
z0#3S|bFy^NrB=#EkKELXBxYAd(SL71QI<>k^nlMdX$IjW=Kmu9i}b37+DPQ34x24V
zSB4p}6pu&+R$B}%g&Jt8zc6htL3}Di+`4Amg7k|;aSnopf^ONQrq&25ln9>n5}f-v
z2&s~swaRz%07j@#97<LLO4m|OD+Gw3OS>3S0#R684o8;<KVpvxth+8v+A9F_rr!EF
zd_Drx++WhXrzP{NMO6=cNiwb@s@#dT)f=~<Mf&b;yjVop$5u5k@<SV@xO3hD4o_4h
z!69ISV(Pbn<Mfr%GAPbI$0m&Y>=9<sHGYsju#zU!6c2ummcl8wP|ct`)YQ9sDsYZg
zX>`G~U@NM9YeR1y3X%nb<Ro!?dKyp4_yvYec&Pzoslg!oD@HxPFvlw`<!s)H$mbEG
z0NRPS5YDY$AF3JkZ#yVAh9U*+a%GI2j=e<H;;zn0*4R34LCtqSqwEKG+8We9_`oq0
z$Eib_1nd?_5?%|kC=twxAqXr9D8o-kgNVQ+#QyOm+GsC;4b;)4X0cT{$YLO<+SSw^
zcYKpQxy?50h!dBBl}GCs!uBee)Ww9z1-5vSJYlfx7OdbRuooeJcBn!a@>6zD$Pm1%
z{k=Nog4gzetlQ>+FXZ^#X3J2R=g4wP6Qo77N(MxU!agHj2SI#Iz06&wXx+|v5deKb
z2I{zIbAGDl6SPfUV=fY6AK5UqhclIwlXZ86qz+<4SIO@y|2s8A1%;bc3wy4DKIp!j
zdEE$35QSu>m?ad)0&N6ah{v77I@D2+28q*wqBzw}5*`c(G@QN}mZTFMy&l78Ru;eW
zqEbk68k1ECeYO=%kp%&#eJ6mMmKvPZcD#J6s^MO+U=NxE+e7r;7O7(zb<i$e@oy4o
zkh{peSb^bqOGAeerGz3SECw!lqhqrnPM@=x==q^LQZ9+5DYWQc*;Dr_AmrMups{3b
zE6^nmWbMa?Xq{ZcG7t%QV$y6B@~BFviA53h5OUi6MD$&`F$Xh{ZR^m3h{YzgwNCka
z8aglZaqe*~y*^qEAk*<l#|dT!jdr0l@{cE=n*ygC73G4vv`iJ8IQh!CO%WH)TLjKa
zy^!nM2atC3ns)Tmdq<I_2Hc7h*zm)*{j+k9JDi(cACH`>ooo&&fJ>52k5`}G5UdbF
zKtv_?$cbaj%<YxTO>8|fnmKIG?U7fYa0R(A@oyv|e0LuxDZ+lW5O)}uo#$?`+0COC
z-KE5Z6<y1BKE@N4pzY`dq1NjR;nw+BN4|jmCm@)WYq*ZMhOUt7Tsqwsd8BGF6_}N-
z6Xfb`Zmu7q!%yF*&<bXuRt!06-4v=01DF*8BtTW7Q^g-f^KM+U9UrSUiP<JKCZ`bi
zdjBd@jzcSDY0y{KAFral)UkQTi?^b^X72f0qCtzB#d*gMFT-Cz!eR5Z3bQ;!ooOQV
z{HxQsqE@Rb{q)cAeFVgh#NpJMNtYt2mq~PMh;&}*vtMqb-WDk&7XVTH$*OQlU*#$R
zodTeJ{i5qO@^Mm&qw%LQkZ)cX<tMDs<%8WF)DZr1wb!?b)_<e>x(m*|b|~*Y?|zF;
z`k+woF*(WqP-Z-sCSPTVe#GRN9;fGPLD|ZZJ_507SP=*#!f*%p-ZpcCO{ond3k%R%
zBD~*jJW*R#Gshyoa|uBfI6y!0O}S+_zxJf|sSQI5=OMeI!T~~~k(Hk54jW_A`8S4h
znRq5exyN&5@X%dZZu=EMA~)(m*%c1L%ZMJigu*xH?z&IFw?HZYpbQ3%-)@hE`8suw
z=U)SLno;$_zndCoN0r=7c|MdOKf-Vfcen<+JHo$Q;Xh(<O#MF*d0Y~|b^_BSmQ3Jf
zOcqq>he7HD{pmb;OL{P26IP>_S7n9c8tXKk5cqT=>on?V>n~GMCzae)^?LP{SL)KB
z!B4_HIMiV%xEXXLZv;WKz_g2kkI#H!=D~s_PGy4ZU1ZT%1Cezw;;OD+CxT)ZaRm-y
zdr*vO%%wtnzXjE2efTEM<?|#a4v?S0-T2cnN|?VuGRqU7J_>(PuG;5~KS#~GcjXV2
zRq8J>cXmiffyc`W7X3lWXK1QB0L0c1|0fL8PwH!cVhzY2CxTLko#@n@Y;z(G2t0yo
zptP&GXSEN2oJM+RPA$9cep(M|#8#aK?`$FtVt=JB<#dOo1{|y`sWW!j&@9yaDYF(|
zW%_-vrLsnl)EsayT~-;}!P(r-X%C6lGdH~L>f{6J<nt%ABD<^lxy}LQy*<C995yi%
zoM#ifhx*i_1jnDWe|vIYprWU^c>wu3WBgfXzL~VYyJ{P_xudlHtGV$iyrLb}_9kci
zS?*<akk1to@14i)lHTi-%A2;L8tswa0z3n4Wb3zs(Oia7KDT6t$`a7zmp!ic2KXfz
zh<p9fsM0eZ(d`TIonL;ng@7stqhk3Dv^KUvue6)*XgAKcpTR628xNsdhd<Hj7u%Lv
z^S9z`7u(j7m^{?Gpj-=%>xY8)>PC99K!4GuhQ)r|ERgfvNa6zGa@{MFHc^T{iOOvO
zH-$g~g>TSx4a@5@8Pp6=kbs@ZO*>R~@V{96!d84a3D{+T`pU>hj3a%y6+J93`*aZ^
zEL*FUUNnGux0Lfp$-5C<?SL9$K#m--hAW@=LV*X0G?3Ef*B{x}une^QYzo=`%}vph
zN+H-!c>&kW10Bf+G~}?p3JE~FA^lI35@l?IQu)c8QVWd?7hqN7iQYi}$~PY<fBsRQ
z4R%XB{et=cDtN^gcKRzn=@$+GG<0L8?$aDQbTbFiu#bomS$dxSDU=C>mRG^@+DAsU
z420%yYf`F5#V`7w_y$w_#Lj<(E$~NqJaeMTtwtQm1NSXK$onSw`xkU59N8VG;FVVR
z&K6(dC-UFn|8$s{rMg#KZ6Y-PG(}#6k;9vLuzb&g>D{w298@s6>Bc($4$V*4x>ro=
zNr~Qge;|w>P@D&a+4LXsM^YgJyphA9ciFe_{P3KF|Le?_jOd8=gg)ZXkY>7*AoqNY
z0wT0~54kE)-*y-)P(ai`O>r_UDkpul2u$Iji@*z&c6i;JER0-7BC8`d-pj2CN2Dfn
zR5KKzOjRh<YuSW;(YT0=l>CDfFHq34vvo5s=W>;t<(1X4^VKQv;pcFmPU_wis_+nb
z!MSIn=jmj0elTTUku{E);UkQ>4tH-%k+&H71c7}iD?lE#^UkI9X&!2T$xa6S83wXp
zddGT*YHWhC&q|)Jh%wWP7Sx#x#)T?!?q;Nt7``JtwQbFClW~}F>EwNxD?B5{L+PVI
zyj`cU{)H^oxkq?|>2L_+Ww)<Ig)}2n;7K4Jftjz`2_=7rB8$W@(6x`APNg48ZHy_4
zTGKZ(bWyALnTtAo-hX4YBuqQQtDVOX9V2ASm%R|0melC3kEzczO33mS1n9Jmzex8{
z!eqxaB}`&C>&FPTHM=*{^PKV|f&PjFblT5OWca9IZcCDQob@l0;p;Di+DRQ=wAb?e
z{_Fx=N|Nlv5AnEi*w1gRT3xa+HD@IgO*p~gfvu&$wTU59r4DW6BOOnXx!I4zGizOj
zIf1<e18eogUt{f)YNRW~Z$T6#5_`N?&hhh5X3?Mln#Jq;=Wt*!EAG^JfooC~3b{6u
z)V6b|C|nXXs;ZCpj_77!5-E#?>jqbpq)0FR79IWCKqG)bW06%;=E}HK_nt{@df8@f
zmaEso+-7H;<~QY1!+d`Hia%o2s*69PJ#&4(dDN5V%K4WMu?XLc8wz4D>39Z}z}2)i
z4rmZ2(@el8)0l`%UP4gLWT8Q5B65~kUE*H&@Aldmq>h*&^T*%xlm*72Bz3d0{#k&_
zn~b$@PXuKj6ntDRWbYcWL>4o#!iUkqhgX&TPYm4Y8px?as*Gqfoe9vNq?A=72Kmkc
z(e*~@ChMkgZ|!{&C0p6MCo1=n#V4vY*|JL|=k&y#KaUoXO%h`<@Z%0xXf^L%_l5z0
z&NSnORyBEozf_^0p8C|2=(haiHDcI}nr)N@*tTk6i_{{t=n`#-Gt}VO*%CX$MlY?r
z*Vd3Xb((ySy%0=G%;jl5an{s@p%50Fs!R6jTWi+DT)%_O!&{}<Hu6%*^gMSiSH)@)
zEmJa!&zTbk_n5q2MR9QPSK_y!`57rrBgjwlp(B#dUuE|X3$PQ*+ozabkwV?}23*Tj
z?xh=LwoR^6wv6%-N6tupa;7<EB@P}X&gSn#A51=24Gf`9O>;&z=v3+1x${W2M5hb-
z2ge3faci;&k^zqQx2=-3$TSXd7YIW8loA61><M}7r5WE>Wai|l(sVIc5_CD~y`O%A
z%n`+m;$*`td=tH<EMf0$5dHyugrlFtgJJcnqIxFZAqM6V_;!EUhIivW5Cw|M*`D=b
zBeWva2J>7<(-j=T6JYCK(uaMtEnu?1m;6V4$}0x(CK-(QtGE(ZiH;F1X3FxEQKRPx
zhEZ^r+Lv#hewBK6DId&XkHq0!&k}f^I&OWD;}i1P*8jr<{Lj1#O?K<c&F}~G%YMxm
z<6KSCF)gvaN%3k79-mN{Q@ptP0oZHYCQExTBT`1NljJAIerd^7CcjlgP){0+`K({S
zJj=5_Q$Nf19&;p48S~c}53|;JDVcLKWiYwf>bp9WN1!wM!DXdoJSC2t&-Z*~<PAid
za4~D;k?;%*BBW!JGR9=KG2_6aVyChub}UM$;K+V<N=9ru5|177W36VkTg;93*12`)
zbO`vGV1S2&<=5O<Jb><DiKSF3E|_#X{`DK)j2FPMg;A<9Aj3fjGhhD55?0E41Ax%a
zm8=CS^2YXL1=Y2VZefOuUK+ZP*kTY<S`}csa-=<m6wknhkb>peN#pCB1Kg&Vw>W&w
z<9TyBic<gaTGjYp7jg6-6U^o8*%jQik9id}8ckDgO4rP*uj|WQacdpg4f1R?*DW`p
zkrvKr0-xV+Dcea+Yz}%|Kji)s8kE-Kk3vHwnOOq0*SKHVO<#|n7C-9lwtHy?bZswc
zUM>TvS0k~W^&OZ~A5$zg?y0%0QynS$_(i62jA%p>nilUbH>uR$KM^f`NTcB(R3O+$
z(t^O0$$_}Ty`1Sls6wG1`RzbtwIT>`6t$pXBeMx)MF9ac(UgwxyijhpNS|l~z=UAL
zVDv~~P_m)mwQ#8eNwrX^{WO~JHhW&0pch7<wqf|Su<Ltvo{-z2UA52%ec`tnuXx;h
zP<WvVyEC`gpP;b=Qk>uxd(66_fL4go1QC`J5<?2}0(2EdP?uVP<9(pX5n;UJexm7N
zmskAUK3Gra8pAa61u}Y-iRE`2&_>>=;uNbtjZE6$-!LBg?wgS{2N*u69wt23bIPo!
z?l$K1a;U6P>P6_52zIR$Hl$4`K6w6tu(!}YD0%&*cVeIT)k7yv@YN$Rt<VO;47V<y
zuzrzwhLi+D1D;R<y}_P9F9&I_9=x#zdn=xxSxg}@Si@A)1L}4l{82M|4ox_A_3*ZU
zs$~fEH1;J3F2EHsu4zYO-fHjlJOLxThj{;Y`V?#kPG)}~gvF{J;oTI}V$x7m97Mm1
zw9XiWg6nilNKTBLpTVC7CeAG>f_GsS6Z-}RJZRCZOdQh4ipI{yer&im+!J=N?3h47
z+B+FS^1B~}oY%B_hX2V$$p)z`o`M1av7rJ1q5Urb;Xj5S03%1o9F2+C4Q{xt7uule
zEnxf7sKN=@O~Tew02Q28i5+o$k#s$!72}WoJF$eH*u5zPw#qRVl2|0K3#GJ^_-`|1
zG92c@Bn8SJm+lk8zvksHub=)W_Xm%8$D+xl{<y;r3kuY4CokaFt`6|;J>8!VS4U5<
zi#;_4-42{f%nqFChq87l7$Hud%<N}$@aj7#Uy(gl;48^g$9yH2t@LXIgfj}rzlh1n
zE{avVp*4p)<O%~pnOG8siQF5@7Lg8tr&MGpWcxUwlohg5nrKGnxSk9a`&3ii>4qEh
z28o$n*(%ZEy;m_B`$QF7aiq=Lc|%57sm=tk%)~iwWJO@GNFenP!JpqlD!lXdw?pNI
zPXK2JNzyLne{J)QZSTzr;|Ut;qO<0v8B@|5w2febbdz>AWnGj3X@YzcyZssu<elbP
zte@>+JDuc8wak;DVm!RZ(YG6fhg3z?zjM@O<W$l3$1-w(hNls5L~(@=xMq*AF%7Mb
za-Dn+;TTgUjnQ$|EYJ7PQ)QF(5C|PW=&Doopw!yPs){<nI0lL<5XveK5<R`@FeGd`
zON3~|SoJA(Q76@774^nXd(j-EDJY8URr;|r*0$lj-S-HA2xI(9Wsc}oY_mzi;0l`1
zRw<+9%q#ee(1du@6fI8jC;Mfq!l(cq#6F#maHHfgdrp5I;{3^Gq0CKY$yd$L&~FXn
z&OR9zFe=QUPZCkC^@nfa0>q6dM~&oN?__};m~2(XK4hBjr|P6lMj=*WrrNCVg@USM
zGKEqW-RqE=@Po_t2$14d-?Qpzt(v43B8KMJY4T9pJV{4~t*!%Wa3bdhXKRQP#V%aT
z*ZuG{!l*#$sEE=Xzh;H2ID<B~tQ)g#y9!|xpOSW0v?UO@!C50S9)@icjtZAM129$<
zVy3uaHzTPf;h1<chLM&y%#ObG-{ab#WfU*--`U1)`8I8PlH_6zxzeneHw|j6K9-F|
zt57<>IeAgC;~h*Ks*V~em>8|r>hT_OO|`ZRe_4jkVQ(*i(ArzgMT7)3R~iDB2n8o)
zoBE237#E23gRL@6E79#1IFJ|Nex2~d_9cr%g~t#_q^z7?jKiq7j3ivaJG_`fa+!F+
zeSDn}4g`z1nRE^l(Lz3o4t%`ZiaTi7VYy|u!rB{(C{(MRT>BBExNI+gHOvvV<;2+p
zv&}%V^<&J1sdEPSNBoALatxu=SFP+LM8>p99Uw80V?xD+bWE@|MQr^ejd1H)Zzht1
zXUIuoz>dWaFj+R`aXv;GIPlL4ujCSRlzge&^L{^p8agM-LEskLhb}(zFE+T@nwco=
z`Ja{H&WzF>^j}GU`iDzm{C_F~%YOw$J1%HXG__2%GWmD4Qd(7Icwmr%V$h;_XxCFg
z6e2|_+f0@aGCYtHm9uJB?z5=sbF$q&>hK7nT|usTqSJDsh?4-?NYC2+I)n&>T+f2*
z=yA?~KcwwH73Fx`SvTH`Ki@AqE8fs5CyVH)q5!3%vTVJwNm|l~#U2!}I&ykqwkYTp
zYLc+R5=GV`M<J=Zp@G_`-@gr+NyN~($d_{|$oq|1Ev?Z9U{WN-shJ3vsS7uAtD$el
zBL7Mz(@|UbG2x}6G{z!~1gZPep&<VOHsC}{nZ#EXMi?qQyJyx)An8_YBsV`tLsf#I
znj%`Er07r<W@3?y9I7+tf`>~i#4n>a)=aJ3i?4i5PFGMhPJm+~KxB9rLaj?x)J!}x
zWhH6~NEGaW@<fpm_hBNxzKH*W7QuKaOH)w0xwAv_w&5#Sta8e}mN`(^gHIa|vX$*z
zE&uKy!5x)dEE6+OhLvoZCxBGkx5K%b6tB`W;A(3&%0MINFx&@jLB#D$mvJk@e4!wT
z#ASfkUnE(dNDKk8Dl@>gNH?CyfF!M0i!>}c6k&>yW%kL|G$gEqBgrESJj>l14+RYW
z=F4X}T+5mb7gp%ZzPmxzGv5_1DhM&KCmYeuK<6g8XAg%9H<CG2t6%~7MUjokBC0JL
zhMpvV5g)J4TsUvt#{-|}U5_9}rsHbvPe-if6!R86@OXU+Eb@z)2G{t|HJEB01;*Ui
zwxV$Gi(fI?#QrKZEKW#46+*=4x2Eja<#vckJPTgwV?;8P^tyhDx2_>vo-4AsEEWQr
zjxe()wrto?h?Epr@nXPYHk`6j*#h0zw<uM0(FGx4Z2MBL6-E{aagVS_*Xt(<S~NL;
zg2-s~$<?;os8x$W0sDj|HcD!`HzAnlgL}|XIZ;K&SP_I(+!_kU`L9JV(|*;>Jllk8
zI(*2WAu9!KyzQ5wG?_6pen~G`)$w|<*;%VSs<LK~wlt_1veH?242$s`3P!LtNtQ{S
zV{_ml{L7dVbVzXDvihjD=Dih-@{>Q0j>xyV4ccfCfCySFxKV(3yeiO?%)bB2ZYkwV
zR(yQuSW|c}zZYd!AQzqqS(=<6O%6-?fiiU{C0#1{&rqsoJ@z`Jx8RsFCpyUA(K2nJ
zBI{3VltW%%{N!kHAuj<YxF<r*;{}A`0C3qCiP|v3^7+gNH-ts;lp1p6s8>G~NWS8b
zi@+yJROobHzJ(!MSLw{@BqP!OUTw#fa}gvr7c8~74e-9l#Q?Z68L0?<uDuaAs#4CJ
zGHqf-W7jnxE!#lAiuGXWSX9Kf=wx}|uqi2M350^L$S*Ps$sl*UZ9h&c-{<B+eVt)6
z%qFrwV$~#tINV7@=?#nzTEahTu(Z%NKx5^$(#wuPjXKc6O<8;PhJ0XW%6b82Qhnp~
zRTNU_vX?5v3%Op&UGhZKO&E1_GRrX3y5%`{^`<IWQoFK2!Rxe&*@lI#wz_uGW7>9<
z8roOxfgmthwK2*E6sZ}smj_^3pj0e!=h6)m09zL*3r;s$2<oKv6;VcVO|)4;rVYL6
zjxz4P5}9se%9e785~V}^C$I>MF;Z-I^?cj@m*jVh)GB?T>w^B5%t4uU(Y}6V8sn+T
zU7w75l%TYu5VUZ^F%a95H8q)Bq)vA_f6$3?stHqz;nci86xn|+)zE~XDQ+KNWV*p6
z@?V1@Ta)RcrsVa<kpzF`_NGATV@A|xtWosQ0xj-L4(q|maAnAjGfR&Cp-HDhsUxqw
z+BPk>49L(MTh~HN=?BKRxzdqJCf5uLuoL0Bl@?nwU(x?$@D{Dr9kG&NC&K?*0GX*(
z+llcUELf1VSIg{xDn^p;8UU2z>F9xW@7f{(1Q@yeB{PF@2n5fx!C;B@)`cd*6#9E$
zq|N+;T-NpvQ4|dhgp)prCJY>S29}vSF+Kb?XYG1lrtmPtax&vrA5NAb^&!}eG-PW=
zMrq+i?=O_6k-C9rc#Z~6yw@c1L#K4(*0oq)s>?t91zri1nvq;vy}bE#S4PhHG!;~-
z%$yQH%{`IgLAAg%IN*7<lSf-HcyHRt5U!<US)!m|6P|M6_E?DAk}*PJ;Jw^P-c^L?
z0h>aeIv_$+N(rbzyL1*1DyW8g++(1my_3Q$fe^5%%yQPyDOy2FfMihc=q@S{CJ{Il
zCSF%W7N{2VbkDGb&4BUZ04vtP(J{E9W@vI<3ba-IT7Njk!yrB_5Q!i=2u8^d55{z`
zrQgm(jITVRVzYy((m|pkEV?0)k$tsBG&mbuy0eU<F&$BRW!&f~y>%D{H^`h=kkbY$
z7oVJpyt+~2o<uH|DOxaOUI246wgh8wGuYG&*=jQ+(7g$>tB?^0vqL`Mj7;$P@%#}-
z&=aL93J6=Oa0DGJW;Mo@1WV1)MUfwj(w9Rp**G3!l2fdLgta<ycH0TEXwo{j=4D><
zkVu-|qJ-Dr3CLl{%u1cqIQoedI$VTQE=fn=l?HVemEJ!}=&}UA9eoq17?L&mqRHkW
z6my#ip||a82U!0-wr<0+g?lRydEmB7y5HhLVCFzZ{HFs31ckp3^z#d)BfR<IIVZ3%
z)ufzag-hZe^c|VSvR_bs!)SF(9Eep0O9!KnC@B%MWIhziQnEnsGvbI}fa!AdVbNZo
z;4umbd86lI1Ki7V9+dT?$Bl{Ks!>V;P&!A=9nmWO;zU~p*hbS^M7BZKUaF^cMVdSi
ziK^lC?RnW|K%&%yOWp$EAlMsT(cJIqH_(Ofl@^v!V6uqiZ`LB$t_5w7U4n`;B)b6<
z96=C*+2GuMb-3B1%R$;;2vMi@@_`D!gMPr-Nk%V(4T3>!a`qwueagZM=ntfU`tj~I
z01L<rq*=c*_okIwvXjK47NwT`h3FLqnowhf>?HxB{QDQ9cMeEibxyZ70NhbIEC-2>
z-z01?@WJGn5&a!5Fd`zLGCZpAWVsi&85+?leB{v4(-r|QG|+KA;1Vh>3I-{dML<jJ
zLGbsESRu7~2dsh!WH-7RD`6vAN4m9c{F1g1jADEW8H(T{QM#xaSvi;^qhwjX5j(^S
zNIW7;xey4T?n12*2~Bc06!NbNRm7Dl`W8?t2GK(*OM@ZK)N)C}z}Td_X3%bOM|Q?u
zZttY42r!hIeNee`@E=Em19yF}D(2-e**|o|&A)Hcm1~0$6mmgdeq+J|lVSwl*$0H5
zYlt8z%H#`Z0drJsB%Oo}i?!j|%Xe)!3~pVB4Y<C$_p*YN1ZBt<S~0$X$!Ox9QFP__
zI;r=7)?u}Vuz~aYQ2#j-rs$QsT@Q$#b_{||jR-@r+5HMMPi1b{f-}P8z20HuF!@TK
zM9fC2&_aS4--WZxZouZ*+?)kUhDIb9rJX)=a|B>dBiy((gY(#|7=uD;8?tf)2QU~}
z+oDh6p)5U4GJ-X1m8djY>rbA=4ngR8a^e-(gKoHj+Ndoea7721x$F%Urw{<98Och)
z(t^Pa%8{`$pVsZEFAMoPz%GsXc(C1_Oj-iLLt%(gt)UojfWf3zDf6920*$dgn5nKq
z_RB_USas1D*U)Eqy0bGNhgc10DW=CJPa2J#FO6{U++{RUf~(w_;g{G8V#n)6@YxNo
z6tCAm<%Q8?3hao??c?NV;}h`YTO+v*Et8>Bp%mSMGM!PTK=)L0C`|cJheNvs#q<nU
z<P2B(;l7qf8XT}01yvYEFo7cQihJViLCjG7e>~gTUhbTuo;}~LE>4zrI{nmlR}lHz
zQx>ifJrl3#js7Kzu<@7#Wh+0S{|&}a4;(?3WR3*A3WA5`R(H^cy0rwHW3@rtyY$ge
zE&x2kMu=iHd&gsZJB<3tqL16rxSri^MaaG+;2=t^k>LNZb&k!M1?-j%I<{@wPRF*B
zj&0k{6Wg|JyJOq7ZJnNXrl#tgnX3I0_TC@XTK9Ds)<H)YN&;X^FTk&U2To~ES#)<I
z(IVAZV5$R^Y}LRS;{}v{X!h9*aH4Gi*Cv}zRctgJ@YX?#STBpV-5tSda4>Fx%eb8f
z$_NTIs(HO~S#zpr^-W8CQH4!yLvK)HECfSnDYN5Satzp8k<LZ$(jd$|#Fr^b1SGw$
zYPO-{>P~3d<&4CG#B77bs0kTyl$+zob(9rc?cR#nxBa;RLAwHK45AksxF?hCAvlDP
zI2`#p76l{!0zg5669OZkFBcSa3a(xe(rOF`H*2+JS)7nN$auBrn`!FEgo#w!BXwlU
zbZ#_2*@{t~K3h)Up~>Kc3;pa!qM6k~lx;I7ir6p?-F@0%G-+{56xc&82nB>=;wVDR
z_F!q!QVR$pve8zME6R)n$~xc*UG>G(P|PWXk!D#3B#ID`DC_=WkOo_qKeOcr(*?J$
zodBqbE(jw%NfiM92yy&I4rL$%It>u*XU6KiDDDs3xqw7g<EE{2$T9F%hRu)(0zcq7
zsN(;|o9i<h#5V6s^R*{P=K|ouo?v$k>aW3J!y<6(#@C5qv8M6WA~5VgxIX7oF}sTo
zVlP0rVm)p#cY2Iq*Wsvz3&!p__*m0lfu>?T9@UX!It;#s`&g$L&#LrgSobOGLxD&6
zR580(8tCjmJY#k+@-F4Q3}l$j%7n5N#{O=EYXe`-;(K1i?s9^|{$wFo1_6!T!wK8|
zq-Qs0>?%U=HX>-7^LK#FgyrJAnes6PfB##Wd|I8@!gm*o<qoDMPT(CHpl7<8W!NV;
zD5otw@$vWMn9rdt<aFvls(=Gys5eqoihvieg4pd6c2vu9dtqQh=xOyWSJ0Znl(m2M
z4`*^o_{g_roizf7`6FT=2_E&Z{>6c&O%Mr-xuPAE53yp{O$4#xTr9|fihh0o!F<};
zi)qKK|Cz|lhBd?-ifN`5WjDY{F$yYeHVIAT4lfX0tb5hr<~F#`#igr7vQ7otW44ga
zD!-9((^|t|Zv8Mh%EOrc8kU_t)06wdmh5g)@YDIir#wSf&-XF2;cZv@DqVHpzV>Bw
z9DUpEVe>h1<YY5)v$^sfn^J{fH%?XE#dhUw{Ko{YRS(x^<Kj3$I%eTZTn3NFc4z2^
zoBM0^8==L7?~{P7)u&^9h3}*trWRw%`$bVpQ!{&Ft*hnkP5mVIzH!En@#<tSASf{h
zYr$TBZLd6WyHi`AUh}J=ckf2L1z}9p7y6p-V~}G*mSW2KaoJ)<XS>0C6{c6C7C=vr
z<oCLFj`ud+je~%{rRp-|tp9RmmHPaBcfW7PeC_9F_1NHXKTSliI8r)EaKq*m+I;n+
z6v2zS-F0@@1FFhD^&8i>Y>M~&t9)4phoB6r`N?deGP8|ioP8(vBIEn^6T{Bd-RWV7
zL*CaGkLz6JB(Yg5Hi!P5?5eQ6)aH|;+Esmy=DUTCXZXgmxsjREs{Peamx_kpWu-mB
zA!w<(T>QsnFB>@Gu%xEWZe~YsvfI&NuANO9Ki6H3UR$Z#uik2}c3hloBJl>l<9%R9
zK0BJvQ+lv}sMh!1=&mMKo>!}`=lUG<is!rK<2;k4ghQ_&17W6adfm-!;xd<o@5}bG
zHzw4L;q?ws`mo}Oae|NM?J!(?mfG9kD9umM>F9i6hG8kKXYOIM)jH$7u-9Ya>FM`T
z)T$+i@OC~K!4X06{W?ui7#qpqTAk_J-k}HKah)8bBVA^Hurtlqd9nM#_43-vzU^f{
z66?euhtuZwtamM$q+>NYR>gnhef)$|+S78L`mo#y|JLhkF-t&O*@(lh@$J&zSuDNb
z+U?*x(=m<kdm}J=V<o1$>HH&UVMZQaZOg?(_H=_xsN`X5{uWRi%a`>dY<eHSa!+D&
zvFy9}^Vg@{Y@6=&@UUk17@{(A=KhJ_@9tXO1&+d2_QTg=E48;pLzz}xJ*%O&$#8YT
zsYK`d^WY0XHODN4&-l;BvX2=8ENzsHwo7%(A(Gyno1ZOGa!7Q0sOvn#yPwX|<5n;d
zMXDnO!jfM$Zrf$w-AwK0O%&N73~PK3XV<v}hL`hrfRD;lJCv3#j}N0gy`#16(euFb
zLpscTZse5j&4f{GaVq~8@z=^}e(6Ca4ZTWH>_sWx8t>U{_QN)}OxL{c=l2T&pQg`Q
zhR5J;>YiE}+5-nB%h-KqPUn{Y9qxvCpSx)dvp%n#9rL>zQI#BM4TmXYNxxH9$Z0pi
z=kVmfOT<*)OQi~GmECm)<8V{SFUZeUpDv<8S|-K??wbw%zQ$ea%NkMdsWx_*IDBX^
zBdD>J<Ty=Mp{UO(f&<Y8IE0(?GsP-?Gg$=H7r%vOl=9-jt-_HOq!kVbVfzg2AiLZr
zotK!6PqPWh)TPEBtr_VH{<Syx8K3x$%jn0i&=}sGF`cXP7ZY!@cbLwJ7ULbhn?<*c
zO#0<%Zda3a(C^}0U#5xTW6tnDKN)dv18p|xGv3|a7auhbt=_lW84;jw5TLQVzTa@Q
zSE*=tZnkSrho=lRir2&^D0z-*l+X_;Su&5`yigamu(K#<lFnp0qI&Wxvrea)p7c8M
z9J9n*G7#qB@bg66Vs7&~kB**X-2h$b+ER|W%rl;|t4DZGit2g4qL+EEQ=iALN56T5
zd4##x+1UBmIr&-nIlqF~xzf|061_sb(w(B8P(I<@;+eUd*^{%EQ-rgb)5u5lM}GIf
zQV+n)?w_24kB2pHc>ds-qpMGQzF2}Gj9Vjj4E_{`W9c_$UuM0jmD{IJUSGamf4xzL
z{nXokgq!V=nY}M>|I}B+o#{}IboE#Gp2VB|)Vqnd%-7^k>Tg$Hl-~5-$em%k6SsS6
zKLkI9-prlBn-hXVf_;Qrga?SX!B3=brf-LDsBg({`A@~~Ki`;sf&A0GqrC&Ya)>|w
z1GEN5O<Vu#Uu>xIPe}hiA+i6fP|!0lGqH94Ka@2qdsKDT9JN^1R6&fFvJuD!YjZ46
zLy<@<+VD_|N9;)_SP*M#%qert`95<~UIeH*;PlqJ^<m5?9GsvPT?$urv{agHm8)f2
ziG7vv<~IX7OB#n3B@^}KPKSnML~8zqql#+p(hn(CeI6B^<H_z5@0ZRK@00C-?dlCp
zpB}JGZm(q<UG=rO>xZT9{*#C749$l5awTRq<0G1WM>5q4Qm3`gZ^9mm2{nsF>Lp|7
z`#uSP$wSbZcZ=gJf86*H2$mJ2>XfQRg*PLA+$1WaR?Va}w%id57tNn3qu-gW%wzqQ
zzIh3BhhL~XLtFniuV8>GDMx);<w!c3lwPF@O}3CPWl_$nT?&0bbYgOlXyr8Zk<uGc
zyGFH4`Y(i(>WJh<F@f$DV>Bm-QdqMEH7bO^0zJEvi<-qs`OYw{+T|{o@{_v?A?2VU
zu*-}r#<Jxa#qqR6qs5jz@U$>P(3PmqT5p#`m3*pHQKU3rMP=G|>Pkmn#6Hth#<TIt
zL)Lh6tx_)2N=+%=69N6&6-xE@{W9!qNeoFeYryeQ+6EHC=9rRrGFoHz_6D?EDbz=e
zZ$$h)%kU+RCXuOC{Ryi0a_Gv*dyds8Tx_be#|@xV<28wLH2j)c_$`iHSUUq6vME*C
zM9GpRPUQh#B1Tg6DwN#bB?^7!)auRHc0oNyS__-nT67pv$)2^KIFrX!-j;t2&s5f!
z&d1Unh1&1bX-NV1Tx7{(oJdss4v<l(%u89Su3^`$@XOH}B$P|Pb*;<Faw1Z&>#}ZG
zY_+mTO-;!E;p0JDqKLV7K0lz>y!|1M8!XsUrcA(<iYJq-xg=q$qPk4iu$$AUldBJH
z%xc8dp8tR*lPam1mgz7Xp-l*iqs0j05$3Ip5pyo(NCnElqt2oUHwT4ilXJ)xY2hyA
zGN4AhpgI(&j5$)~mE?!}N@zkvNYIPG+N*n|m)jPRj1wLzjh9qPoc>N~6k5-hC<+{~
zY05IQpkV`HD>;gvgvLSvK1A=1PZ#Tkt}xUJ)h{PUhJr0%Py!u<FEQ)Hir*Mx(832^
z7`>O!0moCTw~Smu?ih5)hh1s+-9cW)R&)?DBhnMlb!s0-OHTJ`b+XN~sI9MJGZeYj
zw0@#x7qgY_UL6Xf1YJ^s+R7CH3s?2Pe)`)#R=b0{f}KwA298A=>FJt9UL(qiR7{~z
zrX~ThgSHycw>&x-rk>E6ZD??~@r!O#`<Ly}glaw}&BG6P`>M;C3b`tF23mV|`pQv`
z<Qd$d(o)0GgNvXHUoJPmP2jHGug0J&s9r?Ly12w3fY_p>Dif~a4+`4>-`a9Z8sAu5
zbOu09lsOu&!H}{$1A7NOb&3_&WMk8iQmMcuq>402H&HESh=)QQrD@&ng+w<o0zigC
zp*pna8BHnpSCyp#dWP5|X0UKdDLHuAssle;H`n2w%Pbc(gGh&ketcN8`Kq9XGz!X%
zt!BruSM2&`<7S05OTFk~n4$Zy-rFa#L^8L@$DP87)<;M>cO#cXDbW^FZya1*d%I(|
zy7JI1=rau@w1q)u`JL2iC5S3UdeoH29}C%v(H+vBs5v^cCx9!2m6NDqYB2+VpdYgF
z=IoMPA-?g}J?Ao4bH!9+tBwqn+7z=(?_h{tLel8<kB?usr99S$4*$Xpzp&^3K-mqj
zPt(Y`rsY_#sxR5AHJB<>M^%2_uomkxqdbtyu^s*rfF(|T<v~@)K~*(;S-b4X0O*6t
zaW)3cB&$z&+Zy!_n_+pkjGahWtCe0VXTE8>Y^d_7bJ#6sijD42(d^0Tgu9$;CYBrh
zr2B@{4gyRSRHyVYSsFnyES67AX)OV&jpa0`@N6N5$4s<S&lK)n5G#ktnAmk0llp}b
zK8CiZxWT$d51+@f3$Y4cQTb^PO#B@Bq#{#6FYTe}78MOnF>7w~GHtAx+$Pawu0fWQ
z`P?`36&ZQ!R|?TC>9P$I?29&yZ}e+mgq?jvI4H)QTf1QJYj1(pGW<pz#!okdJSTDu
zU-WC3qk(mT!5;!`8$_GV7<(V#_8J@?1*VCXu5Rh|k^}jCnRL!n9087r!tGiL*G_{3
z_LLWaj;+4rdrG>Gcu6PJfIUbvHSLiV4^wRi>VijU8DYtl3FOQhx%25mkfIoJ7dOXv
zmbG7wtRB5n=)x{ev!pOQugFSU{~l0qJ>&Z!WG^7=C(|AgaX?C05w~oaoM?(lnH<<@
z!r0^_TDrxz>k^$yV*~1+Kh##XVyO9TVTtjk@<={%Vw#jBww-&sC~vn!z>(LaX|ueZ
z%K02<o+Jqq*TfdysoR=58FYDT%#zCHHtoVJ`&3!dEbrB<7(0@UdY!@+)JY{m79wn}
z7)xk7)lCpO4dA2LiN+!0>$nXQzt;G^WO}7rzO=^Z6=7w~WrkKv)w$?m98(JXi?YIa
zuw2Ns;^;H9kL6l;62Z;qj4P+O^XffjSMN6h3fZ;7(cs*4tqsWztE%eOsH-N$Cxc8G
zNsTI|Oe>k135n{T-@k*`jyRs`%GuK$C!<{dsnJ8NTfkGTS@fd+hQ#A%{zg@ZD2bXM
zFTrkHTlZ(S9XCi?Yj$|Y=PG##e!^5jxepyM<w%j~9cDpY4rX*7=Z1!%S2;5Y70SXo
z$imXD%Iqg|H{m|hf}L0`pvlv@*tJp&ZC<?Ns|d2aZ9b<?uC-weYV;6i{HrcmRTy2n
zDBBISX}uin=>~I|<A2{Xf78|2zvhshP%vy{^@<%{&1$mJoBD}1C>|+m=#cCrKJ=Sr
zw79cLQ|528d+Xn2;}7ij_}S3sr*uaG<e)yQ2!Ki++CIQ@m~m1crfwM`>SCOWfXO1_
z!;38&viw)k$RHdz;qrbTj)LKWDMBH8wfpU|&QW%Q2TB59ljkXKpU>ZPQ>A<<a00js
zxUXnPUxj03??VinOsWbcOox5rR}p59Yvd@Q5{^8fGnh69M3g+_NNktg9gcS?mH3o?
zXV6vZ6s7KZHSmE`1^!hFGEum{!ys&p!}y6luMp;)FQGMzxlH}qv;Tk)>VE1BC12)~
zAdp@BWtQz}{TjRibN<k_C#a28g#nB1FZ_yT6i7Js4X|Ilr2iBVCcH*Khl(;G6oUKH
zvHl~BZnaq2@;qzS9EPQCw{VCP<m$9j-ig?-d(45zV+RiItk~X#T~fz5`8kw&1S+qC
z$XYkNqmI?Xt$7~!<jQ+cX*fVc5IA_@{QZ4EPB_3Ks_VgYXHJb%&$|LR4taEm5Cwym
zA?_{tRDI2*<>c!J;y(Ka6_o(ef3KMQYP-AjGJ-8jA2JStVPZAAG_W%ZbZS}&FvwLZ
zIq%CsL;+Ww@BAtkFqc4_ZK-Ko`Um9?wvrjq?!ECje*GF@Tq}qN&P%-9!3rX8a9H~F
z2(5kFVdAQ5CfuMC5AVmh52ZDFWMk=a1D7M?dEiyu8eiKb&_VW9m!2+#c;~-4ZU^<a
z8^<$5=UdIL+_$+shM$aK=XrE+InUae<4*fmUuGo2ZKpqUmg4RHv4pS+{3s3WicrGn
zMWI_rOj|w)q>lwL>yK=HtYR5;X1@+K(P*%KBZ&5i>|eBADqA-kd9e%GnHELusMR;g
z%PK5hSz;+3VozLRPa(tDh02pso@hdu@ZWpd^klCycE?_auOF{HfScr1e9?!ezxylo
znk7xr)^;rNV@zh)kOoia67!b{7y43F{KIae)72_#f#8W6<EE;fNb`iELb!Enlo9nf
zmn=1=0B^b6C@^npU^Zh+4tsZr^tS8)+XGyE@C78}wM)YNm%QyDCcfaTtKw8c^NhfC
z0-+Llo)>W?HevHGd=Wl0MvcUcv(sz}q<_fn(t!BD^lA$DS#sZr$}pU`&_VCqDR>NE
zH%xmj4&=z!7~V~W5=jH!KhpplR_k7d$d=H}(QUg%5`k9#oQqwO(?_JWzHWeN=?Xzq
z42apDYECK}t8es!w)1UQ53=yZqL1Py$W_IyxB5V9_xQucM`;vIPe4$e_Y^O|Qzq#3
z%s@PQj~?K7D$Z*L4%8Dj)F&?pqt2@T?d_~Z06$X+4f-~3reG>3pO!dZ9=l6|K^2Kv
z(H%;uT&jw7ZhAz(MG=AkY`g5m0jD@lF*w*A3qf1d(1bcGChkCD1}f1vB&*M)2~$fY
zZ-yw^SRIs!q@JSRG5qBIH<$y5kykQwa7j(aOkdpI=38m{a0+o|VV*EDcB9X34qylP
z{UsGaC{p4wj|Zk#IQWv*yh_wi9vGMgtcv&d9YZ4v=Q6Xn`pf_`?geetGQ2OU`0w-I
z=Zf6tinz^_2nS{2q^@o01fnBzCZaB!1!-cjd=75D#Pl5}n7T^gcwmh2_#@^01%b}I
z3;iSYV{MJ$F|q|ypBk(hM;WFHI2XQof~$&IUtYcmw3^cdu1hXa2jcm+5ptJr?W+$S
zp54EvM-<_#xuNkX*54$tM)W8a-eMz_50HNc3?(x8W_6sRYC?V+rEzaf&y1VH-@7FV
zbSJaDIyo2fo@i5<<)xaDxegC;MJN8gKy@xaDi4|?mW!Dlex+L9<Em2R?lEh`s9OO3
z^;@sje6i8ls0T=QLdRei<{Td^8N>RS*gH4yCi01IO2y?qkLP$OI)dcJsm*xrjx|fq
z^5n!W`vLdXa9Va>+xXF?q%=P}b4~ieJ1UnXgW+HRVpkDJ*Zc&-4!Fk|<`!`2`vk&W
z8;o&l7}YD|U%PtA3p4`kUY^~{4QxJ~9!Q<*=BJods)vf-^dQiADC)&FtVhI(b3-<p
z1H69Z`n^u)iH@k&_S6<Nv|_kP{<CsNIQYX^Qq%Nc)w-0dd(IcsE9v61&<?sSU{fn~
z35Rh4J@4yMP=hk_PFiTi^v!*BTY|+K;9ZpM2j)${Us|^%Dblkvy)*2Z(U^_x>Sy-U
zk;<L%Mc3Aacfd~=M$pE=SL6*X;Uh5?)L`dTyeR&2_IxXWl*?8-U_BVeWXbqB03Rlg
zEm%LyR1*Hv*ok4(kw)PKxFz#q2L$IEu|j1Y-(Wn0Vnzo0u?&L*G@_Cad#4y+4x9)g
zh(}x@K2t|6<@gZX?^dC4UNCb1=I#9JjUZNA2gQF~Pw>2JjmZ9HcfYE|`wC^iA6P#X
z)Vt;M%!efX>E?NVTb5S3I&!^B8~({l?<nV;bDPzwx7wsG_KIK#3zhlVh@V>&y1^Ga
z<BMQA?evT!zkQ$6c=+3c(vvawag}Ta3&HbJnE07-7%BFL34!mdwB!WnY~dw-=F4xt
zNrRu%`rQf0sHd;6!(tzoDaympmunc;fZ?w>A|DIWIT*QxTg5Gukqi<a+(5~jS1?_8
zTR0ySbf!1RKnkyu@yesxgHM4N>raw~mtxkS`iB`wY~;i2=L4}E@&g*vPt<GHEdyk4
zDHw*CuX0OZH|c3z$z9(C$%$s`c=Z!Sr|;Vr$F#22j+4)O<9w%1uFvzq^2K*8zwPJy
zEXIl7_gyi8YR~)7Iz|dvg&rI4b0|lG-RD^d!Od!&>9yCq7lUkd=GS)8)%=B@)AM}+
z4#L+Gf=~L<46mc%O!$-EV!ZE>S*l+2=W(`C(C<iF@A%im89wumM@#dCtdDcQ_nXj6
zzt)pn-{uL;=F+`FG=^Ts@6qc=KaHLh`6VCscd3c@+7Z9U6AHB+es`AQot>}I8|u9s
zhBBY~V}QEm2E!S_v<JhJ>qLCC{90};|MT<?`M2ns<lk4vy#Nmue!QqG-yVuD+uiKz
zisT;5WbWSAgO=FL?~ffhaKEQ#zpKjcty-&^=*!PtZ|RYM+#dI%4j-Sph~Iu5cbnTV
zKWiQB%_e%yBv{Ws*4EQbg+E%H&aW#szV8UacDC6RUq;d+L*F#~SsN}712bm4+|T?*
zxmnsj8#_JKxId9QpI_p7Ux#|NpZk~le!9;e54C$Gn<|)jn>Fa~TvX?G=)(?*ku(Kz
z#(Kk;7|&!;g#$f=mSWG+Zm0c~0Ze;N*hVU=6xXvs>Y!eKd7tvhj>~hE2d1HO!@Ue!
zZz*)H5wQz8E%vvGr)<&Kx2!TlWM8(#kfdMosH{8WjRs0_3ZH)dt;c?TL}Rohl7JCI
zewJi<P{)~NuJUO|$JS+7Fc$tw$*#|L#iOOA>TIe0Ea@pz4TSn2!niaFL=txhS_oOF
zy%T2;q9zC;ly^HTLMc&EUKTvrA+Xs`r>8sViz%W86;MKP3pu-=F_NjMT6EyMrkr0Y
zUMiNktEpF9_vh6pXxI1nIQ4?+tcdaG{oywCyu9|0t(I^xPubL*GW^1EX7H(oucob~
zUMaAEr<>7ly%^p`U8<0-d(a#2TrW^v$F&UKN3)4y6<baAc@t&d`h6y|(BAVbrE)M~
z613M7&S8cUdcM;#O`*#mjbOg3cJlR|p}J$4Dxcc=4y(<^29Y&|ozrP=NIkXr;qr48
z7~z(9d@J2=5b<UfwIiSsskbwtToZm<&tf;6?QoTk7xL0EESB(vaZ!<(v4M|Gfx%1C
z3UIlgm||Zl;5SqHUMY(~cMIaLgdz=VuA&HzwkA$uY|%I7LAoTwMq#=nj&V<rI0iC>
zcMMaRm!JreX&60*<ib6|92q0Y1%a;DFUG`im7)|K668WNU$oEQ#^w|!k!3yD=cQ|!
zA2y+P4C2`=&W3QFlSPPi7h;G#Gm9&QWtwEkc?d+(Wf|r~={f;Tlwq2pFnyiGI36Oz
zr>z@x^BqOLLpLs_O$LHWU~7;QG7btJH(eu-Z%{TQRdbc@x{OyDi<22kupWyim5kSi
zI!vXU{09E-o5QmGI%~FHKtRUeKtNdkpUt73fxX3lqC*`OJ#$=9+<&&gLsR<twT;eC
z`2|_*W<<Es<|dV3S*rx}dA8+WD#6{|8{HG+saq~?3{YT9384iFIP0O@3Pc6OY9V<&
zr;!$j-iTz+)fu6fRr}I#fy80^cGu)*dws1BQye>XroO#@Odrc1VhI;t2g>93oCfC>
zp@MH4A@hB)S3Ou5Wp*qWA9NAfmWGo@sY1g8PXM}WwoO3|XDLPff@62sk-Cg#VsI(h
zwMin*Ycxauj{N96@4#5>aV`mO1Dm=}Giyv%ue+G+z+=)GHj0eJ0a&OdV}TeN`A+>M
zM3g;PvZ01I*tKmR9oCvD25Y|NBD$(XrtR8jA|jaS@!7QQDLOD=P8o-aOZn;0myGuy
z8>_9Pw4LT^<BAmuEwZiqJDHLn0qS*wvkuZ?+pso+jv(>mjK~0!!H2>+i|IyclZ{=f
z*4wP};Zg&-vYQVDJ**{c&`kt|x=CZnGjR=*2KW+MWrH%q=<*Kg1E`ebBxUMpwuy?A
z7%L;nsRk(3rTtkHHX5T`iv&l}A!*I`I&^6(bwinjMr>UJl!S)-ebs!szpKAiRy5?4
zY|GtsPFoFWN1kMlrN?6;T0?qJjQCdE))I<7bB07rX*^v)5>d61lZv7k6<0H29Mg){
zxGAX=n5~t?`N*rSaZp8vilVR1&ymTmq6BirU?uRPikw}*66M5DXEjY^Ix^y`$TsGq
zicrp}y~De}FI-p>fW<jDJu71H?VHr_szr1mMg+yy`{rO`bj8+PJWvvaqn!Q0k4UIV
zvOBt>B?*KHp9DpEOa5ZcAL+=zuZY~j-6mCbNF8EoPqHX7jxn5HX3c!a3PAUjk~)NX
zWfcO?Qo4f({E`RB2u>|5j+t<|DEcM;;3xFgF$bv&Z<ffNA`ix2^ir@N0oe1xS=HXR
z<@?9M!ni(TC1tf%ei8vPCfLpnuG!XR+YM$L)Eup=^12Jp#iMEID7Ab-tGp6o1s;<B
z<_4wfkA7{6ioNbm+pd>O>N)Fnkpo2r>Irw9dw1N#5pCaP>(FL&tx=f+%un!an|d0m
zgE?me$Z3u){llrnm{9%O>=EeYco~bA%Tu>H{gzLj+vTg~@#HBi2kSpd4L@mQfKC;5
z`>M7Va`btj*?u}!8mG@P-F*k$O(*h$D<XFePb78>0v?{HGx+ax1};XeKRNz4LqiuM
z^ggMZqwKL=K5mB-k^H(JR)^K?4_CGGZhV>_hD2W{h7%0m%_W(3Ic=NY>x=5WI#XY~
zOy6q+|4Os2HYYRQi4KUl*BuIFj#wQ@pYMy1WP*lPz4dqBw{RSBzB<0o*Jlo+bU(cu
zzps0oT==aw3fITIetG=~hmjCB=;#8kE5W;7qIFqSZh_d@Q1cW%G5PtCa<R}eNW9{c
zGC7JfRG%0=dAN*1cDngL&>sI2ofPhGM@9J$Rmn*S1oW?~_-}sG|6Nqr+v^!yI2qZw
znmGRFr(^v`%Nu2>W5&5;ir6?=l429pgiy5~8B=1hMd6Q)(txN`J{VX$scZ>Z963`u
z;i(!;gsWFI#%2u1s@B$dPu4;ErIW4?*G*TJo9=XH@54v-%frvI%sSQjj-AP}_l4HZ
z*T-^eNvK@bIu7(z-SDt@Y%F&vgmC`tx&q~+sNO;j75l@G7>Qm@lhhN9Yh$Ih-i4r+
z++6*VV{!Qsj+|9A#9taKHt9#}@*&IQ<SVhr?MJ1~wI(aMp1G<SwF=kDPE8B0>RapP
zQ%=|F5nHv$=63qh@rq=u_U=yWnWhu(j-~gk2qfF}xO@}0ndQo(3I>UdauqEr&8Lz?
z3fqhEXX|3qlgy_M;Q|&eqW()IUFM}a-RlayYaPW}rOaxp=KZcM8;;DU5;3oW#;0TN
zxiM+TT&k3Zn60dt#K(@-#1j0E?Ki1P)$*yMlZzwQCEbhPq@C{N8kK^9C2-JxBVC_V
z&NZ^m?leS>ua2{_Q(Z|(IA}~di>KG7xp&oTk5Ub~x4lLH-TvyP_1CQT>YB~lkwcnT
z+FwV_(Zn*UDPnV{X3+}(k}Jnfr2Icxj;dNM3&}FBaIlY(pVPMOHbJFkg&tt&frFK*
zGk<|`8?4=$bvrgSTMgwb62rt}*{yRJbTb2_tr;ius#X|U@1rff;8_Rlq2u=%<&({i
za70fG+Zv(u&^J`gY&sRinj~SW;S>z;q(ykQn`)*pa1;|3VKz!IjDQ;8^B_<<)l8cb
zy=!zT)GfDcBJwap#CmixEz~QRJvH~FuB7TUscPeCew|%+sZ-$#v^EwjUt%;l79WcI
zwvc*Sw>F`V5{KcYMHvkZXX={KEmN5&Hf+RwCWA2=CA4O%KnqRId=hJ3bzDx?$2H%9
zQrRkP!<Dt7qNOe_P%d9l`8ALMepRHP7eqKNyxoEax7)O=Zdq)JlOKm5RQO~HrWQ&d
zU{swn<{EK(Xj)#+AOx{BfmOQJVuTS{-PPp2P(Fz+ecL~JEAe7oA0gvH&wjyxDfghc
z9XlN}Tg4LYO75W&!*-RC+I!UFQKn(>%e9GpTNpqMM;A;(_oi|}qh2`sm7wEzKiv%I
z9`1?QpAT#ji<9h8wN%5FL+IiUnr*DD!7N;2v74D$l|`e%aXo)4P|m%{4p8h{E1w9C
znU~+z)1v4;_sEcNW6q6gjEN#}-$~Pk5BPm%+`Q;#aFf$L);;FZc%><s(WFAxqV-&R
zN4xt+(g<rC1UK_K;OfD^XH2f>BhP27j^P8aJ0J0@7sLw|82)gM`OB-%%g0_`RPFs~
zOdyaRrtS^jJd~p)zX3hdskeDbYB-Um*g<|A!d7luc|UcoaLjSbPm+wS!J}<EWyp_<
zc2o(t$wzX_>kpF{&~7?WQhDl?g83H$C(2XYiyO=V1Ev@1)>7wtOJ>B{24e^l-C~0k
z;3-Z4j;XpM#q|CrBm>Q43C%zUqdjg<4j`+nEsrS0Mb=Qk*kCJ&;w?~SA!HrwB3<^y
zssni;ROX<_E~4p@%DRAFA-1rQG2QE87y2~zXmmc>X4uXz+5uBh0r^$qJ1TSZ&B5_I
z=UfVpnWf#7o+n4L_|!#PmP|yB!*Ff2DeSc3!)etLQZ_rNZ-KaGc>g-Pu1DZ=@fT{C
zY^U4cGBRDslE(TMS=A1@rPL#ikhFk6JoU_30j$cP33p=(_IS~Rp^i^{bcs^fIeEBM
z8T|#!1^-mK5Q|~PL{#0|gMt=bPkx4x<tS#Gfygz1G7(%P%U4VdE4Xc0JcOum<$5X3
zI0!qgYBE`BHH40`x-G(%3PKqN2lNHOu^$z`Br-?zD0`|++UyNAKMK$x^0KT^uY;2j
zQNrtu#Ltfi{yYCsjIHKDIKA+p4C4l;!FR!?4)`A+8{%1p2}0mmQxK*tlb3)Gcxi+B
z?Lbj*$)Y{Zc%bpGd1<J4cE~g^W0+6h9mLqmK}-dun@|M@%vBSF;3uBCaiE(_wE&(0
zxR9stQ8{5}vLdbbfJgmR!;UbVTZm)wNGez)fAs<TH8uZt!k`I6D~&nI)ni&{R>y?`
zD(#l&&oW8==gLTQ)Kz%-bM%72Q421S>?Znu6qiudkZQL-AlTRF&>MaE1~QRDqR^J6
zA@O3I^DUz}+P$N)<RZ|_&xuiap|43+=*u0H=GxD*_X+6Q#1p(xWOd%Z9BWHqXMr|=
zUD#(q8TAC(MFDvd0#n(m&GFm$3POpz_(LVKBK^{Y|8yOhqU?fuP~zt48r&(#!??5L
zZ{$?6uIZ1g5=0#sF2NV{vF>WNBoAkdddP=27m$q<rIJ5^8VN`Z1MD5v9FtG4MFZ@j
z6ckjbgpv8-uvN?Q4spQG_zLa4!X{y5=Ejf_pwb;_U7*SD-J3>U0llJ@K<<F1Xj#d|
zD<iOHAa@(rKhV|)Y0#au>UsNpQWmMj`JX{5loC55#+;Up-<<by-woBEpT2DP4+=SX
znnhTVCE;9#Prx&1k=z5ubtJ+y0!&bK5=0iEgtd}4@j-x}W15oVCOO8fn*{>!K^r{q
zK|JuBm=8g}kMnBs7F&lkU~_ixDg3Yu-Mz3GsCX;V&ju!;<gj0(gcWz+q{b5N&QLD%
zGpRv&J2ymR#_mvUmqc+svnGYR_7du=%Vl!?T<Sm;snJY{zhNnjrw~ExTj^G6+5vyZ
z-Z?jP*x|DV`y}Ji#5P}e-X0NIeb!94%zwgc&kr<h`%hK+27#_M;#~ul4=4+C7?nm%
z#Pe`{6-C?tsLMAEg}aWpums5QP=zChJZR5#6EVP^AhY5k#`B@q_G`+&LPU7fi*)aK
zp~tjcaYKie<r-uK;>88`6jQVFY{HHL%BbYA%;Op3Hk?|&RD#OF+h8Lk&0DI4_lx8W
zQzzsC{!-b?J<DaNP}uhnC2F&SeWnxj;DFh;R^2;L2hwN4hpzgMVzaWW(VvYh_>&cz
zjOs;}h(@As$coEkO=sBlLnykt1<|Tj{HEs-wgzq}ND&1K=mI*IpTHI{qxAy7|1n1j
z9nH&sXMOItq`eZQzA9`AS;m@@*C=8<y5ve{KIux5%%{yG7Z^9AGU2{<TJs3&9f{@4
z&?4cju2YdoJbTA=y&;oVP|=Q4D!(5Ufi`bC0--9aYm#wh1y&M=d`g?RCne~*cXvh>
zO(WGtkKHdrB-POt)y$}&loc<5O}mClo$|k2Amka{qned9AyZt8eQk@^0;)$AEqhs|
zxCpi8*1)RCa!Z#LyjrPb-3L)ML#IJYof=DKT_wUXnH!fA%(w=b5hx@|)%kVd6qdSY
z4w<h4>^bgL)D4kTLwM`<4^Gl~iCo7Za17cF!#Ov84>Z73r0e`Dn5qN*eSl^b7h6$S
z5#Kf>4o9OT@i6x{Ex&XG7G>--OaduTeJ_QgEZ)%=FETIJ@S$#+aBVSk&3}m(GX^cl
zlU^+~el3>JQlCBe4{ZGt@A05BxbP|Y@rNMsaa&c$8!$g2?xgsq<<jt{WIo6Nv<M$(
zpZKDLC}-Xe$o9~>EjzS-M<joEXrN6zwc&@PV@V<MUL_$TIZkEeXsZqkG>`ij)~-<W
z<j(#8;~bGoah@}{9TrQ2j<amE$s_W%l$vp-uDL?M)kHFUx+VR+KD={HfP<L90GujH
zSzF<|k_5gC!jU~AxxdwG8&qod>0V6xCE07Cnu3ODoIGZsSb6esspgzekfkUUQ3;}y
z!wqg=CB583srEC^)IJ3D0`rU>0DDa^CpvaGTI8Rr^O*)HI`&o=dIAIyBmN}d<(%36
z6N(RO1t!OOO50mB08GA27@fcTYUOn-I^=>EBYiiNB=IwBz%e_qWxtsNjM77+MY7g|
zo)cO*_SOiRhd6)b_bJnve_;n&LKbzqMf(G$hsbnJ2kY;?Sm{mziq6Ej(AT?3MgUie
zU~BrEDiTxv`UPAzbZ5lsI2~5QkZG-Q>=uL7pA>AABKa56T!3WkM^2i*WHc*(JaT$c
z+W4-_DRAI`+%LV^@-7F~nz}^#P6rj`RjO|Ngbn=y|DEke8P=nQ*4<WgWP9$ZTse=E
z><M&}!njVG*+t_}UWw`bnTik9?@KYH^4o=YYW~8y1>*VV3=mxTUWofWuSuN1L$kyB
zpGP1+a+Gw^puMYfL0>+$4Ca#g&(FngSbl^Gl+Q~SUo``>!V=LXY<lr6*R>5)yavs&
zB9BmzQsvF<5My!hS1z`fMB0N2Udo-pn8IG7v38*84^-*ifCt*eA=SX_6_|n8nnfvR
zpWXCpu2i~y=N0=39mq|6K9QXmJ=|h2%NSw?@XW&4E>qhzZ2}>GBX^OGHRXyCo|}eP
z!Do}j{=llBT>mWxUWGSug|`U$&hRI&x@@8rXL~=XX1*!u3W7`>F4^_Y!&GnFRoSp-
z2x|S_>&ppS$X|M(Hd>G6w&p@+6sYVMf<(i(it#Yy!dcoPf+OP>h<VJT4CR}s$7R$A
zD|aH-Cx6=n-Lhx8g!fr);^I!Mh_@~9jsggA2$oRxlrr>6;@U3Bz>xRhX467k<fyA6
z8o^-g{P#WyYqth(V`gTbFgtq36mnz*0nMznD1-0R0FzjQL6h8|y-ZH+9D;q>M{?Pv
zC}@}~$&7WBHK6<`KcdW}Hr`oE9k`+kKHTgnRT2J|uomrSvalX7x-6m?Ejj>JbJ<CM
zv3#twxbKmoHdhisDD0K$Vb9~Jjvxx8W2A;(fTL)}poyOFm-4nzZYup2dMRS}d4pD;
zAI|Fv_}jm8sscr{6P&BTa?u?qfV%CaxvrA=>FnvYP>Ie0#aEgjOrEFBYox_DvYcDP
zo^<75=h4^;k8}I(3%o`z@2H+)yQtj4=`Vp!FA5f01%xMY#|-*1(C>8a-8)~Ye0~qQ
z+jE-O%k-x}zU>{8C@TOFS$*GkGOJ(mUw4;e%urq?^x1gfC^w>EEAt=}=*}2E{J0my
z)mpcTEe?H7le^ZkmToeu4V*F?4%BCWwMu#F*Rqw$PVmll5{C<jTM+T-CZdk6N;eem
zIqwdLWCcNFn~DDl#P0V8(Kr5c&&dbww;G#ccNe&ixJlps4f2m$fA9DX0QQFR(uOf!
zs)uBQUF1G@uMELAd+;U@(!tv<842D~%$;C^a2Q$SOFzz!7N>ydJDw@ZfY^OF3X!d{
zO~_;D*-Ji4ULs4rh%1F~J``GuIJ=+V-FsD%PCie-(kHm=6j;W9p!DtIFkN2cP&j$?
z9QI^Ec5{|+N}TYXDp`y~^eLnV^^-9GCT-w*x8X|Q6*K)YUBU#C$mkKWN6?^V0+!Y%
zushc+Vkg#F#Ur*lU}945G`piTMq95<W@I~)(m+p1dZ!&e4E1`qE#gzv*FIhl0@*mU
zxBmo#);IIgUaRAXW_8~x#HTnj-ywSXy0h-Fv?9z51I+r)?S>}Z_=OEAVqqjogLjz#
zG{{egdI<1J7u-+hu_8$X->?W#C@)uxL07cFzhHpVX8aTUvXK3;*qhhO14^+CLI>Tr
zff%3lE&f7}>J-23w?EJ@+cd$zRHoQpOTAe5LzB%<|Ixbh8o2**{&Vef=>Pna7b&CZ
zOA$VCLwcv7DR$xax+9s=`}q2D^7F{=;eD_T;LH`CwS#zbqfUTL7AuU6b5r{y;g?b3
zwvss6Wboxn-0P8ku%op6zSJaq0Mq{ZBK#2?B3q|<r)EpC+-&AmuC95!7q(=?_LF!Z
z2w#uw|C?7$u|!qMB}-rtJIQgo$Zqh?3W&%zp#1LI$bHcdX6pES%K(!5o4fEMT=<=3
z^!WaODV7^6%_#=Ne?7QjWDR+{emKKnw0ZKd6?o^5uoGkO{t(K9f9DXkT=<=M3jyNg
z26imzcasA2Zv?gyy5OznZ#wRmpnC?C9peM}ord5CV#HY2x{-@ubouhMfn4_hIh+XW
z!QEvZ2IRe1ng};4!;Xv4rwr^q9lG!tCVxUXT<`yt3w`RvoVTJf`f)KTd3)xyTL{eK
z2JsB-=Zk$1CI5pJ)d-B012;JXVeCGgyRhBGpW9FQ#>(>mzq1CkV`%P@<$UZE;K9Y%
z3hLXAS@%%vFVEn1`$O;_dx@%rg0ecM4=^x)ezgX==r1${e##`#qyoyO0yU7pwr1sU
zOkvnG5g|yyzh&jbREX$*P@PqpqO7XNXO*hJFwPM|m(eO(3`Lu`o7c~iI-Ybt<~#;7
zxgO-?rg?UJUb0gm1LG(m1K|d7U@gI+f+&JgoTt^1at9H`y_te^4>`hkxrnzUI!J_b
z%$Kq6?R(Vz$`bb&0NwO1N4C)j6M4LPN{RR~%wboI*-a=6dQ>?qd20?L0-g?4kxxPc
z4e)hPWU|bDF;ALc{zVkXx{$~^i82eLxE^85ctyPL8J@I;(+c_<{?AD>wJ!TW=6YKZ
znoWasiFr;rnDR)M)EGVe^$o451$VR-rz_V({jN*6CFMypbv8p);$aHz72g~7>79!!
z@;${G%m2|&-0lC_MMF5x5zpV~r`JZWdiIu67bE%2yevvKG_(eQl^qTHkT_;GFHF6e
zN^39;RcqYZG^svLoMVYu=3``adwX})X-m78|9GxB<}EvYcxUOcakp7r%j5XXoiI&m
zeQK`BJGIe!UZ;6&)s0+iDYJdNx?#%17Q)NVCugFpyzMnac2{@jYj_YfQCdM0iQ(I@
zQ&P6MaF(Mu@1ZYqc04W2#88OOpS3*SL^3nedUIbjEGz8Pxx|ssY%(SG(wLo{4v(Rw
zUUN-rxqd&eeW$HCVBDMGQp1uRDGi=GIxT&ho$&kYkzpvhW)Sd1A2&wa%vDI!UD)ZP
zJ*>IX>diEi<zbrDYjdCaa+s3V-)^?tomo$#t)sR&ucn|Ev9mqpO@6fomjWPre+mfM
zx<3^sp&h@47>nKxRoxL6o#b*@Df;BvF5ObGWbkSrc0MV_d%E(GTIvU!KF1wG45^l&
znzUyUE{(tC_=@XP6`#xrZ0*gs&-j0b^H5x;w`uM3B`d|a2;~07Lw-4C*?)sY&&cG-
z6W-qr>uiX3W;=4MG1L(E#yYxhm!?X+po0D5toOOKqEO49cjNx80*F0ZmjH-5_aY7W
z-SD3zhCO5{0M?Rj1{o7yG52{#GWUGu#phtBe^W-Dz?wl8cyj=tn()oQ-R?I=PM^44
z<(O*^$DuQi0;`Fn2l*vfg+sPmMr;#$3dWP(BoSVI=l0NK<KU`FMXQy@VYx&!t%%Wc
z7hAZTt8~lcFIc#gCp<d$KoMBZuUZtn`K1O4=1(YDuweym9p=^L%{m(lGn4I{ShM_$
zP%<uuVEk|v(XCRoe7~$NfNd@Lja)0uI57nO4vop0^!O;htKL>!imBcpsk%-9yF#Ez
z*_KT5{W5;m^*FA^x42!72M&DvQ{-gj-tP3!y;Qss*m+<3V;r;2zt?vkB;Gka<LF_*
zoTOnD1M$>V2L}VoIV>iniv65PyY~a?Eb)3Hk7Bk9ZMzHqPaoj!PZ1T!v<vFXh)y2J
zFVg1~2Pw&jfG!A4Nr+}l2mxmtfDapoK)wo;xvNYGOp_#pl_U(NGN85!-mC!OrO)6E
z|B(+IGr+_NA3gg^PY|Z5pNbO!&mNe5z@-hWcYwqlc1F=3!#pTx7AkZP@=*xkQP>YR
zln67zfD@^7-#KcS3p4aC%|ARX7{;E6et;}3u$)pDY@7*H-H`lTA$HBYZz(NOY_gv%
zE%fal$+QiLPQzbSBXYxmV);OqH}K;YXEOlK9eHNY<Fc=EHC)FX&Tdz>EBd!Pgx}!D
zD+J%bzd$i{-#yEpWDezO7WiuKpUGgu9)i9ftqq!AfO#@hA`PUG5W1w_IV=Fk9Rh^t
zS0JGb;y2iT@AP(zWA`V~fPfy!{$KO@|IOJgY)$R{ld&iLdGo^&O-bE!R7ug1+n^hf
zB$Pzq5?~~UM*j;1<?Ib51aE{J0~Bvkenpu=R!qhdyddCjpP9LDiE_;Y`@%RGoNn-M
zbHUEiIe9%TYU;O5(D2jmtEWnH-8bnAI8|P*RKNMC@pPg3+5lIF0HOIV?X){ciB7)K
z2@tsI5Fo6povRn0m!sC9E_Mu=D^RO@0W`GBkSQG%QM)9DRQ=ANSzU`$rd6{PUwCWK
zskKi`*6z_(rz#P13~6etE#br$qsXOEUp1$<!<a{LHFslDk2_~%j;Eh$WGR<1h&Y^2
z-VbJ1rEfZfPX9Dso=zZm(<av$LxVX2_X}OCiyJ@AvUg|@+QHV8IG;IzK6pwjw(c-2
zjVPA#$hkUP2&u2jZl$;s5~Ycb4QX&K*H(9oAaktN<}g)PQa<}E!lOT;7;y}7l=boo
zil9`cjXEAKP;N=Y**bYrDik#%)`3#ZlI*lyq>>wjB!LznCqZdpDX9`4cO7cfw&IbS
zoAaqD9!1FhE-Jz<?t#)f8uKPgW-uLAPU1+JN@fv#%`1L*J8q|{Xo%kolu^^k*9dS+
z%SSvzFe;dzEh6ee95cTyY0;+QW;anjmrKru6)q%Au~Ox07@geK!DRhZDt8<nOQtqB
zKXD@2)BeMyo?M<vzn08uDNsASOHehPQ$rl*X)?5^j+?F}w5aCFHPj79Jw%n>uwM0>
znM<uy;cY(+z+Ri=8n*x_NE{3<exO=}8;nX&`lX+$<l!|wy%N2iJV_q`7t~Hge4HGa
zC^t<0Le>BDI(^x|azI%GK6^&>nu|ZS0XN&SF|DGM>_gUxeiT13oh#k_=oNoBZ~b1N
z3}ZIf0T-=1he|_sZ~HCsPc)L2Rrah^w1nCgVZ>vSS4i^aY?@U9d~_q3l1e>y14kv%
zZlR9td-71;q&yZ~!jjg1fQloTY6HC?O;F~^AS>d9q<R^ygzv!l5Vu%$B@zcYf}c5A
zn*D}~9q7+Qk=i_wKQ?ZzUZ}Z4WjDuO()g#~_fRynQg*b5(c8WRw;qq?q}juh#&ROH
zy6b8^)vrz_Et$8~2lC5sq>b`iN>hqGvSKH`Y6U$%gOPA@wd^e>?mwqtZl_DD=0pk=
z=+3Xw?n{<btsTOHulqOfM=Ulx2d^=1lc6eNa;D_DIkX$nJUyKf1`cw(h^JJhR|5L|
z>Z`&}{_k#xS9a#0f;y*cQxl+qjfx16EVz&wni7BSsv8p@eOp!~Tqz)Ya^sDoUnId3
z@{3Yn-@);`4_i&lr#g_LU|`0d@|Mic4GF6*QqaF*;)_*D<_N5db`}#L62%%VenI?Y
zgiY_?8*a0}vMG3+S+g8G30;f8=}$-lRJ+@E)T6c<3a7-QvCM1Nn$Z(Y{n5;1D+*t$
zvmHPoMv!C{IW&;OCZscxz|GfH;t)u4$j$7|!T94XXU_uM8x%&Igc~^MH!_ugl!YX|
zSAv#hlhrahHC<(*^0(gal4{{Z+eFr>r{NeS%S3EROTlkt3z|>Wt??(Rb3yDjPG9kr
z2a$J^lSSX+qk5XClEP|;nv$$v^P8X*<8{;aslEGFq!k0t&1;U|)$0er(Q6nIAIaK5
z_QCI>zwnv^TWfQRG0)9vuzPD=ra&w6-?gBI6RKa7LTkxjY2rXfNU!`dxvZ?6iDywc
z$NVNb6LP#c<vemUZJ3y5^Qcg%M;|0U%H?6k@o0g2+!>r&7nSi)L75G7E*;d_=UsD`
zWaWu0sBFgEbY|4(m|Ap800+dM#AN^K;<)yp1SGbqj5M@ALS6RWX^zPA8A7B6_d|lq
zmnh6cO|U}m{@ZrL31jX`7m=c5gq{MiFs6Vh<Z4P+DUDp)6GggtKtE^))#`m6pHWB@
zXa~Ipt@U)rCL|G={vXZBh>)tEkoy+<PX+mZ7@-YNmZ~DK?T9*G&e4Kdk9>4vy1;BH
zhfKkiz9Ty3N=LQM=0Ze1xD0s}j}ASPN`0CDKG4$;dOI@K*qMwzfbo3+b5%gm97bjM
zQ|9lnL&nn_%*QOnCxZGWznSs$oaCG`*RU4c7Ku7|4a?Btp~F0+h6J*tl|PgW@0A3S
zw~4GigtK<o#!QQ5i=#U6*`z3K&<_vlK58!jHdvhbc7w3tMeuPsbXs^4JkK~f3&>No
zLs|_DJoea{Bk5)r?{vT@NZPlFSdnaO;qzl!#k7VK&}}j194<|RX5yAfpRG^?((c;q
zI&^hu+h!4|qK}YayM8unV4fkp9$%_=J1j~Qtg4z^K7AxXU<7;rH1M%?9F6vNNfREK
zO)0c1eYC)a1wDVZ7%hnym;{ziBbzVfsGK@mo!D}pRDTE1X>bLLc8^jyw@}48n3gn&
zf=kH+k9Wm4_#=0Dg>bnhg=#k0ss|7$kjByd5_1C3k|2dpJ$L-@lfgsU#6gBfTwp5H
zz~AapZ0%~+>eP&BbZbzH0ijFhw{~g@2lI0x+27#QB6Sb>)^zgva?|D0V_X0wnTIq1
z^~kEfO7UAxKzZSu>T6tj>widA!RnmoFP+=HqjzE^d(l{`a?<qGIHxNX1U#A+S*y^j
zNp^JzSK7U+Cl#Uv(dMetv#-2;PV|GITx70D<C`^n7MPmLI`SLFB8KytsTPBiSMeeq
z_zjz*!0K2K3n{D{j_G}KToo3K-*QuTaagSsT$Z)6XXiUr#asS;xQ0A>b$s^_RsTiT
zHN}V$MA@<DjcwbuZO<Fqwr$&<H@0otwrzVSyZf`7-K0Nmx+>j2H<hYW2hdtRyl)HB
zG=_1<R`e!SV0pT-nMW11#8>l_%!uOUv#d}q1j<$5YghNtWI?E6X5J7osrlv(jI{U7
z-|)@f7Hk}b@Wv^R`dxAr4DSgIA#-Sqhq4fmR-%oRZ2l3$?maF!!ylSe;#fEKZnkkx
z$|cpQ2BZaY!(Me!ZFu|<92Bc24#<_z+BwP$x=!53(EwKQ47!Jr?iX5<#I-6zof5Uy
z^3H&xk=os7L1{FDolTgI4H53UgK5TW?xXnQXbrq*550G3bP5c%g=sBgX>43xQgPPR
z!<|K#52}MvHP*fIt-t}W39%3_h^cU|s7E9ahl&_yd3r)|b?_raw0O!=9-Jw=YD0EZ
z|D-TCVzO`dU3}76%|z^{FQM+P0<^)7IlcN?QnX4V;momEfIa7zM7ig)chyGPVU<vJ
z;5{PNbD;NNk`9e$9fI{zfxG>7Q$24jkv}syUXM;G&Lg(+UAl!LAKSb_^+i=(usmio
zx(iKlGS;?`=-WM=rXn5<VRaPdof91}8xlfcsS<=c)eI1t2!Z-s$ah@hZnQroXC7sZ
zJx;RDsOFRw{~(Nx+<GUY6oTkR_m0HxTEYW*-vlvAx=Genkf)2k)=nsO2k}8Ps7(Zw
zfOdc}X2#tjq?V}kOZ{UZT9w5F<h;0#g7b!+r3h~Z9Z=zPV3;kWZ9(zyn>7q5G6y-;
zrp0^6U*L}wcap7zG0O1UzPis6ghTSss-=zw$aZ~eh3f)0(<~qZ!3vH7bm}`og5nW6
zEzmP$267rZ62W`t$a9r=#O-s4GY4C@f5Q#VA#wU!yY)LdbYzV8j*~Y+;-Of}ZNv)9
zb965e%qxA`6(BPUF}u?4RRj0Ml?RR3C09#mlmg(LJ@G>ENFb<7ryefq*WGut@-dqW
z*d<nAi#+K+iJE8Y@D>f_9W~1aty+wbSEB9H0H-asG8PfEL%2#D)C}ZPF=4A<M;iOE
z0g_oju=~>S$;#Ia`Pzl(+o882Xa;!e+WP4Nw<G+@1-c<7)Qe~Lmc1>{)STOK${hb<
zBXni3lHK~FCAURxZ6Tvj5d%`KhDN?j4E;^J1Liic38uax?cD^tO|u$JzYTPco4TXT
zBI~n7wJO65(sS+j)^%UX-Itju_h|C|dgP1Q(!kMURwwJ}!y?sljdqD@7Sn$UOxyGG
z+B}hA=oBk<$P~uymx`Cyf~)39#dP40pQ-S15E!r}D!IEYMC-en>r&sUTl}T({CtyY
z`a=}3^=FVZ&3o}Ewsa$++U4aC0ligdoAO4l9g-;)(uM3FIR01b1l|K963K!bgo|H@
zo<{2@WX~C@dWTeok78{HffMAdT-&Dv+>YSuZ<B<E`1uYW$$i{G`}L^p=b~KlLcjvu
zw157E>+!p72-uPn>g7AR|I62n@(ND;ou|hH-;VrxqU|#~Ku7oq9l#?l)Z24<kM{XG
z)XPVFM+f;#AN2dhwIe$B*We&uky<e`h*vf3?+Cmeh*vR^Z<apXz*(1FUDr2D+-{cT
z>7A%O<)x#tS9X`1;HyvAr~Z7T2S}@no8^`MIq}S5(ZjOWkfYLrJDDcW9+EWtr`tX2
zU+%+;K7p5;;=3RCjS_r2B5$V<sXb5FrTod=0=qcsLTXHj;GxAEV<DR=f34}_ER(b;
zSs}a+@oIy7J(A?Mb)(Z;kQBy!_-O)hSNs_bJM_#={t*JkaMg{OG-Iw3BEcF5L^#T!
z0T2~w{<~87j<B}YPs-`Yt@^K_oJPW2_jHD=2aky8t=-v~GBb~s2PbR=O^8x0>-0`b
zz$H&#PH3p<p5liO+7J0My<h6(u)1x47E^&LomCIOk<^%K=J}v8s*dpM#QvvYd$QN2
z1;;0_mNYL+JzOowyP(r8F4G@;6ZhwCVbdC1xY>gdiI77pFYya*gh17MWBgHG$=jE>
zJl2fDSbaa)MLg(d#!svvE$?}FHhZ?^L#j;Hc(q-BbCF>fLKzpRqX;c8m1D{66u30E
z%WkNH3GMI1n;sY42R<3!0@P1Shdy7*)r;CpAsrvglUz*8*OI!B-=pVfL<rjw*1RM{
zo3iS*AIc`7&vAnw>9%s_(M-}kThaYMKo{sy2g0JM<?Bo|>?fMQv*Q-?Sv1GYVJ_$z
z-TE6{G;x=^&)NNeLr?yx{ju}@kO;2R-Ar^K*z({>-6;Ego&OKzC~s=&c8h({pf3BX
zNZeP%JmMO4MN++E*tmtXTF%149uEC_C2QMBvqY}%zj=o=A6dg6!qpBt7a##Ie;&Eo
zm$+w?RVPcCZxV~om4L3;JHmjs`p6&Ez+5brrUj)8-rmV9%oAOubT1j>d#t1}HGyX=
z%0$*f$RY@l(Fe7Zo|g@f9~Q}Mi#<!Te2rH%1iyTqTKB<z4&>GHhJ}Dj*9hnrA2}9E
zaA_BhxGyZh0db7+@2+g$LJ`j7cH7%Y!W#od5~sc|dTczMfgit7zJeX}Q>}=x$o&!O
zX;s2nzS$c9dm@Z7;zEgNA5b${Oy!CAWQk2y->9f81fw7SR1_H5{^Xye^z-~ku5QAn
zN^K>&)t~+iSVqsiMZAvJT;`_jMl(7TXKI3rccdG&df{YQM$Q4=J09eM^K3i6KiP7N
zLitL?vB#_DR*5JSc;Qa4f6Og@K9mA}(iv|}o!N%FUNzoYnb*<<p3(YL`x?A&ziYHV
zOFNNQ9&Eu?7xLe&P2p=W(pjqB7sBN3TJ&as=|*EnUv-&<IvV$3=HS-QWRh;R4FfLu
z7iKLwcUmzta5QEMFL>GkqdgrSx^@P`d(f|lV|$RT(@SDsOWZz>%oyZyhE?4j%gjpL
z8Hs({;X39M2`<xdyP#;U#}YR=cs-(DWH^y<Wqy9#bI6pQav!buxpqo?3&mdYo;)6d
zlSt)ejLlL%_PhEQFdo+mw6u>VHdt`8MX~M<nauvilHys(g=kdB{m{yV7+^dNB|i)$
zzs!NcNjZ(B%8isP+?{bxrJnHSPA0_`f37@gOF0*80eB#-<Jx|{{Qfj14~1t-w?M{?
zQ8(}E`8D^=>!%D2>5fle<7})a(xphOC$M=d(S4&Z{D*TrZp3%#w_sc^!u=76CH;Od
z3&j25h$ZcgbO|5v9sV6cUiTY8!<G3QnQL}`EHqP)J0|#@2W&=z`@{QN@R&h!e*^v&
zIA)qW-#))Zm6;~@ccU264{0L_?hn}S8)vi3@E_m*r0Q!YLdz?wppV?tCwTb{4h*iy
zrpJ5b@$Z+%gWY`_z`|RV=EscyMYiq+wB|*}IuH8=s2~sv05u8_5&_~Q7y)2~GRqL{
zvrrxSaZ)e`;>-GFFJxhta6NRq`1-tXxlVsw^CS?Tkw_>q7)4Qs@C-!7Q!u`8h6LW8
z5jxfwuR`WhGQLnm!S5xC9P`HCRo_AqI^vDoBKTB{Zi>-&2E(EKCCzCOc-4z<doiv=
z+txI??n1Z3aM)W8yQE;OaYZxCQHz*7X{T3(?h!P)&PI>vr$bBsFpg3oq#E?nX^5*6
zKLjOwU|D6f67Gs_wVkd-b^kM<XryCHz<2^`pB&Da^QMp5s)Y5n*>Q!;!ZYs++VHe#
z8fNMe{=s;yk|E9OngrW&Hqjj9(!H{$UtwkC6wy#oU;CGn#<4l~f|W*&vbD^0Y56Hj
z30YWfXRWrsr<naIbRK#orYGK+gr~>wMUCgi^0T}K3`M(hX|@qxiV;N{3nRAOscT-c
zBj0pwQj-@;s6)2rUU8w&?($CqxtbU2@w^7Zl9OfWMcqh{=if1yYx>ELg5l4R2eE6B
zozYxr9#s`IgZqW2k+OSWIbvp24{dq0noey)j#iu7ms#$>{$cOlGy)MUJR`a5F`RqY
zzg|v*i;Ox7s#cBOt+d+P4nGbKZ8w8`NhNg%P0T$4Z|iPDxhcRJ84Pk?mQ){#<&AFN
z+mv%FR&z*5hN-7YJ3k)3O}i;<W6&DWP3J?#lz5YE2fTx0GG+pqz)dAI0nS)e)oAYi
zoaiPqr(7l`U(&OPlh_Yk$t<zXoXsg(qeS+tIa=gwkYVF#WfG-PBDF9yuJ{V}Kt!`6
zCj~Q8er!_ajFG{7#X9DdomsMRjy%RkD>1NQ1z~t1^v-y6!bY>fQwdxy226{GNtq5+
zy4k(PfF|p$w9`JJulTdS^@v!}eE$?2<E~j9g|o$pSZt94!Hd&#5UZaoc7~`X@zj#4
zop~R&_448v^@ZD&3-gG<y3FaDE$>?Wa+3Gf;Mo8L70cERJ2T3o*2a2kV$o>P+{%5n
zMsV=+B$A^CHz)*z4FK!~)utCTAP+K<hc1~1GrlKP8bnzd!XyuEx~EwhdXopbzQ?)g
zXLB0Ndm0Kz--i#=M<3Oz?FIm+k36i0h&uo?ZvSUm$kT~mOe+G)3nd$24t7f++;R@f
zdlnCv0YU{mCX)fN@D}(J-jD$yQ9f`(A<{f8u)`kjS`7I3K%aRZfjb;UJ(|T0Y{r0y
z^;b6BuX@=l`w3ZNi1r=QW!Asp27a^WjXfmB?k{JDnwyYC4KbQfITnL$PC!El+9fUf
z$k`T0)wY1CIG_2*>Yj)PiZn+WktZHe5PNDEQ39g4@Mk_gr=BA8d7gJ&4t$jVO_@K~
zDNR-$BY8ohyugA}q{%5Kqb#_3R;69EXSQZh(t1%gm4QFue``Ac8RDud5C8zsu>k;n
z@7VrtzO}QHxs~I80>RPj&`wxO$(YerUGYx|@nUt^Kg5c>fd_8b6ye!}V+|yK?G4Bx
zsy_J=xG}jRj3ws8-vIKj?b(T?G+>f~|K>@+O_WSro4-<1^YBoENb)5u#4Xf&LBVdM
z6rI?aL6vN!&|Yq{F*yk9bzCH-wmI&6`EGj`=2QV&vu<E_bImX9sH|_>G;nmAG^{x+
zM4ro+r-`FLg*#9rE@2O(Yhjj25@yaxW>6JkXlf`345U|PNJW>Grp=_1%U7T_lx;$6
ztgUlQ5lSZACv^|&RWFSX45S;f43t$Cb4m`?M}#P55DaW@Ua}|69A+t-u`(ShI%>3)
zlFp~^PZE_`k!DktDa*4K{*z4iqKzMeJt@&<N$y@&z^_VC)MHT$W#kx-CQpDm8gFZa
z>Mk`uQRmg3F2__OKZXv`-we}`^vkH%Fulf@UM?Ln=niX0*E%czb1<dcuUT7+%miwo
ztc`NXo<VuczR+vs6BKMb6YD|QPw8WJeV)3m(3Gas&}4YN8mCdYBx#NrAy{52K)e`m
zoELvwyq#^KilgLM#Hkb=Px}YxPjyMeNOs}5eFj%EJ*T1)r}`wGGhl2oJQ;UsY)UXZ
zc_p@T@|;)OKMZ{-Q)UuhVH%I>f<3-=6>t)HfnNvrilYe;5oZl%Em~bkm=l7-KZW$Y
zMzsqvktYzsv@A&~Ygryig_sc-5LnO{wVSh&ah9q|QV{n-OeOXM77`rdN1OtJtTj=B
zB(QxImc&YuX?c0LRR0{ziKHPH&|y=dMYqywTH_Q&m53-08LDs_EJpgx<)1WoJ%wfb
z1TbZcNllZq_rp>gHH5L5{flD&MXv0+*;6PvLL15yC8lHw<E5oRb6OUUp_x<kW*+OJ
zij5tJP^@hddGr_6tV2u;N`0uEy~Jf^%O#MP6pKrXEh8-?Cr+{q%ZmY14XIUTYui%k
zTVDOeJ6-V+Wnn}GH^4m(I!e^wf#Yekzv6EfJ#SKQw7t9b-p4)J5wXI8+V|t>dD8+a
zjT*uUSXheZ02b2ZD$=Z;g^Fm*pruQu6rZ*i9h&$x)tZb@egNB=szhwkd9|h~L>nmA
zl>aJ~G|f6#!8QWmHgCNdn1BGK6fu}^tvG3XP*r-fM+v?)S~SS~VEA=TeR4rxRMeU<
zbxv<wphZNT9*YpNi&_m5oDw2ha}!-KT8+WjKQJNy1)+q^2moC|$eD);AT1a^zuV+U
zw7cgBTLbCic+6AWJF^r78eh2kQ=Ec&e&G-@U89QhdkBEf*1fkXB^})~Sgzf$B|y7s
zd&H#^E9l_=Sw5I0%O)gHP?(+J7(&lIB&yU76E+qIa|2yI2=?Y(dz+c$5X$ef@9ww%
zp5T}U26x0=yqMv51G=k!D(K}diM2IIk9-&L?2_6|pI8K?|EW*JE9vH3#YA}Eb`<Fm
zgcJt53xWPa=;l1g^(K)B#XTQCGL~yOjJv!fOpD$hA6m=19~|c%Zb@2E=uzU<jj;j@
z%4dFo5L{|0ySPF0Uht%lFJ@F&-KLP+r_NWz4aW(J1DWT8JA+?ijDIit*X%S0u)V|$
z)6Xs>2Gh@!x0X#lk>GHb!@?=76;cuW8hFoY)p}6@2|faVHT|u`;gWY>0|0f#X?zCs
zPC5n68UY-?P#C{DxRwEW3{7B4dSAonANth%oK;){`r%}bD2hiJ_6lNNwqYwzXgjPy
zr?T`UA`{vmz)04T8=%ygK!+v8?g_`x1fvc_lRuiE{cc<8EjQRy_P(6P=R@|r2-wuG
zmszhnj-GJff*6N)lH)fC4AillJu3AyXtBwho!_umAM#kMNc}AFUx;J=czisF61koj
zuU&J;D1k_Evp5jJK{Wh;nOj#3&CEe5^hR|tAIT)6S;T!M@lmlLc#NQ9bYiF?j_JH2
zP7M%d8h)a-L<vNPH~~7y*Kj)VAbR}+oHUQd*6QPkP|%^3GqdnSu~`q^eZbJOiYV?0
zJ0?#7F)9DbXq1#)W1ZXLbP(@DLBB!JeYkjfO{9Sdff>e#ZlgzgmUa;_#3m3ejcxzH
zeojDetne^RV{AQn%N9MXOH{Wb>J*f@rhXhMcvkT#Shw&QIk15(D7X+EvFHOsFE~gM
zZK?wK8JXMI)(jwG7;k#<Px(A3$a)sgP1y3orB<1<K`QjcW<+olu=IohVf#3F68J#;
z*0tMrizYfIWRka>wER(qq6pa8)mLx{cuKAO@AM2H6u5R!1+K_I%qK#QZ&2+!n`q8?
zhv@DjUlH9;=y&`a0gM`C&O1u5Dy?ueAx_mcLxysh(s@$9;$=(brtceqPsI^cS3SW7
z5zIu8mdIA2VN3Kyn|3P7T4>sdbqi_cEaC%VWHNtxmFf5JeUiYK(L8U$0vY}#ISmy$
zAt?k;KQ|#|<5hVKwXmLjO)-)bWp+q&VMqiS0$zWZcX2&<bxZ#^0n2j3ZT}Su;(zco
zk0Sj|%D-o&>mO_VjUW9zPD;D%05;|X^y{QM4=`sJs^)N$PW}F-0#Mu8c9gqmI)*RV
ziGruxlH){B@>?$dGyj}4(FX_9M?fm3mDfi<5`AEne9(e#H6Y<viFn-aYE+MRXnGK@
zWq3beUr=O0p1^h|WWQk;RP@EG9BMag+?o-&)kI<P_&9##(lvU>!EibmFZgtP>>F<!
zH>3`*lu@Ma%qI7azuR~c8^H030OG3s=*-_@PV$M30AHnrDzXUfXMrUPCM?`0PP_17
zXT~CN1k49IeN7O=+5f=Y_Hz>Ymj497;twPi*M?!9^>z@)B~ssIFDiiN<+-f{jIsbs
z6O)0$<*fj5S0KI6lY=<?UGd<RkkcVZ2+`Lr7+6=DpW_^ubuP}o-8RQW0V^y(DJ&>f
zpk^VsmQZSb!uM(}G6U{)?8QaOn3(8fa6%KwUt5*M)|W>&@&jy)lmf(r@q~zCGgg2c
z#1Nu)BQ(7eRsF?tK;feNXwTsTJ)#sK%k=!)v0@J1^eX)UyyBifWGclyI|mhkJN7&b
z99~N)^`HU!fDn1WT|xxT1=CDQ#HGa$-0tQ)QO^Yk?}a+V2w<E*ewPy`B5qFtwMTEH
ze>vT@%X6aSsWS9U@6-D<vviqT408v5tS~}YV0+ZJSZb-;lHXr(Lo&DZr5G<<>N?GH
zh>v1jPYmo$?`JZ7GdT$&IM&5yM<aVi0T4DZ9%mHd6{*qvU&C2>nr?spT|Sor*lId2
zf;T_<)6|t?iSv<bT4lNMdO*hC0l-@=%%SF8rD8D8`n%2{S*sBdxY36kzyv4_qM8kN
z09B)SDT3(=?n2`m7m<<9y1<Bln{!b%;YSPHRUBRiST#qD5fA(o)_WDe7Our4t&0s(
z-(N>8FpYsHqh7pIHASR3>*ZQ=rrs6`-F3mZ(VKN?*nftoZj%S?Zg7j0bFw~|8QbFJ
zT_g&`*(f+OJI&b0iZL)Dx=Az8HLAaPCea4osze9y$p^kcUG4?aHz?g8`{?ktv->dE
zh0+SsAMgKE1{!{ZNM!zJl^M9p3=^%?C<ewqr1(IP9((Z$w3EnefD{S?YTk|?PmIln
za^TEt#!N(0$&Rebw0YnXVBUx@vj(H);!kx)*IK{jWSkn~V#N^Q+Y;kq^T=QZCmfx!
zr-O49z<dqn|G{|+AHDng_+a4a&H6Bb2nAFGqq$=Sht1H&ox0zevO#DK=K&`LUC;K8
z^0%wzA!>El^*6zmpeLCPkNH)MStmw6*u*l>iX2qS70f8Wus2Q)=Ml?^69a_i&;f9v
z>6_M+5k9p=Pt?}UY@%l*ID*D~$owlP1m2y~>Cby)<i>8TMXccUFb)Dzy8#|#(`SjO
z_9ke-E+m3hM5gz^8}78^gOKERY*ChZC6+<;eyJBFBgNt7h42Plx!@0i1tHW?{|1QS
z8q|EC1$~h}jnbF835yBoEd~*O%ZnO0m2s`K-%K9FP=msAfc=#&1T?^m`$51NvxD&S
zfQkablgEMfO8GMYn8@Ro5P=32=VLrvwUW0Q*Gb)aQi%z#v(pun3gppy=^{LQj1#0~
z$_G=%QK#04Ud^3Ob=X1TnaJngmoZ^K>3)<E1?~?#0*`$z0^&sqWFd``Sj2-7nkytb
zVWG1EanK}ssJ2+|DNqH*q^XDXDPT$)3JK%yrNxBklL5c@9bCP7pwcdDQ$r&;1Z?+_
z2@0p>t=xtSv}!1C4fXdPiyMU3+Qs`-fMRbGc)a&r5l$lxU1CYvXQhNcX-8JW?PHZz
zu_;@OI793+z+5d2=V3Vmg+v9&kZsmWQvr7a|3$|kf-ggvdL?~Dd|uE8FAemAT3pJ*
zztD@W-4yO2ptwcR2BF{>ooIb?FOE#=5}bg()GI?T!F%j71a(^<0n~zw3^s02g{{<p
zcIg*Hy$n!M6Je@~F!4ai`8Mh8z3(k=(W9%xP_Yw2*);2GIK6>R$%2x;y6?N!q;C=^
zpYPZV(9|DG!IoSwnN!N}3$|_YD!Qdqub|Pf5b{Ln9tfc7RyJE!?z<@8ou+gXLXj@t
zt)^_<NRZj9H8%YRRs5Pm$*wWfQ3rM1MT(Z}R^6~$RcoM13$8y@vEQ&2VD9Cje0SYw
zbX|8!;gvVenxWJb@v_TeM?&XV6D}d*(;VRwH7^`9$JzK5IaQgDVEI!Dy3oT|xrOS3
zSIH~I`b1+kR={9g=T-DHXVoV~oi=QSQ0cDH43UDp9e_a<lNDUzd{cXy?4w7cRit*w
zbELIdAJ~0TdD3dkHNcJf1<Wl*vyGI(%{BC5EZIA;2~e}c<+3y7+S$3ZJ>1jypmzDG
zmYKvPm4eNgy!q7eA^Y?FrPjz+JoK;bBewDC;~*Fok5}7u=CJR^c&Fo~!8Df7z2;r?
z&2}kNce?ZW;Og|1?J{@K*Wmyd?}l^8zQ?-NN$AaE?;!Gu?)#+dv(V_SD7Vw?7VQP3
zr{SikNyxP%9WJey;RvDWM>90VTlMwq$d>mh%BiA$?d5}P*hX{h+5Fn+X1mw7%h`Ni
z;CY#fC_S;;w#T*pq*uw;=lD*9PRqV4&g;731@1=cdEkbdWnB%|`#oFj8{22{>+?AO
z8_$&Y@7;RQ7+!W;&s~$)cr4Fb3Ea*P{`1{%hiW$dO_t~PNlUev+qu^JpmmhT>r?8s
z_s8}HF6U$7x2CP_7OUltwr64q-4Dq(zDMWvog5qY!)%w_%=g;&SdS-&Ohx8aP1m6t
zkMD!lhNfW?-+hv=yV^&(??<0^Z1v7}-}A^e$L#lY`Td%EZ1=YF*N7O=1Y48$N3kx{
zO{gLqTu(ipx|ip$*mZ1%=!MVFWP8*jk|`QpruWC=Rt@*W>Xt3*>ia#^)DD|oTg{lR
z^E9I>EOuyev)O$uqAIWX)lHK{;Ps1UCvYw6-$!rN=y{EQC(8!Vax)xr0hxMJExRGr
zie(Tp)<}((m*7|CSf0WY7&J)-)_h(s!KrLL=3KRRl0t8NGbz=a!jR{TL~ULQGT2n*
z17HLqKG&f)$d0G*RzV()1IjOh$jJ-uus(~b4Ib`#ZxKSxx3dsW9ozz3S1E=sRiEn>
z)zI}^_r0O<XtwSz*L)(~EUdF`86O|MoIf>U!F;%x-*~|t7dbsWU(LfkYu|x8Tj^eO
z%P*67th}YzzqwS8WAB$HnmfA7ZaKQ{p(h<ZT|W0TZ_!9SZjJ>HcqzOY-y<VCZY1Yl
zmsDciJ{vr8v_DfNR(VBlkeId7F*z(f&DvjFhC}PaRfnqfmTk^jY-oG$ZB?82XeZ6~
zT&>=lKC*lBS>wj716uJ5t%aKm*P_=Tu1IWs*@rgAHhZ#;rmZ!OEsie^aQ1R`a`rn%
zIY&O@Us;~no`D^sUE^I-Um2dcA7LL+AGTwp48K}jaoIA}@_6<#+5UOvF(Sx$m@)y2
zq>O**2~ryPG)XCvH1if^+UE)V^LdM8Pg0uys^(eELmU6D6OsJun)jg~p->bZmkKQk
za1w48;UvjE#y#e2d-?(XpM1Y_vCo-cXaE52U#y4d|H63;^c{_L4Q;LM%&q=gSnsX&
zn>4(HvD3A+*~MdHOy?=#2co`uFoQt5R-1Zw52x$UhMgA10De_!O_w@Bimi1${Q;c6
zbcbC#s2WtKx;d9ZZc(+2LD>|ztP$tigc@1Ol!qfwsj(g-qFG9`^z7-0#e=>v>9uCt
z^WxoebK_}SbJFe)7UA&T{;Q^OIbMFH7<b?kQJ5HtVnv=34k`FcgD4eUbO1>+V0150
zks=|SSeUY|!J0Z|sU;eD#I*Jb7A<9}cqYu9IpI*KL0eCdF>1LGf&Zq(9p4l?m^cuR
z&^xAsqFFJtEQUB|Ma!6iDJtwso-CQS_%2SHD{Gdr_-?L2nmCTEI{~AEEnz%d&?atA
zkU4H@Fvw$1k3FNDULn%9N0ty3W1hVBiq0>61izLRUc8`DY(<<gYQb8N5(amtls_o8
zzg|nz!TX1EV8LMy1~QtQ;68SjKoOz8_CoRQpCOcL<nXcvfdEZ971nadeW8g__#!#5
zGAfRwv4fX6*xK3g#;_SFhFpxvL`j-Bvt>E^a6x8BqqwM4U{h0C21`x^|LAgjbh?{t
z1M13nRR0D*Jjg!z(}3AoBTY^e$^8H(aES5WQ^jcw<+^C%g0`%bEU>l{f@n7fVwUVf
zt$UrTF6v8<rOdFlo}xuIH<X*lcrV73$dZJ3b;67p3*D*>fOc4&KFuf;onELYnmgp1
z;P~<vtN^f@1+Ndp9nRutSaXaEc_(xa1aVkP<RN!`UeNN_7A!Lsc@&z{fFdv6Vv^7x
zhJ${>Kx2f8O4>DIs0K!taAPQ4lDUX#KZA^6c46Zx(CF(G1_-FfJVUX*F-~oDmxD^U
zk#>7GmOn6t458^X-<|KZ?QN_*=@kQ%3-;jIsKnTZ=gJ|pyK(pdQeC-j2Ey10=!vFv
za)ZE(xCV~`nS^?%k4Bd!S=W&Hc_r2nL7^gDy^^1lh62Rhxh9V|tP*_{#*^i(SkgeN
zBT<U0G=Z!p%2|fvw*f$1Lb;7expAiw;3Q|B07f}^5IhO!oLC0<KMs=rUQRz~j_?dU
zdW8DqVW>Ok50+yCueE><5haW_VN|z}67q8OQFKsiXA8p!I^Yc==>x>^R%SHEuVlk{
z3yJiTgU%i}9RdcI<cI{?;LV`5O8bF37j*g}nH@Oa>k@~g*;JzqB6$7g6xw7?$w<yv
z-$cAPCiGIJEe=&->sBk0UVsHTnrHN2WS!*U-2f&i|BP}v_yhe5*5WJ&_+es*rW7BD
zUUX76PXx;!MGDZnMLt9{qBe*l`KF4GLp4(_E2N~)u9__!pP4biRzEXB#|wukCu(<Q
zE>yGFGo`QcVj*&7NK&6ri!|*(2c$Qt2ioz=?)|lq0iCxJ7ch!m!4a{wh*L4fRum@p
z_pZ(_lXkgfVa~`0Fu)p6Qxov`oNV}{#++jAEvEyo=thL`1ytn$Wu2g}Y}>3o_7ziL
zGFG>i#Y`L3W6Vt6Mj|!<I{zYUPGmmuV<bN{qdnB55?78RnF!R)lgP^}bZ51Ii~h}m
zGba*aMRzi4j;%4e{R{TaEGG7lzgjO`*ruLTC(=mSDM=(D#yGl#pBqZU2w{vlwGy8R
zk<U~wq=3&&o#1YLtbZ?LUL2^)PsH{I1s#)y{F(%D1}Mx_pyuB#uA&wka!Y_NdoNwV
zoFMi(plYOfBZOwJ83RRfBn-E3c>orix(+b3lv5)-H(k(O>C=N$x~yoD>)lg<5n8Rt
z6=JYoZcQrJksZuG{ju)Rk(CkbemymG7azZ&e2Fl91Pu04VoQWE`rv0|;}5BjT9{&R
zFKX+(i*%QenwoyZ8<kg1O!u+8bXxsIqkSYD;0SHMP#9W!zdAuCGi9}`F^@S~b`bfL
z)qN{kR+GeR2SwdWzXBq-f6XAouz7#tqZ1s(#iZh#u!AO?l%+U9mgMUu)k(S&MR{>(
zK=aXpqG>wiY*O8IQB+?^!)*%{lv1V3wCmwd6N>C;b`Wb<uJ$$iBf4<U<3R<MtJ&$1
z#R7zS#XQjc+V02g#&_vK&SjuUm^4k1reEJo3XgAtC@cImy8psng|_rw^RJGug@Q^z
zMaZwr+Sk^!NStuF@kM7uSHDN<Ap!j>kHbZdGXGOwkL?85W^6B*Z+8ll#_C7$DF%c{
zj@i_BTV+8NC)}?>;hIX>8Wp!z7AMg;F&{whPEw5h2uKUI`H)wD*;*dHaV`(0ZzH9*
zi%%@h%m2<d$AU>7O)8lwq$r*oy%80hftC-Hw+g}@Sj4{n8;?aGJe;=%V9qMA?hJ)_
z23!rC%EZ|u$uEmZLnoR4rIxsl0gXsmg0LKqr<$Rs>+=2vz$~Jw`AXY{61G_h4+k7S
zO3Z@tXA`xR!DG}PsACQkJYs^~<IAqc2~*Rbp&D)x)YZhk9*DO)Gs@WYZqh#~gTSOm
zMi3tc2;c2xVD;(s4IVg@pA1-tXaLl>)kr!u`taUhs>@18XGmSLE5z#)YTt6mxLYHl
zTebfWfG&-Epk?v0P*_%(R30)d=F@p83iA3q^SR?LGln6191uMs;h8nevp81d8`Qyu
zAc^rK=;+w|4744XP6b+TE6#cA_>3-Gy13m~YZUfwh<PYFC9;nnwmR_Pap#|D>Q<>5
zs^vPEZty&?uOYUCth;dejEyH=UTFuc-sdA2KxBE6=>DQ~RPh2BFYI7PjQeQeDr~8N
z#2kU{RKHO~Xd}RSKmw&<z%`kiQJi8~jySXXWKu9#X6VxOB&6=)B%~}3wNrQ<pbWKr
z%kDRt7W7fW{Y4-enm#Lf>+tD%M4Y80q{?9`x5zPQ(jAXr>k$-AC%df0(DtFp9n*bn
z>-!}0hQXx7G}H|4KF16<H9#3QODT(yOoxs)V&~?RMelO(;Rdo?E$erpdRC>9nMYj{
z?e0fnZcXW)l{C4C(T{zOdEKz!ZMN@Swidiop3>Il@)8}}*Q2)L&s;ca!M!u<E|jYS
zv>&J4Bc9OBnry4}=KBx4oYSwFsg`Um!pV-8$09VB?j8HXLt&u>r9DlX_E5gYCa<Hw
z^wE5*^XhA>i5|BDS>)CGXWbokH#alcL%1?Y?98a@w?ng!?PZpi%T}JoT#iS97nvRp
zX0OkplYY3*$cP@N*$%qSn=RAru7hMlv39i`JBOE&F1Z?y{bg6wPG_s9p%Dw&9Us15
z8(p^c=}z~@X)LVV9Uo4-wUQXR9NkgW=Nvb$>%^^=9e3O3zi%fERohaQ2fDsi3prIY
zKSmo7+qus@T_10{H#(08LwJ0cI$dW$KOMRoPB#0++uI%M-+R!N9wt{I59Qi6F*Ki8
z&SfXj(bbV^I5d}(R<_?S)yp)#b=sxt{4LrabB)a_HXljnQbXchWK+CNna;Y-B3Duu
zS8S%m;H6`WHz4;ZlQ~xRM!Z|3beWw)S-xwBCqPrI&Z9XQ=F@_pagmQ%lcuJ$ss1NV
znMi{cRmN!stVW54!Lm?`2c~>WsXb2jx5wo(a?9Lyucw>^^fbH~L3ly&cTubc<cNF5
zJ+Ot3?asCE>gm}2Vo%3(jaFF9uL`-6)g|K@7mMx27p2$vbL^GJY%c>pRR?gaHl9o0
z1^W=!-}G)~7hGI?ki5*S^3G&0qe`AW4GNv?ykCKj)8^nlhdVk?T`Xch-+_HEA0Ihg
zwfl3cQ>Hr?N{{Cn<u{5I5Bvu_(<js3o+Fy$Wtu;)$Hy^bsC*os4JC3o&~3au)&pA`
zH$Ng<p1BO=EiQECg4~cjU!@(TbU)qt&yoA|D??9?476iKZ7`_^!)-L1IGe23Ha1)@
zLf5?41lI`H4A=TLbT2S3K(2mVlQ?@m6F7%HBVChUIb6eC{aw@9`?8KVj(GMzhqMm4
z_PL(uv0DeXw>f9HsU`hNN9lX%M`h2G&y#ma?&{ZEn>1SA|114hjJkx96B7WSmG=Kp
z?fj1oyqCJABbG{rYRAT0c)>yA=6D)Ekc<XMSYa!UbJ!*EZ1W*IWE{i>JOpq(brX*M
zUqlNEv})OYl1<<}Mp%NNUqIEwg^BBOg{Iqf301R+&ri2j#CpkV=Y)r5Eahsq+~s0(
zd*Y$<#&h~CaD)^L*k7AXY(x|nr;INL1|;AI3j&1qtc-)HO@meUZz-yjthG>e7FD))
z-`KHa(Y4}SRmWEJJ@k;p>~FI3bb5PzTt)kRmeNU^Mi+bL#7fzUc4~!cwnKi4l6rGo
z=0)`~rg5km)siTMnrl61$$9ybMo~s)VX@{6jk5N(R(#bWlx&r2IxKNlisRC9(6M}e
z1!GVCmKr6fDHRJ@D&JZ*9Y-4@9hYpMb$Xx4T}_sz-Lg=Ml1pSVW9C>}0TugARyIuv
z^hK5ig<8(V`Hfmm1@eS|h9c$kt>Sc*DH>()zSSIsI9&a>SMzph3igz1(jc|K$)ZJa
z1|P1@Xm+-JJxhs3*%AwSOB}Gg!Dbb+g}Z4sUn2s3mJ>vsL$;k3pJoNM5#-BtNThvw
z9$iX9u)&lzTOt*}mkmL2Nn0%kDs9R`k!T+Rtf<ypENROw*n<fb<2&oCcC<&`A=m{<
zzD4+hg$hEcGNv<Po^rV}8_+O+mC`gC4x1E@K4u8Xl7aglt>&~R9LJT!E#mQL)jgx?
z<{<fHid+M!c-5+uh&L@9FY+SEYIv&{@;Ax8J^XV2BIaFWqe1yJac8K%1;el{tz`2=
zQhf@egc|n`@oS<SasdduAPq|L=S?9CJegE&vZeCoe;cdCW0pFgr=<;Ty5MBW7|9MG
z+aE**o$|TZfC1-<Sfn&q+nt5Ao0B1I<V-to8hQZ;&XY2n8Z)+L*s?+v7BZaM6*FBe
zur#L<<$;ry!~LegG6Cxu)M(YtgPL>EWHS3yVoyh#OH=#gf(Sb#BH=XcP^I;a466a~
zDA!CDTVeL-N@3sbPfIR2pI|{vSy#xH8s6U1b1+Vfu9Xqyh3TIR{s2rT*Soth0kdyD
zUFl-QF~YJ7Ah8vw8>Ke246Bjjt>Vxf8O~$?2ih~yqOdi$O{6-&uCx(#k4FPi#Ym*V
zzC1){XmTGtMo1VmCL_r&LZTwa6>PbY?O#ODPOWzi6DL>?1x7o>6EbA*LH6G}mmDW7
zF%3CXyQFY1b*E@jNbGiT`Bcmabb{M*oD<o5dKrJhT$;CgPvrN#X5Td>{DJ?VQpwfr
zAFBb(H_7Qs*0UK#F-~|bE9g9Y-@nqbNjSvnZuf1mb9L^yf%4z1rUwo;Ceqx`cCHkf
zq5=C#);yq+G<9SqSnXOegMMuib7hmz^juuo=-OR8&Wg5=PnFREKe)gmCx#Fx$!iiz
zS+<Ix+bCbxA|G<7>+ahj7d}#tMc3qaTf*V#_JHn0DG=OGu(gbSwFL4<?&pACHPGKt
z1ODED<^BmY&Hd+Lp?1TnJs-+CHjrt=!(AnoB<`fFT4J?^nGDRJDYe0{wt$j-Q@eoa
zBW92jzKqjcv{tW=m6Dypqsj2*>zSU1iM~z*cN6a%7G@9v&p_b0AfVl39K4*B+Es35
z?xNh>RN8{B>})YK8}U|Esy~9*3<O#xKADryCDj)taaC$R$2^v2DX>udGL@I%k9}h*
za`bZ~<?r7E@?_3cE>f^vL;u9Pqzrey-pcp~)}f|MqBxa<SgQF&Q|;#GOp#O?j2!(T
z4T|F@9Idhzdkq(Ew5yy{CecXbdih47sC<M_yNh5c2{rUr(hXb+D*c-7H&Jgby`G^@
z#_Y+sSEn;{%ylI%d<|<hPZDdczEUBzvi^PyWH)Z8P^_kMRy@M0FQ}aAqmz*r0qF~m
z<a4KvM{31bq&vXh*BewyGs5knDX;zL{jz$T=QEaq<N^XV03Y0|-vT~mDfE*R`a=P%
zDPvbSil(w<=nC?b+3kp?qQdO^oY`FLW+f&6Wh~+-^imT+&Ho1L;7>SEUqvsqLV|j?
znl1LUL%e)Z*D>2Nm4ZIG61y&)tiEXITDZ_VBZIr)qHK&1{?%s)#%ZX&byBygko_ci
z$r`&AD4RFM>S@JgVu9GPW%yFy$YruUX9$cBQgT%Hkpz%iXNVjXh62649jo^V2RIp%
zH(nso&EmpS40~6#PLJ!YtQ1Y<Rbh`Jm&+Spdqln`y!#aR<@>TKOTE#EoIo9O-J`UT
zKs1XEcW%V`wCx;h>#y0tdlNHmvGW*&xK5B8`?OB)8fgLc=ltHS)Hln7-zaym*~4mA
zUfRIbV={=&p4}~VtEg(>Z3__?CvXuG{6_ZP`aaBxIHc7E=3q`Nn%`nko~*{s@SZY<
zm#c9C0(MlNOX!b0{orMgamntm4SC0uueFY-E>PPo+xTCRe>n(Ur5U&lvmZQ9qAX5L
z`v!8RTGT8Z`jnO1CidE>7!LreYs3r#hMsUTk}!58dqKvMmpKHuiJ^C=JdsHR&LBE{
ztn<yR##rhcARjhj+4(^IA>Nsx-kF94ws@GXuXKB2n3xN=8?n!*^==X90-*P+fXYc!
zUL9U2aytg(=}@pFg22N;DTf<KE5G)pULS|_xQp3ma}q3a>4xNnZ`Fh9oCF&b;@<Fz
zEd{&s>i|$x`X!a(%0WXyqX(v$P|*}v*q)Q9EHK)T9e*YiT?AtO5e18H84~rubR<e@
zPvW1JoTF9v*&!>u$u#_COeAe430rYRl~A{@7*gyu!yWFlRN@vP7_DrKdh-9$Or!Pp
zeWW)LmYwOLzfYXvDAPF67b{#&0a9WH@;ff$qH{xUmC&@nxLwqlGgQK#JTD;zi{i?-
z22?V~`R2uG<*8{Do@(>P=gB|u5Y*v-E(F?a+d&)om4)#cUP@<<3wa$QPPr(}A|ag=
z@(>x&h0nQNq<1rAS5a@J<6H6{jfi2zc~Z*Og*JcvavRG);)Y4*R~OAf8D{xi(nkN#
z;1kub7)fCMMI>Q~Gs=hHD>h<x(8Acid;IM^W}LWi9bc$%eGSkrr0+(F^I?3e!QDe-
zYBGL8RS-u~hLgCF;tZ_iB<%El!GFVm-BJd3U0(QGbzbH)GG1BC;#O)*RmB3!ND~Vd
zFo%EgZp1YVMy1yCSMhg?Uu<G=z@-c^!buW70Xev{G2%=3V@2{p|5!YS>6ajLA)tWn
zj^&MAv%cxL=T5#9C}Qucp3?6SF;uiQDIWhLRFc1}E74mKYUU;>m5|@0G<qL`f#KdO
zEC>%LOY=cuz5XjSypYD$D9F#2A}e(X7<rR|VCJd6jL@3!xQe$oj?l`8yvzhKD}lh3
zk?jW!InF<@)09JS9xCt!nEUSI!w)TDmWdMoO|59yfYUcfO=!7MFDPa$)U?Ea@m9ru
z*%}e&5oE%cIJ7%Z3z-ja0?^Ab{1Qy))id}kP#MS8CAj@a>F%Ml?WDB*y*$4eQPifH
zkzh&7Gy6AwZxx2pA-8-1bCQk0m+bhY&s^G1+wUM#nTNi3wl%sF?v)THW54b%s@@9-
z@pInDvEQR1|2u*IW1l90cS0O)^2-GGlIg`J>s#2M72ZQqY#ZSwRrBUUtWCj|3*C7~
zXaPkf1uN|JQs1|DNv*=)k*Je(nCY50t{*Oklhg^EU}+AgN>E>O(9a^4G|K@M#DMls
z&NK~?f&L8Uqzz_e8xf(UlD#)lSaNKZS$h8fo|HrICWPqbCuS(Mb^3w!=#1d@qLcVe
za_x}p5{n}SHnWB+W%18_za?;*7$kNmwn>~9bsWKx-YWv+z%W6`%J77(axewTI%QZ)
zWmtU2X=SvfI<r(()P=@6W?X1fu(gZ^NP;3u2Wp;lL{MpDGwhBviWL19!f-gxOXfwK
zP!zF*&)QqSn?Z3xmhhLuQKRjl4IFzqt>)LgiM>gZ2pab`mbWzTzIr<TbBrEtoFW)*
z%JGE(a=BRXOMOiVdFMJsr#zv~_YH-?9p!1&E8tIsaGrUNiR-K<K@`ok!mDUj87ynC
zFq~kWa=sDnXF@G^#A>6ESB9ii!-7uqFsWNc<4d+z`|*Gg>6nK}L#NyGlMy8dE$p5I
zFTsxdqr36g!!2mk+}7C{vdvinc!?76tUU5Rx*7<fbX5@pFxD$Rot=wNW}I-+K}+U{
z%;Em28*g{xQ0_IA6g3#WH4yGqus-z*fDw(vd|+h!t9PXOBXoxSpbiC;PJz^;?oCxb
z_QCH%JC3IDi!Fb8;_XFRS&Z)whI##|p{@_eTjj(r?`kReiBL{dOW9i_haM9`PdK@~
z4ARpcs0Oosc=D!Q!#HGX`4^pK3Rh+H`h!`ddM#zT2hGo&%Ykq`3)3&<JT7H~SCrVl
zd6yFV7%qYY%pn8q;)^FBrvubpA+d90NBs=e#=^mN3Jeol$qMgWPTV2irLiY>5KKva
zL48TK!$?jmx0ZIN94<f<Cj+;2!<)XilDdJ<I<mk*%JJC`K?AhGJ@gkq8-|xT3D3@Q
zNbl5Hd%i6a>L1cKf-K+2a>Di2qXphOg!bvCX~$G=!>{u6yn(j(oC$fcN_Sc`Fkk5w
zk{`xt-r;wR3-&w6g|$CMdrY_=$SEfA%`+kP6``P*HrtUIqh!eQGZ`iS?xY+V5KwY)
zk=<=D+qs{~#LvO^|Hit<B?Zo&)s~5^qaDt8j{vSmkw#pg<=K_=?8IrS>8Xw35!azP
zC;iYdkZjjKQ8HfwC2_=hgTnqv%c&cwQ6QQ21bmz{sMWjYPHyB5%RZ1jCC*JwGmPE&
zXWsDqI`f!=v=9kzH-DYn1z;lwj7as~1%HoSh78OZDD^=9hv>nsEa?!Mu^Nns@h`Eo
zDpSFDu;jsb+VRf#TENhR6Vt#<JzhJ+2B-!gAsC4&piZ1R*rrN=CK9;KkD;LBKx;^P
zhnhBI&!2O?4<O^8m>}9LeMI^zcX{aanFCXrF*z37YFI0KSRph?qea}Rzxd(t7x1D#
zDkkZl%=s>ur8vi>|2k<IQVqndyjc9?Uo_*>YK1@$Fa&o9PGM&GtM|dQ6IUrBa|uS|
zgqWA!nQ#ESE`jY(^T7?Zt+MH0?$GK0JIOEhD4*pofl^-C1FR9S%nin6Q3h!)!L)^g
zN7x3z5q~WEa?ce1$$n^_ztXMB8OsDMu%WLme4`I_2XBLutI2E_?&R00smtxL=Y?~<
z>cU$}0I@tqk$QdVI8}1Te*(<t+U%eeBhb*fu)l`i>`J9Ug3AR)rzU=)q+hTGh|>QO
zp)d?Fw@!U-YdR)4Y|PE{rRE+ZhIC1Ub+6<f18d9>Pyi#Q`RCe*eYHiW1!Bc@u^G<{
zpl*Es=`p@x4c=h|96ap41`JNKy+9ayeXan1vV?2<p&)uz{S}Z$Ec79bC~w#-U7`6V
z#dreyhcspDg8mY3yD6efkM4>(+?9NIQ)RuW>wU0IcCd{$+y#5E9lyGPGu%a0=Ne>x
zQ_U!=Ja#nPWqJoU+WJC}9rckn&<f{$K<j>KOMeZD{z4##mj4<*@(s#ES8&4U5hH$S
z82d%#p#wCP`v}j$Ca@Owvrb*Ux^rjQn(Ip%N?3Jux-;7}<9l^;k~^L+WT5tntldcE
z6(aKZojCFhxOS2^C3Qb@RQt!S^cM4RZ`SWJH{iHQwONefPsgtmtJv4(j&8Jzj&t)p
z^kx~QGH~@_bd4_YlWNgl*dk0<=68oTU}3`S?+K!kmWwQ|8MCh9R3nr-*j@k1A}@?_
zC2^?{nvv_pqU%Ww%Yx=N`9$0Uc%h;$w<AEm>#J;m2QUbpWRk5sTv#BjIM=FwS2GsN
z=V^spuM;@7L;Tjl$YzaX5;<co>O}2t7$_j-ufV5^ILLb|-Z)Y4qixz0U`z9jL-ATY
z5U8*d*yA=Cu)G3z`Xcci7|Ul|3L$$xfEa8d;t^r%JfZ*5x6hZ5fX9`j-ks3%&G%mt
z9TjLNSXa!RmucbSNEjqX9wE;oon^c|2f8*19@6>DTG#^INJ1Tf0Aj*$2uV<Pa)P^2
z>$yVmr}7|t0iCdyimk2cDwh`7tL5sDD($Parj4)f7oXI4juY2owjHmBj~u3hc<f?U
zfeUKUvoI-MN)S!zxd4?#Wr2qB483RZ7=Ed2QgxPw^1o9V<jCYum?Dv0!gb^}3h?XX
z<-b8mNqk7RpBQXVq$<!F<Ziji?-)gfxD?odhg70vn<RK>1)xiq6l$dk5K^@Uc*T?j
zCL%v}3h@(9^(baG{;Y*gn-q8lfU<7?bV^nHG?HoGkj=A&s}jpWgR!{|6JxZ)o>THh
z(RGBQX8Q@%Fp3g+t0W7Z#wl`lHA;9CNi0wd?o?>sU@ZRP#5**xK>53y4^)CFIO^#n
ztJ@^=)>trqD9^ATH2^hFlz2TS-&1)X<vxhR3?Q#XD@IFIqXe*cHsY@`18!I?SIWjZ
zG0Mktng;~3ahTPkbX0N($2w7J&w;2o7A#UEVM^o5Rvg<|uo4Vn8wi=t(XNm~N>++Q
zBOPSfpeQZU4{4NWjYL*@l8_urm2DF>4J2)kjAPjyYRrOF6h~~k=Zbbod~>Mn@fVvF
zVCu!w>5a^I{<HA1BI0%FBhme5&9Kls$Wvz^bGon6n~b0`73DgqQ)UrwdFtUdN5OUv
zf~6}_yPmpB5^FRpK7@YeKs8kWDJ#>Yj~(j-=81AHvwAq2)s4f0RVpD=3y#jaOgPAK
zAlx$b&*PtCL6PP^FOe`ob>t34X?pcBfrhe9PnH628e6kjFk4F*hE-)U)th(=V5EQf
zI;vz83B?#iROIYh^pa{k2?1@%213<shZlmi1-smJc0(I9S?JSpMHiOu2{l|t6`hAz
zIh@F=0YGfp_cT^SX!M?$YB!p}Xqd2WTYawQqf@K$OP6IrN11dXHqU>y0{UCB?qP9v
zo5cnIH0=+rTMuV~^|)-Z2KdNAmpVLHV?zSZhf|@zjR%VA^F91U?$&QkAHFv!eEW=h
zW@9A}5)p?@Orn@}84UC}b3j4OnFaa7AczV;3E}k#x#D;r<`5D1xzny4X)nAq&T>@3
zTZ9_P@TR#=y*TIFkO-AecGBI@1}z_{U)-}VwGmKp;0iI>TN3zAShMBWw4-|nrww0b
z?M1)2Rc-4x5Wd1*#Mqsl0Xcc)M~IxBT$Z26B0ShZ7?Li%zy_RHh81YJmo=x}hu_2p
z$+P7G`dsb4>J~%q{)4b{iqSOM)^3+=+qSJP+jdo#ZQHhO+x&`Mwr$(4I(>HX-|Xbi
zN!HDqb@kq?WagRU8R1Z<R?tS&OT!-ex<6%Sug?2Tu)TPQ;WOmdbrU;zsJhcsQ}4%d
zDPq|t8FK#=xmb_Z<iu5)0<uF*E;@O_>~D2~-BlMeQn~`_XQn;5&hCEfihi6s*6tlM
zWScuVgF7&ThCz05Ns=TXoC3#0$MHEQhdWfgBj36QUDrGPt)XdMV>=KqZ^5&C0Y({P
z(>qn{o!)5o35Ydg_=08(MomgzTn`y&NngxIR<P*{Ob9bKNj(Ag_Zw*oPimcZgdfbE
z^d+ypUi51m%Cf#6M&mST)5L4aV+=W_MD||Zj^xMILwt<BNlheHle=>#SK}Q$IPmB;
zIPFqQE^w5ruHlX9t9j)pUQfMhNr;O2{48~});ABLvSbjgm$6i9KMRE;aj-5nuz8=e
zJxc;Bp$OZ6+4kO#nT;RU?FDk0)=RIa1EX?_6^$hm&Br3ixSSbRy|W%4@l^yeid;FG
z8iKT(`l>>Q2M97niy88hO_~ngv$M3Pm+4S}%lYMR<D;)%Er5^YRk_Vq*@fEXofj>Y
zEFQ(F_pP`D!~3#^H<agSJBRDOWQrVh-b|;v!H5%#&oM_T-<|%U)xEGyi07xzTI<W%
z3M#k_XaxFlFYC3W&griWkZZ**GuCgVUU5v#&JRP+ow5+aH|?J}XD=7s<#GBj@fm^_
zMH3OD;}w$kZq-lKg-zEiTMSix1kBefZ2sieX3bR!l${LwOr*SFydm_=4cSbjla<UV
zKax9`sbhT+Znp5>jp{_u5@pB<^4+)%vEH$S%g8^d4WZ7@ME9dV#zU5kHzM8Q-?^q;
zr8^8?a&%<V5937BY^jL)bJi>934BFswNn%yz#_;!Ff2$cqx^UY65pRVukc5I0h&pa
ze!jW?`}u*h4-ktk!VM+aChx*w3cVB_i+hmh9O3$L8&c5u&cPL#c^2sw%KnMVP6qku
z4aU*?9vq;O|0cMUd!9X=l+pW1=hdsR$hBw{8r91lXNazdEO1-OXCa#K+&&{6fswvC
zK`65iOC57kUSLi{c4AIEcE{^ra+lNkJAjoDA&G@$fyEL{^*M;aLY(4v^ZP;19n6%%
zgjP;YI>!z&{Pf^-L16gyc(UX3BRyrLD><*pxG$7P2=3Y7C71jq<kPP0=W@H}_UbvL
z{$;dbo$S0Rd)ZHRXS>n2tg78-?o~QYy6lIHsP|ld@MTKN`A4XG3uS!*@h7i5{vC*n
zXbHiI!^Z^BwZBd908Vh}VE()p*~PIx`J<iD)6jk?k_YjFhP&4jYdrdTsFK~#FnPPr
zc>n#N%OU7zF9_OBh+Mb}hY1`c6l88MOgq$1i3xXL2rLs?!HAG(2zA(}G#X-3kGma`
za*JOb%2tnlU+^o^fX_M<c@=tNSNQdpYrnVxxYsTUC+NSXH{6gfd&F2FE|oq9PN1>^
z?CCzP@(}QL$QXOH+Wxd#h<2ElU8`4?&9IwYAa4Y}FmiX`xIHS~z`Wg^TNsu;CvwIF
zNmvc(<-oCOG^;68^nuB0I;$D(28Czri}8QH=rs+F<)9~1pNyO*W2DJp@CHissZDE6
zoc{eaiPXN(h6Za~oEh@^2y14qFj>O|4dSdZ(}p$Lh>}Lw*7TzWnba9*4Wf<F$TjlT
zjFft%))cgcCu_I~BQ9&G36qIc$JW3aBMWPOCuRtpFdTar+d;B+Se|^;Rzc{=Ffc|q
zWJB&r{|rVLqur_h-W@A64JaM_mpZ-D{(qb-|1WjY|6^$OA51V>!^{02Cb;7Mce&*j
z&N%M(XwaX5aMJv6%3P=f5UQ0#ygNz*qX)To6ANpa1TxXY2SU)vreh??<dt7t1q%5v
zSBdl{8}!Z6R9iM(v%p)k=$)(^5W4GEzMow`mu&ziaaY=9+Nl>VCxVk)FMPm5`?}-U
z@>4+HdR)?15606ngET0x5C<Y8?s;V=$(kj(dTu#tq%B+0OsqwSQUU%X#^1`d@pdi8
z7jv)1C8aKT4cfSh*99@5tyH%t+bx@_rKYDbY{<qp*qXLvx7N-j%Z~M9wWziE)xd<`
zRN7l<6=^IkZQKR>vCCU)Mnp4W_C^CWW<jj0x-=oDJX*DKe=e>{9PtLnlzLl~a%elO
z+q7#i9BpgJ(5>juEuS*gXw)yRS}x18#xN?`*jdhL7nytiyvfw?YEJ!&zqrp@V@;#j
z($J)^I0TNDIY~oUGo+UO#ke*P0#V{bROwwAQXR~ilgnG+VVTQrV`vx<G)v5XTUwDL
zG#1GlQ?#^~awu<Hmzdgo1MLdOJPS0ereX!T>2B04Ej!Zf8043~yq@G8ZApeVdxRQw
z8W;zn*0lIo6sIx7U~Kt8MVa}9D6?ibLbayoVq5#w5dCNFi@Ka8G{#~jpPw#8O8(;b
zK9)c)PoOnw)t?6{PaVMl%*L0xwQXoROB&wYtCAmrBQAT9_LXWouMXKYO0VhTA7s#L
zF{h5tFJFHR%yEIANFg>4Ix$*|O>xA7%w%iOo-_{2&}ZSK<r;}-jLWsJ$2t})BF78_
zeuM26c0Os9D^v;{zzVJ&b+IPVp|cz%;MvydSv|OIn8gKeD%muiH`SVncS4cd)T4!C
z#6t%Q5=0g7Edi&`eMx(ZHt-b5kZa$kKmkdry1^dTfCornIELMaTxwM4fS}4}^PPH?
zOl?Wm2g7WV=iO?Nb(Mjp5m%3^mUBYWjaXO#6%-z#|Fi!1hh%amY*k%3zbt7{NUxw#
z=L}IwFW0Itr&#-RgL?@v%V=Ar7!~*yW=mO(FFj{m$!POwgApR>vsvuSinMknO)Bk-
zkf?4D^rO0nHT+IOaTHx~L;fqcLn^398Ivjxnl+jI7P<P9V7c|K!GzJl9&5+j%DN0%
z;nKR<)L`Z}uE+7*X-p9-m+JWRyCZoFttpAk&3FANU-yT~`|~4hgdYp&qVp%wCeP_#
ztZpy;MAjhB?XVS!NeT)<`j<MR8KjDyP;VS<Q|qMq@p>D2e_~49C=b30yzY86^C$1L
zeHFXr6KwHeqwIs_#hYLfz;Uo*>NNQe2I^{y9SwSaP=4cRlWj*Kkzkh4{&jM`T2{JF
zKIzS#GxODS=8cC%rqZ}-MsS;=jha=%C@aWe)JV&Q)$1`;CY&If@=)F)O~JGX@(maa
z@E^F_Dn8BKo_DEKn1m+^#zsmdkFKxBOMoxW#aaaU-6Fb*m`O%lSx=IqWwsh+<=|VP
z0Jo<xU|-LKzr71Z3y(IC^^xLERGk&zTQ-brv4yCuYDb8<5>n(jD72*l3hxXhjCD&*
zrz;O_;vPU1jQ3m`UgbtvKH?QynH5`Ussx8AsoJ(L9@7+46g6a(bn_`#0V$2QqIaJQ
zd0v>0=c|PWe<qTwBFpohzl75>1s|nQwr+wwo($<S)?aYC&}=z6hC+;*8bktSWBOVN
zNtYbd)-8-tKF)L_A+3H|40Lo58vtZzMT~~77VND0(XAfz?mrtX2S?(RZar%j6~5O~
z8KE(|*Ga9X+yxFBa`vaN9y-X=&Vu{qJ{Ih0{Em$)$U@a>J$jIQn+bCl6)CjD<~A=D
zqC2j?F=Q32uXe%sR@J<sw!W4<=O=CeHqOP!1WRoI$~SSn3R^9ifpvX_%bO_Lu9CC0
zUN{a$IB1P`8H{Ncr$=9Ti5@SDf@@O&Cpe1N)PI8t1e%9y9AhIDlCJD&Sh1HhWDGi!
z_KZ<>zciE&9X?YTUcd6UMmcFh|3K!L8?`l6LK5E^a~vJ$N{T~B&i?IDs5ue)1d4aa
zlGR!TCx=Z!<9dF_fEwp!vo|nHe;QU#XwLcG#HH*jOOmSrqs0Z6wFaJYie6PJMIUet
zTaZDPqe!hhEId>ZJ$S)|q|k#xw)kR`D!wMD!|V90qb-&7k)`jsf-WbVOxyl3RY;Ch
z?&yqWy(xx>zOU!%<0`RZ9DlwYQ;aib%@a;#ogt_j5X&WNTn?-(o%uf#wYv5hCvVu-
z5=`j9fMf6+#UfE0o!V-q=%-9e*vO)j3cfZe`0JSizUt~3=qqI$RsrNJto+~VSqn)v
zTME^L$a@y00#z8ImuAKgIIuL(DT>iYY7w#u^$cj9AV?8Qb5FrER_UPQ1pHpPtzZFV
z3{)yHz_QT`j=h~0<^trcn_wF((0PNh#_p2;Kw*<(bqFq!QG`>z7JbKXKb_oMMc6Q+
zD=>CIT8;n756}3DWdWwlN<{<_ZKluz9a4i}7}Mp8SxC*WNT5zm><C{g^1psP@G{_R
zgsEd}CCJq1oXHi+%gN!#AMR5p{D0ik#97z2F*<B7y#E#Y*{i_@qZ_KJ7wzw=L1-sr
zUPCt-I5*24S9*E)Q7j`yS|z0WFe!z*RSTg94TK%YlIc__i$ZuqHL$0+BJZHe@Xk5S
zJh9?uLl>7>5tRk=7*y9$@}mK&h*BZz=HJ1Q1MJnuW){@316**@+4#{-)2_=Y$SzpB
zoI>8yv*7MW4%;Zp2gn))8raOD1U7I8nNf(T#CFP|5yc{TK>R}lyS!BvT)ghyX2z(N
z!D<qC%fBJ?!Ks9-eW9iw$yQlOgc3nDUa){kacwsS0@<jX)v2n*;~-koExDc5ur&#>
z7qQ|26&4OT0C#p7xjo0&k^S2RF-{K_js&13dw`(@zBa=H&G1e$)~yD|uls%(_|NPS
zYg{S9gPe^5lK#N$02=&=2U1Z_<b>XA<>nV^8A!Nyo4yvqpQiZ4y3*E6ZwAaqWM!#9
z$y>sI6`?#ZlQTlNPrCm+gRY5&HG5w<l#bNM*Iv*UWtU}25s#~4j5;D7TH=S+pszd6
z9V9%Sv_KiQWggtNb1@FSAhw(P4fs0t^uMx72NLHMUScuOTgO%of#(l_E5<x#54}Tj
zDEM61TM5KV{*@ucyX2g4&d+nP3~N{&2EZN)_?3d|{;DnB2*KZot^zB5^%nny><7P3
zGNoS}nkqe^7fc3S8O7&H59t*$KwpsiYj_44hJ;vU#5hoaA;+>rc&u5Bf8ONEs3({{
z5f+Oox%o&d5vmpQ8}C*Fn)idTn{~WRtKb`cE7|ot2vs^h?Y-sEf36Ojb8*C3jLp^x
zg3<7;^_qftz`;`^Gu@yOtf4*HQqwE+Qb*A&HT221W%v{UXViJ9J`Zz%JP2P}I1+|v
zcorC_n`{0tpEJ%Az88<m;3K;>$WDBtzpdzIH?3!oL4DPvF*G;s?*Zcu`+}Ru8+(;H
zJAro=9@k`@19)dblk(_VkfaM?nzJ*>S-RT15WbrT-FRIE5x=5~a_Fc<a;&wKIDXf!
z`8?z!^+A$kFuWF)&4?qIucIpSjOcfdRU?mNeMzTP?%yF8WT(XOHR1O(_0{zgV_)VC
zt7xl)b$Ss_k3G<zr(SHeMK^5tU9Y^PQ#P|v#~X&QffFtGU7)Sl{x!^a#Id+y%ZZ$X
zL2!cLEaOe*R$*_9RGZbLkxTZ_QUhM6q-T94ob~_A&(=>T_NS;8)K5FmaB@pD@2Q6V
z((*4#39>vE%@kn@yQ)Y)+y7qaLQZKle4IbzQNL&h@o|Xx8slRgG4EDQ;(r`Pv|@>6
zudJY3QDgPsk>sKtfWfqd*daYYH`531|ENW_(ai1;UU*zeiM$}7Y^wfyr@7GuuY;Y4
z4|A&srz@wtRSatfM^q~z7U9<p1tjfT$X`KzkxdtpwSEk?Zq+G1`2h2ZoKovJ$L!#v
zJh7k0uTdVM6-cACO=K2TP%hzjsiopQnlPJ={7Dlv<iBo!eXIG^bJ{g%JUIJfdAm;K
zq?Vq^elN1D-X&t0R=h4+&R0-hm^X2lLlVQIO|^-}PV{@_wMPyLHr#K`nCo^2{6mc!
z*gOFu#4t*z89(T^Y{3t9P}zOEr3=DNNc%e3!FZY{hU=)fYFx*z1KpqMr`yT~C_mGA
zNW$WCHOey%`KMTSUW@z%!R3$}%3tCp7P%r8u@Vdt5hKSEu(NWt$6a$K;(vg03$W6t
zEK^N6z$9_qF7Gq~BB4RovUXQ+@CHOi41Q6V)2j|G!!zm&)A4Trk$NxeeJoCS0|uTw
ztSOv%bAn-Tn7N}GvsMxQC78AYr+X_xO&8u%%lBWiGKMQP#~*N0H!kINsp1q8ydhU*
z1GovI&|I&cVK+?P%DA^05#uQTXu^KG-)-_+cR<b~5Z1gq;Io8P=J7dyap=MNClK8_
z!*(DYY!mS7j~;|m5pc|_@?AIA2FvONj?8*nyvObFPdKbRH;d=5iVL1<#kJX_#W{A(
z$k(#Be(l*t2ilky43r+X+B7>Q4I-2$|M_w+8X>J3Um?X4$G+2mOXU&nB{|0w^?I#|
z-&X^Gk^BRh<$niYjKu`|J^FMp`3dQTaz*aoPv#{}Z(XFl^^8n(%dmcwPtIL{daV$-
z=K_s06^7x!J(Kv+2JP7KZ&&Qj(gTz`z`#lCcc77=>f1anJvj-(!rOJ1XF&{JN%>{!
z@@>8YM{N6C@h?lw&NpIqo6$M?vmhKU;p1cj{-DwauigA&yk?Y%xD~{tqzL!AB<CjC
z!9qtiNPj1;3dzm7G&T2P9KQ*iGQklf<bu?5lf>M)YS8ZUhJ7KBx&65HY`nzxZEJz@
zd+e6i@(iXmRv?zq0t(YRyi|LW>CBt&|6<15405)YFnp;#ezA=8Mpq{4SmEH-g?z!c
zOs7e7J-qgT2W${(Mc+WkH?Cvwx#A3ALA-(Bx$h}MD^-{@7mQtnm#@k^h$NY?V12o|
zAIhYk3&r^Wjkp=SB1Xq#hf$o$wOeb6ITR6iuNu4gS3*{blcFhZQW?*JWaFpU-%IvT
zmKLBneo}@@{QbAtgApsg`+D%b*2N%(uehr30aTr~y97Yjt;A^8FuOo?UDY4{Mj@@;
zWW>U~CG-EqgLcWAv8$hoaEJem`uTzSX*K=2Vy6QyA%h!ME~0p#3*|S{OOyAzRe0mA
zc%b+4mLb6+58TmVieBeICeW|MVXCS9SW~BH#0Rnhu6V}hMBw7VQ_N7`;dNo?!VZyl
zR~1YvSNgUt5ToG8BmdtS2Gs(lBK&LVOx^l(xC3%fmlrbN#QDj)oneDXeOU$ngYEE*
zts4z56KqMH!>HLd@QvOOb#cyl_dAe4Q8C%RXxSgMVH@tZSLzcCA@Ba}Kjlvy2h-*i
z%O?*h1Y<VnRut5Cj0dJ1JCiq3@Q(ef^w4byd1w;<AVAy|VsI<}!!*#Zs^1>G`EiyL
zQs<3A6)-2-=!JE-<M`SZan+W!dVRb04Kf{Yg`a<T1o|UKVg(4S{(}B0EkH10b_ezg
z;mQf>X!%Uhp<F9Kh!T=zr-Dex*U!BeRj-f6SebzSh#dq}C2A`spgwPvb|JjG{S=K{
z_iueDl;~e!;^))bhD(7YGQT&f<PDAY_#c2*8Wenmp0@lsae}nvr<v9-tG?~@4);dL
z*kcRvk#}V$lp5pr`^n$=H*S@qFr<G_8?pTK4(M5Z(vn9g<q>uQfQ`KgbOrE>{-$zv
z_Ow`#&`rtQEHZ?4g%+G$AO;ydLYy|_4*_Am=e5(Hez|;NM3aQ>2=NKxp_ar!V8IsD
z`-v@t3UlltVz&`Y9ZZH96vpH|9^>TyBn<k=Y=1f=iPk;Ry)$q^_9`pv#(@4v4rbX6
zWZA6;c4ssnbWr*=twka9N7+q2?Pv93>?o|t<9;uMV)&KU=do|S#rvITyX);wXAy2}
zKz&d1cJlJ((TfZH#18t2b$(Vy+=%7f0QL!Aw_$bv)%eZebaun&ZnubrMfm<kps-m`
z-!m+?cg`gMY(KGaRo3V6d}6@KZmX>_WZHVK0`AiAy+Ap(fgyU*b^(@$buS5kZM(xd
z|2zP`(6^^uZU6Sm14iyH!10wqvc&H}gTs9b`b<FLR=>)<<gwB>tLpuR3ZYN#AFX0E
z(Hds3!QJN<RQPBWMnEDql1X~?O!no53-Pjn#08MN-KlaH_U{tjOn{|(GiCX8Brdd#
zazdb#?@bAE)CQTnLv`8K1UOKt=A_nzHU&I*Va4%<>M$$c;|punP09awh5ZCXpZ|!w
z2Mq9|7FeWQr{IkfWd3>aUi%p|rXl*ktDh8y`W8p~0@K0CsOVjuM8Kpmp<lrk_zT2D
zus1}2_f63_o|nm4_sI2AHX>u+i{k7jcl&d1bM4d$w^lItUH^IDbVo_|1Ncws7o+Oq
ztbBw8;NY;h&N_}2EIjH;KpiEKhLfFb&hNH)H*83j(iY!pmd#RtX0=#ApAcWV)8#f7
z65X%x7ZrlRRe0oF1s`q*08!b@Ce9Lnvxh(`5S$PXxc1m+^X&g>$bR5?`QOq)z)Q!A
zQd^qkR3~mpPUJm;?NQ(#^dlJZDk|Ce^ojzh$WgT(RXN0?D5MTemcH3|lJP725@D%S
zM``2~nhr@w%gG9fu@<St>JoMqHtlknSkJ9yQZ`~h<X(hai83|=RSwf4qfW=4a8>%K
zdos(0IZlk!vQ?4Fq0GL+w2BRx77aH(aPlv^Jep>a$luiCc(zBCBDzY+%3KWNIg9l=
zMr5+gu?|nMOqpII?dS={4$&!UioMs0ouowznY3%Pi?j{XWOQsJqK9yv7c0ieIEh55
ze={n~F9=o^6sxzXUd(zlNOM#>u2GM0+&(WHX*e=`Ic_L%H?&{XM7G02)H6ihT1SZT
zeND9s=WXPEYs9FTMQX+?O_Ia3Sj;I~DbcDJ{mw7#`LWA#lsQv#3S}QmG)*lAQmbB+
zwNXOdM!pKv?g(kQGCCwyvnVdqJ#a8@h~(gyBl1W>R3o92y34Fo>JG#pD>B8XVOGY#
z$4ZSX>bMU7%w!j*GR!>CpzP9~R}2Gpl4Mo?_xtNDwqdbLa}{RYt1N|l)bpV&S+n{#
z4w$6I@Up3-ZZk@c*1^FSvw>y@1&J|QI;?0X5A&Rh<zN@^&fJ9#lDKp2qz&+EjGICt
zUEb;}@3?bvi>*hCs1^(RaLaM%CQOD-;BAAWnbChIlSt=mRX8^OW~P7&jn=@Q?1_%j
z*7a2#BhKGJx=KeOA}K=hwT(dzTt$mJeZz<dOlRmvkMkoI2*Lh_ReRG=eMZWT6I)fq
z<pdBgiJg8mth(EpZH~QZhy+ptq>m1c)t6^DbHf}$J}8J2ISGc?PA`58Rj0*Ovdi1k
zE>dDgcb~;Gsw;Vu+yykl$Eb6sd@%D0Gmjind@3VP90^ic;+$O3-zr!2D@-#=@BO5f
zoC>6Vh;7X>KU5lqD>Z?s_5K=vm|jj0C{5ugo!zLO)or@a`!uvvW<RKSpxf(*o~ZCk
ztN73>AARB-ShQH@g<v3wiNt@{9%g?nlO(=%Fl|*x9YjFl2~0rox={}d`mBD1x%0IW
zAlUo0`n@<#=R$zY5DYsp)=Jhv9aosv9jpNEdqut)NO<nJ(@rc7*jy%aRn?}9x@J|>
zH*{8BU7vx<9L@l2@5>glAW`%%^JR8iBiGLS`ZVxA>&(m=9VGOAF>Yl))`L_pr-ev*
zek)7Y2o%s$nXLyX-)fwr4?{5{*#DX)>Af#j)yyp(d6H^1wCEW^%WuB)vz^b{e&*Z;
zTyOgWp9`L}pSx9f=?8s@_`V)|E|%jkKgSFDZ@Lq?u8NQc!?IXbe7#?L^=CBPjjj)`
z;#RKsk}P#wy`FNH9`3))4shgh?22yS&T&7smWyPMm>za~Z<Dap3C47!76fS01$IX(
zoM8UZZ5zGR?)UaFR}8`wUrzfNCj#mF0y#aVBD(Hxd%R|VkghIcb~?@+AJ_G>h$vy0
zb5l1+%>v}-+V_&#4}A0UCDlJS<zmwrxmE49ZAdg7e^-#;bXHu4pnXG6ke;&hL}`!s
zDUhN%zG#Msb04IKe%t=Q-f8FlVD5X^3Iw{RZXj&AOrJOTgns-0F@=3}$CdASV-#jS
z;Ds}u)PzfI&zOpUozR6lPG=!Cap{MpkG*LP!S=>oVo@D&Wymdf2*}_Fv@wV$-)fXj
zfnE<DKiCsIfAUXxpzU*bi!HAtZSuq1fwnbya}CJf6pnD3edLUDc|kOqMezw-dNeqE
zP!9QIBODlTt+km_-Yf)S4!rpvo?9-;Mr#c%&Q8s~f?3F^){AH6OOEa+7~#9l@SWU;
z;ZB~mvETibIY!h~!-fq332E8ud&CzvWtBq+nebT(39#oxeU9LZZ3IkmcwKi3zKSy-
z!=i;!d#A7k<cb{ib_@p$R9a3RFMRnC?Fq(t73`>=C;8$RzIi|@f<11*K~!1|^mpA%
z57FJ4g0FEQXg(T)ymJNEt7=kmO3(74-bBi$Qx&79HNJRH5xYuFSZ0mX@S48%S;%ZW
z3a<y4>~wq6UA5d-Fg+bUUGco|8DCdlz2rrv6}<q?Euu9O{B8$eM0bw=TwS|A#w3m>
znKfo75E%zo*A{<&jMSU~PA<DkQKk=Ee%>AD25X*czHM%B1u_jgzBaQ}V=lI11e~ND
zx&GFd%uvJZbBO=hVfaRg@dkh~C&Q8qMx;cO7D@1W_;W^N{fQs@Lp?_Jc1Wcp5*d*<
zNxt+4$Rm}O=&3lPngVB3Y+g_;f$a}nL_A$_iZun#DE&RXN8V@dCArra|Ge09QqZBX
zW3;!hT;k0r*}PC~V%8!0892}*VGvMZKP2=f3=<<}XrFy}2qz|3Q9t}Il71-TelS~1
zh<{+xLBMb3Kfkeyg~4S4aBqL(9|{A#=3`P9fLj{!(*}5&2QJ+rTL<IS!)ynkuY%SM
z;?!fc_GR6oHxH=2qFjau3<7Zii|>)VLU_ZM?XqSE-Ru!J53;qx)8vDGBL3r#Lo^wo
z8VN(36DJOp@7?a9JOa8U)RM&R|CKPT{rs0M$pTk;yBXovuU*XlD*`jIxBpKB=Ar>-
zkFt`p^OQ8VF^sUR7w~2pF%-rWI-J;G^3c#q3lk1RasVnJm|D_88&4)m;9V>!e1J%p
zqmw?H;jD}-aq7aoGNH5HY>|09A56OPVHqb^*VF3OQ#9p}LH?33+q{sm+4AC5g@z8h
zH2Ki`)wA;f_*wY?oZzjZ=`uh*_|9WoZ_R0ApCN;;6a^Bd%Yr%4>V=azCcQcTr5&2|
z-cDhC5DkpYj>CvFwZ;W;=@@K+Hf2iVGWtvIH0Jm>+Yp`k&bpFFZ(R1TREGw+F6~kp
zIdn%+)1-BS4x{m~Qnvzg(sdDvX}=6ci6gs3Y*~}3l3d1`#vCm!6U-BP#WpRfW60W_
zOn)>*oI1sFoZ0v=lsd5<?UqJYIt>Q0sjgMkhLAZoOvc%~!!0uw#?5qgxLFbw%U>XR
zz@JX?gSSGM?ms^LlV-6qm{Al!vM2@ID}YmeYy1<|ahvJC6tXJ?I@}l3Xyc||?!3yZ
zW)51k8T9E9O11Wz!ye6%V`I*|DN|_DXTd5CR^(~K=1&J5GR(@l@YpAtYuPmsD$FoR
zXSB}Q8KYzc(416B{fc*vrKnM9QXz$)*ME4EdUullPDZ>YuzK&xnW1Dj&OgeOMh!c&
zqd9F~8C0|dW<0K5O3_M(xVLh`dpsQ()hbxptL#fSs5Qn<kkDs1Xh#lV$j7A=Xu(Cr
zrZq(<ai`_D2xDvz9(Sv4W6uw-#yA8X845!^BmgIenb78PUb;HQs+n~j7>iyzQ6cbM
z+K*=FT-$RI48nFmmZMG_NsB_2CeQ1Hb?~ZjRP$!i%dQ58Vs}L;jnfXt4zZXhcSOW6
zad4o>W38i4s&Jt&OwyhtL59*<nUc-f1erQfvEAghTKFv2*aa!CKel2e9UrD^64txO
zX~)bgzu5!=u3XJOZ04TYM0sqZz-^;kTc-eEQ>5My9D<r(t=>I0wsczEKr>cdTqi3n
z>Qf;b{!+&c$gaEtOkJ5c4I<=v^qEoXw)9x(V=l8cc&8fO=5|a%kVFq)0X2erO2Okd
z!0Tpn-i1a~F0yXsh3wJ`u=`9ZMi%rTS8$<{Zt3PeA_^bj`)s^Jx1O|HHBcDb;pkw;
zjj(Bb+^~h%_;q{4Wo$s<)14P+%T(c=C3a+mh8C|pf8dtbVl4J4^+ldEiflz2P7=gs
zf~%~Lbg_9%L_iZ=*(@s41r9CwBy&}qZ3IaY%telNp`=IMRqv`@3Tw|igt}J=A;nM{
zraRGUp2QCu6;IeQRf?wVL{N=%opC&GvCn$hZ328{uN3Rpa8>|FKH}bY18jBVH2XMW
z$*fS7?j~P$;R`*Mx|?!C2sKTw(r6dMo#Y*gh!#ae9F^Yv9Ilq35?R$Wm<ntOmD~^U
z;9#yD)m59d;iZK|a8#kp`Bg|Ba={`xp}Z>-X8I-X<-|(z6jsEM1#qX|&_ZmVmMIT=
zay}}>PPCDuqYr(#I0jDPNOKX?^QKYkz`1o%&f8$iGR_|G_<Fi}vy8=qa{2^wygqs*
zfSIa_&=r$%ph0ok^~2?RA@)4yCQ-D!=0;IVRBp!|*i%wshFEu!+ESuwCIaKb&bb+o
zjZ@1<*5?gk6;O4U#*p}ic=MCBK*6Op^e0|j0z%KGW91Z-PMam*aFSR9w*59R1_kGU
zFcm#yD1%sSE~5Dm#AwulsC*K)H>0TOfB@;eb+Q_3rUaar@P0ad%efBBbdZS_de^Wv
zp%on69z8%@Sq;HE8%dNJXa>UjTYJptx`~3kJ<$v;_e@P5T%!r*<2pQHsCbA4f7G;_
z6-J7piJ)-3_be84<!x{*TUtvX9Rr6><=%l;K0bcmyBp}LQe9H+{e3tzxi@266@tgq
zX7&-f?k^klzGyVK&gF1Hci6zW5LZIA-*K&$gzJcqJ;;!dk0RaA>oiRMl=d?Wjx-G5
zYuJ;T%1N`<aLk!CLQ+ktip#|Fs*wd@Juct%GdFC+!j?rd@!E_&4cdN#cij|9W-xYp
z6?-I9Krl{&0XXzLtLVD>%XOfdG-_5g)vmcUt^?hVXP!&&EY&M-yvTQje^!ar)$tlh
z3j-}6+R*0PIhOmtuXET}XY#D*D*JhCZl^oXn_F55T%za)N4cY`M`A(eZRdFWPj9>Y
zI!O(FQ5_EVd0tM#lQ55W;Lx6fEXK+%c;vbyn9XG}jDH()Atv&C-h<a|R<OgyU>EP)
zb}7t78xrgg5xHA*Xm^Z9B}U!W$f$GHQF@naIF~$}57HF2k9)xFqIov&q9Nzj-cUd<
zUywEm5Zc|2;o);BtSRfF>rU|@HJj70!VY9!)1#A)?(6LfxxT_ONET3gdNi&rJvSF>
zI>RM;k|-_V`={Ed0DyNMHJs^&oQt}c`q&F@9UeGz4YDGLUh=_Twbx7m-Hmal1%w;8
z=VA-*zX$9wE)>0%M35#y&B&Xb401tO3iN>=kkiwed!+}Y{q?cgBhO(e3FoK0iN|&7
z&VM_vIMkrZLUln}DAnJiN1e}_kxViN(n_%-qub!)8TDXaaICT?JQFA6D=#wG1-cTQ
zvQ;;kms5b|64{yh+@qr-TM$qV#+<A%qHE41$yzP{5q>s|h-Ybr5WeC-cv2717tb8n
zro4;^ee8{Ao}_4b327bzLzg{u>?@~vCQGKW<yg);&uCoH9~*FFz(KTV7wR(4ZsNG$
zN}RVwacI2dy~S~asNleyX5#L%phlKpn|3G_{kk3fCdBEl#j4mUBJqxkz2(D>XsjWQ
zX>LTS+YEy&bEe-?PPh(ygi}4!_AnyGiPnY;pf=oqGkdlV+M6}xWCaQe^$Ind6~%1U
zg>Mk*$h(UFvX+2v+9KY9pCR4N2wpZg{6Gc{pzwai3YZV3g>O$m&|b?SjmO@nfhdKm
ztB!WMkvobsNP7_!(Zhm*H7}6x8WPBVBk7e0x0|{^5`cz6MlYG~3+{ioqzA1&IQG9f
z{lkNjwMw6Gt#bcnUpOsbkPrGO@*Al`U_URQgLsQgdctW5nG=g=Zy(MU4uW~h|6&X&
zs9mYZn@GHWy3#5Xn~};eE19t3lMd)n-J;8`Fz3~{nKBY*5wEwRxu#8eBR8ww6$eKM
z|MuQ>Mb;Sad36i@Y6yNUbiTPQK;KWNq6vIQT34kgM({<G6>=a)!&LwvkB9+S7!9iL
z-l$n1kH27ZWk`R~Xoi@~G1%T1HVQrihfmiFtXA|fY@tVez7K4jt5H~lTWpj)^>AjF
z@`S_@?fh5;^5Ej3oCle1Ky;bz3JQ(GAn1j6b)@aPCi>J0O;D8BD;=im#Im{(^ZrZQ
zX;LP163%J})mKP4B<UM~<Vx*aD=`HP9Wv5kd<7K49>r>+2twk;$c*%d$~pse4jXis
zKZV5OwHTw|pW{VG{siSiOKbuCYOuJ=@R3M#VSswi60g-9@>DNB!@_yK@JsLoXiBb#
zD=IYL8X_}K?564T*Q}R6dg)xDsDsk@3osp4We%oZJ8Ppd4zdN7WOzTw?2iNnPv}P8
zytImXJf3>jTr<Bak&r8@D_)Hbn}}!g@t+2i_EvX%n0jXY$9B;++mQ#~DBGaVAdOGu
z1!_M3eFWCfK3<JA!o1c~SHdDeeCWm`jnCprw&;DW#WHBGd{F@bwf1v--%$sU>ml6{
zxd@@+A>bUo0p)$9;vq*@V2itY3HjYh<X=t@kTBY7W)dRGa*!!JzX_|Kt9bRFcjfq@
zbNGWEX0LgzFZZ6=uDNV>XV*15B4qnPlv^QqDV0H?ytVqlw}%-<Qmn#ge!o5i@EAfb
zyaK&JIv+&1BCi-9Hgd=){5b+;U5_o+Ae|Sl;f<CX;414}#lp?kVjy}3ip=7;4phVM
z9<I4$jkVPIystNokdS|vbiJG82Xo7Tsvl{WCpa)9bV&hw?G_b543!Sy`^+o0N%G(w
zHa?{n9Sq<7T_x;Pq{upVHskybYm+*7@KuW4J96gKy_V31Xrl;c)=DBStbJ^ME%?Bl
zonl^vJ8jvl7B={1W%;fPA2x$$|BlpL6N@{&cKyiJdyv|~>4&i%zi{Gt?RvTI3BR(+
zuS4Qg{5Q4B^6=mKGFDXv&&Hn9W_1RQgWN0T3&4KvPIEDX<NEQ9A)=J0^J8wAi+Q=I
zh3m^j?$g~5YTY|bV8%k{Sci3K@7An{Bu~JkY$lHdSMJH8Ex<AL;;ms2%jHnua1v!}
zru&ILmkGjeR<kMc#_8}+ju{$Y!{gso)xH-V@4-+}B!Tm-e8JMn?hCj3*j!iS&cQC&
z$cd^qAm{{)Vg%1SuIMEgg&^P{=nQ$}2T%ATHitpr?%~SrVth>b2Ed^2YdvvRwYS3S
zl-Bzs&wBOqme$MY>v8*~?|Y*!;CqtM<$AM}b)b9mrK^DUoXD~LHIhK)_Vu*u_igla
zUDwL@&7sfq&wzPxkf)oN<M-OdAkcQXcsBW-{B}S<|Mm^Y>3RI}OUL@?zu*&)5xwzw
zczb4(=lfXX*}?Muc)00p``4w9m8E~-u{X$&!?*CEack$-ecF?@15KK#FU$8mNx`b{
z8pSffef{w|ag&-N4__wm)&GDY@6&ksNTTm&F@ZtBV?^NN<-Sn#QFq1JXliua=3_&k
z%k^1>0F2=Cbhf;6^F^uO-Tj5|B+zM{i#ti?&bQ08aCwOTvQVLIq=$2|o{nq(>Gn?`
zz4*6a`K84}5$9pOyF5nH#qa*BWnu5u<=XjO=b1fh=E%nRk#)8c4}K&Ne!9UmY==ta
z8TH2{zsCOclWSzps;30Gt$=a3g%rg_G60v#^erk~HTVMXby`xD_duqnnC9!WAE55*
z6OK{}XkTwGR(QDjw_zny_FA^N+7QTPtIWCD2go0mX8LGy)!_w|4{kN_(AD5{2|5gg
z{9d}OSJ>%T2DE;~&kCeU88`C|SFKkVpYY)S1bA!OLF&KX+-{Wl-Ywn?%*cvm%}D5b
z?+xGJs``0ZKYP8EnfAWPte{NA#dyE?O~-tX%<i`NHa*FsynNlS=iAa*qk#*Y*?Kn}
zjQv&jbNN~GTlRb31$<gtF67m`OWn@^o)>OJc>#W>qj|h{Z*_G&&wfKY%kRjkxH4uQ
zF&~+XUp&+*=S74bWO>axT0|`pRV8fm;1$ZyQbZN{>*O|R;3Y^Fb<OhJgm}sON=j0a
zDDy;T<<2smg74Xn@sGuiU}u_VTxS#WQS%e?93|?-c9L~cJMnr+dTHNEp2F`mXE)k9
zbS%YI^YX<45_!#&))`C8WhS;0pQ)mBQQBHsYHgFYip4*P{PDF?fK>j(Z}s<_N0zhT
z$9h(>oCG<kIOu`@UVA-4X+ze=|MhE@<^P=d9j*T}^LuOP+T*CEs&$!Mloq*a*$&J7
z29D7VCLo!Q6$yU;;YdXb0S%16WB!D7)V7?E`XgCh0vaX&0)iQu_iGS#>esWNfq{W*
zlXA-quiVvy(xRHp62J9bBg4ngME8x`wGB@sR2Fqf*9_mwrc>`jj?>N4T$o&p7;y$5
z?j(-az1YXokF@bjfFxlQ0N32D*``X%hMu{UxkBw(qgB0F-qusL@#Q#b!ydKtt`p?Z
zwB*^KV^i@eiZj&;kfh#CdaFU^``Xr8vitCHTGHCEvT)2+!McpZDCw+Nvt$j?@*B3o
z*wU(T->z}t)z`Jpf@SIH?AjHbVXu6mlWjZl8g`wi`EZI^4s6)lxY4$kt_hu~d{U}W
ze*VOK16n~bsXJSm(Cblo@@}y0p0mJc5Ny(_d%aW8Z^y0k(p#g!urLu2vy6XE?OBr}
zgRNgKFMq|lk9v&Eacw!a(%ZUe4o=Da+mX(50W%{V)7Umfmlh@4#&;vOQ4?F1R+W;v
zk)8ICzLSBL*Wg-o#-VkkF~M^~)F>NXr)#5*^TgTT2yRKx=X8;hn~<PkURHOx)ZL14
z1J5EAOT?hpvtrePUBgLq*c!DzNZIk^S)^<2Q5)Ud#<ydsb4s^_-TT4<&zkjRXzq)H
z?{OrXOqEbVnfk~v<@s>^W?8fl86rWBQQ3=N9%VH;k9{m=Si@bFQe|7ReY>$VPd<h`
z{$8yeT2=C<aVktO??3uc=Mv2}jkb|vIwc*PSg6f_f+Ka}d18s@r^k1*vX=R5O4_AH
z*8yr4{V8xlN8a=PR^<?gf%$;ql;at(-Ir||G;o#UWYud{O{3(<2;a=x)~or88c)*I
zSmzN)V(g&}apfewt@SWDa@dQ9c*cpXEymr8=P7FG*dO6%eUG-nvU(1%YKyw%Y78{`
z`nyjnMl4HjUxnLhFe?EcI;MGF<iW@SU*>My#~zDqGF;xtwqh$uuFBTOVKgi2L8=%$
z7M(_K%L>YSaX!S+dD#i$UE#piiYfH0$v{khf<&ZsRQxV*qf+_nbgvCEt9Ly|jqh_E
z*|+8lzPblhS3o7Au0*~WO)E8hPCfHxaptW7@lqo_hjMC1D&F;Eis4<at8DLu$n#JI
ztnEXPI6vWEKkm`~5^jFhlufD#@)C!_Qxx#vU)<9z;uX&=&0u2*{&8RmxG2KsJrf6E
zv6a9D4D2I0SyC8m2c<H%%r4DV>b5Q0H@+n?z$dD!Al8!Aq{ZVN!}7-U!rZeF3LQx2
z(i;3YHXbtX{qW_ti$lVEU4*CzRbxH0c2?JURb8iG1ykKLFnJDGT`W3f5gY|bDzehi
zQyO+nZR$GDN_mRam%0y0QIPFc4V_*xDP3*Wb}M<Rl^&i%etbD=2)D=8jg~!zS&tFr
z&AmFSWOEC8#ZzQtcmgJJe|BNBa@rQF7<xq%VHjQAd_@PHTIto$(}vGd=r6(4VoEjz
zW2bcD!gX}&l-e7dd4UI~nQhiip>;`wa5j_Hqt+9I(yoU_3LML83A@9oTtz0<%ve<)
z#Zo}|elf(tmPwbbGvihd&D9zP_9B%6bOE>e(>M=1^^#Nt1zx)Ay!Nt}R>iTax1HJh
z$&@MIaxa*j;j)#Dyj{M>sVw`KG)cx|?L~AvhS%QkwmvT2@aZW->^NlT!pcR>?OSD}
z2Ob;?UFIX3XVBTTk0YM(CB1Kv>o$y;t)TLIB2uoNoB7mpC{be%$5gpRGEJ`E*4><Q
zGWgP<7rdQpSQ(v$HpsN(NPUm;6!nqFN_%#v;_r1b!(Ieu5JeI$))$FCCp-4NEX4Oa
z(7r!?c6mmiVl#d91sY#T;OZ2>G^Qfak_Y7`=+Fs)nH*k?-oN3p(*yQUd+yT>?*a|?
zhaKB952;#^_as>oV9AZqPb#74Y~?^%6ks!%j1xsn6Myo-rJ1ZktL7s6i%f~Jbs{xo
z2Lt!a`Bm!|MW{7mu%zP;m&~Eb)8MArl;LW_Ey&{rY*}CFEl+=}K1sb76GJGyS>v=^
zg*Kr5Y?RUN`+qarRa)MDiT8ksvxTa)6acTZR;)iKx01Xmx%y{CqI|Bh<Ztz%Z3937
z8@w!2Q_M5v{qjr)$g{f(mVK~Do@(6`{_tGPaN?yP?1BpA75*9FN}!386kgVP>8u^C
zFz;jOO_mx7-WkCx1@<(-1M3Ep?acRemF%>=p+<k*_J3}~dlg!?AoJ3Qw$WQ2g^dZy
zA@~()9N3tLDVV*vN0ix7|EiLVZz!ze=gfILH%kR!_H&wwmm$v$ITzBhy2k%Cl+OrO
zGzm4c;8thhRhIjMvM?c*L{Z=(oP1$yTvraES1=6w%b$&SVIU!g=|UXovNrt=B|rfj
z@(B7@U*P@(J;bG0`^S#^5Ui<031~6LFm39tWrq7;fT$9fb~>8V>aUqh_rdBPVtTYp
z@)@IsET(=|HMsE$gb?d(dfGMd8rbb6@4xIJ0U~PWWK=v<MhG~68@0u`LG@G3)6*f-
z=~T%jkX6$<Q0h@5qNM|c2odQLsr@-D`)OA}Vk=k;&(kYufslCViD2BTiFw?0g!XR*
zYi)tN#PE(j+7A!`FljQj;$R|O4Sl=mxe5ro;ub|JYq7bE2$`Nn;Z|!ubD=*4pW&cn
z9Wm~9AqT>!bs*Q*N!zO-0fCZo7HffYs;yK4clgzX_r)<GkV6}VvA*a>&DK~zU3i?m
zjx9>7c<D_(A{^nyiY|SOXy7$GyZq9969?|_pw_|ryU;8jW}GvBI{5lk>p!M7g0Bb{
z;~8UC6U2IL^PPoFm4znD9&3QQVEV7COZk_>7Ul1REAVpXucs_tOjvELN-a29>_g?r
zJm^LD{y;zHcq-9V7qZ~CNIm8-C<f>V1>p8`dnph?JF*w3;cCIlv?L|-7&9Bh%9KS!
zyZOu#BCJyOx&gsPGh!>QE;m&m`6w(k(!9Ga%sU>GCJb6l&o>@$38Ss8OYg>=ZY&PC
z{k0^O>31f2YC`=Z0=;U0Sh42s2-%Pa61-7MZu`z1F)^;W5u<uhZY)igRL-GLFHFbj
z-L|-nRPQ4(0;&Tr1oRH_8XcGZeZ=bkdDYbP8A-mDksEkGo+*YzL%W<pYxXWko-r{v
z#wWBtNcU~>lvoN2YcIKRe$<8Dki^BE3zJ0@!cmJjuwKDt7*VA;Fo4}0LbcHVC{CQG
z4%kkfbC@hI*&*}sClr2<J_nh<NbG{JgIC)*qMACWn1a9kMj1COc2ff2>}NI5BNIl$
z4hkFL8F2YC#t}^}`fkAwHY1hF8m=qfWsHe9^I}L6E&suwLI_MwWx_&&6Nn?XGZX!g
zEd0vHhVQR)$Yrj;!c9DsaJb?OcL9#Y4?R3a^HFJm3{4_ex1RgWW^Hw;SMRktccX+*
z`L644s00w*sJT&Fr8D9xelc9PN<26GQVY3)U-hvcCWkF&zeb@Gwar#i6isidUEn}M
zlg*uYET-avFF9cs2k08MjXiQo#5qVZB0d)3Rg2%7w;RAu{_5SRlg$vOauON87977;
zS;f=zA$|DC#N0z6*ZK~YI7nz=O|(0>y(&fXK_~zbTVP(vbSTDZmSA=^OSiG+TEm4^
zXf;Dk6~j!nQR;vxS89Ff<9xzx)|1;Qk^u9$fzyDe<pirW*>6q}<8t+4N4jn_h%fmG
zD_~@O=Y1?CM{{+{mRACBsOB<N)T}P50lTV*85O;fVWh%UtDUBricE0+<&+Lc`2cnm
zu$D8v@_MKJ+Cgg-Fc=}?f|H9K<`VxqNt;pj?1o)nl!CH5N@vevfUt{rPa6IgW@qp;
zh;wxI2Yf>|i+bpE25YTp_pjvRDZq_KeGipp@zi+`UrS(nS7yjQ+^B7S(4Z~m45B^+
z7ct8LwL_gIiKv4BUA!i_nbPxzs$Wo?QGpIIv2cd~auwCkhtXgm{F-UVi*iVd))zZU
z-Be`88`LHH*Jc=qD|ltx!PB-oXz5H}+Q!iVJa2lx7%_Agg8`uM0VQ$zfQ6+GCX4ne
zD0H>p7mk(+{Y05UYg}Xve~2i)sMNPu)q<Kllt*;ydtS@ih$w3naVEi`rd+R*37Ke<
zA2IeEK}kd(Qzj5>N-3wzCw2@Z7cX)>#hxA#P+VP76b2`2B%|+%)(bT=w<RSlMm^T)
zjKR5xcVgJyAJG><>Z{~SqS{L$1iiMf$#HzgK+jRAIpO<LB5|}-Kxx>YIbmpM9_;#g
zErhX3=WHt7wkXsALWk;B3j04236@xuXG~w1uXp~tVI746{&=?NJh+nt>Z=V%(dJ2e
zh7%x$W$KR~V|M1!DIXpPmjwC(O$<(dyyWKHzYyo1auD;-yQ1Llqyt&e`r06Fa|9n%
zHW2#QJozEZ!`&!A*by}N%6VB!<p;Ku??nzz%gTLnfMuNC2etJ4Gz^mvkzLC|SN+uj
zobdtFzGinkVft_Yu+Q^XHuJxOzcj(7<Q;4{_{xCQh8<;TIq*jMdv1%U&Yx(zUH?9^
zEV|Dq9PnM8#!+52TX&nu07b%qef;uWZl{B<Bn(&<(VH1dLa6+r$jXd87S>1_fL$U?
zz%$~uV2H<TORvS%yXsR(h^wy4C}F!ZwUWo$%+Jl8c|5$I%dS^5xD~qS`;$|PBuC0i
zD-x2z5*}gyt=fkT`N|7@Kj%&ws0lUM*Af*Idm2ab6Z;J+^d6jlV4Qz&0PST>2#gXJ
z_L;Kj6WJaWwmk7%S*hSoY)!E~97xUmpv;)1xLOCYJdio_>yQHK5AZ4kKnlo8nB?M=
zp6)D?EJ_2Ju2ACTUjt7a82c}2yxC*h$vmX~_H>E<N$^WvSb%>(BCAdZsfH`i6@Aq~
zEK;tK!#|%H%(SZ7@GY?vzEiiq?$9Gy_jH6dX%2M;R^jWUB)6Ix@H4HmUhs6cx$R8<
zflng?uXvc)FHN}BhglD-jiEJ8H**S!2qz9*HsELAcITP&UO^o#Li!x1$IOB0v2ObG
z^{T=KI;KjTkfr6L!dp-+2BW#J_=@$5J==hNsfek4GHY}=MO#YG7K}2l_69^tlaOCx
z7eHQE^t}NM;9COrcZ^B<tRFb(_(^df1B_SVJvx5Sm8->i1)7Yv$wdP4lAgY&;#YJ%
zB|SAC>%rU0@E1|*J@2A6b>Gp?vES7LS~@({&xXANpPbxQVwW95q3R7o{a^1e=SWM<
zP46(R@x9<@M4j=Nzud64zS$BAO$N~O+dk;brur`C`;^QLB(dE=<_C@6!I~psw$jRA
z7U}8zm2WQarWR*ts!6Wp0ANVRqMb?S{$P&T82cO?kqnzf0<x#-wTR7<uaD@pP%lP)
z?wMiKQ4YetBi`(!PxN4OycD@#;QJ#-I`87+F}h6k5?S=2&3Z}AdZpW)<vmKR#=S7R
z?PUD0m;lvUvxW5!rsZ$eX~!S4hsN(tv)*#~AZs`5o)0>G{Hv5+_~pBI!1rQ4SZ*6D
zXK%#BB`4CiS-A{@Sf1bH1^@_Eeo)@JYP-CY8xi^+f1T|}onGvEgaQ=7lNMiF#S{e}
zP-mU|4c@Iofq@aEH_V+n0Mb9Ej=h-{?{*s$D{ZClgJe;x^BLcpL6<}pvS8Se<o&`D
z=;XterEXy-+MU#ZAWDEB9G;M84d>P$d(sZ%8H)EC6d!=)RvldZKZKoQY;R$-=4;!w
zty9~!ZJYnv?Wx^U+qP}nHcoA~bMBp+$=u0JCfOf$cJhAPZx){4S`SVVZ>h>>={;T0
zFZH^kkiuRG@_Pc#RvmxX?n}GSZt{<`F4S(hOq=AERkcV3{`)S&^hcNh*l`rD@`Eo0
zQ+~r-sm+_jE054C55tedfgNPE8U`My{f8K0-Glvtn*osFdxEZ_(+}Xz=(MuTZ+o#H
zLANGfuMk|DRWMuX^semukxq1CKj2PIfKT9ws$k`ZAcIh0FxJ;SnK=6M2N6irALeh!
zSbKaft2z^y4@K#EdBL;@;Hd4|x;T($i)bHc)gP=@x(#CLty<G8TC~&1HCTS}s$7~&
zlVFMaaS+^zBMv_3*`{sxw2j(&X#Cl~xn&^@uPQj3<_tQ>Z{dNxa|ScQocze(ALUC)
z%bh{w(DBOwzMvjGK|KCAi;RWJ3{leg!8rDEf3AXC{InhuX6GdMHP$Sgf|C|q$=}^g
zwtaSfy{^Ut|LND}?dih^LGOiNGcf+)%@_7ivM<8=Vtr<e_6we`J)#ORI6MQ}Z$<hp
zo}D99UgO~G5Wd&ga_))Ypp4LHv&&Qoag)~#n6}EHexSzsp>&$17nPmA|IylU1%5-X
zV0Q{YTQxynJ*3l%vkLyf<YrdJ4?h2a1Ooc`u~UcEL|w(mVNyB~ETNFCQrE$OwXTIN
zp=d#F#zz9v5fv4!(gX(!r0H)nT0RX@x3d|p{$<%5rQKXcRYup)L44iTe2sgc>~wL^
zSUc-se^L-!>$6MjKa=G><NxD5lMSV_{Un^WQ*~pKC|n@?`g}kkMeE&k*u6j=Qzym#
zKBg}9+&m`KC1k^d;{&fQ5>GrqZM!&O9IrKX?0su&54%n(ymdJ*zg2+DK1rG~tfTwm
zqGcbaAPmqt$QCBRXtE5cmN)vH`DYX(Nqo&5^#PDQj@I{q#Vq=qV5)zCcE2qLLPDrT
zJ1+i+b9(;NCTWAxdQPg#Wh30wk233hUN4`cHg$T(YT&Q{`Cy-TnGiJ`W*F;-W7Mhg
zd&F3$ehndehfF5TuT!0|C#oG8nu1uj7TKLU6c{TdTnW5#Sa|1%_?%OPsCHD8he?Uk
z55R`pVJwC~i>{o0+c-vjIb`-`9-~;rn$FxlCDUM<?CYopys#~zwj?b#Wei=ibBqSV
z?86iGXKlz?pE45^u=9su@ajR`N7g2N7>33!RAxgtxkZ*VxufVd!PhfGW(CS@77t?A
z(~Fg1`2e&emVIcoI2M~LRcBawq8UVF=k%Ab8EFa(dWt)#o@ooH)OCG?w`VqXoalv2
zD@l7x0cO(qO4BEAH+1jM;aeNK>_02d{>$db56g4k7-<YD@)w>^N4j>@;j)GZNOWd8
z24*^xWs!ysQ#$A6f^fB>-!8u+UB<{~fYC~|N%0h;R6-9_O-^yD{@Hj?saDSlpQI;P
zb4IEamw3(55R|AQ8evx~?29K4qEAR<2{S7*2&Tkt3?1^iR~L5zrbY>;i&!TE`SA$P
z3N@Y$U12&MwSGoe@&UtCi}MzcX0G_j&@zNc^gb#+MaZ!_!#L6<CCCxRp+nH6ia}(N
z@k3IX0O@oBeVI5KQSlUM<|<S^+KvyFDs-xF$1_F|0cV;~?C89#XoiIIzybntEDz=C
zQR+%ShBD{&Z{Y~x{b-dkL6~95eT$HN3Znq=*J0|kIjN7&DmmWK675Z<WzCL;d>fn;
zcBAvgAExEgssqo7Js(mCiqL-W(!H2r>H0OXOn}(A#?Bdzph0P!&UtcWlS++oX%i}=
zQLF9>)Su)+OJfv9<6S-Vo@rKMc!we<rRqNPN<hp?FO9d)z+!Su=Y=*Y`wmRzg}f1B
z1GNZybDNzOG09zF?ANaS%R!{1S)wEI4!_>*bNfEp^Zq-Gu0i-}EZy52)W+urvyY+2
z9mP!?1?0W?cw+<-x#tk=%bZ*^)UbW`G2Q5sH`B6RCIIn6`Tm??MJC6%n`w+li#zfO
zBhHt*TkCoLIeF-V-ZTj?O7~rXd<`azx2x1O>wO8E{OH4YS0n!V)UM#bp1+AgmG1Sz
zd`Fxbzk{=1GmxWSbPS;1Qnyi$E6OZTAl+(=Y%TM8$rfJzczx?j4~2Un9SonTa`bH%
z2OLEUDxhD#wT^i63vPl5fOR8H-{EmMc9BL7_V$=8+^KA$>>INA3|P&x!Eq?<m%w!v
zLR;Ef2AuTQQD(#rcZICTq8D1M1)LO5ywMEqSk|)ULRZ5-ECL9_eCIb<wg|4|Qj?4a
zKAY4b(XYphsZQnT{6QiA-b9~_I%2Z1>TIG<4}79|nE2uR#L|q6IC`-8%fA(R-}GB6
z`75L#1j0eqKcT${!5XEFyqI|o%)OTbo-Me}HyklURuN1s#Gm5KnfqoMg~GAW!-;9^
zOw<5r)^UX0NQ-$2S&<4sG^dhbqXk@8IU%X}6I@!M)o==8|0Xnll#g?VKO5&yn0|Dd
zJf{@yPH8?vVJymTNznDH7EGxZt+6*W{(WAp=(ec5g}L@5tTFXb&#zX$`$^rund{Lw
ze+ag|u`%egx4nvsMtpKGWoG+1!F075Ymf2X5eVIS(6>7?+K}l~wa};;NTJF0sJzt=
zL(EfK<n70P^mDu`bm<8@c4wJl?#4L@w#FHEo_m8nPTncX0B7F9xuOpv4?FJ>dzPJ?
ziaB<@`1fCOSyCZ#>!@9>J5=?A*(`@VkNIKz#QQo=8H^m*<Q}Vj4qtxER`~@B<oYuD
zjfmWx*1v+(?CYz3>ZJQat~yH4e9O@>gsWT=(m$Ls`8`I1qtE81`SbDYLi|9S7>v&3
z_4np17k8hO-`AS>ZPaq3=fa%SnrL@^8c`oAX>fFjyuC)JL?jTdDU7{GHEz1;a|3FJ
zeWwG2OjT6#y|u3{`(pdcS68C+X<gpsk}nHye7%f>^L)PkdP^X@;f9pAbA0n%Eg<U&
z&s?Xf7^ApkFj{UNuN{qTj6Nsy&P?en@bMJ2bv2ofGaMdhc~m~+JW};4p}ZSG{sgRC
ztqfPiW&a{0W$pz$|2;Mu9a%m`c$>9oe>yl%Jidzpd_>1-*rgNTVEFUANZqVI#Wk3?
zc+k;K&oXH05ekt1>sC;Ct#7)KdSBP<@-?}e$?f#3pFEm<QzovAG<Q8(tVe$?G8>_?
zZ&-AvJ}nq2+`Cu}X=F2`8uUJF^xJr_cCUP=sdf|*ah}cUi_v?*cOi3@YoylhAbXpR
zT(vFvv4TnzxmW0U`kXO+taLV)GCWqkZSlX{pbMaXc=^8_^_$%|@rMt+C<hx8j09Qv
zsgHKh9zNKnPg5SBP}rr}CGYN>`;Gy;^m@9y)xvpHNHd$ejyAswXG|I~L*TfxdAoHs
zf2oWwYQ3x$+r(hoeE*L9$Um|AY#N=O+0CNi|D3!^(fpd8`?A`#k#8E;SEG7duM5{@
z#JksP<O*xCGw<Zc{YUiw_B0y~_=Xj(d}!YYV2?84p88eg{^-D7>hN@9wCjQGei>ER
z!KxG&dviZ^-hK(7{Aq{ov=*4v$NT;;(K{}sT!~prW-xD~eDxG#aFlQ0gEx3}in%*h
zms8NCx_#i`KAoS(l9^fInqO^#g`n)^zTCj2K4oETvLIMe`vjCP`&<b#OyvlE43AOY
zs65eCoH`&5wi=xAJkh1H_#jt@>^Cw_nIR8Su5T&%pxIGo&eO1a*jJsnpD=nF#V$8i
z=B(1gId~iCFSAzU$o$871wNNuCfQvH`Rg}t8?M1ey=UywEqW8|65cDzbhy%jY18J!
zd2^<$5cX`N_wVchCSL=Eqhx`1KLravFAEA5S$~0OL$`B1-mJU)Ua7NgnHvUdJE|yu
z%qtNL5&uCrW1G&#t|bM3Sa{P8H&`rzoSqL#^VpJ3Nq5}wJJiwQdBzMjz8C#+&)2Ds
zX^BT`C0~G5%~a_E&~F9V*vvHJ+&#z8m?M2>vXN1)Fv_*jqS9!2*R~*D74hPA{D?tT
zya=fproT(%>-Z)IBZvyFoR_hjax^q6oent5rEVvUL@yB$u};*_O>ylMH?LZs9VN~}
zcZJHg=OI&2UNqRWo%Ed7N>(f2KZ=B17S}1YgpmFm6b-{ZnvK-0wuz4t;*A}TwS2Ta
z_4KxP>v>-<snKo7$m*}&XB#2)8a9JdGb{M*b-kbP=-U{$k@micZZn^gO%E2V-gZ6@
zr3qY{eq4CQpEr*Y1`N76HyR%t4(D45>_(c>I62|w^e>kRBF)7&I@iEwLLj7U;Tn19
zO<@}Qziz`g^5|V51kOOr0k9oG;8nK>Ykh=Xf{aihJ4j&rNHCzpFa^XAVSS3fL&095
z!UmxvgOuXosF^TEf<Y<zP18Vrg8r>2I_dWr3lggXOC4Z&g~_VJ=?R6eL%t^>Y#BtL
z`p0#L!<2<|J3>|LF)j7^aYFwG`yCqPh+WgC)&{Y<&#*M;3jjjgNB#s>fPz$rz`Y|u
zv69!PpqHXOkkhB^DZ;l>*dfFJO?WO`RfJog;1MAUBI$r4Iv_=eA`Ov9#gayrphT8l
zlvHmDf-OOjFmDPM@vr3Pj36dV)VwFxl3huHHzi${ZAk!8mW-67rY1cuN>oh%JtEQ)
zPE9;E1s^9;88a;l#Z`pl*vHrklW~NI?E@|g3$8<q%tLAsM6eB-W<nsz7kCWyyXE%*
zsvVpJQ2f8rG$rg#`W+k)&>HIhPnx!~GX5_d9TtG9hLJN)Hr;InNs%sS&?K9wOh9b6
z0bxZQYGuV;tV%UpaY191AuE&T$tfk>uYs;QRJ}yWLllX)B$n(4TSZvekfNsh_4x7k
zP^aHbkC2e4VBkIAOWo{cYaA&5;^gos$9tyz^z$Xl<wnj*dqH1F>C-Z}_51!^RN|Ky
zGovEfvXROWL+=5s=wQ8KZPn{QK7$Jpj?~y!gcEg&0LDWo$+i*&ma-xTme{A!dK(K)
zq^VdEv;o#*zN7*#Ey<)1*BL2>lL=eu?>I;UCbffz<hjIq302v+EJ0B@if4X*2dcA9
zOZdA^R+W))(J~Hu*kRvpVnxwT-@6dug7l8BZm0D$#l(j3U34`RybwtsKNKle_Jmr1
zxHR1>>bxUf%RX-Kc<V;3XkUIpG$(o^$HpL#8TfG;9`r<lpk%B?AA^zc%7dvsdF?rZ
zSdgxDD28gVbpq*K5y=OUM%Wq6(s7*4`9yq*zJJl^p6fzB+!#)o+?^yR2Ge*XikdBT
z>$fNs&YjywzYY>5F<S^wje>ed!JVQpd@S{RS_?hg+k?<XVnZx8UPc669k*pzR#0wR
zsO>N0r)otn_<eqrJdI}wmSE@Fta#rBfx3aB5MODISX$t2^CMg<PY4IiP1GWw2`qRD
zsR|-*Q7GiEau!^)bfrXOm9<<Tk8#fAe!K|l#=Cq+xDreZvyv>!7`7ZBxy*+e*!l@t
zz3uVel>@`Cq&D9g*Y0K^$BuuhOgkC+7-}7#Af!_}ja)mKn&?%5S_B9#LACioyT46!
zPxQ1w`jG2ufG%KGiyM+5i$n{dl^b|9yuKzY7i{l!O)}w!sJF~5)fQ}I$ueGh&4)zZ
zt*Bp$0w>PyA-|+&8MTWBRA38)(hKJNID7F@-g#kMe<>nNmuK~>Pt6Z-#;Sm`N;rW~
zvWV9z6<{sfofsY<k;h`jM4vHL6lfu}UFjzE$s`gn>+kegcImKqd4?%%w*0%F`wifs
z^-jE3>OAl*o1)rN&Qa=xW1GVjDD{y_CgwBrICuw#UEGH5QAmpTEY1y@17(}Q!DI0N
zTuvc;b{Ja;Ynpp;H?WeZ@g)S6PVS0M&p(hW^v)tUOod=+c!}9?(L*u_nSG0Pe<>k0
zE%3I}#ac{N6>!^qX%41zGe3k%Qazb;nlzIzHm_WxQK@R@`=XR_3rT2ExVgLnF3q5(
zbg;ZSBW)ovhiB#osWteLEsxZOGDFi&e?bJG93rEy$860L$S=wX3P%@8sIeido4Y(x
z#+x#N_7%(PHysIPT@GIZzc)oX_Yv*Nkut!#k6?*Go;k<h(e@jjgej*pLEA!0kXA<C
z_jL&tCD2#G-`g}t$rg_Bh|((DU*7&s#9cYf+}^ZVlbXUK3OwVDg$M&J2AYt{U?EI?
ziv}|8JOj20OviO^@Qf~oVyP|=w#$$yQI5vM6=GYbi$-G0L1PTy$T>oXHaAMf-R~j@
zE|e-uq*EaaZ><<2W+C5bQoRRM;&qLA_r)|TiHVu-C*iO|0v#a%p&=6C*|Ue&9<Sq-
zO|Yf5qSd?O+{v?#8l~417>j1x7a|jd9!)!H@)Zn2Q{kC&9AsUBjj)J_k(<M40gEp(
zF=}lk3ME32O~PSSCl1qu#)4YJ=Y^+nyOYFF2=1t|iRpm;NTO<GDU-T#?6O_Hnn8A*
z^!3kKk}RcVp^#o$fKpbJp~bId*|LxSNqGDVk)S-U+86-jh-^{_z%dKfVx^l2gcH=r
z*BxU?KNY$kPeUvwJ|rt6#D-O6gOAiBpDSaELX~v5tvf%*l!xUau!LxmE?jYz=cEQQ
zD@hk|uP!Vm=2Qe41h>%s5J%0rGz}>0PlqEx5m!{g4rzzmsFW0-F2l2><e$J`4Jw9;
z1f`!5fm{ias<-?{jd7_Sg_->ds0qm<)uaK6YLu9pQ?-T!l2cMbPn!mAVT%I6B5=(9
zqT=}qva#a9>oRiWfOSq&8I%w0NlX0;OUV<{Iz_5Z(*ZXF;zNpXtjv}HLo-5x!eq+0
zsLGaEgr+?#@(gyR2(NTOT%i)BofN6<#QYaZ6hE}gMOjG?Y1x;*LMM(!IyYe1s;)v#
zYZ|Qb{z3g1vu=9%-%~#ghHhACGHH1PV$ru)cFDWsjJ}LqW{*BiY62cW8c(YRgT&GI
zPBTAJwq%TOJU^C{IKXe7kYNJ@e7tzZf<6r?M_T0n{Pq|X|Ghxan)>ZUmM2wLg`-(#
z1Ja3OXygPOb5d3Y95PK*Rc(HeM%Su1%jE6|VxcYuOQaPl@6JFvJcP2N4N_fFAntsS
zj?&!;K4ul1&;+JyBTli5;-VtGK<${j?78L%CwW?I&(8@-zgGerJ7kJ89qtYe76lZj
zIlaQF1tOHkhv`@ukf=+Yy}`}ME7r9tuf1C?An&g4y4HLew7AKSFWwz)NAwTphrW~r
z*9W460BIGr#;Md|1jSbX2}Wb5FA6KDAEn*yTpeT}+R5DWf{=*nPf(p^H*gibzIH|2
z(95~bUms*gMugo@0Ya4N6NwrQiQK0bLk)0Z677WA!JKOeZuwOVzJL4|YAjV~1w*4z
zW^~C8%w2QOd~@H<WOE;<xn71&9iwKN9P@7j*53v9`jCyy3<SIKa6R#Zrl?d}EXT2Y
z6dZb)*+WU17>%+)pd!!!SJg(1l8IBImn0}mJ`;`bX8ZOg<&D7{f-7l6Z}bRvHLn08
zlz>1&nn{!i^rP^}0Y^A-FR(RgK~XcXf<Re8Y!g7ReXyG+g<>iLZtV|2fm_b%6(x||
z(wlA`?{>}@<@s|6<I-_bU`SKj@VhpoV#JIBIL+MKL;aWqMZC<53WRFSWQ4C+#*efw
z{XU-;-N5X^+q&Sgl~47|EO>>?pn$<2R9o1Q+tZh8xkK`7$`9={a{+oe{j8Rk$wk|Z
zh1X(}m4zKYWr-_}GVC&;)!7Bl`|^eHywi-MxTOt<<l38vCB$>*LVKA{tc*nD1A(&1
zO*hZV>r560&(tON2nL7w(T98S?bXW%emBn~{@VFNoBI_-5Myj2grqZnfX+w3nK#Kx
z{p&txCPz&zK|bVai|)g6zjv+ZM`ZVdv|sD-#&^l5N;p44Pu9=V!{)Ui`;V*d%b*?p
zE-uH<t@=+rA!3yip;yuU9BHQoKBu?s>i61AunYlh_gm~}QPQu<lHDIOZ<m8h%h$Q@
z7xP@JscjyAOqac?^RPcV3}d|SDi@C1<sJe))`$7y*|oYRyPy5lLEc|J(AD~j^cA=o
za_3v^tFK!zpcd}l(}=#0r@<21w~v844shY6H-Gtrv=HfO`vbFg5vpoUJ=nXL0jJ}?
z0vo+`#YPEz#!auj&;(pAcNYF`I`}`7_8)0KNO&^hu5{6vzq0iDJ8!pd9s7@a&(<Hu
z;5O#8J@0+c4rcahD(btq+YCAPAsL$Ux4Ny<V!wd7oMVH+bIFuCba<Tc+;xP}-+f^E
z^_sL&*OlM4^zLe~ow?pP`SL%QuUv9{zm;wZVBvYyosZ1xv|dB~A<$eswS50<Zf3Oa
zJRfvfHE3<|yojCp?(~0}DPh$>|K@$U24&oSy4yo7EwY<;F#wyv$W40}b#%QytW0r$
z{khxbP!MPz?{vJa`>K2|{<nQ!N9*l<9G%C$sYUkJwxgrLej-QsvR?L|Q@-`Lf_KR8
zw@AJm><^sl&g#?jnK#NB+!vq4%9~x*p6BzdfnNCv-~2FCM8xRlmm9$0K4ga<mH+uN
zYbxpFAA`vnJJ}w```vJVPWM-V&KJT6e#c*#yEyRiJ-FZvAZ}-0!Xswfy#QH(l9xT>
z>_4vf)h`DmzSU4mRS(T3@66p67f;Rdd0gBE6`RPo&Ww5`lTiT;Zhm<2*&P6l*u}T#
zcTwTMdIvqm^H20JqT$D3Qd40G&cD?jx!V4{Pu1xLIUgO)>UoEqDMSA<G}=$!d`so|
zsi37cnV%a;)(N;L(Spd!3ymZD>1e3Njza0R+*_-k_5D(fnh;oPqoT~L4>!!{Dc=U+
zZ)XFsbn`!IDQY!EIGtX?d2%(R9JAS9h_g68qt0{L$G!)+H<ccK9d8CZqXSp#9{ZHJ
zxZjJ`-?BfihxOCxwYHTz$=&sbPbx1S1U5F?KOzsYeNVagc5an#@)b{`Tq_#p+ZJDk
z5zQk0E`;spg@~)mS6R=tj;l9uUG(d-+Y27ECA-)3JnyV3$IjQp;ILwQH@4QWZg)v@
z7s9^p3R6b3Cr$`6!=9Xk3IpJpeZv44hGCUE*UJI3HW=?)TitLm-8kHOOpbl?E~M5y
zF#xoF?4}cB4~{{wf6P}KEM#4Da2sxIAFUG}r6bC2h{H(h9z1}r2lod8@gV%R5J205
z__Dv;Mi}k{CUX4^``_))uVRDdc_IE8Cqn)I3MRmRvAlX}Hnw=n=sm0+E8Z3!l<ho?
zEhaop6gzGxj(7?UQp{4cdZV_fM3A~Dui#ayovY8>osE;1(H8~kqA^I1z->feprRqI
z04a<nfeF_A{NIFm0lzJ^Rc(>xo+0JPe$ycppI*yv(3AS|Sj=#}@a%HE%*^am*6f5K
zX>BE8uL~ULvqr}^g&^T9;Pa<@IEPvntJAnpa@-^jhE`nNdwQs`Cf6=IlY3W0Mv;fh
z3MFROI-0d;H<+l+POA~=H<Vs5XFiZHo`{O;m9K1Z1J`6Rk;su49avqDM0Sl_k+i~+
z>mx#@q_CVmL~7D$AcnRbs%ESGFvh4N9_!YspUjIlS%t%x<+NI{s#MK*+L!CbVR)u@
z@{T@)rk82Zp7diJ4+=9sBGdf&O9as*LAzW4IVl=$w?%z=b-tX(yn0|yXlsPE!OwZT
z9=u}MWQsYVpAc10l<HxzmAlI61mL<!J!xZJLxNa87XAxiV~JZ8k5AwZsLo=%wN!Bw
zv01A=3CX(dUx7xrvea5v-%pXcrm8u-n^W!4J<S-aHb|4(H0??ADA5RR2-2z8Xcy+X
zS$?x@9z!1Zs+&doRT~b33#=6JuDbG3W;%lOG|eQoRD_)+w$?h3yx`Qa%GRKjF^nxT
z!rv*7{EPXD4Zn(1q~X&^>jyn)jV6g1w6Umv0oq@fxmiC9J+;q|URI8Ra-9?+Ep-@0
zoOhovEQC|fQgKqNYgN`9-DyyZG;>K#1m^|Q^vhQ!!;po&D8pZNMZjob-)I(#SsYRK
zZ_M?*_%!|w@N`JWIoQ&KX?4>+W0;)#xz(qMPe)Svi)Ne*?7u-G2zlHD&ZwdKJbnsZ
zZzj3xe)A1(yGwQ=4wN4gQGXe2Q>$R=H39i4Cl&4;OUiK+t9>4^wGis;d(7Itg~VR6
ziv$D}ZrU(+^?dC(1*-gCWXOM$IKet)BZf@oc%u9J_~!>7Z`q6^_fdn>U{y&v;)opZ
z>6p`EeO<}<C=x^$q4(XxKzrM%5)d>YfKfGh2p2l)u-B0q!MI!#4aKFSGsp%WUjteo
zBm^7#m0#Im--`Hba|+Z=mJ;B#;Eabx5`N7k*$2*ppFPilc*0aX!`aw4MK2)3bu_Y#
zH_%Nt9OiY9PNfbp^3jG+3l_2QV4jNgYnBQ&xreX7<BG4mp$Y<!%dYTO-kBu9h3Cqd
z)(tt2lV<Avaq`8t_Ep7(-=G=T>jl++#=Od49;M=Ml71OQ4bjt6HzdY4gEv4l!J{x6
z#m_lI&7_kjz)zQM%5Ly_RY$(NTYd>Ep{yC6N=Ayc7%SzX=#hNI3?gKZi2N&z<sicT
z90Xk8p)rp4NXu>Yf{+1`6akS5Ld{{U4b(!oqanfiR0hAuL0|!of_L)m{ROMC+CN9Q
zB<R~9>cy<%zcr{k78Kb<e1!7%zqN<`mJ67s&%$iA#DcSik?#&QSaUY-nfFE(1iA<U
zcpDZ56w>ZRfpUZBJa*HRF|Jq(Ww-2UK@&k{-RsZtV?EO5OcSkOFC_@ec=)rbJB!U2
z_07LQzU=l0I1d%H9_4se&3>HA<s*6%?x6M7tUY(ql7PQWzPEe)d=G(A3Vc2CsERQ1
z|19m+@VzcbmpJcjAl^Fssoi*S{cv6-C3Fz*SRZ@Sk)N*edE)c`g17nF#P?YGQ~Trd
z0{t{j-%Ggr_}oalL)$o>Bvae%`CaJWGxxBS+bfYjjT=5v5gObtE2e<ie5q7nHuH03
zG~|Zgb|avSk%Qg-`&M@w12Iu<{yts9WA>Fc<s(l1$9Q-8eX@~6DEo-@tzCK91;<M4
zF&J_0lCDkSWnHB}Jy-)}a=>M)d@%Q$7_Gz9#_Qr)%XR(86}n(2!Rhti+--k$YcHnf
zcBC1>7t6y*_2f&9DM5|y_M6R9{V9gQN4k@r-xFrDcOhjg!tVN8rj7jf#dXB&=;-(3
z({UW8{pV35^W+V-pvmraWbT@$#^<pAR@1G<#T28!`(#2cZ}(gJLE~($CuQdA%e0Hf
zmgg>Ei{CT8JR(9D5c#MyyN|~l)cbBTHRsJ)_pu9&+U7EYTlPlfbNSa_@h4-qDDEPA
z4SKiIchV;mH_h#0dzDT#=D8oB{~mjcdcl#Vz=41s|4H^F{}x6$n;9E9GnyG&*)#s<
ztHJ+SpYHj8#U3;@w48LFt0`NL&CTvj`}3$kdd2rVk=7xQf>!!Xbh?dO#lrb3_m`IK
zhHO1^3z>PWdG-TR!9pcG5HQhbM4ZT=f)PRVLBvAp_-~*$V2aQ*EITrqh{&Bzo{<T%
z-7VHrpBJ9EcAm}ez4u}~%C9vXORZI7d+QU<Z@f__H~V1M@EAoh=J@F02;>d(p<+p4
zj`8^PT=>wWaYfl1sQ}BVcyB5xL`0-|0p!K(h$d{Dyt}lWOy|ELqEc)_Sk%l3Y$`0v
zFwBDq=*ARh<R{tG;n4tnZfy8WG7%?nsl+p-0tsU>@^!j)o~#Kncd|k8NG!Ujwir<o
zlE#ps6Fg%qXwsjb1!rTIF<Ht(GDg(t4Xy-E=nJMv(@qg9Rt$w>F{!LM6iLp7KOFJD
zORNH#vt^<Inm6=$q2cE3O1|PH`Stt+<zB)zn%cF?un-AwiP7PtWQ?@AN~u$#R0J~V
z#ZQeAOLJ^C76?(L&X8k*9L%DNl1W)Pj=W;Jwi17L{hT`o=j-Nm=8{%O&FS*PN$woE
z#oAg#lO3}h6M7WJ%xb&QXhH`>U}3J`;x)4InpB~k6+?lMjsl9MkOt(}Y6=XIAcTOR
z`v$ySf@lKtmx1gN?lP9C+j0kaXEd0_fj*F)y{j0M+)@mQj1lV+QB>>q1|3MOt#O|7
zgyWj^l$r6SsbGcXYTkoLbOe#WeeKcjvRBIXzQqnZ>wu7Qn-E~^A%{MnPuQ%5>~K>{
zH`R+amr5QXN>|o5AjI&NG>zdZs+^>*Lekuc{v{uR`Igy6c4S6GzxjIHmkC|ltQh^Y
zsqgn_4CSP)SMRAEInwTppMG6I32eY{s`7;5iLEJtZQ&dsvMA67^r+{(H&ZvEDAg36
z6&1eH`r&;bC$-a5O2r5yr3WB-e@=0b9$w)HSjp9Zf2zrpxVR@*e8S;2=~4-6B#?KS
zaZcQ^G;!io<*5_9gGPA+5geI$tU!BW8wE7@xn=#~bLD_9V^dtZq=Ar!(gDhLM|yXx
zTZ{|V8%s<GnXTi=GW8Y<NU)?dyU_sagGXk><Y?!09cWnnTM!AWs?T8Mo&s80qAZ5E
z9SlBHLgP*LRB=)PMjKd}_^f|L<3{H`y?@NbMw{|d?|w`ol{v4A9<3@Q6-8aXp*AvE
ztSS0PcQmJxf9I_Ad=8FojyQ4YHIb?7qQ!@<8jT=VGZd@c*C3Ma&cortW+fKOZRjRd
zp$pXpUs9idfA$MhszpEFQ3dGV5JKr#{#di!iH0pt+<?`GF4`Mf&@^L{o#=kO9i!Md
zop)?@VRXUPN>x#sclh+{1J%i<520Afw3cMOWvY3M9^$4BuT1#5up!mrAt@S)SSY?k
z%k;Y2pA9eY=bP-~<SPrqS>cwif@w2uVTmczcT%()ge#p^n*rvk{^e6^YY=b=d4-Z|
zJ~V9s*7r8`#@90EgOS`){!YJrn`zGnPrpRQ_P6IklN;OZ`}<?>*eColT7ElQJe4rm
z$B)?pyFXpkqa}>rU&mvu+pU{~oy`Jq(c4~s1qa7OreRYOLTx%dC`xj>>i}mjo`jx+
zIX$0ujh+4Lh0CKnC<!sox>~-lm(4@p_Vr#-+Omsz7ajYYQP0py2yi8?&wUs1QQ67*
zx%zH^wmZe`r&(_b`6t$(1-bWu;Cj)GvAKdR{2!>Vuchr4@f)L?Uxky6b_+zz%8yYU
z>67g?5&lvp0<9gL9O8xN`|@79%uNpKGY_$hY!-XB3W1G0HCOHEoNRSF9|iX-Yp>_k
zXRY}`xZ`}Ds2`ag-Ub`4*QXktH6HFh_ZPkrBsx90*K<`3+BJu9=%J{S`qZC~;gk}+
ziwu0e$M?4tFBQ9S1Ydg#973~K77!j+euqPe=e+^FJ<lQ;4WuQD4&1FlA2-IQ6~D1Z
zDQ65+;t$j&lAXoWe56wv1htBmXr3ZVUQ>#t3zZAz7C#XGdn{;AGPe3c`?p7k5C{nG
ze~tzA=2rjPL?cuS)(2IsW7c%xM0Nu-Nj~pb2`l3sYax{y`Vp9ZF~k*sM%C1nz$RBh
z9#26mB}2<kgI@nv7+n!Eg`=%=)lF+juiXo?%1h~`v@$?HcXc$<`^!_K{ko>1@^a^9
zN|xC9W@mHv<|6BD#-r!qC+AdFr`J@geVpyvuC~`+Nzco(cs%*nf+-8ROOmt=6E@Va
ziCx08E})3J@LZ6EKtU%4a|t7Yrrt2zcpWQlXpK0*kOY~C^_f_ljbNk5iLP3jI}JUi
zXrcTPp}0^@N_$~kp1hJCOO6^K!-Ng%T5KE$peuq~-FcjbW|a|10_`YFP-Mc77_GXJ
z=FS`HXh<<-!?G#0DOuM1m($W#HMzI2b^y-<c;HQA9dPE6FRj!-bP^MqoZ*vGJ|o4o
z?GjXp%9}jIgU9z*BTOX@faAyPqbPZTtYD4SU6EO)me&IfxwB=DDcGAK*}+tBL8Lu!
z;JXb)LZVYtV`KkarZcFGL}{if#_3@6aYHJ6EbZc=G*OnExzAxFo6ewld2)?&c`y?r
zc)du7bv*pYlEK7C%0(_}&B9K;Vb_rXX&thXkZP%78L5)w%6zglrxO`NO&c-{*=MkY
zp)J)6U_og*@E-O~-KuLjxf)jdh!W=oA}czNfD=ibS;a0_o2zQWbwo}rX%=h+^I{IN
zLmg-CWYf;;!({R*GG!6_B~#~d?L7!dFTF`RCLLf(Q;xUPX$RYxXL>DN0fQO&(8L7M
zjT}|(13hU$|HUnZ#1tx~))FMsh!%E^5?kni?0v~9zLaH*xUfRHS4un}za~l~xbT!Z
zz9yl-ISa@8Z%E4cLLSiva8QCpUyJRcM<h3O@(Nd~`liq$r<r)nKF<>X4X!b?*2J0B
zT+L9`zGUK_Xmx+Gx}vQF?-us*qKt<SnLG(fTZcj{u@FUL696&XM;giVpxD%63NMyN
zur(2`#4U$;))HHSjb}6HmPa<(nisS<Ren662Uz~8XhB+nXgdKYo?SA0rU)e<e_7E2
zdU#M;o(<u`&2;@;_~X}cn5mHRJnM3RJPP~5M!Ncx6nG*lGJIGvaU)56%d2DJJ@(C^
zbZy*X(|Pf{;+>b1wx^Zn`EARL=5MwzK`NX}S?V9fF1(@Pg{_4ZG&n=#uA{zBMdfIk
z>9MJ3{2}F}ambbo*=Ndpfd-1NQ>M8>!6a&RvuRH;ipbet>8d-%13HbGx)ueZYHX)+
z7Sz<ML(&ZqD&({d3#B;A;x78MGR>xq0EQGroheVL)W7%?4b}r7RTG%!+!-!j&)l@n
z&WY>Pc7=_ibibDbm&Iz{Nk+Z7k~Syndm^Lw$E^~45XSX%?~`@HVgT~ai`KO%7Q-Cp
zT927;3*)5_aY~TOzyTx5lw^>U|0It3{JZE=l59%nr3>pDkc@XpKB!*Ca>^;sQ&}|Q
z@Op}KRQdM|^;u0%eoC1lvw308VEF-`Z5n9?+t#dPQ>j5KT%k%r;`)T*c)bSnIZrx?
zeBP%-u32{JA|#C<{4CbY(L(AY$9-PPKa&qA773Q&k($%ayg~f3E^3^)l@KIh+<Kh5
z)QyHUogk;3znXc=@b~-QnvU|+Oj{f1Nf>}^oP>JVem^K2B%tAVs<9X}I1;6Sf83+d
z1b`co;S?9}_Wi=pEDQ&R+aPwziw4DFt+>_f!1?{MKrtiJD33^RXzIB$o6aR=55^px
zq9DmudUYe{!)S>uLgzH_0j0<sYiIP;w0_>oneCVE=Iqgcl!cLoZ&lUQ$4RIjR68=z
z@&Kfq9|;4r0A?6dIfU9oRyGj27dc?VjOmo`or;TjBGW>`yK^#B_w=e;KX0D^gjW>Q
zsF{eG=d+~t8wK(kAG|CJ#V&BJ(vq!9mLzGINvo<i&cs{GpLzQ2SU>hbCjc)i758_q
z{ufXg)`Q5C3CnU^xBS=IkIEMqB16%>R#Aa4Q!mz(hx&o>;3o-F@9)F<u_*VbeXyW`
z8;W{PsLmKrGP>D!{JsDx{bTriY=3;5`)ku#EK7MT%Oh4CGORB9J(}k|k|3LcNI>5&
zWJkG*p(LvVs5eqYUL)q*yg5_E9Lb@QvNEV43ZVkn_A1U~c=@&JA{d3xkPI*Se4<aq
zfa5%8n&0tzovNyEla!#9rdX5e2g+q&9T0z%%9esl14Xgxfh*w9Hh-T)s5=Q3Y?E~c
zUO?C<^qYyb<eZvD!9iSzamtA$Nv=fEWWaUGg2x}HtikiUe^lJMdi;t%bIZ)=vS)V%
zQb3Gg*RXd0;k`Z?+(FvBguinkr(BY(KYEaqvnq#v&M-bkL}3(BkQ%Ja>+UEv9)l@8
z$|r9fy{-!$E!F;AZL#()F5l9AWbVme_^=cu&qeRzymnJ`-lZ?d#rMaKEbLV<T}B7g
zsCljf+8z-jBA1Vb1{hVkPl+|`j;?<DGAymEY>8yQf<_m(rY3KgSi{?jAay1LC+FN;
ztS6_`NTG2B+dOfaGaRFoh1OfRR>raJd!nbNeO{exvFQH7v((mQ0;4zS@Ha;Il$AD(
zp#@66G`bw9p&3eO1<f7aZFOxq%<6kZplIzZ+Wq@l^6KadFzYX#P@4yGXbp}7EwqZ~
z64_3@Huu))W4U^XF6wV+2Wg)kuvxzy_L%NRukJI_SRN7qCB~AY_{*e^PwJonNXFR@
zUwO(QQrxQ2xvC$%6b|xik9{0P$llq_5+zG^@7pPXId3&B_$WNWub<3|!3V$GO<y-F
z`pMQ;U+j((fFpVKq|DH%eD`{!x+F|QH6~Yj+oEto3P4p^i3^aJEP=li6j_oq2+SfU
zW{*YhZp7$|LQ;GjikUX_#gFc3h>X{6c@1}2y1%714@djKjo0C_&-RdHN=!K|OZ$-k
zySjK!UhS(9FoH`II{tgK5^)cl&4D&xD)1mvA>T`?r|9KPn$}-xP_Y=F6aJ{rD&PTq
zG8jM*YDy(~mMGewt<iJ~8F_-8)L2Ca68-RW0$sX5Ki7}hcRlnwv@VSo*AP>=HcFKZ
zH@YGOJc{-XrI3<cSi$xPFs9QcL{~D0f~YSlLn-CP)&Sa-TBgP#k;tLoo~YZbHfd-G
zZ);aNr;NTFw6I=x!-8mkV5p^1GX~0EW?wkUNu~oIkX`tM)g33jS5}B}MfL=*b^xZZ
z6qqkm_aUFEk%0L*NU$U=E>2gD9i`67(lCiYg~Qh}O>^IW(rh??PqPKryx~(#AK8|k
zIlOPqxm9rsvx(Q0C`_xV|HvaXE9MzsT(jb;q5p4$_}*qpjiv%}8D*^*=i$hDAL!DN
zfl~<13#~neXq|=~#D^y@SAxWdsAU;=B%kC31VA~@Lnw;?m;LZi%{##pu$ovV+)E6g
zy~QatU&d)s8Z3P4=(B{gA#Q~Ridw(&XoLQZoQ03413!Ur#>Cd{MxzbYb{ZsOPqbcA
z5H`#k6!Ao(4Tk!}ggn>Sx?N<pXIu%*#ilENMN$tIVF{MDT|m;Ny@Aoklx7o@Mi&Zn
z6%4Y52tHR)V8+yrL?NQ42|P=y{bz~W6dhrZ7|H#?5$aXC?x3-q3N6eeTJtD*+tJ3R
zG`>J!Lv;x(14mHB8(n^((JE`oA>kGR+2P13S{S#cT&|<L>8!F(%7CGAm4D9;LbHwq
z1dIFWtkaRwqXA-+8ZD5RPcxW9#j>y_3>=*oPerK>Se$j4Zgtrf<d>d^bqCz9Ohe1E
zh?D!6#95N|C;47sgJs~#7P#t-foxM$I%sMuaruSl-}{s?lI{Uud}Z(^?Q~T}^mPcX
z)k|*Vf*LRJHTKtJp$Cq@OG|g6+iGS-M&yDa1VwY^SM<~e1URnNr86{RV+luo_NPsp
zwJniUy<nwhLg>}w<HF#_Y*zzT83l@w=yDzEQ6-eq(iHTIblN2`AsK8^EyV#&^is`2
z+_PZH*?Zm#8XbL}NA2KSLOI)pFrLqKpk7>430BH5o-7tkh^3J$=U0c~=-WW^|Ez49
z(fPd$8-3Qy_+(?9_cPCgUN`1BI;B2*8zVu8dhimDF`Rcx={G{_!H*;?@Y;j`goOp_
zWo`UrxNW>i-s$S4#A!H{Z=_XjJDZZH-7&5^I*?9`q4vxC){?YW;d1{h-I^u0A?}At
z>}ZsM`e@1u_?`3f%v6B_HZdB@;)Po)%ka%t`!3zfn9=P5wnwbuSW^JuD^C08yj9s+
zhL==jvrtVzcN^1?Xm%msp$tBdXZY1>hZJCNg3gee#w4xEz0o6<t+HuRI4(SfkPBxw
zs!EWyy$G6L*nE=(PgV8evytc1!eUOhGuznmGM4foKK0vsE3tLcnVxg5e<Bm}T=~{q
zIegTl*|z$Xi6%7m_2SDrS#Ylz792f<2CGM2)?jYqs9X_gBOHZ6om+b~WlDtQ9ki|b
zfUVRKcLQ56+BL(N+=Dit(cY1{7RHI^!J%3$d@yYTLDmbmXZkO;<}}nfoYFDo3C>K#
z$aXMpQL9HgPp!KgLXdrcb|geb-Qstovg(#6UOH~OLrP!nGWX&klMgvrj+E|zyOJ=P
zlm0vs1;O@Us=BfwFM6G1&&foTWaf8K5cGl0&2NU)pz<`AWLtd!2H$m9svK6Ud(~R~
zFx&o^ZUB{$33X!%CZ75l0()MoD=`k4fQFbO()L>vMFTiYhr#6hk@tG+>VH!xS=L&E
zw96@Ky~sGOr4xx!s+<95!_ND}@2ye**g}PA*Z^tgK;0iScOs6R2N#wH#!)+OB1cUt
z{C>o|9*I%O?gXYg6@>SD;p5%=M%65Pg3ZHyOT~NQfx>ZT?}v2{-_kycm7$=oK%==K
zh<L9Ei=DU1P;cL|*^rM><9;ysk9!iopG6!+0}H@__;f=Ng%AixxFm5pq3^+Z^!p$;
z`yf@QUBT>eh%!Uu;?xfgH%ho(u^#znt_DW8R7XZr+{wqc-qU)Xlwj~*_DJIu<jzf5
z--4$<W5IZ*p~4u5U==aqv3~<MV4K{(;CC|5fF7{CA`s#H{><jx#fpQ#0Tl&C2Z>=l
z8U?)@0l>r?jv>Z`KhytONvyYw9`CU?k#+Q9d1Z}mW(}lad2NhlUSG8si*NQbp#z;}
z{dO07&T!b%0&C&~9YhIMaAn7_$qdL~y{#I<s-42JFx%70?l<tx{*3nr!M<M}Nn1l_
z`zH&w;C#l{hgHFYQbWu@&5giK&BJBSM{}xMyc)44ym%z}FkJx$u}(FOYrf<$QwY3(
zF5`S23pT>zPX^Gy^WW*UGuMFP*o+}v7Q*S0g;#~ajrZD`WZ6w2zKz&k+SJ@c|HADU
z(;Z0Tv7O4Sf<J+UPhcBAHK}uTc^S->llh|?zs7QL)YU%h&}4hD>)ZYk>QW-r{6`z#
zp$@RHl}U-`dzy|o@^w;fq5pONO(|autNXmF|NZfz2U{-2A+{l3dG}YKXX9T}gNOHc
z<S{z?5N1M$B4(rQ#q1*@f?k6kO2PZIeJ-Wk!aqgeR_JwJpr+Ahy-}v7{LS_}YpxvG
z!v6f@I_jTV?>65tasSAEJ=U>r@zT{*Q%^4^_4Q?}-DYu<5pk}-f%bK`Z~Kt%{hmeY
zc)D<&RJ}+D_-x}a6Yyu!@_A`sw!kO%CYAH)w)tBj;M4OpjxNwF@s6{z;kUo#`}{{e
zFG{WvgT6My4_lzwV*&mYvz%bF=J|R(Zc26M=k6}NTx(MxmcY|)dbfS@$NkgzCFkq9
z`s0RMQ9a7TUhea}xdqjs`SbGYU;m*h?N#&2q*PtUpsQ}9@r$~t+<lF2BG}^vGge=Z
z&%5jC__MS$`5MRbZ?T$pt`#2V$M*ZIJf^k)x9{;?tK4a<kJ~QQY8;`Iw?LO3pvAdg
zo%nur8FQkx=~33U)6n~*lFrItxQnu<db3eK<8JNKAni}JPvxmu^I2olc6*`A=1IuK
zumkv=;BNW!_Ll@~+w9EORlbME_vlnF9u1=+qefQRclhJ1e<{D$$G+XN7NTEw#r}ma
z_%6XZ!;b#TpTpVMuH#L&%9E^X&ZnkAYt#9JU$nd8FE47Jt1Ak$U7N5ksraqOZkHDu
zchSAqTa^YiI=q*Ii;X9UKTmBs7C+1Px&5V(@^*gCKv&<_Z>0`bT|qfio-GFtEnohy
zm)E@>X)G>BAun@0wP?xPcV`C@rCUFiqZJ-EoX?L4nYE;U-;V;te_l^#8HN>N)4EH1
z96y7~XZhRzUUT%mK0hmM3i$l_0{l(Tod5G`d2#1pT>$C*^O^JZv7lj|t^e`X^F`Rx
zn>R&w-SzY524CO*P(fXhT&Jj(!;g9EZ9MXZ*aG)}cuXVmk!XQ2N!*^Wo1ym*!e2l!
zynh$6sUIuJOV43!3%+S)?*+7)`E@f;9s7{K&^=;`Ui>OCw;C+5-vLtFGFmEE%P?As
zu!7?;UjNrB)-DhkHcQd09LK9^&s5nlP2Rt2?)9u%xFS`XW_vsSNfxXy6A}TDdm9;3
zk7^mjOkn}be%t7F&UUxIz+XLS#}qE-szFoI+>2#nt@rwcd)jMtEimG{zR_Fq@(?3R
zM7cl^MVTV#p=`AX2K@l};}5HhE5-UW9oL+|`J|W9koZF^eo!x0QWeSKvHloS(q4U4
z^y2=UpkgfXGRW%p7-pw9^+fo#@G}q_N7!~LuvAaio6Ggyh+5j}xa*4e<9iU8bxKga
zmEym8-)L}U|5jDMzm$854{P^*WE@-;>y(buQ`sWGamfE6;O}?X=Y7D#(fea>Fs)Gf
zsq$K%bkjw{^X+c4I-`fkujPIRbH(7sClrJk(T^>No>ueq31W$h&163^sLG-yOV9e}
zj#X|-yClcTWFsA3Hd%^UCk;2<?}Wh|voX9quKkbaZ>}*sV*;aR*3ooARskad3%{Aq
zM6Th_49^^{>8^pUiLQ~)RL@|~D9`Y>fH(XH>Ice`*(r{xmnrmqvb0b-VjV%@*gj}*
z;e16hS&R~>AVr#F=mI90H2NhdeWRQ@QA@Op(3AmZqv|?&C>W=Fi8Z<{iY@9(6o?SM
zf#3n){W3>cfb47fZQHHOe#kBCzQ(}fK;u9!R4;}+tVPIa2xbUos6YA)3?p<cR4=kV
zsvm6^aTe+fEM^EtXlqDos7EMbh(9Jj20ya;C&zzpo67E9U}XP8Hvs>b_kTvj|C5B~
zZ1$g=yPZ0sE$S+E?}N*M_Xy@p4`?_U8RiVMl<eMbxlBPTgHK8ZDm2vZDm5NF${w&_
z6Wq=50i^g)mhZAA`?<W)Gs%2gHJyJBDIym`0d6MBm1@)r6I8On#F_~${T2NcZe|}d
zJz%Ux=MUX4zP&fzHy^&c-QISSJSQs2<mY#-3^vnM_9axH1ymDO^3;0!s%1P0%5?Jp
zHqgSJ9!Fkds8aZZ5bA=*kPnk|YEM;e)EO#Hf@_t9amQBWq9WypWa9e%3|aDy6jyFG
ztARZ1-{Q%t8w-`D!l<lx3Z}w*5#NBKD#dIBH@l7-9Xz=Z<N2C{9MKBKtaNT<o!zuN
zF7ttM$j>MeX$^nInH!eWGch7KP45C`ay=Az3X@D>R237FbScc!JO*zEx_R{2P(gIL
zA(8W<1$dcK)?sNHjMx{PEcvJ&TPSr|%)tU6dg(9~t6_{7#1NDDu@F`uX#&;t_kwd*
zwjG^-J<5S&;iEzfV0`J>#~Mddmi!M>wBmvJCgX7z<OyW^D=D!Q09mdw0)H_h@_8I}
zzGW9Bvl?lMA%ElD4^-Cb64r%#Rm$nKLozP414)6RsuSoVh{UnKgwPgI+KK9nVJ7)P
zL05*sP;E<62{?fOy$)5Z>urT43iZMeW`qY-#u>NPqUU`_UMPy1F<M;nrC?k>zB>tx
zv%vPb5ZcXFKjJ1;j{M&wWJDBC!~?|{CrNS{<ZQKIh)v`K0=J%7js&1kfY%gBlsf4?
zco3d-X~ZGafmFCCfD}1CgKfOv;pL2%`F<tKc#Le~dY4GP=rbsAmt2LckNB4j3N)pQ
z9SI>80?`1e9jV3dK2%7MXl@v4#}J#Ow?0WAa9(a>yamvZ<@zYp<$6eFad^`ENA#!Y
ze)E>d$E(CVNdSiszZ-9>9ONDGQ)C1z3Zz23C|O`zg4ZUQ2g=ccYmlfeg50QMJcN+A
zri@vYc&y!l=u8|O3iNMY=7+rI^rNDrX6)HnqiXxOq~j0-dI^prtf|wnTSS?}z-&uZ
zNx#<Q@ChJv0+{9*BfGac;5FzwA*uC9qUkkLbw@_$#-MC~W={k-6{33I8BjkB5@|@b
z`9WCI{cHSkDa)dqF~%BD)N&b%J1U2Cd>(umGdvlQjXgyUaI-kNiuJ+BjgGY3K?+6-
z96cCvb55Xsf@up}M<RV=l9Brc6i={u39vXwG?^FK#Bl;AqoHn;ZooNP)TOJ-FB^_o
zV;L)RZldmh$4ESAudXHOxIY)qwP4mAZq`9{5!i^uBM1zFEk`eZ=i~!Y|A|=>5kkEh
zwK6D%$B3cRM9Q&Lt>S8-QeD+%{Nt9`M~F9|Dm5&u@a%DttmxCW@C{)5dUY_>Q0>q+
zbJ{WGA?{A{EtBy(3@LLA^p~=`!btOnhtULt<VPEo(*B`&Z%qT1vQcxsQR~tf>FFY>
zr%0ZUbk)A#)xOnlI8p({>C%=4l_vj-u5$_!Er_yg*{^Kdwr$(CZQHhuSGH~2wryAS
z>z?`Po}P$|`<Zd`D^KpT&fYnFs+G}$#Eja?<_1;;%FQ7q70Z$;R%Arh%k<E?Dw-2F
z5y&E1@aBJY>DV>EF<l!P-}qCL%2^QrWqPt5P}AKTgT&37GE(LchFa?od*MN5up}Su
zvM0wSY2(7sx&iKRpKF{O7bNE-dL$%8T_i325ox6?Oz2lZylo1R>p<VW92IRjBGMo2
zF6jHLFf!@~SaB#(lKRvSO(zk^qA~}?{lR5uj(PwsnYBzz2NCGAiZVI|udInPt-=Y!
z1faFxsx{~Y2FH=M&)tqY!$C&$Q##6o1(}|+$v;Ve&u08<c+0HhGr+<%!4-1C);Ywl
z=4K?-U17zGBm=5*3p4&%b0}X>#MaMGb#<X~8&?l-1dRcB^JY`(I|P=LXSfhRj|xCz
zJetKQ4PqA1#ekZ{ArN4J=hCuq;oaL?sb@%3FYqEueI#x?=HUa0GlWA9<;Ruz&wVTc
z1wJ`M#Aa0ZIl+MTAh~D7t{%uz-R0C6F?Z>_E<crY_=1UN{NPZ5my?I{DUB)zDx;j0
z1hR|zRK2fUTv{H2ZMzv--@%<Y`f2XEb=#&r*S};zGit4_q71FP7}M<aRmG9za#+Nf
z;`9EgKhp{d`)G(t^%HM9P3xTk9UZ>HcN$Q0GYYX=C5w^LIw#yjQv2y}Kkezw=}>*|
zj!WIP+R;|zTDrg3#!930olxHO$?d$mm$=LwxeR0N+3hm<y{B8fVq@EOj!|RPX1et;
zT3s%ZG?Fm+EGfyQJ2AfB1e`UyH{-qG=;}2Uv#)f!F8Aj%ZG|{F)vbNgzi4-pl+%kv
z#=+j$NLcr~&l;`ec{o{cYA!0N)%ix!eG*h@>hP|88y)p+8I9-oOfs8Ad0nQl(xbBT
zB<?IYqw@Y4&{BMT<>T-^&;z%#ejD~%wHA2Pt<k#A=qS4WNaK66mr(gIeu+|<k0kO-
z@2_farue>%tEuH&oByzNKC(hA$F}Qb=`dT4W3z+G?ilZBw7zt3y&d_@e%XB=jk-8Y
z%i9wDN6O$;121eKZC65B-Ym7-ExfOe%&bV0g3h9B8ev-I5C|3oIBRFkImBu@$i1($
zTrlx$g@knG#cKa}cY~!PUdIeRvoohFdOGsUy!XXWOV{ebf!!v$$E^@;k|~q|wq*}2
z+X1UQooTObl|CoeR<c2@{9FsX?Q*!A_wUF}_a@T(<B(o|Jx`Z`_1^U^FY9hcYVq*6
zzHxqT_Lh2y;iNe}Egz*`cq;w8tn^M}^gm~Bxjm}94)bbTCoS8PEPp)<p05HCF2UJ)
zv$~1(wjAFducLOWyr>>tI??>l;BRcO-0w@&WT(1+{y4I5?k=)Nj_mh{RTtg-YCh$b
z+5_7T$#TQ-#cI`qe>wor4Nu-N{hPSN{$bUP;&OnXYC|h?0DC<I>;knL*}TKwiP7u(
zyo2EN*X#ehhr4I^0>d5T8@}C7`kzC5e&_~t^#7_EZYlr(lK-u!F}5(U_V6@u)HAhn
zv@vl0ullA+<I)Lfym{5#cnPzz;20sDEl7+zMt~m37)$6f#N8;~g9bX0I?g758Zu_c
zh|S(-bv-7j4l+V0QR3x<^U^voZpmf)R{5Hbe_6Fhsrk20)#my&`v!MCF>SSUMMY=P
z2e;ShBYTnV{p~&KQ>P}^o*IJ(t6C?rP5U~pO}l1%S;dK1Z8{p&aTpvgeR)c~oin4d
z8ZmFGTf14AJVxt!I8dc=V{~G8zOc-4hov&LU7GX|gX+YRrE!VZGInXS8>m$sH?5$c
z-m_kPe3?{!aBf1?#%?giGHtMK;@NU%DjFryv@|)38R7DNMttS~2Tt5cuvxpNK6bSW
z?xk9=eMyz2e_E0ujcvPiA|#QURl{mBt{Q&rM`E$T@zAtXbw<6JGW~T~s#WUPt3>)*
zV3;_jU%flI7BG`hcUDD=$*5h>!DJkJmimvw@>E(u9$gv$#4%-xG_M-9t3T1Qc4;P6
zOcu_u<c;k1k@LY*MvC-wlO<K<9>F3m4ZTpYd`A`)DmyN~k(F_=ykp<x7K-r>xZ_9{
z61fm!q<(xz4?zzi_Y6Imq{#_)J*6oxlSUmiDM+x&6eO!vSj&V1o?&91zr&zf<z2wJ
z)d|J3;x?lgMrf@8ks3~`Ds2cM@Oj9XgF}2(X0vBAGP$&B#WB<p3KhN?X=Mf)QTx}m
zbOCeAS=7NAZH8Ny>}uCxZCzqTYA{;9A6l!tcPz0RFxvot2{Y?TJA1>$9)O%Rl0`6r
zDlMXW#nx0kP1Mf)SwFQ%N1u$X<2T{2SCuP-)O~-ZNC4_dsOlCf?!HI6+Fu#tq2MJE
z!FF9Ib7O?Q2z8?e>;Y&BG=^8U3Adr_v2B_@M$LZ866T$i#h}TOgP>@SUPbC7=w?`6
z%6b+B=eT487a$0+%Y&E6WthDA1x^9&LCR?8e9^Zp`CQXa^&0aGZyhsAlPI*N<^;I@
z{ES)wm8O|7Xy1E&b)07De#gI57bS2|D8Q}efqjKY0jNl@^T5rT<j0Y@30ve;B0nK8
z5-QBPv{5&0iF9ZLxYm0)<k51-1<S>_))^_<ENV<1GG6PU{a(EF6p+9;Nyqb?S0YuW
zYB5>O(u-}KuPU_Ho4Z<5;C7*VSQk30oz_y@Zuw}ci1ykw?jB3d?JGX8p9~HWy&mSj
z!7C&PSxqjkR*5G>m@3<cv==KD6D2e7Y1JNrH9bL&zXBRj<H9XM;qYn54b4am!ZsT#
z9EgdbABmQJihqWc4WCG2eu@i*m1%I9w9nH89`-#u%5u{_5<UHNR=tH%(q#vf|12OY
zSZv8W0%k58MFd;GwKw1Xtx{}-v0c+(>-SA0k!Y8Z19Rp%Us37Zgj*n3ukrt@a}OT_
z6Tq*|Q!`$UEK?qYC$+8xNlEq>GrxnI>?y{$k3JC+xRj;%1Bpp9+?RM$DOW!H2am~&
z@7_F_2oyDeQ>a4OK$gsfrnHm#&a>kbn(7+MQ}EFiEDv_!oIWP#Qtq1Lh8ktYQOtsp
zYI8O{YgTg`rc~LYBK{0pv4pG@G1yW91v@#z2_@zIdF!4Ef0GW=m!^WTnPYbe2^W&3
ze*gt;!8^S)?EHybW)i9Sw^h%xiGULP%8r|Ok{Aen&OatRO!@DXY2Vl_fs#y>ES!hn
zF}sXR0G6C`W+sz5=7B9%IWFg@>51*400v`012#8sbf00*7k=wT5l>KrAPE0AN1Yni
z6@EIzhPjLr?_m5aK0fHTL9X1=FkwgsW&!5$BaUo&h~{ZBB~PbHkz-87{z-NyK^Y5K
zSu=*D#?{<LNpYb|%o!+$CP1N>%6WUtN~;T{Rm4+ZOF8R?y{s2)chkJ6=u)wrbyI`_
zeEqyBz70O&!>a+|t5A^0o}vN48G-Z?AW9Ogv(kDvSBi|f3hSYN1E?DXrf!+_Fjlf{
zm%{u#DM>gR)#e?l3D-(8j(cSTk{eZLUCq^qKnb{=(#zhpB;8KI)i76zk9!*8KxfK#
zn;3`xD>>MW%7A;VBmAur?0&o>`mGw_oBu-CpAx*V6hLorjzBo7AofD+VV?<xty+2R
zeBpZpl2GszcHRo&I|h=7az|{j6y#V6GJ9=~h&ZaUI}AvdfhFhkOkBcs_@#D07u>jW
zP0ox^=3xSvP}p~Gg4(&Br1%fp1-cMt{J_<-#}0)4p>(zbgf32AJh?Ci2_@3!n0U=U
z!R%!CgydHKKo%mt8Y%K<=B@r!Hh=;-f@ar<k(A_@sZ=#~DlicB&r*?<peBQkA_K_#
zNx5>T`$>7TT6gs))fRI(s2x_pHzRIypd?b{E|4WMeBu_>@*7{IB=IxQ=PrVtlbsT^
zXbT&i5_a$lTDvlyMe#SjB~OZ)tdI=fG=^Cr>UT7TTES~At>G4e)}LBKEl~A1)rL}_
zOEhm>dZVkLeyf*n0{y$+oIkAnw;nitoqPZJ4f~gU;H{4ySg%C?;u}{lMgQUxSFc4c
z7>%&3m*P@rk|dfr{sOW7eM{IWHioNCI_bDaBy`oI-#60(I+F<ZZg6NS+3nc*f^)Sv
zlGWU#THPJ1+NME;X(n}}&zsp=YQT+?lbZvc?xANMt7)4FD^DbD253#?uS2F3gQTae
z5XjB?iEb}02%Z+nM_lT1_F0PBn)H{22YPqi!ytZYnq;xjT4*_Gac&`I8s!>IJ<JcL
z3K)p$!AKtisPa}tJ;r{9&amIi*Vh*iA5Gkq(&Fg3cz7ROS)Kp67c$Z$G(h+itta?4
zZJw_81G7g@toNrSh`%gIm`gmYw+Knv+4+O=Z;~dZj1UFLnRPsE@VOe~$2I-+UED*k
zYbOi$a$8<_a0Qcn+&{OoK<Km#=06wA)^q-nNDi5@eJn<y10n)$aQg%fC_oCu-Tn=j
zZv`_!d3v9rx{8A`y-;%@_{{@TAdfT<!>VMn?<7+c%no6a{7D{Tu=RyliE{~f^H(jc
zSv*(iIA3wo583K691=mt*W4H}o5Ya-7Nb~9b&VXrn<8MbJ(Y5MlWE2`9t-{!w0%pa
z&nJdgNW<<|d?Jn6DvXo!AE21u1m?US*~>RoS+sX%VF)MZ>%)OfPx^rj))F#lo~*cJ
zPSbRMMWHgtfT>-S1?S!DO<o??LEAoQ`nK%|h+hUz>p|15+J;+2u&#Aa=4|cpA1`<w
z!W+d#bj`ALs^3QDR<ff65W3&8n!GoVsZN~p!O0d-$#GJ^9TWv2EyochX|)de_(r_v
ziJh|xKE%l@Isw^1$-=Sw&5k`Z{v0;m%@{TyAM609u!qZulY=_DGZm1-zqXC{5<3$H
z&$feay=ku|JEG<(&+IErc$f>lH3iGkqBu`+c*)Wv9KfDGAyVwe&%o0pFL6*%0NJmI
zc9$I>a+(!&mu(?(+7<cSskZ}AIsApoi+dGX^j<Ge-(tazN&<ln$JMX3<*+V-KPo{U
zSPcXg@UEt+)E+|Xn`}xP8AR-WA3+-wb|L}Z+H*J&QWZoi=blp4QP0H)d~U&0{8m^D
zLL*j+ZMA@Z1mCk@gBf7u>?6)_45auR{0WYMso72rH;A<#sArKr)<@Taf;*T*><|t+
zhVP+-8+)@vQwhB{IY#UuESLncC%tS?NI#?*xh5WTkT{EkFX%V8dF&6JwdO+FT%{O2
ztz_kNhN?KsjDgLAl04(V62Z?+3vk&MgW&eISsE=w?PuG1v}Fn0RZF|dah2bJJH(PX
zVuF1Sjrq_>wB0ZV;I9RsK<fA4pse)7o2mSs(^oil$txXJPU9*?<S4bQ3ygCgn}o+T
zal$)xnjP43LYx5l(D-|S0C}A61<Q?R;JU4khWkbt>=W++-Sv1kg!5!hH`I_#APj?J
zv9G^#3iO}=_g)H@bvMUy4A1Qhc$5yz2!cO~9gp16$6hxq7%bK=hRTMtB-iIQC5l|?
zj>A7n)HYUz-jBq24A@Q{=|&hG)$vvz(TVvCFPzyDgP!+n!+N>ty#kv4OaqCcuF}Dw
zxB+=xO|noY)bR&ks-!UH;EKzl2&By!SUtWw@=#GjZ(K0p3BHX=Ibdui<`7qu3pVK|
zD@G9)=r*5Ay9az%q1(Q?XOImC9YeSJ{&Nh{RXnm!8z>qnsy?)bJ#50j`ka0d1)sbC
zDtc}31vXuupfV8c%4+?L__5WrNNMj@M!xFx05fVJsOHMo+l{K{bo7<P8I4*8jDF4b
zM&LE_Y$xnSW!|T6DRts5GyDUbmGe&<M&CDmAl|*l^MTlvS+tnWl2$+8{mw8P$rF-3
z=c2c<yA%BZ7j^W)4rcTlFEmk9+#4WZkwz^fk*{IDdB0W&0^g~@Qwkc;uekP<{#&&g
z5#|FK7lhj_&;HIJTY7a%I!#mhbn`!Yi$TkpWs+OF3k9fTaF$0Q2`6VO>2e@ROsc?3
zPyT08)C}KQgPo}KZ-o*`Sq;Q~p5$4tjWa4bQQuoQ(*vy0hUlq30~FbooY(y*<7VG6
zs|G#ai^adfL;d|yp5(N^-*-8TFCgR<^7kLnGJa?1bh$Je_u%edyFtJ<%*5IOu;5o<
zs~(Rg?BW9iQRVAvS`?+f5RBwQ8t4c49#batR?nM%I9eC!_;xCZ`zt8O7q^#(p+IE!
zyf<oz9k$mLOeMk%Fq>t(lhGWr@b%jEH0T<rPp7tS7bGcLW*hXKjRrSk9z5<Z=1r7v
zEDJ>P9n~th3vgxt%d-WPqX)**h5eCc@TDHAhV6{UL`4M|gL&T+L(5}5OV|s=ZV^;F
zDmAIX*F68vK!SbfLJi@oyfL3orJHMgv+B<aX^@~Lxi4XX-sTxpQV2e8#NO^5zUW=;
z^4|&4XJ$OI4dl<9C_WPGoZaAiB@Kw-#qKu?Z~WN2fyj*@zsv0qKeB>d(K~C-OjC$P
zkJ^(hxhjC!AC)zyp{!&*%M30@u027C>5rzWwsHG$tJ<_LoysGxs6@lT(?fWUnsN$`
z;TLV(v@$7PzY*`Bs>}9Qp)apnmoM;JgfFpMS!*x1JwA`l`#h2-FTqBMTOkcuPrl&u
zG8KkbKKqA1qCGppKSX4BCPzdv##u>j3=cD;4|(h!;6%6PgufX{ofz$%5nmXe_4qr&
zZ+KWbVc9bLzP~`=7|QE1>NvMv%uC~R<P^yY{rFQGpp8Fzo1g=&dsmr7IStpGV({|6
zlz##4IX1gEgoFSgrw2U%vI*^fQ2X`9>@mV8u2|y_?23kS2&tG9AAjkFI2N?S^@8uY
zsrGs|&%pF$2TtzbDzK~%0chNL!)V88)jCvhOn>t^I5YxkhdL??07s8qd#ai{L6V+%
zWOt!u9L#ym(KWG}Qsz`Sd|rO>dWmK~a%6m(%kk_#rd}{dS&Q5_*e~;|-9E|+a^Bhg
zJ^O!ubyEKwK?`ftuV&HJMp*nN`C9ylRjk0AJ)KdwUC$BAIMjh|xQ*)un{0qtmSFK%
zdVrvq0}&BtA6=*PNM3lNBx~X`Ye(buv&OCVS)=#X^W}AYcBl7y)E6EEK^T4rXBb!n
zKm=kqsn)~6uE$jvQsCzrPAK8jN|*b<kDHq&TrS#Cq?hySdEouA_nyU${_TCYK8EP=
zYxBKF+*cQPmkR%FD?<_@N`xn!w5dtc@L9#JmQbUsN)mQZOPw{Xz(8^0LZ4=fX}yTF
zOJbkR!0f<|;3W((6k?TT1dgOiLMK*rf9pI~a@XcPA^W%HQ)zm7ErRU+VNo!s=8%uq
z3h$qj+9v5Z35JwN&B!iI-QQ0PyRxX}i~U$+h%#brhLi_fYcHqmV@jq}2OH-H)&95b
zRi4J8VyOd95kLunH1*cmFm$&AWa&!R5OKak)#4prBBa|VYg4!tdt_KetJNtzJ!wun
zgO9H6WQtse;Uiy56GawvoMZJSb?e{nL33_uDP?SFH^0MUgPmiUat7Xx;*>gk&!z{*
zO)j}V4kk>y+sE&4+fgA<N@}j%!s6$?vT8K#qDRF2{c!6-$3A{amt@gv8bagjiNvOL
zVX6x+5Mea2F7eQn#+a-e71zVeJofpoZJbHgiwA3RRTZ_TU-EvZ+Pz_oHshv3A&pl<
z@eAgt=)qM-(Yd4gt?ZwsE2%Ks4xa4t`q}w3beDUMrf!&CDrY@Q=8c7LTJ{e)=2DSi
zohI2hGs_IWl2DhH+YFfmPmkE!zn-x$-w@?*7^<{qk9|vzp^w0oD^q#)ozrnBW}*#v
zsIF`)ZqEjhe7=ceEbZMz5hE1yV=-sD8JX1H)3FNi>L1+Ap4vio>r|pzKLJK1h&LNb
zgTn%U2rpga*Q=@u&N^7Bv?_{z^H+9w=&X5kp~^dUQ@oke@@jXyFf`DKxiIEU_G3n-
zQR1H5blg;EDX8e0b~X~v&2n0`<i9L#VtUbki@$F&<jc|zs7h&2>v?+G{c^Z|FN5GN
zTe<Wwk@XiKuzeN?Qu5U}N`A>F-70((=RH$j;I^GO*;IGDZ_X0eL$Ii%80o{MrIO&}
zQqq8pFKU5Wi;?<e=+fNA%VM-dOj?E!+IOlH=a3%Oh_nxL`@+j^=CK>{Vjm)2ZAd!y
zn;>0Qrp{T}T&OF*^(h%@NVi|xmP&1nB|lRnD?)t|ar^gGnztopqY)X@8@zXQn)jP}
zw46Oo2PfI@tJVNcx5&|);5zx7Z_YVJ#7A_wa1Yo0NTr+>Xriz9FKaITa`o(<OPT)c
z>{G_NsY@{`e3M6uEBm%egx;8Ualm`nl01mSW+-5ht=j5EByC!*w)aLRuTws0!_1Eo
zW@vSDnB9XvAqXDg{EJ39h@7?#{%z&rHL8{l{7l|kf;BD`@BZykHCh}he@#W2furRC
z#FI%qSUy}5{rRbXTBm#4c|P>Oys_pxl2TH`I<zpcRHr}`VnXq?wq$np1h&}rFfNyL
z%@@MT3tVQ{O{vMM`#D;8lZc>O*PTu+B~uAeR0F><!SWuGb+>6ODu?oIy3)Jo%E>E@
z@2EIsra2_VcTtdvXi%GGW3{!CVE6Xwf36$&v7J{Flzf^>tp|t!07bJQD~c0wI~MAU
zwhPIbMNOsBIsvnqn3i}~vSlPx6F;6h@`~^}yqoQs<iga{6Y(Nb!OgNl{i74H%0D6;
zJ}^Z&+r{)O@84H5{H*GC!EGL3XEUz6E{tTCA@QNK@N{W{MWVXL);`@`z>)VY%<F=Q
zO@Ft|!W{dURSJh5d4%v(%4+O|BSA8R7%hRL>rocx9=WtB-+1*XFbO=JSLoQX9_y~G
zkRqENf^32zVvOF(jmQ&?h2M2+qMVDAGr#PcxviVUHHGjf{#`M3k-Nk;Ob+2lHlu@c
z-xyb4Dz7X@;dG(=oVbc&U2}u&>$uB=sI_j4ygu|bl|4fZvh*VY*FLGDm%tYVRWh4v
z(7>m$&q`?cDwRE<5TIZSs$iueeOS>$arrm2Pip}ddqmc{F;iwV6*0wenmd$!X^5ut
zxw-Y$;5-wZyNtZchTf36Q&*B<E$02o<oKhV=&E>fWSnWL`Oid`T1{%~W#~>iURag0
zfVYlf;lKWb)t~A5VunSJ$bNgKW5t#|^*|REn%n%W*%MJdxZ$SfNExz<F{Fy2l;F^K
z8DZ)52_eNKh-u@>$%FX4u1(9B$m<L(l~TPNOsdN~-!Xk#49<}puXvtI{X%OT!}u23
z<{60yTW6&jg!1|<ADhh9HQr;rzYAg9iKgj3=LkMH7rF8_>k>28F+Fm;%_9ltTRW1Y
zw5EAsteZ?|oc5on-oegOx-1Of$Oc8vy49(zc~)3rf$%;Ye{ogy+~-<$ceN{c?^Xjk
zNn>dvgm}k~Yc87pX>Nt<k&jARFIq03HEkwpBm4UV`%DiFerJ29gCm|i)UYU;)H8HT
z2H0lKY&R+<P~c#)xa_pGakXhiIHkR8RC&f5+6aX-xLgY?wWZA+b)v{nury|=#<0u4
zpFJbfMz^|C*Yefv2~zaM;JaJsjf1kQx9vm;UERFKqRH;M`qiGrn!<+8v`tlmDbw~r
z0<Sf8T?`ZsFZE0%U3=K}s!P$ywdwW9zK<;O)}J=CXjC&MaI2!=x^f7bd?T@6`7dWR
z#&lp{(t3;2pPz!D)|RwC!@T-m*c=Pr7nfFv)j>aA6l$8^&e)<xzh@Ss%5Gb6G-uV0
zdh*OAZ}<+B=q0bXjARvF);US^l8s5tWj({f>z0>zT9ZHBVMg<*CM~muzh8!EVO9=N
zo<<?wB)Yvzt%o+kdK<#tknd6d;vC8_1R#?6cRqU}2|xXAKOujz{18HhR-KdOkqwd!
zdrpR-6$0Pyv6JzCI5Ega-@An|Bl+~o3g7OX<O<#%T(BeI^pX_1-ZIrr(e)l5Vjo!S
zb}&RhLc$A&;*1oK-<pfxGttt75sq(Vj`*#qQ_}KgxXSS*=phgy;|TotSUs2+odjqo
zvfA-^s_~DbSJ56}PceoD1;>#s>+}d&*pE6B(2^kv<cWX{zXQvap;-9wvscB}*OEMV
zG88}jwA0`8Ev3;zumi%=&#}&LA;n;E;f|lJ9L~FP%*a%;kfX!DE${<+@4)=Xye_W9
zylsl3ylLCqQ<ih;j(rNBCjT}bTw!V_e9hYWNSXXJ3JZR2$hic})0skmrAYGO2fH{?
zZx$naIo%lF8wHIo%Hfu1(Yw%s>sVxBHza+hBI>Ct&sXt1s*IVh!m-UI2GcX%&V(lX
z#=`vkiurTPgKYX^&Vgw1W1Ru$=mWq6Fwld3`h(VisOs~v15^e4VTZWeBijRj4H)c$
zgb(0q1ECF+fQJ&dM|uP6@+bTE*8vLh01pDV<bjg%7=qzJd;{Ba5ElX{ZE%|WQsH4O
za|oOQgw6rBcjVka-v;zBAq4Rt!1^H3p%U~M3;JMF!5Z}7sQupRP*nPViU&2_5nKmo
z{db;v|Hml0{n?5W)IW}f`wsvB&i~$WGIKPrH~+sVjgK{!**}!#GVT>o@00U%=-rym
zVZ*ykmeyfmO?FGCp~Rx7DcI&4I{11GZ8YclapsgZ=k2d@0pOy!GV6#$)=~rt@mld;
z?{ETQO%R{}bdf?on71P73Cf=UM#$iFe(u}ttd~TVg(R<?)A#pR@18QQ_XsjFcG+xA
z^=v*SyId*9>{B@GQ4?Vytx2qP!*=7NODscy+LcKZno2B@X$X3%3X9oy%Hz;=h^oub
zR66VMsU(}sV@V?Yi|0_=f9R@rNkMZm*1Gq;VSys8yG&7e2xe))s-%Ww^=eb*`ki83
zo?ug`923ko1o{T(w7EI%H-?`=rFm)S!*C&<b!p2wkmZU3!Dc8Vh4J;7z*uP}TO+H8
zmCP*b6BKdr>X!+R7Deql4xcUaYW9WYd&SCFrYEajE!&u9yK1qf>$PF3XPxTUhKgso
z*pwP2E3MYjMGUZP7I}xZ)@o2bzmErI)xOn&XBTp4#d}Au#&UGxiso{Z%o%aWCreRc
zZ3=8EGt(ub*nyW}wA|2YR`Z*1*QwEqq`@5%6n9Ent3?eN+>uPT<fS^*>chzJ&D)RS
z2$>C~|02>vF%!={&oHolniHWfd>yE!WQ+Vb8`efqJ(BAefOHv@Q1sAi^nt)lI;<2`
zYLggnavM7MP|%lVPS1uFF*o^NvK})y4d85$FO+IkMm9pcAok$6OOcpEZ?G%Y{cJvH
zV_f1Xq$u|dFbF!l_=w1XRO~%=6c4Fv%v5R;08zSzC4dB@)465&^juY7VTDX{R2HI(
z<#Vj4F2U+{0EO!8v~VX?9)4Ac*zDwzlGn632@D#aHewTIU6nL;kXe;WMgJpwesXJ_
zhY3S21#5dLbI5YU1E+WhdEW?lD=Pkrdb&a^dut*@y;jvU1i$eO&X6~n%gnNBk;Hea
za<$?oszhw%BhUyKTJh{+NnOn;SN@*l4?xLXfd`<2Vo>2iCAUI&!bfOdE?00Jm2Snc
z%FqNCCVablHWlLj0^ucr@s1di!n@XL8wmH+4(I|-2tU5&pam`n!Gw4;@<DzM^KCPp
zq?|;0hYeLle==tC{dgx^C1PA8=vF|r;5&9?BuLA1WuC+i;rNh}#s?PMRt<I-f831G
z#E{L|iA`>>8Q8k#z-pecanxA;)lhHYXb0|_I(stq&pr%DL<~u~a{087&N^?T0cXuN
ztS`pDI@V)tWc;>+e(5XzK5bHqdM*=cBmhrfV?L+o4RVY!U1>lRPI##f5C<+=*z|A$
zh&+~94Q-7et@mxK^@3fzk_KGHFwJ;CP<PRRr}mP`3YfvLU;%Pq=V97?c)-8>iqVDm
z1dk9N%c(|)(~2Vo6Q?0C-P9h0Ng{L&YQSP;L%tIre{O+N8OCnI7vZ4spy0Q5E(USN
z)``54Jt6WT0sfE-8z3i}K%lhrH?<?6h!iMq#G0qm7A`uvb?s9)1dm`9h=K@NX9N?7
z;!i`wiQ)W!BqK^iIxxo-pE2C0KkWk+`a>(8UxnesEa>qQFtFV-(0}%i9KI#9OA1Bz
z!vbzH8*}9%qL^nJve80arun<57A0neYrfrSfV$nQuO}&tjhh3#AhMhK8!?iQ`V-xY
z!(y;^cx0~)3Sh@lT(Zg&qu|Pcqk!7RBC8e!QQWiF;kb!f?E9X%$cbj}-#b9V%>l=m
zo$V2SmhO{xCmSOACc5fKG1%-%F$^CX!*IjZlHwM-A(ibh&KJl}BEYx^qFU$&T}GHy
zV;`|VPv=TSl3khlsZNo%sY${_WXKbWBeOuQZ`hSDhe;Xt)@)VJvRCIF-bYY4q_+Gp
zNC95JILn0K1XvmB#T7Z{X-~3)2<u$YoP?yQqrV?rG9I**NgrB#4Djew4<^k9Y=8sd
z&P?tM^TP9mgM;W2V}tEy>>MlvNte0LmmrlY&9J87nr188nR%j#w^FIXEy4w0n|kt%
z`A6|hI9uX5ugB4IFUK+Zpc@ApxIXK6Z4L9?43N`K38e8JPyDib-K+@aQN%YznZ;g2
zWi`!iL0z81KfW^L7_r>0&;$shlY%VtKW%gWz2R7|QkY4@FbjSEHzM%J_n@+uVeBDu
z`xCovhVJW_mb6~B?ved%yUIIq)zqt-=97GnYsz!_*QdmKVQa>pyZ&91AZ@bx*s=J-
z)|MlW3kmQ0nVsA3HH+%-Ha6~Ia*(NHsFrslBII`4>-};V?k1+I9SH*x4wvSS&*df#
zxy$##*rWEz;{weFe>cC!E)Yju?TJR}=vGhWwo8YV6umc$ao~E`%QA*hdVr71g!HW;
z(^H+tGh=tobo>R)W2r>11FuJh>ty3Th2xoEktm#ZjQwltuE#weU&OC{`D4jG+U|+z
zj1s?9yK>R4QC4V+EpWNRESqyKpC2xETwYD}Vt4x&07|~z>0Q7Z%xM;eRJ2U)X|6g|
zO8;h87u2ubnzzkI$!_bHG$gI>qg@oA-#%UKkJo+7MN$GCv|Ug4_u^@>pABx8nqTwt
z%H=p!LT&cv@osPGr@qT^j$dwvuKUY(4$AOFgaZ{`iBM~4ZK&_p>S^mwao1}*-|xNS
z3D@8*O^?fA_bzS7?`sIOUiU-HZQS)28p%QZ?R-Xx)m_f$aeJ8GWT)3JTmS?C0iiQw
zSTHXEB{ssrKzcsJ;y|LkBs)zNgdC(CbRHrv%~1%8fetxjhdf#?3XFjeI}tUs1Od$y
zBv~+MflU6NU%vki<A#H+RBXWk0Nh~!0Q_73FN|w!;rM?F2z4)K>}8L<bq$YOo$IwC
z9E}DNz7<U@FJdW8t%m9_(4w?eyUEnu+GR^O;_9Xio!dcF-=UF#2qd632S{oBJ$<e}
z=&-y5$w&*xB*+Vj<h0p80s*LpKn2$l+d>fqkWIZ@POF;uoToS5ubsWO-`jSs&6bO)
zB!TpgtvK7)SR0L-nIQe|d4c%R3r+KQvSEew%;#`sFrvttRnn~4EZO7AtVP0(=S>M?
zp^E26{M5F_ksSSVN??cMKla-7cm?9@jK=rdEvTe)e=s!$?jr8~?qkc2AW8-V!XKu3
zryx8Wb&HQ81`%5pGo~h;8#7KqsI~D8+A~gxh$gmIxm2wQrj}~6qRvXk1S5?LQv=N^
z?qA7|6Jz43)|I>4(x=uHM;+8lvoe`1p<lBthyd@qkJy_oas&+-eP3}8ZsD>LuFJEh
zG@u)kb6CD#83!|^hMVv}up-OCoroqdh&dJ$=cOAP;<Kvn9T5*EOi2eMC$Oi_9!wXG
z=_Tf(%85cbT^Y6zh84=9)+MrtDmg4s8&4W@vtjsG*z*_~Gm4v%>zz@Ea^lLuNZQcY
z?9AVV12+1P!eXk{l#(Q#&)ajmu7zuU7D`j%PRhoS3h9l?3fO=*3K>>2W8xOgW5*+)
zyDlxoOLH2QSXMBk%7h8M+bGZ`Nt^MU-xXw01G!cC7TmFzEE`s&Ou2JA(__zKWKfKC
zCWL#UlhGaT2a|A+q@jzC6cMu-Zp}Oub<THUv{49ofLLJ55U5y8JZW+sHzkNP*O@rD
zLqTO{SgHjqbAmM^M!RE>Gsnxuh7Ld$Gi6DmVVpZN%6tyaE2rxqqS;kF0H*d>lP67;
z5QT0hs{V=@B~&HT!zOrxO+M&u4{0WX;N(W1Hi#<t(W1ts;z5-m>4^p>-t~XF_$C~?
zGhnw)z)O)<i3<2h*gV_RM9Xkx;P?LAALR$L@YwVbTVlqMh|0TaRa&Fu4iA03A{$1E
zCCy_48NFwWSR-FiSwd4O^)|8MX7uvO_ZG9tbJ^ghh12&6Cb+YwF-$znN&5%^R(+X*
z`?hbMtoYh!0`O6cf~T_pXs;WGH!GSkT0#V#LYd|guKC3o`XEu^Q<fgwsZtcq7Lj)x
zG5gSp%#o<LNp@IXBYUYGU8)ZGW7xZY`V`(Mc(dD1l*d*4WZL{Rm3JcRWf8ob3G~;h
zm7B&<!NY%&qC9h?m|f*$5c29ED4j$!SGW&wAKvxUgqv{(8s-Mo6CPs-aGUA6y6-9t
zO;XWHUg-~%kGZjqM=sHp`*JV4HWxIis$yzl8JBd$iRu-9-!Asc4MAeNwz$2BS{j$6
zVXld65M?-AF**Zu-oM;8p4M|o4X)+b@%=tQukpw@t#!}+3}CI+c?FHscdqze9~y#g
z##yu|s79uY_&r<-h&(`5xQoDjC~wncsD;;x!S8}rFroLA@%=qzSfw$IyQy;pVW>(G
zRy6Fnyz4*_A=b^kxs){tpk+C;6<H4Q@lCA;`xnlX%k|iiLQ|M2Y*5IXkepd;TqK7!
z?wsV_Pu1^$u}}=I<h!i{R1D?djYvWgUc5zI!e7omy(c>EOx!fZSUGSN(WSxoUAny(
z+1J90lPAmp$ipO~IP%mN1l9RPN)eWe(SbxdX~RY(!w8(u7~l9XVtOJ(9aPQ4W;2}~
zoiNo@VwP1LC^0yc-4!93o^F!yw@JWBh7mg7F}|mqH=Uo?^pRCYD*7b{a?H0}CGq>X
zqf;>Vv?jSym{E>y_&mFd>Dc}x8;`pi5bDI<j2hyqFNo5LX?1|>u}S-zEcjGV{amSo
zBy2;cqGDS%B_P5PR`bg~T*bFX!u!q>wM#c2oUTZ|5n-V#CV)3#%P^5Lds-k7%@ahx
zZ8oH9w?x}lSeN*HO9dw}utx95?v>5?V0~_94$C4Lt$w-ub>mM91Y)Iu7}L1-*~6eL
zODCr>V76}6+n$a+kR@6l&00CbIF0`_xOKe_8IL>YD74OmaEvxpJC$_97{wU0%d4PD
z+LvkyD#8#&qGl~nkPGR2z5xRIb83Ml6<5C-f+`Cm1QB4;5<SEiN%$mjREFqg+U1;@
z)n~&Ju?y_21i9r{tMoT<JUKs@_C&j&91t-)K+im}ls-RjyEGi)%7;{SR{a+7ANIeY
zFDR+UqG|TW2<;IjNR}Fco!_wJnx>s|ARv>vjS{IswhYKE>H^jJ0uEwbeYJJ>)ua|c
zHK=VVs5R{XqZPZ>ha1uhK-xI=ttUoSBGyz7Oe&^0K3Ni~jK~|qm{sIpi}NRniqw0Q
zR-qpRo|TiYwhr?yWyBgJ=4|6O@mfIbv0pCz*rXFjYb4it>u&mb4`r`+rO-RhnZ-z&
zSOv|M5;r4L&un`U8Jp``L~d>$&$=ph@udJXi8tkuv&1@LQQkw9gx@-&{N<Jrmf!_Z
z(Wegyipgcki;E6f)%OcAG8nk7HL4lLC|50gA^A7*1%5H&s#(Ni>Gq~EH6Iy8H>ehp
z{5!;n&7>MJjj9k;ji9XI#@!Mt^rRrHN1&SReWFQKCKEt}>qiK4IhWah9!y^34-QFH
zWKa}gL_DPH0P0x!Sv&y%U@(j&pQl<P>*3zhV{(x)5c;H85G55icSflAQ6%D&Uhf*y
z@{}pb4b_5_n8!4Uym}8{@@+ILX0;NmgR<aXyAwkQg8VzQi8iF`18;S`+lSEk4=d4^
zE`&rYp!y>&e&-e<_3c<tqOP?$i@Lazuu0Y-HL}G<WusxJ6ejBELc-$35-s(}b@17)
z5VEPXN!G3FEt=`;{Yxj8E&p;xvy920Cw-L}%^{Cm5%DrWJ3FNtpk3AaZ)`hDWE!vx
zxvK9mnyl|%`*6`F877n?3fiDJUpjz{Ss%p?qJ7$K8xu<YoffXdD&M&lB|0Y^9y@*T
zzC=-he+RCQH|dFiI<c)+0``-KCjil`v$s+q?WB>qPBT<z0&=BHhgIfe1F#V)6rr|O
zBUX||y$4o8etimJOrcpNrO3V7I$7w35@V1{nMmyWMyBc?pF&RGxJ#7CYrg!gQ|3Zk
zi`Q{V(Xntn1TAQo`Z@mqLB2(P`{)JKgJ>3@hH$g&oi*ZhR;q@uNd>Hn5u%GRMK$<P
zfu}1Xyr4&fm8#}CD3bpN$9n_ZuF$>6XFTKYwKTFqBU=g}*A<68A~42QbW#7;6{bDp
zke`$0kUg_;qClwNgps#vd+W#gvYXwY51ydIJs~dbt&?4v*p}9@!YeEXZK6Tako~11
zAV<IM5~Ob|Qz*hXL}UIKhI)8V)5!K;iBJPS-~K1efY|8gV||dAR)Di$iG!)nVhPdx
zRoOblmsXJNZfKbnEI_jO5v|CmF+rHibJ;At{npt;^BxhF2f(sU#e2x@5&^}~TOSZQ
zZ#Rfhil)L)b-1$|%JIt}HH#!{{{mn13275Gl9)^twn+_Sipj`gb_Mcq)4tkz@98x?
z<A%P5G}#&C{Jy?wj=zUEMAph<h6&gW?R_!z{?)*E<tXFVZT{>S!DwMwM@1{%wyAM%
zT6Nwyz6DB2an2REBDZ%`vM`pudh6U1z3j1TkDqnov8)rL#P+cohZ6zhVZ@&;s}V<7
z=rMIe6W(1Cyc7k{cc5GA)Oqs%xea9$RaD!><`I{$<G{r(_GZ*kY#^fsaLZgkQp^Ke
z`nrP?5SXYwfZna#I@p{Uk~~6sa%;~IT4bJO^5}d=_xh9Si;?NHIh33j+!%>EVk(l<
zkuyTsI^mZ@{nl3(I<y`l2>419kmd)}$fSu>eW{Zt*ot)Q?4^M>-U_!YU0+AYB8&R+
z7n`~+UsAPM?=buH6Wy_UX=A`5Ok<V5t}cFO;NnzXDUh!dpr47rRjcC%D|I)(qHf<U
zWq5s-5xO7CYfg1Db|b8nkAN?$J@?@&@)BX(df@WpBR=Yp@DYn~gIC=P>QF<ie{bI9
z<sg((=6VeB8$8X}a-Z5+*Gvp32i{3K`wDqc=cu|~1X5Qh7$4pt^Cwq$bH-)3L#6>(
z{fa$rlmSYan~{s7Cz&evs}EOM2KD8+YV3O7xp%A<yWgKO3_kUErqZI=Mb0ve(B;n5
z#VR;dr;ZZ**Qzk)88e^MUaG2JREH@<*;A);y1%>Fu^QnlQt4OUjs_31$qu_G_L@iP
zDUVd_Ik%mNvP@Nq@>C&@>p96G<2|_p46;AQ-lHGtsmlmHXX#uo@$-$QhtL5F+IBaA
zw^<@`zgpF|t7Iike&u#vSMxN_l8>#kKl#V}O)k6rY&Rco1h+o>jegqq?|VU#9XZ~~
zTMh;<IcT%g?SwDXU;ZoF)R9q>ry$$`S3Z0`7Ve#Q;@<swyWf+uOOrJ_E^&DlzKR_W
zrz&#XpXbqDK)+19Pj08TmA;Bo@p!xJpGoCBex1%Av!iO(o5f&7+xuaDt+%ibGmmP1
z_YWn_Y%^c2zda!;WuAPzkMnzaS8-kM>t01MUO8sF+#7H5^Ubrqk6~4>wXCUm?QT0w
z7g%AYUEOxOW#g4jd7hVVHD-C=Ur);or+Ph4du7$R^*my+-hOw=PoF8hF+L5iC9}Gp
zuOYX}GoGg<k*l`a9jdRB;3J`BdE35<4mh4QZ^O`OnUx=U+iZ8+YCk;;OZm^e+1osI
z59`*qDK+ZDMsno4pK%d+){r&GH+l`WH7j?AY8|+~-!~?3KlN|TWj7!8K8ypN&rSNX
z<p{aAT<<#iPY%9l>NK!M&rZIfuY5&HU3u#~`mY@^i&-9ijGjoUM5}`*3*NMoAMTW8
zQJanH%t=^gY-<ch;ZO_x(t$QZ!Gu$p<UN`mhpGinBWNg_zt7KQp&0q>tm)#VF>~r0
z=ym?l=lj2gO+TF&sA22+XWB{nPDPGiq!TW4;%0{9L*epGg*64X=XG<-d}9YQF^v(g
z)%9Vi+uw0Fdf?pKr+%y7Y`Yzvzh&EenA?g!HlF+Ale2h=|JoAQgG=ATy&ndP-N(D@
zFIm5wo38@1A9;QaABIPLUbnSy=_xD&AAC*8UzY2ylDVH}cNwifcDP=jd83=Sdd?Id
zLvp*`Eb1S__d%~)pMA3zJHOhNf2%z(NmoY^t!aG-q<_An-v=Qo<}Eel(iXrvqG`*d
z%&BxF?24|L#o6X!oT;`&-R8HQ`Toq4vzSN2E)vVkQ%}!to)dUx=jOXDC_T}B=y<|)
zr~P2~_-8(aJsEsJ@W|24MLjWmu=_;nmd?(dp3$8>ItTWM>lN0{sh#u9wVrK0;e60N
zVSfAjiu=j^rv2oRTF_1xA;`>2GS`+`rfhImOIEH}HVtc5tCrC$rdr8tKvj!e&T%$3
zYu2`?Xq8p3x>|NN@oebQRQ<6O(iE05m!K&*ZX()HxK2M=nTz=SAGU^IgwHM*|Lkq6
zAOQgI|945i$yv|E*}~fCzmx$PRUd0?H3UB|yV=&;tC&~YSzf;*qa>$;xW-wltm68`
zzn4z4X~?52?ZhN1C6B|cW_sSOUfVics35}%@<}a}41Wr$Ac$$E`Q+oZC=q}|)(TlD
zg(VfJ#3^j95P5~M3JVFLhz)l<Wt<jnyFHj5O;6YwH@bhoUtRHqbK}T7U!OETTZx9K
z34=L7gm{t}7S_8gO313b`>B;4SJExxA!#a49x^kJS#%Z~D+<qzIxJGkMG1;x8kALf
z99P><rm+|POj^bEU%08#C@IUd<XaU5)6Ucb5t=S~j!#@>j$3?$*TkKw7*?!A9<fwM
z8@w|wOPV!^)H;n8#d)a=&i&z2iK`4PMOB|nm+x+u?pL0KHTh?xvD7+{Ka^pFq^inS
z_?{zg(X2e>`QWJ`%NB_-S(N2ooK7Of7<yt)N`(ydK@O(OPk>a?q@^-GCk1-PFiuXK
zJB3WD%*Wn#;x81U+BPw21Af%3>>x~s%CsjxfnJ&^BNRd^mD5eC6QM+NO%S@4BKuc+
zC!ezpEay=Ylg-^jVOAD-$ys;uJf$hSbLKDH0sc^GKR0O80~g#GP?Z6Q)*T4jcr@~M
zBv%n+y;6ixLPEK6fH4W-1|n4s2?Th;82SA7nnF~%rm<?KJ&jPLm~tY-=0rX*{oqSH
z*;~_4GBQIUH(Ba99@FAW9obvr(3JdgU{QyD8h8IL#MBk0guMM&t|_Rm(yLb6DGl{7
z1LC2&ehR$mP&^NC>B?E9yN0}cZ*)=tan=(ENkTjI6vTI8`WJZwQlXf3bHtMCa_&w@
z#^npB+#KE5R5cU^lo>%1qD7sVkNCxjP#gH3angHyo6wPv!7$wepkFu|x@;X?V|cAm
z8^DoF9WDa`qJ#gR;HyerftFf96@!f00WNwy(ANr&dAyS#7&H*1gH^`tzs&lzeYI&A
zw8pc%{uniq@i~FtEE4*m7Wg6i71x*Y#x%t+d8bx&M{t1e;%s_I=YZn(5Eno`X-BnD
zZjcmnW&C-GhZF|H6RXj0l?N2#Amh?dk$f<~N0#~69jhCy_>Me=Z5>d-*%T6MCm?yu
z#l$A@K-u&#E1p@<fkhw(nk41nkz|E$Li%Xn$B2W~jqUL1MDqXAWd-mdKFBF25sr!M
z%OA!U6?}oQ)KVSf{fn^*yMohj6bgN**;SktV77M5oeUtBAPz{~ZnR_M+UBO&`lvBg
zO$A1e>;j~kc`a1?5kgQ>ApRECP)>-g$*S9z9oV@@{@GVTY-s1q^Tzn-22~f{5^a>t
zJAdqB;iq&bY@23PgJT)W52e|BN8O4NIdf@T1CBo+yoihv%$s6!yFNR}GN_^PF5;VD
zW6&<bhkKS{Ur)OVwwJjnXIcj@GbIU}#Ag|7_72^RPC0_N@mo4s5v*_(UxxBgqPKFo
z#O`3o$8tJfAgyt8Z}yRl7%l_JZvrIWUbc!zDhtrbTHHbhDGJ`O0g*7Co0Np#G?#Ci
zu*ad29NUt(<?=k|6eTyo_&k%+cdHkEmGYPLN0UG4!Se=y-2(&x5Kz-Q?h!&?<vW_N
z0=(4zefIxT<4dHE1kg|j)@Q0#>ekx!&(qy>)o<BMW!E*$Z&b&l{7OQa;~B2aWwNGw
zF(sk%v8HDWG)6|-UAqRCEzS(zZa&>^Af<1qou^FC+yA=S{c4CVj&GTE*bj5J?EM54
z^`Jlvbw_9IrIjyNYa&MhtJnR0f-222q&@XejIVvL(9*f`sq@`0ulrZ#J;tv0ZO)9(
z&-AW7v@fZ4_fgpIw{f)S`}QRD=VAIzf~w8<`!I<spv0}`L;U`EGbE^%mKXVReLnV;
ziO#Q%^jWai^>AJZtJk~d3T}HPW$6p9<r+qo*X^#^s`2)=%F|eCve={Q=Q8NkWw*!p
z^VHUNZRq#R>Nv{Guk&>u7_QV$ar?>jO8q%EZ1d-HXWpjQv)1?C^>ca}+!gkWC|PSI
z$EI^LO_hHt<y;z5Cu4@@V8XdHaZ`!&(o?Mlc&UTe;B`IUr|PPi8u(>4hkULk)}sMJ
zE)$c7KGXli)u)epT-)1bI;=Oh_chS_nBIkaHqNr6ptKBz<&<5~WOyQs<Jx<lX=;B^
z|7^4R*!&OK&+T!R@*gDLpu;gQxhkp^5A<z6b7r`e2qdAp+-%O)=W@0$Xh)HMej7-=
z?Cnoey@<1@uc3HkvwnUrr(#2XvMN9APtxyStu1-5eD!|!w`QTg%*^z!_cc*OakRVW
z@z)>Zm~V1&`o5Qo0eHX9&`iB)wLa%Lt#Vgiwu`R~bY0HZl8nx$Ye#Cb|CqtGn9a6I
znh&85`2jtmHN~?<y-Q2DG;#l6@$@C62<9YIL=vrW)`pxdsT(4PMEq}Kv~?M<F<eGr
zMPob;e%M5V!bEHgqQheUAMpRKw7WRosCxXnR@0&WKT5lat?Pf?rz)y&^2n<geqOis
zZgGCMwsC%#F3<D=@Z3KlO%A5-rxgMsL!~34>^G^8du=?gu)<s|$`bgRM2Jd_7}@$(
zI1+|Jn9QUyRKkd5Or%0k>F8C%{&O?NP%`yK;h8;dt=X$N?>(>oye?k<0VKEGIomE;
z6O4fLO(@8xb`!65v%vnCzyQW|k;*1Yl*DpD{WapOy~6s&b7zl6HEG?xd8o(s6w)cv
zWT5^+4<A7J8^@{KEu0Z8D(_=s<PBG3x#pj?<GNI<pTG_yVlY&O5l<bLIka+fm(G(a
ztZpGXFUp<SLxCsMtlSCcg<py}t1^njogF$V#!n*aTQ^X7hH&s50*c<W>r8TrTdZ+R
z3;%dfGL<&&<%S(vE@GdUs|WMpwJuuI+A4PMns3Cz<S!J~;U2Dm>xXxrM{C{MBM0Ic
z7h#7(lCMNXn?~>tq;Ee|O(~Jy)zT@No75b5XsH+IQjS%{;bR9(<Z{7D<uY;k@>k)d
z^{<!hCNbFP1eb=Q9U9PwSd#LP`{1X!Osd9(?Uy5+m6VM0m8Z1}&$#V4wW_*Kn`d4M
zK}BQ@z>qdefIWO(E0DmrND^FVAp(?hX(@zZF#=-#?ukVRh<KzY`an9-WR+$^HaSQJ
zm;+FDT6?An{-ikq1MG?t=7Wd^sJgs6$tyyrN8EvKX2kG;FPME9W=ayMN2K7^`M-(e
zQ(2I=#R+NTQ{TaEi+>}?r*H;fl)WsLM3GO9hxqu5WDBc^j~&SE4=>1LIv}wEFaGBG
zh4f*FFXWag*v%PWE0zJ*5cKy6qzEu$!s{nYpj*&W_F<<m82Gy@!-xR<2V3V999p!k
z>DbARZQHhO+qRwT*tTukwr$(yjyv~uRac*?^ROP~TF<M-oO6u-`yhoDfuvP`i=b#6
zy&-F5R63Y+o`*EHsOXTj*rmHHvIhdH6DN9~s)F8BKR&9k6GUpnIDt0BNl={{HPk+-
z19{NqP&)h#@~BXo7WJQf-Fbuo-~zrNvEdW=-^N7{ec%vNY?#88hp@CEA1PDyqPWSy
zGru5EjqWJQrNk~G`cN9YN(Ey$XQBZ?9;MOUF$48L4KXHzwk8iUhAcb=6WJMcfd6RB
zTT?OvG^e>B_A%^}wLh*7e|CQigM)vH!=*bk>3y3SDlPm*5o7E=4>k8PDyX}EV_ag>
z-ZSdOn|Xr>P$<J7lY`%da=Hk+D@H*_A;3V7Ftn-!yFSAXx9{_){WSd%H2&T~2#1g)
zpm0i;fm9DkC%svl{8$KSpF+3A;9OnSQTRAOPCJ5PA!XlW36P~Gy#R`}s5H=UULJx%
zRD2P#{hc)7aGE{uT4O*dIxXD>Orbk3p5_z~I4Cq4xi`TylLSx`gr_XMQDr+yFL!^y
z7|G%w|8W!t87JHU1Fij|bC$k%X#e;l!P<%1#5i<!{!FBpB~J)+9Y3`vHF63B_2U42
zwE-A3mML4%{un(rN=V_Ly)=3Z>>xP|)?l5)peeNjX3Xjfs3tFD1`mQ%f+?AMPl$v~
zZ1A*B)jo-Oilqyg)#X_ocg!*5wCsxv^dx~yq`|;JI8Wf-f#`x<T;Vf=N~YNo{hZ~B
zMZu~lVj-2o+qeeyuzg4UA-~sdN^I3h3L8}-6B{azUX!b7(#F!y=+r7BneWEFuJ7@f
zg9ZNc+wAgG`hCy2(XJkc=F;Zb#`9_UYY+Qda6NvA&O@UBGsh<Dx4^p1V-EM7iO5gS
zyjE|<#?}FPd6zrSX&>sx`ld4Xv+hd!6gb0aALM(j*72^l>-+wP%jKV2bG@&HqY4zX
z%tA8SEwpPo?(L64t5eI`@pN!somAZyi!WojrADmIEIFMH_V}hlzTjF)77`+zX0+X!
z?61vf5g)!7KE8kZ!B!-Z!R3v5I_Ml+SG+%uDHrQ}u)Yr_x+_k-UCoc4tJXJvb}=V%
zlHFL>oa{91Znz$7W{+pT9|SMeCx+7f&!p_|xObj(`h{-RvP<<Wx?8XCtS?mlKB#!D
z)@)?OyIq82m)`u<UiYwr+N#jz?LLy+#G)w8wbIR=yKi$?yb>7Pj;ena%Vb+2#;vl%
z`7oFcJmg9+XW4MzF|vBwJ9g8>bLz^x+iytyyYR7+^RmX}p)58LO_YjQTm9~}TCOxZ
z*8BSXanmwhd;9lwdg@<5lNs-N_@5HtmeAaDsOu?q>dB@?qSu{*_3_Snd9F*3H{afX
z(dy8xp-!z+fV%!uf}jWdI@q1H)Q0x2wpb4D8nfQZOiV=hb4O3(&tyC0q6>a}22qts
zsP7&%ke(^liV`p`C^q+s@oiq@h>VZWa!`ay#s;PaOMZpq#o+GeP|12*i>oo7_x61v
zE9HB;AC;|L$B(1#gGCn;NV*2I88^M1$*)!h*99-ehFj&G`k=whTG?)G4h7AJ@9pQ_
z#@n}d*>Dw|I55c`J)^7Nu8i;9?3WGE3KqDnuZ#KhFI0$g=Y23*PULY=kGaeFYB?v0
z>yN&x=SF9d8||O(Pymy?`NyJ{Z$MWHD}!8pr8Q;NXr2C&MvN=Tl?l@Z4QtlS!IK8L
zhRQW=SC-BYp9q~vC~ID=F<brC1`}(JP8`1<!2hh*OiAW<Epz|?SIPhYME~s=Y~pBb
z^#61(|693()Ha<qRXxc-#JLMVAd$~Hv++v~h*i-ANPSupjHDQ|*=3QX+Q~xjfr|7K
z@uB@%l5AbOwd^WwTdOx+I)<G~E@zx~dA^{zeQu>o7O$O4=yGH~a#DS6Z@B<0BwMtm
z<@-2JJHLB2`;Y(B&YCb*{`gp&A2dhKkD4*2hyP3%7ZG{x)ol77gH30sShaHMF2XjP
zPeQob^v1hn+D<+fW^JFV=jhpK%?l4KZ;rKe{`N@w)f={>yG+xfH&hp)iHf(w2j=^#
zT>|GiuVt55w>D@hEkfg$Ex8gi1r{s3099SgVVuH24&t$Fhs+mSwQ3w2uiwh6FI~@G
zY?1?O_}ZI)eb|#)c-pa~-t=+70?|49^y#P*G@VTQwxa$v&u|UTu6rBJ(bnke@m3<`
zQid!klq3W9{;zR><OYv*hc#|k<vpgI1c#|4SQ$H>GtYyz_~;=Utqm`p<k*$Xzj`BA
z>`EgstQJI29k(VU@OU&28$FjUQGGX7L~)HZ9W*KZO~_4wB-pJ@TlfwkCZ@sW6048)
zj#IAiMNLDHZn7;SxC4mPvCjQG6VT_ZJp|k%%()vdkU{%33(t9RGW*M&6Z>u3kQ<1A
zxiHoS-zJ20U8jZZ@K^iPsPv#^2$;SnA-^@uYmn<0KM$bzrYqCM4jZ;kT726LggCsL
z_g(jFgs`wJeM$4?0av!N_Hyv<JuPt(F3VPQksMa_Ia{$OM%f3i(ZilgPTPy`os{n8
z8_heX?PjeMSat2v{gbXas4dY}3vj6UXyQC$r7S0PO+RKwwo!^4RU2T?Jx<Wo-fcOK
z2xdd1lS`dmQM;7RbwGd`CS}U;mfq&s>eX#b2cj0$!RPHhQqFeQQ4E1{0Q=x7OpRA>
zuC)oleNQZMaN6*6Y1|bYt~;Jygo^VG*Z^1l$}+5f=a!5*&*r6`bSXF`#9zY2f+j#P
z#E0TGg_pZfVib&ol<Q072K~ixSv<%m0;NJ!&V~7|>_D^tgdf-D#@nt}dHISz@YVkO
z+14#qtm^URgxe~!uY{FigdaEA`<|WW%&)g$3TuB9$H+l+r(sbft9&dJ=ju;aGjzzx
zJH~BC^D(a>aV3CCUpyn#UbRD?b>R>E6iov>lW#qvqg}#aopgT1RksOd1U(;%-6`Gc
zXcio{p_-$nF%zr`oD^`a?_Fn}HL)4O>S7Z4_Et#^QeFA%gAmara<M4}Wa(V-#GoWB
z69vPb$VglmA;DRYgaivg6mDd91x20@V-j4~pr~&+sN8r<yg*Fws}7Wty0?kkD?KJ6
z+p>!|NEUHjXk{7K%z%qfu%m=QIO9Sj>$j0-onLOut}W>;!}WEhA7wy{q81%Drnykr
znKs4B9P|8$1vIUynb`0mLF;!ZtLJSok}kL}+;Kaq!q7d3EZG@2?Cnj{224`!i|Ue`
zi8vwx>_^RH3B~4ychat#&)75rG<*$g$>x=TAuyVD-B|61XNLA{$XiHXHh>l}9kPnN
z<W;c0?GLySPmBmcEE%>=0oHAtdrjrZcO?$~dZ|Gc>_7F#Y>E!eEqX#WM%s#VA3QDx
z<=I90wbAyrK8eCx7tq_go3c$jJo53y+a+hE@XWMRa-&c2MW~Ba81{lw#lOu6iFv&$
z;@VGRV}{TTZb@6}^s907zwf-(wS!>QWC%ubN0_8q`p<Ttg*v<aZTIsQ`@N^?a%3=Z
zWpepek+QorT9DF)?D*M8v*%Ozc7p1**BP?iC+rl~V%LIHk{j_{+ve1uL6nvW3m*DD
zbxm5sSK5#?`OIn)p809)bi@o&;8LADIXv;WIOMSSpdqF<?;+u(8XH=eQ!VR~6Y}Id
z)8{=&<q7bdW4s5DGGdaQP-ZVj019*h5?qA<iam{e!_uPoq#sPxD@~pGou$n3n?9$;
z9g_1TQd=H^z02h?B+iC28ZO$1+Gfn@R=Q2eB<2jCjzfV#n-Cd7)th2cvsTphcjfi(
zPUJBuIjdu)a<Fwclst=Hid!e&u}qCky-khdGbu`>!5!DovJ@+wn;yCG^I`ZWXbbYZ
zSD3hAYL1RgPX+gjY;WS{97>gcJ%3jSo2$GLA9S`Q5Su#-d&#AAMs^l=x}aG|vrA8$
zo7S7`+-;d>7W8nbIo%u2!LdzSD;-$a<kyrN%&%0%XxT~oZ;fO{&mc`X?)&H1vZuQ4
z8S2{PJl*K8G|P$8O?!wWLjI9d>>Ya3+a6iw>+P#l_x*oDnHP?xYHT`VuycD9(pd=3
z_HGt`#CF0F3wgyId~e>gC314J&7P7KTCEg%#1aj?3YxsYX=bZQUL$nKP5^9xme0*x
zWqBH%8k)@XL%Yf$_}vz>-9u`q<F;kYc!k)==EjXt?LlXar}Ru1F=!G$zrc38f5Ob9
z77T67FUm+UjJy~<G;-Gq^-hJ}!|I9C>-~|04vfeg6tg%qx_BLS_Z)|wz3R)2mwxu+
zu^+2S=J~MMn{;O^Nqg0fmZN5lm)&I;mVf3rH%tn(ze+2*lyNEPzMMSb)mXC2RFB&p
zwIiT@)Uy9T26Sp9I*G;JQi`7A9ehNTd_$*}1_O!3;F(67(4x80CX0qpL3dduc`R%1
z2NR}Rd260V8t9IrJuDKxD7@TY&Z2l~;+AUS3Qg_~@7^vv7?-Aym7~g-@6TGM&(PUo
z;poO6;ss^!2*RdF6Y)fH>gJtwrX7D|_>B=ll;CSIF^B1CR?$YnRu7ush&uYPm~x`~
zj;rOn!FqC0X`i3d1idZWh^zG}<2Qr08$isvxzx9lS#6O>EIRsfntC;k_;3~{`oO>2
zIV<OZda%Kko4~nKLcax>_BK?>hPMK1TpM^+#Hn>@Tci;~L2=ab3z%#!8M?}wi#y{P
zj}Xad#;g+%CsR~MyTmIWr`vM4xo^>XDC~O@n1(iP7$s<Q%PoYyxrHp{4@3OOc3?FU
z?Hw<C)$azl8Jx62?*;do1fxM~hf2{Qa2@0&`GdE~obUf*oQ-^ZU{0md){9!7By>YN
z1{;?56Y^(Jv`6;PI%Mz?S)&#1&mS0IUC8L;pp?&RHH-iv&^tN?V#l(A?4mE3_Xpkt
zlTX9tH_*(xBR8#ulR4I9EFLxLMWX+-C4(7t?Z5L9dgt}ue_cpS>lU5Tem9U_27&)|
zP9oL{0X3MH`!!J|QOE#7P_vPg<g2De2vK!)^+lTWC}Q{b3_UP-0XypHrmQWcRS4Zp
zL{-%C)9al;Lvg5Qop_R%j)G2@NFt2=Vg$7f--m?YYaR*)CzpuYKJiVNG_Jkkrz52z
z>5JdxPutZ1hB7rCA>ATAaUVLe^rpE!0bQk_)M6nW&Bh5H#3<ghgmrzYltK*}$K>8?
zzvv5bQ=CSJO466pQn(+OE(kc>vW%4krYS<+Z<nkK7*W_)w7)>QAyveir)2lKyj6L~
za|dVJh|N_0bu-4I{tF}&rybV}eg~$avbs2r(2P4r7Q^@Rn~>}QIt<Sf1bMu`4M)LO
zGxQQC6OSV_A=5*E%L%f5tnvitfP>IM87p=DRSS=+5<~*%Ps!$UZRJ-v9C4?VHiBhx
zR^EW``u2;tl332}K}g22nC)}np5CnqRV6K-+IOfufg3oR2;?;kSiSmfgcRJ^Y{?A*
zFyZCV^<@utCB{CyK0xfgQJZ~mgXR|*lDVMitFzbMB(CjbimTS^b-g~3&oJNe#I5n>
zaFNRKERnR}t>^(_gYWV1`~h<C#1*VN^FYrpI*m`8Ci*#H4)10bpa4+Y8L^k}%2)it
zrQFHaRre`a%oHeSFG#j^1jRzj@5XJEy8HGsHSW6uMn~<#|85Lqs_-|Kh`Bj1R~R$Q
zkgXM5LkwCrbWIn|8+xqEi*O+Q<}0$SXz<n?Q;TC3Gh0ff_?lyglAhWT`6KezH&sAQ
z)Q~PP?2|DsC#QDkiszr(MBLgulcj>1jIH)kGSE9IjG@x|LK9rST5!J_Qef%0K3rhv
z!s07Zrc1VN@bv1~+K5oJm9U67<iMYxv_JX_yRR7;0-Ym7exSP{2E5c1s!M9lP$)pb
zH4e!zzdt$Nz}zDFxzUpH-0ETvP&@kV75sB&enVVj4`JcAo|v8ojVT@i9_HAk*^;6|
zS7VkMEh;qJGG@mukc-|tM=dmg{wj(>K9&7(U3m{lZt8Mt9LMPro8##6A)*)X(c?uX
zA{TDsG9IkiTD%Cx%P9(V|D&Qvc08b%Br{TD?0(D84)VI**2+rIKe@9IKt>n?%QHWq
z>%+yWab4WA*W3uf@~0BrU4}gQin7}Lek4)5{<T-XdFv_Oz}iQ4mQfBF^lm};e6!;d
z7k8}2S&O;Jx+iFmeLf3G<#k>4N0Jf1uhq1AD^F{s3ZLS%V!EJgWYRHf?g9$XhApnW
zZ%oskgftoQt-c3x9%fbU%9(tgDFv@N<R*yrdvt5&a~gS>NCi2@VR=m=Hx{H;+HOiU
zgC6eU{@(Vq^(0_2!xp%olsLj;hmK8(@OR8|J8wFu8G|#4GF531w5HU1Pe*Rxb=oQq
z77y$};O9Hci+$y(3w$p-8N<?1gmlN~OB3D2H^JyhXm62ymiBvLaa;Ze=ArEHbujfB
z!uFY%%!3dDFk-p^<Ua>`Y|GF|%xJ<3Swah0scY>+G8H?SWea)$uRideO72tT_4<@4
zsY#3{(3`n%X<E$sh$W;Ty#kCS$2LeV+dzj7Ib5`ICVq1s<_V?JT{?cSNzjiBj|RtL
zeHYgbLi(UcPOC1oC~pd5wnWRO(k}kgI`Anyz*6y?xA+l{7b4*VKb-5*39S<PT*lQy
zw4`o~5Jl5`{G{ElSkDR8M==Cr!^8rHsKnz*iZ|+~!wdQ(ZQK6<)1yh|e4s~k5qUB0
zi~(5_$l9=i?~ai8d!1FgqpUj;V6c?B3vySNsp!9znlnD6t0k`(S;q^hKGu|PoUVNR
zcT@lQ1n;i?+wPkku!H5xWUm0hS<)dGcJIMzgt%DAzv*_65n_frD=_S!cYmq!l<C2*
zTzzp6>b9)7mAax#XDrlRM7kA_=MK$vC@-6T_SBlZ+v2?If$frU%&n-8iRNmGC-u5f
zS1GYBRqxqFTf_Hv|HTA~BLHZRxQz`YG{_h2sF{GrlVZg+g)`4jO_>PQoM5VmEKRYX
zOP~3`H`25n60GuJ&l>l+Kw$6UqdGBNh&kS5mFtrA)kGqzi$Zx5*P9rOi3OfNgeK9t
zABC(#axgr3&i+fG&oO6KO<9wi@&!reh1W(Yex-S#n)60?_)fu?tUEqT`$A{NIoc#U
zw94Z3TL_V+fz~s;f&lpji6VO=<P9bV!2*3=OxqUOh3OvXdQTtXeTFJX{Z0zOjuuR>
zF}o^8PR&((n|qs0Ao#~rK@jdE%7)p2`H2AKKx5-}R)2gHd4P-TEz=FxIc$7+ir*zd
zywv_+PQwR|S?afu%75MV&Jp(^XqcOr9x1Y=tO~k{Cp4Eb)YE5Z3G40?UhPKmqB8Xj
zQWJWHr>FGO*A{<{iq&Yd=9a;{crCKEmEKag^o<N+_MZBNbJ?XHk#M21MpxFax`gG}
z%drJNEMliR^$jDsB|2PPT+NID(tGt64d2P=<y86JJx>P{A`_>v7hn@-t%r9;CWHRW
zm$MlaqwbTWY&J&)t4x9J{GVaNPH6h6=~4!DxEz~DrqF{P3G7uSajIo)c?@A9#?alW
zK06&R!SGt<h)>RlF4p=%7<!o2QLV7@88BVD3a{S~^qmUK5=i_lxhzG&KSF9%h}2#{
zy-8&@%2TR~5OFUwfhwsfpWoO^*jDQUa;S`p0ZuoI>7Lw8R^9dLk@W1GUhmpmw5~`?
z1^<a%;=-LDg39r9+Hl|fsNc_D!2bbiIBP(9Ba6J`$jXVYOONI}0sM}+5+#LKch5j1
zk}DEpj35PsM?|D0SKSK=ARyP0*O)q}A%M~dw<o!%&=(NmULMf6=U=w#mQ~hV*6)SC
z{&=bIjDx&Aez0sSjdJz8E?250D+OOdFQW9U&m`3J%O+Y2Xe7JDo7Ihn&q<90XCj(*
zWUD|j(JI!6XC`dR@7I6f%#N4RGugUw<`_d$b#XlP4vL1gQAz6+N$;0(;)pe1Q3<*N
zfT?oK*>@PT2@I0RfN>GcFA-0P?q?MAxjKmmX&WmJ$U!qvtrL=Cw2$RjdalHIE;5Lu
zQz_Q5kgOlLo6`lNj;9Rqe0VqDO=v$+2m2}*$uU$D5JDS$8EY~R9Q=-hHqFIm5_llX
zP=1%G@$gbxo53HuvJMk>77tt^u1Gghf)$qXKlzvRmkiK)=2EOXvO9Q~*EJ#<K%`AE
z6C4X2=pDvv2cSt?lr@{Bxwv<EGMx-S^EH{ZeYC$s0S;gq$~A6WH^Q>Y$aJC{Vxg@s
zPS0h?5LsQFf9H8FPA+XMGP$@9yh~T*^Byv<nsrH>WhW8#Whg;Na7h8ep@jCvuTwNV
zDFJMcbkPnySeG$X3c54uG;EFsV$|K~cg@CM!MQtva&xc|B#}{q*tTRpt1*PyQ0Z^l
z=Lcj*Ey~%&+*q0cOU~(q8+d$imHRHx7ev`FCTvTzmHl&3Vb8R@N{2{TM8Lv%4|XTe
z8H<6N4q)k|FWU=*#SJp%5{f&e1u<`0p;@OqsShx!ONSTK%_3XhuKT8JbN3y%A0tN-
zz0ULQ1rG!_x&uwvjuddxgmpD2XinC)MzAfs(-Exo_eQ~h(1T^14!HqL>%`O?_Zh!Y
z8qt-EqI7O6n2PPv0+z%f$7FDo*@6axx5mu=@E`CsmhgvN!1l@;uyRD@D&*<apQd3x
z`2xbaihW^xnw&E8hE;EfKcQ?6(qP2-a?W^~x({~W5lh{K_|pLYf$#aJqS-9{BlD#S
zaG;S6>KZOkM_9YE-mJYYtzajj%nkWXEC^~I9BxJty9*t=Ye*k05|wQ|&02w<8w8(o
z9BSdgEzg}kuQTXw;$Hy+ktXJx(vGoS$caW>pu00gTtV2ULPIFvOSAe;DhWu6TS|%>
z@Kg*DP8dwrdnoFyQchTcF!}n%!b;QxQ!M>&Mvs9m^-5tZE0o;r<vxHi@Jpg$bdC{^
zrm^#o7K)(Yo?V`!X)JXVBaUqiC4t9(e|7(H_SzaB;4RWvuHe{HycZFgU9%^pNLrks
zWQ<P*0SeUDsb5oG{5W$O#w4$astOAe9~WY3__LDO3$p<Az)3c|3`<I+nhL>1$xb0s
zQdoy(-7`!R=I#X19V0m1l>9i%EKGC0(u{)_`a8Ki>T<yzYQqV@$-tbB{*~z(G|Z{l
zCtAf!&#um@PjZ-TJV#Ais`AMWCq<y7D1BD$-qJ=QDM7g0O2{jxzh*fpK|~S~pS_l?
zm{>uQQgRx+xQ1!XJANL<(;uA}##LtsUpO^`P2PFlySpyMJRb2PTnc&*pxZ9)N~EtI
zSwUA^!FB&i>aJV%W9PBcj)RNZ_TuYUbo@J9f{kc}ZJohd(bOLyUAM-*r0i!s&2jXb
z!n95#p*tXclEBwtMHlF%i*v-l2)2cIKc12L+_j}pvT97IR>6=&wtI#iVj)%X1*~K@
zqK#%TeNkqSG#GyF`<bq9Q`w4+j64-7iS1Xt1J<b_)V|eh3qG2>+3L)89vuVmNP2}G
z%DSj2K`k+Vk|bRj{DA7(tAzrDAEyyh4UbA4D{7(wEdNz$Y&Y1!HSb1MzYy!{IKJb5
zHuzkr0XbsmG#TuJ74j|9;AVjevW2?wir{mDRX49`vTM6-v&*oiYp`up+i=r-+XB~k
zTd%tLih1Sw`|73NIdD7vPIyQIjo&6HBqghR1ly#;cSZNGa^-c-Qy5|CwSTdhQlod4
zd>O-9q!<kq)H@G!3lFkQ5BeXQX6!F<sjl8N*|th&sE?NZ4$!NZWua$LpK7__4gO<h
zP`NsdqHzLv$F1Tdw#D`a({@*6ueC87VgotqJuTQ8{mdaXY@|w(9a9qGUu?^b|5yij
zlS?jqmAi{n>_krIFT6!<)|)=#EidPd0#J$bI46N3H~+Cr^Mio>EAHF?`7PV6F#a_q
z>Jyu2bakVW!Ld02+(ysZX4-Q6yVYgW#}BlY1p=Go;lrP=8_%!w$rs*r@q++e=(bm?
z1yb1qoxzJ8L5P}7=zg9P+^$65F!)QTfsVnH247o?f?E^6iMeNBY};b6i21I0#^Py%
z!i*2q;2}&hM!(UF50H^p@#zK&21~Qyvsa<Aqll#(lgCv$`iork`=)z{TXHy?-{F<!
zdhEz6z2+7-5HQIBH}#4O{gWKVx1jXXW!zpeU5j3ZX7)BeF7$<|i9bi-?OEbzwG`&1
z=y3Sqo>9k&N94mZD<T+gjO&XN6~jGDYPV0EMTP*Yoc0~zfaF7BQdh2Fm1<p1=!G+o
zr+TGr9b>>hx7ATUJIuKz6yV_q16|_QjN}6pmnVjvXLYo`mwD|m;VUAAZ0<pDz+nsz
zcac+%Fq=-mEV~=fQ;&HK>^c^@Ff=0p3*rhy+PhwTx;Lo3=p;8GRp8A1sax85&osEv
zKaQ%dh_32B4Qtd8N+3dwm~M2g)bGABImsMlU_~3|99SBxoTQB@0Z4G1N?vF{uIX5*
zFPf5W20$aet%+PO(VGjx8}se*dH==A7YGC7s32evr4oN7VC~TIicQ)oyM}}K7FvvS
zAb>3?=&wYMU(j>i_cS3f>&mF;IF<j@ef}35!DEcz2@U>ZOaIP=K#0)Z3j(7ZmHJM<
zaKN$7I1Yp_Dh^ijo@)#AF;`BI%z4#Uj)w39&v<3tL!fI*CFY)>KIY?2DmN&??EWJ#
zjzdN4D}W)HfK4yMzG&c=*26dYBlq0b9Hm(`sH)A%8eaddFm=d0i}7(zPYz=q;TD9d
zf)b1G4S<kut*gtyyx3Fl>nJ0bKNkKSU%^BYgLM=c`W4bPl+w2pgAxvIrg5E|0iCC=
z;H(*a-gJ;Y8s0}5@s(3s<WB1RNAQiv;Sanvb5FpC%)cNYZ<`cvd`!LJ(^QTRDx|b%
zMhZ+|z-efnOWm*UggtWG4?UCXY2p{FakrqLRrpOi%WImk04-%y;q-$%>Ggx#(@m`<
z(t8@#@LQM{n*oF&6yzT7(rTvzH<D~FyX|&R49MDB1uXu<%euGFFzzdssBVeO$fZVf
z9lnB>zB0DEH>H{HWoh>brskV+@;4#$p}u<j680A+_Ls<h-;y_S)x9aYi@a#&4@Ti1
z<%_pkjSsQ4{&*B!u+ujG2>6VhCm7un=!tmwuc-q38?P0uaQUT=GJ3{~q);J@-yE4-
z6{Pf{CwMzUx}wW#Bjt2COjIKNlc%h*Nd@K#jk?`F^?~KrR*}PznLH|HR-It9uIb%_
z^<3!HMWF`tKu@Jfqidj=cn?+77CFoeVs$_RarOjb$5JsB;JDkONzDdnTPPm8e|?`y
zrIY-ufW#XE`ZgIy#|D;R#jes5Bp49M>p46cyYs<N#Wd=gE_z}~ci^|!>Wgzv<Br;C
zrznybLl0N-l~uNPMU}hq<0FRB-&iq7xlvYZLano-6~Z@obZ18!d5e|(^K!`mNo5iN
zl7J0dYcp6#>Oea+B;|M1lq-2uqtYhKtpN%}^~+D=!aCj{9c;46I?}VqW2!e?6b4ty
zEA(y9H96`e6ewzyx|Mw*jk*gcvcFNa4M1JYVjz%#ub>eLYLyby<$=!z`6Ra~?S-A6
zKVkuu#Q*kW2|GIbc{di$A;+!sCoNd~W$ucWO#ZaU^^j#{YfoWpjnFHDbRm+%1Ga*f
zJz;hF$=wzm0UCZmLTDsID@MdM`(Li^-y@S4k(#HgLc_lK(24VPzrM`{Lfq9-9_V5J
zL;8yAY_Eh=Gr3b{JrfJMRFh=KH6Jjj)Bz^q4MqTV?1xkTi+h#Fndk~xu(X44>D9zJ
zzuq(U-cC}rOMnGKYy#|6?-i}uQg}p=<O62H<&sN6{FA+55~yR5eJjc3RoAG3c4c^%
z9iCjycs)mZp=-j{40$D_h91{IMT*qaDUsv9H#>i%f=IbuM!5fBxz0QOl6)l)$FsH<
z7=Z$*!J{sW$7>qLp9QWexQ7Pc=Jl$AzY(`GOaBjkTs6-P$ul(NsfORKy1)HsaIO=h
z+iMAIS>LyrB7$rHVhsiv77wX`0<881CB*=<9CO?$?jFVXN&^cd4&kZj5)q?0&cUxg
zP?ynBb3`{`RbXUwjKnKYR+*A8>YX$m@zs}|KAYb_=EL%K7cY1Wxu`<^0U_-b*7=7P
z;n5TOhzP%}g>?=5<Vxs-J>%>nFBBp>{+ICai3-&?54K-vBD5iz&_a(c>yIA8uMK}?
zH4PJj;k|2KdO8S?^TmQaNCCz1i=f+cqpwJTvwE)q31y*$Unyr1$ku@9<mrQ~MJ2kd
zQz*-bE%fF^TI_X$>EW~N>gpF0Ux`V<i_?J<cWzSj9Ddu$7KSrzD9Bg%M^n%))3!K7
zyvAMeaUw-gy*kdK)O9C_IE^39T834NI@bVLSx}#rj^(xO)|^LzS4~{RQsn5OGa^=5
zStT<Z928~T!GmU4v*|Q^+|sut%77jK1@BXmb`rtLv`+fwkBn;2B4EQP#pm$kCP?C_
z*^iAG<-Cd9gwtnCd@U(Hb8alvK*J&P5V&^;Xdo}=P_70I@(;8ShIZ+n!ZCxFb!h)3
zk^hQuvN8!Dx+Wu-o!=@yvKE8g6zH4HQLIo)JRh^-<^<lGHGRgz=$USm?OYVC_zIW_
zpU}Gh{4h8l^2c`%B?Wdwkv*!RPn_|n(NZnC%U!`9{9>bMz{rs5_@BVM#=8ZUG{akh
zAlRKyN#2sG3QjO69MNJ%5;C@qt`j4J+xQFBKAJy)_3%8R52P?`^xoFA>|4@d@WE0Y
zV+uq0;m*MVOaz<K$5L}3&Z8Jz5(fEp6an?>G>08nPdZ?B5ru_Z<)tW`LuZ4H0?_Ll
zQ3Or=nx6SfMGBliCj$+P=pM$j>=Q%&Hc1$2t#&nzpwAg+-_W3Voz?%y|4LO*_$sra
z%VmtdF0iXwaced}&Y1&68aehmU`9smv@H$C_LLqTilYQuW`&p%3NR@MI8o=N>)#nk
z<#T||NyBTfrK^-qK~BtBze2dc@&bzEC|RC4tnaxqIuka*3y;2TgpryDYLOJGkM^hR
zqFF66Xswoff{Z_)tHjJowC7c;yBt!>iA8tEgQLqnf8Ig$m&`}fYIn-*y|p1pQ?gXi
zU}f=#d<irt#7)5GAUO$i>N1pYDkx!u>Lw#<CNFzP;@a|xn0+c#xKinwiJH(UD%%^D
zXS`V3BbIZNr|uRu?UG56=6P|sJ4@2CH-BLFljq*l=m|+?!P_4sDV~>_1|~|pTO_av
z#RX5%b1)POwb2+RP-Pq*P<MBiX<HJqHJ^#g6^qNMoF6+2V|ksO&oL18eY=4LSlMI0
zFcrXZ$ppR^Dls`KdsO-myq5|>fIdi%zl2Wo^j%loblQx^`i+~df|zBhHV=T9ti^X&
zV6vb@GJu?kZxqgqz<A1~!elzT04<mv1*Ch%pDi-zfWa-A=8Bo-mQL}4o90^GIX!U-
zsPF+>^QrwPg8LhU4MizdnVJSZLRLNov8)rvQyS##Qqj)4{`Ef+>&L`e(H0MmF9H4<
zANiPGz>cL@ER6K_MRwfL4LcD@z=H+c6yg`V<@rE|;VWcqL-%?aRt^cW-F0Lgtd_OZ
zrX7J8I7A#@fR_gaY?PGDctWoo-%FMBrRLPB8s*yn`Z4DzEl;99EX&7y@C9a;kv|3d
zoSlITlohN|B5=cq>)hH)JrAJjP)At@3#cEj37DIVY(4El0wQ1gn_vyk{1V8~C^dyq
zG}SK1m}OG=QTRCfyD6xc=@s|I<^<=zN*2+IPdT@vzW44hzZ5pP6t=lsHojb*SgF*%
z#17OGX(=(F5>Hob8HsF}Id6HkguvH2m0ZEYbo1j_O-ftTOLwX^hT{Y;aMGns!@G{X
zKll#&WeiUAcBeE0Gfq>HEPh(s<HVnL=sr0x`_!ajbLl?E=oeifZP@GkYe$A;=RJpL
z*WI;hvRMnAYo2xGE1wQn+Y_C4)hnNBRzHxAYvmi5m1%<{t6_TAU-1vp%C{4vQGZoW
zaBRx2113vJs?bh@O^P2kC??|+Ekv=%aW#^J`~{cE32^g3<DDHgItV|c7+eIG1H}dY
zGuWu}By+9$q!VuTVV)C6hA~||a47ni^#lCB6j(J#ZP|6Ko>oFK5}GA(SQD>85v*rA
z;$k5JLu#fLRNKy4VvKlmL=;nT;V2WyC>o>iF~-ECAVR4WftHA?i0{|4uad#n4<4V{
z*QYF}9j6(uTdx>=2+jcfFh<Tv`nY_;LHXaS)$|=u9%(kgZS@ea3mju-AzR8p>5z&j
zTt?4=9R*RlBOhacRWrS-##|Wa7%fL!s-r4BtEaPxxx{?Z!fY6<B^#5q{9Few+7N&3
z+?X>npYPbkYz4KK@`!i*Cz$yCiRxwfm`;Z;7@_QFuB^!Z#7t<BnUx9X_SPtcF|kSX
z!C?-#-u2sh!O76Cmt#Zp*e$sbK1Wn10M9^U5GRHpd+(IFj6eI@FiveA6myeL<g&Sw
zZ$|dothH}jTWIz<x$S9aPM+K^vnvFEJW+JV+>`QV-0_dZ4o(^~Z)%R7P^WSznvdQr
ztt~r(Rxw`__q#zU-by#+j(RN)kK6s%hj?R7##e%~wisUWX5M(CuTG!zqp|j%<PY8$
zqa3~gnTHbj&l*(7nvZWV7g0Yn-q~0aF6OguboM@$PF+!%UL2*VPVXrBEUk7B)g1O(
z|2TKkdaI+n%6=j<7{O3W{pxuHXSi9`z`aKBoV=ct&8MS1W7zU?hwpN<az*o5Lit+%
ziE!X5;JjuuALoeG3teIl$DFOI&CK(V2Jl28Fos1*t=&*K0vcV%c7#XWnl$yV$=FNV
z98v4a*vf1=S`~)uR^g$<wi`UORp^-P=%jQQdTX$k;EU=_CI7ez@BnX8xCmv1GOmg&
z!D@~mC^>kmEO8b7B^k;8EtotQr$tNmJT$a}9ONJKB79ym%N)I^7Y=E_k~)RQt>_V#
zo2V|$DQ{s+K`9+YS*d=HCbI{rUAFVVrdNMKYUp0*yaltn3!B-$jHI>*D*>&4HuJs#
zM_opE1|5Rk*lUPRG99;C+u*8r&+Xr_uv_^~{2jMe&&;0XYF)O2)XvOY6muVYg|nAe
zWwXA4TvP+OoIG(Zs${Y3-<_5;y4jANI??}ZCf>4tah@P)mC|l;Y7crFJ~ACVK|M9L
zbvVAOENN(uWcgyapr%5Wt{P@-2c?{fr;}}z(V^a14>;3NMDP$L9#><-Ct_S^q1N#6
z|7~0e)VP;&HWP!ZzhB>>YBls)NCF+Oi%f+pv=nRAmUVfl{86I29(tbMK?=e3v0tuk
zC#|XKh@kGgYiqh+41fOvn7Ff{!!Cb+wfyMv$eG<N$BE7TeHav}npuL%Ld;of&W`js
zztH@Xg<r~?N&$Qu>?TKttEgXunYlRaFjsbzY864rc73C$w4aI1*n1}b9td&mSa=n;
z6AbPYzOBC+7}Jwz#PvD}>kvNsM44;Mwt74;_Bh+X1mipPQ7NN(Sm2o|0;~W0vV6KD
zhXRIYMWqMJSB<V%+Cy)Cn7|$@m0YX^rj<?oRu#tMUDK*7V04zz>@a)#a(Or8ArN%U
zDf2~?VXHc=B(?#fjOKmg*5@lBFD*G^8y%YSssmGdezeVb?cHG={G#W?`5fUE%osaC
zs9<*$OhY2Elb(LUX2k8RN@;!dHC=sr%3jLu?47{cvd+BAO66`fPO^QZv5tVy7)>o%
zb$~P5s!)_lTCK|Bn30fo5SNOn*u5W9vz`^!y-Y^KS;X=u>*vBo<nZhDk8Wzu)as5K
z7q7CF^e)2v^hG}1s2mN;uG3$M#1XvU{&J+H39D8swHNJTQ%)=Q`#-H?=U4d-fU>FE
zg>1f0mJMYv66(u5BtGHG7n&}+;fHRzvKl5`Q_d6ESX`5nWOj5^T*}6uh3jo4Q))_?
zAH_8t&9-93CZFLfR4FjtFNU@v^JEQH_FJT(&y7y2JzOSCU+%gW@0pRc{3m7QI+BKw
zf6i&~id1~MI|leJOChe?H1!JFw|Zrd^D+n1^H(y&V5Y6MRMo6Ry=38EEpH&-7%sPi
z1lSOjc>k$-T?8!!%-S;DLPY;NDCu9lxP4;3QfQeKn|&SjU7d%1jOq{_dEd-1!Rc!F
zvF^W;uPpk+8V_e33|TXKepQ<ORUmLURgEqtxU!KZQ|rYq#+9C$E!4=}?6#`D{Ocl`
z7GardH;R!k&r?m864eZJZ@ddEG@B*+u*%)^#QEYS>UE2quzA(t!ZIdR5yNr6J4JPi
z6!VfpW0j3GC%^Qy83e3Mw>(}olG1VUHskcp@qKpL#0fqrynb<gYG<GK{+qD=ZqdFj
z6S-;$`kj;7_A|d7G*4G;lybQfBIjUc`;qqPv@fi({iR;|B$bKQqrkLby7QX0Q!O)^
z8GLcnVEzV=bwkEyWa%-G+E{8HHM_r3Yn2f83gK|L$|5o3725W4nK86V(DQQl98$~R
zt+T%i>aBxNUlZ|Yyq7K(_1Q5J2C{oA@NdQ_haba6{`I5dC9HxS?G1;>FdLPuZuQSa
zVQ;yFH_m~T9MXfq?h<a#&K*lgEtNOT{w25`(?8DsRj?l1yIa*BTyCM6mm^5WZ9B_B
znWc41<^9gi^UUAxA(Bg2J>{_8JbPAsBKgOU@}d+MSJLVMS;LA^zt2*Gs@}*C_^64I
ztneSKQ*1}q7M{qgXCKV3tDn-i##^ALy4!9Vrys|W-AE%7qNLZr>^0ZOsOvS?#;9F|
z*`c5MEzQ7QjZGEC6(Y0KI%n(28Qse|8ZNtPk(nF*UIV`HwVdqsH4REwo~xT?pbz8M
zM!mSnH#+M6maFeph_C#$90ymotkCat#sY=hnCtZK#5qSWQ!B#LUic7(#>V;}FE-3g
zCLfS@bhp&~K%a&zyl@}Rg4k&jKbSvHn?_j2+q<Bn&7ydjQg}zww<LprUnPQ<8X0Y(
zBK4isazLF3l~bzsXv&2|gFV`@gPc$}H``LbL3Uvk2eYa2u?WgZd{c9}X((tl5a~z-
z5D;GmMg=B%Z3IptOHDsPgqk!0uzKiLEZD?dtN?|9zqHS103t=mxTw@k82T1g7D&V}
znH-VT(_0{}hd(5wi@e3!hfU2TA1$1(jlEk^e{XwOoU8gB8+>Ma5+9#-M$A`*i(2Wn
znCYkSJwExKdu9JJk6fN%&Eohv-S9m%%+Oy@xwCMdBX88sbG#6{F3Vh21h?7}w_RN%
zUiN<QtDM_^%|;d|Ev}qu@O~CqTFt-aaTlc`lkNhm)Ik0CD1%M*H~6585i=%B6D^Lz
z9LNDlz{iWzr^^gTpoin<6GsRqv=e8Lk9i{s8IA)r#8Hz_5GPlWT#k7*_#4MX8zZgD
zHb}s&OTEM!5$9&%gB}rch|I(_9@!}h&m<Zuiq<4b6-8{}{{mthBbVYm9}<}3R*z6T
zgm&U%k9aHybNK;K<bi=O=Ww6+@i+qsyun5FVYd5`J%#W9=)s}ufUWAl$?Aa2?EMAk
zk-7ERrGv)lVM_*K(jfimp-qM8gZM$HL)^vvisK;0>wr}IG5?`3>H}K`O~-+18E{?s
zWyb+`?g1PPD6oUQ*#klCA!h{=wgHgH!xY=2&<?P)0l)6kenQ9Q{n`kT+@WUoIF<&i
z+=21(5i<6HRZ6eP^D&!vmWwo(;#`Yamr^zqz&ZWkiei?6;R<Y>(OpV$ml8b{>@I{(
z7tA~SzJJMtKsu607Kl0$O6Qs#F}6kN%#pVFy^A)^;M)?7=d_+--y*RKgq}I5i<3`K
z-J(?HDBa?dXBwU{s0&6<>@;~SPYl(ibZ1iUA-;Lj3HafPSmo74v<MP%7t|QyA&P3_
z>WuLn65Aw7<I)!t&k3GVKE=KX!Nw%(lCBAbN5t*owh5g_6wygf=dhlcJ4KUc>YOp}
z3-?dpoZ+%1O6Sg)vR~%-$>#L1`9$Q!FH30|@=BJXUUNChd4$aUWMzS#?trg*oXY*S
zcOXzi{m@+o$Wg%#d(ejlATVIyXMb4rp;L~4+l6itFdx#A5+xnewFxpMP{WBL$FLC}
z{{H9Kf6|oJW-Ax~fc0<s9qYf1{hOLN8~tCVu8E3|HPY$-Fm;b^nh%efZxK%e`}`LL
z&BW;#U=YtdiJhcdnOWqUTom0Lyibo1KW2Dxg<gsmgum8S1egBwyJV+CiC(f&=EG5<
zSkT~^nE#bF%B%>l`8y{w_bdbq*}Tc=|I*bHXqsJ|yL;-Bv-|kg<HqK^TZ0?YzrpYM
z(Y=|?qlF&QJwh){X?<zLp+$2h>r1HJ^q^!pT(RN7b8&97y;-r?EnsQ0P}OZZKViXJ
zJzsb{Ve%`wMO}dDlx?+{tXaJ_oWZVjBDJ=%>&vjb3-g$yMnA-+PPUwf)HEqYtVwCk
zDy&o%Z8v0i(GZ_5JF2$WK7kG?SCE;juk;L5P;gr0C``kmx^M~Bt}g(e)|QC1^lU#d
z)r`@st0+Nbt=7T`VkTm<)kGN`Gollk#}xDP+||YM*Ys;Ua+0aY%29(BRUiw|n158!
zQj=23C`_IBeyWI3sIreKMvaab+<iLnGhVYyFRf|n+bc3j)3&Wr+&rR@Ic4cCOL3Y3
zd1(O7{Ra-jtGmV7S+o(%Z_&}e<WgPWd1y(l?n-f5wo?b2;aRn_7%Y{d3To$xFLT&Y
zNV~}t7?*4?XJr2pbnhGKmkba?LJK*xB3^YQNrX5!QG*?JouFQ<5RaTMC4i+9Oe8D-
zSu7=ws52qTOrW}LE#F}r=Hn&*qd^RdFDjmcVmeNa!B5OU44JMDhMJT<4RJ#*M$DSY
z9jU9(5vO$$R)vo+(DuPzKrSvnB)qgcsX-!a86I~w<Md#j8}lCf0T}~L060KILJV;O
zM3;=>%Itw1oPmNMBJxTu_7d+Qm>7D1!Awk&2hmSOC{T^4m4kdt(u6`YoSe(c`GMVe
zOD6Rzye5HO@Z$#q2eEjKgW0K0-%jtJeakKSe(Xy%1qUG&dGnD9{E`YxV2ngHis+-A
zs|m_W;D@FUWriwR=vStsDM6GBK`0P7V^|8=dd%XM%j_PD56(Px{nl$ov*;+i`Ba1V
zT9}q4c<J(DfrqY6T8o5jK!&9ZD9fWwC2KB(?C?%9idoPALs;5-V2H_5mXDBClqRP@
zc%r4Ve|S3@wTB_J7LL(YW)!{)8D(=?P<fYgKcG=yuOc@#2jozlM0t&JMo2(7z#-d}
zY!+@`r)Q>uY!>YY%Jvl4ARnjt!`d|z$>_yG3T;iZ2RHPfkZKnS)=82Q%K~pfh>oD$
z6PWnVln9-OA2|vio4aCM{uT;<S3<p~osO`;hMaH&g<^qFY(u>#cn8(<&v6*JHA)%9
z5=MCFLA+{8ERuvQ8Bjn%e16glLb#p5+lrPXXc85ViPrUkK$tvPlh`3FK1H&uKxR0y
zd?UZkvBIVf*u=SsdXG>zK`I7;ch<3*yC!)<Vv8=5xHpwy+IGw@YX;($BH6&i1b!1h
z-ypybATNhE69Cl@kU-BCK-fFo5i@mM#y5%_|722`jy7`r;BgZWXOf-D`-{@=sFz3;
zc;%nxgw#K(W9PT`O@P*q`|_@p)mq@K`l=SXe~yTCzUf{4uf-0XKIt=sqp23R<t9#f
zj`%!6rz0>Q^<F++rF2Zbc5d(QCnojh+85q$CskJHtk{^3%xy!ay6(<@XCXFr;=a=x
zoO&O|GLEjUetpCFuh*lbzD_oFl8b+keZPcT+<&j3L*tzHW5H{Czen(Yh#cQXysj7H
zxpccnK50I0{<!sgF1*=!m)^QR1HYWgdAGgHg0JZ6?P4j(`Cj+OV&>+49}VzjlRf*d
z{{1=Ey4<S$`%n26JTf_U=grORaj~-3>)%pHZH`CLo&JZm&-vQs;GZY%#|5j4_mp9r
zc%snUZpX71>vN@-<>YxOnO9nDub0+M+TP@!lW4o_&aSrzPr<+XR4^kGySKfU8b3U8
zUe;ST?5tH>rxD6b2y^JnIt=F_ERc_-Ol05RNAXB@8DEvG*_{o?`x256Sa)ARcDqs4
zXqLhipSid4G1*xlgL^!t{xd!|sF8uO?!$Fc6eYG!ZWWzw32zT;ZGbBm+Nj@nxgG|K
zN`E1;Q?M37f8u=~@7?}<Q+2Cvp#1Rq-X9m*U7_%%TX@!b(|ccxYQYWttvlUHHWQ^Y
z3)TB@A65L$@72Xj*^VJ*`po@4E0>WIlk57qe(N1W>v^5obaMML+@@<Ls@49dBieO;
z_w)@M8snnZ5u=Ee&|82uLch;7c4f%>;qvjC-ap+2+Ik4r1ynm&Sr?>s2+{-VW`yy&
z7wwMpO}G=)y64-4VmIivPq*KB55MCtb|>3~wL41x1Nxu!t{lG6y7*UIob@X%{;#wb
zQwwX8|Bv?Ktq$ppHQc`HX<}92KCn@_wHl%#&F@ekOjwTuV?`A+fOBP!*Fap0gP_4k
z#Q`oRK4@|i<OrK8G$3QH1VN)lpnV)75B1~?%d@lm`o0j^(zUw!`eUlbi(mWwRh9mB
z(%Ea*^Jc1+vr#{G8o9Nxvg7G!_4Y)XTWeY}d)letbS1qZ@qF~)YMGZcnL3i1EmLk?
zFONBv`UL{#9%;Gh5FxALpcAb_z7fngThys!vU#33#L|)|hxUv9v&udQfy9NpKOcXN
zaWZi}#XdofG~pn~5bT(J(Nmv7sp!0(;s>SCyHdHw!<-b7q*OU|Dt4rpOO#9fSomt@
z5h<n9k(C&>bR1UZO)YmY2u)^vK6VOrDK7v9`^v0{Ao=T|)T`4?pcY0`b1PNbs1yUs
z+WzcX!Kb6EMJ0f%5^ZA_l!y7I1qFlbxNg|0ldF^Ix}ZU>D48swUXG2=ByL$Ftg7-_
z^hmO)=L&Wet|)&YWeEbUNQl9^)2#Z=ZJgS0?#s2TgFS{1hX#v0*<xj~POF@}f_uVv
zsdf6Gi5A2j`v@{BicZX}c197C=wFn+(NIOQM<8?K8u3-`-9hY=d*Kk_vv78y_?K7B
zv`H#+Ijnf`Fti<OJw&^QE7P^35);dc=X&fjfp0U{(Nbqy%7jeqtomG*Yi?E!yFyb_
zeO=-dzX{ED>=_gujw@S7Yq^ydVBVO0vPjDIjIAhpfVeb`BEd@0=ThlhkgY(_3y_Oy
zQF0PR($%%E-oV>!{pPaP;q{Fk!(bV%mb_Wp3}rR?w&l@vT{iv`(@i&f208m-3RV`*
zepQ7hN#EWnop5c@h^r!TXAh73mD!^GH(_m<J&v+4Q!=*(V(;JhP0+Z+j)AuU8-xF_
zQ1YvYN&a}xue+&UkaeY@Z!k&Y+6f#_<8&QQi4VN@8Gd$kX=jhq;W9{T95P&ImPIy1
zm_lQaNp|vag?Fy&`~!u<swtDVs`R-nEsoaUTCVN<R2!g()Nn3{aQ-Kx2}|5el94;6
z8&|iEV`cc0f1O7t%J(cuM*WX|t`3KORlqQ196ue*gzZ^PgfJY{od5JGZA&LfVny?|
z%JJus!C7hyg}1_#k$?q{E&FS`^ifi(fdE!AFh$_;kOBw3lOE~lzi38{BW`iXYuT@d
zumfuj*IRzxYkCbN{$j!<q&-eyUQlO#N$iHl1fp`4L)#UVrb_FSPjV#^l$Dh{O+((E
z+BKfN;5~ZBfwJeMk$OT@THC8%z^*9Pa!N2w{s;n3C>yDGUaR(!x}L^K<34l&G#a3g
zU6L8*Bf?tMh*0v1K?zH-e@@Pps5TrVGEc7E2C_6u?nmq7sS<KjB#Ml=%5$hyghHi7
z$_1Jz|0B!h1)~<rhH~ysiKXe%O6ui{apmEebSGkTmMy1hvS#ghgh{%icJ*~wP1MDB
zwZz|r-`L9ddr{AVd?Jp7k}z;ai8JIOh{`#ds>)YlNJH@oJ@vL-IYB*V9!82@?W2*Y
zFiW7a`KwyG>O!fOfDDR`f0@af3jWhabGuAyd3A;DNG>alj*W->I_h6d6<75N+u$Y3
zLnEPeqIUxG+%-iNyd_wZzty4%o<4C5Wp6|Ohpux75-nP`ZP~VM+qP}nwr$(CU8ii@
zwoch~%J>!Ux9*GkB35fPR%b`-%$PZIjz0m7SVEhsXSYkKz((MAWR{Zyh5FSCwRZs1
z|Jo|UsGdPu=w^syns@9k)Q~!_48{7&7-X-2S5$-zU5Uf4;9vj1+<UD+%m&cW>Zoh*
zh8WSofyCHCEj1#61CPd;@u}*Lnz!G?-eG!yzi|u-n>qYJWm)zDZXq0CnQ%-RYlKVa
z4EO`yq~qS;)$x!FQU>1QtH>v-TlZj@T)VHs$GP55PGwV6Ez~+-F1RCEfI>s!SdM)2
zWVlTUm0g3``>c=(g|yEO=pU8p*qRB&x)PHk7tG+1Aq!57WgZdCGL2$Gl;Z?aVYVU`
z%k@fPb51BC*&qpM+xN*Ua1jQWNkjO`%P=`oAUSw%Bh`Oau76#S8gmgO3yUGsER-Sp
zh`k;2z*+K+Q~7RF0hicpcvMgb$+lB}|CR#h*YpMpGDU!0q~HU0Cb={Onhhw6EojE}
z2o_Q#7&a(^Vx+ihK*#P0?35eM>{B;5*dGZ<Zq_p56A582vD`Y+GE25Qzp<G~3z&fG
zj^rmT2@O?=z_JF#Hop#VWX-}SZzvAIhD?Mmkn7pXSHVeL(AY`nS7K#C@htpF@hHHs
zX@>RwYNb{Wjy`o|B90`^$vr7m7iMi13|Adt0QNf4Z||4Gp41>V;STpKe8a#vi{9P>
z4Z@vcX_F*x2o1_C*bWk+c-!90uvn8xABdmUPKkLU?XdlZ#Nh#^kD@b)PHmHz?(96^
z*+gO;P|okp8;eY^ju^3sGVm8rC*rO>YXB^l!;OSsPSgYDO?Z>0u0I~Ay7ESI`1~Ts
z6%q3_0>-D0ZcQfou6X4b4T?x{tlu6r2qT;XD;^9jR@wj@)V<Q+(Qw}hq>XYmTXjCL
zYGX#Cq!<gWMiDC~U?5VFG>&}y3?xQxGJW9g2;~oqWVlPK3<9md#TU(NdUdLc7Tvm#
z#xpo|2W*vC;RQ>SF30*|x)Rzz_j$my!WgXzarX$mO@vc4(^^vIR?sxBnBka)AoSl`
z2EvM2eel7NK#J^*!FW{-Xagv2v@5Vmi9z8;M!qdz37vNuzN_Z;%VxF*OinCG$ES5;
zuv6^`Ujkhs$#jXuuTC9g%S#G({BY-$YE465hNuWy(7~F?v{KR5)Udc9c(rIbfD%+1
z3N+jKpivMVSw>Al4P>Jv0hvv5mqNX|hGo_u)+vS>L5x+E2RqnMgV^b=RES@zg0^KX
z;D>3Gk!!*uSIJ|N!!9J0^yJQo!=w%8Roikq2rh7fAgTo@8tsi=^ftWYeB({8K3yE}
z3xs|t7<NOAwqfWRj977yCK5iRff8fngNlk_HPPp5L;m8Ry_O^7wbJ_i<C~Sh5F@pn
zR$)jh&{pnzac6XX;5BlIRBfIYNu%thGuDQ4R?Df#x^vQ?Tng0k04JnD+g&oM8&U*h
z!{CZWIz~|IQB#S&ZQr0AnM2Nn?r(uRM64-M2`uIfDw)Qihh8mMuWL*KFPNmt1gQ>t
zG)E;JK)4k#ZK^t+h<H?%h4Mld@~JWt*^=$dg+FxDgM2?a_j-0yhjtshhvJ3>Q`+W6
z;K1S@NEM6Xj4g+DBYGf&G@YxszG&k5QX?`M8BD{hKOU6?#Ls3Po>Pg1n|WxhcW}kK
z68g)uJ#=MK`Hymbb80Y-q$(jh!`w?S8aRl_u?k<%>aRKB+-$v0$LS?5?I%uXZYU*`
zszyCDur7m@Acgg3r%oPOx(d*lj$1!-IQwJsz*#p`@#9ndg*y18T;*Pt@P#|uIDyJv
z1Ua7wAi9xUxh%MQXTz4k*+e|vbRZ0MaP=dM{6H&YQ7Wark=bCr<EckOf>?A2H!>eD
zA}1ErE-on_#XtK1(xP{BN$U0zQk>q)tUhq6VRcfb3|qo3kikq77meO^EQi|%-mg4T
zumiK<cpVgT3eRRH&u)a?OHh|V#631$0$z5YfCW9ERVc3R`cy(OS;2Iaq`ngBrIgKT
z#z}!1Ow808U}kwCN{hT@W#+uq73de=R@ws)cG8m14ZOT{ygk3iM83XdER2^Is+qEd
zkO4AV<%h?2O^U8V_+m@B1IKG1?Mat<J#_xXWV@}yEKmI6SX`gev&!A`f|YLi&K0T)
zfrHFJrg-LQ<nO&}<27Pld@S%ASAFHUx2#yc!Das&iVbSktEg3NVQW>@m53&uIc}{i
z;$e<d8JAr;XZ}leoY?|lTx+-y$GA-qpT%npT*hj6GmS>zo5t_T6{3ihnBkYow?pO7
zDf)<KzI!Pbf-qVd2(?iBQiJxNAY3!qlzR2`0D~_OQLei92SBSzu>DQAUc&VWb}Ad-
z)|2@(952L{T<+~AU6^1txLd6OIgm-g0<2L38>AYLZ*zf*5n@^n>fjZ`86Ret-&oSQ
z?1{N-a&1gMN$@@y!*r3?(z3qAZ9S<|-U+fyCT}o}lo{Z?sZoJ7@A(-7Av1ltbubDC
zw$Bz&d%_k^ZPaJh0X8HAC_C3KYHAO-2zJ3*V&YFI*2rDTiL!lHhtk2ieiteYUCLYM
z&K>$PI@n=#NH@sWobdCNVe*Nx^QO~IlsJw_*fHkyZn1``0C&K$U}T5RGXk5insJ1_
z-D{eI<S9j|Q|Sv@7VN{d(0MB@tLd&0BSI^>MJhuvO=F<zoR1tKHH2vcXrfQ8de1I2
zgwD-+=dA@=J8m!DVWcOpfnG4*&VzF79rtttZO2Z#5rNqA3cGtKbe|CjjKm(yux*m{
z)P2L?u^Cw(Y&~zYnn?RK?SCTXA@=eaYUOq#%UA}~HrhG%>PMewAXd<%CvI6&Vy{&I
z9gDmLnTfz&&_0~G41IL#D+o)#k!?~z)&dRlxFtfW47XTMK5fu!<1JqikG4U&(j@a&
z&m4WgPPYZ4upVo9Kw6<Y3&Xb|d1f?&p_wMkH5qWM_Uh}oj&wS$b->=+TWg-z?G}gb
zm0c>$k$Yf+7<%aLV@Wn;sq^=BZkD%Ek6o(n`51e)i+(Xr&M&uRyfX|9wQbo|;636E
zmxb1Fe|NY8cb6qXunD{sQ}_j3ZvrQD2V6gU4f5bYKVIQNcgUMR#nvD(p4snnA4+2v
zwk4C?M@MOcbKH0*%qp4k?SP&S3H|t$U{BKIu&PK?=1;W$nMDO)Ytdv37&&Ys439In
z2{+hEjJ+c4{Zn-s_>&wQ;Ll&8V0Im%#Bu|K84KT!!xaV(<pzCKBK{`4IG``Cw?n;N
z%M_#f6z2=#=cm!I1p$kLZ+R&1A=$cR!>an~)5c{di0n_Zkaad~w8Cj8m~%Tj`c~}n
zZSKAC95ILo`>=Cm(ZiB|OGkP>;O*UzMY|x5fCsEgG>gA>j}KhS*!1u9&W0ThECy%8
z>-SR4+Bb|Q%)K4bDLkEE58+CVLNCa7FXcJ1G3*-gitZ}C@uzmu`^K(-#`dqbBFIY|
zU66Mr#7!yDs|mQjl%f2hCX1j0{J$}~lH;K(yqq_(lniac{Yt5!M)a78BY9{ydXl>E
zVS9CwUG_l%JUcCH;yGY0pW#F9AlN_`V2S)dMu&MElo#Bl<Q>4^Y{Fa3fgA8yv3;Jk
z;e2(%pgPt8w@G?1?sKbp9{=?Nhjltn+*_>PW%rKw4D{_6_!<wmn!NZ&^B(U@&;kW8
zU-brX0t;lN!x2cd9DFfny7k~DX8+jPaqA{@56GT=zR(^L@AB~N^kHG8^ziPoD6GnG
z(qqGVNWx|Dad4+se=ZtiiFm0K{Lly5Pt(xr<dk^H+lg;cd-zK{6QxprZ=EPFov0$F
zSU8D>9i(<|l_TLG2^h<l5R^xdVTvo$HQ7A}?|l2tp1Dht+snmWb%Wb#DDP0Oe1_NI
zg%6G8k7>|i-lT;#xQ&l)skO?`3F|u|)5%K%`J)#QZ=}3lj6A>MO#hIUPm8CQwD=0n
zSBXhK<fc8v_3Zw|z*216PWpv1>)d`R8hMEtux~VmJ+*c1Rx$K9kos^874NDCz6ZP>
zdBwhSD$E>c+VDQ`9^K1Jr(1-9=RxSHuvhrA#v@+qy*Kf}(+BrLfIOYsq`Qp0ix8hX
zPprXo@wf8hQTfuOTfi6J&>nS5!palY@mN@apFb`~?r`U$FQ$ZkV2++;nf?IgzDno&
ze1&ac+T^nA{d8l*0Y5dzuiJ#2egI0hJ%aie3AA%ZdftqK{A$d!pC3?L{Hq!02Gfj>
zZ{cTZe??#8D?mRTSpK=|Uf?hOzRUO%p~Vm)<c{5m?ij|yx=a%26?>qP+UPm)6~Ut8
z@ErSHcLy923U@X(pFAqR4=YtHe_)2?4*?7DO>7}`6c6f+dESay_yt+k9(77}RUXs>
zw0|<*kso^juOF)I&sU|;11739fBH}C<aA`sQ5qLI$sg&;yI>b8jXyj%zQp>IITRP+
z3Kj_XsG00rT9r>gA$RZrqW63?jGge1d>kcNM=bP`)<tzp^p$>jU&j-*SC;Aapbuz*
z+g&x>#kL91b}%I`zfku(^kZg1`-^E7UV-2sUEfj>-&YA<FO@{8?eV?!PO!LIk>h7$
zFnI?2k~Z`!8anj-M{0BuHn^4QYR`b!4Q$|T&$?Jq#UGQcCHA&+vyZwpJ^yIKJ3?y9
z=No%H+$^E@r~7ub<pt8xhgF(DIL;~f8T+j;NssR*&_QU})nU<pvgJ<t)<<CiQu(il
z#9zA9e)t4gdy!ZB9<ax@00osF>4s7RXWn(3;hl)o=ofDITlWBj-CIy?h;D3yOZ==?
zeDRy;(3{iv1BEGjR~Oe;)fcvR<D8$o&v)_xto{Qrhu7}NAJ=K&D#2Ya{rSdkA-o^{
zBa0tVLw~pWw7J3^eJW6KKX_c){d&i5a-=)ZX9~w3?S?M|7vzX<bIPACtqJMe-3Cdt
zKxV#>DRmKSUxf9uWY=SRg!ewEk8E#%O41+x-vQDu5?l>ZMMWI#x(t!R0>wm;*i8ZH
z36iK9D2S~|0x&8;EV*IHMz#PuOH>67G*MJjC+N_^2qZlK6BD(l!b1d^6)KoO7z8C9
zF;WVFg~KkPN(S-gKHqt+@8`Mp<zi(M%eHFN6BWxg3z_8#Bxr(%w|BI{BQq>BPeZ?;
zTEB3i&aTFg80{=l6%>?<>-dA-o4ffE;UgoiF|JEMv|ucMsCvHrfE2+ettjPgJQx{i
zLYshWIaffSK&qcy03<608nOj5UxFc0AXFgTfXTXC-k{&*-FEy_8KR8oi#X`K`-h+9
zFHD^N@T*LaW=$>R0C`TgGX{82N6b>U8O}})vNK;f8g-d6Um)^Q8uHjpFxJ?I!Cd4~
z|KYq&oQ(Tn3}kF`#*zM@%Z1}X%!*Rkl8#+Y_f3rV;<=%*=$41$#ly*RSCXd%9putE
z2AIQVb*9|g>6PqPV2;iJjz7iH5X2zoJ@NW2ijv%qF^4h6R3&L#vidA0GAMa^4l;k_
zk)qRPnUm3I!ygyDRR^9+PA@R=x#Q*bz@@p^>3r#iNM^FP9KK`!eN27+(C!y!U8xRl
zt{rh7>A`YD8#Bgt%yN1B^1gD2MT~lK3Byl)kck+4VhNK^gus}4Uyy~ETapM9UrI6v
zLoYx<gd>(8^q5nIS!3gau?sn4ozQ=#ppQ!(j;36?>CqVFABKRBF>5@2crmx$o%l}~
za&vIBqpa)MUMf6FCrE0*yzWx#_V$|iZx^DQE_r_#zA&xX>(Ci}4S2|wpfz;kH?%`9
z_?l3Xq(iT8S4N+DJdtjX-K29>rOCZVJFB?$K4&X+JQ}P1sgrjMMVG1dL}Sx)tN7K`
z+-Q+g!t?#xyO!4Kmg=mQ<Kyw8=J;^k#0SR9o|H+`tAxCJCF?RKuiDyIBW8Sg*j=kS
z*MF?+aFZLa`R>xb=ybx{+`!^E#%JMn8PiZTU-!wr>$NiJSY4yTv?8;=u09pr<}Bmk
zobT-?d3oJImQ@>w!-Ji#S#cUU)@rC3DmUAl%GYvXYRmhw(XUoK;x1SJtk>?Yx4NcJ
z&*J6M=yEsys4ut0UB&np;3ec`rgsHa*r{o8oiwx-z5~S0PSqqsx*|O1+7cqpj!Ji{
zqsy_ntG=p~j)lQ<sHL-)v~cm=TzDN-OG`8+y1H0aCM|BACw1~zOQRoI<38i`qsU}|
z??FCZDc)^$G{C30Ubw-^bn2{3y*9my&r-FyThMXjd9>al+7yG4xjsH9a6E7FV4xUD
za@xN|RG$D&mOi^y`%$hpSh0SVsan6Fp`O;GC7|EDc1>@dmU;%)m)7RVekK+Iw$p%=
z8ZPbVXt8_!1*!d~mL9$%(`V-KWRbWR|7WOu+`dQwW%YdodyjW<I`7Li4E!dZ&$`Wr
zaPQiSPNsJ0$K|P^uGm>BeQ%~p_)Fe?bPgva5{)F&mP`5WxZxT&ThClMk%h>ug2nYv
zVJz>Jb}qhkwnNjtkHM%=zx@1oQ*OzyH8b@mt-t?hfM#TFcjAkV?j9fdg{QOYQsCiV
z>nbKRl4z0Gmf2P!zCMp67VL6c#C3M~YWAK4cS8D^lZmzb`B7;6X|~<t<<T2O$#&12
z?$C%$PaJ}c>E|2xWoB1c$0b|%`3pw5tv6&-re8Ke^!X0RWrkm-0qs#N$oceA|15G9
zzM(n9$q9&J%u=%r>JiJX(`s5CFP}`g_e%E5cb<k=!RY1&1Ak92Ek?QfGtcfvvnSgT
zQF;oB*XYN|s4}S<X%e}FblMVpuTD5R_x(kevOM+69}kbb)_PaWsA4c$%^01+7${kF
zG0`8>k|GAJLYZIwU91un>ZF4oPLGRDW6ml&?~8r9msSdsW?6#&NOr^g;OHP%+$kEO
z@TJsDDZ7Q=yI$8Jc9v|K(97iB4*kjA)<6E2Tcpo&l%gtptGW6GY{~p53di)-P~YcL
z<tQLJ_#22z?Q`dM__^T4k`H)a8tSs_d!Jp73%!P|x~;pd&L+Dl?Mz<Xj@cDwE24P3
zzLjnne-`fA5|<ar=<r(*w#R9?dBD_(iS|cq4}X3iuhBosVQB=64+4A^oLYfCiV#qu
z`h^}O;!r6uN(){okxdG0n=zB~a4pET;#&%wo3XuuD-~d00T&CFE?~L>vS(E9pt{0q
zip-rMenPetz^+Af%duVyyieE{;_?f~EFog^(h8uw^WeY?A(RZj%L2G$fe0-N)K6GF
zfOs;Y9R{#&2GGy@AhQh^Is!0u`+$56Kt6_~G~oPq;i?T-KmtI52tb7hFop<#3kaZ&
z1puVKFyiqLobgZ|iU1*sFr{_Ku0o*R(4jltoPcBn@P7_qvxA%*@aX$cI-&aeTr9%i
zpWt@F^xL6yXJLFEAYTjs^!x4}u=WNpj}1_({SeTNY^%Q>IRO6<^Zkx>m~7+z-{3|b
zZ2u_Q2GTzxZ0mSk2JGE1-p2IZNZ<yL&tq{OjNeG$M*=uu#0@CohZH#Rs2q^gj#P3(
z3mjlm4hT@f2NXz&{sR6$|2g9NyCZ^mjRpXqKmq_j^xrHU=9Vt{PNvTGu1?0L|3Ao4
z1KI~!wR6s-Z04K=I9YBJDAY{~2t~?p6UE{^z)}d(UP>zPL2A)u6J(L(SWr-8P&x`q
z1<^sHG{DPsZLFxS&s$wR{a<HYO_WYO^=?nmnd{2bNoQw;yQ}|;Qy()krKRAXzP)o!
z=h?U3+aKOp_ugbq>FrdmT-UndN=HTGqE@kTV*QnKm&->Zr7rrv=TKxkjFfniqn}8q
zFyP2!u6(?w8!Dn<rFgz3z^GBL>@dpez6%xP7&kEqxC0u0IvJtqy(RY3abrA$2A;2G
zC2F?P$Du%vBHIg@kEKaU9O|U<Wk7@-n^9gqijvBSlWgE6^I|6?grY8q9jO{gsZ9TY
z4E?FHp+tKK?Rq*n`3qOcyK!>gDsBWRPjZ!L)F>f?53g{YDAHfy6iaS2;D8SL(>0N?
zoLOqa7Dif0d?P8w?E@J(@p+d3sju$lJ&pbh{`4J3BPtX(NriGw<OnT}BnDf?zaI_w
zM?+~6PV%5mq#pr%y8vf{p_OnA|2*#9D2W^sIuW)N7RG0obflA^I9}3(26Gn3`4zZ=
z8RDte4swJj5d;ro5YZI$J%s!w-U=hBasRHJpTIRZvP4dwDJ8<3(xw^Zq*8z+ub`+`
z1i)3qYp^h)o|v5XPJy>qV?BU0klcb2M;?gH0d3thxnrxXRQF*Yx1f9veGnnjP9K6>
z=AvJJXehBoMjj<519*=r1*ay79|cmHbArJJGOQGC`6ikg3sWFy@kloN@PI}%Q70lz
zVg6PcgxF9xJ>^c~KsKy>lX+84z8nM$BW~tgQiR|Sl2ST~@J=r*k{+9w(LkL6MuAb?
zJ%B)v1C0Ag3A;yA5urYVjlxievxkfniC~XQLCl@F5aC2Vh62>{EAfOw5L_S-p6U1>
z^58<a&`d0eunZ8HuO!02BhEaGy26K&zD7F5D~?pa+IO5FDmw_t>;Vl&s^e&K8DO$U
zk)m~odz%7~lV&d8!uAw!x6tI^;9X>SvBnNb4f5g%5j*!1Vn}gdd{$Ad(KhBq!gCi;
zm>g5J^6!7b+yJ&H1Cup;_B8T$Vz|_uE@+JL$)3Rl#-MI+a~<1sO2^|oxZ)5^1#{M?
zkPG8YM3NIkrN+-uD3t8jcOc-xiN$y5^?s)JNYX4*dcM1qd3T%I9bR><3MfgRctjWb
zE@=;HQ_VH~+#IW6q`a3+rjJO8QuLUhyCMTcsw6W`C?Txryz-qIX=|*R|8mX_B{@y^
zL0`wBGzu_>vrqVdw_+A@8P2-D!X@+AqUivO6XmgADRxhh>f<RFMJCJ_p=U~%%!&&-
zMnus&r)AN4N+(WQ9mtsVq*!^Ro+9fi#60+9Gl){};}HgxqBs_Qw3FPqCDKsN69pE{
z6X`KS_(DUR7m9U{aRNcGHFS0I`Vq@TYYrimzM<~PK@MYL);mZX^~A`0@pPw=(^<$1
zx?9i@*vDaCo%`WorjYa}#$j4Wc>>qJ?KuxL73~Mg+#P;XpcpxI%LihdK}O)|)-r7f
zh!Q4dkGZW2@8QbpMh;BAfRgu=)&`H!qgdvS7fNBo3wVk#SQYolU^dNAzgCJac?c%Q
zZUTR5#@VXVFsn7fl+%>HrpF7(1VIgu7hETT%$Mm2z(lhtdTJ{-%@B3<9f@oK|AvAc
zxNsVmRf$qR`_@+^FF-_@M->(~&n8Gs6WIY|MNPq{5W`-1rmeLH=?o7ZQ-EGpWE<j^
z8qfmOa6AWqV00!xMns_$6=fr$Qi>F#5TUu0WL5nOz&mj)vr-LQC=g(!C^$gZz>HPA
zk5{~J4%nkvG&RYCDE1+a2gc4`hh&W9Fi@-+r^h47AABI>xF;gO@C}ZX2FuiVBdYW(
zo1b1P4(uA59whsIra3^GNM!`w7E9I~_K=4CREM3007C6AXQBYv2Ei)y7_addkKqlO
z&Waul3hU5}D4jOJgQtoC=@UjNRy4rdMh~=g<j3ki^oxn1K`2Tl6p4=IiElkg$#5$4
zF)&wcY2DS)t}e1Yhuw_BE~$NBO`x9lh%%-5f~i;1ylVk1Bd=H@UH2@y=)RmpwU|t;
zoXlLDOa;JI3j+VsP7f;6j!#`2S+I=4A&cf?p<98_j5$C#=AI-d;ORChwaRoPu`77d
z?qr4|u5QG^I?W+nJn}bWcjL_FUY+^qQvfn+gQ5|XAO+iFxKWQZSRp~c18I@9d^i?$
zJ;9|_0&vrk16T&&?MPtPCxAsyESZs{;W5O?j7L(QS*WgGvUspS*lb)<mX0N=W%|ID
z&MRzc(PYUQ6J8cD@y)Fa=1z_T6!lgl?$40z0f8rUn821U8mRC_aKkAF%Q$K)T4!8v
zw8)4(pq#Ql&ZkI1u%lcOq7J7^k3@k}F#&*(L%f8RsY<0OFHEJBw2N7^1*xnVGL5<-
zka06JYJgMK@2Ae3TydOU7Fw8*DZ8FV0g^@AA(3mXD8g~;fMgMU%c|1#DF}0VJm7@j
z#s(uos9?g@K(3GyTVYrNU?!-5s$(mwQaH}E3d|HMuxcN&Igv?)rDFt4q9Gxm4!aQ&
z#VOHE%!Ay`1_K<9;$l5fN^nwzZ3^Ib$YtvXI?GKc(Y}i5DNU=iJ;0^q>MIV7g_f!9
zo1I%m^EzLcc99rkCcs@ou;^5jIA{j8B!U~wurp8;<Wv^#B<wY10S?kmQH1SPXcU<Y
zi#2zRda_`u&ddaEGKVoUP{&-hhOtrwb7g1RUxKj$W3EugWU+w3QUPPOH&MtkGpGj>
zjTL%C=;EYYacQ=*?9?jWA6Z;dp*35uRD~2JP@$U=LtT^!FbS0phnlDqXeuMj1XMD{
zQo_|h%0KmDfVjaHpx>SYF>B8!E#5#tgyS$jhk|6Sj5J|OA$0R8x|S&}P0O@J#6i2-
z-eB9T)T87ej`^z+<BUKdULXd@wyK%2;oxP)4A&Xyh&1ka<d)v~MHch7in`e`=g4@4
zq}VgSL5?}_FN6%TrZ|&qC}jjD`tYnzXQC#EV@rlW9ptpmZ0KkT^CQQmXhDZq<3<S%
zFGF#yme}KfOc(Rw8Bn`I<3P3GnGl0b;bN|OHxxGk5ZVDX`v_a20;(o$8W~j9#^69H
zxJPuLO=Hp)x^-!e+8_;}9&z2N7t*Ph#-*t%lpqv!82y{4Fd!Q|U^@$Nfi~zF9!$fD
z8h~_wO(u}ThCx7W8$de^@ct*{G|);BG-@;*29(DeLO(SVK)niJJq}F!^{u8$Dv-yD
zL4UP9poc2heyA{D9VU>2Em*%RRljR6px1YvXb+UYtwBJqHo%h^fDQ|a!3RRXH%tI7
zRX<$Jcs0@De8zN74S>f!Z6FC~e93-cO3nP6v4MxFyA-DI#%d{AN<T(ARVhi{KzFAd
zjj93CJtaqKbT}0PMv(x6aNxfxpiBGOelXFqFc?swHU$IWFrXcFiuu~Ri{4D2ohl${
z6O=F;CVlaOzlJq(C8xrhngAt;?d#&3nWYYIolB&#*~*hlq_DK1@=0zJ5Pj!qlrANp
zQb4I*#3&-g0O?IDu-guV^F+lM<61yXX|PAGR+1cOZexOw+)H3Zn<|PNQ&2M4y_Z{e
zx_eOWUr<1;gMQG<xb5E!LaG@GQ*|c-?M$(bCjuL-O4MCyRHo=p-(vng>a5L9>FYv~
zjvmqhXC&)?D2ScdOZ!-V{_Wc{;P;kLq-)ZWITW_zhzMGW6`&GbE0wDO5!IMuTZDY5
zGHt@V(}e=ry1vtGFui)ZV>jUM%+(OTnXBfm9ZVVF>Y&k1V|igVrwLdKY&dQLBj_Dk
z)K<*BYK4c>9EBE&i)jn$P{Z_y;SLX7JJ{E@G5a;;nS8d_+(XK62l`YMe&YNlzK2{B
zWDc3)PX~+s5nM@?P?w(q_hT3EGl*!tNLaunFaxz9JqSWhe_1CyBCPmRp1)`TRO#2~
zo9Sq7S){JDjNaM=qX!@G2$ZP@Z%_~359C(1G~<F;@%WyrG5YTiV`R+;Y7KynMG<tZ
zln2$p;7K!urWv@8(_V!Lz^D;P5c3*@bhBUWGW=+b(sIQ>3w#I!F<D@f4%8Z^VU($H
zlwma^$Tc_{643&9)JnA>O*m<};YO`dPK_~ysbSJ0{vnN#8vIMnVcpivj5uP0gCLB`
zyz`)Q;8q&FDnQq}QFE@uzqo%xfcBozEgNjhBy>jEz`6dRAj$%s3iCQR0DGxF1adj{
z(q{b5eZaakT;RZujO$LRX<whwp<O#=kQ2zq!4V~OVW)i$LctLqc*wwd)YJuD!<lti
z9g>*dz?A@zLM_8exmXw={FXhU0s}-Ki0HslNiyj~CW$D;>H)wA@muki-pm09q=u)@
zcc)=b#0h6nwcm%?mkDq6!9Gy|FXC;m9*m!T*A4)NL&tW1->VKOQ643_uOiUD3wd=r
z<Y3}rp|Cpa`R+HKwFWC=im}dPu&;*~bk$(AJp(+-3sf*F;I;)Lz0Rj?;)2qDFyx6n
zbVyNb=Z7J1$5P-g5ZRQw|DBtu_y<{hLoNrrO{l<@d|qvxUw0~)nIO!B6@C{kgnQA`
zVN3vTyYOTHck|I1+|O?nhKE01u!w#HH+s~HJWL55W_G6ym|ViyCjaK|cq+c)RsUad
zsAm)b2~#6^!z;=d-|Q$~ZCK}Upo*N1p|obouVM7uU)>`{__8zZAWjhcZ(+9mCLD*=
ziXqhee#16k+Q64w1I>;5#2H8X5Io*y>@6316>#BKL3?S=hVWw2?~ncp^HmozT(;*~
zc>wa?O5s(zvKV=wDtW`Ev^illG^+r^OOgv_3R}aj^|GK(&LDiElNtVY@`Y)5^1x68
zKcLBnNGFUuYyUFwevspN))}29cusJ`i5+8nifgncOP;_>MKglrhhqRWG>?g9uH0Hu
z1nm$%*xY5Dkh~An5R-*R<f0ca3rOtzDCZ`I!o}U~gqOuo0qok}``alp+Z^!NB|rPw
zaJ7Q#F>f)8BgOeB7EKSo7&iM*Ho5GvmLuj@`T0=~zaq9#3^L0Wk6s>Qox<31A!L?3
z)p?uEPZtYjmK+bA;+eT1GON$~?+(l(&rJ`)7ST;V9=)8v4$dLF8<@}P7RJ$Lv1Zmh
z{p`XuF58&vqp1dG?=V|#re}B47+}oK`nilTW8WpSE9)J|8Gk`r-#)fce|KT)mA^gn
zX;z<V!rArL1D&iEokrZN)<;sdGM0Q43%W0!j$wE$Y_qFbdc_OnTZ0Bb4ocpHpSwGs
z`@*$5(os5BGK5=>|598NA9M9}YIIRH|C#$vRB}!^XXSF*QT;4Td0Xeb-Aujc?fyLT
z>$R^3;O(%Vr{7ptx3xX%cXu8U`jv6M9CkSWIn8VC`7*l>JngOFbT93=`G|-6NXxa7
z#Nk)s@_gMx^Z%fDFZ|}0{b8y*IQOjYioeRsY4*5T=;LWHe+iLyr<J#zd%u)^>QUFz
ze_Aqq`CLjb6Ykr*&_It0iL_9xqTp9a`mpDna}UYeeA|=n_V*c`LWidMd5CndSr_(3
z<8$86O|B>JZT}g$IFVoF@!8r){BgW7_qBiGRde9l_x?Mi{HO&Vt8qVst{Of0^L9sW
zEbUGU<7edk>@>7;<XQTtw`0Yn@;PwKY_BUR>oxT*vGe4<#dE9Stv|(I@v-%!8CUc1
z&DQI=pw@ZZ1-#*pv&3WOwsegy$A9z1)zObp%YpKIniQ@!vMZzZ^L^Pk^CfB>|6TTa
zyoUehOFz<C^aPr^4{~KyzK5aO={^f}bt3<odn@nfeYf1}$Himw^){1wpcQ{wWB)U=
z`yTw+XLw!jr(DwWCf{EBVL;sdXK<)@+3|jVsQCtM-BbMMbWz^lJmz6Vw6BLo)pW1?
zWA{TY@=e*?_NwCBiemnyUYeYYZwbGvyWv7qx%OI5_fzogdrDuWTZi)~nN_?O$z8t^
zA>F6@>n(j#O`o_5{uhh$^)|;3^JTTOgm{Zhol7V_uGn+)y2{@BRVU)%a69&Lwd3=C
za)+Fkn|?9-PsjR)2dVv8_(j#eg#2N>TXu=BjQ+Uy;-4Mec(uSOO}wpVVTEz~!CGQ(
znkhXC9Q5~F>7swWhHD@@PiEK8XK8e*_lx=!cXsPU`@PMD$KI8|N2BkI>}{Wi|7s(z
zJD*o9zk-(cQ)~E+=}VrhtP8g^{cYaQ8t7Eq=g?7_y4(!3j?H`7nn~y5;xut_Il6!T
z-apUp#$o)B<eLw@WM6VA^w8b9kNU{do7>Eer{=NX`s2R$@FkU7`@b|CuM^^Xdc3b9
zPglTw+fL}bma^n;WaqRQ3Yc#BocEX8Ki7Unqr`pL+HW`7wajw8^Oo(+c3-W^vGuX;
z%e7wbp5~94Mb_EqC1o}rU)1z%INWTe*O&CYzLw6fx{jT`TgKMCoce)uG8!}8?eAaF
zw;$iHyWxAklQMLij?0?!$)2yk1yOjK%5ImxZ_h{axt`gYcX~D|Q;xUg^1F`<++s)N
z*bmpvW4INz&TJ}qJZ|g%e*R~;B{~nSpkj&we%F<7^a-k522PA3!+{b0LQH~^*f07E
z#3Bu2=x@?7@Vr_CMH30JR09hIjJ66;B*SHh7$bofCV)gBfnl4#5v33Yx?<!>3KtaI
zTa@!<?t7c%ec^wZ<|W?!3P*dgW7V=*+T*~;`Denyw^^)W(W%z%{ppyf`H_cgn)ji)
zEp@`#SXMYzWmH-~HSJhK!SCQS?^(g#QLNb9dD*UOICXoErw`J?*V<q}33Z1$jn8@2
z=zx{;lH2a?Ua;}UyO+X$p@Vw%GiogVtCGDY)+{$_&CKmJ4^5LJRmO+PsmrOxnUn8R
zZZWphtL?Dsd+V$7C2plsi?}}AE$!ESu$gLotao&4M6>;j0*)r-j7~N}KBGQ3lnr;s
z-b~{=$R+39ZNRLWmeq;W!^TjvYGGE&DlL@P)NFcmKYaBb4<`t}T%A?^V<l~uUCXEm
zgEd>py~&}5pIDgbce&tkt{~go>7&nYemLJMeT`_dNS;0J{Qie1F`2^D-WkU|aAS7Z
z@h1;RtgKp|aUmvR!mJ2`mn<35{3+9gOeS5@B<_NV2f5-S&Ml6<S=8P8@<A`Ahwi7T
zZuQxn`A=u>hV}V5P*;3)aw{_OlM$z{YL?Ikfzs76i!<+a_sPo2;O5)7aVv9`h%Er4
zPml_!x*0@vqsFYnzHy0AN`HA{UQE0ar~O};<9n#mesNPspKUXxEtVK%D9Xhr3O$6B
zAeEGgFUtHi)XlGqsvl`v)q9~Vol1$rKkXY`>)hl{;YNoiSGHkX5?v!Tk98x&zl+bX
zBdX1Zy+M&p<cHCegrnvPJ05S<)8=W-Zqp@cm`^IbUaReQ<Ne#=3rm7Y&!m0QP44(|
zk~q{dwj2|ie8qTcO2u*dO?&vxIJ}&G`o0CTReXO6JzZY!nlC-8lA2FypOyVDyVf^a
z8WNE@g06K?2EP2$GOTO^(GA1W4FY!>LQrcAfw?&b0qNGE-PZ?^!4E*~Uj<@@?t=MA
zAVe615Te`>0wwMw0&pZH0)eC;B*LLKI0A8wg<_S*$G~49@Qa~V+C$_W0MQ-cP8B1a
zmJ87G3*lg2ab_$AO<M|aanFX++oP<{1nKLF;djo)2<#5AVGgWej6wDe*m}okw+G}i
z`h|J=N&H4BZj51G7~=35Vlh9X_87uFKLbT+3^6a)3F2VJ6WkV^pLjBpI5iVUHIsQc
z7pae>Zd&ql#-n}4<97=Hypn+^GlD2WgeYSMDYHz5m61vl1T0e|IiK(<DSz<)Q!KBj
zPq;Vu#S|L+VhSn$FR|R&)yTxs=|44d*Ix`U_Q~%yq<7<O&udom?>1!hM5&wh>byfO
z@>w{7{SlX4m4Hl^41*%)cRPt3&KCEU<Yr~Dc8ec@RI{A2cM(M<2G%7TEtE=-Z4o6&
z!Ixs?65G9ESd&$#tEjEPC0nfRmFG1yY=P$c4)5(FUw+@|za3YX7aK#2gT&|kI&k-s
zk3WnsALL<%H?@pU8p{zdWRHnDglQ63h{AKGP+~f#N#`cJs+)QXqN9I`TKMdyVjL=E
zd`x65*|TQElFkETdQ3>RA;TyP&U=$hNmVdm5d_2d`pKD&&Q-{=_7@ivaqDY{Ogjxt
zV8C6mrb=@yb>)wVLT!k$)<#yMA^5Ry7b;=(5Q(0Bz?fjyjm21S@rB;b3`FU$S)IH{
z_)5manL>H!N|4_Lm}<!<k-TacBBV*nn1Ue;<jsgGO{V!07{!X;npBw5=QzQX7JT&N
zw+<s8k{k*1Wln552>l2$7cK9%9mq1>=21DIy|~mFo**3h6;m1PND8&6xc=$zWR;Ex
z$fAxURb=ALna2P>o5aygf)!Qf%$~#s(G3U0Ar-srNQf>4&ng)v5{aG^XNnM(qMIu)
zR-6)7uLjBpnPb5Hosp0^XNO$}pfD#@Zt7U8thq2DK{Dzdrp>MrHYSn1P&iSLhd{*a
zz|35cnfV)6NuyaT3Gya$m{4Mgo2Yy(p|qJe*-A_+;1dDjW42CMiIm92!pVZJB(%+_
z3Y1$V`$A|Nw{GHa9~AB1IajZjI#?21FkhL#ehlwuCuufh_JcS4oDEW^$!zWHFS9-*
zSJc4~q!n3%P!Au)1kX((lpupbp~zTn!P^(^MQ|_WLlH@h3fLGqC;iE{7&VO<j<)NE
zcda2}#cgC_tGG)^?<Fz!0{Y^7mBM*x@NTJdCi<M&oI^rYvLcNjk^qSw;A3jonAN~+
zN7URr6J0Tu^OH06`Qw_|W`Vj*sz=yw>I}81!$iNe9aPjbWgWm-k|EuKt4MV(oqb@D
zuQ#Ie4b=9RsoqRAEq$6aVyH_74~$ABa1@r9)f0U^yE{7_j+ur&yBnr!1!;<UYlNx=
zSm8K;Y+;y+K&a;737XZYRDoJe50zT8H_0P$`au;Seu8>m58dqTBGxDtCn;-0OS8iK
z4J$E$0kTCYtOrU^hrwVAUFF$RQX)070WH&~R5+U`O2+eGo>7wdjY<yr@_-{D0qg@W
zoJ+WVu?7V!she;B{V+%`TW33qoDfJQNViqEN2Y#p(Yy*v0dR><Ur`6FOebn$jf+GN
zs3|C-41&0-kkYCz=P+Xw#r;%L{=VU{RgM;>Jm(qdB0X|O8c3%yma7_e7J7;9eFc51
z0q0W2k5*y1sL`iKdBq@w!Tc~aayrvTxbX?BVyZMU)`A=fn^$Ch7|bxbJ?&&|k$?)s
zGQkXk%fOI2mw|Q}H;G$CWG;5?7@II4`vjYCSr3CVMm;p8mSMTfQc*Ok!F9!-;H>Q}
zSdae~D0Y#Jr(~|-mpc(4jEw{F+DDx1DRD?xU0)K)aCxptXIIf3^n4Pl_db7yGc%Z5
zYD5YE$Z>fCa3^D#JQ+mF4M@~)c3!ILm3|^^y5U8~S-Z|A{jBi}8z45N2g;(!b_t+2
zW!CdgruaQJpo`{>IzTo}mU-V!TK<|{+sn#1p7aCoM)jdbKf!hYauPVX!OKoNwQuGk
zcy-z8+_F|xO%6-F@fZp^2X)NuobysoM4d_Ac_%=j2ig23-=_fE){#yw$v>MFiR+{h
z-_zzRk=2_;wzV%P<fvodQC>%rW7B^pV)^Gmd~erxnEiQ1`=zhZ_w(;Y?i`IyCt|hl
zMQeCls{Q9?7d%@$zpt77NCgiLN0?qckLBgH|6{|R`^|oDBtAX<#h)JcqrY$RdtNQS
zd{BKm{-4#-G-zxup`JB4oA<ZKuLJ#`3z?-O=1FN@>CsxDSN&{$owLkd-=4?mw%y@B
z7k#+=w+|BHXuEI6fx)-%KL^EYT%Gz}uTQ?Az~Oh%_2hr^T)4lz?v~8Weck<CNLODE
z?5q2nk5cz2EANP>Lr=MX0{PZcvWz>K?)9wwTy|+!d+-#%DS%b93qGm39z20>z{!-C
zoyOA)5W0WPgJh+r$Nc@WxL<@Wu+f3{d|Mlzd+H3W0*v1kTxcNm2}PSh9#7(PigZ1l
z7;*z&UO;>#P-rV3oauKdxOrf(181KAYV9AGsmC(xj*~K<Ae7zoqx(!R8JfA-GD3C+
zO)%=j$!GuMzQ*2F{e|K4W^Q+QiZB1c{2Z`|Kjrv7m@}h~nexxCcqQ=e{5)jdlJm+t
z^FCUAdEbL~@A2`TbH1<F?^!L)be)k|Bj?sZ-;(R_bNt$0M!mikzU^i9{ORcOOL{%u
z-bxpm^vB2dzBtZA*RJ~le`9Cw1EB2Mmj<`fH@*4Xta+T+m(mHfcA%{rb8SbgZilQN
z!ft@y3uf&G{cxnV8`^T@-i-}z2fiK1^`O5QHQbK=xGR2T?9Mm*-!$O|V=SFCXaE2R
zBme;X|5m0gOg(<<vxB|!{|vNU)vX<{S5S9X>T0}AZJQP+9g+H0^-d4QrP$Jtsr^W-
zxtkswf+m17<OCD1Q;S8?Qc_LGGYd;fASp?QOO?-*lH18(;*(Zo&tVj_fKrq;0hP)=
z3m8ZRme_z(Sb#CZ6gHjR>y1M#S)E%>^Str)I8XDaZRcFI)0ku8&!b%IE~f3_nPFb&
zh8Wmq*`B`J5w|LDV==whlAXz8rX6U~<4;}TLQ0?i^x!Q%mfj2bncEN~%aMee4Q(<N
zS(m^MD^2L|jgcpv3yPbyDYM7KFit5+nm;s(lqKNNEX1nt@E%X!vM?2|&pT%ZF&3P*
zU)>Pa<JxGUVOu6elw$^h4p|=LaMxf9d)cr+I=mlo@}hx@0?mSMRlWw?K!8Zu;!5vX
z5;~JHRSu-|CE$XHH^wlc$dkW}Jx<7QjlqsJ6YVr0AOrK^;;(wHPjJ%e=Lzy6(wAJd
zNXI6qwgtu%&SmX3NFOxw#GHvSHNp>)geRRReZLZLIGH$+DzNkN9?A?WbLP%rgW~GL
zo=KX-9C+}Vsn(H5hJ2C!k)fgTrAd@Qq*kgMC^^8DGJQX)JeN%%C^87#OO-71Y;qc~
zgCj^gJCDhm^*;2paM^{E-qIN-SLQVD<~Kf`g7xKKE*h&jQb6e#PW!MZjdJTQ7JJZ&
zj1CC}+2#Uaa|xPCl;dm`W6DKO#ze{hIFm0s8s%%Vm6MSQXATZc!ILgS#=J~Gt*s9J
zsrH;o14j;ZQGiV|IRYawM^8D9r>Qe2(P2^5Y7I)Hi8XKL%E_|f=|k2ZQADHRVpae0
zD*Hu>!gD%rs35&3%IXCVT8C1lO%qY26`SxGUnK`E$teT>Ypb|Z38v#Mg$F(i9r$rC
zNDqx#HV4iDJmg|ah(dRI@7`ArbI?Q<opx<;>kn`@2XhS*MD34?`N{;@gi)D|Dm%Md
znW(u+G>v_<h7(QZsFhsg*iF%;GOp@=EgF@?nzKZ*x1v*A{%oiY*pHab@a=w2P)6~A
zsm|iY;S)A%Mf>%Pli+>AGGfttdNN-oov3bgtOAj{JI0_;NF?)V8hrqP-n4LxK8-6q
zy;byys}=QDEE78~EGdrg>?5hVg^Pn2@DwnO=@f|-w2RK>I868+g}476rwv*}4>?Yv
zCQat9Kx6m}<Vy~>=^UrmZNJpq`IH1QN-YU0#ZcF)6i=|@r189a0j7jg%{;`vv&SBB
z=%K9#?Cp|rT#kB5J4)#!VL+$CH%)Yse+e`dP3GA0Pen2#@8D+1rLH(1i7-^7n;?+R
zBgQi%Tqd|9=!W!I648OuqG^z>BZP}ask4Nc65%T~6TD?f0w;Y8e1F{`gPG&;$G`+2
zbuiD=rf6?tp-eX%2*<jmA)%Z~<tP_mh7ciyMB7*hlPR@$jqpgTou0@ujuXZpSYz4-
zikOW-O>R;oBAoQle$bre_H&lMRGLM1hXxw<1)T_5W|}PSXcM-%5t)Rh!Z(GsC`Us)
z!&~=<9F4jT)LC6rQyTt9kyOH3mo@RoFzFnlg<nHW05fQgst1Nxv=FsosWcBV0#!#v
zO$WLoAD9g_>x)r#HIpK$28#e{)sPVF+JxjJRiTtsdPtR%ESi-HV3pDmDPv)P0;-d+
z5fw|!8p@rHY^RYs8k)o|px!a2>ii{G-IlHy=ENUG*+#`!Ta_&ul|-ZEObIX+X@Qa)
zgbR*0PYM-uaw^0TLQ6$d8Y}iGb4?ZdA}$4(phF;d;w%Zr$kUbzFi`abAH)ZJiz2V^
zdVCbL86-hNzz|)771u&(kwdD&L~GEdzo8-up<<P?NLW*?l7{z|g@K~cLqf%il_8zk
zp`&)RChqlus6bKz8b$5dtrq#T+D0d>5Zhj&u}`XzcToL1f+Z4Sd;o|60Z<?+D$<^e
z6w+%H=7O67sn~!d)0j|M7LX>GVQ@69bO;&B{FtgJ0XAqGqC7%P(CsG2;l$S|p=1sX
z(;~43>ri1Atzm*w3F$P|1UcK7#V2H1P-3<Q%Pi8M#a>fJnYtW(ktzVXXb4#ylE}2~
zj23W!3h=_PI~GAbPSxGACgM2+m6C~PfRa&n0{;XS7$YB7@exgp=!h=mBIIQBT`7*0
z7P<ov4#{ehF@Yd;m@6=Wl24(M0bO+GH&e6XnKNgIvgV4=w4v^XhI3m9i=ohJgU-Wp
zTN7k2+vmZUcSZ*QM1^kfMvATUoP4dMc%N28X1Z}W32XiyOL9OWb!hD<BGd;IsU?L+
zR7EN2a`wc@Ihv5_x3J4D1A(oOhrl_2Sks?{3AUN(ScG?mTw|sUu<G15h&^OX7O_dR
zeq|}bX%}xB{`y0%R{-L9*7|M1-kyZ`HrpG(9yE>j6!BC^D*?{VFe6PwX4R<)5{HD!
zS?BIbPTQNeL~LKUzjD<4Mtyb1chH^0NnZXbBqwxL?eal66c^7r7D8j~%Bf&REGoCG
zu>z-6Xc%<OI0x85yBOMPoHYieK_RMKrtVWktha#)Ld@4(_Pz4O1hjyd&|FxebxzPC
zuquMLZ-EW0hKByj5m)BstjokP6m6PiQgLJD>^gQwatiZP6<owE(Pv1FQr&~&kaJxk
zE|S9zi3rpu?15RqPc($!@_1dL0&D5jTo*8~X`r`!72KA~rKZ`mFaz9#oe$l0G(>hW
zOx_7qBCk>>G5S-vP9t5zVP?I%F7}O4gFic%%nN)4M1VIAISkk+K>8FJz>oke0gxqn
zBI3_>(gWkUk+F~|{MI4xSRp^CuHeb40DEE`cyZ>BYNRdYizEY0i4R~^@-7{irq}`1
zk~5hdAfzJqSyS*SRggxMOR6HrP*e2aRuEUDQB8?ASWo#-shIbAUgC-9>7FR(t{5jb
zi41dDG3!+TEBX+t(i{0LpI!GG9QT?Tr>a%rOngA>Es38gxLHkiK`-MOHfmYwMzxb&
zcjA(dj=CZS=%k37$47fXSt41Z7j+6obzADVo>UrceYUBnLLWA{ru4>wCf&!LNzPZ_
z|4`O*6xz7P)?4tdAJyYwnC<_pFGjbk<7EEI)?xXx>YvkX|8afx8deGYi0|RKv)ZP=
z`<l-?M|Nv5QRtrc_BzRosjqAObv!Uts!sODr$N`}wOCYqP48W%x8-)%9DSAduKLmS
zL$7Dq`=Jy1I$ws)<2_p*&*uR<{(Z~O@jd#*-QV*zDhfW&>(F9I7B#*3HplAK#cA%c
z%blLb{UtL#<?7Nl-sg4rehzvz{_?qdbMxa%n7S`{_h<6lzbEl7zv9c_(--ll_1%4F
zte4~GMEX*1i{rC=2!Hob`V`lDvl`!~^5=RhUzh3T^D{B~Bc9jo;(4g=hh*n%b$N*O
z;skhbDVkc`&-1G8#Yo@2?+sqY-Yj5wUvf0B^03pcxRvbG9J=;&vwpd~z0P)eS`(g$
zxp}#NI>$ToIeNNS#*-;Ob$Jz@CI2G1gRY#%vpj*~w$KYCyNfxWec$tI0Oh`6iE-S4
zxPwKr!7`E4eXU+xAGbEAy1VN$lwObH<B+aMAqz)psM^J*zL1<ol&Je}D97y0CMfpK
z<q~AjzkO9&^lq!u{aOq5BO6UDt<9Eb%`N_v-|l>X@3q(X_BE>5--W;4iwORk`5~Ko
zx97HbJU*-~#UDGLhxOl8g^TCyRiF7SweL;fUE>3HTi?_Di`!>y{Y$0%8ZS%3Y0qO%
zl_sKrSAC0DzP4lh%Q^JN*sjuE_rGg?{3{Qe`*?7C{;$8(ia+UXvD>~^;PN!QKlXGe
zFrPUr#F=3)bY?M`Z!io`cmt~KSZn)QHTz)QAnb=Hzb$(IbvtnVDB^Z7`=Oo>bld?7
z-Y90ykf%<6u?KxGDt>?4k^O=2E1eHY{K4&^_Z|GbqYn^&g#4lSZ|m;p1N8&)gCc*B
zf534w#)UU5>;Ygus(rua0Im0?|DVbms}Bm~INWb9j}8Dp_+MLk^Z!)bd^Mn5R905<
zGQE>I$tPghoyj3R6QPHQ4Iw%h2#*EtW@X5P2?QiS6ibpPre&E7^`?P?_`gGysQw>Y
z=M<z_v~24_m+dawwq0FDciFaW+ty#UZQHhO+q`w|iTiMO?1=TS9@f*06)`h&jQqx<
zjyU?Ok~Nasz>>NEVl5<%1+02Q9$Yw@X9HwjqhcXd^5WNuPc}C@gIZ|)($wmEhS&3J
zm)A3&2@@QQMv)l{=dvaIxu=DtU6N>iyGH&ji{YOFXP1G+#nW){*}pt{ai%&m7z)K9
z$C~9u3W8>hbPfJbAw1MfDCJkSD~B-7ffUvB@oBcwgyVEtD&%N!TulD)2T^T%dez)y
zjHAKSO5rb?y|Prl!~Ze5n3#JE;66AOx)wgUlFN!bhj39Ma-oMwm3mXIV4h3fzUS4J
z@L}1IL*E4}Lwpi8v;PSf5klgzY&%)J692osdoSg!<B^6MIYb-}!%##HGHk%-!y+8+
zzM(gIcxo?}7y1Ie2@KWPp8u1s2GhE;yAb`CWGDKR`{PPg8v2Y7Qf<+#qs<fpx<y66
zI8TtLq9xK?(FT%0vMTBJuXOm?gmJ#m#Gy69AN{JoGlf7!>%z5Fk-v&eY4%`{tGWav
zSFWGH=6Q1kR^VFpk-F(n3weO)l~fdpuM_oel(|%yg!X)uS-?vZ9FZtVv7X-b0fwY;
zvU{emEz1p3bn!?dCBv8Gz{~{pibV9du$?+*aUk-ESMaa?6v)tnkbeS-rTp13H9#%%
zZf$@2Dj;(H$rT9NuYC|0!G?$~01}PkO|Yb(@fe{tW0_F@t0uEok5YgZIA6z9&K$Yl
z=ouW0mWh>Mx?`wKZ>s8NwZmx=k$}uO1{Cd2a{_zWp**3h7MEufx5OYrBr`hc&eZEi
zWzSOk5}4E{RneqoJ&*Zxv(|JrxItrWS4A=K8nspvHJ>^WArqqN*KAi2bm2H+CUHo5
z*|u8<n@lrnpK1({WUI)*bd-k!0jp|AV6Mq%QqeAE?ijRiDNS`36F8Oezk@F4rMRBM
zq`O)3%bd3BBm8GV#J$e3W$itDWyt)CF#?@3-xQM`pF~55XLi&+FD@R!G^>=ESq;&d
z2e3k7dO(<39vd<z|4UM0`Y)?N&9d(eTYJ%>u?a7TfoY|c5p1iz`cfeaXutWi2}?-*
z2~ECu6b3C?Ua>Y`_DUEEXFf+(e6_&LnYl5G5@=ujxhi(yt|h7zw`t~JuNn<}{vb$K
zw0nev<6TDT&_5>qM}N~UNp7(FMfZHwUcmyHNi0kwO2oKb@F8k_b$BDwqXx*6;6Kw0
zIs>G-sUm48GAy}~k=y;4M&v}s+o7R#iLoH2!LYTMOr|QUqZDG3d$MHfBM9MKQ^tle
zOk-N<L@b~N3AKT{ElGJ$Y}l2@>u107(R*16|A@|xEHZMcC&EErRQ}<tfUKS?DFSYZ
zpnB%%%N#8Xaf|R};`d|vCL7ZPD}-D#eI3IIO(D+*$t0xJS;+f<74$U+<^lRy1vFPP
znPsAqhZ!;TpHUm4QKicRGqz+^_+?WPx;J``luA^UY!Gfgh+afc=}Wng2U1HKmmqX#
z6SpR11{P*a<X~XP5)6dcP{M&GWR66iub)a8h`Hh$Vy*Y08D}yC6)6!hB&eY}0c*qg
z%T_`smIl<&gc%}<rU*@tF30MR@&XHF#vI{P)2|y;NCZI{cA}nr=aTm&b7Of6IEA^f
zb#+!e4Qgz(RAjlz5Xw<2Y{Q{qBSw@Qb8_?97g#;qQ*hVDf8xEWyx45ag^CgK<oi3c
z5hT1d`g8T?kaWZ(Qlk54<KoefEP~TdR6fhKRuutr036YTQO2!-xQg&8h8F3C`}Pr?
zCjuxzg>+YC(S(N!pmo?)X3lxZjKuze{X|z3B>n;O*}%9FNmRoGCBs6A5waKoV_6}#
zKZ0zB&Lc~HQUL!7OOm?MW<lj-0X935I(smH+8;6!!gMx})dvzobTGirckaD~LW0VS
z$g7d-1m)rc=|3(v9$`~FH34U?f5J)ps=}n0LfCqX=BSsxUPXQ8&^7+`FiMma$UJ3e
zcm>3N;BhSCO&6&e%za8wjVT+9qY9K<u+{648zgfXBuwOjnF#VR<7I~^ff6E(n9|@b
zSpmy=rDs-tSARXcP+*FKAzj3v$04z3sZ!$5JSP#AM-F;1ey=`UxXrdk5M%iS**f4A
z1V;_Tnc?$IWP<80mRpDA4*;V}3C+Ui!<U3l5#E>q<&7<ZXB1IoNW&ky&EE*i^71z%
z0Az1zZ6W^Zt8)f+fry>pbo#DP8Dkk0awGr%L%Rg3WaXp!5aa&)x~r8>$_T2JD+tNM
zXJOVr)McvJ71(cYy=VQ#wfOo(=rt@LLbPdYp2{+E8A?1EO7li6DFr{~IJa1In1UJ*
zYZLpyJTg*RiU?wJdF{~Liat2tR48YC5bGPZk|$67aZ})fN$>kL*_Bhu5rO_&xMrR-
z!u+6`TWMGPq{y^C>SDeL)H#^(sSgi%zley%7Dz+}S^ySrqE$&L-QuGU6B<mL{y>C^
z1Jam{@u-TUC$a+aV3fYhX~(0TUZB!!7j>>AsiePPTLpUpiQ1&BV93XELz8?{OaY{$
zx+xp*G}Zsmfh{j-byLbtCxhORqQJjg`hTemE>Jju<jWJHNk?U(4S;9a+sj7S^Dg;P
z>#0!ZdyH^MiH`dk(biP72N~h@w7Zau9}=s5oq&&fhO3U!q>$HZehJg0P}7)f_stb{
z#ji4%6YE~b#$oqN`R@_v$h4adQRO=q7N}F;SE9x)LTn%Y?VT*23)o4WCrXd(xUs}7
zd7>IBIw*~-jeFlnrrx6~!V|+RMqljDThnHPiS{dON~u(;U3jYdWA~e;u#-Sq$0{3{
zY>dMeZa(J^yy`{s6Tb(DX7(VfZe~rE>pPLE&AxpNojSdD=9K>{E8Vmr7X+HUKG&(N
z#5A!18Z!hzyl^!r7BzNq1V`Te%_qfdlVhF*)NwFUdQ!{=O+sfpq&Jek6PZ4HS#5i~
zzKfTS<#DK|h}c2Cg$SQ{@IA0{wm%V+0vUIrfE`HFBkA7>rGJj(xhG%Vs15|Q1t3^{
zAehHOh)h!nv(T>P$`tWM4XBCdA_f%9%-NFTe&N2yM<%8$h^?uL6bKrxNs<}@w`O2@
z@_Pn)OunuxSVT0w)zOC5uoGawVtB9CVrj;?6@D@}J99Kx6l(Rpe_quaC>UYD7KO$%
z)pq^?FJeV(NPOLz!v^XtAa^1Lg5)m#L+}@9D2rC|N__Ldo{b_{E#n7FD;<jk9Qd6G
z4Eds#-}8*9D&a%u%Rk-{peXv>T?~+9OGr#7m+^^Y#|IWmXJQBxmAX<17?ZpzmhmkT
zu$Cd*W>-!nbY6+CsVE+g);E#-B)7f3k#rK8(dV7x@RBrRRi}xCv~A^`9n8ZrsYNlO
zk?0I6Rh%_&F_p<-iI<hlpOuIw(1UxNF7-cH@WxnKYjye8W2MlqTdy}8{^Rv3tsBQE
zfi*<yE^eN?$I+?%Uhd!P!X2LGb=k0YyWABMHPQP0IIYlqciHU_RC$*j(~bD~FnKn`
zOS&2T$E1mO`>{GdX))cNjE6I|ywm2M{dz*9%kXCZiu2eVANzCZY-(Ck`S_5w<${))
zmqzPrJud&f*o);jfqyrozq-qVE9djZ?0cnfiTe23>-&m4Ch0VC`CQHhQ^|WfWV!q0
zeqlNWArtP}&Fj2>YY5CsEbVQ%o8{>0a`?%!!``F6Y4cvVIxu|;TPS^--(mJQ*T>sx
zpOh4Rn$$IKdI(nbSL5vgO31s6-vp-=J<dqhLu^5ecTGQb=GLZT!P`OlQ&H9)3P!hE
z%>(y3vs{$=>*8%dK$S<4*7<h*S8qP2O@}3%=S=r`*1s-d;c9nT$%xre=2z_N78>{`
z*C`*X9|%S@&(WSRex|EK^mSwRi%(<g&In@T!^N=Mus^-Cd)_-lbVt42;|g;Z;f2hr
zvt7Yysmi?0<>tD|=OK5!@rCt=)T9FaLuQkVtjDIk8TT95n2vITv+;EZT=%E$^v1DV
zXOatnH>)hY;j`E6#MZQmcM;%WH>gktF2hy#JgASl5_H{#9XgwjHTUD*21ZAx@gn`-
zw-=+A#!maT&&MbV=<F&4f>~At>$O|;tqHgBlvNA0*Y?u9$CY|Mb>^lIZ6njoJKCTa
z-G!>Et=l*k|KmN%cEi`PJ7e=9ph}9Lvw63#818+H9_QPkcjH)6#eEAmgMYWD3pAm+
zal81ks%j#Q$$C9S`(5st&&7FbcG`vSE~K09Zq|Lb?far+`_q8P`+S^PLDuTyY|f<m
z^F6ElSQKL5F?slVzRPRp;G>)0hK7bt`)}ZPmYeN+&(5cf;d5e0x0BX;{}{gzBU=zp
z!4<n-L4fL_x(!IFf`{+J42=@GmvZ?Mqgu7(**u^O;Z!SvOYUv0Vk+Sam#=xGHNN!C
zu%uJyLD7N+-Op|kod5P>&W&}U%ry4*8bSH%`Er0%x?I?`bA>mzgIO|TXFA7@bLn{J
z7)H1lDtq<O5<V|lx1){;18STmFH))SElC1qm<~8f_d#pp=4PO+K@DiIKOB3<LwSMt
z0tR%|Ou<BkIe@EELt%UCG+^-s+@6YO=6)q|vUnam2v+PHBRU2D<z&_(debj?BYU6x
z3E$I>_1S8=M6N%ksJkKGT<R(yLe6`2`ANcIezx4f`&7+sS3ZFNBb8O=yK2<kY-p*%
zAbWH9z03CM3t?;h?{j*5=ayH<ROc>>_w&9Ig4L?C>sjG>V&TLGjhkRs&aZy7$;oNF
zSb~4HY*W2%9QYVJL=*c^u0(XbXs+N@1BI?kZ2P4xurRJzS<&UTv{^w`E77<uz}&Y)
zp5)q*D!Tmedx-G+K-yuvD-qnb<X3&jPrF7h+8@LheO9iV&ijQN;Rdc~+EE_1IMu!1
zLCbsZw=uU|9e6f9{Js2x{Qc=S-#@fb>Z|_m2>hX#J*yXt7e<=>;oBe3=<~kL9{DX@
z2gY^3+&<_FW(Pk0Q1{^Q4a|$t2eda7!rt~S#;wFpbBvVz^&bFktEvdV@eh34^QRU5
zuK;dS8yk!Nr)t63Vh^Hq;g7Z@c}+<azp%^F@eRuEb;A@3d}UaA#{a<rH7}TPT-!@1
ztf$q83-pc@h8Wp#hD;Qq0CTre7xDwJ{W=4egb9id>`sQy?2(qF1V9!18WRvcVd;Sd
zy<DHig8dnzIN5A_ymvl#d3m^Cbr`Nw1((tzh_LB2w03yG_1p3r{x(*yn#Gbp4;j9H
z9gSD5I0#NywRBR}X(WLO+Lg9uxgH~RQNL<nmB$oTl49c@>d%2Jw6C*VETS6BOQKFt
zs`AX$G$)G<()aF@^kYhK-obfklWPnTDz#?O*#OWWXbkFisj|mQC$K628k8zV4?^kz
zacN}%*?pX3X-CJ!Tjp#eZ2ZPaNUAWa(xsY04A@zc#?;9lMzOo@`lN;2c%<qIglc&7
zxyY$ya~pZc*;A+%75Z!d?ESVj(+R~cQ@hiSbxQwnxwi5B!4I@h5eNU9pu9t>pG{H9
z2xF-tMQM|G1I|=q`9vLR_Cpyo+MJ|N>*DaVS?MNAG+u#_B<Uy*zm5w!2;U-2N|QQL
zxgwSfnxY}CL;XSf7_xfOaps>r>v82OKF)ah<dFMTs%0Jmhth^-`8r*Q`BzB*b=30J
zL@~A6`05i_V5*x#>+!t%oAPs{vORCPdsoH0JD11T^;Ccy8(N3-xdxawOb@TplmK6;
zC2}3ZomqsQIbO(CV(OU_IqZp+s3EDw-p3_b`2v9K2!-RS&m9O`up+nyX9(Pe8ZRtP
znlgUp0kZl$F1Biqf_UGmqtcB93c~1O&x;P*0~PF^4(H%9Rcy{yV3-i?9vnVEcmtyc
zilJp<TUQ$#p9aDzp#=$l^Oms(6avLVKi;ZMe^1D_5yn4|RJq<oIGzzbf{`>hieX7u
z6;7WM=$1$j{w^-V^C{l5ucLFDc+ggSSdiRXU}(36US#Jf;bn(G3ddj8P@lEuC^(dn
z%^3gaBSgPK&1A@vPAC+q=Z%Lg+KnVZ5mU(!){pR{oWzt>bp<Lp6m$cR(m2}*pidud
z?vUkwa8t;&zyTIQXh|}JZrMBhs*|{~>7wlF3GHwPL|+Qpk%w@TR{O+euxS-cbQ%2v
zd-Uvym5<{v5s?o@nuX)dJ7bF07kJjGKwasK$Bg*B!J_~x&BS=w90YXy{3h+3Y|WPV
zE6D9r*1zU{Q9V~uFIQ|G*F7yn=%Z)?kIVy{t|wz=XZA^7n>45lSiNNC<lj?5Sq@tX
zwE6yi0o%P}B(E`y3}WM~p$=Rovu#GoYCU3?B;Bs!&@E@UQjg6OMLpraJ-da1j$Pk*
z6d@Qr1mt)_^fr(uAo);qU5Ror&PY%Knmh4facig%T3{@l9`rSyvGVLw{|@?-ld1T4
z<PQ4XiC<7_u*l&pIivjry)N8vq%>rVD2wpqT~a;E&B}?dP7H~_KM@>~C`N9bG-FXK
z?TQa>>woyEUkXyeksug<E(16*;eU(hs3{LxlBB>YK$>Yr;I-0P$N}M4k79>{K{4(r
z@n}-K@j$xX6=SMoEITLKs;jb8MT#S_iz=?lzUoQ@T)z#1g3?w*kj?!Alf&S);A`X1
zuxgqWs{H6o!2Z$~>nmu{1ivzH%El(`W_WW3Izb|n@Di}y$M=Z{9mHOyJX544yfVeN
zj&eAH?Enx-5+}zzSin70d^-bXj;xM9VM$g#UY&cJW}s-s0z-j#AV3UYokwqgkdgzq
zb}R$O1)cvQjCbXrIDqy3N=4)cw*peCMn%;lG!8=7IPvd$XHhoQqHZd|R;(>Vve+Z~
zquB=?aaO~YBbf`V1f`D`?f_Q;+v5aU50_SQbME#JSZE4my`!xq6>W_qitrsV9Gnog
z;ACk)8M1zb5>i-DN<;=&S`<PPgJ%SYEze;lau}$2I3IPSnuJAi=GU*$cCIloMOj?M
zhmz+HQ--{9rB{Db-w~v1tfYoi+6N&CnZF?*uW`Iu=FERrxq{KwYO|XG5u~{Qw1qNd
z{U8FuSw;#W7-||&`JOspM6Q~Ogd*TGr!H_R-5^<w6HtrpKIrk~@XZf!?F%xV%D)3i
z6*c}WKf6zrW1spM)D?kSRkCWiFe`or)Q$$#vRAxMYCWr_bwbxzwJ{;{9RNAf8m<7n
zeq%?DebwlMfJ~;7_duQs;Thv6wHV5VJpvwQB^)Nm?p+QXVRjx0;3|3&a}r-NO8Gzt
z(av;N)jY@uS68*c@xfniZdR*mzT6i6E8qdCnhdJHSs8c~$$JDCIJlnWvpGLAcyx5c
z4#6I@B$mb)Ku`?`BZJ*uw9kYeWE8D~XN8RR=D84jkQNg<FnoGLMx=Bp?mZRToJk|;
z%C3WFndPnu>qNItX%<6Dq#rDf^{R^BI05+%(RX4GQlmUfGOotKCEmD?F!BJ+%L8nE
zZLda#jfL#|Itx5DcGXc*Q)`iBx$ALCym7w!b+Z<m92}R4L(vCe0Mn|=j^BCOmdiS=
zSQB3<Sk}KFVXLjjai8adha{crk7dm3BslEAe2nJuV-r5tmro;vPy5fPV|Xoxy~5H<
z+!#5Xl84NXopthNZ?QLk<5{QLHpHt@mzAc<ndh?t?lSN2D}6>s`N`K!?eXOG;YRbu
zqT{)n%R<Cwn*J4^+WT}0-D>UWgpVx6CWOsg*6ZNexApgWSU}Qp%u~h3%az&rDZkG9
z+ln9Yq|XKy<K5^&W{PYh>egk~V;27K`}sG^g6ru{{_}NbN4v}TeRua>|CCRA!)*WX
zq=^e}t??ehs@H|Va>xA>H9ZaQ=k3g6BY!Kd)%zp%_sOfM*!Sgj-Ag%w4y&8>=6X!W
z%Z*3-mRY3@=hgbdk%N^1=k}t__gP_Eex}cA<FsqJ*|=AAWvZIb$IvK5SL<yr1fRS9
z@QB|&#vj=%ZrdAeV~T7d&+D9Hed5iKEqYu2>}x)%=DAMi`7i4Ni*vn~63zBjO}f6%
za%MGuwy8o)@3KT<6gG0kr0i}|*-WTy&$mhJvA%X6EoMO+bLJZvc%Ae4KNbsiBxBQ`
z8WMFVD7p+y2ci;q%-Qa4MLRJdo-49US1|66TlZwCHzTUx6-j{KAKL7lHjmFbH+YL@
zL@wE3JWiVyE}p+zEsmRp&S!a_r}^xHKE59O*<oB3@Lo^T(y?t;zAoCE(`*KU@i<*}
zJ4?sqGV$gvmgtO6@}0Vf%YAk{9xADyyYf0c7sI-zAMjPZb>4PzQ?g^g`C5(7iqd@^
z{$8KPxOEnv3)*uqalSMeLr<7s6yY#c6Q1%O2z!&{1DOj%l|ZrPD>pzk<_?-dnTt`W
z2e<uYpPQjV6~f4AGzC2q!=5E;z{I481fNw#6<+^~qZQs2Oeahxnah$UqSmngANAqf
zeap}B0|80@xSufpn@nP9WAcAJPgcqnmN+VCS*z{moh}!(CN4{>FL8z$wJ78k-22be
z)>lJ}vKk5%Y-Yf~?dO|nCh?CG&dwj<Sc@{|hyR3Vv`<4(F@tUbLQpXfX??`Yh^Pe1
z1;9#X@Q;xGMgXChmIexBaC4hg^og5Xu^)RMXI*D_n6Ti#jr3>YsJNZ%sNVHU9G?IU
z-})SJSo7CDmPTe$sm>2D;BNj<Ec9iTs8pTLK96IEOD9kxz=+fBV8>zQ&SfRpk3p88
zm@JMSI`qz3eU-|9_*?$<rXi#ymqNr~&JXt$GI5%w2BTz5uaM<*pv_sW*9mianLDfd
zew11k{hhHAoGz+k<}88)yz%Idt$=`e$<iYZQRknw^AVaD7Ri(!{9YAc(}`=o07Rlt
z{U$9&ox)&(hb)`96dKBaCqZ5$B{w)?a;7^pLimk7x(1l5-MEmh?W>UoGbkhCx519a
zo4^Lsy3q~qm88$fkPi%Jt_RZ*C{z)`lzJX`Ig6Axmu)Vth{qc<fhO&&+pwM4J%J1_
z$rwkC)C5Et!=g+YqSqKqr_Gpk&ef<Amd4x3V`NM~@v=6aoRIciW!3ACF)%;rGgzQu
zygrR#QnPE!C{%Q^RtTnN>D7x>X8h>#_dujoo~^neJwzP`l71($(JE!6(axg}1olZa
zeQ-~Cxkd#zA{iN~$(I4*LjNR=8V8uTWQI8p%=IL&X8s|Mnzz#-jJs#V_x)y!xns#K
z-$(Ysi<-DgfTeyQ4W55638k;Y5ic~4HOkYI$rZFYBvo+(x~0A{BybnoRVgnO`p2B)
zQ4+b~_!qf-?GF?j@xSnD(XRCe;jiP-^~~nibH&)15$+E-Dv=e}2<U%oRSJTlAK-r&
zn|~juQ$WiTlFb_@8ENUOr5j->n!#qylemypn4$WC{^LBUs<YhUl?-YT3&=TFRUpBW
zvc@vp3-usIL~HUVRv(m5EV&N{S)*0uCL9}ywr7eldS24g9o}%#U3TE9s@&s<fm?uE
zGPZ-kLf-ezA8gq+LvIJen>|G&zY1z;Y44r0c4E9pMqGB)EDl>&<8K<yHLTS(MZ|W~
z)ER{KYZ~M^JS5u>O(_9JrgTA}tfQrzQ>7sg?)r_p?28UZow!*jp<MTOeNugn2b$Nu
z_M-)y6PqB`ia)6rGwe^A77h%xS+x^lElMb31)ATgYN07jCys-iRV<1H${t%{K`qli
zQ9_vt1=o(KHHtEU+V$`18``WJT!N0%svELu;j(JKvKsFUi5L7qJGoo<&==pmN<1xa
z-z3r;iW!2Xb+VD+p-j4}06g{po}@7<4SP>yB~yKv7{ZRMNkP?dvccMCG<M&;z!sRO
zVzr;MZGy3{H7F9NvxcRnK6C*8O<iv5>D=y$UC{#Z)RJ@u3G&q9%I&&RbzLYkkzjiZ
ze?!tUFUk!l-W-H>UF(?_Oqi&j9+cTJ3n68taui@+%N@u>Fk5!pIMqix;?k>%$Xp_s
zU<paWmWGb0v4=@Mb+&`Cb@!cDAeFf3YjIUkRo|w4T9Ux=Cz|Sg_7lXohNsf!=jJo*
zP~|J{{E~`%*W7>}e-ONXL)in`GxIIQb``==WHW43!HIW?2oQG~0IlmAy|)yQ%4mbs
z4J)g8$qFHXB?8Ap+wy|M!$Q1HNT^%eq=PSCM9!G)EEYl)`}=FwddbapLkU&H2)Dm;
z&)Z1^XZQBYyH@V-Ry;|ll&T&<kUazN3&z%N9fi;gRFHd3HV735YHZ7b=7&hQxWWnb
zRB;&~wY^OIG<sMEpAkIs)bCp|F1Xr1GeQzYloCLc$HS-kB*d9tvAh-NZ}ba)OAO~7
z@*Q!TU%_ynzeit}um-vY=r=G*kL$J$+>nq(Z_`T)l4bhzHhfe6F}1Etm(C-nDT?tI
zdW{y}7TnU=zL##=w8^>St9Nia`|g%Z>zfzsH^#;e+4l_D*O!cUFsK2H_9eaVqA%S0
zeLkPD3UbBpbA9dnu(U#Z3}A^ZdmA|UhVlOLkrDg(C3SJNqm<pQdx@*YJ-gq%V^N3y
z>>TFh9qESC52|19?YMV}Msu`i{@je=yz#@mk=H^+E7j*Y+ov1~(&FQ;-o^VvaXsU1
zV#m*`vHBzH8q1UWsl6G$<))bX6o!3`Xe^+-veRQp`}L#?Lt`0y!Gd>tUtQ<@FeyD7
z;h_PZo}aa)Xe4O3OvRpmw3z;D?{PWXjkRY{j<w1GMfoYz2RyZi&*$R#+<>)_1b5h&
zHJh@=JQ~a%Cyg4g6+mg14b5#)?&Blqd4HxMbUOR2&FAg;;LVJX0QdZ&_Yy_f+r14%
zx3E3CIqQ_c&BAKcb8!KXXvx-Une(_U?vqkqTv_an?DTwMPua$PADigEy+0`5Zu<&w
zd)*95<431g+48jBk^ktM#s7SCIOUg??Rc5mwOAeY@$e9Gz((E}=nf`g_u$8V{n8*;
z@viK&JDb$W#C&x>XSd(>{EAW;Hu!e4zhX|w`jj2M^vS<^8fYdw{Pp3~r)&RAca{wi
z4I3-SBt0||VCc^y6djv?@bB*T>+e^N*I%zBqj5yF5@8eZD29GC@d*d0Zt*m6#iMHW
z(HZ0zBgLbC?87Qz>0{~R#}A|q#t*1kMY}|^_FKOHgW|<kIfkq9GZX6gx%7YXYJlvG
z^!4oNjr7f|>HqJmj*YG3|Bi*c)O;*)hMl%LdGCy6+2`<{Nz|9Blb%e&@}f1*qUUf)
z)urS=2*dKk|0Q0Kz`K#8JV+dDzFtvC$!eDCBacVZ&L^Upz(B~y7n#nX{?!2eyp_x7
zG4m^eN+hs8FQ8BawMIfUO#*?M1E+nPyuz_5^d)52Xx{d`-%5Wr-kOO2ES7DSnmclF
ze`}L-RvDU)N0pY0ccjy-E3PXH6RMS0KDv;!C1clunmW2;_UjAcYFDI6Osvx?rB;C^
zO<yT=OTkR56|5b91giUSXGuwIdRD=980s`g8F6!^r&q5OhGBY`+gTH(WYY#(?7gLN
z*!6a4UfZd4?d02xphw)NkVDTXk4>%|wypMkOnkguOiYLrGW?@KV;CXZQ!7FYuL4C?
zNNq{Y)M+@iEUjVa?L`#5ArGp>^w_Fe*#&E7G4WugoT8sPygS^9)S_8#bq&=J#3wtQ
zVv~Q=NBhOzq6(0yo>tZcJu9|<wLG;ah|4KYW4}?IJd!*d3q0Qs4%$fk=2fjbrk~Ys
zQXEyX5BlJuhl@zs@Z{7~qmiX)OY=VzDxK4%KXOP4JM9xfBGzhVm*)S_&fa&(P}iY3
zyi2-3{mZwnTi9T_JZXG9{^UMgYYuXbaS=q>-r&tDXU)ZqdR(8hDr6=Il&k4Rq><*W
zoMkovIw@4F1@|Sw7%^I*K`}wIH#mtI(|O&=Sc?_eWT@}W^(9eX$*V`!5OT9R=$Xfh
zB&3ag;rZwE>;n4Mb=rj9M)C!8yJ@>HEzDHtU@#;!vXZDaE$oh}h4XeK4|$0j8JeYP
zF<p{krc2p|Nw922J@L~5%UY*?SlUwJV+dX7hQ~`%MPqsG^RnB>@~-&-5GE6Lb_b+5
zt`bO3+BNoSp5hL}+(c6OZLt8abmwiI?*&{bp^VEqQzMn~7+Ro_rbn4(L=lZQSGbNF
z?%gK#F9}>CK}HN;(QuscM{AA?HCI=kBZa6e*i+pxu`G1>H|v2aVWGCr5m!bg*F;05
zpgfZl5$&WISIt4}7aUJX?|>F;ObM>S$Z1)2hg<yHRQ2CsJCaf(NN}V7R*nOy;hD04
zL)9-Q=MDMzB^8z}OvMVr88y-3dK|@78R`-(1=3?#arVr1!bSTl@WtoMc9BMsSFPhs
zfqtLTyH1t}%FS?N!_+b-CYgB;7D_WFS~rT(22tt?Z`9~7p)UMc89r88Hu6?;rDJVz
ze7h^b{IYT{!NJVw04y1_hWDJ;-y%WQm$64@OR6jtb>ILIw~xr3jA+3rP=6#QvmFIx
ze}|$}@P9!?HDxW71Zmih1k(s%d>4>mg<a*Upz$Df`NCKraJ#9L2{K6YfwC_qn75qc
z;l!ruEGLMxhO+hs#H<u#Iipw&vjG*UOez(*>E<VB2%SY|@MeyBQ6_(2rf4-7xAtR)
zLpe*w3uXz^cNfSw9#coL8Ure3LsgAYy9Q~AhvqS@Md}pb-7-ux?3g1*hZt9B3F}9E
z%2hb<0{l{io0N5;Oec)2;L<MaLM&lQ$CHuk^K1uOf<p&U;nQ3ekQ#O5;0M6{y(9*i
zF;vbbG;Gc4g`4`@tq}3WMs|{rn^^|6G8h^`&#jBOjV7UOLb$qknJgpbMw=qQrkgB^
zl@tc^mfxI=2s*q7;O}`fxrK|?2AjqVVZ^UwV@H*{j&dhLdlg+FSg!0@tpkQ|m7=)u
zmRdlu41$GW^~-J?upwvA6|kfaJh?slrii$6!uaE2II<Cmx|x6IVX=~ySMZwtY9TC0
z_jGN}oCi=f&O$8a743@)mrwE-E+cp~e~HBvq8_c27B6bEY)7<fU_;w2Dm;{wBZk-Z
zW4&|-3E7HQ@hUZ#<0+dkux+b*pONo^{dUQkA>%~ET_#0X>C*c?xe^-nKek{k7`bLA
zP}fsDO>JWc^&HD>9MALfHC_m+w-!O;M)`u3hUc>ew4t6bDcB3(+-#g(FqiZ-BZfAE
zwt}6O!X*}SQPPm%8DA4)6PD1Ij;gRi8W7H(4d;RvQsGx)zIab;rfWV&Y}Y0kjxvt^
zkVo~^1mHs1n1~tH;pf<k1HV|e07&~i)SxqQJD4~6-~+K&1py?_wZy>~xd%1youyc@
z_I~gq3|_usK^T!M8(tg}Qk18Vr_an4*w&67*1CSJ7D(^O%l0(Spmc*EgLg}LVuJi!
z2*D2!o{!+H2)nE?1zNG^zS54U_VzQ>b}N72M*|g6cg?MA#Z4|ZD;+ThUM(}n>f)v6
zQoT&}51_{bWg485<0OVuUf^?UJbJGKlBNPKLYveBwG2XXdCcpy@rJYq*aqQ)xK|RG
zI1}}?7?%g>V&?iOd2<|V`g5E{4;c819Yv}lY-s3sPGuGd<&Zyt>%4xk0cnIHPYKUO
z`QDizB;I)~!@PgEEf9*uK7jt7O)(DOuzTUUURK=PlY%+c;w2+U_zE?<1>F9@a5)Z1
zNMvcK0Vd73lfDNK6@r%0Jq~`3=!WAe@wh~D7GNLEF}Uzd%C;XdSuSu`*362I8<Nwo
z(IlX(V06-2Hn3;-t>OtQxx?~a0bIlp{PO^okq|}`QR|2x4)SEeXQ2z#*r2<@ptpSa
zXT5f=wsUvgaPJEmN{^*@{hF+^=Kzj=nG8Fb4F51BK!!Ydq4zv%ocl;9X#&#tH`|%$
zUlb%Bx`cU3XK6bWA4gR%Jy_;lOb$?o56-JtzQ7{}AqTceJ~AQZ=rKm?lMMq7u4H4m
zd{mi~S;nYnvrZFr^)rC7O+$@?R439xbe(Y&Smjo#6Y&&1bwM`0nv?t`JF9nIkD1J^
z<ZbKbMd?;yC?6%b?Nbl&h41*$`FZK4B@Vjda$i(VV;}<@-vInhM_FCAY^_~XIlL*~
z<?zzN7voJ5%X^E4iHZsCY#c6SaM(}shDq+;OBxyfl#D;<ElPBtxU*gYp8+dHG)qN%
zsx;qe?n)$zr&K#G*D6JVL`a6fG}43Nyrud^TaoQ~+MIMoU5o3W2TKLA3_@F>k$A>Q
zp5%h|W*zqcf*yv}Q=IJ1UW${Pv&&VvwVWRFV!jmFJSE#`XSUslM2kT$E_c5%<7vYA
z*+@}I-p*`Epa-WJ`k*iWv8}$JCu;f8Dr~wiWrl-PuAh9Wr5-17N53T2M>s>y9#AW3
zLPiTc3EcA|54<SFNq|2LrZXP&)H~XQF!0>YmYpVU%V?WQl%DtNt#$kXD!=!JthUXo
z5?I%CJ6b<$Q12CmW-bnsJZ|XUs5Vf8M!Oq*;A2jlvyjy38ZeHA9hZ_Hu2S)!Rip_p
zU(~MsXNgo0t0vbzHgxsS>r6;yUu6}PEL@H|Pl!Q_78&WrZ$DTN%57t`L0J5N01E0P
zZP&7UnQfAUaFr)?yYpWFjO>W!)q8^Mn~~}2csKyhbsYWf5%eA6NQzB8h5+AboQ^8#
zb@C_--m5~(hd&Q2KEGFbXURzwcHdhB-m#0V3HUK82mPk8N)IO?2ZQ_I{s&#v+D@de
z!y}sp$Z^3=&r<yGYor5y;=f;a_3ta=lBy0q<(N;L6|?n?tZ%8v(e_`*e>q<7jcS#v
zIiDH4VfS@zRjZa%G9d(}fj&KhJA)l{o~P^+w2rfhmtTwFJ$P}9s>csleLKih1fv3~
zVIG%*TG?;@fJE)jv~<K&ws=>ycy~eZPk$C=+l2d33(dlrVD3-re@wEp7w$L|YwWVe
z7u!-<R#}-nE684$W<YEuA7yhi%U=ZNQO2_<Q)ces*AAnHyN-nr@<j*ZQHG);G9k&W
zhExhigt`PbX+Jo$_J-J?ehkmB!KfiQ8xq>wMs1$$pYUnOL1t=hUCwvQjX*Uh<8P5U
zUWrM)J>Wmwa)V7d@x6v>HZEQ!czE8KWqU@)T(%DwP<Ua{MlO*)$Up+Vc><bbBG)Mo
z%xTzO_fS!ohD)ZaV|#wIQYRs2jc@&|V>`S%@CHW4Cp0}BXiZ*sn3#WlKFU1hFPOJq
zZn@RrF)*HLD;0ah{w_*)OHye3q&F#nK1!adJ3OL~e4gSbois-jFdr>F^paax6?*|7
z^eX$rH^6@U<o16Tx9KmA{@|3mX7|vGZ>d-9iGh7p98?0Rtiw1~;+wa$JSkLm?YIMz
z+a8`C4h{|$4hquV{W|W{9S%??b@-nevp+XlGv2R@$$ju%15`gTtiN8)LTcZ1wmxpT
zuRl*N!6_LKIjP~$irltdI$pFns4q4=NuItwUL4M+i}}gFcwP*yW19JgzFOW4PGhq9
zjlVcv4ID&9)EfHz`;QaRnVQ`MMl`qa^vZE*=?;_$9b}o)2o1ZQU7%Ve?w<Y$JlG&Q
ztGN`)@7byCaTDHH>Wa$KCEtJinJSkzu*>9o>-_P)%OQMCvnzv(O*!<nZD@A=ts|#P
zx=>3Q>4p6Eux(=6{h}tI&gPGa-ZFSq%PKBZQV#uI<yRTei9LgFBGY)zPKlPCJe+B7
z8K}R#D{SW0{?>cpHZHg>|DJu`8vnjqs($P0ux-0VdwciseAbw@=<aCP-43^@e1A%r
zvtjAt`eOffGq}?c3;w#p2+&FQzUq$&mNt=!V0k#7I%(!s&hvS!$4K@u_rBTV|1>N;
z$M*O#Jxcd^>wSjM|9+kuJh$<@&0LE4Qjs82|B58%NI7<Ml`H$y6!r**Q7rt2m5+U@
z+!l3J&~BQ+HcNhj=N{`UAJH@m>>inwlmCF@6)ZcC;}xB33Q#^F>J*`$mz%{nReHmG
zgZ4_&F1DFzKEXJ}eKUFsc{qPae~>%Lp6|}t&f_n*p7$xhpUIxdp6f2$&i|Iao<}(C
zp4XYxVNW=6nuMEdXf1Wqaj>Xg?I?Dm|K$7RenVKu?H1cE(#actkZ}*#DhM&-X8rmP
zP6iiXgfjvT2#5g<2nhGTwxf==I(oLY|GR#x3T2D3jHzw5yyRg~spfVFI#KHi#|D|s
z8s7^sd{0;nj2&6)$0A|0s*dePLrIM(o**qD0d18K+;kdim9Qrr&BhCLU>e=@YtDI1
zwz%Pxv9qY>z;w-wz$$^wYVP#gIa@$aeez?==ll8d`Fks2quHq?XrBtZJzpz8>vfhb
z8pR)HI7%v+6R%kx;K_zQZR~{tIJIOlN^X~r9f&_2jT8b%#17jpiO{g?k=DEMB*>;F
zj5Yv%kiBo@%u9|u_{_A_2BY(%nsk7ya5TiiQE8ea9C|0gFGF`7o+Rmkxmz<7Zgd*v
zEJTW97v(*-gtI*VF82E7fm%)Qctv}nEIH#j5G4fkeS>+xfb`hJ?Yq5MMk5o@<e`J>
z*u*dpn*p?&#So2y!^ELrSV&>~s4JDpRBPI+G#_AWlD0|X<^=T*%X};5c%&bK&yb`n
z>HICK7gBvP6d(By&oTutI*cqaKD<ZCTKTgJd<YjLnGrgpeSf6MX8;(%kt?E<ci!Y~
zwEe*7=uzi{3uhz9&h3R{ejRNBd#@xJINC`_s11|mvMIXf^p%rMQ<m^<PFkfeWV#JZ
znC)swN`Q{cCz+A1IcG@%?D^?}_ZU&hZ5CR0mAMomHf)4aaZkAN95Z;Q#i6M4F<-je
z>8ZhZFpaX5Hzg>HwqRyYLA6FE(Svcj%_C2Ox>3s}Oh5r>8pi(27i^-Xv1$DQ8(LrZ
zwU5%CH#|JgPHdhcq!kRmHgE-a*viO`YMgJL(=;ARV+i`RqsG-;Y@DDB-D;Q!bWM5`
zbkXfWK?_1py*lUzN<_P5Dql__e4gds*+_A;&`e7QWJu%Pv~vQxGjS?$;mHkDQf4b`
zYOXcg5Q$}z-r7+}0yH?t*Ek(bBeu%Z!t1p$t<y3j*iU5&860;Ev=!`jRjSM-WfpvD
zjErCi#xl|bd~|Ei)Ke`2<xK8)0fD1-`oE^Y0S^4betbZR`*BvQ8vlyj6}!uj`NUEE
zC^{<N4Czo0L&AF2+vJjkE8)AX7xGaA2|Lgc#bcYpa-?7c#lwSy6;CjUIzVhl&s>zI
zQ+banYYgR@HV>BXj2~0oi@((FLXUOXrzr^)UPCL!HajZ*uvQDfMmN`MC@wlAR%RuJ
z)vryK@0zY)N1N*jjCOd%<{4w2MQ+y;0#U6@o_BaHke}bB;v9CWE6y~S{spB?YBq_3
zHYdM8*$R&+J8sZXA++quq7Y1bG0T>Qq+dDyrFLeXV%P;LUdU$(*+xR08BU^t^6x9?
zx9hk=l}vmi9qopLW_*8}DpK4*)>X}fFmGFbnQk_QA|<MO5QY)5VrWjBdzVNGmE-g)
zwAQUAnL6*nNhsBNiq~DNr_dE~xZThWoG^PJpAs__Y@ysC9HXu&THT&totHJrwIDFI
z;PODul^~k8R)}wyyc~g`xKPD`73xi?K_CJOQb#x|Rzq|k7`D>OLj|4EZDxle80Ugy
zxGFIiuXyff`EkriMieS!E4buxF;y@HHjiSVKj^aH2m#`+#3+BhM_uu<gTXYS&av-&
z6$$1)N;?^%+E)2gp`N*Cf~?+Zq~W5+A}AX*<$8`s|9}-GHASRY<(_g{*~)UcVlR2p
zXmi})CK8mOGgT|ML>=nypi7hSqs8xgC1}+OIpcy(dGg%YOLMq>f;JMt*vh~h6q{;z
zU<RcSD^n<lML;h+o3EW_p4;}imS_Lxk%}1b{k2PPo^Ymme!j7^Ji8>8bNy)eOPcm(
zRLsm1Y6ruA)qRcZWH|J`N^)|>Zq1-}YA16P<AwO{cg5?%|A_fWzF1J(!bEBL7-YP}
zGk)4LDquub!TJH8e5{tCNusg8fbzgZHzetv;!xPiK$|bw=5}h~pM<jEx2PiBmvwTo
ze*emO<ZHVZ!)cfLscEojA4iYH1Hn;4apFQO7j_h;Q5Xy2v`bv8qp-Z*4r3cqqgfL<
z`|t_tqLN<~MYjEfsh|b+74t|5HU(^S2SmrK0XKxic9VhJzZG`{BYK7TA8O&>1Vg};
zg=T7v8Ps&>#tnZL8IZoH0q^6)C-=-A9A;kD{(?s?u~)n?ANU<G8{z=O`s#Rqj#1Qr
z$@42lO3F>CU^s|7PfAeslXb<E^d(Hd1$(`~$P=SFXuS};5>)(gyg=ipa3fMrow5QV
zn#rA*>gW?BXBF}sCz1!n^{Q#x5T(_vM5_pb4xyHV)yh4FQ3qQrD?q?hqD@fl$%C9N
z$!QkKI(%~+<S>I2y;&3X1xd3+1@FJqZE5`|+oc&m0WM#BAk4>lW?TkvQ3zAR`d#6T
zDd04mhC&~z!o9eW)-?p&=OnSIgBr67pttEHXHu;92vxqPULQeW1V*iurv8RN8!I#Q
zYd6e?H~kQrv8nw>o*LeVu5p;+loz;4hj6cO6<PsyKqL@s)c_w0UW0VDz;Tvr!kenJ
zUdU>zBW_U^M%8#WXO3X*B<o=owdW`Y3dCX(Rpe|@C)9z}kQ$m!5DPbRKe#{+>)(R;
z>z5x;yr$QnfG-x1EXsQ(Ot2Q6&~H%_Wjh);U;PwjUTv4ZO9Hx%1nZUyaQ_g57A{%N
zfI2@j6f9v%9(*OW+82OL#EU(G0}EvTY=Ds37d3!tyVWWyx0cxXk8%k{scT#0YuE7n
zN?z{VzGJJwaiXn;7{`WAW~bO|@;`jMQLph#8)fswYLvEIfJhGMwO7gQ1b;w+Z;pBp
zT7eAFh+2S45z2;en)kAT^&9s#73rkIMAheT5k=_9!&}%Fm;yG;hdC{d^@f-`7jn<c
zT?y13_ggmAL$C&~miii&nH7t?x1JEyb1JTv)EY4@g?JR^VM&QX<npqvn*};(h;W@T
z?v^}}g{&_(M68MzbpDAC#18~E^~Gh@&8N+ghs)<YQP~_PG0m^E)eA15{iu=VaQAG{
z!JrG+LzFfrrm(hq+EPvjy*$^84;BZranLYqm<VWUl^3^9{bBwqHf#hm^%wMyMeSGx
zy60m!&9s^>^<4rvKy)QiR14@CiUkY(S+~TtTou=|nZ>OK;fY)`{VhG@yE#jCd61i;
z#bb5EV9JhWh7j-s&w-c^a;@xSB7#*2F;9nW1p#9RdB(;6lZmKzQ;Qqk1dXQ;WqxF)
z@N(&95$LVA!I2qMjNxryPwnSQ06fzFB0pq6fHVR_0{j}z;1KQ_bgLw=2+NOQil>o{
z(BM0I`mP_m?0W|Agqo2@hZtmGkS3mC8dBgM$IKd2VW24-BYJoE{e$*l)OxX+tkgee
zNnuE+23J=Iw4si7VQ?d#Q70?5tD@dp#&{)_-U3_D8hA!sy`~*&j=BA8AdRG7h&4&A
zjNFE2kw0)r+;sth!&qeQamBiKl5S4;<f9m{6-N33C!;^msQK>A+ZYbN*-wnY%en9W
zquO0%a^4?VoK1Lj*71@`8}ep62d4FgXTqpG{LoQ|A?pp6#m?kLXd=cJJJH_`VSes*
z-1C_)eBP9`c(}B$vxUmBb@|NiW%7#K%zoSNvPJ0Ft#Nnv9R102ceJtH<-JXe-}SAC
zpmsZ$V!i5f`kWb|<0;+6@v6C4J@&-+!hA|>lfCY6IyyY|<!XAypY49U=b{i6B6^MZ
zm@un$yGwp;%{EOs#sBDN?Q)#AI?d<WA3wYvoyj$i>F)h`)RnWt%i}rE?c=_8(QjqN
zt;4rj+i?iU(!yZFX&ZMrn-sG<iCPA~YNfqzHu{F_o<)2aZ5G;=GddF!LuM`ad3pgw
zQ2IPaVBe}azVNW&bJ|^1P-^D+zQ+GJ#LzU5I;kbM>2!5<GJ05C_jw$;rN8WahA@f7
zihbI<YyWDKp7PSmIZQ{8zV@`9@A2398hXAvwDQsRXeZoydP8xsndf^Da_b+M)iAN>
z;<a6R9)7))8uOv@xf;RW`Z#V+nQHQWctHsW*|z%bFyyH_xm2-W_ug9}8HO_?Gqw7L
zN9`y=U{t=xU4F=ANC^;VSG{J(nAE{IZx6YQ6C7#=#f&WWiech*<hRzf&)hwcW&v$v
z;!|Xyj<Sr}J8jKn;)cQe=Z&{d*%f>!dWa@)D1CK3c1-JP&7GJRzq$2G>>KHi4v!h2
zz4=2YEQKw5hL8V!D}U+aZ2L0Tx9&iZ%K%Uddc(X0EWi8ym4g0!u?h;qi#`8WtLkY6
zEzu_1?C^(iq+Mkw<Iv)^h*#y}Nd;BT9AerCkKfY$c$FP);^^~`%brJ%*JXQ=JquAB
zQqCWY|Fsr&eW9|&$8g+uQCo+BXWCx;wx7S<{Q#&{2?5V?EB}rQOQ-8%%2{tDwBFgq
z^}|r-$8~*rM8N&5{5oIveohxY@7j1t8c>n@dK(tK;m6;49`(5L$a_tCez8?JL2bbi
zFOqTP8Q1ze;CznUwFQOWCEM^PZUJ@C_g~(3YC*tm!MEvKzk%Ees_x%^arY!<yCvC*
zN^qs0+DpIT`*Dc(H1BBK3VK5Np!&f2;P`-S2l0o+>`m`@+<L7HA?&DqAbO+v;QD}O
z_mJNvyik6yc!TqYWDghL!o1LUBl#eFBmVqrfj-gnI}tBRA6VYF-<UdmDYrVe+cz37
z8ZW5c8T(%_|NqXloCxqS?vJ3TN&y6f_uslWTRj5{Jrkq<6&52^-(66aGgEl#oM;{O
zF5(z%z=se+8PLT^*rp?lG)PEtM98iQM(0-0N8<D1To3&~NeH3LMgyAW<5QiQCav!&
zB%~6q*r47mn=Z2w_z6QC-aMwV>btLxJxqSpAvB!tm$y0`zkhjOJ$svo!t-?u?ytt;
z;B39`Y^~*b#}r=@#|%5@=`G@nE6*ocUYR=gHTdrzo+&mZvz0H}JIyNg)<GAB4b3+R
zaca>-HgdAS;7qw!{%u&ZIDAme{VA6f$tKiISktmt<O=GOgaR51JsVhUq8G{6aI5s)
zgnCVr+*efD5d2z4gZ5X2W+#dr4&_HD7C8(H>j(AQ5;K`-ufioUB;D=<^_MEx#%cU3
z8dYn|l`S@@R4fSf%@FaJ%awCA>-<wuhvbSZR%`QClh~=zC1~;GRLYFei0YD8xw2^0
zi_YVf#+RgZD%IIPt0-*R;Mk1IQLKy`Q)y*rOy%dbLwNUt;sG|;^r#lbjh%{Bg~Q{j
zR}_F@8+GDFYE?7pAD+AVIbCx7t7B85T>DY$5tBIMsKIueeQ)bJ^i~z;6?-TK`uJh~
zqa>ELG@wvj11}-1)fHJk!q{E=OWh)2@$Oc4F+-rIjC}r8Xi=qVfrg#DMTtE8u-1|>
zbNq-*M*Swi{eVX|xx#%>jj6sh!%WS}xD+<2a+PtwOR%3So-!(XOqs?f3dmrw4Kd5p
zy^ev=Ouex|nswqXX^hn2)(XE6qXiGAUQ+qowKbLAxrO>5_C9BGqL9`BI_@u3QKN6e
zQ6|MZbm6UiPJE?01LUdpiS(|*Rf$seT?|HjW11Q?+niR=#FKlWzOqA4pAZwL7s@Qm
zc@odf4CEdN#)eY8yzxv^643#7R%J5CWBi0+@5DRg$mXOfiGAOrt6rX0nLvqL%J6#G
zk>YFWs#nBpF6bI91FgMpyfdRYZCRRftLp_>&H8DV_8+FivDq;A;q)Q(w-sfXp{FDN
zKqqQS0tu1zn|^hXA~rxv&R?!%TJ$^Aqd!cR_V|+O!8PN!A(ttYM`S6}pc<taY;p$^
zl5pr{_cXH9i1X^1lK9Q)MzU)*WoD&ml8xH(&X1RODPzcxXP&AQt)<}z#4`MY%5M_X
zD69^>ikv$1b4$PJrBu?cmLI>+-rw>%_aEhL3S5xrIMpSN!&lpk=q@vlowk)z?9Hxu
zvfr-a<nmlR>mH-!njWe;CKL3lj%^EUU>qwiGDCd3ROjaja;)-xC)$I}tE&o(R%`{n
z^x1bVIi9-|zLy(U{$;(Fa<{R9A88{+LA&`WXiHKlRwWC|o6U%~A_d1qtemc`{tsQ}
z)SOw^rqS4TI(9mGW81dbv2EM7ZQEAIwr$(VbWP34H#JkWf51N2wd=W``?}U*v)N%?
zsqg*fp5Iv7XyUR7F+A&9(h3=#a9=pkh}u)&nckuK>udPvuA*gqrd{dr<WFZ@I=@8w
zXdSQr&k%BFwnt}OSy34nVF8Cjn<4Iorp1@%*;R1IT()0+4H|49_E|xNCi9Ax|7PXS
zrBXI18Od<T)F*`|{Zh7Flx=m!UFgXqppyIewK@Ij+`XIGUUb@6AVOjcni_SL8a0}?
z7mo1Dqw7V{N$gRv)$FIF=Po<73!NnacP@Fzig>%+V%t1^7Cl2dsJuv)lsMy6x}N%5
zT$nV-%jGBx;3d<};3%{3V=Aw7z_hae9^K!Tk=dTI09qkVO17q=vJ%RI5+6@ok}0g+
z3TSbH;8eb86^OOayDR6WLqV4T<3#_c(8GLIDIw?CzPY?0ypZ+iC3uZ&`2u9%OOxj_
zkS3*teFV*s6bKR5tnR!oMM2Sk|1g3QUEHqiypbeBtt8>WtaQ{*F7?4|?-^U9xdx%w
zJrp!Vx_W4YnkjTuDH-FPiw}tpp@dV1=fq1hBde#=qxh?^{hXOI=aZtS89#@heR!5c
z7Nwe72;<E)3;%HjX;-u=d0#RIz^+w+w$zTfX{e<ESV1gB{v^+(?CI#Xu%}Hz8H)>h
z6XO#Dn$pDm8xuFf1llgZ7QB$Z#R3Gx&;0t3h)I&lq(D|Ylb~a<<~cn$4e*3mFYYfe
zKipeEB2CbzBr2EF7rUys{-#nA&lZk$lCf%e@onl_G}^4TO&=If1mMStYr8V`rMx~-
z>-T6wJ4Fn&Uau>b=z;G!aBo3wqqAy3Y{OTiR%@44uxiDS+NAAS`f&@^iF=i<Sq1C$
z%J!bOGHFvtL$I0`4BC;_Jc{+eKB!2lf~krt*Qua5hu`>Pmq^amsRaFslY4))$gF;@
z-0@sH515&FR7KQ-xU$U4fYY>O!h?8%1~3Ik%<Z9SiVJ%NAq$m3y2Uo&kp$=jU5R?q
zuw+?Cz<($fRSwQIhd8|fMLFv(7oO+r5eWh=oN{W4ONC~eWQX98=Q+KSP(gpM13Z|K
zl_=p8iF&q8cs`Z{#X~&2iHdX|qfY0BmWPn~i<pp$hc?9tIWIn`0wG=3taxa40?r_?
z$2;q`_p~{)!{|YlAvO(f8so^({0s}Du0&}<AYQlZY!eG66bIPM+00IE=wHeI{OI;D
z%+9cRtcf~|i4})B3v6!rWIJE&>jOG*XvV8jgO|ca1fu0i3{i(rWj(AhLi{(J0UJ@A
zpjRlTnORX{l(oDSEWF68{!hA4x>k)-byZrb)nHmx@E^?3XH$;Zr-`zU@u>RSrIXW*
zd5ANV?Z{?@7Z{l$f5vPsJFEMp6C(JV>I0MV#}x1z*D&-Fc9gK-AIeZxg~|mTLJC#|
zQ7dl8xUBMtidF1DGnv-Y{d3gyoe+wBaK^1!H(<7!PHx&KTd{BSoi6<G%JXuN{o;>>
z?jfx(p2&V$k<L$Es65f9!tOlp#0C5`oqKSQyH<W*utvT)^)O9-=o^<J;Jj}MGE!fJ
zY5!smD6>+t*%gDW!tm#rzIWMBVz%4TZ?vv60~B2sb(!^qLt*2ug4%5j5?etNHcyzm
z1W+OrY{}kREyu#qM&EWT<G+9qQ@`RTiC<>%JnRFCWHYY7G4=IlO+b;v5)K473*#P<
zTZOGcSB>>~i~fCJIYh5(75B+`cr9xPbytH<MKVXZo*DxtT=fnFs?STW-Vx^t=T2*3
zhALd)>7ky7z=CFHA&)vfTSC25OL<#ud0<!iR9fK`PCMA(@7JyAexsnsfDPaDo!ahD
z0qh9QC!o*}WRwhUW;m!#siPLi4UA?o^G1O_Y)bx9h`o`D09!wTp&HK9OR9BwWFPsB
z{JX#{gA_iyK!V!_NPa`VzZ`mlpMRRZaIzX2cp*6z%JU(xj^u!pS#bj9DotMp9VHLx
zU4R5YT*e4v_}h8=2!hT-f8o3nU4_tSH#mnOya<=m&<ZRPfCvSM5ceGh5-OP(&v5_=
zMfDA`Zk#;aj+6z+6DeuGdp8u6WEJl2PC4e#I*)I9yH&wdc+c&nDK||TclD+-xDS=W
zNXi9Tv=8?5rk@hE3FZ0!7HaZVV)X=q{v|Rk26zxla(yEz)`G_sL?xW!0s}@I_+jCn
zqMY|Q)j{(ABNpg4KH*OuAeMKikck&GD`x+Jb*U~O?zU-i8VM2$JTC`DOIP4PJ(A4Y
z&-c_oVf~Dh!y6;>waDtj{%g_*3crvT9mT$nguIE!oscgos5&_!cSr{&B6`A0+8q(J
zjWeo<BiRmZ_Dwx!vh0_A)+lijN}-$GXeg*}2;Y^_X5Zu}m@2|A3ok!Dyqy?i?5GQ6
zydVY--thGwsHDfqTN?Jwq*&oYA89NHIUX5K`6Br&(F5g*ASi4DWy|PW`&UQy$py_n
zw8^AKWOQ4yW5nr-<O#~Sf(d9#gjX&^zt@6=jp4~m@q?Kt2Dl5sQp&Mot*jfu(>%?_
znhaL3h(iRSvqtJiC>TlI#9<&%8gBy{ctYalSWFv7kggd{Cp(QRKw_<**%#J0|MWMl
zp%T*9+l~Yh&v&Vq=kjt;z{+uGqzPk?+Zy|`t}jrQz0v2&gYew*vr=*|C@$#FgV9Sn
z!L0H@|29(ZH!(jY%Zy!YD<)H^mQBS}kvmU1UW?yXeR2A*@oDm=05tdZ<(lsdSL(Vn
zO_w&og*p7ABQ@V}PDHLd$&+r?Eb_$tk%x${ij+?pIEqY!gl=I3*V1D8<WN`gQUx_D
zofbT?ers&q(_0$St9XzcjB8*n^70fgY(;KbM}K4lOD-l#=K7V;3E#Ut^fSq^|F{{?
z2YBm;Lw0%}4rdvY^KYioSUPx}0wXWsF)MX$brdP7VsgB(WMzu4m+&jmJs3HiWe=Tb
z@=5VI(+P-9q|>%ztO`{cndbi)0^W36v(J<X_<(AYlNXVwV^RJ`vLpoe4ccnXOSYB=
zAuC=0RiUtU0UI**J4l*}`EFwAha-^~37-pr7@Wvy)<6bBzw9_Mg5}36ohq^W9C>{h
zpIUf#&!4S9?J0w*DmK|?W*vZKrS^Zr7T$GAlcV-;X5h7+ymRiz%`KL7sbvT{E(v{Z
zB+At6@~pe};Tf2jd-Im<+3pHs`ix5LK5Z%~suZgTcrrB_j<XbsZf<1w4qzzV@f&bN
zl3IEv%T)QJg&xzrdAQ0nU$17v@jUJ|q8n^@Vyz0^2tJ|<|FBYISUcl<$zp0;bH6h9
z2}yW;auS{AH#3DmeR@vg@JjpdS*z3bTd;Lo0}rP%7n05Z>bBj~bi5kaM=Uzz5^fY7
z*df}x5#Qqrx@GIW3~eA9df>E}{tM-sNx7YJ=Yy(@*?qZR?KZL66S3OE0f20J#=y;+
z?Sa>D@`mI*^B8+3RCnHe6axwEg=FvEnDDu*0x99kzal0$g^TWpmJFd7*_)9AJWNpf
zr<Q|Vhe19S(JKljmUcb-JF>1Y<asEi{Yd9S=(G@yyi_u}@+ATSnL96?fXZqpZa?X{
zubvuQ6|(YANm1Unjd?*um=xoYABBx%c!4>Zq)d+O_^$2r>enRfazXsQV-T=CU?Wk~
znImIJsjpQ-(JHzeXLAH+e2n~N3eMbn=N`Lir#N?{n9oIoDd{R>wVXSU7Byz&BX``Y
zy$KvB%Y1DcP4mAs;y$_4q_-6b)XFf$>5Y~c{9>@X*!Uo?N+DhWd0&Ac&xqeC&w73(
z8Xu5xLhC>MCNn}Gj&|P!KfcqwyX-$wWj}TK--Ery->G@#sy{@BaqqFS(fnTzKr<s>
zpKAAbhm1d9-M17rfGQZlusJg=N`KyA^LxI2#*T;B?n^a>Z)EF<N>(m-djODq?(>75
zkT$n-x-W(=VxcFe-TPJF<62*&>aH{$ySGTz6SP!|yzK<WI2QU`m-vz}!gz^&L~ZYr
zL}WMA(MOgoPD59g{k5^FP_8{vYoEq#Hh2gdst%kJCD;i+TY+wJuI0U1q^KBU#zQlC
z(y7D{%D6kx;m4Ac&zD8o4+MZjFkC4yh;~-USa8VjgoORKY$3x>)7sZe973tkr*o7Z
z$%`*2!{Tr4Owfk~gh^k^##H1?N2sThuTNK-vR?kO-aK1b>I47Of`0LYbLmYxxxv1P
zUEkup1e}P}z4?<vMU)(FXn<gNpXO)mDFp6f2>dFhKZ_pwS^vbsjlpND(GK4p4<dP2
z!1P&ephplV5hxGAfcv)l@JEK^@=8P57rya@6yW2F{5u)3&mMN5GVdbt_CnZIC#3}-
z@R6MA4Siwc{|e*eaR2lP&^b9urR(a=r8xYGoYD=XRlfdK5mtzrbvGz1rhE^p<YxMr
zGN}zbW|{r`$Ts^PG{NM5;3Ry>W%|Schi^0sU%<=+{+6-e5;c+!KV-e*J7oSe^H<qS
z9D^%yvRt(YN5r{%wPTh&dFOoTK7xOfY?$O&{^2LcwEHrV6$P+ke*rSh<-LLTJ`MSP
z5(7+}YEfXv>NvBdM+NMa1H%6$51+bz+4C)N<RY^i&WPzD!w(d*zEBrH<h78ZSbfzU
zn>@)ee493$&N$M{j}i|b+!a|YDQG8cbvn&>E1^$nh1e1F-|9CRH2rDP|3|{cy26^&
zK{T-2ADN{Wy!OESYml1r7v-g6^N7p?&oIAJ_Az8a%3+yp>c-&&hvC{r6S1?4`Nq0I
zzp=BX(}(%d#`#1cDvir_wCIgB%5#(BjcfOOeeDoXePhw!KD#8vfMe4@JBJqfq4WNQ
zg~+`2oX5o%R{yuS^n+H$hb+^|Z74etAlJq$r_X&=Q_8@2%^e!=dSay2U(6SwU={JB
zj4Csgz3^U7&K1kD=JH4PI^$p=Y|vekfLB00;Q<`WIrWF)I_ujf=&lWCp)|utDeIS8
zxZ&k9JA2WmwX3s@O~e936oTvY4<ZoI&yP+Lw7QZS#t15?KS_$X|2|S*o_w1+2$j4V
zjaglk0C+X!l0XVlN=6!?zSNK^xQ389Ju4IyR+(TC%rHm-LKtiyKX5jJl$JJ<yph5n
zeSy=qWi6AJ_s+}5v^&Mg=S(--4L(e;fq1_BG4gDEal$f%Y+YjA7Z`t>M4p&k;{AwF
zVGWECGHW1zZXWi^*`6C`44eK`>m74LN*=xzRg9GV4{Td3Zw!SY9!ra@bAsJBht<w8
z#lDXS7=+{FL48fc{fLjR9v|B|QoYzZub^O}oo3_10+te>vEU(PT2??87jS{2rA+li
z@x7AKtFZI2uXp2s)|o_WsE`oQ!sSdo!2(mA<210h<Y(8AH&Uy~hW^Xp>*&n>Y<5pX
z-`^Knsbq|l2$x6WMA7B@U+!K~tGzpzJ+Zb;9pF6slfoI7D>zl7@oA`0(d+pNXR-CR
zjlKh{p}CG)iF$Rh=yO>kl5n?5mr_2;WppUP^g&eZ;uJZ(qvfQI?J@V{{_L31-ObCx
z=J*2<IjtCC6zHfVq&Mb)gJZa`(iySPn~$^Vo5#3Wc(LxeVeX>+f$#$yIVO#@amh(8
zxh}k;HeL9woM3M|lNUamoN(~<>~ETCZRYHg(`dL@Hi9w7lf}j1Tg(3TYRYApBG)-^
zp*?ZklgGpYY%$F<!8DSdd$Uzhmfh3U_k$(G(9l^r;c>ugc%+xR)uy-Z(K0yZy;Tzq
z7E6&)A!hM0JS9PMJs@0eIug+p7J<Jb8Gi;p@l=Ri_}IY8bb{I?IWm?Os7b9*Rw&tU
zZgM#&G2P{W@MClAO3MN*QZCc(v@Ep!rj)T6?WIsJbShpj_0lhvfO>;A-SJ3wG}QHO
zg-_eXJ$6}F&$%_r0K|y(J-L5~DZ9}X>ZE_eK=8UcovOCJ)*gPp>{QnPXWBmXEd^Jx
ztqkjM_@%1akstyy6Y#y>b{+8E&l-O9;snqr%_X<_cssf>4Smo?ytei==iQy(m{q3r
z{b}``fm8G>Nmb>!kfkby9oIZ)`YVbT@Y#cDS~Zn%!L)n~$3)$<UbQzxhu+MwCbQ*C
zdtIASw{3sLB|$Aw-Fb6cL&dul;~%3Xo8j4URvQ!Z{=Qn{cW4P3*_pe!oNTiP9__x;
zqSLdhV{ZsQLtZRwWyo${=_=`cj$HX_CHCdB5qh(tDkJ@|BRLoIjl}%v-{|5{J=d_T
z!Qfj|d@;;dty-l;o6Pr=FF7Rk3(k|3!6@~7)0eiLKDqh8*=hSimTQPs1`pR<ScCbY
zORzZdU{$_rnxBb<EV0IT(W?SGT@kt{p6{*}0-=20w|((D&&qx9z?9rospnAF`<%^i
zxuyE*e4M~H^LRx8((?vPjT-YEFDyx|=XaTE&L|-B@pXUQLH}(SGkSqSEK-)&6{oqT
z+sC^>;3YrBgi&^kgbqgyOLUXTf@N<V*=VoxCzfw2xxLZo`ZJA-DQ1tuF?pB1rdyhD
z(0(e{WNh<|!PR6k8`aTNh~|0h+aN1fl5pS-Eg+Cx_8Hm0TaoKmEs;MV%7;A|GJEJ}
zcIb=XU%|Uy1JEvpUxWet+=gSTvQ<KwdY8UYMBW4e(dr|KeXt)FP`m@)JW$$o--;k&
z+LkhZVm&obR`<QrQPp=fLss&I4mn;4zM_<4vM^=yB@Dn1VO8ql6w`EYzbi%d)XZC5
zxfTefT*JswqY7R@^3yQ02#-ZRbHpJqg`tKa1rfj>h79uAgMP{2{}t5(c1M^j{Fz{k
zyB(@m5EOtD`4M`Se2y?1FOl~_bB_^gP1F+{Fn_t6ev_$zWhXPtI&S(HH=k|?1;#kD
z(|x!?yem<Hj>->|Ec`p5;t&}nXA|w){B!4GQ+;jdoOaqzxbkFq%n0LZ5-m~anIo|!
zu4t2M8C%u+a{3+_bF_!9=CRJ2IaMO=a9CQg7HDfmot>%@zhjf+_c~K%HU5(;8elaK
zEL8_guI^7u11$C@5T`8=vI<ge6-f6M`4t4SC4j&xkOv7Q9|?jx42W0Q|DTrzNRb_6
zgb1FI2=XuvRxbcVSsth~A1Pv&QQM!q4WTs;wqwuq6&zxZ0d9~f&CebyFf}jmcUs6#
zA9b3)hOmf7Sj;hr;SfLhD6R%EtAjv|8Ha-qz8Up;=y!;q0v3!|JmoJ5dB%i%v_}p}
zVG4Q9ap5&e#NYC~iUmriaEgUeWhhH|mSxym!VITCFrvU_kn2J0W-OY4mvQI~qO4{N
z21MlC!N_f}FL}T{fmcZU`Jb5oxmYp3X%$um|JTy~*VO)h7Ap?=R#wJV|DBIBR<X6(
z5JuxW$@=S(`GiX$^E0ExSY6QMEJ3~wJl|}d@%3BBOzmnTf!Th&sU~r4dO4pcgsN!(
ztP;XZ{g;`Uw4k9ldLZI$FuXsKSs$x;9x%aQVS!uVzq3eC{%um-wDUAy`<<>gU)!F&
zTzVm{QBNSd*uSC>xjFyHJOcMwfdP$L!Z|Y<7D-~06q;8YZ!4)zSVUWxVS7igsL<*a
zmcJ*l(59`Kv#2dA4_2|fWTtSYQk}jLXHlOD*2JaHN0z9J-d9>_+QXo<H3yid&nmx!
zwZ18}2WX6|ubH>zn>c(}!Y$EQrf6kTYkX)>8%}pbG+xfe=oGSe%%x43v2ds;(Jod0
z5}hm4F$QRXPdS;AM~0|0)|yRLh+b*Or>K^f`A9Y^syLQc&MVH8(9z;-Z*44W6g#>9
zyUlajFUG7YP{;*bXjIBCDrwLvu`a!HAshL-1*$WYf&ifk1He>s6TvQ^x#1e(Ct7*O
zMxDosMk9RiqYT-DgpguG?P#J%=6?T~fZT+Fug7}7BW*H9OkhZ&hZRYYHUb}m5@Mb1
z5M&1?^+H>Z5bIA%#z6i{+*B_nt7;Mvt+BQd@|7>?1s0l*GlDK!pGddkJh^)c79}gb
z3Qk6@5y}u#$9_1Xh&5Q2Z8G1lRp$%N3#S&KPDjCKA{mGz9*7j2gnmX8u5Qaqo2N9{
zznv`qSZoFaTOiC?FXfZLpgo3FjLpy}tPSF=izX7mh!i}huOSK516FhmdE?B7O!%av
z@JZxp-nschw|R-4FTLREAtI3{GE`A$N7GS8_yHDqAe_w(n~x|l$!H%E;Dq?q4l@@)
z`fAP;C?5`o5;9HAK;(ypi<P2JoRG(0u&Vn!de#ZT35FS;1vg~q1RB>A28<Cf%PYp(
z-!tlu@~4KSVltXMc`we}S}JKz*wY-xh&|VP@CY>nJtVO!qTrS=KuDkFZOledz=oWd
zHT08}f-#Hl6n?<R){lAHuJaB;;x;}&-_J!TY0qoJxF|0oCCqG0(16%Lk{y>AwRJyP
zyaEV1C_vmrEPz+Upe;nSHg_*T=CO4SqNo6)&rW6)(waU3fl>RR0+~S@*1FRmH5IF7
z>F>}sIg_?lZY$pM*uBK){5_e+@hmi)5Hkmd0FAb=+0(6xHRKBZQw^C|w3bx#ESbK(
z^-&WYQ<jw@3Q?*=|Aif;U^#JJh!aqMoAG54!Q65?ig&NLyciI)`pHLuAsg^P6pxBw
zOrHoL(jq78uN&t}r_J3c9O#S+cCAV`O*{flo7x7*avom2^6J6*X7&qO1i!%xhjS<R
z)TeBf&j!@iYZn{#j13;ey0RG{ft}AgE6(g3>C)6D!2Re(_tW<WZ+D&d3eK_mNGeZm
zw2RL5Ys40LAH45~SLh4`-3RgU>MQmS0EE47=>;_)-XO(61aGS1p_#*Z&b84n6>6Ei
z=hDv@`|xWuK$NFchXd#(gEO0+6Qowx{Ocf;NzQ-avpA#{QIB#`K6D+VeGi_6#kTA%
zf`n!H=nT)gm@3sVBt4x7w!YdU$D+w@WTG+k(==|w8KaHhGRBFI9yEl!6vn8zD~_}`
z^f=bm<2vCsUlEh<&GNHQXoui~`g?s-{TBQCsWpXfmEwy-??>rO{pwBaJq9c{`}MFD
zbDob}Y`e4hNZDoPDH(a#<_wJF#|mS{mXoUI=ixwVhe|E?^*S?HOxCq4o$KLwX$JNC
zCuj5HGd^|aO!o~_w1aa-@d~Cx@&#zq+enPWE?lf@^y3w1XO!*X>Ql5QQEw#l4c-f9
zXOP+pK=AhUzo;2KqmEadNI*dH|9-~*CsoZ(-^uKMsA?LXcFHU6y=tz((;7~@HP-<^
z{%t0hByp-$O_=Iq+;kp<V1gK<e$l|@#X8}^OV=I*epl?|{Rpf5EuVz1@8JZiF}aUV
z|J?HjMb%2NIEYWo*_>le+HA6!vINsk^Z$h1vc4yqBxjNkQ@B^IJrCJCFWfsE)K_iJ
zdXWW-H<zc|J*J-KzS;`M%~TNyxq9N!q%cBn!e{F77)oTR_Y@1^cUCp(lCg?vgo!vS
z^i)h|2IcB1;@Q&Z5#{dTUcAXN@1l-lNqq6r9hs=SyJ*c;=gK12L!S;V5G?UyK$P*)
zWNT*R3fw8vF^IqgSfj@<sNvG@Ig9eY6|hFG$LqDp(>3A%hO9}W<io6-s-rS+_OMhF
zYff}pzf-)2weyQ)Nbmi_o#sRcGDgWJ(v|BQCRaYgFSmr=1TAR1H9;kG<ilPg+Zocx
z`6YuLDjaCy{guX)$yFq$a3o0eC%Tl05=UdyN??Mu^Z!~t$+I%VQzaO<7b%NJrBp1e
zp~Q}vL8quBI}A*}ZQkVH3D#tVzN{W3IC)W#s=P_Nb7#}OCzNv!Xilfhqm~DA%U%y4
zolM}OONA?r&lp}^lW9lQq9TkOsAmHXV+KJO%FV16-vYqUyTIvCT1m6<CR74Pi^Nbj
z5BCe4T$q)P=N=rWiR0h68^gwgskAa~L{%?!N9TARjN{wSmq&;VkF1JV8tg=E+moiz
zybaH+9Eg^Mn?jJ59T-%6yT8)sZs$^-Xya4DVn;qg7!^i^NqQX2X?h411k(vYNzSYa
z>|CvlIM*+<cp6Aq1`aamXu>CrOj3sC!zjEPRVPQ)sP$8b`bVYb^eJKmnHguYYool1
z<xTwoQDF&58=Ay_AH76Nco{#;Mu#za)={EqdcPfTEAPbra9)=$xM#&GCzM3qYj6KC
z#9?g_iEEZVhd{w0s%L2EgXcixl^cLJViRytDw2HX-BGep;Z~tgbX{;@4VO1olIV#b
z29U|KpdDpn!i(ePC5B7Ci5^?|MZm|qAJLq=z1HGDX(Bb*pw+6<v}~I(gbc4nV{FlE
z{h6ya<qM#bQ_(r3hDRc{nOmHqYF<lr_+r8IF&|oRH?2luX7BIG34_(fY3J2b;GFY8
z6Y)iK4XtV80~mhdiwZB{br+Z<muJ9AFR%v0oGlP6%4{urZS_RNZ53j<R2~ag7DV7N
zTjd_F@+K~EfbwQ{U%)A!asC){4yt%8qC<hr1g3{B!uYY9R-kPxzYe(T*iXMsQa@8@
zMjMnVm^Ks~J1R97?@u_QT?pPSnGe%le+YiCnE5WWLkw#Vo2GSNdubHIO;Wzkn|@1E
z{j!77e!M8*>;g(j0AiaWVp(-gx21q!L#FZ;HBO?PTj~-DSVfv$Vp`&4Gt;j3Ch8p6
z?K4tPaatvc46mU+FA}mKGEX}{dL=O5XqK<KGAR2p7_Gvu1MT6jBPp_M!DxY>h;imH
zf@apM8-!3t(1;k*(1PVO!lvN>WpPn=6vrcfS^u|=jXTQIpM=5xqZlh8$!R8v*YNM{
zrisKcagce14oj$b_|QSJ<))afo94R;D%GkZe+e3t-EbM9SLs?+tW+QifD%EeoF&$n
z0X5P~a}9khBcp~^ksllDd`%Lu8LlWQeKlzI*C3@L_V2UAiALds`KTyBKh^}RXO}1V
zMe^FfBsmXx>8VLX3;n9^0V&!OT_KWDd2goFs@f{3A8u~(C4+sJX%QzA(6ucJKg|{J
zP>8lEGpfg5a!nJB^;L;A!O2+tD3-LqLjgWNFOy6eT2nOaM82>xY_4~KBQ+%4y$Jg)
zpkF^KYN{qCJ#u|am1u`^NhiHblG1srP@L#zjh%&3S#T+VhKjWlpdv)zhn%1DCw3VR
zCUh^y+T3N8lRyMT(|u8aPC!8hYEUt9sUtq(>B7z^U5IA214GLBLAphVYyz(VILmpr
z3aC_w><M8FN|uD3y09uotfa?fb!SNW--_VS)}&H7VAZ0<m*;YG(KaDZ(gr0;m42Vj
z5M3^*7dvAkuF$S{x`jxHD6|Qb3*yo)DVW_w{7)^!^;Dl;VZst|OY7qWn0eb8Pkul%
z_BG%b7}lU+I2$YN7M13>`I?)sgj|D|%B#`}q#p_Jm-3*e*1l3G&n6S(-n;;}RR;L3
z&z8hbVDlHQ!QgfD=-oPd<ZjzAXQ7pj6|AN5SO<L7?~(-3PNhspuVm)%D#u1c{mz93
zAsrXEKO6pCPUlt5e;TYxF1gyfU-_}EavbU-OK}Kxo2SHG1RADkGw;f(?~Fi^nuoWp
z|L!|zlwee#H6ty9?D-wV;ho}HS7}&|&~q_wozJ2{VHMbU2)6|^Al@N~&@At&wnt0n
zy=USzIF^<qJjDcvTZu9jx<nsSs_Wz@V5COMH#;Z|2S}W&pg4*HR9lE0RB<+pnhevH
z=FCF#gSg;$Mi-C*Qak_jkF&M_KU*I@{}v_LF!KTtV!6)8K+`d4y|v~4XM%wDfq{F)
znzxW%Z3Vv1Ab=FC3^(XNj_dq$O}@q2866?tiot00<MO%y3&)NnMyan3DQy$k=mHO~
z-&yjuS+{fe8w%NX6Jd*22Gu)n%fP;g(E;`zJcy3aDyETE396-c!w$7$Jdl|2LS)UL
zUW<KPHS`g<7?N^he=?`O5YZ)w8_Ju1^;o2iwk4Uw>R-W|@Nu9#hW%o(qL3U(*vP$c
zXK;o9fR@WnL&TPlwL#<&?ytLl!OF}Qm5p(+pQodps7hqmG7_!PD)gRjjyZ~Fzs#hj
z#7D2@BZ7Kz-4;`VA9;0{;W9nHcw=!c0vS}Y6*gYOelh6JBxr5LHg3u`E++PN$~(6r
zeDEl0%(nW_rzDX(?9m>;(+1?X1i9)HS2j^6X)}BTY{HiYYVVTi>EF;V&lR$UtjKBa
zi(q3A7`Qa2f2~Jj<{EM(VAh5H4OU>qXRG@$oLrBo_Ln#L()p`qC^^Vt=VW?1v!kn|
zOBA7iC~pIy?2t7QZ&&oX^{bM-txXYO5@zfd8!4nc&cMDFa>B+Q;q#{d1xgk$4Sqyp
z;e05`?OxbQD9OOT#_F|ji8cX*HbF=mqR?%>k?TP0AXR%JAM$JQ6heRK;57{rMmU<<
zLlP!;pqMrQq5QCHIHVm@$nUt+#w`U@f5jgx2aetqfQuF0IF~MYf(V_DegjPtqe;`>
zpWx=k??a$o&dyb$l6n26DAeNHNR;uhT|udVXKa2gruoVM!S`2%@pzy(&qbSg!JA!%
zty9%}A^I9DC02uGthw0#uM8i8hS?V4i`>v!kl7QUL3;9$po|sL&KdFwNpOtFn?El2
z>H=C8)8%hBlx&&NfPu!gaC}XYWJ6;>!wkG6f*frb7Zk;Vy~|2d;%2A7T(~e7cF<!+
z`!Qzy4_)L@+Z*^O&<R4CPE?~3dxpYpko(y?;vO_m+lJrV>|aT<`qEO(OY_!Y8+{5D
z#R269f__6KVJp6&m3zeOsz&v-<lhe=K`#|QNTdja?`=P_>zdMNT)kFyN8t$s!gdkc
z34F%&oyIixR2=Y*ZcR5i=!pVs<S)CwVf0YK#=7mFo$X&USG`3Mdnkp6g$g&GP6=Zp
z-2QGMP-p&HTWOLzWO0YYLQeLICJ^tk@b}2wz`9l$TcLG9j9vS3`w^5w@t7W3V>5wq
zSj$?b)*aI|?a{CQ;22=LOMw6ZG&b5l0|8QyUgk_rl<)n9@ec(Nr|<2{FAiF99iX^I
ztdg@L8$+49*7G+|R`T80%-ouG#$fZ}v&Ha5rmyVaYP%m;_dQ1;@pKcXJw>SM!;bIc
zhVhRvNfFL8lDWAjVuWh&cK)h?t}-Cp3uf^Iyk}aRA#hAC&Cqs8i1QlMi?y4^P77-9
z6Z3{d^K*wtW<@npG+TIfpzNiGl#U`pv5KuJeJ=8nah@Kqx673s-kmY-M<8WTlwh9}
z+P%|9Sj=BMCSr6_;&tUEly2gC2tUq7Hd=9Au0P|2;s#rf2<S#MV737RcE8ppbN+5T
zV0Q`SDvd4JA7cR?B0Px>ZB@hn9oEcT<j_v+!g_ny8FO0paq!*Ar*pC~#D;me$ZUkX
z+%&m~hjSwvPfCX~mG3{3UV(;C7xrZoKf$Z^4n(|6gSIH-%To_7jotBjf-Y{!v_r{#
zWx(yph|$D1pemkJLZf7TNl?eob~tJs;d>A9BPXcb*9`s<duo9|#u??GEwXgdIWR~Z
zbwvf^+3?h8o?*n?rrzLyP=VZdrnl1|Ug17gI-}p5tGe~;SK1z3vn}JM{U1!Sx@o;V
zVSBn+E-Enfy1Li59cX=($ZWMPJ8{qOOo7DR3A=Gj)yU>O`8{kg5?(<AFwb}}&vcTt
zn^(Cq@_z>w4_JT3qIaXZd#O74M;W}*Q!y|{xnrqdRTPC6{SMKae_*IM+TmgM%`a;A
ziXPfy6o~yKj)M8EbkVQ3zXy1@O_kyuseM_sODqz?(ntKBQuL8rLGz6c-64G2Ji!<{
zdGtWsxu5+<FvBVOB#&x4bnKWSS-75ajx6HvjTAG9JhUCG<6+cC^eGkd2@UOCK+WaJ
z=?-K(=H_j6f8M4uz8+$~?C0PNJ-!#h8bk@5h!y8872~;+_PkFx`n+D~N(lmVg|JGk
zsY*~YrgTuuz>;1i<{Dg5nsUf0-p5LPlNq0%^kVq>?X*gMZXBJU^~#OEOvtI+w@T*H
zy#0RlK0{ea9%T1?Z=c)S(}&}Exl8NG<7@aQ6x;N!(>GlRg@^pb%l#@^*l>{_LEY2%
z5%F^uuS2PJem2pgG<-Z}WVDi_BZFSuV;X5XQ0Q~D-F;TrZMb$2Nx@gan9$uF9}>&;
zjGu<<bqs#8>zF(~YtbljHW4jY`%XPvJ>2!Ur(+IVx-*m(_jrMYEzuicFF2oiGIWym
zXpLg1eGm8(HKv|3C@%4>fo&M$2th)0=E-m!$1V~Tm@s3#33$`~;T=11^CX+HH0IwY
z$Ve<K_kx=oo3r`dD1|V6(!5Q5h7g7SdvHcFwTNwkMYeTn>_$|gb~sD|*Qe$eSvQJd
zc9EJmhwO@eRf=coC`*j(C<`5GpE{NK_6>$qh6IP~M=|b>R7<KPIDTOxcOd!*RYHVI
zLmK+o<oUSzZFGMw-sXpZO<V5~h3|*^mpvUlA5YE{x}s1iY&iqbX!?@jXYGD5(OqwA
zkVh6pPb1reqn4|SW<|sgHDmTfjyx3`%SeV+EVT~F!Dm&<%>8IC*Vkr<*!TF)ftm9Q
z_0RH`>B;x^ysv97bA9bI(fc`<ny=gV>&yb|4}-7ycWh29pX$f$ckbs$;$ScS>Bshs
zi!OHe#RK5IKvt)4{)O+#pTOFU`1WgOlj$w;wDjfc{=~GkYwcF`{%Ysvv6QF(r}O8q
zFqY>lbV~2D79*1R8(7YTbHega$@usLGGaq2X-6>|!VI3pERL=q@{CbaEOi0BDW|50
z9DZS`$-kx;!@6**DHLH2*&_<$)ZHV(CsTHQ<Sg-#_zS^1L$_dNA@$Vw{g-!kkH}8R
zPNA=~FaJ-_cU+HLubi*+Pu4g1SD25uuVn39Z$4jXZ(eVaugp)(H|Q7oSHO3MkA$y~
zuhdWYH`5p9d+np)JMfp%zm9i^ZeHwc=qb-5@H?$XfQflb%seSx3G}*b>m02UwT{qR
z@Wao4-a*rJa2V<Tt7zZ;b0ic0pW%MX|7BFOR!6i$JxSJkORUmavsBg8$BvpB7{}7L
zS{8?hvVM)D0YDs>)j2|^Kay%_!s=@%s!{iW{VJVJA-ASaMX~As<3PsL4dwur;39q;
z!)J}+!AvVdZvCy@PP#D5yigR>B#|gT{~`gaQhGPpnA3Cfvi-7s)BRFil(Vtis+e@3
z<7>Cnp|XB8K?!s8I|7D7*_g5-q>&`NuHul<ouwo#@vJC>^<+L}Kv#r0Q-;h?fi_)2
z3pD}*U*YdKBgs)jMnnm!O1Y6NtY!MGJR_dUNLoIF4D?CD1{#`7u?4GzCTrHrZwvMe
z`FTw@^=NWYfpk@F=fVbb*(no;7JU|`U(@CaGUZqi$4PcHiTJYQG{G{S$X-lcx5vYj
z)m99pjP>yq`xwGlvL&HRM<QSWR#XcSC^NwiYwWL8lVxLIL#Z%As^}t_T`AH>X<Gh;
zH6l7r+>K<}<H83fGE>wTA}UN3_JXXxaQx96&_hsSC{#Qs%h469sX7R0kXTRmj3gz*
z#Lyo~q#1d<DSw5oqSgV&t%{PdCQQW67tSFE3oCJCDToznw%Mt>C%9oz0ctc<jw;>B
zN*Ta0&}lQu<hxthD+!Bd3(k>lt-`5=-oTXLSdt|O;~dysnKM{WxtPMCT8K~zG{*SY
zM=~bSx3xkF%d-YfnxZPurhyp;>nVpUHVVk|bHJFZ>yQw44#UU=f*vd?y4v)~!Rz3u
zHLVQY*fXTp#0m|C`Vtv&r%IdbXmVUWNs^7m%0%*Sp-}eoR9FYyi*R6UuE<~u$N$Z-
znJ$fc3Fa~ql=6AR6cFe~Z_FHdREaBj7dG=c$<n1#+p0-eix>x!MLk85(!B6@6#vXq
zfbauyP^O3!JwdHuGx8j{-@!RqqUXx@_#t$0;nZluRY1vw5xz=<mi%t0rH;li?Ew;H
zXkbxUX>13>+|MLBbuf#{I4H_|`*Cy{9I~k`TI|4g*swFJ96pN!fqdWB_UCjHWA-px
zJPb7lpcv_b0aENUhD@>X8i*R;60v=Z6b^J=Q&tB^F1M@UF0e`X^^$3cZTSAFD%kq?
z9E8LYn5rbG%Z<heIDj<4WVF&)t@hcZ0OA%4x&Z<H0s?4Vz621TAV?2E@fMYdg3Dyk
zdmww{xsiSm)m$J<x_)NeF?-S!lA#ISeeg*UD^Ydk3yLc3pw9_|p+vHtx}@s5s7z!B
zyDoD<K9K2{Q`7!68Y@nP-}+ITtCoL>XM-Q5cG0=|vs2ybmcZ+9)}~xax2p9RL$}R6
z5Xuq4*|J$snwKz{f{UfzGlxt^ACDKQxrJ3Y@QFiwauz<jkX|10v$5a}dT=7S5!x7T
z2D##WmZ+qq>v5GKQtyIbvyWS}ib(8}>IqGFLwn2xl9+1*MA+AL%Va)nq`3&S`8C^7
zIjutl@xw7;e%pVtNe}_gr0xnivCxao7he4dh!;Qqosn<Hc~u8v8jVh2ciNQcoB^o1
zEAoXJGRIH{{_slxx`sFea=Bl{8w?CXGJIL<yb1(MHs(?C6-}rHM!^oMa5B^&G+vFa
zmz9I0h~Ctwpa5%P8RcE0<uZ1RB^*aczd=UYQ*`>X?X<)&ooOc93lm&$#i;||G>s}9
z*GNOOy63zOE)|^>?jl>y4YT&EjpS!hOrV|y18xYU-=ClG6y7bcAa#T>#LD75Sc=@E
zLv{uT09zMclVfzDkPOB!&HYCJsuN5rF?Dv3i>+f#gHy*cd0V<;V~w*3SNN8sLY^wT
z`hd%=Wja`8*|^fwQl<%(pV&`$44|mnI|}|;KtDS<{pjMhmQFXR{l}6Ug=<iFMY@3r
zG*m!405`&(eS?H3EfbhSG$TC6|42N)`ZQe|46@sJJ8$g*p0k@crExZmHg1%r(g}Uz
zJhD!cj#yxttj-=(RShPyd29+=Fb)9P7X(}e0ACd7AmR7=nnJLpbz-+OJTlAkYLT6R
z*v1eN2$Ga-TT=tMT;EuO_*0gjln*f=52|m5Ku?-+%JH{o{$H_%sNQDLU%eGpG&<W-
zOA^TuSU@y61Sz=S7~=I8R0S{saqWYX2OU^FT!7i4dA(j9Ftc9iR$UvnWdV=UrC0pq
zt}up09jry(+pv7rq~2r{WR}slFhRNqU}*c#@#?aKi-LCP30~b0G9>)0e;v6&E9TAq
zmC;tz+PRAh(YdfyBrNPDNVqlQ9ISYOj1{chwF)xY-0~Q-a$V-EXAwW(`D$Qm{Tj(h
zjbv|a%8;PFng-<}c-yk$$RAZ4(Q<aMGvb-Tt+P`-?`;T4)JAPD<Kb#OT8Q(CLCVS=
z*PSs#)~NroA}(APYCEplhiKz61>7O4kvRlB_;(P})?rv9k^v^}>?2t`i(?uwkGU4n
zO#;gZ82u)QFw#4wJ&H=&s%pBOk`<gpDJIAlwSaZ77XC!4u+<=a)s$*@$V5f(aYItL
zZq-605JsHzKbuF~sFEa2OPsK#S;P~1uA-f780qhD9T1i0e%5w`b*B#Ws?L6oF|-ZU
zvU;#a^7Jv<X|6Bg^xNUX1Vi>5GZ3Dyn;DRG*kWA)8!mBGr$ApW;bTxFv{qD)*2X4R
zE{PkLgl!#|?#@kNK(-Or@F3wVVP*HPjk958!WkC`L3}qigeZSeTBD6A(9ku6fHRR_
z8~(&-xu#sNQ2lNr{Ds_?jIF7W!gVX~i8@^clfY&FN>9Qq0z5YJJA|3WuKLWW$cezN
zdyH7O2@;Trl_6sZ02Xsw11`u(b=v7?hc*%zrfyM;Xq;4lmDB0t{1UxKHb2B~yHr^K
zXvT^ltr~MZb$m4<KlNB+rcLj#H5dG*ph$jY3aA_2<0KWvVD5@o+flY18(4N+PG*s)
zqi7yp(TZ1Bzc+>5Ok%4|;ZuqqPOq%1|A<eS1HZx7VaP3}O_)s^Q2==d&O3Nc!O`qE
zIVaSbfD;cVIC-l8H=_$-_W6lfYPhbBb}+Yx1ST3QSO<i{qF)KZfN9D4Td-XGwg|pH
z?^_w}19NL%XeY*feAGGK6v$svU>k@q@FLtIxF869e(4Y!CMS%d@xE07Ttd5FM_}nT
zf5LPPPls+MQTUoeuB?#q534xH(%M7l0@~mwy^vz_0bu5=(>h?p*qrs%Y*yWbyh661
z8j20uHm@4s`+$1*Ul%-t4iZ-R39Dhc7@LxAg$)p5t=J#kA+p%d(PUneOrOX-CfM3)
z*d5qKAVVq+<hG|62hD`u648qnoI#(V)rq0Yu2*|n?Ja*1$=|(QA_wpB&XM!q{^Wg8
zd)B7kpnv95H(tN7+ubgmT=;$_haR)2)1+`tq~GwkpFeJ?kc%zc(T=Cf)pV(AF_doh
zeiXJKwvHisO<(h@ZfL)Vmz<Yp^m@5nZVtnz+IsGGcjrofpFW$~JF2YA5PWUf_V`*|
zH~;Xx4fh)&e%)kQr{hJxc;>wQ-M#zqiu}2p*EtO}o+*1ojm_<RxY*2B3KjbBbvby1
z<XdYD{(AoxJCU6rp}3%cM8s?CoZ0g2IkTLD#az*?Kv1?-Z_Md#vbpZ1BhXf_zY)W1
z{dpc^et)!oeyk}1biU+Zm*Q@f%5t~3bXdFotUsWm@<hjOt$fWclsliV9yb1b`FS3S
zCcg(fg#voJJ6^(netn#JHebDO04{rO4y;{y-@uz|Yg_fw*fj&$x>jFz)psRVFr_eu
zOEmeedFte3nOnLavkR3lb8#}djb4{rU8T3&co~m;&U+9h#==cAQt`^&&me0*e2&gL
zPa02pU5sx}Z!;$6U=fbb^hEbh=(<#<qI5E&J|{de3A#@fW7YoF-Yn+u61-Hmcd>pE
zWSkuF+59Yg+}Nu2YK`H4xc?06QEb1RmEKV7wAqau7pMQU8@|7%(1z-IzScBm1DbXJ
zO(ZV_o!m@pw{toNBd(MrdpH0B_64u6wUy~CpMzxV8{5_A#?T8_ZEK%LNY^NtCOw@y
zU3MATwUyNH`0WjwNu%DmUf?)qQ9yi;uH_^C8~&2@pA;;1qse|r&;^(V+#!p}RmQ>{
z@gF)?C&o%xxSyp;W|`oX`t0BP)`l8c#Jyp0Y$eQMI^U$dub7E9ykEE9@Rf)+ylqaX
z!1O}ne@~B%AbL<y)wAAD2<TwiB8-S-dKhg~lJ`IoXubz;fD{%=WJu$;AL-lWT($)@
z*r+Y&(j{W$Q;KP~Q-(9kuJeUaTpqZ_7JV!)j5b_-&A9+75WPPFw-h@bmOpv{u~9Xy
z-kBU8pF`=ipCekOUv!<l`<wa3p4u-v-va~$5!%pC+20T6VupI&AKAPTwbljiym~f#
zE6=virarya`|xMYct0=i(={W<eE57W_sy8bC()j4d~GK?xfbpxwWAxGPB1Z-fwm*J
z_k>R`y<7qvVFQayjp^-CePL0V=K2^6+0vMe0U8sJ3_{XT;Y=`0lcZ_U(h+OZn-ft?
zo@vk~fW};oK3tO+COLYF^pmucbhR`+rdq~Yre1wICR+wurW?jy(``duqZ)=>hFqqV
z^j;4de4K~ik+byc@`puF6VJQ~U(o*?(B@r8;adM`9A;7fABL8lm9we2&HqrH)ex<4
zmauytIPN@UYdAhO*=5!bQA(}X7stq4)=8~1Qki2m$gPF^touR^Ug>JIMp(ZSA&?3!
zLMg3+QJ7aHtZ3n|epx98!~gwGuBn4IM^VNJvo`31fU`DOYGNc^U46OENwgHhJX`R7
z>Av~s-g!Ccjud;5cCpX;tlS%&t;yeC>c&0c?z7)4N?R#CcvGj-kt|^Z_od6-D*aa<
ze!&uF$dOgk(9Oei{;e>6@&xyK*vM4gq-%%qK-P`W)c{#$O;>#OrtTs;b0R>kT%;6i
zkZ(Yqxjc`~bmt`Sg4Wosu9>^AVC<&nzTrmK+Gg6kb!s5m71lXf02YZvpNO8|QLi{t
zdXQdJ*sVi(D#8~>4T9>84^_lC<{)b$6Dq@ar_oKgnKZrxM5Prmhi(--_1AIY`7e{E
zCSZhPVQt9A2*R?w%Wckpw$i|-W^#L|!dTWszDvGFeMy?Ca2SP+JkO0XvAOA77`gyu
zZ4K9r9aTfdb%cdBB@*)mW52mL3!*qyXJBb?a&hC{D4Nk3PNc30MkbeztiCyAnj9SI
z#NUmVL^f5?ygDo2?4HKNumnB1G0uOHh7?5oEudz2|IMhsF^RtLa<(Dn(kHy0dPX4M
zgf2%mowPcc%1oUzISf;24NjT4W=}*7vx&aM^w{oq;h8+KPG!cF1z8z^b)8i1jPb*;
z;87JXSM`ZyS)+A3k(+`L=U~56!PC3EsTw_+@H;cDI@Qmbtj_KtdR6*wW0WKnn)sMh
z7!UACjb}#WEu=ZTs;n4G`N$a;g?<tEWt}cnKao`k3=35EYz**U@sczul^kyA`B#@F
z{wz|4dQ>Iz;1t<pa&a<S1(}h<ED(GbX25Lc%jix5`3J>LcRwBF{UN(QxNF1B$GgVY
zQ6jM!Qn+o_^fkDlyulx0`&GTDga?GqT}I*vwvj{B6KLU3yh8R8xX4*XisZcg@;Zx>
zD#RZNxb_fXa=Zn05ccIT8gbFkMdG-%zmyPegiz$L#AEzlgNlrXu^{6sC_jVjC-->B
z?vy6)h6)Pp=gG>KRV9Llvseus{!Sp=a0K(UMNtZykvXioEx<j*w;Jz5#nt`EaxD+q
zR}WF`=TDHz&a;#KbIlw#QY<~E;$P#T34iEZ&e4G%@?@t-#@iRq!z;JS&o~8-)kTXl
z8rm1lXOee>P`gojOHqLyY(x41r+krsps9r$Px@Yg+jw>ADnXGD#1349@SB3{yU1S^
zXcQ)yPX<FU`4I2h7<5Sqc5kODhY+6vd4P16glN=02#hcsBGoD5`q(B;A_;buF+bVF
zfM|kT0S6j5UB!f#85#vjC}s>=B3Trj<2)>6OuTR59NJS9ZV{^eNeAg205x7m2+eE_
zbPvRj3Z7?$Uev|ipUWoy;NmY9rw(hUE#Y=pKK45ZtOmp-9+~n%<z83j@fYPTvF&p>
zZ$3d#K??$`cA5)#b4Ss`h=_*#=CTcfpWc;X+?r?8-{0Xl)%aLu)k?@4L~5YT?WBkK
z?oFD|wT=}A)o*mOG;mG$NL@{;y#6S*kZG)yxA;&y{9IShnbioei@t$UB8<*)gQOKe
z21r0&Mqo_{VLJUVWc>L?M8)oojImuG%*1BQ#DrOKB}HMoP$C2Q^1`s-;>yW9>&OKt
zt~h_3Kt3HL_K0Q6B$7slwh&a8nkqKSi1}f?bkX^VK2$Z82=Ve}jv&qh)@|h7m9?tN
z=vkA<q=Bxy+2X2#L(&@212B8nY)(`B2dv!I%AWX#&)<dlocaKi^Fd(narwLc;!c7H
zbDM&5ejFuP{;VL2Frd}}X&(F67+tvZ51>%S%BFd`f6x-#nhNBskXoP&0(~RGo+8w1
zBc8Y`N@pve8Yy6t6WSug;49Qe7Ly^)15fFNYb#Pn8#BM^<Us9h3yk2KuvzuiC|E%j
zFgU5RHtAYMuWdN-bfLqT2Re7J1G~aI2^zNG1hgEE@zAnCyn%pJ%MBXqG>|gCj0CJQ
z(9rQ&XqWjQ!4Il1tcqy~5vYZR@9SL5A@Z{0Y+&gNX8ihrZ+v3Js)wktHf^9;?#-Hw
zgRPclzox*!S?<he;qa=gf|FZx?X!W}5ulmZT*OuDS^nb6NW>G%_OH9?sB2UAIr6}9
z6C&kpZ&TYK?WzKU<zh373z)_2($ADC)yNOa-fkjc1TwRm(Fz8Koc8-iFh7)mf&km&
zOe&hzuF@)_q9bXYN%!+Z+rfpYbRf~{jLMOVI160v$4gpX6|N9(LBzPP6zqk;6tY2$
z)Gp)*xvB?AF%c>c_#Yu_3qKMf6K)L@-ij<j&|2`=E&6MMjW^e;Z8j;_u%sqUbRk`8
zS;Iu~Fdyi)wE^j)tv)@4XCC<=z5a>UPk(@)m`_F{0m~9R9QX4N$r65i4F94x`Z^8<
zGxbNEG{=Py1@>TKpR(2LGtH^7wlk*D1+i<@%6tJu;X%zLD-bpkBP0e>*Ns-y)!H?I
zRNcsD0rlP|{4cuRDY%oc>(`Dov2EM7ZQHh;Ol)gnPHfw@oqufG+4H=+zJqty_ndWg
z^-)*%-M?P<y4GdOK}orcjAuiEX9*e`Xma7?M57zHZQ38SJwYEjUbg5<&{byYhR*uC
z7Ev%>h$CE7EVL5X`?MHr`=E~zNP~(LyTE|&RlZQE^giP4s<^aE*bf*J4yP2@5JS~g
zr`g(H=QO-T4;N{xlV}i_X`l!xk~rPS&uq=|Z4v7>!@#_0yS%5bXly|MMCEuJ7Uw3A
zfz=Tg9L{|c)VfKQqfRtE=$f^64nt|n9ycT(8fwGo4R;h1OJ_?ySa1ssk;7eT>ri>?
zwZsX;!;C2a?d!y1)D}MX(@Iez7>ZCHG50K$5FQZ&%9x#cd8#z*i$JX<-3=ikeR#oR
z{kSoESb0i2D;{88+qiyV=X?Ig4^5KfK>CUNSmeq4co77-Zn$NGak9MzSZng~LU3i%
z6T<ErkG*>_Y<>KaS`wr2CD69%th)u<-iW(;7U+TM0$zPqD9dl{Sip9ZW8#uW&|R62
zS>a>Ms!HK&$^&kZEA0nHz0pjT;YHchleHykcwwjW&$a1=sz*#3vuiDdro0AYHd712
zjpny6QZC9=Pw;T+RVU^Sd)S%bGt;raP_Eg})s#cvzq3V`-3Y}4VU45eMH3A_o)wZ@
zKOlz&4+yZhR~6hv(ye@6S341apPf-O1BWv)yc7J1rpLJ0?dE!aqrJV+9`5I}#@cPK
z<J>G0hZr_z3$Ak4{F<*!6@=_}?Joxbj`p`<oZbher*#DZ&-xdIgFI7bw;PzykDAS&
zA@=QU-HxmHZh`{`J&(tp^cmkD-v>I0+PC%ipXaHL?|@ISOWYa<-H&k_1U`JXDlXN4
z{F9A5?%w+mgh7RXw$3ZapP20Lah+Oy&!30zS=>$b&Z8|Ay;|}(gBMDBTu*bqSq$~j
zpN{V4a)0V~GJD>v{Pyglst5Dh-tOaP?ll|x+Q#mdXK!)MS@wpE`zn-U0DMF0Ths55
z_L2t-WA2<<ING$_hg8_SnTGhiw(zK7-swHZOzmfGR{0DX)6-vhiES_L-*4j@Vg3&b
zzh-l?_?PZ3Z~4y^Q>D!ty!hDjRxM;DtgCXzk1Y;vadN+%;~qYqmG*g<S#B*kyH1ZX
zg9$ord3*#k>dQ%%=DXu@{>c9|Y<A61zkYs$^p5M<=Py#1==l;lyu5PQ{!u#YUzhs9
zd)>Rq`FsO@8+^-raemR@`<dS9{PNKMn(PJeJY5gH#?#vdkU9-+-o#Xji|}xKJN2Ht
z<$}+;+yGoJU(PRDKlePsA$vBT+n$HYR|D{#zD`!!JFmY-7V&OAb)djE^MdF`Rj_h$
zO6~!)7GL;BbqEZj&1>;EjwJR2F#5r(`|Mrt4kJ3Zgyf!32nR^KVIF(io(Q>ptGf*Q
z7f!GWdtf`^F9%k<(T$wp4t@Uwkq@utpJu)^{2>Sjo3}{5ko-|M10Dw^ulQYoH^VP`
z2d`lMhyp<b!|{7uzCbpbqb#p5xcx<%!+M-CK8`Fk9}NFH@wd20Q&++O0Z}3W0TKNF
zZpk>i8yMMI8U5ePZ>Qn+AHi?$VotS=)=8DC^W`fEzYcu;!5G*2y~briqsiN4OjZU$
zYXTPa<jT5IA;Y6lHX~gaB9tpoGQ<GW?_!mENGoW2swQ9<c(Vb)McH>Y)G=3BS;JGo
zi6%0XF~N`LrUo@+uiWP=2f)Ww=gUrR*OyN13v-Of_0x-QDFxp`KV#Y=>>w<?%(+Rw
zDPdwZ3>e9tVHCpXz!``N-2{EfLVweY+_{yEuZ0k4wsa{B`F^6}kT`9le5f}wa*W(Y
z@R=uTLL6j7YDxXPyf`yOn;S2_TnGs_Cq)sJKQI15H1VAwB_nzqcyi}!LN0b|Ny}*R
z8IV%-yDMX6#A)cfCnd`Kn<isLktj1i8vNO~>Yk@^c-dvYB4q+7o(iH2)STE5yby!D
zB5f|b><~*mVu4f!g7L3X!^TKQS%kYYQwZZ<;>z3sI*eE%>*4W36kG`d^@fxg*|c-X
z<DN;;5Gc>O_DOqdq`f5gaawy^QoEEH5dXG+R`!sPZ#k)KDDgAKhDP4*3`vza@uAI?
zI|Kt=Iq@4q_9?Nq${_>!$qrew%8OYNfaX7E%$obM&G@FcsKgq^vMqwCrr=Xhk!O<`
zbYOBh?d*+XPZzya70}FBaG*xX_a`O)-XGJ?CVg?&LIyoi;*U4BT@gdL#gwG^I6Hyj
zW7U52fE4YwgFFwMPR}1I8NjLV4&x`ybWxqP4xcsXf`G1v*a!I=V_q=imog=P;X<s#
zD$f{$>SQ-(q(+-nX>VCK7CY06v{1)P+*L$pnbrk;m`UL*>QdjZqYCviS7KHSw;LEO
z?<<M9eW;cz9NDvmRcoqqNiAc-yJ`^yRyezjP{t1{4`l6PIe`;hAH-k*(cDr#yP%KH
z$|M2EoZwgad2Oe(?{4>y<gqS}Oj|3Ap!XT$G*gxK*+&n0ks$~yrXF5@HRQ#skmWg{
zn`@S_2RC!E%`j*c`>$88lTM#_fcBEhX!VucX$cY;P>ad1VhG9kwXZ;Om##crsnpjS
z4nsE}%w7$~+_kIaYE403PH|yHhUP<Zx-TITX0<qn%B`7!<7=jRE>B|x4Mtf&2Tv{?
zk;F=H>6A>!!0&`)t9!|N<zDRPGN{=t``F!+T*9Vd_5Ok>gp>I&6>nY+%rR9vR?D)z
z=KPhGt&+Az5}j5glUBn!$+fI*VIMTx@DQd5g4Dt2vod2SqM1vh1wxzlt6`w-SC}FU
zx%`yB{V1j~UnG(8{h{z5HGRcqtnnp&jxY26+NnpBKzndbc0+YX*C;Yw4vMstiiT5F
zQ4AVRA1?9pqq<JLlr48yyFrm_*aBSQKmmayuU$Gw>f7{tSZd1%-owmU`Nn5*2*H(M
zvvj7phdCDdH5hd2A3(kH{5%<#t|`3#n`o*aX`^r?k*eKqe2g@l0cp=%WI~4F!8U`?
z9_=D7$<l-dnJPtdsAa=>D1=_&<v7H$Ekx76l^~VSKYQ4g57e-*{_<JL?`o&?2nm)C
znTH-C;qahyqJdn~Nx_`cEpfKRed(gol&aXmbaURnTcXs(*gr-Qw~8qlHJsHdK=Xm3
zD~T#n!|GtRGW)ALR9usj+N7jR#j4D}xipZ)suBh7C!OI!y4e|gj<Z|%^6Y$Iot6*V
zt00oYcrlnACg8W%jh<4$nn@wVTo*aF?EewKAzTaZ4#V>aS)GRPYP!kWA+R~?Mr`U%
zy~6BHX05+jh})u>mI|40h-$UlE)S`Jm$3%4CAEGP+ooy>#-shpaNf`^AZ}-2&^3XQ
zGu(jqTWO`F>M2pNp>=xb7DUWxSh9nN%6JacEQGY`NM4HJjU>GUM5et+zv9C6E-#I6
z7#lVR>wnSjP)*EEpXo~X#}l>yT(+aXIPzK`+Xf`hOBI7KL0t$vyKbI482G?ONJW*x
zf>Eaq2zQ4T26dXW@;HdL&&v)NUQ@|vc$Kon*)mvK9)_kVs0m9LhxWOT%4&45VSTxq
zlu<6|1rO6zkgm@V#nZz*;(`mRHvHh#HuOGgh!&SCj5mGy$2)IL2(u&KEU*9pvx8>{
zP6k%Prt#W04357(no;+c1Tf}jUtK+7bfu<H=pu-u03lzXYNIeiS2xf+&^lN|Fxoq;
zat&}O+Gox_VJp5UKP|lUeTH7>jOn>I*=4YK>J+?N`Qh@$3=NhTZXiY*Cy;}q)@7?&
zG&aqnN$6QR*K5vh4z*};IsI$1bFjkieGM%mAYBfZD#i#kEdQD<{~5aS7NHr%ss_b@
zeuPK3v%}a!NFT<`z{KX@4%`q(Dj*_qb;RH2><Pq(Y3D;b!fuKC!-SJ%^4|oGiU8#V
z<|veJw59Y?8(KUXN`3H#r1NIN>n==nB_HHXwk2~mNk4tw9^NeXa~WIq!*$y!pR`yn
z&b`*xQYm>^`F$U{X1l-KZ<I^nyJ_FDF>3@sRA5;7{{GgJ+VtCQ5aO{L4uvElcmCWr
z1=(C%3U{$74B;o28&>cxZPHhMO=0BxsPf70&q2Bw{KW#7+Y??_J}P;9H`GFn9A8(D
zpHtfmGhSx3z8+fXg}B@v)E!h$$Ajr{v(q`1{s*EC2NyN5>Ak+!i|<7U{LWv87Mr=d
z1PChxJQo}Ex#wT$AJg%(u2*^d9=<Ov54FCIXQ9FI1pf*~mz4OLTG{LM7xU2$y2mfP
zHXo-qJNFC8ksaw7u3noo3@I8d9p>2Z*%farKc-rn<#zF0_&o17tMJem;>Z^r@Y@`V
zVL$b51&1?$t2_qmx6?p=^*i^-S(cZ9b~F<ol^gVc2SvAe4v7wZloz#Y9zWk@2Y6cF
z+i!=>Av>v$QnmoD#{E@>n`-~F{Y3)&&ZEzkij9=}t%I_oKR(|s+vyJgzl&px@YWsw
zcLj>sE)2f!%dtud3xl1-+mC1kh2F1QJ`a2TsxGfSzxKDGV2q!SrPXi%cAIbd%WF7>
z{m=Q7Txo#k?aZqc0F(mLoRVMOSxfwbt#{_FdAioZAMT@UCubEj2T<|vxU+l*tReT@
zMu@v?2WUauZ2>^1Y9Qv5db&)gU!kECP?+4fBKeV=J&J68hRd#)lWjn;Jl^iEl#~79
zY<`CKyKLsAj}CUE_C-_@(!MnW)1DgbpHVpM4?|I0eJK3q5Jf!y*K&E5lOZG%C5*zz
zz7!v0&Ju;J2*}2`8(Ri^21hTU4K_@HBV&UNhpx9&3lvEDq#!R+7h6%X*3LBN*il-t
zH+OQ3UcE0FQP#uQ(5^lTapRWRtM!M$@K%>h@D;rBR{t8<_+74;&IPJ&{@#95GL@x+
zwUzZw|6{CNm=Rl}1!m7p4*$}7AAwyhmHUqZ!>d8>%U5vvr$D5>fj5Eo`JZ+Thh%zr
zh7V4sy3<1xJcQI8f%_4G0N(fc+qp;vh`2bwd;c5JaG9lP7=5irw(a(f=Uwu4;|<l#
z=k8Xg4?Aw<kJjl)ukQ&$=0z6IUwq%wdIPqcpG=!OR(?nw_<nHQu+EH<S-K`jtdK-d
zE+wuCK{ZRV3URhFbhdo)CiLY3^5T5-r7-S!@uhgyCM>uDI!l^=4_cu3+{+xh>o1rB
zXjJjddHEDUDO4dPR1quIP<xTiIeS;gOd*e=kGc4{uTytYrl}vG|DAJdEm|}U{^75f
z|L|9e|C)0h9SuyaTudC?&78gdhlABq^|3{9!~NMV>eOFt0C*4IBg0RK{D~803F)7D
zk}e-&8ilYnHukyN?%3SWZ`Yq>50)Q2L^6yf-@O|%?+XY!1rZJkV}vq{m>>Z|(T6Zk
zNT7su1!Lm(U)}Na96z~!`SKM2tbX~w(fL=~vjd?X27j0M+YR#q)!73Dj#f)63Bi>v
z>uO4t4i;udQgKPyksYN}&0DFBj~5o3M;TX;S}HpU<;>4*&_@`1iU!h5x0TI-w^CNF
zgy6FEU|Ib3W^Ns%{WCUlq&gC+%qqn+onSf;F&82_P{>v>K^<LO5yd@`@~hsQh~7*Z
zpJK||nb^cZaj7^z^g&zGk$nuheAkV<5n4{3WD$z-HHL&b!bnaz*(*6pMw_!m+Lb)i
zoT^G1S}55Cx#BNdQdqB~`haCxp)lIV*k?s{RI*%Dc91hQ1*z$slE1bx3Z?F}WLik}
zJhLjObh%XdelfAR5`lAt5S1`C5gG%NwSW*LsuBoLUeq&q(7<9aBX)m~5Z?X_6{5)%
zqBGcdC{RHoDj06RBWXQ6h-p2d_nvVYbU9Iw2^57PW9{{D4uN0{&Tt`P`ixQno3O5E
zd1az*!K!kVM!aHz54AFR4sGx<d!kv+kf8#_;Ld>~!E9gOr)@qnj^P_n*^BuF#*)Q0
z5>AS3$pSxgG$xsnCbqbBtm=%SA(KqVbtq=A-Kx;Qpy9SRw#P;`;ziC);E?bD@HVbb
zpAYE833T5r*rO+2f>s}9S1gy2i(VguH*Q38Y)hm54ye@5V8^37%u<{z{F8lDEGlgr
z(UU&R-+5jkkQXp1guzh40uP;a_lTTkPzDTRtQnEhFVsyqEs;=EeNz(fz8WmOlmd9$
zS?umxu!}5#%Szm5FE0W@PXg14Fsx0{fAh0_cAf6{)8-&4*M5=wa}NlmE2WS;Hd2yB
z!wJRxdUrIKI}mZDD=?@u+GL{fRpk{v74fQ2g**kwLS!tDb3x-R_4!Xtph`w)>5W8q
z<>C>Zv$?f938s-Qj<jO@r$HqFD#OVfF$&QU47=a_ei%wUxi!lvqugtR*JEVE&U%E9
zQ*K%_#ED!0-zca(H>58!lWL^<zLyQ(cKl`hkDna-7rhJI6gG*Qt$BO~7lM7wowXLr
zy{^P@LmJ-rbhr&vuirGz<PP}7X!Y+8^f%D&5<V4Li-q*KUfOBzldJ|F0X~KRrzkA$
zH$Mug50mO&J{8BgzD5U^xr!Q_zjMC4=gl^sTU%ChC^ZTjH%4r&@d8d?zBeZWeEnvx
zmj{<xOxCjbd}hlI-aQP~JyUxF9M3k{f)`Wubl7E8THc&n3t14xMM`IDV-&U)S}#*V
zJ@h#BE;HPVC!M>Dx7VUU54Q_D5oW)*pl;lTK8#TvB?x4<0=_$6wtMM6lQiIeaQ_bP
zuQcZbnb5an+J1N_Z+>Nouz(;qeGZ1{S&mtgwQOY*yt2uO<+(}>tR0E#f{D^6GsDt?
z_ag^vSNa8fvZJW$<;;2C?q<n_1;$Co3d^fESnHF6T#VV}cwkK4r4&l<p{rSs{erzO
z-&Fl~e?erF;YRd5c#{-QVP?mqE3h>6sb5lOtw5p+ov^$b@tRM&Tg)Ve|GKo8==(UX
zUhUpBueS0-`Da$S)RubOTnRKpwF8u$S-P8FPiMUJuHk5Ux*wbl(>KmV25WuMb+|l>
zHY(#8K$ip5((tQa%N{Ru?6%XpF*FR?mz0)Yw(##B{4fHb+P}RRTH7y@YbP8&<zDq^
zHyu7HxI(Yx7$JH6V;Xgm1jg*WVXq2G7Z%U3T*0Ro{ka8aOEBhAUD5Esb_M?T8vP}(
zR#pTB1QZAh1cduv*XaLm^U?30zz3;!F}a#Y3z8z|Gj`7wD~4{8UuOV`Kx!s0XvqyW
zg!KpYjW)*)OR6+ieuNR_JOwd*0X1w1bhHnMC_$bGFFi#*D-4*~j>Re~hDvr(a9mMZ
z64dH7<2I*hn<7W>%+#Bua<kRJBcQj{0g$D#nmm~aHNd{Hvi?4;ZWo$ID9bE_NXM>r
zoxWr!j0Y_(<wA--e;QH|BRbHKIfYQ(P&^Kfm0k?dAqNv4tOc3eFoCLWOGJjAyuX)U
z3{PGv6)EZp_ly}KdPHhs8vhr9<gOTHYS3BoSC9%b6og!q_=6c6^)RHIh>;F!(o#?+
zatbS%`Lt*ls#=SPrldT1uoD$I1&XrdOtPAqlHD4@#{p+D`m~m`X2F28VscVtQVXzH
ztduq*UJ^n7&et234wiWgis>1|9rJ?Hl%Oa$^GJwP>O)ebrD#z@t`{bYmC_MXnM#W=
z6&<o1^LjDXqpMR;6n4tN-oSDaHUjlsKCX-<LX_!bH4JtN+oYiC0xOrjbLX#rlssB$
zfja1fYX;15j9zZ7-0Iq8WLSj;I~%)KChsG)mz-?e)1>uIAgbJixt!d%Ij)2Sr9`R_
zSQ3CC^!Ll-Z&lu6F+wv+>XM}UpKwGV;ak~B(tmuKdKE=g;MX26t5zp+m_7>tJe7<&
z9)2I(NK)NGE{;0w(2kadxDk^uVMa$&STx&G9AE*Bc}GiAr^kz-2r7A)5WFiXgdrPu
zQ(w#}7g%Sl*HqU<pShm(5T6e&fd~kLnrRI}0i|_@!u>ZfK{H*!JrbCo?>d;(m@OPw
zPriF~iX}DBoa4gJJk4rgZFx+;`bEoANI_FmiJ<ZLiM##nqaFN%t0&f^lBg*bv_^;4
z)*y^V^rrqc@(sljDU%ZYEv4?atRen2^vro*naPMGIQudC5Q*QyKwN!y6~EQ==Kf)a
zrv?ys1&^NK%+%Q^m4CdT{rn5>?=imjHRHJKrQzWS-Wr8JxGTnK*~VTiD1Qu7K^A6T
zZj%qazOZFe>kpfK)9RB^D^(QrZMbBV-31Or6%W-zDrtqOyt#53bV3gN{~|UM&m38B
zYE({cUYp?R6R51s-1|~k49H9#U<DT8T2)fIdrw2nVw%HG)yTs2DFdUI#v3JKo{Hc~
zp@Bfr22w9jK`Q<kPgbqZqY`1yg`}2GWHBMnNR)T7Vn2e&QVy1buA`c*V{$2EnTBXc
zDXz|lMcKm|)P*r$)ySsl(>^wdnqy51_k+YocZYH4rYg$g=$Ontqequa2gQ)}4wL8l
z-SmrD_4SXI;M7ql2cnI^wYhoo;uF95vGaWNJ#cohd4sRP$^E5e8r&@qgb4ayBBw~h
z{<FQ+{CjRSFw5mYb?74`mgWAvVf5$Bh^|66a*9k{&S;E=6iu+G>2YnC>CJz=lrrm$
zC*i~Pyhom%xn<0jFW5?Qc_bCm6hIAWgjDILg52|i%7)c5nnpAh2YruV3S3gw@F9aS
zIFu`|f4EIiUR_0uDwes`;uJ)hWtv<xG0KF0I~9dSIAKJqBe1M)^erVVZF&D)!ICTv
z7}d-@bsb0o(c$b=X<{ERwh%N#;?FtruRxNlc%~`hCQymznWWRsQo>FSvR<`72wwg*
z!mQ~6E#;MuEw~E#%j%XT7U7)$s34_H6-4d57i}nVin5U`mVYF;9;_STzDY2bTwpPK
z8WcnH`SIZP@hA~z`_cq#h^Xx}&E{O?bzcWrrY}nu%o+<SmpM3r(2MYmkX)qH<x+i6
zAIO;H5_YT!*RP}CfM>=2)r2Sg;DGf}IDvSu6s&k@&LU71v&;PVZCC)Aq#AtQI@fzP
z?oTFeRr^0#r1Pa)7~aP!PCbZZa)AkfL|pISZC?8DIqonUsVHdg%59F_>8sOk)RV(}
z*lpXxfsS&X!o6-!;H4J{4}7iXEc~S*Ydd)Vb8csboO4VH%gmZ8-3=Wr_qWfP&2t~X
zH|yhfNwNw?vParyiN!k2$Md)E?hD8F<N8LVS;3bLfxxS)UB%0DwAptN-pBRT?gXC%
zM~^$*W12r9a+~-0ap%6mce{R*55e2TQ$_czztelXz=z&yd-QLIE2>zAE+(W-e<FX+
z!Iou)Zr&H)NyRP`vWC{&p3`nu^S9@Q=<sxQdwi`k@0yXPil6Dm;|_}9<cC__%ugd*
zXPbVW0}6Cmyj~SoXX6hPm2Ne!Tp!4Yur#<IsW?5hZts_sqwekC@&3i6w3{C0r!(+Q
zvy0jecRJ<5&z#a+1Rf4MO0UPcmCDNzu?Kp9kL*?xXlz^_UWMQLoATnh#mwj4(FuFH
zn(O1Gw~MFV-t`AsCxZGV|5yC>wjN}sJ-*J``(377tG(}7PhFcu_&yfk?Ihx9uG|eT
z7@!!U`VbG`?;sU;dc8^`UN7}s*L&!Y=>X`SuWNL<&z$7-2JavSd!!nC+ibsLq<&~9
zTvGG5d~6M?fX!Ej-1daUepxd;L%)R1&fy4djo|O=SF%4!o6O3I|IDzuZh;<&S8a2;
zXy)xySW$POToknxg~=L$#F8F(3XW(Qf0R#(5ae>*j<;i-)O2ao$zhMcyY}*u#)_t-
zWV-)CQGFKS<kLgMiWywBc2rG;T!3GDO|4ak#KpHaKqlzRUJ-Dt-&K%&J=PXG<XhOa
zv&1LoeupGs%+dz@>OCmpIqCLXcuzCD*m}`AaTxvSxspHGS!>vjeWa<C!`GSK#?JY6
zGS=yj)cc+u7SOzVUQU0fe{%nMKi>Z;xY2zr)0vyx7Jc~we@1y|*#NwnUZph-K+b+&
zO}$G5aK9M7&g~)Wz;XV3Z6^}g?R-av#rKHn$A7p5Ud9dG1q9pg?;UVlLj?T?yP@6?
zTb;M>$bFuJb0yi9<(U6<CiZCJO0zBRvB>wx@+i$MJNXF2Cn<4i<bB%vzr#%h46tbx
z1Q3wzzkoyj-@=Wtk+YeBiG!V^m95$T{C}#cAt<7*;_Y;M)V1Ocbn2ig2itNb5k}BQ
zK$W=x$BRTo1z471J!#rw=(cV0y*$HL4XTpjCB(q}WinzJS|g81wp0eg(OJYyk+o(a
zBeQ}ch7VrB%#mNtkmQd1>vyAx-N^#zcIbWS2Ke;8`1sWNE~e=Q)kT(EC&7_<%Ml4B
z5Fmmjb_*t-gH7Ws5$i8W>*rxZP56&f(=^CKvau0IC!t3@StaGmJZrf~O7Q9<irr-Q
z7qV-KE}yH2jjs@%?d0d*7%P?q<`X98hmy|ISi%)xZXpdg1^aUqhg;glL4DVWhLawm
zxT+OdP#~Gb4s`dJ&liRnBc-NDR$;FwNqlZ`vuau8e=0|#CJ5hAS{EHIb_+9NN@utc
zo~NdIrwShwB8ipjLw&euBh5wR?<V5{P8|Nq|Ed0CtC{{q6h6xUEzNm4j3wUaqpCD7
z3zOT=@ByZ$j@Ff1r+{Fi98+vnfo@Q14J`B`ZeVP-e35=(Y{BLuh&Jd?)zP9U_3%qt
zgjoKW2<tfFykQHsm%)T0T$?_;LLyq2$acEH;1N0#6QdevNAWk|#N2?QoI`%5u<^4O
zR(~X-j4-Hn_F01I0ny>_)EC4)Ln_JJz`g2x6l4gAdPL{CY%|_W$Xi%PWY}@6uHklq
zBwt}R?3S6bzfftAZ=c+TOUel}Fv0tbhBCnYx3Ulc_?SXbM_vg-7K~kx9j~2zYZ6Y&
zmf}TO#MXDV_~?W)5cS|~xLCfr$c%B~a#&rdd&z-==aS6tRPK564xtZ(xwa8O+o5dv
zV2m}s<Dux`;ylbTN>O}K;lp2n{WVrmR}y$RxY1{dtW1_$1-q1o5zgrOLsjx)3CnND
zf!kp6Y;jMfDUI~;i-U$DTL^sg7HlFb*dnQcu-MILfm;@9b34NY(-;2j2z5@hrbbkO
z^sSRY4SRt`F1Dtn<3*D0ptN_A&c@{c!nwXtDCY<dkl;0_n}ni9WYW?*eNnX)h;bfq
zfg~0ptKiTFTp+Y^uzbEoCe$V_a~uk33J5#Md(QhCU<ljgX1lhr3s9l0{SFo=p#CU9
z;-TFQ5=}(Q5Y7i(!)<%-V<OUwTrT)2mP5ubc^3BPDG5zOXIzT)nB<__F_CxSWPzvz
z>w7UMtG|HI1f%nK5?-To7u<_zqy|~MS^*pv4;fa2o$M2)MuGmr*GLJ;0L$#@Lv<GV
z<1}h538yh=(VM16`!#3fKZp5CKK0Wz7O}asOE{5xP4gV=Ro^1R1A9^P)1l#UZrs~5
zF@t%3;dN!`zp0yEmY4RPiDs8DZde_psjJ`3X7iqp)7-DMn%~afDt(WhCsOHtPc<d3
znH&w`wf1XDt8XM$<<z19Sos~^Pg89i_`3bZpCy=GK#OkpEM*jMJ`XKacp9*S-!2fc
zd*(Mv1w1bL-Z&b!0l2mX?bU+S9~Ng9QrD47X*uCNzOg*c-WLkj&${QlooP8*O>VBo
zruS#fy?{$wKyN56#R&b?Pn+D5bPK;*EazwcqPND80PUI2z7MtZ4)AJ+I|gek=?JL{
zi$d3QOflPf4*i)a4qFTNy!P1zAj`IPjO#^gCG=#oA_;;Up04x5N$HT`_g>clf&O)S
zhR1Q|n}mInymRyo2Ypyx+qb!bm-^ZGw9E;+K7$uOXNG4>1;>+cjoYsI#K(ka+sm<r
z-#DDeV$Ji=c>SGOvfj-~h)%CP9&aa!<L6bJgG89lV6e)@>xK^Ca+}G_@6$l$p5e2m
z>Ph4zl0y$;5~BFAyvb)V0Kx5RiNE9Zu^%MEt&ozU;AWzM#jdl~pndj;?Uz80!HSFh
zbTUF*&bzbPPIBu=6uiR<KOb4eqy^0L)MvQw#mMSG*_c{|LzY*X(=^L8dfI76*oI*z
zLEf_-dLmF_LXd$ZIPy;6W<V@t^}(N;-q%eG1={wl2sqcACYgvaYt85l(E)akC$Y{e
z=itJ^%|@~0^CAe^Z@^ElAUk_nwZ{2f>-@LCFEpWanhx&Fh>TR3bcSgg(v@Ylu`-S=
z{aAk<ZEp?SPs(dvj2r)>w2$sM8ivn*rG>t<L(s=chsWN{si`JXe|+D5|Lc+gi=<BL
zZ{LsA=GDr|Z_nDo+18J93$^Te#;mgUmNh5);l?-?j({D$ak(b_o~54Sr>TSe$lsAj
z3JV^+5ufLOa#dsme1OtUOcD0^lF?k_5r>CfW{Dp@C{Ev8VY&lnN*+$pT!Fij^u=ob
z28cd9a(86c<Z~=!onm{#3H`tG23=#9uKA$<>3IL~p8vJ6z{J+f$o~HpTGioFP?phh
z$7R`X%#x4nke|c#*0hrJ()Aj$%z|m7`!)qY+Jr+&jz%*>rftWPOb1A{RyJTjo=PQt
zQ^PF2H{us)i-}dYXiw$^*u~ok$y)*YgtSQOR1))nS2thzB}++7b8)x;JpO&^cwTn?
zu>4A+w>jbTQBeqZaob);%fYqq4m)W3hOX#hFAQ5ax3r`rl2A70MVsAks)!jWYRII*
zQa+MYr=M<Q*1EMzv}9E!%t(3qTc(UIRf@vF<j9$uz`{8jH=-sZI};YhE<WASlA!)e
z`U2I=Z=~i}xj>RQ(I8TbjiRV5d!{ZYf~tgAN()zMpX!$m*}l#Eh$k^Os!|b%t;=D_
zuI*X^ma@1R8p5cGQkdz~V4|pai;y(Qy`p;fP*c+QMi?3!)_9nyn%YuQ8#2gp60iAk
z@>02{q}1O%Nj8(o;CoH=Skt);NpbV_#Ls!!N=14c1=A^O=3@Btn&{#}Ah9LQ5oly7
z&9DU|HWCT9m}Rz{2#W@+DHs-PsYBCfrDo=^I^$DIaZ@YJr*0y3lx!I>vo;<sYh^PR
z2-OC2z47cxO6wL>(uM|XV>Fsh<#bPLO(ZP!q?BYEvu4(EQI`b5K^apvB&lKYI+y5O
z>YG&Nrnl}$qS@G<7Wdj&nufCZjSys%3?ZtRMHuib#%vilvjb_E5vrugG4t*@b_Z2p
zqzEsbF0p8=;b?b;afX^~E0b2t3F-n#bt&g=Y1Ly+C*0#S$G1F)W6-QVl-LYh6=;Ta
zsDdC#(CmCE^Z})QDX~5HfqrS?AqjNJnLupBG8IQh`JK`?**Ln8QZu79_A;ekiDh#V
zkl=Kb$elLN7s9I-LA4UQpL{`wXGjtGp+s{Nu8^VkLUgu?zP1({14<jKLh&7Eh75k2
zQsC(=>&US3279eZXD?o|z6s^mO$m%}h^6fIi3_(9>?$^)Dm;dX?!p^A7@sbm464fi
zIHYARe%ym&|7Zo3ctny<bLtK&f>ZaD=%ZX`0TmuvWu8Bs@c=ELIIS^Gv`?nU_g|)X
z0+SJ+oGuK4@9=5lq&C$~4Yqm%ctV9lAZN$~t%At;!iB+{Z=l%J2A3xYHvOR>0kR_S
z$%EQ5uZ^O_UqRziph@{eC&*_&0YW15P%BFKNH`@;BE|L?Zr+4gaB@uvgG&d0zu~Ec
z<u3(Y=JXM^oZ-~^TD%8H!efJRsp$?gYVdD=yQYR_hX#n!JMubPmtnWT^|_@=_2rln
zMNG9Qpmy|;o+c)1S8gwz1tkp}V@D&THflKn^TP#dM~C35I<f#IHMRh;V=*G;f{2xq
zrqJGUfg1Ov<{^xa7ezY4Zt+yiDdOSs<H6V3)@wkkGq6D;)&^Bs1$I~wLNO!bo*82V
zk+-Z>h6-Y8+Ri98e+x*7JmoWs>?_5>kxx@uTT&;`<kMq2lR&Et05@Yp7FX`2QK*FH
zJIO#*?9Zq0!rXDQ`+5rsFY_j`9{wJ?B#b}jxx(*HgHMaz29ae_9k?pM^UqM&zyaTA
z9<p#iJcfFP$f&peP^GEw^kQ8;g-apZkokDrDfT)vUkt+5^nUXnl>1wdqQ`wMlKkjN
zGGtR$8a#~zn;Ov0{}GJcF@Y@JOsi5VStMv1B&}dBY8cu5ehU1DPsAgkF6{5o*<|_T
zv}7TF#w299fIt>LQj)P%L{J|&ir43}_(~u|1YH;e8@l-dHv#-ZpOK2EYpOds^&%Xb
zO^`*@e5q9#RzCizpi87_?VeI}m^RQE_=0Qj;qpM>Bk;n8l>^FdD##J)o)X2|Ml{Gp
z_BTGIeEGD)3yi#xmpYy)L#fy}tL~fKuCyUY2GmIKpML2+*)Rswy|un-!;%r7nwai`
z7|y{-xE|0ct6M!o6u2(rstU<~q~8kvN<1Ml5HqZ${!+<r_KXTj_OW3BXqw5191mG=
z(;zdS>UHeFgFEwABRlYny?ZRafBW;mSFCoy^Y&c&YM5NtcG@9I6;aejy$oB3@w5+L
zSp0u5FGAxQKiW3t%2<47%H-@4*_nOk=Zyccz4XJb5HY^qaK0S{{i&DhslhVw^`+|(
z4-h+cRlnF4-azkYvyzzt?eTqfdwl$pDy%5Jeka%Rf0PXY=GxzU?mXs7Dh~##u65vN
z)6;&e0(v=?UKi3@1AKkIO?tg;ig!o^?iRC5ZVcMS2ESPGH<VhK*Uf!wCWkFw&&CB3
zb~v#)nNEhi>KEgC8xH@9JW!hi$c*+TX}zBpNI<l9f6w}0j3!4O;H3Gte609A`%RxH
z^n87G6X<O&KRVi73trvqbQ|)ld7CRt##8$T97e}w+2a8C9hRTz*e3s0wF7+rx?c|u
ze^dl~<QV`uPHIgrk05QH%T_Oa-nQNw6=d7&+@@z6&L+EGmIA)d9~Tb{R1&t>O<ErA
zI{{oh-m4zTCIq?La~S$f9PR$*tC`0f^iSK()SnxG&Q)1#03Tgoo_5RKA^G<nnd@?l
zK#i;(XRmnsXY>Vu!5P12`jONHotq85_WfFKF3-bw^a+60#<rZYy6p3H25`y0%0Jh9
zzeX}h^X&iHAEp6;Fd~rAU19(8y!ovEemHw<r=YDnO8>4?O8a^FP15L{p1S>Y$&$C@
zc?JDLE`P=2>Me+6%=Z;`hx>@dXZ@ud5bdMAHM%|`yBs{t$jLU6JJ7gh_(~tF;W=|2
z^G3YAUInxIxB`|{<@T47BF0?Vw!ajrwes!bIM0FSX)Y>0tTK1!nv-b&%CowQo*7%i
zxk5hLx$IW0CS2yAKBaJ?fJqI11se9VcNPF8z`W2&`Oo;b{Vos%-c!VK3*4H^GHZQh
znZq>jR2@4^l(~r=^0PULpW*f5bfJ`2{WBl`ZqWI)b*=D0AVpu<g>vI}-d7MiBV&Rx
zQ|gh9?^Wj_an!2O^>)|2_Yw@s@MW^sQves>>CjiY+~f$F=aEYA$4lXDGT`lfhNVXZ
z;Cu48(yqYDhqe8)Rc-*G`?JH^;WwH~(9-h~I=5%%mCI*)yZ$R3>3YI}U-OrXBY4da
z{#GE46N>!^T^m}f5kYRG#hyGb<m~WO8|2Hrm?x8d9ONC$r&<?s?Lg%nw(mcIClvk&
zQy08JJmjsLC$xT4a2u!y#?Sww&@}a%8}i`%r_j^|0wViwm4<&s20I6P16MN_*Z;|1
zzM7jZn=5}Pz@&MDyhtVU$pD~PuJ$l?n#RWKamJd+a+{H6WX}6rR1sigBc%O6`F31R
z2b3Hq3rliYcJocmr5^~Utcx$Q7A+2)$$o1m(|Nn&Q$1IM-#wrS#A+UVB#0;3H@>R?
zkKeQU-e;P$&&T_=-&4aZ-;;~=n6snC%GRYewVL+zXZkd0+1}e$sD7Id2g~Bi@jP+>
z9NUhWX6tqL?%zo^Iz8PaUAu3d3ff1`^>TA3x>qzj*iQA>Yc0C7^cZv=%NMnpY_szF
z#ah+tVx>wt6fM)*%fW$an+*Dm)^t4Aot~;VXcmkqN-pYVpJK>aX}!mA-udu=fo<ny
zImGaVCuf84^elUwezwu}^DB29IOSWs&O;0-n#y%pg?+iv2gtLG%cu9rXK5QYr)hT$
z+%j#at&SrMyH&TXezZzmXYADTbIsw3744cUG^bi6yQ(k`HldZyRfgx0LX=Hv5BW@Y
ztG1nrw`Fo&qM7dB6)II~8W6(epe;I$*p&;Sy|?kYt(l++1`VH14&DFia5d<Db2|7j
z&*Kt1K=`+VhLuV!G|ORn<}_&*$u^qc@D7@8Jl}CDc0*Rf5i~h)hDV$BTQ0f+@|R0<
zPNJ%|Z_Ak+TWOFu((*2TeLX_hPn}PNI!Y62HqF2k>M}4v3)bjTaT{?k|72EDl&bU~
zQfj4paBFG-)9ze_V4iCQB1t)~tXcYnsthQXVZN)@o`;AX7gU}!>p(e+xW$C1G;^)J
zhlKjjm<ptWM7&5>=WM^Dtcz4_Qm;6@d<kI*Nq&>P{tZ}m)1LOPReQ3-8j{*WZCk$2
z@g8XIUu_I;b#=4@=-pr_wC}w_-y;#Hm3a^7fd)ba<~{;h5omWrxHsfbG)XR9;<#^z
zd7%~9f*dc@!k%8&;ou9Btw>dZ|3fIwbZ97~2$1YgF?#LWV}+!-ej7sI?~^$#>r*fw
zq<uCkF6Qjvq-YD#jvJ-8_^sOlhC)EB+j`AYZL3B0tJj;g=M5Y-pporUKj-n$_k9&+
z)kQJz$@n_OiBN&%RISqxmc%0|4g2)6?9m4~Dcv^p;ONZhPDK!Li!tg2z-qN)pNzrG
z!6#4A0w0Od2S_GXyrB|MJfYln+l+`N2bO{A%Q~3bDg?Evqf9~Yt!8mxnu`YnODK@I
z45&Qz85dNDtt{F$5F^MQ%HgSrz}Hz2@tH`Sm_kYnE>ZcTIGxQTz@7bm<2qzOb*_kz
z_4<sHpoY`Hcx_X+%TF{?yC0?+`>;s0wCItgdQ9ncc-}1t-#PoA-2+WE;v5lyC_pab
z+d#TNYBmATf}$yqWplZ>STLE%B$SBJcw|zkoi>>_FxPvWs(SaACYp(qfT^#xztP2f
zEVi``>Z210Hf1Hs8!%|-86DW9*Ic(k7Lg@P5V{$qhW|)Q4QiANqiK{?MKnGCM>YP}
zRrPl5$+}v%VavH|iMC^qNW&?0N+vL4V(pflOXL}@t@^Z`%qUnKFI-<(?~MG?daH_E
z#g&+G)vc*02TSv^jOR#w8eJ3T5;0y?J2ok>*slosW$oxLNo7;IJOK*}5xpd{%(W2C
zeMS1jPFYW+HaMZOWjlsDWLxuTwb-_oQfa)-P{OWAgiNOyTm8a}w9(<_QOCaMRF!)8
zy0ExK$DHXrwW^zGiOZ{1t@(>nS~zsMx{^I#ZBKu(V~5hXr;NDl?oCDmJ&c%aULmn;
z2fkL#p|`Y<q`$0tUBk_DDSa^KISR-oeY5iKk<m3~l={vxb%MdlhSOgVB&~r#v<(tP
z1N>`w=SvBo?rRX~J^A(f>crDHs3c3zFE*Ru8mcAze=o3Op-cDLy(pD%8eCXh#rp+l
zS?8%z)t0l^7qF=!4jSu)b$Q$Is!h~MEohMqyS3;#efxzR0h6vm3jiAEU<GEpMm_4O
z;$&VEX~3_EMfG)=J2P-u^oL$+`=U*8t%zb;iHtSAB1h9HJJXI0Vn80PG;Z;@xyKFT
zYN=I&i9UaeBOJO-Pmn*wPqQyh-rS~SYI9`XM2n=8W)sKW7UW?+AA=(YG$zlTgbLdY
z3C4JUH(@*OLUM?S$ha+8v?LS!=f(@uYs|;PT?ZR)T8tvR0b$bc7QlRD_)K(0pp-y9
z+5k<eh{tyJQ)Js&(#q{#rJzYetmxDDqo^J)51nbU9^h|o8r}dl9@qcT(7lY~sv{j^
z;nN{|lB9|^`}{aRBL$e6s<~80xruxf+^(rzyUw+Jkp=p(2mhDCk_TLPIyPLojx~?!
zubL9QPTxa{%06zU+~Jh)=se7PO2=mU`!5Cl6t}{<+F`Y&Sj5ecV#8BQS=rHUeyPnt
ztJ0!pxlFjzx_<`TRg4S-1oXEq2OM~aDT6jUJSI?|NvW|NdFGEU+v=HRdaJL(B!hF+
zq8V%V<Xd~5J~EyfEtn+YPd-{&I~$TNWl-6e>-H3lfUp!)RuE;_qME8COPFMuf<^lk
z0m_oNOa;}+HRCEjomfa9<+^0&j$kEO`mfq%dV5xrp5QE5X)38$$RIsXD*X3#-VR$E
z_-RI2U0CeC<>0R=U<Y4C`N;y9?Y}?o|I*P3|5g%7PMeMiv-x^AfGd~6X$}6sFg>$(
ze95NWM(7DA?s)u4D9>_+XPzFgo4%CEilT-TAcb9=vNGSR!Trpb!<f#-{Y+6zm*Ya?
zl^n`6x1LZPSv0qwQFXUEWc^Ey{*Sh(jp<>^Qera>r?Dli`I#N+9mfgExV~IIg~u(v
z0RD%4uz*v&2vsCzw7EkvMVR~v0(D)E$XPaPW8kl_UO-5IFS#xg_cWo{mP{NKS0?!r
z7(1Uj_Dm4^{9?wE+-Xt<jDxXdX8fSi=l&E+{o#7npHP!5X6vCl8<+gBXW9Z8Jsx-k
z4ii_&O+-u(t^)(G`P)En@-fCC+Lkxa?=eAfw+bEM3`7A*NvbO%+s1Bh@BC!JPt3$@
z3zq8*maQ;-s}vb4$`jItf{X*F#>iIYil~zcof~wcd|y^0B@1d05<gD_GUhG}`i}Q&
zjcDy5g1Y_=#TWKGCiEPL-6}ZVs+5(V{X4kuL2p8+M}lkUh1#k|Vf^-M!pL9HxKsXi
z`z-l&(PFW_e7%V~JeJFLs{eg>y?t%rGFy8h{e9uBq{&>qzwa@~U&FX_ntxi><PXv$
zUjjV8iH<Lb`>XoT{#Q8{R@~HNKK&=q{a}!9tu-d99+{pbLYc3w@rUa6SZU<Bgd!hx
z*|W#9|G<uk@r@udqU5NC2?#@dAYblWF9mccBy&WrWSM{<OBdspy{vIO*rgOFWu=TP
z0*O7fgdj)aTtN0Nq}dUrE-y$cf2v{tauhnIb6^?*sk<T}X_n$2?|6ZzkPw}N%7_y2
zM4qI%b;&q_r0G~j>2MHt)TW}ncywS&HA9l!2#`BLHnm+Tl+H{<AJ|SqibL5TgNfa6
zXzuV)xg$~qhufH;1!Ahdea;k#$e+%z#dTC9hxp_@&Hz<@e(<UWrNAdGM80WQ6xR3w
zkbwykU>}H@3}AJ9g^>h|(SD~(umF%UFJX2=Y{jC|-}qZO<`6jHKe<3ydj8CY6pnAO
z^a`R!(K({)6G;+E18Y>Y=!O}ZyuW5Tr&P63hp23yvV4~l)>MGAfYZ4g$Hl?Z`6!sr
zpi(%A^J$`QbHw>^>RJp=8uR%<xRnnq`(zn2!nH<NIgVJIz0bh};0|-p$Fe~0(_sC*
zua|HI_-39dz5Hdl`tsCg_G<%sT|Tjncm-;7cNZrfK11$71j=;}OH;tVtDGZeDWgBR
zBJr}0OVej)Q@dyd^tjbPN{@u{6yUvmt?LF{kh8LPOS?hD)}}BtrHh6z0|$_^U=-ZL
zC`|My+HXyHdDoZS?p;r={uI~S(hn<vO_fho;6J0N1gFpRbu%=5{F*qy68<8_mhH&T
z7Rizx9dw?BYdiK-HW;CEp*Eu@!fuQhxn{q6yBb>T9&#Zqlk+v=xr@}_f3x2|X+_Dq
zB%AR->8;CoRb{wax8IN6jLf?tqjyDNu%*a7BjaC{^R?o+bLk#B>5Rnqcllq<zn#QZ
z$FEA~&w^(`6VH;DvVHVGwK9aca)qCPjkMa}#8tWw+Yg00*+nS=;pj6b>|R2~|5`m7
zwh29fBj<+V7iOO)8u}R!&%lXuFp3|PaN66{dY{LP-vo<SL4tZ`cTdhXygJeVhZbaM
z8W<+5IfT}CUFdFq8uzs<IdWX)!HT-Hp<=!9yPjn(KcBxs9e+S5%cS@S>SP$-*$%IM
z)fqD^csU7KoU&tpJ`>CD42^>v3CQ6(gpv%&KnL?VXB#AKy7@te^~Pxf8T3X7yFxD~
zhZI_LiOo~i`GLz>7GNwiF-cF>6)BclL<4uiYKgUd4_kd(t5VnGtLmQ7|I06`x>yF{
z&%GfqcMT0w28nAjFb2l&%2bo-(tJYxO2%!jUga3%41>Us1X1M}MBmN|>No>}#kVwi
zRG$bQ`ts-G(3Evw#*D#)C16q-mOy9Zz9k}_`Qf+AS0NfLn|Ic63}JVjxIs_Nf!z@C
zsY0LL3v&{I%dk{(q_reS--El8U`1v@^Eg?ba*^G@?eSwQpLCJkR?kGw4sNkb4!bje
za<Ujhd68nfTQ5)}e%5|KoI@eaT;0eHe}6RPw>oF5tfP#IZKi(NeF<<3M}J8%eWjNf
zTk6c@nXA5*Oevwp4eDU)9OvTRCnh~JNP!CYFoZA>AHGyT)*s6>WE$a^uJs;$ROB8C
zXeT-blR}LZR=J^JddoN06!^(okp9i6T>^##J`BeO<T^9X8i*OP;M#<E^)U&vk{P?m
zRJjtO;3;;raDN)$M!_9cvKH_7TDdcr0dYv1ak1nseg|tV7ikheDU0!#wh*%}iN?%i
zr8%pAis5OIF+=vU7FV_lsJV&%r-$dM;VBV|A=(^2`hbuupmO&mE`w(w1Th#OI#&s-
z6Rgj#4=B)r-ba$n)T?OwZp$B@N=MeY3DLQ$Q^p&ZQL9jea7cKAWBxfOua&yAR?W9o
zJilS-qOZqxCsi-aGL)J+&tT6DT!Uy!h|URQ%O7{MWh-r`D00nBWU^GGa3y?|3jQD+
zDFy!6&TFTs_uw&f*iWM&K0azA$;vv^4)B?F9>`pV(L_mFaXQgfw!^Tjkl_$|q_1Gf
zHM+?mhE6fMyPX@}W9_B?5nG9Sz;R?d&mM*HMefW!;5a<Z3f@L^<I=8zoC@!InWM8O
zha-_@idi8JFW+w!7T6&Mbx0%tY#!doTz1zW5Km;ibP5F2?9D)?07FopG|NM{2KY7T
z7|P9jiS^Zp1iu*FL+*njVjqIIgTnub;D!>q4m%~B=Qukjp7zSnJsY&g8{oHz_vUcA
zq6!X>-SC&)*x5NGkiKO13!XRSOCrI}F}qv5HhS!z5GYvldu92NG$uHH6~{d?SqjO-
zxteK`%%R%&lw3A>lg;aEghm0NkkeNn70^PBkHxo+zL{g5DBOyV1Yp;_7=1!Aem7cu
zhti(o)}<n$U7$zAyT0wJcSe5`H{H`Hf6_GE&yfG<8hc1qw?%*kzF--@x371<6ORg{
zx_rv)h6%ow%$)|;ZTN%N6wfn&y5nH`LB;m;jNVwki!+D8ej&<#r~7<r>`8=g)!sYI
zfd`Pqbp7IgeRJz$cXR>u{2<T%`#WDYLjPU!OR@<l(U(Bvr|9L?f#;_*@Ic{TyM0J+
zzlM3pG{7+V?<HU#<jWtYPJw9Gqzpo>hiuu^PhCZ2fFduFNPrf`PbD#*$0<3$BM7qW
zROlt$QqZ8VzpcGLARJ*1Aam(KD9iva%8)i64V=yjGan$lb|dx-u`3S$F4D(OL8nOH
zn{^x@T_l++HG2Zps!~`!Gnm1UA0uRdi)Ffp;S~IH!S^kJmFnh-RP`+>n42zf4Eju#
z;6f`qMzz434lkh4qm#0h=lqFqR%|4mlhfnW0|JmbC%{s2>4o9?(Q^Dt`}uDyTuN{+
z*a_7_ly#M~%@9^B%{iLUwe`UK3&^t@;FJ{6Igj6>`Sl0*Ke9?&EiXe<v6Vb|1SutX
z5ehy`!MHH|W;0sL93f<QD`qKfL`m`BR!de&{EMg{41Fm4Dhim>mQFxWbjJ>{=Uz?J
znD^fA39|5fLPGrrj0XG<A2mME%TWRruNw`un=0>GYvcx=3Enh3!>v+{jI@z!7LSal
z7PM2Lt{wNFK(}AC`|Ws~V5*3fkXz8WTt7ENS^CQT4v(zttxGKUb8BBjohV~+g7}iJ
z`d(YDNj=H;GPrpF(>HH+Q;%UjlepSZKmKWA-pX*>u%Uf*FJ4oYgO)o60jpFBv~J6m
zyL@|>(t+?1$W%;iHF&K?L;nB)v*yOwaNpQ35>pS6kLi{Xd}+^?1^Ehx{!G=eYpRMK
zwF-Hmr~d<TK#jkj_fj2_>e<G_Qk@5N538j#vmER1mFkkD?ooL7NXY&Ib+<v?qx-14
zNvZp*QkTIBf-^~<kATMiEAu=UF|IYz`nNKBUgYm=Wx!)a10E~*o6@Iwv5?In3)-2+
z6ETfF9<uwO{&rJiPb5sUs2L*vPMSkDH*Om93KHT_eLur;%zrXu4`AsXAm`CiTJs<#
zKjRq-^g+6@pwgdjJhju9ud%00J60F4gX3z8%=aT=0alFAHTHDK{sB?bA?leb;{|<~
zZaLM)LTj*PEUffx<5|ymPGis3Sg}mnSeW5=)>vi^RF2;@#CTp~&+Tud#<E*Lwd~Z`
z^Zrg9>K6KrUJ3&>_CnTpTKDG@_|K3%1l==`07UIYiW<-tXB#hBAbpGGycDvBn{1ZS
z*vlb%1hZ#i_M!pCt9rt;X)joa%cJo9HTb=xvUR@k%1&c3zra|mu~!PtF7^X<hy`w%
zi6lH$W-~`3pc!N%8L!SZUXJuHfjo-LzeDyo^vyzKUMmFoi89l!Hs00;;$zq7G0W$(
zp#RA-ds&t7mJFUSmRf@>V`*h;`-#Tu?c0nu+MjK_sj=77#!@F>7UCgodPDJt`uqX~
zyr}@BPVsMn*Lgpm-wiDns0}a=8=xl)S_++H<J&N)0e{~K*;BCf9t^#kh?yaqFAaSU
zhQ3!Yv>xjhz|aHQv7>Yt5rdBRFq76V3)$0HAL3NJpP=oXk_X@NEgZH+EPMtF)5a>Y
zCk|Q7fSv^;H>Tw~n3a#9wDCcl_e&ce(p;RJXy-qNpbs!TS)Zl^I?^T$_&`lGy%-fJ
z-W<f$ns%P?DUA6rZ7h$|uqlW0Sh)A_a&D|(wr&Yy1<r^{upP4JaSS(*U9c`G=VH&S
zs4`Z{1Z9nt4mVaZ+sX)IWu~xb;r<q_#5Qqtd6ZXiW3|$?+A?jkPRDsI*s=z;tR_yL
z^a%JUWG^75_kvuLuo2TFMbkl;{uwvL0ke&@x;@1&v1)V^CvL4X5Fgw0yc#E#sd3C)
z<Z+H{O6n*-RBZl*%J5mWu^x$CuVc1})s~#u7$lKrNPkgHS%)d>DEB5b#2nHMDGsXC
zOL0%Uq@+%>k(!tHpPIE5Hon(EAnlO#&`p0o4%s4jbtHnbfg2kU5$yPljuG>13Q3(s
z4!%-`PL!t@sfN=WSW@K1;+Y*c9tOzMxESR#QjU2=?Vp6~Rp|K(qW5Vc=7nsDa%&UZ
z+EjE4y8gX?>o;Kq*}FMpuR+dVAqT5BBg&f{yAa|*8Dn#0E6*ESc%!k6HyhhDwuKv8
znVoA9#?}_!a{OEdIV$yyFEzF`;pHig$Yd@xZgQkFi9MTgLiRe&W);+I!z}a?b%b)T
z@C{U_?bI=*M=Mf6(vM@so6(BTL-rPI{2Na1c2#M{%_)RuDZ&%7x0%VRQKr5K**lmy
z2hH-!D&uP>k@tr=wOLY@k?pG%`ra)wSzmP=h_TtgwDFZ5u*1r;a{N7v4=NlNA3S#c
zFKOc&eF}C&$d+OFNRpV17&%vU&}DI3v?n&HQ@?v3!ZSDwm|d4GA%W%DX|}BfQjxcD
zl@!`cUr{rvEm6zMYeV({&GWO4v?fDm2Z7FO?CY%Yg+tMoq5oE6-@r^t=Z=tlhyct*
z0KTm<zTbZUmhT;a<rIKwV;A<#E>#NYz<I_ls?xhE{VB#y?ik-`Z0F&|E~kWQ8Oc}y
z8J<i6BDA95wz{^ggvcXg4M<6!Q`1aOq5tDE)s64c5X<lXU(Z+V$MbLD`S)34hm-L9
z$Q`<etcEG+f;+2~JG<e|?!DdFP44U_cYc67KWXfTtns6|B7Ib5Zj{yrtdC-MC~4Ts
zAzP!e|1+{rlh?}Zlix_=+I`c#PNv%{+%XGT{gGluYuE3+cKyC<Ki>b^pVG!|iVoF(
zoeqYK*)F7w+S|`CkFvfSeiQ$nkZnNrA3*W>#jtH#Mkroq1uPBq8{wGzW`j|-54ZgJ
zs%d_LOV<zzKs;c=D%=@9m9z29jwUMu))(L=SXnMRfQ*lW_-qC=G;RD!r$eRSGu#=5
z!h~NjNY?!pvMsRc5uD`TtAuVP^0+t;v(&D1lCtD)g&v<&*G5dVKdGi~l_?da`apd4
zq*Rn5rJ@um6*2CJ63vZeh2}tlpRAqcqsech!zmprp?!pUA$4t&7K?WJ6sm--=1<Wp
z@*qmmq7<?Av&c!*r+&|CuAVi1v(WTa&5G>(ykKuCV$yr;{alt55vP(8)rIZ*Zn5oD
z|G_4eU7oV*3uRYXWLKQ*Lbly@Fd1=lOA!iW*)79V;#tVPL|h-UHMf0&k{y?K<j0Xh
zY^bm3>7$&7=ZMDF@<hpDmG`gJZQ11^`v!8J0C_+Mnz;l0x4c?(M8G@l9q^76@Q#%}
zqMeu`49!iL(>>XkQu}>CxrX%XTZCs=wdeqG9b{*UtIo6&c+FlX?K|Q__C2)E#~;Q0
z0Pab%wNN!k{1kLclHLKLDGnWBF~tRz{|G<k!H@F7h4iPg7|Z#5f#sJYG*3b6F2tqQ
z6P@r55S=RhouXpCfUpV~lAqB>>aZTS&_XtMBW(2p1Xce3z?Mh%ZKY&KQhs-WXtLtK
zko^KHo<&wF)vHN$I(bd}l`epyOLX;<*TmoCHBnyc<Q?%hIi<6l0+XBZwo>I!9OP+k
zX9?!_1-nSFabK`&$bKg~e9b+mO7w7sIk}c<(LFa1AG;<OYpcnb6Vjr4o5e*pW>1(Z
zM7OEt_{nt>N^rGm3#=el*Vf{cLYn4wlM@s9$^L{mJ@l*;-nxEEZRp03rp~JLkDC|u
z16QLvOCE8`q5JD~xww2IW}V17nAF|0TkCR}j9<{uBP+V%4T%8!-ej__n%gsUOJM(V
zm~2;x-WGK-tJujL*~whJP$`m<k>{?LJa@JFw0tad<Ao9cupj2cnYkmTxxEVQ205;k
zCbyHPBMuWS`J^R7ZRqZu6+JCKW0iU$rMXV%mcpp#5#LmmIMhn`-Y_ehq8krtJT3%o
z*<QUBjI3OJu=D%ueUSRlLFz-5>tLLvLp1l`!$lwT)+|bDcA95~E|Yfq^7Pi}sK+jY
z<=B~rq%jjkiaM*hh>H}=JTxmDi*C^lUB5!N{a!s0j5H$+GtzsTktQ?J@;tj!#9^B2
zrbU{B$7S<z4^uZ{sva(<3f8LZ37BU^R&ixjANWd}KMiH{_wdj?0C8G~Lm-Mj9iUgc
z3D{-M7X5Iwr$T@YF>aCioxn9@ZwXkr6}lbh37Qps^+FBodzI*CvOu?7(a(Z^9U-Se
z{plLI=GE;?){rcxYFaJ}v};1b@M__~XAchnn;rs5S#Se(1ddvF%qcI!Jt8IV`FMi4
z73j!wNg-9=eg(}QWKoqlB6Kad^dek3lB%sPed6efZc-lEjC}l2&2T&IDfgx>*&Ujz
zE`o9DvPS|ukoqfqqZ`xNe+gJ61bHG$r74TFye#_jexkqTW(%3@3=@Us_V>%FN0mqV
zyP%|vkmn7hxNm@lud4(e6}nwv^DD^E06cqX6>2|k#hQcU8rT@HjILa+3f*p)y%@8r
z>5=SqgK>@ROp(Kh85p|VF}MVSgA$%u9&gV^s+9IXi5(?dp{2~}Nfj-*=jJwU87?@k
z4Pi~yVi*!KOm+cay)<`lrSSD?F;pL{i=maiEr#U9(V9Dic4=A+wc_-W=|qLY7EL&I
zM;8Y88?=c*IZ5ox8ax0yk^dDzCTc+zS&kJ$JBz`Z>vy5=VX%XeSrfXw;mw=yCO1IT
z>d~uWBb}*$W#!Ytbr7Pe$o<-C(Lg3PRQjH%vqhk}b?S{}I~Z~X;)7?CnQ=wEW*sUT
zw2bD~n~QvEix%00)b#p)T@q0bltT>`cg*RuOC344_x|QKU{m7H@X$@c`nRwZM^uYO
zM6^-&=n;$68CaA9h&tbxv#Z5O3xwsN;J2XQx7Ap&2{o2EwZ^h%VAc!_&ai7{#OBt_
zFc*aG!B@9iG{>2sM^t7i&f+0Nwaj%Qs%=5W9Pd+Uci@)i;I@iZfinlg8fQaa;ioBg
zWZ~KB$X*F#ROlWG!<WMFrrDx7np%nwYi{!Zaf~Gomi!%nii?YWdvA244g;N=E%Nju
z6a@*SV^`246;#gVy`o#G6P<}Z*o4s$><=~_-MH}LMuLw5aySY^GmgGID0%sPjA`3-
z7M@htYMOg&=n5G74)zEd=W&SgaWcxXcp}P~v>5GZ_{s!$V5^moT?N^Fn;=_rM<?vU
zJB3P8Ke%whp8JmEPgTv!r<&%0KiQlte>$m4I!;|2A4dwU#_}U@t!_r-j#Hc9_|QEP
z=DiE^PDqOrb<Hm!_{2S44#c8NlRaH?PYT^E=DvryC+`^_gz^4z{FKl=3ggQ#ermNi
z1+Jd5r%$BC7z=KWaUu<4LU+K`?YudbqnoWB45S}5oI2ehnS&v7fRuS!=vG1I`;d8h
zbQ^Q4=~p)~7V^hNzq;WG!UL=sSmt@2Xrs#4R_V_dtvkgTn%jy{4H0K*?ioJ+0CzGc
z+6;qmGI29MGjs>z!gdT)v_S+lp0Q9u2mGwi9RlskF?4nZs=J8q(Ng>Q(0=|N?eqg4
z88B2Da2^?O9vLuhr#MG*$00XE#JQS#PQd{AT62A6z`3+p>G!@$2TjuFD<Ei?{P|mz
z>l&o&SeS4g<db#h!w9nO522fbbz?AeK?ml<<jv2mMgA}J^+a!ZF?8!9wwKSFz}82s
z?ekG!gNW_v^Oay5BDROmM}i$5vEAjh(;X49-F&_ZY-7Y8<nz^FM@DQ{b#g{UY!{z5
zfNhG{&OZMLY;(j`s<7oF_CV$QF%jFz=WD<o8?iW(Yr(ceECRL;?C6NC@Od5B<07`)
z=j*{9AF&AQ$6!xT?Dsz30PaM^ZT9&_a3?8lxz9fVce3J^`216Frzq}epKk(ps^aeV
z`EYP!6gN};-@-jjao5YAtliTUH__)kz_luFtj{-tJ411!ef}A^GZk0s^DW@o6qoh+
zByeLDm+}{bIZH7J#%OS7D=sd7cy`ATXS%jopGU#04|u;IU_<aZ8uw=umioLC@X-n$
z8t|=X@{T3Z#R~KZOcp>sNuk36zAZ=<(JczC3HawhwupYF&>W$)MRc=5YY81)M0*77
zF9ljh+Qt^qS!!-QX`5I?M<_HP^!g$?T%iqw&Mcyv6gr&b-d{wwD-?ph2%avYpD45u
zpOL|mBD_(-qe$@bBDz7LO@wYPq8}@?nb7Zx=z4|b$%uqmgzFT13{6gy7vXgZK32jN
zMR=`(TO@21;WY{#O|B&N<Y|S1kCU@I72zOg-v;=2xd9Rf7V(eN^b@3%$|BsL;1i{k
z&PBMdf=`lgmm<7c!6!>MyB6V93O+@`2NmH)1)nN~bSuIm6+A}5-HY%_1)nD29z}SR
zf=`!l&m!EU;8qFSMYvhPXGpkL5zZ_4ObPb}tXD9)75y=E&p|c)64mrVPt2qeKC_ZF
z@Q=iJ-a}l(SBi`IEHQzv7ZdpwaS7ifF6HaQWqgCUoNp9Y@CGr7Zx>hcRpKhXR$R^d
zifeeYxRy7H$-GHi$47}Ne59DlCyDEMUfjUfh#UE5;wHXXOyhz06R#6D^LlX$A1!X>
zBgAcdxVU|>xPyNzrt=lzPQF^)#Xk`<G<Q7uV;gnQi$IJe;$jeI5itS8*+fhPF^-5!
zK%7Iwr6A5F;xZ8D5pg+)^NF|u#2<*51mXfBt_1N%BCY~)ArV)D7*E7CATA=}S`Zf#
zF&V@JBCZ25k%%cEE+Jwnh)apM9>irt+yLToB5nk61raxam_)=h5LXiMClFT=aWjak
ziMR#CHALJB;#wkZ12LJ1+d*7M#2p~yjb=KCsYKif;(8+P0&xQoGeF!(#7uPunH9#6
z@%gxz-|biEVXVnyEt-3eLa`72OdYu5zW@LL|NnJZ30O_r+dsQqI!n{h$&}=9lD*1F
z6pC;vV!72tGF3v8ohFrx5xGTFMCu?SqCu3TGM0Iku6d4bhA1L4-&(c0_WwT5cb@0n
z>v!J$d*AgAYwu^R&8kGMGVw%)Q>i#kO~3tH3Bzr+QEXwgB@%m<RmWO&iNZ~(&T2>$
zoAJ#p)(RCXWw@;>PLBBvGKR}&CsT}NxNRy<hBb{!hTE=VDN`z06Q$fhX{A0&I$9jh
zsyJR#(x@CQUL_?^CU)Ph*ulzH0I{>wftBF<fmk`oT#?DXSDLULOjO()O^NsqiKWCz
zCLOIlnpGNL(i{VQOFVrhrjKD6ZU^>7#+@ooA5Y$d!^yHy>|%9fN|`+?S6506M#<IW
zqoi_dtB(U{xr#d~4WuL|nIa2Y?6OwuCOPev$Rwj!HL0@whZeR>JelFLRh$m?{1Nl^
z=!lduOrY+9THFPRCE~s!hTE&+7|d(7WVjrqnw3)OsFX{UtX%2Hwo@vwb*@VM4HG`$
zBIemB_ObS?RBo%tmkz-q)0SB}NJRz?QVFY+t79e(a*C2AK`N!>Kkh=FWL!%r3`XOU
zvaG%ghn%mJv+eLLhTCVY$R$Y>sKg)fG@tP_`)w2lSY6UcDT}pQ8se!Ph_jE_*?y9%
zI`$&LHV3Q~1;n;cCH{bIzhc`W8$~e<@gNTIpwv=Zf<u(3;|VbfdngimIM^CT5yKT*
zD+-CPLn`ql?CTr$RiZ7D;D0!!X?Vc(QsR0YR&l}j{tsN4Qd`AgJjY?F4A;OBPa;?1
zCa_j5rPHZrxH1(Ng1J92x7=1yhPh?`FZYN_T#32AF!!iL&@OSMtE7?Pj;X}Q)%49o
zxJ}1x6en11OG|s!3a?aFX(h*{R<Z_|p>C=3OQ|kZ8p!cd)UZ?>$Mh4{ijyR<lfqRZ
zKHj=YDpcZa*e!#zt)wf~ObsttDX}=E;zIFF7Ke0NTOuP3<w9{aEPgk*<-a-ZkVjiZ
z&#1&f*hm9=JZq!4NPBSs=YFAWxnN5J{6O`Rk|o21;Yd6!6_?ndtm0B<<$J}sBE@-z
zJJ<T`p2d@&$8ePdw;~9)@2s$W7h2nQmf<d1E6$LZFDctkVTn_TxI4pLR*C&^Fq$}+
zD>jO&Ey3X2@CwJz{&j}CYOT0Ttgf~4#CWpnHi{dVC%3XyRLO^6!9gn><RoZyr4=r+
zA9n54Qe^TRUdJX?N-MV2-wkU;H7OpB=?cSD|4+sJS}XpyO6-HD(!zE(l{gw)O7c+7
z#jmsJ40lT<o`mn};DB#iD(+yjNv;xcPlmfQSaFL)dRHa3#{^wWxQ8LW*_Gk$tHc&q
zsfU#h@S4T7T`k9#1S!^QT8h1Ke`c^|QdVDtJv>y2@f*|30Fxg{VkD!0jFsYx6kkHf
zWhw4G>lPV4QG|aeI1G>K>oA;&MIDO<76wZ@ESgx<C~i;nI#_hEuvj`^(Wh97#X!JU
zr~HmsI*D3;U9lL_IZUzip?nStq}U9Lxd8Y5&%A2XrzO?*$1;FoD=gL&6Wf6TKZ6AN
z!4%tIv85b>hf@7;EF%P1NpmE5IZ!=`dAz{q1cBb2;z?L03-oe|r(y9B)M`5Q&(S`#
z@n;GA`wKX{pl*SJ9Ouxw6Fisd!?8pNIP(NJiuxqAT_A{OoFM*aK@3YNCq}@D#R4df
zq5g!p&1ajwok0JWAa{aS3vx^s*g6Pe&Y&EEw+s5XLlE0eLHyYilRE67wnV>IV4Fj2
z$y&-2<hx&hH&9%NrAXBJBXJf}pG1F9z&Rx7QMsU}M+CVX72uQ9PiHKr1pG6Cxy}mk
zIm)>#`u!ZW6V$L8OBLl1{I?*UHv<1}sGdAK?*yFp0xYMP<Yh0g{UWH__uqO({dZnW
zyH?ELHNv#LLvYO*ZK{`G=^*;I?+kgLsEt}c-b*ddod&Hpwqw$N*PhvgFFmL~QnR)-
z*fux8YEJV)upcG}V?8_?P(P1o9YyVGy&~~{J*s~|?b`IZRDX~9Y}4yd{cRd|n_i3N
zbd$!xP(5Am%xRiWo1US5DrxViAJH$$C+kD=H(&IV>dAT%3-~{%zLeIXP5+JhFA=rA
zzuWZ9t#LDC-M7R{^&hDp@|<W3=51`vhat}!$z7f58z`SVle%sGo%u*yb1~+12w1Q+
zda_4^!MTpc77k-#`loMU?z=dz$lT~Yp(IZ~#VnqiQGa0l8u$8Kn+v<<XU{)8-(uLy
zZR?9W?(A&bRQG;ekBtpmw{3g4-u-C3>nGdjub#&vUUCUPrK75158E!icKK>{)tQT%
zS6@wimSH`_+kEo1x+zP(Z+cPZR-4kdyty2nDS++W5~9OO85`pP=d!nS^*Gn?<lDM0
zw{EWQo9pRU73c25kB}mrnt{u71{pjI>Gs!^`%mBIR+|q-gBmQ3jY}`SFt^6^QiAzn
zNuMRb&h26vayyT|sOA~)C08@_;0rl7<yClj?yj)JvpE$p8;_kj4h}oMF$>Kuk8E<E
zb|<K8RkNFTnPlY#U00)5i%fr}{#}?8cvz8?x2#$t`Q+!9S~*Q;&H6Z}Sa-_SI<n|P
zj*W4Ixah^(h&hSF?1x)uoX&VMZonHGvsAl}M)Ob3eP-P?^H|;7b?fKv2|9BzNnN+`
zhxyiD-xu>QpO=hr-ms@OYns6TH;49zxo|K4or7x9gI4Na-55DgRi1RPZj!v*w*R2<
zg?TQAw443Hye>y}^ypFcZG`{BF!K*<o{Z=hvFA>Ck9P$w)9yu=)EZgzn!oGwjZVJ0
zgQiAZ8-4K5@HK<><-VDvygYLHseu6{?+O!>_ci!F;@%}cd$rzDx;!Q@CO&NxtDbnF
zYnlI#<IJx$UJ;r3vZ<~c<7AWE$4FCkPmh89^Il&Z_VBK)ot@F=pe|j8K141xQJh^^
zv+IP0mEsX|p3Hc1#38%+OyQjSMrA2~A6%g3`}CaV{uwt6Z>$`%Qeu0xV^jJ7?~{c~
zdqi!w+vaq8alixT+J%M>-vp<O)fWZS9NqJW+wP)C{XK`eZyGbyKFzIi`LCRTHu_#B
zuca?1_DJ+hZ9JwK`u*LZuVtS!Vi#ts2j21QeQ5SY1J^y>YdQz>O$$qpJa)PQyz~b<
zRDfk0dPbVMWc_hu@u{bew%7cq%Zio^_nveiFSXe9%%RlX?5zar@|#VLqh;L(?|7!s
z&?P^v?^2iX?fk3K7KaV3)tMOYAI4bsk6ONDnq<}afs1yI*V7Hi4NB80s=m#MAIw-D
zpfmZ@r`ULly>hO?_PhO^`(w83oTB|I>)t{Cs@jSTCv=yN3-w=i@QY*p!}j@U+fQeW
zSa$4}ozwMQde29U|L1&knQ_*mz|M|S7sfRu>s=Y@@#7}*WxxAOT?b!N(`#3H?pu*#
zI4U$>|E^8%0lUo{#10PQI|Szhncq&#e2{(EC*S1TCySv^iblGg4tCA={gHb3V8now
zs`|b^norL@`E0gjo>tteXl`-cp>P-1-S=LV$DPVaa*utMvSxCh8jC5R!!AW!zjtFg
zsuRilABg7Z+)VB~xUkgeX7`@j57-Xk$L|Y=Kb1<}CXRb-_UGLp1$!skO`ln&wkgrV
zYUt&H<irc9eJAG!c-d@sJnf-(20!K#!d80NEGXFef|tCVn9*g!OV_xpvt1K{zeR(`
zuemus&&tcYPmryfr+V&^+a+#l<UppoduGwsm_})dS1&jxl5z2??Xr4m<S}L6$kcv|
zHZIP5u*qk0{|_b>#aRzlABilTTiJ0(-hp>HW9xV3`c(G6ram<i*82s%OkT7c%+8+J
zJ?iX@mnNorS7!LF0TzK5r`1*H@jkuX)7D8RxgW4QJ#0saBu}1uckXMKO%*F8>J8Jp
z`mL~9Z@5v<-gMKW_`wGjc~9^^Ge*8<{kcvS+>pWLYs=oPY^>^a{zc{0+jZgj?@v0p
z50;b~&YvRlj*ogfa7OeAkE%~Y20d!(Ha0!GVDr^9yIFs2`I(e)Vy*u_*S{FLq_uy)
zO1f&BY~#*}rDkbbeM+rmy~~cpn3~QEy0?>CGk9mP@^g*$0wa;rV6pDb1!W_a{Pl(@
z*}m2wJndDA=8@~t>8Ymf6IX=I4gOgAF8ZccuU!f5cHxfM{nMWHE7@Cr>1)n{FX1*u
ziN^8c8$DKMvkw`oiT38x?u>`^vl=zJEbH2(%zgR9Kd!jlJEFTZA$EKHp*L&Ozt_L^
z8ms91pl428@Pv<RKkILNteu)MD`fecFP`@o>%TlR!N$z*!co6dvz#ukm-Lj?{2XUo
zl`?YsKOpIsxz+CB>jqrEyLkVT0K=?TwT&*ujp1d+&9;jYGR#)KEARDO9=7DpGg;<7
z%f=~2U5<L&s+s)kIlI?&U-#NKH~V~9s&l;GkmJ@jPn$GN&+`B;5)Rp)N>k>jiWASJ
zX?r(UG)gU(d`}&od0F!PY>i#dt1)-?Mpvs_XwR#zP7jHF8M}XC&bTbGkM-sWS$czx
zX5KU1Te4czD}lRF`iHe^zwh&7ZT|YS%;x*!y3tBdIy1n+^neHqk$9hy*H&KInSbVf
zjKPW~SXH{UsqfmQI~KigNqpsU*(Q$dtrnK~{!EF@#Gl2T>w2V^bgc8+tH&1p86Riu
zwuABO^3!;3R6tMLC56ky-F%BTH^mN&^BQrqy1>}PmNn1QE#{5%6N_J{6+rv`=^-07
zc`j*RUSs81*c4yAyhv?#Nk-JVZ{3rAM5S%X&CDJ<Me1SK-u`~N(L1NeOG7Gh*ZIkt
zqFly*Gale{<c&||iL8ZRr)BI~==-)EpZu-l6!?4e$kje0KWSJ@XaFOB1<kkCzmzm~
z+%BVO*EI+J?Kl5P{LKbO_K9=Gp+=L)uL-N%thYkr^9NsazP9%b2wc2(t<-DQ?7-^x
zG23P@O{%YhlQ#xv8yb8sc{E1r*$>OYC5L@Khz*~o)OQt`MHn02>vP5MwY|sf%3F)v
zUa8yON~}zu@pQv4*3-$o9`6mDLw(3ua|VW9|GO6x?!Sb4F5x~)xVK`&6ko@pNjX=r
z(6cLZ_J8+W!hKfD_Kxg*j{j$$CEQyH_fx_>)K`kh9`rNC<c#o%;=KRtt%UojCW^EE
zv!4>~q25wIoAFpracFD3T5zzabstYKIS<nPJ>!kX>lAz9@fyYCoOzXEat^&hu^S#Q
z(Rp3*c#-0<c)UP4j(9vxF*z4kQcTXv6%><m^f78n&fsMfEAUuK>tKS%!!%zR9!n_h
zMls=&{rdsxlbi(#C?-A67yWyF5aqV|Z0XzXR(;F4BdgVC%lRdfVp6|tt$swWuxzEa
zwOF=LTqA1zc0l|*#<H2}$$no&F{yDH^+RfzN-;T$ZKSp*MXl#Ug2`H1M>*sSm`pLr
zFNtE3Un1p`HIqOwIg`fIc}ae86lc+qrTML-Ic}kt*pl<m3hF-v%W|qGb1tKp_+COW
z(JiJv7hzdQ_2iqte2T-cL{c0`|C4zGumsV$e6aXZ4q0#B6q9cwo|Hq@*i?$0vA9tV
zIoFS*n0(K1q#Uw-+RmBeThK6yIeL%qWmt?TChreGv6g*gBsuGc#gYiw*=oKbHYy^d
zCEO5+XvNb(nuY~^I`w)RR~=W7_aKlEz%0MnGo$#>dEqTIUy(R0JT!{;^$Tygt;Gj~
zgogWhF9`SZZy^w+wtr}N@XSbWzwq$T@R>|tpd$()&t$jQe<_+#e&G>(XviFq#$XF8
zivfY6k+TBGx0`vf<m*ZNf~^A+tJ+suYLCi#JL+`&)3nc{b_7r8yc+D<ci_Z)Y4ZZT
zy0A2@iVU0N&I#`48aB-MXPk4{$1%Ho=GN3YTdKO5i=4j==}<8+r9=74MeFWc-i>~6
zFLqcim*<;bboa_=gP+Tyl9JPlEoy(TRtj_Sal)Ao@xx^z?<o3H>xhFT--<+_JLnCJ
zK_6fS%t2qE0G6OX7z*sbFrWnXU?dm={s7Lv1&jmZfjgKArU4J&3B15`;0<Pi8Ndew
zfDjM{g1~Gr4@7`)uoNr<F(4MK1PNdbSPK$C3fKTPf^?t)o55DF4P=5HU@yo4`JezC
z2WP=iP!38#2`C0d-~hM<Zi74E0eA?WfT!RYcn<yn^`IGi25-STs17wCfE{2**a_;u
zuFweffHK${n!-L1!l7^&91cf7N9Y8{Km=W&EBq6Vhg0BG=mEXq3^)t=z_~CI&W8)&
zJQxjQU_4v}SHlFD2$NtkOof}E3TD7em<4yiT$m3F;C^@j7QsXCFf4^-@CZB(D_|u&
z1y94X@B+LDFTu<3Dy)LH;C=WIK88<VEqn=I!Pl?>zK2cl18jz$;1~D}{z43DkF<~u
z(nWemf;ys3s0%Vg-H;J7MtzVO>WeH;Khz%$M1#;UG#rgU_Q(m1MhJ~X&gf4x2~9>*
z&{X7sJkd-v3;7^F<cs`K0OC;~3PKTR9*RPXQ8ZeLV$gCFi&mn)P#lU!i6{vrqxEP5
zN<~}HR<sT6Mf*?zI*5wVAyk5nprhy*sz8<KJi34`p)05w-9)$0ZS)vDK~K?hREu7q
zSEwGnK@I2~YC<2-NA!&s@eHrU>+rg~0pFSL!W;74cq86~@6Gq&IUe#Be1G1Gx8?`&
zw){}ujvvMk=k0k%ek4DNcj6I0mUre|cvt>UejGoZpTN8E6M1)j5<i)r!cXO=@gBS<
z@5N8&z4;mZOnw&c!~61nygwhn&*phPke|Z`@xgouAIgXE5vUn`MqkinWR6VXOgIwu
z6p8*1P)h>@6aWAK2mtVQ#8TFlp`(5t000;^001EX0044jVqtPGWnyV=FLGsKVRBz^
za&}*1Z*6dCY-KKDWnpcESX*!#Rhm}2JJGS@6WVSCha@DONDzV%Q6h!dNemq)j<{n8
z;W9ADZK-XG$dYJD3C?f{fq^jG!X>}~hJ-N83@|`|;XYi3+1c5hncZcF+NXV3Dpk~0
z?LI7(t*w37hu!Z#r(2fo%ucFOI+y?Y{g?B%cU*PNx=7>#b8u+u6<h1O`XZ6`e~UyS
zA9nfPsO#sd{+?XEGFdH_Jfm1H*4wLoWlyo-`L+3Z-*fBU0!3G=W8LW%3b~M=t+KnV
zPzkQ9ZhfNGUi0c|#S31wmaA8Cqm5#zz}!+PM<)v>J%8NGh1+>!ZmH%Ob-&?t7Hje-
zS1FgKEEqKDmZ8e^YhEGe`s20s<}F!REfs6^TKhQk?Qu&D&zb;v$s^lt_44(cTdmgg
zLecMRJ>bgJLUG)8s}nr%I#==GOf=Z(RX_B2qEguno<>>PD|be<Qmc1OxHWm?`t{<N
zo3Gc*$zrWmERQ!&=6Swf@#lMf$t{o1t55iqy`5tff6}ez)J?IHD-}oQtFu_6yt`c4
zTW(rkpQ?J+s9R_rNEAK4yIRce&dq>!o&-X7%LH0=Do3cv3rS{>+e>F%v_jI}C>Ol3
zV%aOOM!D{ek9&oA1#h%5-mWkxRmOGvUjS4P3y*jfsvE3w#qwAsT4~e)sc(fOE#jFs
zS}fD0k*^fI4w*cZ9qwr%ae#W)ti50B1a|pwD}&IyiUKvy%}=zKDuAfqj@LT!6CMGB
zC7X1sa?u_J+h-CmEZUnQ*kq-UoAl~#x1tI!5S<bWHw)lFshD@`#Y)*AUHYC{IZ7$F
z+nWl*S#n3cQm0$5Oj1ZF7~O!=Efx2*IAgZJmm9+oiEjEH=3#hQGiRR!iCd{x>8Puz
zAiOtctL##d_A3=6-0gMWtr?YSy|z%Ub2UFtaMbj&x3^mz?J4^8hFg+3!ANA;o%D=b
zE5&lu%S#>eixNXN>ef73=&1E*qg<rO#_|)ckF<xYGBII|KV^^z7V7Fy7Rj8eQkf8{
zi`8MiQ6v0<Bqth!GOM$-9L!mzP>Ui6aJw*19)u1PPHCydD7h%rMzw&pl_Min>UB&n
z+j@H!%0&*blsxm{D4Z~-PZfBlO{aXLUM$sksaUQzD}bx|!j2q`x}!DnJZK`4zP$-b
zl%PcAcX;Jm!<Rs^y|6s*`UO*Q5QSnh^3@!bPIZb=Vi9py!7F)is5q9ZO-;g#-5rQa
zury?x6a|FUDy2PMGuYi_N?4gB;nBQCt>V{Ntub1s=&ji6`ek%js^HO*hwLs&I-p+h
zi(ZXdv>RS7Km|2mC;@O9)kMpFP4X{DTDvYe)+i@aNrMQxljP#s^~q8`aZ3t!spM(6
z&Qpfu@+G%X^Oh!OV7xXhY1e~xee%?I>u|U3&)g{;%agOijN|F+C3COW2UfQY3@l5|
z%$yn4uSm|x#u=Iy&TKjhTomurKKU$mx2yxTOHV0{ELoqN?i7lx@aKuwB^M{BYp?~S
zR5CX6LOD5KiO>f&4K#&Lx05CoE0S~C*9>1zPlgS7#<7)bHt(jW*}WK-J;@oJe{Cjk
zWx=F7HHt(=I(hA=*hv&u9a%D)dRpP4(9Ym=15P*0InCfSGv_po)AXEEm3^~MRo=}$
zRW__i{y#7A40u+~rlcoqhAbrDoLL}%2eF&<CPzJAFIVc3$Tl>*NM!k$nEA|z`gbG}
z(K_*axn>Hpt$UTJ*`228=!TPx=)#Vg5l6QiLqBLnu(M4wW$v)8te@2#OYe?YT1uqa
zx(}F|v(N!sMmUCf*wGVC#&WWzE{3DF?PPQ@5;aqf9;0P7YC5C<%l%Pv*fHWx%yRT}
zmpnRTID8rD%;;SiaWra=q#B9MiAIleV%JGe8>Xw6-WBUgh~tL+TWy36tjxib>11tP
zd;xuCDzd}YVWZJ)T3S_nb!kG|FTQE(?l4X5P-nyx-$l)8|10{YS9E(&k66x$xYN<C
z3udy^{)l!|e0Q;~9T%(%EQ@UIi-nF2*BmPWp9SlVnuo}h1lCs6JStc$Y92rGU%Kr(
z9ZTX)Chc@AwVcGZLESW9t6+<w!(R{}MjSp8+v!G%FPDa^eNWW>%F*MF0XE%<Cj?t;
z*!(K&1BNrOopAJ>O$EzIfwMCcV!@V39UxsAHNWZqCw<em%D3KctrO-U6Sl-Da2<9Q
zzwvB$)*_5LR%YXZEsL7pX<zkztDl5~ZpYHTftX8m?K`*zB$z4KnSdf;YOJfDFVeT@
zd{NJc&AU_Fa(GN*-BJ@@WOdl4Ep-jW+mHY$*t7gfn}N}4lB_lzNiwM0>7jI6dMKU-
zsRPm#iZs?FJ;xkrk`C&rZA07Iwhg7X1uVm0u@%cAs2$Qt<p>T}s>9O-TLrV%I2!Be
zbQ~vbP}t&#VrD!Nz#RkJu`WZfI1t_#CYNA|sLi@ke2KnU=SzB=lYH?Beul;tBN_w{
zJ0n1fEfMT2K*g2{b~coq2W87TZHFQox12N*E18B`!B!)&dz=_)73>@%m5c@^5J60z
z=kV3G#?BOM4aA(E(%AA&JLSaFL`A}4P8zPA3r0O;>}g?KAy_XMmtbjkqUJ0^YCTWZ
zoh6G*pO@mRaKBQpB#}bLs*OAzAK(d%#d*X|A!;yqZCbGNVeRTZewMyfx8fOoRy-(o
zmZ1CjxYXELAfxm+Td=hx53a8!oa2U*j#0JfnO=TQx?`==k<thF8jYO;A2hZ`1uO1k
zt8ii+yh=q=tlLST=;N~2qy$@s68T>zLA^n+_1OFmd5uP4qz{_5EGxv5r$a<DAo=fb
zvjLm`B#4Lwlow#XBfQ**&3~v30Qq+Sa;{)~a3BLfdKVJt$P#e%M@?o?ry>!Xu!$*=
z2hku69Bqc6JFucI!_E_I3uJ7BjAV<9fmRt8&XsXdAVV+*mq8i_yVFD2=L@zKvNuEa
z+Rjvp+AA=&l!ig6A(nQGZL&Kgc2fHhY#SS4J>USA+rhjA%XM>@hgz8jrkQsH%<Bcq
zg84#(Hr<(W(2Y=dvWNt`7!|Vtt_gODVe)?^L=zU(&ZY3_rg8XZ9kkIpE<-6T4qeFz
zb~yw(Kz&0qO~-BZ2p}B&xVS*DD?qaq%Z-i|r}WM4*XQF>V|{{MiMv7A)(>xB5c~<8
zxe8`n6k<IL&(2WwjC;YZ#(s%ZlZKfnnty?aO@dtmX*-~4b1&bbcVs(FX;a6=5U~?1
zOP!9(EVaEBek?n}2hiuu;pv8YaW+0=1>S8zmEdOp#8em;3bqU4uRt%lsFyo>$68!E
zf?ao|$<EZ+R>7{v^;Ixra86`yI7MWZBQiGzk=Z8L_rN@i<@PzuH?=ZfJssAY1Lh&Y
zz7OVWu-rk+U;|RbpOCL8yM>-@6k9^pBSkTXp#F2vctA*RI~yUY!1b(PE=2Bx$csB8
z$bYCC1!BvO@JoOg;8OkL62bEH+^|apD}Z4a7%rRRfOiT9$osLtfy)IO2lI7UULl!d
zvPUK)^MqtJ()2=7MZ_et^r9FAznW;kAlR))ncG7bt`uxHgkFzqxT-T{cS&n>WO_-y
z_{Mk&kWhk8s>fj`Jq|lDnDF6~{A!I2%cr^w?JJx%7+V3EO{O91vWG0EO?IyAQ4m$5
z4qJJIU!#zr_8c~Z+ko>f!nsW~c!L^z8X0u8)24T)VCFSor|jAZL+ItXRxlrC-vlgn
z_3<0xog*lVuGrT2wcAw_7OVyb@ahg-+hz^vG{fM4trDz`pLmMjNRHe{j$C(=U$3$2
zs1<L=pg}Ljt`Uu0FDHuzs1ve7Wse8jRVGb+F)27kg7?s2Fx|1egxj^Mh3|!5_e=aF
zO1A@>vt&D-!s_f`G-UfEc+FS%2e@19(3^B4DDS{4aZZcE>=%~a1@G?!)0%0fyTEiV
znQ0KChrpxc?j~Lu;tZM8F&zV=VEYMdNvf+9xFN$~ZyOcyjev*X{hna=0Nydcdy}jc
z`4;PmaYv44f*pXq-hO_wz6t+n<}xVRrPKGKMgB>S8AxFQGY=^@gN5SveZlU7;0dJL
zEi=;Xhw$gT<{SAH@}Q{GseB``x*zw+u+Ke!&G}B3eCjBF4uWiLKOccLBRbWvoI<nT
z;OaqHt`Ij#*3i)SqpC@DC!-=O`XP|?^IT#RcN6wtBBJ+lSMOM9jzk6%rbUCJ(K<Lj
zEGsz&qJ;1GDm_O?wj4<xk$xOCccjoJS7-ICF=z68L<(>PdlWM|8x`y^AW{ZM`3x^$
zX7Dst$nY_U^&lTVV>6n*`o>^~$T33ZacE4*kC*Q(nKlI66B4+XoPiREdql7&5%=Gb
z!PJq)1$zowtBAvdii46)>3kUd;nraAh^x$f8ZoVsjxQ~_e+J=S*E&t2$OU^Ar|ZK{
zCo|lC*$mUOEXAm*i-HL#uVHyBN`Ai0OB&lP*mHCUi%NZbQioMrb=Bf1Kc0t|DC*~7
z+cW*Vj7XRDVD3gyFw@fMAqL?KF!eX``D9(t`D56yA+!lLzBp~;Jm`hC$qe7Et2e9+
z1(c-~!H&R|25zg<5B6}7`$ttLtWg80Q3JW{B=<FT8x5N#CnlfTmJNY5P*XkC1$&7E
z!sCYe)D-L(l|6oxM|<GW9;zf%5oQQ{d9s(`$*0qv{Di@ih{pDShm71S*ej5^0y1w8
zW&RX0FX-n}5VkM)6yp2-^0&~>WJXSb7GFc^yO;eOqBc4wRl4khX!7F+g1rizw<B5a
z=p2?U*U`7D&kLD5uYs#i{q%?5i?6FQ`sqK9-xJeKJ2I5XvToVAexaHtR&QXnDa8*E
zt_SGz<IWTOE{)wu<Ow1d>`mEzZE|+V$THISmg?&Cv)ObaXn^UV7(PL=EEWvf$Eg-b
zNG!`1Nu6&i9{Sl51odqMbwFcx1<FpBbnhs-ccg4(bPoi+tB&7Q_TEeO-b?o0eS+`T
z*xdo;Vo?54QPR(5dS9~ajJWLi@6pSkvHi|=y=%K*@2l*7U**Dm2;Y6^WAfVoLBzMA
zxgESq!1w_eKMKAY(9ms6x*y``z1D{NHo|icRr)YOcL2ar=<bEV^m`xFQ2P8(u#XVR
zdq8_Xw;egWTLwOc(nC6ZbbTDWbVIQ=ntq22ygR_@lklyhKKv{7ls-rZJV*#UaDpGy
z*aNC9puQeLF&rdIs2Cmu16lAR!9FF;xO=FVKa9$iUG8D3G*$2v*Ux~(6TSS9?h~Ft
zus>IL(hp|W$8=ws@ddUQ9^sD$BUdo6{2Jx+MutD4hx#9pPw$r~qXDRX6nuokV-QEb
zhoF*v9~bO5u<l-z)e~V^{S_2kl;VfU&%@;BlPCC78hcW9wcj$6IiP-u^w4{H7!2g+
z(}MjqBt3w;XGl_(Ew!Y$-yzqw2ICH9vN(?ZMvYBDTM}S-R<OSX_d%E{7E%v_OTUL5
zgDvy@ALO1M-9LbTTkyvfg5;0X=I{d$U+Cq}0Yvrpp;*?CSUiV2^7eVb{tj9mg2ES+
zx8oxcroRVFi*fp6!TtdR4`caaA3r8Pjg$PCwb|mwdYpETA8F6?qZ&KX%a6sgY}o*R
zNn=OV2IKxq=payc%sD|nFN+9dJ%T3o69?rS!6(6XjlH5yq2Z_GfxNKUkj8!{*jKoD
z3^zXyL-CLB=*1L&okH<Ch2qr{{56feDwBjp2euq#e+Ur#iBZ{W?6oj1uY;T7@(bh!
z#6AvW-{|9S>d1aPHF6H8zXc3gG*ACp<$3rB1}~b-sn*%)%?y8wJbNqrTTI6jlG$cE
zG<ICDuc7Ekl-S#S{2e@LsjYgN=5_iTN$|&tujP!Wr<(=rq!V&%r;E2+b-k0}?~<-}
zXXyG`>G~!50CYVCUGMer_fM_sL#eB!Q@jWA_cQzh68pgnu^%e2AEM(x>|xM-)W<(Q
zwb&14i~R`XA7}U{B=(aTVn0w~e}&f#VxL9`KJDY5smI=EP9QJKp?id;S$f=8SaO1w
z@Au1LT&5=vGk7XnvHC2-KPT;<oBsy@0RR7ORtHp6R}<dlE$}YzP8N3UiT|2K!vL#`
zyXuOlk1i#OEwL965LCLvKgNh52GH0GJ|zZw!`?N&J=Pcv8WlShilSfzWBcc_7xVD2
z=X~dVJ9lQjxpU_gojQ=S(TEOnIf-9kuj7N1{2__IXyf9Lt5foaozyx}qe6qdn%9V&
zMpSWi|7Sbe^1&*Ob5U!Q{1J)I!x#x;j#`9coRd-K%c)#NjaJlP<~$77szr66%0?5&
zX}D~)&T9Nz<n*FSBWgKOugzAg(W=r3N7XuXWvP#uh2J^6{!Wb_YR$9OdR*e?q3&X%
zl0RV)PI68WMrV~T$JHuxW>Fs?@qeRhkIuqr&Ksfg;}jY(K<~$?Ric@TO+xi-wJ7nI
z(5ope#TBz(#y=sQg;N-E${K?HdR!9quCW=StH#+?;;+<2nDtn{tx-53D*2OU;S8<z
z6ej7xDf!c=Pp@a{RX@*K{T~uvgw-#_>d%TA6YZ}FSFiRo@}WxpPl>;VtNEDqoRd)$
zIThWM-qk}muQ5sdb!?xfHLG3>K98B>IBGTWE=vA<?M`T25`TlobSUwc#Ajl@Wq3w~
z7U2Ttq{B1fw6*7%iCrINJqTN!P>3!U%)&*wk&E>T&$Jf)x5VGXRLj*${*sddPwf^K
zWAG3za}F!Sr<{ud125xzgmDh-tpBb^{B4X_g_(=$hUzvQDmq1+%6imSC4M+Mt;S-n
zS%m92MMhuF<SObp(WJ)^k<+4w$|&>@Ia6)5wP#{-&DN={3)ke6bKNZ5pj)_6Zwte%
zTevCly-{locK4P=xQ&w|vTlgzsdp7kW|70`DaOupp{+#40Gxk+oEo%-;d%H|Gd+Kk
z=x@f(WgBs-d#gm@mO4Tmq|*dzgH?eVEJlY#+%^lvw3y<0#q_oob4TLuU@>d4n7j0-
zO)9({L=K1SuD!^ItCQ40Moq9QO&Fxp2Xnz#A?ISmboV4a3?tX$N!;%&+{1yr_wT@>
zL5~K#&QGr}`RUdEXz)jaztKq@;peaD>*ueI^7GgEiyFPymkys8g;R(}bI(44{}OL@
ziNDXQ`JR})MB+nGXd}{6i%`z_avIEErtwDT{4|(fL-Utm{xW}^laA)s)@}rogs9X)
zDQk)<So@(VWw>gGOG>`nER@jpJdpSjl-YzM@X#VuG&}+&c+y`sGy-(tp?m}?%)%p@
z_EEjAmsq?0SmHaO)@IbIv<OuVYjwhuVGU`~g-W?rm05T~wVu?|>SWb=D)AjqYYS>U
zvk1={*6M&M0~*qz3(w?Q&&|RMs`a9tRtKxrONlq5)>hQ2wg@#1Ynd^nUqf1Sp<1q0
zV-{XftylH5%vP;`B)&arZ9}cs7U509TJ15VS3_EK;k8`rjahh0wcgg#YH!tgC-GjW
zwH>wITMUYZwY)H8yN0yr!h4yPo5E~RqL!Poo|adwmYa>lyQ9_)qtcDD7*q{wxnoL0
zLt40C;N)5=v%!{X+1Ar?w`$o*yc=rmL@j%Zfp1vL4YfQP(!vFUy<Ceo8wk}R^|aiq
zS`HFlidwtWN;k*O1_#a?p~FWwJ}x*hnAd3}z6?Ek;l;t0kKpLjn^PzhebZ9<;YATL
zE(x#Pd8EA&bV-F!B5V<M2pa@JI52L@{OWuhW!y=|1)0AyvuhAq7EkSsW&TYVZ;EKf
z_@{`^*m|8$UC#e7pU)9`##<xWFduh>2jlG#CZ^j#rb~H88MiRr8R7j=4R$PNcb3y1
z5g@BSkns>isEmg*e_CfxW~aSxF5AlhW~Vs^GCQqj5Ic_{h@s497-G20f5b<7sf)G9
z_y8Fn$@&n9h?2#QlJzZC=08g26EEBE7{;mpSeBFWM43;rZ0{+u{U*!KVt_19noPIu
zeA5x%Fi!jMU&g;hOl15!Sx+dRB;(&RJ{gh0^3&KKWc~b+@u`TPWW9}+^(04D=QP>A
zW-9)j!<jOBD;ZzJ_!2~(jQ=9zzp|cC|CP+Xj$KuZZ(#kSyg*jZZkg5|Y7d-1@9WyL
z;}J8M?`p;sOrtr={RQK7`gOCZL%6b7XO>IJVr&?<2^yb3wXQ3y&xu`DyV8;AC{$~^
z<>O^N^S{rob@sI^-(8lo&c2HMFJg5mnSD8nzr^C|{BxQAVb-HM|5?nR>e$Kr^I7~k
zggw<@_N7ekEZeUQwTH*0;T~;LF=X3>yaoNvBxt;}<3kJ2i;jVfw5?n-Rql<Niv=UH
z+!y+^J~nesY(<FA-K|5r`yGkw_$ql**W`I=wmI6O(xnq0U-0F-`i`zjZLRj}6gyEX
zw2o^Qc(>2a#g2{h-+tA*ox-PMfv(Nvn5BtQR>qX%vY#s}=f|~pZkN<}{n!T?GmC!M
zF=&h3XMqcLPY8>Qj6J<4ul?YTWkrFBhXTe-H`Sai0IxaP*gyCoQ_jXb?D4)lf5*eV
zOJ=xv^EoA<(^@Y(dr9yd*5|9_Q;Nyew)yit?OeDeo}IV1+uCnHi~idSUu>P6+A8UA
zQt{rTfkXXQuIL{hc>a@<$$rNN)j+PZ&(IEK_cXf~o`E*UpG?abUFvz|`;14|f}`f=
z95MIV(fBvlnI1V^ULTle`L0{y)12@a<L=q}3u-PNot<RcJYik4nv5jnk%R9-YP#%y
z?!ynst@PaVo2RDhk<B;7s85gm(AIDMr0i{%<19C(UU+0K*xvJ?qN4o4+~pJBMs8d(
zHYIfRmh?-`rG{oU4;4Pan@u&V9S2+dm&a7ZWWLn9Ea^OO)tHvAZ{#2C7VoyDvOF#=
z?ApFA(@)&4s>*bYd{sIqc<jRH;$@1FCmq@rztP?69uwVim($#mj%%*ZJ{<FWOhQDr
zkdr_DvukLKt$y60bG}utrWT%2&ob;8U#zZf{B_XIR&f;<y{iX@L?^Y(t6cfeZQ7+S
za|RDPw)k=N3!CM_uZgKqUQ>3JpKdhfk7)3Tp7PBibK;@9`%<3I-QQFl-)G#0QI8jm
zU$=6zL*soJBeS|U8sZQcTNQNO$$$EY>3p42tY}e_ZntgQwr$(CZQHhO+qP|6XWKg4
zxTpX0OLuZRnOT|d^I=t`>Ko$;eD4BtTl5dc8M0T)=4Q_JR`y3!A8qw|uX7JRyG;!d
z4`Wnc@hsHUr<kArP0L(W(%c=~*u}M-IrA4@W9-9vL~V>ZaT~)AOk?JQ)Ck!aJ`r1!
zclmSir@G&Ko#7Xnci+N>HU4h@qqiGoGrFG({M23dXiUC<#LVxx`0Ja{*l)PTz}G9$
zDYKk6bG&2M9p{YyAMyE+e9ZEXWz6#VbDLB7zs(uBm*z}-=!~K7GUho}i?8D#V;7(0
zx4dGue=zaq1&ossDr4eJb3R6zS*`G6B@8%=H~g*2@9Hqj@Mi=({YTbk%F&Og&3=<=
z74gE(r#;|B@W+A?5M#g_Jf^-icxr38pNikR8(1%e`?GyAdy$1yzCQWx#^(O@Ebk2d
z^l0*)+-Sm`fQDu{e#5P%J)}d)Cx!c_103IUHX|+P>=jw7l0M5z=kDT4W;f_l7TJnW
zbiAyAKZ;}(sH62gtEkjSd8a#m{s+s^FVIJoz>zU{yiB}wjy_Vg+Z3SrDM=Z4>{MK(
zZkvpBY=n%YUT+~O=NVeyRxVMJGMMa4wjM50Qbtn}ranFX5<tA^Xqosr*UQDqN`H`$
z$0%&LTUlFe@#`TXVq%M(6C}HHSqbZhWBPI8Fmi#^dEj``RCBbEJ8X3F$v90;#%RI&
z7khH<B`uZe{v7JlG-t_N`4>6uMI=Ss_tJaSL`n5I^Y2i!-YbOkzqs-37}h=YJ=&Y=
zGo#6N`LQ-%d9}k9L$#si!mjmY=kPhN72(?6^`FRq!G8om#7hs{VW04hhUX{wy{0OP
zWhI%Fuv!ZD5eV!=f<KUe84=-1av#ZdA>c2?x{wn+kOGoKfFvs*$$2H|m9S%qfF&cE
zP(%_flEjWAxG*L9h?6D4Fok}JG)=%TCDRZ<OVVkIkThk`5PBY?C&{NJo|u4Y%C053
zn!swxvn9!zFmFn=CEl2jZwkL8eIEmGip?ePPjV_r{E($jqAH2lC3TmCq$Dvt2Jn!e
z9y5B1<t3*dqrQjt5Z(y_N*xG*wi$qf<Ol-G7ErPTpWfrY;XL1ib^r!&djybU3_#or
zf|#8H@GYPM5ny-;K!gZkJO@FX!+sxFp92RQfQSrRyrGc|zA|7k89<o~sZ0dfOa%V(
zWz7V=Hvpgs(MdF5JQ`5agrhbfsSRss{KG*2unn<oKzbYE;{*gdK*$YIa=@AwAVeKd
z=>%UnAV(d-?Sv{(1Uq@aq$+^QAAt4*y5A#J6@tYL!9;{JCO}y-;4K-_kO&aD1m7MA
z(IxFqIyxob5J^kYNWT9sd!ZJt=Iqu#)4@ON`Trq2_%F5We*<?tU9eX>*FD76T92^f
zd8dSghCncLL?|%DgEk-~$D(P5kYFSOlp<)PjWr`_ASK}-5wLPVfJ_;=htmW!rqq^F
zdQpTZT6#)hPZXv0y?r_Fa$fnvoj-m*eP82jz@09gd7RI>_rG6mtPZBCxqbUKEbNQU
zqVl%Z=<@0B`}y+kR@0)GbLvW_QgbV1EX$P_A4h#;sZ*_2%bZGEnDbq!R>x#UCD(H_
zky^EeyEt=a%Pt{cOL1X0lM*RoV@sm}%BfY!v!(vI*MB9t6kNYh%P&_V^g0vjgPi6n
zOWn$#|HP?P$8e8nc)d0dZ~oy_n?uK;)umJK1mPTgb{L$j;$Rgo+S8d_?*ZO)p}j$`
z9?+oV)^n(uB`%%P=t^^<N>v)gm_{cx;yNo4TO!D{ok>>;{c<QC2_7OYC9BjbOi_Ng
zLstT8xGP~U4s>DE-SCZG=2}(~nlNZfsj^R!x)3tdqF@7xG4h&OY)gL}1@H~DT%c4N
zr<SA2uJ<^_sXu{M6~lqt0O`pB?ws11y^u<TEw2ueC^!nRTeX~tPnAy1(x+hOPNrK^
zDs57hLG&ausXVRLDob(2kW`Ud7jyLl!Fzxy3G%WoJ1B|%bAnO`#Zn7J0-RSRXgiMy
zQqMMQznu%S5-iOlET}}7r4gY3U>0p2tx`*Je3(}ks>B6dEqyC^!M$Y<SQ01A#m1E?
z)Rkc^w=QK2LY~bcLIij}&#_vCl&M>HT<D-XI{;_?D$$o=JCT0LSFczi(61|41l!cP
zWl{W!<w_t{T6sypH(12Po=j&l1`T1xP+bZQVUsZ58W5Ts{Fnzq%P;U0p8~ZhWW8Bw
zl4BHGB$Wp(C;Sz0X=IkRf&#?V&9bCOEdLJL0?D-U*y>YxK93@$N}hmMmjoGuX|AM-
zfr}A{$WYHIN-s+hR!+2)?;1Al+$<T?gzoho)gQ%D4O;bQn1r97wqC0zWh<2u!k=x*
z<H<<z4I3>fP&qde##=4;-HIxonuxE-s;i^hkt0_$sXcd0z@xeIhw-{(9OF$PM}?C%
z$B=}?cQ%a%QVetA5<9v?q;jSrc~cRqUR7B|St86)WRWI9VSiC%A%@d<SOGw_QYo42
zKH62fE8yR7LoSk@oEu!}j2dNJNe_V{em%=M6{)F!z^M2H+?DhoRG_#ynyI2y?*Qt(
zD7grUlUkW7?%3G~_j$qybHE5g&lW2jAF)ub&C?9iDk&p@>|j*OphKm|XGJVm$TLj_
z#V{33>YsegcCm|5-Azn<ELxEoD@xAW)N}^8>T0bf8=ZHSky<^nSEB_{6!v}P97P&p
zJ(Pcl%4Dm(7RZx&>-bt|M-?%cmV+vYF_p4pym~Iv(p?N#P7FkV*d!>$oXjrJ!@LD@
zEOdG~bvL@mJi;sfxaypL`{t{>Tg_!|W|#6@a}mGfIfeF2%zQ185^)aVmWO#GNWz?=
zNSOvGf}07J=OVSSG8k(VwOU-#dWE`N`4hUB--=1uM7yYHT+Wx>EH_Bm*{6?h#XaBt
zQ2YFEm;4Xz<9iBN551y`y1fOry84WnZoBF%D{HQQ39~RhL+o)?NftvAA93OeERT$r
z#&g33qeMKRR|@QED^S<G8mzW5{3V}HW|ti#5whee+X`ELp+?>A!b?Kk244MOfSnt@
z!a9z^tlp~m#`w?+<SH(dMjC5fo$C16=Dt1eDMfI>#rivsE@o0SXqS>(IGt*0@9hC;
z71Ko;_Eu0=9Zp+ttyuAUrqjx<G=ehco=sL;A>xTawqZ4)JCniY8o$6de!<V*#$RQ*
ztt`WEmHtU`nUfUW!nVw?$6Rj6M;UkcV7UnujcRcSlsGV-V8^{OuZkMmr~zsLmYqKw
zK$@E82>HcXgYRy^i`AEhc6{VLV83N{+P#MQHS9I7q#syAks2Ef$=<53$7IeDhR!a^
z^8ZGJvQ@W~fLT|5>kDo`C}*={hO8#!@Yrs^ELs&^GVmIv4(^)NIIo4%TlY}I9h~?h
zToqSz%s{7m5c&20zzy~TDu?j3vf(>Vji6VJ%{pj76J!`P_c+6+AkUM+UpA{b0q0bi
ztESGZ85Be4Rme-w(T)a$10sKHa0*|E(r1BbN07C3&|l758lJ9(@<>B<4<N6aLbKxW
z`9{(u;=%;DuwnFL9F)KDs#>go+8`R@IQYeLmB>hP9N;P-LPiPR(_(}_7~aV)@X~XG
z<8yF}aNjP`{$<qRle{3`mOpjUGZXk=E{1i;A6i4wc;cF+fj$f$c(4x7Ab~rscLMyr
z5bV>D!U3CxwdBCr(?c^okwmrvMO@~G6}|HBn%tULG=#%T#hT~M$>pV<L<AmqnB;>c
zP}^L%4mREa_bVav>*S7Q1p9<NTriI%@{+n}L+#MFtYTb1TNA9t9qcmA9-yBIeFvD5
zCY2>=F{Lo7V75#PgotRtUA@G0+HypiQQQR4<FRIg)vDKwpT}<;Ce#WgL?#-NJp9Zz
zz7ISF2fpHJ<gO@c{x#Fo6D(o7a1&5T68qKUAJ|5~YWNxB3Njx;hTL)xeiCdI4Hh}#
zFx)U-C)qAw$+ZBqN#>*+OWRJHQWLE}+PSlQBFs}T);FisE37<Z(_$gxF$YqQgM@g{
z+Je&TwO&q}l3@l&V>cv!z|^I#>V^nig=mZmBs=lkH>n&hL!9Ys+GIwu30dPoeI^_!
zq^w2@E!;!u)yQ?+2-y^rhupYTEW#I^(b8%Q)o{8f44Am&P8LEostI3mAo?SWFipBL
z=1zsmqZ@>+>cC9B+&gQqg<K4)wNK^e>cn5L5;D~58wfhl6c1Fj-56g^qo)#0YOCJ(
zXbR00Gl_WDJ8W<z>Vw1A*|O0}%`mutJb6ir?XDne2PG=PwxWD?0DzP+2etxCp_AGq
z0%7l&BUgaIpu66^IE;H;!baDztzrB8@MLD`;p`5sP}~~rK9C3xVTL&@K1%q#Ch;ZF
zl9p<dBPmg?gwJ6lL=!7`8%Dhvi12L#08GfXO}`gL!|J`VT#-#qCzz5TG;9pn@4^MX
zl?bAsqhFI1zJ)6GAot1}^i&Q-ItbGij7ZjXQl#YT0+)|3kxQHKQzHF`OeODc0QUip
zs-=MSfS7Y)nV(>^vTYDCky&{PBXz-)sc0^mVmY!09+3{_#EXy8sced;=|~wQ^tMLn
z)xB37YO?J`sy8s$7Rf&lrn0-=O?|EJ?O$FlG9mhDiZ>Wl^ZH>XvIBcIM}`K57`)j(
znR>JTTGbzJuUntPcV9R0{tVkZ^u=iD^Xag<Oye;OOR`2Du$E2e;+<hv>Iz>_>$q`}
zNDDQ|qV)&Sc#QIVV*KmF;%0i096?J2NlJIAng~3hj_U(}=Ppjw2LaV9(NZ7vRzZA_
zeY!lWS{s`Ix{@+yo++=Xa)`?HZkhz|yHUQ_=IMqzv~7s9v0K^)s?-&^79YwIs+P*<
z(l)4eoLG%sxwK=Wsai1c*Oiz4BFBRU*Z^*0Q>?Tf7*n^kZ@Oc&0AYkOF2?;}!xOt5
zMY>rH$8@c*0y;+w)#Hbq&%+7^tkKeSuOS0E9bz2j!R}lINbkk5Ll6}*JmPCdH~dB3
zLgJKptG(HayaN5}rk$VxGawHtFr9i+vzX<&2^+Ln=>>ur>Gl<Vk3as4_VsF<MK%0_
za4Cjy?Ig0I7Oh_#_2EH0O4RkFrtyN6ZreRu-|VdFwAxB14d{!!P@gU9n+L)H4g@1f
zY{>viV1_F+ihW`NdCKipM<`mDN~Lr}PA46_m0IA&`#L#AOe3M{w9yP@aJE?Zbn-Rs
zci993M;j1rzhH}u6^0zfu^On1$#}DK-bCX7Cg_p9FcG*Nb{}MvQYC%J4_?>|0ad2M
z2DDQh$W0=ijw5BHQIcK}%^70MU6Tmvv}IZ>um^N(DCmI_VtBWR86wU*gqeO4*p1q;
zX_qI+VqP{a8NzKiYB!anh?{P^|EGP!h`8pmT2^L*t1RlqvUoUMjr-a5p9*)q&^=)L
zrI18>&Cu-ojRln81pjhD)oH<VNRXIr8?bDBh^uoGt&9IdLU6^*a_^*J5u=L1BsM}b
z4Hc2<4F72KBPY!S9is>?tzi-I&=>=gtdcxX3A3Pdw+BEMO1Y~g+Rg=eM>p;sx8gE{
z+5i=DTMjl~^n^n-RprSDfJ-83&7j*9k&lXyjD`<x;_*U6KhXG(UQs+yJ`yjy)bk!3
z-SZwG<hgD@!ZTj**E5}vpjWz18?xIbSa(YIo2*#8AZb$wlBSSlyX-b~vX=b@j3RAB
zYw;`cYwCd?vr%FmSG2;!IBCT52B}LkiA{RQE{ulGEH2tGb6EVY(aIJj1NVuEbMy!f
zdV?yGTXo2)!Cmo4sqQQ;dhwR+Uou$Zo5Bxf+boQ^UAmC&UOF9#pa>P!gm~$Vd6F8U
zacakPieW7FQP0T)*A5_(CRJ3BbKPK>XT0#9=RHW(b6;kb(pNf-z`br=G4)bHg>KQY
zof#{?@S0O^1ZMAwEM?n_0+*5`DX+WXaqkHiM)HE}FcJ1%1Y&ip?$1T3^ha&st(Ato
zJu|@#ZSFT)0KC`5zX-~de+v)3N(A$5Cm9OC)X882y|bs`Y*aSzAcP<HZkxCX?--Dt
z%pLpERraZq-sv{(f!>#HNWp4l(Eb8=6hab%+&OFt;<y*k)iHg>7*NY<viQeO#B^b=
z3-c7N?O!>s^BUb2VMDA<M2+jbIA8ONte%>DC%Mvh)MjL9k`e6neE`@m5M-L52d?-I
z44HWM_gv#-cy4+M=()WZ3&7aDhP|mlh`g%SM^7MHwVLmMpXgG#|J&A|@s1Fh#eR7S
zCdj-3$XNW8OXr2@bvJnHuHI~__zf8iu&(I5<JrXvbl4coJ;c+Af9LJMe+nLd+lAt;
z*k&0RMY<X4)ioMRRpNo7L~&zZLEGyZe{yl4sa!0Z<3fFLPUi(X6~#EwQ@Qwy)jw|<
zZ)~4Bbh};P`Xo8Bemvu7n-mr+$ym3`KZvie@ttwOScmv(XP@UEq-m<)6QEKS#sZne
zQp|hKguY{OM_5lzK(v5@g@7W@^bCA$K;{J{!A=N=S133a&>}Bflp!H6tK_p{IuB3@
zRx*B&AQsJE*f6g9LIY?xN#6CgY}IW0w?g?;#W9)#gv&9SUs%j142<m6`zK{cN72mU
zNoc04g=te1%|C4+kF<pxbSs&KW}MJ&qMMA@kouaE5jVUXP=5UVPgMsyFZG@5ya#{V
zz<pJQB)sG{e>AG*Ny7Abd5rEv;Bbdq*EOe(o|^j;F~fIaW*NUw89$NC?+%E+p5Z+1
zk@%3=J=!i(J5}bmFVR#U`aCg#7>%C8=97UV^~~QRn<!tAJH&cl+5HlIg!KsY5!NG9
z*PxbBP~+H~Fa4BV+gd^C#Vx(6b~dUq`ohG8)pJrCWtDyyq355_X+5wr-h(fx+$Va!
zk$2R=|2nXafrVdQsBV{K+_bdv_`8&pdZdvR3_V~yth-;T8&`indY@c(xCet^&Opyb
z^&I-*4nkP!fx_*g>?5Y1td(>#$F6!<eo9AtU?obXt`0=Te1MadUg>pT$W*qWYxhxH
zZz;ab#^QxyiiKb@@5CDg&-<M=>jV727vdwE*Z_OuY?~06`rS6`8(ZPE?N|LzJ)y<C
zlBrZ2_#IvabJ~Gaa4TXWb3Cvi#^r?neGz}+(01?-?W+gBUl=oK?4!@P+tRu3x~_2@
zxB=|$Ry%vWvD$$NUT!aT_PArQ346#pd<i;w<#$jde|#Ul3g&Lu>AdlGZb91NLsR)O
z9P#zwx$q|*f3?%U!8}y*__Jc8&mnDmA<D)p^CAEGQTMY<{t$l<NdX5-)B;bIHJT*Z
zN`T!J?Tcc^1PVUa`c9VR25e0p43?xpU;}v(ZK?n^ga;4;oW#@NcV8Pf^kZMgYkwI}
zeZ`-_<{spOygncg0)Huo`UWkWm)5xfMe}L-M2Yg#`kj3^yx~<mWX3{w!bkS28Rkn<
zNc`l{kh96SH4gm*ScT_$BkJfM*u6#!{eZIKC42(BuX`<W-|FfjgViGbHh<aVmPs}L
zU}r(W@dN<>()l9=W?E2vgOsniKh-0I>d(^P=_@|GNuk8^%iZ%+U&o{UGWD>{^n=(W
z{ZhUW@K-kQ%bE`cq|=ipfL2tHm%AtJ&6PWyO@H|6%3-8?boVEB`-^!CfWE}pJu6)?
zFA^$>U5s}IqebnVS=i~XdmpPW1S{R}1B9o+2hOeQe%0%V!bk4KcEv^gcvo~AV*Y{+
zrWD|N9~m;j{Q|DsHodhUkK0#j`#Hz_iW>T7;uZA=h%(Cg1Tu7`leKfWy7EsJG}!w=
zyjkb`#(sU(;^GirHU<3F@-cwn1Kv9$Tq|z)8yy5p#1CElhLRE$svG{sc7hI&1AKX-
z|Kg)sg7dOuS-Px+AH4bh2LYq22B{;njo-hF+tqK?!TO}Y3lof^DBSiq6=7LnBI}W+
zS6w1Xb!bYdGJ%CjBpow>#*5^|``M@5gj)0{LMZt)U&%cGojrfX{_5@jFQBl^`TF`^
zIZ`7<wdN#gr1uz-{$#~Co%NuE_}bEb%ov?N-?EbrW+s-MLR2>rqHfeAML5dEt~V;B
zYQ&akexF^K)7+Gn(&T6cv!@)zDy)h4sxz%S=FR>@bQ{`x%y|_cYDsjKt0{Im^JrwQ
zHfPmIz414Q%s93%!5x1uTfG?!s#T^?AsTf_gtK_bp)SLBRpB=Fmou-~Ok_uzmL1$%
zB00K)36ehD7}z5l#d(*(9qtsWC}$bvgc|FFx`t4(Z_Vj&V+;+)w6nJaNL+J}$}vL8
zS~67SNk&z6N}+IyEMAJ%9oD(s$lv~&G&Mt8vZDv6pW;4RC@v5MxN=8xaD$WjZE#M>
zET%c-b=7IzI6Kt&W^AL;>zrF-iu#1kDKu<VLKW)hK%bT!l3QYYu!nSfF(rn3&uLir
zmiDNsB?nz^KMdHzoZd4Y*dtzgYC3yr(qK=vQHM!VVNSawr%F^Q=pL%xii(DgifsqY
zzGHT>x3T-x%Uz68<090WRboWdx>Ipu*R4m-n7(rCwhG&NnC*--kLWfy4Lcy+{oo{?
z)<bW4m+`oha3diKwR#lGj-$<GJz;<CZ9enKDa=APJMNF(pCMkKq|-MNe#_3j4Hd9H
z^HwscQYk`W^;wH_A=4J^DkE;o&d)F@xm>zR;}b_JOgZ^L=QPqsr&JhkPXaY5uo7v$
zKcY@JB%YvheF)_IDCO5hDOM&OQ%0#NtjT}4{KvE>4%ZF4kKaY7H4R_6awK`@YRe-&
zt4>ffn!(k(21_2yDm60GsD~n9M3U@lPI2pvR+xY*wP;KqzE_;!9ff+5+!Li)SFzGO
zh}N&M`#59i`mH;SY#5T!T}@>?l!$0wA+(((?+A@f#M(Gykh-*N49e9uDDN*k4u%`X
zCV5X&4n5K(P{sRX-DFHgG{AntLPP$LbL0KP<}s$3X^3cK88eO;2{a<EN;k9&3@P=d
z9O*Z-7-jjLYS5hT={L5N=D2BWDf@!c2-vy}EoC0jY1B~MMu9>)uy>`uF%|Yr?A@x!
zU%wXk3^f*Zprdh5k$>!=Ap7BWrElCxzl-e4D}Z}P;Woe^Y<$TE<bwF&TK3IpfGP71
z3Rlnv>4GrAmwp)rbs_d<8{9bn;*mx;#|*4<RFR)?25u306b+o-0ezDQev?Dn$f2J5
zf_m`><_i3Sqd+2^n?pFYpstX_96``DgK$U%6odAeG4s!P!ST`?J;@Jx&Z2MV6I9GU
z<~Q)=r3UT%eT_Qqh<pF_rijTufYngS#D7(wj_@oe0ORC^Hu9%mtTvu_UDaTRn`WBo
z6<~bN9bU@1G*yX^SEk_^B||}mdx!hGADdB!Y;%Bw8s!_gbiOx3)*G?-3-fq;Hy+RH
zA`iSvUgU-ATVH<V<p(xfnZ^fO;Rk-=U*dTFzFpZDW_d~K_04AWio5(Qd+}YS{G(k~
zxqtqyP5BF3o2%C!`Z#Tg`~1N&MPJOiw7oC$PTzn5{g!RPN7~Z&(X*!fLtIw5e(_#i
z@og=m{JXp@U-m(*p#}9!UGanTPb0>CE138eGtv?7U~aUO#7iEI`kLywcY)-xRQ5Fz
zcyQwHi5(H0#`~;6OUb6tP8n@iKZPux_joc&+nhk%9ZquRK~Yzu$9?~d*{--bu4RLQ
znxB)EptWr$^(1&`b`&IkHLrG((w)V7>9-=p&P8ghky9!yC9wY{-2DA}W6pNzGuxar
zlik;St#!kFs*`;Dy<L5Yd#k=BJLUa=aG}GV?h~FtSTwcNGC<mtWsa>y3D>e?^h(zI
zv+_vSmRZ_4OkEo2=oubGrK9Q^tsK-^w|ih*4HW4p{A|5k^(TA@2p%`*^A5N^%Y5F6
z@6IK5i=}Ac*TGS<VTQ|WsC>wftqq-7C++fD`cE%ubd7R$>@+rh(!N#tW6zVOy1Mc-
z>-P!v(EN;Z4*J4Z5ZM&7Z2Iziv+zg6WS=Q0UGaDH3h@gW=Nbo{pVC?8G=0B^-`z=q
z+s(WQx`w2;i>Jyt*YLZVXMU<2Xc2ZRnVmSymRwH<5$BoHVcku)xliZX+Wo@C6rZhf
z{r=x>-Nn5EFKeGErt0cfJpOz}re*20=K9Vqo)_Ku4xee>I^7Sy?W4r6rIUb3#(Co8
zxis-Hd5zq~nYE{nJSAzfuR6&`8vSm!&}N@&Z9D}GwRZ*zXZhInhjeOk>^*MTNJFXX
zIsV4%^bQlj`UU2E_ER0%8C^qNKkeOyM<cT8?G^{u^8)0P>pVooT==F$(`MJnN1C%g
zufl45SH0UufftQE<E`=OI~cgmH5@mh3stFjf1Z@=>b$bx^<4>nvTLN|!FqQTT#L0=
z_`PS3^|wRea4hoNruf<n`j&g*dt+YcJD|Hbsui&fOIFt)Ccj@)je+r4MYJ(t^Yaon
zzFMq*iu97p=;BseYtm7J%e3u^giX%WK><V6PX9cjT?CQOW1JZrC7W3NzJy-fEt5aH
z%j6U~&$7R2`$hTo-G0VAsA(?SP?MpMd3@&Sp=^!~QFc!dbym5D9Ot~>%K0Kc@!XQy
zq_JSw*0)>!Ad$vbUmZIfS3CN~y<Hqt3oGBX>mqC)uC28JbF<!=;r{9Pu*SxZegxc)
z^VIFDqvYGk`z<Y8Fa28>W=B?S8i>a%e2d3_v$$!yMo#UW?Cjh{9wXB`xYCaIp62U0
zurb`2y2&;^mArq@-t-5YuC@|V%A)t&SyH8u?(WO!3_aZ}qn@X~tH17`qN6QVd0Ne1
z&gS7Y`CtYRoc<UMJACkV>OLt-<H0yQhIKdX*xlcQ*CQ~0G#S-SbiLO~w{CR(>SbiL
zx7kLO;di)6U6PQ@uu*K=cU|Lj_dB7N;nK)X?ZV@(%lQd@jxXhRcmK9XT8Dt2Uk-D*
zsOleoSb4hCx~w<r$oaxoZK0V*b7_QIxZM)oJd<{(ael+<^|QWBxBqjOhm~;K!e2gr
zW*y(ooxQswY?Hy`3w@IFb9ULAi`THVwg0w8n&H&~`UjOV-?|w{{rO=kHrKiBs#Ty|
zx>mV|%Z$R7L|yGT+D$HU9CwL#CVj@H<gCi?@@Z&~?)q#9kM4SVNRRe<ekhOTdU$A$
z`nr7xkNUbAyYgpJ-q)4(WaqQ89?HA2!Jllg*WWm@_>Cp46eWM8Ddgyn#t|i7lqurq
zrUsgl4}vsJtNbN<{E@DPQAQblr8r5fGx6w$rUBU~rN&UDY?3m?D9MXK7dv1y|4H(O
zFGcta^_~hp`ZP*ZBrko`WXy@=yGa;^G-D%UmXVP$$>>O!pC3u{E<_diQ$F~UF`G+y
z#)ey|50khR1(^=(XdMbNU#2p+B5$U?DhhJ0-zn*nqyH4Sv$OmZp>vxb9yu51iF<j5
z!^BQ~0nX#~#8(FR2}<&p422yp1yj<D!Qq3+rAayF8>7v0jlv@l)JbOiEL|O&9p`(&
zX_oQp_v@*bEIG*iL;j1ni-LxV2=Q$E;SljqQSjFnF;;qPFp%&t(O3DH$Qw8dQp6Go
z0S(b{{6yssBBCLpe?*x)J`W8G0KL}OuQ+4OOMC_@3L4f7%aysY`LZ<^^9Xsu%&6kS
zu?v#X(g(>t(}%ca(cZh7FIyqW-)1lGiSsqdgvMWmADfHve`_v7%CXRG&-$xgnP;I@
zu6w4$yUzS@yC>Yu&!yc;)|Rs!>)aV=&zja=MLxHeMy86_#o-Te-rcuP(^GU^Wr@Dp
z2)$0LW5sOr*c#n<YvL1x;Gsv}<Xv-LugHm--;9C=fVhK5H3ifJ4WR$h{%{NcIfe`!
z0o*X)@ECx442Wex>~BH%AOZv+f(#)795W#l5n-DMz|aPSG-0I)0FezaNrtF3fvpKZ
zSA?ib2GBO4E*oIog5a4B053y=6Jf*-C{73T9Dw78EXTwA4tR6}q#Z!)2WUHi-45`0
z0)!}o!W3cR_ZWEt&K`jDg)n-8q&<P{3ZQp|SbPKI6`@>jK`;pztioXt!T~V}j8>5{
ziI_=5m>;06VrUac-%(qIFBQy9Lb?j-CjZi@coSfoM5LGTI0?i~LcoboutLF!Se6S4
zEHIr#lNL~qf<F`hvciNED51rf7HCmoj1*|I;tv*(T2V*}NLq1f1tu*>wL({mS}kz4
zB3db7Z3QkZu(smf3S?W+aK$z*C?^H|3ydkzWkl>OXtBb779CiCVnvD*z%K((Du`Ex
z)jeS44>3~)_$GqB8*tqQ<T8Mr4M}2vzEb~prd^gcH)91703Zeq0N`J=9l*)d$k2)2
z)X36~{y$fJ2PZdu6H^E0|7->Ls{7htpJ4VsdB^RqKd_?bZ~L^)vYxe2)-5~d+_f#T
zR{jYRnuHSF4&aRQmD}auGtOUbsbC?dr41E=0&=rzPZeZg5r7SrGL|To@sSX27y>yl
z_IDAWyaqleTNqJkIpfu@m|l?cx<2#G+kg7*tDg^Ew}EAxDf0bJj8(U1X>(<c`QsU8
z_<?rPy6C}|HZ4Dvq*XUi+H4to{P<zQRe1u98rg%!-ZF($VE}L!NuJyY8X%1CPU1?a
zICIuoBRE>=B1Y|@<mE?XH`3yxH?LmuSA&dKOEIZ4=|YGOdH+Pps?vkem}9AH9*s6b
zJCdd|MV$*ekQq~2M>Q;xblEcwYB9rX<@o4bNV137)@D6gjHZ};3|dETJ+>;T*@F(9
z8tXzP&<B`ol!hc}&T3LLo#Dbps-EI})JF)pwNi&CyTxc+sz?acwPv#^(xYzaQBBLa
zfv%vYZ8=jCJtl~`)I2G3DijEC(DV;7^f%3k(Rt&d3tQg4skCxd;>PWyl~xl1^=Z<A
zQ{fDrR_3aMQFj_fI2I?d{z^`zM_GYtT2nOUR!X4LA7fN4KIHkh&R8S3EmeuTH61On
z>;T5Xo-`-a=8KTL6|_-UUm`ckP)J@)5RMxGR2NpYwmN9P>f2V^K@~=9m7qG8K`XW?
z)Y!5EcUk0u%#dI4!q!3q3Jp*-Na9*^<4BnvjfI>ww)g%pC=4n=!i<%`PLcpv9sp4W
znNd9h(6Z+YfvfW@RGGm;TO^H1VhF0E6^dY)Nm2$XBvm+E6bxlY$)Ey=;3SM$@kA;j
zdg7+2O0J%E$Qmss=5XDh5~m{0AxWS10)}8DAeJ*!5x0#Q&YpgR4MagCq6xw(MZnBu
zZIaO0%x1VdY$R^n4t<~fVTn^mIj%~jkdPTqno1b%Y3ZbrD82~92gTT+8D%<2RbMqP
zB;!1~W=`u(9Cm(pkKLe=Id7E8tmc|;GBlkfh84g(3rai2OJ&@qOL4L~H%ekE@E#9^
z1exm-ls;Wirj_EUoJ-&k2vbNFvQ(n-A!;P=sS&=2W(`AmZxYee;VR>R%T4P-@hb1g
ziZD*pcbT3I)}$-Wvn$>+<qzMW4QILQS4pS)oSLpH5oG$orIwMr(%oTJjjYs-d08Fk
zymUz#v?>x&tdt?e*T)KpCs^RBxYKAKW0)JBI(NqLixwXiR%CVqQ#_bz*&Y<138?5^
zJki49P`(MjiP@29ogvDrr{@z>I(JEPT6G39iJnDLpSmK3XHcfl1wZP5W2J_MF!aRk
zxe;oBA)|@PNaQ!ul{NUbpU_tQwk)(VS!GWPRIqlY<5n%x2cyt>*m~%vR@SOdD8I<=
zxO&3}BtcbT!*CoyrWut`j~`m30BaD{$O-62!vuEi$1MPT@-AS&K0UYf@Aw-jXysSj
zEyRVork1~eeS$9aoif?Lw$Y`w2x1jHIElk;c33XewEq=225bcZMWequN-u`>A&yR`
z?g`P@p=i>$JTz^=dvJ=adZZ3}Cqt`07mvX>FkRfeGz{?r$wmV=fE$W%Wg}YDMC6N0
zhr_h%3PB44q@6H8ycM4sD2OV$U8}%>6$hs(Sf)wa?ZH<kc0|2H7beqFz8KlF3K@v*
z57&n>3?hY`sY-Ps4DotXtw5IuVmQ!*0Dntu>YfFzMc`zGVY4P=4Yn5pBECJ&7QHyN
z6w3oN+Zvg=kyDyxSY`^gQ^7!EU#>ldTQ-K=o*W@e4-wTu6Q9lsZ$eN3eFfCB1QkHz
zfSF*6qS<9fNUxjz5QOF2c0k=hY%7c$PV@IF6_HQvS~X%~h=rRlZM_sFYZe{gL(^AG
z8j1m8`S)MDH$tlqYzE4r<De0Q?=_JsZ`~z5AO-A0?F3%SJa3qjBIl*X*_|CQ23-$O
zr6##fCAil@b`LDq+t`z0#}{(gV=HQiFM}c-noK?va2c#UYK;q$hzG?X!{5;tk}O;h
z;!vStUYToO>};jg$+&e*5Jz9po<3sOkw>rw9<jPR<?f3l6}~&a5r}8%z3JjSnZ1iL
z)3rNU<l1_d!>WC1ve;8<p>qZa`YYJDyXylV#AYkfq?#cEUA+G7hcy(Q<8TLDQ=WTQ
zy5}|B8>?U*(YZFE58lsN(b}5Y=|lw1Q$5fXHx<A^fHncC0(jiuX*5k8$kWzS6;luP
zn0Dyf){j-7wXM#p5FA_hSjx5!L9*E&Nga@7qaF3S?U)^?w)I6-fVS;6NN)Y98PSa<
z(Rh*qzv(g6p8k+)nlZ<eziZ0pJ>^qZo-u)PgI&DU>b9{FFuQEdny{U=ywy1C>;^N%
z4Hmt5b<MZnnqCXd1U=78zsH!ub{=!U8`#U?YI8KfwTp=Ka>F^%<Ns@;TvGWCHjZ7-
z@AQ_Rstvv@P6rbI-FVl#SA2DK)t~2eRc!k+{E;qBFEdMe%cb)<rT))m^4b2G-*H3Y
ze<YFL-2U*D7RjBjv6(j8>)~S8b2q3;UYDi>EZ@6<m&(m*KCFsgz})+Z|LO5Kw8*TD
zhnL%V3q4Qo|I*!xY&1>&DSmhLVRCS>+;{WIcH{eX8?R?a(~v*w8>nC9;gZg<z88>f
zpDhpCeTrZ4`=I?P*Y|!~>-f?*){NR;>E-<tnYfn^zF*-pjk*2uoY#oFkI(<Rg>QCs
z_j&c6*H8cLpsu`Lww=%Gt(Qs7bKmxM4ES7rrR}z_%Ghdsi=THQYwqKk?Z&Sh<G1s^
zK<&)@yY;m-+Uq^n-_X%13)SmAmZ78OERp~1@Urn(X-?jeF85CF$MAeyzPiqz?tM3*
zK9i7F;LB%mx6ju-?=pscy}87@X#F(RZid)$);yC(oqK3RusP;!i#rP47B}VTebeyg
zku9DbOAN2inHe)`=T?HrqA8&invI$v=&USiVpClH-|n`Og;!Iz88~QyqOG?N6Kwq)
z8qMTEXg^z87ZY#V>XViYlwKw+0IJ^09ogLN2BU*1o9O)X3_HR)$(Lsk`;Oz-<|>w*
z?e?Gz7Or$~8wWE?K6qK2D~{jpxA!Qr=iBlGH2BZsK|e9PtW9laFwf)2moxV$eR<W~
z8D5RgPx<ca3eMKcqxoyB4-3!p40`q%5_`YDodhE`(9D9rS9ShfNBc*6{&k+Oyr=nm
z{(kP}eRbM+QvB~nu6l7_{j1!b@4S4T9j`lLXmDUT!7;*@Z9qNd>5_9QFZC(V15#iO
zfvgA_tqH59a8OAq1&PR(1o#EXt_km^09%qDlLT8bp%ZIoo(&;C0Y3?Q0`{aViI|vV
zR7|2{QF8VqN@wVfl-Y!zQveQ0_(blp9h3Ae>3YIlVr@x$jqwlk|70A!5`)!}KmY(x
zKmz~}|6lc>zKfHo>3@nsTQxujlvT{V-uCqE-kn7Ec5p&S66_ZMQj$%F@DPeW(sb#-
z*ary<aBUu)JGM!(blu~7dziMk%FGaM3}ReH?MEn<h$XIM!3u*xK%hBpTC&`UYAbM}
zi<HY~HlUX-34QMEi^~_YU+up?zpp>P-uvG6XRbB9?U6-Np=}OVmukks%%Y3<N+_!%
zS5ERe@uh!tXei5>8HLkL#S~G4rLVN)B&WQ}ND8MNh3RMsn899jA556oU>huh+e*gB
zTM7$1qJ|xLiOG!}d+CkuV#}GDh{>;bwZzC!mnlh&O*;5CBTkMgYi7ojD}9XB>&xIr
zV>4>5vh<298dH{(l_FA0T}4@=&Ph{409D=rz56nH)ul<5>2!Pq<S-gNxN;3$WSKMc
zL}j_aPQaP7>^7cU%~7aGKT=hc(p9sI7{`JwHw|M=k-wdc6sECAoARQnec?Ds;U}vA
zmx6s`3e8WJ2x&8ACmBU=R;MO#{*6x7{A10G3;0s+_xD#eROnadDI&rrPX=SK@RM}2
z>YgdBcu=QJRit-o3QL&cbclqFOnWt14Jop)q)U!AV{{(;wG1HW^ph5wyoBfmw~YHr
zJ7QzhgC>xdl9)sp;}2WIR1VFJv;$@(g^{;<o(O0=2t)z|5uq}IfR!NbBLKGvOr_ue
zg&^G^d_>{_Mu6!@my;rG_QVNe%^*B7=3}@D8hn5)HUUD|1RgBnBjA9Vw+SUnD&R9L
z!9^y>iNf~53Ny`0$_qtYApq7*dJ@Wu&0I(ex@QryU-c8@gaN|>W5p36W*%6DQt%kv
zw|nI3MdG^?jtw2;Nj?zqMTpLaO)#B@1YMDrO2F?K@bW!}2umU7;AbSkaRmML{;-o{
z4(dh+;J<qu=fKWD!x{R#>n%8S2=v@C)EgUM2lyQWo~nj7WUGw01_PQ51A_JD(u*|F
zd`WQ;0dUVPbzi{&o3Ex*%&$is3nHI}dIR_lne=*SIV13HUccPe`dEBFG8d*X6Hcby
z+CeM+v>`mVhJt{B-pgzwo(o+i4@zGZ3WRnOA+3QQg7pYzP>2*6jIw?R4c@gi_0cz3
z3h0XphzK^dNSMgDk*N)Xi$|;(ZIDMDPC)!TMfZ${6aDeHm*K%^ebNxF!R3yQI0-8l
zy=gsm^7h1y9z7%1k|W#V<5leOCJ6}^Vbm|Q1X!P(&kOY+L4+($_H;p)EU{ce<{2i&
zy=S=^{caGUv2SW_6k7$F{UCAY>_G0Ao=$8Y<6WlgFkifuLD`hOZ&ok~;+anG_LM0r
zTJakK9^rbmS)?qQfK1Aw?W}&|_H<X}-1<}J@Uff9q74X2Nt0B|7AdZp)H|kjbYtG6
z+95;>5bEmzNM8LoNkt)vD?~sf#?Tz)4aCAdUcxZ=jxswZs%M~NeLym+h8~n)W*tHB
z-r*2v2I`D7j()Vc!q$BTh>pY~Lk%F<r0iMqfCJuRm5b?C2i%kp^Ai1rYj25@r~$7j
z%&!JpZ|LA9J#4o@_<%@;6vJUX!~>ugLe4{fjy5?mdhv8zLmn>pPd;?TE^j~ti!?h&
zk3+dAJ_m}=vS}3!%*San%L1N%KABIdM&UrwvvS0eUk>s3e0J!rpC<#5{2=;u2w;be
zBCBRX+M^aww1(}4{ti)#CH05=X6Tm2hC`Tf!@|bRhIGRwZC=wc$W>bdDc^8((tXzW
z(9?$RikrQ;f^9He+asv5;T}ZU^4&T5a>XcH{g}RCOzxA!54&x<mg50k(+{_8R82pq
zo@$64?XZ-HPZk6pk1R`J;)r{HYF&fR)RCt72+pSFgjo&#Xq&5vs*-u!%f6vQX1xHn
zA9H)T5<}z{4u&3gk2Jns@5vg{ZqxnB^(EkG=er!w+3uxcvDhALRo8#-J)X|f_eNM7
zjefu7Mdc|7(&fIW^LlES6a6og>(@>1%tW;RU2<7mYpy>_%lBy_DK`5JM+Wy}AlKW^
zsd;|?%WZa&f93b%3ii~6^(S^-L|8W(oW4(&-|i%DdK|7z$LAP+e8HU9zV3Kj+}sA-
zD|i_l9)Hh~+K0#Qm;%wt5?9-e_f0)W6~DIolg{WJn4foP4U>WWF`c|x-fZ4%EbJQH
z=g+vRcK_$Jsd0LnTpVfjeixqI_j9ttRqaYNe;nP-Uf*p67WaMaee2U8zb^|`Uz7D5
zcxH9@%dgccbf0Mco$t+R<+OD*JMZUO_`L09r#1z4m!sG6SJ=lDwSUvy3A)@`w|OqJ
z?aS*v_vcMNkL$$QZWBrO-92tR{WULEFLje~xqoZNTkAyZ%nI?q-p`6$)a44&sI_{{
z`%sauitRg}wJ(OXyf-b+x)lbOUzxZv$&$Ua62Lyl1az&CmAk`T`7fWtzO+xeV!Kn-
zMKd7Kf!Fbmhuk2001u61<1%}*PnXJtGOKPJ?3I%}o<NX(r`_m9VBi8(Yx?!-B0a(J
zR@z{Cyx>${4dFtANr2Veg|Y)1H`eH{cDOsO?-Bf*auW5|vVWMo{r45~FC;&|i~akb
zoq4@1k8i-A4~Nb13v(%XzV$DYcX+lQ$CL0~d{ORrJ?&2R#`mLAxyhQUf2qUmBhF5j
z@Uzu^UY4J_=egm#Tzp-}gSLEff5-dWeQ}?B{v>SgNAYkhx?PaKkFIpbX*tnRcT6kd
zzbAKaHbjnmhdnsQr%tOnu;dPYc6{#K>m#&BK|4xznCmmG4%8iNbThTbYL5E{YmWQJ
zw}1MEX%B&PaN9Gg&#*eg;&3K@0sm)_@kcW#0*)L2K!Fzkfaw2QWLO&7czXSJ9OWNL
z@n0OpYt3V9?M38I43AU}H!xEtW}+ks!5k=ATCU{KEa9nNqKTyqHKuilnF%=p!45D9
z=U5Ja^MQbrw->MN^3w84qU+kF=iH^1?-ejT&vR`0b7S>>e>=%^#<E#$%*)Sf|L^DT
zO|S3Q1NqCik+^(}EROfH#@q3rM$K=(apQ(R9NW%?Qn7+P4GPt2lKUZQd!dT;szPOl
zpeF3;mzYL@p?~ioy$ZD*@i{g7j?#G@GIlV+ACXEW$`(woFK1u7Vd_;gZ!s}1D!!4~
zx9_0sCv(#;`<vSIp-uzcX0(n%j8}ItvCaH^`c;C~6^I?F!j%kIui?(H{*32r!(L1@
zv#Pv*KuOsCLiH@ydaW?rP|yCQ=bgYda-&^~wYk-=QLRE1bRX4zwuQ1t+{wAPQKe$F
z+F3B{H#MiKYcN2H7Vh&C727@+!>v%zGiW>8!V|61Ed%GDo@sCsom!SVD)Vov+Hv>~
z14a#GW<TRT6sYEpD!;*MxmU<6A?>5)<9_t2H~3XL7KI%{R|K%{mJWr-EW4mIUVV=x
zY2bL-bfChlH3?VhvDt=8(5tToJ&TS!=(4@cB=ioc4T~-)PU={g)*7fUv*PQhfuxYX
zB@NVDQTp!Iy{7Z<I>kqGDOr0}Cx2(XLY)AD=bgy6oau3D-a_+h;99_a>=^`zUwt+x
z9yqLbaEl1}ccWQuP7cp)!766`=)&4aERNHJ8~cfK%^oo8QRdPwYh*DXzP$#W(RJWk
zb>TH8udon=<;jMJXKkfB&ZhO6j~-D=m1x7AW_7O>CP_@kUa6>RqiKDgZogW#70h=U
zc+@%0^dP*bZ(W?*@M(g8A*=5xn29=<SF?urP5Y0=6wy+oTY1jX<{w5mY>TWa!F)n3
zgcO$Y`KY}Pd8B9rL>oq{{-H3jQuUgqr0*wMVYJDID8`=bjMa|+y@GM7kL6}KAwH>8
zA-_IErCP9pc8)W)T_IHl5^FzLYe6wThC<=c(;Rru$e;p5Rs?|K>$;C#|EiQf`AyBP
zI}a-eN^cR)){xer2>Wc9^EVM50X0BWfqxm`^aKqWOZlN1XH5IGjEXg30n|x=$3TIn
z|KJTvT80yG#{h>oJ$=m6V};65tXb?SWK{qgUPY}GcrGH}k^uFpfp36C2>RvifD5vt
zKBYfN@#X<<WXT%6gXK+=-hQS1;>qM(&+eLUa~{9$<ASqcL9}C`PEaq2L&5OeaPtza
zO5hEj4f3b9n`a@+IMRf8<~3=#$-VV%NYEbZpQVp%)@QHQQ?-vBr$Qa=0t98riXFv7
zT16GXVwo{e$S8g8Mk-tc6~dE%2Z*=6@h!m{=<268-Mh}_(#KG_n)P;o%HUDk5L?3*
zjkRe%+Iz(}TejGCL2|?BSSyMuZ``Q{VKU+d=Q1v8<BG?&<J55n3sj07U}_etUBPxW
zJDrMU#tpJ*@mJhky%*m2`?6CoLOF_q@Mwiq5hN89(0ez$Cs!4{+D4cF%iNBYmsBeS
zG0G*+z+$+Rz*N?y<a4e@px!_HZVLJJS6Zq({VIv*L0J4k2ChZEJnRRqJI?dM{spaW
zXhJy|w_cYhmo`>un(d8pIiWht<3Dxpbu+&gw|&5wnP#-cra%0B-?V+TnW~dRe)T+G
zNujRP!)94|;_U%}tF8^iPs=gEzNXsptNVHHlBBgp5$$tdwwbHvO;Vmcp|-vQ<~m$T
znWz#w=_g}%^UslRpP8)G&4kOLRk;l|6E25#;aO8P10Li|UnJ$hgo|?UuG;npAF%5a
zE^wv3ukCN)Ou57ksqIjc3{0r_%}X!~31~DlBSxM%jEx!Z5V!tbGGCu$Xvtpp-bzcv
zz2^6Hx=i3QyJ^aal_NUZYDChJvgb6V`0TJ}0mSkcax)xuWx0&vnG)DzA;rt%CGn#8
z*?h@iKAP*q+;!tNn+>QlMj8JCIF5qTaW>eG1~UmY7ER{&0y0g=jT$N>xpIpUQ8O&Y
zOC~CJm^jgrqT7|zVJh)-e_?*~(&=C~8W_-NDH&-^xzk~~$!&kTadsoL({h<@%q8RO
z#$>bO?I#x99i5lvCKqcv^l(<ePK4j=<0ct1F^&(<y+>DOI#be)pIUfn$ivT4t`_5?
zN_TZt<E*+`T+}c-X{#$2x5p6wyeKSw#C~%>?U!I1i_vg9aaY@Md<45R^KM2=y0c(1
zKliwDdvkbupC@rW<6oBHugvmSX!|ADT}UURfVoyDmutXrK~!E>Z0E38e(KR@@eBVj
zMtNEa8+oyUHct|lQG1C64F<EFPc~C>=QhRGkzPx{O4~4WxeBFaAU2xJ7j*HGHKK%O
z!;TrdZg*NPO!SCkI`s{&37XLbnhTG>G{9dWZF5xJB*af_#T6D+!fI}@X>Zdt5`rvZ
zB>!zGy<vdE*61y<TV$)$Zk@d}vyJYO+@@-j?Xr|D@h12{6Dh}IwwJJR4u9dbz~-=(
z4u2uGz~;2I4j*$t2<LFbw!{q-a}^d^FVw?KmaVaix?*?L&QI`OLYB&UArai2nZb52
z@HSr->y^k}+DO4ouKg0}Bj-<?H78%v++vR4)$Yi{?UEddun6c#MZSyJU>h-Mr(|R{
z%#;MJ1qxHaI<cwt_TX*2p~$(rMxiHjg@3V&*WMSk2`{p?Y)PrzGv2TYgQ7KZuem2v
z)*wXc5O3i&WgV7gG&0laH>I9f%AM&kk-V1U>y(zcjncqEy9rLV90}G+gB>^CAFhH0
zgOyFjxuC!20|BfB)r;uG-UR`4C%1|In%D%pG~XaIcOP1T$;=uuK_}~PZ{dA3)ZAt^
zsRnP!wNl$AZOmP0OmxqeLT$(XCU4Yzame~oY`PDh@J7+@wpYOx+>gEQn<oAObEMQ{
z*m%cz??BhlkG1k1Y)yB57>e4Mu<l)p=M=_Ubem4H(_BHAmdir_vSZRpOum21>zH#%
zY+$LuVuC;rXr<YWdLY|6Iwnd3)c)sXIar}&8PPj09m5DrefE|gxfP|s7w};M9-wcF
zCz3}5g|gBFG%cAca&z1u3#Pw~&$e+;*@oYKt>3V-{H&yWAvW4>@txl4Me1Ic8?FLo
z0BW_EoK9e?7*6!<vc+vTI0h4UJaAFVunbI}*@8zkxebgsG1wz~HcNZG^Cg<kPCWbM
zFk*W1;MaiLM(U<F+y((-;Hq{onAp5TJog7UEfZ_`H2o_;&5^`B1MJlwD}=`;V&r9e
zLomXF&={QHfifH%DVa@Wnj=!Egwqyk&Yyj>h<EZ9JxGW$gII+ZQS@#IVB@NSE$Rao
z`4(dl9%BkZxviE#9-6!rDj6ATq^Q>Zz%+$KV(gfM#y@aGC{e6{6Ssk=@t1(f)ns7F
za~n5w>uM$bQh0~PsvcbXCRN5TM(tqQ&HSCPPlndBM!1<%mXTtfZNJFjgE69AyC^PD
zPCwVSz`)R4J`ZTu8LXyP^o9fL&|+lF;D|%UhXGNT@no>CQGNaY@pX>fnLyDQjWe-r
zn-kl1Cbn(ojcwbu?M!Ujw(X?T_EWo7`zP)__uOYc`y0~3lhW`&ohL@L)8+@P+6mEA
zEB}ULo<-z2!4Yzt;4mZy$TbT!C5KR&&L#`n$*Zg^XECO{w2A4-fR3Tw$lky8M$)uF
zw$2Q;(Ky2M3N`4<-)OXaSu=-Z$^=i2mzJgYHNQIYjo=d9orm_X5pD++3<?qeOqWM9
zY4uK|esvfT9N+rjj_0@a$;j0uYHh4|Ip5;QD@gK?k&eHQHdqD(Q%iavs3*;YY)_SZ
z0K6B+oZJv;bMZh64vPo{br46Y?Bj&Rs8>8&MQJ;}sMwwOWq1uU$AAh}Q#iLx|JZN!
zT7h@#s8QZH?jc%SNn|JDXHspRz<YiN1%SF7>Kw?3@uPrhp2>7dDe*IELi5r*e*Pbx
zfS4Ie3jf4XQr848L8QW@k@8|WLe<i;!_wW61@owpwv8FWmyN-*<m|L@<d7?Yg4_fP
zD1(FcF6(t906L%q>dcYq8q^E#IKW_UfD;a*lJ;8a5@}V0%9F)#rtiDdL7z9p?*JlO
z9SMN1!TY-+TTD9VI;3g=Orw<3n75}Ye-EEvPOfyxY@M=WtnU~Dj7Qdy1%Q;0Q<@l)
z`73Kr<$<`0HlpH;3_#|JEj5-$LHvvi>xo|U+Z;yA8-9+S&}&1yiE7QjZMHg2HeWtR
zD3=GTp14g9>_z!%p&IOooAyd0;;E5mS)OEhM&j};C3zyI-{1*L<PP4yZpIMD!k6A~
zAx<r*>qHAfM^$WWD}O;G{d6ZXLb9&_nwGh9D+6s@M>p4=Hu)HDuR!iv#9l9K6&6fw
zR)zt8QI{Dx#bpxcy+pLjOtIuOLOmRY$<rprajk=rP=QiM!jr1BTc5D0t^={2I;bNL
z9g@<cTw{*R%-3+JJq4{e%wv@?aL<`yqcO!iE^I3BioPnDL=|)cH>&!tf&uAtghr+@
z{6u4-c3mG}AXeD5(g0VCy_(BH7;G!78<t50)@;4cnvm1N)+n&Q!_k<H!x%yxAAio&
zWXURZ(UiJeA!+e4532QqcsXd(LtPWiR@@pG^0xXp+8D{f%j3_3Vz-am)BB(9@3`)&
zY*AnUGIysmcPR%WzpRD`8NI+UXU!le;N2ekQna~bs<KB_`9f3H@BxeqnrP@PSsL8`
zUWYl}J{#2z(<O}Gkl0mlRabanRJ#cQrhN4r2>|ZX74_ORDetG&=kZd8-hW-UaUFLF
zKXwgq2~WCA7<i_OCiE@33Axghss6W@C@7)AbWk_2f_zg;BFqTBo#H}Qyy}~#lx|#S
zN>Gem>@qsCn`<LHt>Du=I&e_Ob}z2qfzl?gkkhYMaE0nOTmCKgGUF)|uwp7lgB?mp
zcI;{<qY2Wk1Ce4@k-~gmoH)boJ|nn$#HyA;qx2&7IK81=>q!X5^|s*4RS7}%RsG1q
zGb%r<qa*T5rkewD7hi>r2qJ?LqDzMvVG5@%_Km@b?z={F;yYaE=*Q~&aoIC<OV9X0
zZt?5GMum)QoG2JQ%u;H*pY}Sw9hAgz!a=GF&@Ck5{dCzgbWqp4xAIq<Z3Wf27+(Th
zx}F-Gxa+CQUk3GBeeSJO-C(*$0MhmBjTO?zFD3vS=C`LDfMi3eb#Nit+YVMn=pi|>
zn{6Zgh`nz5OqjE$fz8T|gqv+<9Zd>;UBjDq!+Xh-paV!!jY<WxCw*aCv+$X&=6Rh!
z8DLYro{iVMvTnJfUif?!_61_eVDKs@2XKpCcWYlS<}Y!zs9x8>YnHZYwyRP6&>iFp
zS#MQHyP+VbcvAsa+XvP6*{FMv;HRHxTc=$x5ga*qXiIlloK+-mP&lmHTDx@keN%SB
zQ6BDP^=Z5EY9oFfwc`}R#O4l+RQH1}#UOr(a_UPkfB-=+_|ujx&i&_-rQ<b~13INl
z9=E0R3lh#XI}2-MSDEFG!Zmn@)VM=(RRi-Ki~6on@d}&z4!d^H;7@_Ov$q@*aT_U6
z_%ehwgRPGC&`D81nh$sh5;rRQGs7&{OO&M=(VHc^f(}_;hm^n*k>5E<xVMB@w3)@u
zpBw=ZsH?s4BjUVoY4Ddf#VcrI?X&AdJ!Lma{ww%^qS#Z<3|x6RGMZ1zJGAc8$bC_Q
zk_D9ZCVzTZgYRFez28`rJw$o0&`ru(I>8h{F)N5P89&5^z5%dazml{yKRkaVy0&}I
ze7b$X@^@}mK5|`kZ`ACWI;m}UeOun2e1auDpT6s>bZxq~eL*vs_fK?v&c2=Q?0?ea
zzlCH{NS;&ctf9n*D6R@0YX<>h7X0eJw!bxb)Ys+VgZVj?KF5GdeX#0#{gYyej<`NM
zAmP2N9}PkW`Jz|t>YJkYUZe0sswwsuzlfs0s@?OvWB!O<L25oeAh2Bi;6{G>Ljb;G
z)TYkW4ls7Z36qF_D#N~b7kxnHF*vU#tZB{%7QK?{GAnnku<mSoB_XGjqDoUbrtDX{
zA-L>w^LMR~hQC4Ct`{x>LOW&^!i;)}9;7Gu?~k4@RJ9>{59{u)EY<UAGW?S5R$RyY
z;j6qR<T?I=^?|#L@<YW*)PRJu-p&SqF>_7)9L68$`<Z`o8TJb6*BHGn&G0VP3Xkwd
zhQ6;@5uED{v{^%vfB##@{tmavHGHpaf`jUlVEV!M&u&H?wSPp$#YgU$440X6n#{9J
znY5jTSnwa`G7H=eb~UmWa%3AN#qpFQM-q*MuU86Wb}M31=_Cb8wB#UY$<Y+D&3oVN
z^j5%$+lN=qG3Sg&&P`*_gh8x5GRn02w4!PjRq;&ySXSCL#jJ*Bb`iI~Y>VlO7S=c_
zF4^8;l0Ytd+#GYdP)Wg~3<s+X-H8;dQn6AADklwPvpU@wX=3Er7aq9-h&PdDZXu+)
zB*%DoB94=4Nmh6>#7O`|=m3W*bvW8EHhpZe19lq>W=sljPO>I;VM<xmV^tPfjO7_f
zbN%?-xKwe;6w8me`FCtnf>Q~37He^>ajf7Z6^J)d|4uRD0wnEfVA3C;RK$5f;o^Wq
zVcKE;l1n`hZzw|rN96W+um|XlQgA?6f~LbTq7a);=~N;#^HmYpL+^2#W?gww6UNw|
zby*wQ*;K(f37Jypf_Cye=U;il%7*WC0($<K$V4F|cpQ|uR1_<wIVAD*MjX&WB~dbW
zg#o;NdeSI|S@_dJc}`?f{|>V;NxbiPou$#JBeC6w3V)$|kEyQ*E_o~By&|KZc%6mO
zrZ=61Gzpgb3&eZ<s~JW)gnQOK(wHo&Nk1I=0)z`#Q6B19c0zyB;xs<fQL1RttZ*g@
z_9IFw|7rHPw<yB}DlNhx4k^-;A^>nJkfnKeHc*l?>n~eF{{&vaHN}5ZPu5}tFMYG|
z!r-HWT*jw-TC05;h&Rr;qm(Mi0*g1lZ3mTYO>}b0)0ic+rd<W|(&QFp8X6fzHpp=>
zBdvn8KYhQ&UO%=nqZNoZWKO8iJ1#h=+z_>K9!SmfXwt55P06Br0c&FhdZofI=X#Mr
z(+ReTI_2;h<!~vXEKA-L{a9pbRfw?S)iGbOA24G+U{gXo>R_|IB7vP?rIOLXM=D`V
zPw00Cge)`!<KL95HZbb%%q{S`W<Ztx9CWiL`i?*qzQYRngUVLKE5<7Dtj)-$&}FLR
zx~-%!AB<ueAUasp3<Z#gag88fKmy+&yE4K^lq&vnD7G+5l3;c-P>;gynb0U1CQ~`7
zfw)B{F3ayE3bn)FDhsZR#DpH!c}3OY^%!{%7|q$O`V8X+qV^3ANt1&bP?ZIZngwh~
zr<PY8Z9veA=&~FbefX(I2?8sA2Lr@R*>JPZt5+ueHQ;MVqc0KUdPdVC0gxit^cbfU
zyRIDYV0J2q!^)Z-;QiA`r)K)ju=f*JKrTb)BZA#EvO1O)0W=i65NtDWNousKl}U@p
zv0y$VvY-yUVUYD6gy;)u213or6C_;q%t#cxz?KXG)!lr&AdgK;o#eA{yC0;lJ==o7
zyur&|EQoU?`R>4c8DwO!Dq(dBk}oKyYE4mMad&Y3KG9c%pI*Y?YcXIQNFA1i#{WF(
zQ~}9`W9WY^+v!SRST58OpKxZef&qa9+d>{TFAeNeL%z?2ZtER8hyOkxQE&Q&ZBYR*
z*s80`bwcfn&>f<C*@vL!8^U0~4^2cc&M0tqLe8xMNDW^Em$90c8}3qQ3PD2le%zX1
zP`f+aAYV`k69GJtaH0ww_F<2|F{6)*Fpkzo7!c>ux-WI4>cJs_K^d{T*a8>(Lg<Qz
zl^juCS+T4PkIV;BIIi7-(3P^1ai5==|I*c)O5^pJPyR$m1A~a$W8m(Rxyk4C3X!Vm
z=Zvo}Baq(08Sb$Jf@uYboTOW0Wtd@_nib=gtg6fI;enWG(uV=jWALchXHyD3Mn>V&
zl-yVqGlC{#iaZDj#-c1B<i*^QBb=)*$@Lvao`o_(5w=4lh-;1+sp}KA!!IwfS;K*I
z52!=i?Xu_L$L8V3aQR!N5cAQKS*{D#Bq*<QR@a*n92_abSmD$`16_o}eIyy~9R^5A
z{c+^&^5iT7pb>IexMfh}JuhZd52eh2y>qK?gD7UhY1Nkh5I(nSdu}L{(BZ85r0!lp
z!3#s(ec%pW36PguRIiy~o&*apKxPU3wWu@DQx1W)VRLUw6;@G^YC%G9D?G+@hXVbU
zlIdL>UH}sHSZax<gVclT=+V_`WT*=jlk*In58#YEV+Z+Sf29dYJg?4AAi*IGuEhk|
z3P5lo`vB(t%yW2!$L+ybxVb&tZ~W{wMQRRU@b%*P>rXb9^HI$rUTI*-2Lz2@M(+O&
z>?1`~8>{~!$v8mQ3xl0&l9)7&o28<&OBr7&%RwW>h+?HSiqR*7uz2mS`TO5zS3dTE
zQih`Y)_ymzV=&~9)GLCby9J=SR^PjCL9I^)<k%!`lU>%agz?N>ILI>NOxW?@E;j0z
zRXh_nce2eBx~~e4(DGQLQ7`jfyH5_#(ii>gHIO>g-6x$grHUhp_8hvuE7%$6?W*O#
zw|S;OUlhb;_&P!HG$NN!UUf(Ho555IP#l)E6Elz}B}!&^^U099{q$!+nn*j{FE@-n
z0s>|PpK_bO9YANG&7jDjSU__Eo&rjF&p|gpi%4N03BXuLoX6Zq_#5L;as+uj#8<f>
z|2)TM2*yIMxqc9cK7?^p^{kK$gguPYh{S3ja3pCQEqjCL7g2;<>b5fOQ5J=P{OA0y
z>i>{_MG7~xy?X6xWk`(vP7qmQCVd~~aFmPAi&J+*T!uUg5k5TgkQguWzCK62Y<E*6
znJ5$iciaJ7ybb;SP*Bm+LwwO!QGrO8S28ey2WgkXIj;Jl^F^EN)14e!<gbkdcf8(>
zU%fb|KhDn2r;8p0eVo6X1xhhOC3G==%H(3sxExxRupUaC53z#mD(RkGAWmuH%|NnA
z?jHm&oL{9yC~!_2PItbKPZw{`|3MT9c6@tw5#QNb+O5QRU%Ejf-88@nVNDNuH3yYK
z;wOA#cq7`uM-`&(HW3{0t~$raTT=azVcr{>XCTHBuPrW-9=s=`3Q>vThslF8J7B_#
z*TF;BuT&&VK30t+_W+UJcDTgR8{{{$`;8D~sY`z3E;bJ)4<G4!i-BG-dxG#LfPAJ8
ze*A$ZX49BX0J;D@gm2$-gNNe&b2*WL%5?T8KqWhz6S1ktP$Y0AY!>B$hrGapZP+=B
z^3g>$^luQ&gH%e)l^c(5r*hr+{c<1Tjh<T9&mHlllAmu1Q%B~LgVlG=_z(beSwd~e
zOD#)Sn8YL@-WU8QBj=ExnDxOuu<<USO;D?(E``WvAVV&y=QPVG)li4cKtOD2u2L>j
z&dqVH%|)kULw-T)nD^3>(M;hZu6tg;T#BJeZmD|U;yY<2j=b-B$Te{EP&#o+iYH-x
z=aj$mr}X<yR)-p+f(~>O)_N`dz>WJzgp6bAjCI!Qg>qwjM7NlPBmhlO=kjV9wMCAb
z(dzQb%-6N^4sg)%nYYx9!0zkL?HugwY$48%gRla}`$|4D6D>W?ydc%{<_YFDbM81>
z{@0{G_q-~K$N{IA$f<)gBlX`tu?YddslSQW?qT3k3k%qgFILIjUd5!v^*u1_vvX8*
zI`&gj$zf-2)6l`+f3r@#E0fLCDNW9fT0MGvy-jiaxdBXm@c>xWJTQ5-z0SQ>co9bE
zV7x1`>ZiTs-|M^3XZ8hD_K#nQZ1*-gl1itarx48f{v0x?xLQc<R}CP=?^Q0-rjN9G
zts8eXjtv#OwNJFsi$VIPDRb|G_s%7Dnl0CzS>ar&#j;dON_#YrwHA(?!h7>C^0n?z
zZoNKE*qQc3+904cX?q;rSFI4%hPNx956tA0Tb~|f=wr8iq*#>tB_8!$d$b@N5{$H^
zb3^#1e-IvdxI_R_6J2HyUft=FxHz*|ZL=0hgiX8nR||ZvBGb|g<`b!nRwUU|H7b^;
z_>tQO-)>&{vy7B)bQIvPe2lEFd3bXV=sld%>&Lr(p2tGINFiI*o+>Avdc3RM%d-=6
zdbpmd7f!_nxFOv=_cFd9_QAOqdY&e?EZtnT%9mP@hM)Rlo*ZJr`Q7-KrzdXy=_JpZ
zOH0{A);KdlJGq<G7JoDmwfMEV0-`Uv>U_Qv*Q4%%OA5J*O1L){X3jZh3x=MZXT$bW
zui^F^3Z^_02UhH^dhI_Z47)id(&%d1l|SmILm-744RKN6d2vskq<X)Hr!Xg;8dK5V
zk{{)Lo{aSrZJbY{eQJAkt;4?C39l^<YyD|TKQq`aj}8$O2i^y1Bc+sAo}}w^J5n`G
z<KvGpZ@;q^eC*D2OA|^F3f@{>|J33|@>j=Q_6W?($=_u?*$jP4)i5sBcUkW^w`|k6
z)@$XJI+n{y3h&-J1!hjW_I4WWg!M&k9;<##YuFp8Z0&`W)dqT(29IQa9;}?51RMmQ
ziLFtTs88`T=|6SFeDL^cE_rMOepz+MN0n{6Y!R_gHcQ&A&c1(mL!)lVj38V&YuQ9R
zMi3lk__)x#X}UHOmA_4g^9k?B19lAh53nYBSE5<8-;TRS>Xn11dJ2?5xg}P_zPGnJ
z4xX1lp=W|-T+X%h{xtA3pT8Qm{QWMq5`|eHC#_#Y5ng{n<sZ}Br`?oq$-KBR=%lF=
zUZ~rNmEGty_c{qZD+B<_iFHLHIy0&?wr@ju_(v+wmVu3}cnze*+<xY@<au-3V8YWI
zGQ|c~s(UqCK9}B8SfNw@@^N1hXk=NLu{?}l@56+@V=OY&o>M`7DMk~p%PVe=p8lgj
z$Xg2<$JYE~YH`V{-n(oUACj(Ar)p$TV(ELm%=Sah+f%mb<z<v%asjoY{MdSEXSoY$
zyiG5VXX~xaH{(vYe6{8^ZJSIz*$rlXZu<@LSl+b|M=y)M9)?|Tzj;?|z8Sk^=291%
zSI`)Y+|q*}i%Cyj#kwM|<4}9qReFC~Ky?g}GlVler_|qA#4GT%;}$7<_)Q&pHMIg$
zHawK2%7i6dguT%jGMul=-l7`6S2pQ{)u!w&eO365s%Ey<<tE^lL$sN@4sQA04R;bE
zySeSq*zvpDh$87+S}D_yUL20nN+^@R9#10SC|ub!^=<F@=02qz@^%f;8&W^2o>x_7
z*Su7_4Zi!$yW?LdwyQJ%*WQ&!=a(h*dPk-(slH_~(!Pfd-Y3&2RIJ<SsUJ5v7mUZF
z6XN6sk&cVUHMz5e!P~9eYw9@H8`~t)q2UFfHELik-aKPE%r4RE4I@Q3vP@{#zLN;3
zY$g<78$8o;UR`t?o0Zw6TAxpFyk!rPXdA^Ereao8+;TLY#~F>3wB$rqLiRf<)yYtu
z%6h#WuA>|yBbnuRt<F*6SM|6r5hd5kJ4I2a1{}s~C0Urgya}aL{-w2LYL|{|+x3r|
zt)5PH1OE7;cB;P977fo*xvD0gF7DQ!F_)ORVQ<GcW-Np5rDWo+(%be^yFI@87=lBS
zbnC-*0DM=E&uG-QIJ{n}21wW6RInWFW?Ap%Pt|B7@Mux=>$Enkv8&v44<;W>rPq_c
zsBkpU_HUm=y*^IsiSE57SW_V7a=p|X=->AD%Jgfay39dYCO@Q01eFiQTV?4ysB&C1
zv`$n_((OJuuK;1MTT$7rBatDk$Kf=Ktuv1~RXh1_jty_)?zxpZOXz&Hkm*aqQd;jn
z&+QEpspG}o<k1qC-<nNV5>G2ei!+}$!mI2W2cQcooZHXr#64J2mJw><+BP<xu5{{e
z2Zvvq&j#H)GCMj7`9Di@Ii0lhdh;B-=E^hITHjTgiyyZJAJJ}3R+_jIr7aLTcg`&`
zUcNVd<CF0_npS{s%AB`l{?e_Af~Jv1?Flyy^iI<s#N4~+cToBXgT~vJU{>56IRS)b
zH&CV?0v^Jbpyi)UN#`4)4mX6YkC1CT;TK&+i9<Mn)?a#%e*|7B1XiH*zH&Q5ue}eT
z?}ClSh*wB2Pe|v+D7w;i@kn@jQt^mdFb^2(hukLr7)IWG6TiRKxcQwP0IZ<n54dfS
z<Bcvw3?u8^{!M~cr0o=-HWWN98&d9G7&}7lRha^}_1C8TMq3;K;U-pNU$8qLYDoAK
zs>oUV{^-c~T(p{EuSX&=|4bcXq<w=sL=WK%pEyE?f<bkg1e9@y+?hN^c%O8K;_d|Z
z@E7ihCoOh_cK!0e@6orm0y%@v823>JxCoDp5`YzF@}MWqcvmqd{t(3DD}ON*txq@$
zare(D3+Z<&aF&Eq1aym=Jr21~9qy#jyVe@4aB<+p%vEd@9;EPa;x6OM0Pt5WqwVu{
zb?h>BEfG=CpnXV(G8t4pcUglW?p$`hy^%!6<1_w@Kr~Ff-oNRJf(G$>*v)Iip1SVp
ze`c+F?WZoD1%dMo_I!S$2Y<X-q1MgL^3(Dd9|vIh?Clxs{T^~U=D5#q`{q^qDKtbp
z!oWxRhg8ze6L1b%h8^L?C)xpB>l|8snzXno?%zg}&1)CuQy)cB+u2-Ao2odD9@bo>
zfsQONFeLfvF4p^OPd{@4toJ*IJvQAtmrmYDQ>)|;5T-MJil#-W9-9!`y;@nvv3iD1
zy#^AdRK~|m5D2R9y$3H(FO5p6VU~ugX$sheZn$`hYJwZEt^N7mwF86<=pP}%zTZ#=
zydtnBnYPk^Ck09fjQU^=OPCih?M%6T2i_T&GWSFg{La)E7x_(-rZOpI3im*PGE!w`
zm>w+y(iprpZf)es$c^PMY5dFxNcWauc8cR1#5Ij!w3viCMosL?GM#2jpY%9JPMp#<
za7^<m@oOL3G?Ys3oa8NuqB5gSgPasTW>TJ7WNe;9ImUX(^62X_)cqYjiE~W%5aTi9
zrJs=|FZ26>eWAaJm{)`dv?#WyjQ2d~unh7%+>-?55rtX!mj)pjc2HG3T!W~bMDU_H
z&;A_PBaEYHVjO!$j481m3(k~aA0_ORFpL6egb>UeaT6w;p!7dEafoW33MIr)!IL?P
zlz`UkPrgVKBw2p9If0behaxmrn9>}QGbWy>#VMGSIE5kvSM+oNtuwxkz#1jwQNhJ2
zc}K9+oX(#Z>RF>d(K!WXr{I<XwR7T&Q9T8{a|pVF{|5h@eX=e-`3KmYc=r9HE~cI6
zo9UNbzyov-!4C?*AHgKTUg*7)52oFa)&q%$)^?2B?#Ny5ZOtdC5A)4%=L7yH>Noqh
z+jeB`^vtf=U89FDUmU{G$-UF-FCSonG4Z>J*P|}12Jyl<b>q;GLL_rW?11;Y9tr<<
zCY4E$_|yNLrjw`0@K=Ta0;>BL+sFMs({y(KmDSf#L9oVI!ty<F8{2a7I$U!Lf8e)k
zhD@rOtH;bp%IjWrSg6WZFT%?tKjgS0bHMr7d>{i`44b!PAtW@wqhUu&5yU!@S5y=D
z#YII$eZCrms@gZGT5qe&C2Ove{zo%Npz9<{*^a{7ZRf*#=jG$O%dB_GZQJEH(EXfw
z*GUXMK%4@o-xUbxPGi`9T<W;G+;|=JcY9RyeF|r?B#vsn;~=wAi(>P+QeFDBbn(Ji
zLg2{ekz{5M((g>!qxrEUR#kg%imOQx!99U_wnW#8x=KIC@+!sAQn9EIrUBgpO4869
z>6-LG2P0yJ(ychDfeeYGVK0>QfGH29mUOgsaCF#>5jET+)iJpE`C)TQ$Nm~d+KHyF
z%Au&V6ve6gXv|=tdAenGOU<>UY}$7fQ;rGyBWl%b*)4W!?aDDdXdU5-22)SRehE{@
zLQ__|5^KEQ3lKo|DO2cyOCtuzhQu(deK~)*Xb}m9Q6riV1VSY+70Q&5rVan9f*Il2
zkz3|2L6$><{=+TBU%;LX{B_0E(~cFOP`>9$xCxi?65|+;oMrG5>;odsX@})>iG`<i
zp-$@I*-%Db2Z2<B!Il=GnI(gW%(hWp8IbO??f&9po}V%cZ4r@3jLAQq1b5FNhKUNh
z+aDwb@^Oi%#Jie1Gs+ktVFykJ1idKP2^2F9Lc7ICzw^LVPA7<<XPM{*4Bx^-C}I{O
zsmH&@K|k<y52C;<2%cu8-a1?lc?~d~E2gK?)7}ntC{9-6@VK#v^cT1NitTi!qenL4
zjJO;jff(e{u=%4BOeSvH_`FOSWTHpBhhZU8h-ZKuq0qb%|7G$NDuNvngS*T7SP@gz
zK)z0IwXL~6k)iNap!d*-D7%>4K`$DdnHEP0R#8)SZc|YJQQo`{M-9B^C2}VY0;SS6
zXxfFXLK0t098R(#W!x@3r{1L+vEtq}ypN_$8s`u$`24U}KNde0L<kvySSkC#hiV+{
zaAy}y0;v%Rrygg;)aP)jXhC3Fy=X&n0?v6l`ZT#&1>=|<d)g(R9Ly$hsFXSn(wRTs
z&!$zrk_;hOa{}H>MOVR&Nl2?EY+)lx1TRW-X0D9A25(LcR}UM_tU(^Ixmv>Fa`_Q6
zPwL5)Y+5fKge`qAD(lr{-L$DilVg23I%QpBjT*DrAD}TMo95SctY`+6=N%N^B6ZjW
zc<%0N9$;YSW?mzPc7&<SZrwTuT2`e&G!_D#1>UHeT<vL&V79^gVMT)zc^(kl*#B|L
z<Ig<VagqU%Aw-D}|63FwNrn<zNrLghTu%MqZ_+Wd#97i-uiZO6^k%oCcU;@?jNCi&
zH1{2wc;F&)uG1Yasf@L)gf2bq=&*&7OaIKV`@C?zzS7QR|AnpHl_J?ZL2>s(fq|hD
zb&=yAHN`p8aI}0jFmmkM2)BI+IQ`mU$HS9Dc+y5o`S4YBvOLQsAc!%&@x3@aQ~qNA
z>hLyw$$@i{_D>)3z2V#g4HdW@Pxrh%_YXzKw^{)hQp8;TW$131Z*x3>`R$wKvAciK
zJi=Gb+j8<!x-z4(^{}R`atva*_B>&hgP0imxp%oH|D)(@b;RqtZvVV+y_U<rV6n~k
zbyS>)uspc)aX1=IqXNM9c`ococPcLoo)Mer0^A1jeUvlEX`WQk*nQjH4c#Vg#max}
z4{UwVPx5=-&28%S(m^P)ddhLX&ZP|9y$t(;K}^P9nLOCIzJ$%R4{xCqkF?M|Pu=AH
zOESx2|1B4aVF<#7$Z_-K;ND*MeQSM^x9jR?b1|TB6BrnFx1=_b(-duGiIYy%nbS_j
znyAO2;<Ujk6orKUp7BmXcD;^zIuU#OzR`1vFIlxoXL9Nk7#e<#dA_*@>mD$|GR@x1
z)xQB<2(|OL1ij(zVEEn~dOZX6<#uNMuDsOg3!RHM8o{_x;m@u4Hv3jsDlg?e35dPq
zc*qSD#y|$O)7ifN9KG(Xg*}xs!ohrXO#E4-<A3V?s{J_mDe&cSx}N#4^F13*U8v1^
zef{FQx_~Uf&jp-6Jtx=dkA$?Wyb4YnuIfOx1X|5_zC;0|inve)^`Ck=gLWWQi?<fg
zH$iQMbj-adpgt9FtVg}isy>1`|3mReMg<Bf0~;tqWsLK~?STGgw3|HyMzQeUMZ^gE
z|MUr%7~2{B_jRNSXN_`#)$@>j@PSK^<vmRRWq)|jojAA)1jT<a5qrSQEOC+7A7RYh
zBfY=-y7|CqyoFF!2YjJ9&x)4?A*G<Dnyd;#bEQf>7^});Aq=t{J;yvwt=Lhnlio3J
zgSE6h!^ednUEBL|^0s~Bu><H`c(V2~hZ1ea<_g5qyJ2K&R!p)17FDb~IXxGUi7k4n
z534YDV2hW+q^!0wf)ZW&E$W~Xjb-V8pTs2KHiSy%h@ijFvW7YZU1~IJ4`K3$q_!Q1
zrC>N(f;M}aFoCC_I2!hM5w>VWPE>J7T9PTFl#rQZoaDvJG}dyH4VLaq330tKv)x)^
zcvO5nf~6#x1$&5#O()8{7=%%HQAM2vozbd_&WiI&UP<h5l*BZplzF_dVIJkp1N;bc
zd|L{(46KQZO8qIwm@_>)h;DqnI&&qnmF9AuwUi<x3YE&(l9jm!hj;~HhSQ&=&_!)Q
z^s}mX3DYbwHoUQ8Lm~Wpkcl~U?G<Lxx1pRV^Nv26iUiq8)iU=#$_<jN2@-IYPEfHR
z8%sszbkZ3RjpgLN|DuHwXQaa=hJ_Uages=6DeemRaf>0Ch$**D$2ua-H0J`YqoT7#
zMQQob=)yI|#Q49FHOKidrA_}V&o)*}ofMYQ%PLZh(+_0*`t!{WevcMssL2SPS*n>w
zmP)7}GDH-?L>4MwAT~(bsFwFP0j!VVQNmCHfl1w%CrRQ%ws-2GP2hmj!e2lXJQQqr
z5MHt$+US`RjNkM<9NXm==I^c7tS}p9ha$XhzR9KxZjHT{W4Th^@kPX!AYqAvYarJS
z;HBVfe5BvHPU~~6C~gz0H2WDqe?!(}g;B3l9V$<299la*rm#YNiTi5C=DkU(<V~_n
zlq)DXC;Ta13&@j`M7d<!;s!~5gC*_(Sgk8tHaSFZXh@-?!(G1)OM6xjGJ`2a$De}U
z0i@)ISs2K?7V+CuuT+K?M8Rn&$8eb=8dS3j%C$_!iKNcV0k}yvanmztt?UvDkFf56
zuy^{yhhY0$Mvk_tZ321!OvKs`S+kte2XUqmS7w-IE;W7ZGIC%^v~#T+?(7SFqyAL7
zab#w2P36ky{en!i&k~NK8Yswtj($iMa`u9iCg_la*{R8VBxa4U2S|j+w%udDET|~g
zp<UNT>0`%||4KF^PleM<F}Ev)I?vJHlA%s{$kxCb!huXBH{F>C2q%@kDw*4pw19Jo
z=2u2DBy%6y<8~R`b`&|Asp~szMt1s%whOn#=aSMk1Rv`P0wpHDLgzEEYfcX%qM&Mo
z;KG(Bcj)_xpijgV1(5XwXpU=oFc|3CIzISiBc!P{-9L<42e|3d=u!1+t_`Q2yf06u
zPS6Mz$)$tz92tgU#svO`ovvHNDq-g9p<Xx&7#<!1d{s_5&~P+W<mB!oQ=Qr`eTBU}
zeFiWr1m$nOy^x^)t#M&#oh|ZvHax8j;*FBDL9|`iEa*b9tR<%#e<OpJS<CVla7sG1
z)Lu|zhjD^Qj2%c+-;6%8x2+kofud}q@k^)2y&l&2;?R%N8ltlo;bgytw8<AHoXMai
zjtii{v<}9>Iu8WahISa+JL%#)B=$?vZ%Y|0gD6bW-f}7!8}p+Y=nRKwK3Z@O)J-6V
zwonD?Ax|wyexsgP$<U^|q#x16S_!jdVEWPqpIWLhVL}-Z`)+x0JEAvn!yJJ!b8GF~
zsZP_zGq^suh*DVZaG$<cs2p1o9`|5TJ2}9C+nQmQtI0UTnW%Fj)4S0gVxQIK-JWtU
z$=`zGXhPY>f!*e9cLO=D?jv$YetT;ixXNoE);44^4kDMWxw9e`4u<Q_?IK)>E-@$$
z*9GtQt0QCy!z=nV2oWHVl_K{!1ddrEa6$)wAKe7$)juN+Te(m6OVV_AeD<RG5kefB
zm&_4O(S=m9J0n{LWVbNNzMQoLG)lnH5&FOg-_zDV0!dU3<rn)=%%y6)-+!E2Hh$X1
zJ%jja0EaFG3EO8qru3_JM^?Kx7b~k~C#U2-rZze+SNNZ{<XE3?KM=V#swhV%2fBDY
z4*7bbKzPK=V!YqK=9|6bYR=FjZF3Ruv#wnG9Bj_>+a_P|d)ayZRpV;;Ubo}_el?Ka
z;=BGjYFsC=ITbjWysJEaT7&5=FJfCT<MaJkxT=+9Wy>ndSiLi}8>{ve{ovo6r}zCx
z|F+{<zCR!M-JcTuc%$3nexG;e^(gpodCyv_x9(*muj2UgDJ)K*#!F|{=IUKge0V6`
z856wivwQC}hgO3j|8+1Xz0`Zzo}kdn`rWsVGE&>C(Bbp7`)2mkitnc9;r+B+*qFOs
ztJCg8>SFj@^6rNFX?$5br%}!u)pXst5sRzabef!ytL>S%Lht3YaqmX{<NUmHH4sX3
z;oEgMO~A+1Re17>Fww&2aMoF<B}dTJb@q^JW9`8A^jI5gbP>y^`1Xajh&9sVmM__@
zne|w=a;{^5;H_FqBY<6npZHcmmqxNSKPJOa$LJMma9UU5MmB~DyMY>kHBl5MSPEu&
zFvs2dT5fl9re#Nto_Qm?g+~O$k_SIBjI60T(}x<-`C^d)gFz9Zlu;u#?Bc=*NjUxU
zAr>`9LZWk_6liSg>J8-()i=W6g=ABBNs|FOB`scd?Vk@O(%AXF>pSzBZz8YjnDfvX
zF!M$CTFL9ncRRBiKNmXwoPVO1&e^Tg^_%ZS^<Cg@ZNTPZ!l&-+lVV1M|MbH9pb=6x
zjQ{<6O1D?ztkBa;tz(A%BmU!14?oj=#rKJOWqYmpxH!aUe1gB%lj!ivaAZ~a10lz}
z$0HSr<xQ6?I>b&<9isf_OVy7B8Qen=szQvpLa@0EeyI>*G0dwBGFXAY6ES$sv<aLy
zpuikxND+iAJ_KJB0$X@v&Tug(LlNe_u$a<MbB?(Qy_uvf{|EekjyEikep0<?KtMr6
zKtQDb*IV1f$;i>d-r2(Qzxntm4S+MsO8Sbq@r9<l{$+f<$Hb^#-|DD@A1+}Oov}ec
zeIJjoKuU2v9j&ww0>2;7Ui|GZC~1jKrwoYEvC55-{9@UK!=n5oYff2t`2;q}%qjGY
zqA82St=SR_DT1@_p1Ecuiy!q|C)ORWm(HCJ2Qv27>T33MYB%;b94(yR7v1E_dn}1#
z&XYOw9YW>$%&dru^Lu|-(!;M8Y3JNojKYBwlVr#s3XtfM>0wKo6vS{63+2s#FhYsr
zcYpbF&Y8uK4oa|)If?asE3n|hk|m0+xr<!H3^#|Z7Mesj7<Qsh&&p*48`kTKNSDAg
z|Di>_VOm+Vhgy?iNueJn4bYi$r)1@!4;@P1i~;{7uA)JO8W#T2^iPo@Q)<CM4;xzy
ztLP3F(bJSN$%i(^vNN({j2!MnK{qrYDx+*gl70+RPcbIWt``bcXUX2vszXp(zy=;7
z37Pj;#*4OqD7*?c?;<R4F#%KsMT&M>Yx4Yiu6vPVjX$DW?&)*z2@ngVi};R>>ayU+
zU|mxYj-3TqbH$IRSy{mp7D=laxDhWAjH`DV<;#dg#^P|MTn9(o<;=a<7xd~ynu#6c
zKbZyQ|B+wEmI?+Gf@0%{+Dp-#{3R|IVMY(Q`!s)}l$HuGC&s^o?`x6}EMZT^WTBW(
znY34GG(MQi59l-B<lPZU8JG$~5DdwT6eFsqiN{8{4ko2r%?&e0Be{fBuEQQf2TPPN
zWYo!OWHAqFb!SAIGS_yTn>J?-#Yd5kGF?|cOx<hKPenhM{|z@LtlJvWF)wEQ%K%Ea
z2+gMmFFbb?kFtajOq^IwYh8gHjk=qP5uzfG8!2+ox*n{RaSEcaUV<Yj0ySFG2HZD+
z8Y?6e#Q}^a5g*hVQGmLln9gqj{LGj(gNm?jJ7XR~zjwI7d!13VJ1r@UVqepj`M0)+
zq+OEq7$vHVGmg9#DfW3di9z8Wld-(W#9zfaN~miC5_5}+<Dz(_5F5~ZbyXC_jFvyX
zj5Tn>3I!&d6iz>oPOhcZVS(t-FY7-`HE0GDsVT$-<q90acL(%McX55+4vOZX*o3{x
zLBoW%8aW6D5}92uRL!|0Icj=1FlshVduJ7Nmn-j`O-W>l<CfrC`RbZ9A_M~X@|9ny
z<1?9h8`;qZ`l45G+;;mM)z7(`oHJiP>$M|3-gMGr$XMegLQUD%r*W9_#>0Z9tCY$1
zv`Mm7N9^tb`8Z}jSh<Ou^=$n2?B(3~Yz)D+>*ZzL@p0@L3YfBqK2lfaa-h8X$v8F-
z<Zv>4U`xgcy)m3bnU21t^>X@C$i_NssdA~{;`OwZ1)^^1GCt{4|1^tGlL%oxLshS!
z<lqF%-W;a`q6F05O$*|s#OL&t)=HwH&0(P?i8Y#d4VTRBmk41M#3>o5eZ{Sr(kGc<
zDsZHtqUI~yQ^gb}`A*i{U<@mXs%!ZX_%7{bH;v=;Dpg9o<z*PzK^z7y<*cEDkzl#?
z<5$~NtCZAo^2<=$(gY|8mih#|FXaW<=F=KSa+m{s&sm0K=v^EML9LPR;FVqS&6EPV
zbzE{;J_^p4cE~1%jzW9}#8Wm0pwFhEzZI|*GVuQGtMKii&E$NwoL9%CH_-O7&K)XS
zpi8OW|7?JX>TKt~Us@)Y^%`FB2qRxHZr12EkDnNaUSdqivDynM+9-?eYGeHA6gt;w
z<j_?cy8Xq#?XH5|)j!d9QAd3tL+*oK|3@_lhKq(Nb)6cwpT>xLuiAxC&#V|x5Z^dL
z#V1(14PK&CrALadX$pwD)So&K<48^kT#!3(RE5e=GFi|QjyhmnPgFA}Fl8x^K;E*S
zP}Md$U7I8t<E2ssT0OaHK_hsnPf7w5vya>_FUiZUQu&XQ+&WkS#K2X7y5USbrHBv!
z#lwrki$uV^@K-cPtZV~Ek(e-h<c?5>&Tfb7F@2Hppbzw~(&)Ne%lKl;eFAq;MP31!
zzy{YY|2`E_Gx$j93~2-n&58)QBH%HnbxD6IN<Vp{3HbFh4$YK>utOR4mQo`CmNt~X
zPwd*+3x@?289u8$+<q3v?;Lz)no{>w^uJ^g*!m4P1Y~(-4P{DxEKPKWTE$JGb6N2l
zLd3MpEpb?Uw<e<+Y>Cgts^sjQo4}du`Uq)XwvC-@doZim3RQe=@I7R^Siu;Ow0_~j
zSVJM3$xeH;jzk`%*q*Apz=biD_zeL8d^ln<=C94}k$<SUGDH%UNRp{r9N(g%xE$Cz
z6$o1)QXsQ(X^^s~fIGwcRpKH)q~nrVRZ%h*36uSmHDVH_sg==blr-8ct=<QZ6OH#W
zh#cwV<oM{;6eBA%h?v|RbemZ#P2CcIpDk!yWrJT?N7R;y_5qJ?X_|93izy9$Nf#sg
zk5yC$cX9Hi2D*$2M(D(}z;n(M)giB$5Zk;!E+@NEgU|$5(}?;Ltv1u#iX@%PH^Nq+
z;K$RJzBp!23Ex#Gfve6D$|9wPDS5P?$C0-cg@a_qIVrXq;>3E9ZGFl8E?0u*)vk<3
z1j&?OX<8!X+N7WDhtfCbl+7^KB9ld5CDl-&%JV7Bj8WY+_r5+o%yc8yH}kPIgAR&l
zQC&i0LvnY6=T|YqFY8<<s<Q|K<V#nerU{$D{5nHcFIKBSj#N=A45Qy`%G->q;L?)t
zjz{(-Y8JKNx{2h{3fh&K;Ke;uj#US7Wboob0e4n+J*)DMz!(ZjXov(y{Kd4OvXP;U
zv>l+JvMeFT1jH?_RdtekZ&n}AKj|Snn&3qw{SzEV9eXGMY*bN)#np+1UK6<XdxQ&D
z3_}AVW}zGlQ6l?qjM!gt8kU<hsVM=p^3M{=rh^t7W!UUirdClM2<ORokyEp?DyUC(
zpep>x`0x_rjbFojBulis<V*V^w9YMA?P(}~8eNV@{HGMmV=6FJ(?vy$YW`X}FUx4v
z>D$&1h+awiV?|U5)B>?o6MNG_SMh`$G;?VI-_sG+(zv!u(VA;ifNY%1h3QZO^UJH^
zVXoQso`#ImnO}l9VVTwhA?#)*Q{ICga<e#^q1jos#w*|c-S*<Nh_Znp_`*agrf+N3
zHLD~9(7<NsSqIo@_Sqd<j7>cRLhv|&$|eWIRYTmdAu=$AZT$66^rzi2L0%R5=LgY;
zF?5QrZ->Y-jVG8gHV2jH;?jaiK!mltm5OA#*y4+Ijtn?T!n-O16_Hf*J{*Sd-%`3X
zrx*ba=6UW*fM*^}>p(ZFaYHd{v#%GwS1LHQ-m*+rfw2ysUKUP*S*K-fT8pz<kC3wQ
z1a+!gQ#e)4wgFQC`!fM;awg|r&b0v+1(6dy)Yhgj$Tl#Z-R>cjO6bZxKLS|^*_SVA
zrX{cgm*}Ny(N5XSjrdn=E@oY;h8n*&y96gQ;%*tV&keIX9d%_*wGi>EFt`m4dzxwf
zS2+eNBE8hVD!g7%GeMsB=!sZEmL<7GX<PW%$yGUQi-z&giVZur#8V4sI0$5X=HnhE
zC6hz%RHpdsLHLXUW^MSGNg5%7&$>+#);r=yVJoR1)9hda7a275JoS?IU8rlZY;gr9
z-SVk<bH%J?B^=g)7RP4ukfwrBs%q3#XlpK<Y+JqP#bf#mMUv)MkjcGdRV=q&Y>Q+i
z7Erq^<KzwZ2iAA4e)kK?ia!IyS-lWUR(BFMx1KcotCqOdN03?$_T|o*e^rHI7UJqM
zP-;{ovfK}XDz`*W^ID0nI5t$c7DmTavt1UPnx{Qa*Gd|<lhOT~FKGWcgatbwG*Hl1
zHM4CX$>Hr>4jW3uLvUP{Lq#%SxU{Pb2_*vby`!51q3WbaXg-i0G{G!7gc!XD^yT~<
zL>g+u)<qWV3jeZUHbKd06(d^DP6MS)&e@{Bz*rY5)@1(md)$hW_1vy$#6!&S$JffU
zlhAiNB`0hc-Kn-LFUwT;{Q%ZN7YeQsH$S^-&uHvgI<2&dH7GYqBRXgp8g&+6g_$X-
z#(yak>X}*;9w{n0u#1z@Va;7!_qQWX{nqlAYp8gK9dtNu!DMsT@KLHLj}nDRYRS55
z_@IpG1NbuBjo_&*?$zGc5*0dE(G$qUk_NVxn^10<+WGGSF17WVEV|(rm?6VQf0iPV
zhhpo}1F@!e9wmmc$o#UurU<K#fa2FO4P!+JsWzt<fJ2jp^6Nf6l~^cBUf*7~z5F~)
zvBkd9)`3un|3y^>P4Q-0Xa$Z-`jF^Y;)fi_Y9IQp0gXP4=p32Js0mh^b!ii*tu&N1
zq>gW87G^vt5?TuLIIqM5&VseEvI_vdb9V|hLy>uBx=DO|e$%h|3uNNd+K--lEsM@v
z7*eERx(^-78mJqV4L1lBqI*6rtTy5hC>!qh`fE`=3f`SNi!+VEc$5S#4kKg^uWt{L
z<ML6e)7E~~x{Q1LuX+9(tgA<nfnlANnXtY+JLcwD@-ue6b=)&$t3GE2>Kd=wI;i;c
zc;qFb`&Rmll{|gJ={A6O-gdu3-fUpk6QOPUDET?IEI6oIYzX$@hFH7R;I>oR_T&Jm
z;S<`dYlq~D#1)dUx$m0M(0i6<E3s4OUssVeveN_hfP<Os_I1!p7yTJy@N=CaTqxpp
zC%EhAt5^V*Y(8(;?6z#<-~GX<EQo&kpoW+pwI~HFV0a(^<IX04XC7((+`dNJ^?3Yf
zR2CTi5X1|01&z`N)dNr^$Q6<Kt~eKOrI5zi){r64iPKugDb~84-3h%Fc>~Mg0=w%_
z>&zcJ<{dWX9U+{cqLygrNW#V!Wzsuy`OxXjVs83SYrn)|8r8rL5C3u$;H0hp0w@BA
zin640F_*hM8i`8#BFjH;`oXEASAoz1S0YYCm>k!UA=pg>lF`Nw7(Lt`aLDvVCfV~9
zt3!`$)Q@xc5HFMZ*fKAp$_e-Oa&!1{ac3W7tE=GVNcJ|{yR$84@!(l<{Ish#<MJa+
zJheBP)|l~zo*1=r$~@+DHA-`IC4E>PUNXn1)nmWe2~O01dieaZ_w29TWn9}xDV66A
zT`_byywl4q9U#9(X?Ss!6E?fqWf}C9#-Ew)YSi(t=a3K8joFD=8hJyJ4OqDRD|K`y
ze{#kaXLcZvvlDV}KF)8p@~bQMBjWUCyl^LXq%rGYY?~zL1wnBeyQc)xnA0Y1;IS3W
ziflwpA1&SXFgShS_}Dt@)t%#-(ii`LM@Hzd3p92McV}P*Do77)YPaf_2e>bRXPNI-
z${=a)S8A-!3U|v~gOAQtR(PXp(Twdi2a|JqVR2qn`QdE!#gx1Y!uAWlI0PVL>!f$C
z{(9);`sa0GjlD;Y>slV6)VJ|<VQ?}f@uX6-<?H@6^FlANpCE{!wuS$8+pcxeSH2Qi
z_lAc5aU_*Z$D;L%&S!VLy`%FZ$1DG>mtdvWReS<8o(9jwm*8a)CAXT9ZtMQ!d~q#s
z25sBPVc?uWx8hUz4Mp<gT0G}_sCH&)WW~<idpP#yXP)!xK(tr=ZM%v|&}^#b#1aHh
z+mwU*a(^z)&hXfN@>%nKkT@Y+UAlell6tM~;^3}U={vUS{jVa@vDxS5F-CU-Vdrh&
zqqNsYa=8jY@4e~CSL^3?B3tkEl6wllhvQEALM_YM<L8`WKGqf9`dj}hhCRpQ^O8bG
zS&#e4R{PWYDKq${2%%L6i>tkGS9hbB%#ESTd!tA=SyW|7W6ui4X9<nqbxK%1G8Nj2
z;hEhA@KWDx<nwfy92?`+Wq&+8@x<W$Qkz=)>*w`N+35T8xW@#JK&rRX(nT_L=X+Ut
z#fSg9hkfMg{O4+iA8>U-Kv&uJ-TE&5u+8OC(rxq{+6htY@nLz~^*GyDV#N>3_nv8n
zPvxZRH38`Ps;;|<rh&<xi3KpOJ6Mh-Gu3|IU4iEMSbv?;*tzPue@OJ{m3+^69s8;H
zDD~X-KfY10WvyCaPuKkHXMo-;w!n6?9`E&jIS*9cUBqU)y9`uO$koCPUG_`wnH3LN
z5oF(XCVT<-(w|Ey2)uV&ATMIC+^2pvl}~sZ+1S5VbY@_E^RMsU9M;=FI=3!;PA<{)
zMke_@b{qa^Uwrxe)b^Ta-Y&gNxW@8+^o5qXsySQxl(d;#DD*w`O)&J#eyp_MT`+k6
zES>Owna@+$c;7&PHky)|@_)vL>rp+yhxS@Nz)g9+%;aFmZ9QGa=SKAQelb}2d<$+N
z^vma(JIMg{?rK&uUJ~W`eec6faC{p8vv;XE2)&JUD_S1W)g3$*az}j>YCdmUHyRYy
z?*<=PJ^6*P*|^-dq3;ws+_^l<t&d0IJ-i2I{*6L!W_GW7a=5$z(-4z+b_Cwu+xZ-Z
zAFZoE`JcS~yM&gh->%+vdl}LEA2Y412ePr7Ze7=v>GiGMZ=S+l7yXS|<h`5iHhn<}
z_ODjTHJ3UGI(L4(XYb7fkt-BBpJQ%09Ld|LZ}aajH8)(<-gh{evEH}OkqFb-4}}Q2
zyq`)JzPNThao#6GJ3g<QZVUY1FXF8}p2wFA6*Z-vnz}Y^n~d)7&D}yJH%D5EL6yh`
zi@CRPRO}crck4Xg?Oc45fHlD?00-PtdMBqB#WE56&7m_Gg5lMXS)w|CqbE0)h~vF|
zn{o7xs0uc;_4YwTn3rdI4}Ln*d|7`;rX5TAcR}XFlYvE6j;U18!a@~Rx`A{%Pl4So
zZ`^HUU5kS|@J%S#%n28gH{P--{LB&KSOHdt|ALxP_3y1Trb<q4vQQ}g=oj?>@oUgW
zGmA-Mb5l};I2XfOPD5nKc?VCV{RS$RJeOC^qgnikNcki+ksd}jZX{F}i|%}XbK*?q
zQDSno`yVGG0PIiiih|Sy+pk|93;cq@{m)lDDI9P1^Zts+G+zsh8DTH!(CAC;7sqz&
zbT{YuuO<kygWYDQ`9GllNk57X%St2y<NDpLG{lORk|&1z2VdtHBTCdX=&^0wu|0Qe
z+qP}nwrB3xwr$(CZ5uoLW|Pgn$+t<LPA4bnU)@R7sjBC}#O)XKmBJaVg(r>{;lJSr
zx;u#L*CJ%g!Y?+4qHRP`L{Y~JD|MzvwI<z%t6pLNl6HYS=`6JxfD?%~k5JF{*aeTx
z+rqw+srd_MgTYNh^=xg}b5wkdNGCF)?b_I5VJM*DS=jO76<W>wa?o<UuNTA7<^EMv
zX2G0$o<mAZb$&gh){;lH+~(7=Q1h~-t5a{>&B3X~uzx$H8~L%I_RxATma*8oz4w@O
z2q`STSP#{ZA7q~N<NjU7i=i-v9}TUw&!BGP7+kT*M-uA=MSh4TjAED%!q`Gl^amPM
z$)G4*<GfXr8<t7`0C1}DHjahkEI$J`dv3(h15+;yark!t9FjE60E>*V)h#mP#qG71
z?D#b*g^qfEV1|LJ5{Y<_1KaC}llOHDZR4_bq?;UxH1sg_4?3{|lY@W(u|~cS6`3&E
zor8poWPWBmF*}((60PVFM9-R0H0W{K*MIR*$-Z7@Fn^h4tE>P3c>m)8u(OT1(|-!w
zQEKK+$g0UIZAKSuvy3Duy_ZVlrpzG>3IVVL6jo970gy%))b-T=jQy!85+)O1?U3*}
z2_#GE*VH*QO$j_pRNFZv>C$W%w#J-Xi%S?CWqva7KF8909gjP1{u#yJ8nS^eReWrJ
zUHjZn*=~9X%i`Dm;`esnCstHzE@43gazKFmTTD{6;+5FdDQ~3Ok%P6EQwwqo$~4Sr
z{zY;+Vzy|Ri>GWUEoG6!s+6mRDyB)*yX2O&7EmaHoS4-qXOE#bP=0^>DN=H-oY%0g
z_?A#$Y;z!o*6>g*Ru5B=JW7wMGq4vm_HobWV`%O;vtUpjB~~m-*n~`u_-8?7t-2-A
zG@ofNN?Oma!P;@;P`AmDFkU#mc57D0m0eB>T7}x^R7ama(QL96pedsqX)Jh245&1U
zT8~6c=!9rFre;2dn)tRU7Aa&oePSnpBl}MSAVo&`O-NrfueAbS){@>aKZ&|<Si8%F
zERM9i&5MNVx4HAyx>~KYv9;|yRr8p>J&CeI!L8NCrc7zixJ6;|=CLKp$=)lo({BM4
zeVW{qs=<yrClC%msZM2YVb_fIra20o5!t<^jUm3GoyLYehtepcy<LEZFu0lc(yR#L
zQtF6ob2(gKI5@zDR4dXEQwH*AYwNmI)0`&m>1}h$#*8Vayx*%zM!b2nfo5qRuI0D8
z%b{LFs(<L9>P&v8uEFGwraS?Qmi>cKIlkSfjP&6bt4NywtyyBZ+%82&z~ORpycU7-
zwjhw$EHww!6sRt{w7c>gc7U2o!?lfw4#D;Avq5#PvEtzeaSV9HQMkr(IKDZdm{TXx
zbZc68!p+ZdxI~?n_4&2Ukj_%@S<$l=KZqn0vNIt3jnGhQx=<m9MSKZHKK}N`k$q4D
z2thz$e~5a)YzHOiOmPG3jgJhAoR?`#$^4OlC<*g9sqt+B?BnsAQulsHF!JXtW!iBc
z6{~h<6)3JVbec*V_$q?WD7WLVqNm7ap{<(r#*9${b=IOxaONKx^bz?~^UQ=N;c%_e
z>2EaGjE)Ws84}An$hTxs6OLF}b3wvmhTD8y7@s7gfLFSDV)ZMdQEBKV4F^;p_!UGw
zJ&0;CbjD~%K}>c>FqqD7Lb=T?C6tB>p)^%~0rPF<WXafIXkiqNEP?Kpm6;_@3C}7M
z<3HrB>yr#Yn-~--n+WH!$z_~8`^ifJb?2s)mw&}-Bt$)cY;a_KGPVPJ{DrKx_O9bM
zt?xnb8xVBNDNquZ&a;Eb>Ljx@E)Yo$D)5)PH5w3$1xRGU#zeGzO^M1P$aCcE1qPK6
z%=AZt#L@lbBMlqe4idnc<2y6bwlJ(`zl1iFMFJC0*cedn++CoZg_~mYP6)2_u+{~O
z+608sNz7paGO-K8LPR2lIx{FiMmD|7lcUm3(Hk0`w(+-5oO3eusZ^a~Wl-9$uG_Yv
zi@NJY<2>8d+tex(_?VSf9mg46To>A%9ow-zX2(-|^qp2Tb-(NyJ&VnkgRvQfa+V#T
zuqf8pX3kUndjaMd5!kMJ{?0u4eX^oLkpJakrED)@ZK7L1Wvsl2!Frs`-L5*DoMlZH
zF;Eu3VL}2lq|d{C{d+c2j2G$?a%!6DBN1}GM!>yW8iK3@e+D=M`HS&_jvEU)$FT71
zm9w%fE&B?qX6vrp%biA-#2ta~D9Rn9dwTYF(>s?~%Dhx{UV_A$Iu5FaX}SnuxWobL
zDN9=avmk#EGj~S(j46|N#8u+4K(OJoU+#+X37y%xM+{f7T^DDLeCH<S`iJ@48wU!8
zeJ-^?n3{}d*X#=H%$|^m>Cy=+UWQ}bsnq^vu|NS(FpiM_p{uNe*tl1o6Lj#8U~jL^
z!lN3ezEHH-qPSGx0Dd2T(-u>bcZ@|mkIH9U)x=h54|E2cudD0y<aOi7F-w!Bqx4Z}
z<C-Ck+|5lPFa-<z@V5}_-qfic*=HOZR1rt*U%c(vsb0OLuo16)AP4zHJB}qWrg?U>
z&wfK_K@$q}%03#P%^w$g?W{t^EL_bfE3@klHSLFJi{}c!f(vZHj2ifh+d$zuYuVjA
z(#AK)f~~(vhT1!&iS0P}>qdk!g$Emf+CNH7Z`wahji567trCMZU3}XNNyrFx;pOx=
z33UC8`*kF>E_v0p&pbS`+5<!i)Zq>8gKCzyVk3>sVS>=OOK1=5>qtDRn&X@(CXaVv
zpl}nHEkJcXl6V0606~DQrlr34wN1W!vhc+jm3>vodxLt{^U}vW!NSfPXd=|&YBU_S
zs;hst8o{eb3ujl@j3X2sFB*|^vq;Tw^tW6p^;rC<iwaFA1djEE4C(uvP)jP~c&?Z*
z)#x2{`Sc&!_2OLG1<8M5iCI7<-6JxgYo@)IpnCwB_99}u>m%s>-@)b5;;S|3XrBNv
zjA`C5V$k+sT+O3~rv6WVYH4i*ze~f`)*$v3h(QES>l|+lh(?AaRmFI(g=pmM|Nhn_
za2rsY2Ms3x>;K?OZiEo@a2EP*jYyBO2LI5AYWl-$9h*`4*AtpO$cS$3S_x`Y0qB!3
zIAAUjAzC3=iJzhb;Uaht6Hr1_@TrkN@^@lRv+OFe86d6ZD-v7%HM4g|2wfayiOs@h
zkX=lloE@u~9;<mCt1&sCTAt+6r-WIwaX2u?<%Gv&gD*6W;fJ&Er-W+YYED13Qy?2!
zhu}c#U&Cfd+a8itZQ>~rU!>r~L9`xG!D}W|kZ2g236h+-UB%MNgui6$cvUZNX8WD1
z7(XAyimfsxwH&Ey@G7S$Jz*qH=%0RG<+#-W*mhhl_YxkVcj%UEaBo>2=s;a2NmUwU
z5h5}~=j)uCNU69`9_U}tupI*1_j>a~hThK|p@li4PH!5UfJ8&hS^>%t^kP1#OzBU#
z2nAL;Sl<`2D=^PnhV5CV(RXOE$q-UShDd?xhng4p=kP8b!wV4L0Dv$f5ewU!>(jeo
zjRABjvkq{%g;2kixzs5N>bs0ci;<-9cuEEW0RkV_2$CV_!B-``=-FMdOc`q(6vi*A
zUq^u(o3`$S!pX94?~{#sax&ZxILPfkc>XmVWN<<_Uhg?{>yo{LMT&f?V%0Q43v@3c
zRKRMLo-`BE_-vrGhILQDWg#rwpBF{z9|mnH(}jWw?)c8-f=Q30R?UxR_V?`#O7o&_
zA{=7(!Sjs+b@xKq|GG}v?ojLPG%mK3r!aAE9ZJfS%8X53f_c2g*}glO+P@mz&59A9
z4)jSt$fG(qNT-G#Weg!ce)huCop+u%gyk&PmLnMx7dHZAj*D}S>p%wPo|O%FW4H4X
zA($D8s+sSbYu6d0k!8)xT!)xk2R<^QJF|U*YhumsK~+x6l$2`&D#a@Ig?zgJcLS^w
zbn)*JNJh>0OYnY|II1+Nuusw9Z!9?3Dxu^^G?y%ds3=LCh2cC!|L6F5q^)2&)ncPN
zPri&gA`GPjtNmS*Ll-y;jrr7Vs>NA|MO(9B0{-j8B4V+=NBsny=olEc1MVA7K#c|e
z4KXPi3j1;ONhl~8+tXbj*a5<q3~FJnS*>4|m9Jz7w(AnC9ygB+JT5pXF`Nxg$(Tgv
zunyb56&8u^`T#vIUbk=_6uyf~tc5a`M1K%T-c&ru-h6BGvKAk%fGTabd(e;qKpXf~
zvgDO?AXCWZ8T%H?-6H5XoRU_L0et>+SM&YV1Y&cOt&MfzaC>u4>VAU0l}>flm@P=m
z3T;3`7$Xi5?Xr|__Q=WHAj1gP7K~gQF%BG40fc9Lexe0Se?-T2kh2VIkF>p`H7VUK
z7o{d^U$wN<v)!VWN^GDNt8d91r8t|E5WUfEC$V}XK%|a&Iy9<Qd?3>%oEo~)*iEd`
z8YnVpom7!EfXJ}7UaS-E?r*KrzR6*zmJ6()Qy~?1vZaMC=u%CB;Gp3K;>?2TLxr(w
zXZ!X+z)uaDYxIaqFXjpX-^%{5LsozHNgWsYN}z*w2F1tuQ%J4xpTBJqD95mb3QEJE
z{Lok^4TK6UY(q6Q*zR3MMTwzOS{4$sPcVl!(XFnVyLB1(WRUEv%ZD(M>__dHO4>3-
z{4&bp;>$<GB$nFKL3CuG>;t$PknBWpiBK1e&j6<A`W{xS28q??60k1tz?{>uZkHyt
z#dT62JD8Vfe{dV#N+Sq3*7wXXv*()aRP{02iO5!g+&4_BeXmRkcJmr1JT6uI+5oUG
zjt&eepYJ;DyZat+V#XX<cB*T&dJw~$@4Te2g{@)qm~)L+?r@+se9E(Y1~wy>RIDTW
zU2+F0W**43f*hpu5A3sr8OITtcI!6qePEOUSN@GU=O!1wN`pl+%M-A=Up`A8Lk9oj
zZblDv9Bq)G+aVG0#oNKu4E!<ig?ZUY&2E01uCi>o&$1JMuh}R4n^$YGO8YiomAfE5
zkn#~XY05#4w5ha|3W1>D<vY9A@_4sZdcCEz<wOUY3mVZM97@{n5pE-UhH(emdy|-8
z2+#JM8DUt$$j4oqU#o4eGi+^nLz<XXRJ(;B@>0+3mwPgW+W}mB#aFgHKVjR_FF5UC
zDVSNE>QoaRq3%dFm9XC0g?!}hg0}-d_JPeg=W{Ofq5tLOb3xoAt>5Bu_m!-Y%e6X7
z9LZVVXXq*)7@gy!+-)qT-y$E1uMa+mUw9p>?gUWgeIk{?u4c=aWx(bVvF3EUL6o;8
z@@NzLkWp28_3ASF^@T8%k=EuRrojLyNs3LAMl4AhOyWt#&O`L<awlFd<m2N^nlI4H
zGoMQP<EkiIF;&rFi8W#30?*8-%g#ig5JTz2`zfYO4@q<C9y)R@j1eI=!g&T16qMIb
zJqBin_r%1&xoQ-a?8f^hcR3E#wNo?O!SxKFXVZV*i^6+q`qam=?~b66%{X*3{OfF2
zoh~0J-Tpb-54}}BPdOn#prE@31LnTDTNUIhJhQ(+>4_aqk};%Ar3v3N!r#I5YyB`9
z+q|hGV$%^W;+ma+pMgOR%nYWV<#K;j=!)fqsNp^IeZLPq-B>}{>3&7ZOv8sKqQM(v
z;qi_az6)8q2XKKKdHWJ!^IHR&B{GokI$3^07>p16{f-gISpbJ{ua9D}oRH}aU?b*C
z=L-r~iR3Qp(hXvnDVOoT^>?`ftlu+POEWJPMGrp3w97<;6hea)))msV$zuP^-~JsX
zf$h1e8_C_1aeKex;Sr9ui@?e=eK18i&f8MI^_)CbT-JcrTv&(t2GN*GT&Mg_LL2bS
z;H|19%f#67)>T?fba+bc&rYa#L49u2>ME`^g{XzrTQ_i$4k)H;fJbF9elY)ee6;xP
zw7>WM{HQIRIHr^9@#TN~FrB-}QCw}v=g>2eB_zL@iXBKeu~6!WfA3@zAG-(I9lghM
zyR=v92Ir)EACpzTd2`K8chw#Kmc;c8i0PlBd%0IN?I)+DLKz@CQ@Jr?#cpI;yKi`-
zYW0yG&%Tu~Y}5f8t+4-2=mU=7HX~UT00y>1RDV+v%XxN$v@a)HfaiW@D%^n*)=9+s
zhx?mR>Ep;}1XBJ*HqP_vRkTeg*+$9sz{&Oy)UUaa(W6h*ixl5P68w~pmCn-G$1Y@F
zI?4bb*2Q^RWm0N|rR-Ez+*`XTy{%O8$K7J_O;K`FExlz?aue0JWi78=RNZS+thkkt
z4t50;qwGAXJIU+UDZTAh;x`(GMrh8D^v$(M<Y~VxIV<?tT|C8Gob^4dL-+Rp54g{p
z?8fuFB$2xoa(xrecoobX(LwX&eM2F6FC+hr)whmz!f(}&>QoQWMdEnm8euq20nMH%
z!>Fvk5!?2NTJ@oSD75YvgTEH>KzN0)KPNc89fQAMP=dcY5%=&BbP^%(ko!k~_R#s*
zifeUWA!>m4WG`OnP+g?(KNFD9V-W9m_;3xRy2_XvaPPEH!#UQuSKSo*eFSQAAXaq&
zpI4whP`}~@PkMqQeXoA161_nLN5Aj{aXfs0d^~)hYUE13qeo);wO{(Rd#c(lXiA^J
z8At_m0b^Y7g1TYzDy+USA-|-Ehi>p+U!Xp+cxWu20NvG>uO%@8RTeQ8aUV;TZ}v>;
zUSa5oKXkdC;f&^Wk-rh(PK_FGS2~R9rg+IPbD#&lA=pPypGCcpvq_13|4bM=ys@)E
zT<dZ_<L=@DZRQMuD!#`d?4*S0BJHOLT<`)vK?i@Okp{ZV;_2!x9<Qe85sdmitb+S-
z0gd)B@hPbJ5EJwej@E!2>H@y827f8@;oio7s|0>RQG>kQ;C>*)!4t9hrs$^s$gTRi
zU5*F|y?+;^{G|9-2T|?&?nnF|qrI~Vq#Cm7$}~OVaf}c!GAQ6*tU)b$1QJU8Q-~l8
zODYJPoaJcY#fUIJ4eKTwy?+s{!vb4&WmHuYww7}ms*98wmi85;xvg|zW@YzT8Ev~<
zKMz0d*@^Bmo-^DpT^ng_IEB#=3WHBkid!zoZ?xr5+ok1ttx%?aMPL*nIHE`2!{SM?
zT}Q>WN$Uej7mrG#^Fx~Kd&r~9C7M*MP5yDri2_uo$vaPs+O;gLV>rgikcmLW^wMwQ
zB%a&yFY@Q)@X9;#z__jq|6^;tr^0V#P<s+PB?1u+DZM@y=xape5Y`Hk$<kBWB5A)~
zcUJbVwg{<kz|A_&M^R5q%|&$1rIvt+Ku5-Z&?jSF35Qs$&Cji~7wv^dQZK@QkM0RL
zAYg7c3#&M?3p*#lhANKMLlpq2SjJSQ3(gKWCy81Saki~K=NZ^~Q0-d0D>F#Ke?JvM
zPSZOw3+aFt7uN19jT%R6V!0+aVl5M`n34eRt3(80q^f1t2wvPRV<|6a3JAV20MxIn
z5YTJ2I7wxyuZDaEjbRGsr-zMu(=3o8xyUE3);571t&E?jBw(<-WWbwL<~C{t|1QTO
zTmV51s;Zrc(r*nlKp6#zw!n6std>t=Lh`l<7GgPL^qGAbEo`S6eIbH)CPI29Dm6ve
ziXExNo58sLn~7}BOIY;fr~c<hm(xDqo=j@i4e3t}Jg2=v`aV_aKGhqFZahVIz3knX
z){<g~=YEZcaPjFtdqnOn1u?QSDLNjuD-?r^;!M1WNx)Kz9Y;HOzJSGd&+~3t!(Wl8
zLbA=_ESp6VnlE#4RhrZCe;4H>?Z0fX>>1@Qz1EZOa*ce+fp#o{3upw0i@1Vd61pbn
zf|30|^7`ANpPBxipoX<r<5sLyuX`_0DxvJA+%PWPjaEiG+vQTs>S^_=5aA|!)2u~Q
zf^uK}vz`Qnc-h79PFS>$%*1$Trt<T(?8<UnA+qxA+q&`=m=~~O%<A{hz3qrkjZ=h*
zf`@M$4=2-BU#m@bnW-l~`*Q+V%y(UkGCHoEwN_~SJb?7=mR~mE>JS5AUvGV$9v(4-
zg!qtf2UH+%DLvb&GSh7x80Y|VZ+S2_hDeQ>0zp=UqzkGCSVE+PnVo-n0ot2@*fY2|
z=~ZHM$E10i9&>@KA3t9KZYjfTX=wN-Bvwygu?Yc~=xkAv(;IdY&<@yh&}FgrT^G%*
z5sepiBtE@|D3MTr6v>)?;DQ$L$Z3`k^vQq#5qOBzChBM>0K)^#IG-zi)LV*zwH?~p
zL4qo+`$yrJ?!Qh#@h|2vO@jNiUG0?4H$q#Gn~+1}-YcM+;zN=MFV)-c<W9G-4ia~H
z!X30us4>RyPk~z-$?Vus&AtvIcdU3_@NMm}Kx=h)9g@36t#l3!ux0(OVE8(<))+LO
zz+h%*I02`q>HeBTHQj#7DZ7BHN@W91M3sd>+QwXJy(cuEf}xUdYfJtEzag~lmZ8N#
zF!fm_y)Ovtr9qdbT=Cv_WR~vmD+B(qUKdg;17yp_Tp>N!peZwh1{!kMRe*ebA7oAP
zGg#s}s&ussP!a%3;yPhzD?gNt;K6H417MP7D*agCiT30^eKVVb@?CnXfPq~rCMGiQ
zk~Zv<X*#CTS1UnipRPQTp6T4<DlqhI6T71hERgOh{sGs&jr-9d%U-#C(R56$j2@_e
z>hK)~H2~-lXOZ|=fffPUk#~V|!2zoQ0w56pf)H{65hVDi0JtH|VDX~>SONAxT7gf6
z`LHv9n9wOOx<XIK*HLZ-;PfA}k)Rpt(D^+Blc9|tt*tk?&DQdbAGh;!iK01{<tsD>
zPB+$CKV}<I(;I0THGX+uq)j>=k3oqnHZi4$qtQM9PfU|$v+>OH@mP9h@XWcu1-9_$
zYv0vg5ZX+3j8`r76~RqA<7$z7=lR{hk9yioeok?bTF&Hav3j>x^lqZ2%rJ1S-|<YZ
zL?63o)h&Fr&+ZQ<wICA9%CKAB)|-Z>&B*P}gj>4|5O(OeiRd+#R}e6wluQLH8*GeD
ztDp!qjIVVXJP7B_N<3-~T266G@RK{kPyW4IaczzTxjfJ8;pb)rd^Q0Jl#fE8eZ#^0
zkGNrQadZ`U1@Mjb+<9dfB1}lQv~7#CL&MH~A$YlYRPH+jG*rEKohovaZyyQ(NA{R!
zcTlhDWJP@odw+X%^dxFc^k7nnQjt@E)g0+f>CvP>mjmu&8sWojA&XVScmbsZ9ozic
z7TjpmJR>;$&Wu(=kIz7gQ}m@qNDSX58ZpUP{GAKjJ^Vlw|3ED(Ci7<QZ|e~b724vd
zPm^<~=+-mUe}0i)OKxDFY~&mhbjIK3_`${<Ssj8049$HD&ETtl_c6hTV-ik`jW4JD
z``r-F)=&D0mE!Fqq9FAk9esaa=+5z%&S%4cnM*a-TQFWXnaAk&6@O#b)0N+BJ&t}D
zkFUBS#1eefO3VIN|D;8tIkUu&75&}=swwCm0B!WfI^kqf%r({{&2s%x|B3^WQIg15
zBL;HN8&Rk>9BHuc(YpgQ{&1Tq;YbbkP|&s!;I42<smV(cO|nYB!T2xAIk5SM&(TGB
zHb-!NlhO@EvHPx)>E5$YON!4>X8fku%d}l2`ja*tToEVQ-DTd*At!xozePbua-}nV
zN5I`SSP2;G?JDU;Y-M`-1uqBC(MaEF+TMfzIybh&!lP6bmwT-%)7{(!XJf`y=6c&^
z?H{-RWrnCq*;g@!Ad2dbSNi<~^M=IEXJRZ9G?1tA5i^QaSAs(Q{ZX>IDwz@P+x_tX
zW=BG@m;LycM-9#le45YnPRGysdKiC7vNM*ei;<b_O~+7L)lKFX#ev%Q)GW$E)pp9v
zVk-q4#|-4*yv;Ff84bI<7a-0pwq2*0tAY7TmX4Np%ToCqdrS9NrCRr1iZ~DG0$BI!
z=lE=4u=rAJC;H`g>(9<z3A_fQM78@$+ji9rgVo>m16>bt$J<z76FN@4$@N#t=lA5Q
zt(RnFSB9!6TkBWL*~NVC-@^LQ4Kp42%e47Q`Oa63N;kXPnTgiehw|6C%#XXL<yBs4
z`LprLK{+)mZLHP9q0aUL(DUf<9_NS5q_TDz&THEXWTGK>%gSbL(f%da#*yUb;WYTp
z<FB0ji>&c!oRJX@_t*lCrH0xo#Z`a4cs<J&_+D|^x$>s7_NeKEwLVAde9v`hOuA}|
zwZ%%WgoPE^v@T;csC{aKOX8wsx%pK8I*qZb*QxusV!Taodh+z-$^7GX@iejm*LKIV
zazDEL=ckj-H$^$e-PoirG2ubDqtn+K;|#%?&1JRSd@zl6=q6_CMjMGMLY;xbbAOAr
zBLAkNBm2Cmu-r;Zz{kP-g~${4NimJrk-dlMdV36UtZJs(%}YT{Bl+De>E14~=h>D9
z9wtkv?#3BG!`o-Q^$OQ=CJfeFMA|&%*2Rt+?l()EI2f=!iNZX4wYKT?*$}+xzZ=5|
zmF-w$K!>N?iO1w}6KZQ%`PZ0NCd(BWO1-tY+@-jgwfY&E<r{|6HuMn_c(Y!gI}$h^
zDkY7CWa8oR^nEpSQU4?l+}+{T!8D``Vc`<adH38pYajF^qSt?qT|7|MAXCkWqi@l4
z-gz>b$yhX`Z+&lqJI39T@1uTnU2X5p>h<2fXSF>yBpDFh@iu!m5o;W5{Be0t@6LOG
ze4Z@rZUU{XjQcu<Ydt~mDbs28y^H5MwR7EBKA&gRv_ICpm#s_I8rl|psinP9zAq*i
zQDf(R<TH(Re^_u&W6QH-d%CWFUz)$OtRcJ1>{a|0^Y#s0ZKEV^BOF<TZMtM_uDaFR
z+0oSMu{qqR&TV4`?}~-|UVVcaDBAi^wFPTCKQPla;@<4tW9t}UYNm7;?+3|#BMB6u
zS2uHgh`Seo&U}2}PRB9*dTy_ALO1jN^)6dKQ4kOqsq*=kzWIv|d+VOoX%gaj+sTh=
zZ878G@-|ngfvU-S&x0;DR-~rwSyA66u&uA}r2+ErXw}yt;B$+vM*7}^xQ73}ov4QS
z{++M}@qgbaGR$=ErSEWtrp&C#o^HA-k5~Mwa-FM@tk{QI$Vr{=NY!|v>A*Eb?(p>7
zQF2P2GIkYe-%#*?GDID}L0B@5xd5I)hm5RE<fV=|0*7r2R{f{xA`SAn6NeF^F;RSh
zS%PCa5Ud!Y$uvmk)1|jt4$QgSZwhBIkTQfmkZAo4?*B;MVbsc_B)*(LM1(35xnWF6
zM|ruz6tN{6Ff5De-7#f*fe+25nnj39p+pmT;YDEg)KH^@%1hk`&3^}x?LeDw?BLfz
zU<poZ(qSElejrOtE4y+e|0+0lc(crRT=cqs-|cES6l$v~RHv8|1#@4O$P(-IRZ9UE
z4#i?=L1~|=)MRkk=92Tgu`L-t%i?G_7q<V6ECzs;k;Fi1`FS|$<f)b)ASs!X$;|VY
zVrzTT>$7!n>`c6%xP**k0~q2glZ)MZJ~c{S{Ol}oVT2x;R7gWHF>lUMM=?xMMd5w%
zE>V$;GW`hx0_v25ACcMR&)UnRyHRjM3A)on*XWOl6N{~f1y8oO=M(lrh&b>TT3){P
zkZ3VvO-V~<PILR)T>oy7jV?ULlhxa)=ie{i@~aMZ{qd~wZ;_0Wo_t^L(up~nH(Fla
zSFW4(yK{8b>M7`*>Ye!3hmndNO{N=DQ||_+scye=SF5-_UpkmIUoXl`x{yWScf--`
z4e!HXFFDP_$j>-lC_evE?DLoac?c-My;5`}c@TyIGb3TV0yQRtp*%Mx2v`xpIr=0&
z(tL4p%xF;xazx{NY9`nzKE^rfN6_@p;{s4Kf^iXcGsJf+8WG7^R&sb6L8@7cMzAVj
z&{BjdLF`$NMo??PodTRw@JAvJKe+syIRd4CnB0O>HjZ!~(UUn)r4ZVD$x{@LXo)#Y
zCroYrqf@N*nCm=?M*waix>-r3$nAWOM_lGzlT}Ef$%A9H;H6bmXthAi1C~`_PXoHk
z=nX^N%UD=8gqPmF)t~`8wwT_oy0EF$fRFvyJAgld;QMY|5b#4pw_=%LiFZPu?Af6w
z2UefV(|wZmxYHw4ca)uAzLC&&1lxX*w<evSwnH1YaGl6EeM4@%Jbv)|NM0Ct17x?D
zUU0gDzPr44s9vzDyBn`?-H|m1*sqX25jlG&uRPVmO|Q(=1GaYDKA}4YU={u28vj&8
zD;kuIt@W+Vl{K|1t5y2S>zeDEo7>g5s;nz<Rp_{2zM^gNHcsKn`A+`Zy1R49pMd|{
z;4}HV{zoC6sj-u;k+GfQe;P|1AK)2`^z?Z456@38)Q~LtdV6O<2fYM@%f!Ql??8o(
z@6O6d?kLJYhp5xs(?~Kwh2M<RD9VI~tj2`P!b!?D5rT(E_*i5OBqX?`02O^$6eW0M
zHGJf448*-G<mG)3HBEfHWK58-g`zlFd5f6Hn0XlKXmV(p$jScFW#Jj2C(r{2I{HXZ
z&T>ootN8%}nE?G|MQC7vnnck<Qb5vE+C@aL(=)NRGu6v3>!t18?WMl#?cXHmrC;#V
z=I86>>y_qT?HbKm<4;u&<4>K_D+W%KO9UtYj)<Z+?41N4%@YTTf&_vBs-BeUhr0%v
zWJLZ%LBW7FVW5Y^G0?NJLomo5+a=TMWdo!p>}>@wLRXXP^T#|b-A%|xh$G^5gyw4m
z9?jx|NiYC35FyWj4NLP&g+50|$UsNAmSd)8NwfrwVCRx^rzOV*Ve?Bxrkn;lVidSC
z45&}@VvyuJwgTC&L3MQauzG{Tyls3Bk;$4FKVzYZ;lJDhTu@H5Vj#6W%Oo~vy_<-@
zNIrrUg(Keb($zL4O+CLC4teo7H=0rGab>1sr_?C@nLSfjX;TDey?i&b_tu^3p&xkq
zu=@1wGC?`6X^TU3dPs6ULO+&d8F}f>SZKYh5UZ2%{>CafT&Kk?nb^@_GLcTGJdfJw
zpY!q2mvsNm;LZcW`<S^-P$Q*#HaS6K5uIv(LMkr%+({E~>(cOpdmfX8^M4QRt1B#o
z5Nl&S@$>rEm(<^@rIHE0Pk#(aU-@(Qc82?0o1^QEhC+?PQ_BWj=*LLGOjJkB*wYA6
zNgeDDoGjE(kCDm!Fz=T?ulIn#KfX5M7tYDZOPArlq&1^9Lmt^jLcxtpuDSjPfOv!I
zIQ3cQ5GW-3V&An|bRAFTXRn=}Rjf17acmv-V<Nam`IeV1b=upmTDZqe_4Mu~5jh+5
z_44z)j;ZZ-P7yCKZGIhwr>6=8K3xWB^QqpV-#Rd($<>B=qk3K~tKMW`s^OaO=X~P*
z-PCH%^F3uvP1Tce^e4?dmn*l|4?t_S)npfC59KK7K<Q9vPYLwDs3Z&ga`{i7005cb
z{~s!enX#4KfBr3HWltv<Rg50ShOuiS)y*w+NXRKOv^$AVX$YDu)C}PkE5*JuJkrEV
zVwSZn^@aw-B+4q)aJNkQlfjEHq*xVhxFewh`}{}zq(C$72o_;`51~>)Pg6#*lgypX
zoiFd5ukM@ex9QDH`!-;J*&3`pC$H1EhkAhCZ6E-r=#(HJoqYiXOjhCBP^a!(SyI6S
zwc`gU1-526BsX>XX7*s?LFvwwi7toUA%#t<bf_UdKX?yz9ZI+nsDvDNw2aU0+Q~7(
zkqHC78`Ox`FkKeZa0R~<cK!q*ie)kfA6<T{jAF%x1D?Mu>EqdIm*~)LyksFpIT(li
z1bK0aM8jy%4D$wr`rT^y#ynbBG#f#OE5h;o^2ZT_VzU{GI&hAl3vKv#2>k@za$(`i
zdN5(zVY<6seS~!d=bJWge9fn*0KL|ynfPX&C?He;xPefEG`50KEc~NL9Lt~(!OMcZ
zNGKIVXaasFOhGV{c@!y!glZAB08oY~U@eou7}&A}#wx)}f*g|ge?b1F|4TU+Yce$z
zs#ouTYoo&DHd^nmOS*oVOpge{I3|pCXCN#q*Zszxm}8Oj5ed?(3PPIi^Ns^#XY!Y*
z)i8sCuA>zzHHu*XZ^;Z*BPq;F?4?*1MwU2IOCMq($F`IF6SPWeZCM^qkfiOgUa)w<
z&l6cv-<sw8EA}om6_oD?m9xS3OgcdxC;Hcd69{;|mwDR3U;&F5(Px#*4N##9gO)_$
z--jg)Q(z*|RG$<rEsTqzfwIN9o)^<ZFjQ{J@@P%4&(Xj!zDeplztF*OjSvSWgDpd2
z1aOfacnHEhWdV+t^7wven`#|FfT%oo&4&TyY1B*;)M#+Jxt*^lI|_j6H!ca5+Bc~I
z0U8zjl-f5>Dlo}c_9X1w9{;MAJX`_Gz=5DJf&*~}0TKWQC>X{cCfv&`W8v{9K>px7
zJtjT24W|WPP6NLDYehT~yWps|5wZCoe7!V35>0e!sYzSs-@){~*;FMOoqB^J7Ptlt
z4wH7(My`Dpn(9&O23Y}{8f^Z^M1|`yE@lQ7fC-j^EmO>!<v|g_<8VvD=rxU<qjh?L
zCE8V-MDvfE!{s$2BM@)ZN0W}*$=YH*|8N`Q$W(VxqYjlVhN5Qc+t|eJ^k#?o%8btI
z=LxPa-Ogg)Jco(5&ObJ;l6RftyAEgPmV=xa@-yx|2f>s#Ph?y}ig?;Dr0Wn~HV~U-
z)p2hJ2SKVr6kXJx@FrqQxf^jhCvi@Z3zNh)%X3*LWZC)=8ErEg4TFg(sm@Qkv7QM^
zj_P|2Q=WsK>eu=1d6$bMJA5J^*$e+AbMcQ4t=7g;_qTv|Kxb*16p0ErZS7ClmyqNB
z=(DbB;}sXnD~7+e^1no_W*FC+OfO_DPRE~0)7gl&L|Z1uKpf>4;9>6-XLh0K5BTCV
z6`m~T4%*spd|oyTUbAkeT!R4a@68s)U*`@y6O7yU(7*O3it2D}-Q6Q<pYct%x|1lK
zFVV|QC)!U`$Je9UcGHC#*ryl^k4FSMJZozg9vu>?a`RQJ)!3fPt~@4g{W3#?i*?UX
zM!Y}C0<yT3t|cWP+Cv6CSk)&bpK~-#-W4?yW8VeOaMPM_EoyAvOE02gv+sq19k>h}
zM(P5FX4$$;GJRcs<j~+tkZ3`<x>I7V3(JlEBbg;Q<6YJ?B;~;B_)>clUIs!D?e6}2
zOE;_*EbkG4`NVcd334dTazj5`P+Tes3EUiNh0oiaE41$nk3S;l{1joBnKrU`YCs}r
zC?9dm3^Re-(Bl=1DcO;n<Efb$xNNa>t!?jRj)wTG_K4~Yjw|pBrDR7qKM++cxat{A
z)b{q<;h|IyzAvpkwwO(AcIURPn^6gy=&d>M%y?s3`aG{EQR5Yp|I~Y!rm&l7tUFvs
zuBl42ms4{7DN}1UuzpQL_iy*y;3myqLFab>MuFI7qXbP;5+IKX&5Jzaf5dx_>J(;8
z;)liwj=7G#jOriSC6I{55s8zf3C0kP#M#V0;Qhax2Ueiw82ew}j1nmT!0!d%U~Hi8
zKxb@VZbSE<M_oGy7hQ83M<;zNtN$C6{aT7$kwu$TIyO`YDsqp|FvJ9~3K5VD&Eg=s
z`4qY-<3KXi4zow=7n_5P#m|yqWCZs8#4|74kQl_t68+g3(>{Vz9<rU6$31n9-)@oX
zr|H;ss%_Fj^s^3{#<jaFSGIS$Rhmd=cwC8*)_xvO2S*u+rW}Fe#a4Vp3FBp5*`9yJ
z?M#_R0!7CxkxLeNR;*f83KdK(OquTvMOK_Ps$+GL(j6P7V44dt=o3c*8F>ZWtMb)`
z3tHZhGm2F+6-?t#0Xi1!G1`_$FIq(w9rjYw8$~90t7ffpDu&w>$yd{D21`v#?j3Da
zOXPz5dC|d5WZ`;wN^~2+B6V%ME^9JPY8f}D7Z;RON%-kY=b-EtjW{LOcIzr;%g_x~
z5>0<{DmW#FO!#T7HOpIVidf+Ji-z_)yNcwUv@#wal`e)H`sz-oY!=ihCQ+%DswKMQ
zswQ3DfSRWbx|BjYG7XBBr54Yp1a?JqRe%&mTY;)3mo%I1V}cE;wEpdH3Cvk{7-aNB
zt7%S2EJa%f*fFozv}+z`z9TVpNNZnPt;%>>lF4sPw|O*aF&{QNc#2=&z?m`0f~{{{
zD0{9|Q+j7rX%y*PWLGSXcQ0sNA5f?wBn$)5Eu~-$>bfEvxRnL7ffUAkf72M3Y`50>
zrK~F08>1;)6b)6iz~&pxS`3kNbnK%^K)aaNZChAKml%sqJZse{TMyUjsa}yBhKOWz
zP!s|6qdDXauHgu2V;x1Nbg%C(XB8I?+c;W5w*i>2X><Y7HCH*bv!+nNCE^xA%0ra8
zbnBEgHOw?!VTrHRo7GUSNj5YW#22)0dQ4EPT`5^Dt$WpNAZ{z@ibUkmZd%(3ITzKw
zbuanaq6;+2TTc~SDh+y2xluaqTC+e+*wBOt^&-GpFp~a7R#8p-zUAgMWtD`clnQ6L
zV9?yZwX(+y*US_yrbe&$SFh7>Rj+BMnq2;Goe;^lqlXnAB_P#l$H!I(l6aoSWMwm%
zD69CRwh-PJrMc<t0?whJZr)fo$z8qKRI|`vPQ+X(a%#L@+WB<xf;>l}Dy$!>mLWg>
zGMlrlthYsMf;<bU+hFAROIM9&Jka79lHWw^+xqA|IGx(SH~J$PESeN*N3MCuJM`86
zQa~I%>#YhsLZ)h$Rt1Zp&PB|1!bQGxrS$Nm{GUQY16$<c1_in~uyg!uy$I79iWe;Z
z7%`gM%i?&1Oap@|HM929;q2H}{d=iS9FI>wx{0b$SVzkF5!$Cza3idD9fHTsHePwe
z0PvS%l}67}4{WSLgMeE3P_pICDg4UiUIE}n_qXR$;K0a7MbYEM@*a`i-^)l?AY$vs
zuG8zYo(^!F=}{Wd!{n_Ojc3&2kDIM;I8#AN*O$-@MzNn6By;ZhoYN6VM{vf5c-<t~
z_}_9|{HP1?Nha>yPqpFZ;A+ij_V!$Ztm<TIHMBBvTiAJ;JU5||pxJplZeK>(MKX^$
z7CTu9l;Bl3M#Pai4tI*PaAV6^$f;QPjIyi{4KgREv!-fsXIV`4&-}l%Dj==1;LDe7
zDW#U6bQJR?OCe`|&z}*5zudw}OQp=h5epRYO2}hE>l?Gw-KMv?=d(RZj!MxO1?6xM
z<~JgXnUI5<i%#G0h>S3K?;D+X`6_`r^C4nI{zD%W7S$dty{>w<qRyuyzihV)QNz{O
zI#<%=jfksGtc|Cl`B~G#GH!O~c_qg>ZT5r1l=1S}s31~>@|OmadqJcEC^xCtbZl2P
z(X~<|&tHlcTTa(^P6+0PFx<e0G@XJp<~aOz)k67wV#{4&`R2V^egT<FPW30(sA~n8
zQg?@Hs#eRZOYm6+!kdlW;Jn49Pj(o0ucv`$E8@kGcrc06Lb{kU2BB#=?ghKyww&4w
z=@igZ9Ft)pDW9Z-1_N&0D1I}J&s!qxBV^M+>ZtVFo$<!TyQnfFa(`{g4M5EHDo;0K
z@_q+OGcbSVsFM+?0_JFre=m-L&kfEa*lAZn_XFHJ<tZnLH~O3+PFc7V)FbSytN6Rk
zR?@7{HJDik$rVrR7Whn2aQ}5IG(i-#FmVwi5e0*JJm|q!*h1>*Xqc4*xgo?(yN&y$
z|LLMMRITx0V`jP{X%t+vL)aBR?LM#8UDpV1)HyE%Gf{$Jk}%E!(E0+2#5vfGDa9pV
zY?|B;M6u_7zkmTgvOj?<GQLtdFlt$yDk)=lPHY(QA%>WAGo8g33Nfvuco7A8*Iu1d
zE)&&13+p2BGL#UW)4I^y-{d5Hvk`&wbdmhd;ENqrg1Z?H3vsmBSzLk}xo-2KF0}4R
zPEh{?>{akQ>|6))&~u9bhRVl~C@;D_-m;*&I;Q;?Yg{r3#^K0GB`P{nN~dsqUt+-!
zTrLXNog@qKU;%_t7s)bYv|XuUA4|$ZNb`sc?9Im+LJ)*KNd%5WR9SMuVX(O@`_McX
z@TMSzV@lH!QaR@@S=HHQQ)av(SutlA$(&RrNwq)dzlz#Mxf+5X!Wz>1#`<bow@NyT
z?>}tRu^KsO;!f1N@o*b*tAgs?s!LU1|LWqY`rtpfT@ai{aG%w9KkbE7SN+|DURLu;
zryu!!5K7@g(t&x!)O~AJ2VL$&|7@4kidH{}Dw<TH>nAJUmwxV)XeL{saXM0nvq8j@
zJ1*bU4ag-iqq>+?*mz7vq*MDBrmpD2>7<2wD6i_r;sEa4Q3R{srBO(fc48#9WsXA`
z{_%fYmG@&J&l|o==#!k^7d)>W4+W4r5j7b2Z0(PEyc@Z%LngE&zF&M-L!)fb^onBx
z?_-~g4d5)OEoet2SX|R;HwDXOWFU*>zlFPRN`F~3B+r)xd;9xp%-1wZ=k3*Nw{E=$
zFhjcM%Rw&0(Zd5OiyPX!ol8(ICTWxlx26s?-Abu&pacx8w=RAbSXCPvlSUB>J6=VK
zLx#KtXCP~Ye1MBhm?MuYRxliB$dBX->cRA*lpc_6*jqB}gooUGQgo=FK)q<sKm~oz
z@ox(fFNo`idds&*l90gnQszTud!zfn)q&f`wi?haY2E-qKJNr!Uu;G{mfQa}7Jor@
zaEOw*9;QDVX#tGHje=r$zF+x78jp5-+Yrcpy-M~hv47NA4o3cZkrkmIF$ArkHW3#)
zc+ozo|KKhf)?OIdMj>h5HK}P1<ve|4*vN(?KH<QpJxZ=UYShUc=nTkSHtg;fhJf}4
z(^SL|qoK+Kcmk!o36>Ltb?4i_1)Pj%hMy?P%>rnLTpCr!!(%fj^NJ1`D-AU6P52VX
zub8+ciyM|D@bME~iHtc$_>sv~%S0J1UfcjKCpwzEiJ5gJzZx`>9rRg}=fJQXH#`tc
zxtWT(a9}`9$6y?rm0)5?5l>%uy&xaSZFW~O`dVV7e6;JQ2sHsqMgmBO&r?=QCahDO
zD)RP;Vwb-1X1-K7f9v_NfY7Bn8YN8iw95GC6PF`!ftQj3o;GYMr)NubnZ$#dhGJ2j
zIdL-VxRwo;aKv<|(BJ`8J8CHFc}Y#39w0m;$A-u&WY0mQVAwA`#)oBOA~B5d#u##1
zo%hefN+M%_89zq=Q+Di`1vb?XsA(g~mBwf#ow9gkG}*K-1MkqZ&okN0{;#FNQm!2L
zb0(Kk17@1JVWV6&sb=~GkTFZu)a?n_8>SVv;FbVOIQ3%LxAdgpo68>A7$|=Hu%p?X
z2k=o9W+LIg0+Xz%XvNT?2%dwwlQCFR!07B*M&TJ#?q{IQyUVEl>`2>5Iea^iJnQ{G
z)4g=Yf0t3pnB)Dw=-#s!X$)q@G%1;9QxML*AwZ|3l9AdpQ@f+g)7cD8df}~V5LD$x
z>m1vxJ|fcm7<Go$1qFsKnMZeIaq!{$Y6OP|ocd3ElE+UO6ynBD(<dK0!hNvjD%vO$
z5m=2}{7x6kPnV2hM+waWL%ngS#<zqD3^7jfM@;xV77dFev)-#54AP&OM#wu>3R@B_
z4LW}(M#JsFOqaQ7p%!qd2Fhyo|BQc}$h{)uBlm%|27VXhzz{~Bd^Vgam#3>5$9IMi
zvX|64I=JIbgi?P)(ew~Tp1ap}=GLB2zyfefN3R<~i&bOw;iPE8zhx;IvsRe}px4!W
z@%K*;kc8%q+?Fi&cxTn37aj{^zBKaxYd(ExN`V}j$iUZCSdHxadwO_(kKsk(7dJyZ
z?B8psT!y<MmWfNA*4fSj3?rG#@~wS0F)Ot64s}_4Qeg+rt^1$`n@y9y(}lYtz1Dy6
zio!7pZE+pSqcdw~G7|FTm=9q1wH7skwaOCttr?{Wv=w`vVUuFpt68JjDfOIG#NAL^
zQdq0L=JO}Do6Je8^)NziMyq54;x9M;jK}!7GqMS@{ZK|C-)Oo*Z19g+l5HGp^N0q3
zVn3`CZ45Ly)Oe4>g6bfH5l%d9{{$%8N9hn1NcB9`A09l-U1+Eb(LrP%-%g0n$og22
zD!nbCQq{2Yfk`Pd%p?-Y-D6zDI;iJP@touscx!*splTrJpzF?&ZJ_pt+uQxWI?SUJ
z<)pSUw!oUht|DY(s%lScyta)8c90Y5zH5dzyAm!ie|}po(f2J7R3kG6$+7z>-S8fI
z#2~a{`ExpR=UHoPKRgla{&bw<cEAAA3amhcPVb{D3{d#+4^Q$>Zp*D=<8}b`0i*dQ
zYCRtxuh;kg*%8Fm3{(WC=@$4yRUe~e*MxGc@%cO5yC~dNb!KbXpEI9Z!Em1u28(y6
z{6nQps!jzl_Tjpo{K&ooZ$%UXKgts1i)lOmhQ7|abEGxiqA#Y8&fV;TrCUPPD;4jK
zO!eqBVTjjHgua{E(vl##Hxp}fu_$zz|04;|c4wG*ht?xCtds1b9iV+feu)%kUBZZc
z7U9Xx#tX<7>pf0r#g<>|Ds(9=h6(2brI#bleiNVhQkdyV0FGYey5S&nNdxf)+90*7
zQB;{P^NQ<&bUeW)FhhmA0r1=sk7;?8F;4f@{en35Ee3W-d00brS?=_CqQ;|t2XFo+
zSoZE+>y=ykvf+IRZI^j@Z4_H^74X3aX5`)Q&1;pzJyAdOs=2!#D`chqgt&WU7^@B3
z>Z;#M2K>p$Y?DSr>78Ivuk0m`IXl9u+~gwj36(?^0Ne|?<HGyYfT4U3+5f4Y>|2S1
zR{7Z<$u~sF)k)x?L>FL*#_*BCgR1kE2_;6GY9*wv>vl<1sWp7(WgX{h4x=9?FX$=?
z`!HUr?@ho^Bu|u(M|J(rJieW9SfL*WS+`Xi`_n$yy9^o`@1zV8RX3`Rs`nFh-d9P#
zr(YErq=x@URhvUsadqXD9`uM3z!Ug$g|d58-#fjsBwzsX{ptAX+42YFHOAmRD{722
zY^(+9Lj+5PSHO9mwYtCC+LzjGa)8t;$&^+7@Fn0Aqj+*jX~(r^`hF*_r2E0}p$RWz
zr_r}NPUO#RbZbnF58pR{$R@^ak8-@cU*#Ac;AwIFTJw=Dus%u8)cr-_Aum@mJkqlM
z<IR3Mi6D)ymz-Sa4nR7^6Bz2ZXY3W=OX%#&7r@VewKx2Bk?c1B((+3v^$+*iN5M$5
zV83YGZ3*D_$p%vQP)tt<@oNw16rVuM6+Nj#<qAD%6yJJI!)Gk<72PVhIiBFUF8J$?
z65Kzc@;rk5*3*Wp+r<|72NAJKC1kMY7V4j0SyP8AasrQkp)bs>?=Nu$a$wl@CZz{4
zq~(Wk;-?y`6_PcJ>kHq*qRhX9l0K_f?k^JzXaRBobOA8YFYBceIV;qyIpjDTK~}al
z<#^1m8^=&IteZ2HH%uSwA@uZRP47!T3fTWs^zXZX104A0pdsi(0Y;i%j#~_<)B1-R
zJzg&cjGGw`%B1-87((-i;3JuU=a4oR6W$O8^qW3I>Ir=|jGK%h7ixYE)Y_Aj9{QRO
zY2k$xgy}{LQx4qSq2R-bAQv5or|zH|MbO((+@z|&<MVd&PX|!;3Xo6z-P7#0fEf>R
zzZ}G|F%0K!+CVD&DN4#v9A0_en?kSRh#ANuD}83%r%Bj0)Yv9!e;d->&-&^*8=bJt
z$uOtuP@}Z(O|`q44=3*q{MA>|D;cc<j_`KOYg0Ye=qp$1!j8yb&EIv=wglMYQ2H2<
z&!mg9Fx|ix!%g(r7X86M_Mu=<N18bPhnO*yXnHQ3L3?hu@0g??y5EzeUxV>HG`+I>
zAMjhpL}y<$1%U#Mq46221Ua!ht_j8s()(728fUtdC$-os0)jD`f2@$kBos&L;v1v}
znhWV+xCv6&mgYy(v?f0znQL2Xj1OrKUq92f({DLHpX3n+@>H}9<PjVqb7}bwshmTL
zu}C?Hrs2PMqxS25RQLEIVD<44)MB@GsANpKwVOuez!E3sMV&pnnyO6K_Evk3x)D!3
z_gx9cj+}i~Z#TOwJ-#mX5nD?21pAJj52+#xcU#l%$&TyQhfMabk%#yD2lcF+9O$2Q
zfrm{tS#D25v7>^lrvS2G<@<dG>?zcdstyHHYN%3A@Ajj!p3*YV&XhTvQJ*rmYb8a0
z(<6?z@SGYnpNfRTjuoDw?#>%yk>Ed@^t5v)OebE0+UqvqD~^K4-EwGcq1N*H8{w82
zv}qM%8>tN;#Gu+K!L<L2uy+g+CG55|%QjEhwr$(Cty8vb+dgI6wr$(?)O<bD5%)&i
z?ud;1o%ti<UAgw!&w9yhGFD<~zEOgzf=kGjwQy2Bub-BAx|>zT+%MwL5{aolMwj6A
zsE1t}IPzb@Q{f6xMLjavXl=Kfd$8#sXKAA>P>wUxG11fDVI22fXLNKJm+*8Pue{Up
z?MaI<v#JqU)5TI<LAto4WsBmo7ds!g9GG6PLgB=*YOY{+s`=4pQ&ln{q{y<#wxbu%
z<9)J|z1>ea!n2KDZla50ZpqZ#uG)LmVc+)_u&pP{r>30QoV?Q5HKK`)IdTBZ?}%wp
z4zrFx8FtSKVWHtEcnfPbsbT$-a``9m%eX@<bLph!MoERug2%<Kpiyk0eo*>ezWJ;8
zu<3rmF!1dTvBGvC2rovi{=r1j7F8yih4ROt#S?0X?lG&|hI2WK<73#IUXi*(Z{io{
z`eb{;o9-7bwc+*oH>%r;`dFsXoSH^syR2U=YtFMlwY^BtEO;#b{vY1Ls&nDEg@Qy^
zW)U=4WbFDRdv`?`LPM41aoPO7SXY7O*5H|Dw|#As`_yv>Z2&%_9Cd)EM3%8>ZOEwp
zJ?cJ4B2~B(sTzVs5Q>6m5#tlIFqG2F$Bx&JYY9Aqql_<8{8_%IQ97qiq-L6DL<Ih;
zbawYc8n!41!wwVyQ2I9j*w%sAE7Cm3SMK#BE;j@l5QJKP@E8{a7pWHV1_Y~tL>j{l
z10f6~h9OP<%%wmeKWWW2DH7ya7n!e+njku;k|KkGmq*_|UH)&^0u8FUhO0&+rmKy2
zmqLUX8$Ui7GkyqF7#eLOsL~}wK7I(+BqA+$$^q^nbP)CrI{}$-zCZ1FC`8a6Afa!J
zJUIebtsA$N7_T?l`Pfh6=%9U&f;J#uR01m#Gs9+Y;Uy6K-?4>L<986n11K3LPvaY`
zv5nL((;s|iaxp_a%<KFNxFa<yEu&QL2qo<3(ReE=#u-JPy)E8&@7?T7sf9)%5&6SR
zMD#*#XP)t+nkh+}60@X?osmfJsP{y$Trw?{Gi}J~?zx>VCHHUn$@0q0%n%|+MN%*i
z=SKs_H|%;2vhy9QH1a%P^#D|MKcd!N+Ev)=T|nJkSkGOmRp@Vf05=5acm%j`d_VKB
z0D5+iGkYXP0T_)q=r?%)5_uT(e3)th9A<v#O@9ybV9#5G^?YE?JqB+76M6u;UDVDH
zf<GZGw^UIBH~9V%ugInbaBJj|f6M$LT2WNwQJ3sle8SgT;hg2spXBinR|*kr`H`82
zWX%0jT2XCg(XM83vu81M=5ToCpu6V4U-Id|3=u^2iAD1v3K;;A86e^J47dZz(?ZDT
zftl`5O!q9f1I_9HW{lvD4M0`*U(_R4?x0i;WIBVNR{dn$ux@%$HUqHaA?{F~*#4_&
z-@)_wVEo%XfdUNxK=wbG_SSYr2G;+-b^o7nuZb$G6Uq{5&f414q&3ogeS<_?-0i3+
zh+qN<AA(Td*o>(JECH-P(6B9ON1}1RscClhr(n#S8^Rp`;9DjT7^-Zn2niU?5E=wU
zicl5Q@;M+6u8*ww5?U<;8b!0K3%E?I<8-#`&P%uFj`vHq`vWD~$~0-%YOA8$SOJoa
z1)@OQ3PeC!W<f-Bz&Ug|PIuludH}BkoRuKGd9tyDk<h<+0#IQV>;p9s0c4{>YkhOW
zECh(xYeedCN-6$2a)XLx93-3UgsfaMWEB;KwK55LixU3*!CJj!!3;WLa~kUoY=lf=
z4VYeQ8A<KLf@a7JIzu!%s`?tGWM&0(m<Wc1eQ3#O1_e>=LgJ6lh|2JKv>3#tJbX4H
z2}ntUsZt8wKd6hgOp7iuP$6qK3e9y|$leC!VnzD#kcO!xP(Epln5bXgSVI;9Pc7m&
z1ylAoC2HYY2sXX{f*R?U5L0a8DGY<<$;sb9WfYCuH5R@2nb2|Klozp;F$t=C`gRC0
z0TzfsMKsKjtEwW17ewJzP0^3+J1_}m3wB>34b;;rdx2~;BmX%meoq4|5d~L*?ck0@
z&d4MC$a{;z8Equ-ca)R;>5IBRHj(5fhOnes#6g@hLpbC`$PnhNXJ<qRKS0>0pt>O;
z$5{y5rHE-!yg<nBu!xGoQqiBT@Sw;k#0C*-ci!H2LyGrWl&;B#<ZeysALvAP=o}h~
zRrCP9av@?<@TZ_}<U|l#_LJffCgPPUx(s{ShgixHKlA3>|J};2-RmJ_EP_|Zb^#~+
z0BccLohFEqq&U29rN+K-R(jvI)E0sRIM0U(Dt#mXUaN@p(_kbG{Y_&~kj-ciczwY{
zOP>IoqEF@^d&quqMhkKVF0abt4OP|c@s>)}InbiaRh7Wmxp3{TTVoR^RhW??Q`tO^
zc?UK51f^rEWIuVPpD85&GXs*&iD#RPC*n+mU??`Yp9}&ED~Ge+?mvqP90m@&lZC1n
z9)A^%X)%&CV_)xbrOyczG3uRo<Lu31#@sIl+RlM2`T!I!xEs~)B(lsLLkCEbE@bL#
z31MRP0=$zaE+t#|Wpif50g?ubt`O+RbHpxT0qGM0#IptBc1oa*5J4RiwN|<fMq>g_
zISv(~Z09hU&fpNy<pK7u!nsUaRrS)=3`}4IV?DJy9rN19i|c|5Ns6T1s^|A^^U^9B
zn<gk6VfNS7%{*%oJyDe+O|0Z&W=j+^9PBcc4@zgJV?+A-{XUBS%k`0dA7`Se6Zs!G
zHXxQwGtBEy=@+G5o|~vkt;=N$>mfVQ3m8uJ&};^ztwnXS5}@752sv!@BMe&{>*KJ}
zC_Ec6FaZxA$#`kPRob9sKzBCHuy`g-vc*~RL?<99?oj-6<86U6VHU##aZ-{9!i045
zAQX&VX~rgDrHfsz&FhSe4O~^ny~c6WBRFi^x(@BuWp<hSI`6fF^SAVhJ)NvAt58RH
zvrrFvTadG<U?pN#(`twmcB;*?ri03aHFho4ei}oBwCIQe1NK&xsT25!fT)H6_2_pS
z<X+N-WhG6;%$tWr)i+7YE-8DLLxe$$bgz(Xe98?$1UwEzLutT#{z`n}Fj!)+L7@JC
z)u{#&T;qT-7IsL|9moXZdssbWnN9Xk()4!!(hLvIQIteJRAQqnxzw?AuzSC;bU4O=
zL9+nk^jDs(UNe8=*vtu=bN7Sead3)1rRXt{?$_*ELM?9XQJ)AZrnJXt2gov8ZV3YO
z(s-h_*rcHh!OV`949-%?MHn1Ez|<|RRxcGz52z>B%5LxD!}n2DcGPQPCL3Al3sQJ)
z|G3AD(ivRdU1uV@^l-<&jh~W4KEA)Rzw)OXv2SW*aV{*%yO$r=ZaR`<C0Bw=bFeoZ
z_cIzj^xEi~O*W>N7f+x{uF{@wYdqfRt}xfo&~xgkz1mdT1#cRPmMUGJJ70E&LjU#P
zR=-lt#?fC~fpWO_e5#2|&qe;-(&=V<<KNWFc{LQdoeSP;(d+T}dwEOvVeiZ@<&mCD
zMJLCn_qX&juz+jENBPtAII5;)r@ef+)SIGFPrKn;BlF<y;VPAutSD+*a-*lxy5bd-
zrNWE-<nkFk#+n1q)%xYz-DU%q<B0w7Zo07JDSo{fivwKu#$hLyC#plP361(kU+4$u
z_|a5l(Prcon$73i!E%pJb>1_gyKPy^-L2}6xinAX#X#q^nPmvn49rbB%SU*kS?oNI
z^%fPK?H`WT=iMvxHYE{fEIZ$izvhp7eLL85qo7#bZx3~RDKe{fwjNid9WH!p8gxT0
zLnzrDcb!j`1IZzFc6uH=e>)#?;lB$mi(e<iph!QTZ{HW2QC*GnJpWZ(@O2Mgv@CS+
zdD>m%^3Eh@;&FB#)*l@o2VNYP*kQ`|WH=o*HMMvpUM*h<C-2uV{d5$yp+|9!q?l(w
z*_82_U!J2$`O({=iH0U2*8Nj^9a|pZ+~Me{f5?X4!K}7sfv_%IC3F&(?7++ig*e`(
zp=QLUVwr%_CTUl$qY$L;{prwxG`6zRDBd*oGWyz4I)!UJ>BBKaHOS0N%uQU8Ok!h|
zqF>+E1HSovJ#<@kD?H~Bcir}Lj<?4loS)~;S=G#Yn2wvJ{DbVxs_LMgV3)z1Ri#D>
zldpNDl^m;9MJ4CM<NmMj5!z^#wx>nvf^%7i{qTO8a69j9rrYoj?VHk*-<~XwcmH0h
zfs^eg&K}QBql1!cyThoh;`@dMI1D^wZP<Jb+0Wa<j2*tdlKL}iOs>Q!!v+nu%n`JP
zhgDGOnUs1HYYwe`kF{WHl8&${Q}hOw%bC^U%fBw59}rqIyyNeyV5<6GKfwQ0sCe}W
z0zX0iDiqlNt59*aH~VW~{J)AM{<lzJGcaRKKfIa_iR0HFwH547Xf+5Yz-O0O#mNJ7
zL=r65Wcy%}V6}EhU0aKjj{~4IM^%X8#DpqNQKcM#`1UUjLZMzhmpGRL3?2m11fdA?
zJ)L`=HdVZJntn6A_I&ZY*?#Hz*v6Q#aV`dlf0jw^_^VJnPoIbn17K*ILjC4l&qmtf
zIWXr(cPTTNVWKBrAQ&IlKX_>FNlrd?#{j5tPoa1Y!By>-eGCoORR|*F)JE`!Mff0T
z9wSjvHH5JGj3R+r%*51K{I^yNz(SE5Kh!XS?N~`OO_-RRC74i=zIY5hMvB5guLI??
zCrS`83?0r)94F!unq1c#N{R4TrC>WRMN&!G_Q78aI_>xcw96ljqLw?y91A(ZV}Rf%
z4KbijL$TAQkMSP`N(w#$z9m`!t-8LMbhsi-x7)-Y3Ahi!sk3kSK{8iMf&To~go3X9
z;gVW8g(C6wGNixc^OHe^R3sd`ky0tFdZl{ztP+xWLzzXbQHuB&paYym{DLW+HWPsn
zi)e*S+hH{_1)7EVVHU;Mibcc=2oZ`2`&O*u^ASNPYEDbYlH}N>2Y0n>m`eL+>ze%E
zF|svu`HlFeY$W>$mrpEGh(o*fMZ{tRdBu(7lGJfXNuS}S2Y<_viQyH$%jN|Io^8r)
z=JW}v{U>GSqKf!eHqwXM4cU^>LV=$<vTmKx)Wiaj1d57;zVr<b*Wk#((!?tb14-Z$
zy)cJ?3P9rdDeVS>{Mh{kGwJg=qq&D=FZVbU(BgXup!?!wRp`~1jTHZ2lq_RH`gj8G
zzd#Wlg9OT)idh!Uoej$N4-owk*Ps_$?oYCu3<C`fl2)frpUVPSD|1nJ#l}!-kxye$
z+l(}IChCSl%qq-e()fq4jHKW?>qSG_fxR`F^mZW8VqSw|S<`2T89AmqqF_9ZB#i4|
zjCWjzg~2Z1MA&4<up<sv2FyRvcW964zhpoZWAlS__m?q@0=+yn+ACGkh-e$gPJATZ
z`cmG4DcTeAzMhjCFP>S|0$N(hPhvf5df>f^atb4yR{(`Qxf$~f5O58IifpwqKs{2K
zGjV?n5|ujCv`+O<x;nb)?^vx$SSbjV{V?X+UQs-#!w9E3bit!@26e$wzay~?;-F|!
zW8+<!9)eM!=E8w_X(E|Lh5jz<T@b#DfL?Qa4|N)2B9^GxKPNb19T<t&B{aF%&?U86
zjyR?1u<f{*sj*}G1`bv-skpUD9~W#1GstE{n^Q>qn0`|tX?sZ4%!71V=~d1?Li!u0
z4d(0?0GgFiHcLC1=FKAOM|PWvL=EEs=8PZ?1YZKLk%~v*(SIO{xpBvbQ%SuVpvG!v
z5~9*%RFTKgAU4AcmuRl|MJo9g?c!}5Q!E(TDHhh%OUBD6=$;(%2+C?_+(dGYt?(V`
z+=K3JndHyms-ttqdpZT|_<wCvVW$kp5}atOWtLeH;xd`|Ws#pOTZEb-2Wb84Axr8l
znM|6YN;2bFU1@Bp^dAJ;KCzM~R+4_N%*B~?aStSW>)tw!3hN+fOj`5SJpYOcYcKC)
zXz+-&&fZIa%v2Kk5%uoTF<DXz+=pnvE|s#9O_x>eJ4Ul+=#q4VRWNW#`T>VpoBmGx
z`9JTMqGZ_`ed`1m9X{6TT;RN;kdP%BwG>^f$<yHL>eTwNO1~b~D919T1><peJbPpM
z#v!pNA*y-2@H%6?g}ZuK8!%Yv#`V10rt>yR^a@{py@5bQfI`X>XT>cTnst>9m7mwF
z0+k<7vfoz^XoPWuz5r$2p9KwK9rk(XCe0!pVF_?KAr{$SV91=dU582IQUbIXH<JB4
z+{XJtrg#^9fu6%F68j{dsHR9iLGccXQwyfm@-QI~g_=>R#tC}?Etu{i<VkA)HwY+x
zAVmNp05E{Ut<?9gF`#+p>fy23H|*Yj4<ly}7SC?IAlXca^b$8GfQe7v+<r1GSAJew
zIY8u#2WWsL+w`SEEu~us7o>hlcol2K@9I-7XU%A?A=7l=Nv9XHf6Hc9ijU~ET3EiZ
zy{8p6cCTlhh(NqAY1(_lTOfH}>O6cY{g!PcW2@FeGU9+9{^-MaR2Pydw2+S{?<+~o
zL_+(z&+w1}H$CcFyG4{uekOJH`1&p-goJ|UW;W~|Q<3TYSgy=0y!bktKCIzf-F$X=
z{M0iY%`L#gb!oo#mS+d^ZLY05o=0yfnQg7KKbD<LUi8$<T5!DHUkey2nvG#$Y&4s7
zE`Ci8s~w+!1wTB5On(=Aa+7HOiV;hn&D^Gn(?k37Ya6`WGO1e*ZQU0ovB;f`11|$x
zkCM86hxcnW-n&f&H5Fepysb!dw-<C=D()<n)~CL}d0yUbJI8{?V^<tAUiSwxwP`#J
zmPayM5gp0$AOFyd6<BP#&adtk&l20r`+(BYKF9rY{wK4wsur7S>#Mak=`KQ79>*ff
zyZV-jb0sq^ULBQ<+sj6-bG!}BhMR8Bn&usqMkljXo@pOmhM%_tNUq2eo!2veHF(_b
zOP&rgs;>@~rkQI@4?N$`(TUW~z?~Gm&D&%2k%?~3ud1hyGS`>81klR|CGL~So$6}x
z4p#QnpVcU-4asiagu4`#)^;;73!%QHrHYupJw5DqfzT9ut;RbkO38FRthP@>EKEPn
zx1{$eJ=x(-oi*6DUCs3uZ_YK>TkPDfUpcPt*WWY2WatXH$RlW}+0-{W4i^h0>kUFR
zJRXONFY~G2pQEWGyqphiFNgU$;P8-mT@6bO^jj~s6Xgr&XGaq;2);DrlUv*a4<pe#
z+EjXaUH0F>iFCAQ*)8QC-aq@m&e?KZSiUz`{=qT}AKwbC$Lq^YCU%q8t9TDe2dPKb
zlNwsoy9;K;T5~IEvfisqhizQl`<r(HHwmRSpe%E}(M{}XH8i2R8(?3bs25+FGH9pG
z7;%LgXUP$S18mI%l`1}w1mbzmZo*b^h|-VT|1Pyp^nCB-w~x9gz>z|=Sbz>vHNCF#
z%>`xW13-A*Q?s2)Lo$dIUL!B#ic5$EE<We*YGbW!s&o-7=BFP+eiWjvZt?IUL{pF{
zj!3E#&Z-8veH|e>!(p3lw^!$so@evQchZl)r$}Dnqw#p|qCZw_oHbsUW-iZo8WTSL
z5gjD1BA17@OnI?i_=og-dRiTfG_id2Wc_UPM)>AbIQ%=n5uS2wm<*l3Wx-?bv77*(
zMz-SRZZnv^?&kx^-SFI}nR_2tf1ZNpdovtsyNRz@t%Da_?yceT3K)DUHGH%+tWSrW
zbSsIYFvOOIWXh&68prT2Hx)MJZSd0={S49=q&BrRvP|bJ$!W`OOSCZdlJ<jSw2=-9
zXJkY+LXzfcNH{ZAWwQGDZ}{1}l;G9T->&c7U-gLlf3Uc${y%5y7kKc9+H!L-=yILq
zb>lTgB9p;Bm7G+fmUSpE1YNO^plu+L>Z}YDzV~|V6^?x3)#PoF#yY296D(N_8WfRl
zgwgYzCk+C&p-I33+FXrPXo3_}Z%HL?QXtZ39u-gmxBW6rq2@B*adYyqebRN~iMMfr
z_1TwV8?nE$K|jm4d1HH3SjJB#qR`dUoU?4*q%T)dlALZF)wy>Mx{<+J-+rZRX07A+
zq@RA+>L;YhT0x5hv}}xTwI@B-{M0G6$uY2q!(7s#QnJ?y$5p;_rQRG_A2JoMuA4cZ
z4mmLzI?lqR%4-(2Bxm7T>g?QM)9O(UpKKpr*kLfmyfoRGlinCnov{Qh+hm)m=|deS
z{%V7&GvFjB%4=3GA{Kg(Ek9jf%B;3zvr%6GE5#D+<h+J1jSkDC#W`Rw>ROcKwglNn
zL8Zm)oGg5<kJ4mFNAjKPtK-@~Ie3#`kc<oy{%|xcZ3W}cLP81G6>(Wng9=r=FEG%i
znC@^@pqsoPEoK&G{$0zlH5COeg~XvcH+{<Ol$Y_|XscS<RB0Nkl3Y?ff%<^4QhRSX
zyvUE1HLCeN$5Z=EtS)Z}MXM>2hqZhy99+0b+%z|SjuPBUE}hJWs}8OnHjE1=oMNB}
zWl)JPDxol%s4h(*uKdRduSB2Bfcii{LVAs&D2!Y%yzz3(f3z!2)zU;f(i1AOxVnlw
zI5~-!(jSf_rV~*$1r_D@aO;bWi!ku3EQ$;4)zZHUOGps01E-3noP!G{kf%+uq%X$&
zP<IEHh#Kf~uuB>G=+pp%z8XXa)mzLAw5dQs?cz|)pmD7Vi(-SnJ{}?<z9FWXO2&Vl
zrhi4HRtiK4a8H9kJBz2<a1%y5Q@An2S6m1?14_9CfC`h86u=E-lX`fBi-i`d#aQ?l
z4{+BG8Y0Vopp*zR^jJO+4x<}-)Mi2Jf9w?NYfdhZqeMJZ$h^aNmtG4#i!AC&P-_==
zTs<h*O{Jd-{s@9V+P(E5W&|cIOUFb^&Tug=$Vuk-yh_qW8HPz@#RwWD*CwXW2dOx9
zfR(4EozrfV3(Joq3{Lk6+RsZ5NI)=QKu-x4ZG?l2W+*OEDyz{TVE!%J41@GYbVtds
zl25R=h8actyM!<N99=mWUKCB-2so614`;$PUM?xdjU9~qhj5G>H)#kZQL<zon2@=g
z-?6S}Ryf02*%GO2Q<7(jg=SpGQD=<8VRj114tF?CAo-X#A9Tr(5bFLoP(_=%(=D3{
z)La5eO8lyL8=Lr<-_R;|)`i5umZ8pRN13#lB)FJZ;og*>4jpOZBglkY7-^4lCWS;@
zx!Va{wS-Oz3JDtkekoS_gY`aci&4cdIR@Aogopqv3akRC0u1^!t>$*+brav6mx?`L
zrW~~5;p@;H?!&7;Tv>naM6B=J+Xq;EazsX7it@Zg`F5i_5YjCDCsW{@4!mRd1i`B+
zRxQB!&1+vzMZxUJ)xLLR3j}@=p^ALyrg-U>0G4)tV)yt({pZAJxJJZYf7D(g8(yD_
z*^z(8)0pWT?h4cAq#EzrkR-dCIOlufGj~VRb@vhLMw_?$^9su)+Q+)*wsfUQ??#sk
z{bzq3=Yp#o(c@eA@IkGLrK-o*{&uVSHDhCmXGHE1Z|6Cmo%?g}1y}DUw5p-)YDTgK
zOm?&Gd{e8&E{cb#|H}OiFPGcF_;V_k&Wl)vr}<;q=5*L|I5%s{+IRc@z({M+7rv^e
z)877dw!}Aw&+GEi;H6(pXgb2ODgW(DDZQa>L-To|>7*(=)J~`E^X{g{)An_@zZf{z
z#$fr$PTj5i&Cd0B2G9L=O!?o(nkN@{V8**M{*UfEHw=fd$!KNEhsWbPW@F&fYnnOP
zM=J)kZhpt%$JkfH;)p=582!#oJ8NZdHfh`Wfj@O{NjCS|th@Bk_v-|-*oF`1+`H*}
zgU|_@B^iXj+{M9qBcNR~5{;BYq%Vu)ULHeAi?vR6-II1Wf0kO;6^n<V;Q`GX_L<QM
zDijy2uj#G{yM#)W##TqWSwK4nk12m+t0PFa>lAjY&&&o(%~-yFDKCzj(F*uS5BBTS
zV#?~*=R!|5SG~@sVac^#@K;}9&-n({M%UA7aHtp`CI;tYuFQ;av$vaz_;W@_S^iHo
zEMC`l{_S3@Z~e{9eR*!SkMD`hOci^Y_jj?9uZ+l#>&zptC!V+a)7nHC+uRdZL03H4
z&4R%BM(ib@5(?eDLU**?3D+xoPgYOJ&0)=v+8w0samO3hYtv`+r_3jQPq^G2+r!r<
zm=BSN_kVLw6iDAcF@8rp^aua|IRDcbXlvs7pCiyl4cZCW1TAN*XzJ4fyd?cm1R95v
zre@Y<y@)wjku;c@hNekgc~C5abOA{`F-?pjQaqpVbX>EKW>NzML@yMy9NKNL5FFvI
zZa?A@cjjN&uB67DfSMXywb;zIFJo{oL)OR4*G<=tE8b6+QptCU$Pq}NY`G&R8oOc3
zI;3Dr3Vzs{wD9$<@aCR)EEjpr;z!_j+BTV37dbZM)2sJi;*9g?(VVob6#A%PKe?Az
zuWJQh9rNI6bjg>H_6{C_+zsTjh!T*`IrYU_LEWV@_;*E49{;k+hfqZ>p?F(4Yil41
zQrA#m0JQvG2M@uc6ry<f!ChF;!aIKICA`1jpEySJ>nsmt1cWdA>VGB8$akUn2eb2k
zXTSUK9bCXU)#UeLTL8z&-kav)2JmTC@#U0R+Un7W&SMO&v1ACT3f!lO1lnt*u_F8R
z3Ot8!!A5h97uIj9AUkKV{Nng?;5=IZY?g79Vn8|iY9569aU00c&Y6W1f>c|z!U+kp
zVg^#qp8cD4<`^oh?NSSp$Xci=N(26GseENOkKo3@n@GkuOiqJe{%L&X^Os&3n|M$$
zxL5wKQ7dna*Ku^Xaa*lUMh<`p&ut_UX5-^hK-&eL!fp{H$dW!(i1N<EfqByuZFd>f
z6pD*nOEr(e0pt!3{_^Oc!jrIX#sTz?{CM@k`z=_fXnEKPD(czgaU^d}Daqtr{TGlS
zMrSb1IVakvwBuuK5YuOd9O`bJVQ%ra^AV{oF^a;#QsO9NXXP@~`Ql(XCL&Lt9_S<v
zN#VQV3KmQ0&9z0$q9AM{k{$j>$u2w-#_PHH*eGPH2U&p)(@ld_=IK1VD-11DR^crK
zYq&3*opU}?+z~*}Zasy*7r0VhR8SlHo|pBz2yi*ILvrHaQ;LYiL4b5Z<GaL?ag)j+
z8jx7RbAPFvMduw7sH7>p!E`ge#OhTr045lB*KHgGRGt;aY2^)*2%-wA(Nu}g-J#~m
z8N;zLQb4)}%X4D3b|pAMzO3cHj8B;+|J5u&>UpnzVyB&uQW86On1D1NkaYQxh^S&y
zVk`b~*(#3cn{u#Q=dNfsB%lIkD>2jFTPf-ZOp5#oV=1m4DDE2t%}%97k)?7r-iSyr
zIaCcV$W_Y<-6|ITHE@Db9dZG<m7sNJV;i_HOY9+C0wIQqFjvf)`i&Y(a1za-=?p%d
zo=F4$1}S*8Im`TTWliVy0ai0nII&`m5s0VCgK>a#Vj?V6PqpQb0#r(}$7DA-6Nj#j
zE73?NA|#3ZC4)oo&nlf%LF8)HP90js?4vv)80&rwmW@A5pflLP)4;6`0I8X>{G)GR
zE@~`^VpAad7vuqnQEveB+r97_X%0zs{G5f&ggmm0_mH&kvI2XjUcos4>d1gro!RO9
z0`qVY^FlySI(a7;1QZ`Y5Mgp~<^j=TBY>#n%<%a1Qp|Q{q}u?Di2S5v{?eTo#s$$7
zz4*aUIuQ6ka`W<8hU5tVOB6`6m&*M3XM`!KSwJHas!$+666hOgf|S|22GhIbo8hb;
z!v$6iVseV+fc%kwPW9R8|NLbEXPs0NDm|X85wlcQj4*+Y`k`3bDcIbC=}XqrBvv}1
z&Ls%miY`{mZY-d5V7g2BRj7^BTT3Lso|&)7Rp*5aNasE|<Ym-O$Mj7An~O5i;au6X
zEoDyf9UvWXNY3;9`{q!}G~E?ZOZ$D$Hex>1?9V~_EYR`}WCM?wGg9$46oZ=qE}i^n
zDoiB-n^E*d{Epf{DnV|A6@Yv=wdbRVUy)#9UrbkpUQ+tI(V!~ZnV=z4MOKeE*mb~Y
zMH0|ZH9=BIcI&l`g)PyB!q&Wp6-)Znht;DAjhIrHSQDz_w25B(s}dqj8H|8Qftiw_
zbYc+kzcC1v!VxJ|f++cGfdyIcl@py%Cmv+sX8za!{h*%5t<^x^Evc&*uv{*tr<c#N
z`c?bwnrftBawF4nB3oJdnNm5Cm{;Xh1q)c?pK(C(028yui7!oJ{|hlZHkKkh*iGk5
zaN$3@%i4N$LCnIghRg>2u2BAQKBpo#I7M+P1Y6VBSA#vK1Zgb~N*(5g{7ay@ikRR+
z8noMis~13dVzJte<e&<;p>KvM1`b<fFQ7ONy6-J?pTx5M2YuRwml+p-6)+!?k%r*R
z)Gg4z2s5HvpKL+!Za6&wuHLY!wxM4u$zP(pq29(>bsKtDmhN!f6cs-j+ih+#K=~gm
zVK!j3iX6==E;-ycqOcZq{hyyXn@hNZ6AgUiI9zhjFc3*lMu0Qs?Xs~2zj=Rv;6K33
zsttX<BTURN4>I?YMGYDfUd<tacMr^OZh4UFYZCm4iI=6McMA#DrsnqwxD!^lKMoAt
z4Qf*g^M5NAtuI(`e~vBQ5;bMT51ug5j-8+G@Q3Rx>MgI@{Qi95bU7kdx=eLTc>cTp
zh5AmP=jAL)b#Wbvj09?PXlYD(X`VE4^VPUXr;H8KjX5RJe17%LYZ~syUTF2KzO0*G
z^S_AY@_cPt>9MYfxhz-mzDf+llc=fw%)YIaUs)IBe4mZlJO{i~uR1#3Uw^zEM0OW8
zqpy0qf(CGTg@(HFbvqH8By+#Mf8(58;OTy;{P3ybdU$;=<=!itg&yVdH8HV$Om$Sd
zu=93UEjzgUjD@DUz}}R=59MrKse5g-|0weztaIMaPUsAdJ#m?)Ozg1Gw0E4;&8$^4
zCo#~$FPSdAy4tSab`yD}wQ@Rch4;izlUSYLxjzgfv|z&YbZ4FQ*lcAq;OJ0I?qH(3
zwB)WmT~*-S5}bV(W<T(`nce!$uRmOCbj>Au=F3a_?%w=xw>ygt<aCmC|J+~UP1{A;
z)^q<ox-D+ecD>Z3XJj#X?LRhSvpda`+kP0QBkS(k<VYLww)DMT%=s)>S?1O9b{!hR
zOVP&3dY|sk?+X41(Vl2gKc;T+_9(wu0S|py59yNA)$aJ{*(gGf;CpU-@=;Rp^&BdH
z*C1==<FT;*$d}tT=lm#J@#grn>>I0WR-z!fdBIHt3+={urhZ$PWeZ$t)9ZQjlA`ne
ze%$_P(&niB7{43pYLN5V>TaZHXm%U^7Rp?)wyS1;Sp8mY&PY-*JCxFE8oV*@{H&qV
z9Utf8%woO$?(?SG?r!U-deu?e5ik|o0o=Evx^WGHTCw)pKNS}^*dT!wb{viLJlo;l
zl<7*^<Ws@i$$P>nf2vbCu=1y5_Cb>m4`C8IsKf653OmEp12dj;tIRF9Q&+9b9(o`(
z=k`IfWaXY6EW*Gky=%jaU(Y%*U+6_#IpG~Zj1<|$xQ5>i*DiTLRF-27V>6B;(e*ey
zk(yG8oXO1S_MNl8Sy`K?13ZsQb@%wpcN1oLKzuwkEBz<?;0h{)xVD8A&!qxP-MObV
zFGQ=y+rqF4Io|ngMGE!_3W+C96_)f*(aK`zuc5A3DqiE=x2ihZ^L5$gr~jQZ!&ch~
z*9jKZj9tgM*FR5%XQ9)xFCj6tziJ*Mx-fQ9T;D-obC;oZ-WT`F&wI<qM0~8=2VF0b
z&{G8oW&|0&Iq43af2D@0^uBC&k?#sw%=oTzyIjX}y+6M1=R9d2YOFlJZ%?0viqU=Y
zD@jrUck3~_x%cky9llmdo<RI3$?;4IfQa)5nPD|%otPnIL<#@#vnq%GQ=rKR#2yXS
zln1sHfu6%Tm33lk2XBjqA1j0Ye^ESL<N^C-;7<ihr@W0&Td}zOShIoVH0wdEg*2xQ
z%waBhWOGX9WR}EX|9v7k3b}UK^y?{6|4t<TM*xkzfsvJgnaTeG(3q&fyCEN8^h~5O
zyINF#B}ied19knSK#`nivM8<!SV>_nL;VM8wiI79)dVuHEj_OYTBI0JAWk*8$D_K;
z69Feu6;-bEqMpUsB35^P4g#ebB1GnRX;7x*<k@qGVDFyu(*5Fd^K;|fbJNC5-PIjc
zz^;~E`n<kAcuyI@c&LD)Vi8MG<)21}dGRa)Y*PV@Bf0q}A_!?X56RA`kfDhSMcMGK
zu{jM%ocxU9$_>cP3jfbzwi<m|1*|}_oe~!pFrpuDT`STfs3DF+GZm8Zx)36X`7$s<
z&73`XPFMquWd8~dge!%$ba;hM9V<ypK?Rp}IsFNPo+}4DZUDNUF;GbwlFEUHq)xaz
z`!uPto)tM#*p{i}yO_WIYFd~xMaeTidvz@$%bt}Q0YM^CWO<zvlCIqNVs%KMfmH|Q
z1q`v5goCE|Q?O8#1;ykhss@h2iZCPLxjWYHDlaoy1TpQUju}3t*zO8~Vsyo#Jh4o8
zFmOCv2}{!LkWdR144`+Oi7dj+ov<mAxRc0$<UNi{kB-cZa-a?X0&k+R``pK3f|SrS
z6%}Mlo2q!NB#8zI`Vw<ZXHgdwP#FW#sWRiE?1gD7aoKr^iG-3Bl(>fclcjt<`9c>x
zQJUnJ3t%#^$-Mdi*awU>v}%-zaZ(q`JP6S-6ur>^EYJ<j3nBc?Q0EBM?QPts5NRyw
z{cWOHl30fEa8i`pTG;h)5@{xARB_RlC|!cPajBc;d<M+(Ray!YF~rgQrzy4ajVMb;
zynHCR?l#$Y4IzzXO40t2dG6(vh)Z~Brtx8%j`#(OQ94Miei3X&a7jM+Y&CeCQtfT$
zB$f&Ie8|))9hQ5h0v0P&jSvG4N~a}}DFNkE;e<kuQnR!IHHS_k9=swkn^g769DbN?
zN2(n{+)Ba;s>CRHxnS=)`K1tK3OV7%Da$&8+>0fV8j*)QmUh&s!4&)qqRpg!i!|z~
z0u>s5A{;fA$Xc&eV$@>f8N(HGSgDam{X6wPjNc+E?rE*Rb$%BJXgme}sa=8MMz=@?
zalACqLjMlpECEAlnAowV^w+qe+%oFMwh`;sS%$%QMWmU2OF4vD_$68faelwF0(mmU
zYfi)!sjLO>woFIPqv))Ggb|auD5J37%|oES?_GrsH|m+L^=s>kR!rlcgdEcoU<$`L
ze;cH1E8@CJ379%GFi8jY#K${f8vXVlk4>z(YeoGh;^VbaJ8=9q1cu@j_XLIjDU~EX
zwCQ1KqsIcOvWqj#kR7=rct-I(v<prh05JS1{m{Z|xnP`99T@w?k*ADN9oL?WUqImH
zTw=z6){;p2A*PJ=02%-%B?9Ex)*2}=6QMI%rSj6VC~cwsi4=4MOgLLfZ<`{^D0C5u
zEdH$ukRFzB8nv}&NG<}K;6%n1`Q%Kbw?t7vrZe<u2rsp-3Ea11)X3^eVrU{3(*fXf
z$7F)-pYpd?QgX~^SeSBy0h=ebr-z$ljvfP#Zp&lnipWfnF3ZRSo61bF*5zTYX$zPL
zg$Z^h{V``!lnER9W5Y@?zN00VuLVMh+JpggtVO~n(YZ#j(vi@H&VRjNAaMkz5qL*J
zg0Sr%!9g4G(^r1*107h{2Z6~1JWuNn1*IR5Z)V()jUY#SFflnxj*zOzOf*gpyokgt
z!BmX`!5VA~me6XSVQSis@5c|+S4nBhdI?Ae=OFS)i(k5HQqo#wf4VgbR}>2aX(1ej
zEm8up%iL>j>H^A^=wuhe3VA(FoI%kni3EcgPKr6ktTo;jJVD)SAxP*1NDE_rzojmo
z&$^k^Srv8I>{#T%u7(9_hZ?6XfvOg<8&D}Sn%0Rr%40^D3OtphYVRm<>AntOt_DP?
z;%H(|J~5g<=*6Hm?3s?;>Jg@zZapTzU66rXXJY?@X$cb1{*OuW6%wB-4sjF&L`b3-
zFg-kHTFWU5cpN~GGpGE3bqjpX6~N@ojWteb1d>mtWeOb0X%ker?0|``Khn?i!Y53&
zZW`HZJN7m53t`(k=jD;uD(Pum(z!!0n~V?9ygepyT|Jxayc@#K{4@fA50z83{2<{v
zP!M^erC+gR#er8XV>db<WOY6_z}$Cc_Wjsukx%Ni{w_E)ml9K|<+sr;L9^5PYJA_s
ztZK#%8{2EIF1@2V+l}U7w(fGiDYTlq)mdy$s>=?|oCAwj)0MOxa%Lk4@27L`D0PRX
z<Dt#zWO;aiMzFo2^r+t3*?EHR=dI4ahmPEu{q;4pr3sa{InO|9=lX~)$|RPrOMl`r
znN1Cs&mp?)C+KII$MdJd`n0fc1&3GZ?NF=gr!4cp%_#RO{l*&)c8h&=-m7|-_eo<z
z(P?Bl7WN{8r*J0P?w`*^-^azh7OxG5#m>9%_jNontd!B*a(-rxBQ^J*`a@rbn}{}y
z=%K6*lLJvR=OwIHw4al=38<DUp7{m4DG%47kCT+?ow@qVw><kL{&mA@yPssx0V~oN
zGt^1X;u5<Vqn54+I4mZ3?vB#8Q*XYB&*LoW8%SGUtFQTRCMm1!)1rD&%8>U4BRUmc
zN5{DVlbb0EzSq8Eqy2;l57K`t@Ry#vzJrMmS9pbFU_S|6KZk#94@0u4=zeZvY)Wyf
zc}zL(SFmENaaU14$8(=`zM4m3cd|a7*Z78HTU%bIKmQ$9?7;t!UbyCVZR@<8u8xf*
z>fxl>b^Q!<D!o+dl6QZ7>OSWemdZZu`006k?da94H5!cc-2WKW;<nAL-hCarrUirQ
z>D9U5e@}nx@MbG~LqD1CvBA^$+)cgc=1+U4dWsdUi<+8b``FUvBtvD>z0FmMbMi{1
zB6b6qSM%B#^PZf3D(l4Fa=d>cdF!SkZfa(V59&uh2TLR+hu{adA0XZfiqSXSj>Xa>
z#{RKgdcVsLt={N%K~>P#N>28_M)1NRTM9sN{GQ;ZkcD>^UQFA+2&cG`00q*$ufxhy
ztNPbNIS<$0*^Q?>xpjMmr$|&mvGA$rYVk&CsbD1rQKaK7bK6;AR(9X*N>d}LIzy!A
zrrU9GkgezGv*zCA2>o%YL{w9`*K;|>jj@&Pv%B{X@PudL=XM6?yN8A4`}uNz%cceQ
zr$}M`KB9cs&dM5`vSmZ}^YXcmXg>c5IrIaKTj9~z{-#^V&J$<H?sS{=cK3T;u3P9j
zVP8*ZRP>b$aDrwrc*pDOJ5L=ebKt%*d&&&7*^kE9tiEBD(1liOx_!;^8LBx&XHs`a
zcS?7FwSJ}E`I7LN>@xaN=2C7AwK5mB)~2$*xdHXRi$0*d57$W;0045-|HClR-oVNH
zKTfK*I;<12%72{H&U_`(^rZP83JQ60iv_-SV48(oW>85An>Vp}=JaL?3nWsDw>cH<
z)xxq0>O6W%D(c;8>h?T0RdpUev6v2A=ZR|HyjJr1YHIL1Y=l_8i)}V0Sb>VH2h;1X
zZP%Tyn=a3rAl4~6I?^zd{A~@k8rt^S1pKn!RTIuclkyFsj)D6)uFLRej4uJ-#XnGD
zMC8<=A)mYwF~lAwW5~(F=9A(mhs3cnC%6QE1S?>=5pG~%VcY@$JP*ST9X$`X#RYru
z!bOohKmE&y$)17^0p%8H#{P=SK89`r`nnc`M9=-Pm1D=w-}UznRoOVyr8s{E0lFrT
z)0dARehdQY=0}o#k=iaB#=8wd{*8%2K4U^bA>EP^CQ*ZutLL0QgGX=Wgb9ln*Dz3j
zghnBS6x`<-ClnK`W(gm-x6IHH+4$n8`xSN@Kz^2ZE3y{=)mBR;JBbc1BHs!V00p6|
zA!2Hm2cYKZEAuRcZR{MREcb`V3kN*h2@5gyb1AtdGykpay<vF{{S*k~L)jpDo^l5_
z(ddsHBVeaw5A72dkHHMg0URR+Edopv67Wg_{PAebGB@wV83M-+ClxBfb>9k$uxGb@
z@&OOzEg!*4@+!HOC&zaW2=@T-R>bEv#XrP?5x4cNC1XYt!z?Y`I5483YzFUir;^&e
zs*U~FQ=ZYE)wPy`2<ogLM5$z=>@#39q}kwI4@XTt#ZEkQKA0kVU+Sn`6@%j(ruY0H
zzWFz+&%7T3o^x<j=NVq-=6U&Ss2;&X3+&vuTD=0Mf8H%dB%lsxL8Hx2Ja!E|^qe?*
z04ZD)5+_FpQ384%MbzjE6?H^kFCn`JlLCoNLF|wvj)B@YT4#bi<tPJmL+PL(yWPvB
z0|E~Z#|QFhzZ)8cXY)EYq!ckQh)6gTDSECO10b`@9@;)kr;{|Qgcd-C6JcI!eI(AX
z23UQc#EML&ETP;a4Ecm25boY7u8~YzSc?aAMj}jQ*Gy@UxJ#}j9$rl^(j4y2Iwwzw
z`Q`~KyQYt_bBryV$nOtd7<@2BTU?b+I53VDc!Y=D=8w!yX0j`?0w%e(MHzO8b`;mw
zZx7VQrGX&49dTeXne?}xxX~ar%RK1Gy+Hwkm7{$;r&O4#I4cx*Y($#sa^Rmfi-W-=
zsyzyJ>1>w7DgYxyV{I@Iyaq@PcmAyDZ4zn1K(aNIiWrNNa<*j|?-KqmM`8ONjCP;>
zD0`15+2gnVebiXnj8P+I%y3GY)ym+ndJdvGm3#NDa?qFzQpccTp?O1uSI(*e={k9E
zGrzdT`E^wB>tZEqU6drk4%%1+pT$6+%y1bi^Gl+rD!nAu*63%VD209!XL~$}>7Y_U
z^hn7oT5Y*tEE80v437#pIjI43H!Rg5NM*nk4)N4amN(_<Nz7_#jHTTd$H$$1E|Vdj
zkMc)Sy^=B#Sp;jLIusX6X6u%I9DXe_M*?o?tcCp<D}quY#Ap;VvMYH?pq5{*C^VtK
z`~fN_PS`4`3`xldvMVry4p9k}6Bq&+AcGKzX<93COJ!O<A`>bna@ZUHq+)pb9ThH+
zVTtIZ>M1q8ETT9kSvWF&{2s9fj^(%MLO(q<KDiT|Jd|I8XCmQ06oEo%`BUvYY2b(}
z(qfrn=~;4jC>!7i9CBobI)yj_1W{aCcNZiTSYUJ>Vb^|A#$bAuxkL6?=nAO{PY)!N
zZq2hGK{-}PHM_MJV~F6uFX;f1{KK;`sBHLa$v#J)`rbWWK{*D8MvM{DVvhk$6RJmL
z@=JAw7u#9=rWoi)j4J=R1$@9=$hJ#mb1sw?&`lYIQ$c$soK5K}LumZCeg;TpyAtx8
zBIxlo3uRa>@%aTx^$yZCoJ$ml8ibNaly(Sfs=j4~J~X39LvSr1D|Steb;)^>BWpzS
zp}gWar*gqm0B^9_i3BzT%iIDff~+$_RMd3p*>UD6GRE}0WGl_mQHVU5l}6F{F@P$;
zg>hk0@J30QiG}Gd$%RV7L|DzH5)2VioJI`wgHzM$@@Q9vGg{M<36@Jk%f=Z&rOc@z
z<BDB(7|d)|U0`S(^8LR$&J0boRxpza>CB<!?hMRALQ{WeBJ%@6H0js>2r;oFjhLIk
zOwG$viFz|ER_0T%hmhwbnE+?GwF%AyDP@C}a&GmdC^3;Yb0;_R?^Nl}uSuSEsYruq
z!G5`cJszabhFYZwHm5K&G>EqgI?Wy2cBur!MFdkK3>)QR1~F4l0ubOpGYO3L3c^C9
ztCxWiKtnh1j}8ZvAt1n1PjJo&Qh;oJvL{rp$V1cto)mHt%$5^xLA*gQJ<%Uj8fWGq
zJ2<0w)h|(J|Lelmgo^Bh<8oO0LjmQBdsf2OjQHU!&^#arJ3E)5F}(-C`mM+meOunF
zP|#PR3e2NRa|-m-AUYGW4wy+=n~rRE&~CxRV#=h_kPfW^!#aiE><6(SMRevqO9YSw
zot@7jaRVdT#3Ah$Aaf!-ZNajdh0<t-o?X}<@Ta8$a}(GuVNx|)6_`0nDApcxuYHe6
zdL}dlwENh<rdi7ylJA+M?3Sk6QtU3+qN(sz695Ort0|!7S<BnxXH~5lYG>bSnY^3c
z=J&?Ay8`x_0S~@W{_F{-ZM>U{Kg)%mjYc^@-vuD35%j?{xK}`Sds`uz$8-k@YxUBg
z4hdWZTtuRB$!I=4(O7b+pL)mS=AuFA1mQwK{G*tlOUanc?wS%VO*^E7qtJ%@6PLw<
z5W*Jz1D^^y06_!@21$e%0vRHZih+X%Oe8UqXb`nz0u7^^$}j>IIB%o0Z#{CBrTpjM
z;1$_P78geAm#;nTVwqJ#=<N+2Wr#x;9tr+I6WKtsVshC+NE`Bxy^~Y6`oo{QzC`JT
z3u`#5m0ioJ4R+W`XSlA(Nb5w?YdWYbx29}{?UXV9L*F?o#NTPH>|?k---14D<&8i0
zX7-Nc9W$uUdl#k??UXh0@eR?dyV~{qfyk|*y5+)?$k{6=rsd2bYS+=ZQ)OocV!N_t
zryzG}^j+q?{k2ot;S&tUZuzBhpXQr<dTgcdsGuqKW`~vUF(r`8x%z80{P}ZitdWoI
zt(a&Uxopl$?E>mr@!WICm+SS8>GQ9hU4Kln-nQ?-<R$QOrvsUz-pBdm9aehFkL|}h
z&&JBnTR98p44rOv&+9yy?;3~qMMr32l?FuzTq(6RBYAA+a{F1XnC`0YE8MZwO(I9;
z^tA5X)wWu0hqf2N$trp*^);RLT#Kz%iqUrPpdL1+Z}CHd+s7SW<6*An<9;c!Uiznw
z#|m&{3tyVn$4l%@r~U5KJ68*QQMK2}cjAQ$9arkg3=d+`$>(!nYOJ->497!Fpq-BU
zs>(L~>)GPqRs2=)MkE}(ik6nu3W{&-3EPjmkH~%!=vs%~q`TeH*@F4P)n+Q)b?0|~
zW~_@HALma^eaFe^Z(f6Wp_$O)Csa<D_GY7}=#h2rug~;h;d}vC?6+kNIX90<?Ip%@
z!*enj-7D?Z*ZfPVjk6p=$MIDg>)nSA{OY#n<3^OsqQ-IY;ORR99Ua7V&DLvE;niim
z(Fq=x+f#_A&V5YWN2G?}Sb%$%=SBCL%heQ<8YLc=>(rzDn>WeK^~X1W^G(Nx)XG*G
z*^2e&&4<X$YYj_{OLv3CNf22oo3CQ?Tl{hrS=WKy&Fk^lj;~L9zI)}w&dcz9!vI%I
z_t$Lh=<@-Nl$M~bS7|HmyiZ)quTPzud&hy18+zA<o@;l<ftIWG#0kD~MXfXZ#37XG
z5L*^iu@b*N)K#LK`e3l?+=FZ&y<oCg3gyIsK8&I>J!ex(b6t_>#39r|_T>2I%(1*Z
z#tP;IKvplbJW|xeEtC!HHs&3MHvlsNq)rfwgV3zOV&|Zyv%BrCd;)Kox`(#~4_Urt
z@dV>O6wD;~nCLXVr?z~-=(DRYj=F7STrpO%cbCRj`62G>3$`JUhkZMmAp-IzeF6`v
znh=Q+N(x%)J$(3Dmv0izcCh8|%=*ZLuXl#~TKwUr=g`|Y58l=5c$--sk2BNy%VYk5
z)hpdf%olT~(d3v;GJNrN%k9!ki}P1U)zRtG@z?eeo}RS>IR>ck1l!Va;*r+W2(MPp
zk@rZto|nCg(Ukuu-#Z+y=P_*Rldmf*&+F_oQ80Q>q2v|l%%0Q>IEkALiS0Mm;!PU=
zfjq0E2y0R(X}*`TUql>ma-O1c2&Fv9Kf$IlP?mfT;sTB`43+{_X1u0+&@y1>0ugft
z&4`rzjakV<QJvAi&e2ff#Xt`QymK*N@-RVjmIMV5kvV)!L91EKMz|_5*SsThNKJ8s
zAMpRWj`JJeG+6x&RhIo4-~|6upv2zV+3Xki`JZ1Q9aSrPtR>X$3LVdvaYd)%WIT62
z^a*0xm@An|7-E@{i^2MR{D91~PlJ+rTq_e3cQuVF<4_d)yCQ~s2^gAuE&~0K5g6|w
z?)CgD7#Sc7PABqXhO@)D@-cpbtE7<mlJt2-9yLv57A{AZnO|6Rj^lM(NBen);|68W
z?c}id3=Yq-P7A>y6n@b1s|-sz{egP}%FIawh76s3MzsdJ9VQ7)RYvf7QaLGgQ*{BA
z`mQI^nUj~mE~BWn1+dy_qp1fI2T}UykWvV5r3p9cCPr_e{G`U60ZnOrJLfPL#afgl
zBq)=}2|7EG9qOoHlCWi|q=EnR9C9ILDhqSA%;8^u$x~rocrOBzBxPiHD~}99P`sp6
z6{Y3=g7Yjg*r5e^4jPImi#8`pgOaZQhp=~S(gbK0Z5vP9wr$(CZM&y!+qP{R)3$9J
z)10=u@4RQ9xY!YA--!AH^&u-Ovntn0AYn5`t!37$&gu-wb8Kz*4uf-MH5yS{Vx88W
zi5M!`ggy;UdDAt15%x(pUp{ULQri#IC_MkIM4~rc=_p6Q?$glivEt!4=Gxq)?hcFb
z1m79VaG^aZSsjg>#)RD-<DtBSa%!hPQ(0VP$Ca(v(xMCOKk;72Ry6I<0ux;q$XYta
z$TkkZqeFYlx(~8mv~J39WT&?<)np7|7jpC9sO#?%QaouIz#agEtq-GF62%-7i5hW{
zMQQ3BLMdx19jsFY*=D9gCQ9X#iqBA1N7w>I#@N!-^@D~ep~LmJ=z9l9B=HTSWbUGl
zpefTwLF2SNbn_N8>_lZpNT-CPFjl*SUq>=;Ry{U7vnqt0(<zW58x<>KWl|#O)*RL$
zQ1$FcSD)LrT6macsiVQa4N0q-Uu((l%81~GBO>ayoOxJ*CoL{30x>?w<GU|`ICaJV
zDrpe&rm2<0O7dK~dGm_t3Ucx(9?)hDPCrwQhN+6yg#*&*(`jIMQh|kKY`_AMP0L9q
z&_$~PiEy%ldc`3KOCV2>v7V%89}{5^6R{dX3uyN3$fp&}2Ih;26j$w20fWcC3W3+r
zGczFtu$5)iP0M<cNNEZSh@H?}@t0$}NncY9J-bLvVdQciRYH?c1nJQOM5kluXbT%j
z%~wT8GxCHKbLnWoxCJwg*gsu5(n-wap&HmXr2&bV^@bsxvf27!WJKeT0CV64a;Bg@
zWSM7h!}4B`gES$kC!B6#62Pk0CD9k0E1Pg|ekr~}h`2c7l-z;sfp`LY?GyNh>n^zZ
z<~VWV&K6-7juyzFIU)l&^e-vO!B9iGCDc+Iq8LN~*`>Z5De8ftMlnm#;SIPxvZ)c&
z-zP;$0TNchBs$vYdABLt5(eKNOZ>cPbBFXG;9yQh@EY(M^l7lLf$dp$Wr)+tMUQHq
ze3amKKZtT?&^U%5FucBjw_Q#Nkt!#;UU`K(GWl2-rgW}vI71F@Y^W>pF$A@@T0;&V
z{+0TQtga&HzS2p1_s>*AytrPJnyCS^1~qv6G7DHeZ_}J-lz&aBG@kCcyTqk>bBOXU
zG~9gWL*=~{jb(`H)%8;cKML?6*G^`pnIdn9kAdk}0Y4Y7mE8IXQ~Na)28%xYD*vz7
zVTkWP$rK21dR`_Qn;5h0X-R!_iPzyj&6mmR&+&T=yYEK~FQ3!lE{~Eoc&s1E*V7^j
zF<|(MeOwP4(K{2JGo`iR49oeQ?MC6ZkIp~R1m52W?*1f>?{mGcifdFit9vmV-4C}z
zx4$}Xm-fu^^KW&(FJNxj@wnU$E;=>9Lu9Vm#-4dmc$)l=*SzI%d0%?k;;$z3X!dv#
zxJ+)>?|Pp;J~VLu_HzHOzWby>c**l{srlB)huMlU;Qi=_@a}W&?K_+FMId+`<D;7?
zN6)2Z<M4k^m;Z5AAo#j`Z=Yqa_5Zb#I-NLRZ^4o4`Eo=d(&hc*_jWzkwzIqcX8n30
zqX2*1r_JN}(aWJUEeXf{Wn6!$6MeMC#eWitKgE2InLn*$T22$I$;ovdumHvFquA>$
z(#P%eN7DMj*w)WJ4cb9@CzH}je1UdqQBw0YUa{=5B?jKY#AjPId<q2mdk-nwuxUf?
z>z&azpQ112uR{X{s|bM*Tf3W^d);i&uBkX^8z&dgi|<i<J=fp1kCLlM-Y==+C*NBE
zH@5rb^R`ilI~IYwuayiBv+Wn9@5bLK681dH9Y1wT{vS8<`QXL^KWC>FDqZw`n90|r
z*Obq1+&__Q@vr`lfAao3+;4a@<YaIE4Q?YS^M5?t;3ytoxM9HKef&!25%^@-+FAHU
zE{U<?&PlXH)az2`*~1+4!yN|pL9rVk+K#dxow|eG4znM)_8`0I&+Whozr*fEuOGU+
zTWbjN{!6|cP11p2KdR$!<^TUpi$Qh@j$Qv!;^V(JVXFV1v}o}Eo>SG+@OMC6!Q1O;
zpSbSYPIPZi2OvXcZ-ar1C6Zx;DEiydlS)|jkH=Hxs>jdlkZ&A2dEZ=voy+QoqmrnA
zx!`U`6+x~5x5WG!Yy3CGcOlTKCLWDi8=<_VO<iV;x4e1V<(+sw<73}<`|&S1zC3*0
z?Owa?b(kZKy?vwIUTCfu)f-GYo{PsFsn0b$`prn6)-;;Zt6;J=y_phmSXx=>F*b$8
zI;U}&m$=dx<Tbg>tkOt7d*XQ1r^!=L!0Dd;6V*ynIlHJ%1!*?ldvRB41$z?Nm_OYo
zxnD4(Gu^x4BV4#S$xflV+y+?1TDvK?(=H8aEy=@YgxdbzW=zH^?&~gjGLr*Ocz0om
zAysRj<+D*i1r-;ci?-rRS15ynIdRo#s14HhWfPK|U1iQBZLP!yNx|wFr)d2w3625=
z?JsXDsbGNAI_|CnxeA(gGE}P5!J^|ij}i|}$z0_d!M1!>)Tf~#SG-pYqQ0m!W!kv!
zuG6X{viBbtm!;mR+5N5t(t_mhPEz_M(+B@0DbkqSnJCnrw;(~J=T2lZzdx{?U~WZ)
zvzgp7W7?OvQbQMHmgQzPQJFSH2Gf=}abzrD*|t<?9di|+mB#_2E-kT-r{iVC1ZCxv
zi))h_rR7UT+159`=xp9Qjo&maC+s&oE|)D@RVv;hlq+Uj-OX5lg+){ydofs%HbrvY
z*C5s0)M1*&1c9VDQjtk7Xh7K}%}uPb`m|t=UQ)`IB^7F~q>V0?YI!0^l-&f!k}Yf2
zBCKB@C2u7rLkn$f4VH_)s`7l?(M62JaE(M)V4huU+aIllaxF|Rm74-*iFJ_>yR$YJ
z#l4&xhr0$vchJGiX@Pqno$o6M6X?V17(p{H>9HXb5d~lyAd+xHkrzv%E^r*=iqat$
zCE969X+V}tRSZb>7*Wy-+=8r6Yvb~@BW}O6%#1tcJS27Xm-NNv!r6&J){1|wh6(}^
zJ^WA=qE1#o_A6d$2f5>-ID^ii_*{MdSZE3^%}oqm1SCq~CMs%-lT|`tap`DGQTNd}
zA$o#Pqfw1-h>67q7-1A4qjAM6PAHvK(CjCge!sG+sVikuhXOY^Z_B+~3LhkFhUI7g
zM*eX`B~Yx3?3LZ(CSNr+84Aq!1(c&Cef%b(NIK=7RD~j9iTY7hhsHaP)!CKplM28S
zNsxt}R}eEVp??b}<X==q21@wP@3G6HN<4P0=yt^i7zneFg1o}3a2WT?wcT{Zm@42!
zAeo*<B<bv`0ia#sd5q`j1VHvc?&utbsX4f$zrqs*c;!tcYQp-}L=S$O0dkQ*nuha1
z=PiS-4lUcsk$>$tQ6fo7E)OmxK!T}8_5lJ5pNWAjAOE-yXQlpy<vet$&?_E{PD-a_
z<pDw#4#owz4r3Mh<oq?BN3t2Hk~$rsu7@RqR~Dgc)I1}vuNXkwInG20-f$ewEb@Yf
zt;TaizsiKLmFu$Sro5n;q<=%A4j;Tbbg3s^nn(^(G-XA7o^cr7up>rhgR~Q_s!o1C
zUV8^yK@n4JS9-)z#KTmH`dxSqyQxOwsjY@e&t8h;qKqU%QzLAr1$*-}BZ>gJGM;Bc
zSjcE=6L2ac2`6n9RS$)n&x9NIdXZo;!EcaD>WzJf{0Gpc0zb?n1>KQyWpyy3z0!;d
zh8l@+iA#?XbS4`i6wNh-lufwe_E+sTRYoi%X~vPpSZ$aC$Fmn~1UH=Is1x0A2268B
zw3G$+64{uDEfKVzLov1@f=%&eqbk(WKy2fn-#+JP1e`4Z*NzRT{K42n3Oa1$HwIc0
zXD~(~_e_BnJZDzg`zc|4kxPLl;%22Z5gWKKnBg+yXs^Cl<DqU~5W2lCIhhy=pFRk6
zp01;Owmp5&+4cm>*&mRcnFJv^2KFHz!45k}j=6G5Xg;?>Le|u{LJN6e#e;t~(tL=}
z3X}9m3Sg&URX-q>d}^7OID>+=CeG$%1%YKo5WL*dFfwZ_U^U-i4gycFl}KfZQ~$51
zq9RCKJi%7z$!5b!hN%6j3qc2sfktA*4P(M{L>@zx<k+@1Vo6~Kp}N*u*T=ytteJu2
zK0HmVh$;Xfeg$j=?)Zqu^s&BIAG40v?R)t;p!}-VoP8<KoUt#Z-i$pZf8u!-q{`yc
zHY{{ABw$eGlY~4UW_j9YvF9OE4qyq~T-XOnM+*UFxqxcRG};bKXYQR2+}ez}2CO%C
zOsxo!yrh|HdrK-1*=Gbjds)6-pJBW-^jrscXHQnKt*-30VYwD#!hb@_R}SX<@GWL4
zW9l4_uyA!?+Fj8buQO>ay|fE6!+$ssM&o;V!DheqCZN@@+tpe39g6K!8K20n|Iu$A
zm-(WY-@@hUbN*fYZ1d9XdGZ;k!$M%%yX5_lntUBU_b|-j9ryJjF?TDZ!_(gDbvL(t
zcV<n3V9VM3)As9@?xyo-V}t~ucKdrjZ;Qt3#-sc1Y?VsieXeT#+Y-T?o+aPMMw;mF
z`%JE`HQsN-hq2AC@P)G%{?6mrqf3;z5C7(iBRB#+j(gqrdpU(^UaU2C-Q+GO@}{19
zWA|7sOo2OVv)^y4m+iN7H99Nb;?Kheo#FBLk@#L8_dzG&dDD3xpN*|N-`^89^|u)s
zo~s{<M>k`=KO^Z|LEaoW`pOFrOX&*vbpDRdDiRnsoKH%I7JVW79v(ww3<UaKdn)DG
z2&!KPH!A7B>tJ2+AN*cI(?C~>|IGP0-R*Sk{hTG5pd3*h?OdqbLNVxltX>VF)#LeJ
z{!LsDj%WYU7vNe(rT)2uH`-(AviV`@7Vz0b`EfXWOi~CnA$ZE7(*9t*oS|L~2HQIy
zavJ53%k1<jEB381;-1t1W@E;QL`wDMvE2%?u+s^%4%fAUk3DI28L)sFWAJe!{A!Md
zt8ee|IgeBq!6^gpFd$eQh4rYW%_`+`y#EnZ(ldfJmy=PjYkLeV0!H(@{s|gIKyZIH
zg%H$gzotQX!R$sJ%HD_6X#1yAHM(SM@AjVu`elS8i|KxL+7o^2x8f{(=f?MZTZeJ$
zV=-5*7avzw*$G47aer>lA(d}i=OfTwei#~_c2l#__+5%{yY<@MyKBKv&zbT2=`&P+
zq%zu}C!g-2ui;hyr~c<ISkEGrMZo8QVXKa3*@x5j_zw#MMbOX3-8vr+!RyH&j6s1W
z>pcwQhK=dLP6Ezpou8_kfWvxxFlPXcBV_m;$aYY%2U6Stdp9P-0QF73V>hn*0a^#d
z%c0GkoCjPl)?QGu=Fk^sEW}?z_P>ny17N&i97nMF(Q5}!xG(?h2B>(WmG1mcNv8?;
z9~vW0X0~QV&i_RyQB#4jM3unI+u?g@>SW36LQ|Hlj@Gu046`|5qzsJxa~h+YOook2
z+R)y)GaQ?~bG?1))zXF@r=FcOiZNOmxsHuvnap2A3{8ATN1fD0$uDhFi&ppwq?1zQ
zc4}vG-TyKtu=jI4Hr>bK8Y@>1yq}yd#b&?CIim&?V9zv2RMP&>ou(u%<Rz`K^m~pG
zuDnCggqmlk36Jd8r4*T22_AudDHo0wmdKJ)mK?F3>!YAho|^-{Dw|v;^8Bi{cJpVR
zYr~N6PF3+aq*eqQ?bZ4$dWT?p=~Icz2qO=zx&+nA747vh-U%1>vUXP7iw_iN(4Yeo
z2<8&yxiB{`gt9QAaN=EO5J7d6hbG0}#xhKjJ647fpm<PHAwnYIAju$E;UJ6ch<u;f
zXnu1NfCm{QW75kj@n{4u3OFyCqZl_YJXPX(9CO_^p(y2s-24FnVQK(K3T76D3H#9|
zT#)1jeZkNOq9Q?r(I^<4Vi`LcrQ|g+x~IA%qhV>VdZNgR`<AKQNPjpGY}gzR!=)pt
zI1+fckat!<db(kXmuJMMiGo1tk}~@(LsGA259!n4*}HUixi{~nr^+tBB}4g9n267_
zA@3yobFP504=c!qw|BZm3T<}6r-fgYz0Mfr(3n4gKEWx?M-@Cjr&5oT*i=Mq_s^6J
zA(-3DC#|2Yt8$&+!YBW4?AdK`-&Z@OBaYUEw$)sndS4eOWk0W;JK2q)YmBKMRg(>1
z3(EJ2SXYg&F}ueb2@He=8H?N=zJ|v~usc7Q^A%?k0r|~e2JqJeR$RRA&PS1nzA#<}
zy$;r^9zQDDU#+vl*)cj3YAQW7j<_KdJn6(cIwCd!6D4v@1+tKzHJ(<^^zQX8CKH{j
zk&S8e#QU31Y}TU<UW)o<fkl-%c?=LS@=L<Mlf=9v^aaO%c05uqE~;udcpMseUt|yG
z_T5c2Pqi6;Ii3_vu66a}T<3z<Js+Fma+pFC`zCiZ3t7G3{do<$1Vt#F>&l+wKMfn}
z<+*47ac_G}<3r5Ath!*h{KfC;ZgYsh<@dM##5>9U%Z&x!af(LpGoP$5@;q(6aO>9g
zH+JXeZYxdaMg6INZETzYKSB1Lsqg91H{J)eJ-<0RUCp}8yJ^O8?hNoxY=QeNkjCiD
zss8?{(?f?w#~aY+f13}ti6ghR{}-{c|00&)|5UU6i&)qHGTr@ei=?BYlk1}^EmW(a
zp`j++u<+;qW04fA<SGUGUkXWGM4<vfFnd2CDIZ56Yo~v5NJl7`1dVAe#T0|I%p`5q
z=``JxEX|}zI3;~u5Yq?JvXbE;RK^nvmeS+qAh=VhDTYZo+DHXD>PZIUscDF;^kHzM
zquCh+su`)+xoMdx3mLjescD%r1qHfD31oAJSp_Mu-!I&VFpPrzvV^DL#_HmMnIN*l
z(jYO=ydWU()3hvT>w#6AAz<66Av?j_nR=m_A$mJlA%P)45sE-a;Dm#~qJV%1fYE6t
z_!Z&xAUy3f9tbQ8-Z~m80Jh(p*2%&R(Hz|v(VR5{tDm$*DqsP)<OcC!8Xy1$IvS7(
zCM%o{z(fI{0(3JoL-4j?GA!6%sW=(Yr%er!50MT3ZwV#hKM5r<>3<}Y08Le*z)Yf!
z5=y`^)!a4+A|CLtpaLT!C=<+bpRFR3IN>Rfu{@!9P}M<L(_26W!6Z6hgh7=rX69HM
zn0*fz)o#84FyTxTN;7V&U%`p9Y%5;DlTlzxo<EJ8!1WOL>O7LOyBq5h4(p-oqoswW
zrdh&;{{H6D@-E<@e>~qME$4V>3f5}%L%WPxOVPKZmp988d?$Dqt!6yt;y+`@y@lPM
zHl(Dz*wwD@6SciJn>-;s_woy!i}*+4*2E$9%mk$tGLUnnbJXJdS2b1ihi&Gg+~?O^
z#`2#*iWE@Y;a=~$KQnqc>Rc*Su6ItcrS)c2eDFUyO^263U}{}&81}A>7JvU^pA0QD
zk&;46pthU^4%G%%fd+Nfa>S1q%An|XNO25S8H}w4)`8Q1jfSx6%>z^J&rHcm)J)4X
z&<3cd4fX@eY#CbJOh0yi7A?O<6)m$ifFuw~ODmX8PdYtM%YaHta}1?6qysxEnEUCo
zgI0IuHRdUy2g@jXkt?>fZ~;lSX-qR+_l$$VDy@y&>c+PS<a`gg8rdayP@E;T;ykCr
z_*d`y>oewl?CVDR-PO$>-BM8S!u;KMTQRY6Iw&sZ2WKg5#q#mffx>6aCGEI0TM5|$
z=diimwr<laZR9qaDa*Fl5&K?Ae|nl*FM4@oXl|@~HZMr!|0ksUEFBC0;+=2l@2482
z8l#$}nyZ|y9ITwJ1paSQ%5)S(BeH+E(gJ88Aj1E1tUA~`x%}@}2N+G%wSSz_t_GHd
zXm@vXU?IF_L;`@OE@H{MD?me0Ny&%&SDKl7z=E%to8YpxlC6&qQz3Q{3LCO<Rb<hy
zCJJ3_!PCN=ra`S=7G~h+Yh1i^HT!0s)~M;$Tkp><%UO>1Z0Ao-m-m=lW||bD63+d#
z33+Uy`7tuUGlww3h4%hLegO&52A7!NZ*-FSUnpce#4om>Y>ePU`b2kWAD4O^MG&o9
zmoB_HJl1bd>~@3Od+#3k{H+62n&1lZ^JvI72_8`3_<bkopuO_yW3n+`zd(LjjF`WW
zLR1xS!usSLgp_ys5&Kohq`PEl(LSUMUOBy!mMf&M)SpaMx}dE>fZD0sQ>umAbX+^3
zWzP^Nvoc+Igj;8xkqqnn0uOFJc&WelUi|0Cp#jH`oTb#U`|&k@qxH*6ZgX+FDc?sV
z2W|rxnWFkc?uXLE1~e+G|8kN=zKDV47$ZK;?(@cuO8|^$lFBCWuAjQ9`Ftt{`6tDP
zb{(^}@)I*p9m)EvgE!L3q~ze1%m#BZ(aSL5AO5!Rqpk3#4<-(sII2UuMJPHN*{NsL
zT4~4c{h<efhXkn&x{Zw7wSX}sB+MFSUd_<&C#@dK5Yetn5M-_%0)%7AN2?oy>}tl;
zdf-l>MukS0Bt#lYR@<&*q!}eeTZNkGn8}B0!S~RmTizkT)175u*&!rNxzxDA#A`AU
z7)4&f{{e}z6R(GN9H(2eYAh5u6BlpaE*Q$$2D)uD+%Jlev|BtthL<}lnwGSKn=m<X
z!&4e9q<w3NgLI(Ox>-hYz2~F*P7pD-qe-Hw8G@VCN8P9xk}FIMMk3B;M2o+cG-<S<
zL+`>#fE@>k0h5L3hSP+n9A?Y_P72l92<a3?AIx;IrD;Px(gc`V%4HDA919{5PaQL3
zf-;X-$|`*^X@zT%!3?2k8>M<OZ^^TdtI}dZ7&lp&l1$o&+VT@;B*x0>lbC=p(~{uO
zdB&nw2U@nDvV_p(4}iVF>SWmy>As=kPPaEaJ$q5|Lb7!Nl?H$W%z#*NN-k-PwGBxg
zECDvCRU8w3A(C%B0Z<K$51^+oGo#kDc#LAAI>Lns?ptI7bfAUYoXAO0l9@s$ynDE1
zl{Kw`6Y@%9NX-E71I(DTWxAlj1s0=(C8?DFyfWDyC}bDfkw-U#G0Xg9cw0*%qQ7EH
zTHqu>8?+pPHHC;Y>}&HFe>N0pOPv$6%HD;tADtpNn?skFk<>+aWt4rJVa?54aXb3&
zjntE(=GY!ZOcH7hqlpGaqrho2lI(}*<D^b$&Fchh+^uZgqTwW=fute@k;83unTv;8
z$!PRujU&oJ0SB(+4q%kXE~G0AQwbHUex$7AQe^x;ElQP?suX7Am86~URZ_t-k8^CW
zuZbDl`()_MqJq)EzXa2WpqL=x^(#r`HQ*0D?19Xc5sVE2j2A&91p$P}1xjYxD>S{}
zYI_oVOHsQ3Lsc&IScwX!9O^MpWL2%m4F*~a<r7iCBy4}djGAL(wR{X9bl2D<4z8Lo
zj30&73O^~MccLo&L<40rGlM@-@jdDXA^Xd}m6u&LQ&TCx=M7d=s3lW*VySJSz@!eI
zsY>=Vx++UshQ>?}FXEe}lad7xT+DZ3D3Qcj?XC6Od}{g}KQ`=X-7#)DUA@!YX9&V?
z`f{C4<`;u++60E7mwe-YJL{HzH;z9+yZ&I%l;f`#eid|Cu2A&N;HPm(dQtpL9d`2U
z>fvq6rN-rJcHCX0_L<pLKau~smCX123hzFhlqfxO$IDuEBcU#~dTDZ|SRaY^Zt{WY
zDxxSK;oq>*&p(>=^i*89E27xBZElW^Dc+6s)H^c$d6%1giW8vt#k2jCk2VJH@|!%4
z=YDgj*x01*?`YvD(iX(0uUdX>vcBHe#%Ej1fq*v(+=4<jo8c)>Usr06-9s+ai@OqD
zJVwnI`y4OTZHWa7&(T%;k$d^}>sJp8#F;^lU*V@=gIT4~b?AfcVZ~tLR}zYJ+6BfQ
z?}D1E)1v*XpV!$)+SPDO&u=d0RXlvY#=4QNF9QLD76#;L9>)t?leeMwl?DB>H<Tg4
zozm5K{kWXB{#Qop%Mk;OT%T<<wm;8zZCY&I=9`b%Yi@11*nCglM&1W&D*Sz)C3WQm
z<sTouPYVz8_4Ks)OTXKHrgv6QR&Q*gJQ+{&j#A^z2_`z(ZJk|ZAG~F5eC`N^INeeR
zkl)hjZ!=$D4Sd85I$567KN)IK=ySQ<kDi;`%DtWGUvfSUVpxrjCZu)Vi>9J^Vr1Cy
zd%jN^IGB648vJ#=Eu_DGKY%Z>7!N~L-%Ds*xl?_q*5sA5whE+tW0gIZInjrO<>n3;
z^>9;OZNsUaR4^rx4&qk4P$E^a+6i~AQZkevpyZv54CMXF%%AD#BENqcqJuc2hIipI
zIH^JUTrnP>kyD&wkRoz!QT+1|-CeAHOd|{*b?;w?FYk1-9dy?VeG;?!b6%uU&;1Y)
zk>jHC{<m{@{azZlX61>Dv94k#rRP+3nW%dAd*J0+p!Qt*XZ*X@U3;6_%SPsM;B8vK
z=0g{zCjMqU=R<w_0&DE1j^?AT#KT`<A-rzwcRjk!$*^kC>z?Om+*Ru+C<i*bk6BO0
z>!r+7u>gM4P>=K6NOI_@g^cyCkIm5TW3@se9o>^ksO12}3!E{?-I9r#zXl|CTwJ-z
z`M@LMI~jMZe0gn4>};9yxh{7+eW}HQ^SM$>Fn#fq6^5RW#$xjyS?*xM|L&D%)~>dn
z`&SNh|Ig)sgZ+Q~Yfw|Mu|-uw?PYN%$h{H1y<uG~u`CmpZEVvs#9-%7sx<3j)w*a?
zj#=RR$k;G@&)C?_)njK9HD+sx6)q++TMR#Wg0LOdj;KJg!j|$E{AEJ=D>4dtm|(G@
z0&~Q}!kyYR$^NEu@9l=`W!qa}h=mRZxIva5uVPE7y!9OzXbDhCrWqyHm@udXEJMZi
zD-li0L|JoYvM6M!jWew%>zJ})5xX&0NeNXQ(6T8XO&wg?k~QE+1*dW?r6JTk2(=++
zE37{3Ey^FmmLHd<rXxI(t2Cp934k&|+cH%<PcVs-SDSW`45}ej%?{xyl5QfUvKplR
zt&c{gJjM(R5^A5)FJ)Mo5NG)!5^<OVc{e`@0ldt`1Hx<S33DYT__EFw!dnq&63hwd
ziT)c{#?vLwtuKnwk4_>j^}>kfFosN`5Wmqm??9b%6MCw{GtGjIcjjIQ@RX8!gaiSC
zo^?$&5rn(^f|UZn>X0zp)`27w`ZVq)DfS4wsTYHoDvS#)ND=^XVIrrSu~`m!=mcsV
z;4Xs4S_sLeUV!Mjxh|Y{qKwE}eUK~O82b+?h6)u0Nf;O!z<fc`fHYq=lhHlIOAu@z
zqiDQYr^as64X4s)ycDR*k6}ORTpxADK9|RIJFtI!nn&rZ&|<Yjq{VXRBUE<jJe2tt
z1)_}iJh1=4N6BCXZwh%0S3Y>6X?H#uCwsN$itqA%((hIwn&nIS?P`8Tz-~Pd!H3wE
zOW<)ZvXOSz9Buctu-AC4@ys0gS97O`#sY^(^90h@dF_$Sr|n(X*6Lk8O%TfWTnZh6
zya8{s`Q_Ee%nO5Z{;FHI<|fvMkKWNn9)rNuj^oGe;vFA}vv1PNWmhj;dY?gq?C1TN
zcUQ~8TKVP~#@9-!o`Kp}*GD|<5BJX<8snq<RQs;;YwH2cRq1vi{hsdi;z>HSu(eOQ
z7EQ$xt8AF6LbxMMmlaaKtu_;RN>KmqfUG+slCy5L4gW(11NV|SWJX2{Pgbf_{IMA^
zrS_ku?kyq;G&C7uc$vuVe!`zMHl?cC+Fm6oL<`S3e`N2p$Hp4!>;B)Z=FT%^><x5j
zDUlpYDC9q1okn}v&Lb-L7W?b9{g2-^!R{au+&Yu*8AnIubGJtRbE(_1aNP7UuLx;R
z?fSZYJWeFI+%H?tD0g+Yb>X~To@kI?PaT&*w{&X~0&WPjp6Ji|dRLworYBT)JCUI>
z1B?Fp6Zo7S9!;n3dL5m=FF=!+NomCA)Pub9?{1<V5YG9_Vh%FGGoPkOWXT>VRfd-T
z`&rP{k91H?4g^%g_dm1-oGs04ZU0xb;iI|Xjxv^|@y})4dEK;S4F(!EPuL6{Xv-A|
zM`Yy?(}axN<j_3v&t;5b`p;!-OGrutFV&$n;g&oLPDG<6W!IMJZDDs~!04Ije468#
zk<&eW&q%@Wz>MI0`l8kv1AE{EUsYA#>s$MLqhn7HA?nuMXJdOt$7ACTFF}m=gB2<I
z-L>URey?A5F?0H9Rj#_Y-K4V=6=z^s@0F_6e(vF?GvIvBRxVQX&UVG~Fk)O6IIqmL
zu3Y0Huil;MLwDw(KXO@-j*v#<e4^W{{mYrAGl^$`{8lFv({-}4b!|$_Vv&wVOt0U`
z(|*$4xm&rHxAaZkiWxN{-)WNVluM<~z?rx9bOrC1?GK!LOKPN1rSE30LpO8EVqnI@
zzYn2zE(x6ab*h!BMhm8;L+;j3RjiFY%3%7fhbu1c6KK+Cdsb-H*(`5EDDtz;=G4vb
z73F2P^(JM?HR(CHjaJD8c@tipiq14AInEK9oFl6fJ`?Vn+f?VrqDJby`c)%_rgq#0
z^l1gsh01v@<-dhjiC8bV9LhDK*^Y&06m7Fnw}j&08{dR5^s7>$I=O3>&ndV$u07%|
z+tar1h5AsCs5pBWTw=M&EWqvNBcz?-JK3D+Z&#flgBkfXL>0?7wpn>0;#*-bk=j<b
zvBqqkWa3oRly?@L%`D`-6a*kGcuI2&>Mvdq?7RF%F2mX_bfJao7_ZZ!Vp68idN$OJ
z48}uL(`8Lfp`f5R&pHcexICrXp69{GG;CUja*1gRWw^gOeOeD<R*P7a@~zWj9O@4R
z^2IGf15y6kU_MaSJZj<R(QvC7FsMewg;=$$h!HO_*@p;KkVHb~>C`qlk#S@*tl+W#
zNy~Ba8;v}r@X;Qcu36ho+RMrhI5U<!HkM4UR;A*a7B({npA70b;}J{T#Ulb|y0Rii
zg6*1{LdR5+z%QCD%t~ii-u#r_q2W9(vW8mOZ&wMELZis}giY15=vB|0SgAPv)Rtl1
zP^vnP?t~g1<*AuD-f?PYbuLn_RC0ai>*Y~lP&yue7#4o1_DrEKP1((7Ai-{pI;&ps
zihWV>c6cb&1%_W4S`H9_{gXg!DqZgaeN;lCxNP?;YckA`H2IMPEam|*vTC7M<QVp1
zaUz`uM{dk{N@XF*8ItSTJ)Z()O>gFGkto*h_Yg5@MDhz>igqOHuOaTs^sP{xh!F1z
z!Yi}DHj-1PwZN$)o$+Mt#!jnt#$21A*J~JfRx<*pc*QZuOzRWrjfL}dmo7mhgsuSD
z8^*%c&Tb96a`Z4K+O^+N^IdK8R51-OsWhqs=Q%w^8JA|9I?GD(oHJD7m0mPY+8AVR
zaD~Yma<vBmDhc;nI1Bgd09_HBYrzq^W^pDL$Z%<akit@*l)`I}ZHl=tzbqF%f$2dz
zrIgOlni#e_D3Wb*1-=;$;h;uLW$xt@f@d6yJ(}~g`0XdCMM$iwA*zr4+MD$@lGXWt
zO_4B2>_5BoL9|s>`finvCZT_L)zGr!i}j0$9DN!ixi0MZ^T#np<Q=SP<-Ain8yr=(
z$UU1YT*Pq(6_tp8F+1w`lFHAdG};;}2XbwSma@lYp3b&-#6`W^kHpZ*wyS=!FXJ$F
z;S>`s;~!L{-G_qF^QUtO!sa?LY1cu5@4&J4i*1sS7o5`;xw0DWpq7{YF)yWWGrtt9
zQa$%4jAhIHO}m0hBFG5N0F3u4cW!7cX6>j=Z@h;#`(dpH&uGe2YHn{`=pg(EyDEEO
z{0g)hxEFw6j3?{LAbTxL6`$0JsZfO^!o0#qAwfbyTh+T<MBeDyAhm73CzV)RB-1{_
z$>LFDX<59&PKpFRV2>j8)>9eE-XzJ8+%NCwh{1i1o3_nEnNh+_m^(vBqa59JM4ZQs
z%~^C?%qKP^?g`~%b#+n+!}Cn+mTSs@h5}dEyDawQM`S_o%kh`v2Heqop=C1*-jkUW
zF1CDVN(Dpy9;`FH8(XqgR_`w|R4_9jrcm`PMPr~QStDIIRcI}`PLc(7TZU*7(7Rmw
zcv5O-MhM%|KWc-pWVZT8hRzFbkmgM5pim$x3?s4zdw4Zs-2YaLc+yq#g;LzGWq1`c
zYQ+k(tqLp+{mmly3A2lig(pL8Y}$4hcM6-_kM><^DPB&%`;W!8YOu?4#CnyL%>@(*
z^19L#<6@8>fAwY=c65d`_xcvH_k`k=;$(+;w{;0g7af|U_B3N^k5DU_+o<BG!iw6Z
z%@DI&rMNNeg7M}?6*lgciIz0lJX0#+*z!K9P#jpfj&UF6<V3<X*UWyqVEn#>ZC!&u
z({&mE&p)bcsm+d5a_VX#ruGG>Y~!<a-(u#KVDJ?UFw|lM?$!mmS}gV|cim=n=?G+^
zWMhA?qh<h-f=_2?zKkjG6lgtz!%kJzx^;2WlDXpDY^`o!T@Nh9Yi9$+<IQa%V&ePH
zXYGQurNfr8wC~VUl>=%*D*$dQB_nHqq~zDse5R`M#%0(8RKuEL&}ECsj@nSFXc1Za
z3}K7qR&7YzIP+a0Kh}xVaH4dXfivfTynw+bPu?jt34hQ5@?5huU;@noKb+hxu~HjQ
z3rH>jdIlsa52|X)iZ@uChlGAiu|?YtG_LH^(1vF2LyKwQCczu`&>B`3>|aC-rnwNk
zzGE+`Be&%R@X}=Q=blcjTvHqD+FaUr*7t@ms9`=|sz$NuSYKWSc5qwg@QkDnL>>!4
z>7cOr!9ED@k)j0Cfl@;m!0&PxU&CmE3?_#Ss>l3Iy<p!h*X~-5$UOEf>y5lWrQ1#S
zfcWvI^K~Ab%}Db6$$M0Q)`4PGGq9K&TDZCos0FL1V>DGu2NP)nvDaIE-B3TeZ^(mx
z50K)y)cAC3VK!-%=EzFi<eH{)Ew?5Q>qup^onmigL|~l+9WVmrgv%suXBVeiHL*E`
zDyjY;0J06rU)z_)gzl@S5Yd33g(|HJIa;eZgHmgJs+QakEjLTlFAJ-JUO%lEFqYb_
zzW|Sk)apNP-y0Ew#+Y}X8mdJyJ?Nqav<btm*TSu<JM?1L=}^dkQxEd+2&RVFrIWpR
z$#GB)K@=ginL_LpG&~v2A_V=aA7o#j;`Rgb1NVF~O|n-#E6o&{e#P?PI1GzfM{S@X
zw8r4g7L5X2Ni*tFlYx9tcd$)xR5K4}0}~dh_J;|%;HmBq$Ap%ScOoUw7h6YVmyAcG
z$rqBgL0RIa*)7#9i&y!#^<Xtalxzid{iYI7q7Me{(mu8fb7CcNa-nfzt!=1n>&2P8
z4k(?v2EM8bOdKQqs||9q4+<?av;&Rfa5Q)p3~^|rh<ssXlEbZPE<0s9dWe<sqi_l(
zU5(S<A6KT8U%N+(O*|zCGii?5ghIXtvZg0QwD6KKn4||e2CWU-#(Y&{i@M31d#q9Q
z5Hyk+kg!$<z3yu0$fF7CUW&BxT^V7UdPgN<dsww&|2*tH&p(>r$UyNHk@dAP`%R5q
zGH=&D5AT@*ewIkOS9bAnMawd4Vw%m=26p9D;l?GKe{;44>IUkvb@CiNbq(=eC^|$o
zCYd~(ktP}QbmY$)*gG;Gun{|LT)qEP4eEySxQFoN?jk-vV+U?w6Jij&*ejmaR(l)F
zq6J&~f!~T2i(};qhdA+R1L_7dehbzK=d}2OK{|rJ@bEH`H#coQnG4*7hWZj{tkG^Z
zU~<>!0Rt70y|~&lxJuhK-Eu^IvhWLX>_X*}d!sfW6?F9)s1De%|5?a{NNTTU5y~O>
z)!HO$zl-$PJA7ZJc3)ocQD(<$WWm_x52nK7Fxa4;pq_hFeAT(p@=}ryYay08>2U|^
zu}AxH#FA;yrZkM<NA)Q2pDE$(z0gImnOI>!=Pfs;#HD8cO`uBIe#(yCAO&z2hS1k^
zS)mhwn|Cs=%nUibQx;$+-ZV@0{&FZ}I%?V%s6vcd&`Lu7a65pX=rl6=uou6C^Z{IV
z$;+gFl*k*qv9po|Ia8QodPv|B2h>0SNF2ps0bH{g_Y8R!tYi*caT~XRIKrafm5$gK
zH^C0~z&nB8dzm%VCf%AWL7Xtl)T#|i)H^^t$sTSUHG%+er*HM7sx7@zX4|;XQrY8F
zOz)Cvr6t;~6nh?a)zcoiw*`6{ln>$e@f()XS@87UkFwcciT=f`LePak8n2{WGHH)&
zy;e?<wb@pz3}TH<H~pM@=C;huwcS#~y+CiLvVo^x8vH>%M8x(6<V0G<B^v9MX2ZI~
znDNEVq0p|G06KA_4@MKqdRA!0JIlJPsluFoF2T!aW*di*cm7eNphJN@Gk}lsS9ZWJ
zlq$2!@Jg-z;f@`IRzBl2vua^G^bS1WbqX7C4}4M214Qf94ujmpxq$Eh6%t$>ywqIW
zbQ|Vp%bZU~)OJ_TY$!0{jNCx>X3~0t7Qcl*<_qsS;hyq*#aSdi+ufVTM?Gybw+ass
zsBS;>OBWDl!*Adm6qCgU>>UvFy#mWV`8bD1ReuF?M?u{(KC{DpkN2QB!&im-<N9q7
zhHS(Vvk?k8;U`aiD$<oVIDvVfOC%IAll2ZF!aKqPA8eBpD&LD^-}uR(uaIE5WTzz@
ze)^8_TNjw|R~A3}3Y_~qqIJdtO~wONMP^<4@q=?bDUYJIb0ESu0{G%i_Q1}L*1vR2
zHhBYw`q(WI09R7;{P3H>L)#ekc}O>jDn0r<GcxG)lr=3=F{b++3#>2V?eX`_O;4Ql
z7Ycu|LT6mC+j0vt5gW?K;Z)VKs2|#7QRN^h=tV0eS4S<A1URb*G&IpXehDhC2g|wi
z^(D;8JY;QHm7K6buP<Q`zlwYU_0(C9O4+ohj{D`Z{n;W*lZ()(NEOrL4Hn%iYVhjM
z3q{EbK`{@18!AMJOZv|`rS;P^az4v-NXc=K<UD}PaS$~Mhg>hYbw&*`cZKJ;l6?q|
zcrP@+AXz-s3gufKK6-=k#FcxH$ol1XARH1N?vZQjcWl4zqrCZP*{>fmqwo)YA@z-k
zU#!)pzB&xm;Ae$kEo>Cerk||knL4sEMVVep^2rJP)p6y+I=cAT(YbRxW|TH^_C)Ki
zYxE%H$6F{M(kZ^lhu@$vyrp(o80ZLF6d#PYvW5cejkd`PgSeZgPzhZY`if|LNqC1a
z{;byajoVf)b)B#6aRT!E+rv4p0BKc!m@DD-Sa1>qa*(o(0z2xH-_Txg^C5r_&(Eld
zLnvhwB>h{aSa}!3R&Y9kwip498)1@ciL$@~<eA;02Sk4^EZDr8$+9X|$hpRI9&m-n
zWuAxPe4w-elGhd0R{<?2FBHmR<(D)%DAnN%<&R%{02a!p07_bSIP=4=JqdG<+OU+7
zE&`MTpnAI(gDiL|4d{XS2ZmUg8v0a2L%7Yg4)RLKO|V~J;lPsmhPGNT{A5lrKzi@y
z9yUPsMf?x|T=6-0?WnKY<fct4$WFZ^LTZq{T~_%p_Q}J^7xNarM4i_VunNcq1^7bJ
z1M@zGoo5nEFg=hX|CtdZaRC+Y$B6}gB1fz|=|yXZ7y2e2-?PL1Wq}df7CV!23%Ej2
z>;{Wc(F-f+H-%a+kCtSg@cd$5{*s-&Tq36b81&2qOt}O82_oodJvj{XgYT$-W+7#I
z1IRQELGP(aC(Sc4Zo#f(_HzP7_6$CK-QmZFNIq$&`L}chEGqqGpEn;qK~v_#p+5vs
z-!udXHU<Qg*Td(@!4!N@8|o8D{Grzg{>amBg}sd(U|do_C1UImGPH?&j+MVsc-U%>
zTHUo{+~Ikn?=?bQATnJb7O|0nJk!1E{)0NsCnBGtIFvmt1^7a!@P~HhyJ8ofiGld;
zeZF9{f#to!2KA*o=Y*lz!mlGR&l(Ku*AH?o87Qu+-ysu6^(CYBe|cj*4?+GQcbsMA
zI>+TW%d@7>oxNc|e|&x>bN!mkd!pzD{wO%cpwvJ3Es*SO`{gWL#PB6Rg6Cd<^@);n
zG(`%C5Wt8?$P2b?dZMY2*?4yC{|08y2kjD2zA@b(Y&xT1e3M}81h;sHHWgV!@CUxy
zRQbf|c+**Q&+t!P&m8|ZUAx2eyPk2lk81rxmIt)dPgK*k;mbV3zdCnene<2gmjdl4
z(#aOlcW#@*`%QPMMu_@1Tg&~&{txhf)WyFvpfpi5)@B)LSppLU9jeuXfhWMgizBfG
zjR*;03r4_S(16j*P=soW)GKs!O4Msdf1{>HN!#pHbp#i61W?`_21Qg*t|+HRP5Ik7
zy~X%`d**RC-|(FMXTt4_-blJ8r}V=NwRta^rl^!zXfriUMK&>!i(hc`obogvkqekw
ztiVZe46iWQvU4$-ht^`pW!uOsLAf|QEiCthFdF@FH7JjrxpbAeZatkx^utlY%9W8W
z(c4ktWMiOZkUJwSa8OE-63w#HP!7h)#`&Y56An&%pd+|lWIi&DIzWds88cHwQ-XY4
zctfj&H^nu1X%-psu_0I%jvYYuNXt@5X<E3-dQBS~FVV6M%$rq=r~;5<8jG2>!khwb
z(7z%~hBA_6Ap3kwgJBhQ9F?B|ygQL0K09g~!GCn<{>Cs?zvwtBYqah>@*2>lx2yq!
z^We3q-Jc|^@U!;RbjxtXgdMx;1pHoH3=UE?vLk?a;0!_$|HqkdfF!1LO&E`n?aYmV
zx<8a(RCXVj<Sj`q+fxxQ17VG)q%4yi%Pr$rL>#7i6Ys<wwT7{yI&Deg5i?<ytXuYQ
zEKj+zjevg7W0Eeg!GIdcLCdi!2ADHv7|&*EIq1bX|9USld_+|-GMybtH~D+g9amjK
z#3sZ#JMJlYZWrx2c>RzDRk!SfwtfIc(hN_F8XOwk#%#wnqKcI%Z73bk37FQ7>a;bb
z2Xe;Epy{tE&!`qZwJ?+ia+Vv@`#FChCM5%W6b@k`NIIjncxM=3M~sM%>IL(!wQj3j
zeTF4wBACkqyQ+-+gVvvW)oIrS95yZjrp&wy>a=em6djm}xHTD=0GDQtL5tk1v(hNm
z^ZVHI6L-2;nKFt1ylH;BpaJU~TSThUw6w0ko*j1Py?}P+R}YD?6-0aYlPKH2qA=22
z({gkp+idRLB1~-BH|#eabK|;UapgwBHm=*gSt^vMLM@Bh30)!7wGRK7F(MKX2T@eu
z7&&e@jNo`THl5tMI_A-?Wy_j@&sg)lw&jMxRHuQ76TlA^M0H+xFMmy#oe6EeXvvu%
z$QyT^kO{0iAvpUb#Lek7DK%84P4L!$NS4kE^8h`g>igJKWkOSY16~UJjsj~}-<64-
z(77~#D63`1A3=+rfpnXo7LGq?@CznHmn~MglSbV^qjHRvVBEvwy1_R_);DO^3eNSL
z(2MNb2FmU?_EB#z49$oR4m&k>$Tr;oxL0WHIm%P4lIgh`=b@ShkjrjHtv8&<Je6tZ
z*DHXXoiOqs7zP>pMHx~{3mhy}mhtzue+T)1V7A0(e44kM2(<0Wwn>yHkt9Qw&jcnx
zlqXc;0ooVzXuw{*z{I4Q^S?vk-)3pl7^&=Cwslk*U!7*01Ol+#>I^%FyIp4jr94fz
zsAf*zJw=%8Tetf-uWw_fX&YRjY<t%3P_GLDpxgqXYTJ?-i}nH88OjcYjyf}<6`t5h
z152D(-GHRKKx6(4{=J}Ak{%DJTsS!j3=(IYh>E9fG&nNZDMO$&!Ap490+?>XIuB_w
zruv8%XlXI4PItt(Noek{rIaXki_*;$G_(*FxS;O3GF5i&Jf@WdKKrrp99D3u?hl*8
zZV#T|$1)CkoVA_!_9e)aN%gV_c4qhMUznNIVPT}gGgtsJ)O_Ux8$j?jdsch7s+&W{
zdX*=R^oXS=`dGhT(t}l5PIZYPv~WdSnd&q5E|M_g@Y{VYtRIkAgAg;@I^opaDITjb
z)}fBviXt_Hecn>GHkX(52-o<cp*`YZ|FNFUUt1=+Ds{o^V#nqChV3UrBGrg(-1Mtt
zkDII`M`q>;#5p>wQm56s`*@gUaAo#>V<U2%DGv)73n#kUkZ>qxRwUYOV3^uMa@drr
z*u+kVX+6VD5SAR}Ru<;g{$-#g{EWnu3l<U-m}x$!(hEXK8=?YDPKbV82@(`&f}7xr
zvx3cZWmjhAm%vKUG8RTgGH8+`glW(W2@Skkc^=W~+!`WVI{hALj-|!g;MczXJDE$X
z?Vuo}?PGH)*%|kdr?nMTf4!2MZk*B!;*jxN;erct?FVU+2cSp8q?E|jlu0;ycRT5B
z$dzuIh8yi&(D)vj_284z`&ZJ|@6+X~m>2@lH^fQgKOPJj)}^DtFRGJx%OJb9CGq<u
z>?6@@nmxIPnH$it8ho^#Hl4BkAN`nocf=ZhBa}U@JngU6K2ZGq%>8*Wf&Jr&g!s98
zyF8PRR=flP28A$T_zz42L4TWtCzA`Eg>$k*+=7Q^_MNzqbXZ|j9zZMF!wG55dbcZZ
zknKWzR?1}~BgoWrrQHf;-vDv$;^z-**~h7vnEDXSf@5Z?kG+)O0obN<v#owykt}Ny
zJwwjw$guVyaINn~M#;0*0^9SndogB(>lJD~vT9$#ZVbPmrjz8yUfAdu@%F~{8QEu`
z^359z9Vgkeg$Rg;M>3|48o8jp5y5sFaQc4)*$4t`Nc&YudKF2&QzkL2hjoek#7`qT
zg+CoaU$ZAgf-gx$8HVRM7aLQm;yr~fDAf$;2rPGNJn2fIfe1S6Km@P`NFE>oBuBs`
zmLXmUi+5g2Z8ZnMC+O}{2%0fMY01d8n+b1((xq$nicc+~#^aLliTxzx<pbGu;CC_s
zZ2jPZz_!3{Kr{iM0VK?)c)*5Yhp-7U(+FugD0mq6qi+15E`)B4@)Y-QQ@N4wX*&^e
zWP)NIv?MT@?SHG=&bNjJ%SMH7tcWfndKvoXis}Uxpnw3#T0nqA$JTL81N(ua-a=7$
z&=8bdNI}wnlA#M2V-{@2g!BDv1mb(ce#Gc)c#==be#^mluwi6R+=61UPe*j8?$CNb
zv@V(Uxhy$1Re<WC30Lg71xOiEZawhBIHqHcGwppPp)Uq#Z!4xf{((ObZ7b$&yy$2n
z9mzd(zrqg|iQJ=qV+2?Jxh=q!_|v?<UUZbnzOg~e5b2D4@CSa~h-p+$bQf-2<X8as
zL(+hjpe^Fy+~2fD1)9@pfQI(oE$;6ba4PyI*r3T9^90>$r?7GVrw>eSHTtu?=6E|<
z{;Gepu07Lpc?Lpm;95sz+#U9nu*+0rOnx&^<?+#Pi%46#w~n~lce64>o|R+o+{|)r
z6ddI2{I)|jm;Ar^$$oU7e9h=9f$O#hHW7Z_%-`tW^aoo>oZ7EEA@*{kOM?Uy-*pL0
zEq}>E`be2>E$Doh4j4c((D|vEKu0aN)QGK4I8Eek5{^|pGp-^U#FbI7xgpikTp}yJ
zPO+a#FD+D^hP&-POFlD%`eLuye4U)VzGkXMU5gw9?#H7W{GWSR^<V7W^i>$k8oCc{
z#q!IX&$ctKLWNT6SwK6l8jqHKOO9Evd-ZKq=V2=IHW|L0Uvytp&9m!B)NfQV$JJo6
zALt)=T?R{x>^1>E_Y}(zi*&(R@>M<U_mrNsd-}Lrtp~1|T=RY)Kvm9laxeb*WUwz|
z{q<?2DOrxcbZ87ung5yR^Q33BR~m^g)t7!{-_=v#uQ>Ah7^Dsp7Dpey-lQn&{jQeJ
z01?jMtGiCeTjugq{5RJVW>*iHC48C|`)fs>yOX>4C2eo<p*}*(EO-}hB4f9^NG9LS
z`s_RfZ6`;ZGu3a2v*R?zeXAt$rHW-E^c`c)4|n(FYjvzH>r(`a1P|`+h}hr?OY<;&
zec|A#_9A?u_DeUripR4aoAc0EcCab~@7JvTd)XvEX@8^ZMuzUm$Den(0}%qZCY0H7
z(hK!=A*0k^lkL2@EXH$x2fLpjdh{_u!Q|sU_n9o#Aj{$FIS95sK0i8Chi=qh)_g9P
z`XmH*pZyKCbRoS?-qu+bE=zkltR_p;bm)sbwe-T7wqTrD6!6=2u1hZP8tLM6`Zydy
zZ7Q8|Zw^UlPSoiAug^ja>bFrGe=D5SgP&b=>bXhSf0qtg>@Ft1VOg~;Xqour1oz3T
z<E&&UnTwLzirRCqeY&)$_%0<Z{$G5(Q;;Z8w{BUsUAt`Cwr$(Cz00<3+qP}nwsz^(
zInlSf{~K}cTRvy3wPxmAV~+1kZ`-en{nrTb?y}};d#`vsa}l;;V{#nwQLUx-r|#%-
z_$8SIH1RCqDdst0IQCz3Z_~kQd!#9~beT>Qt;=#&-V&k|5gB|0rrXO@M=cvnxLdXw
zw~+zgy};*OzQyQ)qTNo{x~-1BQL@|a;Uuf`SgXd%B=qUlzYx+~-)Op%r5xK%7n$XA
z4+R{cn5fGwW(w-f)x_$vc(>;`qxBfR247A#qmrK2;zJyj`IXCF!JSA}l{RrTU7ze6
z#X1JB%_I+>QkgH$yxaZIW1kn7w$G;h?9Iz{Ebz5|ASb)aAdOZ%tHMET7~m&tvhKW-
zPFI>fFRmKPNeXfo3;))#AKbI&T_;gxY=!*{BAxF!FJ|wG?p!lfuwrP&S|)whh^|cC
zOD5u6ts)yVmX9+Pm~yZ?eq)MOjD%E|cfStF$Yzr^)>sg|e7k&FrlA;?tW4}3dnknz
z+}dsDGBvp1Yp0^CJ`2gM41(>1Tqc&0lA-au?dy-mdh=^Ditn!{p>Vvq9lZo7UaPn6
z)wV+llDGfr>Ok$iH%r<1sMh<4rHDN~@0JY1sF=NKZY|X>U+jVr9gDhEZj4uoPLIRO
zytHpLXHUjwB{buL53rHyxbK{62uOohLVGnBnl{Td>a|dLf8c@VivGE2%eDNfoNkz&
zDEmUB^OadKPub>CdVUXjYv|#zgO8=dO;ceuUEQo&^!xGk;I;B*G`{LoeBYXNO6-*D
z{cc?*{kZmt2IZxzasMY~nyc4K%uBf3Jkxx2l30W*b)oZ>*@LZ`c1o@BefyP{{+=H>
zv0y{@^3UveJ^s4a+*@6%{nxk&^c>vm%2=bc5Ngxd)r~hK``%D@7pWlyR6~=#eb&xZ
z80s<@BvL-ivZZ&?D<;juOlc?vqxgQ78@tBv^jbLa{HVuyD>1#@+2|d<FJ9Skt+LJb
zg~noi)H3SiN2lbeC(Y5w+H^y{U3XyV_0RY*>u;T%T5GPQ{P48^l{H)$k?IuHtCZ#E
z-cj2?>7M!BNqB<LWQW>ux5dHa<Lh?Jwf5#k|IBudTxaO{#+Q<LTf)}5=VVCg_O=x*
z_vXKch2+0$ny*LWBpj=vGklF4_4jiX!7qbgB0RDeNxTVmSsIk2Ywjt056sLs_TFrl
zpPRRbHzT{RdbjthB$*6!p$mK#q}G!hszSpiCh&5w>bghILX`>x!=*wwF<uP@EnhoZ
z{h3HrY;NzexyxiOW0yqXx4Gl0r|+dDMbe$!<X5MS@g5e%hp(NVpUnG>gE8;ZMp7#-
z*o&SEMSuOvyV38p9Am4iJLO;ZD{YD+aYl02e@<UAsN^PUm``=vohm;~w+jJbr+E)|
z=-c_!Zs5shV6(P;#;aN%w>&ocvZ7QITc)N{WF|H|2%o!>1E0TIpA{zMV&>Yj!&76{
zG`cJTIgd3u1BJwrwkO=Mc#0^`P4@O?d+k!h3ltCUzA$&Qh53m%GVgHi!{5CN?z$WM
zy;~GC-T7E^&641|@G@ovp>`ec5O7w1vZ_-~%a1WFJ!~~|l2c9(X$ZLzov=oY;C}-O
zQ(-yK?>XLZ<wcIz{Gl9gSQ9#dWDNPFobPxJnK>q{08N5MzvU3$N%uhFYrjsTTDVhb
zW)F-KVqZ&$hIm_i!tUN?T>Qt{^bq6WfnJa?dw=j5dv<Ne90~M+>%(v3FCk;wS%gQn
zW`%X3>5)8G^ijvhC4sELcTG}}vu^>V!aiv%j64AK^N$X*Z2{x&dALHy-gI+hjJ@^j
z+O1;2r%1Vbc4zS)#QU5H;lYcL*8$Q9-`!VbNge(Agu~zaf8<CJdhqIlkM;W?2%-J+
zg>R@Be)xtOV%7#2zx_}J51t6V?hirFgq-(iNzO%_I}mt2ok=~_!GCfcNW8K5C%5P0
zy$9jHf7T=JtmQ?)qEZhW6Y@;B<|%ar<uWt=Vkt*R7g(`0eymLJd9_V@X*zElKGaC4
z_p`Dx85vssGnQB#dkQMYgrtZVds=gdz}RD4MDZaN5*ibi!-l8ibtoSP%zZjvqT?aZ
zMa-e6CEyX7C*xotVIi@V%%bNd;MpOgT`8K3kxIkhqG4cR+C~xW3X+hL%TB?_jk9&M
z%Vj4ZVc{{Dih2sVCk2(}^lv>{i(-I0KQBM8Pm+iamy445XK5<<@23e{NwIXaq%;aM
zHytT8J}txWU;(+Ll+2VkN<uOW6kW-vnp6hJr#tQMWwFrA59g*#VC|em!%#_U>`3V-
zvBX##WLpoTlf4UdR(*-t4X8!<27$AY(OGyf3zc5z$*&>Jm7(*zl`lp%wKr>DJ-20{
z$Gw`i_PRAt_N&?YD)6kV0DV96uw<(;QW1;GU7{f4D=Wh5`^<T7ehSaFqIR~XCw|c_
z)6&a(zvlATfcExORx6>^GFEPzOLNd`e;6Y<4d_RvoGjso2c<?&DRa5bXI-}{1!q=P
zpR7^B8j9<eOZ6R|F>YL2zv5=ioHpn+K(CKnzg;7-#{B^PAnMH0>8~+VYs6ZMzC!yi
zQ?FYc*SgMC?iH^qpVknrVQf9wnqo^7&!B2uvNft#c=v#=nO$A$nwK^3N7Ps7SE|pb
zFMo@81hzaCv5;&TjiW$rK3o~HqtMM5vIhanMT{pt>_S0K8Tv)E^BDSjeh)bSXn{UT
z#J_w9l<)$1zbDWLQQ&w$SV5yXb(F}1dE=yr1$okpkdi`7bF_@;lY-lMLuR}$f7OEA
z`9Dp_*8(DE^qhZV3JjfrvIWiLIXI(#m0KNQHTjokU=^aR^Ek?ZmI^$cVYvBVPbfTM
zbn{eCXx+#b^P<iu*+Z^|UiF1%l&*+8!pUbeuE@&;y=!7HD4-1LFo;4T3NXlpL*EDJ
zhE3)Op<#nV3J2y4s!`}<;S>ib4kc+MGl;!tPDAepK=)b<YE#Imk%RMIPk=1>=x6Md
z0;6-fPh=aRFNNFYsQ+d8Iwr@G5e%G1IGW-$`!URIh_<Hj%B?oC`iB2cZAlizBJRO2
z^E&i@V_uz{4V?e?$f}<;vJ1+O@9k!DXG_)Ya~QP7Tq1)g1{Syry(rjf@@9yuRyME<
zgsYC%rLC3MvukCtxi<Eguu0$-!wg`+)Udx3Qixw3=>X#vX}>rO!=adQ93^R4xbR;F
zYTsI}Cf$ej*Ph&054zi(S6vsOLrnl_JypmX&eo1@Yyf)cxJ&t=6#s)*DoDT5Kk_1p
zD2d9PHDizz#FW`5d4xzSEqRhuR{`>4KkEGBILhKJWet3UE)_|{nOY_!f8?*BN9ZUc
zs?tb!whSXD@@vA*QVpvcG?WPg)YlNvRQ$lAr34=`nn~jK9#T0B+mZI-g$M!YW1k}W
z2MQ6{A*K+l(i~|A<C=}8h>-Pw<3=>;_Yem&<>|owm>Dpf*t1M7k+X!E#UazjExJ#<
zqlI|GNiCpR@j{zEJ4ftW(Jy4sP^Zd{YHkJ58Nw+yh81OIr3LU-XFAI2uSIE4<MRZH
zX!`L?4z_`jpV|O)dXO#f^StzbGY9TFbmuaUvkoq5W;tp)F>veU2-*&zSa(e*Yn!Zz
zq@7k^>{S@nh0@VO;!Y5?aToE1HoXaoX%u0;;pq8Ky%BajPnm@Y?18FSEQB`D{8_!0
z0zm^3)+h7_(fC&dK|WXtyCbR3^d^GYGnmFQbw@#vUNeiu;>c)ugz=gnqtE8v=nx``
zm$a{>E3tg3O*%?4PSp7)2P<>$%FM?}?zY_|d-6tSBYu$w@;8SNuDVuBhnbD{@uh8n
z%{`|)InYO`=C5}h6fv9EXiu-+C7ROqN-dk5+bxfEEjpMi+Kz{Ax!2cGid3cc!1M+e
z-%a^Hqf{>`M*y03^fW#6%q+@Iyd2K@LtCNav%q=sZ}WfM@iMEoHGD?BtRLrNH*S7w
zPnT0q=n@7w>-PG$!t@PH9g9BpC-VzS6QM?_E8ZW<#j6Tsa3V3N-7m)bY&PJv?q188
zAFVS}N_g~i-y*zYRN$G6Cn;9yomwiWhKD?eU#c5r2>jtQX}<mpFqAPoo6fZcWmOLD
zL^}?)>++qnd0Im){DKLcNlnxs4S051oYsj03>t`E5+c?z(9REjA87v9*Eu%zsz_6}
z?`nn;aXu+W>fmD=@)wjkt8gtXK_p1m7x(e6JxB2kueIvqHV}iokcl5BV0chu1<@Y2
zb9lav|0>ne!6im#?*%r43y*y~K3e6zc;`M7XT5G_H{$oGT9tHVC+Wa;eq||iNjMW<
zpQ+nltL^J-w%V8F+|3V%b7$%6zm&`At~B-;mv;;EGeo;&#OQOn1Vh87KIq%61I7<o
zUT)r_d5W$q`U2G%VMm%SY#-l$9uFd1=GdOU$Aj|k@$f&UM>-og{x<~s|IM@0t$U@7
z+gRj9&?06O5O0&hqUP6y*O)y?$1(##2X}X0k*>S9c4lvC!&S?iy`v=(2{;o3H_5=-
zC{>E)rzkR*7e9$WwU~=oUa<J++uW-pt<7xNXzILuzn^~eez~6PrZ>|yaRd94Es(QV
zTi0!>0s)LL2nrMpqY`V8(`-ULoQ2qaM4&7nrRQ0!J5DTY90%nz@VKWK(ioSxs0dNm
zaV?-|J)$2|V4VVrs2qC$+Srz;B=)xiz#)^MYONqJ#;dW_Yi(&AeM<b&^5zY;&cE-5
z1f{UCN~!TU)Vyv(nWbyxmI0rf7cK<P2oMxUJd~1P7#tr3Gj=dlUxfmE^+CIhWJ(-+
zTEd`jA3$PH0zn)>A}j&n5JQZdpw_7%bR8Bj=bjq{3fC?eGu}whzYs*MNNALR1Zf-P
zP&m^gAcB*D^NFU&FfJ5H$jNZc5W6xRonjKuc?=wInJxqaoOzHunMyJ44+$D*N-V>k
z2v&1~3=0VjqwPRn=I=E7=yvVuF?p0C3|gQoi!YmAn8L})@zHL_zxS*ZMo_=_r|D~w
z@(<h#s(ZMOuGQy~Etff4Suy9#H|f1{J|;)~y)-*Xf39AQofEIGF=^X>P8LVYd)xVg
zD&zY?s*64Qun)(a6>guUez;qB`u_s=j@OBFCW76c!cTTeM)G%W>bY7{SWT_OI(a)C
zU(WezJ+yxQIhJ_JZPG=~ZeM0jZdd#`U$wOMxO{xq`*eotR^CjS)%rdij(iS9?+pyQ
z$sM=qP_3?Bao?`reH2^lPwZEdjqZMRRJ<0`T=ur<a)tLq`ZB6DC`UwzPQ9$W`?9XF
z4g@C4#KF1FQ|d2J1WJ<w|6RYFJ>kv5F0y@*i#Da*>ROfovDUs+T<BO2gknTZn#p|-
zT(5QeL%MJTv%m=jB*^P{fm+e&<&rob5E<F<BO$r)_G>b($E0?zDXA%G!Kw;(yJ*`;
zj6P_iVp8n&`{Txj-~AQp?7F%f=qF`Iszv!yXM~5%vpu;zo;0lq{$;kK&Y@o4di@!_
zzcxERR=#<;W8r5)iiembLdAddUGc#5EOd<b(?RkYXz#FjEVX{R>viGda_}}>I}por
zCIt_J%c+o<YjjbeCVe0$>KwS$EP3~XY(I;uk7t%zhiXmI8Re5u4Ya5CpPTl2TV);t
z8~{N7S4Z|gj>@{&TH6`@@8EMld6ZSmoo=_S>w)a9O&)$k`+IRg;VGm(0E+3q0nl&<
zpu-N*XAN64bzAkn_A!DHi{b<nX{!NZ!wzH|hWYfNA&Ng@iBZ-5jLpkUEzwL23q$(V
z(?!uSi5O-T^|#wJ6c%nLUaz;WKet{#Ki{vWwZ1M+kOFg;R+pBl%NR7MAOhbZ_+f@+
zlh+BfqR+YvHKI-WYc*vN0%9)JYLMfeQ;16@<8g}#1`NRKv=k^vX28~(YiJAn;`8Nj
zB!rcUvDUXMD9bUsSpqWA!$hJHRhJnzaVj#Zuxg4>?VL%nv8V(G#Uk9`L&k&4`R6<d
z1f-=D85jy1I1(|@l?E!CMViP+TV1pgup-8l{uo$Go}LIqq9i<|p~4ckQ5=Pe^wcgB
zZFT0t;g}2^N~}Y=6iB(%G`8gN7&hjHoduHrOvS`w#zL}sB-CKud(VqWghjN?rb;F$
z7>Z1bh*6Xd7-ZNMJe%aPNeatwGK5x$5;oFfQZs~3QT+J!LnR}L`v2nH!zZIW4#(iO
zm+Gushv23vaTbY7yEaJ?C<}RtX~X`BD2eC~Lx~;#b=*SdBhr_}#)<QKA)*n<6Eo*W
zYrsg%faU{S{mlg+Jq-#1Q16Ee!8dr2g%iYGajMdL1r87qq#n=w8@&!DVSpQ2;xX-y
z?D!Y2!89}RFg^y;MKIqHL^&Fu1`WZQ#-G<W$R`PB9LZGki5-(X!H11NZpjH?+!Hf~
zWOI)`RxSPM<AUSY>D#!*arkOrhGJs$!exLTpJoSP5*cQ|_4B-Q3Q%g~(?2_X!hLbH
z`Av7~>+}Z650^Qg?2pYdYAsC(JzhUSA@4$vZafd_isXo3wft^fwRal8u`?txeqR8M
z&!Ti!*gXD7UI3?W2atAJ|JvYzX<>4I1dCp=ZHBI1>oExVLA4E2CMa$W{mq&i*8z}*
z;`}h^9#m-FB-Dzob_D8<c3kgt6KrA&VUL4tpcsW51Nm)E=m(Y3&a<Nd&$W8k|Hpa&
zJYT{id+W{3%gPKtLVpUY%sqmo943hxTw>yqFmLZxY?C!=O`6OPH}=jko(uR*3{*>z
zgNVU210=%*Pe4%v2w1uRatFWsT>?phrf-tWJw~v0y$s=q;z-=mAlM7B46tWG(k-VJ
zD!}btusRk%uw3WP1GEKTn3H2-u#@AC+}=q;@B+zA)-s+ewa76DXlo9oiHuv~m~@vL
zR4A^|6{>Xr4uBU=IY%A}JB+AY#N@_%i97;XF%^g!o+6~^!R#YN6DGl`!5@DG<DaHC
z!5`0pw^u3<I-myxR}dru(Eb4ZM(d3OCBy~lo#4F|ckfYdrxV5$+?DCHLZ;n_aZz>i
z;UoMbP41Pc%)<7uj7+<29qd~n@;bvCG50+`>rB+gJQE||oh%IN&5M6X&Csg4uNvQ=
zDbcyqAS(wB(@7?qG&<Ise^7zX<7Nq*)OKy#-|ZJEa7T7EeR-L78MKGxa^ae`WOn_G
z56)k0al&T3n=bVNKHRn)b~4|bjczm0V&9L+v^eE#DIi5jdH;>x_kJGS6;oZtTK`OS
zJ8sYaE6wrN_gmeJcckFC%{;&Cyp?IyEwYlW^^~D{53%qm<lx26SxdvAl6m!WC@#lI
zv1@laiI~$Kxq_I|^JU{~d`_2R<!iPx7r6=d+4Re$nYGgT)9sq{F5uhbF<2hCK2H)@
zf7wc^1ZE|s+Hti{@Uzjy=Qr8?v3Ox~`JmT08Rg{I{t=(~^Lh96KCM%$x86?s{S@jJ
zG~t9*;oH38;9{+Dt>)*|dZ>7h`){q0j{-q<>)V}sOP=}pan#kfo<$n_?Q)%LIdJw=
z+K$riIpa+hIJdXsS$w!cl@@KowJU<7>+P{|@)AhO^@&Z+Be2)&@whMKscX6rl+0;&
zYxC|B8N9X9=i?W3s`PX9+PsdwWYm)T+FvX-e6DZvz1qU-bc+n!Hv2QcHHz`_hPj*Z
z99q;-zM@07McrOk_A|%fZU3hk|HdlcMHQ-AcfWB&gXdARd-(h5&*0p=oiqO5bXu)2
zfNloV-Z)C)5@Da&H*gKB3MuH@YpTzEscm+D+tkh?U6IJk@Hzy6Y2Q2K8|GrAWoM16
z#p4)Z0Mg#q<&?3T8&p_J@ENPUP6RW$e^LRw1_p%3@g~KSxHqJ@cDKrLY`h5khx)rW
z4>*33*+)7qwSF3Io_CFEwyW2d7Bd^Nw|va5j>uk>bYGfJ$xY!rsC1@0yAPX}bgf@J
zb8kDVa@Y{IS?wERnb478BYtWgq!W4%T|e(kgQ;(kd^z9ldH?kHwenkIwLklAzg(?u
zq3OOK&KfG+1S}lpx!mbcRa$Pwt^#jGNm<S5vPI11f}aAPkUGMA(`bt)&!9RIYD(}5
zK|4Zfit$Rno+LZMb-(cbv#PH8bUWyS0s#D1W&NM4s=e|5`>U)1ZH*#=k<-2YVq5EW
zy>&frMG+g!RlK3Stys}4oQ+niR>TjS5+~keYxf#sRognbQ#hQL2iq@L1RJ{~gHXv$
zNLT%rIE@^I=8r;^Xdx=nq!bXZWmK84Mb@=VvGl|C&n(-n_v7r9agFPF10%px*@#|u
z8|S(@B)~E#z#XBACE8M6K}jHm2ucDHPV{emE|@qkBQFoXilaniB_om|mas(@W?(0v
zAFn1=m|@WllCMOFM|ufMf`O`6r>AX_fD}zea+HLXfGleg#l}1bL6@F28Jur(55>?U
zl1fJ5Fo2%4%#4GPte~uf8_cdMAT81tk1`WG)~DXc%2udHJ{*#{fM}_lFG}+Jg+H(F
z)2PGR)2n5dq(XzuqgJenH$g}MC7zu-^G4F8%NaO;ARRZ18BiCi2OL|9MuOal<#tbr
z|GW#o2QcbUANgdE#lId0E8WX8QjP}Zr^QK%YaDW=6H^h@Pl@pk0cj)w(6@_6@RwYZ
zrb+7O$Aw7GtcM*~Ll}r30{H(i69o`LTf7qi5swuL6KlrCk_Sd;oP$)4SanZ)1Qp)b
zj*)h<Sc_u!>43I`H66NaloP5RpW4@nws#|PcIrjugHMmvxr&6afSTUa7z)&cL(<v^
zSFaGTst8n0Z0SF0A{3^8w+m81I<myqmm*%d;K!~A7(0ATQ^)3)ztk9Dk;ig}oC!_9
z($e9oR(et3Veb=2xfle@3G%IuO*?*EqWJCXrmRR^vpvd??DAJ)EqaoyX#zAWnaT=a
zyyus1$)$SP12nE_3cEx10xAfp2g}A3i!$?XnF3s}T?PG7|LaK(Jz*c#!2To?`>2g)
z;$R82Z+4#)T;0@}7kyf3&<^c|Px|6XplcI`9iR*H;yKoC690&Axyt>4qS$5vwN673
zn#6!*8IgWjO8vfpQ2&G!-?^Y0S0AK1MLUX%M)#@@AFYwfD)<=KQ9c>i-BF%-27R&)
z?Xoy9ULrJvLMvAxcY$tbkXbN_1H$^NPC%9i(EwQoAq5KQ;|!l=aO4uG$#+1iOMH3{
z(aU!@b@u(!?;Myb(TB;4+&(_W<9Tz7Q45P@HACM7N3^Py<Iw7|Q?+YFR0>PS!?rAz
z*fDFeAmetmvG%pL0AFu2ciOPB#0(97epQpLVN#ld@p&}WbZ$rYN6W?H!+iR4$>s4_
z2;I$^w&FtXeG8q8Xpp}?052!O4%f@s)#0V}7?@!b^>o20bX#dx@ABLEB%#qqz{1Vf
z{mouyS$&ek`Md8k^7eblgXUHH!~eYzSWL}!y|>zN_(=sXs;05q<8UBLp2O4XskYH5
z$?eu{bn$10d&lEa{&E)fdD?C%=NyN6!}D;NrRrLEIQfHz#HRhcynJjm@^!WP%o&_D
z+S;$D(>~erZseLKW@mNPjV8zIsFKHWc3`v5m+Bhi*-?Dgs@`Elm#72M6qAGNd~>ZL
zQ6l-*hgrf@DMRRgF06ek?*LLm%lLIaxv}NZ^K~i8*-{hJd<Imap-EFzcw~Z;8s5iv
zZyyVPDoo^{k^C2@0tFZS>`14!hQGOqS{(yEvA<yEhvbC$-3otJlWNSftf|Y{7TUdw
z1Bs-td<N{Hv)o8+SV~V*?veE;NAC;Irep1+^{2VT<c8MtHvT*D`YIR4V>M|fD?p91
zb2}4@4|jX#$w=rcJk#Yv(27>4`n0(KN&ZJJ*(lF2^RWAJ_9^Q$G`IWC=adLM5<Wb1
z7xSBY?~hjQ&c@e6{X%7{L3`~Hxkdx;AF^Arz5Z-f^DVc&wsfG8LHBg8G_Ujz3_PU?
zWqNqVWN8Mb)BmGUQMmEt(vJiHK#%)>k?;NgwadvG(9X)s?Kz1)3F}^C1ZF4F{P+WX
zFmVWivT1;10ej<40D!=dcE*h99FRh!OoQp^ck)&UaiOY(D;tZ7s7qR@DiN^_-aCKQ
zY=)1KE(>`zg+1F_q*7-u7OWy)e`YxdkT0)w*sQKOe%@budw<%0y5XC2dkRKOGu3z2
z7V4S^IvLFyQEltjtuaeWTt%AfH80^$7kD&@OCIixxhEGiEBJ7gnxz$#m54N4k|<Kg
zfpoCLhX;g!K+AXjsz(eRWNZWBTiA$uD^V_IVwN5!koRarn-0bsQ)5e%PGj<BPZ&#3
zqox#;_wZ&(iZw++A!*8mJe6timXt7wRHTFvdqGiBU7w3Lu`Lu9xSR`fCr;BNK)s3~
zwG%|QTXV-7tSh%s<wTipS`f!W5QQO!pOLa`WKNjC%H~&CP(&LqRq>R#iaCZ~rR}Q^
zCGM3sH-R*{j3QI^1og}5N)<Pdlu&mVmN{djU_E%NPL_KUqW-RQvQDLaZBd!B^r<rg
zXQLXf;%AWtgFz@Y+VxCn8<_)77EGnY`Rig0nuMvL#(Q6uSgPYr{riZ6a(luZ6=R^3
zqXmXB1@`StBh5t|xe-x#tw>T-6GaZ1ijDpnUY2wc{7L3zV>p$eIj=UqmLP;dm_jfp
z7SsebPx18hR08yAHhG+IvNz)*x#JH){qdEs6yp+c!et@-D8|AN!gL@RnkjzO#$ZuX
zXs7g~6dD#~G9?U5BC!xTL*`NoefPBq>5{yP3W%&gf9a@`sHXG*FnjhLAAvZwEpWz4
zOQ0o+Gqq@E<2UUVF7}P84EiNG;>?T2*NV+~fQ;$lL2(pUF(gbE=9yr+C3S_|jn!hy
z;dlGO#&T!&{Fh2q$m4{uV4x^6Lwyb*(j`R{N^D<o#cj>CY{?;{Vbk;s#g`jl;!Kr9
zL0%^A3OdwD0hR(X67_G7TjUDSFxA-_NnszX<BJT+_KG5|)F{(Kgb8y(AQlQ09eSV>
z10>^!xd3C=B+N;A(t;|>A}S(!Opvjso~{c$@SY93a{OnP=begMnMzO{;5il*;`E7c
zD~`n=2Ne&NC%>7rHFPx}vqXQF!OJX_xp;rU7`&VS#4G^rFCzBFeGV^>(WQi0hWPw_
z)?&koY1IeLxPs}=PUI0-dQztXTC}#3u&h#b6x0DK0<3u+*ZC3ziT!cj`I1T3Sn>(O
zN--!4f&%d&lSFn6H7M=Xh%83U5EI_+X<AQ|166O~+os3{$F)j?-iNxPw+s}%+P3hV
zmR1UOp1#O-E;Xds74acb^@=;+<EkL&E#q9VC2)lpGFpX$4U~l#<Ps44<`3%p&X8cv
z=R(k$Sz%h94rJ={x!BF&mJKh7?e3w%AYloLJ60sE#sz^VCD(Q(0>I&YL0ZQd4D4K_
z2N(xl2KKz)?*dNL>m26Khk`ovZHttoxGR;<>4?Ilvn7jE@H;hZWgsMkE-{Q)a{wV7
z*L&Kx;N)qH6gUYBuo@6TWSSy4I&y{2yy5A|zu-o(&{Ee23U9%|oykDG2eyhp_-ip#
z;waj#53+0-tRZsHI~$wg+crbMaFR@~;xUX6<#O?#`fz2yTrQkw%qy7Rh_weUSd_F4
zlcV>`42V_u5v@X{hgUgDlHg^Jl+!Y2e5*IkR59cDJUcrcU>qggNM$(yFC9s7KneqC
z96qxA<U(_%bRpWM=!cQOrtpK4!a_J<(hZTh{&=$VR!C_s%>k13^`kfWguKERT~4tY
zSU8gYS4!NR*)a8M0s8@j1xf(Gz5&fHWr7Cz=qsIjBBi{PiV{a)+Sy2K5DJ>oZJket
z(2(E)*_wNfNs(LkngYZw^igdAq_xyx3)~V2qpqBkx^7eKr)8gixkx;Z(Ch$>yI}Q8
zX&&X-+)jXMk=++zcgWD)E%uVJxG5uW>x1!~0MbxN7t0qh_4}#Q3v2TBNMVO|m8saj
zT<DJsi>Jrg{@H*e62B*v_{&oDS1xdYjz@t5Ob5M1&08#&339GT6iEssV1MV2P5m8@
zq$h>r>rxrqZ~zZhbOev8#~me!gTP#sIq9woMr}Pha?u1%pRz|mqA<7sE<#|MRB+?B
zM-m}I5|aXi9tidPo!1qp^R=!QQzgc|&@A=slpa-sLPr$K9*~NI8D@ZA0_Xn%QRv5i
z({kra8pg*^jb&0UF(Cvmu^c)E1U+=-1ouaU7aK(vLI&KM)2Z7dSLa5bqZ<hoCsTz&
z7C&PrZkI>#1k@MgCnq|wg3_I=L(jV-0ayXjM~>tX6$9did;$YBN<iWyAvn*+UDV88
z5hQszYl15w1FoGT3IeoAkUa&QA-r1&+{s|q?MshkPaZHv;siBd<4&szn!)%Qtj7Sk
z=s#hss~iOrSUCr}$XDviqTuXCK}ap)xPXO9E^?>8KEi?+r&N@7piWLI!`jqR0@#df
z6(Z<#sqoL&ovK}2^X&xe2AuP09&je#vm|6gf>-WW4j;V69=y(TC#a6Dv$ZVVBZ@gL
z7+q<=l7{vn<Z!!12A?8k#$*NiTvIZb?bxgrxK|(%h03plv0n=Pr=OFWg;OV4I^9LM
zv;@T@a4WrJW%W0~8te-s6IRs<`bn~0$vT-S-<llZK$G#vZ#0)vr|hICUbQttRZgf9
z+{S&2-89Ix)w7F0P2BQ1F0PRJ$OTrguheI?BhEqxRbB1*YlY_XN1d%3>F=ewZ4qeZ
z1Yw<ZM!ZZ>$>abvV=P4Dh+ri01kPkIR7?tdy7v1QsoEae;7#@7a7ixH!)Mjow+K^`
z>DjT2=%vl5czdDb3cX`oVKSfrR6rt{n!AuMLN27mK(!_)VE-v~9r{1K>X3&1(yGPD
zJP<DZz*Q8gh(xtd(b{`3%V2<Xxu8CE5j0aT5I!+8BMSk1iEjGPLSKl}J1u@RS_1hL
zP94K6AKfy!qUeb%XpXc<4upBVm>C6Ph<XqkSRXy8&T7;QqAJ^a0Y8|%bHH;AQ)`LJ
z{J`u<ep}ya1duv>KnI61mDUO3p-^IoI2hbn(B`vq63%XH9+&}1@7iSxEcXti7ag5=
zG4<hj4^ADpES2Ada%vgSDvpR|-=teg6$j6tfq?R-2&}xkTeZxtB9H*R6|)t%t(RZP
z7M@&YI$Fk_r{MamMNV*lJXDlARJ0JAHrNrMO3GoE<#9yfY9z1`p{dzHnc;2ClB8={
zdyfqy$kRfY5epDU$8x~}9HZ?|hT@|+Ojf5DvtjRoZQ(HnBmW?w4rp{U(3aKwxutp?
z?%0YUR#vVRehTzHAlV@dmY5Ky4)mj1-=|>X?u9cB=a7`RySYhq9mGM;8aEzQ@Nj~|
zXJ1#o8&6;J{`&~>;kO8S0E9yl1?b78A-}*N-J(sNDUrE$L0g!u7U@DdwvMG^f2N6f
zC&PZe3U)VkoIwfllqEFOB&4(5S&Z!<w{kl|CTQB;2=c<&){pVngMS@RY!#|dX)O_u
zg9be9^np2-FvMLaK<^+s=AOF$qZM$|qh;eAjEY)cr?o$tzOhRO;(#V_r0NAT%%uvx
z8fb8HkviCiw{6wUpE6tBeSS5Jmp*F^_0Z=!xC?{!x<8hNuwrVNC4=V;P%%j?Cs?}1
z78qUX$+yEB{&l$B>flZoqt8TLkeNHy{(+!X=YUo<b#OA~s+`x%vM}5m)|}D$g#k>v
z@Yy46O^eZ-*MChM)Y0Ie6c!<CJzCz4^B1+~oE@5!N)-+x_DLEL2uAAB2PH#83**2b
z>Wt0|r+&@Mv;!4mpy-2phH5#HI^4Jw9<-vse<Nr|_z^qGV(jZDo$Ik?OzWD_t*;@W
zGQ;*5qK2C=c@|M04$>play1VZY@5^bx$+(APOY|45Dv;%cm=hp%WWEERpwIs2d-eD
zeC#<AyP5?Bf7cV6B&%QHkwpaxl8knJ83qpEN(HyB$b&MmzYYj@%nNAHbQyK|qHW(b
z@RqXtn&Ey4AX|29CT_sy^kFtBJe$oy33~?#J~5(N;3U=_DZx^DUR<#Bgnh1aAhv4J
zZkhNSHIuEo5d%6e4661mV;vzDf+Iu%7Gn4xCZsR>ZZP96B^y|%O$cxF0nwxA%Ga=J
zL+ydb>Mb;ce~7MJTkC)Xun=5-2a=7M3HNZU8x&O9R@xR%Yr7fotw)>H`db03wt+Ny
zImuztP%U?Q=CW}I!FISEJg2r>kfj_-6(acj6}v(T`P$?o)B;;qkCF@Sx8rNw@bR@H
zJ>7t?Qx2Mm1R2L+#%bU1feV@K&E4eJn6MKTZi9y2tS3Wvkr7-8K3(omAt5mN*RW7(
z*e3YVUL>9ed}D5~NU;0b-c0rZu)9AZMLf=0EWABWfN|-m4Cusa;UQK9l=q2xcq(1?
z#J&o8n7N_B{Ih_8OWiTBqXaQT=%J`Hj_<=o&<7Eyb@QL?K!q4(rDXr^x7d&LVOZVM
z{bit)^YzB%A&Bi+OUMNoG}@OA*l)fPN-y_#P@=(1qN{%^v&tCGg$vaDOsB7Sps%FS
z3{fx|&--e8JV2;>!>DaX>qQftYjEm0=6XQyYg;;C>oadUBgL5ZU~N4)htjZ8FwGwp
z`^Oj=%Q*R9OgkHCrj;`l!JY0JsS9jWJ^d;4-NEg}s@}13Gz{o4;L#HN_-5i!pJ6tR
zk25_Oe!TCt8FFc$ggaxJWVasTVy;x>ZrwzmqQU%46QE#=RnwV|{eXtH09xH{9GXmY
z^sGKhMGaFkC(#pNmO6Y}x3V7BOPn*@4RC+z)rxav#TTDsIkffFGmyxI?zT1C$td<G
z5O-JKet94m$IPa;?UsK%*@@464}KJ>ymj)sz_+vWh>uL0`F4E#o=vZ-{`3j<miM{*
z^HbF0My=M?_j_84&&v00&dUkywfAeS`?k~edb{qsT4n=B%~o8m;~D(<HipuJz?tx&
zHMJ+}eIh3&$?<A!-$jY9hW+b(^B#QXb3MfAdA&S)k@s_vY25bw7%!z%alx;a#_z6V
z>N_L`e)i?6`!rpq=RWj^MDBaR#nejT-&1^xSthq%m(|bs{Y5O7S;?;75{utQy2*X%
zkM}_^sMI&^y61uPrcd<8c%%2~ccM(|6gImOb4bl*<Lq;x2<$;UQS5Hl_ZrqL4|(q9
zsNMRU!*W65v(KvwE+y}}v&s7Yc`u#M!{rJG*+^DL>MmPt=U1hR%_ZK&dZ|Tiy%I22
z4yU`Z%A;3k>dxGs+}_7}B|g84<V@&_-FGF2@!cQqs*mhgwHDl}uduAojduy#FCjW#
z`)?_O@5VsA)Nl9gZ9Nq{aT)I#=G9Nj@u-heh}qAX)oyo5o^o5MY(JCR(bC;CuH&BE
zp&jqXceP!gf6t?u!L=VLH|dRLI*0jvVv(97&2sUj=-fy&<W@U=Z~LjTe!gX|wRmE(
zw>~H16=bt~FPqZhJ-)|6ts6pi(ths!Dz_|ba+#`Y9b3!y>jUP)z<8m)9V=fOZCmNW
z+Yhr#(R4fimi~RD>Y)A1E38(wr1E9%X5=(BI=<lW_}zDD_naQPB^+g<d*8lFzke>`
z?20z@dOq>pypKZj@w`5@tbW&hepZay)wAJdc>h~fYufEOo3Weq(R!Ps8fV>1P)4~3
zzpQ(a9I0sTre}`afi;R$iBuaD*ZRbvS48VZ6<yfi3Y#~(ci=Uc?_R;EcyAL4?QH~C
zj?{h5=9#mYw@JZXSo2!ZVty%IPN^}q;<@PrMT=%!dsWqR&JK=bWLep1-ki$m9(x!D
zE*wtCHNW;Ly2r-2D0Ww!YA{c=Y0KTjYS4%>@I)8&x26nR7xyEz2qL1`c-b=D^mqsl
zJH3&-Zn$1`hqDs}Tq(AVcp6pWm_~?PKb!l3{j*qjz%!my64Gj6*-GF)h4}M<y3cB7
ztC=*!%WAL+is;o_VRBGzTw8sYpz*EI$hMi$=}G_Hu7fe%y$Lt-zE2fnc65-^$!F=|
zdh6Bdx9nJEH@x<Bl>;98ZCd$s+>-FR*c!`u|F|b(1Yh-eJ=*H}t+tsk+N<tv=RCRY
zBxUR)SZp)S<}!oqWb43tzlsxhJ7%ZzHQMU7ysP&;xdsg1`>Z(T^PTaHW%qBquyN)q
z@U4;(uU~&OG3~UmWxtn56=!YD-IamLNW~hh(v-2%z?U_3x!%K?*UD&e9cratwSL(e
zR%>#lKAL)pQzK|to$b;fQ$6ds0Y$2jcyZ0OB~WJ=Y>n0xXLGj3jI9pqSEv}bJ>@$B
z*TA*5eTC~9^cBG~6w@%ej(oMdZnx%i<#q-7Lg*EqZP;s8+t|9sb;Zmz$*Z5+&|6Qp
z7J5bX0?Vb>uQCUf|5qhRISjQ1s=T0SK!Ks6AkAkwrV;rH@rC?@<%8`78jNi8=l{@S
zBNinSGW~)&Aitmv!T+Skb~SNyvaqxLe_$OeaTJALdu3zI%uU7Wx;b!Q2@)gqx^_!Z
z!-%y`;4~|qfc$mMOk2#&jP<I6)?a$9IVeeni4p1q+_}XnU*j(bDu{>(2q-Bp3^W0X
z`M^BzZH-Y}@SgTl@6$}D+3qZ@t`ciNfTdW}nt|nDNfTaxJ$$e!enAz0cS7=uNT@P_
zB$7b#a3~xBN97|1qbgBBe#9x{4lvM<6oA<eQqUr8xrYXZcvs>}7HSqoC~%Zq|G22A
zf-C57l@Z7p?3DMBxIN_JKkMXq^88RG;Gn~=@H)hgKsVKDm+;bQ5e6gTgn3XBrf9_K
z&_UQHdt3gB>&6i56BC$a*$8`K!E<nt8kJb>6f=?xeUfV`T;o^%AZ+)U6C}WB8v+bc
z2Jry_ssojt5+{VjpK-yo5lxP^;^p6pE3(4M{ES5YYcmW<P?7{<O=KA2*vqamaaE~6
z$50h>89Jyj=9S=sVFCsi^bpm4*+dNHFp0jr(4rMHrI)9q-}e$~)C!4<Rz>F?i8od$
z1-pp(xA6rZVBIw*iMR^$7ubsf>aY7PK#Q<&Xsv=JbR=j$aY^red^w(d=Vu3*O9nzS
z`T1lqR88l~Z6Y{7>^7KVV06%MG}{gJ>z(R(UNKiyxOk?Nc)c|u3_r{5;2Eb+@DQ($
zCmNfye01sQu5R0f4+4G?^Tjp#yMwhpxgCuYf-~pcLaV&H*qB;=EyI~7nh9#Y3oUoD
z0_TyKG6xNZ?<wD&W<D<^YRY2Y8?t-xl~hmP0{I2_UBU+h*P>PuxbpL063`Hke{)Y?
z#kME=y&g|t2k%`sM>u8p)gYS#%E;LYf}+4F5}7i^Gl%ntiTcrn1Z4#C;(uUm{mUw;
zG)b2Cj7>jdjU7iW1r`dl#cXwP)HP6199kG|hId!gTb*Ww7GXPwU96{EDxXzO+0^9P
zrdlF-eQySyX;y0MpIYN(AN%${SvPMcHV;2O?YeTl=}5>b*kYqRuPjaB?!5J~81}Bl
z+Wy&EeK39Owd9xH|6N=+duv1ozilu5w2Zj1;d1A2dm=kd%XN~#Vpdq#frkFh(8vYk
zmn*h;vgVAODLMTH`_KD8W-9D_bd+Dp=Jzu2x9JSvXkuvKNM~YbVN3Vlk9ziwu6pi{
zCZ_+r-J&!g-BDC>YGqv(Y9mmT6=4B^)aRy?5z2}Ji39XW^3M@!#My-dWJ@~}oEOe*
zJGcn)#6!sYfdx>Sl|g2o*U}Y6pV#K)bZYMhoN#K_4L+AJx7XucMl^a|uwP#*bQ8c_
zdaiH1bbkKru732cjz2VCPH@Qb)b8lDcF;EFM;t!zp0L~Qt|iT*NrEPp_vrggn7fG{
z&POpB77ZG9FvU-RP>>TVh4+{bi5EW(P!J_CjI0Ts!|Z*^6C+`pj!8J53L`~j!I*F^
z3T}+8$@4DbMY#?kQxHwNVWe{tp+XOHIZ8?yH1iOwDb@>v$C^0V-Lfbu5M^UUmN1=f
zy$DkyIceIKFohRI`jSMCVQ4vUZbQowB}*1PY$BKE$dj6Pw`~~ZOOJ$|iXiu^H_^<N
zv?ovyVM=1QLl7p%m#5;F2$pB3v?dfgiIJnmj&SL7ph#gEGUHq^DcXcL?HkH5PBDZ~
zhGAUi@2HdFt)DRtr0bKXOK;8ubN$}oZ9tYZ&E-fwfmrar&%1+hfSNHQx|txcE}X%S
zdJ>7&ks(UNN<EJRYCvh{yOXy#r810oHa9db)@RpNm!l3qj>*qvqY&ayUpA1~JeesH
zbV5ND8>{@?zy{XpW*`!;#3xiMH`lTo5s$6spuXv{H8LYdYjj*kmPAvau@N;Zqsusx
z0Ug9|4&KYNej=M^IoIcohkPlC4x=9s#z;CK(DPp^wV4)h22Lnx5;GbTWu?sC%nWI8
zh&SiNgucce=?LAezQc6Apl8(L4O0YX;z|^qhnEk$?skZOmXPx*(?@|R*|%Mb(@-@h
zzYgDVFG4_4trk^yKbP-BWHuCyMVxJ0W2&V=fh^_(nTvig-wKNwbR(8}WY6dp&RiyH
z(zK1_E!Z{{>=EQq9Sq^}I^4FPSV|E^O&@DhHW#x8SyZDPMebk3F#V2`Rep1(H7MGU
zJ=)dRqDPWxFN@sAi66+3Zw-jbznbUm>>sOBq>8FqxljJ;wWhsG9v;}S+4%dwSZ%!p
z;l_?8I4Di`5w944wHuelp0J`I)%3HFNC@`gj6rlRJ<+BPG&^6S+*1pr^Xzl}RMf!a
zX(teTEaI^qtI*VNZo)S=PJIGJb<%}fSUN4v!Bnmr7%HdaCp^&d6kE2m5qmX+=r<CB
zR87G(5N~DDFF}^3ZEAOmm|t$fM^7qRCSpRg2nHC9wkYBi=1L7l;%P3Z@j{J7fzRbY
zk4+Pr6>dy=9VI-7NoJFKZ(>cKTax}ucoCg(Cu+x-d87-^;>*|PBb8^ro5T-=HG{cN
zI2`8mX^=U+oU&GB)=T0vP@JO7#Nk}1tE_mmmUFhBI`3Fm%HANSw;dl>AeBMf`I3lf
z)OZ3t1D5U<l79n;^&0;xUZ9KiJ%{SmOOe?oapJ5!lkIXaZIntjnO<;W?+YxBQ^L+z
z&rovDyqX)eWHeFf^2|$TOQcm<?(X8)OCq_5{w^svbtgZGlUm$E1C0$lYk5XzpFX5j
zDGlPU9HvCOJNcrm)^MZjz<L5|eNR$KCY3iS@KWErY-xd$b@P0}2DOy!Xi}{Zr9PNe
zqUF%on2b!MWNV{hW4D48YxK_2s-XaMaO}geU*JXoi-Y6EM+4^$&NwhnW{K&+gL6N(
zTHszD;{ucZyA`2iJeqIh_K?BOk(+qwp;CTovO^4NUx^J*2yY*A*g*O5jx7RDEI_GU
zi0imzheT3Zm*d1;3=ZZ#eBU9l#Sx5}b!f~xnr_T}VGIchCvd@DM2hf?aLR6yK!~AY
z0v>;zpve#)PW%4GP#&iSPeezW9z-l#D$x{{sD1HOtO)3*j?TmH!GktyoZ<w9-g#7d
zbjS#+lNIcGcjTT@+2hZS^|kj%PTpB<5h3M+6U;EKoa&9VOYbC(F12^?h1;ob{6`7P
z9m?9Q{Yc4`#s!qw<tVuYF8xL^JPJHs0`L?c^bW;?Bp4!;7d3H;zX}?mk_!(vufQ>d
z5nh|$#bw9H<A_9)ihVTGm^4UI89d$Jb!@RH98S?VL4)5iBT%|3f%NgcLv{3{tK(qB
zC*sE8Lb4cV*V<j#U7Au9S3&ehVxB4>=WwYAG<ktIhcK&Y)G=SpEl$F*Q5sn#JnKCR
z?FYifu~>QN5_c&DMTjZdJVN4RAQp<9tywc;U{$~TJp)S1c1U^FX+^hQn<9W}g5jK6
za{+rpIftQr=-T12c!62>X`=d%jRqa(%Ar~o_q7zGj9H&XTq&4JV$#5#AhBsjwqW9v
zlY?>B%!hOR#0I^1Df}5@r7cl&dT4Yim6TA~BuwH|Xo98tbwH#2(nZxD`03oXwA&|1
z-9&2f2?e`q=0$-nh1wk8L#Fi=^i+Io*bf8N>ST1t*9Kh*a7Wr>$HJl;xF;r;`P&(V
zPu*ZTdvt!gU@6=&%0_q-QB1S+A|&4BfztJN#^-XOL3#Rd!GZ)x2)7uC8L&YP{WLAg
z<huf1v_WvuDu=(E;VyG6=4({=+z=(cC}yx2Y`WEuMd~A!d0h~Hq!92Lv@H`X*VMtB
z9xI9&lNzH+n~RzltKLb=0k`4((2q7dfiNH4xiaEG6RAam=hLOM8PnMpR&lB!jC!L6
zmj7}av=KHu&tQ+M6w|IPNjIQe0Na;w<MnG?a3#c*w)2EqmU@{2^w0A<NAQQ7<3DgQ
zl&Q3-8zgX^nFn#|H7f@oP`b<5CR<P~<P7pZzWZ?S_Kt?K4n9G2#c(ezLW)w#EC8&d
z#_6cjs0g+oZBq-WmQ=&^n54l+Ry9x;rUM_YlimxJK<*X92-)XN5KjiELkhbzD}$1#
zbdfszj0GmnVcVC7-r2~gDH<h+o~eW4L^1@)Gyu7#sz^!Y+fY=8RhKJk7KBww6>G+}
zfq@o*qiPuTPE<(7^7Gh3b!1X+|3;c>YOJ2IH_0G#Zm9i&SFAo1RV?}Ivkc>uZ*^$H
zbMtZ8vgI?xmGvfM_fU8)XcP3RtH;#I7asK(yAkd+v^9q`-reKF-0rMt#<0#!_;BvK
z0Jm7~G<t=QE<~`*<+`3d@y+JH(%=L<>`9O45j9F0wXVI#XjyU{OX0(JfdG*<UH#aQ
zV}w#TaOnjYBP{yzKaVWVDJ*cnMRR|`c-1-3VU@h4HOE5?nwu7s0*hC?*!8-_Y|9c<
zS(jLvg8CN<B2HB#sRoM|By(GPL~yH8RAE-cWdbd~@JCnSC+zFO(b+B|MtM6Jh|~r<
zQTgE`PGdb+jT2mC0^u4Kh-sYts~N{V-8}%^)zl=Wb2hnqj1-wnSJ8M%^LI*Hk|d{T
z4puyK(P~mM23gcCdvdDaon$-m8GPKE&cUL(D2Uvkx+;t*v;EUVl5ugs1G<;l45#d>
z5?1b9x(+x<t5q_F<8lrwlU6)0P}}o$^G{Y<lqWQqx?$acVS_onb%DWhwh_7j9ioG^
ztrBFIr>99dYUdB}PcyI&$^=HM7NI>7wTKce;1&#x6z-mvcp~!>8nKOmy8ua|+V<x?
z3dvFyIqSEch6Z%PtVik=q>5#@xvQ0*9P?&M%i8(dDMDo1p+gvCsotBoUaS}+Q+F7%
zy0*hIMbFA+MV-MSI?`nurw7q77=V1R;`yH5-$~bj@L>JX_q56T-tJYUwC0kusu;p@
zL{QJRwj#dT*e}m^LS8T8+kdljpKnZsdQ>+q@U_ltlAGY58As;o^4el_4Y7?YNkzIM
zyA_MhDC%`KNL|GR>Xj@}T_}h}i&^WXpt#0Zu~V$!y*|5|V^Q6gL$FXEus(T{b;Ac(
zn^jiM%`r-%z)1|11WT1j{SDWWS{5munC)6A_7^FT1<vaz5Iy)Gy~IYg=tqg|oj0(-
zMA;X%qfISl6G?Ido%JVxk%3E)(}LlUSR_!=aFdEEB_ke<Sej#A@eg&Jkx<>;y_EKF
zNU~}qAblC=NFwaXk~)TiP@LjyFL~FZxn~>U%55jYLer#7@6x6uDC3)m4dc!n;xM*F
zU-Cidyslb-YF$D^vY*NfaYSb`-HV&DS(OFRXOGLV82eAe2LQIIH|4Av%eGA^uzkWT
zxcZ!PC<Azm5-{i~hPJh6o*$*$%X`Juig{%=_VIn3ae=Cr^etYFE=G?oUd^AO#G-HW
zN|AHEoPiG8k;%B8iu3K%dMvjYhND7nSn5-6ou$w-iojd3T2cFhb#4^T39Z8Pio$#v
zCf>8#L_o)k#jpK09sYd~kHWnYvaY)w8UjIoh3y|$TEMrA;a+MFq&JD(*HI1Pey9fQ
zqC(!?2s8RA(&z{lb_R*IswL86ycTE?oCQh`I#!eHLB0XOexn6T!Yvp@wf0FdpDX%4
zJuh7KG$v%$C3eEI@nCEQ&xKYLO?m|BjT*_$O{WSwbY(b$R==UD4!;&2q;ib;YT9nW
z68Np(T^r+anv#2^XzNm37naoe6KZZ!If#T7ZzFK(@2*KV;Gk7$9b|I*D2!JbEvURW
z80obs3NP<(s66RPCF2g+!I7^+Z{<^-TjI9<FS^dLxf7^S^07J5#I|kQ&cwFOe{5%B
z+qP}nwrywU-mR^zed_K<I92DoINiVQhCi>CoS$XcxW>a1hMRJScdxEaL{P#<2n04v
z>3wEZop%B7ZJ~E=w2yh(7=U?#!aqV#&k{pDYC^W5PigmFA7Hk!pQJkTZaT#gU!n$L
zCZ4rRjTQ2H*Fieaw&Qg^p0)!=SnM8K$YwP^_!M~jLbw8TM)CBdip9U6O<VMQKkycn
z|0O>{>E~4ESa)BGqfSQ?kQB%YL7mfw%8wpdjydv;AaEC~4l@utlHR*ZR2eQqJ|u5)
z%Tn2pN^_JpeT$m?x5&v9-A67N(FwB~)k+s#d)S?VhhMsxXCgVaZ}CS8A}6{j>`ONA
zy)AK%ax)H`-i)iv+9~<cGh`>MDSWTR06a|&rp0v4W@3IJIhcOB9&M(dyx}zx6F|5u
z3fKMH3Na9})~DZ?(uaW>F-57fCuccpfwSY7HL5$i@38^F3T6OSohUF%hCbLS`DM6l
zQt!7ne!<qDv;Fiq-uZ%U2!HQk$Q?Ilhj@s$3j@G6`38W_H+AU7$RF}l_`5r0h&gI!
z`ca{+lZKaZcxP;_i)C_W>h>yg>tnz@@T|@6sDHkJDqZlBv()Ok?>j?J=g0ArcB|`l
zbN>KV*Yfpry0~vD6wmY7?GO7H;;FCGBsNF8{e0j48hJGfKE<~4%>jK3_tXAVtPRhn
zsqDstP2EoS?P}j6#?ANJ-Htr>-1FX1tncmaNKdL;A?e+P9vaQNp%Y8|&&d{AczfE<
z*Zlcei*94xqEYwBcj@I}QOj>?Dboo^-=}ZdoUN_XQcgZ3Oa8mbguVEpvwK;3Oef82
zUBhgzmtyMcw;X!<R+ldua@*N$etvr7u7ca!=aX$Lr-cqG&bROG>knP7CsjFy-lxMd
z$Q7UG+vKyIPiwpTLI0Eup75cZZKp$#a)<t7`4@Ou&#U0>SiJWm+=Bt98_$pZA-(N=
zI?m3o=CF@9X;`=IW&^pOXy$F-<6@00y-m)xn%2Y9*&=ZmC3>|^){8MOw{S1S))bOa
zb~pa6yLWMr9DtVNNQA@{?M4UxkL6ufRTK8h%+Jxm-vUGg7GGzRdQ*!J@`G+(ji>1k
zJ-`6}Ti=|jayPfy%NTzWkK^HXi`yns#qP6$?w7af(q8%ozGrb6prFq4szH_crhT_}
z@pYtT`tv%xM$c;{)=TnfXXrH`-0qV1U7zdyO*LCNP;Vq#KE=+<9r5LIH8P~U`wHvh
ze0e%F_PWB$je+w~>iu?|f3T#}>1(zN68*aU-eJW%ft{7tbGrGb)!}6xa>lC7vy?Ax
ztxn}DzQc27<Ike0qjwJer-jk$zf<skU#-bAb3=5K`bNFK>w23kQ(hnD>+yT9P2}9%
zly+Je?D)eL(c*UJY&kl9y2WO`8}9vlKO;I=q*T1QR99T^&$OGZ=rP6OxF0kve}f7y
zJnqm)bls=dKh52>_%s$hK4VsA=)TvaU{Tw$$hFDwyjv2FR7nM$MfrexvtLB<x<Uum
z^sP^LzRY5N*kBAGX4UP~zo<WVk8ew_eUyau>6rZsrt>Cr$@fn#i#^NjEvaL#Zi^ag
z!zSp2G$oInt5^K?VO*Ai_+!M%m^yui2B$mfte86e1hgQ0(v`EO(`&7O=c$%C;C_m!
zG_kuj2@%XILw{6qq69v$&>(HZb(W^qe~Xd|KYlZ;gh|7!`;IxWU!3#VE)#Oh$tl4+
z=5{RdZ=?dZWgaV~EquZ9yYZ*q4!_NPTu<KT<pK1gonqkh=bNS(N<8F8*7|S5PnS8P
z!lA`a8$4%wJC@p@MOFl)xccdj?!uf%XU2pM%MN=_ex%m&GIG%qeqqUm!p{^eVkhBu
zM)FP1m;AR`sE^y%%D0x+GMWzA=H0?a&Su_clketD!b+^iyZKUI{sepH?GS5K4qJ`q
zWyLV}zy|-jagr%|iep808Kt}D-d=$3m-R{>V&jXe@9VezRhQFs<mW@+O&6B^kGK4e
zDx{se`8WB_eRuu5-t4~kL1XOqaJ0|$z_@}yDots>bDnxC;pDG>Fy6o2yl@723KW(+
z?NTIkSm~gmekMW!7TD;1bc2doStw{5p$dJdEg_{<I+7sWJ)u1LRa!Wxz<$zxwEm?2
zrheo-uDw$G3i}lMmRqMizCGYQ!9Bt~=smrll3=soli-t}KS3?Qz8Krc+i2S;e5gJT
zzW)@xpC9l(UYGzNAiuffe8i0YE_B~++W7D5gIV}XGM#*#Q;@19aA%1+QltO^D9_mO
zJmL|<-NCXv<`c2uVlui(?KY>g^=K_iJeEdh9*?`DsnF~k(CW=rr@X_-aAI)C=R@EB
zS5mCkS@J4G1_DaN1OmePpCrY9TeR-~Ehl=bLjzDu*5#Qjm~R@D$+8+L6O%0x9D|!F
zE%G3X7K$x$8;fR%LWR=F7FbASg%C7VQ2SIxYEOxnpd2ai+!bm>Z-LrGbWjyK?ZLJ0
z20_shRab93$dxC3cHW;}ytr;YGJj4|&EBoH7SBXshIW%!o6m>ON28R2i3}Qr@=l9{
zggTfHp`g2UlepthJA#R)!+P66wzlMYHjte|`U5uh;5_;%$lSbyWf)LTZ{NWHuCG~J
zLgPThIM5znc*AJ$!C=0Fgbf3h9IYsTZF`c;Ra)m3SV9*PRJ31QnccMl&D;a=)W0qa
z-Oj81R&sFEDS`mgqA|fh{?R?X^m-~#<c2Xj1x#tBaWyM@Ft6O5cuc>-Ombl+#gSa{
zR%nCz!Q9CM2nFTpn2}QP@o*yE8GGsa&>VJEvikI8;(@@!Aru#H(78H&`m%n*y9R-5
zt?DR@1A7EXzy)Eg(3SC?Kege;s|Fy!fD4`L6W|yK1t{+$=u0OOhJg4(O{V~{TV^&u
zfbEsi$M2%A7vQx`cl(6`NuhoMQxvt2VBV7t;c(Q-I*Jo4UPW;fx`%K34V>7>N8QEe
zf4_YT#O~BFT;j9XL*RfcVsd(S|DHECr_}~)75fqy#GHpK9h?V7@MdM4ln>v-Vvtrx
zLdyq<ikq23fttb)l6+l-PI{CytHh3W_udnsN1ex?8@KI8F#mg)3d9f9Vyk~>?>HA{
z&uaKvxF7T{l)MBP<{$hFZeo91?~;`T%3j{{7m&mXwsTuEhRSQG*UfaOYAKHVNQf<@
zUSN>WmI1=G;CN%xSoV2I@ch5}D(8|?ElBrJ2p*gLQ1#LO67YWbxj^(Z=3IbjDEIkM
zDiS)1C^?R|bDBO;Vm*>FEvSAlm_D$v7WA34l^x_b82=Gs;J_zF&`)4jCI*0R3W_*l
ziN_b6-Xg7pk!MoHv&YxNQmYUc9b)y7A4Wg@<E+2_ATk0BT^XF@7O)%YwjvE~5IM(n
zcG{1x0$R+}P1yUx)SKfDB<kXvgt&!N$I1;HE!HV`aIk$yJ4rM5*6rx%&x{Z{y5x4m
zzrlL_=@o&Wb_2QkhaasD7}|QQ@Pt99;KHRKGagZ0C41*rA|bi&9GT%Ig|oN220iu9
zpSs9<G#IO1S_;%frPZ`3qUQ#*Qg{mCv9KsA))Zw&O2HWNO`eVMhM-Z4-=b^K`JZ5Y
zOGq%uW>#-%LM#<+usn)Uv7I3Xsiws-MpuN~21cr4lQzo?yFo`cgoAAGW^8uERADxr
zK6+yg8S|4HXd*{&q%##zCd~4uwSo!*x1CuAd%dg=O_i-8Q*%i?dBgon>QLJe(Al);
z>=l^p5rj=h3;I8cy4K94a4wlcau!z*8Np#$%2#3;L;AI4@H92Vjh0n%R*UG7(k$8;
zt2G7z83?~{ifRadQ-*h8nL^7;jK*4~E_KfJcfbQGl1f5qffRVEEVkitUkyQT$OiEj
zP1{EwG1!w--+Ahi^e4cYdBz=CEBp0huq@TZrm!p3v&PwOmo>Ao#KK4l7+)TO{Qm@E
z!0JU3qFGsqDpl;gsBKqRGmC0aWwbcurk5MUPz4^JXl&btP)F7P$(Qq#1zuX!62pxI
zc<W2_9-rYHS;ArWDtpj~)eyg`z1*{jkt`4Z4_B5RKyeqfR48MrwP{#akSBf-r6I(2
z8UBz6d8i!jzF7QStWYZ3%e)UY-V|l6VY*#}f{F*`L|vfitJq^wAILQ27#3T7TfKtJ
z_8V=ZQTv0^DM}kJ%wihfmleoOy_IJ-#8N<4un_K;9uA)rZmKRdvyo9p*(frlY}9K)
z_PZp26hfMbG4e4LoC0&wnM<p0{>(F*X<k!GzJyA$DqN0PA-J<kR*0|-6YGX7sRh!A
zNPDf)9hn6S$<!#w#2I36JS;ZJ-^fIw?h#44gv15Tthr1TeLMH~N?LuJXapPmh9!E<
zx|+GcwS3f8&xU<BT(+q}2|LO)P{Ogb#hA+|S(l&*_cC-bFzXwU`^lGa;_oCA5Zz-8
z4o!U9Y;9dsJdTo>8OWnS5U1Lz0gdY5E!=co$Sw_A<hUWTx_&L2Fo`gVxKO1G^XVU?
zM+R?fRUyQp;W>>(cP=eSgrlo3Fbd<l=dM@i0}oXGP)VCV{wWK)L%$#T!;SI$D2|eh
zW760RL&YfmU}i}tEkKZ_X-Q$PSuU?D$zW@_2ddChry|-hB`C-a<b;X)amY$yC3xVG
zMX;aVT8*Q7p~_%`E}7YIB{yMeOg=MoPWze7Lg6;|*CUPnHD*pj2)h??MD?rKPdvO;
z;z9($q`7TW(W<1qwJx)D2#!4Kv}eKyqC8!kE0}uxEgbBRM_j}JqV&6rMEsTxXei>)
z+`O(j9<PW*9HCYQ3;KkjhAt`4GU|Fh%^XD#6O%b~qqw=@*A5940Kz>6d5rN%Aqntz
z5>lTBh?=4RHqRxvt}GB17Gsrawq4da&%Yq5R-dL;r?RuWXt=jkU<jOwjxG&xxfQh?
z3!{@$jo6OzxGByHSf(B?MHn*DywbnrRG%V++4L_B9Mj~lO~FW6o4QqJ0Wpe}FG$xm
z4PX>H%mc#WN0D-nS@eArp1x%`^D0wPjYMm<1GV1U16oM<T+6;{D7K(9yx0zYyk%bA
z<niLjq(gNS8%8AtaS~7|qoT7WeGb!L2~8k#F%aPt%0%P3Ahr#ljk!_fR~HJ1ShDt@
z-ig19zsgK|6$6MTB9PpFl_p789@M5Y9=qbS;^Jg1s-qv=5;64?F-07@OaA__M!qf6
zS7n?zAO!!EN{TS1G}c6{QPE%mrIxwcb7x%)lQBtQ-tB^eVG$vjkPMjw+dLxD0DhNM
zNQ>a70#!ADj@7`DUiD{4^K%9nOAr>c3y@F?kYsM`X42@}OOj&^1P~b$-GG*_A=n$8
zl1CV$mCA#Ps8Zq(%zL<(`m2%0cZLu*jGN;Xho%&Z!wVNYu#C`dTaL1GyXs9dyiWI7
z;Y{SD`}b_z_wS3=Lv#ZhH%Vv`Zn7d(lc@pytpq2>k)H~1s0prdvdQ$t4s&$3L<qC?
z4HJkx9M!%xKpW$-cf%#oqV`qEWwHS!MU&*VAcM~}M;VjM<v>KeV4G#z2PXK^9Y-#P
z=qPPQAGau4r%jyD&$n4V07NF471;pW<pu8!p#RO>Tol7fD%2sl=#z(hH2oE%fA=bf
zj@Ek*RFN(JFV>GDd`vk;$w)V7+gnNsEROIeKH3k4ME6uRVNu!QYxgV-WG!a5?2U%c
zu@>x`LIgBSY|PujPfFmIa^2877;)bz=RX&_7y%IZ^_<G>j-Q@KjYJ0|P;8T*u{V=|
zIV%?B#nt$mL@=(AWUlJaoEEsEE2+rz_M^5li9ZIPS-)9;7Obd)Y;Dq_=#9A7msp?4
z;FarCLisWP*lJ0A_^;9AqxI+T^swFK<iR5iDJP0EX<>uDY0-f7?2z3sPO5iUJyN-&
z4JI$7sVzb_Cq#Dw4AGp-ABwRH{ks4uM4+^c(K&D_N8P9eSR6?E5EK|uX_Cc=AE2yF
z+@O+(K;qBfa-eV__(Cu#AgRQeRQYi;7z$_!(u=~;Pr>`0rqmgbvqL8=1<%Z!sMZJl
zw@hdjmFLiZb&mJi1c6b|A1uQL*l#`i2(LJ#{C7WOGEDd<Y6K6o0z*t}mpw#u%V2NX
z&@75E%J3@0A9cV>V`foi^?+=UMS_ieCnFr+@+kZjn|2(G9IgHHHL8cYugO+z(~-9}
zwrSUD8aGgA#~g<2X%6eGdLIl0FPt5Wk(-zU`nWfP+_1@!6N=*v&$~<t_ck&-jctOQ
zJ9%D(P(U^qi`p_K(MM7#-T8=5HqboK(>Ng1x<o>zHOOm+_~B%n58@T}s1wqXu@`ad
z#mcx%=@`=F1HBCr^c^^jUv}Ee?<VOg<1k&y2dfjgS0*#?&#wAS$Pn}Ki%Ifn{kO}j
zd*5TAa`MSG_Yt}(omAGK%?($pv)g&J4Rg<T-DL)-Y$z2C2BIFo9L?!1yS&9!$NKk#
zYYzwc&3>?so^ek5S51HD^O_X~e}eC~(t@lqm#0|9yzbe3Cas1Af7-`>OS`N$cY>Zf
zV4%Tm>eJ-lz3}d1CUtOp8seml@}p+TOVZ`&aGKd0t;aWUO>Ie}ile3a=5OJfRSmzp
zPwdkR?vJj|eca1hm6d!KGb#1s6Z#R_d!yN>(uJ}f*RPMxBkY>h9fh0C`l~gTjVSEv
z^#-@T{ur47+^vn{t@h`N#?GYy*KH49kT1dKdb?PY?5g$W?~1|T=7<z2?BZq}--Fvx
zqv4>!J5F+Z@9X7`hUrOCy1$`zKSZ97T?MwP?Osz(v5PyiEtx%xM}B5^RqI}%i<^nB
zYgQUfR`>UIQx3@D^Vh37NW9$ydmo{C8ttZDmRsGm?^jkOxZftr`#Eep+po%7-ZPJr
zI$C=GZ%E#|ESn5n&-(k0b8jPrGM~+#>)G$Bf(|^brv0({SX*o-lO?z2t{$Cq>hA-#
zm0FFNDsTIhhl-6qnO;5Td|NJvcyyS$N^S$YDhtV~fzI4=T`8a6<m76)=O3ph`N>&U
z{5+K&<GwFP_$|5#kM|=@Ih7wgH?I{h7`2?9M}pjEx~(=Q6mEwXH+-v_cg}sbc{eNU
z<k>mO&(B>)B{xiLcxf3uJ{L_G<g8s=tyU8c#5q6iON+_q!#y@T?bxu0EWAxudmbj7
z%xr}vG#sq9k-mDuD^NRi*U0$Vm22)>N(W-aXIq;ZYxLHfyq4D|S<5@P(d<37PxCfY
zq$A55JL<PvW*a%RQ(mX~KLs^slFxGwR~FppEk0cmE9u?(cgHjM7MQ9`J}0AV(FG~p
zTU$zcwbsYopR?&t7;Id}xKGpGRaUWQgHNF_E%)#_EI2=B!8iEZ2e&pkKEBsH%H!Cq
zg0|<~15QtD&F^P42j2A6^O-cQN8xuBJEeS2awCln3$c}w=`SW7W;#E~*(3Ph#|@F#
zmiUgzD@SVX+&>xsbBmqBeywJ5=Pas*Xr5~L8|=CKcc1rkj|wv1N9wnS1<~NMH$C*9
z)Q<i80pjkh#6u5X@9o`|^U%+t#ix4TF(<nsiw*AdluGyAB@+!<#Lv|yZw6MU{<URB
z>d%^&HD=!}Z}<H*VYl-odfzs2nsv@bJ-44wC#ecREUnk=y_wSt?)T#q_so}#(g5#G
z<IIQF-uKo;R)w<Z*S+pCX4mmD^c4!V%Z_uGL%T}rSx)v?${%{DXKXrO@58(<?w8bW
zpMmk~W0bLFB#bNX;iRt{$m*TZ91gFVQ0+ypmDB|{`L45G*@8wrS}Hq^e;o$72f}(z
zojKE=&&QV^4a~OuKcWYV1s`UdyxcKGxVN9l^%vu{#Wg<bb4d1kyiY})*at5vpSBS@
z;&<E>J~x9m>91c*^2;MT2^WV>Ro1ajR>s(XY7on07b+94%MzjO4)qeaQL2Z?L!Ia+
zSYs~$9)b$hO+U_C%v)eNF>;jeI@8(3Y?&kVZ4bzu=$RQRbu!TkD~3-M*H6Pmh15ZI
zmySB&*u@>BP(T4YiL*pR>Kp!#yen15t@tq4T5Jz&+C;Ub#qEzk7w`{2wEq=Ex^I<E
z)TRS+g{&RU%){#@Bwlr-)ce?YBXDO8VbkZhThB(Tz2xFX0FigCrzEs%mHRYu*ITm2
zmgZ`qCiQOp#n<Mev&~>7SaL%fmXCKsADvk?B4lU0sU~@|VC!q?sX{)TU;Fb;e1fVa
z7O?p>$c&FycTv6Bd0XA>GJ}@cC8K^XJ0mm-QG@R*{(<KE33kLqt-v*30LKDml4or!
z;$aSk6)r}If)#kLNLVhkREi@jpr#TkrNEmWkUp!z0^gL+IqIKjj_ycI50j6i8HS#R
z=M1VDm7J$FJ7o^uj#4G!R^T;j+K5&qcrokQ2+SLSCoG>^GK<iN-4&)Q<~8f{2;+(J
zg^MdVGRJ)i`UuSxxGhSq!0-9)`yYU2{NgaP#XmsP`X8YAKjLDJ|BxvcN2CAUv#6u2
z_pdwxCwpzJx#LRm#g*Oy6<@7duyD0fr@WLgtr?HpeqW=Mkgv7Fjhl9*V`J<3s;MMg
z;uKUUpEowtH4i?*7Y|iZSte>&gb<1F8~Rp2=}Azs{7y6)dYFHX!-<AK?tbd#Uwwq0
zPfym`+UMY{H_+{~zUA(nzrHaFkp5qy?s0O?33h;zLxoQ^L8uJ$3I<?o3WM1H$V03T
z)8((utyYZ<Y%}*!qV~k`rr{*vVD)d+nPw28#3~|2GV1AaoHZL+^wRb-v<J1a#D@E!
zh)YkwK9|aPhrn}+4%a4;^nSJd6dJQirzo&t-&4XBG9ZD#XIg)&0}9aqAwMMwhkGpe
z^7t~F>GQL07Afj8W6fbMrCjv#OrBC99A(w0U+Q~x0YX)>AipV7#S`_Zp~>T;elJpD
zSfZ4}G!PyidjC#mgg07@b~%^XC4p&>nI?B=na24Du?HD?b0^xyHRZiBM=OKh6sRv2
zh?VscPDqF?tM!ov-KK?iXUFDPw(d28@5H)3IwVD-8zwooUO%5~P8{s~wM<R|?ehyn
zj*qqvc3tC<fomg}zDm0drf0}Pfd30)a!w;I_4p4^Fh{Z?RI@Y{>LD4qpr8S3Mq@c)
zE%B{e{lJ#ev-+k)pK_x@qf#%0U8JKc#@)}6cKPz-`lT%eSAjR_xL{$V=%)=T?j*+0
zGX(}QKmO7&@wcZ4jVTOpMN;0XTE<L9u|-Dl2>==!+jeFXW#e`i|0D&`c(LiM$}8L3
z^doz7ne{y~2REG;;QlIiaOP?Br@;F#iP#C&?YI2YOm>D9urhYi4706|nF=Hvn7{l$
z!UCz94Z9hrh_7w4Ukq5tkG8wjhPcqlM~eI;P7O|F46~rP!K8z?;Ua)(9hHfR?fl(@
znj!3_qZ@o=<ZO5r-7GO=X@OnECSkB<c0>`37V+`C%llw=Zd2X=TCJqPd0Q{z#`nzd
z!-6*1^Q&Yr?Q3W1JKM90XVXOhaIiHLTavhAnZ@tkfLnsjHsy?q^Y(ZmeEhOD3Hb-#
zi<#fSgtQ>I!b{+|CUn2#9s3T^7f}7()cpC$t|!ZX|J?3&c_2NZSBUb{$?$eRx#`tK
z?MwW%ot<#04~yXKrcc|-`D<<q=#K8r)*-7^_Y(O-MCTIY2J%0f(=2|(QcR$LfMnqQ
zKNR)<d8B%-O#iLJnyA5BqpaZeJaCWPaCSRBbEe*CJ0j>!kB}k+k$}-5#26G-S&Xx&
zmNp+~2cVo-fBp@+28Gb_4^IlSu#)??@*Jafp<jR+r&frb@2c8jYly$DdCE0DtX^Sj
zqSWD%zWVH&A}vu`lykFn^TqFb<6Ck8xXtqnaj=07-ng-&zufF)XqE~wz}n)hBL5qC
z)Ced}mA0(ggDA8jc0bO(kv{8c=unp)o-YFs&M2-YV>Vi~{a1k}b62{zu^Uy}Mv>WL
zDjN(NW!F#lTiuXHo#C5Me(u_oeT<+D{Z``(>Ac5i+88`3Oq~TcwFFT{bkSosTnTwd
zWBeIyBJL%<q)BdJcDw~XU6v$5yQ%VFgy&gfM_SaR^`Ug5Hdo%u1_&@WnB2`!R~j;J
zmgHl*v+TvxNW_|M?TB!=paMyaQ?Rz86Y7&7?xePwhv`L;r)e`WVN%bAj)9$;Ftm3~
zhaUB$*;VjX+hmv(o&2K=;c^P)dDqL6c?Ze>rT&zyB-3BH7n1lu4|y^z36n<=E;i{T
z1QX9lizyaufq|(uJtZeQMi+QiZ_zHXGC><!8(96c!aKt;=ls+a0PDlF>2k6G*RDC{
zun)4SsD808iXVbsC>mVfahZy`WEgeUoPHr;0Fj|cjQb+NFO8u%>+HC}aym&RQ903V
zAF(45b~6fuaEtA5%?Jq?LNPehp-k~#Yv#FO2o&jmo`{59poE%2rpt8|qZybKLP>|i
zxKJe(g5)Hl4v8et{)Qs2wPGP7J<VW^pCEPYgl+KjB(E}JfLfR|39-~8h+6Q4YfcxG
zrrmU|A_+yD@nCYqW(HsaUr+zm2(uqswR_;$0`VFmg`(PzVhqhKmr&u97{g3JAmnmD
z8OkyVpbCm32{p;UIX0$H5gNv%83KRivJReut0Fjvm)v2i7C03B6$wrSv#&B|r5)-X
zKoZ26A(P-9Snh;eU(pFUxjAfOuU=WddZ3gG!H=f&9MBDcjw9sSPW4al=L|=bxiyg(
zFJog20>iXDG!L|d4KXewCZXOU)R3hDXw<WgrM#&i(#zfHqDKax{^4%5Z-I9tZdvKY
z3vJYUilmAsWZN_}kuj+I6PLe-P$T13?1x@*#v}osz84JfEL3(R@TMIBQeu+~10HCD
zX~Ret^wk{0uri1I?3!Bjp10)Kpn9umyc>)p5KxV=g9iD*R}sTfF#QXZ9wY_kRu_hI
ztC(eUXObR83rI=ASOL2yb7&$L2A!TAlz{otP@1O{xfq@v_-UD<GfESg{zJu#w5Ol)
z7L7(17)9D-uarTWlai<JPr%^9yIMf^!%$V>zS{dDW%uTQaPW~z6@o-9oOFUhaiP%3
zR{nV<RJl)X%FSQDDupbjdkUgRYC>pL<&gN(CA(d;**rachkpjEI5zUlOWCg;rM*9O
z?nRtaoqEn{{vwTJzeQ8o(TGy`35GN}En|W$HG6v@1_ZSjXdwHTV3Ol4+SYr~;w(r}
zyM{?;A)EF5w&AtIi<skls{Bn>_257JO}k^%lukBk?w4Tni0@b(x|4^NZdJeuiSuW4
z6lfG*J<(SLmS^Ic9wEXLv&qhb7$53f)kGCaz-r>cRw?sF{h=uK+@Mm_D}T4bz^KD|
zE_IL$WzwZ8awI3&(@X(~ErC<%QP)fQ*(0imc21QMZ{a!lM)yO2b||<(`$-ncQo~!r
zUba;#CRGIA+4`c9(z5%w0{uIea{D}k^~A}Iab+ancMdC$*lSxQqX+kFLfK2%JT2I&
zE`Fo8l;RmPAVU37-{g`N3X66=mC<dV-e-%$U^^FFltuY81v>yUOj@^t6veV)#sz?p
zpBK(}6$$qv39_QvTY#lJL-RS;NSjwj3h^Q>=#28p=xuI<)IWNH??S8slLBG;0c8TA
z@78mGwIbH`YI*_Xn+UJyT6H1qHUN@=k~Ke>dL1K6F3{9)uzLFUEk0G9td}S6RIfE=
zR#_%BjM@=m)4g#a5<$*sdZL%pzcqoD(0lN9Tb5PTXh+Mn>J8~3618})Z2k_xCc7@C
zv@jIxM42{E=gVDKG`6N$b*RE>Ii7%Ab!_jmYuw3nQ>)fahh5=#pPw0FJe8GR+%2qn
zxN~ejKyQDahTDn{j69>vbOyIPi`WM1a_g$Tn0xRzG<3fE()*s#V4J1gU)SKa-)7)T
z9MFGXfZo5M&|72OW`1oMfrh{5T>p4~z2Xnwd|JC79#r_Q-|n5sL+X9(uK(@ndV!$C
z^F~YRo?Ugm{>prrI_c8mS@SA++Cr)MkpFQpyk9=VmKFc0<I8xz>cjom=6$<QLfmoA
z@_bHVXX~Dye}6bmu?4ujp0^nV+YD&sc<pDMTOpEVNAtZb>G*ax9TkZGD{g((@%p}6
zW!-jaq)sUG_6FW<6;Ej6s%&B@+_a2D1X9zyU|n9bUxsr;pJ~E?;cUI;NG+bU)uIpF
z9f;npZSQTg;pcXx1DqSKEp{JjrO<ym_+cd$zdy;yMMfVt@-4*0KXhOJy6gqAcD7#l
zI0fKjHaWsswebM>;F+F_*Y#}%fEtQQ_`y4d0u^8RS>6}h?Y_r3i(30<K6yXS^Ioz)
zSw6e+LIL8VFY-AaCL*6FrvX}P<kIx~U3;lF*xY(Qr&@PCA{{>WW6KF+yzI8Fl*98t
z3r{)dFGnsTTl8H&tE;R>SM)tjPx>1V6~3!p=a(BjVeUU2cCX<^2Pc+x+k$=Ry^(SC
z)I|esSPKK2U#uE4=)%iL!HWq57DO50QbfkoYhuj_ACife1Y3s&^$9#ehJ~Rd;bQL+
z5peM=b7K@^2{mz`#`tes9+^0VBV#RNZlfFnpa0QAx7;yk{q)Zu4x$DE!v3F3;{V&$
zZmj_gz+OsQaUY&**vAmVI|BN}6b=R!HA?bpRT4_(l4BnZ;@7w$(Zu|!8j)562}(a^
z^{?DSr0GAJWI+{)&0ymiF%T4um(3miO3$Zg>+@U9muy?KHfOFaA3xjJ6H-dA(ND+T
zJ1;-eFI_KW71MlfiWG|;Ch|KG4Qh)kuAxH8^?3@X$z`f`41cDU&)eEdVm&gVgc$Yg
zloNstS$Qs(8s21sYmG;jOWc=~Y^^zz9?o^gu%Cv{t8|+*t3#-Z?)LW8tE!Y}|40pK
zb}fs=ryNTiY!jwx-5g!4`IQtkH0V%{ri_F{4Ae<?Svr_I-6rEw{SkL^DbU4zSq~{c
zn)~NVCJMAE)rg99o!63wn)X#J*2haiH{=<PVNXPR4!=7(&_s-_yO(9tCOu%+i!ezL
zFr`*_j2|@L)djGt;5@(>d>;31a3xYNb+U~KQ8~97_!Z15ZRZYLENgaYKdmSI)i~>b
z{(<7*R;!jaDnXri#m&r5%_nZtWcx#9;<V)HK#?MDjzvuNL@>?uyB`dsO`<Nj%5&hL
zNV}<N7d{3N@{A%W)P?6Spl#QLy6s(pmP?mXL6gj^Sim)~#lx~%>24Ti9!pq^ieI;i
zNNcTkIbD#^;>GgKvQ8<b{_5@i)Eq&m?c9DU-M#FvoK=2Gb^;A%&C>(K5X(7{jU7nK
zWVuA8JnY0oIYj!XPdl77O!!DCkELlBZCDZ4V-=^`Q^IR1Lyf{L<KGH}XF;H@YRUWr
z{4zxna+)#L(&L=A$$1dD!VaIJ#_yHlG75uK+8FpG_;~%WV42@31Png*o$6E!Qjk+3
z7IFA@_t@hHE}TwKQ>8*lH_QP@_zd0>3oKpo%A%ZiSY%yCmR&YDppupe2r7;qh-;Ne
zBNZMs!;122!&=<IZu?WYiH?XzT2FDWI6}s#BN0!hv#;vix-_vST@zFayJ)LH61zWx
zR?f=RT*;!V<ct=@@ZnViq)VEpW$~i(sf>Z;X_={EHBne(H1&6WV`^_!#}#<sg?k7t
z0n(8qEU=1{cH?rLW)l(sG~%PX!A3=#s>I@`WY_~z`I%^&Y-FJP{m3_nKUK7PQ%hnn
z2L(yX?-EU&l-l$YR3|QpaVhZIn&+fn_lDqgidOdJ{Yk+NP^`tpFPLM{)xnYRMF7Js
z!%wcUz+#L&x4XUt1Ro625^~Tf*#^0Jxo;bCbUHbrSS3j(D6EB0Qp70JKx0zG?2HVa
z(x?|^BdYX%FxKQuZ8-ueKl|B<z$yJsU7DqJ^E%WK$EB%;_>Y>$kZt04$Y;GcvZWAD
z#euxp%7@ySRKlm7X$1+Zp&RgY%E{!IH^QlG(~uxsguPgU`?G3WC~_R8FBCX7?^#xw
zKd~JT&U*|aY^)<wK@12PF~=|%_r=RQOC|CRvU7-MY1McrpePJz0e2)(*+hlvo3caA
z>BU|#bj?Ay9V@d_2n+KNB$mMn)P~p!Ha3w?E!!?FtW$M5ynCAMtBk-sRv<p?yRsXX
z(v9lh#8R*v2MUc#jaybOb>e0AUPcN=TI+1S+K^fuHXX@=3SRz5?!Onbve<2GLK}_Q
zHR`1=14(0=JGLC4IBi?iCZjI`(n6-V3*(NkDB1H`+VQ#8@%r+S?3=py*o(4(*)1PW
zpRxYvoeiVdN@oHoS-6oiaP`N)l0$(!+!zk`N3{)Tn~X4HG8;V(8QrP6QYF+ed+Jfy
z3d*w7ExCe624DHy=g1;vfM(%e{4KRQ)shvj#WZNxC#y6Us!cQSg7qI5cPGLs2y4(l
zjSZ^qzgA!86UZ#LnoN{y5FWEaN4u;|ju~~<GQzzoj#3$}1LNkgwkzm4j$vtWj?k0_
zRA4$1hYC5ft!*Q2RLKkncd12gBiFN-N^+n4Hmw(JUnbC+pYm~Bm@flUm#HPrePK{G
zT2Pcr#ACxyr9>{}k!2gu9xB#K>ytUWm7y^*cE)NnW&%wcwSKQEefj!{ofLdhcwYPW
zPZ1nIo@H=K2Zd*PR1<1r&?6%Wxt*gaqQEPpn3GTp*xW4n%xzSMwqnvr#_CA>{T39l
z79rXfQ;2h?K_wZ0J2VONI0NEO<XfsQK2X>O^=!bGLt8;+Twtoiur5n@3ETfnmxEuu
z@z;a5y)568qgc|jd3*yTt%WlHS6JaU-rj@9uW@IfC255&^z%QpM*ht~GfOFsTA}H2
zOJg?F0>vbgLml0?$>Z$UASJ>xJVht!WoF&_S+jw`efxYlJC%@i0aS^WcG|TE{nOX_
zHnah^4)xv)DyF~Y8yI=!PoU$k1uJteDf(i_VT2qSXE2b0(V62#iaP9@K>I;VMujX!
z83Q<xB!JG<bMOne{}Rit1W`Lg=;@V{E@8-P*qXwUpjS1&m{%&-4#lYhg&(ZX1;;Io
zGM0-d8<^3b3ANPTrXys0=mRRIVj-QBYEcMQpkZTfjw35wM|2GgC=+_@Pet08<lr(U
zonH;T)21<IoQV~?8JI!`ri1HcPlJNlL&u>fk}L~g0~ULof5)$xw*5VDNq1IXbQY?x
zPJGFXB4n<km`cbMr&Nf{i>#0TRf(-e8=z{DQ-alWz+!0@UYUjRT#<#csc(@@v8wbd
zR91(NzwWR2i60ML#^eD^YKzQKomOoELD%njX}~sZ(Ut($90iA_yqae1kwJzF$0td|
zlw{ZxPB-eEMsZzHP-gM<1=+k7?%?6!*HTvHA}x2=4QkMsr6G?fV>XxxYUWXZfm=kT
zUs-~8xAsz+>>jshEt-hns&-C|c{wxH0-lB$wMy30DAxsYB?bsNNcqYMFHE_R0yVgn
zB&x*Y8$cBWl?{KHJWq|Xln*)y*%}S39mu78h8f1vFINtQMi^Bh^ZH>SY<_5_7Nj*=
zfJ3!E%V1sNPM~~7ij|^7ay%^{3n9o>Kj-Ly8O@d7pa%UCF5mCWI_HHwEiLddO{rZk
z&7+v*0jF;|p!b(R*2RMp>LObJmwfG#i2oo~PK`}~C(^u`bZHaJxiz#)xBeHBI!vkj
z+b00LDKM7~=@KVjU|%RlZxQSXwQwd$0fVyCiF9!&APdsp<hRfI9)_0A=RSwcl%?Ks
z9n#9Kv3<SOY&Xry3f7{;<Vgw(t}(@km1>!Ge(#FZtxG@_;%!1M%f=97<q=Ow9WYqN
zb2%m3j3v#=7-ZEXkPQCg8&`cwM<N`C7a;f?hwV|+w8W(p<5HR8?QDxDXFE+SVM^<-
z@@8XqrWe+P+dYU4BqJ|Yq@ja0P(>(d(Qa|o@MG}m(OpUy)`K?hm6-N=SZxZq{<EmL
z`T(IO3di;8=_1C!8YX0RLn#7(m7HL+HHmP54hX;3?vK3}6r*NnGwXs)p4uNc3u}>D
znp0}zP(yb5v&C~~&7qK}TcFPLqgzGI(E>-pnh~Mx+`6Y?+;izTOG{@_5$C{-Pc^9r
z<VH2APYQkW@EGXiz;acFqRR(HRV*?G6)<cPn5fm$hX_mAW=rXSBZIrVgcGIYKWCLN
zYJRh2zn9zHbxI&=um_yGQ6`Pp3KB$d`6iluDab;R`qdIvcAs1I2ax!1X;R(++H3WZ
z)@vlIP>T8!CVV@KD#bN|Zi>lgrhUtSCvXya*AG)tp6rr(gsTw$Zh};fUS9H(D$2w=
zE<qwmziJq>h+(}46}$M}@m`{2Cc{aYCmwvq>O;~A33oY9k7g|+1t<1^6~L!SsV8*N
z4!KeW)x352M62+Qb`|fXu>I9Vt%EX_osvNHRHDp}KlcwfK!+RGuTZosmBsR)Pt3-e
zDZ-eYYV88NLdb<bg#Go?(`1p4>0GSOQp8^|=k6_97TJcGP%j0zO|sU3Aq(`bim%5)
z2oN#Gzq~pXpaZktMzFpAkb&kvZ?HqPN|q0_*TC1)1pVRW*DWKoL$+#qn;E)y0`S=|
zc0mr&PmvD^FsA!+y-Bx<hNKCaXT#UirD2ZWTAhg+FQ;8rc#U*PB~cZ;=$f;WH}4y|
zBxhrkvx!^gS2LWSE}S2-$xL2CLO^T8dQ?lC?xJ1gyh*vrI_m%&;`a6_hZaSP8r1>5
zA%tq)Gjig_4t{_Trbiv<P@})%e<CEYbMoMo#BxF4K)CuupaWJt^YQt8%%e!TNpN)Y
zNA?k7O{9llH5x4Bjh>B8W1#tbG{8F~PuTz2PoLfY$`H;whhLyq`W19piO03WD&bos
z7Ome<;zhlfaArzN(cNillxrdjBL#(>7^isvzgX_EmdEx=fPKBJ4!01&o28yE_?dW>
z7H#7M5yFfhQyo9*MI6FDT5B4Ael_sdg&ND6IAvoRuJd3Rmf|KaA1wF-$%5RN^Tv+h
zI}W48C80-zv_uyZM+-4~^)OyY*5WxHGF;30C_(<G`9W_BEZcFP*N7#~E6a1L{zjiN
z&`b*8TRjeX4G|yXQZ9}M>~ez7mxqEczc`=)E9?2%vb>MN{zmEPE=b=^*d3~0@9qs{
zDrurL>Y7vF5|8v*weOnLiQt(vhkq^8d%s=Y^hYx3>%;ij4VsLA5pJ&p&`oVGfTxjz
ze)&KU?RRm(=iBa}X*~D%&3^HrnjV>qt!nWdAobvsczj}<o+Fr^v$V==>Kj%)(hB)p
zR13SWvb7BCPhURDZ`Gd12l~hF_q1f%7Ske%_z2`_5U<0C2Lcy`=nU-fz~IyEdGOe}
zi*b#xy&G85N4`E{fDLHoXUL2mTxR0Ox^%!5$*)%3=Qrvp<N_{$gxDn-T3x8|pf1{_
zfkYzEvusWemfsMRb&Gy15;RfG+vk&M?OB|!N<de2FJ6+q9n|x05;4Xf+MJ%b)2B%(
zWb>MVol~9ViJdq>0E!?$+Q=>+iA*kjew1Evvt|85r`(RqdDk;jlhW(wU~~%LAv`>h
za`!7G#i*0VKP5=>XrQ`dUdif!`qV(2>(fSRYvaE1*2erhX1JSn28MdclCVlobo!n3
z88<VI>wWKY1F1OkGfQ7DP#W7{ey4y@WXYR|G5&Z5_qt?~ghuI+BnuF6hJca3qmz@Y
zrp$T80C@_9lqgtEFI!Yg-fDUkzfwudP)NFMHhAF8$aB`(h^v~GSG7y&Zl9Qu2l2zA
z&7*0wgK~LMTN)Gf6*$vVa;;5KW+tHPmm@*VEe83~V2+Njq{8eN%^P_zQpaKXS)e~7
z_{kJ@qtU-J!1~GS0$;McIJ6Uf03ntnF1_a=@Hy#xI08W|Y(}n8b2D0_$T-9rzk37o
z43c<Y`2hmv)1D*1D5&SL+HrxB_4)Dc`dP;mg^=y|{z0S?aq!aR`o3-$HTa4M=A~%R
z1yzZUW^~^$hPXV!_4YyX-Hpn=xRUq+dguF#u(c6$`>P=m{I{k}{Q=7}y(N0gH+8V!
zFYDyRRYYKfakSje(u|+f7z+-4EUBaHV(L~F|Ma3f>KWh6WB$UTJCs(KAZq{H1>0`7
zUwgrzNGby9NYBM@@=$xAA{bDAfcMO{K2H*$X7K%T9cP1XA6S0;kbL|zLG~;O0IO5J
zoZ+{Zz)<x_>Bv55$2|l=zQS7|dsvIlJry(70p6fbuAjfYk<a%F#@g*)#g~~PeOVT^
zrhU=UMtlqE^l0~bV(5pAUIzP6*<IM<dv(5wBGy)Q)x~RjIu|#uec%I3#z4F@e8duW
znn`vhrT{&_kvIUb26NhP$Yqktt$^+KoO<5UrqkhtQ^bI-{PaM=7H!XPxBDF|i_f_~
zhPD+~P|s9N&`z*xDd)^emWpKNicH$8nQ@w_JBg+u`RCL_c6011%B!JdaG=$qy*?O?
z{jD(>X*G2}{c9kF7Xt4$pb|Y8*6b21#ESTC5Bz7PE>ek~?XB3)G|sQ&i@AJ%;m;Ax
z6?_+0@lT!L<<fgU3O*Yn(7Lh1KU+Ef`bs_QC=>AmM}s_?Z8GJaiJ8CWkbctN9yXO#
zO@=FRyTeBs{vH0_zvVx;a(R00X>AbPHGRDPxj6J)B5qjvI<2{Cwgh2fH9o~Q7`c*C
zs`x?o-Yq(hm=Nd**RiOpqJ^3pQ5_i<i5c`MT`(Jsi4w(+Yc^9rvm4uP5<sy=c-%6y
zgw<?M2<aAT*;h{BazfWAn=Z_rPfw41H{?FM0?8tZ;I#4oD`(kW6gpk;XJwY3B9l$C
z&u#)Lgp!9VJ9&2p3y!C%k0UA++!?E7Z|+uRXknX$pEi!4<dq$kHrEBr2v(kEH_hM7
z6y>Lq%!fO*#DV9P7iMOzkLPX*{&;NKD6s9|mL%{_h)1rs0P<T_zc^5@-b{l*H|FHf
zFLanX{n+aV|Gy#>I?1r=QEzx7J7rh*0}l0)$uT-oPZhK}>WV7T!z9%0rLq}i#WGCH
zvJ0YlvK#PPS#*v%L>;J+%dXn-XcI6QE|*2r_k~vq)Hdfx&p#(ElLy|}HxECZJ8$3g
zHy_{h#83eeNI@Dhx-wicMyZ4SR(e9+hzmlrKg7i?VW5-)9+U}m3rxid<Jb(rf9Z>8
zPLgC`#_j(FYKzqLsLGjxC1oc!qE;;V1tU?K&dDsEO6JB3JNvj6Yhsoke2SCCi1;%o
zLjgv`bDcId#!39tm6$UInzB9Y$PX9nRo}kG5e3h5%vD5uGpN#l<kXWH^XRIO)DQAB
z!%_a}#(?Yx>|*nA9FvH`$rTyJLC7@YLA1oZw=WsO!y7{wvhA@)#yhrq4<A@>_G`Q4
z_mCkO;6n_iHxvwpH{=sWTEcCS$qQS3O_|A^CVG?lFwsXF^uIZBlV2>w;D<GY=yUAP
zWc+EVAAssf^5X{!Jd^#fwwaTB>^A^j2TaY$tIU01xJP!4Kjz^FO62LA_Nbo7q<439
zal(x(O}>M-KsN^C%NtIHST`i&iy1TL+^Ty{%-}+}hYwW(>(P!`JwdYpQ$Z9O;|n>n
zY`*Jc+BRvnz~sY0(2A9H(5)vtrqbBP9Px3=bSD_NFFhdUl=(<$%j~g3qQ~{ht#Y!k
zUA`1`R8QXK>1&JZ?aX;c`s(Y-m#TBK!n1Udlt22uXW>=%(EAXJjV((B{YhrKZrm<!
zeszvQuv<XsnA=T##AE5_@lghql<o!-+*tENQ!6P&q!3FhtNa?xOJ1_;(e~v0Y~U*D
z(95glkrc6sQ+)84n@=j+!PD^Ip86wsxk%qgKSpb)kT>w-3YFX%9WOA`F=GksoKA9d
zY&t!Q!}7ps2Jd5f^;l}ezv~Ixlp{;}(=OR}M&@a+V!Ral%SGNKZKlVC|8DyD3J?Aq
z5(RE@9#3tDB8^1Hy?6YFn)s~`r^owlC_&1H5{43+lkRLCry{W)xvLyoi!QNg+V(y4
z<3?<x84I3<PKS-1Y_s5_TG>Z2{o(q(oAJ1ODwIx@j-F|&c8a)qyR(8amuObWSNZ+u
zsSkmzt-9eEbt+}}RrZ>?yK%N^aox&4D`#aYP>|Kg4qv(5dB@IU_qR!0lYpTXK0B?-
z{2bus1H9<XLL>P)I93fzBmJgq*>02j_(vE#qgqTeb;Rvkn%TfoewxF<&G-59BfO0-
zq{$;Au<9PKnK%3HP(wFFUCE5Q4|7;7g)?I08}+h~vO{_ES#;`hO&*f_-@s!xONZCg
z-+kJBh?y2pyEZTF>ox{a?UfS+M*@e-aa)h0Tszf%e+|~Xyd2r;X__*HHg9Kld%2{F
z=)JvJbuB{8KT0-Q9JQY^3bxr<*KJ8;ru@2%iQ5}&eCkKnYyZHK1;bmXMo0bSyVsp+
z_KdX{xpJwUR>OniT&yg45Gq-3R+}c$={!0-i?!3`ZOx5cZ%d6>UE!K}AIFAO0++iS
zt&7VYlxI}H_h%p7U0L|fH$%OP_jK1n{q)BJQIu;szb<p-pZ1D+hP`&Zl*X>I?<&Aq
zR3#Gs&i&&+M};NLdvp><A$y_OUvx&2R|?`!i}4I7`WInW;&~6FD)X9HxczVT<<RH!
zSzX9=Ctuv9D}7DrO}frae$E|ZDN<Wx-Rqpp8pdE0-!Yby^+aZG2|oT%>#>#+@4%1Z
zM!T?6Oj(Ktwj@9%F)u5Y&-RJQZGwVZuv}qo#_t+;2O6rVpr<DJ?oXe4t|D>SSqhHr
zTPrw3xD;{fL`x0zdQJ2vqR}a2MX4vMGBTNBHR>g$xyW3DLT#)LF41D2BqkM#0d*=v
z@E%N*yktq%`dW39Mjj%WA~mvcVv}?CGC4SIhZ70ZPaNEwyYgy5q7TJtl}gmd;tlQ%
z?jb0rfr2+LiP2qhHP`zXi<}>p%4vh3m2JG5hqV@I$gXiUTE?m1dtvcu5=?%nZ?lqe
z=hw9?y0>C%5V~*0#?R`Snegwo52F2bZU9bmObZ$ydlJXRRdcU2L5C823L)A`E1k(y
zRsD|`UZrIx72X#OEhD|}1mj0cN&B>G^CzNTtajhD+nnv*66yZUHwZaYP!SRsVJ)1{
z9tu>TeHa*~h#*TP7-^{hJeGu?h(v&~gue?CVvZ1(u>hNOP}(kxM;s#ftsO<kFN$E=
zT3lBF&db1>To9@~Bmlg49!$5tB?oXxF2Z!5Nh=7vJ-ltN%PU%XE~e%l`eq2XJqA}E
z?6n}`Cvev-`Qrc(PYC(Hn0B8NY93#V2r<hrBM0)-90)D)93Ji*bjd!8^U&I9IR3si
z>H*+U3|~8_yA|xqff8bG<afk`Vg&N<aK+!zj!}K;D)}%6jL->;Xe;_$)gy3|gVC+f
zuys(<4%D^-TdnwryU08dORxAm{;cj;R(IT$1Cg(wx_uCxAuD%gpWxVa&|0-<8@FWJ
zBap8OL=qyuaKp0)1q>-L$uQ|KDH;3tE=L4AgWYOzg>ONf``qk#()WUT{sTJ;d<U%8
z{X@<YA%K8z{%5zy(Zbg3zhM>~6&-6-Rn%^`>+eZx?#JuN<nMW1F0{WU2Kv(KK8qF;
zO1<s2aoz1Y%?qv**OOe_u+h+U&}6xa7LUMo`4FPIpORRQqPk!KcankKd3?FhSbB}=
z<}#n*C${2i?g@6sn>X1`-ComOZIJlf?Vx$14@PTq;^JRra6%jrNLbb{mj|LX3NKyt
z%ov*X6LPIe)gMn1b!rV+X<=8Y5!0E8G9edDQfsl5oMP0^`8rJ(gsG}Y5Urj?hFfY>
z*JZ4ciO0N|QOVjR+oi8_A<A@Z%*|@)^qxcUc3w{bH|Rlea3H~+Wv3#5m!PXfVbzs}
z@T=(%Q|*x$&u2;d=7Hvuw(P@fg&?mgD3!`LT7hayt)(mrl}n+uG#Bn;>z-Mr6{Y;*
zD{kea`CF9ZXIx6=CB_YVDW5eLm?Eh<#g;h^Yk0ylqf<yxtAk$z;Oe22CGl*73=@|`
zSBcT_NP9Gci?o@dl=We@&_bq(hE9bEm)DE5;is$n#f2VlCv9m)aPm&l^SXwu!&NxU
zcfV$&*E3M*9{@3$uS7W^W#NCAQlh2BJP#ey<xeJgx`(aeU4!?vI{z14=M-F77^dr_
zla6htW81cE+v(W0(XnmY*|FKNZD%JPdvfNSb1^eDRsY?(T~$Bc=Y77^qJ?J!gT!WB
zw7P#Kcr`{D|IDP`f{eIwl`HIqV<RfgHJ6{o^5tkRuv?O167M~f<xZ_818m2kdz`ql
z4Vd@C*yNYrc_dV0H8rbiPgY2;Fr$uY-9%q%DD^OYN<$>0u`dyX9NGCn^8WIi;WpP6
z9~gizh|R=&DjzfzPzndomOf@$6Q+8PLd_?g*AvLZAWK(cxsV%0u+|^+d||8%7BY!z
zdc|2|y}>UbVZX|`f~CHV!igqU3K{392RUR+xcoHcfbyEk?}V0li-?GDtpaNxa7CH~
zTQr5l&WLbTIK>H0gs5>Dn<wHXC|P+d7cpfBfc7M^sT6tT*TWA&<D(8{#bv@HV`&l}
zs2BE9<cP4dA;%43m4Hfxr~fShM~ir;#?&20A{G50;?1swvqvdmZ}jrXhLYK##o935
z#G~mKz_JVZ>m)TMlk^Ji8tq<*;u`=Z1z(9$ie_Cx?IZiE)akZIS+s^kgcBM|DzR9z
z-`5J0DA|dQOG@mN(pTcU`Sd4J#;08y^((8t8$*T&1R?|!IRHE!bPhwus=*}itCt=6
zvK6DJo9v|Xm-^{2m_FF4P_>{&-_ws*ZDWr2nbaQuoz=BrbGmO};Iq%&*)X~RdKURc
zSOnf_Nat~NuF<`vq_j0vJ0+DsRL2Vy;Zshwv&1B@CxQ^_nJzGF*Xswo(M3@Y5c-P+
zy?~iv`j=DVH7f;zSakH=%#?ih=UASGKRrQu`m2qR(R)1$&8zc_0JXlbM~i&^&9&{B
zEf3~w;DNK5rfv54;M3)P6+r))*KN>dM*o$``|gqh({H9niEsU(`rooQ4Pnl_zs}`z
zk6Xdj>+g&^y%{;*e+!cfJ4X}(?+>#_^GQ3~Ijo)rC~}_-9DcqlGPhL%ye;o3o^SUn
z2DzR$SJS|$F7KnqGStZ4JpPyc7Y+VZw<m@~d9oeI@$ts*3gSe*w+SbweX*r<*?fr$
z4WD$~eAzt>*hKz7vhRf75z&#+Q9N^P%qQ4?ZBMV#`K-TxC*o*yARymYkN+uTbTPAa
zu=yU(_J5}pCu_dA<1Tftc$i*j&$)^dko^^B9*4>nWy%nhj&JH~p%aU*$FgayA8TZ7
z6*HBx9RC4d%mms5DI8!V10}Q3)*MJ5*IH*gMsrnkRm8;??!0Xux8VHBQ|90Q<^z;$
z%`QFS%OjcD^zOYl@$21r>ux$}<!SZc^$qMl?4tu~;W;3P1IomW-mULP@#R(&|9*7o
zh_6^fZ?Pn_o>@D17?*c1QOs1m{mpP#)lvxz@HHhim}*flg;4`EX;zj{NIw|YMysEM
zsJ;Xl0rV=8se5cHG;1)eC&{l~N?iWdn$x^E(HT(FTYCaSWO1V|bsa!o`ejSjBmG~d
zJV33bA&I#2oKMDEwT}a~{1{crH*&C!E`#)%g5#3|_wVrtC(U8pn9?d-mZCi)%FSWU
zwEfnv$I|9Q-#tb}E0}XCUdZzs%`tf{rHNFsb+Z|kFQsr5k(FAOQ|MCSRR1NZwA>@}
zs6d;Zw^S&T*(zB43l)nMVq&pv!h@qY)A!O^W-S#;pgP8(rC)#0?oqU@l5a^tXjZdn
zQD$fzOukHZ?^4ZzX=h#1CNs#s-~Vc6*P@IaeC1lf$x5BnXy%&L&8&1MHmK*hG#;m4
z=AKMZ*1EQ&*rP!{;F?M(cBxISaWkc1Pse6Tz~zrfp0NUGPs^@Pma<5UT-~GLQLdh0
z`1|&;>P)N^T&k8PjuRJGg0Fe>q*vhGnrKk7Pfe^(>VcX)2mKnbCfY*UN@bvP#6&cs
z9(FPBQmvDk)29+J2<dpy1-t{v5>qsa<t<<{&Q;5NvAi|KWE*Z}mt0GXg!*FVmAO@D
z<QOvPkIrvM4YDa6sWS76Qm#Y)AgR28_l>_Gs{Mn<ndY~#xWHl+(g01H`CAIjzjF^7
zGk@f^s$S91(L5$ERQ6P$+;d7+6P;hiX;sE##n6bDM#VajvA$Rs*3rzyn6tlR7cJUJ
ziFl%7r^Ld}2*rvb)yR<Kk`Wxi6cz9J2PvPSKlq)5F3F2MDW`Ek4%E~yWhPcSRM)5?
zc_lm3M3<@zmaJI42Z{zJ^rgkkDl4rpNa#!mMxnPj?VsyQ=A;JVR1^3yjc8AhV%-Lj
zR48rzNtK$K*gbs$?2)i9vq83jmMjJ<xwBhGXZ!7+K7oj+z-g-0g=FZKsbaV^>u{Mp
z+`1E3HeOtMHw<a)m09_9mzU*L&yJ3JM6toVx>A}))9(0+XJq?_sOByc-e6{yH6@{r
z2AZ5ZPmsL~X41vz&)eHGZV<3b?IO{?5(#?r3~Aa|#IqvHWfasUXJJV84XVv8=0aA=
zw51_-(B?HWYCWF637a3ZeEEEx>Fu}YHO9gSn{S$5r+R39tmQ}UVP9N07165D%dABc
zG08k+I(^e7Ukwqq9(HdKY#X<mpYW_-n9gmx9Y?s9t@|AhxR!+;;&023dPJg_noR{j
z!lADp6An8msFt8}YQ7p{BGv6Y?UnX>j(`C4@K+?1=>x4#WPP@{H+O_yfdfo6R*Byi
z`V?p+jO0PvhLYt)#5fq{vZv6<YWRayw-ukoog@`FnFa8b1i<{t(8MC!Qb|vj1~pgO
zydz{GJ&);pjhM<mH(J`JSzfwLyxwqZ4^Gz2-m)6B$k9<DR0AT!#chapS0+&oF}P}G
ztJvQrt1>DRP&w4f73?IOi}OF7)`BU}DU~<pR~TP}a#TDfhFr(V8=V5J$w?m+_xKbp
zG>kSsyMsF^h^A)q?b3rgOJP}P@6(;9e%}JKUj*6ct<7SGt{Uza^OU~>m{vX6v#r5S
zr_}r0d+R*tr4ZM6;;!>*^6V!4;NR=%trnUJ!+mJdo+_2IOLhe`CpmYvTmH+*u%L0`
z*TD~UmCm4lpZqJXpQBmzuO3e)O2!Np4+ek;Jx=tOYAJO&GPYZv`2~zMlZ+t*)=)R@
zRev=|10k32b=}P_kGEi8#Tj|&*HuGZVbw5+(vh8dAk?$Qp6j{^dNPm4?cha%863l}
zJQmPOc?^UYV7cJlu2u>>rLyZ(Ayrw{XGD(alfu11`qQ+1LI+YI!iMwDlpy8k$Q@b7
z`4?ykBjQ2^gZL*;PbQ7_sh0*mPmz11pBNn7Cj<J_NFC6jFB_hjLmvd!ks`v7ROTNY
zjMXg>F35S1)urkx-F|ltq)sCvWQwnn<+9O+pCzL31YRY*#V__72bz7iOk&#9>`t9J
zXnus<N3<?Kke|D*qU4!P2alxc{%v6%fwn-etJ-A)^+*{^{n1AdH=yp0f5%x3IaYUZ
z0@254*~`n;7w^2voF{RA$Cj>7QsxTh0_PHKIM6rL*WAnm8;C11M2^%^R6hs1D00Ym
zq{(cQIi6k-om|Ro(=mfp`qj4=lnO`kbIE}j9EQQK=ortH5g9LsZA5eeWC3Qp`G>4<
zENIa$W5W`}wZ7Ef-f(<J21&|EUK8_ASmqP<#VArL?mH``;wRfHCC1J`@>z}q@G<LF
zh+JZl3{cY3j%A~&00pe)>Wg_^Vlu-w#;NuR3%rXH+`v(BOvIr6ecXo}?wwT<dZ&e*
z$vXA)v&NV}vlde=#MFlx+KWgt-#8H8XJVk5re^U3l!99Ep9}<@gC_ahz3$4r9m;i5
zne3-bFmo5EnS#KA1e=&AbGF|xFoLXX#O|-w73j#h+|a{es$HN_9L?0*f>9ij!z<ql
ziiP?eIo*3%6lpwN`=Uuv{?ptGzm!ep$2KKVajQo0Ux59^9{unNgk{-@_%HF9h(Xz1
zPda4}RG8So0sgD5!P-YF%-0ul&GwF^foan{bKxdLas8_L9;h9g*S11C#ap8lm=NVG
z9g9`Asm>7FbvUbHXsKmbxs7})ne0(T9G8%a65xEt5(#b3(ymgdEj$)lJ!MlSW;~A#
zpY$w-t)|zqtPEIXA?P$pr%aR3d^4#!?FijOr7gk+RL({?dTV!{eK604DvcsRm;|&(
za*0<h4*4#MmL8nvRv~?1k+4{lSb3|;ei2BcoNDFPge0>3AlZF@dHBN~GA8wL-S7rH
zaW%vs!p7x7&pfzvREBhZR~0cDI+tDy!cUWAp?*B}8KYG9^c^_g;<37nrZEzKf#bI4
zYMJyb{E<?dz*fEd)W3Qs^)(LGkO46Z8ONz^L#h6BtA&kSPlHSN*MG&H5w?0$VY&y6
z`LBLslPOK`FY&4A_1MZX!V|v<DIEP>Y61IUb?3%y!{eeK*V#ie;9lhiuOtlxMDU2u
zT<PyYv;<pZ7d`qJ0r-PW8?n{9ZRE%ZBiU0RlLS&qFLVTA`8qB#;07rOnA;CNmrp??
z{)FtfLA(VGg`U14?OufO`RRbNyEaaXXbK<iWwrNfb$oy*{3@uB6a!Tc1I-A`?TvLA
zf6seyab*=HTraL6W(IAc@ELQ_N`AKD`zDeK^`*alS%IX$Et|~u5>L)s9z0jfAuYQF
zPXb{WQc`cqPdc5iVmz~{Ghr0WXi5mzp=7>@B+8KThefZXpx^87O?TxH&^Fi7u?G{~
z)RJ`MX`X>POfVf}r;)Q)im&WE>sh}W6@8B!<e+q2zwfZ;%2^Wy#$F_T2k+#Gs6o8(
z!{=+P7P%+y&zKIaU-*C>Hr}l&q(n1zG_dZv+W2hM;HBo%@4fRD_qdJfQawS92PqZ?
z5F3Y0F^uHZ5^}jTK#YsRvV9l>&OrLc+!~J46hdFb845MF3!0VobY~Q@^D%t`FzAh-
z{iTs)j+;Zq{o0PE^P?6wa5!q~-7OS8SpH#fa6@bgEwUU+rSR9<?8FvtX+2NoG2$Pr
zvSVGWJNrG7PbI&yFL}SX0rA%temw6tr3!f*3&+2E)hxos-@8~1Gz-POQi5EB3KJ8m
zd~RYctt($gByYu8Y}b}d&s5nfKURlwYM?mS#A5*?uYwe0D%Rik^g+8+UWIgG2<{kr
z&~aR3{>oBK#Gj6`l{%%6CIkK)qMI<WfR`;8+}In)-FBbeyDy_&0P3XPo4t<VSN(7Q
zD$h2KGQ-?8-V)$5?&!4xK5X!`5y{xZP}ic;grjh1wyG5^U)S$~aGGP@uBNj+J><{)
z&2@kn0=w8Sr72uw$mV(y41hwBpQfs|y6;p?DP(+Fi75${CEg{C)emjli-T5wX$C0f
zQIfTnBJL489j+nYN}X&&)9-~iF&ou5aQzeC2FWNXic#=}9lmeh5A)GCz*jSQj#%v{
zTcX`>92714#&vbMKdR%sYOyE|3`7W4?JmD?QA8G@MR1&Mda!oN{>t3%^0M%ej3YzO
zs9pPAQP@#qCHFp&*p>(J1(X+@1ox%pT0P6mFokc0zxQCaaG;)Ot*J;nx39feX2(fD
z7K)Hy!MpNH$5KoHBi4-^b&L)`<;HSxUau*@br2=*DNR&+94Gid*4~t+FF9v~+|aIW
zMVs#|vlYh7A&L_I7J(MYHY$Rbhww$vN)%<LvZ4BUy5cA@ap3wkVkhDQHCd9%MPrN@
z)QhO)Ek_)fD^1#PQ{}m7!AJ=D)>WHa;z*tm4n$L2d7}H3(9F5Ugf23nW)`py#Y<z4
zf*pK0{3VTEMh?Nr2~!KnZ`DQklvYL7vFJrCtu{7O)!7mtn{W{7sb<kYkdoU^;B~I9
zRS9^O+AY0Qh}Jyu99Bgb-QkWgI>#o#4C(bFI|Mg2Ii<?*+2L#9+M^u#={EAP7?gl>
z1-Az<G)f|1G0?ljqy+AcB5?=xC|2nJdp=NXv+%t?=Y*pdgV)1u^9utvjDezaf;>SR
zkn||%dBZU*T|px)ZJw^C=u;{>daj!2`%Xw2!CYT8^__#(=?zTIjJrb3@_n`3L$#s)
zzg@gIRy*Bd{UcRA;|CFfo{5kM?R1;gh*sYvqou<8ql0@5*`E;ya~<y7z~BA|eyc6s
zP!I7PS4rYI;63AJA259rZU{jZiVQos2M9~1?eDYWTF2fof@N>~CygZf4SswnHA>h;
z?Xf$>B|z~SZkN#=^C8^T763sYzK~Z5oL8A7J+SKHbl$O!V6-1c1Nz%ATbj1>rCD~|
zRvnSlgk12-b2L_C2F)$g5~>u2URYw^fN<9RF;>%CUa>UWUU~638w=&OGxIeX3v{2f
z4;wR&c!Nyt0|o~QuNUuBUqbv<^{9&(L$evArWTFrh+!2~$wuzNVfaTxKVhZklT`Ci
zQ9@j6LKO7npBH%x)})^ok3yRK!yO)-2FgfojyaXWb;|N0Z!<=wpR_#W&91q^`QT3x
z3efoMZ%@YVPKr+$`VP`|KPGQJlLz!I524vUXABpXpY9g=E?qA8j#wS@O1&qd+sk%i
zJe5$@o8AJZRV8vuia>eXQ4&qVdPIY^@DsES>Q4^;bitg}u`6V0xYo%M7<+K-HWXuj
zyE81Fe<y1LUT9!=mUKP)^*nRb(H<vsw{ya-4)3cJg<qa<LT2w=>t`1nSEE4=p!z&W
ze$nF1+#3<m>O?2ScYqey+`5bKh`etRIA-^rG2FDFJ(`E)sVT{9CsN$Y{My9Y1Mclc
z-?WK*{`mC%2z?oRwbt`XOd5Td{MYU$VPrp3XRy%d2Xg`A4e82y+6r0s%YfwL9d4Fu
zMf7BIKwZI4)3Ey&znmd#Xbvd+Q~^-ul6Kkau#EoEu4w2ru5>o73kJYJb&2PKBo6FH
z9XRw2?}m^i5V7;!^;>dUz4&!iv|nar_N47hTS8tm7LBGum_oQ=N#ZzZyb=Ty3GW6)
z9tFK{?_}MS+;PDrIQ-IyZ{`~4t$J19ytK^=4?G6Y9i8E~M`vyG$eQSY4n5%^f?o}9
z2tez)@wHjQwXOKOSs<%@30FJy8#0A{R1N+$G{d0T3GWqfSk;2d8@chx_TOxW^)CkY
z%|L0ofFT?}RR1V|w-X##aX0F3O^tH>hGKmVl2X$6wWoa>U!fXKmW$#{-XW7s1w;db
z2P^{m<M!W2t@{`uRI_VIPw;qmuJyMa#Mrj%3-SW~jWT^Ei6?#*dv@FjlquJ+uDZg!
zaoh->-U*&3aeigk5U}6oiGOJK;gkZn(9K{r3+gY0w~J7NSwo77MQ;oO?#k?NZz2c$
zFb)JX#+_6RLqB{1N1SU%{KJtfeLxfLqdC7yqA)B3OW^%xV69^7z(2JQSU`_X8BE?a
zsG9-Qel3Eh-nFx^oN&MH#cW2(9Q}}m*$lx9w;}uDI06$W2J3{JnMN3pNWVaT)aQUJ
z_Wrrs8B?~uotX+C8goZ;r3N9Kjr8Pd&kH_bVTM6Lf6T)AsyS~3&7;0-gO&B!VY?L|
zg6h=&p`SPU0>qX4x&{(|>>Ww^gZ|y=ko2#u-x+--#E}&FBE+zK?^}8{K>88O0CvW(
z{~mWI=?_)h+m15tA9E`MUo4>UiTR(ox;m_Gj25oH#kLf%0-HQ(A`E|GSw#mPRg9jb
zG{HJysTN~SZEjIkL)waj>`*<Uq~(;HuH{lWL1qktzfD>ibEW&a9)NPudSWwb!4CvJ
z<=p`@zMQ#Ey6$)#(}tBB5|3oi#4oh)HEbx4bUilF@!PTmW-Y7INA+CM^-MyIZ_(5P
zdJX82qHCipBKe9@QsyXA1gVVH0*#^L0LQeQ1N#r1e`xx1H|i~ts>)xwEubH5yiTyo
zPS!4IJLP$GTy&`(r-pMmbj55h(bSFE<Xu#l2}G!qCpO98s_IcFRX0ab-i<6u4CP!m
z`9;>qy_INwo0cKfXBaaf1fgzuq*3ZKDAA~6?E;H=uS*A_uEMF}emi5d#9v-<*TPxM
zsNA&c2v-RA!=O2-RL?uUbz|Yk<r}A<sJP{$UGTW*axI@sdgzu_l}Dpbn5t-YusteD
zR--vVS0pcL(8nK9Yjz0#QcBmRs@4kK<W`~nT%kWFm0-wUa^;Hdlp@;tawj}G<kt){
zIv%nX7==B+#*WqSBPy-M`T++9M|>7;R6Z*A(2jkCffbz5b3y_q1INDv*S~87H;g6z
zA{nDlK7s-Ey%RIxQMwPrD}7MHAs;!xSyVa}JfHw@N5Chfwj*5#lOE2Aybvpibj7$T
zjJTJQxcMH8y;S5Mk3<fTKCxS7MsAiiR`9xY{gRVjdlz|<>hAxV^0zPyLCr>^iaue5
zHHgj-$UhwVr1}|JSmCu0#4S&jELBk?tZNvOp52;uvlz%f3~7|7(WLxijX}$#!T&a8
zqkcPr`G9}p6@X7$e2MA51$Kdd<-|N&x3_ne`ZUNB-BXkpeSxQNufAMIhg3zb30PuS
z;!|%=K?=YOAaWVGV|E2y+`9c7R?J?Zb|OpCD?$E6uN&}2^Kx?k<LQmh(c*fuu8=mR
z6n~?}w<i}ASzkW9J4gQadMXzsr&)z&r%#;sS&x=j$#i5l$0h-J*m+kNmIinCP3FyE
z-ATc%$d*lqx5ZW>J=tPUJ6dAXl9y-h!%Ssjynw>={fzt0EceztFgof_3_;uq(GD+-
z<Avug+pgzT<)}qUi|Z3j62XVk_S(yie$un(_w+HJxT6hC0vc~hHipN?s;c|i5ARm7
z!M_dv8W2u~&+e9M+&6M?nJu0rCj(=JW397?Dmhg);wQGL#vC#{4eMKrSf}IguNsPI
zGTwUHK3z(lKBqClVPL516kHeap&$8vleBj^Es-qbD;`89WQK-z(Y%A%xXjc%_ad&W
z6r#!l<hRGJW8L%ahfhPdkll0`rt34#G*styfV<86SVgyk^PLJMpO5&=3OeM})2>*`
zdWE#N1RH>9pyD#i#w33dd0C}RqA#DtJ7;>0{KmFR)7oj^%-_^lwbBEO9<CLv`sI9O
zUq6L|5$Yt<4cf)$`|moF+gDIEL)~RGyQT9Q%8)N}kNXnN#z+x7XtWLAkEPtZ&c8A5
zZr%!d>i0Lvna_D}B3b+G!>|SdQB|CcH6I#75=)su@xOL<H!R4KVn!{GH!_z(^mVRb
zgRA@^rFne&%*xmO#_X3M^!#VkO%L&THd;lzW-UC%kF`kXBP7D<HUBxd08B5a7+x?t
z0RnVP#@ECDfC7Ozj|6FmPhWRU(cTig-A(GL(;GdL5+Bll8yB_t%H$a4rtAGMgXOg7
z9-CW}%Za0;#=0J(b7OG(s&&&V*{${ZGF-cCTnr_nR{xf-X5uCbDGHS&hP>vn6Z()B
zxT-1KSv8%c^I91X!w;)tlb+)zLBIWg+7<g|%AtHBlZ~ZdLY}qsj1`@~Em@o^x~@DW
z|LoSb)g+qUP8a~?AM$SQE8`)>qZqwg`u_;4#)>ja@XerYbCSrX7<oVMSJn>Hs@T+m
zV>HlgrI0gM!@iE3UlrwtZ&M5B8?k1NOVhjZC4LeV-s#}jgqj<5l6;?FZ7OfQ&q(!<
z!yi3Z|IwY-(Qh9p@-)2kZDX8WV1mJxaeu!6K(%u@OV9U9TC5DbF(j7l^gc<qOS$fo
zpyEcrH~ai9XtKoeso`(;5Q*H|Vw(R8^5iV$mv@-nyAQp<eeBld_j2_|y5ndp`eV@#
zP<LgJ?WfFQIrfJ!Z)q!+?e}IQe#qZj5`4T)<qSaJ<7aV)=+A^TF|TM6asDfb9K!cf
z=QH3F#0dLD7GtZjAG!(blEJ{L?7@3XL*!!w3l^8EKa2^<65;5o;DZFyveJi93~goI
zbAFnS+yhzj49X|G_>UvfZDXA9`z5S%nRnLYBz`=x7wH(uV_(9!{OtP|q=^HjAgZ`w
zsA63aXJmQvQR0a-BiipTM*iBkksNW$;_v3nzTN5fo(z=~cdAk^tfh4ZsPf0Rq~|in
z4<6PO&OWrUBFjuuZ(N6xTpcFAOM%#dM)F)Qy~4sK2m_1-x-oNkuZe3$vKJC6#wO#m
z**WrVV+I3==Bv+GY%jrO7%VKXvOCvW2mbFfvU-|EIWL1y#Eb}tDiT&AKTukT3cg^z
z^L(6=SY13^q{1a}E6h9Mu>yq$)$sjc<_~}B!Dl2}S&w8dDwExPN_RZ`epy&Jk~?mC
zUyM)Ptaj(AFdFePGvT9ci3yh9fV(^zcZt_bi-G|ljXbGjE*XLcQjWb(Wgpw9&(`Ma
zs1D{<-jUuCOE;yY^ILA4tcBH#M=zeell2rv(z$_#jdfB>txazRf5ViUzrzb+4W?SD
zz48Iav5ml`2at`%y<R|+o?15+7~dA-`SmS*WJwnKGX_0AOL-WioA5(Uh(I#5D*^Ep
zZ(8hbmKZHUScy?PD3zEkN_b8(xS0}xtPq_N%&gEfIY?QFenR9$G8|^M%@T7x8b%43
zTAZvL?MlS#)Y}C_t&ngw?v%1pob42=QtaWB*IF?4^hakzrV^~RSlb-xJ>)qk*ePV#
zw^7yvDHs|K96EjA7gmgZp+;XHqYI>X5d3N&pAQTIBhKM2oJl`Ad7o%H+;u)UqGCVX
zP2kM;O)8M#Sp<YO2ni~b5h~ma2^uFNI3*sW$_U<62*D<7OA&;7EL8a!)Gx%>0cm27
zQgu+OJlNTRfL@SJH{9GZ$gTZn&g@V3eDp>me9{3J$w0LmHt+!-O%Uf@XV&Zg)~MCU
z%)?;*W+Xy>f`EJ%YyW3(=;~zk{{ab0y#E9wY~0L~nA|Pc*WQ=p0aR!hNflB|;>1Zq
z)7p`2L&tKfIi?m#YnOjzEi6o^qXKysVb=2zT_@OW3x#eVh0mk;R|&!MsMXFzmcm()
z#0agCDuXQfny_td2Ha=3c3%GSogk!Pd)mE22^XY=D+kXYbfWq~6&Qfnb`>dD%a`tB
z5$QNjc!77xuDQZFXST4plNa;+Ia>VPT9efgGgD7CO~0acnSFe&$Y+*fQ&r8fY-8eS
zEzWS3k)69jE!H-LK|2^DXm+bQ(n!=wH(IlSe%orYCRTKr`eL;;J!Lf<rC-J)Hl1zv
z?=0rG*}bQO;h&ge?Gi;fyxb*)BX}0fiQmJG`WzKUtQPAWj4Hn46KYXjBaC<IMgFI`
zSOrEjWh6s*;XEqM0CiAEP`pwCv!P(LNota%ajI$$<{@Tv-12Ja>aq~3%5ziCprIq8
z3U}dui+4oAl%iI}jmnZ3nN$Q|<NiXA#-Wr4#3}VxR5M6jyRl6B#W86?Bu%t@s(K`o
zzgtMu5*5jMHRbAarzbY36I9u6am3D%ZZQU6LSrXX3rHH1_2p0%qa_E@79IDWG@nwj
z9KrUgs6|M9763yLD`s68T@)okEekY?QUiEbsNdCJ6h0}U%w2$YsHH+4Qj&VfUNI8x
zF#r-ANes6fMx~r@NGDt<-zti%g*<!pjc$!jQV=vdfD0NTP&Q`5DGFHoBDbw3{w_YE
z>#Sx;j2Xfixj?sjFo`sBw1Wa4g<`fOS|)8wo%Bs8xU*DKe#Y|b>F2Oi&z{?c8AbgK
z!AU91L83H)cx#^(ehu{%t%bpFAQC3CKk=ayKWy(Ji-cjdloDp2=l#`eRNK-=9_q%7
zkcAd$QY#mmkXgPZG7P?oP??XMQA|R2mfnV1sx@_W$8G_AOz?<ABCd^m{8&YNJL_m|
zBEL;Wb&T*FyzJo_`0KvwBKwALp&{`~2e%LGS1{H$y70k);Xpceu!}DaCJ!zNN(jb!
zwI>1!e6#(!%UJZO0aE58%;Fp(g7@@3f}Ml)63sI8<H>@!&2&wb@8v?BhrXPvvS&?$
zN*f$CwGBk*^@qQQEhpEVL7j*6u|x9td=&_-xb_j~)4o#7Fmj0=Pngp&Qh9w%eBj!;
z$EM62={yZj`e#$2g~erfO128jhM%~U*=Qcq!tgCGEj(C)^09H*3br<KLcE>5oX>Ie
z{L$6GQ3h_y`8vM-?GRA;?u<WUe|E>M)OAsQ@b5e)`PP1}hxRnxu2A&6KU`hLnH1%1
zdwbcQA1*(Z@3&CQof>@1{g&8?@_W3Kk=dbXGkDnp3<n}2_@}>F9z4dnT;^$<Z1cYT
zrO?~(Ps)`@O#AT0C4ZNgMZPzD*{PUwzrIn@KP2nP^A952%{w&Mb@mD5cuDG-oDupo
z_^*V5-NA&hGCl}MI^+N1cXxIEe{h12*6(jPp<~&@)Z2R&!6Z%=1!b%c3WbpfwHS@3
z-*mLGMz9^r^cqPjVdPH)Ewq)W@vmR|ig0L>fvwn<Ss+~Z+nLSD-uWfj+d63rsS9p7
zEzi(CoCbf}?z+55b=-ut8qAv+fJdGTZ)?W)BUv1fKOPeb67W}m4)$k=;6XshAA!Nz
z!)r+u#n#_-aD7)6^tQnYH0I&)N7)YDbi2A#mbYl3Ofz%~W&_t8=``I`>LuN2f0{Jv
z+EfN(YvLr=N^SZ)*SiwqQs(bIzBE=v>A&GfWpCFy70PDJU&ZS!Ga0qq8Paa{Zyy=L
z(`NxeZ#mN6jB7T1TOw6iHkhZo(VHj{3pVXx^joL2Ss5jIWr{YFWMe0_Jb79s^$}i+
zt}_n|HiyCHRJL(z@+2ljuv!@-a%Oe1^^qzlYypYE6hNE(!2GEcrbM~pqbF0vd9kob
zfYa%X?LeraU42u7_KHE8hC8ZcLbY@@6rJi!*ukJjk#n+5GYaaM*-kviW%IA`xPcN~
zYNIVW<W8An!g(?|_oJ!P(tB|#LkTs4i~5$EyM0OXm(8V&+@W%kyw!vwG>b>tL~4{>
ziRvjO=dhGJ5XOo1C{@|}ANX&8$~U0Ft07GXWAZOWIF&BBQr=?8QO2wdhxklxuDYRh
z{b#ZAT6czY${cUJYY=0}dIlZ3waT!yj+FtX+!z^t&pZMp<>6CEeetg8hg?pJF##u!
zk#_nxF<51^`oCjoDzS+w^evwP=Xs8rCZlPsX!&?h6_pI*Ynu~6>^N1H7`?HO#;I(F
zme#WK<E_k#;;6r-Vazq_N+N#fPFJWI!b@{a-Z_^&X#c45WD*Jur*lqM0@T4!t)gTB
zwc1Q4vV95J-0iN6i$g(phA-9=8PtG<equb`22Qps?j^$%W{oiQvjbS?4(07o4aw+A
z)Xiuc6_&A|97zn|$TO9V4bg68l`oKZJs=D(evkVcRJ}(4+Cf9~usTh=Y-+V^1i>F~
zKYW7bQPn7WA(}EOt4?HOP)jYWd@P+p1s2{ry#&y=G6p;_q^r~&Ord1}+C6nU&!HRa
zVjLKa30se))3{f$7Ao%PqAje=4>qJM9K+hF*#O6e48vb4wCH7J(k;}bULO@^MV9)G
zqU1>Rxx-ZiH(xv$P?V0m3~DY4_7@$D`RT;SiahtDXd5g{`80+8(VZe})t_|BFk9P3
zVsu93#MT~eW%%iE9)&6^q1I3&l#k`xnq^i|`Rhfv6X|Jo7hGtH^TY)*k!E$9%Xite
ziyEh|#n($|HoT4Pw-N4LH7DqLTm&$u`^9_Hu9=Sw9IAJR@s&D-8%TNO+u=E_`Al+{
zwh*y|-h<2n*p2tk#~k~eR&koP)(U-!$01+uvsv~RbDgeces`nR5onO1%O+6Mirq8Z
z(@f=${J_NpkJbyk3;w%wc^=uLJ0x0_K~oE7$ct1RIAnE;>3~r$?rCOQSW4Na^gv%4
z*HG6wM%VT7nt|G-RrG7t3t^pL``@=Um^+<+$^-gLPFylaLt7DwXm}pDuudA(=5fww
zb>whMI^B|RO9#Ao-RPUsJ=n&0S4+eAT1#1Oh-y^mw5{*-r%XKP=vvU1aT{&5t&PN<
z&!GfHO-_Ew^~f8Y*u=rzw4AF^3)q)1zDQ@)DX&ftu^Haq-oZ`(7+^ejm-p2-s=^3k
zAl?mEW#R5y(bT!MK+p>GAT&TlBt{wM@8Pb{tKI<h;IhVnW=miM1lLcQTnq%i>xS0o
zGg~ppQeSS8u@o|0Gc~c?WGIrrdl1vzh-TjO&9Q+CH$(q`SRT+<(_v_ahal#y$|3;d
zFT8hAF>J<T+9hC?rogw)fGMt2!tm^vVE&ktVQjVw1-V2n7~wUin$jI-P=b7h2yz&l
zXdY*%_Y}Q(fB^*T66Zs-|BPpsj4$-{5m5!8<%!26wrc#gc%`r=>{VQ%M|BhtUDU#@
zKs#gA;y{mNHN#Il7f!%p5#^=bXS^qteNv>Rm=6n)M7Y0|30^1nsaz*_Dk8erUoh30
zwYO?*E?iNt!xdiU*o_%?6*fW^*vEYrjYkF^V2ZU&`@S2~u#a(2UJ}2o(-f}u3YCrz
z!}32QDAfF0W*7qm9omMWlR8VbEa^+ji_&ADC$zJ^CGKMN8b_|-dZkGMOxYxO>CxA{
zPJ5bFEW!p}?;G<s8&KwybmS~C$zs40OK0-Br%cj_VwlF(CA;&dQS`VD&VTi8n&9%-
zhP?xPyl;qlq%69r;kLe~bv8^kJmIBnR1zruzCUGlEycaJp3wM>QwO@$Dj|n{PHSyu
zlQjEkreg9)l<xi_Z#rilXB+ey$P}uF+&D@ZO*^z8tRm*>HHEPLJ^|Vj>SQ%3ZFE;Y
zZUPg1E)1zVM#jQvErGheEXrv#TN<&Be;wwXHMl5bOBwwFWzW<cVYg5_Cd_2DQD4rp
zieDNupdP13bkOoMifXj?uz|7~@IwuZ<eG@Yt&Z33pI;Ub>3yBa&o^_Yrrys|aOl2$
z+Fhbe%qrFmop2W7Mg7X!ucbA|eg#~@1ETg2a4@!vkd=nsiavR;v9C$rjPH}hKJ@+P
zw#M7R(omK+jRbM;aP~ni)jYG{(obTIfLbdGd#X*o(v{UA(i#YqM+e}YE09jaHdMJX
zkt@Y42xMEK_*t2Y8*LoXy4fgL{zh?x)30Eh!$YGB=E>yzMLYhJcK*f}3JdP{;5$wz
zyb{$e)aikv8ZPo}xnw1NkU(vHyJd8ghdP#HK`agyhPtvPbXC!me?k2oM)UFwvMq%I
zrHyH5j`$rx3iC?k02C^QOLhJg1?YHM`~VF)dnaFG=uSb@uh;xQ{?lKDk?|S&t@bAa
zJv70OBQmeg@@g0Mpw$R{vLLO_N=Oq|IKH%e)b+-i#tD+Imbx2J5a(QgfCvyAK){GA
z%tlGsWRVH%E_q^Pb?+N@0v{OG3VUC>U&kepnrhluuh7OYP<a)euKend<41>M=oVJv
z1$<glSb5?oh~t#WM?Mn_?gl|e;!ZKbzbtgO1q?q5m_2hs%IIJJRzU)rLMhVrBU$Kw
zwnMz&!{7=Oh3W9Ns#&*(vTnk_|DQ12V9++b*H>r~$8zmB{Q8k4<ob^pQvq|Y^LP~C
z-pQ9W79D`$AgAhU3M9XL4M=H~!E{6IB676}vj&+&VG(SN<OO*w*jWnrB(PCyxrlhy
z5)U6IR9UtAXqST*1MmlqppZ4ign7<|{M=CPi+Pn=H_<4_+XMk)`QU}6$BrdD@P^Zg
z4xefu8k|y|oY5AQb*P>L{TA3Mw!V)b=L(Hn1-eB{k9cT57&sFEa1z@@8k<5D%5@bs
z=96(zsgY@DIITzKZVOG_H}m~gh7>Wncc924(3Dt+#97Z8t`<+w*`<h90j%KOGe|*Q
zqu?=EgIZ4Z0u0iXHg{AeS^Z_EpI0KE=xD7BXaP8!ZD8;h`df<<C=#kta#{skY|V_W
zT}*6ZIe)Nl%@3y6^3U@qhp}c*5y;};2Sch1jj;a)i0yGQIS|CmA`CDwg?|)rerb5p
zf_|yXgms`Uuw`j1*;3aHEIaz;Ef3Pb0PLlD;ba785)HLnU^d=`$}5FIhF2cGtLJ{O
zAmtBtU?>5g{I)j3d0eLXrtsXPr4_Pe1!i=;2Dp1~-<Ahy7n~d?_?^0~sNNjbcEVb>
zKH5<Hh+8Z4;t<~KFvokJK9d#U6<ftG!?9-EHb@T|=m&aE4|*RiN=JVvVM66qk;cLC
zmy5pN5HBP!JeGIZPF@hOz}>jMpm6lZ8)BAT0$B7%C`r=#MR7(au*lXIqIFkEVKqqA
zIO^)2v1|LGTCx}PRNp%#Ny}<1p1UX!3#_a_o{(#!xGnIwIuTIbQh#&yzX?t2YdCnM
zl)N+rv80RQGHK(z>;->BHwsDG%h^J-p}|mkFB`Im&gk*R<HAS4d0C9X4bkvvh+~Y9
zsN={S@t+N{1jPLKe+nG<s9&5YP}`_i)(0mt#*l>emFGcO?`A5LYb!*9xe?E^K)5PI
zM2K1Fz-ggk4qCrq`QwC~jHfQX);HW!ost>!?l<Td7W6fii99gvQ*QlQt&JEJb<xy3
z7#JIuZcn-2cqeQ8M}{41ffQ?j{uqPRHsqjsD2RA4K=wW8C2__JPVQ+;`Z}<XkWAb;
znetV`_Ool3f%38{8tsEi@xDkd%1>4KzDQhN`5t3UDlzAHC+PB|UeL*sHVMzGmEgwe
z{z|k6_0Eq-0EpUHM2Dt*AhG7D-W8n_r*de?8z~JWJ1-YQnakyV?5eLni8>~5v16U7
z8<w+mV7Y&c@|Z=;AHB{85W=uxmPo4|xXd&-_H0qTummBe_CvLTAN-y)+jQ-O6M#ui
zG}aY4++E-D%j}W_^*{zaJu#4|^bs*KFhJRMJR9MVN1Rvyxjv=#6E)hle)T~nrUKI!
zwmEx|i`xp8UCmKnZ9AkR-Wcu8S)zxHWTn>?O?MQNel;J=-uj#t@5D-=A2B^mINw1?
zS&(#Pqlj_zbe0aXk`QGjuijgzQ%o49S!D7I<rdeVjKEVD^YB>4Adq2m{aI4$5M68X
ziB5WD!2HLX7K~8&RE+`f-fj)KX!RKtb+{^8bD4r8P_Q0%9(W3;fA0IPMpC(A`!zq$
zXWWd<j5*)vX7I3@8+^sCW8td9IcuQ48YyCkGK&64NH8fpNg#UHqNueD#|79W?jjFy
z@*DOM1bqVmz1Z6kTJkY4+PS^JnY#BbKfwC3vyq}hd`d3(1Qf<z>lkx#WR1j5fr69s
zIVc7>#H~ZrsH2LG9eoEjOtkh62ZF4BLJA^+-~0&~y=;DL&?7~W>9ZdWd!vMZOoF|i
z{JJSqT~K&Y2}><a2A-5v<Eyjs_bG@m;j@Jo1|BM^N^oaSxQ#wnw2wX#*eEo)j@z~5
zeKEF@nC~jTbtXK+<w*@6*@s>QI0p2Zl|S_P@!CvRB!v-TMb3!*cxt=WeDZL&TgFS`
zZ0QVp6!^VPFiEoZrBIGcO^JHF6Fm-#`GG*bSh^#S53z*y3KYG*6AR1g6+@FGWjm;s
zero*D`hAwpH`xnk`t+JIQ8{!bU5j-gkZ9NYbmPRYN4O!>66bTkit{oI<A;2SLw_X6
zL;zp>c(+xX>G$?xf`&}7<D0c6O7knMC-koNsORe=KG>?9+=0GmzQ-Q~cZvV_Ggoo}
zigUxX==h1#fh_ZiOCBe-;pFbj_(I|9^QZ3*7K$b4lguO%oi9<La|q>C^4r9uA;6x>
z=E;}Hrp~*%5wFqRcTD~@J|{Uohjh%ZvObBGj>x+WdJRw}^2ieUv1qa+Hnx37<Xs27
z<_$l#trH@<ABynQ#QzDQNW@(>v9CQg$YK!#fNNaG6n+eo?}a?p9`Y-geM{Tx@Tbas
z>qVN$EBc(p=5yO6;`B%U_~)`~2>45E-4>;P{*MDX66{@$8ZhXA)c)-9^2T2ctnxw%
znA$CopI*XB6_@Ae!ifw?B8i+yRI+ZS3t#?i>1@B>;_ab6+Px3jk&WdjT8o$Z;h|eQ
zG<Um9#Cf~>w|-!|v@QJf3g3%I(jGX!F?jz-(9I`o5B&CWZOa!h%}L#ZdQtER+^-g$
zHVs;u^g=C74&^$9sIt>0CSU~ZPlz1F`}6zBUOk#f75PQ7{L_GWGoy*kytP`CNEG*V
z;f^gFyd&Xear6*RbcxbWFHvFDEm3Ly>mRFfuR#Y%e_?0yiiHtB_jT4VXv(_$!Of~+
zk5Y+Rh=aOjL>=NGFREvRk1+!Kk0N07-FY9C`5kq<+Ap|izYXRs*1<7obl6BHhGH02
zvW7Oac<ReS-l+FsH4Xg{kn+y3t8q6}cN}T(v3=~1_O1Z)_CehH3iiC@lVmV0<HyGE
zqSl(mD#*?%h-g)w7{>ht$@&gDNjjNn-&oxNG3nKnV)ij7z<-=pU;QGM%GMiWHf=PM
zhw(^jqUHanwfv3}#_CO;s`j*snn=(xLQQLeZWFnb=WF!6L$m0UanxY{<9OwLk*Dva
zmM_0@ey?-z^h5v38Tf3><QEV!rOf|2YM?-#^=A55ncd9x;HNYnD8xao%caUchmPYT
z`-%%_=AgZbrDg0aD;}rt5r0A#FcB!}^QXq%+KF%R*I3<2C0}hHx&)fO3AgXY6V{^6
zt6)7*fhTr<T{V;$0r@$<5XTS9U!Mgm`VQt@3;ryW1p86l0zZ(AhD{OpNw6`fGuzQK
zZ4=MA(@Q$VI}2*Ru(_2f<lWOJVmbBLXd96eVj`dGBZ6)YMIUz<0sd0vPjwJYU^URA
z=C&?L7CH}~0^jfCUtgi>&@O1h7+3NNl4?ohIrkwTM%d}U^x*Iz$VE_o6;H8K#TJrA
zz#9Gn1tkkXazp+Taia$+X4C&uOb`?k<EJR-9^r$}EtEmruSWYI95<zbe+F_IvKL>u
zdCuGS-gP?w`<nCT3T0_nxbup9GijTa)?QulxAJwVhPh2nd~D{|e(^iw#KrJRvt|K5
zaW*yH<^dU*1xr5&cyvX7Y&L4Eiup2i9>b!S-Gy8)_+4K9D|c<ALVbansj?`cN$Cm+
zsr$YvYw9Afj+V7`=#sX=9LWOyD?>#d;-X;BC{yre)Ua<2L^$;l@iU!@{q!;d`aL+z
zG5V?WA2&_$@LxLE_@&ZU+16X)Gs99k57ymd7NU#Q5oMI8CkiBmioJ=&BFGY-AOtyO
zr=PsTm@t+SA_+~41~LoDlw)`C-jF%xVnTxBaUOje4qb5&EhdKkyu}cDkFcN1pPCS>
zowNqeI+F*is#I{3zU<m#@Sb(N6L@+jjfgK_We3od_+2OqHuuJh(A+r*3X|_XxhW72
z>a*JXGlUjnr^T^0>4xaCH>1zi>4s!AH?ztN(+WieaOVv9;@GmY;tZh57x`}bXC;;=
zD&?8QIm(mG&dl5;BgA^})Sy?@h1(`YV$9q*g*i%%E!_P5-zzU@oq_o^k|VQ?Q|E1M
zN2TiS?cY1feJy>lTbKa}-AtVZ=>ps;>?)6dTyS>5rem{mWKO|VD4IV6OD|3g4uuE;
zL}(woHr`1VD4uF5sh90NvkQ5`Ac&w)^J(KLiiUU^mZ6^`xjtmoBBP^Pm5A;83swtV
zDCSFvS3Ei9OL9ae1~i$Ph{}bwWto{vDcKj_1<d2b7pz<DZOK!wes1{4_Kyv(e(|~i
ztdVC^7p8nY=0)quV;ZDK<*pe_TZi9$j{_kUJNXcJ$t%CE<rWXhtQ-0f|Dq_&5*uA<
zh%vakb=!;fJEsum2^5OLT_33(Ka=9N+&P_+LihQ@Tc)A2(TqdBn+5D<yqg!T5GCP^
z9X{o|g`PNwks|pvPnC&B9OKHByQzskuzLmT3>I|bES|^ehp8h@DwXT0=x9!xy1*xY
z>VK9uY65CYwdG7*@RJMli3++vC$O-$pmb2cSxP+gPS_r9H5+47g;R1&RsKGN&>6S@
zrqk<7D7jK4*i&R{^b_P17D<*Ex{Ph_&2^DV#>{D-tbrbEj-$={zsyzEVqkTk^6PDg
zAz^s>L8((jD%iD;1uO6>gTa<qZHDh;5BjlUSaIpXn~Ww(M`E*OhHZ}NH>CqS=uBDm
z6r@h`?<YzLT2Y81N!Mgu5+$uKK{iup^1(#eV|5iuQ;rS22i2K9SktCWM~gg*B%)%s
zop_boB_zny+q^Cs*Y*_(bc9dY8`qd^T7KlKuGt)clyKJ^3f9=(w}LHZf^8j!*rB$r
z4+QFX0{(DMn(LH-UD-5GoC)%5gMRvI#`b{>yjp^j1-{E?f411PLXLx+ZIv&Ak}^mF
z#mEFC$A5Jbrp$-zWR@=~J=erab3pgHDpe%ie3NjpxV|87oJ5paq=qH9)=clOON$;m
zgfu@0EBN)Rnqv7~#5cGwU$GURi5S6@z&^=-B+;|4@4Dp6)N(8|{u&dHvol+_L{(kc
zq{zZhYr-474_I2V52>m3Vd@;Y5VDk+6({5(3hJWU%0_UDes!n?&<RzdlC8lhm8%8i
zLYT4)&Itnt-W%h3ZVKod*T4n_v&L`8Stidb1cCPIa0(POuse*;!vU_EY18oyKMg{K
z$$~O*Ly?n>`$C$`zVl~OmW`JHQTupHrcMQhdrEm>K9*_%-Y<RjS1e+=P|5D5YW~;+
zCl68!v^>#`oP~gghVZ%!*eZpvrD&6*brz6wqkuwQ7w{Iv%xC)X<7xJvAFQ({Y;(P8
z#q;Z#%u<P_@P4bO*1IO1AXx~-Af7`>Dzt5=K6r{Ty9Yma;3)gefUaw#0G}+teT}XU
z?)b}rk50kLP|{l~<oRx+6zVGkZd(s1%kICHkldBj{YK~xCs@Eg;NH9iOiy~7)af<&
zIfVnK0ksXMe;e$Ve*YaFL?<KUN2vXne?(OtI{l8c2Hl|EJ6NqIiSE0kk;?bftyA28
z_Vw5&l~v0ngun^gd4p$&EUIjV>>+n?YEbJRtaA-1gFz?6z&dKiXVggTEXmlWhjw!;
z71o|86LY97*1!yk?MX+PGO^v4`dO7g<fXKj>YoM~0T+u>(H7IwX8^u(f$fJ@v6(!?
zybUt%EERyyDwvpczQNHf;wZru3(&H`e)O&ba(O#yqnDlRVyP;N!Jr~(B1>vg!+zT9
zL(%f%_v<l^Tf^s-q}DLWopx_$x2e#m=Y<<B-o|Uw5E#`&CX<2c6mW}aul8Kl*Dx=M
z%vt^NT9>IuZqlqx|AUv4%yX>b`H%?lkN?qb))gU#yg6J4$IU$pS&j@#5~1FP+suUe
z4E)SCx}Wdnr5V{^Uin(PiJa1Onm5I@oaLV|yH&jL^!8JmG&ecO9nG&r2Gp-Dru*fB
zExrxE_6A^liNa+yHsk5YB?c30FJi2Xm)rAWox1;9f9RY1AB776YLo5Pxi;V1zp-Fe
z8H6<(2A)M8(G(|uy!Fe^^Q;_9dAg=n`8?g;2jiD@3KO3BX(K8lDL%sObeQcX*F<Nx
z%@4OHkIG%|LFdNZmyYz^OE6%EDv7zL+KrE2FIX({yI4N;c!z)=xR>P3TOa`%paIho
zO;IJ^J^&`<lcnGJ%~nu^>_lE0!lie0oJ=ry*sdE+G<14F@F{ZBJlgl@W$FjcFCS0e
zk74@T4<OzBlAt>j-wch$X*lQ>JzMVDweo>p0^PnFruUTZ%ZG^Qrkfyt#jV{vbT<)~
zJ8GK(+Ry`ZkbOI_es^xVrKM};Saw^=Q&hI3SQbkI9lg@!>~ds(LF4TCQ0`%}?6cK)
zszj;ipB8#Ak23Dn0XbY1Hiwh!Qn0d(xff;k8)b#zDcJipmOzpQpZEO!%>rOiA^0}b
zei8jT-PdE!K2%2hN#+Gozw@=54mH+*f-JjQf7NAUQfsD^ckZi+WhN!By~y;SWS@g(
zgn&yQrC9|`S;}{2$ae1~GD}`A1HjPkzK*yvGv&FVtJPsWy`6&$d^khR^?V$5JsYi~
zBBH5JMYJ$QzgN$tVf(yg`v_s-#CIRW=8W;)waE^C+tt;Lh<0GQ4wrGnCI|qIJnaU0
zAQ8j>M;C6<c+nAu(LJyT{!ql*JuC745D2r_qgac6*6IRb7-_oY?Lw;?sJaDsfNe`Q
z-ePnG_xTfgAbwJOqWFg*?vo5jtS4=UBtlUUwZ(6Y=M)Q2k$sHmnf}5S4@*KeMXMk_
zkYvk{B_LWDm;FcT8O1AdoP;^{;~$EasCs<Lq253Kmk1lOyu_<&^ffWJB#}dy3W}96
zSErb4@{_TjP6@+|Ln!Hg6Vruyh`h)6oiegX1)4NV6M>qz%c-u0pv$2pP1n_suuVSd
zV^Nw0%W?3APxV4JjJW+1T4cBrVNFUltX0NrHb1h4{)4V_iWLRs(&+KI$F^<Twr$(C
zZQHhO+qQL&ZO{EDnPf7_y!5eY`p~qy-(IV<VQk%+HLPbawGqY|#Ve1-Y_AdL%Ibw-
zYp}IZ<_f1ZwP&Q)h-<^PHO6P|r6K5wm}`2r-snp2>hbsgU@>^&8x*&g0RWuU{~w6D
zi?fBb(|?CPyw$dxuv9YDsz@%|uaBCy8D$4aWQ@fFiMAu4*E{&RMiC_N8Q2eC9knba
zaN3q7-KJs#G9aLvkX+5&nCPeHortg^(|igQN2YicKGBLT^Il@oe9FpqHa9oZzJ1EH
zdV`IXP+mK{*Y?~v@?`bgPsAyoJH0FoZb~}t7Nsd$E@df6a&R85QKsr%1jk^&fal<<
zT)MD~b;$k%W!u$l`0AgkUc+=6y6jzcs=~vr_gcARp3mc0v)h_~+EisheCOuasMDV1
z<XgVCsBX5I^sP;_*3_>~x^Ul{$Z#RIY1ShIyJ}VE%-4qS?BPnzX3Gvq$;mdl%+-O<
zdbK_c)0QD^%52qz>ZU|bZT8;215>H)JY;p`tH4~z`p~<U-n?-vDr(i4i7Pr@dCFk?
zrgR#yaOuKxwhYj65Np?XT-T~VnRGR=ig#P3ZZ$c<tU(HO4RwJ?>xUIAS%47@0<Xnb
z1X|Cxta1hEuH7g{&?2qd1|7H5$nxMcx7Rms4$iiGBh;a}dKvg-y{M*yE>)-n6yZeM
z(f|U!BOIHba#BeSIVDx;1Wxu^u6Y);9Bx|B={qkpY_={o2%6F862|xHGzoU`&bMw+
zweqcBF5A#=JriFDgll2k6yw<C9}q+nfM){+U~3Lo(hE-TccGLSy<-JsRcY59Eq8bF
z7>4M2Mdiy|Y4GX`uUg~$O^k<mwXk67OiGLe8`4GFP`h<WnNeXe>vG+?3672h0;K!-
z6R5lOlJzpb+DPek_59W9LoHa3XbODa08M=4{@Hp66l*zi=`wi0OUfIV?G#|Q1q%jX
z#bh0`qUmbWvMDOxU9VMAY2Q5yU*m&r4(i%!TlbWyVFkL%gQ!&3u4<El-E_It0k1gM
zR-;*kA6_ME#8t8g6@RRXL_1|AKt>gf+1M$r6pVO9*rX5-3|r7T=z}$QVPCLhpDAQh
zx9eo1zz00;f-K#;aJd|gfFX2lvF1^yCAM94??Zq9e~ZWgT-CbQuv6e$T108=9fm}R
z<})xeQi3P%hVLwP$ir`^&cikhS*U<4({jmWb1XpUWw*7d-VlJL^Y30|IsV)i5sk2C
z>t*Ho>p5Pz_Gx9?Vf+Ht4P<K+AvIxAC=oP<nj&ci({jP3Ozl{6QdCzEvtpeqTpS7F
zaIJ$3Fga4Z1Z@{}lK@S^^~gh4Tsf`%k}Vr*X)CWURu#a$5q5V@#th{%B@oE6fR)p_
zS@NP5(&>_aQUji0UlbJ^VeKr2D77#)@0ghkB0kLNDblG*7rtCMx*_OL?915b)HT(%
zz{i#KxdQ=bd_z19d~eCM?#hCj^mClOH1XGVO$R6mmT+~W{>1CjV}V$NhvX-2IR2?^
zxkP8~(iEPOYU|#5F6HPqhCrAB`MMkpx@JAq9BJI773i)a1LieIh(~zfafvKH9$p}|
z9jNuD{W<ewtpjJ-y9`Sew7bJNt*I__+1c@MMx%*om>J%kr_XfimSbmIlcv1zg7Gpn
z?oG4mMf}jTjmk1oX_n9lR1AM@^O>4);(Yw+_=&R$$F7Gd`A@~6D}Mc!IAh0o@VmNV
zUPq^Ea!Y|f`Pj#7gtln!A3Cvqx?}bn7P}Q({zZAEKUY*j60J(Iu_PpmcMDqQ`H{?4
zCSJ=Vk1WJ?;4^lQ+T6X(;%So9;;Ya)O3hx~#<fVW2cYGL1BJrNhngcxl(@wA<qnAp
zkQD_QzV!Y$7g20Fb|a2SgHoCnjRR!-3{jL5;1EtV7cLc4phC@1^F-ZMSds8lsT%ie
z9vxo2Ng{2qSJF_ou3$@|@degK%hVLK8U&8v!DNQ_cUuG*lGs#O$%I6L#w+Kn)vZUi
z^|LFSqKIWlB#UKEPi>ld3h)KO<K|aB)2K`&V#Vf4vVIL!LUiPY8TD5e1TqO6{Brx;
z%{DyI(aoKI2y_SX<E`ay&*WFAc<7pgcwRZHYqwS}=smPUF4IAQNFBk?*|zoMhj1gd
zXg6%0;SB<)<gv@QlA$J7Rbt5z_!*Y1xok(riqKDj_3IM4qXjxu%mnrkMF+@f;`e2N
zW7>tjTWW2%D!BsKu_Ew<AwfY2)tbKNE!aCUMXLBE#_ts!f;pVY6Ewr2o2&%A;tRk<
z2ZAYZmoiI;TS8CV6_-|M?Hw(jm?IT&I_w=Bcvpp(<Z-v6%2Hc%$Qu-l1FT(GAMRNj
za&tj3E}xpnKpCB}%bFTb_VULiDi;cVq!wE)gbcZ(s=U$eZM~A9N@z-y#H8%ojguG2
z<YLoY-*{YvwQ*>!H@&;9YD2>L-jF!kSnqETyyKFMyVWL9|5&=MbZEvL(LC*Bt@W>w
z$E1EB>@-{2S$Jh0xJP;Fos-3wgfXkO={R)OInUiBx4RW5JMdKHM%_bzdE#uM-cB{m
zY@>@5Q+3+ohd1uvigF#dMfnzk=msGIkr|cP%rH9Km|Mh?LLgdQcU<<yl__+t#Sp~P
zCLii{50&08#*&#;X1}@LIu$WDa&UxCx3g)y^InNb#iianT9fT#mVisW{_}rra@Z52
zExmTJd-g>Uy>_+N#WFHp-bk1;o#RsMSYhTcvg&LyT;Kdz>$#1M^xyfcjqWM}c)RIR
zUmIBb<r}g4;LyDIW!~VH%;Q!dxA{)pitbQ_)Rfm}p(jh)0kc*bURQSN=~q3vtjXTg
zk@Q^`9E2@xutC#0eiUC;z7S_gk*uhA+f#ds`R#l2C9X)w#NDZr{IHjddCJaYG@0>M
zj&&}rqL>JeemaY!%y70kWMxdLrkzTdz?amFMqMh(yI6dfUfZlMn6p3vHC$u-8;nhp
zr)1{!&|qisot(W$+P7kxlehxWl%Ij|-dQWU6Kz}7*%_a3qM(x0IokH%@V@2n_)=%<
zL#q>Y-q>j)&erN)dwtx&;UfV>JK@1ZW3|Y(@SvgbLED*t`>m$Z$y8lgnjK+ls_4C3
zT^wmDI%Sl_1RYd0KfL1bIQA>Q{F~UzW(Q%xm)<s#R<R%>Zuowd^;DiHCt>X@EGM!j
zfVfR1>{kB<)+l459NRlrL8`&5PHFxQ)cRrAoig$F40Z|4CBk9>4xR-}A;f@RTj4}C
zG)_bsv@Iz@{l`qh<y~lh@<IB#5)rE_JL4E`eA4!7C7Gv`F|<oT{^*wU+FbgRKiM&g
z-izB1v-ygJxYcW&e%cUhHFHyV7_wuT#YICWT|5m9^5h{<n>G_ghbbkDz=YatTmE@j
zkTgaJIE)h(ufITpAq37ETXsS3ne@kWdGR;h5yL)HpBy-ZP~7!2+K&7Q6a&A02P5Yf
z3a4@}0V24&f*ZDxhvPd|Lt}Z^Qh{Z8$+MvlyIOwp7>ZP4Gi#|YtfmHNkLfK4EFE;h
z*yONTx7Hk`eEGrtd>|0G6vALnsQ$b!!LbNTe%%Sfas0Z5YF{ZmetkEb2ihB!2p29k
zoiky43BfD4pJ65B+!<)vF>rtgf*xrrV1vy6+%ow<8m<2f2puQ$N6FZ4Kv}Zgo4Jfh
zQeaZ|L<0LN4sP<VF!YWvv<^dnt>)}drXjSB0zaFLqT<NB%%8Jb3&WN_K>=5SfUI&!
zGi->DxI|eo%N9DM>PA1|Jh0LdB*;@p{4WXNIOFJFd#3Na@8~~KkRmRqFuihIwf8<p
zrHxs9#nSg-Brovgk@=JtrU>uy#6nEQ7XwcG4+fA!%=7KG<p^9L@V+2-h0(YYgbY49
zEb-_QG=T{M^e+P-l#D!va`@z6!aSC{l(6Vu4iVRJ>%_2e_(@Sr-h!g6a}$4988w5r
z!VEr-K#T>}nFxTTE?^G}%|}zlV2hsQagdh0`8t8Us0~RJK{DdVRtglrSd@r~P*Zc!
z415x48oAG4g{>i}m*O4cG4YukDY0^n!;ZI#D8jjs8;IB!rYB`$QYFrB#heN+$p~GM
zub4`QN%IcEqJ}~xC;<s8MMYuL65v6D<P_L4G1=_y$?P5zhhfQr?~2H?CK(h=lt-61
zf?{MI$V^Vshb2oHQOv%Qve=DbWYc8?m<_CiuP7J+#Ke}fMg<vkwBw^jKx@$bOwtwK
z!C?7(bj{$zugr&Y0l%H@+N?`k0DGFX4F5bq!^&XuvJ9D>aA;7?K44r2kD86j1o728
zni0P|)!Sw-Dn3xigoT}%H({jU#R&zx;_vd6&=&5uNR}$9&jTdF9_4KqD;td(xiR2&
z!5vN4V}c{R;PpkFw(oCvlC57c=amw(qc$Mfo5Idwv%Nv&dqE~}0ltorxDpzY%~e73
z=0&eJ;cEeGG=cfSV&;yF;70JgBC|Dk!FKf^GD&&Eay@o$rmSlZ|2;fXLf`_uLF?zC
zTQtS}n>|<Q4fy^09?lat#ni5yen1DwZuYiusNKNLH!Rl#{<x|5MY9I`h?Z)J$i*{E
zb(sBP5}^|MhS8~)d2H59648@?5e2o`%?$v9$i*}<m(pV3l8}4gk=_Py4Yf7E&NVZ)
z;N=ht4}!o_u;hl+!#<NoHmn<|4*HTC)N^`7)>2VeAa(^>+7xE*NnmKke}@R^?x4N`
z`eQb6U~|9TI(PAfV&8+^;Iz*PSF2|FmdKsGczXQaSfSv@wq&Bz0Z^qoP5oeEOqfm!
z*i~Zj!w8b7fkyO#_;zm7!#t#yX7LeEHhC<o(X3y2^yuKzBk=qT1_t$WLGzROkAyD6
zBNT@MA?ng?YP;9NJ3~imx$6&KS<FV{3V5L#+Sz9M*0q_fN-g)$7A5@nLhV<E-Y`-?
z9jLfW`p%VU9hv2(KjlBWm$=@w^d$px1PWV);Du4BtC76^z}&|CMW+aGI^}GI(JlE`
zbs>Q64#gy5jii-v$V$YPnr;>)jq%CW9CTryPWf*IWpc@+;;`<((82Tr7^bHXE4<{z
zX_>K)Z^0jJM)gu-=16Mzkhm5LU72N6nMO1O9YKuzy*0D;8VDQB>YDYn)@1Xnxb+cr
zEu_s%z7^H*7L$)nYx5;Tn@sUGsfJ3hX<xuQR)YB6n(!V-Yg!=FKXwA{QmYN~_48*5
zf!Zz6t_*Rm4a`$J57c@gw{;L#Q}AD%>NFN%ZzdW_Gbc--+8K4pR8svf4+6VMEx=!u
zq<P1eh*~6oWF2G-ZmDf)!<9baZj(}O46gm^x}5!Nsgr>VSto$ZZUcu>)mRN|h~Hsv
zDDSp^sftmiZ)rv}eGGXgv=E{8F{1sLSTUvzG<u^rxck>80ZQH0-Zue%dZShAbF<N?
zq*54X>qM_=m=L$Z*SFrf(Hh+DJopT64<7}FD*;{+D{sxrrA$w_hP^RJ0xkMK@T(eq
z8mUPchutd$LGg7P^2Dq`t?m4;(UQI}cX2)4?Hz1}<wuxQr%KXgop4vQaY}yX3@-*o
zOJ@Xr3bGYulo@>t)jNU=PH42*(j9;|?g?~I?^tE#y`FezGtX$^4*wQ~x8#4~oc){-
z|GG=Pj!ihvVK441i->hX(|#oy^hK^ywpWf9_F=5LG(89<d<b%9E*S4e;sNH#=lBG2
zD!teF9j}qRT&~AH2!=)*TN;{RsR}MX_oiSpCZ0Gf5imJCLkKITy={ei$ahDpKD!a2
zKcYYps`9UcPL9yM+ZpR*2!ajWP(5J<mdbLZy65<!(0}FXtMNn0*U>+7jlaXBS1|tY
z8uALW?eFr1mu2k5uk(pg=L@CV1H;hEDTSc(Wo1&J$drIO5SWIJLH~eqe1guP_w~&1
zrL5aon6~Q_A3QLYd!`GJyik018d!l)@FI6<{9r`hF>T}n-UIwfV@(f9SLW?WTs4sj
zK5-4Y2+qpwgU{d*w&pHK{lYRq<D$f(xeM#OzP7!cB7SCrEmYZm${~L8uxCf3>;CK;
z<2T@w8k(?4Z-gfuM)^|SAXJFQmO~dAAUC|uq7uK1h4;YisRb<L-Ca&AYtMTFWCDL<
zWOx5!#B3*h%}M+XA2^tss4sKATlJp>-kBSL&SiLX2h$fr6YB%82RD1y+y6~#_)Yqf
zk~uG&SSW}7^F!Itw=dlr<DWjsD|}vu(DgEA9TH>mbZ;_}mQq^^l2MuweSkNZ`F)sX
zO=*ZXuqrf2UfD=j5U==$kJuNY%`^OwZ|0%y1c~uCv$R@^^jFfb&5)^gHJRn2O&ul0
z1wFX!?6T3(njI8-)!=h1{(HFes;;#?v_c{28_Y$q`TO^u-uw60`JZ$TS!6X&7OvQQ
zX|n)4sa)SGPTiDzaWiO|*gr=)R6rp*mdstaXcQR5<kgAq6@G0_M_Wzgo)WImzl{(K
z6hyiE4oFUz1NrtdysdWa)lY>fKL7KxWJ#xP*Xy~~^HxQMn-M87M-QW3IgMxSsd^K2
z=^r4?YjuOBH%V&4$ti;TMifG+(T_e3<`J5etr2rNAlIrs>kR5Pi{#U6g#VH*V8FHl
zGH_f*7&y`Pc#MdNV&h3NE+W~d%0gJeNgv=#s|aXob*v8)?bmXM+*Wmrq${7%a42Uy
zV%nWo;ouahS1SiV5C`=aEu9!=Zek3|nv0K7Dp*2VXPiH@#4hP-Fa8jFOux<UnuC8m
zcXfS0MN?N914QGKwrL^P%#+4+T4v*Mn@(acnrANWD9k-%#-KL6;g*^ejjPo3imQ}W
zj>pb)Gnb9&B3$g0q!3%Rt9{V`rrCEpdfUCu0q98B0-9tL%$7h`92sC`v=cbGR1_z3
zibP9ZXE6$r8MH{+g{(YssVBWKa{&s99g_;Ix+_20f+H3!=wO^VD8Pr}s|D$c1#a@z
z2=mHzf;Py9bQGGkj}kSiI)Xn_<6QU~y9=w|i?|E>@pRC42g561!@ARVQg<Jg9iGUq
z6%W!&AbbQ>nd6vnqP9G`q2EG{7vu0Rl(pE}OjfM~6YQ2wBh~#TkriF&0-9A(QV+0K
z!`AU;loessYVVq5{Vmga5B(`W`1EbiT`nXJo_B5F+E8^5JTz)XE)x5&QT3^i+kQM8
zaTlg#DZ%3)vOP6;{kg0(V?>LXaL9?TvCh8XI8ZBDvNlMmar8)h?Cz_SD@<}PysM_-
ziHChfWU5uc=6G_?GIf0p=T>1m9*MTQK;vb-1|#Q}E33s>iwFv`sc*QSM71+d2$8BL
z<Q^p&ZIU%=YCAe3Z+r`00PU0~mJtSqk;V+nD#=SwsvV#4Outh_&vxgu@47x*>6MAE
zn;Dlg-em`<RXZfPy-ztbhGr;rT_otFrH;dxZzng6Gl*g`x3*|I;2*gk*g>NBQENtm
z8D{ava+W1uXhm*Y9ostk^`aalU!q~7oTZOOz^nUNjJ|-Hv+e`7dNSfJ1k(;6Q;$X`
zUH~}>RxE!iK=)234uCmvR&f8S{j3y?PmDH%xYK4Y8rx|*ha7r5)nE_4r^iycpLNj8
znH>Lgwsp!0TcDGbd~a5(I-nEEwI-uJ0+>fr@!74Bm}&|9z7EE81Pw&JHhk|!FfZ9g
zt${Pm@h5MNE4!g(SE6e)=l<UOz&qE!^`iJa<Qq8seYodmB$L76M#Mssfo_=AE-~Mk
z87*x1K&;lW{?*@+aQ?R~Zw>S&c7JL#l05^`fZ0!5jtxgrvzHLou_9$eyntI}(!LvA
zf_g^v>45iSU?Vy42X*W(9u)?~I&*K_(c@mpowEMuH0kO0foN5qhw#c3prsNSo+`lG
zk!HVY4XW{<X|bh_Q)sCfC2i|SV8Q&RRq-(G>DR5UUlts2nz!3Fh3dR;A}4Psh?HAR
zZe}Mmu60O|g~MQ8W`I@|#LK%F)PS|M!4%3*pdebdw(eJMxU{@ffobW9{jx1@R>8bz
z;(Yt*G<xYja?t;dR-&JL7syv)RTM$cv6~{h9$_WY04&b%dm@P^?m*GSuGTTQr_Apr
zUh(GdKsL9r)aeXZ5x8H6pv4p7_YiFm;^PF&xw$k`uP!{~8ow@qP`~)9Ku-vxP*$O$
zOTlY=8@_bqzw<Yi^mpPgJP?e8XB4AT(DzbY(+qjeXmo*_UY+MqdXlR=;R9e^#l>^+
zF|CVXbcvzW<=V@p4^gp&Nvg+D8d!9hS+4$c7a_#0Eg~>!abmO8^Of=Zc*u0Qq<uHA
z%>4{^Zv8Cl<8cLuRj|Y^XWFZn_y9;Wfg1W2M(LbBW?kr>Vo~x6LM9vAdcp^Nbp;#_
z+$(q#v02Yj<)wyuvMw>5zG84cbwTqg0p4{OPraVgtHV(XcYH!k;D!?11_bNHHupK+
zznKIL#v3nrrZqOLz|6+=11IuC4(CQmJHyhNJk#T9K+(UWFM3*~ee-zcgPFrQktq`l
zxVmG{jwgxW+hwy3r`g}Csp!hrqEH<Md>gI)!0vt&w6*!-+kFEtt!?UQL0#Kbi@daf
zeQw?dcGpEZLqhQ>P%iGtlkJn0a{ZYhLy$3Qsrc|16r}czs+Vs$?m}LzzbO;MQ{xT|
z7*is_-4lv)sGow1kGOioo5&6IN$uz5i>>!_ObKczKt<86|FB5^ZnC10+30HrC53)*
zGNy6*6haC5PDBaa3J-fQ3HQ!`3PxZJ8RWmBY4&TGMGHUDQ^7rLpe&=AB%tFh8ZIS9
zEDG3Uq^bZuLyW$Htm0o+@khQB{J>Cpc`B62{VR%3S$~w917Gg|RyPib6qv3V&!1jk
zJa<mvR9x;{MR;P9W1{mo-0Y7%XB5&SCrJhTK^d!u4+n$vt=|!VfEtmPEgSJusuJ~E
zt73NND=tE^M2sxzhmm!4q=TXHnv{5kr#jf|?QcvsSUklOq~%&IV}oubIxzDI%8KpS
z2h#F-j;NLLT=F+46MjPV5-ivbl=x7YWMgXosouz5E1WW^5r()nwB4%T*qcv`8t`K^
zu?MJGETC0J`QYVMxMcu=s16ZcQCW=xw-Pb=)_8@!*VqaHh6~sy-}uu137uC*r;~G|
zUpMB`Gu=XuC)HXg;?KbsX1MCU6a4c$@?M?M)KwWPKsl>mD@0Fwx4=>I`l|A02xl?d
zQEWQO%<9dyY7X|U;Ndpj;HvlwYdc@e+-CIpfbh_Ybs!>EML#BaHn92y&ece3G<r3b
zyh7OBHV@5(w^$YyjN>j@#-52RboK?Kp;zAqoRdX^PC9CkQ`Q}&zZecHs{##tn^KZe
zp?5mH7eTUV+gSClS235NV_0)}0er|861KYueep2tkr1&L9Apj1WGqGl6|pEKszi7a
z6=cFR%ZYF!DJFg}n|}KG#=fp7v_sZTY=uU`zlZUWN{ft;p{<CatP-Q(Kk<w*%f3%~
z122gyV^<Ev*~QY2IvsU0>X&yqHAyJW7IZHXPQ-MxMozh`)C(YF<I>-F$Qn?l+cXBN
zfDR|kw-It?1c4T?SDZQ?J?gkb&1!81s?cN1dv_HDu8&yekJw_@7(2?__-K*g;jm3H
z?RRpb&{XVtDC~Zx*wd4pVvU&E)1n!~5{W`#jl%K$F7xeh`y%*pJfsI?vb<<2lL&n2
z`9+ez0{puiisA0yeJT(e82qbDR3Yh_C_F(lyv{e>6tset$fDPN#`y1~Mrmh$rbk+l
zGcwLpc4nf!8`6!kyGu&zAkP&VZ?Md0@f1PE6Ik@p>?e+Kc-V?^t*}q}2~Yl4>N8=F
zPwxO9)iOQsXyl=pg~EaTp`w2Uj{Mf;v~@jj$rlv($dY0aLZ6wycX*2UE3A5Nh^ebu
zS(_?`SDHYf@?F6=ZUoWQskblNrD04)$v>4m#Gkq7{%GAvuFn}cWo@wBE9pM~7p4<G
zK__s8lFL%WN>()O-+$=vq&G+krp`S3eHZKNL7)OU0r&GDuBP3b!2?p+1aKdqP(Z{{
z=dIQ7F>o&x<-Y>69l|BK`V1F@Tv!!aUev}L$=;U`!uWR)636gAvfj3ts6_J-qwU#R
z?gG#c*xn66aEM04s|1Xpc^OGWgIBdUcSKgVN{_)(*{zirMB-+dNT7^K>HuC}`+FGR
zHI%IqY9cyCmaG{j_hpjfYua=sWWv4JeFA-<p*baItcRtw=d7vcqEox^*n8n(jXH;Q
zl|dviMn3#4gINQPza1nwhWEWvKq83iKsLhgtxB27C32>4?SZd5<WF>FDTDAyG#&bF
zB*RtDx;2~Ct%PUyX_f_1)G<3@^>wk*kC}}@@KZyZ7w<8@f#;-pQBptt)Hfum3B*Q#
z(TUpvzd=|t(ZYKvQ6zd>L2A7jU_WhQZNF?gkK;hVv}X7V)egKSYy+N@<zw%GlL2R2
z#x&I(0|z`}*uPu`C4t6PIgpCy0?eMmTlq21Cc+8gYnR+)m}|92^wN}i^&k2-+V%0*
z2#e>!kyycdb%7k>H@6((KkNrIi7f1cD~8`|F6T<%Q&%eBh>Gbu!<U;E;ZeW4?thW+
zhZT<$m`)Id*<Q1A?xCm?4R7m~bqz_L-_$F1a#4$wP=V~>=+_YCSipkvBu=W+snz!i
zET5Whc?a>hQ4<t^vO`kgfQ2ptVbi|rQ~%&lb1T?fGakYZuPkUVOjsj}CDT?7Bh=oI
zCkv1oSZl_J|7&Oj5f{%QBH2TL_Up$K(<sbo$+{7DXy(#v#`-cpCeLrxIz)%z8x=_a
zJ5EnH6j$=YrRo6xz!TV0;JkjwIb?8f#h1lD%Jpyml)yIorjBKMbLd<F20^@q_RA4(
zDeuperdhtP-ywGq{Y&N#GqFa|A@_Cg7fGpbso8fkvsN21k*r}-BOqP6O1d_}G%Bfc
zWCDy2A_JaGrWb13E7}*wIfs2DJEUy1X|;2fd1vt_@Y+PR|0Y5(AcmH|uwcA$tg>{>
z<xXs)cbETiU$q>n_ydwstoA1s<?spSV66Pt>wJpMmr*&Kd}aX@8;9_%)>%Mae@1ge
z2_KQekr5gHTQ((I4Z6C{|65iFM4}gK@!n)I`k6TPm;!+I+}OEH6XuMby|YLvyOt4j
z$Cjh_*s#ji`qOexnecU~hC$>0sl2!ECzJ5qzFH~5W%dkFX{J24!l{*gDNm0te<V+E
zmK({jmH!wF-KKn?%rJe6`zz=eP+i@A1kbA_KBzq8xT^?@8+Q6v?19H$IRt=53Y6Ti
zbQdfM-qEOo&&Kl712gg)B@oXJRlTZpHg8hp-j4(ikaf#{W<#IoJ-71kKH(%XOh!>o
znlWYIEBUQy14o0;YLQRLy`rv9JQp;{GW=Q1hjC75QS=WZh{gr>-A~rBOh5XcXeY))
zyON#{w-z;~!)<M++Vup~CC<uj*PT&$p)s-Np1B?FRkkM2FRp*l1Wi5OqPBe|Pbl7^
zU#vW*r9-<8N-{#-Ve@I!=+P$vY8@CQ<S(4y-cD1172V$x%k(@l50I+%fPr7R2UF}^
zS^Bs4#0yKZ=$AP2d<r8Z>{W|9KTGl}wwzTpBwVhAeKdUHek1t66Fp>VVpS+?Ur{=S
z6?8y*#qH%oo$xy_1(@)k927KyG#%lNX$6;=vZQG|7~g~oJ%_}aI+kbG{@OnDPmp96
z_~XRrbOS<^gLL?~i?*OKrGAc*wN6X13Oq2$%USWLD2gAtkr&{!fqh2}(dl6WBP6to
zsW)3KdPT36Wi--wcx|OmGgD1%$uHV8Zg5|r{@ci(SoWEHwL)1yLGa)z#zV{|%5~>#
z0izME27W^LHAUI3)XBw_rV!@06=!$3O0J^@^DsgydgeJLU5Y&R+Q2&Fyag5u2b>9e
z8{?IXVU6p9%MWzBc-Gx#_5cBLIK$b=@Y=?E0MG^F9j%!`V>L}}IcmH91GqQmw=RWW
zOU3yYj4IlBcR=GJWk{^BI;A2{m-2XTJ4rwd1}xtkty%>qmzY8?#O#TG?gZqrb3C^<
z_w?7l3x=@+X21!NX`#1L>|l99Jal_-CmxK`9B5w@1-l@ef7p-*cd`-MtnfM`0C_e|
zkno4jDIA~>!6KUZ)MY3dN^Y4%qqd-ZqmV}U<Kxtl?Yzd$w{&+)qhsTM{k=``Z}8=I
z1XfO0Z40|whNDX7=-+IP;m85sZRMh}#@*eL?dUI-eOJrxrgPXsg>I1LZv~Z=$DU#E
zG*AN^@>{JPl1$((j5dN=OiqUycTA>S?F=@Al9^U8qVOVbE6m5LkQ97)&fu0D+~6#n
z;4GNxw6<;TJT_mW;APz|=e+JCytia##WR<HjsFgz)H&|Cz@;Z(brK-=po#M$SVFWP
z?MAoPHJ2bthDDGZEy1K>KFPu&9ejCt*)4u98UkY27aS+`JFv6UPKJ;8u*(wGC3DDb
z1|AXHYcFRV9X6|rW8bD(!?3gZA0<YsOU_(jC()|#*9*Imd!=zEmsk|gx}{3^f`|jf
zbNe3zCE`UK+@SLY%N>vMp?h~6ivgkoz0up_CVZJgFQM~B%EdgUA72B+`fK3LMWV3R
zR@?JzS-?%UncL%V4r=pG+uRQU^MwjF2!8&mcg_MIp~wao*@pah2-)1b_Kf7kcLQHu
zMY!ZnN0!ykD%FZDvnM_rEz{wDRqVmLnID#s@Zk;<A!N?Y3+yPTxl@tw0nS6`SABTB
z{QDnJeURmE^yda2mki>gdynvE26_;Dr))^AMSPD+%nQySo$faFsw^qmvwwy;;Z^@M
zuI{PnY+mk*xL--s0gqJ3cjur|C0bUil7B@wE}(^1ID3V=(t_?4ZFCCY!X))5=`-3h
zzf&XOf{JIz*Udt>TyBBdk%td)pV_}$G~}^p>2(V<HnRY>j{ic2zXiSQNkzaC!2a8K
z_+0<*$%Z%@NmF1X+CfkG_oFSM4f@A3nTcgD#^N4KxJWCh1<bEV?t@3f$xrEFVjs5!
z<Etjx9eg_qN8{eL0U=Ipg_Q&{DIw3CLJ<R6E0Q5?(w7#;rFoIA`)m1Lz!>#>EWNlB
zQ|`1-m5H)dHm)9=bc{gmHr<cwg1#mCws@qAbmxYgWAB=1!<c5nD=`mjBD3K2(|+nr
z{^1w=KSewfbtr9_jn}?1tqWyw5%J;RE-48*3W_*$vY2>`x(IPsal4T22Tn!lP;JS~
zM6*x?L`l)a$YYJ;j6~!VF|eaPx0=tcu-|v@-s{`%+?F+sPlp%HGJZL<7<<_lMOv-G
zLMzV6^rRIR`kVHEq@F~pb_Ek=m5Z<pHu12GzSW|{)XY!=v<l^crzdkHf|aBThsL#O
zX<8^Cq?4F`$iWy-M~%DR%Z2h{yW>Xq4|cVW_BPJZ(b{XvByC^?mugrttJEn$9v9|R
z$41nSPzIEp^0(RDuO4MBF|%UjO3Jj5iVNrNeZmzdg_O>-3PmavoJTj#QO?>*#fn;3
zm)G6V?vRde{IxR?9{r1hB5l;&n^u)t1AY-VO5aAdU$t}AL-01R<!iErEkB!SEsO5N
z2?GKp;-|r=AoHqJSqtKjWWkg`;9AiF!2;O=Ku@tqS^K<m&wQp@y2e}5Loj_K@dc?x
z-{;aZVBZhLCt$2m8Gf@fx<&9vZ$bn%(7ecA>9)f9P=<BIb$>jr$bv!!SYR))$b)<i
zg=qM9JQ#1}5%dN3F(9)K_JkYQm+7>y@G77@$@{4B-@5rU1J3A>`;5ZgKEOOF2DtV;
zI0wXqPG@kuY2OC(?tyvQ{6D}s_u>d~h#S;sBiJz6*8wT?xG&W!^KLXE(8F_oJ#fx0
zDOdsa#1}BW=zGt>X9t>Cg`lmkTm9u;xMZ0}cM3V=63N%tbePFL{pL}={KM;#$X}-k
z=HukCLBHG2I;``)pzn<V)y~TLbI&*U{;dWIxufvyk$BPtk65AhnFN6je#VA?JMFm#
zl2w{6k$i8)aG`rAo_w#1@ysi!5c|ms`87aIGWoMF@(|(8Px>Cjx{^W{K<$ijzYLdM
z>#_~;q>~NMuE3p4;bsEvj(Su}<np=BTvof_dv&)ys>p|Z#A~=cwUKU3q9Zmt*D;sF
zXX5t-f{e3>{T^ebC&$UTwq19!<K%<V=&vv0{SRRtu*eJJiKm13u#AXzyrVCB72aQv
zT?*T1^4Zp=e}dbb70NE+>(ewpFFso&`xmDm$8GGbrM!XA_aBh#93s2{-%iIGcDl{p
z01kbxPJ}0jW*Y$B+}65)u7wwr^(Ln~)HiIwUv0pw+U6eU?2%`<bvM9SXIIo?V6)Fx
zkZLWa5rcgf#1jp5sB9f;I^5uQFWCgZFA9-N;SM<zGfJ;GwSRm6GY6ix<<Io#9=V~9
zC&d8e>{=@W+#5NF#m<G)(?16t3DHlc7!8gk2g$Zioksq`!qp`PWOf<`W&d)+32eqO
zjcbStlzolB6v0^5z+(o%3fv!ipT}=@U++`RZnW+(k7T{xdkcAFax03q--*15c+xQ_
zv<C|yTR3eNT@?)jXZ)G;em2@_^~rNX^OjW3va)dR7%$b~c~&+r7NA>p2k|lf!rq}7
zu4Zt%yqnhr?m+%@uzwm`%=1e1RFID*^aZ(t;N0rBBGL(bcGbNMe=bjF&!#Vn+{trR
z(!7Fv?h4PxRo5bX)Ck(c&oGxil<D}}-%aIgHNVldC{YXtm~)aiOSpsRoa*E(+=(%q
z0bx}$U+{CNXmE{k{|e?4R@}3ybOyF>26crMl2@B=7wWT8>J?9~YPQIm>6sw$SvLEp
zho#kPEqpWshc*5_)&zCS8RtEmWo?Lh>Iuz!LN4p9V%dTXS9{&Q=3z}thssUb-Vf`O
z=3$f}X|T5<=yo_;&im->uHDk^dTq2^Z01F6_T2LpbF=K~f&2K^d<t3T6t&|Aa}UMG
z+2@d{PB*iCkH}SJej_T*>&gYL-RU-R331J#g9Sq8Bes{xr}HJWsMhG+cHxxT4Q|eJ
z$uDW{V)cP<r%m{5)35Pyj<0WzXnBl&=pye?Q^O)DH*2M3-5qb!uTXYHuh-cuS2rwp
z>yfhN<<DhRjIB3q=I40YW!awL{d7L#n$&IYcFkt()YjFI1>Zlbti{!1MeAoqq>Y*<
zn5kYQw)*caa+Mt^Ty|1cpZ6mjuib~#UMgmo!pW^^oTkN@(Zl0gc0W@q-HmKlrn9Sz
zfbYvHQ(S7E-MtM3`-aV|J@(1sf?w7|sS6U4Y84i$NiDm@3Ga$cw2e;uNWg_d(zf%|
zT02zcgwo$k;=UYr4{^@k7Y_ZG%yz0>k+jL8RTSad1GiUcoE$r@W4GIJp07at!_s?t
zx2-&i+o&7X&1ZKmlTe`yidW9J&40{*5@DKJuZdz`18;%3i#uhF#cJskGE=avYPe}G
zG+nmK!+8PHq*s{r1vXCo>r(o?+*@xYra2GN<8rfA<WjO{r-{2=PvT52l`D7OryA(n
zAno3fsw?cUlm@?IL!Fvc-O{GGY#Yw4s_AA2mFcRaCPErg&2u#vNIa85KI43$@2+Pu
z#pY7yrWd`slJl}ioZ#TJ8(&e&4Kq1rmQN?N8Z<b&>B?tcba@tPr^m|=sxUD=xh}@f
zDj!4fRyEnhop%onF}msK2A=1Gg{Am9yByaSjte!c2OH7n4)UGN(xBWBi<>zj7A%}x
zY%6u=E=PsGevgZ?AY32rrkH(9nr^RKw6DZfHxJH5S3nzs^$JN<L?@dRTz_@&Qu;2e
z?w=1ArGw_~ec4RMi8TruGQ8?~7=4WCtK<?BOqa2uP?sL~dM)L`8$7b<_ePl7f#R4v
zov0mL<ZnX4dg3s0WWB$-RW~hE29$V;EN0!tG)k<#P|^t7N8&gv*NTp+Gon6g*<x-x
zsj}VB)A0K)RhyRnNd|h~pIlEOTuR`8XLF_Ok0q~3eN|*Uye>4~N010E(KOZIF8^k$
z?b2M>n|JCguO-U#<(}974f=5IVrx|+%55#Z&3IZ>ScKx^vP{J_ulqUhKKmHQ9mM^d
zdlcer_Y=Q8?`5qO&{_Q*fO*Z_!Ry(+5fhW6;DuKm@`J)_=9=7fvi1$QY35+f=xMdZ
z?E80`6VA*cdE0W&RY2EM=@MHH7<9}w=*_9E%%ZC!ys;Nw@Y_7uO^Jbb$4z}&-5r?-
zIO$>QZChxcs_4ajsU9uLW1`*fw;2%yvg+nFeCN@TJa7^81Xa)VGEYg6^~!Fv1@89w
zb?9q66(^Fn4Eql0+@N4oSI>W&BxuYo+^vCu^`*tp;5pD-#q->rcx_U@hh`+dUbFGE
zo7R~+#tYocAN5L+f<NuPHkOxERubH+JD(Z0En0B``wVK+)^PRo9;@_diS~WnoR}!d
znfW?9w@%1xG``F~o90oe7*vAA`aSLJDYp|)DmY#^Jx5J=x%qWG+Z#XS|Cw!@ulv`t
z6nlA6I$>G>9ymwhvfcUZSaE^vCu1;nDfJ>URC}DRQse3uzuaTyop7`#b^}As&Fda&
z5IS>GvH5meeHhx<#kwN%4*Teq9_Kc<810ka_3;ys7<D=oE7N{-ur)ZcFL{a!EUEQ7
zg;l4hM0>B!n3fx-s5-Tf8Q>Jgl(uS(4fcazNjthHFf-!*_}ZbGtvAA<k}bxO_Od<B
zQ)Ca8v-*YYE#-)^cdF(fi*hRE5Q}^&;y{ahs`H<L&tVqnl*7Rm>6FQq{tg=wYTt}}
zI>5{)@3b8--^@Gjl-+3Gi{iuI=kS#yjtMB2e*ySy_4YB3{nVjTU&v~>l{3vjlc;s2
z<LZ<V(q><Zg1NwsJ%n?8$<7(}f|6E#QFn|9>xE|*n)9<ZShK>$#wwtRr5bQ{^_0S%
z^|j5viK7?RcRf1=$ZU_CM1Sb-5vIK=kuJ#W;f#e|S8ID>0Mnk==6AD?)s1DFotG@3
z{a-J#b^1Ln|E5iHT=pt8!+~5LGng|!sm)8<(G52Nc6-%2YU{kY*3(aZy_ermivEpX
z5z?01_ts5c!n5koSCHA8p)OJf91K)cL9M!Uk*gb^6c0oTVRQV?0niI^MWIU1((d%_
zfxX3ow-^4hZ2;4JkuTu1;J0_-(6<>oCgZ}FFA{>N)8O~FkYH+vj3H2vd8{G_{LfYT
z==Z!7&tN@qat*|G`9jv^!OcNRe#X(Yyb)~NA;KN>3}Y-erN_jQRx8b-%aa&6BrP2!
zG&x52x2NeN52<HfVb@w1$>mA8);-Jmjjp?ymkkyqp4ncvEk3rl4JbINj)IKgqb8v=
z@2y~34wtD`p8D!=Uv-QlXLVQO-Gx3X$+7d_HcCR@%UbFvG`*75zoum8L_Fg8c*$G#
z74w?OQToxZ2jA{~zJPec;ExC1<bBzC19tmt4_WR3aYsk*Heas3WPMR`$0y#5d4sn{
zzsF2(%s<3=BYB5&52tUB-n4mRr;llGK)vC8(|h|<?_6I#y@7t?YWH$)r`{}jb8L?^
zUw-0&#o{m(M7S1&Hp>Vuf;kFk#ZgZRc*|%Sg#_jxj-o^h=)no#4}wYwc#y&%phY6)
z9GU@z3#7<#s)gvp`8DR?n-Pc!*d#?g<e()5(9Y;MLVg8F<WM;xWecFmQ4jLG|BZ!B
zDS%WC$t?&ghwTx3F30E*sySo&2vn&jO*Lexj_WcM+Qxbv_`V0A9x8Q*Z|xVVM`<0A
zbqB!>>$x-LhLIa<y8D-g9I~g69qBvTafjOtQ*z*(?FYX@@P_^kkvl|sL*|Wfa=@J(
zOS?1C_OCl6)DHaD2Gtu;bqDMXw>L;<PvaYLY0qQZf9rr`JCGM1Y%d&Ao(L-(WS&@C
zjKzQ-T8zd(`aLc;obV+bnnW?2B~9|Lo9R%<dxHB=E>N6ULsm7R#h3?zG)sbdL$Ebr
zZvwV4i8v9tF|Ig~+0h@HIBeX&F&LX9<CvX8LN>wLG4nXyi8xN1`285MLlAO;MNwLE
zLPk;cCef=nk(*dfoTY+*P8`QWW;dR6QCbreCIGEDI5)6BpBNpAbP#_)yB;14Dm5^M
zUfUi~6v_z1&7hlJAf3=1N-0Dym?N-`UQeBz8Z~^M4g`uIuxdU|IRSh)A{u{oIHVmB
zjxo|bvEiReIO%>k_=ya7oZnC)6rL(D9H(Kx?H)%vg32CfH`eWth8?zUK*|B1)Ez@N
zfN}xY8E;2)ECHqQFV#CDZx-J;+4uj!;FjnHqgKNK08mr@Z&k3pqlGKo|ClqK=%git
zL}Zmjwl!?*wnq_ua`hV6^Zh~Q&BkOjm*0;yWeW-ufTn5};=GO@Y^@Tft`a$Q{Cx5<
zd`NDO+x4i>BW{Ls(#%YAGc+LYx%lkFH1Lw&!fIFcm)-O{9`YtRZNTn5KPwUa(uSz7
zCAxi|FT%{=a7rz_A0JNc-M1xGn^;_b8y_pTr*6;o$6oP#J>czbZHK!)yRx?8+Fsq@
z4o^Sf4wr^LCB5B$FT*~w<ZjO{Bl9{teBRy;Uh4ABuu$*5RkzDk;XDH!Y(I7CO_8`a
z|G35Lka?1TGYl+AZ0tgCFc-249mz$ksxxq@KvaoZWp<R-RpCeG+B9cX@6J5+#LF@l
zE3z26A;ML@2=<0~TmAhO_!3D+#beH8dfu)w(A+Y)$}nibkW;;dOQIhW&;U%bmzN_W
zI6c>|{(-xMa-_{khjm1h?`%T^598rOwkL;{_u7bfrT&->_rM3=@FX#wQ7lC92b=?A
z0D}VoZgJFQ0m!L7rzEI}#N%Y`B(yu*@-VlrX7#ZP#i!sVkM-nq=g>V+{j#RsVwiPh
z9#4<9gmjNyAQj)Jr;^n^xAI%YPN{+CjUrD#@Vx6&Gh{4G{lm$FR{X}t0Hpfl81E%A
zK-6Pf3pY?Ni47OIBle_GXS_keC?>N3LZOD4YVW=+5Jz0GLNotw8i}WsxVj(vnG5Ls
z`+hNj$79lbSqA>}YDWb^;hSXuc*_`h+F~@<zwy6Q(^w86O;1@n+Gz@7e1pddY)li4
zh0}5P{5%7i*W>W(J65Oc2OM+W2=?l;ir0XfmdW^&ReENd<|<XyBMv`SQ{jFDC_NU;
z+DY0f4E>(vT^R-Z2$2KQg-bo8*WpD>*UrUHj@9r27XH4~JgCUSZ{U^czcssaslT!H
z&XxIbpF4dCkf)_n2giLv?0;h~i&{#@@GgU}^<AjpjYsy+BruR7`_2c)RK*Vt3>;P#
z2k?zfNGDB~mE}WYplojvAnpM5=&)%wpmKRVUtEdD)@<uAX-1qerP}zgK2M^NW8V^K
zOmPdPr%3X{&O|8z;B@S((qO`m6)t3NI@Nzc=~RYGll@zuD~OTkgk6E5-Psqi#313U
zLRDmuo>4`~HL--X2LPXmKM^t=;Fn{WU%}5O+K$Te-yuepGmczD4@5P-{~+U~;PY>r
z<^UESF@g<z;!haC!|X|j4Pdn+V=W47#9iHMi&U~}D?^P1)x!M?zpEp80#Ghhip>-h
zQ-d)V$OZ!qj*iN~BMfS*D#45D$Z{A%7SR<<J8L7em%e)Xr#`0VJvtm$xGMals1Kpd
z7g@tL7~L0Gsjo=oTqwmXI+nuIUWwLKU&xjR9Y6uM3AM`SLN}_dF`Quv8*6DeC6!0w
zX7KYcMb0af&M5eaDdT#6jfB@(;ip&^&;g=D(!MMjgF|Qy2RpSxB#9>*bF+Fw`uWYi
zRgy<WsPFN+pjm9qaM_FD$FaNFyEdFy>ym@24s-jmst%Job$wd4k%OZcnyAXX_bLH2
zfg;br(e15XkC47MLo|B#$u&m{RSE%W0yEZ<Lvn36;NsBaV7b4ghxzyBQ<4j)VUQ16
zICiL``>FY~ppe{9y6o$<LPVEyac&zF2R9d*lqihnY!`c~DYARsRF{V=Zxan6@qR78
ze>EqX)*wDr<|l}tBAX-GraN42IHZ}y@I0EJ6Y((}ovaq;68@3WGvXaYVY~2TZ4$bF
zS@b2iX!78UBuaDi<fDHjLZJ|az8aAxZrt1kw4<2R+_9aNa%a&aYcm4<xfxdi68~DS
zOO6DN-k>-}5)~bhhAoof>G+fLVI%tET-?gqztv`i=^pj)DE#C}^&@J8QsI-f9ha2i
zp6=rW)8XlmK`~ivY!X6C0qGB-@W=WuMeHdMbl4pt(r!5^KGG80@*0bnOw*`-C>pj0
zc-%iOt2B?RTvQUrge_-}dCeeM%)rgUvhcCl4)>K`F}<x8djKXDMciCE?b18@tvxC^
zp~9Ff;ldJI{YIPS*k15J;r7-f1D^u}+>{w6U9;0)RJ?pXRKO1v#Pc6K;Zw-5Wp;%C
zgOl{ba1h`ez3|$RGas75FbAAL*awCCWHgvVp3P>O84q)yO5pF0-#~@v9B+L@xL^Se
z=@4nA1*X9MF>=e4qxFSO3owuz1=1VH(v_U${w+Q&c5q}3@d(?)8Nijx?B>j>rWXCY
z_62erFFlPnwHr*UdJN^W@O(aLVvEXCqf6igg1&=LTd2qH_%>$Ra&|>>!@8}=t<=Lj
zR|4?T!faWAjHlf!{MW>vX<{_g*Q)LMMQfWFCpvU`$0Amy8Mz-OLOKz$INMdEj?Ic5
zJ0N~)%sjI|6e{1C{dO|<AszLWrfg2|Q{<h<`!f&4e+k=28YYHVX$K6L6hyQbZKHyd
zk%~z-a7u+p-D#Bb!~WI%sdR4$9q}TbhI{3^AyserlbQK{)S!pt44WCjeE}S^EKocj
zlgXp_`Sm|0OyaSR;iQ;fd&RNc+F3qOexVbU-H;6U94($D-pN`^24oN4JdSHw>t=Pw
zEw9d^rPmX>jB~eGf2u;Ggf&mjvRZ{cIGmIn{nYIc`5drfINd^I{T!0SEH;bG{a({J
zQx*SQ2H}#+eZ8DPJ_|cglt_@)+<1Wrd2mS0xD;$uLV&7{babd6cyRfPSe-(SNEpb5
zM^aL|jZqrAi8Qa1XJ%Czrtc%?ICg;UeW474daWi)@_9HuUSXKjJH#9Wpz4Hf6SMn_
zY*4V#-cEQ_=?1Q9BUzNZg^k1s_H=apx_{n$gN?j0Gwdq63V_FKhvYVPLPEC7Q<#lA
zc0(#SJST@2Si6r+OO(+LN){8J=eEHkiN|CNa1GKb?*&>B{AC<Ob2u>$ik6iSyHxg&
z!izn&9MK0Uu`A4A+)Qtn{X^3@>9Z1=C&{Qstf8?s1w~%4HO;il_}T%SJH^(@DW);1
zQP+L~*);%~ys1)h2M_==4-N%n^B9=TU9t}C%oi4t0R~0V5bVqSMic#ZiT#&wmz(=d
zg;VFjAZ&b!N`_p@NzjJDC<oQ;vBGA&v|x|sn#)8KRk83Ku)wY&c(UjgK75gEx9rTb
z$YObZ+6P+;4Ff4+<kpWN+e+5R|A+)kzg=D0TPq}IVh+$%_cRauZ^tVt8o{I%Xk3lA
z#x1!2%7_{QBqHJ$xlAb)hm6vt;baf}z-d(vR9$p;`k_vO1)aLmNuz~_1~*SrWOAER
zMY1|>1+DF4BcPdG6{-%q%#L%~bP@B(!l5Rq4P}*#K0-X6#|DHQ&{u6{8Gjo}9+<Pj
zn1GU;yt0+1pN8RmAn}e}_NtPxLxzgB5s#Nk3YpJhd++#t(Qa+G&ySvJ6TN9ehRC2h
zg0Hj9;g*=+&#bgFc~8&5Pa~5rMN#9<qo<fnu#6MaW`I)616^P_bYwh;h;Qc|S}{LE
zjj-31bM{-AJVAFt1(^yO^4xG1K!YV+jbB~!F3(_>KVJak5x`+MY7|E&!*q5MUPlz0
zAc(hn!QZj8H%y@yXS-BV%+6=UmxP<AA+dF2$8|pJq<{DzCX%`e)o<3zyO(gxP9f>?
z5-0J6HyOFQvI)%m=#HY$AOd8I^ZcyMrq2y^83x+|ENyc@+zLLskr>x*&IPG0RqxR+
z2yNMlKZzAxNqYJokEJM7O8{aCX=&b2swe&-n{FG+RE;ULFsoFS@6EYCQ2+T3Dp8fO
z+hT|BIaPypv;<tyxU%T0_s?S2GEge1|1ZwoGN{gNSr^7(;_mM59w4~8ySuw<aCdii
zcXxLP5(pmL-2z;)&pxu&ch|X9A5~qvHRq4n_VnoP(eD`9aGuoW7NjV};&c)sY!Sa7
zXQIT{e~8qF-j5e>4szIS@=*6RH_o4KU^X}IuyMjn4D36C?jIm;(sS&Wv;jTyrmVX?
zB4~Xc%(gOVsa3;n-y3rJdQ$Q;<q?f{W8m{5HNTW48Q`)#eBSNUej})D?}>ufesgQ+
zxfXV#LL0R{VXqC${v%znVR2|d2Y(5VTI=s)*YaQ1%>&XE+tFM0A8b|lUG%!CD%V{!
z-s(MjD_X$2^r~yOkS6xmZ)$$}(sK6Ov{$QU!u>=(Gnu$HXx~g(L2#R7^LAJFYul<q
zznYKE;}Nunm<ERW;14~?7BHuh2}JU#r4xXxU?Ni-+}_x3jxaCYMjz?Zq8u<P6f*RH
z|0Z_$RVf;-3~>a%{b$nH=@r*iLnW66$r&R#If_p;sN+olQ&69CpE*te_l1l97o9@5
zwzh5SuXIOTN)rNZn&(aP*LD62-(39V%nP^EoaPexWwAz%eiOC&t`#~fX@$**xw}~7
ztDi+(%q>54Y@>_Ro=`e}flr6Bonh7-oO1u|^<5Zn20xWC-)v|Zow2QgdCI#ai;L4O
zBzF(fHq(hHZAwWX(RVtQai7N>o5aK&!s&r0qGnJVg+zv@BJ1VWZX!C_k2-{xx?G{_
zf;lrpH4oRnU(huDG2s6lFOjD3yn~3pDIp2FOk6XMmy7ClcKoE<Fd|Gwq&kJ9Y@_`d
zQxwJH)Po~<nu(6&SW>k~X8ISj`#Gto!iq*>nZ2bAc3paDRKz5^ExPrgHj9N5t<^3o
zQHMcZ_0J7oOf2`xCaiA%qht#)tyz}I=sakV<&j@hX#4Wkv%9>9Mtqo{fKV5x4)Eg-
zjYh>7UWF#1wSo)^WaY$kOiEn}WbFvq<3qrc2k>Oah`_;xLrWrPZkM$w0}+pz&~@7i
zX;|uB1|e=}$~U{YQwr>gQV*&tsn{AiVe#%=@-G;|nl(1_W`gNh7k*+5A?U+$V<%ww
z1xOi@m=GED#GP9L&Y|68L0ob<^zru8eqt;{f%s2pG%a`==SGNZio84whGbP$Nfe#n
zT}~*?eYXk#cocH)95TKoF_4nVUC#Jl^oH`b4c{p;I#ea6C#{PpaL~GfkLLH!Da6cx
zr<=3K^TdzGq9sUoXL+t}yI?rZ<1-<&nx=8<-AaI!8Q4TDZ@M`ZGQqrzuUTgbbMY*5
z%nF?ua-woZ#atxU``E7#+8c^Jl>2`u2|$`|4^ib(7%Zk^FG)m;(Kh<4Ex~P7t}ng3
zh1jlSHomHE>UHiA`h?W#o&Nq<1Wxwzr8k#}c5Z%=Q@wxs4cm){QCEuP>-+A*M|PaY
zwMhy!8DKv6yTreD?$!kKE4{D3TGtM9cZc^IO(`d-iM^H?3-O1gN7fb0%FKizX#R`(
zkwmzAM;)b@YU;Ykupn3s<*es}AQ}U5dtI!<)BcHNMoBPo8_Z!R4T~MDn%n+;#ah)S
zqA|eZY4-K-l_T7WgiZSQy*WI?)5KNT$t~R0YtBn9fzmUJr1?5wkAGjofmwTzrjC+D
z3(h#|__oE^{^0)a+W_)?!J5I}<%sV(7{|YG{(1*RPlG;;-RFxc5&$5e&#Nf@ec8?5
zs(cv(D-%--Ym;G>OS@fm%y;dN&p`{`aBCS(i$#mk8Y`(h9HkmzunX>LB~)C<Dsop-
zitdNW_lIuy07TJJ*;Wg2|8t(py~DS3HO445DSqg@c-8OImqaSekR=W3Ra36dU_HN3
zeG@7pVBBY$Om`LS`=``8t6l;S?U-<6Oc^;t7jtwQX#;ni3=?-$I5)FLrF4e&vDI*z
zHr#YF<Mi3zJkF+f2K0kyQEKex)z=;_o<lm7yZSy35D5~mt?@+@ac1?RM&jGg3eW;{
z{YieA?wN0YOU;wg@E^qAg{7s3ELZl>ez>UmD!E}+@jXVvUZ9cM;O)yPtZy;10VtUX
zR(@NK&$6&tUas@_O<1Jz1Af|q_UDb1>&@1v`-LUX?yf%j(I0d!)hSU7R#apDt*O$*
zOeSV?VSE++xv(F%uh(tuneGalw<j>O>p>i)i^DwXtN=Tyd_BtdIXk6OONlWWs8dX#
zXJy7P5fFU&bPOJ&id@rc$<82J+Zw*8!mCvK-gj!GL)h*HfZUJExi9DE`e}U%ReVkc
zi72xy+?2yh&3^Yr=B_h$IIOgZPA?aDob?4(?!PZ=?jE%473rC)JSnQd=$JOJv*hZ-
zH%qguriUk}l4y$+D&ub+TBKf(=^b}tH7jdG&{N~DVQ|6=oRY;c8}vU;DkxE1$qmv?
z?WgvvhF2MJyT|q!?ryk7bCwRA6nHO^s^1YTh<B(|&mrE}3KsQu16cY!xp5gE9-h+C
zN13;DUyFr@2n@Dt-GBG;XQqf|L^(86V+Ssss@D%S&5D(zDBj)xUV}st?qfvk>S!3S
zbfoI)@~1`xA0n+@U(uC0Y^@yEUd>DB=py!L1?CJa3~+LI8$$rM_I^nd1UBG0*cCq7
z(@RX&V*|&A2hm?Zft0e-fE)3IF-ttditJYg>&;36?~|qI?2S9`JG4BnFgNP9;Tf{v
zr=y^)cpVassAZl>+HPPUrMwH5AxgVNQ*1~*7ZLi02*h+b>RRTHmU>;@PgD?DtwLK|
zF?Ryxmsi)<4=&rdeuU_=xSRunVBfDgq&|0hY;g~7(zvmNjZ1JWRL@ki(Pw6?)5;XD
zk!wS8Am6MdgSww94z@d$mQ*0kv!=<FaJXOf47>IVTs_)f667-lF$^w74IBC!C~~pi
z<Qu)l|3>*MQY)P$&e=Z^%JWJ1|AbUU5dmQt5qcZr%9<IeDVgf({RVJg`kIrIr0=`N
zgt?RDtSl74QW#)uZK(eIBKeeTRP|%(L|k8630WwTVg7b1Qi!rGNZp@b0{&k*fCl#V
z^d^qh)pC>21B{4Wk2DX+;`z--^MR{{90GR4WHyB%B|qXqDT_aBGYtLs51A*YE@tS7
zNI&oZM0Ixc0S59_hkH<KD~hc0_z3fR6>z^(%SbQl?-Lg7REL{n)dXsv19`zcg#wWm
z(oxC^2KBI`3o%a99EQn3PvtRAPmM*RRZGKX?50`LP8WXKKtIz5_>)a~c1NQmqgE8&
zf_!(_ye=l_)DIdBcKk_6zH^|$l5LcT@K@bxs<*HneM-s*0t7_#PrCgh>3?=UgJTq|
z1_@Dvw{B^M4)y(nj&2xNI~p!*q718KzzZGO0+D`Ser}OSPo@#N$8K>w(o!6QQ(`2s
z(dBD>;i3y9Ww7&F;3`etK8}0>YJ_4D7bUSuk%Nyw(0obh;sBd9d?IDie_621ds^L*
zK1&apq>HLGU~S=$TZ=X~yMR(gz<>$(U6HyNS6Kfn&h~AngQsY?j2Xbqm1>oa$$>va
zjxY+V%=h(UZ<2q%v0sN|QRH3j1Hpdl5z2A9FNn>I4IOw`%mi0OzObGU22yK3!q4;P
zL#L45oJQr`N{^TO#SdrdZ55H<e_Jf#LUf0;KGkFQNo4<vn)Dn^3=JIVjqGeqEzHQG
z`l0;^5rr>(hl!n0Ui0G0wCNa=Tj1-@dQ)AzSh}!ANTQ2#jP<WL^&EaWQp#2t#x^%c
zqb){IbxQy{_eqT#L_*vl@NO9UeK*tv_b+{^PQPs`3`1Fp!T+lfSyE!CG(Wkr{v?ur
z;?BtCb1nNXGgit<(8<zI&{B?1%`Pg)L(@x4Nl8qN&q}FW$xO-0OioFth)*&oic?Qd
zNsLcPso5{PEibE%O(}`TFwje?RxIsR&`V6yjY-f-fLn$hD}XfgL*MNX^C$leN!mx{
zh}WMi;eGnoKPt||$;i>d-ub_nbCK`29At#;KBN(z>3<7Z*#C5~`U_Q22V6FnaHGAl
zV7jL*3OAN&&}#`#&&%U+rO3jYwfGhx@cj|&6%r!SJ4mg#nS0G~@qqZ>BJ;yWSi(#?
z#VZZR4psVkK)n`m5I;t}A3LbpR~-=^pqvHWU%h9$#sm{>sD<tik%j8rd5bKX*0QT8
z+{ZG#vs=xSl|y!ELWqCikPc&h{0ywG=HC)aJw|5=S~^;yW^3J%wi?HKg6a<kcS>yz
zud7=(BI%ZQ<vgKh8HZqTD3x#v+_&>p4*SBh*UMvfa$YmD3eXz6SE$X^wK7<fb{5lk
zfcdLA^H9cLls<K4^-1KP^e>-c_*-W3Z=LD=|B8FSWqFj1d8Cch$&oZ=tg$c>BHqa2
zslJkynuZp#;l7HdIlgRD5Pvge9-ClQ)+ak_pFxrI|HYP#o$<edqx>Xv;Ae0=q(K)5
z%k$9=M(4TPu6Dadv~CJ8MoB=^6z=VoDfWxwnuZ^QZA`9@)sX6;rHs;E+3i!$5puE<
z=*hZARc}Vw#LB;Nzi^u*1Adp;ivp#JBvP@3O)<EdK>8W?8z)OeoR)q&I#&>QDY+kG
zV!7~M6mhmdckqCHO7duT31fejv>TmsNiIJ;cVWgZzDO*8@nakGuS$PJZr@AzlnU%q
zI;#JdbpI3OHnEe?gM^48kG{chZIYCCC@+v3>xAU#VEq_;s(~N6aB%9MJG@*N2iie-
z!M9YhNm>-_>NiA58yngeU>sL)P1%G)Y?QgwI?ZuC$bwu2$q<rUdujvXCR&CC7#9|u
zzbW(^;&#dyAV+MSqogLBz4<m>%^{-Z)$BVL5CJcjs`rcn(kdkcF*@}<OLEqH-CzGI
zm`Ut9lF6q);h*%6tEZWTvxS+houdg^bUpkaA*}G@D=GxT8zES~WHokF9;H@KH$0xT
zl-r>jD`)AoAS|J-Ob?VXU%Jx$;yu#A(j)sUtju}Q;28<*%tD^)z`lDF>z1<Wd7g|<
zR(M*fIk3deFVyk~KZ^6vYy=M9zcMJ;{!8ullR4=BZ3(irF#PZE5cjX}5OV1Oy|W0>
z@AD@>9DN1|_7QtrHa5<d_zeMo$KyCvzQl-k!~W$fS*IPNB{LD$r6l5)E$~Rd&ix+T
zLkYQvnmmzup^E5szX#MWwvn)FB*TJ8Sqwp@v4Rf;V`Uqrlq(IO+Rbu!u9i+sC74az
zC)jteV{a>ij}}BB52st>D(j7`DWcKFQn1GUQejynq3dKZi7^BP3+oG<aO1`wv7m5+
z<O!S7q1TT4PpCcZg};Qy&ps}|s=Nm@<G*iaOLxX$V9=DajW^BQn$5s@Fw{Q1-PUm9
zR)X^`sUCSX`*@Zcuh4$J{&W4e>+|LYQNaEz)_(~1lm4#(;@=2doSv4WnwD59`*&Kj
z^nGu4L8h8=jDdPSEC&4MZy<N?y&3-la*+QG<aW;XdVg|)Kjh?SBoovB33AwwOP`4C
z_OX`EINs2xd5hJE=9Cc+s-9QH^?=r2uY->i#qdaoojz*gLEC5gs-5n1Q<>?A&ENQ<
zhlHB)N#P7Pkur4z#c|BsEo#q;6U6N%X+*Hu?qUZHL{jcr`HD}+B;73!VDoY*Jsn43
zyJBW~Zq#*taroT$;yKVw2uuHZ=AY(G+Yz!)Tsi4(^rc>rbgq5@{;R7Mn|Bz6eM<M^
zlm0P;{gLjEyZxth(Ncd90sfdZU>GgGhI5Bo1_P}cDF`*diZir<!k669c*q+Y88iQ-
zuyH-mU-8>!ooYWnTBLD8B*{+kW%CWXAXizx$mTC*iGkL_C_pvPJ?@#DES$e46ZoAE
z#Kdx^8jcy>AdzqBx@|AMMF)1fG-esed)S&c;>F72k4O5d!fE<!V~W2@a_w>j@+TRo
z`Xqu+`oFq>y|s&(h3%g>{J(m^%+w_9JVz9GBpOB$IgLNq=ZS2I$dS8|Qpi$@)sn2N
zY-rBss1>)3E~s;)miKLaCxHSWgeuz5{6MMzbml6RIu-vPIC}ERrolzpkV5tN7=QDr
zyG=Z@`%fO(KLP%aTK_k%|Cwg`#Mj$?E*v3lIlDs(;9NpEgqB#;%~%Qb5pe-94kp&8
z)^Wr`ohu>4hDpnbZ(AQ5el4NcHX;L@`6>{{04Z57#s;e(5TO?w8pve@we}cBJPqc%
zEHDPLHP{~HD=Yaf5ro#qbg8%ZBeFR)dye1dDKS6J;KMf^fS?WPm=80_ArU}_;dE)!
zVxn4nqkbWiJFH@l>x|{l!AgY44zezAUeKy^?lYpbVjk;$7ytMcod1qhl}%MdiNz7(
z@v+q(X)q}FXqK$1HZN?iyviSKU!bt|F-+30>aq9X?l&EK$m7Vcw#Y#%`@D0`VrGNK
zRC!YVw=sk(4=?NUPqq1fLh&C{r~gpfe`f(Eas9HNsZ+?MFLdRu`WlffO7;M`LojF-
zVrZPFg?x%=GzpW6kK4}_qWovn*AK&w2Tpd$e8p+j07ZdZaVqlzpm8lpQO8xYL#?)K
zP#`i}`#d?`pM}SA^By4XQect4S6jyL4DNn(`2XB%pB<cl!H=1-T_N9#C_>&!^)A<u
zPU6%YB}2z^l3wq)co}k$W&Ms(gq(*M(~M@Tw4st|n816$N1z0LwWiQln}r$u;Cp{<
zRp|nX^<b9N3NOAzUk`)s619mnU4yWD^HJmXm|p3akH?3UY5VR<hnF&_ZGpgW`ulK-
z=@#DiZ*Hct91(o_sjKqO8;t)%#{WAc9PL~!j6W|I{ZqLmDOjyDewH$CH1q-TkVz>G
zt^8l00ac$Pm9}1he#&JT8cQj`gvAWn*YnPVJ;YKhRCZp{k;kLO`K9>LWOSGCW7kUe
z;7%ReGgIeuQX_AcwHIfi<U6$$*dX{`D;t^%rzX|)%2N|%Xl<!r3wFOJkFVL&SkAN+
zuEWQ)UdDCXBfkVY1nuV79UknVI6nA5$Sc)~X}9S+KlJA6S=9N>`7IrWZ7z5oIj@h+
z!S=LPPcR@Tf;UW%?_+mF<jMF+8a+wCHQRt2{hSjAh%FXGl$}XjWBLzk(!aQB;|)BT
z1x2nQS=x|ME3jiAmiX%imS!AY6eC#Arp9gImwfG+nE}=Uj7=n|=M$eQR`#M;3=ZA4
zjPRX>VUi2<qg5eV%lOF{gYUt*KTqIb0Q=PO?~R#{O?WxN&==qKV@X&%mO+PqPD^m$
zKlJM(#vUvZMS~i`??n27*9ImYjV0YDD*Jq6&#|UWF>}SRc19N$wQ-cMw9nGDnzy;d
z{m#2+GXdW5Ez72Lhe(tAyibBRCACoXf!<y_tP4gNhs$+LGt96dwr-99f$?_%e#q%`
zp9js75-c0iOMHyeUS*wZ=hXEm(SF4b22jP&oMPt<uLv&3(xm`O7u|`aqU55$EmQu`
zIm?06-M<yRlpzO8f9j+^sQO1w`JXvnr7Yb<_$&h@)v`jEtb`1;OziBG)MRY+XBG5W
zM*)R{{P>$MZUzJ6@qhXv)n|k8AF=CbVr^pJ^xrjEc3i*hz#r`L1TRg}Q}TeWd8Re>
zgLTTFKvz@6Cy+ZTLR7q5I6;GBJN%#)iSYaQIBc^C?;+g()^Ly7uzv_yC0}?4#V4;6
z6oTlQ0u-yxDqzd@jYKP+mG5+@h*w-u;a=$}1IW*Y4vu*utH=pU4_!NOLtvFem@oSo
z<bbUX+*f(kNy#Hjg1#A|ygQgqP=FFNh4{3@%-x%wg$r8&ccmik`r2W^(~hcdLv(O;
za*P5&w8EEKPe*9RbE;$9O`9~&AtRJ2^c6%x%y_+a(WSA)WXVoa#K%E_7j4CmWe7RL
z?p*}O5HJm~f)Ek<=2xU^1W5Lqa}a7vCWY3zRA$?a!9I4S_@H!5F?HJ@bz>A%+$RVQ
zQB5dQmRGR>h+#P-qI|5MI`ya@l04>-EvxYPdCUe=i5+B4Jp3(5itlA+9sD%G^QQ^^
zv5NXMf%{)-b{EBU%RNR!pGP&=fCh#Uo3DA>4Zo`Eq!d$v5u*&FQ4}<8P7+)g-ygHX
zH$>0LJ?nWgSey=~utG{3f*QQBN3HowY1YAW2Ss=3FKA4#JMki|<5nG#E`MyxKi&=M
zq2fDXPAr6>PcnxN3tg-8(2no~J~lqPcMtW!)V3zwBVlXOlqU@tVRv_eA_dxr$T!cu
zfMr)~$qSzGvmwGmMK2sJdY>gD)I|bY8t8{^Gx5_%8+*h1Ayn`cJx>G<epTS2{<31+
zfgdDvODE5(0O=!1^!_VyEkpEN0246Uf@teU#5Cu{)}2T={N~)<o2TdzVx+~yJ)H$Z
zKO!f{*f`LMjeV+Fhq44f!UGsjlR}7R4n)CSf;ONEr1Ms#F!WX~-5gHdKAPMc>AZRB
zRx3#}3y9#=%Jpk6NMLdx+@i4}uo5+li)1&Nb)1oQO#V>tIZ60sUB**--Q#W_9vzm!
zF4dA>T)@?<J30`w?+P1>U!K`YidsJWf;)s{ClqLcW3XkRLel_3sdP#?&Y;;%RIl(3
z;m*#+BIWw52TBZ9&0K-znGwou=yw4;xpex%?r6&xIC>hsF1O?G<p$*aZz<oaxdcJ(
zryFQ|t_uH{D?7RTM=LKu#_H4fA(!uHpppH+r8YIe#&9+dO~r9_pX-5nwF7a1c@$|W
zPSl4N8BNV1dsDDZb_f>l?Tp%@bR%qo^;(Mp?&zMMA3dCL7Idm|J#WWZ3U!=2KcJ*W
zo*;<GXURus_#@SlbrYqQjJ(_WVn|eN<^!_zjIeBZoNx>L%1&gBoW>}<r5)AM&8N{9
z4M}qKRN~5kHh938OYe6MgW}Ws)#o_h;m=SAKCFIs^Z>8G@8=qA@yd+H+i}G{5{Uy9
zN)AE}#=4R%O!Plcd)P)SO&y$qj$u8&U=`2xVwN?0Lru)_eGO_Ti>kw`5#NXAXm_)f
zf2Ac@tbr8xS%{VnY{g)Op+)3jOHC_V90?C++aFqBw8}D^PUh291idlD)4`Db5GdX|
zV&P3BXUhN87I~_rB`ZgnV<++L*}4y(=57q-SO@b!4IN}hT4qI;agcwO(a$yfOW1o_
zip%|=-cY9(VX%h;x0zze{Fh?2&ffMb1NF-yxScP(mBs6ME1K1TjrlszGJ3+E59Kz4
z)1GAK)S(Tk!FB_}vwzKi#TpX~{$!KHpY)Fzu#<<=zngKDH7zdo^7i(1pPk`|14a2V
zSNpNgKCz4aoI+U4=SNF>Ab*SDcLE}rQlFl~|Gxzg7aPOR7-DVkU&U#5oPyQBpQPfI
zhTg{kG`v@!h41t1v4hQ#xK&*%LYo1Zlca@@o=nRn2tCvMxSw7#Zk}uCM~;fiG)i(r
zJ|8bYhvnlwLQptD{$5i!3@h0E2~-lQ@c2cl3jsg+g5(RGIe}x7mlpPn*20T6BozDi
zO0KejzS_{y{PI5`td@DM+x8-Sq7xM74FH?6(g*ye?%gkTM9lJD!Y*=!Scc*vqCg`)
zFA;O6?3ZqVKwWR1FeyV#NYN6)uknPhA8h?nR&=8DY>v|~Vz5T`HGfP#lB)|toSSgH
zM|Nd;Ev3{}h4O@<w7l@Qw+38G*g;08c_3W@mfdUKRl|Gk_eQ#c8-%r5sFeg^+mmQ&
zv7htAwr=*Vw4?K9mN?I@$#KdZS|tW(T$1}L8aM;-V%j6|@AvyuTC|Pvo@pWrv)1pw
zQ^G4S!x@xPDE$6vZ|#aTX1Y&XbAQr50@>Au-oVk!X_4;F9)L<&4TM5-v$l4}a5>rd
z^Yf2%sD5{-+(@Z)t^A@g)?}&m`BneFxBdwn;_&f4t#0sHtRR2>)SnfC!NkzQmf_FS
zpQ14M-=)bT5BQCBo+Y=-sl1D|ic2K1@irlPsLZ9bWYEn8TS%EggeJ=><kp)vcWlLH
z!+yfTiWC^$5k;qVLmdR8s1qp6jb9!%-Y|q+EU&Bql^2CtskD~BZXTqLa|=vlFW#q5
zs6pn!(EMwtd*?t?%NdgT#W(1kIFDZG%!!%dn{|2AW#x{Z=qC*nC5xacH*Bt^yy`*Q
z*zIJw9qGpFEiU|%PH?lx(I5WVj;SaXx3Ms}s~VkY+7VSM)3`gR!9EQeA33lB)jxm*
zsN86BYis7^YJr*k6LiA4Q$02xbelQ*BnvM=1{cSMl{lELyVZxK_tF)*%-xQhh=%*y
zV+a<T;29DITFMDdQi;V&Cs7W&{Su}*{%W)7#~!_JpPQ@NpV=15|5urYCI&WDZeBc#
z=N})YMp7m9T)89YT(Ml!<y^)Iq|`*F2dt(>PBmK4BCUv2krO(^ztZM3xLgVGNF@#v
zNVAo>f4<c`R`G4*ZXMpfz2Dy3pTBkFtejqXch{`kZ_>A_@R>4VIz-<xmnO>stZeid
z!Jr`me~>)yWTB!yL771hAW4AK7?Z}1BN4Vwt=eM&iPdrKL~)u5e*Y$HtL_e#iGv>k
zkTG@|z%<0M;G+oc-*q5ajXwgz7mDkXhDzNYruEmK2b+ZrOiIUf)qG;0@g`0snAsI^
z^n)ZDeD=oo>+gC6BllCF1j6bX3Thhy6UEHzMZBR}77-dEOc*oA&y4)0>JQGHf`tMP
zfbnyXj?yAzmx@Y++8Y<Xda9oS3!zLhv?itqz=LE)^)lhd2Y2i>?E(`8Lm-VYb4ug~
z=}lu^{Ry>6On-T(4fOq~cUr`^Xq5*d6pxyXKw-zthCP)?9E~(+bmF}*1$KDs3e15C
z<@tj;ik2mO{D4siSiw{~i(eZOI5rVA2Fd4LIVnIj4Mf15b`GulI$_`$*R%rlE3P$x
z9(l}k#B+Jn>jx+xu6~LW`18<Vdhxg*J}`0M*jz$zj~&rnzg9D#6%h7Vnp-D$s)GEy
zaDes9H%@Yb1tfbD5k*W=W=_BkjFE>yIIaUA-`g)UG3rAJNXf~FJatqidY=qBYC6j0
zJrg-p1e!cE11m8aLxj{(0{~=F$2lb|(Dw3G+JB<=cYL$~eOH}5Caey^3@AGLhZ_{E
znmPO^bUpG7w=t)H_$q}&DAAZC)&Zwk0RnMSY+z!rG2poxj8g_eDvv0R6<1JP$iM({
zg&2x%28uRbG<3&YJcyJF3FZ-f;V04+Vm?P5;o#ob4=5~<^pL^DFivcEDp&zzM&lDe
z&^Z9C9}9R;;9!8$K|F(N9+H!I;fj;1ixE^}gf^duaFz=!tqxJ7&v0Cw10-fsPz(tE
zh7p%1Q1e?IFR`Nt5kWqX9sRPHwsHOD0Cc>Z-S*;es2~Y(uuO0J;6PCJ$GDEcGt$sI
z2^874*ml?ySPi(h#giSshKfG)h`3SbAe;d4)Y845P*5*lxRD_3kVE_}ouRkH$E1t^
zS45}yKYK01Mg&E?A1+0P^y{xe^^q`pkP7w*rI>M}iw%DvwqRy)s=>w(OO*&bL(kuQ
zNGFpD?;U9DS&$-v$7aNaK{kLu7m>|`0MQ|t&!NgC4T4ICsS3w;*BfIF^#;czQEYFU
zw>w7h>;gem3Ew&}g%WqFM;0WC<R`r&2#w=>WAw&i)_|8F*|p$Aj)p=_j#rODLJNfa
zvFB%n-8AvF146DS-rmta?u3UZA#6xau;@b;N@A+t@B@W}RzHYjmKZ2k?+xZR^t@#O
z{s<+IAoOhzEE6>60uRmomU_JJ1M`s79tFcM2HhvWs{s=J#ShuYD?JNfUXwX|b8vnL
zPipA-j6As{bNi+QHqmrqp%Q`kF!3->@Ta+N+;D}=Tb8JO07Fqh@dZZ7yw)TWbJnso
zRE3DV8z>l}4947I>M_N8vy=)>7)mKZM2TCpQX(o=7({*?85rPs6@JRFIO@949819_
zc*2s1;KHSHOr0QJkirsS5+hb9Oc_p1qs>ZeS<PtCQDT0>jIXV!u<~DU<uANL=Mz*%
z&84jLor~C*hDI?Hn$S&|aH~az%aCmP2{};=P|b*!hY^MH#ul{^71g7-ab@BHJcO_$
zDv^Q7g;DnE)InUa1VO|KQS!Jl5FrB#oBi7R7skHw(mBNw(ii&Ul_my|k4GXxik<2M
zewhf5WkA#o6GuJ4+(M+)K#{x+2m+N*44{7u>;kn22OWPKLR#Qv^@K=j%R#J0fEEGk
ztS`bXgoMw^dFmTS?8?`1?hhE`FGLjJfSHG&bcBEdzDIA;k{2=xHWxz8x9{oQk1Nm^
z7Kj4=2J4yyl#EJcNlt>Ae@rOq*MnqFJccQ91oo}0{w@Hb$qquW32?`XS|9^VCsgMr
z+8~d}4E=@l#TzP2c)(m77d0x1xU0S&lLVf~UO5UdgAV(R1zr>kMP3Vq7}y@;nWLpI
zjnMo~5OEncSOm0{yl)Lum>I2LT7c9E1XqTAD2?c88xFv}02RZYNES8&eK%4RHlUPu
z<(`FT1MK-7iTE2DN<AtPQ!a%durTG<aCso43GZ4=LrPSh6zLFGY;G0zj>w~XBin#{
z!n$C_BOUr`iP4W+6MA8-X_gXyMnoff(JEjgXnkvmVRe5eLn3Yp!ZdIwQvp&SVEMYf
zw-b5(VGREspgS_o*8%kqOd50%2%O!sNRc^heh_xTke|Ql1@%&UXZyiq_$NUjR97Q7
zIhYB{MN8*2K4cTQ<rX!eK+mcKBG>1BAql2opu;&9%@pcypx;ny66RgoH)Wd#Kqu6v
z66@3Mm_y3z`mcfv%|i$YaT0~0QkznZS(leZ(d+Mmkkf;iVWia(nU*s=Sr!Uh;vNN)
ztYIB>5h2}v=|%19t0%#gY3$<^pu4=g<&<0(fS?4?1dee<pRa=y&>_Tzy4oA!2<U})
zsc+z6hv(U0=2r$Y0>)g>@9XzxgvCTQ)R2vu3?!mTanRo$=7u&Ti1RXGRPN*dCIBS#
z%JG%79-fo|eXm3RD14vHP)mFna&VhNi^M_Oh*5f|feO>O9=@%#4?WxghLP4UvD$aB
z9%=9E{+10{N-;lMz;O7f0o`&l+9YFrbOojwq>w~bWx|siq2TYK2p=IA;Yf!h^%TT)
z@h}HKtMCOjlNwYb##fyoCWEpJi!zAsTgy9N9pqd=nqu>2t{$oOzrf7aoD_`TRdGum
z;r}|}h9AT*59QP&%REjR(l){wXF(>XE{#P0sKeq><l5-ep50m4a)LLS_!h=<V%$14
zbzEy2l`iZZ^KCq#KC0Aw2Krb3Ft!XUTl+-~iwXt<=A0hR07DmRwj-bA+<N4uPy4aV
zvkL)at-*5iCa;xRwNKr#6JoK!Gk@nR?+VP#fhO8L<cQ+?34My5^W22FORd7APA<^7
zRg;uZGlCadZU}99kjX9TjL$mG-Hg%Ad&x^5dU0XlRMy;lcHk>~=Gn_jijTZSJ^7%-
zL-&5nk9il>pIEUN2v%+}MeW)I*<EdW0r`7R&D}<dQ@@+Uu*ZXKz{^Qyj{;9<oAyGF
zgmN#T!3kn>-3oZ{gMAX~Ow@9~?r(n8=W*9!Tn=Blw4hDKe5jg5sE53aYtstxno(|o
zmNA6y`e^Sa#r1{eq~n^iNfN_C=){Pi(4&`NWAqtV<sQUzx@xc8rw&>>H%&U)f~hB>
z9Fq|GBt01-gC;hy=clDbGV0<w(;)FnDjF~z*ImsGiO)|{KqEl}h62M8%-+M!s@yTI
zg7~^qCeChO5fADsTGK;ncN1aQyTV54Q*Sp)V-<83Qne+s^s_CaYO~4YPx3T9D8=7>
zrEX}al{H*ts6F{ebYv|eBikms(b!>PeEW#@7iR=c9Wjq9w=yTi>2mze(%t_hGF8#n
zaL^dIM^1o-DuKFIM1|u!H>yjSSLSKV(#`t@JI1%y=Ze<Mnz3O<y)!>vJ}O+FX&$t6
zY2L+UB8-9qVg~nMLGiIR>b17kdmds=o3)}hBbW2kLJO8g7f8=#A6p;2SI1R)AJaBl
zWAEwX<H%u~B(IE-(#u0eR=+cZm)|SXM;rICP`DonC2)2|m6z}g{Zb4z%2_?;c9bYj
z+%xn$X?_cO?6K7yg)=?r6Rs6j77e|rMGx~H(#6jgGn}TWqE~o5me=<Sc5<W)Q5RaS
zqkN)N1^V>IcO=f-dJ6ku(T)wa8XY^fhm~v+g+IQ}`OuF4HrShnr(OisJtM^0^I0xY
z`Ed%1K)7%$hyOJEQ%9p!*iU8i(33@or1OOrL6bOSHaleHpnvhOM9)Xp;ktcmIT>%1
zV#T<2wJh<KmL~Ljsw>m+6N#Jl0$H+22*Hc<!iy!?$O`PM`WM?TX}F8k*s!Wn$!xkV
zBfazvgIE-qJ#s>^LV8UPqP>fnyh7DbF}+JQ8RW{o<D09DP7+3tAG@V}{fcz!t=%gr
zx9clD`HGjRp1P~V&3pd)w-?bqX7IW+B3&|HugKqgA6JyY?5<0HQS8BIP)%dZ<jU+Y
zM80?RIL&xnG*6YbSJh_P=N^C@n9?JwO&(sDWM3w7=sdP=tS^MK2J5h!fY$Z7yIYm*
z1_ZxF!0>`bj|JH6DJ9WtRwJnJv0E8!ITKghhpyLm?cUj1DrV*W{>fe1t8yoOV(#^!
zN_zez&%_$W%QK@XCXrC(%*yv7Z7VFx5Lm!)s$SIFF0E0?=cXlsw<q!;{D9~FolN$3
zwbEm1kk4vP?n-v)_)H)cj`{}4nbJIS?uBtGY--9O#!T=7xXa<Oi9t@c&LEsV^>+kX
zp3){Dg0uFpHN0)5_J@g%K}WfiOWd#@PfwYB`3$=Tjh&@ae6=KQjkSHTMc8=s-RJg$
zkx4F*+;yV|_U32T-__f7{LVDzUJq5;xo}>~w)-~ZUQ#xw#ECRa%X<?dt#P?wE(qQ;
zYb)qyJD2qhzI%U6?hs398O$z@w!k1;FkB>#!7P5oqrt7ffrrD7eSF}kwn#9y{IT|<
zZ8NDmac8IC<1BHO>inVYU>iR3=Nn)zR!63-P;Ei97W3)n7<+Y!t>$&1<K<R6M)M6o
z;|7adwvGfELW_L=jl-9U8V0*7txbPtZ+K#(6gvXZ68(+OO)ogN(KpKvCsOfZ3JZ6$
z{{FoY2|9Ww%RrG$URvvyb(+77PO4Iq<y^fAhxl%B<4lvmLSZyCLc}9=6fV9Fk=H~x
zcC-0Ju=8$$L8+R7#=7IFkPii$ngpLL{l<<_Y|rT-Z_`r4_46-lXJ7k5U=qi{Dgkc^
zOeXX5lT2v%%Vlhg#YNScRP1Wy4#(SxLDOD}%3l1^Eh{#4oI%;uEGtx_F3xFZI`&K1
z83D*3Z{gdvexs_N$vJ_e8uwM(=5HMx5msrJ6Zb6x!;h*6?LBK>G#vNK9I_1K)<b!n
zuHP{=x>LmYvXOpweCrA5_j&t9mS+Xfx1DJ;J&dsRUN!KKuf=?rK1`EV>`-cguX*}b
z;`7$EGqNcaS*{n#{xk0u<5!ngisiCx?W1?>wlU_tc6j5t<Qdx3cvawhDu$i|v%{{~
z#BvJ!Wu4rem*-uREIV_R@y3;db+~EZDL6O+#j!PbQPa-iz9<?PO8U~$!WSAbUdsM~
zllsY%z0(R^*p6280Ke}+kf$3V_(}Y-k87GZf^zZ8-{PcVV{^V5uvZptu6r*OQtX!B
zIrk@gf5GAV;s~zs`TA#Fx~Em?`dOf~OygOv#!A%nsaF!x#@DVF=jI2K$$?~FCasRI
zN~$fdRT1|~((wMdfQp}27b=Y>@zg6slSio14)bHkD`BbGDZr()T7%yZt#UT`)Yu$n
zsvjQ27Y#k$;@4U!T4JQ`MclGf)fVZF5u)pj)25F|DyO|5L7ju6#h8DeMpcf;9k}Un
znV^`L`MiRVNf_yEHP8+yE|<+N-M>)v&y&EVYdyT+F40rpb9x8$)4TQR#l6G}dIfvN
zG;E(eXBOs+y}#dsJ$fZa3lkRHdIxTCO^;~h&XDqCLgx*0F_6D<s4j`Q=Cm{1db8UY
zqWif_(37ySJl&;4DGv=C+DnZJes_A}cLXm$Etb~(wGkE$Gfx`+-YCebv$Y<F0as9K
zS`mjqMzq!0owbJbwp{Hd96gbTlUm9ct=rih<v<PR-J>^n=Ua>{XC{CBd&u^IW+s38
zOL9m6uu+%GuqsNdU@Q$Yco|$)Set3SSY=(Mn8RuAh<GvoHwi6~iVlf&l_teJkI`%#
zN6AbtWxphCy|1VWH_OiETaMnI2MKoTmTu7G9WXgJmFIT8uvaJZ8P)D*3bq?-?fKkT
zyg7GqhNq2+4?o_5Y}_UwV60Tr+-hTI)2R~_cBnhN2ZeuaJLy!c;k!c~O&qp-RWpY|
z6_5SCwFp(|MY?X-UjHoXEOvmil{_ANUkmi0+A{3E<W74}mbxHoleoAm&+cuf#+1b-
z)@~R%5UmQe)AOF*9>S{za-(Tk$5@z>0rust_}KPB-CHAVLuNza$DWZyb*CIGMSY*Q
zaO-p6=s@Sq(t)3%9f6WcEBB7Ayvi}FC~do1dxpl@vXfL}NY*CfcNLfVWZSyvU$<qe
zyg189C;5f)Cz2$taPJoSrD~H*<K2zXsMr$YQ7$XbEhB0@9!aPbs#!|f8}i<5`Du8j
zgG8<}o5!(}>r{;!2PNsr?Vf}5jRhx6kKXk4E7cg?G}M($6LfaWn}X4PtSeK4l3cI;
zwZiYwzR5Y(%LVU6&B2S!r?ps6FDFl+igufA`*gvn2G;PkycP}3wpwwvQ{#tz7u8mB
z#+lu+C*lEqm<}B9rs)vtvN2t$zAh&o+fi;~VRb)iU-<DvW*1EkxKp~=MZPdIJ7Lf>
zc%Kxe^L)E+mpC7nVqg2jmu_QSbqT}%1BzEOWaoKw;}N_PHN0hX!W7oeW`>+}j7qex
zfbUnut_akdQId4GHowliG*FSUusVG7a2)2*I}u`BTY@;1O-o1UWWJafuR~6Ix)|dS
zcpWmSVnrq?ZtfO^dTUe;I{Q^u>UeKxK-bzFYjZ!~ITgItf<MKjRhSu_Zf@OIS>xrg
zFSR<^bu=cvw(>}1wv2D!*#+Nlzp$_1AEUXzmj*Pq^M|chba+%Q4o<w%I(<(ur0)1l
z)l!&-SbF$iKL_K(;N@BcIiiAn@SN^UTAwa4FoO~Tm6&vaRnD;3O&|vOvOal+PceE#
zq2m?b;S#yMcL*8U>O+jct8eqFwfGcLa_0sa9YLVdujkVGTgUV+|7H1*ErXzf4*&ZY
zJRWSdddC?<BmNq~UZYRI_x$OQGKQ|F{ArUWf_mny^}__^S*|YKW!Vqcm5zh;QuNb{
z#@yEAcLh4e>hY(hSe#a-hj2}G0ksvJ+VBTN_uZxFLzpyB)dm8ub*G?Fa_J_HP3`!?
zF|H>{%G+2Q8b0oK9p@IH4dp!40eAc)jrY;WMMXWXT)cDHc4;}|C~<T@@zg4@SYNan
z4cz^><F;|f<i}g}7=T?&a<d)jrLEC8UQT~%EJ{kK35z~_Q>8cN3Apx(9Iw$fC9&kk
zEVi)S5S@FVWPw|ukE~D6b;-a12gXeUMl&ThezpbXTF+bb*@Gh7k1Nv5ixr2rt>v#I
ziGGZeSdo;j8M@=*H0wt704iJ0rFPTCMMs8_Fbl8n$uB9zi#Zul_tlM^V-lqGvWT&8
zhpDzx`Fbm*Tr-xBE;a9E){TYwFrMqF(Ow8!fP5IUZ#R0rlVjy<PBbTMS{!K+(U)HR
z++)NR=%gj!Fvhsp%~ts9q|!qOQ?ANc+$*)qDiv)7GfQ}WJbuPI9v_G2mJ+F(ZfM;D
zS@zAVX+;cbXs!b`QOUJUrIxvNx512A^FECQZtPM#jXgPzS3-8PS@U6=@mYm_xgLar
z()KVbsQ08Et*TKUuPiQ-hpN^SBXGGh>TO;#{o8M%E1<dBtvu;0b(-gSTV9qey1Wz$
z#5UYC#1^OPoiH)6?i-p<W@`~bT$bT8vzFqnoi4E|aUJwjl(;a^gf!k?L^_V1+q)O)
zY0ZQpoGwK1M0yih#4B@ZTd!C+w^&MoYZr2GJDi+24=zr!Rn>pSa2L5s8(bp_%-%>k
z<Rq@}!S<4IlHqF|5X+=pQC_Ux{OB##s`Pk_M}3U*Z=gsPAsBQ%(RxX7g7&tvQ0<h0
zrq5hm-#9R3qwE~0N%fxpkiYhrZjHE?y6-ma1<N68ZLu)k?;yQwSC9Pi<9Ab^i_`sv
z&GAc%E{(m_Yee`6b!pcfTG(r{N|sDae2Y>@iD^M^&6bBR?W?{r`pIs*8Bx5tma6V>
zY@uZTDMiUQOFOrx3UU*y@{2ZBbJf1GGCj@wSKhz}=zv%kNisO<vkaHBEkwZOo#Xhb
zpOz^axG4sWiy3qDvHNKTVs5qLx{p<L@BoKdYHIb39i4SqkJZB?ezS`PR%`X00e)Md
zII5Mzo+I+-?P6<Zo!{-mLY&bcx>zl{_x)T)dRHhM^<%5^S8UNf))FVEl|~~rv9i}C
zjwh0PyS_ANe5_e+feul>_Bft~m$dhftIV&ZD&l)~NLOc7)GDTHYN*=b8AsHnh_~;s
zG10k=JC>fV^_8AjaDdwH=p^QJZd!@a#H;bDuT{S$YiGY5)Fvv#M0dO<52R<FbK2+}
zeu+B$T7v(Urujjtl6z~beII8y)gFw$p__weq!LsNFFF+Pt@Oo++%#6PvSYTN&qWz3
zaBPo2MuJ8`tyersqlT-S==3f`OHGE}?kiFU#;b!g^SjIO+OHI=E$Q4+>Eo+-G=_b)
z=G<rH;s@)F)F$r{Rz`=*B`Xk=hpgj!mpw7#08SUf%bSjs0}i?DN7$&fFZR>**GG=M
z@0m_-CBA4;A(V|F9Oge4$4ty3FP5UP9=p>!wH=#j*J|%9JzcA$xNkNvyBB=mH)8C&
zy2zB;rAZ#6@v16kyt-_+rZmT6v%7dY%R*BfJ7zB>>A7a`ztibaag`D{$@wNV`pR5&
z?jEYKbv{1r_(my5vG>J7A|3mrWVNJWyS@<10gvn<NWaZMvYUsC$2cx2PffNsNcgcq
z@|luYtgI+i9I{D0cq&VKs7V(`%j~oJM&`cOzbDfW-+jlDE~_&r_$pASd^q-)NuXbY
z@(i8|Ymi8$Y48kweY};_Dps8TG1Y9_ZLQ<*ql0ar<BPNNw4ik~^Rd{*jZw3D;`ZQ%
zhg9mt9TiQiEN)l@-}lR8$FvuW!RP=vU(cQSkb&uaP)qyD%(Q|3IDr;e8?^9u4GZsd
zCO?pd$xpDj-g4M@BH<`I=I2B5L@hhfR_q&=TlO=Gv}X#~TRHw8(8*6~Q#953@5xjX
zwgQct3lE)S9~3wN?slm2p7!NQQ0|e&{#w%4V^a##&>~DaC21vhr6J3D+CfBezLG8P
zNj{^8N_?h4(R_<iUnhNV4q18{U$`E&4x>K!Ml%OnQEe+FT1DtjY*-U$k<5YZgeW$b
z7dB^xR&0#C_pi2hPamXrPuc52RgYq@dyO!B84>k-Y2+(wM8RiI&<iUtGrpX-%Szd!
zIl*f0d;52PVb#9Wj}1eU>%D*sppnHrN&mtr-1s$K%JbKcl_=q-+ug6T&Y&-jk$qD-
z=jokuEN;y(7pAv&I_z>==W(S<5*N%DV+X@tqzs#&uH9mAJ_tB3_@HlI(z;!t)!wnQ
zk$U<EdW=)OjK7Bc_PU-frKh$+MSE-MymQARA7wnQ`6PHA)4Rr|@^hIOm7=n9Udt8-
zeTJ_3L}!s1(Z?EtAkRMOP70iJphrpSXye!O0jQ$;SH=wpg4GeRx!6GxUtevZ8!`kA
z*7JOU)X?V+9#Tgh*757Ps>!{pv7?(gQ~dA0#oDY_ABP<ooDzJ;3xI}yr?S>KK_S8R
z8XGd@hpV4e3m76F0}5*?4{I3@YcXf^sAi<B;-I)ksOx$|0^XY0_g4l;7e>zKYzR-3
zWGd0ZNMu*re?kFc_uzGUAblB!%T3l3!h6p>^BU*S+L8}EL?l+-3Ofg@)D`#t@q%-*
zfW@qxG0V6&E~a@cRs#DwtY}6|8p8Bo?(-4sSK&-71HJ+cSx~WrVv1PoUaa~@bS9<i
zj@L_XOA?$yEm4IMmsN@uLlXC!TIBJN-o9+oN3_Pes<vMWNBhIqE*iRdX$#vwGxiOi
z^q+tFpATH01dI&e1aJWa0D=GsfFwW)AOnyEC;*fI$^bQhIzSJg4=@9`0NeltfI>hK
zzyV+mumD&Aya3(+UqBEb7!U>s2Sfp~0hxeAKsq2A5DzE;lmRLLm4GThIiMC$4`>Fo
z0lEO)fF8gAU<@z;m;<6>_?*jT&@*(gur_8eHZe7Dv36$o9BTg8CicI+``2#v=MW^&
z-=-db?vOjB;Xe6B1OmeO{P#chzduK%KDWR1ENo5f=>KfpW~)LfEB!$C84rvDnrG!U
z_uqz66h!(Sz$Bh*YaT%?A?_c<FDQ;Gf@&-ej6*4I&U__QZ`jX%0t8YR1_v(k0aXwd
z1}8G~?fsQ-=4$fAuli$|`!Tz5cBcI`=hr^ZEPn|d*fg%*?#{_2HJlER03|Azz)J?Q
zfh4LHZOkskNZ7XUre@kC%Ai#OO7m0rydYNUs7QmLFRRuB1{t}PEP_70-Zv3G8Xby*
za?%DAcWOaj!!Ao$t+c5@`_-RdEtrFeP(Q-!D|o_%N#~=GB#>7Z%Eo~PF+>2*xKpSh
zBF<w)-b5j}WBX*1Y(Eqg1d~wnNu?BSS&@ac)8jbG9ZhNFu-WKJ)Mb+E>Kl<o7gg8S
zRyBWUPDjO)iIPwk76e;sFkkA4JM$N41wgcgxA8!IgYlR0FR5|VcZ$Oli9?wqO(aB3
zHo%B7@W?xIqz==d49U{1Isxye&F&#HF2NbqHSFNxB&gw$6$Ky1GFRjS9;Sv1o)j{`
zv*b$`2pOlW=Yf*Z6yz^Xo!EB7>Pwa0>D;Gfl@R1tNkZ@22M7B6;NFobV~8jZTMB3U
z2EyN|<SO&VnKfL3|32BZe_sd4Om@faSLb|@BnY$=r4K@CFJ$;cIams1Ef5wpv=sGl
zqJf7`JvFRSJnL9I!1)_R^4ZcEI7?g>Hn5-p)r~0YF&$;GNFFkeK5P1pi2ptZXc^E#
z%45F7iSYI@qdqezxKWuqFRH5AJ48S~xo5Gvjw2Uiwy10aX$F?|af)5<ka8n&c9~!i
zq6MrMWJu;060RU%C#-%&(YsmL#coGhfoOgaXl@`p_(UR|7_yRbWK3=1bl^oq7xjXK
zU-04=iA03)@1zRk5=9aTRDn{aL4B}`h+HXEg2R~;^+{jDsS|}K^n|GhCBwD3RAJ=J
zQ0mANM<1>V62|cr^{M;1j`RTnxDe`;VJKkekC$V!VS^x(x<g2T!4Ojcu!+?Ch4=f2
z=5g#tHNb&jllee`h|pG?;NMKKiAFPq%4tzu(GfwAJMyv{F}BOEV7Zsj*qb5EGpGXv
z*dZ+Yktkuku>F&G6@Yma(qWIs@+plW;O5MQCmx0Bq3~I2@5&qF4AO)lE6U*Ajeb!W
z{(g&8T?vfGR%U{>0>Oq9J_1E5fw^kx6^{GR0ej9BiTel)8)w-08j;7fJ&lND`a${)
zR=97Q2sTAhFfP>5;u~hWQ-DFhPQWx!h$3IBu)euIslG8;j6LO|Hys(|wM)qk_o96f
z`5K9dW3AAHy4L4ueJ^7sj5cz-#j%RZ8Rd8JZ{JIg6?03}RE|mRnI!d4(lQpr+NdQ7
zxEN%QjgsyeCwMe9V9rNVi8G7>OiGhP8`XWZ(Ie69re#BAdC?3jX7kH?UQ#6pxV>vL
zUm5Q8$Xl|!o+I@9_mg9AZe{NaeOToqVx1q+u#(ryF*7%0JS%^ZdHs4tMvd#Xg?!nj
zQ|V+O8$V`MvSYA0x&RlF8<RtgJ~J!(o>$wI39_j2(x_9c2xyy~MkPMko70BEqD>Sa
z298*dA%IVD;f6CsW7aycjD-TTl|nJ%m$gekAn|Ty<B?!~LWvDk&aOJIJ|}02cXxat
zB!$ILJiOs-SREHYgmfZ8#b8YHoh<wf(%ptAJFr(rrXZ+5ivbb{E=_^22r?WSTE@P8
zIZhryvIo=7uB{8JMV_?g?_o@`15k?l=|+6si=3=<^X11?Z#*~@Od@T9M1jY3-1!Hx
zK8p{lRv;HO5QXdE&`tmBFLzT!Fs${WB<cvY2z*Y(1xRnH%GwZ%&C0DqVw;}>%e*Q~
zEX=8fBDLn-9%4T&4!WaKew=l0Sc>F38Q0VI+ADXuRZY-Pd^k3E#V%p)?`8JJ#$vi&
zbmRHe+RV+9ZEN4}y-~{{yt`Wt!Cp3u&e4p&&UGgqCDb48TW@SW4wuGwJTSyv{8UQP
z%i2aXZ?hU*jUj+b874!0%Xw=X?VBIw)DlZ_^ch-w9RQT?AGv(}GHCfAia(Fz_u!Oh
zBy4Kr-`J=B<ZpC%*p;tEu^PmF*zs8TVgLPOeArso%Kl>a*}}Cdcxiga<5kBK<RHau
za%GeA;7!nkWSaM6G!oP_25x1OzBl{#{{eeIgumtDr{#fVr7DloTjt;|QQtivnb?+Z
zsy(Z5bK<0-QR;X@jq92Z-wroMK6&Nz)Or@4ze}qXe?-19E{6Hj`TX(ixWR`{eEdmj
zuyvHtmJHv+x>y58BXkq~px5DzyBQ5(4mq4fV%w@zAIFB})lE-!p!D9-!ZJp+_Z0sy
z<GpZC`LWIceVN|#)nVjD&w$z)PwKKYw%;Y~XUjGSaznCSO(>FH=b}~S+^_$zP{T3x
zw_$XATHiHAhSRbFcx71YGC@#gzx1J?RL%FXbFILr&t2zDhIQX11!{JVCuWYtvg+{_
z-fFIX{<a;hc$Uq5jCV@H8SC9cR~APU_f-k^L5}z5$G+`)OnozVB$9P><^-4j?1x&}
z-TZA^ViH$ro=vRl{mQ!2a<N!|{Y~~TwWV*9#!3$Bww1PvKJ#GszF%!41l64jmcAK1
z-O|nefir6!i#F^U`nNH)<^5JCTUIK}9_IUMZjNg|zHP$%fOX}C)+<RP>TbWsB#snP
zZ%}7Bb{}_cK6Ke0RnfFogCuE<+4?#xr{dU+Q^fc0qPtbv2jBO0Jq^ZOTwmN!bD-~>
z#9DjAxwEkTzKQ>ln-+!*Nj?dCnFfkGM||oc^GJT_MzaSjUhefhoYnoeDyxPWmJQmv
zO^WUnK?0)?K^e17=Ah`lbvMu}STI|0AS6O<RJJZCc*_Gq8FR}6@wL+<#iFYDy`J$G
zBO9JR(CBs!U(SP5hb-M!<CE^}DeJEfU$dCxk>Rn1Hdgi}{f5h{Cs&3w_xoNN?7@{i
zaJlic*8V|3%&+4cuDx7q3zt>748<LN3te-0720%r-NSw5A5QGC`*33a;lk@LvK&(L
z_D3Dy4*Z;wS3cldH_mj~^tRrnOVMhS1}$3j`TkD9H^zfbwR%N-?dVMRA$Wpw0`pS5
zt>0oojGZ@9kNx=uTQb+!u;0hI!{S!xypow;LN%!tbN)WqX`s28Blx8#_m?8w9P`tQ
zwhv%2VYP;?7G7N;J81=`cVfIMule|STYGt1ZlhgjH>MS8XE*3(XXVjdhwqInU0`8+
zjLlNb#^>GZ@)l;dcuw$hzgimqa@Npz2u*tykb6(sAUv1bBeg9#@>Tr2y?aT^daZTl
z&(;$nkLpJTR$khu5hkqoSTv)G<X)r8pnOi}bj3psk1uM+ZnC}pQ(Mp7$1lSBM+?nr
z#qX)%M~e^sa5fAxcftD5bhXfQ_)Kf=TJyN}jKbLZqS*9xnD#XFDuc?K>UGAn`G@8x
z&fmH`q4jQXvm<$L<CjQHDm@S5XOxkBl4XLe-r4AGu3NiWeCs(U!nWP(7qi!;LoYZ<
z=N1nfeIBx6YkAI69kS1(Iay2-ysWWxZLT{ykp9Mf$L5~$<_pA&2i&#?Hf#?}8d1D%
z-4Mn4F^f_p84kqQzsbmq@pBvBm^p6|O7w~J?nI8W)>v%)@uJpt@{x#h*LI9Y`>tAb
zZ!5ZgE?%_$y6xWVGp(h^U#oEMI6eQSnYHrb)$KVqtDH}s*|yM<yN-Ch$%OLSjrcX$
z>g&7K3!8SPemk%KVwfpZ9g5#J+Hk0ybVuXLi^>jR*GTkzh4ERc=c89kWLrm82}b&i
z`k1+c%o8xh^z@fTr?mFo=QZY!%71HlV}0;ZWPx39Uu2VY-?_lFl21v;<g2yrzU+)y
zZ<e(B(b10ZPghIm8%*)N6`}&s$$d`jv9RI`9=+!u3PhgGFUlNJ!`~l%9JywUZ*+d&
zjE6QZtL1GLzYd2k`b;fLYc%Lr+kn<eOSQ@!kN89Hh~jkosb^oDHq+KPQxg^r<up5<
zwGO*Kac8d8*T<Q?s>fwtS#2AlbK3J-jF#@G5-z)&RyC%fe-;0Zd9$R;Nfh40YX~B~
zsx~yZYQC$>eAmEeTSR@dO5yxa7hOrx%R!R@+h;YLOug8}<^$$)hjx5!yZ<V#@#>PY
zKYmxNh>(vo7w8QRgq7vy2uzZTY8U!(&u43Qx$hF7gZxKp=RjTV{-RE&i$T5BLW{Ej
zAEW;`(UNIG{utQxrN-`do#VH<pT3!2-gMx`CZFf8YN~@G+J>5WrEk~QxDh;?9Q?y=
z7eA?KZIe{_rWLYgMamQ#wZqXvsdH-R!8P<fL)TAIV%O)`Gm@%n7QmqZa~d}2ee$|H
zF}&cCv(46p`PtbWUD+MH_T-oDPd{aMG)=Cq3pcD%S4fI%EY*lTo3(7i^RBsibj;VX
zy_*v3@ew!ZV{;^>x(WBu$>oA>VaeMlGBZXPUNt0Q2K1h}@IvkNs*%rGIX&#sd7FOq
z?wOcrj2i{R+Yh{cfDtZ%{<`KV-xE<JoG&gA7ld1dW8t{CIGhkC#z}E9TncU-ZUZhI
zw*|Kqw+)w#%faRTA8!s2^bb%=0|XQR000O8@OH#f1&|TC4UPZ+AhG}e8vp<Ra%F6I
zFJ)qBZZC3dcwb?2b7gH}Y-KKDWnpcUS6OTu*Lvn?M&c2rp@te-@*X-vJF#iTv`H`W
z5|0*|j-5rZ>?}76H6lmSSVPWaW++=ua-*zvy87Pswiuv5QWOD-J`}+P+K2X`d1#+&
z6zIF*_X2t8d%yq8kfLPYi(3KW%=yoM{_`*2zs!|4Zk$Xce!F|7I{n&oaO+$mF%~8g
z!uY6X->n<IZ?=|fbD-&r(AqO?)9_8HZL~~r-ET`)d)XQG%q7FC+s=xJ|6$_u10yiU
zmcUwfI)U2>>P^dI%a(1@N$Iv@wFjH#QfFnrSxeIa+NyT~%l1>QXSIX6YXqw)&Qhm4
z2K~UZT&d+WO|faN51F2Av{wcSh4dZEZZ-_B$xrxf$uwGZ+gg(Ofv&=Xrsp|crs0{;
zt52mN%csZSvSGuj!0VXF)*1+PcVDM%!0>wD)So(au;I8Hb;EUOVKxHCvrL~jBbE_=
z!w*cZg+B@|+iDnr<+T0Cr8q_wNw(EqV_iw3M&Ptagl+kONX{Z&a>y`<OIF+PHlzlu
zPeLkJ*@xU96*(IoTS>-;2kFNjay@g|x;xy{RPoF^o&_^#LEheFwHtP)X*TQqDoV7K
zY~Zb92P1tuqvl=CPTc-jcY%0xY||fhJ;&wu4zHL&eciA-=6K84STgJV#|DbU)S9{B
znXYX#%w5|VVo}NXc_7l3<HB05L!-cK2NbR4WfO5DW0!`O9j|2ssV&}pp4oEN&APwQ
zBLCJMuNR|@6oMVoha$E#=jkzw^_?QeO>AMHWvumtrnyslr$%B&)_t!r+-W!A_qN$&
zU8d}Ic-J`+CEBIP#<8P)*u%PDPQozLXso7V?8Pu1kDq;5OoBwGCp&I4;xugQ9-<nv
zvX&Vb*fFxmNiV23KyBB%#EG_3Z#qFeN~az<c4%OFt#tGX1V*S?G25m`7e(Uy2C^)e
zjF|dKejO&H8%En{13`A3@_v_j7eOS*^>glfCbhomIBS0H*?XMobG({f;49q-w2>fz
z<Jc+Jxnp|%s%hJMdePabT+%_#Zn);)9jjeFC3V`?-SMaG7y|N;0V9o7IEbUvL@KyO
zyBTRXxa`<XTL$DU?tdcUdOwJyh_2OC?if};H`b9R4b%5CJ;Hh`VjF67d=!8os+%2u
zjD(;_tUFQerI$LE9UubH_J~I=@%U9~6dGhxjDA09Mp_Tsj?v_#p@=yJe|0>Q5R>kD
z#Ptc0L(yaZj=%yDb%FvHvY&$)`u3RCTZXsd^G)VC4u|3htl?B7LNb1*ob$|;j%}c#
znGp=6JBHWZ6-#J3D4lJB;9b;@Juwv$cI@PyQUO(#%EGd>!qrIkt#LfHwcHg`w+kHa
z0i(w_(I>(+JmeWq)`_P%>4rU9uRBEV>+0IACw*!TaSng9E0ge>G?sjF%mLpu8`iP~
zxD$DYRE5`|C31EY<TTY<>IqTn8}g~W2E*%yXHnVmhfpOD7KwI8c^s%&7`~lEX=s7<
zxo$a$(<*i?5EmJ)MHRZSYBtt5Tzl26zT9ayc*8jGdw27HfP^}4b$8LPB>EZT_#37+
zMeaa`qxL91Ohtk8&<44+yPp<RN13tV%eG-}+%rd`))1FlB$vC}Xf`PWZ=-DUc0_fZ
zZcH2NhGp|gPh_cOxYP&RO-4#kiAcuB#z;h8Q&i(iNJ^bhjan|^xEi&K$g7Ua%^Z*S
zeGFBRR{k(SColnrL6bxbEus2)E1BqYUlC$7QJ}8*BYlEpjxyduz?qFa9Su+2tJ1N4
z@j8hbM|c@WG4qTD%DdkkIauJq2jIaFWVQD0gj&4^ssYEB$R*jhGi_@i^0w7PcW??;
zQLVT%%79TYkwP4b`};51i9dx~$T^}RXmS}!BIG;iWARNls;^e37pe=%7}&!uI+)Q0
z)RiVK<;A@_!aA<mmO8=mIni|8akCA_!2EizCl6T8V8eEN6O$n9_M;^9V<`Zife9(o
z?TftuB~27`l%{jXM}-~fTZ(vRJh3r3lZy1*+v{*oiJIKDwIwtAEc$3a5%X9KAQrtj
z?r_|b99Jch)yB4M*E{ZtXEe<$-`zo+=(Smx+du`6M#R)s_Z^8E67NKNpCuydk$awT
zW3)5Y(<)l0yXr<uWvh{P`MZY2>m5yCywmnf-?7)X2B0DM2i_cs=1M+#k5S?5TOTX_
z?jW2vQ=}PYqvdq`VySqbxC3e@P8ID&{=?FVlh{2}d`9A9XNzNOt6JGc$2Ya&GfD_J
z`|mte{6nhfHbwRq`)8CBmF+fk#|b`W>>N%GK6|%2si@nwqxdV^Xqb2o7k|e<2u=Ex
z+&)`w+uU934$vpc+q7r&RY~1)VvFPSHmTdk^KDX(7k~e!8}8~dpZxzYmx@ZU>BJ#8
z1wwfz;Z#2%I+6yGn(-G7eMa}*q$Pw-TtWfdI&zY$lt?6IQNR<4v-n0&D2eFrJAAMI
zC!W^?B~%8+pU(-ow4T$|ye?M4TvAEsVpgw+VJWF7imp_}fpRrl*7RCJ)t87|%ISGA
z)RRg{&#IX$-g3H<Q*f-B9RQ!A>i;E%^Td}G!$nE?-@<>3Pr$3^H4^MfC3&LoA0Sm!
zJ*z=jCZDN<n;^gU-9L%BCo`f#%FyYDNo5|gp#%iyxB?Gj1-?%zi-pr-YMcuQe@rTF
zp(>`bLJ60Q>#CsZwUVk2Xqi0e^AjDb=_*Nml+0~LQt4fJ7(SAe;=ixvf1``EudCTr
zsS`d<D&Jeu)DPlC@rOx0cdKLy^D|;XE&QNDb@9^I!eYEk?NuHsGh$A=l2dD`JvBVF
z+IUU9k`rsGy)`ZTIjQ_8xVNP+VQZ?eX?4wG3NHS)Sl@@Y^SYMT)vcX>0e`+Cd>=ku
z6NMkc&8wpDQ|RLNQMicT$05rMjHmV~!q1}!l_-U5JgNLtlC$CkQO-{4sROc-Iw+3|
zOwlFCRFlf1DLEsamsK&xb(dAHe1a>Ut4TW*XIavmWxyyt8CO(+jq6WD{-Q$OHBn$$
z+)B?~A=?FQ4wVEpF{bBAx>nJ}d{wQ@<K~H^@)!UK*(6jb$onYxAn#5pKa<b%@OeID
zdy)zxJNVvS3aGpr5j`hQO4E|4>8XRNuEENE$sEhjISJ=z4PX5;1ymBnOY$CpO;+T+
zl0FbEc7sh|dkB5mGBEc*PlRm0q!)inrX*m>UL}{fqNp_zbq(u%&=dY;`$KjBCLPfQ
zc3^Z-&q$f9F5aY6DOYrDPS>F3LFhalJygn^InbWNB1?AA0x89Ik#fUDNhM-dMAEQB
zgh8HOYBjGCf<YoD;pKT8nK&vRgn7_#5gHvV$hk`D0MdkM$po9EhXTt0BMK}n_Vj2f
z{1<WN*xr(Sh|q9|qag=0JSVW{x?*#>r0H|;e_6jN4(hVDD6m5z%Tqj`57}WDe+tHH
zqq<I4l_g!va`SQL5lNBHQ6jPzaP7X5e1z^ff_o0idE9kaV0m3qAD~Q-iZ4nzd6tTR
zL>WI=l3xT+4)gp6t(@UChaHu4xyC6}Du@f$AHfx*(F-9v293%%_+r{E>0(n?5d;JT
zCkqq@Qj&ar9E<(rh&cdcE@VZl4=9^TwNhJDt14Vxb5*r^Q&o99apI+}?@xgB;CJ$|
zs19l8<YU^jR-Of=TuPm-$j4@9%1U;ooRjn>&Y?=eozV6sM3r$LKr)xP8M2eG<T$C&
zgbK}&odRQy)&p7`o^rCp4n-UpFqGk-6Uw4;rKHtTXKUG-Sk(qlU%87b*gRE`k0J?O
z#O<i^J@}Ba<yyWbK9#hmdD0$(F@)km$j-oR7vag{6}eajY$2jJTGDwaDWy>HLUtB#
zd0r_gS90ZAN~?)_hQjbb$>}Kq`njaeG#yze@fxXRA1F%5ruq+6x`*@>1@k<^2}NKp
zh3o<pxSSK%iHclOaeHYrhn6G7{!p`eO2>hV+#`e;NWRoBS>KXOj4#KMPloI=Bu_)~
zsnJp{1A%#xR@(#<`VtU`gd+z|Q&^|uGpK!MqS{B%Ey-up3#xo(Qhy?sQ+wsp0xK8f
z3P6qoDM8N)Sxe_<SdJYA@J@FLvoYZeWD_{ghHMV1RH4<mZZ)pr(jz5#ni6B0C*Ty4
z<D$T(cuHL1#riVsUgl|Y9vl}0c3!VNq}rB&h#HJ|p&-93KDi`c64-@q^}QJHU&R$K
z7Gzy~BCtz*=VctCuwTXnq?isST2DhCTF->+6)1WYKAY`E0nxvPi;hmob8t|#+Z?LY
z9DY>DQ&)7L?HW)iJ>A{db&j_=8~{FZ(4h)>bk~)Ty^6c819~;8A-w{EQG>k()sG#Q
zuZpSHO7eB`!gcP2tMI}r0=uf$zDEJSCa_mf$pv-|xlyhCC@xfMKP}+LT@a~mp@39o
z5tPCC;y>b=>mhrcZhkdnZ{X(F=LPoK=={7c&QW8XRmt3PmijDVdLE-oKcvZ{Z*rQ%
zoA3=Dp#{=yf$R1<bc4v(dHfc5FT25e871`1s08(@&aJ+bM`7R;0(cg!^DQY?{0F)h
zw?_@(ZOlKnrsOvefH%7VcymVp-axuPD**5C0K9<%2*5l7Fi$w4mp37p{BZ;75(*Yz
z6s=LA-X;G4!M7^%JKAUh)6pY{`UO-hOv!ISjd#0hybCoh$!`nnExZ%b-sWxdol$go
zl|mY__h9RBK2y~mi+qXc<b4o}y*|B?;Kr&10ZHUJ{sHB9#1OI%kx?%pecpu<q~b3^
zR)>nWpyGS!hnOc&?gL%?DrAc|c7iH*fMW(mR)U6D`#CD@H`R#xm=C3M)tfb@fU?x3
zREUxRr4iM9w7!rvc`WOQCE8&iW`dBJxTQqOeFg1t>oV3Sbuqv?WGgW36!m*rtYT3n
z%+SKZq7qvQAZT+G+}k*Nx*&fD`BK!LALQJStwrPyK&GB2J}4nu?TGk3&CD9j$WoaG
zq<rN;2`+1)uNX=xLBW4glX%L%k3$sP4<M1AAL2rK)?pVt7em&DCqF=b7&2ykKECim
zDN0qX#>Szx!z1Q$H<+X*Xdl6pGsop6F?E2iJ+%CfNGZ|?Aoejt{hh#;^cqv6su=L(
z;X^j-plAI+UZ`mN^g00k_XW8b4gN&A1CD<!$PF@|`>Rq09dpQIXxhL&DUa5;PEQls
z(Q`RucVSE&EGy|vodSYUtc*6^<ehv2c;LS@k5zb+zDJ)jz~&rGRe31@@#8r9#PA8Y
z&qjkNEy#u}DM`yu<9a|S`6c+ym1Ktsg2M~KDhh%nuvO0b8T|7%oN*J3QzY=F#&<r4
z?Vs^Au!P+E0{iFtrh_lBzQ6|vOcJwnb#oz8p-Cds<S742S}eYPNwx)MK?V&NU*pKd
zlH4X;+FY00&}B_vxA~3VkS+pSi>HhG{DL`-C$UVTx!4DYU`=2)O`;P2&@1Z!6(v6F
z(wO(HR4RT~kXu1&ndUY{{@YD~wWz#o0(oudLAmO{H}nLi{|LcZK^lM5?Sg-dt1lJg
z0ChfYT7Lq{%Tsa(HKr5Qn3CL~M%;lNmh7c&%f7%oz$zPcJ0GvRqSt``b|8fATMyZv
z;=VQ1h&!X0G&T77W0Lgo<YH=Bz6)s^kakaCcOhZ|nEf+k*X2t@*#Kn{ls_km!0z#C
z4DB9beYhZh3RE8bAD)#2s9%Aq7vxV+V5#<f9I{{2r@|-LAyj^fbM*XW$o>KfwV}{w
z6?qf2pN6eXT`Qvt4C(S00{c8<e@QF=@E7OgFV$&vc412XeD*y4bEAukGqZ|B=_#r+
zvk8r=CDIjx?!rw3WJRGNXaFP9e8_%-T0M;qWa<Y}G%q6a9^^_P`zw52P!Zz8HHb*6
zFQC(x75Q^D8URtz{u*kym;=5p$oIw6M^o}Q>UsITnwwD*7>(|07c}`kBI3#4rhNHZ
zfqhf@KL7v#|Nn$pcVHCN*5Ao2<~n5JY-TZlf}^wOh2`q#u1W~VCD~;#QX+{35eOJS
zutmjQ!1s6>^m~fsJslfZp3h#fH|$-pJ$sA2WAFI=&b>295Wn~Rk<6WQ&OP_^bMCBt
zl3VZEC)G;p5PPY$&|Ye=lj`hFcO?G21~=sox0m|XVFv5W+b5gW;RahOt-+>iu#=@V
zh@PiJ?3{`k>j=kS|5Il#Ge_E|m|laKavMy?5A0Kj|0%U?;Qx2)F#A;NQ2R84{oRp4
z*{|@+A?xp(GGqhXh((h;)?lzxrB8fMt4ak}MeN*4hq;b)%BG?p*iC;P1AWS1%W#TW
zZ^oyb4lT~Gj<nA-*y)N8|26@e^ELM~@VY7SKNAb3z*!Ny016xx80;T;`=6$DnCv3>
zKdU@XnrZ1~rHlO+RyxgEib6SE@UeTaD`zW2;6-eCWr{UQ)0Jscy6K3mAgQHwj4Mqa
zu#5r)tRyQS`9+l;D=)XtHN7raDJ`>Lb1^oI%iEFJrCu+=E0<}v({ZppVwYmeki2~k
z&_h3`Q#zeg#Qp`S%-d(1T{S6)d^RBCO@o~SdU{4+OV4w0Bt6fI*kw?44t#Zfb>K)d
zmk1uR&3uyfPo%s+OPTE<_5K^F<2j^LITy0cA@{#4owos^*DYX+oU-NR0Fqs@uFRRz
z&t<^;3a#LBD3~U2X8`@K)W8d4{Vs_0xDXh6F2^={u87!G&}$L&x~K{UgV!ox{KYux
z>a-`Ok^t$D`L6OOpx2N9X?l&=wfc-p*0t<)+OikNCtnN*opcH4>3M0yuE&Wdcn14d
zcbr7*26(N$R}|b>={R)whMuW8I}y97(pyZ*hb*V)e9*0|^rUijO07wr%i@zS1B6ce
zcf@YSiGM+uUS8dS)F?@}RhsP)y9I}aI7OPpaxr8>px>>r)$zI|v@9y6Z__|Hp<D{t
zR)E|dli`(vtfa{9P|nH9cC7CN>+z%<z1)SDo%8k$X=`F&Uq=~t9qPtJ`wDB2eXYT+
z$fRWvWOswCDX?!Qf}24w$iC7VY+qxrD>K<l5uT0MJ(^@Ck*oyCVEZbNU2U+dBy3Xh
zaa^CkeyPJ?SIbsYmfAbpV7PlL$vpR}a?tFI^Zd{{DKt?=;Of7D>nd`!Hhv#Zj72b9
zBa5!g_F{J}QoE)DR=rM|t(i0g%4LcXyHCq=E6H=K68RR$biKi@m#yo{bHi}^M$?)I
z=M8mbg-_cvrA(`|Iw8RQs00SPu^UKv`+#PBJF&i9vAzwgZ!*|T6o0*CTM4@~!O=Iv
zg!H_{S(X~-xuLZ*Y$auDLU){JhStE)kJy8i4#c|^q7&(D3F*mUdOgyI6zS~{g-Gv+
z*uw~;Qy}P_)g4|ELyvUFP>G^p7$kqRCphxm!SPrUL&b7y$c6**cua;@0kT#__JoR|
zoC=#K!Fm^H|BwonyI_I440cx%VNU@&0TGtB?}lCRKWk0QWMv7cr?u&xAk#geOm{a-
z_n^V<4($8W^=bQl#qk~>?laguu{%pD2%ph=AEmvIstCImWUCBzFL|`x2NBHv6wJOV
z)85&P0=_z(61(?A5A1Va5-j)YI00+&=(C#j<HY)LCDvnL|A4_Bh*_r-)(=uN15hHs
za{xR<QAd18^XEu&@OW79cm$d}Vz7r1SzA+N>4<t>MbslPpVoxWqfn5X`B>ujQ~$*8
zFDSo14uOgEiHN;O&nF}HANc<?l#!>Z0+bQe;HVM21bGJ6*{jjPSNHDVtEq#phL8j8
zXS(dC4fZsNla2L!35=d`Rs`b$h_Niph5mYiysQLSjT1<KXCw9s1UMc0o?BOdSG8eZ
zB*VU_jPe2u`@F%P|Kou#Bzm6_=GHszHFeyJ;77;(Ct|PTxHGZqB{~kZ%tu4dsnOyM
zoH%i~{jzBdQcd?wYPtq{Id0f*RXQDc`&HA*>P|&r5V5yWpNH1jufR@kXglTYH(YC=
z(?*TYC%L{RD=2x;8{bj#yaFP#Yqb5k!Cob9A=}39X4!>Cny<581IsrPmT&$SmhUQ-
zuYt(yGT7@i0fO`mNJa|333l{+D`M|K@qb8zy<NRb%0jF3+oiiunoA<~J`|l4*j;4m
zE@kTXVCr`a_D;k;K$o99+J4tyT@m{bgv|zfH*dcWBN^;Hio=DjY%RzoW*=#Pwaj4e
zCv~HOnp)t>=U~c@5V>+879S@q(JcbIEg+wu0jfzVWHoNN<SLM^7ezOw`E(tcc2|LP
zUs{6oXJEQho&6;Y_N6jdTJ@FBE1gw={RL_Dh0^L1X!U`?K2S+V9{!@zS)I2(ry&bR
ztyV681HL2&<n7PQuE743O3SC%KHvV(T3~-<un!$CRnCTNI~5gck`h=VSOHAGQj(!j
zn3+<<zD9iPI@<o&U?0W%ifZ3C>+IVe`@UUg-*>dnU?0bub}&1eWyHP*jrxyi5Gg<-
zLxGAHOb^d~;;cxi%sV?Qg~jz!;Rh8bpGNG*rnJF6gPt@=d=4|v^9vY^BIQfilit@v
z>?cIbIpF(MRfp8|6x{(8U1D@9V2UWAfJN+QNIFH07gXXA4AA8lG~X?fqW){z5thR;
zPT4xwbXBK5FU*#GSFg_xi{0xB!W`C^02P<tREz&j&CW5ewRmZvw58&T_utc={e#T;
z6f5aMMh(v#{ukNd_Sa@to&BxZ*ZzjJW=tf}H!kwy>rSsZ;s#{e4AHfts;&r8UO^!W
zE;%1#2^tPJ(}5_+w6b!kpn3^0PlNeZ)U87{0y8U$kQj=b_=b)eX@6%1I$^(~gk7N$
zw!!oY$}KBGKP>#wExeC%%eUBKQjU|m*SKZ3!YvnFGwC&%)=YcEH=v+d=BQ$~A~e@y
zRjF8g2MdrVzmGVB2QNa;_<^QUHw`OBd_$OUx4iwMX$@9G2O6CHGiZLK2Irx6{1kBu
z`z`_OXEn`cX=}*pFj-v+3-pD<cVBM*j`5yaAg=<$J&-||+j$inZ%FHMkitFO2I-!}
zK$TEl4N3<O82?0yn5>CSn(0QMoGPs=<1-w*?p0^6g-O@;Za-_O{j9B(UG^{NK))L7
z7b@L61CEuW?cWUcYs71C$~0ncsuDEPRoxR{>Yl%8{w{Oa-gsS$qsUgjLoGx-PenWn
z-LLfwZj2CVvs!v%O}`lNetr8OigdF;{o(y^$aG5AtVw$JgS<1A3sc{Y{PTtBUx>e2
z&$_XY7iPh_i5d-wx-mBPqX?#8s>Mr<8ea=x1E$wP$m-GATm-Tbvp*`)%sSD>9Em?=
zhCuXz2}B?2z@nl{K;{Z923<M$0Al!u_i4#RHLEVFqm<3bA_K`H+@t_6(wJjNgQtrk
zWvVML?}PJU8@@rrH-SxVb_`xw6fDNF_-Ylh(cKdY-;|OlWIOdh1_3h9gGvz}j2n6z
zm~0sF&A{(gEUjuu(__RYLe61%(U+!aYcLM&s~P|pc)-k}5TcjO@iLp#D?&YZWedFT
zlNVJK%OM+MjuzDhui8=ArZOth<PKQXt<VTtR)BN0q|B}<))z$$&4OYhYmk5}8=?A-
z78!#(^ew~S8Kkc&O1G<Pg-<@RZbRWJ_$Ks$y^e>yYMdaY67bFt^7xd19J=P9;9Wpx
z12LdbUl0S-N&Rrr#s=@_ctJU2D5DV{GRb4@2H&{K3n<IzQVO?iiEwHkE^1N1M1Qld
z=&vi7=#L7<YvaqZpN%h(d@E$#CU~iF;F$iD#C$-+c~imQ10y~ZvfK+tZ(@6Gl+9%~
zWMk9ibcJ8eQbZ1m@82P7P;ui!fIMA6yQ6y;HKRJQDZ+42Jdub&RN$m4aIjAD6{OMa
z^itaM!zmU}QgChMn}QxUSQ2ay*ilpsj<|qet6=%fmJ81ex^PQR%H?q36)LJylI&sK
z=S%cezI6vQ-5L&`gL7~TvmS)`wn2i-?aB3Woa+G#yp+K`9jcp0d|Mp#Fl?|zRp4ck
z8Ix~^;bvZvi`!K?YnF>4Y0sJ;h#{C7#1NVqgb&B%3{JJa(}M_wN+;;K)bk>mlr)ns
z1;BbTj=hkL)4``qkVEj%XvT-ow+y~Lj;`${40{o78Sxz;?PG|Zt!$6N0>Y-t*5f|)
zobf30J0gCE>alUWo`c0U(2YlY1U5bq7<{Ph(MJKj@ktj=r;!?My4+ZBRTZk!0XB>R
zY&Zfe9|u^T0&LhiT_{cEZX^vJ^q+B!WIK0b;qi#qD}s8IRSv`FiR(xq;%+De1<Un4
z-B2Pkp9-^o+7Cym92$;I)DPp)9>nVrj#h*M%1}IQ9r2x@{nOBXn|QQGsSa6_n^fL0
z$rP!@riL`8JM^2nLtheEn<fj{F0Nb7xil66p$9aurFa>ulOlkg+a^h|E$P{;$8-rf
zpMj1!lC?p}8h`?6KvA$Q7?9Z8MZ6JWuZGwKssZW(6!8**F)xaA6$#k{^>HDq#*{L$
zie|!e$R=vbk5iT(7hAqaaY5ad@-{?W7*Qv-hlo2QBJMyUdP&}r>XX!r&d103N=dps
z=;D0c0c=Rn9V5Oo35q})fv%`NBk5MyL}MEL*JBz+Z@x>VZVt4bkc|8}Bn-?rQ4awV
z(Xx-$ws%!Mr!G5*vZuot*9MnA3)`h(y<%uRhhjSt`A`?}$&lfB$S|^+CYmgEPevJN
zrg9asX1!$l)`>CDc}%a#L5!icIR=x1s7L1<W$=2kwe=z-+!YedCzoeY#|ro}RV~|<
z8YK-lQ&40U<i$?(F;az13pVVR7o&0C;-i$6MgvIm!%m>4=NJe=R+ABLg~YEy;<3GE
zu-)jY8Hh4fnX;-f4X84W25-<KnR4vz>eHVn=}&*WF>y`_C_1AIK6J*oi0^?jUW0+c
zssMMp_);5)3B-RwZJRY$jJM{Covj6;$>8Iq^*TD;E(YIOT5sr8leFFht6iKmy63%x
zT9Nd;w^h&6>yt2`7kp}dQxUNfBEBa{Ffrm&A;CLs2A@>Ds!cX7lr2kS;VkK2D&3WV
zXdyXTlpK>GM>FKu)!>t*)rHfi7`$0p@9NdA(s~aJr_e=Xp`Ie%hX?k82R4UGrnt2B
zSOa}pitz^nKdl#jn#PwB{0G4A-3!0B#upR(hrmzog`ckRxdi_a@H2YhXJ~vj!G8?=
z%wG7J8efR<g@w{O93*YMNZK?>dR`!xP^7iEnI#dQ1&XnCq7{+bN|Ea<LG;qk8?D$f
zo4ymPUpi<>yJ_QYE-t{*$L4(q=&(`ReV_CiSw0Pybi3~}xHVaS9xm)&f6>duUn&>t
z^%~sGlJ!?%seAo(*xJ2*D?F=v{dRb1uTWV@p+cWD5iP3>-V*V4ik8-h&!PC;E#h+#
zHQ%6W?Ov5i_57l+`~UHag4jck*Sb&cp+EogJtIC3Y>q>UP3`sZ{r~w1MtywO2gG06
z<1_Z^ea2q#8Pg)ZFV46c!^+-uVwyS16w_+kJTW~G^Q1Vy;M02w%`_@B(`s3b^^}-l
ztq?OUPqbO9#VqS&G22=y_OZ?o?bfMcjx|8cHTVn~2I;GH$o4>(%*Q;4X=7#&bWcDR
zXlPpxbSj|xY3QsT=w5*Cuc5Phpwj?7KtuQGf$k0Hfg0N01Dy`&K^i)z2RZ}L4h@|f
z{}RU!hC%n&qZg6P1n3Y<_&K<9USbVu_T3g)VHL!_*0*B5b+%YwEff2}IQtuXUq?z+
zb^QYIX#<}_^-=TJ#moX`p~fsA4E<tQP(#sdU=Gum{i=XMVW)}la7cJS@>^kAQSJlq
z5hNu%xqmWXUaberBRiaAJP294t0Ulm-l{a1L1VW%i>+tGf!1Vk5d7R>HHm`_exTFV
zTyCsrEEgIRq33|{QChTv*2m5T_Gpdmumi6dqiJJK7P7I~=K*~T!ZJrey*XZvg+>Qb
zZOLk}(NYWadl^3#vd1$^&Q;@$nlcWq3YujjtbqwAr#Kv^IdqS&$158xPHaS10>7M7
zw%Qlui^x`}^oK+##Q*p3?V+;9j8c;vc96jrYA9@Z7_n3ck98RQa8xs3end_lQ74W>
zMLW{;uyC<(y(&r7E#2Uzat*FigoU$eqFSs+2r6vzlOMzQ3F-$jl4k)({t~}Y0td7s
zc~#2%Rs9+ihoru`{FSCT`p%Zcg-3n1&2>6n#Fr2}P~&$x#BSYMk8}c$3aA;P&dzG`
z4Sp0R6=?DkbUb>5IMy6%y13mR<6eNjTF2rS(o;4xPAS+yTQgZ1wr)g~t!P0M?bp&$
zZfqgp_lNL*i!W8lAVd=oyhh)K(ljWRT~oX57$n#RKpOnmqBx4KFvmswM2PV-40`+s
zu^3|bg*vgwABjJ&!A~_d_)be+ENZa^S2^0{IPgTwf5)qzJ57BzTm<k2fEj#oQJg?(
z19(DWG3$Q;00960gjWYt6I-`Vm`Di`0s%z<jS@8i1HlBPsQ*v`im3EzqeSU7pkSj(
z2SI8m3JOZEB1IH0MX`WbP()PJiwajPS3wcccLv7i+`HcTU)I`dzS-I5+xzT&%ARRR
zz>F55i~19p5d!8CA!+h=Dv=qf4M#ybK<N4qfd*b^;DyH0hp0;6MG3qpv8Y#A`ZNMt
zpGGy%r_n9-l?X2SO4LAoC3++`QYexe7#YZQ33TCFx>#}zEDgA910}>*)SHHoV}Z|@
zZ7e#G8AYX2ji@wZpjcu;BQlQ(m=Yj_84yCW790ans8l@&A_<tWB2-aX#MqC9LOOy#
zG=u~pH1LlEi3&#p8ZHTfq^W=-h65jiz%y3Bj00Rh%!tf5ikTTgW1ypyNC;a7p>Yrc
zL&N~MjVICPA7jD!kS+x0FGR>o;CQkkEFd!Dwc#X=4xGcG>vIT@K8H$U!8xc^&cZ$9
zAUJ^>2q%&Q;1nV=0ii(~;8Y?r5zKG#983bn99_<=F&|DQAApa~87Bi9g*lt!04mPG
z6aeKQA~ThWP`Qv0jVnWgq-3NF1<V8y>M#NsYQyOunB3W5Kp?p^T^gJ_8^{R|NE+bI
zA~H`P<RHM8O=PAa<ezgW9T=m5<jw|?0RqXKGtNMi33Dcyh%#{wWg*H!Ac|~+q=XpK
zqzq%}ECDl-#G0R>0_Q<55E&4ZfSE+1&QC-$4gv*L018oh7>mdhP!R&xP>9Xtu+d8U
zfJ!fh5QbqaLKQHRMObuTJX@h0DxH8<og-i#N2{Lu`#lAH&jU_3fjII(c}&3bq(Br@
zQW*k1PHDjf5QW78tAYW_k0^n7QbB<G5fTlNQ9>BdJQjQk7#48gLUa`r{tA>l4FQ_D
zm3~?v8VCqU2$6Y43oe2v2m%N>2+ajiq9HCy=qjPfAZ&(!d4hz@--j{-eg+%iK=Tmz
z3>a6$fs0Z8;(zc5&heiWi0%UX^S}x}N1@ZvKp_xl8d$^uzbZ_kL9tYjnDp5K(-7l6
z-~*@#0%nE?OH@S#E`eT16M%~nph447DiE~+tRjH5ObadtX`t&tBpGyJ(?At60lO-0
zV`PDMKr8A?Loq$<ACBp>_Q0_cA_F#s%&coFa6qENW%%7x&Veh?c~<;mo;GvytQ0V_
zK}4cpi&bgC)ezWbdXS|dLJLILG$fD>b{Jx5fUwaz&F()?VFAf({#FFCoUIlcO)JL$
zF$8vV>m-|G23O$&sOG>mXaF_%0GQcx0n`da6+i%DpdfWxaQ$2%4S+8Q4L}J5poBnR
z$Ab)UfGMb@BEp!hC5H`GGpJ=97+TMP&!aBR|6`5{b1oVLqVm8685~I$wBW{HM-n(G
zXy6}UBlSDyqVnJ{x`2<qkpnlO)J^|;(22^UOT1YiN(HRqfVD*nZiVz98aP=mf@Ag~
zjZUGWCo2R_R`k3QFmr$x1h|+-g<HUYi--~=3?Px&%7HJT?3aGCQ&INIbL<pg+@=Np
zfw5l!>{tFPdm9*VWsbd#$ozu?x1;Rs|6=bD^a1kuz_wEh?gq<{Dn$Y*kwGA^Uvj~!
z3p@qifaos}AsTvNfET4<Wl2Pct*_)~AYkSlo@XY?HxLVhRN*d2EKI=6M>Rn}LqiNm
zU<(5c8WYuwU__@GGmJ@Gnh-dkt`eDD2zowU)q<~qIWZuxc4O&a(VPUU_7*<v*EsNX
z2rV!b?gWQHHwW%OXL9}bb#oG($qf)My0dPAcQ7Ssu(NJy!9AeH=+1)v58@sU+zU#L
zW~h_M?ES}@Jc%wCh(I7%@&l~EgRt4#4?O230vHSg{fh*Ih~aq{76BrP>BNALF}*kt
z3J@V6l0c}K9<`CeVH$>Ifh@q;FU0h6Ko;R_7GoH-QNZD)|ML5be>pB@B@8owtiXIR
zaPva>SK(~t;V=`!tAQwESOthGVeW_eg)zMv5OoZ*fN0=+t-x{O<KbXf6UbUz{8~7y
zjbR-iy4al1m^WbjsIQIKeDr}BV0x6(5SLpcT;7avdSje^Gp0xVn&R|km|rvx=9u0B
zh$U{mR@hk7#s<Ua7+V~t9ZqkLtC0f^JL3HAz>VF7v)O~oj}s0%<FE_P-W8|k;qX3O
zecf<%^up!P8<%Haj1RT>wa(G8p@g{~iVxv(br`cjb9DsgHxh@VaQGN5x6wF#A`U0v
z@{^9!XApj`&qypDbbV(2tB${77T|JwlJI*koWki(WBOtsXK}SVhx4V1=~0_f94^P<
z3LH-*F6L?s*8r)-*`LS!pgF&Qi>C=Uwi$<8FnkHfWz4=ENC&Q_T^Q#zAl+Dg(E8rT
z>>mJmh}jPi=JpYU**qfrK9_#YMH7e7d`{qU_~l<%i17Oy6Pl|FQTR6xQR25fk^0-7
zh@P23+ym&DJbPB4dwg=vmKcO#^fmBzEW}@XW>$=Xe9*D3b7P6~=JdpK*!+n^bH?A`
z`GYWf?h)g#I3P^_9pj9|_z0N(E5@@Q%h9af)SVA}3GW6=E$TpCgRNuWJtLX5S?N2%
zI3pG}id9#eZK4Srw}{-J5QVlbE8N=7I()bLuFg}tU8NVxwchc+w+Al$w*6b*(t-CC
z=TE$ilISqq{kFgPkj|HS56)uuGk2Q4S3Pd3snC4i;JmC+@Iph9v#*2iUb5kKWcNa<
zcD;FD+N~miQ>vL)$ser}uUcKkR4L65##NI=RJ-*;KGU;YQ(Bwc(>LAwmf*1dP3?tP
z?dy3_xA=ihh0ViKis`iX&fk}etxfJc-QdC{x0|bPvOI07Kg#qK8}045pL=!6N^Ozm
zSs6)oahKYvkK&n!NU;vbw0#;iq`n<czGJZ>*#G1oQ`sp_d0d6#&m4L>g04txNS(Nx
zGG4T2>G%q%Yp0|(T&{QVC+AASiOpfmw*%CL>Gs}2yzkW7)Z~yqG+w*DFpm4!91k^*
z4_HT0g_bMC^rvwTtS+fnlb{`5_Wo(9JwcwmdeWrvlGQV{+fM53Q<UDoe8%Y5UKLuc
zRGonAY#QeOMpEIG|JMMk(@RBPHqu7UDHleB-M_RxSR_11eqZjzaE~(6wbecqt$#nv
zdT6tr)m>E`c4TV9n~NKsMT<MXrU!>wQB>31<=cE-26pi}Wo4hTc#Lk-6Az2$XBl2K
zb*8y>9g7N8n6_`JjEJ4y5yRXOdT*cFP_cv{q|5x8<|X~KsBOB1qgMNjI%VD|ia+ws
zyG1*GKh%7WkXajFYMNo{>gcs!o_%qHy4mAF6_bhY8{=G#k^El|Js#_1Cu=1)P~?|v
z*lZfJtgN%($e!@TA-1^8;=J6h6MYN)6DN7jjw|Dhc`{?d`S+pm5y^L3vnIv1+UlQi
zT3mc8@H2!QjhMP!IW;_`UH!RWx%IaDZqqYOg0|6)oayzu4hQ#3h$&ag@;IL5MOn5F
zWtwOT=ZjO{7(?!XaFJY3e|V>U==sOu`m!0}!y1C&m?OINX;+eWtaI}YuWemyUvgki
zMRk3Opmb|~S$5_0!T83Rp^?=E(MF8BHYdENWs9Y|`kGGcSY=OIA1l)K$@$Ihih`BX
z;mb9W^zKVId&hj-S-=TQr`LV#Fgwnb>pMu$+v(wys?zbrlz33mqw#`{!lR<Z$*2cK
ze^FeQ>6o#X2}b=I-Q6-O^?ZZiH+RdH?_^w_+}Oi-{ULo`^r6!f$FI(ip$NgIJ|j&q
zrMk*@-`~jenm7JdVY!y|YL2vBDw}U5KMu+C-CQsv%o|Oj)U3b$leJkS(JpxF0=-fh
z>WTY3E)EB6{rC7L*wuThHAn34zj~OJZZIx=-2Y--Yx9f$I6m=<bo=zMr!qtHXa87Q
zgpSBqTxvhtB5#-Guve|Fdh(^4w$jNzhrfPle>{>j(Lb?J+-t*Xa!Q4=>cFjh&yTF`
z5<8K>4@)|HdPR;$-I%_6#Z1(Nr5`!%xU#P|th0()JR`AE|CX$Yp~bzIJgKgFxyPy{
z`x+IjM|8UGT#8fpA)Y*AuRZyB&$&V35v2!bZHOkzSMz?J>JKi|cD<;da7XiwZTo=A
zO-7cJ{<zUP!o44thx8v-)fV0<p{9izjNXWUWbnEsfB(51ug<NhxPKvKNX<j#YfZ)L
zfY!l-mW}??NpEiysXNs@C$mqt5&|C2H0X3)s%IANGduMCd3?j^ZfMNrd*JZ;Qq6S5
zBMs%Ml3Py;zctF)lbm99BO`w`hxXyr$K0;r5K7U~$z@4rYvq<#{&8S3e%p+c+->G`
zgKVDXSbEH9INm`+(UIExpLNmSRwhVSd8>TbP}n28uyFB%YcE<!z2fbQc2+JG|03kK
z-T3*&1!Kz!-r1g-FXhX7oH*%!+4aj&Bbjj<hL_aXy0WO%J_p0@G#Y4cJEN*DYtp+e
z<!5NQ&8B?%x{|JDlKHBSY88#AjHyTGf6U4)w!FB*{7y|#kK5~|f6~rWnX5{g7*+0)
zEjV@v>fYTQ5jv#Wca)@VTBoJ_)^&6I$yhnpyU6GonMq4uUaR|%&7SkR3+Mrdy*~Xp
zE!=kIlla~J^zo$4ZBM@mU`wx0@@9n&$3Mur?X27T25MQ-#|ge1*_TgtkPQ8*GoBn(
z78We;5?WH36)e&7^22J0YlnvxH5KKp&)I*gIKWb~cJ~KAamj>^ACZNl>tbeJ{B0)D
zIA&uWkG$T<f7h~IEcNxm(9Law+lSAVEV-QhO!fL^r!qJ$VrJn8ug-#C>gxjT83^r9
zK~GDR#_pn9K;~ojRVNVadw|#mL>$AQPatC7Dn!s%5XG>2u?~nRb_Z4g5y3di{&{B-
zNtpc^Akf_1M?Cef`*Q~4kN(&F`3>Vi`@ktoANsGm6zdm>Xm9)pyQ0xv`Z*BLFA%qZ
z=VL4ev~M58?DfF&9){8Hggy*wVHk~*4W7LiM!!>TVi@gRu4A0&chFUAEcy*~1&b5?
z&T7N-^5EHu*~@@uBW8o<wE@Fu{;Dv0w4XSG^$%zc3NeiKMcG(S^N}#uzoK{;NE+5x
zp#4}XhVKG7j^Q342^h~sAQ70p1V}jHcOQ8a>t|4(zxw_>AR(AN>T^G)M|*5PY%JP`
z`(W`zU>L&qJTZ)p`}O_c4`erHkLq?}82vV}Cj9=c*@j_j45MpnE08UiJzCRESPW?Y
z$;J55I_hEiH9-D@VYH6xv9V|$&c^tem>sG|zc*K6SP{rF%m)4LmdE%d_4xb%bX+9*
z<wJB6awR~)fj+Y@K2$<gyKkt=`6C~*<?C7YCmG5f9tN9z_JaQw&Duk#y+|-GAkf{{
z$CEH`of=zh&8*JXj}KIVsFAQMf$Yk24%)Zd-Dj__8{|qLx&jLeQ@h=!+l^fbVgWp7
zr-0pFzWZDW!tOp^?mj$}g6Qr^psNQ4xTx=T4s!Q$Rd?m>bqez0t9!XSs|WDB4xs=2
zGGzQ$Lw6q+uOQd|WmWiZ#vZ7ZaG-BcfD6x)pz;3&pdR3LV7F6XAkW*`i>Jm5@bUmN
zHgw+S4odwd(u_b%a|9jnrI0YIuKsmH_cpNDVP4B`ctkQISdd$%rWlzaEG1(`OWk&R
zNVo6ah9~*&P7<9NMmuN^saZ{j<2>&(-U)ZD(DUnHynCN;Rd&VVk<Cj!H5sOTwSH3B
zYqMYYQ|piLd)DWAr}8b&ZObonY<w4=o;J|s?|3nDUqIKS#o2=`X>u=Y$O13V2Ak^_
z`qy}`xVAG@l_4ERv%Rkych;-Y=6XYL|BzRHT8Zy%Su5|28kdS4+&!<K4;~?JOL%!<
z-$immrhZjJ@rwmEAwe1KWu_M#f^;3led<r7RK9%sEjTl;D&jAOFyf(qj`}6YHe*Xh
zj&R0~RKE1)bLkU5<ob4%@%MTzYP48wT^FRN5xZ(4(Qf8Wt3ERL;neD<)JPAL>H%4k
zo7_D~KNr<pmD?lI$hTI3k6Acg81}#OxohO<sgOnszPP2N*VDF;&`&?$W@pF3oBodc
zEm9+*{o%5Wl~(@zEKPTv+f)4g@9Ok}-uDfT)&1pqD97|*FRayafS}r)e4jh<$f1<2
zYcXTqbNFFkdgv3Itk0v$uS~elxO=7woJ+G;w+ue>d>7DoH~cFnNH(J~fctRtjphmS
z=#CO3B~^>Od^CYMt>d%5s)x(lx^3IXsto0FbN^Eo-p3sExbtQAhuALLLM|`Y6>oNa
zDwF)fStm(D;VQG}(S@~*4w?>0;SLje=O<*>{Z(*cql!v%PD1=Q_tO;hYTNwCEtf^V
z)<$>Ot=Q;zGbm!oBJtXD9QU8`kL}Bv7q#gqCu@C;BxG{5?YCBc4d&B(HJ)ltCah*Z
z^^>bk+3(D|dQF9WlF2>^G-q#pwc}kqs=-?+Cqa|>du_$7r~|x}RNhJ!Z{<L`fLeYl
zO8x9D*AAz;Z)YsGr>Aya&lKfoFS!1vdUVkvKR26zAQB<6;gL|W_5zbn3nSM&@iQy!
z4D0nWE<GV8w389iGVji3JHvZza;F8+9i~Z4TN!H4d3w&G1h-cU4fr+B{c28>6ZCFt
z4+xD6+c8CsYA|EuBx1DUtZaKVgd}ST+KdI=%XU+`3!^&<$=v~>f0~J>7`TKh#E11+
zeYnXKTlD9OWyy}-<$vDrn4Fk5v0&OZv9H>2b49rOjZoj@>cyG6t&f%zWNK1^HuqHW
z*A(acsQ+H=&Rx3d&cIV^EB|JzTN0wup5BQ%JNp|eQ^w0$9uZSRES@}yKkKR03pYI~
z6TkUQwXD=^=uTl=E~js!GTYZN^~s9mgI&G{OxI?UtbFXv`X_cheAD#)-nYF2+}pxr
z|E^8(%3}%f$0XA}JSb9(o<h106+G846V$%AuvbN=!KiDsHS$W)+M)WB_0GGtl_vta
zMjnMvb(Yv)hWl^x32QE$T_3cyp}F~yv6-^X;ld^D;Z_IRTGrX|4BXB?>0f@K191}>
z87+0*R{M@Hqrp6_SX5C{P;T?Ctf$wSlA=fLrYrfT1TPrz9{gHz{_>f0$faS`%B>E$
zWx)%q)|Xg2^`@_1zbIpY%Ozp1gm8j>WQ5vM$~?)n(!w`)ZnS$FU_E%vaYe_*rFq-m
zE&!Q8X1~Z@JKkZcl0B+veJ?*!$uBb1yCYeSqU#)+y3TO^C5xxb@bc*MrJtMkHug}N
z;wEw)1C$lge*FU%EJA`-I;!n!pV-t}x!0o@adlPPK4j+fU6MN%aku6krNpVFWqW0L
zg%%}Yd4eP_`}i8K>LZgAgWE+E*Hcm@DPFWhiA25~b7>~)ZAbRhA-#^mRrA+b#N0f|
z+3~sPx&8;aliL#|6-x(4;D*7A<YWD#EFIk#diCO`DyGmx&EKyYsvN4!xIr^FO#EQW
z-Ul{&9xh4_lAPfma1)lDF&-<W+bbXZtH<lk^#x_cHJd66EMt}iH2two`bEc<VE2LY
z7f1H4BOAzz=`3CQ=1irXaDhckBY|{=F4St3MNK5H2~j<m&Tvey2q}7Bw<lCVu^}mQ
zc%s3?mL+?Za$bYFc$fbc2~8t@iH3#S;<W9FyNY@&qU+7ebH`0RkCzxJ>Ix@!ZcsY>
zg)bfXT17>ndAZ|`cRGQW*2c5!-5@LXj0V+`KQsRtn+oq~O?lQd1h>fYs@^um9>^1_
z5KH>@vf$gxM5C9^hio5KS}oe@Xj5!5c)0v>?U`B)H9m<e81nrObBRb%pViC1<Bq^-
zs~Syx9=wX9u&W@IH5*@WPP&aBtA3zg3cpuxOuKUWVEDj=g>l{oxl&r241>g;&j0ke
zJ?{Cg*zmSDl+@A)qa@QaV}x)|bvL(mf_lN1yJsIdvPr@z!$HeMMQHkw+eM8|PT4;z
zYd5$bEQFjBmybx_pu6ng;+dYS_n*3&jwfA}>1I!cx4d&%{I-K{y<+C^`k%dgqh9%l
zC#ya`K;$QM`yI-zgxU)Z*PRQJ^UV|ec650rOCy~?Hhs@MqE!p!IPG?hJ}mnsST+pO
zz0d8L95?$}`KJ6xzjArK<rVrJqa2|mPFGFtY5E)U6!X7GRxJq&U7i<t9C9Y-tkJRi
z9{>OV|Nj60AphUjO^wI{Lrf(DVJe>F)z7+2N2ri#)=Zi;<7Uk!L?e^6P(CdrfVQX_
z?|DJQszoD!zxp1h)GiexP>~_0K|@Y6Jg4br6y6RwD)Z$~K+}j~(;y%_4Sq%vONzTM
z(rg;ktOIJN<NW?c&HbU8`y1B#vq80g+@RW@y8Qmo<s;!H=pF#nIso%Jfbu#34Ifa-
zCbACfAP15$bs!y62E$BZ+L_n|X95@OV2ks^RI6&)ZCl|zsp2_&w$3=0x6D@!Qfe_y
zHa%2nL%C9Ny4q?HJhV-E81e7JSSKA8te7=MSg3UIO=I=|4v#|$jCeSX35WBTP-mu$
zFB{MLGW4u38#G^z$pQ4%O|Ht9JzqvbSseNb>F2M|eva^c)!_Ro#D_O!toT%2LuX#W
z%ak#|uf_wMMF7qUdV~}o;TOY}M^Z;Uk~r#-EXEy)qHLt^Y^d*S!(g@$&}Q2L+H4|y
zwh+(+8e2dUNJn)Qvx-QsNSSv=D$d4E=#NQYwYkKwb5TwKD!vwU1RWgT=y9Q(O|g;k
z4ZI}%hOhwrhPZhC2HsNZ3)0Ma5z#y)=;&N4+P|3x`*faBYo54&GY{<FfV>)spu0p7
zL6}s}%d4e|$|1sZWFA~*9BqUhO?DxUhEOq`b+{dE8*WEOwt&*-NA>enY&*(-SiNX<
zwdQsz;;O+iA7Ytr<jt2Cj;gqS)nlWxrz(arU)uOMCaOM0F_~2^1L4OQ#;S5yx#E_y
z6<0f2A=j4G-dDx*;W5$H2H*h{zzpRLL{%|>N~nVpqMgK!FiBWo#4Rw47AVgO2Zm-+
zA2C_Lc3>75j|D|3We)h8ca)SbEQn*_Sr|-s3&jcVIE%G~ZSdo84;;r-J1!JTCzwUX
zYKveeEi&j9$zHZd+@4qzxfh#M7L!=E*x$4ux!w{3XbA+g#57zI251%Q!VRpbrd~gC
z#O7FHdccr*;Z^9kB~r8ScVI)P)$v&W<Ne7D7oHHcq<#D?;GWrf*00~fF8eLkuixS>
z`z-?dTcXQ$_{Swo2skNfaFQBbiUEEWauV!|lZ+`(5@zF*^x##0=*g#$tJcWG9>dDg
zttUCsbCr{PMLS?1TN>3aRWelV@ztV{yc9}aYWOd;N?s~G$XFT(269i1Do^(1qG|7B
zDEDN;{bZ}$ll9o3S>?%G?y{(InHr^wvz6s8eqyo=ie6>}EE8wkW%7)Rq@YRNuMKu4
zmf?M_Wx$UZML0b#%O~olBKAS2h4b|?u)&iF`DE1p4nI6<mJw{8fr@90ii);T+gwlG
zsI*CWYiq8Ut*pjY&p^ZSsP=6V)xK>@-P(Av><|*ix(+ZS-j#+kL)A_=w_7<cHzor^
zc)41stA&lpBCt)CM+WBxSwTdvuo)!B4MIseWY`KTI9HZe9TerhIAG>kz|52Am^ZEi
zia>{xOuZ8uq7#Pu2wc&CE84*o8Mq<=SLEP|6dapUs<i8bH8RPkRFf229V<O*a17Oq
zQZ?^nPqkJ>MSWGW(w<vIc0pr!2mwfQuBudr&KWUW>f3^i&#0t9DXkYlaO3&^IgEaO
zill=Y27@NS(Biew;;j3+p~DC%K{s}yZstVY#EH7O6Ln)JB0aX!;9sfMw_4k7HxnG^
z%;*zK;lWU>(@MnEM3_~E^(tt;RYuM#>qNK;WOPQ<s$eE$!DlrIAgdkA=KOaJ&3Dy`
z&QlHPWzxs*asz%>QdMz1#c(~vNer&I-nmjwE$w7@y?qMnx>HEkonpc)3PRr_T7D0Q
zNucJbhUirNL|Qu*Qqy?SsSM7k1kS145T{xUvBt<<)1x8QFv)9(<TWhn;X!k{AVb*j
zI33G9oyk3&$UU786nK7UZA7?MX^Ru)wb0eq8gs0*y82o%%U#QpzB8iAGZeE~U}<Q?
zp8>_6VT7Dv6@NzTlKTt}<IJe?Otn%CauP>|b0&myrV)Ck6^^ReEjYjLu+4@#D4OCr
zC#pQh&p`3B-g6+7bBw@q#F^k6IU`0gXx<$Wgh}o>`9!^|a!Xh(v#Q5uuo#zSWr-*?
zKF9n8^*>iP3N|dyB^#FKf?X~xfYGK9ZGT|+2<EvUuLos~Iy7W!*=gp9;kh6poD0o<
zE|Nl?326QrTvvfin&+DCg!-Nr5u9gGOgECxGprTCP&FyEx*2zs=UUpcsyGgwN5>SX
zki9%4I3F0nh(8}He!jtSzPzoXiU&||bx=gO^9n3*VN`#ifiS~BxX`dy1iN7i_~${%
z9^QqbB`<`kV5UvwN~uh8LS3xJMW#Dj=prHiLKZJCg1j#>OfHhmq>2X#8W>AmWcE2j
zcf1%GZCymVPBC4iABRQ5VjUP3>&UQJXBigjgkiA`bceyQ&g4cvF$VaF5%CizF~*<F
z{KF6J8HK9m7Hj%ZQ+vBx!JYLJ5avLcrxQ<+E+NUoCGxYKOZn>TGHl_?l!@l(XDMvm
za5?PD%MH)Vh0UVNZI5m)C!s4MjHj_Zy1ATm<K;ri5UF;#VA0Esy3(@iN-?zf2|Tj@
zl{nm}cDrQ6aH48<%ftqpD}9*Sy&~tjl5Rd;Wr$F3UX5{FZ3}x>_Z0T71}H#T|2e)L
z%(gQ;j&w~#dW{%ru7NIejp?>)_|j7q^~<}fD{i@vZF3{7qDqw2=$hz+%>S1)X8IY{
zBJi4@69@Y_WfyEnsq*Ahvyb(2n=yY*?P4^(7HWL05qT}w_}Vy)ueBvkNcHQ0>es^_
zFuLDBbicvMI55Hu*a$cD<Ty7_W6&{mlWnr{AAz7@brX(>Hwi=ICOR~JVHp}XV_r84
z4z9`u2H5BOn7EJM5>elxI0R&-!*78dev7g5E%I!7i#VG`bq#@OkW6ZUTY$ga3dP@Q
zc-_kV?bbMdyA{ihJnWai!+s?Wu3r-e`!(PcxYVz)OZ^(y5tOl>ppJBVPZO%}Ozn2;
z1d2uDT(CR{3;kJ^_5B?Y%^eE!;?fD;3#O6r?|{a?!<gU>eW0X-554I!|7G$BQMe?y
zLoEr`l$-lOVLl*}V%%w@-U+4NX(Zgqa_~ECIryEx48b8{V6(gEBz_m^;=AxMrMn{g
z(e&ePo_^dzncqX0--DUoBcCg|7aHMS)B0X!1Xa?{cnx-kdnI?c*K{@Bu=x#z{u=`Q
zH|$i*Z)EiAA^P=(!Fq;%eGK~b68iNJJsUzB;<o~YP38^Qb2jk36z~}00i)srP{jv~
zLJ!28yij%hyiM;;zFGJ{`~#c^iRV4&;O7-)Oh06Z9wMhj9)g%LofY##L5ps(<MR+U
z6vX;4!TPZEvCeM|w%<Z*zcr128-wk)mV<4-jko3R2)^H0ZMo49Z6vnb2=QV%E8dOB
zmd4RH%DXd|Ym@Tfu1Yo6?M4&jMr`*-h+dBf2Q&SeP0;}@I)EN$+swkG^Eih8INx!7
zJa!m8Va)ghG~*Kn;S(`tRCR;E=+@iC7|;_O&=c`4@gxm>Pm<90Bny2{#vF6r0=3#=
zxNH%YmRoE~%Pj=L7GY^A(AbuiTS!KvNQawKft}fW6fz?fw{SadL9Pl3!NF)~*{6u>
zJtZ&Xe{VT5_%wSSAUth)8ZQ!`W;^CjlO6M?xnfUSJXW9fdB*hYGY0ZA;i;G){`84>
zJ;MMzLjXL(0X!pGRueAjY7L#190PhbqI))?Gx6hDn1nscc6XnH)z9U1PVD8UhT?fh
z@w{SCuH?GSFn+<9<ppDw7nENGoHEr)n>YXZZ&TwS{et}r){DeBUgQDV2l#&=!2gp^
zq?ABY`+s5W{|!!9MzvdE?bdvvPn(7t#n!FJi(ev$Ub4MM^0E+9Uj>em?ZdqHRqQ;k
zGUs`fIM1uxd0rKr=T+l8=2g02YI`lBdQG)eREtVol{S$4zXoI2Yex0g#3vA{6uiX@
zSW~308B74p>rwsdJ{n&cgXVRJ=5-_YbrH?$BAVAlBfX9R`L6wjk^Baf{DzV7M$8QL
zh9xn11Dcxq{hP$g-b8*6&%tdoMB7MWvJK+JbXL6EY)68(!QOx!_I5<_wsa8hZ3yCR
zBj|1GlQdN$JXd_1KRDYSRc=>#K(MBE*uKSfh+w;svt8b|*lvFcuw7Cxj=k_8V0%vw
z0=Dx90e^;CzY|fu<0N(owMOrmzGKk61JS)>V7w!amUkTS>0vMV@ndT5_{Y@z(2CW3
z2Mqut>)miG<z4^mT_pKk!}eYAz-Gu<)z;1LfHD1D71QxMs_#m3=wBihf6*-9FX~+&
zK)h!lzGoo5M^XagMDL*>OG<-a2TE}d^GNYNO%~rLiQxMzUsWY_b9kz{19t5W!(fMy
zs_w9*sym4E9YU%q(AZMd9VAs%q{DFN%3$4g@Ofs3Xxbft5pa(BUnK7Smz<;iHOx_A
z+y5p+|7~4#ePBs(KZ5B&igooz*pWWcdU;+1wfzW9ZK1z^#8zG(n~wh&cKpW%=EpJf
z#K+!v^_N=)(#ImCkL5)zmIM~Hm?H3mkBQTK4Bz;+F*P@fNtNCeYN3Tb?f`!>(|<z!
z{1XD_6E?~|L8I&ow1o2iK|JUmvR{5G`Q<-xAN^D8qkoDSkt!V!#Gl~(Pr7gXuZZ?v
zPNKihH=2ul_xcxfuYVb^szHOd)dx3^RbgXzO96>b|Au`2ZJPXBoXY+!Pi6n^9X~#m
z{o6j3{To`e1Ihw((7*GEy2+7?{Tn_>`y2xK+=%>~KiT+P+pJV^vu!I(Myuk7YL?Vn
z;9iec*}~#;3|Migo6GjNTGg*aB+C1R6H1@JU=<tKB1TZngGNwMHy6pNBXa5xqdKX}
zg9@S7BL<<oIx!;Ynj}JzBq)+dSki_<SLiF4SQZ;pD&vQq;FWX`2!xjq8Y4PCsCYkd
zTnXFq7%9rYky0js@iM@Te)(ZX<!<_C3Oxx6N>G5nRV2>fnNid9VK)@<6O$et^DbTQ
zWz^G1X=CtG9xbOYU=PBBq%S1z>m>RGY~cGGJ{|U+zR03|r7#mz3=K3S_f#c`U_q<C
zK&uW6y8+TQsLlxJ&~Zbb5aVt@@EUAh-(VekR5CMIL?`^}EhzED%n+A25*w(kFyJ6^
zd%yKjM#UTYdjtAGY~2XuG%C+kJyoe4sbm$Ixf_XQjR<|C&D@Pvb5r3qb2kz#8}o@l
zRgE*#rh!t08;OohP)w5=!N-(lmuhn=1*TyW(Xa_A(qz-H$*Lh0ZPT!cXxNlb3@Mf}
zPD$T$u2(cv$0nj<KLn^BpAY*H)mVeL`LLg5vn8klS`k?NA!UE##?ukD{sdcpB)osj
zkm>JTl3idAVu`qEq#Q;Rf_MNV9T0{tjCTORI{;xCAnvCGHM@6}9e-xX7INS9?g)+U
z+ewO|r;*aggar6NNH@^vXbxZo=m!$?0})2s)ssP8W2aloDh;yC4+h$y4Tf}sQIMJM
z2DhGu=mryXgAszkG3Zp?Fc1|oR-}XNNQXeWAs|#RoI?oCAqdNm7@VqZI2zk_q(kgT
zha#Rs`G6lv0I~*g1Ab_9#z9{~%bas4nUv+K=)8<Uy(^NkD@VO6LCqS(q24tf^{#w+
zv)1bVCfJ7|S;IK?VFWvC5QlwOJoaI9+OpI|xFb}%Au+q@%k?}lt+`@!fTbR?+sy<$
zTxx<hF6S4S1QlprKx=^Ed<`%h9Wn|^%w0<?&EA7)!XLAGbWFiL=;NxOkY3Uf6wB)E
z;XOYtM5%Wpc9s#4R(}oSh+L7T-6M#<j6n7nVaql~ShEc(RJg+>A_K|Bh<qZYAG3n=
zVg&L1kqE&^?)xK&F04VE?~ja0FGfbTGh5lZd@K?_mWUsV_>Z;D$f{<ya9cg&PagjL
z;0(uD>$6{7yC>e?@``M`s=6}GPT}d&aZKts^BQy#_sDoiHeO9B;k)ZviAA0c)ww0?
zaN`jM)o4WY)ElT?&9s*)49R$Oy-l*vrVIB%?Ds<K_fpA@KR!j~XhbU7`o;R2D!5D<
zkbBt%<X)(Q@DmeVKLHX?5Cl%J8nL5;42OxZ-9$6vRp}6)Nc?glGSNia5TED>4}*gW
z@rqNgF0a<<0S-I`?2DN1>m)`KpVwc5(g_GZ(HJz4dSYL!H!;y9By$pv7>r=F_e7yo
z$wc6~JF}JLRsLdY(0~W=Nixz&CRSsRlM#l=93&%1GmzEQRek8WJ-1x8-ed{rWQ-`1
zw;z(XpPJai5$aZIRW@$+lX&kZ8(}}&z}XMXWPF;PY9Ge(d^?q)oGJ{qsWQl^Hjq;t
zbTb;6ZJQx!v+&6Qp9qh|W@PJT{_rp;j=6HDS8S~dfo9u&PcyxS%V^pH>HKR;3-Br)
zp9UjpK~h^{5VdID<W`=b9DQlQ;6ba?X>y)3jo_JvWKOdM!D-e!hYGdiInzjhoW}DU
zy7h=s+v%#cvaM1asWY9ZGaaFxZc}HvEv8SGt=6L$YcEdM8_?NeshCr|GNOk~w|m$O
zNH;^#9g(fL)CMyMxETn*44VyR*laMv*nmifUwbeh4}fF`=*L<*ID!2<KNcN;Kp#Lr
zAAqnOU`-NL&2H|hnp@QGXT>Io2gD|cU*dV-m*fj3eEI_s`U4620}-PGt>{(F;BXSr
zUm>cMN(Bb|z*yijIq;c|aK14>dJv*Ks5kNtGFd)NiVx<(4~|Q%4+-!5gOCnGB!@YP
zA>pDidSQu8TZakL)?r|7!NpP_KAd#f;RwayF+*6@)rT`aGSuO4;8Ih4nOoz_sGsT)
zyjh5HR&V-g7G8~+0eJ+ZIzrWay;RCqk+>s}xFfvR@ypqwlUbojS%P<j92SoxHa!w?
zJ<>W1RLv-H5F7DG(<9A#2b9is_$8mZd=4a<<0Sgc(W0v8t`46Lqo0E?&at9bHE9{W
z8wp}6%t2ry4093ZxlUqa#915^=qch{VNlGK2gO`@P<)M;;A;rZ*J1|6*KC90YcM?l
z<zJ8d5Ep{p>F9v#*?9=*JS2UdlNibqVdl2_#@!<n5NeHig5l=DiOaHVJsLJR8Zw8e
z4y8hQi-jhd*g-yYG~Q%61~xe+&_J3Y7VyZkK!1X!w9>6qSGa|OG*2u<^b1wi62_l$
zRc{ipeqLywC5~mp$C3*}BSFW>huU=2lDI7q{wAK+gb7}PmnwD0qQ@f(98bo=@d)Vg
z)^KqAPHo*BA3M39z%6tF{;VF?;zXpyiA0MN5wjC*#|KnJL#gUrXwM*@7z_EE<fvLy
zhIf>|ss8RN=2k(*-{fz92E*f9sO`7HwqS64i#pv&0*;e7j+0dV%3N`Olv$r-1+o-1
zUK%w9NS5-se;KpkvY7oWMx2S;{Ne+pRSbsmIhR%zBU>#ovQ>zYttdv)cS1Bp8zgU2
zX@!bu@^XMuM&T?)AUk|aIDtb5wsV0xv|HLar}iEL<8m^f@Rr1K`A)>3s;_dRHt<G!
z2y!{GIan7j*M~;R)#=QqR&ekuLU)vK=Lqf`YMQg-&e?J2?6`9pcUz~!wrBH*d7f|U
z<q1&M0Kf7b6x!bU4yv)=;X2^L7%C2l1rD`9pt1%WY9ZzWEkQlQ8s0A9)$4zDNW;EJ
zl6HRf+oNIwUbSn;sF~X_C%wI5Len>c=1oXRU9-ewl*BEBl9U3Lm?&uRGBRdaSf`+6
zVp)`1j^qL@%Cubwf?K*mEzRyb@~9Y^N?_^P*wPh3lbY4mMv90<I6dtGZi*^dvIP@b
z70-}W=8&pgpM@*PR<LH~S#VkhDXu@xt=32xRj7)SF!J!M3zBw;tJQ8Y?z)jzbh8uB
zVQG7*;1rB=sy@{<E8|W*dj!lVD-~l6i<T)xr%5^4Dg=KO0=CLY?9!br<h-Lt+Mk%T
zRZ<tM3LuC{*lIpG;7ei2G<^!>e2U5+G-p4}h;Gb)8k|Bp;1ne46x$Z#Db`(M3P5tz
z?;!}^L!7^-jHqpw3FWeZ^1aYraOi!HMEo^~=^7sK8A1PwUY%E>j!VUp`ygv>XStxd
zn}J*tfy9MUe_)DmGr^pl{sFp}J}B`#6j}8L2=EUOVAWud2RK*kF8LQ(F~~oV?D_*5
zk51<fdAhv4>f=~T9BeIWx>o!^XHdhx(HT^j7i2)5vNoUCe@!{9wM^%#>0+stRuEJM
z=%jPSbZv$HhIG2D2j7%*Zh5h!+of|gWWu%39&5wU5JwRVXJE0lsLRiYVo3+G>sgTK
zED(gD?aoGupWV|OdA2x5o*jmA<4|WahdMim?NHUT@q}_Vi)Lp_(d_In&LeftrX<!W
z`8*m#{cA=Vh#Q{A7l7w^8Gp6rFP1QPnLJg_IS|-+^n;0z*pImc#s!@31q=qP(jp}R
z7gz*b#06Yr7oe(!tjy+WdV?a<-RV<E;x4j?yO@i+IL53p`QQjbxl+>KV1_on*lOd8
zEtu9Z$6KfKsL1mSoOK+ICT;7gs$YbG1;jcFh)X!@OT6%tt#u*&F0pNhU1H&U8B^~v
z_|?p)K;n6siM(te{gh6m{?1xoBL1hs?#fTOvOg8=s7ePM>6Q9ZT8EI=G8zKl3a-`_
zY@C2Ne?>kq#EX9|tzEf7Emv&Oq=e~}f>u{@t*+!T;7aNmK=hTp5q%Zc=c*otB@l5{
zKCvej!5b2RR|~pc&2_!Hhk<!@jN(`46Jsr?0!|dvHQWl<IEjHl^Nc@kWMS9j6T`5u
zked1U&v;rRd-=}<8~u#i=x3sr|Ew2Y&S(gL>$p9x!(I+2{_9B6bRBJI+v2&-fsg*-
zY<?ZF@^z9gqZZeb7T4z!!&{WPEtRff%Y@_R9Gy94*8Dlmx*3@1g;pv#r{=gp=#LwC
zf84;wrz&b#m~;GnO2KqD5Yyd28QM&DgVl655S4D|(R4RL#5Wqm&`>uLt~ZK?x{3SE
zO}&pMH|=~h`GwFkzu-Odiyoqhs`qY47yIZ|(nq%<*0<XG=vHeV-AXjSwa18sn*S2v
z`y~?k%ed=B0s>!G*uB3bfPN`<@2`0G{;HQ@@>jhNlef|3svIP56T1F3-u1VMLGm_h
zN@eJ&_P2B5+wCc`su~;`#?wZaeD4rcxPz;32ahXvSn=P{3%PglW_R{B7gvO15&s^?
zD7~jPD#Kdd)x#LQ%c`=f86!ioO!s$l9(Tw2F{IiRNwPZedb~v=Z;G$y`vvPocU@0&
z?De)Bd%gG)!F_CJ{5};X76;>tK5|oaef_+Emcs4ez9<OYPlDwA2-W@8jg$Lr8z-uw
zKD=5B#F6{+iQRp>>J5=_2c=d@ufZYmehB@3sw}45DLvxeS-D>?J{7Q9rkt&<V3GI!
z$gU{%-cL3IH^4R<lwXC=5zq}t@&*sIHVc!wfhbR;J%IQ;z_%VBAQoW_*gYsgc|W&U
z?W(x!`naGvG6jP3Af$TGb9)HpK?3GMB=o`f?s?D=?*I;~L_7~64i9njJVX$&2K-sv
zL-CId9}<V(L%<OT#)lF2hdIWF2}ag{V|=)W=Y<a=knl<2!}=fbN#XB=(}eN?n%}Vw
z`W-mt6Gb0mf{l=NqxbHk<1SYG+3Wlpk(!EhNC+i5;6}{*2;}{UlNfqbQHA|NVM%#;
zCF}4TC>}u)RD*QRZ;<KoTV&keoSsGCCMa-|GGeF<60?bP>Lw(1lkHi^Cdc+Hgo>4(
zg=`|>cvC*n7}^iUv`s{%&5-wIHB7M$kz$*PVw(~E%{Ik0TNR_iCB-%q#Wt&XhICtV
z&}~r9%|y>f5u``?P<)gq#~SdV_-K5%coaGaE=Qw)AbkwUc#I=`j38wVIMT=Bkv_)z
z9oGsYONt{;uv39@6nTP0ktawLsmC^X64E}Ylv%iFiQ>*i_>)L$ML5WZVH?m}AYXmS
zw9gmu+(OK~1<BZA^ZG4TuV+F9uirwveoI~@FrF&<><@JGEkvcK5Q?X``#eSTVGX$Z
zJQeRgPZ`7EQqWBV<?j*y-*c3|Cn#A1j`H_C%#6QBFyYMj`)FoVLYuNRW%kxCU+&XN
zKviGLk<><yeHAmj$X=_V&q)T&^{E20(EutM)FQ~~YBQ&(`upl;A{w52KOJ-8TGiF5
zm0|BWaTDsoqQBjO(CQ1vyNbcnUc5SdCb|iL3VntPRmAlQ`YKxJKZ)g6TkGm)duetY
zVxDE)|E&BH<Fn+&SSkEG2OB)6zt>c$RgZTo`cOLZ+UJPZK8F;2E~fKToqSyWIqTbe
z&qK23Rp<@KBw)`IV9z7r&&L3JUds^PGJM{O>jg;mf?_pWfAGjWHhzIUHhzJaRH6mJ
z@P&M$E=}4C${R#4B8^_;(dI>B9@c;ll^2DWxKk|UY2!u5^3vUl<i&Mtk{9!dfzjA#
zcDzq{;l^Gsh#_t(4smfWc86z%VQkoH3vpX<h)YQ^Vk?gkTdfD_x7q`o%*X1~JI#sr
z|5gwxNxA<<8;xTx_0qODj=jV-h+dLjBY#N_ZmKx$-jkOh?aP`)sZ^uyaJ@_%`DLW;
z%huj{S-(o4_=(#LFI!&CdKD7A>LiBE_CM`#eCI4>r$v>vh1uE)1n*S>?^OiiRoggw
z)ta7B2-ql)2#mj1^WK^0_T2KG$ohA8HtRlb1|Ng)s)!|CgD_rGt6^jbW`@^@8D2x$
zir-WSDlBH8@<lVeM)Z44HiJOc5SRg);5A}`Hz9;Koy0Es1vPKLF!kRg>c5G!eAA}>
zn^yIy>|hvi8lcvjvRZEvwYEXl+nmJUNG-{~w-L>@AqBSCG}~s?jEa{u+eS3oX7}4|
zM7y^k`?pneh=wjw>usXe+X(&J)~KRt6q1Y=H5C#TSl+e-mhF&eyAtigLYTG_OxuxU
z`O6DIO+$c*;o0tx*E;>M{tl#h2U<yb9PuuHobYZ>Z+-m*O883v00960001EW-=wfV
zonZFwarW=Uy|leUe3bEDobbPT0{J&&|GyFY{|zzwn`J}$Z~jN`D(>>GLYB`of3r*?
z;xXy}<~p$Z_96Zc5dIGc{tpnN4=ngUh{ykd6#7N*f9K%;E*z;fW8y<7=R?ayEFTi3
zK12dkE9oMZ4|}|brAM~b-0efhauLgi^qP!F*hh%LM^0jt%2(ZLHRG<*uLWfMJRW>S
z3T56O#m+p8_kb`wh3kSk!YsNagFVLonD?OfMFGpz4WA&&Pn23=ei?qfj$Czw^2kr5
zJn|DU(ZB@Q7#&=VPq`YO#;EZbqWo+p)%Z+O<1<_4h-ui&D=70X)`j|G0?|Meg2LxW
zyU&TEe~z^M+!7Q%j}Ho;LkL1FNG4bpBolHV^H3(q#rR3wv`!r5x>)>Ni&w{XiVS&g
zC@r6Eu{YQ)SV}o1x0)&H>ss~L21e6Fpx;<eCzIS}NxR!7(Hb$C+Bvt?^vrE_VWTkU
zbU7b%41ZthCds}kjKV38Ut5!ew|XZVQJO$~s)^gDNt)mxK|d)~NcLw)`@>@s(8}cY
z<|MkkIXS>~d_mWU#}{-({mN{mh%?;efPCWcBTBUuX^>o|vqdNToz7O=bk(g*i3(Qc
z3Wap5>%Roz!o!Qn0UaGE-AfKaIt?N^4MG41$ss|P$Ako3-M@$QCOMdQ(BQbJK(0+r
zqHB|rL*%G1Bqk~h;X`+b92I2Bn5ZB(7!gDT{h>&EWEeun2_IZTx#@<+1P62za&p(5
z3=X?W!C_Ynl2nOPnY7)P+yia*^>{_1@Ki&y5V!nvMNdyPl6&wmxrc3OrE4r3brwEs
zqs}W7HtKY_xKWoJu@hFoPBMb#j+z(m$q{5%4j-9Fj)b%$<z2ZXxxzPzuJF~ZECwAJ
zvn!`7rNwh{6eJpDa;qafg9y78ss)BO3V|49*|pFW@~#DgAZ<taL?Eb-61SryvVp39
zn|)HU!I2zAj4>J_8Ex`q-x$miqlqO(BZWuXEHT<@2`XQ-#Au@8XxS11SwCY5Xob<l
z3S%IOG5+(HMXRgY2+RayhzZ6ZO~=?wFve;EDqPsY@@ar-W2~x;A*zjq+{da8HmXUk
zPHwYKqT8%>ds(}&R_&;KNxQK`yRoq@JQimodm{XM68w82n0s0yiK-b0qN1=Fr%CJ=
z10~apKCNc>z|vk=@tZ}F)_*3bsZxg@a(G-r1T>A3)c*x;_AQm<ILK$5zDgwIgKR#I
z*nAukG0tjpRnyPdoY`-jxY?MT0MwnJ0)|R!l>#MPN{ui9frlU_KzjlvdyB01=B)RQ
zv+v%BJ2cup#Ay4VcKcY;=6&MR=6x))ndq_m@+5HIm?RKgnw^{kzgy164a)x}*``=b
zBLpT)5WXHw)R@fGm>jdqnS{^kllwux5O$N3Q#ki2F}umhsp1l`nG-hmu$!EmhOAF6
zGESn4jFZzW?lLXjU8YI%z33~`xdPK;d<EUfo1Eb!hH_tFelkPMJ}?2Dm~pMeL-yz3
z_m5jBqRV-c2khJitEP`j9~kpNBpH|1YX`EfJ5cp3=rh58W+JgOiT}(*FlJi(XJ)+r
z%)}rh$2o}G{-8M9A53r_jG7)SFVYW=S)?D#SJDT|i*%VXW|1y8*e&Qw`vU!7(s#VS
z58+ljBxblBiYO25-Ecb;p&&Ie<LppyQH6y4E6h#4;v{y#(~+=sHw$Sri?{*0FE}~N
zno`V)Pbp@_rf^3v`XkhWeW7n~nrZ1ff=d-wxiK!J>4C=rVLT%A|1Z!met+^vaq^kX
z)S7MEpCoq#C(#|j$vM{j$vL+D$vN`=<eYqBuD3slQwML0(iE9pN>CQFQ8}jrKPgLo
z9bx%;?^BkqQ;#K;@wv*^(FkEXGV{doDIS<g&STK#S%>Ys*kL;_=4#mFd}Oxy#0%yl
zGtQT`rRM7^#?)#qm=KY-&F^`ZI7SHE$MEQS4E;`*E}>VM21+bIEf?(Mp5+2*r)z=L
z^b45jSy)^ssJM`;xX>YAIu8ofvN>BV6-8B#CH-|Q;&`k)XC50fXCBLO9V^e7GG)x1
zc`T0+s=;tD9?RKERey7a*x*>J@sEYpk%!!3>(G~n-D2hti{m1~;+`VH;<&-L1a;;T
z(wR$;t(I64wI%V1+7dPcOQZ03KBF8Tm#dvXpq_x5o*?_(2{C?m0{5m9WWSRsWBg8T
zFv2)OOulvk&tG`jb0Rn1i7_eLHxcDGcQQPEQwmStjC0X%N-k=7rgE|apQ*$F6HZX;
z*7D<&lY2fvojjR`hm)<z-pTgIDKZ~EZ|Oq+amxP=7yM9WneCxWrgvt=9+qKlkdfRV
zV-1uU|IodeqF@&8yXChL{%<>p!NJ?r(ZFD_<=ccSif!n_wf-*<FtSKm*4ojkrapWL
z3dzpK=JTz5NVclBj@vDTVRWL?{{^7pZN0YGH^6oEps-t259^+0+XQXaZfYY2l~m)m
zgeRTA*?5gBE(_X)0Nl=_WV@7*w8tkT<Pz~Do&lE26T|YDiD5a%wOpPUWJ;m4LRFTN
z?15M*$9yiw7f(JZUVC&98{o*$5$`}9no;02XvB9|y`}?u4SK$Uzkr+U;5JgNn>;Mu
zT^Ot_0;We|4<xl*C%o1viLUufc8D&W=Z>4Vx^zKw=}y6QI=Ql)l1q2SyL6FsXAyBM
z$}U}uacTbYp&{=LWsFM~SwbvK@>Mj+qi;QiA6JBvchxqlSMjV~FU_Oo3rmp(Rco-X
z+Gll{kL_&j&U4~3do?yc*m*7;v|P>)YL*_s?rsbo_IyoB2x{WnRJvIF-leWU2Rg_@
zL3n|AvP;n}thnvDRVWm8p|R6N#!eS9LYLJOx`c0#))DDo`lpX>x_Q{>j(c>oGO8qu
zR&m-@F{%A(qV8(ca<vyY9hVkH=UCVj^j)U+cfD;%K{UCzJc%wYPuean*A)%f)~a+4
zUDs(@IIUX)Db_?jAcghsbK`wKZc%v}B0WuIpq<&gn`zb7G2gvHUVob8^{2^Rf11tf
zPXk_0RQLfi$`4EqfbOSCo=!U8bfnGc)(zCtZ5yci8ga*M?efUM4(jRo@S{2Uf-3#G
zak{-y>LmA5`SL^5r<=hFX5-Vzff0C_cXF-$_3$LQ#5{>EG51>90<)?UUk}$6@@v@1
zGa%U+`a5c>J^x0ZqQjuhK!VS(jQ~|)Iln>$qi`3|n4SDHgm=7?XXN$FUaL+e%(!i#
zRLp>UKQ?&=vCx^2_n9hm9$ivK3Cx6SbSAOUnaC7p+H7>D)kajb{83y*X3TV^WTrDE
zGo2Y@rZYJMYNj)Zna;w=)mdy|c9znAL3M7nGgnwm${R8Zs?ptMkvY#I<~$2o?JUbT
z$UJ_QZ;<Ia>FCSZNbcE0F1i>$d3O8?Ltl%ZtBU6)&qkw5%+=4~LH(S#pnfiadM;{u
zuADue8<Rbs%X8v$<?LCejM*tXmj_|hV2sX{bL~0T@luhP-NJKCjKHPPi>0OJ54ll)
zh|-Kc*pq*RNPoocflvh4>a0PWgQ)6;&b;!EOqqGek4SVOL+m`n=sXVWJOYe0hy!+>
zZEbuWo)vJ75DkMEaz5gIzBfg;b*WzJb~&AKlk>S>oo`)4GZ}ml%}MAY`uq;^3x<XZ
zp}rS_5GD=Zi@2xhZy%U%%;E3nBrk@{FIKE(uP)B1po^sx4ery65&Mg6lgh=`Nreiv
z_u$237PvT{XmC~+_2nVZViyxP{V^2qWA!Ih>BmH+A0y;HwyE@Et4dU&U8Nrrm42)y
zHlogt@hr5CfL(_$t&1O1>%f>oli@nk*|=02i$$=XaKHMAgFf0v9P1Lu^%B{!E+L9t
zg7{xz>xE0Ky+DQ9d*Kq&3zy^*{R78p&J}a8H!dO0btx2bso-3f616Tx=r6UYb*WV?
zD$%air9`bu)p!w9x)eLuWd!hL2-jut4tAN%!7dXW?6T0oh*htGL|4&kTU9lNcoo8M
zRXoJ29DHr-PBE4{>ndw!QAO;XbrtEXtMZ9~t8;Eaulq7>nf5M}?OsJrz+8jyT+^G?
z^fl6I`WksPeT{83eGOPmTQ(rCb>Idh!zFD(UTfQgytWsckk|6O?po{C)3x@kLz$0t
zt-I5l`1YYLv~NQ0JeLkyE^k6!7t<>^?qA28=sL-Xu9KbUI-3(+7yoA2^^o>@RimGK
z;O!4ef?hrehRF3~Y+sM8bG>c(rYZ(5clG7E`g%|;nZ>s2Wqq%Q`jP;510>X6^;l5W
z-GQ~b0cWE86Ct`~eVIHUx*@bs2V!<3W_BZIcB4M&*j00I=iF#I2l2ZJ^Sg=jyGiM<
znB=l*>4mPW@!LYWk<|Y(QA1|!n`CR>1dfG6oWDS_exYNm4&gNfh!O4T0Sd5`{Jvq!
zqhDBFJiHka-R$_^$3XIKM)Gd%>E01VkA0W5w}z#g9r@l7U4ic%G5BwRbhoJ0)=^bO
zxoT0iic_0g2&!9<<Xfyk_ZGe1uMaWlTE&!MyM=Cx`0{>*xctgV?A4iF-RfrAR=90>
z?*k3dso6{z;JE+%N(x!OA{&y?dh0fX;5LNdHYYK}_Y?4eauy<Q3mpKLg&_);MsWZa
zgB}ncf!xkac)KS-pVO3&HQz2BYu4W%A*YiKAEf&2{$d|Bjb5XI7Q3A`Yg9e&MU6Pf
zfbksxCdl*-#8go<sIKc&gF5PLa8GXXjw}*$2M|NpL=U0+AaQphx;vf3FyHU|Z!_p)
z&nidb;o(jo2(r7244b<U`@5{q4(_r&JGjg8?BK3^VssD_(w>W^eHTr)Rb1u&=uGup
z7~|bYz}-$_kl!YA+?=E5%vv;O5!;oyTN+k(%dz@yHZw+o??Hm^QML{Q7fTtZ<Xse+
zEiPw+>>hDI-DAr*?vY2@J#yT+7h$^BNem4z`QyG#=~rZk?iCT;YeRIejObqL%TB-H
zYw+KMJEP+B-1U&}dUG!;y^dTFV*gx^gsitMg4SCXK~%EzYVi8l7GMU26u{Tl=M(kK
z%Gse$uSY*{pWa85ybtMepS)9jU(8PReLMk*$a_N>vr{cM*fSW~VU`kH`k*|BAF93&
zcek`FeZQd7{XEv(FP*8;U!s|>R%Hd3l=hhu+>p&vnhm4_&<ALe8{`hy5Yqu0xRo}@
z9UxQ2bif8~hYdT|0UJaMZ2%UM541njyCg@x*yACV`#dBC>4#t@$d9`{jJl0{`z49K
z{gQmxn)9ieF+JvKX!?9O_RQyRdHDOSV?V3$J4E?ACo!QHR?RT`{Z6vq?@%U<VQyq<
zZM1x9EBQ!}e+XXiXfN@~Zty5m<55YCN2wb$;Q8Y*JSHCFgXl5#+RkI1vZyD>cR-Sl
zQ5N;9DsDS1?Bh+fqDXJq?zMsQL$A;_>1N(%7g$YXRP-?BF{}&vs77*&lh`BcIQlDb
z9d27KlP#C4dP%2+n5`_+7TbaGvM%Yi=pD9lIiok#_^{amS2DO<T&(^P68%v%)|->F
z%4G!hj|A)=5uiUh!ciy9s*r09pFAg73;lSN7q+sejPQd2$>&vnAE`vKqpy?-s*x<T
z`6N&!@@;`6`nG^4N6d1bci2Zbd&|(DU{uG2-=Tw*Dd`ElE>}8qkX+~ad|;?3&NYTN
zKIv-sC4=M(J`05O1%mVi1m=Yp*Ly+lRFunwod3CD?tL%VcNJcQbT6_!ee&gjB>M7z
zrsr`%6%MYtwTyDJO182(`bu7sQkf8eAw;f(*Zf-%u&o5xR>Xa)1Z=Cf7|s?}f7j)B
zwh}zBVh<kGGa5%#oC9AHvY?l^z?WE9Rwa!m1j|-2IYYPQCtr3FyQ(Qi^`r+nT=BBb
ze;KhQVE+_JF)r~ZjQvj>`=6wA^H2V)f=j|giYxO9>A+WzgjcNV?N@B;ZB-$??EFeT
zG1dc-u5=Z(5z^XP>A(>Vp-1*!**TEh%T(cjpj&WG99rd-$SQCSdxgF|{W=l-I+F6b
zBw80%Yo#*JVqOQ{Eu}JV#7vTY`a-?@4Zjd*@CH=!4O>3-rugc>HW0Xjj(}IoC%37g
ztK#J%{lE$r*B|HN13=sG%bxg}gSU{0-y$Y{3n6_={oR=@S6QKo1P-5QSmW5;ueb2-
z*IP!vj-7*ON$ge4z-)ImSJ1olUUxD-e2W?icgfpA7<-$Cg14jdMJ9m2Yx^~UH`VDP
zWlq3awHc&JGVS_#YQ|laZL3ACA^%1_JL~6dw4xz!*NzTpg|r<RlHA9iMECJ0w@brG
z6%Nva0!*zu>TGAJZXoc_MBtxMvp>fr9)GqZ9)AuK4>(TV!CmwY@1l1c|6v1y_YQ&g
z4sBwG7xH8H-U;x10f3F+el4vC-w6PL<{i;r-xd7zT`ucgHtoJ^`{Z=;FJi2EPna^_
z!*bu_a^I7t%=g%o`Ci<V`9A5h_mPD6tyAXvwkh*{dCGi0pJ?%?Oy&N1#snik&6oN^
z%-$T@ray$Zs>bHf9SHRff_evnup`dXcGx^^hcps)QY;_vJ9?VBcZgH>4q@N!udMA~
zZ8PHE!V>@xJ^I{3@`E1Nut3lU!ld|tiS>N){~tM#%+^W6?0<X(fcpO<DfOW^bUtEM
z`3NPa(HXVK4j+?V{1{33*y{2h+g$!*+2udZC#Ef4;Z|Jl)|<{;wW|F-v{Ks3_S3my
zy0*ei2TQPKXoQb(_kBWOqpvF@Ke598#0L8l8TKdn#8LCJc{i=!5>G4PaHv+(Mb~v)
zC!MY7+*coH^|T9K>T=@r`2_3p52DXM5V(IR@6u1mtF%;4_{Kk#HT||peO-;`6jf<w
z>>olT|3}1zl%c0xN@Q~WbXqc(mCTyn(JNLn7%NsXYX;3ee2aZbEcPj~&8Jom_|)bB
zpUNKaX+AM!&B{a8)K<2vSsD0gv|Kd~9Fd@i`5DyaGv9cz^>cfupVdRXvS>X29_nY!
zfKK{ZaF{Bj_$OXKvq1N`e1b&$u5j{m7OOtT2{Zn#XDR_mQwe=Iz#nGhV^uy~*sGe*
zT#Zv{)AtpCn+@v-Pid<#g^22$#Nf~bv#Q=)g%0_o$j3QSC~WKI@`6Iw3=MO%Ot$Jz
zkZe(*$wZKFhDxa}Y*c1h?COvK!6gYeltSrd7I3;oTd$@$GE7N>DLTNA>f^rw741W&
z;OI~3Kj*ot#hpB#GKw9k6rF*?)(E2h+j|TG9o)_ewiE15q_Hl?QtGjkdM>3N8W32i
z9-JQmBI{uX;&R~jFiA?)qs_b&I?Cby0{z|xf$L-K_dYtQ4wE3%=Y8VdO-}V?2}`Q4
zBRr-G?AL%O8$zK_y#|u%q#7BdM#V$rtW|jO2O6OfNomyk1yykHOyVSgZNi=1#5=nw
zQULI53VA}Uny6O&7?yr8tp!c{OOMP_gRJ3B48o~FOx_?Igwc{eH5eImF!8Fv$O?n4
zUZraK1CR{D;J8PisUh6AhV*cAWGedl2jR6Vlf5e*VI7QM7$FckVRz|(oOrZ2wYxvj
z0sg8nJvXPz_@NqIDx96s#qivm(2ILO@;wl_WbhH(o+G5e9C!u!nnVhHO(LbgCQ)5o
zt(8jn{RCanALI@!=8tmtaTuSs8H=O%Sk!ETY$SZBWs<wpsC@8<wS$NX4NKRZsnOgR
zqvcmaeflxTHss?9DfDrL)EJv>#`IvDF@n#G0ZK@{I+l6%*!Z)PUOhcKsSC;3Nx%mw
zF_xU2)CJPn$<$cd%zAbbLI#ZYblBO+6#7ttrij};PVI?yk2Se;c2bu|XD88Sbt;YM
z(oSL*?>@9zDTANrhZ54_2u}z7ioA0i)){o^cxIpRbhiuC?S)U_uqZZ(f)<Ziq$V+4
zCW*RC3Uv_<>7^z^%E=1I5v5YioX`tKJEh|BU@{rslhycc*5~Wt%sCki(EU)q?MDXa
zeyAV!i+#mPSA(~}c8aa|)ZJq!o-ItlTmChfaJG=q7^4DX?1%OtQd0=fDG1LL8_+2Z
zJRShVPC>o^dS;6L!i)AQuY1HNB&n%9)=srunU!jmHpEgbe5=DR!?Q$-uz9Qt@s(M)
zPp1=8O-CH3+cqF{jkp1!D})V*)bxB}>XM><%%t~)wST3x$<n$bg3V%M$V1X=%E$@e
z){K@Qk1R?R=nWlZIu3m^tjD%eU$UGO7xz0;UlMxgOWZhLqK_4H2|rt?OUZsGo5#MS
zr-zoqZLOfvUy@$yO&tiE9;lMNx!&e(&2=Ik&`}N~j&dMUOto+5D(2`xB3(YTZAG?{
zZL7JJs`VWinL7XnYy^1^3^t@KhZ-~qJk)^np9u-|w-pvwa-E&{128G_MTQjmB7<(#
z&tDv9H>Xu9x6F0Y9Yb9qSei6#tW~nPLckM@qM7+bT|XS_4k8E-Lc9*L4&Z}q1Nb0$
z03Vc3q(ivr@U(1kdAKcn$eJR4yyF82wLS>g7kK7DEHgcr_2I#mCnBjsEbm074vT#!
zO-=v~V?qBg@%0B?Y+qR(g(JXGJl-Bfy6Y&U(otHaDlPKfpzYW>HkL)}QF<Yvl5@9H
zAH3q5U`Ju?=#I!YgfRCFzUL0gBFWzf?-+pMz7ajyM0CMAMA){Nhvm$R<N!~dmrwK$
z-gL>#KI%ARw|T^F^N{R$w#;CjV>vk3Geb*9sG32o`uusxd!a<S<0m!Gk=|%Y9Zf_Y
zjTj$oKLM!g#0RCi!kqj=dpk$d0XkoBf%$?9%;zpJUvh!@+y&-G>vFzfbPUC_fGM+p
z-TfLk&q9oFq2xRZ^NE3rzPV`eocWofk2-?+&q88*^zDz-LWiHF)rH|%T5Q^dV&1XH
z^465R^RkHTyetyeEsHF#F6jzs`$cof2<M}GD=bC|>U;YG#A=D+R{XFlU5Tzqr5vB}
z+XbmkI6%Ch=N9KlGdyb075%9tPGYdPEcCFdw4^mxWN4R&rd&cz2{0^S7=#`^L3{^I
z?%xww|DGU%Ql<SeVh5ifckl_MgK;``A~M#Az3<=?MRX@xJMBajtAP<DbDd<BF5bYN
zI*EZgNd$G0Y?zbK3Lj7JOOcV5l31`58EvU;8*FJ0+h9wjErF#tbS>q<b*Up<0N|Ah
z7XYMAMr}`a5(AXm>a5RuryFuOne4#PlwcW)zsq{qfm<f+z%AoDaE1>8yNvF@Ewk*v
zEu+osJ8%FpV4M+l;4+A5riUH44BmmuSa#qt)*U!<8Gj00#-GZ@@8o11>t#7TGnNyf
ztaUFZ3l+`EaXuT{f_r_IM2jqcPgK#sANYJ!s+DMozQ>YkjW=IwjQM(GESs;@YQ9!z
zj8@rvt+6e*`C5tjTJwp9W<TmcqqU+R?2uZ@Jlcx%Xu~fnW7{~yHV$g)IMU0Zy4dz|
zXv*Qy&T*udLoJl{mqRTLM#F_;%$uQ_Hkd59*<3*rGhs&JTxrwJ6?cW)xOZ|>?ZoWp
z&|<1xHhX)F+4*-SQth(YWy%<{w?}CWY|v}7w>$hvQM+ie_MTqSP3475P);oJEV0Oo
ziACO)Yv)mFLAK-2q+3vwb1S7z)WHSP!RV?Z-9(N#1#8TqBBhv90P|rXx(*oPJcd7z
zEJzP53S|GS6Ef;ltQX_yyOXHfiL~mpsoQB)mkN|GK=#RiGM&M7#hAuerIT5uQ?^Q{
zWR*^Q;04_Qog&|}NTKgpq~z~Qz-sX}Kd-`bE?lPUFFwC0@$g@=KEEi7&o90sM3?XI
znDHGc6n=+3zraziLQGUa94m6vtHeaT3J*<+eE0UOva*w*kpd#E2zIUbevM1mr)*F_
z>gM;g$nmI~#iMTF)o@)X?PGSMYg~lI&PrtGmBh{~k%d-T_qkT~u;I8e_LL0&s6%QM
zKBs`wW%5;r6h2(H+PWFO+O`?KTE3kpwK|`;eewyjjyvY4W4<;yeM~91mPc=hhn?m>
z+G=&%v@&Vm25D^r?{sxhHL;zrPA^tJFq>Re)qbZdS5efhZo67Oh18i9YVA{SE9tgu
zQGaq(33K$*v|LejhCb;n9o$ZxLW1$Buuo2<@As-|Y}Zqfkxq>dM5o5&(LFMjgZ!!1
zAWs#s1o=|{NI<v0Nq?T2Pc#O0s`f}2b`3P>sXPH(!<>DM<*QVw?<1ppAL;si`Tiyp
z(!Xy@Ild1zcBKJ!8XsV%S%doz#Nd9q5JXSs!Toe8xSt;XaGHF)B85I)ky>jV&TDPM
zd97tQugxdUH^cczc_{l+K)PMOBkW<;kE#D(jaBG_@XHOUGsWlHXW|Wov!dtP!UXd}
zVS*8#iT#lI*$-`g_CtFA2)+hC^&?39BcGUFte8Sq-)pM)ixpGk>U`eb`XEHr$qzz)
zWW53*bsnTU&(D^Rui}J_+?k(3cjoIxRz&A%-qj)lbe`>FE2;A#+4;ex85Gd@1Q5Ew
zUbnIW(wEyypMUX0$%rn1WEVL8NnuSAoSnY_2Z;+<{&In^u2W?xs?`NVs|yhF3v9E-
z1r9mi10ui$IyrCAU+je=k7>mAST5jv>ZZo>@U#I#_X02>pce@IyY>B-p;H$|OGe>k
z=+uQs&kF<ZhJr5y;3W<hAr2S$-Uu07WcopBkG>?3y4dkvO@{6DHv}^D#=sQ$AOUA%
z_0NlYxXnZp;GrA|MYry!);Wp6PARjpl2ZXOki@4Va&tfDA-mi<>T)5vbumwo)`4UM
zzk!zWF7NM)MEpeQS>gHpPe72x#bMwg#9{cr#r_y3@|wzSr88S}i#2hAxm2*IJi}bd
z?4obsCv(fCu~(d>E<^o9F2GNr3-D9=hI@MFwpUmxyTZf$9+}CVewnS)FEh%4?!FA9
zl=vwPlh?<yDW@?Gav9IOG)}kJR&wYWC5^MI)_wp00RR6z&38D}|N94UBjaU9HkF88
z!m+}q5DC4JkyT10qgNTlv1cS5WQ1(8<Csx4Axe^!l^lB~qm0aN*YA(teLbGn^S-Y8
zkDJ9y)Hg9f<hF#6XS|C+eEDyO8tdXdfwcI2cz@S$6Y!`9EO+rvYgN21@fQm36u-C;
zz|wapo6c3WMOrxbb}?x($*kIwku+OPkx?D^s+xk(aEai&PcLRU+}*u?Kt4^Um_xk~
z7{QXQ*%%;g8gNc&zV>W4v-AZE!sXlTMZTwdBF~MhX|ivkv#|w=(KXWZ?vt9Pzz@&9
zl|{^MZ8r81p<Sy^`dw`{>2i+r_|C-AoUWCTY1z05@xVQ+Kvjs|LX}l;xNF$b)PAvj
z%fDXwkV)_O$71!=N8$_N529}mwv|+s^pD&=jvv4cQosIS;K%RYxx}{@!BALx`xZ0l
zJ#b<niAzOz3TD<vUzmOVfuoSzUB`H+Yvt`~0>xr7Z*W7k)FSVKHW&2eys*tmy+7&2
zQCGm}^G8+wXycQNv*YoSig%-N8rhDs#KGj#S6ePjwsQ*Nt9{O|zvTK;CE|34<P!Gh
zk=M_*%FN>0IQ(c4?Nrg4qYrWPxzqCB-%I%x&YF9tT`yn%d$uRlztj3KX=QTzGf5*>
zo%3s+W0>it+#7A`BP5L?3H722sUM;SZuQu$m{(t`@Oh!&DssUnn`aQmRIE#3bB)3?
zFF}QbSg$-PXryNy%Xx)!yU-DApU`onK`mcVr#B;})^lZa`MpzCSxv0F{OMU|=Da%1
z*5}SB=VpHKLwYJgd?wfH<vM9oyw+JF_r8RftvAjIUlOET+A6wB8DU)(D6y(rv{jcq
zU&YSRHy}f#PHgc~yjnchm+e@v{)fR_wpd=GyX?2vMuCu;N%WH7N)y9M3&Y=>;rv}Z
z2l3+K6$KKFB6IG=EiA}7D28jHxByX}=T<h`(aN$>tC*%!cVyA%p!Te=XVLsu)j3YF
z2VVKHB`=!&Tx6#U4u$hHWXPC{X-@7_zH3s?FAQ2z{guhw#voxVPxd{QDI~-rCd7-+
zCe+IPo5AM9rliyU!ygX~<649U@QqG_6@wZgWgX3-wO39U|EZ;o=y@)*>U5bx{`(l~
z@chu%xUElbu+uCyZmAKbS&bgwQpNEg@9N&urY6Ho%W-c@1_z<|!CbjnHdkbor+G42
z(+Gd-dclC$Q?DoYHfSlfo{j29UT5qV)DFuyPLTg5m=<R8;K#MdD=)pCm@OV{x|V!0
z`Re^4kK@LoE*Bh5X*paPk{e#GXuqF#{D#@j3P{o|sOfQkeJ%0z$D#^?8H%yY>5S^M
zRr;mq|KdwU;(P_S>WIC3pDi)b%Nj}b&3edqGWxnVyL}fMMlx^vY@2i=FUduoCro@!
zj#xh-Bo1*U*8K6jKMgWRvuLNY+=7(upSvC@CQj`wOR_BRGF>)p$|}=|FJb-mSE?N!
zY0#%6obc<>r`bp6`tNZrwYx>Ksh`mFI8izB>k)DJ-^;SmskL{8{Vj@iVNxWv7i(#+
z+Pp7Gl47DdW3(K6eX@uJi2^feLZ6iglFF!ZFvi4t<5RCyiOAIQMs{AgN#N@?@jpUu
zyJG@_-;G<l(QEftDiBnK^DdZ8r0N!gX!e(z$1QHt2oU?$ddHzvL|&AM9yYk_nX{Y|
zXeh~>eGu$j;JO#=ou79~Dcn&{YBZK?lR+<T!+e^5NhngruPf;=Ezy=I|K(Mgt0b!f
zO8Y&Ua}wEY<C0@1GItwJojoKUUSXazL}Ef!%gqn>@8U1Bcziwan?TMj|HNh6L*-ER
z!nJL@wQBPWn(?11Ge{@MsZqFfNxF5>nmp|&vx}liQ|0i;6`@yTyFtc~Vn>!{$DL+Z
zG#YBDr2YL<J;+w({Ta$Vr8vh+)2$fd_extUt>ppkr`c)@Z9b<lDU2~x>`Fsq)TJ@a
z?&l6=tLn$-p92ePVIPBMu-gsC`q5L0*)cg#n1yz!K@&elciPF7wU&??qNCFAA?lKa
zRkxzO@X+G*v|NX`PqEA<lbogu1$@Jk%XQXc#-8o(i0iDIXAc&rOY$p->n|Kkb4<l@
z%;Vz4YDIB(pW<Ae;%>Sb-+o#v8g=?$Q7zPeLtsN>=2;J`OnKlhyFEg2w$!1i<e{m;
zp=rto%W~-{iraUz^~ENP|B;w5ZWXxI_wb<PMKJH|0na~k2TAYrs*a8Sw8%Pp{L7*1
zKVJ`BMWil$N~z8sEP6mKw$AvE#5$vh)HN-I>M!y?+vPZRg#Y2($(^b{U+_jwk0Ewl
z__LPOltaRr+*gm}`~009wEJ=#Gg2#+k}H)8E0wXGf+TJlYVDJA;x{j=8!q1LWtwvn
ziO#Jbr!M(+c{c^X`Vk4GUX^sgEBoB7?dQ!ZYt>7i{5BVn%D(P=Yv0eF`8_EvV4n&c
zYBNY04{~X}h^j03c-Q!1)B^d(T~;Q%h0lFW1}5{lj%fWo<BZqE#rJ8Kt7i_DI!}c*
zYMnWFDzq<79bB+vH+|)bvi@38txQajSjmp$2fLsXr4=ibl0|^!Fv4;#wX3SMSb!`*
zV{mM3ey4WmTFRqCCc9gbfd>)`hj)%#9oSRL{Tp&pGs@_Y_VM1QG<%;TF^mDf1;LyM
zb)Ltm3AVNawok|72fMxwyqOH{KMaW7p>y94=gV`O{=RjrX4AZKP1!e7Dcyvjkm{kL
zUKaOeo_<Bcn$II{-xfu6M?Jlakv>=Y8>I~<_4=RBud`F9Yn*=}$Ed0x$U<wp_kG@Q
zTJ-v8SE;{$+y1VMTb)*%EZ>5rc*?k+hR$zp8=>S`nOYY=4m_E}IzJ7^0h`L?+?ho-
zCPmH1%Gm-b8Qs&9+;rwmU-e~e!&-GNtDNh;y5o%t`s(&z_}1e$#FFZ`udBOeuj-tN
zvv;p?1#P%yQmd_9DJ+=^iQAL@lay#X5H|QlmfN>eCw^k^3m*IOz-42aZo_NZZUfUp
z`^_9@<?@z3fyEtb<uc~#iLS;$z5TGU!~lc(;~V<Dk5}r=&SY|`i*M|0JlhdcdS;T&
zx+B#3j(VwoOszJQz0yn+PxPCZvp*NSI&R7tqAlHiu<_wwh;7kkcktu)M&<N`s-Zgd
zm$##fyqpr>);LP>-+xtjk$tSsgqb<;-qG!T26}^Secqv}wBf2q%PHj_E5=!Owk;XF
zr*8KBNi~+3ifO8;KxLoVe(;pMP8Q^8z)2~d*ESzBmGc?9-m=vxl0=xoU9XcY8qXbx
z!zCMx<2{dAlgX-#Gir1x@Vs*6yD`c)q{>(r#1qVP-?~rNH_I#n@9qUM44sLyLtMx5
zoRXP!MII65j}qkt4z9lGPqr!|#p?MO*Lu6#m21p4dgX|`yyY$7p-p_(?9JYBf@!xn
zUsvnFHtE&sc%)j}63yEM&U=*0gOS4}jh2lEKm7LlLlsNY8#+mjEeDU}_*Co_$lAG1
zjyzN;WTcs9D}T(G%wBW&BcfL2x!cj7RrKXkDoqiT)%-M~7a0aL-FTV8%O_4+wWvNj
zJURR{$jU+COuE9g5q<H3B;SXJ)qqAVn3`Ug?~9JYWyuK^$7X@g?38S6wUbc_GEAp!
z`9iH3;yM*%2g22U6H4yL9ISXu73=4lQyKpHtn;6a<cwq*4}%M9OH*ilN|BMd@}mW2
zalQqEsNZch!V+pD&xbtZg?!|P+iF|CdsO;NUU#@VpPNR0m*I!WqNsxE@#q1k_A{r{
zr_fTj-cCPr2p!YMg1hHmFFwp%e3%_$)uOAk)I8+0iUPZ9N-IOkNhI_6<xx+km0v<_
zmu)|L+??HP%4)=yl}^5!Gl}j!Af?sZ?Ai6QDp^t0DWjn%3;D6+{b6(G_}>q8>IO9K
zyUl$$n-wOPcvMIsO`?zE@e7p+skd4kh;gDs<R2NZ^ZflzE9=u)a&wtL*Ul>$4>Z;j
z<a)86+zpnazh_jFZsk=q8TgZ^raMk-%>PT)v;-IX2vwF*@tf=f+)ERVz8$wJEvcK&
zG!kf7NUs@+16M!3j#oP667iJoxg4FUcZBUGpWu)SL**RT%0A~x*!%k%+_&qw%nj+)
zBb(x%(GKuw7ZQ}i3@)0yn;p9TAfi(wg6!|R5Zv+<Wm=6>wNcTmY_#7E1OI#j|3&@%
z#*WkvlLKk``AR*+#P^xr(qXw&VY!~GS5{I&7Q6115)12k$IH!|XWng0J&S9bVauA;
zAEd)A>23)++=+iKXfDT;$u)Pyy=-Z6+e7i|s}Ny+P4V-$OXocrZ23xrEvB*#T$6|w
z=&Mit;O{ePE_hVu(66BEr$GuEvcWyMhZ~OD3U!^SUng+4#ZfZqS24bfm^dfBKVU>y
z(hcCziHeVmZF}RB67Vfm<y&gNpCrp+)jubvza6<IJK{X9@nr`L3wha^G|IEq$RDkd
zpRBKprTaM=v$QOpN8w%GQx`ezy}P<yrMKc#&{r`*_4r4IFsqHoDJeFakR+}peYW3(
zh5B?fV6?yc$<klv$*KtTYR0IrbnWulAqNX(+pSShyS!9tXkDX28@AgP(u#eWjCs~7
zA`lQ`9i|uhc01e0Dja7~T9|Y%^axXcGFJLaNb$U|;C2kyYp0#F9*IifyC@{mCooK(
zkwF(Tvta40ch~uiBEL><@!Rxqv)wg;>hzc)b$9H>_l!}Ta$!s)Re#pM=tcWlX%*_}
zw2RnE^gjIjowJTUq<4onbKqyGz;|=hJ}-XUIEWa0-AtODJXI?|SN&OT0cntr`&+)!
zMyt_(%DOgFbvNe2ZPS)zFA$p82mN<V{7aO=hcXn6$6g8NSJw^s)goVdg9a*seYAJ}
z>38vF>jdA<Y2K5%@^%{y4y(qeJU?=zT`5YZt{@1my9QCGwJ|7~ORnO7E%*JU($ydO
z<KdsKD)t}cTAIL3XN|(scGGMjW#N1lq3k|)>s-&((}yXs1X_fwPOpFbPo_E2s4B;8
z-`oH2GZg9R;(fraG*Fk2*9&nq12gLcy!PAPffs1`GkeO*adSW43B53i3a!E5Cu~+A
zNPG9vWY41y{D&9qeK{+1kfRM58D#+3{||))85w!nzlEH&sb^vhuz;h06&wQ`fCumb
zejotEfFzIwN<bN?fXhG&XagN^73cy(U<~wt8Mp~<0dsI0SO7e*18%?_cmOZp3j#q9
zcmjgKGe7{(K{$v4ksuZ%fMk#X(m)Q#1bLtU6aykC1!dq3cn7LLEvN(UK{IFopFlh4
z0NscM^aBzY1LI%<Oo16N3l_l=SO%M53mkxbNC^%h6{LnVkQM?+2k9XLWP&X4C}f3f
z@EBx=T#y^`z~k@~6oMk~41`b=ibDyAgOX4RN<&$w3f15xs17xu29$#ePzfqR9cT<q
z;B{yP?I3~=pgp_`9icOHgCQ^+zJfWh5E5Y)tb#S@FWN!7unyM42G|Ij;0M?W+u%po
zjy7Qj`~o{+FYJTgU_Tsy-{A-(!7(@qr{D~ng{yEKZlK@r5M#iYF>>rE#*Oh{yci$G
zj~&NOU;>yhCW*;n@|Y^7j{S!TVcOVL%m6dOj4@Np0ufOOb_ctQ*<trFM+}d-VxE{c
z7KjC5Pq1L@DHei-Vc}RD_7aQ7qOliP43>fsut+Qm%f|As*H}JQfE8gS*c+@ItH9o3
zwOAEajWuA6SR3{c>%h9Oery06#zwGFY#f`wrm;C}9-GCMv7gu<Yzy1Q{$huS98n-D
zbOdoCUc`@1A}$2cStN#}&^aWB<dFhWL>SUWI!GTGA|rGY-9mSe6|zOv=mD}v4#*KX
zBRAxZJdrQ*M?okQg`sft97UrT^b*CRB$SAfQ3lFHx#$flN42OKwV)5E6}6#H=rj6)
z2GB67Lmg-ZZ4<}|A_QK-ae_2~fdB}s1ZILbL5zSS93gNKI0)<n0Rjbqng9u+1R=s{
zf*|^ex=|PELA@vfQDQsTH|P#Mpf~h`k6{o@ge6cL3PK7<4#~hgSOC4C2gm?HAOwWL
zDKaUXi}PKag_SF^x5io9*xqrq$K&jg70%hl-sAsn&h{P_cU)X-9IWhZBy61R{|8V@
z0|XQR000O8@OH#fdG$UD-7x?F<U;@e82|tPa%F6IFJ)qBZZC3dcwb|0Zf0p`E@EY2
zZG>4{aMM_tmLexU5k6@VISF?J4iHEJ0*6Zo&<8t-xsxW)SGpa?Rvd$Exh0#+^evrq
z_x4Wj>@b_@t<qCdlbUyGsC}olYv1;P+NpiphpwsG_pYtl_x+9}CrV_zRGsKQzs~pl
z*K;J9>DzZs3PSq7Qd5_2UasFeCkUM%3W8wER{2RbZ&nvdMN&7jc0E@&y1CAkq^j|_
z_i@guma0WNo3pcqWto=UU9-$uxn$REQZ(w>dDAR+m=8N$P3MAHE|eo>GgsJIs^-g$
zg2B10de+WcrCQz2E|}If`>9<wD%o;r-j11%46B@bnthbBY&AH+pK`;nBNek?$Y!Hn
zYt*xal0_`j^aQ~9)mEB@s#sZvH+@B;YFG$hlWEO(Qa7pvqp(Svb+vZMtlE7o7wm2g
zTQtpwcGUMb*7U%z>h|9JqLF{d<IFaITPRh5U1(JEb#A27cw!j~-L{p_)(s?V+j^F)
zd{?8kV40O}&T5qkhAkJ2`9?8YsxFvs8Be@*NJpb=*s<n3SF71F66%*R`lyo4Sw(xB
zf91SA8@KtC6pTll#)vMI$_BF7RkC>^I~Q_g+lbVyhS9~tsunwjhb1hIpx}jQrBp3d
za%I9n)m+7h=H_jFeQQ2v8`+Hl_3-}Ti?WS+sciQ=E|m-UoK?uya`i<!mMavp&B}GJ
zCn#zeWdl6hIM|mvizXcE=K#<7hJ{S}H@m#DM0m!#yxW~_d!iO-oKgYlwJH(bz1@~E
zpR=-MvnXM}U6eA=fGAWYSND3mt7LLzm#6Elp$(1fBfBaUOZ5nk37uUncG`=kRR=AY
zxRP+Ed9dB?9<s1qBJ*Z_QTBF{JICKjmu*x~S}9*Cbl8j0y7iQEN5PG#7P^quVtp~n
z_f-CIVH;Q1b49*nN8T)#jXct8EaVzxcX{4yRO?aXq5yhQw{oR2gbvF<Dr@Cj-caTn
z$UKMpJ}4!V@6jxroG(>#*3;-hIafy(d%P*X!574N#@D;v&v(D;R;UayH${c4TdG|y
zy}6Lxw2gU&?174572Renm-0Ej6FkT^FU6khwYJyp++1LOWb_RLCr*v#s%G_R#cbH4
z`Y3s5ptPoC>>OP$-ieceC8tK;bm!z7@93lPQGTLrv9)8gd1P)`jguC;OAz`$!x^gx
z-oHO#{4++Ms5nYT??FY>dNhSeaYu^^0+S*vuChClqer<`Wf5t6gikcwDhi6OOlxXp
zIfG>hhY?-ZMBSO`=>3Z(vT>S{E=V*ru%zA7={ZI(%+Sl?OiB_GDM?A{G?kc0;5NDN
zuf~5g{`Tkp`4?IFH+ehVF89)2S*5BRr*XND_R0OUUml<X@(#K~-br`LyXY=?H{C7o
zp?l=LbnhLyPu@rO%loM&YxID8fF6_&(uAC#gYqCfBp;$j<->GTK0;5*L-e#bH-1_@
zPgAOvQib#|O{JI5(o`}gu#~DuEU7wkQH`yKCNWj&6;!bnLSgx=^(}yN0I^xgsYSJ!
z5N^pO*RUqSX5%a=IZIJxPN&n-ghZzYm^@6U<dGl6XDp(!xb(dyIL}(~JP+BAX}-r1
zUa#j-rRG(LsS)QzM4?}J)9)3<c@@=`nlr(99o3$N_+R`#{J%t%=Wvm;{kn;bC{gW2
zi0)O0uBS<-GBxgy?NRL&nn<Ua_(Ys$2Ik}w|0(PLEuZ{f@iof`(nYF>zp#wr3cs?9
zCW(YMW>MMHbv$3BH>&GD(JPX+%uSQ+;ZPKAJHoS1)Tr`0;Jq5vehGO`dfQUOH&eu;
z+OJ^>wJk+oR3S=$qd%&V?O~F5m}H|*$pApTVNhRN&<=pqFsQ#RXeU7NFleAHXcs_z
zVbG4YpxprVhe12rg7yG35C-jP3)&0NjxcC<ThKm$c7{QF+Jg22v?~nS+ZLn&v^xyi
z*A{dDM{^jnzb)n<4DAVnw6>rGKzqZW18qTr0PPEd4z>jy0%(62lxPb&3{Z<i47LRw
z0q8&&bV#Q|$%!N#!eM=m9>#%vL?nk@rlBU&5NFa{CixtwhCp>NOm*bVs9~Uvwnh!L
zJxPvjK8%jF<~XX;5gx>d8^kdLF)Wf}F7Zf{cw|cu!=OrpsfOQ-;z5kGMvb%$Vsvv5
zqpdkcb*l3qbT^3O2;ziDj=RKqlUUyp#Bop!hN(`x8O4J*(Hf<<4MN`>gx;Ftq)x|p
z5Myo-rw~L^B&S^Bu_p1@mLN`o>QI;}`DPRk;#6zYSlb|yn}bNU<~WVlHy%U^L5$Ed
z2;!_r&a~KF8q4Tl9gApFKhdjrLgU>J?v22`)1W>aras$>Wh1CFtx@OrdnHyU<Z=FX
znUb_LUO<x<To*MuuG8}(8DFPP3bU!Cl7|T!AbUBc*I;6h%|=){&hqg1EZ(5*G!vmY
z<Q(iC@n3+*I3`1ZES<;vXxORq>vocw{S)kH@<rCMlCqW6aXPVj9>Y6jC*abmu$Ed?
zUc#lHhv~%6%dwePaA}ggbX}SqWNTxtV-p*W@i#qk!J8-9Sc1jV{4H{FmJLdsbM)zq
zNG1Z=Ttld9%Q5yGykjiwzK^aBx}+DIB!dYSNptqGS-g#M5+;%h;pC<yeKwfji#mN<
zBo`4df>jXgrL-nrLa?s=OR%3-Ry`jsZTOInuvIrU8$MhLW?Xm3+v^$Eyvea<`q`HB
zUv8cLOM%!|;Qk8iE;a3@*X^dZ*i8rRPP(RiyHl792kcI_w)=K73n=>v%D&>3eKobB
ztc_E)b{@kkJA-R$!pqc}@-tlg>o8@1U5?GYhKqOE&u)3rD9;#sIq5o@*;4r{>qSem
zNfdvU7yoXajY*v~`q`XFSRer}k${(Isuylk`F-v-6{o)1q(TRwk0P_&%w(ST5vb5d
zmp8WnFFlx(8t(;!$cxQeA|)|IE+BGc1tG87Pb+I7AM6NQbBlloSK!07U>%r4uCLcY
z_a?`hMY$0y%FQiBxz)NTDelW@Hx&t(PwJ=f`FR@07o*pfX<8&{s_6`$CevCZBVPuP
zpN6;bnm(e_8~kJKhI`gs$5}Til1cx|ip;?4Tikp{g2^dBW}-S7#ob;7R;QF_0(V57
z%0#BMM5Z^RPHR#|W|@RT-U0b>kxV;F*YI(ZQ8Zy%Q8V~9x^oTCEBLOt0{vB-p8R@E
znbSfPvmV8DWzIFz%dNQga8lm&?%hBXod2dn?sfFa(~3xLjnkXbc?^_KP*Kl>PH(Cc
zD!qviFVoxd6h+BzE1Eu)=ulaPA*^?AX#`K(nRVq1l<#@UcO3FQsIP+h&Ip~A<ZHw9
zu9QIs&K9*Ug)WNZ?l`><llOxr?{ky)Ve%TiCts%@isT-Y{8s_4yg}cUZ_@Wg@@`BK
zSckM2q3=251Ejlrk>*75-h;>p%}X+KgmMD;dY>=L)cCp&9P;7%x(~Lj`!J^HEWww3
z<dBb$BYZk8_zxzB+=t>M%PgUo@2GsLlT*IdW&3Cg+x-#xu_WIerk_ZeXCnEysC)5#
zGENP|YXsvpc)SKeyGyh3J&N>Xi_BX-x9-%uLq3Kzyc6U~5x0ltA4G;}0VYL~XPM_-
zV-<Y+2F3#7;2lzQ$R{Yndnm(VOi@5qa!B^N;PaF?&jawRlRWTA9y(+W!1n<x_b3X>
zyg=wV|0_T9O7bTBFC5!Q&b*hL{O6qt8N*5msi~;lLmR4LT2((4Nu{|Rs_qUgL<MsC
zCu$<;il*?~praBj^IG+Gkm2qi?j+y1CICFTnnM=g<VS)?K8*>WDMkcZAEy@5Y)Lw3
zkY+7`bW5E&eS~Ee)^MclkVPQxLsjq5&?LXWNXd;winGkGm_6_!BML(Mm`CD}hdeqj
z*iY2vR7&%Go*~<j7t)*LCvh5U%TY$oAeJeK?+l`Xv4UghghQ&FSYgVvu4W>cxOX0D
z2&>@`6HeuHkvxjw<bfxNh(``yRdS6uq~<a+&YYggka*g6pl`DSpYml6v0&}&Fnug#
zNIxFm4zY<s&S@ffyeuh8%2cF7osv`)L<9I6SKXhRNS&i_!P;@;=!rub@XSDeK8-Q=
zhpUA9B$^#_$Rqbq<_`)SxCxew<8;PT!Xb~5pYslR0<H<(HgRb?PO_&Fjeg@F&Kge3
zr+{Aw9M->SeOUj-A)j#<Y9je8Hd70_!19w0`8@0e!(-1OUwB@8x!H@af?nYH@s;a^
z|NL0m^8EO^wM(BnWEn0kVvl@rjxI@mlGL;GOZ6iCN+e&7(`79A3S&v9UrWPuS(4A;
z%!1<UF-&k>K1)BBycXfp6^E>Vu7uir6LWt~#iOS<6L`9RgBULI03|$+5!$!z&#UBH
zM*!|2>hvA!l^o%gLN1Bq?>sG>`<_#{H#CAbvcCrqcPc>scAWlzz4C(uYe~LMn3`a`
z$G*G82o9GY6y1HmNc`dP?X`qR{=sE6Ve5BY0>wuDM^{mU;`g57nXC8|ia&UYe{vNT
z%&m55QzH4JJGU|a5pzkHty_2b56@RCHC!eBJM?7?2_xeFCf$V*#pv+$oxa?SA^SQ$
zVu3Z(myco`!w`Lak1vm691pDT3CM2+*1r|dE53XRBN<pT7Fg5k%cn8U1lF7ltceHY
zzJS~xkOu<tj)1%~Anyvuy94r`fV?*#?+eKL1F{y74+P|c0XY$n2Ltk<fP6S09|_1q
zzI@)VX;YpEtho@-Ukb=?Z>c-aXBuPD*YP?sU!TFa;;+Asam&}=#+dQtI~cP*mh0aY
zHu~WMU*=f;|IYkh7Guu$o3EMo*YMuU2e1WUqt*-lwHc%6%f&!k4+7Zo7P;BmRc?3c
z3EvlPj6D8_{@U+-ng9C^W7^mAn78>H&0KSR$8@90dHyJP`^on2{pfQD(%+OHaIt*-
zs*h{xKlPXW!N1?s*L?l&{g|72)7Ssb_oJz=`1s%Y@woaMr8;~Q|NZ{}00960gqC$w
zRA2b+2WDu28M>rPnn6lB1O`EBq;u$Qq`N`s?(S}o9*_{ETR=csLZm@2-{1A#Kkq&3
zeBSfC?|#<1_gQDJbv6J16!XlkQCD`H;{m&O(QxX8s;cNq0x^H0P;o9QiqR^*N!T35
zwKo5pR2^k1|3`ai-0&)nZ&JX%<SLS0=i>Zf{fjG^DL0wv#{2Ne=|j~9Li;yKL|h@<
z#FX-RJZYBL=9OtHnjb515ouK_7(91mL|O0w(1SAETt&!Vp*=#>I6HLz(logZNX4$t
ztygx|6MJU_eSahGo_p$I`-wXaQ>taC)`Z4?Ww=v<g#M0%Ev*{WzQ5=er=%&RHi=YC
z#0Pz~_PWDlG4CF|It-@pUNlrWa*69hD#{8Gy#fejMmS^u6(#vfTW(K~R%2~^4NMLB
zUcQhpK!_bDgwMX``l{f!v0Q&_uyvouhulV%WMvXGKN(b`Uf<6Ao#aGI+1ImmUM#+n
z`G@$G{#^rPEj1MyK~={1hg5KB%45NvEGJ4Cl(d0#U#aNEp#8vRU<W|Q?QN_hUzjt$
z6An$##bnaJZuS?e*P>aydK0@k54ciB=H&yb-pZ{`T*bvGUrCAN)FMn~ALuo(@dCpB
zbpHx)&R=R4c#EC1amMd%gm+J_EZ}OGm;z}nV0BOuVxDTx7jrz|@=jY-Y9rJ4=S~u+
zyuqkYJke8fG=&2I0OS+kCtROEeIn%vmw!6x31`6nz7n2r`lsWbaQvq~JYoOOAN_>&
zKOOpn)e|UB_&s6%1jZ9S|1|m&UQd`j0er&a3H^UP-Ja0<r~jK@`(GcsC$#?Q|9Zpz
zX>}<#xBu468uFh5#R}C70Q7Km_@Bf93|Q?1s91-^E4tZqPI^G3eQj)HU=9{fW2FD%
z2ma^B@Gy6AwRUu{1)vFX@o_=_r{?J7_Ed8H&xCFUz&0~SxLX=oJ6Jec0nGp?W={@v
zC2b=m6?roNmWw&U#Kp+Y(b5cnZtY-a?O^_23lwWx04=wxiz&Ae!rj`=jN8oI!o=Oq
zjoZ!|!R=yh=lS2*|1mQDKaJK7rgrXT|F<jE|I2Lip9|g9(cQ(=+!nz7|62gJi=C&D
zsiT91wI!Fii=7QX7Ge4H9jQ}7Q~`k4Ezj(E1M66-`IeLA?$vWB*>;JJooTF?X%iW`
z9nV#)mfdl~goRaQmyLyY#z|?Xg<VsIAC}bdJ+(9=<{v3ch$1QoOh>2U1yPBn<0jaF
zp}dw342C3f_II^a9<94hin)u?c}W<?ZymUP6~4|s<#2a&pZ^)eEXcop*(mdv;oDJ{
zNN%`Q+Ov0C5}Q<m){}$-?T9|YeVM9WF;^XAA;`aig({Kv99y)kUzz{<#~Va*`r&^0
zZO2C?4^|@=5&gQa<ZNiqOMF`guNAund3&4n_Svp~+>_!wz746UcCX*UOA!_1m%AX~
zGO@2}>(V_3TC2`V7G+To!=WvG32Zx`ch!fSbL4LK+IylU_Ce%dui1NMRqNAxH_vus
zBuMai!sG6=RLRU64v>%+?C<V$n&kenTYO+18^$*8&#e@sJ#)m|F}~p~PW#ouLxvl<
zM)2(2o7`eSga=FcGZLN`XAk|sH#8Y;pRy<@hh8!06bVz5puDZ*nWCrP5QI;n-6}3;
zM9$D|5k0HvNaTZGWJf_>lWn{_zDewIf46T}kk9#5xFnGe1`QK<l@vHR5~uB-m>3bf
z^;L6&vKkYoK6RR4O%<13Fs0j|U~wdAbSg=1Fllrtadd@1(&iv#Cc%;Jj<XQk1vvR~
z=%w;Vn9`eOjM;pQ+2)E_PkfNqFRstrd*hESu^KVa)!`FaB&*Oyol5@_wx){kk)pe9
z+N2t|qGH<wU<W~ECgvxS-DALROPZQk!BkPF?(#;hEW!JAGCdtJ_czDPt?c(JQ3cX!
zrX}UiY_*n1!JGoAsr_yRWtx{Rzz_M|3Bg&^<nm+6s;i*V6ICuA`NB$>;?#mhr%|)8
zmg-NLwVx;``!k}Jh;^esjOQLS#+KAE#5<-MV5{j4Xn*G1{@e6ed>1E+Vu;QDSHV0$
zY~mv$9&B04tL9^pBEckaXs`k1?ruV-SLnAQa<@40Xj}AIF^j%|%mSA5{%ye`2aXd`
zK6o!6xf6dSzG!Y=4Ylj!+q<%3?^=N$tYQ;t(@e5FW?Rb?`OO7B%zZY@{Wi?QHWsl1
z>QhD*(qtC&Ix9vNzaGtZP434Pexg2_GXt<o2RRCDNHqE1bZG~62xaYV*%ey0rmIwQ
zLmjBy%%toLIWf_?XkQu&jDBVYR|-ele%yDZywIu8lSkmiBB{hejB{xT)oVXMWu$uG
zgQi_biWhq~4yA`6Ab&QmYcj@4Y%_&2pLs&KX7Qzxbq@!~D|@>$gG@x9+PX+|X2mt~
za2hmU#9JwU^i0Y`EIj;@tZ<LaB)3gOi^8QlR-@){YAoo)%D5!|J;||RKJRDbup7zN
ze0r)_>IgOED4S<o*co-qjgV&?)0L@b+`Cjsf-4-L2Nl|}5aQI?!3H5}(%dnfKHAWE
z;#x!pqAbE5@W{q(?U4203bN-4wddN}HqNs34ob+fr58*)#|sgR3l@yi7E`eUT~5NS
zNp_~In7nfGNsfPk8@vRNyM)WPpoUv;!);`ojGZ|2c?kao$X471YtT(J?7$OocrM)z
z<<KPZA~j3P|F}%0p@!i71uosT=i#Jn#KBa;p;f{G(_qY^TD_994vLyVJthc00AbH!
zA?FB@Orw|KeCGr(HNCrRbzIIwGPTGlEP+rGg5@w!K^V9o>}gIbx_Sy=GZ>|~{b=3T
z>22|5wnDXN0@|KzNBC6)SRj@WxhoruyB5HO>P-R>i>c3jZ44=@*9%=541>7Gs;$Q6
z5F|5yxA`uzG@}!!9uqZ(AUGJ}nTdhWkRA+0B^XvO632^R<Knqt3>AftEz@~MRQmaw
zt5&2H|D2~bT2F1jmR5RY$3F!#6TyP!fHU4AKhw=t*bTS4WpWm3+y@8gNI%_n`t%;y
zw=QlUs&0i#)TTaH$Lx3e*BUPZAi4+{s}~6dieO!Ah;H<aP-rS*n^)<La(XJFj0eu5
zR{oY=ZzTy?s9|R<R<_%q|D7n&x=L$h=b3l>LUWO3sq_a0_o_CLvoWr5B3trzi=T)H
zvce8aE;+rFC|NY^OME92^j<VeTQG<Bi$tO0JBYs3v}3_(RbJ;hNW%U$s(Uc{D>rp}
z@zWQln%MUQEb^*-ACNC>&WM5xiajb8e4-b86dTty5LC^Z6}o3|LH>6R-1L!Rf*SZm
zbJLY>*<+z6@SiVeGn|Ep)A6iW@f0d-s%e2~)6ewfpibmjLE}#7T&8Q<7G|5!M9gtj
z^kL~SwRppEj)Nhqu!EK_9x0;A4LQTbi`Kda)}z)=6bf|;CvKeY?;;yF-OzhxCpd(1
z#!++QRDx#-6Z2!3rL^2+6g#Gen59VH26GL^a4}$YDztaD3(SSBs*>(`lFo*ACW@ZU
z2>ShO?VCGjbT8#2S|wLH%q~dDO~`&_nVxf?#P7+xm@zr${Z(nfr*t_Z)wcgfYPOxm
zt5m*eeTUr@7p|A%8I#STFJ6vMoW4tC**U<@EMr&5tu?-ILz|o>j<sZu6*Z7@F%4U;
z);ycAd7W6szQkz891Lq8Sm>Qpx3lDhd8TT5Yq~UMoBytBYFS%m7)xm)m;EZ>`ooS(
z%Tt`XuW14<EJF8Aa|W&hQ#WVIVq<sS))^IQg$~Cgsdr|HNtDxxeG3MU4<V5;6h#o`
zA;nChv+)pDqE%rf_3WaQ+@x%xz4RRG6bgOfAvNj63gWupqy2Z@sqcR2Q8s);H?9f-
zGd(iRykB7G-55&H8<KTM2`&n}ftxiqRS^%`{N!j~{6s;~p}X4nYE*%DYR1S}ac5!N
z29t@FnORN{7VFTMbr2rz&LHj}$T0G=v8QMc67H-2ePz<Y)pQm&kZv`TTGyAZ;I+!?
zAc+xvZc_x7Nt}+a7%1VXET(^c$#|Jg-3sGN>hnG>xLiVYvHpP28=TvwsBu$v5v%1r
za;~A!A79wkO~<mm<giUrcjGjQ+jt$P6K9)YTx)*l{FELM4ZdonUX)^3wANc-BJcQE
z_t{-vtd{Rkjk49yxn{A@xWAQ}qSf$gulQ*FWn=8X!(eJngg=lzshU!u(ScSB0c^Gg
zZf$!b!y#9ZxE66s03JFq1jA1V<>;_0!zzQomarhyx&`t(GCh7tMUbFcU~6FAs%t8@
zYH89O`(D51_u9^Y_#(%#vW*j=-cpwFjlhA908_~vb1khP?}$ArTE)-h>S4jAmNxR0
zCLNV7;nCa)-=FroHjYh99(xH(Ir6_AM6H&*BICv{F67ep_A<Qu4S%&b;Y?g`n$dNJ
zJv}@pIhC4Qr$jdr-IP}cTBA5YJ)A<9ZA-P*dc>=m%$IF8C3;C30aY1y-8S`U%8!O*
z(}rSi9Mvl?T`D%l1DD53{|NB+d{BP0pUSoOUa^N=*==hCP^R6ja-`+_jJ6f=SzgA&
zU9H{Q$TeHK3LT&HIB9IknJ9bCnCB7ivW8;65_Hq<vc@~$vSyOH{c&e}^0t}kD~o0x
zccQ5$&-TqDzwFE2PBTW6$843{vY-u^zN9QSt*QZ_pc8QJtZI;NKfI(5$U~@oI=)UN
zRX65h6fhh?VTde>7^_`O<K8aIA+yGu3?p&kqAw(cIB^AU>WAJ4IdLhX?$Hxw$Ha?}
z<;T2`BqbE#9tMQDV(K1!>`w`X*T0c=;%W_SN{T#T+&m85JeKvP5)w)3TRxzOBh-V(
zC8~I)96iEqJsSC8Nc(`Y@K9P`tk*XLTgOa=KJzsndWGOX3qR-#_{SR#RwG4OZYEYE
z?1FZpb7xkg=%2$1MmDA2OR)Ge3jpSkIT?(BP?-CeRUoZ72d#meEH?wK0lHM@vvX%!
z0}J2*l(2Z5qvcRFp9)cBib_1WU4J>IAQMl8qo6~d$wX^Tr=WxU9F*J=l+16tP?%e>
zY^Oe9L1-%=pD+oDaCNXzvRC2sAHtlONHh<nn-a#E;)1wiO>xN%y!NG<;(}6cA7_s4
zGsCOpzZb*}`(T}U!qCQ91HoP-k#~_+G(qL~(sL0vLXmeI;L8l~rOshX-oTuS(oaES
z>@vvCbhnSqu5NNd1nZ@qDg|vJ5LAK^IRn_*R;8%Ve`!oo{aQq$9tcAd2@IsO+Iz9$
zwdJy|tUM*K%?``0(vw386>$vel9a^(ouGn>18;=dal#MCeg$WwhlQ?is;5UI=L*qE
z5$canMOyf49Qf~=YJ#9jPyrjAI9}z9Nj_VKY6=IxsKR#&#$CKdr!bAE0%taZ(I%r<
z3e2T^w0bCnldx|LTo2va2C&nh*Ei}+rjn<-aIvJgW^BpS*Qp+}BQK)Uzt+J~Z%adF
z*dizN&>D<ML#?zpthA!6Qt}PLwBZn%2oK`)Sm)YIAw4%fA+02*+TlpBFL&9E;alHs
zeYe{&Rn_MMm^i=oC+NJ~*SVK|(0xhMGro!{S24b#BNBf)&yegy>6Go7H{X)kZ^*7f
z(L!4DLR;ge=;9Yyclfv7Pbe!V;5Vmbi;)-9F#oB03CbNK-QHNG`fv&!6d9NfHlT}@
zno#zqVN=x)%F67q8M*FuF;*%?!J#z{%7t#45}ehV{6;mW;jvS|#qX%7$ogbZs>V4p
zQAy>f-wtkMxkpJ?Qa~vj1WlVHW)6bGO^~1ad9t5{y!~pD)>F=(y(tW<H+b3a0Xcdf
zRf<!lMHm^>AnDUz3*4RKO4K-8E&dj5+m@ASH!MBaPC0<N?(uD6us!Q0Xx2(FP0nZT
zjCz`yCw<f7fm$qTGmFls^9%eA%4*R_6aV5`_2D;Ci?x(JHYyES;e+<}8@p$FBC&gL
zpaBfkg9*0GPPd>%FOGM_PG0R^YiPZ5m{OX?s9aZQ?M>Wp!*<_wi}0Mez5Jfia^h5P
ztcAgM#WtR@Z$t0R-+y8g`E5QjZt&y~lI`Nu60|v=9Y8i<%Nn`}9;}0)N6qUqpV@47
zK%|~CE$FT?HW;UcM;e$)*>OX@y#cS{Kvtj5sK_hnE?!k1-25x)_dJq|>VdUP9)|34
zpT6}hmNml^uTN?WjrzIJ6FL@xzqrf(e)SZ=8Ao86h%fF9{bVUe&)~Hh{>BQmW%2qd
z&pxdyPmJMub|6aYwk+pLSqXcUYcCX>CbgM_ec1k7rPr}ourKWe-WWLcpQ6)y1D|5#
z2JX`voQ4m2ML2i&_g$iQ&5|8czE~0@aC9KD=l4HA7h7dQA70p~O;EulK7K`;E~wl0
zDJpVZw(k>GuovOh_EV-E*U&ZEcf!0ygnnd!y)c1X$qH*<Dn(z<_iZyUW!g9OmbsIY
z;#%UDEO%H?4O4jS^x~z1T(Ie{mNQVs-ANanwKw6VUL<iFc+N4Xd?WZqXwI>p$9T$-
zSF$%O6N9%m1>w)$aJc~b;;4+wo(Ayt&VRhEQK(lou8j*<OsCB2Wz6nWuIj>-_Q_iC
z%bMaObsAuiwIe265RCTjSv~Vj2ml~Y*{>A7UVppkR?Ng|BeZj1$#4>RdF_GxY(DU_
zRjK{kNa(74#u;!6iT`^-hM-U+KjFPql*mpD2+^W-BHz59O%aWJ4#FC;+6#*4)FB^Q
z*qCsN^1(n0I{A89%;d~6?O!&MbEmFtozi@#+h$A}*5XuF@^0g`>?wVP3u)|tL1f&U
zl&<D!A>|Y3%nsKkPWY|^_QW^jNY}SHwZjkCCP6f2Ho_7{xKLn<q8f(Oneu7v#ie5F
zdc19o8QapO%)?3R=6ifdcf?afo>C(}e}5nMjW6~<488PviE5a3<Be2Lnx{)$R_1VK
zp#>q8M*1?gM+tb@hjV0IUiOq>WE~@+8~@ySWIb&MZ}_)3aQ2?y6Vhp2<@=|+^nl(h
z#ft>o3jXFD;xA3<!d=9c{o;hk8-JW(eDE{|<}kiwERCcu)i8c+pZv3HAo?0U)q?x8
zhY+G0j3^cS&I*QkoV~u%O#RF%YcwsNhs=)L7G}*2v@QqC%aE(rpF<Sljoh@4c?Pe+
zynA#6JrTw?)Y88CH`I-EVcS>nkhTcB@WDVaCEyj$`Id=V#iQZ!MVNQbIp)U~wue+$
zA0pJS87}KfSgGj><G}EzpMv<)E`ig)Tre2!B7^oBunZAGG$l^rieCcel$E24bZgrU
zX$44a@OXt9s9TgT8-fi;WzW@cqT?XbpE0B3q=;x_e5s=2cnysKG<*QxSZBPDYaz|^
z_AHx`z^;n8!Gu(YMhD+)&l@3qJsUqXQ}cU}+ap%ZCYFWyz3j}`6&CcKu(qSo+;e11
z;N?Zsl5nS-AHm>-S$iF|hoaZ}tUdhTs9Z)uv8an3SR%_A@md+tqDCRh!l^9kyb5Gq
zB}@<~%>b497OhRCt2IU0QpW#VMP@&5K{s!=>Er;ZSJ`PQQIpN*VJE?ul|z&GJPUe6
zZneOtyGhQ>kP91&w8T{Z%0u3N=0tuTi-$H5MFYw64;6IU9BQ*H(D-T-Wy!Q)xN!c%
zYbtV$5mOyTSST=#DcRx#&dK@!yx?$>rj}oYPvTfFt@|rY-SEC$r3q;+Da#YLq*}I@
z{VPn7zc=FcRp%-WVdq;%%D5f?mK4Q5_cN^WGh8<+H=7c}fW>@yC(yirY9zTWYNS*X
zLmjISv4LNTW<-&mOifjZc2J$>F>`sZZr#7R>&HzBe-Jx3R;85<A9K*U%d|1e(Jm2|
zP^*0i?JNvFC(PF6R_!yS4eXAG-*d;W2-dG)G^~{IpP1IKq{YtnAP$i~e;_&<tFlwk
zWj~f({Ad;x6nx%m1L<)L{=QUZ_f5Xj>e;aPh0qUD1J7)z=<@{>+wn6FqyDk%$_IM!
zcfv@L=O_>KFWN|N#aVF^W(zf9nG%Fm4HD;H9F$x5kKImz_%_RmJ20cp058ejM(w_#
zg&ESrekFRnN~I{Lfe5OL?I_6Cl<s@YCsgq|bXO(Z!1{zR45cs6_=1POB59zR=v3Sx
zw?@ntz1g78<KA}(Y>4xCZ!<5rd@Tz~eA)!yxg5k5ygANX$;|){c&qx@QJ&E6D=e{}
z{LI)0WwuwkG=K?fNsG)FzbF#ziWq%qa32P^646G|-bY6rvo|9HP>i%<v3-d^e@Sl$
zIF|;s$OdnV3hwx@UCg`|UB)VE5<>s@s*+W}*9HRAVt4k5x6*VkxnIkH{!l**mx!Le
z+CkYfh$D`M2F=pE${HYTGMbKAuEQMZji!<eO<j>3!v8Y9Se1D+&$w-vqGlaqQTGCl
za5WUmetV$!c)yMwxmYy>UoCvyV6gOgu{^F0LSs}U-oso+p5pWl_QlJ9uRC{V>qwK-
zNFsZZk<>`=bn<Ve_m%C|a^1H(l~iN}GnQDevG-MYsyD-ElVEjjw~0g6I;gc9X6Hl5
zZMxxhfb!aLV16n~K~=bf6;Z>rQ2xD5yWC?V_W6SMMzHtBjP813Tw(OPFwp@jHTeh$
z8u}1Po+c{_!Wxwa(KVuOV#8OzLZ+j)HY`<-kM(N(we-KH*MNXL3F~a76vOGGzXcX9
zJrJ`#S<Q8A*0Vl(lRt3reEdy{gB$D}NmE#rr#AMn{F9RNdv95EH$<8}*XgkCKDx;0
zJm3XX?X>Ccx4}vuukv_)zMpH}fXw={B=4eMlACY2u2zoa`?jt%pBQjnJ0!ZF>ayP(
z$gwEsh@vDl2CryS_T64`LCNp``h2;&_huvExs^abd)og>-H$vtP1Drl^{>tG6~o)2
z<D?gERkluOQu=62gMth0#3)*>M_PY~Z7;0)e6JDxjkR7JTea02U6DFDv?XB?^OwbM
z)OhWY&_jzyu;%yugnZ65d+KAY@3i=_-q_<K&&qv^%>A;}DaLfI)*t^%4$I@2KM0#(
z9=&6Q2-2`O4b7vJs|?D_jhqK9-`KSVEfqJk2u>GQqoIHOtp41uOkESM{Jt+&2Db3>
zL?*Q^UJqVXo*wyuMXrK2D<YqJP5_hZ>Db;#OjR<yA7#JBD0UDBi1lz9;eGN~0q1Q0
z#dm8Z7mWF%<iQl+@gYJ)I_&Rrc2HvgU1LCh+m5k-KW6m4%*>rQavc4<;f3#!^zA)e
z>{Wz9JO`zCa>+JY#u^vtNC4=E#LODaxgbaa;fRTC<0b=U9F`xNyW=+mNA|v6xh`S%
zJ19r3OmWL&;J|U5-q+Jy1hotuP@5zYjlAkWyecmqnpg1eO+T6QDeh(C`9l#@ARr#V
z*?0RF!vnG=`$w)$UXI~5tE2s%O!mN3pPlB2-RGghy{gHU-Lv_(sh4*|lkGe6aw@=Y
zi3Kw3j|Ux!6^xrBa{&kyj}EGY8`(F$Tcyll5~D0R0Cq<EB^G48iqfEXP`FzDABTo0
zsh_92IDov$DDin$c1!WF(d&w<V~y5X|LD3Z=X?py(vK+_Of%5#@@&II!{+kC802b`
zXs5{%f51s!`mObnm;|ul;aNc5uZ)}bS+jBC+hKQ>EA+fV%qu!EaOtlP0kuTFcz^{(
z@kK?@psY^XyBFzL4MRVFT#PV!COzO#?Qtt)_wsB%gmF&(<#{?O)&A|Xc$85_v^H}S
zFQ#o75nXVbeCeIz!5o&`kjYz>ZDJJ`=2m3OhX|2c_NNWOw<jqI11Z@(a~J-oGaV(v
zw{HmKP69Lc18?5X)83fW1E+oib$_7jhF=ElP%dCZSLmE0B-g8mu_&c;drDh98$M0h
zb~W(M{8-ur(lYc0d-#>u-$Zj3)usP9&`PM1L-<ZKla-B*#MU{#@>iZYx8-}@D|etU
zyO+Nu!uq;fTqglLIRyMAWC(tNka$~frH$eWMs-z{af;trWSw(tW>MGn>-MfaQyX_}
z+ve1EJGE`wwx_mjYiirJr(d7<&6j*nzLT}r*~vM7oa|&JCws5!`km4*{lHq)i8oXq
zBnf{|I><2xv?aciH@VA=d<Duy7#PA`G~?A^A+KIda=i(b;DZ+f2*_*3{4OEhsNS`I
zitM!*6fbkrb}`;zjXvQ)$MlY7N_gV?eKk*@7_casZF1*U{gb92T68*btX!gZsyp4w
zsa*njTIk1J*y%tY>N#?Okkw*Z@kjR|u)iha^3l`7n{Ij{MGg4#dCM1`s;kxR$n5fL
zyXIfY*fFFL<-%!YqEp9TH%iwRHoYAwf}-E#OXmh{?dNSrEJDPu4LcKAW{$wTJKyZ7
zcCmiI^e`<@Orx7BKFe;;+uCg3l4uah&RpN>3{v7+bm(6;g9x_-kzPkHg$vq4$)wap
z+4NJ7|MuUZiu%;vW-<%PXY+I7Ft`kwG%o?WqvX{%BpAAR?_xTZ3lC4y>s<qFo&?J7
zDLc}*`X<p2J2NnJxIf8A1<~R4*$7QgSBl`0q^OX!oN7gN2<ssc=cg12!1^qKT+@*>
z%qD|+Jo+CZmpEHY*N-%+@WRtLFg`<h?ZV#8lcL35pVGRj1$C3K(P3Wbb)hy0UZvrA
z$A@qK98TyqUsE-vjrp&OUX68`>@scUl;iX^I=WW<(awm*&xv50P`h%UAE+_4-d9Ka
zfgqqUX@ji|ip^O)^@6GfL+jAF1{0h{pY?*gErQk$aHe2HN#>fVWV9y1Fm!3fu7yh_
z-_(&RmxpwpU||JaP`VC{Py@w{1Nw>D%`eFR9I}hXc`Beefs8=MzeR^K;lo11fDI79
zBr^62gB_B^=JRwoVD%5{*CMd7LtvmP+EesH?0MUn=c#W<!cyV6@JQ`_!mg-7=_=eQ
z2+hG1wf;MGe11K@-yS)V`B%Msjw9`2ll9ndzUCI2Ytc;ZD?g{C6~4E3Ma?Cs8IeaR
zO^wiD3D*M6iyJZhgSN_Ng85G+_PG*o5tc0tft5;~X^)iApAK`Eq3n&3yIIUCf~8Qk
z2|oP>Jg6Mhq0=20%|9xhLy!c+&%xI53;Vx?Bk3g-3TOYdM3Ck)C~cv;f7%uKOW$d;
zYvCQb)Z{FYNk&LlZxmF11yz~yy@!wK7=?U01X^3{9^VB=Mu-!zv9RMjl!yGljP_Jn
zr}$M)d?tZaT2XhK8a5DFX}o=JiX97E5+ioRzhUb>n4oNzO5C=h^~oAJ^7Lxt(j@Ls
zuj2lyTFkInD0yUn-r91|<}7vmhpC#!_a-RQL((iq9l>ntIQoE0rr0W5I>X`UtcTsg
z=IUB^uRu#FhrMlPE1K3zZ)xpEuZ=2VmvY3_AlI5h%cALl2c2a$ca_<t?kR;sVlBA1
zE$gJ?b{0cqDIc=hvB=|TWZ4s54&7hAwgm=yt@gakuC%m!syen|>Q$+(XKN)l*J(ba
zMdpEczl<p2Y>H4_JIX6}+bj(Y%wm4&3NVpxYua6MzJFaM2eZkUfp2qf9%b_;L>XJ$
z-*oJCu4fiwAH`98povWA3XB?bXRATyYiU&YFW;rvPnRZJ{jV@>#}J(@>gltV>9gmi
zll{)ZnBezPT*qI7qukRunijd0UzSx`b-nP85sUKDRXI6#xYje~<84K4G*9CVNnu@s
zhV+2zTbbCyM4aU6bLZpw@&L<htor61>;`b%@_d{g?kVGHiGVa8emSa>N0OuJEwts^
zzv669cfplz8f7gW@BXVQi2<Hbw;5NRcMvM+PyB12D2{ySu)#w=hLkC>cay%_I!+H|
zS^xMNLPzPtqa_jjaL^XzVzPrWBMOGMU<k${l^C*7FM!3M6l8?W?<G4R#K|Q=gTH|G
z$Fnj(z;BfpwD*dVw@1w-LIfifgb?TG1I_1%FoFR`tL6Y9c<D#_7bZYjfE*obhn#aW
zi~>On(+49+duE5Qorldn=O?xyNZl=r!!;X@53diipVmv7^n#(B)<=_L<Znf!bqiZl
z7tr#8W4S_zULe^RjyOl=Va&ZM_-D}XCn|}dj7x&fVA2XQx1qE-I@f1XkZ^2x;w_{$
z7kkbRYBY&cFdtkURC<Z88cB###w>J{*xVg-dK4?fk01Z72`S2=hCQbT0eRpB0m1wK
zG$E!IRwjDRP8L><|Dy{@(tvY9Uv|%#t88?2bsjPoCyWz_`gzMBWL~5bWgL~B9EXXF
zgyoO$Q@zSXyh5~M^YMZXiCa>Vunvct4Qbu&BdoTM{#)#V&OKNcD7sm~OEI!AC@b&z
zS9rg5jPuIEet+27%VX^;w~ad5*s6uAo%!pNVEb$P>)$h@(sRiaEpE%59#^{%j?inB
zHLltl`iQ+)aQqqpmQ2Zm1W~Tc;ReaTZ6{xXGuE8bhK>XUH1n`Tx=m5R>0qNVR}F;|
zNy3bX(wKHmo(30JLC2GEf`zLSVJIHEgYp<?P0ln1JTIy|Hd(p>5r0Cm1GIx5UO0AL
zzOioXq2Ps4r?Cfva>7_L*+XZ}mKN7f*+Zu&G7FJ<jQ4~xH=5srB&+5=l;RPa5&p(p
zzi}x;luNEd&8CC@QN#0Mw}b|d7PlK1!>esko)o{s-&{83q=1p!b44+SOMsgMVpgCF
zI$rhtVnJebPi&L8>Xo2M$8YY7ukYpEx7m;}!1fep5+h9+!>1$&M?4ojXWERIPv(yc
z)=xMUuq?}gJg!z}GhEP&3M=j@jf*)<Om{*lh9~y(l2}%}jS@eIIR}0di0U?rnLW7l
zym@z4!dQpuWVD}0LJGuKpfpA??oVaK@5j29AW~V_VDm2e8G6+!^$!I0#<0^XlSz?e
zw2W<8AWub;!)81X#fTVhVKeED%-;^u4WwAn?stvF^WI8iQIbucik%Bt42)ql)c634
z>|nR4h^9)nzeMrJ`<BE@zCY|daEt|lkw_rX0!;^QYOckOH%{=+Oq9KTMlvJKzyV=*
zEj&E0qJ${IZv+~(pS`mV5NQ6`HenjE!y)7F-lPp`^f+_kP)>#LN03rljp^~XxT*|L
z)QGlAexjy}Z8(nD>pz~q9UIJz^>>SmJP-@0rUcjS{~kleN2s%8`(s6ySiuW#!!ehq
z?o-7akt{J$HgNNeD)=8dVZS*%SY~8FP0`AhsSns-Z2eZ&nO`7cY2g~YdmQ{Z?;kHi
zw7l^5*E$Q(dI~i3Hfv@qE5(>FqoLg1W<Dt)t>~xKn}hof^+A;$k?kvN+Zs!U#a#$1
z&{vPp%HLIbzOnDNI6VT>fy-((TVVwExCdM!zQI>cumhqh`G;)XAb;%sA#D7-%#~}8
zo7e$_vP&c`pNOnodU@nJ)o;Vp3XxM-$B175niiTu3CGBC%19j{b@bZ8^e&sa7W;ID
zk~WBMA1x|AmWH0eZ(7=OieuK3W#44`&_6L9m<dgFjLAS7#&vb%P9NGzfREhXdy`#_
zK7P9Xv(^O-A7TcD^oOqGL2Q!a-s1*ZUFyDkhM8c6)WJ+j_=D`f0(X@5dC`A&^+=G7
z9T%8LDG}F>AB*1z`oky6n)V@*zAt2v^gw^jI=umClqpMnZQ8pcRN3$oO!?+{s$Ft(
zhtOV0s;UH4iN<nGoI)R41W25oqpBuD@`R(u^<Nli)o5-^o21Dg99l<X@QE+%<7Vzk
z)~EnC=iW?7QR*fgrSPKQh5*U(jXP1Vh*Va=fW`on_!%Ld1{o&2N_0ZY%30Iap^Cyr
z)wmHZ2t`n-wzKT*{L$>_#^(7BeV#vSw|S<SMc9Ox0sEYX<=Urzi>PGH8OCH<ysEOt
z8OA+4lcF1S@0JK{NUD@O+0AzY1N0!nxMc0qjZ-p7_9(NdN4JK>xRwuf3REOD0~M&|
zU#aAeVxG}Y#z4rUG?u>m9vYZtNLi63&>#xTcS)qurPOX9z{()6ly;`+LmMUNWc_%i
zT_TI><LQt)n=+*TmLt2OoY4Hd2F_}kCvfUlg0;a!2U9hs68bvFmAaJo@BH$#<Df|{
z=ZL0~+ecuCmUed-pj4qyS_uLUKFmNq|8rS`eX5dsS8cQveIL^A38IL^u_#n3jt2N(
zg{+xl4HOW^O=22Yky#&&q1NeLrWDt*BdfNX5M5LOq*Gkxi|S~sgCsfyb68><0((_y
z7cm8Nz&WjgXBkpK6Bh=0Q~ibP{uWJxZws`6^pe85$ovJVIdw4*^oaPpkpxJlPa?k$
z(arD(p5BeZ@*DyGXq*}<vB2kIsLznz_qDf2)1e6kKm^yz+*JnVpeljI^_qangL-7=
zPj~-(c;m4+84{}7AUZkZVLZWu#pCjU^%&uGKgov8=5hsi9P>z?=)mf<-+?|<yD`na
z6F&4^dlNhP+V;H+#>qdZynXcEs(2V1zY6p9$ls|DN!Raqs}SiW+qT<6)t7j}8&AQ!
zn!c2KGsml3&c(AbA7q|p9##l0(a57~uoCG-*DSH)Xf&zXb*~a_TW#a&;ng3lgg6s@
zV+N|_#g???aW(Gd`Bv3>g0@a7o_m968XS5+sLhk;%&42<>C~{@97t4Q=^_pjRi!f}
zG5ejWLC#%hy--rcpyh3t#)uCB`Xd}vf?tO;RPA~cYp1)|19NdUsM5=nWYvijs<1_z
zid#~)CKEG3w@4#(h`V%(D-=3^YkR@Ts~UpPK^lRW?d)MvUx>|a@1kFV&QbODmCyI$
zbqkYgfcaN}DMCY)M5XGXEsR#WtU;caOtjgw+ig1ee_^k2imBZfDf9esv8<(Rv=eR}
zuVY}~tgwenqI{01KgvcDq#a^3R0se|1_%ZdDeCMX1fH@<GDDyR==ak|yYRFk{8^IQ
z0^fb$7&z^-^Qg32ikfTU(NKmj1rM-DL!H)~Y?JmE4Z*UuFLM%(t451ZZj<Ao)NIa9
zsbUywhBoY_T+S@QD9}bwwE1(Q#tQrcs9-gb4hZx^v*S`ByOEIiQ)?({*>VC4XD0xI
zxrrAtAXIy5*ZMn47tIDlb52!SQ$fOf4O5ibUj>hls_gW5Oe_(i@04qFsYJ0|F~D1{
zliXEeRp42rHizKpN#+y5E5|Is1jj^aB2hPS1IF$g^lC|QjT^BPlB;NIx-8D$?%4ST
zYtI44zCm&g#2%dRDf;i!e%Oy5j^6V@%LEr3n@C9;u-0gh7Uv`ztk8}R-w<Ju#LC)T
z8|Lo~$7T4?>&vCx4%BjsBpV!luNK)X+;y(5%weQ$>;2Gcm&6S)<Svl9Kpmk`Do@F)
zezLX+%>>upgpIL8?!4CPVCmH#I_{%#G@PBa7hvd><(uSlAU=$};t@AQD{iJ0PB6Qn
zG%r4W%kF<|@#OG!y2OeB=oB>e=!5n-BC93a7NP86uz@N4Ae4h{OnL5}R?m!69b+YX
z8Ls}arx~s#vIt;MP^lnhFZcmzH`y#>zhPXMY5aLH>LWs%h)F#nLsfnZ@|q<fuCHR~
zx2g57E?y>_rtcL~$`}Xy_+v0TJkMZ~!0OkEp-zG}($hp+9UN_5E!DsgK@(MwQer@g
zl~Xh#zueJF6IdjHK-i!kWUytC;0y!H$r{0VS(n&MF!!Wo&M7c)Pa66jFM$-`umx-1
zmEGn2r)_3j7qs#Du1G(e9XWn9uXFj#ItYKmag484c=^2#ts5!L7%iw4p`d-jp5m;j
zuE&36ySAVe=cZ>ku>+KLj-M=EFIS={dwAXj`x+xZ!8Z6|L4(oCl+nwY7){UY^b@Le
z(C*(LsW<Yp%Pg1r<S6DllN$_uAm+4cXKmR71C;9u_6s{vukGzYX37g2+l{S8*LwQA
zu&OOiA|4d_!?Sgw6|^t6-(z+`58h6VPtukp(l}ixw?6Xyu)9>;R$;9?ssmC|is**c
z!AF^-3)qR=&u!NU(baaC%Ya~0-d!QsHX!JvPTZeD^3`ZH(nOI6Vi(6Zsla~#@ISTh
z1`yBbq_94&f!puvC(k=eMG$Kz;7Sr_7nVgxPE?u%R(V2L=JyAlf^UAvMM(Y8=k*|h
z{C<s1kMO;0ARS;=Z$<_%!&|!e3;k+}*I|-|JEUN8F;J(BejHH9%Y>aPVkk@Nb!;BE
zJXHQ-Z*i#P1(<QYyNWruNPk1EpzXtO5pOtP3`*VqMDx*Pp(e3;KwR9IK1&eFP&LT`
zP%Sh0aEoGLnsMz36czA$i&pN$6`%;X2vge8{q5z`L_#GB<I=^~PXQch@-UjW`d7#Y
z0-<>><qr_}vlQj;U3d!*zaJQFDZH~NOxrdpAhofzTe%Ia0+H{$Iy+%+7S94IEHSd?
z4fdcF!CWFB<Dy5%wcvHO!E9lLC--j0FeTL;<-NDSmRIpjZ-d7A!VKe@C|GZ%tkK7W
za=f;W`Z>hw@M-*IFmDe?{Q^Xw$CRxfEI!x}0P1^^@Y9M`&6XdONQtMYIj^cj{CGta
z_S5ox<xp9IVLMJZ-eP{yV87vNc-?dadu`6)bnDo8e#SN3Rb_+7|M)TBNiLBq+G*y$
zN-JgXQ{$QIgde&CVuu3c%RQ~5!|g8M(jJDxZ0!W;A3y#K2k$>Z2|bZmdb!(|1j!Ik
zegNeA-GQYEtdb*mi4bLcyEf{DLH*D|<+q=vbKeN*;G=Ns2gsluz5H~FWmkr=4pbK}
ztf~!2ZvZ(~-}(XScZ2<9p8zCFjnl3{;#K_mDYZi4aRkBO@lK%n1x6i*{VC*tRO$lZ
z3v1XDMjWgWkGqOdlp~1W`f{!Yb8dk7wD8uO+g--cPtf7>-j(r00*xpZ20D;^)trwN
zLu0>NC<eCM0}Apn5DGZaJ5wBQ%K`}|x?ArsY_`-$LQiT5-+=UwvML`65N)eM+jVB6
z><~gf-g8IC1bZSsBe^Zazl<BImHZ`fjOTBPV0zdgelScLG<M$ZMsWWOEG{K5x5ywy
z#mvE2ez4$c0vnmcI`Z@70EN8DFA|>luei<gKcjsI%AIb^I37xwJ;)n15Iqp@S$||q
zo_Ltw<8mP&dZ5e;>P4<@Pa^lM=FjitX<>PjG#<v(HFEA*x$18XzEJ0H_TL3@P~+BB
zIp3%;^9|co4A>GBD*8qaJh6!tPG2H^a<8b@_RPnB=^$qLg!&}SrL};T#2STj4`aCQ
zT-e`O#%(tdocq5+Xks+}OpIm1_RVp6abG}LcFn)k|F{-dA2$!2`@`IS1pSIK^0AX9
zOyg^iqUPTf$vOP0K5AZx6ufG<;T-cZWy-Ro!8%`Nyf27t`OB~|^mI>N(v>LM$T$9w
ze8AY2fs^83y9-X&Vz{T5A>spN*taWe>;<^QKQsL60I8uf_wa(1g25-@v}^K!EGk!@
zW5&@+huGJf35oGOt|0;8J=g7SrGqzhp}eQ_?iqucFK78}pyk@JN2$I3b8S&}c|oJD
z!u6kFU(J@M`{i2qvE0SmKwz%*3MXxIkHaRx*LjsZ|A$qJ*9(l^SLUbp2<B$1vq>e1
zgTdt2#^p#5m0l0^2gz5@m*Z5;kbCUb-HzUc65A8Oo6a%COwQZOxOnMIbfw!)YVe~i
z|MN@Bw$6RSeG9Kk<5f$1saDR{X>jQl_Nfoet<u}f4|41U0^gUr!sjW1$FyjISGpdB
zWa^H`-0~To4;-a`>v+d-bIa74TY9^6$Cx(0W+yA#S*xd;|F%vOYYzE3-p9YZe*RmA
zw59bayCk67cp95iv-R*jHadltC&+Nuc$rblX?wq`LF8}wXLfmP>AAh*yG4=far?R4
z{nbxEz<)nD(UjZe<mP!jQ{(id;$3TGQGCnD*?pn(ke^&L^UdpB^ksi0n5nRZ;Ojc>
zA?Q~6H}QNl1C;SRE<95iq33J!*UAky;8U(FxiaSLfuWr^dY=L|?N&mYA#faTaxPE5
z;u&(8l}ug}7Rn3Hr*D_8WC;FKH1ELj=5M@|IVNnhj*4Y%NPq2j-kNZ-i?%W5YNcam
zz<w@yj2h;(#4BXCfAS$`*i?zS@@tMdg~%_98t!rf79I;*8nRR`@A=4U4CMY*;EVMf
zED%m(^!Y<N4e)fds7S<Yi#?auemR%FuF!dJ$w64_Nk8TF<XSEv;`gd5rqAof`8rIV
zEDCM=dngSqtwpO#9{Hs@man9dbwB**FVz3GJr#$1{K8>wrQ1VW@1x8y?GEov_*+CN
zT_lTIx<q-bF$USoAuTb}QLK`aNkO7yZ_3`AK~v%|Q+dqaR9OB}Ttl&LR~jSnRJ|OT
zKs@`?WZYAsf+iLClhHd3&PxSkD)B43=NG$@XX_$(_`w(0e|CaFAMoJzKtOPN0u?|&
zg5KP+x^z6Pv=`HJU$7{MK>uQ<_|>68uR!pmNmwTAG}Z~9AseDz_`y&nay!;sV$DqA
zU1f)(Dc}v+6DM#m9+HWu1wd#5nm^*j0+e8>P>Bd{Pf{Sm&Dx9MDk8$d!v56iSj@E5
zICfuiAA2n6SgSPUICkHA_guT<KW`=GYckvCSQJwSmRZ^N%30g8qy12q<1;DRtT!?q
zFN?C)6lQ%DA)aIXWk#M6<*+(dLTxgUW<Y)hRqwvUou!`Qlr6)QTy1=B`nM4(N~$|+
z(rjLGWc>Q(E$br&y;M$Re6@3Z*!U+i<v>V)wd!3;dK%m*3YqYx{w3wATsnA%-Jf9@
z7R->TdKF5n@Ef%y$>cQnC(A3Cz+^_;MAoEG?VdV1qf{4c*1Z|c*rcyhxFe`rob<{{
zEyUr)SPl)SJ{*pTcW#yDETP#rXXUGDAwDhKr!pLMaADLinrj-3f4TQy<w=)C5OGi=
zR4eP?2{)lLtp~=DCP+Qoo<v{FtUD{gNs5!|HmfdP<DB4Z!pd?QF#{Q<2Zo)^JR0`d
z##_@r-Dfm5fJ1`UGX@ht%~#8RW!4&6p6m6-&1qw5GSp+@%?LoRXC(ZssLM25VP#{1
ztK9pLv>v*H_Do=I2-eDYW~Y11hQ4-x=2=v|4g;NmZ|kZj4c$l!j%8U5dV@>+eI@AS
zeS{06N~0TcYL(!`7$~1?GBMnk)f|(f3W)|G2Mr7aARNw^6v3~)ud&&T8PnX-5LDkJ
zEzl+4$fJYDm@}_zt`3UY9h?;^pBS4yJ4Y@RfSAfyBo-1JP2Jcovs8{hyTqAd5P-=K
zCooSVmsD`+Jjq#W!nKnL8EQ(tMQH|?Af91z(Uj%HHiMs&sq4CcYk!j{U}M3AAUE@J
z<lyHh<HRa2pB@}AAQaLGlC1HwW>TnVQm9~3D4Pk+C|QGp*F+OCR5gSLJlP^ztpo!&
zFO_7m2%N{RkU4)y(jexbG4Mryx%eTeT~H<<Z5U6Jj-SBRmmfWLh#?@g#D<X6tWIe?
zANZG!qxP{cD<IyeK~>>|c<d5e<gzYotu*wHu-(Z{SiLA@0U|;{jJgQkyl|too%-|v
zlYqkk&9Z<7KAg$xLtZ5^u4-ENn$!|Hn3}m?Wf)|=p@)DfEFv{loFLYy6hd5boq#GB
zp__FBERE2SdnEF_1G8N7psAjoLeq*bWzatc%~aU5f+`Qk4~g0jl=nakR$+z%S}#1w
zr1q0*9aFuapSqK3s$|s6zrdHLHu#t!2*p&n75c6Ws-nq4fjPiqfr<+m?E`u-(SL?Y
z2kz2y-#^F9v}#iB)P~q|OP-Nh0@y!eKh6GZ$xIrLu8J7{c<o287=6QGaxdJgH?gEU
zHmca4uT`9ef3=)ly9^mfjd5iA(cr39xg|wp{d%{e$vI<w7VyZ~K%w2p_7Z76%SI1#
z@M~4>a8*u7-Gj=;IYyC1P@1HHS#S59M_t~iccZmPJy#;@>)!WWeml&c3y#=%Mae<c
zH@}hm+{#!Bn#jkW2EW?V%z@s%r+3kAdRodJg&`jJdm=dDdMrxE>2n&YIe!upIvR2y
zyo7COrbTp_Faw!_g*)=^nqkTqj5_wDeJbo+YCy1k>wV<K{%t4vNzQ$rw7s2%2tKWn
z<%I!12SlprsHmwOXHjR?>X#UPVVY><31NCS3@LdFk>t4Oc#$?K1({s8DCH|={DBra
z8G&4mDva>o7S>-hccX^8@k0(Gw3q>y)PDn;rd(XxY4{62_uyx_`A=B0CXv@QjmI%Y
z3J^Pqv40M)VhmU%CeYG##1M8VeTSGwahxaFa}S&kJG`bzMQiqGn*)d9vhRLKH2S=X
zM0!QqHFQ*`rKBK=!>f2mGwo?{^q>I%9=|!EvTJH|KTQ*xEwFA`pujRsPuZJ$b8#|i
zkl4DP*t%YH2OC|zNY*yKc~?aED<s--X;aENL4-|mc;!ITRKqaA<&SE|8tJkqdA`Mx
z;1T~<5lpdWDAOXBNV(!0$Tx@6IWC=1)1)2@{Pb6%jyTI|T}irF-3f)WxX4l2gvs`A
ztZE(7({2C1J%L61KNRaXFJiRi7=3l+Wl7!lJ<MIiw2zaAwT+wgvCpE+xv+#)1wEtn
zQ%^*7N^zaD!L&*p5YLj1@~{kHPd~U{Sg|cq*@e8hguRW4l!9CkJs%k}^0^$r`l+z`
zsfeOzm2fyAnytX28!8JXq;PUEiNaL+^;y!?0`<wEvnj>YsEs_D*h)BE>-78bo3MkI
zexqtuyxJS<U!gNgrA1R+IXEUsaA0>da!CoULSBvxFE~=PE3H<HnMK*`R@khnZG!o>
zFlo0t@Ai+`ZYUZ`vo&*uNAWn$Qq>=7jB*w|fJxij2o6VuxlQzfF3qw)sKzCedU*)E
zi0n)5JWzs{LPI0Q#Nne8@sbL8m<NIUD+f6Z2gEsxz%hJQ2Bv8I&>XfDo49iZBP+BV
zZ!dFdHs|1GrP(POAKoS%-WKsH%+ENF^uq~OSdbM;s+{+bXyTJAeH2>r=ytZlFkGr&
zHB7L<jIv2#J~HilG*xl#(7?%HpV0R&WqS!SFxdp@y%FjpGOQ<(As3`^JPRiFwC7ZC
zisM;@xFhwz4+3*cWRhl+O(x4!NU<W;sFy4kCKTqlZnQq8EtF8&RR#OSG+w3PD#q<-
zO$yT1CEwa5@8X#YvLa6Sd~4?R;Sb`5PD=VTh8q6-PGab*a=<QeUf|>ViSA&;Z&u`x
zAnsj0wIL@r1a@nObL5S)=bhPkbhpxwGMv=YTOeffLs}h`T}xmiC>Bw1#Y!<`3iBu1
z!!Hv!*i70%Xe}9!@_NxWnau)?5*xvZ1=<XgGfWTifndvN<Ez1vxK2k3?bR);AW2&W
zaPjC(mw0QwaXMg!>ll$os-N2r#u=SCaP1mH&^FhygDuDdLp@u_Zm8Ih_<<HGyl!Wz
zP+L*NZ7G&D*fR)yT0A;2YpGOQQM&DN`&ZSoyDE>=(j?6IkDP!f`Lc@{?DIF?f1}6i
z5S7*jR)Rk3#y)>JfU3x7e2ndRW%h(Koz@uPcC?8hG`S=5wbmg0aL=ggD>kl;3robN
zt=3E)^0($8>m_R|B?chlHN<%!GSuJ<yo(~qVxVc{plLBwa)@_}vPxKF3P3t0yS34@
zJ4EG-q9V~cAh!q?FDpQsIjg8sjq!xk<aa8C;UR$xF$ZrYWpsczYG*M(HpKY_#UJwL
zOAX#A?QRDMCl><3pQHBgQ<OY@*@AdseK7DVEY+?uAukqq$7qD#Ck@nc!(g(XA<X8<
z;rn;}_U^0p?w}0vxT(+h!iZW1I|3l?u!Qs=FM>3E^n{-1H@h|4+7FqB@oX_*IHLZv
z^kfAkP!n3IV|?(#sk1MrczOxL6Y5vPomXO=SL74eOG=)F`?JB_Bz5*8$v0UCqjCv$
zoF{&>fIapf;f`STr0Lr5o6&iRP`PcEP@x?tj>~Y?5(dd1V=x#OD1xkp<d|+=O1dnE
z0j)?zcp-~02o)&6YLjS}-p+NRW1XOVeE)s?EmbK_g&p2sJG==3LoD3bH;SaEln1<0
z?y<iUk_0!&@~)UZpAQS#dT}};>(?>r(3IEc#!5Tl<gvWbs6#MDrfgdBczUW;rpU_c
z&BOG6b}i?hMd|7*IxVe}4BbfP6}ZmUQSWissmZ;eb^LbqIsx*u;&|Axv%cDRr{keb
z<0dk@$xt$staZeSUNiK^;YSwDdu;_$9p}sjb5ssPPPL||)i6N+a?dK~sUGX?LcY>9
zfx1Gwdj>Mw5n!|;nG!mk`7~j|nq7qkJShvlKTh*d{^FqIzR#OICQN5WlB-+cgee{6
z!n%a0o<*a)BtH>h?V~6!m|~M|gdjjQ4xJnnE$10UmoYC8UJwaondXn$#TT<fN?css
zrBXEu1qE;9;;z)p7RAp*Z<inc&hX^nBjjBXKi%NDESXGs9r>63`F#6~-`pJd#E%=#
z-7B}BxPvtKg4Fqf)cXo>WyTW#cqzqrD4()&!ts-2Ax`7M)ujt94lTSr6n;wFcuT;0
z{aLH^3=7#5&ZzbLsdZ#voE|!cda-*lmTk!T0)zc8j7M9ZIdMehWw@5&5Jdxa@PiWb
zjneRiQZiY*LLyllG>}q-hov%~Z*e9yq>+J#e3-YSax_-am8ZmhWJX`)L*`j-m_N{!
zNr2Z^n}94L;~z)R8%OXPNBOC<5+4tWB5xm)7?+c`&~ykzkbln2Hq>4BY#a`~@#ISj
zPRf2c0Vxj=s&0ZW=^20j!86>exbdra&>s@2SMl;VUx*`9!Y}g$-=t4p*S>?2sygWp
zv#Gzuo$Nf+oLrMZ=#weNCB+PrBwb|bmKtFvBp>1?AL5V;h2y23mCmYjlntzu-o36#
zIOIPfD_nNJe#CX-qVgK$r`hJ9E9E8?^8sJ@!`ZAZT&)#8gYqc6)n-|@locNwWpjy3
z+<tS|_sI&jHyW#pQfZk=4?Y181qWwNjql-Lj(<2|jfCZ3j`Pt{zc=cCvZQn7EXh~P
z4~$`)e8N|!&g6N#!e@Qvgr{qN1)sf3haIGjo18ZU3^j~@`>Ry(%p^pU@bK`Mj)#Ui
z-(iw+jdGXpu<@`hwmmXBS-C~M1hhbyE&0yu;DQwMZ1RQ3wZvL{kGXkkI&sJLPikYv
zvHYHZoZTc#ybeP4g@^UQp%KWW{f|P}e=67;_5>qYF`ik2OAoE+MI-SZBa0ozlo*!@
ziWD1UB%S7|Q69T=uWsKJqxIA_Ti-NTKO^YL6MA`@Ws7ubwogkoy+8(e;BN48d<b^e
z+55@U@H6rb)q|!tQ$wz}8Rs=3Sm@E+D{pt#O?L;Rs1Jn($k8Jvy1zU=#X{mGNO>DT
z=quRZ>r2G&1LFmU^oIQfqf25kGT=niIj%b_`;ORYJhEQd7`aE3&<CzDC5A)~m4!Y%
z+<l8Fx~D1yFORF|;5g&wNBwuCbId6BRu#FMwkpJ@))CVSi|VFe_?Lemmfdkz@#>+7
z)cm=8g$=od4f+oMgww^iGU80#-~ipBfdAy^u@W?)LNo`qY~-_SLY0poU<`(68;`$1
z){Txtz!NJEZBGc*mZhDh4?-sc@-8nBDvOi=To^7p2#OPnIN43IU3j=$%7LjQAq(PA
z6BSD(p*A2#r0<!ldE$JOt|pQ8^!%?2Oso%hw2yEdiTA+v$|y^Nw=lL0By++&)YB!-
zY=Q0QIuq`=EfwD)IpZh!!%Ak{SEf4O@mMZOjnT&2<ztEpasFqD-L+P|=QiqDx2Vv2
z6;L<WU0N$*d-%y0XZ6ea=b|mNd|MmT1N<2t=s&!^Jv>#`AuZ$x0bl5hOFYStjWAj9
zq}MJail~L{#KW7OzlS#jdBy*FJv!s;EX=zjW$vqqS++&<$IR&j+o2URu;ZBabZ~*!
zLW!N!eL}C#_#v<O0k8OD{7Zk`&NX$Qx?_iXY839hi^vOK`QQbzBCm}QwnMSIkr?8w
zKKzE`i1GOS>>okVZ~dvN`DTlXykcGqL_Uc!2W*cSI9}JJ<}j#dk;v}7!em|yS{JGw
zpV|5Bi|_&!TwLA=noBvd6-js_-y{q_Pz*m5TV)Wje2dH`PeJx$$%Y9?h6%(YPvY)J
z!tQzcR!JZ#`Qz1n1Jr#{tG0xfa!)iogR-2{7IMQ-@5{6a_%Xovim#V$$W@&uJ7JLN
zUX-uj;rZRPQDt-clfm{Cp@l+O7pkX?B`|o%2y+sMa!}pm%FIrb$FbJXTwta7MTJmm
zQMPLnm|n$yVSK^xy9YzwZiADVK=}rc`WjMaHx0t(0;s((<9&uD^ELPbCEwC{`jAh2
z#b&=MKO(O9(bM=xOs*W!Q*slTUO9O=W5GV)!smY|<kQ!db|ZTou<^TeD*b?Z)+_ke
zLphF06|P4$4i&yjPt;6bi09?D@XrK8{8A5=+8d}=?`O0LwIra{UV6B~Pph6qK9M?q
z1{vVzozcsu18GHy*2_n$PtxF1OqnrQsVC^AhvKDY;Kho*tp>KOHWy5SI`Ou+3y`>I
z1;c9T>lp>(K8U)AV-6U@+KXdW<~)E`e38L`6;7AfW%dZ3`+n&MRh0H?({C!G?howp
zCsxJFb1K72OVIduPj+GncpTf^`sMTm3Nw@3EDV`x)ZDD>aSAiQw{i$1lnL~v0feLe
zlD!-Qr0$X(d5;}pk6lIJLrlQ<V2cb1Rk+J~W~`Z)A}x!gnU_7;dIn|ZxEuu01Z?Mc
z&+1)GdE-n}=1q-bnNjocynGv0*ozuxPYd)+%P`EgbVb6)@=RCl6LF?yJOA~O`!4CZ
zgG%NFPv1{B>_x8oRqD3?%r`yahw2v;>s#g>=bZ0(PpbrTe-My=yjMKn#pFaE!n+p5
zX|Nmha;|qE0~yp#XC*9G8RD{B978bmqmj5sm8TY_V~06Xq4KQ`@;W=8J?<t#90nH+
zzG^>`5O=*(9(VSw$2e_Im8ZX++&COO&2_1t@+L#Z4U_J9F@7FmOH&^3-Og6m*#H{H
zmKLtDJ2HDn1lB`TAI3zNDWDCN3i?;y>Mx{`GDhEuNMM~LMwD!ZzEwhCT{RWoflqs$
zj{T+13dyCJxx}<kvp-^%XeFPtvXT3?)z0LqQt_kjM6W5et}p!BD+O%dqL;{rmCoE@
zwxfCLRCxI6Js8^lpKNK#<MP6#(p>0;9B8O%a6N5g=cA!AN4_C@pD3;$5;cQFazB*L
z;PzQEkiG+Idih7vtNof+tl^7p6x%lRJ=WeMxYQT;&?2Vdu_z@R3t1sn5`5XyA6W5*
zYC9G+MUD)MUBVX9km&OMxysz3j8mGW|J;(<bw!XZji1@XJzXbtWZWBjwW}LRAC3=6
zljzh^u=w${{Gezvw88@TUU6*vEQx#|Bxe+Ond~0W;UP*}1T&rN&>DNiUH%eLUF(se
z(Hr_!SD_CyaBMALyW$?BAX{r`@VFwG+?PDN36nY1$#kdPK93G8{{*|I6La=tWOz1Q
zTvrwh-OE5u{`J}wF0u3F|B`N@+C93iC0J^leiJr!J_fq029l$e77<GyfY^uREW#!_
zwI|3J=Z2y5Oy&1YO!C5MWJ6rBvQ5Aumh@0TmQsMi-W)XK!{Bwz^&ftZ9r?xCAc9{m
zcSshrpAc3^Oq?2_lkl9V`lom&Uu%}Bp(f$TlK%&`BarDxX);_@eL6}@oim>nA>Xl^
z^%dT>16!gKTe1_Ip-1yam0IRqmrcT81;$Wt6D!nP#P6S*ny8X0afPM^tcw?^5Dj`x
z1Z>%_3GM0hoI@QJ_z2%~svc6=J67-6%JxyFprQJV*#T~6W6(WsBAy=d$9v0!=^Dw;
zkBnbesEKtQgO=fs1`#^a1xK1_y5B2%x`nm7c}W<xuK2SBoNO&wC9H`JoyNzEP^ClX
zkx6wHC10ruwWctpoz7;&4UZgwMqKH&-5lsgN>_-Qn(tgjV~173v;8A2Vu5T+qvU3q
z>EjGpQryj6(@Bk2R{U_$LU1GrZVoXc=3u(MR<Q|raibN}X;)-!qXW}rPUJL9Ht9TE
zC(p8mLJ_1!CJ?I*_r;x4poPZ=r-jF6zaao>B_a((%O7|Q1zLjEE%alRx@;%ezM~rl
zBnGFq7w6%7wwH8W^pndd=~~43Phu2l{A$@NIS@CGWr_;cQbjvmBiOF0Ul>T|!^<>a
zl59b%N!Cnuws8&CCQlXhTj}brihnf~`5~PqWcx2J=Q4`JYW;-bsrI#5QA^>}ZZ;>N
zrLdZn^+`+}PE@dsQf&tYWCynomkxNp34&jbST48ap2M*ib`kq9<f*1WyDI;W>c!%r
z*s?)_K&xPiDPBrykKR%I!}5IbCRe~yC$I9QyJr{`@2;GTt9mV>gr3@zSC`yTIG59U
zYo=dXreTZvo+)RqA#eSWN3TN{6~Xez0^g}2r%L!KBpK8cW4Vb~O?B^sYTe{XF=UBa
zu|kb$`dkG)SyyAy!<n>XO?}eCa7uz!<CFiKJKSv_E#pLVbnh!p{5?C^0?zJ;kzk_l
zZfLoKRYY7^)g$@uDA^a?*u418ic7~!@UVB}J-*&{dB@J}(wbmz`=)Ob(UN~@&LaF^
z%kp9gv*)p6#XdTH-(88;G1POJDAiMLltWD#JuxdZ#T;NR+(g|vkM=m%t>6aj;9)(&
z!KaA4CENn5ePu~PU(G30(MmxSIIPE*6x?aF*zP)9*5F*$!r%F(rOathE#~$aftloi
zRdCCe(qTN0(<E-6YDsCGH(-10CcOmoj711RnL_p}n{A=$MQwcaAVsWM#2a6!M_u@l
z8TOI+*QZR8&y7X-GR&4ZOmX^3g#>Z;1NHAfR9Zv32@$n&DQ|EC0#r5$%G*mFgLh<r
z*kokPn1vgHvTj7#8kBO=U2Z|)d{b3swRI<fK=!V8a=XjleD2tW$A((j;|q0w2ipmD
zQeG3#I*n}LmR>kt<>X48TF7immMJV6(N;5{DuQ0x9ZBRkE&TPDO9Wjt-Y<9<oX0Vy
z^FOZAuU2iagpSN&b9AN}J#PqbBT3aBahz>1IF%yRh?x~5VjMETQwSGTcebL|M%#VP
zqkR}-4}IWe5j21HRNzaa)^1F+7GvfiBq2{~6#aq>MX@6C(Th%8d|MxGEV*9<yM5xJ
z#&()3q&{3Up~PXd?R_(8+(dwGL9qD#&r5Eyl*r;YAkKvKh^HFGs6>lq&~qal<}oak
zi>rc*tNE3>+zO8c^L<@*$58hoO^zLE>=+vr@1-ySa?XM&+~!xGB5(lBdy2s)E91+I
z%0e$04l1;m`WzcNu%LcQhW$VF0e&Y0q5}q`C@yCb*o&!+r;fk=c|r^3+7heBxDrWr
zfDGtxNp?J_<v?t9r>od($!=b#EJGa}Z4O>^^dYIxZbUDvA}Cxhl{IJ?aFhvM;>%4+
zBoyJ3Nb;I`=oOAqj{Kq=K^|uWF_j5*m?W){{57FqpTTzYN!`3oJ5u})4n05E3Te(=
zKCgi%{ZjC0ec)m_1Zr{fciX|+xVc@BLo7KK229ci%0GK9qu2@X5qk}MwLk1J3pfOF
z3yn?rikhFp{yzK4=j?KiILoIksRxs~Al~!=-KhfGIN;v&e%-ETTy1JoSpHk$zqU$i
z-}ppk7p#9sxx~vl{}G1sCGhK!2lv%vstbgG*ZjI7`Fd#iJ@1ukNM@JY1C!j;T2qcx
z2rhN!G3tG=$-G3|9aloW5eqxz0}`Sa6i%mvl<6HzA}&qT>dP@V#NTVouhoi3s~w8j
z(EqOWLj8;ONnqm7x>ED&*IRp2l<|ZxZOpS!eurTr#~D})UK}fz{`fPmIpvL~33O45
z3*v0fC_Z!?FCxeg(jUY~M8fC9Jx{`RIe(#)3l~3(MGc2~ys!;O-J8Dhw@yW)6UW|I
z(lbF(8T=wfcLncQky+7z8$v*TV98tLT<;0m=n0y@TM!ovg<+tbA&0#Qd*GxI9r==K
zW1d82oPqowVg%(KiOiSnGO>LN!*aI_<fWudZov&tiQO&Xg|5(&_98+;;ut;=TyM&)
zxzKo4L~z{D#TY)^^OJ#ra5?h1phfZ<7Fw>09{a1@q~!EpZ3N2t&+=fw6!HCu0?ZEA
zR<l2^|4BBzQw$)L(0clPb#FKD!-Z*-Bv-?G_#8sf9W{tXqD_w?QfQXEnMDitFRAxi
zF(%fep)5=9hdF+M*P4HsgUDFen1FzQQhv9%|KF?idt&=NKv4l$0BisbfEU0AAO(;C
zC;)T-4uB9q5+DVT0Vn~K0a^fUfF3{}U<5D*SOTm74gep3KOg`Q4u}NA0ulkafIL7x
zpa4(^C<D|3ngK0<Hb56(5HJK70Zam>05gD9z!u;Fa0$2u+yL$X_kc&h6W|5#3Iqj$
z0bzk~KqMd<kQhh}qybU_8GwvH4j?Cx2gnEH1quU2fD%Aypgd3ks0>sA{sL-zd*bT@
z4T1JRAD}PL0q6*H2D$?MfdRlUU@R~O7zK;~h671~WPokJK0p|RncmUCh+fao*}}@0
z-q^&{z}d=)-pay|{(k@v|9SQw{=@&%>u=&<_1`Li7s<JHs&A7;76=d!%<m=pZ*qi{
z?f+sU9Pg2sjP>>B>>ZpRoM`|}`uh5{kcKW#1z8a<SszZOgr?(@X3`V%<FYin(^K-m
zDaq)WN$CkQY1(ngN$F#GdD?JsRH)xB)AEv#O8x>gy&#~>f~H`M%!R!&pyWhk;9`)_
z2By#^yXmk#u<%h(%vfnb0Y87@;RdCdF}(m_7@+(_A%3FarUerPz`{-nfCorN2nj%W
z9AWyIBgCaEOo9!{2uwmXMWTdH9ccO&<X}kVV4R7i`NZ)g%KJFL{EF(UD=LC1YT<+~
zq7DQG`?pncAWe>;>Az@X)7yN0Zt^TU%OR0wRg#;TaC#mUgC2_Xo}~+(txhOKMlj#s
z*JG(qJw`o7^%}lHk_qG+#t}E8Lscg&6#aFwLpEh7Wnd@)QGs|B8GL`~C}pt2EG8$z
z^xq>1_NQg0r(mYXForNPWeW`Ou~)43@lvudm5cC^`mJebAs6l=XPV%n_*)KA0<lB^
zvZjBs^C0UldTSZe3%Z&AuR4t5R7|o`Q|1$72R}X*;3+7YOp3IU2RVZkQzp2dpwTbJ
zQrEwyodd97)db13OS<--_*xE(tWJ*~a7{h#HIh~*tfu=eId`Q`FKq+CQqtG>S)MP`
z7NKMK+rNa!^f;&Z$XwRH4m!(1)8+6QF;^&%o28~M(?on`CELIkC*=8&ozokg%Gb*~
zaTZ-L(T0@i&CzQX_S_V`$R4vtJ4_l7N7!uMTXxcWH|xb6OPS<k+kmYjlES=R&%D&0
zEz=q(nVKv-HWoixtF0o>e`T`Y*X|VNeO@oBsIp1wR;i~oyVgnkB}b|&Blg_d`n}nI
zi214EJ8qI)MZHV_NT7SsX?9qJeR^9x(vwd<v*B@P6eM+TF|1I3s@_6UUh(nbYHD5f
zFHA3+9yotB-oy)#kFn_~ZZaD$dWC!5)WGkNyHZ`{G=b`q4W>Bm{>y2}tHr4@c>gr#
zzPl_%a6{kB%-d3JHh&~=-o?xwUag44_qe^+qqpR+RXJp%nOfBI+1|a?&e*fTm>OJl
zw^>8{uhV0=`P^18d=)xP+b@Y49IRGwo~uy7kjR1&W&r}^zpLwa^74tVz;}PeFAxyy
z|F61iUB1iF!2N#(IO^7RI3w=E_Cy8<MyDi5OtfPOa(tr%1qRt+i4qbeU8Ep_DOOl)
z79#}pk}w=XwE`ee0#Xm5G7}C3gK`BNa{HE<>du+N7N~0WXAd<Q=`vrxndZN8rXPAr
znLoFWH@V|LggeSjDKEO;uiiViJ3L2nyx#OFS>A`8Y|g^VrkT<5k@>M;gMFMlD_jh!
z>n@sq4<%R8w&=QOX>F)h%&kckc?8eDDV1vCT(m|`Y1Zve)Bduw;clKar^V!UjBsT@
zW@u3u)O?L8_PCXq%06c~nr<n_bA5l?5KlWF$3E2orW~h4R<VT>=$6uB&a^om{;mjJ
ztV;bI?b4)6#HFrf)1j#4G7+cf7-{V~!ev=jw^I3+0R$bkgnM1ndUCPctof}u2=Mx(
zRJhu-KaHT-sD^2|_|{gXvZ8Puri;`#@F=#qscL_26X~_!41>kOz|~&3=kjLm2v;>+
zaCcyRu;T)qY1joXEH$SaG1ubTrmp3%4j%1DQruv3x`Azm(XH`Y4aZro|9nW4{X?oy
zlR(!=E7_;XtzzyZ4!UKb{8G+yLa0!+8cWd60}DE{>UUQmk6@M-W<*mn&Q)WIcGnsq
zEa!<#lde@&B{v~VFlwFy4PnrxYAGHa>$pu?lF`KFn|>M0v5NH28g4u>=rNup@dhRq
z`uTJ?a4S2ml@3}BP5l6ga7}$)++E$maRh5^S^bP9HR-h_zN+f?s<q<*nBrRe;ZU1l
z#ow4_wKa+SH=!m}YPL+)lNC@oZfq+-Y!PmKr{uho_DS=$IcEdX7n8`L5)Q4(R7;yU
zruE*SU*&Xa6VkQ3JL~msh+zFm=2}u_KX48iOh~UwtbU@WCT|`RZSNm=ii}jX(%N@x
zQl~~#-Qiw_q0cmqDTC9dHl>`!dw`E=a^d7R`eiG&Z0Y_k8{gaX4n(KWRD;}(p_Dz!
zKv6->77KFfzrH+MrjK9$Wq?eiX<dUMfz>DI+_WM36XU!po12Zzk2PDRRK1Xy5a}t=
zMj1o!%szr}74wlZjO}EZ7N}Q6&m!VCe?{m@y_sHfpSK4qaX7rwP6AA~4Gl~M1G*|0
zdmcTL^@wePhbANqP)9}=yZn`lAq7{%vtyeDSF_2xmU;@l>fP;L^d6H%D@JnUarXp_
z1*4XJoLKZy1>1=B?`rjPI!S9!)7lr?gj-&uv?6Yyre<%XUr_gf8;xlKZ|l8x2$wjR
z)Z<-AmnU3>i=N2YPbvMA0^=MQunLKV8WaHcvKM?Oykk8Vlh8`uDf#~tDw^b8yy{fM
zF|vToN57+C2lOCJ3OvYRZBWcm`H!m`xua9weIuF@Tl|;l7x2cm3gLe{SJfqE(yeyq
zM~ED|bSNU3#JS|pK25YLpAda*Q@p&pe()BZ=I}9i#g?TruH(W=lhCCTMF&MO&%kFI
zzK?{aahA-S&&#yLq>K4*#1f<sOyK0;%?W4FYOEy2$I+#ep@qPg);dR`i(AQh1pDu%
zRAc<*d}5f0p3JQ7A`Pydl5dD(%wVPyq+BnL<hPJ5KptdaR(6@@_<bPO`me7e_v7GR
z@8dR-|Lc_hYrp4<y8J7)xm-G38llKRbv*7B`Tj^gy~L#{ww$>}a>3I3SE74`NY|El
zQ@U&NANFsuk^6F(M?<Wp{+4rr4;J_;>;(F~O_1}gZTo_wRquE(EyEP^H95Pi&in7|
z^NBE<XGYfa=VZe@kDAT-$!Un@33F|D(Ux$7Xr$BoU~N;vL}?Q+QPuPj=f6QnBNqXa
zAf$9vK^t&y3J|qn`e~9R7q<ohx|c#)Z5;nli~3b=uxI<0T6b?>dhMJb?)K0O2h*4;
ze`)?)Lit#oSEXdOK4qRy(U6L?PAA!$j>5{cl`|8Xb`q19NJ%cP%?h7bs8rI=R05II
zA59UB2wuhL+PUS<Z1<T`8&vBb=S;a9!B|gvwOrvsWt1H!wrcwDZXdZ8LLGKio(aan
zSwe`m#R-O;>oBYbY7~6ir(9fS8m!}QgI>HkTlFvayW?rO*o3%0i%oJHLFRFSYLXKv
zYe2SIG7FsEZh~lEvZn}uCinPTd$NJEvIoR)^fMfQ4BXJgUW<k`lZdPvtyl)BB>&Zo
z-42XK<7I4#OA7sLL(K|HgY<15Lg$Wm;^yf_`s*UJHeKD=I&vL-a*t-n{vL$2zh`5l
zbn*9P)1nUgrNekd0k(m*S)gI31FtSraIZFek$1n}xQO$DY?$?1^&`&^ef{|24YCn!
z+(BWw{tJ^PhJ63_ox~#%qC&@R82P~$<cY_xTIfo$xBIiGCqbs-eV|#whla*fO!hay
zPP<|M_#7)W<B=(-i{=1ZBlvhA$Tl@=x2@2InXE>7y1l(EIr%ZrAD)~!L<SgbiW^Ho
za&*>CD?xA;!~<AROjn4g&l|W5{67G8K#9LO_X^vbr*=uZ!zfdO3Z6ei%7j%v?B%}C
z5fG80h~Dq<1JEh~FFha)OAZ)YfuQmI9=C}O?oo0T++g{xIvCNf`UX})GETBRKE~~9
z;C#^IDQvnQ!{mfWp@LJHv=~br!Jj#u3e8NX^wPMnODc`y<bULF$&oWCUa0Ft^y{{8
z*ij}Nw4VLqq3EbMpz((&1mw^|K?odU2rfG0hu|QEKraL*Ln@!mTWFTFVJNGr;4tlq
ztHcRYN+c1216`5hLA)F!twU4&hCd~QaiqY@w}3FQ34(n{jQNHdRIkc=GNWv@fSX>+
z6ICqf02d-@)`LsQ<?$m}hX%(?3+OCo4N#&2-Lz?K13LVFaJYczjtP@c&?>@8VFEs?
za$>!Vk_dgu5f2)=ZPSSwHS-p>!g_~l=8(r9Mog2)<HLgmoUU1qPe$~cXhR-<Bog|P
zk~a&vk1AqZjb%jtic*HgQxTo(WLg%MV)HcSLptBB(<vTxV2m+fkX_M3`E1TI{PE#@
zcx^nMkFSj<@`<%^I`3f2l%?Yy&p^#1FlJ(K6<w_(jWUYL<5}PhOExPznB<gVhMZ+X
zv$SNc(n=XC$9%S|V#^0?S-6;%h%Kwwj)M&ee;mE-3+lu~dyHu02AZ6}Bu;*y$w^GM
zkt1mGI3{<J)G{1V_V^P)A$2hAc>ENWNALs5pX>a7-#z>Cot(jZb05u@*Gzw;$32rh
z?s>S!JyXg({&>2_wVC{^a@#80miG9Qa9bAndL$+#^&dY`DY^w{beAKJGTjaZnc)me
z>^dr0hMEv^&Ph=TqZjCC1XpY{z^5W6-@ex8Cy_S~d;DpD<Pn?67!Ex6g90-HOaEy?
zJi_#=%GgVJM*0os4gX?isnh2XM?Bi2Kv)qU#coPYl-?{PA1`QpDlKH@;f#<Y(iGFS
z$Y^{TmxGy6A!nkG#moY3332LhOm$g{Rm|R+S%q>L;s;x4I%BqN>^nLGajVf2A{#v^
zjzu3Ak42vlCp4ao&9C;lO19CzkWbIRVLL`ejzyo8j_SJE6#2%Mvpq=j8qeu6bj;4=
zqmSoj^I5-((v8(&TMA+d498+})jtnqDk0lWQshf$k(1)M#`Ch|clT$}C0@r5P<Lwl
z_?kHti3X{z!3qzth5f5UNHN(?k^f8aN@1h<CpKZ4-^g^*<KKeEpMs8$$C~s0O+BR=
zo0X+nnkffIL>6W8oT{8K%FW}?6VX3Ap9fhH_}$&r7yR;5$FG4)z>BCrx+^6Hj2ttJ
zT-;zoai47$d1Xyv+#q_NL`&vx(vgk3sK-wu9e0n4Cs_2Eq3qDCI>}!G-yU+gV+}d#
z6nOchIVq4uPbk4k|NNJ022j6{#%zE%YYfe9K%5;Hr?Tq}V-A>*_oT*8>1HSw9zd!-
zNgag1=dookB?Jn{VU?!LS~6<lKqK`$UX0k+G+s!Hr`QqkG&9u`MLcbc>DT@9M;iHZ
zKAca``=_s3nkbB?z{;Yg8b9svGgKrq9xoweFCq_SH`I7#RlSoeRnG=4`!ke+^Wt&v
zKI8E+ww=cC*^S$-_HTQsXWO?t?qb`^$d%{lQb!jozup&M_&v5bO~?Cb9Pgvzc^vUC
zX#9B<f(n+cN%5k_Uy%8){KNSy9GTGgi~haL<5h0*eUN+_(#W)zJpKy6N+7*VoyEV8
z(#~_(d2d=2;l!fvL~@=jig?zD;)om*b5T<ui|6!f_A%SYe*&Lw^eDBOdG&u05()5(
z$7=vABUNy=7sx5}QVsGy$Q(b(ySbnE#@tVQL+(49=Dx~ox`-*E31cX+L1<!Jl*7SA
zViBbKCWWi<@>(Xk-3q~#$8v}(sF4NKNVn4(`NX8CXna9wSf`xrF1dMxq~d3L<r+0Q
zq_4*txC6p1XFcA8hZb-LsiwtQyxz`QW=zrp&cOpN(UTCbLhAi#v4R+_^u}m~Vzfdr
zdId2$r}0;U7)A9>f<y<>Iccf;5WLj#uTJgY>J+y{$2sbV4ie54wWuK$HC_v<z6}K)
z@L$A6E&(qmeA=!_QP=n)OxJiF`A+l>^^CM=K-ml3s=R=zyyjOWwEJ`3*;Kg(7*UgO
zx5t<K8d#zlSW-36L=C*E@upf{#`1oRzpA>LqMS!)M$@7N*z;Z3^L?-%d<|?1j0B6)
z$#b20%}|)`v=<^ae{fVRV@>02#fsa<$_Yo~OHh!qd>LHF@p~TlG`|4z>30P&qu<v&
z{u*L@4gy~9FT2<MvbzX%FZPD?B8BuKh4c-C^i7Sw(G6+sYwGSz9MNiU5mE{CEswte
z&_yKHYRt5QFGP4kP-A%0$Gr^P%e}al3HLG_ZHl+Y#5)>)`;fR4C!f$&_~J=jJsdBM
zi_391oM>+$1W7Pp6s*3pu4?=*R3(PXz$Xpg^+Hgv5z_d#<uLO?r*!_1#=qlJaSyse
z3abT^<5lxr)C^W$MbrFVTD)f*5$_x3v=PdTiuW^Ps1S&L4`TyCBukl0S$LdPHU7SC
zo1_QJQ{A1gH2!@B(n3Ifu+<dLY5a#CUj?NN3XU>9WO@AUQ#Ob5euOgyD;?D82WjzR
zz<#J;aZ~zmCV>4h#(<@-I`qEBGfjQip-ac5;6x1GE$>hX`Mry(@10<kUZ});(o}EX
z4|^3ZlEOdn_+@CZ1mpjTP8VFF40XWZE@Acd!~kbwPYfHXzpeGepml!Dm4M!;?;=GG
zro~T@A|G`t>7%}5HF_SW>gL7tQ}EKcO5=|pi^A=B{M#_$0v!3*xL+#$aWS*#shy!u
zB9-eKZ%=>Y@$X>E3by>Mv}Wi!I)g1UGLxdSbcSs$h?2&C=J6|Fdkt(q4<x6M040(I
z$t6~~u~G8J9{(=3ybga}lUAmy2HPsdtj7P&<KM&T8xZ)(<^peS6!`ZZe-B&Ugus8;
zAn;j@|H9+%WA!5P=^xeS0oBy4Z;oBOH+KK86V2n_rxPeGeu?OP+Kt|)eSPqcn_P(~
z_kIaR3LT9<g&+#uuke0=`fs5q@dEiRi<$ZqWB%u-9{_307N1dz{!D#^_%+(}Z#4dE
zat@v>aL#YK-?Y>lruSpnZyoU~s-Vvxh>-pn4<aDF4bNYvKpQEFcxGlT+*2C=9bSFl
zxdd%KpAf$fw29LPZT>@Olj`v$&7Gcv_n(Ue^?(ZFA!soFTiEX%@jKGvU+`9i?8}h-
z#f11*HpL7pE&hP2|AS%1bQ^^qRzbsy_J08Y0RR7lb!S*pTeK}nD4_>J@4YESKsp$D
z2a(<hoe(+!6j7>Fkrt$?6zOmPDN?0K5rw0GAksm4RTK*<H#ui}U%vC>zI+*3W6z8=
z)?9PXy*70#j0dJo41v(Y;2>xlf*(Q(qizL3+hwU+Ah^iWe5f>-o+1GOf_BJLcSEQU
z2!sqVf}a5a7eGK{^Pw4Jus#F?jv$865#z6TqVu7dWH9JuMd}`i5)M2X5F)q+1ja8#
z-2+#KQ}-|<q^Ub8c&NKT&`uaaN=FK!+pH_A%TFhp#KV&h%_4?b;tj$42#Q1q?wU*r
zDu=VD=fS1Zg^-0H_;Jf-<Cc&|$nyWAltC~+fY~|32x>tDgu!bC!N89oh9|*b`A{sG
z)FT|vhvq_guEIdj?tJKdN)o679RxRD2DfJfoF74l`~SWP0;&jt_TaW)00BXJaZ_=d
zzsm!HKFf#Z{X6A<#d#)DP$dwwFTW3`xrejuSD+q*s6*iViqr#eB^-FDU{V@zB8UbY
z21oD{=l2owP&52nECd{X38U^OEdRj2<?jbU2W6@I@a2D=56#E9XW-n26sU(GR4|x2
z1cEDcK5qZYxB)2EzlQir>LC~c=co&%hik(D-(gwm=MXr=JT%yX2=~$V3&f4!X&hC-
zffxq}4j>#za3Cf6_d|yRJq}<T;5d*GXqW(wpUVblIB?(u;&{#ta6TOP2{eL0TnGnY
zU~T+bq6D570WN`qB*3MBxkNzx5`jjVfXfi%piID32)HT%S0mt82z(F(aczQ}bqMxi
zLXh)Sg8g3m&))Ie90v<vt`!c}Kpf9)fVeFVc0e4@odJ%ozY9SeNpN3W0ZsypU;@uS
zbG-=i@&1p`AB_(|4k+Nh;P>TEu*bmv@IQJZK#%tcBgiKj(8m$nFFf}kSoaRVlW<4|
zeDHau5UiC7c;f4y2E_0@9nj;~%EarnBk;ZbPd@lQ4j}Nxb0T0pU%)RC2UdXNN5UTe
zQ%kT8#vkViLgP3s4hg{e9e^JgbmNsJZj1ruHU7yPh~ENotoY*x#BT!n(m%BZ;uyd`
z7Z@Qx{05+Z0E~b15x{i;u;)MVP#~TK?CXzD2#`kx4p96CfOs$v$JdmcARYwdfxjOV
z1o>YF{EKj)Bv>~R&_BX~ieTL+AYP6GH9`C?u<kP)X#T8g<P(aoxf|}U^@yT`Of%mB
zDTajgcU%^2O)r*CcnXz5rQ}$fA2#)n^UJl%6bK1cr%3%+<6hR+wl9_v@e4i-SNOUl
zJ#3fObm}?rt&$FItn%dMhJ_VJ@ZZ7=$qB*_Dp$DrRdb5?`CoiY%d((UNdG9mB5CQM
z*UK<*VxzwEq4%ZR-c!e{DcA80K9{okcCw?W9pmRkPc70*Uv++YSWdT%)YnbYxZ=*|
z*CV~m=mk|#oEgb^T_Oa+h^ffSL9|Ir+i&R8qpy7JJL~JhN)?tPADH`kGu#PhSxP@`
ztURC7KBiqcvV@qwT1C@m(VS=9ZHH5@Mo4hpD)#o+Or%r^EuG@qqnRiS<l3k`K2|yD
zP+w(B@HBg8*q+f4w(ryvZ^!*v$@I#4P&@T1Si>(`)3@wngT9q6JLT5fEKhCsjK2kx
zP3r`1N@E!kW*tjDRIV~vojx`~n|_aN>Y&y@yPZ<fD}1;}WE9|ruk{C9=|zCP!1wPE
z4)*}w|DXFr_zc7YnpPZQ0p9$d=ixRGuldjOK-d$6&jVo(5%xV{&k^=L;WI<n_k_Jp
z*x!Ub?FZx&je{q^@n@ks;Nu1WKi3HWp5xC~2fzn^-r55kfBu*e{rfE9&mld)M;!-U
zU@rdsqXp=d0N~>aIEVwak^}As1c(U$`~tx7di*<+7x2Nq8@Y)7-}%W7Xz(L5z!}s-
zL-BPGiNl{}AaAfc5hN_c|DOwg7*V@J3Ge4OER;UaiKNO?Y$Z`BO?`h{O+YOF=plGL
zS(ry~h);mOFA<5ngp7prKe2$oP+TYkFCuj(qHy<c#dtaU_<II;L)?i#?l{FYBO7NU
zQ(bo=@?Z~FWUw<jz{{P8)W;v~<L`mD0QvY5@koXQyGc5`Vtml<lI|X!NDMku67AzE
z8SH_M!2kD0DDZy@ef-_f82A5m<@mqED7=a^Bmfia=HW{u_5VviG8i4<9Du6;8hKp;
z_lweU^}_Xva7P^O?cXmIQB?1EJp=m|d;7KVlQL+PcXSvC^u`}_>B&<fYOt7?T&m3W
zI_9=>__M>=BTUa@TQT)OFdM&jAASEQ6zaMfn~?<zjirLR#x&dWti-;_ubzB<(NgO?
z@2vhS`fH@0tL511aK*3Tx4ssI%pUdLp}#P**z8O3<)eG21U#UpKjllylj?|4q5FRe
zp-w)&PxFv(F&%PkDr7gPx7pHCduTkv@F}dcnDIirVTFaid0jK#{rdW(S%xgp+JWXh
z`UHz!K5Sj}==*9#e<!)i!Vi2bOW`4Zh5w#UH@x6GVUv*KH`EzBP@Xqn@A<dS3-=S6
z@>A-Ax68K5esgp2XS(g3Ms13j_vYu&LWSP5dNuby?ndn%wA2*0$1$zfC!;5_XBOd{
z)(!$wUy@HPILcl0f+(i1Gz7pxk4|YX&547j8|Cy3J$AJn7SDMd7TJ|-noKYWp?+%l
z`ocG&9|VsEY`NcmTS1>tRJ^^4N!(qeAL=!4TW3)A5Du0z+6#1c`eN=@X6=X+ueTJW
zXa06>^mzJ;<;O`awW*?~ebcQ^t0}=vQi9&yZ!S<qJ8ietkA;mg+g-b*5xKaZAU1Nj
z_v!-!(ZbSlkIB0%odfez-z!TWE0%2^RzLn6x^Ka2GFv8VDxL5;8?jB!oA;7OlCtkK
z-i5tnlR06$lSJ|w`0!NB)Vy5ohlMCcN#wlNPwz8D>ghF~bu8;f%Tmvyr5@RfmMz(k
z+6>c*tEhY3iwjx7os*YF9m<&A+TY*9)z&5-Axw7F2U;q>x3v_T`Guw=mZ7dvlQJyZ
z(BiCvsjE#r1<^Tp5@Ns5EI1~p(L6AnE^f>C3w6T#vY37+bm8R?Q!Pa}=N9y@<`Z&l
zc+Rzg_9x?N15!;F^YsNou0Olds_P^cdqAQ5>l(_}Un9A~;l<OcjEVOhMm2BS)@%p1
z9&?Rk!^cI8^KDReCdY}ruO)u$dj9CNdv4j?@5A*o<DvAGt6%+69L*P9?w<vYvD0^a
z3Kep8a+}}zM1=nSGk0(EOfFx4t9#QSJ_>|VoVV`VIm!yXwmRG!%=-91T4UbBYClUu
z$t=5h{d=0LII^SU1$CRcOpTH72ov4)``X0WFL|%u-y4=-9_?B%TG}vf$~1RGZ+tiE
zh^t@dw>pfzz^!sczTCm`;@9H31u=!8-?o|6)j!OjUv;mNDK1+Jmw(dD8@rV=b}N4D
z)}d5Al!{MFr2C<k%QGnWOcQ*zC-j4o_*5SL?wRPRn}$ntJxg*Q2U&auS&{(F>!)Oh
z1&Hi0sQ(+adB)52JT*iJJZyw$fpeopdF(~swFXy=)ccw0V|V+K2(0BMX#+=jZ&Zz3
zP=eJSMg0t;-7X`a|5bWebS?Q{GXE>=n!<x?Oxcfum7j|I64@;S|BBQ$uXDVg@#uoa
z#p2kVJJuYAaiYAG8FLpzpIG04<dK~jTnKAQXB|%#Qhrc4Ut~~Gs4-WgH@BUeTjS0o
zglRBw-#bvzzkH+LGUHWk=$SRSQy_MZvH_JsJ?pf>FW#PI+a>q##e`+sVR`NO%)3?^
z(1zpY)}vp}oUuK2zJgm|67`s?CAB3Q*1pHqsWYoBxfWB?EnF$eLQ~hfoG=G(f7AE*
zx<2xE<w3hXVv@_azS5^h%OMi6f<Oz$RTWe5g-Pp;)1qX=U;QFgL<$u8aM6;nVr{I7
zOY{ZD5FJPd2)0{CKH{zm%WNL?dO^jzt9~prlb@7GQrWdCXzq%|X~xHu2nFAIlvA{~
z&HPE3<wQCDlX5(jf@a-2lJ~S;UfC|AtOGk7^s6XM-ZD)LT$4m6v4EBHJ;R0Bw9X_b
zHe<wB(|eXeWz|7i&N;Q3O$Ya_V!KnJ7}hC=eIeQxL>XU-ENVv5<v5awcA3ayiV<@d
z&#?yIl)GS^DpK%}Eff|n>Xj!4yB-Dob|Xfw$S|p!3vR2PT*sqjWz*Cf*t>mb&`55Y
z@L`pa&fQ8w`T`~d3(m)SN?&*z%5D<D5qe|H&E@D0Y?ZoHx$NfHGIidw)tqOm@y}MR
z_NB+2{VF;HcYbEmD>(24Mi9sF^ThCnM)DJbb@RwM-Y~F(HA^W?-5V)6_;l~E=%z5F
zQ*B!FUtY^(%cz;=q|tWw((-6$r#(kqk(d=R3ey2E>9(m8|16{q;}05H(o;UwnQW5p
z+%uIGjqTU=2xoIFn~5ZO{Zf9HmFwVdv&JjBJDxh^zZAz79+nlj#)aNisycqI`zf(d
z<EFg&>)_ril~gue$@K>T6;XSBomh?FfZ^iDH94+l9jvh1GQ3No#S`UzHa#C2(n!wz
z<s0aJ?}VxeEcmQ3jsFtQII|BmY=<r^yKer@t+2875~{W`|Gx0E#edgoak{>-+P?Lj
z{SfPFJ)O*e{hPGonX8NTtoiLbn*nj-%S<yJ#xmQNZ`yxw_$YU8rH|Af66spjn)c?6
ziJDR$IsL+|*gMjsv#f)m><}ssBX1EY&}^>^IhC$pPTF`mn;E#J{L;Iu;n7@KtJ*6}
zpOmdaE?G5}H+dSe%`@!n*iHVNn>ephwcH`Cb&0dIi@<uDTGE|bB<xp<S#+iZrJp$H
zY^WqU6kj$e<03P=M_HRz=BXetNi~9$;UIez*qwVx?LF0qxeSM7-s-{AiG#GP`Ixth
zTm?uQ7Td*x=cE23I$>RCcX&%MoF@|AQUNFCFLaS>CO2;4ipeyiEUdCGgxVKY37Rs9
zqg~?@jJ25LE=@=9mBF`=l!fIb#<8!35->t$G6f7iI@yh^#$eCT#M~g=7S=`e@ok#^
zw8Q6^LksGW!LTE$P7Z;LgWp}^PZtA})CA6cho|DO9(9}9!up<mz}~sP^llABaq-~<
zi7+cNxa+2yn|)1JrJ7427dg=u=~od`vGVNv7OH(NK3m44I$56}8n$4O4)ctQEAa9h
zrLAO<A?24Sw0lTVWNH(w(l4ilov+PPk0Sf4oy*7!A9@&*ry85x=wvJ&<nb#tmvyx)
zwN4s45MG@QN(nrb6;xRv7GGxeT&{e2QoGW2H08HU#`;lN5#7Vdz_?qpVd1Oz7S&-9
zutirL<dr?F8Z}sBk!T^-Iqzjx6n{GFM0o;o<6%S%(!Q<Wl}tqpI`|cAqoz_i-pjhC
zPPtnbdInyu?p%RQWoQ!JF6250m`eV()BJ7c&2J$+-rsVn1IwN*)!flj<9)f(af*vn
zJ22Lw{pG*vPi`rUE&K&qmJH7}IMkv2)e2eQ?kv!S_WcY{_<3$0En4;Ch*-K#StkA{
z^2kWlWr9lZl?9V5=oe$+Z46ENjqahaNWJ7WWW`KSg-p%Xnu)Vpnm;Al?<~6Ed-SfA
z<y5igY7K3KrOzT6W|6Gk#`J6V-N{;Ed)nsoTd*gjQ!%|suM|j`$P!(+l)#r7c!!Oj
z^Y9wIu(cbgTQit&HJIQtxD$1SlIe}^^_aWkSrUxXrQb&S1q}4w)iMq`iPJ<1UKE(l
z%D8&r%)Fj=U;k~wQ;XDf`grS<&g#6t;DWXC@}3FeYxUbUD7vQHw7Hb@$FU6bhV@A{
zDBUlj$6$8$;_<Wzxrp4ms;Lv+y92Qp3UZi~c&1oip%O;waK>k2*In7{MbGPRuXo1=
z{cVKDLw5)FZ(yzbyb3`Sfz$>YPSa?wy)p^RTbY7gI?fyMKCk^`x8>M!n0^Z>(-Qrb
ztpu5duu=Vb%`-_E9Az2j^1AP+NN`8UJFBQem{aQqgUzowpJvs0EW3^(H-@du1U@}{
ztpt%b%BV@F5*Mjj*6tXjL;3FBW298#z=~iib(o*|JK-0hel-~(3(2H|MJ!YyL$S#8
zZ=oh~pNhDtN?dNM{=FVAV4ftWD1E8i^^=y76I1qxtKPIILnZ99Gic-iI7AFPX>7a(
z|L$I^DwzGEthD!g=A|}EO~1==<fbi-KJ|60R_25CuO8ZU7?1lD8e{1T3;5qpbD+&1
z*R5}6q!;qfPjjHmL-^1JS)we1McZ`yM_B_yuLNB;$6Pmc>^8eyIb(!&P8wrgxsgiW
zW7AV$E+l)oGR}v6-M~iv1#MH{H!+nmE;B9{N6Pkn<K1^;$#<)|Gc8@qmu;hu<el3u
zEh}te5&H27-y?W1(+_Ef;xakg-@eHAc>K#Z1c~x-6UrZk9Nf(2pP&t;<qT4Lhl<d9
z8C6wpw!&Mnq**b{t-<*n=E3rp4AY7yQ==yni=Pju#_}L-T#CfS#)T@0@-idkyupyh
zouHEBlmrQ?+cwTgiC+>HRG8L`tjiujm|d5+hV!_r6oaS?1TpvcEn=z?k*r2W86UZo
z;^L3AMQ&31_lLzZC1*yOHF1_`3p9#n@qguG>tNQFKoM8Fn>~R_puE2fmH%*6d@qrn
z)^<<p6RFa7y8Xj@QiGB4k}}ajS8712@9#iQy+zcda&(bg=p>QPd3CUdQ!01tZ>EWU
z&I`egG<6x|X<_1<eljEbos%*Lc-NQ<pq5pYPf~NgP!2z-5or76{OC)j@M;iCJ@@Py
zm$irfva&uVKL<P6DOPGBIE2!@m&jr7u96=4BWUNa#o!{Vqx}V%B$g}{9<_;fXP!*M
zfmlPL%&!8UTr%5;CmXfeJG3}ja+Bg_=-uRzG0ZoXjTM*;QCT}$VG=W*<dZs*qW4kP
z4SC-`w)=K%^Te>Y!Hn){249i5pvCdVDm?W1H)2~ZwV3;frrV=qZ6vt~k8`U98=rM&
zci53)>?`c;g-+uQ4!i}QnDEU6u)5Rn*mC9C&{#i2p1f?`-*~g`NuHzC9o3<3XfwDj
z#-jP~<M3<P$W+Fi%F9)i9nNavXB$(~l4gB3*ybCu-n<cpRJ5{>yB<+M(Fr<Du@H0p
z;==uo+~VewFmL)87Mr><vB`bz3tf)}+%_1=7b`Ewjt*C8(4e9|{7z$bTv@)sKA1s~
zWT(IAA{Z2h-GAAQ{p{%+S^rf`Z&^&-11m$`=u2<ARjZ%lP)a|#Qg_YJOSsubgvoPk
zYgO&HrGw3zfIC+D$VkSkG90$nJ_ZlJ3@SZXR!yWnQv7m0MQ{7L-99;Q5j8rGx_j%g
zyfSuLKi^T};fwc6?(}*wk6&4}v$0I0XpwI2Aa56S5|_C17rN)?<#1XRcE>o+vdISC
z`64@h6Wv(`+^D&aysL6z5AWGNN0!$KUYi-aHdA1tJiE$yBZupO0chEgnFa|RRsy>f
zQ@J^2a#E>N&5b!TH(}2;EZWN`?@O+%Zj(%1e?!Sb(H*^b^{r^f-~-C@!xjG?xq<RY
z(J+a7yLlCUdnH{BvlM@|e<K^+Gd}73!V3+H?NXO-1<AFlr!Mk1<X!VowQC+rUJM+u
zUx2lZR%lAz5mYskRBFSDAOAfpkMd^6e7tM54-S5&h8|!&mtVX5S%=<S&LC>{GN@(b
z;8LkPQ*osKbeas<sTA_U@Oi$|z=`@7FCR<3hbv^Ig`vg9X2N_i<;HhpGK^!ie{lE@
zaQJ^xq&m0_CwfLce=g*DUI;#3?Q0{ab(3^kbCToK=myj9y8N0=Qta6@TBEP#Xs;YE
zcskzsb5o8(&~NxAT1c*S4zah{2h~`V5AlsCwj11g&gL{SbKEKaENj75v`u?<ev&Em
zoojS&g3WWLSA9$<I{Rp_eWNy-m#K+F3?}`A<m;~0!gqUPtB<}BvIzp{!4!X)p-+B9
z-{sP7va9#r9r@%Zn;VdtwDBy4cT>Kz@)mzQ3wFkKC|I=Z=P<{3``&PyukCzl{Huef
zA?@&!C4Y+i`4Y9Ksuh2qmhy%~YK{IB$7C(j3x5|6%UWjB+@x{z(zWMsPwZC@gOSa}
zC@!dTx|0z-gA~ruEWaYs>AOJsDq_(rXO@$fx#Y<~U&AM%hU1DCb4$|kE6d2STVBDf
z%l&-CIb%+N#L4gO-}15<*q`1#LK|`)%6?uonM_m;;yx^odJ6aS`3b63zH}kL4Hi)Q
z)}5miTGK<Fiim3M-{+g@rL;ej=uvy_`*1P$CY)_a#Y6JZK9lv8t_0?*uQ{UR^UIFp
z96gpe9X$Nwh<%zGm4ml#nqE>>r#<N3>`7dbB3)+ehTK@^oMb<$Iz2$EF$avt+>H-^
z1b-H1@Upuq?V2tX=@%N}#~=4eB2MX5A|WbP$2~o9UXstBFk>Y!%P`F^#i{|7YUmJd
z?+|XEkcW(WoQ(%TNU!2ws*AtX-u+gyFyC~0I69)1e=i)=7Eaz4j@=@8H@OPuq^St!
ztq3=xX3ZWG*|0A^8p}I{7@d(<{5s6ow-<hlx)R^YZJC8U2#@|Ss?2)kVQ~bqIHI#S
zsuqhmhK)z!zEzEBIv$^^jLT(q%4@i{LVFUUNsz~?Og%I!#q6sSYRY;lJi`r;AsTwx
zjM0$3^7o)YaYOa!Q2OhA3_r?$XlyIPSbxyyWD|pz)m1=>A~*K~rBv2ROOB&l5Jzyx
zjpY=~3x-eP2`V&dN1E(6xUtL=d=_E~jHpytG8%hR{qDLm8?0^cYl3+<tqVK1H<CN=
z;u_=<-%TQ84uxgjzD3@FMcyIDr6^&NkZ`DmQv4X@0%ul7DvU2Eyox0}k@%2iP>#kI
znP|Mg$<(2YUO9x~zN?2xZsB6-p4qt`U76G0YkupAm~Vu0EKW)*qU#uL@kkn0Fe2@`
z6keY}r_Z2Z!Js{XGn<{BdH(l1(QCS(?lP^9Wmog=gfeI-rKD13q!;jVzRi#=bt8In
zDRw*0RSsJhWJF4&L<-{6d@P8#3LOqH8VKQ7Q8YQ`uvUHdp2IqwWQ8L!FuiPmo`VNc
zrYKRO2zp(_<830MIX*r<WZB>8-a{G+1}nvk8Adm<r0vAV?`THvXvXenN-a+%sl_L$
zX+0Ly!Wp0N4zDY0>PK%1BwGk0yM!?i;bPk&l>D2?HMNA);CQLv$&-cT8t?ThB0cdt
z#0iF`{zVjq4<-dKr<lWrL>Fg7&C4xV7a3Y|3d|HWRhtIPMO-I+rhR1Zf{y~4DO)Os
z=B9RBnY~T3U%d30(=cJ*G||B1$4`Ccx?h&B%!q;uAk{GMLw{n1{|5j7|NljkWmJ?8
zu!liKcnOtSKspwDVPU09y1PUgB$klw6!_!P-Kl^yf*{>U$*yz?2#6pl64J{qT<`sI
z=lq_T=bV|Z<AL@4;(_&5mcEftcv+B|D{h+yAwEO5f6I;Wu4}Y$f8(^aSTAECC^6z@
zRY1)dr43^5{9a^Z210AdZfzYenVp5DvtsqojD5DBmeysIe-OT}?bqo_>uXr2?8*NN
z?sn-MyM3)-vBYmLw7ypemcK5$YVPnhy%gt}?`BPH(Qmnw!?vfK)c@U1DVb<4ow&m9
zR_AuoZgNZ=_syJOulo>^G^a};fqC_mH?)o((@p)mL=((yNvl=+P?Y6cWF~=}4xNDQ
zkn~0L*g;NZqR2XKBX>^AuWwloB2zA?i34-OTI{jv2|-rWW`dzgAtyYG$lmvIzj;V3
zr6bY5(%b5Ls7#RaYIc{zDpB>tb!5eVoE03eP46EG;~zEG+<Ysa<ecRq4q+r;x_P;0
z_;NSw^Sg6G`}{DEx)m`|j4=vh`_$md))<rAx8;w@XF7<~e>&u@6g)3FIn+DF9mXyV
z`I~sbUw_0oEE-V3G}I>($$dq0ena)*I-R=9qnaz`2~Eh+{>_l>PGM{&c5z)Nj|8!k
zzO|KBF8b=$<v-C^df_)D53pfBi*D8Pu6X_#!3Q`*f4n4xjc`DbaD8@rXwr)*I_trx
z=s4vMG5Ga--~dv+l24~{d}hICRjfFT1)!`x*?*B13dOlEFyGn_@twX2$h<x^ZJ3)^
zy|D*$%EFw9EPgze|JLfYgUQ<YTdR54T0RM#<tqODJ!bOEqUp>hoD;{$WZ7%Wx-V%R
zfE&M>yqjG2<M?>aKlU(&Pn)utY;0`>nyDX@9VY#VvyJBMBEj)v1lHQa>-Oj%w`1<j
z!d~g`&36|@lU>)@dCk?1+dm#E9*<A>{j3k)w#z~eDR_?e{`|wnQZ4jIsnlmpUjmh_
z{tSy?$qNn}s77EX=XDNt-_A>Hx2T%I@}Kwj21J;Dg|m*8VqrQf9^Pp862Vs`jd9)M
zEjC9nRhfVmN6PHtvZ})mv53XW^m*tj`8~)>i<u!ohKbR8Jim!a{1FrUm^fdhxGEbO
zPOQx_1ZqM)@%*>C#i&lHC4_^JB{k4r;YkPi$xf7RqztbDMQ1g+q=ox%CeKn$b|+A0
zkJ<gNH}+=gZ9<IoW52$GQ#QYp80Jkyn;;K<smp@T=KAmGkeeD#fk*v<aYmtjw0;3z
zj_)MsLRON1&hY36l4UspkI!EB#A%9U56V@e{8C*UX+FgqRD6|_a(R@#-?XrNkICwc
zQlmNzTWrWxM^nA}A;5eGkwntn<@eHf#{vdBwYM&A?Jp^P9>-t&5Vkl>MTuc4!!$uT
zPg6Upla~!&-$6cMF;8GI*Sym|L^M4V=P*oT{_$<3Y?8gdPcZ*#|4uvY6JE?MG-AWD
zpLdf2eG890ztw2Z(Lmg0YvkbyvF{VDq}TPVdy%xP@I;UEp5?OZ$8T{0jg1$!<EuIi
zMWGD@XOwTdtuh)fHb~FBzxncd$0q1+lf6ot?~!2d2n*w=5A(b@boaZxsdxHuOGtHc
zi$D6AFx;pKirOUd3iL#6+M_o41Roty58+w$;Ys#F*SjU*eccp&-P5@Kdc;TO2=(Fu
z9_ZZ;eUT!bNYQEB>7#hZ*1NeY4>Ix?pNLAP9PC}i+BY(y#{7yp@#bW5C`$Dj8K30V
zRt&Ky9<xw56BcjXkL8h(sSwHuDrRD|TMqQ|s{8rh`r~aZ$}JNU_LN(!t*!lmNdE7a
zeFITcf(xvg-K<K_T%JTcYZCiaY>!gNjkYi&J!<}!R3;J9KE`sS<UBNR;VF7H8eJ|u
zx@J8P7idiI#tOgn8_QpHWLJaM^<k*mN0qV~m9k$AnR<L?Xp0toS|@IT>{?RutWN?3
zAiuf3O<T>Nhi4Z9Q`wNm$H<cbiqmhLSf6sV$4QR(9e`19SxPx)#TL0X#U3w?Qnj~c
zj}JIaB>I~;#QMWADun%HM{fu(*(O{?Dd<#-=s@eme%c~B!!RFZx(de?!5LEYaK-}F
zVQGnbg<}#o@qJgfnc^~w@_xjL%AKecg`K3k(62`apRC@wvs}}8JX~DijL6S$qjTFT
zNxZx27$~?1Q(4x(>Et-ZB~OiKf4iA$Y1_MGHh)~|l@PnZuatzhBET>}3k>9lIGtW-
z*mA2y$A)G#a%pRjeBYMKYDKbBM~nq_4IkPiAvz6h4FUf#!?%?xUSBZ0dY86iN5gSu
z80$`G)6><Qhe-PKt+)H!>1ONohSWh8MTkr)%j#c8`kNsQ2g51qrmG}uu)vyrfu0mj
zH0vkJ8rYB-+s4aX&!Q=MT}{SlBK=Li{$RFo%IO-TVKq#@2sb@{&T;+PrLG<+;#q`1
z5AS!u4JgY7V%@iqYUQ4>O9W;+<4C&f+Xm&Mae%0T`v>oCsQXVG@)7+EXSiRP?|@>D
zTTV<e!%-@lqoF1jS*@*K+kW`@4ZH<+%I7Cxgj(9qveX?rqzsYuAcXlww<y_D`m<27
zXWp6e!T581!)cQ+Ej=pfAtCP3$W)wIMMCAR{hP<$9Y)yylG)!W7adx%&`CfD)QHhN
zNz}3zkQb&a&U3kZQK+8rXVYzbapi^PWx}d6hRKHSqA2fzc68{<HHL*spyPl)vOXBg
zWQ_}f4~NtR)MTk`7mR|sdsKENH*~%Eat|7-W2@&X`}TIm=JsO7=3b@yYeIRomDnm8
z%*^Dt!<<kb7>|i^%))(#o?rCe7nrOH=o8F*SZYuvwOX}0=2yTLN)mTMH0VUSE+pXe
zz*<v*z9waUxBkZGv5$w^GX9Jn$xPV<2bT2a+&BfFIhVK;`QgbdhIAT3I*TGT_${be
zJMlCjAuLStZ2??-fnb-#ppFc;Xl{HK>Lc|<XR276nLW5$nlh_kH?b%UU*_}1=eu8A
z&k4I3*yL|d!&{EUT94c8Hn_=gL3|Vf@g%v>LK_rxtb(?2A!!CC#(RGkm|-!!3%kp8
zO^kNdrmq!$!)qUO^&Jk@A@|vgKCcLb+_=&k<+lVTJ{jTvDAL=?(Ua#z(Y^gFj22AH
zkespkBEn}+n%FRuz}THrwSh}ytV%LLycNp-nC>v+TP`lkm~%i}%=iOYRl&p8(qz*M
zS>saA+0)9|Lr;HYcBhYX)fKKMT3J)k3Q8^NTfv|9e^EcJM$wxdgS0yx<k)p@Xc*F&
z4u{g&$a!<mJ32JmfOg(}E0WK(3F|moEh;{eh|q;D+PoT&QU&!n3TJy;*UN?1dr_0K
zF=6r+3Be%41vW7ZJSfxjgwI8_Wv_qC6Zq1dA#RHHO7J`k)>tR!p{Bd&>CI67`u5*d
zg6G8Kllb7OowjeI*YuLUg7Lv)`Uy^1wwjIL7a^75ZlP&b3!#HDsHPL0!4eYW9hUOX
zmgdkh^mEq}D}{PEG*?=Bwa<Q3-W^}xqxfk8QEH5OeF|H=aZl#V6<2gj8hp+m<UPeN
zylo*gHs<R0va#J$dn3jEQ_vg}@u*78=aYL*@8;~1$|y!o<Lijbm^>6csKq|Y&u-4$
z!GBR?Sn>pRX=rvuJtR*=t`y42L@LX&Mzg~>w|H;Mg~Op`uuy$}%M`j}eb2L{?~cPj
zI)nYbciDE|)rNqZ-n^&x8Q1+To-K05ZC2kcI>OAravgV^CQeO!Zj)<$K4-sA#u|%L
zB-Y{nG%G}a0V8k*n_;0F=)mRh(62oSCyFnVa#RDUu?8AJ)N)k1zyA2&t4%Gvf3Yq;
z^AM0+#GVDWa^!D(VxB*uEVEuKCc@CL7}6-t^vafo;TIRiX6#zw?F{FKkn|J=ydi`=
z`D;#~UrCN{9D@hrz=OQEhbWH@LrnWsc0%u8@f!7RMq5`!<3iua9a#rT-3kiTDQ!PE
z<%RdQJ!{9Aq|$UR3xr6Y3xe}EqfY^!rAoA2#<>%k2SRsbn`}HNW?`4-5J(Lvk+#sp
z`0&g37>_A6ifD18i7V*ik2Q%4$YE}AzCEEkYjK661>(P6d3GETF=sLBtxwbWkGxpA
z3KC*yj;$;dlnB-CnIb_vgN&<kD40f&#`Zi?>rFp%Mzu7RlBsNJwDIzi_p+UMm;NX@
zZT#8=cToMJe|1vNGU74VoxvOfkK`rFgKg%)GGBliB}Sl5j@q!)%{{>(uF(sF=UKPQ
z?EVQ{skYD57&g@I-Kg!FJ(npNeKYn_YPVHudh$13nm<;5Ar1#UthQ<(bIQ~g;Wr?#
z!YImTd9se=q#$I8@LSAN+6zX^`CNtIt*B(0N8&o3;yUQyF)y_f%M*iTX~V0YqgEhg
zPHt8Qu(+g}RZN2N=)(9{(C?X17~##FhW99k1~<BoyTltX>&U<n#VlKf{eN$+kYPrC
z71L|Nz#ML*c(54~28uOE+pdlTerd}-A$32c1J$J|8KFiHQLg<)9tCG$-@i=gKTA-j
z$S9BfxB3iZL|uY$H(bZosIUJ+!Z(i>tfnuT|19-$tF;=EfAe@3Nl+-vAR--K^z3_<
zv)F{X?7K|0(0Kuifh%g*Igd}HJfcZwzI}I^_HV)Iua^A(d;<B_SBJdood>VGCsJ9{
zN3!_zpQ-TaD+;SOnUXa}2pDPPYu$Xc5zgpc^6|FuW&e2-X#D4@K0c}h96X6h-X<^K
zj<<Ldv>MlQzd7o6dz71HajF~HLse(lmn2ITl%6<8UUzTab;u!24HQzJHJ`8qH>3CL
zwd3uwipVe@&NO#uPfqK@{4PogIB}8c>taHi!dG=o+`Eb!dKSns$zZCkYogCZUNVY$
zFp8?CSCj2WeT|Bt=axv84M~*?nYx1Xdr~5QDs7x)Bvvjf&mCeh;&I8R(JCHUZuA`Y
zAE@f|TG|*aWFzD00wP)ftw|zd42fzeL7-(z73z?s9dWtPixwkUdhP?^h~GHL)=F(G
zI)oEUL|BUaFXIuGTZuieu?WkgcLd!w`+_bDbx%8khg|&YQpi01B-K5=)kSE0$kgW0
zng~X2Zhb)6T0-@93`=i6=<9Uty?e+36MZLe7)rfrnRaK&xj*Lk@nP4u9LXxG%YjMb
z4`ZtTGHX8rcg6b|WfgzisGhhq$s7mF)Qi*!x>{Dm+x`8Cg%}5rh_@bRmLtr~Qgrv2
z-2igev-><?oEuc+Q|60|i*&;%Ynecv!FFnwg`e^=r1wvTI%;=1SaN(^5hux3-u<C}
zt|Okl$35;~*ee!I(RY7Twkk{3Wt~&mL;hM0o4CV1<!YYp`Vu=x*zV5O=1$S(&IY<G
zPgJiaNTXg0K0Y&JI5V4GUQ)q8<S>w0y2w*rAImu19)$EX4xV(>i!|XM^-)s^IaD;=
z=P=z@yyK_-$r$Q)tX#xGTT<C#Fie)V7tIuV-70?BS~avI)=WaZTz27lx7Lrm);O}V
z$FrfEN2#xtQzYYn!grZKMUU3r_yo&F1(%1*|LHgAy@ebO96+L?Rze&Xc*iRJX%@?u
z2R8RpTfxn=E!VG7A+MSUrS>=S=m$Gg_QR#@g40qOjdWkZqdSb)9Nfvh&OODi?Yw@a
z+5a=I^Wq=b%`?qantZt*D|8C?Db<!}w5CHLDd#FRA66R&nIpU!9uUD8*E*O}7Nj5H
z21n)iwu&@c%%?Ta<+RV`E~<ou&oV^N4<EZFF(B(kVn*r}9O<H%z0<XqALPEUj$ZOu
z_lx=9i)tg5w3GHUFhQ)kC!{6}Y*DrjU`Vwh{Bjf|VZ8AVRN(PRIbws#fk-kVmC<yM
zOvE!;$+$21C3aonaYf9+j75yX%tegNm%AfVA`C^0l*^m6{t>n=u0{IlUpVx9N=!<t
zHslS40}Y0ugfdKj*0|boC>!34K*t`0M&y47TqQ1JO=Qx~24dfjzot0+wB}D$DwUPa
zc__UY^>3P2q$?jvJDne-FLml+K*~0Q({&=WP$bge=UZT2H(+_(iw&8peX2tzYOC$}
zRhurEM2BuQOqgW-=kE-tbpIc_*LL%N*c;uL>3pwa6fmgD?<(XS=!iBqW~Jz@8Rdtc
zj}>p9E37$IjD5Ol>Xnn9?$B)6{-x5XrJ;9C8n@)2IxGFANy7G@jp|(|gzqIhYSxI^
zbBLr3$hx>PfixScFVg<7{e1Ok_AiXu`cl|L#%Sr_@4eTg8leeo_7T$e+hRTz5_N?3
z`{Izh7&T7|nPRpCu8=}SCkzO?swx6`7+R{-FDC1*;<UnuPm6wqaHgElacv7aY2si(
zno`3<1?j`j+e-ug>BeAtCI4B$8gzRnN4*3^vy)Z*tn)fT{1?r%$tlfvsYSEQ;>yyt
z6b2egV#PMsBlPEPbwU!c_2ZkSg@-IN9v1DDvI?JX1@@9Iv)5m5!O5*|;KECE7x!+$
zx||=3KO9{Ujtuhe9L!ZNH9$9YzMkS+q~fVVA)I;Eg(L00R@d)$D6(eOsY0E(3yKHP
zB*d1CCQqv%9RxfXn3Br=#M_6-#(_e3czBvlZU{U)e1E+EFYG^Z|A9~O^B5opC;?i4
z8+Z!P10nz~KnDl`f&eqX1aJWy02E*cqyR-g2~Yr(0U1CRkOt%cH9#Fu1vCIXKp!vw
zo&&~!34j3X0SCYla07yXP~blx8i)gffCQivC<p3+2A~r70JH<0z-M3x_yP<AC;$z7
z1xA2zU;>x~rhsW+2ABorfO+5>umF4qegJF0CU68C16Ys~ybmgZufZKK9Q+TA0@Xnc
zP#1g-8iMAaJ?IL0f!?4G=nMLT$zTeY3%&*4gJobX_z|oJ8^IQ^3+x6zgZ*FwI0Mdt
zE8r@)2CjpSpc7~W8iT|jDJTSrfXpB(2!cEy6$k<T0!u(5kObrbX@DP)1>^wlfNX#j
z?<w5d%NA~B<Ll&N2e(7mTl>2Bz+Ied;9dxqfdAWhxdd3b`ysqstONP}b-e!pP)h>@
z6aWAK2mtVQ#8Q;9%nDyA008(f000^Q0044jY<MqaVrgzKa%^~Ca%F5~VRL0JVr5}%
zgjfkc6W7+BWC9G4fq@C&im{0xvISX01sMV%ihzh9C}0RAU?c=gf{IH8m#WlOtf-7d
z!KGADEUs0m7Jb&X)?IO{R9vdoy>3;kzW>}|eC753-}?hMbLOnyJ@?#mClfn5IS|7X
zPn4>tgeYrj7>40m48uluGaILC%zC3<YtiE-{WN=?)>!RJOgep@!KByO<Y|o-y&XvM
z3`V`J-fYyG^2HXt6;uoLCaaC!Y%Vg3Oxi*{KGk9p>CIM)O@0v=ITUNn7QIfx-GBqF
z(J({rpe-&o8gjK(Ly^g14>uZ1u|C&A6zZ*7oz|)qS<NMS0^usL8jSYVB8|mrHkk75
zcxVo$BCCe?rIT2!TC-J?3lfv&y$9O@z1gHU+87NMtHrKBUuxAB=xwHIjU{?pi&bYd
z<T#p&OfbjNV!Z|cSVZX7%~Yh(f$Prs{mYqSt`?+#*Qh}=bkJIh3N-)<Ij0Oo=z?x@
z3?{9))UosOUT&LPWXdz-+vXLS3$<2T17y@>75H@PyywzlYe1?w4m^uXrBj|360JjC
zxCFWwOaR`X(||k3h1OuQI`9e5pk&)k)tfDl&2E-bi&bB!F_`j-$YOI*uHItlOs)u4
z%VLvPWYigjMFmc|U~T25&WRmRve6AP6dNoWeqrs4^#IBQl*m}5)wvo>xyBM50PDJf
zB9ujxWT+LLJ)kpL49FIM6c?FMP7EdspnUJN8#krSlE4eK#p1v2i5zWbt#m6a(v=wX
z93H29y;alYzL#GY2LXY8Xmv^pi%Kkh3O^C}v)B~s&G~vz>zaUoL4L+u`NTjlQ206J
zm6&o7c&Hm~iACS%f9d|^G|<mJ&kQS$meZ!h1V$3S&b8{|GSKgDOa&JQHdu6#PLE*@
zZ-Jz+&d+)n3t-3u6iW$RK9CBeRFgEePNp8D#?`c134h6IA^a)TLPmzu0tG7-y5vX&
zOl>M&H;AES3{Er4a8{A1zywK*8Uxafq6FD2BXn6$35sj=pr^zsuq|Vggf2TML1pa%
zjwc0P9h)t5IV=@4)qeMvzbKq7M*dnjf5ph(X|@dXC_#H|D`%?!+b3+L(B-UDKu`{p
zl)*&|jk9$kiqzDS&LVIoq8VJqi~%O0z$gLX%(<&W?g$sQ32cF&Ye^T*BLo%@61GL?
zasynt){<_20RkVV5g@{ib8(t;;m)=TU7mt&cNCr$u}>iONQi19CF4QfgC!uRVx-!$
zmh8a=DMmqhv4k@SoI%jLmh8m|vXP(<OSpi*1q2?oWFHh?NJH*qkgFh=bF>mq8VkC)
z3bNnWVPnaD?o2W%71Ly20nyh%QOpF1m}m);D~F|G3EGZ=)udvjG_0j4Rw`2;R!d?T
zTrGBkrIo4WE((Y#rRtbi1+5ml11kt=xv1$_DX#uZEn^7@H`9JB;TktqKzzUwZh)^l
zuw=F52Y}B}K>;2a;|wqraz@+(;=0=@6t!f3Tp{iaxI1N(gc0`vS$9q*@03v@R0Ay0
z1M=oYwQxuetK}*YE>lTlG9Id$LTEXxa&RyL7ZCj+2)cT*L{Gru0eHN^NFO{3r)5J(
zPdc0?J>9bza)5&LmXZSn!~h4WLP=v1B~6LA-1Oo?W>aY9617Mz?yI74+(imOy#KD-
z`#<Xr{JU<S|E%j1OnRb4_GJkV04)X3ezl}8N}{w&5+$8U?8_x8;NO!d>P(`PlldbV
zWDV6vXXYd-nNX$@{gpW>mpK&NAFNQu0>Cr6Dp;Z)fanJx0&7VHfN-F|lT?IuDocD|
zM=>x9l}Jdd)C!tb;WWO8!Z<+^d=peQY=%KBAp<A<VG9J+lEHs%mv!Jm&h3|AZod$6
zu8cxhqCe6HGPITq;p)B;rDQNmc!Iza1YyWtfZIyRp#owEOL!qZ1Q=RN4xs^Mozz+6
zEOC}Y#)Fl#v`R@U<|}C?MoA}Gm2|d_!BbdbfE`tg`~>3+9n2Emun|~d;A|VJEX5gm
zf*dspVjw87gwMaY5{~P`naY?H@QE|B7?$uANy&2PE(&tEb(obLj`rLz*mL0mVi+UD
zBghB=5zZ2Rvu!YNggaY-=A2lO6CLiH;;dr{fABIJr4&agWgw+i8rC6#B6@f7M8Hxf
z!B-3-vf*n!B8uTl@}5&g^UEPeL>YVq)3{3=WN<i31jJbdL?lZnAY<N;Nv4L3#Mi=b
zm#(MRl2LHoA@e1pWJ-!raFs&KXhvNLlMYOjRtktHN-9;+Lg3W_ZxF{*vP2O0^8tU+
zLr5haj+07vMoPvgNR@zyQQ{cwLn>*pFD2y)5&VLE6W9lH_9~?DzJn=1bBx_naAi@q
zFYq|ov2EMdj%{>obvm|f+fF*{*tYF-Y;<hnq|UkD!##B$?yA~zuBu(@VOPzUy~Y^-
zA9f6W_~w{q9Z@+Zavl0WSzxd*trjwNv%e9HMOkPntoKe1ls@$cULR@@Xf)6tM@x3t
zB^R8Ph*hB^_*5L)pBp53;5@(B<?)l+d42VLpIEj?(-?*uCfGBwhC;HS!XiI6{|TC{
z5dxNs2%L$YWf9Rz<bf=Kg|y7;Fa5wdIzx2!9SvCCt`dSO4u5#UY_!xcgfu4Th9k1r
zUz*yVD7gd-B{#o+0;ZK<tE(b{mXxA$Vu%AMLct@EL;R(jm8g+zanOm_Tcr3-*(2%t
z=Nv?sUDfy^VT6T1hhplJ1eN1)o|&^Jg<QCCPno5KqRj`5l)_CQ#8Aly!OS>9DU$!#
zEM5qsA9$9j@WY2e^^by<XWyaOloFSbn6e5cPYxF6{7IK~$^r%kOXR_~xU-T$YnWJ#
z(o+}F<9j4Vgaw$xR^5|~2oumSJ1d1RqE_>j+RJI~I6q-JU}w<A`m^8<BV+rFsZnH5
z606XJBy-)8P|fbu!Z>#NV;_r_EXaT+Ko#Ts+4=1~p;(%TUY0|G$ljoU2g;I*rm*uS
zPb^0hs)RfpKMy~ug1<8ztW{`*DO;vAk~NB27w-ZkBfOx+@Pe)ekSzny1So7+r(%P`
z$`CifvO?>|iqQ<x`~{XtAHtKsDSu$KTgXat2T-w?2KbNq80-v~{@&_BJgN%vI5XVh
zO>g<WMMJLr+UGWamD*!o^~BxyH!#Y->WO0=`A(dQ{lIiHtKgu|oWTT+0}_2~szQ$D
zSpVK<N|HSVxUz9|&XhZCUx^>DC3a+m9s`Mo2l=0cm>8ZuVRV)4a+S|eD~KB_DFFvw
zh`l|^`Dbb4jt|K1htC9vlb<kZqmZm3#AFcvv%tcT$&x!%CvHr{|2cW8gDoGQu0p9A
z{`&mO63WLUM-K&u3O*u*vLD!>Nh<EI=Rk#ZpgOze1V%%Gf^4oS8$TF0xF@Adp8y|L
z*Bsg?@}k|w2-5+ZQI^-c7u%GCTK#^B?qaI|+bQ~_AaSSymW7`k6C9a|E1@u8R3x!`
z674@ldu0t0Q3e{mWk(0-mXf*20nH@gA9Uu;#*|Z#JY*waDVSs1<6aaZZqM?k4w(j1
zmJk-rR2H3v$Y%qkUi1eq-Vq7-6-gl8>XecRmJ*rUW$x%D6`DKSC#XP4Y~BY7?u*(t
zbIyD#x}i)G({ENAS>9li&e~3tZA!Yh8wlb_i?4t$)C*P>X7yO^Ixo|`Fe<EZN&nB$
zcx(w`$wRO}5~uM>5T5clpJ(c&h3Ca>x*R@Mu9p?JHaRTe&K|-PhDU=FJ#<mIkJ?O)
zy=<~sde2|{3of0>@7LYt4Azgh7e4As=FcACDYL*?6VW#RbS$}P$?KypJbnWRq%a~r
zld2>1`+W;jBNkmqSYof<+92WHUXL}xP>@iFP&&n@;JH6h)6o1xbM=gkol#X9Sf3!+
zBG}+Y?zilFbnZFA{7CyIkT-QAM&TX=Vs2-J!1Na3*Im6@@$c^?T_TE410{#<mY5}+
z=jx6v4}jgWl@Nm(^2fK!1V7!dSvtL86^j&6;6snC44<!^*@1RqVSOjtW(prK=|87G
z+<l4RX%vg{YBxP_57$CU1q`|Gob4*_S}xw29QS-k`6P2CtfX&w*%jeD_@HyIMi)c`
zSFY}Cw#^8Xa;-fGQ2Y)htRnzR8q9vc$e!sPr=Zo#rY@*7&8@hQ9>;h0AdExITMBN$
zE=m`<ero=BnbGSGRuU*d*^(>$JWOQa$p_pn*AycqBirf;i;h!UIq$Z6`IFyMqDNmS
zqlmG2isdO$xraHHQyFMn&Layft)7bSdklzn<V;Bf!^;|Pe;Z%Q346T$xf{Jd{!Oyf
zxKy(~0X}O#a8V^zN!DG}g(S9-VDR}q#XSq#!+jZ*nB7mP|KZ)huZ`UjUZy;jUFlZ`
zCnW0Bpzrv~ejmELf$Y<}*~E)VJNa;}rkxpEl~bSatep3n3FmS8^Dybr;5IZ^Lk^VZ
zYn$_WSxWz5Q?k;{`;w`8WP-Go7P4q7;M8GJ;Af*V)7F!XuiPDYfs*IkOtzaf!1N?L
zo!8+&E|=HbZu$he=Jr_ASDJb-{Y%<g^1ZxmrS<*Tp)@9KzNR`uTNC{yOV-1HzMC5B
zup`o-Va~gI!ifC#{=BDZK+4xn?qi*o+5@*M4u01K^@SJx)~hdXMOd)YBeU;wZASDZ
zQ_Q=D`p**l3g}&QIGc3Yz^s+@<*=BMBvkHqajSH-g{ED^@5|zR?_g|>Oy1+Cox>~l
zyx*5d6-WclIne<yd>;eD>8c|>u?i9G?4F0>WdpBVx)l-aM2L(>P!A2LT{Un%^@?Am
zWkNr`V$=+kG-o(Zh6N@HN{LXL?gY-xLjhI9C{#MLkcwReDj}-iuVt4VYkGxo_@$oU
zhw-G}_T;CU8{KHlAWm_l>jPTy`~?Ex>_Kr}!-YpRa&Ul`ujePg1Q;mk%GF;;S69j?
z)NZ?&>+))uf!C~ecE}SdI-<Pfr|_FDY_F$uT=?u3IZU=A#NgzzUR9Z6Ugd1qepz@V
zSqjjID)Kre`tVuue-Z5GVNp3O{CzTemu&8LMVBV6;kEQKiidRTtGvx<^Y*f`e|3pu
zCY!g+zXd#5y#TkFD2+`q^KCLykS;sQ_4^!BERET$^>f_uu{!Hgt7%kiiL>c&XJq?~
zI>=$8)D_6PKOC&F^;>Z8yJ*vSK+DW4*RJv2s+_Xc-LzU7@G9L{FR|`;zHWQ_$ik>;
zk(d7Xbv0JVV2kxorBKS5roUlqu<!A_OQ1S%Swq<A9EXkn-KMhoXlpvw09QVuowezk
z)xl|Z4f{23S6b~`K$G2Rdg!lF#ieo;);VtQInDafF@^OAY;7^A4B}e<<h~kPDT?|`
zU*-S2Uov$X`D~8|_Zp7arntg?-ONK-X%UorCw+O&$;5$X8xj~@j2Rxr>mlsM+^p+)
zIhsYS(I_V36qIogAb6r)wXy&4+WXGwG>93XSaeL~X1hdwwXO+du3_nN$n&_Xwe$MC
zi;(XV{c7YoUeBmm$2u~7Ev_oZl1N#`e>4v@{mI?~ofqf3rMBJaE%{dhTCy+Q@}Ohu
z54dlYqYOc7$44BB=FmL$@PXP1^Bz%PM+C-*bv<E~U~<Z{>-c%`1!T~+L`{yg0aDDo
zc_;JNn!R7th+RwQrohE+CV@w_+0|kDoL8uT>y!*L1N!02!v?`)ziyTr*0$$Ju9j#>
z`{QI*vnp^Zk>QJ`&qJi*VY-Z=>k?k@?*8slGVP2D!EoEBxyWIon~=%VV2*rcld$P=
z-~6HBYN#}YbE$nI0)vZug0nt%O|)Z;7nU;g9#%^c65o<`l)v5M5U8SSXGMj{7nW^R
ziM3p6yU{Skzhyfu&udhAl@|8ty!srcWg>%qPbt}RWuBA%*j0M1WZ$#H<Aip~26mQ4
zG?Ug)@_Al*oA5M1)T8O(S9nilC1QM8Dw=o2$`w|vqXjJ59vobMTan}NT|Hr~{%88+
zCs@flE93^T^BVUm_Gx0m`Pnsa+7O5T=weMR=vNg+Td1g1LlL$t?%h4Q{3yor;i>R|
zExXx4D7ani_A7fUUabk(Hgmg-=RyP2a@BpW-z}=slJ&cOvmKerjtrGU@{9z!m{S}&
z9am7>*whSIu4cGh+sMByAaRyuDca;Vj@Zpb+nm|lDNMHd`Q8?4Y|o4nk_&Lk{wUZE
zg4CwG;`FN+HH3YV?vlmAKjEZ#54%}?!km=l7m~+PpAZb6e*62w07%wQeZ99Iz+tkd
zUEMDE;JEGOLDB4_=e`?wGu{$L8>HVE#n;eDKTtf<?{r2VJUb)N>hp)hfK0IN_T=t<
ziY_kpF9AOO;v(w_bWL!qe_YMgJx2%8P3QHL%+fgD54~B%5)yR;IDA%q(<<}wGrLbJ
z#OcD+SS+!>uWuYb-q_WNIDSXme^jHRSqZw?u4}KeZ(Cdm1|qIA>o095PXFk})-Y0C
zuq)N{WIQ~pvOLGq;r!CH-JGx1ZTs+bT(6v*QS7{v9+jrW;kk%Y4{qBVZ=FKWLZjQC
zwmHr7(EG>w#rmM<xE|OVUkQI!zgf|!2Ub#H`C~q`ydqCfi*+~q3D-$6Xhmd2)h&r*
z`3}7ERzT86eSX&aZp=z}X*yBjysdfr{KCO*ygF2(WJP+g`B-tphxeDg+kmiK?Os3C
zUNV`@2ND-Szb=@!WVW>1sq1@DIk3iRLVs6A@UzT#a^7o2Kzn}xZ*hjpgCD!WtuGqA
zv{G>2%#S`&AcL>ldbOeGEBoPWq4#f6{l1wp&hZm|tIi{PR2k6Q{+!fC;<0bzG!<E{
z$xeAbm+39aSEpx`H}qdbF%at{wRkM8xZuh*D9*>#Y=2%k7HOK%+kIKUTK+=Zi<R@^
zr}aY=Q1FcH*Ff_S8(CH|Szf2?=XqS?c;&!cE{{4!QpI3_F|ZUvbMa;L&zRcy(6~z9
zaG-Mw;FviM%pfjM+ScOOfbol^;NnRi;o)#T`O1JOGMi>VTixu*cTl@4BXJxlJiTSX
zX*`j%h|7mAeS5dmo6fGw?P4HkUPA}iMyIXgSnhq<Ip?H^;8M--;xGyNC7xvBh9SjR
z8}?L5AvS~~dz^xw-@KLP!`gkBwh{YhCKb-W-PsGxp`=u_&OH*#bqYG_>dv&#>231R
zzRlprrYi2Xb4r^{mhCuUw_A=7N@g{Tyh<=3pu@MZW5t)M%2Xa)?<G9;7h>zig~RNi
z^pt+rq0MQlA`u6#7MKle-j;mA`;GaX{rOVX#eI{1?Zw%coub&<rq|`7lYx?{>&P|L
zgq1#AbM}Z`Y4#HW^<&0E<3<g*PTl?OL>bW&gb86{Ki8@`y|=&3MCb8v3YzT$-p_@5
z(Z-rV6INI20=xDF68;*yp5P(*Fvc!{_AuT{6rHZ~iG;$Vkctk%h*%<~_r2x3$dkdX
zifxNAla#+ctHo?SIbIeyFDHvpK9Zr%)@6R3B)21MK5hooRk(f@li%rCSNvId@jgsE
zZ`gXcS)EK#Kq8}V6?Hwd_VZ=Nt2A}C5rx}d|DJi7x4ZY!CM7?n?3n14{qC!0hPu=A
z<vW}k`&f5bZ!QmR!nCxulYxsK=lpoS9fGdCzITHXE!P<G3qx8!Nh>$@9&4b$K+7wL
zx!;k;Wa<^ujO?Et$AuND_q2K|loCh-&2~G*h|ls0pWwg8WBZ<cWn6_w0&ydgxgD)!
zPzFHVKPq#ZrBX7OZ3k&yh`3*h{09vh#f;lL@?Xrt?rx@rt833Te@|dn9utn@y5oS{
zxu|AWW=&qJ*{5fl@?Py(r#)I8d#@KSvKIJn&Jsh*I!(qc$_=qVUrnEjjYxH(a~UZ#
zc}pNy)5nHq^YTq^se;|{!@pWD-ZSg%si-{hV;Ia!bwLAdzbd=M76z<Zjf4qK{0MgV
zt$RoFiHEk^_1(GHHSNCsl9)@f*W65^HD2-uo7K<|xBZ%*3T=F8a=c2Smv#E>S{>Z?
zcjI^lI0nG7^Nv!Elm1rm>A^e*Jn6Hohgjk}Mj%nozoY4LNmtj-clX$ilgWHHlGwcw
zK9kC0uqPglnaEsa;L+m5fsfTg#7qq84C`rvocHtJ1rl{MM?!*Xc;6qYIW4Yg#<S%^
zq3dsmIRf3Rzq+r@)^`t*Z2wICkxi0Y|092<aCv!kfv<1M#oz06nM0$cnDzr=N+G({
z-3fT~CeivK+ydpZ{}<YzqgYMv`K8zNt%~%|N<>Bj;*|T}3+I56p<VHzk~j%;!sp_m
zmyM5YCW}e_1g&S@HirG(qZN)^qlMFrB+8fG9@lNys~B+Hj!mz{<EF3h((0*caMw1(
zjYC{=EG*wdUdxH>hn9__3!TDAY7O&e^|-fICBaFtt4<u57TxV`V+%6=f#4V1z0^;n
z@4)15r}`Ng`l{y>ic^*?6S8B6Gkx3J^#1l2o^_lzSqTTkT7Emilxu7^U}vQ8OB1Q|
z#AcY9p3%TmG$`CU0OiHFm$BXZ#yI&WS-)T5`#b7rzjjO-hyv4Y$c-%f7>&rfagDZW
zA%;@Ti+)w?ZO2h3f&Er&+<S}a^g4qDT=wOmK|yV;tz=b1tu2?M@Ph%RNH=`2HxAqj
zE5@xEy{VYhIOZ%iN;H9CE`fV4fpabaDmEWCHlLCeDK?)Nvnwiz8yJaO=IA}n`EQX+
z^xnVaeZ4)f;XyD{jLc_@@KcPuXN-VMJ^W0)G7gkXJqbqbCIex0zQ;`3^7Wc<m$#II
z_K!%-76Y70+bcpfdc%v&O2;ePe8;P1sml^eCpVQt-z7wE^~#N!VU0_HUW&(fm4+~k
zc7aaED-_x%Ld}y$!_eQe7ZD83UI*h{(CF;~B8OXW=xef?mu9dRhbcNq^^ML~A-ESq
z_z@CbCLC*YX_s9>MO`ZYwj^bq1nZoyOp3h>?0!MqYRyYUwHz8A_35`N(r>*P^3iRz
zat!j)roXw<x+4^Wxzgl(S1kt7ufO}^-D3ocy%;`eHa|6SggUP*Zn}E{+_&u#wiJ<|
zA4dogca%@;4S^p0#+^?f_gmnpeV|5Pr9Y3I4`mfxe16zC-?+5)gsqNxYq8Buf;Io9
zBzW%NX*mPd#-pG@PwL}Of@gmT*;QE5TSh^>9@8ZR5h6FI*N`D`Fo`42c<bFyt|TG(
z8Bm4wc+yr8{L!e1D!sI0cJNQ?4oJ(kgE_wN^uFGa;Qr;e;OuorMbOk^8S_}u)eG;Q
zK|?cZ7a_EOew_+)uQNuo!;lHK#VUm+hg6>dS^}-LLu3t-5QLc!gr5+EjB>vG1(^x+
z!_K6#FwN<EkJ9YQiC$VqrxX8)P?%ZpfS84s|A4rBL~tfSZ_;H&;<-}Gj%Y1&+@UaD
z>xETcblpkSFKY5AfRg)Ud=*@t>ZEQtn#%vtoyCNTu=qsnel-;27A_6d%NIPL@sy+G
z_z>f<;}cf))Z}=@XIda2HZfiBxBjl1;6adv?`kAR+Rt#rTPO{ch@9akun`=XjF<|9
zfFAa~mvp_CJYU_CoV!yOyfopvG;zTBV9}T03Q|8dTKHF+h0CeFYZrs&es83?fw*3d
z7<D`u)|B>)Z$F98X%1a{5pF3+Drf5{HgqLb<B$j-sEtc_fJuG`PdN>zK1+CJyCLgD
zR8=-4kcbo$#9*^dx8eIm0feOh{xajImGMo^&z?gPq|4l39}ah1l)#k}kQ`XSCqwaf
zm-Kq@EY=S?Aq;uXKc3hx@Eoc19LfJ)Nk_yUV#iJiL{ABlmiR&!`JjgQma}m8pqGLX
zi4Pq<ESy-d-a&r`9E=nkj8sLBh>yihBoav`5~Wc9FWIq-#r)sH!fGmi$=5Da3}fby
zB4g!$Ic)RK!QQl%lZgKCqTulRZO~fI8+-TY;B0SF3YL8R8J6>b_BMNtws4d5JIvgV
zBrf!GZ!gR|^Z@`j1Nd2h=6Vj86QMGN%MrrlCDA#7xcz<?xQ^CU?zAiFa9|9c5QTuO
zo!<+hX4o6aOH9j5OvmhxjvbGIEyTE-4pVVrF_6<!oZuoK-2Z)UJxm~{K_F!Qpqh5t
z<qLU&V)jZyLr{GzGJmj}!up1d(9S(8&KVsUM7VvV2)ajyez^73KNB@mzQI?G8S>Y=
zoLTJkpEn$Q@Anw=?5wsZk8R|zu+=j*?I%vOeToLOubz2#Z9^wc?TfGY^i6+zna+Ee
zMt_~bVQm?TcmK(vjL8z~Al1JX1Zp|u1y6g;$MVvA|GjiS7APMd=&`BPU8$>U?&Cd{
zCR>uuZ=DTo-ln>tc}>H9VTu8R?`5hgGf+9`aUOGV2<oK?@1>d8OZM+AcZX0&xE3%g
z5ybdMNaG%9r`|1MB-~vow6{mc!q{EtP*6g&mn<W!=^X->c)C$>DpjQ`0<V3l--NV@
z`9>>f-i>)EC%WJxUxVf?kBEm6=hTtott|dWTkh4t%2dt9vgzs&iVp$7b&Zve0sGv!
zvrplvgz;0u?=sf2Z6L2hRHs_sMQ!}bznR}An3n*?OwI%M?UYMx*KXAEn#=ao;$>c2
zy>GKJXR`JSiUGYlLUadSY$y8AS3+n<jvvgzQ#EZ8J~$xL3OM<v)e!~CB3jb|2FijN
zYFh=qn*!S#&+TkqCyhV$mGjd2jt{2SE%m_-3}kx<{94cMbXlCD^v}r)<Bnw93W~t~
zKjydMn3Os^D*^$9D$%jcxkHcQSlYi4P#`{bgP*w+e2bxpn@{{$@BU7po$I5HeMrWP
z&m?UUpTvR)Z^Ha~{B$z@GW%L=lC4aFR*mXKA02r+jeFMM7G@Sz57U8c5Te3YrFCo*
zL{s-bs0A+O{kYVxIL2r8h$|bQh~0p|DoRr!LQPf8QkUQtEu$8D`Eqm9E}Abshu^?@
zLJwr(LPPIY%;;aUcC|dp1CHlgdVxFGH>Vi@9;(8h0mAEE-b{hV{`zfDssQ_FZ=2O=
zP%CAr6h@{n`SVX!bBGV^mcf40sXaHc5kWzQda2PcZVxGf$uoGWA~80B_Q>#@qkY!+
z_TRb;?dLbuw(<kjr!$WkyDR90vN_!r&;nIXSqT#P>|TpF$|-gok3(`7GJQXNxCB9J
zC<`*0;ZT~q+0Y$?sUp$t^k6D&7bd|9ewQ9NHb$S6U>5qqWhy>ZdWgMYJ}w3M#jnp^
z{%VT@&cf<MFft@CLb5xBPG$=ynf}gTtNv<c-pggt5BVs^aQ&su@JVoGZ$;?rKi^mw
zq4wqER1v=T@kZiXsWno^zw64LS&{@LN_S&srP45#a**O4=9w81S<-SdIFCu53LkmN
zIa(>t$i`sY+oF8Lzq4)}_s8W7dC)N2`6mIVCK(H*C`wWRiycL<4X6rfo>BM=^S>Z<
zBT;vBij-<swf3?<voj*WWCwdo3P41X<U&{d$h9OH<&H+(NQt^QKMqd3IEku6(#ZDL
zoad-eqd)gIh(FFH2En7y?qM)9$=si#<3&_aBwum^_ZE<5;ioCdc5A=2--=Q_<}e;p
z^0A*}D7s`x^qj049}UjDtV$u|Ey}eM)X&JI=w|3BX6TtVYKhcEfl2t3W7NutcZO+q
z$yHdiY>G7HdSN^Wi0#7vrpe}W!XUU69XZAEQ)|rBn@{0pM6$*vhso3FvC}W1ooDWD
z+E=LBXkKB%EIWD;1h3SItr-vWn0}AM*4`X5J}+wq7<!@TI=_=XzE9hU>-z2XGZjNB
z{mg8Z#}A7_4vWIoYA#ba1~-%^(mj?W8!k%e{}jh-!g18viA|m2#)Y(l8T|=B{#wx8
ztAvlAThyZ9#3JLwqACFMs#8o9cd!RAZly6xc9XNBm5gyiN5Fa+Li0>Avv*3I<QpI+
z>cF0VP;4HmP(Bvd?=r^3iiXFh0pyrW<e0!Uv2Pgn!v=8NJMkZ-6*HO3N%T2isnaHS
z(k3Vv(>itr{G%r@vL`T5)97@s3516aWu^~hA|_Il^$X#B$8g?NjPoP<G+<w*_h}dJ
zXo1GdZXT-!$7cdZQEgLyD>PXC=u>ozt5^HLA<TLMGQM;fo@bUe#%f9w2wA#$84JbS
zdO{D&txO53>l9f*Xv`@K=bQQmS6HvVL-+@pf@r{PxS>GVOGxly0gq6I<1F=`Cas?)
z5CJ2D%Lqoq;HSLJtZmbNH9|_R^eV2_lXOA8cy5FXT?x6jXF)d~>mB$#fe?8I2jIwS
zCT5Kz-?JyMKjUKD;;xs(+Hbo-mw$Rp`GCU#zM12WmfU#lOC@iZDjV(VF3Z=7DqF(1
zbFSP<v=K7wktiyG{UEQ4y<6kX6c$gZ%cLC2`3Wo?U8*f=?wJ^RIlBWxY8CUk?nT8K
z+0$V^&KT2ngByzdn&1c1!D9pB_CPbcy_-vR*<V|OYAT{^a81Kf=~>sWDFAj7Tycz!
z40(IDY!KuD`raZh(wo=_srrcbGCuOWB&PC@p9Gf_^NSReyrT}3GWGK8^#Ce}mV7j@
z_ZOdTlWvMj=N-)5HW=&ZH!<_S^tO$~u@QMWb3V2yDZLV1DXU*UUhsrwqmv?VsK~tJ
zF@wD8tpxS(pOxIx`8;X|Hpb*chJK}|#Oq}&>Xr0<s&4EsCNENKWXMVL6Xgc7XYB2b
ze4-%eO2RuB?}uu6F;|rsR@rxFjvL!mz~y~~peay<W<)~FiYB{q$V}dQEG@ZWpct_(
z;lIeP(+~5u%Ys=x7agExt<T1<_m&``LLajsAY?4hR@>pOr3u-Wh7hX40JjL|N*k^e
zZ`kJ}=3#1Elf`-W>!nKV7Xou%U2au@0z9w5nqu%hq{D2|RBzervgB+K9HEKSIeqUQ
zp?Y9_c;d5q7Q`$M{@x6K{3uz2IOv?0GE|;%x6>m^GH8OY<VJIUa>{B7P8#oW%j#cG
zi44VGcv{>r=(B^3@zXi1c<~)Ob_^aq4(eSIWKR&FrtzV=b-6h*y2<EXMz23iAHkc;
z!kZ`QF<po9M2yHeA!qRfa!vMy4WTBrg#+H*Kv0s}9I^^L0)bN|pX^8zh7-&D^RgS%
z>9QpA;l$^}Bs$?yvmR129srb6wp3#$-$IU~BES*cayqb;1Cy8%4wnZ;Z}x=JufVW6
zWKtI{Abz(BFApE?T!j3#AHooevb0+~;+j!pfgW{7kDa?S3MFZ%?iy?eiw!>whMUod
zn=xVG1U1b-KIGddMr8!dqUX8bDd3NFpeA&}$vdR^ALs><wV|_U{lbz*i7RF)t(kzh
zPpzA}WyR?-dtWrd+4?<4-l@ytC{wMymy9w!k?=l&X0K0}gFsqRW!A)9?vXCF@Zm_a
z$rOfx9NnX1?8#-}*)n)<tBKtAjDfm<k^K)g;vcLgQQvb4>OxBPKbeSs<F&eh1zLja
zbO=+!SmWvubnoinQ?z~i8VHv+h{k*Nac;VI)M~ifA;WHfkY>8-*`wg}T{jU&$H@ct
z$pd5A&<GN5WvVdK84593#z;(VeBizVT4)DCc8nzF6RJ(D-UyoYC4%jp?cndM^-jLk
zqvvM}7qUZdm!iW?N&84bSMPN)K5-<sNW$IcW(#}CfH6*@B<nkvQ18HxJO0(r9_ARH
zTgis&?9}538YYSoZ#fwzDLJ@oOJQT}aOr<ts0;ejjT**lcuDh7s0*YP+R5pd9x_+^
zqHn(od~RsE(4QUUOn1RE6Op%y`v&l~1!(TB8L7hDAY*D^Xu42o2nLK0_G(KKAnHoy
zAe7AllsLkKy>}y!l79i>{``6`P?7i5rFe?=`(B6&i8RFHDoE9T?dZ~Z2Tjwtou%&Z
z3kkDKekSRC2@D%|AJ|!D-gcG8_I*NHF5W~A#un5SP8TKdVtpc6vG_s%AKwk+=KF2H
ze=fi88};wcx9?^NumOCh=>uE<9so~(&wtx(A>VpiBp~+NZ%Y6q1Jb_@w*o*8pbSs}
z_yec}R0Em-4S+g8$G79w4H)>g+(rRo-<I1fU=gqeSO;tXHorx;-EUuQ8}JWs_AR?z
z18%-mw>!W);N#nLgQNkcfuaG>AkZMwpnThI_}``*KMfuYkVfcRbCdqo+*H0TH_dOy
z&5XwOTW}Mm5ut$q?13=<e_3t+X|DX1p}v3M|J|1PX#)oLi46k6Ob7z<z5Oq%?fXd=
z`~PmrOwokaR9$UWa3m!U=mmsT_y<4;TLvgW-Ybdx{*GZTM3(9mk|GvYLWd-f6oVij
zi0D!pgvCT(_s=&T35-Obr_L`LC8jOx_7TZG>v-z+>PfrO+19eSXj*yISRYd`9E7LB
zpWYab+s8Yii@WLFC6>fTJXTDNbVMr#OCXKvO^e4c?j}~J#=HigW=LcTF(S_pC5@wv
zLC|t!WK&_CP~MpaibaUz7ROWFhN!4iD3K%Iu|f_yM=0@!GD-dTolqQTn#-<CE*%77
zIeMT{z%4JzIEEZ<wpNa6NvW7i9WO(nf_oi(p@=Sf5K)f0vn53@t!7#*Ly>_^3wk6=
zQA&CDoKCJ>J&Foo4^9+IVAe8OOwEAxE2I~volK-E0StoCC^9C8OZs5PR)02VN;V5o
zrb&s_&z&@}g|OlXWl-;riILN5hv-tzBL@bDA9`kV!uKI*7TK~xsGuljmrNyrC*X^c
zC7m5!|28%hO&v{&;Y~m}R0;7<A4-~80HFc@HxChP78P8KVlrxY_cO3j_#_<?1HwkV
ze+gMS1LqW1nl)U+p&~f^UyO2FexPTJIg~7U-|`PMufPMPV9lSFuqcX={wkEySW;%h
zo?6EBAiw2>#!(`lzfYPUJd~b9vh;7qdi=o*Hl*{FWLRdOfFth=Ze?<;6VsbsJfQMN
zMGDO>ozN;XeS7*%-WJZ|*KiiudM;IJIF_jlI;)q3*XYRHanBjgs?IwRZz1}TZfa4I
zz(j5(Sm<uy`j=G-zMfizg3!{KzT~FIDeb=!+CiEMUn!Iubk;t<zra)2W2Rj=d+sT4
zLtDd*6AM0KJ0Ugx%3y$JDs`?cogueX5p_(s2qU!)k$5^a7BtPjOy=n!jN9EEt!5S_
zRzmRy5(-(gP$TrCR(qphaFTe`rQm<m-^vHnDHsh|1U)U<et=jW0=bD2ZQvf65pT4J
z7-B-NP@6M^06a|+yB2-&goqMpBdR$~1N%SfW<?^HztpNtaUqIe%{=g6qTrpo4au?q
zPju{IrUx~lt@wVJVmm{Z{fT#C{5|MC_*AeP5p)S@bZrXpD{M&1k*jMpW=cBjUapC_
z0FyTsL%&#HK%WsCa&nZ&c)h(RdH3=o{{RjJh&1`{jR0v}BVIUn$V74}ttjcW&s0<4
zaS6Hkhk-vtVitb{iqHp;(8*{Kw(Vp?aM1TJ)Y9ck)AKiqkprpv)`&$oQOr(?Fyrgx
z(G)~TI5C+Z%?-6iZb9hQ>kYX9M?w(6qGHI1E${*NhP7ExMHO<<#^3SI9n9$D0%pL`
z2%1PL5?)zhuor4nf7U|fW_&YI8C3X+5R4Qg_e{!cNTv`T&|dZy%)W{+d)@ds3|?3k
zWuBb}_5j2m^gc>^62wAkQTdf6ullcQs>tLy6?t+Ty-D}Vws;4k9D_;lN?^fMIQ@Fe
zWz1Ov7lH5K|CDtjA=9QJZY`kaKibe`8I$&B%nLzbPW$swEMFTzFz9^@ak*iX65-i*
zSt}u1KVWb{3gC%Z7k^&~k({TLsN}CyEaKKp-mr*LXT?c~vSVpCCYnOfdw|_jqfZ%u
zVb7f_?==L-qgI~sCbInGOOM@GqGVqE$sQ=d_EQc65ly~vDv1}99dl^|M!Z~tz5<YI
z8l1A4`YTq6GEgMQxZy9Onh9sEq^J^@i5X_J3T42i2}=XLE-}HL3Z-L2MIufSJcMd5
zEK96ZX?tL2V85~9z0i^k%T3R!`E83VpF8w>(GZvxOq%hinY}P4j;;V>;hM>a8MSmt
zrae|Jd#X4`Sf|<!jjI~lxY#K-za@V39=EqTBXbMPEtg?~-~OtaG%M2bNYdmE0e1?J
zj4==IgXwel&wEBtGGtIioJQhFKIDa#J8F)2Q}9N4YB=Y3VL2{AHhFwhqA930(mk@P
zQ1os7AhzTcG)jeMPDEK2s+Fe?L_e-rF`PCyb803tpt)FE2%VQZ_+ANQ8O#>q1f?1-
zErR6tEOR)F(6|yABq28K?^Js-0@VNs4r-W^TSXQY^-TXdusZGl&2%;1oMPC3(STNR
z<`UgRP=6rkJu$X6Jb|G!`!#XDnuR|rLTRcFcpD+Ie}qEN5-T3DXf3qdyjy{`uzdzB
zzj&PNI~F~fx@P753Gp~UW}e)CG$)oy%S(kyC<$~9GzbK$AV?wL9T}h58c%^LAfZut
z&%c=pQ86?8R9HrrTMlfW$5IV;U%L4(b2;V-IT`;LA~6`9es6mh)e@+toBxUCh-C~3
z4jc0Mq9cer9t@c-a=SdUyPMkTEhwKRu5$%P?g0cV2)U}iiv<!b-h9D8H}VfQz9nw7
z6ml=*M!=CKkqC;9OaG1(wyeKk+NdzG6b4;7J=G+|&vb`gQdsX+Po+&_8(xBja20Qy
zd|X46duDFRaM~bvpYz4{5pR@&xx4wPkkeQkCn5q~W;@>skD{dEJ!!(7S`fl_;T!>h
zvLq7qo>!3_XA$D$7{ex$)@VX%XLT4Lk-XSW@^f5~<^9=N-ZZ6u3}Bj)Qm8c%@rygt
zH;`*J<TRx3?$zKrn%N!s*)cXzwy2KjEPs;zdQcJkoLfjt$OL2;)Dn!e+=G=kGIM3P
zdmYrs+!^G191mn3+BE-Yq~gNp)!cv5ub$_VDl0nAy~Ohh$pCn+S?*E^x?09!%z5Ek
zf0e&H;@i`(=oszxV`9}`*LP3PZ*Oz)HJu5m3BQ5oh3YNIFVX8O*ydD`7n=}_3TvWt
z94mA|wafO;QQeH#gB?XDZx2KhBZ(5pXB}43OIaTMgCM>`lscokd->txFFbcSLfT{#
z7knr)>G93NaM+{`2_r}!=pm62H<ev~RrWp(^U7(m@(Z3WOU{Kz^XzmEM!Ouzkt}(G
z;{@pl@OHuv54a<3IPht%O&_Oay~Ni8n;qx2n}yZbj?4KTgm%W!jQZD>J>BKe($Mlj
zof{Ie{YWodtC!B$Gnbd(?}74L*`OvUmo+este+tpW=XP4z;(aIy_3tr0_oY&zn|w~
zVo@YceA+>Gwme?j<qg+Pzno7_+wAr^BgLQ*nyYJo4LA12Sk7k=mwo9m$F8aQ3OcX9
z7@5Y}bza!n6+IgGsS6*pUw_xwMOHa_PG87pvt3#BZMs<jm=w;c{%xJr$R)+bT<MZe
zcR713n+3%pL_Wud@o~YcClhHMMq0CXIpw?ReQWJ@K|xveXsVxbLt(iNzs_K?ux+@V
z`Gf9xcmxbX1{QiB5u3e72jmBsoqy={<;uGa1qmFHQ_a&2*NyIWCFyUq)QxI!ka}pP
z5Npm~REr+6a|uX$KVh%+_zb0FG4x*`b`bK$^>BT(L?L8tJwW3U^0j(<>i8(z#K+w9
zWla%nO|pA?R~8hzEEBvyx^~%`szZ-dQZyXSo+j87)&ehL0zJ2W{FP7j6FAC>BTD~#
zK7igm?AR?`S%*^1Yr)@Y9dKUl9Zjj2%DUr{o7XR6VXJXktuCkrBAzX88zR0sE6{X)
zj0Ets?@;2=O831|$qI;mp5hF>BC0>ZFF&a+`s}|e3OqU)wEgk0KFVHnO+V#`E(K>*
ze`469OOvfz)ursGpCP+;KyLLa(;sB6UI@Netg`^SR205jbqGuSO3l3_B3FR43Z?ad
zSy)jsuwb<}*&z6fI8B>D4%ZPe%1nVE7+csb{>N7Jj#v<J1{#-5WFJ+Otkru1$hhK-
z-<lWM>q5X5fMvdO63c2CX<}Rtrh9?kC!br2JVwx`K8vD@<W$#06gl}-MvYz?j{e?L
zmHA0^=qx8IN~tWR3W38N_65~@bJc@~-wVl05C$iufEH-d?50I7<!f}AI=<>r&lli{
z2NdLJx5H1#sU+B$+cA25O&?-1()nw}xfREv&93JD``^1-kE+R?;36w@n)#6a`-9jZ
zX<mp1v_`49wxr|ftEZP&4-F})pu&RhM~BY%+IvX(Qx72NyB-O*8Kj^7TLGaZIR%Hw
zs?mB&jlui6ER`x+Mh}bG@7G_M88sv6#R0Pg6E?)0o($)z(ssd%-byStk(uinf|o>L
zudk|yz(YR0(f1z=535b>U2of8OW5b4I|k_oYWCMJQ7X$aU0u5w4wA99tkk85KqAb3
z9WJbw%X%%3rGFSk)6c;{&184Z2=fD2Rjt9;7i~_CIXOj=YVBthNzb)A1L`Mo3oi0z
zQzY^$epoCcTs2!cJ(jJ)QN^{oo2}NX>WZ{Afm{XU0m`m@dyOYv)C&w1s*-*=5$AF^
zrPLJ?Ze=DiId|7}DLU+93gEeO0Zz|LcTAWxyI@z_0@W=wd0fJO8(b%F|L_IJNnU<9
z*oukPfn$^`ciCjE>8j)Wz%CZvB15#$wZ5`^TO94y)A#Kl0nd4Sh#tFd5U*p<XXF}H
zua<4RmBq^I+IJ)o9P2nO4vV$b0`)KmwE66B+cw=AX_}hQVY@%ucbqC^9lhc+Ah_&!
zJuS96KcX0MtWP|=lLb~^zH_gfzZnR8JXu}NY<pgu=BV=8tm|8!hW0DmmOcoM6j4eE
z#fT+pO;#_ows4rHPB#Cs74|fW`^TG59W^9&8kx41wK~gxH=chB@Y^VLSm3~}o(eqk
z!p^L^9BB2#^-Ft9;Q%$5AHN%ij|+E10Pq4(e){XhsosR$+E$&l*iXpi;c?`wi#Ap3
zRmL%48@#taT*~cpU#L(0Ad^IF&%i$KYNB{GF(<Frs-r(a|6G>V7WR`Cjem=1sPwL~
z&~PGi#hF3EM9|OFtQYaz7&FfQ6zg+PP(ri3Eo95J$g?i*Z1!mgTB!2H8h=RCZ4I(`
zdCWfcD7O}UnqU=v>3$1oTaLTOQKX7KumNZ;;A0p(%zOQuecKAO2`K5xvJ^xuT#RNX
z%ZQ(DCNS{2In18Sp@JNNCd+o*^4d<7YtvX`-rjH%z9D(Bk~v7iISDl0E`*(+JFcRZ
z66)NFNS)VWBA6*1W{Z`=B^=Z%z~Rj{hwqus+&U{G>NI_QD^E~|%TtJON+(1!rI$I$
zG)(ii!@i5kO)b7x2>rphfyaSwo9)`t`s#WfdXU&P4cWM>o?ZE#n<n;>)xVTw#TMc_
zP3Bx`KWZ}aic;*fkH(FD`yGe3*34<;DyyewWew&~li^^hG&d*d`2e8Q9)b>ou$qD*
z%Y9TIv26F1g3-B|zjf8tbN)Ru88saH$9CMp;N*|NR&HDAmn;UA3GBYdJnz__>(iYK
zNQYykj`MS5*pDZnvP<z-qO&<HSJ^h)08m_cnX#uShYSO!7`kS4UwYQ<dAEp^<<HG+
zk-u5&^#=vz^A)EZTU{4?am;RGtpPR5m3H2EPrY`OF1p%L4{OAJY4h=(7i+<tHUW)K
z-}zU?s?9Rjeb5X}G1zT*1XzQZ&H~-io`u|x?&}@9lv9KI25HdQ7Z(BswNy5$24>qW
zTDVTCvI9VcYN=}yCc81Z3q91i=HO?md9Yi5q>CXE;Z>rZw+D-0@3vwu5AurR_70!O
zyrn%BBl8ZcPt;uUU<TJ!XUDt`_n0w-Xgsu^Q;ldOPdP{sVbr!;ua2#^Me3s+VhQ%*
z+k4wsED13#;u@%)h<R53x_SC`7lYhK%8JMT^63u{wE!2abH)I1it=tSTJfA#FAWZq
zf5<U(fXQlt-KlJBJrl#5+-6o|i*UmBwvSUYB=hk721KU%R+)u3wlu|PO$F#N;rjF1
zW7)v8=V(7PL6djfqmJbGeYST;Fz{Tp_BofIM^kooA%91Z41TvTJvMZlpU%HzQC}QE
z^XRNo)l3f7c-rIiWLL1&KH#5ryKfh95Lm0&-z6*;Eu3x=p*B0~kB_(5zP@vpoc+SQ
ze0`$`%#Jv8BV5frSe%rz7D38(zqVda#R)TsMS|_}6Zi_PFB#a`(TV(bT$D(BKvI9)
zww`rf-kG**qjO|sicjt4(?lD5<?5e&`o7AvV0^@*bHNhoW?dW^FskK>$2qU#(S8i@
z;X_O8da9WbN#Xyq4r#s&F(N%fC6~6LfY_wL-{V((ToxucoV}69P=VvcGJL^a{Fnac
z{HJM9M&ACD-c~BXUAjDAwc%Q1((?7{uEp2npG_eU$zEDuxhK+r__RMw+U{cg=`?Iz
zxEyM#MMc9R)OvaXK3jx#%)@pCxBO)X>{4?;=%{YKcx&6Ozx;6ZDDCWMDsxls@YGe?
zWWy>8R(mYV{Yzi??_n2CkW+?{^TOKF@tU*+#$+<j*{O5MYn^=J5M3svfmEidzOZ(w
zQu2j`+qTV<K<CjU4Z$x-s+PvC7DIQFiuK0nG)xz}j^-#^meg&dc&paAlIkSOJDK!8
zjXm1Ukm5sx;@2w^To@0Hk90g>j;7t+uLIJ8#ar7pyMIidKAHW2Hw@Zg*&CmWi|<W%
z(p~<4-7&FFl^rML$rOSqY1|avT!zw7*_7R<8eJUt_G_jIxt6~&W?Tjre*Kakg0qTK
zAFR3@=3=+@ySu<_Ysnj~F;8pFfx&N?8?Ljxj7`9Jll%dXocOMny4EqXHjlG|YIt?l
zRd6wo0#J;#R(QsK?AtM4>aFllhMk_<x~I^{Mk|$NZOPTXzTaOtT^sNDoSm{k<Fm8p
zN+;YzU?N;QL6NNU>qZ{y)VI;rv(eT2_*u(45oGZ;u_oK{>|)lIH2mplsZAA=*IpRt
zo=o#q^*kVy%sn<scJBO^`0y}LOfY1{s3X8uX`tpUrZTV-madtfVKX8tF#8$|ys=Zw
zR7`6IrZt?bMsYHD_v^tgNUheC;?L0Kx@@Ev)??PEvt@e?wVXsf44z*xC<@*(+*vqt
z`rc7>;sHsiwUAc$4uQJPeKrmqV}Sq*4FSh8YXSS}?!XMkcHKL<wNOQ$V1+)(;eqay
zI0X3)?YOJfzLw1&Ev@IXQYW`{M_A=%ZjIT&8cDZz`Vv=(mY0G{lO8P=Ezwr>OIGSL
zMdv0dTS@ENBM$_6sq<N`mXnLdF?Me&YSS#`xuVs%Y#$YW^Isj>f#rMiyEb0An>M@!
z&+G$}>el8IP`m2%6TUuseK?kqo;Sy`STV-Ui03bC1*D7|(OyX+qm_AFCGOm_w$OHS
zStdR)c0bm9Xm5LVKFY@Uw~hKrLv!V8=3Tb+Sp9BwR*R09a(f73K4u#(4qi?L{7N=(
zez`ZMH&mOvLw&|C4Uh!o_m*rHOdBj?ct;4lU4ItTS;#h-C|dc&Ikcj`PF)Qe?iU<*
zklozLW>4U2nZ;6d^HgvD47Fw8KPh~3sSuw6KgGFsILJFcEci*-@>3(oWCFtMI(gWo
zo$7~Z%KOeZzRY2#-Aua!iwhV*T=Dj=vX_LsS5hQQJsnMtG1adJxUbM_8dvCx?FOV|
zXSIE)n9n`)C^qpB-rw(ggbNv50(qPIY{b^v?{xeB+V|-wvH19}d|sv<%39Xw*jGk-
z8rFZ*6)=?g-0ZIP@(7rfI#R85(N1bIeKI%KyH5wDw{>VhC2h?qxZvT`njiR_0#U1;
z3YKa#ug8t9x&{N%+s6K&L06)}eIU&&Uh>150n6Im=&C3g+>3hagq;kGhyJ;E;h9*t
zPZhgEy*|V_LoK=?c1~xvy4JcD&aAeEHzD1*%HEMO0`GUjP2OxwOJTQjq6CiilUbkl
z&Weu1<~tssVpCL)^dn^8%m49~tOQq<AlZ3hD9yTzg<|(@U==84CU@kr|69->p<iDZ
zH>k{sSPl*udx&!LW6QNK+TA!-3>e%^Tu2*9@Y=8=aD&aO|G;Rkw59jimg=tw^&nV?
z?ZgA$bn<XGzPmE=(1w<5_WjpF<jJdZd}G~LC9dx?8Hp322v<|HGADspEEQFOxNq+>
zcL$b}ovX|5Wvn+FmJMqgeHO%iHRL64LMLnD?e#?1J}KG~O@6p(qif?<E^-z!6}zI1
zC)H<x+0%nez~l9NqA+45wfH_=Qg%n*lM^!`Gxtuzn<`MMZJSNeW=ZEjW(3#Lg#7EL
zq-|w|bo<P^wKfo%tHEz&A#knEsVnk$yk<+$f7p!tW9h@Z2CChX;-7=Eko{od_43I<
z5>w_n*vOT9RZq>fR^#Z|UT95*hGz}#mVVRHLtp9EA#BoJH!s70DAK7;njMk7mS7zR
z+55nb=gq5+lT0LBy#Ng~14XGT(&D=7$Vjz-?T*jOeL%HpP=kZSrez`9vbuJ$Y`6Bv
zY4>;z=I562RFFE-$DexlZcZwn>dR?1k#>8F1K$n#gw?pNt?Wsbs)@F9k+uaR4OF60
zI>EVPjx%ke_36rHMND}P88_Ye@QEjdoLIU$TX=%G93NqHuk{<*ORdk*`0w$_n>LPP
zx?J|k^Jo617pGf!`vEve4bJPo!EYl}?<0Qro_uGvf<B7NWMrl$^?(e8X7V^PousMJ
zW>da;fz^OX(vC#Y(E?MhdcM^l{*-e`L~=z+z677q-2<sxXGeIRSbRkVO1M!GM<|}C
zY<UIJyU(8QlHsM_|EigsCk{iP5P^UUlK;P>ES&7DUH=nh@m)2MUQuWb&;`=~1I)9;
z=L<oA0aS)$0qQ8A!gaH##FWT#V1=5<bw#9+xR7Ef=LnGEwFOb(k>Ln^O)Yx8&4p!A
zpKK(TGc8|t-aSYoJZw%!*=}1-=C+pz+4%qDh-+~_p1YI0F;q7J5T^72LgBLs(vEv(
zB5i7k42$v!<MU`3HzFBwv}~jC!=*B46u0gkCCpmMq^Pj)rXmr{%8U?DurKi`sZzL1
zC=`|mRfDK(Z2N4#BcIVNe}oF*g)@sMlb{>YKHZ!ip2pMWBqyXZiq#+DWP%x~{HSP_
zOHZbbN|RDWAzqtRs+LlNkt8>#iX@MaMm6GxAz6`0HUAy1!tvW!K0>NG-l{~30xY5g
zw)zN}u|O^{Js}dz`UWgPu9_^5Ndsnq<Oh#5$pq@J5)hq&YGx{}L<%LZ6bp*65Li@X
zo<x#tNt6J2nc#o@@F9%pY2k@z7^Ie=8%oIq+T`Ixf)#z{XXLODUzH&GzBjbQ6TuOv
zb6^G4p2d+uyp2B;VSH}_O2WxSMgf+wYRST(0w6d!REaQ&Xl7vSfWN(#<H#JW$`Z6%
zq?4c|hvX+}NY@DVW<p{A=B-bdL_?C2bJJ<4`nF)&n3Yqrp&ZGB(AK^VWUta}I;p`E
zL;JC{U=zfk6Y+tKa%_Cci4^Skwwd&heB*LzzZ3E$eyCRGWK+svisI>=Sd4OtM@B#4
z*A&NB5ch2+2-6;Fp@vK|Gd8iA&C979H>rX~RfL<?*$cwUKvk=AfNLj;C6g@6%ixQE
zb^ZG-3#pYaWk@d2>Z<9NJkaxaJm?}d8E-zRm}Wjkz>SEB_@!K|@I4f9hSV%U{PPOb
zB2)(ZRRchd{}`c0p+3-?DP!u6O}Z6cfHG}=2or%13>LZ*Et88SnTmpv(0le(jc5%c
zSy+f4%iqHXQU;uj{C>Ur;7IpoObUfYL8c(f7ABTZ!oe3*1&>xjp@5Dh7qYMx&4lN@
z7sb|f#pL=TqJt_NEKsM!7<th}V9XnXEW#JV0hPQ<2H-*s!5hzoLqI9O^(Oo@qs)*Q
zLLnrKp}rec1A)5N^v2X2+h@HY&JJ}W9w%iD3xXydhh?>onk~3tVdV%MFMwkGDU7a-
zY!4YthI|OgN@aAc7c3m`Mj<@l%F2<X5u(I|oX@}%jxlNo)dn$V_$}Asj0y!(O9-<c
zqOo$sX@cgTG}xmSdMlP-?!q95K?<c%r^r>sFOj-~Ae5$)?E8@s25G8G3GYB)$fyzZ
z{$_>o#%yGj49Bv^MJrvf501J+_GuTC%_~Ln#)-f7#RvE+E8%8%!Vk((?C?|C3z`Z+
zXZhDj%hiI)Bbp})S!?LSNQ5gUmlcG94xv(YuM9b4%l2nDXAgrRCZ9;L?t&>Ci;zlv
zaz}+)i3OBp0@4K)#L8tBVHo9z3tunONeZ*l@)hSx-$=(``6EN#?(A(rrlW@~!4S>k
zqmLJ^O-=bF$O@qd|Bjj}62teHg6*Zr>HUa|(fxrq7(Uks*oKh%$&FwNah~{FEM_d)
zl~Y2J+T0xkE6#k6-%nR)Kuft*1d<{yeBJ>RO#w{b{qxls1CH`HOtg9=4#}ZVw0$H;
z5?CZMc_x5Tek__Q9s#nj=6OlA*PmPr=!wCh8j+cRbEW<dW+zDqWj;YY8iwK*A_FK1
zJq8K?4il^?T46YGVJLre<c=~-FEDX@6#h3OoXn3x%z}yVvINv72;HJ#8E5nzYxe(Q
z>>PtL38FO|CttWpHny#eZQHhOI~&`!oosB|wzIMJi=CURfA`0on(pbTL3MT2Om+1+
z&-;djXGZsNa-haf5i%>B%S|ci8o-o;kXe;b8*<GEsc=;r@`1soBf@bcK|QV&WP-B7
z%T|x8s1Rs?;xOj1t8lG2q(c8BPiNgTD20(BD#!kj3>mZ#uqY5)xuPkUPl^nVE5JVd
zJCYD+=`tk~u>r!(Wm8^Wz-<<IDHhN>pU;khRGBZB5{TVyd@MmG1dcGBHuCqD(U~5x
z&5Y>PfWkN+gz4|MDr3M{%NJHgStM;?l~Gp2=@PL+X`7&*U~$3V(8md5f!jZpf@4C;
z;svn$pc*m*#-B|^$>qHHD<Og+Sl8*zu#!|}!?e&wL*+noW3_PpnUM8A3y|XYTSPJn
zx;7}_#sbF@Fh&B9Nh>@yKPg=-MpX)p1EuN5=%m?+h4LWSK-iDvN89%T0+f$H*o+SX
zW5jrvxPuEih8ejtspDic@MTcCj1<ICpzrn#TEa1c)`PTI25l&h*D#5#z+q<y!Gf_7
zR)~I*5OYDTplbjk;eVpX{t<N0-UGFpM}!Ej=|*t{Ya0m^9)mJR-#hqpHsK`vnHKY1
zu`_TT=ffUD1jUdQ8dsn}jCEYD#+ZWG)1q}6l+94P;Tc2(93ln`PB>zLUBd@*gX<rs
zll+6OTuq4KT%<A+S+XoIWx+~^4j2r43(RnVvL;f&Ae(?x*zW%pZD5Oy*hj<lO=Lg?
zJFd9y$Tya8m}Y(v#7N)kbtCuD2pHp0FfNr^LPN(#0&fQAGz`iFbH~6C0gI9pE>N!E
zh$ux;;zT4JoC0@-9Cvt2foI1ahQp^uqg0<0r#$|0V~q`KXLO9jk!i<q0C()9QDhI;
z#8F8KqX*~Fkl16PR&)m$&5rRT7L@-aN<x%=&^PfaAG<F;R(!e7H)i3J{SCz?Q3OQB
zUdy7`!T~{uC>`W8Sf2&I1MBPd2Yo74oKoq-0!hI*1>gH(El#5@X8#8Tj8iY%0r`UH
z>qNrI5|~^qaUwL1-vAPJg~XCuMZ||n`32FpQT{-e;j%sTyALF{fkzC&NobCoP$)$0
zTPxR}B&5dWi-+eBxKl0U2tS4{d^r<y*fR#<i%zFq4g~%5>DL;Oi>~WAOuxp=14Q-_
zz&mpO<U=}qdvnCvTVo;ui)7U}5I@dW`|(ScRVL8xJ#3_{t%v$|et2e|1qf#IV;>lZ
zFK9d;wJq)O?4-FdC{MsNfe~g$<TD85T^_kZr`eo$u$4<egt*}X)e5N;r4p(D0Gy}F
zA3PmlJMy0oRQV$;D_^tG>2)TI{q$E-D4{AgSPDenC@B~+!T`b#GNSCrhH#62bCfCJ
zp?z?Qto;JE;TDwTT#U?E|1d(CRcE#73n3$e!sQ_1>=@BNVI33E+bZKJLuj!-1>huS
zA?Scy3gY1N5QUH;;4qNkh(8LoR#h)Z0!~2%mwNB+!`3m&UAcY;HzVK@RN%8i85OVW
zYb6<WoH1?-)x?1fD14;`ccftB+z%>UIBc0=9y1NP)EM&FhMl=t;dm3;G$Zal;4ZN_
zY$?`ogYLuMomH=R3g~<tL2r1209E4Rpbv`hN5g;s;9I5bKf|q8aDc)^pg_<Pt`Ohv
zWv*znUsLkWy)FoTh*K4?1b{Kp2cK{)it-Pus>3g<f*3IawUN4J2U?-+Pc3mmHtZ+?
zX3ZF~%T+E8KE>jIW)na$QCSn|fyXl$;)6}Jh1JUUq@@zM-)?5UxKK`h1X|?jAKPQP
zGey;|mkZbNW-uLnN*H;uN49Uy+x64015{lh&(-HYz+>o{B~|fVCjzGFyRnB^d!a<M
z#q!cvUu72^xXID$QEoWw<|t;ormx5tO}*xm@Y;0NiCz-!yy~yHlM`w3nsbGV)zR!r
zDsY@P1h*kidk?iQ=fR7lRWqsRp$b%&66YH(-_C80lRp<jjlYqkcX#MBd!C9d%a<xW
z#r-d-A?fv!R$24YhdexOQ?;jzHX*cB#6Nme*oMhC-e!AieeN%9<LulC?s>)W%o%G%
z@4RriFV-e@{*{Usk9$j%lIHGMF;m(wW*K(@rL#P6cvZNjjdl^ORFiNF9~PV;21G1>
z{q<<%x*6oepQ*~z3cG@6MzkK+wne&_(&e3j{3VxT-_n6J`-_K!-pU)w@HAT3+v8dw
zSLH-lzh<!6s|Pj&zNuxBl(Eqg8w~9IHvim20f6c=syDCo%40s5#M{|bZ))d!{2XRd
z9KdOu!V7jazAlu3+f@(=$h3>q5yx0gXHk9t1;Mri!2DbegI~rm$0jEH0oh0FbkOu1
zk@OoP`0JyGh|nV9SKnLJj}F4fA&Af<oz%;pdC8D^4>=G6$s+%hE+KYGa{AsZ5VPM*
z$6o6~&l%u*qo=>JfVdVVWZ$#3#1JE}lP~Z+mP_S?A_ejc)c9oBnW)cmQ^LtWXJ;v-
z*>|dv-MW}rJeN}&{5c&nEJyNRZRfwL+DX5PuIUT)HB|9anWUue945MsXS*+yM_Eb3
zQc>0NHf^sqi%%?`mSH!yTw-_&_FOz>XAXFRV&(o^CD(#WlW)^HzbaAts~>Z%vAj6@
zT5YZ_WF7YMB=^#&w79O$Ubl22+i_S&MA^1G=J+taySwSA?lmdbM2t>zZ~laC)${hW
zzpa3N@J4b(WL4p{;KyI(ZuFL)9cEcoK6@+WIKv9f;Yh4}%D0WPo^|@V#VUpF!q=7M
zzHhO)>~83zFwJO`{F~m46_zAUAdTl=LKj8;*Z8J!do<j4bTR7SafXooTQF5E_tI*H
z{yMLG*?s{3V!fB}KqdR5I1*5%^AlX&AC;(XBehy@gRP@*#=NL%kuA;K-)}QB!_>V_
zN4U$*Tjhnr+$}QY5;*3pyh{DK;bQcsRoi9t{&$+5O*@ON$^_7w06M8lc6f4x-jXZ-
z?)Iv%6x7i}tNSP-HX-+8Vy?0jEGnAf;euGrRo{i@s_EC^c=YcOz&2!pAd+0M#_&jR
z+Y@if77WRmJ=W-oES1L7-A9A@Jm7Bi%1nn=S;GZsk91OA&r2`PXL!2PO6(`XOs9yR
z=@=JjhQ8mbq2mo71AW5XTgL-JO4+JI=@hP{S&FHC{VaA9_gek-)L^<F<#p)$2KxQ`
zPwm?{UcFl8<A+zQMd3k)M}2P>7;b;FKg%v*M_aC9wq2x8PpEKMe!cPyZYwy4onG>j
z?xSG8$33iHq5iEV*QT`}3gxm5Uk<MQ;FUW|#0m3edlGM<Z)1HsUC0zqT!DnX@c-=A
z*E+ykn)x`?Zn1}a5Ea=2%Zd~q5e+G8(X$NKJ~8_z^tFMzS%Itn3E^^88WmP-xXOX|
zfWTx(0fr<q2aneuFFld^*7O>4+n$zLKWRDYl;>NEFk>{)ep2NU@$LH3rMy&z?pE?v
zlZ}Bzi{I>G4!ojKFH=X)gK3h=Vc8JAy#Dj`gZNnixBWb>JB?qpRwtSRiLdRQO6~d!
z)ipK!KI{sMG$-e#7H`k#tK4vU=Mxxvk+Rh5DgHsB&xvV`!}=j5w{hFjVN0>#7pdl^
z*Xhe(=Wjbz&G6D{&AwY}>xrvQfP+p`)h1Xv-tky=6WM4*a$`w6g!!3}^)!vbE>xOF
zf`O~==$x8+mGJjE*Vk9mQW8CECO4w;h1s&^Uj}=}OKd6SQ|#`y!nU!!K}ebu!;X%h
zq|39ZgsjJB^wPJTx@DNPw@uo;O1D-$Q+KwF(-YX?r|pRE@uuH}!3YzL=I8kumNAMR
zjvAi$Fe^q1GkZ7~M`GcL833+?;tdNDvs>~)xhBP9=r)FvKd-sn_OO)cDUOv!Qoe!~
z)fk#9GxLm}Lp`mgh#&Et*3#q9fGf#7QJMW1V&;yoR+B-&uW?nLWp&%d>QiYj@%7)E
zm#N!d<3*$|cms#~Lh%WAtAr{P%jt)ztczv}N$u98m_;@lf}`J87W=v_2!Gzt{Vc>E
z^6uo6W~klW(OY7)-^LbLjK(vobW=|L?E)PyclLJmJReK9Bl(!VfK*2x*ElpYlI^^^
z(CA20R^Gff2b&0x;;nd7^w$ep1hSZ}P5tE4tw$Ng!9}r5et&>XH^Q=Y!P;6f&b=k#
zt9qX^rri?LmhJ1BH<_KSGO0%@QZboS93wm7wvm46{`)FJNmxr|B<&eXo_2A^Kbz3p
z^jI!)5-igm4Ge593%zZdyQ?e{)U}oEGuH4^Gd|EIhq-5Uhg)~;ER({lVhB*}Hu-%I
zCRQ_cop8JDwLC7Gbt~W>A7C}nl=qN%c4-a98`KdG9v6jdytfOYoOh1#{d4slGxrRy
zGNR?3GjW^jgv;p3mg~&O&^Ov;TJ4VaehrptGfmPU-RvB=+b`0d3GSSsFsm)(#w`1z
zi)LAnQtUQY0d(g-J7A_OI+NB}`rul08dDS(oQ$2L4BVD#xxhCw?<Lwb;VQ`g<Rfmn
z0;jKvi*;N7?gt9iKKyn~Xll;@MO$c+w$vQCU{G2-<dekD?eKY9i0o@$bZd;ffdCFC
z9Y(<&E*u{8VijjncEq?dEs$GmeROwlbhR`o#<N^KrFZ<j*hbR03+nDD^E<1Zkkw*J
zO>zWV#A}Utn6Vz{hxv0>)?<Znl<?qNDn(JcKs-aVYW#63x*O~d;UVwaKe_9^@=?<%
zA2Hxyg;=yoWjd*Ih;xJ68oE^5{oZJjqPs12h{vp*p3q(#Kw5A&Jk<S~ARQ&?H<=de
z6#MTyK3>+ndA5z~q=2Esc&NSOvTLp5XcAK{uVi&qyA8>SE5r7>cYa_N<w%{UgAGb%
zf=@p+^_Q8FtY)Uq4SL|}UE^sgd&sPMW-lDO&#D@uUBbH1=XEpt44O2#`?@>blZ`_}
z`%(G>iT3?!MSa6vqngiE56w%0?t{9*5eV=B<Rv{pv3LBS;xVR_dzS7jr<zQIBkm;0
z=SksmazgZG_!X|pzV<uwU*{aYCsyXoI4$dWW*`eI7eG%jUEjmSc^fu8rEU4z<;}lk
zuWAFB_qxc+!uj{hxt{qrR@?RQ#CPJ*cmrY=TPL`^V=KvcsKVO);nvn!+AK0!E!Czh
z7dxTpEPXR(;UdD;ScU^{CA8803H~{|{e8XCSTPM0#Yt-IW1`uvK>^*r)N?i}MXL@S
zPU}s>AJOZJlcSaEB`z#U9oA1pUe}3F(HvL}J&VM?a+YWR)<9{_{??zStX#drxp$T7
zyNg3{yiC%c7haGT?)?h%?u2jR@m}ez{(9lL3*TYeBF4<~YOojz1cLXdo^)%I>r?E$
zayK3xSf30~l}@*mlGoZjQD<dgY_&7n3P-=^?_k;;*~GZ=y+T}vP8`>FP?a*w?yj}9
zHF!GAg2&CRNRNDMq19#9VbroS{n_L49@#37!SyWZGVL9;Jh5@w4|64-olf8F)$-M<
zx9WcmGUGk^iyGZZba=bFMdq)G=`+N<Z8PAi&ifS}uZc8H6;jtp-~Hlq+2n!v(VE5n
zx}$TJOA~GVxnam9R$paqXI<rOcVaqG`DV={ePiL7^2fX}v#0@XQ_89J(&wf}<abk~
z!VB5GFodSN=U0U=ch-1lH`E0xx`xe?Rvw0pPD1Z6mxH0;o=_sc63!=)!{oYX@X#B(
z`Ho9=0;{m6lgncUSX7Sr6~f~>!&Sn!#F&H3ym^oRbaaO?LFVT<-aoxp7M^r5W_lcP
zUj^Q}-=Xy5_8SrEbG4;qXY{@2te>pXPWaxQrB2NVg*O;!v)262w0)+vhNt$RwNLz3
zYdqWT<^$MqpQ50*)1AC4v^()e7AD!~X35U~&Ot`&y_~~VOaHEr*O?WG&rG$Lyjq{k
zj*7_BIk_|Bu{(;*;Key_7u9tSTEXEku>EYm`t+U|#p6fsavpu%%3>xko6$erzH{7j
z38U*Wk!{hN??^aMY29ye?TbUwj=iLE_3>LOXC^zy*uGSlt(e6Ft~hZ2QA}7Viv!j@
zibv<Ns5{-h9;TPux;oePTBW*>)yDk7I@=vZR)g|14Zc?P^0!~9uh-x1oZY8&UXtb%
z_oxluY-_vBFm1NGoG2fuS^n!?_`w66H(X`zyO!ykwc6@_=rpfy-E?fHQQxq5LrYWW
zYneWL)>P$wnD!k$mgQKexXQRRw>rN`-#FOtaNk+ImxW~Nc|y=uL(;j{w6<67E_|zZ
zw3jgvj@`>YJN2!3c(O(T@6{-NO=0)ed3E6JTi$oSSc;t)D`7VlVz?YCUm~kLrc;Fi
zD?=G@$vH5^Zax-AD|#3mJM4<e+q~$BX3ww}-b_T%y>Te7)M}D{WjX-5N_`cB<FRu4
zN3&FQSlN2^JC8t37M{%u^7%J}D335R<h{7;i8kg$r|Qu3beK#Zwk$~GxOJwj2eypj
zd%?+5w6F42In4q!#i?t|zNV`(tUEYvLMWXdD$%k`9N$HAd)~xFo3EI0DXaI>_;Xyh
zi-8Y4EL97;<+hz^dEuBA&7Y5FMRJ3gsE=0^l;+Cn-iEvOsh6i~>mTl{vk!+alc$9Q
zVm1CbNU>=V4X;yIlX7E7eC*$Re_c(BS7xUqAI0;-aUmP(Z;X<e9`L$P#KlYJ4m|wJ
zJZsHwJMSCk!_3*3mpq&ZUwv2kmQXeoAH3Cc*W-b(4CK9=51E;y*QaW0-W7tQSN#iH
z?*YV7N_5|H8fo7_cAFFHmOFmCh;uowpLdn)zSu{`zr*+)$Kg9E7M8*g3=h=p#yTU}
z>Mo;s=(GvI%e=#WwT`0CbPjsr8XX&Km>DZ$kI=`5S@gzs<(yHv@Z2DmJ-vQd#Yq!M
z#`4mhbl-F3v#Hu-YIo6DiPY*~&DwAJm(c;=nr8$DiyTkf(}se(I#!&7JvbMO3Vhw7
zZ>G{?LDvDjH{v=w-O>f_!(|JdYc>AEJ?U$QL?`;H4HV=0Av?@t^OIi5+QxT1Jojp~
z`R{V8C(e!AxmOx%TOYm!{Uju1kWx8?NumB*ZJ*uwgB}VSmRg?n14-Vf#C)_=nI1Y$
z8x;Ltl@5yo3GH2w^5<8Lu`Kql*I)a5CC|%(Ar5R`a+e)7e1Fv6qD4rLpq4CD$`=<%
zn4H40DsZfLZLV*+lZE8$WqQ5Kkz*SCKej%_`x0cuYr>ywBc3?jhn5c}59n8mS$Ru`
zp>t;VKieuqwP-kccYtH_Nu6fHJARJjN^fJ$8E7L>bw1Bb2i;_<Z|gX9e9_6>)nc(S
zo+9;#>8g+X-%QT8V95{!_Zxz4oMh)PXbYx0LL1L;#)H@*^92H;yoS^%?(dLVWH;2D
z9S9P`eD$d;YI%0FT)RrXf8me*!FaZ8{3`6FNGY->!kC<fo_~KgAr1d&Q>!X}c>F@;
zWc~6k@q6cUR__jxYE_%a)TYL1{mEvx?<rlEN?@vLF!(Vg-bL+S%=JlGGa<FIJ<?~l
zSlt<;xD&h5b;T%Yew#pM{@5aGce-}(TP?RcI&tqS^9D<GPOa%SU#9Mca?KOM9Vb7H
z(~<R3eQl;E$Yg(N2hWAIJ>9jiJ!S63es}&pW$wc6zX$QvFZXFCkud`K*A(=F!Gv}J
za`_Ex`_70YSjTR@UXU)Gy&Tdk&sG7><xOLbtsn%RWP-d{(=cle>{DeP^%j*CjZd-k
z1y%c{=K*yPix2P3SPbroqNMtrs<E0@X#@ipAu7zpU{-Qhh%#76l!L&9b=Fm0d}n0F
z#ZU=o9?KM{Y4DZOwiAYarkY)qw|!vyRQAG=e>e!5)jFI_T+vYaz$$rVW`T|54f+;$
zmV>ex`bRWie#R#RF<wIwapa6Yc|xt4N25J(GD3JQ6r|aMP=Q)p$Ze(LZlUA;<0EIP
z?Hcp2qiDpHVmR8M?WA+*PPfUQeX)_Tz}L}H-PI=zzl_QEdc4Ez8SxbV<SlpNi8tiN
zyR<Z{hoYB3^=7o{ot37k{(eUs`&t?M+PMCo&il!P$^w<tT6LLEvZKCW5nT-Qd8U7U
z^$9d^x`;LrNoAX7@rpd}O!6mE6A6aIhRD`)!5DZAOd(=_=a6e^->n75)#<9ebaEHj
zP@4&5fV3v0gCvphxB|%c;Cwd=;8?sxgozh8b7onnxvWbqXx@!K!<0@6_HicD6T*@c
z!eGF2Ju20ZtR}Q+h;p3<jFup1#t6)O_g~_RUAP*NsOC&7I<g;P3L&~=KpBdjOqutN
z$OF>U-xFQd1AH>F*$9Yg#ec4nxZFzkKR_4GRNkq*IuXu_Ev){zy;;ZCOka=t5!Yiy
zP!;i-{&W$yo(B3)8z;GZzu49gr{DOf@PsL~5%a|Ou`rYOE#&qRLyGD>=%vJ=S7l`?
zt%(!m=8QN5@rXBP*#g4!Li!WaTmFgc?5qj8cL2Iq=(gyjM=BmW@9lf%qPgj{`!sd7
zImKbQpN@QamQ6Y;(ELQF^M{+=w6v#fc+k$Q(V3s~{@sL%KdSq_Yf2Gwq3!C=0(EcR
zbZ`FL@BBfXRIJOeiSs$Y`vKYOMnQL{KRyV&K7>eG**)kbX>zXm$L|h0=l~VigrP-e
z$EvPz)(a(x*2<zPbIhx{vn11g>%OJd+3@|j%UIf(ejnz)%l~eA-wpBa0*X@bXC4SZ
z2A~3d0?+{H01N;&00)2zzy}ZlNC7ke27tvkzQ_t-18@L%073v^fG9u$U<42V$N*#k
z@&E;ZB0w3S4$uH-0<-|S-=L!tz~{dZ$0$HFAPJE24K?O}qm3niIzT<30nh|!`vw|&
z0sVl1Z>Vwj8)}^R#u}Favw+e6H+=Zt;qd<pK2&7kE6%0`0r|`Jf5C^&E`~1u6Gl(}
zc7!--8AU}g5D^0h5Q3q&CDXx#2S}}@$g;T;Li`dSg%}$!+OAmXCJc`a`0c&@!`*Rp
zMQ`59(Rz7>=34Eh%G&zsb%y<JJ?lH6)b{{u=6#m4_s$lOL>fB_dkhrw!O8lOgl?S9
zm^g}BeF*fh{BX(C3fakLQ2?V;C81Tbrkq5X$fvAS%ur26KGmzDEel?xS<(VK!bY%?
z^>5ZIP(NplL;*J)N2h`Rh}J?=tzJ>0HpCKD&BUN#^^&rf!=f@QsTEqTE6iLtTcVb-
z7d&H;vW-Z|{iT3inZ1BLMWj^FSZWo;B8FC?pr&>X-P21|r+~$pydx!whAsWm%GPnX
zPpBkUNd*%jMeMgw$qF*IE75CBt6HT><P-ZbcJoetYXA_3GAAQ1&(yVDsDftxX|xy3
zOE)2<N3M>tat^&p8tQ#f6j?}Jv44OrCB%!x-+SozKn$-$>D1tqG5XU&w4Oo4GsvoY
zrBI=QT3v0Uaq`)oObF%-@(1ddw~T#JQ8M-eJgR6A_E*)pLA6SO=$E>0K!aAr3MCxt
z7BLESB{m%)8Hji|u61*&wwjdrT-4641(8vC`J6@}?*iq;&~s~{R>k6=sB!WAN@*sl
zs&&3Wr|Rk7Q+Qb41UX$xg=96A<g=15&XGzl*AO-PCjwO5U8E6}C7MVY7dNux)P;hx
z%+S}bj5?Zgq%8CNiTRxiy6BYQjz}jsN?LVn+NC)O>%F)26-rmFX7oqh3ibL?*<B=R
zG$>fP2x&zsRh3XLs!yJwNTZ^bv49b4x#jb6BWsS^`ibVt_M6!pscVixTekKz2#1>A
zq0knQJa?vo{h$p2fj5?s#4!uyW!c~|v(&}Z&1f4Px3ER{iF6Ycw?a~*hr|6n|2$0K
zy5vN8t_i^1U}-}b3PsIYu6cS~0+Pk0>4<)k$D0kqihy~d$kSp-SY(u_kYarM7m&$Q
z6L*P31ebAG3MZ0Erkg<VOBNP)KaWO#aQ-G$>rQk*(!c3nhOadvSO4jm^38ZbwkR>_
zi%E~dK09#@POV6h9+)!%zy_R!tMi2kk1^&TB~or_GQR65-oIdfeBuIXWzxo<osT4y
z9Oy)y{J?oJevuLTK{rNL-2}bTcYszXeNr8FNPbv?ZU>%wufHOy?25Y!mga<i1$mAw
z=LLBQiR1}2B+IWc7S{j{8Un6GVFpr7?}?#^O5X@K^@b=&;i--pyJ3vQdj&xI)|iWb
z1CDD0$VF&J1CM?XqqBsQ+vN9wO2oo*hLcDlTQbV76~g3aV=k;ipusO2p&v~Z4AD-6
zkdrDf!YBx1E`$h=|CmT2za%_>p`;S-C=73wp~mnK(xJqV{wpL1kf;C2fFfx*u%nb2
z*Z~6>B|`kz0wUxT7{&vowT}7=i^ZV`08Q8ta4{2ar&9;EH2IqxssQHx)<l9K$xvOe
zorK$l!EP<~vcB8Wi18;pXfl$pmvgyP@NEfz;wR{mLMX0TP$u;946PMrn3I{JAIm-%
zWNpB$xdcBVD@FmBg%M072z5NsZyALcg{z6eAdY03sKoi;pRmONux1iiVO9d=`z-sR
z!~w8|V+yECUgd7)iUqh6Iiex+!O%b3K&>EzLmerRg+dmCDI!6viko5BAlSesx@bjH
z;IW8AOze)f<0oo-Ai^Gv<`Y=<5kQbYM3_uSJO4OU#4xJOVZd%iwV;Fg(uz7G>wxvt
zm6R96;G$6{Mxc}!c?1?cYuzazRs8<Bz&m`KCJ|`XM?jVcL@5a(rO7K+KnLHj$i#%@
z^)<{i#&lvir%D{pH^!a#N#QwmIK;w4tGm%pQD`}U<n&>%<rEryT)GohiZ6`%`2!dx
zK`T7skbpsnB903B0}#MD%xsc9o~@TYLp5h27kHVC^7*T*uXm~<52l#VP6^<jp+d-A
zA(9y{xF}$eITRo9rM_s8R64j`YW%gp^1Pb`<t#h;Sz^h!>4Ga8EU-wZ@!KR6ceF+j
zO6&K}Oc+sQOgU=d(u`~-GQz<%=F}0qU`F&5IaHE-5WILGe8x-x4ExYTeuTqMFg0>v
zv%`4raDogxBQ#txate;Ix_Hf}F<ia`(`nQKdT-vpA3Pv@3rgfsonVC8`0))NV}Jv1
zAL1|~iUyh?GHuAi%kW+kd4n-Ya`2lIM686%F$yP=I3sbsh|UNTd-BC0O3Vv~^pT&T
z+3$YU7TC&`Ml7)XETv2)wNzLS_=AbgoNJiqsp6>f3dmsfKA}^Cj5rX=bHTVFAZmT_
zQp)LcOQZFSWYAHDh9NA-aA*Y}G)7}W@XjKPXtF~EKl&&`Y1u*$LSH@5)u#FnG&KOS
zqynOteNtEr5Q9)e>6zpxiZBL?SPfG@zx|FSX{)1ull@^tkc|$BL<XTTmp}+b5M!j1
zjTR;fP-QeJp_&4mCuwSsK}(w%s<I@2q3we#GMS)-auTKIk}G|`2`ZE&b0E8bFD3+w
zQv(~Wsx-o-91~EF9a=rYhyhVm5&@)ysOJjJHiX3id%&W#fr6eiFeI20Ay*Lru^|`s
z3osP^VS_Gf^4)VY=D)bg=`>5`jrE+kv{@n3B@wvg;Sg&)q1jP}Gcas<<mCB3`p&U#
zg_YCcmgG$g37qO9Xl+1czfGGc1L#b~ATdWi5x&C7$%}sUp)>t8QpWU>&Knp&cdn<R
zwE@V=ghVQWXivmTGftuPr_K+t`~+Kb3e_=$6@F-^wSk15G&Lkx6v0=ChSC5R_KP;W
z%*z$a91|xBs4*EMS58M*qS4Smg;uVwH_H@=voHo}i6qKmnnLf_vJi?80@0q1x0W$H
z)oqLqso6IOp^Yw$ATAFNjckTrx6%sS(N?t)rBN?1qS>$r3WDWqvQN7kMpsJQN4>Bp
z#Eb|q#B{=YD@_Kq-(*Aa2#*Xa%Tj1xOY%LT|MSyzUgV6{d7et1{eEh)vZT85Q~Bug
zvr<sh-*umkM}_bSrWsfqaVA9NsUor#i2`AE5KNk(k^KWUl{8G6$LZG|v4|X~4(Y$X
zEKs;bK~z)59uCZVuh7drYjQ#BmOyeAN(kZIvG^<*^*+QAg_+tuay!V0b+k1ZRIT!G
z=r#1vt!P6xn3fcBY6TdBJjTCl%IUmIjd62BY=|R#BB+~|g|O5pAT7U%T8-0rgRY7J
zc(9;07{YFu1GxEmvjbe5>A4|Sr2udhQn2bMB6s6-@Sv*#0Lk}F48qsUAqYXQR_HBp
zzf~LSKUfsO(Ii2*`{Li2roj6V7kI*>kAM-vP9Ay3B~e~4Lxys}_jbXiu9gIO9AH^c
zfhMOuE~K6^i~{5_$R5D~T$4I}Qn>JW-#_0U5nJF_^gE6o8;O0f(reI$c9U=-fW%@c
zJNsd<M`w6P+GL*C5oaAz)7jr!)S>}|3m85J5IiKpn<^IGiR4y`CI7q*fei>9xc3D%
zI-X>&+i+&!P{_GI{Ph|^e$SfmFf)Qx6Rara(#?qWU`8XcVNL-~NVc)w!VhDedHTC#
zeC#igAaTqVXrL~_QLP7X%?sn0=ZDwCjU|Nrgy=HU@=;D=hF!PU#J>;&$qYY0G>FYE
zhxryd`%vn8;NB#5LDAzL<m=<^=?ok-cEf#(>!6d2bNcxfHv0?z^q||oKdKuO994ti
z#5|;|iF<*sQC2gI@-3tVi5mJMKPL42phdZOSQCHcsfVea9pPIr4~iM`!h1~614oZ_
z1%FIH%zO1Dsn-kiEl&F#V(82DeFYXh(iQeif&mP!-wX6HAs2}a_hRw82UG^Xs?CiE
z&JO#7>T@G~iz$9X8sS~}gFMdTzaHYc9KYAcJx-*J=D0Ue;ByevRN*{|8|B5F&<%UR
zJSO17A4fh2T;4g(5@`^8Kl~QZZm^B|CL#XqDN{}INLXFO1zpW;m>1`K^~Wv_;S7b5
zdxu|N*iC~V+*qRZyW=$;Tkf0^twVeZ(|<xgGsv);Pd|pRMwJ{dNn`II->ol{mZ6e=
z&&(HYv=jyf^?>bki(^Nn=CSEGr?y<5f5zJ%uVXimThEP=Z(fpV%GRZsnId%jVHsv4
zyYP!%mcJ{-UqQ0(NaOW6OVmvqbT)RM*hUd`>~i+y6$BOb1%Ey)ML5c-v0a|MdyhU@
z-Rr4sEAUyDy;vICqUu7R$kxAAqKVvzo4?c_Nss<0VuAwan(cYOW;s`4Mnm%Do!GGu
z?b76rja%k2o#AmiR+<Va9Sb^JJRGr%A~KsjhEwP<Wi1ib$4&)K4T1}Ug*9r4lD&1~
zN;N0|WqPpa(aJr1&`eB9<kX5|<&}W1XXQdAas?HXia^>Wtr#t7A_#rmktC=yS5d)8
zp(3p!SS7__siKh|#flhE1@<orm%fE3{<1^*!aeeCpZ4R6im4$z1LZV@6CQzIyC6ZI
z?^b;A3zmDT1o|3<p(H-te7{FGz4BXZop+!ooye<w@#Ub#UT3tQT<P@B?_ZA6TPkPY
zP;{N(Q?M@>xGLF{M(QTxY<B+`k2hUd)<K(&*-OZO8IaJR>GJW~@5FnI|J_l5yI{?`
zX@#-(FhbVT(wx<c?9Fzyy+1_SxZh~)9pRnNo74At+q~qSjpM_=yT5_XJI?l<_j%Y1
z&mWP7#*esbXuM+M3TutU+mA2Y?rd*wGPmCBzsd{_Zd^Yy+)S;$89$eVtFyFJR@`K_
z0a&+kfAYIgteRkz+5&ZOTpx~`kB_UYzks5X=*!Dd>+O8I@3WiNS-Yb*mXC29R2}Ds
z?wssiTfx>N(Cb&qi9$&&*)+CEXR-Hn-1qs~{FWQRS2)B3Z*e&qZ()nmY+qx;%+f6n
za*{jWIW4#E4Z3xueA)`P?!)WK@{g6FHCjz>#|sZPU|(ikTuT%zcTWWVfCYk#mR8?#
z`J&#x?>+51?xl4R1oJ6pEY20$xswO7ih{P+{Q4exV($qu?=1dqbyqXdTjMC>gB9xf
zd4H^1+LWIQN(FtMoO5+Km@A4bXJ$vE#8{`?t#53k$YFJlQ+C6joh($}9^OZhp1f(j
zFT7}pXT#*+xKJAoriMEaYFQsOuZaq9P<i8O-{l(FjlyiZm3;->UW+wUv(^UAT5opz
zT<x~^vRbj}GqlTw^sE!0@{lx`Y}4aJ&#H7AotsWDo{GD&I18;8hZn_<Z?rrgu8$WI
z^hy{exoP5xi=n-MHZ$rawDdX~*lRXwsUsrR;=YX?_XCIae7yBjpYA6|qv%^1nXelD
z>^)p2GyS}5+Nm-yJzZ{l7c||q#<T3Q1oL#(GoBbOw=Y!~ore^<0F7Vf_HTp6Aq44U
zdityJ>ojLkpA8g+&aAc{Z!+W^jn4Wvi{gsrg@>Z_yeXVFP`R{<t_0}h@czoZUnjqD
z@ObP`#9p)Gb}y<rT^t{-#1rny-gE%7OLU%XHel8Mnw@S7&FteyU+Eu{&z7wlT9weB
zxV@@gjMcjDdj=0h72`B9(u+Q;c57P6FT%<}n_w4Ly*kml^`3z*E4m5OIK6&;<!m<s
z-XadlvhNi9i8S5M+S2ZubxnkWQ-fHI0c~S6+o8q#HDw<yKF{kuaZSvNU8{d%v$=+?
z`oal*F}Jb@+cLi0Mm}i>dr$sZQ71|(V)y*ex_5QSaa)hm_G{8oUeL%yXFZykhg(Ij
z)ItbbY<c*bw#?7W!*R`_<t05t<F7%Wv~h@bWK;C=c&VCWSb4VuJz?fg4jfp?RX;bc
z8?f4?bGDnsb+~XzAwHRIV1P(NleI)_r2ar(<=`9B*68#C{wbNgi{tv@o!jx+TUn&>
z*>yRZZkyNS*{=OwW`Byg*OBZ)dXWz4U(|(0df*1SNr~u0HI4#N<<-lLMn=fk;#;TC
zb-yYdh1W6xiKzpqdQra+yPiAB3XJn^l5*nMUtnj_XJ0fpj5Q*Q2qzlJ&joh_u6=3l
zVh~PV+Gqdfh|Q;u&1Ezn2=Bb1NI|c5ZjO}dTb0|#xXE<=wV7{c8DL}5&2BR?EK<HE
ztU7YlWvco`pflwYPgT(<JBC3~Ep6j6osup-G`;AekbCSU?>ye-3DoQcYU0J9MAh{6
zEYkTrCCg26{yP;qDtaZ^6!+OiS@(~etv?{}asrR2Twf)J!j;i_(jCO}u3~XNN$C99
zGKh2?;mz0bb(q|N-MZMpWbR_T=OsnK>)@@rxKFVPcJfs1<@sEOf$zw5v?eeamo2xs
z_2M#^Rr`na4ks&d_O*MWnZo&MwU@8a|9mV^yXK<y1!F#E_heVmf<KR)-Pu&|u7Zk0
z%Du`ud$y-B#^FhVv;HODzS*%~9*Nzg?)kI-*|S%dmbP7oY)+(hqR6i#Q@06`RXugx
zpZz)0`wRN|<Bix2?!m{<t^ES+OS-c0!WU8-SDAp%7QkfV!`rQH<Nvv3bmjDM<&2E=
zBL3^5=gzNfy~6YXp~T<0<tr>s-_>U8Hs4Dl`ipfxS8v?>&%fQrM&@QFge-DzyBu1}
zFCNd<kFz(t)?0!&9Bh122dnOl?z3_kh0DZ_fnKtqUJoB#nfsFC#vzO(WiXsZaOTmv
zC;-*c)6cc9t))k&_x|{XAhJh)9lCmTc$)DXuYt@}YAZ>=g*yucL*4s+<o(ad$_1U9
zP33O)I~2ax=!Fl7?d^ZJz{_mu-j{QEB#%SC>E+?qvr*pI+9!8&GL@J|JzinwN@{}#
z<}cE)L7XXV`t(-#>Kya3EOU2K(<7?=SK*Kbiq1@7E@3p@$>S45-5i{G3Rm3^oBQ~;
zJLyOM_PWk@_DN&;P*;8|w>KN3{`b(XdcjIb3|xw4x5xAlnU~xBMLa`P*ukIR6f0pG
z==`taw&uoTGgCL7&J@Rb9}^o!qoCU_;G23Ho@qVsQnIw0XU${m=l^I5iY^y}n4J?D
zy5n(?AM=P%V+p9w@3c>nAE?{kpOK}V3R(<Wo4RQDk5hSg?~>gk_Ex~ZmHSbBR^hk~
zI_QXVMQr#xir=ERktI_MKW=($v+D9kGP=iDJw!#W>#1`Sa{0%5&R(ODI%psfc8{~e
zv2ARbCovtI7u#i#T8h20@N(DOyubVyhO_8a8tze}=zWv(xQI^n*>Rp?JT#qv1kCah
z*>Q5(p3W!vU2lr=Mm9=UsiOq4ojmW2N#AM8>JN?8llQP+_v;^R3nUw<<g$f>8Jb~Y
zKE>Tzm`jV8E?%QCGJ11tJ@08s-49C*`#135E4n-h%G=1E7rCuQuh;T=d@sL@pZc9|
z5K~K|+<ZEktT!?{1u?FnuI@5E{<$bfbQk{7b9|i`ZRiMY96-zK+V(clzbkps*M#uL
z%~eR>Eo%C*)jz#?qs&_+OJH{6Ajor|d^Kx$31qo2e6;<7`>%-AUv!+aR5mAd0yH8+
z4Z7mruyGc62WTfV=$^Prk-!##(Y{=63tMI#qjji83mkV}3mlHqj1g@5G+W_iOC01A
zHlKF*wB#$?U@60O{9)ad2e<MIDXB}hcD{7J$O-ElRl8}3lB!?lA2gSu_fMy%bwcnD
z_4iK#ufRWTqh$o?&X-S^Yd3-Lj}Dhl7Heh32$xTUkKQnEyurR~I@zfHhYqSv2ljK)
zhI-ti{w?B`idf00!BkB&4O^=C*0Pnlzp8b=hh9iB<kpOR4ClTcsnDH0i>q@w#hASo
zw^Mnes<e|RsIwh+olZW9NwCfuOo78I=k(E)W~fd&90;3GRahj}CZ*a*aW2qz!wM3|
z+L;FFSEt$NonZEK?zju*xI4Muqu!sR3uyc!kD4+t!q;}qSBN>k;9$-u4njOX^*QF|
zZ!>+F7JR*m+(A$m{lX3MTqIvZ2#Zwz6Q9xg1Y~6fwC5V1acLX;$07Lh$Ox#WGwY;A
zDG56pVma)vrlUe!N+Kq7gbb3FCNHI?DS8CYBRMQjsgbYrm9WoK=F3RpmFdeht8@#7
zWJ_9E=c<4^!{0KD#qG(t?W(dYIq}nLNS8+BeNv8MXa&h2VTUW>Vy^JiP|m9}ArY(!
z#2b;8o1t37n=u}*(RlHjy<x`zTqpoIe!Qp;zM1n;eLEZONb`REF?rqzbl12$N5^<r
z1m^%(rGry2%w0Iz9EsBr$=}qHxFckH;S<&`xh53V9yo90De-1TV@Z5dLq4n2zlx;e
zMcB!4D9LeB$?Kd<kE0qlXqRz<ytpJ@98iJ8RvruuJ`63`J4vA3qe)Nr#7MwJ=nHaB
zH@t+U(ZnV56(Rj{NFVCCFgeKAu?hiwmmK&-N1dDMfpN#eutPP8xXGiqBy$8`2~p?m
z>X}52Q6eJ`{WBqnr>uk#r&IHUYxc<k{&;W>vHQWUZ(ZA*2NJ1Q0NKasW%L6`<3k{y
zK}Zc!ei^|JNZ<U|8OqbavD?8l*jI(nM<V&BFbCDC3qW7hZ4{!&DIj$Y)$A<0FDwDo
zgBj$MJMffS@RYlN5;ox;`LKInMqEUiK(qftg1&kNUyug-!Y|M6IQc$L3Pb3fl!yH{
zf2Lr0o{1vAW$L`7iwdVD#0M$Z2Px=BvDQdi2_sq=iy@Uu_JI0~yy#p`WN=Zu>vy1*
z>g*p?EUkTLK*C-^j+1fBuF&$cqshIa4XYom@3Y23!Aj@7{=bb%zfWgZJ%2~fnrGt&
zEvD@172|rC%yS4?GI38vxgUgLp0i`nlo)_Zf<aoeB$YQR>cyF-L)7Is`M-sE3jBOP
zKgVMi7VcBfZuy{!<zA9!=EQ(6uxSnIvOtx;ab59Ja*foSwzaZlj<#I3et+*-7RD_L
zlNK|@<>VK?%Wv-(4gS0Z4Kzf4vXo0@Ya>7EG&S-#jUV5+DcpWEnG!^A_9bwCoI}l_
zSL>N+xy`3oFX1Z<%~|*rIKi(&tEN$$1P-ydKnsD<o>2~=be?&NAU`Mges4TS+aT~M
zE0Cw0-i=+}t)-kgW6hqx@8?wolW5I?Y3<ihAUB(9TFqvLxTC|}RBL*eBO99ojLlgG
zxTQnfS17v}o;}dWzY~w&1}26voIINZhDI^GKtJR30#5E_43Tq<Gq}vr_c=)ioUxH}
z4@EuXXa<~Jz(meC8)0Vu5Wgov3l`i+Qw}ji{ODx?0IS9>tJZ|xrAF>kLf`A)jd+k4
z1j_l9#o+VIvH0v)4m_)e@670O#fNezhH_RdfIQ0wo<-=rW`nA2@0k)nYZ@H=$>sfb
zWUNBZ)9jGp%?~x=k*|>M@M<`%hI(9vdJ|p7Ng!C_A!H0LgF-ojK?s-{!yMp86~>fP
zSKkB>2OT`5-##C^m&ocJYCsm^#n$A-)<)2ersy?QKG0qfmN1n8EOp!)^v5EGW+_9a
zsVDN}ZJ}l=267+<AP|GKp-aN~s8BI=*HTz5{3BN4j+=&IR}$$I8=1ZEq9Hts(+*DY
z^a~kWWS5M@SED>l<CQ)m#0vm;NX+P#4)2x@?v}=Wq*r{T7kt#1Wh~pZc2wZ_z>j?J
zCSJJ#+=|rki;VCOtz01eY9YAy1cFb)jd?ewcY*0$B;K3_6o-{2Kh+QBZ_R;)v)eGg
zTdlVSNGiBt{1sdqD-l{N!KgJ?7>A(4dZep&7&J7C^&#1d>`=-mx>ea3^qnGOuIrS#
zDt%wJc&;jZUp{@VVv=HSf~gZSj<uo`XT=p~J#7`pB*P4~%BUw4ZWajL$1ESJS0s*b
zJ;hq8SaEe+#*B$Js!`6M*B5}D`pZh{hv`Yoa*3H}L+^D(%6l&G$OuqELJ@hZ#LJ|A
z=y0iMEtT$O(>=HBShB`9O+|G)Q>v3rD_9{kyoDE4*Zp8aGh{M6>X!HvJ|rDh_%Wd{
znAGM}^16O5Pni-+WC)$tKB#hGm^<i*iwlK|Tlz&;@zli7D)ZO23CeGS4;zh#fB%b$
zxw1OSPy%C!$u<Zcu5J)j7hahV+?qAN8N1I1A+#AgX!LGe34xk>15qw(uz=0gzN2sh
zw|4Q^p?unkI(uKs7O`vt*Dk==L+U9itY5bD<!o?|9B%hCFlrEnW}==WI$S_yh>bY5
zMGPcPY;Bldh{A7Paq%ZUN^;A2JHF08@{m<ll%pq!y)g-(KhZp~T{U{Sh`3_Ka>Cy+
zu0)`j$ti+W(!N7GKkQ$=FJku0=OUK~{)rA~JhG?!V&PAx9LdaivnPX*=wr92qC=A@
zi@pdmMYMzYA4W=P^w1y4fixiCTiQU%PxaG(y#tY7Xk71g^?Upye{n_p;ln=DIZoq1
zPaCBx*JA$|d>O+%8iPJ&rlBc4kDl)lSZ^oAEU$e0Y3hh&RayPB!Mm=pooka#CL(db
zVJ6Nd2kDOM%+6!eipq-!!8{{&&!MY{ANFK2b_lEldIXv$HRkgqbd(La0UuQk4Ri42
zpHvR#9SwNGy}JVUfE~Qc9^1L+H(F8K$}y`~6#+;Ns6HiD?neT0yR{H}x|Wj>G(=gK
z`?g>|+CG;HRSr>Iu=5O-pCM{SC=_Dk8RvcpRssE&EW76M$&x)uNHWFHj>V3Ls+bVJ
zEtXToaB^a}BG@<NI>{?nP!Dt6WFf9)m%6pfbO`?u17U|mGziHTz?hIDQrk+VV<S4i
zm=x6sYlW<JA&)yJ>Q_`V!5mX+1$0cg&oUtx+zwY?l?3G$08WXnv&<3g*PK+t?@GLv
zj9(hvm)&3g_{(l3RgRKeZg^F;jO9~mSB$_-eOOzMI=EsHYoU7P9#qss8Qz>3>TdFs
z-x+$kdd9^XGS0a*#UD+qA9CRB9h1$C+jDWlF2>1gDU@p|vf6Ut_2K(GW=Q*Io6`G9
zpRqXQ-!t^P3<rNW&i(aQJ;u^0($Yt5P1get>KaKGSuLk$9CxDYN~PC7lzr(`OCw*^
zvL0xbk!@4+1wxkWbB*9g^took)<uEuxq=9|lA&?gS8`|9dUvn>W<+@p*^mwF)&r+4
z>b-F7)3aaReNgdVO~Qy|B*E+}Lt&^w-c!!lo>W0YVG=#U6&YLN2$q2imXR%J?Ff$9
zp($r>V`>AAPhLPRx8v}f<TI;QGqVSf+3oF^qPmT_x5rER0c`xoMen6uqR@jrXq5E)
zj*6;g{#B{`yCvd##aZrWABp)Cs~?EzIJIXH`?5B8v!;L55A!)_^A|q&l;yN55u}cb
zdM96gCCBE>3uXuXvRhCI$r4b_@5qC4(J!JYU3AIJGo$-HV5F3WTsWThV7-6|_GZwO
zu#bXXnSpFf!!DZkb+PFpe594ffqBA#lPdGr&x3kKHGAx!pvf=bAC%(^g80zfB7^zR
zjGt>es_kMM_Ltn-R-V~9D!;Pz&Dg?ow@SKELN0<ro@(PJN1ky}mufqEaWx92&-C6k
z@DyB=<@oV$Q+oZ0=e}QjkXMvx<rQ`8ghG~hzshc~iyPd&>ci{GoG3W8e%76HFFQR5
zc7tXsFqvhHpFXt<jlIND+n&zPO2ztK+nu<}Xv-CB&+T{Q9elnlypJk)rANSzKkp15
zxf#Ijg<I^C{IGK!+IB4QV~2UP6YkiOT?io`l!=F*dUCZ8npz?olBs$%|8<^Mq5dT!
zEjCq*#gsG|p5gT{+f?y|4^GWUcfC*D$LmPh4c#_WQ@%j`DjwRz7P75F_RMQ8hMGT~
z2qGhDu|Ot})J)7WA30ZC2P2FAnML^}i~A+J@_k+f(+Hm~@M@k=$q1(&qKQkUW7;N<
z=c>Oo;XnZM$|sGzJz9z^8^2B{_*cEqLT_s2XxPTuFn#)G==$r>Kc7gwM{H4^&C(;z
zCI7K~T)BZi^<gL06GGH~_3o<kGn6k0mh7a4baG+D@||5prkY`0=+REMeyv5@9iO{6
z^FRC$^5svM{Lr9(s`7C7<tfnYM_4O^52C``r~Ckt9~u0Vf1PEaQ;y`M`C#x3t3cFR
zp{s7AlNSlKp1?-6_kgBZe@);d3J@&#9>l=i6AhdRr!R&*yK=e_sEzXCrfr9Tnjmcw
zd24`U1s)*Z%5o$A7UyUnh&X&9>2vPNJa0I)R?s<qmNh~}k%N1|C%}+{D`<jL-Uv!N
z7?Y_WQF0uY0hLgKl2C#`(Gt)W1ZDN_Pe5N*(^a%>#^2V;DAKO_JYAXiZrX~sdIF7t
z-e(RMT=j76jzMo|qpDN@i+NjEnKMAzljl%(Z#Nz4R;(+k>5OL<=Fyqx*yHGjwTy!A
z*8W<?JRbMvp(jFw4TX^HsE{o?*mwoH4Q8XGY8GThLQEc(rn8wsrE|bJ=B{#y&xwoA
zNp-^vQ^U-eX^ydJPUAQie?Xss)L%~9lS4+Bo7xeeK#AhoS8@SxW-MLVv!5^g_69ND
zU+ktf)_=9qJ?(s(^>lmrteXR5m1t0u_>~ylcRrS;>^+f7oT~O#n$TVfd@4&Rx~qV5
z4$?{BiPv1pCoT4wzUp5m=Dzz`$Zm>J&k>qidUJ0d`VW~f$m~6gAtF1_f6|@R6RC_H
z*@jVzZml!P4egYOS<%rLXKOkpDL`WCL(yaHizpW<JsW4N+vfB!cc#=EBRrREi?ni*
zv>~)Bl)jHdjxC0HCwVMgSWH&mlI(^KmC<vhDzUU**vmeeRhMMGoObP_{t5sq_X^q0
z$pZ+uJ439pT~kL69Vj1W`kGrx_|f215H##4=G)6UR{~ZI<(;(Aqa4LMC%l`<8Y?}y
z<u0ActJ`pGv7<>>YJFr1+_6j8!h1B0GaC3)CnNm|L_I9^OB%t#>gX&=8rcY;c74by
zjyFp>xtl7NuDXVEU$mkpRj=;DICs(b>V`9~W;(*LcPqKYszZfl?B^0)wGv58T|adT
z6HfB4tp6MW^6w#tTs>XWF;)d)S01n)8{cB*Xyw(n!@qb1Q9b~wmndB39DnIn#p>Xw
zms*29Ssyy|s!j5my5Je8eEgy-n{egAU)5A?k5xS4>ZV>jQ)!<mouGJOBy5#;((?I*
zNFWbpKW9V@S7@!#uCUO$?1BCjOH0Wuf3a?;^4JucQ&vOmomqKl**KBAQgMm3qZt0h
zETTPYV9Wb^ZlCm_nrm;pEzt{I;ki0@z?>;0x!@t5=tz1f+i&FpQ_FsN)=P~4;sHsf
zx^;_Dp8#GlP-AwRQNPaLz^Gd`0>?wZfZS#;xs3=h1}A{sf+<C8p4BFH_rZI9kP66Y
zBIvnOev+a1olZ52QzNw{k<zB9PtLAou_Ix*GdABf|Ee=2ma~(0vL8VEAB>$-a4%8U
zr<0u6w*8NDVx8EwZQHhO+qUiG#P*48d-A<+&BfHr#Z>j~zS~{ZH>+!}=eHhS*@rLg
z<@furUozM9WxsU7DxWd<%IHr}4#Bc0nGsn1xgmMir;7W?wV|yVO8Uq%Kr$aBFtiUm
z{~fw~h~Ly{e`heXa}Pd5lIn@wMFt&Uv}2&UFMQN93_i-VuqUupj$}gI{aTqKoSlmA
zG#fB;4%wlN)3v`_h&PgzYdLw@GN3)wOjDp+{~2lbFMv__%Xkl3=*w7PZYb=`^B!=u
zgjEZaq!V63e$kEmcb5fD{8(a|o5D;+rEb>RINz|SUKwIbrINWt!91)azTJy1-mwcI
z>_x{UEEsr0HM|yaLzP4|3D=ut`kG1yjIVdXrzrn||K<|TC8O8R{A-|V_m33?ef#rz
zYxuY?#X%0Wzt-4sgwC}~9M;Al<z%n!7QD*#w08^hMVaKgWE}G*ohron*Ag4@;rKU6
zKsSFAX;#$&5x9_vzVrRJ4T65|QTL13Vx5s`3+Xq+$||tIhQGlEu)u15q%}lD^|EiS
z@2cXfBg-<Le3cp_SAy~?3+779Q^cf^jg)24$Qki(RVftk+RO+V7Z7F_VrG|sJlC_?
z)pB7&3K7Fn^yqBN=<KoA>`OGbL)6@5$ib7_uZoElq3=*0c|RV?K72&cSh_xZYd;?L
z|J=vVU>)G1VS*&AQ4u}XsVi#mRK9-K?jVo1_IN?{F>_cYH}hx5Q}1{3VG(o_o*o5B
z4huD;*=e!K@*<+Z?@7MVozK}}I5KY<fBjTlkzT!5pJ=XLH`-~NJ(f7Ej|{4bfj!aZ
zQ1o8f?bByR3Y<=LE{P$0YNWsQ&ap9JJj;gX_#ReUhCSeQqOFQvgD3Q)CvXkdZh;#t
zJ^ckEmjpXXq1_yDpZl49w`|o>z2i(W<(m*?xEfBH$YiBs-$fR=G5y{ufJ?)orWu;z
z&n&LEyw9wFr_p{#-aZtX;sHv|v*R{e-<x%g{tt+g(i8l}{K=F3Jov3Z6>r?4H+Hk-
zQU2^d+k2ZqWxc{ix9Aj+tw5|<xZ5gIJNRL^+u#q~)rHsAVg!c}K6?+PwAM0`ovxYy
zr0fv#iGOtwdcE%0E^4TAlavK3Rbhhm+Cg4;drA(J@P9*re(JIEN$_pk2G2g0`*W=E
z0+z9)jO4YNh};uALJ*ILeW>#VUJKO~gYu?+;~xAusw-*DdE63-P_QUF8h(A=#Oa;3
zbAT&E!K5qyKo?hBko!ssLz3?c(V|A_1{#HCl*HOhUI-p~GQP2rhm!ByeVNA`inE!`
zHG#Bn>vQ@6d&qu(xLs7@Q$4#B-Y+TP$+9T7XjhjR7Y&Z)9tti1qc<*N6wsP%?#~{;
zPx8P|r|zc<xAUck#j?A?t=xjE_PF$<7wqzv_A<?*WF1+2JF3<@1YvwT5KX-^b3b}|
zE~wg_cYy7jr@WeLK^l#PkMa6Uv9T}i_nW`38_Uv^&o#W7ealG(iANjiCy@HfajHzu
z()s%=TP@hm^ACW~Sa9JMl6?9UF#<49Wh9&1OrI_(3BqtF30wFE<Ou5MuGuBbF?0p1
zvi8gyWxe_a3|vk9AjSWsje%MIH){Ozto>PTKkG+@lJg(YNzsqy<bQbJ#vdBE9jfa;
zH1K~};3=p%sQDirc<o1VvI}(xb@Zb*xrDm<kKE)5>J{n}>I(o20Q-;J1R4MXfCnG|
zkOAlb>>s%aE`Sg~1Rw^G0RR9h0PT<RgbBb3U<a@Oxc(zP5d?_-$WJ7H<R@|fMS$v$
z{zL<y4bb_Kpcn#-0Hy#-fEB>@M~31Aa0Pe*ya2v{KtK>66c7oB0>lCm0ZD*VKqepy
zkPFBI6aq>C6@V&0HJ}Di4`>Fo0NMfFfF3|UU>Gn07za!NesDIZEg-u8FQLkR$>jeR
z(QL_WZ|V#V1oQy`1cdeT34a7CZuG_m<~H;WR&KhEP7dZarvLS+D0$1F8e{Hs^Tcqq
z1s?u65c~@#CKSZQ0Xe(KLzlF$PojW~%W-9sYN)@~`E+$4NHmK(I3CNF$qJ`X{ug@u
zPJj`-6tOA|-neN|Nkm$7VJzV9#lANC<Y{b%%Mshm{a4P;eb-E9=S(Lhn=d@*>vvLo
z`Q&nYN-00$0T?8V-l;|6!mvV=v{5sYN~0um`(5d{MMHv9gw_*uf;}{_I>4pgBq9ek
z14=I#y|eOfY_XLw9g%cO$H$9SXx*j^qYv|;6Nj)#XrK`!()hf|2zglSv+J6)7wMP)
zqe;uifhM@hIux6924%@2z7>gfN$Bz&Xip9&z`tb#)pF4hnHj3T*k<Ic;38^VB6CY-
zKGsN`tFje^6tv&?pB5$as~r#$kOAhQoIf{oAS3)#KcU*7K8QOw_&#n*V7?uGDbg4%
zb{na+dlQ{TrL0a(ssVcpq<yu5qZp&CJ!MmnbM3}#*DsfUo^h|XeQ+=Q+g5{_NH5N~
z^8Y5xw8HG#)B^SGC{kO6fS(=6KwiaRpGvfaizrJ3`8J7$jPkPv36^d+xQRyWP<xU#
zLyMjOcEAOGqV3@R+<Y+u2F$|f0d^Y>v)pR937p^t1{@IndB_37&{{Eea_|};k;#dq
zV{*636mEZkBTMbz`(*p|?9DQ0VB-z)Le0o(_-@R=*m2APc}Y%ioDkR#VJJD*2qW^-
z1wi8q^+xNA)Y*F-*=31A!0-_xZqnh#7U*2Cz7yb*;kP+~NP!^z`XIKSJ;zettPuGa
zfG*xui2lG`Q{(R`f8P+84Y=_(dKm1W0et~U<f<Ir6Y0{v3bGjWV0WRtdhAxuj`G%_
zFsxTkdbxXjp%M^OIJT?lnbwrPilzJc#VyI081(1K&Def&)shN7#7xh!wZbxgYU$Ll
zF%%P`bLNY>b$?qVI0x*sg4{_;FOri>+qpn|i*mWghxvg(&hNEI!}4JX@G$_RzK)=g
z8(tZJB-9lR|IIM#jP?^k{UwrcAlat`7F3>HrEJ~M2FQ>@F)Ck^?p$OxmTx50o*Ko6
zH2hK)V^mp}{!nJQ+Zj6Sk~nDURHs%4F8{6se%w)&A#TH%$fuxXh3;DSJiqVD+b-X3
zE+pJ&R}6e&>3S-6-hP<$EcID*vMIj|*^P~2SvfBKcGALSVj=aC0k1!AkEH4^jHb<5
zjWBh%#5iv>8RJxZH{=`<1h32~t3K_HL;lURzsCO4ICTkS?5!?gVbT2FqN16$b?oY=
z)?sQOJFV=npK1R{b7bN&@oAWE^T-YU?7ApBdo^b}CfGnuaCNvOXy_DtM~{@zJ@syp
z<^DQio*98OQZ&*t=;Y=otx=rA&O|eYZtcc&FR*`K1G1iuEk-Wybzr{`dMGHCj)eZT
ztaF}|jN{1ixg=nq=-o-7QlM*dgKc?5&8vtv?BW`8p$xwA_|5&kXrR4By=q^}NaUhz
zwEo!A)=WP{gNyIM;-I0~f08QLe5$({5y#p)|4D?pID71FY3Vr_L+wc%UKHD;we)3K
zFD^^VK4(JtwZ$yQ&33b>uWj&8Io!!?#^BUV_o}L@zk6DeMOqPm^r{!N*;9UzFYC`u
z^YpLo)OeG@5}`F7cW*<{tdm!&nfR)L%h=B!BZ%|hu5-F>oGDC2$6srnRva#y7*TNq
zo`5HG1lWVWXeHCn6Dh&lGDJJj)b`UoJ$j+4P8Ju@wj*NSd&}pJ*ZAKT={2!1qn5mR
zZ1TFD`@*eKn_aHQ>IC;$R*#EA=RB{Y4K7@^Cb3txP$!G%+3+@Ap4pAZ-C5-%=ed6x
z6}T!}0<k`f4_!0Q7i3$N6rx=0{MT{hcNBB)I=DJXU;C;(Av%I*_rcgwo=Q)CJJWcZ
zcFEP<1~hrISKqd0)2=KtQ+Mc0KY>SAjnR5J8tPiV4~#4artOM6rzV>g^`gSL3OM%4
z<KbE=L-}A#F7R%>P0tN3Z%BievsS2W5cK%&9FcU&+7mcEV_FZk&J5n1BtH|h?-Xcz
zo4~H2SJb0t?_f3dSagl9FZmJ~zAcA!4E4t{RZG%4Im3UgXLVG#+8ts=s<`Kr-y2<Z
zrrWcXU0LIaWLIl~S--kGz;_TCj6HoGM)DvDr}k(E!%;#1&BZN;+kV99@&>OABqYJq
zXLy;+>m^9O{u6vS8X`hEK|mUxaGF3V{_ves#|!*_s=tK69z!13fq-s)l0`WGcdc@F
zbh5Rza{N!Vic*L1!Wm9q@i4ZmaMQa~-sWai=f{s32L}vE7+`89umvFs9o&Gcr~J(H
zqJa{Zfwb-i6WG!r$cM6Sjdj$>J6!K%wVr71E{y9arhS(3oW=JpsSQ+E55Y~E-?o4L
zHX-8`d-3<}oxA$`oOXSiYiqLXt!kyYf4?^KMD9s<U2c7S_nMLTCwIoY8r5b>=~>0H
zSRsEx#Ko9OM!#uOYeOAyX^!>xs4+Poy;NZgJv1X*qF4#)$c3|AJ6)k&#TpR3d^ecP
z@v2Zlw8E;WX+qjLna*^u7<Ob-DWhnv>ZsoaJ&t5*G+X{+nJi!GF4`jJycloAA!lld
zhgG8z8Y!4=(W3G1RbeiDey4{*6A+*@WmJh}F56tpsbv?@+<M{gq>^n#*4pUq+QM+w
zgeo~*En_p6#8<s%WGUmLQP;e;C_*h<`<&uY+EnQ+3YFEKoz9;YAkI{HxNKF;oKT+p
z+sNzQ?6zgsK~Yq6!OVR+sWMqhvpRuR1tyI|aY{J^DOZvCFjD$;kC@&s&p0by{${^;
zPswskLfVn4*}}xNIc@w>s4u%qg+j`HdMX(jj6!wNX!3B*!LWei1TDmIZQZV%ou1<J
zuhG4`fkhon6@qG3{Jf1RxiKBtnCHwzS)Xiq#${fai74*(RPnCCc~WlhE`JbJ=FDQ&
zgc#5Zp`&{JL2+qv(eFbE^SXagG-Vr<iNv2<mr4~3_2qkI$#VwxVl62fSY@Hg8;V#d
zPyEs$i=YjG%H}}MAH@xd53$QGPUSM~n^&lg#oR=o14|lUw$g*e=u*JRQ$Km7GrKzi
zsXB7ajnh=#MdJh7N00{)R3;EWR2A6Wbj*cWK5HqgHwyw<b&f>s!f&Y*_?+E2oHppi
zL@$x-=081oTK2y;maDR-Z_V7x5~jHLZF!6;iwkl=*0iQoDyFmI6?{<hap<lnv&C_l
z-j1E7bL<~8rmgCgHn|kAt6em*BRNg6p$v#Hdd3G9&azh4>}-~A(z!$;IR+%iRmWmf
zvWK%916TrGrH{`Ss-}&zYhfyu<i}e@&dhR4*yP?u3bs+3D!Mh0uDE&XOsAYovRBiN
z;DWk1Qe1L6WK?T2(e{V4nJhNXnj6h13+#hNk2PPEyDa`(+YTHnX546%o7F5Y_ADyE
z&Y_wki4Qx#Jp>bLC>Bi7F9wAL1!19kC<!U8+*u-sJeLy}T|L;k2J7xa2(6-82njhO
zMMMUzquWHbkZmUMKF-(mdMb%;U0mBO!UWe8F#UUjE~!ZhhPG*5`v;>ik!E7<9b)sm
zPL;Ol?{}p5)OlF)6j6eE<{@z@@9el|ztz^Ly0UkU9}`KgtO{=#62EwQS;nx0e#w8R
z_VDK+rqfXRl0XbVp)py`>Z@5sOS8woP4w3%|9I<@;YFJ`zw`Z92y6d_660E>#jeiM
z&2vQx-9ucRcZDaV9wz$A5**daab#i_Pno^6{(7A3%cH$@9}g}A4N`QNk7CgNK@>0T
z!<RiR*++%vB5z+I;~!b=SQ9>9jUbZW>>Xhl-4*n}bi1)JnjxOBU73bnbZ*BLBcKSc
z5CNC#Y2b8t2`05WVGru|Tn3?5-7^Z8;#@YFmmxKEEl<CFHkun^3osTh8Rj4^T{K-|
zA(-<Sws@M<l`*~Mm7YO|lc$_xtp{egpDB5cI$_5VLSTbw)Bc6nNVk;0LgNTzpDaaF
zwwHto+tr*ku=e&-1Ysjva~5;6BN$!+Q?vAAREXFCtK;m$Og);3)RvcTdBqQ)N7P-_
zpM{-L^@#BR0<cSTNR@hvXhCU(D!5+uX2+Gi?3=_pjMn>wU7BX*izUegz}u=M09N)8
zysB^(h$*Mid_HssI}80Y3KZR#D2>Ck47tX)hhK0$JzjrG4o!0pjwvrLZj)w=?}376
z!uXrFLMd|=at5y3H6~UlC`X{Au#yc$D)kX*{xw-ZFYqp0lP&nr`|n6%`_L<|A_Ez(
zU&Gr}P@uIe?omT3QWr5EiT6n9lbb(f>fmxW@0vI3m%*_u=9JbkEE>p5n8@C~7QJvs
z){+iW7w_HwT=jh;(JP!Cu!YDxljoJwwt`C^Q<&<Eo_Gyl$PCoyg%x-e_s;*IW@*69
zRMfiyk1q3s=flhC<<uyG`knbJXW}eOq<hzmVTe3aiWw&ND#cw`#%ug9f}u4Fi)rYA
zIS+9`Fk0SdXzWsH12X6%#bu?3j3e`pE`WoDg%xXx|I#b0YNTch2O0-!FAjH3Ee{&k
zf;^-x1rlSRod$(HM~dm3u;g#kRv-+ysXFsy%xONRqwAVZq))?}{o3L#sdGMm8D=Ks
z(k_5r=TPEBMMrVpGCrQbZZPi%3F^Y$OJxbdY6ye8laGr{?HhfB){KR1B1(}2$)E`w
z^Hz(t*VK(Q(c2Xc!Y0QQMIK|uYGT%lT8gxi#*ns0(h?~ALfygI_b$WrZkP~~W0JCG
zL#HSMqUt3ZNz5acEe_$Y9(Ds+9D=1vG4$2igbTUP<3`!HXBZ0aFOAFqAnPq4Z$BJE
z41Gbtmr_u;$zlq_6v^4HLXN(KKr9zxbt52}u~Aw5qG}mnwfLoxtK2*YT5QCUf$|#0
zZZ;ovLlr;LH8r-cAM7mps-f68;T>Xee8GI@U2mf1y$-w~<ibiIw@Ow@>tU5%<pGjk
z+OR@0iLXhgzj@w(mVh1VsPu*$2EvmVhQ{-bDDSbJQTJ8_8MSEMk(@~ky>ZY05AZ6V
zQ~@^7|7X(}+DQxD`PVp`8FJJ5bnlccxU;%%YZ?5CE;qcB8r9{MbNhN1KD(O9-Zgk=
z3k=zntq1=~MRHSHxUExSIdD<DM_a#~NIJ+#AV)Yem8!Ln-CEe%C$*Xb%<!0h2^+zX
z4G5g=?+BFtfdGQxN}$JQ`C?dT{W)LvRTE~U2WBTa?8-7@3WIQU3}c2*_0TE{vZ3nC
z$ZB%mYBF4uwc=_rvf;)y>PQQa;VEUW73;{GZeaao>FBC3GNdZe-=O+Ro~Y_X%+3*G
z?F0|nED{>+P|DeRkD-VhHo}63t~q1Iaks?D<zJk~hJ_PSH(Aga!iw0o9miJi;nfi(
zopNaK4`<7t)b2GNysc?2YD0tK8w`TpBiePn>!t@6zn(t5MV3TzJ^GDZSkeWN>$->P
zyJ>RQb-+tnQ-5+bzoIY6D(isPl?L$}Tf1TBpAwQ~^))-Hw5|11t$}n(T)=suy*q<3
z;Vn{PiLo0#8*(k16`WiitoWn{<Q+oDUd<)%>PUC$hUC?Hdgi1x8v<$U4-_?!N5mbq
zm}E?$FKxNbN`fxqn2pDbagff?ARnjcdL*ys7TTe7B$#O190D+;LA#o@uB0{H^F??v
zJ@p&HBnus(;;*iy6>B>6J)(AC7h~MYF8`5u3`QfhF&b#tku(G#{PI#$$cL<E_SF(v
zGNGYJ3fD)9AN*wATt*0hJRYS*t%<BBe;RTFUWZZe%tD9HHWT2)vmiuR-HZYpLY+8G
zxC+0<)u;m;@Q+2>bo_JzwjiS@X3=?Ob%^;jkz3+)<V!Dp`x83r#b|24?HXGJsFLD3
z$CrFk!Cm2Jwdy#j(^t$xxf3sIq4Sc#VIS4FIX;R#DyNd=`JgSXn3NGHldX?Ok)rbM
zH~gXeO5Vg(F5mc5eI+mJs&KY_*&sc;75;IR{_lDgP+M)-_DgST(c=+?DF3M5ObB#b
z`d?KH8Q7ZSp?9B*zP_%6BP4A(>*;tLUF*pd@FgOA7hNY!9$wBrLrNi?jM2CwMv2Cm
zSfx=<X%g$(jeDHC4;Q7)`<Lo|GOyYJ8{xW+S8M1E>b<acYX*HVU(2ajBj@{8z(w_X
z+6-6V(t-Q4fTnDQyj_oU8B3Cf70Fyn7x%6Wzur~EZR;;gS7tre&_Cr^*y>5lnP&V^
zsYsQRvN)Bkf!cVBPy1ex2_miGK3t52Ro2OmCoZYl^&GWzTnt1+#!_6QXu(#>*qD!3
zgm-*b4M|Dvp%8gfzhPWEE+mZfX{SS6oo`(YlGEccdm(l^Lebg&Sy`OI`?zW?RRIf}
z6jgP*)*e0&X;uU4Bj^pEI<fQ>NES|8!KjH+y!=6ppmS)7yk_$JE5<$XJk0gd6V}@^
zL2+59b@+aE4%$C}bdQfTr+HIR=PL4=%?Y2chb8JA8qT<Ryls5zx-inIJQ(tI<?NMp
z;(OS@d~&`!;5ps5Mu3sS)xRjKipmYL&ZwX2?7<WR;|XiK@oOX;vlpYheMJ&Z-Qw2s
z5stIhwFmRyI{V;San-ZgFlAG&!#c6RJQYd$OmxoHNMO0<dE9ekIPI~*Z-iOExD1e>
zB+qj3`4gZ>fJzu%KkIy6(zA@ceI5+@gmb!BfoL{F#&bw`!I6IR2`fvybLM4Mc)Jd^
zefaR3tl<|!hFtS!f~~g45TKQnS-J~cX#OCa_pXzl{CPXS`_)Zax5gKL#o@E_4MKhd
z;3AN&GvzfcCd@Z1Wy@JDiPw4U(T<8Vbq5Yuu3Hw|y1_Ea`8KwK#{v@D7WDa3doy_l
zO63+|za}IRQBO~zpg(tnSo}?S^$sc6+YMb9zFq!{k^L3P0H%EV>UNIuyY2aj5%$@f
zb1T87Xk%uy^qo!qyH-1e--@;W1<GAH34`+>7WP@d(TtNh6fr|k$E@f{aGMn)BjPW`
zVq(G#)Ejrftt|f~1tW?{8)|$&E<#y##&Y2sPL81e@!v#ewnGPB!U<k+J)c?QUvXQo
zYqIJe{G2F%*uPJ*KNk8)eJR-ytcljOnhrmRg1t3XL&YwLItuq++2|$(K7NP!ngsZ&
zG=pn;g8~RQ<%I2EBKq{y3&Z7Eg1s?C4%7ON3Xr{AEFLID?ll=J>Uy2ie|c->U0)k~
zgmuUtiXOoP`pVqUQ(ZVNSRO-GXOrAR1aN+PF-#ypVBFGEUfiR6NH)puhs8h|__7j@
zizTKnN=rGyE?o36-=n%<b|9UQkkef&6$zr+qN1h35gCcvi%Go^q5qyLk|-D@;sotH
zCR*1u(_(iGc<fY^$?6+psPAj0_kg(w!;c!1Wv)O<|A!!IHrnswPomky2J$oi6We)B
zYDBtWR;pyGqd3YXCzD4pR%)tmouOkA=QE+T5zR>2dzHG5q~ZRVj+!_?6RDrRc3+o>
zp|74ua3Bx#*Kyz-no)R4<kUKm8aO+CdUB!W8OK}2B$ZrBz!)#{i#$Dn{3>rpl>{p2
zK|JO+_Ekyj{MMqW%Z=#Nzuz6jBQJ$Wu%fWmd=DaC2acTSHSg4e6DM!F_uOyTppXBO
z7q*cPM0wT=GxBWR;Q(*TO&f*WM-4m-hB&a?*!w&D?w(dA!QN4FcdH+Qfgk7n%-<$;
zxxDxnM?26XudQfLkC?uHH_Zaz{iHQMaG*0m(TNcwt-|!&^h%-zdKe?wT`C4_BlI%R
zhxdtBWoK-|_1JiNX#?y%d>{sz`nacL`CgzPdGqTi_&z9BepD$WC*L%2s5>grv~sJx
zZiRN&x`3|)y}DrNcQ#U#q)PtRXSVdehJG|cHU49+oiEQ_zx^dvN$X(&*WAH-?7udm
zJ#M=xc}4zwKv+N}X+?JNt_}CbW>|=*+?GmpE8oXho|#8XDPn?K<tVK_7k)q#9YMgs
z1g^yM_31^TKIP_Io#(%w(tQ<nToL3Hyq~6b_@12lXz24s+z}*R5%iW2euLtGFKz?%
z`mPWAZr^O|@h%)bQ(S9!Yw7c9j{5QoLUa8gL3L<M=h&Yq{Gec-p=TaESs->|=k#<G
z((fIrN4?(+bN5*q_T|wIIn-CCo(xpDA>TltJQwe-xm=O|lAM3iWiJ)r{B@jry4RaL
zJ^JEUrZAJf4El|iU8hM43>#uU%W4iY$QmGs=v~u}ruk_Q$t!!}k@JU)CsOm%7WIk7
z+bAh_F1O$Om`%rabN1}`BwdH+c=#48_>*<QR~DToRzkR<yy9cJl1=CMxiKO2A>kP!
z>q*}ieLMGLkK)h-XP-Wgp(}5as`CA$u>QGUVjHH3G5XIoIK(L{I~vORhEAOB#Vb^B
zcGMkj9PM{B4oK56Vm3zSOYYg6JJy_gdcnOZ79Rgxc)>|8xq$rNww1_PYSesHN&$Kz
z0biw6Nkt?NB+(^aR$`;YS_X{@pRPw)tmg)dG7Pk*Qp#@_tmg>WMIEe6UQho!PTzF2
zGJJZu@BQB}H3vv#-_f_K@(nu4y1Zfwl?$`YkR9L0_~4a=fJyIq8DZ^M6;tgRse1hF
zs>(mP^xBmV3%oXTc!2%#*>`obDKlC#XbnVbc<fKz(86rS{qE{7nGcKX+>zszcV?gI
zs9VSLYi658<J5w5GoL1yS(O!cnkJUV=g8URC1>QBpO}4M?t_)kc}=fw0D0K)H}L<&
z6oOKnm2h@?h66i0J5gb-uC7$HKu{skaV7jgz@UrO{P$1+!Fvi>#KJJB00lxfdspAx
z?T_t_^RL_Os@K13ji$NRSw_?289&Eo96&&X2*030NMXS+AsLeN%YeSRZwDR|zh&`}
zLY95aa4|XUqCo~RbG}8t_Y1#7w~tPHB!F{5>XuQ#v0+KvdXd_E)<g7920qa-Gwig1
z1tE3lLAHqp`Gb7Pg^YDw1>JH>9YcMeg@HaA^OJ&b`>+waj(C0?s%-wbvHg}`lPgY7
z{!2n?p~*w=V=l8RcZ7R`&(11w{PfCXL|V?qtV2tY*$R4$QOYj??Gj~?J%bSGGOwJQ
zrjIpS^OiFE{7y75G@TmM@i-^IQx&gyyeSn3%<UpnU3Q1~*5UJ=^dtP37@PA`zGjtq
zIMo!G)+DXr0~zouo@+HZVv1#W<qX0v9Qw~#by_-LC%T+6>L@b%x>HkDmd-OSRT)=$
z)O?D&2zfPbk7OG9-BCA=+J(P*i`7*0W>{t_Og!N7?b65C24p?@<=MU9eveg~8E&rF
zP(k!wrmd>PeYB9<aY_4Vi9UlH#MDS*w~f^rXY85yLl>@y-gXx0(l-={JQeOlFlgNB
zc~LyZYMjWvY0<mx3#nxiZbp!1X>+Hjt@SmHGbhM{>%S;gi=5tCeu@gB9TnND9PNx?
z_~$$>p!y~L>P4gvN_D+R>-=Twb<#}TiAQ-ld{sZQn&DE`-+e*YslU`M>q<6dRB>sB
zlnak#N-%-ZeqK(;V5dxcG#T6K(i$>|oN4^6FjEoz26?c32vJJ*6wUu69vieG1*UQC
zk5c$gQj`PHr_A$d41rLfM|5JB`*LN^f^P4&tw;Jdm;`;bHS(6fJKM%HLG^-Le{r;z
zS$SY^?|SA89v$Wfvig#$An<eCpqezod#R~5wC97=H;eC=<Mis_@hBFoW}7eQAoi8*
zKwZ##o%^pkKTAqjM>iAr5y!TifZFiVzc0R1g5GUk@VXeXudJBscHcO#aBXyf`S2@b
z42%Cd5JRZCZ1G`*+j2n!aj!-P5d+`r8QOL&R|&u|ys}^W{smdmW6u0b$6!#~eLLmS
z1OM>!wj5xg^3r0q)5WaG_2S1|ym@?k*boFGm|5Tn-_5`U2k-iW-!-zp&UonMMOc@@
z1M+du#Rm!;_tCZW?YtL*(5ISZ%F_JMB(N!7b74tP>1r=8=ja-wUHGDke+q~_ItIFR
zd9rf_%L}`Kyt(<FyuW$ySKpQ;QbGhmInX;kH@dvII=Kab0_6khM}EsFS<c|3A_M{-
z>Yqk8fP1n70hY_&>Yu)XmnB2Y(guFuvkl{!U7udTf&~e{#kKbC|HD_;h=;fb1n<`I
zBpdho4a?cN5$MhTt(pAx4c*CIEZ5EBMf3z;1Jv_v3&aP>-nY&*yD>WW>tbpj2)L75
z8lH>76v*$(7}TnTOcTOLRjhpk=hMce<0UPo8<)s-1kGraR+QTB^A9eL81N_ZwW(k?
z8Vc>9(~JCHbLNeAK9Bn_-$O^Z^S@O!{MVpK-IcAIaQ?Ns0gpv*!c-N6_6q3-h!V+}
z5Vbeb$-cwgYc@AIN!{=J&$&CC(;KDwp>bqpH(^sj9$s5IqcK%&ujq9Lnt|#UT{xOK
zH<yUw-?D?@vAMW6l(lGBuL2dNOBfeX98EZte=S5PIUbMhMfOHuP_<c(z|SLXCXd#A
zHm0_?pw+n$IJYw7C7qsT-EzgGtPZToR*Zmz>+JCCG3nbm9*t<uCP9vu_I+0n`M4NK
z1C@KMu+UFgg}PpE0y0$aBwt<cM#rX81l~8==FW~S?xDc{j2%HHg(5|(ufrZ4bk!jC
zq#(7@n{$}czg~Q6_)v022((?)djH`};h^WZ&vc#OvH#%9%<tbmwFa4NhJ0gegRk;$
z49qC7J)db#Td~U^FL_uu7TU68&AdhP6p5`<hy))j_$7JwfjFUgZM!vf)X4k6&I-E!
z`@t~hmZPLxH}JhDV6WgM8Q<ZMz`^--3Sw3;*Bdh<Ivo~gsbKNlK|S6B_3nw16nCBP
zYLhs3{Jz2|))F3Q4wKZGrFMiE>DhN7TN{WKTtf}qd06rI1}n;ly>ZBwc6l6g@h_#x
zr+Aso6-5j9{H!bd>*V2yS}Mn=@f=s|;lE7~gE8WBU_h$rZ>_d=7BAYD65r)0ECu(V
z^$VM#_~G1|&-#i3iu9-x;WV$DX?Cnpb<{lu1kB11Dc>1-i}+)-_BvintlWOqCdPV$
z+A+VV#%Bm8D(t?CwnBm>Blf<xM2|8+v+*bX{S#WQy>SR@Bw4ZEEk=|z^4~s64^xPY
zIHbf!l0|yg*eH6rgd=+_nDQ3RwqRNu1@|LK1xn_9iG}<aWO(XZGI1r{@DG;?u~&*A
zk@eI4z_|EBK{Xx*u2=dc<;O_{blhR6K;Ne|Z!G+32`+o>n*39AoghD431<0d@r?mm
zk(HBhN%5{A?xIN+`rd|-glb~@sBE=^Zq4ppjp752O3RXEgklu5nD+Lm(q6c@PPu`y
z;lZ~cCNgUc5rU{MlZ&;Y1JkL6i$j_S58&WSS*&vn%nAjg@NrgXBZN#aWNE?Jgv{WR
zww}r%-g+imG<F+m)MgW_^;#;GXHa^W=r1L}G%(5ES1P{{j&*rwLxhV~&rb|Y1B5#r
zSNRH&j6p<yBZ6k2^m5UL8wdjd#l#MNy_r0EC_%0qs!&f;D#f4{)w+t7u3N%puLq_0
z0r-J*SOd+cRy07dR$@Vy6JsJaP7zB)a_3YWwyt{h!_-fpG|vi~fgH+p{sM^WHoNxX
zm*>F5L@B0Mlad#+TyrT9Sl(u53|3aO65=VyxZ@W))#P?`9-26hDVWd+hJ*D6y@yN6
z-}N%8FDC69pfS6fb>^axi?&j))!#JfjWU`z))j50x@^Q>L2*8u@$dJixS)rzggn9J
z|EeBHz)vfF-5=T=fy9-sb%4&lK3a;;Oxj<kQOisiqI?*lJQ<?&FWod!^|_d#zT$~K
z(NYNfzVLp?)_2t?W&F-&uRQ2>b3t21T8exn!}0960wp+LV|Iq}^pxrvVy1@P7ccJk
z^A|V7e%H4EtrQVxz$e@Iw$vD}RYk;{U!;7-7R1p!xUjzqCV-V3#e~4R1=ZVgr;Gwm
zP<r4yY!0_=>~x5(+Ja}A;FBA!jZNqJLq0CeYY9kuGIk7AHRDHsTho#zfSj7eG`96j
z3GeXo`<}nof{k`;o_ff^@05)q;mW&tF(7dW`Z9i=8k_C!P5WUwkY8DD83#g2G*<a>
zoY@j>klj~I=~wndh3{p&Y5EOr3xsFOm?i1Kt0Qi1I4g*-WS=GawiKJX;3UmfEb-Pc
z=9bPYNvQZhwo!L03H@<N^DECX7ls-g%8OBykoc>x`aZ{aCc8OhDii14dwArfH{~|M
z)s*b+#3Jk$p^psC2d6b6)#nH;VkT>;FVDxhA@;2ha)R3d-B&@XZCK1?KuZ^wW|D2>
zh_te6oqAxOVSEoGYm)weVa_TC;S5tzi4F3)v9|Down6FG9DXT%$6cnW5n>8T{wRyh
zVN37Z0nzQE{uw<2M7t=-)TTgM<K?%DSCrtBj^?#a<~8~8<;FGs)AMXk<`eYQO$Awa
zvN6<<IXX9PHOqI4%YvB<<F@|qM)1}}-q2$1JAJetu~RbTb`sCmzOUf8obUU)0^xAm
zn~Ern@W1V2ldKK)kGsmREYm0_VS2Rq0xoe|&oFOv+PF2`JuZoBE~;~`i0et3+Qc;G
z{f2XrD#{Un(Ng|4_p{bGr;Zt+fNgdZ-m`VWP<BnTON!u9*SOQg)U{pbxoQC$UM~oV
z(Av6V;@ga1lFhX;HIa*>dhveL+WZOC?-!vxdyF>Z-~ysoO`?}Ti*+qvApsNPO0VW;
z-%MX);W#m$ugz1KTZM1x<)uO6i8iT{yx!N}kxb4!9MOj*>rMWtiUP(>+DGY|`)~a9
zZ`Y>6JSKN5y>|+cym5zRYOe=JBUb2V4>|BBByR#O3}TQ89N4~~4?4aSXV~5S-_b1m
z;-%Y&$H-)XJc()#5j4utp*$(0%q~6h23MC~KHi_(%~si9JWC<mVi)mzU1CR|GwnI)
zQAM)h3)D4<uMmS5d`xf5D1N&fGt%Qix5<26dS&&<4DM4o#l5{HcWJRkgFVD(&iqHN
zZ;b__rh-ho&1f)OYym+>iou}|X{OvPD%+HFh)LXVC?n9eB(>8-jbFv2D4~2UEi-z_
z@ve+Y<kRuA##F`l6>0LXhecPk=)Ib!DV~`-S!??yog-CH&2uwKOhQ4tdj+qcQ;1F1
z6UlPXEqexSn9}=@m%Z}C3$r$h%I6$mb87C564l<r!8S~h8Lco|R&Mw)gw+C`wB#S&
zjj7^C3K2Jsx@GetU5^tl+2S!aQCWEGQu}-MfO^WL@*vV%5r)T2l6%Xe)X@q5PT|KF
zN$Cu+8I1Sr{vpNqSoX7_$U-6)+fG~z++sI&8X9Ct+p`BMSJW;I7veXFJ@Ky;-n_~`
zq7!+=?&))wC^nt=gSw8E@CBGNvU6qGdN7+Z;u(5{t1{udmU*dnMv!fbb@69LLr{d4
z778D@Mjsqw#0jXA{xn2$c!FX`;dxdf|I9I<C>7;`L7z_l$zdZmJS)CEQK4XVf1F=c
z*m&1ybqBgp;o^D&%pZT|phSA7C~>Oi5?pff&s3i07~%C5rZMI`Gvy+0tqfQ_f)8hc
zh`NQ<o?YUQZbV-qI}fNE5j;aNF`wwe$dqIU6*5<7mM|3(3fdtELQqg^e3t@G*kA;0
zV86jH4uRqyph?UI)*O01^x+*-KGW;$Jgy)|z9SyIB}DDtur}Z#oRF;v=*WcS)^v3p
zG_3h93j@b5X4TIsUl?AxijKdOXz{l9VemyXDC4;+@#z(nt&7SoI>iA7GelHAup4N!
zT24!_N{3UaJ?lfbkIwh20XP)VeVMn}rDXG%mCY%^ahc8>{!!SI33{sR;%tfCw(%<d
z_nJ}?X+{%3Bo#!JjrmvdFxZE5*49%*z|NABc3_+qDHwwFbnfiDx&1TJY#@d2Uyp$f
z6VW6=D^PUB0p4>tG8+mei^m_StZcWaA=Zv3@ooG4;jj?$wi)x|s?{Sm-M96hPlrn|
zABcDl?^FupvNe+xg`0*`sLe*JpzhtlsUf}atr&nhG)z=>>>*BUu~SbJGjbCHC}VwS
z<a&BMm|{5&<GCbyObr&_S7^pOhLu;i8nG#X&$!~Oj7K&A)B4e4lF?~^o=?lgC=Z}D
zNpNQ^XUF<LCq5URnLQ=fxQl@H(31^C%=|ikFe>^bKP;*owEUl=ej*|qSFW*be|!b6
zZ(ok?Jl3t8o}*fyEkVCW{R~JMM<IUW2LIL;vk3?mumV!k5Xi3$K1&_q*GGSMg)md`
zfVBRtr8&eIKc4gX(cUUEwO;|nVie6(XnjOA3_beJ(hn%npOi!c#HDlw1wkc5Ld)?C
z%?q@TPNU}4Rp&c3P`s%Pf3}-N;poy^gY!Cs5=ZENq1X|D(64Zu8Fb?Ap9pP!J<JcO
zdSO(H2{gJUduwMG1EVuSbyI_Xi0?g9Y!4t%Pg=m=MVoyPiL*bm*`a%DpQKv+v&wDy
zpjr;D^LcE|P)+o1)i@HCeDq>)E;fcgI|H)2?8aYhYFs0%&H<vs(A?+k6jkcs59b|J
zsH_ramc8>VW`6JBF}1XCGL2BFeZxU<42>T39DKs%S;ZIl*IYdm>R>6le^|V>#Q*hZ
z;+*A1KaGE1u(}YQ30AE6t>0e}H3FsW`7+DTI-pOz0j)eMwR+WohwF~~v3cB)U3qua
z7a|X14Jz*iq|a}2!k~X%lw5v04eehEeA^BK{ReWGyM;KUap7P^l8bEk++}2fiyGu!
zRaqE*LlBFipLB;-3|2?kd%f+z&zaa?`^CuW?V#)Mgqbn!_bErdLA~o^wex5G1p3Wu
zs6d+tgn7XugRG<4U9r0+ldiHNipNK1`oX)0LdU65#{xQygZmnkkoHA-k<jY<r0Gro
zwAXgSKN8Xrj;=z7s+1ikzsS^w4=VnKeiBIT_p)NeG8bMu=AGuC>v=!mX1%*O!8I=l
z!=T%#AV=Jre7Jd5IQCv15L0aj0IVl2gsB#cr<YNM&D<VC?%8nEBAk*8Da_0<>Sena
z-VE^z1HqKB2EX0PvT;ny{5M9zzpG{kPta<6rfOv->zyXlsyx5^PQRQ^zy6r_9m1w6
zJ291G$29ex6SE~w<Q+N?Pii}>hworC_dKKb=qT?j3k8G7kvj%nJZ_7n)E$|d&9bwZ
zKAj6%&N(3M{$nt5lO4VziEoSIuiz`kO_5>A%|hn@Lgsr|GgTrzYprXL)Tb@{=!02~
zE1@)vxY&68lItSE>~|xDdV?dT6p^nzoqgnQ3*-_nvlS;;W-Yi4`B&s;^1tUH_7|d~
zK+IZD7fpK$TU#*)Z_GT5?HrOH#;)=Wbav0+c@Faf?f%P{laU1UowS=Zf09m<T*lpL
zO3aE2w4=~KwBxhn*P~XVXHc0JP;37vLDAb}?@E|CS4AO&>5cv?hYh=ci(r3c811^4
zyGBG2lu5~}Oa0Z5`4#S{i7yYEJr6ctprfq7{fok?qB4GAZdQsM@9OUq2F^C*``4XW
zc{9%2Q-f}_m2EGd5f|pJ(jz!mvYJby3X`+1t^~%`4WqNC92+ethm+@Cp%z|kbh}Q3
znMm#<+U_~|e!MFk*J2FU+M<?~pxmQ&?eC#Q`jYx;#U^&GMF^2tB9IQm!E(HI1q9lM
z0<wmFyBPk_-|~X=ecOI>XMXaVB!wOUI0_}Bmpf9i0s;&uM3|9exqX$qA`Tlx`+N!Z
zkg0}{7%o}lrFef|=_rw|E=o7AT7n_G2Y=t+=H(z|JP;K;f+fSHNAl{Kga_TI>1T=Z
z+Ue#>Smd`pri#LDL7cOXEF0?)&sDNqt~g0ixjxCY%)6aFi=(+7r2P8aVw&mA6Q9Gb
z&VI11^}l04#BpJp#?mM-Qy!bC*4jSMbkYse=#;eR<^EHGKv&)+@buANg5wrtwLZ<N
znT`m42!WU5oYX^5J^3DtJY*(jgoYG@bP1|rwph*o%X9J1wZGO<RLuhuN6r}K45%{1
zxAM7XuBMY`!N>~Z9aG!Se+Y_h)>=()7?|pDi3+x7g5O_XYi15pg#o4ZIqYZt0PCH9
zWJmUA$@hf2O@-5}F8GIH=?CEHRi$X%uxrxzXXg0U(fIZTVJ|dnK07`K$LCoj{T#4(
z%uqqc5LPgqr4W8;L-U1TMGt!1u-pHFd8goRSsw{-=G??r!&xa)avSOJkwqobQRFT+
z0?rF}7(pTGw*Ktnte9_e6zAz8Q#PI16ZcMQr*jmz1t+?GFj1*=XYJ_gTfy7|cP_LW
zwffV1`<3)lr4@Yck(&ALf5d{jl#b=3N)Lne4^~sSPQHV>`)QNl(~dkpr-J^LL+i?q
zE83e{AjRIwduFuf<e#fO^wd(B2ImVy-?2~{>;&L0K(!r#YWOBl0ks<VolFdF4o2@q
zE_(lxxf_CqGGa97eoS9qZ7hz8u+&dkVopScHlPa>FGk&%n-K`o-3S#k02o7nq)zsB
zJWy7JSO-a=6Oa?uFNA>@m|2kz##as9n?EDb+{S6T%-ReX#$5rYqpC*4BQ_P@fHwLt
z>q2JC?POQrv=1RL#~=EH&+iKjT^&Ck{k{+=%Mo$ouPJ_aL~2P0YvW-Vn1D{Y3;Ud)
ze77$+%oopd{5Q1s%W$g>t%U##Uf_X>c07Ljw-1fM16rr46s`gDE6Wwa@D2X0@<y`8
z<OHmaR%U_JrRtoMtynS32EJQ$g(u%!^-nJs3g@83X%TAHIT^NEb<BoBO1}}*2jEm6
zc}^v*QJZ$DaB={8v0{<{iCz2PVDf0;+vPj;8IfkHL+^+Uvyl5~KX|Qi4KsR?G|{}w
zl@bOaJ1Dv4p?Qv90h6zxY5CqFnxCR}&TiHm+93Fp&J3mw&(sLPJK~0(b{oP%Um_^Y
zt9+2vmX>rJ6)Q4R(N<#IkQi}owc?X^=IvIGN<HmhDn*(R`HWDv$sjIPrnUpe0M`^#
z4sUIAqnB=1l9}FP^|m}Wun>#b<C4r*tlhqBFjqUkyuSqX*hz3sgBv+uxHjJ4^ychK
z@kS9w>r0;cb<Z4<wX0g6$X}o(SB>BxMiYNQG6!RW$Co<I$KWC4d&QC#(;^MfoNF7F
zDJUJ=44q3XxfL;qYtNnH5KI#2P`Cx-5xrVNROn~LT=R|<trdN=IAK{|y-i!3AG$@}
z?O5F2d=|RvAKtrIpZ(Yq?*MD~p@U`Cr|&FXaBR*pZBoHLpfj0Y|2|GucO%X2gha4P
zE(yowJulHadsNd=s$`$awlJA!G*j@42DI`sZ8S1i=Os#k{#KHmX=x0Z?;-M#JLEh)
z=812_()Y$i(*);y^+Kbp>|#)LMXpB1`%2-gfHfR7VD^8c>`d!yiwTr$rLsG<&ldO;
znMSlk0npvtuf8u&eU#PPrxZPeHLez-Rr#YSiNUKRk;J$PtZ>EW8W?tovY<@83MGe9
zl<x3G5!qX<cS_cWncALN<*eg#5L*j<AGFJSI2PC$py8eFcXCi~MkaV0^Am7|AXDJ2
zqlU!dI`qzN?ZXdsXUnBWB-UJ(4EWTq1l7P?oJ)tHJTwBWJ%6WVKkmI}xP;u&ohADA
zZ%nX|;Tyxm@oQ@#Dtb_!g|Fj_OV;exHgS7(Xbvm(#KE1~-TuiI%d{4D+B4jv4a{!h
z9<X&){K6I%q>0)eJ`v$|AoJ}0`(_y=Vi^SEBcNEy4XJUS!tEG`p2uM;1K;=_eSoVD
zgIG?ZT|1aM(3lRhh7naw_k|-*8+M$uU~4lX5oBPjm5M`ZcgTHwW8ktXYH&j$oV|<T
z9k7+jd3m$~2KOOeCIACJ@GGUodL!+aEK6Hl?Hn(6LNNJk`$=1GK41BCA!F!C(^^a$
z$deKO51v72loHXuX(w28x9-MmJ3MHY<#sfBKe07nT4kk5908ikL*6FBq841s;ua_S
zH>xUOob93Sj)AWh+69t=nw}3ck5(e+HA5cl@MpH;N1Vxs9c?{wt&8fg=?b2j<Lgp(
zBWZ5?3p{`!LxU%RP-w#3JZDznY8JJ=;}H>?RPhd2Y3q`c-`<S+OUVL7kmKy*`OEuC
zWS-v=O4ka88&T?XZOm;FOof6th#Dv63KtQ0EMstG7OSPQbxk{tGH4#Tu1J4RewTQ6
z8yvB_SlP0?sK7+^`SZe7+7>-2YD^E_2qMs&p@ieZNnN(-w~bD%TCH%OJ=Heq1Nlc6
z*(t_#r<fPSj;=n6B5BE_=Wz@rS9PK^9zofhZS*^*p%w9wR8+O=!SC^47YDT=19%lX
z&zaOF78i7N7`(MdR(H8Io_fi|K{#DS+n|#j-ndr~srI8Z(NLtb+x#i$`h}_FJDsf;
zmxB-@3%MLj@x{23-n0-j(>?%jSB|j{H+k~_g1E45qA&*!)<pY8U^r8yIPV?`O846P
z396`#o7=blAJ0PfmaNV{_54K3mZ!JLk-mAo)xNh%IB1XXmzV4+65Zf1F4QQt94)Zb
zEJgC#4(62d#AqGNH=;fgUk$kC&Kdoc=L(YPCiiFs=5K^+Hy-WbnEO&uuf}reF-i+w
zzk_j^$X=ryeGZMjq<q*R=bXlgEC=bdB=55w?j$Q*(KoZe_ThAu^?dQLY^}ctV`&sb
zm~Z841Rh&8f?PGoy?hd%t;W03^Dfix-@>mTz78N-Hgd^aE=><-Szja)$*73DE?V(7
zB=n5t{o<38wl*>BObc!k@2*|*dy-r~W?SiDN;ActoVXw7yR<M`(&e>TV#vkE#b(5*
z58y3dA!wpC+j`J4Jj9Jan-z*3<cZ|bd{>Uuqi;uTwe?Om(vY|~h9Jj;Yoz-SdBZ@x
zm=cK548Ve1q0;#e;5gjgw9OtlTt-P5Onw(izv6m|;k-P&F^yY`AR;!Si9625JC4h`
zE8FiB)n5o*(YAsYur9%xGVtD!M*8nTJ{Ake02GN<2QFyh!CQjfc9&k)y)X+XtDW(J
z7dbRsuHjKul$n>b1WG;Tk~Yu5jrYNo_rZ-*Aut-^Ab05EWgt#4YkSy-$Yindqe#tD
zIY5c74qs?!;anDzHVVGD<%akN<&wd_KM8&syFdD+8wi9KN2zS27^3tZNyJ{sP6qrl
zRJ~om*npxRyrLS6Y(54xs8;FhQVz1|WT#nG=OnQ%>@1_ukxjwZ7LqjOz73yT9?OgG
zYcvUwb2z7QiTOrSbxyQ-8zfuF+<;c!Y|}e){-@R5AMKiV8aLknnAI_E&)+5IY74aA
zGGM&qiTzXh&<J}p!@r(DT_eZsQ9EaiuE9uoGsfRLQv76RNXOo7G$5)DFL)(svrWG|
zj7HTLeNA3X8ILs^2bj?3%uCwtMyf#CV(_Eyk~Ao7BGER{rsXZd3z#$arcHXhcFm?^
z3f3g-H3ug&3X6&zss+O{Or%WVi<v?{C6Th69F<B0RlM-KP_lNM?$b`VV@rDP+n6=B
zvzvR&h~(T_IT!5GYxk#H53<qTj?xg^B5pZf30){Sl8>lII9XqqI`m8pd%kqX7X~K0
z(hQpN*>}L*n&%9<;86G3Lv3*+NL^L?4CP~u2o*CeVWe|d6HMs{ferl8yqUu55zXrm
z!#d+E>KIf4g9XFuYv$G!JE_SQxzx%en;GIHR6{$vCe0{(U)3CH1U*`r@YiMTL!VYB
zB%~pSlGtqXHFLDoX7bd>?W<J`ks3~j`+VauC(*?NIw_YcB14c}YbaIjRVw7Fid<}E
z#o>bdjU&Nv+>wyM?XmW^tjMT&_9!Dkx)J$<3Tj{@2jYYtjJ1V+S^<q3bg(XQ==U=t
zWLZ@aeq_6j_83A0Ssp3s0V(ECdR;-fC1mxJO-7V+bLvvB^nE22#lWLY7fH`zBxLX;
zrlt~q(P7vntF$W=V0|Xgo6x{Yv`4z*4QLjUwT@2lJ~<<X%E+|mebJ1aD??;od{S;c
zId|VhNxgU}e&^pZ=))m#6U^b>`s{^GVu@<W436BLymua`38uClRh2pu%ANxyak<H!
zhdnmM<PRb5nkytEnFySU`9DMHW&pm;WvUrqY&K6|wC63rO*F@ARwcAYlO;sI&}_r`
zRWEdf*PMS_<EbV%YYkVCbcar<u~hJu9~iPey`)_<)QC)WU^8e;(Vw5K8f)_;rD5No
zPLh2|zWy%x>oAd6uibK}A5kY#$-4}MwE}cxSvBPLP58eUyQkpLp?_cCwQbwBZDZHA
zZM)sI-R|19ZQHhOx2OMe&w04_>1HOGHOb^9nOQ5dRzAP)lT9yVotR&u=ycgx_$g`?
zVHiX%Oey^~R=vB`m}28{#4ES3qdji@Cs*zf*Y^E|A#IN>g`zleic7o1MXR?xZfY%$
z!1p6`jxxW%qHnL4c${CZrN7o8iR~irl0TeT=hLYB1>oG1wUv+n_NP{)a^Rs35XJF`
z9*}t@`Fxd|Ped}T11|U^hA2g-{$vQS7<u|8Ch1U+Km@pW(te)+)Fn9opwe5+8$9F?
zzF7Ej2wDwv*t%%LQ?+`{jp2DT-5`RZ5fB7I*95B04w2433pOOFP8&8PFzf<r;OYnF
zc5&2;_E03F;uo5mbM2KjQ%@<g1>B}mUS-FD3ZA^f!*@Q;hHt`=>zQl+k)(c@q8rS!
zcARYQDh>%P%vGH3KWo9A7RYf1$oS&yL!OJpc_J0JrO`pImMSa5u#`WfRY^5L9E(&N
zHXQ_!14$aSX+(&PWo*=mLwoL?vB8YuFXK}rLZ4ykkK+1$LeLPmEz&Vr*Opl|)p>W!
z)YFrv*ZjbnUuKW@rq|J|PB#kuXr|ZC)G%*rsSIZ4ebMkCXf3kjIZav0qUwC4A~td^
z>l;e<cOvCHr^^XM_>(B1(nO-oe>NJD1p_QgA`A%>p!h#-mZBFbq6*TRQq!Ig4VT6J
zHCRjal$D@u1<^KvWST-+c2m@$Z84=-#vLPHb9`%ZrGxJHqlBThX|)emp~~&(x1+_E
z*T)O%v@E<=%U{+IOp%NdLc6r?3gWADwQ??Sz#i`EGoo_IP!|tDS<7;P8dQC6iY819
z1*gmfgWl9<`NU@VsLb){&GAu{4O3*myZ_FHl3qoou#otRPBG-0mX>1bF2bO)4s<cb
z_vM@Bi^4+cE7FQ7M@CrQ<=>|b%2%29RYJ5hVzyb2PaPlaGlpxe&pECk>aNa=F3Gn&
zJvfT$Bhg>RqE+&bpMhbFfl>4Tn)-lwyC!W24Bo>qO@dK22o9eH#ZQ6}TW6c3nNT*+
zn2lMJv{)w*wy_60Ch5d%B(_Poww2;?h&Y4-RWLjMB~m4kS9}QI#bkPe(1KT5+?!Q^
z!L^y?WxvY*Oq!!;FAaRen7FQhD{Kh)&ga>JezWegIb1RhMJh|FPqdJHQEBj~81hqH
zBa-_;8=1a|GXmW2sta2aBGYRUD&L6~p8mpD^B}(aAJotFJ9_=^w)xxe_}za|e;Q;4
zWacmJ&w~69>~HuD`D*(m{ezGrkR87PU$c;Nl30?skPE-4|MZviA3$C}UQ+`768;y;
z`(MHjONso8_DLwoC@Fr~K0GDOFWiUvCH-uaT)%8z_?PS}QL6lMeGN)2O3`1iZ%8Tg
z3-vuI|5AqiqWo~m{9lY;{LAs{DC_?l;`dVa|1$gm$`#5r%8g%+KSjAsxkvdU2_Ok1
z2_gw92`7mti7bgKi6%)UNg;_TNh`@B$tuYv$sx%lDJ01)DK04{$tx)-DI&=)DI+N>
zsUrDDQdv?>Qe9F@Qb$ssvVpP?fbsv2_5Uw<{BPO+e`85vD)44iU_byGaX<iq-^cj>
z!2bWaQ_sf0>i<NRMXAeLZ!D*zcw2-gh=wwulDo{O&?bKmD$0sWT@}ho|A>A~ROlr<
zKXt9B=9O7R!jeLfBo78@pp3#4W9a(>K{D)84LNT=6Q=FcnyyS)o2tk#e%PAsOkJLE
zrzX*q`DUSnx!>@fWPAB`KOE?O+zwlkZB*J`TWjxx@oCN&H~vf-*XwfLUbplQFx>ml
zTf1Cwd&l@{<{`I!QM8z~T<sE!0MA_GPTmvT2L0m?Tel^+>A<^L)1kXr%Tt%od$qM&
zb{e2C*6Gm0l6>0aee)Nu>c({;8L@jvKROb^;HU}<VqZDh;>A1cXkKve@^;;M7UDbD
zp?vyW=H)(Z65@U=q`<h<&h+BhZ}Sq0B_(R_3aUi~-HdVXFbSm<ge3K(M87phcyuH@
z!%Tku%C!=Q9EiF&N$8@Ay27~zwe4s+`G{YB)><%o@UoqOgVTzKj}Ee>yOSln^s;rH
ziRKCsteJYr^YY3*9ZcQi5L5;K^xwIGJ}?8ycKfu&$Fcyt@oFB>(&^#7b)R^+dM4WD
zJ6692w|xPoQD-=v60#^sym{NF#=|gD`MYw~#NZc-FI3gcMW%)@z5rf9#OK<BKfOP~
z{jWf8rH**zMv_E5pWv{+G+KRHEUULi4GSt)%cNt=HaxRR@Q0vwg9rb%g9qX*9Dos6
zKohrP<=I`~?9PjJ8`s_S5M0<)!=0x-sBO?-|8L{NSVxPL5qO3Bye+&NXvshpcjH6}
z`Ow^0`Ct%*%nQiWXYL8oE!w{r+*P=Ils`!j6{IT<uK`z(-O8t1wd`DE{|Xa0rWZ)p
zGK9ed{+Nt%9yi$6K|75N4ul_U;^IBFs+|Ipxx&}-5Z|tHrF<B#zzPF+CzQ)v9)m(y
zEIE3`s5y939Ec#tPG5iMZYYI33{RUJu5|O>=C5@}3rvOYknk(VU9aQq$}@u8gx7f;
zW(m#2?qcqC|I@}UsNka`bZMP62cXE+jB}dFO#>j1+z<EWZCAd$-}P@<@5D#*Uys`e
zSV#|n1CHT2i0QbwcMa&>73<`Np{>H)rFXgdXgM`&K>-piWx?GgG@f;?o=S8cB4)PD
zyxZO)VnPZy0klgU{&Hqoaucd!$SG8#=-@p}z{cHgXFr8jNx$*{RSzM7x~yi3N?oPJ
z0W_holv{*!K%tAV90rlj<306KW)ivo>x)1;3mNZWRqCe55Z^p{h{(FsEmVf_<`bU^
zau3L(2&2f(yNw!xfNC%rH^9Gbl~WuVhB)pok$^<&M3DuqXr?=RCQ=whBl7sg&{0XE
zTFi&FK*mcMb83*GRr+D#cLRNnN9)VK&)csC>3<E!%+%$?zx(m$^d^)Ehpux#e@NRu
z8?hDcDmlEHbS^{#@dvqC+??M!99R4)u*;*@aRz*r5OfZCmR>;-fmESL38lp!iWhfM
z5PKee_K76$Cfp!e+NcOu)ZTB_38{8<m+upM|H}~JPXtI+%*Khyy9Ht~pa!@Nq^5w|
zc1X?37pGi#OK_+6`jX>*DL=IYRA(@E{va`|7+>;e<O5M%2*0GdLF1o=VTSRgdH33g
zY<i#&_sI|)sf-{%_yG+?g;_OE9t7ifo`%6o)X&nLb?jDMEx`cuk40Gvx;Srt2`rJ1
zi>Q|m=uYsOKX|=CDAWwO`VN$i9p1}#2!Z=u0KN!Z)JY3&SG`Ry0I9z<r--Wf2fAc@
zmY}<qK*gOuNE#ufin4bOh7SGTT{uk$-AHkU5d8-dW3V~Q`2kHBYT<2k@T8JxA*<sT
zn47Rv@{AcI<v)Bd4?;(&@<|Iuwcn8d$!<W#R<@xb>5KBNX%~C6@eQ1BPP`P!>ve8G
z-iqio<syw#Inu{D%dbc*e2x7j2t=(J`4QA8;w2q-<Sb=uW8E%0I{nR%;z}h;ES`XO
z1l2uSIduDRd(c4_seovGJfd)s*KjR|Jw#Hw&rxm@ZTairaPqi(5=O+l7s^TAblAr~
zUOZ8p`m*+Oo=Xd^Tw`9mlS+W-NM+5ZAHKLL8VBP`@Quy3VTXKe7tg_cWRyqY=rhh5
zml_9g{u=LfdlA5^q#^_{q$Y{wVLv-H%3dhrrH?cEM?ep1<%7y1vW$;`*fW(7>`GS{
z5=EwrJqErj;w1Ml<fv}+Q*c6~%%MSYQBDsQw&LerhOqRwg0_dnD_=EKs8yrY3e*8$
z{S}nTO7D&OgK#qzPmxj8Z4Hl}^yeenrx%A?8$))i;OrH|wzx<TX7|CO1j;<A8F&*b
zMc<QLCqaImbQ2vfTF}5F|B8?jC>(|c-$khq{wd|3^pnrc;v+^}jNSNaaE$g~%<{un
zFbj;aiJfBvB4;59&m#>AV!`(z8R(MtyU2NBVD6k4?3dtfRPs2oxgzan-opKhmU5?*
zFtG((wse=csH-<n$rp1|{A_Y0D|Yf(?FD>)hK5%)+uQs2Imp}EdhnOhVgvFbq~X^}
z7`k6{>${amgXv;Sz*ewgg?yjUGMd!@NFQ*v(%0tTN@W&?>r~3YTJOl&I>U=97V^u?
z;xLlS(L4xkn~1x*Mkc{&)0rlNNtSLVot09)cyV;<FeRas(1vV8<?pF>>f_*+Z+x)+
zQRA_kdk|p0nWdO3RO%<noM@L~%Js8#MfO2plz5d@mpcw2r1Bm|qo!xWtJE#`anYHT
zV$(cIh;Oc~N=au`golOf4*cwDT-ngt3yBdk%YrvYsyOMU0z&7&#`hJ;{-A?`t6=_^
z5>h&kYBo+9dC~#trUUSwvPvJS=A{xNW~-%j2R{^<zI|nz$CeS1?C*OXM&~pGr5ik*
zPt?C6LQSrlITcE9T3CrpCaQqHHI_@lyAVLxzT*T2WFujBAvg~p@VK*S^hZA7bHW=d
z_(5leN_IUmS|Emvem-n~cFl?@4icEtX+H@Q$6&6FnJ`%sKVRt6qny!p{ASAQxEgNr
zGnQ897_G!6&hSlSUDUP=nAcgi%yq4qCiLsFSC}=Z+4{=O+*Vvy*JD(fp6ZS3%8OJg
zdC{~Ie7|O5ITv2o(k&|;fM2TN>RYNXQ?A&*vo%zv$}v=vr!xGQ8uT<}`nk5JD$0jg
zq<;$!a=EtCx&Bol<m3Ht@y52xShHJBf*Rnrk>#{Wa-FJIu2#3+n8#9BXDTl=#>e{9
z66PF|xJ^wcr_rc%jH{#4Y(w(PTA6yy?6lmY@lBYyoaaVWEspl(_9ZG?`9UO^uP?2C
z{pj45SNYWaW93(oLDeQq<R%el5irCLk@(a9xDT{u{VlrsiN8j!s%W%!6M~sBbiT|+
z>@%@(C!bLCIbbAeq*@n9y^$$1vLZv0ZG1Q5zN{=)&z|OZpQNJwd6WOlzlKjE8B~&q
zi8f)W`*VN(W9k<;P|u$TnK7$Kck)ytYZ6aKH!mtmYbnJ^UE$uWxDDn-Load8Ph0MT
z@y8A=$D-bf%xc@5j^#pisTaASIRD1<h)L8!tD)SbqAy{iE=tYvr?Zl#))4gHpk5(B
zI5af!3aEo=YlTAVVt1R-BnJ27D`??i;@!+mU1cW(^r;ur`IT~ChY!rnnTUc<=#ro@
z0T$&^x_b2_&1Y&xa;g-ji;hQ(4a1as<-fVd{RGSN%#3zX_6X^zs*3RjjW-zgDA*v2
z*yIM8+fs-Tk{OMPR*;&kLISfRGkjqx4$xKyOiNnh#>!8eTUxZ4k^B8gp}VN`<fn=8
z$jgX(9%gop;_gZwy&grTI@JmkyTIfC`<#$lrLdR!dmw5$A|Yt9!A^qQTN=_{HB+(_
z`4<%x^fPnT0O>bp-Jjw1c%C;R5n>|JB@zr66Fy>Nthh2w%m|0NKmuuKDq9SqIRaP7
zKON{~AoTJ2A}SKq!}pjN1zH+!+LBG%2}!AjZ#2ChQmVdZS0c+3b)Piux&SlO5Atzp
zKbA{B(@c08ScSZ)YB@Zr=aV#8hjkNDTdje9TsR6Xc#IX_ziW%=Jm|6Rbb%-NyB2m>
z>8Aosc!WN^;S_#;8X6(;YUy&Fs#?U9!v&7qDS8OX$jXVO>1-UfxTgaX^icOuqtt=g
zEw&bejLHKDk1GOxva|6?mIu8csYA9yjw*3h1S|6wu<hHmwtHNsCm>%yr|2NKjH=Y&
zXstBMVMnPT9+-zm$}UO4V9Iv6kE8U^=N<|(krT=&h3dYd;}oeBkm>Om;W*wZOv%*B
zvH)@7V9KFjN0yjW|G<xYD6CLt0D(^u2>g&ICOCdR>+h)sd#DDjgaW9lhwecU+E6Wy
zC{nBvs@*Lxn{7w#tti3=$~(OpMS0C-kgANSBO?BuueO?EP36xmW*{WxEhekopTp;S
zT7rmxIYR_@K|O5?4(Eg-pLW2g&AkBeNbO+p$nUHm5WH6t#67Yi+Pzl;p+0s&;LNqa
zP0pc1<x8XLiK(=*)R<Kk!+B@U8nM>=JgRGm!zCtCL-qmf<r7pEflv}&1}dNjuY~7r
z7r*Q0zMFF=6kjRphrm(mf}?k}gE2npjBr18;Y`4qJKzoNj<?_cRh*xK9VjJ`HF`tB
z@k@@VEKOH?to#%cZnG9x&#e38vZX!vH9jW5qLtlG>UHN7+{=?wQ|;%K)F};n!SGlS
zPXHHH(N&>4fd_fIoeJwdLRlCpxgHz2o(eUZJ8YGq8>$dm%lF4K#r2Y32FPD~tVdP*
z5%;dDzLDb|AsW$FH8iX#D}W#@(6H2)22<m9$l7xw{;QS;)Jm~O6NTNDW!$J@-4dVr
z$%{G_bQ)Uj=Mnk>7V#L!A%+EconyCK!C1<NErxHfX%_wWS1w1mX%>t4)Uv{9ZA})X
z>?_H~Q_-1ns|p!}%TLkoL7}_u0;ZZf>h{K#2Lt6#xdxo>PqGHP9mcyI{k^yt?zGf5
zxe(VZrU`Kxv-=t5`qn8hQ{%D~(~jz<M{Zc-XcljD#_=gPL-#7?Z4vsNJ=LA5U<bfZ
zVq=@44CO44=6_X|E32gDskg^7>)+Meve}^aILFyCYz|xYQsEgj!)4Sh>v3hJ{=M|2
zJ<v!UIh^Q(Dhn;z8F~PpFXl~$UW{LZ<g+=P4MQm6_t$j59<c|P?hN0f*|OSS47cAS
zQfnN8NsBcT=PIPHqg{WbZNAjm@5r{^sH%3S?*|3KdtU<J=RkO0lDxJi?-z`Nd|_EI
zRey`a9<>}U#omE<Jh|0vij@3~$f>0EGfpGSo1ypz<8p?ZH&#+ORw9(RBb>-@e6&;H
z305FDPx=#A8baU;wD7&E;42>M9kKB^YF772SJ@3Re{wOdi^YYV=arQJAw5D<ZNqgQ
zWHRKdpuOY#7<v)$Wq+{OvJ>!1i`b*$$AbDX!tSeVZSJ69fm%b+(%@K;x4M(JGhdj?
zdg1=amZk3E?|-CV+fdJ|dBvJEvs%AzKIEj@5PRC4s%8RXGF^Y4E@-B=fBAI?<8ujo
z`bp+|d=Zg(zR5Y?=2YlpR_H{&^q)qk^EE`)OWuQ^>b4z4){U}{+Xw;xe=e;c99+rY
zx+lNid4-=JXAKX192Lx+F`3K}Yu&6V>%`_+CJt<_S|2W^iZL`HJ=a7TL1=0AO`rf+
z5KX9n-~u<P3J?T}k|-R?R0=2*3X0u6N+=3YO*l|Wg0Kj6k<OZ(7gKiG+VA+u$(QX9
zpO=^J7uDERpn(%|&6p*VQ_lhutII>M3KC#pw5KrK$Gbiy$4>c~d(q}KqJgJ02m7v}
zKUi8M1F)}DLwb?Kt`a&0YuDzNi(nJ+&4_g&7?#!t(vNUkt_|MdxVDXK?_1rt84p5A
zf5lpmgO5*yI;ichs_hG4TbTy1q>ZF&y}PUH7KoOCH{s&s?2drjD;vnUKV_m})k!O)
zYZ^Lm**D1-iz>wBx)NtsF%h|wR0R^4wcez<l56TpU^xEVB)Z0u;Dur?2a-E^tEck5
za&6YW!j!o^ry7@JokuONaQimqZ71Z4UWUDkNS-%eE}m_j4f$1eE1Yw#8A&eyy^VUB
z37lhsx)vIQqo&x!D`O^56%@0c&zTNr*q>0~FXA@T<!V*Wfa^ePO^33uQOIJq!;M8z
zJ2fu`DU&59`t)*-$9;Y(b_=DNVpTYTZjGTh^H(X9oX@%5KEF}<=w;PdrkEo0Pc*)*
zVR1|U_HCMfA@$XtrtP`;#f{7+SX%!HpRZbwUe7&Ed*;*>A5|>fJJorY4Nnirq+erG
zaw2}@8|YMO0jD@FKPucjKiM0sVt~!t_n9Qj;HG&}j%_2yy=IAq$zc_8DfxV0dut5F
zFiJt2T3D~~5Kp9Dm||TR$3ka0Yx3pR9X(<O?OB2PEG>1bCV*D~mP}MTbvVEH@pe<K
z`x2mN!TOwX!WeXTGPKx{JFQ#-ICkLT1~ofho$q=ea--!b`SV%rB?$b5??~JOh^~rU
zbzs@Ix|C)?QtH8})6JKP&f3wJJmo^FJJ_p_WMyNT8GVR+Y<qQr^6ZcC@s01QnWDE$
zfqnxujn^x!gQhuKp*b)2?wCzLJAzPj9;_hJE&TQ)H6-`fBY)M|R7ju%rh{XepOVDR
z(`3Z)U83j_dZARs0p5ctu4Tp93a!hDx}QMwK@rdW7bfxbNYPU%7Vt#uny?o(t=R1w
zwQ4Z|^Y5GpeY61ag1wN#I!RA6YmbPr5c-%L7!HPx&~vg?3F|$Kl-Lz&9&Bu#HvZ*o
z7Q(4c6A4NuFeK?H6(}wHf)I$8KFIsA6DMKe0m@u_hMKq;0_-#}s5+t|3Wi<ydT0=c
zm3q^3l~Or-NTPY-;S<Y;KTB_c#>cm5pr^d9VhmBkHyYQ9eQaM(Sm(_$x*Z{fJZtz9
zu}<mW+!dC9vN1o5_BRQj@?A5?q;GFU?2-i~4i>8;1;-cIp)*f|>ys--ucq$8@Dkhg
zua9SxkB^O%wSs=D)18`7SulD~U?v5cc7?WmmQ>#pICQo4#ul{FUjs&(&}4fCZRuQw
zDqJus8QWKN5K(IaQ&y}xW`b|;upWb?ov?f)qA9~__P~qiYGE2i6pmxSQs&)%0A>~Q
z<90M`qX9ztN5*q;$&EB-#+ajKLT?-OpQ?-e5e<Ug+u27grxxi0CkT8uqxYGLw3Ha1
zVOgN#!#q8Z;SNgwFkWl#47iuULPaQ7!*lhuhOQHE|FjzS6VSw1oU*;o-il$`uH1D(
z`lFz;2ch!X1%Nzuq6W@ATp)5|L*YY&*ah_z#;kIHH~V+><YC82u3ccO+U0KqNTScC
zh<po5WMOAsW+G}q1qb=te~ch>Hv#Wyu?7c?5Yj{<cH`C^2~Ys;#l#YBwgK<SS@}fS
z0}!?b8;?kYC809T>mX`D77F_}GK!twB!h8OmAk2PjocJ%DK5A57Luq(XMN7`^ne$4
zi;sMpNi=}6wvhTS?Y*PX;D}YV+a>MDYDDTtgHohnE&Xw3H;u!*317wX+_rkslp1Af
z4#>zj8S1x*Sk;7B30im7!}de)@~!)K0*`XCKSPg#oGdhl`S=E$>_hz-aIDKbbHjde
zf0Gt^e`9(1P2)!(;KztTP^zGHv#{zW;23@w6W<Mu<U$zqjByrF*8=Y3oyZr;Z=4w_
z`JjL++YitBJd5+qiw=U`akNQw<)!iMvyaLYDRlbbE;%;=Pt*(tg%h)WKS1M$5oNiK
z$0)Z!KeWylWmC8jni&K0<Ph`j$n!2SI1Rq2xJrv>b0FW3CdfF05BUuJN<7uY=O=Sd
zj`K|%&8rF#rx&0?2{Nru?dLta&ars~PE|8C&<?awtkZ%6moMx%mo58Oob|c&D9PM9
z>UPjQO=!2q<|wwZiLJUu5cXO?lN<0%T-C0u*_CLgj?z2{Zw{MAul+9-De>Z>BDBG2
z`Iyp9`9U2byAk$sEU_z~j6F+bxXm7B*9wecEp$5zlxJC(M!oq9yaF_0y_iY^edWvA
zB99-|-uq(=E%Qi@BkE4%@SPwjhS6iv(TCCVkCgRK39&0<@`V|IoE1G_o1_tc^lDMu
z8AkBwOreK0CboxzBmGWgof&a+wwNbtb6a%JDI3g7aTJ^z1g#M{!)#U3LVa4ipxikx
zVn=2B7R(YM5nbd<hFa-;k5KXtXHHLU-N}CacSKj*BF527N4Ez~1P9Qb2g%TbDE~x`
zeC7xd>%0Ukv8k}^+K~V`F#K5=;nR`A%aIy_g#{Jd(d;EGbv=BSVJ_P#QHpFJ-T;<Y
zwmAkMEb-ZWOgy^fed%%UaHo5an^Jn1P5{?!q++*<Tlu`L3+{tEimyZm>bxy2S6sut
zBdv)njc(C!8<V6_VuTc_uVj@nuSezBcgM;pdsR}HwMB-7EBO5)NGgGVCX@uJ*n@$l
zIDul|biu!Dr~xAT{jgdnHRWt9_lz#hY;Xf_^vACa92%X<ESdG6NA(_+P1||rWsXP=
zjzXuZ%;<@F5hW}nG^Fl>)kN&7PMu6C2hos|K5O@02RBUJx&f(_*}iyn6^LX$5CrNM
zuq>KY_0<rO$v)p=n5IK~Z(=6nY&hU-k{@UqbtbiP?P}xq2l{K3H$5ReSamh|=pO~c
zx>+qn(RNB^#5`MY>=gSNmlP?~?y6i=K~{I#8+FeSnRlIS2ghFc0}pjEBf9R;Gc8=(
z?+g}uq!unDRmN0n5;xJfW5b16G7Dbq#OZQ!vTSo+O5*jDYybX<-7Ih=EF>%>GXJKL
z#~;;fsEwmrw@nuT6Xbg{5Z8>3d2t_w@-n5LCrWxrkd;&?jvdP~ar#7h<8*g}aZlJi
ze99J{XC8EHu$OiCB(`s?OtSnG4eK^|`j~7ZkKoL;!h(GjZ3Z@bL1&2Lw5o#yeMT6b
zpc%6^-_{W7WYVTIx2K0RRqY*6NbMz4&|5eIw*+g=3c-b3^vfE^ucCiMdjf}ida?pl
zSBmxCA!FKAylcU;N0av`LI-`<F#tTtnoHUGQ5&xGUy&E2e3eK4tlQpZ!Eq<5o=^yz
z>c?FyGG6L%iFZXhB~9%NYn<aociC`;SIgj{PAHoW_FMc`@<SfT28jlIfx``k$?C3E
z`{WwgA?m&XihKPgGi3L_3CDQ12|7S-K#>bQ3yaQImBT)|G1$>XX|cP>^YMbe%FKkQ
z|Lh`&-W07WT2t0y@9n=idA)I-kXN2cwsr13cUy{RXP_$;@w6Mk5k~aIufrxBHXQx%
z#onn-eCNXA2`eaY-2~Zc_=Im?6ZxDkocxG;g}++~GZMWtHRS)6Gw_P}$$s91|4l~C
zl?Q#q-*^pGIgM)6DJmn>q41)ngk~}6(E@ymU);jLJs?KI@Xq>U$rA+c^a*TuTN1Vf
z1}5FRThN)7H-p-s+}mEO8Hc_Q`1{pS3yM|;n&QJ))oQ0GV`aK9x$v4ZweY4l1^Dgu
z0P{`%Ad{CKls}Dw)b5eOFxddgJc9^(+}6*O8qqlX{qMw&61e&jWjq`zm+DlOpkL21
zcZ|#Pt76xWdIqh->d5sQKKhH6+Lb<YVtvRK>!V}$XE3fHne{o=eUHDPzYO-rDrU9G
zx|xN*-CAma?K{U&T*K|b5dO3=be{5d2u~3Ehg~WhFAAT+FqZ;&@QfYCs&8cjG^YJ$
zI-GaYl~Kp&r%x+=yHf-WdXns^I=b$Ujqhe{g#5V$t7glBVhdOKjWdf9E~_gAA(>jT
zc|avCE2(B68)I4dU<@F|9Ft(U=Tv4AGOZM(9n-cU>3M^?f=XbtkqMP*_o|W|atDR8
zr<(r`$nMn@QJF`_;b1mnZg>j@L;6rBmHq%nFQrQF8o=T20U3Zl&x42Dbi`lj77f^!
zDAGekzzRp-2z3@%zZ~jR7NC)pJ{egTW;Lt@17Y~d(*MlCUsk2J3xJ~us&xgV*K{f~
z1KDfHU)DVmFtZ^|4fJ0MYJ;|uqAJ9Ob~d_G9HSFZNngAKM%FV7?-tebav8>7Yph(m
z5d-6P`g)4LMAAbFmo{vO^UfqRs3>+|1TG8DLo}D@hN{dBlgxwF$7hD@P5^!rLo&uo
zGRA8%4=kUs;prJI)NnKsP<HGVbOk3e$%@;R>eZTWy1HAis(&iJX_sI;JG8nRf?luE
zPGtzT5s_a?Rl1W2EswJp?-G&2+=fKlfE<iuCV#KtB5RQ$+=PdF$q{U0Bb&(+*hYkJ
zgY5e-I@CZ8ei-d<BZuvThikL~bBD8&8}4M`n`f7nbww=t5@bJ?h4F@AwXM&0%F8>@
zH1+WqtM4<Pi~R6*9xZOXz*>z(p1-~W&uUs+{4twCBuA{n$Ldb|sC&kVP6{Rd834cs
zdo`Q&5WPgKq&*zub1uM?Un4h+ozJqI3bz`@ZNZBcg&}&zP?!dmlFQ?P)5y+ClNPKc
zM{r;!dD@rHMeiXY=j#CeY+zk<IZ*IJDe$E;lm~i}7O*L*zWwQIy7ITG==1Tw*^D)6
z^&a#EYJKpT%G@A(ZsNB7_b!45nW&}}#bpv5@kJH(vix^DK**$*Ap6cFqJ1!NC|fAR
z_9UALr_Rs&W|Lp0gk=3&3ehVAPSR4(O`L{uMgN?c;7aPn>eSO7;KK1@-)AL{5GAOw
zs#)3x3Fpv!yPGp!{6=)F0iVg0i&1HWxQ5q|Kjaf#fBqXbMrkWpM;LT)#vFM%(xY^Q
z$@Z;YXnpBgSOVQxO*Jz{G7gvEfdSY;cfu1AA!6t^;{uw^O8-d+$M)-D>FB_;-F?I_
z@=8n%8+#Gebub&a&99*S#66pn2KLZ!P#0iO)ctBQlFqC8wR20W7TH$SdwWQbc@Jea
zL)02t$LyMfqGNq9z`Rq(nn6@TSNXTQH^D~LqZqmF1FTiRvxh#~gKCGlkIPB~^e_)O
z#nWe|ez%^>nl}Lj+l1l+Z;DiSXuqrSAUxC~JSJbAY~<CN3`KP^2Ae+~az6*mV9&8V
z=mIXRhU2$)h{JR!?1XWrkC%@8%O{W>^uzQh9C&{^Aytqt5AmguS~W7v%RnA+I6tE%
z->GGo>YI1Ir?x)>iul2K>B@NNI*W2%><ifXhxS@e#Q}bTzcT6z%gOuobT{k^$%?Ko
z<4-0Bh!?je3&tSbe3jH(5kTHjO#wjCPYI(}7DklSWT&v>zCMz(!C*5YO+wKo8Cv;)
zyzV1`h9^)?0x7lUcr%sSIS0Bpja-Ud<v(S^250r|Q#ml{DQ*@+J0Q!h#m<4ns#ci!
z#{uY1(VpGTkUtJ;O=>$9p7?nSpl)JWMGK-X9w|~IJ$fRSYGRT&tW<C#V;E)ldU1ql
zDKWUzM9;4OzC+nl2=)-0fE?CZf$rpZ4o1ViumW{;=Q|7T_a#m}NnHQ*1h>Zpj0dzE
z3PyE8XOAdo_a<RRKu6#P<)5%K+(Q;hi<KCC*e#`VFZ5s{qSWn_X$d$qZuh|M5c8Ga
zdx@+|0^#u1UA+jt8xH!y?^XNTj~I*E>9Yyes}t3ZMi@nsxp(U2=y$Y49<bb~KUwYJ
z=cWsPZyhOd<-fIt1NuX3z+u~k)kMCxNVn7ZtK*l-{P+_tAZM&#+Z~OFU&bQrT8a!p
zYA8A=a-ww2?|x8nK}uj#`9av};@9y9+~9f4rDjv3m1GHJjL#WvSW^|!qN9fR-WcE;
zOp}MZ{PV!?Lo;`lTkPbUl+7FsMLr8dtjBC-sablFk4z+bHk%wb-<Eus_oxFIvK?!E
zs8SdD8b|tPC)$&aMsB71Q>wntbqw3cXXpnwkiys*_LW>KHdN-^QSL!5?F0;_pt7{P
z6L;Vh6R}{yVCYvPpY)7WLNGU#`RH0F@gNrv%W8*sC~vZl`U9|eS;-OY%Rf*p{ryGG
z;h9L|05;jmVfe#^;4KGw@TT4lGX7il1eW^j!}+%GL}2h+)>X_lXO0YP2~<QECN~Uj
z6|Tj*#}iP#NN-DI2MeqY;3r_zD>{OC$&P1Lp%<ONtUS{s$_sLShl+H6RLG$`(#e;B
z9PE)&RVbrnDCLf&wEm@(qvDzRj~q<ft!oE|*2CXX4_(~#V5g-QjU~rWbyATjZm+1k
zY8bqoT(1+6Y{0H=$oT1KyOAOfZZg^aLTgo;g{c%@Q^_abcy`X|<f6OzqGkJkL_5WW
zA>(erY|nG<_8R=sWmoKo9#2#`-!sNil}GU-1cO-!h9O8o$+!=6qjk_(i9=M6OJSxD
zTnaK0Y~=K+M3bt+25jP$4d|BJQWk7OlWLS6M*fBGpc<7ybJs)#O%X22J{yA!PtWEh
zD|s_|(ak~cpDxJnpR5@zT;P|k4%>eJU02Fk1JWBu<!k0p_RLjBpRIv5R6leY2!0+M
zn!7PGX*P9B){Fx$dJ6yw$f`kowg+R%^ZV-umPP82Mj>f$-4R8kT8Og<$8iTGB9I*l
z=nowHtx)gHP1hQW@|!o)n#alw-;TOB4Z?wM4#(U+xpSmLO18-za+c5t(G2WDgOFBx
zvy5J^VRrU);qi0WQ6+k;nknwJHsdv2-K(QT1Kmi|YpYDh@zn<7jI(P|4SwUR8&gnF
zz4?Tc+`GpaSb~aCH>tkIylVqnmzT?!cDmX7R^*$iIx4LL(!+cklhbEP+HH>fj`}mW
zPr92)HARJW1`0XwyX3UQNInon7bQ&pIZ<qgv`~u`0*TBh!;_-_CRT6nyqnRre|~1s
zko>g!pZb5!=``*0;E);{$kbkg7W!8#0~wQb)^x`@>Kp~6awZ8Bl&>8TO4j)PZu&ZS
z_WuGc9$cx&+*oQ#0Cfjxd_5<1^gD+dUNK1>iZkPNm#^J|c<ft95sLYaZ4(6IBm|gd
zlbD6n1%=|Ws^bSVNWjf%0Tf#!NuU=vYi)vzAP1=%?N?diVCZIG2G8gyL8#40>(eZZ
z9b6~P0_wE{*T!LH1qVdt+0?fNKAn>XIV*G8d|Nn1V3isg6!50)q^13j+TMFzb2GoW
z%XmqNfB#Z{Es8C=dYXT3Jd`l=cX<cq%!yyLaqD+5{8qHKhl0~c$7M=io#IqD5tw!b
zcg*6WTmZKsS-2VU23PnbzJ2<tQWfwzn72uI-XuI@H-2|TXgP4U0~sa_?R{!D-lUzb
zDmI(*%;A{XKXHvrn{&^?9AV;x&ft>AABc}#i+L54*50lx8E{;HHeMnf{`77;V=)2d
zHr)VCCSofeyuneoQJnE=R<;<6a3;E$Fl5bKdEj0Hy(1r+)Q`C;#m&{`y$!g~o%aOZ
zWH-znd3Egvd;j|V-5uD=6$~2G0aB}XkaWXe)xmci6<z()d-u7oKLo7@pvL3Yo-hE*
zaE(wvYO<`a-v5G}I5WOsim(n|=+ZZBn{N{SRlTg<nh&~UGi3Qs!@mHACgz7bKlGgM
zn{#1Q(e-R>igV2BpBvNTOoQ6eS(pW1br?yqj*c~LwzvZVKQ$rT;&wt2g#Hq*GND*?
zSaL0!e^J)$1gag-+I61TZ6ex9)8Q#Y^p3+&>m@fZ*m*sr0(@Jb!s>v+<`!$4pt~J?
z&Cm0F#w};KWnHAulUj3_PGA{XLx8F@a3JpGqC{5JnXvU@6CLvOg@GcfTmJR(vFf1t
zbj%_ykrSJw{(^%RRM#K!RH_EZL0W$)_W~EJiMjC}+B9bm>c{G*(jw2MJ(0M_1pOa8
zc=rtn+8Uz|=i!Okm~nP+#)eiwNZ!AYMx4+%Z6Wl%aQyFz06YO2eK9$5ca{+7zjWae
zw5`_{INnhi>3ePP>}kG(WI}}>3-Jf<b(>47ZNjM$weU!gjw7iJj;u3?tIum+lj{>*
zTmUBEjk?)m_=6ABk_V@_2p+>SH+6Y**RCj1bV``?wABWc#@vI#it5u6QS~V@2pnaR
zM5-OkE;W$UKE7&OY#mrL>q<zNfLA}OeD*aX^{Ngg_?)F;Yb3$YdX_Qh1C=LF41QGB
zy|)<9*MaGn318X+TOma@3&TrS!vsL<iYX!iICJ)`b6U6etr(hLpOkt@MXF`Pv@60p
z2?_82PK9;O?X$~}A{{g(ifl_LAiiq{ch92`*}TeRj%M0>Lepq`nnGY8|0aVCelQGr
zSxIiDC^%r3GH}~9z1sBJ*ACwnq`l}r5U+ZB4F^zNnLrG&)r;Ra*9iP%EyDd}C-LX5
zwb7YGpM?~8<CfaD^?!-vHO$(H9HIV@D<bvPmgGEp!{k)2=BU)ZyHA436}&I<ae3{G
zEZPF~a3Ig0DcG-emfSSC;|@TZlv60bZh&0#H0!+<nRVR~1qDfYGkC9?T>>5KoXtV$
z)j7tA59RQ6BUp|{@r6m;f-~HjNxS4_)PpF;2M2yh84L=a+5*n(FiV_z3j2uYa_@Ak
zD_~RG)RV?Hy!+7H2b_Y(z`XvAKPka)di@ehdeQt0h$?_hs#GFE;8udk%Q38L5ObP4
z&TYg5Ps+xF8RUg|ycP`RM|ohP@BvEVlbK#Ro0ukIVlB3z#FI_HW@?<aJ(Q0f>=YvJ
z{VE{6V{xxo^c*Bk{(b#z^NgFszI>aJ;J{{$q`qwBOAVGZR%T8|dog$Sr>jyLlhXWg
zwkpeijf)6FGmqvFZ<UwYFwe{(oR!1crZZyrR66K<*NC%)A3b7F6I!iO(^C_v1=q*Z
z;2UGt@j0L>A*_J^Gimf)$*0?Q=YV6DbU_u?6PW;GBt^!2Z-Kb`m7Js@Gzq%Tc<hb~
zEW4`_t_dC<Gd4UPj!FSWM9TnwFAwsSW-Ls4CzAg)lJ_+d{aiMfC*<I#<?HK_<37J1
zyO2~<(m5l4T1F0Zr_}nMI12Zh!Kk426kbBptqUdr#K`Y|j}ym=$;KPPzWO0xv{@*R
zJOMAGE@TPv2HroqGfOVO4WW0I|L*OaJd^`BNKAu(y(z$RfL*dJP?HWP9~u*+Z${4T
zVgx}ROj9Ob2M}&X`z=G@yKl+`mEp_k@{p*+M&0m6j#(n`E$Ibc+@%ELUdNZ|NX7`;
zT5BwIFHa=%UhSbLPbMqiBfucw2bHW~C`h%LgEY~gz=2vb(`S47VixYE8twMYa~w2R
zJLHG>5Ic~NQ?B)yN_xl5&a7Ip-n{0&U3l|bVqQQOttp+&!5fm~)iU-KHtICl70i1`
z)-NSNKGq$Q@r)EVQC<2o+XCOzNIB!eTW3LKHc}b1D~#hXLN5>Ly=ll#^cW;|Ni+W+
zcQ6mPUgqz56d6V?Tad;wfC*NV`{aI4iUw0xWmOp$NQgigfiA%)z4_=2@Vy=FH?~4(
zuNm7#RcJ;P{lao;iLH<B28+G&#;d;<(vF=49Cg}8RKgDEK6*9rMbZOxsgo7LH#9+b
z{cGfIy02djM2~6k&!0*7NbkrV7)SFr)X`+$AA|>a0n8bK*&a=#nzk=G(D!JBb1@`K
z@ctvQ!L(@91pDZHnU+<K$$zLWP|U`RG&rQd4g*+g;_nT4@Rn@(-P=Hx4X;)KufiS4
z?!3o2AoV!_YuKcBWD^{^{KAqK?{TV=@S*=a$rfg@!=mlL_FW?UIX*_x@B<oV&}hEN
znM}ooJ86#2vvY}$bA-q;!Gy(N?@!Y3!>eZUhCZYPJC(E*P;O44UaKCt?%*SPP{Vpu
z{jrzz5bRnWI)`@1o@NjrdkaPvF3kD+7qjW4mII}KUWitBs6v)O!oJs$e(n=#(wZi|
z@qy2kx4Z>EZIBmx&Ik;E?eTc<vIgM;HS;WYmU%6DjY)GQvZh8lW5S+&r9ZRU*)K`C
z@o&p|K3MidfnGa^xx@1H6Y`73#`)u9p!RbzYkwYu)iLDM-AhQfmuUPwW!M!M9yLGp
z!tZd5qE5DqR~ZIg48Ji)Uru^od?j7bJ|dGMwu90;)$W*F)Wt>+$}#6jI%lUQGy#mt
z`j-s5VQiaowKNtb`<{TH;zu&J?^f;PoMyq*5DO%sM&>SyIXrRTuB9c(LSu5J@+02N
z<`mXwm-0YKqjOCULpK3e%#dA9Z=KphKVyxtT;c$xrpwpf`0?u(q!jv5ADr!OeYYaG
zfbVqY(wsq3_~11@%k@Q{Q?k`&y%Xzw#w{56ed~kf>z<+8EtR!S4}<kywd&@pnkl9^
zzzU@NirAtQZHE6u{rw0PPc>rUI^c*(d7<b3_!IRT#^RmZ+={|n%DS?>QB_<uCF_oR
zuS<YUc={6(Zo$#AY<u&*A9}eiw9}ir8c{s*DXo9LqEE#-wBl%^hn@A<WG*(Dx%!T6
zA$peZ9!4p>7$rrIr<78PIe<Z85<Z?*Z)^=iDye|ydVi#t_F)dEL+@f{E4-XRV6I_V
zEXIcPKreh3XAzB}NNcIn>yTD?MBdq#<~M|g;>U=TZBNo%z`G_@A2E6MfyaGU6%Hg7
zQj;N;`Mj?Wm2EDH54i|KHStVlV~QmFlfm|AK9S~!JIQ;aF{i4<^==E=hIp~Vu!5Fo
z`K1^2@vlP`R$|SOuD*0<?b=7@vAdluygBBL9q`Ug;IeUXnM=o}%{1Alyj-Yy(ztsP
zEQqN>ZNl0ZqO4NUlsdzt8OmfKBiY3D#l)o9S2&&bCvbV^ZVxQ6nmzc8{x3a@HNnX@
zzwsj-IqOWRJ4q*uXldRB^xpVb)c29S_x+cZfzka}#op}Uhg$#f;m69r`Jq?h`p@B)
z^r_PNO@Tq~PJEgI_`=aVmVH+A+fUF1dM|5~UrO2JqD%|=jIoZc0yARSl8ngtL2~AI
z{<uawc4<1QPDlkE^|*^s(zb^qkCT+*1MSp(F%?4wYAH>bb7opB;7erfl1<(g(UcAP
z12V&l*Q8Ak4J-7}2N9%TSK$vG3n&7RN$$WA-}($c)&sJ`p-FA+fND$wO;dEYxt6V4
z>D9(E_zXs<8NdXO$oo+(J;5sDZ_U;|HL$8vqx5(|C~ZlP1GO`-2v#XeI3aVJ)*{oD
z&LX)y-D=JW%2Ybo)R*75Ide8w0*u97zU{-9hN+l_Cph_-c1OxcCFU~Dmi#PDOSp%W
z^Jnd;yys5&H&qsJlVa4jfbqnk8Mh~$c{hZ-_r+;d5w}Rs<HEC;hB7k#a5_{Aw@LEa
zr3hEBlaHfCI>sNm;BQ#!brXZ?B3F~`1QM{88X^VC>`Lk(bG3WzR@(JQ@91*O<<Vox
zSF=!n@R3iHj_T)HqHczj0#~yxcQ&2-(ycAf>UCUKMa2$U#SV=*Tj!f2c0*sP-W&1y
znt=}a0ewOsFYK<WEB%*4stf1!^@4UlZ`(hj<!zaI%d1K^iemQd*qNtzA=@WF5K_ew
zgP$<-6e4xvrXWq!t$D*O#df9CTrr9Tt$}nPF6;%;9gSLf&JvP)GF}R(#=_)iG=aVm
z#%6?EXJ~}t23A0SMW)8r(sW8oyvGGVmqe7enUARj`zsjAftreyg<%(xkL?jlQ;V9H
zw$i!@`N2h(CIzmB9$lCvjcZ7r>F4tJk9U~4*13;&z$c@_4u=w;)WxJw%m8(IK9m;+
zKegkS>@2mj#6YwZ5lXvQ-2ryUj~R12|DJj9TH;H1;UAj}7na!&Jd;U6yUM@Rtb@<j
z1pR$@EK10TmHFm+6g<`lOa?f6b58aLU4-^fcNmK}o_NG|zo^Uq({gTb#?ESHB(N=<
zTC`qUcG)dZqN{!zVqA=Zjb+{tu$8nfOVwl$B)oR)+k77VCR&I}eXe8fR>4Q%BdGh-
zce<?rJ@2Rdp*aUMFBEjmZ6HUB@JXBD&mj{~4>dIE*q(2{*k+{KShL0pyTNdtSZOh>
z+K}jK^(mcMMfPe~5cXy03n}tS9%gSKO?!WF#-OwUMDwAWok0Qtcb4GnR_3Zwg_xs$
z)3<5zPAwq!_hL#dU`Z3M881;(Cp(G6^yR2=qqyR{@+?i&if=u%X7%zGp6tWr>$|T&
z?X&=}K<rJ5p+UAKfo4%h?$sNW>!O87Qtch14R|ty`Dx*)ts9E;l%M2OMI-}Xs8g|p
zN{KkR@{g=Ls>)0S&Q+D4*h&0%<TRI^?3rv0lMqb-{m7Uud*(``u52S%#<IYIXH#*L
z)GoTdJ1pV93aa2Z+uG`oDI6KAze^Wv{JyxjE%^}vwe+UT7zq_1dFQ6#6?`&!b^!3^
zy$p%i0Pc`gO$Qg6KsMc|FpBgMww|<rH%h>&%B=fqEnRQJKbzhKdBy@>g1EZ16m272
zV<?OUlXibOyP}E6sLFu1WCZ=B0^0<ltKZn1q(27csyK+D&j}jK&k4@c7r!mkaP>t$
z7Tnr_a`9)s6$*(sCISMW60hmFAVw(p%F}khg8jtHc`&XdCjCHizi3%kze&{oL@IWm
zQS(|l)S=50DnwE{W2@0|4IJgOXQ)Oh9j)KLSvts;4n1;5nJGI-B%d4Fx8jd>Z=HI^
zQPHPtc7JgO&nH~8v<Ug#6B%c%ecYw(0Pb%CI!HI?+ex}%?Za(|Z02RO3gBuAUTUSR
z)4eUaqo2=SL7gKYO%W~*RS<@in2I)yjdFpsqXkxXz*Y;}hk-bnGkqB``>Y-xK7XM*
z-Y|OcBR+TuUiXMqo+i?|L|L$nh$WbxuVk8UU~yr**8d@ihEtohRrD{C@x>Qfug7DJ
zV%Rh%@A_MT$*PxpE&h3`8d@OuuWAH7Zsoa*xboCKs_GOXj&2IP1AK$+9)adH(DsQE
zYRog4=Vh;~&L68QG+M(q;(E$D-4|UcHjTiKMC6N(Viv!nG=C-Kiy~nnwenQL|6kRX
zPD_8RMIp+XWA$^#2zihEncIvv_hRH|2cw_iIQSm9xsSvGOQD5lg1KhOx-Oee`@M$z
z5SCSnGVdw8c27}^V;2h-aqPIFPx>6H>igoHs&mq#4u@~Ml~TBiv-DD*L@K4?xw4T<
zh5W!oRcXv?s;7~sxTR~3rln|3@m}U)%*96tFUDbeQoWz9-<@#9yzv6q62v@6Mh_Th
zgsYHnd21}qX<8w@$9U_bnc+7}<vwrWk4d`F{gP10DQw*SiRQVwD#P+-Rm_8pPw1|q
zQpN_!n%O!!Vph95t#caX`_B&do)O@LTnEY|vH<eWZ*K3;Pn3p-H;U-GTnRW+bAjtT
zF(RPF6-Gw5gjK958RDso856FA;G{pfISJ5|Vi-Y0MQts?F!qWSbkc5!`%Qa$>Pvaf
zg>L(WCn$WU4ys_E)}dE<1$iREr|%AamUGY7@`J8?myU{2GQ&d=Q`c5JD>-`8;jW|_
zZIk4RqZAK0cZRlNzT~#GcwbgX2j`@BTcgn0mBjWYO1d5Usx6=FajQ$~qq>*ZFm3v!
zxkHS(2u{`b7&&wG`Y8+0XEGD7rk-$VB}~7QM}22}x^FrbFVYVkPOez!ShQTSw(ij6
zn)Wzj?(!)9)2V~pp#8q4M<LJjq#7|=xO2Qmef6M<_|$0moblM^(HLhzKCbUHG|#b{
zGK_NqTQ4|=v2DlUlzajw+e+_8L)x3Bg=l`E%01fPqN@1c4cwS2PTb~$@rHcie__Lu
z*QIzaDr4N4>6v*t5wGaO$|G|`F?pQzd#eh#Sf$-~<#dL}*b2$CW8CDX8b^rY)%#@u
z-Sbh-otSfDK01dyAak3dDT5oyIPfIME&FI1)*N8YmhliiFq~@lXa^ei(?{1s9!*%c
z&$NqhduB)4ECnXS8QORT$7nE^u&k!txQb)ZJZ5(aKe)OV+KWqpTDaSeGx4aAmBFbe
zoKo7#9*~VJFz)E;K_oZcrrn_uL=fj@j4DGDVzjlld{7H%WYR}m+MZ%`bM7E$8s$q?
z#uh~jVsy&;hd^T;0NZM%0^JH*`m7rID@JV+)8_Nh|LU1bSkD}*Y0VfOfH7!NJB$4B
zV(n8IAA~XRa;3LtjLKuInIDKtqhu40YTJZXD+#F^*<1uAfc5!lYdOh;zG`~4;aD}o
z!F4MEU`BpGnfbxK1weY3inSnUtOiC`IW&eQ<;VY-tKO?dN0y9<)-JDc_siiKkjL6L
z?I%Q%-sEFZ0O*2$o(uiPJFt$*hX|wp>}YC*sFLICRqOUo&g@!ZTH0GgXw$KeX2g@E
z8f1(Ct2mY&>YyoA`Nx!Quql7f`$ugMab@M7Te1;F0%>QHq}s3R^-W&&MiMot6^~-=
zVzPa2w5-xG^Y6F`G?x7%4(Ddq6RsYgu(YyD%$~vI{2fME6nt~#s*^e^Jg=8I`jXl+
z()9qe0H5h!TAT};#_U-#<;|Tzuxq);E6uATwaK-lc!)0$OCnBKuLtjJ$t8|l;;r80
zZHdw2JFPfmaH=S$*S<;Xon<n#Bj2_4^aq~2>hsD&VF5d8LZGCMf{lCRZ0I4ebj7R7
zTh^ZhPSSe<()9>4zT)2W9G;!_{a_mo=7ak#*8|s@e5O>N3HR9ZGhi%1k*YyqM)XD|
z?E-rEZ|$OzOD8|!+6&r8WqAN`sv|4en<?N;VRVF9Gn#^_+V5orV-MUe;`a$9wq6Xo
zT^S$12~voEunp5rI*W$PL_-4*dCWS-1zb3ps68Qa{tIb9mcRayAe#od>W^qhxA5#n
z<W3cS{1|>3B0%09)h#%9GxJJ-Tmj@;Qsg!{X6X&G9Ot}~tC%O1=?iMet-Qepumb>y
zxpk{}>eN-{m2xA!33*$R+{{UHJBw}tv<531Q{;|-;Ayf+tHY&dv=ZAQn{2`Mjgogq
zl5CP4We^{^DeUBTvgn;ahy&rS6uCP<u*f~(6uC?C?oN_>3WM$m2i?m&8G{Z)ME9l0
zueAovu+!vzqYjszF-qJTa=$C9mX$HoJg14A%L|s@kB<asf1l+2I>h=7^CG|+1gr;A
z<j=vJN|VQd^`yY!7#4Zbt#`?jl^dp$-zv|N2bF`#@09z=ACwC6nB@JomOPmk6Y2rU
zdyqfHtahGY8=nq*Pi5u}!1VsuB2UTnGI@&kpoh?9AC<g^RJ|lyRmv+?Ue&4U%p2HK
zLX_eG`1QNJ0+s>r9g9580iWi8zZZbN?*|y&6Yvjv0;b5H@(p>}wa6oKiu}=SaOFI|
z4-D-CL)*rXhb8ZiN%Dw0h8y`4?()Ii!xnjlyYLKm;Su4&BmG=Z_H^OV9<n_EvOQ+?
zPT=EsGU^SaJ6fSUOrB5<#Puky`*97$^$0GNJdvoxbr5+%@}B4!`{aK3<T!RDYm}mW
zVUB3b+qaK#FzwGt@*7zY;we;yPw1zSQ2zfJ=EeB`|6$&Kpv7QlKkJlo&O9f1e_`JK
z5FQNwpG%R~L$16Au59kjmCc+hn=7O0bn;iF8P~JqZy?M+;Q#Z=R`MT^<|Snpd0F!Q
zT1z&EaRdHu{Hb4^4-mw8gD3e7p5(tH$*)S@-}@z5?H%WHaPl8}1uPfDd6NUa$pQZ<
z0RPz!uwqZZ=l29mk$;86c@e~UAtcU=eTegK$$KG5UIcMq<X^bU2Y3Ir$Xncnx3~*0
z3Kw4N=YqDU3;(IlBe(6!XQW%%j%yp~mb{m&-g$hvU&wKI@_|LRaC=+0y;p?2SNhpI
za8G-$_7L?s5cM?};?&$+xdp83Mn${9$ZjyQ8;tA*BfG&!c+}nF&E~x@a!?;D;MnU)
z@|Td2Z=mFyfp4Nx{Qq0btK|Q;APoNhZRQ;W5)Q$rcT(iNpkvmOcf*ePj^w@Tv~isG
zlH_ffuMTnlKJx}+%utN^AVoe3yX=SIm=7fHLow!~BzeCu=D*B47-NQE%*QG6Y1rGh
zqPK4qy*;C;sQV{&E&0S1Kp#uqC$(fNBwLG;Pm^S80duP`^BMDo0QwL>Z%dKwp*x?4
z?rf91?Md=^Va(@Z%oofXicJi6XGfauD<3D*Sf!(rofaJ+c{_Vnc{GMq9$rOtWd->%
zF`Rs*oJ77>CXsIxLcUe<<U6H<e6KuDen{wKSK?6eqjEmkt?Z;F%4#YpSJP5uFm^ku
zD3&c>s=9@;@uhnXEE+aZkB*nTuZmI+(nEyw>!K7J1#h^Jep8f=hg28RZ;R3ikRB?e
z-xZ}TkRB$a-xs9>QbS08C`u<nS|y~riqc7t9xkLm7NxC_RtxFwAldW)$uALirsPX}
zIci{$F&w1tR7;pQ0?Q8m;g^Hq$78sOoznOc$uBMF>IL1AeRSKPn+SE~g6^RO-I_kS
ze2N|s>P8B>hZS^3_0gRS-6KQY0fnk#IcoP*euHv49jKg4%alqQRi38%D34J^@&~4A
z%&x;_#dIfQmqaqQs%31QucI7gn8Cc!3skk8+cB~c!^p-BZf^?gS=^p3Vc+XGS-aHE
z8a97*0$v>zWYdrGeI+)}SSNc&V?j3|*y061T=PVTZ4RPJ{yx1_ll@gsg7}zFRq3UA
zY=700A+8No_pPBZIbk?Kj!waglyEFoOZN-wyk9Yir$Qku6!vFc9p+*cFb)ta<yld_
zz+_&1uzd8f{yPo|hvT+9O)L4ttHi{k6&4*N`4z>9SIN^~S=pYbrdnbIjVDZcpyX>9
zW7Of|A4nS?NVkhty1KFx`}T~h%IJ*D8xsNl`UW=@E{+L<i}zrtj#Yrky3n-)-D%Jr
zE5bRjM-@DRY6PlyI}Qd0_ct&uG%zUG4Il#Lp>X%Y8P%)Qr$N~f7ApIuu|Y@=VqOMW
z8VRt$X<E&*RL!$=utg7-{DTWwO4DIl9j)%wKxwsIZ*yH`86Bc5r9&luh^n_DI&R@~
zSa5}fp+#vsq>Vy43;;au)%YN_(?gUq=x}8^)s-3aP^E(&me8r8%%WA2e+axnVyX>G
zZSTn;wkP>)9w~8+LN3n$c2-~yFANDvhX+ibYFp<6@!;aY1z0QQQ681-$hi8V>>_}5
z04yJXO$S($0MmQG_FlsdsOE&~p~Z%ECZwK_9@e)JHVdiIx8;o&(kd|zW<WAQNDdbj
zuGW;(3*{{Y^ppLd<)``q3Hw2HUn)!#rbaMt5~z>>70fgpA=lxu`gW=jyksL#^DpQ~
zbf<*mkL)$oTQSvJ`jT}f#K(tZP4rT2>#sTs;(VxD!@S9Gr3SZ06ef37FuA9Q$vujB
zCqUr{1aoAX+Tdm~;HCj?B0-~3v1GWVqDfb2PtzoFmb6>dc84!^k*|(`K)mL1VBd%R
z6GbLQTNqt$&?K6|C~75+q(>?D(4!^aD&SZg$Hu}L916&g@4=Z3oRb93QU4G1IZ!`Y
zs2|M}WFyqWgHTTqq1uQ*ON=g-Y%WHeDn=w#N6%`d1*~~^GgZ7fhVi|#g^$g#PKC@$
zCaO^)`L#j{)D&OF1uyjIM9EJxZyMeljeORnX+3IRFI(zze%gT2t2WBdN$+NDm$w!p
zs|5xr44x(o*2BRjRpaZ8Y2!7?KMu75q77SPy69M0SMCK6A2c5eOnRi`k1dXv!bgll
z>&A#AMmSxxLDt(afPVwZCBH%Z%iyaDm1CfSsoV%R8^wtT9>9S{%@NJ25%q60oI<k#
z5Arp%F>mu(Z>SyFjy|p9EO>Cbh@!FR(<ts!7N2|=JQfC<c*aUY-*Z?tKwb;Em!{2d
zq`BZoGaPBwEa6Bq9BDSJzK%5ilp_mZwp}>VTy$h4cVs-)G%%Qg!3k;F0)s6DgDo)F
zQi!|-23z)wyyd41o(=djgu#}g!4cdbVdicaOvB*B@FdEc9vq+t|0+^+Qn3E5p_8;+
zbU0Q#{4~((;O~IEP~-P{JN`!1=xFe85~PcQ10L_psICLIm6^L>q7Jvmr)eHB<#|l1
z)<xU2sH)UvwCz|z`)wFGSmtL*{KU!6_jqdV;+{@s<~G38gS%5w^u%Cydjvhf(2D)0
z-_fLhLa@)FQzZYyBt3~+IjJzi636iYWjcI5nVGKxdW<9ar^H&F@?dYKRXIj-Y$Kg!
z(Nhb@=8}JE&ru=sW|Rd7Va%J!PsMBKRDMXse-@C-<K;=_&FXz1ULGm0f+%8<m1F2M
z$)C#i50XD^Tw_Hm+&Yb!-Ed)StK^>^Yi&h;2!8V5J~(b8^ZcGIS*Pj*k9zNuwocVz
z-t15(4*S8=p2zWiJ2PK^m2oJ=85W(+!<ra`H61Q=F!OP|bnx=bG@XGu%@EwP=#1dw
zP)lbR;;74?q0pJpjI7ntner$)Qwzm2#i^A)i<#E}s-a!-{WP5qsQCd@2Oc``(4oiH
zEC6I<rlVwKrbC?^6fo|%{Kp+fJJVTt&e&CSu0?0BbXNBKW<lpj{%kx;{v4;u<-fkf
z^A6^Jq{EpU{EAav#eV@RpUk{Dkp<*r$)7uJRhrI&c^aOmQmVD7%f*SRuI0`VhvbRs
zoR&4tlq=T2_jyp_N4eo61sL|V{(RNaxvtEQUauQ(Nd8&OT!kPrNZ*1qT?i`+Wv6#1
z&B#`s(6hyfgzV%s#|?M=%$qwwg&+J>H=c{+WPTc*aC24SoY+5GUEa>$**Q0t58oL%
z4R00}XT>T$D;6<t9-L@I(atG+LaPf~6I!N6<0-mWY>w$-bdbfGo}`QU_Y)IzK6tB&
z`4AlX`in8fL$K%KKTxwkJugj{AhabSfn9WorYlpzaxV$XeLgc6L%j)^_*tw($5WZU
z0DqMMSoH|x3z)eGDjrC9VVW)j;<5k{U-4!5b}qAZOgtp63g1r|-_ImJA<0G0(fD#l
z#soNvp99mSe2P^WPTY2qm<+DdC=X~IwF9$eDVlaLla>`Tw1{Wu=ggc6%gwO7JWW@?
z@`{4x6|lU*=Do-b&2~73?YM@cxlV^R5Xh3hqKG$@<Nbn}&A=OvX0b9wFG6nJ{7AaW
zc4PSZW7=Z3Xf{V2y0Uj4S_Sby$Rz)wBwa1@Ev-&FC4Y4hyqSYvEWjrqlbtDgsW`%;
zm!R8UBGx&MZ8)wCIsxqp$-hMOHy~Y_q?hqpT-K+*H3$9ea)H_cm#;|Ct3sEr?C0_o
zy<NUixC|p#CFz=?%WL*x;A&>_T^a#jewn7%BFEPjTKqL(i(k&2yGFElZ-Hp>*A}C%
z<I!Ko%rd}C1kCj{^aeQ>T^us(hLCZ;V&*_-Oo9eW({(VkPApz6x{fbe*Ht=+R=PHE
zJY6gKYs10o!ofGP=nf2S!{D1zv@4ty>oF_ViyaRhz=-u=gvR%Q8(i*sOm7XA-|qG}
z|MW$7V6S$Q+8X?z9m&PB8uFzBeZ4rRxJmN6lJrJyZ-a<7x<f>JGmCx>^LY^QmNdNs
zzTY8Rd>hE=C+m64T|^@DU$tD&-gWX=<ewdB9kn`5Z-@5AUOyJnjXc_oSfbxcZ*8Nu
zN&c<sa*MlU<RZcEe)sa0Rw_z)Ti<tWy<Xj316*{w@Npw7@@{tr^A_?(u!%)Kh0l|b
zvOBxzU3_^LCiAW^xp%YZC(xJzjeEN2z5fdU0RR7VSPNWC>HD8EXE0Jsol&_Dlhws#
zG_#sQju~ChB4J%ZgdJ-SEv4L6h+5mY?Qbzi)@?}$A(ymrzf?kU$u$(xMK`4Uo_EeO
z>)8MQ*XQ&0e&;*S``q5=edjrcRt#sY>}iHF>}RbQG9NHW3&nP>qhyrfpq4vC_oo@9
zCzrx_!BFTJks3az;e#4J$n=TaVZBsl<)KrH)H;0#%_<pIuWZb6sgxmwRnm=R+(F84
zNW&c<x(~B{(pI#|e@+vb)SfaN0R*PLXDLIfmOBcj^g)T-F(pxGtqRd8%bi%Ygw@O0
zAhJjTT4f<JUlrpg_mlWJ`7ktXrvkM{HQaHUWzg6$G!o7mIWAMkd}uMly7n<!R){D=
zno0T)43CBwPk3@CX)hQG9W5h1o&<Sc8RJKT%pmxD$|SuBvSSpK;k30#0iT*E!r;GE
zBk54EF9MNtlQb7Z#)7&to?Hf~%OL7R419pRWtj6ubZ30golA88ZIa%Ah2vo1Sx@d9
zEIeoSgGuBv8FN~hFj~h%GbaCtA&L;nkcqKH@UflyqVERLci!Yb7xV=~LNB;*7iqOj
z!TPAhO2`dtjLAQ8h(hW?87^A0EX&AQTZUCiSQ?V7G5JR|QAr&=xy#_hRo;6y?kZ#T
zBe(<me^m*zlGQ0?G%I0jB_{uQ5=A#}R?e_Ae3%b8apNx0R`xQ5$j1q?Ee9_bNWmQV
za;YnKMI-t04J*;asbnVqg-zglvON+pIJZcu2!TXg2D7vk1ak!>?N|U;!MQ;+Ww>UN
zo`>khgV1#?myMN~1sTq=RAv@bW|pNgb1an^q*KeFI@e%zvO)UB!?;|^ki{41b;^*f
z;jWPl%EA2p!sqt}Ah0-L7-h)SayP+ZP-r4|i!V?%3<^|ZDNrXil&q70Vp*8Xmu38%
z%vGu}S1AeOriQzXRSFhwp{2#VrQ2Us=`ZFg%`-{U!TLmq_l}mki}B_|y!n=R^C8}R
zOT72~6>s!c@jjpo`Fy;0D8pS1mq+5ghh9YUUfc%+7DFK32U@NG<9+zQ<Bf)RAN-Ga
z3pCs#j2A3EL`zF}OOL*aH`*NUW0Q0xSf2zH^Td-YhC(c+RRAF1Vn$&d#zIl*p&T_j
zTHyroPl2#UkP24IS^WSN_f*g7X_K=DSWxuko>7LU@R>3^V<k#fu4Xk*wzhJU|56ES
zlkLeBf&L=C&`F7_xFV)E!xcHOR&uUzIQN1w6ee;n&7nipGdiV8?Z!Q42EaeHh9uTW
z8K+{|p5Xp6I67@)DKcM$`DXG}DE;6}`Y1JwuYv~XWX{KP*%OxkN=*a@_$kRJ*DijH
zk8*@ra*7{g7Y33qWGO14i1Ysyd5P(a;nP_JVUZ(JEK@1S60i!%9HgWSuS`->!jqwh
zUV9oTx({un96}V_8x{AK<=#_<HzWfpBgI(DWaJ7Y=UEyFYT^8s&=T^iU?&5MCFFO)
zjNV#u2K%5UD?PY(YHJ0HTcM=?Szk)l+tYoyGRja&G*N~!(68mn<^AOh<h+)#<rnOg
z$i7SJ%T-W@at&82C#xt!g&S8Zv9gE%aIy5|YAC}yVh+atZ?4i}u8J~L^5&|*9GH>!
zmUFcZ+gwArYO8B7Msd}yQ()F|)s&%{EE1Zc3^nGk6%cH#Ic$R7TM{J*U9F>4dJiL|
zw^j|aRHBp6r4JUDK2nAcyh|U=E`1^{eKNaL2QJltOLgE<9k^6S8S3~&^_1Zgzo?$2
z<yx-6slOAX%_w4QorG!oOc@$9Mv)Vrw$E-x5sAeplAHfSMCNedr!r1t4u>F$|J{!h
zo20=|AX8;j9IZ7rGT$<ZMhT;^+HWmW!4Z>~Ed@(tM%sK=)8;COlbA0PBTdCM(ip`=
zQ)AN_P&5q`HBlL*v}w%{IEYl76uxR|@?Q?${Q%!txfz?$e$u&oyAjt6-LN+KuK)=H
zNZ2GAo6{;+JxVl3i54dRSdf?w5;8ZVE$E0u30st~Gx^7X#E&4sxEbXj(HSM=DACd+
zwF8M6AYrdHI%2R6{|?p;g0&Y0>%a$VPsKTEj4g?#R_0)T0!6J=#y0;1+lHY<LE*DU
zh~RG^7X~wZ9^fz-5*UqOh+#B=A%#I9Zi>7WjAn?fVc4KdbHpOl(?TF`E5HtdwT_6}
z!{~sRtnGw4iM*45{|0$y7%s>Y+zkee^6rR<d~bmsZ^VOP1PJ)y0^foKYa0n-pC*u>
zF0i#wuy&ci&p3h1N?c3$cmZCG@+5En5#;R;l-U4dqX3%(coVMO0wY0y6H$iXKhXz*
zcc2VeyHg;uTOhMX;Qv0so~9r^4C9C(CnrQ-*M>#r4C?tC##uqUnSvP4A-3#0jcd;f
z^jr}5b5oG#TY}u)K}>wOC)lG00{H>~eu^@${$<MnaSe=G0sleZ|Hm)-DGGJI62wdJ
zJCub%S<VaSp_-weQ1g`am$)cABUC5Rm-;7m+X?(^_r(XQ=fAK;k00TEqR3em-4L12
z8>Ql9X)R*nLNCB>$anpsTU-hAb6!SF&g3)XWiXG&n6hE`piNSvI^<&!llYb+CNkta
z^hZ1!G4XvC3<a+3jNe=KQ;frM2buHi8!?mIQOSV20QD2kOInNYuW>`}SfGAHp22k%
zeme3p)M?=j$lIWO3;zT1R_LRJ$2&mM1pTw{lQEyK2_@hs@$2a)BECMw$Oj`&>RT${
z$Dtl_W||80j79zo=E%a2;p3rCi}?GPLVh&LpWy55ANi5UlRVl8_z}qO74hfY!Uyqr
zp|^|hE=PVS%9Hy@CXgS3{Cd9r{^7qvejUtq0)8OskA|5M==VpS+^uo}?~C!yhq<L7
z-T|mT9A<lgeyl?}OoZnf`TqPq(PaNgtxJ$+QO^{ZTM6{^L!RtsYXR@g*8x2d<~9O7
zeQ|%uzO^N>An%2G0!93}v*__ep5(8+fY%~Vey=(Rcn{=Bo)iMU7xE-e9R>Wi$m>P?
z@2Z8@AWz~}3V1d0Bn~G5?~eH-adZ~s(+A}vMf~rxSw3KTIMh{><FHllqqe*qJ$P1u
zuiftUtNI+?dAGUz(v04(wCkt3<T_pMKKIDg&e=02{oTW9!jvUGY}J~+>b}o3rqbOP
z-%aZ7)pbo}!;^(0ziaNPbjj}KKp)#ZramHl-^t6)D<}8{hS!CsZSkGKOgHvgrn&Dp
zqbOx%LU^m1{2{Bi|FJi6^n~7>Gwp8d${n~h$+rE$(8X{3$Lu(~?DH>k%X3O|I^>Ti
zx)o46_V&JQGi8tM-}YGI;<om3=7v$ba+9vu%*n{PKYsX~m+MDuKI}aC_qw#i4c~mX
z<M>i*MOk{|6JzfkITd|sY+<siyJ?Socv<xg--ZR&XM*o84EbYD%Efup`^NveJyN{m
z%=Ilvi~FCkj!d4rztflvDHC2#K6J}&lds2o_pBiy%i0ZYF-?}>a^<gObFX~}EX=4}
z=Ko8{?I*U^T6bS<`1$v}?JlRdF43kK-Zyz0;(llI=*R+9k0T?h40D>rMARe~zlnGL
zT%?`3JNN1#wQSefw}X;`Cr3PuXnym)cIdT$v){fMWs_QYbzL(LMW<W8I>~B|9UXYs
zefi$Xs+L<CZ%k<IpfC0xFm;vf!9xo_bo$iihnHi<oZsu(_FhzBl|#(Hdjac0@1*{=
zE9cVersE>BH!j}QnTc+(si5R^YElP%lRQUV$*hE@xgBHA->;hUQq^JO@ybWe*@HV2
z)ocIQ+O~_m;`{Lv?hp9(MDO1k#qY^a`pf3h@|FXZdu?9h^&nt$^BCpMz_z{Cf4<Zv
zaeH^|k!OEurtdB}ePw#p%r`DWW*2f>dzQ>!5Zcuxsyr&QAx+osP*BarxD9_!OI|f~
zR5vx(=d|vcZmesxahq;^i^kz0KJ#K`|530)Srz(x<K4r`8OO$*-Txsz#eLYYv}GA<
zcKcuS+W+S5VEyud{>A!PncLSNZ)xAtG1DsUQL<DWm^WwWH-0PU``JY6KW^GSy2Fh^
z@gSRy-Spn4hJ9`tP};xE_x2%s+T~TW?wl}0x>m8ffA>><ZEU(do>n`$?~3oI3>uWo
zTo{+y>cQ2=`>xJ+IFj+(&BLA@++FhSB%XI_m(^sYP5kvuidpWyzX$7=oVbu<x~LAh
z>DqLwH2m4XdwGMp>?zw5U|dbLRd!0Abg-oM*Xgl|x}E2|VpPdT1Gm;MsdgJ5{l+bA
z`RuCt-AUQgH^gYI$6PnAc~?3mZJqDnf#r^$qW{y7aI4m#cg0+PYHqiZog0^*iGMc!
zWYmIJ`J2|Z?{~5NtMH=lsQOloG|&1^>X>|4eIZYG$jZ3hf3<1A*^>>sOYcWSHgdQ$
z)+6|G)F)?otKfczhQ%f9vkrJZ&TzD<zDM!xF52plAN&FydNr)LC7vg4HmtL5e$Rv_
zk3Zgaco?x&6ZSTI!Mq{vH96g?Bky}G2<zieI%?78it1iTu{o-VJs&UV*JnY^(%7Aq
z?`MvzoqcY$OMLPyyGh+`Ylg<|+dq3k@}p{1=$~)PQ=>NLMtE$jcQ=Ip9DgMy?RE10
zmu=U{avq*_>+|TvIXBJ5k)ab)*AERy32kW`YTHH|eqvL=_`ZwWZ+Ycvdq<UTPG7hs
zZKlCvd^~$ZuXc5w*zJ04yRi6kjArcG>0{OVA1yeRy5va2*sQ{x_ahfa`wf15AwDWu
zpR#Jk3}=1wm(xzq4UG9vR<qDXIX8T9pk(RsvO9I%yjH((oL2GJDQRS6nD*V8oThPU
z^|O9Y@;)r}d6bl|@7Zm)Q=K}*d!F4RwWRwu!JhuZD?-MWH05GCxCSndpJ@C3`f+V#
z9wTp*l)E+c!*GXI8?p<lb!ocJCl7Xf-^sh~$(+x&ucs>1PhULgqmWnk51KjY+f4_2
zonI~XyOy)0?9TgRZyn;A4xjn#c1`UzX+Y`HF15amrhPCT8)zEnRz7p-4BOKDt4%$#
zpZ+~({ApuQ{+YEa9ETgGl{8N|RGYGYOpjW9pqJJ9jv31*Z~A$1?4ofi=t^5|*>_R7
z8FW>a{mIw+Y@+Yg%O8zaj0?1iGF(nhc=9PS_S=u`Z*0GC;Fr3>(Wz<gim0wF{$k#3
z+41IizisJJ+{NdMo({F@JU6%JrJLI(m2P#|cOdHd`O?(8Zx09Ey?!-)@Akc`+jed4
zU!(a?eqhyvM*fEjx|Kf8Y%u=V&(GiCSXpRY>FO>QuWdNn*<o5+hlTBef4R5SK3460
zO0jT&WJH^jKJLNRAxu#VQMym*g3ONk?L%ueEu3<hW=j+HkK5zhqps33oi2%;sI2II
zex%oD`tJ<yzh0#t3SUudRpGek`I=7OoY}#Bv)JW*@tn4cK4}~ZWEXmlpO@k?!ugpO
zV;@kwvh0V6?e0EgjOPyy&3hd-YyRErmSx!rhfkU5ua@sRR#<t`*|BmPS2<x{--L0g
zZI@oyle0?wJd~Zg@AO%lz&3^cs?ycv1<!5shxX2z=IC|ni8k>SRWa+r_FwHbaE;!t
z&2X1)n)0&sofvPmYJQ921grXFkIbL!Zfpsf_sYeq%4SDJ`@bV5AFce|TNiOfWIw{5
z{;jE7%()gv_g!1^p?u^}-6A)-q9E9}{-)E&`VK?tpWk{Fvt(g<+2^YA*uPe9ZJ05!
z{6(ZZ{V_E_lepR0{<7}%+C0xQuf4WqJ@l${Z0<7Y^{9FFv-h9b^``%{UL_-P7V1YF
z|G9EdOYaV=GA}t>TPOV4eMG^nMe{SB_U_yLbA!i;ws{@26V;QmygkSFvH#q-AfwJf
z6fi54{C<;Xf<0gN+|&%j_Fwnh!aiHrTMPSXVGm7BMNEI)Lks(6Dg=8hc%Gvsq6|Fq
zQ4^5Q1w0=4>tFZQ!hTxVLks(6VXsVmk84u_k3#<7*L}0FR~Gii)NtezzV45OJ+ZJ4
zrUKBG5%6I2Cl2r+<d=Qj9}9b8VIM5)y@Y+Ru=f@AyTTq<*w+esSz-T5^+r7-zwTd!
zJ*%)!751jWepJ|l3j0oBuPN*=sji5-19n9jXP8_NLw`<nMogY{oe;xw3e}#+;xd>l
z&$pzm+9G}lQyawaoJ+OlZHcb{ZiW0MnCy`!&+jb}9{?;znIxF-SyQ|lCOecN^?>iY
z#M=NjN0}`!;kz>NMwsw<S4`?big*>^CMdI#wAlQ<i%C7;GqHFvU<t~Q8lX{z>^r^>
z5YHCzkHD}-OrC!}BTvq51M=iteiE6VO~vF))S*sN%kL4B`mIL0qy{Tc52>9J#AKh}
zASV0y8ugQR4#j-!iMt~vJlUTj)KB*0g~<FTCi_r`Jjvw~v`g~$81<8!J;HcN&K@Er
z`MA%^P$bs7ye*2n*U0B(DB^n_uahc;`8HzWZ!YgAMcx%<qn>Ms!5<20LzIP>yt}%J
zYts=E{uInt5U0U>88La6b`ddo$959+lXr1xsE54&JC2yV7d(bC<lW&RjAaGP2T%`r
zHr|Uk3g-2Qe@1M%Q-8;`<c?g2nB0YHP(QinR-t?lV&VgN7i>gKYT!4-<c?W_w#Xgx
zEAr(2h($f*o>-1D<UUx6n4J4)#N^%8V#GaQ=6F5kTKfqxd6!1&Rs3H700960gpqYv
zR8hCa2ZkKF8)g8dOG-M12I=nZZVBm-Zb78Op&JS5?(Xgel@b)V_+9S(^WO8U-*evc
z?sxCC&N%=8;2Zz|SUdxK=J*-wXW*aNea8G5glATsF?a^)naOALUNS?^=)Uajen#uX
z?|4T2WpBeXD$l?@Q~iwci>`P^@kN(DBln`eJ|pv@bDxoV(Vw4@csVon8KIY6_Rk2u
z%<%6$xL>s4GZ-%!?Ps`NeAQ<-U$oLQ94}h_8TOa_zdlSa{=YtqFPi@uI>3Kl|N1~)
z=AnOv>?H$!>HBYHQZaXT*MI9F|E7eqhBpTQJ>4At^WcaLSitI9Qr!U+Y_5qTLYbB~
zY;B>kj+W1Bl>f;C|K*WAEnMAfoE+@{h`g+vtZ)9~IXSyOTW<eCNag^LxrM2Rm6463
zrIR(#8~|tjoKRKJHd0WMHV2@(T9}%+8reHpnFEk)9PMo!E&d$=XJZEdv$?sNu^E|q
z*w~x1nOj(zc-XtM+1r@1xmwtJ|6BW?AnpGdv~e`E_b~t8Q_26Yu<gGTlADu<tC@uz
zfam`kfX&t3+sN&`o4b>fy_=DPiJb+jg{!^o^A9q$vH<|Hqe7GcKxA$2FQ;u@>FSd6
z?85G(ZzACkXF!p;fq^8FiMjN$qU_T=ZfsC2p*5%%7CUu5n3$v7bahTcMc+tkjeEN?
zr_z+r98nUd&Qx^DE4B>9XfBp+?rh2_;OQYdBEsr^wj}vPy~$%Di}G9Pvd+zH|FS!e
zNJT>S+(zkg7wi6XMoEz?hnkw=0zR{^53`nrhR4QLsKy+l8Y@wq8rg_vahOJGdfHgY
zJc&lc6%&EoebHAQOE*oCk?b^^(bPYCwQ7F|&Q{64R-|VpvvQ{nhly9FR8EXm|6%0G
zAPn7C)YK?#H|E~Ae}#M^p5Uc6c=IJ(yr#TQUNK%r!+}e;MO|%_CxyTT^pQhGAF9ir
z;97j>i5k#<j54x@BOjr^ViRWSU;L#px-VEdw+;Do7Q=qs-Le9joTU=$`<48xn(1ME
z&th}m;Q8e}6qzq#xN%n)8J|gx6rez>KLWk;I1L3onkEOe+!?No2@|x|RgU6p1L8B8
z#e{X5KDK$v`)w_kh83hKxnVIDdKrvS?N#Cv^LFmB8KV~Rdr9Yua!(2+>`W_?3rKUE
zr^QL#ZUGI`9j6L4mMwPi-u}g1Jxt4Wr}?&S-d|IqJl9<VXulG;YL1^Jlzuz;id3Jv
za~hN1M~)TZZ`{$ZT4PkHoIJ$GQ3>QTI{B+JoZ{+_bVG3%`kkuP|0`PJx<(D_GIv=1
z9_mTcBt}FN9%c)R5R2VG`6wl6%3uoGb%xL^)ty4ySmF(OqPkz7Rq8Ktt14_OHUdV^
z8hyFwNZ*J^-!dL-@T<60775L+X~xW|p`!#w6`J!1cSm5PZJU5|cbj;3n_n9qeu-D)
ztloo)qir=#p+-oBl-c_Dr}rBV(9s8IW|8{&%#P<1|N2f~^#Giv2D4okCNc`eeJI5}
zeG$vbn4p}^VqN@Xozr4n6$poyE$s{agq2%q#`Pi9jq*pqDQ)<}2fq7GZ2#OSq_b~Q
zXznC~t>omMeA*8x^>)y!5Wag8$h`?@WPActjkU8V9l9tD6FKH|drcjg<gCk+!@~Qs
zQaU_Ry2W4sA|tWT1=%*v5(R03cZ?~M20|AHV2w$iUk@LJACWlNO8Hnv3aTg8*Ge8<
z=6SdWUOloYl(f;jS=ibi<?dnKKhw{F-eaDw811pK5#AqVn?5dM#O`U5PUwgqCax;l
zEy-d@2o;3gY|fwJlER|z3sQtuNH)j8^9kl=>m!&P2p0)#yEE_gs&t1vD-6n^?z-Ij
zsa>`2S4!;~X$_ztg9m0@=Tp!tS;%OL#l-OZBFelR-*P1bQPew>FU%=lS0oWs-*+@}
ze1deUs`;~K=HS44Jvs1i+0dkxl+?%<DVGW5YRU@s9a_Kz(^?VLS&#+k3fLiID$ySp
z4?5vcDp|>LzncZdpQ2jC+s*Pwwzey4p74C-10dtCiUA-M<uUzQ?rTBB%5jmELIIg?
z{)FP+s3a|zS=@Zow4}-(6;{abR~SCUD;X8;c$aYwL2MY7pEtH>k!G67qMylPm{}`S
zxRtSJdE&7cJkB$8@`8_R!ytiq71Fi^WYT)KC>^5%knD^?=>2IVkN&Jkbe%*tUT3t3
zbDX_u33Lkxk$9kab^NqK%g<Hl3`?WWB%<Y?1yAKA;!@l{n}UVTP1|J%!HI57Vktc|
zl6-%^eGFcB_fx8Y9)p<D1ba79Ml9~PLohms0bMnCR$L5;1c3yfVGvA<V!(zW6`g=N
zPTgx{Occdhus{64eemjV6Q3HNGn9LS+`A%OS(XJ4cNV*$q{2#$;)jto0;Q<+japgM
zXL0`!sHRiHC1cxS*SH`zx0yv$gU?E)y4{{l>>cR=^QMGP{`P0}twLK@l7_ayFNf2S
zCu3^GFah=WZ*FF@QWfJiE}0F}wqqG1Ux;-j3M}Pq+GcoXU}ZE2Qeg;ECR^}M0uoYT
z62WtSVJ-ah_tvAHT;}pkaj4C4sO4cKad7BaA8fy#-k6QG3z{7tN45=2T{3E6g0J3=
zdXR(BjE8WV6&x6@M48nQ?W6lM1Oc%5hvRHYCwu6tJ6T9kvbY>wiAAAsHzQZtTs{e&
z04hUpx1(R+kyCO1rFI5(ZAPcrE6N`kVB#sjWok&RLa(ZlI*S?ENKb8FOH1d?(7i&l
zrO*B>;6$CMEU$)q*thhNbB{GmUtR0Bnnxro@r3FR!lZ-&By#}H#kTX|Dadi8WY~l>
zid%pnE+OHsjmgGL{;1z)<LMc3PJlADxVzsMStTa}%uW(3(`+k{;Kc58L0?lcdRxLa
zGm1M!)X3kcb!V$72z^D^4vaghHd~(MaG<oa3QHLWF=Sb2oGEjz&42CbTgLsNB6G=n
znJ|J-7nc0}4eJbT<ar5PMhS?ARW192G5x@-GUnW}YWy8iSkRIZ#v-tmTg)w1x-mee
z@inbp!Ni~?iu!{ivUsWHq&)+C3m+}WvpwzUZLayJ5OZ=SuEX%f$3IYNbuKha0fjeP
zf*N89ej&4Bke=KIg5kqp?kU#PEWt0#yga+7G4E;xz_!R%D`Md&q`D=k(3W!RR4~xk
zCvo{pz7We=po3k=7vj*3`h?!+;`&=JJ|m0ZUW^L#_<TVOK#4UrR;hqD@u_Zv6Y}TK
zF<wA|Wvkc$r}Rr3mUlSebsH*Sy2vQ<m^Rjfso=sn^V>V6qfUNdf>7OeTDo`Xd73lO
z$C>M+=nu7lY7g#4bSQ9w&;WC2tqyU@Qi8N*j>Y|mOhcyxOUcrB56h_V$f8vc_3Efc
zP=-N^htGqaeSNcyxY`5&#7D!FR@ODf@*25B2_x^j!6<#3CBSMNJXLkC?mMx^p2h#0
zbC!n7fR#4M&0gD)IXr@#vXz`~T{&HLz#D~Da2Z{87VqOpMJa1`Z;^YmH4{dKd-1NY
zGkS#)mV*Y7ZF0oc9uV!9YH`qSn3xFD$gUhurio>^X9mgkgnB0X2Ac5))QCF;;oEWi
z@EHZ3FP5L_im7p04$-w5NtwflU!Aw-!o^)BnYSd_^S?<<BbawS1HYCw8>~zm*>ZQh
z5`dz7D#WQsN#Js;=5mXf4#Yct9m4f4i0g56BXk)aCl}yW18~!D=I45C5%ubIFJB(^
z0db?&fhhbI(g}HF=dBTJX+*Of_dq%Ez^vf_jWa2{NcQjeft_^j@?YhKyW+4_KY7E!
zlJkSGwFyq`eL>lummefKYewELG9H+fePPqy^Xp<f*g++N)q~Y-g2ajtgOr1M(Tr)d
ztb-;Ow5;J)r1UqHVBJW6;F+VuD=1g61#fRmw*HFZ?c^)ZNIF*<;Fq=yc5DWU{xW^X
zT|Y+jC6m^M#Rc4(ugso}OO%|_L_F5eNfMnG8LfiMxNUl%qczUD5)`=}+K@i@omi;`
zuG+!BQC(G3I?*{;H)a%dt|<ZL0?CT=!zH4|on8AB2xQ&Akgx9GKCdCMlc^yL#y#eZ
z-<8k%$%@hUUERpvCA*wj8<#C#aK}I{#>)n55AG}qQt-guN0m%5z-0~MWJzz7uU<<V
zEKr9SQkK4dPrtgiE@h$1swThNF1SmU(6K6LV<bkjriJaJg>uDZUyoLXS9eCx)G^$6
z?^Mo7t!m{MGHv*As#5)=&z-_x(vU=o&SQAaIE2o7&sO2lwm_>ARio{-xnJxOQz^p~
z;G6P7x<PG9i#Y?NF$Gue*kRJ#idj-<uY|2o*~&T)*D%_pGR*Nu-9y9bJ#Q|jRM#V~
zaSJc;S%4XAEjG`S_w!lRXI0jf!24KBtW^miXFP}(9-S8+pJSn66Y6zZ8^8uz<S)cN
zIO!3`>>&{y<w^O*atr-p-Z<lkasz_4Do42cZ5#2fV*1T*&4N}(v@vHrnM<A-{W3DS
zdqFP!{#8rQ`7`t18;bjjlhGrQsw414!5hEACvi+NTztL*1-9ZQQ8y(H72nFPk-TYB
zGcsh#-C(#~wlyZ$i1r$XMdj!rMb`*G-pd5(`}O@=``9@5=-q}Vc&c}PwwjO@P^@<<
zg6H-~;#fnW2*RZ@sNQsP`U4bWnMM)A%xi^eTwv;~JAm?9-=nNKVCFqRAXg&&*ewx<
zepoYil=+uJTWMIef6;D+jC#|XiTX#|APc^-qpNmt8NN27t7MYviF@nHA%TJ|`mvH7
zyzZq`^0&d-Efe3cCq$K^iPD$Ke{c!6D7UHNoshk5){^j7{-r(FEE0kqh+Xe9D_r3c
z*Q^;%s6#T`HeI?r#aLM4r=6CnpO&idpDLEz;e4akML%IImc11$Sit+5Pu@+cn&ZYE
z1PnhyAAib540>Wl{cGhB$%ibD&!FGK^hMLgDSDAgT+bGk)DS??tud|WEEC+*ZiO>)
zqgHpPP{UxrT6j(4OCC894(h4<a}XFffy0uWT<?u(m*=d@lsPqa<CaGXJO<aNid)(W
zMtDn={?tFDf%Qkjbw@`{NA`cWQz76lmEF+y0v7ZptweK0w8^;cMc*5QndUXZ*j|Yr
zj-MOM)_>3fS2(d8zWb^%K)A|=gyuMS`>K3iep~mU2s{I?p#^86WnxvX+Aq&Umvbn?
zQwpG@Dk)AYwfJtpc#E87gqXZqnsCY3UT0WDHORGFySJosJ4LWfw!8{V@V*W;!U#2r
z{aD^uy38;Esx3=PQ;acL(t<8&MFdyw*H-b2w0|CM|BP5d_vbUfB6h_}6x+;>+RPp!
zwuYOwe?F3<IQOh=<;vzZ44+cpu6OgE2(vQaW7jnsL(@Dw!-6TaLW9QOPJPUOkk78C
zlN9i!j*#EVVbFucYh1U^ZC)IT=lGDfdJ?#L!XE447@qH1g%$!DZo?dIW5su+_~e_V
zbMB#j?!gr*)NF*sZs^sDj&6E<J(%v3)jxYe`<}_?Y!#imQXBRYe&hgwFtw_+ORQkW
zgQI$Wr&E^=Y2JsSdL1FZ{bTHP@rhbnJgZ7B&!XsNHgBHqI{N$ep|#86B_StqJv>KX
z?krj0EE#(&Mx}JkESWejw1ii*gg2DhaZ}ZaUA`?yt}Q6Mn(n$EU{<iQmkWmRNFmKh
zk*br)<}cH~W<*?5>1as0v6MJ)z+=#Jzz;cgAXj&a7Q1f5SHFN)+34%{StvcmRt)n&
zNiohe1Y!K#cyP_SVs)Qxg&cS_C$Do092r=<U<Cq~k{^V?e|*#XeHniub3zCoguL#c
z5&>9IkB0OIzWP_Uqxl`uk^%8jb#(W|0JG%biURIY3Zx*>O!4r{FA){@!jct2U%T1_
z;jR5~C+{V4Y<*<;!B?^}G7T5n^<=IYqylG((c|UBg+e)zT(bVu6L2};pLyCjNN;m|
zv@8QXbHc?-<~`e$bsKOA57ZbM{249clw$M!FyZ&yPHQGo7wA%0E~rDX<P@AK^%1r|
zP)7Y}_CkUg`SvD#phO}R$ExBc>r|c{gKHi;FZhYuq}#wpTfNjAe5xB8UCT$FjV;B!
zhR%JB@SEEDLHuHcD=hGd2of;Y1nqY<qIZ<z<(Va%I|gOmM2o^n)I_rRJD}=*vxZx1
zOY*w5MQitI2xD=I_3mP4H}%G`vF9y{XX#|j1{op78kI;{U67@pmQ9+M*0in19vNh`
ziWIo@X_>?QO0D<(3(~t|dVl*{quQtn%I@^e5E<peJ4;yAPnFY!Y{gUNEwb#iHyWqp
zTV!68asXd{wDbV^^nmD$vK$rzwirs}{+(~^dI8bCL=IOg9T*dsmF-z7bL+lDzpj9P
z$k%U2A9^^M6>3{Jay-gtya$vvx&e=v)|V7h`vT>$_e;|h!7`Z_xjY+N>&lrI)b)3Y
zHfpXiZVv3S#baL2P7u!qo<sY<vR_q?tOZu#$gT3H3l}5U$SqEbpGZMz#pMT~83a7@
z&wfTk`H$Fxcfd%9TI&S?wDqf1=OHpb;UmpNd3Q+s)22cNfB(Qf^OYXPfpXkaXYt~p
z%MZFQ=ZBmpIpS&$_}ph?{HLY_(*&PDA~;(Cze15a%=r1KmlHvgiXvv3A`!_zK*_uG
zi=><*U_}M{3dG8Rvy^U?a|3C#@Sz3+J;A{|kiPreO)cguvTn>kv!tY_`RF*ht)g<N
zaIO)e7f)!kvT9>E=265Cnw3{XfrfAF^M?xqmnfxrJm1EBi*U84+tGfABO)7;tUc4#
z0>pJe8YvE2vkqGg4k8qw&57)8hJ2V*2=-PJy2XsKr9Z|8;23=Ff|GX=mgO+l&@D|4
z=+gS(R5p;->K!S=H%-14oiA{jt>0|s_4pedA*~9{fB$)sH*Nj1ligS_0gtnH-o^2x
zNhI@knkSJ?3&U1rUG5?3EbkTzW8^3Yy=*Yrr_PLi;N9mrjuJI*bph}qUy(ZTNk=bM
zAgV14|I@2J<WB?nr1=`i%(>j9iQJ``7lXE9O}4E14X1r+tU}mzEGAWHKfW^o639qM
z*Q0iIG3<H_jtwWG@F2^9Uz4-@mN)aJ!?99%rkm`678=BJ-MRK^w<mlbLsaDhRjaWI
z&#h@J4c4X!`$Y8;eAhOVV;bKAeZgs=Lf+i6-NJ|o5kSJc8;9l_hp^DoE*C}5KvP}E
z0X0bhsO}B(6eZ-Fla!-1+hSWA`6WfuTMFy_V4mYhhuOpxSOI=CMIJrHp7yEszkW4~
z9FdX|Sx4(1u^JQ;6zTXk1yDWDXnX5UzELDr3-I(f34pG=QXU$US4ila@J<_&A>3!o
zg~j7nrytoCDY%67-1}LNM-66|x<4HXYCETENRw{LEh8uHuIXt13c0o68m`o?G-%du
z1-YIbQyRoxDiH#u&*fC7DpT<J$ge++Rc97kTy8PHa;>^41-$*CfJU95Nr@G`R_)m8
zvgQc|PR^L{Mor@=l>F_Tf|^FeQLcW&gWK^(cbv&C5?c+6P$ycfh^_}5br%$(#V4`u
z$L0-`FiBi6Rzh2-3p`>43$EE=)&|Yi1|O~cB+emC(v&H_>?AjvZ%)M;XE0;Hf$tiS
zKQ3z7#Rw%j+;AbOo99qi=R7Lp2sI1)x@MjaeQJM`W>Z#?d22d)3yPEBU|)3=0Mwq$
zSGPT62m9V8;(vN*#iD}z5#@<ek9I-8CexzEwvF(Qv8#3*G+L9{J_-N35L?yNLNaf>
z21{T2eOyMSXusxddSa>V?~$x&wAMSP<<-7=MA^o04%c_SbqM!v7C3c0Ri1F(<u@Dh
z2NofCaWO)$xbS`Ebja(okjh5(?w)%+`O#3(@z8*dk~CR+%W<ElTAT4VLwA?Ck!tfJ
zmY7`NCK(dP&=m5IhBdf^6*w+xEMrB!&bM;+;OHAjK_OPHGnKI1J+YK56{FfewW%^4
z5uYR+t}-o6`pUmoW%?7c&c>mToJi;@8)NA`2lO@>`XI{M7o?(>{Fq=FFpwrX^C&2e
zT+4kWDr1@p0b}99|6>0kIy<&2+kMKOJ%rU$Hs4cihqY6wp`SEfCk4l;$YIi@vz#`F
zs5Ai7d8CppmOHE|Mb<zHEfzp$L&GvtG6T}{@6Av4*t9DHZksEx<D|hyaqL1BH>8M;
z(ve9NIMuY{6unsjC<0#CjThkaRk2z(WEUm$s2{!Hp=R7mBWc|Bn4_*pJ7kju%wGzU
z#&b4~Cp40JRI-&9q1#k_s>3SOVFe27q@!)z#Gd2|P={(_nh?p#5Ss2^*5(TZ1<$v{
zy(#LEf_G7rJ;j@52?zs|z9hnZX1PD}kf6#>kY$#c=&+^WPvJjMsNjuuV4+Kj8LzU~
zQf6jAauUnO7Mc9nv+)-ERA}4+^S2J7XWII1@h5`#d04TN@97uJVdZr(Bzc$0PT0S+
zM%_<PTydnbgQb2nQ3dspcJ+}$z82vKM#Mx8LTC!>X*r%WXv6rd5abnToJ~m~nB_aY
zK^|YY(uB6+BO(VP)=YNE;}L{~j~i7*Utwe1BugLtEOrq|67ZpIyp}mXOsp-CcCCtu
z`7tarH1+S>B#n#EWMoR4^2Xz@`2}+VIYe@>w+`?i+aJ5jJxzZ{W;L1Md-c#Sx~04s
z4t3qBw?Uvs5tfUYP{DDH505MWDzXbo({RRD;%65~4oO8P#qxyh6Q^YlfEoJJgZ*P{
z<Vd6M<6~te%-&DNr_R*HEKMm*WM?o(VVhg$U%f5nTHcQ>IEi(6ZJ;Dht`s$SO<UO|
zTU+_Yvc8fok0gCUnogdG<~<(>IkjS6k#I*rtP9P3w=)12^dPI<C9B^hJN@8RmABmC
ziP_BLUH0>aS&8{DN!I*U<l{6RC8h$XW1$-plP<^|{!Zbw-)owvWJ%#<1}f{Kp+&jm
z=G51j<y<7XsMCUoGlF3=f|A)5id$;I-KU!b6Y@$EyA|ZW(*qaU)z-7K8c)dFK$=%Q
z=%kk^U~BM|`k?}Y-vpFOHc3%t-0TA|HKK4B0TYz;Bnb6~ms1!99?-}g09}@>gI~pn
z!t>|6DnV3;LR1E^_KMT?ip!Tf?sC_VO2NUQq7F7I|C*q_nq%a3uYMDqjvejIK!;_|
zN_7ebvk*zX#c+oGIip3FRP;D8mGI!mZ&@t0#VXB8<CK*0tFiFmHu`2bINr=^&aK3K
zMJ@A-I$Bd0Lm7UE_062fHR>cTjPwJCM9X6SoD?u6aHKEX6;}Ne6gu<@TXsQ+R66Ig
zVX(KpDJ<@|A*l6|QX=6VH>sZlS)X~%ifK-M&f$}I+@~lFwJbu)g-_I!pGf5dy&b*>
zmoA7#!-iABR7;xzD55S$u$%uC^>C@r*))5{Xm_865OGx%qbq({xsOA!cv%Zyxd=gv
zsVvyF(*(6e^<2z4RR${tP12_mHeE)#=NcK%tRBeS2@0K_EB7YR>_AKvzYbL8&|Gsz
z+;&AI0ce3MwbDU#KC!9}npGc1+$Gh+G-I&|TR`6WHYCUO$NgpC>#|VW3fv_1I_^%i
zooz<pAC=pEdce;f2-GRgb1WUw2mwwcpl1G9KhzuF=rp(MTonQX?%_H8jIvCPg}I&-
zxz^)iyU-{Z()QV;(v;&gyXNSs26PKUj~$OVYVP)dD(L)o%&BI@gHe)4^~}&;`gB%#
zC%Y#8SzP5+$<+7!0g5<1cRrOT*QOrYYp%fV)*xvldzzyoq!2Pk_LeQFG=2{g_8OTo
z$M2}9&Ui%QUtN<WZ3lcrRla93t0C&F`EcU>+^5HJ5~E%>CHzSkjh}+y14S<>FL!KB
zmG!VwchQM;CQCZyxor8%Q!{KY3ZMIN#49QkEs<YTEYCtA#^RT;PQTW^_JoDZgayvX
zu|-<RZn<L{aH_e-zDfW+ylLkf*u`$G%ie<yZ%c7W(@Qt}zOKcEZ`!F@r(=(hMS{#7
znLghW|D)YE{pG<mX^}rnS=eg>2pVg+G~cUWV#KiVNM>h|+Rg`pw1iu<*$d>80q4)H
zIZAG~f0CooD>wrYSN_I+0O-_?ZD_aLWr80zLgy|vI*+w#mw+<U$c&4pa6u<P_yy!a
zLc}-hncI;2J*y#nERH-%+)y7G>|+Queqb_uxpm18c0)$Nn9*DI>2s5YazxOTRlYED
z<b5^xxCcpv3MpUi01}TPkSOhaC2X1~?khZ*iBvT3GyWGrPr-J}&nZ}U{0CmcUZrp4
z*uN_`x2u!`utY3&C1ljQwv)f|4%LeETLdViJk$)^tq(K_#-sicBpigg{}sq=e5_oK
z*p;^(q0wi5K(@vYAH}2H-sQMNK<lLo74;KG>7_#t`i(%rIp>XbP0O>Kyb7mOySJbG
ztM*Q|UP-jzLRJpP-zj^HP6;F@ax_7w{TN_+_cWCCsPy_tq@nEU{!x?wia>S0c~8Wq
zBg+=l{KY^m+z7_TVe`b0xsy}dsbmtAvkfoOhwx#TC_Vj}VYw>VYgeY%0fJjF;G|?W
zl)axMG)C*YOveL|zu`LjW>=!j{8b~p?49Mh+#f2NiT?rs0RR6003iS0adQSF`xB^d
zWFq!TEcQw+_DUx9N)W0<@|Cn}JJ+UO#WprTR|Xa!P&PzY8iwdfSoRyK_6%0-8Lrwh
zOtokH%_~;x8QQJ2<B-4wEeMUkt4M-p`C-|!OoC_S@$hW0s}4_TpJk`C&!STtL&E?m
z!@fkaioAGziN)JXLb7>DT)eszUPg9(85!ecC8Q(6w4j7UsO-y3*_Q!pug-)6o>7(P
ztF%BX`j<IUi@ubYBeQfAu}YY1SMglGiaB$Y>`Yw<GCiU(XMQBM8WGmT7u|8B^kVV0
z8Vqha4Zk8t{t6!muShGUSJ+AkO1K6QSQGK^ehs(O8gW^&rqYsX4Uk9*;<eCDyjHw}
z!pyf8nvVzUI=n7khm5ce$**fF2JHJYM(Y40X;u50V7u42?OqF_jG&=2JB5{?`)UP?
zgKED%+VEK%rc(`tja0Kv9RbEBm*lnR>s;{HUBTT0bN!`V4_FNrGS1^U^dVjciPA~r
ziE6L=>Ncx;oM`;IXBesTdenKnia5JiE~N>D^}Zb?5^o?9Zzv47#DHYp@J%m~c@vS*
zg&h5L0HX1x<f;vxt4PSbC3x;Fo*v$k(!*Pk>0u)xurVS%Y~+!$QA`gTE2W2xKq8{(
z+iWzx9d#V~4r2UHg!J!l>E98hf2Wf4?^H-`@1yJ@U*vdSknnxJ>UcjKbOJ7#-`^MV
z$ouYasWbJ3d=h%JP=do@4Kp98<6is>hJ(Q5H=T}#q@?HlA3)R(K+*^}eSkQ95Ez|(
zQWsJnE6)!h&WB-g37C9{n0y#aTPlMv9v}MFMl3#pC?9z?MLa%2JU$8(u_Y!S1ztg1
zKE^KoIB>B9^J#r7Jpj@`ot5xA@*lft3CaC2lKbO8Zk;ok+#mbi#zJl4qjHllZEj-I
z<|ZNBH}Pq6lW%Yg<7#gb)!rm$<4>4+pBP^o`IL{gPsO~Wpq-~?tXxyt{TzdSP+9bs
zJ3PyLjsjj@Lw(NV{M;W0!UAeD^6q9N+-AkyU6czKDmME>rA+q)e>$j3QIaok_@urJ
z#wn(<g<)<nT~_@H@%k!aO8APq<||9QtSV!+&E|4;Z6=qdi=3|lE6X#)zhNGcUH5OM
z@V~wEB6#i_WPopwoZm!w?i-J$<hXCS<GwXJ?mIvEVIto%#P3ah`vI}~A;NDzaBut|
z`%T6S{H6yQl<f!K#IoCdLaABy+fPj4pUi&y85!VbB<Igje)~DXZ(F(FwwnF+i|n^;
z3~`&uZ`%>8?Gb+4&b_f+_M42!{8p(0ThnYu4rU&X#n2=sdN>xNrqR9Nq6oS;hAL6S
z&`cLof2XEpb7gS*O;<U05lNwQ@={eS&g~nE(-~fKh%3n`C=5sDPA;POfj>YT?ke0P
zpqTnAo-d#a>oK&j)fmR;cDg$v5}lKR&dFc_;rC8*os(=~ph52D%WwfVmPGO<BkbTY
ztgGBzS_cD3gz!mWZBty%6k?Q$vTF(~P$T+h969Cwz-A=x#Ht1FRI_0jtM+n{2xK+)
zy+&SkUpKU561KF2;`?5M&wvnVEr{Kk1yySvRIPbXDNtf!Q-f^`s@6!T))7I~S_-OP
z)!mas2r67|FV=?3*#<Fc6BSf#q@ZH`+h{=>8q#GYlSBfTjmA}5!9l!6UaYMYS8b!>
zs;w!m+A#^+nc}LQF|IlYVs{93_&(tdJgz$Mxa!~;h{8w$!*fjsBxr|-VCf*mT1V8q
zV?_6kzWY%B9Z>%rA`;*ZQ3<dUwqPf&XD7s{Q&g;Wl46zhkBrq$qOx2DV-oEYnM8LK
zqGm_7M~>|%1$!h=905C;M!-%??43*_U?<}U*o6_<#YCiYKm?-i=C7+HOLcLngjc;{
zUFzzB=m<_mVqLK@yRtP>SGBNojswONoC5&T=AQ~cccTJr8mYbWO%f++^ieNUylZg!
zfn?hq%eFhuYP-`XRStxl#JF@|pIz!Rc}x8+HnE4~2||qN4(SM=&(JM<G_M7p^~Cn%
zhf)CMi?nBiJNA?gX*5(gq>1gtys(!_LL=QRgs_o`?Ts|q+q{v9?advvx44lpVD98^
zWDJiNG)^d~yjAID^s;;BrX?{)H`n>#S!)cJK65c}o>5Fv?spoXblu2{!y4cvMFK?M
zWAT9Ed)5vo_CB{m!%)>E)*TV<-u$5N4g`ZRI>UAsMe1(Jub9Vra0B<i2JXQP+(W7+
zp`qBoJtPD75cJUWP7E9d*~n(^5n<qc5s7`9Z{U3e!S+RhK}>4)eN6`L$qn2S8@MMo
za8HX>anLYq-ky?qdkR|g6t(Dy0tK>;tnd=s525eZd;{+%h_;_7+J0gT?-wk%iHUo0
z6T|9xF<L!O1DGVeL`iyylJts*zuw3^y_;{I-hxoQMWK3&LiIL9;QlTvu;zgGTw?nR
z(Y!ykm;-=^FTu?j-4s8n-%%!#fhiQQRfAnr*0A$s$#MrE^aHG_uFlky7VXDpr~|~T
ze}E}y`Y@~Xf&KbW3-l4p)W>X<KHMsOB&+nPWR<=Mz3;EJN?$Qm_cd9iAG1n7*smY8
zN<Ug5N<(=5K>6-KF6Dv2-Hl)bAK08u@QptRZ(E-&mGo}PsWAf8IgqK`pQ#M5w#E8W
zm1Tga=>RVD09RAMO}Z}^J1E-EVj0iaL2OxiP`FVKBsi#2f<G9c9~`lwJeccuu)Ly_
zF?aUegp`B|92}h1Qnww#ls$x>N*scZwvd{KB54kdQ1ehO{Gqa%hw`ahVYV}>cPJP6
z(C`dQh>OG7u1!AfKb&nN4!5M^e%BO-BZ)Z=cChFZgK>N~`XLEFhzl>3UW@SpkuhA9
zF*b-fe-O9iAS=8_0$}VZx(2eDcTlit6YO;)ve%K7?R8|p7AkclR_aKp8&&Ga@SF__
z0Ok;a%``hQ)Qs5uC~o(ou!u)75s%^`9>tFWkFxlsF%9ItI7*QCs6b-F)1RY|IgW}r
zwF?B1+&UPM8C=<|gGILv#x@%)b)z;LEVy;B(XE4hBUNG>tIU@BWw0?oj^+V!H0F9V
zQ}$@i^=KX-M@xH|qon{jS_qJ%qXsLg;u$-pvR980y?P8*^cbldRrDCH=rNL_#|Szd
zWAwrh?u8*(xFKwFF@y^@gbO!BSmO?nLS%^KnIVD}Ln;kjR3lZR8;9<YsG)l-B6DnI
zCm$<1`B-enW2J7?j>mF49xFNdSZUBo3}clUa*rHq440v<5@2#33Of!Jyf&1MCnV%B
z{^V^KGXF4h#WvmMu&ev+{e97d6~-vTYhmK+Cb3b>+M~o5Dl{0paRNR}s~chM$k=H3
z9u2)>%}{+__`Ymlhtc#ZH{v@65*y>2MdV9SEASnI?tUYtV<DxnmM&rk{fNp->h|Qc
zLe2uC&$}oxmR=O0t_f>OhH*ERjYeHXl3b_MFghH^!r@5h#Ry_-><rp<c(Ev!7>l7o
zNHO$^c5Iwg)zNv`i0sZ2(S54R1v&eTv-~TD7)W&;XR&wNGz=tRx@$a17~;IlW$YyO
zOh-Xl3=s`89#b11uw{`s9ugdHIpwNNwQY5~`)0;}gOYwpL$t>P!5$M>s7w$-Z-V9D
z(-KHb1X<Hd{u4zE1I%YKQD8jL0@vY!mtSHN2@W+$;5cT?iO5=-Wtl7sCWa?S7)l1v
z$-w|3W}d`Ce3FuIxM;h{%nFlTM$np*O??7ARHvP$;vpGaf~~-enS8P<EJgEj1y%M`
zL8()@fTs#C!f0S(^7Kqu4y)6cw5M^?oM!41a8{k#x#vwfX?Z7V6}T{)oEAt*p}tv2
z20p_j3zjBlpdX0N8UECY3Z})*gg9qfK^;}>fGL9MrZA<Z=rIB%m?9fJ%?+3aCzxJx
zPg4Zrq9*NSQX=$O0_(Gw&}Y%}$g|`*%M~hvgvvymdS$qh87V$9(7$|1HeHwq#rg`d
z>1@|BT?n%2e9oIL%z4wJwuD)vRn{<7!_WI_BqmChi;@*Y$p&jP!j;#)(a@IpLV8-J
zF((z<jm?m(nUW6CW-t|I2rA65z}rJ!wwOT?hGmPC4%Kl6)DZ$l_#bBgz}6$O#Zp;#
zJI<9nhkS(}3Fji-;nt1#9c~Q?R1ROyj^*?_-1;aMs+}Vp9koF&$a#x@Z034l<ka(1
z;Ci-ts@D^!jc)R5SWClu+b%cs3RVoSY4TRp4h<QVUigv|u*eH+^MEaZ)A-J#r6hU9
zI93phQQ&E$ARnH~m>tz{n3c(8t+dXa-a=05<cnC~QWx~cIrRrCy<7C+6FY?zJL)LX
z4TLHc42;uYX%}vk(2l)9{W)gDa4dNPSGS>}x?v{?212}HMpdiQ^g?6K+Iy-^Wnphu
z#%2Z~3uw%oQPtY{xXRvow4u<O>Ah#|6(&``p&m1J)>2*k#T9Hw)D^OM=CqmKcnjSz
zlMUvX@?f6n4Q8}hC}NKz*>N5&H7EO*gw$E$aaIyCV@b^Z8q>e^2nnhvVatHBFsjNt
zc*^pqk})fUS(!Pg%(X4+G81rE2{UaYV%*pqTQ>@}Zsgn>1zR_Ywr&(`-AHC3V)9vR
zi8f39Io^f`Vt&hPzl9QM68zT0z0oB5t%*+}8q>+}ki7<`{W>L5cYv4}mCe)6iS+1#
zMPPAd6=R-kVtKO3oF|)Dp2YESHo`u;Iq`9}5Fcmr_&8gLkF%v!%Gq$05*lzW_tadq
zeRgM9!C!O1sl2D$T#_W`QfhLNoNG#wb6Jv{%aY_=IZ4iylH^<=BIbtPC*gdK5YFdt
zBb_6M^Eo`6&ym9U92m|3m`KBzL}s3csLpFn49yc_XdaKDc|r`$lVWI|w9=gyony`w
z?0GJ?=eg3J>)g;F+#d5$|M|_a$9%ya^SM3d3-*{V*<-$BkNLzN%p&JAxy~2lI^UBE
zEX~g+?c_?*`IhjC!TCaFLcUnQeX&4}Z5guzJZAFhxk!C{xfck!F0g_(KZ&gtGFvUw
zBZm@Lr~`#qYau}()><e`mkY&B8&c>3ZiEY@(7hmfR4ih8EfVaqh<sH%wurY%fIzfG
zmAt>0tFu`4zKq!_{4!yft{1a(y;x4yi~V%X>~kTr&xMlTFQf*#khfL<RC4%5T<?n{
zhhId8Jv-F6MB2H!XGHWI?~-6c8wzp>pIR>AXaBx9mk8mcVZ*XD_>zSN(uwF2o)a(O
zPq^{3QS^n6*rgG#q+M!(axX!D^ns1oWf4!vFZ0z9cce=os{S~}$g*9JpGGf1td?kW
zayG;;Vp%I1p^asioNq^IKSW|ydsQ5xv04}HTBW>Qv@v7!L5|qv!lP3&>dyLUXQO3X
z>E`!|D`_hT;C%Hf-7q~<vMUj@^RuEc67`um6Dy;Pi$+n#%QZHnExQ4h8&`PnkjeST
zNKle4hQ3G=Lth|?U7-@4E}Wayp~PmiD}o@yKsQLG1Eed#YR1#yO4#{I;kc3_#70_?
z?TKM3AfqwVj;IukG2X7NfWfYMPz;?lN(V;kI=T?8OKKbsE=FWHi7l=!4J`>{TqH)T
z@j9@Ek+`~2I>WpQ#nV+No~}}h)xs<_g=8%|?F~w{k-bXD;8z9q<Uqr7@81h^+VA<C
z_Iq}6t04ORja->9#=qtgyIQDBsDboZY<uxp?A4SOtxo8`Ow|cv*P!m#csU*Pz9t+~
ztn*UTd8wQ3LEojpaARGsMP08Y69J%cEf|uF3i^ml>^d+>01DTEA<HOSk0@NP{%#CL
zj2D9prFFesthJpq$&%Xj7QZibJsbdaq8R84GBN#47%#jLp&Pu=5=q>MNZhFYF52ju
zEe_1jOsqTlOib)1Zw3RsZweC*>--1Q`44n*162NivJxZoM?~n4-qZ*B|1r#1tn<yN
z^UeOO2zuWP(i!WHzCshb#h)=j_gg@&W8MFRy8lV_va&@KNPi*+KCFj);G-I<6)C9%
zpl)+kp~4pMRw4V`%Cpa{(xUuU{i<%h#<__nrm@>Nq1)vBkBrIEIOKjC;?5LX##aH$
zVE1L<a6b}D?P>o1=Kl|x!4$ttjGjAqOxz(ykBnL2@x&c0E8oF4W_OT>ek925WJB#v
z|L9XtXgL>ixvbD~CfjnCu7DP&1WlXP<-(F@dAQr-+Wnb5`2Dlu?wErB@xEUMh$gw4
zo8)fUBr;}KS~k+4``y0a;`Ney&}=Qg7k3YHiRzU&Sx-?QlJ60o?f7`qynkU7|Kd}G
zL+399Bd*p5w3D-B5SGdJqM7AhGPB%^ta+~`e9&4$>1RrP#`khr?)6obEO=jFnSi?f
zgcPjK2c^A_Vn!{f?(;22V6I_^Aop`Yz;~gzB==KPCP{cYcRxFwyI*qZ{RG1?B#0y0
z?kOS#@5918DSo;t_AuK8JuIYzhyCRvhDjHpT(XZKV?Bb5^@v*3&aj(GcBWV}ow0ue
zu&>VM%XY2p!ZR%hTErIYQ6a57%9Dlu)RCGE8f_D%&+SpcCJNSKBz<t?vR{F;Ux9e8
z(BJWGuxqkv`DZakD>P98aQB3gnvc1xL5w^mX4JoP)&I_RpMQ7tAuRsEQrAC}U&a*5
z6O;}jv&T8J$EB6x<B$&H`vl|rgmJ=nl5=FAFVYZyb1e**r=eHmWdAfcf%Qi0(~yB8
zL0_nOT6%<~fC*?k7&t3Y;GmDv#8#TK?n=&jrO!oD<r$vro{7l1&mzocBLnzZN#$n)
zm5CtFF)u&I>Z*FSejZ{y?<owWd>%>pe591mOHw``NXg`U(WL+e+KaH~i%@8Q^pX&1
ztKi9|9BHd~q^*MN6p0qcQ@}(5@Ro4GdHrgLxmphkB?>Yn`ihH2@v6XTnfY@Fh8>aJ
zSNo#F)V><0_SKf~(8TFjhivi+Y=1@4;}s;?E0Jf)uTUGl64;QqXAKL6HL#!l*h@Mz
zJ_?9`2?4Pdnb(bo-3ZIIfw*DTTgy~f>#wmTq`(Yo!vmU1#70xVkUD$?e=V(30<FK6
zvNb-Ra(Kzd1?!k#>!@JsT)~LRUK33A8YA`^H`#04WUqN91D<>h8{#!X26&x{wO$Zw
zJrip^7i&EiYdt@6U2pldf(f;e(sc6%@)!EtOYDuP%8_qa#)8|iH~Hl9re!L)t($~`
z+p!G{af6}Yc5DM;wISlggALq-3cZznbEhFw%+ynMBc%=SM!|s_nFBX+2X5rtH?ni@
zjn26@cHc&m``$)&cpH&^JIZ};yIdsiy~Dltj@f(fxP%CecNyNhCg;72IK3O;ymz_z
z-ZeSzU6b?P7o5kw9TR(>JCA=PMq`<tJiKqYPad!z-#7X317wm95SI_4{P=;-NAl!{
z+>;-gJ^7(eictB8VSZ%tCHioSMl<^IBW}%)Ouqcc<jYNhFE=q?ZsNY&#JO)Wf7?p8
zxi6O2QM#ftKS4J61hM%fsuJ!eJ|D@MpK@n@YIf$QJ}E-wGluz@$(f%aUY|uc^D}PF
z&rHtz%;e0?f-^TWXKv=s+|0ReHr~6yqy(>SHhJ|6WSlP$zb~S^`bCsizvN#1((KhQ
z4PIp*gNd0w1{2$Ycx{RB>K1O-EhevSF?scC!K+_0uYS$F`ZeeNHNK&P`#TROu`9ne
zx$=LJMgA8t`QIp4{;$tRa^=6dEB|eF<-dJWgvvJz^Ba>Z(PwQmn$eZtaASUBa^*KB
zSAHkB@;m0r@3<?!<J`ZKpSCNo^RylN@jH_rzency9&z|S%8%dsd?Y{q!2S4x*^fW?
zqzIKC8Rm~BKmLe#{TSiLAGsxeH2LvIlOKN){P+{|<4@d=KXL9q2~X=`Bdi9<s7rOv
zf5zpqvE*9?$+t4ew{pq1a>=(w+%r&ZN#~vc7J92G4u3)J`~~s(Ma5y+6o<bAjHE!^
z#?7<M9EjTjT7=AYhPvGpiRjBkv4}4h#rWriG`bv#+YONzZ^8WuU|#ol3+7LN<a5_p
z<hq9g8lInpoaj)KoES$ZT5(J~7U4wQ=&%u77>_d-#^Xj8>L!O0A(CK-34;UU=$k?s
z&E&v%f}1d5aG=9ZbYMzwV2U{~#T}U9-1WC~$dwxhrmx&!7p6=utcF<CUSEwy?t;eI
zcXHw_eNMqi7LJFONLGd2I$KJ62bgAJ;S)d&YcW_t(lBro8gH4Y5<&x!1e&zs0oKa7
z0HzXXw%jD7Slmv?wPuW4n?enJdPk!fL#;J;c573pwKj!XTOriivQTTwLydnKM`O|J
zSq@BJ&%&YB))Z>(AXYoCuM}$SnMK?CoD8AX9?9B1I@AJUAk^B^Q1g*!sI?bE4Uq(z
zbl{=Xp+cy2hzPZgjB!U(sG%?KXf$J}b>z<OXbQECrcmp|iFC4riW(X!Z!`HZaC}F~
zWhc&MCy~oe?$NVAb7x9(7fy2*k>)P$Y$?#}Olj`QY3?f0+|@bC6iDtyNp|5RyND#a
zkVTplV_hRwjB)+}nfUG^r`^5TN8+$YL=^AI8SE)C*wf275`(=W81V0<#P=2%?2TT*
z5Zv%PN_rn5rS8Mo?E|k!_=86SCuv|E#brX^XOD6Gjg@#emczS|dtw^kUUVTqR{)fj
zyMr{?T_rnR96MJkplpIZlj2|*UV74PiQw8b=#TD8aeDl|l!nGt_fS{2SfNWRcos;z
zq*TJs;0pA<y!t0i=iM{1^wPq#2am!Y=7njGzz~?qzMRUw5m%<-`!ZBhBHx$C;l8Fs
zzHbnVLNecv#n*mLX-P<VKXK?l!FwV6UJ-)#;)3_0f>*+ZuTlZQ^|wY&5mfBWRP0TM
zkp6&&el{-Ywm)LOe}r!Pb7}Y2CFs3M`^+)>2VD6>@A$!1Rj2UFvOzUfspNe8U>1@3
zTL5mwHb<ir(&!K*;vrU58)t%W7?l{QLjqEW2&&;9KUDe9Qg%q|_aYdHLlKEE*BuU#
zbYXk{1&mm(CTI`s>r~cHkUlB*HamgFIY^%j&ywm_GBKj+S31P4Y%xsTEo<$(UCg-2
z?g%XL5yBL51PjL_xV%Sr^41Yxiy;&emQqH741#EbLNiJFQ`|`X2Z8rza73We{P82z
zICUaIBlD0r((^Wn2w2=CuB+LP$1e=UQN4MMu~Wvf(&a*fQ!!Wlk@oA_#tA8UJu@B_
z!3V2=qi}Vm_+UP!2h*E#8UpIjpkaJ09$oVIJ(ij0SUi65=4vRi$WSEQP^)T}V7bS>
zdW3ik4R}a1;4rp88YZpHhC9ZfDR%^8HbRBfC@H-jhsYflkzSAEt~gG-^=`m4*d<z;
zmi3t#cDiKq)z5LRMsn@N_z5r}%3eQ#kvsu=ovaK;K~!BA+kfB8%a)_C5k|3Wsr!&S
zx*A4v&#0(eNri~a6{8|^<!CJLXdzdQX1Q`Smv^+3D@U_jIog;jVU6zi7~e>e_7pQx
zdrhh6Ji>y5cPxrGRJA)k*2|fin#~97Sj+r)Ek2HoS8*?Ok~m(+GhVvj^RPyFwKoA#
zoDeZ&C-8wdK_0R)W~aa!Y5&P46mmi!q&x^Gqd7<(g_D`;ll`elNWG}$dK@p4Pl@*4
zDVF)3di+%8y;CLcohEwkbjIuS2=ASND4r4Fy)(E^&XBz)W9|@okH3ki5h9&eZ<yQN
zw=}2$!@{3F{d!#^PhVknUKs|KttVJ=ak+TGYaxsp7^4Oyc)$l-zl}FwBQ>yO)*vM0
z2Fw5QF9x!YerRAQI{q?3d?rMksai%iO)Q|>;BizpQscB$b7Nrcz{V^GQqqpJ5ou7P
zkk{rlEHD{a0ipq3R4H}@JP;_-uNTlbU|0V&jp~z2wnb)*qBdzw&B(l1YEL)gQhQN!
z9OL>S6w;Wb{^|oiZKxqGQxqq&D2nSW5VGu<*KDTdY+1b7fto@#n}Y&k4mr4)gWNbr
zJh+(?b(dYYLYd%U%p80eGY1BQ<ku#i44ddt3ZQp(pf;g1SIBd`-e7#LCB66LVxl$G
zTzZtC0Ii1E4R)S-Lc-MN`Qlpd9Ef<1npiwD(m{L<lKLER5MxTRaOcng8N|puY=L?F
zfy_J-H>fCJe4ZFL^Ng?R=q9KwZt<N;pzZ*ao-YZd{^GpUU;JE)RbJCD$3JvfpU;N%
z`QorXpP&Ro0SxT(X?!ja<Yfix;tOajEkH)A6Gp@ZrV+7-p)Lv^G?B2p2%=r2$T$@H
z1LIu8jB}A_97;(t&P9Ok#q<qP4e{AS!WR=97)yZm#onp|sdqW-d%1r5&YpcTDOnOn
zm7O#e{m@R>U(H?83`*Hlnn5*+Q#s|oNerLepxRRLE1G+(as^!aV0ic~CeMRcG7nw}
z&v!icU5P{gN*4N8g8f-o(<go<#o=ZM=09e`E0OkB`sT(I{a~nrAGM8NDJ@;EA$eH*
z23GtUrrR}qb9)U;%)%7D6uEIJNyVs$P<*MFikC)C;Y&l2;Pkx|Pv1)`P2bn@>HFG<
z>H9jDD@|3`3(4_%p3JY8C-3Xo<b6F&qY98xiGuh*LJMbZyt_ihhT=C=nvic08Qy@L
zE=Abw#^Wq`mwP)i@$LAmDULHCtUMB5X2EyyJw=xxMHNa)Nud@N+$0P$UY`M$@K*NA
zDtwnLzD#ibGG@?a)K|;Ur?SFybcdUcq?CFG?0-jvQ=U7blJl>n6rQZ3CC;6pudthz
zL#*Y>e#6{|K=xmbxGXo=e|aVQFBj||R$P%_Krr`-A_S!CI7G+<%iV{11SCC>x(lg!
zmy&&2HdlrVOi$ChDrtHblj1H{iXgVV7`jW(1BG%0F%0Y6yQo#}3jK#)BGoN!fe;}R
zJY-evS}GLFdV*G&K;;_$`++&{<!QPkeu#;pXtW(7zXqb){BIT-USo|vgj9Y=hp}2R
z=y+g;gw&+BS>q4$bp9~=zEd2P00030{{R3W|KH1qKN4XArt2eAS83cnLV84hwb7x8
z?>EtzYX#Ugc`Kb2Sn(B1(iN(CqHZQYemt~7Iv!HMwquKyeisDfd2&wl80_(w`<O6S
z8i1A<e-};kci8jqmDinr2iZ+pA+RzU@qbvt2W-Ox{txFGAB>8BAcm?vm9z7;<>?WW
z>AL10nHJKl{y3uixc<hijyJ7qa5V<`?s1EkPtZW(5n_Y?!zBGbRu%gktl#!T*oK|@
zPl)wT)uM9;_UTiiPoIJvpQ`NBr@XmO^5@e`-lr{4=7_oTY39zS5wEAs?hFW1Z$2%1
z6IBg~udM9Nl@_a$q+!v{e1^&SOpwM|)3ZSnb|tLo5r5tr<^#yyhawsFJ~46cgNlOa
z-cof;4F{>AG7+|cdfpF1RG}jN0#1T2Fw?&vCBYYbL*Ny_3rLC=e$A}#f|NmDsN`Z+
z^dt_8p2T0Ys@kP_3Pz84gaRn>RV*Uq4dg1OhOTNdO5qb&(h)*j=)+Pc@zpA5Myg%K
z9NTiJK;xnsCK|J)v$1I?aAU3(q*xtDf%(G{CGl6RsvRaM#cj(Z#Vcfki|Uu?{=x=V
zL96u!R}l_Gg<0YiyqA3i8v%#d8p3}K;<QHOzs9iQUQ=lux<*(Ztzp(y<Wp%!U;<5`
zZ`p}$1j>ystvFu=z8A~$#9!sBomU~NSB2+ZuUh<u&a2`Q230+ZuSNbr6;<MENtDK^
z>(^q}uNCB4OJ(>K{9=?iRge*<8D<^JFzaCdb<M~yuL&+(4_zoePhHPWf^?0PF$56Q
zz7E{69*3()hS^xd(zu4Gh9%R%r^5kMRv2-8gBkw~D*PMa7{H3Z$s~T0_I*=Q{7r(<
z+WkJ87Lv4>L)r@}RIeqzfdz56Xwo%U(2?o}Usf398*r3w5InGfiN%BFLuGsSMymH}
zviL38_=oJ6?L%pDRY3YdBL{J!T`G?w!0OSNn(1m^EIyOi1d%r>(~Ry9E=6s^k+F$+
zSM`YF&#*Zl(_Kl*E%HQ16Efd_`UH#iiEx(k2@B*;_!03ZdZe%mP@k|1P@fntKz$0)
zKJ^SDX-^R&wf{7Hi5)*u{0v1qs-qGAEcz17XO4fxBj(Rp=KEYaFyD-rZ$`{F2ZhFz
z+z#_3WWL!AE)3z3y;+Ft%~E7<29Ygk^o5YxzToF0Us$|$qz0y(ul|VNqK<!wD0~@l
z3Fu4C@Jsm;kc=tRG0@;pIGTW2v5xo_)jr-XHx~24V&*H*NJ;%K!`2llOc$e2y@+^3
zy@)uk7vZ1_Hjy#G#VEl#-&oNXqkcwFnn_AY_-7WpKkH!Q%zl<4_-7Eop)NnOWTfy~
zPAJx}z}7@hDcaM<)iDWRA}422TOsmRrKCriUIE{V%&8Dtxz;EZYnawsWv#bLT5lD`
z?N)<^TY)ZEi(eqxFA7Z?f~tUOAZRSlp>q^2o1uP@g#ASj_LtD?NTh8LX`AIfbPX2~
z+t`EIZP@s@g(&34+jgWLs*@1kZa#|NUg<j5c474K+6tNlPl4O%GX;q5zRHEUC8}t?
zNK_dLap(sB=_SOExz?4^c_L0Hs6<>^y(W0+fkc8GfhQ6a!C+&B7;WQ3qS-Q3&(0L{
zS@(@QU*m+y%DP3ga*|m&X|i%swsN&4fA=@R3Kt|=f~iK(vlZ8~l@LoB2xcsnlM`)W
z7IITEHFH~<oOCB4IcYE(?;044_dwLP7Q40N5`|e7ANVBToB4@$>d)bG&=HG^5U@}f
zI~1nY>5r$R?Kx#TUkYwgU^;R-Otgn+?cI-$IC?;q=#_qrwPQ`u2G@qu4H@^?H%6#&
zJGJ-hgtqC44v0Yq^TTS6DIMJ?tmvbgL<eRfMM@V!nkemI5*=|=cBFGaq9fa-I3T<e
za6rS<euKaqzA#-Uc0fAsfOOs=2xYarU@^M`7i0%6$PTU`6r@89gZyxi?(QWz@r2OH
zy#UWnITEyfKw>9hwDXz*iJhd;u7Un1Gueq#VrNWrXHIlyaWM!meMUR`j0n(+6sRCA
zW{}uLP>>fmNbDk~Z3RwD&Nz!^u3=|PwKJ#M8B>*TeNLS{P87yf>|BSRdndYt36kgf
zt}HgYlDi+j86d>h?n2Vv6Rq3CbF{>sY$)%k&udxU(p3@CEWz(-kvmdAqP?g=_GYa1
zmNMkteC6mMx+_PAPb-|Aeg{#1r;MOzs?l8<6`r%WIAIw4j)lSR%!ewBLDaE=L&!f=
zX+e)N%yKkGHVop2Dz0o4BE8z2*asr*6WZ)RlzI2Tj}zQpfu^ckqEwhxqQI6#I|ptw
z%8W)4fx1DwZfan8cxYarNN!L_aowHg=I)lMKtiGiFaQnPeT6*6%Nr#271lcYT7HRA
zzMW6>B)08|$n}(LtAK5awk{@I6FxKr{Cb-F_}h5Jh1W_QWdGhD_FylF)=P<^oin6}
zzlQ2!g_h(M6m-{CI$`Pg-KH(!i5*Bay-<+!b~yMSsZ~FrC3+J}^hOMHodwOB0+UV^
z8!oD9YFBD1l?#PjDXrhcg(m0?OdxK!_7@_H*Jw!WPv7U(kVJZ%F4iOLNe+<S!AtZJ
zc=h4D`p7E-8M8wsr<TE1Q`)f(D(R}5eG$V|e&B_^#0z~9>AsQ|G*B73fh*jXI)TJx
zKdehXu1h~=;ePH7KqzxRB6B}Vg3H{`969}>BBvjW9MtVVZ+(e19Dp?(z}XF88V=wZ
z4j>v1pd`443fM+viL|BG7mc}cFvCLxt|x4*o@E!O7D^26tt+si1EB^3Rp(LJsbII}
zhWfzp>`3F_*W@%L!8UjUiRJ^5Gy|RVMRL(VXJRiqTR(AhAH*Z|AU*@ZwpN;nOOVhy
znByO8zMihz+)XAiAF7FxIFujS97^oKI`9Zkz>Ycsa@ncHOtA@Xg&~$X+z$;Mi39R5
zMB^}a4B3KUW8qnEKFKLyn{vT9I4I^bIcCVi!gYvvta1ciVYiUt;0V5d!Btoitl~<7
zS6tDclq*Ud0UHZ(BnBb-3?lX!giJ9=a_%6V<Slf8pAYdtQNA4%h>dj~#A8HDKwiYv
zFy}=JafBTy%xOn*x<|6yr;EF!9kRl@3{`MR93=!DpmbDdej?mphC4XiwFgHm0oS96
zbB;z*94$HLXyc4{v^XOM;dcx+*)iN?$4I9R#{}}jwbwCx=X)&M3mz*T^$ms8hpPE#
zJc?daM#lXG41~(c=-%8wL!An8nOxJ^Hdk?I<iw;}cMRWO@rQg#JO&yjgyAsGaF`p0
zz$(M)gl+S1YRwS>`4OD_2o~iE((2@}ezy?n$0G{IJA=Khu~gPyUQJKWHn98g8VAxO
zqK;(vBXP{*G<X75>IAOT2~r%MAjaVdb$IR=MdD=?B0Nfpmr=$6HHr@?Ads%*GG3S+
z#&Uy-Z$Bl*GP{k{*HN{drL;Z{DLRfQIu1!bPAo&H!ELlcc6~aVpH|=+D})`iz-j%~
zUAAo3lpBlUEr7&Hyz@!8a=dV$JRT}LUfJ(tq|<n!(|AOFymXCGLrssE#?#|)I)ujy
zV{AO1=@g4rj!~v&r<JG%X$BCtXXC@AEtX+|Aj1SMgRUu~Wq{l!Q1%my>?fGmPh>GT
z(e%`7Vz7*b=qCputD&*%G!2|2Ma*RJhJ9kPyH*EddNQOxSx1SGFi)YHoC?W9xlgr(
zFJyYT=rnBj(|9gA&2*$J<F>J#GYn@KKs8Qt)qonD#;4FTm^aRF4*b+$6vxvPh&qLh
zrzvDSO+nI55y#UM^LUz4>5=UeA(p4`Se`=16Ka`VRCy=ec*sGz1>6@*Ov%K=*q&mF
z?KHDy+7#PqF}BYNV;crd25Xq%fsio;jf`swnhXz`jJP4GReC!l8swR#mRUmeNRG&5
zYQ+r%-X-I+|LOeILD-hG{rT1BG(F%Xg-n+FA}ftoPZoSEQs<aXhcI5ILj>QgnC%Q^
zkQuy;xr>@Z0^|_=oOc>9P3gzYk(11ki!?{QFoNni<$8&7J=qg->(x^trW(qSmSB=R
zqKcn`<RiY|qZ`e&9TUQOq!1Ac1&S%gLTJYVx1&!U%2)uZ69KtG4W@+B5T4UeD(rIr
ziK2;02~d&7{cNnXJoslbeyUqS$Drg}RD3BxiZ3Nl@ukEZ>4Z!H+u8Y&S~sS1g^Xoe
zT&+3YGF*&;Cc$-0+;vUT9-+y&0BSN#5@$2(oK3s|;GWe4Pt21pq{t^j^SE^L=&2s`
z!MVf-=c2CXN<KJOl7<E1e5T@jdP@f`)Xobo<fYsXTROlQRW14=anD1NoTuMGR)6bS
zEn=oQ53=NTT>!6rh?hzeP8}lj#C-w34YGhAtu5fUK^E}aAPc~45NQdv5F#&B$YZD0
zjZk(+Hd%;lqOdwBZL~?WhxFlBut)-wsBjCpRtsHu(LMIW1&H+pBzi7DqFkW<)-q6F
zd;NsRkq&PZea07rii(4HkuZoC@j<+Zon9zNOHFm8;wsi4ODu-yi&X*~l_{0=t&OZ)
z9hG$m=&R5QG(=)8*8IxZdhEmt5zd8*6MXGNOA22v(FoLC7jmawNEE<LVdN3}Uc@|d
z5y@Ji-7n^LzgT|WcQIe9E6k3rg6VugA84pWDr9>xA6FN<iW{b^%Xsi-;?l6bjE#xQ
zxcM&QM!w7&6GA3kLdL=pr0NpqjV4zl+K{L#Wch>lC7wWGj$GpANX(Sbiq3~iJnK=I
zqY^jg6(kJBm!A?>u;{#k8}15jUIl8chPe=&S5!!gxL{U-70gQL(p3|RHO^fR3~s5*
zqdL!CkR4GqERENuRIk4=Q`=~l*lUftohoxB5E&)Rs}P^75TC1*1#$)Foe1wDKVowg
zH{(^IVq$9iy)Z<7ANVI={Ck!ff3J@MMi8Z3U>3cIu7NPAzy*<aKy$Su*){S3%{Ao1
zR2pE)S=XR|5!2C9o{pB{?J|USP|KKfp|PAUOiNqJ3oH{}YdZG1)-peJz0P}{PKn*X
zhT{#!w0a}g<3@uXH|mF_g~nnHNTPCf{38lC@ipeeA6XRs(ThTONbyICKmtdB67B;|
zVf5Y%F>luEUb>>W87X*kGgdS=a~W<9M-Nz1-aMl!(bq2K@F2YfvA>06@>`HNw@9m+
zTPm+=Zt*k~$L*hl82A&9fj_Zv`=^Ranp+|It<6}{&<>TCG`9vz8l=E&Jn`Jd6u6Ch
z?lwOrFbroMVn9~xEpfZy({Tw@n=P>{ItMS~Ie1wR+)Ro)S^qnoV{~xFcBhmwmV<Xb
z=%~FPPex){jKuwn@%`Mc_tR+=Z_fXUtn^nT;9s38P_yh}$>s+AD;Y1WtGx30tG>z9
zkjwIA%3odC<tOxi;|J}3BZK^JYLMGgv*`Nu-;^VUiI0pQfM^e>03FsJsrLYq`T=SQ
z+*$F!)E|Th4|<`4q<;``dyp9OLB#z*lQACz%SbrCK1g45b0EX|6A7^W9-L7XSAzkD
z?SuG~`XMCqLquj&94+yXN#=(PGC#y*eu&Hb5Rv&IPv#0ZNoSZt%^pHW;1A&x_Anb)
z5Bn|*<$ajR8z5nramV!t3#CVlOM^#)93SZUDD3&DH}HW{j{;#I1)GRwcgO9a8qzA`
zDK%aDx6{+5nqs!0EbkkhV*3WwH8r-e+|XDiP`?%(0rQLgPvIvI)p#sE4N;#~a%(L#
zI*MjggG-~e()Z7TWB3+?h{q3eS_zR>DiV`2#cXD34!;wdKvlUkUORo@Kg-8u>{c4s
zJp+-RQS8PQZTEZ>v3mxw(|8R&9wGQFB>1dC9IZc_SS}Qs5W!~=L4~(Ny^oi!2W1dK
z!p}j%&nbUTa3TbU_;dWIK%<sSsNzQ(7^~=lh8n}YD)!%@6`xhggD>zVR`GH7JXYm-
zzTSJ@b<rr-l|Y2&p^tHD#^uElFL0_asK{?97HW%XIYAppL<Ce{#8hA8R9{qoH_%J4
zFH)49y|*00IPoucqV@cX(%^m(j#vy2$5$Pe`z0**OI+@k9BX9jwUHs!mtfRmqAz2j
zFY^W6%SzK3b}?_~oaYqjnnJxoE>o+n!h}|F=~kJ1waUx^r0!K90$<_BN2tJAVzt`D
zIJBG^Y<@Wql%ZD#ehKNWX4BtllrTs`n3_PtD+brTf?NxjuHnOJ4L0T)Zp<}Oh_0b1
zZM+Z_19OcOm}?BuuOWd69J2=K@-Oa~e<7j%6}}zpxm<-r4WAzV6~34iQh$|Ge-%+z
z2s?Px1MhR%uS&Gna@wdmm`3R2(RM%DEE8Xg-Y5%btwXfdshyfT1*FB-nAee2DC;d;
zNLd$g;XoG}%NNpCLGcT2yZI8Y3l|z>hFcHO*6XSgj?B)6HniM&HfYwP#Sd7uuAfm=
z-PfD@;C}55r2QL2`!|p-Z%Bt08dzws`O)(mSZX-P7}=zArH12#1Mv-RTGg+mov$fa
z^e{_{)L5Q&7#b^Yi2J}dg|+dUoYkA`#6d$wSn#kUFyaPcL{yb5u|c137APn+tx#0X
zXPIJy!-n{B!;Gr^di2=)+)``xzw6Vz{l&7icc#4exwF;3*5{TR`nE<keGAF?7LoHU
zB-C3<2-|&Z0%4tei|dm#S0p}hy%jhhiaYJ$9G?EF9{RM1_5j9vD_j|ZKzIwE+HFKU
zHWHg`L_9Z217M?mr!Q9!cJdqD7?I-cZEm!;!5jMI^z9u;^&J)V#}*1S7reuA!8@j0
z@Q&KS_MKWN;7sr?GQ_*Y5bq*c-<1rZfUVuDak`1+gLk3am=&SYzHAqr$4^tU`Ao5i
z+4bGPukzu}d)&D1q4Ec?<$dw3#1DkL@Bz;YA4pd`6fiYjt>z2)I&ts)A>WvM2<brR
z4#nJ@G<zGM5-leoLy<m&w#V>LRCb{7u^{}%+z1~_M)<gb5jJtbH;G2rRM`jyTF#(^
zGHt>$5^jmG!>5A$pK?2VD%s)F3U>I6%l?^YhtDe8L8irm;WMKdKEr0<$1-2Qa}4<|
z*B5NKei3z%^GmG4mwY-!755TfMy$1Tc|Cm!59@|H!0@!=w^40XC^w|1HfD2{Oj&&U
zW{cqMEu8!oi(l~DV!R}_#aEHW=vM-_uUHQL%D;~v5d6yWpFs-TzJjV#j$aELzh)f2
zrf&dzZPe}SP!t|{-_T<%Ir_d~(f3VM^nHtB;#(xnw~;qzRcot27Rc}0$lJ5u2}b*l
zQ~%CH{X4uF1P_*>BHvMB##^+6p75aSdqnGdtE$7SOfG9hoG*S)HmukJKQR0s43%Sk
z6a(RBE`b{g3Bu@S{)p#iY<O0eQ4^0V(Fw?_i-mze#lQ<Vas7-e_j807JhpYey}S2T
zwebGPR;=?@rt?-$XUH2>iqsg@dO@c4+>G~D3%=29CQvbIwnj$HFI=%-uwuV3#eU(=
z{6%u+FU@f#Dm<yXXm9ABOp#wCXNuiLXZ{l9%xzfbZCuW6h>@;3X}ZR>O_Gy$H#vTr
z?080?qT{zkI(|Dh!gknuJDp#)3mFnhn5=>lCaWq-sBz2^CR;H47IH#M#&|kQCPEX7
zGg>mi$g3_b#z~r?TM`<rrAN7cGjL7MqkVRQ>`A~uyhxr*GVdjwYtV_B=`QhPrXS>$
zG^v(E;wG7DoCc93#qd%lUMa*Y6=52W1h-6E@x)Sga9c(;sADM|1|(q}%49q5gNKde
zDP0m3qts}o!i^kLD%_~Bq6;@B+wql+3yTqX(QtJD=qrQtsaX;h!c4Z0u5qT@<xc@7
zJA_6>>UTu_I~tFgks2L^1AGk(d?5uzCpjpj8+6G|AhUY|rxUhqCni)UYTHh<=$ZqW
zNC5iV8aXl2c7&KaTE;ST3^CG0s@;7=3KrtYosds<!iP`lHzcr=bO^7Zh7ShnCUOH@
zgIv9Zm1A;ewl_)c9Net}OYY$CO*iW|geBYT4B75n!8W>rWx1)rX25(QFTHt_+y!Co
z(!A*1g+{?HK@<>6bmo@m9BqltW=nL2EIU`QL}$qo8mONxNtW0ZVeZ;IOYBN5v8%}v
zyKzhGCcYBojn*!Bw02>8ykr;EuBB=cFyj={Xs0gvd6uJLc%TbK@D=OgjRA}xxrug*
zbW<1KO<<YRg=E;Ss7Kf4d8RA%Ojna<c4zbF?uJX7$vu!Hdo)jyJ*Xsm1d=dW_Hugz
zW9$Wc?qygQ?k&s~J){S!;!Zc&gNI)a98^65tt41r5ydm*J{yKo_n;r0H9#gxCf^q^
z*ta=Pi8YocMzrk7wd{#C>dAc9lTL{}*_7DRVJ7CXp5|QElM#&=Bt4~E)-xij?}sq=
zYnIXW6OGo38x7aFO!i_%>qU*$iy5sKbGJvlHzwYj$5?MU?e*qquXlt=dwVkhVGfPh
zn|5f~kg1vBe@q<NuD7co7?Hh64%;6Q+rL>J*<bX?0c`XiAQ`d`HV?0Jne1b@)T0}A
zgdf#S`&Y35&ptxN8Gx=v$Q!x=d>R}OH4P5LY7FFR43y(xAdd%y*`kI*TDrF?&~4o0
zKzx5Ic@U<35SQX0lQC68wO2(H8So(LS6&G*sjD3t%DN;E!6F^PMLNVJ(jf+s4iS7h
zMEkT5y#XD<B6kR>(|~0i!et%8DmEsEPy`@{JBdjQp*};*Kg8pRp;%Yv;3P?O9qO`%
zo*0U?8_M$GQ1Tf&2Y~b8P`XAKs^1yUmP)vIyau-%nl08e=FqvMgFY!+%9j1AR7t!O
z8-`^Z#$+63u}{-EF#U1BIs#P6AmYO@@!`S9^ZN|9*jIctEH<$}fmDwvlt<*P{y29I
zN0Bhx|0<tq)tpk4Q}}_vpg-OXGJ3*pa5z1+ktXrsgmvU3u0?C~zm@EF8bSR&B6K7S
z*b(RlzU!4d4%`1YX8+?X_5n-{i%lFrAfEm4*L_|3fgZ<2+5b4n{>KsfGkSvkk86(o
zk0Y!j?SC9R*?}F8XOVck?1bad58{N8kibaA%NxD@!Fq5cy<(#we#|!$ZvX}RSpuGh
zoB)WOz=)k74963^5RvBW6WNO6L}^AEi^Fg%%Q0hV9vtiDK^QAzk<Z3PXZ^8s^o)ge
zC-5L`GMS^~3$rRQ$~ZRZjZ@u6N#9pXA{i&D7#(BJhT^zia$sn&G5y`4oWP%2a1ldG
zPh^&MI}-@macRgXnKU9ZfIxzg5r)`AT8mm1K+z(D=46O*vQ^c}w@QB$&J+#WPYT#c
zEMO<`VmHZ2ASkGJCo}BHaO)kaKAGJBPfn)Y#t;B<KW+*IB9=NGBA#x!Un)Q&=X5l3
z6iQ3Wc0Rh!Pb5w!GKA`!&XUFHewYOMosOgLbcsCH`E<74Io+9k@X$X4DR4&g&_BaB
z0fvdA{|p{jo+@V$G%WTRaQL$XFvXP#1lg2`AAsx>!y!(ZayW}|I1AD_3nc#t9Qh<`
zDl+y|%lOI7<W#;|pK3|9RScNBgw=-OrZQTZmils9TKGzbZuGSluG%GQn9XYN4?wEM
zu$Znf8O=gsS`kLGxG5~zXfo!`HJ)5)%hpfb?0iiYzqQAOG26^SiG>@@W=2E%09)RR
z*aq|2Ci9`1#K~z9=9|WiGEFw0jG4#;+0h&6)0)$*8CGXHn5{mIrSm`<TrxAsuZJaT
zn>TQ3X(zKdwQ%4-U)PFPHIrGe&d;QzX*SE2|Ef=$p}JI$VnQDlWC<eMZf5CfF6&G^
z7!a&JFgQ7aRBdv^*DGeX5D5%MS9m=4prV_}x<K`Y1~$9Z38L3IOFzj*Glb}#!QDMW
zwa?1r&@E04jEA-S$+OiQrkP`M=F}9M9zq~3#@7)@_)y0)OaU3DK=y9v#gk+~+`ARb
zPf`mcK%`w=fplmwK4Mo_fV(=$0lemUvOzjl^R%Cdw4X_|pNZ(q6t!2-Rx|9T&;V#F
zJ`+R_sQjCpnQ1}Lf~AL~Rgr5|6t!~oz!H|CcJL+QA>4!qXo(Kck~~05(f}=?0ZQ~M
zbN$NVF|ns$BSLMAQn1miU?Wwqkt*0IE7%w)2s2(IL1Ag55t)D)VKz6y>?k9k%B9IU
zQAU_!Ho_do2;r7M{f_nNLox7{U=C?^k_wn&XnSD8ibODoN70;U6Q0dYc(!ap7k@4?
z=v*@V=ORLL#o<3Ua`?|R4F9=!_|L5{{LkTPof9$q=ON5_QGqef92oQH=$J=G$2@s-
z%#$29FKYOo%k?`qD)Q$e)cH{g&NnMKpDH+?DmY(OaK1SF=Mxk*{O6O{WoB5wq+g)s
z%QO@p46+3T5sSV+R~-~&Um!VWfv|W&%Z-IBvKLBp7E&n|VwKsVa}ij1xfk2WTQSK+
zY)!EUojH5PUxeiidr2@x3B%&_8Hj?l84@l?Xq#LzC%Kp}`xe7xpM)vFd`^o6X%`F9
zE+*2lFuRbEzECphg#-gX<G;{!f#V{i@kLQf>x%@9E)pMtU(EXIdar4xGZ+#V3$F<!
zFR_ee&XSjbV>9_;<z>NIJTS~<P>#z49WJAZ<+AXo7#j;!QcW(2I>cMz5XGJGbj64X
z)727px>8*1GAn4PTgB;W37)Q&xav?RUGB;Z{Bb$#bvZNwfM4OlnQv~yMKQ#Zy2%@v
z4mV0yZEuuoWoUTx<^P+I^=@Jt?nqqmV)RXwE=J!Z<dU0&3~>_+k(-2Ayh+FqH=&It
zR^ksxi9cvji$PHmSdv_~F>Zfwxls_Ac>iGV#vjPbWw7n$@QQ&DE4PJmx)s&wmABiN
z__qn--^RtijlKctbaY<81c82=WXjvg_`DsFx!q8pPB(x8bujTb1j6_7lef>PN_HPV
zcI?DTSn*tTD!~aC{I|1mDqK?2OF@pX+KP3YAd{j+AJWsYbp_Ggl8V68x3j#njQMt%
z;M--~x61$k0RR6003iS0!q5zqU1qV@Yc-5!3G&464u}AmKxV&whZWS&W``XNQSpyB
z?$8)kwuqVC32EHv-_Hn~cPFB7XN2?a44jAPFNZkG70$#=Hi!JQ9C&*<dxW&y5lO-T
zu3b*!VYv_w%Xudj56jVp?k;4CyO1gFQvR6bxiPJ*${sS^Wzp)T8iXGb-NnP`F7`ek
zT}1p@Na=s(%fmm@sxcapQly=-q(X+dn`D@~5xKif8Rl+FEP<)v^x@{+P@1~~X`llr
ziW4qukp2&gzW*^jH@Jsrbq^B$9+Ou07__>FYjqEat9!&mDquN@6zF~rROp^Scc%Tl
zEJfWbq^Nu8BKux8`P^$LF5sd{*1V5c^FBoHK9e=?GtNTy5wqMU8c)Dtv(SA+P{QAs
zx9)>^D~cma7WXmF+|N97KlOqHpi3ILljILlw>XLF7AH-0i*-YFW@^c=LoQ#C`YV*+
zuN7yPzq+%Fw4i!`<VyE;B+Y9NuoU_LPoWP8k^X>?>>t4S@d38Hbvk7jZTfz;2AUT2
zuGpydagx+NPNLe!$p^)4l!B%jiuSbZ946(1o=61dl$Mrk_z>T*K7`Kp$b+DVAz@tv
zc-VnRore)Ah0s<HiH5X6+=m5mANIsWMtcNtc?5BJ#H#Axa?$ab)}xN?%N}t>#Sj)4
zk9gY^$x@FBv*@FI7JZb>qK~>&xTQmy6}<lnem8jq36T}FgFI$e7-pmud`4Qqn{hT<
zq1H>?p;9Zn(EzgB3exT<O^o;$%chSRPp}^6#(A6@=W$}3$7u)IIFB2Q^Efxo<GdLg
z=W%MB$GLGHC+#X2r8C$kn0=lwW%4JHK2KI!T|UWE<CDS&c#<zLpCtQYDl@BToqS3W
zP7`KN(JAUF@|A$(Q_}I-(-FsK&yegQekLIK3`;uC2ubG|3zgqTIS&?wPCgqxj`AFV
z3PS7ll!~`n_sF6J!Njr3ddjh?8sv`#=oX=>Me;eq=Q%{~IdM+W1)lTe>1DNoWCnYV
z>0FV6tjTjmO`h}ZFZlTdp5Nu;xEEO3e}PB+3qsVt;N^YE`!7O7U5<G~V=gzwE1K=4
zg%{Z_^hKYGgamTOi*zIUB3zqzliy3o_Aeomz7$dL;UzHf(<d7*^QHC6M7EdxB`ibo
z8N4jm^5yWO6C|O(%oF;{JfXi#5sd1+EYC5kxMr(}W~(I4RzcdUprbL|pdBw{t&ypA
zt0;m|yH&Dws~O^IGJ^)xS6kp?r)*TcYAQ@FkF8hP*m_ku>VDO5xcVwz6_atc7NW1U
z_(wyMsLZlP@!$T9Mk<vpvTt6CT!LyQC)Y(DvNK%qkbPaHL-ut-{HzlW+1IgDyiOQ#
z>nwiAz77>Cfyv}Gq|j?5k-vr%d`+AxUNhggdQA}THP4sgs`_;vwy#^}y9MhJ=K6@|
z1M3Az*7L>9dTl2H5CeF9WL2d%*r<Gij7pGw-gH-f0C{8N<AwKGje2=M{C;pW9E^td
zaXh^*#Mt}HiSG-hdtZpL_t{1J_obAe$?3}Y1SVSf{fcSg1Bm{CCavrt9!F5j$oI8W
zd$srV4lreZ#2-$4h`N1fRkia!MWC~22|TYgbx5hDQ5lXMFKc{QDQkSlf=p3!zYH3T
z6i;y7kPj**n*=coVvi~TIX)zD`=Muly!`wKG5RQCkbWdY+DCklenbc9M~3kENct*<
zC)LMDs*fvv_d%oZVE$ML=8p~1d>olFK64p@Y3VcA`7^p-k^$1Iai8M>{yATmd~SMK
zTQ#)zhJo}R{^vq=`hpGtc^mcx3$ri$!AoH5TWy|Nxb|-HORm<J7W~#l&<#exmt?;C
zk`j<NE?-)v^XM<3_+R=vOJK7v>&P$IdkfZy7u-#5fuCxDnrtDOY@ywRnOj%y)vr0R
zM6$&n$Vk{Ng1f%~l_}&G^uGy=lyXzD*A3=gjnYn|u&n(J5?FOh<Vk|~#tN?sRqn38
zNkn?LnAE(kv8+XU#ztDr>)OV$-P#o1JOjB8YaWSUIwIXii``K%;N-WK`}Q~Nt6=`^
z`^vq8TkeE{`(k(V1Ss0ItowKkYgYGoJ)VKSwSrHwR_@%^t&r3(J;RL<n=nEof~pWF
zzf*ne{4Cg4gN7?mvpOg0Gjk@A-fH5QGqL&I#|hoX$>+%52b;5i$oG7)<J0=y67Jjm
zfGPgKGtm#`u>QgFKLQ!h`w`Rok<<H;56&O;;KX$PgX#Q-)A<h@ssC|CDyH)jrt=f0
z^OHR0e$rzO)53+BlRtA>KU-C;Rs5?2Y!~qj*q^;ofGOg#$H}dn;#U2gbNFHwpt;o@
z+L$CRIGp^2ll;Z1+SwcD<fSh_`xkG}W8%27Z*m(azKsu{ZSDZVl(u6^+c~A}!f4v=
zjV44ZRfTA!su-<Q6(3p-%o$p6dQG7{X{v>q%%<AYGqY^A0!ZPpm}<efwlHTT-KH{9
z-LI!e5~KrizH=W=;HehUelisglo1QGrQ%%2IF=~RC5n3z0q$|QSI`LJmE9Do?VCyv
zO9KiC>2hw07wt_Yv9w7pZBp<EY-|<04T*F}nsh)#cvC5}4k=NGYOX^y>{YFL9ZvyL
zMYB{(h}F{R2IXvt<ZNk{v!y6!D;E#=xD|i3Jk?r=xwg`GGBZ`e`Z3j3(hHUSO|?^d
z4(IjU^mIitXQMJ3DO7(owG){LA?D5qb7!k+7l5fYH2HF|kfY>L5z~||VhTIeXLQa-
z9Xg{9ot+j7&AusA4m7o^zI&`t(j~h%ixArlVeaOZ6ieH)GUymI)dit-@z8SFJSw`G
zLd7mqT~**~w1!Nvgyq{E;q9(Qk8A#1p|+L?h^khm_R!Nn8J**%_Cy$aTHeQ*Aj)0{
zWiPlbgJ^prw7r$toR75&X8Rq&{GHn7x}S9~NXYvj<b9M1wKfi%ZV02BvYWzCUa*OM
zyCb~rYE_`|1eQGzVh@$RrrRn#AskekGPSRG{+;THkb3H;k=#e9Vq<DQ=PX1crQM?`
z?5<u2xtFuucaQ}&P!+>e?~w3RwPm#ND@!R<r7*RBNLV3E%hn>?0}$>3R#gXIh^+nw
zXd3PLQ+*J2pI|Qxarz>hzV3-gO`6;iOZ7u&{dAp>#s;N$R_&u<(mPN{dI!UA%gV{_
zU{>TMHHck7NF9oVI8<N8Qh#S_O3_#?YYL5d=1-2M$9y)QEk~nua8g4tTkoC>6{E3R
zYwU6{Q&R~s<$Y)pA{~a14zsE{+Qo7y?c~IU#v%=8hW<MT-O3irP0nXS?NUhvN^L%q
z6DN$rQUAl8$wl?oub>q3B(XBwt`2T4t8f+hOwrCLIn|_5qh>nP^9a=Q2=zC!IYa57
zLan5C5&3dje`YQkyN%<Wsg2X7*%er~axmGfVZdYQc@V-I<m0LJ68v_dLSs=K-5SZm
zIR;Cgoo)CvEFvi;&c+W0Q-g#-JXA#=_yVm8CDX!XsI+jwwGdOof@9`DkYPcxZywZH
zw?e7$&O3z*B&LRQj>E%Qfq+SBC#_!TZncV-0r?Nd{6}E^BRKyN=7rX8L-TAB4<4qZ
zj;ru6C3PHI@*aoFh~no?spFB3$73Cjr-$3A<H>2g2Dp24U^u)sKOSjyyzxO%>UgRf
zc@XG|)50X81Ve0DO>I}3Is!?g;agmUi2DSW$TgDLe5B#-f^G=zeF6Lv10NxGpvy_A
zQHav0h*HYBk$J^=w-EduBP4|h^4F=w1M$=Z#&!Y@H8}g9${snUCL(<%TH>Vxg;gOc
zCJIq8kv{d(<mn?hhb4X>=%9^I2BEMa#aiQs-nb%dvZb_dR%WD-oN(lsI+-1LrcPG*
z%k{=MH&H`sCj-4CDgck_da|!8)a7J~p+#jnoJ=3=1Aj~sw3@{HF-h>pBrfA5!5@<%
z4LF$_aB`FZCyNH0%nUf03pZI1ZgMCbK6pD7iFB$k`{MFesnf7Tr}3nAn&EM$ZrD*T
z!u&xj)TvILCJg_wet143t*|pmX~dW5lWyIkdb~}qllfpfQ=(w@=-B}}pK7E){lu}q
z|5Z;kX~CK>DP2uwVx|ZR=DNZ*BJ-o#Ho8x1{Z+|AW7)e@+=7rae?2laOSt@!npMYh
z-fVh(QbVA*K>ykL%kawZeQVFA18NSFZ;s`BQ#!cV3z?qH6KxZIq?&3%wrDau9M%oN
z!(p@tXbRZ>m)NwNs(co{go9c626JajV6wA;$?(gTsdFHWbJU*`@uwACgg^v^(N2G#
zH(j5}=5_cpInD`#486dSa;m~4YkbD@5EoQ3CN(b@U79?sNTQn@5iv*_S@YzPHBTB@
z^Q4hAFBn<wz{0V1u8>jB<(cPPi+^O<0S?zdvDR7&R&q(rch-^6R;c=nZm-rw8_F4W
zk4LvrW6g)|LBgNMr-Sn>;mgh%Du3D8=W$-B9x>Yag3-?BMmt~qJ^YlB@PUtp;SW<2
zqrq}CsRhhv3lM_^5k_0UjkdsOw1wPg3q_+XtYox>KtE!&3)mpLfWH&sqAo&8FCuwn
z5fW*U(#kob$rLHv{T4Z6yT~<-nClnwCH!L3N9_F;LgGRpIxghVaiKJ%E~Mch(TSVs
zKxl>UmYZnN@3(7UFyER)6^mh}E~RN!-d9}8Jaj3DR3SVr!#Vge6fKt_jdW=mM+7O!
zUk2Dn!LUT|z!L7sC6XtXkmQJW5SJqYms`f7uBpqpmo67QetD&#c{z}XD0&4m%@y7l
zVTEQ=SNbi2!><n4lPSs5SF?%mYM!R9mM6li<%#fWX(GH@nh3APOHBN&kJL2~^%{8N
z5jpM}Wb<q2=h2z9t_fC_h|E$%W~tg7WGsAlfvvokN{TM!=39znCj<hcK;GT~1rqRD
zgmkTnEiIt0r}i+rXsWSf&euw!U&}?mRyNjkNS5n7W9c}z-7{S-%5|Lhb#ho;Cx_K_
zL9ifEu1BI=ukW%bQJj-=;cZ=wK*hLT=68Ldx-hJ66yihPu-(YQMk?f_fmE&=P0qVf
z8cUkMq>T8QVd^G`sEZ_xCu0azc+wcjX@&pW+Leb%Rb2aKn|m)HB5FiMY!?&+*~EoS
zfngApWn_@Wg|?a713f*{J#_al3@R89W%ConXhar)7>)WsC4wT7s1SUL`ZTU!^!qd-
zJa?051TnAbF5PvOsxj}qKlqrgTlbt(zjNwT)wxxtYTTM4dO;+psT@xwOg^V3$`r9k
zG=j<TR1)TR!tV+{%AJWXSp`R?RiND<DO8C}-xMlU60*#7b!i+*!UR&)s1R*FFQFNv
zN>)=dSgkXI)tniu4$OcXJlD|q(i%LI3hAs3Aw@LqX9mRk=>U8`Hvo&mmJ_GP^W2T@
zCF>x~b(H2hH`31E8xSf<_e#ic9b;4L3PRvg--2L-c7s}J0}2rb7WNyp&TstQ#limo
z+0OC+H--HzJB59aXy`%l+?zab`Q1uDhM<y%4AYs1DAEsc+IvXh$4)giaYGV&o~UG#
zKRl@V-=y-A*;_)JN9BB9*u?qNO|&y@DmwLopDbYZ7y#k1z{RW0A*0%38bKf9<avzB
z^B6zAg4`)3kN>Q({&5{Pk8`p-PGxz#hz(NL6FxJ=a-UFNd;))w;tM!q-yHZKVoXmm
z==-*Whny!1NEB`QN#Y8g)F?`nH!H73B^0hFDO^uNQ-Y(;7NAa$x};=_pHM-zC{`s1
zke<E882j8xQIrWsGPTJ(hwxLZJ9(Ngl{q~mQ#RVWO|7|2S$!6Rp4&*IbsK_Qi5qS!
z#tk8(XH){u_-VOt;P4sHzGqC!$!Byi!|iZZupKbi4j63zIZJ`<oY8DY@&}%7JG9m9
z#8$U!Y<0VDt4cTAu0DR2n-4sz&|<@lJE+O*@J&Yf)K*mU4tzzHENK~@Pg6-)!3J=}
zpb7~80aX5j@LXPugAJSgp@<?Z#hUd=gXAS8e{>_QrSim7Eualn1AnC5`j32U<&Qdk
z&jEhV1(|N;8i-iqb7~9)so{C5hUX1xc%G=?c}@+Y(8@HVr8L|m;RR6n1)~~XVAb$~
zp-DRl06UBE4rZ0IORc(#1X_0iVRsn<t-DxJcj+_;a;22~iA<G30)JAXHS7fFCFI!o
z*xE~k@JptV1Z3za0U0_<UiL1%%NItG=J=@<h@*0Q**LoFVP=RlyGF?#p7x%?Ai}id
z70?opuA<}>?U`Zu$Tw`&hmyBLZ_`Arpfi|jd1I;SW?x~UdX;wBS6!H3KxxLSAvB1}
zYoz9Dy2;XOs#C>uUMF;3*U@<c(4ls`mx<@_bFaN*7P^;u)V+L|XD=Ui*$ZQWt)Y+D
zr&ir3+EgLe)XW)uQZwY`<wYrQEnu=wR`!$Q6uG^x(s*B>6f^@QrW3W`$B_2{;rDeP
zUEeo-bbVj>=n7@}K&|$HaM_}ozyN;<{s0N}0pR_CPAKsJesESMZ6Bl}b^u)t3E`;$
zde!}a?tb$)yg#s-;sCdwOegniKiuz6MOyaEhP%}R{+}WMJ_Yi8ssrFt0|1|@02D?2
zl!*GNYAS?=Co9^TasUW%z>L-bg4O{d!T~K>2RO72BD4+yc@FB(I*8E<*&hUkSrqgj
z5%i!QtAhZmVi)+E`o27~U0yhu9}G2r1C9F|Y8*HaEeY_AlP9I!WR~rpe^dG=H#Ype
z@P^W!zo#P2dUCO^f1ry0kQG&S|0u@3A)oJvWZ!uo0c(_vDJrM$)vDhYs?s`&G~Z)s
zzAw6HfchbT`XK=3Ave;dCX-3k*A?c*%@w;iMC{^_-YyQMBCUE(&1CYZzMtQLQ^#RC
z2p)Fz_wbbb2&(>Qh@R2&v|e?3!=t9ABPWZx+AVPH7Q!nisQpM#`%#bDk1A>^(UL?u
zlSt>8q>&{@h<V9FyTb$#4z-^E<)6$>>?b-=_$i=`h{DcGnDCwVC!J^d33w(5(NC#h
zBf5u^vVYJ+!vd|ffH_&sIQs_Ft!6?2!kg8r0e|_P)@-fj#B8nR*lg8@l3#LKI+Mlw
zqpg-$k(TtR<D@i9B-CmJ$hMM)2IXB%F;9F#s#Sp$AOcRVS|vtvkdKi$$ReLCq6+MR
za$)U3K49%ZKG4~NRT659n1TajasVr*X;W}gk#=Hs-P1pg)-#t?H?T?qdYfoX)!v$S
zWq$oOK+-ng#Wqb#+D3MXf~2aHZA?<OrBb#vS?*C<%WX%@t)2L@qLGW>TSo(;M~iig
zZ?~ca!O=fL?dX6Spwk}EX>T^&_SAIS`$Q2<Xt;z2Z@BGshTGm?xb1<~7|(8XAV72w
z&xOnt*-FN@TgL*Sjx{54EJftl0(C?df<oBvpd70M<yZqK$C6GLCd(_(Jzn!U!a4!=
z6!uCj>jWZ>Jdus_p;#xN8Yqpd_fj!a6%3MD9o3p0WlW(E&Ilmwh#&<Az~w7Eq#bpT
zcBB$^biq9Zfu}hUh;bqk1Dr0mP89QJ&*dbil5%-+g9)F?XI^VrhjSA3DJN-zG1kc;
zDMY0crP9eTPqe^^bn6t2I}N#>;*!tNUYW0K(nU`t1WtA7-Eh{aoIj1a+T_;O8E`mf
zqm<Se1hX?j%$PyuOn}OnNcG^Tx^<=-oXSUqmh2z(HDo)5_d-GM=<|iuh0e+SGBDG&
zx+wW_gKpS`c?ozi@ebOtA&W|`svD8b)Z)_NnTGWEjQVlL>Y|)hY6$@9f@PC7&ut|M
zWvDj4-a6?YDV~<dQX3_;n@@MOd>|u`7Qi~oAm>>HVE!)@0uVWaKAZcDX?10^-<4{=
zE512FmdMyB)1^U90;`*T>1TDLjJmN)KTS=|($BBm0@wDIesDnRR#;G|c1;@4E}5Pg
zuSvSGs!UdlBdUpZ<E94Z5Z#<3#2cHRp2%{5fm{n#cLQMEDGc3t!1$Uvz`9ewy0d_F
zX8}_e(4IhEQ&pI{>-JMyy_hK`?@)UYRC^g5Du^)qzZ8es8??1I=TLha9BOZqL+!&T
zt`Aj5AL>y1s651TN6hz1{bhrKWgqU_kkuEow=ZgMU%<Mr%Os$br7ePclGVej;$5_5
z5jVIm)8M{j=#}K*UOic4U6E*<5U)|sr8Y+`K{87JCw~&91Pq}2JP*8np22;drwYUP
z&weg@aN0VbP&!{s54;}W>rU6Q^8xwu4WeO!fXoGe%mq!1Wu!JYmR*4Ov3Ojl!Q&!A
z?jp@+G^@YM9VE8~s+P~rRR>X8gXmnf@N6(U^j%CVUTm7GUIMCKVsO)!(B6It@22^h
zIyXIpy6GXTn;rsV4yunCf?qcbZbKBOtpGQSY4R}IkYQxbFibmVC<Skp8n7*;j7oWI
z`I<UxODVRcEViY3Y)LB&*p_n04kvwQxM|{02Kbd3P%EQYl<}zXHFc<!QPj#<)XMaz
zm8tD5<7N+K+S$VxWy5*g;${tFWTBd{PrgGIkz?peWegp!#?YwD7|oth`GD*t^V#r6
z46Lzg#j&Cdg1P3dSW?$~o1a(1EqvbgaVZCuR1WHw3+{e!O3JBj)AJq$g27S(X*q?o
zTnARUtKD;NT}j>am8L-GIM&%$FrA`;ntBECSu!2S_)PJd)e@*R^&qU}WyL`I2rQ6T
zLslt?d-##AKE41g9N@141g;7!zAl@bNfz8!g#y4bzX7PwJMacfVgg`00kEB5+9)NT
zwshr{Fbazard?9jL`EMIDdC9>VOi$gS;D!*N#ONK0a%iRA4E{-Ok%*A6wpRx6u?OV
zfY{C^6SYp(&3>*9L#4o=u2tW?R?r@n#9LED9XPwc7SO#`7oZdm_yFa#Y6}&oeQj_R
z6ST+c0MYBrf$ZyClDEK`g2bN!2u{(7KSd}06yPlVFT1i3e%bZjr@J|<DRPfQ9IqQ<
zNJenit`*bC7}LoZD{8VRV~ofc<7JG6GD0D*2fVMBBY@CEkigY<-Nx!%t|C#(d_v8-
zo|w2K1+O~M^VFUBDiWz?hrGC2H{Rrs7cV9Z2WyL|bO^6xhcuV(dQja7H*!p7YPFZH
zG%+imNaqU4l8i4|weia7$uy17CzK<T?1ZPbFf_A=C9PUAV%M_Gt7S&)S~_Ca>PGBZ
zbyqwSjz|Llpl;H^)>q~#O!<tFHqA(zrqZU#b?Yd7wv}OqoeZ7BX2>)k!=EVd%Eu*g
z`QQr#L%xoVYIWr9Ijau&n>zdg?{Df{_Nr8m1N1C)ilAWnUDwoW=&nSilH#H2&|QhL
zmZu(N8ec~jJTn-;W>9_1Ao`er4oLY0Y@i}rJPi(+lauXM&LdKY*Qki*@Oc4Q0!*U7
zFvm<!i_ObZd&pCJ$Rm5m;}>{)$m8)xQBgj)XT8{_JW+R^syolAJCD_!4?llkkn0J^
z^|}es%pz`#=W8r_4faT+)kvI)cm;oWZDc%2qf4$Fw;G|+8p(j(=;ABKJ=*xnaam}*
za@?8?^gbKueKtU7HXFDVrJ5_p<s*EZt}N4CId0uRwQ_^2zjEACb5vP3k}Jn8kfKUf
zFkU$>D-dySbm^7j7D!QLffQBNO-)}pF6+Q6$7KmIjGJ8TmE#tZWXhsRrmQ){bIs9S
zId09Ro^LLBe=aq=xjsoG;mxGy-K^_*zf^i2qB5UQnXkF^+PVeMyu~oe-$Fa)Ee!s*
z&>{X7^M%*et%TRDF1hepmch~ER&?RDbt?zcZH7GoiwX;S{_E8ug5#p%dY^F%ivhHY
zky}^{<XWs74i+0uNXUmFf6l;*8H^Oaza(4{GU{J~WLyG7S)!A1iGGu~d{%%6iMNzg
zUW%++DK8LV6n6()Hu2NyJIJ(Jyk?CiHxgNQ(DlU~?3DHnE~+5kE}O+|4Yrm6(3Z*F
zKbdSoEF;JQZdp?cxMc*QW%>o&a=>@Fd9}ZsS?%A6%;HW!@J^js+^Jhh-^s1^?<6ys
zJ6)XW)GLzc0`XQL@m2sSR_MfAp%ZUKL9a#WRuJh{Q0Z2Lx`!Xb?kd_DXT2+x2p4<8
z%vwo2;!4&aS2Cfmm7I~TbU_*|6-<x?$GXp8q)p|)vF;;AdS5URP)5%1__-iw79)U&
zKyhCY3Nry+)FKoLl~L603sD1AR~2KKM73**a`T#9Lz*LADH)%^nq5Oj+clhsYgEOe
ziQZbZ;#wJ{$YyGX1JKr@p0pN#xK`Jb*6MoFTDCE3x#{5jK#=<Z{rmk8GTn54f7l9k
z_*+MZ|8=hR@@s27sJY(kCfCzJVm%A#dITxq!b7@V2kClF?d!vSg@@P;1hNgf3FL2r
zST<wE4=W!m*z4=9hY3IrGoks1IoTgJnCv5J#Yg1ILP!AMeFVY#2x!wII(Q$^!TX3J
zwlZmYL`<4w>!Hm)3PgDnaClT_vyTSNU`_Tvs9yfVV6q!Q&5dT0-AGM#BM0e51Sw&{
zL%LB1=|;_`iH#wq#A-JY&^GC;_A$NHZboVFc+1^PaN109+RPr)mc`nf1=jBYsJ{nN
z|K9j1PCRWXg;rVp-uNl*NoFPbBqjVLLs*nqWumP3c@$=#w6>_Vw+ISln$zZ_runqF
ztYLe)!AH)mttz3d;&sohq5*y@GSjVq_*R{nZgn+RP5T5D^5`w?{9&ttARzdZGJkxE
z3&A~=lKVIEIS__>Dufu4B5$@3Cao@apMsO(r-A%W>%7s^MRd_uOf}t+wXM*HRUX@r
z3bp~B+jJ_}20TR(qiq~U+c=E2g&2{#Ey%Y{kSWP}#_S`Xp?&`u#r|M%xTyej#_a^;
z?K<!EtloRQprmx-!x1kKJ}(&a6I(k0E<2I(b^^(E^69H(c}po4@$x(I^#_6F60)rt
zvdMfCby`<uYU|{65()LjQ)?&d{B|+UZx?lbyGR&rS7AO+ko;5d2(jADu-Z*o?EnA(
z|Nj60AphTXY3e|)P@8$#dJzzK(XbEfMau6*ejgZLQ@0Q7MH;z$F;KSJj2GF|P@V{C
zULb1FFRPiA;>|gWewkR+%d|g=BJGaxJpj`^$inx4#_iEq_#Ri2pj|%EC1|%^p`H5`
zU4r)T2_o?-qwH6y3SZ@nOBCV+?J5$l5(+x&YKkGM*@D!>dD^X41AS@5Wv%7)Vrnbi
zR$eEz@;bGZ*RexH>x(zk%5UIoTjDV^pf^Bk-_RJ)8(IT;!v$Nmd?tTJO#Tdr{n=&C
zHHg9z0Zt-MS^QaTF@^OlF#Pc|;<w1C_!dQ06xniA#F~A}Tk-4q=i8nM6+%9510dc;
zK)emw{I&*dQ7-qYk~qrSROYueGQVAr8H`GVzd9-zE4FbH*+iB2m#ze-6yIhKo4i9E
z#5-Eo@eb=c-er37yR;|2>yn#4WSPlxyax!pXYd^FQGW07o`bKc8<*are&#*5us=C$
z#(Nswz6U)G!fh|pj=fa6y`0P4YaGw_0RsCBxb36-_VKv!HFdb{qqyy(xb4&6wy(+Y
z{3G#O-sKR>CG!3R6&v<PeruHu@DaVvT$G{LKBh~vkI_W`V-SJ;SaWT>^;gjPzbXO~
zzxh}0LU!vDD#|D7Tc4nd<Gljz;&^MnT5ErJaeVWdO7`L8!dPWbOQaLoxbG2ZJ<wc`
zZA?DbH+R1$r?U3?R6HBp3v7=0)MJ1OMslWbu(&#oH{)hU2Z;dUm1aZLZ8~a0K;kWr
zy6(W3PlnSyq0v_U9n&r1142md|0ebRThtrHEEs}v0?p@gr(h~p7tc@US8<;cQsNaa
zvs7<(%JPL;^^2ftAJFtKK+{DXc9ZBAO<ZVceL*Dq!Yyt)Vbn(WYSk7J;uJ@ym=#wb
zg{1$I)cn%LAD_q*weYKg8i06Tqgl$=K-{n8_L%Ud8=TkS>mceUje*GUwOhz1My=>O
zG5K)o{cW-d{u)$^WI>Z}HJiji{2dSr5-*sXzP6Q0H0Cnd;x0HVIIHMAk25l;{{B0z
zf&YXJWHXEWQxPrjs{d432^!5u_G#jIUsTd;JT4f;O<aF~W9ttTr5^xFKgii?O`<lD
z=27|qqV$6&diDP^!M@e(QuPos2{}YoQ-`GDNCDepL6SRJk2j}4Cx;MGq?1FQPRI*Q
zh$<CN$W~*zqllL{OghbB-PWkXpp}Q4Xysu<6SeX%w!Fi>ctpS>q_s!z#-}5iA?XM|
zB-x^hlTE~3C5aF6C3XwURlbB*@m^UmM-S*QHpuni|0+678{AiJw`A71ve1!^G8RS~
z)fK7t3fg7pmElDk!$~$>@ke$`u9MiUXeaT@z>L~%g@cN+q@*G*nAD<DdqjOraDgZ@
zuG{MMV|IzRYRT7U(*V>G04hoXXM-egl7x07k`IsfOdy}g*2b#D{6CiSWF~qqVVhIp
z>a!5p76Y9{mM*qMpc5r6#|wejot3st(YFZ+J0O9|6zq|(4(>L#gOBSf&srCs0mZZh
zifM}!(-sKbmb3P@x|orC5-5NL`zR73u#eJQXCxm4R)tY$$Kc(Ls;nKe4)zM+I{4or
zgKD-QHE}>u77|y~4lGwu>)I0}+KcBgtmL93$55G%;brD)I_XS4R+Xtwt4nS9AP8J@
z>uLKq<<<mthG!o~+Hssd7H%I8Z1Q+ylg9&@kLPUicx{x?tFP_<zn~`h3tc=be1b@v
zz$oPe3iSz`J)U5S%h(_hoZV3$m$5riejRxu=tvE>V*xu=w2qABc67}bD%dhjoBVXk
z+r-I4Hz&hoj%pH}02G~&Npu1&=){?XC~Q}lI>eIcstjS@$<-cBuuoxNK83=33UTYF
zNEa?xUM4se)LIB$crOed%<W0APtlPPy|mB>%)Mp4u`YoN9ifCoWj>Q_#MauGfY4d<
z!B;-epO3N6aU;i83VicYEbnRpKXAa#(as@bwaie3@86My+C+-Bx}nwXF5nv>otD3w
z5+v@lL4qq;m5V8eTIMaGc6Y`Cx|4=<M^jv{V5q8iqG#NaW<&KSOFi*jwBDD6@M1f^
z;XS~cJv0sP(Nx2G5F6>C@2BSi3C;x)oa^nTnVHCja|Kuxc4_h|yCFk9Xq6LCk?4wi
zQWO$*=bj|YX?rQsi-B6ZXK>g+rP<Rz>O!UOg{1EVgzTl0UZxOZ4p7Q+xt#=ZKrccl
z6(M_hLV~vSLT&4nDqgsvtS5Sr`A2U;y|-qOY4<@8^Z^3*(LvD1<@esn2QA3XJG)N`
z+<l_Nf$e^HpSvv4yM=y03{lleXJT?)OeE>Ytk^JV)+t_4B+ABx><h^1+rB{Ma)FEY
zPRk-9%mqXk+A%K#jlU2y{z6xGdyjmCCAbiC<63qR9Y8K}wYx#>{-9=mgEIOv?e9<8
zkE9tu%y<AX;{gAGYOR4m>s3()0#OGVL><V8I#6Rbim-!yLQ20>zirrqRmqh~7c&Mp
zM2sXdkX=_7lk)<99#(?*4WX(UA|n`LEgDaI7Ynczxb$oGP+E1U{LYt+r*laSt)UuP
z!)VoEl2)R&E|ZOmxeP;Vn1)s<ty(JnPG{0w79Z~!M`k#!I$Zo+lZm?=nc*5TWyBoI
zbhEB9{h>emGV$B@j4{m=`!d2vywj|L^ADE;BflIu^UHxymkXn>PbVugZUUEgsGJ_p
z#w+t;WYT^2kky0?oY%O5)V)HLSLJnu2HR1D#3&uMql`1!apHI0Ye0xD`bcb#quyg2
zoF9%OK4F}k-{FE-H7*&i`B3FED70Xl{zH||iCst%8ijVUM98;gyMj0$Rz(#W6^$os
z#_Lox-eCS-dL^TRCQ${c-vuNEsEkP_=s|KPSyc=DBrWuWMxg~P5eofe0{vtTx5*ml
zuO@7+)<J)@0s1M*Apn17gQ1^7EML6SYy{B76xdmGub_hA)wo0z|9?RaV-zDV#)#-K
z{1_KBAHiMgZG%KkvK~E40huyXk+|2BH?PO?T(8sd^#&bRx{+i2)X4Gdv|KD#nN8N^
z`C+D#Se1CW<<KlXUE*Wl0ufyCk{E+XBiw+3YU(cMr>lGdz8SVhl2wtpRF%r4O8v~N
zluz?N{X$wvI$2LblS|ToP*VI|hvtAud}p;+%WEvEHA&}-l9-7udvCyu8}VVV09>SD
zSIaGfp7Oab{_?RP%8lSDYGf%8K~;IyfO<6=OQ>PMsqqzunAcL~wPD<o;}1hCX$}8$
z$iKMMOp~Q%+WY3L+D01MMw;42nz4;Ez9ZUBGfRXS)D&j`(lg|uSuVHLJJw_=L2`y>
zr-cpns@ho%I9Y~dmQ_xk$_&y9*?E~>CL`FZwDJu7yiVkLK(AgSay>(`o)x))irfHL
zG>G*`E?XJPCvxCuntVWbH0Z>h1!&IFh&_uTIg1s0HWhm|G{)J~7-x&7%w%${$p_6Q
zRHG6i$!wFinvFSWy_L_5^Hw(iiZ=j?Hx#^;AVczM$;W~y=dEs}4&z3xw*q;7?3*-d
zx`_ejCRR;zDDyccZ#5TGovYzLmwKzY#9PfJ-fAv1kh#=A=IRV&u5TcU%bLr$ta;QZ
z=RuzHD9?GtWQ8h6QQT~FH7X&f&oi0iJi<penfIA-3YiaR%-1MnJ|o(E)*u#8h!y}A
z3#56>$|k@ZW&uNgfzH+33h3Rc5&2ez<gKj83#rHpp;i}CtuEx6u~71?s{{Em{X!(j
zLX%n-Vn$j|Q{cxrn?-==B0zLe!P&&c>xAy2kS^zM7Sk@jSnF><1|xfkMpsK1h?cOr
zT1uHOHTj#{LDkze{BNiJ=62$5ZYTccc4#HHQ!BZhvy$5jR-(9@+ZlJWj2h-L$Z{EF
zxlEAA)aP9o?_TDTBrCFvpuWsxn9DFDtzm}jIF*2ONcM7#N|rOiEoV()1w{#DAhK5o
zr=Q8!#irILYru|>6%3CRI<IpVpm~=@?7J9}cd=sMO~t+&u(;cebZCfY)5)}0xyEz;
z852PGZid<2I{EJb#P89_e-A_Q9#;N)sr>f>7WcZ5w&_evHX)W1tW=WsGHmYENxl-0
zU8#|LB|~y0EBPua`6|F-l^Z!)NbaXIqx0fb45w8(;a3C7t2M%}W=O7Pg<nI3UjtaI
zaU(~`k2#sVu$Y>7TD>n-J|ukB=tKwEhwQZ)(bqC0*RrCor=qV{-&&6jyvPDVdc98C
z4M5rr8fiCBPrre9`VGX>Z@`ZytG;^!7t(pijkHrjPr5V$_Cv&ZKIH1-PQL@K{GHdz
zJZa_c!d5Cm{*Dv!5ubn`cRB`1_6UhPsri89yKLO)Q7-PZk?MXU9LhG*p==`)Ti8hA
zP8%63*=QQZHex2)VQix|?z9O|+yp3YGRK`ZY2!|h(aFtY+L_hkpx)yeOL&|C=W(`o
zK0%p3VVYTO230p}_;05DZ8Pa_n@NA$3~ggGwT;b;ZEPlSr_Ic)Y6~^REr9eEHtw{A
zL2`@E8G-CI_ErrzTN#pDS>-%UWquk$^fZMiNIC<^KTSS9Jk1F4G;NnJ$2QPPkZ;D`
zRxtbUt`K1M+dR&k**`-q?-{MxZwK|ZYmnW}G-^AG?6Z{lvnI3O0jloM@ZUkreg`r8
z9mMQ+K%MTOI^DtObce4~#q4)5X8#;Dq30mG=P0}9T#~U$mNhG@MkNI8=S&{>Im|@s
zfqiD2BAy2{p4TYic}BG7Swq-K@d0^p?47ze=}v~nPMv4i1!(Tlh`oy;xr-HhHx+v~
zR4Yx8WAE05!FH24>25}n-6q}c#+<ae-K~w2z6dCS+&uP+<~Zq#+BoTd(w_dGS~v3&
zsP~daO)oLvyu_;MWy<_zlbZp#a_l`C{(GpK*+bmS9^z*9Km*xB4P=kbK=zP0=^n<{
zyhe@kHOTWd%Ja1#+j$;j4UxsoCycK~MFjTO3N~3xsuDo*8oqZTph>ugdonSB{~`qb
zixLn;R;D3c6&}k_3A|1SyiN&-qL!K3B$v9{2AOZ{H#Fw(27}8RtU10(74#-l(3@02
zZ}NfcH%TD-O-7D4O+MpI!bca#ep4IBehbieO9RncjA(DM5WPbodIzw0hl}mK!_a?6
zHx|4L=)J2E`CW$OyR682smObwR%vn-doS0Fy)F~T-pdHG*QD0Hn2~lUDDdM(gMEM~
z$n0Y8GY7Kwg><<A;eG0p-`5TZe*yLWqS4h~7>NGD>gof^`~%Z~@FA%Bp@#p5bU^r!
z3<w{R0pUYvB_C2N`H-`c4+~bJj0Ybw<H1MNFh7DUKcXx@VguQtlmxOrVo?9cWSAde
zMq0xR*>NiQ7*P3Gqmqvq;XY<f;uDI}CxFE#x<K|P43AHAUI(P9vG;4l-p`QS&x(D3
zihTgEIM8Gu`vAl2fKGmpS;ju7k^dk=@*pe!XH@>r0E^EIf$Yy1HlOJv{~VD0TqF7C
z49U+~$-ktMe+gK8X%1w6$#D8oC;V4{@>d$+zhX#!#R~ro75*Fbt#5EN_#1}wH#%v*
z1=4=2k@j2aF25!2@>}9Azr~M1H27OC(E4`}6XbXL{@rheLhA3_e#d{XM|QtcFbKr_
zP8Cxof*FYmwA+M1&KX%%>mWV4tb6<((D>dQ6#bsvDEv>_C^e;wEmO+GMv{{89Be-n
zM^~bq!yt6UYv(Z0&S8$tkF0i%(1sjQ#Xf?ybHt>bBY@)(!*uzGRy#id8b6t1cR#V(
z`4?@}ztp$>MYQuTopzjvUOP^6u;OR6<21+Gahh{%T5#HNT9Sr1Ey47}X^CBjBP*jM
zys`|>O=MX!wZ+YoRkFAh*NBp$!a;H)2c#BpO7ses&pffJn|`0`&hnXVzT;Scie-$$
z$j8)V99!2y8_>25654DF|E>46Epz}C$J|1PZDDJ*)2h^3yYS?o`m9aS`Z2wu2;ZYL
z8{wUHhCb9DtdsaY)SmRA_8gmI*gn*O_Mr}{)E$tA^9pnx&VRMQv4g?jJLo)|b1a~7
ztZ|_zA2Z4%89$ukbl@Lv0RKcWfvn18YvXx;?(4(f5ivWF5*06=Fg5PhG{*eb^9eT=
zT;;&E_$2wOc;HR^R*9V?o+UFl7m-)&Q!n_q;!$Piq*UbeipF$4J}c^p9!;jB`RR#h
zAVpM$yXL6(AUG!x6pJ}BiVpQ;vfgt}7APfaY7*1pHL*1EtS5(^o@+Krq~U->8crv^
z*`18d?v#pjz08*-DrJdwos+NYrfIxt^PN<wJB4F}0#7Fb50jO{p;<YcQxtfl;3^}T
zGh;+X$=syE(;30j8IbMF!_(OaPv=zRtPq}jd>V(#fT%zWfzw%)xpN@13QlJN&Z!JI
zr&4fEbtA{rCUZIe7-?2uo=>P@16iR(d7St9Q3OyFkdE>IMU4POQ;{B{eR-k<d4v)D
zEE|fdf=7M9Rg|IxrPCOcPNOKD=0=VSO-RYjp{}T8omSFjaVXA*>U0Fv>45&}JXEI}
zp*lSk=^5IRDwM{kuuYwz3V%i@yb9MD1g<j~xXz?-o#{r74~?oeo_6Ch`HTckWqGE_
zGj&05bpiCd@Nji8!qp`e88SK)Mg=T7ry*KfpUX$5CZf5zL}junnQ(uGwVkE5<}Aiz
zokj3Fo5AmFe@3A;<ZL%`loq$MnfbFU8{b&RW7!p9*%k2W%46Bph-KGQWPFoYW~!nx
z?LhSGLN0-`IaGT_FUv*Go>O;rPlRtbwT0cnRvT+b3{(wtBN{k|(ZD&>g3oay9ST`8
z#mr%vm=Ht1DAN-SuP1?bAM)-9a*%|`>CQvm-3WR2R3th)l*o;SB6)*sPIT||oO}*|
z(*sBZvH>}oY(P#^*?^oL417HbWKfxUt%1jKTw)q3l2PzJs0^H5^$V*1_tg9T4C<^7
zQA#2Qq$G0A<#l+jQHSTIBAuN%`G$h_d_N=ljOa_^Khyzws*?5$T4<`^quErAzG@HY
z2`>e8dWB}KRw9{!oZgHb^rqdYw;TCIecDY_CDUR8t{XXfyX-eCUkxa+kOLA6IemCF
z^f9WTPb$*ss!%F0bTY#vu+Bb#q$)Ul2snKiaQaek`iiMn(Z|%1`<!J3y^A>y;c_0J
zeIAd?c}85$OGQppTudMl=Ue&#Q9v#wr=P~R^lQqu^kZP_$M}|hg#j}JO0tAE8p|T$
zTlz7s<liCIml9)Db3Rhd`2e5udDWb6RL%LqWF6rr!2Cq#H`F9j&ILhpOcki#;A#NB
zaRKrh7jk~%Lee!ZVsv~F?HU(}t`Y1h5pE;x#_HwOH43|nOkJZt!XKoUa{BZ5_c!9-
zKNaaVRGni_&E%&?rBt2@LRlIA(O(t2e;~FBQhx%{00yK16r=&be}oC$6mA1dAPqzy
zfy7qMKpv!lMvw-I#jWB$)M=pt5OF4hfLwzB!$BHnGN>tMGKj%&5aUb+k*UNWW_~@0
z@g{@tTw)O8Uj8leeSZddR+od3E(Ze)2lKidY}Do8RODpoa6-kI{LRIxm=|*sby9;k
z9Igg%I2R*_a|!2gE+Kts2xA9BXkQv4cWBWOSQZQCS(eT6ooFZ^GE^+v)MzCQmJU_v
zAxVcZk`AMi4ijtZ%4D{(z9ycHxrw@jn8>6nlThwqrWsW!vX)Xnzm&I@Qlqt$rXoE{
z1EHd-P|<j8COxgGIaaAEdnq%=DkW$QXV4l>(HgGFX)PawIjt!|WeA}%K(mZTsLY5^
zSt@e8<QEmvL_KM^IA576Vp$-f3Pc$JVgv)k2pUotA)eR8vmhb4EG(pT=H6E8je?sO
zWf`6($!Zg)$Md0+f;oGgOVzrUia#szAh)8Z0AVLD1pEq(x)gmLApPyqP$Ix*B;qp?
z5FN>@ccf9hBU6#KVq6<Ar$MSU*BWRQe7zaz(#sxb4G(Qo4G%oUFh&x?xQsE3%V-a|
z%nfdqQ0QM~>KrIJpaYTvI+ye4U2a70@>JxQ(s){S4JiuKF)mldyPWA5my`Bi!L<Jh
z+A(A%L3CBDSBBD^%QAg-c4rg<Wfb5siU(zs5tLD>$O!=`Qa%Yv^jv9N2%6EVl%qN8
z8Vy7pjYJ&{WRe7M_H<cj?q{P5;HWwoO>{Db(a9L9lQGQg39^tVWsFfNV^K@T0w!a5
zrHnNyWo#<aF;I#ppjIp8s+i@RR?2~_<w(|YAXGW0mGY*vQqF3noM`1rMk`lRtz79c
zR|CjWqLwR-Y8i)`3KCK}<9M}<Gpc1=Dsp0=7GFZGUMf^MD>%JW0AVYTuoXb63QjK-
zP3fhA)k_7@%XmgF<EaN9kFU}U`HU})$5abf0UB2YGRFc!MCPjsw2+V!7$GN6At$(z
zlL}i|^WIefF1w{w*0d)EHCf3gB9%-8j3)B-Gtp>26UE9k<QbiskRKld8Kd!>|NUN!
z?PTRT3CIPqdpeUeE7wU)tz0J&>}4*{i5wDyqvPpN;>@*jQZ+*rmld&Bjg#y`btV%r
zCkq=ImCWVGR(Zyq(``|i45XfH*l|QCav)p{$X(s!8tiI96t(Oc^2#;-SxU<L8f1#s
z09mf#P4OC|DPEI`w4(E$Ylt|icCKMI&N|m&B-ktp&UK`<*Aakd!>522P0`r;lqPQK
zbfz%QV+wU1Q<&>=WFddRl?rEj-GXy#0TCotjMR(iEC8f*mDTjT0ve#hT~95XC~~So
z)YoAvB=1xP#;FuWLFl-taqu0cuwRIKF%)tt6S5Lzt-MV3d_<}eb&N_NNG0DfDvceZ
zG8H*vPThd$=w!}YQsM|B7ksT$MXux`Q@DoTD7AA{67z5wxLpdjD>|TOwK2J<N&5L@
zxHm%fE`zg+*3=N@1cDh(L=rsA2_wvjRK$@m)2S1XE5U)8K*Axe{tP1kgLIEXVXdx!
zPwu^Qsu=LA=w!9ZjkFI=Z?N$nnKyVS+*ncNM;KV3ry-!H0cO*9pr;vuo|cN7EW-t(
zJt?DI=QMOH28R&z;KTN`Ky+gT87fh5oJMe*&fqwm8u4^D(#|*Hxa)fk-76vY>53IM
zMVg<tPFHN6(M1yJ0%SvWlDsaGMqMPeMxRs#OL9h^M8YAi=4o}3Gx{V^7ReRlRO<$$
z6hbEj1WNJfq>SjK*eQv6&zU3urz9zEB&$U}z#q-ppvKlRmRU>9r&br*tu;lj(g+@q
z1lmdS@T86Kq<>au7X+BnOav=Uw4Pyr$WS0MZscfnNS~QY>)r|ZXPA*jl(m?UOY?oM
z4#8FjB&g$It24q@mx}Zls_q=i=b{bC{Pd{2*UB%b(>g@pxa+uXiEGHVsc_d3xMwhM
z&!8jA3@(yB!{s9B#kbXZIFdetM$%`v#z;EwmRTl}o<-^+FW^XewyBs!*5xAUIm9Oi
zh~{{+$QjKdXNshQKtYa+-jEt3l8$TONIG2*<{87t(|#zEmE%Zy-sFqw5qcnjxl_-h
zS8qhGzR5^>y((Tk<A>@=`)4xkpUHenpGh&9DV(%ia(G+0Rn9YUHaf2)#^Tg~Z~|G_
zodzDK1|v=lsmN)=1U|(r=E-!lr|_cME%*(ptTLH<xe8hX0c{oo+AIdNSroKca{I5k
zCtqbfivTxE3tS@tt`V?l<bi860@s*|oJsfRBk(YGjjFhf7`sM--E0OsnzY`T?M6<<
zhkVe@nIY5JT8wT$7=hgK&J8?9HyAOxLCoy&(Vqf5@XXH*r0q8{ZNHJW{YJ6A$%v6M
zn{?T|KjOK52f$6J%^<hEa}(d@n~ZI~DHRzqJ}Wn-<ul=?5pVSFsy4oxvVpCMJppsn
z*35C~o`5+7y15K=G?l$GS3sA}#Ae28l5Q-RZ0KI%%0i*$;vG6N`F@3*LNRZ)X!1?`
z5ydMDCS;5bZ$>)28MN_cUWYdub$D|sGHOgF>H$-jh56^VGF3$-`V+FAQ7=;Bm&mCa
zp1UD^{!(q*F9W2^HOSyjYoJNpFNsaeV{C$6HQ>y1BW=7%U2!#v>H`JNWArtTncB@$
zK7=tkoR4$}t`u<Q^E#Yw)ZzS8<h*j(kfQ4;jA%WhQ7Pa6xsfaCiRBd!j3QOdSDP@O
zQv|6&W?8s~4}+?!`9xQ@kXh#~x-TCK5OUzA1ZM${+yWzV3)ofe0#%#^QXI7n3%FJ8
zZD`RSZ^nhbZ(|JeHoDpn#K`u9+ZgM+&G^Z6A%Y8Bl;AAn;aX^fYhfx9RktUI#)iHi
z$9{QTq>8(Uvnp`!g8xgA8QjAl30R42O_=jeEjKS@7O@{+7ZGDz%;;w^)z4x<BkqDZ
z|6)cxi;e18f|?5MesGrX>RDn`&yrN+>_9z2yrO2r=v>egr=_K;)Jr)nEd`=4MWQbS
zGA`9<X=zhhTFPo^Dc9YWxsi4Ot>6PQ|DkIcVX_Q-X{Krc_boWfH6OW_H}yexIb%u7
z=@2C7TR{U<A(scAX@7=z=C8lYQ<2u^OdL9H%w=OPJtxYsKxOJzc!K&0m7Sjj9o;PK
ztROQc@lr{7Hc^$F1<_bR(GXSJ=Q8!#N)*3GFSS7AaUf*{4fC(i@1wp888f)K!nup@
zhj$tK;a#c7S+bWk42V{E&56o;b3v%Ep{M8~s2l!DmH1ah*i3cEM*&g+eH8c=ae8+X
zmEEmTS+OQpRsiR2I<HbF`=JqrNGntk&X&0XtY!WsUhVfFwSx;koO^h+-(yt!J*miv
zf!dYX7#COgwJPMVc}?RwMANte3F`cssQO-_>U%Y+zL%<1R6RN~wK|rm&&M)VF*lx1
zFz>WL)N$v$m#Xbvy_QxYErH8ToRz$mRvNXmG8O3(Xld-!>O^JU@0{MJIMFn@>XA)D
z8oN&w_&#1^xDL@6set<CeMDiah{9HB6t;>gOjK>-Wuc4!00960J=AMd4`?0-@NRg1
zJD6s$`iTx2(>{erG6qW<^4Ls?!px}ARC@FerRcI5cGP$h$z?gY##lY%l1nXV-6|g4
zkTR2w#-;cPGe^uCT5V@v%=gvzobRjen@`e}ksoXgzALBwx&GYeN8FYKV{Xrthj;XA
z4<7Yx)1t8co1RDQ&JMf~a_DKk_j2pu39<FREH5aJ>Kh%HUAty}RGm|Bropy`<K&N%
ziEZ1qZQHi(Wa3P0JDJ$FZQHh!GkaI<i__KXyXdaI_^!HFt!KUOO-9q%w0Fw#Ml+9#
z%(NRG5-!WlGfd4=bxtfJ^@zTe{G>JuPy5>5X!kE(UUk@2T^n@$9)pi7zKd$l&5)uZ
z0P*xj>x|9gIBeUq@A9-&O<;#whv?O%<KOiO!h8n>d>ovgk^8udSXk)ERa|w49`U=%
zko8}6>{L?7rByP|r`TsaW2~-9GL^QP`PSQmlEC(1p2`VJ@t`?1^shQH_4-?E4)eVB
zrP*7{KP-OU!wBs5COaO7xJfIt<*hV^pF;$YrL;$MJFOleCMbUHc2qu3o^|szRs%9V
zvx{dPv1T)k>6#4m4rR(x55KEPuhQR0t?5#l#Cj;weK;_UsMwcu#x+)FXn9-A?6W4S
zj>&PC;k#Yg)YSZ(97B>-Q@JX4jJ3^7O&gjUH2k6bLtPPpI2jO*iDAMSyu^A0I7E6O
zB0^XsAOUlTFqsLVLUcGmg|!IZfYf}H@jRTr0;np&w3|Wr`M?>w<Q9SAw-`AB)I6al
zx6F-w(jMSF{r0yI+k%iS2W*|#{&DUnzHOl5*Q1aQ<a}w|&ggt02uB02<eQlvx8*)q
zxqV-6GI)c*Z#dnNrFSmfDdxAXJc;IaHr+A!2js7odZRNBFrP#{gY*wddczZ*;5COU
zp0qtf*l)UiaXTjnufp4txdfTh{>SvM{;$~Egf=177}W1D;*1I$F!GFA(MSh_CVS+c
zqGcKc$5EI>QX()>5=c>^RTAi!MA9ZvS4K6X=;A|;iWHH9n2wrBk(C8fDp6R9Q8b8a
zI&TSw_XzWPE)fuS3M`V`b7T@c=ru<p^P25rbMw-%3Ay8UPC=hhj|tsQ?OB37<C;#f
zpGw1{8f}7hN!o{MZTf!n2;)4ST4-a)np8DX#8IZnRVl3Z?VXg?N49GO_@m<Ws{iV>
z_tiG3Kgl;H;q}T}OHxfzPbxRm<g5~KYINhOaO&6N!ZAw5i{#^)z7@mezsJR8mHo!`
z!OH|t3(zVklFMk$Z>+ks3g=Z**30Ub=$gcjDh?_HvQ<hKEmh0t%FQcObd{IR+uQT)
zDzsdsm&!KIAzj5;%fwvOSuGJ<MVrb~&#RjkbY0Y!<chY>uG_=E6<(HO+f(rhbel4t
zm-)ORpO=K>SH8WPa|(NA4Y_p0&qKZHQ@j%N3Vyj($<3i<moPthWf!`i`g-;7l|4KX
zX4k}>f%ppKE|$8qbr(cEV(J#ebeB-O6#t!Pf1>r3=buGzZRoDaJvV=EvtwQ!US?ok
ze@)Xg%SpH0pMp*_`6FAhW}tLNwv@rrux7)kJ;guCmT2sj#^XGR!(J*ITFzuHTgPcW
zoe5L2$&x1KywaE^eq2YmV78s+_7GcD4&zFi_j2l6U#fQu|3nHY<Wv$Dk%-;40Ck`D
z`%qZ<lo>h?R!cmbGB;L<VXBy(GDOId&sX#tML5cma!47ORGG?jPHa3M*X57gTu)iV
z^sFXT(S(YWdU+64dB%BJ&h>1ZORm-_>sQz$S~_n1-_dsBi<l||CP<Um(RX6(fJxMJ
zY$kaV;RH`Y>|h(5dPI|iQKfj_U>l_RA*inSYVl_LbfJ{+ONRQ&QK|%7VK-#WU-b>6
z-!Yfq_1vR+MBY&b!3J>wP{c?OM6iMmLZ@*I7>3Y62>mW0bx;RL!-O70(L!la43LHt
zLD)g`{VXB;gp)#0B2WUi;%R}q;j;*PFqbMYLWuo{B>gK;NKi0H1xQASe-PCOe4=Wh
z4Jn1Fgib=iLQq0DLQJ77p>_yOh^mAYpsbPDh)j&h-D=?sVT9m?==%Laf}uJP-H2g@
zF=7~i*BDH$N5$sx)}=oze%Z2d%f{caE=1@4UEp1U9M|JZp}h}?PMk0;_{@|^t~}Bz
zKQy10k4-cd4M?K}$wxZh<I-ukchX0DY4Wzv2x<)J2p1Qjlc*i+&^Af))(IiK`_axK
zWpvS;uYV<#rkM~jMiUW-jf-e-A^PT5kOl=q`FHO?0o}R{D&14pzs8aS0qHOR0ipd{
zbuzW_pf@$Lw4-;j@z8fMbfPmdHM9-U1ZezPd7fbigbkbn{9+UQ4W?oOLsmd=E`UrF
zHHwTF2to)zgaVKWMmCK**GLybFR7q3(%F_bw|4S1saiLwN~6}<H8pqB(W&Y;HL6`b
z^Sd)OHhy(~zjaGre{DHW^L}&%E@HMh^5n>57Rcq~T#n|B9_-0`@aWa`n)$U)<~Ja@
zwrde*co6oQv0%Hp5$_aKGVeQIq7}@WuoZy!3|rMBqSlW5l}VARES=KGZ%9tBR^@>0
z-!^gAs5a}!Y+4?$V7{PH1wm9ZZ{*-fFzFCJVerblJcZIYyEN+_ST=B}Sxn#KafuF}
zBHgfXUJWNe1507$kTL71-8QS|7(aK7wQ?_<GHd!RxK~eAIApQFDWfKh2?Ie~+oxn*
z$ENk&e5RPsd}^b*&!wvzS~p2rqiEicMx**nn5?Fqef`qZ(Wfz|a5NQ2XP4MCX;X3Q
zV2I+a&;?B6WE*S@8*ov{8;wS-Ap_6RG^uq{>zz*H<s96nVb*fSi%kPzTs&sP(wZsj
z7Otycxy*U)@`Sex5#DF=P)qF3{mRhvkkH0Q=L<<fu;YQC*D5Lo9iJQTw5zjwa8V6G
zY}lZMYeDLChn?%T>QW_qr5Aj>Ne7)>2ajp-g2jT~OHVT396N0`uS%eYf_8y}vQ4Hx
zJunQM2RnKRVn+yMI*TMUExQXNs9OyzvLc*y5dgiyjs+$#VOPg>hKuKwiB$Z1+p3&J
zwatYDa<GA#J$woGu-0su9Z3R@V|J81lcotzV2@$F^Smkyg85#v*wrF=PLa(57v+oG
zvhLoZfv-vh4I7;{ij43FRt(#OibNbWP)2m@<gC_dc6J;hDrbtKOLN759X<-L%KWlb
zuwJO(=lDfqDDP`;&VL+nbwRT#rG(2mm{;pNuH)d_k^LIq-E@v82f03Y1pA)t5h(KH
zeGR%0FN|M|laf7G0h0`Kp2)ZeBFv59)u>cN;0{A)f@V0I30PF|2qn03kqS<}Vp&0{
zT#LFG6Y|;w3>gqiowWucB_>J1dQE1^f}Eil1xjL!0Xc<HBq716FE-2wPiY*_9AycC
z;Jo~R$rND)(dN^%9HUlgp;evGM-LgJ9<`A*1wxg%w?M=<NpeKyxaiSIZwR<vQlRfY
z8--{`NaWOhT||fmc6Wm=Gh6fXLGIqkMS3p_b>SOUK+e&s+^e(d{=KL&d)g5C=T3>V
zwM5=H&1SGZ!A=}pg}gAC_)0};7-;>7(GciiVho_+IRem`AK5h$3*`0&U(D>u9IG|c
z6E}-=%tgbhgnUA#->pZ<5*OFY3k_5uPYzO^N6{gYPoBftV~9~9mQR*o<-@`{BY<6$
z$bJD|RIK8>2Z=rPq|uERt5p0-j?F_fl#XdN=B7o0P^Lu|L5ifXAV_iwX-q^U?3W{-
zp((Co&(1#Ma9dpCgd6e7o@(N7+md{3eS->DUj2gq({Jh<jm?{9iXu6-)#(WfI)@q?
z&*ZczIs3GDLuL+&6T~1ie9I7I^zMK~EFvcai%g0l_DT{@!~-A~{f-VPGA+U&wphk3
zihvg_b%`gUoYy0gPEe9+nvXGKIU<;2m!6M8G7{m=i-z?en<J>up&<1Q6*LKOz`%?^
z>P{%iRl!&ld><q2XBd`ECn~)+NG3;uV6uBp;u+5ocwhTvD4}%ODN5;Pg<D(oD@^$h
z+7pqB5pUM%NX{vH;A5&XY+*{r*pd?GCF?*Af5*uWc_;WS5E{bkuWf(_K@=pshur@C
zW-agx@Y25?Hwmvk>wzp0#8zvRU?f44<`ASi%(ln`Dhw{zc^TRz9Po96q%V$K#Xg_b
zfOb4l_>oX!6B8&BPRyYCELgPpLx*T6GnTGb6DKe+So2MXXpFvHDKZ)8v+0PV-Wdv2
zRfTaw)hwocDgZZ9RHY6nbqV2ysF7k?A_ignW+_yL(!-WTl5W35j1cWmv6W#G3bM>!
zBr$6hD^B*fxmku0-+Dqwp)3(75-dVTWMl?9v}o)zT448EOsz>T<Dvi}3QSIDOom8S
z0u)%Nkq89}{Df7>kOHQ`KJ}GAEvk4#qDaH8(&GghAye+(4DtKK#Nx!1g_@K~@yKCF
zN>rKQRD!3adzF^#o8ll^p|q*DSt6|gkZh*Pn{3l|4+h*>d#7SwuIPb<dn_jN803u5
zGLevpM4g0>h^Qtr7K_fK6h#s!m7^L8B*?_WOg=uG;3Khn%0-R>w;_TfVg<&OX(E9r
zE<%lo5dpu*`T>j-;qk9^24x(7qK85i<`N77>0N%2NIB=C9!1WOKn1D@E70}T!MX=c
zN{R&b0+^yBu;(d_9UzHyCughWh_Es^gQXRXQ@9i!h>dy|{6=r09K-Z3NsRUk{2T2=
zW3)pMPq(C6QPR|!(~+6FLuA5M8CnIeW)X>+?LqM%k%S0ACm}P+f`doe3|eIu;i1f^
z`wv0WBCoz^N(_|s`YfOtvEnF51dvMXTnX<$BQOY!1jt|sd_rD9m=a`>UuD5YNAD=u
z4%SwqgI7lxjc^W#q#YRRb@D8!gAd7xW>NpDsW*}(LPy6ps1^rUD2yIqfskS>f>8xB
z#CYUkH7ZbUF7_=$ZTfIDw7Po29FdUa+lcWU4R9txC9PvH;-QGn#knI(BGQ!L5R-YZ
zr$)UJF(#r9Q=r;t&oVUv`<#)G3B!Y_MU9ELsQznV6jV9P-=LB~Pz<z)>=%JfkSapO
ztav*VA!iKLmnTbqO&kM@PSY3&w_t2cN!ZVJNEg-|TheONv5gnjCjV^f=0l}x2$Ytn
zV6<rT?+C$g`6o3=#)w=>2%>|T0Q(FF>g}6B_=apfC}HmQYw^bypN^y&n3(LJbexGD
zuNX<f)6vuH_alT@`Iqvq$%Whd-TZ{qQnlkb8(xY%XmjSU8nobRAGI3+IeXOhkiBuT
z#j>%y(Rz0NPJNYDi6auFxv!bhHA$EaiafWZvKGq-!@p$~0z(84OlVsVgDlUwg^?uW
z)}gZr5d>ht-hFLyL~!N%QYfpK63LVpjOoQFmYPUsRZz5%h#PZEI-CTeKs*f)#&mm^
zO8u&BdvQeK<`zpzSW2eQ#3lL44O%AkxX9&%D;6dcM+!G2LB&L<*8lVrqoHC+O80$F
zNe9JO*cr3*=*HaIXkbFUb}0wVy<b(x89{RZU<V}ighE&VF%pC+GZNV9pmr5%mO&_w
zud$-u?BIWufND7~XL@#2szRMc)fp_LlE9RHr4U$#V>pILO%H~`X9O`uBNIvz(C9bN
zXdg7ZNsU`bVtmGW6k<pW^L7l)XfZcfhJrx~kxcvgD(HWvxApl;h75x&*K!HPYyXta
zNz4NIO9a_fnHq6)?>O4`cufvvqJbzyYcnBGtK|q(PoD~fYI0RD%ljf!RxZRvVHWmu
zgY~2{_<I~xPGbs#*ySKNWz!@}U`i9uFc@u#(&^+=s2_;NT#C(QNYYbE1EY}Fl(R$w
zi7cU+c;j?aYcE`8Aw$eLewPZQ(<qQJ2Tlr(9}<|BOpMY*r(G+NK_;ck1Q}}5sglh9
zK7_TbSNR)FVm``CZBQ(uc6?@-d}0}t%%^Fu4@TWl3a%E_Os9n|dR+AoJrse-6b}J$
z7y!I5X2U>)9St-WZ^|c;k0T~gIHN<3@R$KSlgl#<>3&~N0kZw?6!iLWA(a6;2^fzl
zbe0I^<zav+Gx;CUR(4|P;X8&1T4K~fdK?kT&A;hP^%zgDMyGcynoz!eXksWr`OHR?
zjiBxk2s-5rt>;vr@T^=Ay0}LQyo6N*xQ(!Y4Oz=Ye}%KtJb3?|_#e8sgaL1%pje1L
z9Z<x=6^Lsu1{BIsWD{$~_`G2~rrY;l$HB8o9F8PnJVzu{z4aiqZ7xKbf#e5`EP;!2
zzZpojZ)r*>H=nGWkiAxTOT^jEHL)jp#ahY71!R-56!MQQok6eDpc!gVvPVaBYhZAT
z!XXVX6!Qskg(A-cNt9sQM=)j$$xaQjB-9+aRD$4>v*39cPy5UttZ$ja5MH(dnv&`6
z#G=cT;vq=7Gh)mLTQ?8;;tj0fU?xHG&;p>M85#tTfLwtF4MM=TvjR|rhc&u9*P?k4
zP%#>PO!2&ikNe)jU?H|yJaPs~MD=wR&d>LLS%+Ivz~VsQLkv%CwY5RQ0>iS~$vLzl
zhM|jd3j{mZ$D+j$GK4ufKl*A8&P5o$I&tj3960!60B_>lK{!1mWW|Cyi8*_KMb`y8
ztPyN;z~e&-Pwzov9JJkBMerFS=8W!1GLRws;S4PlbSi<LXHG8^e?W=V0~hAC$QfS?
ze;mUr(q<D6o*q9s_GD=EuiKLSVu?hm#E+bUwd2pteBj^%gnz)^mup)EgWq9sY#Y&)
zsKv(3cz=On`=B{~xMsoPh0pB&bMZR{(i`0)yT(DAVd31RVXqC>|8n^tyK<q%6=yAS
zz1m=}xzes=^3*C7^#xJ(?<><DZugE=r{~vyI3jy!3hN-pzmCvTd*6bT&8^OlFp#u6
zU9#t2U;Xkl3+VPxb+_IAGt<&?lj^2}_ptD(`XWbN!Sol6Ec<m|=WO(|4(>)=ya;lp
z1Z?K$`?H)Y+<&gH*7~!W9i1kd=jo|&Yq9^CpyyGx!4(NX>qH@Ulb@$T;O#6}HIjN{
zCd_}q&-^NGV7nVV)8j0x;-_`w`Z)zVcZq%5gZtV=*h)(+>-IdEG!Ensw+Q~u8V$~K
zv?S6;x25-EMfk?{TmAi<ytLLb4R@ty^6l64K?*&;CzrLkzVg!^DLWe-M-PYf$;ODk
zxBpo_$<&rB`=5V{BxXw)0M!;p+Z}9i5&0*3I~jiMECuX@Ss%XT?;DxVB~kv)WJmU+
zNAfnkw+*eA&Q|uM^5Su^ZO`-NinHT1{J2ksM}-me+%K*7hHLiiX?*<#5@`G??(6)?
zuNKZG`a||)-)Znmzn8goh)|nwDiKF(@z2W)&vfv;-`M{WU;D-zEh-#tB{JEH`*J=0
zNzL2Ki3v0s`W&B&y*_*Yb~gQb`%?SeaCuS5D3p@%L}2NQ0Uw0UCmr*H=dsj(NoM3r
z7~tlynf&L}yOV{=cmH!%U&J}I-*W=y^6kb~tvUv2JRJ4K!+z&Ow{6*^nwy#ZYp6KR
z>Q7fKYr#7)Zz7+(v=!1t&ZIjZC##smho9kZeYX?HY&Hu)bTs};i~NNz>WP9s?xf{Q
z`u1n#H2ydprTG57BafBoYP{ns+6<>XhZnmzxLK*e&W>cMJz^N(o1G|P@TsL1{80nU
zhDDCfDm4onSfsFUsW)Zam^qa-q>j#uCu9zwbA@=!2@8Y}Vm$2PzLY7Mh1;x=nUH-L
z)7jiCYkLAuEM^IqgiCf1c<;Hu9kmKP@+H1~Lx$izn><c?S?B)PKGs%AmMK!JzZxDn
z3eYDR*DuK`i&IYc2*vQ2V~47qPXFOwB8P^%fVH0C2LG<=VK|;iAe6TBP}6i~7Km;9
zpJ0Yt9vQTTF(VNo24z}#Wb2kQ;|VG(88hLkK8<o~25zINl1Pn51gJ)K0gUIkkWKsz
z$cW&d->ndeo~zYxY+ZFJ=ubbCh!bBhWWyHBD`iv_1du-LbmL-xdzX*Df4JRt(wm8$
zNpqsQh@bAHbKYME$4~xNZFiAdvi_=%)N1ds6n)F;>bS|;cnl&w+?{|t`nLR$a%4Vx
z-%<v7I3|_;Jf37q!l?U1DY=?=)sAzK5E*we_4ytc*WYFxX~9j{ynJIZJju__P|P*;
z?;5Ey9*(o8X>ER}`ktiL9Z}PDK;v1Ub<eTv^f_Nw3H^Ss+Y7Wk`F_E7KU*oh|F*TV
z=+K<=Z7U@FDZbv2zIlDxQr5?EZ!euKlf>z2Q|j5>q;<SLS4N;luH4tB(nwiwHh2Oa
zVSaa)|Cx1B^Vq#@)~b^q55(z-T8DAPmT$z~@uxM;mva4j;*~$%*2QQmZmP32evwAA
zwAGrPpzI;L_N5<2GC9Mh?(X<!tyj9yMPF5(@KDORU*8dX$?tF2*J}O?zM4D#Y6sQ5
zk1<;=gZMfwO~Kvy>FQ{mC0zMa>V2iM`5bfxn|bj9@C2BU7;FC968Vd-Dy|*p$7Z<A
z8wv8}u}xoY^J(t&&!{VXv@BNBL0kV7q&j$sI(?UZ-HXmvxv4GE{L|ywf%W}X$KQ9;
zDc#lP#%9I?l{s5ir`gGT;}7MODgYjHQFr~@MZxXmsD4})zv{>K_x8Ik`b1E4C~NAC
z?~-rzX~U0c*u;HA2h$$zLG`lt^mcf<D=K%Vwzii4mebv1g{--s)*;(4@k#fyRbt+1
zVNoSjPl37lPsxk-WK9pBlePF!BsX}bmR{GbM^Fsq>-lG$Y~}GKmQ$_4Ns0QYS51&G
zCvD(N4@$XKQjSMH1<`=IV!hv!xM{-ue6Fw2miP$E&BM9Zt&Q3#OxMI79!ABc{oe=u
zyBzbrX?pfU9{;l~ICJNh%d57|^Zlf(f~ya`>+3V^c8~SH4o_OSLs4KW1ytVr6#;Q~
zEgrP$-JS-^noP?cl3sL5BRkxylA%j6u=2}z+?y9`*giCV2fts9d{bv!CQ@ef-xvvd
z-m!JR*biQ&P(3d{ecZN+GFRyDx3kV$IC;(Y&+y07n>T8DxEfxj53WD+zqXWv+W#dU
z`7OJ`#XGsMj%0DI3QN=oIPNB*eRJKph0|G8Ty@vmQS%wZg;8!r?6|GZM~A-Gk_ETc
zZ6|zRts{<S9!f=C_N8V&Fu&AVF09>M%07lO#de;(ht&|9<J#uCn=QSc9>5JVAG*YF
z*Pq<fWhI68TSPOVx3}_Y{6@BQyxLmd_6}C~{N^3EPpTTY_q5J~gl*kLwJ$HWC2=t`
zohmzDXr7;R*2Hbi-PvR@&0b__KAMY+*&k}eKjh7MpzmG@Gxb}zRrmPM-Nu^7gRdHb
zYhL5{slUHn`VTjNHHG!I7n9rl%5E!_V{A9JTU}3K`n1;+7re*$uQeBa4xZz`LqB*Y
ziL{-*J4JSK3bFY)j8FYt=={oRhb-}sK6QS=pp?r;2BK_-g1*Ueb21xDaZ~wVc|2#V
z?^J(=LMK4P!Z!X~uyxlR4v%jZ{PX^JcHz1wCVS$?W4ElZvA7GHl~m^DMOnd~o`k_T
z>ngZBZfp*6AJAWxr|fL<5u6L!wO?M0&E@@B&FFgkbUXQ?uR)n!NIPc#>(TUd@q0i%
z=`yF?(`K(fpv#h19=X_WiHd$q?L}U$eGLEad-rXa<4iT~&lii!gZPU&)yk)P?DZdi
z-)(z4?0?D&DU+yMm)f2R%a$HYM7AR>InsRG%oVH)*3x0>0~w^v2>o<?URh6fG3#0K
zOvA4qjU_89VAr{%Q%~8?F&}}b#&(ysTrBwq*WEYG>wKN58Q32F!h4MmaN1mMki*x9
zF>zCE_|#hHnLhpxtIlm7^18G;?S%wHHsX5kSF@Ha!tT7ZO5599WLx?!v-E#mH#u&u
zs8i`B%02xujjk-4{?75Y)m;T2!(0&i>Hh3$^eF1x?l-fh9rSI~=q6UnVfwPaI8LQJ
zl#UO$hJPi8e_69v!}46#c-~G!=qb*8#mS8yk2zbLkzXP(q|ETGf10d?$V)1&%%&Ei
zJOkEXf=W;+{^DO0P8*ywekGSGrA$Ld@UJP9rHXgg6=-mp{Wb69j^fp-ai7v|z38Zh
zqi2P8{Bh8ex-iB|ba9&ICb#0(?3v^soo2thMEgds=zZhfg^?8<ofQA9J=>xcAJ9kr
zvUvaY@xJ&XR-7wu2vy9<l)|eybmhB{{N8V9raVB}@#yq2ggs98yUbgC#<#tysuMjq
ziPpA%%e!XqT^HzT`I6f6HjR6ckNK^|dH3_*axSnAV&P4RyY^eF^+>R;jxtb}<L|T<
zZx?}7sx)b72Gk#E#-9la;Ry*ZTJLpD3r&wz8s!H>Lkmt5i#E3AEJF)V7U7A8I`BRt
zv4cqO)_u2djq$vtNhffdw&8L9CpB+i(+NgXY6??oC{yamRhu{_f7c2NC3)c`SMaeG
z)a~ED&umjl&@zRRPofaZb>iG`sSg+9TZWnur_HHYs0}UD&h4nvXRD&&r^anAW0t#<
zmJUP*jfIx+`x>cfxS6;PTO}8ZT0hC>#z)hej|Lx_v0L8fV=E6DmEM|}ZfT(wrEtpB
zE%NjT1HDLz6ms0|YMsRW<G`^?s8eTY@<zSE&;FuePi6JSO5-RBzv+X&=@&m$8@=kI
zPW@Ea*sT4;`1g7K!lA81*;fVr^~rn{13gHE6G4U*L53VrQVudF0y@XS8eB;jT-lVc
z1RGpgh^g~+g#o7O(InK#HAvt!%+QL(+#1Hz8phCioT=7q-GAgcg#z<tCSlajyf7KR
ziX&^}%*MuFA;fKhI?t2rir~Q90BuQD3B<FS(G(TAemraBM9bUAN+n$R+4M@_PV3)a
zo5DG&JCVa!HDvGB``Z!*${D8om3AMpEj4UDvI%We3+8+f2fHcl($h9dXth6=psDw@
z*<|P+Z6S2HP=6!NU)i|6z;&R_bSu7OiEChtYiOMP+9!kFEBVRwSUY@rCMgA+g>unL
znN+_};oU5i^iPBRq6(5>`4`5;QJupatDwt@@O5w7v^9fBjU{Rg;K-@MK|$G7eA=NS
z29LKmDhYK9On%8viz}bU7w&_qQKgFhSopv@_|NLD^zP$!Z|MsJSr>clS(l(Qti*O%
z)~%ls@oe<cM`oJ~Uov%u6GVKlg8OH}`781K9k-wO?K<SMx9*d7_6>RJyjn|@dA)vo
zKux&RU<p(N;WxV>k!a64$-p65*qAI$V&<w4p?n|vg@av~XOkxRoY^;uPXiA)q~C7V
zTC`l>+{PbT6Z7VwkkVb$-3b3mr506%S*qyEM(EhAeU#H`#7DJi7wbjB3Xfi#0=uIf
zG<#)`jgSDayzw-aZaA!+5?dSNs3W#+4I*rvx=pk!#E6q4{#Rg{fQ@>myK62u1xO;Q
z(P7)&sS&rUKDX08w;0zB8k~Mm7IFL3hi2j^LNfb~W3tcb!WfYbI8p4|+FvRo*+pE}
zG~lx7o4>7%caP*6cRdr+{1Sah32bjbn%$8$IzToe8+GFwbv5QYYC*NFpqsCxrkSvg
z>6}X5e}O!bqgc$|)hM>)?lXL%gamTEqB-2s?(b?RZMFmunZ8%wzO8Ne9Kj|xv^a8l
zXXc`dILrP?VW!N4U1?|`zDUm>FzIE$T-Oh-F&|E{e~LbB@wy`Mx>Cfn3nEA(fg<a6
zBj8RxQ9{z?5h>YhL%XzFRrpte60??yGQGfVjF2NN##{v{0ROWp(q@5#Tvdj04RxZJ
zkt-?enKbN~6q|;&phHyrCL$$HhOFUWYCshDvVqB$AmU8x0Cu8C#uZl|(r;tZHXi74
zEJ1VxMqx-nJCCgAzuN)!AVG)iU2-*I%dN#uy0hBK)@DbXM&va6fx{$Hk!?|qhL>oR
z3ToYA7f_H1bc5Cfe!GjJ%Br@$WvO0yA!aE~_s`K<Q@4KV;5){Jn<7Neo;%Bz4$pIP
ziW|Kr$}!zEb%L&A^EA_4lvJhYCNwJkw&1t`qp2tXOXy`M@-wnT9q<V4s_iy`&hy0$
z*ZOl7`t045zWv8{<0b@;2YoSP*HS6X!J+&Nu8Z^Li1C>+kWVpD8e=S`n$K1bY6)B|
zom<;i(eGK1zmCsNBkK7459XvxZnqqG#^`eOp;iy_8G5bOrH^=fq6b6-DigDEPPAJU
zj@2zP<mWW@R-wpq1QkUd+9sMHmqZ(Hd?YVcFP<A=N4Wmzbs(xKf;Rw$urIaN;$|&&
zFkMD6@3&iBn3Ayv!lP}?e5*QQ`<kA4NA)+i^wFl?>89S*u-<Z8SEsW#VP{vBGZeI2
z?DOB54atR+QdwjwH~X6Q^d|Z07vAcRQ-cT;81fV_Mxe+WAi3heh)#@vML3H;5E|zY
z9_J8wn0CR;h@r%JCP3Fekb&62t1*3LC>SAruvUY?RrtZ3_`$RACnE+V@x2Lxr=xzm
zqkcO`;2!*7o%+HXGa%bDpxX!ycKn$QDu<Z<i@!;v)55GNc0c-@PJss91PVENjktS_
zx$|1NdJ{c?h`4)$N{JMA5d@aQfi8seLuVD()Cdt!k{g6)*9fnc5ic$gZ!Y7V+#=lF
zA_fq9@y7$YK5E0*VDsUu5eGK6eOLXH51S5@J1G|#@ZcZt;HeS9JrTn5!v}0Qgo!q^
zcPxCHs+(jP8M6R28UA8wQ~XiuzPMn4{1Rasf}?$c)t3YleS$f`!H7SC%R})JqeH<4
zdALDk@RlFp8Y<x)D&Z<7@OKHEV2rp%hT$SYwFrUWKZK1!Kb*g3W(wKD{IT^i@Wob`
zV=89HKWqK9iEnQi{OcV!8gF?f=~hIkyFuO4s%qg623Q?zTN<%A3q;~ZD}SrGBXH64
zfPi|5I6Ij{e#9v$x-X+}XW;qj{@jdW@Kqeeh5c<*qgD|2^otF9<%FIMW(#X5Oll|$
z`Oo+EsKxy>YRvr>`WrW~v(p!{>l&=u=`MbJT>hj==2Yp4arB#UYL)T3B+0_eP73$n
zUrY=mtG%+;colCfG}e$`Q&>#hg5PvN|8$V~_C@6Y$9V$pc4DdA1UWh3y!-2PxMa1R
zxbvLn>^Rn2s|P7hFuZ)m{xXY`fBOFBkPSRI{PKOhdH|eW18h$QQG%~T%17*A=xO9<
z=V-=8xJ03gBZ-FGt?%VSsMjTR<|>4Z_ek*S$ls8>nOKbEnTVfBxQ*oJk-YyzuO{jw
zR|2criTsXr*qMzH*cWG!B))89HFDC&i@tS6t(WQM!3ZRF0`nIRf8VRdyh3|7Fa(3m
zSDtNBUjMD^1K=D=iC5MEa3;rmdA2%m+-)~*puWVG?r$RjwHLTcwYf$@5Itg)DDJLP
zwkGmb7s*F~t)BL*S&P#1$qB#6TgS;gkdu{``Urbq`4XOBV}wG8HI*nP`n@n&iTS)R
zg+h~kh^<{>A2rycK*wKVhxXx^&Rej6dSA?-q1-YfzGA}NMSnt6#t)nn=o#m}#BhZ9
zg-M4n=UwIy4r#iSNjzm}1nNsLi3FcB5SzNcpwNue$sFxqrb+kA?)Ti%i&3-B2(iyt
zwKZgAnwuIv@=^6s2Q~Cg%u|kfe^W*X`M|&W&^69*qidZ=*_;qGJ7W!Vvbj&!wK>D1
z8%+~z&U`7kev;z3=EqFej0(N0C)7YrgRabk>+mDgY)I712-nP5gPv&C%rxlbo^;Wz
zfn)|hSUBHW>md8V+1pXO(*e2Dg>1G7Y_$PxwdDos8*H`pwmS#9p9DFH2V#Tn4y#O>
z2*rkOFUS2SM0Kq(g5{zuTaBxJ{b%<6wvPi0+R+qRuX<0WF8+yoVWA>avep8x6#h(=
z*HmQEVe~{;9EysMjB39S^_%V*oo+*K<9sn<d+zMP2xk5plGvaVC<feJw%H8@Ef4fe
z^tpTKtE9IxvJ={gP{Wd+ya#z$wL^hW4aeVm_Z3jJ!6$I?vrUl!VRhe%jDt?)Zg+3@
zXuW%2f`=R47-t<myatPNf`C6vxOH&31`-sSYS!rfbbTEH+#`$uY3T&m?<z{rHM-N=
zztdAPpu3X}kVc#*T_!97<reV{$7xRrY&bP7KC2fv5U;9^2NCR$339{y<Dl8$old&P
zB;RiuanE!?EEMKj)MYKrM}`x~bNj#qwTT+>7AfW)I^+{N;v)*&-Vb>V9pW153Vqfq
zH@97-tgdiNmedSTJowzTr7YqWd?b^2BqR9sYyAX}@*9xz8vx}R<ccCV5Ieuk3@UC5
z;JtML3Av#H^Hm+_7!T?m5ALo&)IAz-N8N89_X>3}sIjo$uB@c+OO)Cw!mPBuaQ}3-
zA_+<SH{)X@uU<$dhDm0INkX{CxT0na%`I;<<$4lt&CxDzNFw%GBR(?3JYt4?V@7;s
z1KWqi@32Dty<T9?dSmCd6Jm8AKq+tJbs_88V@qc)h^m|rS{Q#SFb3~8A$ZC)|0%KJ
z6P;hE__r%vExJ+wS@F;#%4~cpYnXZf{)_+{uDB9y2K;sq4*!IBQ96V0Ek{Xf2hN70
zb>%BUXG`N|$KQwB2|q-Jw5ZuGxG4m)b-`6ZI~=g@oNYR}R9SwFu@^#ki%W`(`_y)f
zOpa@uxlgb*{+GM2p=t2gRfw}s&A*sRt;mkv%2vOcEk0r0<;hj$4JmP*k@L&7Wg;zZ
zKGuK+>2!%kF40CDrm%TPZ)>4S9PUwAWnZrY1wH?$jg3wI6keCkqtMB=tX9v`K9i{Q
zh220uGW=)&{Adnf{FOON75u6QBTiI7(ySA#=W|kSEnWwuDUJsY<WJW=$W4@qz0{89
zJ-a$yNnWXe`|O#3dsAoi9(GdiK{VczwBD06-WMy$c)g;>!glX175?x~4Uhkd*$aN%
zU<hbwn%}SivKRl(uh}5Ye7%0ejr@Y|^9wiX88GNcj7cW#pS=+}b#I#Ppn2>_n7yf=
zy-_@UfqL{tdFMsh_4Wz)A;j68DJz~CWqV@QY_Gq)D4g*)`oU21%cbg(-)yD#NVuVQ
zz6~AnJskJlUguBFxQp=2gTP?6!c$;DxRtpFT6^-R&W`1Q`WK_aR2vI#Vl)Vb?|9!0
zTv5RacuEuq07ir}Ais!S-ou!$D9!dgAY0yoW;`VAI14&np=P|h=I`W&C(foP&asji
z;k8H3n(rNsr?~R>k-_8<9X?*MYo6n)FK+Xj7LF6YiSM_FpV`uC4$K~)Tqvw}dM~i?
zp5F1Eh)(<O;=f$_Rt@?Yb!~mrD0M3`>!BuRGm%DJ`eORjKe%^??uzIP-@oeaz2~o9
z%m%wMY8ofixAnsxX2p1G0=SQB`WyCE65yE+{bD3vx&CaDXKa$!7V*!m=G@-Y{(E!w
z2E+0FHv2*d>E?%e60HlnkT{`bPSX7uT8`s4vi3)z{+x#asT0mCzV8`Zm~X2#b;tNQ
z$OVT6{%Q#eMXi%SHYifj<id{fU&#Fn2Zk<3i4oF6^4YJ_pZ)`mom0;YBx7l33IqfU
z{x7@!-}nzWZSpUGkrVRk`sVHchyY{&DgX_D1;7Ik0tf(P01^NtfEGXpU;;1$*a4gX
zZU8HQ7a#->23!Kf0S5qCfE+*ppa@U`XaEcVh5!?QCBO<`18@Pj0^9)}08fB7zz5(D
z2mk~Ef&jsQ5I`6p9N-6t1;hao07-xpKpG$$kORmC<N@*l1%P5e8K44C38(@T0jdFo
zfI2`upaIYbXackX+5qi<4nQwp1TYSm1S|rE0R4agz#yO#&;^hHqM>(oGN#uza<#NE
zp*Jx#Gjz3ap|`O#qW>?9_n*E0v3RCVHvfM5{}X)H1qNHWq(DHebU;Ap|91aB!RP8?
zY4bmXPv_Ul@_!M&KEhvYs4-+zXrO@sHU*%-M5Emlu7n{b0Rj?2$S93esMXTwj`_A)
z)mn{9?L6+<bxZAycGb;RO^cywbM4D&zOPlbJ8fgPG9O(vao=*s+s;2Hn+;peBbH)%
zhA469b*!wsq~t?-$TJ6bxIB0>LK-nK84w+Pr^dCGHd>jA%BJRT7Q2N_8qpBh%XSQz
zuVM{qaq>;+V5(KR$`fp!Y1UmDm5SCC{jz2q=Echv#$B{pl`%^|;{)US%Mgj?*~@<`
zuZ>w&FR?l_jTzR~sFu%9Le7xnj6=FEmm$#P<z${KX3v|JspOZfShdIa18)yUO>C0z
z*R{=;8?d65^=yf$;KY`Ts*T@R&4R}u-waJ-s+Nb}+coWeIm*Pe_1Rh0T0cTmviGlF
zYH@Fr?$1#B6wOQ+%r}sAkk@a7ZLE6XmqN0sSud%2%PnDHYuG!K_8ZJ=Wl{vUt?;7<
z?-<lXzbvdzxz2b%*)?dxl~D1cgVGW*?&xJX??2*X&8|<9fz0n^d24Dij8K`_a#e>e
zsj#JmprX3M8Fc^6coOrR%M*Yy*s`i!eVYcDlp%NCLg@ZA<>%HmXABydPM;#?$r1yK
z8L~>NIMZ#oBUFp=K{4uY142R~=$um!lwrnr;;L4STd|}iX-St(M_?DM`(;6GbNU8r
z$aWqB(mZFkbbbl)?-Eo=(eJam=(IV8sEi#d#iq%jOIj<bW7pKs50*5y31DeZ>zEp_
zIUptj+@+Z@P!?wEboZ%PLflX_s>RIdgo1jmR)DLaea_YeN!<=lXYkmfU9lv#to3KG
zpfxPfiST1(&)FD*H(MdHXuo<@>t0wgHJA~@lUOid#(xm$HlbloYT0(J1s+MQ8c@}0
z;5W}1xT`4yPnAwr*)!B*nJD6`<l8+cyyf;ImM2-unkg%1xAl>!kN?=QYF)qNZhpzD
zD*9JS?R7`qqn5uePz6o{ji;-8>r3s^?+Ub4;t&`945Cfwnv*d}*)5KZqui>DeoXxM
z7ziG(70`19JILue23IWSFF=pYv8`%Y$WS33-1*S=#_zX%uLq(5!wpkF9uZ<q4v<7=
zgnKKVrS%g6LxeJRqYUl(kYTw~fT6^d=gq|<NtCIQwwlOM$?e7Z@GbS;o`ItvgdzWN
zI)vdR<)GW2)8K2sMOS1|yQX+S#4Tco!WU+=k{T}~Z5$v{pipbt`=c)q#nLUCL8Mx-
zzo9}|L8R-GNhfM<{X5+}%HCSiQga!PzlOKicO*Z}Gdzumu|a0|GQu#awNO)l5mt`b
zC@X(x8nY>5Tw&I#4olq_6S-WgBz7!**Gh{Pm62t6v-0m$@n5*bJIu_?VKq5oe3ttk
zX6G||-;&%ox7VI`ZA@74nWfkzJfi#_u#I!-ga9H4bnfPYRf_gIl1}c3H9rvwu5jGj
zyGis1$Apk!xx!pJDM3>SizdV*W|r$!s=V>Kk66$=YK0&qm40HLJ0v>EAy1`<bf&!o
zrn>~CKerKbJ|fae$vmnRf2gF2J=;|>>PdO(N%`s}!xFxgaEVd&Sj1jGQrJt^J!s3>
zsA3ZC6)9Ai#Lx#CQNk0A%IU&TnqED$RPb7ZU?GIZ3~G~50HP*{Vi86XS`f8H2+?`I
zJej6L0q0Q)zDQD+Lca&b1pHt>M<b0#ffy~Mh1Z1;>A?0tbXtLC3FHPuj||iZDv<wq
zGkin*kV2O#qC~{^ICNxfcKh#byE}bwLY0{tLJd~+(31*+%N#^&335aE2NpeP`T-IG
zwBVX9C<#xLF_6v)EaI_&oIpPn_6OmGX!4qgz>PKq!Jx`OXT}4eP!vkb&8To+@)nk0
zWlN(1Uk$*KL=<%MO!9)EAbcHSp?+uKM10&+kX$1~AO;@#@o+-fkIaS0Cpc3AlK)P-
zXJZ>Fz;dp#V!?jGMye5OpiLIT7to*LfSjA&nP6O1#uv>pG0wxdl7VXc<8VMY!Q@H8
zxurwl$-@_fkiej`nN_O#^A)P0XIVvnF(f8$2`K)x__#S?h`|=4@W7Ke2Zb>jq0m7k
z$OIx8G8QE@Cn#;=|AD9+FzlhhA<l6|{OYSR+_mz+;RKn4nkt4$i&2Po%0hw<Uqu*A
zM*PMgj3dnzE<l1eB8Uh9rC>@?35Wm_5y8k;h*xC524fBo9ZEog!n-1X0ObMM9alAB
zp+kZo2uB{Zuq28nQI#Uphz^bip+PpNs~k;$8dm+0NF8#77lHr+2V>ximFZOs%u~W3
z%7dz_MB5kSAWVrKAZ-1+z^x@lrgldGgOaI48?AJ3CWT<y-mXIl4k&~4@8(AtR0s@$
z>Wvs=tk+-yoJcvxHZW!9%NQ-9tym-lV?c;e5EhI<JE3HYBo-0?7!NHBX*eN>#Xgjv
zhjYckQNn2nunhCK83IiRYGmy7`q&l&6~jq~U++<(Q33|~;__5YpjUFTMF#^uHAa=7
zX$s9Nf<54y<4z1i#u47xkfu)(&J>RSCak*(83;-2au|tZ1Y-cdiu9I(<{**v72vQz
z3#vv{X6i1`p*PS|R1^>}z!QO>Jc5E_!V@8*6a|1Z<%X!!l8vZIW_?hC@f7fTDTq)U
z2zG2fg@;mf2jR3tP9A<TL@0)n3}X#Ohc_4_rw0g5n{Y;0%w|K>;ha<|FtozTkt>1s
z2?HxalMDuc)guzApGM+TV1sK$6zE|LP7*eR0-NxOnT#Zc&byT(<BhwuMvV%oc2q#&
ziBgJkX~Sw-NE5)g{1*75f{P%(q}UilBLG=OP^R<GWB_W(<gWuwdN>kil2FiJ$nFfW
z5lGw#3?V^SFl=Ytu2QMHTsD;<f|?;I6)C1A5b!v~mLP#kj^i295T^8z--rB(bU!uo
z#6OuX-3_nMI3hYJ@WjxBY^RrKoDm*SyBwp+jExkK2|#1<8e_;j=~)3tr0_&YSc@Xy
znvp)Vu53|v8*}p>VqNRSo<YG9L>_|#5)S3T7@>=NHw1qKZSl&oCGN9a>rr8`uc{K~
z%H)hjB{|N&B>G6id;`pQilQ0t1&s67Aq$-^bTTgqFlJT2GD`j#W`vL9h(Iq+<vG;D
zs@IsAH1<R*=0dcojJh(+7hEeboqs3<QUMD~Buc`GB?)3N2pu5wTh?|=V&au+ap3J2
zl2NQ{(wyZPL^Qw;Eiu*i3!3ycO_9ZOmEmQ3Kb<N(of4n{o4nyDMIjvl1<4g9N@YbZ
zPG?HM7ze{9leF^>_csgoL7SsdS(%gxS+<Zu&WxrShQPat0xxn$$T)m>o~m3nyg(7b
z5K{$9Fy{zl^inJ^7a~i5Vi*Wj$CtvA%S!EuSVU6wmIqY-DXQ=gEvJ$yC6E=B6fFWo
z=ZdHS$P<?^6u~{TaC%RBQydK@7*6`!p4luSXwnp}!bZiQpfdPlhRei1QEh=5Rm%2E
zbjZ0Ni~4mC(jP8Qj6`G+H6e2_`hFcS%c~`bm5Y>_{?jT6bf{Mg4NVl&f^}C0YR@_@
zdz(g6xY$oQfy@(9FMpfPq!y6nR*&g3ffHK{&C^$A(EN>bjQD8ncuP=)s!;J14ds5j
zn}ZpPq=t@eH5oRY;w&h{6OQBtnE*-crC|wFt&A(eC!?7r7fc8hZY)w5OaWwu%8&`f
zyd{Xz--uPhY;fA&xl0fkU}?Z$R8kWnIHoSd6-9_cys0M{IdWI#bJBM-z$zT2J7tIV
zsD$_zJf=bS<`BMMaOo^l7Z>?ScJ_>5m^gHEZDi?mX~a{IB^bymm7XgCkT(XEaSYS}
zzD;eQ1-a06cgXV?d;im!I2lE#Jq!Mh+{qRg0;uQV&(R5>8$-cC=iaH`wMp)Oc4GIR
z<pI&l)UA;W8GVZtDP6Dv@iS%V4*0_%s5{LDQHn@sXdr}*d^cx}nbtd^OGgtyh)x89
z#x(&4Up^aD=*|H^`i;I;J#>oCn(m6`;Z@Y906YkJ57ysW2Q&&giY+mECrQ9hkaeJp
zgCAqb?h}B`KN^ES8S?@1bTIrCD8%_GKmcGD`xLY@rnlRqjv7`XNYDIcXz|T;K8SNT
zm}p}xFx+I$hytEI!x@V)4&2`~`Nff481RSl+aizA?wJ9H41yy0<Au0hbI1^pKYPFg
z#MIH7aHoM&23~=VTpLJb)KK9ws_iqcOKQ_5bNASuawHc-<=9NS4O{OewGQ&czF0fU
zy0vbN7Tv5x=ka)*xC?0s`GzPSsw_ym#nJdt9YN*LY=y%v`f#5UHZtMQ18e%kZ^#zB
zvAu*Cq)iONfi_01n<?^rxIGg^U)bYU<UC*;d|qLX8LQb`><^$fr`K)ffNvfqESb?|
zS)83w!()dFp6|fa_#CZR{!H)ZdpMnKv*+`}*CiY~h!ghVyGjnfU*szj=A7Rwc<y?f
z-8l#BkH?UA4RCI?m>WRaf30;G8yH61!~}KQ75KF{=&|^NA)ho$ux!&;U01oc=UEj9
zt!Y<PTH0JBqiAaI@4gopdP)H|NjN)WUT~XhhB-h#M@6)HuLm!=G#V;i9<~0C>%##{
zs?2&@icTJ9+i`R}*NtXoVJkA3-Hpyh{mJ_~Tst1GyMw;oo6)5BKYUbY5{m&@x$yYs
z9JdGPk?{A|DT!<E)TwK#8<`V+U&4<rKaUtS{Cc(X)IK{q&bPe24>P!Z#@*$2*O<O{
zxX)3+8!G5a)XRR1Jrf^$e;W2=abJ3fRXcCkha>M*f}5K5_Sog^^^IUFq*x=qgu%bB
zq;or+yK{Y1M&^I3GxP29Z}IqudcP9kH(wqc?Z>Ynj6b9Hw6GZ|IlZ*jd)B}Kva4S$
zCfZN2+08d|?)whAwTpW0?3z0X_!}<q*_r8cKYf!#KhC8#P~LbJw!@IxSy$xYwx4}Z
z-hHK4e5h0(f0S-_kBm#^;=b^9b#s~ZTh`FUn=SW=^;<XGDNsM>X`IdWzRPQ9=<T$r
zX?1(P{3N9vFSWUS!>Y!(Jn2kM1BIRGzx3{f)lcez=Yv1UQMz?&KLC<+nmzc)skY1c
zT-=k+PwKza=^p~mTXAN-q`%r$vb?j~R#Loq+g9Sew|Hi*LYE&nzD4p_{<6)b%kGWq
z!u^w4Qsjp@G@-mc>l9bIbfe}O(8^j?^FH-FRql2+D)6wD!)r&(T-`7Hrfl=LCOn_Y
zz)~#%yd$9P4jw?!3*_>`nJLrGFw+TPB3&J((@rB?LLC;L0G@0_g_9qg^;rL&7<vhy
zn5A0PKP-A}H^?`6<)rqRu%u}efiN%LlO(WJ(kUs=88Dm^KiL#F_gTcTU{MjxwOBMR
z!z6vt#($V?!d(Bj?_!1Q^YO3TAO1`PjBfvkBKK*<lwp>tstEcGEz!O?P|8^7)Op@V
zs|(GrUfrCw@jNh+b-%0K9a|gY9i(vQIDTyV*4)L=x$Xpy)O@JZba*<7sm`RjUuT)z
z=w{t-fnRi%(ME2~qdZq1Ox1K##cmLBIptR?AkC@~zS3!^*E;a+XeU)_x$kX#E-#Z)
zXR7g}d6M?IsV{Gt?*u3Fch$a1$$uJ+6pzP2Z?~J2YijxjebO{NFPmesKd9ksIhz~J
zTf3KF&)|BUO=gQ9Ec<TVimG|bJe@qPbW3iQT>KuhisIt`sSMS}*I{n**nQ5JeK6Zu
zMODOA=U4Y-D&HyiZn!7_{ZZ}Ue3?#6P47yDFa9#K;KxR1V!BIYHau)Xt=TL)tN1Z{
z>8tIXA=B?xZs~Ng-x_Y`Ww!qCXS0)g486MQaOLc{U05w=56dD_Zthm_qc-nb+SIns
z+VE>)vXn@Fx%f>i|3~r(`%KbACnfLxH>IWfiFN+THr_PVCtJ_bO~1N#6gr#NRi_4@
z)iKa^EUIDubNJJN{~FTmzHq410cE{Co$8V~Am?N?o5{?)XC-q+6n5ilE%p7Ex68ot
zB~@hBovz%-N&86R$kt5K(_{?{J-2<6`t!}JxaMAVX$m^@w1W4^lpQRNAx@m_dP-)G
z2ek6pPU(Bf?)QK*Gq=OfytVAW*yWS?#otRnB=)1x>*9A?HvNuI>n6Xk@z+Pr5>lY^
zgwueJ(#s3?r>T$DTQj|yZRf*WQ)X}-ezk7D<jVcFXQzjk{N)p6RE<7Y&$GtMEeX=s
zA^AoJaf37c7B!=8!c<1b%wFcbYi#Y2t=V32hJQL8xEZeT{8J5j4X2lb1Bq;GPpjq0
zkh+`hri!QKy_S3p`I#%{U5jb9nx>!@M#uN7B<WAQPm*ig{u?hWTPhlyb!Xw7&kMN@
zHk;Xd{))MsP98kGz6}*64SOuh>zf+R&+hN|Pp^m7e~mnGRx_FFsp;0K@;feyJ$u(z
ze@E=Mw;Gh#db~F5J2F~abA3M!e0S_txz#ubUPUe*4{mBsJL@f;%I#gKU&Q~9vUd!!
zEqK~J+qP}ncK2z!`?PJ_JZ;;yZQHhO+n)a4nTfdXJ97ssA|v+xRJ&?ruFAFRmrpL6
zvmcrqpQ_|gxM6HHpKs=8>pl=Wsx6$`TC%yO?bo(Bo+pUcRN2xX<HJ0)-@d;e6*<~i
zqSLh#aJ7G&<|=LJXMcz}iJ7?ccpVrWMH-s3$2@-?7+&RRe)-e=G+e0kRIi<|dZLk7
z%DUzBuw2+!sF+^daC1%YWiGvX%k9oK$W;_GEL?AG6TPZh>%GA{S_CAQ@;4nrH2Ax2
zKhbX!e6?$K_WBBbkuJo^oA}sNbne}D?E%}2fqM~LKTzbtyR$HGIxiH1)}=&fjN2fN
z=<2r6YfZ~C!uXPQG<+YxauaXx!CIs}TdUjs+tHzUG@5=uMs1%dudyD_W+UR&@aFJ9
z?lJ$u{5nNcwe$_8<IH+fH=4V-Uq3>0S5j*6@r-Plc038quJK9Id4a?uT_0QTp}_Po
zOcPS(`VNs>{JPfE<<^7cndjC19Bzdr#|yHSJIlz%*h%ZAJg4>CuUM%nPlbG`Xi4;C
zb)Q-od)g>xr<})o>};Sq5X^B^k*H=j23ZS6<IN<H{V-I#i{nN2fuwIYO?JAu>^9*l
zl*v+dy6N)uX%~9EEn{PUU9G+|HNk_&mNG-Hk+)1Y<mZ@WU)D0vUf_EZc|w~pjBBXb
z?!MpKj7?zQAiH^e6x}H8IDp1yz}(X0VmfwJ!;kN=@uBDRv^qX`OOxwyQ^k$Dw-X$E
z9DtYn*r6`v$7)u{|K_E39q$~=nbxj1IIa-x5XJwk>f~df-ZwItc|MOIU)JWUb6E~F
zUU(7XNoReWtGq6rV0;O_QgYW`uD(oTY&Lp1R*%0KmOD)z)*hjf+xI+y2+h&Z%}jPN
zl$`FfMwaXHt{&#9|5)jQ_0G42Zw+Q`_HaqV76M8!x4owGmcpa9-NL=IKALYo3CicQ
z-FbmFSKgo}_h~ntSWj>IcBL0J_QG6$%WzeErY7_TJICABb$A|0a5);U?^kWsZhtqi
zn|TY9vhb;|#!LRV=p+7YLOyNFhn~>M=xOb_-q?8{dKGlaH>zf^urYZ3K$i0r+E%-F
zv{3D4di?6(Tfyh!5L21SWV-@?(D~`|Gdws{im0rk-~OH!@o{rGTM4o4ywiCk2kUrw
z|0m9^qa?5V@WwFm)ClX!<#IQZe8ui;WbM{wZM)pPzONau@};(&^rSf$a65a=Xl%|O
zqsHWOKHMB36SM{XaWl2I#NzFCox*O&-|kIsExh#NTiL(b5us?41$C2nqw_Ja79qU|
z&V7yZ8q0TElw#ZGZolSOMCjT`J9c@29F9(b!l(4w!RGZNtFo3CpK?z|_x_e+-2qgs
zh4J%vqzzaBgtFGRKf&!hMO#&KjH94+KZW5T@V@=q<}a&T_y-mM;O7Uh6;AA~qdgL<
zpM;h_RaH9)J6j25yb~WJo))0yMiwP58DTfJAfvMv1}T=lMj^v|GGLRh@d~~UF7Ya_
z4mj`_4nYz%?>bCRz<skHN>kFQg2IW`aIXcSUUEjb^$;(e0@i4LJsfloTVIK&h>?nk
zl&R?-gl4>|YvGD=$YP?`SnqkMVP%2r-WEZm7G9tqD#t<c-f%TBOVAi7)XY8Q6hz{h
z(xO-&HxH(ZKgX5EWxg*IFlW&%(!yXzpkC&zNvrik8&X+c%22I|%t5cLTw?jdkZ&*?
z7j2MC1ae`$J=O+C)g@qad2fk~_)+siERBu(b7r$=t(!4*fD5iK<8K4@nu07~GUeUM
zO?mTnxR@t8TZCm#tCf{&p%rS~6{+i|G`;YLcacJ$m}iEbCb!hBULKlzs`FAX@W6BL
z<{f(&RlMM_CCWa_^r)%TUb-!IBMoO%?9_1B^l;d+3XyM7GT(ysMbogZIEKB{`B&@7
zgAhpb#L{yar|n`doo#kD%nQo|CPSt7Vk)^NAbSpT_BGz@XS{=(#ED87UZHgqpNw&?
z8RB8tCvp7}|2PZsST;kC?R*NxB`Gv(Nix<Jb@t@LXA=#e-t87D?QfY-+u<#PhJNdY
zyaH=9y%t&r$vv*dNe>iiH)TlA#asY0)j|mMdExRig+fT~uAq8rz_0;=xzl?zt2wkH
z?})y9+OmoL6Cl|1ff)U}7)pg0%t7EQraNF~)uT7VG&H7y`LGe2qHEitVe24YvCZDo
zFBPk86;ii~KAv1y|CeHcLn`?`(#M{ev&wb6m2%o26~DhT2g4Sgowe(DBTFh|kDdM$
z3ZA|%ZpU<#0)u1Fb{RJOl)cs{h<Z2J60nRzhS<>~Y(Zaa!aU8WBf#c!O!ttL`;es9
zkO5G++R5YSoMpecf;ha32e<LYb`?O2p=UGo)&}ge6+Kn&RS;+^aKuiY$Q48A4&ijP
zI^g;Abu3qH1vlk_tX{hk4Fj2~tAVBqRTnpG^CgW%jUq68GyW)`inUz4g<;NjEs)2&
znw{Le{{i_t`C6EADGL57f+XvlG?Y|n1F*NcXL+wI$fuH*>LbbqDsPe{%RNafZ<1B=
zoYKy?NLGp82fSHiUq?i51Ye`U>@|~6M@4PQRX#U3+#4O(8y)PuHk5<KpJ0x<Jhb3{
za=Cx@&8JA~3w+bX_RP_OO6*aPC~{<X?C-kP_>VWVX}&{Pp!ivQvhL-AI@-4$Z_|7i
zhyQI`!%W)vgawF2YPN3`|1n|b3b$a~oHA(D^uk99qIF>cz88=s^Ybk3jW<0-r&gS0
zJ~Nd}m9wFtH*bb2BAJp^Xd2erxnX%!+G~Jui|3n}_W;@U^Q@17W~{rH;ckwieNs1`
zX!wJREVYCldXgA;QdkBx6A8|0!zJjA6<!tq%DsG2OPQMPA@1M{KV%XEnZdhNyH+5*
zuGFczsuT%_QO8bs<>BDiq8hdx0k~H2cxjzzvS^Wz<zlsx0hdQ?w1h71DI<F|m8rM_
zG*bZfz%wy^A~+b>Ku1X-B-3IqIm$<3gpXVgf9bOB+;J4jY+?ZU39U4UUSZC&z7EwG
z0|d$B(LJ#e6<Jz6`h2E~eqEyU?7CKSqe^x|4`)s%*u%Lx^SLe8qnU_Y=T0xbM_-GV
zDdFQM;Uj2^MxUAvdV$8DpM!0w_7!>zU#prD9uu2{M(`v|LEM6B*gWnU?`l<F+puv8
zJQ@VtxC>{Lz(6P{7IXkW7XUmS4E%nD75h#oGqRa0sNHLEcr^s*bmT(tqQDyIJ54J%
z`k5O3#TcmugOxj$62qwkNC%Ec2d-`gKVQgM+UI~U;1DZqM9&W&&h1SO%|6u-&}JQf
zPtU>qcl>kk_D{P?1;2jI-%pfp^;&_nPbFhym?=d4dW|@4<D>Wu9mI!AnhnJ*4bh)T
znrXd*nMVek_-Xw3G`cB{Kz+VKE1>0X5V;o7P~e5?oze}30M;Zr2N-(ce-<8?4yW;l
zf8%wx2(XaUZl!)(9yK@MsVJzl?1hl&#ZC3m9G|u6xNHmKLG4AX4x=Znqd$#<D!R|x
zlpPbO1fzFU!_dzwgF&Jqa`SeFD5T+<7`vn<ujyA!!WrVjC4^N@!l9?E?QOCdjUhIF
zar&d;Dj39IAdAQkL34gxEg@D?ml#nek$hEHxpv0;Oj}OL3-ixhbixk~&2fF~a2(PT
zis>4}_J|PrN;vC;4M_!Rt|7m}K54K?#HDl;k52e2#+B<F|F$VSG=q}!p2)<=?JvBy
z>ymY`$_I)j`iZU=z#H=8Dd*v|fH|D&7r;yE!VD7)NUNeK7jv{U=IqWt?)IPZ_=9;H
zK3Aza_#)BNTz{^3xJ&CtGCk>^;_H)u{c%GD+SJ-L&dyge@BH!?iG3hpGwDd+GejTz
z5jtDrOeIw99=aT(I5EWq=pH8Yz;rQi7VRe$=oSO)Hnsme6|y(5mF+Exr`?__**qQ(
zZ{ekLgfntPof1z~Y>A{QM(U1%Nw3O+i`8CNg~dmVgYyi;e(yCaA#2a9Q=35t6B7HP
z@NMMDaE_kzg`U~wYX61xde3rlU}aDU)g`~3%7XwllH>Uhw^q_ba-!5ZD>jlGz_YXt
zb*+R;qK9*?X(w|QuAAJhR*s@W)@%Y?o-ScR?A{x}8l2q7!hLi-!QqqSN~eD{K|6|f
zEJlGGk^y2-31(4=!a6Xaq%c&;+<UY+!xl-lk4zu&nCMq6X4^~d=ql2xPxpk-H%tA6
z>r)<>y)bj71N^hmh{qb@^{g5rdl|?F>-T&8c_Z5G0y^ZYxnb{4?1Akmpl?A%o$c+v
z9)(~03}&90X4kYZlo=F|Ul_<|7~z)Lqjv@a_?ry=HDj`!eMkd!DdRek${}|OL)QE?
zmX4PrV!%mdj0^f<rGr+ewB9=;);F0J#B@n0R^2`M`J%zSM-;?@@adh_+z#!vCHArf
z1IX6=rN@@Eg21P8J8fHW0p(SWwKrv?<?aU2a_o^U>7n`aJHqwO73K7XB4Wop@wi=Z
z>xKnqB5c3;sJY6V{dHnU`I1|)vbnWuVw&lOExh~CEhP^$b4di9@F~2;y4L?C)&B*G
z|HuuVe8JO5)OM9@X6&d&pZ?wl5fAKirv#%*7vc+id=S1i44)!_kHPl_{7`)rr~D2W
z3ALW!C*1FunwQFfKp0u>hxOo{b!3yl|HM}u_6wm^?5efw&!sRagqz8U9=6wCqQ+G3
zK~pS)C&Z-ZxH*Dd?h-5R5MgIoOpj@&1H0<i;k*c(f#9Fax8c1^mM<+6F6;^H@3t^S
zb*}&|j`bUnZz9vG_1f%*$NX>Dt)?GQ=nr4afp5+5d)uWeO0E>|$h%jyuul%omX%BK
z&oW>kI$*(OZ;7hI9h;MBZyts879vVCw{%}}l76oiUj8eFHgf!enerdaWssTD9b?~p
zL8*cr1#mxG0jut-TzlbjQ_w1u6Ve@b@w7;}Jv+PuJDoIVot`AbhY>IC=&XOF=vl6R
zq$ryE1yF>EGfh~XvQr~yx(L+i1O_l+3*3^BNB$9UF>A@E|1&RcSdL1tS=!@KZ|Ui6
z=anvhwGpWCp<k3NA|<U6pCHhKlf<%78?*<F><_mj)h%M_m(?0nGjE42F{`}{H2h<@
z#x0yCh>l>BBfiOp_!qLZY}6~iuy<E))d7h5=YZg~<%v(91JJQ)tG)!7hI<AN9$6xn
z#~t#Kzp}`?-0EGq><uNbIYZupu>BI*pMQ#X4EI~v7Cz^$=!^My(Dcy;67OSPZn()7
z_FENJA2!DkHisEDXQC<@YUD)pTLiW?r7Fq!bJO<7gAv)P|55uKUGfIKP3L?V-JzWC
zLyGl7YSk*7r1sor)#OE5*QD3-3c{kWq_Dr}Ctj#u;B%_D(65liD~3#x(cv8K(tD`%
zSulm*xn5ixOJO-8G3^!U#c?>;ZO0ulQa+ha_1@Zy5G;1cE^U$?oy3hTxE$4jFDtv7
zZVclVJHbh<$+DqYb~hgTC(?)1sJNBgA;0-fvtl!Mkhw9N)QO{eN-uJ4i6}~O2%#wa
z*mVe_C>+jb2!oW_kQG8blWOZgnG~s9dtaG#sBAoNuJ*KFM!!r)L#>>HCe#c@FozJt
zJ6+0~0%Sh3+X?c%(Ur`g7GLhhc6SDp3FaLW>`TP0r#WY|^q6)CpP0d+7(iBRpiWn4
zm}?q9R|CX;7T_=!>@b%x1^fvG*Qf)v@kcy(fuBupmQy%|HK5WG^UqJ_ADBrN@ys%J
z#)Z=%Y3&E;EohPgSL3eUF!lCQ_4gM4L}qjzYQ#y3w3cii1Y{UhEVjINKCZpRdXVGf
zn^db?<}{3S;dw_msTt0}F3!isoVa=59?Gq1rd*e#==Hzr)_+8=l6uAmp<L-)Z0Mwc
zPHaRXCO4hp@^F2xMa)IL>luAd^WKD?-lYBig%B{t5HiMKu*ZCB7e<0St=wO=6W>5N
zf<8DPm;HGllWbVgYB2HW3uay6f%&mIJis%bQAPINj{%GR(4TsCCIfw0;@VUt_ZiBf
z*gXt?=ZzQ2sy{Q$SPiU9I#q2%`Goq|CNKF>&rV<C<~3XP|3rr*hsetN4lH;DVG@Vq
z>RmmMO+41UjJZFGTyZj<toCy_=D!)f{K7XDAAJ4aIWK_6Ux?}dy#D=uQ2RANq+gPY
z<(J@MgXDnZhZOiFxFjIue)+Bc&|3zOT9BrYX20~7HKYxs9i#)KEu_mY!{rX?@qchz
z5s;C;+*aZ*vGpHXD<87#m(;3)to>!Q{&zy_KWtXlFP$~|%Vy0(PXAI`>yUephmc#4
z8;~cEr@zG5EhRD~DkVDP9poeAGvqtu7bO5CASEazFeNx81mx5&)inn>3)v0X1KAAO
z@=Ji31JM3|qPqSEpY@A%{a2<7)AMiS0}uefJNW;^blEwWyU;rsTiaRbI~hCD|7x^F
zC0X09Ga!uYd?;;hn)#POdT&9Q&(6bz0ZFPAl~+{?z=%u$hc8rOU-5l-H6sHVSw7IY
z{&4SnS>?#_IUnoKBU%c9%=8@xx}{v(ab0LsMScjPkn#W1Fh$YPC7j82&j^%q1NdlZ
zv>**CfgWAqAtdNwdXJ<TfKG_ehTWoT(ufcMYw~B1`b@pq-$3E>4W60-xHQi|a%I4J
z>;!ZqPxu<uu8%&z8LG9vahWaJpf%z#un1~lziN9JPAWhMtB2oAQ{{9^ju;O>^jI5^
z<YEGR0Y%51C>-J;W=osqNgy{kBSWWx_gyPghXYn>rkhz`{;^(2P?pk?=v5{}lCOZ(
z3`+Q0T<kGxs%cEE{O9yaP^V+{i?&~G=#<W~9{T7cZZ`>`D{kGNCHhO`p00L^tqLWA
zWmg-k_+)}5;;ZvX{3le*0}B3>V`iRZ1(&x;PX9{Gz2a*2>k;NpYcL&IzTQj`XnZ0l
zlZM8p5vWUiIBN`%yErs|{FlCu2K8Ysc~*1W921FcaO*4SDv?a`Uiq+B0u<sjakS2q
z_Fl4Y^zyO-J?go~D5K5IwqZ)b-P3KcCrNdxFy)H7*ob=;3$&`(7~uZC?)t%eF4~KY
zdioMzJ&}n|Gm=baWW{i0C~o5?cxo7Du#4-2$92?-wX$!l2IUV$o42=Pmb3rO%4%qB
zr+tX29lRZ<;B7lQe4)kYV~AlD#c!?2(-uVg*LIQP^+=NOxvb5jK>vk`hM1}q%Vh`e
zOSX(>gYA=(0tbH!+^0#XBr><!rai+yq=vO4_1ba9tKFw$>}cjrde1hzXt3kSTuolK
zB<(|=WaK9x3?v7Q?0+ZdIImLKZv^_hBRpfE3ZDAjg1$eTk^WiGhfe){L%Od*{LXB8
zLmnQ6W%qt%)d6Ky^WI6s5;wEm(m`p=vnT-@qsjV%mQ3{}0!Wp&%%u$=1M{EB54EE8
zg~CM&rbEdJB=8)muHkwOin(%PBTjNl<A?PBHBJCbB;d?|0RT9m008iR9~1wBef+=1
ziLR@;jghUZW0Z=f<pu+a&q@skhDbu4n<ragr6DHFGsAp8-uXUNb0!4NgqlUO;`&Z^
zLB<t_tO`Yx*K~>F+w{<P|3emtdNPT`t_?ZLE<P~nv&@j7`Le|-L)J|$3dJmUah`WM
zYBon>=f1Q(0&6XniuKSrZ7FUImBHke11$J5RC8IYgDQ0Oy^7WAEtf**fTKzSuWomz
zlc}5cl@s`1a8$g2;1&(gzZ@^^R0&ZkvM1A`=tK>O;$<B)P;>WM6VI5)DxCo8n$o0>
z#h`qnNI7v?*>D#lB#Wmow)AJ3b6#XcR(|u?1LHLLUFpU4I8%AC48#D(7Kgv|8=R?M
zcM>~dT0*YNJY#gRPQKzfWga3SX9bnGqyl=HF>su4num%y-G!o67fO~9w&6T@*bvb+
zvt$Xc7+kGjfGGawEDEXYN~43NR9Iz*Bu!a|fD$o@JK$nRZZkoTW}dcEE+1Oc=^Ja4
zaNp?Pb9*#@30(P!2%5knp9H70VkeL@B}Z`hdPln%Yk2-%R*^;S;mE4%3U*!>(LE2K
zFX~tUVBCdP=g?!4UgS<|E$-NohL_M<F@6uSU%l0%{!cOF0Hg(o%Ed&i<%*n&jE%p~
zS0h*o$VtuHcTlho!hX*(f$+m9-(Cbp)J=hb6Z64uxM_6?)yu9eCbgrb)YkApC1u}i
z?VzyCQFWn6uey0GkKTGGqnvD6IEU(M<K8N_@w|W2C;e2#7f4IZ$KEIcY6*pa^kP-!
z8H}5O@A2}9(KlT+&)qaObuNm(Nq$`a81C~WM6U_vNQOe`gmq~cK$g`)pPkP{x44W~
zN2|nTDNz0P5>maIhv3~yuSixWlmT#g>gj3HQ;^!Is@(+-Rtb`xy~{pR$LcC$d53s0
z0Z#3cu-NPY_sl%1-<4os&X~bJW?b)2QK7X%wp`0JGR}Hm6xBv=MBYLhcZ}p-IpRRB
z%YbZYmR+uL-V`qa>4u8xPu_I)@O7U(M8wUHtBF;xb!xk%8(Gz#$YI8qK>JdM*rh6)
zIsI6rx$Oc3n2ft34u|_lZPH{tJgJ?DG!uzVfrGeLEm^y}1r+Y<MLG3d1lc9^5XHdP
z9+~;`5}kTL2X(P-dwLxaCf%J4uHXtXciSgo2z*l(3f7XM^hzv5w^_U6H>Ys=^WOkv
zCesXt_}|UU^B3SI`hO2nT|37lWrg23Meup4X)Q95Rll<Fgn?;prUY599yF$(5I;K1
zgfNm2ukVn*-*K(CI;b`@BpXb=?(SH4**ZIf&0JZ|MAyo`An%Bg-PNC=osIE3N<xEJ
zW<2P%fmwl*l;yUW!AaH7co$-zh*bxn^OH!$?mL9L#0v`b;$T5dnIxouG>c?X;CZQ`
z#~w-QWLL`<Y!iG1N!X<1y(`7RWtp^7foLS$LGy+Ljdm1e^sXeW;Nf!j3D$S#A?sUJ
z<E(%CYbkVaIm$-EU7$vNb*Xomye&R7Ra6DrkKCWl3i0B;?a-h+{--nWEaMDVBW0Vp
z1s{%a1M)8eBQ|$VcE2OY<E*=76>6Op6|e?xp7~oq%-Y8?A>Ke~xfb*`X|8YnjG)?3
zOGuE_Vz9eS!^S{SITcyU8fvnZLk}kI7b4o<4B3r!d%#4g0>Ap?Dl)cl9TP3k9_bDE
zE{-aQ?o^#GTJ~1^ah%-TqveV#ZxL1K()i^?mAn{nY#`+0nh^Iss|phVX^+S92^-a}
z<wagW%^Q2LJ?`A<w$0*)BVo8Rq(2jf@_*i=8u8PK!ms+O*(H;`R)A}g%2GREJo$Q2
z`-0QwE&0(Q`|1G-=q$=vnYll70n@1-Foe*R*V?h$>H0yfL505ml|*sxybg$nFgC@R
zt({A#&860S+6434GbKB8cdGBu&^ZXK*%cTa{XO+e!AP32vcr6!cSGE7bRE3d*o}+l
zbx9GdO#77tJ9u!ysACpa^j!>W#KL`Jfth!`fJy1VZ&>T!UJ~+ReUR)Ja4L+!Cps1G
zDe#lw2Bg>(A3ER%axqX~@$i8@g|+m(drR#qA2B;b{-`>o1sUfKI5~<RjcxK7(u)`A
z`EMSrIvMp^{p-m`zee)E^5|ch-^tuY*UZ+|QrFJh2sfJ1W`F_ak89Sx*z>GxFnp}6
zIupw1;*vbkGFq>=zc@FqPnq2t0p2Tq$byrcd;C-zpqAuNHY=kO@u!zC3kxbsyoQ6c
zdk~tklzj~?;~t1bXXE=RW+b^fP)WdT5am4MQP$efz8<l(GUG;i*@wz}%c<<1c@-j|
zSf_@f(7et0ZHuJ^0^xyyYF^bxLVf$jlf(0Y81c7erA1w^+|6kn>g!x?3;rjE=L`IQ
z-DaULuGAQR=gIMFzgofn_uK6MJYPpAeJ5u}C6z_F@yP}H>D_%v+VL<sTB%6|c}W_I
z(J^URnz6~52CA7+>FH20B+BL4MWub9|F+5i_2!&?zoQWV0s#DH^#9w<{eK?SRo~o6
z*TmLA*UrJ#(Ad$@TJ}Fnj<E3sr7;#u!+QVk8C<&q<xj41qj#wTl2iS|*SJkb5_Am5
zc3g;0YZx4x>lPqmQRJTrk;ODO&!E4$<$1FX^8{RZWQW7cye45H@X2npZ;pmL&jzaa
z#-ut7Ak_hMj4p)EX0_rbTItH)2_@gMhw&<qFt=d3#YeJLscKbk(ByUF{kIu96a76W
zO#8UkZtL%MPl(ry>=mnLZk+sW4Z=S#EoQqE<GZ(YIZb+7A+Rk%KTQ=1J{ms2|Mf0J
zl=+1k|E`0_uQC1qS`Qa%-QPRn;Dj312Mfdq1M*XCAg3xI0_@bAazlv_p;muM@r-+g
ze9VkB)t!{07AD&$yag^RrC?;rgCAPS44h!t%323M&zKz0t({osSAyr*`BQx%h4c5w
zU{e80cS!cHg{)d26a1zM*1~^t9UJI-_W!tz$gg4lFMjmz>yNIvjd_GD?YP9GRLqgX
z_@vYrO?_3hium|s1UM6_g=HI1`2E5IlB1HfUwNzl{ex7l<h_&>l%$ki`G4~ou{ti(
z=HGz;e!T|o|6xE!LkDv^r$4eAQ2z1=UOP3bm$~w%W$*~?60dr}YZ<$g+7zSEcxAnx
zFFa)+&>hU&+zktmJ=>0SwghFO2>`Miy}ZG9)38=?+ZCVji1k7LdS3?c(+WqwiEPx%
z<yY#wih$Uz1<O_mPL!ACt+14Nea3M%R7m{~vaYDLnK;0{ziXdyH02$r+bKSC3sGRl
zs?<^Jr(ppf=_1O9ug!44e-NMRh_QINr6DaUcU*dSQ1S>ZlO3a~8qvD{t6zZc+JGcd
z0ssI9{l?1wYQ}C(#x_RAM!LUmjhE`ywg((=-`Bc%6DS)_aVgWZcD>Hc&`z2&R`%vd
zBxjpA{{8Y+q=@I@I#ROh)+asqlw;9Z99xrn|A65P^%$c5@DWkQ6P>yGo=vx&mKU8+
z7E5HfZ*$i#a<!ehsADPBosK%qMH#JXE6m9-BlccQE7lkgbY>-lPPOSNM2Kk3sZXNp
z5sk6r5fL#hyq@qRV<SoCDPbnGNr&k$#h;o2#6kkMuQ8ALjddA3(2#k_W*dvLDVyb!
zN~}p%WBvmoRgDpuhJ+QyW6U$hA)cp6-Xlhb2G&_aoMjH8Ug3(`Fq}UWG8ZKVVXU#S
z3kfyHqMOkGXi~qolMtfP(@Yw|Vp;D8M!p8Xen^bd#ng@?Ng`A#H+BNk(1I^BDBZzf
zMILQ6VgYTS$gdA9vaIe!u$rQ2({>Ut8Ww5;l1i6RHxdErml<az8gdZSQ=bDB9%GeK
z)tYVnV<5WH23a1O*4qF`u&9hwjk-4aSa%S0{o%)d4$9tgP@(JTb6dy$dgAQMbgrG<
ziKEqFcEMt(%ln)tzIsTIb<)QuD{)}7A9Ia$7|)V##cCM~e*X@2v*C*(1&=RpwuiXS
zaQ9RMr36NQf|KRI@C}q7@HcSLOjtO%pL1A?Cw}4i6D2x}PD7M2x1?-xm*+9w;<YH5
zCVGGr8sAZ@3rF|o>9eHA(@pWvh#~va@^s+L4<b;6Wy|jFAnna>=GDWAJ5wv0B?1<k
z`~+4Rm{$Lc&x_%wYiucdg_-G(@QnJPLtc{4Yu-POmrGr}!#U%FLQGMCwMaLr({Ssw
zX{^yiE24S4Y}U@WorjuX9|kO#@=VQIn-ZlXcd_eJVrIU^VtX*bmSP^!h`fhN^YN)2
zstn30=i)Y$-7EV@8)$u1j-VarcU9MK<AWp6XiB)qT-_e5JpY*kpSoI={>~S%1pB&P
z#j0@B!`k^9szp!$F!0iLa=2zcx~&&6LEGCg#xCU@t;QF9f<irf^7flb!y$fm${!o<
z1wd9V(pPppZ%EOB3q1$V6ZmWLK;ckfsz1KLg98rmiMK$VP&#VtgCeW=o39CdxvIAY
zV1AuVU{7=FP)L5EiLk^6I2|2H!XXI6vv?Gq`%pmJ5QPnkCODX42okYRB!%Krsxa}a
zt^CKxYBC87zUKd`0DwSN|I|R~1+Ct43~NUrLWnTRIaL{Hg(;1Oi3n)unfujNkch}T
z#<WOn=lou42nLLW8v&QT-0YUIVhl-ExQ#+VBV{ZkQ`PfKXZxgpI$Klme<X=pYZRAd
z3g?X|j|%RCiTN?)sznoaTl#kK4IkIg3n5`d^g?@G`(%P+H7vvd%Y&D5;etPMnacV$
z2^(X%6aTqwgj{)c?fSf$J2@ZR_;bqumz-_$+14E-+ui~n9Qs&s&;ZMyOJgEQ?fIs?
ze%)Q=-XN?cm<S2V+C$)hyeh@+X|M1Q(;wsPIRt8u_|JO5gB-&i-wuaqnjM<s;NKov
z3$axr(UF>O67Pd@jx8kKy`E)7jy@WajXqLomx8-tv39CTAUPISI+D{II!+TY&4`%A
z6As&rGtAP2(Gqbvi?{Aj0hgpF#d008xA~0|SgZT8{96EToh3l0POAD9iU@imLH<?7
zf;|+G(VzgSH0w6Ga~$a$-~pY}0SBFLWfIk&2RlS%ErPz*ujq${5_P-&4h&3fbzO9H
zCFFwzTM<7fWfqWRddi7cUc%b;HPA2ayGLO<xWPmw9Dtf&N76q6(7@UOoTv*dR%WK5
zyU2~Kh&8#GT!jdi&)u}^0x_fDH}tm`NzZBsu<)Z??N7uID{CgLNic~#$@Gk9o4p5K
zy>H4rE+~!<)N?Fy#$6UlM?#>3$JLk3>EmCNPS3|t;*l!51JOjm<>PGiOpIJpc;{TV
zRhq{7%rNQ~6=>+SezEY~_qA}>O2rOdFI`>*=zY^fqJ~&U1Sw=xv77lrd&2{FBeyau
zz`%I~H<29{7#t%OW-c-I*udX^sD=&u5-f@tR;7N&&ITG?0qWd6fibR3C_2qmstv$V
zhv~6~WWcxL4OYbABq2eQL#P5E9j?LM4rWegSPEv{futxMd7dB5!>^(``~~ByU-T;V
zVLJK`W3tCdAbom2#xT_}`G-rI*73}23)gLNjcdIH{$&}-n}6$P?M&l1;NMkqthL!;
z-mad|0JN(?NHp}rt^S!yj<|t-XTK<nY}@K_)Z#rYo|^oRy8qsXj@mPy(uouz{{cfV
zY12EWB{%vI7TCuNgOt)NI7gd#JRG%2#Q4FYL(%(&q&kr&zV*;3vu8Eg;a56G1#qLs
z74F9i!AB2ty|~Tb-L{&1&s7XN=bCHG=XKo9d0cZA-#9L<c@{-LT5;^DHLK+q0rf^P
z{D*p1;J0BN2~%GVhs{jLw+os>>+V+_)mq2=Va4eKHA>4tE(Szu9p&S<7AUBF*+`90
z2d87&&Sb{UO-#vs2?30xp~k9h-=oVwFKi9mRYc4l(+<6)!F4`6L?g1q()&@`Qns>T
z>`3MenuWAZUQLvEMx4@;cTn~$o^VSC#}<0UIXHbAu@~vWMc>xe-=AYY=^D|TVfbuU
zYiA{N4w*HV%)dMf!>Bek8tgCLC8w-iTi;d_-n2n_dE1uN_cS5DB}c+a7)<^8V6r&r
zwX6MWq7yKT(**ig28ksQ#-IoVEX1XIEHb`R%)>9mzFTq0Yk*VN%nmnkphd@Ys_8m7
z6Zl%MUZw~pir2sZ{_eW(^G2h{cvlPk%+hVOivt@OpU6vknZDnQnFP;*(<1#;EmmZ(
zcAZ4IxG&+90#OPMsMLH4E7P_L{s`hjc#^pPso=4;FQ<B@*~4;_;lEGi{lugz#uvUe
z*l=)vT>{Tkx}<DBc(ZX~4B)xxA3VL{(~Bq5p+#Kf)+b}soaKGPIqk;zA>?aXh`34s
z#~D=1URA;g={vf4WU19y&bN^=_q06rJ1jquWJrWUkp$U5a9!{yR0K})3(r4M%eC%N
zOd{{`j<6UZPP#6Z)^23xUbLB41SNB6SNs*vegmQTBc+5bHB=5gklFJZ8B95j`*v+O
zpGlECA*@EW%#&mg^cTEJdZDuuZuLb=K71x8B6b>9X3A9|`0ZxrH?jKp`AwZ1*Ts>3
zQ>QrvCqN`<e@AC$RP;7yoJ{$Pf6${UiuNj`g?*(oER`m`&vl0_x-XNbsI?6(-5++&
z)rD43?Vj&XXW0rcLLLs3dc$w55d4tniZ}qPTQdhXzKht8VrYEF{0p^@ZeEpmX}6yN
zQ+<6bk-#aWimigFi`ca)wp&(ZhHC@Y?k`4*&LIJPtKKWv&8Jz0t|13;9}}fDuFxg7
zsF?sX+$T-D8;qlv5zN1psNtuHqmiO<dYFV=QL*LM4{w_hz;-JCsG~Mna=<GMgFc@U
z$sOgE>8oz`=eYuF9`~L5+ZNHhEphrMBaFJ{8prpwiSl_Hnc_gFK~xEjZT@Yx?hmQ%
zLdc1<x+2|Ct8UX`d`%(S8PJ)~g!k%G(+hQ&>sI9I4XJc($?h0`d*<_|I@o;3y@hQy
z8-zi)UtT}?FMl_+BF9f{F=XGj@2y?M2`$2I9k`oF9pq<FRcoAduVa{2O?X(3ce?Ly
z-85U_J9(N)9ive`nBr7kSDi==fdwO-KXairm;=0T=H%&;NWU?`!4XEz?dbqWA?8Ok
zKb!Zv4HM`iK7a^cbEkUfgTxEhM`oZk?(lF^iFK%<8Xw7asa-{88re|&wT@$e0PS9C
zmy>S_1+_ySSC2zs(2%s<)d-YLk<=)~wH1cE@@_Tw9@PC+6RN)XqYz9XH%EL5+$uN)
z+^pvzM+n@V*g9&!L`;_Rn`DLl?e(H0i4RPb9F1HCk#@ktboU>C9T3rB6cDp}v>Tke
z^CF~_K2@NB%%PO!n@Vi}*wZLCg40X>g7mBAcU!@Q2RrGwz1YOn$#j|ZZLyKaQOwNF
zx1Pg=8AhL;qb7L0Co9cWVcSAwRp2Z6{0GTLpv9<re^^a0qU0l_?l3%ukRU1~MRZL$
zU=quaM?pS84bxA{Hxvm<LjfV=yLo$vg$Ajc3+8H0r<Z(+r`RVtUz@O^42^14bb-3)
zP#i0i>Cw^fsW_8F5yKo`#j<mARu$+8b(5wH82kqVha#GqOxtU89v*c_M3V+}oBCfL
z%>hs>+}Q4^47FZ`N@wIeni7-1N=6l_+ATK(4OxhwOk<_WMR_tJ8B74;z{FJ|MMNo6
zBlIy%EreEftFptNuN;B$mcAYNRvi=ryiPx9&&EUb54V(O@B5g3khJ9W1g#h$Z%bMx
z`gmPK+i8ct{?Vv+ui<D{?RgPf3}yt%FLHb?>_cI@IcAS%dbf@>9a-pV1B>LJm=86K
zA3^M4YNk#ekM}pe6J|6Y)-^RD(Uq`eaUz7?(587J?R@#_Fe#d)MZTGBOuWf7f-K}A
zS4AXu*W*%pkH#$5K29^9w&wVob)9-w=y@JGR~4SGd)Q<*mUW>Fk=ciist)W>L6r$&
z7g57`PYKSi&X^&Ki0~_1$Z%l>!nj;FXRGr)BjWFbwwp~~9|ibD>)?dW=lW3Bq)jUY
zcVl*!F7$le8<*&*E{;-SE4aRGy$A<}7-}84^h5Tb4E_@MCyNMD%=*-5#Eb5?T}z9U
zn=CiQkU0Z^h$%S)xk<4XKb-fcobh6yzr86P9b?*mz7i$<z7j_mpGD4f@C=SJrFg;2
z-1<RPC!vUk5hztA5llvlMxYlW5dq7r?<w>+v<ii@)acN7`Z@!~aO>qd5C29qo0&9-
z5~1$I$Lcy?CN6c{n-%_Z>3EBOM2SRvB+T4bK}2rEC(HKGUXf&pT#SsAj|;|Ry(LIB
zK+4a{zBV5RL6HuC5#5-yO`}#s-JvV8IWZw3XtQu2z+)r^7LU)ZJ2*w9ESMzd!jd_a
z$ZRvH6g195l*kNx3|2s8sc&{%b|KEONgrY?M_GYWizfJ$!P{M9CIN_e{%d>rPSn>v
zfVoe<&$K+DqCc#1mE7p+)7N9d(#~n$A($`CP06yLxXDe*3NWG-+&~HKQ@;`lo3jNU
zFxNU;qs%kfw!Y_-od=OFYwFMPQf)6u_Clq5&@+ij4})?2(Ax~W-hn&&T>$5X^Fht<
z%_k>3n6s078YNJ|k7|f=hb_G#9vmTFRFFE?&LtfCp?o|(7%|i@h45U^fxoC2)^1xV
zV8$WNy2vUKZ-J3B+mlRqO)CyBrzof}WyE!-w!wa#_04nbeTgR4he4iYnLJ1X#QM1V
zql^a^XflA<e?wHo8>M&l1hRhppho7_EB{)EDLE?9fZmaJzd(^2ew|(yRGQp)7UCA2
zA6;5IGfEK4RBygw7o8P=DY9^aXNm^qHx?G+LEd5PQ{=vWA?e1pdwQzD2D<0>>|u-j
z^}=OZre2g#Scimz++ffdOA}?MKHFtI>9c|zwUw~<p<v$h;m*Tj-{88KBt33qJyH_D
zl9jmVHzaiN&{yc>QHNFJqvlZ}+m-yK^mgc-i65Jtk|wk5e0c(1^i=Y8H;<_}z88li
zan~9ZB;{t)4o#|J7Xk?PC6tmzW4z4PnS?Hy$Y?&`R_A?nU&;WNl;f()u;)=iSEN1S
z5Ny11*@<3OOQMOMw?TH=TLz#D6MXRHD&{sU+IlgYrG{p~Qrk+3b@o~mH-6_&kcTPI
zmR}3s4IEORRLxHVJW8=p)QIbaMXlqZ57bpgG9&xoT9N8kk+gI>;PC^wMD;Rt9z6d&
z(tNTML^<8x(>Kv2%U)t)y$VnAk5iU<&UY6n(<0d9UaZ>O@$0Q5f-9oJUhLYPrYOW9
zis4qCg}To4ZxtTxzvJUVGL4?<w<kia<%}76Z0ru_HJhbx!#Q3GSZ0m{kX7x62%>bx
z`d)Cr^^Qp65?JK9H)^bP1y^dR0T<;?%Qsw({8d^M0N9^Lo9et~6*GwExGxK(Ur@_}
zkHPTw*zQ4d%zRHrevq}y6o8kqlY`>uZ*~!xE=`9uu3-&)2~$p#kC(?p;%rN`N2C;Z
zsAq6n;!F{C9%r`yVRu`V1HLj3$#u6OFE_tC|M_o;GdwnqOg)=4eA2YER1o7l9fc|m
z;WhuY$_@9^)bGRp9Vc1Q#I82ONlg8^kQuPaVYU?J2!1E%bH;sUI>A_%dBa81!<Rv8
z_|d+%G=94^0~k0$Rlna5C%TZ1K{$CS#YfA{L4}GDHANF^DDT}|+4P-H>`-N+&8&d6
zT*_1mU4K0*7}4=ed(Ywk*?U+%W#r8jsC`m5h-D3P0Hu|<w8OOPq1w})>06!!$?g%3
z(lm0ED;t~_#P4zUm>#*@hUfl0n@j4JvhrAlzHMF?eK5;xpU@Ob=L}2`|MHT{qQFG#
zK30c4=U{nb-D>h}#p`_IPcF$Ub9lBMdiCh_QyAhKJFTaT5oNnpruQ_qQBBOjU$7wq
z&axJ|3|(JqA5Z-jxW4*dRj9SqMoW$3(osn!+JW;-LF6~Y*7L6h_A4+9`I{VTm<mk7
zBtm@ttQgPpjXAdBqA2X9O%_<1ecMg<mAww3EF}evAL#$&hn?!0zxg5B?*a4a=p_ac
zL-UDZ(-;HupbCx!gFKKY`4I;eA(p(lc%sI=G46584QGk7Iiw$Rlja3DwrkGE(Zxbk
zF)l+w4e!QY<j0E*#w+!;*yT2yw&%HhUXa5IR3K<X{<hu>RsjCTUNr7_%<Ds~6R(c$
zT3kcrN_57%%+>ST@x<}-lc;SW%^CdYS*ROTK7z#5U7@Ayb|%|YH)Ct6mr>OXHmJj%
zeGl<+HujQVgL#O)lJCZRgvbl7S`TL%EzNy2W9xO=K;M+N{Xo`=0@X)QR_#qUaC>xh
zN)<_a^u^38@tJWcN>b)FTQh{IS9W_~<8{V@bvh`*A|(UY>?w8^q}HE$*n{j{)L^TJ
zd!!PT&qhv8BYx&Cm;8VPk1ORBwseyjljZg3WOXF?Rn*dotgnksZEn9(hVRpGaTaw1
zTKCu8ev?sN8)&-ql><NoL`_>g@6#t(%f&3O%SBmMOhuOgjUO=W^Xh4v9md!r(_@Kt
z&e=54ozrO82^=``W%n7Yf;!`STIVG%Oy1!e&|}){whBt$)&`hy9lhI3QrGKB?JId0
z3Ers2Nq}M9VoNtx%2cIAe-y(9EApW@2wVwP7Ekn!G5=ZZQ%Mzub<nmAdpazY0NHL}
z@`KTIVcn8yl**}#8k7WUV~;8Vo%CT|rf9|c5M!(YpO?wnV8e@c%jlmLFudCB%&nT}
zOFKde4jPCwHzYCH-I=W*EeBA|5G{iDJOec0J25Hl^3qL%N9u@XWfxMorbiU&tEY8O
zA%!HhNeI17is;Q=Q-xlrYbpbI05>F0L@v@xPd?&%AqZ3tI~cX>R9pwPplNczex1AG
zNRXF5IOBS?;L|34z8H)n(8Wr4$%_U|tB;UL?ce@uRu<f@cj>&XVQQF`-xz-Kb_E!l
zOfF8%R3%9GnNMgZ*P*KDR-6S%sMHnBf%F^o%`|1niTzPj@|24|N?G5k-btW883U@2
zO{5yV8XQh|RSeHn#t5571RwSspWd4iaCw}AU@d7E4OmyR_cRnqg?2)&xR9mSe<Hs?
zau^&ihI@ku43?m~n}xaenS)&Mz^I3<O)24pE6-~x!(ey8;my|-gb95GhEy*gxb$E*
zawl@?f;@j^EiZ*w&gA+E_)*Eo)v96<cp&>RPl4JgO&1?;5!*={aV1|Q_avj9vloX*
zUwF96S0_;^@|gL!dB68cBEg&*G<YF-!Q{bvKm<f08ieP**G;a5^s@~kD_QxNJqsX3
zzHuq+PU6DVv&k2BL8GHaNhtC^?WeNDfo7Cp5em^puider5!dt+NhlNU;)Tgaet2yB
zbxZhhObgFA#frz7b?R`#@yWXiyiq)^*m=tcb4-m>&1jSMM_FjFv}n~6+YfPIM-s-J
ziSVPT%36~BTG;_8zq*}S+Zj4eL_v3SpjOkhqRe4a6m_-qjb}633_ckd!49_VVqKDf
zAMikkHCOT&8W{Nb`A=?XS4|oy_x)&SjN3h4=ssTC!ynxu5}`N7q;+m7TGry7>o=Ut
z1g-@=*PV3im*z2Dc`ngE$@5^3?`NU<mo|*d@j%+zqoZF}qW#(Eq_*BW%5YWUb{&NB
zN&UvJRFZ^8k&Jh-F=L;7MQ6^v>;s!w5Cjx0OX6T5{9yip)m;^72Z&z{*wf0HvCq%T
zW;k-h=FW&~B+)Z%z7SCL0c+RrnhI_m+Mp@8cLc+&(!eZ_K_G-v2y1p?00jcA@8hXc
z7G&2R(MctQn@{<LEIVGtwJMqTU<Q1{eR~l<EAPs#edF#n$cRFK#PQ`a4}`pp1$<zL
z(r|aBPiFP$y3&FF;plTa6$S#V2f1Zjw$RVk2<xNur(NxR*9Za3ln~1P(|pjY53Gch
zi9Z&cB-vo6I2|8BPD`_US14dK-*oOC3jjWgMo_R`OoV17Y^|>e7)OgS_6)&ZXphtb
z&lJ<ZU~FIctj<+BwYP42$AF}#nEHL94u_Hj_7_!PX!i=aUd<kVNh$uN%de1Oax7Jm
z&-u%0rM2_?RLQ2MJ}Hi~6T^u<DjIIQe(Aey>86Xl<GAFJDK6|`^K3)ITz6$SXBhba
z37xjA8%|dK<fzgEIIVBtVxroeal5^lEQNGe9zyS)dQNpa%#~^3&y5wwE5N|M4&d8p
zh7LR`UE}`0ECto#^xD>=#9%cFl1KX;zwI7Z>t!J#EHlh#X=*$|1|jvHqG)|uj59Bf
z_g*O}S=xE)5!fsY035hD)|b2=9P~y3O_f;_fB?V2@d}lk_?q4H<7(b*owgV~n_Uh@
zb-E#?_1TW(+!)l)Y6PRE!R6X`BpcMw6cp=JPisJieCZ?@280<R{#1#`Wjk@Nfu^ye
z(f;s8f+#h-*JJh=?+}|@CRcGCu^lW850qZez)TtZgwynWpi#Pj)r>tOYzNQaU$|Fc
zk?;Ufcj+k<c#|+YUS#>K)=*@6-zC+i$KU#C%?5X0AjXsH70K8l@nVB`^{&f{uwduW
zX6)SAZpYDk`gUc8<SWJBj0NfC+rn32{;gQshqW-IooGt+xqaD&N!vF5k;tvcp-#3m
zvOJrxNY_IpNZtK_u$Z_5F2#vF6mgtmi<m-4(|_~}-<1bvA3n`40Lhm7wZm;`0$In2
zBt>v0#iDYsMmcK3Pl#yKqv_y`_3o{K?(3uS1Qj+5`=c#|D`S|!&Mnot)75??s{;X4
zlVMjBm!gOZt;Ey7FLQ{1M6SZEv6G$7BVf?#jV<ae33HLjhSP(*gdzy-rfpTBCF?Ok
z1<Ja8do(>jB&k0!aOA|HQ+@qq)pmAf8#x*X0&kO4WD^z!g<XUXb5=1WlR}%Q36aU@
zV`Tl<4toD@Z|!7*?3HR%u)l^mF)n=W2$R<ww1|g8Wsgl^gSoz{k_@dBxJo*x0lvNT
zR;3z{hkpm!h@<hKa3@^hizk*oVe;Aw;p6&k=DiIIDDDy`S4r$hQr^ERoTZ#)q}4Ni
z56j-J#3&QGg;pHjL@cr#QLya8uvZ!wJLeSL!BLncS+)>Z?F8Y$iNz9;s#JEzq&aP~
z6W&%+1CP2`eXcYZS}mbDXb1%E&v}1JDkwX<i1DG`ZXaU>49D46p6er|a5;tW^mRws
z#yS1_`9tG%4DIX+3v-K>R}WTCb!$5PnDxsX*h2P`ShijA3kNr!C3a<E`K~4?le!Vz
zW}&#dDiaEt`Dp3nwGs&Rf;{zbQia~HkHb@u?wn=H6}$XzVXx;SrtLdBxK2EHw#U~1
zLz4?EK3YH_Kn7VXH$zHZG`!l?7rW$PleF;-F&ekk!XO?(2r)<O89#8I7wG1FUIe#$
zQ#PiTrEHQSemhmBj%1_?G`Pb=!1VYz(m!*-l%zycYY)L6u0c1xgImci;OH>dfKIoe
z8bke>xGz<xeiCc9S&PpHa8kWcmC;0#B+OaBu9PVQ+wKIqyd^lbK@FGopdoxfgowKb
z#fB5)#{d5MlVcR%aHtatP(Q1FKmZwjL==dWds#d`P<p?5)+lc~R4EnC*8dv|0{MA(
zK8{<gEvYGWjfCH-_$EP=iWwz1KDeEyP%rnv4&G5Xws`RtRwwLk=VB(mh{nCrv$~`d
zfLsh97(?^625y6nS2zikVQ|dua3EH2Ta*p4$0my{AzOq|?gD3?$RFE(B5E{!WYprm
zCrlTM`_v%wR(Xa0AOC=Es(adQj3WN%<`_s;=x1s;WTMF+4uEqv??W_^3dh%QYQYVr
zYlUelY2l?L?l*jG*_x!-jz>QTY)~VL%sZI4xMcU>*0@y$!k||EK@gxoR-1Tjw{<4)
zJQngj^4lL;M}y%bWpqTgE9ykU5o$hUh&e)v9y#!Z1D~EdY|Lf*b?O&RS8qs_mcqJS
zxYc*8%MA)NeV{GXm*?g+?3W?mEZSCO9<Y?4T%zmnH`rO#u00KsZfRtW$0A8H&@$8R
z(P<`AqJK>@!ghw!NQiU<$5Lr_@_g_>g;|of?vV~0t$eOE`gDdIB5!yMGt@)=sRN1>
zK}1}1N;olg++1Avo0<edRhJP1=o_^?@G-oa4Dn%d79>bK=C93n{7BBR5<HiDG48ix
z>bHZCMI+`P)<~V8Vt<pkv=~z=nO{-HIQ#}rY7Of2Q~|T)_HC2@iCckM1-Z;l5G@+9
z>DKj%Mu7R9+YQKiCa_pj!c``cp4{Fjr@=ybiom$v!qOgVxR3=jz)yeNIhjl+aC5gT
z;{Kk%XPe@$&t~+jUppa1J9zdGP7U1}>}JA{qw#oxy^m}Zl<9ERx+WMmP8{@xi3~1P
zZ;gd9=Gr{m*m}U$(_OWD+B$PphhR$&A7GA^FymROCY(DW7J$*{6iP++iEX3jN$xMo
zP>?$4-k{p3K;nH)8)As+KksQtq*<ZYZ5xc?3wLR2E)aP$%4t+Atj!r6N79=N+@1D1
zC}3jRRs4DOktb!=Y%F_zVK<wf{h(f)L&`2*04{_bYINS9(wB{q8|LOBb#9NpFsQqo
zbJnM@r6@?&qHON%{k!tWJQSZtF(v+Y@6Ihi{+`7YZyqV6y-!yPo&h9r5JI)=0=SsE
zBo;y9xtnx&u(gV{rOy<qngb0dMvT#wF`*N;l2f5q>$-0Vc6Au1nU1ktT-#ndQRS6S
zO76%|=otx*-jx7~V+c8m2o|ZZ)8J0`gGuKfOkLwvZ<KTxA*?)43t#i&LX2^=nW5Li
zADV?(W+*+}B~z(Fm`OhcU+#v$EteHvHf0&V319vHjk0rot~`#?bZpzUZQEwYwyjRb
z>Daby+}Q5ewrwYqovr<0rgo}!|At%jy`OW=`#w)?nhNBsopB7scVk0ezZ`E<ok5aZ
zNmlw~%*gSvWMLxcIjIIrl>%r5wHkDp@y50OUq{Va-gXhcravbY-gCd6Q(C%fFY3+S
z!cMVrl+-8?OGav+^uMd~tdd$fGmOwXgASW1jZf%}t{=~rXCi-zg(O9>RA`Lukv|pX
z?kdjcET0`S7Q?K(T0gPZ%jh8o!Mlh;UdBwJ*L9@M_YDrW3?@SW3+NabM1gaFvc1B1
zVZ1;TPBCyadi;USCMH1SLNTT?dK<JV^8o=z6@CAAoYttNXO-JN@Je~GQV9|r5k0-i
zZbn?<Lxf2MaZeq83(s6GX2&vn;LL_2m(_S%&a5U}h)Yv(_yVPYmTtr1D7VrrNyb9o
z+|ce2Mryi6Zf#3}@kEPX&W_vK5(tShJ$jG}kj-C=5<>ms^^ty4Nr4JZI7IN^?HZ_$
zVa@Ls@r$n}ooQ2c9bYd}ojm%+f85hqO6s-t6{e;+R$%BQKLz{8N5MjdGHw(gwEYd#
zL11thN{vyjDac2=nM9oWp$vSCtY#4Q!8}hYuwv^Y_gOVEZu#!gjcdTR+PY)VhVHCp
zjMK|fumfk`wDY^iz)=@Yv8({ikrrjkoxV$EKMmv02Yus(!)T+1*0SAidAFX@onnLv
zRM<l_mgk<Sf0?4aiRU-e!Z+K{0WGliP~l#n(6)AcgH=}BU!M9z{te9%3j&MOrzCKm
zgF)##XMNqH{>6cAHw#O(DDKnsH`HJZZ`E|JNa$bk8FL8RRa7Ca>JzFtHsP3{zS_%q
z8PEo8dVsP^&cnB>By4a-bDlaFm;w*ei?{<B#AQF4gxvys9No71aGa8n&>$rWA8;rK
zPi@efEI!@8TA^UKuq`}E)QY*V#JacY6r(o`vM5Jy9!LAotw9t<PMzO=7dC4CJTGp}
zp@L)(_8<#$CFF)iB~XZ^UW=b{z5c8TtQdZ1<K?abm^DO1Pf$4%wx4=Ly8J_IP&7O0
zB=GHP!8Q{lvW+;D9ZDPNxexg?UU&57wX~LNXa+pv4&@0Fk!fBZF*p^k63~NzI}Gro
zNBaAcEp>Vx72Uv{A_n#q<ZFMA&8xs@Swm?<k(VIWWM%F-m4qZtuKMhTJ-<zR&{|38
zMBmeqyCeBIMVfb^`nFcnUA&xlxOuP-=)VI1qvN&e3bt%gQ&H!pzfUktqfJZ43Iy<A
z0L`$xMuwzKB@R;;rLbaayjYK`u)MeuYtKh4uiP7Vy<Qo}iC*G<xl(=$X4}hwZF}2>
zeI@jFa8n}^3>fJ*H9TVNw3W_Qbsqa;JFYC<c-d*^Nc!KEmOZt=b6Gbw&Zy8C=38mf
zX6b~};M=pG!Q$}*%9@+I6YL}NSC$JGx0SB-Li^Vz7->+p6-R-#3+x@lfBI0k6oY<?
zPw|=_e~J@!Kq$^Z(FfjOroh!!&|ZYvU|4UI9+%Lu*{RF2GEj;0Lm{xJHqQo>GrP=q
z$odu2P1T@p>3aUV$0*$2yonmVqd#(Auay5LL@$V5!cYp3d7V%DvWp0q8;4-qFV+Ah
zvVT(x#gI|Blyyb!gO{V9&C#$!9%oiivKrh^o-xy$<?Q7D$W8YYMR*jU?uV*X@b^0R
zb0^V}U6r>NzDFAD9i>dP`G~h3A#yjd7ik?OPv*IkmDiG8y2YwIU41z*<>GOhx`m8>
z)`@iRMxTAQ`y^~gS$!Bg{!Cc)G@IxuosuKObFpu-oOfRv^z|Czk4@DCl;SX1RK>ED
zs&ya<HkvUW^^}lEn6?=^r6UF1Pk=^lrCM~RMJYaRdpj1U>M*)ruLo%zSTh{zE^aE$
znW=S^8UalfBV-7jHNYw3NUEr#JmgbfO!$9vIVIv528k^sagK83#aIcqCgVk$ugt6C
z@Y)<1!g}+hK%22utz8smEDFE(J(Ql>I$mYLZ>unoIQZocg~#MXhEQ`7X6@geY~C!i
zab<KlD3hqD#a#JoJde2GpxGClBMAJXkOW``rrKs`Im{1Bp{k|jncaFc%uQL${nK<M
zDOL`uXJ4WtPrPRG^)VfEp89fWeTO9pp_ZP1UOcIkXvS(t4v;nT()b`pi`Q5mkqv|@
zyp6KY?kVvszIijiP;~=5hQ*d_{{$Alznj(c9OjwO{HALG;{|{7(budQ%PPdwDKPS@
z)lrd9h$dtma4K`~R}m_OK0NFb5^CM}gmd<MrumP5uL2!%?wMO?(~t!c`nK!YZb{m9
zg**7ZoCzPp)(DPdg8N`fFw+V%;VAd&^Z;iA6EFox5|d;7BUePy4UIz^&igsiydVTr
z(o<cs<h%cwBe|Ga1(w`(ge{*%L}R2o_@xBUNPR>`9HdXG9)0Z+Pc{q_DorNkgj#ai
zCz|)(ez9mgTRs>Qr~K(HLhC6(l^(P}8G)53MI_iNapR|Pz#;Z~MK79@T;k12No;%$
z<FViJrhdyekqMT|@H>Wla<*F(MX69=Q~0dFOk9&s6&{*?nEPVWm(Eu@fqsIJiobqD
z?TLRd8*^4Jh8YO>2HoG!B`47SvhR13dvEf>cU6*{sq7(ESd{*IXqQYvZ}uC>SthvA
znN-ao6Mh_&md?&}T6YOHaX2ZW<;AlZA@x4N(H*Z>m0_;ZP_e;h6<=txM-4Z@rL1bk
z&faM7Bu8&seD}<rptGzj#0)+Tjp8d$LGVQ4l?l?{x%~`c@NDZ#IgfWmhA9&(z9T@T
zS+=VobI!`k8yZ0!0<<!-_cYlu$XXgUt0m!zlj0C|$CW+SefqS`(>z?gVY8l}RS5_3
zSB|H?8KF-P@PAEo8kOIda{e%Fu76UURR0f&&i~VIy3jUoS?56UKQ0yW3L3uBlG*D%
zB~kQk<~hz>nHqI^Ln>wy7eSdu>m{XHZEtzKXpIDyiYv(4n&jWuU}LQ&zHs>Y7uC85
zbP#V)k)y}xvm6wtVwpU0O0HTVnE=-rVwnsvKi3+bkYmuMTP^x$f+d{{gJFZwn9Gu0
zAvxJZ)v8SrN(5#0nYYxNVy%&6omotRuifuKm)IV0p9O!W+>BC%))wy8qqGNVs|}3#
zDNY~@(V?=<1gRM!Jdj%(D7#yfiYx7SAZv*p8V2MZ3gBqamSw%7@fkH_k?3Qwp{Bn%
z{zFb1&sS$_gf%%Fh)b98=WoKV0MU=;b#j2+1X&rtAI<Fd_QjUW0k?E`B@IL?g3=Ew
zI$Q}qF{-=*38gD*OeV=m#Y|^6sl)GArHoj#uv1RJ2u4K{4OEH+&NIuTYy1fBOfYJh
zG=0{*_$7FU=Gs+xOltq}=CC%ww99UbJ|t8pI{NysStuGjE{Y}{IuCVY+sy#=%%319
zvi)YP?>kw3^PW$Q`IcWiC~)}VNy+YHoc5MpMG-Qn(Zf=r6E%B~H{T^_7r%jHX4Ji6
z5u#DG3Z{B>Nq0YA!+K)4zjD9Rx365umsE>s1PX7TOC^@XOHiB9&CY|9{sdi8_eEE1
z)Qgudh3YF3m-ah?Gy}-R&D7?YKvvTHr6V<gy`%44qOuF)I86m`5e7_BXx!15%srsh
zCCf6vZWtr)cUDH>o%a8kVh&rlOH2bc^#~w@14~VVGf~r{!HWb-J#av6<LNKysQw;N
z&1FFSMzj=1<37;6(w!*$l`cFfO!e#7^%nad*0?+V(4h)yWxnmQXcn{DsIDw2HXk3F
z;z29e5~-gJpScScX^^9G!NeukfhlnAEZ8^<v{IF7E}S5LLGtyiRY|~()ALE}(#(vN
zL#4fx=N4^oT=zB0P8v5*pXjX`bU7>6L#^E4vLNx%Gf}NkDelL~GV{I<7U7*YSQ{()
zj(2<vGar#Rr6PI>p^V&OP2Pp+R5i56F-6o)DlCS5Q`*SbfFMyd|DToH^FAx6d_OCZ
zb$rn$=c)eHUa53=wl8??Q9GoYn{M>GG9Hmdr1R7-JaF7^TrvM@L3FQ{rTx~fH&Olj
z+as+@+0H5pO&QH@oE2mMK~V*C+Rq+7P+GGJHgPHv&K{XuJP|2)1ELo*)Rr$agvXrV
z7iiqkQy<Y8`!W)2Vw_V}8lip7*0x`oT<vr%1$|bdfbBmA6Pts2Y<$*uQJ(i{G`BjB
z*2L4H$IGF~#n;0}f)|?<_>K?ytNohI9h93<uM8Gfz%g0_G=780ui5GcC``<aGXHH$
zIs#J^(TxFrN3TO%K$~kP(ksIWoyD}e-TAgR5H8`>VBR({JUz2I^<!MR&%4O1851T_
z-4Tgb1Q2q5PxPT-RkKS_vzYh@Je-V7!0_;oBs-sJ`Ee%Vvo)3gk6Rh}epeL}1qf8o
zbs6>`)H6}kn7s%}cD~+e<^6OrHuajqQLkAJR({6it<Or5_m(cFP6*m7_9Uq9zM+nn
z=lA@?vY0ey&8DELjR7s~aE=kgJ3uK8I84o7lw^!XUc5;9SxL{1EXi0#q+0z_K^GYO
zZ~=N9ZGuH%vW^aApTn_=y1DG6UjzsSYJ4eH>u-S$q53P+Lw|<xNhwQZnRov>Ng{SL
zFw&moafzY0ZZ%t|qAksUOtUpydljLw6xcuDW?-dLax6uqv0^KU2}8nKEN{YdIdx2>
zlS|zIG>&+!CA~j6*;15>;<ok?1H>M8dIqD(bRVzt)BbP1L}MMKkWpx)pyR=A_7_Uc
zidW!(n<vsTb^71?65CiV%pI+$u&*LQ>t;{8>kjK58_|H(jR|nBRWy82I;l~e9mJ-}
zKQR(g0AdvNi?wBt8d5X(NLhg^rKWT2ph9$PWrD790Nn}Db^68umhq8RH^Rt15>6tC
zsVw*w=VP~I!>nETQ>tX`JKYH5GqXfnai&vbNkm2wOsug_Z`^7HDz4CtP%RpdM?XxU
zx`VIujNjPtNsC{D+Oi?Lt1TQoau@-4Y*X>hOrg@dnN<ts{qoVXU6>Mm>dJlAX<5x8
zT+B`4>4W*3{hiZY4Cyg#>s++$j<6xiR<>_k9dV66ZhTVjj-&{^9NjlmY0BH$X_$_!
zS)f9YVNIZjGOW7d^CO-VuH$lplSy6VB|k97CTDagshFoeN#+SCV<}-^|7tLiLoG~)
zn!oZSF`aSsE}F=&b11}gS?OJyzRNU?EhR+eOb_kubpzb8qoGx{3MQ((Im%V!NHW!A
z@@;`%vI!^%QRfIEYvv{#bA13M1O=rudNGVVQ!S`Df{p-3c4ubRwn9PV1ogR<?jJpx
z`-46RkP2E1b8E1OWhXZ_*q#$@&wc@;?tv)wgd>=NU1bpUnbE)8JOW?7d|=w1+``1c
z+J^pm5|ui-Biu0?sNr^mi@h}tXN^GFH*q{hG7CPRPVY)Ueb*8;M_;HwuDBm1$u%J{
zkQ!!~=Y)ZxAYm0?eotStA$&p(ww0CZ+a^GIv5*`SPr+Xbt2#YCeTzdv9@H^2jS&cA
z?0J3|>6~Fl0eQbmV7v)g_#VR;mw2Au2nld}C#0txXXINgy#2wkJjJssB@H*cl+(2_
zyeX7XDyC$L;(h$`dkR-QIrj0T5}Pf5#1(fhVpcn>yoGcD5k|?OPnfjrl~Ik21P?yX
zSp%B`3WD}$RjaIyh}&D8u<ypwjA`jb8$r)IqqNQnI^qcJW0vsONG!(DwCBsWiiDK&
z>l2yh(?;;!WGDj39h!Y0G{y@yeUv4U^WKf_(}h|UoG9(KNQf?KE&b2Wc<tS;ke4LE
zziA?Lg|QJ9K~mzQ!Nd`lV9Rb6NjdPe8uy$Z%Yc==&h>!}x&x3Iu553HImj(UXZUo#
z?wKM%zf#klwRrx40>mLgfR?4pa*g`09`mEk@8uU4w?9*9UJHzEe6b*E7y9F?q4P}`
z1v*Kd+n}tvxgQ2cvq|5S_awtkA(H=j9ND$sXee_=Q8@0Y%;@x%1nX)63$R{;O{ZN~
z>{~=rD%GBf6)*sl&jmCAKTe1oONYU@N1vE?(uMC-k<IhuoX8ZMB}_)lm>0>xk8KG#
z2TpJAI^0V&_pg!aqxpfTT!cioGaCN&NMG<s2TX`9ElG7EboPg6=L-~<#DdfLYA<z1
zgG@ab+rV`{E%w~d$@lC}=XLv?^Jn90UYJsZEg$LT5=YLxD)5oi694~v)fa2XI^c4{
zbx+q4fk7#(@tqxT^x{R-U{b{ughXEHM?sB8*}~pRfl9lhJlw9QF7WZ@6zQ=+#)?G{
zir<kY``YYArs5`pd>d``UP4dXY0Id-pf#*Jd_1wOt{4)lyJwSG!CXfpI=2SZsqZW(
zNY@H^$KBL&g!tX;B=es9^li?C5M$nD4!x_@fguk&TOepo`R&KH?4F8Qh^28O2P=hC
za-9y{`!)JpxFn72FS|5)&l$s(Yj-!aabYeEhddh(XfcqHCcp!rz)(BGD|qcRviC&z
zD?FQ&1U%YdJnL<D-REq3S3vk@Ynd9<vK*=rok9YHk7;LZ4B;B!uzHLg6M&*v7Ae60
z6x?3*3S)rZNaz=G=JczE*l?Vt^m)Zp^r=ff0QqeI=$+O>Btc|I$4^9c2yMw-SRhKG
z5vZXR6d1LfVXVU*Z9#hPu4siAW?*b=l<>xo(8toS4gS@wNV=}Ho)yUks21~=DPt(<
zC4(=$>F=-R>iL$GmF$}I^1E)t#E%%Zcq2?`h*I%Alg!;wDO+V1nCO?`@m>Wz>63P?
zah!~9pRC7-#id}oysTw?#gvBEL>}Jl-<jV|?@?qX?iM0AdO>!ky3ipzr1e9hwTXQh
za10^6Tko6ZGi10#Q6aMf-gwSynRpAY&Y;_kEtoP7PNLA{J*K)FdEAF<S52A850*ST
z2AW!7Bd!pxGqUFyGv*}OoQVAQpNR13FgYVzb20a7pJiccb0h-$qx@n}iQ0dLTMhxN
z8%S$}@RgTaMg2VcYEHZzjC<^F<Kyt=Eow0Cq=KtFWxU+7BqzM9=-J5ysX3U`pobAP
zaGP05tKVmjr_ij-7ZN!RO^BDlL(FS%)uH7A(jH~kUUD6&ULPD_=?=i+&S+6l8T;c0
zY0jiy00F-bB_EvS(psn~xE?<WlYuOb5R9P2K;8>woi7FJRG%Pv^rXM=zeYm!x;P6G
zRXj|Vy<qYLlzJF8fqVAuBRlENrb;&+hYJ!EQeFUEBI*jF_t^Y`3B|Q9c!$-SjM<7p
zjyUipEZV_AJ<k-~a0F&+h=I|~7J%uOSnf!S>lT`xF!t^{u8u5?90GA`Fyl3B7RZi{
zoF$m=T&Z>{XmPN^pfrovtY^*P_%K`qtj(mbQjD6CXg!aqlDb-nl^)1w&QJ84$Ae-U
z!=m87(X(Nr+9~xT0l+O%yj9zBSh}AELFcLP3GUpA3IDyWP8}IUZi)m1gvAa7MEn0S
zeEsy+o3yoE*11rA;y=Ai70FHYmeX>JKNQxXeJa%DLCMt^i^@GZ_`h+3@ZgTXN-5(@
zA5WLVeWDEr7LC8_r1Cmu4GL!=U-l>)a%tPP6<>b4*A7Qx9(ZR_6+p0zv0<wcl*+|J
zAG#*pAm?X2n9A(_jZ8zXfFk#&;KO+C9XMdauB*ERDZ-0{W*UkxRgp_f8wxXjxhC6{
znP(&4+>?&Qj;AwI<ENjg11?|aHT91lnhcb2Qm2%pXAy-HT(=~@Z!nvpXK#R~0~#=f
z-Uv4u_xfAttFM2i0}_OGcvsYJ8tS0Og4Ni^nE(f$TTiLAg^b%Cup?7c1+iX!4WHtu
zwR4p-_E6Kbo>p9rEYw^Q#LPg>WdRyTl=8sr9TDZU@v}0dI2EE)Jz93B$bgzGP{Gfj
zs8bas-h>IIkw^Q*te}=M$6XZ!3W&ja>oN~{%}!5hE-4_@Fw34JEB;LK%B+--AkU6-
z59-~<EG8fQl*yQyz{!T-VMt62R-Fvr36`cdEnFSQB^4rj2{9F=zz*y35)GtX*#~N?
zNuyAuLDf|V2q~vv7Ja^Mtgzt7xIuE_5x!a)0HxN)j7-VSqR~$u;A9;t(nxOGTa+(}
zA8n$c*rZhmbmp&d9vkHkN`&%pc5*YDIxI$N2mU?(RqhABwceHIt^0=yued;Qet^cQ
zRFoj<6v!dR48)fjb%$+Ob(C>8Al+6&Td1&-PCm==1+ip)u$x`+n9`R90__qfXKIrp
z_<EIT7aD;BL$Tr-N_iCFO|#4cLTMKm%uW3KJSbEu)^qxzMdS9jvFpj~(ksyN*r0Wu
zb9ND!+GrZtKo+i`YIL3bn2s!_`I*JF<8b}V=oi+=-{5`fgRF;Lb_qm@jD_+TNhuTE
zD^>Voue73*I3l1I4tupplc>~RF}*I^Jn#$E&qiG6OBV6Qu`3o6kH8>utsY)};_az)
z?D{H}vt7Ws3|U>XYAzwbCTUT8`;f$xYJ}^|Xg35aFxl;dKxkILI+m+Du5y&f$)t~T
z!1L1Ke7&2HlO(C5S;5<eqc{i9zp<ENl(Jlzf?-v^b|5Dq1>3?eSpVpOMN<r`(2M<Q
zq&HpE5ezU7@o@O<pk4&*4!2{zk+8AnGipx9L|nk5nyKX6&IU>Pn<sOyS=#eiHAH<}
zo7WV&S2osobTv(Hs+O_6=fj$G5hzjDkDpb;u`j**!tc$()yoM_FE{IHO3=VWL3Qbn
z8_e5Wgf0#SEAAN@ZiOv;?BL?V@A~cIL$xn*47$^3yhvIvq7Rk~6b|2P$I#as&{=_q
z2}o^}G7plXM5S;Z-0+P6?gy4d*GcZIQpFCxV(w_v-Wx}@Q9-H;BvI}xCMLY|owIOm
z)TjOTesCNV1X{WUq4v$igd9D|whuFa6xC$|nWi?LKSV;L7cv{z)Xn$XE?)AE(iZeQ
z=lMJOun*KqqG)0l>yU5QaB2@jJMF?7dPtdgEZ^=WEv%7WaP^6Tg?qi^!g|eqkD9d*
z-(pO4Jds!{`=5DZnJ$<N9NZtPcpNw{conopVVH>%Gta(CpkCp@6Jalv{sG&YXg8mq
z44gotl;g6k1h6(;B}=i@6w_7B$%5<7qyie{snr;w1%(>gM}STVr%8~mj*x#4sQLt^
zf~C-w5t&Q5Ye_vzBYS3!MT;Y=krmZYFrdx?R5=(7seO`luJ>Mx>at+vTFztI@GN|U
z&?xDJOGgh<565~6d7xd>SGEqxmr)nR*ilQ~j4kpHQNLM~B{|bFVj2HQ9jt`pC<^FU
z9Yf(k?Ppv%2$QQy=F_s3o2@|w3_dIst}rpqNJ#^bho$IfzyYDh=p;2WGzg5QGKM0S
zj4jm$r<)5HV{{2^;{}V-$sGz;8!PTDR2%m4nLf58d9{DD0iQeas)=SBVM%pA69Y=l
zAr7G&`kWPVU4;NU_8P3NQ?EH%iDT7h0g*QMAEWUXDAiY~L{P_n4N|^;>oIfX>iDq(
zh2eXVRI|%rnAQsVW}$(132gN_!mRtf{#vmCNy*8iB#Y49P~Wzo5ukyuFhgDBSaOul
zpkvR^{lpIPa*lUAxgRKoiv^8(fFR{o17n87n|my*EBHZ%B_N%$$p%>~MPMy-4m+?r
zaDt*@?LoG$qT`k-6Alu03UNYM$c7E{JIuB;umwyEjLUMfS|qpr>5PwWfUBQDog=|r
z{5q;~3fqU3opb)2F-M}Tv^)I86{CTUerO|=f#tNdmh;xVrCKX|>a~>T8p#K0F^lUU
z@%CDd;Z463`1T#yqGisyMWefarNig)3S!a~MpDdDWcJ>P+Q9xNs`qMf(#h=$O2^Cm
zrqia?7^Ygl!7WAUuic2<X@MCiMf|6h6bWm%HB1L>_9Tx%Lvlw^vo-G;VHx*I`;1?0
z1FPG_@v78ZnjJS^$|y(jm9@n=asyw5yBRpQ>mi>VH_w4A=A8lNn?ZO?oMU&*D&<M_
zo$a#=n8qP5k^l8rPDt0zTkh;PR^8PvyXCsw<W5B*O-8-7bP-b>p<57p?^I37V~Y;x
zHE)zy{0JPjDpW}oA=X>Jlf0DOO$*Qu0&bmKKdSr%qCLGUb4N@ixji>@z|ou@qr7lx
zvt>*@qejk1hZSxF`Z06%xZiDKoi33mJh=X%y@XLkbMrF5Mwkc}L_U?9rs1ENW}pE!
zgh^R+E;#t%a{dbL>7-%IrW>GZrDe+yMCj1m_p@8eT;1%ZL)CuD1F#am=xgU(V=&PA
z6prhpXdQ*f5hOVU^XN*_*k|5>XEww44oIsPW|1@Wk6<8N=N@xqXcIK0QGDbP1>Yv8
z@7xbKk52j0PuNi#G))L1eWFDXy+dvn4j=QmVugnJx<ls?{m3bDw)Ef_8$1&{F8)pE
zT!{m5!LJ5m&SYM6KNGc^KX05k*!@apqLlfyp{s-Pi><^F4uN{by!)FLWiP}Ui!a@h
zf+Q5}9Y;R2XQi_Hvz=ljFleVuAhk=oU>23ZsFj!3f|#RNC&JakBH*#v_<L+J70q&c
zqs@G1XynbXt`TfSI<!@C1?}nBqqBKxiGDsc{z-r20(-xndP43Wp-8D!&tda`!a4Q(
zZ?9;ZKxvOAOGLY-4r#sgJa=itoTaS?O@Z(?MI)Q&cG_=NklAR>jsE(}HwUkTz>xBc
z^=W@O_Kd5(9i60V?-$;AegsHFccoEx$Y1`XR*x0?5Du#%ow50Gh+l^H?#TB%rn|2i
z4$2#g3%E(Zy0tReF`HXmbv&t>&*W#3n%NF8(y%M+#*R71JQK~I6x#ZZIGI28$%k!H
zr<qWF@F^~=#FpGUl$+~(Hmx6n*=d1Dr2k|<+bm-n$|S|5`9irexWuBU$~)lDEWsSN
zI5@NfmF??4bKi?vo2u(vNdD6X`8d<$*k=!~X><99b3xoP*p?FmkHgF@Qm!irk_n*c
zc;D}rG7TT`NPwv>Hpcqq^TjI%L2{7{10*=9cXqrGt9bb-u-x34PQ2&Q$@4=0Ut!Wy
zDB_C;T8`OFHD7s^%ARx)B)h9G@m0JmN&?)$g0h;ZC05LLEEhU_1Rk7U6$#w@M7u+a
z^`^xFiZC)~^x>*&H+<E%vFnnAY=;rhHBw1DxYAfbW(N&>^BFL*robXP+g}n6i8Ran
zP@U|BH}hvnjN%!VFTd}s4(T%T{7mkaj2>b-<qveb&Z*DS7KLX(0TNF!HE6G4y3pl?
z)13bEY6I(%#HG^hWti<5yVsWZ!A^BU;<uj8%|P0edbsevG#ukkPGp@ERZ+6*qB2HM
zGfdSg2<l>kM*0k6vz&_)`6#`G{}wopsqg@*JtG_!24`2OwJBJrCG=-<Wn_ns{X@2e
z_-=3m;c?w%C2FnT`ufUwYVST8JN5q%Ynmm@DSys-ZipDhN@Zx0_oW4v%5AtPcCaN)
z>AxhZX(k}z479A9egq1DX$8fN^I;T+TB@j(ifk}P7-oKd`k_b@yAG43gR`10(F~*e
zg5sR0C*o~;XceaM0W3|3!O)9hj7VFFM}?+vhkJbHf(4XDa+H&e^@%TT`qYk~b5R*s
zlx(B@nZv?;;g(_Zo4m;2_BN?^g0a5yLL>`~63hmc^Fo`qec@{*67-XA@c4*1J>|^_
zHjR=Bl2Y9D&iGZbQS@Yt+-vFW=AS~5D>#yxRL}^_cN(6xA+C%gEQMLTRVV+xHqq#y
z#B-+U=L}ht64oH_KXG@QmRB|XK@v4{!W~W*=q;Z0WVv85=F7`?aoB&t46M&TXn>eE
zAJd%r#q2i8C04Tb4|Dpd(d?i7dwZ|cuW<59i4+U!{AMu^x@mfQ&6B~+H0+d<v-SFs
zs@3s9AqPrI&7|qS=!c0ayZiJajGTWS=HN~tv%G=Na}OT^PNTsdhxXx<f;kbs05r!a
z6_105I);18aZE4E14wGDG$v$_@;uXV_kV+j$sC95!dEZ%NB506@6Yg!1e);EkSyC}
z4(NSjF9S!ww8|e{v-5-R$P)uGlWZE~$OiOHjey1jEC%jYrVfSar$=HcYqV}q6wG&q
zv6W|z@8OmFj35&WagiccqrdCfoh&NkBUJ`giZo~-TpU*MP$wg|1qY2Sm*mavbs7G;
z!|GwwQ?r<uUP6nD_)a)KSWTV;2fAF<hqy*4U!pR24gyM0Z17DFLSqdH@?5BCaz0J%
z`^^}z7-@^(o&`+@a%Ws{V=@J1n&y)79;u7iTE2&MX6|C;&#^9QSPY0Zb;wJCY%06L
zx-p0{Qo{=`4_i=nD$T*sA&lv05$oyZSE{vF&vH&(nOSsNG7+={!04)?htX<7iFYl7
zwR)Kret0QC1DYvly`Al!K8D`*zC9^3XoclTBK=g;>gp*>=<{&#>~oH4SGi;aJ_>dD
zp+8-r6burFET=1tPELJ@##{>AJkCnnuJsmg9UDmKpEs}EOqvEJjcP3-#3g2ht84s;
zc#z4uEJI$E>;(Zl4qKR<ou`ct^q^1}W|K9EYx;p;36NhK2pY$!O`Qc!d3I>Mpz8iB
za!5Cigg9VEOam`8&8yIE-pB7Th)EMmKFkzM%eZMLZc+`-Vw>DfMs5<*Nd|<T7N=?Q
zOpNdh9%YTD^A1E8uEmZiWbO{zr~S=a-X};@so#ma&Uh+q?q~i*y1Od+`85|uMZ4+e
zr<uYYcUxYMyOtd3hM@VpM8qd<lM=G`CH0m-S?dkw>nsA$yuq#~&zY1fhHgSA6Q+=d
zn>zuYMtCv5OL^LZg^<DjMjQm7tN+-swgLVsEAh3N(a#_-Ob<U$Eou^bUOPr@3Odfo
z`Tau(`oqK{^7}k)lB+bx^Uv?vfSXrlB#ZrsOzIh3$tD_=p-ueJM!WM)0SZ7%^C!x<
zZU>uJIHx$~UzO{6(DkcIwTqZrqsmPjh0f8o!VY__-+j0Rq>M$`*@W1Ty_&USfij7+
z&qupkMU_sjc3qbdMQw&IDWZ)!s4n#fNxwLk+!&7brjm7o@|9~eDZU3b^>viKSsWra
zO0O5zP<TCT{D?C*SC@v*#WK!-yIx}kgeyX?fJE7Hni*c<bhqHYLH_HdcobGFu>b)G
zD3tSmURGGy|G=MYZ4KNUEu4)^%?!-`H~Q#8TlVKzjMV+ENpxmP!=9A2EFF_5J@1*3
z&T+-1;O)qd7Y;(cMAi!|G*)5!{lt*t8y-bAV&_7I*dk=;A?UlJN7s8zfQJ!CsDR=v
zbpnEnd`p%JiAX3QBsz|gfmsm{DhQ`MTw)pprO2F(pYA^ptN@)nkVGfNBQYIotF!kP
zE8~_;I=M+jq-KOFWkdo^+UW!DFZl=Y-Hss_xs!<W_s3?fgQ8##<jJbZBb-F{@#cHt
z{FgLE(6TQD1hC8smpR`+gD-R;B1_iH*AQ-sS(*YN<VmU6s0W)lA(>=uykD(^0m979
zA#fmMo_G`kRI1bzbVeYUB1MQCmN;}c$v+Emh<g;NN2-gP7!pq8e%5M>$r=#XsTwGB
zU>Jv)dK}~ksQLQ%bIm?J?_lr3Eg~v$z1qZo%$TNC-=X7D+b1m~=nLfC!8Dds$8?Iq
znFO90q9e>K-XAl+Ln2g6L@*6S=aJHX$DszwA!BSs5%_}8kkW-0J}?{CUnwav=8NpH
zT>=kLF<5@P{rRotOS*1kfW*U369SX5e`2jV-06ThW`U<D9T|0MiT)!@zC^m$!w2F$
zKJ54fZj=n>nYfbV!e5-068LQ{uh2OS=1mMKIXv*#zzzAk*aUP(Pr0{tNjhrQ?hEn~
z{G|V-eb$`Moo}T4LQr|uxLhwc{(*l=>d(UVy}E)B3=UG?(If6~4T`e~Ggrs4;a@3s
zm@HuPX)`VOoZr+2sy0d5Qn_%z<HFVR5zJKZm|XNy+jAzDIMA1F5T2vbGI^`dFS1er
zs{Cc%B?wK5fm;A>z=-pU@;SIarZ^fh@g9l1X2d@oc?v0ggz*rw)24FBz;G5Z=(0ab
zY)qhRVK?bWBH7=f4pU<!Mj=v~c3e~c250C8n}o2BU{KR=sqrw~&DE(wK(_>H+Xb?m
z150Tc7s}abxWdA>Wv#fylLe|m6=1o^IOKY!LWvp{=B=#cxh(jEEb?OQoPf~w!J0Zk
zdYD)kqWIjU&REEncbeihMF}U0Q8~aWZl7IuNIpkHjIi>a02*B;YSGsco}yG8ANT%r
z*QgVZkAIKA{``>*iJ8QK5XRkS?aYW%>d^13h<;22BF=5gUg^o@04Zxi!Jf3cO<*fD
zWyHBqxlk0J1iqqn1Mgj*y9J$pPoY?f=Wm{G6%U^_l2H9a#way;xLL@PVeL^+&CU(U
zG)8-f^GLQ<p~tWH&~Aa*K*QEXIb04H(Z1vf^A4?9vdi{C6|2k&^2=<Xsn^i%=ho@3
z4;QV=r%RtC=c*7eWMgNR!8>pb@f6Na%Ch5$!rz-KTDPmnl+P>$WPPYNK_F<1xOad~
zWKMhz%bhR)J-!x6r&kuY5>;egI`4Lv!aQGOGq>~K;MQp4G2)9yUT$eL16+Q2jh9oq
zNZ@P|Y2_?DVbD)opWpP*ru@#OoZV<|=E-GLUl;#@5^vN4tZ^^8YD4o=1YoRd^qw}8
z{Km0XNo-iZbSiSI7b7*R_BJ#av)7R*v2~CP6kEWr@FNjn%d7Zt0KZtLyLvzFgf9w%
zc3p&Mug->7peqTke;U;-Ms?cWg!_x2b1AO-khZd10=t*U@0h92IIp}#hCpkbwUv|Y
z)vEip$ejSN@d7CW&c5%$N#L&CxQ2X#ovmY55>x6$Yh`%g$a9&#!t>TlS+~Y=G99>8
z^=~4t%)c_B^MN(})WvuK_*%XwO(^6T{)^4~)bk{3oRZ(9*qVg!X3bcrSHa=Ez?9>s
znIP0JxDnWrE6Zipd^yNq$GvR~dA-oYExkF#@cJju%(AL2YS7WQ)VsLtc6ThQT)x0P
zR7gMC(*83qZV<J?RRf)ajg$9<8H&<nu<-0NYXp?$=YSa%m6{m0h$Rtke27CFJ2m6q
zN%Si?6e3!EOy)%XjoMJP)q)@9!w_X#U*JR@YwH^&Nwt=;!2K!-bg54>4thr#7i#sK
z%B~pW<8;%7P78Di_~0%({N#L=8~3iFWq(#pL7aza-{Z^N()r4hC-NKWrMn3oFcth;
zy()jx3V#-=4{t7Lt`*;@hLh6Q`UC9X5|FrV6K7Kk<{@0Mi{s=m#u${_6-~G3ai0GQ
zVZFNslTg8u2Uta@myjS1Wtq)HCEBDZkCRjhHaw!TtcjoZiU3(?pt(Agb{X70m==NM
zP;WNuC?OMRA6SutA8AdAr}8+ixASvCbC0OxieP7`Vf>WwL)>12{N`ieo!2!Cpks-{
zwJ~HcD(HtUe;q>dDwwAQ(GwG4vB^wV*m0Ji=aIh($Y=8@q<WIi&}qj}c(Yp6l~}R(
z<nsFJ&}3nZ6q}4Imz}aall_5~6Y`&CbVWRgbR?E4hnTnq*8=&SX($BSHYH8Ac^EDa
zFPQly6ACnCOeK`OAN6ety}8pyN4CMQ;HM$=7bhbNk`>1*X{MfNX)Fb4>&S&V#x!6a
zo)TozTX?hyrXBq##G*t~AIVlR0o`IYH%Y$ifuWLII?HiaCLWNt=9nQj{P*RDcliCi
zsI_jtE`j9N(ql|Z1f@RDvGMfRDgnbP5KC&WU;3i}=ORK^I;u?1*uzTP?V$Dy^I^jK
zNhAVO+G(y+jfpNID?6Q^)x|vJmTY46RNGUk#ZTghx)c_}4+$Gl0(8t-0$nu-AGSSL
zHl?TUuJu<!At?(NL0T;>g*pYG%cY>4Fa3)hKyWn&SPzkz{oYQEK0GHzPW%Olc?&-&
zD-o01^stq}XO<Y%$VT>f_@+#MzXP0tGNmQcMD*8GjkUlc>Hs?zHTib%^WiHokivz>
z%ycY+h61Erx<rZrg{qglwGxewQd}WFxFUM3nCd<$ij&5Eh>whs&(x+Niy6VrDTf+g
ztu-w8F6l_-VyHTSBDQb@f_MLc)}%2~mK;k%g)v{i;?AR0xUmFy{uA$F1&B!&!ZY>9
zOu|<IL6|6R+yK86_ir#^lWBEPb!;*#G1!kzs{lP;swuWNGZK7XTEUGP8~S%B;P&M2
zbc&H?Hi~IRU$I;wV)2|~h&79T+lz%SOqX?YUA>3~mSn!A+`aF_m+ggOJ0gZ_%nhzX
zm3<+}WD&4J#(`J(cXK@tV;uVhDUmw8ov{MJy7zda(;z?@M^tl$y8ewaC;d7P`O`=W
z!m3THN{KT&A*43Cs@7dksQ7-;&R^w-JFv)NkRmm5tA@zVdN5!<K{hJ*mYoG@Xluuu
z)wQbX*-ay4lFfe67c@`d$S#NPY_rEq1qK^MgQ-o+gj^VlH7BC@&At*P@%?sfgh)oL
zzP+`T-Y=?jH+6X@-@x11lWVMKF6JokMSM(@rJX}uGjY2xB|H((Q1t?hk<?uyyC4A!
z65zKX;sz3PI%}y|tIWCar}7Zvj6KWfk&{zdsa(r<-&@F$-PUDH{c@KMJ}E`2Pb!kT
zK>z>)SsJv9M3aCmd&Ha<!CJ#s!Qv@-m~_fX0-mH9(b`HKNhZ^-BA{uaNVT33&$=%^
z_&Y#Y?e;v5&(GuQ?RDtggZ|<oWgm7SG#HJ+--JfnBf!esEIB$=iNRCx;q)~V6SHsU
z_3&`WY{89Z?Ti>Cyh(=CS##r7n9Dh%BRgX(3uGO8((PuyE<*7oq%59+N5>FPn@pnB
zEI!c8Sd@gO3A(X+E0*-j9oYHmBJkDk(6D3Nb~&W9an<h6c7df@`ah0<p?<e%g3x45
zDY-j9YolCRRCIIr2zIG6x-EIEGKKNLIw~=y8f4J*?lIxoD^EMjb^)27U!W#HH!(L>
z8Gdz`auLXXWm63i+CY`2ecxl8WY>4Qe&%?=M`47Um5)(=fAQ#SH``k(Mwqr8hDlb@
zy<lCgm@u?@7DiMt0w!*CWm1f_I`ZUUp_&WX**hcRz*YE_nm(d|EB#cQfJXv|7x$ko
zD+GbrtXk*4nTVt`OO+%cDr<qpTo+CQz)uW1JwCeHmNBwW0VOx*u}M0#FR+rv%U(QZ
zI0Ow^6-wphSJAnfVBea^pv-0Mbwf;uM|lL8TKq3`Wu5_2ZD;!#={P)7lA%C4v0uh*
zmGAl-?L5Jl@8yP=?Ad<AoSTu!Q%|pVs`9csAK-e?!UUG9t_{{s34%l`Z}4N{`RbWp
z0XjxB>f%~^I%$go*vs|-g@qWPb~cu|ja$7n)&+Sv=GX68f#U`EuiY&Ut8Eqa1NH;X
zHZ5?hUu6(HqQ$E87@-@sI!_7+u`!NVd^~F+AfKq)1niGUXR0Uc^0<-#<M%Y0zlunY
zdX*bO07mN8enD4?YdFuGuU~-E*4rG5?>2hBMZB4(ZdL1pND835jt+2jeZ4JCUf#=p
za8+Gmc<D!yGoQAEQ3I7sErPRfjAQH{z|iZ31;-uMsok5{&KBwEfU2aOSD0_C3ZW_F
zFu_C>8M1jne_VcuUE9E62w;ynn9qvIK%Va}z6TrH@AL9U9g(@?QvtEB=)ZyRd5;*{
z-JtZ8_A#zg_c&zm3QBqXa-(vfdANw0UD_Rvxa!{Wk2aa1Be_OP)&be8MmR#h{vi*-
zj8(6y$Lf9}+boEjHx{bPzU7!;wAs7N`yJ6<Ad0B$YuQiH?W?pll97czZB@fORc3`A
zq$AziHf}G|k_KJ2gEE&Ci;Up4X4rG*Zs>maq-5+<L7uo!a8Hoh@MCey6Ep8Jso~kA
z!Qr%=6VGAx1R5H5L09z|UFz<WIj%D$K}~5lOz=N5@3HBLfrD%&X}41N&KruVKnZO6
z3y64Qx<<w!#)e$g)HPO^!n~<`ul1*CQu=E_Y<Skkf=}}t6Gi?khJNLK!q<$kz@O<i
zRh~q<N+qF&`B9x}KAHz)JMh#yBoB^8LotFkz;moa?rTK4%@PF}Ky1mV3ro;AE=CYh
zP+`@&BBc(g6@X4)DM9P}6F29uYVs^>3GJixJlX<E|L3eq>FxyJ-TjAvV2i_kl_AE(
zg@w27K?zFh?3iaRV(lWz-#@*wJsD5*bhI0Asqo)NUHA#@#X2Y;pmQ7`AiV$KE^qH(
zYUb+TVB3uS>99Wh=<$i}umP6{U%VjAZ1}*(Cc9ZIqyyQagQf)bCYD2|v4HR7(Nw)U
zwcY)EC3P#BbZL(rAa-}_=if7*`~A?qaQ4WDTH6Kyu0c&kH+OXe+OHk1OQDYaQ<?Sm
z+~k>gN^Cp?`}iaD7}?iF_tS1gHx|Eh)VZI6<bxqFgxjgi@L`NI&*4_^O6%hqF@abH
z1RIxHIS-MK5fBJl2}xHJD2G*}Wz3Sa!@(*$+K6k<>>A=nA#|I?I>}z95>9`xdN^{M
z*;?C6$EvpuaZ?!wAu~A-{Xx|9^Wpv*rR@w5QQr?fd?hAx?lLDK_k{FWEpg5~<o?Ia
zqCbI~(=Rf{jw~#Ewc|b}K7?l!hXf<Bz^&>v+zhOT5uyfR5130wBf<m|D1UfGamTOL
zrugtU`vuALH3D@bJYMP%DrXg9^fHyRom(gchTTt2;C#=z#t{rVki<>DbV`~flyBPK
z90NV(Q8%v*MGi4dg31TqSC#;|JF1dID>fTU=t8#RAiW4gH4c6pM_)yDAj{&SLK9M-
z=Fp-qri!Fwj!-=>0yqpa^+-8PQ3w<W^XZfC+><dBVr)bk;8rL?;$vo3e!?vdM1o2w
zJ}(oxyX1^L0hOKm6`TZ}AGh~b-=hCHy66OoNs5FEG;SK4-(f!d9M0p*VEd1{Cf-~o
z0~?wwFvk~zV67qEG?c?S@mIsfi(~-*K1ns4XL@xT9ekFpQ8jf@OdOmB$TqLw=WXlD
z$Nu}vU0ANd^zXKZz?RSlI;|Kg{;|{7^W_&jj~K?Nx8y_7UI{z*DH_aYaUwzs5H|B*
zsYfD>94k~@Y}GjfmqXreU|(=as(A#Nez}HVu81(Q^RmW!3_EUXzuF7yYOQ0@bwgD}
zbZGB0%JdZO;o;}v-h|-tcObAgg~FnfX>9`}S)|8B^7i<q`B@SR2)~2Y+d%y58JFqg
z1RAk`v=n2?@v~BNyVBr4%zw?mgW!THbWJ3z0B=>bA`hM^Ce;ni%Gw#ozDo=s>vIcu
z7Jauha?a@elBT_?B3`aT4D-y?$DE9TesjMf^O#9#8h>}}ElgQR)c9GP=(E5H;&-kw
z3+s&6DWnOrI;dwhqJjG?ZGpOvP?aVP^LcPcbYOh`v#)w<Qc)ki&glL<RcBctNTf?2
zF_Z}&WSIuSc=HGg%G59k9#jKpaEsN(R4(@!&fGf1*TLkb)KT&5T@)F&oJ#UX>xSNj
z(8OB%wXSLl0wdrxUx>67eB;jXdZ5S6jvL_9?(Ul9{SkUdaC99@wZ7Wl|BTKD)OFxh
zV>HR(hUnUE6p+AWK#k@$Ru=&4$|w&z3OWvwNvHs=w)1`f6UrtsGY3zuh3yE@3r226
z-YjY^<pq({YYAnCI@bcLQfZKMx(U7WGO`e=(o3;RK)P(Tm-j3T{K4SlY#D{(y#qf2
z*L&l&d5GH#zX+9`mp>|@fx7;h?T&AV>w*boT^f-VikLA5#qGTFTb*S<kMG#KES|1#
z^o#JmL&U0wq?0!P5g$Tq3~q`90^b_E=ynPKZPr?ah{3!k8+?Q7v@uKyFUN$-a6gEt
z?C(Z+d+!C|rlLqcWtjcji21!=yo$eOL6PzrB2rTp>b-kccd^Qm@P#o$Z+=RJ9?4Nr
z`Z+I}j=*uPpbb^<SY=N#enwE2V(Be_FW7qad6iU7`5ybuMqc}&m|YV^STHS0B3n33
zV#h<e!NPvaz1L^?8NJjg_dOi>0=GHV2d=aJh$7xO*{NyR=N()YL!OFp|5BqBs(dge
z%E4kUZ`lt2Ft5Qy5@PR>tP(iAwXkOy#8>3XQ}ZTubVfO!n3*Wv(1yh@B+CCG_-~kP
zn7IFxNvWJqqLAxB^aQZ-;`B-s5_C-n9-m1UBV(2RUd!uu90snKBA~JVg!mPLOJgOR
zV|^%d2If6jMo`Dj`mBXOv;GRCQ_m7Hq-ek)L|4WR;e9a-!>6Mp8;BN0&VPb_>CiZS
z(=E-Lxq6Y}DKsPYQaw8(An<)Y!<*c>L*u%N-dSCfNUf(?X#KDqVpzagBvU_-u~RVz
zvQ{5h*r<b5Rt@ia&;+X#E;F@Eytu1boOvrDk@jG5xOPg>iSE^cqI&|ZLB~)q4-h^l
zxB60cB~0>+yx!REyAsC_JdOTmSdi+TMD+ZQHzz4{(&dV`k)w*o9#>Z>w}5R$@42R}
zOW{sG#mjm`oy3k_2K9X2&%X8gi#F9IW!<|q%mTE&M;2k%fmzoxs-^8r&A}pYFP`D<
zpW4%7cd>?dEr2@N(d<5+!J%PLpUd@W15hza$fW9iw5!n9Y^wv>+|_krB3G})twI^C
z7Tle!q1O&EErWfPI{2uWRgCI-ut05Cu016@)37EK$cwADBG{dVosBe&>m=n$DWkP{
zgr<E4sppr&`sP27Z&MN!<jrnnNA$?fq#$4TCS$^5GmJ+QIFCKW^eFr9)X+yzsT$u^
zV;ul;Ud;%G%qHfzhS;78_f*ujU}^;umN@XnQJ=t>tQ#q6g4yto!Lo)!x#f7Z$4T~N
zGuthUZK6<9zQjM>up?q@qshn3<vUBEgAMP)%LevRkL?jNQv!hCV6!6IwkLvU2dSfS
z=@yoCz?-$39b_rcw!n!5Iw9`HERLDSyy)<8-cdm=^$5r{4_THvuW+!P{v^oWaq<uN
zC`4)E)=BL7bIXCA<wNo-%AlvOj-F$ri&giKIsU={&AG;G3SJR9aY<$<60h|O?I@E*
z2u}s-e$G`P9L}DZOKby$<?~JXTSV#Gct<wg;UcXctu@~7p>=E-SdVIFNoJj%qmG;M
zVTuvYabovb1@|9@HdfioVZzgLG`b5lY{%=CO!FN3J3B^Jdq1);t}V_kXR9qM_G%@_
zS|EextfC6fssh~z`bk*W1kMkxC*TO(0!%aWle)WPV0&j5`1}1Gi^1ZD#1Hvjm-<6{
z^`bTqKtTUcfq;G<JO5Ylg`>;=GRIA7*}33wB7IHODox3?*#KlWVsqNr$+^rZI0ziG
zrVK>}iG^;7^~mu#_UE>@l3jn|mz44>r~)e^Rvyjo7gvSokkd1fViB0E<NAZG&Wl_^
z4(QQkYX#!{BI4YMmVMw6uk^^y;ssD+N;6vd;L+i>Y%I*KGOHWc@Qji*%K!(WmqD!^
zcIU~)uPDX`*n)7!X{Jn*p`j;0xtPe>NuX@SBwo)0MM$7pV8bC8dl(sxbIqE8`FY*a
zQnKk$^)l1<2}oP27|l0GCA#yE@Zqo0+;V?R*p&+_q@@^|3T>cknWX~wFQ{$~2V*+&
zbkgy-rEL2-zXwUAWT;Su4Zei8?5O@J9``@`%l6`8rc0SOe`4ZcReq<|E&~PW--C>y
zA}8pY(-@*6eT-SZuzn`ro@P~2clO%;^&Pge_iN}wwpRWPCT(DHsL%U7Zc`dP%(DrH
zBxtNP8|~#PDnKc@_J)?_!tb!xJPRW^{uro1-;&N5`$s1)3A%+)xnggjBT~8y=#9cK
z#{4e=B1{sc?UsZr&@2!j0AwjdCS8pyVw6vG^ysV-xgkN)nHF7Jky^)*bF+aU%_29D
z;(q*g9H<Lb4Y`LB%(ZBK=-(hUig|@tT)3e$h-({3AQ6qxqJ#h_5s|*DtWjkG6$mQ?
z`Cv8lxzA40_-8^mdq@`Q->6kDk+{7wtE`i>r5+?xU|Bk{Kl!XGeD33~^$I-$fx_R!
zr5<4eT~Pp@asm*x0d;OS9#ybuWs+v|n6atgG|2j4A&oSNHTqtX$FD}~a-p{R_0k4G
zAzRb3D_-O^TAFU?+<<ZyCBMLV!`5>-wi$5!WiLcB+P}VoG_HwCikWQ2>>=?Q_dgu0
z%ZB-(ByuIIiYq?3nex*f1`F8sk3Lmbm;>!8#YF3Nt2?oKXW(`W7wh~Ix;T;z-oK7`
zk~;IP!FFXkw(@BrxO7xG;xqro{)4e|j1eVh+w|BtW81cE+qP}nwr%T-J#)skZQI`2
z-E6Y&mn=G6e>$CXDwWEUPF>G^NmEuLUa8fZ2t0rnQBfNktiC25i~f)#5Ub$nM->^|
zOzABc-0aJgZDhfTE>un1E4x(m@@KjD4=I9a&z6v)?<V6jOZ=_#PcsxKc16)Po89Cm
zr>b_OVrj4%lDq{CAM)&Jqv8M=)=#7P$FIYbJD(TK+;VjtJSMCTK1)-NWkwV7FMP&S
zIC;{X#s{cy4Yi3aGnPJc@0K(ITDAEufeTc0BK^X@sgd_>W48-WJZ(g)7k<!6(33E~
zPOf9Sm~`vO<C9=M9e8xq3?O|(6<q?7tb~|Iz95N_SB3J8RC?ZQCs+i`LK`E3pEG&*
z2mRMu;TyDd`Ikd>Z#5LbfqFD?Q%3XP_;CB{ORYS0XZXe~DX&{+0(!bSJ8P|R07aS&
zWWeE4lPfe*DazzEOJ7PULjx)`kgNf_b=SlSu`fS4{%<j^+K2Uko&VE~^Hci5&fDzb
z;d~c(jZVV1qWhW=zBu+?d|STb4)eZ^(F)bleR*(54G%2#eO(h<h)VB>zV}khCWgz$
zmn4rl`;0-$RsCC@cBL2<;gqyf<8rjx7%cEp#rkl(%11T$@t3p)&m%$WE4({iKlw#m
zw8^5QkH^nnpSFed?Pl-m*d4uzF{e5eg~0bKf!fdhOCs{3kNLvyJ{V@$`OO$T*}v2{
zr5Khs5i3wXiBMi7d-Lk@k#nt2^PCnc=fr3L{Hg$!kzyJO!}fQJk>#A*17P%H$C7>A
ziG9prD9+r`Q1s73%v}K(smN{&<>j00)N*2CJ|4NkbNr9|b{EIK?xQPdW!($4T<o3h
zUTavnZquGA6kQPNWUI5D6KU)67l7?4LR)N_1I|w;*Bc6Uujk&6miEhMd487AC;hkr
z4*>x_p;HdmlP9Ob0~-9@^apLB7}Gqtcu54>JiMfcvXaw+ZCIxtfQ(Oo?fuY*Hc?vB
z3#V%5#n@94-%}NyoK3=TwW05%W^(69tvwf#peH=$540z2$)9;}@G-|}txfPlRxZ6t
ze0=kTamW3fN>l%`sqGOfDs-|k=g6q&bfnP+`YnEBZaC}Hw)@68Qcx)@+om^z7;8rw
zrxUQ}k@0?#p~{B_#NI9Jin=ezH@W6>XzC8#41LCe)ev-)NUm1RYe^Y@Okgf{#@5$v
zAoXiv65T0oH@PF(g)>!Bg(<k`M3K7=qb}E}3>>2gfA_ieX0q+pd(spojN;Ro#c;>Y
z>eqiMQOiu$1W&)EDf0hf*>Uo4`i*S1HMKC4iRY0Uq=yN8`9Qf*1e`~3b&Xf|-}?h>
z2obZOnYONyNcFgL(BhqqOrdyra(BTD3)h`yB%sn&9IkdvKA^T~V!KfoSdP(LCTQ-0
zE^gVr#S()<)Q;~+xH{D@iJbvN`V0*?Zeh{|LW~+1n=<9TRVjRJZ&$7*9H%)3k=4On
z@aQQC*qsMam|rKU2(uZa-3k=-wz8kyN#WE_BIcA$V(BB9I&5ic)%`y9h5r-dHR<_R
zRiKpLLE>zL!Qo=1oEXV0#l%LMxA8|@d2{DJ&vzR{;Hc0x;))0y7W?E0K6`Ch02FiO
z)18w$Z-#zrqjSRt_&;kpKH`}x*RKR`?$=iNfAS#xYMKlj&75qM=4_D|{&>%*QIAVi
z#mf`(3v!nbghVE*T0n_Ih{W2_nGLn_uJsg`&HI^M63Z9!W;>hROkPh;KYcu^EJ@cE
zt20DUwXwk@#^U0RHtHO|jEv~k?UY40VGSsA%7sAAWvO7b<3Fp8VY0`1>fOOSGg0BG
zRTC~rE@oP#z6K~`ZOuA`x4}GKMM_JM2Ic@4Ohh(U-K|4eVv_Y+b0p+=GYiyEd)9GM
zwkg-d6e(b(yOOFF3s_}$v5Q>QOU67vC`q8N*Q2#8vRg?=2t-P5CqU(xr|)W@04@d5
zA^T)?zz#pM9?*##pvn~2s9h#mtVh^(hoRmI{Hxl13^gJ||7&f*nMYGM%$Lfx@-Rfx
z&EfS!%S7W^&H88|IG11-VtKLvM>wIhJG5o(`r*Ubtr1Iyy1>!R3!Dyi@~E_6M|qpB
z$KGa}s6J2c3S37zx3L!-E&SYLW2k%SFe=ZWj0K6nm;^wiWi7qj9(l1`neH7n4O>q2
zYP1#?%LBy;X;DTgZ?2y8S4v(w+1kw}IB)P}j>-|kKGQK#8a{(>;hX4-tAiu@dk4mp
zW(<X73lPn|@DjpECl%Z`oK;+m|Iht?4$U)^gA3X5_t9KTPX8W(S^HE^^_{E}#39Nw
zH!U*i?I0(TQm4>rZo_FgNdO@Mmd<+l{5rC|mPXV~ZNQfWluTzNXoX}cV1nz6q}rR`
zILgqedc+%wMlsJ%B1F@n&92u(&%lqoJw2}+sEW8>>}C7e*MEr-2tIj+h9?C8u>W<o
z(fw{#Cnsw?R})7IQx82;7h5`$Ul$bJ|NhLv*3885*Pd$YOlxRjU=!^Os+_EYbp<0N
zKJrHrPEx$Jm_E75KiL_Mevuwn2r@7@G0;EQS)$ch!cE+*$~i3=t#`+-#%{~yM)Rk-
z`Gn`h<9U0=Y5O7fLHY|651`MIiioa;^s18RcOMu40Qkqw4-NG%!iENFd1Y!2<XG#I
zn;~zGq1^NmG%fHzJ5eb~p^u}W9q&OoIR+4A-_FWD%R;!3DM>jQqNN8lLvId4nwp%$
z1QpQNOzpw3`#q@J9>dvFb@_e&jLmaodTI83Yu&`1^+qLXuK%OH`oZaU5hcjR*`=+e
zZDXZZTi_yMhC#bB2JJlPt1kcM;~o6bL|R9=<~N6auy+v2=pdA)*_CCtFZ06$BGAr>
zSZro7zFD-lYAb1{f|<dv*#l^0ZVvO<=h_(Hkv5P`g`h%jAsJs-LkY03x;B(@Ke-(_
z<x72yg`jEzo<zPjj_C_6z@E&p4*y|(ue;rnO6`7V^V%_R6GH6s^Nn!J?*L|vCr$tf
zx+I|cLkI;NrQlD%sPFF&lP;W^CdjYt9|$#0M_dGac$AWcl9o~y*u$>{0$4!Y6>s(@
z9!L@p2Fx=4_WnELm5Lh(c*>okZ-19dg_)BH;`EaZ<%{eH+y`Vh^bnv3kpSHo<&Qom
zAP5j>f>3|@EUP>r9UMrX0w^cp9_Xi7fCLyI@I*d7eKK}1Xof#PFR38I=&d+@AHtkc
z{VD~zV_EM-3O3ZgE-SR;@&F;he|I>+;GvWN{C<NIKjC-+3<Bz1!Nq@e1qw3=(cR;S
z=icJr>27f;0E5w>NW*yleGUwE7VRteBYxSt6Zjpc<10=Ml4C>AffHbabE5-^OOFt=
zYjKP*LA=)T{XvEy1m1j05I_<Cu5g3ThG=st1q8TB5E|o;@IN8O?DInYflLIrQTTTF
zB7<W925iz+SodQU9GiQac{swczvg!bFXYnS40wbyb_3WBxWDlYxVHa+gZ~~X_?{^E
za?1U#V+idU;rkAB>+1rZ>isnT_Juz5>xGW)ePZ}t?w1eg{GJ=%5tt%co1dJV{5L5*
z;5sV3wka)PqR&5;ZEWr@WRkDOBHZoAFOn1W<*)+)UeB*2`;x$iq@u|!q&YuvYK-q6
z94mP-EsSDN@zu%}-OD22x8nc97D{$?9@*i=3uphjP(c%l0&sY||2Q)k0g@kq5^J(@
zzx+ZI0QBN!6vfWPr9nb=(TP35=RJ$ZJH0jb;UuvNTp!#H+V=JnL6EI;BS`Bfo~{bO
zO_dJ1ew=r3M+P0d0ley=EuYF=ifY~#gfg@B#wy0ucF*2N<Noc#SCI2v|4p^`jYncn
zCI#Mva@ot6`Xgid686hu@)uDXJOjM_bo1o?yu^(Axbdt40yv_w+5`B{k@6p0{|0r7
z)3QEC7v|g=vu`nKt^$BKf+I5AVIYgS$oo@LVIi}@fE3}3Po4~+VIE^r=Aqh_j=v;z
zIP-H&@pJNr#*(d$0Yv`#0QWvrt-()Z%Vjw`@xYZ&F1+@0EY^RGN!`jbS!!&gG##i}
z7EE<o&)sQ*buBYH)2LHik2eGm`=^@=E@v;j`LS-@mDtm|-MZu*ueIFjceI<aT;G&z
zMQST&SH~!vttKYd;7DQhCo7+5S&<~|S0SE;K5W75uBT~czDyoz&YbNuS0kW139w!u
zl@08Rvc3h1<sN5X5;|@~di9BasICWQ-d)}_1Vb`ah8|E0Ddc<nN4VmstIork^SVfO
z(=p$358D<rziIFnU%hL@m+p`5lj=3+s_iqYi8C7>QSKtz`Y_g*6qC25&qk;^UI`ob
zU@O&#lOq@$lSX}@94wPcse}FnN7UT{M)EWQrxn_jnm^wZ*WuDG^$*!SyJerGR85+V
zGc6g9rE)fC`;{47hsO=xM9KMSXWEa=4zr8WB}dzx(Uy%Wml8dW8<n)lhI5uhiW@6c
zK_8fgo-XBXP99Hjr***XA&q=3QqkluDplRE=XA_bLbZ3t3#6TO=$Uy-MQn5v?^BJM
zoW$M8o%XuVXNl9YH7y@Vd~eQs2DFTq8Pq+g|2)XGwmtATTv_BXhBz?W7wOWDe3!Y%
zgZk>|&YI%ASjKVVMnmC#B$KlqZCM077l6O~1+Px>BFSl|TSWgL=Z$?Y-KufI!vn_o
zY2p^G?(59$?4{lNaD*g<k}3c(d{yS8wM*3*P*Cgca;D?1(2zNB+VO1BldjQ|p6l98
zEf&6pM>Q@ePm(u)JxW9oIU5g`C+{31vN3k915Aj3n(!j1ZQXi1MtR)!hJ{_1$5LTA
z?_i^qQsDbXWNy{-RH0DC?cIY|?E+7MIDbHxCW)B8*njV<Ny{Eg!L*yO%2S+eMOET-
z(TAHequ-5@Py^LFC<Yi2!P^W2{2r%Q7-dn#+ruj%DMRsoF8*Os9|srB()W9)%i5Yo
z8}i1ZH>yM(K<9SdpH^lem?DGV%DKZCn(7w15SDsteb=(x(coN0Q8Uhb{G^@or40#-
z%{+aYCBd6Bw}R@^%37^KAE`oLZ#<4$g?(s~i6_OKm2A~X#<w^-5cs9R&Z;D#-p^A?
zanVRm>5}Hyb%w%lAv%2WC5*FBn4@f!{_zG$GM8(dykzcYmGs;wc}tdhr}hrN&uJQH
zXC@e_<*1$Pl^Aw0Kaa}stmYLhwk`zYTHjXP>pfRb6UD6?o(97wq*-DjdL8RSfnP;?
z+fEX}PH9>5xWGd&jL;5bvsKHFeA<&gY}!@k$bB@*9VjrE+1vbJ#-D$Z6D{JwB|xWC
z%Nd55_pHl@-7)>i=#0bfMY|R1@_Aw79VU01S-eS;E6C~-OO!Gpa`LLWT;nM$wTlT~
zL}ET3GlVTVNMLP?t|NNM_*MHdfbWG|mw#%`PSiM<Vh$R_GZMrc`7)$XCiv18an}T-
z4Oks05+wn|?}2&#1eo0b6d++Lcnm~iBQ<#!j0ShG6??zyt=tIbGKrrga#>{7wlgoQ
z_#x452Zw$9sqxT0l!U~;WXPVQ=NN`qHVl&-g-WtsAHKDvo{+fJyBu{F>oP`~`jFc$
z?+YN@79E~!X2@KeD}6LuxHe0OXZH07e>I1j*FyP`!!&||K6PHj+!?ic<y#P1E04{(
z7rB^(+(cdtAQE&J*F=8oZ~RQdJOrkRvSySb{8MtU$;I}bEq3B8JyRkjN2PvdlhHj&
z$r8EXbQYxF)P1^q`I^PUK=k3{=<Wj*XWmEG*rL4=NRifEk=~|Ms&e_#Y$t9%fx&-d
zq<huB-Vcihg2}sRh=@cr+>0PuTXm#G7os(ij07qHIk(YXJzHt&>O`XFkRm5qj1_5n
z8v2|pHRB+o=+wwyi}R<|WQ4c0B(pQt<ei7?-pf{p#6Z@0=?ZQ51$})$w-KJ91=6Cb
z|GXIW#cm`DKryJsf?DdP@ef9qN^EcAc(^Pv_LS~O`zLMUZpt~SOjQ57z){yajyeqy
zljYyujz%<|rDp!9>buluV%2oJ9mTnAX(3D=Quu`os!DADzeOIgZazN+qq2)*lX={e
z22zQ|QQ+_i=mDkper;@Dr&^VD+$zP+vP9blN};0iYnLQj;cWfz@UoqT*1X#2lHI3R
z7h$r?^MwzaHOExE$BPMerZqh&!l6urP`mvFl?}Fci#h{$L$yc~`j#R+6o&y%LNsjP
z=GkZfvR8hIj3RR1a@3S;i&mx5CH1vwQ1x%6OY+WY`FRr7CBVIxL=1zu7~-pc%ZY;{
zt;cZ0^IQ?K_ksp#a@M{ap~opoRj>_h8034eUBJzwo=&IHIGr&#n^DOB@D%^F<Clc;
zxWv?Zmn3j<IZXw0`&rTV*RUEkSGF}Ew>89NYmXz2?bh^@J;EM$7)tcE4mT;T(>V6K
z2{)@^#KF#58`2xi=F<*o`xIQ%TyK`}I@)<1BWHZjAHr6h<|>lcb7f-jxv<c^lmJ=W
zY;1mN;aOH1I*94@R(jijRXk%<xavS#$d(LW+>ZHH;7!0_v)p)pVdV6pBFyxBi#9nI
zkULCSIE_&RTSJZyv5w&@l<*czJ-N>yi|Z=)D!!}@GqK>usB{zRPH92)-hht0D_&H0
zJp(T(HHJ9~b!v<{TeVEESFWp9j+jB`rRonJXqoj*&Da<;vBC2tE<XsyS=3X^r48<h
zO&_@5q#vGPav^GQqCTv3obQXc>3`=^#U13hahT8Cu97S4H>WT^w(FKD)_lL+RLYUI
z{$+f&-zzCUpGOM}DC$}yMVeW^vZ$+QK!+XRGI5upy@HjN)PZXO6&v|_BBv_tj$R4$
zZDm+5^HHI``E+TuTP@>LoxaBj8rJGAVT4OcTv?(dE{jT|vy?+{RqMAH4cd#$Y1}wu
z**T#nCOmu&eA77b3WDtHc2QlDg37A;ht!o7x5U^JR6~<@qmgR3y&IaAu};S7+Cu1<
z>w@V!-l@-SE`%!gMi|G$hREBNd$UqXcXU};r?jG5Wz;o5Z^9zhCOy+I=MuG$i@>9f
z1WUe#ydCMf&g6T8v$Ha66I1_bxbE_teEMXMm)2Z-uhFO&lI#?c94gm5$J+R1OMF!V
z#NuQ+29PO^e*er`_o@oz5&xX%e?7~v?ZmK4mTgE;qgNy689?S*SaFvlBNi=C>L+z8
z=3{&u9*IYg??|u9MwTavpN~1}p2YbqA4qZ6(--dAc7=pA$HTNI0R1OmZ?2ez$lZ>C
z7)A8<Z3@8KJK<tLs@<B0G9FX*u~h$R@e{Sw;I%c7*I@|0JI0H^gUm&aKgj<SyhC<=
zZ1kR->Q3y{$@Wj1%z(UDGpo$f+ooCND4mDs$9IJMcSDbWT9NOt`obHk&@_V=g13m(
z7pJK)m(f3^dAX&fR0S8bL=()ng$kwEI^Jby=Qkk|2Wq3Zf^`LJW8#ma+tx8Ixtk41
zQP{(6GF8VcLpzelcq_<pDWvKci{3nw;5AW5czR`%*FHPxK4dVnaizOfLB(@dqsLUP
z_~j2Mx`vQJyTuiHJ7c!2qo(!;sn37zWf@ST-nrW*@<P;~>K{uV_KNmw4Q8VUq)p>k
zRIJWlUUyGOd*EK)TRI*k#`A`MJtscB5S>&umQ@b0PBv`E2d9iLMD#{4>?7e0KNY=D
z8APN&OmCEmZOE?v3O#b^ky6H^oY|sgfiOFB>ibQK$-I@Rp?vW3%5Wd>rb1h{qys%i
z`b454PS2#KuVZIFU~wJcIvL1qW^|%`4e~QzfI<$K?vZi`Cu2<YQ#JOtix?&bZSNqg
z>SC-oVK>EAic>H5v+$&&2HVE-tSy5gMISJh*z=N)!Y6;|diN`~MdLi@7i%|PNhoW8
zh~8h{xpB_q(Kr)1Av4!Sxk4mHl@O`%R&tlDuPyKKH-bbB*QeK1L%TP7Z(tHaHv!h3
zLbHOZeX7ThIANDE*JC)Fp$YHMZMc3EPM5j~VjamEukr>Iv8s%C;L(Mhk%`)Ejl*M;
zeCGA4?j$uQ5j6{fWtr5I#xDdjJ`rd*1xjY`OjG0uZph<uwU`#l*XTK7<i)rFJ|_oo
zlArmr)0X}fDJtC#A+_JFUCKuw{@%K#GiS?SOQ6R>dfE;Phg-Uz=n@`F*6?0jgAO@+
z6D^x58h4Hv<S|p>0b9<6FW_6TvjpvkGZ5D0n?FlMG-7S0kLT#pwP7nfa)gm{_+0+t
zC8e2W3%b+EV_^u!nw)X{$8FVS59KGy1i+0kzXO%jkXV&HjIm=>=-HoD{Oq7P8=P04
zfaXU#Y4=4C)+vmEW(y3)=tb^tY2y{#b1bs{RW00}IaOTKWjYC0bPAQ$(&Ni#TSF3T
zZ?*=app*E=3F2JTcui(6rE^`-IY`bOcbJ^(35aa*R^Vyar_f)daE>{sHPYII!5MS1
z910`b{~ZpMduy4p&ciqeaB4lnGn$d5MUm?%1!%WInnX}^@V-3-iqBTx3Q(ELOkwOz
zi7`M%PPJTInZ;jH!B3pZ{AZR(c$lFYpd9&5(@siki;Iqi5NOp4PfD~Hc_)iyM_y-+
z{BzvjR+;$W9;uTkUzc-8OqeVw_)>-ZxOQ~Zs|I>%^uwH+G?x^Is0(g-8z?7rTm05%
z@_=xhX-N94bOLPM`k<iQxj)|Rn8aT`w(#v#ALGJVwi8j>x*O{4^fA(l=oGa(K4d;2
z_9jmTl17r0Ydz#MQv;@-Cb^#^D2g>z>kjg;1TBW3m~_y%WME;J#J|P<+2S{zy*MH#
zo^^fkBEc!@cwH2+&rDjWoB^?EV~Tq%&H*Geci*wiiFAwZBcxYGCAwiz?8rN#!wR-S
z>Qf+#pok7v|I|%tEKdxOMNNgcx@^?RaGDGmPN{NDve5L*@sq)z66;;v9pBT<`VoYa
z%k$pY_$y)@ywa5$WO~?EfK~nlsCLiRJcblCw`Z|dqKCxYJDEKFFZ^nLP}CbQo(&WI
z@(G^Q>#mI6g%#s+OPEJu;f$mmRQYZ@8)>mzXSm39E)#jz%1E!WR8bq68yhyJ$qu+^
z@4KTkyM6MYsJt_?j+6<@jDY-LZ#Otp_c+l(xGqQhV?lety#3E~HwXN@lh7Qqk!b6n
zZZ6`eBmk}ba+>Jj;Ses%htp-L@~uFW-<ibBg$zFLDV{7~ZOCn!xUzPgI_swHB62xQ
zT`j>jHvTT}3h@LCT`eto7NHi9bn_;SN8w=|a{fgej4MWcZR4dY2I-|AAC5=NGV%~!
z(`iHS<}C`7XrOI^N_4_Ta4tGX_sBfx*$WdGyMPwMnGVCPKLd?Fd}onUmIBpE^u=zH
zTp~VjMEVSPLLZO{W>r4O+&Z}`K};V`mRxQ@6XQ%RhZi^5$LS+)wEd!eabT>k>L+p<
zJ{<OSEwiy<L%ANR6wF($O=zkeNOWebGPnYupV_h#%Q3+%QZ-K^_`a;OtqOkFWY9Vm
zz4-(`^WU%R_aVrzos0Z7xu6t$Hr9zF?bC)-LW9RgyXP}ho%9>v$$$Td3d*&DXeu=W
zg&Is2Dw<yOrVw=(BS~TVo6rLheC7VM<O?;|(Yy&edRt+l9`pcaZs6tNOve^^X#ybE
z@kzIA#+S5~+tSe(a>tZWQ8lf9*vp$JKRCCyc;A`aVFPtUqq}tP2fmZypkU{;&K<7Y
zq!IxD9x<U{apx#i@0rCah{@?nVDVyW4d09=SvlPIDLl3&npQd2?fQt6w2fMCVRJ3y
z*L~RIt$svyY1>F997y`SWz8y0r|d=Ums;w%HxOr-ZeGvYUdLtPS$d`Ba`fVXe9JzX
zt7pLAtXcqS-?GER+Tp*8zk?FJd%*LKXLKAO{t9e;DFOO%8k&W%KZ26zptlrzowD2z
z{H-~L5h2onke0U*C|wDtP$zZ?x1IM$Ws4d-O89#ASdx+hkxUBlTPj&0pa;yx$6_l7
zP$#9?7lDd~#xPjO$H}-n2C_6rm-s}fR^R^>Zo|8A#B(F`#%&%;C)2!&K;ulaA8bJ6
zIcY}gtEk4mBx3eO)-JeI>LDdj^Cpmo!5uv4g?T}#&LPI9bZy27F&ijIM8VdPTDs;z
zK)L5&uB0ZZJDAw5`hkBjAM#P!Yu-YKX(l@E^(_lYq4w6A3>AbVu0ax^2;bp4ga3I7
zaMG=fe{--B9e2JnOMXr~dF*W$s2EBGkiDI4AmK57S5ROTS-;Qn$&UFmVSvD!vbxwc
zIv1e{G8U{=SMT7bz*cfIE(h~nD#0hhmMj}DSMQLyUvgeW2o?XB)O0__OUql^R*bvI
z9%{f4%x&7k`0*&PSS+JJGH%k}eo&-U7h<b<`Jzi6`NOQFC_?#h;s1Kde!XFrGCU}~
zK@eLzBPbTIkzxW3K$>}$hj>&gB5f4>4#{Z8G|~GsR}qcCc4>i!0GEb5op!gkL4^s$
zI|GsF!_kAJgg1`*ykA3BtY%f51$WNRL<_Dd4U3ER&h0MHvE!{odwx^7a@<Or$Fe*E
z+UU^pNKL=j0BwHh_r2aq(}wwHxa6W3iB#@e-EF<+1CTaJ%>oKn$#zItlTMFJUGp->
z=tcU4E$jfi-EMqXn<IHeySFq2-9nXHTBAvW0R{wvN$o^~=B$g#2afAK2FG2d&1@^d
z6i;r;<*4;K$*ywzH$|0<Bz9Qu_CZyvhzIyuv}SHjRg-4wey8zo*|!FQ@aCH|oL~<m
z;h|h)UwoQgK3z=u@)EZ-90Q+&`RxQ;)ldE=GnUiV$TV*NC<(1b6M*I5(bGz~w_V^p
z$jyoPNz%J`te)E$pU{F;vAoGc2vs_18|vSUgZRtRuzH*zb4l{hQl`z$HgJe-J6iVm
zLQ1v1=+u9L(lk=fX_@0k>~S;Is6oN_8wU##Q?JjWzHGQ(K(3l*`8#Yi);d$LDWPEO
z3j3}N3j~#Gg@q!Q$)+7Nm0fE$6%L>MKHHvQlN5HWOt%J5DWLnJk-~zBXHLF>@ed7}
z+YFbNLc<7Vbw)JJlsc9EtM#(&9@3t^1rR7v9hQt@OIC!cop?vw)=nJA4}+g+$iuun
z4ru}xmKvz`5_0IpW*YHMZUb~jQjx{z&d*GE&T*uF`4Q?qNZX!-rxxzF!>K(&MZ~rd
z(gDO0uA53#8$VsbcF<%df|0>IpT+3s4)Kql*w4kpKDIUBW1L#=1R-#l@gM{|NAAbL
z8^_m|%&Q4Bj9xy_{N{~XoBa~A70Y5sVyMbsA6jP$R8A+2F0mV@T#-Y0Cyu0Q)OSs!
zeRb=dHKle9Fkdh}Y!CLGuqxc`T)YIa7cuW%fG((t>FJ4!NHU@uQlXno#9SUPI8Zu4
zq(~u?y?441I|(@hw%ii`d6B=3S-`=X`@&@jU2uUASJirmu)mAm&n?-H-M{})e}j2+
zPzf4=9+u%Z7DQmSe^Vyi`pk;&)9^9Wsk$RqedRt;N`l8LNL(AOFCzEQ;r=SGHEe@L
z;Ol#raDl0(;5N0=dBzAeS5GtgmIL#ZCbd1!wCQhol9dW-9@L67)i)GRn@Y1G5^?G0
ziBU}ZLNNRePW{-<wLA5ux+{W?IRDq_tBNwpJ0^IHnH`yjN-Z*5g_e9epMOiJ>(lT+
z!b87A+m&FK$@7wDva~9{t)?a%rNtnhH=xlvEzsHur{6TV5tJs7;W`;zLxel~?+JiU
zZ@buBiTe1p{FI8#Ei`$NTt>^T`Cpz=-%c5vZrxp6+HiL@N|igo5D{)a8#VmiMIs2%
z4Jog7ibNs0=8RMII!l-;J_ZqPV5}I~uy0+6f$+(T-U$U(Uo=-S>^!^`jra`D{^Q2X
zPPN{d5@89z988O{xJ#eSXax5aXS$|O6e3262~|STj)M>*A<3PDFYo+~umMwbDqv}x
zx8!KCtz3k1E5pcd7YX8OqTDn6m@(pqjJqsL&G;N$%Lvrl7$;LiG*BN&qW7u&JyECj
zYKurLL#tFb2dTr?m+wz4qxI5)RmVTSqaizF&5{^wtSa8a`|MZR8-gmX3F*B8R5wJN
z%(k%+<75iuh<wU@eM1zTnt6E8H9S|8wM;)uIV1Z9%yAo3C~HY4eD2DI%ThY6B~*6y
zvB-w{SWv8(f>_{IstslgAyp>}#DPR<9dm~*#Y3(gH@O;=;AZZX3264PBWFYL5^!jq
zU?;F2V%Un4Yu|dmPR%PF-SpWUmceMEMoF{!r_)w&KYkr&@qqXQs7Mh<^(Zx-j~31t
zPoaiZTYZNGnWhYi$9;Lvk*LnE{!UbyT3Y$OI3HZHGkU1(p(RkC&zd-G?Sj8H#1_r>
z*!H=5BV9`BX$D|bE{Z8?PiBV&6i3hf(xU*B8~vLrB2L1jtqig<!7OuYdUsX6!qf9n
zZtnxJ`)ej!u@JhFiyQhp%O2ZBDJxhWgJjtsva4>Zb1~gD0#a7P_R_a+&U>RigMs(z
zKm(a2Nx3#f4ybzPJ^Th12G?lEr9%U4hSLiKPewg^OUz3331hWlx3>y4j)gp1---7O
zMRoo{mU{xjLl0@|&HYR*XC^HojHNLg*p{VKx|<PGdBeJ}vmxOM9wwlkI({W?Mp=Iy
zjeI0fPh-)4e|2~d%Xv~U*y6Hv*Vfjx!hO4c`qV1z?7oH$*pwi&O-f7uxSjMr0{``4
zus{2IuTY~0AcrwNcaMCEaFp_fHOgjj_NWff+v_sSJc3^(TrJYx;vY0|l^=}NBgC~X
zVEmVIkiVZ%l%R#u4hT(aiNQmFEal}Y-WtRLf3&jX{V=}wFf4fdLOXB>m*9@|9j#Ih
z-bIR4U|FRRV#{p8p6ev7nHS0M7643snvkTIB=$9XH;XaA*k1!Jv~wpAydpWbkQKq<
zKsr|x@+3?U7NPYX(5!A3jwoT$t2pROa+hSOhzd(;0a66ow3W3<6X$09d!YY*6<>Sj
z0Jn_FWB_D+%)$?(k+Y=8d<Ud<%rv(D=YPbh0@{Pez2@xZ=vq`Ec?)omVRR<u=JpmE
zw|Z8XeYgj$0QnZ!NJbx|=vJid?l0-yF|{1bC|!WXMQV^R!$tgy)a;+=o5uv#g(9`V
zUNKMBeP7uo(4d6q!+taQD`T7^l)OSmh8-v+Rv|RV?J-ACwmTu}N@|g@W1{l>X-;Ns
zt0>n+=<ds}0v88L-H4=_gzRo|yLpTegP?#IhX#R%gmb0Ex&=uBSsQUId>(!8<iCI_
zx)8*5wG}$J#66X!qs3ih>FJwMuy==y31N~3d(b^J(iA&lvg5F?(NgUlt3{>u+TSGM
z>fV3%dEDQYjkRQ)b)hVzzYb+hA=OPblI)?JwsfNwEV9NRu}=&shr}vZ^o*YnrVzEr
zZIQn9w<}))$5tvW3-VN)NV|sH5|;v8LC0pwcLCMsYLSQw80jb=v{-3)NtbH^5mrn5
zozqUYS|NEWv*cA%RDEqKlC7K=9nGy#OD{i}N9(Wau0^+LK&A&1@W36}_~qnlB!-Vu
zgfh2Pn$BsL|2ox^iEC9t67ih9^kfbS>A}6Ou;W6WeU78^v`2={aW=?9w$=kTD{JHN
zc>08`{82@VwMyHpK^hWg(UCJ?8)i0wssOWzgchP~qxFt+WyD6RJq>$J*(#@uZ=x*<
zyGgWwNa%whu)18BTAg$9+6$O!m<fD(OeG$SUalI=13R4jo!DaVrROcfAt~$e6q4{H
z+00)r*RfV>O!QbqYcDQQ^W(rpxNV@xY-6Q%mYC=yMs@k$B)89D^^`osO;22Rf^^oI
z>Ww0n9ojIGnl-D_(vZs-#MbIPE*0`@PGh_RU+461$aR`X3pA!6s{ZFXEZYm}t=EUK
zCGt8?#D7LDP09LbK+2()<KmlF)$Sc<9R&(en#48-i)e^Lle*3;(fs|T*=<Z&sm;my
zU%vC2&xWH#!(7P9#?^658z5W|YoartMQ3MC4W3h$%CDM9SoT1eeZdW_2K>0qfvShC
z&x;|gwgUsBUKIDGZyU+E4qUh*QYa|R$_hk}-k!Y{&7wEV8cGA59E^}rf~--W7IR`y
zh@RE6CQ!H&|0Y{+o5}i)e05Rfir|I)_a<iT1!p!ee96aT?`aJN)Q5d%VZe}ea9<{j
zy=j^BJ=(sZX6#QQsl`NAAJq!`9aF%dB(CPfEyHdO8l$3`JCE46M@Z`A#dZ5TESY}w
zoxiG8rx4;%)zM3-1jd@Z*tTXVogDlOI-|eoZ4}mQWqYcDc6X|h9g!6<jLnKHV;INd
zs%C$})z_?FZDe$Wgrzr91P`ouaxT`E0(LLk>I*{;wA=Rw2D*9+-=tLBx0<aNvrk*I
z1_bDN!d+5N<B^QkS@8xzhhTL=LTd>>#sf>LK%~?pXmp1DkyqC^4q?YSNn?&><Pp>J
zQEYnyfss|D=*5iJwX8y}9`;cbmFi(Is*N00qyFB}yT6ukKUO04=ko4s!)Z)`$xL-A
zNc3upJ7J~eLJF&zQ~I0m8_j?l%~R3<OZIQG%!?IB?iB+sX!U9(t{>yYS7R#QPxcR`
z@{y#4W(_*?M&5q?Zp}2<@`+G&V2E}b@y8SyeM#uSv=XreAht*vdm<>rj-syEPK)5m
zA?fL&!7g%!Jm#tJ<`@~8-O|HqYGyyA4-S^>Vkj(ZCi8LT;p0eLUfiZH`xC|TNtw!a
zL#3ef$^;-|Low*N0M5`&qv=)ZNvKt+gHSA=-0bM)sX)&xq=ps^9IG4}Tfo0e=1zvE
zyVny98G)rr)&FFhJk=T3cAysYQnF27n}&yL=G$*ov!Sur&uv9)T1k)pX{k6h)vUMM
zC%TOb8dw<?^tr5-rVrUFO)|8we4McVopL4<E`{1Bx89$v*z@2>)EIH~fgRen=6W~o
zM90|}I{lONYS9qR2b+;&dW1S`ZgA2KnT`Z}Ssw>8GC_<3X5q~l=eN0?i9@S8;ajtL
z)3)j>D<>(*e8Uv%&lv>t+s?H@hV_CWNRxwr6{sbLDtu@HQQS7kq%g%)vss;<sS|-3
zmt|u?(?c_je4(6-NEfe~PCO1pp|G49{ujtn`40;vL<){qtvtE$=s-NyoJbJ8(e_cB
zsZU^MEfw$V?zA@7bze*F3^tZSZ2e2}T&@vTGE}#WHlTqnzudaz_o}`0jv=%z@gm#;
z)_x}HK_)6k7NHZlmx*SOSyEUyrk1Y4%6;T+@v8aiR-m((C&{`5{IGRgbyzrCif%#0
zqhJ`SdURHLW5wHFRqPhC<mD{%n*GY0u-%9KB2qQ;u>9Fr;SCe4+=g)4&Spn>8v`Nz
zI`GSNe-GcjjA--L%kN=*jy9WAC^8PBcG$HS)GXpG#zbMe`AlQ0#st_Oy6s(hE&yo@
zTa#ay%l>!#uj@Ae2mtDL03t%-L()LfLb5`#L$W~%Kng+%L5c#1&^b98(dikwSXdj=
z8Jn0IxL7;WSz8$X2mJL5g#Guo{trBuiKF#@@{GlG#dfW~pX~T8$iIl$|C23qv86Sz
zw~vYMhYI=yL2r0P?zBPZydt-_Bf}dNf|^r{p$L0EDq&PP;U^g0e(1(}*_JJ>vBDY?
zCOdQk>Nn1985j`^QaXWbA+JbeqV_3huSTeud&&!FcnI@W)t=wECmKhl>@$}N157Yz
z#TI}y1P=<c&QV8~fX$%?87{OEAf>seW)9<7CoiR$`t^{xLRDSAn|Lp&;ar|Rum$2S
z{rSi4O|gw{fYAeB%*SNk$mL#RfG0f@D~Y7G|8weo9VH|uzeru*ubqea|7+@cMkbEV
zdgdn9_9l)_|C6nA0hdp@ns>!_h5!*v!h}#Pet`oNj(miZl;g(_Mif*y(>V+OQw%AN
z1Y%LpL#bF&`3R?|8yT*soT+!~KJEAYFy-yU=rq;%vfa6&+v#DNhc#@P2;eUtRoW6-
zAnIQN1i-KS+d{Is%7C71gg?JCKr=W88|CUO@(#|vEl}v4@Qv<iZ13OOXys1?6yqSw
z<weBMG>l5B84Ll>2CsGkK+LmeUSRQUhbu{q8Q}cDPlS-X-VZ3wJUjp{6Z$B|QM4tI
z@cqsEt^9N7ETZ&5G<z)0M~!$D`I)w{5*5O48S8Q<+yR!ZuOp9J%a%akY0iendB_LJ
z5K9g(4G_ZwMssFvY+YiYUjaLe{~I7X;y1+qljbVM=7(n|W~SW77kdan<U|zM|BeTY
zUw$Xxp1;N53_;v4_#Nf{{zH*wI1d4F`(ob@hEF5toq%Z`oWcYZRqQAR#%>6KX6|Nb
zhX;Zh;{4c#?0fdz%9M8M7m1RFDAIn<As#LjDH%SGpxg%brz^IW+>9Cw62Kh67yw|f
zB=`p!=5?el-QNmC9wER%-w;ff9--+EWUy3!1VJW0ef2D&YMBIZ{A@4^po2UjeK;Uo
zaGwhRe>Mmt@*puaG;<IVFb2RM!U#bd{7n%gazNtZL_q;H0Ac$!IP~zKq#!_HQhOZo
zfZciLzzcBz2hy}sy6K2?0$^!mg;inlx6W-QK^~cOq+)t#Ae!Z1{{UnCKWGY=(`smf
z%8yxtFN}@XY!ZVdZ<uMKlk)JSm{cGEKVy!MSwm=wZEy*v^TGT9e+o_7;IPA~Iwn_t
zrj*<)6#e~>y1#7}4u-=qc>N>D(Srs4>{1pmKp=ny1Bh-iG7PYhBY+~o0zifJ(V77O
z?>|El?WzGV07nJ%it+bT0~-SVoBDRp?^p1D3J^xFW{2`L1f!%U_=*Gy2Ns78u>>%P
z4#8(dPma_@68!^9(62xrAJnf;u8t)Rqzu}Cq)^{a5N!NBp%~pa;emM1Va#70d@7}p
z%?<?-kdly}Dg_7vY6(C<5Bi5q7?`j|1!6xnHQ#VP8LSg3s7=R3+L(V+Gjl#TmjXS8
z*2Nxa@h6uGR2gg#GWddBNAZ3a07Mk^AHMq@3_o@s1hs%L;73@JeCUnhxE&v|tgr)0
ztK6+#B%w5aygV+c4g{h<!ZrZ<sx~^YK3oCdz#ctf+hZPw&a<dsI#Rm4g#RuH(Q7z4
zhzY-7T62hRt1L`_QUk*NSOF>j1At%D1e)^9#>>40KL7^cA&C4ReqjJ$z<9sLjGxss
zhUy;!q#rHX2G?6VS$4o;kowPvqYop!Z+FQ2?*niI{<o3R*8!K`Mqzgl?R#S+dZg@=
z^TWf#>%*pKT!(p~Qz95V493J)J}<%?qv6W<G5zm8>WAF|4G_z7fnoQN^VtkZg(78b
zBZW3v?*1;g1B=QN)05+yLboXpF>JCDRbmr@tcmkAoHGm;rp9gR2hs-L(q3iLviAD(
z{xG|<XJCvkW~&>**z<|>jBw+U=arQY5LPxeR#q?8I@@Ff;M>?rcK?95i{2NHqc~Sz
zAoQQdz9%!ZKR@kdA4W`HXCE)tbZN+Yzsu0^xJe)i;2(hgcms?H1K{C~cjX(nZEoM3
zgGJhIe)qUYSgr9d=k~^Z*MytHfI*j*oDQI(E4?Xw(Jn9U=2tSI4VHippbSwAz5MlJ
z*x5yLe+#6IH1gUR$<?9HBM;&5@1zeS3hIxTM_c&MPt`Nyc^-w~k4Yr>I!cHL{!hm6
z&rXSl?r@TUcl~#*IGz8uAD!Ii&nssn0<TrB{{`(eE&#v`e-k9YZ7~;n-SGB6niC-v
z3=i7o0@i0LCMUQ{%r@DC#_5cB<ke}f7W|x!uj`^~^O^l7`(;-??Z3WIJX;8oO2VqN
z*&=Zxs(m>nnV^R<Kys<KJ)~Pmev&;(BYvgGd(%e3o-Kzn!y91TnWL4DoCWX6^79vN
z=@!k?G@mHPom9CdMu&IMbJoI8azDy*k4`fP&cq_^545!#>JRp;x*^M2>RNYn4!)MU
zob&LmhFRs>KNkpBf2!()rUDCZwZVC!q8p!+lvb%U%hA(XPs2eh(jhQfM&DnTC!}wz
z7%FupH0v*t*P73D>K{`6KC+hX4A;=l|K(GY^sOH-4*^gj!bA*JHo>+ewf{K2D@=OQ
zEG5A{59Et;T9t_pdjW<QG*xd)R5Y8i6Q82(@|NVIHB$(&HjAIYeHBE*$|aO@ohnc<
z-6&tvIxCwTql!D7vNn*<BT(v*e8SmjDNj&SQOG&T+0H3*|5Whz`He18T^l|)`Fkf5
zVDN$&d3!{%Fr}dtWc?Y$aXI}y2ip4SYUa8#(ZprX+U9r2i+S5fils}T*n}S5@M0cO
z?T%#VsO$GRU2I`Q*i#qdRQasyHe^)r{Q>9m;&taql#6Ngh)qB&wn6huBHBFP`nU+)
zJxVvui|m{@1LpJn&%ddx94!me{DHikp=L{=glB=IWo~ESc=8`^kt9lyq_-tS7v<5d
z=y<1`b)&ftt4NB?#vH0h(&As=l@r;Jb6i1Q)-nu}tiO!?fSc3e7Y}+~9K4WqZDXf2
zS@>aox`8|N*~6x27~J=_WKU3}PvaMb9{I=?KEc^92N3(K{UeLhFOLS_-<edU$G5G}
zvU2Izc3@{-gqSN~PE}>Fx6rPBV;M(jOgnzbZk~jJlNT>Y@{uU-#LeSrh4B!iV!CE4
z7R7FJ-3e^MbN~(vodKG%07K-rDjX7O>=-t&)EykUbP-q2C9Za72#n-zyNvL-fA;$n
zbEG&Edeh^mU+}7!HP7-~3sb~%bok~t9Z|8ja9&>@#{(3};=DteJ~v08pfMWw8DH!f
z=j{U&<0y_au*KMWNhTs&hDWo$TZ<zep6lIeJj7}UR?Iwmr&&;oMrAVKGmdeevDxT4
zx{!GW2l%cWjzJTso);bF+b(?3-ShZ*$SWo*JDi!_9(x`Li1B^GxNkGm_48eXf*if{
z57J5?9nLb??2@SxSwT!-sCc;uY#2B7H;yiI&d(z45DX_C_P;1@lsQcOA4TJ|Pn}6Z
z7FZ1IutfvCV@XWG7r2}>PP(3}+;3#5bH$1Mur&KE+-oc=I_Z{5=W{4Mdl+XhR>{?{
zLJ3kM%vE;vsO*f!#<(tAtfk8;^eFROxhl3Cp^Mz$nVJ({K~JG$Zguu9@^9=49`eXm
zoV@eszbCzF!-%9AiIWdj_TsXj&|q@QBQ=C7&TUW3KFh%}mF&IEfet2V87h{MR?S2k
z+0r4<J#cUxC<6udF0m!}6i_6*7fD_gyuIctATT}{z+Bb5m=p9eNQnYz&@NG=<1eWh
zeD<lROj{iF)I<Gb$4MZUr3fIOFt>`yyYkz3P$>L6OR3qVliRg}xp39k>%FvfJqe+@
zzlv(Ny4(csLgp@6EN%jz7;)A%!Js5F*f8U-!IdA{mzvp7TBpj9ms<-8b!SY1oT#wC
ze4<9|?zwVg#bbNgoL<U)Ml1Z<mF`($aVXc9$zerniOkmX5a-C>pIAd#N<3FA*v|Ps
z!6;f>x6e~Rr97@I6=~=OvxnC(7kCsbANJ}TcVOs3t~Lusc{(?A1y&pUpEG*}WE%c7
zAD+PZ)WmX{CWT)U!SSi&D$2S1jYzQY+?fB%>KX#}9Gt~>j;&?EId8x#RBkk2k!;pH
z9eNj@iaBwMCHnJLuw2q*XPy{B3+tWf3Z-L}F1sK}+LnHt79QYhxYGYIb>GjF_r!!J
z<zV($7ToS|E;jtV1!UK(wCo6_h7^6KBmQr-nh=UDHHK*ph}1nPyQW>QYpL&a#my0F
z<zy*u0ygH|#ZGhZi+JkeP7yEB;@*gi&yK*)tKo>idPZ9Nc0yFJ)5e|frrjRu$xK$Z
zwBlC-h5v@S<D=A*waN@jYaac^IMred-0M%+Tp_)4LE6Quva05lZ=9bW=0dFMJaQ03
zJ$<vhN@6-;d^i&qN{tE4_hbYOo$UO>+4yScbbi)^6gusO7tW}adwJE?>A!@$)F;w2
zqx#7Z4zcQW&Sl=>>K}}<{C=&q;XNPC&3kn>0MAnA1QELl7UtN~{r#QsFzIyA*Dx=p
zs<v)Ad=w;+HvH@;#8mV%e_^~aA(Jg1S5T5i^O_xFQ-0get-J3xs`_C7tHPHy?K~>s
zCHkSV=!wQz^MzVUNLJX_-GF^_2VqR8)dvUfQ1yX9-1wSi7FRw8K3FMHVRZD2);mU$
z&KT!Bi~W({^l+VozAYM_YgGB;D^cNI$AtqSk6rzpxkM~S?+c{y6=cN}(V49~y#l?j
ze*we%oD+uc4@%OSp#mlybFufRgl}|Kq$JAF`5c0DDo_Gg_I?}vUY|0dq);&2D7ql<
z6k}pb=k4u|{F6STy!pBH+Ww(QKQ_yLHruv=13Ce02Zo^VJqLObU1W;yIgjH^&naNM
zXosg%>6V@NI;1nOO!F<B&mfN|1*R}nB>vKS(yvgE%=INx;>uIZ`<Svdk6V+1_MX!F
z24x|se#jLG%CZIQ%4m8R;eOD{bpXHr3e(Q@?oj943B7rLP157C+YCtdVdl<hyJ&K;
zL^7#!i2-_|BKsL>bPVClDSr2eI#yrzKFRDjsf?#au!3%u!`$u{^O^D;<7=u$5Z*r!
zRryFk7t7RQoDuO=z3MgvH}9tU&*#G|goHQ$^BWTZZki6x0%l9KaD<Zj_Y_pb%+-8x
z78H`IoF;peOro~KDVwFd$*t1vo1D3|xl^SYHP!s-Z~ru%+FO~1srt<1P_t`|{o!>w
zk!i2%@WfNfT$J&#5uJKz*M6Kq&`CdDPP%Wx28A{>$BZafK0DT*RXvL3u&bpU3aRur
zx)dEMQYFRC!lsvCgC3lLY2M@7LEf*|oI~yHg6Y;XJ!xwUomdmkF=~0KiwS`@9T*e(
zp(MBPTN7dTxsU)*FTaxpxGN6ojDES>d?rlg7v-FquQY}cjrQHS3!+Uh`ZoQ2D*BcS
zgu6YCx}$lgbf{|lfxxrC6-xW#f&zv+8vhL>hwl3t?`%;HhMD$C_BcrexT?qWhn$!4
zSUWSh7)P&t^{f?3Ui14IS3zTNjWELG%>`YGhaTzE9VDWOlEb9u+Zvv+c`H+zhNfyN
z<grJ2(5z|wt}#c6H_ZEv4rAUDkbPdYs{G9W;PPV};Kcz*iBEGS=Yz&v7q(J@LKqRE
zlVll_+Om!8f~ze>ScY`*L1?Eepe7(Hu*x-h3~{2NZsF~0o^UYmCW|IpVyOXX(VhC*
zg)H@B2nKp@$j5M`xdNg_;9G^4mw$|xWS?41lJnlDJ1G<SLh3qrJl>i+P6tR2VmV@9
zYyN;>tdeq+={BOD!5E9rI1dZ6&v>GqHe1nAaZ-%eJyV66nEB{s$8B?x+9qWThG7Ls
z7p>-HGNJsI?LCa?w$jV-#>Na_<)LzoI|-RDvN9}nrnBTx2cGP!j{3dIOi4%knuq=g
z$FQZiKW&~PdDEsxnuE}2dE_Z1u64zOa|X^_S+yxmOAK=R!DPoCmOFt_+K-(P%a}+?
zb)Fp;u#K#vqaYFaI$Y&fG7s;t-__AFT$BBWW&X3S)4NX_c`0W+DcjI%)!@D|c0Pu}
z*$EUOWUet4i>7f6&!c*$FvwFpYduT+HyjIm8Yl-sY&5`S`NnMCvJ$LP|6T?~$Nyy$
zw)A?xNx0;{UlHsGORaHJu5tVPO*qJFq+IoJnN@EO+sv4nL<!NFgM5s`UCqP2iBT|m
zqoMx{t&0NRocX7pd<{d@a;tADbhmV_nqijNh(1rZl$4_wnr#f-eyKNEC5|>4+ojX3
zX}Z9>GZDMwnb}YZq=KBsLzPJb_f}O>tQFW;@^@p3foH$=-Zr{N(Qpira$uMwWDR%w
z2#*`@vPngE&A`Fz$KzYww%X#kc17Live{C@3Qx{D9@WvnJbkg(Vi@ob{=Mk}g;J6k
zC{F>G@IAMO>9J8s<rq1d%H-{B>_#(YBijq10&ixVNpQdLr&@1aw0*ScjJ=#y!A%F2
z4ohhrVh;o48+WGrl8spuH&L~AVF8P>KS$V=_|>#KSRjd)Pe7if<KsEvmVy~USX^|$
z?!l&30JlY}i<iRvIxSw1m+^C_vi$xa2K+-uakec3SfcOj6fx3Gj;AHwGG&=LagO<7
z>~;l*LHX*a_;{E)#~*Owj;_qA*eb|H9rSU-OCTDtNu9U9_)(KEoF**Y`xKM0eE__5
zGH9KY|BbVAjO{Io`gF}(-rBZp+wQGxoB!Ipwe9xSwr$(Ct?7$N=1nG<WKPaWcCwSb
zzpkA1{GK(kk;D$QY(`B7fK#n%X$=WGH0&?NW;z0=vjO~0T^>H#?cYBeKcVJn8>W-l
zEyH)s@k7`8bF(HkFy*46FD*za1-PF;O-BS(cLcP3j)<RAY4Ep3<;hr=tEzY>lV3LH
zB>c0)%~il@>jd4|LwtuZxg=$pR7GzuYftNZkUi<<|BG77e3h)iv@`c7_{Eem@-7dO
z6#Cymq3WJfpJ5?gERsfOqnXdZtQ`37LBrZQU#(CxD-ScH7TT9?sb7q}pN5k*Efdr$
zRA)}7ezVSSYnU^hFySktyV-!<<m4t=D>#jF>UQdE`{9q-Y|VVbYC8Z$pi{_%>Z*{(
zXjNAJ7VbB81$W#!`64ZXX(l!vS+aGzt-o$gf++g?UmP-D%$IVp^%0xR6F(VhFcnPd
z0Y2f@jx9uVB;_}6y_H*5cs4Vr=g?o&cVa%okv_;CyGIs#AoA=e#t6A=8Z*}M+{%pB
z=c|ts27@J#!RMQERnDdw3dpQHHtyOXv3vd0hpsi6;Pw3gK3(ud7fkWyL^}pww}>i6
zHk=KtXg@S~<Bwlae`s1fYeq*NImD!HjpW_{RmnGlCdULll2VW)syGb&$n{C@F;B3g
zpobxFPq}cJ(>#=V3Z%W--)~jCj&Pr+d^Nk)fgms5YPR%B7O~kAV~%FA551jIBRhdf
zfY6Wy*r%XY1X7RZ<ZVpafpDu|++E!5*u(YWKCWGtPG(8VI8W+{H)aoDR*FxnP6^=W
z#5vCE)yjU%8h4~M410;)-K`UuhyA_V{I+Qy1LTy!{?DgPwPvDC0BJi*>Lk*#r8)Xc
z>MqU{oMI5V6K(`$r|i$YIk;|I{E<wpsf6-Z&ZOv1>~p4P@mE&KC^U6%?S1uVDld!4
zG{iawVE1?dUX50uS!hE?&SKWH(O!Y7SQ!c}i<-Gf6WiRu->p7Wl2P=Xwd9GO<E()!
zDZ=+dn3FGp@vTCtF0&|Wn!%nn&PFU0smb{_#oW3K>;}|h<8uneeiq^$tc80#g(4lG
zH-U#Y)t{x9XyLm6!Evp}CH_Iygu&G@mcekjDn2>G>r5s}R}yX<YaDS@`<NsaQ8Z)(
z?E8_kuI?H-u4)VJDLO~!#;?foQ`IYZCB{nlI(%i}Lk8$2Cb5UVK&ApQ02fHE4kzJr
zKKt!syT7M@1A-@9UzF#wh7K0x5X!&Qf!=DIi;Eb>7{#0MIy#0VMo&SKF5D7?+tKkk
z5vFO3$sl7_sh<vQ&ZpBNb>SejzB-!Ytr>r%C&&It+fwD|@UR!rK$g11ysN2~Sh(0{
za&eP(gXBupX@<>nXax2paER4*iyMaXY9u_-dVCa}i^>H~Ay+N-9}d2W@5)VKJOixk
zCl_Q)XKWoWROcmi*iAuujLUXfzrRG1oukveJbWGmmZ#b01BOpGq(*BkX^|{~tq&sX
z_x7OZ#c$`|pEp=AB8=;~LUTe1qWooE4qO<Ib+HI4?uNCQx>9k@Rp2-Ax;NC!EVl9M
zH>!`MgJl55k*QbPR?JNVOJP*;lNT~9#uY3U$w_QzM~XP(lbY^k?FOv*n<;yiBvri1
zCOm(N398CUU8!|pG4T<E$@K=IbZJSxxs9W>tQbupzn#wC)TDh~KIB^#;%8=dKQ)PW
z<yyi91W}^j;6<x&ZD@)bCA8*MbJ*7`JmGq6_fMbtCE+n(c<Mtw`@a&R-p414C>@{J
z+$pRlrt}p8%aVLQ)NVd+pPeq?YaIaFsHN7ByT&=cC(8k-yQ|z>Jlt;XWXos#En=C{
z@z51av5z*(IC2#{WJSMfJvs7y&)0oa;>%M=Q)+nYUi-<nNl&)SQi6@9o`zk`)`AyM
zt)#S7p@7f-rM;Yz@oGKmE@P=hyyYya9lG56vzc!RDxbAprZNdmm>(6khv*p07tYK)
zBYU1xWAZLqszVYYS&<+_)W-HZ@0+p(O@ROL3I*YuFE^OftA<*QQ$y&2Q<1H3rRSme
zyg^oMaw0&IF6eaX?6^|IWcU1oK`$Le&+MClVOYSb6=i~md+jo4Mw~X0R&RbpB$be`
zU<pL$q=2RX#d#gd3i?!CGdMLPHAvxmURBC!Q!V3^0bDR^*>UPtm*TuVC(_^Fj(p&U
z5E`9XtJC2a1%hD8Yl}#}=D8Umps>x2E`=IV_!oICX%zNy<Vo!wxyd}+oW_=gh<`oZ
zq>YM(6>;n%<!M_QJ}mTY_-Uoz26kMJnGBSfR(`I3rkU4<4Hz_nLmYJUY6;54<JY6m
z0zjDlX+EsS;%r~#kP82rn&h#L6>?tZmI8zSrB?w5({@E_Rn3c|o2Y1#!iN~;j?D~0
zHv2a1cBq}~^P-++d_7wU$*`F_XBH(XpdL_HA*DO778Dowkl>5Mv-ualRm}yl6+jku
zG2u0<YRP9(f#V_GGXpftdZ}f!X0<@zqAsMlYdIsn@?xLqAk+Anex+!vSTwbW=RE8D
z#hW}@YUxD3Z&Z6m)+XOOs4g@qPt=DS*bG4Ly3oM+U0JkZ0eL6%5LKE@{`W{`L9I6Z
zbV2)Kc%gamYXakx3unHHs+O0?aCD~p^-BbvYRz|xf^9+M014)3JcF~I0X^r05%a=f
z7l8EJPQN9=;5J_@A^LN1eE>YEpyHf@gcCROcdAu>wi@2l@4MS{$IRM(R2WL|Sw3*m
zl7=1#T*u8;F{Vz1F#O0FDcI(N0y#o_#2ed~Fj3+Pz@G&!MUz*0QxC>gl_eI=Y2)7|
zp|!=2IG}czA9hQrc;KIhDRd9d;bhfn5ibD6O}l8-Qc%HiwDo3|FrapMew}BQTq-wY
z%~~x{NmR*mw&)VEP9HQ$Yf~y#b}~@^AdHbDP6g9twbKy5nf`!VVI^!w>o4p%uUPX?
zZnA3p+O`_Aj!JJBW{(18d_5`|=Wk5SX4$b8ei(xqr%RhP150TS(61!#oa-`+LCeu7
zH}3oMvddM0>i|=@0w(J(<!e1g$JZ0BhAQ%Z`{MD3E}I&tD`Rq|eDd6{wUEuP<iDpW
zA6>aef{S?GnXzY0wHrU*6s{0#nx5Z0f{jF--SE_<6ZC*3>f19wK}n<5m`<w{s=`-x
zH(~nTdo5_)&^DMTm^75&Jc|&5u9c+)EyXlSH0NQiXgcgSv_+f<N%}~qyO2QpizKNU
z_wBY<I9qPBk4N9xXm5YZH9zaIBtS;GdG6h@xXqBx$B>xOh|}#}i^izt4XY?UogXK1
zOuy(<;)cpEPcQ1yo4lixJopciQI!9|z%aLzOJH3D;veZ&{AvJur&el$(6HMY50X$^
zT+r3vSJw1V)#usU_r4u42r7tAYfT)DsrpjQuM(%moh6h%Zo|s=;QO*FRhW-B8-aN^
zUD4sIwhMhiGPtX1*aq*XdYD|gY-hcQh;iIF>0U=!>H5TLb;attD1jf@F*UiB2G{l8
zTs-;{xPp1i@LrU*t@v1T$_E)+wvFz)(kI)Hq&dA;@>ON<NS9>mpEzRK%iY)Br>pGq
zps;H-{P^br{59Jhcd8tS+fG|Wp~baAKCtCsWCvtivD}pXOzqPm#lrZsM3psx%;Lpj
zz7o~S>M&t7_eZrXR&9oDa(D#d_(IEgOZW8VSv$6@`xskC8v>E;p@w0J!mWC)n|e@5
zD%0vQqxM|G{%=SvqO`*9fxAa<Ow6Tts?O#mv80siaVJF2S0;;Ql6BJDL2ElV({Y(D
zTuPJHET=W?JZv`?W^CE#-rZ!_E^oMYqvCzi0>DcZzh1~Kzx-oBJn(dI*>*(kdYX54
z8Z(o--nm^;ZLtkqn!I7PHEM3tVoUz*pa&-2#x7hMQ_b50x*Q?Z&@Hihocu(V`mas-
zRJ)j=DU!sDm_m|nX((S){nQkDqVB}dM>%WJFdG_@gU&rtqoGl`=%5kwo!jAaU=lWF
z@M$L33t+New_LWit-#KdVSfSEG5Iyfo`QV*^2hw!_ot`){SDj$&Hp4+32tQDBUh`R
z_Az)@L!AR0DgKNDE0k3D#$tF^;C&IjdNjH1w4T9o)Hyn{T4F3o)2L3&xYd?K%E&)7
z%qL5HYXK2{>z&iux!xX;QU8u>w>ma|{lS9&PV@E3+Pk<J6Z(RafJW(7z5l7D!F6C4
za(U0fg|ZDD3F4;Dh6P2#rbbM^HJ3zMZO@w`rQ3hX`y^L39c)e#K8$c-km4w7<Q6bW
z(BWm3tseWkyN{b*1k*JVxTM5s_~^oG`sH2Gl{`fZs>4SbQD}*5tCux$Lb~HzrXxW5
zs5Un6nKQU-zfsWruSdRbxA{3GYvLbR>D^VmLCb<-?ry1;a_Vu{n<~1ZOB{w3c-_55
zAn@X1E8~I4jymIkijG7kpB{pJQiA;`ce&y;>pc_gNsr_=In0i@^BW8=0p`a6tyWX`
zwWKjW9lYR@w4vRdCsoHe2!05uZd&6Kcvn{okliB=;2t^5D}wf0B0$w&3LHFlr+l%N
z_<Y^yp0Y?2u{v3jqCUmwa133!wHMR)ZT^h6axnwyvfot|Yr)XI=oYbNG%_z4;;!rJ
zOMM5qd9*KTcVM-&*A6ZL>Yk@+<nATvOJ`tu3R4L->PV-r)Kab$DLzfH?C!J&=xe4c
z9J;4T9?*2Umq~m^+@C!4b~mM|ivdm)U`r1$x)8~SIPR3GbDULdP@Q+zox*iWr9e&x
zv1&F%87TRkJ{n3;bht?{NcRV#!I?qy*sE!Uq&_LCl%>Pm2KOeMw-GzwgsPNWXf*?J
z=1G({V>_>t%veT5nE$~iV&Y$F)qP6R{s*5pxEFQn<X4X-#@t_V@fjlY-+W?)A>`xD
zo|ijM7KG5ENx!?@ZQST>%LTU_&v<gu^nFDU6Mw3jX(&1ly*Xagc&nnk++(K{*o3Bk
zrE%GFVJdR-S^U>$L=6SE5?QjOdwNZ0(ubfTz9y~GeW8Kt_+1~FO9QQrC0Q<Uw0+}U
zDxefa(}gtc)0FnjR9WN+f?PTfPE=uNamzZH6w5>6iR(HnQ91FWyx{de`9xXn#9u>$
zo4cdv6h%F%|8U(kt2gCrw<daS&JsvnO}$rRx?4r4vKz<goOLC>q-rN*Gczrbv17tp
zoeGS#@kCMBKcSZ?hmSK;R!pXtQja&*j_YgFTB(hy+60qI*6LJuiDGr+PNI|QsCyQ7
z{*}V+QA#hx+lTBg*;Es4HU(MrV(Q?ITHGniRP>zg|0-W`kb|g!Wdm!x3qgM0>RH`s
z33M$`LI|xUC{1j^4W;l#38|W^(K5hy%AA1c@(|*MU1dsa^ICyH7cK-z_E&P0aN2Fg
zd`c`un%^5GB2JacOyKQ4IE}j1T(n5^C@@>=(u<HvK(apr69rZy_lgENsC`2|li-If
zT4p6CCKh1t+$D$H4fu<Kfy7yfTq0>?1s~aUf@AO<Qc|xf*H0h1T}m^i1VxBIt!^Cw
z_mnSkQsWW1cN85(f^Q{{Uw?kMYrf7iKtl!?w3EOjAH4GXjaC=m(8JpB$A@;1T07oe
zQ^<iP$#V)tz#)(5Vs`rYdPPcGE8efCX%&9aN>4xA)1N&)-oc{JnzG%jRw?#aNn6aP
z5jYSBDQG(;WyASP(_DN0Jo+}mie9$w>KEFt5bZr{t-kBizUzYEZCEjZe{?8W2l+ny
zRQ@>N@!}vwzl_uL7sp4yv3))|6^zN0<9oedCDNV2*Op*P7>X7OB~S+J#Pxq~qm7#W
zBni&`gxd@T@&A6UQCBBx{1<dosC=JCl%1FY)y?Ec9K}eBXk^MhNd2y4Z=nd0l0309
z7tmWI3PVTRwlf!xtF1ZLYeL0`KucT3VZgpwxj2W;*UVz(VPwQI`jlaIi2eF!Q8BR_
zv*1gUa-^=GQ4Zd*B9S+~u1D3}zk;AmR+jVb><3Y%ZUde`*;F$VZDyq`(IYN3fRn|x
zjM?Uqq%2FwmXBO|iPyK9%k@^Yk)@I(z8%_ke{~=MSHCh{IB<|vBnh=p<(_ycJz%Jm
z3bmMYPF4GPM-4Px;OEmX87k9fTU3q8E9=UdOgUwewZ~$ujji-5RLsWKmJRVM7d79Z
zp^t)Se&$M#uE~$oJ-I-axLnwP8ox>`f^ht3)aHv2B`222Czd1QPn1zSM9)=6J@a9$
z!O#(pN#pUYRo;5VW)bE{rIa^Iv&n21G`5Bwb~u<oz+3Q{<0~8umfqMSh||8wI;oWT
zYM=prVa3k7nSlZs33rqKwA1gckwg;sl+lWLwe;7VU?S|LJl7I@R*F(>t-<HxiX)py
z&7CUdT$}PQ|6m9=8~!4#LDhlHLX<Zu`CaG*sA!{aK6`Vlm`M?cZ^F-&C{FSfg$t<7
z%+BjjQP2885_pwF&&)jUc;d}DV=T=`Mwm;lHZL&Odx-s1DUB$72(XyaFmon%k(nl)
zH0O-d>?1m6L$o9(W3`o3<;meUr@}PTALbvhthh3Uqw7nQr#bI&(sbU!2V2OyTuham
zO{FN~BeR0>oYlqz<0mT?xQJyvUB@yc)!r`(hw4WwT>I!pZ-v78Zkzn~F;fWRiEWj+
z_Sj~T=1Hky*NW}C$W+{mfAy~yGW@HS==QMJwS^PN$sP`d=055WIUle$RsSew`?S~0
z!3GR%dNVY3YA54X^7=RYh7)9S@CvLeM3!v2496TuxVjVqTAN}Uc|yr>y9>ctt)Dts
zh5AMG&jr_eX#<J-@=sDxfqgcv+%AQIawOS<YN*Z@c<C#AYr{U-m{`W8M0lJJ1{L+@
zh+N^h3a5a&@~F1=M(so^*iTbX?_%(NpAHLn)>TYJ*7sPqjd}A_d*Vt&re*?9J5l7f
zU)gDdXOQg~(wFtnQuYPCL=ne&f6~JKP0DmF>*L5f8*g8iY;29)yiw#!8L?yI2N0N-
z`WwK$l*H4}<pNW(p^aK6f5mDwt4Y~M0c0I`%AlluRZ^X9eWGd*Da&p7N&@-hj#o(j
zLUP6{^Ch6*sCp)V#DOtQq8no~gF!-lJCaz&Zme%lZk;^H4{(=mo6}K@9sY2s26@?K
zo|5>m*8&=yr{s>xgerF{277*Q=glrDHzkSOePk2gctni->O1jgsQ;&A`fn~W{Ac;U
zAKae>%Fp-1MWR5XL8C+CK%+tvLK8z1L6bvMK~q9gKr{Z3lAO?7&;mcCq%^cFkktPt
zE9qkUKOw&#VDjhU{|OG}jH9ecLH~H2e`W?V{_OsrtmXgB$M<uliLH^H@sF49zo@}V
zH4ByB8faBg;1a-bM1rn_LSeu`A|hz3L?ik6`2-YerjVe7g7FkWup{}E0oVnb28tG_
z8{jyKD%uLpJ;9<5z$hE`d0L8!S|XmhaWh6a%uX@<#Z#@V+wWIy+nv=@70<{_ZeJu&
zOf5JVJT^}(hamJ&0m1}Obxi6Mg&U}QD3TjgwwY2xsN+G7aUy8d49MZY$WEe6;Oay2
z$meCo$eFoNDYwcmLPZ>+y{coaO5s9f6>(?7kxAOYOyI`Yz>KLXy(wZbQHp{}br5k$
zhGl;!<rbr&;(M#(>HkKs8Ud1+rldik??m#ML`li^68ZE96D3+4)0~s!aP-O%l}TZ)
z^jg>Qx!mbtg6Na5e6UIVdnMWg<FyMxEW>H!s;K4S?gRlHhj!)><E5#rqu?Fz=uNP_
z({7pLzGY7-Kmh?gdxT*-&|BmX7I>@-WDKAf%0^%jxDfLT4V)NY^^4XZCVX&57(y(p
z;;|tfbOIEJs4+W1Ld1S0F$4-=7?~HFF)}vd=KfG3a3Ty|uH1{EYqm|?r1ac&>rZ;m
zs_Z=)7#X-i!b0c5mt{9-F}(Sa06#ZuL+cn`q^JcRA~7}xKK}*-Yl#A4B?c;OP9+#W
z*bu~w`_u^OgzyIasOaFCQh{LmQsT;n9U-cXf+-?}Ed%>*!Vm|<d{5Zar4ZR-0zRlT
z!yyY|qc@CI3^D^>dSNEKO5yy{<_QsfWYx|Lfm!w;{rGUxa`!Od!g6X!7Ob72a(cf~
zXn|sxI?RB(G-E3kxLabaUJ_=qRUE;RU73F&jArq)h>4RVTKQX8Lm>KKSq%Qx!F2+R
z(&%-pTX~HdXfS&xD*C`Z<}FJR^AKoabw?*gE%+t2z(vCWb8Krv3>~$2vPMmoP$IH~
zsUrIdh^#D-M*W4iSja(_98jwL^BfGLx|^Wxus!o>#*kn|m?t6x<`BArf?CmeRba@}
z1ZlaEak5BI)-M#^^Ai$MLjVp29epSUB8C@i86YuWu|-2>{Ugmu3cN#F2b@eUrjmBH
zZIz0~dBcx9i}T%%Y&QJiAjBkV7WCtP4If}Oc!lp4tEf9P4LmyM;xG2$$kQ%hY;=tx
zBm1`^Jb1~@3G4~e8JBwt10Y?mZTJ7qqjwol(5l{%^;)#Uj%gO2Zf!d4tfCeTvGvI`
zqpAo0L^@1KL^@O#T;_1dmdW&XkK<6{>4+f;j=%(48x!>BMj~v==a6!7J}uJ7+A@59
z8VCu^{L;V)vv`22TK?(qhifN8ow~Qlxw>HQ9*jx}P}(CYf}KVVfT(_qSOkb0ND>_k
zC>26!X!}bMq1KA*adb(Q8%vUcENxHgYO|*Ay=74%rzw;phl|f+Y^Nmqox7kqszxYe
zLIwNydj0!$(P{~}XEA6a&;{8N6qf^ADXd$F5728P<`%B0n6|#=+_)Pl(9X}Eo(OFJ
z;M9P`A;+aP=9pU2((oC-7|JgbihRHBBV&LVW18om6-CfZk>h<Y<ux+tNlPG?waHI;
z(D?i~4VO2oCEOh^m}#%&HM!fzeCW|tB5xb;-AlpUTjUFs-@YwcgZriSh~tB`-gWd^
zq;(45msz5x^{rX0=01IhMF-P<UL0<_ziean9OF^`E_+V?YRXpRNl8A|Xm^-*Prg@c
zJG<%y8MrsH*+cq0{OG`TCA_>L>5-xnU4{EO^YjnvoF?mwu^C7gYy47k3V~|Su_<&W
zLrsjv#n-hyJ~>Hm4SDls0PxC4QEt8!&W*bN4glfDoo`-6v83l}m>$pG)b=8WuwvC6
zJHlr9>uHF>pB|Fja>4r8wi$$RvHo4t)CBLdHD>M8|0At_sp5RnQ{P=LNrQ*QSWQ6t
zZT8-^Nft%9;_f89pN`jMz8@UxV!)dp4Q-3NjBBeG8!egz>n7JA!Jm}zHDA@~lY)5;
zIJfet<Xj$l553r!&@#-jewAJd9jQ*PO+2)kgF6$(d#buTf%8~td+Lb}@QghsJ2<UG
zns^2FNJDF)UF>Rq7V|n|C{-o>!6<3i&n>0Bj;H)@LW0pvrjRtmlX-Kl-VK&l$?W>d
zu<ceu{PP1(gFQP>Z5#3WgvYBIc=RbOk)>jqmwyOXmg_}`!%nH;Hty$+hoxv{H|`c5
zKKk~lw(+kI0EPaNbxs1d_flu8f=ZM5805)Sq^Nk)kx?v;?K$op+Ang&JvHY?e6mEl
zN%swLJE=%j#$=XbF4oidiV_oP`XD&%XcCo4V%13u3O4i&A~o=1iRL-9<_0>J4oS-}
zyzL!-wPY*@rQ%HMO=ZQu&t*QrMU8F^{U&oo?6f+35AsI;ykzB09{`l$<-Z)?NKY>U
zk&{Yh!@E|lq?6BfoW~{2qSY>tNghbYynNwLX(nnr>qNFLuSc320p3@nL#Vbb>s}(G
zwe^77x>zTl+k9EU<m%>ww}WhB9qr4vP>uC*0s~PE9rH_qQz@UD;^Sv(^i`T?SX%lu
z?L}?X_3=N%0M<dLt>}e0<n;L>4O#P6b)!E<e=M#Obvn;l_lJ+fZ33%2+fgoWQEWWT
z9qSkOdj1+XRlErdI=$sSJ5#&*X<d1&5ij*5710iN*t%W3T-e1esp^p{mSCbSh`LNW
zs2)t`qdJC0Z=%^Z)ec=|pE9g|U+G`)?UwIaJ#Xe1<GbkP;M>!1kxpa6e`Pj(Z@ivI
z3yR8mQpFycTrWdqwy^TI;_Fvg^3Xzk6MS+Z*4)dR2EXkmki_bfmn{~hM|Vt>wTOd8
zo};})>%8oAW`5KLu6WeeEnICCGxo%e+wMYMY?t}IJeC)rhk~zm!(NR>6)~Rsxn(`&
zuT}Fp%C_s(9@_COY<D?xV&z0$Q=i3BUWi9AyPJxBdYOLIW}_%H1~NJa`nY;`E)MTU
z<v~8=c^8x<@V8H`WWPRO4dH6i(ABg#Et|*;?TtBER72?TCKMvTcPVX$r*U_X8&(kw
zIJPMwk~hmXHf?8JHn$PeHU`!K!ct#^yQeYc(+dLSuJ^Y9tQnfS>)QP?F_I?tOqgA?
zKe+~Wug-n;Y)($o<D9|WU)NE0<Ab`GznLdZBc@r<(S8w2<3_>u;*!Sse|sumJ>)=k
z#}4hJK!LN0QJ(x+Kxq`kq`=Jz@XYlo<sTCyo-O@eXM`2}hWMX_89IP5G5Dt<%VY%t
zqWOOpX6ANI&b9_NCjXV>aD(Phxqg3+V#erSh{Akli*m6xg4Q_u6FDMB#h5BM6g8xf
z_?NU0SxT8onl#TCK|@NEh?FE8O>$Ps+r(pfXTAFS8&LiH)>`Ft<dc1T-}-z%VX%La
z4;pAQ(p1Cd#$eWt-K)=I!+;@!fQ~2k99~!#V4=t-IAPBgh%6;qS!sdv3-}C}EeQ#4
z!kFNb0{ADBftJA^fYhgdWkz70sLy3b5{!rAr}_E-U7)0K{t;OEMd&L79aNiY@UUa=
z+9E)ZbP2jkR0@I=1w=)gDhSt8&AFHUDIE7kO+*pUC``p0H3l;*v|B^*Wt{^g)`EbJ
z6Qf^GRLa3dJw~3`_k{3fM4Fi*mKUllDom;9qmr|j+eiHIq(oT9FZ`p6ye&`$tW2<C
z1$T`hzs8dKnwnE2)b4>lR%`h}ATW!Z`6he|NqryF_?=Dv%KZXRoXJC%yn!+IwW69p
ziYuwVu5=^Ao7D$k`b&h#nO&9Cy_C{$1tX0ZnUXc}r{e9%8-Twsq*{-JAPk1e-4@IN
ze-oeq)xP8&<kIhc4}8=6$I6+2)dlXP+q>|UhN7qu&?gNV)*Yxt_H9jTH=<k#=hc?|
z<LBu+d&TemE6<fQ1Ro63A*BFcP?PIT5e1Z!^rgJA&^-gJ0>Pb%CSxM`{SCic?3Y%X
zcJsZ-ud8OSkC>6770b}8U@8EXrNxQm#OoIIrKu&v8q)h>ou@I>qxMZFSce+_X#Wec
zpZK3Z$Zxi`{U}j;FjyR!SeksZd~za)GuxV)kOW5KIym5!y}IDAz(5Qp|Mr{pfd1aB
z5h9M?I6+2=u_8TyWqTSrI+-v52w)zG0e=p#RA_ss53p2EWP5bskjenWJ}?{}crbec
zyd6?)!X9Q0W4v86F!yZ4G(S=MQ4Ue~k=S0p2o6L6`%J_jK1BHgCX`13Fh5cKTO2*G
zu%U8wP>Kos{)j$foDLk}p%p}Xg-oC@&=zjmOa?pylw_c5#&qByC@?3#bKu@^VZ@n?
z#bE;24L>o#0ZRb@*bDpTJ5U%hguOjUNCI%21HsQQ_X5$p!r6So86-`NV8Q)e2?Jsl
z_<+4ug-kw8FrY_!0;C<{+`(N5p0GZ91Q8AoS0Eh9G0NsZHN#A_k$foN7!>qA#1{XD
z8zZQc86_ZKQd3}kAPPj90Oqmin5bk38K8!T2x;h%A`%=*;QRq#gI~syj)%%HB9i~A
ziZ~0j`I$29{(?%5_+O-hl7!$3A0;CIe`vtm300_O<3NT7V>luP0xd#PajI}C2*6VD
zWe1`hk#qP1A#H$Y?fxd@i^<uk2uX(AAwXLr7BZ10?BS5$;pdEk-6s$w06GAI=kybV
zKWH61K*KES5sVP33RB<>7b1WHc~huX*FGf_Ai`S!<&a<;A;heVVec(iR7X}1LRJqZ
zM$L2R*%Jgn5y7K|3Wz1N3=&rAClW>><CF~uO5yAU4-)#Jg8wdo5+z3JmmUGK?}-Q*
z1+Do@*6JvsO$!4_IS7}<tp}tQ7nm3_F&;l_seNzhJ5kXSH`Ygx81%E>?~*UCJ&G?u
zXq2193JYZ(G*gGcq2yAz6Y)lUT=x-l_w7*C#8yg?lq7jbaQMPVYfl0_7PBtu0w1pr
zDVqubNr|8;17~OsBN#g%rIm|EA)q=ZU<GUsA3rh)1G^g1*04lKw2Td=Gn=_Ey9R_4
zv!H1K+PuGpXe&zS^f%(K3-W?z)}n!i31#J<W$+y;b6y}|@w2bIGlx)5(fMP7B*H4L
zfz2LVY`T;NE@mofIk;Tl*XCP@jbYfG7#Mm?8!*LRoD!;Gm4YF}(Hs(u!W{=3IJUCD
z4`3c%_MRLr4`Mhl^-m<WC`1W)>;7KVJAy!G$k1o;F<fiEJpDK&9x-(P;Ngv55;XYL
z9TTwT)*0{AD#SkaB!Ma*7+U;$uwYf8Q*$C!VWv>Il7jUYv??!%22NynJ`=#I$dhe>
zwy1_rBDkgif}EHswl9Qcr{S1G0X4K9X`v0Hjqs(zDO{CW)3*5y3B74UVMDPydEUa>
zC;UhnK*5w)4$uFJ&CX_CTNfS*5~O`vWnI0I?M^||xv0@_FqMBeMk53#pw$z%a~2G)
z6D$FMsy85B!(j*s`n5^O0qZBw0Hi;olRpfbAO6?tp1-o@&uc@FjMMQ%1ZW`0LU3=~
zQZ7S}zs)c~o?^YmW^e=T#ve6!C<z*%Py3cS4ciTT<n<Ybt7mG7AVNVwA}DAClJk~s
z`oBHP&a<pKFvzE@IuOXKtUPWxHz{=ADOEtwH6iLBkrfRgyJutHu;15RXL|0F-A|2Q
zedix0de`(k>c_QwHSq;}Bv2C0%Tvw&PB-|iBxbCh6s)$jy?CB_t(zOY86h1%0RRA~
zH$XhF&7y1YvJ=q3AZUZ9>{ZN<o=~U8eaZS|D#5aJA#k0~@YwhX_xJCTv+ahZ)vdh~
zan<0+XR=nmy%kk!v6B^TU2&vvfL6cJa!`9Ln_0caMjPo&YjU7Fh`xX^hmlEdPY;ce
zRKdcB!kMn8ae?<dGyT(5V}r>|F7qA?-p<}@o;vFltOHckvVyd{w3|sR=1@peUn_wK
z&@WVh$4Dq`5B}ZkzCdApl1uyK?xt8hum|`;xXv#nq7!Qy&zhX4Z}0WP{I4SO&y+;{
z5Pn`Fzc+f>*Y1ML!@bwOG$a~dOQ?yxZUp)F?_2ypw1@0Abkjq0j9*Dh^u5p!6(zVM
zl`-LC$*uU0i@XEm1(3ms=zg$vviwGL-au7OaztM#uRepr>eG5SO!LgJ^lxkIiy|VC
z>Rq|mJREa;Z+%iY_2E0}UBdm5uF|^w+PysU4lL|5#@hMZjr)~K3zhpng7fNS-RD`H
zE3TEv@J~ccCkE5v>H6tmCsQ3-sX^+w`kE8Kru}xk;wJLl4xBu<=G2RTdN9JMa=pP0
z7G4tA24V8n<}CNSNBeQ-8eIhBVEK}2mo;OVotBYvqK(5ScC%6ubAKL0VbMgx)>%_d
zA@vcQ-paZBvNWUq^CVxAD0}cfF9#WYtrrc3rZFAwK;_255ya80ECPlzdIh(Vfr5+X
z^_V_?#|7@&9{U1}I@1Q_$>V-BgvVo@2jPw!z<WdVg8DA0AN|Nbb}O5zrrVC{WM=*(
z-z3io=K8cY*)~_V8~8x~a;|CbQF0IE@v=(%HhFDcMK#B+?xo`~ubPS0ruynF&!asj
z17TN6<@p{hZ?mxnL!zUz`!aN*tU0ZNm;`kGK^vah8(RRr4$%n8UuPa_=PTzsm2z`B
z$2rDA_qEIWaHNF0FPLkj*8%xK@rzHHq^xt7sNopn(vwEBRXkjGYo1*m$NimVVR15B
zx3w&G{g7YD>Rx8zf7haQRQc4k;|ftu-5>a*+h$}bU?e;26@BVb8CGxij^zFobk96(
z{lNHqfaN?b{~D9(ced=54&SsN7r1E^y)skxzaxMtLuaJil%O?_<rb|T{$#<WHmaz5
z+DpZ^NT=>h2k?iKpl68472sC8JWO`!<V4JE+Bo695*^3K>Zs!SyGzkrb4~C9ISw$+
zr~li2cDC}N>!8!kHUxWl{<-y{ZO}`5cq))oZ$;z^nV;-SDlbU8+&b+&Xr?lN5n4j=
z$jeeR3|^v@{-ESHeKw_UNM?S}%{Vld5OMR=qH}tO&Dj3$<v!LS18gmc(+D@2`++1b
z((HO4jw6|0buV@=0cS;S_3M<Z^0kYVaggXwV4QL;IH0j5A-4RSj|lJ9C%Wu&oUeKy
zY|<QqtvWZC!|=z0#!W+}$*^6uY|EZAJ_v;N4ZUPu87~7(_>`y?mFzi1suG$GSk)c&
zv!%1KJ@`)Myf@0<TUqn+m{QQ-p!2g;5xrl$d1}NrTho)V#BQ?uolb&XRMg+p;sa)m
zcj`KaGvoeLZ}zcRQ|G!H0wIE?eUzUc#RpgsxdpO6DDhlmS?pp1l|0A$!ALgVj8#r=
zN39Zb*zo)Q!b9*WOOrvIQC^fnFzM8`$np?wdr|CC=KTv~`{1Lw@A~W|n{1V%BWv68
z7!QSzj#ejgbHgxPcq|r_p69{V3`3!5z)jCLk*urLTil_F{p4}Y<WRa9;3|6SF9LHl
z{ui18I?-);o6U5_!!i3?anvjPxWohp{lk_Kgb%h<Wf;QL>5b~%y@VC7IPLbuHMSKo
zNiF}Egf3*SK~|*4A>+LSOuf-)q?#OU7}DsajQdV8(<1@n>vFHQe=elld3bgG8~w%B
z+o^LWb(cbwtoO}f<0Jj_XuHD78Spw>DWyFh?q3D`o7bipouWff*1Sp$TMcE*e`ulw
zxn}6m;a)gJ3$E<qgbnZuiyS21i6bsFF5PQ6Y4nuNxY%K+SA;<E5h=}N?#D8!W@+-2
zeUYy6lx|;Z)K0f&<D=&9*83>E^-*DHxQ|X=>3cbBjqwBM^Lu6;FFx*hFaud|F3g1s
zYaXz!*kl*3n;tWHx?9>0>x0#+$LMqm*n?2W2+&vat+BBx@}=CgKBmKA^$JJ7JFVm+
zn(D2#FRfdg-tPVex+uo2EpY<I(_Gjh&rwRZMqM<Hs;!|TSowHZgF(aV1`|I+1|<5u
z4dx};X>(s0^EjX1=tI^$7N=7+l7b3On@2yYF5eqq5v;J6jQDN$jK%?W+a8YPL&8$9
zR&k%j1AT)rG_+6l2GnL2i~x(<ggGOD6I$;OGa8W-8;OcOw9)$7%Ag|R9q01|=eSwm
za68blybpOR&nc{Bn)ZvG*e$2UZ`jAz3zxK<JMV2~ywj1!rmO{*6`Q<z@t8N=CBRcJ
zS(jFf+Z}vSM#kF5R!GiD3U!myG2J6pbv^{@{$6C)i!_*2&d_Aq&_UfDWa#S|TmR3b
zMWW5{5l+z^h2o@Nl<c`(P#0SzWg16(_Vdc07R8gX|A@k?^5NU9*wpFsRu5e+R=)s@
zf}7j6zNE1}m#rI)MxBbkozy>0c_xGKIJWaR3Siw9^i+1p3)kttQ9$6y69)dO0@6Pd
z+WO6??%Bjr<uk}i&^WY<_!8GEj4O^rKmRCxsHWHzUXOF80sY;6BGUtv-F@aI2AK}q
zvJYOWeU%;XHQeG-Pq1!Jcz079xW0{^A6kelk`<9`lqZ%y3qP_vkBM+G_ntyX#*=z^
z+;}GM@u^%*IijtcnRP8Fk$kDoysDp!2&L8SGz6R8G(f;2!r?17-dYv5XbtB)vG(r5
z6_m(G@<x1Kax1Wt8(a@WuL-5+q3b@O9rg)|=l(n6IsBn8UU@M^9D+POea@}H+6CQ(
z=j7NxkZ*12TRnB!c?~m<o_QV&j<BjU1jC6JI^CZ!9%6!U?{)l`Jk`aaO*Ef)*kL4>
ziIGLuVCU2UGh^PpKDu8p%Uf_M7QUwnXP0jc!qzmzY1qVz%}`>8=6z~-_f_#aGhotb
zg+Gb<Z!UC#e?YH0zWh~H{k-C4<SV|Y6Aq5sN>(mM9I*Jx(XL9B&6xLrkglG{b$#z}
zAzL=$y6%*5<QyjbB~BK|x6vg+*BwM?bsR(aL}xNgZ%Qnx6LMxXQzy!8X88LB#)@r&
z=IXc^L&ebg2_dY}BGEVJ<4voG_r8bJz23++WC@hG_Iar`qyFtR_y}lIw;4=cac+cX
z7tfM&urUWMN09r;iKp{1yz=W!b6DZA$%Wt0db=vc-Fe}x+3qrKDTm%@S_&~mX?MH|
zJydUau8VfPn+Gxe%_@fd?dy+T`pEM0x<q7J30m2#c#1PMt<m-Hpk_ufJG4ChWvkmu
z!{s}0UaS8e?>0Z|X6E`u#z8tO;yMPv()aDOO0@N%q&B652rXU<Jz+G#yv?+4FYQGX
zw5TTd_iZG(%C-$lJEOr1Wi(Hu>>r6TsrZuCw_}_7FIH+6_H)7A3O-U?;Yv+-D9xs<
z<)2_i8i11gOR-7^G^3E4;RS_^-A*z?hYwtjk9E6%6<LGF)OE-3+wHor{g7uq^6iS4
zR7BZomHDu={}1|_{+X>f9_WgOSi)X#g=6fkHL=i9U4-KpBA;rgI+Ns*f%fOF3d3w9
zeEo!lbM*+~%J*XVd~gYa50AuiBiRzQ!?`+bB45sYU{nlu4o^J)TTzOx9gWpI^%Zk}
z`~*Z*z?Z#c+54(EhuBG3%x|6KxH*s0V7Sfj2d$y52`zYXvx=%TIKr*ovgoTlz4NI*
zN3;)CQjLo<;41pDh@=NJ@~0bunI3k&Bzyub7Q8yN<PVY(hqz1jwe=D6E%aYze$`=G
zSou0sEXrN?79g>pdamN@!sFJ?_!S#<41tudrD2m{@iaW^*!&ze{B&!rr0Z0OPZAR7
z&)UZAbPj-8YU^Kmu{c#>Ib&bNr;lVR8b5ZXf|iefzx!FqAN8UFl6IkXtAE3dGu~&u
z_(-01-*!|=dQ)_GR&^urqcPdNMD42s-kzyE3j=g5HY*p@7t;Uw)3s~K4?`5!#bpc}
z;i;di->U<fL(@!Hp=(?rk4_QUc;hNxp$o>S6uXUWFV8M=QhbU$RQoQ)o`WAx@l|{R
zBS?oY`3nspOtAFj@-bJjs_EN#*0U6!*7|&U?mtAAuc(P(3REviZW(8<r{Y4;mnve=
z8QpCdbmP-kc-70ti$`)ObEF{5Ee&*CL6?zapJ4;{8T!o3O~%T3+j3JTYrXkBIs%@A
zh3RF*UNs`@!xbs5vpl7Q>|_$|(9*!=vn|@Ij9X{6p){eyN@fq23^mn98bqURB8Af;
zx)Sk`-Nc%<4oRlU{9)ZEwVg*pL7ya5IY;`&<jEFfjGh#NM#qWRdp#GlH3TJe9!8<}
zfqj;}cNx)dn!YN)`zqRt`KmKvM@(D>)son=dbk}~Z)iXxONKXt-BeLDGY%dl#?mv_
z4XmZ-wgjZ<Pg(f&WJXs%6K5zro3)>g&X4h*p!lwQ#b(E-F=G-j0b@>*V&toPSGVVx
z^%Mx4j&^pn!qNnC1h?;@VVka`Z`<ZO3bxsETNL0o6J=|&wx{u#z4AEBfu^1L6GR8b
znqSs?*Y@2uto7D-?L=-4I8G#}mnO%w`pb>1j(Rutr8#y{OZ><M^~i18M+N_EZB|q@
zK(L8B0W$N5uI}W>JZE@|U67S$t<+`gF;^c##wuM(`+hR>Z8M))%&+md5%ibh+4z~^
z50xwhG2}}JJ!h34=_XY7(#9VcL#r?CNOs7fA|)Z$>dq_!JCVV<yz!+s0l_hy6coSS
zIdD%K5-T-lmV_{<lzn|)U%2+el*cGyjR+UvpySkC-==dO^Z_7E!x9tIAQzLkvLNAA
zyD(eVs0<VcFD5EyPsH*$kXcE3_zgg|2di+pt2+{v9xqc*9HH*GMQ2~cPfyv`HsX+w
zZn;@cO$OI&mPvXP`ss(ES>=^J0F#`_C|v+*2P7?z$24stov^m-ZIVZ1)LsfLjE_4{
zoyXcM8XfUV;(PrOJ_7hn*mRM4#Ul1(#xeGeOFu2b9hFkd7B7j^77CG2JrenC+ch+~
z;hCI;36Y$}aFP%AA4(q%$*+*%{8GD@ri0091>Q#d!Y$ps?hoUSgPj-;(%E;yj8t&S
zcLN03KWuigJ2~wYXLD~9*K=GwU7^!hd&i-q@hQ%|E50AI(U1o9b&}l@;^+!pjL(v-
zXdFA*PVzbmE*`6dEy<FDD0)vddmQo4afvhNTfu>4Xk`L(#oo=a8JcJEA;C+ct&3Lp
z9b$PMj;DGmb38|m^81Hm)lPBhthilw>po?Ru`^|F@S%f#*>AZj_ifGWYpmUwJNI28
z^E8$r_?#lnFFgo3wu{Fjt%WJnrf!)&e)!x7blE8ca!Pyf*o@mg;zwze+VF%nd_m;n
zT+Ucyt|pA+{uim|p&tM`u5aROGtZFz2VP!BzrEwHci^hSETBTL<*_(l6Psm)ZcjUh
z8DGz^o5RJ40(Cz#l82{}`Ahf1nzW)1(XQ6~t~fkuNP6yhu*b5qb8Nv&Un;FGciJl$
z_f`V9b(|NmG5YW+J6+}1cv?HxyBE(FdFhzmcx&l@#P^%(XEQk0eXX9(gcRJnfgA<0
z^;&4Q7G0V3&cS?0k>0KrFP<rb@{9PTHGfE#m9uY1pSfY!EzbC(RC5|B(IZ`<75VKm
z#q_zVo3p0@(I<=-s%n&|d2SU!EO2rawwoo_44SZR>n1g-XK2(iN&tGnCZf?R;Tzq;
zHH56$o8iKZEW853#xrui*K1hja~1t<B))!dxfMCxS}R*D+*4+z?Z!SsxPDfw*KR<T
zyZiG_E`Nve$Si=U{&coZZl#Y8dya+9R#M;|*pozrl^<=fUc*9bdBb>PLavqbE7|u&
zb(Ri4<<ZkHqlq3i;r%)G(^f;<y9&2>X$V1!?VHtq0M<tM(0il}SAf~$ec)rGNMOHN
z++h5*y7qaVCP6#d<AM&QwPbRJr-xL20y}4`S$M6+qITz688pZt95zmJ8EXN-0)FNx
z!#o@}r|eH65&gm$0^O+JxT(>V(S(R_N?2YW5{8~T>0{z_Yer1DUg~Yu1axl-%+v`P
z1Hfz$s10*uYJJz3yOp1c6e5o*^wDa}yOwlJI4_Og3(W1VMR@n%;D~rhJ|NQFXgVlF
zjYjt*GDh~He1y_!0ybvsEH}j`P50=v#u|6wrkH=y)-uh``PFhn6?=L(`9bb>bM%%S
zHCnGYxQOICb+4y#A1`PUd*dS@{L}d}SXi~tk4qM{5L^n`Kr;99f%oMQgg98IIU8#*
z2yeT8WTH#$<uq}Guonqc$s2El*p_py*jii)LH3$LrSD$)?O9DahaOv4qTAkwN6^0N
zHBr*V<@fk>=g%(%+nFX-!18E9f0_ps&%9b&M!wTzsF23@9~o_BY|Rw#0@Jq0?h5YR
z6C}W`Xh<M|1tIUa>ooy<_xtJa*M*pF?F&q_kv|)JFZquKmG<0u1`;Q%+9?|}M5_3B
zC2_ZfWoCQDYV$E0?zLKL3)S@+1D+UMgg&!!VugG)+w3UQbSC;_cfzX?Tcg;zWpjjW
zq{Vr6GRgkWL-_Lg(6;Zgg3a>#O<COJ-_28JYKD}1`}Kt3?rha7Y(npJD*dILTP*Zw
z0P~b^+a?@8^XFIF6;ZK4!rtGZY1}gkk?lOlP^pnlRlz(Mlc|6UOT6ieJ%`3=Pmdyb
z*Ov&2ZJz{PqJ`aKAIkgBOO9kU%U-g{$p~_Y?Fw6E#YT3F4`^)WMg|5l&Cr3*kGS1v
z71T@&_RY@QDBhp(1v`oOg^K=EW2s$k{l*uTjynQiHsVi;pVqRYxBm*W(&M|Sq&~S|
zm;eqQZ!7r@EGxD%F@lh|Do`iSn`vavS+{Rj7<X~aK!3?xGtUH(SQE}osDAl2JxxpG
zf8S%LJZVeZYOih%iBvq7<LxafqVc%00yJx^dt-BO3z~eJ$L1v{tTMcxW4@GyqDqu%
z=7`_@S!teB3L7t9Bc7#S$j)QiJL&Q3GoE8!_<y>AKP-MGs?piYnabeze9ysrOGYpM
zw6-M%I_TJ7nVyVdm^9E=`~s~r=oxFY>I3MS?(n*1y~_5Q5@P8R3tbT`{vI|`z)a$$
zxx%V-17daQdf=kZy5(YrT|UFAu{!9OC9>Gqqg4AxlIlYGA<$)u=RQtuA!3S6N_jyK
zmVS4Lj8yc=eclVU8S0XWpNodV5CaClV6OQ5-#GB8V|=O-_sprLQPg;SbS)lrAZP17
zQl1(%9}*MWU;hI)k6PR$3~XQ{qbr?1pyhJWvZw7eL#P<TzsFBhS3w?{!H$2uU#+p3
z;0s)qDi)G6A&rLjQW=7(Jyu`{pO(&IW-1)Dr_-PQqCv<i=1Nz^x6k8Pc#&CxC<JcI
z8B%R!BZ#&V>|?wwN%t(P0;O9H4{kx`QL)5YZ`ITaW+C$l{SD`IB|YXa27d*Dr<1O*
zomAqR=RQxNg_+Z#L{PfJ@^4}lIItm$k6U21cvg0T9m6FK8RwbUbB_HmTG#K26pzX?
zs*11I9%ymaHxirGY#Kv>&GI3x2MxM_WHlv}WFZ;r^X%HYp!i?zIZW^`&aNBQ+>!ax
zxyb^Conl#Lg;|S*yWtI7zZPQRqqjLhOatu7T62fW#QjnVwnTTV=!Q#((i0X4<tFTq
zpn1u9H{L49wdIm<;KlSIILd4AsA*`{ILW=uJ@`}ZcQSo@<+ns<W}xkV8S%DLzw2@_
z=37XOq~1WTPOYylMi@7@AZTo*moHs`x^zm`FFl+C(`EK!er<Mz@lBp5_osD%b#xh{
znyw%>RW&U83CZr;))A$|xfuG2B6DB&MxbDykwkBf?W0=2E(l{iTOw!_Rw{s7Y^1mz
z5rFrM4LOMTvnIx09SBE&utpAjmL20OK~ZS4;ElvXMWUCG+-p2hdxKK_j<z$da?0bG
zbyw(~0x)>R_r4A8jKlu=aDY;Zgl~)*VrLc&wG`Vo=sZC%i|j(6rHiaW$F_ut9%dT+
zLhJFBrhjU#8}tDg;LB>My88-JsTY3CtL0}_^hMsunMf(!XACMa2U~=N1`ipUPZRQi
z-04n`A2AagNfQ~F#9rge&Qwq|=SiVFz6bjD=Ho;#_{`9q!YM+7NJPcjF8KaUQgn<5
zG1Kok&6|1IO27B6l;1x*v74Ja<4#HI;fX1rCpWsQ+l!zYuHu32pnzuHQLZu2nNDu?
zVkPi;&J)?P40PByA-Zu6^zHdZ1b+q{&0dG*prCBtkyab_j_voA5nCVT1*@<vr8m%-
zWH#smrVwLHvlnwf2;CSxr1(iB$3w5Uo8=q&4$Cq>Rv+U9`O=YKhYJb*cc}K`oPz?u
z5>xVTe`3Cp|F-f^3GA=0@9IsMt~Sm3A`>I880lJ53tLZ3#+8l2_6{h!5vle<km^w-
zT_r}o&Cnp}h9S3qp)SFDB;p-x(oXucTdAnDGA6I9jN(Ve$XdcR)ZtZvpKNXyz&3KK
zpz{1&k;(-min0}xzpJKU%)l`tvTTi~!n%)EP%pS51F}M@hh5NpbqbLnug9hC!CeKA
za7Co_5T}WeO|qgfualQhWh*PRGHyzp2L1oKhbDiG@T*PePZj+uhg(+444*zjnP8Ue
zxFiB?=swZ5t9DW6?&^zNxfOiyr0d5F+AhP|_ZLiPZeS}IN(Z&Oz4}-7=;#zsE1SAk
zq}5;y&=B=+CHSkCh&=ttS!VP&l)PlJ!72jN-3!}5mcX%O3Q7MRZf%8S`_tiuZ6rfj
z!Q&kaP`g7P?`-mhpuyW@h76*T{9rMxEAXBuI=!0Qa>^KIx$2}Ts81=8q&cmK!?4?w
zN=U`sH>z5Y=wK2y<k>b88a{h6bn@)pr`7U!%gQ=3@`(WW$oBkaN@?OqbZqn7{aY;^
zZZ*T;UMU)G(5)}Or}9rU1W4qV<-wp<+uQ+a)v?lOhJ$CUN9)3|5KH`k5#-a1bgS45
zcdzk(q?Gda#e?;Fv(WQ@VGsJ%ciG4~y>*&hd{T5KNE3tUc9TL8{x8nXDLA%A;j?kl
zv2EM7ZQD4pZQJ&VZJ*e7a$-9tw$J2$@Aut#n6GN4rfcu&e%LSl(pA0pTEC@(a=nW!
zv-w|^QmG?2XwLvOY~6C_p3r&ZS8idQvpJ;_oJ{|}ET!6iTT0XJ|5!@bHj_7aT|?H)
z(6Xv4V-XmhCF2nqo>XRC<RT-Nga@aT6pN(U9#|SV78Tbi{Wu-+QHE`n-$UZ5*0OC{
z6)u@aejZupxaf8UWE8gbCO;oGgvs6OS-L$|XB<HS#<}b`x^II7G$c{s5xTUBk!p)~
ztB^7}HA@+`#5hr&taV8bj*27g$=5!cHZ|Cw4ZgMLS}P3l3%z138Lf<Zj`)Yxy5`XF
zI9R=#n!}DldIIPF?I^AP<0#3e_<lP|Yc$ecRq6a2qc~lqjWD(<KDc!c(%oPfbx-@V
ztH=3ePjL8XEDD&o(1C2-LFs`daPVEIvRs^Y(}-Tb^S#1N)B1p{4`&r^i7l{1y+0dG
z5p}t#;fQ~aM?-KC7_cv}NXcB#S0$ZD@E9eV{^KZ(1FKW<qSuQm{77Z`c9f)Uzc<vA
zV80zDg~+%ky3DHtbnq2X6cR^>Rjxium?EbBntMADBP;b|nL0Xr9VR}3_9A@zcv6&t
z^G2htHV<hhUi!~Cl-b6TOO!3EiYfTg)bTy=(d2_*M=Z95<UzeMWRTLDKJ)nnZ{rN)
z`~Py3vWZD1DXV2yyAom`!37?)hs?zWAJUF0nB3aw^rB$qkR;l*J^MD*pu2u0nf6*n
z_c)Rg^K6NfT!j%+9$4Aq)*!=4d~c{<o7yR+Y*v>1%Tbcsg-n5siSA5JVo;RMtI_1C
zZ`5xJg}rYF8N3abewcb`#QNS)*Q~Zm*FWV=jnP1!yf95bkuTiW%-|uS9Whf9b^PxQ
z^+^3=TF|B}oqJ|(j>SFc$SONUvyxU9HO}dR?+ta(5*LVeY+M{Sp_ImAI)H>ut35Z`
zSu2??Oq`v)oP07tS_?F;R?$!5{_#z)R<B461_rA6Yq)B%v@Kh9YClF_PyLdi56*yn
z{6}@ZeE8g9mw{~BxqRU%X@)hjuo5mqPO*9AIm}5~FfqKT=jkBI0~h*0*&9mP8`f1U
zyY_LamXCWWyX6*0t09`fS*rJ+uBzz=S&s!h{E2(8aYPhYB6$TyQb;sPi4Tlm&p0j6
zI%(vc%P5oGZXE&*Mn4PBew83H1QPH|7GeVvICGVKtqL}0h!|(~NEU=}#BMbvvAW)l
z0bRho1xKqKI|%uJaOLn~xR5DGtemS=DVhHfBY&es&1EjKZwBJKI~?*BDVj>!&Ut(!
zx@1XUmr4|GMG(iR4;`AFdzi(_iX)sIb;(p`1}(eAM%%7SjMftDX2AG6KOYVO?Q=1=
zhK=1cc;0feOcqde$(zj(il7;=-=yRS;(ND#V<O>&?T$1$X!C|JE-X05)ukuC>zoSW
zJiw;v0ndYC3J)#(bA*~SqbON$&{CHbXMK<7@#CUhhy(J(ChuMs&cZ8FgadFf=1hN=
zQ{~XuLH+q%@Uv_Gv~w-X9+otdiNi4CNV*zh-E_L)+scemWC{w3q1KQ!hP|I6#RQ{;
z`lv@H<8$hJnC#yBQ>=K3n1b>yYlO-S;`=eX$__Q3-tI2yn<watZ}A3XuP;ok%KUqm
zc4?QEhI@~z&^t}=nHJMMV0rYfX<C{YpUzKDb~i)8eH+q#86S9QpSa<CDLMZ}M>No4
zDHekS^Bz&d9{n_M%E=(k8;T`#$zTQuR5NDIUM>z`-gMKl8kdE`vH>L0*J{L{NJ7mx
z<w>uxzN0cqBS{sN;$`Lt1kbB}?SDv4eQKSo;=p%FW7|=tXJrUyP{d#(oz=A|!45)M
z>)YqkbDiR8QHymbAIF4!<7uVK!4sli_L4H-4V2`g!#olYpM#KbGmA|QAj@5t?H#2?
zjU~BLY-B|w1<+|0<A*c+FfmWji|V6G9!whSv~_bb{l=PIwbqQMCNQ7LvQms9$$v6P
zz2RWd0z-71hA<_Bn>OH!d@jVm@9Wx7Wtmo-;>d8}gw}H8;A~6-bXfweH&i!KeQI)F
z%vl7g9S;s&bhAW*)>E-<wAmm#vH5E}8MI7m(0$<IiVC@qJK~f71Qn-V6^c69epjWk
z&?UpOnN&WxxA2J>BfEK7XTZDSzEk&tw8gX*HV(<=BLQ4XX6XY^Xv=-66LyVAh=_W%
z`^~!Qq1FR-Ix{k4!}VwbV_HIb72Arklr-QRx>TWcsk?-{=`aoX^oQiOiPK^r+0jE-
ze~IC>;^e9b*(<n}q2;Pl3M^AGvtH1b-x7H7(dZOIHJhM)Em9G!O&|DCi>kEA!W>H)
zd@Zwr<|fmb(N4*Y+Z9luM1I7?@kaWy8_Re%B>NM_d>Bo2>tuKzge{<Iv9pRs2f52s
zw$-9{xwc%?7>QVK_L;O5V6;-5C{}Zf#erQGHmvt+a>CQgw8{t7tWF{qPe!1mi=y1?
zsO`}=9$x+F+hPMA#wBV$=Pnto6Nx7Xl<$IH)~A4Y%?PpjQ4P8S(fB9v!pk)VUg)(T
zK$V>^6;8RdUMQW)W^4+To%k|#V!l&}&x>RKoNMnFlaqpn6SY>9tJ+19K`ie~^^3<L
zAe37#gjxd<qSCJMIu~fhH~@Wqv(ZzMD$Qo%0e>czV-K}OicQRRK|v{dh{{Su+h;8&
zz&1@%8n{s8bQ@kT;8YPjf(Gm-&1ySJ$a)e~OQ?!Ia@knHe7lb9T-5Dd+-H*Mh3qXL
z!P`0lGd#6MS#eM}<BYc4kv`C_NA9A?R#-Ec_tXl{NUYM6jk#0X)Xg<ZM0fDvSC|5I
zLlU`xvZvfjg<yheSSCg`L2YD{RE16*T5_6oXz`JDm7(f8iu40es4*@cm~E}edc6tC
z)E_6={1r0QR|%@76Sw}});|!VZp*ur-($0m4mWg`O41o9a?QUgaG~|qZe<-LzJsGy
zyGaLLE;^&`5SNPRp#sopWbGsoX6ca#StcFg3tu(!g+$*E6}2GU?yn+-#ge()QRPF6
zr%fW%Q_pAW2@|o3c#w;){qrQ6O#Ah#946$;j8mt7sX0~gH<(6x1g@EBppsvRp&%d5
z??n=5+|81Mm3ir6AwW0=k4YKgc_C4T+E%^csoCM3-MlrSkW&h0eHD9pbhO0@a|a0m
zdt~})TxLYS@9SStRL+_7QtPw%Em64m5HO&kyOjXMvci)sC{+ox>7{9=dcFoC^z2kr
z1btb39oI}y44V)qRRL!EIyA*>i46mjWBg5J9+u4N9#|;Gpu9|OW?5Vb@-_kIi>Fbi
z4R9mCViKg<uo;6Mg4=X&9x!l2=*V~-5dExfmSXxUgI%SiH%8j~=+YAc*aoB^sy1&@
z{JaEPLI`CwosDG(WQHQ5zu4rr?nyM~_rg6?nl|dG^s_3$RpAAOM2&m+MSb})<7*WH
z>Lj|0&kiAo#CHf~DIy^>HA*8VC{JUjrf{)l5G7fr5jlcpfnm1MZ&}0)piq9FfOQL$
zO(WYI4>TnUOl3bfqLFn;?fG+%g(aRmXM^|Kp>vZ$qq;lY(k5QRz+S>|y`REF@&Agw
zCUGN<@YL}l*eZ>LX>;^NmGbWtW7s+NV`aL!P(@m2rl!5>U%PU%Q}ojvTD?Kcwd3GY
zu#ia1aQ|_-*?;=rh`c$>cs*hHx0CaE_tXI|Ky;CNmtGEXGc=fV{*7MW+O%jXD_Lz5
z<+X6P#bD_;RW~~4ddmduI7CLn-+~QSPJg^O%pA!-1NHV=i0OI{+0}^l+WhV6*mf#T
zoyomy!=sIw_&SV~A9k!$N-z!LxjV90iel3mofKy)eKkVj%USh)c6@*t%Gq|F$y!4k
z9XcrY=L>%63%>p>U(8va%kc9})L%dZ)!-|>`4}bV1%MdbzMfB)yn$jGqMG5U{B6I=
z$-qZ#9^;wjeINKD8ZzWj{^rKI0*{pEZ?L+N-RZ~pkT7{_)Yc_J!tzgc3x7m8$=Q<r
z=#qocgGF3ZhChqlKKWN>X{*`WW!`EeCUvB8t0dlPe0K?(BnVVqhuIVOo|v(J87(6z
z{DhVzjCZ_39@fiHVkD4ZzmV)%rFJF2$MKhIh6&W7x)cJ|%iyx!kp~(#c<s=RSEjf#
ztt9yoH9R(Q5Xg=-IA;%5_2R2?Pi~uYb3Uh>pYHPp;U}4%%e-g&Qco^cJZAiy3of`6
zCi3o!2b{m8*Wh-<XJ6gcC5faPVg62)RS#6N1|P6~q^!3q+<MP%4&EBK_t^;~^z+o>
z9is9D+~F!tIt!A`2FBdn%JP=x0Y+4ft1U7b^5#v^W-0aCk4Fws6T0`c3f}XV;btvT
z{cdrcyyg8CMFa9IkefiGrcRtgoLrtymUC~r4Be$huc0e_FkB9IE(v5K@KG_&BcUN*
zfqfE`_%iqd5Ufh?gUeM9i6IZD_`>$sLYRE!a7Q$NaitUBwL+5%WmQ%85bHoXIg<*D
zD;y+~c?go;$P%v-GOI`6!DTSvC8`z*BunPJ;aNHm?wy(rilzq7oCws1X9m~l8U`y*
zUwyf}{PM+SMOQI0>KPb;^~dDb9C5n|?Fgmsx+q^BqSrld#g6)X0a!gLnUwe5+zb>R
z3@|#vN(Q~O*Q7l;7wf|j+F^pZ{&B^~GEJZzKa!bYduZVybT@iz&`+;V$wm?8y8Q{^
zNNdIJ3fcoXqT7*uz(c*oUdeaW?2yJtdc(%*s1gknbcA|Jd`=3-e6|OOL~cgD(~Bwo
z{OozTX%j+^k{}*npkfPw5-*O^^3#PkmIqm^@x`-Ns|FILOjtf!XJ?OVngYnS0P#Y6
zxd>de9Y4q*{3CEP3rD3>R-yPxaK4ERxB_sd_<@<D4Ov3Bz=~J5nXQzz<)+h(3j3um
z^_#lh<r09u1=V(WHwjR8(Uv6dh^mQ1Smvlx*>(9jQ%mKjvKn6=6i#UH!K(FW%ieA~
zJuYtgKwttxlehLX$^@U!W}QF*+Fpo!2ufD>JIcCpD}hnYYa;W^hhzlH!*rM4CHoE>
zP^8}hZD-ZIh)-juG)_3zXK3iFz-E*Z`iW>Hze?Qv@rlTv_g=b4VU_>*vi;w8IRE=4
z_Wj|XqQ$o_OZ4r=G6I+ZECAMTH&zHB4^Rdu0JH%*06l;iz#Q-cU<t4S*aB<-4ggPp
zKOhVc4hRK=03rdtfCzvWAP$fKNCD&k@&M(4N<agk5zqo?1GEEv0lEOafC<1PU<xn|
zm<JO6|MPACqhS0`p6%Dq`IA0MAfOoP|ED&IgY~~f4mEdHUA>ijCfG2f81xXK2joH+
zrU=S;??`souzBxjeH5W)*$8@4FN|*YB&b4n<Ze+?q9psnTfaY^f4#4@d%d65-rF|T
z+;hDRR3xB)b|VusQdH9Km(qcN0@S`wyz{-lh8yvYBHK?|T|6R<q?&XVq=ku*0qmnI
zshGP*Q7-SFdO1Y;GjTKY{4?mk)mL~GF?A4{b6LKxK?`*nZEF!WfvURz+g8VHhC94|
zuS=a6pFoIwQ^=b9*{&=4`-#$8B1iDz{Axc+$lJpUaif5j&cRNf(wM;lCxs3hBk!WO
z8)|;W|3Fv|k8W<Jl^#8ho|7(+W(4{YR$SZj=a6XaXB8QP0xN`7{N3Y?ORp)hBPmWw
zOEesGjMJzl*G3={r3H_IcLL8u<eq_D``2HoAMpe2g`0eY?JN#$jXksh(kn1$0gX>f
zcf!VVzY!GusN1OtYyI8P<0u83G*XhmC)O6X5T1Lcz+ByKyHK}2zrjv+)pQ678U^cj
z8kVaN+<yO9`j;nl{3lX*dUk!xrJdtiy}Z%hr}jXqU0oocF2Wp1_?MIMkw6qkVnVJo
z-1sClM5uJp{^D{Y2Tx2vO?>fMLP<IwiHt0CM;%pt0!qsAat8^aMD&7#&=@e{G4Q?T
zJwh^fGECTVF?vdm4uFbrFfbi>g^{}<XPt$<XQJQ=&0>>`3RDmrL>LALN`nLMgcT=a
zI4ZnEKsh3#k0=HdjU*K0&F{dtad6<j9=j?7Mt#y?P+>nokoqY0`rv6n;*o{nA$!t4
zAd=r8f)73%Ta@>#LWu-lII-1X2;fV0w}6Bw5v76V%mR*jfmab<2tkBST{&+Mtt((b
zkrPey92+S21c{-ADB(`wp`=Bk1NwfZAW~DJB}6ErLI)EW65`%F^@sgPNCu587cE%w
zZ;Qlkr;aEGEnsyJ!qh=b5l8GNA0>w`3A`1yTn$K1$>~MKR-(LA!(ErLJ=)=PS&f?%
z2MZKkk=o<b@Bxc~e$PwL{nMyE28ZaDiD;JzR{{wTwi^o`TRRkTFw&>&W(14l>HljV
zhJ=xi?_CZHg3M$X=|B=vze~&vEv!YqVf4B&1E<R)D_DrrrO1gR3o!vpYWzk65}8p)
z{&L|IBzjZD)nPCb84;TD(MU~;1WvS>iZKB_@OMRV%n?jI1exo!ZYT_V7kLK^DAJCY
zQb;oZ!V@YX;*)@^RwZsS?(2Lnl5lgh^v_wX`|E85XNP`mAg7>1z`kG@C_elW=iDyP
zP#`qqI!z{g_@BQ?XLT>IoQ(QsnGS|M3r+idZe#{`Yk!ZtsSc>#zG{TPAboJ{^w+p*
zP5YLm{m?+YTJ&23%fg<z9#Tj4;_ORXN=nEU7Lqp2rj(Z_l#lwyBBGY>=Af>F6NOq<
zbwCZ(&|W|}w6nivaX$087VOr6ff5C3ODa1w|MCb-s@aTG<@~JjqpG`8-W7Br6FKDN
z+j6AQ;5=@$^5(?>8rv9ry&lQLB_yW8bib_V7Fv@a7y&mC(}9Ep-*gRb+IpFU)Vl*X
zy8k}9ynrG^#6U!E|I|3yKaW)L)J?jv1wzC@U6{POMsu<RFT?}pZR6dnvDYH(p2N)6
zX|MV{0dwF96D+>{cCB-h^hkga_;()s(kAw{QRs6t_Q2oSx&1JhPq%BcMkx;H>~D9M
z&fiB!l)kM$@a?tNM3-~zvti7-FhFBWchj^iA{5L|rQBs#{sH@Z^X=opxJF6&^WByL
z*z4)`dVQ>zML%opI4jw`3RmVH!VtMHSNF;l*8%1wfNC4ihj6V?0!A>wVOp%WGps7k
zgj@x&>sz_&0Fa<GK3doZxUz-Rhbml!fwnLoeuT1}N+t=u<sShFH{htz=k3#VFGZUy
z53vdRaZC811}rudG!JeIrnuyUiF$jl10{M00)F4lAhsQ*7>?$n+WD~po-31N%lhx-
z%{&Kp#&1S<lG3}u^a6>DOvNamW*U=cNrcTVpv5?KKmNsAoSCb+F{j*inPLJ~oU0WG
z0XP#uSRV4a%?<#1(9-G2tC!2cr$ARD?}R%Pd`Ej$bDQM1{ik1hyXZYJd?(M1QK&75
zzU7=2-YaaLYhB9h41+GJ#k2L*4CjD@+kD}iF?5t>tS6!Q<EqExwiN$*y&`WzcYPo-
z+HyWCkmPTDSj3{MFUeDX&b<KN<m4n&+fg8`=?xE&oA5@1hPm0k8D2{0_Ev=9U|Uc8
zMdH=0e`9$;X%+6GId`TwIKvFF`C*X%sjyr>!<z^PRg#)jX{8x|NMeY-A&f<;PMhE1
zV9>(T%oruEzEGt}5B8%^#b1Y9_WeC57+a^_u`wE{D(CC?z5L$FULD2+7rtf*1~Mi~
zg|i8{g5nsQ9P-F46)RbNsEb0Zc(Hw&XhqQz<-={^GBOChfuy|wSB|XwfENL;>q`2z
zlj+69m6Q*0S`34nb0!*dqU;xGQsxIb@Q5w3B7#be*Msj3+?wFouL)`dU$Pi}6qxQB
zTOL8~BZzIP%K^diCKq4DShl2lmJ*pUa`*M9SuUPJbGl=LgjHZhEtzusQgznKzb#Fj
zeXPneC$^$H&TiXn4ZmclS`~Vvr{1wNGbu&CXGtRZy&~#P;Od9=U>c|m)yL!_6DpMq
zevcdMcb-MKc)_@}UbF>0t<(0;f*aoF4!x%$?ya2VsJ^o2%r{Z@7q8O#<(mOFt{dga
zN{=JiHgqj!eqw5kZChgr7&@vQZ9Y<G+WdekpAyw;moW7GRPS$u2?TowFXSrS*x#=0
zs&m^nDKOFKs7-Z>f|HJIvRLp$2v@h08&N~qW^uFk8B6~9$+7fFw}s*;xA$ru$rs4_
zaT5LH$bo^G%`C4E-HH##!-h(FG0Au=F43|k2d=&hHr1o6`SOEW?Xqx~i60mHhC5GL
z7wxIA1=Z?p>UjHgd?FnzB@9P>(|1FR&ge9#AuE$Dxe6mA!sR%+ivT^ZW5+Y-308@)
zN#ct5Ez0wER7nqM%zZbgjQ464<U&myiXV?QQB<0+vb}n#ESmIWa7lOofIHB>^hv!s
zs&!nZ!!6Wp^jBgKWMl(+a09w#R$`QzhDcO+WF1a%-8E0bYsAcrIr-}fd#0<q`k@ue
z^Tfo56A8?WY+xl@Rj`aMjT#o?bn*5_$h2iK%ex1d(>OFkL@GdBYmAgcdu{eoxf4!x
zri63>aA069$ww4+<@0<z)=}G+_A0VA6fWY|<*{#uzlGgpU;KUB$tQ|6vS*Cdz==FG
zRHP8nAkM{MLWFr=sNTL?#iCLFZc_9a9sqd1rG=jnV}rO_l`x0|^C=U!b^mLMd*HG(
z`g;v^QIuzC84+ni0JK8IiAU93wJojA(s$v?gAXm1zRBV2tvuZ*4Uq@l1E-N~cwF<|
z$~sucIKF^YwmfHM%naqq7$&~xMO?&97PMAfa;+o3Jz2Rnw=3M|y65GwWH8(fZk;%N
z845#PTaS&#F+L-vUpkwRjOb{%XLFdf0-@%oLKCw&)lBoC$%OEPfGBFu{14qZ-l}8u
z3<6_EbBd^~PLyA5oiBNEE-RijqnWW~O*(c5PX!#A27TFD`8jJr%Avl~H>cky*kH#B
zPO|GpXlNE?4^)EZ!rPkWvj>O$eVIf;ksoD)LsRn8GxYd*4>URhwA~HGQ#<-r`BKzP
zC;DZT7FPn;Hf+KLfKWV%zmX1{_A#8EYPq+IgTlU>?=ySxd;~+_VliJZ7A8UDFN4QJ
zd=3%OTD_*Z_1iI&>7?=BUEz7Zj}Ft>VfKEA2*>XvYhu~Q$+*Vr3K>}|*7+l_=lF&b
zwuDmx^2RTB1G)3g)4C2<(F51bI9j)(_Laol--$o@jFwC8&UK9q#j{7P7pk|~g>QjB
zf08ejLfu!X*4${U31v)(Pu)<o5xzGJwq?~$W~GAT&0r(j(w7!gaDD7ubCDr%LAJRi
z^DIKA3Q(BvT|b3QJe4Nw%G8uHd6aR(;q=bh1m)j~4XaoASL-i6Ec{lYBVt2&C+BLt
zV6s-fpCLKPwF7ToOMCqIEe)l#%QKrq-gCJ(_4v^5<HfMtpkd*|0u`N#2$NPij-lgs
z^7MuDxgs@^LJGeo8uod4_O9S;Dq7}$D~(tE5)b{uYR9cpPiNk_HQDpdQqkGaMZqEi
zi*0knmVqI=`8_uJMrp$C8e;_47;ISx0`CW<C-aaE<yD{DLHGs?O{V!c9p8Cp_{%)7
zQ6Qcg)u2&M63V!b_OrJ7oPE&xAc4YGu1RalapuLM3(xOrX*O*?puJQ%F?-y01_Dl2
z(KZPfsP$+nqxJA{+SZO2zetC?NWm@BqNsr5i)N~&FQwlL&@p$#Dlp*-Hp_u)KX+|<
z`o(67VEEr5y(9ZW<g;E)(mX>N4p)4I*+sIUO<v8?3HXJZ@nrSJa(=ZI*4;*^SlD*?
zmkko8;}37yEhm;eQ7q+HPMMOG7}9(+4b7jNIqxZ*T`z<HYvIw=T8>+tK%169r}%(x
zgQLO9ijnV_9u35%V)rPR^*Omy;bibtnsMnyY#&GcO?nwK?AdgrK~mqcUJ^^lS;;GJ
zERuYRc2zyxaI!j741Sd~)3}k2N=NT9G-qQ}U*%w*tz#PNPZ{R9-32y#k7(r@)qepA
zq4nN>9)a3Iin-8ebaAe_7%8wZ@)g?Z4lszRk;K^iyK|Dk_o#HTYyVq4bhkKj^XW0}
zDSM@w=7ynNftt>S>XTULa<;XC#>U6{Z-`>{V(VYOo3P(?fA^+*-Y1eJ#vk+JWXF55
ziOEjO<oZrHpk}94)BVQ~^ClhYq#9H0*}5W7K4wtxGPpOyt`bS8Rr|c;zrRKOkXj{q
zBomYx%^!W5DwNIV^NnAxTroEw?9vs}N4Ll${uwmUcVEeLo*A*-Pj^F9TOLdwEN@}e
z`03aT#%F0?ZR!>Dd#=rj<IJ`Tm&mcM{u9!MkjFIdJ>Q$Qwlflj3--?3?Bt)>zQs?h
zU&L5wG5p|I%ZmY&e!aQtqQ?2b-h*woR>A@%rw9wiFNZKbKZF<rb@89B(578CA6;JG
zD)^BW#z$c4Hysfu>Y-|Wmr51eIf*u%UuL%Xfo=n-4RA5UoyRss{IqQN9Yj3bjTLti
zqH7@2S^WM7b1*J@9Ny4*`66?ry(i684WpVq-V~|3ysj-wfFHKe$5xp_g~|O*yt|wQ
z<(66ZM{!$lSw<A+?Yl1Y<W0B(p#Wp3uWzhb`Luxx_jgh!&`Lz3Qixms$Dzp>EH=+b
zep(+|w%CZ;gVJSp-q3DZ{+$eAx?ahCdg{-<!fck=a*Rc%<UXT{gp&S20P;wATa5UJ
zSZ-5GRtxAGFt#xhll6Sda}<*|L;w*~@!46f?E?3{uOq~d9R4bGZT-j%*Zel`rgJuk
znYsLP_tn8h0LW;i*g2HU)=#1%b$X+i{Q9SJrfaLhXIaFN!3j-yH@wj-?)#8q{hphG
z@itf@f<m86lS&Ino5qMF^h(SC%2wfQK3Dvw`Ik)FGWyw{A#~&8;T8-4mQgFh=RbDa
zc<cUb*vfQg!!(%ejQZ7ovbkFb?Wlh98EG<E)$8VJmnv+w>XQW#60_GZ1thMs92!=8
zx8!J+Ya)0J#jXv<itCy@Vs!`3oBx^2xQJpH-t*59L7y~-ugU$9_-Gh)m6QV1h|`%&
zs*jp#Z}R=b$e&-!<xEQ{86hRG%`8@c-VHJ08z+^vJmNxAEq?pe=~TcjAlX7sfmiq0
z59`}O+Gu&9Q>K60-Bzp(Lb~6`R5~jl&{HJ+7A4BNe42u-{L#I!=A@fzRiKad+SmC6
zlQ8jfLmR*j%fS1);mSIPEOWZ}8Gou|k0Z9B((-X-`bW>xhfZp$p#1oNrH`ZlsbZ0O
zM3mExL$gGU6AMUoi6f{(dO~!UewT4=y*k=Zi~$b4sdCmxq=oZm+3wd^qCgs*4D$F{
zQ-ymDvK6^!(h+ubAQta*l8A0ysK?aID<Rr~i|!3H8?w)43`P!Pnh=N|SopNju9$(e
z?bPWKy&gPCcJ3;!b!vnsa)zbmo+{d{TMk9?s(E`Au8^lU=f&dPjCX0+nk*z;9D=+>
z9l8v%AeQx}JEx4!?Y7FOo`;2?+%xjd%#Sm~NQu52Un^h!k_v_^Et)?JI5FgL`)l`4
zi<?jylvYpz^vs2Zkiiz!Q<|K3d^^4P$BVV9bosiA88!C^JBe&~qRG-jMLlCl-3Bs%
zATb{oGd3LyGDw^N=u<Q<o=ZGYabzwr{3AvXaHmQG)LYsbJhX>c#Z#10Nxcj%IVl1y
z&uBSd<-Vl5SplS_KY1yR$^Zw>)YqRZEev^3oWOhp;oy8HQpAyRN!MPH0(JZJI2c7W
z;Qr02z0{%gYOD_LEJIUNlKR>v%-Q}>J*)gc4Bo*RgW;N)eFnBXKGqMhKdPfD9zMk7
zM7U+kwA998Zy^aU_Z?}%T&m!c={=11%L%rM0tn;T({_xZ{1<m-4`ApL*6FehxC(uw
zbahrQ?OK&IxT^%{nSL>qe5Tw?Z#9eEgiO}&j^h)aZYFL&1KDqfcm7s%>c(nsGOQQQ
z64!X8Y1C*aF5Aoa>FC~<&1j)7uN*03J-?9Z>?sAlAS3RIUXZ*2yNaZl>-tyw!qTI1
zd23nox6_QZaB`NpE`jM?&;?rW8?dHXul|rs`9lO?uF{lpL8w=>{g=Q{FM*6nmhGfL
zvkP6dn7S_ukVhkBP%2$%lhc9pacnO?DxMR%@B5bv>rM3rLRtb)hFa8(>Q2NL`~{5g
z-wT*Ko;U$WJKpb~R+yQEFThx${LnAWQhF&JqQ}|y0iNH74j^wl9VHLl>Edrz^DBw~
zf}lXV>sC09OzbLGclfO|e>^$W)%iyk&@a_IrY_23Kg6nz!u4t@>6g&Yc*!HrOZ%^l
zxLzsXeqX(PzJ$!qmC8xCQeuVTVZQ^wSE4`Kj=akcCZ^|u+n81RF_Onn4_l7`DG)==
zGq*j0yg0*89gHxxQ2*kT;O@m?N%4EgJ05!eaw_IPzlZ!Gsj^hK>LW@D%k%p9q(b%v
z?KPkR+M}2$+K=ZP0xnLOijyYRG7#%lm%Z*^Ke`OHMe(S+Qi9SMKRFS6a#m~HbW}8q
z2$^tvG!|L!lKCIw*Sa}*`oN!7I2y?Y@<3;hRjBa~H;&#b9G6xr*;^$7UUx;MvS@<{
z+;*xp%-yPl6_wC_>CCQ&1&xzll~M?q)^_`A1m_6Y#1`^KL+Da^5YTvgk*t?N5$wr~
zg~bk%_)i8g4E5%y0#ygYZUEh*PhfbQInjxRx7jr1ySb>Mw{vd~->v^{YT1i#E4CTl
z1o^~%(kR>~D^l-9Jh`Lh*wvq6g!pO>cJIb9$n}QgeU0H?FOq*)9b+=NUx=w({juJ3
zuF-3;6=gXZZKWZ%{SL;tA;lzXTc)py?kWuhG9MdLO4S;zX$mvL0KAx9`NLX?dyahw
zCHY)o&TSwCmxL~L>)Ma02C)`eng}L!OUiPaRI3m1KHzba#`b#gVx}t>sA$F}g^K7{
zA-Ol)MdR!t=NWi~e<%92$2L}gG{|3)-@`p!scZ%Ug|<y2`kWg*p4u?%3|~A{eG`lW
zu5&~b@7gFZipV#w%ot54vT<%)?>BN&ZTp|yAuJmLsvt7*yF}3l{M1~yI!qBI@QrXI
z*JaHcc9pfe;Qr3_p%*YC-<UF7V+d|_OlvsuFWt!JS(XWoW2TS%74AIZQJ^RmIfO6+
zG?+1&3Fd^5sSvFvE;W*I=oP7eFWOrGs@uVKd~Q`sF>cs-rxwx(`%*UYku`zZPCsVl
zyi?+u+N^6>vQydtDo#T05Bz-uwR<zYXXRy^8I)d>{u{!F<QYdD5*3myjoQmvazfW1
z1i#Xh7*>>e*qRM0Y`%&*gCk^h@^1scrjC8lH5h!kZzeBc__LL%i+}aeu>`q_q+F+o
zM0l<}-%1HsB9GlBV=FlOgOa1vP<Jl$w|wJ&zfq>TJYxLs?ZmmHVV~MR=Rh;w94Jyg
zXEr!Q+`V(yAcn(A%Ju`C3fI(fd3^>xAh1B;Q9R7e@RrJLdka{UYw?Vjk|o6~BH8dm
zt%}AAv;9oDGNIQ|+;Haq%%Y{nlyK8kK{iRY^Q+AGcnYgQ;Nqy=gdG_stQpwDtF0ZH
z;U-H6qplRo==O(BZ4($QW|-5-8fs`4!#FV!lrBr2UqxRO#(3vbHM%z*E5g~41@A3?
zJa`IHOh+Jju`QCc4&VI9FwN*R(ip2ObPelKqF6f|KZsO!MylTt)b6ZKz0>^>?=Dq>
z2^ngN`}o<NO)L1s70v^MYSah*%yUIsh^l%taQ`!nwXD-RFl{@&bbkZ~c(QFf-5Kjo
z>9ocJ2Vy8BtWh)MhV&S%e$VSXyw5hs1Crm9JZElC9mmj?ZMJ&4ODc2mXDP<Ga76E0
z)(n+HoyR4_`e|(RqAM|<#M`%2VJ&bi(I=+pe)>3sxf*|<KaR=5kphUxa}G#e?yft!
zIEFswlzXkyNI90fMe;k#VZ8*o6WsLk>P-vE+0D)Fm1KIo(K4DPQ`w=!V{IXF@7_2j
zRW2#$I!3kM)K!D?Hd$|yEw@K9@imThO5G8Nou>{oN6`~#3;(OinD1Trc1T<-{nRN)
zrPy1}@Gvy>Bev`M$6ISJKh|ksr%G*`?Ul+Jefdk+>D(1xoJD3a1Y_6)2YR<lrSxs?
zBvM;CIjGtN?Pt%atRE#G4AI&2Wf8l%B$xtk;kCQF@ElH<gvXRQj|~QUAPzy}e03$h
zRkt{cmHgBlDiq$<c(eb^ntFZJk*}nmBnQ4@8jY{eLbjv7)9I)ewPM`QF=#e%agBO+
zW>8$@=(b<orYr^J=iK>%WsNDsegvoa#5L~17U-z0ARfto!^Jm^Xk{oNS%fTXF|f9V
zOYU5PL)&ZX>uxV*l$kiL)5$&2L(AGg3Uo(_H!|vUi(^mYi@ow5ZhJ#|4hEYbjJI1o
zt+w*7oOe~|6kIKeui^@qrW9%nfE0T#ny~J!<Q-Fm^V6RFMRM{Zp^h?qY)sdFz;WFr
zYP5|%$mO5FH(HmKS|h<J+ZIAOW-4kR?U1tn_6o{VKr-%4Slcl+HN{2L{?Tc)L~QbV
z7nHN>U~Oq4ZMQl#CeJ^Oha$UZ{EV%u&@I5;PZ5SHtEifx?h}=`u7}(_iIta7t!0Sd
z{jRgb7<K87)=q2zo0Ult0Njfp+<JuFOdIU<RrOkqv)rUSUY3GF&-=q{H$Xk^GJJ$*
z$B!x?Ffsn!G={1sPQ4=@WRadwhDhZ3H+?-1LI<nZ69o+~ym*rhH38t0a|9H8r{BK@
z)7Hsf4mi7vFw5U``7P8l=6GMpmc$^Lt29F=#4_NVm*7UC(>2R8<ybe4SMbjE_4XR7
z8#~m#LqfaNvo}=u3$tabGqI1jrcd3bc8ZL0fK}WT7W5+$F2!Gz;P$46ck!bvdhIcS
z^Oeo0`kf@pYz=n0K_?9Z>)0eFlyw)?$_pmjaJ9)X-t7Z7`ZnP6!7B3_H4wd0na(%H
z6j9P=n8r;GX6`*|z;z{L`ILj>5d#fN1?m)Kj@1r;6Z~K+SX&a9mEjzhBWQ#Wb&ZVI
zsAbEv_jPC8P!bh`qWX~4>QiM4cAft5O2F|epcRLI;TK)(a&=zf5tx&<ijO~)FH753
zaGjMm?8O!+-_GnMP48`(b-c{VIuz)}f}R~BGU=1=$LqM<pDBIrj<*VjUzRsnmTK65
zvulC;902XqcXI9m5B8U%f{^$!TQ(Q=kM0Fajh`c@F5PBI2L+J4*`X(qwGAqC1@SSk
z9ju$)xYnXjW$Fj90xoAIW-Q*TP>1r1;VmOx!fiN)-zzBDUWMTlulhrUyeY{oO$#&@
zCAAQd9RjUa_I8(Ql2!rPqj$8I>h7E9UUWY$y}4(rMnOd~TfF+D4x0H4Os=qSv>(A)
zxv|x`tgw|yC9#;1hu>E1$v(9IkZrO074G~pLZ<LJd}h9|T{_3-diYdok@z!k;@j3I
zxn9(Ab7qfF6!QH~P3&E8&obt{N#P7{T-z(#nl%R&`|T`+xMMmSl|Z%xN14w8=u`EO
zKWmm82t22hW4S54>GUHY>tso+8k=qN$LlcHf&F>)&Wez7dMW#~OBsjkU(RmQUVg->
z(Pl*vf?M&|bf`N{0f%B6Yk!w<5)*mT-c*6!k&{&D9d#+>+{qxTJLhAzKc7@bX*|%9
zXJnl_cv@PcWfbvma)06#z7YQ91jRr*Kk^7nkNWWa{mA+^q+Tr@mD0I#`&Gk=bH_1w
zY=(^!bsZuW*jbMa2Zo-yJQm&NQZi1XJ6n>(aqxieT=#EC{Q&Z*UZ%sm{=Xpgg8xA3
z@52F$J6oN6pW7^7ekohyB}gE3JIEmkHIeQP(`3)c*W4&|yGfR~`+ecn0}tZPnE1tc
zrvj93UIVabrAB0&?^U|?Y_2C701elYSNQGal84+Pte)U>4?3YhDc9H-k3@~E7?0F+
z<&i38Q(k!HnK&nAxyHzJ$Ci8A$6RI)l9eE+r*iUtN*c$o*)8h{T6p1Q6*ESAPij8@
zUD6<jcWb2ztar`<G9<@!&)D)v<o!3K&ZR)2E7q?;;;?U=+2Dd9mEoX!K#aveA?L#~
zew{DpqgHg2Is{m8y&MSXjb_E6f<gH@PTYD*ZDr(2EP&}r<&{`EVyl(Ek!ILB2fKcd
z*2&$4nFwvXrY7d|7aO;GT(Efe2wti95Z*u~7^Ue}X6PTT>Q1t-q4+nY-lYD2QtC5^
zUc)=zlzQktl)6SGdtwvpKP3(3e@Yq<NPiB+f^A09V=rVEpnE4P_h0AbSBbUcyNErc
z0@MKU;MMgg+Gem_%pOYbF(Xh?VWTi1|4`~R8CNO)Q0g!wj^r=@qSU$iTORFXjI8vJ
zCu`~QbXdMA^+SC8+2Tk=*EPm%9Uo~QUi$ZcD0Q<-m@Ti8350)B>N4w)2ToQ?$%}er
z=>Jga>h%lW%(9{0u3~@v#57ZK|Dn{oWLJ6fM}mV0yy%SY3;!u;RM=iPe5()if)coU
zR!4w)Q?i?L?VQh2x;Ji0VxB>j)V;KSDD}Evwa73MQs3M*P9{ofyR8KuI+E&(V~T%M
z>fpB+lxVZ+-z5#LI;}#Z?b<$vj|ylWmL4nd9bIDdx^*)Q?tJNkRO3uM1gCvc>bTI3
z`$6OXlr$txay0%aX)xAxurXLTv*6Umw4Xz$>03>zhsxl&aTTyANm&F`^>-Lyh*HU{
zCpom5y_c#a+vyCn>|W&6zOcSpYE|`R!a-0Y>!xJ%ZO@&tRpp{Rbq6k6t__-39YZdr
zpDa^v#)Fm*6^*>0voF&jQ!<bTH~w)QFQ$Emp`bus{}GcN`ZFQ;y;BSEh?^~u6&b=B
z&aWvf)2~YDKmvGl7F2B%vH56ZbcH;B7FwWAbXQ9x&YHb!<W#^@geQ%hh<#MQ(r6gb
zT50)#6-<E=$sL8yKpC&4>R>7ODq;(^htX`>S$3r+q?~EuK`P26#0d5RW(e-kDw!g?
z<uO955tIH;Ym6=8oFFco7X?z?)LGCH7*}o{4E4g|TCDk&mD=mC#OO}gVY8{#Y&yYs
zUhb!Tk8nMYV0QMf=5&(FBh#h4@l)c~gcm2dHrkcd{JdE#<{A%j`2#kZE(;P2mU$MH
zm)SUePQ_i5@Y=aKO(gY(&^kt7UE341@uZgkaLOJKG>X$<-#v-=3)L%Tc+fQXrn)1+
zxm2mnslF3xaP=_jiW^=x`Y~zLke|oYq?#4qn0f_C7TV>_mY1Jf<X$WC$rb5|8um<;
z=4uI0Jg)}PtQs_hPRRm8=;TEj&(-fb=O)Ywo6Oze)oD{67P>ZUAB{F`Bx-Y}1g+&P
zsS!qv(SAb1hF^R)Wo>3~M92%Z=nw`UE{PT^VZqM3198|g%11%*v9}&#9g=b$gDoxt
zIoORG$?A;D93%7a7Gxnd0+I^~=WP&=IwDqTVBjlI(6vg`?O~n@t5T_zTxrFWe?}tf
z&?4&O;<5tzw7YNqD89I&^9*HOusaVtR23cn0?T&=$#)Gx&gs*<v)FJ%iRY%KI?ti2
z=i*@!1Oc%aWmQUjET8bA;g07i?9~6+iC;)!7)$0~n&}rT=nM+q6fgwQealfegi~_}
z*uN;7i^o|k;gU!=#*OUb^3s|S)0&Zk4M<q;P>!$xErsR%QeyVj$uilsMTXoaFJ=JC
zpT;gMMS@OJbYNj#r~N)?j7i0XnILEzMXU1vXqx&j#BeK>;X=33A1iY&8EWN+$4l4<
zY#O0@Rgbwr2UXWG<sGIY((cPZ+eQ+#f+2@CBV)Tm-+NPJS8bja8LjzpgBx*^J)bRg
z&i>BO2I^qL6ffj}(xJ5Ut5>_os|k!ViAwQ-{7$Yd#~~`1@uXDzftS^T%OQ3DX~R>z
z<Qh(2vYwdvYoa+e(2=NSb$(`_Ycw|t)wzrucy%qVP-^U~l!pv?nGhzgp5?;8k@IR{
zU0{#8Q}IC0Sm8R#OB*+^6Q$=Dj^#zEZgX^OcA($tupP$??kU52q>Yig6I8O~i8H~l
zZ3%enEp#V!!~O~x2A@Fe*(;NZrKUdN%NY2fcO1^D27U?#l%AuIF?&qDi|8rZF{zX~
z#(sHM!k55YuLO2_dqW9k`eHI^eH(Gs_)d}<s+NgVv+XHm0%sc7mW<7xLUV2(JG#(X
z<Z_bJkauNgygKCCvw7kYH`V@8?}1S%qhDY~zetUKA^T+`f>oiS$E;KE^^UucdnQ=B
zixQ5vY8Y-zvQvzixnIZ3dp(Nx(J|&CdCfyHJspil!f}itGv8RCi}g9cBrW#n7A)!u
zm324Ddz0lt?UZw9f{M{a!$f8~Hc5%~OcE=~EVREAMkfnMN#Tua?LF0I?LQb^ygfz8
z%}!wrTnCvh^b|`u$|y2h=8qKnLMK0&{5ZF_NV+s=f_Qt*+Ad#^dgGe(>rN((h$u26
zu$P`_CNNt^V7^pHKsoH6o@fSkCZs|cNeA{M&!V3e1;yNe7+PgVlt+ookD5bY*j-#I
z!2CkgV(}9gedI}b0Im+!ihHjrI4yFk0k+?U4=p*n80@CxSCF}bb-|R8RF$8iIMO^y
zP}g$S7W^)Mu&3)ChoT!cWN%PAHVk5F*fUn(3k(OSUApYP=e)e`hw%wDe;lJ0VRCf=
z6P^jflhfrUfLpt#F+&7O5woYUcH_xqFUA*At<MguMqasxhUuJ!uq4ZSgwBy@NTN)l
zLH9&jI4wBH*6%P;`SYZSDo8t*5KgBiu|Al}i=m!KXS}zQY5<aS$>@*kl);*+z_Du6
zPQt6u$UC^FNmrnPbV)J~v2&&3VD@p-hq-DS#~owksDmic=E>1Q<!Z$Q%u-cpug2xQ
zY6h5BteCA>!Wg9>#N!e0Sh!*usIAo*PygK5j8Gbx^l`K>X8~01Nqs2o2%?G;l~1T4
zIx9y8(hQAc&TV9jjE%Bdl4UgIy)}RG(UKiLnBteT+VSCj8r@Cm=WIM0vE&3voxo4x
zTg8F_7_D=TV=&l{{QvwGUrRzEt7Nh)vK<R&f9iF$KE?eHPwD#KFy;3<+V_d{Z=R9>
zKntJ)umLy#?B6t{C_n-r_03c&0+ax%02P2HzzB%<|Br<HrWgMw2GWnzi%T6I2<QS4
z2<RJw{J*tEoL!v0D<l8nAWJknIaS~P=4YB@l1Q*P$LN)gs6&_#B*sOPM$(E+tU?qu
zu#Tj;h!vx)Ve2RpYtO}&lT!U!OG1S%5sjuT;oD)E^0k}2e?Q@$z2?35n)!3DZ*V=!
z<vcUREn&e28+LPtfFlDblZOKu+`lP7Boh;{%UGnT>n2Fc5;STS4zcfPBrC7U8V&O)
zlHn)Bugip<et?1<u?+GN)DDDAJ#Zl2C<^MsiA2jAjx}QjUT-o)Ozf+a{<1HHP(^3@
zRv5ItSE%b|h^P=U2)!Hm5_TIzie4?-?=?=W2c?OOd`vKI#I#lbY$OA!#d~aTjdkg-
zdUkH<{Gr-?dYV}q+W>uUVZ_+S%Z&ou<dGw86c-dhb_3vCfCfo3HU^78`njz6iye#1
zPBTQIKk)&eNpWc^$btn#$ELN*9-t79L1qY)0Me&vUr;8+f_wq`GS-{tP;e4y&ddpR
zll%2Z+PCV`!x48V(~oX#F$k4NE#4bkvmahW&fOY$3tbNeTiuM`4*`V+cYRDT6wPf^
zE=p|-4n-^hTL%P%{wRC9=txQr9!-(qqfHB%SnomHi`lZ!;DHR9q(wO#Fjh}?v0nzB
zs0T}$=r9B=UQP@}8;e;^>=zb6&{v0CAb95@iOvX0sHH`U6cjJApvfB(0YnNmvS0El
zcUy=V1BFDW2*q9*#t5Q_WGRSx8DV&9>i2w&3{GtdOSE4o-9_7L1sX6sc`M;ijI3J2
z3#u&Wssx9bKwLRFAqJz|Tu4mMXbcolz+CSEE+UD<DAX-k_%omoKpIYeWO&$aSTU48
zkZ3h0JfS_uobdyM4n;HFQbf8QqF6L!9@|Q@3z{Hae;M0_fO0(nx;io_0-0L6TvG}J
zZwr_|FCwlcETXRv6{`E|<;aH@AYmmgQ)ei+1Rjfxhz28rgt&yl5QS*CKkyq1=u}%Y
zA>=9y3Mc`p9HbJ^j4S8>!c^(Q8$;492vcDxbPf`G4${O8sthg<s>-j=t)J4P39Fe>
z)jyi-Sd67wOOCe?Fl{I)@>?ees3wI_xQbLV0Uf;;xd7UHad2OQj@g!0-`WTnGjQI>
zR8eR>dhoPhaPGxJ3s(w6T<ix6;Z~?+Ga+8aulDI5jdARv!Ae@c!VuvQZ^Uk0`1RrC
zQp8anF%t?H=YdM4krRgXVeTi3E+1ftK8N=n{dWMtp<~00;6kg{@**M;ac)I0omjU_
zKUkO{qB+DRfe4x+1D@ElSPNAc5rOoZRpz>xjt<b2!fDSnrvs*dq(J(Sf#%lG#Gveg
zB#{h_Xy(Y8-=0g&!xE@~Kru1!SJZBf+F$?}IdDo5P=VXqm^ld|y^dI@t2>-C<mN;x
z1mO7KTBjCJ9lMO;4XEG&!YISYL}gGNKU<lh9f>e_lZQfdg+0)hhHPQ)Q68WrfT8n7
zh2O1E7X~;VI${Gub#X#d5~>OkQ18%sms2sG&`yZ}?;r!3f|>?PNuvkQ%@mGcX@off
z5D`&OdYU1~jIIio{YzxJ%ZZlivVUt=zjh62I_H3v+I)!c5r?9S>|>$aG*9JY$|K_f
z<GzCEXmi4|h{1%2zc2y*Y4)bO1I{|T!;S97>Sy8(pDvj_i8gV)wE{GK6iI`NNA<q0
z{@w`SqG8a5UsCh0-%SHW0r_HqKl!YWf78%uBQT<&q7UC1+>8_c(kndw?c#Es(=cV^
z?r5<m#OZbwPs*8ttBs<f+&n(xY}ePGsBM4Hx=Afr*={#`w0VWmLQ2uyQ~<z@s}I`B
z$dX>NRH;AN)|A4_cVYYakAHp+8gPX!7x}0JEA6+ua9n~v3t(g&ud`viCsXhh4zv@+
zbX%XrV(=wrUjKs2aY4{}-H}Ul&!@qskRkO~sC48p>Xfm3gyWg9e3dSfYBEEgU{*@a
z4sON8v&!T*=zsh8dE{U=KRDrv73f{7nL53L@BU%r`=fqM*s_O6sYCSZcbklkk8sJ>
zUTtSZrRgLCIqOV5^*%oi3U`5sPM!qSxTl<}q*_z$;)@iR(=qS-^Y({kWbQ$0HTzBu
z=Ii2UOV3hSP4gp;Y7%;?Ex?jqJu7{2SA6tatUkcKQfFua>>TrQ6+7&Tw)kl6EEQFc
zB)OCjbmdUPI8<bi+y7P)wL5z?Hw&gx>|~ohQh5GF!qC-}qHb|vGKk-)Fm_oo7Fhvl
z#X4Z1n;#BQLdMT@bz8L-xWQUlT&zyc&w*8i^?0xdRwYyxWeIEUkNcFyMY!|!oM`nP
zFCT8qa&!4%=J|W1^R|epBruonOie?fdD=}UGLp{ocb8|Spfk)n_GOG*y6bvmQR}69
z1rA%XW=Mryl2~GeyDFvg95LDD9heffjwct5-Ih1sU>(KF!jUydWm@VuJ^;t6x@BSn
ze?#fkS-|@;cxvlS9CM3MW(CgZWL=LJS=p3wjda&Z1%<BsBS!Na*x;8}$@T2)Z-_+>
zl;fz`xpioFaEt{^dV|T$?qr0T%O3#eIUY6ko;#}+Icg0Ccbnm}w>y=`7ec&~_yswd
zo_^$K>%58Qulh2dblG?fi|j#L?zEH3KcCJ=Z_7XZ*hnYjKi9tusHWMPe=rq!8fS;L
z|CRC%rJu*vlg_8rsi`1w->2OoKKY&g*gD#2?Nn#_=9!Uo%<F%KS6IBDkFCs@Q&v!&
zgPxjShmE4qS?6Hy;@_xE=WMK(tq#fmG?Ta1X~M>(m+!}`U*j}BHemf*U=M<#q%v4H
zLyA8uQ;x;v{Lea1;VP!V%enH+6U?-^$&An;ggcw$k&nHE&y!P~M6Dhg+@m^Cq(t#{
zmJEiBt*66~m&RDwd36^?7KXc7*%tqAjjxG_FM2hXl)LA3VYl<#i@D4hwa9d`Mg|XW
zQl{}z**i(I`{$(TRJ9|!+HAc$=t3vb5lhH}?+tT!E4SPk9L4K)G}|lf_1%#(bJA6v
z(}%a@aSJO3892KvPbvIUn{r=&ed~JXww0d}S3j2&x7R=7`FNbd+m_ITd1^x-)I_!U
zBABn>Jbjy+)NX%dMRs(x9aJ^I<l^N?-2Z7WYH&=y)`u8;c~XNv=y6DUJ>FPpq6ag7
zgKZf-gY<I_qt)UpXUHXO{i+F`4*%-P`d^Km2{=^i8^DjPh0;cHlTupjBuPaSN>SQ3
z?igb**O(czSVF0kN~t7mLZww3l_iBz5|Sh&OR118LaEUIopi4`$9MRD_c=H9JoEE@
z@BS?_b2aID1nY7s%x3w^$iYFat2YjPUvt+WR(W^XfxM`#o`!-0Q3a-*Znvf^aJxUH
z^&9KS70D6Chcw2F&npQjzT`jIm|0_cO}S8k)uOg2A+5%Rz3@lm9ZN1<dRS)Gy5?Cw
zc^^}sUOO?|x^atw_5HlBjl1LzYOU3t+PEN5_5HnYM<zA%dv?3L%Becvxa8ql=jX1}
z&tB1FacsrXz2B{+EO_rzS#`<m*Wb6#JA9ND-~A*cH8fY}^J&420}-dMyj2@^{E+lN
z_Up#lpOd$bP1KkvXqs65?aZu__jO0oOATCtcQ(FP-F)xfd<t_|rJtw78`n}_*7xll
z{)yu~@)W}*w);o9sL9F>Z&luu>^^qW8I#I2qo*se^FqU^vcvWmo<8|tcT~rIs?%i$
zN6)+$Mc?n8YVkXH@R7sy1)jAX5nfHP#j~bWuUeTR{rur%*XPO??~Dun;^ModJ}vz7
z$yf6<De{WfoXVU1jz>>P(_7s@GqfzSd@*XzY)*=!s$p_oeUeAGePqG&%}*R>myT9;
zmOK7t`NvZfKd$xlz|u1-3xeD3RLYFidARkKaR#N}RAs87iQm|HVfo=V7U+L{@$yI5
zmQ4wV2djB!mh0bYhb~p_oUhm5*s0T3?0;JKwY$C5JvYm`Y+|QUw}JQK+NYD6yy~C1
z7*zP_`?no!sg=pl@~SE`4YH)Bp4;*C>9HRR*4|ow(tp8%dG&ffO5g4d{Web^-#NSH
zeTs?k^7$n^C2e`FO*Ox=ejWA=usL|6J>i~1Uh3QMY=u*vxv$G^ESK##>f6D*cwkva
zb=%rBX~*@)4zuh0)~MNh4*%qL)OL-f(o@0lT1D3znoqAT({9bKOwhOTOsOfe-PiEr
zRL7y1%;`o`@6Vj-lJvDONKCOI<GKC4#cDOLb6O@=XbnBtJ!MiJw>B<Aqt&f~dsm;<
z^|adFU~{GFlMc0-x3X%f7THG^-1q$z@4uw(Yr1h8@5^ont#>artH;s)p`2e=f3%a9
zSrSmT`EzDg(dO~h{Ofu44UY}1Z+AbvS#;l`wq)}n*>O4tmbPq?pOg1j=)J>&xo22R
z2KC#t(beTwEZ5aLls};8DLq%XVz?z_nwubrBB&@i*RJ*|z(vJ}&lo-F)z+pTk%QwX
z%PzQ>Zw@KG)AX^<!G44Nk!uy(Gw%ggy*s+%nDyiHB^SOlD>~+!u30?VHI3<IvfVH;
zYrLX6HnBqCM3(l8;PP}YgRV`_Vy<o98EGUpL#c3O`}a5JPV4JiWOx}F+Nb_gl#u2X
zu`c)J%{YO5-c1D=JD=DnTaMV6+Kw|zii|#8Gh@70k7PI+H=gQ#cb^uy$ov>K%qG^u
zS~+bB<;MA{5VL7VQf@b$d%15!o6VC|GsQwK2VXSON;F#WJuIT3`=?x&*aV}}+*4Dm
z&n}hnwM*-&IzIosv_-ahvAEv2#2;T;sXtUMZ#1_09=6&sacJt}xmuCxiJR;awo$eT
zLOQH;TH>Vg7BfCt(4TMg>4>S|JH2ynx#X?5>+<qLU$7QRcz$?wYjOGX*<VvOK1sEd
zvq@4<UN-IJ5&QMQwIQRgq_00|UR36<bNJodD(XS~AY=3En<ri|s@31vc)s~Z`^+OX
zsj^4BD&{}?mU%DYU|qt5CZhmDR`=8s*9)H}m3PkGR&l_mD7m}v%!|%5T?;mt$n*5Y
z9vm?&Uv#^e<rH-GSF+w>y<f^#X2?k`m~0g-eo1^)x_q?y5{Wxz6Y|G71zd<$Od4cv
zIxk<IFOj(8jp>T~5yP;Z=_7UJ_G9wDel1APul^;0|H7s1lAp7ggD`By5O@Y&oeKC2
zX3yGmt?wGSwMvn%Ur&$MZMvE1SUqXi$OqT8)hFkhY%mzJS)tfE*gsD@Bji?2Q-ieh
zMVpu)<)^tJS67YOyYIYf_}LTFEzSoG+Pj-=rN7GT!IP(#j+Ae2H}Cpr^y~!tGduOC
zf7;Jel@Y#Pbu#dUi>i+d<_aQD>N%T^<SSvpU%$^-9nc&avg$~bidx*!7@PfX)+`C@
z7^f4}ylQNzqSTV$#ITQQ1y7nwCPt;3Z5+2d`ti<Ho};rm<jm%sSomm}CVUS;`ohDW
zCQnPR&JQ|vv&4vXEPYvkl)t&$scB4!*FjqRH(hen$&8?RrB=EZRGv>+{cCNwpPf40
zH{Mjt(n7uR-B<0~x^L;XS@XoqI3`0@x;9^tI)pV-X9aRqX}04I2Ih~{Ha#;k&*HJ`
z5*726L)HbZQQE7pYwei*Lp1Uw#74X_yP3M*)I(BZI!9{kL7T~k<ivNbRoZ`W{X^%q
z6Lvg^Jfyh6W6tpw<+GNf!xXokAGiK;;Zm*jyB^oxRywb3w)gS{vn5$m($~U<ca`Ll
zXtR9D;X5?+>&6rgE$wXE!qHf1cjINIgSz&^3=I$OwRb13*%_;=Dkm5H!`61sNfqx!
zS^5*Udj(DkQ56sCKDu;AVD!dIgIVKaY?D^+a@eV<9O%1fj>FU$n&$eCGDhj`JNJ*|
z`#N3O8PXODrNvVBz2c3M&z!)NK2)1DWU`swhB@=Qly|7un!G=qF}p2!m$Ij(#2(BP
zOTu)qgN?j7&OYxBZIDbC8#idAV#r4S!jU#@hrBzsRR#UM|A1hsgh5PDv1LZ-C6&t4
z_KQYVCsP-U=Q)QCtG5}HzU&{S^R3ta%=Q|)^|P+wjF+puqrwMWzLFcryf$;ZqRc1e
zJ*7zzpAzCCpJe!`zO!@n9v(jCiejcrW{mW{(^?-&R8-%d8?5XqH+rpH^x<;-CJH6N
zFz(^=1$Jv<{6jngl3z${34A3}Vq<ofq44Nb*ahqH3(}K~hei8c-QyNCxgqe?XQh%+
z4Vu<>qc46mxnaYK|6!G_oj67|ILh&ZL*mn*2DhLn=d~lW7zbTd7~?-Cjv3*;_n@<e
zW4m9}o6mPfY0s#6k#po%jp|YfmldPJ+ytS~kGtfz<bRNvYM@b5o%|d=-7oZ0@ocMY
zg?#IViejZZ@0~ZdW^Qbqs8o7euuogBx%$EW7{{(qx29!=S4Jqfr8X<yeZ`$#Uo`$r
zq~Aj0O&v>fy<#h}N9xqQ4QGd0d^@mFBR2j?k<K#fQ`3|TX8ST;<r&0F>BU}SGiS^R
zUs=%Nwtk(PJ!AE%h7D1fU*lc43I^9-eS7rm;kjdm8U<YXMY)1k{_(SOs^yJYJ0Iwu
zbARINKI-TwdY6q)_U<x&_V6PY*2(NmdX#eOz=CThHeB~=+jRP3_}9H-4L8k7+qQ0E
zOH16mw0D~;)=RR-Hy&GYIqLdP&DV^-;@+C(<TWkjEqc@0zWs%5`@P1(#nX%E?0P%j
z^>P>YEgxy0lICI7b>Y0#^S@a?<{H%mjdHg)j<ng`wR&{T1-~%AOV!yyU4{|4DSw??
zw<XS}b5~x+!`SCn%a=K6NBJ2h&2MUc<@I-(4yAaD_;96C|G+Z;=7STLb{%ZrvhK@f
z9iw^E8o4_AazdMoPsUf>F|x0FueISr+r4}HF2;O%b|vDP{L3LL{)sc5R&q4OC9=|i
z-(~qM`P<%^C0lux84;OJA9Nl*y!+&`Rx1Us*1~sXD^uc^7g^Zbx8+QROH#K4QdM7`
zvp;8VWfTvdxA?%td51=P^3ODF({-cf)KAI2@JXg9)mBd>a%+3%qeQQ9A6mK$a_U_y
zJ;v%3uc%DCYEqQ&WI?<CmUSN*quP&XU)3)jdSjW}a&}G`FUE4&GYyl+*G?av`|<dG
zW<$PFn&0=1$9WgD&V3s%TNl!rmRxe2-{llgHaW3#qiUFTciEjUZ7&+iOOh>@3tn{$
zG18B9iJea`v@8BftNB|qsoSHPQW?pv+<N{+Wo4v%yveq?(=`}hSD9~eiJ#wHub^W*
zQ4sHNs^k)T>oq$2eP~kM`qiby>^Zl(HEf=DJGLGe`}*(!FWFYR>Bp4j9I|t$t+)68
z7{0}GYwL$EU#gxx+IhBOcdSj*h=jkF<!$t8OZ~jRtA1vU*z1#?!Szk|BR6GrxPQz3
za3c9<`<<2(#+9e%>3tJhqo(dYsAh!K&R+&ugSvQD%8@rhqs(2SmP~$V9(VTe<k!E-
zIr){g%f!Uxet&)R5Uknr(W>cDZF1F6tFpu}Od0;f4@XCL0gq3mxzcs$jtrJg@87kl
z91f9{Zh87=IzVFJO9v<7K$C&q``SJ%M>^G=2($E;!`cAS052VfgH4=-VKh3I&v0h+
zkpBDyCDII9jLFX%VptM9ia3gu3JC=z40gG=un1lr1H!=ev&is$A%@YM|H$Et5<xQb
z8?AXXh8_P4!{CmE$nY<~y%zP0W5rzyay2k)$kLwg{O*1A$&aEhrts-p_utI~QIDNp
za=61l>|^2>Ho5oZ@YC^8;uwwZO5xI}PE<$c9}|oI3u-zM@{VG|puur~xqzKT#)r`Z
z@hCL5JBLc+Q+Td)W>4=!6qn0VJh2b#tqTp5@JlOu$Aa+#;+?4sCY#0dK`O#4-DUL{
zFkZ)a3<Hgdj4`tYB!j#hI=AQh%84RB)!6-o3mVBEM$`y<;ecQ!)rHQbI8teDbe0oR
z?p5Zl&sRyp=ROSXIrHchTzA=kcov&S<)Jk_&25nKD`0K_L#p*c;iv2s19Hg?_<Z@L
zV^$IvHc1M@v~bw!^#fx0Tq=v_%qDSV=ex4iKG0wD;oIiHh$3UlW)d_PsnYF@5w@+M
z(mgQ!=^_|#IY)5}4xYTIT)NO%-PtT&Pi)g^6e^F$rcsy-9v=xETrr`x0D!l_4ODSZ
zCl_)k&E1K@WcQp=5gn_{p3>p~^Ockab>fKL?0$$WPo#Vb-llqg11%6}c=^V9_Cte+
zWiWfb6qYETo~Md~I;7EnMHmKuh>Qe3a-tKJkH$^Y7az<8t2Bd<c-+LuesByL+8&Fx
z+fWMtr`pHJ`DgpbG1x3B7o9}T@BMW{7%+a2%<(eTTqK7&lW8!wSYqZwkdXs2P8HD~
zhHXtG$GJFC_*^<2osE=627S>34dy~d!kc;Ly?&4kKE;#ALOM>^>I?=SBDw(t#aEE8
z56OwbI6+IebDC|j7qB`(O1y+uGRb*tu9Fj)sT&Jy$2UVp$by121*b+@4mpuSE~3V*
z6UQ=SFl>n&5g1lO4&*wLO4y#YrFab_1_wAi$4hv;l^n>UyL-~nDa@@vI)DPF@DY=U
zRY41rAWdOCKnjP-<&kiGH*A$^0&lb)PIU0XQRG}cmD%%gL&Owu|Hje`DexT!us295
zGQ|EO$B}vBoMf%44PqE30YvBzM27hUG8#UaqdFRw(5hkz_+kW<6+E>{8K?pl#D=gY
zQTfnh{V4~~471%CR3^ohPURq@CVj{c_0J$-E66Lns?a-vrjk*KzY8U8_?-?JFYxsM
zZDQF@oz_2>!)3d0={$5$)+v;Q=7EfRLEN#uvcgY(3nefYI-kwq_f*23pHZUeHPEc0
zsh~tp3{$`{wk|?4P#v$m)Qz(%z`my7F>wDxWUM|ffx#R+8BYJ1;orX^EigFc=h8dy
zdM-=}Pb#}aO5&j=mipwUH5*)m3HfD$h(s8cbGaW9YI@dHif>Lr1vZ8F!Y5Nf0Xd2S
z>SrS-8PL+cc^|0iEjTb<v=!wN7?<uy<^EZmK&LP4kKunL4U89j{BZ|Vjhi4Eeyt=|
z)d$6;^GQnNx1jH{GeDyKAQ3EkM8=|e9EPipoDs#iL1#ROAqnXcs;tPE-As5rM4vZ>
z%3&Zm{0m9mV&F&}@ZeXrd*Po%G{e>ZmqT%*qsxAI{o4yEuz(VlLA=#6f0D6aq2mV4
zJyN!l-&;TZ0$wNZ@G0j(_W(Q!+lxh#yZy%TRii-jPM~?bl!L@2NoLHYGwD<wT1v+&
zQH*qu(gCEzujfAwBI60j3d_zk19<@mmjn;Kd9NCZg3;Jqv{X5^D~@j51S`ZNM7ti6
zMS-B5r|_xhD%!Eqb!#@v5b^<GhEo|RmavgyQQgsk@vy`EmoU2_pnm)eHJK=wE1!=p
z9f2{m=E4SP34l~Y{2#;Sc#wf8LK+R}Y%|uUaL$52Lm+$M&DaD6=^F?fM~ZNc=sIyq
zx-dL^Hsl*;qHNC&lfe25gqMF;1<iz>$P~KYNw}$=%_70^7%nV2dZ|4B_MGqu;Q338
zi2*RWf`kVB6%YD-^klO%bO*nJb?gU7M|jP#F)4)RxO5ljdP(x)#tq?NI{`Ed(ktFQ
zwhuzXNK*b$!|1G2P|z+x2Y^p(#v@Q5aDGQB$##o?eY;Wuwp;c93$K4UO(Kg&b*58(
zM-$mzll6|(g|!e$24jf3Rcp=hG+|vrRoWK%bWaIrx`)8T@NEctNnZlGfDBjHjFSY$
z8t??XqA%F>Wl$hTv(PKZOI0_S1`vnBe2OoK?>Q(CNg>)Bz*d_9{m>l9^dOSRSRp`S
zI20!akH#iz{VSagR^>v>v_Z_^?Vq@xgvVexquU2Dy+hYyVHq(F{0Z;jX=h1T!edKx
zxYRA~e7*}-P4fXbMP!;7cJVd><_LA?_l_VWRdjk@ta(v=F7yCNeLUSg9RU>XE|Rj&
zI&Z&_0jv&9q7~kk_QRq$QPG<-45eiiw_zvXEkqCAs@3iN@#q|M(*HOnar9;|XTCm>
zS1L6KmurNv^Pk>?0g24|(`717v_K100<nmfPoUZ#&z<3j<TZxucrhOWAqi3#o_7JZ
z8$_!JUOsOU`KW19BXc3Qw!vZ(&zn4_Kb{W>FZqZgqYI+`Ex0kh+t)Th@>tFcv}LU;
z>&KpkS$g+rK<TTIB$7sD+c>I@E_mF0*lmVT6&Z8w5F961PWo(t&ETH3CejF;+9IAb
zh&CT;2)^6D=7~hQaH$+uBx=u~qAO+Kzs-=@@X77VRwN1?qJt*43lzbGS7GryNo0x`
zCUp>r;qfWt8AQNsTIU0_<FG=)3uPCMpwUUTI`zX`n-g?k$7&5R5e<t(VYp1%e*uM5
zR#@)lH;Lf<%sxBM5_t%qGo4REYyI-bTg>y|6A|DOcy+ZFqCk+&`cYSPxw&E^lu27v
zVhk01M$lYfBLg-7*a9vM-N9bEaj3-s)b9Z5SHl@oV({R;F)rls1hDDF?H~Jv_Lp5a
z)P*6i9K;uyE3ycza8bvlbJ*x2W8fz@G)oqQgNmwxlhOY#6wIZ6+1#%OpQr(=`T-K(
zECi~daBQ|4TCRfDq?QMuJ8PII-gRU25g@WXf0Jw36V`()_kaO@A~GW8AuzBjgBEA*
zi7caF$P&8HDBv@N#!?iA&w+(Bx-zXW7ps{7;%tEa1>bM9tVf{!wEJkW7@rf(*Fe^{
z22J5vOFfV*E_AMRbcIXJ;x(qg8-Z*Agg0HOCz8c?MGK{Q*T{(qx)Pq!;!9Cp5DMfr
zfKL^8st!v8H^_(5i`PB-D2m4vxG+doAPKys>ah@wGoYoyhYs}&3dQxLP~oB?dY(62
z5;jmk`Qt$O(?vWB!>q27!8pCmD0*w8YeC7Sb5N23pjzVVZetu76fNErX)&j(!Xyi{
zX*lt+?~;(96Z)@(L?&+jfx;$Z2yb05FJ6ClAz1r#EgaAv4K_s32O&=W`H#HjKp@x=
z3;L`aGT84kL^z!%*>fujKXYy?`0qGaQsc8(lf)1b`T9AL+caV0vr?ER2bxIybYmxz
z;>gw+Hd?2T7lQ8gLps98>cfR3Fef?(ZQE~C23=DHyUu{Hz%LC7tovd8KIcLj_Wi~k
zdt||hZTl?s4cC$Z|1?-g-iqlbw?lV_-2@@=ZoJEnjE7!Q8Sa)@DGUf*2nf8|M#J(S
z>2h=@HhSx3R&c=5G|1qA;2TimMMg_78H-2bGB|w37IcZ9-u3OdA|$yIL!yU#IYUMi
zo`4{gR@q<{ItkYMx$xi<=aNSxFgQJ+kb22WGuyMUc)}w3REJAXNO;1F8A#a-#S=n2
zphs8(sRW-*UOyvYK@x_8EGD^pDaM_xPGDL&@M3%d4f#mIWU^^+O7w?}6x8p*LWy<=
zGYnD`9%|UsFI2#R?%oM)=9chXC0XFkZvl*VLJ!#DM>-)$iax_zIqgTMBFq@xnMWvR
zf?p&o7TpUu*Q}wh8}5KenlM+q!#tH9iWaNic0xS*r&lh-*$jvg{4`VLNO^p8YySCg
zEVTqwb_wLer{YW%GFCs8dk1TUM+%_YV5({&fs0|~Gy2C-`ZKI;)5c>w2)7NeFNK$~
zawZA3zb$^ZkZJ$00cQ<3e8D(8n;a)VhupC-w$!N*9?{USOu|jscrGc7!{(xs%gjx&
z?B^iby*{EvFYJegu0JX1qu#|r8n_DO0zc2ImLxFpD^3w=FO}g$413f^vM_ft7@zFc
zi^V)wr7Zwk12BBEc*}zXMs}LfSibg!u(xvnx5Mk-RX~Cgut>wc*#EwV!=G*uPfPV9
zqj5+t_na&362N<SF<l5#yx-dGAf=J#w^1=iC+maOBtdHg+))zTpPhbWUYez$bVdO-
zj~rm4_&kz#oCN31r8^^8@%FELW1w9R>$8GWxrSgtbb2E>p@o_H445LE9T8;eN=0(|
zS=cjvSstT9WLiV6#H;J<!+uy4&zVTkic%gi+hKZv8pM^CWex%dRh8t**Ule)rExI7
zFvz?3u8aQ>3HtBz9EcZ9O0@h+J7E<lr$r2KN*#j4r@M2QAQgI3YyHWnu`@xeKyZJU
zrpP!xNV;#C5^&Kc(5&~_j;kQ1kLwcG@?tV54B64C@u9d?Z)U;i^9G{2gJ+;Pq#N|-
z{|+2`754lz)rsnkvi}#v;W9jR{#6f8$J%O<#q!k_M0KaeJIDy@h83h5eAe3KPC~Mw
zy3vK_r$kgN->MN-KiGVD@Uf@kL4sOkVP<Y)q3!NOWbIzV62A$YzE?iZkg<fj9<YZ_
zByHM|Fsl|wy5hu$3FeYWB_#c;I3n)Q?!O;x1{@onsqplUcpf<pwyuQdWHh#LubPO|
z4-Zk>1RN$jQ+j#ulP#YFNplAqkjiLRdwFCFynF&o882f!8Iazy*dRqlk9qoIH6Y#K
zf$A$VCVG;{_y<WLwQ;n;!mANLg72sztcel^V!E@PP`3UyI{AGl5G8?#Z`H!Q29UBp
z1JMt@8AS)|UU=}1?e0y2g&kEm-G-YFL}M>Z{;<9kIMRLGQPziq#e{<#GIz|+7$YgH
z1HuQNcTKmD;7D}mo%ZFa&>G@>tZ|Br#Qw9_D2x{#mqwiGdDpwNJwSX7k19O9!^f9I
zHX%_sT@qr8pjliPcvs=UH-C%#NQj)@ojuA~+A1bYZ3ob7umoPb&jY~7jM41l%WMQ<
z0H_cjchk1^D;{}_tS#ENs~&Kdp@<1>+&k87BSZeVS%;eQjNR3*gegWS9Ud33odnlk
zU{vf9n_vpksX+n3Pq>O4*K<vYOoxZlX3ok0<aa>g6AgVQsf0}7IRklu{po5oF$$O)
zL5cVvVeTSf@?d3zC?<<<g;IsSG8rDc16l-;k$iY0dB4rf;?yz_%e2o_FOb0m?vBuA
zGO48b!0t-vOlX|2x$xkpYOt3?Ku>pVD%XWajNXYJhm<FPbW{irX!k`%#BUPQyXQLM
z@3t4>mH7H+-%=?%prfz@e}nCFk@0DtP!inhQ5P(+w$UlV%gY$-R^U$sA}-+oV14-g
zur)(+HA3ppsJp{MU?mk#1gRwS0rB8wHN1ri*)99Dn@E@I!7ZXi#BS2XTt;+CAW=`L
zM`B_kG^Fd{P_xaL*mC)L5;4L)tDkej4yzY;)xmvcfoJ1y*_^pRM3Eg-{d2UqcAF{m
z$Z*DrKdAb3naB`cWnog$=Lcc&xzZG<x*dI*<b*mR2h2};S+Uz)T&5fDVh9(Q@Q28-
zksC(PGH^(?Fd9NLB}YMsK7w$?&uY6?UkZ=S^hDcy<t&q!2u-j#bhdbDvSAG-;>KWe
z^5v1+d=D1^ER8y0QIB7TMELZjkgkm^q}q44&4Kf+#Y9hD0;e_vVSIReHk;&v&lL5+
z3F{=pFwMnc*d!4RW0)YB3`F_ebD|>ki$;7$2<&*;f#vaDIQ0H-f>>l*9&TqH%A=r$
z2yY0%X0OP|`9Ng+_jwD%oTKQwc0are1N#AL#zUf{WqSl6tcu|JKM{gCTgkdYOc}xE
z7e2>78BPkJcrjQ`Y_C39bf(KG-B6IoSBkh#${aNyjKb-|Tc3NN<2oqkBRs-F)H_V%
zNO%GUlh0sLT;af*!eR7TY01<#Zh)MIfm;!Ft+nO<52DcL1%1TC;u%H{05}N>h!Ea8
zV*Vef7q#b|8Web201e*gKr~VC<?Vauz}y1Q%w9J9bbIXoA@hHDPj_L=a`{9)OXiEA
zP#@;-;7bof0nLZB2nC2i1TBu6>yjW85cGgwIh6JT>RF2sS%crQB*P%TO6&r?3Yq_n
z+;JpAdGq1DsB|X^!po_bTQ3?yb^Q#)8UK-lKSVAZm`3LAYQa0FIzhc2XFz;w?s(h(
zpNjDNEE)47XW{sAH=K6CUX{qmazKOsJp=l)2T%F493^UXc+SRG!lS}^C=&RF=@uIe
zX0e^%O*HI28x4=E;ug6<j?aZ|2VZecd!tDlo-mUUB`VTqstDI5`}+8d={7Wn=fnHc
zZxC6NMt}002kGYp<TJb@djz0a5E7_vFtFyU%n0bmIgsX|brBgKcgPO(>8;N2*{yUg
zWL}c%xiL3l*olC=3p2*|{AQO2h6`Az`^Vevo}XF+!lr|N!;YKCn1AK}VN!&jMF4Ln
zA%C}cRE}Kf(xG5)I8nprI6=Yx^&99c8rum}gFfg`@Yf651>6V-CFnmyhHTk@cvm)$
zPx|(T?&uda=@9e#Ve=5L?(*Ry2C^l5o-e8eAby^2uek4K56BexbYG$a6F-Tmm%Ghk
YK(0ui05@-8l)-<R(7fwekAT1Z4;{5eF8}}l

literal 0
HcmV?d00001

diff --git a/apps/emqx/src/emqx_config.erl b/apps/emqx/src/emqx_config.erl
index d05486328..61423f9af 100644
--- a/apps/emqx/src/emqx_config.erl
+++ b/apps/emqx/src/emqx_config.erl
@@ -23,6 +23,8 @@
         , put/2
         , deep_get/3
         , deep_put/3
+        , safe_atom_key_map/1
+        , unsafe_atom_key_map/1
         ]).
 
 -spec get() -> term().
@@ -58,3 +60,21 @@ deep_put([], Map, Config) when is_map(Map) ->
 deep_put([Key | KeyPath], Map, Config) ->
     SubMap = deep_put(KeyPath, maps:get(Key, Map, #{}), Config),
     Map#{Key => SubMap}.
+
+unsafe_atom_key_map(Map) ->
+    covert_keys_to_atom(Map, fun(K) -> binary_to_atom(K, utf8) end).
+
+safe_atom_key_map(Map) ->
+    covert_keys_to_atom(Map, fun(K) -> binary_to_existing_atom(K, utf8) end).
+
+covert_keys_to_atom(BinKeyMap, Conv) when is_map(BinKeyMap) ->
+    maps:fold(
+        fun(K, V, Acc) when is_binary(K) ->
+              Acc#{Conv(K) => covert_keys_to_atom(V, Conv)};
+           (K, V, Acc) when is_atom(K) ->
+              %% richmap keys
+              Acc#{K => covert_keys_to_atom(V, Conv)}
+        end, #{}, BinKeyMap);
+covert_keys_to_atom(ListV, Conv) when is_list(ListV) ->
+    [covert_keys_to_atom(V, Conv) || V <- ListV];
+covert_keys_to_atom(Val, _) -> Val.
diff --git a/apps/emqx/src/emqx_config_handler.erl b/apps/emqx/src/emqx_config_handler.erl
index 248847177..20aa0b5f8 100644
--- a/apps/emqx/src/emqx_config_handler.erl
+++ b/apps/emqx/src/emqx_config_handler.erl
@@ -17,13 +17,16 @@
 %% And there are a top level config handler maintains the overall config map.
 -module(emqx_config_handler).
 
+-include("logger.hrl").
+
 -behaviour(gen_server).
 
 %% API functions
 -export([ start_link/0
-        , start_handler/3
+        , add_handler/2
         , update_config/2
-        , child_spec/3
+        , get_raw_config/0
+        , merge_to_old_config/2
         ]).
 
 %% emqx_config_handler callbacks
@@ -38,74 +41,74 @@
          terminate/2,
          code_change/3]).
 
--type config() :: term().
--type config_map() :: #{atom() => config()} | [config_map()].
--type handler_name() :: module() | top.
--type key_path() :: [atom()].
+-define(MOD, {mod}).
+
+-type update_request() :: term().
+-type raw_config() :: hocon:config() | undefined.
+-type config_key() :: atom().
+-type handler_name() :: module().
+-type config_key_path() :: [atom()].
+-type handlers() :: #{config_key() => handlers(), ?MOD => handler_name()}.
 
 -optional_callbacks([handle_update_config/2]).
 
--callback handle_update_config(config(), config_map()) -> config_map().
+-callback handle_update_config(update_request(), raw_config()) -> update_request().
 
--record(state, {
-    handler_name :: handler_name(),
-    parent :: handler_name(),
-    key_path :: key_path()
-}).
+-type state() :: #{
+    handlers := handlers(),
+    raw_config := raw_config(),
+    atom() => term()
+}.
 
 start_link() ->
-    start_handler(?MODULE, top, []).
+    gen_server:start_link({local, ?MODULE}, ?MODULE, {}, []).
 
--spec start_handler(handler_name(), handler_name(), key_path()) ->
-    {ok, pid()} | {error, {already_started, pid()}} | {error, term()}.
-start_handler(HandlerName, Parent, ConfKeyPath) ->
-    gen_server:start_link({local, HandlerName}, ?MODULE, {HandlerName, Parent, ConfKeyPath}, []).
+-spec update_config(config_key_path(), update_request()) -> ok | {error, term()}.
+update_config(ConfKeyPath, UpdateReq) ->
+    gen_server:call(?MODULE, {update_config, ConfKeyPath, UpdateReq}).
 
--spec child_spec(module(), handler_name(), key_path()) -> supervisor:child_spec().
-child_spec(Mod, Parent, KeyPath) ->
-    #{id => Mod,
-      start => {?MODULE, start_handler, [Mod, Parent, KeyPath]},
-      restart => permanent,
-      type => worker,
-      modules => [?MODULE]}.
+-spec add_handler(config_key_path(), handler_name()) -> ok.
+add_handler(ConfKeyPath, HandlerName) ->
+    gen_server:call(?MODULE, {add_child, ConfKeyPath, HandlerName}).
 
--spec update_config(handler_name(), config()) -> ok.
-update_config(top, Config) ->
-    emqx_config:put(Config),
-    save_config_to_disk(Config);
-update_config(Handler, Config) ->
-    case is_process_alive(whereis(Handler)) of
-        true -> gen_server:cast(Handler, {handle_update_config, Config});
-        false -> error({not_alive, Handler})
-    end.
+-spec get_raw_config() -> raw_config().
+get_raw_config() ->
+    gen_server:call(?MODULE, get_raw_config).
 
 %%============================================================================
-%% callbacks of emqx_config_handler (the top-level handler)
-handle_update_config(Config, undefined) ->
-    handle_update_config(Config, #{});
-handle_update_config(Config, OldConfigMap) ->
-    %% simply merge the config to the overall config
-    maps:merge(OldConfigMap, Config).
 
-init({HandlerName, Parent, ConfKeyPath}) ->
-    {ok, #state{handler_name = HandlerName, parent = Parent, key_path = ConfKeyPath}}.
+-spec init(term()) -> {ok, state()}.
+init(_) ->
+    {ok, RawConf} = hocon:load(emqx_conf_name(), #{format => richmap}),
+    {_MappedEnvs, Conf} = hocon_schema:map_translate(emqx_schema, RawConf, #{}),
+    ok = save_config_to_emqx_config(Conf),
+    {ok, #{raw_config => hocon_schema:richmap_to_map(RawConf),
+           handlers => #{?MOD => ?MODULE}}}.
+
+handle_call(get_raw_config, _From, State = #{raw_config := RawConf}) ->
+    {reply, RawConf, State};
+
+handle_call({add_child, ConfKeyPath, HandlerName}, _From,
+            State = #{handlers := Handlers}) ->
+    {reply, ok, State#{handlers =>
+        emqx_config:deep_put(ConfKeyPath, Handlers, #{?MOD => HandlerName})}};
+
+handle_call({update_config, ConfKeyPath, UpdateReq}, _From,
+        #{raw_config := RawConf, handlers := Handlers} = State) ->
+    try {RootKeys, Conf} = do_update_config(ConfKeyPath, Handlers, RawConf, UpdateReq),
+        {reply, save_configs(RootKeys, Conf), State#{raw_config => Conf}}
+    catch
+        throw: Reason ->
+            {reply, {error, Reason}, State};
+        Error : Reason : ST ->
+            ?LOG(error, "update config failed: ~p", [{Error, Reason, ST}]),
+            {reply, {error, Reason}, State}
+    end;
 
 handle_call(_Request, _From, State) ->
     Reply = ok,
     {reply, Reply, State}.
 
-handle_cast({handle_update_config, Config}, #state{handler_name = HandlerName,
-        parent = Parent, key_path = ConfKeyPath} = State) ->
-    %% accumulate the config map of this config handler
-    OldConfigMap = emqx_config:get(ConfKeyPath, undefined),
-    SubConfigMap = case erlang:function_exported(HandlerName, handle_update_config, 2) of
-        true -> HandlerName:handle_update_config(Config, OldConfigMap);
-        false -> wrap_sub_config(ConfKeyPath, Config)
-    end,
-    %% then notify the parent handler
-    update_config(Parent, SubConfigMap),
-    {noreply, State};
-
 handle_cast(_Msg, State) ->
     {noreply, State}.
 
@@ -118,17 +121,100 @@ terminate(_Reason, _State) ->
 code_change(_OldVsn, State, _Extra) ->
     {ok, State}.
 
-%%============================================================================
-save_config_to_disk(ConfigMap) ->
-    Filename = filename:join([emqx_data_dir(), "emqx_override.conf"]),
-    case file:write_file(Filename, jsx:encode(ConfigMap)) of
-        ok -> ok;
-        {error, Reason} -> logger:error("write to ~s failed, ~p", [Filename, Reason])
+do_update_config([], Handlers, OldConf, UpdateReq) ->
+    call_handle_update_config(Handlers, OldConf, UpdateReq);
+do_update_config([ConfKey | ConfKeyPath], Handlers, OldConf, UpdateReq) ->
+    SubOldConf = get_sub_config(ConfKey, OldConf),
+    case maps:find(ConfKey, Handlers) of
+        error -> throw({handler_not_found, ConfKey});
+        {ok, SubHandlers} ->
+            NewUpdateReq = do_update_config(ConfKeyPath, SubHandlers, SubOldConf, UpdateReq),
+            call_handle_update_config(Handlers, OldConf, #{bin(ConfKey) => NewUpdateReq})
     end.
 
-emqx_data_dir() ->
-    %emqx_config:get([node, data_dir])
-    "data".
+get_sub_config(_, undefined) ->
+    undefined;
+get_sub_config(ConfKey, OldConf) when is_map(OldConf) ->
+    maps:get(bin(ConfKey), OldConf, undefined);
+get_sub_config(_, OldConf) ->
+    OldConf.
 
-wrap_sub_config(ConfKeyPath, Config) ->
-    emqx_config:deep_put(ConfKeyPath, #{}, Config).
+call_handle_update_config(Handlers, OldConf, UpdateReq) ->
+    HandlerName = maps:get(?MOD, Handlers, undefined),
+    case erlang:function_exported(HandlerName, handle_update_config, 2) of
+        true -> HandlerName:handle_update_config(UpdateReq, OldConf);
+        false -> UpdateReq %% the default behaviour is overwriting the old config
+    end.
+
+%% callbacks for the top-level handler
+handle_update_config(UpdateReq, OldConf) ->
+    FullRawConf = merge_to_old_config(UpdateReq, OldConf),
+    {maps:keys(UpdateReq), FullRawConf}.
+
+%% default callback of config handlers
+merge_to_old_config(UpdateReq, undefined) ->
+    merge_to_old_config(UpdateReq, #{});
+merge_to_old_config(UpdateReq, RawConf) ->
+    maps:merge(RawConf, UpdateReq).
+
+%%============================================================================
+save_configs(RootKeys, Conf0) ->
+    {_MappedEnvs, Conf1} = hocon_schema:map_translate(emqx_schema, to_richmap(Conf0), #{}),
+    %save_config_to_app_env(MappedEnvs),
+    save_config_to_emqx_config(hocon_schema:richmap_to_map(Conf1)),
+    save_config_to_disk(RootKeys, Conf0).
+
+%% We may need also support hot config update for the apps that use application envs.
+%% If so uncomment the following lines to update the configs to application env
+% save_config_to_app_env(MappedEnvs) ->
+%     lists:foreach(fun({AppName, Envs}) ->
+%             [application:set_env(AppName, Par, Val) || {Par, Val} <- Envs]
+%         end, MappedEnvs).
+
+save_config_to_emqx_config(Conf) ->
+    emqx_config:put(emqx_config:unsafe_atom_key_map(Conf)).
+
+save_config_to_disk(RootKeys, Conf) ->
+    FileName = emqx_override_conf_name(),
+    OldConf = read_old_config(FileName),
+    %% We don't save the overall config to file, but only the sub configs
+    %% under RootKeys
+    write_new_config(FileName,
+        maps:merge(OldConf, maps:with(RootKeys, Conf))).
+
+write_new_config(FileName, Conf) ->
+    case file:write_file(FileName, jsx:prettify(jsx:encode(Conf))) of
+        ok -> ok;
+        {error, Reason} ->
+            logger:error("write to ~s failed, ~p", [FileName, Reason]),
+            {error, Reason}
+    end.
+
+read_old_config(FileName) ->
+    case file:read_file(FileName) of
+        {ok, Text} ->
+            try jsx:decode(Text, [{return_maps, true}]) of
+                Conf when is_map(Conf) -> Conf;
+                _ -> #{}
+            catch _Err : _Reason ->
+                #{}
+            end;
+        _ -> #{}
+    end.
+
+emqx_conf_name() ->
+    filename:join([etc_dir(), "emqx.conf"]).
+
+emqx_override_conf_name() ->
+    filename:join([emqx:get_env(data_dir), "emqx_override.conf"]).
+
+etc_dir() ->
+    emqx:get_env(etc_dir).
+
+to_richmap(Map) ->
+    {ok, RichMap} = hocon:binary(jsx:encode(Map), #{format => richmap}),
+    RichMap.
+
+bin(A) when is_atom(A) -> list_to_binary(atom_to_list(A));
+bin(B) when is_binary(B) -> B;
+bin(S) when is_list(S) -> list_to_binary(S).
diff --git a/apps/emqx/src/emqx_plugins.erl b/apps/emqx/src/emqx_plugins.erl
index bda537f47..2f39edcb4 100644
--- a/apps/emqx/src/emqx_plugins.erl
+++ b/apps/emqx/src/emqx_plugins.erl
@@ -30,8 +30,6 @@
         , reload/1
         , list/0
         , find_plugin/1
-        , generate_configs/1
-        , apply_configs/1
         ]).
 
 -export([funlog/2]).
@@ -173,15 +171,7 @@ load_ext_plugin(PluginDir) ->
                       ?LOG(alert, "plugin_app_file_not_found: ~s", [AppFile]),
                       error({plugin_app_file_not_found, AppFile})
               end,
-    ok = load_plugin_app(AppName, Ebin),
-    try
-        ok = generate_configs(AppName, PluginDir)
-    catch
-        throw : {conf_file_not_found, ConfFile} ->
-            %% this is maybe a dependency of an external plugin
-            ?LOG(debug, "config_load_error_ignored for app=~p, path=~s", [AppName, ConfFile]),
-            ok
-    end.
+    load_plugin_app(AppName, Ebin).
 
 load_plugin_app(AppName, Ebin) ->
     _ = code:add_patha(Ebin),
@@ -246,7 +236,6 @@ plugin(AppName, Type) ->
 
 load_plugin(Name, Persistent) ->
     try
-        ok = ?MODULE:generate_configs(Name),
         case load_app(Name) of
             ok ->
                 start_app(Name, fun(App) -> plugin_loaded(App, Persistent) end);
@@ -362,77 +351,5 @@ plugin_type(backend) -> backend;
 plugin_type(bridge) -> bridge;
 plugin_type(_) -> feature.
 
-
 funlog(Key, Value) ->
     ?LOG(info, "~s = ~p", [string:join(Key, "."), Value]).
-
-generate_configs(App) ->
-    PluginConfDir = emqx:get_env(plugins_etc_dir),
-    PluginSchemaDir = code:priv_dir(App),
-    generate_configs(App, PluginConfDir, PluginSchemaDir).
-
-generate_configs(App, PluginDir) ->
-    PluginConfDir = filename:join([PluginDir, "etc"]),
-    PluginSchemaDir = filename:join([PluginDir, "priv"]),
-    generate_configs(App, PluginConfDir, PluginSchemaDir).
-
-generate_configs(App, PluginConfDir, PluginSchemaDir) ->
-    ConfigFile = filename:join([PluginConfDir, App]) ++ ".config",
-    case filelib:is_file(ConfigFile) of
-        true ->
-            {ok, [Configs]} = file:consult(ConfigFile),
-            apply_configs(Configs);
-        false ->
-            SchemaFile = filename:join([PluginSchemaDir, App]) ++ ".schema",
-            case filelib:is_file(SchemaFile) of
-                true ->
-                    AppsEnv = do_generate_configs(App),
-                    apply_configs(AppsEnv);
-                false ->
-                    SchemaMod = lists:concat([App, "_schema"]),
-                    ConfName = filename:join([PluginConfDir, App]) ++ ".conf",
-                    SchemaFile1 = filename:join([code:lib_dir(App), "ebin", SchemaMod]) ++ ".beam",
-                    do_generate_hocon_configs(App, ConfName, SchemaFile1)
-            end
-    end.
-
-do_generate_configs(App) ->
-    Name1 = filename:join([emqx:get_env(plugins_etc_dir), App]) ++ ".conf",
-    Name2 = filename:join([code:lib_dir(App), "etc", App]) ++ ".conf",
-    ConfFile = case {filelib:is_file(Name1), filelib:is_file(Name2)} of
-                   {true, _} -> Name1;
-                   {false, true} -> Name2;
-                   {false, false} -> error({config_not_found, [Name1, Name2]})
-               end,
-    SchemaFile = filename:join([code:priv_dir(App), App]) ++ ".schema",
-    case filelib:is_file(SchemaFile) of
-        true ->
-            Schema = cuttlefish_schema:files([SchemaFile]),
-            Conf = cuttlefish_conf:file(ConfFile),
-            cuttlefish_generator:map(Schema, Conf, undefined, fun ?MODULE:funlog/2);
-        false ->
-            error({schema_not_found, SchemaFile})
-    end.
-
-do_generate_hocon_configs(App, ConfName, SchemaFile) ->
-    SchemaMod = lists:concat([App, "_schema"]),
-    case {filelib:is_file(ConfName), filelib:is_file(SchemaFile)} of
-        {true, true} ->
-            {ok, RawConfig} = hocon:load(ConfName, #{format => richmap}),
-            Config = hocon_schema:check(list_to_atom(SchemaMod), RawConfig, #{atom_key => true,
-                                                                              return_plain => true}),
-            emqx_config_handler:update_config(emqx_config_handler, Config);
-        {true, false} ->
-            error({schema_not_found, [SchemaFile]});
-        {false, true} ->
-            error({config_not_found, [ConfName]});
-        {false, false} ->
-            error({conf_and_schema_not_found, [ConfName, SchemaFile]})
-    end.
-
-apply_configs([]) ->
-    ok;
-apply_configs([{App, Config} | More]) ->
-    lists:foreach(fun({Key, _}) -> application:unset_env(App, Key) end, application:get_all_env(App)),
-    lists:foreach(fun({Key, Val}) -> application:set_env(App, Key, Val) end, Config),
-    apply_configs(More).
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index cb631ea22..d090f26f1 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -50,9 +50,22 @@
 -export([conf_get/2, conf_get/3, keys/2, filter/1]).
 -export([ssl/2, tr_ssl/2, tr_password_hash/2]).
 
+%% will be used by emqx_ct_helper to find the dependent apps
+-export([includes/0]).
+
 structs() -> ["cluster", "node", "rpc", "log", "lager",
               "acl", "mqtt", "zone", "listener", "module", "broker",
-              "plugins", "sysmon", "os_mon", "vm_mon", "alarm", "telemetry"].
+              "plugins", "sysmon", "os_mon", "vm_mon", "alarm", "telemetry"]
+             ++ includes().
+
+-ifdef(TEST).
+includes() ->[].
+-else.
+includes() ->
+    [ "emqx_data_bridge"
+    , "emqx_telemetry"
+    ].
+-endif.
 
 fields("cluster") ->
     [ {"name", t(atom(), "ekka.cluster_name", emqxcl)}
@@ -119,6 +132,7 @@ fields("node") ->
                                        override_env => "EMQX_NODE_COOKIE"
                                       })}
     , {"data_dir", t(string(), "emqx.data_dir", undefined)}
+    , {"etc_dir", t(string(), "emqx.etc_dir", undefined)}
     , {"heartbeat", t(flag(), undefined, false)}
     , {"async_threads", t(range(1, 1024), "vm_args.+A", undefined)}
     , {"process_limit", t(integer(), "vm_args.+P", undefined)}
@@ -163,7 +177,7 @@ fields("log") ->
     , {"chars_limit", t(integer(), undefined, -1)}
     , {"supervisor_reports", t(union([error, progress]), undefined, error)}
     , {"max_depth", t(union([infinity, integer()]),
-                      "kernel.error_logger_format_depth", 20)}
+                      "kernel.error_logger_format_depth", 80)}
     , {"formatter", t(union([text, json]), undefined, text)}
     , {"single_line", t(boolean(), undefined, true)}
     , {"rotation", ref("rotation")}
@@ -467,8 +481,11 @@ fields("telemetry") ->
     [ {"enabled", t(boolean(), undefined, false)}
     , {"url", t(string(), undefined, "https://telemetry-emqx-io.bigpar.vercel.app/api/telemetry")}
     , {"report_interval", t(duration_s(), undefined, "7d")}
-    ].
+    ];
 
+fields(ExtraField) ->
+    Mod = list_to_atom(ExtraField),
+    Mod:fields(ExtraField).
 
 translations() -> ["ekka", "vm_args", "gen_rpc", "kernel", "emqx"].
 
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge.erl b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
index 2c5b52d8e..fe2900b7f 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
@@ -22,14 +22,44 @@
         , resource_id_to_name/1
         , list_bridges/0
         , is_bridge/1
+        , config_key_path/0
+        , update_config/1
         ]).
 
+-export([structs/0, fields/1]).
+
+%%======================================================================================
+%% Hocon Schema Definitions
+
+-define(BRIDGE_FIELDS(T),
+    [{name, hoconsc:t(typerefl:binary())},
+     {type, hoconsc:t(typerefl:atom(T))},
+     {config, hoconsc:t(hoconsc:ref(list_to_atom("emqx_connector_"++atom_to_list(T)), ""))}]).
+
+-define(TYPES, [mysql, pgsql, mongo, redis, ldap]).
+-define(BRIDGES, [hoconsc:ref(?MODULE, T) || T <- ?TYPES]).
+
+structs() -> ["emqx_data_bridge"].
+
+fields("emqx_data_bridge") ->
+    [{bridges, #{type => hoconsc:array(hoconsc:union(?BRIDGES)),
+                 default => []}}];
+
+fields(mysql) -> ?BRIDGE_FIELDS(mysql);
+fields(pgsql) -> ?BRIDGE_FIELDS(pgsql);
+fields(mongo) -> ?BRIDGE_FIELDS(mongo);
+fields(redis) -> ?BRIDGE_FIELDS(redis);
+fields(ldap) -> ?BRIDGE_FIELDS(ldap).
+
+%%======================================================================================
+
 load_bridges() ->
-    ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?MODULE]) ++ ".conf",
-    {ok, RawConfig} = hocon:load(ConfFile, #{format => richmap}),
-    #{emqx_data_bridge := #{bridges := Bridges}} =
-        hocon_schema:check(emqx_data_bridge_schema, RawConfig,
-            #{atom_key => true, return_plain => true}),
+    % ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?MODULE]) ++ ".conf",
+    % {ok, RawConfig} = hocon:load(ConfFile, #{format => richmap}),
+    % #{emqx_data_bridge := #{bridges := Bridges}} =
+    %     hocon_schema:check(emqx_data_bridge_schema, RawConfig,
+    %         #{atom_key => true, return_plain => true}),
+    Bridges = emqx_config:get([emqx_data_bridge, bridges], []),
     emqx_data_bridge_monitor:ensure_all_started(Bridges).
 
 resource_type(mysql) -> emqx_connector_mysql;
@@ -57,3 +87,9 @@ is_bridge(#{id := <<"bridge:", _/binary>>}) ->
     true;
 is_bridge(_Data) ->
     false.
+
+config_key_path() ->
+    [emqx_data_bridge, bridges].
+
+update_config(ConfigReq) ->
+    emqx_config_handler:update_config(config_key_path(), ConfigReq).
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge_api.erl b/apps/emqx_data_bridge/src/emqx_data_bridge_api.erl
index c0992fc46..7b1b4981d 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge_api.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge_api.erl
@@ -57,6 +57,8 @@
         , delete_bridge/2
         ]).
 
+-define(BRIDGE(N, T, C), #{<<"name">> => N, <<"type">> => T, <<"config">> => C}).
+
 list_bridges(_Binding, _Params) ->
     {200, #{code => 0, data => [format_api_reply(Data) ||
         Data <- emqx_data_bridge:list_bridges()]}}.
@@ -74,10 +76,9 @@ create_bridge(#{name := Name}, Params) ->
     BridgeType = proplists:get_value(<<"type">>, Params),
     case emqx_resource:check_and_create(
             emqx_data_bridge:name_to_resource_id(Name),
-            emqx_data_bridge:resource_type(BridgeType), Config) of
+            emqx_data_bridge:resource_type(atom(BridgeType)), maps:from_list(Config)) of
         {ok, Data} ->
-            update_config(),
-            {200, #{code => 0, data => format_api_reply(emqx_resource_api:format_data(Data))}};
+            update_config_and_reply(Name, BridgeType, Config, Data);
         {error, already_created} ->
             {400, #{code => 102, message => <<"bridge already created: ", Name/binary>>}};
         {error, Reason0} ->
@@ -91,10 +92,9 @@ update_bridge(#{name := Name}, Params) ->
     BridgeType = proplists:get_value(<<"type">>, Params),
     case emqx_resource:check_and_update(
             emqx_data_bridge:name_to_resource_id(Name),
-            emqx_data_bridge:resource_type(BridgeType), Config, []) of
+            emqx_data_bridge:resource_type(atom(BridgeType)), maps:from_list(Config), []) of
         {ok, Data} ->
-            update_config(),
-            {200, #{code => 0, data => format_api_reply(emqx_resource_api:format_data(Data))}};
+            update_config_and_reply(Name, BridgeType, Config, Data);
         {error, not_found} ->
             {400, #{code => 102, message => <<"bridge not_found: ", Name/binary>>}};
         {error, Reason0} ->
@@ -105,9 +105,7 @@ update_bridge(#{name := Name}, Params) ->
 
 delete_bridge(#{name := Name}, _Params) ->
     case emqx_resource:remove(emqx_data_bridge:name_to_resource_id(Name)) of
-        ok ->
-            update_config(),
-            {200, #{code => 0, data => #{}}};
+        ok -> delete_config_and_reply(Name);
         {error, Reason} ->
             {500, #{code => 102, message => emqx_resource_api:stringnify(Reason)}}
     end.
@@ -117,12 +115,28 @@ format_api_reply(#{resource_type := Type, id := Id, config := Conf, status := St
       name => emqx_data_bridge:resource_id_to_name(Id),
       config => Conf, status => Status}.
 
-format_conf(#{resource_type := Type, id := Id, config := Conf}) ->
-    #{type => Type, name => emqx_data_bridge:resource_id_to_name(Id),
-      config => Conf}.
+% format_conf(#{resource_type := Type, id := Id, config := Conf}) ->
+%     #{type => Type, name => emqx_data_bridge:resource_id_to_name(Id),
+%       config => Conf}.
 
-get_all_configs() ->
-    [format_conf(Data) || Data <- emqx_data_bridge:list_bridges()].
+% get_all_configs() ->
+%     [format_conf(Data) || Data <- emqx_data_bridge:list_bridges()].
 
-update_config() ->
-    emqx_config_handler:update_config(emqx_data_bridge_config_handler, get_all_configs()).
+update_config_and_reply(Name, BridgeType, Config, Data) ->
+    case emqx_data_bridge:update_config({update, ?BRIDGE(Name, BridgeType, Config)}) of
+        ok ->
+            {200, #{code => 0, data => format_api_reply(
+                        emqx_resource_api:format_data(Data))}};
+        {error, Reason} ->
+            {500, #{code => 102, message => emqx_resource_api:stringnify(Reason)}}
+    end.
+
+delete_config_and_reply(Name) ->
+    case emqx_data_bridge:update_config({delete, Name}) of
+        ok -> {200, #{code => 0, data => #{}}};
+        {error, Reason} ->
+            {500, #{code => 102, message => emqx_resource_api:stringnify(Reason)}}
+    end.
+
+atom(B) when is_binary(B) ->
+    list_to_existing_atom(binary_to_list(B)).
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge_app.erl b/apps/emqx_data_bridge/src/emqx_data_bridge_app.erl
index 90ab8056f..967791643 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge_app.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge_app.erl
@@ -17,14 +17,26 @@
 
 -behaviour(application).
 
--export([start/2, stop/1]).
+-behaviour(emqx_config_handler).
+
+-export([start/2, stop/1, handle_update_config/2]).
 
 start(_StartType, _StartArgs) ->
     {ok, Sup} = emqx_data_bridge_sup:start_link(),
     ok = emqx_data_bridge:load_bridges(),
+    emqx_config_handler:add_handler(emqx_data_bridge:config_key_path(), ?MODULE),
     {ok, Sup}.
 
 stop(_State) ->
     ok.
 
 %% internal functions
+handle_update_config({update, Bridge = #{<<"name">> := Name}}, OldConf) ->
+    [Bridge | remove_bridge(Name, OldConf)];
+handle_update_config({delete, Name}, OldConf) ->
+    remove_bridge(Name, OldConf).
+
+remove_bridge(_Name, undefined) ->
+    [];
+remove_bridge(Name, OldConf) ->
+    [B || B = #{<<"name">> := Name0} <- OldConf, Name0 =/= Name].
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl b/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
deleted file mode 100644
index 2c974029c..000000000
--- a/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
+++ /dev/null
@@ -1,23 +0,0 @@
--module(emqx_data_bridge_schema).
-
--export([structs/0, fields/1]).
-
--define(BRIDGE_FIELDS(T),
-    [{name, hoconsc:t(typerefl:binary())},
-     {type, hoconsc:t(typerefl:atom(T))},
-     {config, hoconsc:t(hoconsc:ref(list_to_atom("emqx_connector_"++atom_to_list(T)), ""))}]).
-
--define(TYPES, [mysql, pgsql, mongo, redis, ldap]).
--define(BRIDGES, [hoconsc:ref(T) || T <- ?TYPES]).
-
-structs() -> [emqx_data_bridge].
-
-fields(emqx_data_bridge) ->
-    [{bridges, #{type => hoconsc:array(hoconsc:union(?BRIDGES)),
-                 default => []}}];
-
-fields(mysql) -> ?BRIDGE_FIELDS(mysql);
-fields(pgsql) -> ?BRIDGE_FIELDS(pgsql);
-fields(mongo) -> ?BRIDGE_FIELDS(mongo);
-fields(redis) -> ?BRIDGE_FIELDS(redis);
-fields(ldap) -> ?BRIDGE_FIELDS(ldap).
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge_sup.erl b/apps/emqx_data_bridge/src/emqx_data_bridge_sup.erl
index 3ac1af7b2..a699a72a0 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge_sup.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge_sup.erl
@@ -35,13 +35,8 @@ init([]) ->
           start => {emqx_data_bridge_monitor, start_link, []},
           restart => permanent,
           type => worker,
-          modules => [emqx_data_bridge_monitor]},
-        emqx_config_handler:child_spec(emqx_data_bridge_config_handler, emqx_config_handler,
-            config_key_path())
+          modules => [emqx_data_bridge_monitor]}
     ],
     {ok, {SupFlags, ChildSpecs}}.
 
 %% internal functions
-
-config_key_path() ->
-    [emqx_data_bridge, bridges].
diff --git a/apps/emqx_management/src/emqx_mgmt_http.erl b/apps/emqx_management/src/emqx_mgmt_http.erl
index b902e486e..4b927a982 100644
--- a/apps/emqx_management/src/emqx_mgmt_http.erl
+++ b/apps/emqx_management/src/emqx_mgmt_http.erl
@@ -84,7 +84,7 @@ listener_name(Proto) ->
     list_to_atom(atom_to_list(Proto) ++ ":management").
 
 http_handlers() ->
-    Apps = [ App || {App, _, _} <- application:which_applications(),
+    Apps = [ App || {App, _, _} <- application:loaded_applications(),
                     case re:run(atom_to_list(App), "^emqx") of
                         {match,[{0,4}]} -> true;
                         _ -> false
diff --git a/apps/emqx_resource/examples/demo.md b/apps/emqx_resource/examples/demo.md
index 76b9dee19..0a15be7c5 100644
--- a/apps/emqx_resource/examples/demo.md
+++ b/apps/emqx_resource/examples/demo.md
@@ -77,7 +77,7 @@ emqx_resource:query(ResourceID, {sql, SQL}).
          <<"keyfile">> => [],<<"password">> => "public",
          <<"pool_size">> => 1,
          <<"server">> => {{127,0,0,1},3306},
-         <<"ssl">> => false,<<"user">> => "root",
+         <<"ssl">> => false,<<"username">> => "root",
          <<"verify">> => false},
    id => <<"bridge:mysql-def">>,mod => emqx_connector_mysql,
    state => #{poolname => 'bridge:mysql-def'},
@@ -107,7 +107,7 @@ BridgeMySQL='{
     "status": "started",
     "config": {
       "verify": false,
-      "user": "root",
+      "username": "root",
       "ssl": false,
       "server": "127.0.0.1:3306",
       "pool_size": 1,
@@ -135,7 +135,7 @@ BridgeMySQL='{
     "status": "started",
     "config": {
       "verify": false,
-      "user": "root",
+      "username": "root",
       "ssl": false,
       "server": "127.0.0.1:3306",
       "pool_size": 2,
diff --git a/apps/emqx_telemetry/src/emqx_telemetry.erl b/apps/emqx_telemetry/src/emqx_telemetry.erl
index ea4017dc9..dba22e85b 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry.erl
+++ b/apps/emqx_telemetry/src/emqx_telemetry.erl
@@ -16,6 +16,10 @@
 
 -module(emqx_telemetry).
 
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
 -behaviour(gen_server).
 
 -include_lib("emqx/include/emqx.hrl").
@@ -36,6 +40,9 @@
         , stop/0
         ]).
 
+-export([ structs/0
+        , fields/1]).
+
 %% gen_server callbacks
 -export([ init/1
         , handle_call/3
@@ -90,6 +97,12 @@
 
 -define(TELEMETRY, emqx_telemetry).
 
+%%--------------------------------------------------------------------
+structs() -> ["emqx_telemetry"].
+
+fields("emqx_telemetry") ->
+    [{enabled, emqx_schema:t(boolean(), undefined, false)}].
+
 %%--------------------------------------------------------------------
 %% Mnesia bootstrap
 %%--------------------------------------------------------------------
diff --git a/apps/emqx_telemetry/src/emqx_telemetry_app.erl b/apps/emqx_telemetry/src/emqx_telemetry_app.erl
index 8a5b34627..89a30393b 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry_app.erl
+++ b/apps/emqx_telemetry/src/emqx_telemetry_app.erl
@@ -25,13 +25,6 @@
         ]).
 
 start(_Type, _Args) ->
-    %% TODO
-    %% After the relevant code for building hocon configuration will be deleted
-    %% Get the configuration using emqx_config:get
-    ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?APP]) ++ ".conf",
-    {ok, RawConfig} = hocon:load(ConfFile),
-    Config = hocon_schema:check_plain(emqx_telemetry_schema, RawConfig, #{atom_key => true}),
-    emqx_config_handler:update_config(emqx_config_handler, Config),
     Enabled = emqx_config:get([?APP, enabled], true),
     emqx_telemetry_sup:start_link([{enabled, Enabled}]).
 
diff --git a/apps/emqx_telemetry/src/emqx_telemetry_schema.erl b/apps/emqx_telemetry/src/emqx_telemetry_schema.erl
deleted file mode 100644
index 1a60ac946..000000000
--- a/apps/emqx_telemetry/src/emqx_telemetry_schema.erl
+++ /dev/null
@@ -1,13 +0,0 @@
--module(emqx_telemetry_schema).
-
--include_lib("typerefl/include/types.hrl").
-
--behaviour(hocon_schema).
-
--export([ structs/0
-        , fields/1]).
-
-structs() -> ["emqx_telemetry"].
-
-fields("emqx_telemetry") ->
-    [{enabled, emqx_schema:t(boolean(), undefined, false)}].
diff --git a/rebar.config b/rebar.config
index 6bf220ac4..257674431 100644
--- a/rebar.config
+++ b/rebar.config
@@ -53,7 +53,7 @@
     , {observer_cli, "1.6.1"} % NOTE: depends on recon 2.5.1
     , {getopt, "1.0.1"}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
-    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.7.0"}}}
+    , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.9.0"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
     ]}.
 
diff --git a/rebar.config.erl b/rebar.config.erl
index 3b44f6956..35e751cc8 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -104,7 +104,8 @@ test_plugins() ->
 
 test_deps() ->
     [ {bbmustache, "1.10.0"}
-    , {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "2.0.0"}}}
+    %, {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {tag, "2.0.0"}}}
+    , {emqx_ct_helpers, {git, "https://github.com/emqx/emqx-ct-helpers", {branch, "hocon"}}}
     , meck
     ].
 

From 6f0f670550f392721e123c8992440d851d8d63d8 Mon Sep 17 00:00:00 2001
From: Rory Z <zhanghongtong@foxmail.com>
Date: Fri, 25 Jun 2021 11:47:57 +0800
Subject: [PATCH 099/174] feat(redis connector): redis connector support
 cluster (#5074)

---
 apps/emqx_authz/etc/emqx_authz.conf           |   2 +-
 apps/emqx_authz/src/emqx_authz.erl            |   4 +-
 apps/emqx_authz/src/emqx_authz_schema.erl     |  10 +-
 .../test/emqx_authz_redis_SUITE.erl           |   7 +-
 .../emqx_connector/src/emqx_connector.app.src |   1 +
 .../src/emqx_connector_redis.erl              | 104 ++++++++++++------
 rebar.config                                  |   2 +-
 7 files changed, 89 insertions(+), 41 deletions(-)

diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf
index b97bc12f0..ec8f642b1 100644
--- a/apps/emqx_authz/etc/emqx_authz.conf
+++ b/apps/emqx_authz/etc/emqx_authz.conf
@@ -29,7 +29,7 @@ authz:{
        # {
        #     type: redis
        #     config: {
-       #        servers: "127.0.0.1:6379"
+       #        server: "127.0.0.1:6379"
        #        database: 0
        #        pool_size: 1
        #        password: public
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index 0880ef4ae..24393a4b0 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -70,14 +70,14 @@ create_resource(#{<<"type">> := DB,
     case emqx_resource:check_and_create(
             ResourceID,
             list_to_existing_atom(io_lib:format("~s_~s",[emqx_connector, DB])),
-            Config)
+            #{<<"config">> => Config })
     of
         {ok, _} ->
             Rule#{<<"resource_id">> => ResourceID};
         {error, already_created} ->
             Rule#{<<"resource_id">> => ResourceID};
         {error, Reason} ->
-            error({load_sql_error, Reason})
+            error({load_config_error, Reason})
     end.
 
 -spec(compile(rule()) -> rule()).
diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl
index 1801583c8..04d1b2268 100644
--- a/apps/emqx_authz/src/emqx_authz_schema.erl
+++ b/apps/emqx_authz/src/emqx_authz_schema.erl
@@ -19,9 +19,15 @@ fields(authz) ->
 fields(redis_connector) ->
     [ {principal, principal()}
     , {type, #{type => hoconsc:enum([redis])}}
-    , {config, #{type => map()}}
+    , {config, #{type => hoconsc:union(
+                         [ hoconsc:ref(emqx_connector_redis, cluster)
+                         , hoconsc:ref(emqx_connector_redis, sentinel)
+                         , hoconsc:ref(emqx_connector_redis, single)
+                         ])}
+      }
     , {cmd, query()}
     ];
+
 fields(sql_connector) ->
     [ {principal, principal() }
     , {type, #{type => hoconsc:enum([mysql, pgsql])}}
@@ -33,7 +39,7 @@ fields(simple_rule) ->
     , {action,   #{type => action()}}
     , {topics,   #{type => union_array(
                              [ binary()
-                             , hoconsc:ref(eq_topic) 
+                             , hoconsc:ref(eq_topic)
                              ]
                             )}}
     , {principal, principal()}
diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
index e4b49dd5a..3f8bea166 100644
--- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
@@ -51,7 +51,12 @@ set_special_configs(emqx_authz) ->
                         emqx_ct_helpers:deps_path(emqx_authz, "test")),
     Conf = #{<<"authz">> =>
              #{<<"rules">> =>
-               [#{<<"config">> =>#{<<"meck">> => <<"fake">>},
+               [#{<<"config">> =>#{
+                    <<"server">> => <<"127.0.0.1:6379">>,
+                    <<"password">> => <<"public">>,
+                    <<"pool_size">> => 1,
+                    <<"auto_reconnect">> => true
+                  },
                   <<"principal">> => all,
                   <<"cmd">> => <<"fake cmd">>,
                   <<"type">> => redis}
diff --git a/apps/emqx_connector/src/emqx_connector.app.src b/apps/emqx_connector/src/emqx_connector.app.src
index a821b8f13..5ff7d0828 100644
--- a/apps/emqx_connector/src/emqx_connector.app.src
+++ b/apps/emqx_connector/src/emqx_connector.app.src
@@ -7,6 +7,7 @@
    [kernel,
     stdlib,
     emqx_resource,
+    eredis_cluster,
     ecpool
    ]},
   {env,[]},
diff --git a/apps/emqx_connector/src/emqx_connector_redis.erl b/apps/emqx_connector/src/emqx_connector_redis.erl
index 32ec81616..1aa6263b6 100644
--- a/apps/emqx_connector/src/emqx_connector_redis.erl
+++ b/apps/emqx_connector/src/emqx_connector_redis.erl
@@ -19,6 +19,11 @@
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
+-type server() :: tuple().
+-reflect_type([server/0]).
+-typerefl_from_string({server/0, ?MODULE, to_server}).
+-export([to_server/1]).
+
 -export([structs/0, fields/1]).
 
 %% callbacks of behaviour emqx_resource
@@ -39,29 +44,67 @@
 structs() -> [""].
 
 fields("") ->
+    [ {config, #{type => hoconsc:union(
+                  [ hoconsc:ref(cluster)
+                  , hoconsc:ref(single)
+                  , hoconsc:ref(sentinel)
+                  ])}
+      }
+    ];
+fields(single) ->
+    [ {server, #{type => server()}}
+    , {redis_type, #{type => hoconsc:enum([single]),
+                     default => single}}
+    ] ++
+    redis_fields() ++
+    emqx_connector_schema_lib:ssl_fields();
+fields(cluster) ->
+    [ {servers, #{type => hoconsc:array(server())}}
+    , {redis_type, #{type => hoconsc:enum([cluster]),
+                     default => cluster}}
+    ] ++
+    redis_fields() ++
+    emqx_connector_schema_lib:ssl_fields();
+fields(sentinel) ->
+    [ {servers, #{type => hoconsc:array(server())}}
+    , {redis_type, #{type => hoconsc:enum([sentinel]),
+                     default => sentinel}}
+    , {sentinel, #{type => string()}}
+    ] ++
     redis_fields() ++
-    redis_sentinel_fields() ++
     emqx_connector_schema_lib:ssl_fields().
 
 on_jsonify(Config) ->
     Config.
 
 %% ===================================================================
-on_start(InstId, #{servers := Servers,
-                   redis_type := Type,
-                   database := Database,
-                   pool_size := PoolSize,
-                   auto_reconnect := AutoReconn} = Config) ->
+on_start(InstId, #{config :=#{redis_type := Type,
+                              database := Database,
+                              pool_size := PoolSize,
+                              auto_reconnect := AutoReconn} = Config}) ->
     logger:info("starting redis connector: ~p, config: ~p", [InstId, Config]),
-    SslOpts = init_ssl_opts(Config, InstId),
+    Servers = case Type of
+                single -> [{servers, [maps:get(server, Config)]}];
+                _ ->[{servers, maps:get(servers, Config)}]
+              end,
     Opts = [{pool_size, PoolSize},
             {database, Database},
             {password, maps:get(password, Config, "")},
-            {auto_reconnect, reconn_interval(AutoReconn)},
-            {servers, Servers}],
-    Options = [{options, SslOpts}, {sentinel, maps:get(sentinel, Config, undefined)}],
+            {auto_reconnect, reconn_interval(AutoReconn)}
+           ] ++ Servers,
+    Options = init_ssl_opts(Config, InstId) ++
+              [{sentinel, maps:get(sentinel, Config, undefined)}],
     PoolName = emqx_plugin_libs_pool:pool_name(InstId),
-    _ = emqx_plugin_libs_pool:start_pool(PoolName, ?MODULE, Opts ++ Options),
+    case Type of
+        cluster ->
+            case eredis_cluster:start_pool(PoolName, Opts ++ [{options, Options}]) of
+                {ok, _} -> ok;
+                {ok, _, _} -> ok;
+                {error, Reason} -> error(connect_redis_cluster_failed, Reason)
+            end;
+        _ ->
+            _ = emqx_plugin_libs_pool:start_pool(PoolName, ?MODULE, Opts ++ [{options, Options}])
+    end,
     {ok, #{poolname => PoolName, type => Type}}.
 
 on_stop(InstId, #{poolname := PoolName}) ->
@@ -70,7 +113,11 @@ on_stop(InstId, #{poolname := PoolName}) ->
 
 on_query(InstId, {cmd, Command}, AfterCommand, #{poolname := PoolName, type := Type} = State) ->
     logger:debug("redis connector ~p received cmd query: ~p, at state: ~p", [InstId, Command, State]),
-    case Result = ecpool:pick_and_do(PoolName, {?MODULE, cmd, [Type, Command]}, no_handover) of
+    Result = case Type of
+                 cluster -> eredis_cluster:q(PoolName, Command);
+                 _ -> ecpool:pick_and_do(PoolName, {?MODULE, cmd, [Type, Command]}, no_handover)
+             end,
+    case Result of
         {error, Reason} ->
             logger:debug("redis connector ~p do cmd query failed, cmd: ~p, reason: ~p", [InstId, Command, Reason]),
             emqx_resource:query_failed(AfterCommand);
@@ -79,15 +126,15 @@ on_query(InstId, {cmd, Command}, AfterCommand, #{poolname := PoolName, type := T
     end,
     Result.
 
-on_health_check(_InstId, #{type := cluster, poolname := PoolName}) ->
+on_health_check(_InstId, #{type := cluster, poolname := PoolName} = State) ->
     Workers = lists:flatten([gen_server:call(PoolPid, get_all_workers) ||
                              PoolPid <- eredis_cluster_monitor:get_all_pools(PoolName)]),
     case length(Workers) > 0 andalso lists:all(
             fun({_, Pid, _, _}) ->
                 eredis_cluster_pool_worker:is_connected(Pid) =:= true
             end, Workers) of
-        true -> {ok, true};
-        false -> {error, false}
+        true -> {ok, State};
+        false -> {error, test_query_failed, State}
     end;
 on_health_check(_InstId, #{poolname := PoolName} = State) ->
     emqx_plugin_libs_pool:health_check(PoolName, fun ?MODULE:do_health_check/1, State).
@@ -118,26 +165,15 @@ init_ssl_opts(_Config, _InstId) ->
     [{ssl, false}].
 
 redis_fields() ->
-    [ {redis_type, fun redis_type/1}
-    , {servers, fun emqx_connector_schema_lib:servers/1}
-    , {pool_size, fun emqx_connector_schema_lib:pool_size/1}
+    [ {pool_size, fun emqx_connector_schema_lib:pool_size/1}
     , {password, fun emqx_connector_schema_lib:password/1}
-    , {database, fun database/1}
+    , {database, #{type => integer(),
+                   default => 0}}
     , {auto_reconnect, fun emqx_connector_schema_lib:auto_reconnect/1}
     ].
 
-redis_sentinel_fields() ->
-    [ {sentinel, fun sentinel_name/1}
-    ].
-
-sentinel_name(type) -> binary();
-sentinel_name(nullable) -> true;
-sentinel_name(_) -> undefined.
-
-redis_type(type) -> hoconsc:enum([single, sentinel, cluster]);
-redis_type(default) -> single;
-redis_type(_) -> undefined.
-
-database(type) -> integer();
-database(default) -> 0;
-database(_) -> undefined.
+to_server(Server) ->
+    case string:tokens(Server, ":") of
+        [Host, Port] -> {ok, {Host, list_to_integer(Port)}};
+        _ -> {error, Server}
+    end.
diff --git a/rebar.config b/rebar.config
index 257674431..e12ca02ba 100644
--- a/rebar.config
+++ b/rebar.config
@@ -35,7 +35,7 @@
 {deps,
     [ {gpb, "4.11.2"} %% gpb only used to build, but not for release, pin it here to avoid fetching a wrong version due to rebar plugins scattered in all the deps
     , {ehttpc, {git, "https://github.com/emqx/ehttpc", {tag, "0.1.6"}}}
-    , {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.6"}}}
+    , {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.7"}}}
     , {gproc, {git, "https://github.com/uwiger/gproc", {tag, "0.8.0"}}}
     , {jiffy, {git, "https://github.com/emqx/jiffy", {tag, "1.0.5"}}}
     , {cowboy, {git, "https://github.com/emqx/cowboy", {tag, "2.8.2"}}}

From d77352168f18933e5da8ce2293db030b43c70d39 Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Fri, 25 Jun 2021 12:46:57 +0800
Subject: [PATCH 100/174] Reference to foreign schema definitions in
 emqx_schema (#5090)

---
 apps/emqx/src/emqx_config_handler.erl         |  2 +-
 apps/emqx/src/emqx_schema.erl                 |  2 +-
 .../emqx_data_bridge/src/emqx_data_bridge.erl | 32 -------------------
 .../src/emqx_data_bridge_schema.erl           | 26 +++++++++++++++
 apps/emqx_telemetry/src/emqx_telemetry.erl    | 13 --------
 .../src/emqx_telemetry_schema.erl             | 13 ++++++++
 6 files changed, 41 insertions(+), 47 deletions(-)
 create mode 100644 apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
 create mode 100644 apps/emqx_telemetry/src/emqx_telemetry_schema.erl

diff --git a/apps/emqx/src/emqx_config_handler.erl b/apps/emqx/src/emqx_config_handler.erl
index 20aa0b5f8..9b655c327 100644
--- a/apps/emqx/src/emqx_config_handler.erl
+++ b/apps/emqx/src/emqx_config_handler.erl
@@ -81,7 +81,7 @@ get_raw_config() ->
 init(_) ->
     {ok, RawConf} = hocon:load(emqx_conf_name(), #{format => richmap}),
     {_MappedEnvs, Conf} = hocon_schema:map_translate(emqx_schema, RawConf, #{}),
-    ok = save_config_to_emqx_config(Conf),
+    ok = save_config_to_emqx_config(hocon_schema:richmap_to_map(Conf)),
     {ok, #{raw_config => hocon_schema:richmap_to_map(RawConf),
            handlers => #{?MOD => ?MODULE}}}.
 
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index d090f26f1..4570528c2 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -484,7 +484,7 @@ fields("telemetry") ->
     ];
 
 fields(ExtraField) ->
-    Mod = list_to_atom(ExtraField),
+    Mod = list_to_atom(ExtraField++"_schema"),
     Mod:fields(ExtraField).
 
 translations() -> ["ekka", "vm_args", "gen_rpc", "kernel", "emqx"].
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge.erl b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
index fe2900b7f..ccd6a0074 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
@@ -26,39 +26,7 @@
         , update_config/1
         ]).
 
--export([structs/0, fields/1]).
-
-%%======================================================================================
-%% Hocon Schema Definitions
-
--define(BRIDGE_FIELDS(T),
-    [{name, hoconsc:t(typerefl:binary())},
-     {type, hoconsc:t(typerefl:atom(T))},
-     {config, hoconsc:t(hoconsc:ref(list_to_atom("emqx_connector_"++atom_to_list(T)), ""))}]).
-
--define(TYPES, [mysql, pgsql, mongo, redis, ldap]).
--define(BRIDGES, [hoconsc:ref(?MODULE, T) || T <- ?TYPES]).
-
-structs() -> ["emqx_data_bridge"].
-
-fields("emqx_data_bridge") ->
-    [{bridges, #{type => hoconsc:array(hoconsc:union(?BRIDGES)),
-                 default => []}}];
-
-fields(mysql) -> ?BRIDGE_FIELDS(mysql);
-fields(pgsql) -> ?BRIDGE_FIELDS(pgsql);
-fields(mongo) -> ?BRIDGE_FIELDS(mongo);
-fields(redis) -> ?BRIDGE_FIELDS(redis);
-fields(ldap) -> ?BRIDGE_FIELDS(ldap).
-
-%%======================================================================================
-
 load_bridges() ->
-    % ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?MODULE]) ++ ".conf",
-    % {ok, RawConfig} = hocon:load(ConfFile, #{format => richmap}),
-    % #{emqx_data_bridge := #{bridges := Bridges}} =
-    %     hocon_schema:check(emqx_data_bridge_schema, RawConfig,
-    %         #{atom_key => true, return_plain => true}),
     Bridges = emqx_config:get([emqx_data_bridge, bridges], []),
     emqx_data_bridge_monitor:ensure_all_started(Bridges).
 
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl b/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
new file mode 100644
index 000000000..1ba7f2fc5
--- /dev/null
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
@@ -0,0 +1,26 @@
+-module(emqx_data_bridge_schema).
+
+-export([structs/0, fields/1]).
+
+%%======================================================================================
+%% Hocon Schema Definitions
+
+-define(BRIDGE_FIELDS(T),
+    [{name, hoconsc:t(typerefl:binary())},
+     {type, hoconsc:t(typerefl:atom(T))},
+     {config, hoconsc:t(hoconsc:ref(list_to_atom("emqx_connector_"++atom_to_list(T)), ""))}]).
+
+-define(TYPES, [mysql, pgsql, mongo, redis, ldap]).
+-define(BRIDGES, [hoconsc:ref(?MODULE, T) || T <- ?TYPES]).
+
+structs() -> ["emqx_data_bridge"].
+
+fields("emqx_data_bridge") ->
+    [{bridges, #{type => hoconsc:array(hoconsc:union(?BRIDGES)),
+                 default => []}}];
+
+fields(mysql) -> ?BRIDGE_FIELDS(mysql);
+fields(pgsql) -> ?BRIDGE_FIELDS(pgsql);
+fields(mongo) -> ?BRIDGE_FIELDS(mongo);
+fields(redis) -> ?BRIDGE_FIELDS(redis);
+fields(ldap) -> ?BRIDGE_FIELDS(ldap).
\ No newline at end of file
diff --git a/apps/emqx_telemetry/src/emqx_telemetry.erl b/apps/emqx_telemetry/src/emqx_telemetry.erl
index dba22e85b..ea4017dc9 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry.erl
+++ b/apps/emqx_telemetry/src/emqx_telemetry.erl
@@ -16,10 +16,6 @@
 
 -module(emqx_telemetry).
 
--include_lib("typerefl/include/types.hrl").
-
--behaviour(hocon_schema).
-
 -behaviour(gen_server).
 
 -include_lib("emqx/include/emqx.hrl").
@@ -40,9 +36,6 @@
         , stop/0
         ]).
 
--export([ structs/0
-        , fields/1]).
-
 %% gen_server callbacks
 -export([ init/1
         , handle_call/3
@@ -97,12 +90,6 @@
 
 -define(TELEMETRY, emqx_telemetry).
 
-%%--------------------------------------------------------------------
-structs() -> ["emqx_telemetry"].
-
-fields("emqx_telemetry") ->
-    [{enabled, emqx_schema:t(boolean(), undefined, false)}].
-
 %%--------------------------------------------------------------------
 %% Mnesia bootstrap
 %%--------------------------------------------------------------------
diff --git a/apps/emqx_telemetry/src/emqx_telemetry_schema.erl b/apps/emqx_telemetry/src/emqx_telemetry_schema.erl
new file mode 100644
index 000000000..4d5cab684
--- /dev/null
+++ b/apps/emqx_telemetry/src/emqx_telemetry_schema.erl
@@ -0,0 +1,13 @@
+-module(emqx_telemetry_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+        , fields/1]).
+
+structs() -> ["emqx_telemetry"].
+
+fields("emqx_telemetry") ->
+    [{enabled, emqx_schema:t(boolean(), undefined, false)}].
\ No newline at end of file

From cc1f57ff01d33449eaf146a25703e1602865330b Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Fri, 25 Jun 2021 15:40:28 +0800
Subject: [PATCH 101/174] Add some APIs for emqx_config (#5095)

---
 apps/emqx/src/emqx_config.erl                 | 103 ++++++++++++++----
 apps/emqx/src/emqx_config_handler.erl         |  64 +++++------
 .../emqx_data_bridge/src/emqx_data_bridge.erl |   2 +-
 3 files changed, 113 insertions(+), 56 deletions(-)

diff --git a/apps/emqx/src/emqx_config.erl b/apps/emqx/src/emqx_config.erl
index 61423f9af..3d431f6a8 100644
--- a/apps/emqx/src/emqx_config.erl
+++ b/apps/emqx/src/emqx_config.erl
@@ -18,43 +18,95 @@
 -compile({no_auto_import, [get/0, get/1]}).
 
 -export([ get/0
+        , get/1
         , get/2
         , put/1
         , put/2
+        ]).
+
+-export([ update_config/2
+        ]).
+
+%% raw configs is the config that is now parsed and tranlated by hocon schema
+-export([ get_raw/0
+        , get_raw/1
+        , get_raw/2
+        , put_raw/1
+        , put_raw/2
+        ]).
+
+-export([ deep_get/2
         , deep_get/3
         , deep_put/3
         , safe_atom_key_map/1
         , unsafe_atom_key_map/1
         ]).
 
--spec get() -> term().
-get() ->
-    persistent_term:get(?MODULE, #{}).
+-define(CONF, ?MODULE).
+-define(RAW_CONF, {?MODULE, raw}).
 
--spec get([atom()], term()) -> term().
+-export_type([update_request/0, raw_config/0, config_key/0, config_key_path/0]).
+-type update_request() :: term().
+-type raw_config() :: hocon:config() | undefined.
+-type config_key() :: atom() | binary().
+-type config_key_path() :: [config_key()].
+
+-spec get() -> map().
+get() ->
+    persistent_term:get(?CONF, #{}).
+
+-spec get(config_key_path()) -> term().
+get(KeyPath) ->
+    deep_get(KeyPath, get()).
+
+-spec get(config_key_path(), term()) -> term().
 get(KeyPath, Default) ->
     deep_get(KeyPath, get(), Default).
 
--spec deep_get([atom()], map(), term()) -> term().
-deep_get([], Map, _Default) ->
-    Map;
-deep_get([Key | KeyPath], Map, Default) when is_map(Map) ->
-    case maps:find(Key, Map) of
-        {ok, SubMap} -> deep_get(KeyPath, SubMap, Default);
-        error -> Default
-    end;
-deep_get([_Key | _KeyPath], _Map, Default) ->
-    Default.
-
--spec put(term()) -> ok.
+-spec put(map()) -> ok.
 put(Config) ->
-    persistent_term:put(?MODULE, Config).
+    persistent_term:put(?CONF, Config).
 
--spec put([atom()], term()) -> ok.
+-spec put(config_key_path(), term()) -> ok.
 put(KeyPath, Config) ->
     put(deep_put(KeyPath, get(), Config)).
 
--spec deep_put([atom()], map(), term()) -> ok.
+-spec update_config(config_key_path(), update_request()) ->
+    ok | {error, term()}.
+update_config(ConfKeyPath, UpdateReq) ->
+    emqx_config_handler:update_config(ConfKeyPath, UpdateReq, get_raw()).
+
+-spec get_raw() -> map().
+get_raw() ->
+    persistent_term:get(?RAW_CONF, #{}).
+
+-spec get_raw(config_key_path()) -> term().
+get_raw(KeyPath) ->
+    deep_get(KeyPath, get_raw()).
+
+-spec get_raw(config_key_path(), term()) -> term().
+get_raw(KeyPath, Default) ->
+    deep_get(KeyPath, get_raw(), Default).
+
+-spec put_raw(map()) -> ok.
+put_raw(Config) ->
+    persistent_term:put(?RAW_CONF, Config).
+
+-spec put_raw(config_key_path(), term()) -> ok.
+put_raw(KeyPath, Config) ->
+    put_raw(deep_put(KeyPath, get_raw(), Config)).
+
+%%-----------------------------------------------------------------
+-spec deep_get(config_key_path(), map()) -> term().
+deep_get(ConfKeyPath, Map) ->
+    do_deep_get(ConfKeyPath, Map, fun(KeyPath, Data) ->
+        error({not_found, KeyPath, Data}) end).
+
+-spec deep_get(config_key_path(), map(), term()) -> term().
+deep_get(ConfKeyPath, Map, Default) ->
+    do_deep_get(ConfKeyPath, Map, fun(_, _) -> Default end).
+
+-spec deep_put(config_key_path(), map(), term()) -> map().
 deep_put([], Map, Config) when is_map(Map) ->
     Config;
 deep_put([Key | KeyPath], Map, Config) ->
@@ -67,6 +119,19 @@ unsafe_atom_key_map(Map) ->
 safe_atom_key_map(Map) ->
     covert_keys_to_atom(Map, fun(K) -> binary_to_existing_atom(K, utf8) end).
 
+%%---------------------------------------------------------------------------
+
+-spec do_deep_get(config_key_path(), map(), fun((config_key(), term()) -> any())) -> term().
+do_deep_get([], Map, _) ->
+    Map;
+do_deep_get([Key | KeyPath], Map, OnNotFound) when is_map(Map) ->
+    case maps:find(Key, Map) of
+        {ok, SubMap} -> do_deep_get(KeyPath, SubMap, OnNotFound);
+        error -> OnNotFound(Key, Map)
+    end;
+do_deep_get([Key | _KeyPath], Data, OnNotFound) ->
+    OnNotFound(Key, Data).
+
 covert_keys_to_atom(BinKeyMap, Conv) when is_map(BinKeyMap) ->
     maps:fold(
         fun(K, V, Acc) when is_binary(K) ->
diff --git a/apps/emqx/src/emqx_config_handler.erl b/apps/emqx/src/emqx_config_handler.erl
index 9b655c327..bc915d778 100644
--- a/apps/emqx/src/emqx_config_handler.erl
+++ b/apps/emqx/src/emqx_config_handler.erl
@@ -24,8 +24,7 @@
 %% API functions
 -export([ start_link/0
         , add_handler/2
-        , update_config/2
-        , get_raw_config/0
+        , update_config/3
         , merge_to_old_config/2
         ]).
 
@@ -43,60 +42,49 @@
 
 -define(MOD, {mod}).
 
--type update_request() :: term().
--type raw_config() :: hocon:config() | undefined.
--type config_key() :: atom().
 -type handler_name() :: module().
--type config_key_path() :: [atom()].
--type handlers() :: #{config_key() => handlers(), ?MOD => handler_name()}.
+-type handlers() :: #{emqx_config:config_key() => handlers(), ?MOD => handler_name()}.
 
 -optional_callbacks([handle_update_config/2]).
 
--callback handle_update_config(update_request(), raw_config()) -> update_request().
+-callback handle_update_config(emqx_config:update_request(), emqx_config:raw_config()) ->
+    emqx_config:update_request().
 
 -type state() :: #{
     handlers := handlers(),
-    raw_config := raw_config(),
     atom() => term()
 }.
 
 start_link() ->
     gen_server:start_link({local, ?MODULE}, ?MODULE, {}, []).
 
--spec update_config(config_key_path(), update_request()) -> ok | {error, term()}.
-update_config(ConfKeyPath, UpdateReq) ->
-    gen_server:call(?MODULE, {update_config, ConfKeyPath, UpdateReq}).
+-spec update_config(emqx_config:config_key_path(), emqx_config:update_request(),
+        emqx_config:raw_config()) ->
+    ok | {error, term()}.
+update_config(ConfKeyPath, UpdateReq, RawConfig) ->
+    gen_server:call(?MODULE, {update_config, ConfKeyPath, UpdateReq, RawConfig}).
 
--spec add_handler(config_key_path(), handler_name()) -> ok.
+-spec add_handler(emqx_config:config_key_path(), handler_name()) -> ok.
 add_handler(ConfKeyPath, HandlerName) ->
     gen_server:call(?MODULE, {add_child, ConfKeyPath, HandlerName}).
 
--spec get_raw_config() -> raw_config().
-get_raw_config() ->
-    gen_server:call(?MODULE, get_raw_config).
-
 %%============================================================================
 
 -spec init(term()) -> {ok, state()}.
 init(_) ->
     {ok, RawConf} = hocon:load(emqx_conf_name(), #{format => richmap}),
     {_MappedEnvs, Conf} = hocon_schema:map_translate(emqx_schema, RawConf, #{}),
-    ok = save_config_to_emqx_config(hocon_schema:richmap_to_map(Conf)),
-    {ok, #{raw_config => hocon_schema:richmap_to_map(RawConf),
-           handlers => #{?MOD => ?MODULE}}}.
-
-handle_call(get_raw_config, _From, State = #{raw_config := RawConf}) ->
-    {reply, RawConf, State};
-
+    ok = save_config_to_emqx(to_plainmap(Conf), to_plainmap(RawConf)),
+    {ok, #{handlers => #{?MOD => ?MODULE}}}.
 handle_call({add_child, ConfKeyPath, HandlerName}, _From,
             State = #{handlers := Handlers}) ->
     {reply, ok, State#{handlers =>
         emqx_config:deep_put(ConfKeyPath, Handlers, #{?MOD => HandlerName})}};
 
-handle_call({update_config, ConfKeyPath, UpdateReq}, _From,
-        #{raw_config := RawConf, handlers := Handlers} = State) ->
+handle_call({update_config, ConfKeyPath, UpdateReq, RawConf}, _From,
+            #{handlers := Handlers} = State) ->
     try {RootKeys, Conf} = do_update_config(ConfKeyPath, Handlers, RawConf, UpdateReq),
-        {reply, save_configs(RootKeys, Conf), State#{raw_config => Conf}}
+        {reply, save_configs(RootKeys, Conf), State}
     catch
         throw: Reason ->
             {reply, {error, Reason}, State};
@@ -158,21 +146,22 @@ merge_to_old_config(UpdateReq, RawConf) ->
     maps:merge(RawConf, UpdateReq).
 
 %%============================================================================
-save_configs(RootKeys, Conf0) ->
-    {_MappedEnvs, Conf1} = hocon_schema:map_translate(emqx_schema, to_richmap(Conf0), #{}),
-    %save_config_to_app_env(MappedEnvs),
-    save_config_to_emqx_config(hocon_schema:richmap_to_map(Conf1)),
-    save_config_to_disk(RootKeys, Conf0).
+save_configs(RootKeys, RawConf) ->
+    {_MappedEnvs, Conf} = hocon_schema:map_translate(emqx_schema, to_richmap(RawConf), #{}),
+    %% We may need also support hot config update for the apps that use application envs.
+    %% If so uncomment the following line to update the configs to application env
+    %save_config_to_app_env(_MappedEnvs),
+    save_config_to_emqx(to_plainmap(Conf), RawConf),
+    save_config_to_disk(RootKeys, RawConf).
 
-%% We may need also support hot config update for the apps that use application envs.
-%% If so uncomment the following lines to update the configs to application env
 % save_config_to_app_env(MappedEnvs) ->
 %     lists:foreach(fun({AppName, Envs}) ->
 %             [application:set_env(AppName, Par, Val) || {Par, Val} <- Envs]
 %         end, MappedEnvs).
 
-save_config_to_emqx_config(Conf) ->
-    emqx_config:put(emqx_config:unsafe_atom_key_map(Conf)).
+save_config_to_emqx(Conf, RawConf) ->
+    emqx_config:put(emqx_config:unsafe_atom_key_map(Conf)),
+    emqx_config:put_raw(RawConf).
 
 save_config_to_disk(RootKeys, Conf) ->
     FileName = emqx_override_conf_name(),
@@ -215,6 +204,9 @@ to_richmap(Map) ->
     {ok, RichMap} = hocon:binary(jsx:encode(Map), #{format => richmap}),
     RichMap.
 
+to_plainmap(RichMap) ->
+    hocon_schema:richmap_to_map(RichMap).
+
 bin(A) when is_atom(A) -> list_to_binary(atom_to_list(A));
 bin(B) when is_binary(B) -> B;
 bin(S) when is_list(S) -> list_to_binary(S).
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge.erl b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
index ccd6a0074..e37b2f94b 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge.erl
@@ -60,4 +60,4 @@ config_key_path() ->
     [emqx_data_bridge, bridges].
 
 update_config(ConfigReq) ->
-    emqx_config_handler:update_config(config_key_path(), ConfigReq).
+    emqx_config:update_config(config_key_path(), ConfigReq).

From c9ac851d27ddccaac0b0843214cd292e6c2f851a Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 25 Jun 2021 14:49:25 +0800
Subject: [PATCH 102/174] feat(prometheus): Update the configuration file to
 hocon

---
 apps/emqx/src/emqx_schema.erl                 | 19 ++----------
 apps/emqx_prometheus/etc/emqx_prometheus.conf | 14 +++------
 .../priv/emqx_prometheus.schema               | 20 -------------
 .../src/emqx_prometheus.app.src               |  2 +-
 .../src/emqx_prometheus_app.erl               |  4 +--
 .../src/emqx_prometheus_schema.erl            | 30 +++++++++++++++++++
 6 files changed, 40 insertions(+), 49 deletions(-)
 delete mode 100644 apps/emqx_prometheus/priv/emqx_prometheus.schema
 create mode 100644 apps/emqx_prometheus/src/emqx_prometheus_schema.erl

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 4570528c2..8c1967ed3 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -55,7 +55,7 @@
 
 structs() -> ["cluster", "node", "rpc", "log", "lager",
               "acl", "mqtt", "zone", "listener", "module", "broker",
-              "plugins", "sysmon", "os_mon", "vm_mon", "alarm", "telemetry"]
+              "plugins", "sysmon", "os_mon", "vm_mon", "alarm"]
              ++ includes().
 
 -ifdef(TEST).
@@ -477,12 +477,6 @@ fields("alarm") ->
     , {"validity_period", t(duration_s(), undefined, "24h")}
     ];
 
-fields("telemetry") ->
-    [ {"enabled", t(boolean(), undefined, false)}
-    , {"url", t(string(), undefined, "https://telemetry-emqx-io.bigpar.vercel.app/api/telemetry")}
-    , {"report_interval", t(duration_s(), undefined, "7d")}
-    ];
-
 fields(ExtraField) ->
     Mod = list_to_atom(ExtraField++"_schema"),
     Mod:fields(ExtraField).
@@ -513,7 +507,6 @@ translation("emqx") ->
     , {"os_mon", fun tr_os_mon/1}
     , {"vm_mon", fun tr_vm_mon/1}
     , {"alarm", fun tr_alarm/1}
-    , {"telemetry", fun tr_telemetry/1}
     ].
 
 tr_cluster__discovery(Conf) ->
@@ -668,7 +661,7 @@ tr_zones(Conf) ->
 
 tr_listeners(Conf) ->
     Atom = fun(undefined) -> undefined;
-              (B) when is_binary(B)-> binary_to_atom(B);
+              (B) when is_binary(B)-> binary_to_atom(B, utf8);
               (S) when is_list(S) -> list_to_atom(S) end,
 
     Access = fun(S) ->
@@ -836,7 +829,7 @@ tr_modules(Conf) ->
 
 tr_sysmon(Conf) ->
     Keys = maps:to_list(conf_get("sysmon", Conf, #{})),
-    [{binary_to_atom(K), maps:get(value, V)} || {K, V} <- Keys].
+    [{binary_to_atom(K, utf8), maps:get(value, V)} || {K, V} <- Keys].
 
 tr_os_mon(Conf) ->
     [{cpu_check_interval, conf_get("os_mon.cpu_check_interval", Conf)}
@@ -859,12 +852,6 @@ tr_alarm(Conf) ->
     , {validity_period, conf_get("alarm.validity_period", Conf)}
     ].
 
-tr_telemetry(Conf) ->
-    [ {enabled,         conf_get("telemetry.enabled", Conf)}
-    , {url,             conf_get("telemetry.url", Conf)}
-    , {report_interval, conf_get("telemetry.report_interval", Conf)}
-    ].
-
 %% helpers
 
 options(static, Conf) ->
diff --git a/apps/emqx_prometheus/etc/emqx_prometheus.conf b/apps/emqx_prometheus/etc/emqx_prometheus.conf
index 92e0d850d..c450846fe 100644
--- a/apps/emqx_prometheus/etc/emqx_prometheus.conf
+++ b/apps/emqx_prometheus/etc/emqx_prometheus.conf
@@ -1,13 +1,7 @@
 ##--------------------------------------------------------------------
 ## emqx_prometheus for EMQ X
 ##--------------------------------------------------------------------
-
-## The Prometheus Push Gateway URL address
-##
-## Note: You can comment out this line to disable it
-prometheus.push.gateway.server = "http://127.0.0.1:9091"
-
-## The metrics data push interval (millisecond)
-##
-## Default: 15000
-prometheus.interval = 15000
+emqx_prometheus:{
+    push_gateway_server: "http://127.0.0.1:9091"
+    interval: "15s"
+}
diff --git a/apps/emqx_prometheus/priv/emqx_prometheus.schema b/apps/emqx_prometheus/priv/emqx_prometheus.schema
deleted file mode 100644
index d946813c5..000000000
--- a/apps/emqx_prometheus/priv/emqx_prometheus.schema
+++ /dev/null
@@ -1,20 +0,0 @@
-%% -*-: erlang -*-
-%% emqx_prometheus config
-
-{mapping, "prometheus.push.gateway.server", "emqx_prometheus.push_gateway", [
-  {datatype, string}
-]}.
-
-{mapping, "prometheus.interval", "emqx_prometheus.interval", [
-  {default, 5000},
-  {datatype, integer}
-]}.
-
-{mapping, "prometheus.collector.$name", "prometheus.collectors", [
-  {datatype, atom}
-]}.
-
-{translation, "prometheus.collectors", fun(Conf) ->
-  Collectors = cuttlefish_variable:filter_by_prefix("prometheus.collector", Conf),
-  lists:map(fun({_, Collector}) -> Collector end, Collectors)
-end}.
diff --git a/apps/emqx_prometheus/src/emqx_prometheus.app.src b/apps/emqx_prometheus/src/emqx_prometheus.app.src
index b96608edb..62105ff0b 100644
--- a/apps/emqx_prometheus/src/emqx_prometheus.app.src
+++ b/apps/emqx_prometheus/src/emqx_prometheus.app.src
@@ -1,6 +1,6 @@
 {application, emqx_prometheus,
  [{description, "Prometheus for EMQ X"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
+  {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_prometheus_sup]},
   {applications, [kernel,stdlib,prometheus]},
diff --git a/apps/emqx_prometheus/src/emqx_prometheus_app.erl b/apps/emqx_prometheus/src/emqx_prometheus_app.erl
index df0701551..9024bd583 100644
--- a/apps/emqx_prometheus/src/emqx_prometheus_app.erl
+++ b/apps/emqx_prometheus/src/emqx_prometheus_app.erl
@@ -28,8 +28,8 @@
 -define(APP, emqx_prometheus).
 
 start(_StartType, _StartArgs) ->
-    PushGateway = application:get_env(?APP, push_gateway, undefined),
-    Interval = application:get_env(?APP, interval, 5000),
+    PushGateway = emqx_config:get([?APP, push_gateway_server], undefined),
+    Interval = emqx_config:get([?APP, interval], 15000),
     emqx_prometheus_sup:start_link(PushGateway, Interval).
 
 stop(_State) ->
diff --git a/apps/emqx_prometheus/src/emqx_prometheus_schema.erl b/apps/emqx_prometheus/src/emqx_prometheus_schema.erl
new file mode 100644
index 000000000..486362e7b
--- /dev/null
+++ b/apps/emqx_prometheus/src/emqx_prometheus_schema.erl
@@ -0,0 +1,30 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+-module(emqx_prometheus_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+        , fields/1]).
+
+structs() -> ["emqx_prometheus"].
+
+fields("emqx_prometheus") ->
+    [ {push_gateway_server, emqx_schema:t(string())}
+    , {interval, emqx_schema:t(emqx_schema:duration_ms(), undefined, "15s")}
+    ].

From 89529ec4fad628307cbb93b907e233c85a461de1 Mon Sep 17 00:00:00 2001
From: turtleDeng <deng@emqx.io>
Date: Fri, 25 Jun 2021 17:06:30 +0800
Subject: [PATCH 103/174] chore: reset plugin conf generate (#5094)

* chore: reset plugin conf generate

* fix(plugin): check dialyzer fail

* chore: rm emqx_management_schema.erl file

* fix(plugin): check dialyzer fail

* fix(plugin): fix check ct fail

* fix(plugin): check dialyzer fail
---
 apps/emqx/src/emqx_config.erl  |  1 +
 apps/emqx/src/emqx_plugins.erl | 86 +++++++++++++++++++++++++++++++++-
 2 files changed, 86 insertions(+), 1 deletion(-)

diff --git a/apps/emqx/src/emqx_config.erl b/apps/emqx/src/emqx_config.erl
index 3d431f6a8..213eb7a8b 100644
--- a/apps/emqx/src/emqx_config.erl
+++ b/apps/emqx/src/emqx_config.erl
@@ -97,6 +97,7 @@ put_raw(KeyPath, Config) ->
     put_raw(deep_put(KeyPath, get_raw(), Config)).
 
 %%-----------------------------------------------------------------
+-dialyzer([{nowarn_function, [deep_get/2]}]).
 -spec deep_get(config_key_path(), map()) -> term().
 deep_get(ConfKeyPath, Map) ->
     do_deep_get(ConfKeyPath, Map, fun(KeyPath, Data) ->
diff --git a/apps/emqx/src/emqx_plugins.erl b/apps/emqx/src/emqx_plugins.erl
index 2f39edcb4..8abc2b21f 100644
--- a/apps/emqx/src/emqx_plugins.erl
+++ b/apps/emqx/src/emqx_plugins.erl
@@ -30,6 +30,8 @@
         , reload/1
         , list/0
         , find_plugin/1
+        , generate_configs/1
+        , apply_configs/1
         ]).
 
 -export([funlog/2]).
@@ -171,7 +173,15 @@ load_ext_plugin(PluginDir) ->
                       ?LOG(alert, "plugin_app_file_not_found: ~s", [AppFile]),
                       error({plugin_app_file_not_found, AppFile})
               end,
-    load_plugin_app(AppName, Ebin).
+    ok = load_plugin_app(AppName, Ebin),
+    try
+        ok = generate_configs(AppName, PluginDir)
+    catch
+        throw : {conf_file_not_found, ConfFile} ->
+            %% this is maybe a dependency of an external plugin
+            ?LOG(debug, "config_load_error_ignored for app=~p, path=~s", [AppName, ConfFile]),
+            ok
+    end.
 
 load_plugin_app(AppName, Ebin) ->
     _ = code:add_patha(Ebin),
@@ -236,6 +246,7 @@ plugin(AppName, Type) ->
 
 load_plugin(Name, Persistent) ->
     try
+        ok = ?MODULE:generate_configs(Name),
         case load_app(Name) of
             ok ->
                 start_app(Name, fun(App) -> plugin_loaded(App, Persistent) end);
@@ -351,5 +362,78 @@ plugin_type(backend) -> backend;
 plugin_type(bridge) -> bridge;
 plugin_type(_) -> feature.
 
+
 funlog(Key, Value) ->
     ?LOG(info, "~s = ~p", [string:join(Key, "."), Value]).
+
+generate_configs(App) ->
+    PluginConfDir = emqx:get_env(plugins_etc_dir),
+    PluginSchemaDir = code:priv_dir(App),
+    generate_configs(App, PluginConfDir, PluginSchemaDir).
+
+generate_configs(App, PluginDir) ->
+    PluginConfDir = filename:join([PluginDir, "etc"]),
+    PluginSchemaDir = filename:join([PluginDir, "priv"]),
+    generate_configs(App, PluginConfDir, PluginSchemaDir).
+
+generate_configs(App, PluginConfDir, PluginSchemaDir) ->
+    ConfigFile = filename:join([PluginConfDir, App]) ++ ".config",
+    case filelib:is_file(ConfigFile) of
+        true ->
+            {ok, [Configs]} = file:consult(ConfigFile),
+            apply_configs(Configs);
+        false ->
+            SchemaFile = filename:join([PluginSchemaDir, App]) ++ ".schema",
+            case filelib:is_file(SchemaFile) of
+                true ->
+                    AppsEnv = do_generate_configs(App),
+                    apply_configs(AppsEnv);
+                false ->
+                    SchemaMod = lists:concat([App, "_schema"]),
+                    ConfName = filename:join([PluginConfDir, App]) ++ ".conf",
+                    SchemaFile1 = filename:join([code:lib_dir(App), "ebin", SchemaMod]) ++ ".beam",
+                    do_generate_hocon_configs(App, ConfName, SchemaFile1)
+            end
+    end.
+
+do_generate_configs(App) ->
+    Name1 = filename:join([emqx:get_env(plugins_etc_dir), App]) ++ ".conf",
+    Name2 = filename:join([code:lib_dir(App), "etc", App]) ++ ".conf",
+    ConfFile = case {filelib:is_file(Name1), filelib:is_file(Name2)} of
+                   {true, _} -> Name1;
+                   {false, true} -> Name2;
+                   {false, false} -> error({config_not_found, [Name1, Name2]})
+               end,
+    SchemaFile = filename:join([code:priv_dir(App), App]) ++ ".schema",
+    case filelib:is_file(SchemaFile) of
+        true ->
+            Schema = cuttlefish_schema:files([SchemaFile]),
+            Conf = cuttlefish_conf:file(ConfFile),
+            cuttlefish_generator:map(Schema, Conf, undefined, fun ?MODULE:funlog/2);
+        false ->
+            error({schema_not_found, SchemaFile})
+    end.
+
+do_generate_hocon_configs(App, ConfName, SchemaFile) ->
+    SchemaMod = lists:concat([App, "_schema"]),
+    case {filelib:is_file(ConfName), filelib:is_file(SchemaFile)} of
+        {true, true} ->
+            {ok, RawConfig} = hocon:load(ConfName, #{format => richmap}),
+            _ = hocon_schema:check(list_to_atom(SchemaMod), RawConfig, #{atom_key => true,
+                                                                         return_plain => true}),
+            ok;
+            % emqx_config:update_config([App], Config);
+        {true, false} ->
+            error({schema_not_found, [SchemaFile]});
+        {false, true} ->
+            error({config_not_found, [ConfName]});
+        {false, false} ->
+            error({conf_and_schema_not_found, [ConfName, SchemaFile]})
+    end.
+
+apply_configs([]) ->
+    ok;
+apply_configs([{App, Config} | More]) ->
+    lists:foreach(fun({Key, _}) -> application:unset_env(App, Key) end, application:get_all_env(App)),
+    lists:foreach(fun({Key, Val}) -> application:set_env(App, Key, Val) end, Config),
+    apply_configs(More).

From 78cbc2a19d6c97c3dd0b3adf5918b2e0183d01e0 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 25 Jun 2021 15:10:45 +0800
Subject: [PATCH 104/174] chore: move emqx_recon to emqx_modules plugin

---
 .../src/emqx_mod_recon.erl}                   |  30 ++++-
 apps/emqx_recon/.gitignore                    |  31 -----
 apps/emqx_recon/README.md                     |  61 ----------
 apps/emqx_recon/etc/emqx_recon.conf           |   4 -
 apps/emqx_recon/priv/emqx_recon.schema        |   9 --
 apps/emqx_recon/rebar.config                  |  18 ---
 apps/emqx_recon/src/emqx_recon.app.src        |  14 ---
 apps/emqx_recon/src/emqx_recon.erl            |  41 -------
 apps/emqx_recon/test/emqx_recon_SUITE.erl     | 114 ------------------
 data/loaded_modules.tmpl                      |   1 +
 data/loaded_plugins.tmpl                      |   1 -
 rebar.config.erl                              |   2 -
 12 files changed, 26 insertions(+), 300 deletions(-)
 rename apps/{emqx_recon/src/emqx_recon_cli.erl => emqx_modules/src/emqx_mod_recon.erl} (85%)
 delete mode 100644 apps/emqx_recon/.gitignore
 delete mode 100644 apps/emqx_recon/README.md
 delete mode 100644 apps/emqx_recon/etc/emqx_recon.conf
 delete mode 100644 apps/emqx_recon/priv/emqx_recon.schema
 delete mode 100644 apps/emqx_recon/rebar.config
 delete mode 100644 apps/emqx_recon/src/emqx_recon.app.src
 delete mode 100644 apps/emqx_recon/src/emqx_recon.erl
 delete mode 100644 apps/emqx_recon/test/emqx_recon_SUITE.erl

diff --git a/apps/emqx_recon/src/emqx_recon_cli.erl b/apps/emqx_modules/src/emqx_mod_recon.erl
similarity index 85%
rename from apps/emqx_recon/src/emqx_recon_cli.erl
rename to apps/emqx_modules/src/emqx_mod_recon.erl
index b4e3a52ab..38d046b10 100644
--- a/apps/emqx_recon/src/emqx_recon_cli.erl
+++ b/apps/emqx_modules/src/emqx_mod_recon.erl
@@ -14,13 +14,34 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
--module(emqx_recon_cli).
+-module(emqx_mod_recon).
 
--export([ cmd/1
-        , load/0
-        , unload/0
+-behaviour(emqx_gen_mod).
+
+%% emqx_gen_mod callbacks
+-export([ load/1
+        , unload/1
+        , description/0
         ]).
 
+-export([cmd/1]).
+
+
+%%--------------------------------------------------------------------
+%% Load/Unload
+%%--------------------------------------------------------------------
+
+-spec(load(list()) -> ok).
+load(_Env) ->
+    load().
+
+-spec(unload(list()) -> ok).
+unload(_Env) ->
+    unload().
+
+description() ->
+    "EMQ X Recon Module".
+
 load() ->
     emqx_ctl:register_command(recon, {?MODULE, cmd}, []).
 
@@ -69,4 +90,3 @@ remote_load(Module) -> remote_load(nodes(), Module).
 %% after OTP 23, it crashes with 'badarg' error
 remote_load([], _Module) -> ok;
 remote_load(Nodes, Module) -> recon:remote_load(Nodes, Module).
-
diff --git a/apps/emqx_recon/.gitignore b/apps/emqx_recon/.gitignore
deleted file mode 100644
index 3576f6e23..000000000
--- a/apps/emqx_recon/.gitignore
+++ /dev/null
@@ -1,31 +0,0 @@
-.rebar
-.eunit
-deps
-!deps/.placeholder
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-!ebin/.placeholder
-.exrc
-log/
-*.swp
-*.so
-.erlang.mk/
-logs/
-ct.coverdata
-test/ct.cover.spec
-.idea/
-emqx_recon.iml
-Mnesia.nonode@nohost/
-data/
-cover/
-emqx_recon.d
-eunit.coverdata
-.DS_Store
-_build/
-rebar.lock
-erlang.mk
-rebar3.crashdump
-.rebar3/
diff --git a/apps/emqx_recon/README.md b/apps/emqx_recon/README.md
deleted file mode 100644
index ca163be45..000000000
--- a/apps/emqx_recon/README.md
+++ /dev/null
@@ -1,61 +0,0 @@
-
-emqx-recon
-==========
-
-EMQ X Recon Debug/Optimize Plugin
-
-emqx_recon.conf
-----=----------
-
-```
-## Global GC Interval.
-##
-## Value: Duration
-##  - h: hour
-##  - m: minute
-##  - s: second
-##
-## Examples:
-##  - 2h:  2 hours
-##  - 30m: 30 minutes
-##  - 20s: 20 seconds
-##
-## Defaut: 5m
-recon.gc_interval = 5m
-```
-
-Load the Plugin
----------------
-
-```
-./bin/emqx_ctl plugins load emqx_recon
-```
-
-Commands
---------
-
-```
-./bin/emqx_ctl recon
-
-recon memory                            #recon_alloc:memory/2
-recon allocated                         #recon_alloc:memory(allocated_types, current|max)
-recon bin_leak                          #recon:bin_leak(100)
-recon node_stats                        #recon:node_stats(10, 1000)
-recon remote_load Mod                   #recon:remote_load(Mod)
-```
-
-GC
---
-
-When the plugin is loaded, global GC will run periodically.
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_recon/etc/emqx_recon.conf b/apps/emqx_recon/etc/emqx_recon.conf
deleted file mode 100644
index 1ca23bfc2..000000000
--- a/apps/emqx_recon/etc/emqx_recon.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-##--------------------------------------------------------------------
-## Recon Plugin
-##--------------------------------------------------------------------
-
diff --git a/apps/emqx_recon/priv/emqx_recon.schema b/apps/emqx_recon/priv/emqx_recon.schema
deleted file mode 100644
index 7436d0f8c..000000000
--- a/apps/emqx_recon/priv/emqx_recon.schema
+++ /dev/null
@@ -1,9 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx-recon config mapping
-
-%% @doc Global GC Interval
-%% {@configurable}
-%% {mapping, "recon.gc_interval", "emqx_recon.gc_interval", [
-%%  {datatype, {duration, s}}
-%% ]}.
-
diff --git a/apps/emqx_recon/rebar.config b/apps/emqx_recon/rebar.config
deleted file mode 100644
index 1a6f20d2b..000000000
--- a/apps/emqx_recon/rebar.config
+++ /dev/null
@@ -1,18 +0,0 @@
-{deps, [
-%% recon "https://github.com/ferd/recon" at root rebar.config
-]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info
-            ]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_recon/src/emqx_recon.app.src b/apps/emqx_recon/src/emqx_recon.app.src
deleted file mode 100644
index e25e2bbc5..000000000
--- a/apps/emqx_recon/src/emqx_recon.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_recon,
- [{description, "EMQ X Recon Plugin"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, []},
-  {applications, [kernel,stdlib,recon]},
-  {mod, {emqx_recon,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-recon"}
-          ]}
- ]}.
diff --git a/apps/emqx_recon/src/emqx_recon.erl b/apps/emqx_recon/src/emqx_recon.erl
deleted file mode 100644
index 67039c3ac..000000000
--- a/apps/emqx_recon/src/emqx_recon.erl
+++ /dev/null
@@ -1,41 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_recon).
-
--emqx_plugin(?MODULE).
-
--behaviour(application).
-
--export([start/2, stop/1]).
-
--behaviour(supervisor).
-
--export([init/1]).
-
--define(APP, ?MODULE).
--define(SUP, emqx_recon_sup).
-
-start(_StartType, _StartArgs) ->
-    emqx_recon_cli:load(),
-    supervisor:start_link({local, ?SUP}, ?MODULE, []).
-
-stop(_State) ->
-    emqx_recon_cli:unload().
-
-init([]) ->
-    {ok, {{one_for_one, 10, 100}, []}}.
-
diff --git a/apps/emqx_recon/test/emqx_recon_SUITE.erl b/apps/emqx_recon/test/emqx_recon_SUITE.erl
deleted file mode 100644
index 2abf8f709..000000000
--- a/apps/emqx_recon/test/emqx_recon_SUITE.erl
+++ /dev/null
@@ -1,114 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_recon_SUITE).
-
--compile(nowarn_export_all).
--compile(export_all).
-
--include_lib("eunit/include/eunit.hrl").
-
--define(output_patterns(V), ((V)++"")).
-
-all() -> [{group, cli}].
-
-groups() ->
-    [{cli, [sequence],
-      [cli_memory,
-       cli_allocated,
-       cli_bin_leak,
-       cli_node_stats,
-       cli_remote_load,
-       cli_usage]}
-    ].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_recon]),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_recon]).
-
-cli_memory(_) ->
-    mock_print(),
-    Output = emqx_recon_cli:cmd(["memory"]),
-    Zip = lists:zip(Output, [ ?output_patterns("usage/current")
-                            , ?output_patterns("usage/max")
-                            , ?output_patterns("used/current")
-                            , ?output_patterns("used/max")
-                            , ?output_patterns("allocated/current")
-                            , ?output_patterns("allocated/max")
-                            , ?output_patterns("unused/current")
-                            , ?output_patterns("unused/max")
-                            ]),
-    %ct:pal("=======~p", [Zip]),
-    [?assertMatch({match, _}, re:run(Line, Match, [{capture,all,list}]))
-     || {Line, Match} <- Zip],
-    unmock_print().
-
-cli_allocated(_) ->
-    mock_print(),
-    Output = emqx_recon_cli:cmd(["allocated"]),
-    Zip = lists:zip(Output, [ ?output_patterns("binary_alloc/current")
-                            , ?output_patterns("driver_alloc/current")
-                            , ?output_patterns("eheap_alloc/current")
-                            , ?output_patterns("ets_alloc/current")
-                            , ?output_patterns("fix_alloc/current")
-                            , ?output_patterns("ll_alloc/current")
-                            , ?output_patterns("sl_alloc/current")
-                            , ?output_patterns("std_alloc/current")
-                            , ?output_patterns("temp_alloc/current")
-                            , ?output_patterns("binary_alloc/max")
-                            , ?output_patterns("driver_alloc/max")
-                            , ?output_patterns("eheap_alloc/max")
-                            , ?output_patterns("ets_alloc/max")
-                            , ?output_patterns("fix_alloc/max")
-                            , ?output_patterns("ll_alloc/max")
-                            , ?output_patterns("sl_alloc/max")
-                            , ?output_patterns("std_alloc/max")
-                            , ?output_patterns("temp_alloc/max")
-                            ]),
-    ct:pal("=======~p", [Zip]),
-    [?assertMatch({match, _}, re:run(Line, Match, [{capture,all,list}]))
-     || {Line, Match} <- Zip],
-    unmock_print().
-
-cli_bin_leak(_) ->
-    mock_print(),
-    Output = emqx_recon_cli:cmd(["bin_leak"]),
-    [?assertMatch({match, _}, re:run(Line, "current_function", [{capture,all,list}]))
-     || Line <- Output],
-    unmock_print().
-
-cli_node_stats(_) ->
-    emqx_recon_cli:cmd(["node_stats"]).
-
-cli_remote_load(_) ->
-    emqx_recon_cli:cmd(["remote_load", "emqx_recon_cli"]).
-
-cli_usage(_) ->
-    emqx_recon_cli:cmd(["usage"]).
-
-mock_print() ->
-    catch meck:unload(emqx_ctl),
-    meck:new(emqx_ctl, [non_strict, passthrough]),
-    meck:expect(emqx_ctl, print, fun(Arg) -> emqx_ctl:format(Arg) end),
-    meck:expect(emqx_ctl, print, fun(Msg, Arg) -> emqx_ctl:format(Msg, Arg) end),
-    meck:expect(emqx_ctl, usage, fun(Usages) -> emqx_ctl:format_usage(Usages) end).
-
-unmock_print() ->
-    meck:unload().
-
diff --git a/data/loaded_modules.tmpl b/data/loaded_modules.tmpl
index f31e47900..8dfe6453e 100644
--- a/data/loaded_modules.tmpl
+++ b/data/loaded_modules.tmpl
@@ -1 +1,2 @@
 {emqx_mod_presence, true}.
+{emqx_mod_recon, true}.
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
index 5922f6dc5..c2b6311f2 100644
--- a/data/loaded_plugins.tmpl
+++ b/data/loaded_plugins.tmpl
@@ -1,7 +1,6 @@
 {emqx_management, true}.
 {emqx_dashboard, true}.
 {emqx_modules, {{enable_plugin_emqx_modules}}}.
-{emqx_recon, {{enable_plugin_emqx_recon}}}.
 {emqx_retainer, {{enable_plugin_emqx_retainer}}}.
 {emqx_rule_engine, {{enable_plugin_emqx_rule_engine}}}.
 {emqx_bridge_mqtt, {{enable_plugin_emqx_bridge_mqtt}}}.
diff --git a/rebar.config.erl b/rebar.config.erl
index 35e751cc8..339c848b9 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -195,7 +195,6 @@ overlay_vars_rel(RelType) ->
     [ {enable_plugin_emqx_rule_engine, RelType =:= cloud}
     , {enable_plugin_emqx_bridge_mqtt, RelType =:= edge}
     , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
-    , {enable_plugin_emqx_recon, true}
     , {enable_plugin_emqx_retainer, true}
     , {vm_args_file, VmArgs}
     ].
@@ -292,7 +291,6 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_auth_jwt
     , emqx_auth_mnesia
     , emqx_web_hook
-    , emqx_recon
     , emqx_rule_engine
     , emqx_sasl
     , emqx_statsd

From cbc782f5bfff4ff0da145bfd78ab4d8466c6795e Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 09:41:45 +0800
Subject: [PATCH 105/174] build: delete needless auth plugins

---
 apps/emqx_auth_http/.gitignore                |  25 --
 apps/emqx_auth_http/README.md                 | 100 -----
 apps/emqx_auth_http/etc/emqx_auth_http.conf   | 172 ---------
 .../emqx_auth_http/include/emqx_auth_http.hrl |  23 --
 .../emqx_auth_http/priv/emqx_auth_http.schema | 131 -------
 apps/emqx_auth_http/rebar.config              |  26 --
 apps/emqx_auth_http/src/emqx_acl_http.erl     |  88 -----
 apps/emqx_auth_http/src/emqx_auth_http.erl    | 112 ------
 .../emqx_auth_http/src/emqx_auth_http_cli.erl |  92 -----
 .../emqx_auth_http/src/emqx_auth_http_sup.erl |  29 --
 .../test/emqx_auth_http_SUITE.erl             | 257 -------------
 apps/emqx_auth_http/test/http_auth_server.erl | 152 --------
 apps/emqx_auth_jwt/.gitignore                 |  28 --
 apps/emqx_auth_jwt/README.md                  |  90 -----
 apps/emqx_auth_jwt/TODO.md                    |   2 -
 .../doc/hmac-vs-ecdsa-for-jwt.txt             |   3 -
 apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf     |  49 ---
 apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema  |  49 ---
 apps/emqx_auth_jwt/rebar.config               |  25 --
 apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src  |  14 -
 .../emqx_auth_jwt/src/emqx_auth_jwt.appup.src |  15 -
 apps/emqx_auth_jwt/src/emqx_auth_jwt.erl      |  99 -----
 apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl  |  81 -----
 apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl  | 224 ------------
 .../test/emqx_auth_jwt_SUITE.erl              | 166 ---------
 apps/emqx_auth_ldap/.gitignore                |  25 --
 apps/emqx_auth_ldap/README.md                 |  96 -----
 apps/emqx_auth_ldap/emqx.io.ldif              | 135 -------
 apps/emqx_auth_ldap/emqx.schema               |  46 ---
 apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf   |  76 ----
 .../emqx_auth_ldap/include/emqx_auth_ldap.hrl |  23 --
 .../emqx_auth_ldap/priv/emqx_auth_ldap.schema | 174 ---------
 apps/emqx_auth_ldap/rebar.config              |  25 --
 .../emqx_auth_ldap/src/emqx_auth_ldap.app.src |  14 -
 apps/emqx_auth_ldap/src/emqx_auth_ldap.erl    | 210 -----------
 .../emqx_auth_ldap/src/emqx_auth_ldap_app.erl |  78 ----
 .../emqx_auth_ldap/src/emqx_auth_ldap_cli.erl | 150 --------
 .../emqx_auth_ldap/src/emqx_auth_ldap_sup.erl |  35 --
 apps/emqx_auth_ldap/test/certs/cacert.pem     |  20 -
 apps/emqx_auth_ldap/test/certs/cert.pem       |  19 -
 .../emqx_auth_ldap/test/certs/client-cert.pem |  19 -
 apps/emqx_auth_ldap/test/certs/client-key.pem |  27 --
 apps/emqx_auth_ldap/test/certs/key.pem        |  27 --
 .../test/emqx_auth_ldap_SUITE.erl             | 152 --------
 .../emqx_auth_ldap_bind_as_user_SUITE.erl     | 112 ------
 apps/emqx_auth_mnesia/.gitignore              |  26 --
 apps/emqx_auth_mnesia/README.md               |   2 -
 .../etc/emqx_auth_mnesia.conf                 |  30 --
 .../include/emqx_auth_mnesia.hrl              |  38 --
 .../priv/emqx_auth_mnesia.schema              |  43 ---
 apps/emqx_auth_mnesia/rebar.config            |  17 -
 apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl | 104 ------
 .../src/emqx_acl_mnesia_api.erl               | 226 ------------
 .../src/emqx_acl_mnesia_cli.erl               | 270 --------------
 .../src/emqx_auth_mnesia.app.src              |  14 -
 .../src/emqx_auth_mnesia.appup.src            |  13 -
 .../emqx_auth_mnesia/src/emqx_auth_mnesia.erl | 109 ------
 .../src/emqx_auth_mnesia_api.erl              | 305 ----------------
 .../src/emqx_auth_mnesia_app.erl              |  68 ----
 .../src/emqx_auth_mnesia_cli.erl              | 194 ----------
 .../src/emqx_auth_mnesia_sup.erl              |  36 --
 .../test/emqx_acl_mnesia_SUITE.erl            | 293 ---------------
 .../test/emqx_auth_mnesia_SUITE.erl           | 318 ----------------
 apps/emqx_auth_mongo/.gitignore               |  24 --
 apps/emqx_auth_mongo/CHANGES                  |  31 --
 apps/emqx_auth_mongo/README.md                | 192 ----------
 apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf | 187 ----------
 .../include/emqx_auth_mongo.hrl               |  37 --
 .../priv/emqx_auth_mongo.schema               | 341 ------------------
 apps/emqx_auth_mongo/rebar.config             |  32 --
 apps/emqx_auth_mongo/src/emqx_acl_mongo.erl   |  91 -----
 .../src/emqx_auth_mongo.app.src               |  14 -
 apps/emqx_auth_mongo/src/emqx_auth_mongo.erl  | 138 -------
 .../src/emqx_auth_mongo_app.erl               |  88 -----
 .../src/emqx_auth_mongo_sup.erl               |  34 --
 .../test/emqx_auth_mongo_SUITE.erl            | 169 ---------
 .../emqx_auth_mongo_SUITE_data/ca-key.pem     |  27 --
 .../test/emqx_auth_mongo_SUITE_data/ca.pem    |  19 -
 .../client-cert.pem                           |  19 -
 .../emqx_auth_mongo_SUITE_data/client-key.pem |  27 --
 .../emqx_auth_mongo_SUITE_data/mongodb.pem    |  46 ---
 .../private_key.pem                           |  27 --
 .../emqx_auth_mongo_SUITE_data/public_key.pem |   9 -
 .../server-cert.pem                           |  19 -
 .../emqx_auth_mongo_SUITE_data/server-key.pem |  27 --
 apps/emqx_auth_mysql/.gitignore               |  31 --
 apps/emqx_auth_mysql/README.md                | 167 ---------
 apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf | 131 -------
 .../include/emqx_auth_mysql.hrl               |  23 --
 apps/emqx_auth_mysql/mqtt.sql                 |  41 ---
 .../priv/emqx_auth_mysql.schema               | 156 --------
 apps/emqx_auth_mysql/rebar.config             |  24 --
 apps/emqx_auth_mysql/src/emqx_acl_mysql.erl   | 119 ------
 .../src/emqx_auth_mysql.app.src               |  14 -
 apps/emqx_auth_mysql/src/emqx_auth_mysql.erl  |  91 -----
 .../src/emqx_auth_mysql_app.erl               |  74 ----
 .../src/emqx_auth_mysql_cli.erl               |  91 -----
 .../src/emqx_auth_mysql_sup.erl               |  40 --
 .../test/emqx_auth_mysql_SUITE.erl            | 235 ------------
 .../emqx_auth_mysql_SUITE_data/ca-key.pem     |  27 --
 .../test/emqx_auth_mysql_SUITE_data/ca.pem    |  19 -
 .../client-cert.pem                           |  19 -
 .../emqx_auth_mysql_SUITE_data/client-key.pem |  27 --
 .../private_key.pem                           |  27 --
 .../emqx_auth_mysql_SUITE_data/public_key.pem |   9 -
 .../server-cert.pem                           |  19 -
 .../emqx_auth_mysql_SUITE_data/server-key.pem |  27 --
 apps/emqx_auth_pgsql/.gitignore               |  20 -
 apps/emqx_auth_pgsql/README.md                | 183 ----------
 apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf | 132 -------
 .../include/emqx_auth_pgsql.hrl               |  23 --
 apps/emqx_auth_pgsql/mqtt.sql                 |  28 --
 .../priv/emqx_auth_pgsql.schema               | 184 ----------
 apps/emqx_auth_pgsql/rebar.config             |  21 --
 apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl   | 117 ------
 .../src/emqx_auth_pgsql.app.src               |  14 -
 apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl  |  91 -----
 .../src/emqx_auth_pgsql_app.erl               |  63 ----
 .../src/emqx_auth_pgsql_cli.erl               | 150 --------
 .../src/emqx_auth_pgsql_sup.erl               |  37 --
 .../test/emqx_auth_pgsql_SUITE.erl            | 221 ------------
 .../emqx_auth_pgsql_SUITE_data/ca-key.pem     |  27 --
 .../test/emqx_auth_pgsql_SUITE_data/ca.pem    |  19 -
 .../client-cert.pem                           |  19 -
 .../emqx_auth_pgsql_SUITE_data/client-key.pem |  27 --
 .../private_key.pem                           |  27 --
 .../emqx_auth_pgsql_SUITE_data/public_key.pem |   9 -
 .../server-cert.pem                           |  19 -
 .../emqx_auth_pgsql_SUITE_data/server-key.pem |  27 --
 apps/emqx_auth_redis/.gitignore               |  28 --
 apps/emqx_auth_redis/README.md                | 171 ---------
 apps/emqx_auth_redis/etc/emqx_auth_redis.conf | 131 -------
 .../include/emqx_auth_redis.hrl               |  23 --
 .../priv/emqx_auth_redis.schema               | 184 ----------
 apps/emqx_auth_redis/rebar.config             |  24 --
 apps/emqx_auth_redis/src/emqx_acl_redis.erl   |  86 -----
 .../src/emqx_auth_redis.app.src               |  14 -
 apps/emqx_auth_redis/src/emqx_auth_redis.erl  |  85 -----
 .../src/emqx_auth_redis_app.erl               |  70 ----
 .../src/emqx_auth_redis_cli.erl               |  89 -----
 .../src/emqx_auth_redis_sup.erl               |  43 ---
 .../test/emqx_auth_redis_SUITE.erl            | 186 ----------
 .../emqx_auth_redis_SUITE_data/certs/ca.crt   |  29 --
 .../emqx_auth_redis_SUITE_data/certs/ca.key   |  51 ---
 .../emqx_auth_redis_SUITE_data/certs/ca.txt   |   1 -
 .../certs/redis.crt                           |  23 --
 .../emqx_auth_redis_SUITE_data/certs/redis.dh |   8 -
 .../certs/redis.key                           |  27 --
 148 files changed, 11361 deletions(-)
 delete mode 100644 apps/emqx_auth_http/.gitignore
 delete mode 100644 apps/emqx_auth_http/README.md
 delete mode 100644 apps/emqx_auth_http/etc/emqx_auth_http.conf
 delete mode 100644 apps/emqx_auth_http/include/emqx_auth_http.hrl
 delete mode 100644 apps/emqx_auth_http/priv/emqx_auth_http.schema
 delete mode 100644 apps/emqx_auth_http/rebar.config
 delete mode 100644 apps/emqx_auth_http/src/emqx_acl_http.erl
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http.erl
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http_cli.erl
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http_sup.erl
 delete mode 100644 apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl
 delete mode 100644 apps/emqx_auth_http/test/http_auth_server.erl
 delete mode 100644 apps/emqx_auth_jwt/.gitignore
 delete mode 100644 apps/emqx_auth_jwt/README.md
 delete mode 100644 apps/emqx_auth_jwt/TODO.md
 delete mode 100644 apps/emqx_auth_jwt/doc/hmac-vs-ecdsa-for-jwt.txt
 delete mode 100644 apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf
 delete mode 100644 apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema
 delete mode 100644 apps/emqx_auth_jwt/rebar.config
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl
 delete mode 100644 apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
 delete mode 100644 apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl
 delete mode 100644 apps/emqx_auth_ldap/.gitignore
 delete mode 100644 apps/emqx_auth_ldap/README.md
 delete mode 100644 apps/emqx_auth_ldap/emqx.io.ldif
 delete mode 100644 apps/emqx_auth_ldap/emqx.schema
 delete mode 100644 apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
 delete mode 100644 apps/emqx_auth_ldap/include/emqx_auth_ldap.hrl
 delete mode 100644 apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema
 delete mode 100644 apps/emqx_auth_ldap/rebar.config
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl
 delete mode 100644 apps/emqx_auth_ldap/test/certs/cacert.pem
 delete mode 100644 apps/emqx_auth_ldap/test/certs/cert.pem
 delete mode 100644 apps/emqx_auth_ldap/test/certs/client-cert.pem
 delete mode 100644 apps/emqx_auth_ldap/test/certs/client-key.pem
 delete mode 100644 apps/emqx_auth_ldap/test/certs/key.pem
 delete mode 100644 apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl
 delete mode 100644 apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl
 delete mode 100644 apps/emqx_auth_mnesia/.gitignore
 delete mode 100644 apps/emqx_auth_mnesia/README.md
 delete mode 100644 apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf
 delete mode 100644 apps/emqx_auth_mnesia/include/emqx_auth_mnesia.hrl
 delete mode 100644 apps/emqx_auth_mnesia/priv/emqx_auth_mnesia.schema
 delete mode 100644 apps/emqx_auth_mnesia/rebar.config
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
 delete mode 100644 apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl
 delete mode 100644 apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
 delete mode 100644 apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl
 delete mode 100644 apps/emqx_auth_mongo/.gitignore
 delete mode 100644 apps/emqx_auth_mongo/CHANGES
 delete mode 100644 apps/emqx_auth_mongo/README.md
 delete mode 100644 apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
 delete mode 100644 apps/emqx_auth_mongo/include/emqx_auth_mongo.hrl
 delete mode 100644 apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema
 delete mode 100644 apps/emqx_auth_mongo/rebar.config
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_acl_mongo.erl
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_auth_mongo.app.src
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
 delete mode 100644 apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca-key.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/private_key.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/public_key.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-cert.pem
 delete mode 100644 apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-key.pem
 delete mode 100644 apps/emqx_auth_mysql/.gitignore
 delete mode 100644 apps/emqx_auth_mysql/README.md
 delete mode 100644 apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
 delete mode 100644 apps/emqx_auth_mysql/include/emqx_auth_mysql.hrl
 delete mode 100644 apps/emqx_auth_mysql/mqtt.sql
 delete mode 100644 apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema
 delete mode 100644 apps/emqx_auth_mysql/rebar.config
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_acl_mysql.erl
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
 delete mode 100644 apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca-key.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/private_key.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/public_key.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem
 delete mode 100644 apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem
 delete mode 100644 apps/emqx_auth_pgsql/.gitignore
 delete mode 100644 apps/emqx_auth_pgsql/README.md
 delete mode 100644 apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
 delete mode 100644 apps/emqx_auth_pgsql/include/emqx_auth_pgsql.hrl
 delete mode 100644 apps/emqx_auth_pgsql/mqtt.sql
 delete mode 100644 apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
 delete mode 100644 apps/emqx_auth_pgsql/rebar.config
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
 delete mode 100644 apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca-key.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/private_key.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/public_key.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem
 delete mode 100644 apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem
 delete mode 100644 apps/emqx_auth_redis/.gitignore
 delete mode 100644 apps/emqx_auth_redis/README.md
 delete mode 100644 apps/emqx_auth_redis/etc/emqx_auth_redis.conf
 delete mode 100644 apps/emqx_auth_redis/include/emqx_auth_redis.hrl
 delete mode 100644 apps/emqx_auth_redis/priv/emqx_auth_redis.schema
 delete mode 100644 apps/emqx_auth_redis/rebar.config
 delete mode 100644 apps/emqx_auth_redis/src/emqx_acl_redis.erl
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis.app.src
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis.erl
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
 delete mode 100644 apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.key
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.txt
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.dh
 delete mode 100644 apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key

diff --git a/apps/emqx_auth_http/.gitignore b/apps/emqx_auth_http/.gitignore
deleted file mode 100644
index 557a3a337..000000000
--- a/apps/emqx_auth_http/.gitignore
+++ /dev/null
@@ -1,25 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_http.d
-data
-ct.cover.spec
-cover/
-ct.coverdata
-eunit.coverdata
-logs/
-erlang.mk
-_build/
-rebar.lock
-rebar3.crashdump
-etc/emqx_auth_http.conf.rendered
-.rebar3/
-*.swp
diff --git a/apps/emqx_auth_http/README.md b/apps/emqx_auth_http/README.md
deleted file mode 100644
index ed743334a..000000000
--- a/apps/emqx_auth_http/README.md
+++ /dev/null
@@ -1,100 +0,0 @@
-emqx_auth_http
-==============
-
-EMQ X HTTP Auth/ACL Plugin
-
-Build
------
-
-```
-make && make tests
-```
-
-Configure the Plugin
---------------------
-
-File: etc/emqx_auth_http.conf
-
-```
-##--------------------------------------------------------------------
-## Authentication request.
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Value: URL
-auth.http.auth_req = http://127.0.0.1:8080/mqtt/auth
-## Value: post | get | put
-auth.http.auth_req.method = post
-## Value: Params
-auth.http.auth_req.params = clientid=%c,username=%u,password=%P
-
-##--------------------------------------------------------------------
-## Superuser request.
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Value: URL
-auth.http.super_req = http://127.0.0.1:8080/mqtt/superuser
-## Value: post | get | put
-auth.http.super_req.method = post
-## Value: Params
-auth.http.super_req.params = clientid=%c,username=%u
-
-##--------------------------------------------------------------------
-## ACL request.
-##
-## Variables:
-##  - %A: 1 | 2, 1 = sub, 2 = pub
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %m: mountpoint
-##  - %t: topic
-##
-## Value: URL
-auth.http.acl_req = http://127.0.0.1:8080/mqtt/acl
-## Value: post | get | put
-auth.http.acl_req.method = get
-## Value: Params
-auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t
-```
-
-Load the Plugin
----------------
-
-```
-./bin/emqx_ctl plugins load emqx_auth_http
-```
-
-HTTP API
---------
-
-200 if ok
-
-4xx if unauthorized
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_http/etc/emqx_auth_http.conf b/apps/emqx_auth_http/etc/emqx_auth_http.conf
deleted file mode 100644
index 56e2055c0..000000000
--- a/apps/emqx_auth_http/etc/emqx_auth_http.conf
+++ /dev/null
@@ -1,172 +0,0 @@
-##--------------------------------------------------------------------
-## HTTP Auth/ACL Plugin
-##--------------------------------------------------------------------
-
-## HTTP URL API path for Auth Request
-##
-## Value: URL
-##
-## Examples: http://127.0.0.1:80/mqtt/auth, https://[::1]:80/mqtt/auth
-auth.http.auth_req.url = "http://127.0.0.1:80/mqtt/auth"
-
-## HTTP Request Method for Auth Request
-##
-## Value: post | get
-auth.http.auth_req.method = post
-
-## HTTP Request Headers for Auth Request, Content-Type header is configured by default.
-## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
-##
-## Examples: auth.http.auth_req.headers.accept = */*
-
-auth.http.auth_req.headers.content_type = "application/x-www-form-urlencoded"
-
-## Parameters used to construct the request body or query string parameters
-## When the request method is GET, these parameters will be converted into query string parameters
-## When the request method is POST, the final format is determined by content-type
-##
-## Available Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %p: sockport of server accepted
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Value: <K1>=<V1>,<K2>=<V2>,...
-auth.http.auth_req.params = "clientid=%c,username=%u,password=%P"
-
-## HTTP URL API path for SuperUser Request
-##
-## Value: URL
-##
-## Examples: http://127.0.0.1:80/mqtt/superuser, https://[::1]:80/mqtt/superuser
-auth.http.super_req.url = "http://127.0.0.1:80/mqtt/superuser"
-
-## HTTP Request Method for SuperUser Request
-##
-## Value: post | get
-auth.http.super_req.method = post
-
-## HTTP Request Headers for SuperUser Request, Content-Type header is configured by default.
-## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
-##
-## Examples: auth.http.super_req.headers.accept = */*
-auth.http.super_req.headers.content-type = "application/x-www-form-urlencoded"
-
-## Parameters used to construct the request body or query string parameters
-## When the request method is GET, these parameters will be converted into query string parameters
-## When the request method is POST, the final format is determined by content-type
-##
-## Available Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %p: sockport of server accepted
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Value: <K1>=<V1>,<K2>=<V2>,...
-auth.http.super_req.params = "clientid=%c,username=%u"
-
-## HTTP URL API path for ACL Request
-## Comment out this config to disable ACL checks
-##
-## Value: URL
-##
-## Examples: http://127.0.0.1:80/mqtt/acl, https://[::1]:80/mqtt/acl
-auth.http.acl_req.url = "http://127.0.0.1:80/mqtt/acl"
-
-## HTTP Request Method for ACL Request
-##
-## Value: post | get
-auth.http.acl_req.method = post
-
-## HTTP Request Headers for ACL Request, Content-Type header is configured by default.
-## The possible values of the Content-Type header: application/x-www-form-urlencoded, application/json
-##
-## Examples: auth.http.acl_req.headers.accept = */*
-auth.http.acl_req.headers.content-type = "application/x-www-form-urlencoded"
-
-## Parameters used to construct the request body or query string parameters
-## When the request method is GET, these parameters will be converted into query string parameters
-## When the request method is POST, the final format is determined by content-type
-##
-## Available Variables:
-##  - %A: access (1 - subscribe, 2 - publish)
-##  - %u: username
-##  - %c: clientid
-##  - %a: ipaddress
-##  - %r: protocol
-##  - %P: password
-##  - %p: sockport of server accepted
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##  - %t: topic
-##
-## Value: <K1>=<V1>,<K2>=<V2>,...
-auth.http.acl_req.params = "access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m"
-
-## Time-out time for the request.
-##
-## Value: Duration
-## -h: hour, e.g. '2h' for 2 hours
-## -m: minute, e.g. '5m' for 5 minutes
-## -s: second, e.g. '30s' for 30 seconds
-##
-## Default: 5s
-auth.http.timeout = 5s
-
-## Connection time-out time, used during the initial request,
-## when the client is connecting to the server.
-##
-## Value: Duration
-## -h: hour, e.g. '2h' for 2 hours
-## -m: minute, e.g. '5m' for 5 minutes
-## -s: second, e.g. '30s' for 30 seconds
-##
-## Default: 5s
-auth.http.connect_timeout = 5s
-
-## Connection process pool size
-##
-## Value: Number
-auth.http.pool_size = 32
-
-##------------------------------------------------------------------------------
-## SSL options
-
-## Path to the file containing PEM-encoded CA certificates. The CA certificates
-## are used during server authentication and when building the client certificate chain.
-##
-## Value: File
-## auth.http.ssl.cacertfile = "{{ platform_etc_dir }}/certs/ca.pem"
-
-## The path to a file containing the client's certificate.
-##
-## Value: File
-## auth.http.ssl.certfile = "{{ platform_etc_dir }}/certs/client-cert.pem"
-
-## Path to a file containing the client's private PEM-encoded key.
-##
-## Value: File
-## auth.http.ssl.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem"
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-## auth.http.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.http.auth_req.url` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.http.ssl.server_name_indication = disable
diff --git a/apps/emqx_auth_http/include/emqx_auth_http.hrl b/apps/emqx_auth_http/include/emqx_auth_http.hrl
deleted file mode 100644
index 9c1216357..000000000
--- a/apps/emqx_auth_http/include/emqx_auth_http.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
-
--define(APP, emqx_auth_http).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_http/priv/emqx_auth_http.schema b/apps/emqx_auth_http/priv/emqx_auth_http.schema
deleted file mode 100644
index b248c7dc7..000000000
--- a/apps/emqx_auth_http/priv/emqx_auth_http.schema
+++ /dev/null
@@ -1,131 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_http config mapping
-{mapping, "auth.http.auth_req.url", "emqx_auth_http.auth_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.auth_req.method", "emqx_auth_http.auth_req", [
-  {default, post},
-  {datatype, {enum, [post, get]}}
-]}.
-
-{mapping, "auth.http.auth_req.headers.$field", "emqx_auth_http.auth_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.auth_req.params", "emqx_auth_http.auth_req", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_http.auth_req", fun(Conf) ->
-  case cuttlefish:conf_get("auth.http.auth_req.url", Conf, undefined) of
-    undefined -> cuttlefish:unset();
-    Url ->
-      Headers = cuttlefish_variable:filter_by_prefix("auth.http.auth_req.headers", Conf),
-      Params = cuttlefish:conf_get("auth.http.auth_req.params", Conf),
-      [{url, Url},
-       {method, cuttlefish:conf_get("auth.http.auth_req.method", Conf)},
-       {headers, [{K, V} || {[_, _, _, _, K], V} <- Headers]},
-       {params, [list_to_tuple(string:tokens(S, "=")) || S <- string:tokens(Params, ",")]}]
-  end
-end}.
-
-{mapping, "auth.http.super_req.url", "emqx_auth_http.super_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.super_req.method", "emqx_auth_http.super_req", [
-  {default, post},
-  {datatype, {enum, [post, get]}}
-]}.
-
-{mapping, "auth.http.super_req.headers.$field", "emqx_auth_http.super_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.super_req.params", "emqx_auth_http.super_req", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_http.super_req", fun(Conf) ->
-  case cuttlefish:conf_get("auth.http.super_req.url", Conf, undefined) of
-    undefined -> cuttlefish:unset();
-    Url ->
-      Headers = cuttlefish_variable:filter_by_prefix("auth.http.super_req.headers", Conf),
-      Params = cuttlefish:conf_get("auth.http.super_req.params", Conf),
-      [{url, Url},
-       {method, cuttlefish:conf_get("auth.http.super_req.method", Conf)},
-       {headers, [{K, V} || {[_, _, _, _, K], V} <- Headers]},
-       {params, [list_to_tuple(string:tokens(S, "=")) || S <- string:tokens(Params, ",")]}]
-  end
-end}.
-
-%% @doc URL for ACL checks. Example: http://127.0.0.1:80/mqtt/acl
-%% ACL checks are disabled for this plugin if this config is
-%% commented out from the config file, or when the overriding
-%% environment variable is set to empty string.
-{mapping, "auth.http.acl_req.url", "emqx_auth_http.acl_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.acl_req.method", "emqx_auth_http.acl_req", [
-  {default, post},
-  {datatype, {enum, [post, get]}}
-]}.
-
-{mapping, "auth.http.acl_req.headers.$field", "emqx_auth_http.acl_req", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.acl_req.params", "emqx_auth_http.acl_req", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_http.acl_req", fun(Conf) ->
-  case cuttlefish:conf_get("auth.http.acl_req.url", Conf, undefined) of
-    undefined -> cuttlefish:unset();
-    Url ->
-      Headers = cuttlefish_variable:filter_by_prefix("auth.http.acl_req.headers", Conf),
-      Params = cuttlefish:conf_get("auth.http.acl_req.params", Conf),
-      [{url, Url},
-       {method, cuttlefish:conf_get("auth.http.acl_req.method", Conf)},
-       {headers, [{K, V} || {[_, _, _, _, K], V} <- Headers]},
-       {params, [list_to_tuple(string:tokens(S, "=")) || S <- string:tokens(Params, ",")]}]
-  end
-end}.
-
-{mapping, "auth.http.timeout", "emqx_auth_http.timeout", [
-  {default, "5s"},
-  {datatype, [integer, {duration, ms}]}
-]}.
-
-{mapping, "auth.http.connect_timeout", "emqx_auth_http.connect_timeout", [
-  {default, "5s"},
-  {datatype, [integer, {duration, ms}]}
-]}.
-
-{mapping, "auth.http.pool_size", "emqx_auth_http.pool_size", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.http.ssl.cacertfile", "emqx_auth_http.cacertfile", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.ssl.certfile", "emqx_auth_http.certfile", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.ssl.keyfile", "emqx_auth_http.keyfile", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.http.ssl.verify", "emqx_auth_http.verify", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.http.ssl.server_name_indication", "emqx_auth_http.server_name_indication", [
-  {datatype, string}
-]}.
diff --git a/apps/emqx_auth_http/rebar.config b/apps/emqx_auth_http/rebar.config
deleted file mode 100644
index 01c0f4209..000000000
--- a/apps/emqx_auth_http/rebar.config
+++ /dev/null
@@ -1,26 +0,0 @@
-{deps, []}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
-{profiles,
- [{test,
-   [{deps,
-     [
-      {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "v1.2.2"}}}
-     ]}
-   ]}
- ]}.
diff --git a/apps/emqx_auth_http/src/emqx_acl_http.erl b/apps/emqx_auth_http/src/emqx_acl_http.erl
deleted file mode 100644
index aa98759b0..000000000
--- a/apps/emqx_auth_http/src/emqx_acl_http.erl
+++ /dev/null
@@ -1,88 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_http).
-
--include("emqx_auth_http.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--logger_header("[ACL http]").
-
--import(emqx_auth_http_cli,
-        [ request/6
-        , feedvar/2
-        ]).
-
-%% ACL callbacks
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-%%--------------------------------------------------------------------
-%% ACL callbacks
-%%--------------------------------------------------------------------
-
-check_acl(ClientInfo, PubSub, Topic, AclResult, Params) ->
-    return_with(fun inc_metrics/1,
-                do_check_acl(ClientInfo, PubSub, Topic, AclResult, Params)).
-
-do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Params) ->
-    ok;
-do_check_acl(ClientInfo, PubSub, Topic, _AclResult, #{acl := ACLParams = #{path := Path}}) ->
-    ClientInfo1 = ClientInfo#{access => access(PubSub), topic => Topic},
-    case check_acl_request(ACLParams, ClientInfo1) of
-        {ok, 200, <<"ignore">>} -> ok;
-        {ok, 200, _Body}    -> {stop, allow};
-        {ok, _Code, _Body}  -> {stop, deny};
-        {error, Error}      ->
-            ?LOG(error, "Request ACL path ~s, error: ~p", [Path, Error]),
-            ok
-    end.
-
-description() -> "ACL with HTTP API".
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-inc_metrics(ok) ->
-    emqx_metrics:inc(?ACL_METRICS(ignore));
-inc_metrics({stop, allow}) ->
-    emqx_metrics:inc(?ACL_METRICS(allow));
-inc_metrics({stop, deny}) ->
-    emqx_metrics:inc(?ACL_METRICS(deny)).
-
-return_with(Fun, Result) ->
-    Fun(Result), Result.
-
-check_acl_request(#{pool_name := PoolName,
-                    path := Path,
-                    method := Method,
-                    headers := Headers,
-                    params := Params,
-                    timeout := Timeout}, ClientInfo) ->
-    request(PoolName, Method, Path, Headers, feedvar(Params, ClientInfo), Timeout).
-
-access(subscribe) -> 1;
-access(publish)   -> 2.
-
diff --git a/apps/emqx_auth_http/src/emqx_auth_http.erl b/apps/emqx_auth_http/src/emqx_auth_http.erl
deleted file mode 100644
index aba0a5d8d..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http.erl
+++ /dev/null
@@ -1,112 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_http).
-
--include("emqx_auth_http.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("emqx/include/types.hrl").
-
--logger_header("[Auth http]").
-
--import(emqx_auth_http_cli,
-        [ request/6
-        , feedvar/2
-        ]).
-
-%% Callbacks
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo, AuthResult, #{auth  := AuthParms = #{path := Path},
-                                super := SuperParams}) ->
-    case authenticate(AuthParms, ClientInfo) of
-        {ok, 200, <<"ignore">>} ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore)), ok;
-        {ok, 200, Body}  ->
-            emqx_metrics:inc(?AUTH_METRICS(success)),
-            IsSuperuser = is_superuser(SuperParams, ClientInfo),
-            {stop, AuthResult#{is_superuser => IsSuperuser,
-                                auth_result => success,
-                                anonymous   => false,
-                                mountpoint  => mountpoint(Body, ClientInfo)}};
-        {ok, Code, _Body} ->
-            ?LOG(error, "Deny connection from path: ~s, response http code: ~p",
-                 [Path, Code]),
-            emqx_metrics:inc(?AUTH_METRICS(failure)),
-            {stop, AuthResult#{auth_result => http_to_connack_error(Code),
-                               anonymous   => false}};
-        {error, Error} ->
-            ?LOG(error, "Request auth path: ~s, error: ~p", [Path, Error]),
-            emqx_metrics:inc(?AUTH_METRICS(failure)),
-            %%FIXME later: server_unavailable is not right.
-            {stop, AuthResult#{auth_result => server_unavailable,
-                               anonymous   => false}}
-    end.
-
-description() -> "Authentication by HTTP API".
-
-%%--------------------------------------------------------------------
-%% Requests
-%%--------------------------------------------------------------------
-
-authenticate(#{pool_name := PoolName,
-               path := Path,
-               method := Method,
-               headers := Headers,
-               params := Params,
-               timeout := Timeout}, ClientInfo) ->
-   request(PoolName, Method, Path, Headers, feedvar(Params, ClientInfo), Timeout).
-
--spec(is_superuser(maybe(map()), emqx_types:client()) -> boolean()).
-is_superuser(undefined, _ClientInfo) ->
-    false;
-is_superuser(#{pool_name := PoolName,
-               path := Path,
-               method := Method,
-               headers := Headers,
-               params := Params,
-               timeout := Timeout}, ClientInfo) ->
-    case request(PoolName, Method, Path, Headers, feedvar(Params, ClientInfo), Timeout) of
-        {ok, 200, _Body}   -> true;
-        {ok, _Code, _Body} -> false;
-        {error, Error}     -> ?LOG(error, "Request superuser path ~s, error: ~p", [Path, Error]),
-                              false
-    end.
-
-mountpoint(Body, #{mountpoint := Mountpoint}) ->
-    case emqx_json:safe_decode(Body, [return_maps]) of
-        {error, _} -> Mountpoint;
-        {ok, Json} when is_map(Json) ->
-            maps:get(<<"mountpoint">>, Json, Mountpoint);
-        {ok, _NotMap} -> Mountpoint
-    end.
-
-http_to_connack_error(400) -> bad_username_or_password;
-http_to_connack_error(401) -> bad_username_or_password;
-http_to_connack_error(403) -> not_authorized;
-http_to_connack_error(429) -> banned;
-http_to_connack_error(503) -> server_unavailable;
-http_to_connack_error(504) -> server_busy;
-http_to_connack_error(_) -> server_unavailable.
diff --git a/apps/emqx_auth_http/src/emqx_auth_http_cli.erl b/apps/emqx_auth_http/src/emqx_auth_http_cli.erl
deleted file mode 100644
index 979ac475d..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http_cli.erl
+++ /dev/null
@@ -1,92 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_http_cli).
-
--include("emqx_auth_http.hrl").
-
--export([ request/6
-        , feedvar/2
-        , feedvar/3
-        ]).
-
-%%--------------------------------------------------------------------
-%% HTTP Request
-%%--------------------------------------------------------------------
-
-request(PoolName, get, Path, Headers, Params, Timeout) ->
-    NewPath = Path ++ "?" ++ binary_to_list(cow_qs:qs(bin_kw(Params))),
-    reply(ehttpc:request(ehttpc_pool:pick_worker(PoolName), get, {NewPath, Headers}, Timeout));
-
-request(PoolName, post, Path, Headers, Params, Timeout) ->
-    Body = case proplists:get_value("content-type", Headers) of
-               "application/x-www-form-urlencoded" ->
-                   cow_qs:qs(bin_kw(Params));
-               "application/json" -> 
-                   emqx_json:encode(bin_kw(Params))
-           end,
-    reply(ehttpc:request(ehttpc_pool:pick_worker(PoolName), post, {Path, Headers, Body}, Timeout)).
-
-reply({ok, StatusCode, _Headers}) ->
-    {ok, StatusCode, <<>>};
-reply({ok, StatusCode, _Headers, Body}) ->
-    {ok, StatusCode, Body};
-reply({error, Reason}) ->
-    {error, Reason}.
-
-%% TODO: move this conversion to cuttlefish config and schema
-bin_kw(KeywordList) when is_list(KeywordList) ->
-    [{bin(K), bin(V)} || {K, V} <- KeywordList].
-
-bin(Atom) when is_atom(Atom) ->
-    list_to_binary(atom_to_list(Atom));
-bin(Int) when is_integer(Int) ->
-    integer_to_binary(Int);
-bin(Float) when is_float(Float) ->
-    float_to_binary(Float, [{decimals, 12}, compact]);
-bin(List) when is_list(List)->
-    list_to_binary(List);
-bin(Binary) when is_binary(Binary) ->
-    Binary.
-
-%%--------------------------------------------------------------------
-%% Feed Variables
-%%--------------------------------------------------------------------
-
-feedvar(Params, ClientInfo = #{clientid := ClientId,
-                               protocol := Protocol,
-                               peerhost := Peerhost}) ->
-    lists:map(fun({Param, "%u"}) -> {Param, maps:get(username, ClientInfo, null)};
-                 ({Param, "%c"}) -> {Param, ClientId};
-                 ({Param, "%r"}) -> {Param, Protocol};
-                 ({Param, "%a"}) -> {Param, inet:ntoa(Peerhost)};
-                 ({Param, "%P"}) -> {Param, maps:get(password, ClientInfo, null)};
-                 ({Param, "%p"}) -> {Param, maps:get(sockport, ClientInfo, null)};
-                 ({Param, "%C"}) -> {Param, maps:get(cn, ClientInfo, null)};
-                 ({Param, "%d"}) -> {Param, maps:get(dn, ClientInfo, null)};
-                 ({Param, "%A"}) -> {Param, maps:get(access, ClientInfo, null)};
-                 ({Param, "%t"}) -> {Param, maps:get(topic, ClientInfo, null)};
-                 ({Param, "%m"}) -> {Param, maps:get(mountpoint, ClientInfo, null)};
-                 ({Param, Var})  -> {Param, Var}
-              end, Params).
-
-feedvar(Params, Var, Val) ->
-    lists:map(fun({Param, Var0}) when Var0 == Var ->
-                      {Param, Val};
-                 ({Param, Var0}) ->
-                      {Param, Var0}
-              end, Params).
-
diff --git a/apps/emqx_auth_http/src/emqx_auth_http_sup.erl b/apps/emqx_auth_http/src/emqx_auth_http_sup.erl
deleted file mode 100644
index 798a8a92e..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http_sup.erl
+++ /dev/null
@@ -1,29 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_http_sup).
-
--behaviour(supervisor).
-
--export([start_link/0]).
-
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    {ok, {{one_for_all, 0, 1}, []}}.
diff --git a/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl b/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl
deleted file mode 100644
index ef692e886..000000000
--- a/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl
+++ /dev/null
@@ -1,257 +0,0 @@
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-
--module(emqx_auth_http_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("common_test/include/ct.hrl").
--include_lib("eunit/include/eunit.hrl").
-
--define(APP, emqx_auth_http).
-
--define(USER(ClientId, Username, Protocol, Peerhost, Zone),
-        #{clientid => ClientId, username => Username, protocol => Protocol,
-          peerhost => Peerhost, zone => Zone}).
-
--define(USER(ClientId, Username, Protocol, Peerhost, Zone, Mountpoint),
-        #{clientid => ClientId, username => Username, protocol => Protocol,
-          peerhost => Peerhost, zone => Zone, mountpoint => Mountpoint}).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    [
-     {group, http_inet},
-     {group, http_inet6},
-     {group, https_inet},
-     {group, https_inet6},
-     pub_sub_no_acl,
-     no_hook_if_config_unset
-    ].
-
-groups() ->
-    Cases = emqx_ct:all(?MODULE),
-    [{Name, Cases} || Name <- [http_inet, http_inet6, https_inet, https_inet6]].
-
-init_per_group(GrpName, Cfg) ->
-    [Scheme, Inet] = [list_to_atom(X) || X <- string:tokens(atom_to_list(GrpName), "_")],
-    ok = setup(Scheme, Inet),
-    Cfg.
-
-end_per_group(_GrpName, _Cfg) ->
-    teardown().
-
-init_per_testcase(pub_sub_no_acl, Cfg) ->
-    Scheme = http,
-    Inet = inet,
-    http_auth_server:start(Scheme, Inet),
-    Fun = fun(App) -> set_special_configs(App, Scheme, Inet, no_acl) end,
-    emqx_ct_helpers:start_apps([emqx_auth_http], Fun),
-    ?assert(is_hooked('client.authenticate')),
-    ?assertNot(is_hooked('client.check_acl')),
-    Cfg;
-init_per_testcase(no_hook_if_config_unset, Cfg) ->
-    setup(http, inet),
-    Cfg;
-init_per_testcase(_, Cfg) ->
-    %% init per group
-    Cfg.
-
-end_per_testcase(pub_sub_no_acl, _Cfg) ->
-    teardown();
-end_per_testcase(no_hook_if_config_unset, _Cfg) ->
-    teardown();
-end_per_testcase(_, _Cfg) ->
-    %% teardown per group
-    ok.
-
-setup(Scheme, Inet) ->
-    http_auth_server:start(Scheme, Inet),
-    Fun = fun(App) -> set_special_configs(App, Scheme, Inet, normal) end,
-    emqx_ct_helpers:start_apps([emqx_auth_http], Fun),
-    ?assert(is_hooked('client.authenticate')),
-    ?assert(is_hooked('client.check_acl')).
-
-teardown() ->
-    http_auth_server:stop(),
-    application:stop(emqx_auth_http),
-    ?assertNot(is_hooked('client.authenticate')),
-    ?assertNot(is_hooked('client.check_acl')),
-    emqx_ct_helpers:stop_apps([emqx]).
-
-set_special_configs(emqx, _Scheme, _Inet, _AuthConfig) ->
-    application:set_env(emqx, allow_anonymous, true),
-    application:set_env(emqx, enable_acl_cache, false),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(emqx_auth_http, Scheme, Inet, PluginConfig) ->
-    [application:unset_env(?APP, Par) || Par <- [acl_req, auth_req]],
-    ServerAddr = http_server(Scheme, Inet),
-
-    AuthReq = #{method => get,
-                url => ServerAddr ++ "/mqtt/auth",
-                headers => [{"content-type", "application/json"}],
-                params => [{"clientid", "%c"}, {"username", "%u"}, {"password", "%P"}]},
-    SuperReq = #{method => post,
-                 url => ServerAddr ++ "/mqtt/superuser",
-                 headers => [{"content-type", "application/json"}],
-                 params => [{"clientid", "%c"}, {"username", "%u"}]},
-    AclReq = #{method => post,
-               url => ServerAddr ++ "/mqtt/acl",
-               headers => [{"content-type", "application/json"}],
-               params => [{"access", "%A"}, {"username", "%u"}, {"clientid", "%c"}, {"ipaddr", "%a"}, {"topic", "%t"}, {"mountpoint", "%m"}]},
-
-    Scheme =:= https andalso set_https_client_opts(),
-
-    application:set_env(emqx_auth_http, auth_req, maps:to_list(AuthReq)),
-    application:set_env(emqx_auth_http, super_req, maps:to_list(SuperReq)),
-    case PluginConfig of
-        normal -> ok = application:set_env(emqx_auth_http, acl_req, maps:to_list(AclReq));
-        no_acl -> ok
-    end.
-
-%% @private
-set_https_client_opts() ->
-    SSLOpt = emqx_ct_helpers:client_ssl_twoway(),
-    application:set_env(emqx_auth_http, cacertfile, proplists:get_value(cacertfile, SSLOpt, undefined)),
-    application:set_env(emqx_auth_http, certfile, proplists:get_value(certfile, SSLOpt, undefined)),
-    application:set_env(emqx_auth_http, keyfile, proplists:get_value(keyfile, SSLOpt, undefined)),
-    application:set_env(emqx_auth_http, verify, true),
-    application:set_env(emqx_auth_http, server_name_indication, "disable").
-
-%% @private
-http_server(http, inet) -> "http://127.0.0.1:8991"; % ipv4
-http_server(http, inet6) -> "http://localhost:8991"; % test hostname resolution
-http_server(https, inet) -> "https://localhost:8991"; % test hostname resolution
-http_server(https, inet6) -> "https://[::1]:8991". % ipv6
-
-%%------------------------------------------------------------------------------
-%% Testcases
-%%------------------------------------------------------------------------------
-
-t_check_acl(Cfg) when is_list(Cfg) ->
-    SuperUser = ?USER(<<"superclient">>, <<"superuser">>, mqtt, {127,0,0,1}, external),
-    deny = emqx_access_control:check_acl(SuperUser, subscribe, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(SuperUser, publish, <<"anytopic">>),
-
-    User1 = ?USER(<<"client1">>, <<"testuser">>, mqtt, {127,0,0,1}, external),
-    UnIpUser1 = ?USER(<<"client1">>, <<"testuser">>, mqtt, {192,168,0,4}, external),
-    UnClientIdUser1 = ?USER(<<"unkonwc">>, <<"testuser">>, mqtt, {127,0,0,1}, external),
-    UnnameUser1= ?USER(<<"client1">>, <<"unuser">>, mqtt, {127,0,0,1}, external),
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(User1, publish, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(UnIpUser1, subscribe, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(UnClientIdUser1, subscribe, <<"users/testuser/1">>),
-    deny  = emqx_access_control:check_acl(UnnameUser1, subscribe, <<"$SYS/testuser/1">>),
-
-    User2 = ?USER(<<"client2">>, <<"xyz">>, mqtt, {127,0,0,1}, external),
-    UserC = ?USER(<<"client2">>, <<"xyz">>, mqtt, {192,168,1,3}, external),
-    allow = emqx_access_control:check_acl(UserC, publish, <<"a/b/c">>),
-    deny = emqx_access_control:check_acl(User2, publish, <<"a/b/c">>),
-    deny  = emqx_access_control:check_acl(User2, subscribe, <<"$SYS/testuser/1">>).
-
-t_check_auth(Cfg) when is_list(Cfg) ->
-    User1 = ?USER(<<"client1">>, <<"testuser1">>, mqtt, {127,0,0,1}, external, undefined),
-    User2 = ?USER(<<"client2">>, <<"testuser2">>, mqtt, {127,0,0,1}, exteneral, undefined),
-    User3 = ?USER(<<"client3">>, undefined, mqtt, {127,0,0,1}, exteneral, undefined),
-
-    {ok, #{auth_result := success,
-           anonymous := false,
-           is_superuser := false}} = emqx_access_control:authenticate(User1#{password => <<"pass1">>}),
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User1#{password => <<"pass">>}),
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User1#{password => <<>>}),
-
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(User2#{password => <<"pass2">>}),
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User2#{password => <<>>}),
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User2#{password => <<"errorpwd">>}),
-
-    {error, bad_username_or_password} = emqx_access_control:authenticate(User3#{password => <<"pwd">>}).
-
-pub_sub_no_acl(Cfg) when is_list(Cfg) ->
-    {ok, T1} = emqtt:start_link([{host, "localhost"},
-                                 {clientid, <<"client1">>},
-                                 {username, <<"testuser1">>},
-                                 {password, <<"pass1">>}]),
-    {ok, _} = emqtt:connect(T1),
-    emqtt:publish(T1, <<"topic">>, <<"body">>, [{qos, 0}, {retain, true}]),
-    timer:sleep(1000),
-    {ok, T2} = emqtt:start_link([{host, "localhost"},
-                                 {clientid, <<"client2">>},
-                                 {username, <<"testuser2">>},
-                                 {password, <<"pass2">>}]),
-    {ok, _} = emqtt:connect(T2),
-    emqtt:subscribe(T2, <<"topic">>),
-    receive
-        {publish, _Topic, Payload} ->
-            ?assertEqual(<<"body">>, Payload)
-        after 1000 -> false end,
-    emqtt:disconnect(T1),
-    emqtt:disconnect(T2).
-
-t_pub_sub(Cfg) when is_list(Cfg) ->
-    {ok, T1} = emqtt:start_link([{host, "localhost"},
-                                 {clientid, <<"client1">>},
-                                 {username, <<"testuser1">>},
-                                 {password, <<"pass1">>}]),
-    {ok, _} = emqtt:connect(T1),
-    emqtt:publish(T1, <<"topic">>, <<"body">>, [{qos, 0}, {retain, true}]),
-    timer:sleep(1000),
-    {ok, T2} = emqtt:start_link([{host, "localhost"},
-                                 {clientid, <<"client2">>},
-                                 {username, <<"testuser2">>},
-                                 {password, <<"pass2">>}]),
-    {ok, _} = emqtt:connect(T2),
-    emqtt:subscribe(T2, <<"topic">>),
-    receive
-        {publish, _Topic, Payload} ->
-            ?assertEqual(<<"body">>, Payload)
-        after 1000 -> false end,
-    emqtt:disconnect(T1),
-    emqtt:disconnect(T2).
-
-no_hook_if_config_unset(Cfg) when is_list(Cfg) ->
-    ?assert(is_hooked('client.authenticate')),
-    ?assert(is_hooked('client.check_acl')),
-    application:stop(?APP),
-    [application:unset_env(?APP, Par) || Par <- [acl_req, auth_req]],
-    application:start(?APP),
-    ?assertEqual([], emqx_hooks:lookup('client.authenticate')),
-    ?assertNot(is_hooked('client.authenticate')),
-    ?assertNot(is_hooked('client.check_acl')).
-
-is_hooked(HookName) ->
-    Callbacks = emqx_hooks:lookup(HookName),
-    F = fun(Callback) ->
-                case emqx_hooks:callback_action(Callback) of
-                    {emqx_auth_http, check, _} ->
-                        'client.authenticate' = HookName, % assert
-                        true;
-                    {emqx_acl_http, check_acl, _} ->
-                        'client.check_acl' = HookName, % assert
-                        true;
-                    _ ->
-                        false
-                end
-        end,
-    case lists:filter(F, Callbacks) of
-        [_] -> true;
-        [] -> false
-    end.
diff --git a/apps/emqx_auth_http/test/http_auth_server.erl b/apps/emqx_auth_http/test/http_auth_server.erl
deleted file mode 100644
index 54c4d38b3..000000000
--- a/apps/emqx_auth_http/test/http_auth_server.erl
+++ /dev/null
@@ -1,152 +0,0 @@
--module(http_auth_server).
-
--export([ start/2
-        , stop/0
-        ]).
-
--define(SUPERUSER, [[{"username", "superuser"}, {"clientid", "superclient"}]]).
-
--define(ACL, [[{<<"username">>, <<"testuser">>},
-               {<<"clientid">>, <<"client1">>},
-               {<<"access">>, <<"1">>},
-               {<<"topic">>, <<"users/testuser/1">>},
-               {<<"ipaddr">>, <<"127.0.0.1">>},
-               {<<"mountpoint">>, <<"null">>}],
-              [{<<"username">>, <<"xyz">>},
-               {<<"clientid">>, <<"client2">>},
-               {<<"access">>, <<"2">>},
-               {<<"topic">>, <<"a/b/c">>},
-               {<<"ipaddr">>, <<"192.168.1.3">>},
-               {<<"mountpoint">>, <<"null">>}],
-              [{<<"username">>, <<"testuser1">>},
-               {<<"clientid">>, <<"client1">>},
-               {<<"access">>, <<"2">>},
-               {<<"topic">>, <<"topic">>},
-               {<<"ipaddr">>, <<"127.0.0.1">>},
-               {<<"mountpoint">>, <<"null">>}],
-              [{<<"username">>, <<"testuser2">>},
-               {<<"clientid">>, <<"client2">>},
-               {<<"access">>, <<"1">>},
-               {<<"topic">>, <<"topic">>},
-               {<<"ipaddr">>, <<"127.0.0.1">>},
-               {<<"mountpoint">>, <<"null">>}]]).
-
--define(AUTH, [[{<<"clientid">>, <<"client1">>},
-                {<<"username">>, <<"testuser1">>},
-                {<<"password">>, <<"pass1">>}],
-               [{<<"clientid">>, <<"client2">>},
-                {<<"username">>, <<"testuser2">>},
-                {<<"password">>, <<"pass2">>}]]).
-
-%%------------------------------------------------------------------------------
-%% REST Interface
-%%------------------------------------------------------------------------------
-
--rest_api(#{ name   => auth
-           , method => 'GET'
-           , path   => "/mqtt/auth"
-           , func   => authenticate
-           , descr  => "Authenticate user access permission"
-           }).
-
--rest_api(#{ name   => is_superuser
-           , method => 'GET'
-           , path   => "/mqtt/superuser"
-           , func   => is_superuser
-           , descr  => "Is super user"
-           }).
-
--rest_api(#{ name   => acl
-           , method => 'GET'
-           , path   => "/mqtt/acl"
-           , func   => check_acl
-           , descr  => "Check acl"
-           }).
-
--rest_api(#{ name   => auth
-           , method => 'POST'
-           , path   => "/mqtt/auth"
-           , func   => authenticate
-           , descr  => "Authenticate user access permission"
-           }).
-
--rest_api(#{ name   => is_superuser
-           , method => 'POST'
-           , path   => "/mqtt/superuser"
-           , func   => is_superuser
-           , descr  => "Is super user"
-           }).
-
--rest_api(#{ name   => acl
-           , method => 'POST'
-           , path   => "/mqtt/acl"
-           , func   => check_acl
-           , descr  => "Check acl"
-           }).
-
--export([ authenticate/2
-        , is_superuser/2
-        , check_acl/2
-        ]).
-
-authenticate(_Binding, Params) ->
-    return(check(Params, ?AUTH)).
-
-is_superuser(_Binding, Params) ->
-    return(check(Params, ?SUPERUSER)).
-
-check_acl(_Binding, Params) ->
-    return(check(Params, ?ACL)).
-
-return(allow) -> {200, <<"allow">>};
-return(deny) -> {400, <<"deny">>}.
-
-start(http, Inet) ->
-    application:ensure_all_started(minirest),
-    Handlers = [{"/", minirest:handler(#{modules => [?MODULE]})}],
-    Dispatch = [{"/[...]", minirest, Handlers}],
-    minirest:start_http(http_auth_server, #{socket_opts => [Inet, {port, 8991}]}, Dispatch);
-
-start(https, Inet) ->
-    application:ensure_all_started(minirest),
-    Handlers = [{"/", minirest:handler(#{modules => [?MODULE]})}],
-    Dispatch = [{"/[...]", minirest, Handlers}],
-    minirest:start_https(http_auth_server, #{socket_opts => [Inet, {port, 8991} | certopts()]}, Dispatch).
-
-%% @private
-certopts() ->
-    Certfile = filename:join(["etc", "certs", "cert.pem"]),
-    Keyfile = filename:join(["etc", "certs", "key.pem"]),
-    CaCert = filename:join(["etc", "certs", "cacert.pem"]),
-    [{verify, verify_peer},
-     {certfile, emqx_ct_helpers:deps_path(emqx, Certfile)},
-     {keyfile, emqx_ct_helpers:deps_path(emqx, Keyfile)},
-     {cacertfile, emqx_ct_helpers:deps_path(emqx, CaCert)}] ++ emqx_ct_helpers:client_ssl().
-
-stop() ->
-    minirest:stop_http(http_auth_server).
-
--spec check(HttpReqParams :: list(), DefinedConf :: list()) -> allow | deny.
-check(_Params, []) ->
-    %ct:pal("check auth_result: deny~n"),
-    deny;
-check(Params, [ConfRecord|T]) ->
-    % ct:pal("Params: ~p, ConfRecord:~p ~n", [Params, ConfRecord]),
-    case match_config(Params, ConfRecord) of
-        not_match ->
-            check(Params, T);
-        matched -> allow
-     end.
-
-match_config([], _ConfigColumn) ->
-    %ct:pal("match_config auth_result: matched~n"),
-    matched;
-
-match_config([Param|T], ConfigColumn) ->
-    %ct:pal("Param: ~p, ConfigColumn:~p ~n", [Param, ConfigColumn]),
-    case lists:member(Param, ConfigColumn) of
-        true ->
-            match_config(T, ConfigColumn);
-        false ->
-           not_match
-    end.
diff --git a/apps/emqx_auth_jwt/.gitignore b/apps/emqx_auth_jwt/.gitignore
deleted file mode 100644
index 62e4fbb25..000000000
--- a/apps/emqx_auth_jwt/.gitignore
+++ /dev/null
@@ -1,28 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_jwt.d
-data/
-.DS_Store
-cover/
-ct.coverdata
-eunit.coverdata
-logs/
-test/ct.cover.spec
-emq_auth_jwt.d
-erlang.mk
-_build/
-rebar.lock
-rebar3.crashdump
-etc/emqx_auth_jwt.conf.rendered
-.rebar3/
-*.swp
-Mnesia.nonode@nohost/
diff --git a/apps/emqx_auth_jwt/README.md b/apps/emqx_auth_jwt/README.md
deleted file mode 100644
index 9675ae87c..000000000
--- a/apps/emqx_auth_jwt/README.md
+++ /dev/null
@@ -1,90 +0,0 @@
-
-# emqx-auth-jwt
-
-EMQ X JWT Authentication Plugin
-
-Build
------
-
-```
-make && make tests
-```
-
-Configure the Plugin
---------------------
-
-File: etc/plugins/emqx_auth_jwt.conf
-
-```
-## HMAC Hash Secret.
-##
-## Value: String
-auth.jwt.secret = emqxsecret
-
-## From where the JWT string can be got
-##
-## Value: username | password
-## Default: password
-auth.jwt.from = password
-
-## RSA or ECDSA public key file.
-##
-## Value: File
-## auth.jwt.pubkey = etc/certs/jwt_public_key.pem
-
-## Enable to verify claims fields
-##
-## Value: on | off
-auth.jwt.verify_claims = off
-
-## The checklist of claims to validate
-##
-## Value: String
-## auth.jwt.verify_claims.$name = expected
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-# auth.jwt.verify_claims.username = %u
-```
-
-Load the Plugin
----------------
-
-```
-./bin/emqx_ctl plugins load emqx_auth_jwt
-```
-
-Example
--------
-
-```
-mosquitto_pub -t 'pub' -m 'hello' -i test -u test -P eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiYm9iIiwiYWdlIjoyOX0.bIV_ZQ8D5nQi0LT8AVkpM4Pd6wmlbpR9S8nOLJAsA8o
-```
-
-Algorithms
-----------
-
-The JWT spec supports several algorithms for cryptographic signing. This plugin currently supports:
-
-* HS256 - HMAC using SHA-256 hash algorithm
-* HS384 - HMAC using SHA-384 hash algorithm
-* HS512 - HMAC using SHA-512 hash algorithm
-
-* RS256 - RSA with the SHA-256 hash algorithm
-* RS384 - RSA with the SHA-384 hash algorithm
-* RS512 - RSA with the SHA-512 hash algorithm
-
-* ES256 - ECDSA using the P-256 curve
-* ES384 - ECDSA using the P-384 curve
-* ES512 - ECDSA using the P-512 curve
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
diff --git a/apps/emqx_auth_jwt/TODO.md b/apps/emqx_auth_jwt/TODO.md
deleted file mode 100644
index dfd730e0a..000000000
--- a/apps/emqx_auth_jwt/TODO.md
+++ /dev/null
@@ -1,2 +0,0 @@
-1. Notice for the [Critical vulnerabilities in JSON Web Token](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/)
-
diff --git a/apps/emqx_auth_jwt/doc/hmac-vs-ecdsa-for-jwt.txt b/apps/emqx_auth_jwt/doc/hmac-vs-ecdsa-for-jwt.txt
deleted file mode 100644
index 88fa5ebde..000000000
--- a/apps/emqx_auth_jwt/doc/hmac-vs-ecdsa-for-jwt.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-
-https://crypto.stackexchange.com/questions/30657/hmac-vs-ecdsa-for-jwt
-
diff --git a/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf b/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf
deleted file mode 100644
index e0e6d48dd..000000000
--- a/apps/emqx_auth_jwt/etc/emqx_auth_jwt.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-##--------------------------------------------------------------------
-## JWT Auth Plugin
-##--------------------------------------------------------------------
-
-## HMAC Hash Secret.
-##
-## Value: String
-auth.jwt.secret = emqxsecret
-
-## RSA or ECDSA public key file.
-##
-## Value: File
-#auth.jwt.pubkey = "etc/certs/jwt_public_key.pem"
-
-## The JWKs server address
-##
-## see: http://self-issued.info/docs/draft-ietf-jose-json-web-key.html
-##
-#auth.jwt.jwks.endpoint = "https://127.0.0.1:8080/jwks"
-
-## The JWKs refresh interval
-##
-## Value: Duration
-#auth.jwt.jwks.refresh_interval = 5m
-
-## From where the JWT string can be got
-##
-## Value: username | password
-## Default: password
-auth.jwt.from = password
-
-## Enable to verify claims fields
-##
-## Value: on | off
-auth.jwt.verify_claims.enable = off
-
-## The checklist of claims to validate
-##
-## Configuration format: auth.jwt.verify_claims.$name = $expected
-##   - $name: the name of the field in the JWT payload to be verified
-##   - $expected: the expected value
-##
-## The available placeholders for $expected:
-##   - %u: username
-##   - %c: clientid
-##
-## For example, to verify that the username in the JWT payload is the same
-## as the client (MQTT protocol) username
-#auth.jwt.verify_claims.username = "%u"
\ No newline at end of file
diff --git a/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema b/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema
deleted file mode 100644
index 10b2daa5e..000000000
--- a/apps/emqx_auth_jwt/priv/emqx_auth_jwt.schema
+++ /dev/null
@@ -1,49 +0,0 @@
-%%-*- mode: erlang -*-
-
-{mapping, "auth.jwt.secret", "emqx_auth_jwt.secret", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.jwt.jwks.endpoint", "emqx_auth_jwt.jwks", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.jwt.jwks.refresh_interval", "emqx_auth_jwt.refresh_interval", [
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "auth.jwt.from", "emqx_auth_jwt.from", [
-  {default, password},
-  {datatype, atom}
-]}.
-
-{mapping, "auth.jwt.pubkey", "emqx_auth_jwt.pubkey", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.jwt.signature_format", "emqx_auth_jwt.jwerl_opts", [
-  {default, "der"},
-  {datatype, {enum, [raw, der]}}
-]}.
-
-{mapping, "auth.jwt.verify_claims.enable", "emqx_auth_jwt.verify_claims", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.jwt.verify_claims.$name", "emqx_auth_jwt.verify_claims", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_jwt.verify_claims", fun(Conf) ->
-    case cuttlefish:conf_get("auth.jwt.verify_claims.enable", Conf) of
-        false -> cuttlefish:unset();
-        true ->
-            lists:foldr(
-              fun({["auth","jwt","verify_claims", Name], Value}, Acc) ->
-                      [{list_to_atom(Name), list_to_binary(Value)} | Acc];
-                 ({["auth","jwt","verify_claims"], _Value}, Acc) ->
-                      Acc
-              end, [], cuttlefish_variable:filter_by_prefix("auth.jwt.verify_claims", Conf))
-   end
-end}.
diff --git a/apps/emqx_auth_jwt/rebar.config b/apps/emqx_auth_jwt/rebar.config
deleted file mode 100644
index 3ec554950..000000000
--- a/apps/emqx_auth_jwt/rebar.config
+++ /dev/null
@@ -1,25 +0,0 @@
-{deps,
- [
-  {jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.1"}}}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
-{profiles,
- [{test,
-   [{deps, []}
-   ]}
- ]}.
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src
deleted file mode 100644
index 7d784e3b2..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_jwt,
- [{description, "EMQ X Authentication with JWT"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_jwt_sup]},
-  {applications, [kernel,stdlib,jose]},
-  {mod, {emqx_auth_jwt_app, []}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-jwt"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
deleted file mode 100644
index b9831bb6f..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
+++ /dev/null
@@ -1,15 +0,0 @@
-%% -*-: erlang -*-
-{VSN,
- [
-    {"4.3.0", [
-      {load_module, emqx_auth_jwt_svr, brutal_purge, soft_purge, []}
-    ]},
-    {<<".*">>, []}
- ],
- [
-    {"4.3.0", [
-      {load_module, emqx_auth_jwt_svr, brutal_purge, soft_purge, []}
-    ]},
-    {<<".*">>, []}
- ]
-}.
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
deleted file mode 100644
index ba37eac2b..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
+++ /dev/null
@@ -1,99 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_jwt).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--logger_header("[JWT]").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-%%--------------------------------------------------------------------
-%% Authentication callbacks
-%%--------------------------------------------------------------------
-
-check(ClientInfo, AuthResult, #{pid := Pid,
-                                from := From,
-                                checklists := Checklists}) ->
-    case maps:find(From, ClientInfo) of
-        error ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {ok, undefined} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {ok, Token} ->
-            case emqx_auth_jwt_svr:verify(Pid, Token) of
-                {error, not_found} ->
-                    ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-                {error, not_token} ->
-                    ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-                {error, Reason} ->
-                    ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-                    {stop, AuthResult#{auth_result => Reason, anonymous => false}};
-                {ok, Claims} ->
-                    {stop, maps:merge(AuthResult, verify_claims(Checklists, Claims, ClientInfo))}
-            end
-    end.
-
-description() -> "Authentication with JWT".
-
-%%------------------------------------------------------------------------------
-%% Verify Claims
-%%--------------------------------------------------------------------
-
-verify_claims(Checklists, Claims, ClientInfo) ->
-    case do_verify_claims(feedvar(Checklists, ClientInfo), Claims) of
-        {error, Reason} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-            #{auth_result => Reason, anonymous => false};
-        ok ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(success)),
-            #{auth_result => success, anonymous => false, jwt_claims => Claims}
-    end.
-
-do_verify_claims([], _Claims) ->
-    ok;
-do_verify_claims([{Key, Expected} | L], Claims) ->
-    case maps:get(Key, Claims, undefined) =:= Expected of
-        true -> do_verify_claims(L, Claims);
-        false -> {error, {verify_claim_failed, Key}}
-    end.
-
-feedvar(Checklists, #{username := Username, clientid := ClientId}) ->
-    lists:map(fun({K, <<"%u">>}) -> {K, Username};
-                 ({K, <<"%c">>}) -> {K, ClientId};
-                 ({K, Expected}) -> {K, Expected}
-              end, Checklists).
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl
deleted file mode 100644
index e501b0af4..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt_app.erl
+++ /dev/null
@@ -1,81 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_jwt_app).
-
--behaviour(application).
-
--behaviour(supervisor).
-
--emqx_plugin(auth).
-
--export([start/2, stop/1]).
-
--export([init/1]).
-
--define(APP, emqx_auth_jwt).
-
-start(_Type, _Args) ->
-    {ok, Sup} = supervisor:start_link({local, ?MODULE}, ?MODULE, []),
-
-    {ok, Pid} = start_auth_server(jwks_svr_options()),
-    ok = emqx_auth_jwt:register_metrics(),
-    AuthEnv0 = auth_env(),
-    AuthEnv1 = AuthEnv0#{pid => Pid},
-
-    _ = emqx:hook('client.authenticate', {emqx_auth_jwt, check, [AuthEnv1]}),
-    {ok, Sup, AuthEnv1}.
-
-stop(AuthEnv) ->
-    emqx:unhook('client.authenticate', {emqx_auth_jwt, check, [AuthEnv]}).
-
-%%--------------------------------------------------------------------
-%% Dummy supervisor
-%%--------------------------------------------------------------------
-
-init([]) ->
-    {ok, {{one_for_all, 1, 10}, []}}.
-
-start_auth_server(Options) ->
-    Spec = #{id => jwt_svr,
-             start => {emqx_auth_jwt_svr, start_link, [Options]},
-             restart => permanent,
-             shutdown => brutal_kill,
-             type => worker,
-             modules => [emqx_auth_jwt_svr]},
-    supervisor:start_child(?MODULE, Spec).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-auth_env() ->
-    Checklists = [{atom_to_binary(K, utf8), V}
-                  || {K, V} <- env(verify_claims, [])],
-    #{ from => env(from, password)
-     , checklists => Checklists
-     }.
-
-jwks_svr_options() ->
-    [{K, V} || {K, V}
-             <- [{secret, env(secret, undefined)},
-                 {pubkey, env(pubkey, undefined)},
-                 {jwks_addr, env(jwks, undefined)},
-                 {interval, env(refresh_interval, undefined)}],
-             V /= undefined].
-
-env(Key, Default) ->
-    application:get_env(?APP, Key, Default).
diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
deleted file mode 100644
index b9d19bf57..000000000
--- a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl
+++ /dev/null
@@ -1,224 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_jwt_svr).
-
--behaviour(gen_server).
-
--include_lib("emqx/include/logger.hrl").
--include_lib("jose/include/jose_jwk.hrl").
-
--logger_header("[JWT-SVR]").
-
-%% APIs
--export([start_link/1]).
-
--export([verify/2]).
-
-%% gen_server callbacks
--export([ init/1
-        , handle_call/3
-        , handle_cast/2
-        , handle_info/2
-        , terminate/2
-        , code_change/3
-        ]).
-
--type options() :: [option()].
--type option() :: {secret, list()}
-                | {pubkey, list()}
-                | {jwks_addr, list()}
-                | {interval, pos_integer()}.
-
--define(INTERVAL, 300000).
-
--record(state, {static, remote, addr, tref, intv}).
-
-%%--------------------------------------------------------------------
-%% APIs
-%%--------------------------------------------------------------------
-
--spec start_link(options()) -> gen_server:start_ret().
-start_link(Options) ->
-    gen_server:start_link(?MODULE, [Options], []).
-
--spec verify(pid(), binary())
-    -> {error, term()}
-     | {ok, Payload :: map()}.
-verify(S, JwsCompacted) when is_binary(JwsCompacted) ->
-    case catch jose_jws:peek(JwsCompacted) of
-        {'EXIT', _} -> {error, not_token};
-        _ -> gen_server:call(S, {verify, JwsCompacted})
-    end.
-
-%%--------------------------------------------------------------------
-%% gen_server callbacks
-%%--------------------------------------------------------------------
-
-init([Options]) ->
-    ok = jose:json_module(jiffy),
-    {Static, Remote} = do_init_jwks(Options),
-    Intv = proplists:get_value(interval, Options, ?INTERVAL),
-    {ok, reset_timer(
-           #state{
-              static = Static,
-              remote = Remote,
-              addr = proplists:get_value(jwks_addr, Options),
-              intv = Intv})}.
-
-%% @private
-do_init_jwks(Options) ->
-    K2J = fun(K, F) ->
-              case proplists:get_value(K, Options) of
-                  undefined -> undefined;
-                  V ->
-                     try F(V) of
-                         {error, Reason} ->
-                             ?LOG(warning, "Build ~p JWK ~p failed: {error, ~p}~n",
-                                  [K, V, Reason]),
-                             undefined;
-                         J -> J
-                     catch T:R:_ ->
-                         ?LOG(warning, "Build ~p JWK ~p failed: {~p, ~p}~n",
-                              [K, V, T, R]),
-                         undefined
-                     end
-              end
-          end,
-    OctJwk = K2J(secret, fun(V) ->
-                             jose_jwk:from_oct(list_to_binary(V))
-                         end),
-    PemJwk = K2J(pubkey, fun jose_jwk:from_pem_file/1),
-    Remote = K2J(jwks_addr, fun request_jwks/1),
-    {[J ||J <- [OctJwk, PemJwk], J /= undefined], Remote}.
-
-handle_call({verify, JwsCompacted}, _From, State) ->
-    handle_verify(JwsCompacted, State);
-
-handle_call(_Req, _From, State) ->
-    {reply, ok, State}.
-
-handle_cast(_Msg, State) ->
-    {noreply, State}.
-
-handle_info({timeout, _TRef, refresh}, State = #state{addr = Addr}) ->
-    NState = try
-                 State#state{remote = request_jwks(Addr)}
-             catch _:_ ->
-                 State
-             end,
-    {noreply, reset_timer(NState)};
-
-handle_info(_Info, State) ->
-    {noreply, State}.
-
-terminate(_Reason, State) ->
-    _ = cancel_timer(State),
-    ok.
-
-code_change(_OldVsn, State, _Extra) ->
-    {ok, State}.
-
-%%--------------------------------------------------------------------
-%% Internal funcs
-%%--------------------------------------------------------------------
-
-handle_verify(JwsCompacted,
-              State = #state{static = Static, remote = Remote}) ->
-    try
-        Jwks = case emqx_json:decode(jose_jws:peek_protected(JwsCompacted), [return_maps]) of
-                   #{<<"kid">> := Kid} when Remote /= undefined ->
-                       [J || J <- Remote, maps:get(<<"kid">>, J#jose_jwk.fields, undefined) =:= Kid];
-                   _ -> Static
-               end,
-        case Jwks of
-            [] -> {reply, {error, not_found}, State};
-            _ ->
-                {reply, do_verify(JwsCompacted, Jwks), State}
-        end
-    catch
-        Class : Reason : Stk ->
-            ?LOG(error, "Handle JWK crashed: ~p, ~p, stacktrace: ~p~n",
-                        [Class, Reason, Stk]),
-            {reply, {error, invalid_signature}, State}
-    end.
-
-request_jwks(Addr) ->
-    case httpc:request(get, {Addr, []}, [], [{body_format, binary}]) of
-        {error, Reason} ->
-            error(Reason);
-        {ok, {_Code, _Headers, Body}} ->
-            try
-                JwkSet = jose_jwk:from(emqx_json:decode(Body, [return_maps])),
-                {_, Jwks} = JwkSet#jose_jwk.keys, Jwks
-            catch _:_ ->
-                ?LOG(error, "Invalid jwks server response: ~p~n", [Body]),
-                error(badarg)
-            end
-    end.
-
-reset_timer(State = #state{addr = undefined}) ->
-    State;
-reset_timer(State = #state{intv = Intv}) ->
-    State#state{tref = erlang:start_timer(Intv, self(), refresh)}.
-
-cancel_timer(State = #state{tref = undefined}) ->
-    State;
-cancel_timer(State = #state{tref = TRef}) ->
-    _ = erlang:cancel_timer(TRef),
-    State#state{tref = undefined}.
-
-do_verify(_JwsCompated, []) ->
-    {error, invalid_signature};
-do_verify(JwsCompacted, [Jwk|More]) ->
-    case jose_jws:verify(Jwk, JwsCompacted) of
-        {true, Payload, _Jws} ->
-            Claims = emqx_json:decode(Payload, [return_maps]),
-            case check_claims(Claims) of
-                {false, <<"exp">>} ->
-                    {error, {invalid_signature, expired}};
-                NClaims ->
-                    {ok, NClaims}
-            end;
-        {false, _, _} ->
-            do_verify(JwsCompacted, More)
-    end.
-
-check_claims(Claims) ->
-    Now = os:system_time(seconds),
-    Checker = [{<<"exp">>, fun(ExpireTime) ->
-                               Now < ExpireTime
-                           end},
-               {<<"iat">>, fun(IssueAt) ->
-                               IssueAt =< Now
-                           end},
-               {<<"nbf">>, fun(NotBefore) ->
-                               NotBefore =< Now
-                           end}
-              ],
-    do_check_claim(Checker, Claims).
-
-do_check_claim([], Claims) ->
-    Claims;
-do_check_claim([{K, F}|More], Claims) ->
-    case maps:take(K, Claims) of
-        error -> do_check_claim(More, Claims);
-        {V, NClaims} ->
-            case F(V) of
-                true -> do_check_claim(More, NClaims);
-                _ -> {false, K}
-            end
-    end.
diff --git a/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl b/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl
deleted file mode 100644
index d4f562b6f..000000000
--- a/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl
+++ /dev/null
@@ -1,166 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_jwt_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--define(APP, emqx_auth_jwt).
-
-all() ->
-    [{group, emqx_auth_jwt}].
-
-groups() ->
-    [{emqx_auth_jwt, [sequence], [ t_check_auth
-                                 , t_check_claims
-                                 , t_check_claims_clientid
-                                 , t_check_claims_username
-                                 , t_check_claims_kid_in_header
-                                 ]}
-    ].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_auth_jwt], fun set_special_configs/1),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_auth_jwt]).
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, enable_acl_cache, false),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    AclFilePath = filename:join(["test", "emqx_SUITE_data", "acl.conf"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath)),
-    application:set_env(emqx, acl_file,
-                        emqx_ct_helpers:deps_path(emqx, AclFilePath));
-
-set_special_configs(emqx_auth_jwt) ->
-    application:set_env(emqx_auth_jwt, secret, "emqxsecret"),
-    application:set_env(emqx_auth_jwt, from, password);
-
-set_special_configs(_) ->
-    ok.
-
-sign(Payload, Header, Key) when is_map(Header) ->
-    Jwk = jose_jwk:from_oct(Key),
-    Jwt = emqx_json:encode(Payload),
-    {_, Token} = jose_jws:compact(jose_jwt:sign(Jwk, Header, Jwt)),
-    Token;
-
-sign(Payload, Alg, Key) ->
-    Jwk = jose_jwk:from_oct(Key),
-    Jwt = emqx_json:encode(Payload),
-    {_, Token} = jose_jws:compact(jose_jwt:sign(Jwk, #{<<"alg">> => Alg}, Jwt)),
-    Token.
-
-%%------------------------------------------------------------------------------
-%% Testcases
-%%------------------------------------------------------------------------------
-
-t_check_auth(_) ->
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{clientid, <<"client1">>},
-                {username, <<"plain">>},
-                {exp, os:system_time(seconds) + 3}], <<"HS256">>, <<"emqxsecret">>),
-    ct:pal("Jwt: ~p~n", [Jwt]),
-
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := #{<<"clientid">> := <<"client1">>}}}, Result0),
-
-    ct:sleep(3100),
-    Result1 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result after 1000ms: ~p~n", [Result1]),
-    ?assertMatch({error, _}, Result1),
-
-    Jwt_Error = sign([{client_id, <<"client1">>},
-                      {username, <<"plain">>}], <<"HS256">>, <<"secret">>),
-    ct:pal("invalid jwt: ~p~n", [Jwt_Error]),
-    Result2 = emqx_access_control:authenticate(Plain#{password => Jwt_Error}),
-    ct:pal("Auth result for the invalid jwt: ~p~n", [Result2]),
-    ?assertEqual({error, invalid_signature}, Result2),
-    ?assertMatch({error, _}, emqx_access_control:authenticate(Plain#{password => <<"asd">>})).
-
-t_check_claims(_) ->
-    application:set_env(emqx_auth_jwt, verify_claims, [{sub, <<"value">>}]),
-    application:stop(emqx_auth_jwt), application:start(emqx_auth_jwt),
-
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{client_id, <<"client1">>},
-                {username, <<"plain">>},
-                {sub, value},
-                {exp, os:system_time(seconds) + 3}], <<"HS256">>, <<"emqxsecret">>),
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result0),
-    Jwt_Error = sign([{clientid, <<"client1">>},
-                       {username, <<"plain">>}], <<"HS256">>, <<"secret">>),
-    Result2 = emqx_access_control:authenticate(Plain#{password => Jwt_Error}),
-    ct:pal("Auth result for the invalid jwt: ~p~n", [Result2]),
-    ?assertEqual({error, invalid_signature}, Result2).
-
-t_check_claims_clientid(_) ->
-    application:set_env(emqx_auth_jwt, verify_claims, [{clientid, <<"%c">>}]),
-    application:stop(emqx_auth_jwt), application:start(emqx_auth_jwt),
-    Plain = #{clientid => <<"client23">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{clientid, <<"client23">>},
-                {username, <<"plain">>},
-                {exp, os:system_time(seconds) + 3}], <<"HS256">>, <<"emqxsecret">>),
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result0),
-    Jwt_Error = sign([{clientid, <<"client1">>},
-                      {username, <<"plain">>}], <<"HS256">>, <<"secret">>),
-    Result2 = emqx_access_control:authenticate(Plain#{password => Jwt_Error}),
-    ct:pal("Auth result for the invalid jwt: ~p~n", [Result2]),
-    ?assertEqual({error, invalid_signature}, Result2).
-
-t_check_claims_username(_) ->
-    application:set_env(emqx_auth_jwt, verify_claims, [{username, <<"%u">>}]),
-    application:stop(emqx_auth_jwt), application:start(emqx_auth_jwt),
-
-    Plain = #{clientid => <<"client23">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{client_id, <<"client23">>},
-                {username, <<"plain">>},
-                {exp, os:system_time(seconds) + 3}], <<"HS256">>, <<"emqxsecret">>),
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result0),
-    Jwt_Error = sign([{clientid, <<"client1">>},
-                      {username, <<"plain">>}], <<"HS256">>, <<"secret">>),
-    Result3 = emqx_access_control:authenticate(Plain#{password => Jwt_Error}),
-    ct:pal("Auth result for the invalid jwt: ~p~n", [Result3]),
-    ?assertEqual({error, invalid_signature}, Result3).
-
-t_check_claims_kid_in_header(_) ->
-    application:set_env(emqx_auth_jwt, verify_claims, []),
-    Plain = #{clientid => <<"client23">>, username => <<"plain">>, zone => external},
-    Jwt = sign([{clientid, <<"client23">>},
-                {username, <<"plain">>},
-                {exp, os:system_time(seconds) + 3}],
-               #{<<"alg">> => <<"HS256">>,
-                 <<"kid">> => <<"a_kid_str">>}, <<"emqxsecret">>),
-    Result0 = emqx_access_control:authenticate(Plain#{password => Jwt}),
-    ct:pal("Auth result: ~p~n", [Result0]),
-    ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result0).
diff --git a/apps/emqx_auth_ldap/.gitignore b/apps/emqx_auth_ldap/.gitignore
deleted file mode 100644
index eb8f0639f..000000000
--- a/apps/emqx_auth_ldap/.gitignore
+++ /dev/null
@@ -1,25 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_ldap.d
-data/
-cover/
-ct.coverdata
-eunit.coverdata
-logs/
-test/ct.cover.spec
-.DS_Store
-_build/
-rebar.lock
-erlang.mk
-rebar3.crashdump
-.rebar3/
-etc/emqx_auth_ldap.conf.rendered
diff --git a/apps/emqx_auth_ldap/README.md b/apps/emqx_auth_ldap/README.md
deleted file mode 100644
index c4d56c839..000000000
--- a/apps/emqx_auth_ldap/README.md
+++ /dev/null
@@ -1,96 +0,0 @@
-emqx_auth_ldap
-==============
-
-EMQ X LDAP Authentication Plugin
-
-Build
------
-
-```
-make
-```
-
-Load the Plugin
----------------
-
-```
-# ./bin/emqx_ctl plugins load emqx_auth_ldap
-```
-
-Generate Password
----------------
-
-```
-slappasswd -h '{ssha}' -s public
-```
-
-Configuration Open LDAP
------------------------
-
-vim /etc/openldap/slapd.conf
-
-```
-include         /etc/openldap/schema/core.schema
-include         /etc/openldap/schema/cosine.schema
-include         /etc/openldap/schema/inetorgperson.schema
-include         /etc/openldap/schema/ppolicy.schema
-include         /etc/openldap/schema/emqx.schema
-
-database bdb
-suffix "dc=emqx,dc=io"
-rootdn "cn=root,dc=emqx,dc=io"
-rootpw {SSHA}eoF7NhNrejVYYyGHqnt+MdKNBh4r1w3W
-
-directory       /etc/openldap/data
-```
-
-If the ldap launched with error below:
-```
-Unrecognized database type (bdb)
-5c4a72b9 slapd.conf: line 7: <database> failed init (bdb)
-slapadd: bad configuration file!
-```
-
-Insert lines to the slapd.conf
-```
-modulepath /usr/lib/ldap
-moduleload back_bdb.la
-```
-
-Import EMQX User Data
-----------------------
-
-Use ldapadd
-```
-# ldapadd -x -D "cn=root,dc=emqx,dc=io" -w public -f emqx.com.ldif
-```
-
-Use slapadd
-```
-# sudo slapadd -l schema/emqx.io.ldif -f slapd.conf
-```
-
-Launch slapd
-```
-# sudo slapd -d 3
-```
-
-Test
------
-After configure slapd correctly and launch slapd successfully.
-You could execute
-
-``` bash
-# make tests
-```
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_ldap/emqx.io.ldif b/apps/emqx_auth_ldap/emqx.io.ldif
deleted file mode 100644
index f9833cd88..000000000
--- a/apps/emqx_auth_ldap/emqx.io.ldif
+++ /dev/null
@@ -1,135 +0,0 @@
-## create emqx.io
-
-dn:dc=emqx,dc=io
-objectclass: top
-objectclass: dcobject
-objectclass: organization
-dc:emqx
-o:emqx,Inc.
-
-# create testdevice.emqx.io
-dn:ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectclass:organizationalUnit
-ou:testdevice
-
-# create user admin
-dn:uid=admin,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: simpleSecurityObject
-objectClass: account
-userPassword:: e1NIQX1XNnBoNU1tNVB6OEdnaVVMYlBnekczN21qOWc9
-uid: admin
-
-## create user=mqttuser0001,
-#         password=mqttuser0001,
-#         passhash={SHA}mlb3fat40MKBTXUVZwCKmL73R/0=
-#         base64passhash=e1NIQX1tbGIzZmF0NDBNS0JUWFVWWndDS21MNzNSLzA9
-dn:uid=mqttuser0001,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0001
-isEnabled: TRUE
-mqttAccountName: user1
-mqttPublishTopic: mqttuser0001/pub/1
-mqttPublishTopic: mqttuser0001/pub/+
-mqttPublishTopic: mqttuser0001/pub/#
-mqttSubscriptionTopic: mqttuser0001/sub/1
-mqttSubscriptionTopic: mqttuser0001/sub/+
-mqttSubscriptionTopic: mqttuser0001/sub/#
-mqttPubSubTopic: mqttuser0001/pubsub/1
-mqttPubSubTopic: mqttuser0001/pubsub/+
-mqttPubSubTopic: mqttuser0001/pubsub/#
-userPassword:: e1NIQX1tbGIzZmF0NDBNS0JUWFVWWndDS21MNzNSLzA9
-
-## create user=mqttuser0002
-#         password=mqttuser0002,
-#         passhash={SSHA}n9XdtoG4Q/TQ3TQF4Y+khJbMBH4qXj4M
-#         base64passhash=e1NTSEF9bjlYZHRvRzRRL1RRM1RRRjRZK2toSmJNQkg0cVhqNE0=
-dn:uid=mqttuser0002,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0002
-isEnabled: TRUE
-mqttAccountName: user2
-mqttPublishTopic: mqttuser0002/pub/1
-mqttPublishTopic: mqttuser0002/pub/+
-mqttPublishTopic: mqttuser0002/pub/#
-mqttSubscriptionTopic: mqttuser0002/sub/1
-mqttSubscriptionTopic: mqttuser0002/sub/+
-mqttSubscriptionTopic: mqttuser0002/sub/#
-mqttPubSubTopic: mqttuser0002/pubsub/1
-mqttPubSubTopic: mqttuser0002/pubsub/+
-mqttPubSubTopic: mqttuser0002/pubsub/#
-userPassword:: e1NTSEF9bjlYZHRvRzRRL1RRM1RRRjRZK2toSmJNQkg0cVhqNE0=
-
-## create user mqttuser0003
-#         password=mqttuser0003,
-#         passhash={MD5}ybsPGoaK3nDyiQvveiCOIw==
-#         base64passhash=e01ENX15YnNQR29hSzNuRHlpUXZ2ZWlDT0l3PT0=
-dn:uid=mqttuser0003,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0003
-isEnabled: TRUE
-mqttPublishTopic: mqttuser0003/pub/1
-mqttPublishTopic: mqttuser0003/pub/+
-mqttPublishTopic: mqttuser0003/pub/#
-mqttSubscriptionTopic: mqttuser0003/sub/1
-mqttSubscriptionTopic: mqttuser0003/sub/+
-mqttSubscriptionTopic: mqttuser0003/sub/#
-mqttPubSubTopic: mqttuser0003/pubsub/1
-mqttPubSubTopic: mqttuser0003/pubsub/+
-mqttPubSubTopic: mqttuser0003/pubsub/#
-userPassword:: e01ENX15YnNQR29hSzNuRHlpUXZ2ZWlDT0l3PT0=
-
-## create user mqttuser0004
-#         password=mqttuser0004,
-#         passhash={MD5}2Br6pPDSEDIEvUlu9+s+MA==
-#         base64passhash=e01ENX0yQnI2cFBEU0VESUV2VWx1OStzK01BPT0=
-dn:uid=mqttuser0004,ou=testdevice,dc=emqx,dc=io
-objectClass: top
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0004
-isEnabled: TRUE
-mqttPublishTopic: mqttuser0004/pub/1
-mqttPublishTopic: mqttuser0004/pub/+
-mqttPublishTopic: mqttuser0004/pub/#
-mqttSubscriptionTopic: mqttuser0004/sub/1
-mqttSubscriptionTopic: mqttuser0004/sub/+
-mqttSubscriptionTopic: mqttuser0004/sub/#
-mqttPubSubTopic: mqttuser0004/pubsub/1
-mqttPubSubTopic: mqttuser0004/pubsub/+
-mqttPubSubTopic: mqttuser0004/pubsub/#
-userPassword: {MD5}2Br6pPDSEDIEvUlu9+s+MA==
-
-## create user mqttuser0005
-#         password=mqttuser0005,
-#         passhash={SHA}jKnxeEDGR14kE8AR7yuVFOelhz4=
-#         base64passhash=e1NIQX1qS254ZUVER1IxNGtFOEFSN3l1VkZPZWxoejQ9
-objectClass: top
-dn:uid=mqttuser0005,ou=testdevice,dc=emqx,dc=io
-objectClass: mqttUser
-objectClass: mqttDevice
-objectClass: mqttSecurity
-uid: mqttuser0005
-isEnabled: TRUE
-mqttPublishTopic: mqttuser0005/pub/1
-mqttPublishTopic: mqttuser0005/pub/+
-mqttPublishTopic: mqttuser0005/pub/#
-mqttSubscriptionTopic: mqttuser0005/sub/1
-mqttSubscriptionTopic: mqttuser0005/sub/+
-mqttSubscriptionTopic: mqttuser0005/sub/#
-mqttPubSubTopic: mqttuser0005/pubsub/1
-mqttPubSubTopic: mqttuser0005/pubsub/+
-mqttPubSubTopic: mqttuser0005/pubsub/#
-userPassword: {SHA}jKnxeEDGR14kE8AR7yuVFOelhz4=
-
diff --git a/apps/emqx_auth_ldap/emqx.schema b/apps/emqx_auth_ldap/emqx.schema
deleted file mode 100644
index 55f92269b..000000000
--- a/apps/emqx_auth_ldap/emqx.schema
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-# Preliminary Apple OS X Native LDAP Schema
-# This file is subject to change.
-#
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.1.3 NAME 'isEnabled'
-	EQUALITY booleanMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.1 NAME ( 'mqttPublishTopic' 'mpt' )
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.2 NAME ( 'mqttSubscriptionTopic' 'mst' )
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.3 NAME ( 'mqttPubSubTopic' 'mpst' )
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4.4 NAME ( 'mqttAccountName' 'man' )
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-
-
-objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.4 NAME 'mqttUser'
-	AUXILIARY
-	MAY ( mqttPublishTopic $ mqttSubscriptionTopic $ mqttPubSubTopic $ mqttAccountName) )
-
-objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.2 NAME 'mqttDevice'
-	SUP top
-	STRUCTURAL
-	MUST ( uid )
-	MAY ( isEnabled ) )
-
-objectclass ( 1.3.6.1.4.1.11.2.53.2.2.3.1.2.3.3 NAME 'mqttSecurity'
-	SUP top
-	AUXILIARY
-	MAY ( userPassword $ userPKCS12 $ pwdAttribute $ pwdLockout ) )
diff --git a/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf b/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
deleted file mode 100644
index b457229e3..000000000
--- a/apps/emqx_auth_ldap/etc/emqx_auth_ldap.conf
+++ /dev/null
@@ -1,76 +0,0 @@
-##--------------------------------------------------------------------
-## LDAP Auth Plugin
-##--------------------------------------------------------------------
-
-## LDAP server list, seperated by ','.
-##
-## Value: String
-auth.ldap.servers = "127.0.0.1"
-
-## LDAP server port.
-##
-## Value: Port
-auth.ldap.port = 389
-
-## LDAP pool size
-##
-## Value: String
-auth.ldap.pool = 8
-
-## LDAP Bind DN.
-##
-## Value: DN
-auth.ldap.bind_dn = "cn=root,dc=emqx,dc=io"
-
-## LDAP Bind Password.
-##
-## Value: String
-auth.ldap.bind_password = public
-
-## LDAP query timeout.
-##
-## Value: Number
-auth.ldap.timeout = 30s
-
-## Device DN.
-##
-## Variables:
-##
-## Value: DN
-auth.ldap.device_dn = "ou=device,dc=emqx,dc=io"
-
-## Specified ObjectClass
-##
-## Variables:
-##
-## Value: string
-auth.ldap.match_objectclass = mqttUser
-
-## attributetype for username
-##
-## Variables:
-##
-## Value: string
-auth.ldap.username.attributetype = uid
-
-## attributetype for password
-##
-## Variables:
-##
-## Value: string
-auth.ldap.password.attributetype = userPassword
-
-## Whether to enable SSL.
-##
-## Value: true | false
-auth.ldap.ssl.enable = false
-
-#auth.ldap.ssl.certfile = "etc/certs/cert.pem"
-
-#auth.ldap.ssl.keyfile = "etc/certs/key.pem"
-
-#auth.ldap.ssl.cacertfile = "etc/certs/cacert.pem"
-
-#auth.ldap.ssl.verify = "verify_peer"
-
-#auth.ldap.ssl.server_name_indication = your_server_name
diff --git a/apps/emqx_auth_ldap/include/emqx_auth_ldap.hrl b/apps/emqx_auth_ldap/include/emqx_auth_ldap.hrl
deleted file mode 100644
index 8950c0ec8..000000000
--- a/apps/emqx_auth_ldap/include/emqx_auth_ldap.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
-
--define(APP, emqx_auth_ldap).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema b/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema
deleted file mode 100644
index f9c3bf16b..000000000
--- a/apps/emqx_auth_ldap/priv/emqx_auth_ldap.schema
+++ /dev/null
@@ -1,174 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_ldap config mapping
-
-{mapping, "auth.ldap.servers", "emqx_auth_ldap.ldap", [
-  {default, "127.0.0.1"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.port", "emqx_auth_ldap.ldap", [
-  {default, 389},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.ldap.pool", "emqx_auth_ldap.ldap", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.ldap.bind_dn", "emqx_auth_ldap.ldap", [
-  {datatype, string},
-  {default, "cn=root,dc=emqx,dc=io"}
-]}.
-
-{mapping, "auth.ldap.bind_password", "emqx_auth_ldap.ldap", [
-  {datatype, string},
-  {default, "public"}
-]}.
-
-{mapping, "auth.ldap.timeout", "emqx_auth_ldap.ldap", [
-  {default, "30s"},
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "auth.ldap.ssl.enable", "emqx_auth_ldap.ldap", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.ldap.ssl.certfile", "emqx_auth_ldap.ldap", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.ssl.keyfile", "emqx_auth_ldap.ldap", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.ssl.cacertfile", "emqx_auth_ldap.ldap", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.ssl.verify", "emqx_auth_ldap.ldap", [
-  {default, verify_none},
-  {datatype, {enum, [verify_none, verify_peer]}}
-]}.
-
-{mapping, "auth.ldap.ssl.server_name_indication", "emqx_auth_ldap.ldap", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_ldap.ldap", fun(Conf) ->
-    A2N = fun(A) -> case inet:parse_address(A) of {ok, N} -> N; _ -> A end end,
-    Servers = [A2N(A) || A <- string:tokens(cuttlefish:conf_get("auth.ldap.servers", Conf), ",")],
-    Port = cuttlefish:conf_get("auth.ldap.port", Conf),
-    Pool = cuttlefish:conf_get("auth.ldap.pool", Conf),
-    BindDN = cuttlefish:conf_get("auth.ldap.bind_dn", Conf),
-    BindPassword = cuttlefish:conf_get("auth.ldap.bind_password", Conf),
-    Timeout = cuttlefish:conf_get("auth.ldap.timeout", Conf),
-    Filter = fun(Ls) -> [E || E = {_, V} <- Ls, V /= undefined]end,
-    SslOpts = fun() ->
-                [{certfile, cuttlefish:conf_get("auth.ldap.ssl.certfile", Conf)},
-                 {keyfile, cuttlefish:conf_get("auth.ldap.ssl.keyfile", Conf)},
-                 {cacertfile, cuttlefish:conf_get("auth.ldap.ssl.cacertfile", Conf, undefined)},
-                 {verify, cuttlefish:conf_get("auth.ldap.ssl.verify", Conf, undefined)},
-                 {server_name_indication, case cuttlefish:conf_get("auth.ldap.ssl.server_name_indication", Conf, undefined) of
-                                            "disable" -> disable;
-                                            SNI -> SNI
-                                          end}]
-              end,
-    Opts = [{servers, Servers},
-            {port, Port},
-            {timeout, Timeout},
-            {bind_dn, BindDN},
-            {bind_password, BindPassword},
-            {pool, Pool},
-            {auto_reconnect, 2}],
-    case cuttlefish:conf_get("auth.ldap.ssl.enable", Conf) of
-        true  -> [{ssl, true}, {sslopts, Filter(SslOpts())}|Opts];
-        false -> [{ssl, false}|Opts]
-    end
-end}.
-
-{mapping, "auth.ldap.device_dn", "emqx_auth_ldap.device_dn", [
-  {default, "ou=device,dc=emqx,dc=io"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.match_objectclass", "emqx_auth_ldap.match_objectclass", [
-  {default, "mqttUser"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.custom_base_dn", "emqx_auth_ldap.custom_base_dn", [
-  {default, "${username_attr}=${user},${device_dn}"},
-  {datatype, string}
-]}.
-
-%% auth.ldap.filters.1.key = "objectClass"
-%% auth.ldap.filters.1.value = "mqttUser"
-%% auth.ldap.filters.1.op = "and"
-%% auth.ldap.filters.2.key = "uiAttr"
-%% auth.ldap.filters.2.value "someAttr"
-%% auth.ldap.filters.2.op = "or"
-%% auth.ldap.filters.3.key = "someKey"
-%% auth.ldap.filters.3.value = "someValue"
-%% The configuratation structure sent to the application:
-%%   [{"objectClass","mqttUser"},"and",{"uiAttr","someAttr"},"or",{"someKey","someAttr"}]
-%% The resulting LDAP filter would look like this:
-%% ==> "|(&(objectClass=Class)(uiAttr=someAttr)(someKey=someValue))"
-{translation, "emqx_auth_ldap.filters",
-fun(Conf) ->
-        Settings = cuttlefish_variable:filter_by_prefix("auth.ldap.filters", Conf),
-        Keys = [{Num, {key, V}} || {["auth","ldap","filters", Num, "key"], V} <- Settings],
-        Values = [{Num, {value, V}} || {["auth","ldap","filters", Num, "value"], V} <- Settings],
-        Ops = [{Num, {op, V}} || {["auth","ldap","filters", Num, "op"], V} <- Settings],
-        RawFilters = Keys ++ Values ++ Ops,
-        Filters =
-            lists:foldl(
-              fun({Num,{T,V}}, Acc)->
-                      maps:update_with(Num,
-                                       fun(F)->
-                                               maps:put(T,V,F)
-                                       end,
-                                       #{T=>V}, Acc)
-              end, #{}, RawFilters),
-        Order=lists:usort(maps:keys(Filters)),
-        lists:reverse(
-          lists:foldl(
-            fun(F,Acc)->
-                    case F of
-                        #{key:=K, op:=Op, value:=V} -> [Op,{K,V}|Acc];
-                        #{key:=K, value:=V} -> [{K,V}|Acc]
-                    end
-            end,
-            [],
-            lists:map(fun(K) -> maps:get(K, Filters) end, Order)))
-end}.
-
-{mapping, "auth.ldap.filters.$num.key", "emqx_auth_ldap.filters", [
-    {datatype, string}
-]}.
-
-{mapping, "auth.ldap.filters.$num.value", "emqx_auth_ldap.filters", [
-    {datatype, string}
-]}.
-
-{mapping, "auth.ldap.filters.$num.op", "emqx_auth_ldap.filters", [
-    {datatype, {enum, [ "or", "and" ] } }
-]}.
-
-
-{mapping, "auth.ldap.bind_as_user", "emqx_auth_ldap.bind_as_user", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.ldap.username.attributetype", "emqx_auth_ldap.username_attr", [
-  {default, "uid"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.ldap.password.attributetype", "emqx_auth_ldap.password_attr", [
-  {default, "userPassword"},
-  {datatype, string}
-]}.
diff --git a/apps/emqx_auth_ldap/rebar.config b/apps/emqx_auth_ldap/rebar.config
deleted file mode 100644
index 811468a7b..000000000
--- a/apps/emqx_auth_ldap/rebar.config
+++ /dev/null
@@ -1,25 +0,0 @@
-{deps,
- [{eldap2, {git, "https://github.com/emqx/eldap2", {tag, "v0.2.2"}}}
- ]}.
-
-{profiles,
- [{test,
-   [{deps, []}
-   ]}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
deleted file mode 100644
index 1b76c32c8..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_ldap,
- [{description, "EMQ X Authentication/ACL with LDAP"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_ldap_sup]},
-  {applications, [kernel,stdlib,eldap2,ecpool]},
-  {mod, {emqx_auth_ldap_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-ldap"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
deleted file mode 100644
index 9163362c7..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
+++ /dev/null
@@ -1,210 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap).
-
--include("emqx_auth_ldap.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eldap/include/eldap.hrl").
--include_lib("emqx/include/logger.hrl").
-
--import(proplists, [get_value/2]).
-
--import(emqx_auth_ldap_cli, [search/3]).
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        , prepare_filter/4
-        , replace_vars/2
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{username := Username, password := Password}, AuthResult,
-      State = #{password_attr := PasswdAttr, bind_as_user := BindAsUserRequired, pool := Pool}) ->
-    CheckResult =
-        case lookup_user(Username, State) of
-            undefined -> {error, not_found};
-            {error, Error} -> {error, Error};
-            Entry ->
-                PasswordString = binary_to_list(Password),
-                ObjectName = Entry#eldap_entry.object_name,
-                Attributes = Entry#eldap_entry.attributes,
-                case BindAsUserRequired of
-                    true ->
-                        emqx_auth_ldap_cli:post_bind(Pool, ObjectName, PasswordString);
-                    false ->
-                        case get_value(PasswdAttr, Attributes) of
-                            undefined ->
-                                logger:error("LDAP Search State: ~p, uid: ~p, result:~p",
-                                             [State, Username, Attributes]),
-                                {error, not_found};
-                            [Passhash1] ->
-                                format_password(Passhash1, Password, ClientInfo)
-                        end
-                end
-        end,
-    case CheckResult of
-        ok ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(success)),
-            {stop, AuthResult#{auth_result => success, anonymous => false}};
-        {error, not_found} ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {error, ResultCode} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-            ?LOG(error, "[LDAP] Auth from ldap failed: ~p", [ResultCode]),
-            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
-    end.
-
-lookup_user(Username, #{username_attr := UidAttr,
-                        match_objectclass := ObjectClass,
-                        device_dn := DeviceDn,
-                        custom_base_dn := CustomBaseDN, pool := Pool} = Config) ->
-
-    Filters = maps:get(filters, Config, []),
-
-    ReplaceRules = [{"${username_attr}", UidAttr},
-                    {"${user}", binary_to_list(Username)},
-                    {"${device_dn}", DeviceDn}],
-
-    Filter = prepare_filter(Filters, UidAttr, ObjectClass, ReplaceRules),
-
-    %% auth.ldap.custom_base_dn = "${username_attr}=${user},${device_dn}"
-    BaseDN = replace_vars(CustomBaseDN, ReplaceRules),
-
-    case search(Pool, BaseDN, Filter) of
-        %% This clause seems to be impossible to match. `eldap2:search/2` does
-        %% not validates the result, so if it returns "successfully" from the
-        %% LDAP server, it always returns `{ok, #eldap_search_result{}}`.
-        {error, noSuchObject} ->
-            undefined;
-        %% In case no user was found by the search, but the search was completed
-        %% without error we get an empty `entries` list.
-        {ok, #eldap_search_result{entries = []}} ->
-            undefined;
-        {ok, #eldap_search_result{entries = [Entry]}} ->
-            Attributes = Entry#eldap_entry.attributes,
-            case get_value("isEnabled", Attributes) of
-                undefined ->
-                    Entry;
-                [Val] ->
-                    case list_to_atom(string:to_lower(Val)) of
-                        true -> Entry;
-                        false -> {error, username_disabled}
-                    end
-            end;
-        {error, Error} ->
-            ?LOG(error, "[LDAP] Search dn: ~p, filter: ~p, fail:~p", [DeviceDn, Filter, Error]),
-            {error, username_or_password_error}
-    end.
-
-check_pass(Password, Password, _ClientInfo) -> ok;
-check_pass(_, _, _) -> {error, bad_username_or_password}.
-
-format_password(Passhash, Password, ClientInfo) ->
-    case do_format_password(Passhash, Password) of
-        {error, Error2} ->
-            {error, Error2};
-        {Passhash1, Password1} ->
-            check_pass(Passhash1, Password1, ClientInfo)
-    end.
-
-do_format_password(Passhash, Password) ->
-    Base64PasshashHandler =
-    handle_passhash(fun(HashType, Passhash1, Password1) ->
-                            Passhash2 = binary_to_list(base64:decode(Passhash1)),
-                            resolve_passhash(HashType, Passhash2, Password1)
-                    end,
-                    fun(_Passhash, _Password) ->
-                            {error, password_error}
-                    end),
-    PasshashHandler = handle_passhash(fun resolve_passhash/3, Base64PasshashHandler),
-    PasshashHandler(Passhash, Password).
-
-resolve_passhash(HashType, Passhash, Password) ->
-    [_, Passhash1] = string:tokens(Passhash, "}"),
-    do_resolve(HashType, Passhash1, Password).
-
-handle_passhash(HandleMatch, HandleNoMatch) ->
-    fun(Passhash, Password) ->
-            case re:run(Passhash, "(?<={)[^{}]+(?=})", [{capture, all, list}, global]) of
-                {match, [[HashType]]} ->
-                    HandleMatch(list_to_atom(string:to_lower(HashType)), Passhash, Password);
-                _ ->
-                    HandleNoMatch(Passhash, Password)
-            end
-    end.
-
-do_resolve(ssha, Passhash, Password) ->
-    D64 = base64:decode(Passhash),
-    {HashedData, Salt} = lists:split(20, binary_to_list(D64)),
-    NewHash = crypto:hash(sha, <<Password/binary, (list_to_binary(Salt))/binary>>),
-    {list_to_binary(HashedData), NewHash};
-do_resolve(HashType, Passhash, Password) ->
-    Password1 = base64:encode(crypto:hash(HashType, Password)),
-    {list_to_binary(Passhash), Password1}.
-
-description() -> "LDAP Authentication Plugin".
-
-prepare_filter(Filters, _UidAttr, ObjectClass, ReplaceRules) ->
-    SubFilters =
-        lists:map(fun({K, V}) ->
-                          {replace_vars(K, ReplaceRules), replace_vars(V, ReplaceRules)};
-                     (Op) ->
-                          Op
-                  end, Filters),
-    case SubFilters of
-        [] -> eldap2:equalityMatch("objectClass", ObjectClass);
-        _List -> compile_filters(SubFilters, [])
-    end.
-
-
-compile_filters([{Key, Value}], []) ->
-    compile_equal(Key, Value);
-compile_filters([{K1, V1}, "and", {K2, V2} | Rest], []) ->
-    compile_filters(
-      Rest,
-      eldap2:'and'([compile_equal(K1, V1),
-                    compile_equal(K2, V2)]));
-compile_filters([{K1, V1}, "or", {K2, V2} | Rest], []) ->
-    compile_filters(
-      Rest,
-      eldap2:'or'([compile_equal(K1, V1),
-                   compile_equal(K2, V2)]));
-compile_filters(["and", {K, V} | Rest], PartialFilter) ->
-    compile_filters(
-      Rest,
-      eldap2:'and'([PartialFilter,
-                    compile_equal(K, V)]));
-compile_filters(["or", {K, V} | Rest], PartialFilter) ->
-    compile_filters(
-      Rest,
-      eldap2:'or'([PartialFilter,
-                   compile_equal(K, V)]));
-compile_filters([], Filter) ->
-    Filter.
-
-compile_equal(Key, Value) ->
-    eldap2:equalityMatch(Key, Value).
-
-replace_vars(CustomBaseDN, ReplaceRules) ->
-    lists:foldl(fun({Pattern, Substitute}, DN) ->
-                        lists:flatten(string:replace(DN, Pattern, Substitute))
-                end, CustomBaseDN, ReplaceRules).
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
deleted file mode 100644
index ed43c8d26..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_app.erl
+++ /dev/null
@@ -1,78 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_ldap.hrl").
-
-%% Application callbacks
--export([ start/2
-        , prep_stop/1
-        , stop/1
-        ]).
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_ldap_sup:start_link(),
-    _ = if_enabled([device_dn, match_objectclass,
-                username_attr, password_attr,
-                filters, custom_base_dn, bind_as_user],
-               fun load_auth_hook/1),
-    _ = if_enabled([device_dn, match_objectclass,
-                username_attr, password_attr,
-                filters, custom_base_dn, bind_as_user],
-               fun load_acl_hook/1),
-    {ok, Sup}.
-
-prep_stop(State) ->
-    emqx:unhook('client.authenticate',{emqx_auth_ldap, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_ldap, check_acl}),
-    State.
-
-stop(_State) ->
-    ok.
-
-load_auth_hook(DeviceDn) ->
-    ok = emqx_auth_ldap:register_metrics(),
-    Params = maps:from_list(DeviceDn),
-    emqx:hook('client.authenticate', {emqx_auth_ldap, check, [Params#{pool => ?APP}]}).
-
-load_acl_hook(DeviceDn) ->
-    ok = emqx_acl_ldap:register_metrics(),
-    Params = maps:from_list(DeviceDn),
-    emqx:hook('client.check_acl', {emqx_acl_ldap, check_acl, [Params#{pool => ?APP}]}).
-
-if_enabled(Cfgs, Fun) ->
-    case get_env(Cfgs) of
-        {ok, []} -> ok;
-        {ok, InitArgs} -> Fun(InitArgs)
-    end.
-
-get_env(Cfgs) ->
-   get_env(Cfgs, []).
-
-get_env([Cfg | LeftCfgs], ENVS) ->
-    case application:get_env(?APP, Cfg) of
-        {ok, ENV} ->
-            get_env(LeftCfgs, [{Cfg, ENV} | ENVS]);
-        undefined ->
-            get_env(LeftCfgs, ENVS)
-    end;
-get_env([], ENVS) ->
-   {ok, ENVS}.
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
deleted file mode 100644
index 412754664..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_cli.erl
+++ /dev/null
@@ -1,150 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_cli).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_ldap.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
-%% ecpool callback
--export([connect/1]).
-
--export([ search/3
-        , search/4
-        , post_bind/3
-        , init_args/1
-        ]).
-
--import(proplists,
-        [ get_value/2
-        , get_value/3
-        ]).
-
-%%--------------------------------------------------------------------
-%% LDAP Connect/Search
-%%--------------------------------------------------------------------
-
-connect(Opts) ->
-    Servers      = get_value(servers, Opts, ["localhost"]),
-    Port         = get_value(port, Opts, 389),
-    Timeout      = get_value(timeout, Opts, 30),
-    BindDn       = get_value(bind_dn, Opts),
-    BindPassword = get_value(bind_password, Opts),
-    LdapOpts     = case get_value(ssl, Opts, false)of
-                       true ->
-                           SslOpts = get_value(sslopts, Opts),
-                           [{port, Port}, {timeout, Timeout}, {sslopts, SslOpts}];
-                       false ->
-                           [{port, Port}, {timeout, Timeout}]
-                   end,
-    ?LOG(debug, "[LDAP] Connecting to OpenLDAP server: ~p, Opts:~p ...", [Servers, LdapOpts]),
-
-    case eldap2:open(Servers, LdapOpts) of
-        {ok, LDAP} ->
-            try eldap2:simple_bind(LDAP, BindDn, BindPassword) of
-                ok -> {ok, LDAP};
-                {error, Error} ->
-                    ?LOG(error, "[LDAP] Can't authenticated to OpenLDAP server: ~p", [Error]),
-                    {error, Error}
-            catch
-                error:Reason ->
-                    ?LOG(error, "[LDAP] Can't authenticated to OpenLDAP server: ~p", [Reason]),
-                    {error, Reason}
-            end;
-        {error, Reason} ->
-            ?LOG(error, "[LDAP] Can't connect to OpenLDAP server: ~p", [Reason]),
-            {error, Reason}
-    end.
-
-search(Pool, Base, Filter) ->
-    ecpool:with_client(Pool,
-        fun(C) ->
-                case application:get_env(?APP, bind_as_user) of
-                    {ok, true} ->
-                        {ok, Opts} = application:get_env(?APP, ldap),
-                        BindDn       = get_value(bind_dn, Opts),
-                        BindPassword = get_value(bind_password, Opts),
-                        try eldap2:simple_bind(C, BindDn, BindPassword) of
-                            ok ->
-                                eldap2:search(C, [{base, Base},
-                                                  {filter, Filter},
-                                                  {deref, eldap2:derefFindingBaseObj()}]);
-                            {error, Error} ->
-                                {error, Error}
-                        catch
-                            error:Reason -> {error, Reason}
-                        end;
-                    {ok, false} ->
-                        eldap2:search(C, [{base, Base},
-                                          {filter, Filter},
-                                          {deref, eldap2:derefFindingBaseObj()}])
-                end
-        end).
-
-search(Pool, Base, Filter, Attributes) ->
-    ecpool:with_client(Pool,
-        fun(C) ->
-                case application:get_env(?APP, bind_as_user) of
-                    {ok, true} ->
-                        {ok, Opts} = application:get_env(?APP, ldap),
-                        BindDn       = get_value(bind_dn, Opts),
-                        BindPassword = get_value(bind_password, Opts),
-                        try eldap2:simple_bind(C, BindDn, BindPassword) of
-                            ok ->
-                                eldap2:search(C, [{base, Base},
-                                                  {filter, Filter},
-                                                  {attributes, Attributes},
-                                                  {deref, eldap2:derefFindingBaseObj()}]);
-                            {error, Error} ->
-                                {error, Error}
-                        catch
-                            error:Reason -> {error, Reason}
-                        end;
-                    {ok, false} ->
-                        eldap2:search(C, [{base, Base},
-                                          {filter, Filter},
-                                          {attributes, Attributes},
-                                          {deref, eldap2:derefFindingBaseObj()}])
-                end
-        end).
-
-post_bind(Pool, BindDn, BindPassword) ->
-    ecpool:with_client(Pool,
-                       fun(C) ->
-                               try eldap2:simple_bind(C, BindDn, BindPassword) of
-                                   ok -> ok;
-                                   {error, Error} ->
-                                       {error, Error}
-                               catch
-                                   error:Reason -> {error, Reason}
-                               end
-                       end).
-
-
-init_args(ENVS) ->
-    DeviceDn = get_value(device_dn, ENVS),
-    ObjectClass = get_value(match_objectclass, ENVS),
-    UidAttr = get_value(username_attr, ENVS),
-    PasswdAttr = get_value(password_attr, ENVS),
-    {ok, #{device_dn => DeviceDn,
-           match_objectclass => ObjectClass,
-           username_attr => UidAttr,
-           password_attr => PasswdAttr}}.
-
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl
deleted file mode 100644
index 56b3eea9d..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap_sup.erl
+++ /dev/null
@@ -1,35 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_ldap.hrl").
-
--export([start_link/0]).
-
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    %% LDAP Connection Pool.
-    {ok, Server} = application:get_env(?APP, ldap),
-    PoolSpec = ecpool:pool_spec(?APP, ?APP, emqx_auth_ldap_cli, Server),
-    {ok, {{one_for_one, 10, 100}, [PoolSpec]}}.
-
diff --git a/apps/emqx_auth_ldap/test/certs/cacert.pem b/apps/emqx_auth_ldap/test/certs/cacert.pem
deleted file mode 100644
index 604fd2362..000000000
--- a/apps/emqx_auth_ldap/test/certs/cacert.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDUTCCAjmgAwIBAgIJAPPYCjTmxdt/MA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV
-BAYTAkNOMREwDwYDVQQIDAhoYW5nemhvdTEMMAoGA1UECgwDRU1RMQ8wDQYDVQQD
-DAZSb290Q0EwHhcNMjAwNTA4MDgwNjUyWhcNMzAwNTA2MDgwNjUyWjA/MQswCQYD
-VQQGEwJDTjERMA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UE
-AwwGUm9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcgVLex1
-EZ9ON64EX8v+wcSjzOZpiEOsAOuSXOEN3wb8FKUxCdsGrsJYB7a5VM/Jot25Mod2
-juS3OBMg6r85k2TWjdxUoUs+HiUB/pP/ARaaW6VntpAEokpij/przWMPgJnBF3Ur
-MjtbLayH9hGmpQrI5c2vmHQ2reRZnSFbY+2b8SXZ+3lZZgz9+BaQYWdQWfaUWEHZ
-uDaNiViVO0OT8DRjCuiDp3yYDj3iLWbTA/gDL6Tf5XuHuEwcOQUrd+h0hyIphO8D
-tsrsHZ14j4AWYLk1CPA6pq1HIUvEl2rANx2lVUNv+nt64K/Mr3RnVQd9s8bK+TXQ
-KGHd2Lv/PALYuwIDAQABo1AwTjAdBgNVHQ4EFgQUGBmW+iDzxctWAWxmhgdlE8Pj
-EbQwHwYDVR0jBBgwFoAUGBmW+iDzxctWAWxmhgdlE8PjEbQwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAQEAGbhRUjpIred4cFAFJ7bbYD9hKu/yzWPWkMRa
-ErlCKHmuYsYk+5d16JQhJaFy6MGXfLgo3KV2itl0d+OWNH0U9ULXcglTxy6+njo5
-CFqdUBPwN1jxhzo9yteDMKF4+AHIxbvCAJa17qcwUKR5MKNvv09C6pvQDJLzid7y
-E2dkgSuggik3oa0427KvctFf8uhOV94RvEDyqvT5+pgNYZ2Yfga9pD/jjpoHEUlo
-88IGU8/wJCx3Ds2yc8+oBg/ynxG8f/HmCC1ET6EHHoe2jlo8FpU/SgGtghS1YL30
-IWxNsPrUP+XsZpBJy/mvOhE5QXo6Y35zDqqj8tI7AGmAWu22jg==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_ldap/test/certs/cert.pem b/apps/emqx_auth_ldap/test/certs/cert.pem
deleted file mode 100644
index 092390b1d..000000000
--- a/apps/emqx_auth_ldap/test/certs/cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER
-MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB
-MB4XDTIwMDUwODA4MDcwNVoXDTMwMDUwNjA4MDcwNVowPzELMAkGA1UEBhMCQ04x
-ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBlNlcnZl
-cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNeWT3pE+QFfiRJzKmn
-AMUrWo3K2j/Tm3+Xnl6WLz67/0rcYrJbbKvS3uyRP/stXyXEKw9CepyQ1ViBVFkW
-Aoy8qQEOWFDsZc/5UzhXUnb6LXr3qTkFEjNmhj+7uzv/lbBxlUG1NlYzSeOB6/RT
-8zH/lhOeKhLnWYPXdXKsa1FL6ij4X8DeDO1kY7fvAGmBn/THh1uTpDizM4YmeI+7
-4dmayA5xXvARte5h4Vu5SIze7iC057N+vymToMk2Jgk+ZZFpyXrnq+yo6RaD3ANc
-lrc4FbeUQZ5a5s5Sxgs9a0Y3WMG+7c5VnVXcbjBRz/aq2NtOnQQjikKKQA8GF080
-BQkCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL
-BQADggEBAJefnMZpaRDHQSNUIEL3iwGXE9c6PmIsQVE2ustr+CakBp3TZ4l0enLt
-iGMfEVFju69cO4oyokWv+hl5eCMkHBf14Kv51vj448jowYnF1zmzn7SEzm5Uzlsa
-sqjtAprnLyof69WtLU1j5rYWBuFX86yOTwRAFNjm9fvhAcrEONBsQtqipBWkMROp
-iUYMkRqbKcQMdwxov+lHBYKq9zbWRoqLROAn54SRqgQk6c15JdEfgOOjShbsOkIH
-UhqcwRkQic7n1zwHVGVDgNIZVgmJ2IdIWBlPEC7oLrRrBD/X1iEEXtKab6p5o22n
-KB5mN+iQaE+Oe2cpGKZJiJRdM+IqDDQ=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_ldap/test/certs/client-cert.pem b/apps/emqx_auth_ldap/test/certs/client-cert.pem
deleted file mode 100644
index 09d855221..000000000
--- a/apps/emqx_auth_ldap/test/certs/client-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAfugAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER
-MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB
-MB4XDTIwMDUwODA4MDY1N1oXDTMwMDUwNjA4MDY1N1owPzELMAkGA1UEBhMCQ04x
-ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBkNsaWVu
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMy4hoksKcZBDbY680u6
-TS25U51nuB1FBcGMlF9B/t057wPOlxF/OcmbxY5MwepS41JDGPgulE1V7fpsXkiW
-1LUimYV/tsqBfymIe0mlY7oORahKji7zKQ2UBIVFhdlvQxunlIDnw6F9popUgyHt
-dMhtlgZK8oqRwHxO5dbfoukYd6J/r+etS5q26sgVkf3C6dt0Td7B25H9qW+f7oLV
-PbcHYCa+i73u9670nrpXsC+Qc7Mygwa2Kq/jwU+ftyLQnOeW07DuzOwsziC/fQZa
-nbxR+8U9FNftgRcC3uP/JMKYUqsiRAuaDokARZxVTV5hUElfpO6z6/NItSDvvh3i
-eikCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL
-BQADggEBABchYxKo0YMma7g1qDswJXsR5s56Czx/I+B41YcpMBMTrRqpUC0nHtLk
-M7/tZp592u/tT8gzEnQjZLKBAhFeZaR3aaKyknLqwiPqJIgg0pgsBGITrAK3Pv4z
-5/YvAJJKgTe5UdeTz6U4lvNEux/4juZ4pmqH4qSFJTOzQS7LmgSmNIdd072rwXBd
-UzcSHzsJgEMb88u/LDLjj1pQ7AtZ4Tta8JZTvcgBFmjB0QUi6fgkHY6oGat/W4kR
-jSRUBlMUbM/drr2PVzRc2dwbFIl3X+ZE6n5Sl3ZwRAC/s92JU6CPMRW02muVu6xl
-goraNgPISnrbpR6KjxLZkVembXzjNNc=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_ldap/test/certs/client-key.pem b/apps/emqx_auth_ldap/test/certs/client-key.pem
deleted file mode 100644
index 2b3f30cf6..000000000
--- a/apps/emqx_auth_ldap/test/certs/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzLiGiSwpxkENtjrzS7pNLblTnWe4HUUFwYyUX0H+3TnvA86X
-EX85yZvFjkzB6lLjUkMY+C6UTVXt+mxeSJbUtSKZhX+2yoF/KYh7SaVjug5FqEqO
-LvMpDZQEhUWF2W9DG6eUgOfDoX2milSDIe10yG2WBkryipHAfE7l1t+i6Rh3on+v
-561LmrbqyBWR/cLp23RN3sHbkf2pb5/ugtU9twdgJr6Lve73rvSeulewL5BzszKD
-BrYqr+PBT5+3ItCc55bTsO7M7CzOIL99BlqdvFH7xT0U1+2BFwLe4/8kwphSqyJE
-C5oOiQBFnFVNXmFQSV+k7rPr80i1IO++HeJ6KQIDAQABAoIBAGWgvPjfuaU3qizq
-uti/FY07USz0zkuJdkANH6LiSjlchzDmn8wJ0pApCjuIE0PV/g9aS8z4opp5q/gD
-UBLM/a8mC/xf2EhTXOMrY7i9p/I3H5FZ4ZehEqIw9sWKK9YzC6dw26HabB2BGOnW
-5nozPSQ6cp2RGzJ7BIkxSZwPzPnVTgy3OAuPOiJytvK+hGLhsNaT+Y9bNDvplVT2
-ZwYTV8GlHZC+4b2wNROILm0O86v96O+Qd8nn3fXjGHbMsAnONBq10bZS16L4fvkH
-5G+W/1PeSXmtZFppdRRDxIW+DWcXK0D48WRliuxcV4eOOxI+a9N2ZJZZiNLQZGwg
-w3A8+mECgYEA8HuJFrlRvdoBe2U/EwUtG74dcyy30L4yEBnN5QscXmEEikhaQCfX
-Wm6EieMcIB/5I5TQmSw0cmBMeZjSXYoFdoI16/X6yMMuATdxpvhOZGdUGXxhAH+x
-xoTUavWZnEqW3fkUU71kT5E2f2i+0zoatFESXHeslJyz85aAYpP92H0CgYEA2e5A
-Yozt5eaA1Gyhd8SeptkEU4xPirNUnVQHStpMWUb1kzTNXrPmNWccQ7JpfpG6DcYl
-zUF6p6mlzY+zkMiyPQjwEJlhiHM2NlL1QS7td0R8ewgsFoyn8WsBI4RejWrEG9td
-EDniuIw+pBFkcWthnTLHwECHdzgquToyTMjrBB0CgYEA28tdGbrZXhcyAZEhHAZA
-Gzog+pKlkpEzeonLKIuGKzCrEKRecIK5jrqyQsCjhS0T7ZRnL4g6i0s+umiV5M5w
-fcc292pEA1h45L3DD6OlKplSQVTv55/OYS4oY3YEJtf5mfm8vWi9lQeY8sxOlQpn
-O+VZTdBHmTC8PGeTAgZXHZUCgYA6Tyv88lYowB7SN2qQgBQu8jvdGtqhcs/99GCr
-H3N0I69LPsKAR0QeH8OJPXBKhDUywESXAaEOwS5yrLNP1tMRz5Vj65YUCzeDG3kx
-gpvY4IMp7ArX0bSRvJ6mYSFnVxy3k174G3TVCfksrtagHioVBGQ7xUg5ltafjrms
-n8l55QKBgQDVzU8tQvBVqY8/1lnw11Vj4fkE/drZHJ5UkdC1eenOfSWhlSLfUJ8j
-ds7vEWpRPPoVuPZYeR1y78cyxKe1GBx6Wa2lF5c7xjmiu0xbRnrxYeLolce9/ntp
-asClqpnHT8/VJYTD7Kqj0fouTTZf0zkig/y+2XERppd8k+pSKjUCPQ==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_ldap/test/certs/key.pem b/apps/emqx_auth_ldap/test/certs/key.pem
deleted file mode 100644
index 6c338216e..000000000
--- a/apps/emqx_auth_ldap/test/certs/key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAs15ZPekT5AV+JEnMqacAxStajcraP9Obf5eeXpYvPrv/Stxi
-sltsq9Le7JE/+y1fJcQrD0J6nJDVWIFUWRYCjLypAQ5YUOxlz/lTOFdSdvotevep
-OQUSM2aGP7u7O/+VsHGVQbU2VjNJ44Hr9FPzMf+WE54qEudZg9d1cqxrUUvqKPhf
-wN4M7WRjt+8AaYGf9MeHW5OkOLMzhiZ4j7vh2ZrIDnFe8BG17mHhW7lIjN7uILTn
-s36/KZOgyTYmCT5lkWnJeuer7KjpFoPcA1yWtzgVt5RBnlrmzlLGCz1rRjdYwb7t
-zlWdVdxuMFHP9qrY206dBCOKQopADwYXTzQFCQIDAQABAoIBAQCuvCbr7Pd3lvI/
-n7VFQG+7pHRe1VKwAxDkx2t8cYos7y/QWcm8Ptwqtw58HzPZGWYrgGMCRpzzkRSF
-V9g3wP1S5Scu5C6dBu5YIGc157tqNGXB+SpdZddJQ4Nc6yGHXYERllT04ffBGc3N
-WG/oYS/1cSteiSIrsDy/91FvGRCi7FPxH3wIgHssY/tw69s1Cfvaq5lr2NTFzxIG
-xCvpJKEdSfVfS9I7LYiymVjst3IOR/w76/ZFY9cRa8ZtmQSWWsm0TUpRC1jdcbkm
-ZoJptYWlP+gSwx/fpMYftrkJFGOJhHJHQhwxT5X/ajAISeqjjwkWSEJLwnHQd11C
-Zy2+29lBAoGBANlEAIK4VxCqyPXNKfoOOi5dS64NfvyH4A1v2+KaHWc7lqaqPN49
-ezfN2n3X+KWx4cviDD914Yc2JQ1vVJjSaHci7yivocDo2OfZDmjBqzaMp/y+rX1R
-/f3MmiTqMa468rjaxI9RRZu7vDgpTR+za1+OBCgMzjvAng8dJuN/5gjlAoGBANNY
-uYPKtearBmkqdrSV7eTUe49Nhr0XotLaVBH37TCW0Xv9wjO2xmbm5Ga/DCtPIsBb
-yPeYwX9FjoasuadUD7hRvbFu6dBa0HGLmkXRJZTcD7MEX2Lhu4BuC72yDLLFd0r+
-Ep9WP7F5iJyagYqIZtz+4uf7gBvUDdmvXz3sGr1VAoGAdXTD6eeKeiI6PlhKBztF
-zOb3EQOO0SsLv3fnodu7ZaHbUgLaoTMPuB17r2jgrYM7FKQCBxTNdfGZmmfDjlLB
-0xZ5wL8ibU30ZXL8zTlWPElST9sto4B+FYVVF/vcG9sWeUUb2ncPcJ/Po3UAktDG
-jYQTTyuNGtSJHpad/YOZctkCgYBtWRaC7bq3of0rJGFOhdQT9SwItN/lrfj8hyHA
-OjpqTV4NfPmhsAtu6j96OZaeQc+FHvgXwt06cE6Rt4RG4uNPRluTFgO7XYFDfitP
-vCppnoIw6S5BBvHwPP+uIhUX2bsi/dm8vu8tb+gSvo4PkwtFhEr6I9HglBKmcmog
-q6waEQKBgHyecFBeM6Ls11Cd64vborwJPAuxIW7HBAFj/BS99oeG4TjBx4Sz2dFd
-rzUibJt4ndnHIvCN8JQkjNG14i9hJln+H3mRss8fbZ9vQdqG+2vOWADYSzzsNI55
-RFY7JjluKcVkp/zCDeUxTU3O6sS+v6/3VE11Cob6OYQx3lN5wrZ3
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl b/apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl
deleted file mode 100644
index 52bed9cf4..000000000
--- a/apps/emqx_auth_ldap/test/emqx_auth_ldap_SUITE.erl
+++ /dev/null
@@ -1,152 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--define(PID, emqx_auth_ldap).
-
--define(APP, emqx_auth_ldap).
-
--define(DeviceDN, "ou=test_device,dc=emqx,dc=io").
-
--define(AuthDN, "ou=test_auth,dc=emqx,dc=io").
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    [{group, nossl}, {group, ssl}].
-
-groups() ->
-    Cases = emqx_ct:all(?MODULE),
-    [{nossl, Cases}, {ssl, Cases}].
-
-init_per_group(GrpName, Cfg) ->
-    Fun = fun(App) -> set_special_configs(GrpName, App) end,
-    emqx_ct_helpers:start_apps([emqx_auth_ldap], Fun),
-    Cfg.
-
-end_per_group(_GrpName, _Cfg) ->
-    emqx_ct_helpers:stop_apps([emqx_auth_ldap]).
-
-%%--------------------------------------------------------------------
-%% Cases
-%%--------------------------------------------------------------------
-
-t_check_auth(_) ->
-    MqttUser1 = #{clientid => <<"mqttuser1">>,
-                  username => <<"mqttuser0001">>,
-                  password => <<"mqttuser0001">>,
-                  zone => external},
-    MqttUser2 = #{clientid => <<"mqttuser2">>,
-                  username => <<"mqttuser0002">>,
-                  password => <<"mqttuser0002">>,
-                  zone => external},
-    MqttUser3 = #{clientid => <<"mqttuser3">>,
-                  username => <<"mqttuser0003">>,
-                  password => <<"mqttuser0003">>,
-                  zone => external},
-    MqttUser4 = #{clientid => <<"mqttuser4">>,
-                  username => <<"mqttuser0004">>,
-                  password => <<"mqttuser0004">>,
-                  zone => external},
-    MqttUser5 = #{clientid => <<"mqttuser5">>,
-                  username => <<"mqttuser0005">>,
-                  password => <<"mqttuser0005">>,
-                  zone => external},
-    NonExistUser1 = #{clientid => <<"mqttuser6">>,
-                      username => <<"mqttuser0006">>,
-                      password => <<"mqttuser0006">>,
-                      zone => external},
-    NonExistUser2 = #{clientid => <<"mqttuser7">>,
-                      username => <<"mqttuser0005">>,
-                      password => <<"mqttuser0006">>,
-                      zone => external},
-    ct:log("MqttUser: ~p", [emqx_access_control:authenticate(MqttUser1)]),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser1)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser2)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser3)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser4)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser5)),
-    ?assertEqual({error, not_authorized}, emqx_access_control:authenticate(NonExistUser1)),
-    ?assertEqual({error, bad_username_or_password}, emqx_access_control:authenticate(NonExistUser2)).
-
-t_check_acl(_) ->
-    MqttUser = #{clientid => <<"mqttuser1">>, username => <<"mqttuser0001">>, zone => external},
-    NoMqttUser = #{clientid => <<"mqttuser2">>, username => <<"mqttuser0007">>, zone => external},
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/#">>),
-
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/#">>),
-
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/#">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/#">>),
-
-    deny = emqx_access_control:check_acl(NoMqttUser, publish, <<"mqttuser0001/req/mqttuser0001/+">>),
-    deny = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/req/mqttuser0002/+">>),
-    deny = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/req/+/mqttuser0002">>),
-    ok.
-
-%%--------------------------------------------------------------------
-%% Helpers
-%%--------------------------------------------------------------------
-
-set_special_configs(_, emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    AclFilePath = filename:join(["test", "emqx_SUITE_data", "acl.conf"]),
-    application:set_env(emqx, acl_file,
-		        emqx_ct_helpers:deps_path(emqx, AclFilePath)),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(Ssl, emqx_auth_ldap) ->
-    case Ssl == ssl of
-        true ->
-            LdapOpts = application:get_env(emqx_auth_ldap, ldap, []),
-            Path = emqx_ct_helpers:deps_path(emqx_auth_ldap, "test/certs/"),
-            SslOpts = [{verify, verify_peer},
-                       {fail_if_no_peer_cert, true},
-                       {server_name_indication, disable},
-                       {keyfile, Path ++ "/client-key.pem"},
-                       {certfile, Path ++ "/client-cert.pem"},
-                       {cacertfile, Path ++ "/cacert.pem"}],
-            LdapOpts1 = lists:keystore(ssl, 1, LdapOpts, {ssl, true}),
-            LdapOpts2 = lists:keystore(sslopts, 1, LdapOpts1, {sslopts, SslOpts}),
-            LdapOpts3 = lists:keystore(port, 1, LdapOpts2, {port, 636}),
-            application:set_env(emqx_auth_ldap, ldap, LdapOpts3);
-        _ ->
-            ok
-    end,
-    application:set_env(emqx_auth_ldap, device_dn, "ou=testdevice, dc=emqx, dc=io").
-
diff --git a/apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl b/apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl
deleted file mode 100644
index 24c03fdaf..000000000
--- a/apps/emqx_auth_ldap/test/emqx_auth_ldap_bind_as_user_SUITE.erl
+++ /dev/null
@@ -1,112 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_ldap_bind_as_user_SUITE).
-
--compile(nowarn_export_all).
--compile(export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--define(PID, emqx_auth_ldap).
-
--define(APP, emqx_auth_ldap).
-
--define(DeviceDN, "ou=test_device,dc=emqx,dc=io").
-
--define(AuthDN, "ou=test_auth,dc=emqx,dc=io").
-
-all() ->
-    [check_auth,
-     check_acl].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_auth_ldap], fun set_special_configs/1),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_auth_ldap]).
-
-check_auth(_) ->
-    MqttUser1 = #{clientid => <<"mqttuser1">>,
-                  username => <<"user1">>,
-                  password => <<"mqttuser0001">>,
-                  zone => external},
-    MqttUser2 = #{clientid => <<"mqttuser2">>,
-                  username => <<"user2">>,
-                  password => <<"mqttuser0002">>,
-                  zone => external},
-    NonExistUser1 = #{clientid => <<"mqttuser3">>,
-                      username => <<"user3">>,
-                      password => <<"mqttuser0003">>,
-                      zone => external},
-    ct:log("MqttUser: ~p", [emqx_access_control:authenticate(MqttUser1)]),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser1)),
-    ?assertMatch({ok, #{auth_result := success}}, emqx_access_control:authenticate(MqttUser2)),
-    ?assertEqual({error, not_authorized}, emqx_access_control:authenticate(NonExistUser1)).
-
-check_acl(_) ->
-    MqttUser = #{clientid => <<"mqttuser1">>, username => <<"user1">>, zone => external},
-    NoMqttUser = #{clientid => <<"mqttuser2">>, username => <<"user7">>, zone => external},
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pub/#">>),
-
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/sub/#">>),
-
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/pubsub/#">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/1">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/+">>),
-    allow = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/pubsub/#">>),
-
-    deny = emqx_access_control:check_acl(NoMqttUser, publish, <<"mqttuser0001/req/mqttuser0001/+">>),
-    deny = emqx_access_control:check_acl(MqttUser, publish, <<"mqttuser0001/req/mqttuser0002/+">>),
-    deny = emqx_access_control:check_acl(MqttUser, subscribe, <<"mqttuser0001/req/+/mqttuser0002">>),
-    ok.
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    AclFilePath = filename:join(["test", "emqx_SUITE_data", "acl.conf"]),
-    application:set_env(emqx, acl_file,
-		        emqx_ct_helpers:deps_path(emqx, AclFilePath)),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(emqx_auth_ldap) ->
-    application:set_env(emqx_auth_ldap, bind_as_user, true),
-    application:set_env(emqx_auth_ldap, device_dn, "ou=testdevice, dc=emqx, dc=io"),
-    application:set_env(emqx_auth_ldap, custom_base_dn, "${device_dn}"),
-    %% auth.ldap.filters.1.key = mqttAccountName
-    %% auth.ldap.filters.1.value = ${user}
-    %% auth.ldap.filters.1.op = and
-    %% auth.ldap.filters.2.key = objectClass
-    %% auth.ldap.filters.1.value = mqttUser
-    application:set_env(emqx_auth_ldap, filters, [{"mqttAccountName", "${user}"},
-                                                  "and",
-                                                  {"objectClass", "mqttUser"}]);
-
-set_special_configs(_App) ->
-    ok.
-
diff --git a/apps/emqx_auth_mnesia/.gitignore b/apps/emqx_auth_mnesia/.gitignore
deleted file mode 100644
index a4d9fea0a..000000000
--- a/apps/emqx_auth_mnesia/.gitignore
+++ /dev/null
@@ -1,26 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_mnesia.d
-data/
-_build/
-.DS_Store
-cover/
-ct.coverdata
-eunit.coverdata
-logs/
-test/ct.cover.spec
-rebar.lock
-rebar3.crashdump
-erlang.mk
-.*.swp
-.rebar3/
-etc/emqx_auth_mnesia.conf.rendered
diff --git a/apps/emqx_auth_mnesia/README.md b/apps/emqx_auth_mnesia/README.md
deleted file mode 100644
index 8b4c145a8..000000000
--- a/apps/emqx_auth_mnesia/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-emqx_auth_mnesia
-===============
diff --git a/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf b/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf
deleted file mode 100644
index 758df1a9c..000000000
--- a/apps/emqx_auth_mnesia/etc/emqx_auth_mnesia.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | sha512
-auth.mnesia.password_hash = sha256
-
-##--------------------------------------------------------------------
-## ClientId Authentication
-##--------------------------------------------------------------------
-
-## Examples
-##auth.client.1.clientid = id
-##auth.client.1.password = passwd
-##auth.client.2.clientid = "dev:devid"
-##auth.client.2.password = passwd2
-##auth.client.3.clientid = "app:appid"
-##auth.client.3.password = passwd3
-##auth.client.4.clientid = "client~!@#$%^&*()_+"
-##auth.client.4.password = "passwd~!@#$%^&*()_+"
-
-##--------------------------------------------------------------------
-## Username Authentication
-##--------------------------------------------------------------------
-
-## Examples:
-##auth.user.1.username = admin
-##auth.user.1.password = public
-##auth.user.2.username = feng@emqtt.io
-##auth.user.2.password = public
-##auth.user.3.username = "name~!@#$%^&*()_+"
-##auth.user.3.password = "pwsswd~!@#$%^&*()_+"
diff --git a/apps/emqx_auth_mnesia/include/emqx_auth_mnesia.hrl b/apps/emqx_auth_mnesia/include/emqx_auth_mnesia.hrl
deleted file mode 100644
index 034bd4f30..000000000
--- a/apps/emqx_auth_mnesia/include/emqx_auth_mnesia.hrl
+++ /dev/null
@@ -1,38 +0,0 @@
--define(APP, emqx_auth_mnesia).
-
--type(login():: {clientid, binary()}
-              | {username, binary()}).
-
--record(emqx_user, {
-          login :: login(),
-          password :: binary(),
-          created_at :: integer()
-        }).
-
--record(emqx_acl, {
-          filter:: {login() | all, emqx_topic:topic()},
-          action :: pub | sub | pubsub,
-          access :: allow | deny,
-          created_at :: integer()
-         }).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_mnesia/priv/emqx_auth_mnesia.schema b/apps/emqx_auth_mnesia/priv/emqx_auth_mnesia.schema
deleted file mode 100644
index 87d6bf47f..000000000
--- a/apps/emqx_auth_mnesia/priv/emqx_auth_mnesia.schema
+++ /dev/null
@@ -1,43 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_mnesia config mapping
-
-{mapping, "auth.mnesia.password_hash", "emqx_auth_mnesia.password_hash", [
-  {default, sha256},
-  {datatype, {enum, [plain, md5, sha, sha256, sha512]}}
-]}.
-
-{mapping, "auth.client.$id.clientid", "emqx_auth_mnesia.clientid_list", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.client.$id.password", "emqx_auth_mnesia.clientid_list", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mnesia.clientid_list", fun(Conf) ->
-  ClientList = cuttlefish_variable:filter_by_prefix("auth.client", Conf),
-  lists:foldl(
-       fun({["auth", "client", Id, "clientid"], ClientId}, AccIn) ->
-        [{ClientId, cuttlefish:conf_get("auth.client." ++ Id ++ ".password", Conf)} | AccIn];
-       (_, AccIn) ->
-        AccIn
-       end, [], ClientList)
-end}.
-
-{mapping, "auth.user.$id.username", "emqx_auth_mnesia.username_list", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.user.$id.password", "emqx_auth_mnesia.username_list", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mnesia.username_list", fun(Conf) ->
-  Userlist = cuttlefish_variable:filter_by_prefix("auth.user", Conf),
-  lists:foldl(
-    fun({["auth", "user", Id, "username"], Username}, AccIn) ->
-        [{Username, cuttlefish:conf_get("auth.user." ++ Id ++ ".password", Conf)} | AccIn];
-       (_, AccIn) ->
-        AccIn
-       end, [], Userlist)
-end}.
diff --git a/apps/emqx_auth_mnesia/rebar.config b/apps/emqx_auth_mnesia/rebar.config
deleted file mode 100644
index 4c695ec69..000000000
--- a/apps/emqx_auth_mnesia/rebar.config
+++ /dev/null
@@ -1,17 +0,0 @@
-{deps,
- [ ]}.
-
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
diff --git a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl
deleted file mode 100644
index c21955182..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl
+++ /dev/null
@@ -1,104 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mnesia).
-
--include("emqx_auth_mnesia.hrl").
-
--include_lib("stdlib/include/ms_transform.hrl").
-
--define(TABLE, emqx_acl).
-
-%% ACL Callbacks
--export([ init/0
-        , register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
-init() ->
-    ok = ekka_mnesia:create_table(emqx_acl, [
-            {type, bag},
-            {disc_copies, [node()]},
-            {attributes, record_info(fields, emqx_acl)},
-            {storage_properties, [{ets, [{read_concurrency, true}]}]}]),
-    ok = ekka_mnesia:copy_table(emqx_acl, disc_copies).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo = #{ clientid := Clientid }, PubSub, Topic, _NoMatchAction, _Params) ->
-    Username = maps:get(username, ClientInfo, undefined),
-
-    Acls = case Username of
-               undefined ->
-                   emqx_acl_mnesia_cli:lookup_acl({clientid, Clientid}) ++
-                   emqx_acl_mnesia_cli:lookup_acl(all);
-               _ ->
-                   emqx_acl_mnesia_cli:lookup_acl({clientid, Clientid}) ++
-                   emqx_acl_mnesia_cli:lookup_acl({username, Username}) ++
-                   emqx_acl_mnesia_cli:lookup_acl(all)
-           end,
-
-    case match(ClientInfo, PubSub, Topic, Acls) of
-        allow ->
-            emqx_metrics:inc(?ACL_METRICS(allow)),
-            {stop, allow};
-        deny ->
-            emqx_metrics:inc(?ACL_METRICS(deny)),
-            {stop, deny};
-        _ ->
-            emqx_metrics:inc(?ACL_METRICS(ignore)),
-            ok
-    end.
-
-description() -> "Acl with Mnesia".
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%-------------------------------------------------------------------
-
-match(_ClientInfo,  _PubSub, _Topic, []) ->
-    nomatch;
-match(ClientInfo, PubSub, Topic, [ {_, ACLTopic, Action, Access, _} | Acls]) ->
-    case match_actions(PubSub, Action) andalso match_topic(ClientInfo, Topic, ACLTopic) of
-        true -> Access;
-        false -> match(ClientInfo, PubSub, Topic, Acls)
-    end.
-
-match_topic(ClientInfo, Topic, ACLTopic) when is_binary(Topic) ->
-    emqx_topic:match(Topic, feed_var(ClientInfo, ACLTopic)).
-
-match_actions(_, pubsub) -> true;
-match_actions(subscribe, sub) -> true;
-match_actions(publish, pub) -> true;
-match_actions(_, _) -> false.
-
-feed_var(ClientInfo, Pattern) ->
-    feed_var(ClientInfo, emqx_topic:words(Pattern), []).
-feed_var(_ClientInfo, [], Acc) ->
-    emqx_topic:join(lists:reverse(Acc));
-feed_var(ClientInfo = #{clientid := undefined}, [<<"%c">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [<<"%c">>|Acc]);
-feed_var(ClientInfo = #{clientid := ClientId}, [<<"%c">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [ClientId |Acc]);
-feed_var(ClientInfo = #{username := undefined}, [<<"%u">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [<<"%u">>|Acc]);
-feed_var(ClientInfo = #{username := Username}, [<<"%u">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [Username|Acc]);
-feed_var(ClientInfo, [W|Words], Acc) ->
-    feed_var(ClientInfo, Words, [W|Acc]).
diff --git a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl
deleted file mode 100644
index 63e8fedd1..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_api.erl
+++ /dev/null
@@ -1,226 +0,0 @@
-%c%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mnesia_api).
-
--include("emqx_auth_mnesia.hrl").
-
--include_lib("stdlib/include/ms_transform.hrl").
-
--import(proplists, [ get_value/2
-                   , get_value/3
-                   ]).
-
--import(minirest,  [return/1]).
-
--rest_api(#{name   => list_clientid,
-            method => 'GET',
-            path   => "/acl/clientid",
-            func   => list_clientid,
-            descr  => "List available mnesia in the cluster"
-           }).
-
--rest_api(#{name   => list_username,
-            method => 'GET',
-            path   => "/acl/username",
-            func   => list_username,
-            descr  => "List available mnesia in the cluster"
-           }).
-
--rest_api(#{name   => list_all,
-            method => 'GET',
-            path   => "/acl/$all",
-            func   => list_all,
-            descr  => "List available mnesia in the cluster"
-           }).
-
--rest_api(#{name   => lookup_clientid,
-            method => 'GET',
-            path   => "/acl/clientid/:bin:clientid",
-            func   => lookup,
-            descr  => "Lookup mnesia in the cluster"
-           }).
-
--rest_api(#{name   => lookup_username,
-            method => 'GET',
-            path   => "/acl/username/:bin:username",
-            func   => lookup,
-            descr  => "Lookup mnesia in the cluster"
-           }).
-
--rest_api(#{name   => add,
-            method => 'POST',
-            path   => "/acl",
-            func   => add,
-            descr  => "Add mnesia in the cluster"
-           }).
-
--rest_api(#{name   => delete_clientid,
-            method => 'DELETE',
-            path   => "/acl/clientid/:bin:clientid/topic/:bin:topic",
-            func   => delete,
-            descr  => "Delete mnesia in the cluster"
-           }).
-
--rest_api(#{name   => delete_username,
-            method => 'DELETE',
-            path   => "/acl/username/:bin:username/topic/:bin:topic",
-            func   => delete,
-            descr  => "Delete mnesia in the cluster"
-           }).
-
--rest_api(#{name   => delete_all,
-            method => 'DELETE',
-            path   => "/acl/$all/topic/:bin:topic",
-            func   => delete,
-            descr  => "Delete mnesia in the cluster"
-           }).
-
-
--export([ list_clientid/2
-        , list_username/2
-        , list_all/2
-        , lookup/2
-        , add/2
-        , delete/2
-        ]).
-
-list_clientid(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(
-                  fun({emqx_acl, {{clientid, Clientid}, Topic}, Action, Access, CreatedAt}) -> {{clientid,Clientid}, Topic, Action,Access, CreatedAt} end),
-    return({ok, emqx_auth_mnesia_api:paginate(emqx_acl, MatchSpec, Params, fun emqx_acl_mnesia_cli:comparing/2, fun format/1)}).
-
-list_username(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(
-                  fun({emqx_acl, {{username, Username}, Topic}, Action, Access, CreatedAt}) -> {{username, Username}, Topic, Action,Access, CreatedAt} end),
-    return({ok, emqx_auth_mnesia_api:paginate(emqx_acl, MatchSpec, Params, fun emqx_acl_mnesia_cli:comparing/2, fun format/1)}).
-
-list_all(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(
-                  fun({emqx_acl, {all, Topic}, Action, Access, CreatedAt}) -> {all, Topic, Action,Access, CreatedAt}end
-                 ),
-    return({ok, emqx_auth_mnesia_api:paginate(emqx_acl, MatchSpec, Params, fun emqx_acl_mnesia_cli:comparing/2, fun format/1)}).
-
-
-lookup(#{clientid := Clientid}, _Params) ->
-    return({ok, format(emqx_acl_mnesia_cli:lookup_acl({clientid, urldecode(Clientid)}))});
-lookup(#{username := Username}, _Params) ->
-    return({ok, format(emqx_acl_mnesia_cli:lookup_acl({username, urldecode(Username)}))}).
-
-add(_Bindings, Params) ->
-    [ P | _] = Params,
-    case is_list(P) of
-        true -> return(do_add(Params, []));
-        false ->
-            Re = do_add(Params),
-            case Re of
-                #{result := ok} -> return({ok, Re});
-                #{result := <<"ok">>} -> return({ok, Re});
-                _ -> return({error, {add, Re}})
-            end
-    end.
-
-do_add([ Params | ParamsN ], ReList) ->
-    do_add(ParamsN, [do_add(Params) | ReList]);
-
-do_add([], ReList) ->
-    {ok, ReList}.
-
-do_add(Params) ->
-    Clientid = get_value(<<"clientid">>, Params, undefined),
-    Username = get_value(<<"username">>, Params, undefined),
-    Login = case {Clientid, Username} of
-                {undefined, undefined} -> all;
-                {_, undefined} -> {clientid, urldecode(Clientid)};
-                {undefined, _} -> {username, urldecode(Username)}
-            end,
-    Topic = urldecode(get_value(<<"topic">>, Params)),
-    Action = urldecode(get_value(<<"action">>, Params)),
-    Access = urldecode(get_value(<<"access">>, Params)),
-    Re = case validate([login, topic, action, access], [Login, Topic, Action, Access]) of
-        ok ->
-            emqx_acl_mnesia_cli:add_acl(Login, Topic, erlang:binary_to_atom(Action, utf8), erlang:binary_to_atom(Access, utf8));
-        Err -> Err
-    end,
-    maps:merge(#{topic => Topic,
-                 action => Action,
-                 access => Access,
-                 result => format_msg(Re)
-                }, case Login of
-                     all -> #{all => '$all'};
-                     _ -> maps:from_list([Login])
-                   end).
-
-delete(#{clientid := Clientid, topic := Topic}, _) ->
-    return(emqx_acl_mnesia_cli:remove_acl({clientid, urldecode(Clientid)}, urldecode(Topic)));
-delete(#{username := Username, topic := Topic}, _) ->
-    return(emqx_acl_mnesia_cli:remove_acl({username, urldecode(Username)}, urldecode(Topic)));
-delete(#{topic := Topic}, _) ->
-    return(emqx_acl_mnesia_cli:remove_acl(all, urldecode(Topic))).
-
-%%------------------------------------------------------------------------------
-%% Interval Funcs
-%%------------------------------------------------------------------------------
-format({{clientid, Clientid}, Topic, Action, Access, _CreatedAt}) ->
-    #{clientid => Clientid, topic => Topic, action => Action, access => Access};
-format({{username, Username}, Topic, Action, Access, _CreatedAt}) ->
-    #{username => Username, topic => Topic, action => Action, access => Access};
-format({all, Topic, Action, Access, _CreatedAt}) ->
-    #{all => '$all', topic => Topic, action => Action, access => Access};
-format(List) when is_list(List) ->
-    format(List, []).
-
-format([L | List], Relist) ->
-    format(List, [format(L) | Relist]);
-format([], ReList) -> lists:reverse(ReList).
-
-validate([], []) ->
-    ok;
-validate([K|Keys], [V|Values]) ->
-   case do_validation(K, V) of
-       false -> {error, K};
-       true  -> validate(Keys, Values)
-   end.
-do_validation(login, all) ->
-    true;
-do_validation(login, {clientid, V}) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(login, {username, V}) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(topic, V) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(action, V) when is_binary(V) ->
-    case V =:= <<"pub">> orelse V =:= <<"sub">> orelse V =:= <<"pubsub">> of
-        true -> true;
-        false -> false
-    end;
-do_validation(access, V) when V =:= <<"allow">> orelse V =:= <<"deny">> ->
-    true;
-do_validation(_, _) ->
-    false.
-
-format_msg(Message)
-  when is_atom(Message);
-       is_binary(Message) -> Message;
-
-format_msg(Message) when is_tuple(Message) ->
-    iolist_to_binary(io_lib:format("~p", [Message])).
-
-urldecode(S) ->
-    emqx_http_lib:uri_decode(S).
diff --git a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
deleted file mode 100644
index 302a81637..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia_cli.erl
+++ /dev/null
@@ -1,270 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mnesia_cli).
-
--include("emqx_auth_mnesia.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("stdlib/include/ms_transform.hrl").
--define(TABLE, emqx_acl).
-
-%% Acl APIs
--export([ add_acl/4
-        , lookup_acl/1
-        , all_acls/0
-        , all_acls/1
-        , remove_acl/2
-        ]).
-
--export([cli/1]).
--export([comparing/2]).
-%%--------------------------------------------------------------------
-%% Acl API
-%%--------------------------------------------------------------------
-
-%% @doc Add Acls
--spec(add_acl(login() | all, emqx_topic:topic(), pub | sub | pubsub, allow | deny) ->
-        ok | {error, any()}).
-add_acl(Login, Topic, Action, Access) ->
-    Filter = {Login, Topic},
-    Acl = #?TABLE{
-             filter = Filter,
-             action = Action,
-             access = Access,
-             created_at = erlang:system_time(millisecond)
-            },
-    ret(mnesia:transaction(
-          fun() ->
-                  OldRecords = mnesia:wread({?TABLE, Filter}),
-                  case Action of
-                      pubsub ->
-                          update_permission(pub, Acl, OldRecords),
-                          update_permission(sub, Acl, OldRecords);
-                      _ ->
-                          update_permission(Action, Acl, OldRecords)
-                  end
-          end)).
-
-%% @doc Lookup acl by login
--spec(lookup_acl(login() | all) -> list()).
-lookup_acl(undefined) -> [];
-lookup_acl(Login) ->
-    MatchSpec = ets:fun2ms(fun({?TABLE, {Filter, ACLTopic}, Action, Access, CreatedAt})
-                                 when Filter =:= Login ->
-                                   {Filter, ACLTopic, Action, Access, CreatedAt}
-                           end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec)).
-
-%% @doc Remove acl
--spec(remove_acl(login() | all, emqx_topic:topic()) -> ok | {error, any()}).
-remove_acl(Login, Topic) ->
-    ret(mnesia:transaction(fun mnesia:delete/1, [{?TABLE, {Login, Topic}}])).
-
-%% @doc All logins
--spec(all_acls() -> list()).
-all_acls() ->
-    all_acls(clientid) ++
-    all_acls(username) ++
-    all_acls(all).
-
-all_acls(clientid) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {{clientid, Clientid}, Topic}, Action, Access, CreatedAt}) ->
-                          {{clientid, Clientid}, Topic, Action, Access, CreatedAt}
-                  end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec));
-all_acls(username) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {{username, Username}, Topic}, Action, Access, CreatedAt}) ->
-                          {{username, Username}, Topic, Action, Access, CreatedAt}
-                  end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec));
-all_acls(all) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {all, Topic}, Action, Access, CreatedAt}) ->
-                          {all, Topic, Action, Access, CreatedAt}
-                  end
-                 ),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec)).
-
-%%--------------------------------------------------------------------
-%% ACL Cli
-%%--------------------------------------------------------------------
-
-cli(["list"]) ->
-    [print_acl(Acl) || Acl <- all_acls()];
-
-cli(["list", "clientid"]) ->
-    [print_acl(Acl) || Acl <- all_acls(clientid)];
-
-cli(["list", "username"]) ->
-    [print_acl(Acl) || Acl <- all_acls(username)];
-
-cli(["list", "_all"]) ->
-    [print_acl(Acl) || Acl <- all_acls(all)];
-
-cli(["add", "clientid", Clientid, Topic, Action, Access]) ->
-    case validate(action, Action) andalso validate(access, Access) of
-        true ->
-            case add_acl(
-                   {clientid, iolist_to_binary(Clientid)},
-                   iolist_to_binary(Topic),
-                   list_to_existing_atom(Action),
-                   list_to_existing_atom(Access)
-                  ) of
-                ok -> emqx_ctl:print("ok~n");
-                {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-            end;
-        _ ->
-             emqx_ctl:print("Error: Input is illegal~n")
-    end;
-
-cli(["add", "username", Username, Topic, Action, Access]) ->
-    case validate(action, Action) andalso validate(access, Access) of
-        true ->
-            case add_acl(
-                   {username, iolist_to_binary(Username)},
-                   iolist_to_binary(Topic),
-                   list_to_existing_atom(Action),
-                   list_to_existing_atom(Access)
-                  ) of
-                ok -> emqx_ctl:print("ok~n");
-                {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-            end;
-        _ ->
-             emqx_ctl:print("Error: Input is illegal~n")
-    end;
-
-cli(["add", "_all", Topic, Action, Access]) ->
-    case validate(action, Action) andalso validate(access, Access) of
-        true ->
-            case add_acl(
-                   all,
-                   iolist_to_binary(Topic),
-                   list_to_existing_atom(Action),
-                   list_to_existing_atom(Access)
-                  ) of
-                ok -> emqx_ctl:print("ok~n");
-                {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-            end;
-        _ ->
-             emqx_ctl:print("Error: Input is illegal~n")
-    end;
-
-cli(["show", "clientid", Clientid]) ->
-    [print_acl(Acl) || Acl <- lookup_acl({clientid, iolist_to_binary(Clientid)})];
-
-cli(["show", "username", Username]) ->
-    [print_acl(Acl) || Acl <- lookup_acl({username, iolist_to_binary(Username)})];
-
-cli(["del", "clientid", Clientid, Topic])->
-    cli(["delete", "clientid", Clientid, Topic]);
-
-cli(["delete", "clientid", Clientid, Topic])->
-    case remove_acl({clientid, iolist_to_binary(Clientid)}, iolist_to_binary(Topic)) of
-         ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-cli(["del", "username", Username, Topic])->
-    cli(["delete", "username", Username, Topic]);
-
-cli(["delete", "username", Username, Topic])->
-    case remove_acl({username, iolist_to_binary(Username)}, iolist_to_binary(Topic)) of
-         ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-cli(["del", "_all", Topic])->
-    cli(["delete", "_all", Topic]);
-
-cli(["delete", "_all", Topic])->
-    case remove_acl(all, iolist_to_binary(Topic)) of
-         ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-cli(_) ->
-    emqx_ctl:usage([ {"acl list clientid", "List clientid acls"}
-                   , {"acl list username", "List username acls"}
-                   , {"acl list _all", "List $all acls"}
-                   , {"acl show clientid <Clientid>", "Lookup clientid acl detail"}
-                   , {"acl show username <Username>", "Lookup username acl detail"}
-                   , {"acl aad clientid <Clientid> <Topic> <Action> <Access>", "Add clientid acl"}
-                   , {"acl add Username <Username> <Topic> <Action> <Access>", "Add username acl"}
-                   , {"acl add _all <Topic> <Action> <Access>", "Add $all acl"}
-                   , {"acl delete clientid <Clientid> <Topic>", "Delete clientid acl"}
-                   , {"acl delete username <Username> <Topic>", "Delete username acl"}
-                   , {"acl delete _all <Topic>", "Delete $all acl"}
-                   ]).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-comparing({_, _, _, _, CreatedAt1},
-          {_, _, _, _, CreatedAt2}) ->
-    CreatedAt1 >= CreatedAt2.
-
-ret({atomic, ok})     -> ok;
-ret({aborted, Error}) -> {error, Error}.
-
-validate(action, "pub") -> true;
-validate(action, "sub") -> true;
-validate(action, "pubsub") -> true;
-validate(access, "allow") -> true;
-validate(access, "deny") -> true;
-validate(_, _) -> false.
-
-print_acl({{clientid, Clientid}, Topic, Action, Access, _}) ->
-    emqx_ctl:print(
-        "Acl(clientid = ~p topic = ~p action = ~p access = ~p)~n",
-        [Clientid, Topic, Action, Access]
-      );
-print_acl({{username, Username}, Topic, Action, Access, _}) ->
-    emqx_ctl:print(
-        "Acl(username = ~p topic = ~p action = ~p access = ~p)~n",
-        [Username, Topic, Action, Access]
-      );
-print_acl({all, Topic, Action, Access, _}) ->
-    emqx_ctl:print(
-        "Acl($all topic = ~p action = ~p access = ~p)~n",
-        [Topic, Action, Access]
-     ).
-
-update_permission(Action, Acl0, OldRecords) ->
-    Acl = Acl0 #?TABLE{action = Action},
-    maybe_delete_shadowed_records(Action, OldRecords),
-    mnesia:write(Acl).
-
-maybe_delete_shadowed_records(_, []) ->
-    ok;
-maybe_delete_shadowed_records(Action1, [Rec = #emqx_acl{action = Action2} | Rest]) ->
-    if Action1 =:= Action2 ->
-            ok = mnesia:delete_object(Rec);
-       Action2 =:= pubsub ->
-            %% Perform migration from the old data format on the
-            %% fly. This is needed only for the enterprise version,
-            %% delete this branch on 5.0
-            mnesia:delete_object(Rec),
-            mnesia:write(Rec#?TABLE{action = other_action(Action1)});
-       true ->
-            ok
-    end,
-    maybe_delete_shadowed_records(Action1, Rest).
-
-other_action(pub) -> sub;
-other_action(sub) -> pub.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
deleted file mode 100644
index 8ff574ab5..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_mnesia,
- [{description, "EMQ X Authentication with Mnesia"},
-  {vsn, "4.3.1"}, % strict semver, bump manually
-  {modules, []},
-  {registered, []},
-  {applications, [kernel,stdlib,mnesia]},
-  {mod, {emqx_auth_mnesia_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-mnesia"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
deleted file mode 100644
index 5b26c962c..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
+++ /dev/null
@@ -1,13 +0,0 @@
-%% -*-: erlang -*-
-{VSN,
- [
-   {"4.3.0", [
-     {restart_application, emqx_auth_mnesia}
-   ]}
- ],
- [
-   {"4.3.0", [
-     {restart_application, emqx_auth_mnesia}
-   ]}
- ]
-}.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
deleted file mode 100644
index 905bcaaf0..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
+++ /dev/null
@@ -1,109 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia).
-
--include("emqx_auth_mnesia.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("emqx/include/types.hrl").
-
--include_lib("stdlib/include/ms_transform.hrl").
-
--define(TABLE, emqx_user).
-%% Auth callbacks
--export([ init/1
-        , register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
-init(#{clientid_list := ClientidList, username_list := UsernameList}) ->
-    ok = ekka_mnesia:create_table(?TABLE, [
-            {disc_copies, [node()]},
-            {attributes, record_info(fields, emqx_user)},
-            {storage_properties, [{ets, [{read_concurrency, true}]}]}]),
-    _ = [ add_default_user({{clientid, iolist_to_binary(Clientid)}, iolist_to_binary(Password)})
-      || {Clientid, Password} <- ClientidList],
-    _ = [ add_default_user({{username, iolist_to_binary(Username)}, iolist_to_binary(Password)})
-      || {Username, Password} <- UsernameList],
-    ok = ekka_mnesia:copy_table(?TABLE, disc_copies).
-
-%% @private
-add_default_user({Login, Password}) when is_tuple(Login) ->
-    emqx_auth_mnesia_cli:add_user(Login, Password).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{ clientid := Clientid
-                    , password := NPassword
-                    }, AuthResult, #{hash_type := HashType}) ->
-    Username = maps:get(username, ClientInfo, undefined),
-    MatchSpec = ets:fun2ms(fun({?TABLE, {clientid, X}, Password, InterTime}) when X =:= Clientid-> Password;
-                              ({?TABLE, {username, X}, Password, InterTime}) when X =:= Username andalso X =/= undefined -> Password
-                           end),
-    case ets:select(?TABLE, MatchSpec) of
-        [] ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore)),
-            ok;
-        List ->
-            case match_password(NPassword, HashType, List)  of
-                false ->
-                    ?LOG(error, "[Mnesia] Auth from mnesia failed: ~p", [ClientInfo]),
-                    emqx_metrics:inc(?AUTH_METRICS(failure)),
-                    {stop, AuthResult#{anonymous => false, auth_result => password_error}};
-                _ ->
-                    emqx_metrics:inc(?AUTH_METRICS(success)),
-                    {stop, AuthResult#{anonymous => false, auth_result => success}}
-            end
-    end.
-
-description() -> "Authentication with Mnesia".
-
-match_password(Password, HashType, HashList) ->
-    lists:any(
-      fun(Secret) ->
-        case is_salt_hash(Secret, HashType) of
-            true ->
-                <<Salt:4/binary, Hash/binary>> = Secret,
-                Hash =:= hash(Password, Salt, HashType);
-            _ ->
-                Secret =:= hash(Password, HashType)
-        end
-      end, HashList).
-
-hash(undefined, HashType) ->
-    hash(<<>>, HashType);
-hash(Password, HashType) ->
-    emqx_passwd:hash(HashType, Password).
-
-hash(undefined, SaltBin, HashType) ->
-    hash(<<>>, SaltBin, HashType);
-hash(Password, SaltBin, HashType) ->
-    emqx_passwd:hash(HashType, <<SaltBin/binary, Password/binary>>).
-
-is_salt_hash(_, plain) ->
-    true;
-is_salt_hash(Secret, HashType) ->
-    not (byte_size(Secret) == len(HashType)).
-
-len(md5) -> 32;
-len(sha) -> 40;
-len(sha256) -> 64;
-len(sha512) -> 128.
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl
deleted file mode 100644
index 07ff3bdf5..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_api.erl
+++ /dev/null
@@ -1,305 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_api).
-
--include_lib("stdlib/include/qlc.hrl").
--include_lib("stdlib/include/ms_transform.hrl").
-
--define(TABLE, emqx_user).
-
--import(proplists, [get_value/2]).
--import(minirest,  [return/1]).
--export([paginate/5]).
-
--export([ list_clientid/2
-        , lookup_clientid/2
-        , add_clientid/2
-        , update_clientid/2
-        , delete_clientid/2
-        ]).
-
--rest_api(#{name   => list_clientid,
-            method => 'GET',
-            path   => "/auth_clientid",
-            func   => list_clientid,
-            descr  => "List available clientid in the cluster"
-           }).
-
--rest_api(#{name   => lookup_clientid,
-            method => 'GET',
-            path   => "/auth_clientid/:bin:clientid",
-            func   => lookup_clientid,
-            descr  => "Lookup clientid in the cluster"
-           }).
-
--rest_api(#{name   => add_clientid,
-            method => 'POST',
-            path   => "/auth_clientid",
-            func   => add_clientid,
-            descr  => "Add clientid in the cluster"
-           }).
-
--rest_api(#{name   => update_clientid,
-            method => 'PUT',
-            path   => "/auth_clientid/:bin:clientid",
-            func   => update_clientid,
-            descr  => "Update clientid in the cluster"
-           }).
-
--rest_api(#{name   => delete_clientid,
-            method => 'DELETE',
-            path   => "/auth_clientid/:bin:clientid",
-            func   => delete_clientid,
-            descr  => "Delete clientid in the cluster"
-           }).
-
--export([ list_username/2
-        , lookup_username/2
-        , add_username/2
-        , update_username/2
-        , delete_username/2
-        ]).
-
--rest_api(#{name   => list_username,
-            method => 'GET',
-            path   => "/auth_username",
-            func   => list_username,
-            descr  => "List available username in the cluster"
-           }).
-
--rest_api(#{name   => lookup_username,
-            method => 'GET',
-            path   => "/auth_username/:bin:username",
-            func   => lookup_username,
-            descr  => "Lookup username in the cluster"
-           }).
-
--rest_api(#{name   => add_username,
-            method => 'POST',
-            path   => "/auth_username",
-            func   => add_username,
-            descr  => "Add username in the cluster"
-           }).
-
--rest_api(#{name   => update_username,
-            method => 'PUT',
-            path   => "/auth_username/:bin:username",
-            func   => update_username,
-            descr  => "Update username in the cluster"
-           }).
-
--rest_api(#{name   => delete_username,
-            method => 'DELETE',
-            path   => "/auth_username/:bin:username",
-            func   => delete_username,
-            descr  => "Delete username in the cluster"
-           }).
-
-%%------------------------------------------------------------------------------
-%% Auth Clientid Api
-%%------------------------------------------------------------------------------
-
-list_clientid(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(fun({?TABLE, {clientid, Clientid}, Password, CreatedAt}) -> {?TABLE, {clientid, Clientid}, Password, CreatedAt} end),
-    return({ok, paginate(?TABLE, MatchSpec, Params, fun emqx_auth_mnesia_cli:comparing/2, fun({?TABLE, {clientid, X}, _, _}) -> #{clientid => X} end)}).
-
-lookup_clientid(#{clientid := Clientid}, _Params) ->
-    return({ok, format(emqx_auth_mnesia_cli:lookup_user({clientid, urldecode(Clientid)}))}).
-
-add_clientid(_Bindings, Params) ->
-    [ P | _] = Params,
-    case is_list(P) of
-        true -> return(do_add_clientid(Params, []));
-        false ->
-            Re = do_add_clientid(Params),
-            case Re of
-                ok -> return(ok);
-                {error, Error} -> return({error, format_msg(Error)})
-            end
-    end.
-
-do_add_clientid([ Params | ParamsN ], ReList ) ->
-    Clientid = urldecode(get_value(<<"clientid">>, Params)),
-    do_add_clientid(ParamsN, [{Clientid, format_msg(do_add_clientid(Params))} | ReList]);
-
-do_add_clientid([], ReList) ->
-    {ok, ReList}.
-
-do_add_clientid(Params) ->
-    Clientid = urldecode(get_value(<<"clientid">>, Params)),
-    Password = urldecode(get_value(<<"password">>, Params)),
-    Login = {clientid, Clientid},
-    case validate([login, password], [Login, Password]) of
-        ok ->
-            emqx_auth_mnesia_cli:add_user(Login, Password);
-        Err -> Err
-    end.
-
-update_clientid(#{clientid := Clientid}, Params) ->
-    Password = get_value(<<"password">>, Params),
-    case validate([password], [Password]) of
-        ok -> return(emqx_auth_mnesia_cli:update_user({clientid, urldecode(Clientid)}, urldecode(Password)));
-        Err -> return(Err)
-    end.
-
-delete_clientid(#{clientid := Clientid}, _) ->
-    return(emqx_auth_mnesia_cli:remove_user({clientid, urldecode(Clientid)})).
-
-%%------------------------------------------------------------------------------
-%% Auth Username Api
-%%------------------------------------------------------------------------------
-
-list_username(_Bindings, Params) ->
-    MatchSpec = ets:fun2ms(fun({?TABLE, {username, Username}, Password, CreatedAt}) -> {?TABLE, {username, Username}, Password, CreatedAt} end),
-    return({ok, paginate(?TABLE, MatchSpec, Params, fun emqx_auth_mnesia_cli:comparing/2, fun({?TABLE, {username, X}, _, _}) -> #{username => X} end)}).
-
-lookup_username(#{username := Username}, _Params) ->
-    return({ok, format(emqx_auth_mnesia_cli:lookup_user({username, urldecode(Username)}))}).
-
-add_username(_Bindings, Params) ->
-    [ P | _] = Params,
-    case is_list(P) of
-        true -> return(do_add_username(Params, []));
-        false ->
-            case do_add_username(Params) of
-                ok -> return(ok);
-                {error, Error} -> return({error, format_msg(Error)})
-            end
-    end.
-
-do_add_username([ Params | ParamsN ], ReList ) ->
-    Username = urldecode(get_value(<<"username">>, Params)),
-    do_add_username(ParamsN, [{Username, format_msg(do_add_username(Params))} | ReList]);
-
-do_add_username([], ReList) ->
-    {ok, ReList}.
-
-do_add_username(Params) ->
-    Username = urldecode(get_value(<<"username">>, Params)),
-    Password = urldecode(get_value(<<"password">>, Params)),
-    Login = {username, Username},
-    case validate([login, password], [Login, Password]) of
-        ok ->
-            emqx_auth_mnesia_cli:add_user(Login, Password);
-        Err -> Err
-    end.
-
-update_username(#{username := Username}, Params) ->
-    Password = get_value(<<"password">>, Params),
-    case validate([password], [Password]) of
-        ok -> return(emqx_auth_mnesia_cli:update_user({username, urldecode(Username)}, urldecode(Password)));
-        Err -> return(Err)
-    end.
-
-delete_username(#{username := Username}, _) ->
-    return(emqx_auth_mnesia_cli:remove_user({username, urldecode(Username)})).
-
-%%------------------------------------------------------------------------------
-%% Paging Query
-%%------------------------------------------------------------------------------
-
-paginate(Tables, MatchSpec, Params, ComparingFun, RowFun) ->
-    Qh = query_handle(Tables, MatchSpec),
-    Count = count(Tables, MatchSpec),
-    Page = page(Params),
-    Limit = limit(Params),
-    Cursor = qlc:cursor(Qh),
-    case Page > 1 of
-        true  ->
-            _ = qlc:next_answers(Cursor, (Page - 1) * Limit),
-            ok;
-        false -> ok
-    end,
-    Rows = qlc:next_answers(Cursor, Limit),
-    qlc:delete_cursor(Cursor),
-    #{meta  => #{page => Page, limit => Limit, count => Count},
-      data  => [RowFun(Row) || Row <- lists:sort(ComparingFun, Rows)]}.
-
-query_handle(Table, MatchSpec) when is_atom(Table) ->
-    Options = {traverse, {select, MatchSpec}},
-    qlc:q([R|| R <- ets:table(Table, Options)]);
-query_handle([Table], MatchSpec) when is_atom(Table) ->
-    Options = {traverse, {select, MatchSpec}},
-    qlc:q([R|| R <- ets:table(Table, Options)]);
-query_handle(Tables, MatchSpec) ->
-    Options = {traverse, {select, MatchSpec}},
-    qlc:append([qlc:q([E || E <- ets:table(T, Options)]) || T <- Tables]).
-
-count(Table, MatchSpec) when is_atom(Table) ->
-    [{MatchPattern, Where, _Re}] = MatchSpec,
-    NMatchSpec = [{MatchPattern, Where, [true]}],
-    ets:select_count(Table, NMatchSpec);
-count([Table], MatchSpec) when is_atom(Table) ->
-    [{MatchPattern, Where, _Re}] = MatchSpec,
-    NMatchSpec = [{MatchPattern, Where, [true]}],
-    ets:select_count(Table, NMatchSpec);
-count(Tables, MatchSpec) ->
-    lists:sum([count(T, MatchSpec) || T <- Tables]).
-
-page(Params) ->
-    binary_to_integer(proplists:get_value(<<"_page">>, Params, <<"1">>)).
-
-limit(Params) ->
-    case proplists:get_value(<<"_limit">>, Params) of
-        undefined -> 10;
-        Size      -> binary_to_integer(Size)
-    end.
-
-%%------------------------------------------------------------------------------
-%% Interval Funcs
-%%------------------------------------------------------------------------------
-
-format([{?TABLE, {clientid, ClientId}, Password, _InterTime}]) ->
-    #{clientid => ClientId,
-      password => Password};
-
-format([{?TABLE, {username, Username}, Password, _InterTime}]) ->
-    #{username => Username,
-      password => Password};
-
-format([]) ->
-    #{}.
-
-validate([], []) ->
-    ok;
-validate([K|Keys], [V|Values]) ->
-   case do_validation(K, V) of
-       false -> {error, K};
-       true  -> validate(Keys, Values)
-   end.
-
-do_validation(login, {clientid, V}) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(login, {username, V}) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(password, V) when is_binary(V)
-                     andalso byte_size(V) > 0 ->
-    true;
-do_validation(_, _) ->
-    false.
-
-format_msg(Message)
-  when is_atom(Message);
-       is_binary(Message) -> Message;
-
-format_msg(Message) when is_tuple(Message) ->
-    iolist_to_binary(io_lib:format("~p", [Message])).
-
-urldecode(S) ->
-    emqx_http_lib:uri_decode(S).
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
deleted file mode 100644
index 91f4bdf4f..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_app.erl
+++ /dev/null
@@ -1,68 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_mnesia.hrl").
-
-%% Application callbacks
--export([ start/2
-        , prep_stop/1
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_mnesia_sup:start_link(),
-    emqx_ctl:register_command(clientid, {emqx_auth_mnesia_cli, auth_clientid_cli}, []),
-    emqx_ctl:register_command(user, {emqx_auth_mnesia_cli, auth_username_cli}, []),
-    emqx_ctl:register_command(acl, {emqx_acl_mnesia_cli, cli}, []),
-    _ = load_auth_hook(),
-    _ = load_acl_hook(),
-    {ok, Sup}.
-
-prep_stop(State) ->
-    emqx:unhook('client.authenticate', {emqx_auth_mnesia, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_mnesia, check_acl}),
-    emqx_ctl:unregister_command(clientid),
-    emqx_ctl:unregister_command(user),
-    emqx_ctl:unregister_command(acl),
-    State.
-
-stop(_State) ->
-    ok.
-
-load_auth_hook() ->
-    ClientidList = application:get_env(?APP, clientid_list, []),
-    UsernameList = application:get_env(?APP, username_list, []),
-    ok = emqx_auth_mnesia:init(#{clientid_list => ClientidList, username_list => UsernameList}),
-    ok = emqx_auth_mnesia:register_metrics(),
-    Params = #{
-            hash_type => application:get_env(emqx_auth_mnesia, password_hash, sha256)
-            },
-    emqx:hook('client.authenticate', {emqx_auth_mnesia, check, [Params]}).
-
-load_acl_hook() ->
-    ok = emqx_acl_mnesia:init(),
-    ok = emqx_acl_mnesia:register_metrics(),
-    emqx:hook('client.check_acl', {emqx_acl_mnesia, check_acl, [#{}]}).
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
deleted file mode 100644
index d89e6836c..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_cli.erl
+++ /dev/null
@@ -1,194 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_cli).
-
--include("emqx_auth_mnesia.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("stdlib/include/ms_transform.hrl").
--define(TABLE, emqx_user).
-%% Auth APIs
--export([ add_user/2
-        , update_user/2
-        , remove_user/1
-        , lookup_user/1
-        , all_users/0
-        , all_users/1
-        ]).
-%% Cli
--export([ auth_clientid_cli/1
-        , auth_username_cli/1
-        ]).
-
-%% Helper
--export([comparing/2]).
-
-%%--------------------------------------------------------------------
-%% Auth APIs
-%%--------------------------------------------------------------------
-
-%% @doc Add User
--spec(add_user(tuple(), binary()) -> ok | {error, any()}).
-add_user(Login, Password) ->
-    User = #emqx_user{
-              login = Login,
-              password = encrypted_data(Password),
-              created_at = erlang:system_time(millisecond)
-             },
-    ret(mnesia:transaction(fun insert_user/1, [User])).
-
-insert_user(User = #emqx_user{login = Login}) ->
-    case mnesia:read(?TABLE, Login) of
-        []    -> mnesia:write(User);
-        [_|_] -> mnesia:abort(existed)
-    end.
-
-%% @doc Update User
--spec(update_user(tuple(), binary()) -> ok | {error, any()}).
-update_user(Login, NewPassword) ->
-    ret(mnesia:transaction(fun do_update_user/2, [Login, encrypted_data(NewPassword)])).
-
-do_update_user(Login, NewPassword) ->
-    case mnesia:read(?TABLE, Login) of
-        [#emqx_user{} = User] ->
-            mnesia:write(User#emqx_user{password = NewPassword});
-        [] -> mnesia:abort(noexisted)
-    end.
-
-%% @doc Lookup user by login
--spec(lookup_user(tuple()) -> list()).
-lookup_user(undefined) -> [];
-lookup_user(Login) ->
-    Re = mnesia:dirty_read(?TABLE, Login),
-    lists:sort(fun comparing/2, Re).
-
-%% @doc Remove user
--spec(remove_user(tuple()) -> ok | {error, any()}).
-remove_user(Login) ->
-    ret(mnesia:transaction(fun mnesia:delete/1, [{?TABLE, Login}])).
-
-%% @doc All logins
--spec(all_users() -> list()).
-all_users() -> mnesia:dirty_all_keys(?TABLE).
-
-all_users(clientid) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {clientid, Clientid}, Password, CreatedAt}) ->
-                          {?TABLE, {clientid, Clientid}, Password, CreatedAt}
-                  end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec));
-all_users(username) ->
-    MatchSpec = ets:fun2ms(
-                  fun({?TABLE, {username, Username}, Password, CreatedAt}) ->
-                          {?TABLE, {username, Username}, Password, CreatedAt}
-                  end),
-    lists:sort(fun comparing/2, ets:select(?TABLE, MatchSpec)).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-comparing({?TABLE, _, _, CreatedAt1},
-          {?TABLE, _, _, CreatedAt2}) ->
-    CreatedAt1 >= CreatedAt2.
-
-ret({atomic, ok})     -> ok;
-ret({aborted, Error}) -> {error, Error}.
-
-encrypted_data(Password) ->
-    HashType = application:get_env(emqx_auth_mnesia, password_hash, sha256),
-    SaltBin = salt(),
-    <<SaltBin/binary, (hash(Password, SaltBin, HashType))/binary>>.
-
-hash(undefined, SaltBin, HashType) ->
-    hash(<<>>, SaltBin, HashType);
-hash(Password, SaltBin, HashType) ->
-    emqx_passwd:hash(HashType, <<SaltBin/binary, Password/binary>>).
-
-salt() ->
-    {_AlgHandler, _AlgState} = rand:seed(exsplus, erlang:timestamp()),
-    Salt = rand:uniform(16#ffffffff), <<Salt:32>>.
-
-%%--------------------------------------------------------------------
-%% Auth Clientid Cli
-%%--------------------------------------------------------------------
-
-auth_clientid_cli(["list"]) ->
-    [emqx_ctl:print("~s~n", [ClientId])
-     || {?TABLE, {clientid, ClientId}, _Password, _CreatedAt} <- all_users(clientid)
-    ];
-
-auth_clientid_cli(["add", ClientId, Password]) ->
-    case add_user({clientid, iolist_to_binary(ClientId)}, iolist_to_binary(Password)) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_clientid_cli(["update", ClientId, NewPassword]) ->
-    case update_user({clientid, iolist_to_binary(ClientId)}, iolist_to_binary(NewPassword)) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_clientid_cli(["del", ClientId]) ->
-    auth_clientid_cli(["delete", ClientId]);
-
-auth_clientid_cli(["delete", ClientId]) ->
-    case  remove_user({clientid, iolist_to_binary(ClientId)}) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_clientid_cli(_) ->
-    emqx_ctl:usage([{"clientid list", "List clientid auth rules"},
-                    {"clientid add <Username> <Password>", "Add clientid auth rule"},
-                    {"clientid update <Username> <NewPassword>", "Update clientid auth rule"},
-                    {"clientid delete <Username>", "Delete clientid auth rule"}]).
-
-%%--------------------------------------------------------------------
-%% Auth Username Cli
-%%--------------------------------------------------------------------
-
-auth_username_cli(["list"]) ->
-    [emqx_ctl:print("~s~n", [Username])
-     || {?TABLE, {username, Username}, _Password, _CreatedAt} <- all_users(username)
-    ];
-
-auth_username_cli(["add", Username, Password]) ->
-    case add_user({username, iolist_to_binary(Username)}, iolist_to_binary(Password)) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_username_cli(["update", Username, NewPassword]) ->
-    case update_user({username, iolist_to_binary(Username)}, iolist_to_binary(NewPassword)) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-auth_username_cli(["del", Username]) ->
-    auth_username_cli(["delete", Username]);
-
-auth_username_cli(["delete", Username]) ->
-    case  remove_user({username, iolist_to_binary(Username)}) of
-        ok -> emqx_ctl:print("ok~n");
-        {error, Reason} -> emqx_ctl:print("Error: ~p~n", [Reason])
-    end;
-
-auth_username_cli(_) ->
-    emqx_ctl:usage([{"user list", "List username auth rules"},
-                    {"user add <Username> <Password>", "Add username auth rule"},
-                    {"user update <Username> <NewPassword>", "Update username auth rule"},
-                    {"user delete <Username>", "Delete username auth rule"}]).
diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl
deleted file mode 100644
index 3784eaaf6..000000000
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia_sup.erl
+++ /dev/null
@@ -1,36 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_mnesia.hrl").
-
--export([start_link/0]).
-
-%% Supervisor callbacks
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-%%--------------------------------------------------------------------
-%% Supervisor callbacks
-%%--------------------------------------------------------------------
-
-init([]) ->
-    {ok, {{one_for_one, 10, 100}, []}}.
\ No newline at end of file
diff --git a/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl b/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
deleted file mode 100644
index f7994387b..000000000
--- a/apps/emqx_auth_mnesia/test/emqx_acl_mnesia_SUITE.erl
+++ /dev/null
@@ -1,293 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mnesia_SUITE).
-
--compile(nowarn_export_all).
--compile(export_all).
-
--include("emqx_auth_mnesia.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--import(emqx_ct_http, [ request_api/3
-                      , request_api/5
-                      , get_http_data/1
-                      , create_default_app/0
-                      , delete_default_app/0
-                      , default_auth_header/0
-                      ]).
-
--define(HOST, "http://127.0.0.1:8081/").
--define(API_VERSION, "v4").
--define(BASE_PATH, "api").
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-groups() ->
-    [].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_modules, emqx_management, emqx_auth_mnesia], fun set_special_configs/1),
-    create_default_app(),
-    Config.
-
-end_per_suite(_Config) ->
-    delete_default_app(),
-    emqx_ct_helpers:stop_apps([emqx_modules, emqx_management, emqx_auth_mnesia]).
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, true),
-    application:set_env(emqx, enable_acl_cache, false),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(_App) ->
-    ok.
-
-%%------------------------------------------------------------------------------
-%% Testcases
-%%------------------------------------------------------------------------------
-
-t_management(_Config) ->
-    clean_all_acls(),
-    ?assertEqual("Acl with Mnesia", emqx_acl_mnesia:description()),
-    ?assertEqual([], emqx_acl_mnesia_cli:all_acls()),
-
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/%c">>, sub, allow),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/+">>, pub, deny),
-    ok = emqx_acl_mnesia_cli:add_acl({username, <<"test_username">>}, <<"topic/%u">>, sub, deny),
-    ok = emqx_acl_mnesia_cli:add_acl({username, <<"test_username">>}, <<"topic/+">>, pub, allow),
-    ok = emqx_acl_mnesia_cli:add_acl(all, <<"#">>, pubsub, deny),
-    %% Sleeps below are needed to hide the race condition between
-    %% mnesia and ets dirty select in check_acl, that make this test
-    %% flaky
-    timer:sleep(100),
-
-    ?assertEqual(2, length(emqx_acl_mnesia_cli:lookup_acl({clientid, <<"test_clientid">>}))),
-    ?assertEqual(2, length(emqx_acl_mnesia_cli:lookup_acl({username, <<"test_username">>}))),
-    ?assertEqual(2, length(emqx_acl_mnesia_cli:lookup_acl(all))),
-    ?assertEqual(6, length(emqx_acl_mnesia_cli:all_acls())),
-
-    User1 = #{zone => external, clientid => <<"test_clientid">>},
-    User2 = #{zone => external, clientid => <<"no_exist">>, username => <<"test_username">>},
-    User3 = #{zone => external, clientid => <<"test_clientid">>, username => <<"test_username">>},
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"topic/test_clientid">>),
-    deny  = emqx_access_control:check_acl(User1, publish,   <<"topic/A">>),
-    deny  = emqx_access_control:check_acl(User2, subscribe, <<"topic/test_username">>),
-    allow = emqx_access_control:check_acl(User2, publish,   <<"topic/A">>),
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"topic/test_clientid">>),
-    deny  = emqx_access_control:check_acl(User3, subscribe, <<"topic/test_username">>),
-    deny  = emqx_access_control:check_acl(User3, publish,   <<"topic/A">>),
-    deny  = emqx_access_control:check_acl(User3, subscribe, <<"topic/A/B">>),
-    deny  = emqx_access_control:check_acl(User3, publish,   <<"topic/A/B">>),
-
-    %% Test merging of pubsub capability:
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pubsub, deny),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    deny  = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pub, allow),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    allow = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pubsub, allow),
-    timer:sleep(100),
-    allow = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    allow = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, sub, deny),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    allow = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pub, deny),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    deny  = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-
-    %% Test implicit migration of pubsub to pub and sub:
-    ok = emqx_acl_mnesia_cli:remove_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>),
-    ok = mnesia:dirty_write(#emqx_acl{
-                               filter = {{clientid, <<"test_clientid">>}, <<"topic/mix">>},
-                               action = pubsub,
-                               access = allow,
-                               created_at = erlang:system_time(millisecond)
-                              }),
-    timer:sleep(100),
-    allow = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    allow = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, pub, deny),
-    timer:sleep(100),
-    allow = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    deny  = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:add_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>, sub, deny),
-    timer:sleep(100),
-    deny  = emqx_access_control:check_acl(User1, subscribe,   <<"topic/mix">>),
-    deny  = emqx_access_control:check_acl(User1, publish,     <<"topic/mix">>),
-
-    ok = emqx_acl_mnesia_cli:remove_acl({clientid, <<"test_clientid">>}, <<"topic/%c">>),
-    ok = emqx_acl_mnesia_cli:remove_acl({clientid, <<"test_clientid">>}, <<"topic/+">>),
-    ok = emqx_acl_mnesia_cli:remove_acl({clientid, <<"test_clientid">>}, <<"topic/mix">>),
-    ok = emqx_acl_mnesia_cli:remove_acl({username, <<"test_username">>}, <<"topic/%u">>),
-    ok = emqx_acl_mnesia_cli:remove_acl({username, <<"test_username">>}, <<"topic/+">>),
-    ok = emqx_acl_mnesia_cli:remove_acl(all, <<"#">>),
-    timer:sleep(100),
-
-    ?assertEqual([], emqx_acl_mnesia_cli:all_acls()).
-
-t_acl_cli(_Config) ->
-    meck:new(emqx_ctl, [non_strict, passthrough]),
-    meck:expect(emqx_ctl, print, fun(Arg) -> emqx_ctl:format(Arg) end),
-    meck:expect(emqx_ctl, print, fun(Msg, Arg) -> emqx_ctl:format(Msg, Arg) end),
-    meck:expect(emqx_ctl, usage, fun(Usages) -> emqx_ctl:format_usage(Usages) end),
-    meck:expect(emqx_ctl, usage, fun(Cmd, Descr) -> emqx_ctl:format_usage(Cmd, Descr) end),
-
-    clean_all_acls(),
-
-    ?assertEqual(0, length(emqx_acl_mnesia_cli:cli(["list"]))),
-
-    emqx_acl_mnesia_cli:cli(["add", "clientid", "test_clientid", "topic/A", "pub", "deny"]),
-    emqx_acl_mnesia_cli:cli(["add", "clientid", "test_clientid", "topic/A", "pub", "allow"]),
-    R1 = emqx_ctl:format("Acl(clientid = ~p topic = ~p action = ~p access = ~p)~n",
-                         [<<"test_clientid">>, <<"topic/A">>, pub, allow]),
-    ?assertEqual([R1], emqx_acl_mnesia_cli:cli(["show", "clientid", "test_clientid"])),
-    ?assertEqual([R1], emqx_acl_mnesia_cli:cli(["list", "clientid"])),
-
-    emqx_acl_mnesia_cli:cli(["add", "username", "test_username", "topic/B", "sub", "deny"]),
-    R2 = emqx_ctl:format("Acl(username = ~p topic = ~p action = ~p access = ~p)~n",
-                         [<<"test_username">>, <<"topic/B">>, sub, deny]),
-    ?assertEqual([R2], emqx_acl_mnesia_cli:cli(["show", "username", "test_username"])),
-    ?assertEqual([R2], emqx_acl_mnesia_cli:cli(["list", "username"])),
-
-    emqx_acl_mnesia_cli:cli(["add", "_all", "#", "pub", "allow"]),
-    emqx_acl_mnesia_cli:cli(["add", "_all", "#", "pubsub", "deny"]),
-    ?assertMatch(["",
-                  "Acl($all topic = <<\"#\">> action = pub access = deny)",
-                  "Acl($all topic = <<\"#\">> action = sub access = deny)"],
-                 lists:sort(string:split(emqx_acl_mnesia_cli:cli(["list", "_all"]), "\n", all))
-                ),
-    ?assertEqual(4, length(emqx_acl_mnesia_cli:cli(["list"]))),
-
-    emqx_acl_mnesia_cli:cli(["del", "clientid", "test_clientid", "topic/A"]),
-    emqx_acl_mnesia_cli:cli(["del", "username", "test_username", "topic/B"]),
-    emqx_acl_mnesia_cli:cli(["del", "_all", "#"]),
-    ?assertEqual(0, length(emqx_acl_mnesia_cli:cli(["list"]))),
-
-    meck:unload(emqx_ctl).
-
-t_rest_api(_Config) ->
-    clean_all_acls(),
-
-    Params1 = [#{<<"clientid">> => <<"test_clientid">>,
-                 <<"topic">> => <<"topic/A">>,
-                 <<"action">> => <<"pub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"clientid">> => <<"test_clientid">>,
-                 <<"topic">> => <<"topic/B">>,
-                 <<"action">> => <<"sub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"clientid">> => <<"test_clientid">>,
-                 <<"topic">> => <<"topic/C">>,
-                 <<"action">> => <<"pubsub">>,
-                 <<"access">> => <<"deny">>
-                }],
-    {ok, _} = request_http_rest_add([], Params1),
-    {ok, Re1} = request_http_rest_list(["clientid", "test_clientid"]),
-    ?assertMatch(4, length(get_http_data(Re1))),
-    {ok, _} = request_http_rest_delete(["clientid", "test_clientid", "topic", "topic/A"]),
-    {ok, _} = request_http_rest_delete(["clientid", "test_clientid", "topic", "topic/B"]),
-    {ok, _} = request_http_rest_delete(["clientid", "test_clientid", "topic", "topic/C"]),
-    {ok, Res1} = request_http_rest_list(["clientid"]),
-    ?assertMatch([], get_http_data(Res1)),
-
-    Params2 = [#{<<"username">> => <<"test_username">>,
-                 <<"topic">> => <<"topic/A">>,
-                 <<"action">> => <<"pub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"username">> => <<"test_username">>,
-                 <<"topic">> => <<"topic/B">>,
-                 <<"action">> => <<"sub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"username">> => <<"test_username">>,
-                 <<"topic">> => <<"topic/C">>,
-                 <<"action">> => <<"pubsub">>,
-                 <<"access">> => <<"deny">>
-                }],
-    {ok, _} = request_http_rest_add([], Params2),
-    {ok, Re2} = request_http_rest_list(["username", "test_username"]),
-    ?assertMatch(4, length(get_http_data(Re2))),
-    {ok, _} = request_http_rest_delete(["username", "test_username", "topic", "topic/A"]),
-    {ok, _} = request_http_rest_delete(["username", "test_username", "topic", "topic/B"]),
-    {ok, _} = request_http_rest_delete(["username", "test_username", "topic", "topic/C"]),
-    {ok, Res2} = request_http_rest_list(["username"]),
-    ?assertMatch([], get_http_data(Res2)),
-
-    Params3 = [#{<<"topic">> => <<"topic/A">>,
-                 <<"action">> => <<"pub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"topic">> => <<"topic/B">>,
-                 <<"action">> => <<"sub">>,
-                 <<"access">> => <<"allow">>
-                },
-               #{<<"topic">> => <<"topic/C">>,
-                 <<"action">> => <<"pubsub">>,
-                 <<"access">> => <<"deny">>
-                }],
-    {ok, _} = request_http_rest_add([], Params3),
-    {ok, Re3} = request_http_rest_list(["$all"]),
-    ?assertMatch(4, length(get_http_data(Re3))),
-    {ok, _} = request_http_rest_delete(["$all", "topic", "topic/A"]),
-    {ok, _} = request_http_rest_delete(["$all", "topic", "topic/B"]),
-    {ok, _} = request_http_rest_delete(["$all", "topic", "topic/C"]),
-    {ok, Res3} = request_http_rest_list(["$all"]),
-    ?assertMatch([], get_http_data(Res3)).
-
-%%------------------------------------------------------------------------------
-%% Helpers
-%%------------------------------------------------------------------------------
-
-clean_all_acls() ->
-    [ mnesia:dirty_delete({emqx_acl, Login})
-      || Login <- mnesia:dirty_all_keys(emqx_acl)].
-
-%%--------------------------------------------------------------------
-%% HTTP Request
-%%--------------------------------------------------------------------
-
-request_http_rest_list(Path) ->
-    request_api(get, uri(Path), default_auth_header()).
-
-request_http_rest_lookup(Path) ->
-    request_api(get, uri(Path), default_auth_header()).
-
-request_http_rest_add(Path, Params) ->
-    request_api(post, uri(Path), [], default_auth_header(), Params).
-
-request_http_rest_delete(Path) ->
-    request_api(delete, uri(Path), default_auth_header()).
-
-uri() -> uri([]).
-uri(Parts) when is_list(Parts) ->
-    NParts = [b2l(E) || E <- Parts],
-    ?HOST ++ filename:join([?BASE_PATH, ?API_VERSION, "acl"| NParts]).
-
-b2l(B) -> binary_to_list(emqx_http_lib:uri_encode(iolist_to_binary(B))).
diff --git a/apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl b/apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl
deleted file mode 100644
index c5c0eb727..000000000
--- a/apps/emqx_auth_mnesia/test/emqx_auth_mnesia_SUITE.erl
+++ /dev/null
@@ -1,318 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%% http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_SUITE).
-
--compile(nowarn_export_all).
--compile(export_all).
-
--include("emqx_auth_mnesia.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--import(emqx_ct_http, [ request_api/3
-                      , request_api/5
-                      , get_http_data/1
-                      , create_default_app/0
-                      , delete_default_app/0
-                      , default_auth_header/0
-                      ]).
-
--define(HOST, "http://127.0.0.1:8081/").
--define(API_VERSION, "v4").
--define(BASE_PATH, "api").
-
--define(TABLE, emqx_user).
--define(CLIENTID,  <<"clientid_for_ct">>).
--define(USERNAME,  <<"username_for_ct">>).
--define(PASSWORD,  <<"password">>).
--define(NPASSWORD, <<"new_password">>).
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-groups() ->
-    [].
-
-init_per_suite(Config) ->
-    ok = emqx_ct_helpers:start_apps([emqx_management, emqx_auth_mnesia], fun set_special_configs/1),
-    create_default_app(),
-    Config.
-
-end_per_suite(_Config) ->
-    delete_default_app(),
-    emqx_ct_helpers:stop_apps([emqx_management, emqx_auth_mnesia]).
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, true),
-    application:set_env(emqx, enable_acl_cache, false),
-    LoadedPluginPath = filename:join(["test", "emqx_SUITE_data", "loaded_plugins"]),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, LoadedPluginPath));
-
-set_special_configs(_App) ->
-    ok.
-
-%%------------------------------------------------------------------------------
-%% Testcases
-%%------------------------------------------------------------------------------
-
-t_management(_Config) ->
-    clean_all_users(),
-
-    ok = emqx_auth_mnesia_cli:add_user({username, ?USERNAME}, ?PASSWORD),
-    {error, existed} = emqx_auth_mnesia_cli:add_user({username, ?USERNAME}, ?PASSWORD),
-    ?assertMatch([{?TABLE, {username, ?USERNAME}, _, _}],
-                 emqx_auth_mnesia_cli:all_users(username)
-                ),
-
-    ok = emqx_auth_mnesia_cli:add_user({clientid, ?CLIENTID}, ?PASSWORD),
-    {error, existed} = emqx_auth_mnesia_cli:add_user({clientid, ?CLIENTID}, ?PASSWORD),
-    ?assertMatch([{?TABLE, {clientid, ?CLIENTID}, _, _}],
-                 emqx_auth_mnesia_cli:all_users(clientid)
-                ),
-
-    ?assertEqual(2, length(emqx_auth_mnesia_cli:all_users())),
-
-    ok = emqx_auth_mnesia_cli:update_user({username, ?USERNAME}, ?NPASSWORD),
-    {error, noexisted} = emqx_auth_mnesia_cli:update_user(
-                          {username, <<"no_existed_user">>}, ?PASSWORD
-                         ),
-
-    ok = emqx_auth_mnesia_cli:update_user({clientid, ?CLIENTID}, ?NPASSWORD),
-    {error, noexisted} = emqx_auth_mnesia_cli:update_user(
-                          {clientid, <<"no_existed_user">>}, ?PASSWORD
-                         ),
-
-    ?assertMatch([{?TABLE, {username, ?USERNAME}, _, _}],
-                 emqx_auth_mnesia_cli:lookup_user({username, ?USERNAME})
-                ),
-    ?assertMatch([{?TABLE, {clientid, ?CLIENTID}, _, _}],
-                 emqx_auth_mnesia_cli:lookup_user({clientid, ?CLIENTID})
-                ),
-
-    User1 = #{username => ?USERNAME,
-              clientid => undefined,
-              password => ?NPASSWORD,
-              zone     => external},
-
-    {ok, #{auth_result := success,
-           anonymous := false}} = emqx_access_control:authenticate(User1),
-
-    {error, password_error} = emqx_access_control:authenticate(
-                               User1#{password => <<"error_password">>}
-                              ),
-
-    ok = emqx_auth_mnesia_cli:remove_user({username, ?USERNAME}),
-    {ok, #{auth_result := success,
-           anonymous := true }} = emqx_access_control:authenticate(User1),
-
-    User2 = #{clientid => ?CLIENTID,
-              password => ?NPASSWORD,
-              zone     => external},
-
-    {ok, #{auth_result := success,
-           anonymous := false}} = emqx_access_control:authenticate(User2),
-
-    {error, password_error} = emqx_access_control:authenticate(
-                               User2#{password => <<"error_password">>}
-                              ),
-
-    ok = emqx_auth_mnesia_cli:remove_user({clientid, ?CLIENTID}),
-    {ok, #{auth_result := success,
-           anonymous := true }} = emqx_access_control:authenticate(User2),
-
-    [] = emqx_auth_mnesia_cli:all_users().
-
-t_auth_clientid_cli(_) ->
-    clean_all_users(),
-
-    HashType = application:get_env(emqx_auth_mnesia, password_hash, sha256),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(["add", ?CLIENTID, ?PASSWORD]),
-    [{_, {clientid, ?CLIENTID},
-      <<Salt:4/binary, Hash/binary>>,
-      _}] = emqx_auth_mnesia_cli:lookup_user({clientid, ?CLIENTID}),
-    ?assertEqual(Hash, emqx_passwd:hash(HashType, <<Salt/binary, ?PASSWORD/binary>>)),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(["update", ?CLIENTID, ?NPASSWORD]),
-    [{_, {clientid, ?CLIENTID},
-      <<Salt1:4/binary, Hash1/binary>>,
-      _}] = emqx_auth_mnesia_cli:lookup_user({clientid, ?CLIENTID}),
-    ?assertEqual(Hash1, emqx_passwd:hash(HashType, <<Salt1/binary, ?NPASSWORD/binary>>)),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(["del", ?CLIENTID]),
-    ?assertEqual([], emqx_auth_mnesia_cli:lookup_user(?CLIENTID)),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(["add", "user1", "pass1"]),
-    emqx_auth_mnesia_cli:auth_clientid_cli(["add", "user2", "pass2"]),
-    ?assertEqual(2, length(emqx_auth_mnesia_cli:auth_clientid_cli(["list"]))),
-
-    emqx_auth_mnesia_cli:auth_clientid_cli(usage).
-
-t_auth_username_cli(_) ->
-    clean_all_users(),
-
-    HashType = application:get_env(emqx_auth_mnesia, password_hash, sha256),
-
-    emqx_auth_mnesia_cli:auth_username_cli(["add", ?USERNAME, ?PASSWORD]),
-    [{_, {username, ?USERNAME},
-      <<Salt:4/binary, Hash/binary>>,
-      _}] = emqx_auth_mnesia_cli:lookup_user({username, ?USERNAME}),
-    ?assertEqual(Hash, emqx_passwd:hash(HashType, <<Salt/binary, ?PASSWORD/binary>>)),
-
-    emqx_auth_mnesia_cli:auth_username_cli(["update", ?USERNAME, ?NPASSWORD]),
-    [{_, {username, ?USERNAME},
-      <<Salt1:4/binary, Hash1/binary>>,
-      _}] = emqx_auth_mnesia_cli:lookup_user({username, ?USERNAME}),
-    ?assertEqual(Hash1, emqx_passwd:hash(HashType, <<Salt1/binary, ?NPASSWORD/binary>>)),
-
-    emqx_auth_mnesia_cli:auth_username_cli(["del", ?USERNAME]),
-    ?assertEqual([], emqx_auth_mnesia_cli:lookup_user(?USERNAME)),
-
-    emqx_auth_mnesia_cli:auth_username_cli(["add", "user1", "pass1"]),
-    emqx_auth_mnesia_cli:auth_username_cli(["add", "user2", "pass2"]),
-    ?assertEqual(2, length(emqx_auth_mnesia_cli:auth_username_cli(["list"]))),
-
-    emqx_auth_mnesia_cli:auth_username_cli(usage).
-
-
-t_clientid_rest_api(_Config) ->
-    clean_all_users(),
-
-    {ok, Result1} = request_http_rest_list(["auth_clientid"]),
-    [] = get_http_data(Result1),
-
-    Params1 = #{<<"clientid">> => ?CLIENTID, <<"password">> => ?PASSWORD},
-    {ok, _} = request_http_rest_add(["auth_clientid"], Params1),
-
-    Path =  ["auth_clientid/" ++ binary_to_list(?CLIENTID)],
-    Params2 = #{<<"clientid">> => ?CLIENTID, <<"password">> => ?NPASSWORD},
-    {ok, _} = request_http_rest_update(Path, Params2),
-
-    {ok, Result2} = request_http_rest_lookup(Path),
-    ?assertMatch(#{<<"clientid">> := ?CLIENTID}, get_http_data(Result2)),
-
-    Params3 = [ #{<<"clientid">> => ?CLIENTID, <<"password">> => ?PASSWORD}
-              , #{<<"clientid">> => <<"clientid1">>, <<"password">> => ?PASSWORD}
-              , #{<<"clientid">> => <<"clientid2">>, <<"password">> => ?PASSWORD}
-              ],
-    {ok, Result3} = request_http_rest_add(["auth_clientid"], Params3),
-    ?assertMatch(#{ ?CLIENTID := <<"{error,existed}">>
-                  , <<"clientid1">> := <<"ok">>
-                  , <<"clientid2">> := <<"ok">>
-                  }, get_http_data(Result3)),
-
-    {ok, Result4} = request_http_rest_list(["auth_clientid"]),
-    ?assertEqual(3, length(get_http_data(Result4))),
-
-    {ok, _} = request_http_rest_delete(Path),
-    {ok, Result5} = request_http_rest_lookup(Path),
-    ?assertMatch(#{}, get_http_data(Result5)).
-
-t_username_rest_api(_Config) ->
-    clean_all_users(),
-
-    {ok, Result1} = request_http_rest_list(["auth_username"]),
-    [] = get_http_data(Result1),
-
-    Params1 = #{<<"username">> => ?USERNAME, <<"password">> => ?PASSWORD},
-    {ok, _} = request_http_rest_add(["auth_username"], Params1),
-
-    Path =  ["auth_username/" ++ binary_to_list(?USERNAME)],
-    Params2 = #{<<"username">> => ?USERNAME, <<"password">> => ?NPASSWORD},
-    {ok, _} = request_http_rest_update(Path, Params2),
-
-    {ok, Result2} = request_http_rest_lookup(Path),
-    ?assertMatch(#{<<"username">> := ?USERNAME}, get_http_data(Result2)),
-
-    Params3 = [ #{<<"username">> => ?USERNAME, <<"password">> => ?PASSWORD}
-              , #{<<"username">> => <<"username1">>, <<"password">> => ?PASSWORD}
-              , #{<<"username">> => <<"username2">>, <<"password">> => ?PASSWORD}
-              ],
-    {ok, Result3} = request_http_rest_add(["auth_username"], Params3),
-    ?assertMatch(#{ ?USERNAME := <<"{error,existed}">>
-                  , <<"username1">> := <<"ok">>
-                  , <<"username2">> := <<"ok">>
-                  }, get_http_data(Result3)),
-
-    {ok, Result4} = request_http_rest_list(["auth_username"]),
-    ?assertEqual(3, length(get_http_data(Result4))),
-
-    {ok, _} = request_http_rest_delete(Path),
-    {ok, Result5} = request_http_rest_lookup([Path]),
-    ?assertMatch(#{}, get_http_data(Result5)).
-
-t_password_hash(_) ->
-    clean_all_users(),
-    {ok, Default} = application:get_env(emqx_auth_mnesia, password_hash),
-    application:set_env(emqx_auth_mnesia, password_hash, plain),
-
-    %% change the password_hash to 'plain'
-    application:stop(emqx_auth_mnesia),
-    ok = application:start(emqx_auth_mnesia),
-
-    Params = #{<<"username">> => ?USERNAME, <<"password">> => ?PASSWORD},
-    {ok, _} = request_http_rest_add(["auth_username"], Params),
-
-    %% check
-    User = #{username => ?USERNAME,
-             clientid => undefined,
-             password => ?PASSWORD,
-             zone     => external},
-    {ok, #{auth_result := success,
-           anonymous := false}} = emqx_access_control:authenticate(User),
-
-    application:set_env(emqx_auth_mnesia, password_hash, Default),
-    application:stop(emqx_auth_mnesia),
-    ok = application:start(emqx_auth_mnesia).
-
-%%------------------------------------------------------------------------------
-%% Helpers
-%%------------------------------------------------------------------------------
-
-clean_all_users() ->
-    [ mnesia:dirty_delete({emqx_user, Login})
-      || Login <- mnesia:dirty_all_keys(emqx_user)].
-
-%%--------------------------------------------------------------------
-%% HTTP Request
-%%--------------------------------------------------------------------
-
-request_http_rest_list(Path) ->
-    request_api(get, uri(Path), default_auth_header()).
-
-request_http_rest_lookup(Path) ->
-    request_api(get, uri([Path]), default_auth_header()).
-
-request_http_rest_add(Path, Params) ->
-    request_api(post, uri(Path), [], default_auth_header(), Params).
-
-request_http_rest_update(Path, Params) ->
-    request_api(put, uri([Path]), [], default_auth_header(), Params).
-
-request_http_rest_delete(Login) ->
-    request_api(delete, uri([Login]), default_auth_header()).
-
-uri() -> uri([]).
-uri(Parts) when is_list(Parts) ->
-    NParts = [b2l(E) || E <- Parts],
-    ?HOST ++ filename:join([?BASE_PATH, ?API_VERSION | NParts]).
-
-%% @private
-b2l(B) when is_binary(B) ->
-    binary_to_list(B);
-b2l(L) when is_list(L) ->
-    L.
diff --git a/apps/emqx_auth_mongo/.gitignore b/apps/emqx_auth_mongo/.gitignore
deleted file mode 100644
index a6635ffa0..000000000
--- a/apps/emqx_auth_mongo/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.DS_Store
-.erlang.mk/
-emqx_auth_mongo.d
-ct.coverdata
-logs/
-test/ct.cover.spec
-data/
-cover/
-eunit.coverdata
-_build/
-rebar.lock
-erlang.mk
-etc/emqx_auth_mongo.conf.rendered
-.rebar3
diff --git a/apps/emqx_auth_mongo/CHANGES b/apps/emqx_auth_mongo/CHANGES
deleted file mode 100644
index 4bddd63a9..000000000
--- a/apps/emqx_auth_mongo/CHANGES
+++ /dev/null
@@ -1,31 +0,0 @@
-
-2.0.7 (2017-01-20)
-------------------
-
-Tag 2.0.7 - use `cuttlefish:unset()` for commented ACL/super config
-
-2.0.1 (2016-11-30)
-------------------
-
-Tag 2.0.1
-
-2.0-beta.1 (2016-08-24)
------------------------
-
-gen_conf
-
-1.1.3-beta (2016-08-19)
------------------------
-
-Bump version to 1.1.3
-
-1.1.2-beta (2016-06-30)
------------------------
-
-Bump version to 1.1.2
-
-1.1-beta (2016-05-28)
----------------------
-
-First public release
-
diff --git a/apps/emqx_auth_mongo/README.md b/apps/emqx_auth_mongo/README.md
deleted file mode 100644
index 3bacfca5b..000000000
--- a/apps/emqx_auth_mongo/README.md
+++ /dev/null
@@ -1,192 +0,0 @@
-emqx_auth_mongo
-===============
-
-EMQ X Authentication/ACL with MongoDB
-
-Build the Plugin
-----------------
-
-```
-make & make tests
-```
-
-Configuration
--------------
-
-File: etc/emqx_auth_mongo.conf
-
-```
-## MongoDB Topology Type.
-##
-## Value: single | unknown | sharded | rs
-auth.mongo.type = single
-
-## Sets the set name if type is rs.
-##
-## Value: String
-## auth.mongo.rs_set_name =
-
-## MongoDB server list.
-##
-## Value: String
-##
-## Examples: 127.0.0.1:27017,127.0.0.2:27017...
-auth.mongo.server = 127.0.0.1:27017
-
-## MongoDB pool size
-##
-## Value: Number
-auth.mongo.pool = 8
-
-## MongoDB login user.
-##
-## Value: String
-## auth.mongo.login =
-
-## MongoDB password.
-##
-## Value: String
-## auth.mongo.password =
-
-## MongoDB AuthSource
-##
-## Value: String
-## Default: mqtt
-## auth.mongo.auth_source = admin
-
-## MongoDB database
-##
-## Value: String
-auth.mongo.database = mqtt
-
-## MongoDB write mode.
-##
-## Value: unsafe | safe
-## auth.mongo.w_mode =
-
-## Mongo read mode.
-##
-## Value: master | slave_ok
-## auth.mongo.r_mode =
-
-## MongoDB topology options.
-auth.mongo.topology.pool_size = 1
-auth.mongo.topology.max_overflow = 0
-## auth.mongo.topology.overflow_ttl = 1000
-## auth.mongo.topology.overflow_check_period = 1000
-## auth.mongo.topology.local_threshold_ms = 1000
-## auth.mongo.topology.connect_timeout_ms = 20000
-## auth.mongo.topology.socket_timeout_ms = 100
-## auth.mongo.topology.server_selection_timeout_ms = 30000
-## auth.mongo.topology.wait_queue_timeout_ms = 1000
-## auth.mongo.topology.heartbeat_frequency_ms = 10000
-## auth.mongo.topology.min_heartbeat_frequency_ms = 1000
-
-## Authentication query.
-auth.mongo.auth_query.collection = mqtt_user
-
-auth.mongo.auth_query.password_field = password
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.mongo.auth_query.password_hash = sha256
-
-## sha256 with salt suffix
-## auth.mongo.auth_query.password_hash = sha256,salt
-
-## sha256 with salt prefix
-## auth.mongo.auth_query.password_hash = salt,sha256
-
-## bcrypt with salt prefix
-## auth.mongo.auth_query.password_hash = salt,bcrypt
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mongo.auth_query.password_hash = pbkdf2,sha256,1000,20
-
-auth.mongo.auth_query.selector = username=%u
-
-## Enable superuser query.
-auth.mongo.super_query = on
-
-auth.mongo.super_query.collection = mqtt_user
-
-auth.mongo.super_query.super_field = is_superuser
-
-auth.mongo.super_query.selector = username=%u
-
-## Enable ACL query.
-auth.mongo.acl_query = on
-
-auth.mongo.acl_query.collection = mqtt_acl
-
-auth.mongo.acl_query.selector = username=%u
-```
-
-Load the Plugin
----------------
-
-```
-./bin/emqx_ctl plugins load emqx_auth_mongo
-```
-
-MongoDB Database
-----------------
-
-```
-use mqtt
-db.createCollection("mqtt_user")
-db.createCollection("mqtt_acl")
-db.mqtt_user.ensureIndex({"username":1})
-```
-
-mqtt_user Collection
---------------------
-
-```
-{
-    username: "user",
-    password: "password hash",
-    salt: "password salt",
-    is_superuser: boolean (true, false),
-    created: "datetime"
-}
-```
-
-For example:
-```
-db.mqtt_user.insert({username: "test", password: "password hash", salt: "password salt", is_superuser: false})
-db.mqtt_user.insert({username: "root", is_superuser: true})
-```
-
-mqtt_acl Collection
--------------------
-
-```
-{
-    username: "username",
-    clientid: "clientid",
-    publish: ["topic1", "topic2", ...],
-    subscribe: ["subtop1", "subtop2", ...],
-    pubsub: ["topic/#", "topic1", ...]
-}
-```
-
-For example:
-
-```
-db.mqtt_acl.insert({username: "test", publish: ["t/1", "t/2"], subscribe: ["user/%u", "client/%c"]})
-db.mqtt_acl.insert({username: "admin", pubsub: ["#"]})
-```
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf b/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
deleted file mode 100644
index c59c80643..000000000
--- a/apps/emqx_auth_mongo/etc/emqx_auth_mongo.conf
+++ /dev/null
@@ -1,187 +0,0 @@
-##--------------------------------------------------------------------
-## MongoDB Auth/ACL Plugin
-##--------------------------------------------------------------------
-
-## MongoDB Topology Type.
-##
-## Value: single | unknown | sharded | rs
-auth.mongo.type = single
-
-## The set name if type is rs.
-##
-## Value: String
-## auth.mongo.rs_set_name =
-
-## MongoDB server list.
-##
-## Value: String
-##
-## Examples: "127.0.0.1:27017,127.0.0.2:27017,..."
-auth.mongo.server = "127.0.0.1:27017"
-
-## MongoDB pool size
-##
-## Value: Number
-auth.mongo.pool = 8
-
-## MongoDB login user.
-##
-## Value: String
-# auth.mongo.username =
-
-## MongoDB password.
-##
-## Value: String
-## auth.mongo.password =
-
-## MongoDB AuthSource
-##
-## Value: String
-## Default: mqtt
-## auth.mongo.auth_source = admin
-
-## MongoDB database
-##
-## Value: String
-auth.mongo.database = mqtt
-
-## MongoDB query timeout
-##
-## Value: Duration
-## auth.mongo.query_timeout = 5s
-
-## Whether to enable SSL connection.
-##
-## Value: on | off
-## auth.mongo.ssl.enable = off
-
-## SSL keyfile.
-##
-## Value: File
-## auth.mongo.ssl.keyfile =
-
-## SSL certfile.
-##
-## Value: File
-## auth.mongo.ssl.certfile =
-
-## SSL cacertfile.
-##
-## Value: File
-## auth.mongo.ssl.cacertfile =
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-## auth.mongo.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.mongo.server` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.mongo.ssl.server_name_indication = disable
-
-## MongoDB write mode.
-##
-## Value: unsafe | safe
-## auth.mongo.w_mode =
-
-## Mongo read mode.
-##
-## Value: master | slave_ok
-## auth.mongo.r_mode =
-
-## MongoDB topology options.
-auth.mongo.topology.pool_size = 1
-auth.mongo.topology.max_overflow = 0
-## auth.mongo.topology.overflow_ttl = 1000
-## auth.mongo.topology.overflow_check_period = 1000
-## auth.mongo.topology.local_threshold_ms = 1000
-## auth.mongo.topology.connect_timeout_ms = 20000
-## auth.mongo.topology.socket_timeout_ms = 100
-## auth.mongo.topology.server_selection_timeout_ms = 30000
-## auth.mongo.topology.wait_queue_timeout_ms = 1000
-## auth.mongo.topology.heartbeat_frequency_ms = 10000
-## auth.mongo.topology.min_heartbeat_frequency_ms = 1000
-
-## -------------------------------------------------
-## Auth Query
-## -------------------------------------------------
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.mongo.auth_query.password_hash = sha256
-
-## sha256 with salt suffix
-## auth.mongo.auth_query.password_hash = "sha256,salt"
-
-## sha256 with salt prefix
-## auth.mongo.auth_query.password_hash = "salt,sha256"
-
-## bcrypt with salt prefix
-## auth.mongo.auth_query.password_hash = "salt,bcrypt"
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mongo.auth_query.password_hash = "pbkdf2,sha256,1000,20"
-
-## Authentication query.
-auth.mongo.auth_query.collection = mqtt_user
-
-## Password mainly fields
-##
-## Value:  password | password,salt
-auth.mongo.auth_query.password_field = password
-
-## Authentication Selector.
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## auth.mongo.auth_query.selector = {Field}={Placeholder}
-auth.mongo.auth_query.selector = "username=%u"
-
-## -------------------------------------------------
-## Super User Query
-## -------------------------------------------------
-auth.mongo.super_query.collection = mqtt_user
-auth.mongo.super_query.super_field = is_superuser
-#auth.mongo.super_query.selector.1 = username=%u, clientid=%c
-auth.mongo.super_query.selector = "username=%u"
-
-## ACL Selector.
-##
-## Multiple selectors could be combined with '$or'
-##   when query acl from mongo.
-##
-## e.g.
-##
-## With following 2 selectors configured:
-##
-## auth.mongo.acl_query.selector.1 = "username=%u"
-## auth.mongo.acl_query.selector.2 = "username=$all"
-##
-## And if a client connected using username 'ilyas',
-##   then the following mongo command will be used to
-##   retrieve acl entries:
-##
-## db.mqtt_acl.find({$or: [{username: "ilyas"},  {username: "$all"}]});
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##
-## Examples:
-##
-## auth.mongo.acl_query.selector.1 = "username=%u,clientid=%c"
-## auth.mongo.acl_query.selector.2 = "username=$all"
-## auth.mongo.acl_query.selector.3 = "clientid=$all"
-auth.mongo.acl_query.collection = mqtt_acl
-auth.mongo.acl_query.selector = "username=%u"
diff --git a/apps/emqx_auth_mongo/include/emqx_auth_mongo.hrl b/apps/emqx_auth_mongo/include/emqx_auth_mongo.hrl
deleted file mode 100644
index 97ecf9973..000000000
--- a/apps/emqx_auth_mongo/include/emqx_auth_mongo.hrl
+++ /dev/null
@@ -1,37 +0,0 @@
-
--define(APP, emqx_auth_mongo).
-
--define(DEFAULT_SELECTORS, [{<<"username">>, <<"%u">>}]).
-
--record(superquery, {collection = <<"mqtt_user">>,
-                     field      = <<"is_superuser">>,
-                     selector   = {<<"username">>, <<"%u">>}}).
-
--record(authquery, {collection = <<"mqtt_user">>,
-                    field      = <<"password">>,
-                    hash       = sha256,
-                    selector   = {<<"username">>, <<"%u">>}}).
-
--record(aclquery, {collection = <<"mqtt_acl">>,
-                   selector   = {<<"username">>, <<"%u">>}}).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore  = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema b/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema
deleted file mode 100644
index cd8c03015..000000000
--- a/apps/emqx_auth_mongo/priv/emqx_auth_mongo.schema
+++ /dev/null
@@ -1,341 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_mongo config mapping
-
-{mapping, "auth.mongo.type", "emqx_auth_mongo.server", [
-  {default, single},
-  {datatype, {enum, [single, unknown, sharded, rs]}}
-]}.
-
-{mapping, "auth.mongo.rs_set_name", "emqx_auth_mongo.server", [
-  {default, "mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.server", "emqx_auth_mongo.server", [
-  {default, "127.0.0.1:27017"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.pool", "emqx_auth_mongo.server", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mongo.login", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.username", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.password", "emqx_auth_mongo.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.database", "emqx_auth_mongo.server", [
-  {default, "mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.auth_source", "emqx_auth_mongo.server", [
-  {default, "mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.ssl.enable", "emqx_auth_mongo.server", [
-  {default, off},
-  {datatype, {enum, [on, off, true, false]}} %% FIXME: ture/false is compatible with 4.0-4.2 version format, plan to delete in 5.0
-]}.
-
-{mapping, "auth.mongo.ssl.keyfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.ssl.certfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.ssl.cacertfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.ssl.verify", "emqx_auth_mongo.server", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.mongo.ssl.server_name_indication", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mongo.ssl_opts.keyfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mongo.ssl_opts.certfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mongo.ssl_opts.cacertfile", "emqx_auth_mongo.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.w_mode", "emqx_auth_mongo.server", [
-  {default, undef},
-  {datatype, {enum, [safe, unsafe, undef]}}
-]}.
-
-{mapping, "auth.mongo.r_mode", "emqx_auth_mongo.server", [
-  {default, undef},
-  {datatype, {enum, [master, slave_ok, undef]}}
-]}.
-
-{mapping, "auth.mongo.topology.$name", "emqx_auth_mongo.server", [
-  {datatype, integer}
-]}.
-
-{translation, "emqx_auth_mongo.server", fun(Conf) ->
-  H = cuttlefish:conf_get("auth.mongo.server", Conf),
-  Hosts = string:tokens(H, ","),
-  Type0 = cuttlefish:conf_get("auth.mongo.type", Conf),
-  Pool = cuttlefish:conf_get("auth.mongo.pool", Conf),
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  Login = cuttlefish:conf_get("auth.mongo.username", Conf,
-                              cuttlefish:conf_get("auth.mongo.login", Conf, "")
-                             ),
-  Passwd = cuttlefish:conf_get("auth.mongo.password", Conf),
-  DB = cuttlefish:conf_get("auth.mongo.database", Conf),
-  AuthSrc = cuttlefish:conf_get("auth.mongo.auth_source", Conf),
-  R = cuttlefish:conf_get("auth.mongo.w_mode", Conf),
-  W = cuttlefish:conf_get("auth.mongo.r_mode", Conf),
-  Login0 = case Login =:= [] of
-    true -> [];
-    false -> [{login, list_to_binary(Login)}]
-  end,
-  Passwd0 = case Passwd =:= [] of
-    true -> [];
-    false -> [{password, list_to_binary(Passwd)}]
-  end,
-  W0 = case W =:= undef of
-    true -> [];
-    false -> [{w_mode, W}]
-  end,
-  R0 = case R =:= undef  of
-    true -> [];
-    false -> [{r_mode, R}]
-  end,
-  Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  SslOpts = fun(Prefix) ->
-                Verify = case cuttlefish:conf_get(Prefix ++ ".verify", Conf, false) of
-                             true -> verify_peer;
-                             false -> verify_none
-                         end,
-                Filter([{verify, Verify},
-                        {server_name_indication, case cuttlefish:conf_get(Prefix ++ ".server_name_indication", Conf, undefined) of
-                                                   "disable" -> disable;
-                                                   SNI -> SNI
-                                                 end},
-                        {keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
-                        {certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)}])
-            end,
-
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  GenSsl = case cuttlefish:conf_get("auth.mongo.ssl.cacertfile", Conf, undefined) of
-               undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}];
-               _ -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl")}]
-           end,
-
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  Ssl = case cuttlefish:conf_get("auth.mongo.ssl.enable", Conf) of
-          on -> GenSsl;
-          off -> [];
-          true -> [{ssl, true}, {ssl_opts, SslOpts("auth.mongo.ssl_opts")}];
-          false -> []
-        end,
-
-  WorkerOptions = [{database, list_to_binary(DB)}, {auth_source, list_to_binary(AuthSrc)}]
-                    ++ Login0 ++ Passwd0 ++ W0 ++ R0 ++ Ssl,
-
-  Vars = cuttlefish_variable:fuzzy_matches(["auth", "mongo", "topology", "$name"], Conf),
-  Options = lists:map(fun({_, Name}) ->
-    Name2 = case Name of
-      "local_threshold_ms"          -> "localThresholdMS";
-      "connect_timeout_ms"          -> "connectTimeoutMS";
-      "socket_timeout_ms"           -> "socketTimeoutMS";
-      "server_selection_timeout_ms" -> "serverSelectionTimeoutMS";
-      "wait_queue_timeout_ms"       -> "waitQueueTimeoutMS";
-      "heartbeat_frequency_ms"      -> "heartbeatFrequencyMS";
-      "min_heartbeat_frequency_ms"  -> "minHeartbeatFrequencyMS";
-      _ -> Name
-    end,
-    {list_to_atom(Name2), cuttlefish:conf_get("auth.mongo.topology."++Name, Conf)}
-  end, Vars),
-
-  Type = case Type0 =:= rs of
-    true -> {Type0, list_to_binary(cuttlefish:conf_get("auth.mongo.rs_set_name", Conf))};
-    false -> Type0
-  end,
-  [{type, Type},
-   {hosts, Hosts},
-   {options, Options},
-   {worker_options, WorkerOptions},
-   {auto_reconnect, 1},
-   {pool_size, Pool}]
-end}.
-
-%% The mongodb operation timeout is specified by the value of `cursor_timeout` from application config,
-%% or `infinity` if `cursor_timeout` not specified
-{mapping, "auth.mongo.query_timeout", "mongodb.cursor_timeout", [
-  {datatype, string}
-]}.
-
-{translation, "mongodb.cursor_timeout", fun(Conf) ->
-  case cuttlefish:conf_get("auth.mongo.query_timeout", Conf, undefined) of
-      undefined -> infinity;
-      Duration ->
-          case cuttlefish_duration:parse(Duration, ms) of
-              {error, Reason} -> error(Reason);
-              Ms when is_integer(Ms) -> Ms
-          end
-  end
-end}.
-
-{mapping, "auth.mongo.auth_query.collection", "emqx_auth_mongo.auth_query", [
-  {default, "mqtt_user"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.auth_query.password_field", "emqx_auth_mongo.auth_query", [
-  {default, "password"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.auth_query.password_hash", "emqx_auth_mongo.auth_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.auth_query.selector", "emqx_auth_mongo.auth_query", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mongo.auth_query", fun(Conf) ->
-  case cuttlefish:conf_get("auth.mongo.auth_query.collection", Conf) of
-    undefined -> cuttlefish:unset();
-    Collection ->
-      PasswordField = cuttlefish:conf_get("auth.mongo.auth_query.password_field", Conf),
-      PasswordHash = cuttlefish:conf_get("auth.mongo.auth_query.password_hash", Conf),
-      SelectorStr = cuttlefish:conf_get("auth.mongo.auth_query.selector", Conf),
-      SelectorList =
-          lists:map(fun(Selector) ->
-                  case string:tokens(Selector, "=") of
-                      [Field, Val] -> {list_to_binary(Field), list_to_binary(Val)};
-                      _ -> {<<"username">>, <<"%u">>}
-                  end
-              end, string:tokens(SelectorStr, ", ")),
-
-      PasswordFields = [list_to_binary(Field) || Field <- string:tokens(PasswordField, ",")],
-      HashValue =
-        case string:tokens(PasswordHash, ",") of
-              [Hash]           -> list_to_atom(Hash);
-              [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
-              [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
-              _                -> plain
-        end,
-      [{collection, Collection},
-       {password_field, PasswordFields},
-       {password_hash, HashValue},
-       {selector, SelectorList}]
-    end
-end}.
-
-{mapping, "auth.mongo.super_query", "emqx_auth_mongo.super_query", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.mongo.super_query.collection", "emqx_auth_mongo.super_query", [
-  {default, "mqtt_user"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.super_query.super_field", "emqx_auth_mongo.super_query", [
-  {default, "is_superuser"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.super_query.selector", "emqx_auth_mongo.super_query", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mongo.super_query", fun(Conf) ->
-  case cuttlefish:conf_get("auth.mongo.super_query.collection", Conf) of
-    undefined -> cuttlefish:unset();
-    Collection  ->
-      SuperField = cuttlefish:conf_get("auth.mongo.super_query.super_field", Conf),
-      SelectorStr = cuttlefish:conf_get("auth.mongo.super_query.selector", Conf),
-      SelectorList =
-          lists:map(fun(Selector) ->
-                  case string:tokens(Selector, "=") of
-                      [Field, Val] -> {list_to_binary(Field), list_to_binary(Val)};
-                      _ -> {<<"username">>, <<"%u">>}
-                  end
-              end, string:tokens(SelectorStr, ", ")),
-      [{collection, Collection}, {super_field, SuperField}, {selector, SelectorList}]
-  end
-end}.
-
-{mapping, "auth.mongo.acl_query", "emqx_auth_mongo.acl_query", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.mongo.acl_query.collection", "emqx_auth_mongo.acl_query", [
-  {default, "mqtt_user"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mongo.acl_query.selector", "emqx_auth_mongo.acl_query", [
-  {default, ""},
-  {datatype, string}
-]}.
-{mapping, "auth.mongo.acl_query.selector.$id", "emqx_auth_mongo.acl_query", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mongo.acl_query", fun(Conf) ->
-  case cuttlefish:conf_get("auth.mongo.acl_query.collection", Conf) of
-    undefined -> cuttlefish:unset();
-    Collection  ->
-      SelectorStrList =
-        lists:map(
-            fun
-                ({["auth","mongo","acl_query","selector"], ConfEntry}) ->
-                    ConfEntry;
-                ({["auth","mongo","acl_query","selector", _], ConfEntry}) ->
-                    ConfEntry
-            end,
-            cuttlefish_variable:filter_by_prefix("auth.mongo.acl_query.selector", Conf)),
-      SelectorListList =
-          lists:map(
-            fun(SelectorStr) ->
-                lists:map(fun(Selector) ->
-                        case string:tokens(Selector, "=") of
-                            [Field, Val] -> {list_to_binary(Field), list_to_binary(Val)};
-                            _ -> {<<"username">>, <<"%u">>}
-                        end
-                    end, string:tokens(SelectorStr, ", "))
-            end,
-            SelectorStrList),
-      [{collection, Collection}, {selector, SelectorListList}]
-  end
-end}.
diff --git a/apps/emqx_auth_mongo/rebar.config b/apps/emqx_auth_mongo/rebar.config
deleted file mode 100644
index f44e69543..000000000
--- a/apps/emqx_auth_mongo/rebar.config
+++ /dev/null
@@ -1,32 +0,0 @@
-{deps,
-  %% NOTE: mind poolboy version when updating mongodb-erlang version
- [{mongodb, {git,"https://github.com/emqx/mongodb-erlang", {tag, "v3.0.7"}}},
-  %% mongodb-erlang uses a special fork https://github.com/comtihon/poolboy.git
-  %% (which has overflow_ttl feature added).
-  %% However, it references `{branch, "master}` (commit 9c06a9a on 2021-04-07).
-  %% By accident, We have always been using the upstream fork due to
-  %% eredis_cluster's dependency getting resolved earlier.
-  %% Here we pin 1.5.2 to avoid surprises in the future.
-  {poolboy, {git, "https://github.com/emqx/poolboy.git", {tag, "1.5.2"}}}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed,
-            {parse_transform}
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions
-              ]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
-
diff --git a/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl b/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl
deleted file mode 100644
index 653600395..000000000
--- a/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl
+++ /dev/null
@@ -1,91 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mongo).
-
--include("emqx_auth_mongo.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
-%% ACL callbacks
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _State) ->
-    ok;
-
-check_acl(ClientInfo, PubSub, Topic, _AclResult, Env = #{aclquery := AclQuery}) ->
-    #aclquery{collection = Coll, selector = SelectorList} = AclQuery,
-    Pool = maps:get(pool, Env, ?APP),
-    SelectorMapList =
-        lists:map(fun(Selector) ->
-            maps:from_list(emqx_auth_mongo:replvars(Selector, ClientInfo))
-        end, SelectorList),
-    case emqx_auth_mongo:query_multi(Pool, Coll, SelectorMapList) of
-        [] -> ok;
-        Rows ->
-            try match(ClientInfo, Topic, topics(PubSub, Rows)) of
-                matched -> emqx_metrics:inc(?ACL_METRICS(allow)),
-                           {stop, allow};
-                nomatch -> emqx_metrics:inc(?ACL_METRICS(deny)),
-                           {stop, deny}
-            catch
-                _Err:Reason->
-                    ?LOG(error, "[MongoDB] Check mongo ~p ACL failed, got ACL config: ~p, error: :~p",
-                                [PubSub, Rows, Reason]),
-                    emqx_metrics:inc(?ACL_METRICS(ignore)),
-                    ignore
-            end
-    end.
-
-
-match(_ClientInfo, _Topic, []) ->
-    nomatch;
-match(ClientInfo, Topic, [TopicFilter|More]) ->
-    case emqx_topic:match(Topic, feedvar(ClientInfo, TopicFilter)) of
-        true  -> matched;
-        false -> match(ClientInfo, Topic, More)
-    end.
-
-topics(publish, Rows) ->
-    lists:foldl(fun(Row, Acc) ->
-        Topics = maps:get(<<"publish">>, Row, []) ++ maps:get(<<"pubsub">>, Row, []),
-        lists:umerge(Acc, Topics)
-    end, [], Rows);
-
-topics(subscribe, Rows) ->
-    lists:foldl(fun(Row, Acc) ->
-        Topics = maps:get(<<"subscribe">>, Row, []) ++ maps:get(<<"pubsub">>, Row, []),
-        lists:umerge(Acc, Topics)
-    end, [], Rows).
-
-feedvar(#{clientid := ClientId, username := Username}, Str) ->
-    lists:foldl(fun({Var, Val}, Acc) ->
-                    feedvar(Acc, Var, Val)
-                end, Str, [{"%u", Username}, {"%c", ClientId}]).
-
-feedvar(Str, _Var, undefined) ->
-    Str;
-feedvar(Str, Var, Val) ->
-    re:replace(Str, Var, Val, [global, {return, binary}]).
-
-description() -> "ACL with MongoDB".
-
diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo.app.src b/apps/emqx_auth_mongo/src/emqx_auth_mongo.app.src
deleted file mode 100644
index ab0b4ff56..000000000
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_mongo,
- [{description, "EMQ X Authentication/ACL with MongoDB"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_mongo_sup]},
-  {applications, [kernel,stdlib,mongodb,ecpool]},
-  {mod, {emqx_auth_mongo_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-mongo"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl b/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
deleted file mode 100644
index cd1d21b42..000000000
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
+++ /dev/null
@@ -1,138 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mongo).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_mongo.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("emqx/include/types.hrl").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--export([ replvar/2
-        , replvars/2
-        , connect/1
-        , query/3
-        , query_multi/3
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{password := Password}, AuthResult,
-      Env = #{authquery := AuthQuery, superquery := SuperQuery}) ->
-    #authquery{collection = Collection, field = Fields,
-               hash = HashType, selector = Selector} = AuthQuery,
-    Pool = maps:get(pool, Env, ?APP),
-    case query(Pool, Collection, maps:from_list(replvars(Selector, ClientInfo))) of
-        undefined -> emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {error, Reason} ->
-            ?LOG(error, "[MongoDB] Can't connect to MongoDB server: ~0p", [Reason]),
-            ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-            {stop, AuthResult#{auth_result => not_authorized, anonymous => false}};
-        UserMap ->
-            Result = case [maps:get(Field, UserMap, undefined) || Field <- Fields] of
-                        [undefined] -> {error, password_error};
-                        [PassHash] ->
-                            check_pass({PassHash, Password}, HashType);
-                        [PassHash, Salt|_] ->
-                            check_pass({PassHash, Salt, Password}, HashType)
-                     end,
-            case Result of
-                ok ->
-                    ok = emqx_metrics:inc(?AUTH_METRICS(success)),
-                    {stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
-                                       anonymous => false,
-                                       auth_result => success}};
-                {error, Error} ->
-                    ?LOG(error, "[MongoDB] check auth fail: ~p", [Error]),
-                    ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-                    {stop, AuthResult#{auth_result => Error, anonymous => false}}
-            end
-    end.
-
-check_pass(Password, HashType) ->
-    case emqx_passwd:check_pass(Password, HashType) of
-        ok -> ok;
-        {error, _Reason} -> {error, not_authorized}
-    end.
-
-description() -> "Authentication with MongoDB".
-
-%%--------------------------------------------------------------------
-%% Is Superuser?
-%%--------------------------------------------------------------------
-is_superuser(_Pool, undefined, _ClientInfo) ->
-    false;
-is_superuser(Pool, #superquery{collection = Coll, field = Field, selector = Selector}, ClientInfo) ->
-    case query(Pool, Coll, maps:from_list(replvars(Selector, ClientInfo))) of
-        undefined -> false;
-        {error, Reason} ->
-            ?LOG(error, "[MongoDB] Can't connect to MongoDB server: ~0p", [Reason]),
-            false;
-        Row ->
-            case maps:get(Field, Row, false) of
-                true   -> true;
-                _False -> false
-            end
-    end.
-
-replvars(VarList, ClientInfo) ->
-    lists:map(fun(Var) -> replvar(Var, ClientInfo) end, VarList).
-
-replvar({Field, <<"%u">>}, #{username := Username}) ->
-    {Field, Username};
-replvar({Field, <<"%c">>}, #{clientid := ClientId}) ->
-    {Field, ClientId};
-replvar({Field, <<"%C">>}, #{cn := CN}) ->
-    {Field, CN};
-replvar({Field, <<"%d">>}, #{dn := DN}) ->
-    {Field, DN};
-replvar(Selector, _ClientInfo) ->
-    Selector.
-
-%%--------------------------------------------------------------------
-%% MongoDB Connect/Query
-%%--------------------------------------------------------------------
-
-connect(Opts) ->
-    Type = proplists:get_value(type, Opts, single),
-    Hosts = proplists:get_value(hosts, Opts, []),
-    Options = proplists:get_value(options, Opts, []),
-    WorkerOptions = proplists:get_value(worker_options, Opts, []),
-    mongo_api:connect(Type, Hosts, Options, WorkerOptions).
-
-query(Pool, Collection, Selector) ->
-    ecpool:with_client(Pool, fun(Conn) -> mongo_api:find_one(Conn, Collection, Selector, #{}) end).
-
-query_multi(Pool, Collection, SelectorList) ->
-    lists:reverse(lists:flatten(lists:foldl(fun(Selector, Acc1) ->
-        Batch = ecpool:with_client(Pool, fun(Conn) ->
-                  case mongo_api:find(Conn, Collection, Selector, #{}) of
-                      [] -> [];
-                      {ok, Cursor} ->
-                          mc_cursor:foldl(fun(O, Acc2) -> [O|Acc2] end, [], Cursor, 1000)
-                  end
-                end),
-        [Batch|Acc1]
-    end, [], SelectorList))).
diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl b/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
deleted file mode 100644
index b8d9431c2..000000000
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo_app.erl
+++ /dev/null
@@ -1,88 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mongo_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_mongo.hrl").
-
--import(proplists, [get_value/3]).
-
-%% Application callbacks
--export([ start/2
-        , prep_stop/1
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_mongo_sup:start_link(),
-    with_env(auth_query, fun reg_authmod/1),
-    with_env(acl_query,  fun reg_aclmod/1),
-    {ok, Sup}.
-
-prep_stop(State) ->
-    ok = emqx:unhook('client.authenticate', {emqx_auth_mongo, check}),
-    ok = emqx:unhook('client.check_acl', {emqx_acl_mongo, check_acl}),
-    State.
-
-stop(_State) ->
-    ok.
-
-reg_authmod(AuthQuery) ->
-    emqx_auth_mongo:register_metrics(),
-    SuperQuery = r(super_query, application:get_env(?APP, super_query, undefined)),
-    ok = emqx:hook('client.authenticate', {emqx_auth_mongo, check,
-                                           [#{authquery => AuthQuery, superquery => SuperQuery, pool => ?APP}]
-                                          }).
-
-reg_aclmod(AclQuery) ->
-    emqx_acl_mongo:register_metrics(),
-    ok = emqx:hook('client.check_acl', {emqx_acl_mongo, check_acl, [#{aclquery => AclQuery, pool => ?APP}]}).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-with_env(Name, Fun) ->
-    case application:get_env(?APP, Name) of
-        undefined    -> ok;
-        {ok, Config} -> Fun(r(Name, Config))
-    end.
-
-r(super_query, undefined) ->
-    undefined;
-r(super_query, Config) ->
-    #superquery{collection = list_to_binary(get_value(collection, Config, "mqtt_user")),
-                field      = list_to_binary(get_value(super_field, Config, "is_superuser")),
-                selector   = get_value(selector, Config, ?DEFAULT_SELECTORS)};
-
-r(auth_query, Config) ->
-    #authquery{collection = list_to_binary(get_value(collection, Config, "mqtt_user")),
-               field      = get_value(password_field, Config, [<<"password">>]),
-               hash       = get_value(password_hash, Config, sha256),
-               selector   = get_value(selector, Config, ?DEFAULT_SELECTORS)};
-
-r(acl_query, Config) ->
-    #aclquery{collection = list_to_binary(get_value(collection, Config, "mqtt_acl")),
-              selector   = get_value(selector, Config, [?DEFAULT_SELECTORS])}.
-
diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl b/apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl
deleted file mode 100644
index 3f27cb1dd..000000000
--- a/apps/emqx_auth_mongo/src/emqx_auth_mongo_sup.erl
+++ /dev/null
@@ -1,34 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mongo_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_mongo.hrl").
-
--export([start_link/0]).
-
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    {ok, PoolEnv} = application:get_env(?APP, server),
-    PoolSpec = ecpool:pool_spec(?APP, ?APP, ?APP, PoolEnv),
-    {ok, {{one_for_all, 10, 100}, [PoolSpec]}}.
-
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl
deleted file mode 100644
index a988e87bb..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl
+++ /dev/null
@@ -1,169 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mongo_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("common_test/include/ct.hrl").
--include_lib("eunit/include/eunit.hrl").
-
--define(APP, emqx_auth_mongo).
-
--define(POOL(App),  ecpool_worker:client(gproc_pool:pick_worker({ecpool, App}))).
-
--define(MONGO_CL_ACL, <<"mqtt_acl">>).
--define(MONGO_CL_USER, <<"mqtt_user">>).
-
--define(INIT_ACL, [{<<"username">>, <<"testuser">>, <<"clientid">>, <<"null">>, <<"subscribe">>, [<<"#">>]},
-                   {<<"username">>, <<"dashboard">>, <<"clientid">>, <<"null">>, <<"pubsub">>, [<<"$SYS/#">>]},
-                   {<<"username">>, <<"user3">>, <<"clientid">>, <<"null">>, <<"publish">>, [<<"a/b/c">>]}]).
-
--define(INIT_AUTH, [{<<"username">>, <<"plain">>, <<"password">>, <<"plain">>, <<"salt">>, <<"salt">>, <<"is_superuser">>, true},
-                    {<<"username">>, <<"md5">>, <<"password">>, <<"1bc29b36f623ba82aaf6724fd3b16718">>, <<"salt">>, <<"salt">>, <<"is_superuser">>, false},
-                    {<<"username">>, <<"sha">>, <<"password">>, <<"d8f4590320e1343a915b6394170650a8f35d6926">>, <<"salt">>, <<"salt">>, <<"is_superuser">>, false},
-                    {<<"username">>, <<"sha256">>, <<"password">>, <<"5d5b09f6dcb2d53a5fffc60c4ac0d55fabdf556069d6631545f42aa6e3500f2e">>, <<"salt">>, <<"salt">>, <<"is_superuser">>, false},
-                    {<<"username">>, <<"pbkdf2_password">>, <<"password">>, <<"cdedb5281bb2f801565a1122b2563515">>, <<"salt">>, <<"ATHENA.MIT.EDUraeburn">>, <<"is_superuser">>, false},
-                    {<<"username">>, <<"bcrypt_foo">>, <<"password">>, <<"$2a$12$sSS8Eg.ovVzaHzi1nUHYK.HbUIOdlQI0iS22Q5rd5z.JVVYH6sfm6">>, <<"salt">>, <<"$2a$12$sSS8Eg.ovVzaHzi1nUHYK.">>, <<"is_superuser">>, false}
-                    ]).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    emqx_ct_helpers:start_apps([emqx_auth_mongo], fun set_special_confs/1),
-    init_mongo_data(),
-    Cfg.
-
-end_per_suite(_Cfg) ->
-    deinit_mongo_data(),
-    emqx_ct_helpers:stop_apps([emqx_auth_mongo]).
-
-set_special_confs(emqx) ->
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, enable_acl_cache, false);
-set_special_confs(_App) ->
-    ok.
-
-init_mongo_data() ->
-    %% Users
-    {ok, Connection} = ?POOL(?APP),
-    mongo_api:delete(Connection, ?MONGO_CL_USER, {}),
-    ?assertMatch({{true, _}, _}, mongo_api:insert(Connection, ?MONGO_CL_USER, ?INIT_AUTH)),
-    %% ACLs
-    mongo_api:delete(Connection, ?MONGO_CL_ACL, {}),
-    ?assertMatch({{true, _}, _}, mongo_api:insert(Connection, ?MONGO_CL_ACL, ?INIT_ACL)).
-
-deinit_mongo_data() ->
-    {ok, Connection} = ?POOL(?APP),
-    mongo_api:delete(Connection, ?MONGO_CL_USER, {}),
-    mongo_api:delete(Connection, ?MONGO_CL_ACL, {}).
-
-%%--------------------------------------------------------------------
-%% Test cases
-%%--------------------------------------------------------------------
-
-t_check_auth(_) ->
-    Plain = #{zone => external, clientid => <<"client1">>, username => <<"plain">>},
-    Plain1 = #{zone => external, clientid => <<"client1">>, username => <<"plain2">>},
-    Md5 = #{zone => external, clientid => <<"md5">>, username => <<"md5">>},
-    Sha = #{zone => external, clientid => <<"sha">>, username => <<"sha">>},
-    Sha256 = #{zone => external, clientid => <<"sha256">>, username => <<"sha256">>},
-    Pbkdf2 = #{zone => external, clientid => <<"pbkdf2_password">>, username => <<"pbkdf2_password">>},
-    Bcrypt = #{zone => external, clientid => <<"bcrypt_foo">>, username => <<"bcrypt_foo">>},
-    User1 = #{zone => external, clientid => <<"bcrypt_foo">>, username => <<"user">>},
-    reload({auth_query, [{password_hash, plain}]}),
-    %% With exactly username/password, connection success
-    {ok, #{is_superuser := true}} = emqx_access_control:authenticate(Plain#{password => <<"plain">>}),
-    %% With exactly username and wrong password, connection fail
-    {error, _} = emqx_access_control:authenticate(Plain#{password => <<"error_pwd">>}),
-    %% With wrong username and wrong password, emqx_auth_mongo auth fail, then allow anonymous authentication
-    {error, _} = emqx_access_control:authenticate(Plain1#{password => <<"error_pwd">>}),
-    %% With wrong username and exactly password, emqx_auth_mongo auth fail, then allow anonymous authentication
-    {error, _} = emqx_access_control:authenticate(Plain1#{password => <<"plain">>}),
-    reload({auth_query, [{password_hash, md5}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Md5#{password => <<"md5">>}),
-    reload({auth_query, [{password_hash, sha}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha#{password => <<"sha">>}),
-    reload({auth_query, [{password_hash, sha256}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha256#{password => <<"sha256">>}),
-    %%pbkdf2 sha
-    reload({auth_query, [{password_hash, {pbkdf2, sha, 1, 16}}, {password_field, [<<"password">>, <<"salt">>]}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Pbkdf2#{password => <<"password">>}),
-    reload({auth_query, [{password_hash, {salt, bcrypt}}]}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Bcrypt#{password => <<"foo">>}),
-    {error, _} = emqx_access_control:authenticate(User1#{password => <<"foo">>}).
-
-t_check_acl(_) ->
-    {ok, Connection} = ?POOL(?APP),
-    User1 = #{zone => external, clientid => <<"client1">>, username => <<"testuser">>},
-    User2 = #{zone => external, clientid => <<"client2">>, username => <<"dashboard">>},
-    User3 = #{zone => external, clientid => <<"client2">>, username => <<"user3">>},
-    User4 = #{zone => external, clientid => <<"$$client2">>, username => <<"$$user3">>},
-    3 = mongo_api:count(Connection, ?MONGO_CL_ACL, {}, 17),
-    %% ct log output
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"users/testuser/1">>),
-    deny = emqx_access_control:check_acl(User1, subscribe, <<"$SYS/testuser/1">>),
-    deny = emqx_access_control:check_acl(User2, subscribe, <<"a/b/c">>),
-    allow = emqx_access_control:check_acl(User2, subscribe, <<"$SYS/testuser/1">>),
-    allow = emqx_access_control:check_acl(User3, publish, <<"a/b/c">>),
-    deny = emqx_access_control:check_acl(User3, publish, <<"c">>),
-    deny = emqx_access_control:check_acl(User4, publish, <<"a/b/c">>).
-
-t_acl_super(_) ->
-    reload({auth_query, [{password_hash, plain}, {password_field, [<<"password">>]}]}),
-    {ok, C} = emqtt:start_link([{clientid, <<"simpleClient">>},
-                                {username, <<"plain">>},
-                                {password, <<"plain">>}]),
-    {ok, _} = emqtt:connect(C),
-    timer:sleep(10),
-    emqtt:subscribe(C, <<"TopicA">>, qos2),
-    timer:sleep(1000),
-    emqtt:publish(C, <<"TopicA">>, <<"Payload">>, qos2),
-    timer:sleep(1000),
-    receive
-        {publish, #{payload := Payload}} ->
-        ?assertEqual(<<"Payload">>, Payload)
-    after
-        1000 ->
-        ct:fail({receive_timeout, <<"Payload">>}),
-        ok
-    end,
-    emqtt:disconnect(C).
-
-%%--------------------------------------------------------------------
-%% Utils
-%%--------------------------------------------------------------------
-
-reload({Par, Vals}) when is_list(Vals) ->
-    application:stop(?APP),
-    {ok, TupleVals} = application:get_env(?APP, Par),
-    NewVals =
-    lists:filtermap(fun({K, V}) ->
-        case lists:keymember(K, 1, Vals) of
-        false ->{true, {K, V}};
-        _ -> false
-        end
-    end, TupleVals),
-    application:set_env(?APP, Par, lists:append(NewVals, Vals)),
-    application:start(?APP).
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca-key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca-key.pem
deleted file mode 100644
index e9717011e..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0kGUBi9NDp65jgdxKfizIfuSr2wpwb44yM9SuP4oUQSULOA2
-4iFpLR/c5FAYHU81y9Vx91dQjdZfffaBZuv2zVvteXUkol8Nez7boKbo2E41MTew
-8edtNKZAQVvnaHAC2NCZxjchCzUCDEoUUcl+cIERZ8R48FBqK5iTVcMRIx1akwus
-+dhBqP0ykA5TGOWZkJrLM9aUXSPQha9+wXlOpkvu0Ur2nkX8PPJnifWao9UShSar
-ll1IqPZNCSlZMwcFYcQNBCpdvITUUYlHvMRQV64bUpOxUGDuJkQL3dLKBlNuBRlJ
-BcjBAKw7rFnwwHZcMmQ9tan/dZzpzwjo/T0XjwIDAQABAoIBAQCSHvUqnzDkWjcG
-l/Fzg92qXlYBCCC0/ugj1sHcwvVt6Mq5rVE3MpUPwTcYjPlVVTlD4aEEjm/zQuq2
-ddxUlOS+r4aIhHrjRT/vSS4FpjnoKeIZxGR6maVxk6DQS3i1QjMYT1CvSpzyVvKH
-a+xXMrtmoKxh+085ZAmFJtIuJhUA2yEa4zggCxWnvz8ecLClUPfVDPhdLBHc3KmL
-CRpHEC6L/wanvDPRdkkzfKyaJuIJlTDaCg63AY5sDkTW2I57iI/nJ3haSeidfQKz
-39EfbnM1A/YprIakafjAu3frBIsjBVcxwGihZmL/YriTHjOggJF841kT5zFkkv2L
-/530Wk6xAoGBAOqZLZ4DIi/zLndEOz1mRbUfjc7GQUdYplBnBwJ22VdS0P4TOXnd
-UbJth2MA92NM7ocTYVFl4TVIZY/Y+Prxk7KQdHWzR7JPpKfx9OEVgtSqV0vF9eGI
-rKp79Y1T4Mvc3UcQCXX6TP7nHLihEzpS8odm2LW4txrOiLsn4Fq/IWrLAoGBAOVv
-6U4tm3lImotUupKLZPKEBYwruo9qRysoug9FiorP4TjaBVOfltiiHbAQD6aGfVtN
-SZpZZtrs17wL7Xl4db5asgMcZd+8Hkfo5siR7AuGW9FZloOjDcXb5wCh9EvjJ74J
-Cjw7RqyVymq9t7IP6wnVwj5Ck48YhlOZCz/mzlnNAoGAWq7NYFgLvgc9feLFF23S
-IjpJQZWHJEITP98jaYNxbfzYRm49+GphqxwFinKULjFNvq7yHlnIXSVYBOu1CqOZ
-GRwXuGuNmlKI7lZr9xmukfAqgGLMMdr4C4qRF4lFyufcLRz42z7exmWlx4ST/yaT
-E13hBRWayeTuG5JFei6Jh1MCgYEAqmX4LyC+JFBgvvQZcLboLRkSCa18bADxhENG
-FAuAvmFvksqRRC71WETmqZj0Fqgxt7pp3KFjO1rFSprNLvbg85PmO1s+6fCLyLpX
-lESTu2d5D71qhK93jigooxalGitFm+SY3mzjq0/AOpBWOn+J/w7rqVPGxXLgaHv0
-l+vx+00CgYBOvo9/ImjwYii2jFl+sHEoCzlvpITi2temRlT2j6ulSjCLJgjwEFw9
-8e+vvfQumQOsutakUVyURrkMGNDiNlIv8kv5YLCCkrwN22E6Ghyi69MJUvHQXkc/
-QZhjn/luyfpB5f/BeHFS2bkkxAXo+cfG45ApY3Qfz6/7o+H+vDa6/A==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
deleted file mode 100644
index 00b31d8a4..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAeugAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowPDE6MDgGA1UEAwwxTXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DQV9DZXJ0aWZpY2F0ZTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJBlAYvTQ6euY4HcSn4syH7kq9s
-KcG+OMjPUrj+KFEElCzgNuIhaS0f3ORQGB1PNcvVcfdXUI3WX332gWbr9s1b7Xl1
-JKJfDXs+26Cm6NhONTE3sPHnbTSmQEFb52hwAtjQmcY3IQs1AgxKFFHJfnCBEWfE
-ePBQaiuYk1XDESMdWpMLrPnYQaj9MpAOUxjlmZCayzPWlF0j0IWvfsF5TqZL7tFK
-9p5F/DzyZ4n1mqPVEoUmq5ZdSKj2TQkpWTMHBWHEDQQqXbyE1FGJR7zEUFeuG1KT
-sVBg7iZEC93SygZTbgUZSQXIwQCsO6xZ8MB2XDJkPbWp/3Wc6c8I6P09F48CAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADKz6bIpP5anp
-GgLB0jkclRWuMlS4qqIt4itSsMXPJ/ezpHwECixmgW2TIQl6S1woRkUeMxhT2/Ay
-Sn/7aKxuzRagyE5NEGOvrOuAP5RO2ZdNJ/X3/Rh533fK1sOTEEbSsWUvW6iSkZef
-rsfZBVP32xBhRWkKRdLeLB4W99ADMa0IrTmZPCXHSSE2V4e1o6zWLXcOZeH1Qh8N
-SkelBweR+8r1Fbvy1r3s7eH7DCbYoGEDVLQGOLvzHKBisQHmoDnnF5E9g1eeNRdg
-o+vhOKfYCOzeNREJIqS42PHcGhdNRk90ycigPmfUJclz1mDHoMjKR2S5oosTpr65
-tNPx3CL7GA==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
deleted file mode 100644
index aad1404ca..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAzANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0N1oXDTMwMDYwOTAzMzg0N1owQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DbGllbnRfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVYSWpOvCTupz82fc85Opv
-EQ7rkB8X2oOMyBCpkyHKBIr1ZQgRDWBp9UVOASq3GnSElm6+T3Kb1QbOffa8GIlw
-sjAueKdq5L2eSkmPIEQ7eoO5kEW+4V866hE1LeL/PmHg2lGP0iqZiJYtElhHNQO8
-3y9I7cm3xWMAA3SSWikVtpJRn3qIp2QSrH+tK+/HHbE5QwtPxdir4ULSCSOaM5Yh
-Wi5Oto88TZqe1v7SXC864JVvO4LuS7TuSreCdWZyPXTJFBFeCEWSAxonKZrqHbBe
-CwKML6/0NuzjaQ51c2tzmVI6xpHj3nnu4cSRx6Jf9WBm+35vm0wk4pohX3ptdzeV
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAByQ5zSNeFUH
-Aw7JlpZHtHaSEeiiyBHke20ziQ07BK1yi/ms2HAWwQkpZv149sjNuIRH8pkTmkZn
-g8PDzSefjLbC9AsWpWV0XNV22T/cdobqLqMBDDZ2+5bsV+jTrOigWd9/AHVZ93PP
-IJN8HJn6rtvo2l1bh/CdsX14uVSdofXnuWGabNTydqtMvmCerZsdf6qKqLL+PYwm
-RDpgWiRUY7KPBSSlKm/9lJzA+bOe4dHeJzxWFVCJcbpoiTFs1je1V8kKQaHtuW39
-ifX6LTKUMlwEECCbDKM8Yq2tm8NjkjCcnFDtKg8zKGPUu+jrFMN5otiC3wnKcP7r
-O9EkaPcgYH8=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
deleted file mode 100644
index 6789d0291..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1WElqTrwk7qc/Nn3POTqbxEO65AfF9qDjMgQqZMhygSK9WUI
-EQ1gafVFTgEqtxp0hJZuvk9ym9UGzn32vBiJcLIwLninauS9nkpJjyBEO3qDuZBF
-vuFfOuoRNS3i/z5h4NpRj9IqmYiWLRJYRzUDvN8vSO3Jt8VjAAN0klopFbaSUZ96
-iKdkEqx/rSvvxx2xOUMLT8XYq+FC0gkjmjOWIVouTraPPE2antb+0lwvOuCVbzuC
-7ku07kq3gnVmcj10yRQRXghFkgMaJyma6h2wXgsCjC+v9Dbs42kOdXNrc5lSOsaR
-49557uHEkceiX/VgZvt+b5tMJOKaIV96bXc3lQIDAQABAoIBAF7yjXmSOn7h6P0y
-WCuGiTLG2mbDiLJqj2LTm2Z5i+2Cu/qZ7E76Ls63TxF4v3MemH5vGfQhEhR5ZD/6
-GRJ1sKKvB3WGRqjwA9gtojHH39S/nWGy6vYW/vMOOH37XyjIr3EIdIaUtFQBTSHd
-Kd71niYrAbVn6fyWHolhADwnVmTMOl5OOAhCdEF4GN3b5aIhIu8BJ7EUzTtHBJIj
-CAEfjZFjDs1y1cIgGFJkuIQxMfCpq5recU2qwip7YO6fk//WEjOPu7kSf5IEswL8
-jg1dea9rGBV6KaD2xsgsC6Ll6Sb4BbsrHMfflG3K2Lk3RdVqqTFp1Fn1PTLQE/1S
-S/SZPYECgYEA9qYcHKHd0+Q5Ty5wgpxKGa4UCWkpwvfvyv4bh8qlmxueB+l2AIdo
-ZvkM8gTPagPQ3WypAyC2b9iQu70uOJo1NizTtKnpjDdN1YpDjISJuS/P0x73gZwy
-gmoM5AzMtN4D6IbxXtXnPaYICvwLKU80ouEN5ZPM4/ODLUu6gsp0v2UCgYEA3Xgi
-zMC4JF0vEKEaK0H6QstaoXUmw/lToZGH3TEojBIkb/2LrHUclygtONh9kJSFb89/
-jbmRRLAOrx3HZKCNGUmF4H9k5OQyAIv6OGBinvLGqcbqnyNlI+Le8zxySYwKMlEj
-EMrBCLmSyi0CGFrbZ3mlj/oCET/ql9rNvcK+DHECgYAEx5dH3sMjtgp+RFId1dWB
-xePRgt4yTwewkVgLO5wV82UOljGZNQaK6Eyd7AXw8f38LHzh+KJQbIvxd2sL4cEi
-OaAoohpKg0/Y0YMZl//rPMf0OWdmdZZs/I0fZjgZUSwWN3c59T8z7KG/RL8an9RP
-S7kvN7wCttdV61/D5RR6GQKBgDxCe/WKWpBKaovzydMLWLTj7/0Oi0W3iXHkzzr4
-LTgvl4qBSofaNbVLUUKuZTv5rXUG2IYPf99YqCYtzBstNDc1MiAriaBeFtzfOW4t
-i6gEFtoLLbuvPc3N5Sv5vn8Ug5G9UfU3td5R4AbyyCcoUZqOFuZd+EIJSiOXfXOs
-kVmBAoGBAIU9aPAqhU5LX902oq8KsrpdySONqv5mtoStvl3wo95WIqXNEsFY60wO
-q02jKQmJJ2MqhkJm2EoF2Mq8+40EZ5sz8LdgeQ/M0yQ9lAhPi4rftwhpe55Ma9dk
-SE9X1c/DMCBEaIjJqVXdy0/EeArwpb8sHkguVVAZUWxzD+phm1gs
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem
deleted file mode 100644
index 1fe94891a..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcEnEm5hqP1EbEJycOz8Ua
-NWp29QdpFUzTWhkKGhVXk+0msmNTw4NBAFB42moY44OU8wvDideOlJNhPRWveD8z
-G2lxzJA91p0UK4et8ia9MmeuCGhdC9jxJ8X69WNlUiPyy0hI/ZsqRq9Z0C2eW0iL
-JPXsy4X8Xpw3SFwoXf5pR9RFY5Pb2tuyxqmSestu2VXT/NQjJg4CVDR3mFcHPXZB
-4elRzH0WshExEGkgy0bg20MJeRc2Qdb5Xx+EakbmwroDWaCn3NSGqQ7jv6Vw0doy
-TGvS6h6RHBxnyqRfRgKGlCoOMG9/5+rFJC00QpCUG2vHXHWGoWlMlJ3foN7rj5v9
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ5zt2rj4Ag6
-zpN59AWC1Fur8g8l41ksHkSpKPp+PtyO/ngvbMqBpfmK1e7JCKZv/68QXfMyWWAI
-hwalqZkXXWHKjuz3wE7dE25PXFXtGJtcZAaj10xt98fzdqt8lQSwh2kbfNwZIz1F
-sgAStgE7+ZTcqTgvNB76Os1UK0to+/P0VBWktaVFdyub4Nc2SdPVnZNvrRBXBwOD
-3V8ViwywDOFoE7DvCvwx/SVsvoC0Z4j3AMMovO6oHicP7uU83qsQgm1Qru3YeoLR
-+DoVi7IPHbWvN7MqFYn3YjNlByO2geblY7MR0BlqbFlmFrqLsUfjsh2ys7/U/knC
-dN/klu446fI=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAnBJxJuYaj9RGxCcnDs/FGjVqdvUHaRVM01oZChoVV5PtJrJj
-U8ODQQBQeNpqGOODlPMLw4nXjpSTYT0Vr3g/MxtpccyQPdadFCuHrfImvTJnrgho
-XQvY8SfF+vVjZVIj8stISP2bKkavWdAtnltIiyT17MuF/F6cN0hcKF3+aUfURWOT
-29rbssapknrLbtlV0/zUIyYOAlQ0d5hXBz12QeHpUcx9FrIRMRBpIMtG4NtDCXkX
-NkHW+V8fhGpG5sK6A1mgp9zUhqkO47+lcNHaMkxr0uoekRwcZ8qkX0YChpQqDjBv
-f+fqxSQtNEKQlBtrx1x1hqFpTJSd36De64+b/QIDAQABAoIBAFiah66Dt9SruLkn
-WR8piUaFyLlcBib8Nq9OWSTJBhDAJERxxb4KIvvGB+l0ZgNXNp5bFPSfzsZdRwZP
-PX5uj8Kd71Dxx3mz211WESMJdEC42u+MSmN4lGLkJ5t/sDwXU91E1vbJM0ve8THV
-4/Ag9qA4DX2vVZOeyqT/6YHpSsPNZplqzrbAiwrfHwkctHfgqwOf3QLfhmVQgfCS
-VwidBldEUv2whSIiIxh4Rv5St4kA68IBCbJxdpOpyuQBkk6CkxZ7VN9FqOuSd4Pk
-Wm7iWyBMZsCmELZh5XAXld4BEt87C5R4CvbPBDZxAv3THk1DNNvpy3PFQfwARRFb
-SAToYMECgYEAyL7U8yxpzHDYWd3oCx6vTi9p9N/z0FfAkWrRF6dm4UcSklNiT1Aq
-EOnTA+SaW8tV3E64gCWcY23gNP8so/ZseWj6L+peHwtchaP9+KB7yGw2A+05+lOx
-VetLTjAOmfpiUXFe5w1q4C1RGhLjZjjzW+GvwdAuchQgUEFaomrV+PUCgYEAxwfH
-cmVGFbAktcjU4HSRjKSfawCrut+3YUOLybyku3Q/hP9amG8qkVTFe95CTLjLe2D0
-ccaTTpofFEJ32COeck0g0Ujn/qQ+KXRoauOYs4FB1DtqMpqB78wufWEUpDpbd9/h
-J+gJdC/IADd4tJW9zA92g8IA7ZtFmqDtiSpQ0ekCgYAQGkaorvJZpN+l7cf0RGTZ
-h7IfI2vCVZer0n6tQA9fmLzjoe6r4AlPzAHSOR8sp9XeUy43kUzHKQQoHCPvjw/K
-eWJAP7OHF/k2+x2fOPhU7mEy1W+mJdp+wt4Kio5RSaVjVQ3AyPG+w8PSrJszEvRq
-dWMMz+851WV2KpfjmWBKlQKBgQC++4j4DZQV5aMkSKV1CIZOBf3vaIJhXKEUFQPD
-PmB4fBEjpwCg+zNGp6iktt65zi17o8qMjrb1mtCt2SY04eD932LZUHNFlwcLMmes
-Ad+aiDLJ24WJL1f16eDGcOyktlblDZB5gZ/ovJzXEGOkLXglosTfo77OQculmDy2
-/UL2WQKBgGeKasmGNfiYAcWio+KXgFkHXWtAXB9B91B1OFnCa40wx+qnl71MIWQH
-PQ/CZFNWOfGiNEJIZjrHsfNJoeXkhq48oKcT0AVCDYyLV0VxDO4ejT95mGW6njNd
-JpvmhwwAjOvuWVr0tn4iXlSK8irjlJHmwcRjLTJq97vE9fsA2MjI
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/private_key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/private_key.pem
deleted file mode 100644
index 8fbf6bdec..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/private_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1zVmMhPqpSPMmYkKh5wwlRD5XuS8YWJKEM6tjFx61VK8qxHE
-YngkC2KnL5EuKAjQZIF3tJskwt0hAat047CCCZxrkNEpbVvSnvnk+A/8bg/Ww1n3
-qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XAPy7ZjzecAF9SDV6WSiPeAxUX2+hN
-dId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGwcnkKCUikiBqr2ijSIgvRtBfZ9fBG
-jFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtPnBtTytmqTy9V/BRgsVKUoksm6wsx
-kUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h+wIDAQABAoIBAEQcrHmRACTADdNS
-IjkFYALt2l8EOfMAbryfDSJtapr1kqz59JPNvmq0EIHnixo0n/APYdmReLML1ZR3
-tYkSpjVwgkLVUC1CcIjMQoGYXaZf8PLnGJHZk45RR8m6hsTV0mQ5bfBaeVa2jbma
-OzJMjcnxg/3l9cPQZ2G/3AUfEPccMxOXp1KRz3mUQcGnKJGtDbN/kfmntcwYoxaE
-Zg4RoeKAoMpK1SSHAiJKe7TnztINJ7uygR9XSzNd6auY8A3vomSIjpYO7XL+lh7L
-izm4Ir3Gb/eCYBvWgQyQa2KCJgK/sQyEs3a09ngofSEUhQJQYhgZDwUj+fDDOGqj
-hCZOA8ECgYEA+ZWuHdcUQ3ygYhLds2QcogUlIsx7C8n/Gk/FUrqqXJrTkuO0Eqqa
-B47lCITvmn2zm0ODfSFIARgKEUEDLS/biZYv7SUTrFqBLcet+aGI7Dpv91CgB75R
-tNzcIf8VxoiP0jPqdbh9mLbbxGi5Uc4p9TVXRljC4hkswaouebWee0sCgYEA3L2E
-YB3kiHrhPI9LHS5Px9C1w+NOu5wP5snxrDGEgaFCvL6zgY6PflacppgnmTXl8D1x
-im0IDKSw5dP3FFonSVXReq3CXDql7UnhfTCiLDahV7bLxTH42FofcBpDN3ERdOal
-58RwQh6VrLkzQRVoObo+hbGlFiwwSAfQC509FhECgYBsRSBpVXo25IN2yBRg09cP
-+gdoFyhxrsj5kw1YnB13WrrZh+oABv4WtUhp77E5ZbpaamlKCPwBbXpAjeFg4tfr
-0bksuN7V79UGFQ9FsWuCfr8/nDwv38H2IbFlFhFONMOfPmJBey0Q6JJhm8R41mSh
-OOiJXcv85UrjIH5U0hLUDQKBgQDVLOU5WcUJlPoOXSgiT0ZW5xWSzuOLRUUKEf6l
-19BqzAzCcLy0orOrRAPW01xylt2v6/bJw1Ahva7k1ZZo/kOwjANYoZPxM+ZoSZBN
-MXl8j2mzZuJVV1RFxItV3NcLJNPB/Lk+IbRz9kt/2f9InF7iWR3mSU/wIM6j0X+2
-p6yFsQKBgQCM/ldWb511lA+SNkqXB2P6WXAgAM/7+jwsNHX2ia2Ikufm4SUEKMSv
-mti/nZkHDHsrHU4wb/2cOAywMELzv9EHzdcoenjBQP65OAc/1qWJs+LnBcCXfqKk
-aHjEZW6+brkHdRGLLY3YAHlt/AUL+RsKPJfN72i/FSpmu+52G36eeQ==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/public_key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/public_key.pem
deleted file mode 100644
index f9772b533..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/public_key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zVmMhPqpSPMmYkKh5ww
-lRD5XuS8YWJKEM6tjFx61VK8qxHEYngkC2KnL5EuKAjQZIF3tJskwt0hAat047CC
-CZxrkNEpbVvSnvnk+A/8bg/Ww1n3qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XA
-Py7ZjzecAF9SDV6WSiPeAxUX2+hNdId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGw
-cnkKCUikiBqr2ijSIgvRtBfZ9fBGjFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtP
-nBtTytmqTy9V/BRgsVKUoksm6wsxkUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h
-+wIDAQAB
------END PUBLIC KEY-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-cert.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-cert.pem
deleted file mode 100644
index a2f9688df..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcEnEm5hqP1EbEJycOz8Ua
-NWp29QdpFUzTWhkKGhVXk+0msmNTw4NBAFB42moY44OU8wvDideOlJNhPRWveD8z
-G2lxzJA91p0UK4et8ia9MmeuCGhdC9jxJ8X69WNlUiPyy0hI/ZsqRq9Z0C2eW0iL
-JPXsy4X8Xpw3SFwoXf5pR9RFY5Pb2tuyxqmSestu2VXT/NQjJg4CVDR3mFcHPXZB
-4elRzH0WshExEGkgy0bg20MJeRc2Qdb5Xx+EakbmwroDWaCn3NSGqQ7jv6Vw0doy
-TGvS6h6RHBxnyqRfRgKGlCoOMG9/5+rFJC00QpCUG2vHXHWGoWlMlJ3foN7rj5v9
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ5zt2rj4Ag6
-zpN59AWC1Fur8g8l41ksHkSpKPp+PtyO/ngvbMqBpfmK1e7JCKZv/68QXfMyWWAI
-hwalqZkXXWHKjuz3wE7dE25PXFXtGJtcZAaj10xt98fzdqt8lQSwh2kbfNwZIz1F
-sgAStgE7+ZTcqTgvNB76Os1UK0to+/P0VBWktaVFdyub4Nc2SdPVnZNvrRBXBwOD
-3V8ViwywDOFoE7DvCvwx/SVsvoC0Z4j3AMMovO6oHicP7uU83qsQgm1Qru3YeoLR
-+DoVi7IPHbWvN7MqFYn3YjNlByO2geblY7MR0BlqbFlmFrqLsUfjsh2ys7/U/knC
-dN/klu446fI=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-key.pem b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-key.pem
deleted file mode 100644
index a1dfd5f78..000000000
--- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/server-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAnBJxJuYaj9RGxCcnDs/FGjVqdvUHaRVM01oZChoVV5PtJrJj
-U8ODQQBQeNpqGOODlPMLw4nXjpSTYT0Vr3g/MxtpccyQPdadFCuHrfImvTJnrgho
-XQvY8SfF+vVjZVIj8stISP2bKkavWdAtnltIiyT17MuF/F6cN0hcKF3+aUfURWOT
-29rbssapknrLbtlV0/zUIyYOAlQ0d5hXBz12QeHpUcx9FrIRMRBpIMtG4NtDCXkX
-NkHW+V8fhGpG5sK6A1mgp9zUhqkO47+lcNHaMkxr0uoekRwcZ8qkX0YChpQqDjBv
-f+fqxSQtNEKQlBtrx1x1hqFpTJSd36De64+b/QIDAQABAoIBAFiah66Dt9SruLkn
-WR8piUaFyLlcBib8Nq9OWSTJBhDAJERxxb4KIvvGB+l0ZgNXNp5bFPSfzsZdRwZP
-PX5uj8Kd71Dxx3mz211WESMJdEC42u+MSmN4lGLkJ5t/sDwXU91E1vbJM0ve8THV
-4/Ag9qA4DX2vVZOeyqT/6YHpSsPNZplqzrbAiwrfHwkctHfgqwOf3QLfhmVQgfCS
-VwidBldEUv2whSIiIxh4Rv5St4kA68IBCbJxdpOpyuQBkk6CkxZ7VN9FqOuSd4Pk
-Wm7iWyBMZsCmELZh5XAXld4BEt87C5R4CvbPBDZxAv3THk1DNNvpy3PFQfwARRFb
-SAToYMECgYEAyL7U8yxpzHDYWd3oCx6vTi9p9N/z0FfAkWrRF6dm4UcSklNiT1Aq
-EOnTA+SaW8tV3E64gCWcY23gNP8so/ZseWj6L+peHwtchaP9+KB7yGw2A+05+lOx
-VetLTjAOmfpiUXFe5w1q4C1RGhLjZjjzW+GvwdAuchQgUEFaomrV+PUCgYEAxwfH
-cmVGFbAktcjU4HSRjKSfawCrut+3YUOLybyku3Q/hP9amG8qkVTFe95CTLjLe2D0
-ccaTTpofFEJ32COeck0g0Ujn/qQ+KXRoauOYs4FB1DtqMpqB78wufWEUpDpbd9/h
-J+gJdC/IADd4tJW9zA92g8IA7ZtFmqDtiSpQ0ekCgYAQGkaorvJZpN+l7cf0RGTZ
-h7IfI2vCVZer0n6tQA9fmLzjoe6r4AlPzAHSOR8sp9XeUy43kUzHKQQoHCPvjw/K
-eWJAP7OHF/k2+x2fOPhU7mEy1W+mJdp+wt4Kio5RSaVjVQ3AyPG+w8PSrJszEvRq
-dWMMz+851WV2KpfjmWBKlQKBgQC++4j4DZQV5aMkSKV1CIZOBf3vaIJhXKEUFQPD
-PmB4fBEjpwCg+zNGp6iktt65zi17o8qMjrb1mtCt2SY04eD932LZUHNFlwcLMmes
-Ad+aiDLJ24WJL1f16eDGcOyktlblDZB5gZ/ovJzXEGOkLXglosTfo77OQculmDy2
-/UL2WQKBgGeKasmGNfiYAcWio+KXgFkHXWtAXB9B91B1OFnCa40wx+qnl71MIWQH
-PQ/CZFNWOfGiNEJIZjrHsfNJoeXkhq48oKcT0AVCDYyLV0VxDO4ejT95mGW6njNd
-JpvmhwwAjOvuWVr0tn4iXlSK8irjlJHmwcRjLTJq97vE9fsA2MjI
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mysql/.gitignore b/apps/emqx_auth_mysql/.gitignore
deleted file mode 100644
index bc6fa0f2f..000000000
--- a/apps/emqx_auth_mysql/.gitignore
+++ /dev/null
@@ -1,31 +0,0 @@
-.eunit
-deps
-*.so
-.iml
-.idea
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emqx_auth_mysql.d
-ct.coverdata
-logs/
-test/ct.cover.spec
-test/*.beam
-cover/
-eunit.coverdata
-data
-.placeholder
-_build/
-rebar.lock
-erlang.mk
-rebar3.crashdump
-etc/emqx_auth_mysql.conf.rendered
-.rebar3/
-*.swp
-.DS_Store
diff --git a/apps/emqx_auth_mysql/README.md b/apps/emqx_auth_mysql/README.md
deleted file mode 100644
index e55a2103f..000000000
--- a/apps/emqx_auth_mysql/README.md
+++ /dev/null
@@ -1,167 +0,0 @@
-emqx_auth_mysql
-===============
-
-Authentication, ACL with MySQL Database.
-
-Notice: changed mysql driver to [mysql-otp](https://github.com/mysql-otp/mysql-otp).
-
-Features
----------
-
-- Full *Authentication*, *Superuser*, *ACL* support
-- IPv4, IPv6 and TLS support
-- Connection pool by [ecpool](https://github.com/emqx/ecpool)
-- Completely cover MySQL 5.7, MySQL 8 in our tests
-
-Build Plugin
--------------
-
-make && make tests
-
-Configure Plugin
-----------------
-
-File: etc/emqx_auth_mysql.conf
-
-```
-## MySQL server address.
-##
-## Value: Port | IP:Port
-##
-## Examples: 3306, 127.0.0.1:3306, localhost:3306
-auth.mysql.server = 127.0.0.1:3306
-
-## MySQL pool size.
-##
-## Value: Number
-auth.mysql.pool = 8
-
-## MySQL username.
-##
-## Value: String
-## auth.mysql.username =
-
-## MySQL Password.
-##
-## Value: String
-## auth.mysql.password =
-
-## MySQL database.
-##
-## Value: String
-auth.mysql.database = mqtt
-
-## Variables: %u = username, %c = clientid
-
-## Authentication query.
-##
-## Note that column names should be 'password' and 'salt' (if used).
-## In case column names differ in your DB - please use aliases,
-## e.g. "my_column_name as password".
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
-## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.mysql.password_hash = sha256
-
-## sha256 with salt prefix
-## auth.mysql.password_hash = salt,sha256
-
-## bcrypt with salt only prefix
-## auth.mysql.password_hash = salt,bcrypt
-
-## sha256 with salt suffix
-## auth.mysql.password_hash = sha256,salt
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mysql.password_hash = pbkdf2,sha256,1000,20
-
-## Superuser query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
-
-## ACL query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %a: ipaddr
-##  - %u: username
-##  - %c: clientid
-## Note: You can add the 'ORDER BY' statement to control the rules match order
-auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
-
-```
-
-Import mqtt.sql
----------------
-
-Import mqtt.sql into your database.
-
-Load Plugin
------------
-
-./bin/emqx_ctl plugins load emqx_auth_mysql
-
-Auth Table
-----------
-
-Notice: This is a demo table. You could authenticate with any user table.
-
-```sql
-CREATE TABLE `mqtt_user` (
-  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
-  `username` varchar(100) DEFAULT NULL,
-  `password` varchar(100) DEFAULT NULL,
-  `salt` varchar(35) DEFAULT NULL,
-  `is_superuser` tinyint(1) DEFAULT 0,
-  `created` datetime DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `mqtt_username` (`username`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-```
-
-ACL Table
-----------
-
-```sql
-CREATE TABLE `mqtt_acl` (
-  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
-  `allow` int(1) DEFAULT NULL COMMENT '0: deny, 1: allow',
-  `ipaddr` varchar(60) DEFAULT NULL COMMENT 'IpAddress',
-  `username` varchar(100) DEFAULT NULL COMMENT 'Username',
-  `clientid` varchar(100) DEFAULT NULL COMMENT 'ClientId',
-  `access` int(2) NOT NULL COMMENT '1: subscribe, 2: publish, 3: pubsub',
-  `topic` varchar(100) NOT NULL DEFAULT '' COMMENT 'Topic Filter',
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-```
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
diff --git a/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf b/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
deleted file mode 100644
index 1c3d40059..000000000
--- a/apps/emqx_auth_mysql/etc/emqx_auth_mysql.conf
+++ /dev/null
@@ -1,131 +0,0 @@
-##--------------------------------------------------------------------
-## MySQL Auth/ACL Plugin
-##--------------------------------------------------------------------
-
-## MySQL server address.
-##
-## Value: Port | IP:Port
-##
-## Examples: 3306, 127.0.0.1:3306, localhost:3306
-auth.mysql.server = "127.0.0.1:3306"
-
-## MySQL pool size.
-##
-## Value: Number
-auth.mysql.pool = 8
-
-## MySQL username.
-##
-## Value: String
-#auth.mysql.username =
-
-## MySQL password.
-##
-## Value: String
-#auth.mysql.password =
-
-## MySQL database.
-##
-## Value: String
-auth.mysql.database = mqtt
-
-## MySQL query timeout
-##
-## Value: Duration
-## auth.mysql.query_timeout = 5s
-
-## Variables: %u = username, %c = clientid
-
-## Authentication query.
-##
-## Note that column names should be 'password' and 'salt' (if used).
-## In case column names differ in your DB - please use aliases,
-## e.g. "my_column_name as password".
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.mysql.auth_query = "select password from mqtt_user where username = '%u' limit 1"
-## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.mysql.password_hash = sha256
-
-## sha256 with salt prefix
-## auth.mysql.password_hash = "salt,sha256"
-
-## bcrypt with salt only prefix
-## auth.mysql.password_hash = "salt,bcrypt"
-
-## sha256 with salt suffix
-## auth.mysql.password_hash = "sha256,salt"
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.mysql.password_hash = "pbkdf2,sha256,1000,20"
-
-## Superuser query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.mysql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1"
-
-## ACL query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %a: ipaddr
-##  - %u: username
-##  - %c: clientid
-##
-## Note: You can add the 'ORDER BY' statement to control the rules match order
-auth.mysql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
-
-## Mysql ssl configuration.
-##
-## Value: on | off
-## auth.mysql.ssl.enable = off
-
-## CA certificate.
-##
-## Value: File
-#auth.mysql.ssl.cacertfile  = /path/to/ca.pem
-
-## Client ssl certificate.
-##
-## Value: File
-#auth.mysql.ssl.certfile = /path/to/your/clientcert.pem
-
-## Client ssl keyfile.
-##
-## Value: File
-#auth.mysql.ssl.keyfile = /path/to/your/clientkey.pem
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-#auth.mysql.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.mysql.server` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.mysql.ssl.server_name_indication = disable
diff --git a/apps/emqx_auth_mysql/include/emqx_auth_mysql.hrl b/apps/emqx_auth_mysql/include/emqx_auth_mysql.hrl
deleted file mode 100644
index fca431e81..000000000
--- a/apps/emqx_auth_mysql/include/emqx_auth_mysql.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
-
--define(APP, emqx_auth_mysql).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_mysql/mqtt.sql b/apps/emqx_auth_mysql/mqtt.sql
deleted file mode 100644
index 9635bee58..000000000
--- a/apps/emqx_auth_mysql/mqtt.sql
+++ /dev/null
@@ -1,41 +0,0 @@
-
-DROP TABLE IF EXISTS `mqtt_acl`;
-
-CREATE TABLE `mqtt_acl` (
-  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
-  `allow` int(1) DEFAULT NULL COMMENT '0: deny, 1: allow',
-  `ipaddr` varchar(60) DEFAULT NULL COMMENT 'IpAddress',
-  `username` varchar(100) DEFAULT NULL COMMENT 'Username',
-  `clientid` varchar(100) DEFAULT NULL COMMENT 'ClientId',
-  `access` int(2) NOT NULL COMMENT '1: subscribe, 2: publish, 3: pubsub',
-  `topic` varchar(100) NOT NULL DEFAULT '' COMMENT 'Topic Filter',
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-
-LOCK TABLES `mqtt_acl` WRITE;
-
-INSERT INTO `mqtt_acl` (`id`, `allow`, `ipaddr`, `username`, `clientid`, `access`, `topic`)
-VALUES
-	(1,1,NULL,'$all',NULL,2,'#'),
-	(2,0,NULL,'$all',NULL,1,'$SYS/#'),
-	(3,0,NULL,'$all',NULL,1,'eq #'),
-	(4,1,'127.0.0.1',NULL,NULL,2,'$SYS/#'),
-	(5,1,'127.0.0.1',NULL,NULL,2,'#'),
-	(6,1,NULL,'dashboard',NULL,1,'$SYS/#');
-
-UNLOCK TABLES;
-
-
-DROP TABLE IF EXISTS `mqtt_user`;
-
-CREATE TABLE `mqtt_user` (
-  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
-  `username` varchar(100) DEFAULT NULL,
-  `password` varchar(100) DEFAULT NULL,
-  `salt` varchar(35) DEFAULT NULL,
-  `is_superuser` tinyint(1) DEFAULT 0,
-  `created` datetime DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `mqtt_username` (`username`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
-
diff --git a/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema b/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema
deleted file mode 100644
index fba25f41f..000000000
--- a/apps/emqx_auth_mysql/priv/emqx_auth_mysql.schema
+++ /dev/null
@@ -1,156 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_mysql config mapping
-{mapping, "auth.mysql.server", "emqx_auth_mysql.server", [
-  {default, {"127.0.0.1", 3306}},
-  {datatype, [integer, ip, string]}
-]}.
-
-{mapping, "auth.mysql.pool", "emqx_auth_mysql.server", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.mysql.username", "emqx_auth_mysql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.password", "emqx_auth_mysql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.database", "emqx_auth_mysql.server", [
-  {default, "mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.query_timeout", "emqx_auth_mysql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.ssl.enable", "emqx_auth_mysql.server", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.mysql.ssl.cafile", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.ssl.cacertfile", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.mysql.ssl.certfile", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.ssl.keyfile", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.ssl.verify", "emqx_auth_mysql.server", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.mysql.ssl.server_name_indication", "emqx_auth_mysql.server", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mysql.server", fun(Conf) ->
-  {MyHost, MyPort} =
-  case cuttlefish:conf_get("auth.mysql.server", Conf) of
-    {Ip, Port} -> {Ip, Port};
-    S          -> case string:tokens(S, ":") of
-                    [Domain]       -> {Domain, 3306};
-                    [Domain, Port] -> {Domain, list_to_integer(Port)}
-                  end
-    end,
-  Pool = cuttlefish:conf_get("auth.mysql.pool", Conf),
-  Username = cuttlefish:conf_get("auth.mysql.username", Conf),
-  Passwd = cuttlefish:conf_get("auth.mysql.password", Conf),
-  DB = cuttlefish:conf_get("auth.mysql.database", Conf),
-  Timeout = case cuttlefish:conf_get("auth.mysql.query_timeout", Conf) of
-                "" -> 300000;
-                Duration ->
-                    case cuttlefish_duration:parse(Duration, ms) of
-                      {error, Reason} -> error(Reason);
-                      Ms when is_integer(Ms) -> Ms
-                  end
-            end,
-  Options = [{pool_size, Pool},
-             {auto_reconnect, 1},
-             {host, MyHost},
-             {port, MyPort},
-             {user, Username},
-             {password, Passwd},
-             {database, DB},
-             {encoding, utf8},
-             {query_timeout, Timeout},
-             {keep_alive, true}],
-  Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  Options1 =
-      case cuttlefish:conf_get("auth.mysql.ssl.enable", Conf) of
-            true ->
-                %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-                CA = cuttlefish:conf_get(
-                        "auth.mysql.ssl.cacertfile", Conf,
-                        cuttlefish:conf_get("auth.mysql.ssl.cafile", Conf, undefined)
-                     ),
-                Cert = cuttlefish:conf_get("auth.mysql.ssl.certfile", Conf, undefined),
-                Key = cuttlefish:conf_get("auth.mysql.ssl.keyfile", Conf, undefined),
-                Verify = case cuttlefish:conf_get("auth.mysql.ssl.verify", Conf, false) of
-                             true -> verify_peer;
-                             false -> verify_none
-                         end,
-                SNI = case cuttlefish:conf_get("auth.mysql.ssl.server_name_indication", Conf, undefined) of
-                        "disable" -> disable;
-                        SNI0 -> SNI0
-                      end,
-                Options ++ [{ssl, Filter([{server_name_indication, SNI},
-                                          {cacertfile, CA},
-                                          {certfile, Cert},
-                                          {keyfile, Key},
-                                          {verify, Verify}
-                                         ])
-                            }];
-            _ ->
-                Options
-      end,
-  case inet:parse_address(MyHost) of
-      {ok, IpAddr} when tuple_size(IpAddr) =:= 8 ->
-          [{tcp_options, [inet6]} | Options1];
-      _ ->
-          Options1
-  end
-end}.
-
-{mapping, "auth.mysql.auth_query", "emqx_auth_mysql.auth_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.password_hash", "emqx_auth_mysql.password_hash", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.super_query", "emqx_auth_mysql.super_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.mysql.acl_query", "emqx_auth_mysql.acl_query", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_mysql.password_hash", fun(Conf) ->
-  HashValue = cuttlefish:conf_get("auth.mysql.password_hash", Conf),
-    case string:tokens(HashValue, ",") of
-        [Hash]           -> list_to_atom(Hash);
-        [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
-        [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
-        _                -> plain
-    end
-end}.
diff --git a/apps/emqx_auth_mysql/rebar.config b/apps/emqx_auth_mysql/rebar.config
deleted file mode 100644
index b86500e8f..000000000
--- a/apps/emqx_auth_mysql/rebar.config
+++ /dev/null
@@ -1,24 +0,0 @@
-{deps,
- [
-  {mysql, {git, "https://github.com/emqx/mysql-otp", {tag, "1.7.1"}}}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed,
-            {parse_transform}
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions
-              ]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl b/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl
deleted file mode 100644
index ef4acea94..000000000
--- a/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl
+++ /dev/null
@@ -1,119 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_mysql).
-
--include("emqx_auth_mysql.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
-%% ACL Callbacks
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) ->
-    case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of
-        ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
-        {stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
-        {stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
-    end.
-
-do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
-    ok;
-do_check_acl(Pool, ClientInfo, PubSub, Topic, _NoMatchAction, #{acl_query := {AclSql, AclParams}}) ->
-    case emqx_auth_mysql_cli:query(Pool, AclSql, AclParams, ClientInfo) of
-        {ok, _Columns, []} -> ok;
-        {ok, _Columns, Rows} ->
-            Rules = filter(PubSub, compile(Rows)),
-            case match(ClientInfo, Topic, Rules) of
-                {matched, allow} -> {stop, allow};
-                {matched, deny}  -> {stop, deny};
-                nomatch          -> ok
-            end;
-        {error, Reason} ->
-            ?LOG(error, "[MySQL] do_check_acl error: ~p~n", [Reason]),
-            ok
-    end.
-
-match(_ClientInfo, _Topic, []) ->
-    nomatch;
-
-match(ClientInfo, Topic, [Rule|Rules]) ->
-    case emqx_access_rule:match(ClientInfo, Topic, Rule) of
-        nomatch ->
-            match(ClientInfo, Topic, Rules);
-        {matched, AllowDeny} ->
-            {matched, AllowDeny}
-    end.
-
-filter(PubSub, Rules) ->
-    [Term || Term = {_, _, Access, _} <- Rules,
-             Access =:= PubSub orelse Access =:= pubsub].
-
-compile(Rows) ->
-    compile(Rows, []).
-compile([], Acc) ->
-    Acc;
-compile([[Allow, IpAddr, Username, ClientId, Access, Topic]|T], Acc) ->
-    Who  = who(IpAddr, Username, ClientId),
-    Term = {allow(Allow), Who, access(Access), [topic(Topic)]},
-    compile(T, [emqx_access_rule:compile(Term) | Acc]).
-
-who(_, <<"$all">>, _) ->
-    all;
-who(null, null, null) ->
-    throw(undefined_who);
-who(CIDR, Username, ClientId) ->
-    Cols = [{ipaddr, b2l(CIDR)}, {user, Username}, {client, ClientId}],
-    case [{C, V} || {C, V} <- Cols, not empty(V)] of
-        [Who] -> Who;
-        Conds -> {'and', Conds}
-    end.
-
-allow(1)  -> allow;
-allow(0)  -> deny;
-allow(<<"1">>)  -> allow;
-allow(<<"0">>)  -> deny.
-
-access(1) -> subscribe;
-access(2) -> publish;
-access(3) -> pubsub;
-access(<<"1">>) -> subscribe;
-access(<<"2">>) -> publish;
-access(<<"3">>) -> pubsub.
-
-topic(<<"eq ", Topic/binary>>) ->
-    {eq, Topic};
-topic(Topic) ->
-    Topic.
-
-description() ->
-    "ACL with Mysql".
-
-b2l(null) -> null;
-b2l(B)    -> binary_to_list(B).
-
-empty(null) -> true;
-empty("")   -> true;
-empty(<<>>) -> true;
-empty(_)    -> false.
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src b/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
deleted file mode 100644
index 8a0d116cc..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_mysql,
- [{description, "EMQ X Authentication/ACL with MySQL"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_mysql_sup]},
-  {applications, [kernel,stdlib,mysql,ecpool]},
-  {mod, {emqx_auth_mysql_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-mysql"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
deleted file mode 100644
index eba7ef081..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
+++ /dev/null
@@ -1,91 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql).
-
--include("emqx_auth_mysql.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("emqx/include/types.hrl").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--define(EMPTY(Username), (Username =:= undefined orelse Username =:= <<>>)).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{password := Password}, AuthResult,
-      #{auth_query  := {AuthSql, AuthParams},
-        super_query := SuperQuery,
-        hash_type   := HashType,
-        pool := Pool}) ->
-    CheckPass = case emqx_auth_mysql_cli:query(Pool, AuthSql, AuthParams, ClientInfo) of
-                    {ok, [<<"password">>], [[PassHash]]} ->
-                        check_pass({PassHash, Password}, HashType);
-                    {ok, [<<"password">>, <<"salt">>], [[PassHash, Salt]]} ->
-                        check_pass({PassHash, Salt, Password}, HashType);
-                    {ok, _Columns, []} ->
-                        {error, not_found};
-                    {error, Reason} ->
-                        ?LOG(error, "[MySQL] query '~p' failed: ~p", [AuthSql, Reason]),
-                        {error, Reason}
-                end,
-    case CheckPass of
-        ok ->
-            emqx_metrics:inc(?AUTH_METRICS(success)),
-            {stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
-                                anonymous => false,
-                                auth_result => success}};
-        {error, not_found} ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore)), ok;
-        {error, ResultCode} ->
-            ?LOG(error, "[MySQL] Auth from mysql failed: ~p", [ResultCode]),
-            emqx_metrics:inc(?AUTH_METRICS(failure)),
-            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
-    end.
-
-%%--------------------------------------------------------------------
-%% Is Superuser?
-%%--------------------------------------------------------------------
-
--spec(is_superuser(atom(), maybe({string(), list()}), emqx_types:client()) -> boolean()).
-is_superuser(_Pool, undefined, _ClientInfo) -> false;
-is_superuser(Pool, {SuperSql, Params}, ClientInfo) ->
-    case emqx_auth_mysql_cli:query(Pool, SuperSql, Params, ClientInfo) of
-        {ok, [_Super], [[1]]} ->
-            true;
-        {ok, [_Super], [[_False]]} ->
-            false;
-        {ok, [_Super], []} ->
-            false;
-        {error, _Error} ->
-            false
-    end.
-
-check_pass(Password, HashType) ->
-    case emqx_passwd:check_pass(Password, HashType) of
-        ok -> ok;
-        {error, _Reason} -> {error, not_authorized}
-    end.
-
-description() -> "Authentication with MySQL".
-
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
deleted file mode 100644
index ec1e25e6b..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_app.erl
+++ /dev/null
@@ -1,74 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_mysql.hrl").
-
--import(emqx_auth_mysql_cli, [parse_query/1]).
-
-%% Application callbacks
--export([ start/2
-        , prep_stop/1
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_mysql_sup:start_link(),
-    _ = if_enabled(auth_query, fun load_auth_hook/1),
-    _ = if_enabled(acl_query,  fun load_acl_hook/1),
-
-    {ok, Sup}.
-
-prep_stop(State) ->
-    emqx:unhook('client.authenticate', {emqx_auth_mysql, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_mysql, check_acl}),
-    State.
-
-stop(_State) ->
-    ok.
-
-load_auth_hook(AuthQuery) ->
-    ok = emqx_auth_mysql:register_metrics(),
-    SuperQuery = parse_query(application:get_env(?APP, super_query, undefined)),
-    {ok, HashType} = application:get_env(?APP, password_hash),
-    Params = #{auth_query  => AuthQuery,
-               super_query => SuperQuery,
-               hash_type   => HashType,
-               pool => ?APP},
-    emqx:hook('client.authenticate', {emqx_auth_mysql, check, [Params]}).
-
-load_acl_hook(AclQuery) ->
-    ok = emqx_acl_mysql:register_metrics(),
-    emqx:hook('client.check_acl', {emqx_acl_mysql, check_acl, [#{acl_query => AclQuery, pool =>?APP}]}).
-
-%%--------------------------------------------------------------------
-%% Internal function
-%%--------------------------------------------------------------------
-
-if_enabled(Cfg, Fun) ->
-    case application:get_env(?APP, Cfg) of
-        {ok, Query} -> Fun(parse_query(Query));
-        undefined   -> ok
-    end.
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
deleted file mode 100644
index cf3be3426..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_cli.erl
+++ /dev/null
@@ -1,91 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql_cli).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_mysql.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ parse_query/1
-        , connect/1
-        , query/4
-        ]).
-
-%%--------------------------------------------------------------------
-%% Avoid SQL Injection: Parse SQL to Parameter Query.
-%%--------------------------------------------------------------------
-
-parse_query(undefined) ->
-    undefined;
-parse_query(Sql) ->
-    case re:run(Sql, "'%[ucCad]'", [global, {capture, all, list}]) of
-        {match, Variables} ->
-            Params = [Var || [Var] <- Variables],
-            {re:replace(Sql, "'%[ucCad]'", "?", [global, {return, list}]), Params};
-        nomatch ->
-            {Sql, []}
-    end.
-
-%%--------------------------------------------------------------------
-%% MySQL Connect/Query
-%%--------------------------------------------------------------------
-
-connect(Options) ->
-    case mysql:start_link(Options) of
-        {ok, Pid} -> {ok, Pid};
-        ignore -> {error, ignore};
-        {error, Reason = {{_, {error, econnrefused}}, _}} ->
-            ?LOG(error, "[MySQL] Can't connect to MySQL server: Connection refused."),
-            {error, Reason};
-        {error, Reason = {ErrorCode, _, Error}} ->
-            ?LOG(error, "[MySQL] Can't connect to MySQL server: ~p - ~p", [ErrorCode, Error]),
-            {error, Reason};
-        {error, Reason} ->
-            ?LOG(error, "[MySQL] Can't connect to MySQL server: ~p", [Reason]),
-            {error, Reason}
-    end.
-
-query(Pool, Sql, Params, ClientInfo) ->
-    ecpool:with_client(Pool, fun(C) -> mysql:query(C, Sql, replvar(Params, ClientInfo)) end).
-
-replvar(Params, ClientInfo) ->
-    replvar(Params, ClientInfo, []).
-
-replvar([], _ClientInfo, Acc) ->
-    lists:reverse(Acc);
-
-replvar(["'%u'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(username, ClientInfo) | Acc]);
-replvar(["'%c'" | Params], ClientInfo = #{clientid := ClientId}, Acc) ->
-    replvar(Params, ClientInfo, [ClientId | Acc]);
-replvar(["'%a'" | Params], ClientInfo = #{peerhost := IpAddr}, Acc) ->
-    replvar(Params, ClientInfo, [inet_parse:ntoa(IpAddr) | Acc]);
-replvar(["'%C'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(cn, ClientInfo)| Acc]);
-replvar(["'%d'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(dn, ClientInfo)| Acc]);
-replvar([Param | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [Param | Acc]).
-
-safe_get(K, ClientInfo) ->
-    bin(maps:get(K, ClientInfo, "undefined")).
-
-bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
-bin(B) when is_binary(B) -> B;
-bin(X) -> X.
diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl
deleted file mode 100644
index 70f4987a3..000000000
--- a/apps/emqx_auth_mysql/src/emqx_auth_mysql_sup.erl
+++ /dev/null
@@ -1,40 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_mysql.hrl").
-
--export([start_link/0]).
-
-%% Supervisor callbacks
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-%%--------------------------------------------------------------------
-%% Supervisor callbacks
-%%--------------------------------------------------------------------
-
-init([]) ->
-    %% MySQL Connection Pool.
-    {ok, Server} = application:get_env(?APP, server),
-    PoolSpec = ecpool:pool_spec(?APP, ?APP, emqx_auth_mysql_cli, Server),
-    {ok, {{one_for_one, 10, 100}, [PoolSpec]}}.
-
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl
deleted file mode 100644
index 0ae81435d..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE.erl
+++ /dev/null
@@ -1,235 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mysql_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--define(APP, emqx_auth_mysql).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--define(DROP_ACL_TABLE, <<"DROP TABLE IF EXISTS mqtt_acl">>).
-
--define(CREATE_ACL_TABLE, <<"CREATE TABLE mqtt_acl ("
-                            "   id int(11) unsigned NOT NULL AUTO_INCREMENT,"
-                            "   allow int(1) DEFAULT NULL COMMENT '0: deny, 1: allow',"
-                            "   ipaddr varchar(60) DEFAULT NULL COMMENT 'IpAddress',"
-                            "   username varchar(100) DEFAULT NULL COMMENT 'Username',"
-                            "   clientid varchar(100) DEFAULT NULL COMMENT 'ClientId',"
-                            "   access int(2) NOT NULL COMMENT '1: subscribe, 2: publish, 3: pubsub',"
-                            "   topic varchar(100) NOT NULL DEFAULT '' COMMENT 'Topic Filter',"
-                            "   PRIMARY KEY (`id`)"
-                            ") ENGINE=InnoDB DEFAULT CHARSET=utf8mb4">>).
-
--define(INIT_ACL, <<"INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)"
-                    "VALUES (1,1,'127.0.0.1','u1','c1',1,'t1'),"
-                           "(2,0,'127.0.0.1','u2','c2',1,'t1'),"
-                           "(3,1,'10.10.0.110','u1','c1',1,'t1'),"
-                           "(4,1,'127.0.0.1','u3','c3',3,'t1')">>).
-
--define(DROP_AUTH_TABLE, <<"DROP TABLE IF EXISTS `mqtt_user`">>).
-
--define(CREATE_AUTH_TABLE, <<"CREATE TABLE `mqtt_user` ("
-                             "`id` int(11) unsigned NOT NULL AUTO_INCREMENT,"
-                             "`username` varchar(100) DEFAULT NULL,"
-                             "`password` varchar(100) DEFAULT NULL,"
-                             "`salt` varchar(100) DEFAULT NULL,"
-                             "`is_superuser` tinyint(1) DEFAULT 0,"
-                             "`created` datetime DEFAULT NULL,"
-                             "PRIMARY KEY (`id`),"
-                             "UNIQUE KEY `mqtt_username` (`username`)"
-                             ") ENGINE=InnoDB DEFAULT CHARSET=utf8mb4">>).
-
--define(INIT_AUTH, <<"INSERT INTO mqtt_user (id, is_superuser, username, password, salt)"
-                     "VALUES (1, 1, 'plain', 'plain', 'salt'),"
-                            "(2, 0, 'md5', '1bc29b36f623ba82aaf6724fd3b16718', 'salt'),"
-                            "(3, 0, 'sha', 'd8f4590320e1343a915b6394170650a8f35d6926', 'salt'),"
-                            "(4, 0, 'sha256', '5d5b09f6dcb2d53a5fffc60c4ac0d55fabdf556069d6631545f42aa6e3500f2e', 'salt'),"
-                            "(5, 0, 'pbkdf2_password', 'cdedb5281bb2f801565a1122b2563515', 'ATHENA.MIT.EDUraeburn'),"
-                            "(6, 0, 'bcrypt_foo', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.HbUIOdlQI0iS22Q5rd5z.JVVYH6sfm6', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.'),"
-                            "(7, 0, 'bcrypt', '$2y$16$rEVsDarhgHYB0TGnDFJzyu5f.T.Ha9iXMTk9J36NCMWWM7O16qyaK', 'salt'),"
-                            "(8, 0, 'bcrypt_wrong', '$2y$16$rEVsDarhgHYB0TGnDFJzyu', 'salt')">>).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    emqx_ct_helpers:start_apps([emqx_auth_mysql], fun set_special_configs/1),
-    init_mysql_data(),
-    Cfg.
-
-end_per_suite(_) ->
-    deinit_mysql_data(),
-    emqx_ct_helpers:stop_apps([emqx_auth_mysql]),
-    ok.
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, plugins_loaded_file,
-                        emqx_ct_helpers:deps_path(emqx, "test/emqx_SUITE_data/loaded_plugins"));
-
-set_special_configs(_App) ->
-    ok.
-
-init_mysql_data() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?APP})),
-    %% Users
-    ok = mysql:query(Pid, ?DROP_AUTH_TABLE),
-    ok = mysql:query(Pid, ?CREATE_AUTH_TABLE),
-    ok = mysql:query(Pid, ?INIT_AUTH),
-
-    %% ACLs
-    ok = mysql:query(Pid, ?DROP_ACL_TABLE),
-    ok = mysql:query(Pid, ?CREATE_ACL_TABLE),
-    ok = mysql:query(Pid, ?INIT_ACL).
-
-deinit_mysql_data() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?APP})),
-    ok = mysql:query(Pid, ?DROP_AUTH_TABLE),
-    ok = mysql:query(Pid, ?DROP_ACL_TABLE).
-
-%%--------------------------------------------------------------------
-%% Test cases
-%%--------------------------------------------------------------------
-
-t_check_acl(_) ->
-    User0 = #{zone => external,peerhost => {127,0,0,1}},
-    deny  = emqx_access_control:check_acl(User0, subscribe, <<"t1">>),
-    User1 = #{zone => external, clientid => <<"c1">>, username => <<"u1">>, peerhost => {127,0,0,1}},
-    User2 = #{zone => external, clientid => <<"c2">>, username => <<"u2">>, peerhost => {127,0,0,1}},
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"t1">>),
-    deny  = emqx_access_control:check_acl(User2, subscribe, <<"t1">>),
-
-    User3 = #{zone => external, peerhost => {10,10,0,110}, clientid => <<"c1">>, username => <<"u1">>},
-    User4 = #{zone => external, peerhost => {10,10,10,110}, clientid => <<"c1">>, username => <<"u1">>},
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
-    deny  = emqx_access_control:check_acl(User3, subscribe, <<"t2">>),%% nomatch -> ignore -> emqx acl
-    deny  = emqx_access_control:check_acl(User4, subscribe, <<"t1">>),%% nomatch -> ignore -> emqx acl
-    User5 = #{zone => external, peerhost => {127,0,0,1}, clientid => <<"c3">>, username => <<"u3">>},
-    allow = emqx_access_control:check_acl(User5, subscribe, <<"t1">>),
-    allow = emqx_access_control:check_acl(User5, publish, <<"t1">>).
-
-t_acl_super(_Config) ->
-    reload([{password_hash, plain},
-            {auth_query, "select password from mqtt_user where username = '%u' limit 1"}]),
-    {ok, C} = emqtt:start_link([{host, "localhost"},
-                                {clientid, <<"simpleClient">>},
-                                {username, <<"plain">>},
-                                {password, <<"plain">>}]),
-    {ok, _} = emqtt:connect(C),
-    timer:sleep(10),
-    emqtt:subscribe(C, <<"TopicA">>, qos2),
-    timer:sleep(1000),
-    emqtt:publish(C, <<"TopicA">>, <<"Payload">>, qos2),
-    timer:sleep(1000),
-    receive
-        {publish, #{payload := Payload}} ->
-            ?assertEqual(<<"Payload">>, Payload)
-    after
-        1000 ->
-            ct:fail({receive_timeout, <<"Payload">>}),
-            ok
-    end,
-    emqtt:disconnect(C).
-
-t_check_auth(_) ->
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    Md5 = #{clientid => <<"md5">>, username => <<"md5">>, zone => external},
-    Sha = #{clientid => <<"sha">>, username => <<"sha">>, zone => external},
-    Sha256 = #{clientid => <<"sha256">>, username => <<"sha256">>, zone => external},
-    Pbkdf2 = #{clientid => <<"pbkdf2_password">>, username => <<"pbkdf2_password">>, zone => external},
-    BcryptFoo = #{clientid => <<"bcrypt_foo">>, username => <<"bcrypt_foo">>, zone => external},
-    User1 = #{clientid => <<"bcrypt_foo">>, username => <<"user">>, zone => external},
-    Bcrypt = #{clientid => <<"bcrypt">>, username => <<"bcrypt">>, zone => external},
-    BcryptWrong = #{clientid => <<"bcrypt_wrong">>, username => <<"bcrypt_wrong">>, zone => external},
-    reload([{password_hash, plain}]),
-    {ok,#{is_superuser := true}} =
-        emqx_access_control:authenticate(Plain#{password => <<"plain">>}),
-    reload([{password_hash, md5}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Md5#{password => <<"md5">>}),
-    reload([{password_hash, sha}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Sha#{password => <<"sha">>}),
-    reload([{password_hash, sha256}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Sha256#{password => <<"sha256">>}),
-    reload([{password_hash, bcrypt}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(BcryptWrong#{password => <<"password">>}),
-    %%pbkdf2 sha
-    reload([{password_hash, {pbkdf2, sha, 1, 16}},
-            {auth_query, "select password, salt from mqtt_user where username = '%u' limit 1"}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Pbkdf2#{password => <<"password">>}),
-    reload([{password_hash, {salt, bcrypt}}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(BcryptFoo#{password => <<"foo">>}),
-    {error, _} = emqx_access_control:authenticate(User1#{password => <<"foo">>}),
-    {error, not_authorized} = emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}).
-
-t_comment_config(_) ->
-    application:stop(?APP),
-    [application:unset_env(?APP, Par) || Par <- [acl_query, auth_query]],
-    application:start(?APP).
-
-t_placeholders(_) ->
-    ClientA = #{username => <<"plain">>, clientid => <<"plain">>, zone => external},
-
-    reload([{password_hash, plain},
-            {auth_query, "select password from mqtt_user where username = '%u' and 'a_cn_val' = '%C' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, cn => undefined}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, cn => <<"a_cn_val">>}),
-
-    reload([{auth_query, "select password from mqtt_user where username = '%c' and 'a_dn_val' = '%d' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, dn => undefined}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, dn => <<"a_dn_val">>}),
-
-    reload([{auth_query, "select password from mqtt_user where username = '%u' and '192.168.1.5' = '%a' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, peerhost => {192,168,1,5}}).
-
-%%--------------------------------------------------------------------
-%% Internal funcs
-%%--------------------------------------------------------------------
-
-reload(Config) when is_list(Config) ->
-    application:stop(?APP),
-    [application:set_env(?APP, K, V) || {K, V} <- Config],
-    application:start(?APP).
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca-key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca-key.pem
deleted file mode 100644
index e9717011e..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0kGUBi9NDp65jgdxKfizIfuSr2wpwb44yM9SuP4oUQSULOA2
-4iFpLR/c5FAYHU81y9Vx91dQjdZfffaBZuv2zVvteXUkol8Nez7boKbo2E41MTew
-8edtNKZAQVvnaHAC2NCZxjchCzUCDEoUUcl+cIERZ8R48FBqK5iTVcMRIx1akwus
-+dhBqP0ykA5TGOWZkJrLM9aUXSPQha9+wXlOpkvu0Ur2nkX8PPJnifWao9UShSar
-ll1IqPZNCSlZMwcFYcQNBCpdvITUUYlHvMRQV64bUpOxUGDuJkQL3dLKBlNuBRlJ
-BcjBAKw7rFnwwHZcMmQ9tan/dZzpzwjo/T0XjwIDAQABAoIBAQCSHvUqnzDkWjcG
-l/Fzg92qXlYBCCC0/ugj1sHcwvVt6Mq5rVE3MpUPwTcYjPlVVTlD4aEEjm/zQuq2
-ddxUlOS+r4aIhHrjRT/vSS4FpjnoKeIZxGR6maVxk6DQS3i1QjMYT1CvSpzyVvKH
-a+xXMrtmoKxh+085ZAmFJtIuJhUA2yEa4zggCxWnvz8ecLClUPfVDPhdLBHc3KmL
-CRpHEC6L/wanvDPRdkkzfKyaJuIJlTDaCg63AY5sDkTW2I57iI/nJ3haSeidfQKz
-39EfbnM1A/YprIakafjAu3frBIsjBVcxwGihZmL/YriTHjOggJF841kT5zFkkv2L
-/530Wk6xAoGBAOqZLZ4DIi/zLndEOz1mRbUfjc7GQUdYplBnBwJ22VdS0P4TOXnd
-UbJth2MA92NM7ocTYVFl4TVIZY/Y+Prxk7KQdHWzR7JPpKfx9OEVgtSqV0vF9eGI
-rKp79Y1T4Mvc3UcQCXX6TP7nHLihEzpS8odm2LW4txrOiLsn4Fq/IWrLAoGBAOVv
-6U4tm3lImotUupKLZPKEBYwruo9qRysoug9FiorP4TjaBVOfltiiHbAQD6aGfVtN
-SZpZZtrs17wL7Xl4db5asgMcZd+8Hkfo5siR7AuGW9FZloOjDcXb5wCh9EvjJ74J
-Cjw7RqyVymq9t7IP6wnVwj5Ck48YhlOZCz/mzlnNAoGAWq7NYFgLvgc9feLFF23S
-IjpJQZWHJEITP98jaYNxbfzYRm49+GphqxwFinKULjFNvq7yHlnIXSVYBOu1CqOZ
-GRwXuGuNmlKI7lZr9xmukfAqgGLMMdr4C4qRF4lFyufcLRz42z7exmWlx4ST/yaT
-E13hBRWayeTuG5JFei6Jh1MCgYEAqmX4LyC+JFBgvvQZcLboLRkSCa18bADxhENG
-FAuAvmFvksqRRC71WETmqZj0Fqgxt7pp3KFjO1rFSprNLvbg85PmO1s+6fCLyLpX
-lESTu2d5D71qhK93jigooxalGitFm+SY3mzjq0/AOpBWOn+J/w7rqVPGxXLgaHv0
-l+vx+00CgYBOvo9/ImjwYii2jFl+sHEoCzlvpITi2temRlT2j6ulSjCLJgjwEFw9
-8e+vvfQumQOsutakUVyURrkMGNDiNlIv8kv5YLCCkrwN22E6Ghyi69MJUvHQXkc/
-QZhjn/luyfpB5f/BeHFS2bkkxAXo+cfG45ApY3Qfz6/7o+H+vDa6/A==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
deleted file mode 100644
index 00b31d8a4..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAeugAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowPDE6MDgGA1UEAwwxTXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DQV9DZXJ0aWZpY2F0ZTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJBlAYvTQ6euY4HcSn4syH7kq9s
-KcG+OMjPUrj+KFEElCzgNuIhaS0f3ORQGB1PNcvVcfdXUI3WX332gWbr9s1b7Xl1
-JKJfDXs+26Cm6NhONTE3sPHnbTSmQEFb52hwAtjQmcY3IQs1AgxKFFHJfnCBEWfE
-ePBQaiuYk1XDESMdWpMLrPnYQaj9MpAOUxjlmZCayzPWlF0j0IWvfsF5TqZL7tFK
-9p5F/DzyZ4n1mqPVEoUmq5ZdSKj2TQkpWTMHBWHEDQQqXbyE1FGJR7zEUFeuG1KT
-sVBg7iZEC93SygZTbgUZSQXIwQCsO6xZ8MB2XDJkPbWp/3Wc6c8I6P09F48CAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADKz6bIpP5anp
-GgLB0jkclRWuMlS4qqIt4itSsMXPJ/ezpHwECixmgW2TIQl6S1woRkUeMxhT2/Ay
-Sn/7aKxuzRagyE5NEGOvrOuAP5RO2ZdNJ/X3/Rh533fK1sOTEEbSsWUvW6iSkZef
-rsfZBVP32xBhRWkKRdLeLB4W99ADMa0IrTmZPCXHSSE2V4e1o6zWLXcOZeH1Qh8N
-SkelBweR+8r1Fbvy1r3s7eH7DCbYoGEDVLQGOLvzHKBisQHmoDnnF5E9g1eeNRdg
-o+vhOKfYCOzeNREJIqS42PHcGhdNRk90ycigPmfUJclz1mDHoMjKR2S5oosTpr65
-tNPx3CL7GA==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
deleted file mode 100644
index aad1404ca..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAzANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0N1oXDTMwMDYwOTAzMzg0N1owQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DbGllbnRfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVYSWpOvCTupz82fc85Opv
-EQ7rkB8X2oOMyBCpkyHKBIr1ZQgRDWBp9UVOASq3GnSElm6+T3Kb1QbOffa8GIlw
-sjAueKdq5L2eSkmPIEQ7eoO5kEW+4V866hE1LeL/PmHg2lGP0iqZiJYtElhHNQO8
-3y9I7cm3xWMAA3SSWikVtpJRn3qIp2QSrH+tK+/HHbE5QwtPxdir4ULSCSOaM5Yh
-Wi5Oto88TZqe1v7SXC864JVvO4LuS7TuSreCdWZyPXTJFBFeCEWSAxonKZrqHbBe
-CwKML6/0NuzjaQ51c2tzmVI6xpHj3nnu4cSRx6Jf9WBm+35vm0wk4pohX3ptdzeV
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAByQ5zSNeFUH
-Aw7JlpZHtHaSEeiiyBHke20ziQ07BK1yi/ms2HAWwQkpZv149sjNuIRH8pkTmkZn
-g8PDzSefjLbC9AsWpWV0XNV22T/cdobqLqMBDDZ2+5bsV+jTrOigWd9/AHVZ93PP
-IJN8HJn6rtvo2l1bh/CdsX14uVSdofXnuWGabNTydqtMvmCerZsdf6qKqLL+PYwm
-RDpgWiRUY7KPBSSlKm/9lJzA+bOe4dHeJzxWFVCJcbpoiTFs1je1V8kKQaHtuW39
-ifX6LTKUMlwEECCbDKM8Yq2tm8NjkjCcnFDtKg8zKGPUu+jrFMN5otiC3wnKcP7r
-O9EkaPcgYH8=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
deleted file mode 100644
index 6789d0291..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1WElqTrwk7qc/Nn3POTqbxEO65AfF9qDjMgQqZMhygSK9WUI
-EQ1gafVFTgEqtxp0hJZuvk9ym9UGzn32vBiJcLIwLninauS9nkpJjyBEO3qDuZBF
-vuFfOuoRNS3i/z5h4NpRj9IqmYiWLRJYRzUDvN8vSO3Jt8VjAAN0klopFbaSUZ96
-iKdkEqx/rSvvxx2xOUMLT8XYq+FC0gkjmjOWIVouTraPPE2antb+0lwvOuCVbzuC
-7ku07kq3gnVmcj10yRQRXghFkgMaJyma6h2wXgsCjC+v9Dbs42kOdXNrc5lSOsaR
-49557uHEkceiX/VgZvt+b5tMJOKaIV96bXc3lQIDAQABAoIBAF7yjXmSOn7h6P0y
-WCuGiTLG2mbDiLJqj2LTm2Z5i+2Cu/qZ7E76Ls63TxF4v3MemH5vGfQhEhR5ZD/6
-GRJ1sKKvB3WGRqjwA9gtojHH39S/nWGy6vYW/vMOOH37XyjIr3EIdIaUtFQBTSHd
-Kd71niYrAbVn6fyWHolhADwnVmTMOl5OOAhCdEF4GN3b5aIhIu8BJ7EUzTtHBJIj
-CAEfjZFjDs1y1cIgGFJkuIQxMfCpq5recU2qwip7YO6fk//WEjOPu7kSf5IEswL8
-jg1dea9rGBV6KaD2xsgsC6Ll6Sb4BbsrHMfflG3K2Lk3RdVqqTFp1Fn1PTLQE/1S
-S/SZPYECgYEA9qYcHKHd0+Q5Ty5wgpxKGa4UCWkpwvfvyv4bh8qlmxueB+l2AIdo
-ZvkM8gTPagPQ3WypAyC2b9iQu70uOJo1NizTtKnpjDdN1YpDjISJuS/P0x73gZwy
-gmoM5AzMtN4D6IbxXtXnPaYICvwLKU80ouEN5ZPM4/ODLUu6gsp0v2UCgYEA3Xgi
-zMC4JF0vEKEaK0H6QstaoXUmw/lToZGH3TEojBIkb/2LrHUclygtONh9kJSFb89/
-jbmRRLAOrx3HZKCNGUmF4H9k5OQyAIv6OGBinvLGqcbqnyNlI+Le8zxySYwKMlEj
-EMrBCLmSyi0CGFrbZ3mlj/oCET/ql9rNvcK+DHECgYAEx5dH3sMjtgp+RFId1dWB
-xePRgt4yTwewkVgLO5wV82UOljGZNQaK6Eyd7AXw8f38LHzh+KJQbIvxd2sL4cEi
-OaAoohpKg0/Y0YMZl//rPMf0OWdmdZZs/I0fZjgZUSwWN3c59T8z7KG/RL8an9RP
-S7kvN7wCttdV61/D5RR6GQKBgDxCe/WKWpBKaovzydMLWLTj7/0Oi0W3iXHkzzr4
-LTgvl4qBSofaNbVLUUKuZTv5rXUG2IYPf99YqCYtzBstNDc1MiAriaBeFtzfOW4t
-i6gEFtoLLbuvPc3N5Sv5vn8Ug5G9UfU3td5R4AbyyCcoUZqOFuZd+EIJSiOXfXOs
-kVmBAoGBAIU9aPAqhU5LX902oq8KsrpdySONqv5mtoStvl3wo95WIqXNEsFY60wO
-q02jKQmJJ2MqhkJm2EoF2Mq8+40EZ5sz8LdgeQ/M0yQ9lAhPi4rftwhpe55Ma9dk
-SE9X1c/DMCBEaIjJqVXdy0/EeArwpb8sHkguVVAZUWxzD+phm1gs
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/private_key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/private_key.pem
deleted file mode 100644
index 8fbf6bdec..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/private_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1zVmMhPqpSPMmYkKh5wwlRD5XuS8YWJKEM6tjFx61VK8qxHE
-YngkC2KnL5EuKAjQZIF3tJskwt0hAat047CCCZxrkNEpbVvSnvnk+A/8bg/Ww1n3
-qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XAPy7ZjzecAF9SDV6WSiPeAxUX2+hN
-dId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGwcnkKCUikiBqr2ijSIgvRtBfZ9fBG
-jFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtPnBtTytmqTy9V/BRgsVKUoksm6wsx
-kUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h+wIDAQABAoIBAEQcrHmRACTADdNS
-IjkFYALt2l8EOfMAbryfDSJtapr1kqz59JPNvmq0EIHnixo0n/APYdmReLML1ZR3
-tYkSpjVwgkLVUC1CcIjMQoGYXaZf8PLnGJHZk45RR8m6hsTV0mQ5bfBaeVa2jbma
-OzJMjcnxg/3l9cPQZ2G/3AUfEPccMxOXp1KRz3mUQcGnKJGtDbN/kfmntcwYoxaE
-Zg4RoeKAoMpK1SSHAiJKe7TnztINJ7uygR9XSzNd6auY8A3vomSIjpYO7XL+lh7L
-izm4Ir3Gb/eCYBvWgQyQa2KCJgK/sQyEs3a09ngofSEUhQJQYhgZDwUj+fDDOGqj
-hCZOA8ECgYEA+ZWuHdcUQ3ygYhLds2QcogUlIsx7C8n/Gk/FUrqqXJrTkuO0Eqqa
-B47lCITvmn2zm0ODfSFIARgKEUEDLS/biZYv7SUTrFqBLcet+aGI7Dpv91CgB75R
-tNzcIf8VxoiP0jPqdbh9mLbbxGi5Uc4p9TVXRljC4hkswaouebWee0sCgYEA3L2E
-YB3kiHrhPI9LHS5Px9C1w+NOu5wP5snxrDGEgaFCvL6zgY6PflacppgnmTXl8D1x
-im0IDKSw5dP3FFonSVXReq3CXDql7UnhfTCiLDahV7bLxTH42FofcBpDN3ERdOal
-58RwQh6VrLkzQRVoObo+hbGlFiwwSAfQC509FhECgYBsRSBpVXo25IN2yBRg09cP
-+gdoFyhxrsj5kw1YnB13WrrZh+oABv4WtUhp77E5ZbpaamlKCPwBbXpAjeFg4tfr
-0bksuN7V79UGFQ9FsWuCfr8/nDwv38H2IbFlFhFONMOfPmJBey0Q6JJhm8R41mSh
-OOiJXcv85UrjIH5U0hLUDQKBgQDVLOU5WcUJlPoOXSgiT0ZW5xWSzuOLRUUKEf6l
-19BqzAzCcLy0orOrRAPW01xylt2v6/bJw1Ahva7k1ZZo/kOwjANYoZPxM+ZoSZBN
-MXl8j2mzZuJVV1RFxItV3NcLJNPB/Lk+IbRz9kt/2f9InF7iWR3mSU/wIM6j0X+2
-p6yFsQKBgQCM/ldWb511lA+SNkqXB2P6WXAgAM/7+jwsNHX2ia2Ikufm4SUEKMSv
-mti/nZkHDHsrHU4wb/2cOAywMELzv9EHzdcoenjBQP65OAc/1qWJs+LnBcCXfqKk
-aHjEZW6+brkHdRGLLY3YAHlt/AUL+RsKPJfN72i/FSpmu+52G36eeQ==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/public_key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/public_key.pem
deleted file mode 100644
index f9772b533..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/public_key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zVmMhPqpSPMmYkKh5ww
-lRD5XuS8YWJKEM6tjFx61VK8qxHEYngkC2KnL5EuKAjQZIF3tJskwt0hAat047CC
-CZxrkNEpbVvSnvnk+A/8bg/Ww1n3qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XA
-Py7ZjzecAF9SDV6WSiPeAxUX2+hNdId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGw
-cnkKCUikiBqr2ijSIgvRtBfZ9fBGjFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtP
-nBtTytmqTy9V/BRgsVKUoksm6wsxkUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h
-+wIDAQAB
------END PUBLIC KEY-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem
deleted file mode 100644
index a2f9688df..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcEnEm5hqP1EbEJycOz8Ua
-NWp29QdpFUzTWhkKGhVXk+0msmNTw4NBAFB42moY44OU8wvDideOlJNhPRWveD8z
-G2lxzJA91p0UK4et8ia9MmeuCGhdC9jxJ8X69WNlUiPyy0hI/ZsqRq9Z0C2eW0iL
-JPXsy4X8Xpw3SFwoXf5pR9RFY5Pb2tuyxqmSestu2VXT/NQjJg4CVDR3mFcHPXZB
-4elRzH0WshExEGkgy0bg20MJeRc2Qdb5Xx+EakbmwroDWaCn3NSGqQ7jv6Vw0doy
-TGvS6h6RHBxnyqRfRgKGlCoOMG9/5+rFJC00QpCUG2vHXHWGoWlMlJ3foN7rj5v9
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ5zt2rj4Ag6
-zpN59AWC1Fur8g8l41ksHkSpKPp+PtyO/ngvbMqBpfmK1e7JCKZv/68QXfMyWWAI
-hwalqZkXXWHKjuz3wE7dE25PXFXtGJtcZAaj10xt98fzdqt8lQSwh2kbfNwZIz1F
-sgAStgE7+ZTcqTgvNB76Os1UK0to+/P0VBWktaVFdyub4Nc2SdPVnZNvrRBXBwOD
-3V8ViwywDOFoE7DvCvwx/SVsvoC0Z4j3AMMovO6oHicP7uU83qsQgm1Qru3YeoLR
-+DoVi7IPHbWvN7MqFYn3YjNlByO2geblY7MR0BlqbFlmFrqLsUfjsh2ys7/U/knC
-dN/klu446fI=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem b/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem
deleted file mode 100644
index a1dfd5f78..000000000
--- a/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAnBJxJuYaj9RGxCcnDs/FGjVqdvUHaRVM01oZChoVV5PtJrJj
-U8ODQQBQeNpqGOODlPMLw4nXjpSTYT0Vr3g/MxtpccyQPdadFCuHrfImvTJnrgho
-XQvY8SfF+vVjZVIj8stISP2bKkavWdAtnltIiyT17MuF/F6cN0hcKF3+aUfURWOT
-29rbssapknrLbtlV0/zUIyYOAlQ0d5hXBz12QeHpUcx9FrIRMRBpIMtG4NtDCXkX
-NkHW+V8fhGpG5sK6A1mgp9zUhqkO47+lcNHaMkxr0uoekRwcZ8qkX0YChpQqDjBv
-f+fqxSQtNEKQlBtrx1x1hqFpTJSd36De64+b/QIDAQABAoIBAFiah66Dt9SruLkn
-WR8piUaFyLlcBib8Nq9OWSTJBhDAJERxxb4KIvvGB+l0ZgNXNp5bFPSfzsZdRwZP
-PX5uj8Kd71Dxx3mz211WESMJdEC42u+MSmN4lGLkJ5t/sDwXU91E1vbJM0ve8THV
-4/Ag9qA4DX2vVZOeyqT/6YHpSsPNZplqzrbAiwrfHwkctHfgqwOf3QLfhmVQgfCS
-VwidBldEUv2whSIiIxh4Rv5St4kA68IBCbJxdpOpyuQBkk6CkxZ7VN9FqOuSd4Pk
-Wm7iWyBMZsCmELZh5XAXld4BEt87C5R4CvbPBDZxAv3THk1DNNvpy3PFQfwARRFb
-SAToYMECgYEAyL7U8yxpzHDYWd3oCx6vTi9p9N/z0FfAkWrRF6dm4UcSklNiT1Aq
-EOnTA+SaW8tV3E64gCWcY23gNP8so/ZseWj6L+peHwtchaP9+KB7yGw2A+05+lOx
-VetLTjAOmfpiUXFe5w1q4C1RGhLjZjjzW+GvwdAuchQgUEFaomrV+PUCgYEAxwfH
-cmVGFbAktcjU4HSRjKSfawCrut+3YUOLybyku3Q/hP9amG8qkVTFe95CTLjLe2D0
-ccaTTpofFEJ32COeck0g0Ujn/qQ+KXRoauOYs4FB1DtqMpqB78wufWEUpDpbd9/h
-J+gJdC/IADd4tJW9zA92g8IA7ZtFmqDtiSpQ0ekCgYAQGkaorvJZpN+l7cf0RGTZ
-h7IfI2vCVZer0n6tQA9fmLzjoe6r4AlPzAHSOR8sp9XeUy43kUzHKQQoHCPvjw/K
-eWJAP7OHF/k2+x2fOPhU7mEy1W+mJdp+wt4Kio5RSaVjVQ3AyPG+w8PSrJszEvRq
-dWMMz+851WV2KpfjmWBKlQKBgQC++4j4DZQV5aMkSKV1CIZOBf3vaIJhXKEUFQPD
-PmB4fBEjpwCg+zNGp6iktt65zi17o8qMjrb1mtCt2SY04eD932LZUHNFlwcLMmes
-Ad+aiDLJ24WJL1f16eDGcOyktlblDZB5gZ/ovJzXEGOkLXglosTfo77OQculmDy2
-/UL2WQKBgGeKasmGNfiYAcWio+KXgFkHXWtAXB9B91B1OFnCa40wx+qnl71MIWQH
-PQ/CZFNWOfGiNEJIZjrHsfNJoeXkhq48oKcT0AVCDYyLV0VxDO4ejT95mGW6njNd
-JpvmhwwAjOvuWVr0tn4iXlSK8irjlJHmwcRjLTJq97vE9fsA2MjI
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_pgsql/.gitignore b/apps/emqx_auth_pgsql/.gitignore
deleted file mode 100644
index 672d34c0c..000000000
--- a/apps/emqx_auth_pgsql/.gitignore
+++ /dev/null
@@ -1,20 +0,0 @@
-ebin
-.rebar
-.eunit
-.DS_Store
-.erlang.mk/
-deps/
-emqx_auth_pgsql.d
-ct.coverdata
-logs/
-test/ct.cover.spec
-test/*.beam
-data/
-.DS_Store
-cover/
-eunit.coverdata
-_build/
-rebar.lock
-erlang.mk
-*.conf.rendered
-.rebar3/
diff --git a/apps/emqx_auth_pgsql/README.md b/apps/emqx_auth_pgsql/README.md
deleted file mode 100644
index a8f5d723f..000000000
--- a/apps/emqx_auth_pgsql/README.md
+++ /dev/null
@@ -1,183 +0,0 @@
-emqx_auth_pgsql
-===============
-
-Authentication/ACL with PostgreSQL Database.
-
-Build Plugin
-------------
-
-make && make tests
-
-Configuration
--------------
-
-File: etc/emqx_auth_pgsql.conf
-
-```
-## PostgreSQL server address.
-##
-## Value: Port | IP:Port
-##
-## Examples: 5432, 127.0.0.1:5432, localhost:5432
-auth.pgsql.server = 127.0.0.1:5432
-
-## PostgreSQL pool size.
-##
-## Value: Number
-auth.pgsql.pool = 8
-
-## PostgreSQL username.
-##
-## Value: String
-auth.pgsql.username = root
-
-## PostgreSQL password.
-##
-## Value: String
-## auth.pgsql.password =
-
-## PostgreSQL database.
-##
-## Value: String
-auth.pgsql.database = mqtt
-
-## PostgreSQL database encoding.
-##
-## Value: String
-auth.pgsql.encoding = utf8
-
-## Whether to enable SSL connection.
-##
-## Value: true | false
-auth.pgsql.ssl.enable = false
-
-## SSL keyfile.
-##
-## Value: File
-## auth.pgsql.ssl_opts.keyfile =
-
-## SSL certfile.
-##
-## Value: File
-## auth.pgsql.ssl_opts.certfile =
-
-## SSL cacertfile.
-##
-## Value: File
-## auth.pgsql.ssl_opts.cacertfile =
-
-## Authentication query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##
-auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.pgsql.password_hash = sha256
-
-## sha256 with salt prefix
-## auth.pgsql.password_hash = salt,sha256
-
-## sha256 with salt suffix
-## auth.pgsql.password_hash = sha256,salt
-
-## bcrypt with salt prefix
-## auth.pgsql.password_hash = salt,bcrypt
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.pgsql.password_hash = pbkdf2,sha256,1000,20
-
-## Superuser query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
-
-## ACL query. Comment this query, the ACL will be disabled.
-##
-## Value: SQL
-##
-## Variables:
-##  - %a: ipaddress
-##  - %u: username
-##  - %c: clientid
-auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
-```
-
-Load Plugin
------------
-
-./bin/emqx_ctl plugins load emqx_auth_pgsql
-
-Auth Table
-----------
-
-Notice: This is a demo table. You could authenticate with any user table.
-
-```sql
-CREATE TABLE mqtt_user (
-  id SERIAL primary key,
-  is_superuser boolean,
-  username character varying(100),
-  password character varying(100),
-  salt character varying(40)
-)
-```
-
-ACL Table
----------
-
-```sql
-CREATE TABLE mqtt_acl (
-  id SERIAL primary key,
-  allow integer,
-  ipaddr character varying(60),
-  username character varying(100),
-  clientid character varying(100),
-  access  integer,
-  topic character varying(100)
-)
-
-INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
-VALUES
-	(1,1,NULL,'$all',NULL,2,'#'),
-	(2,0,NULL,'$all',NULL,1,'$SYS/#'),
-	(3,0,NULL,'$all',NULL,1,'eq #'),
-	(5,1,'127.0.0.1',NULL,NULL,2,'$SYS/#'),
-	(6,1,'127.0.0.1',NULL,NULL,2,'#'),
-	(7,1,NULL,'dashboard',NULL,1,'$SYS/#');
-```
-**allow:** Client's permission to access a topic. '0' means that the client does not have permission to access the topic, '1' means that the client have permission to access the topic.
-
-**ipaddr:** Client IP address. For all ip addresses it can be '$all' or 'NULL'. 
-
-**username:** Client username. For all users it can be '$all' or 'NULL'. 
-
-**clientid:** Client id. For all client ids it can be '$all' or 'NULL'. 
-	
-**access:** Operations that the client can perform. '1' means that the client can subscribe to a topic, '2' means that the client can publish to a topic, '3' means that the client can subscribe and can publish to a topic.
-
-**topic:** Topic name. Topic wildcards are supported. 
-
-**Notice that only one value allowed for ipaddr, username and clientid fields.**
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf b/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
deleted file mode 100644
index 6f7018210..000000000
--- a/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+++ /dev/null
@@ -1,132 +0,0 @@
-##--------------------------------------------------------------------
-## PostgreSQL Auth/ACL Plugin
-##--------------------------------------------------------------------
-
-## PostgreSQL server address.
-##
-## Value: Port | IP:Port
-##
-## Examples: 5432, "127.0.0.1:5432", "localhost:5432"
-auth.pgsql.server = "127.0.0.1:5432"
-
-## PostgreSQL pool size.
-##
-## Value: Number
-auth.pgsql.pool = 8
-
-## PostgreSQL username.
-##
-## Value: String
-auth.pgsql.username = root
-
-## PostgreSQL password.
-##
-## Value: String
-#auth.pgsql.password =
-
-## PostgreSQL database.
-##
-## Value: String
-auth.pgsql.database = mqtt
-
-## PostgreSQL database encoding.
-##
-## Value: String
-auth.pgsql.encoding = utf8
-
-## Whether to enable SSL connection.
-##
-## Value: on | off
-auth.pgsql.ssl.enable = off
-
-## TLS version.
-##
-## Available enum values:
-##    tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
-##
-## Value: String, seperated by ','
-#auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1
-
-## SSL keyfile.
-##
-## Value: File
-#auth.pgsql.ssl.keyfile =
-
-## SSL certfile.
-##
-## Value: File
-#auth.pgsql.ssl.certfile =
-
-## SSL cacertfile.
-##
-## Value: File
-#auth.pgsql.ssl.cacertfile =
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-#auth.pgsql.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.pgsql.server` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.pgsql.ssl.server_name_indication = disable
-
-## Authentication query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.pgsql.auth_query = "select password from mqtt_user where username = '%u' limit 1"
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.pgsql.password_hash = sha256
-
-## sha256 with salt prefix
-## auth.pgsql.password_hash = "salt,sha256"
-
-## sha256 with salt suffix
-## auth.pgsql.password_hash = "sha256,salt"
-
-## bcrypt with salt prefix
-## auth.pgsql.password_hash = "salt,bcrypt"
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.pgsql.password_hash = "pbkdf2,sha256,1000,20"
-
-## Superuser query.
-##
-## Value: SQL
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-auth.pgsql.super_query = "select is_superuser from mqtt_user where username = '%u' limit 1"
-
-## ACL query. Comment this query, the ACL will be disabled.
-##
-## Value: SQL
-##
-## Variables:
-##  - %a: ipaddress
-##  - %u: username
-##  - %c: clientid
-##
-## Note: You can add the 'ORDER BY' statement to control the rules match order
-auth.pgsql.acl_query = "select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
diff --git a/apps/emqx_auth_pgsql/include/emqx_auth_pgsql.hrl b/apps/emqx_auth_pgsql/include/emqx_auth_pgsql.hrl
deleted file mode 100644
index b86692752..000000000
--- a/apps/emqx_auth_pgsql/include/emqx_auth_pgsql.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
--define(APP, emqx_auth_pgsql).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore  = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
-
diff --git a/apps/emqx_auth_pgsql/mqtt.sql b/apps/emqx_auth_pgsql/mqtt.sql
deleted file mode 100644
index 933b0058a..000000000
--- a/apps/emqx_auth_pgsql/mqtt.sql
+++ /dev/null
@@ -1,28 +0,0 @@
-
-CREATE TABLE mqtt_user (
-  id SERIAL primary key,
-  is_superuser boolean,
-  username character varying(100),
-  password character varying(100),
-  salt character varying(40)
-);
-
-CREATE TABLE mqtt_acl (
-  id SERIAL primary key,
-  allow integer,
-  ipaddr character varying(60),
-  username character varying(100),
-  clientid character varying(100),
-  access  integer,
-  topic character varying(100)
-);
-
-INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
-VALUES
-	(1,1,NULL,'$all',NULL,2,'#'),
-	(2,0,NULL,'$all',NULL,1,'$SYS/#'),
-	(3,0,NULL,'$all',NULL,1,'eq #'),
-	(5,1,'127.0.0.1',NULL,NULL,2,'$SYS/#'),
-	(6,1,'127.0.0.1',NULL,NULL,2,'#'),
-	(7,1,NULL,'dashboard',NULL,1,'$SYS/#');
-
diff --git a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
deleted file mode 100644
index 2be9b0670..000000000
--- a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
+++ /dev/null
@@ -1,184 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_pgsl config mapping
-
-{mapping, "auth.pgsql.server", "emqx_auth_pgsql.server", [
-  {default, {"127.0.0.1", 5432}},
-  {datatype, [integer, ip, string]}
-]}.
-
-{mapping, "auth.pgsql.pool", "emqx_auth_pgsql.server", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.pgsql.database", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.username", "emqx_auth_pgsql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.password", "emqx_auth_pgsql.server", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.encoding", "emqx_auth_pgsql.server", [
-  {default, utf8},
-  {datatype, atom}
-]}.
-
-{mapping, "auth.pgsql.ssl.enable", "emqx_auth_pgsql.server", [
-  {default, off},
-  {datatype, {enum, [on, off, true, false]}} %% FIXME: true/fasle is compatible with 4.0-4.2 version format, plan to delete in 5.0
-]}.
-
-{mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [
-  {default, "tlsv1.3,tlsv1.2,tlsv1.1"},
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.ssl.keyfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.ssl.certfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.ssl.cacertfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.ssl.verify", "emqx_auth_pgsql.server", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.pgsql.ssl.server_name_indication", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.pgsql.ssl_opts.keyfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.pgsql.ssl_opts.certfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.pgsql.ssl_opts.cacertfile", "emqx_auth_pgsql.server", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.pgsql.ssl_opts.tls_versions", "emqx_auth_pgsql.server", [
-  {default, "tlsv1.2"},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_pgsql.server", fun(Conf) ->
-  {PgHost, PgPort} =
-  case cuttlefish:conf_get("auth.pgsql.server", Conf) of
-    {Ip, Port} -> {Ip, Port};
-    S          -> case string:tokens(S, ":") of
-                    [Domain]       -> {Domain, 5432};
-                    [Domain, Port] -> {Domain, list_to_integer(Port)}
-                  end
-    end,
-  Pool = cuttlefish:conf_get("auth.pgsql.pool", Conf),
-  Username = cuttlefish:conf_get("auth.pgsql.username", Conf),
-  Passwd = cuttlefish:conf_get("auth.pgsql.password", Conf, ""),
-  DB = cuttlefish:conf_get("auth.pgsql.database", Conf),
-  Encoding = cuttlefish:conf_get("auth.pgsql.encoding", Conf),
-
-  Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  SslOpts = fun(Prefix) ->
-                Verify = case cuttlefish:conf_get(Prefix ++ ".verify", Conf, false) of
-                             true -> verify_peer;
-                             false -> verify_none
-                         end,
-                Filter([{keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
-                        {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
-                        {verify,     Verify},
-                        {server_name_indication, case cuttlefish:conf_get(Prefix ++ ".server_name_indication", Conf, undefined) of
-                                                   "disable" -> disable;
-                                                   SNI -> SNI
-                                                 end},
-                        {versions, [list_to_existing_atom(Value)
-                                    || Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}])
-            end,
-
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  GenSsl = case cuttlefish:conf_get("auth.pgsql.ssl.cacertfile", Conf, undefined) of
-               undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
-               _ -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl")}]
-           end,
-
-  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-  Ssl = case cuttlefish:conf_get("auth.pgsql.ssl.enable", Conf) of
-          on -> GenSsl;
-          off -> [];
-          true -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
-          false -> []
-        end,
-
-  TempHost = case inet:parse_address(PgHost) of
-      {ok, IpAddr} ->
-          IpAddr;
-      _ ->
-          PgHost
-  end,
-  [{pool_size, Pool},
-   {auto_reconnect, 1},
-   {host, TempHost},
-   {port, PgPort},
-   {username, Username},
-   {password, Passwd},
-   {database, DB},
-   {encoding, Encoding}] ++ Ssl
-end}.
-
-{mapping, "auth.pgsql.auth_query", "emqx_auth_pgsql.auth_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.password_hash", "emqx_auth_pgsql.password_hash", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.pbkdf2_macfun", "emqx_auth_pgsql.pbkdf2_macfun", [
-  {datatype, atom}
-]}.
-
-{mapping, "auth.pgsql.pbkdf2_iterations", "emqx_auth_pgsql.pbkdf2_iterations", [
-  {datatype, integer}
-]}.
-
-{mapping, "auth.pgsql.pbkdf2_dklen", "emqx_auth_pgsql.pbkdf2_dklen", [
-  {datatype, integer}
-]}.
-
-{mapping, "auth.pgsql.super_query", "emqx_auth_pgsql.super_query", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.pgsql.acl_query", "emqx_auth_pgsql.acl_query", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_pgsql.password_hash", fun(Conf) ->
-  HashValue = cuttlefish:conf_get("auth.pgsql.password_hash", Conf),
-  case string:tokens(HashValue, ",") of
-    [Hash]           -> list_to_atom(Hash);
-    [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
-    [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
-    _                -> plain
-  end
-end}.
diff --git a/apps/emqx_auth_pgsql/rebar.config b/apps/emqx_auth_pgsql/rebar.config
deleted file mode 100644
index 3155bbef3..000000000
--- a/apps/emqx_auth_pgsql/rebar.config
+++ /dev/null
@@ -1,21 +0,0 @@
-{deps,
- [{epgsql, {git, "https://github.com/epgsql/epgsql", {tag, "4.4.0"}}}
- ]}.
-
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions
-              ]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl b/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl
deleted file mode 100644
index 099ce4438..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl
+++ /dev/null
@@ -1,117 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_pgsql).
-
--include("emqx_auth_pgsql.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
-%% ACL callbacks
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) ->
-    case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of
-        ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
-        {stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
-        {stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
-    end.
-
-do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
-    ok;
-do_check_acl(Pool, ClientInfo, PubSub, Topic, _NoMatchAction, #{acl_query := {AclSql, AclParams}}) ->
-    case emqx_auth_pgsql_cli:equery(Pool, AclSql, AclParams, ClientInfo) of
-        {ok, _, []} -> ok;
-        {ok, _, Rows} ->
-            Rules = filter(PubSub, compile(Rows)),
-            case match(ClientInfo, Topic, Rules) of
-                {matched, allow} -> {stop, allow};
-                {matched, deny}  -> {stop, deny};
-                nomatch          -> ok
-            end;
-        {error, Reason} ->
-            ?LOG(error, "[Postgres] do_check_acl error: ~p~n", [Reason]),
-            ok
-    end.
-
-match(_ClientInfo, _Topic, []) ->
-    nomatch;
-
-match(ClientInfo, Topic, [Rule|Rules]) ->
-    case emqx_access_rule:match(ClientInfo, Topic, Rule) of
-        nomatch -> match(ClientInfo, Topic, Rules);
-        {matched, AllowDeny} -> {matched, AllowDeny}
-    end.
-
-filter(PubSub, Rules) ->
-    [Term || Term = {_, _, Access, _} <- Rules,
-             Access =:= PubSub orelse Access =:= pubsub].
-
-compile(Rows) ->
-    compile(Rows, []).
-compile([], Acc) ->
-    Acc;
-compile([{Allow, IpAddr, Username, ClientId, Access, Topic}|T], Acc) ->
-    Who  = who(IpAddr, Username, ClientId),
-    Term = {allow(Allow), Who, access(Access), [topic(Topic)]},
-    compile(T, [emqx_access_rule:compile(Term) | Acc]).
-
-who(_, <<"$all">>, _) ->
-    all;
-who(null, null, null) ->
-    throw(undefined_who);
-who(CIDR, Username, ClientId) ->
-    Cols = [{ipaddr, b2l(CIDR)}, {user, Username}, {client, ClientId}],
-    case [{C, V} || {C, V} <- Cols, not empty(V)] of
-        [Who] -> Who;
-        Conds -> {'and', Conds}
-    end.
-
-allow(1)        -> allow;
-allow(0)        -> deny;
-allow(<<"1">>)  -> allow;
-allow(<<"0">>)  -> deny.
-
-access(1)       -> subscribe;
-access(2)       -> publish;
-access(3)       -> pubsub;
-access(<<"1">>) -> subscribe;
-access(<<"2">>) -> publish;
-access(<<"3">>) -> pubsub.
-
-topic(<<"eq ", Topic/binary>>) ->
-    {eq, Topic};
-topic(Topic) ->
-    Topic.
-
-description() ->
-    "ACL with Postgres".
-
-b2l(null) -> null;
-b2l(B)    -> binary_to_list(B).
-
-empty(null) -> true;
-empty("")   -> true;
-empty(<<>>) -> true;
-empty(_)    -> false.
-
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
deleted file mode 100644
index e97487e21..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_pgsql,
- [{description, "EMQ X Authentication/ACL with PostgreSQL"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_pgsql_sup]},
-  {applications, [kernel,stdlib,epgsql,ecpool]},
-  {mod, {emqx_auth_pgsql_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-pgsql"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
deleted file mode 100644
index f8f365cd7..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
+++ /dev/null
@@ -1,91 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql).
-
--include("emqx_auth_pgsql.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-%%--------------------------------------------------------------------
-%% Auth Module Callbacks
-%%--------------------------------------------------------------------
-
-check(ClientInfo = #{password := Password}, AuthResult,
-      #{auth_query  := {AuthSql, AuthParams},
-        super_query := SuperQuery,
-        hash_type   := HashType,
-        pool := Pool}) ->
-    CheckPass = case emqx_auth_pgsql_cli:equery(Pool, AuthSql, AuthParams, ClientInfo) of
-                    {ok, _, [Record]} ->
-                        check_pass(erlang:append_element(Record, Password), HashType);
-                    {ok, _, []} ->
-                        {error, not_found};
-                    {error, Reason} ->
-                        ?LOG(error, "[Postgres] query '~p' failed: ~p", [AuthSql, Reason]),
-                        {error, not_found}
-                end,
-    case CheckPass of
-        ok ->
-            emqx_metrics:inc(?AUTH_METRICS(success)),
-            {stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
-                                anonymous => false,
-                                auth_result => success}};
-        {error, not_found} ->
-            emqx_metrics:inc(?AUTH_METRICS(ignore)), ok;
-        {error, ResultCode} ->
-            ?LOG(error, "[Postgres] Auth from pgsql failed: ~p", [ResultCode]),
-            emqx_metrics:inc(?AUTH_METRICS(failure)),
-            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
-    end.
-
-%%--------------------------------------------------------------------
-%% Is Superuser?
-%%--------------------------------------------------------------------
-
--spec(is_superuser(atom(),undefined | {string(), list()}, emqx_types:client()) -> boolean()).
-is_superuser(_Pool, undefined, _Client) ->
-    false;
-is_superuser(Pool, {SuperSql, Params}, ClientInfo) ->
-    case emqx_auth_pgsql_cli:equery(Pool, SuperSql, Params, ClientInfo) of
-        {ok, [_Super], [{true}]} ->
-            true;
-        {ok, [_Super], [_False]} ->
-            false;
-        {ok, [_Super], []} ->
-            false;
-        {error, _Error} ->
-            false
-    end.
-
-check_pass(Password, HashType) ->
-    case emqx_passwd:check_pass(Password, HashType) of
-        ok -> ok;
-        {error, _Reason} -> {error, not_authorized}
-    end.
-
-description() -> "Authentication with PostgreSQL".
-
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
deleted file mode 100644
index 571fd0c4b..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_app.erl
+++ /dev/null
@@ -1,63 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_pgsql.hrl").
-
--import(emqx_auth_pgsql_cli, [parse_query/2]).
-
-%% Application callbacks
--export([ start/2
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_pgsql_sup:start_link(),
-    if_enabled(auth_query, fun(AuthQuery) ->
-        SuperQuery = parse_query(super_query, application:get_env(?APP, super_query, undefined)),
-        {ok, HashType}  = application:get_env(?APP, password_hash),
-        AuthEnv = #{auth_query => AuthQuery,
-                    super_query => SuperQuery,
-                    hash_type => HashType,
-                    pool => ?APP},
-        ok = emqx_auth_pgsql:register_metrics(),
-        ok = emqx:hook('client.authenticate', {emqx_auth_pgsql, check, [AuthEnv]})
-    end),
-    if_enabled(acl_query, fun(AclQuery) ->
-        ok = emqx_acl_pgsql:register_metrics(),
-        ok = emqx:hook('client.check_acl', {emqx_acl_pgsql, check_acl, [#{acl_query => AclQuery, pool => ?APP}]})
-    end),
-    {ok, Sup}.
-
-stop(_State) ->
-    ok = emqx:unhook('client.authenticate', {emqx_auth_pgsql, check}),
-    ok = emqx:unhook('client.check_acl', {emqx_acl_pgsql, check_acl}).
-
-if_enabled(Par, Fun) ->
-    case application:get_env(?APP, Par) of
-        {ok, Query} -> Fun(parse_query(Par, Query));
-        undefined   -> ok
-    end.
-
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
deleted file mode 100644
index 7dde566a2..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_cli.erl
+++ /dev/null
@@ -1,150 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql_cli).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_pgsql.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([connect/1]).
--export([parse_query/2]).
--export([ equery/4
-        , equery/3
-        ]).
-
--type client_info() :: #{username := _,
-                         clientid := _,
-                         peerhost := _,
-                         _ => _}.
-
-%%--------------------------------------------------------------------
-%% Avoid SQL Injection: Parse SQL to Parameter Query.
-%%--------------------------------------------------------------------
-
-parse_query(_Par, undefined) ->
-    undefined;
-parse_query(Par, Sql) ->
-    case re:run(Sql, "'%[ucCad]'", [global, {capture, all, list}]) of
-        {match, Variables} ->
-            Params = [Var || [Var] <- Variables],
-            {atom_to_list(Par), Params};
-        nomatch ->
-            {atom_to_list(Par), []}
-    end.
-
-pgvar(Sql, Params) ->
-    Vars = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(Params))],
-    lists:foldl(fun({Param, Var}, S) ->
-            re:replace(S, Param, Var, [{return, list}])
-        end, Sql, lists:zip(Params, Vars)).
-
-%%--------------------------------------------------------------------
-%% PostgreSQL Connect/Query
-%%--------------------------------------------------------------------
-
-%% Due to a bug in epgsql the caluse for `econnrefused` is not recognised by
-%% dialyzer, result in this error:
-%% The pattern {'error', Reason = 'econnrefused'} can never match the type ...
-%% https://github.com/epgsql/epgsql/issues/246
--dialyzer([{nowarn_function, [connect/1]}]).
-connect(Opts) ->
-    Host     = proplists:get_value(host, Opts),
-    Username = proplists:get_value(username, Opts),
-    Password = proplists:get_value(password, Opts),
-    case epgsql:connect(Host, Username, Password, conn_opts(Opts)) of
-        {ok, C} ->
-            conn_post(C),
-            {ok, C};
-        {error, Reason = econnrefused} ->
-            ?LOG(error, "[Postgres] Can't connect to Postgres server: Connection refused."),
-            {error, Reason};
-        {error, Reason = invalid_authorization_specification} ->
-            ?LOG(error, "[Postgres] Can't connect to Postgres server: Invalid authorization specification."),
-            {error, Reason};
-        {error, Reason = invalid_password} ->
-            ?LOG(error, "[Postgres] Can't connect to Postgres server: Invalid password."),
-            {error, Reason};
-        {error, Reason} ->
-            ?LOG(error, "[Postgres] Can't connect to Postgres server: ~p", [Reason]),
-            {error, Reason}
-    end.
-
-conn_post(Connection) ->
-    lists:foreach(fun(Par) ->
-        Sql0 = application:get_env(?APP, Par, undefined),
-        case parse_query(Par, Sql0) of
-            undefined -> ok;
-            {_, Params} ->
-                Sql = pgvar(Sql0, Params),
-                epgsql:parse(Connection, atom_to_list(Par), Sql, [])
-        end
-    end,  [auth_query, acl_query, super_query]).
-
-conn_opts(Opts) ->
-    conn_opts(Opts, []).
-conn_opts([], Acc) ->
-    Acc;
-conn_opts([Opt = {database, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([Opt = {ssl, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([Opt = {port, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([Opt = {timeout, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([Opt = {ssl_opts, _}|Opts], Acc) ->
-    conn_opts(Opts, [Opt|Acc]);
-conn_opts([_Opt|Opts], Acc) ->
-    conn_opts(Opts, Acc).
-
--spec(equery(atom(), string() | epgsql:statement(), Parameters::[any()]) -> {ok, ColumnsDescription :: [any()], RowsValues :: [any()]} | {error, any()} ).
-equery(Pool, Sql, Params) ->
-    ecpool:with_client(Pool, fun(C) -> epgsql:prepared_query(C, Sql, Params) end).
-
--spec(equery(atom(), string() | epgsql:statement(), Parameters::[any()], client_info()) ->  {ok, ColumnsDescription :: [any()], RowsValues :: [any()]} | {error, any()} ).
-equery(Pool, Sql, Params, ClientInfo) ->
-    ecpool:with_client(Pool, fun(C) -> epgsql:prepared_query(C, Sql, replvar(Params, ClientInfo)) end).
-
-replvar(Params, ClientInfo) ->
-    replvar(Params, ClientInfo, []).
-
-replvar([], _ClientInfo, Acc) ->
-    lists:reverse(Acc);
-
-replvar(["'%u'" | Params], ClientInfo = #{username := Username}, Acc) ->
-    replvar(Params, ClientInfo, [Username | Acc]);
-replvar(["'%c'" | Params], ClientInfo = #{clientid := ClientId}, Acc) ->
-    replvar(Params, ClientInfo, [ClientId | Acc]);
-replvar(["'%a'" | Params], ClientInfo = #{peerhost := IpAddr}, Acc) ->
-    replvar(Params, ClientInfo, [inet_parse:ntoa(IpAddr) | Acc]);
-replvar(["'%C'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(cn, ClientInfo)| Acc]);
-replvar(["'%d'" | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [safe_get(dn, ClientInfo)| Acc]);
-replvar([Param | Params], ClientInfo, Acc) ->
-    replvar(Params, ClientInfo, [Param | Acc]).
-
-safe_get(K, ClientInfo) ->
-    bin(maps:get(K, ClientInfo, undefined)).
-
-bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
-bin(B) when is_binary(B) -> B;
-bin(X) -> X.
-
diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl
deleted file mode 100644
index 21d005dc2..000000000
--- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql_sup.erl
+++ /dev/null
@@ -1,37 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_pgsql.hrl").
-
-%% API
--export([start_link/0]).
-
-%% Supervisor callbacks
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    %% PgSQL Connection Pool
-    {ok, Opts} = application:get_env(?APP, server),
-    PoolSpec = ecpool:pool_spec(?APP, ?APP, emqx_auth_pgsql_cli, Opts),
-    {ok, {{one_for_one, 10, 100}, [PoolSpec]}}.
-
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl
deleted file mode 100644
index 6c4cd2eb3..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE.erl
+++ /dev/null
@@ -1,221 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_pgsql_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--define(POOL, emqx_auth_pgsql).
-
--define(APP, emqx_auth_pgsql).
-
--include_lib("emqx/include/emqx.hrl").
-
--include_lib("eunit/include/eunit.hrl").
-
--include_lib("common_test/include/ct.hrl").
-
-%%setp1 init table
--define(DROP_ACL_TABLE, "DROP TABLE IF EXISTS mqtt_acl").
-
--define(CREATE_ACL_TABLE, "CREATE TABLE mqtt_acl (
-                           id SERIAL primary key,
-                           allow integer,
-                           ipaddr character varying(60),
-                           username character varying(100),
-                           clientid character varying(100),
-                           access  integer,
-                           topic character varying(100))").
-
--define(INIT_ACL, "INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
-                   VALUES
-                   (1,1,'127.0.0.1','u1','c1',1,'t1'),
-                   (2,0,'127.0.0.1','u2','c2',1,'t1'),
-                   (3,1,'10.10.0.110','u1','c1',1,'t1'),
-                   (4,1,'127.0.0.1','u3','c3',3,'t1')").
-
--define(DROP_AUTH_TABLE, "DROP TABLE IF EXISTS mqtt_user").
-
--define(CREATE_AUTH_TABLE, "CREATE TABLE mqtt_user (
-                            id SERIAL primary key,
-                            is_superuser boolean,
-                            username character varying(100),
-                            password character varying(100),
-                            salt character varying(40))").
-
--define(INIT_AUTH, "INSERT INTO mqtt_user (id, is_superuser, username, password, salt)
-                     VALUES
-                     (1, true, 'plain', 'plain', 'salt'),
-                     (2, false, 'md5', '1bc29b36f623ba82aaf6724fd3b16718', 'salt'),
-                     (3, false, 'sha', 'd8f4590320e1343a915b6394170650a8f35d6926', 'salt'),
-                     (4, false, 'sha256', '5d5b09f6dcb2d53a5fffc60c4ac0d55fabdf556069d6631545f42aa6e3500f2e', 'salt'),
-                     (5, false, 'pbkdf2_password', 'cdedb5281bb2f801565a1122b2563515', 'ATHENA.MIT.EDUraeburn'),
-                     (6, false, 'bcrypt_foo', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.HbUIOdlQI0iS22Q5rd5z.JVVYH6sfm6', '$2a$12$sSS8Eg.ovVzaHzi1nUHYK.'),
-                     (7, false, 'bcrypt', '$2y$16$rEVsDarhgHYB0TGnDFJzyu5f.T.Ha9iXMTk9J36NCMWWM7O16qyaK', 'salt')").
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_auth_pgsql]),
-    drop_acl(),
-    drop_auth(),
-    init_auth(),
-    init_acl(),
-    set_special_configs(),
-    Config.
-
-end_per_suite(Config) ->
-    emqx_ct_helpers:stop_apps([emqx_auth_pgsql]),
-    Config.
-
-set_special_configs() ->
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, enable_acl_cache, false).
-
-t_comment_config(_) ->
-    AuthCount = length(emqx_hooks:lookup('client.authenticate')),
-    AclCount = length(emqx_hooks:lookup('client.check_acl')),
-    application:stop(?APP),
-    [application:unset_env(?APP, Par) || Par <- [acl_query, auth_query]],
-    application:start(?APP),
-    ?assertEqual([], emqx_hooks:lookup('client.authenticate')),
-    ?assertEqual(AuthCount - 1, length(emqx_hooks:lookup('client.authenticate'))),
-    ?assertEqual(AclCount - 1, length(emqx_hooks:lookup('client.check_acl'))).
-
-t_placeholders(_) ->
-    ClientA = #{username => <<"plain">>, clientid => <<"plain">>, zone => external},
-    reload([{password_hash, plain},
-            {auth_query, "select password from mqtt_user where username = '%u' and 'a_cn_val' = '%C' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, cn => undefined}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, cn => <<"a_cn_val">>}),
-
-    reload([{auth_query, "select password from mqtt_user where username = '%c' and 'a_dn_val' = '%d' limit 1"}]),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, dn => undefined}),
-    {ok, _} =
-        emqx_access_control:authenticate(ClientA#{password => <<"plain">>, dn => <<"a_dn_val">>}),
-
-     reload([{auth_query, "select password from mqtt_user where username = '%u' and '192.168.1.5' = '%a' limit 1"}]),
-     {error, not_authorized} =
-         emqx_access_control:authenticate(ClientA#{password => <<"plain">>}),
-     {ok, _} =
-         emqx_access_control:authenticate(ClientA#{password => <<"plain">>, peerhost => {192,168,1,5}}).
-
-t_check_auth(_) ->
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    Md5 = #{clientid => <<"md5">>, username => <<"md5">>, zone => external},
-    Sha = #{clientid => <<"sha">>, username => <<"sha">>, zone => external},
-    Sha256 = #{clientid => <<"sha256">>, username => <<"sha256">>, zone => external},
-    Pbkdf2 = #{clientid => <<"pbkdf2_password">>, username => <<"pbkdf2_password">>, zone => external},
-    BcryptFoo = #{clientid => <<"bcrypt_foo">>, username => <<"bcrypt_foo">>, zone => external},
-    User1 = #{clientid => <<"bcrypt_foo">>, username => <<"user">>, zone => external},
-    Bcrypt = #{clientid => <<"bcrypt">>, username => <<"bcrypt">>, zone => external},
-    BcryptWrong = #{clientid => <<"bcrypt_wrong">>, username => <<"bcrypt_wrong">>, zone => external},
-    reload([{password_hash, plain}]),
-    {ok,#{is_superuser := true}} =
-        emqx_access_control:authenticate(Plain#{password => <<"plain">>}),
-    reload([{password_hash, md5}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Md5#{password => <<"md5">>}),
-    reload([{password_hash, sha}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Sha#{password => <<"sha">>}),
-    reload([{password_hash, sha256}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Sha256#{password => <<"sha256">>}),
-    reload([{password_hash, bcrypt}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}),
-    {error, not_authorized} =
-        emqx_access_control:authenticate(BcryptWrong#{password => <<"password">>}),
-    %%pbkdf2 sha
-    reload([{password_hash, {pbkdf2, sha, 1, 16}},
-            {auth_query, "select password, salt from mqtt_user where username = '%u' limit 1"}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(Pbkdf2#{password => <<"password">>}),
-    reload([{password_hash, {salt, bcrypt}}]),
-    {ok,#{is_superuser := false}} =
-        emqx_access_control:authenticate(BcryptFoo#{password => <<"foo">>}),
-    {error, _} = emqx_access_control:authenticate(User1#{password => <<"foo">>}),
-    {error, not_authorized} = emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}).
-
-t_check_acl(_) ->
-    User1 = #{zone => external, peerhost => {127,0,0,1}, clientid => <<"c1">>, username => <<"u1">>},
-    User2 = #{zone => external, peerhost => {127,0,0,1}, clientid => <<"c2">>, username => <<"u2">>},
-    allow = emqx_access_control:check_acl(User1, subscribe, <<"t1">>),
-    deny = emqx_access_control:check_acl(User2, subscribe, <<"t1">>),
-    User3 = #{zone => external, peerhost => {10,10,0,110}, clientid => <<"c1">>, username => <<"u1">>},
-    User4 = #{zone => external, peerhost => {10,10,10,110}, clientid => <<"c1">>, username => <<"u1">>},
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"t1">>),
-    deny = emqx_access_control:check_acl(User3, subscribe, <<"t2">>),%% nomatch -> ignore -> emqx acl
-    deny = emqx_access_control:check_acl(User4, subscribe, <<"t1">>),%% nomatch -> ignore -> emqx acl
-    User5 = #{zone => external, peerhost => {127,0,0,1}, clientid => <<"c3">>, username => <<"u3">>},
-    allow = emqx_access_control:check_acl(User5, subscribe, <<"t1">>),
-    allow = emqx_access_control:check_acl(User5, publish, <<"t1">>).
-
-t_acl_super(_) ->
-    reload([{password_hash, plain}, {auth_query, "select password from mqtt_user where username = '%u' limit 1"}]),
-    {ok, C} = emqtt:start_link([{host, "localhost"}, {clientid, <<"simpleClient">>},
-                                {username, <<"plain">>}, {password, <<"plain">>}]),
-    {ok, _} = emqtt:connect(C),
-    timer:sleep(10),
-    emqtt:subscribe(C, <<"TopicA">>, qos2),
-    emqtt:publish(C, <<"TopicA">>, <<"Payload">>, qos2),
-    timer:sleep(1000),
-    receive
-        {publish, #{payload := Payload}} ->
-            ?assertEqual(<<"Payload">>, Payload)
-    after
-        1000 ->
-           ct:fail({receive_timeout, <<"Payload">>}),
-            ok
-    end,
-    emqtt:disconnect(C).
-
-reload(Config) when is_list(Config) ->
-    application:stop(?APP),
-    [application:set_env(?APP, K, V) || {K, V} <- Config],
-    application:start(?APP).
-
-init_acl() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
-    {ok, [], []} = epgsql:squery(Pid, ?DROP_ACL_TABLE),
-    {ok, [], []} = epgsql:squery(Pid, ?CREATE_ACL_TABLE),
-    {ok, _} = epgsql:equery(Pid, ?INIT_ACL).
-
-drop_acl() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
-    {ok, [], []}= epgsql:squery(Pid, ?DROP_ACL_TABLE).
-
-init_auth() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
-    {ok, [], []} = epgsql:squery(Pid, ?DROP_AUTH_TABLE),
-    {ok, [], []} = epgsql:squery(Pid, ?CREATE_AUTH_TABLE),
-    {ok, _} = epgsql:equery(Pid, ?INIT_AUTH).
-
-drop_auth() ->
-    {ok, Pid} = ecpool_worker:client(gproc_pool:pick_worker({ecpool, ?POOL})),
-    {ok, [], []} = epgsql:squery(Pid, ?DROP_AUTH_TABLE).
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca-key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca-key.pem
deleted file mode 100644
index e9717011e..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0kGUBi9NDp65jgdxKfizIfuSr2wpwb44yM9SuP4oUQSULOA2
-4iFpLR/c5FAYHU81y9Vx91dQjdZfffaBZuv2zVvteXUkol8Nez7boKbo2E41MTew
-8edtNKZAQVvnaHAC2NCZxjchCzUCDEoUUcl+cIERZ8R48FBqK5iTVcMRIx1akwus
-+dhBqP0ykA5TGOWZkJrLM9aUXSPQha9+wXlOpkvu0Ur2nkX8PPJnifWao9UShSar
-ll1IqPZNCSlZMwcFYcQNBCpdvITUUYlHvMRQV64bUpOxUGDuJkQL3dLKBlNuBRlJ
-BcjBAKw7rFnwwHZcMmQ9tan/dZzpzwjo/T0XjwIDAQABAoIBAQCSHvUqnzDkWjcG
-l/Fzg92qXlYBCCC0/ugj1sHcwvVt6Mq5rVE3MpUPwTcYjPlVVTlD4aEEjm/zQuq2
-ddxUlOS+r4aIhHrjRT/vSS4FpjnoKeIZxGR6maVxk6DQS3i1QjMYT1CvSpzyVvKH
-a+xXMrtmoKxh+085ZAmFJtIuJhUA2yEa4zggCxWnvz8ecLClUPfVDPhdLBHc3KmL
-CRpHEC6L/wanvDPRdkkzfKyaJuIJlTDaCg63AY5sDkTW2I57iI/nJ3haSeidfQKz
-39EfbnM1A/YprIakafjAu3frBIsjBVcxwGihZmL/YriTHjOggJF841kT5zFkkv2L
-/530Wk6xAoGBAOqZLZ4DIi/zLndEOz1mRbUfjc7GQUdYplBnBwJ22VdS0P4TOXnd
-UbJth2MA92NM7ocTYVFl4TVIZY/Y+Prxk7KQdHWzR7JPpKfx9OEVgtSqV0vF9eGI
-rKp79Y1T4Mvc3UcQCXX6TP7nHLihEzpS8odm2LW4txrOiLsn4Fq/IWrLAoGBAOVv
-6U4tm3lImotUupKLZPKEBYwruo9qRysoug9FiorP4TjaBVOfltiiHbAQD6aGfVtN
-SZpZZtrs17wL7Xl4db5asgMcZd+8Hkfo5siR7AuGW9FZloOjDcXb5wCh9EvjJ74J
-Cjw7RqyVymq9t7IP6wnVwj5Ck48YhlOZCz/mzlnNAoGAWq7NYFgLvgc9feLFF23S
-IjpJQZWHJEITP98jaYNxbfzYRm49+GphqxwFinKULjFNvq7yHlnIXSVYBOu1CqOZ
-GRwXuGuNmlKI7lZr9xmukfAqgGLMMdr4C4qRF4lFyufcLRz42z7exmWlx4ST/yaT
-E13hBRWayeTuG5JFei6Jh1MCgYEAqmX4LyC+JFBgvvQZcLboLRkSCa18bADxhENG
-FAuAvmFvksqRRC71WETmqZj0Fqgxt7pp3KFjO1rFSprNLvbg85PmO1s+6fCLyLpX
-lESTu2d5D71qhK93jigooxalGitFm+SY3mzjq0/AOpBWOn+J/w7rqVPGxXLgaHv0
-l+vx+00CgYBOvo9/ImjwYii2jFl+sHEoCzlvpITi2temRlT2j6ulSjCLJgjwEFw9
-8e+vvfQumQOsutakUVyURrkMGNDiNlIv8kv5YLCCkrwN22E6Ghyi69MJUvHQXkc/
-QZhjn/luyfpB5f/BeHFS2bkkxAXo+cfG45ApY3Qfz6/7o+H+vDa6/A==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem
deleted file mode 100644
index 00b31d8a4..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAeugAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowPDE6MDgGA1UEAwwxTXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DQV9DZXJ0aWZpY2F0ZTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJBlAYvTQ6euY4HcSn4syH7kq9s
-KcG+OMjPUrj+KFEElCzgNuIhaS0f3ORQGB1PNcvVcfdXUI3WX332gWbr9s1b7Xl1
-JKJfDXs+26Cm6NhONTE3sPHnbTSmQEFb52hwAtjQmcY3IQs1AgxKFFHJfnCBEWfE
-ePBQaiuYk1XDESMdWpMLrPnYQaj9MpAOUxjlmZCayzPWlF0j0IWvfsF5TqZL7tFK
-9p5F/DzyZ4n1mqPVEoUmq5ZdSKj2TQkpWTMHBWHEDQQqXbyE1FGJR7zEUFeuG1KT
-sVBg7iZEC93SygZTbgUZSQXIwQCsO6xZ8MB2XDJkPbWp/3Wc6c8I6P09F48CAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADKz6bIpP5anp
-GgLB0jkclRWuMlS4qqIt4itSsMXPJ/ezpHwECixmgW2TIQl6S1woRkUeMxhT2/Ay
-Sn/7aKxuzRagyE5NEGOvrOuAP5RO2ZdNJ/X3/Rh533fK1sOTEEbSsWUvW6iSkZef
-rsfZBVP32xBhRWkKRdLeLB4W99ADMa0IrTmZPCXHSSE2V4e1o6zWLXcOZeH1Qh8N
-SkelBweR+8r1Fbvy1r3s7eH7DCbYoGEDVLQGOLvzHKBisQHmoDnnF5E9g1eeNRdg
-o+vhOKfYCOzeNREJIqS42PHcGhdNRk90ycigPmfUJclz1mDHoMjKR2S5oosTpr65
-tNPx3CL7GA==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem
deleted file mode 100644
index aad1404ca..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAzANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0N1oXDTMwMDYwOTAzMzg0N1owQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DbGllbnRfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVYSWpOvCTupz82fc85Opv
-EQ7rkB8X2oOMyBCpkyHKBIr1ZQgRDWBp9UVOASq3GnSElm6+T3Kb1QbOffa8GIlw
-sjAueKdq5L2eSkmPIEQ7eoO5kEW+4V866hE1LeL/PmHg2lGP0iqZiJYtElhHNQO8
-3y9I7cm3xWMAA3SSWikVtpJRn3qIp2QSrH+tK+/HHbE5QwtPxdir4ULSCSOaM5Yh
-Wi5Oto88TZqe1v7SXC864JVvO4LuS7TuSreCdWZyPXTJFBFeCEWSAxonKZrqHbBe
-CwKML6/0NuzjaQ51c2tzmVI6xpHj3nnu4cSRx6Jf9WBm+35vm0wk4pohX3ptdzeV
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAByQ5zSNeFUH
-Aw7JlpZHtHaSEeiiyBHke20ziQ07BK1yi/ms2HAWwQkpZv149sjNuIRH8pkTmkZn
-g8PDzSefjLbC9AsWpWV0XNV22T/cdobqLqMBDDZ2+5bsV+jTrOigWd9/AHVZ93PP
-IJN8HJn6rtvo2l1bh/CdsX14uVSdofXnuWGabNTydqtMvmCerZsdf6qKqLL+PYwm
-RDpgWiRUY7KPBSSlKm/9lJzA+bOe4dHeJzxWFVCJcbpoiTFs1je1V8kKQaHtuW39
-ifX6LTKUMlwEECCbDKM8Yq2tm8NjkjCcnFDtKg8zKGPUu+jrFMN5otiC3wnKcP7r
-O9EkaPcgYH8=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem
deleted file mode 100644
index 6789d0291..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1WElqTrwk7qc/Nn3POTqbxEO65AfF9qDjMgQqZMhygSK9WUI
-EQ1gafVFTgEqtxp0hJZuvk9ym9UGzn32vBiJcLIwLninauS9nkpJjyBEO3qDuZBF
-vuFfOuoRNS3i/z5h4NpRj9IqmYiWLRJYRzUDvN8vSO3Jt8VjAAN0klopFbaSUZ96
-iKdkEqx/rSvvxx2xOUMLT8XYq+FC0gkjmjOWIVouTraPPE2antb+0lwvOuCVbzuC
-7ku07kq3gnVmcj10yRQRXghFkgMaJyma6h2wXgsCjC+v9Dbs42kOdXNrc5lSOsaR
-49557uHEkceiX/VgZvt+b5tMJOKaIV96bXc3lQIDAQABAoIBAF7yjXmSOn7h6P0y
-WCuGiTLG2mbDiLJqj2LTm2Z5i+2Cu/qZ7E76Ls63TxF4v3MemH5vGfQhEhR5ZD/6
-GRJ1sKKvB3WGRqjwA9gtojHH39S/nWGy6vYW/vMOOH37XyjIr3EIdIaUtFQBTSHd
-Kd71niYrAbVn6fyWHolhADwnVmTMOl5OOAhCdEF4GN3b5aIhIu8BJ7EUzTtHBJIj
-CAEfjZFjDs1y1cIgGFJkuIQxMfCpq5recU2qwip7YO6fk//WEjOPu7kSf5IEswL8
-jg1dea9rGBV6KaD2xsgsC6Ll6Sb4BbsrHMfflG3K2Lk3RdVqqTFp1Fn1PTLQE/1S
-S/SZPYECgYEA9qYcHKHd0+Q5Ty5wgpxKGa4UCWkpwvfvyv4bh8qlmxueB+l2AIdo
-ZvkM8gTPagPQ3WypAyC2b9iQu70uOJo1NizTtKnpjDdN1YpDjISJuS/P0x73gZwy
-gmoM5AzMtN4D6IbxXtXnPaYICvwLKU80ouEN5ZPM4/ODLUu6gsp0v2UCgYEA3Xgi
-zMC4JF0vEKEaK0H6QstaoXUmw/lToZGH3TEojBIkb/2LrHUclygtONh9kJSFb89/
-jbmRRLAOrx3HZKCNGUmF4H9k5OQyAIv6OGBinvLGqcbqnyNlI+Le8zxySYwKMlEj
-EMrBCLmSyi0CGFrbZ3mlj/oCET/ql9rNvcK+DHECgYAEx5dH3sMjtgp+RFId1dWB
-xePRgt4yTwewkVgLO5wV82UOljGZNQaK6Eyd7AXw8f38LHzh+KJQbIvxd2sL4cEi
-OaAoohpKg0/Y0YMZl//rPMf0OWdmdZZs/I0fZjgZUSwWN3c59T8z7KG/RL8an9RP
-S7kvN7wCttdV61/D5RR6GQKBgDxCe/WKWpBKaovzydMLWLTj7/0Oi0W3iXHkzzr4
-LTgvl4qBSofaNbVLUUKuZTv5rXUG2IYPf99YqCYtzBstNDc1MiAriaBeFtzfOW4t
-i6gEFtoLLbuvPc3N5Sv5vn8Ug5G9UfU3td5R4AbyyCcoUZqOFuZd+EIJSiOXfXOs
-kVmBAoGBAIU9aPAqhU5LX902oq8KsrpdySONqv5mtoStvl3wo95WIqXNEsFY60wO
-q02jKQmJJ2MqhkJm2EoF2Mq8+40EZ5sz8LdgeQ/M0yQ9lAhPi4rftwhpe55Ma9dk
-SE9X1c/DMCBEaIjJqVXdy0/EeArwpb8sHkguVVAZUWxzD+phm1gs
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/private_key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/private_key.pem
deleted file mode 100644
index 8fbf6bdec..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/private_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1zVmMhPqpSPMmYkKh5wwlRD5XuS8YWJKEM6tjFx61VK8qxHE
-YngkC2KnL5EuKAjQZIF3tJskwt0hAat047CCCZxrkNEpbVvSnvnk+A/8bg/Ww1n3
-qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XAPy7ZjzecAF9SDV6WSiPeAxUX2+hN
-dId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGwcnkKCUikiBqr2ijSIgvRtBfZ9fBG
-jFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtPnBtTytmqTy9V/BRgsVKUoksm6wsx
-kUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h+wIDAQABAoIBAEQcrHmRACTADdNS
-IjkFYALt2l8EOfMAbryfDSJtapr1kqz59JPNvmq0EIHnixo0n/APYdmReLML1ZR3
-tYkSpjVwgkLVUC1CcIjMQoGYXaZf8PLnGJHZk45RR8m6hsTV0mQ5bfBaeVa2jbma
-OzJMjcnxg/3l9cPQZ2G/3AUfEPccMxOXp1KRz3mUQcGnKJGtDbN/kfmntcwYoxaE
-Zg4RoeKAoMpK1SSHAiJKe7TnztINJ7uygR9XSzNd6auY8A3vomSIjpYO7XL+lh7L
-izm4Ir3Gb/eCYBvWgQyQa2KCJgK/sQyEs3a09ngofSEUhQJQYhgZDwUj+fDDOGqj
-hCZOA8ECgYEA+ZWuHdcUQ3ygYhLds2QcogUlIsx7C8n/Gk/FUrqqXJrTkuO0Eqqa
-B47lCITvmn2zm0ODfSFIARgKEUEDLS/biZYv7SUTrFqBLcet+aGI7Dpv91CgB75R
-tNzcIf8VxoiP0jPqdbh9mLbbxGi5Uc4p9TVXRljC4hkswaouebWee0sCgYEA3L2E
-YB3kiHrhPI9LHS5Px9C1w+NOu5wP5snxrDGEgaFCvL6zgY6PflacppgnmTXl8D1x
-im0IDKSw5dP3FFonSVXReq3CXDql7UnhfTCiLDahV7bLxTH42FofcBpDN3ERdOal
-58RwQh6VrLkzQRVoObo+hbGlFiwwSAfQC509FhECgYBsRSBpVXo25IN2yBRg09cP
-+gdoFyhxrsj5kw1YnB13WrrZh+oABv4WtUhp77E5ZbpaamlKCPwBbXpAjeFg4tfr
-0bksuN7V79UGFQ9FsWuCfr8/nDwv38H2IbFlFhFONMOfPmJBey0Q6JJhm8R41mSh
-OOiJXcv85UrjIH5U0hLUDQKBgQDVLOU5WcUJlPoOXSgiT0ZW5xWSzuOLRUUKEf6l
-19BqzAzCcLy0orOrRAPW01xylt2v6/bJw1Ahva7k1ZZo/kOwjANYoZPxM+ZoSZBN
-MXl8j2mzZuJVV1RFxItV3NcLJNPB/Lk+IbRz9kt/2f9InF7iWR3mSU/wIM6j0X+2
-p6yFsQKBgQCM/ldWb511lA+SNkqXB2P6WXAgAM/7+jwsNHX2ia2Ikufm4SUEKMSv
-mti/nZkHDHsrHU4wb/2cOAywMELzv9EHzdcoenjBQP65OAc/1qWJs+LnBcCXfqKk
-aHjEZW6+brkHdRGLLY3YAHlt/AUL+RsKPJfN72i/FSpmu+52G36eeQ==
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/public_key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/public_key.pem
deleted file mode 100644
index f9772b533..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/public_key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zVmMhPqpSPMmYkKh5ww
-lRD5XuS8YWJKEM6tjFx61VK8qxHEYngkC2KnL5EuKAjQZIF3tJskwt0hAat047CC
-CZxrkNEpbVvSnvnk+A/8bg/Ww1n3qxzfifhsWfpUKlDnwrtH+ftt+5rZeEkf37XA
-Py7ZjzecAF9SDV6WSiPeAxUX2+hNdId42Pf45woo4LFGUlQeagCFkD/R0dpNIMGw
-cnkKCUikiBqr2ijSIgvRtBfZ9fBGjFGER2uE/Eay4AgcQsHue8skRwDCng8OnqtP
-nBtTytmqTy9V/BRgsVKUoksm6wsxkUYwgHeaq7UCvlCm25SZ7yRyd4k8t0BKDf2h
-+wIDAQAB
------END PUBLIC KEY-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem
deleted file mode 100644
index a2f9688df..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcEnEm5hqP1EbEJycOz8Ua
-NWp29QdpFUzTWhkKGhVXk+0msmNTw4NBAFB42moY44OU8wvDideOlJNhPRWveD8z
-G2lxzJA91p0UK4et8ia9MmeuCGhdC9jxJ8X69WNlUiPyy0hI/ZsqRq9Z0C2eW0iL
-JPXsy4X8Xpw3SFwoXf5pR9RFY5Pb2tuyxqmSestu2VXT/NQjJg4CVDR3mFcHPXZB
-4elRzH0WshExEGkgy0bg20MJeRc2Qdb5Xx+EakbmwroDWaCn3NSGqQ7jv6Vw0doy
-TGvS6h6RHBxnyqRfRgKGlCoOMG9/5+rFJC00QpCUG2vHXHWGoWlMlJ3foN7rj5v9
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ5zt2rj4Ag6
-zpN59AWC1Fur8g8l41ksHkSpKPp+PtyO/ngvbMqBpfmK1e7JCKZv/68QXfMyWWAI
-hwalqZkXXWHKjuz3wE7dE25PXFXtGJtcZAaj10xt98fzdqt8lQSwh2kbfNwZIz1F
-sgAStgE7+ZTcqTgvNB76Os1UK0to+/P0VBWktaVFdyub4Nc2SdPVnZNvrRBXBwOD
-3V8ViwywDOFoE7DvCvwx/SVsvoC0Z4j3AMMovO6oHicP7uU83qsQgm1Qru3YeoLR
-+DoVi7IPHbWvN7MqFYn3YjNlByO2geblY7MR0BlqbFlmFrqLsUfjsh2ys7/U/knC
-dN/klu446fI=
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem b/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem
deleted file mode 100644
index a1dfd5f78..000000000
--- a/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAnBJxJuYaj9RGxCcnDs/FGjVqdvUHaRVM01oZChoVV5PtJrJj
-U8ODQQBQeNpqGOODlPMLw4nXjpSTYT0Vr3g/MxtpccyQPdadFCuHrfImvTJnrgho
-XQvY8SfF+vVjZVIj8stISP2bKkavWdAtnltIiyT17MuF/F6cN0hcKF3+aUfURWOT
-29rbssapknrLbtlV0/zUIyYOAlQ0d5hXBz12QeHpUcx9FrIRMRBpIMtG4NtDCXkX
-NkHW+V8fhGpG5sK6A1mgp9zUhqkO47+lcNHaMkxr0uoekRwcZ8qkX0YChpQqDjBv
-f+fqxSQtNEKQlBtrx1x1hqFpTJSd36De64+b/QIDAQABAoIBAFiah66Dt9SruLkn
-WR8piUaFyLlcBib8Nq9OWSTJBhDAJERxxb4KIvvGB+l0ZgNXNp5bFPSfzsZdRwZP
-PX5uj8Kd71Dxx3mz211WESMJdEC42u+MSmN4lGLkJ5t/sDwXU91E1vbJM0ve8THV
-4/Ag9qA4DX2vVZOeyqT/6YHpSsPNZplqzrbAiwrfHwkctHfgqwOf3QLfhmVQgfCS
-VwidBldEUv2whSIiIxh4Rv5St4kA68IBCbJxdpOpyuQBkk6CkxZ7VN9FqOuSd4Pk
-Wm7iWyBMZsCmELZh5XAXld4BEt87C5R4CvbPBDZxAv3THk1DNNvpy3PFQfwARRFb
-SAToYMECgYEAyL7U8yxpzHDYWd3oCx6vTi9p9N/z0FfAkWrRF6dm4UcSklNiT1Aq
-EOnTA+SaW8tV3E64gCWcY23gNP8so/ZseWj6L+peHwtchaP9+KB7yGw2A+05+lOx
-VetLTjAOmfpiUXFe5w1q4C1RGhLjZjjzW+GvwdAuchQgUEFaomrV+PUCgYEAxwfH
-cmVGFbAktcjU4HSRjKSfawCrut+3YUOLybyku3Q/hP9amG8qkVTFe95CTLjLe2D0
-ccaTTpofFEJ32COeck0g0Ujn/qQ+KXRoauOYs4FB1DtqMpqB78wufWEUpDpbd9/h
-J+gJdC/IADd4tJW9zA92g8IA7ZtFmqDtiSpQ0ekCgYAQGkaorvJZpN+l7cf0RGTZ
-h7IfI2vCVZer0n6tQA9fmLzjoe6r4AlPzAHSOR8sp9XeUy43kUzHKQQoHCPvjw/K
-eWJAP7OHF/k2+x2fOPhU7mEy1W+mJdp+wt4Kio5RSaVjVQ3AyPG+w8PSrJszEvRq
-dWMMz+851WV2KpfjmWBKlQKBgQC++4j4DZQV5aMkSKV1CIZOBf3vaIJhXKEUFQPD
-PmB4fBEjpwCg+zNGp6iktt65zi17o8qMjrb1mtCt2SY04eD932LZUHNFlwcLMmes
-Ad+aiDLJ24WJL1f16eDGcOyktlblDZB5gZ/ovJzXEGOkLXglosTfo77OQculmDy2
-/UL2WQKBgGeKasmGNfiYAcWio+KXgFkHXWtAXB9B91B1OFnCa40wx+qnl71MIWQH
-PQ/CZFNWOfGiNEJIZjrHsfNJoeXkhq48oKcT0AVCDYyLV0VxDO4ejT95mGW6njNd
-JpvmhwwAjOvuWVr0tn4iXlSK8irjlJHmwcRjLTJq97vE9fsA2MjI
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_redis/.gitignore b/apps/emqx_auth_redis/.gitignore
deleted file mode 100644
index 71ecbe89a..000000000
--- a/apps/emqx_auth_redis/.gitignore
+++ /dev/null
@@ -1,28 +0,0 @@
-.rebar/
-.eunit/
-.erlang.mk/
-emqttd_auth_redis.d
-deps/
-ct.coverdata
-logs/
-test/ct.cover.spec
-ebin/
-*.o
-*.beam
-*.plt
-erl_crash.dump
-data
-emqx_auth_redis.d
-cover/
-eunit.coverdata
-_build/
-rebar.lock
-erlang.mk
-*.conf.rendered
-.rebar3/
-*.swp
-rebar.lock
-/.idea/
-.DS_Store
-/.ci/redis/nodes.*.conf
-/.ci/redis/*.log
\ No newline at end of file
diff --git a/apps/emqx_auth_redis/README.md b/apps/emqx_auth_redis/README.md
deleted file mode 100644
index 9aa851f88..000000000
--- a/apps/emqx_auth_redis/README.md
+++ /dev/null
@@ -1,171 +0,0 @@
-emqx_auth_redis
-===============
-
-EMQ X Redis Authentication/ACL Plugin
-
-Features
----------
-
-- Full *Authentication*, *Superuser*, *ACL* support
-- IPv4, IPv6 support
-- Connection pool by [ecpool](https://github.com/emqx/ecpool)
-- Support `single`, `sentinel`, `cluster` deployment structures of Redis
-- Completely cover Redis 5, Redis 6 in our tests
-
-
-Build Plugin
-------------
-
-```
-make && make tests
-```
-
-Configure Plugin
-----------------
-
-File: etc/emqx_auth_redis.conf
-
-```
-## Redis server address.
-##
-## Value: Port | IP:Port
-##
-## Redis Server: 6379, 127.0.0.1:6379, localhost:6379, Redis Sentinel: 127.0.0.1:26379
-auth.redis.server = 127.0.0.1:6379
-
-## redis sentinel cluster name
-## auth.redis.sentinel = mymaster
-
-## Redis pool size.
-##
-## Value: Number
-auth.redis.pool = 8
-
-## Redis database no.
-##
-## Value: Number
-auth.redis.database = 0
-
-## Redis password.
-##
-## Value: String
-## auth.redis.password =
-
-## Authentication query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Examples:
-##  - HGET mqtt_user:%u password
-##  - HMGET mqtt_user:%u password
-##  - HMGET mqtt_user:%u password salt
-auth.redis.auth_cmd = HMGET mqtt_user:%u password
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.redis.password_hash = plain
-
-## sha256 with salt prefix
-## auth.redis.password_hash = salt,sha256
-
-## sha256 with salt suffix
-## auth.redis.password_hash = sha256,salt
-
-## bcrypt with salt prefix
-## auth.redis.password_hash = salt,bcrypt
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.redis.password_hash = pbkdf2,sha256,1000,20
-
-## Superuser query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
-
-## ACL query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-auth.redis.acl_cmd = HGETALL mqtt_acl:%u
-```
-
-SuperUser
----------
-
-```
-HSET mqtt_user:<username> is_superuser 1
-```
-
-User Hash with Password Salt
-----------------------------
-
-Set a 'user' hash with 'password' 'salt' field, for example:
-
-```
-HMSET mqtt_user:<username> password "password" salt "salt"
-```
-
-User Set with Password
------------------------
-
-Set a 'user' Set with 'password' field for example:
-
-```
-HSET mqtt_user:<username> password "password"
-```
-
-ACL Rule Hash
--------------
-
-The plugin uses a redis hash to store ACL rules:
-
-```
-HSET mqtt_acl:<username> topic1 1
-HSET mqtt_acl:<username> topic2 2
-HSET mqtt_acl:<username> topic3 3
-```
-
-NOTE: 1: subscribe, 2: publish, 3: pubsub
-
-Subscription Hash
------------------
-
-NOTICE: Move to emqx_backend_redis...
-
-The plugin could store the static subscriptions into a redis Hash:
-
-```
-HSET mqtt_sub:<username> topic1 0
-HSET mqtt_sub:<username> topic2 1
-HSET mqtt_sub:<username> topic3 2
-```
-
-Load Plugin
------------
-
-```
-./bin/emqx_ctl plugins load emqx_auth_redis
-```
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_auth_redis/etc/emqx_auth_redis.conf b/apps/emqx_auth_redis/etc/emqx_auth_redis.conf
deleted file mode 100644
index 62a6e4fe1..000000000
--- a/apps/emqx_auth_redis/etc/emqx_auth_redis.conf
+++ /dev/null
@@ -1,131 +0,0 @@
-##--------------------------------------------------------------------
-## Redis Auth/ACL Plugin
-##--------------------------------------------------------------------
-## Redis Server cluster type
-## single    Single redis server
-## sentinel  Redis cluster through sentinel
-## cluster   Redis through cluster
-auth.redis.type = single
-
-## Redis server address.
-##
-## Value: Port | IP:Port
-##
-## Single Redis Server: 127.0.0.1:6379, localhost:6379
-## Redis Sentinel: "127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379"
-## Redis Cluster: "127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379"
-auth.redis.server = "127.0.0.1:6379"
-
-## Redis sentinel cluster name.
-##
-## Value: String
-## auth.redis.sentinel = mymaster
-
-## Redis pool size.
-##
-## Value: Number
-auth.redis.pool = 8
-
-## Redis database no.
-##
-## Value: Number
-auth.redis.database = 0
-
-## Redis password.
-##
-## Value: String
-## auth.redis.password =
-
-## Redis query timeout
-##
-## Value: Duration
-## auth.redis.query_timeout = 5s
-
-## Authentication query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-##
-## Examples:
-##  - "HGET mqtt_user:%u password"
-##  - "HMGET mqtt_user:%u password"
-##  - "HMGET mqtt_user:%u password salt"
-auth.redis.auth_cmd = "HMGET mqtt_user:%u password"
-
-## Password hash.
-##
-## Value: plain | md5 | sha | sha256 | bcrypt
-auth.redis.password_hash = plain
-
-## sha256 with salt prefix
-## auth.redis.password_hash = "salt,sha256"
-
-## sha256 with salt suffix
-## auth.redis.password_hash = "sha256,salt"
-
-## bcrypt with salt prefix
-## auth.redis.password_hash = "salt,bcrypt"
-
-## pbkdf2 with macfun iterations dklen
-## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
-## auth.redis.password_hash = "pbkdf2,sha256,1000,20"
-
-## Superuser query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-##  - %C: common name of client TLS cert
-##  - %d: subject of client TLS cert
-auth.redis.super_cmd = "HGET mqtt_user:%u is_superuser"
-
-## ACL query command.
-##
-## Value: Redis cmd
-##
-## Variables:
-##  - %u: username
-##  - %c: clientid
-auth.redis.acl_cmd = "HGETALL mqtt_acl:%u"
-
-## Redis ssl configuration.
-##
-## Value: on | off
-# auth.redis.ssl.enable = off
-
-## CA certificate.
-##
-## Value: File
-#auth.redis.ssl.cacertfile = path/to/your/cafile.pem
-
-## Client ssl certificate.
-##
-## Value: File
-# auth.redis.ssl.certfile = path/to/your/certfile
-
-## Client ssl keyfile.
-##
-## Value: File
-# auth.redis.ssl.keyfile = path/to/your/keyfile
-
-## In mode verify_none the default behavior is to allow all x509-path
-## validation errors.
-##
-## Value: true | false
-#auth.redis.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `auth.redis.server` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## auth.redis.ssl.server_name_indication = disable
\ No newline at end of file
diff --git a/apps/emqx_auth_redis/include/emqx_auth_redis.hrl b/apps/emqx_auth_redis/include/emqx_auth_redis.hrl
deleted file mode 100644
index 204d8ef70..000000000
--- a/apps/emqx_auth_redis/include/emqx_auth_redis.hrl
+++ /dev/null
@@ -1,23 +0,0 @@
-
--define(APP, emqx_auth_redis).
-
--record(auth_metrics, {
-        success = 'client.auth.success',
-        failure = 'client.auth.failure',
-        ignore = 'client.auth.ignore'
-    }).
-
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
-    }).
-
--define(METRICS(Type), tl(tuple_to_list(#Type{}))).
--define(METRICS(Type, K), #Type{}#Type.K).
-
--define(AUTH_METRICS, ?METRICS(auth_metrics)).
--define(AUTH_METRICS(K), ?METRICS(auth_metrics, K)).
-
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
diff --git a/apps/emqx_auth_redis/priv/emqx_auth_redis.schema b/apps/emqx_auth_redis/priv/emqx_auth_redis.schema
deleted file mode 100644
index db758d8c0..000000000
--- a/apps/emqx_auth_redis/priv/emqx_auth_redis.schema
+++ /dev/null
@@ -1,184 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_auth_redis config mapping
-
-{mapping, "auth.redis.type", "emqx_auth_redis.server", [
-  {default, single},
-  {datatype, {enum, [single, sentinel, cluster]}}
-]}.
-
-{mapping, "auth.redis.server", "emqx_auth_redis.server", [
-  {default, "127.0.0.1:6379"},
-  {datatype, [string]}
-]}.
-
-{mapping, "auth.redis.sentinel", "emqx_auth_redis.server", [
-  {default, ""},
-  {datatype, string},
-  hidden
-]}.
-
-{mapping, "auth.redis.pool", "emqx_auth_redis.server", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.redis.database", "emqx_auth_redis.server", [
-  {default, 0},
-  {datatype, integer}
-]}.
-
-{mapping, "auth.redis.password", "emqx_auth_redis.server", [
-  {default, ""},
-  {datatype, string},
-  hidden
-]}.
-
-{mapping, "auth.redis.ssl.enable", "emqx_auth_redis.options", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-{mapping, "auth.redis.ssl.cacertfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.ssl.certfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.ssl.keyfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.ssl.verify", "emqx_auth_redis.options", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "auth.redis.ssl.server_name_indication", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.redis.cafile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.redis.certfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-%% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-{mapping, "auth.redis.keyfile", "emqx_auth_redis.options", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_redis.options", fun(Conf) ->
-   Ssl = cuttlefish:conf_get("auth.redis.ssl.enable", Conf, false),
-   Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-   case Ssl of
-       true ->
-           %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
-           CA = cuttlefish:conf_get(
-                    "auth.redis.ssl.cacertfile", Conf,
-                    cuttlefish:conf_get("auth.redis.cafile", Conf, undefined)
-                ),
-           Cert = cuttlefish:conf_get(
-                    "auth.redis.ssl.certfile", Conf,
-                    cuttlefish:conf_get("auth.redis.certfile", Conf, undefined)
-                  ),
-           Key = cuttlefish:conf_get(
-                    "auth.redis.ssl.keyfile", Conf,
-                    cuttlefish:conf_get("auth.redis.keyfile", Conf, undefined)
-                 ),
-           Verify = case cuttlefish:conf_get("auth.redis.ssl.verify", Conf, false) of
-                         true -> verify_peer;
-                         false -> verify_none
-                     end,
-           SNI = case cuttlefish:conf_get("auth.redis.ssl.server_name_indication", Conf, undefined) of
-                   "disable" -> disable;
-                   SNI0 -> SNI0
-                 end,
-           [{options, [{ssl_options,
-                        Filter([{cacertfile, CA},
-                                {certfile, Cert},
-                                {keyfile, Key},
-                                {verify, Verify},
-                                {server_name_indication, SNI}
-                               ])
-                       }]}];
-       _ -> [{options, []}]
-   end
-end}.
-
-{translation, "emqx_auth_redis.server", fun(Conf) ->
-  Fun = fun(S) ->
-    case string:split(S, ":", trailing) of
-      [Domain]       -> {Domain, 6379};
-      [Domain, Port] -> {Domain, list_to_integer(Port)}
-    end
-  end,
-  Servers = cuttlefish:conf_get("auth.redis.server", Conf),
-  Type = cuttlefish:conf_get("auth.redis.type", Conf),
-  Server = case Type of
-    single ->
-      {Host, Port} = Fun(Servers),
-      [{host, Host}, {port, Port}];
-    _ ->
-      S = string:tokens(Servers, ","),
-      [{servers, [Fun(S1) || S1 <- S]}]
-  end,
-  Pool = cuttlefish:conf_get("auth.redis.pool", Conf),
-  Passwd = cuttlefish:conf_get("auth.redis.password", Conf),
-  DB = cuttlefish:conf_get("auth.redis.database", Conf),
-  Sentinel = cuttlefish:conf_get("auth.redis.sentinel", Conf),
-  [{type, Type},
-   {pool_size, Pool},
-   {auto_reconnect, 1},
-   {database, DB},
-   {password, Passwd},
-   {sentinel, Sentinel}] ++ Server
-end}.
-
-{mapping, "auth.redis.query_timeout", "emqx_auth_redis.query_timeout", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_redis.query_timeout", fun(Conf) ->
-  case cuttlefish:conf_get("auth.redis.query_timeout", Conf) of
-      "" -> infinity;
-      Duration ->
-          case cuttlefish_duration:parse(Duration, ms) of
-              {error, Reason} -> error(Reason);
-              Ms when is_integer(Ms) -> Ms
-          end
-  end
-end}.
-
-{mapping, "auth.redis.auth_cmd", "emqx_auth_redis.auth_cmd", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.password_hash", "emqx_auth_redis.password_hash", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.super_cmd", "emqx_auth_redis.super_cmd", [
-  {datatype, string}
-]}.
-
-{mapping, "auth.redis.acl_cmd", "emqx_auth_redis.acl_cmd", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_auth_redis.password_hash", fun(Conf) ->
-  HashValue = cuttlefish:conf_get("auth.redis.password_hash", Conf),
-  case string:tokens(HashValue, ",") of
-    [Hash]           -> list_to_atom(Hash);
-    [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
-    [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
-    _                -> plain
-  end
-end}.
diff --git a/apps/emqx_auth_redis/rebar.config b/apps/emqx_auth_redis/rebar.config
deleted file mode 100644
index 750f07809..000000000
--- a/apps/emqx_auth_redis/rebar.config
+++ /dev/null
@@ -1,24 +0,0 @@
-{deps,
-  %% NOTE: mind poolboy version when updating eredis_cluster version
-  %% poolboy version may clash with emqx_auth_mongo
- [
-  {poolboy, {git, "https://github.com/emqx/poolboy.git", {tag, "1.5.2"}}}
- ]}.
-
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions
-              ]}.
-
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_auth_redis/src/emqx_acl_redis.erl b/apps/emqx_auth_redis/src/emqx_acl_redis.erl
deleted file mode 100644
index 47f5acbba..000000000
--- a/apps/emqx_auth_redis/src/emqx_acl_redis.erl
+++ /dev/null
@@ -1,86 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_redis).
-
--include("emqx_auth_redis.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo, PubSub, Topic, AclResult, Config) ->
-    case do_check_acl(ClientInfo, PubSub, Topic, AclResult, Config) of
-        ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
-        {stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
-        {stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
-    end.
-
-do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Config) ->
-    ok;
-do_check_acl(ClientInfo, PubSub, Topic, _AclResult,
-             #{acl_cmd := AclCmd, timeout := Timeout, type := Type, pool := Pool}) ->
-    case emqx_auth_redis_cli:q(Pool, Type, AclCmd, ClientInfo, Timeout) of
-        {ok, []} -> ok;
-        {ok, Rules} ->
-            case match(ClientInfo, PubSub, Topic, Rules) of
-                allow   -> {stop, allow};
-                nomatch -> {stop, deny}
-            end;
-        {error, Reason} ->
-            ?LOG(error, "[Redis] do_check_acl error: ~p", [Reason]),
-            ok
-    end.
-
-match(_ClientInfo, _PubSub, _Topic, []) ->
-    nomatch;
-match(ClientInfo, PubSub, Topic, [Filter, Access | Rules]) ->
-    case {match_topic(Topic, feed_var(ClientInfo, Filter)),
-          match_access(PubSub, b2i(Access))} of
-        {true, true} -> allow;
-        {_, _} -> match(ClientInfo, PubSub, Topic, Rules)
-    end.
-
-match_topic(Topic, Filter) ->
-    emqx_topic:match(Topic, Filter).
-
-match_access(subscribe, Access) ->
-    (1 band Access) > 0;
-match_access(publish, Access) ->
-    (2 band Access) > 0.
-
-feed_var(#{clientid := ClientId, username := Username}, Str) ->
-    lists:foldl(fun({Var, Val}, Acc) ->
-                feed_var(Acc, Var, Val)
-        end, Str, [{"%u", Username}, {"%c", ClientId}]).
-
-feed_var(Str, _Var, undefined) ->
-    Str;
-feed_var(Str, Var, Val) ->
-    re:replace(Str, Var, Val, [global, {return, binary}]).
-
-b2i(Bin) -> list_to_integer(binary_to_list(Bin)).
-
-description() -> "Redis ACL Module".
-
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis.app.src b/apps/emqx_auth_redis/src/emqx_auth_redis.app.src
deleted file mode 100644
index 419131566..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_redis,
- [{description, "EMQ X Authentication/ACL with Redis"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_redis_sup]},
-  {applications, [kernel,stdlib,eredis,eredis_cluster,ecpool]},
-  {mod, {emqx_auth_redis_app, []}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-redis"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis.erl b/apps/emqx_auth_redis/src/emqx_auth_redis.erl
deleted file mode 100644
index 318a8b23a..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis.erl
+++ /dev/null
@@ -1,85 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis).
-
--include("emqx_auth_redis.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ register_metrics/0
-        , check/3
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?AUTH_METRICS).
-
-check(ClientInfo = #{password := Password}, AuthResult,
-      #{auth_cmd  := AuthCmd,
-        super_cmd := SuperCmd,
-        hash_type := HashType,
-        timeout   := Timeout,
-        type      := Type,
-        pool      := Pool}) ->
-    CheckPass = case emqx_auth_redis_cli:q(Pool, Type, AuthCmd, ClientInfo, Timeout) of
-                    {ok, PassHash} when is_binary(PassHash) ->
-                        check_pass({PassHash, Password}, HashType);
-                    {ok, [undefined|_]} ->
-                        {error, not_found};
-                    {ok, [PassHash]} ->
-                        check_pass({PassHash, Password}, HashType);
-                    {ok, [PassHash, Salt|_]} ->
-                        check_pass({PassHash, Salt, Password}, HashType);
-                    {error, Reason} ->
-                        ?LOG(error, "[Redis] Command: ~p failed: ~p", [AuthCmd, Reason]),
-                        {error, not_found}
-                end,
-    case CheckPass of
-        ok ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(success)),
-            IsSuperuser = is_superuser(Pool, Type, SuperCmd, ClientInfo, Timeout),
-            {stop, AuthResult#{is_superuser => IsSuperuser,
-                               anonymous    => false,
-                               auth_result  => success}};
-        {error, not_found} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(ignore));
-        {error, ResultCode} ->
-            ok = emqx_metrics:inc(?AUTH_METRICS(failure)),
-            ?LOG(error, "[Redis] Auth from redis failed: ~p", [ResultCode]),
-            {stop, AuthResult#{auth_result => ResultCode, anonymous => false}}
-    end.
-
-description() -> "Authentication with Redis".
-
--spec(is_superuser(atom(), atom(), undefined|list(), emqx_types:client(), timeout()) -> boolean()).
-is_superuser(_Pool, _Type, undefined, _ClientInfo, _Timeout) -> false;
-is_superuser(Pool, Type, SuperCmd, ClientInfo, Timeout) ->
-    case emqx_auth_redis_cli:q(Pool, Type, SuperCmd, ClientInfo, Timeout) of
-        {ok, undefined} -> false;
-        {ok, <<"1">>}   -> true;
-        {ok, _Other}    -> false;
-        {error, _Error} -> false
-    end.
-
-check_pass(Password, HashType) ->
-    case emqx_passwd:check_pass(Password, HashType) of
-        ok -> ok;
-        {error, _Reason} -> {error, not_authorized}
-    end.
-
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl b/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
deleted file mode 100644
index 3f0b6ce26..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_app.erl
+++ /dev/null
@@ -1,70 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_redis.hrl").
-
--export([ start/2
-        , stop/1
-        ]).
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_redis_sup:start_link(),
-    _ = if_cmd_enabled(auth_cmd, fun load_auth_hook/1),
-    _ = if_cmd_enabled(acl_cmd,  fun load_acl_hook/1),
-    {ok, Sup}.
-
-stop(_State) ->
-    emqx:unhook('client.authenticate', {emqx_auth_redis, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_redis, check_acl}),
-    %% Ensure stop cluster pool if the server type is cluster
-    eredis_cluster:stop_pool(?APP).
-
-load_auth_hook(AuthCmd) ->
-    SuperCmd = application:get_env(?APP, super_cmd, undefined),
-    {ok, HashType} = application:get_env(?APP, password_hash),
-    {ok, Timeout} = application:get_env(?APP, query_timeout),
-    Type = proplists:get_value(type, application:get_env(?APP, server, [])),
-    Config = #{auth_cmd => AuthCmd,
-               super_cmd => SuperCmd,
-               hash_type => HashType,
-               timeout => Timeout,
-               type => Type,
-               pool => ?APP},
-    ok = emqx_auth_redis:register_metrics(),
-    emqx:hook('client.authenticate', {emqx_auth_redis, check, [Config]}).
-
-load_acl_hook(AclCmd) ->
-    {ok, Timeout} = application:get_env(?APP, query_timeout),
-    Type = proplists:get_value(type, application:get_env(?APP, server, [])),
-    Config = #{acl_cmd => AclCmd,
-               timeout => Timeout,
-               type => Type,
-               pool => ?APP},
-    ok = emqx_acl_redis:register_metrics(),
-    emqx:hook('client.check_acl', {emqx_acl_redis, check_acl, [Config]}).
-
-if_cmd_enabled(Par, Fun) ->
-    case application:get_env(?APP, Par) of
-        {ok, Cmd} -> Fun(Cmd);
-        undefined -> ok
-    end.
-
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl b/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
deleted file mode 100644
index 52ac39a7b..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_cli.erl
+++ /dev/null
@@ -1,89 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis_cli).
-
--behaviour(ecpool_worker).
-
--include("emqx_auth_redis.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--import(proplists, [get_value/2, get_value/3]).
-
--export([ connect/1
-        , q/5
-        ]).
-
-%%--------------------------------------------------------------------
-%% Redis Connect/Query
-%%--------------------------------------------------------------------
-
-connect(Opts) ->
-    Sentinel = get_value(sentinel, Opts),
-    Host = case Sentinel =:= "" of
-        true -> get_value(host, Opts);
-        false ->
-            _ = eredis_sentinel:start_link(get_value(servers, Opts), get_value(options, Opts, [])),
-            "sentinel:" ++ Sentinel
-    end,
-    case eredis:start_link(Host,
-                           get_value(port, Opts, 6379),
-                           get_value(database, Opts, 0),
-                           get_value(password, Opts, ""),
-                           3000,
-                           5000,
-                           get_value(options, Opts, [])) of
-            {ok, Pid} -> {ok, Pid};
-            {error, Reason = {connection_error, _}} ->
-                ?LOG(error, "[Redis] Can't connect to Redis server: Connection refused."),
-                {error, Reason};
-            {error, Reason = {authentication_error, _}} ->
-                ?LOG(error, "[Redis] Can't connect to Redis server: Authentication failed."),
-                {error, Reason};
-            {error, Reason} ->
-                ?LOG(error, "[Redis] Can't connect to Redis server: ~p", [Reason]),
-                {error, Reason}
-    end.
-
-%% Redis Query.
--spec(q(atom(), atom(), string(), emqx_types:credentials(), timeout())
-      -> {ok, undefined | binary() | list()} | {error, atom() | binary()}).
-q(Pool, Type, CmdStr, Credentials, Timeout) ->
-    Cmd = string:tokens(replvar(CmdStr, Credentials), " "),
-    case Type of
-        cluster -> eredis_cluster:q(Pool, Cmd);
-        _ -> ecpool:with_client(Pool, fun(C) -> eredis:q(C, Cmd, Timeout) end)
-    end.
-
-replvar(Cmd, Credentials = #{cn := CN}) ->
-    replvar(repl(Cmd, "%C", CN), maps:remove(cn, Credentials));
-replvar(Cmd, Credentials = #{dn := DN}) ->
-    replvar(repl(Cmd, "%d", DN), maps:remove(dn, Credentials));
-replvar(Cmd, Credentials = #{clientid := ClientId}) ->
-    replvar(repl(Cmd, "%c", ClientId), maps:remove(clientid, Credentials));
-replvar(Cmd, Credentials = #{username := Username}) ->
-    replvar(repl(Cmd, "%u", Username), maps:remove(username, Credentials));
-replvar(Cmd, _) ->
-    Cmd.
-
-repl(S, _Var, undefined) ->
-    S;
-repl(S, Var, Val) ->
-    NVal = re:replace(Val, "&", "\\\\&", [global, {return, list}]),
-    re:replace(S, Var, NVal, [{return, list}]).
-
diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl b/apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl
deleted file mode 100644
index ef81eef86..000000000
--- a/apps/emqx_auth_redis/src/emqx_auth_redis_sup.erl
+++ /dev/null
@@ -1,43 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis_sup).
-
--behaviour(supervisor).
-
--include("emqx_auth_redis.hrl").
-
--export([start_link/0]).
-
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    {ok, Server} = application:get_env(?APP, server),
-    {ok, {{one_for_one, 10, 100}, pool_spec(Server)}}.
-
-pool_spec(Server) ->
-    Options = application:get_env(?APP, options, []),
-    case proplists:get_value(type, Server) of
-        cluster ->
-            {ok, _} = eredis_cluster:start_pool(?APP, Server ++ Options),
-            [];
-        _ ->
-            [ecpool:pool_spec(?APP, ?APP, emqx_auth_redis_cli, Server ++ Options)]
-    end.
-
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl
deleted file mode 100644
index 24d3b20bd..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE.erl
+++ /dev/null
@@ -1,186 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_redis_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
-
--include_lib("common_test/include/ct.hrl").
-
--include_lib("eunit/include/eunit.hrl").
-
--define(APP, emqx_auth_redis).
-
--define(POOL(App), ecpool_worker:client(gproc_pool:pick_worker({ecpool, App}))).
-
--define(INIT_ACL, [{"mqtt_acl:test1", "topic1", "2"},
-                   {"mqtt_acl:test2", "topic2", "1"},
-                   {"mqtt_acl:test3", "topic3", "3"}]).
-
--define(INIT_AUTH, [{"mqtt_user:plain", ["password", "plain", "salt", "salt", "is_superuser", "1"]},
-                    {"mqtt_user:special&symbol", ["password", "plain", "salt", "salt", "is_superuser", "0"]},
-                    {"mqtt_user:md5", ["password", "1bc29b36f623ba82aaf6724fd3b16718", "salt", "salt", "is_superuser", "0"]},
-                    {"mqtt_user:sha", ["password", "d8f4590320e1343a915b6394170650a8f35d6926", "salt", "salt", "is_superuser", "0"]},
-                    {"mqtt_user:sha256", ["password", "5d5b09f6dcb2d53a5fffc60c4ac0d55fabdf556069d6631545f42aa6e3500f2e", "salt", "salt", "is_superuser", "0"]},
-                    {"mqtt_user:pbkdf2_password", ["password", "cdedb5281bb2f801565a1122b2563515", "salt", "ATHENA.MIT.EDUraeburn", "is_superuser", "0"]},
-                    {"mqtt_user:bcrypt_foo", ["password", "$2a$12$sSS8Eg.ovVzaHzi1nUHYK.HbUIOdlQI0iS22Q5rd5z.JVVYH6sfm6", "salt", "$2a$12$sSS8Eg.ovVzaHzi1nUHYK.", "is_superuser", "0"]},
-                    {"mqtt_user:bcrypt", ["password", "$2y$16$rEVsDarhgHYB0TGnDFJzyu5f.T.Ha9iXMTk9J36NCMWWM7O16qyaK", "salt", "salt", "is_superuser", "0"]}]).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    emqx_ct_helpers:start_apps([emqx_auth_redis], fun set_special_configs/1),
-    init_redis_rows(),
-    Cfg.
-
-end_per_suite(_Cfg) ->
-    deinit_redis_rows(),
-    emqx_ct_helpers:stop_apps([emqx_auth_redis]).
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, acl_nomatch, deny),
-    application:set_env(emqx, enable_acl_cache, false);
-set_special_configs(_App) ->
-    ok.
-
-init_redis_rows() ->
-    %% Users
-    [q(["HMSET", Key|FiledValue]) || {Key, FiledValue} <- ?INIT_AUTH],
-    %% ACLs
-    Result = [q(["HSET", Key, Filed, Value]) || {Key, Filed, Value} <- ?INIT_ACL],
-    ct:pal("redis init result: ~p~n", [Result]).
-
-deinit_redis_rows() ->
-    AuthKeys = [Key || {Key, _Filed, _Value} <- ?INIT_AUTH],
-    AclKeys = [Key || {Key, _Value} <- ?INIT_ACL],
-    q(["DEL" | AuthKeys]),
-    q(["DEL" | AclKeys]).
-
-%%--------------------------------------------------------------------
-%% Cases
-%%--------------------------------------------------------------------
-
-t_check_auth(_) ->
-    Plain = #{clientid => <<"client1">>, username => <<"plain">>, zone => external},
-    SpecialSymbol = #{clientid => <<"special_symbol">>, username => <<"special&symbol">>, zone => external},
-    Md5 = #{clientid => <<"md5">>, username => <<"md5">>, zone => external},
-    Sha = #{clientid => <<"sha">>, username => <<"sha">>, zone => external},
-    Sha256 = #{clientid => <<"sha256">>, username => <<"sha256">>, zone => external},
-    Pbkdf2 = #{clientid => <<"pbkdf2_password">>, username => <<"pbkdf2_password">>, zone => external},
-    BcryptFoo = #{clientid => <<"bcrypt_foo">>, username => <<"bcrypt_foo">>, zone => external},
-    User1 = #{clientid => <<"bcrypt_foo">>, username => <<"user">>, zone => external},
-    User3 = #{clientid => <<"client3">>, zone => external},
-    Bcrypt = #{clientid => <<"bcrypt">>, username => <<"bcrypt">>, zone => external},
-    {error, _} = emqx_access_control:authenticate(User3#{password => <<>>}),
-    reload([{password_hash, plain}]),
-    {ok, #{is_superuser := true}} = emqx_access_control:authenticate(Plain#{password => <<"plain">>}),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(SpecialSymbol#{password => <<"plain">>}),
-    reload([{password_hash, md5}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Md5#{password => <<"md5">>}),
-    reload([{password_hash, sha}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha#{password => <<"sha">>}),
-    reload([{password_hash, sha256}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Sha256#{password => <<"sha256">>}),
-    reload([{password_hash, bcrypt}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}),
-    %%pbkdf2 sha
-    reload([{password_hash, {pbkdf2, sha, 1, 16}}, {auth_cmd, "HMGET mqtt_user:%u password salt"}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(Pbkdf2#{password => <<"password">>}),
-    reload([{password_hash, {salt, bcrypt}}]),
-    {ok, #{is_superuser := false}} = emqx_access_control:authenticate(BcryptFoo#{password => <<"foo">>}),
-    {error,_} = emqx_access_control:authenticate(User1#{password => <<"foo">>}),
-    {error, _} = emqx_access_control:authenticate(Bcrypt#{password => <<"password">>}).
-
-t_check_auth_hget(_) ->
-    q(["HSET", "mqtt_user:hset", "password", "hset"]),
-    q(["HSET", "mqtt_user:hset", "is_superuser", "1"]),
-    reload([{password_hash, plain}, {auth_cmd, "HGET mqtt_user:%u password"}]),
-    Hset = #{clientid => <<"hset">>, username => <<"hset">>, zone => external},
-    {ok, #{is_superuser := true}} = emqx_access_control:authenticate(Hset#{password => <<"hset">>}).
-
-t_check_acl(_) ->
-    User1 = #{zone => external, clientid => <<"client1">>, username => <<"test1">>},
-    User2 = #{zone => external, clientid => <<"client2">>, username => <<"test2">>},
-    User3 = #{zone => external, clientid => <<"client3">>, username => <<"test3">>},
-    User4 = #{zone => external, clientid => <<"client4">>, username => <<"$$user4">>},
-    deny = emqx_access_control:check_acl(User1, subscribe, <<"topic1">>),
-    allow = emqx_access_control:check_acl(User1, publish, <<"topic1">>),
-
-    deny = emqx_access_control:check_acl(User2, publish, <<"topic2">>),
-    allow = emqx_access_control:check_acl(User2, subscribe, <<"topic2">>),
-    allow = emqx_access_control:check_acl(User3, publish, <<"topic3">>),
-    allow = emqx_access_control:check_acl(User3, subscribe, <<"topic3">>),
-    deny = emqx_access_control:check_acl(User4, publish, <<"a/b/c">>).
-
-t_acl_super(_) ->
-    reload([{password_hash, plain}]),
-    {ok, C} = emqtt:start_link([{host,      "localhost"},
-                                {clientid, <<"simpleClient">>},
-                                {username,  <<"plain">>},
-                                {password,  <<"plain">>}]),
-    {ok, _} = emqtt:connect(C),
-    timer:sleep(10),
-    emqtt:subscribe(C, <<"TopicA">>, qos2),
-    timer:sleep(1000),
-    emqtt:publish(C, <<"TopicA">>, <<"Payload">>, qos2),
-    timer:sleep(1000),
-    receive
-        {publish, #{payload := Payload}} ->
-        ?assertEqual(<<"Payload">>, Payload)
-    after
-        1000 ->
-            ct:fail({receive_timeout, <<"Payload">>}),
-            ok
-    end,
-    emqtt:disconnect(C).
-
-t_check_cluster_connection(_) ->
-    ?assertMatch({error, _Reason}, reload([{server, [{type,cluster},
-                                           {pool_size,8},
-                                           {auto_reconnect,1},
-                                           {database,0},
-                                           {password,[]},
-                                           {sentinel,[]},
-                                           {servers,[{"wrong",6379},{"wrong",6380},{"wrong",6381}]}]}])).
-
-
-%%--------------------------------------------------------------------
-%% Internal funcs
-%%--------------------------------------------------------------------
-
-reload(Config) when is_list(Config) ->
-    application:stop(?APP),
-    [application:set_env(?APP, K, V) || {K, V} <- Config],
-    application:start(?APP).
-
-q(Cmd) ->
-    {ok, Server} = application:get_env(?APP, server),
-    case proplists:get_value(type, Server) of
-        cluster ->
-            eredis_cluster:q(emqx_auth_redis, Cmd);
-        _ ->
-            {ok, Connection} = ?POOL(?APP),
-            eredis:q(Connection, Cmd)
-    end.
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
deleted file mode 100644
index b46bef4e5..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE5jCCAs4CCQCc1DzEYETfKTANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
-ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAx
-MDI5MDEzNDE2WhcNMzAxMDI3MDEzNDE2WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0
-MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQC/RxC/zQ6+ThI2l+LT5tpuvljE7CPca5erahTjv1Pq
-mbmHYIVlige9jvZKR/AaaHuhNRT6C4PDpD98TgrhSLSgMMFImoFMSnmFEOVave3O
-y1qV9vtoHLMB9hO+t7P98KRi1sCoMdPIE/o5uEGSd4YgWbk3NllAV6me108UniWU
-yZMCSEKmV9OpfQ+YfHFolESV92ajdViDbtRBjfDNwD7qb8zgigxIJvBzEnWF4RZl
-4+KIiyoJ55AQ3omdEi0QwiRRRONFtB6kRSqjGS8genGnycX1ZNPRB8JeG3ESuFj9
-1WQUD0EMBXFB5agHoZjvtFwxOkUkA4XbcnpKddHGKRt4BAbm+YcizJaT7mRytGWZ
-UoTrDWz8/Cc0BlwAfPEk6ogU/sLSZpdxjxwprCNB89UOI+q7ng7CYiFnxY9HHZeg
-GCJxYfvpKM/eOT9mSLUug8EGITd0j2cusflO4Q243clPyRbTSSr39Pcpy8rfKApF
-HkUuGIpa/qgAbez+lPlIydzpbrTgrnHvL1P6fCYTnHkcgSn8glBIKv3vh4zQd6df
-JvcLv3WEka9+lyoCvJ0QH+/ITqrToyWa8g9fR3ajTlyMANesKxQejo80zCwk/0ns
-SFKRIJc6vfnUJ12Vdxpmm1LeoJZnCYODNUeeksL1ahHCBGq4M8UJ+ycUM6N4ndWE
-6QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAg0BaIi7lzrNb7xC42c+GJVrBq8Qf8
-7CBzP8SXYGUavQIYNRrtH8UgTOwaju9vOn3zoY8L59N6e+Icyt+Oh1FENcQMCZ2l
-SP79iaY9A/dRV56p6NqNd3VWH+EuRGbQVatLdhJf3l5+W1z3Dum1YXmIn26acawF
-GZVqLalgvLqPzPHHWEqz9RnmcvTu3w9YVb4NgbmY4byCb6mB2avt0iWQrY/fZSMe
-FvRXurr0jwyIXBncqnXu97sCeccNc+fo3qZC1xxH9iXOIzrRg0ud7VGMTKcNLTTc
-GqnbjNT8BC96Qp2Bs8J+JGZa3mT/usKBq2TT/3q6oKevuc23u/a5s1rztnqZgIe5
-RzfevJ79xdva6DMSq/8Yyd3I8hrs3oZKJbAce6ux01RsrCcY2O7gi4dAMoEGumxW
-CS9XLchNy7QxQ+J2AKBZXd6AZjvTvloDGz/yC5EbdK/MnLz8oApK5Z8U/huEilFa
-AymVWQWpmlX2KxW0nkCperlb7lcbPS+ZuH0+Zd9HOvqr9cpYMrwpF54q4vnzUQkR
-Hsxoapv/FBsVoxtcOqrcxwGpYWCsV0VBnv9+1fzzZ83aK7CHDIeGVuKPyjkhHzLy
-v7Ljuqg400wH0WB9pyEdK+O3F+xO3zJgf4o0JptOKOFBVVSkZWTrqlDjjbcnXBmh
-dwgj2xYeigqHJA==
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.key b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.key
deleted file mode 100644
index b615a8c1e..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.key
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAv0cQv80Ovk4SNpfi0+babr5YxOwj3GuXq2oU479T6pm5h2CF
-ZYoHvY72SkfwGmh7oTUU+guDw6Q/fE4K4Ui0oDDBSJqBTEp5hRDlWr3tzstalfb7
-aByzAfYTvrez/fCkYtbAqDHTyBP6ObhBkneGIFm5NzZZQFepntdPFJ4llMmTAkhC
-plfTqX0PmHxxaJRElfdmo3VYg27UQY3wzcA+6m/M4IoMSCbwcxJ1heEWZePiiIsq
-CeeQEN6JnRItEMIkUUTjRbQepEUqoxkvIHpxp8nF9WTT0QfCXhtxErhY/dVkFA9B
-DAVxQeWoB6GY77RcMTpFJAOF23J6SnXRxikbeAQG5vmHIsyWk+5kcrRlmVKE6w1s
-/PwnNAZcAHzxJOqIFP7C0maXcY8cKawjQfPVDiPqu54OwmIhZ8WPRx2XoBgicWH7
-6SjP3jk/Zki1LoPBBiE3dI9nLrH5TuENuN3JT8kW00kq9/T3KcvK3ygKRR5FLhiK
-Wv6oAG3s/pT5SMnc6W604K5x7y9T+nwmE5x5HIEp/IJQSCr974eM0HenXyb3C791
-hJGvfpcqArydEB/vyE6q06MlmvIPX0d2o05cjADXrCsUHo6PNMwsJP9J7EhSkSCX
-Or351CddlXcaZptS3qCWZwmDgzVHnpLC9WoRwgRquDPFCfsnFDOjeJ3VhOkCAwEA
-AQKCAgBF1jSPUtcnNGoB9MKki40FEgpnG7CcMcxWkYy++oQxC59phhwuTo807pWN
-2WYYvj0lRrQ59ypMrBNh1zyxtFH+is6HK6I5sJddtiWHVAEXl7ejOWHhSVkyRh4/
-a+MTvGDIlZAR2N9yFZkuqc+HIoyeEyREvFsp2tfbXtFIvdUK1e4Oz0NGaJqnLzoa
-epUNkdTYzFN1Ksr+ceCdbq2U8bQG9HrhIIYLcewol3zBPMVoviNfpy/aHenDvvyP
-lKtPixKneXdhY7osT/SZSACk4w/MKydTyVRs5WBZ67sFErmrM9YuXMNrGDGZ1bfb
-0Wx9WGSwtI258G9XCB0OQqYsq6WTMaEei+z8l0iarZi1l2bz2F89J+IBYM8RqSsa
-E30F8AtEG32QJUfK3F6k6N4uLx6JZduJgLyzsSh6q51ghAJ8kD1vUkEeXffCzynp
-hzwRHUw5O1jNLEBdKYHpSyszlFX6qbzR1YXypzZs/aehZi5d89eBKN8X/Fnbi9a2
-Q0MqpZ5J/1hH7zadJFibNyuOCP4CNO3Hm18PjyEFRrCMbSF293kY9GoiOlQiwNAT
-MqrsyLYgHPCXKXpG/R60lyHEfWKO9sOjyh+mSbv3QfNZS32Fweuo0R/vGYmkmtGn
-wpn2IeSmX8ychdQrSemJjwzjUl/EUN0lGRAlHEt4ZDf52vHZ4QKCAQEA9k7b2vpU
-g3S3GRCMzhl8GKZloNSbnR/ZHE8b9PVNahp0bQcZj+1yimF35p27VZR662ZBoKLy
-/MLyPT+ZyynykwypcTVA5U9CABpSlyZMeezLnFlBXeHHMeoXcBZfFqHeXSsNYbhW
-OStf4BGwKf7m/V0P/QL9mNsA/iq2uugC1gHoyp422YUIQQvKkBiFyMl34Zp2URsX
-yIwb9aVyg2GogKDtbDPIwW89l3BCBiwalvjR6UotbXh3PQgYbsv62rTJ8AN+E+XH
-eSQPnmPR6EXtX2nDuov996qlbja+JQE3SAls4EXLbrLyjSlObjcvkA59r+kZgNIY
-g88hv7e9ublfqwKCAQEAxs3d9Zmjh9ByCT6jOUVnRMqw0+lVyVOs0kp7nOCb4HKM
-CnupZuJQHQVQt7VhgD7FrALmYwkpt2e/WllN9bPFHRJcsw+SylOqyPil9G4DO5XZ
-YPvk6PeQ/c0cbREKhsYNXqj5fWdq5pRd8rE72rK82mhdGQtAAN7NOEW5fo5tqHDK
-D079SZmpcgd8Wz9luNpnZRpNhO3ccKV5yf0S1LZOZBbG9t875OVNhxlQY5wwIBXv
-8ab13zcFKG21tWvLzz80vgkMIp0A9xh0XznIRnH3NnBZB80Yubg4sIaWvX7bqZ4X
-EE9HGeiamw6c6Sm/Lvh/H659ri95l7C9TgAfAA7puwKCAQEAgJ/N0BzJ5ZwdwckS
-vs4wL+81QzfDy9nF1zK4tsMjGjWWdxkuECs/lWQw6Q2VtqtDRYqw2uI9YiGrvrBn
-7+CH/KKwGZ5ltVoebU9Rsf0eEs3FxnAV4qD1FOvaMX59SaReKulAo7dPz6sG9kxG
-YqfqmITwxH+7TwePDSvhINnoITn+B1F38z+1f8JYlcc4lhIfuIChKNmtId2I/E7Z
-7iIhjIp9cfPY8qrUzzCgSfjeKdjmRZ2m+3PdUNHZcIK1DWE700r/nARylqBuR5h5
-FYLu4tSokdJpXdyPZ27O/SQValkBslzAT57Da1QW0RegjuoCWMqxtsQAaVTRmvyo
-50QW4QKCAQBLJFbn1MmFtRjVO7KwG/Z7fu01O7WsIg9pcLOmSRNB06nw8GrIM3Q6
-c97dgRY4RgGrEXGJL1ZwNyuRd73Kx8cSRPV6zMEb7mHYEnuPluFr7Si7ypnsIF7S
-P2umIdHLvSIijFW4u5UhUCTubWUFNZfCKb4+kA0CBzSkN150Yls6Vl9ZR+7emdD9
-A61SQ/Ur2IlKIpX4T3uJrFILMbejZMDefel4OEpIKw+Rp9TFwaxDBGer/AJk+0Pc
-0xLiXrsrO2WxCnRmxNcvjjO2Jn33em4JSo+sLi5RTDtJJaXmPAPE6bcn9/8U4OFH
-CE/wpVHY7B4ImIhyhQk9d5Ul3U/aUsivAoIBAG8zk3CnFAnii1ENxhPtE8GCinvs
-NdsluVtvUgMcA8gNzvqLHLQCoIy/b1wkqxPVsdTq1gZ7+FX9D9LzW9JxrWeEZqVV
-jrUQIbls6HZei7i5x0tPwh1shOZiijgY24I6HDX9QRKZ7H7lLw0HfJI9YBI1Hl8E
-naOtCuzFiaYEPfbGQACL8/UuoOZaD31JQda2EGYysGRxxJ2ZNPJIphCrwRb/nQBG
-7WwCSCzu0peFNhZPVvkWHaFN73Uv/MmgFkp8RZzw9TEENB05wluCZB1TYJAOe65n
-HnRWSDvWYR4lzMtq5WASFLC0WrFTiJKRCuKPljjoTptbXsJKyskW/t/+XPM=
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.txt b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.txt
deleted file mode 100644
index cf4e2aba5..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.txt
+++ /dev/null
@@ -1 +0,0 @@
-BFFAA2A065DFA6FC
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
deleted file mode 100644
index 5eefadf62..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID1zCCAb8CCQC/+qKgZd+m/DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS
-ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAx
-MDI5MDEzNDE2WhcNMjExMDI5MDEzNDE2WjAmMRMwEQYDVQQKDApSZWRpcyBUZXN0
-MQ8wDQYDVQQDDAZTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDSs3bQ9sYi2AhFuHU75Ryk1HHSgfzA6pQAJilmJdTy0s5vyiWe1HQJaWkMcS5V
-GVzGMK+c+OBqtXtDDninL3betg1YPMjSCOjPMOTC1H9K7+effwf7Iwpnw9Zro8mb
-TEmMslIYhhcDedzT9Owli4QAgbgTn4l1BYuKX9CLrrKFtnr21miKu3ydViy9q7T1
-pib3eigvAyk7X2fadHFArGEttsXrD6cetPPkSF/1OLWNlqzUKXzhSyrBXzO44Kks
-fwR/EpTiES9g4dNOL2wvKS/YE1fNKhiCENrNxTXQo1l0yOdm2+MeyOeHFzRuS0b/
-+uGDFOPPi04KXeO6dQ5olBCPAgMBAAEwDQYJKoZIhvcNAQELBQADggIBADn0E2vG
-iQWe8/I7VbBdPhPNupVNcLvew10eIHxY2g5vSruCSVRQTgk8itVMRmDQxbb7gdDW
-jnCRbxykxbLjM9iCRljnOCsIcTi7qO7JRl8niV8dtEpPOs9lZxEdNXjIV1iZoWf3
-arBbPQSyQZvTQHG6qbFnyCdMMyyXGGvEPGQDaBiKH+Ko1qeAbCi0zupChYvxmtZ8
-hSTPlMFezDT9bKoNY0pkJSELfokEPU/Pn6Lz/NVbdzmCMjVa/xmF3s31g+DGhz95
-4AyOnCr6o0aydPVVV3pB/BCezNXPUxpp53BG0w/K2f2DnKYCvGvJbqDAaJ8bG/J1
-EFSOmwobdwVxJz3KNubmo1qJ6xOl/YT7yyqPRQRM1SY8nZW+YcoJSZjOe8wJVlob
-d0bOwN1C3HQwomyMWes187bEQP6Y36HuEbR1fK8yIOzGsGDKRFAFwQwMgw2M91lr
-EJIP5NRD3OZRuiYDiVfVhDZDaNahrAMZUcPCgeCAwc4YG6Gp2sDtdorOl4kIJYWE
-BbBZ0Jplq9+g6ciu5ChjAW8iFl0Ae5U24MxPGXnrxiRF4WWxLeZMVLXLDvlPqReD
-CHII5ifyvGEt5+RhqtZC/L+HimL+5wQgOlntqhUdLb6yWRz7YW37PFMnUXU3MXe9
-uY7m73ZLluXiLojcZxU2+cx89u5FOJxrYtrj
------END CERTIFICATE-----
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.dh b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.dh
deleted file mode 100644
index f7dd0569d..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.dh
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEAo2dgOzTnLK7c8AjkiTXxdmo2MJsyzTlNXUDxLfl2hgwic6benyQ3
-9iL95wKjYg2YpMhzbwux50D+9XeVkRatf1pRi/N9H911f90MO6penzUx/dxfOepN
-qoGK/T9xO8e6aFCYOoQjJaZzQYC0HixJVadZd7wRlHkZ3siNKUU5QK68KaN3JE3J
-R3yZ9A7MU/TVdwZyVIyoWF2+WJMQW+qaezoqiuVKZXXzzoqbj14ZrtPRmO26vMV/
-bmMuHwPsk9dL7tKnTWEOrs6NVHIQW+RxJuRE9wGa0qqzHAzysEQ8q9QYPRvGo5y+
-XRWosl1bHG4+EmvXsCCs35bcbKToi3NFWwIBAg==
------END DH PARAMETERS-----
diff --git a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key b/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key
deleted file mode 100644
index b76303f14..000000000
--- a/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpgIBAAKCAQEA0rN20PbGItgIRbh1O+UcpNRx0oH8wOqUACYpZiXU8tLOb8ol
-ntR0CWlpDHEuVRlcxjCvnPjgarV7Qw54py923rYNWDzI0gjozzDkwtR/Su/nn38H
-+yMKZ8PWa6PJm0xJjLJSGIYXA3nc0/TsJYuEAIG4E5+JdQWLil/Qi66yhbZ69tZo
-irt8nVYsvau09aYm93ooLwMpO19n2nRxQKxhLbbF6w+nHrTz5Ehf9Ti1jZas1Cl8
-4UsqwV8zuOCpLH8EfxKU4hEvYOHTTi9sLykv2BNXzSoYghDazcU10KNZdMjnZtvj
-Hsjnhxc0bktG//rhgxTjz4tOCl3junUOaJQQjwIDAQABAoIBAQCP7CJ27nm9B0/v
-P+ZkeUWtmaf+IOhjZlieGXMh4SmqjDCSz8QO0BRK8YPeCdmaK27huhPa521ztm9y
-CIqFuLg7vKM06KBMR+Wu0TkRlFE3ANR4cC8lbnQHGRB4CjMGL3/16UCGm+FQcIdV
-CPHdW4VZS0JPtSQRmS4N4RD0uOocxqGcVbCRqnJoNp1zyXhookgHfZsC3b3cgzC7
-qvI9F1oY4Yg4b9Lw5sNi3JXWtFth8JFOPyImRcE0ngcGZK4iWjiufNKWVeTmSmVy
-njMZfj8xKSpfqO3sOTbJMdrH1v5pMrAR/Ed748HheXuL15Ur9n88683hMMATZInn
-YzIqNSrBAoGBAO94YBB1hN+jSKw+2FbAhuuM0gWHREmLQuaF2vjeVXL3r6YofFmf
-+oJNgoOWXsv4KO2MgKDv4qrz7RohhhQpOFm5PpapSH/di7u6KsbJLYSxv/TEqQFE
-NPyGywwNDIkn1wPlnX3LXp26puj2Gtn21Z0trUrpgsDM99BaTBbqTR2xAoGBAOE+
-tw0GHD/6CRPfoBIgVilS/sUJ5VJYTTKo/y6ozovCAq4bt5LkYmAOy6q8paHb58Oc
-J890+LEPhelM/ZJDDz9oQFfq5LvuzgNfzDRyIhgDSpghtFrdDxQZP1X1lSdh+MFW
-gx0k9h8VuIPksBsIgcmUtyCYitxLFep/0tAA/GI/AoGBAMxexEVntjWSScROgh1P
-hBXlAZycO4g0ZK0OEboRLYXHos1AghePM6Ee+0LIAzE6IdvR7DjtYVoagQCrGZ19
-LE1Ojf7QjEIr1kQpdrZeHQ3BERyY9c9R4ZKeiw1G2ar4KEV4Ifeop6AfGrF4z6Oz
-R80znVBwhxl6FAhp98QaxCORAoGBAInkc/nEKN09u/rvpzYRl83aol+MDFjZ+ACw
-lvBApZnHnw5pp3uE13jI9gRDUv8A+iS1X2XQzULQJwHJgV7eMOJ3dxSbl4Y5zuMf
-7YqZ6KdctHjoAVqzBD0gq7Z7DuG6R6hMxx27d/VVvcz43preHV6D7YxF9pSgXv1d
-XXi7ccbPAoGBAIeLzCYd+JGufHwbq7oNvSyXJjGMjsAQuErUQ0xXwo7VAyOere2P
-Dwk67wq6vsmn38EAs7IkXDgIoTD9z69DNtcjr/3fARYfmDSWyHscRwyUaJ15WQcZ
-TCXAPf70Vf0KGBpRkgD+Qnq+lMZ3dr1uINGdalI4AWsXje0dPKpd+W8U
------END RSA PRIVATE KEY-----

From 9da51d4b1c6d17d62c7e3ba5e62979c8776d4569 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 10:01:51 +0800
Subject: [PATCH 106/174] build: delete needless auth plugins

---
 README-CN.md                                  |  2 +-
 README-JP.md                                  |  2 +-
 README-RU.md                                  |  2 +-
 README.md                                     |  2 +-
 apps/emqx_authentication/rebar.config         |  5 ++--
 apps/emqx_management/test/emqx_mgmt_SUITE.erl | 10 +++----
 .../test/emqx_mgmt_api_SUITE.erl              | 26 +++++++++----------
 deploy/docker/README.md                       | 23 ++++++++--------
 rebar.config.erl                              |  8 ------
 9 files changed, 36 insertions(+), 44 deletions(-)

diff --git a/README-CN.md b/README-CN.md
index 7d2888327..2a9dcebf6 100644
--- a/README-CN.md
+++ b/README-CN.md
@@ -101,7 +101,7 @@ make dialyzer
 
 ##### 要分析特定的应用程序，（用逗号分隔的应用程序列表）
 ```
-DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_auth_jwt,emqx_auth_ldap make dialyzer
+DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 ```
 
 ## 社区
diff --git a/README-JP.md b/README-JP.md
index b7afe8195..580a76268 100644
--- a/README-JP.md
+++ b/README-JP.md
@@ -95,7 +95,7 @@ make dialyzer
 
 ##### 特定のアプリケーションのみ解析する（アプリケーション名をコンマ区切りで入力）
 ```
-DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_auth_jwt,emqx_auth_ldap make dialyzer
+DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 ```
 
 ## コミュニティ
diff --git a/README-RU.md b/README-RU.md
index cddaba4a5..5001f3fd3 100644
--- a/README-RU.md
+++ b/README-RU.md
@@ -104,7 +104,7 @@ make dialyzer
 
 ##### Статический анализ части приложений (список через запятую)
 ```
-DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_auth_jwt,emqx_auth_ldap make dialyzer
+DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 ```
 
 ## Сообщество
diff --git a/README.md b/README.md
index 8d8ed8731..f76d7ae0a 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,7 @@ make dialyzer
 
 ##### To Analyse specific apps, (list of comma separated apps)
 ```
-DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_auth_jwt,emqx_auth_ldap make dialyzer
+DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 ```
 
 ## Community
diff --git a/apps/emqx_authentication/rebar.config b/apps/emqx_authentication/rebar.config
index 0a0af8c29..89bd1f54a 100644
--- a/apps/emqx_authentication/rebar.config
+++ b/apps/emqx_authentication/rebar.config
@@ -1,4 +1,5 @@
-{deps, []}.
+{deps, [{jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.1"}}}
+       ]}.
 
 {edoc_opts, [{preprocess, true}]}.
 {erl_opts, [warn_unused_vars,
@@ -15,4 +16,4 @@
 
 {cover_enabled, true}.
 {cover_opts, [verbose]}.
-{cover_export_enabled, true}.
\ No newline at end of file
+{cover_export_enabled, true}.
diff --git a/apps/emqx_management/test/emqx_mgmt_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
index 6826e050b..84d5f2ebb 100644
--- a/apps/emqx_management/test/emqx_mgmt_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
@@ -53,7 +53,7 @@ groups() ->
        ]}].
 
 apps() ->
-    [emqx_management, emqx_auth_mnesia, emqx_modules].
+    [emqx_management, emqx_retainer, emqx_modules].
 
 init_per_suite(Config) ->
     application:set_env(ekka, strict_mode, true),
@@ -317,12 +317,12 @@ t_plugins_cmd(_) ->
     meck:expect(emqx_plugins, reload, fun(_) -> ok end),
     ?assertEqual(emqx_mgmt_cli:plugins(["list"]), ok),
     ?assertEqual(
-       emqx_mgmt_cli:plugins(["unload", "emqx_auth_mnesia"]),
-       "Plugin emqx_auth_mnesia unloaded successfully.\n"
+       emqx_mgmt_cli:plugins(["unload", "emqx_retainer"]),
+       "Plugin emqx_retainer unloaded successfully.\n"
       ),
     ?assertEqual(
-       emqx_mgmt_cli:plugins(["load", "emqx_auth_mnesia"]),
-       "Plugin emqx_auth_mnesia loaded successfully.\n"
+       emqx_mgmt_cli:plugins(["load", "emqx_retainer"]),
+       "Plugin emqx_retainer loaded successfully.\n"
       ),
     ?assertEqual(
        emqx_mgmt_cli:plugins(["unload", "emqx_management"]),
diff --git a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
index d4d284e69..22d4f51ef 100644
--- a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
@@ -285,61 +285,61 @@ t_nodes(_) ->
     meck:unload(emqx_mgmt).
 
 t_plugins(_) ->
-    application:ensure_all_started(emqx_auth_mnesia),
+    application:ensure_all_started(emqx_retainer),
     {ok, Plugins1} = request_api(get, api_path(["plugins"]), auth_header_()),
     [Plugins11] = filter(get(<<"data">>, Plugins1), <<"node">>, atom_to_binary(node(), utf8)),
-    [Plugin1] = filter(maps:get(<<"plugins">>, Plugins11), <<"name">>, <<"emqx_auth_mnesia">>),
-    ?assertEqual(<<"emqx_auth_mnesia">>, maps:get(<<"name">>, Plugin1)),
+    [Plugin1] = filter(maps:get(<<"plugins">>, Plugins11), <<"name">>, <<"emqx_retainer">>),
+    ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin1)),
     ?assertEqual(true, maps:get(<<"active">>, Plugin1)),
 
     {ok, _} = request_api(put,
                           api_path(["plugins",
-                                    atom_to_list(emqx_auth_mnesia),
+                                    atom_to_list(emqx_retainer),
                                     "unload"]),
                           auth_header_()),
     {ok, Error1} = request_api(put,
                                api_path(["plugins",
-                                         atom_to_list(emqx_auth_mnesia),
+                                         atom_to_list(emqx_retainer),
                                          "unload"]),
                                auth_header_()),
     ?assertEqual(<<"not_started">>, get(<<"message">>, Error1)),
     {ok, Plugins2} = request_api(get,
                                  api_path(["nodes", atom_to_list(node()), "plugins"]),
                                  auth_header_()),
-    [Plugin2] = filter(get(<<"data">>, Plugins2), <<"name">>, <<"emqx_auth_mnesia">>),
-    ?assertEqual(<<"emqx_auth_mnesia">>, maps:get(<<"name">>, Plugin2)),
+    [Plugin2] = filter(get(<<"data">>, Plugins2), <<"name">>, <<"emqx_retainer">>),
+    ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin2)),
     ?assertEqual(false, maps:get(<<"active">>, Plugin2)),
 
     {ok, _} = request_api(put,
                           api_path(["nodes",
                                     atom_to_list(node()),
                                     "plugins",
-                                    atom_to_list(emqx_auth_mnesia),
+                                    atom_to_list(emqx_retainer),
                                     "load"]),
                           auth_header_()),
     {ok, Plugins3} = request_api(get,
                                  api_path(["nodes", atom_to_list(node()), "plugins"]),
                                  auth_header_()),
-    [Plugin3] = filter(get(<<"data">>, Plugins3), <<"name">>, <<"emqx_auth_mnesia">>),
-    ?assertEqual(<<"emqx_auth_mnesia">>, maps:get(<<"name">>, Plugin3)),
+    [Plugin3] = filter(get(<<"data">>, Plugins3), <<"name">>, <<"emqx_retainer">>),
+    ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin3)),
     ?assertEqual(true, maps:get(<<"active">>, Plugin3)),
 
     {ok, _} = request_api(put,
                           api_path(["nodes",
                                     atom_to_list(node()),
                                     "plugins",
-                                    atom_to_list(emqx_auth_mnesia),
+                                    atom_to_list(emqx_retainer),
                                     "unload"]),
                           auth_header_()),
     {ok, Error2} = request_api(put,
                                api_path(["nodes",
                                          atom_to_list(node()),
                                          "plugins",
-                                         atom_to_list(emqx_auth_mnesia),
+                                         atom_to_list(emqx_retainer),
                                          "unload"]),
                                auth_header_()),
     ?assertEqual(<<"not_started">>, get(<<"message">>, Error2)),
-    application:stop(emqx_auth_mnesia).
+    application:stop(emqx_retainer).
 
 t_acl_cache(_) ->
     ClientId = <<"client1">>,
diff --git a/deploy/docker/README.md b/deploy/docker/README.md
index c94794513..17fea2c9d 100644
--- a/deploy/docker/README.md
+++ b/deploy/docker/README.md
@@ -136,16 +136,16 @@ Default environment variable ``EMQX_LOADED_PLUGINS``, including
 EMQX_LOADED_PLUGINS="emqx_recon,emqx_retainer,emqx_management,emqx_dashboard"
 ```
 
-For example, set ``EMQX_LOADED_PLUGINS= emqx_auth_redis,emqx_auth_mysql`` to load these two plugins.
+For example, set ``EMQX_LOADED_PLUGINS= emqx_retainer,emqx_rule_engine`` to load these two plugins.
 
 You can use comma, space or other separator that you want.
 
 All the plugins defined in ``EMQX_LOADED_PLUGINS`` will be loaded.
 
 ```bash
-EMQX_LOADED_PLUGINS="emqx_auth_redis,emqx_auth_mysql"
-EMQX_LOADED_PLUGINS="emqx_auth_redis emqx_auth_mysql"
-EMQX_LOADED_PLUGINS="emqx_auth_redis | emqx_auth_mysql"
+EMQX_LOADED_PLUGINS="emqx_retainer,emqx_rule_engine"
+EMQX_LOADED_PLUGINS="emqx_retainer emqx_rule_engine"
+EMQX_LOADED_PLUGINS="emqx_retainer | emqx_rule_engine"
 ```
 
 #### EMQ X Plugins Configuration
@@ -155,8 +155,8 @@ The environment variables which with ``EMQX_`` prefix are mapped to all emqx plu
 Example:
 
 ```bash
-EMQX_AUTH__REDIS__SERVER   <--> auth.redis.server
-EMQX_AUTH__REDIS__PASSWORD <--> auth.redis.password
+EMQX_RETAINER__STORAGE_TYPE <--> retainer.storage_type
+EMQX_RETAINER__MAX_PAYLOAD_SIZE <--> retainer.max_payload_size
 ```
 
 Don't worry about where to find the configuration file of emqx plugins, this docker image will find and config them automatically using some magic.
@@ -166,15 +166,14 @@ All plugin of emqx project could config in this way, following the environment v
 Assume you are using redis auth plugin, for example:
 
 ```bash
-#EMQX_AUTH__REDIS__SERVER="redis.at.yourserver"
-#EMQX_AUTH__REDIS__PASSWORD="password_for_redis"
+#EMQX_RETAINER__STORAGE_TYPE = "ram"
+#EMQX_RETAINER.MAX_PAYLOAD_SIZE = 1MB
 
 docker run -d --name emqx -p 18083:18083 -p 1883:1883 -p 4369:4369 \
     -e EMQX_LISTENER__TCP__EXTERNAL=1883 \
-    -e EMQX_LOADED_PLUGINS="emqx_auth_redis" \
-    -e EMQX_AUTH__REDIS__SERVER="your.redis.server:6379" \
-    -e EMQX_AUTH__REDIS__PASSWORD="password_for_redis" \
-    -e EMQX_AUTH__REDIS__PASSWORD_HASH=plain \
+    -e EMQX_LOADED_PLUGINS="emqx_retainer" \
+    -e EMQX_RETAINER__STORAGE_TYPE = "ram" \
+    -e EMQX_RETAINER__MAX_PAYLOAD_SIZE = 1MB \
     emqx/emqx:latest
 ```
 
diff --git a/rebar.config.erl b/rebar.config.erl
index 339c848b9..4f484cb66 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -286,10 +286,6 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_coap
     , emqx_stomp
     , emqx_authentication
-    , emqx_auth_http
-    , emqx_auth_mysql
-    , emqx_auth_jwt
-    , emqx_auth_mnesia
     , emqx_web_hook
     , emqx_rule_engine
     , emqx_sasl
@@ -301,10 +297,6 @@ relx_plugin_apps(ReleaseType) ->
 
 relx_plugin_apps_per_rel(cloud) ->
     [ emqx_lwm2m
-    , emqx_auth_ldap
-    , emqx_auth_pgsql
-    , emqx_auth_redis
-    , emqx_auth_mongo
     , emqx_lua_hook
     , emqx_exhook
     , emqx_exproto

From e949cdca98a2963498cd139627651c61af52c3ab Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 10:58:16 +0800
Subject: [PATCH 107/174] chore: delete import and export feature

---
 apps/emqx_authentication/rebar.config         |   3 +-
 apps/emqx_connector/rebar.config              |  16 +-
 .../src/emqx_mgmt_api_data.erl                | 186 -----
 apps/emqx_management/src/emqx_mgmt_cli.erl    |  31 -
 .../src/emqx_mgmt_data_backup.erl             | 739 ------------------
 .../test/emqx_auth_mnesia_migration_SUITE.erl | 176 -----
 .../make_data.sh                              | 134 ----
 .../v4.0.11-no-auth.json                      |  23 -
 .../v4.0.11.json                              |  28 -
 .../v4.0.13.json                              |  37 -
 .../v4.1.5.json                               |  58 --
 .../v4.2.10-no-auth.json                      |  29 -
 .../v4.2.10.json                              |  53 --
 .../v4.2.11.json                              |  58 --
 rebar.config                                  |   1 -
 15 files changed, 16 insertions(+), 1556 deletions(-)
 delete mode 100644 apps/emqx_management/src/emqx_mgmt_api_data.erl
 delete mode 100644 apps/emqx_management/src/emqx_mgmt_data_backup.erl
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl
 delete mode 100755 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/make_data.sh
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11-no-auth.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.13.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.1.5.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10-no-auth.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10.json
 delete mode 100644 apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.11.json

diff --git a/apps/emqx_authentication/rebar.config b/apps/emqx_authentication/rebar.config
index 89bd1f54a..73696b033 100644
--- a/apps/emqx_authentication/rebar.config
+++ b/apps/emqx_authentication/rebar.config
@@ -1,5 +1,4 @@
-{deps, [{jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.1"}}}
-       ]}.
+{deps, []}.
 
 {edoc_opts, [{preprocess, true}]}.
 {erl_opts, [warn_unused_vars,
diff --git a/apps/emqx_connector/rebar.config b/apps/emqx_connector/rebar.config
index 53b5c63e8..633b427cf 100644
--- a/apps/emqx_connector/rebar.config
+++ b/apps/emqx_connector/rebar.config
@@ -4,7 +4,21 @@
 ]}.
 
 {deps, [
-  {mysql, {git, "https://github.com/emqx/mysql-otp", {tag, "1.7.1"}}}
+  {jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.1"}}},
+  {eldap2, {git, "https://github.com/emqx/eldap2", {tag, "v0.2.2"}}},
+  {mysql, {git, "https://github.com/emqx/mysql-otp", {tag, "1.7.1"}}},
+  {epgsql, {git, "https://github.com/epgsql/epgsql", {tag, "4.4.0"}}},
+  %% NOTE: mind poolboy version when updating mongodb-erlang version
+  {mongodb, {git,"https://github.com/emqx/mongodb-erlang", {tag, "v3.0.7"}}},
+  %% NOTE: mind poolboy version when updating eredis_cluster version
+  {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.6"}}},
+  %% mongodb-erlang uses a special fork https://github.com/comtihon/poolboy.git
+  %% (which has overflow_ttl feature added).
+  %% However, it references `{branch, "master}` (commit 9c06a9a on 2021-04-07).
+  %% By accident, We have always been using the upstream fork due to
+  %% eredis_cluster's dependency getting resolved earlier.
+  %% Here we pin 1.5.2 to avoid surprises in the future.
+  {poolboy, {git, "https://github.com/emqx/poolboy.git", {tag, "1.5.2"}}}
 ]}.
 
 {shell, [
diff --git a/apps/emqx_management/src/emqx_mgmt_api_data.erl b/apps/emqx_management/src/emqx_mgmt_api_data.erl
deleted file mode 100644
index e389a1313..000000000
--- a/apps/emqx_management/src/emqx_mgmt_api_data.erl
+++ /dev/null
@@ -1,186 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mgmt_api_data).
-
--include_lib("emqx/include/emqx.hrl").
-
--include_lib("kernel/include/file.hrl").
-
--include("emqx_mgmt.hrl").
-
--rest_api(#{name   => export,
-            method => 'POST',
-            path   => "/data/export",
-            func   => export,
-            descr  => "Export data"}).
-
--rest_api(#{name   => list_exported,
-            method => 'GET',
-            path   => "/data/export",
-            func   => list_exported,
-            descr  => "List exported file"}).
-
--rest_api(#{name   => import,
-            method => 'POST',
-            path   => "/data/import",
-            func   => import,
-            descr  => "Import data"}).
-
--rest_api(#{name   => download,
-            method => 'GET',
-            path   => "/data/file/:filename",
-            func   => download,
-            descr  => "Download data file to local"}).
-
--rest_api(#{name   => upload,
-            method => 'POST',
-            path   => "/data/file",
-            func   => upload,
-            descr  => "Upload data file from local"}).
-
--rest_api(#{name   => delete,
-            method => 'DELETE',
-            path   => "/data/file/:filename",
-            func   => delete,
-            descr  => "Delete data file"}).
-
--export([ export/2
-        , list_exported/2
-        , import/2
-        , download/2
-        , upload/2
-        , delete/2
-        ]).
-
--export([ get_list_exported/0
-        , do_import/1
-        ]).
-
-export(_Bindings, _Params) ->
-    case emqx_mgmt_data_backup:export() of
-        {ok, File = #{filename := Filename}} ->
-            minirest:return({ok, File#{filename => filename:basename(Filename)}});
-        Return -> minirest:return(Return)
-    end.
-
-list_exported(_Bindings, _Params) ->
-    List = [ rpc:call(Node, ?MODULE, get_list_exported, []) || Node <- ekka_mnesia:running_nodes() ],
-    NList = lists:map(fun({_, FileInfo}) -> FileInfo end, lists:keysort(1, lists:append(List))),
-    minirest:return({ok, NList}).
-
-get_list_exported() ->
-    Dir = emqx:get_env(data_dir),
-    {ok, Files} = file:list_dir_all(Dir),
-    lists:foldl(
-        fun(File, Acc) ->
-            case filename:extension(File) =:= ".json" of
-                true ->
-                    FullFile = filename:join([Dir, File]),
-                    case file:read_file_info(FullFile) of
-                        {ok, #file_info{size = Size, ctime = CTime = {{Y, M, D}, {H, MM, S}}}} ->
-                            CreatedAt = io_lib:format("~p-~p-~p ~p:~p:~p", [Y, M, D, H, MM, S]),
-                            Seconds = calendar:datetime_to_gregorian_seconds(CTime),
-                            [{Seconds, [{filename, list_to_binary(File)},
-                                        {size, Size},
-                                        {created_at, list_to_binary(CreatedAt)},
-                                        {node, node()}
-                                       ]} | Acc];
-                        {error, Reason} ->
-                            logger:error("Read file info of ~s failed with: ~p", [File, Reason]),
-                            Acc
-                    end;
-                false -> Acc
-            end
-        end, [], Files).
-
-import(_Bindings, Params) ->
-    case proplists:get_value(<<"filename">>, Params) of
-        undefined ->
-            Result = import_content(Params),
-            minirest:return(Result);
-        Filename ->
-            case proplists:get_value(<<"node">>, Params) of
-                undefined ->
-                    Result = do_import(Filename),
-                    minirest:return(Result);
-                Node ->
-                    case lists:member(Node,
-                          [ erlang:atom_to_binary(N, utf8) || N <- ekka_mnesia:running_nodes() ]
-                         ) of
-                        true -> minirest:return(rpc:call(erlang:binary_to_atom(Node, utf8), ?MODULE, do_import, [Filename]));
-                        false -> minirest:return({error, no_existent_node})
-                    end
-            end
-    end.
-
-do_import(Filename) ->
-    FullFilename = fullname(Filename),
-    emqx_mgmt_data_backup:import(FullFilename, "{}").
-
-download(#{filename := Filename}, _Params) ->
-    FullFilename = fullname(Filename),
-    case file:read_file(FullFilename) of
-        {ok, Bin} ->
-            {ok, #{filename => list_to_binary(Filename),
-                   file => Bin}};
-        {error, Reason} ->
-            minirest:return({error, Reason})
-    end.
-
-upload(Bindings, Params) ->
-    do_upload(Bindings, maps:from_list(Params)).
-
-do_upload(_Bindings, #{<<"filename">> := Filename,
-                       <<"file">> := Bin}) ->
-    FullFilename = fullname(Filename),
-    case file:write_file(FullFilename, Bin) of
-        ok ->
-            minirest:return({ok, [{node, node()}]});
-        {error, Reason} ->
-            minirest:return({error, Reason})
-    end;
-do_upload(Bindings, Params = #{<<"file">> := _}) ->
-    do_upload(Bindings, Params#{<<"filename">> => tmp_filename()});
-do_upload(_Bindings, _Params) ->
-    minirest:return({error, missing_required_params}).
-
-delete(#{filename := Filename}, _Params) ->
-    FullFilename = fullname(Filename),
-    case file:delete(FullFilename) of
-        ok ->
-            minirest:return();
-        {error, Reason} ->
-            minirest:return({error, Reason})
-    end.
-
-import_content(Content) ->
-    File = dump_to_tmp_file(Content),
-    do_import(File).
-
-dump_to_tmp_file(Content) ->
-    Bin = emqx_json:encode(Content),
-    Filename = tmp_filename(),
-    ok = file:write_file(fullname(Filename), Bin),
-    Filename.
-
-fullname(Name) ->
-    filename:join(emqx:get_env(data_dir), Name).
-
-tmp_filename() ->
-    Seconds = erlang:system_time(second),
-    {{Y, M, D}, {H, MM, S}} = emqx_mgmt_util:datetime(Seconds),
-    io_lib:format("emqx-export-~p-~p-~p-~p-~p-~p.json", [Y, M, D, H, MM, S]).
diff --git a/apps/emqx_management/src/emqx_mgmt_cli.erl b/apps/emqx_management/src/emqx_mgmt_cli.erl
index 77fe96182..e70def3ee 100644
--- a/apps/emqx_management/src/emqx_mgmt_cli.erl
+++ b/apps/emqx_management/src/emqx_mgmt_cli.erl
@@ -38,7 +38,6 @@
         , trace/1
         , log/1
         , mgmt/1
-        , data/1
         , acl/1
         ]).
 
@@ -544,36 +543,6 @@ stop_listener(#{listen_on := ListenOn} = Listener, _Input) ->
                            [ID, ListenOnStr, Reason])
     end.
 
-%%--------------------------------------------------------------------
-%% @doc data Command
-
-data(["export"]) ->
-    case emqx_mgmt_data_backup:export() of
-        {ok, #{filename := Filename}} ->
-            emqx_ctl:print("The emqx data has been successfully exported to ~s.~n", [Filename]);
-        {error, Reason} ->
-            emqx_ctl:print("The emqx data export failed due to ~p.~n", [Reason])
-    end;
-
-data(["import", Filename]) ->
-    data(["import", Filename, "--env", "{}"]);
-data(["import", Filename, "--env", Env]) ->
-    case emqx_mgmt_data_backup:import(Filename, Env) of
-        ok ->
-            emqx_ctl:print("The emqx data has been imported successfully.~n");
-        {error, import_failed} ->
-            emqx_ctl:print("The emqx data import failed.~n");
-        {error, unsupported_version} ->
-            emqx_ctl:print("The emqx data import failed: Unsupported version.~n");
-        {error, Reason} ->
-            emqx_ctl:print("The emqx data import failed: ~0p while reading ~s.~n", [Reason, Filename])
-    end;
-
-data(_) ->
-    emqx_ctl:usage([{"data import <File> [--env '<json>']",
-                     "Import data from the specified file, possibly with overrides"},
-                    {"data export", "Export data"}]).
-
 %%--------------------------------------------------------------------
 %% @doc acl Command
 
diff --git a/apps/emqx_management/src/emqx_mgmt_data_backup.erl b/apps/emqx_management/src/emqx_mgmt_data_backup.erl
deleted file mode 100644
index 71a92686e..000000000
--- a/apps/emqx_management/src/emqx_mgmt_data_backup.erl
+++ /dev/null
@@ -1,739 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mgmt_data_backup).
-
--include("emqx_mgmt.hrl").
--include_lib("emqx_rule_engine/include/rule_engine.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("kernel/include/file.hrl").
-
--ifdef(EMQX_ENTERPRISE).
--export([ export_modules/0
-        , export_schemas/0
-        , export_confs/0
-        , import_modules/1
-        , import_schemas/1
-        , import_confs/2
-        ]).
--endif.
-
--export([ export_rules/0
-        , export_resources/0
-        , export_blacklist/0
-        , export_applications/0
-        , export_users/0
-        , export_auth_mnesia/0
-        , export_acl_mnesia/0
-        , import_resources_and_rules/3
-        , import_rules/1
-        , import_resources/1
-        , import_blacklist/1
-        , import_applications/1
-        , import_users/1
-        , import_auth_clientid/1 %% BACKW: 4.1.x
-        , import_auth_username/1 %% BACKW: 4.1.x
-        , import_auth_mnesia/2
-        , import_acl_mnesia/2
-        , to_version/1
-        ]).
-
--export([ export/0
-        , import/2
-        ]).
-
-%%--------------------------------------------------------------------
-%% Data Export and Import
-%%--------------------------------------------------------------------
-
-export_rules() ->
-    lists:map(fun(#rule{id = RuleId,
-                        rawsql = RawSQL,
-                        actions = Actions,
-                        enabled = Enabled,
-                        description = Desc}) ->
-                   [{id, RuleId},
-                    {rawsql, RawSQL},
-                    {actions, actions_to_prop_list(Actions)},
-                    {enabled, Enabled},
-                    {description, Desc}]
-               end, emqx_rule_registry:get_rules()).
-
-export_resources() ->
-    lists:map(fun(#resource{id = Id,
-                            type = Type,
-                            config = Config,
-                            created_at = CreatedAt,
-                            description = Desc}) ->
-                   NCreatedAt = case CreatedAt of
-                                    undefined -> null;
-                                    _ -> CreatedAt
-                                end,
-                   [{id, Id},
-                    {type, Type},
-                    {config, maps:to_list(Config)},
-                    {created_at, NCreatedAt},
-                    {description, Desc}]
-               end, emqx_rule_registry:get_resources()).
-
-export_blacklist() ->
-    lists:map(fun(#banned{who = Who, by = By, reason = Reason, at = At, until = Until}) ->
-                  NWho = case Who of
-                             {peerhost, Peerhost} -> {peerhost, inet:ntoa(Peerhost)};
-                             _ -> Who
-                         end,
-                  [{who, [NWho]}, {by, By}, {reason, Reason}, {at, At}, {until, Until}]
-              end, ets:tab2list(emqx_banned)).
-
-export_applications() ->
-    lists:map(fun({_, AppID, AppSecret, Name, Desc, Status, Expired}) ->
-                  [{id, AppID}, {secret, AppSecret}, {name, Name}, {desc, Desc}, {status, Status}, {expired, Expired}]
-              end, ets:tab2list(mqtt_app)).
-
-export_users() ->
-    lists:map(fun({_, Username, Password, Tags}) ->
-                  [{username, Username}, {password, base64:encode(Password)}, {tags, Tags}]
-              end, ets:tab2list(mqtt_admin)).
-
-export_auth_mnesia() ->
-    case ets:info(emqx_user) of
-        undefined -> [];
-        _ ->
-            lists:map(fun({_, {Type, Login}, Password, CreatedAt}) ->
-                          [{login, Login}, {type, Type}, {password, base64:encode(Password)}, {created_at, CreatedAt}]
-                      end, ets:tab2list(emqx_user))
-    end.
-
-export_acl_mnesia() ->
-    case ets:info(emqx_acl) of
-        undefined -> [];
-        _ ->
-            lists:map(fun({_, Filter, Action, Access, CreatedAt}) ->
-                          Filter1 = case Filter of
-                              {{Type, TypeValue}, Topic} ->
-                                  [{type, Type}, {type_value, TypeValue}, {topic, Topic}];
-                              {Type, Topic} ->
-                                  [{type, Type}, {topic, Topic}]
-                          end,
-                          Filter1 ++ [{action, Action}, {access, Access}, {created_at, CreatedAt}]
-                      end, ets:tab2list(emqx_acl))
-    end.
-
--ifdef(EMQX_ENTERPRISE).
-export_modules() ->
-    case ets:info(emqx_modules) of
-        undefined -> [];
-        _ ->
-           lists:map(fun({_, Id, Type, Config, Enabled, CreatedAt, Description}) ->
-                          [{id, Id},
-                           {type, Type},
-                           {config, Config},
-                           {enabled, Enabled},
-                           {created_at, CreatedAt},
-                           {description, Description}
-                          ]
-                      end, ets:tab2list(emqx_modules))
-    end.
-
-export_schemas() ->
-    case ets:info(emqx_schema) of
-        undefined -> [];
-        _ ->
-            [emqx_schema_api:format_schema(Schema) || Schema <- emqx_schema_registry:get_all_schemas()]
-    end.
-
-export_confs() ->
-    case ets:info(emqx_conf_info) of
-        undefined -> {[], []};
-        _ ->
-            {lists:map(fun({_, Key, Confs}) ->
-                case Key of
-                    {_Zone, Name} ->
-                        [{zone, list_to_binary(Name)},
-                         {confs, confs_to_binary(Confs)}];
-                    {_Listener, Type, Name} ->
-                        [{type, list_to_binary(Type)},
-                         {name, list_to_binary(Name)},
-                         {confs, confs_to_binary(Confs)}];
-                    Name ->
-                        [{name, list_to_binary(Name)},
-                         {confs, confs_to_binary(Confs)}]
-                end
-            end, ets:tab2list(emqx_conf_b)),
-            lists:map(fun({_, {_Listener, Type, Name}, Status}) ->
-                [{type, list_to_binary(Type)},
-                 {name, list_to_binary(Name)},
-                 {status, Status}]
-            end, ets:tab2list(emqx_listeners_state))}
-    end.
-
-confs_to_binary(Confs) ->
-    [{list_to_binary(Key), list_to_binary(Val)} || {Key, Val} <-Confs].
-
--endif.
-
-import_rule(#{<<"id">> := RuleId,
-              <<"rawsql">> := RawSQL,
-              <<"actions">> := Actions,
-              <<"enabled">> := Enabled,
-              <<"description">> := Desc}) ->
-    Rule = #{id => RuleId,
-             rawsql => RawSQL,
-             actions => map_to_actions(Actions),
-             enabled => Enabled,
-             description => Desc},
-    try emqx_rule_engine:create_rule(Rule)
-    catch throw:{resource_not_initialized, _ResId} ->
-        emqx_rule_engine:create_rule(Rule#{enabled => false})
-    end.
-
-map_to_actions(Maps) ->
-    [map_to_action(M) || M <- Maps].
-
-map_to_action(Map = #{<<"id">> := ActionInstId, <<"name">> := Name, <<"args">> := Args}) ->
-    #{id => ActionInstId,
-      name => any_to_atom(Name),
-      args => Args,
-      fallbacks => map_to_actions(maps:get(<<"fallbacks">>, Map, []))}.
-
-
-import_rules(Rules) ->
-    lists:foreach(fun(Rule) ->
-                      import_rule(Rule)
-                  end, Rules).
-
-import_resources(Reources) ->
-    lists:foreach(fun(Resource) ->
-                      import_resource(Resource)
-                  end, Reources).
-
-import_resource(#{<<"id">> := Id,
-                  <<"type">> := Type,
-                  <<"config">> := Config,
-                  <<"created_at">> := CreatedAt,
-                  <<"description">> := Desc}) ->
-    NCreatedAt = case CreatedAt of
-                     null -> undefined;
-                     _ -> CreatedAt
-                 end,
-    emqx_rule_engine:create_resource(#{id => Id,
-                                       type => any_to_atom(Type),
-                                       config => Config,
-                                       created_at => NCreatedAt,
-                                       description => Desc}).
-import_resources_and_rules(Resources, Rules, FromVersion)
-  when FromVersion =:= "4.0" orelse
-       FromVersion =:= "4.1" orelse
-       FromVersion =:= "4.2" ->
-    Configs = lists:foldl(fun compatible_version/2 , [], Resources),
-    lists:foreach(fun(#{<<"actions">> := Actions} = Rule) ->
-                      NActions = apply_new_config(Actions, Configs),
-                      import_rule(Rule#{<<"actions">> := NActions})
-                  end, Rules);
-import_resources_and_rules(Resources, Rules, _FromVersion) ->
-    import_resources(Resources),
-    import_rules(Rules).
-
-%% 4.2.5 +
-compatible_version(#{<<"id">> := ID,
-                     <<"type">> := <<"web_hook">>,
-                     <<"config">> := #{<<"connect_timeout">> := ConnectTimeout,
-                                       <<"content_type">> := ContentType,
-                                       <<"headers">> := Headers,
-                                       <<"method">> := Method,
-                                       <<"pool_size">> := PoolSize,
-                                       <<"request_timeout">> := RequestTimeout,
-                                       <<"url">> := URL}} = Resource, Acc) ->
-    CovertFun = fun(Int) ->
-        list_to_binary(integer_to_list(Int) ++ "s")
-    end,
-    Cfg = make_new_config(#{<<"pool_size">> => PoolSize,
-                            <<"connect_timeout">> => CovertFun(ConnectTimeout),
-                            <<"request_timeout">> => CovertFun(RequestTimeout),
-                            <<"url">> => URL}),
-    {ok, _Resource} = import_resource(Resource#{<<"config">> := Cfg}),
-    NHeaders = maps:put(<<"content-type">>, ContentType, covert_empty_headers(Headers)),
-    [{ID, #{headers => NHeaders, method => Method}} | Acc];
-% 4.2.0
-compatible_version(#{<<"id">> := ID,
-                    <<"type">> := <<"web_hook">>,
-                    <<"config">> := #{<<"headers">> := Headers,
-                                    <<"method">> := Method,%% 4.2.0 Different here
-                                    <<"url">> := URL}} = Resource, Acc) ->
-    Cfg = make_new_config(#{<<"url">> => URL}),
-    {ok, _Resource} = import_resource(Resource#{<<"config">> := Cfg}),
-    NHeaders = maps:put(<<"content-type">>, <<"application/json">> , covert_empty_headers(Headers)),
-    [{ID, #{headers => NHeaders, method => Method}} | Acc];
-
-%% bridge mqtt
-%% 4.2.0 - 4.2.5 bridge_mqtt, ssl enabled from on/off to true/false
-compatible_version(#{<<"type">> := <<"bridge_mqtt">>,
-                     <<"id">> := ID, %% begin 4.2.0.
-                     <<"config">> := #{<<"ssl">> := Ssl} = Config} = Resource, Acc) ->
-    NewConfig = Config#{<<"ssl">> := flag_to_boolean(Ssl),
-                        <<"pool_size">> => case maps:get(<<"pool_size">>, Config, undefined) of %% 4.0.x, compatible `pool_size`
-                                                undefined -> 8;
-                                                PoolSize -> PoolSize
-                                            end},
-    {ok, _Resource} = import_resource(Resource#{<<"config">> := NewConfig}),
-    [{ID, NewConfig} | Acc];
-
-% 4.2.3, add :content_type
-compatible_version(#{<<"id">> := ID,
-                    <<"type">> := <<"web_hook">>,
-                    <<"config">> := #{<<"headers">> := Headers,
-                                      <<"content_type">> := ContentType,%% 4.2.3 Different here
-                                      <<"method">> := Method,
-                                      <<"url">> := URL}} = Resource, Acc) ->
-    Cfg = make_new_config(#{<<"url">> => URL}),
-    {ok, _Resource} = import_resource(Resource#{<<"config">> := Cfg}),
-    NHeaders = maps:put(<<"content-type">>, ContentType, covert_empty_headers(Headers)),
-    [{ID, #{headers => NHeaders, method => Method}} | Acc];
-% normal version
-compatible_version(Resource, Acc) ->
-    {ok, _Resource} = import_resource(Resource),
-    Acc.
-
-make_new_config(Cfg) ->
-    Config = #{<<"pool_size">> => 8,
-               <<"connect_timeout">> => <<"5s">>,
-               <<"request_timeout">> => <<"5s">>,
-               <<"cacertfile">> => <<>>,
-               <<"certfile">> => <<>>,
-               <<"keyfile">> => <<>>,
-               <<"verify">> => false},
-    maps:merge(Cfg, Config).
-
-apply_new_config(Actions, Configs) ->
-    apply_new_config(Actions, Configs, []).
-
-apply_new_config([], _Configs, Acc) ->
-    Acc;
-apply_new_config(Actions, [], []) ->
-    Actions;
-apply_new_config([Action = #{<<"name">> := <<"data_to_webserver">>,
-                             <<"args">> := #{<<"$resource">> := ID,
-                                            <<"path">> := Path,
-                                            <<"payload_tmpl">> := PayloadTmpl}} | More], Configs, Acc) ->
-    case proplists:get_value(ID, Configs, undefined) of
-        undefined ->
-            apply_new_config(More, Configs, [Action | Acc]);
-        #{headers := Headers, method := Method} ->
-            Args = #{<<"$resource">> => ID,
-                     <<"body">> => PayloadTmpl,
-                     <<"headers">> => Headers,
-                     <<"method">> => Method,
-                     <<"path">> => Path},
-            apply_new_config(More, Configs, [Action#{<<"args">> := Args} | Acc])
-    end;
-
-apply_new_config([Action = #{<<"args">> := #{<<"$resource">> := ResourceId,
-                                             <<"forward_topic">> := ForwardTopic,
-                                             <<"payload_tmpl">> := PayloadTmpl},
-                           <<"fallbacks">> := _Fallbacks,
-                           <<"id">> := _Id,
-                           <<"name">> := <<"data_to_mqtt_broker">>} | More], Configs, Acc) ->
-            Args = #{<<"$resource">> => ResourceId,
-                     <<"payload_tmpl">> => PayloadTmpl,
-                     <<"forward_topic">> => ForwardTopic},
-            apply_new_config(More, Configs, [Action#{<<"args">> := Args} | Acc]).
-
-
-actions_to_prop_list(Actions) ->
-    [action_to_prop_list(Act) || Act <- Actions].
-
-action_to_prop_list({action_instance, ActionInstId, Name, FallbackActions, Args}) ->
-    [{id, ActionInstId},
-     {name, Name},
-     {fallbacks, actions_to_prop_list(FallbackActions)},
-     {args, Args}].
-
-import_blacklist(Blacklist) ->
-    lists:foreach(fun(#{<<"who">> := Who,
-                        <<"by">> := By,
-                        <<"reason">> := Reason,
-                        <<"at">> := At,
-                        <<"until">> := Until}) ->
-                      NWho = case Who of
-                                 #{<<"peerhost">> := Peerhost} ->
-                                     {ok, NPeerhost} = inet:parse_address(Peerhost),
-                                     {peerhost, NPeerhost};
-                                 #{<<"clientid">> := ClientId} -> {clientid, ClientId};
-                                 #{<<"username">> := Username} -> {username, Username}
-                             end,
-                     emqx_banned:create(#banned{who = NWho, by = By, reason = Reason, at = At, until = Until})
-                  end, Blacklist).
-
-import_applications(Apps) ->
-    lists:foreach(fun(#{<<"id">> := AppID,
-                        <<"secret">> := AppSecret,
-                        <<"name">> := Name,
-                        <<"desc">> := Desc,
-                        <<"status">> := Status,
-                        <<"expired">> := Expired}) ->
-                      NExpired = case is_integer(Expired) of
-                                     true -> Expired;
-                                     false -> undefined
-                                 end,
-                      emqx_mgmt_auth:force_add_app(AppID, Name, AppSecret, Desc, Status, NExpired)
-                  end, Apps).
-
-import_users(Users) ->
-    lists:foreach(fun(#{<<"username">> := Username,
-                        <<"password">> := Password,
-                        <<"tags">> := Tags}) ->
-                      NPassword = base64:decode(Password),
-                      emqx_dashboard_admin:force_add_user(Username, NPassword, Tags)
-                  end, Users).
-
-import_auth_clientid(Lists) ->
-    case ets:info(emqx_user) of
-        undefined -> ok;
-        _ ->
-            lists:foreach(fun(#{<<"clientid">> := Clientid, <<"password">> := Password}) ->
-                                  mnesia:dirty_write({emqx_user, {clientid, Clientid}
-                                                               , base64:decode(Password)
-                                                               , erlang:system_time(millisecond)})
-                          end, Lists)
-    end.
-
-import_auth_username(Lists) ->
-    case ets:info(emqx_user) of
-        undefined -> ok;
-        _ ->
-            lists:foreach(fun(#{<<"username">> := Username, <<"password">> := Password}) ->
-                            mnesia:dirty_write({emqx_user, {username, Username}, base64:decode(Password), erlang:system_time(millisecond)})
-                          end, Lists)
-    end.
-
--ifdef(EMQX_ENTERPRISE).
-import_auth_mnesia(Auths, FromVersion) when FromVersion =:= "4.0" orelse
-                                            FromVersion =:= "4.1" ->
-    do_import_auth_mnesia_by_old_data(Auths);
-import_auth_mnesia(Auths, _) ->
-    do_import_auth_mnesia(Auths).
-
-import_acl_mnesia(Acls, FromVersion) when FromVersion =:= "4.0" orelse
-                                          FromVersion =:= "4.1" ->
-    do_import_acl_mnesia_by_old_data(Acls);
-
-import_acl_mnesia(Acls, _) ->
-    do_import_acl_mnesia(Acls).
--else.
-import_auth_mnesia(Auths, FromVersion) when FromVersion =:= "4.3" ->
-    do_import_auth_mnesia(Auths);
-import_auth_mnesia(Auths, _FromVersion) ->
-    do_import_auth_mnesia_by_old_data(Auths).
-
-import_acl_mnesia(Acls, FromVersion) when FromVersion =:= "4.3" ->
-    do_import_acl_mnesia(Acls);
-import_acl_mnesia(Acls, _FromVersion) ->
-    do_import_acl_mnesia_by_old_data(Acls).
-
--endif.
-
-do_import_auth_mnesia_by_old_data(Auths) ->
-    case ets:info(emqx_user) of
-        undefined -> ok;
-        _ ->
-            CreatedAt = erlang:system_time(millisecond),
-            lists:foreach(fun(#{<<"login">> := Login,
-                                <<"password">> := Password}) ->
-                            mnesia:dirty_write({emqx_user, {get_old_type(), Login}, base64:decode(Password), CreatedAt})
-                          end, Auths)
-    end.
-
-
-do_import_auth_mnesia(Auths) ->
-    case ets:info(emqx_user) of
-        undefined -> ok;
-        _ ->
-            lists:foreach(fun(#{<<"login">> := Login,
-                                <<"type">> := Type,
-                                <<"password">> := Password } = Map) ->
-                            CreatedAt = maps:get(<<"created_at">>, Map, erlang:system_time(millisecond)),
-                            mnesia:dirty_write({emqx_user, {any_to_atom(Type), Login}, base64:decode(Password), CreatedAt})
-                          end, Auths)
-    end.
-
-do_import_acl_mnesia_by_old_data(Acls) ->
-    case ets:info(emqx_acl) of
-        undefined -> ok;
-        _ ->
-            CreatedAt = erlang:system_time(millisecond),
-            lists:foreach(fun(#{<<"login">> := Login,
-                                <<"topic">> := Topic,
-                                <<"allow">> := Allow,
-                                <<"action">> := Action}) ->
-                            Allow1 = case any_to_atom(Allow) of
-                                         true -> allow;
-                                         false -> deny
-                                     end,
-                            mnesia:dirty_write({emqx_acl, {{get_old_type(), Login}, Topic}, any_to_atom(Action), Allow1, CreatedAt})
-                          end, Acls)
-    end.
-do_import_acl_mnesia(Acls) ->
-    case ets:info(emqx_acl) of
-        undefined -> ok;
-        _ ->
-            lists:foreach(fun(Map = #{<<"action">> := Action,
-                                      <<"access">> := Access}) ->
-                            Topic = maps:get(<<"topic">>, Map),
-                            Login = case maps:get(<<"type_value">>, Map, undefined) of
-                                undefined ->
-                                    all;
-                                Value ->
-                                    {any_to_atom(maps:get(<<"type">>, Map)), Value}
-                            end,
-                            emqx_acl_mnesia_cli:add_acl(Login, Topic, any_to_atom(Action), any_to_atom(Access))
-                          end, Acls)
-    end.
-
--ifdef(EMQX_ENTERPRISE).
--dialyzer({nowarn_function, [import_modules/1]}).
-import_modules(Modules) ->
-    case ets:info(emqx_modules) of
-        undefined ->
-            ok;
-        _ ->
-           lists:foreach(fun(#{<<"id">> := Id,
-                               <<"type">> := Type,
-                               <<"config">> := Config,
-                               <<"enabled">> := Enabled,
-                               <<"created_at">> := CreatedAt,
-                               <<"description">> := Description}) ->
-                            _ = emqx_modules:import_module({Id, any_to_atom(Type), Config, Enabled, CreatedAt, Description})
-                         end, Modules)
-    end.
-
-
-import_schemas(Schemas) ->
-    case ets:info(emqx_schema) of
-        undefined -> ok;
-        _ -> [emqx_schema_registry:add_schema(emqx_schema_api:make_schema_params(Schema)) || Schema <- Schemas]
-    end.
-
-import_confs(Configs, ListenersState) ->
-    case ets:info(emqx_conf_info) of
-        undefined -> ok;
-        _ ->
-            emqx_conf:import_confs(Configs, ListenersState)
-    end.
-
--endif.
-
-any_to_atom(L) when is_list(L) -> list_to_atom(L);
-any_to_atom(B) when is_binary(B) -> binary_to_atom(B, utf8);
-any_to_atom(A) when is_atom(A) -> A.
-
-to_version(Version) when is_integer(Version) ->
-    integer_to_list(Version);
-to_version(Version) when is_binary(Version) ->
-    binary_to_list(Version);
-to_version(Version) when is_list(Version) ->
-    Version.
-
-export() ->
-    Seconds = erlang:system_time(second),
-    Data = do_export_data() ++ [{date, erlang:list_to_binary(emqx_mgmt_util:strftime(Seconds))}],
-    {{Y, M, D}, {H, MM, S}} = emqx_mgmt_util:datetime(Seconds),
-    Filename = io_lib:format("emqx-export-~p-~p-~p-~p-~p-~p.json", [Y, M, D, H, MM, S]),
-    NFilename = filename:join([emqx:get_env(data_dir), Filename]),
-    ok = filelib:ensure_dir(NFilename),
-    case file:write_file(NFilename, emqx_json:encode(Data)) of
-        ok ->
-            case file:read_file_info(NFilename) of
-                {ok, #file_info{size = Size, ctime = {{Y1, M1, D1}, {H1, MM1, S1}}}} ->
-                    CreatedAt = io_lib:format("~p-~p-~p ~p:~p:~p", [Y1, M1, D1, H1, MM1, S1]),
-                    {ok, #{filename => list_to_binary(NFilename),
-                           size => Size,
-                           created_at => list_to_binary(CreatedAt),
-                           node => node()
-                          }};
-                Error -> Error
-            end;
-        Error -> Error
-    end.
-
-do_export_data() ->
-    Version = string:sub_string(emqx_sys:version(), 1, 3),
-    [{version, erlang:list_to_binary(Version)},
-     {rules, export_rules()},
-     {resources, export_resources()},
-     {blacklist, export_blacklist()},
-     {apps, export_applications()},
-     {users, export_users()},
-     {auth_mnesia, export_auth_mnesia()},
-     {acl_mnesia, export_acl_mnesia()}
-     ] ++ do_export_extra_data().
-
--ifdef(EMQX_ENTERPRISE).
-do_export_extra_data() ->
-    {Configs, State} = export_confs(),
-    [{modules, export_modules()},
-     {schemas, export_schemas()},
-     {configs, Configs},
-     {listeners_state, State}
-    ].
--else.
-do_export_extra_data() -> [].
--endif.
-
--ifdef(EMQX_ENTERPRISE).
-import(Filename, OverridesJson) ->
-    case file:read_file(Filename) of
-        {ok, Json} ->
-            Imported = emqx_json:decode(Json, [return_maps]),
-            Overrides = emqx_json:decode(OverridesJson, [return_maps]),
-            Data = maps:merge(Imported, Overrides),
-            Version = to_version(maps:get(<<"version">>, Data)),
-            read_global_auth_type(Data),
-            try
-                do_import_data(Data, Version),
-                logger:debug("The emqx data has been imported successfully"),
-                ok
-            catch Class:Reason:Stack ->
-                logger:error("The emqx data import failed: ~0p", [{Class, Reason, Stack}]),
-                {error, import_failed}
-            end;
-        Error -> Error
-    end.
--else.
-import(Filename, OverridesJson) ->
-    case file:read_file(Filename) of
-        {ok, Json} ->
-            Imported = emqx_json:decode(Json, [return_maps]),
-            Overrides = emqx_json:decode(OverridesJson, [return_maps]),
-            Data = maps:merge(Imported, Overrides),
-            Version = to_version(maps:get(<<"version">>, Data)),
-            read_global_auth_type(Data),
-            case is_version_supported(Data, Version) of
-                true  ->
-                    try
-                        do_import_data(Data, Version),
-                        logger:debug("The emqx data has been imported successfully"),
-                        ok
-                    catch Class:Reason:Stack ->
-                        logger:error("The emqx data import failed: ~0p", [{Class, Reason, Stack}]),
-                        {error, import_failed}
-                    end;
-                false ->
-                    logger:error("Unsupported version: ~p", [Version]),
-                    {error, unsupported_version, Version}
-            end;
-        Error -> Error
-    end.
--endif.
-
-do_import_data(Data, Version) ->
-    do_import_extra_data(Data, Version),
-    import_resources_and_rules(maps:get(<<"resources">>, Data, []), maps:get(<<"rules">>, Data, []), Version),
-    import_blacklist(maps:get(<<"blacklist">>, Data, [])),
-    import_applications(maps:get(<<"apps">>, Data, [])),
-    import_users(maps:get(<<"users">>, Data, [])),
-    import_auth_clientid(maps:get(<<"auth_clientid">>, Data, [])),
-    import_auth_username(maps:get(<<"auth_username">>, Data, [])),
-    import_auth_mnesia(maps:get(<<"auth_mnesia">>, Data, []), Version),
-    import_acl_mnesia(maps:get(<<"acl_mnesia">>, Data, []), Version).
-
--ifdef(EMQX_ENTERPRISE).
-do_import_extra_data(Data, _Version) ->
-    _ = import_confs(maps:get(<<"configs">>, Data, []), maps:get(<<"listeners_state">>, Data, [])),
-    _ = import_modules(maps:get(<<"modules">>, Data, [])),
-    _ = import_schemas(maps:get(<<"schemas">>, Data, [])),
-    ok.
--else.
-do_import_extra_data(_Data, _Version) -> ok.
--endif.
-
-covert_empty_headers([]) -> #{};
-covert_empty_headers(Other) -> Other.
-
-flag_to_boolean(<<"on">>) -> true;
-flag_to_boolean(<<"off">>) -> false;
-flag_to_boolean(Other) -> Other.
-
--ifndef(EMQX_ENTERPRISE).
-is_version_supported(Data, Version) ->
-    case { maps:get(<<"auth_clientid">>, Data, [])
-         , maps:get(<<"auth_username">>, Data, [])
-         , maps:get(<<"auth_mnesia">>, Data, [])} of
-        {[], [], []} -> lists:member(Version, ?VERSIONS);
-        _ -> is_version_supported2(Version)
-    end.
-
-is_version_supported2("4.1") ->
-    true;
-is_version_supported2("4.3") ->
-    true;
-is_version_supported2(Version) ->
-    case re:run(Version, "^4.[02].\\d+$", [{capture, none}]) of
-        match ->
-            try lists:map(fun erlang:list_to_integer/1, string:tokens(Version, ".")) of
-                [4, 2, N] -> N >= 11;
-                [4, 0, N] -> N >= 13;
-                _ -> false
-            catch
-                _ : _ -> false
-            end;
-        nomatch ->
-            false
-    end.
--endif.
-
-read_global_auth_type(Data) ->
-    case {maps:get(<<"auth_mnesia">>, Data, []), maps:get(<<"acl_mnesia">>, Data, [])} of
-        {[], []} ->
-            %% Auth mnesia plugin is not used:
-            ok;
-        _ ->
-            do_read_global_auth_type(Data)
-    end.
-
--ifdef(EMQX_ENTERPRISE).
-do_read_global_auth_type(Data) ->
-    case Data of
-        #{<<"auth.mnesia.as">> := <<"username">>} ->
-            application:set_env(emqx_auth_mnesia, as, username);
-        #{<<"auth.mnesia.as">> := <<"clientid">>} ->
-            application:set_env(emqx_auth_mnesia, as, clientid);
-        _ ->
-            ok
-    end.
-
--else.
-do_read_global_auth_type(Data) ->
-    case Data of
-        #{<<"auth.mnesia.as">> := <<"username">>} ->
-            application:set_env(emqx_auth_mnesia, as, username);
-        #{<<"auth.mnesia.as">> := <<"clientid">>} ->
-            application:set_env(emqx_auth_mnesia, as, clientid);
-        _ ->
-            logger:error("While importing data from EMQX versions prior to 4.3 "
-                         "it is necessary to specify the value of \"auth.mnesia.as\" parameter "
-                         "as it was configured in etc/plugins/emqx_auth_mnesia.conf.\n"
-                         "Use the following command to import data:\n"
-                         "  $ emqx_ctl data import <filename> --env '{\"auth.mnesia.as\":\"username\"}'\n"
-                         "or\n"
-                         "  $ emqx_ctl data import <filename> --env '{\"auth.mnesia.as\":\"clientid\"}'",
-                         []),
-            error(import_failed)
-    end.
--endif.
-
-get_old_type() ->
-    {ok, Type} = application:get_env(emqx_auth_mnesia, as),
-    Type.
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl
deleted file mode 100644
index 7c249b66b..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE.erl
+++ /dev/null
@@ -1,176 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_mnesia_migration_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("eunit/include/eunit.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/emqx_mqtt.hrl").
--include_lib("emqx_auth_mnesia/include/emqx_auth_mnesia.hrl").
-
-matrix() ->
-    [{ImportAs, Version} || ImportAs <- [clientid, username]
-                          , Version <- ["v4.2.10", "v4.1.5"]].
-
-all() ->
-    [t_import_4_0, t_import_4_1, t_import_4_2].
-
-groups() ->
-    [{username, [], cases()}, {clientid, [], cases()}].
-
-cases() ->
-    [t_import].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_management, emqx_dashboard, emqx_auth_mnesia]),
-    application:set_env(ekka, strict_mode, true),
-    ekka_mnesia:start(),
-    emqx_mgmt_auth:mnesia(boot),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_modules, emqx_management, emqx_dashboard, emqx_auth_mnesia]),
-    ekka_mnesia:ensure_stopped().
-
-init_per_testcase(_, Config) ->
-    Config.
-
-end_per_testcase(_, _Config) ->
-    {atomic,ok} = mnesia:clear_table(emqx_acl),
-    {atomic,ok} = mnesia:clear_table(emqx_user),
-    ok.
--ifdef(EMQX_ENTERPRISE).
-t_import_4_0(Config) ->
-    Overrides = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch(ok, do_import("e4.0.10.json", Config, Overrides)),
-    timer:sleep(100),
-    ct:pal("---~p~n", [ets:tab2list(emqx_user)]),
-    test_import(username, {<<"emqx_username">>, <<"public">>}),
-    test_import(clientid, {<<"emqx_c">>, <<"public">>}),
-
-    Overrides1 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(username)}),
-    ?assertMatch(ok, do_import("e4.0.10.json", Config, Overrides1)),
-    timer:sleep(100),
-    test_import(username, {<<"emqx_c">>, <<"public">>}),
-    test_import(username, {<<"emqx_username">>, <<"public">>}).
-t_import_4_1(Config) ->
-    Overrides = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch(ok, do_import("e4.1.1.json", Config, Overrides)),
-    timer:sleep(100),
-    test_import(clientid, {<<"emqx_c">>, <<"public">>}),
-    test_import(clientid, {<<"emqx_c">>, <<"public">>}),
-
-    Overrides1 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(username)}),
-    ?assertMatch(ok, do_import("e4.1.1.json", Config, Overrides1)),
-    timer:sleep(100),
-    test_import(username, {<<"emqx_c">>, <<"public">>}),
-    test_import(clientid, {<<"emqx_clientid">>, <<"public">>}).
-
-t_import_4_2(Config) ->
-    ?assertMatch(ok, do_import("e4.2.9.json", Config, "{}")),
-    timer:sleep(100),
-    test_import(username, {<<"emqx_c">>, <<"public">>}),
-    test_import(clientid, {<<"emqx_clientid">>, <<"public">>}).
-
--else.
-t_import_4_0(Config) ->
-    ?assertMatch(ok, do_import("v4.0.11-no-auth.json", Config)),
-    timer:sleep(100),
-    ?assertMatch(0, ets:info(emqx_user, size)),
-
-    ?assertMatch({error, unsupported_version, "4.0"}, do_import("v4.0.11.json", Config)),
-
-    ?assertMatch(ok, do_import("v4.0.13.json", Config)),
-    timer:sleep(100),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}).
-
-t_import_4_1(Config) ->
-    Overrides = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch(ok, do_import("v4.1.5.json", Config, Overrides)),
-    timer:sleep(100),
-    test_import(clientid, {<<"user_mnesia">>, <<"public">>}),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}),
-
-    Overrides1 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(username)}),
-    ?assertMatch(ok, do_import("v4.1.5.json", Config, Overrides1)),
-    timer:sleep(100),
-    test_import(username, {<<"user_mnesia">>, <<"public">>}),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}).
-
-t_import_4_2(Config) ->
-    ?assertMatch(ok, do_import("v4.2.10-no-auth.json", Config)),
-    timer:sleep(100),
-    ?assertMatch(0, ets:info(emqx_user, size)),
-
-    Overrides = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch({error, unsupported_version, "4.2"}, do_import("v4.2.10.json", Config, Overrides)),
-
-    Overrides1 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(clientid)}),
-    ?assertMatch(ok, do_import("v4.2.11.json", Config, Overrides1)),
-    timer:sleep(100),
-    test_import(clientid, {<<"user_mnesia">>, <<"public">>}),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}),
-
-    Overrides2 = emqx_json:encode(#{<<"auth.mnesia.as">> => atom_to_binary(username)}),
-    ?assertMatch(ok, do_import("v4.2.11.json", Config, Overrides2)),
-    timer:sleep(100),
-    test_import(username, {<<"user_mnesia">>, <<"public">>}),
-    test_import(clientid, {<<"client_for_test">>, <<"public">>}),
-    test_import(username, {<<"user_for_test">>, <<"public">>}),
-
-    ?assertMatch([#emqx_acl{
-                     filter = {{Type,<<"emqx_c">>}, <<"Topic/A">>},
-                     action = pub,
-                     access = allow
-                    },
-                  #emqx_acl{
-                     filter = {{Type,<<"emqx_c">>}, <<"Topic/A">>},
-                     action = sub,
-                     access = allow
-                    }],
-                 lists:sort(ets:tab2list(emqx_acl))).
--endif.
-
-do_import(File, Config) ->
-    do_import(File, Config, "{}").
-
-do_import(File, Config, Overrides) ->
-    mnesia:clear_table(emqx_acl),
-    mnesia:clear_table(emqx_user),
-    Filename = filename:join(proplists:get_value(data_dir, Config), File),
-    emqx_mgmt_data_backup:import(Filename, Overrides).
-
-test_import(username, {Username, Password}) ->
-    [#emqx_user{password = _}] = ets:lookup(emqx_user, {username, Username}),
-    Req = #{clientid => <<"anyname">>,
-            username => Username,
-            password => Password},
-    ?assertMatch({stop, #{auth_result := success}},
-                 emqx_auth_mnesia:check(Req, #{}, #{hash_type => sha256}));
-test_import(clientid, {ClientID, Password}) ->
-    [#emqx_user{password = _}] = ets:lookup(emqx_user, {clientid, ClientID}),
-    Req = #{clientid => ClientID,
-            password => Password},
-    ?assertMatch({stop, #{auth_result := success}},
-                 emqx_auth_mnesia:check(Req, #{}, #{hash_type => sha256})).
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/make_data.sh b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/make_data.sh
deleted file mode 100755
index e31729784..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/make_data.sh
+++ /dev/null
@@ -1,134 +0,0 @@
-#!/bin/bash
-set -eux pipefail
-# Helper script for creating data export files
-
-container() {
-    version="${1}"
-    if [ -z ${2+x} ]; then
-        ee=""
-    else
-        ee="-ee"
-    fi
-    container="emqx/emqx${ee}:${version}"
-    docker rm -f emqx || true
-    docker run "$container" true # Make sure the image is cached locally
-    docker run --rm -e EMQX_LOADED_PLUGINS="emqx_auth_mnesia emqx_auth_clientid emqx_management" \
-           --name emqx -p 8081:8081 "$container" emqx foreground &
-    sleep 7
-}
-
-create_acls () {
-    url="${1}"
-    curl -f -v "http://localhost:8081/$url" -u admin:public -d@- <<EOF
-[
-  {
-    "login":"emqx_c",
-    "topic":"Topic/A",
-    "action":"pub",
-    "allow": true
-  },
-  {
-    "login":"emqx_c",
-    "topic":"Topic/A",
-    "action":"sub",
-    "allow": true
-  }
-]
-EOF
-}
-
-create_user () {
-    url="${1}"
-    curl -f -v "http://localhost:8081/api/v4/$url" -u admin:public -d@- <<EOF
-{
-    "login": "emqx_c",
-    "password": "emqx_p",
-    "is_superuser": true
-}
-EOF
-}
-
-export_data() {
-    filename="${1}"
-
-    docker exec emqx emqx_ctl data export
-    docker exec emqx sh -c 'cat data/*.json' | jq > "$filename.json"
-    cat "${filename}.json"
-}
-
-
-collect_4_2_no_mnesia_auth () {
-    container "4.2.10"
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "v4.2.10-no-auth"
-}
-
-collect_4_2 () {
-    container "4.2.10"
-    create_acls "api/v4/mqtt_acl"
-    create_user mqtt_user
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "v4.2.10"
-}
-
-
-collect_e4_2 () {
-    container "4.2.5" "ee"
-    # Add ACLs:
-    docker exec emqx emqx_ctl acl add username emqx_c Topic/A pubsub allow
-    # Create users
-    docker exec emqx emqx_ctl user add emqx_c emqx_p
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "e4.2.5"
-}
-
-collect_e4_1 () {
-    container "4.1.1" "ee"
-    # Add ACLs:
-    create_acls "api/v4/emqx_acl"
-    # Create users
-    create_user "auth_user"
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "e4.1.1"
-}
-
-collect_4_1 () {
-    container "v4.1.5"
-    create_acls "api/v4/emqx_acl"
-    create_user auth_user
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "v4.1.5"
-}
-
-collect_4_0 () {
-    container "v4.0.11"
-
-    # Add clientid
-    docker exec emqx emqx_ctl clientid add emqx_clientid emqx_p
-
-    export_data "v4.0.11"
-}
-
-collect_4_0
-collect_4_1
-collect_4_2
-collect_4_2_no_mnesia_auth
-collect_e4_2
-collect_e4_1
-
-docker kill emqx
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11-no-auth.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11-no-auth.json
deleted file mode 100644
index 8dad197dd..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11-no-auth.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-  "version": "4.0",
-  "users": [],
-  "schemas": [],
-  "rules": [],
-  "resources": [],
-  "date": "2021-04-10 11:45:26",
-  "blacklist": [],
-  "auth_username": [],
-  "auth_mnesia": [],
-  "auth_clientid": [],
-  "apps": [
-    {
-      "status": true,
-      "secret": "public",
-      "name": "Default",
-      "id": "admin",
-      "expired": "undefined",
-      "desc": "Application user"
-    }
-  ],
-  "acl_mnesia": []
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11.json
deleted file mode 100644
index a701d0944..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.11.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "version": "4.0",
-  "users": [],
-  "schemas": [],
-  "rules": [],
-  "resources": [],
-  "date": "2021-04-10 11:45:26",
-  "blacklist": [],
-  "auth_username": [],
-  "auth_mnesia": [],
-  "auth_clientid": [
-    {
-      "password": "9Sv2tzJlNDlmNWZhYWQ5Yzc4MWUwNmFhZWI4NjFlMDM2OWEzYmE1OTkxOTBhOGQ4N2Y3MzExY2ZiZmIxNTFkMTdkZmY=",
-      "clientid": "emqx_clientid"
-    }
-  ],
-  "apps": [
-    {
-      "status": true,
-      "secret": "public",
-      "name": "Default",
-      "id": "admin",
-      "expired": "undefined",
-      "desc": "Application user"
-    }
-  ],
-  "acl_mnesia": []
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.13.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.13.json
deleted file mode 100644
index 9c602a0e3..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.0.13.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-    "version":"4.0.13",
-    "users":[
-        {
-            "username":"admin",
-            "tags":"administrator",
-            "password":"p6C65OF0BQhvPmCziM2yRa8JN5o="
-        }
-    ],
-    "schemas":[],
-    "rules":[],
-    "resources":[],
-    "date":"2021-04-16 11:20:00",
-    "blacklist":[],
-    "auth_username":[
-        {
-            "username":"user_for_test",
-            "password":"ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU="
-        }
-    ],
-    "auth_clientid":[
-        {
-            "password":"JBgSnzIxOWNiMDU1ZWFiNDAwMjVhOTQzZThlZjkxN2JlZWE4MGE4YzlmM2I5MjQ4OGI1NjllY2Q4NGQ4NjhjYzQ1NDM=",
-            "clientid":"client_for_test"
-        }
-    ],
-    "apps":[
-        {
-            "status":true,
-            "secret":"public",
-            "name":"Default",
-            "id":"admin",
-            "expired":"undefined",
-            "desc":"Application user"
-        }
-    ]
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.1.5.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.1.5.json
deleted file mode 100644
index 3d3b9aa7e..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.1.5.json
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  "version": "4.1",
-  "users": [
-    {
-      "username": "admin",
-      "tags": "administrator",
-      "password": "R0TpDmJtE/d5rIXAm6YY61RI0mg="
-    }
-  ],
-  "schemas": [],
-  "rules": [],
-  "resources": [],
-  "date": "2021-04-07 14:28:58",
-  "blacklist": [],
-  "auth_username": [
-    {
-      "username":"user_for_test",
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU="
-    }
-  ],
-  "auth_mnesia": [
-    {
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU=",
-      "login": "user_mnesia",
-      "is_superuser": true
-    }
-  ],
-  "auth_clientid": [
-    {
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU=",
-      "clientid": "client_for_test"
-    }
-  ],
-  "apps": [
-    {
-      "status": true,
-      "secret": "public",
-      "name": "Default",
-      "id": "admin",
-      "expired": "undefined",
-      "desc": "Application user"
-    }
-  ],
-  "acl_mnesia": [
-    {
-      "topic": "Topic/A",
-      "login": "emqx_c",
-      "allow": true,
-      "action": "sub"
-    },
-    {
-      "topic": "Topic/A",
-      "login": "emqx_c",
-      "allow": true,
-      "action": "pub"
-    }
-  ]
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10-no-auth.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10-no-auth.json
deleted file mode 100644
index 446a46f07..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10-no-auth.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  "version": "4.2",
-  "date": "2021-04-12 10:41:10",
-  "rules": [],
-  "resources": [],
-  "blacklist": [],
-  "apps": [
-    {
-      "id": "admin",
-      "secret": "public",
-      "name": "Default",
-      "desc": "Application user",
-      "status": true,
-      "expired": "undefined"
-    }
-  ],
-  "users": [
-    {
-      "username": "admin",
-      "password": "e5M8oWEwQVqjdqceQIthC+3cPoY=",
-      "tags": "administrator"
-    }
-  ],
-  "auth_clientid": [],
-  "auth_username": [],
-  "auth_mnesia": [],
-  "acl_mnesia": [],
-  "schemas": []
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10.json
deleted file mode 100644
index 1ccc6ce9d..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.10.json
+++ /dev/null
@@ -1,53 +0,0 @@
-{
-  "version": "4.2",
-  "date": "2021-04-12 10:40:58",
-  "rules": [],
-  "resources": [],
-  "blacklist": [],
-  "apps": [
-    {
-      "id": "admin",
-      "secret": "public",
-      "name": "Default",
-      "desc": "Application user",
-      "status": true,
-      "expired": "undefined"
-    }
-  ],
-  "users": [
-    {
-      "username": "admin",
-      "password": "8Vd7+gVg2J3nE1Xjyxqd59sA5mo=",
-      "tags": "administrator"
-    }
-  ],
-  "auth_clientid": [
-    {
-      "clientid": "emqx_clientid",
-      "password": "UNb0e2RhNDc3NWIyNjg5Yjg4ZDExOTVhNWFkY2MzNGFmNzY2OTNmNmRlYzE4Y2ZiZjRjNzIyMWZlZTljZmEyZDE5Yzc="
-    }
-  ],
-  "auth_username": [],
-  "auth_mnesia": [
-    {
-      "login": "emqx_c",
-      "password": "ceb5e917f7930ae8f0dc3ceb496a428f7e644736eebca36a2b8f6bbac756171a",
-      "is_superuser": true
-    }
-  ],
-  "acl_mnesia": [
-    {
-      "login": "emqx_c",
-      "topic": "Topic/A",
-      "action": "sub",
-      "allow": true
-    },
-    {
-      "login": "emqx_c",
-      "topic": "Topic/A",
-      "action": "pub",
-      "allow": true
-    }
-  ],
-  "schemas": []
-}
diff --git a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.11.json b/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.11.json
deleted file mode 100644
index 52a91ac68..000000000
--- a/apps/emqx_management/test/emqx_auth_mnesia_migration_SUITE_data/v4.2.11.json
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  "version": "4.2.11",
-  "date": "2021-04-12 10:40:58",
-  "rules": [],
-  "resources": [],
-  "blacklist": [],
-  "apps": [
-    {
-      "id": "admin",
-      "secret": "public",
-      "name": "Default",
-      "desc": "Application user",
-      "status": true,
-      "expired": "undefined"
-    }
-  ],
-  "users": [
-    {
-      "username": "test",
-      "password": "8Vd7+gVg2J3nE1Xjyxqd59sA5mo=",
-      "tags": "administrator"
-    }
-  ],
-  "auth_clientid": [
-    {
-      "clientid": "client_for_test",
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU="
-    }
-  ],
-  "auth_username": [
-    {
-      "username": "user_for_test",
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU="
-    }
-  ],
-  "auth_mnesia": [
-    {
-      "login": "user_mnesia",
-      "password": "ARLrzTRhZTI1MzgxNjdjMDU5ODFhZDU3ZTdmNzJiOWM5MWUwMTFkNDk4OGUyZWUyYmU0ZTE2ZTg2OWNhMGQyYWQ5ZmU=",
-      "is_superuser": true
-    }
-  ],
-  "acl_mnesia": [
-    {
-      "login": "emqx_c",
-      "topic": "Topic/A",
-      "action": "sub",
-      "allow": true
-    },
-    {
-      "login": "emqx_c",
-      "topic": "Topic/A",
-      "action": "pub",
-      "allow": true
-    }
-  ],
-  "schemas": []
-}
diff --git a/rebar.config b/rebar.config
index e12ca02ba..4c086c312 100644
--- a/rebar.config
+++ b/rebar.config
@@ -35,7 +35,6 @@
 {deps,
     [ {gpb, "4.11.2"} %% gpb only used to build, but not for release, pin it here to avoid fetching a wrong version due to rebar plugins scattered in all the deps
     , {ehttpc, {git, "https://github.com/emqx/ehttpc", {tag, "0.1.6"}}}
-    , {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.7"}}}
     , {gproc, {git, "https://github.com/uwiger/gproc", {tag, "0.8.0"}}}
     , {jiffy, {git, "https://github.com/emqx/jiffy", {tag, "1.0.5"}}}
     , {cowboy, {git, "https://github.com/emqx/cowboy", {tag, "2.8.2"}}}

From 8eca3e3a4e8c6b80d21c74cf660eb5d418f1dcf3 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 10:58:34 +0800
Subject: [PATCH 108/174] chore(CI): update ci env

---
 .github/workflows/run_test_cases.yaml | 43 ---------------------------
 1 file changed, 43 deletions(-)

diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml
index 3fbe88c40..812058111 100644
--- a/.github/workflows/run_test_cases.yaml
+++ b/.github/workflows/run_test_cases.yaml
@@ -56,64 +56,21 @@ jobs:
         - name: docker compose up
           if: env.EDITION == 'opensource'
           env:
-            MYSQL_TAG: 8
-            REDIS_TAG: 6
-            MONGO_TAG: 4
-            PGSQL_TAG: 13
-            LDAP_TAG: 2.4.50
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           run: |
             docker-compose \
                 -f .ci/docker-compose-file/docker-compose.yaml \
-                -f .ci/docker-compose-file/docker-compose-ldap-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-mongo-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
                 up -d --build
         - name: docker compose up
           if: env.EDITION == 'enterprise'
           env:
-            MYSQL_TAG: 8
-            REDIS_TAG: 6
-            MONGO_TAG: 4
-            PGSQL_TAG: 13
-            LDAP_TAG: 2.4.50
-            OPENTSDB_TAG: latest
-            INFLUXDB_TAG: 1.7.6
-            DYNAMODB_TAG: 1.11.477
-            TIMESCALE_TAG: latest-pg11
-            CASSANDRA_TAG: 3.11.6
-            RABBITMQ_TAG: 3.7
-            KAFKA_TAG: 2.5.0
-            PULSAR_TAG: 2.3.2
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           timeout-minutes: 20
           run: |
             docker-compose \
                 -f .ci/docker-compose-file/docker-compose.yaml \
-                -f .ci/docker-compose-file/docker-compose-ldap-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-mongo-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
                 -f .ci/docker-compose-file/docker-compose-enterprise.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-cassandra-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-dynamodb-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-influxdb-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-kafka-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-opentsdb-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-pulsar-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-rabbit-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-timescale-tcp.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-mysql-client.yaml \
-                -f .ci/docker-compose-file/docker-compose-enterprise-pgsql-and-timescale-client.yaml \
                 up -d --build
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-            while [ $(docker ps -a --filter name=client --filter exited=0 | wc -l) \
-                 != $(docker ps -a --filter name=client | wc -l) ]; do
-              sleep 5
-            done
         - name: run eunit
           run: |
             docker exec -i erlang bash -c "make eunit"

From 1582c07cbe880ccfc598690a9978df2e19734b11 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 11:35:26 +0800
Subject: [PATCH 109/174] chore: delete import and export feature

---
 apps/emqx_connector/rebar.config              |   2 +-
 ...x_bridge_mqtt_data_export_import_SUITE.erl | 184 -----------------
 .../409.json                                  |  68 ------
 .../415.json                                  |  70 -------
 .../420.json                                  |  70 -------
 .../430.json                                  |  76 -------
 .../ee4010.json                               |  68 ------
 .../ee410.json                                |  70 -------
 .../ee411.json                                |  70 -------
 .../ee420.json                                | 119 -----------
 .../ee425.json                                | 123 -----------
 .../ee430.json                                | 123 -----------
 .../test/emqx_mgmt_api_SUITE.erl              |  33 ---
 .../emqx_webhook_data_export_import_SUITE.erl | 194 ------------------
 .../409.json                                  |  43 ----
 .../415.json                                  |  42 ----
 .../422.json                                  |  43 ----
 .../423.json                                  |  44 ----
 .../425.json                                  |  47 -----
 .../430.json                                  |  52 -----
 .../ee4010.json                               |  43 ----
 .../ee410.json                                |  43 ----
 .../ee411.json                                |  43 ----
 .../ee420.json                                |  92 ---------
 .../ee425.json                                | 102 ---------
 .../ee430.json                                |  98 ---------
 26 files changed, 1 insertion(+), 1961 deletions(-)
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE.erl
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/409.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/415.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/420.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/430.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee4010.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee410.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee411.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee420.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee425.json
 delete mode 100644 apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee430.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE.erl
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/409.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/415.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/422.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/423.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/425.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/430.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee4010.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee410.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee411.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee420.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee425.json
 delete mode 100644 apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee430.json

diff --git a/apps/emqx_connector/rebar.config b/apps/emqx_connector/rebar.config
index 633b427cf..b12bd3edb 100644
--- a/apps/emqx_connector/rebar.config
+++ b/apps/emqx_connector/rebar.config
@@ -11,7 +11,7 @@
   %% NOTE: mind poolboy version when updating mongodb-erlang version
   {mongodb, {git,"https://github.com/emqx/mongodb-erlang", {tag, "v3.0.7"}}},
   %% NOTE: mind poolboy version when updating eredis_cluster version
-  {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.6"}}},
+  {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.7"}}},
   %% mongodb-erlang uses a special fork https://github.com/comtihon/poolboy.git
   %% (which has overflow_ttl feature added).
   %% However, it references `{branch, "master}` (commit 9c06a9a on 2021-04-07).
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE.erl b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE.erl
deleted file mode 100644
index 5667cb73f..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE.erl
+++ /dev/null
@@ -1,184 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_bridge_mqtt_data_export_import_SUITE).
--include_lib("eunit/include/eunit.hrl").
--include_lib("emqx_rule_engine/include/rule_engine.hrl").
--compile([export_all, nowarn_export_all]).
-
-% -define(EMQX_ENTERPRISE, true).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    application:load(emqx_modules),
-    application:load(emqx_bridge_mqtt),
-    emqx_ct_helpers:start_apps([emqx_rule_engine, emqx_management]),
-    Cfg.
-
-end_per_suite(Cfg) ->
-    emqx_ct_helpers:stop_apps([emqx_management, emqx_rule_engine]),
-    Cfg.
-
-get_data_path() ->
-    emqx_ct_helpers:deps_path(emqx_management, "test/emqx_bridge_mqtt_data_export_import_SUITE_data/").
-
-import(FilePath, Version) ->
-    ok = emqx_mgmt_data_backup:import(get_data_path() ++ "/" ++ FilePath, <<"{}">>),
-    timer:sleep(500),
-    lists:foreach(fun(#resource{id = Id, config = Config} = _Resource) ->
-        case Id of
-            <<"bridge">> ->
-                test_utils:resource_is_alive(Id),
-                handle_config(Config, Version, bridge);
-            <<"rpc">> ->
-                test_utils:resource_is_alive(Id),
-                handle_config(Config, Version, rpc);
-            _ -> ok
-        end
-    end, emqx_rule_registry:get_resources()).
-
-%%--------------------------------------------------------------------
-%% Cases
-%%--------------------------------------------------------------------
-
--ifndef(EMQX_ENTERPRISE).
-
-t_import420(_) ->
-    import("420.json", 420),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_import430(_) ->
-    import("430.json", 430),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_import409(_) ->
-    import("409.json", 409),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_import415(_) ->
-    import("415.json", 415),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-
-handle_config(Config, 420, bridge) ->
-    ?assertEqual(false, maps:get(<<"ssl">>, Config));
-
-handle_config(Config, 430, bridge) ->
-    ?assertEqual(false, maps:get(<<"ssl">>, Config));
-
-handle_config(Config, 420, rpc) ->
-    handle_config(Config, 430, rpc);
-
-handle_config(Config, 409, rpc) ->
-    handle_config(Config, 420, rpc);
-
-handle_config(Config, 415, rpc) ->
-    handle_config(Config, 420, rpc);
-
-handle_config(Config, 409, bridge) ->
-    handle_config(Config, 420, bridge);
-
-handle_config(Config, 415, bridge) ->
-    handle_config(Config, 420, bridge);
-
-handle_config(Config, 430, rpc) ->
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"address">>, Config)),
-    ?assertEqual(32, maps:get(<<"batch_size">>, Config)),
-    ?assertEqual(<<"off">>, maps:get(<<"disk_cache">>, Config)),
-    ?assertEqual(<<"bridge/emqx/${node}/">>, maps:get(<<"mountpoint">>, Config)),
-    ?assertEqual(<<"30s">>, maps:get(<<"reconnect_interval">>, Config)),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-
-handle_config(_, _, _) -> ok.
-
--endif.
-
--ifdef(EMQX_ENTERPRISE).
-
-t_importee4010(_) ->
-    import("ee4010.json", ee4010),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee410(_) ->
-    import("ee410.json", ee410),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee411(_) ->
-    import("ee411.json", ee411),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee420(_) ->
-    import("ee420.json", ee420),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee425(_) ->
-    import("ee425.json", ee425),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-t_importee430(_) ->
-    import("ee430.json", ee430),
-    {ok, _} = emqx_mgmt_data_backup:export(),
-    remove_resources().
-
-%%--------------------------------------------------------------------
-%% handle_config
-%%--------------------------------------------------------------------
-
-handle_config(Config, ee4010, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee410, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee411, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee420, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee425, Id) ->
-    handle_config(Config, ee430, Id);
-
-handle_config(Config, ee430, bridge) ->
-    ?assertEqual(false, maps:get(<<"ssl">>, Config));
-
-handle_config(Config, ee430, rpc) ->
-    ?assertEqual(<<"off">>, maps:get(<<"disk_cache">>, Config));
-
-handle_config(Config, ee435, Id) ->
-    handle_config(Config, ee430, Id).
--endif.
-
-remove_resources() ->
-    timer:sleep(500),
-    lists:foreach(fun(#resource{id = Id}) ->
-        emqx_rule_engine:delete_resource(Id)
-    end, emqx_rule_registry:get_resources()),
-    timer:sleep(500).
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/409.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/409.json
deleted file mode 100644
index cb50a31af..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/409.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-    "version": "4.0",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "m/GtjNgri9GILklefVJH8BeTnNE="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "user",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "password": "passwd",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "bridge_aws",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": true,
-                "address": "127.0.0.1:1883"
-            }
-        },
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        }
-    ],
-    "date": "2021-03-30 13:38:39",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/415.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/415.json
deleted file mode 100644
index 176ac1f71..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/415.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "3W+nHOkCZLFspENkIvHKzCbHxHI="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        },
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "user",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "pool_size": 8,
-                "password": "passwd",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "client",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": true,
-                "append": true,
-                "address": "127.0.0.1:1883"
-            }
-        }
-    ],
-    "date": "2021-03-30 13:52:53",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/420.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/420.json
deleted file mode 100644
index 9922e459f..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/420.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-03-23 23:22:30",
-    "rules": [],
-    "resources": [
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": null,
-            "description": "rpc"
-        },
-        {
-            "id": "bridge",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": "etc/certs/cacert.pem",
-                "certfile": "etc/certs/client-cert.pem",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": "etc/certs/client-key.pem",
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": "off",
-                "username": ""
-            },
-            "created_at": null,
-            "description": "bridge"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "mOTRLWt85F7GW+CSiBuRUZiRANw=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_clientid": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/430.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/430.json
deleted file mode 100644
index 4f535bfb7..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/430.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
-    "version": "4.3",
-    "rules": [],
-    "resources": [
-        {
-            "id": "brigde",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": {
-                    "filename": "etc/certs/cacert.pem",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "etc/certs/client-cert.pem",
-                    "file": ""
-                },
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": {
-                    "filename": "etc/certs/client-key.pem",
-                    "file": ""
-                },
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": false,
-                "username": ""
-            },
-            "created_at": 1616635569139,
-            "description": "brigde"
-        },
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": 1616635583552,
-            "description": "rpc"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "q8v7hISIMz+iKn/ZuAaogvAxKbA=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "date": "2021-03-25 09:26:34"
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee4010.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee4010.json
deleted file mode 100644
index fedd35884..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee4010.json
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-    "version": "4.0",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "GCX5nvOMK0hbiMB4AUyc25wI8fU="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "user",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "password": "passwd",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "bridge_aws",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": true,
-                "address": "127.0.0.1:1883"
-            }
-        },
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        }
-    ],
-    "date": "2021-04-13 13:57:23",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee410.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee410.json
deleted file mode 100644
index 8a6f7129b..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee410.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "atdwlByxL9/9P3CoFJ60drhodkY="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        },
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "pool_size": 8,
-                "password": "",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "client",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": false,
-                "append": true,
-                "address": "127.0.0.1:1883"
-            }
-        }
-    ],
-    "date": "2021-04-13 11:30:21",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee411.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee411.json
deleted file mode 100644
index 6bbd3ac7b..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee411.json
+++ /dev/null
@@ -1,70 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "tsYtP3TylchkM7J7YTc46Di0kPk="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "bridge_rpc",
-            "id": "rpc",
-            "description": "rpc",
-            "created_at": null,
-            "config": {
-                "reconnect_interval": "30s",
-                "pool_size": 8,
-                "mountpoint": "bridge/emqx/${node}/",
-                "disk_cache": "off",
-                "batch_size": 32,
-                "address": "test@127.0.0.1"
-            }
-        },
-        {
-            "type": "bridge_mqtt",
-            "id": "bridge",
-            "description": "bridge",
-            "created_at": null,
-            "config": {
-                "username": "",
-                "ssl": "off",
-                "retry_interval": "20s",
-                "reconnect_interval": "30s",
-                "proto_ver": "mqttv4",
-                "pool_size": 8,
-                "password": "",
-                "mountpoint": "bridge/emqx/${node}/",
-                "keyfile": "etc/certs/client-key.pem",
-                "keepalive": "60s",
-                "disk_cache": "off",
-                "clientid": "client",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "certfile": "etc/certs/client-cert.pem",
-                "cacertfile": "etc/certs/cacert.pem",
-                "bridge_mode": false,
-                "append": true,
-                "address": "127.0.0.1:1883"
-            }
-        }
-    ],
-    "date": "2021-04-13 16:37:18",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee420.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee420.json
deleted file mode 100644
index 3b56495d1..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee420.json
+++ /dev/null
@@ -1,119 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-04-13 11:35:13",
-    "modules": [
-        {
-            "id": "module:b9294d70",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:c7c7b692",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:486adc4b",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:411cf85d",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:127b92c3",
-            "type": "hot_confs",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        }
-    ],
-    "rules": [],
-    "resources": [
-        {
-            "id": "bridge",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": "etc/certs/cacert.pem",
-                "certfile": "etc/certs/client-cert.pem",
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": "etc/certs/client-key.pem",
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": "off",
-                "username": ""
-            },
-            "created_at": null,
-            "description": "bridge"
-        },
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": null,
-            "description": "rpc"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "bx1P63qGDhKvZYdltxX4NVY2kS4=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee425.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee425.json
deleted file mode 100644
index c6a80b9f6..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee425.json
+++ /dev/null
@@ -1,123 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-04-13 16:42:34",
-    "modules": [
-        {
-            "id": "module:3dc04a9c",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:5128901f",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:9d1596c8",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:43d43410",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        }
-    ],
-    "rules": [],
-    "resources": [
-        {
-            "id": "bridge",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": false,
-                "username": "",
-                "verify": false
-            },
-            "created_at": null,
-            "description": "bridge"
-        },
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": null,
-            "description": "rpc"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "Hd8AMmbFs+LsqQXQxaV/WqLoGEk=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": [],
-    "configs": [],
-    "listeners_state": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee430.json b/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee430.json
deleted file mode 100644
index 2b7e66013..000000000
--- a/apps/emqx_management/test/emqx_bridge_mqtt_data_export_import_SUITE_data/ee430.json
+++ /dev/null
@@ -1,123 +0,0 @@
-{
-    "version": "4.3",
-    "rules": [],
-    "resources": [
-        {
-            "id": "bridge",
-            "type": "bridge_mqtt",
-            "config": {
-                "address": "127.0.0.1:1883",
-                "append": true,
-                "bridge_mode": false,
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA",
-                "clientid": "client",
-                "disk_cache": "off",
-                "keepalive": "60s",
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "mountpoint": "bridge/emqx/${node}/",
-                "password": "",
-                "pool_size": 8,
-                "proto_ver": "mqttv4",
-                "reconnect_interval": "30s",
-                "retry_interval": "20s",
-                "ssl": false,
-                "username": "",
-                "verify": false
-            },
-            "created_at": 1618304391051,
-            "description": "bridge"
-        },
-        {
-            "id": "rpc",
-            "type": "bridge_rpc",
-            "config": {
-                "address": "test@127.0.0.1",
-                "batch_size": 32,
-                "disk_cache": "off",
-                "mountpoint": "bridge/emqx/${node}/",
-                "pool_size": 8,
-                "reconnect_interval": "30s"
-            },
-            "created_at": 1618304406842,
-            "description": "rpc"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "qq8hg9pOkmYiHqzi3+bcUaK2CGA=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "modules": [
-        {
-            "id": "module:aabeddbf",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:cbe6d976",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:46375e06",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:091eb7c3",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        }
-    ],
-    "schemas": [],
-    "configs": [],
-    "listeners_state": [],
-    "date": "2021-04-13 17:59:52"
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
index 22d4f51ef..d372596ed 100644
--- a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
@@ -537,39 +537,6 @@ t_stats(_) ->
     ?assertEqual(<<"undefined">>, get(<<"message">>, Return)),
     meck:unload(emqx_mgmt).
 
-t_data(_) ->
-    ok = emqx_rule_registry:mnesia(boot),
-    ok = emqx_dashboard_admin:mnesia(boot),
-    application:ensure_all_started(emqx_rule_engine),
-    application:ensure_all_started(emqx_dashboard),
-    {ok, Data} = request_api(post, api_path(["data","export"]), [], auth_header_(), [#{}]),
-    #{<<"filename">> := Filename, <<"node">> := Node} = emqx_ct_http:get_http_data(Data),
-    {ok, DataList} = request_api(get, api_path(["data","export"]), auth_header_()),
-    ?assertEqual(true, lists:member(emqx_ct_http:get_http_data(Data), emqx_ct_http:get_http_data(DataList))),
-
-    ?assertMatch({ok, _}, request_api(post, api_path(["data","import"]), [], auth_header_(), #{<<"filename">> => Filename, <<"node">> => Node})),
-    ?assertMatch({ok, _}, request_api(post, api_path(["data","import"]), [], auth_header_(), #{<<"filename">> => Filename})),
-    application:stop(emqx_rule_engine),
-    application:stop(emqx_dahboard),
-    ok.
-
-t_data_import_content(_) ->
-    ok = emqx_rule_registry:mnesia(boot),
-    ok = emqx_dashboard_admin:mnesia(boot),
-    application:ensure_all_started(emqx_rule_engine),
-    application:ensure_all_started(emqx_dashboard),
-    {ok, Data} = request_api(post, api_path(["data","export"]), [], auth_header_(), [#{}]),
-    #{<<"filename">> := Filename} = emqx_ct_http:get_http_data(Data),
-    Dir = emqx:get_env(data_dir),
-    {ok, Bin} = file:read_file(filename:join(Dir, Filename)),
-    Content = emqx_json:decode(Bin),
-    %% TODO: enable when 5.0 if we are still using data export/import
-    %?assertMatch({ok, "{\"code\":0}"}, request_api(post, api_path(["data","import"]), [], auth_header_(), Content)),
-    ?assertMatch({ok, "{\"message\":\"5.0\",\"code\":\"unsupported_version\"}"},
-                 request_api(post, api_path(["data","import"]), [], auth_header_(), Content)),
-    application:stop(emqx_rule_engine),
-    application:stop(emqx_dahboard).
-
 request_api(Method, Url, Auth) ->
     request_api(Method, Url, [], Auth, []).
 
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE.erl b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE.erl
deleted file mode 100644
index 2965b7ad0..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE.erl
+++ /dev/null
@@ -1,194 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_webhook_data_export_import_SUITE).
--include_lib("eunit/include/eunit.hrl").
--include_lib("emqx_rule_engine/include/rule_engine.hrl").
--compile([export_all, nowarn_export_all]).
-
-% -define(EMQX_ENTERPRISE, true).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Cfg) ->
-    application:load(emqx_modules),
-    application:load(emqx_web_hook),
-    emqx_ct_helpers:start_apps([emqx_rule_engine, emqx_management]),
-    ok = emqx_rule_registry:mnesia(boot),
-    ok = emqx_rule_engine:load_providers(),
-    Cfg.
-
-end_per_suite(Cfg) ->
-    emqx_ct_helpers:stop_apps([emqx_management, emqx_rule_engine]),
-    Cfg.
-
-get_data_path() ->
-    emqx_ct_helpers:deps_path(emqx_management, "test/emqx_webhook_data_export_import_SUITE_data/").
-
-remove_resource(Id) ->
-    emqx_rule_registry:remove_resource(Id),
-    emqx_rule_registry:remove_resource_params(Id).
-
-import(FilePath, Version) ->
-    ok = emqx_mgmt_data_backup:import(get_data_path() ++ "/" ++ FilePath, <<"{}">>),
-    lists:foreach(fun(#resource{id = Id, config = Config} = _Resource) ->
-        case Id of
-            <<"webhook">> ->
-                test_utils:resource_is_alive(Id),
-                handle_config(Config, Version),
-                remove_resource(Id);
-            _ -> ok
-        end
-    end, emqx_rule_registry:get_resources()).
-
-%%--------------------------------------------------------------------
-%% Cases
-%%--------------------------------------------------------------------
--ifdef(EMQX_ENTERPRISE).
-
-t_importee4010(_) ->
-    import("ee4010.json", ee4010),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee410(_) ->
-    import("ee410.json", ee410),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee411(_) ->
-    import("ee411.json", ee411),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee420(_) ->
-    import("ee420.json", ee420),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee425(_) ->
-    import("ee425.json", ee425),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_importee430(_) ->
-    import("ee430.json", ee430),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-%%--------------------------------------------------------------------
-%% handle_config
-%%--------------------------------------------------------------------
-handle_config(Config, 409) ->
-    handle_config(Config, 422);
-
-handle_config(Config, 415) ->
-    handle_config(Config, 422);
-
-handle_config(Config, 422) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"POST">>, maps:get(<<"method">>, Config)),
-    ?assertEqual(#{"k" => "v"}, maps:get(<<"headers">>, Config));
-
-handle_config(Config, 423) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"POST">>, maps:get(<<"method">>, Config)),
-    ?assertEqual("application/json", maps:get(<<"content_type">>, Config)),
-    ?assertEqual(#{"k" => "v"}, maps:get(<<"headers">>, Config));
-
-handle_config(Config, 425) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"POST">>, maps:get(<<"method">>, Config)),
-    ?assertEqual(#{"k" => "v"}, maps:get(<<"headers">>, Config)),
-    ?assertEqual(5, maps:get(<<"connect_timeout">>, Config)),
-    ?assertEqual(5, maps:get(<<"request_timeout">>, Config)),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-
-handle_config(Config, 430) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"POST">>, maps:get(<<"method">>, Config)),
-    ?assertEqual(#{"k" => "v"}, maps:get(<<"headers">>, Config)),
-    ?assertEqual("5s", maps:get(<<"connect_timeout">>, Config)),
-    ?assertEqual("5s", maps:get(<<"request_timeout">>, Config)),
-    ?assertEqual(false, maps:get(<<"verify">>, Config)),
-    ?assertEqual(true, is_map(maps:get(<<"cacertfile">>, Config))),
-    ?assertEqual(true, is_map(maps:get(<<"certfile">>, Config))),
-    ?assertEqual(true, is_map(maps:get(<<"keyfile">>, Config))),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-handle_config(_, _) -> ok.
--endif.
-
--ifndef(EMQX_ENTERPRISE).
-
-t_import422(_) ->
-    import("422.json", 422),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import423(_) ->
-    import("423.json", 423),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import425(_) ->
-    import("425.json", 425),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import430(_) ->
-    import("430.json", 430),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import409(_) ->
-    import("409.json", 409),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-t_import415(_) ->
-    import("415.json", 415),
-    {ok, _} = emqx_mgmt_data_backup:export().
-
-%%--------------------------------------------------------------------
-%% handle_config
-%%--------------------------------------------------------------------
-
-handle_config(Config, ee4010) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config));
-
-handle_config(Config, ee410) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config));
-
-handle_config(Config, ee411) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config));
-
-handle_config(Config, ee420) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config));
-
-handle_config(Config, ee425) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"5s">>, maps:get(<<"connect_timeout">>, Config)),
-    ?assertEqual(<<"5s">>, maps:get(<<"request_timeout">>, Config)),
-    ?assertEqual(false, maps:get(<<"verify">>, Config)),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-
-handle_config(Config, ee435) ->
-    handle_config(Config, ee430);
-
-handle_config(Config, ee430) ->
-    ?assertEqual(<<"http://www.emqx.io">>, maps:get(<<"url">>, Config)),
-    ?assertEqual(<<"5s">>, maps:get(<<"connect_timeout">>, Config)),
-    ?assertEqual(<<"5s">>, maps:get(<<"request_timeout">>, Config)),
-    ?assertEqual(false, maps:get(<<"verify">>, Config)),
-    ?assertEqual(8, maps:get(<<"pool_size">>, Config));
-
-handle_config(Config, _) ->
-    io:format("|>=> :~p~n", [Config]).
-
--endif.
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/409.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/409.json
deleted file mode 100644
index 01591e107..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/409.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.0",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "m/GtjNgri9GILklefVJH8BeTnNE="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "webhook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            }
-        }
-    ],
-    "date": "2021-03-30 13:38:39",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/415.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/415.json
deleted file mode 100644
index ca6d7dd05..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/415.json
+++ /dev/null
@@ -1,42 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "3W+nHOkCZLFspENkIvHKzCbHxHI="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "webhook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "url": "http://www.emqx.io",
-                "method": "POST",
-                "headers": {
-                    "k": "v"
-                }
-            }
-        }
-    ],
-    "date": "2021-03-30 13:52:53",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/422.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/422.json
deleted file mode 100644
index 4bddd6344..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/422.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-03-23 23:22:30",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            },
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "mOTRLWt85F7GW+CSiBuRUZiRANw=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_clientid": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/423.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/423.json
deleted file mode 100644
index c9f8edbad..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/423.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-03-23 23:29:24",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            },
-            "content_type": "application/json",
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "mOTRLWt85F7GW+CSiBuRUZiRANw=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_clientid": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/425.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/425.json
deleted file mode 100644
index 7893c4624..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/425.json
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-03-24 14:51:22",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            },
-            "content_type": "application/json",
-            "connect_timeout" : 5,
-            "request_timeout" : 5,
-            "pool_size" : 8,
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "mOTRLWt85F7GW+CSiBuRUZiRANw=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_clientid": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/430.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/430.json
deleted file mode 100644
index 9472152f9..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/430.json
+++ /dev/null
@@ -1,52 +0,0 @@
-{
-    "version": "4.3",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "connect_timeout": "5s",
-                "pool_size": 8,
-                "request_timeout": "5s",
-                "url": "http://www.emqx.io",
-                "verify": false
-            },
-            "created_at": 1616581851001,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "q8v7hISIMz+iKn/ZuAaogvAxKbA=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "date": "2021-03-24 18:31:21"
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee4010.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee4010.json
deleted file mode 100644
index d979d1d0d..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee4010.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.0",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "GCX5nvOMK0hbiMB4AUyc25wI8fU="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "web_hook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "url": "http://www.emqx.io",
-                "method": "POST",
-                "headers": {
-                    "k": "v"
-                }
-            }
-        }
-    ],
-    "date": "2021-04-13 13:57:23",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee410.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee410.json
deleted file mode 100644
index e97427e01..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee410.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "atdwlByxL9/9P3CoFJ60drhodkY="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "webhook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "url": "http://www.emqx.io",
-                "method": "POST",
-                "headers": {
-                    "k": "v"
-                }
-            }
-        }
-    ],
-    "date": "2021-04-13 11:30:21",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee411.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee411.json
deleted file mode 100644
index ed7fab854..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee411.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-    "version": "4.1",
-    "users": [
-        {
-            "username": "admin",
-            "tags": "administrator",
-            "password": "tsYtP3TylchkM7J7YTc46Di0kPk="
-        }
-    ],
-    "schemas": [],
-    "rules": [],
-    "resources": [
-        {
-            "type": "web_hook",
-            "id": "web_hook",
-            "description": "webhook",
-            "created_at": null,
-            "config": {
-                "url": "http://www.emqx.io",
-                "method": "POST",
-                "headers": {
-                    "k": "v"
-                }
-            }
-        }
-    ],
-    "date": "2021-04-13 16:37:18",
-    "blacklist": [],
-    "auth_username": [],
-    "auth_mnesia": [],
-    "auth_clientid": [],
-    "apps": [
-        {
-            "status": true,
-            "secret": "public",
-            "name": "Default",
-            "id": "admin",
-            "expired": "undefined",
-            "desc": "Application user"
-        }
-    ],
-    "acl_mnesia": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee420.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee420.json
deleted file mode 100644
index 52ad0c83f..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee420.json
+++ /dev/null
@@ -1,92 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-04-13 11:35:13",
-    "modules": [
-        {
-            "id": "module:b9294d70",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:c7c7b692",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:486adc4b",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:411cf85d",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:127b92c3",
-            "type": "hot_confs",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        }
-    ],
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "headers": {
-                    "k": "v"
-                },
-                "method": "POST",
-                "url": "http://www.emqx.io"
-            },
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "bx1P63qGDhKvZYdltxX4NVY2kS4=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee425.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee425.json
deleted file mode 100644
index 46a1870bf..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee425.json
+++ /dev/null
@@ -1,102 +0,0 @@
-{
-    "version": "4.2",
-    "date": "2021-04-13 16:42:34",
-    "modules": [
-        {
-            "id": "module:3dc04a9c",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:5128901f",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:9d1596c8",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        },
-        {
-            "id": "module:43d43410",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": "undefined",
-            "description": ""
-        }
-    ],
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "connect_timeout": "5s",
-                "headers": {
-                    "k": "v"
-                },
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "method": "POST",
-                "pool_size": 8,
-                "request_timeout": "5s",
-                "url": "http://www.emqx.io",
-                "verify": false
-            },
-            "created_at": null,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "Hd8AMmbFs+LsqQXQxaV/WqLoGEk=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "schemas": [],
-    "configs": [],
-    "listeners_state": []
-}
\ No newline at end of file
diff --git a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee430.json b/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee430.json
deleted file mode 100644
index 36986f24b..000000000
--- a/apps/emqx_management/test/emqx_webhook_data_export_import_SUITE_data/ee430.json
+++ /dev/null
@@ -1,98 +0,0 @@
-{
-    "version": "4.3",
-    "rules": [],
-    "resources": [
-        {
-            "id": "webhook",
-            "type": "web_hook",
-            "config": {
-                "cacertfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "certfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "connect_timeout": "5s",
-                "keyfile": {
-                    "filename": "",
-                    "file": ""
-                },
-                "pool_size": 8,
-                "request_timeout": "5s",
-                "url": "http://www.emqx.io",
-                "verify": false
-            },
-            "created_at": 1618304340172,
-            "description": "webhook"
-        }
-    ],
-    "blacklist": [],
-    "apps": [
-        {
-            "id": "admin",
-            "secret": "public",
-            "name": "Default",
-            "desc": "Application user",
-            "status": true,
-            "expired": "undefined"
-        }
-    ],
-    "users": [
-        {
-            "username": "admin",
-            "password": "qq8hg9pOkmYiHqzi3+bcUaK2CGA=",
-            "tags": "administrator"
-        }
-    ],
-    "auth_mnesia": [],
-    "acl_mnesia": [],
-    "modules": [
-        {
-            "id": "module:aabeddbf",
-            "type": "recon",
-            "config": {},
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:cbe6d976",
-            "type": "internal_acl",
-            "config": {
-                "acl_rule_file": "etc/acl.conf"
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:46375e06",
-            "type": "retainer",
-            "config": {
-                "storage_type": "ram",
-                "max_retained_messages": 0,
-                "max_payload_size": "1MB",
-                "expiry_interval": 0
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        },
-        {
-            "id": "module:091eb7c3",
-            "type": "presence",
-            "config": {
-                "qos": 0
-            },
-            "enabled": true,
-            "created_at": 1618304311061,
-            "description": ""
-        }
-    ],
-    "schemas": [],
-    "configs": [],
-    "listeners_state": [],
-    "date": "2021-04-13 17:59:52"
-}
\ No newline at end of file

From d7c1cf6a5fbcdf4a4e06916eadf6d206075b94ca Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 13:52:41 +0800
Subject: [PATCH 110/174] chore(CI): delete compatibility test suite

---
 .github/workflows/run_cts_tests.yaml | 407 ---------------------------
 1 file changed, 407 deletions(-)
 delete mode 100644 .github/workflows/run_cts_tests.yaml

diff --git a/.github/workflows/run_cts_tests.yaml b/.github/workflows/run_cts_tests.yaml
deleted file mode 100644
index 487d8fae7..000000000
--- a/.github/workflows/run_cts_tests.yaml
+++ /dev/null
@@ -1,407 +0,0 @@
-name: Compatibility Test Suite
-
-on:
-  push:
-    tags:
-      - v*
-      - e*
-  pull_request:
-
-jobs:
-  ldap:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        ldap_tag:
-        - 2.4.50
-        network_type:
-        - ipv4
-        - ipv6
-
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker compose up
-        env:
-          LDAP_TAG: ${{ matrix.ldap_tag }}
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-ldap-tcp.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-      - name: setup
-        if: matrix.network_type == 'ipv4'
-        run: |
-          echo EMQX_AUTH__LDAP__SERVERS=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ldap) >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv6'
-        run: |
-          echo EMQX_AUTH__LDAP__SERVERS=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' ldap) >> "$GITHUB_ENV"
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
-          export HOCON_ENV_OVERRIDE_PREFIX=EMQX_
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_ldap"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_ldap-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_ldap${{ matrix.ldap_tag }}_${{ matrix.network_type }}
-          path: _build/test/logs
-
-  mongo:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        mongo_tag:
-        - 3
-        - 4
-        network_type:
-        - ipv4
-        - ipv6
-        connect_type:
-        - tls
-        - tcp
-
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker-compose up
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-mongo-${{ matrix.connect_type }}.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-      - name: setup
-        env:
-          MONGO_TAG: ${{ matrix.mongo_tag }}
-        if: matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__MONGO__SSL__ENABLE=on
-          EMQX_AUTH__MONGO__SSL__CACERTFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/ca.pem
-          EMQX_AUTH__MONGO__SSL__CERTFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-cert.pem
-          EMQX_AUTH__MONGO__SSL__KEYFILE=/emqx/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/client-key.pem
-          EMQX_AUTH__MONGO__SSL__VERIFY=true
-          EMQX_AUTH__MONGO__SSL__SERVER_NAME_INDICATION=disable
-          EOF
-      - name: setup
-        env:
-          MONGO_TAG: ${{ matrix.mongo_tag }}
-        if: matrix.connect_type == 'tcp'
-        run: |
-          echo EMQX_AUTH__MONGO__SSL__ENABLE=off >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv4'
-        run: |
-          echo "EMQX_AUTH__MONGO__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mongo):27017" >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv6'
-        run: |
-          echo "EMQX_AUTH__MONGO__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mongo):27017" >> "$GITHUB_ENV"
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
-          export HOCON_ENV_OVERRIDE_PREFIX=EMQX_
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_mongo"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_mongo-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_mongo${{ matrix.mongo_tag }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
-          path: _build/test/logs
-
-  mysql:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        mysql_tag:
-        - 5.7
-        - 8
-        network_type:
-        - ipv4
-        - ipv6
-        connect_type:
-        - tls
-        - tcp
-
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker-compose up
-        timeout-minutes: 5
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-mysql-${{ matrix.connect_type }}.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-          while [ $(docker ps -a --filter name=client --filter exited=0 | wc -l) \
-                 != $(docker ps -a --filter name=client | wc -l) ]; do
-              sleep 5
-          done
-      - name: setup
-        env:
-          MYSQL_TAG: ${{ matrix.mysql_tag }}
-        if: matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-            EMQX_AUTH__MYSQL__SSL__ENABLE=on
-            EMQX_AUTH__MYSQL__USERNAME=ssluser
-            EMQX_AUTH__MYSQL__PASSWORD=public
-            EMQX_AUTH__MYSQL__DATABASE=mqtt
-            EMQX_AUTH__MYSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem
-            EMQX_AUTH__MYSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-cert.pem
-            EMQX_AUTH__MYSQL__SSL__KEYFILE=/emqx/apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/client-key.pem
-            EMQX_AUTH__MYSQL__SSL__VERIFY=true
-            EMQX_AUTH__MYSQL__SSL__SERVER_NAME_INDICATION=disable
-          EOF
-      - name: setup
-        env:
-          MYSQL_TAG: ${{ matrix.mysql_tag }}
-        if: matrix.connect_type == 'tcp'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-            EMQX_AUTH__MYSQL__USERNAME=root
-            EMQX_AUTH__MYSQL__PASSWORD=public
-            EMQX_AUTH__MYSQL__DATABASE=mqtt
-            EMQX_AUTH__MYSQL__SSL__ENABLE=off
-          EOF
-      - name: setup
-        if: matrix.network_type == 'ipv4'
-        run: |
-          echo "EMQX_AUTH__MYSQL__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql):3306" >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv6'
-        run: |
-          echo "EMQX_AUTH__MYSQL__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' mysql):3306" >> "$GITHUB_ENV"
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
-          export HOCON_ENV_OVERRIDE_PREFIX=EMQX_
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_mysql"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_mysql-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_mysql${{ matrix.mysql_tag }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
-          path: _build/test/logs
-
-  pgsql:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        pgsql_tag:
-        - 9
-        - 10
-        - 11
-        - 12
-        - 13
-        network_type:
-        - ipv4
-        - ipv6
-        connect_type:
-        - tls
-        - tcp
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker-compose up
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-pgsql-${{ matrix.connect_type }}.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-      - name: setup
-        env:
-          PGSQL_TAG: ${{ matrix.pgsql_tag }}
-        if: matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__PGSQL__SSL__ENABLE=on
-          EMQX_AUTH__PGSQL__SSL__CACERTFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem
-          EMQX_AUTH__PGSQL__SSL__CERTFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-cert.pem
-          EMQX_AUTH__PGSQL__SSL__KEYFILE=/emqx/apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/client-key.pem
-          EMQX_AUTH__PGSQL__SSL__VERIFY=true
-          EMQX_AUTH__PGSQL__SSL__SERVER_NAME_INDICATION=disable
-          EOF
-      - name: setup
-        env:
-          PGSQL_TAG: ${{ matrix.pgsql_tag }}
-        if: matrix.connect_type == 'tcp'
-        run: |
-          echo EMQX_AUTH__PGSQL__SSL__ENABLE=off >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv4'
-        run: |
-          echo "EMQX_AUTH__PGSQL__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pgsql):5432" >> "$GITHUB_ENV"
-      - name: setup
-        if: matrix.network_type == 'ipv6'
-        run: |
-          echo "EMQX_AUTH__PGSQL__SERVER=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' pgsql):5432" >> "$GITHUB_ENV"
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export EMQX_AUTH__PGSQL__USERNAME=root \
-                 EMQX_AUTH__PGSQL__PASSWORD=public \
-                 EMQX_AUTH__PGSQL__DATABASE=mqtt \
-                 CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_ \
-                 HOCON_ENV_OVERRIDE_PREFIX=EMQX_
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_pgsql"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_pgsql-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_pgsql${{ matrix.pgsql_tag }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
-          path: _build/test/logs
-
-  redis:
-    runs-on: ubuntu-20.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        redis_tag:
-        - 5
-        - 6
-        network_type:
-        - ipv4
-        - ipv6
-        connect_type:
-        - tls
-        - tcp
-        node_type:
-        - single
-        - sentinel
-        - cluster
-        exclude:
-        - redis_tag: 5
-          connect_type: tls
-
-    steps:
-      - uses: actions/checkout@v1
-      - name: docker-compose up
-        run: |
-          docker-compose \
-            -f .ci/docker-compose-file/docker-compose-redis-${{ matrix.node_type }}-${{ matrix.connect_type }}.yaml \
-            -f .ci/docker-compose-file/docker-compose.yaml \
-            up -d --build
-      - name: setup
-        env:
-          REDIS_TAG: ${{ matrix.redis_tag }}
-        if: matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__SSL__ENABLE=on
-          EMQX_AUTH__REDIS__SSL__CACERTFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/ca.crt
-          EMQX_AUTH__REDIS__SSL__CERTFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.crt
-          EMQX_AUTH__REDIS__SSL__KEYFILE=/emqx/apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs/redis.key
-          EMQX_AUTH__REDIS__SSL__VERIFY=true
-          EMQX_AUTH__REDIS__SSL__SERVER_NAME_INDICATION=disable
-          EOF
-      - name: setup
-        env:
-          REDIS_TAG: ${{ matrix.redis_tag }}
-        if: matrix.connect_type == 'tcp'
-        run: |
-          echo EMQX_AUTH__REDIS__SSL__ENABLE=off >> "$GITHUB_ENV"
-      - name: get server address
-        run: |
-          ipv4_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' redis)
-          ipv6_address=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.GlobalIPv6Address}}{{end}}' redis)
-          cat <<-EOF >> "$GITHUB_ENV"
-          redis_ipv4_address=$ipv4_address
-          redis_ipv6_address=$ipv6_address
-          EOF
-      - name: setup
-        if: matrix.node_type == 'single' && matrix.connect_type == 'tcp'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=single
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:6379
-          EOF
-      - name: setup
-        if: matrix.node_type == 'single' && matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=single
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:6380
-          EOF
-      - name: setup
-        if: matrix.node_type == 'sentinel' && matrix.connect_type == 'tcp'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=sentinel
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:26379
-          EMQX_AUTH__REDIS__SENTINEL=mymaster
-          EOF
-      - name: setup
-        if: matrix.node_type == 'sentinel' && matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=sentinel
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:26380
-          EMQX_AUTH__REDIS__SENTINEL=mymaster
-          EOF
-      - name: setup
-        if: matrix.node_type == 'cluster' && matrix.connect_type == 'tcp'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=cluster
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:7000
-          EOF
-      - name: setup
-        if: matrix.node_type == 'cluster' && matrix.connect_type == 'tls'
-        run: |
-          cat <<-EOF >> "$GITHUB_ENV"
-          EMQX_AUTH__REDIS__TYPE=cluster
-          EMQX_AUTH__REDIS__SERVER=${redis_${{ matrix.network_type }}_address}:8000
-          EOF
-      - name: set git token
-        run: |
-          if make emqx-ee --dry-run > /dev/null 2>&1; then
-            docker exec -i erlang bash -c "echo \"https://ci%40emqx.io:${{ secrets.CI_GIT_TOKEN }}@github.com\" > /root/.git-credentials && git config --global credential.helper store"
-          fi
-      - name: run test cases
-        run: |
-          export CUTTLEFISH_ENV_OVERRIDE_PREFIX=EMQX_
-          export EMQX_AUTH__REIDS__PASSWORD=public
-          printenv > .env
-          docker exec -i erlang sh -c "make ensure-rebar3"
-          docker exec -i erlang sh -c "./rebar3 eunit --application=emqx_auth_redis"
-          docker exec --env-file .env -i erlang sh -c "make apps/emqx_auth_redis-ct"
-      - uses: actions/upload-artifact@v1
-        if: failure()
-        with:
-          name: logs_redis${{ matrix.redis_tag }}_${{ matrix.node_type }}_${{ matrix.network_type }}_${{ matrix.connect_type }}
-          path: _build/test/logs

From 1f7291380b0b01bccea0889c46897e12e9423604 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Fri, 25 Jun 2021 17:36:32 +0800
Subject: [PATCH 111/174] chore: delete internal acl code

---
 apps/emqx/src/emqx_access_rule.erl            | 152 ------------------
 apps/emqx/src/emqx_schema.erl                 |   3 +-
 apps/emqx/test/emqx_SUITE_data/loaded_modules |   3 +-
 .../emqx/test/emqx_access_SUITE_data/acl.conf |  15 --
 .../acl_deny_action.conf                      |   3 -
 apps/emqx/test/emqx_access_rule_SUITE.erl     |  97 -----------
 apps/emqx_coap/test/emqx_coap_SUITE.erl       |  23 ++-
 .../src/emqx_mod_acl_internal.erl             | 122 --------------
 apps/emqx_modules/src/emqx_modules.erl        |  18 ---
 .../test/emqx_mod_acl_internal_SUITE.erl      |  64 --------
 apps/emqx_modules/test/emqx_modules_SUITE.erl |   3 +-
 deploy/charts/emqx/values.yaml                |   1 -
 deploy/docker/README.md                       |   3 +-
 13 files changed, 19 insertions(+), 488 deletions(-)
 delete mode 100644 apps/emqx/src/emqx_access_rule.erl
 delete mode 100644 apps/emqx/test/emqx_access_SUITE_data/acl.conf
 delete mode 100644 apps/emqx/test/emqx_access_SUITE_data/acl_deny_action.conf
 delete mode 100644 apps/emqx/test/emqx_access_rule_SUITE.erl
 delete mode 100644 apps/emqx_modules/src/emqx_mod_acl_internal.erl
 delete mode 100644 apps/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl

diff --git a/apps/emqx/src/emqx_access_rule.erl b/apps/emqx/src/emqx_access_rule.erl
deleted file mode 100644
index 5a607dd16..000000000
--- a/apps/emqx/src/emqx_access_rule.erl
+++ /dev/null
@@ -1,152 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2017-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_access_rule).
-
-%% APIs
--export([ match/3
-        , compile/1
-        ]).
-
--export_type([rule/0]).
-
--type(acl_result() :: allow | deny).
-
--type(who() :: all | binary() |
-               {client, binary()} |
-               {user, binary()} |
-               {ipaddr, esockd_cidr:cidr_string()}).
-
--type(access() :: subscribe | publish | pubsub).
-
--type(rule() :: {acl_result(), all} |
-                {acl_result(), who(), access(), list(emqx_topic:topic())}).
-
--define(ALLOW_DENY(A), ((A =:= allow) orelse (A =:= deny))).
--define(PUBSUB(A), ((A =:= subscribe) orelse (A =:= publish) orelse (A =:= pubsub))).
-
-%% @doc Compile Access Rule.
-compile({A, all}) when ?ALLOW_DENY(A) ->
-    {A, all};
-
-compile({A, Who, Access, Topic}) when ?ALLOW_DENY(A), ?PUBSUB(Access), is_binary(Topic) ->
-    {A, compile(who, Who), Access, [compile(topic, Topic)]};
-
-compile({A, Who, Access, TopicFilters}) when ?ALLOW_DENY(A), ?PUBSUB(Access) ->
-    {A, compile(who, Who), Access, [compile(topic, Topic) || Topic <- TopicFilters]}.
-
-compile(who, all) ->
-    all;
-compile(who, {ipaddr, CIDR}) ->
-    {ipaddr, esockd_cidr:parse(CIDR, true)};
-compile(who, {client, all}) ->
-    {client, all};
-compile(who, {client, ClientId}) ->
-    {client, bin(ClientId)};
-compile(who, {user, all}) ->
-    {user, all};
-compile(who, {user, Username}) ->
-    {user, bin(Username)};
-compile(who, {'and', Conds}) when is_list(Conds) ->
-    {'and', [compile(who, Cond) || Cond <- Conds]};
-compile(who, {'or', Conds}) when is_list(Conds) ->
-    {'or', [compile(who, Cond) || Cond <- Conds]};
-
-compile(topic, {eq, Topic}) ->
-    {eq, emqx_topic:words(bin(Topic))};
-compile(topic, Topic) ->
-    Words = emqx_topic:words(bin(Topic)),
-    case pattern(Words) of
-        true  -> {pattern, Words};
-        false -> Words
-    end.
-
-pattern(Words) ->
-    lists:member(<<"%u">>, Words) orelse lists:member(<<"%c">>, Words).
-
-bin(L) when is_list(L) ->
-    list_to_binary(L);
-bin(B) when is_binary(B) ->
-    B.
-
-%% @doc Match access rule
--spec(match(emqx_types:clientinfo(), emqx_types:topic(), rule())
-      -> {matched, allow} | {matched, deny} | nomatch).
-match(_ClientInfo, _Topic, {AllowDeny, all}) when ?ALLOW_DENY(AllowDeny) ->
-    {matched, AllowDeny};
-match(ClientInfo, Topic, {AllowDeny, Who, _PubSub, TopicFilters})
-    when ?ALLOW_DENY(AllowDeny) ->
-    case match_who(ClientInfo, Who)
-         andalso match_topics(ClientInfo, Topic, TopicFilters) of
-        true  -> {matched, AllowDeny};
-        false -> nomatch
-    end.
-
-match_who(_ClientInfo, all) ->
-    true;
-match_who(_ClientInfo, {user, all}) ->
-    true;
-match_who(_ClientInfo, {client, all}) ->
-    true;
-match_who(#{clientid := ClientId}, {client, ClientId}) ->
-    true;
-match_who(#{username := Username}, {user, Username}) ->
-    true;
-match_who(#{peerhost := undefined}, {ipaddr, _Tup}) ->
-    false;
-match_who(#{peerhost := IP}, {ipaddr, CIDR}) ->
-    esockd_cidr:match(IP, CIDR);
-match_who(ClientInfo, {'and', Conds}) when is_list(Conds) ->
-    lists:foldl(fun(Who, Allow) ->
-                  match_who(ClientInfo, Who) andalso Allow
-                end, true, Conds);
-match_who(ClientInfo, {'or', Conds}) when is_list(Conds) ->
-    lists:foldl(fun(Who, Allow) ->
-                  match_who(ClientInfo, Who) orelse Allow
-                end, false, Conds);
-match_who(_ClientInfo, _Who) ->
-    false.
-
-match_topics(_ClientInfo, _Topic, []) ->
-    false;
-match_topics(ClientInfo, Topic, [{pattern, PatternFilter}|Filters]) ->
-    TopicFilter = feed_var(ClientInfo, PatternFilter),
-    match_topic(emqx_topic:words(Topic), TopicFilter)
-        orelse match_topics(ClientInfo, Topic, Filters);
-match_topics(ClientInfo, Topic, [TopicFilter|Filters]) ->
-   match_topic(emqx_topic:words(Topic), TopicFilter)
-       orelse match_topics(ClientInfo, Topic, Filters).
-
-match_topic(Topic, {eq, TopicFilter}) ->
-    Topic == TopicFilter;
-match_topic(Topic, TopicFilter) ->
-    emqx_topic:match(Topic, TopicFilter).
-
-feed_var(ClientInfo, Pattern) ->
-    feed_var(ClientInfo, Pattern, []).
-feed_var(_ClientInfo, [], Acc) ->
-    lists:reverse(Acc);
-feed_var(ClientInfo = #{clientid := undefined}, [<<"%c">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [<<"%c">>|Acc]);
-feed_var(ClientInfo = #{clientid := ClientId}, [<<"%c">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [ClientId |Acc]);
-feed_var(ClientInfo = #{username := undefined}, [<<"%u">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [<<"%u">>|Acc]);
-feed_var(ClientInfo = #{username := Username}, [<<"%u">>|Words], Acc) ->
-    feed_var(ClientInfo, Words, [Username|Acc]);
-feed_var(ClientInfo, [W|Words], Acc) ->
-    feed_var(ClientInfo, Words, [W|Acc]).
-
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 8c1967ed3..83e611ee0 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -823,8 +823,7 @@ tr_modules(Conf) ->
         [{emqx_mod_subscription, Subscriptions()}],
         [{emqx_mod_rewrite, Rewrites()}],
         [{emqx_mod_topic_metrics, []}],
-        [{emqx_mod_delayed, []}],
-        [{emqx_mod_acl_internal, [{acl_file, conf_get("acl.acl_file", Conf)}]}]
+        [{emqx_mod_delayed, []}]
     ]).
 
 tr_sysmon(Conf) ->
diff --git a/apps/emqx/test/emqx_SUITE_data/loaded_modules b/apps/emqx/test/emqx_SUITE_data/loaded_modules
index 49effa0c5..f31e47900 100644
--- a/apps/emqx/test/emqx_SUITE_data/loaded_modules
+++ b/apps/emqx/test/emqx_SUITE_data/loaded_modules
@@ -1,2 +1 @@
-{emqx_mod_acl_internal, true}.
-{emqx_mod_presence, true}.
\ No newline at end of file
+{emqx_mod_presence, true}.
diff --git a/apps/emqx/test/emqx_access_SUITE_data/acl.conf b/apps/emqx/test/emqx_access_SUITE_data/acl.conf
deleted file mode 100644
index e5730b4c5..000000000
--- a/apps/emqx/test/emqx_access_SUITE_data/acl.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-{allow, {ipaddr, "127.0.0.1"}, subscribe, ["$SYS/#", "#"]}.
-
-{allow, {user, "testuser"}, subscribe, ["a/b/c", "d/e/f/#"]}.
-
-{allow, {user, "admin"}, pubsub, ["a/b/c", "d/e/f/#"]}.
-
-{allow, {client, "testClient"}, subscribe, ["testTopics/testClient"]}.
-
-{allow, all, subscribe, ["clients/%c"]}.
-
-{allow, all, pubsub, ["users/%u/#"]}.
-
-{deny, all, subscribe, ["$SYS/#", "#"]}.
-
-{deny, all}.
diff --git a/apps/emqx/test/emqx_access_SUITE_data/acl_deny_action.conf b/apps/emqx/test/emqx_access_SUITE_data/acl_deny_action.conf
deleted file mode 100644
index c7f933ce7..000000000
--- a/apps/emqx/test/emqx_access_SUITE_data/acl_deny_action.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-{deny, {user, "emqx"}, pubsub, ["acl_deny_action"]}.
-{deny, {user, "pub_deny"}, publish, ["pub_deny"]}.
-{allow, all}.
\ No newline at end of file
diff --git a/apps/emqx/test/emqx_access_rule_SUITE.erl b/apps/emqx/test/emqx_access_rule_SUITE.erl
deleted file mode 100644
index 93c84a958..000000000
--- a/apps/emqx/test/emqx_access_rule_SUITE.erl
+++ /dev/null
@@ -1,97 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2019-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_access_rule_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("eunit/include/eunit.hrl").
-
-all() -> emqx_ct:all(?MODULE).
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:boot_modules([router, broker]),
-    emqx_ct_helpers:start_apps([]),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([]).
-
-t_compile(_) ->
-    Rule1 = {allow, all, pubsub, <<"%u">>},
-    Compile1 = {allow, all, pubsub, [{pattern,[<<"%u">>]}]},
-
-    Rule2 = {allow, {ipaddr, "127.0.0.1"}, pubsub, <<"%c">>},
-    Compile2 = {allow, {ipaddr, {{127,0,0,1}, {127,0,0,1}, 32}}, pubsub, [{pattern,[<<"%c">>]}]},
-
-    Rule3 = {allow, {'and', [{client, <<"testClient">>}, {user, <<"testUser">>}]}, pubsub, [<<"testTopics1">>,  <<"testTopics2">>]},
-    Compile3 = {allow, {'and', [{client, <<"testClient">>}, {user, <<"testUser">>}]}, pubsub, [[<<"testTopics1">>],  [<<"testTopics2">>]]},
-
-    Rule4 = {allow, {'or', [{client, all}, {user, all}]}, pubsub, [ <<"testTopics1">>,  <<"testTopics2">>]},
-    Compile4 = {allow, {'or', [{client, all}, {user, all}]}, pubsub, [[<<"testTopics1">>],  [<<"testTopics2">>]]},
-
-    ?assertEqual(Compile1, emqx_access_rule:compile(Rule1)),
-    ?assertEqual(Compile2, emqx_access_rule:compile(Rule2)),
-    ?assertEqual(Compile3, emqx_access_rule:compile(Rule3)),
-    ?assertEqual(Compile4, emqx_access_rule:compile(Rule4)).
-
-t_match(_) ->
-    ClientInfo1 = #{zone => external,
-                    clientid => <<"testClient">>,
-                    username => <<"TestUser">>,
-                    peerhost => {127,0,0,1}
-                   },
-    ClientInfo2 = #{zone => external,
-                    clientid => <<"testClient">>,
-                    username => <<"TestUser">>,
-                    peerhost => {192,168,0,10}
-                   },
-    ClientInfo3 = #{zone => external,
-                    clientid => <<"testClient">>,
-                    username => <<"TestUser">>,
-                    peerhost => undefined
-                   },
-    ?assertEqual({matched, deny}, emqx_access_rule:match([], [], {deny, all})),
-    ?assertEqual({matched, allow}, emqx_access_rule:match([], [], {allow, all})),
-    ?assertEqual(nomatch, emqx_access_rule:match(ClientInfo1, <<"Test/Topic">>,
-                                                    emqx_access_rule:compile({allow, {user, all}, pubsub, []}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"Test/Topic">>,
-                                                            emqx_access_rule:compile({allow, {client, all}, pubsub, ["$SYS/#", "#"]}))),
-    ?assertEqual(nomatch, emqx_access_rule:match(ClientInfo3, <<"Test/Topic">>,
-                                                    emqx_access_rule:compile({allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"Test/Topic">>,
-                                                            emqx_access_rule:compile({allow, {ipaddr, "127.0.0.1"}, subscribe, ["$SYS/#", "#"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo2, <<"Test/Topic">>,
-                                                            emqx_access_rule:compile({allow, {ipaddr, "192.168.0.1/24"}, subscribe, ["$SYS/#", "#"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"d/e/f/x">>,
-                                                            emqx_access_rule:compile({allow, {user, "TestUser"}, subscribe, ["a/b/c", "d/e/f/#"]}))),
-    ?assertEqual(nomatch, emqx_access_rule:match(ClientInfo1, <<"d/e/f/x">>,
-                                                    emqx_access_rule:compile({allow, {user, "admin"}, pubsub, ["d/e/f/#"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"testTopics/testClient">>,
-                                                            emqx_access_rule:compile({allow, {client, "testClient"}, publish, ["testTopics/testClient"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"clients/testClient">>,
-                                                            emqx_access_rule:compile({allow, all, pubsub, ["clients/%c"]}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(#{username => <<"user2">>}, <<"users/user2/abc/def">>,
-                                                            emqx_access_rule:compile({allow, all, subscribe, ["users/%u/#"]}))),
-    ?assertEqual({matched, deny}, emqx_access_rule:match(ClientInfo1, <<"d/e/f">>,
-                                                            emqx_access_rule:compile({deny, all, subscribe, ["$SYS/#", "#"]}))),
-    ?assertEqual(nomatch, emqx_access_rule:match(ClientInfo1, <<"Topic">>,
-                                                    emqx_access_rule:compile({allow, {'and', [{ipaddr, "127.0.0.1"}, {user, <<"WrongUser">>}]}, publish, <<"Topic">>}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"Topic">>,
-                                                            emqx_access_rule:compile({allow, {'and', [{ipaddr, "127.0.0.1"}, {user, <<"TestUser">>}]}, publish, <<"Topic">>}))),
-    ?assertEqual({matched, allow}, emqx_access_rule:match(ClientInfo1, <<"Topic">>,
-                                                            emqx_access_rule:compile({allow, {'or', [{ipaddr, "127.0.0.1"}, {user, <<"WrongUser">>}]}, publish, ["Topic"]}))).
diff --git a/apps/emqx_coap/test/emqx_coap_SUITE.erl b/apps/emqx_coap/test/emqx_coap_SUITE.erl
index 440b80ebd..73c9ef162 100644
--- a/apps/emqx_coap/test/emqx_coap_SUITE.erl
+++ b/apps/emqx_coap/test/emqx_coap_SUITE.erl
@@ -266,11 +266,18 @@ t_kick_1(_Config) ->
 
 % mqtt connection kicked by coap with same client id
 t_acl(Config) ->
-    %% Update acl file and reload mod_acl_internal
-    Path = filename:join([testdir(proplists:get_value(data_dir, Config)), "deny.conf"]),
-    ok = file:write_file(Path, <<"{deny, {user, \"coap\"}, publish, [\"abc\"]}.">>),
-    OldPath = emqx:get_env(acl_file),
-    emqx_mod_acl_internal:reload([{acl_file, Path}]),
+    OldPath = emqx:get_env(plugins_etc_dir),
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
+    Conf = #{<<"authz">> =>
+             #{<<"rules">> =>
+               [#{<<"principal">> =>#{<<"username">> => <<"coap">>},
+                  <<"permission">> => deny,
+                  <<"topics">> => [<<"abc">>],
+                  <<"action">> => <<"publish">>}
+               ]}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    application:ensure_all_started(emqx_authz),
 
     emqx:subscribe(<<"abc">>),
     URI = "coap://127.0.0.1/mqtt/adbc?c=client1&u=coap&p=secret",
@@ -282,9 +289,9 @@ t_acl(Config) ->
         ok
     end,
 
-    application:set_env(emqx, acl_file, OldPath),
-    file:delete(Path),
-    emqx_mod_acl_internal:reload([{acl_file, OldPath}]).
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
+    application:set_env(emqx, plugins_etc_dir, OldPath),
+    application:stop(emqx_authz).
 
 t_stats(_) ->
     ok.
diff --git a/apps/emqx_modules/src/emqx_mod_acl_internal.erl b/apps/emqx_modules/src/emqx_mod_acl_internal.erl
deleted file mode 100644
index 8956229ea..000000000
--- a/apps/emqx_modules/src/emqx_mod_acl_internal.erl
+++ /dev/null
@@ -1,122 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mod_acl_internal).
-
--behaviour(emqx_gen_mod).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--logger_header("[ACL_INTERNAL]").
-
-%% APIs
--export([ check_acl/5
-        , rules_from_file/1
-        ]).
-
-%% emqx_gen_mod callbacks
--export([ load/1
-        , unload/1
-        , reload/1
-        , description/0
-        ]).
-
--type(acl_rules() :: #{publish   => [emqx_access_rule:rule()],
-                       subscribe => [emqx_access_rule:rule()]}).
-
-%%--------------------------------------------------------------------
-%% API
-%%--------------------------------------------------------------------
-
-load(Env) ->
-    Rules = rules_from_file(proplists:get_value(acl_file, Env)),
-    emqx_hooks:add('client.check_acl', {?MODULE, check_acl, [Rules]},  -1).
-
-unload(_Env) ->
-    emqx_hooks:del('client.check_acl', {?MODULE, check_acl}).
-
-reload(Env) ->
-    emqx_acl_cache:is_enabled() andalso (
-        lists:foreach(
-            fun(Pid) -> erlang:send(Pid, clean_acl_cache) end,
-        emqx_cm:all_channels())),
-    unload(Env), load(Env).
-
-description() ->
-    "EMQ X Internal ACL Module".
-%%--------------------------------------------------------------------
-%% ACL callbacks
-%%--------------------------------------------------------------------
-
-%% @doc Check ACL
--spec(check_acl(emqx_types:clientinfo(), emqx_types:pubsub(), emqx_topic:topic(),
-                emqx_access_rule:acl_result(), acl_rules())
-      -> {ok, allow} | {ok, deny} | ok).
-check_acl(Client, PubSub, Topic, _AclResult, Rules) ->
-    case match(Client, Topic, lookup(PubSub, Rules)) of
-        {matched, allow} -> {ok, allow};
-        {matched, deny}  -> {ok, deny};
-        nomatch          -> ok
-    end.
-
-%%--------------------------------------------------------------------
-%% Internal Functions
-%%--------------------------------------------------------------------
-lookup(PubSub, Rules) ->
-    maps:get(PubSub, Rules, []).
-
-match(_Client, _Topic, []) ->
-    nomatch;
-match(Client, Topic, [Rule|Rules]) ->
-    case emqx_access_rule:match(Client, Topic, Rule) of
-        nomatch ->
-            match(Client, Topic, Rules);
-        {matched, AllowDeny} ->
-            {matched, AllowDeny}
-    end.
-
--spec(rules_from_file(file:filename()) -> map()).
-rules_from_file(AclFile) ->
-    case file:consult(AclFile) of
-        {ok, Terms} ->
-            Rules = [emqx_access_rule:compile(Term) || Term <- Terms],
-            #{publish   => [Rule || Rule <- Rules, filter(publish, Rule)],
-              subscribe => [Rule || Rule <- Rules, filter(subscribe, Rule)]};
-        {error, eacces} ->
-            ?LOG(alert, "Insufficient permissions to read the ~s file", [AclFile]),
-            #{};
-        {error, enoent} ->
-            ?LOG(alert, "The ~s file does not exist", [AclFile]),
-            #{};
-        {error, Reason} ->
-            ?LOG(alert, "Failed to read ~s: ~p", [AclFile, Reason]),
-            #{}
-    end.
-
-filter(_PubSub, {allow, all}) ->
-    true;
-filter(_PubSub, {deny, all}) ->
-    true;
-filter(publish, {_AllowDeny, _Who, publish, _Topics}) ->
-    true;
-filter(_PubSub, {_AllowDeny, _Who, pubsub, _Topics}) ->
-    true;
-filter(subscribe, {_AllowDeny, _Who, subscribe, _Topics}) ->
-    true;
-filter(_PubSub, {_AllowDeny, _Who, _, _Topics}) ->
-    false.
-
diff --git a/apps/emqx_modules/src/emqx_modules.erl b/apps/emqx_modules/src/emqx_modules.erl
index 3de9c6ba3..262e700ab 100644
--- a/apps/emqx_modules/src/emqx_modules.erl
+++ b/apps/emqx_modules/src/emqx_modules.erl
@@ -80,17 +80,6 @@ unload(ModuleName) ->
     end.
 
 -spec(reload(module()) -> ok | ignore | {error, any()}).
-reload(emqx_mod_acl_internal) ->
-    Modules = emqx:get_env(modules, []),
-    Env = proplists:get_value(emqx_mod_acl_internal, Modules, undefined),
-    case emqx_mod_acl_internal:reload(Env) of
-        ok ->
-            ?LOG(info, "Reload ~s module successfully.", [emqx_mod_acl_internal]),
-            ok;
-        {error, Error} ->
-            ?LOG(error, "Reload module ~s failed, cannot start for ~0p", [emqx_mod_acl_internal, Error]),
-            {error, Error}
-    end;
 reload(_) ->
     ignore.
 
@@ -197,13 +186,6 @@ cli(["unload", Name]) ->
             emqx_ctl:print("Unload module ~s error: ~p.~n", [Name, Reason])
     end;
 
-cli(["reload", "emqx_mod_acl_internal" = Name]) ->
-    case emqx_modules:reload(list_to_atom(Name)) of
-        ok ->
-            emqx_ctl:print("Module ~s reloaded successfully.~n", [Name]);
-        {error, Reason} ->
-            emqx_ctl:print("Reload module ~s error: ~p.~n", [Name, Reason])
-    end;
 cli(["reload", Name]) ->
     emqx_ctl:print("Module: ~p does not need to be reloaded.~n", [Name]);
 
diff --git a/apps/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl b/apps/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl
deleted file mode 100644
index 3edcd31fa..000000000
--- a/apps/emqx_modules/test/emqx_mod_acl_internal_SUITE.erl
+++ /dev/null
@@ -1,64 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mod_acl_internal_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx_mqtt.hrl").
--include_lib("eunit/include/eunit.hrl").
-
-all() -> emqx_ct:all(?MODULE).
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:boot_modules(all),
-    emqx_ct_helpers:start_apps([]),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([]).
-
-t_load_unload(_) ->
-    ?assertEqual(ok, emqx_mod_acl_internal:unload([])),
-    ?assertEqual(ok, emqx_mod_acl_internal:load([])),
-    ?assertEqual({error,already_exists}, emqx_mod_acl_internal:load([])).
-
-t_check_acl(_) ->
-    Rules=#{publish => [{allow,all}], subscribe => [{deny, all}]},
-    ?assertEqual({ok, allow}, emqx_mod_acl_internal:check_acl(clientinfo(), publish,  <<"t">>, [], Rules)),
-    ?assertEqual({ok, deny}, emqx_mod_acl_internal:check_acl(clientinfo(), subscribe,  <<"t">>, [], Rules)),
-    ?assertEqual(ok, emqx_mod_acl_internal:check_acl(clientinfo(), connect,  <<"t">>, [], Rules)).
-
-t_reload_acl(_) ->
-    ?assertEqual(ok, emqx_mod_acl_internal:reload([])).
-
-%%--------------------------------------------------------------------
-%% Helper functions
-%%--------------------------------------------------------------------
-
-clientinfo() -> clientinfo(#{}).
-clientinfo(InitProps) ->
-    maps:merge(#{zone       => zone,
-                 protocol   => mqtt,
-                 peerhost   => {127,0,0,1},
-                 clientid   => <<"clientid">>,
-                 username   => <<"username">>,
-                 password   => <<"passwd">>,
-                 is_superuser => false,
-                 peercert   => undefined,
-                 mountpoint => undefined
-                }, InitProps).
diff --git a/apps/emqx_modules/test/emqx_modules_SUITE.erl b/apps/emqx_modules/test/emqx_modules_SUITE.erl
index dc76e8eb7..0ce8b0c5f 100644
--- a/apps/emqx_modules/test/emqx_modules_SUITE.erl
+++ b/apps/emqx_modules/test/emqx_modules_SUITE.erl
@@ -49,8 +49,7 @@ t_load(_) ->
     ?assertEqual(ok, emqx_modules:load()),
     ?assertEqual({error, not_found}, emqx_modules:load(not_existed_module)),
     ?assertEqual({error, not_started}, emqx_modules:unload(emqx_mod_rewrite)),
-    ?assertEqual(ignore, emqx_modules:reload(emqx_mod_rewrite)),
-    ?assertEqual(ok, emqx_modules:reload(emqx_mod_acl_internal)).
+    ?assertEqual(ignore, emqx_modules:reload(emqx_mod_rewrite)).
 
 t_list(_) ->
     ?assertMatch([{_, _} | _ ], emqx_modules:list()).
diff --git a/deploy/charts/emqx/values.yaml b/deploy/charts/emqx/values.yaml
index 0e6f24a66..3e145aafe 100644
--- a/deploy/charts/emqx/values.yaml
+++ b/deploy/charts/emqx/values.yaml
@@ -87,7 +87,6 @@ emqxLoadedPlugins: >
   {emqx_bridge_mqtt, false}.
 
 emqxLoadedModules: >
-  {emqx_mod_acl_internal, true}.
   {emqx_mod_presence, true}.
   {emqx_mod_delayed, false}.
   {emqx_mod_rewrite, false}.
diff --git a/deploy/docker/README.md b/deploy/docker/README.md
index 17fea2c9d..ac494b430 100644
--- a/deploy/docker/README.md
+++ b/deploy/docker/README.md
@@ -97,12 +97,11 @@ For example, set mqtt tcp port to 1883
 
 Default environment variable ``EMQX_LOADED_MODULES``, including
 
-+ ``emqx_mod_acl_internal``
 + ``emqx_mod_presence``
 
 ```bash
 # The default EMQX_LOADED_MODULES env
-EMQX_LOADED_MODULES="emqx_mod_acl_internal,emqx_mod_acl_internal"
+EMQX_LOADED_MODULES="emqx_mod_presence"
 ```
 
 For example, set ``EMQX_LOADED_MODULES=emqx_mod_delayed,emqx_mod_rewrite`` to load these two modules.

From d0d14f7a0289f07c08dc6fa7d3e730853437d6ba Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Mon, 28 Jun 2021 09:24:57 +0800
Subject: [PATCH 112/174] chore(plugins): rm emqx-lua-hook plugin

---
 apps/emqx_lua_hook/.gitignore                 |  19 -
 apps/emqx_lua_hook/README.md                  | 338 ---------
 apps/emqx_lua_hook/etc/emqx_lua_hook.conf     |   4 -
 apps/emqx_lua_hook/examples.lua               |  71 --
 apps/emqx_lua_hook/include/emqx_lua_hook.hrl  |  18 -
 apps/emqx_lua_hook/priv/emqx_lua_hook.schema  |   1 -
 apps/emqx_lua_hook/rebar.config               |  21 -
 apps/emqx_lua_hook/src/emqx_lua_hook.app.src  |  14 -
 apps/emqx_lua_hook/src/emqx_lua_hook.erl      | 199 -----
 apps/emqx_lua_hook/src/emqx_lua_hook_app.erl  |  40 -
 apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl  |  88 ---
 apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl  |  35 -
 apps/emqx_lua_hook/src/emqx_lua_script.erl    | 342 ---------
 .../test/emqx_lua_hook_SUITE.erl              | 693 ------------------
 rebar.config.erl                              |   4 +-
 15 files changed, 1 insertion(+), 1886 deletions(-)
 delete mode 100644 apps/emqx_lua_hook/.gitignore
 delete mode 100644 apps/emqx_lua_hook/README.md
 delete mode 100644 apps/emqx_lua_hook/etc/emqx_lua_hook.conf
 delete mode 100644 apps/emqx_lua_hook/examples.lua
 delete mode 100644 apps/emqx_lua_hook/include/emqx_lua_hook.hrl
 delete mode 100644 apps/emqx_lua_hook/priv/emqx_lua_hook.schema
 delete mode 100644 apps/emqx_lua_hook/rebar.config
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook.app.src
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook.erl
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook_app.erl
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl
 delete mode 100644 apps/emqx_lua_hook/src/emqx_lua_script.erl
 delete mode 100644 apps/emqx_lua_hook/test/emqx_lua_hook_SUITE.erl

diff --git a/apps/emqx_lua_hook/.gitignore b/apps/emqx_lua_hook/.gitignore
deleted file mode 100644
index af616ea1a..000000000
--- a/apps/emqx_lua_hook/.gitignore
+++ /dev/null
@@ -1,19 +0,0 @@
-deps/
-ebin/
-_rel/
-.erlang.mk/
-*.d
-data/
-*.iml
-.idea/
-logs/
-*.beam
-.DS_Store
-erlang.mk
-_build/
-rebar.lock
-rebar3.crashdump
-bbmustache/
-*.conf.rendered
-.rebar3
-*.swp
diff --git a/apps/emqx_lua_hook/README.md b/apps/emqx_lua_hook/README.md
deleted file mode 100644
index a3f65a094..000000000
--- a/apps/emqx_lua_hook/README.md
+++ /dev/null
@@ -1,338 +0,0 @@
-
-# emqx-lua-hook
-
-This plugin makes it possible to write hooks in lua scripts.
-
-Lua virtual machine is implemented by [luerl](https://github.com/rvirding/luerl) which supports Lua 5.2. Following features may not work properly:
-* label and goto
-* tail-call optimisation in return
-* only limited standard libraries
-* proper handling of `__metatable`
-
-For the supported functions, please refer to luerl's [project page](https://github.com/rvirding/luerl).
-
-Lua scripts are stored in 'data/scripts' directory, and will be loaded automatically. If a script is changed during runtime, it should be reloaded to take effect.
-
-Each lua script could export several functions binding with emqx hooks, triggered by message publish, topic subscribe, client connect, etc. Different lua scripts may export same type function, binding with a same event. But their order being triggered is not guaranteed.
-
-To start this plugin, run following command:
-
-```shell
-bin/emqx_ctl plugins load emqx_lua_hook
-```
-
-
-## NOTE
-
-* Since lua VM is run on erlang VM, its performance is poor. Please do NOT write long or complicated lua scripts which may degrade entire system.
-* It's hard to debug lua script in emqx environment. Recommended to unit test your lua script in your host first. If everything is OK, deploy it to emqx 'data/scripts' directory.
-* Global variable will lost its value for each call. Do NOT use global variable in lua scripts.
-
-
-# Example
-
-Suppose your emqx is installed in /emqx, and the lua script directory should be /emqx/data/scripts.
-
-Make a new file called "test.lua" and put following code into this file:
-
-```lua
-function on_message_publish(clientid, username, topic, payload, qos, retain)
-    return topic, "hello", qos, retain
-end
-
-function register_hook()
-    return "on_message_publish"
-end
-```
-
-Execute following command to start emq-lua-hook and load scripts in 'data/scripts' directory.
-
-```
-/emqx/bin/emqx_ctl plugins load emqx_lua_hook
-```
-
-Now let's take a look at what will happend.
-
-- Start a mqtt client, such as mqtt.fx.
-- Subscribe a topic="a/b".
-- Send a message, topic="a/b", payload="123"
-- Subscriber will get a message with topic="a/b" and payload="hello". test.lua modifies the payload.
-
-If there are "test1.lua", "test2.lua" and "test3.lua" in /emqx/data/scripts, all these files will be loaded once emq-lua-hook get started.
-
-If test2.lua has been changed, restart emq-lua-hook to reload all scripts, or execute following command to reload test2.lua only:
-
-```
-/emqx/bin/emqx_ctl luahook reload test2.lua
-```
-
-
-# Hook API
-
-You can find all example codes in the `examples.lua` file.
-
-## on_client_connected
-
-```lua
-function on_client_connected(clientId, userName, returncode)
-    return 0
-end
-```
-This API is called after a mqtt client has establish a connection with broker.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* returncode : a string, has following values
-    - success : Connection accepted
-    - Others is failed reason
-
-### Output
-Needless
-
-## on_client_disconnected
-
-```lua
-function on_client_disconnected(clientId, username, error)
-    return
-end
-```
-This API is called after a mqtt client has disconnected.
-
-### Input
-* clientId : a string, mqtt client id.
-* username : a string mqtt username
-* error :   a string, denote the disconnection reason.
-
-### Output
-Needless
-
-## on_client_subscribe
-
-```lua
-function on_client_subscribe(clientId, username, topic)
-    -- do your job here
-    if some_condition then
-        return new_topic
-    else
-        return false
-    end
-end
-```
-This API is called before mqtt engine process client's subscribe command. It is possible to change topic or cancel it.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt message's topic
-
-### Output
-* new_topic :   a string, change mqtt message's topic
-* false :    cancel subscription
-
-
-## on_client_unsubscribe
-
-```lua
- function on_client_unsubscribe(clientId, username, topic)
-    -- do your job here
-    if some_condition then
-        return new_topic
-    else
-        return false
-    end
-end
-```
-This API is called before mqtt engine process client's unsubscribe command. It is possible to change topic or cancel it.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt message's topic
-
-### Output
-* new_topic :   a string, change mqtt message's topic
-* false :    cancel unsubscription
-
-
-## on_session_subscribed
-
-```lua
-function on_session_subscribed(ClientId, Username, Topic)
-    return
-end
-```
-This API is called after a subscription has been done.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt's topic filter.
-
-### Output
-Needless
-
-
-## on_session_unsubscribed
-
-```lua
-function on_session_unsubscribed(clientid, username, topic)
-    return
-end
-```
-This API is called after a unsubscription has been done.
-
-### Input
-* clientid : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt's topic filter.
-
-### Output
-Needless
-
-## on_message_delivered
-
-```lua
-function on_message_delivered(clientid, username, topic, payload, qos, retain)
-    -- do your job here
-    return topic, payload, qos, retain
-end
-```
-This API is called after a message has been pushed to mqtt clients.
-
-### Input
-* clientId : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt message's topic
-* payload :  a string, mqtt message's payload
-* qos :     a number, mqtt message's QOS (0, 1, 2)
-* retain :   a boolean, mqtt message's retain flag
-
-### Output
-Needless
-
-## on_message_acked
-
-```lua
-function on_message_acked(clientId, username, topic, payload, qos, retain)
-    return
-end
-```
-This API is called after a message has been acknowledged.
-
-### Input
-* clientId : a string, mqtt client id.
-* username : a string mqtt username
-* topic :   a string, mqtt message's topic
-* payload :  a string, mqtt message's payload
-* qos :     a number, mqtt message's QOS (0, 1, 2)
-* retain :   a boolean, mqtt message's retain flag
-
-### Output
-Needless
-
-## on_message_publish
-
-```lua
-function on_message_publish(clientid, username, topic, payload, qos, retain)
-    -- do your job here
-    if some_condition then
-        return new_topic, new_payload, new_qos, new_retain
-    else
-        return false
-    end
-end
-```
-This API is called before publishing message into mqtt engine. It's possible to change message or cancel publish in this API.
-
-### Input
-* clientid : a string, mqtt client id of publisher.
-* username : a string, mqtt username of publisher
-* topic :   a string, mqtt message's topic
-* payload :  a string, mqtt message's payload
-* qos :     a number, mqtt message's QOS (0, 1, 2)
-* retain :   a boolean, mqtt message's retain flag
-
-### Output
-* new_topic :   a string, change mqtt message's topic
-* new_payload :  a string, change mqtt message's payload
-* new_qos :      a number, change mqtt message's QOS
-* new_retain :   a boolean, change mqtt message's retain flag
-* false :        cancel publishing this mqtt message
-
-## register_hook
-
-```lua
-function register_hook()
-    return "hook_name"
-end
-
--- Or register multiple callbacks
-
-function register_hook()
-    return "hook_name1", "hook_name2", ... , "hook_nameX"
-end
-```
-
-This API exports hook(s) implemented in its lua script.
-
-### Output
-* hook_name must be a string, which is equal to the hook API(s) implemented. Possible values:
- - "on_client_connected"
- - "on_client_disconnected"
- - "on_client_subscribe"
- - "on_client_unsubscribe"
- - "on_session_subscribed"
- - "on_session_unsubscribed"
- - "on_message_delivered"
- - "on_message_acked"
- - "on_message_publish"
-
-# management command
-
-## load
-
-```shell
-emqx_ctl luahook load script_name
-```
-This command will load lua file "script_name" in 'data/scripts' directory, into emqx hook.
-
-## unload
-
-```shell
-emqx_ctl luahook unload script_name
-```
-This command will unload lua file "script_name" out of emqx hook.
-
-## reload
-
-```shell
-emqx_ctl luahook reload script_name
-```
-This command will reload lua file "script_name" in 'data/scripts'. It is useful if a lua script has been modified and apply it immediately.
-
-## enable
-
-```shell
-emqx_ctl luahook enable script_name
-```
-This command will rename lua file "script_name.x" to "script_name", and load it immediately.
-
-## disable
-
-```shell
-emqx_ctl luahook disable script_name
-```
-This command will unload this script, and rename lua file "script_name" to "script_name.x", which will not be loaded during next boot.
-
-
-License
--------
-
-Apache License Version 2.0
-
-Author
-------
-
-EMQ X Team.
-
diff --git a/apps/emqx_lua_hook/etc/emqx_lua_hook.conf b/apps/emqx_lua_hook/etc/emqx_lua_hook.conf
deleted file mode 100644
index f0256afae..000000000
--- a/apps/emqx_lua_hook/etc/emqx_lua_hook.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-##--------------------------------------------------------------------
-## EMQ X Lua Hook
-##--------------------------------------------------------------------
-
diff --git a/apps/emqx_lua_hook/examples.lua b/apps/emqx_lua_hook/examples.lua
deleted file mode 100644
index bc36eb771..000000000
--- a/apps/emqx_lua_hook/examples.lua
+++ /dev/null
@@ -1,71 +0,0 @@
---
--- Given all funcation names needed register to system
---
-function register_hook()
-    return "on_client_connected",
-           "on_client_disconnected",
-           "on_client_subscribe",
-           "on_client_unsubscribe",
-           "on_session_subscribed",
-           "on_session_unsubscribed",
-           "on_message_delivered",
-           "on_message_acked",
-           "on_message_publish"
-end
-
-----------------------------------------------------------------------
--- Callback Functions 
-
-function on_client_connected(clientid, username, returncode)
-    print("Lua: on_client_connected - " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_client_disconnected(clientid, username, reason)
-    print("Lua: on_client_disconnected - " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_client_subscribe(clientid, username, topic)
-    print("Lua: on_client_subscribe - " .. clientid)
-    -- do your job here
-    return topic
-end
-
-function on_client_unsubscribe(clientid, username, topic)
-    print("Lua: on_client_unsubscribe - " .. clientid)
-    -- do your job here
-    return topic
-end
-
-function on_session_subscribed(clientid, username, topic)
-    print("Lua: on_session_subscribed - " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_session_unsubscribed(clientid, username, topic)
-    print("Lua: on_session_unsubscribed - " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_message_delivered(clientid, username, topic, payload, qos, retain)
-    print("Lua: on_message_delivered - " .. clientid)
-    -- do your job here
-    return topic, payload, qos, retain
-end
-
-function on_message_acked(clientid, username, topic, payload, qos, retain)
-    print("Lua: on_message_acked- " .. clientid)
-    -- do your job here
-    return
-end
-
-function on_message_publish(clientid, username, topic, payload, qos, retain)
-    print("Lua: on_message_publish - " .. clientid)
-    -- do your job here
-    return topic, payload, qos, retain
-end
diff --git a/apps/emqx_lua_hook/include/emqx_lua_hook.hrl b/apps/emqx_lua_hook/include/emqx_lua_hook.hrl
deleted file mode 100644
index fb7010c2b..000000000
--- a/apps/emqx_lua_hook/include/emqx_lua_hook.hrl
+++ /dev/null
@@ -1,18 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--define(LOG(Level, Format, Args), emqx_logger:Level("Lua Hook: " ++ Format, Args)).
-
diff --git a/apps/emqx_lua_hook/priv/emqx_lua_hook.schema b/apps/emqx_lua_hook/priv/emqx_lua_hook.schema
deleted file mode 100644
index 8b1378917..000000000
--- a/apps/emqx_lua_hook/priv/emqx_lua_hook.schema
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/apps/emqx_lua_hook/rebar.config b/apps/emqx_lua_hook/rebar.config
deleted file mode 100644
index 97a06a77c..000000000
--- a/apps/emqx_lua_hook/rebar.config
+++ /dev/null
@@ -1,21 +0,0 @@
-{deps,
- [{luerl, {git, "https://github.com/emqx/luerl", {tag, "v0.3.1"}}}
- ]}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            compressed,
-            {parse_transform}
-           ]}.
-{overrides, [{add, [{erl_opts, [compressed]}]}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook.app.src b/apps/emqx_lua_hook/src/emqx_lua_hook.app.src
deleted file mode 100644
index 627c8e29d..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_lua_hook,
- [{description, "EMQ X Lua Hooks"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, []},
-  {applications, [kernel,stdlib]},
-  {mod, {emqx_lua_hook_app,[]}},
-  {env,[]},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-lua-hook"}
-          ]}
- ]}.
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook.erl b/apps/emqx_lua_hook/src/emqx_lua_hook.erl
deleted file mode 100644
index 6e7810827..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook.erl
+++ /dev/null
@@ -1,199 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook).
-
--behaviour(gen_server).
-
--include("emqx_lua_hook.hrl").
--include_lib("luerl/src/luerl.hrl").
-
--export([ start_link/0
-        , stop/0
-        ]).
-
--export([ load_scripts/0
-        , unload_scripts/0
-        , load_script/1
-        , unload_script/1
-        ]).
-
--export([ init/1
-        , handle_call/3
-        , handle_cast/2
-        , handle_info/2
-        , terminate/2
-        , code_change/3
-        ]).
-
--export([lua_dir/0]).
-
--define(SERVER, ?MODULE).
-
--record(state, {loaded_scripts = []}).
-
-start_link() ->
-    gen_server:start_link({local, ?SERVER}, ?MODULE, {}, []).
-
-stop() ->
-    gen_server:call(?SERVER, stop).
-
-load_scripts() ->
-    gen_server:call(?SERVER, load_scripts).
-
-unload_scripts() ->
-    gen_server:call(?SERVER, unload_scrips).
-
-load_script(ScriptName) ->
-    gen_server:call(?SERVER, {load_script, ScriptName}).
-
-unload_script(ScriptName) ->
-    gen_server:call(?SERVER, {unload_script, ScriptName}).
-
-lua_dir() ->
-    filename:join([emqx:get_env(data_dir, "data"), "scripts"]).
-
-%%-----------------------------------------------------------------------------
-%% gen_server callbacks
-%%-----------------------------------------------------------------------------
-
-init({}) ->
-    {ok, #state{}}.
-
-handle_call(stop, _From, State) ->
-    {stop, normal, ok, State};
-
-handle_call(load_scripts, _From, State) ->
-    {reply, ok, State#state{loaded_scripts = do_loadall()}, hibernate};
-
-handle_call(unload_scrips, _From, State=#state{loaded_scripts = Scripts}) ->
-    do_unloadall(Scripts),
-    {reply, ok, State#state{loaded_scripts = []}, hibernate};
-
-handle_call({load_script, ScriptName}, _From, State=#state{loaded_scripts = Scripts}) ->
-    {Ret, NewScripts} = case do_load(ScriptName) of
-                            error -> {error, Scripts};
-                            {ScriptName, LuaState} ->
-                                case lists:member({ScriptName, LuaState}, Scripts) of
-                                    true  -> {ok, Scripts};
-                                    false -> {ok, lists:append([{ScriptName, LuaState}], Scripts)}
-                                end
-                        end,
-    {reply, Ret, State#state{loaded_scripts = NewScripts}, hibernate};
-
-handle_call({unload_script, ScriptName}, _From, State=#state{loaded_scripts = Scripts}) ->
-    case proplists:get_all_values(ScriptName, Scripts) of
-        [] ->
-            {reply, ok, State, hibernate};
-        LuaStates ->
-            lists:foreach(fun(LuaState) ->
-                              % Unload first! If this gen_server has been crashed, loaded_scripts will be empty
-                              do_unload({ScriptName, LuaState})
-                          end, LuaStates),
-            NewScripts = proplists:delete(ScriptName, Scripts),
-            {reply, ok, State#state{loaded_scripts = NewScripts}, hibernate}
-    end;
-
-handle_call(Request, From, State) ->
-    ?LOG(error, "Unknown Request=~p from ~p", [Request, From]),
-    {reply, ignored, State, hibernate}.
-
-handle_cast(Msg, State) ->
-    ?LOG(error, "unexpected cast: ~p", [Msg]),
-    {noreply, State, hibernate}.
-
-handle_info(Info, State) ->
-    ?LOG(error, "unexpected info: ~p", [Info]),
-    {noreply, State}.
-
-terminate(_Reason, #state{loaded_scripts = Scripts}) ->
-    do_unloadall(Scripts),
-    ok.
-
-code_change(_OldVsn, State, _Extra) ->
-    {ok, State}.
-
-%% ------------------------------------------------------------------
-%% Internal Function Definitions
-%% ------------------------------------------------------------------
-
-do_loadall() ->
-    FileList = filelib:wildcard(filename:join([lua_dir(), "*.lua"])),
-    List = [do_load(X) || X <- FileList],
-    [X || X <- List, is_tuple(X)].
-
-do_load(FileName) ->
-    case catch luerl:dofile(FileName) of
-        {'EXIT', St00} ->
-            ?LOG(error, "Failed to load lua script ~p due to error ~p", [FileName, St00]),
-            error;
-        {_Ret, St0=#luerl{}} ->
-            case catch luerl:call_function([register_hook], [], St0) of
-                {'EXIT', St1} ->
-                    ?LOG(error, "Failed to execute register_hook function in lua script ~p, which has syntax error, St1=~p", [FileName, St1]),
-                    error;
-                {Ret1, St1} ->
-                    ?LOG(debug, "Register lua script ~p", [FileName]),
-                    _ = do_register_hooks(Ret1, FileName, St1),
-                    {FileName, St1};
-                Other ->
-                    ?LOG(error, "Failed to load lua script ~p, register_hook() raise exception ~p", [FileName, Other]),
-                    error
-            end;
-        Exception ->
-            ?LOG(error, "Failed to load lua script ~p with error ~p", [FileName, Exception]),
-            error
-    end.
-
-do_register(<<"on_message_publish">>, ScriptName, St) ->
-    emqx_lua_script:register_on_message_publish(ScriptName, St);
-do_register(<<"on_message_delivered">>, ScriptName, St) ->
-    emqx_lua_script:register_on_message_delivered(ScriptName, St);
-do_register(<<"on_message_acked">>, ScriptName, St) ->
-    emqx_lua_script:register_on_message_acked(ScriptName, St);
-do_register(<<"on_client_connected">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_connected(ScriptName, St);
-do_register(<<"on_client_subscribe">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_subscribe(ScriptName, St);
-do_register(<<"on_client_unsubscribe">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_unsubscribe(ScriptName, St);
-do_register(<<"on_client_disconnected">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_disconnected(ScriptName, St);
-do_register(<<"on_session_subscribed">>, ScriptName, St) ->
-    emqx_lua_script:register_on_session_subscribed(ScriptName, St);
-do_register(<<"on_client_authenticate">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_authenticate(ScriptName, St);
-do_register(<<"on_client_check_acl">>, ScriptName, St) ->
-    emqx_lua_script:register_on_client_check_acl(ScriptName, St);
-do_register(Hook, ScriptName, _St) ->
-    ?LOG(error, "Discard unknown hook ~p ScriptName=~p", [Hook, ScriptName]).
-
-do_register_hooks([], _ScriptName, _St) ->
-    ok;
-do_register_hooks([H|T], ScriptName, St) ->
-    _ = do_register(H, ScriptName, St),
-    do_register_hooks(T, ScriptName, St);
-do_register_hooks(Hook = <<$o, $n, _Rest/binary>>, ScriptName, St) ->
-    do_register(Hook, ScriptName, St);
-do_register_hooks(Hook, ScriptName, _St) ->
-    ?LOG(error, "Discard unknown hook type ~p from ~p", [Hook, ScriptName]).
-
-do_unloadall(Scripts) ->
-    lists:foreach(fun do_unload/1, Scripts).
-
-do_unload(Script) ->
-    emqx_lua_script:unregister_hooks(Script),
-    ok.
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook_app.erl b/apps/emqx_lua_hook/src/emqx_lua_hook_app.erl
deleted file mode 100644
index 6b0ec3574..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook_app.erl
+++ /dev/null
@@ -1,40 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook_app).
-
--behaviour(application).
-
--emqx_plugin(?MODULE).
-
--export([ start/2
-        , stop/1
-        , prep_stop/1
-        ]).
-
-start(_Type, _Args) ->
-    {ok, Sup} = emqx_lua_hook_sup:start_link(),
-    emqx_lua_hook:load_scripts(),
-    emqx_lua_hook_cli:load(),
-    {ok, Sup}.
-
-prep_stop(State) ->
-    emqx_lua_hook:unload_scripts(),
-    emqx_lua_hook_cli:unload(),
-    State.
-
-stop(_State) ->
-    ok.
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl b/apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl
deleted file mode 100644
index 83c6fc5ef..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook_cli.erl
+++ /dev/null
@@ -1,88 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook_cli).
-
--export([ load/0
-        , cmd/1
-        , unload/0
-        ]).
-
--include("emqx_lua_hook.hrl").
--include_lib("luerl/src/luerl.hrl").
-
--define(PRINT(Format, Args), io:format(Format, Args)).
--define(PRINT_CMD(Cmd, Descr), io:format("~-48s# ~s~n", [Cmd, Descr])).
--define(USAGE(CmdList), [?PRINT_CMD(Cmd, Descr) || {Cmd, Descr} <- CmdList]).
-
-load() ->
-    emqx_ctl:register_command(luahook, {?MODULE, cmd}, []).
-
-unload() ->
-    emqx_ctl:unregister_command(luahook).
-
-cmd(["load", Script]) ->
-    case emqx_lua_hook:load_script(fullname(Script)) of
-        ok -> emqx_ctl:print("Load ~p successfully~n", [Script]);
-        error -> emqx_ctl:print("Load ~p error~n", [Script])
-    end;
-
-cmd(["reload", Script]) ->
-    FullName = fullname(Script),
-    emqx_lua_hook:unload_script(FullName),
-    case emqx_lua_hook:load_script(FullName) of
-        ok -> emqx_ctl:print("Reload ~p successfully~n", [Script]);
-        error -> emqx_ctl:print("Reload ~p error~n", [Script])
-    end;
-
-cmd(["unload", Script]) ->
-    emqx_lua_hook:unload_script(fullname(Script)),
-    emqx_ctl:print("Unload ~p successfully~n", [Script]);
-
-cmd(["enable", Script]) ->
-    FullName = fullname(Script),
-    case file:rename(fullnamedisable(Script), FullName) of
-        ok -> case emqx_lua_hook:load_script(FullName) of
-                  ok ->
-                      emqx_ctl:print("Enable ~p successfully~n", [Script]);
-                  error ->
-                      emqx_ctl:print("Fail to enable ~p~n", [Script])
-              end;
-        {error, Reason} ->
-            emqx_ctl:print("Fail to enable ~p due to ~p~n", [Script, Reason])
-    end;
-
-cmd(["disable", Script]) ->
-    FullName = fullname(Script),
-    emqx_lua_hook:unload_script(FullName),
-    case file:rename(FullName, fullnamedisable(Script)) of
-        ok ->
-            emqx_ctl:print("Disable ~p successfully~n", [Script]);
-        {error, Reason} ->
-            emqx_ctl:print("Fail to disable ~p due to ~p~n", [Script, Reason])
-    end;
-
-cmd(_) ->
-    emqx_ctl:usage([{"luahook load <Script>",    "load lua script into hook"},
-                    {"luahook unload <Script>",  "unload lua script from hook"},
-                    {"luahook reload <Script>",  "reload lua script into hook"},
-                    {"luahook enable <Script>",  "enable lua script and load it into hook"},
-                    {"luahook disable <Script>", "unload lua script out of hook and disable it"}]).
-
-fullname(Script) ->
-    filename:join([emqx_lua_hook:lua_dir(), Script]).
-fullnamedisable(Script) ->
-    fullname(Script)++".x".
diff --git a/apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl b/apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl
deleted file mode 100644
index a10e5731c..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_hook_sup.erl
+++ /dev/null
@@ -1,35 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook_sup).
-
--behaviour(supervisor).
-
--export([start_link/0]).
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init(_Args) ->
-    {ok, {{one_for_one, 10, 3600},
-          [#{id       => lua_hook,
-             start    => {emqx_lua_hook, start_link, []},
-             restart  => permanent,
-             shutdown => 5000,
-             type     => worker,
-             modules  => [emqx_lua_hook]}]}}.
-
diff --git a/apps/emqx_lua_hook/src/emqx_lua_script.erl b/apps/emqx_lua_hook/src/emqx_lua_script.erl
deleted file mode 100644
index ffc53fc8d..000000000
--- a/apps/emqx_lua_hook/src/emqx_lua_script.erl
+++ /dev/null
@@ -1,342 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_script).
-
--include("emqx_lua_hook.hrl").
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/emqx_mqtt.hrl").
-
--export([ register_on_message_publish/2
-        , register_on_client_connected/2
-        , register_on_client_disconnected/2
-        , register_on_client_subscribe/2
-        , register_on_client_unsubscribe/2
-        , register_on_message_acked/2
-        , register_on_message_delivered/2
-        , register_on_session_subscribed/2
-        , register_on_session_unsubscribed/2
-        , register_on_client_authenticate/2
-        , register_on_client_check_acl/2
-        , unregister_hooks/1
-        ]).
-
--export([ on_client_connected/4
-        , on_client_disconnected/5
-        , on_client_authenticate/4
-        , on_client_check_acl/6
-        , on_client_subscribe/5
-        , on_client_unsubscribe/5
-        , on_session_subscribed/5
-        , on_session_unsubscribed/5
-        , on_message_publish/3
-        , on_message_delivered/4
-        , on_message_acked/4
-        ]).
-
--define(EMPTY_USERNAME, <<"">>).
-
--define(HOOK_ADD(A, B),      emqx:hook(A, B)).
--define(HOOK_DEL(A, B),      emqx:unhook(A, B)).
-
-register_on_client_connected(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.connected', {?MODULE, on_client_connected, [ScriptName, LuaState]}).
-
-register_on_client_disconnected(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.disconnected', {?MODULE, on_client_disconnected, [ScriptName, LuaState]}).
-
-register_on_client_authenticate(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.authenticate', {?MODULE, on_client_authenticate, [ScriptName, LuaState]}).
-
-register_on_client_check_acl(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.check_acl', {?MODULE, on_client_check_acl, [ScriptName, LuaState]}).
-
-register_on_client_subscribe(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.subscribe', {?MODULE, on_client_subscribe, [ScriptName, LuaState]}).
-
-register_on_client_unsubscribe(ScriptName, LuaState) ->
-    ?HOOK_ADD('client.unsubscribe', {?MODULE, on_client_unsubscribe, [ScriptName, LuaState]}).
-
-register_on_session_subscribed(ScriptName, LuaState) ->
-    ?HOOK_ADD('session.subscribed', {?MODULE, on_session_subscribed, [ScriptName, LuaState]}).
-
-register_on_session_unsubscribed(ScriptName, LuaState) ->
-    ?HOOK_ADD('session.unsubscribed', {?MODULE, on_session_unsubscribed, [ScriptName, LuaState]}).
-
-register_on_message_publish(ScriptName, LuaState) ->
-    ?HOOK_ADD('message.publish', {?MODULE, on_message_publish, [ScriptName, LuaState]}).
-
-register_on_message_delivered(ScriptName, LuaState) ->
-    ?HOOK_ADD('message.delivered', {?MODULE, on_message_delivered, [ScriptName, LuaState]}).
-
-register_on_message_acked(ScriptName, LuaState) ->
-    ?HOOK_ADD('message.acked', {?MODULE, on_message_acked, [ScriptName, LuaState]}).
-
-unregister_hooks({ScriptName, LuaState}) ->
-    ?HOOK_DEL('client.connected',     {?MODULE, on_client_connected,     [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.disconnected',  {?MODULE, on_client_disconnected,  [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.authenticate',  {?MODULE, on_client_authenticate,  [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.check_acl',     {?MODULE, on_client_check_acl,     [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.subscribe',     {?MODULE, on_client_subscribe,     [ScriptName, LuaState]}),
-    ?HOOK_DEL('client.unsubscribe',   {?MODULE, on_client_unsubscribe,   [ScriptName, LuaState]}),
-    ?HOOK_DEL('session.subscribed',   {?MODULE, on_session_subscribed,   [ScriptName, LuaState]}),
-    ?HOOK_DEL('session.unsubscribed', {?MODULE, on_session_unsubscribed, [ScriptName, LuaState]}),
-    ?HOOK_DEL('message.publish',      {?MODULE, on_message_publish,      [ScriptName, LuaState]}),
-    ?HOOK_DEL('message.delivered',    {?MODULE, on_message_delivered,    [ScriptName, LuaState]}),
-    ?HOOK_DEL('message.acked',        {?MODULE, on_message_acked,        [ScriptName, LuaState]}).
-
-on_client_connected(ClientInfo = #{clientid := ClientId, username := Username},
-                    ConnInfo, _ScriptName, LuaState) ->
-    ?LOG(debug, "Client(~s) connected, ClientInfo:~n~p~n, ConnInfo:~n~p~n",
-                [ClientId, ClientInfo, ConnInfo]),
-    case catch luerl:call_function([on_client_connected], [ClientId, Username], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_connected(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Lua function on_client_connected() caught exception, ~p", [Other]),
-            ok
-    end.
-
-on_client_disconnected(ClientInfo = #{clientid := ClientId, username := Username},
-                       ReasonCode, ConnInfo, _ScriptName, LuaState) ->
-    ?LOG(debug, "Client(~s) disconnected due to ~p, ClientInfo:~n~p~n, ConnInfo:~n~p~n",
-                [ClientId, ReasonCode, ClientInfo, ConnInfo]),
-    case catch luerl:call_function([on_client_disconnected], [ClientId, Username, ReasonCode], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_disconnected(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Lua function on_client_disconnected() caught exception, ~p", [Other]),
-            ok
-    end.
-
-on_client_authenticate(#{clientid := ClientId,
-                         username := Username,
-                         peerhost := Peerhost,
-                         password := Password}, Result, _ScriptName, LuaState) ->
-    case catch luerl:call_function([on_client_authenticate],
-                                   [ClientId, Username, inet:ntoa(Peerhost), Password], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_authenticate(), which has syntax error, St=~p", [St]),
-            ok;
-        {[<<"ignore">>], _St} ->
-            ok;
-        {[<<"ok">>], _St} ->
-            {stop, Result#{auth_result => success}};
-        Other ->
-            ?LOG(error, "Lua function on_client_authenticate() caught exception, ~p", [Other]),
-            ok
-    end.
-
-on_client_check_acl(#{clientid := ClientId,
-                      username := Username,
-                      peerhost := Peerhost,
-                      password := Password}, Topic, PubSub, _Result, _ScriptName, LuaState) ->
-    case catch luerl:call_function([on_client_check_acl], [ClientId, Username, inet:ntoa(Peerhost), Password, Topic, PubSub], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_check_acl(), which has syntax error, St=~p", [St]),
-            ok;
-        {[<<"ignore">>],_St} ->
-            ok;
-        {[<<"allow">>], _St} ->
-            {stop, allow};
-        {[<<"deny">>], _St} ->
-            {stop, deny};
-        Other ->
-            ?LOG(error, "Lua function on_client_check_acl() caught exception, ~p", [Other]),
-            ok
-    end.
-
-on_client_subscribe(#{clientid := ClientId, username := Username}, _Properties, TopicFilters, _ScriptName, LuaState) ->
-    NewTopicFilters =
-        lists:foldr(fun(TopicFilter, Acc) ->
-                        case on_client_subscribe_single(ClientId, Username, TopicFilter, LuaState) of
-                            false -> Acc;
-                            NewTopicFilter -> [NewTopicFilter | Acc]
-                        end
-                    end, [], TopicFilters),
-    case NewTopicFilters of
-        [] -> stop;
-        _ -> {ok, NewTopicFilters}
-    end.
-
-on_client_subscribe_single(_ClientId, _Username, TopicFilter = {<<$$, _Rest/binary>>, _SubOpts}, _LuaState) ->
-    %% ignore topics starting with $
-    TopicFilter;
-on_client_subscribe_single(ClientId, Username, TopicFilter = {Topic, SubOpts}, LuaState) ->
-    ?LOG(debug, "hook client(~s/~s) will subscribe: ~p~n", [ClientId, Username, Topic]),
-    case catch luerl:call_function([on_client_subscribe], [ClientId, Username, Topic], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_subscribe(), which has syntax error, St=~p", [St]),
-            TopicFilter;
-        {[false], _St} ->
-            false;   % cancel this topic's subscription
-        {[NewTopic], _St} ->
-            ?LOG(debug, "LUA function on_client_subscribe() return ~p", [NewTopic]),
-            {NewTopic, SubOpts};  % modify topic
-        Other ->
-            ?LOG(error, "Lua function on_client_subscribe() caught exception, ~p", [Other]),
-            TopicFilter
-    end.
-
-on_client_unsubscribe(#{clientid := ClientId, username := Username}, _Properties, TopicFilters, _ScriptName, LuaState) ->
-    NewTopicFilters =
-        lists:foldr(fun(TopicFilter, Acc) ->
-                        case on_client_unsubscribe_single(ClientId, Username, TopicFilter, LuaState) of
-                            false -> Acc;
-                            NewTopicFilter -> [NewTopicFilter | Acc]
-                        end
-                    end, [], TopicFilters),
-    case NewTopicFilters of
-        [] -> stop;
-        _ -> {ok, NewTopicFilters}
-    end.
-
-on_client_unsubscribe_single(_ClientId, _Username, TopicFilter = {<<$$, _Rest/binary>>, _SubOpts}, _LuaState) ->
-    %% ignore topics starting with $
-    TopicFilter;
-on_client_unsubscribe_single(ClientId, Username, TopicFilter = {Topic, SubOpts}, LuaState) ->
-    ?LOG(debug, "hook client(~s/~s) unsubscribe ~p~n", [ClientId, Username, Topic]),
-    case catch luerl:call_function([on_client_unsubscribe], [ClientId, Username, Topic], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_client_unsubscribe(), which has syntax error, St=~p", [St]),
-            TopicFilter;
-        {[false], _St} ->
-            false;   % cancel this topic's unsubscription
-        {[NewTopic], _} ->
-            ?LOG(debug, "Lua function on_client_unsubscribe() return ~p", [NewTopic]),
-            {NewTopic, SubOpts};  % modify topic
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_client_unsubscribe() caught exception, ~p", [Topic, Other]),
-            TopicFilter
-    end.
-
-on_session_subscribed(#{}, <<$$, _Rest/binary>>, _SubOpts, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    ok;
-on_session_subscribed(#{clientid := ClientId, username := Username},
-                      Topic, SubOpts, _ScriptName, LuaState) ->
-    ?LOG(debug, "Session(~s/s) subscribed ~s with subopts: ~p~n", [ClientId, Username, Topic, SubOpts]),
-    case catch luerl:call_function([on_session_subscribed], [ClientId, Username, Topic], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_session_subscribed(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_session_subscribed() caught exception, ~p", [Topic, Other]),
-            ok
-    end.
-
-on_session_unsubscribed(#{}, <<$$, _Rest/binary>>, _SubOpts, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    ok;
-on_session_unsubscribed(#{clientid := ClientId, username := Username},
-                        Topic, _SubOpts, _ScriptName, LuaState) ->
-    ?LOG(debug, "Session(~s/~s) unsubscribed ~s~n", [ClientId, Username, Topic]),
-    case catch luerl:call_function([on_session_unsubscribed], [ClientId, Username, Topic], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_session_unsubscribed(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_session_unsubscribed() caught exception, ~p", [Topic, Other]),
-            ok
-    end.
-
-on_message_publish(Message = #message{topic = <<$$, _Rest/binary>>}, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    {ok, Message};
-on_message_publish(Message = #message{from = ClientId,
-                                      qos = QoS,
-                                      flags = Flags = #{retain := Retain},
-                                      topic = Topic,
-                                      payload = Payload,
-                                      headers = Headers},
-                   _ScriptName, LuaState) ->
-    Username = maps:get(username, Headers, ?EMPTY_USERNAME),
-    ?LOG(debug, "Publish ~s~n", [emqx_message:format(Message)]),
-    case catch luerl:call_function([on_message_publish], [ClientId, Username, Topic, Payload, QoS, Retain], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_message_publish(), which has syntax error, St=~p", [St]),
-            {ok, Message};
-        {[false], _St} ->
-            {stop, Message};
-        {[NewTopic, NewPayload, NewQos, NewRetain], _St} ->
-            ?LOG(debug, "Lua function on_message_publish() return ~p", [{NewTopic, NewPayload, NewQos, NewRetain}]),
-            {ok, Message#message{topic = NewTopic, payload = NewPayload,
-                                 qos = round(NewQos), flags = Flags#{retain => to_retain(NewRetain)}}};
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_message_publish caught exception, ~p", [Topic, Other]),
-            {ok, Message}
-    end.
-
-on_message_delivered(#{}, #message{topic = <<$$, _Rest/binary>>}, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    ok;
-on_message_delivered(#{clientid := ClientId, username := Username},
-                   Message = #message{topic = Topic, payload = Payload, qos = QoS, flags = Flags = #{retain := Retain}},
-                   _ScriptName, LuaState) ->
-    ?LOG(debug, "Message delivered to client(~s): ~s~n",
-                [ClientId, emqx_message:format(Message)]),
-    case catch luerl:call_function([on_message_delivered], [ClientId, Username, Topic, Payload, QoS, Retain], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_message_delivered(), which has syntax error, St=~p", [St]),
-            ok;
-        {[false], _St} ->
-            ok;
-        {[NewTopic, NewPayload, NewQos, NewRetain], _St} ->
-            {ok, Message#message{topic = NewTopic, payload = NewPayload,
-                                 qos = round(NewQos), flags = Flags#{retain => to_retain(NewRetain)}}};
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_message_delivered() caught exception, ~p", [Topic, Other]),
-            ok
-    end.
-
-on_message_acked(#{}, #message{topic = <<$$, _Rest/binary>>}, _ScriptName, _LuaState) ->
-    %% ignore topics starting with $
-    ok;
-on_message_acked(#{clientid := ClientId, username := Username},
-                 Message = #message{topic = Topic, payload = Payload, qos = QoS, flags = #{retain := Retain}}, _ScriptName, LuaState) ->
-    ?LOG(debug, "Message acked by client(~s): ~s~n",
-                [ClientId, emqx_message:format(Message)]),
-    case catch luerl:call_function([on_message_acked], [ClientId, Username, Topic, Payload, QoS, Retain], LuaState) of
-        {'EXIT', St} ->
-            ?LOG(error, "Failed to execute function on_message_acked(), which has syntax error, St=~p", [St]),
-            ok;
-        {_Result, _St} ->
-            ok;
-        Other ->
-            ?LOG(error, "Topic=~p, lua function on_message_acked() caught exception, ~p", [Topic, Other]),
-            ok
-    end.
-
-to_retain(0) -> false;
-to_retain(1) -> true;
-to_retain("true") -> true;
-to_retain("false") -> false;
-to_retain(<<"true">>) -> true;
-to_retain(<<"false">>) -> false;
-to_retain(true) -> true;
-to_retain(false) -> false;
-to_retain(Num) when is_float(Num) ->
-    case round(Num) of 0 -> false; _ -> true end.
diff --git a/apps/emqx_lua_hook/test/emqx_lua_hook_SUITE.erl b/apps/emqx_lua_hook/test/emqx_lua_hook_SUITE.erl
deleted file mode 100644
index 5e6681aed..000000000
--- a/apps/emqx_lua_hook/test/emqx_lua_hook_SUITE.erl
+++ /dev/null
@@ -1,693 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_lua_hook_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/emqx_mqtt.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
-all() ->
-    [case01, case02, case03, case04,
-     case11, case12, case13,
-     case21, case22,
-     case31, case32,
-     case41, case42, case43,
-     case51, case52, case53,
-     case61, case62,
-     case71, case72, case73,
-     case81, case82, case83,
-     case101,
-     case110, case111, case112, case113, case114, case115,
-     case201, case202, case203, case204, case205,
-     case301, case302
-    ].
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_lua_hook], fun set_special_configs/1),
-    Config.
-
-end_per_suite(Config) ->
-    emqx_ct_helpers:stop_apps([emqx_lua_hook]),
-    Config.
-
-set_special_configs(emqx) ->
-    application:set_env(emqx, modules, []);
-set_special_configs(_App) ->
-    ok.
-
-init_per_testcase(_, Config) ->
-    ok = filelib:ensure_dir(filename:join([emqx_lua_hook:lua_dir(), "a"])),
-    emqx_lua_hook:start_link(),
-    Config.
-
-end_per_testcase(_, _Config) ->
-    emqx_lua_hook:stop(),
-    AllScripts = filelib:wildcard(filename:join([emqx_lua_hook:lua_dir(), "*"])),
-    [file:delete(Filename) || Filename <- AllScripts].
-
-case01(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(ClientId, Username, topic, payload, qos, retain)"
-            "\n    return topic, \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{from = <<"myclient">>, qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{username => <<"tester">>}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{payload = <<"hello">>}, Ret).
-
-case02(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{from = <<"myclient">>, qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{username => <<"tester">>}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret).
-
-case03(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =  "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{from = <<"myclient">>, qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{username => <<"tester">>}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret).
-
-case04(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    if clientid == \"broker\" then"
-            "\n        return topic, \"hello broker\", qos, retain"
-            "\n    else"
-            "\n        return false"     % return false to stop hook
-            "\n    end"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{from = <<"broker">>, qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{username => <<"tester">>}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{payload = <<"hello broker">>}, Ret).
-
-case11(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_delivered(clientid, username, topic, payload, qos, retain)"
-            "\n    return false"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_delivered\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.delivered', [#{clientid => <<"myclient">>, username => <<"myuser">>}], Msg),
-    ?assertEqual(Msg, Ret),
-    ok = file:delete(ScriptName).
-
-case12(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_delivered(clientid, username, topic, payload, qos, retain)"
-            "\n    return topic, \"hello broker\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_delivered\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.delivered', [#{clientid => <<"myclient">>, username => <<"myuser">>}], Msg),
-    ?assertEqual(Msg#message{payload = <<"hello broker">>}, Ret).
-
-case13(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_delivered(clientid, username, topic, payload, qos, retain)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_delivered\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.delivered', [#{clientid => <<"myclient">>, username => <<"myuser">>}], Msg),
-    ?assertEqual(Msg, Ret).
-
-case21(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_acked(clientid, username, topic, payload, qos, retain)"
-            "\n    return true"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_acked\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run('message.acked', [#{clientid => <<"myclient">>, username => <<"myuser">>}, Msg]),
-    ?assertEqual(ok, Ret).
-
-case22(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_acked(clientid, username, topic, payload, qos, retain)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_acked\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run('message.acked', [#{clientid => <<"myclient">>, username => <<"myuser">>}, Msg]),
-    ?assertEqual(ok, Ret),
-    ok = file:delete(ScriptName).
-
-case31(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_connected(clientid, username)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_connected\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    ?assertEqual(ok, 
-                 emqx_hooks:run('client.connected', 
-                                [#{clientid => <<"myclient">>, username => <<"tester">>}, #{}])).
-
-case32(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_connected(clientid, username)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_connected\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    ?assertEqual(ok, 
-                 emqx_hooks:run('client.connected', 
-                                [#{clientid => <<"myclient">>, username => <<"tester">>}, #{}])).
-
-case41(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_subscribe(clientid, username, topic)"
-            "\n    if topic == \"a/b/c\" then"
-            "\n        topic = \"a1/b1/c1\";"
-            "\n    end"
-            "\n    return topic"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual([{<<"a1/b1/c1">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}], Ret).
-
-case42(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_subscribe(clientid, username, topic)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual(TopicTable, Ret).
-
-case43(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_subscribe(clientid, username, topic)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual(TopicTable, Ret).
-
-case51(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_unsubscribe(clientid, username, topic)"
-            "\n    if topic == \"a/b/c\" then"
-            "\n        topic = \"a1/b1/c1\";"
-            "\n    end"
-            "\n    return topic"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_unsubscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.unsubscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual([{<<"a1/b1/c1">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}], Ret).
-
-case52(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_unsubscribe(clientid, username, topic)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_unsubscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.unsubscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual(TopicTable, Ret).
-
-case53(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_unsubscribe(clientid, username, topic)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_unsubscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret = emqx_hooks:run_fold('client.unsubscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual(TopicTable, Ret).
-
-case61(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_disconnected(clientid, username, reasoncode)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_disconnected\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    ?assertEqual(ok, 
-                 emqx_hooks:run('client.disconnected', 
-                                [#{clientid => <<"myclient">>, username => <<"tester">>}, 0])).
-
-case62(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_client_disconnected(clientid, username, reasoncode)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_disconnected\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    ?assertEqual(ok, 
-                 emqx_hooks:run('client.disconnected', 
-                                [#{clientid => <<"myclient">>, username => <<"tester">>}, 0])).
-
-case71(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_subscribed(clientid, username, topic)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_subscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case72(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_subscribed(clientid, username, topic)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_subscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case73(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_subscribed(clientid, username, topic)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_subscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case81(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_unsubscribed(clientid, username, topic)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_unsubscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.unsubscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case82(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_unsubscribed(clientid, username, topic)"
-            "\n    return false"     % return false to stop hook
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_unsubscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.unsubscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case83(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_unsubscribed(clientid, username, topic)"
-            "\n    return 9/0"     % this code has fatal error
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_session_unsubscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.unsubscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case101(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    ScriptName2 = filename:join([emqx_lua_hook:lua_dir(), "mn.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return topic, \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code),
-
-    Code2 =    "function on_client_subscribe(clientid, username, topic)"
-            "\n    if topic == \"a/b/c\" then"
-            "\n        topic = \"a1/b1/c1\";"
-            "\n    end"
-            "\n    return topic"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName2, Code2), ok = emqx_lua_hook:load_scripts(),
-
-    Ret = emqx_hooks:run_fold('message.publish',[], #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}}),
-    ?assertEqual(#message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"hello">>, headers = #{}}, Ret),
-
-    TopicTable = [{<<"a/b/c">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}],
-    Ret2 = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual([{<<"a1/b1/c1">>, [qos, 1]}, {<<"d/+/e">>, [{qos, 2}]}], Ret2).
-
-case110(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{topic = <<"changed/topic">>, payload = <<"hello">>}, Ret).
-
-case111(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =  " function on_message_publish(topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    emqx_ctl:run_command(["luahook", "unload", ScriptName]),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret).
-
-case112(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =  " function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    emqx_ctl:run_command(["luahook", "unload", "abc.lua"]),
-    timer:sleep(100),
-    emqx_ctl:run_command(["luahook", "load", "abc.lua"]),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{topic = <<"changed/topic">>, payload = <<"hello">>}, Ret).
-
-case113(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    ScriptDisabled = ScriptName ++ ".x",
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-                "\n    return \"changed/topic\", \"hello\", qos, retain"
-                "\nend"
-                "\n"
-                "\nfunction register_hook()"
-                "\n    return \"on_message_publish\""
-                "\nend",
-    ok = file:write_file(ScriptName, Code),
-    file:delete(ScriptDisabled),
-    emqx_ctl:run_command(["luahook", "disable", "abc.lua"]),   % this command will rename "abc.lua" to "abc.lua.x"
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret),
-    true = filelib:is_file(ScriptDisabled).
-
-case114(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua.x"]),     % disabled script
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    emqx_ctl:run_command(["luahook", "enable", "abc.lua"]),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{topic = <<"changed/topic">>, payload = <<"hello">>}, Ret).
-
-case115(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return \"changed/topic\", \"hello\", qos, retain"
-            "\nend"
-            "\n"
-            "function on_client_subscribe(ClientId, Username, Topic)"
-            "\n    return \"play/football\""
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\", \"on_client_subscribe\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    emqx_ctl:run_command(["luahook", "reload", "abc.lua"]),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{topic = <<"changed/topic">>, payload = <<"hello">>}, Ret),
-
-    TopicTable = [{<<"d/+/e">>, [{qos, 2}]}],
-    Ret2 = emqx_hooks:run_fold('client.subscribe',[#{clientid => <<"myclient">>, username => <<"myuser">>}, #{}], TopicTable),
-    ?assertEqual([{<<"play/football">>, [{qos, 2}]}], Ret2).
-
-case201(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_session_subscribed(clientid, username, topic)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\nfunction on_session_subscribed1()"  % register_hook() is missing
-            "\n    return \"on_session_subscribed\""
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case202(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function abc(clientid, username, topic)"
-            "\n    return 0"
-            "\nend"
-            "\n"
-            "\n9/0",   % error code
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case203(_Config) ->
-    file:del_dir(emqx_lua_hook:lua_dir()),  % if this dir is not exist, what will happen?
-    emqx_lua_hook:load_scripts(),
-
-    Topic = <<"a/b/c">>,
-    Ret = emqx_hooks:run('session.subscribed',[#{clientid => <<"myclient">>, username => <<"myuser">>}, Topic, #{first => false}]),
-    ?assertEqual(ok, Ret).
-
-case204(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return topic, payload .. \"_Z\", qos, retain"
-            "\nend"
-            "\n"
-            "function on_client_subscribe(ClientId, Username, Topic)"
-            "\n    return \"play/football\""
-            "\nend"
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\", \"on_client_subscribe\", \"on_message_publish\""  % if 2 on_message_publish() are registered, what will happend?
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg#message{payload = <<"123_Z">>}, Ret).
-
-case205(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =    "function on_message_publish(clientid, username, topic, payload, qos, retain)"
-            "\n    return topic, \"hello\", qos, retain"
-            "\nend_with_error"  %% syntax error
-            "\n"
-            "\nfunction register_hook()"
-            "\n    return \"on_message_publish\", \"on_client_subscribe\", \"on_message_publish\""  % if 2 on_message_publish() are registered, what will happend?
-            "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    Msg = #message{qos = 2, flags = #{retain => true}, topic = <<"a/b/c">>, payload = <<"123">>, headers = #{}},
-    Ret = emqx_hooks:run_fold('message.publish',[], Msg),
-    ?assertEqual(Msg, Ret).
-
-case301(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =   "function on_client_authenticate(clientid, username, peerhost, password)"
-           "\n    return \"ok\""
-           "\nend"
-           "\n"
-           "\nfunction register_hook()"
-           "\n    return \"on_client_authenticate\""
-           "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-
-    ClientInfo = #{clientid => undefined,
-                   username => <<"test">>,
-                   peerhost => {127, 0, 0, 1},
-                   password => <<"mqtt">>
-                  },
-    Result = #{auth_result => success, anonymous => true},
-    ?assertEqual(Result#{auth_result => success},
-                 emqx_hooks:run_fold('client.authenticate', [ClientInfo], Result)).
-
-case302(_Config) ->
-    ScriptName = filename:join([emqx_lua_hook:lua_dir(), "abc.lua"]),
-    Code =   "function on_client_check_acl(clientid, username, peerhost, password, topic, pubsub)"
-           "\n    return \"allow\""
-           "\nend"
-           "\n"
-           "\nfunction register_hook()"
-           "\n    return \"on_client_check_acl\""
-           "\nend",
-    ok = file:write_file(ScriptName, Code), ok = emqx_lua_hook:load_scripts(),
-    ClientInfo = #{clientid => undefined,
-                   username => <<"test">>,
-                   peerhost => {127, 0, 0, 1},
-                   password => <<"mqtt">>
-                  },
-    ?assertEqual(allow, emqx_hooks:run_fold('client.check_acl',
-                                            [ClientInfo, publish, <<"mytopic">>], deny)).
diff --git a/rebar.config.erl b/rebar.config.erl
index 4f484cb66..63a7ba97f 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -263,8 +263,7 @@ relx_apps(ReleaseType) ->
     ++ [{N, load} || N <- relx_plugin_apps(ReleaseType)].
 
 relx_apps_per_rel(cloud) ->
-    [ luerl
-    , xmerl
+    [ xmerl
     | [{observer, load} || is_app(observer)]
     ];
 relx_apps_per_rel(edge) ->
@@ -297,7 +296,6 @@ relx_plugin_apps(ReleaseType) ->
 
 relx_plugin_apps_per_rel(cloud) ->
     [ emqx_lwm2m
-    , emqx_lua_hook
     , emqx_exhook
     , emqx_exproto
     , emqx_prometheus

From 4e4c1dd17a7b2fb20b1839647870205b174ebf22 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 28 Jun 2021 11:45:01 +0800
Subject: [PATCH 113/174] build: delete needless auth plugins

---
 .../emqx_auth_http/src/emqx_auth_http.app.src |  14 --
 .../src/emqx_auth_http.appup.src              |  16 --
 .../emqx_auth_http/src/emqx_auth_http_app.erl | 161 ------------------
 apps/emqx_auth_ldap/src/emqx_acl_ldap.erl     |  93 ----------
 .../src/emqx_auth_ldap.appup.src              |   8 -
 5 files changed, 292 deletions(-)
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http.app.src
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http.appup.src
 delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http_app.erl
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
 delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src

diff --git a/apps/emqx_auth_http/src/emqx_auth_http.app.src b/apps/emqx_auth_http/src/emqx_auth_http.app.src
deleted file mode 100644
index 305487171..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_auth_http,
- [{description, "EMQ X Authentication/ACL with HTTP API"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_auth_http_sup]},
-  {applications, [kernel,stdlib,ehttpc]},
-  {mod, {emqx_auth_http_app, []}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-auth-http"}
-          ]}
- ]}.
diff --git a/apps/emqx_auth_http/src/emqx_auth_http.appup.src b/apps/emqx_auth_http/src/emqx_auth_http.appup.src
deleted file mode 100644
index 620194064..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http.appup.src
+++ /dev/null
@@ -1,16 +0,0 @@
-%% -*-: erlang -*-
-
-{VSN,
-  [
-    {"4.3.0", [
-     {restart_application, emqx_auth_http}
-    ]},
-    {<<".*">>, []}
-  ],
-  [
-    {"4.3.0", [
-     {restart_application, emqx_auth_http}
-    ]},
-    {<<".*">>, []}
-  ]
-}.
diff --git a/apps/emqx_auth_http/src/emqx_auth_http_app.erl b/apps/emqx_auth_http/src/emqx_auth_http_app.erl
deleted file mode 100644
index 51e376f6a..000000000
--- a/apps/emqx_auth_http/src/emqx_auth_http_app.erl
+++ /dev/null
@@ -1,161 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_auth_http_app).
-
--behaviour(application).
-
--emqx_plugin(auth).
-
--include("emqx_auth_http.hrl").
-
--export([ start/2
-        , stop/1
-        ]).
-
-%%--------------------------------------------------------------------
-%% Application Callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_auth_http_sup:start_link(),
-    translate_env(),
-    load_hooks(),
-    {ok, Sup}.
-
-stop(_State) ->
-    unload_hooks().
-
-%%--------------------------------------------------------------------
-%% Internel functions
-%%--------------------------------------------------------------------
-
-translate_env() ->
-    lists:foreach(fun translate_env/1, [auth_req, super_req, acl_req]).
-
-translate_env(EnvName) ->
-    case application:get_env(?APP, EnvName) of
-        undefined -> ok;
-        {ok, Req} ->
-            {ok, PoolSize} = application:get_env(?APP, pool_size),
-            {ok, ConnectTimeout} = application:get_env(?APP, connect_timeout),
-            URL = proplists:get_value(url, Req),
-            {ok, #{host := Host,
-                   port := Port,
-                   scheme := Scheme} = URIMap} = emqx_http_lib:uri_parse(URL),
-            Path = path(URIMap),
-            MoreOpts = case Scheme of
-                        http ->
-                            [{transport_opts, emqx_misc:ipv6_probe([])}];
-                        https ->
-                            CACertFile = application:get_env(?APP, cacertfile, undefined),
-                            CertFile = application:get_env(?APP, certfile, undefined),
-                            KeyFile = application:get_env(?APP, keyfile, undefined),
-                            Verify = case application:get_env(?APP, verify, fasle) of
-                                         true -> verify_peer;
-                                         false -> verify_none
-                                     end,
-                            SNI = case application:get_env(?APP, server_name_indication, undefined) of
-                                    "disable" -> disable;
-                                    SNI0 -> SNI0
-                                  end,
-                            TLSOpts = lists:filter(
-                                        fun({_, V}) ->
-                                            V =/= <<>> andalso V =/= undefined
-                                        end, [{keyfile, KeyFile},
-                                              {certfile, CertFile},
-                                              {cacertfile, CACertFile},
-                                              {verify, Verify},
-                                              {server_name_indication, SNI}]),
-                            NTLSOpts = [ {versions, emqx_tls_lib:default_versions()}
-                                       , {ciphers, emqx_tls_lib:default_ciphers()}
-                                       | TLSOpts
-                                       ],
-                            [{transport, ssl}, {transport_opts, emqx_misc:ipv6_probe(NTLSOpts)}]
-                        end,
-            PoolOpts = [{host, Host},
-                        {port, Port},
-                        {pool_size, PoolSize},
-                        {pool_type, random},
-                        {connect_timeout, ConnectTimeout},
-                        {retry, 5},
-                        {retry_timeout, 1000}] ++ MoreOpts,
-            Method = proplists:get_value(method, Req),
-            Headers = proplists:get_value(headers, Req),
-            NHeaders = ensure_content_type_header(Method, emqx_http_lib:normalise_headers(Headers)),
-            NReq = lists:keydelete(headers, 1, Req),
-            {ok, Timeout} = application:get_env(?APP, timeout),
-            application:set_env(?APP, EnvName, [{path, Path},
-                                                {headers, NHeaders},
-                                                {timeout, Timeout},
-                                                {pool_name, list_to_atom("emqx_auth_http/" ++ atom_to_list(EnvName))},
-                                                {pool_opts, PoolOpts} | NReq])
-    end.
-
-load_hooks() ->
-    case application:get_env(?APP, auth_req) of
-        undefined -> ok;
-        {ok, AuthReq} ->
-            ok = emqx_auth_http:register_metrics(),
-            PoolOpts = proplists:get_value(pool_opts, AuthReq),
-            PoolName = proplists:get_value(pool_name, AuthReq),
-            {ok, _} = ehttpc_sup:start_pool(PoolName, PoolOpts),
-            case application:get_env(?APP, super_req) of
-                undefined ->
-                    emqx_hooks:put('client.authenticate', {emqx_auth_http, check, [#{auth => maps:from_list(AuthReq),
-                                                                                     super => undefined}]});
-                {ok, SuperReq} ->
-                    PoolOpts1 = proplists:get_value(pool_opts, SuperReq),
-                    PoolName1 = proplists:get_value(pool_name, SuperReq),
-                    {ok, _} = ehttpc_sup:start_pool(PoolName1, PoolOpts1),
-                    emqx_hooks:put('client.authenticate', {emqx_auth_http, check, [#{auth => maps:from_list(AuthReq),
-                                                                                     super => maps:from_list(SuperReq)}]})
-            end
-    end,
-    case application:get_env(?APP, acl_req) of
-        undefined -> ok;
-        {ok, ACLReq} ->
-            ok = emqx_acl_http:register_metrics(),
-            PoolOpts2 = proplists:get_value(pool_opts, ACLReq),
-            PoolName2 = proplists:get_value(pool_name, ACLReq),
-            {ok, _} = ehttpc_sup:start_pool(PoolName2, PoolOpts2),
-            emqx_hooks:put('client.check_acl', {emqx_acl_http, check_acl, [#{acl => maps:from_list(ACLReq)}]})
-    end,
-    ok.
-
-unload_hooks() ->
-    emqx:unhook('client.authenticate', {emqx_auth_http, check}),
-    emqx:unhook('client.check_acl', {emqx_acl_http, check_acl}),
-    _ = ehttpc_sup:stop_pool('emqx_auth_http/auth_req'),
-    _ = ehttpc_sup:stop_pool('emqx_auth_http/super_req'),
-    _ = ehttpc_sup:stop_pool('emqx_auth_http/acl_req'),
-    ok.
-
-ensure_content_type_header(Method, Headers)
-  when Method =:= post orelse Method =:= put ->
-    Headers;
-ensure_content_type_header(_Method, Headers) ->
-    lists:keydelete("content-type", 1, Headers).
-
-path(#{path := "", 'query' := Query}) ->
-    "?" ++ Query;
-path(#{path := Path, 'query' := Query}) ->
-    Path ++ "?" ++ Query;
-path(#{path := ""}) ->
-    "/";
-path(#{path := Path}) ->
-    Path.
-
diff --git a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
deleted file mode 100644
index 8324f6414..000000000
--- a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
+++ /dev/null
@@ -1,93 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_acl_ldap).
-
--include("emqx_auth_ldap.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eldap/include/eldap.hrl").
--include_lib("emqx/include/logger.hrl").
-
--export([ register_metrics/0
-        , check_acl/5
-        , description/0
-        ]).
-
--spec(register_metrics() -> ok).
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
-
-check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) ->
-    case do_check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) of
-        ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
-        {stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
-        {stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
-    end.
-
-do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
-    ok;
-
-do_check_acl(#{username := Username}, PubSub, Topic, _NoMatchAction,
-             #{device_dn         := DeviceDn,
-               match_objectclass := ObjectClass,
-               username_attr     := UidAttr,
-               custom_base_dn    := CustomBaseDN,
-               pool := Pool} = Config) ->
-
-    Filters = maps:get(filters, Config, []),
-
-    ReplaceRules = [{"${username_attr}", UidAttr},
-                    {"${user}", binary_to_list(Username)},
-                    {"${device_dn}", DeviceDn}],
-
-    Filter = emqx_auth_ldap:prepare_filter(Filters, UidAttr, ObjectClass, ReplaceRules),
-
-    Attribute = case PubSub of
-                    publish   -> "mqttPublishTopic";
-                    subscribe -> "mqttSubscriptionTopic"
-                end,
-    Attribute1 = "mqttPubSubTopic",
-    ?LOG(debug, "[LDAP] search dn:~p filter:~p, attribute:~p",
-         [DeviceDn, Filter, Attribute]),
-
-    BaseDN = emqx_auth_ldap:replace_vars(CustomBaseDN, ReplaceRules),
-
-    case emqx_auth_ldap_cli:search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of
-        {error, noSuchObject} ->
-            ok;
-        {ok, #eldap_search_result{entries = []}} ->
-            ok;
-        {ok, #eldap_search_result{entries = [Entry]}} ->
-            Topics = proplists:get_value(Attribute, Entry#eldap_entry.attributes, [])
-                ++ proplists:get_value(Attribute1, Entry#eldap_entry.attributes, []),
-            match(Topic, Topics);
-        Error ->
-            ?LOG(error, "[LDAP] search error:~p", [Error]),
-            {stop, deny}
-    end.
-
-match(_Topic, []) ->
-    ok;
-
-match(Topic, [Filter | Topics]) ->
-    case emqx_topic:match(Topic, list_to_binary(Filter)) of
-        true  -> {stop, allow};
-        false -> match(Topic, Topics)
-    end.
-
-description() ->
-    "ACL with LDAP".
diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
deleted file mode 100644
index 9750f3cf1..000000000
--- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
+++ /dev/null
@@ -1,8 +0,0 @@
-%% -*- mode: erlang -*-
-{VSN,
-  [{"4.3.0",
-    [{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]},
-   {<<".*">>,[]}],
-  [{"4.3.0",
-    [{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]},
-   {<<".*">>,[]}]}.

From dd424c7656b4219a87e8323a141600e1d783e215 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 28 Jun 2021 11:52:47 +0800
Subject: [PATCH 114/174] build: delete sasl plugin

---
 apps/emqx_sasl/src/emqx_sasl.app.src   | 14 -------
 apps/emqx_sasl/src/emqx_sasl.appup.src | 13 ------
 apps/emqx_sasl/src/emqx_sasl.erl       | 56 --------------------------
 3 files changed, 83 deletions(-)
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl.app.src
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl.appup.src
 delete mode 100644 apps/emqx_sasl/src/emqx_sasl.erl

diff --git a/apps/emqx_sasl/src/emqx_sasl.app.src b/apps/emqx_sasl/src/emqx_sasl.app.src
deleted file mode 100644
index f490a6af5..000000000
--- a/apps/emqx_sasl/src/emqx_sasl.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_sasl,
- [{description, "EMQ X SASL"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_sasl_sup]},
-  {applications, [kernel,stdlib,pbkdf2]},
-  {mod, {emqx_sasl_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-sasl"}
-          ]}
- ]}.
diff --git a/apps/emqx_sasl/src/emqx_sasl.appup.src b/apps/emqx_sasl/src/emqx_sasl.appup.src
deleted file mode 100644
index df881fc05..000000000
--- a/apps/emqx_sasl/src/emqx_sasl.appup.src
+++ /dev/null
@@ -1,13 +0,0 @@
-%% -*-: erlang -*-
-{VSN,
- [
-   {"4.3.0", [
-     {restart_application, emqx_sasl}
-   ]}
- ],
- [
-   {"4.3.0", [
-     {restart_application, emqx_sasl}
-   ]}
- ]
-}.
diff --git a/apps/emqx_sasl/src/emqx_sasl.erl b/apps/emqx_sasl/src/emqx_sasl.erl
deleted file mode 100644
index 61fd34134..000000000
--- a/apps/emqx_sasl/src/emqx_sasl.erl
+++ /dev/null
@@ -1,56 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_sasl).
-
--include_lib("emqx/include/logger.hrl").
-
--export([ load/0
-        , unload/0
-        , init/0
-        , check/3
-        , supported/0
-        ]).
-
-load() ->
-    emqx:hook('client.enhanced_authenticate', {?MODULE, check, []}).
-
-unload() ->
-    emqx:unhook('client.enhanced_authenticate', {?MODULE, check}).
-
-init() ->
-    emqx_sasl_scram:init().
-
-check(Method, Data, Cache) ->
-    try
-        case Method of
-            <<"SCRAM-SHA-1">> ->
-                case emqx_sasl_scram:check(Data, Cache) of
-                    {ok, NData, NCache} -> {ok, {ok, NData, NCache}};
-                    {continue, NData, NCache} -> {ok, {continue, NData, NCache}};
-                    Re -> {stop, Re}
-                end;
-            _ ->
-                {error, unsupported_mechanism}
-        end
-    catch
-        _Class:_Reason:Stack ->
-            ?LOG(error, "[emqx_sasl] authentication failed: ~0p", [Stack]),
-            {error, authentication_failed}
-    end.
-
-supported() ->
-    [<<"SCRAM-SHA-1">>].

From 97fa19f244b3d22e74066390d7f67efa68c0b2b5 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 28 Jun 2021 14:11:34 +0800
Subject: [PATCH 115/174] build: delete priv/emqx.schema file

---
 priv/emqx.schema | 2470 ----------------------------------------------
 1 file changed, 2470 deletions(-)
 delete mode 100644 priv/emqx.schema

diff --git a/priv/emqx.schema b/priv/emqx.schema
deleted file mode 100644
index 142a9acf4..000000000
--- a/priv/emqx.schema
+++ /dev/null
@@ -1,2470 +0,0 @@
-%%-*- mode: erlang -*-
-%% EMQ X R4.0 config mapping
-
-%%--------------------------------------------------------------------
-%% Cluster
-%%--------------------------------------------------------------------
-
-%% @doc Cluster name
-{mapping, "cluster.name", "ekka.cluster_name", [
-  {default, emqxcl},
-  {datatype, atom}
-]}.
-
-%% @doc Cluster discovery
-{mapping, "cluster.discovery", "ekka.cluster_discovery", [
-  {default, manual},
-  {datatype, atom}
-]}.
-
-%% @doc Clean down node from the cluster
-{mapping, "cluster.autoclean", "ekka.cluster_autoclean", [
-  {datatype, {duration, ms}}
-]}.
-
-%% @doc Cluster autoheal
-{mapping, "cluster.autoheal", "ekka.cluster_autoheal", [
-  {datatype, flag},
-  {default, off}
-]}.
-
-%%--------------------------------------------------------------------
-%% Cluster by static node list
-
-{mapping, "cluster.static.seeds", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-%%--------------------------------------------------------------------
-%% Cluster by UDP Multicast
-
-{mapping, "cluster.mcast.addr", "ekka.cluster_discovery", [
-  {default, "239.192.0.1"},
-  {datatype, string}
-]}.
-
-{mapping, "cluster.mcast.ports", "ekka.cluster_discovery", [
-  {default, "4369"},
-  {datatype, string}
-]}.
-
-{mapping, "cluster.mcast.iface", "ekka.cluster_discovery", [
-  {datatype, string},
-  {default, "0.0.0.0"}
-]}.
-
-{mapping, "cluster.mcast.ttl", "ekka.cluster_discovery", [
-  {datatype, integer},
-  {default, 255}
-]}.
-
-{mapping, "cluster.mcast.loop", "ekka.cluster_discovery", [
-  {datatype, flag},
-  {default, on}
-]}.
-
-{mapping, "cluster.mcast.sndbuf", "ekka.cluster_discovery", [
-  {datatype, bytesize},
-  {default, "16KB"}
-]}.
-
-{mapping, "cluster.mcast.recbuf", "ekka.cluster_discovery", [
-  {datatype, bytesize},
-  {default, "16KB"}
-]}.
-
-{mapping, "cluster.mcast.buffer", "ekka.cluster_discovery", [
-  {datatype, bytesize},
-  {default, "32KB"}
-]}.
-
-%%--------------------------------------------------------------------
-%% Cluster by DNS A Record
-
-{mapping, "cluster.dns.name", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-%% @doc The erlang distributed protocol
-{mapping, "cluster.proto_dist", "ekka.proto_dist", [
-  {default, "inet_tcp"},
-  {datatype, {enum, [inet_tcp, inet6_tcp, inet_tls]}},
-  hidden
-]}.
-
-{mapping, "cluster.dns.app", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-%%--------------------------------------------------------------------
-%% Cluster using etcd
-
-{mapping, "cluster.etcd.server", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-{mapping, "cluster.etcd.prefix", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-{mapping, "cluster.etcd.node_ttl", "ekka.cluster_discovery", [
-  {datatype, {duration, ms}},
-  {default, "1m"}
-]}.
-
-{mapping, "cluster.etcd.ssl.keyfile", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-{mapping, "cluster.etcd.ssl.certfile", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-{mapping, "cluster.etcd.ssl.cacertfile", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-%%--------------------------------------------------------------------
-%% Cluster on K8s
-
-{mapping, "cluster.k8s.apiserver", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-{mapping, "cluster.k8s.service_name", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-{mapping, "cluster.k8s.address_type", "ekka.cluster_discovery", [
-  {datatype, {enum, [ip, dns, hostname]}}
-]}.
-
-{mapping, "cluster.k8s.app_name", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-{mapping, "cluster.k8s.namespace", "ekka.cluster_discovery", [
-  {datatype, string}
-]}.
-
-{mapping, "cluster.k8s.suffix", "ekka.cluster_discovery", [
-    {datatype, string},
-    {default, ""}
-  ]}.
-
-{translation, "ekka.cluster_discovery", fun(Conf) ->
-  Strategy = cuttlefish:conf_get("cluster.discovery", Conf),
-  Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  IpPort = fun(S) ->
-             [Addr, Port] = string:tokens(S, ":"),
-             {ok, Ip} = inet:parse_address(Addr),
-             {Ip, Port}
-           end,
-  Options = fun(static) ->
-                 [{seeds, [list_to_atom(S) || S <- string:tokens(cuttlefish:conf_get("cluster.static.seeds", Conf, ""), ",")]}];
-               (mcast) ->
-                 {ok, Addr} = inet:parse_address(cuttlefish:conf_get("cluster.mcast.addr", Conf)),
-                 {ok, Iface} = inet:parse_address(cuttlefish:conf_get("cluster.mcast.iface", Conf)),
-                 Ports = [list_to_integer(S) || S <- string:tokens(cuttlefish:conf_get("cluster.mcast.ports", Conf), ",")],
-                 [{addr, Addr}, {ports, Ports}, {iface, Iface},
-                  {ttl, cuttlefish:conf_get("cluster.mcast.ttl", Conf, 1)},
-                  {loop, cuttlefish:conf_get("cluster.mcast.loop", Conf, true)}];
-               (dns) ->
-                 [{name, cuttlefish:conf_get("cluster.dns.name", Conf)},
-                  {app, cuttlefish:conf_get("cluster.dns.app", Conf)}];
-               (etcd) ->
-                 SslOpts = fun(Conf) ->
-                              Options = cuttlefish_variable:filter_by_prefix("cluster.etcd.ssl", Conf),
-                              lists:map(fun({["cluster", "etcd", "ssl", Name], Value}) ->
-                                            {list_to_atom(Name), Value}
-                                        end, Options)
-                            end,
-                 [{server, string:tokens(cuttlefish:conf_get("cluster.etcd.server", Conf), ",")},
-                  {prefix, cuttlefish:conf_get("cluster.etcd.prefix", Conf, "emqcl")},
-                  {node_ttl, cuttlefish:conf_get("cluster.etcd.node_ttl", Conf, 60)},
-                  {ssl_options, SslOpts(Conf)}];
-               (k8s) ->
-                 [{apiserver, cuttlefish:conf_get("cluster.k8s.apiserver", Conf)},
-                  {service_name, cuttlefish:conf_get("cluster.k8s.service_name", Conf)},
-                  {address_type, cuttlefish:conf_get("cluster.k8s.address_type", Conf, ip)},
-                  {app_name, cuttlefish:conf_get("cluster.k8s.app_name", Conf)},
-                  {namespace, cuttlefish:conf_get("cluster.k8s.namespace", Conf)},
-                  {suffix, cuttlefish:conf_get("cluster.k8s.suffix", Conf, "")}];
-               (manual) ->
-                 [ ]
-            end,
-  {Strategy, Filter(Options(Strategy))}
-end}.
-
-%%--------------------------------------------------------------------
-%% Node
-%%--------------------------------------------------------------------
-
-%% @doc Node name
-{mapping, "node.name", "vm_args.-name", [
-  {default, "emqx@127.0.0.1"},
-  {override_env, "NODE_NAME"}
-]}.
-
-%% @doc Specify SSL Options in the file if using SSL for erlang distribution
-{mapping, "node.ssl_dist_optfile", "vm_args.-ssl_dist_optfile", [
-  {datatype, string},
-  hidden
-]}.
-
-%% @doc Secret cookie for distributed erlang node
-{mapping, "node.cookie", "vm_args.-setcookie", [
-  {default, "emqxsecretcookie"},
-  {override_env, "NODE_COOKIE"}
-]}.
-
-{mapping, "node.data_dir", "emqx.data_dir", [
-  {datatype, string}
-]}.
-
-%% @doc http://erlang.org/doc/man/heart.html
-{mapping, "node.heartbeat", "vm_args.-heart", [
-  {datatype, flag},
-  hidden
-]}.
-
-{translation, "vm_args.-heart", fun(Conf) ->
-    case cuttlefish:conf_get("node.heartbeat", Conf) of
-        true  -> "";
-        false -> cuttlefish:invalid("should be 'on' or comment the line!")
-    end
-end}.
-
-%% @doc More information at: http://erlang.org/doc/man/erl.html
-{mapping, "node.async_threads", "vm_args.+A", [
-  {datatype, integer},
-  {validators, ["range:0-1024"]}
-]}.
-
-%% @doc Erlang Process Limit
-{mapping, "node.process_limit", "vm_args.+P", [
-  {datatype, integer},
-  hidden
-]}.
-
-%% @doc The maximum number of concurrent ports/sockets.
-%% Valid range is 1024-134217727
-{mapping, "node.max_ports", "vm_args.+Q", [
-  {datatype, integer},
-  {validators, ["range4ports"]},
-  {override_env, "MAX_PORTS"}
-]}.
-
-{validator, "range4ports", "must be 1024 to 134217727",
- fun(X) -> X >= 1024 andalso X =< 134217727 end}.
-
-%% @doc http://www.erlang.org/doc/man/erl.html#%2bzdbbl
-{mapping, "node.dist_buffer_size", "vm_args.+zdbbl", [
-  {datatype, bytesize},
-  {commented, "32MB"},
-  hidden,
-  {validators, ["zdbbl_range"]}
-]}.
-
-{translation, "vm_args.+zdbbl",
- fun(Conf) ->
-  ZDBBL = cuttlefish:conf_get("node.dist_buffer_size", Conf, undefined),
-  case ZDBBL of
-    undefined -> undefined;
-    X when is_integer(X) -> cuttlefish_util:ceiling(X / 1024); %% Bytes to Kilobytes;
-    _ -> undefined
-  end
- end}.
-
-{validator, "zdbbl_range", "must be between 1KB and 2097151KB",
- fun(ZDBBL) ->
-  %% 2097151KB = 2147482624
-  ZDBBL >= 1024 andalso ZDBBL =< 2147482624
- end
-}.
-
-%% @doc Global GC Interval
-{mapping, "node.global_gc_interval", "emqx.global_gc_interval", [
-  {datatype, {duration, s}}
-]}.
-
-%% @doc http://www.erlang.org/doc/man/erlang.html#system_flag-2
-{mapping, "node.fullsweep_after", "vm_args.-env ERL_FULLSWEEP_AFTER", [
-  {default, 1000},
-  {datatype, integer},
-  hidden,
-  {validators, ["positive_integer"]}
-]}.
-
-{validator, "positive_integer", "must be a positive integer",
-  fun(X) -> X >= 0 end}.
-
-%% Note: OTP R15 and earlier uses -env ERL_MAX_ETS_TABLES,
-%% R16+ uses +e
-%% @doc The ETS table limit
-{mapping, "node.max_ets_tables",
-  cuttlefish:otp("R16", "vm_args.+e", "vm_args.-env ERL_MAX_ETS_TABLES"), [
-  {default, 256000},
-  {datatype, integer},
-  hidden
-]}.
-
-%% @doc Set the location of crash dumps
-{mapping, "node.crash_dump", "vm_args.-env ERL_CRASH_DUMP", [
-  {default, "{{crash_dump}}"},
-  {datatype, file},
-  hidden
-]}.
-
-%% @doc http://www.erlang.org/doc/man/kernel_app.html#net_ticktime
-{mapping, "node.dist_net_ticktime", "vm_args.-kernel net_ticktime", [
-  {datatype, integer},
-  hidden
-]}.
-
-%% @doc http://www.erlang.org/doc/man/kernel_app.html
-{mapping, "node.dist_listen_min", "kernel.inet_dist_listen_min", [
-  {commented, 6369},
-  {datatype, integer},
-  hidden
-]}.
-
-%% @see node.dist_listen_min
-{mapping, "node.dist_listen_max", "kernel.inet_dist_listen_max", [
-  {commented, 6369},
-  {datatype, integer},
-  hidden
-]}.
-
-{mapping, "node.backtrace_depth", "emqx.backtrace_depth", [
-  {default, 16},
-  {datatype, integer}
-]}.
-
-%%--------------------------------------------------------------------
-%% RPC
-%%--------------------------------------------------------------------
-
-%% RPC Mode.
-{mapping, "rpc.mode", "emqx.rpc_mode", [
-  {default, async},
-  {datatype, {enum, [sync, async]}}
-]}.
-
-{mapping, "rpc.async_batch_size", "gen_rpc.max_batch_size", [
-  {default, 256},
-  {datatype, integer}
-]}.
-
-{mapping, "rpc.port_discovery", "gen_rpc.port_discovery", [
-  {default, stateless},
-  {datatype, {enum, [manual, stateless]}}
-]}.
-
-%% RPC server port.
-{mapping, "rpc.tcp_server_port", "gen_rpc.tcp_server_port", [
-  {default, 5369},
-  {datatype, integer}
-]}.
-
-%% Number of tcp connections when connecting to RPC server
-{mapping, "rpc.tcp_client_num", "gen_rpc.tcp_client_num", [
-  {default, 0},
-  {datatype, integer},
-  {validators, ["range:gt_0_lt_256"]}
-]}.
-
-{translation, "gen_rpc.tcp_client_num", fun(Conf) ->
-  case cuttlefish:conf_get("rpc.tcp_client_num", Conf) of
-    0 -> 1; %% keep allowing 0 for backward compatibility
-    V -> V
-  end
-end}.
-
-%% Client connect timeout
-{mapping, "rpc.connect_timeout", "gen_rpc.connect_timeout", [
-  {default, "5s"},
-  {datatype, {duration, ms}}
-]}.
-
-%% Client and Server send timeout
-{mapping, "rpc.send_timeout", "gen_rpc.send_timeout", [
-  {default, 5000},
-  {datatype, {duration, ms}}
-]}.
-
-%% Authentication timeout
-{mapping, "rpc.authentication_timeout", "gen_rpc.authentication_timeout", [
-  {default, 5000},
-  {datatype, {duration, ms}}
-]}.
-
-%% Default receive timeout for call() functions
-{mapping, "rpc.call_receive_timeout", "gen_rpc.call_receive_timeout", [
-  {default, 15000},
-  {datatype, {duration, ms}}
-]}.
-
-%% Socket keepalive configuration
-{mapping, "rpc.socket_keepalive_idle", "gen_rpc.socket_keepalive_idle", [
-  {default, 7200},
-  {datatype, {duration, s}}
-]}.
-
-%% Seconds between probes
-{mapping, "rpc.socket_keepalive_interval", "gen_rpc.socket_keepalive_interval", [
-  {default, 75},
-  {datatype, {duration, s}}
-]}.
-
-%% Probes lost to close the connection
-{mapping, "rpc.socket_keepalive_count", "gen_rpc.socket_keepalive_count", [
-  {default, 9},
-  {datatype, integer}
-]}.
-
-%% Size of TCP send buffer
-{mapping, "rpc.socket_sndbuf", "gen_rpc.socket_sndbuf", [
-  {default, "1MB"},
-  {datatype, bytesize}
-]}.
-
-%% Size of TCP receive buffer
-{mapping, "rpc.socket_recbuf", "gen_rpc.socket_recbuf", [
-  {default, "1MB"},
-  {datatype, bytesize}
-]}.
-
-%% Size of TCP receive buffer
-{mapping, "rpc.socket_buffer", "gen_rpc.socket_buffer", [
-  {default, "1MB"},
-  {datatype, bytesize}
-]}.
-
-{validator, "range:gt_0_lt_256", "must greater than 0 and less than 256",
-  fun(X) -> X >= 0 andalso X < 256 end
-}.
-
-%% Force client to use server listening port, because we do no provide
-%% per-node listening port manual mapping from configs.
-%% i.e. all nodes in the cluster should agree to the same
-%% listening port number.
-{translation, "gen_rpc.tcp_client_port", fun(_, _, Conf) ->
-    cuttlefish:conf_get("rpc.tcp_server_port", Conf)
-end}.
-
-%%--------------------------------------------------------------------
-%% Log
-%%--------------------------------------------------------------------
-
-{mapping, "log.to", "kernel.logger", [
-  {default, file},
-  {datatype, {enum, [file, console, both]}}
-]}.
-
-{mapping, "log.level", "kernel.logger", [
-  {default, warning},
-  {datatype, {enum, [debug, info, notice, warning, error, critical, alert, emergency, all]}}
-]}.
-
-{mapping, "log.primary_log_level", "kernel.logger_level", [
-   {default, warning},
-   {datatype, {enum, [debug, info, notice, warning, error, critical, alert, emergency, all]}}
-]}.
-
-{mapping, "log.dir", "kernel.logger", [
-  {default, "log"},
-  {datatype, string}
-]}.
-
-{mapping, "log.file", "kernel.logger", [
-  {default, "emqx.log"},
-  {datatype, file}
-]}.
-
-{mapping, "log.chars_limit", "kernel.logger", [
-  {default, -1},
-  {datatype, integer}
-]}.
-
-{mapping, "log.supervisor_reports", "kernel.logger", [
-  {default, error},
-  {datatype, {enum, [error, progress]}},
-  hidden
-]}.
-
-%% @doc Maximum depth in Erlang term log formatting
-%% and message queue inspection.
-{mapping, "log.max_depth", "kernel.error_logger_format_depth", [
-  {default, 20},
-  {datatype, [{enum, [unlimited]}, integer]}
-]}.
-
-%% @doc format logs as JSON objects
-{mapping, "log.formatter", "kernel.logger", [
-  {default, text},
-  {datatype, {enum, [text, json]}}
-]}.
-
-%% @doc format logs in a single line.
-{mapping, "log.single_line", "kernel.logger", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "log.rotation", "kernel.logger", [
-  {default, on},
-  {datatype, flag}
-]}.
-
-{mapping, "log.rotation.size", "kernel.logger", [
-  {default, "10MB"},
-  {datatype, bytesize}
-]}.
-
-{mapping, "log.size", "kernel.logger", [
-  {default, infinity},
-  {datatype, [bytesize, atom]}
-]}.
-
-{mapping, "log.rotation.count", "kernel.logger", [
-  {default, 5},
-  {datatype, integer}
-]}.
-
-{mapping, "log.$level.file", "kernel.logger", [
-  {datatype, file}
-]}.
-
-{mapping, "log.sync_mode_qlen", "kernel.logger", [
-  {default, 100},
-  {datatype, integer}
-]}.
-
-{mapping, "log.drop_mode_qlen", "kernel.logger", [
-  {default, 3000},
-  {datatype, integer}
-]}.
-
-{mapping, "log.flush_qlen", "kernel.logger", [
-  {default, 8000},
-  {datatype, integer}
-]}.
-
-{mapping, "log.overload_kill", "kernel.logger", [
-  {default, on},
-  {datatype, flag}
-]}.
-
-{mapping, "log.overload_kill_mem_size", "kernel.logger", [
-  {default, "30MB"},
-  {datatype, bytesize}
-]}.
-
-{mapping, "log.overload_kill_qlen", "kernel.logger", [
-  {default, 20000},
-  {datatype, integer}
-]}.
-
-{mapping, "log.overload_kill_restart_after", "kernel.logger", [
-  {default, "5s"},
-  {datatype, [{duration, ms}, atom]}
-]}.
-
-{mapping, "log.burst_limit", "kernel.logger", [
-  {default, "disabled"},
-  {datatype, string}
-]}.
-
-{mapping, "log.error_logger", "kernel.error_logger", [
-  {default, silent},
-  {datatype, {enum, [silent]}},
-  hidden
-]}.
-
-{translation, "kernel.logger_level", fun(_, _, Conf) ->
-    cuttlefish:conf_get("log.level", Conf)
-end}.
-
-{translation, "kernel.logger", fun(Conf) ->
-    LogTo = cuttlefish:conf_get("log.to", Conf),
-    LogLevel = cuttlefish:conf_get("log.level", Conf),
-    LogType = case cuttlefish:conf_get("log.rotation", Conf) of
-                  true -> wrap;
-                  false -> halt
-              end,
-    CharsLimit = case cuttlefish:conf_get("log.chars_limit", Conf) of
-                     -1 -> unlimited;
-                     V -> V
-                 end,
-    SingleLine = cuttlefish:conf_get("log.single_line", Conf),
-    FmtName = cuttlefish:conf_get("log.formatter", Conf),
-    Formatter =
-    case FmtName of
-        json ->
-            {emqx_logger_jsonfmt,
-                  #{chars_limit => CharsLimit,
-                    single_line => SingleLine
-                   }};
-        text ->
-            {emqx_logger_textfmt,
-                  #{template =>
-                      [time," [",level,"] ",
-                       {clientid,
-                          [{peername,
-                              [clientid,"@",peername," "],
-                              [clientid, " "]}],
-                          [{peername,
-                              [peername," "],
-                              []}]},
-                       msg,"\n"],
-                    chars_limit => CharsLimit,
-                    single_line => SingleLine
-                   }}
-    end,
-    {BustLimitOn, {MaxBurstCount, TimeWindow}} =
-        case string:tokens(cuttlefish:conf_get("log.burst_limit", Conf), ", ") of
-            ["disabled"] -> {false, {20000, 1000}};
-            [Count, Window] ->
-                {true, {list_to_integer(Count),
-                        case cuttlefish_duration:parse(Window, ms) of
-                          Secs when is_integer(Secs) -> Secs;
-                          {error, Reason1} -> error(Reason1)
-                        end}}
-        end,
-    FileConf =  fun(Filename) ->
-                  BasicConf =
-                  #{type => LogType,
-                    file => filename:join(cuttlefish:conf_get("log.dir", Conf), Filename),
-                    max_no_files => cuttlefish:conf_get("log.rotation.count", Conf),
-                    sync_mode_qlen => cuttlefish:conf_get("log.sync_mode_qlen", Conf),
-                    drop_mode_qlen => cuttlefish:conf_get("log.drop_mode_qlen", Conf),
-                    flush_qlen => cuttlefish:conf_get("log.flush_qlen", Conf),
-                    overload_kill_enable => cuttlefish:conf_get("log.overload_kill", Conf),
-                    overload_kill_qlen => cuttlefish:conf_get("log.overload_kill_qlen", Conf),
-                    overload_kill_mem_size => cuttlefish:conf_get("log.overload_kill_mem_size", Conf),
-                    overload_kill_restart_after => cuttlefish:conf_get("log.overload_kill_restart_after", Conf),
-                    burst_limit_enable => BustLimitOn,
-                    burst_limit_max_count => MaxBurstCount,
-                    burst_limit_window_time => TimeWindow
-                    },
-                  MaxNoBytes = case LogType of
-                    wrap -> cuttlefish:conf_get("log.rotation.size", Conf);
-                    halt -> cuttlefish:conf_get("log.size", Conf)
-                  end,
-                  BasicConf#{max_no_bytes => MaxNoBytes}
-                end,
-
-    Filters = case cuttlefish:conf_get("log.supervisor_reports", Conf) of
-                  error -> [{drop_progress_reports, {fun logger_filters:progress/2, stop}}];
-                  progress -> []
-              end,
-
-    %% For the default logger that outputs to console
-    DefaultHandler =
-        if LogTo =:= console orelse LogTo =:= both ->
-                [{handler, console, logger_std_h,
-                    #{level => LogLevel,
-                      config => #{type => standard_io},
-                      formatter => Formatter,
-                      filters => Filters
-                     }
-                 }];
-           true ->
-                [{handler, default, undefined}]
-        end,
-
-    %% For the file logger
-    FileHandler =
-        if LogTo =:= file orelse LogTo =:= both ->
-              [{handler, file, logger_disk_log_h,
-                    #{level => LogLevel,
-                      config => FileConf(cuttlefish:conf_get("log.file", Conf)),
-                      formatter => Formatter,
-                      filesync_repeat_interval => no_repeat,
-                      filters => Filters
-                     }}];
-           true -> []
-        end,
-
-    %% For creating additional log files for specific log levels.
-    AdditionalLogFiles =
-        lists:foldl(
-          fun({[_, Level, _] = K, Filename}, Acc) when LogTo =:= file; LogTo =:= both ->
-                case cuttlefish_variable:is_fuzzy_match(K, ["log", "$level", "file"]) of
-                  true -> [{Level, Filename} | Acc];
-                  false -> Acc
-                end;
-             ({_K, _V}, Acc) ->
-               Acc
-          end, [], Conf),
-    AdditionalHandlers =
-        [{handler, list_to_atom("file_for_"++Level), logger_disk_log_h,
-            #{level => list_to_atom(Level),
-              config => FileConf(Filename),
-              formatter => Formatter,
-              filesync_repeat_interval => no_repeat}}
-          || {Level, Filename} <- AdditionalLogFiles],
-
-    DefaultHandler ++ FileHandler ++ AdditionalHandlers
-end}.
-
-%%--------------------------------------------------------------------
-%% Authentication/ACL
-%%--------------------------------------------------------------------
-
-%% @doc Allow anonymous authentication.
-{mapping, "allow_anonymous", "emqx.allow_anonymous", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc ACL nomatch.
-{mapping, "acl_nomatch", "emqx.acl_nomatch", [
-  {default, deny},
-  {datatype, {enum, [allow, deny]}}
-]}.
-
-%% @doc Default ACL file.
-{mapping, "acl_file", "emqx.acl_file", [
-  {datatype, string},
-  hidden
-]}.
-
-%% @doc Enable ACL cache for publish.
-{mapping, "enable_acl_cache", "emqx.enable_acl_cache", [
-  {default, on},
-  {datatype, flag}
-]}.
-
-%% @doc ACL cache time-to-live.
-{mapping, "acl_cache_ttl", "emqx.acl_cache_ttl", [
-  {default, "1m"},
-  {datatype, {duration, ms}}
-]}.
-
-%% @doc ACL cache size.
-{mapping, "acl_cache_max_size", "emqx.acl_cache_max_size", [
-  {default, 32},
-  {datatype, integer},
-  {validators, ["range:gt_0"]}
-]}.
-
-%% @doc Action when acl check reject current operation
-{mapping, "acl_deny_action", "emqx.acl_deny_action", [
-  {default, ignore},
-  {datatype, {enum, [ignore, disconnect]}}
-]}.
-
-%% @doc Flapping detect policy
-{mapping, "flapping_detect_policy", "emqx.flapping_detect_policy", [
-  {datatype, string},
-  {default, "30,1m,5m"}
-]}.
-
-{translation, "emqx.flapping_detect_policy", fun(Conf) ->
-    Policy = cuttlefish:conf_get("flapping_detect_policy", Conf),
-    [Threshold, Duration, Interval] = string:tokens(Policy, ", "),
-    ParseDuration = fun(S, Dur) ->
-                        case cuttlefish_duration:parse(S, Dur) of
-                            I when is_integer(I) -> I;
-                            {error, Reason} -> error(Reason)
-                        end
-                    end,
-    #{threshold => list_to_integer(Threshold),
-      duration  => ParseDuration(Duration, ms),
-      banned_interval => ParseDuration(Interval, s)
-     }
-end}.
-
-{validator, "range:gt_0", "must greater than 0",
-  fun(X) -> X > 0 end
-}.
-
-%%--------------------------------------------------------------------
-%% MQTT Protocol
-%%--------------------------------------------------------------------
-
-%% @doc Max Packet Size Allowed, 1MB by default.
-{mapping, "mqtt.max_packet_size", "emqx.max_packet_size", [
-  {default, "1MB"},
-  {datatype, bytesize},
-  {override_env, "MAX_PACKET_SIZE"}
-]}.
-
-%% @doc Set the Max ClientId Length Allowed.
-{mapping, "mqtt.max_clientid_len", "emqx.max_clientid_len", [
-  {default, 65535},
-  {datatype, integer}
-]}.
-
-%% @doc Set the Maximum topic levels.
-{mapping, "mqtt.max_topic_levels", "emqx.max_topic_levels", [
-  {default, 0},
-  {datatype, integer}
-]}.
-
-%% @doc Set the Maximum QoS allowed.
-{mapping, "mqtt.max_qos_allowed", "emqx.max_qos_allowed", [
-  {default, 2},
-  {datatype, integer},
-  {validators, ["range:0-2"]}
-]}.
-
-%% @doc Set the Maximum Topic Alias.
-{mapping, "mqtt.max_topic_alias", "emqx.max_topic_alias", [
-  {default, 65535},
-  {datatype, integer}
-]}.
-
-%% @doc Whether the server supports MQTT retained messages.
-{mapping, "mqtt.retain_available", "emqx.retain_available", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Whether the Server supports MQTT Wildcard Subscriptions.
-{mapping, "mqtt.wildcard_subscription", "emqx.wildcard_subscription", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Whether the Server supports MQTT Shared Subscriptions.
-{mapping, "mqtt.shared_subscription", "emqx.shared_subscription", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
-{mapping, "mqtt.ignore_loop_deliver", "emqx.ignore_loop_deliver", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Whether to parse the MQTT frame in strict mode
-{mapping, "mqtt.strict_mode", "emqx.strict_mode", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Specify the response information returned to the client
-{mapping, "mqtt.response_information", "emqx.response_information", [
-  {datatype, string}
-]}.
-
-%%--------------------------------------------------------------------
-%% Zones
-%%--------------------------------------------------------------------
-
-%% @doc Idle timeout of the MQTT connection.
-{mapping, "zone.$name.idle_timeout", "emqx.zones", [
-  {default, "15s"},
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "zone.$name.allow_anonymous", "emqx.zones", [
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "zone.$name.acl_nomatch", "emqx.zones", [
-  {datatype, {enum, [allow, deny]}}
-]}.
-
-%% @doc Enable ACL check.
-{mapping, "zone.$name.enable_acl", "emqx.zones", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-%% @doc Action when acl check reject current operation
-{mapping, "zone.$name.acl_deny_action", "emqx.zones", [
-  {default, ignore},
-  {datatype, {enum, [ignore, disconnect]}}
-]}.
-
-%% @doc Enable Ban.
-{mapping, "zone.$name.enable_ban", "emqx.zones", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-%% @doc Enable per connection statistics.
-{mapping, "zone.$name.enable_stats", "emqx.zones", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-%% @doc Publish limit of the MQTT connections.
-{mapping, "zone.$name.publish_limit", "emqx.zones", [
-  {datatype, string}
-]}.
-
-%% @doc Max Packet Size Allowed, 64K by default.
-{mapping, "zone.$name.max_packet_size", "emqx.zones", [
-  {datatype, bytesize}
-]}.
-
-%% @doc Set the Max ClientId Length Allowed.
-{mapping, "zone.$name.max_clientid_len", "emqx.zones", [
-  {datatype, integer}
-]}.
-
-%% @doc Set the Maximum topic levels.
-{mapping, "zone.$name.max_topic_levels", "emqx.zones", [
-  {datatype, integer}
-]}.
-
-%% @doc Set the Maximum QoS allowed.
-{mapping, "zone.$name.max_qos_allowed", "emqx.zones", [
-  {datatype, integer},
-  {validators, ["range:0-2"]}
-]}.
-
-%% @doc Set the Maximum topic alias.
-{mapping, "zone.$name.max_topic_alias", "emqx.zones", [
-  {datatype, integer}
-]}.
-
-%% @doc Whether the server supports retained messages.
-{mapping, "zone.$name.retain_available", "emqx.zones", [
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Whether the Server supports Wildcard Subscriptions.
-{mapping, "zone.$name.wildcard_subscription", "emqx.zones", [
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Whether the Server supports Shared Subscriptions.
-{mapping, "zone.$name.shared_subscription", "emqx.zones", [
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Server Keepalive
-{mapping, "zone.$name.server_keepalive", "emqx.zones", [
-  {datatype, integer}
-]}.
-
-%% @doc Keepalive backoff
-{mapping, "zone.$name.keepalive_backoff", "emqx.zones", [
-  {default, 0.75},
-  {datatype, float}
-]}.
-
-%% @doc Max Number of Subscriptions Allowed.
-{mapping, "zone.$name.max_subscriptions", "emqx.zones", [
-  {default, 0},
-  {datatype, integer}
-]}.
-
-%% @doc Upgrade QoS according to subscription?
-{mapping, "zone.$name.upgrade_qos", "emqx.zones", [
-  {default, off},
-  {datatype, flag}
-]}.
-
-%% @doc Max number of QoS 1 and 2 messages that can be “inflight” at one time.
-%% 0 is equivalent to maximum allowed
-{mapping, "zone.$name.max_inflight", "emqx.zones", [
-  {default, 0},
-  {datatype, integer},
-  {validators, ["range:1-65535"]}
-]}.
-
-%% @doc Retry interval for redelivering QoS1/2 messages.
-{mapping, "zone.$name.retry_interval", "emqx.zones", [
-  {default, "30s"},
-  {datatype, {duration, s}}
-]}.
-
-%% @doc Max Packets that Awaiting PUBREL, 0 means no limit
-{mapping, "zone.$name.max_awaiting_rel", "emqx.zones", [
-  {default, 0},
-  {datatype, integer}
-]}.
-
-%% @doc Awaiting PUBREL timeout
-{mapping, "zone.$name.await_rel_timeout", "emqx.zones", [
-  {default, "300s"},
-  {datatype, {duration, s}}
-]}.
-
-%% @doc Ignore loop delivery of messages
-{mapping, "zone.$name.ignore_loop_deliver", "emqx.zones", [
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Session Expiry Interval
-{mapping, "zone.$name.session_expiry_interval", "emqx.zones", [
-  {default, "2h"},
-  {datatype, {duration, s}}
-]}.
-
-%% @doc Max queue length. Enqueued messages when persistent client
-%% disconnected, or inflight window is full. 0 means no limit.
-{mapping, "zone.$name.max_mqueue_len", "emqx.zones", [
-  {default, 1000},
-  {datatype, integer}
-]}.
-
-%% @doc Topic Priorities, comma separated topic=priority pairs,
-%% where priority should be integer in range 1-255 (inclusive)
-%% 1 being the lowest and 255 being the highest.
-%% default value `none` to indicate no priority table, hence all
-%% messages are treated equal, which means either highest ('infinity'),
-%% or lowest (0) depending on mqueue_default_priority config.
-{mapping, "zone.$name.mqueue_priorities", "emqx.zones", [
-  {default, "none"},
-  {datatype, string}
-]}.
-
-%% @doc Default priority for topics not in priority table.
-{mapping, "zone.$name.mqueue_default_priority", "emqx.zones", [
-  {default, lowest},
-  {datatype, {enum, [highest, lowest]}}
-]}.
-
-%% @doc Queue Qos0 messages?
-{mapping, "zone.$name.mqueue_store_qos0", "emqx.zones", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "zone.$name.enable_flapping_detect", "emqx.zones", [
-  {datatype, flag},
-  {default, off}
-]}.
-
-{mapping, "zone.$name.rate_limit.conn_messages_in", "emqx.zones", [
-  {datatype, string}
-]}.
-
-{mapping, "zone.$name.rate_limit.conn_bytes_in", "emqx.zones", [
-  {datatype, string}
-]}.
-
-{mapping, "zone.$name.conn_congestion.alarm", "emqx.zones", [
-  {datatype, flag},
-  {default, off}
-]}.
-
-{mapping, "zone.$name.conn_congestion.min_alarm_sustain_duration", "emqx.zones", [
-  {default, "1m"},
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "zone.$name.quota.conn_messages_routing", "emqx.zones", [
-  {datatype, string}
-]}.
-
-{mapping, "zone.$name.quota.overall_messages_routing", "emqx.zones", [
-  {datatype, string}
-]}.
-
-%% @doc Force connection/session process GC after this number of
-%% messages | bytes passed through.
-%% Numbers delimited by `|'. Zero or negative is to disable.
-{mapping, "zone.$name.force_gc_policy", "emqx.zones", [
-   {datatype, string}
- ]}.
-
-%% @doc Max message queue length and total heap size to force shutdown
-%% connection/session process.
-%% Message queue here is the Erlang process mailbox, but not the number
-%% of queued MQTT messages of QoS 1 and 2.
-%% Zero or negative is to disable.
-{mapping, "zone.$name.force_shutdown_policy", "emqx.zones", [
-  {default, "default"},
-  {datatype, string}
-]}.
-
-{mapping, "zone.$name.mountpoint", "emqx.zones", [
-  {datatype, string}
-]}.
-
-%% @doc Use username replace client id
-{mapping, "zone.$name.use_username_as_clientid", "emqx.zones", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Whether to parse the MQTT frame in strict mode
-{mapping, "zone.$name.strict_mode", "emqx.zones", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Specify the response information returned to the client
-{mapping, "zone.$name.response_information", "emqx.zones", [
-  {datatype, string}
-]}.
-
-%% @doc Whether to bypass the authentication step
-{mapping, "zone.$name.bypass_auth_plugins", "emqx.zones", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{translation, "emqx.zones", fun(Conf) ->
-  Ratelimit = fun(Val) ->
-                [L, D] = string:tokens(Val, ", "),
-                Limit = case cuttlefish_bytesize:parse(L) of
-                            Sz when is_integer(Sz) -> Sz;
-                            {error, Reason1} -> error(Reason1)
-                        end,
-                Duration = case cuttlefish_duration:parse(D, s) of
-                               Secs when is_integer(Secs) -> Secs;
-                               {error, Reason} -> error(Reason)
-                           end,
-                {Limit, Duration}
-              end,
-  Mapping = fun(["publish_limit"], Val) ->
-                    %% XXX: Deprecated at v4.2
-                    {publish_limit, Ratelimit(Val)};
-               (["force_gc_policy"], Val) ->
-                    [Count, Bytes] = string:tokens(Val, "| "),
-                    GcPolicy = case cuttlefish_bytesize:parse(Bytes) of
-                                   {error, Reason} ->
-                                       error(Reason);
-                                   Bytes1 ->
-                                       #{bytes => Bytes1,
-                                         count => list_to_integer(Count)}
-                               end,
-                    {force_gc_policy, GcPolicy};
-               (["force_shutdown_policy"], "default") ->
-                    {DefaultLen, DefaultSize} =
-                        case WordSize = erlang:system_info(wordsize) of
-                            8 -> % arch_64
-                                {10000, cuttlefish_bytesize:parse("64MB")};
-                            4 -> % arch_32
-                                {1000, cuttlefish_bytesize:parse("32MB")}
-                        end,
-                    {force_shutdown_policy, #{message_queue_len => DefaultLen,
-                                              max_heap_size => DefaultSize div WordSize
-                                             }};
-               (["force_shutdown_policy"], Val) ->
-                    [Len, Siz] = string:tokens(Val, "| "),
-                    MaxSiz = case WordSize = erlang:system_info(wordsize) of
-                                8 -> % arch_64
-                                  (1 bsl 59) - 1;
-                                4 -> % arch_32
-                                  (1 bsl 27) - 1
-                             end,
-                    ShutdownPolicy =
-                      case cuttlefish_bytesize:parse(Siz) of
-                          {error, Reason} ->
-                              error(Reason);
-                          Siz1 when Siz1 > MaxSiz ->
-                              cuttlefish:invalid(io_lib:format("force_shutdown_policy: heap-size ~s is too large", [Siz]));
-                          Siz1 ->
-                              #{message_queue_len => list_to_integer(Len),
-                                max_heap_size => Siz1 div WordSize}
-                      end,
-                    {force_shutdown_policy, ShutdownPolicy};
-               (["mqueue_priorities"], Val) ->
-                    case Val of
-                        "none" -> {mqueue_priorities, none}; % NO_PRIORITY_TABLE
-                        _ ->
-                            MqueuePriorities = lists:foldl(fun(T, Acc) ->
-                                                %% NOTE: space in "= " is intended
-                                                [Topic, Prio] = string:tokens(T, "= "),
-                                                P = list_to_integer(Prio),
-                                                (P < 0 orelse P > 255) andalso error({bad_priority, Topic, Prio}),
-                                                maps:put(iolist_to_binary(Topic), P, Acc)
-                                        end, #{}, string:tokens(Val, ",")),
-                            {mqueue_priorities, MqueuePriorities}
-                    end;
-               (["mountpoint"], Val) ->
-                   {mountpoint, iolist_to_binary(Val)};
-               (["response_information"], Val) ->
-                   {response_information, iolist_to_binary(Val)};
-               (["rate_limit", "conn_messages_in"], Val) ->
-                   {ratelimit, {conn_messages_in, Ratelimit(Val)}};
-               (["rate_limit", "conn_bytes_in"], Val) ->
-                   {ratelimit, {conn_bytes_in, Ratelimit(Val)}};
-               (["conn_congestion", "alarm"], Val) ->
-                   {conn_congestion_alarm_enabled, Val};
-               (["conn_congestion", "min_alarm_sustain_duration"], Val) ->
-                   {conn_congestion_min_alarm_sustain_duration, Val};
-               (["quota", "conn_messages_routing"], Val) ->
-                   {quota, {conn_messages_routing, Ratelimit(Val)}};
-               (["quota", "overall_messages_routing"], Val) ->
-                   {quota, {overall_messages_routing, Ratelimit(Val)}};
-               ([Opt], Val) ->
-                    {list_to_atom(Opt), Val}
-            end,
-  maps:to_list(
-    lists:foldl(
-      fun({["zone", Name | Opt], Val}, Zones) ->
-              NVal = Mapping(Opt, Val),
-              maps:update_with(list_to_atom(Name),
-                               fun(Opts) ->
-                                   case NVal of
-                                       {Key, Rl} when Key == ratelimit;
-                                                      Key == quota ->
-                                           Rls = proplists:get_value(Key, Opts, []),
-                                           lists:keystore(Key, 1, Opts, {Key, [Rl|Rls]});
-                                       _ ->
-                                           [NVal|Opts]
-                                   end
-                               end, [NVal], Zones)
-      end, #{}, lists:usort(cuttlefish_variable:filter_by_prefix("zone.", Conf))))
-end}.
-
-%%--------------------------------------------------------------------
-%% Listeners
-%%--------------------------------------------------------------------
-
-%%--------------------------------------------------------------------
-%% TCP Listeners
-
-{mapping, "listener.tcp.$name", "emqx.listeners", [
-  {datatype, [integer, ip]}
-]}.
-
-{mapping, "listener.tcp.$name.acceptors", "emqx.listeners", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.tcp.$name.max_connections", "emqx.listeners", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.tcp.$name.max_conn_rate", "emqx.listeners", [
-  {datatype, integer}
-]}.
-
-{mapping, "listener.tcp.$name.active_n", "emqx.listeners", [
-  {default, 100},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.tcp.$name.zone", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.tcp.$name.rate_limit", "emqx.listeners", [
-  {default, undefined},
-  {datatype, string}
-]}.
-
-{mapping, "listener.tcp.$name.access.$id", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.tcp.$name.proxy_protocol", "emqx.listeners", [
-  {datatype, flag}
-]}.
-
-{mapping, "listener.tcp.$name.proxy_protocol_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}}
-]}.
-
-%% The proxy-protocol protocol can get the certificate CN through tcp
-{mapping, "listener.tcp.$name.peer_cert_as_username", "emqx.listeners", [
-  {datatype, {enum, [cn]}}
-]}.
-
-%% The proxy-protocol protocol can get the certificate CN through tcp
-{mapping, "listener.tcp.$name.peer_cert_as_clientid", "emqx.listeners", [
-  {datatype, {enum, [cn]}}
-]}.
-
-{mapping, "listener.tcp.$name.backlog", "emqx.listeners", [
-  {datatype, integer},
-  {default, 1024}
-]}.
-
-{mapping, "listener.tcp.$name.send_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}},
-  {default, "15s"}
-]}.
-
-{mapping, "listener.tcp.$name.send_timeout_close", "emqx.listeners", [
-  {datatype, flag},
-  {default, on}
-]}.
-
-{mapping, "listener.tcp.$name.recbuf", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.tcp.$name.sndbuf", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.tcp.$name.buffer", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.tcp.$name.high_watermark", "emqx.listeners", [
-   {datatype, bytesize},
-   {default, "1MB"}
- ]}.
-
-{mapping, "listener.tcp.$name.tune_buffer", "emqx.listeners", [
-  {datatype, flag},
-  hidden
-]}.
-
-{mapping, "listener.tcp.$name.nodelay", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-{mapping, "listener.tcp.$name.reuseaddr", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-%%--------------------------------------------------------------------
-%% SSL Listeners
-
-{mapping, "listener.ssl.$name", "emqx.listeners", [
-  {datatype, [integer, ip]}
-]}.
-
-{mapping, "listener.ssl.$name.acceptors", "emqx.listeners", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ssl.$name.max_connections", "emqx.listeners", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ssl.$name.max_conn_rate", "emqx.listeners", [
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ssl.$name.active_n", "emqx.listeners", [
-  {default, 100},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ssl.$name.zone", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.rate_limit", "emqx.listeners", [
-  {default, undefined},
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.access.$id", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.proxy_protocol", "emqx.listeners", [
-  {datatype, flag}
-]}.
-
-{mapping, "listener.ssl.$name.proxy_protocol_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "listener.ssl.$name.backlog", "emqx.listeners", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ssl.$name.send_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}},
-  {default, "15s"}
-]}.
-
-{mapping, "listener.ssl.$name.send_timeout_close", "emqx.listeners", [
-  {datatype, flag},
-  {default, on}
-]}.
-
-{mapping, "listener.ssl.$name.recbuf", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.ssl.$name.sndbuf", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.ssl.$name.buffer", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.ssl.$name.high_watermark", "emqx.listeners", [
-   {datatype, bytesize},
-   {default, "1MB"}
- ]}.
-
-{mapping, "listener.ssl.$name.tune_buffer", "emqx.listeners", [
-  {datatype, flag},
-  hidden
-]}.
-
-{mapping, "listener.ssl.$name.nodelay", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-{mapping, "listener.ssl.$name.reuseaddr", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-{mapping, "listener.ssl.$name.tls_versions", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.ciphers", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.psk_ciphers", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.handshake_timeout", "emqx.listeners", [
-  {default, "15s"},
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "listener.ssl.$name.depth", "emqx.listeners", [
-  {default, 10},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ssl.$name.key_password", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.dhfile", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.keyfile", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.certfile", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.cacertfile", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ssl.$name.verify", "emqx.listeners", [
-  {datatype, atom}
-]}.
-
-{mapping, "listener.ssl.$name.fail_if_no_peer_cert", "emqx.listeners", [
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "listener.ssl.$name.secure_renegotiate", "emqx.listeners", [
-  {datatype, flag}
-]}.
-
-{mapping, "listener.ssl.$name.reuse_sessions", "emqx.listeners", [
-  {default, on},
-  {datatype, flag}
-]}.
-
-{mapping, "listener.ssl.$name.honor_cipher_order", "emqx.listeners", [
-  {datatype, flag}
-]}.
-
-{mapping, "listener.ssl.$name.peer_cert_as_username", "emqx.listeners", [
-  {datatype, {enum, [cn, dn, crt, pem, md5]}}
-]}.
-
-{mapping, "listener.ssl.$name.peer_cert_as_clientid", "emqx.listeners", [
-  {datatype, {enum, [cn, dn, crt, pem, md5]}}
-]}.
-
-%%--------------------------------------------------------------------
-%% MQTT/WebSocket Listeners
-
-{mapping, "listener.ws.$name", "emqx.listeners", [
-  {datatype, [integer, ip]}
-]}.
-
-{mapping, "listener.ws.$name.mqtt_path", "emqx.listeners", [
-  {default, "/mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "listener.ws.$name.acceptors", "emqx.listeners", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ws.$name.max_connections", "emqx.listeners", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ws.$name.max_conn_rate", "emqx.listeners", [
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ws.$name.active_n", "emqx.listeners", [
-  {default, 100},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ws.$name.zone", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ws.$name.rate_limit", "emqx.listeners", [
-  {default, undefined},
-  {datatype, string}
-]}.
-
-{mapping, "listener.ws.$name.access.$id", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.ws.$name.fail_if_no_subprotocol", "emqx.listeners", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "listener.ws.$name.supported_subprotocols", "emqx.listeners", [
-  {default, "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"},
-  {datatype, string}
-]}.
-
-{mapping, "listener.ws.$name.proxy_address_header", "emqx.listeners", [
-  {default, "X-Forwarded-For"},
-  {datatype, string}
-]}.
-
-{mapping, "listener.ws.$name.proxy_port_header", "emqx.listeners", [
-  {default, "X-Forwarded-Port"},
-  {datatype, string}
-]}.
-
-{mapping, "listener.ws.$name.proxy_protocol", "emqx.listeners", [
-  {datatype, flag}
-]}.
-
-{mapping, "listener.ws.$name.proxy_protocol_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "listener.ws.$name.backlog", "emqx.listeners", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.ws.$name.send_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}},
-  {default, "15s"}
-]}.
-
-{mapping, "listener.ws.$name.send_timeout_close", "emqx.listeners", [
-  {datatype, flag},
-  {default, on}
-]}.
-
-{mapping, "listener.ws.$name.recbuf", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.sndbuf", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.buffer", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.tune_buffer", "emqx.listeners", [
-  {datatype, flag},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.nodelay", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.compress", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.deflate_opts.level", "emqx.listeners", [
-  {datatype, {enum, [none, default, best_compression, best_speed]}},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.deflate_opts.mem_level", "emqx.listeners", [
-  {datatype, integer},
-  {validators, ["range:1-9"]},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.deflate_opts.strategy", "emqx.listeners", [
-  {datatype, {enum, [default, filtered, huffman_only, rle]}},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.deflate_opts.server_context_takeover", "emqx.listeners", [
-  {datatype, {enum, [takeover, no_takeover]}},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.deflate_opts.client_context_takeover", "emqx.listeners", [
-  {datatype, {enum, [takeover, no_takeover]}},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.deflate_opts.server_max_window_bits", "emqx.listeners", [
-  {datatype, integer},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.deflate_opts.client_max_window_bits", "emqx.listeners", [
-  {datatype, integer},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.idle_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.max_frame_size", "emqx.listeners", [
-  {datatype, integer},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.mqtt_piggyback", "emqx.listeners", [
-  {datatype, {enum, [single, multiple]}},
-  {default, multiple},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.peer_cert_as_username", "emqx.listeners", [
-  {datatype, {enum, [cn]}}
-]}.
-
-{mapping, "listener.ws.$name.peer_cert_as_clientid", "emqx.listeners", [
-  {datatype, {enum, [cn]}}
-]}.
-
-{mapping, "listener.ws.$name.check_origin_enable", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  {default, false},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.allow_origin_absence", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  {default, true},
-  hidden
-]}.
-
-{mapping, "listener.ws.$name.check_origins", "emqx.listeners", [
-  {datatype, string},
-  hidden
-]}.
-
-%%--------------------------------------------------------------------
-%% MQTT/WebSocket/SSL Listeners
-
-{mapping, "listener.wss.$name", "emqx.listeners", [
-  {datatype, [integer, ip]}
-]}.
-
-{mapping, "listener.wss.$name.mqtt_path", "emqx.listeners", [
-  {default, "/mqtt"},
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.acceptors", "emqx.listeners", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.wss.$name.max_connections", "emqx.listeners", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.wss.$name.max_conn_rate", "emqx.listeners", [
-  {datatype, integer}
-]}.
-
-{mapping, "listener.wss.$name.active_n", "emqx.listeners", [
-  {default, 100},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.wss.$name.zone", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.rate_limit", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.fail_if_no_subprotocol", "emqx.listeners", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "listener.wss.$name.supported_subprotocols", "emqx.listeners", [
-  {default, "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"},
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.access.$id", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.proxy_address_header", "emqx.listeners", [
-  {default, "X-Forwarded-For"},
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.proxy_port_header", "emqx.listeners", [
-  {default, "X-Forwarded-Port"},
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.proxy_protocol", "emqx.listeners", [
-  {datatype, flag}
-]}.
-
-{mapping, "listener.wss.$name.proxy_protocol_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}}
-]}.
-
-%%{mapping, "listener.wss.$name.handshake_timeout", "emqx.listeners", [
-%%  {default, "15s"},
-%%  {datatype, {duration, ms}}
-%%]}.
-
-{mapping, "listener.wss.$name.backlog", "emqx.listeners", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.wss.$name.send_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}},
-  {default, "15s"}
-]}.
-
-{mapping, "listener.wss.$name.send_timeout_close", "emqx.listeners", [
-  {datatype, flag},
-  {default, on}
-]}.
-
-{mapping, "listener.wss.$name.recbuf", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.sndbuf", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.buffer", "emqx.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.tune_buffer", "emqx.listeners", [
-  {datatype, flag},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.nodelay", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.tls_versions", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.ciphers", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.psk_ciphers", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.keyfile", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.certfile", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.cacertfile", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.dhfile", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.depth", "emqx.listeners", [
-  {default, 10},
-  {datatype, integer}
-]}.
-
-{mapping, "listener.wss.$name.key_password", "emqx.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "listener.wss.$name.verify", "emqx.listeners", [
-  {datatype, atom}
-]}.
-
-{mapping, "listener.wss.$name.fail_if_no_peer_cert", "emqx.listeners", [
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "listener.wss.$name.secure_renegotiate", "emqx.listeners", [
-  {datatype, flag}
-]}.
-
-{mapping, "listener.wss.$name.reuse_sessions", "emqx.listeners", [
-  {default, on},
-  {datatype, flag}
-]}.
-
-{mapping, "listener.wss.$name.honor_cipher_order", "emqx.listeners", [
-  {datatype, flag}
-]}.
-
-{mapping, "listener.wss.$name.peer_cert_as_username", "emqx.listeners", [
-  {datatype, {enum, [cn, dn, crt, pem, md5]}}
-]}.
-
-{mapping, "listener.wss.$name.peer_cert_as_clientid", "emqx.listeners", [
-  {datatype, {enum, [cn, dn, crt, pem, md5]}}
-]}.
-
-{mapping, "listener.wss.$name.compress", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.deflate_opts.level", "emqx.listeners", [
-  {datatype, {enum, [none, default, best_compression, best_speed]}},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.deflate_opts.mem_level", "emqx.listeners", [
-  {datatype, integer},
-  {validators, ["range:1-9"]},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.deflate_opts.strategy", "emqx.listeners", [
-  {datatype, {enum, [default, filtered, huffman_only, rle]}},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.deflate_opts.server_context_takeover", "emqx.listeners", [
-  {datatype, {enum, [takeover, no_takeover]}},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.deflate_opts.client_context_takeover", "emqx.listeners", [
-  {datatype, {enum, [takeover, no_takeover]}},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.deflate_opts.server_max_window_bits", "emqx.listeners", [
-  {datatype, integer},
-  {validators, ["range:8-15"]},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.deflate_opts.client_max_window_bits", "emqx.listeners", [
-  {datatype, integer},
-  {validators, ["range:8-15"]},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.idle_timeout", "emqx.listeners", [
-  {datatype, {duration, ms}},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.max_frame_size", "emqx.listeners", [
-  {datatype, integer},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.mqtt_piggyback", "emqx.listeners", [
-  {datatype, {enum, [single, multiple]}},
-  {default, multiple},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.check_origin_enable", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  {default, false},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.allow_origin_absence", "emqx.listeners", [
-  {datatype, {enum, [true, false]}},
-  {default, true},
-  hidden
-]}.
-
-{mapping, "listener.wss.$name.check_origins", "emqx.listeners", [
-  {datatype, string},
-  hidden
-]}.
-
-{translation, "emqx.listeners", fun(Conf) ->
-
-    Filter  = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-
-    Atom = fun(undefined) -> undefined; (S) -> list_to_atom(S) end,
-
-    Access = fun(S) ->
-                 [A, CIDR] = string:tokens(S, " "),
-                 {list_to_atom(A), case CIDR of "all" -> all; _ -> CIDR end}
-             end,
-
-    AccOpts = fun(Prefix) ->
-                  case cuttlefish_variable:filter_by_prefix(Prefix ++ ".access", Conf) of
-                      [] -> [];
-                      Rules -> [{access_rules, [Access(Rule) || {_, Rule} <- Rules]}]
-                  end
-              end,
-
-    RateLimit = fun(undefined) ->
-                        undefined;
-                   (Val) ->
-                        [L, D] = string:tokens(Val, ", "),
-                        Limit = case cuttlefish_bytesize:parse(L) of
-                                    Sz when is_integer(Sz) -> Sz;
-                                    {error, Reason} -> error(Reason)
-                                end,
-                        Duration = case cuttlefish_duration:parse(D, s) of
-                                       Secs when is_integer(Secs) -> Secs;
-                                       {error, Reason1} -> error(Reason1)
-                                   end,
-                        {Limit, Duration}
-                end,
-
-        CheckOrigin = fun(S) ->
-                        Origins = string:tokens(S, ","),
-                        [ list_to_binary(string:trim(O)) || O <- Origins]
-                      end,
-
-        WsOpts = fun(Prefix) ->
-                          case cuttlefish_variable:filter_by_prefix(Prefix ++ ".check_origins", Conf) of
-                              [] -> undefined;
-                              Rules ->
-                                    OriginList = [CheckOrigin(Rule) || {_, Rule} <- Rules],
-                                    lists:flatten(OriginList)
-                          end
-                      end,
-
-    LisOpts = fun(Prefix) ->
-                  Filter([{acceptors, cuttlefish:conf_get(Prefix ++ ".acceptors", Conf)},
-                          {mqtt_path, cuttlefish:conf_get(Prefix ++ ".mqtt_path", Conf, undefined)},
-                          {max_connections, cuttlefish:conf_get(Prefix ++ ".max_connections", Conf)},
-                          {max_conn_rate, cuttlefish:conf_get(Prefix ++ ".max_conn_rate", Conf, undefined)},
-                          {active_n, cuttlefish:conf_get(Prefix ++ ".active_n", Conf, undefined)},
-                          {tune_buffer, cuttlefish:conf_get(Prefix ++ ".tune_buffer", Conf, undefined)},
-                          {zone, Atom(cuttlefish:conf_get(Prefix ++ ".zone", Conf, undefined))},
-                          {rate_limit, RateLimit(cuttlefish:conf_get(Prefix ++ ".rate_limit", Conf, undefined))},
-                          {proxy_protocol, cuttlefish:conf_get(Prefix ++ ".proxy_protocol", Conf, undefined)},
-                          {proxy_address_header, list_to_binary(string:lowercase(cuttlefish:conf_get(Prefix ++ ".proxy_address_header", Conf, "")))},
-                          {proxy_port_header, list_to_binary(string:lowercase(cuttlefish:conf_get(Prefix ++ ".proxy_port_header", Conf, "")))},
-                          {proxy_protocol_timeout, cuttlefish:conf_get(Prefix ++ ".proxy_protocol_timeout", Conf, undefined)},
-                          {fail_if_no_subprotocol, cuttlefish:conf_get(Prefix ++ ".fail_if_no_subprotocol", Conf, undefined)},
-                          {supported_subprotocols, string:tokens(cuttlefish:conf_get(Prefix ++ ".supported_subprotocols", Conf, ""), ", ")},
-                          {peer_cert_as_username, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_username", Conf, undefined)},
-                          {peer_cert_as_clientid, cuttlefish:conf_get(Prefix ++ ".peer_cert_as_clientid", Conf, undefined)},
-                          {compress, cuttlefish:conf_get(Prefix ++ ".compress", Conf, undefined)},
-                          {idle_timeout, cuttlefish:conf_get(Prefix ++ ".idle_timeout", Conf, undefined)},
-                          {max_frame_size, cuttlefish:conf_get(Prefix ++ ".max_frame_size", Conf, undefined)},
-                          {mqtt_piggyback, cuttlefish:conf_get(Prefix ++ ".mqtt_piggyback", Conf, undefined)},
-                          {check_origin_enable, cuttlefish:conf_get(Prefix ++ ".check_origin_enable", Conf, undefined)},
-                          {allow_origin_absence, cuttlefish:conf_get(Prefix ++ ".allow_origin_absence", Conf, undefined)},
-                          {check_origins, WsOpts(Prefix)} | AccOpts(Prefix)])
-              end,
-    DeflateOpts = fun(Prefix) ->
-                      Filter([{level, cuttlefish:conf_get(Prefix ++ ".deflate_opts.level", Conf, undefined)},
-                              {mem_level, cuttlefish:conf_get(Prefix ++ ".deflate_opts.mem_level", Conf, undefined)},
-                              {strategy, cuttlefish:conf_get(Prefix ++ ".deflate_opts.strategy", Conf, undefined)},
-                              {server_context_takeover, cuttlefish:conf_get(Prefix ++ ".deflate_opts.server_context_takeover", Conf, undefined)},
-                              {client_context_takeover, cuttlefish:conf_get(Prefix ++ ".deflate_opts.client_context_takeover", Conf, undefined)},
-                              {server_max_windows_bits, cuttlefish:conf_get(Prefix ++ ".deflate_opts.server_max_window_bits", Conf, undefined)},
-                              {client_max_windows_bits, cuttlefish:conf_get(Prefix ++ ".deflate_opts.client_max_window_bits", Conf, undefined)}])
-                  end,
-    TcpOpts = fun(Prefix) ->
-                  Filter([{backlog, cuttlefish:conf_get(Prefix ++ ".backlog", Conf, undefined)},
-                          {send_timeout, cuttlefish:conf_get(Prefix ++ ".send_timeout", Conf, undefined)},
-                          {send_timeout_close, cuttlefish:conf_get(Prefix ++ ".send_timeout_close", Conf, undefined)},
-                          {recbuf,  cuttlefish:conf_get(Prefix ++ ".recbuf", Conf, undefined)},
-                          {sndbuf,  cuttlefish:conf_get(Prefix ++ ".sndbuf", Conf, undefined)},
-                          {buffer,  cuttlefish:conf_get(Prefix ++ ".buffer", Conf, undefined)},
-                          {high_watermark,  cuttlefish:conf_get(Prefix ++ ".high_watermark", Conf, undefined)},
-                          {nodelay, cuttlefish:conf_get(Prefix ++ ".nodelay", Conf, true)},
-                          {reuseaddr, cuttlefish:conf_get(Prefix ++ ".reuseaddr", Conf, undefined)}])
-              end,
-    SplitFun = fun(undefined) -> undefined; (S) -> string:tokens(S, ",") end,
-    MapPSKCiphers = fun(PSKCiphers) ->
-                      lists:map(
-                          fun("PSK-AES128-CBC-SHA") -> {psk, aes_128_cbc, sha};
-                             ("PSK-AES256-CBC-SHA") -> {psk, aes_256_cbc, sha};
-                             ("PSK-3DES-EDE-CBC-SHA") -> {psk, '3des_ede_cbc', sha};
-                             ("PSK-RC4-SHA") -> {psk, rc4_128, sha}
-                          end, PSKCiphers)
-                    end,
-    SslOpts = fun(Prefix) ->
-                  Versions = case SplitFun(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf, undefined)) of
-                                undefined -> undefined;
-                                L -> [list_to_atom(V) || V <- L]
-                            end,
-                  TLSCiphers = cuttlefish:conf_get(Prefix++".ciphers", Conf, undefined),
-                  PSKCiphers = cuttlefish:conf_get(Prefix++".psk_ciphers", Conf, undefined),
-                  Ciphers =
-                    case {TLSCiphers, PSKCiphers} of
-                      {undefined, undefined} ->
-                        cuttlefish:invalid(Prefix++".ciphers or "++Prefix++".psk_ciphers is absent");
-                      {TLSCiphers, undefined} ->
-                        SplitFun(TLSCiphers);
-                      {undefined, PSKCiphers} ->
-                        MapPSKCiphers(SplitFun(PSKCiphers));
-                      {_TLSCiphers, _PSKCiphers} ->
-                        cuttlefish:invalid(Prefix++".ciphers and "++Prefix++".psk_ciphers cannot be configured at the same time")
-                    end,
-                  UserLookupFun =
-                    case PSKCiphers of
-                      undefined -> undefined;
-                      _ -> {fun emqx_psk:lookup/3, <<>>}
-                    end,
-                  Filter([{versions, Versions},
-                          {ciphers, Ciphers},
-                          {user_lookup_fun, UserLookupFun},
-                          {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)},
-                          {depth, cuttlefish:conf_get(Prefix ++ ".depth", Conf, undefined)},
-                          {password, cuttlefish:conf_get(Prefix ++ ".key_password", Conf, undefined)},
-                          {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)},
-                          {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
-                          {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                          {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
-                          {verify,     cuttlefish:conf_get(Prefix ++ ".verify", Conf, undefined)},
-                          {fail_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".fail_if_no_peer_cert", Conf, undefined)},
-                          {secure_renegotiate, cuttlefish:conf_get(Prefix ++ ".secure_renegotiate", Conf, undefined)},
-                          {reuse_sessions, cuttlefish:conf_get(Prefix ++ ".reuse_sessions", Conf, undefined)},
-                          {honor_cipher_order, cuttlefish:conf_get(Prefix ++ ".honor_cipher_order", Conf, undefined)}])
-              end,
-
-    Listen_fix = fun({Ip, Port}) -> case inet:parse_address(Ip) of
-                                      {ok, R} -> {R, Port};
-                                            _ -> {Ip, Port}
-                                    end;
-                     (Other) -> Other
-                 end,
-
-    TcpListeners = fun(Type, Name) ->
-                      Prefix = string:join(["listener", Type, Name], "."),
-                      ListenOnN = case cuttlefish:conf_get(Prefix, Conf, undefined) of
-                          undefined -> [];
-                          ListenOn  -> Listen_fix(ListenOn)
-                      end,
-                      [#{ proto => Atom(Type)
-                        , name => Name
-                        , listen_on => ListenOnN
-                        , opts => [ {deflate_options, DeflateOpts(Prefix)}
-                                  , {tcp_options, TcpOpts(Prefix)}
-                                  | LisOpts(Prefix)
-                                  ]
-                        }
-                      ]
-                   end,
-    SslListeners = fun(Type, Name) ->
-                       Prefix = string:join(["listener", Type, Name], "."),
-                       case cuttlefish:conf_get(Prefix, Conf, undefined) of
-                           undefined ->
-                               [];
-                           ListenOn ->
-                               [#{ proto => Atom(Type)
-                                 , name => Name
-                                 , listen_on => Listen_fix(ListenOn)
-                                 , opts => [ {deflate_options, DeflateOpts(Prefix)}
-                                           , {tcp_options, TcpOpts(Prefix)}
-                                           , {ssl_options, SslOpts(Prefix)}
-                                           | LisOpts(Prefix)
-                                           ]
-                                 }
-                               ]
-                       end
-                   end,
-
-    lists:flatten([TcpListeners(Type, Name) || {["listener", Type, Name], ListenOn}
-                                               <- cuttlefish_variable:filter_by_prefix("listener.tcp", Conf)
-                                               ++ cuttlefish_variable:filter_by_prefix("listener.ws", Conf)]
-                  ++
-                  [SslListeners(Type, Name) || {["listener", Type, Name], ListenOn}
-                                               <- cuttlefish_variable:filter_by_prefix("listener.ssl", Conf)
-                                               ++ cuttlefish_variable:filter_by_prefix("listener.wss", Conf)])
-end}.
-
-%%--------------------------------------------------------------------
-%% Modules
-%%--------------------------------------------------------------------
-
-{mapping, "modules.loaded_file", "emqx.modules_loaded_file", [
-  {datatype, string}
-]}.
-
-{mapping, "module.presence.qos", "emqx.modules", [
-  {default, 1},
-  {datatype, integer},
-  {validators, ["range:0-2"]}
-]}.
-
-{mapping, "module.subscription.$id.topic", "emqx.modules", [
-  {datatype, string}
-]}.
-
-{mapping, "module.subscription.$id.qos", "emqx.modules", [
-  {default, 1},
-  {datatype, integer},
-  {validators, ["range:0-2"]}
-]}.
-
-{mapping, "module.subscription.$id.nl", "emqx.modules", [
-  {default, 0},
-  {datatype, integer},
-  {validators, ["range:0-1"]}
-]}.
-
-{mapping, "module.subscription.$id.rap", "emqx.modules", [
-  {default, 0},
-  {datatype, integer},
-  {validators, ["range:0-1"]}
-]}.
-
-{mapping, "module.subscription.$id.rh", "emqx.modules", [
-  {default, 0},
-  {datatype, integer},
-  {validators, ["range:0-2"]}
-]}.
-
-{mapping, "module.rewrite.rule.$id", "emqx.modules", [
-  {datatype, string}
-]}.
-
-{mapping, "module.rewrite.pub.rule.$id", "emqx.modules", [
-  {datatype, string}
-]}.
-
-{mapping, "module.rewrite.sub.rule.$id", "emqx.modules", [
-  {datatype, string}
-]}.
-
-{translation, "emqx.modules", fun(Conf, _, Conf1) ->
-  Subscriptions = fun() ->
-      List = cuttlefish_variable:filter_by_prefix("module.subscription", Conf),
-      TopicList = [{N, Topic}|| {[_,"subscription",N,"topic"], Topic} <- List],
-      [{iolist_to_binary(T), #{ qos => cuttlefish:conf_get("module.subscription." ++ N ++ ".qos", Conf, 0),
-                                nl  => cuttlefish:conf_get("module.subscription." ++ N ++ ".nl", Conf, 0),
-                                rap => cuttlefish:conf_get("module.subscription." ++ N ++ ".rap", Conf, 0),
-                                rh  => cuttlefish:conf_get("module.subscription." ++ N ++ ".rh", Conf, 0)
-                                }} || {N, T} <- TopicList]
-  end,
-  Rewrites = fun() ->
-      Rules = cuttlefish_variable:filter_by_prefix("module.rewrite.rule", Conf),
-      PubRules = cuttlefish_variable:filter_by_prefix("module.rewrite.pub.rule", Conf),
-      SubRules = cuttlefish_variable:filter_by_prefix("module.rewrite.sub.rule", Conf),
-      TotalRules = lists:append(
-                     [ {["module", "rewrite", "pub", "rule", I], Rule} || {["module", "rewrite", "rule", I], Rule} <- Rules] ++ PubRules,
-                     [ {["module", "rewrite", "sub", "rule", I], Rule} || {["module", "rewrite", "rule", I], Rule} <- Rules] ++ SubRules
-                    ),
-      lists:map(fun({[_, "rewrite", PubOrSub, "rule", I], Rule}) ->
-                    [Topic, Re, Dest] = string:tokens(Rule, " "),
-                    {rewrite, list_to_atom(PubOrSub), list_to_binary(Topic), list_to_binary(Re), list_to_binary(Dest)}
-                end, TotalRules)
-  end,
-  lists:append([
-    [{emqx_mod_presence, [{qos, cuttlefish:conf_get("module.presence.qos", Conf, 1)}]}],
-    [{emqx_mod_subscription, Subscriptions()}],
-    [{emqx_mod_rewrite, Rewrites()}],
-    [{emqx_mod_topic_metrics, []}],
-    [{emqx_mod_delayed, []}],
-    [{emqx_mod_acl_internal, [{acl_file, cuttlefish:conf_get("acl_file", Conf1)}]}]
-  ])
-end}.
-
-%%-------------------------------------------------------------------
-%% Plugins
-%%-------------------------------------------------------------------
-
-{mapping, "plugins.etc_dir", "emqx.plugins_etc_dir", [
-  {datatype, string}
-]}.
-
-{mapping, "plugins.loaded_file", "emqx.plugins_loaded_file", [
-  {datatype, string}
-]}.
-
-{mapping, "plugins.expand_plugins_dir", "emqx.expand_plugins_dir", [
-  {datatype, string}
-]}.
-
-%%--------------------------------------------------------------------
-%% Broker
-%%--------------------------------------------------------------------
-
-{mapping, "broker.sys_interval", "emqx.broker_sys_interval", [
-  {datatype, {duration, ms}},
-  {default, "1m"}
-]}.
-
-{mapping, "broker.sys_heartbeat", "emqx.broker_sys_heartbeat", [
-  {datatype, {duration, ms}},
-  {default, "30s"}
-]}.
-
-{mapping, "broker.enable_session_registry", "emqx.enable_session_registry", [
-  {default, on},
-  {datatype, flag}
-]}.
-
-{mapping, "broker.session_locking_strategy", "emqx.session_locking_strategy", [
-  {default, quorum},
-  {datatype, {enum, [local,leader,quorum,all]}}
-]}.
-
-%% @doc Shared Subscription Dispatch Strategy.
-{mapping, "broker.shared_subscription_strategy", "emqx.shared_subscription_strategy", [
-  {default, round_robin},
-  {datatype,
-   {enum,
-    [random, %% randomly pick a subscriber
-     round_robin, %% round robin alive subscribers one message after another
-     sticky, %% pick a random subscriber and stick to it
-     hash, %% hash client ID to a group member
-     hash_clientid,
-     hash_topic
-    ]}}
-]}.
-
-%% @doc Enable or disable shared dispatch acknowledgement for QoS1 and QoS2 messages
-{mapping, "broker.shared_dispatch_ack_enabled", "emqx.shared_dispatch_ack_enabled",
- [ {default, false},
-   {datatype, {enum, [true, false]}}
- ]}.
-
-{mapping, "broker.route_batch_clean", "emqx.route_batch_clean", [
-  {default, on},
-  {datatype, flag}
-]}.
-
-%% @doc Performance toggle for subscribe/unsubscribe wildcard topic.
-%%      Change this toggle only when there are many wildcard topics.
-%% key:   mnesia translational updates with per-key locks. recommended for single node setup.
-%% tab:   mnesia translational updates with table lock. recommended for multi-nodes setup.
-%% global: global lock protected updates. recommended for larger cluster.
-%% NOTE: when changing from/to 'global' lock, it requires all nodes in the cluster
-%%
-{mapping, "broker.perf.route_lock_type", "emqx.route_lock_type", [
-  {default, key},
-  {datatype, {enum, [key, tab, global]}}
-]}.
-
-%% @doc Enable trie path compaction.
-%% Enabling it significantly improves wildcard topic subscribe rate,
-%% if wildcard topics have unique prefixes like: 'sensor/{{id}}/+/',
-%% where ID is unique per subscriber.
-%%
-%% Topic match performance (when publishing) may degrade if messages
-%% are mostly published to topics with large number of levels.
-%%
-%% NOTE: This is a cluster-wide configuration.
-%% It rquires all nodes to be stopped before changing it.
-{mapping, "broker.perf.trie_compaction", "emqx.trie_compaction", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%%--------------------------------------------------------------------
-%% System Monitor
-%%--------------------------------------------------------------------
-
-%% @doc Long GC, don't monitor in production mode for:
-%% https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421
-{mapping, "sysmon.long_gc", "emqx.sysmon", [
-  {default, 0},
-  {datatype, [integer, {duration, ms}]}
-]}.
-
-%% @doc Long Schedule(ms)
-{mapping, "sysmon.long_schedule", "emqx.sysmon", [
-  {default, 240},
-  {datatype, [integer, {duration, ms}]}
-]}.
-
-%% @doc Large Heap
-{mapping, "sysmon.large_heap", "emqx.sysmon", [
-  {default, "8MB"},
-  {datatype, bytesize}
-]}.
-
-%% @doc Monitor Busy Port
-{mapping, "sysmon.busy_port", "emqx.sysmon", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-%% @doc Monitor Busy Dist Port
-{mapping, "sysmon.busy_dist_port", "emqx.sysmon", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{translation, "emqx.sysmon", fun(Conf) ->
-    Configs = cuttlefish_variable:filter_by_prefix("sysmon", Conf),
-    [{list_to_atom(Name), Value} || {[_, Name], Value} <- Configs]
-end}.
-
-%%--------------------------------------------------------------------
-%% Operating System Monitor
-%%--------------------------------------------------------------------
-
-{mapping, "os_mon.cpu_check_interval", "emqx.os_mon", [
-  {default, 60},
-  {datatype, {duration, s}}
-]}.
-
-{mapping, "os_mon.cpu_high_watermark", "emqx.os_mon", [
-  {default, "80%"},
-  {datatype, {percent, float}}
-]}.
-
-{mapping, "os_mon.cpu_low_watermark", "emqx.os_mon", [
-  {default, "60%"},
-  {datatype, {percent, float}}
-]}.
-
-{mapping, "os_mon.mem_check_interval", "emqx.os_mon", [
-  {default, 60},
-  {datatype, {duration, s}}
-]}.
-
-{mapping, "os_mon.sysmem_high_watermark", "emqx.os_mon", [
-  {default, "70%"},
-  {datatype, {percent, float}}
-]}.
-
-{mapping, "os_mon.procmem_high_watermark", "emqx.os_mon", [
-  {default, "5%"},
-  {datatype, {percent, float}}
-]}.
-
-{translation, "emqx.os_mon", fun(Conf) ->
-    [{cpu_check_interval, cuttlefish:conf_get("os_mon.cpu_check_interval", Conf)},
-     {cpu_high_watermark, cuttlefish:conf_get("os_mon.cpu_high_watermark", Conf) * 100},
-     {cpu_low_watermark, cuttlefish:conf_get("os_mon.cpu_low_watermark", Conf) * 100},
-     {mem_check_interval, cuttlefish:conf_get("os_mon.mem_check_interval", Conf)},
-     {sysmem_high_watermark, cuttlefish:conf_get("os_mon.sysmem_high_watermark", Conf) * 100},
-     {procmem_high_watermark, cuttlefish:conf_get("os_mon.procmem_high_watermark", Conf) * 100}]
-end}.
-
-%%--------------------------------------------------------------------
-%% VM Monitor
-%%--------------------------------------------------------------------
-{mapping, "vm_mon.check_interval", "emqx.vm_mon", [
-  {default, 30},
-  {datatype, {duration, s}}
-]}.
-
-{mapping, "vm_mon.process_high_watermark", "emqx.vm_mon", [
-  {default, "80%"},
-  {datatype, {percent, float}}
-]}.
-
-{mapping, "vm_mon.process_low_watermark", "emqx.vm_mon", [
-  {default, "60%"},
-  {datatype, {percent, float}}
-]}.
-
-{translation, "emqx.vm_mon", fun(Conf) ->
-    [{check_interval, cuttlefish:conf_get("vm_mon.check_interval", Conf)},
-     {process_high_watermark, cuttlefish:conf_get("vm_mon.process_high_watermark", Conf) * 100},
-     {process_low_watermark, cuttlefish:conf_get("vm_mon.process_low_watermark", Conf) * 100}]
-end}.
-
-%%--------------------------------------------------------------------
-%% Alarm
-%%--------------------------------------------------------------------
-{mapping, "alarm.actions", "emqx.alarm", [
-  {default, "log,publish"},
-  {datatype, string}
-]}.
-
-{mapping, "alarm.size_limit", "emqx.alarm", [
-  {default, 1000},
-  {datatype, integer}
-]}.
-
-{mapping, "alarm.validity_period", "emqx.alarm", [
-  {default, "24h"},
-  {datatype, {duration, s}}
-]}.
-
-{translation, "emqx.alarm", fun(Conf) ->
-    [{actions, [list_to_atom(Action) || Action <- string:tokens(cuttlefish:conf_get("alarm.actions", Conf), ",")]},
-     {size_limit, cuttlefish:conf_get("alarm.size_limit", Conf)},
-     {validity_period, cuttlefish:conf_get("alarm.validity_period", Conf)}]
-end}.
-
-%%--------------------------------------------------------------------
-%% Telemetry
-%%--------------------------------------------------------------------
-{mapping, "telemetry.enabled", "emqx.telemetry", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "telemetry.url", "emqx.telemetry", [
-  {default, "https://telemetry-emqx-io.bigpar.vercel.app/api/telemetry"},
-  {datatype, string}
-]}.
-
-{mapping, "telemetry.report_interval", "emqx.telemetry", [
-  {default, "7d"},
-  {datatype, {duration, s}}
-]}.
-
-{translation, "emqx.telemetry", fun(Conf) ->
-  [ {enabled,         cuttlefish:conf_get("telemetry.enabled", Conf)}
-  , {url,             cuttlefish:conf_get("telemetry.url", Conf)}
-  , {report_interval, cuttlefish:conf_get("telemetry.report_interval", Conf)}
-  ]
-end}.

From 54aeacee1444108c061e16b9d6fdb2a5d0bcf58f Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Mon, 28 Jun 2021 11:30:38 +0800
Subject: [PATCH 116/174] feat(rule-engine): update the configuration file to
 hocon

---
 .../etc/emqx_rule_engine.conf                 | 44 ++-----------
 .../priv/emqx_rule_engine.schema              | 61 -------------------
 .../src/emqx_rule_engine.app.src              |  2 +-
 .../src/emqx_rule_engine.appup.src            | 38 ------------
 .../src/emqx_rule_engine_schema.erl           | 29 +++++++++
 .../emqx_rule_engine/src/emqx_rule_events.erl | 45 ++++----------
 .../test/emqx_rule_engine_SUITE.erl           | 19 +-----
 .../src/emqx_telemetry_schema.erl             | 18 +++++-
 data/loaded_plugins.tmpl                      |  1 -
 rebar.config.erl                              |  5 +-
 10 files changed, 66 insertions(+), 196 deletions(-)
 delete mode 100644 apps/emqx_rule_engine/priv/emqx_rule_engine.schema
 delete mode 100644 apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
 create mode 100644 apps/emqx_rule_engine/src/emqx_rule_engine_schema.erl

diff --git a/apps/emqx_rule_engine/etc/emqx_rule_engine.conf b/apps/emqx_rule_engine/etc/emqx_rule_engine.conf
index 556c59970..c1637d66d 100644
--- a/apps/emqx_rule_engine/etc/emqx_rule_engine.conf
+++ b/apps/emqx_rule_engine/etc/emqx_rule_engine.conf
@@ -1,42 +1,6 @@
 ##====================================================================
-## Rule Engine for EMQ X R4.0
+## Rule Engine for EMQ X R5.0
 ##====================================================================
-
-rule_engine.ignore_sys_message = on
-
-## Event Messages
-##
-## If enabled (on), rule engine publishes the event as an MQTT message
-## with topic='$events/<event-name>' on the occurrence of an emqx event.
-##
-## If disabled, rule engine stops publishing the event messages, but
-## the event message can still be processed by the rule SQL. e.g. rule SQL:
-##
-##   SELECT * FROM "$events/client_connected"
-##
-## will still work even if 'rule_engine.events.client_connected' is set to 'off'
-##
-## EMQ Event to event message mapping:
-##
-##   - client.connected      -> $events/client_connected
-##   - client.disconnected   -> $events/client_disconnected
-##   - session.subscribed    -> $events/session_subscribed
-##   - session.unsubscribed  -> $events/session_unsubscribed
-##   - message.delivered     -> $events/message_delivered
-##   - message.acked         -> $events/message_acked
-##   - message.dropped       -> $events/message_dropped
-##
-## Config Value Format: Toggle, QoS-Level
-##
-## Toggle: on/off
-##
-## QoS-Level: qos0/qos1/qos2
-
-#rule_engine.events.client_connected = "on, qos1"
-rule_engine.events.client_connected = off
-rule_engine.events.client_disconnected = off
-rule_engine.events.session_subscribed = off
-rule_engine.events.session_unsubscribed = off
-rule_engine.events.message_delivered = off
-rule_engine.events.message_acked = off
-rule_engine.events.message_dropped = off
+emqx_rule_engine:{
+    ignore_sys_message: true
+}
diff --git a/apps/emqx_rule_engine/priv/emqx_rule_engine.schema b/apps/emqx_rule_engine/priv/emqx_rule_engine.schema
deleted file mode 100644
index c5549aa36..000000000
--- a/apps/emqx_rule_engine/priv/emqx_rule_engine.schema
+++ /dev/null
@@ -1,61 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_rule_engine config mapping
-
-{mapping, "rule_engine.ignore_sys_message", "emqx_rule_engine.ignore_sys_message", [
-  {default, on},
-  {datatype, flag}
-]}.
-
-{mapping, "rule_engine.events.$name", "emqx_rule_engine.events", [
-  {default, "off, qos1"},
-  {datatype, string}
-]}.
-
-{translation, "emqx_rule_engine.events", fun(Conf) ->
-  SupportedHooks =
-    [ 'client.connected'
-    , 'client.disconnected'
-    , 'session.subscribed'
-    , 'session.unsubscribed'
-    , 'message.delivered'
-    , 'message.acked'
-    , 'message.dropped'
-    ],
-
-  HookPoint = fun(Event) ->
-    case string:split(Event, "_") of
-        [Prefix, Name] ->
-            Point = list_to_atom(lists:append([Prefix, ".", Name])),
-            case lists:member(Point, SupportedHooks) of
-                true -> Point;
-                false -> error({unsupported_event, Event})
-            end;
-        [_] ->
-            error({invalid_event, Event})
-    end
-  end,
-
-  QoS = fun ("qos"++Level = QoSLevel) ->
-              case list_to_integer(Level) of
-                QoSL when QoSL =:= 0; QoSL =:= 1; QoSL =:= 2 ->
-                  QoSL;
-                _ ->
-                  error({invalid_qos_level, QoSLevel})
-              end;
-            (QoSLevel) ->
-              error({invalid_qos, QoSLevel})
-        end,
-
-  lists:foldl(
-    fun({EE=[_,"events",EvtName], Val}, Acc) ->
-          case string:split(string:trim(Val), ",", all) of
-            ["on"++_, Snd] ->
-              [{HookPoint(EvtName), on, QoS(string:trim(Snd))} | Acc];
-            ["on"++_] ->
-              [{HookPoint(EvtName), on, 1} | Acc];
-            [_] ->
-              Acc
-          end;
-        ({_, _}, Acc) -> Acc
-    end, [], cuttlefish_variable:filter_by_prefix("rule_engine.events", Conf))
-end}.
diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src
index aebb73150..ff25dcfd3 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src
+++ b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src
@@ -1,6 +1,6 @@
 {application, emqx_rule_engine,
  [{description, "EMQ X Rule Engine"},
-  {vsn, "4.3.3"}, % strict semver, bump manually!
+  {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_rule_engine_sup, emqx_rule_registry]},
   {applications, [kernel,stdlib,rulesql,getopt]},
diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
deleted file mode 100644
index 01c07c124..000000000
--- a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
+++ /dev/null
@@ -1,38 +0,0 @@
-%% -*-: erlang -*-
-{"4.3.3",
- [ {"4.3.0",
-    [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []}
-    , {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
-    , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
-    ]},
-   {"4.3.1",
-    [ {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
-    , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
-    ]},
-   {"4.3.2",
-    [ {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
-    ]},
-   {<<".*">>, []}
- ],
- [
-   {"4.3.0",
-    [ {load_module, emqx_rule_funcs, brutal_purge, soft_purge, []}
-    , {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
-    , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
-    ]},
-   {"4.3.1",
-    [ {load_module, emqx_rule_engine, brutal_purge, soft_purge, []}
-    , {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
-    ]},
-   {"4.3.2",
-    [ {load_module, emqx_rule_registry, brutal_purge, soft_purge, []}
-    , {apply, {emqx_stats, cancel_update, [rule_registery_stats]}}
-    ]},
-   {<<".*">>, []}
- ]
-}.
diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine_schema.erl b/apps/emqx_rule_engine/src/emqx_rule_engine_schema.erl
new file mode 100644
index 000000000..f7658c208
--- /dev/null
+++ b/apps/emqx_rule_engine/src/emqx_rule_engine_schema.erl
@@ -0,0 +1,29 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_rule_engine_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+        , fields/1]).
+
+structs() -> ["emqx_rule_engine"].
+
+fields("emqx_rule_engine") ->
+    [{ignore_sys_message, emqx_schema:t(boolean(), undefined, true)}].
diff --git a/apps/emqx_rule_engine/src/emqx_rule_events.erl b/apps/emqx_rule_engine/src/emqx_rule_events.erl
index 97e40439d..26689b022 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_events.erl
+++ b/apps/emqx_rule_engine/src/emqx_rule_events.erl
@@ -63,9 +63,10 @@
 -endif.
 
 load(Topic) ->
+    IgnoreSys = proplists:get_value(ignore_sys_message, env(), true),
     HookPoint = event_name(Topic),
     emqx_hooks:put(HookPoint, {?MODULE, hook_fun(HookPoint),
-        [hook_conf(HookPoint, env())]}).
+        [#{ignore_sys_message => IgnoreSys}]}).
 
 unload() ->
     lists:foreach(fun(HookPoint) ->
@@ -97,26 +98,26 @@ on_message_publish(Message = #message{topic = Topic}, _Env) ->
     {ok, Message}.
 
 on_client_connected(ClientInfo, ConnInfo, Env) ->
-    may_publish_and_apply('client.connected',
+    apply_event('client.connected',
         fun() -> eventmsg_connected(ClientInfo, ConnInfo) end, Env).
 
 on_client_disconnected(ClientInfo, Reason, ConnInfo, Env) ->
-    may_publish_and_apply('client.disconnected',
+    apply_event('client.disconnected',
         fun() -> eventmsg_disconnected(ClientInfo, ConnInfo, Reason) end, Env).
 
 on_session_subscribed(ClientInfo, Topic, SubOpts, Env) ->
-    may_publish_and_apply('session.subscribed',
+    apply_event('session.subscribed',
         fun() -> eventmsg_sub_or_unsub('session.subscribed', ClientInfo, Topic, SubOpts) end, Env).
 
 on_session_unsubscribed(ClientInfo, Topic, SubOpts, Env) ->
-    may_publish_and_apply('session.unsubscribed',
+    apply_event('session.unsubscribed',
         fun() -> eventmsg_sub_or_unsub('session.unsubscribed', ClientInfo, Topic, SubOpts) end, Env).
 
 on_message_dropped(Message = #message{flags = #{sys := true}},
                    _, _, #{ignore_sys_message := true}) ->
     {ok, Message};
 on_message_dropped(Message, _, Reason, Env) ->
-    may_publish_and_apply('message.dropped',
+    apply_event('message.dropped',
         fun() -> eventmsg_dropped(Message, Reason) end, Env),
     {ok, Message}.
 
@@ -124,7 +125,7 @@ on_message_delivered(_ClientInfo, Message = #message{flags = #{sys := true}},
                    #{ignore_sys_message := true}) ->
     {ok, Message};
 on_message_delivered(ClientInfo, Message, Env) ->
-    may_publish_and_apply('message.delivered',
+    apply_event('message.delivered',
         fun() -> eventmsg_delivered(ClientInfo, Message) end, Env),
     {ok, Message}.
 
@@ -132,7 +133,7 @@ on_message_acked(_ClientInfo, Message = #message{flags = #{sys := true}},
                    #{ignore_sys_message := true}) ->
     {ok, Message};
 on_message_acked(ClientInfo, Message, Env) ->
-    may_publish_and_apply('message.acked',
+    apply_event('message.acked',
         fun() -> eventmsg_acked(ClientInfo, Message) end, Env),
     {ok, Message}.
 
@@ -297,31 +298,15 @@ with_basic_columns(EventName, Data) when is_map(Data) ->
         }.
 
 %%--------------------------------------------------------------------
-%% Events publishing and rules applying
+%% rules applying
 %%--------------------------------------------------------------------
-
-may_publish_and_apply(EventName, GenEventMsg, #{enabled := true, qos := QoS}) ->
-    EventTopic = event_topic(EventName),
-    EventMsg = GenEventMsg(),
-    case emqx_json:safe_encode(EventMsg) of
-        {ok, Payload} ->
-            _ = emqx_broker:safe_publish(make_msg(QoS, EventTopic, Payload)),
-            ok;
-        {error, _Reason} ->
-            ?LOG(error, "Failed to encode event msg for ~p, msg: ~p", [EventName, EventMsg])
-    end,
-    emqx_rule_runtime:apply_rules(emqx_rule_registry:get_rules_for(EventTopic), EventMsg);
-may_publish_and_apply(EventName, GenEventMsg, _Env) ->
+apply_event(EventName, GenEventMsg, _Env) ->
     EventTopic = event_topic(EventName),
     case emqx_rule_registry:get_rules_for(EventTopic) of
         [] -> ok;
         Rules -> emqx_rule_runtime:apply_rules(Rules, GenEventMsg())
     end.
 
-make_msg(QoS, Topic, Payload) ->
-    emqx_message:set_flags(#{sys => true, event => true},
-        emqx_message:make(emqx_events, QoS, Topic, iolist_to_binary(Payload))).
-
 %%--------------------------------------------------------------------
 %% Columns
 %%--------------------------------------------------------------------
@@ -559,14 +544,6 @@ columns_with_exam('session.unsubscribed') ->
 %% Helper functions
 %%--------------------------------------------------------------------
 
-hook_conf(HookPoint, Env) ->
-    Events = proplists:get_value(events, Env, []),
-    IgnoreSys = proplists:get_value(ignore_sys_message, Env, true),
-    case lists:keyfind(HookPoint, 1, Events) of
-        {_, on, QoS} -> #{enabled => true, qos => QoS, ignore_sys_message => IgnoreSys};
-        _ -> #{enabled => false, qos => 1, ignore_sys_message => IgnoreSys}
-    end.
-
 hook_fun(Event) ->
     case string:split(atom_to_list(Event), ".") of
         [Prefix, Name] ->
diff --git a/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl b/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl
index d8244c018..da3e963f0 100644
--- a/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl
+++ b/apps/emqx_rule_engine/test/emqx_rule_engine_SUITE.erl
@@ -149,11 +149,11 @@ groups() ->
 init_per_suite(Config) ->
     ok = ekka_mnesia:start(),
     ok = emqx_rule_registry:mnesia(boot),
-    start_apps(),
+    ok = emqx_ct_helpers:start_apps([emqx_rule_engine], fun set_special_configs/1),
     Config.
 
 end_per_suite(_Config) ->
-    stop_apps(),
+    emqx_ct_helpers:stop_apps([emqx_rule_engine]),
     ok.
 
 on_resource_create(_id, _) -> #{}.
@@ -2545,21 +2545,6 @@ init_events_counters() ->
 %%------------------------------------------------------------------------------
 %% Start Apps
 %%------------------------------------------------------------------------------
-
-stop_apps() ->
-    stopped = mnesia:stop(),
-    [application:stop(App) || App <- [emqx_rule_engine, emqx]].
-
-start_apps() ->
-    [start_apps(App, SchemaFile, ConfigFile) ||
-        {App, SchemaFile, ConfigFile}
-            <- [{emqx, emqx_schema, deps_path(emqx, "etc/emqx.conf")},
-                {emqx_rule_engine, local_path("priv/emqx_rule_engine.schema"),
-                                   local_path("etc/emqx_rule_engine.conf")}]].
-
-start_apps(App, Schema, ConfigFile) ->
-    emqx_ct_helpers:start_app(App, Schema, ConfigFile, fun set_special_configs/1).
-
 deps_path(App, RelativePath) ->
     Path0 = code:lib_dir(App),
     Path = case file:read_link(Path0) of
diff --git a/apps/emqx_telemetry/src/emqx_telemetry_schema.erl b/apps/emqx_telemetry/src/emqx_telemetry_schema.erl
index 4d5cab684..0addd4726 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry_schema.erl
+++ b/apps/emqx_telemetry/src/emqx_telemetry_schema.erl
@@ -1,3 +1,19 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
 -module(emqx_telemetry_schema).
 
 -include_lib("typerefl/include/types.hrl").
@@ -10,4 +26,4 @@
 structs() -> ["emqx_telemetry"].
 
 fields("emqx_telemetry") ->
-    [{enabled, emqx_schema:t(boolean(), undefined, false)}].
\ No newline at end of file
+    [{enabled, emqx_schema:t(boolean(), undefined, false)}].
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
index c2b6311f2..d26d56abf 100644
--- a/data/loaded_plugins.tmpl
+++ b/data/loaded_plugins.tmpl
@@ -2,5 +2,4 @@
 {emqx_dashboard, true}.
 {emqx_modules, {{enable_plugin_emqx_modules}}}.
 {emqx_retainer, {{enable_plugin_emqx_retainer}}}.
-{emqx_rule_engine, {{enable_plugin_emqx_rule_engine}}}.
 {emqx_bridge_mqtt, {{enable_plugin_emqx_bridge_mqtt}}}.
diff --git a/rebar.config.erl b/rebar.config.erl
index d0822f3b2..5f00f87b2 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -192,8 +192,7 @@ overlay_vars_rel(RelType) ->
                  cloud -> "vm.args";
                  edge -> "vm.args.edge"
              end,
-    [ {enable_plugin_emqx_rule_engine, RelType =:= cloud}
-    , {enable_plugin_emqx_bridge_mqtt, RelType =:= edge}
+    [ {enable_plugin_emqx_bridge_mqtt, RelType =:= edge}
     , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
     , {enable_plugin_emqx_retainer, true}
     , {vm_args_file, VmArgs}
@@ -254,6 +253,7 @@ relx_apps(ReleaseType) ->
     , emqx_resource
     , emqx_connector
     , emqx_data_bridge
+    , emqx_rule_engine
     ]
     ++ [emqx_telemetry || not is_enterprise()]
     ++ [emqx_modules || not is_enterprise()]
@@ -286,7 +286,6 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_stomp
     , emqx_authentication
     , emqx_web_hook
-    , emqx_rule_engine
     , emqx_statsd
     ]
     ++ relx_plugin_apps_per_rel(ReleaseType)

From 434beef3ad0731b682b8c3eea7921025930f4d1c Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Mon, 28 Jun 2021 14:02:37 +0800
Subject: [PATCH 117/174] feat(rule-engine): Update the configuration file to
 hocon

---
 .../emqx_rule_engine/src/emqx_rule_events.erl | 62 +++++++++----------
 1 file changed, 31 insertions(+), 31 deletions(-)

diff --git a/apps/emqx_rule_engine/src/emqx_rule_events.erl b/apps/emqx_rule_engine/src/emqx_rule_events.erl
index 26689b022..824cfdcb1 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_events.erl
+++ b/apps/emqx_rule_engine/src/emqx_rule_events.erl
@@ -63,10 +63,8 @@
 -endif.
 
 load(Topic) ->
-    IgnoreSys = proplists:get_value(ignore_sys_message, env(), true),
     HookPoint = event_name(Topic),
-    emqx_hooks:put(HookPoint, {?MODULE, hook_fun(HookPoint),
-        [#{ignore_sys_message => IgnoreSys}]}).
+    emqx_hooks:put(HookPoint, {?MODULE, hook_fun(HookPoint), [[]]}).
 
 unload() ->
     lists:foreach(fun(HookPoint) ->
@@ -77,23 +75,18 @@ unload(Topic) ->
     HookPoint = event_name(Topic),
     emqx_hooks:del(HookPoint, {?MODULE, hook_fun(HookPoint)}).
 
-env() ->
-    application:get_all_env(?APP).
-
 %%--------------------------------------------------------------------
 %% Callbacks
 %%--------------------------------------------------------------------
-
-on_message_publish(Message = #message{flags = #{event := true}},
-                   _Env) ->
-    {ok, Message};
-on_message_publish(Message = #message{flags = #{sys := true}},
-                   #{ignore_sys_message := true}) ->
-    {ok, Message};
 on_message_publish(Message = #message{topic = Topic}, _Env) ->
-    case emqx_rule_registry:get_rules_for(Topic) of
-        [] -> ok;
-        Rules -> emqx_rule_runtime:apply_rules(Rules, eventmsg_publish(Message))
+    case ignore_sys_message(Message) of
+        true ->
+            ok;
+        false ->
+            case emqx_rule_registry:get_rules_for(Topic) of
+                [] -> ok;
+                Rules -> emqx_rule_runtime:apply_rules(Rules, eventmsg_publish(Message))
+            end
     end,
     {ok, Message}.
 
@@ -113,28 +106,31 @@ on_session_unsubscribed(ClientInfo, Topic, SubOpts, Env) ->
     apply_event('session.unsubscribed',
         fun() -> eventmsg_sub_or_unsub('session.unsubscribed', ClientInfo, Topic, SubOpts) end, Env).
 
-on_message_dropped(Message = #message{flags = #{sys := true}},
-                   _, _, #{ignore_sys_message := true}) ->
-    {ok, Message};
 on_message_dropped(Message, _, Reason, Env) ->
-    apply_event('message.dropped',
-        fun() -> eventmsg_dropped(Message, Reason) end, Env),
+    case ignore_sys_message(Message) of
+        true -> ok;
+        false ->
+            apply_event('message.dropped',
+                fun() -> eventmsg_dropped(Message, Reason) end, Env)
+    end,
     {ok, Message}.
 
-on_message_delivered(_ClientInfo, Message = #message{flags = #{sys := true}},
-                   #{ignore_sys_message := true}) ->
-    {ok, Message};
 on_message_delivered(ClientInfo, Message, Env) ->
-    apply_event('message.delivered',
-        fun() -> eventmsg_delivered(ClientInfo, Message) end, Env),
+    case ignore_sys_message(Message) of
+        true -> ok;
+        false ->
+            apply_event('message.delivered',
+                fun() -> eventmsg_delivered(ClientInfo, Message) end, Env)
+    end,
     {ok, Message}.
 
-on_message_acked(_ClientInfo, Message = #message{flags = #{sys := true}},
-                   #{ignore_sys_message := true}) ->
-    {ok, Message};
 on_message_acked(ClientInfo, Message, Env) ->
-    apply_event('message.acked',
-        fun() -> eventmsg_acked(ClientInfo, Message) end, Env),
+    case ignore_sys_message(Message) of
+        true -> ok;
+        false ->
+            apply_event('message.acked',
+                fun() -> eventmsg_acked(ClientInfo, Message) end, Env)
+    end,
     {ok, Message}.
 
 %%--------------------------------------------------------------------
@@ -597,3 +593,7 @@ printable_maps(Headers) ->
                 };
             (K, V0, AccIn) -> AccIn#{K => V0}
         end, #{}, Headers).
+
+ignore_sys_message(#message{flags = Flags}) ->
+    maps:get(sys, Flags, false) andalso
+      emqx_config:get([emqx_rule_engine, ignore_sys_message]).

From 33036a1a913f753bc314cb7cb498e51f7864bdcc Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Mon, 28 Jun 2021 15:24:35 +0800
Subject: [PATCH 118/174] chore(plugins): rm emqx-pks-file plugin

---
 apps/emqx_psk_file/.gitignore                 | 16 ----
 apps/emqx_psk_file/README.md                  |  2 -
 apps/emqx_psk_file/etc/emqx_psk_file.conf     |  2 -
 apps/emqx_psk_file/etc/psk.txt                |  2 -
 apps/emqx_psk_file/priv/emqx_psk_file.schema  | 10 ---
 apps/emqx_psk_file/rebar.config               | 16 ----
 apps/emqx_psk_file/src/emqx_psk_file.app.src  | 14 ----
 .../emqx_psk_file/src/emqx_psk_file.appup.src | 13 ---
 apps/emqx_psk_file/src/emqx_psk_file.erl      | 82 -------------------
 apps/emqx_psk_file/src/emqx_psk_file_app.erl  | 33 --------
 apps/emqx_psk_file/src/emqx_psk_file_sup.erl  | 32 --------
 .../test/emqx_psk_file_SUITE.erl              | 24 ------
 rebar.config.erl                              |  2 -
 scripts/inject-deps.escript                   |  1 -
 14 files changed, 249 deletions(-)
 delete mode 100644 apps/emqx_psk_file/.gitignore
 delete mode 100644 apps/emqx_psk_file/README.md
 delete mode 100644 apps/emqx_psk_file/etc/emqx_psk_file.conf
 delete mode 100644 apps/emqx_psk_file/etc/psk.txt
 delete mode 100644 apps/emqx_psk_file/priv/emqx_psk_file.schema
 delete mode 100644 apps/emqx_psk_file/rebar.config
 delete mode 100644 apps/emqx_psk_file/src/emqx_psk_file.app.src
 delete mode 100644 apps/emqx_psk_file/src/emqx_psk_file.appup.src
 delete mode 100644 apps/emqx_psk_file/src/emqx_psk_file.erl
 delete mode 100644 apps/emqx_psk_file/src/emqx_psk_file_app.erl
 delete mode 100644 apps/emqx_psk_file/src/emqx_psk_file_sup.erl
 delete mode 100644 apps/emqx_psk_file/test/emqx_psk_file_SUITE.erl

diff --git a/apps/emqx_psk_file/.gitignore b/apps/emqx_psk_file/.gitignore
deleted file mode 100644
index 0379a99df..000000000
--- a/apps/emqx_psk_file/.gitignore
+++ /dev/null
@@ -1,16 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-data/
-emqx_actorcloud_schema_parser.d
-.DS_Store
-_build
-rebar.lock
diff --git a/apps/emqx_psk_file/README.md b/apps/emqx_psk_file/README.md
deleted file mode 100644
index 3ba976b81..000000000
--- a/apps/emqx_psk_file/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-## EMQX TLS/DTLS PSK Plugin from file
-
diff --git a/apps/emqx_psk_file/etc/emqx_psk_file.conf b/apps/emqx_psk_file/etc/emqx_psk_file.conf
deleted file mode 100644
index 88c5bbdb1..000000000
--- a/apps/emqx_psk_file/etc/emqx_psk_file.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-psk.file.path = "{{ platform_etc_dir }}/psk.txt"
-psk.file.delimiter = ":"
diff --git a/apps/emqx_psk_file/etc/psk.txt b/apps/emqx_psk_file/etc/psk.txt
deleted file mode 100644
index 3cf33d814..000000000
--- a/apps/emqx_psk_file/etc/psk.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-client1:1234
-client2:abcd
diff --git a/apps/emqx_psk_file/priv/emqx_psk_file.schema b/apps/emqx_psk_file/priv/emqx_psk_file.schema
deleted file mode 100644
index 0c784d99b..000000000
--- a/apps/emqx_psk_file/priv/emqx_psk_file.schema
+++ /dev/null
@@ -1,10 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_psk_file config mapping
-
-{mapping, "psk.file.path", "emqx_psk_file.path", [
-  {datatype, string}
-]}.
-
-{mapping, "psk.file.delimiter", "emqx_psk_file.delimiter", [
-  {datatype, string}
-]}.
\ No newline at end of file
diff --git a/apps/emqx_psk_file/rebar.config b/apps/emqx_psk_file/rebar.config
deleted file mode 100644
index 7ac3b98c8..000000000
--- a/apps/emqx_psk_file/rebar.config
+++ /dev/null
@@ -1,16 +0,0 @@
-{deps, []}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_psk_file/src/emqx_psk_file.app.src b/apps/emqx_psk_file/src/emqx_psk_file.app.src
deleted file mode 100644
index ef18c8b69..000000000
--- a/apps/emqx_psk_file/src/emqx_psk_file.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_psk_file,
- [{description,"EMQX PSK Plugin from File"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
-  {modules,[]},
-  {registered,[emqx_psk_file_sup]},
-  {applications,[kernel,stdlib]},
-  {mod,{emqx_psk_file_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-psk-file"}
-          ]}
- ]}.
diff --git a/apps/emqx_psk_file/src/emqx_psk_file.appup.src b/apps/emqx_psk_file/src/emqx_psk_file.appup.src
deleted file mode 100644
index c34a3f71a..000000000
--- a/apps/emqx_psk_file/src/emqx_psk_file.appup.src
+++ /dev/null
@@ -1,13 +0,0 @@
-%% -*-: erlang -*-
-{VSN,
- [
-   {"4.3.0", [
-     {restart_application, emqx_psk_file}
-   ]}
- ],
- [
-   {"4.3.0", [
-     {restart_application, emqx_psk_file}
-   ]}
- ]
-}.
diff --git a/apps/emqx_psk_file/src/emqx_psk_file.erl b/apps/emqx_psk_file/src/emqx_psk_file.erl
deleted file mode 100644
index 3afd6dc73..000000000
--- a/apps/emqx_psk_file/src/emqx_psk_file.erl
+++ /dev/null
@@ -1,82 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_psk_file).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--import(proplists, [get_value/2]).
-
--export([load/1, unload/0]).
-
-%% Hooks functions
--export([on_psk_lookup/2]).
-
--define(TAB, ?MODULE).
--define(LF, 10).
-
--record(psk_entry, {psk_id :: binary(),
-                    psk_str :: binary()}).
-
-%% Called when the plugin application start
-load(Env) ->
-    _ = ets:new(?TAB, [set, named_table, {keypos, #psk_entry.psk_id}]),
-    {ok, PskFile} = file:open(get_value(path, Env), [read, raw, binary, read_ahead]),
-    preload_psks(PskFile, bin(get_value(delimiter, Env))),
-    _ = file:close(PskFile),
-    emqx:hook('tls_handshake.psk_lookup', {?MODULE, on_psk_lookup, []}).
-
-%% Called when the plugin application stop
-unload() ->
-    emqx:unhook('tls_handshake.psk_lookup', {?MODULE, on_psk_lookup}).
-
-on_psk_lookup(ClientPSKID, UserState) ->
-    case ets:lookup(?TAB, ClientPSKID) of
-        [#psk_entry{psk_str = PskStr}] ->
-            {stop, PskStr};
-        [] ->
-            {ok, UserState}
-    end.
-
-preload_psks(FileHandler, Delimiter) ->
-    case file:read_line(FileHandler) of
-        {ok, Line} ->
-            case binary:split(Line, Delimiter) of
-                [Key, Rem] ->
-                    ets:insert(?TAB, #psk_entry{psk_id = Key, psk_str = trim_lf(Rem)}),
-                    preload_psks(FileHandler, Delimiter);
-                [Line] ->
-                    ?LOG(warning, "[~p] - Invalid line: ~p, delimiter: ~p", [?MODULE, Line, Delimiter])
-            end;
-        eof ->
-            ?LOG(info, "[~p] - PSK file is preloaded", [?MODULE]);
-        {error, Reason} ->
-            ?LOG(error, "[~p] - Read lines from PSK file: ~p", [?MODULE, Reason])
-    end.
-
-bin(Str) when is_list(Str) -> list_to_binary(Str);
-bin(Bin) when is_binary(Bin) -> Bin.
-
-%% Trim the tailing LF
-trim_lf(<<>>) -> <<>>;
-trim_lf(Bin) ->
-    Size = byte_size(Bin),
-    case binary:at(Bin, Size-1) of
-        ?LF -> binary_part(Bin, 0, Size-1);
-        _ -> Bin
-    end.
-
diff --git a/apps/emqx_psk_file/src/emqx_psk_file_app.erl b/apps/emqx_psk_file/src/emqx_psk_file_app.erl
deleted file mode 100644
index 934ffe49e..000000000
--- a/apps/emqx_psk_file/src/emqx_psk_file_app.erl
+++ /dev/null
@@ -1,33 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_psk_file_app).
-
--behaviour(application).
-
--emqx_plugin(?MODULE).
-
-%% Application callbacks
--export([start/2, stop/1]).
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_psk_file_sup:start_link(),
-    _ = emqx_psk_file:load(
-        application:get_all_env(emqx_psk_file)),
-    {ok, Sup}.
-
-stop(_State) ->
-    emqx_psk_file:unload().
diff --git a/apps/emqx_psk_file/src/emqx_psk_file_sup.erl b/apps/emqx_psk_file/src/emqx_psk_file_sup.erl
deleted file mode 100644
index 041eecdb6..000000000
--- a/apps/emqx_psk_file/src/emqx_psk_file_sup.erl
+++ /dev/null
@@ -1,32 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_psk_file_sup).
-
--behaviour(supervisor).
-
-%% API
--export([start_link/0]).
-
-%% Supervisor callbacks
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    {ok, { {one_for_one, 0, 1}, []} }.
-
diff --git a/apps/emqx_psk_file/test/emqx_psk_file_SUITE.erl b/apps/emqx_psk_file/test/emqx_psk_file_SUITE.erl
deleted file mode 100644
index d0083247d..000000000
--- a/apps/emqx_psk_file/test/emqx_psk_file_SUITE.erl
+++ /dev/null
@@ -1,24 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_psk_file_SUITE).
--compile(nowarn_export_all).
--compile(export_all).
-
-all() -> [].
-
-groups() ->
-    [].
diff --git a/rebar.config.erl b/rebar.config.erl
index 5f00f87b2..14a8f93bc 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -297,7 +297,6 @@ relx_plugin_apps_per_rel(cloud) ->
     , emqx_exhook
     , emqx_exproto
     , emqx_prometheus
-    , emqx_psk_file
     ];
 relx_plugin_apps_per_rel(edge) ->
     [].
@@ -355,7 +354,6 @@ etc_overlay(ReleaseType) ->
 
 extra_overlay(cloud) ->
     [ {copy,"{{base_dir}}/lib/emqx_lwm2m/lwm2m_xml","etc/"}
-    , {copy, "{{base_dir}}/lib/emqx_psk_file/etc/psk.txt", "etc/psk.txt"}
     ];
 extra_overlay(edge) ->
     [].
diff --git a/scripts/inject-deps.escript b/scripts/inject-deps.escript
index 0b6371342..8100c3959 100755
--- a/scripts/inject-deps.escript
+++ b/scripts/inject-deps.escript
@@ -44,7 +44,6 @@ edge_excludes() ->
     , emqx_exhook
     , emqx_exproto
     , emqx_prometheus
-    , emqx_psk_file
     ].
 
 base_deps() ->

From dc1deff3f3d9aa834c208112727f8d755690df9c Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Fri, 25 Jun 2021 19:02:55 +0200
Subject: [PATCH 119/174] refactor(rlog): Fix initialization of
 emqx_cm_registry table

---
 apps/emqx/src/emqx_cm_registry.erl | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/src/emqx_cm_registry.erl b/apps/emqx/src/emqx_cm_registry.erl
index d8095b445..30035eca5 100644
--- a/apps/emqx/src/emqx_cm_registry.erl
+++ b/apps/emqx/src/emqx_cm_registry.erl
@@ -48,7 +48,9 @@
 -define(TAB, emqx_channel_registry).
 -define(LOCK, {?MODULE, cleanup_down}).
 
--rlog_shard({?ROUTE_SHARD, ?TAB}).
+-define(CM_SHARD, emqx_cm_shard).
+
+-rlog_shard({?CM_SHARD, ?TAB}).
 
 -record(channel, {chid, pid}).
 
@@ -111,6 +113,7 @@ init([]) ->
                 {storage_properties, [{ets, [{read_concurrency, true},
                                              {write_concurrency, true}]}]}]),
     ok = ekka_mnesia:copy_table(?TAB, ram_copies),
+    ok = ekka_rlog:wait_for_shards([?CM_SHARD], infinity),
     ok = ekka:monitor(membership),
     {ok, #{}}.
 
@@ -125,7 +128,7 @@ handle_cast(Msg, State) ->
 handle_info({membership, {mnesia, down, Node}}, State) ->
     global:trans({?LOCK, self()},
                  fun() ->
-                     ekka_mnesia:transaction(?ROUTE_SHARD, fun cleanup_channels/1, [Node])
+                     ekka_mnesia:transaction(?CM_SHARD, fun cleanup_channels/1, [Node])
                  end),
     {noreply, State};
 

From faad90c9d410166d2c333aca22de10afbd108c84 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Mon, 28 Jun 2021 16:12:06 +0800
Subject: [PATCH 120/174] chore(plugins): rm emqx-web-hook and mv webhook
 action to emqx_rule_actions

---
 .../src/emqx_bridge_mqtt.app.src              |   2 +-
 .../src/emqx_bridge_mqtt.appup.src            |  16 -
 apps/emqx_rule_actions/README.md              |  11 +
 .../rebar.config                              |  21 +-
 .../src/emqx_bridge_mqtt_actions.erl          |   0
 .../src/emqx_rule_actions.app.src             |  11 +
 .../src/emqx_web_hook_actions.erl             |   0
 apps/emqx_web_hook/.gitignore                 |  31 --
 apps/emqx_web_hook/README.md                  | 194 ---------
 apps/emqx_web_hook/TODO                       |   3 -
 apps/emqx_web_hook/etc/emqx_web_hook.conf     |  77 ----
 apps/emqx_web_hook/include/emqx_web_hook.hrl  |   1 -
 apps/emqx_web_hook/priv/emqx_web_hook.schema  | 105 -----
 apps/emqx_web_hook/src/emqx_web_hook.app.src  |  14 -
 .../emqx_web_hook/src/emqx_web_hook.appup.src |  18 -
 apps/emqx_web_hook/src/emqx_web_hook.erl      | 390 -----------------
 apps/emqx_web_hook/src/emqx_web_hook_app.erl  | 102 -----
 apps/emqx_web_hook/src/emqx_web_hook_sup.erl  |  29 --
 .../test/emqx_web_hook_SUITE.erl              | 284 -------------
 .../test/emqx_web_hook_SUITE_data/ca.pem      |  19 -
 .../emqx_web_hook_SUITE_data/client-cert.pem  |  19 -
 .../emqx_web_hook_SUITE_data/client-key.pem   |  27 --
 .../emqx_web_hook_SUITE_data/server-cert.pem  |  19 -
 .../emqx_web_hook_SUITE_data/server-key.pem   |  27 --
 apps/emqx_web_hook/test/http_server.erl       | 102 -----
 .../test/props/prop_webhook_confs.erl         | 146 -------
 .../test/props/prop_webhook_hooks.erl         | 397 ------------------
 rebar.config.erl                              |   2 +-
 28 files changed, 38 insertions(+), 2029 deletions(-)
 delete mode 100644 apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src
 create mode 100644 apps/emqx_rule_actions/README.md
 rename apps/{emqx_web_hook => emqx_rule_actions}/rebar.config (57%)
 rename apps/{emqx_bridge_mqtt => emqx_rule_actions}/src/emqx_bridge_mqtt_actions.erl (100%)
 create mode 100644 apps/emqx_rule_actions/src/emqx_rule_actions.app.src
 rename apps/{emqx_web_hook => emqx_rule_actions}/src/emqx_web_hook_actions.erl (100%)
 delete mode 100644 apps/emqx_web_hook/.gitignore
 delete mode 100644 apps/emqx_web_hook/README.md
 delete mode 100644 apps/emqx_web_hook/TODO
 delete mode 100644 apps/emqx_web_hook/etc/emqx_web_hook.conf
 delete mode 100644 apps/emqx_web_hook/include/emqx_web_hook.hrl
 delete mode 100644 apps/emqx_web_hook/priv/emqx_web_hook.schema
 delete mode 100644 apps/emqx_web_hook/src/emqx_web_hook.app.src
 delete mode 100644 apps/emqx_web_hook/src/emqx_web_hook.appup.src
 delete mode 100644 apps/emqx_web_hook/src/emqx_web_hook.erl
 delete mode 100644 apps/emqx_web_hook/src/emqx_web_hook_app.erl
 delete mode 100644 apps/emqx_web_hook/src/emqx_web_hook_sup.erl
 delete mode 100644 apps/emqx_web_hook/test/emqx_web_hook_SUITE.erl
 delete mode 100644 apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/ca.pem
 delete mode 100644 apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/client-cert.pem
 delete mode 100644 apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/client-key.pem
 delete mode 100644 apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/server-cert.pem
 delete mode 100644 apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/server-key.pem
 delete mode 100644 apps/emqx_web_hook/test/http_server.erl
 delete mode 100644 apps/emqx_web_hook/test/props/prop_webhook_confs.erl
 delete mode 100644 apps/emqx_web_hook/test/props/prop_webhook_hooks.erl

diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.app.src b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.app.src
index 83ce7a759..385c89965 100644
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.app.src
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.app.src
@@ -1,6 +1,6 @@
 {application, emqx_bridge_mqtt,
  [{description, "EMQ X Bridge to MQTT Broker"},
-  {vsn, "4.3.1"}, % strict semver, bump manually!
+  {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, []},
   {applications, [kernel,stdlib,replayq,emqtt]},
diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src
deleted file mode 100644
index 03e6119ae..000000000
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.appup.src
+++ /dev/null
@@ -1,16 +0,0 @@
-%% -*-: erlang -*-
-
-{VSN,
-  [
-    {"4.3.0", [
-     {load_module, emqx_bridge_worker, brutal_purge, soft_purge, []}
-   ]},
-    {<<".*">>, []}
-  ],
-  [
-    {"4.3.0", [
-     {load_module, emqx_bridge_worker, brutal_purge, soft_purge, []}
-    ]},
-    {<<".*">>, []}
-  ]
-}.
diff --git a/apps/emqx_rule_actions/README.md b/apps/emqx_rule_actions/README.md
new file mode 100644
index 000000000..c17e1a34a
--- /dev/null
+++ b/apps/emqx_rule_actions/README.md
@@ -0,0 +1,11 @@
+# emqx_rule_actions
+
+This project contains a collection of rule actions/resources. It is mainly for
+ making unit test easier. Also it's easier for us to create utils that many
+ modules depends on it.
+
+## Build
+-----
+
+    $ rebar3 compile
+
diff --git a/apps/emqx_web_hook/rebar.config b/apps/emqx_rule_actions/rebar.config
similarity index 57%
rename from apps/emqx_web_hook/rebar.config
rename to apps/emqx_rule_actions/rebar.config
index 387972c9f..097c18a3d 100644
--- a/apps/emqx_web_hook/rebar.config
+++ b/apps/emqx_rule_actions/rebar.config
@@ -1,18 +1,25 @@
-{plugins, [rebar3_proper]}.
-
 {deps, []}.
 
-{edoc_opts, [{preprocess, true}]}.
 {erl_opts, [warn_unused_vars,
             warn_shadow_vars,
             warn_unused_import,
             warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
+            no_debug_info,
+            compressed, %% for edge
+            {parse_transform}
+           ]}.
+
+{overrides, [{add, [{erl_opts, [no_debug_info, compressed]}]}]}.
+
+{edoc_opts, [{preprocess, true}]}.
 
 {xref_checks, [undefined_function_calls, undefined_functions,
                locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
+               warnings_as_errors, deprecated_functions
+              ]}.
+
 {cover_enabled, true}.
 {cover_opts, [verbose]}.
-{cover_export_enabled, true}.
\ No newline at end of file
+{cover_export_enabled, true}.
+
+{plugins, [rebar3_proper]}.
diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_actions.erl b/apps/emqx_rule_actions/src/emqx_bridge_mqtt_actions.erl
similarity index 100%
rename from apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_actions.erl
rename to apps/emqx_rule_actions/src/emqx_bridge_mqtt_actions.erl
diff --git a/apps/emqx_rule_actions/src/emqx_rule_actions.app.src b/apps/emqx_rule_actions/src/emqx_rule_actions.app.src
new file mode 100644
index 000000000..fd95c3572
--- /dev/null
+++ b/apps/emqx_rule_actions/src/emqx_rule_actions.app.src
@@ -0,0 +1,11 @@
+{application, emqx_rule_actions,
+ [{description, "Rule actions"},
+  {vsn, "5.0.0"},
+  {registered, []},
+  {applications,
+   [kernel,stdlib]},
+  {env,[]},
+  {modules, []},
+  {licenses, ["Apache 2.0"]},
+  {links, []}
+ ]}.
diff --git a/apps/emqx_web_hook/src/emqx_web_hook_actions.erl b/apps/emqx_rule_actions/src/emqx_web_hook_actions.erl
similarity index 100%
rename from apps/emqx_web_hook/src/emqx_web_hook_actions.erl
rename to apps/emqx_rule_actions/src/emqx_web_hook_actions.erl
diff --git a/apps/emqx_web_hook/.gitignore b/apps/emqx_web_hook/.gitignore
deleted file mode 100644
index e6348348a..000000000
--- a/apps/emqx_web_hook/.gitignore
+++ /dev/null
@@ -1,31 +0,0 @@
-.rebar3
-_*
-.eunit
-*.o
-*.beam
-*.plt
-*.swp
-*.swo
-.erlang.cookie
-ebin
-log
-erl_crash.dump
-.rebar
-logs
-_build
-.idea
-data
-.DS_Store
-.erlang.mk/
-cover
-ct.coverdata
-deps
-eunit.coverdata
-test/ct.cover.spec
-emqx_web_hook.d
-emq_web_hook.d
-rebar.lock
-erlang.mk
-rebar3.crashdump
-etc/emqx_web_hook.conf.rendered
-Mnesia.nonode@nohost
diff --git a/apps/emqx_web_hook/README.md b/apps/emqx_web_hook/README.md
deleted file mode 100644
index c76c2936d..000000000
--- a/apps/emqx_web_hook/README.md
+++ /dev/null
@@ -1,194 +0,0 @@
-
-# emqx-web-hook
-
-EMQ X WebHook plugin.
-
-Please see: [EMQ X - WebHook](https://docs.emqx.io/broker/latest/en/advanced/webhook.html)
-
-## emqx_web_hook.conf
-
-```properties
-## The web services URL for Hook request
-##
-## Value: String
-web.hook.url = http://127.0.0.1:8080
-
-## Encode message payload field
-##
-## Value: base64 | base62
-## web.hook.encode_payload = base64
-
-##--------------------------------------------------------------------
-## Hook Rules
-
-## These configuration items represent a list of events should be forwarded
-##
-## Format:
-##   web.hook.rule.<HookName>.<No> = <Spec>
-web.hook.rule.client.connect.1       = {"action": "on_client_connect"}
-web.hook.rule.client.connack.1       = {"action": "on_client_connack"}
-web.hook.rule.client.connected.1     = {"action": "on_client_connected"}
-web.hook.rule.client.disconnected.1  = {"action": "on_client_disconnected"}
-web.hook.rule.client.subscribe.1     = {"action": "on_client_subscribe"}
-web.hook.rule.client.unsubscribe.1   = {"action": "on_client_unsubscribe"}
-web.hook.rule.session.subscribed.1   = {"action": "on_session_subscribed"}
-web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"}
-web.hook.rule.session.terminated.1   = {"action": "on_session_terminated"}
-web.hook.rule.message.publish.1      = {"action": "on_message_publish"}
-web.hook.rule.message.delivered.1    = {"action": "on_message_delivered"}
-web.hook.rule.message.acked.1        = {"action": "on_message_acked"}
-```
-
-## API
-
-The HTTP request parameter format:
-
-* client.connected
-```json
-{
-    "action":"client_connected",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117",
-    "keepalive": 60,
-    "ipaddress": "127.0.0.1",
-    "proto_ver": 4,
-    "connected_at": 1556176748,
-    "conn_ack":0
-}
-```
-
-* client.disconnected
-```json
-{
-    "action":"client_disconnected",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117",
-    "reason":"normal"
-}
-```
-
-* client.subscribe
-```json
-{
-    "action":"client_subscribe",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117",
-    "topic":"world",
-    "opts":{
-        "qos":0
-    }
-}
-```
-
-* client.unsubscribe
-```json
-{
-    "action":"client_unsubscribe",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117",
-    "topic":"world"
-}
-```
-
-* session.created
-```json
-{
-    "action":"session_created",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117"
-}
-```
-
-* session.subscribed
-```json
-{
-    "action":"session_subscribed",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117",
-    "topic":"world",
-    "opts":{
-        "qos":0
-    }
-}
-```
-
-* session.unsubscribed
-```json
-{
-    "action":"session_unsubscribed",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117",
-    "topic":"world"
-}
-```
-
-* session.terminated
-```json
-{
-    "action":"session_terminated",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117",
-    "reason":"normal"
-}
-```
-
-* message.publish
-```json
-{
-    "action":"message_publish",
-    "from_client_id":"C_1492410235117",
-    "from_username":"C_1492410235117",
-    "topic":"world",
-    "qos":0,
-    "retain":true,
-    "payload":"Hello world!",
-    "ts":1492412774
-}
-```
-
-* message.delivered
-```json
-{
-    "action":"message_delivered",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117",
-    "from_client_id":"C_1492410235117",
-    "from_username":"C_1492410235117",
-    "topic":"world",
-    "qos":0,
-    "retain":true,
-    "payload":"Hello world!",
-    "ts":1492412826
-}
-```
-
-* message.acked
-```json
-{
-    "action":"message_acked",
-    "clientid":"C_1492410235117",
-    "username":"C_1492410235117",
-    "from_client_id":"C_1492410235117",
-    "from_username":"C_1492410235117",
-    "topic":"world",
-    "qos":1,
-    "retain":true,
-    "payload":"Hello world!",
-    "ts":1492412914
-}
-```
-
-## License
-
-Apache License Version 2.0
-
-## Author
-
-* [Sakib Sami](https://github.com/s4kibs4mi)
-
-## Contributors
-
-* [Deng](https://github.com/turtleDeng)
-* [vishr](https://github.com/vishr)
-* [emqplus](https://github.com/emqplus)
-* [huangdan](https://github.com/huangdan)
diff --git a/apps/emqx_web_hook/TODO b/apps/emqx_web_hook/TODO
deleted file mode 100644
index 31bf5a2ad..000000000
--- a/apps/emqx_web_hook/TODO
+++ /dev/null
@@ -1,3 +0,0 @@
-1. HTTPS
-2. More HTTP Headers and Options
-3. MQTT 5.0
diff --git a/apps/emqx_web_hook/etc/emqx_web_hook.conf b/apps/emqx_web_hook/etc/emqx_web_hook.conf
deleted file mode 100644
index 6707e4673..000000000
--- a/apps/emqx_web_hook/etc/emqx_web_hook.conf
+++ /dev/null
@@ -1,77 +0,0 @@
-##====================================================================
-## WebHook
-##====================================================================
-
-## Webhook URL
-##
-## Value: String
-web.hook.url = "http://127.0.0.1:80"
-
-## HTTP Headers
-##
-## Example:
-## 1. web.hook.headers.content-type = "application/json"
-## 2. web.hook.headers.accept = "*"
-##
-## Value: String
-web.hook.headers.content-type = "application/json"
-
-## The encoding format of the payload field in the HTTP body
-## The payload field only appears in the on_message_publish and on_message_delivered actions
-##
-## Value: plain | base64 | base62
-web.hook.body.encoding_of_payload_field = plain
-
-##--------------------------------------------------------------------
-## PEM format file of CA's
-##
-## Value: File
-## web.hook.ssl.cacertfile  = <PEM format file of CA's>
-
-## Certificate file to use, PEM format assumed
-##
-## Value: File
-## web.hook.ssl.certfile = <Certificate file to use>
-
-## Private key file to use, PEM format assumed
-##
-## Value: File
-## web.hook.ssl.keyfile = <Private key file to use>
-
-## Turn on peer certificate verification
-##
-## Value: true | false
-## web.hook.ssl.verify = false
-
-## If not specified, the server's names returned in server's certificate is validated against
-## what's provided `web.hook.url` config's host part.
-## Setting to 'disable' will make EMQ X ignore unmatched server names.
-## If set with a host name, the server's names returned in server's certificate is validated
-## against this value.
-##
-## Value: String | disable
-## web.hook.ssl.server_name_indication = disable
-
-## Connection process pool size
-##
-## Value: Number
-web.hook.pool_size = 32
-
-##--------------------------------------------------------------------
-## Hook Rules
-## These configuration items represent a list of events should be forwarded
-##
-## Format:
-##   web.hook.rule.<HookName>.<No> = <Spec>
-#web.hook.rule.client.connect.1       = "{"action": "on_client_connect"}"
-#web.hook.rule.client.connack.1       = "{"action": "on_client_connack"}"
-#web.hook.rule.client.connected.1     = "{"action": "on_client_connected"}"
-#web.hook.rule.client.disconnected.1  = "{"action": "on_client_disconnected"}"
-#web.hook.rule.client.subscribe.1     = "{"action": "on_client_subscribe"}"
-#web.hook.rule.client.unsubscribe.1   = "{"action": "on_client_unsubscribe"}"
-#web.hook.rule.session.subscribed.1   = "{"action": "on_session_subscribed"}"
-#web.hook.rule.session.unsubscribed.1 = "{"action": "on_session_unsubscribed"}"
-#web.hook.rule.session.terminated.1   = "{"action": "on_session_terminated"}"
-#web.hook.rule.message.publish.1      = "{"action": "on_message_publish"}"
-#web.hook.rule.message.delivered.1    = "{"action": "on_message_delivered"}"
-#web.hook.rule.message.acked.1        = ""{"action": "on_message_acked"}"
diff --git a/apps/emqx_web_hook/include/emqx_web_hook.hrl b/apps/emqx_web_hook/include/emqx_web_hook.hrl
deleted file mode 100644
index 73019ec8c..000000000
--- a/apps/emqx_web_hook/include/emqx_web_hook.hrl
+++ /dev/null
@@ -1 +0,0 @@
--define(APP, emqx_web_hook).
diff --git a/apps/emqx_web_hook/priv/emqx_web_hook.schema b/apps/emqx_web_hook/priv/emqx_web_hook.schema
deleted file mode 100644
index 8ba1cc0fd..000000000
--- a/apps/emqx_web_hook/priv/emqx_web_hook.schema
+++ /dev/null
@@ -1,105 +0,0 @@
-%%-*- mode: erlang -*-
-%% EMQ X R3.0 config mapping
-
-{mapping, "web.hook.url", "emqx_web_hook.url", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.headers.$name", "emqx_web_hook.headers", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.body.encoding_of_payload_field", "emqx_web_hook.encoding_of_payload_field", [
-  {default, plain},
-  {datatype, {enum, [plain, base62, base64]}}
-]}.
-
-{mapping, "web.hook.ssl.cacertfile", "emqx_web_hook.cacertfile", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.ssl.certfile", "emqx_web_hook.certfile", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.ssl.keyfile", "emqx_web_hook.keyfile", [
-  {default, ""},
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.ssl.verify", "emqx_web_hook.verify", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "web.hook.ssl.server_name_indication", "emqx_web_hook.server_name_indication", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.pool_size", "emqx_web_hook.pool_size", [
-  {default, 32},
-  {datatype, integer}
-]}.
-
-{mapping, "web.hook.rule.client.connect.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.client.connack.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.client.connected.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.client.disconnected.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.client.subscribe.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.client.unsubscribe.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.session.subscribed.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.session.unsubscribed.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.session.terminated.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.message.publish.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.message.acked.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{mapping, "web.hook.rule.message.delivered.$name", "emqx_web_hook.rules", [
-  {datatype, string}
-]}.
-
-{translation, "emqx_web_hook.headers", fun(Conf) ->
-  Headers = cuttlefish_variable:filter_by_prefix("web.hook.headers", Conf),
-  [{K, V} || {[_, _, _, K], V} <- Headers]
-end}.
-
-{translation, "emqx_web_hook.rules", fun(Conf) ->
-  Hooks = cuttlefish_variable:filter_by_prefix("web.hook.rule", Conf),
-  lists:map(
-    fun({[_, _, _,Name1,Name2, _], Val}) -> 
-	  {lists:concat([Name1,".",Name2]), Val}
-	end, Hooks)
-end}.
diff --git a/apps/emqx_web_hook/src/emqx_web_hook.app.src b/apps/emqx_web_hook/src/emqx_web_hook.app.src
deleted file mode 100644
index e1cfda173..000000000
--- a/apps/emqx_web_hook/src/emqx_web_hook.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_web_hook,
- [{description, "EMQ X WebHook Plugin"},
-  {vsn, "4.3.2"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_web_hook_sup]},
-  {applications, [kernel,stdlib,ehttpc]},
-  {mod, {emqx_web_hook_app,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-web-hook"}
-          ]}
- ]}.
diff --git a/apps/emqx_web_hook/src/emqx_web_hook.appup.src b/apps/emqx_web_hook/src/emqx_web_hook.appup.src
deleted file mode 100644
index ae6e9e1ae..000000000
--- a/apps/emqx_web_hook/src/emqx_web_hook.appup.src
+++ /dev/null
@@ -1,18 +0,0 @@
-%% -*-: erlang -*-
-
-{VSN,
-  [
-    {<<"4.3.[0-1]">>, [
-     {restart_application, emqx_web_hook},
-     {apply,{emqx_rule_engine,refresh_resource,[web_hook]}}
-    ]},
-    {<<".*">>, []}
-  ],
-  [
-    {<<"4.3.[0-1]">>, [
-     {restart_application, emqx_web_hook},
-     {apply,{emqx_rule_engine,refresh_resource,[web_hook]}}
-    ]},
-    {<<".*">>, []}
-  ]
-}.
diff --git a/apps/emqx_web_hook/src/emqx_web_hook.erl b/apps/emqx_web_hook/src/emqx_web_hook.erl
deleted file mode 100644
index 7af83d749..000000000
--- a/apps/emqx_web_hook/src/emqx_web_hook.erl
+++ /dev/null
@@ -1,390 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_web_hook).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
-
--define(APP, emqx_web_hook).
-
--logger_header("[WebHook]").
-
--import(inet, [ntoa/1]).
-
-%% APIs
--export([ register_metrics/0
-        , load/0
-        , unload/0
-        ]).
-
-%% Hooks callback
--export([ on_client_connect/3
-        , on_client_connack/4
-        , on_client_connected/3
-        , on_client_disconnected/4
-        , on_client_subscribe/4
-        , on_client_unsubscribe/4
-        ]).
-
--export([ on_session_subscribed/4
-        , on_session_unsubscribed/4
-        , on_session_terminated/4
-        ]).
--export([ on_message_publish/2
-        , on_message_delivered/3
-        , on_message_acked/3
-        ]).
-
-%%--------------------------------------------------------------------
-%% APIs
-%%--------------------------------------------------------------------
-
-register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1,
-                  ['webhook.client_connect',
-                   'webhook.client_connack',
-                   'webhook.client_connected',
-                   'webhook.client_disconnected',
-                   'webhook.client_subscribe',
-                   'webhook.client_unsubscribe',
-                   'webhook.session_subscribed',
-                   'webhook.session_unsubscribed',
-                   'webhook.session_terminated',
-                   'webhook.message_publish',
-                   'webhook.message_delivered',
-                   'webhook.message_acked']).
-
-load() ->
-    lists:foreach(
-      fun({Hook, Fun, Filter}) ->
-        emqx:hook(Hook, {?MODULE, Fun, [{Filter}]})
-      end, parse_rule(application:get_env(?APP, rules, []))).
-
-unload() ->
-    lists:foreach(
-      fun({Hook, Fun, _Filter}) ->
-          emqx:unhook(Hook, {?MODULE, Fun})
-      end, parse_rule(application:get_env(?APP, rules, []))).
-
-%%--------------------------------------------------------------------
-%% Client connect
-%%--------------------------------------------------------------------
-
-on_client_connect(ConnInfo = #{clientid := ClientId, username := Username, peername := {Peerhost, _}}, _ConnProp, _Env) ->
-    emqx_metrics:inc('webhook.client_connect'),
-    Params = #{ action => client_connect
-              , node => node()
-              , clientid => ClientId
-              , username => maybe(Username)
-              , ipaddress => iolist_to_binary(ntoa(Peerhost))
-              , keepalive => maps:get(keepalive, ConnInfo)
-              , proto_ver => maps:get(proto_ver, ConnInfo)
-              },
-    send_http_request(ClientId, Params).
-
-%%--------------------------------------------------------------------
-%% Client connack
-%%--------------------------------------------------------------------
-
-on_client_connack(ConnInfo = #{clientid := ClientId, username := Username, peername := {Peerhost, _}}, Rc, _AckProp, _Env) ->
-    emqx_metrics:inc('webhook.client_connack'),
-    Params = #{ action => client_connack
-              , node => node()
-              , clientid => ClientId
-              , username => maybe(Username)
-              , ipaddress => iolist_to_binary(ntoa(Peerhost))
-              , keepalive => maps:get(keepalive, ConnInfo)
-              , proto_ver => maps:get(proto_ver, ConnInfo)
-              , conn_ack => Rc
-              },
-    send_http_request(ClientId, Params).
-
-%%--------------------------------------------------------------------
-%% Client connected
-%%--------------------------------------------------------------------
-
-on_client_connected(#{clientid := ClientId, username := Username, peerhost := Peerhost}, ConnInfo, _Env) ->
-    emqx_metrics:inc('webhook.client_connected'),
-    Params = #{ action => client_connected
-              , node => node()
-              , clientid => ClientId
-              , username => maybe(Username)
-              , ipaddress => iolist_to_binary(ntoa(Peerhost))
-              , keepalive => maps:get(keepalive, ConnInfo)
-              , proto_ver => maps:get(proto_ver, ConnInfo)
-              , connected_at => maps:get(connected_at, ConnInfo)
-              },
-    send_http_request(ClientId, Params).
-
-%%--------------------------------------------------------------------
-%% Client disconnected
-%%--------------------------------------------------------------------
-
-on_client_disconnected(ClientInfo, {shutdown, Reason}, ConnInfo, Env) when is_atom(Reason) ->
-    on_client_disconnected(ClientInfo, Reason, ConnInfo, Env);
-on_client_disconnected(#{clientid := ClientId, username := Username}, Reason, ConnInfo, _Env) ->
-    emqx_metrics:inc('webhook.client_disconnected'),
-    Params = #{ action => client_disconnected
-              , node => node()
-              , clientid => ClientId
-              , username => maybe(Username)
-              , reason => stringfy(maybe(Reason))
-              , disconnected_at => maps:get(disconnected_at, ConnInfo, erlang:system_time(millisecond))
-              },
-    send_http_request(ClientId, Params).
-
-%%--------------------------------------------------------------------
-%% Client subscribe
-%%--------------------------------------------------------------------
-
-on_client_subscribe(#{clientid := ClientId, username := Username}, _Properties, TopicTable, {Filter}) ->
-    lists:foreach(fun({Topic, Opts}) ->
-      with_filter(
-        fun() ->
-          emqx_metrics:inc('webhook.client_subscribe'),
-          Params = #{ action => client_subscribe
-                    , node => node()
-                    , clientid => ClientId
-                    , username => maybe(Username)
-                    , topic => Topic
-                    , opts => Opts
-                    },
-          send_http_request(ClientId, Params)
-        end, Topic, Filter)
-    end, TopicTable).
-
-%%--------------------------------------------------------------------
-%% Client unsubscribe
-%%--------------------------------------------------------------------
-
-on_client_unsubscribe(#{clientid := ClientId, username := Username}, _Properties, TopicTable, {Filter}) ->
-    lists:foreach(fun({Topic, Opts}) ->
-      with_filter(
-        fun() ->
-          emqx_metrics:inc('webhook.client_unsubscribe'),
-          Params = #{ action => client_unsubscribe
-                    , node => node()
-                    , clientid => ClientId
-                    , username => maybe(Username)
-                    , topic => Topic
-                    , opts => Opts
-                    },
-          send_http_request(ClientId, Params)
-        end, Topic, Filter)
-    end, TopicTable).
-
-%%--------------------------------------------------------------------
-%% Session subscribed
-%%--------------------------------------------------------------------
-
-on_session_subscribed(#{clientid := ClientId, username := Username}, Topic, Opts, {Filter}) ->
-    with_filter(
-      fun() ->
-        emqx_metrics:inc('webhook.session_subscribed'),
-        Params = #{ action => session_subscribed
-                  , node => node()
-                  , clientid => ClientId
-                  , username => maybe(Username)
-                  , topic => Topic
-                  , opts => Opts
-                  },
-        send_http_request(ClientId, Params)
-      end, Topic, Filter).
-
-%%--------------------------------------------------------------------
-%% Session unsubscribed
-%%--------------------------------------------------------------------
-
-on_session_unsubscribed(#{clientid := ClientId, username := Username}, Topic, _Opts, {Filter}) ->
-    with_filter(
-      fun() ->
-        emqx_metrics:inc('webhook.session_unsubscribed'),
-        Params = #{ action => session_unsubscribed
-                  , node => node()
-                  , clientid => ClientId
-                  , username => maybe(Username)
-                  , topic => Topic
-                  },
-        send_http_request(ClientId, Params)
-      end, Topic, Filter).
-
-%%--------------------------------------------------------------------
-%% Session terminated
-%%--------------------------------------------------------------------
-
-on_session_terminated(Info, {shutdown, Reason}, SessInfo, Env) when is_atom(Reason) ->
-    on_session_terminated(Info, Reason, SessInfo, Env);
-on_session_terminated(#{clientid := ClientId, username := Username}, Reason, _SessInfo, _Env) ->
-    emqx_metrics:inc('webhook.session_terminated'),
-    Params = #{ action => session_terminated
-              , node => node()
-              , clientid => ClientId
-              , username => maybe(Username)
-              , reason => stringfy(maybe(Reason))
-              },
-    send_http_request(ClientId, Params).
-
-%%--------------------------------------------------------------------
-%% Message publish
-%%--------------------------------------------------------------------
-
-on_message_publish(Message = #message{topic = <<"$SYS/", _/binary>>}, _Env) ->
-    {ok, Message};
-on_message_publish(Message = #message{topic = Topic}, {Filter}) ->
-    with_filter(
-      fun() ->
-        emqx_metrics:inc('webhook.message_publish'),
-        {FromClientId, FromUsername} = parse_from(Message),
-        Params = #{ action => message_publish
-                  , node => node()
-                  , from_client_id => FromClientId
-                  , from_username => FromUsername
-                  , topic => Message#message.topic
-                  , qos => Message#message.qos
-                  , retain => emqx_message:get_flag(retain, Message)
-                  , payload => encode_payload(Message#message.payload)
-                  , ts => Message#message.timestamp
-                  },
-        send_http_request(FromClientId, Params),
-        {ok, Message}
-      end, Message, Topic, Filter).
-
-%%--------------------------------------------------------------------
-%% Message deliver
-%%--------------------------------------------------------------------
-
-on_message_delivered(_ClientInfo,#message{topic = <<"$SYS/", _/binary>>}, _Env) ->
-    ok;
-on_message_delivered(#{clientid := ClientId, username := Username},
-                     Message = #message{topic = Topic}, {Filter}) ->
-  with_filter(
-    fun() ->
-      emqx_metrics:inc('webhook.message_delivered'),
-      {FromClientId, FromUsername} = parse_from(Message),
-      Params = #{ action => message_delivered
-                , node => node()
-                , clientid => ClientId
-                , username => maybe(Username)
-                , from_client_id => FromClientId
-                , from_username => FromUsername
-                , topic => Message#message.topic
-                , qos => Message#message.qos
-                , retain => emqx_message:get_flag(retain, Message)
-                , payload => encode_payload(Message#message.payload)
-                , ts => Message#message.timestamp
-                },
-      send_http_request(ClientId, Params)
-    end, Topic, Filter).
-
-%%--------------------------------------------------------------------
-%% Message acked
-%%--------------------------------------------------------------------
-
-on_message_acked(_ClientInfo, #message{topic = <<"$SYS/", _/binary>>}, _Env) ->
-    ok;
-on_message_acked(#{clientid := ClientId, username := Username},
-                 Message = #message{topic = Topic}, {Filter}) ->
-    with_filter(
-      fun() ->
-        emqx_metrics:inc('webhook.message_acked'),
-        {FromClientId, FromUsername} = parse_from(Message),
-        Params = #{ action => message_acked
-                  , node => node()
-                  , clientid => ClientId
-                  , username => maybe(Username)
-                  , from_client_id => FromClientId
-                  , from_username => FromUsername
-                  , topic => Message#message.topic
-                  , qos => Message#message.qos
-                  , retain => emqx_message:get_flag(retain, Message)
-                  , payload => encode_payload(Message#message.payload)
-                  , ts => Message#message.timestamp
-                  },
-        send_http_request(ClientId, Params)
-      end, Topic, Filter).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-send_http_request(ClientID, Params) ->
-    {ok, Path} = application:get_env(?APP, path),
-    Headers = application:get_env(?APP, headers, []),
-    Body = emqx_json:encode(Params),
-    ?LOG(debug, "Send to: ~0p, params: ~s", [Path, Body]),
-    case ehttpc:request(ehttpc_pool:pick_worker(?APP, ClientID), post, {Path, Headers, Body}) of
-        {ok, StatusCode, _} when StatusCode >= 200 andalso StatusCode < 300 ->
-            ok;
-        {ok, StatusCode, _, _} when StatusCode >= 200 andalso StatusCode < 300 ->
-            ok;
-        {ok, StatusCode, _} ->
-            ?LOG(warning, "HTTP request failed with status code: ~p", [StatusCode]),
-            ok;
-        {ok, StatusCode, _, _} ->
-            ?LOG(warning, "HTTP request failed with status code: ~p", [StatusCode]),
-            ok;
-        {error, Reason} ->
-            ?LOG(error, "HTTP request error: ~p", [Reason]),
-            ok
-    end.
-
-parse_rule(Rules) ->
-    parse_rule(Rules, []).
-parse_rule([], Acc) ->
-    lists:reverse(Acc);
-parse_rule([{Rule, Conf} | Rules], Acc) ->
-    Params = emqx_json:decode(iolist_to_binary(Conf)),
-    Action = proplists:get_value(<<"action">>, Params),
-    Filter = proplists:get_value(<<"topic">>, Params),
-    parse_rule(Rules, [{list_to_atom(Rule), binary_to_existing_atom(Action, utf8), Filter} | Acc]).
-
-with_filter(Fun, _, undefined) ->
-    Fun(), ok;
-with_filter(Fun, Topic, Filter) ->
-    case emqx_topic:match(Topic, Filter) of
-        true  -> Fun(), ok;
-        false -> ok
-    end.
-
-with_filter(Fun, _, _, undefined) ->
-    Fun();
-with_filter(Fun, Msg, Topic, Filter) ->
-    case emqx_topic:match(Topic, Filter) of
-        true  -> Fun();
-        false -> {ok, Msg}
-    end.
-
-parse_from(Message) ->
-    {emqx_message:from(Message), maybe(emqx_message:get_header(username, Message))}.
-
-encode_payload(Payload) ->
-    encode_payload(Payload, application:get_env(?APP, encoding_of_payload_field, plain)).
-
-encode_payload(Payload, base62) -> emqx_base62:encode(Payload);
-encode_payload(Payload, base64) -> base64:encode(Payload);
-encode_payload(Payload, plain) -> Payload.
-
-stringfy(Term) when is_binary(Term) ->
-    Term;
-stringfy(Term) when is_atom(Term) ->
-    atom_to_binary(Term, utf8);
-stringfy(Term) ->
-    unicode:characters_to_binary((io_lib:format("~0p", [Term]))).
-
-maybe(undefined) -> null;
-maybe(Str) -> Str.
-
diff --git a/apps/emqx_web_hook/src/emqx_web_hook_app.erl b/apps/emqx_web_hook/src/emqx_web_hook_app.erl
deleted file mode 100644
index 580742c47..000000000
--- a/apps/emqx_web_hook/src/emqx_web_hook_app.erl
+++ /dev/null
@@ -1,102 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_web_hook_app).
-
--behaviour(application).
-
--emqx_plugin(?MODULE).
-
--include("emqx_web_hook.hrl").
-
--export([ start/2
-        , stop/1
-        ]).
-
-start(_StartType, _StartArgs) ->
-    translate_env(),
-    {ok, Sup} = emqx_web_hook_sup:start_link(),
-    {ok, PoolOpts} = application:get_env(?APP, pool_opts),
-    {ok, _Pid} = ehttpc_sup:start_pool(?APP, PoolOpts),
-    emqx_web_hook:register_metrics(),
-    emqx_web_hook:load(),
-    {ok, Sup}.
-
-stop(_State) ->
-    emqx_web_hook:unload(),
-    ehttpc_sup:stop_pool(?APP).
-
-translate_env() ->
-    {ok, URL} = application:get_env(?APP, url),
-    {ok, #{host := Host,
-           port := Port,
-           scheme := Scheme} = URIMap} = emqx_http_lib:uri_parse(URL),
-    Path = path(URIMap),
-    PoolSize = application:get_env(?APP, pool_size, 32),
-    MoreOpts = case Scheme of
-                   http ->
-                       [{transport_opts, emqx_misc:ipv6_probe([])}];
-                   https ->
-                       CACertFile = application:get_env(?APP, cacertfile, undefined),
-                       CertFile = application:get_env(?APP, certfile, undefined),
-                       KeyFile = application:get_env(?APP, keyfile, undefined),
-                       {ok, Verify} = application:get_env(?APP, verify),
-                       VerifyType = case Verify of
-                                       true -> verify_peer;
-                                       false -> verify_none
-                                   end,
-                       SNI = case application:get_env(?APP, server_name_indication, undefined) of
-                                 "disable" -> disable;
-                                 SNI0 -> SNI0
-                             end,
-                       TLSOpts = lists:filter(fun({_K, V}) ->
-                                                V /= <<>> andalso V /= undefined andalso V /= "" andalso true
-                                              end, [{keyfile, KeyFile},
-                                                    {certfile, CertFile},
-                                                    {cacertfile, CACertFile},
-                                                    {verify, VerifyType},
-                                                    {server_name_indication, SNI}]),
-                       NTLSOpts = [ {versions, emqx_tls_lib:default_versions()}
-                                  , {ciphers, emqx_tls_lib:default_ciphers()}
-                                  | TLSOpts
-                                  ],
-                       [{transport, ssl}, {transport_opts, emqx_misc:ipv6_probe(NTLSOpts)}]
-                end,
-    PoolOpts = [{host, Host},
-                {port, Port},
-                {pool_size, PoolSize},
-                {pool_type, hash},
-                {connect_timeout, 5000},
-                {retry, 5},
-                {retry_timeout, 1000}] ++ MoreOpts,
-    application:set_env(?APP, path, Path),
-    application:set_env(?APP, pool_opts, PoolOpts),
-    Headers = application:get_env(?APP, headers, []),
-    NHeaders = set_content_type(Headers),
-    application:set_env(?APP, headers, NHeaders).
-
-path(#{path := "", 'query' := Query}) ->
-    "?" ++ Query;
-path(#{path := Path, 'query' := Query}) ->
-    Path ++ "?" ++ Query;
-path(#{path := ""}) ->
-    "/";
-path(#{path := Path}) ->
-    Path.
-
-set_content_type(Headers) ->
-    NHeaders = proplists:delete(<<"Content-Type">>, proplists:delete(<<"content-type">>, Headers)),
-    [{<<"content-type">>, <<"application/json">>} | NHeaders].
diff --git a/apps/emqx_web_hook/src/emqx_web_hook_sup.erl b/apps/emqx_web_hook/src/emqx_web_hook_sup.erl
deleted file mode 100644
index ec46efaa0..000000000
--- a/apps/emqx_web_hook/src/emqx_web_hook_sup.erl
+++ /dev/null
@@ -1,29 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_web_hook_sup).
-
--behaviour(supervisor).
-
--export([start_link/0]).
-
--export([init/1]).
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-init([]) ->
-    {ok, {{one_for_all, 0, 1}, []}}.
diff --git a/apps/emqx_web_hook/test/emqx_web_hook_SUITE.erl b/apps/emqx_web_hook/test/emqx_web_hook_SUITE.erl
deleted file mode 100644
index 864e1b150..000000000
--- a/apps/emqx_web_hook/test/emqx_web_hook_SUITE.erl
+++ /dev/null
@@ -1,284 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_web_hook_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("eunit/include/eunit.hrl").
--include_lib("common_test/include/ct.hrl").
-
--define(HOOK_LOOKUP(H), emqx_hooks:lookup(list_to_atom(H))).
--define(ACTION(Name), #{<<"action">> := Name}).
-
-%%--------------------------------------------------------------------
-%% Setups
-%%--------------------------------------------------------------------
-
-all() ->
-    [ {group, http}
-    , {group, https}
-    , {group, ipv6http}
-    , {group, ipv6https}
-    , {group, all}
-    ].
-
-groups() ->
-    Cases = [test_full_flow],
-    [ {http, [sequence], Cases}
-    , {https, [sequence], Cases}
-    , {ipv6http, [sequence], Cases}
-    , {ipv6https, [sequence], Cases}
-    , {all, [sequence], emqx_ct:all(?MODULE)}
-    ].
-
-start_apps(F) -> emqx_ct_helpers:start_apps(apps(), F).
-
-init_per_group(Name, Config) ->
-    application:ensure_all_started(emqx_management),
-    set_special_cfgs(),
-    BasePort =
-        case Name of
-            all -> 8801;
-            http -> 8811;
-            https -> 8821;
-            ipv6http -> 8831;
-            ipv6https -> 8841
-        end,
-    CF = case Name of
-             all ->  fun set_special_configs_http/1;
-             http -> fun set_special_configs_http/1;
-             https -> fun set_special_configs_https/1;
-             ipv6http -> fun set_special_configs_ipv6_http/1;
-             ipv6https -> fun set_special_configs_ipv6_https/1
-         end,
-    start_apps(fun(_) -> CF(BasePort) end),
-    Opts = case atom_to_list(Name) of
-               "ipv6" ++ _ -> [{ip, {0,0,0,0,0,0,0,1}}, inet6];
-               _ -> [inet]
-           end,
-    [{base_port, BasePort}, {transport_opts, Opts} | Config].
-
-end_per_group(_Name, Config) ->
-    emqx_ct_helpers:stop_apps(apps()),
-    Config.
-
-set_special_configs_http(Port) ->
-    application:set_env(emqx_web_hook, url, "http://127.0.0.1:" ++ integer_to_list(Port)).
-
-set_special_configs_https(Port) ->
-    set_ssl_configs(),
-    application:set_env(emqx_web_hook, url, "https://127.0.0.1:" ++ integer_to_list(Port+1)).
-
-set_special_configs_ipv6_http(Port) ->
-    application:set_env(emqx_web_hook, url, "http://[::1]:" ++ integer_to_list(Port)).
-
-set_special_configs_ipv6_https(Port) ->
-    set_ssl_configs(),
-    application:set_env(emqx_web_hook, url, "https://[::1]:" ++ integer_to_list(Port+1)).
-
-set_ssl_configs() ->
-    Path = emqx_ct_helpers:deps_path(emqx_web_hook, "test/emqx_web_hook_SUITE_data/"),
-    SslOpts = [{keyfile, Path ++ "/client-key.pem"},
-               {certfile, Path ++ "/client-cert.pem"},
-               {cacertfile, Path ++ "/ca.pem"}],
-    application:set_env(emqx_web_hook, ssl, true),
-    application:set_env(emqx_web_hook, ssloptions, SslOpts).
-
-set_special_cfgs() ->
-    AllRules = [{"message.acked",        "{\"action\": \"on_message_acked\"}"},
-                {"message.delivered",    "{\"action\": \"on_message_delivered\"}"},
-                {"message.publish",      "{\"action\": \"on_message_publish\"}"},
-                {"session.terminated",   "{\"action\": \"on_session_terminated\"}"},
-                {"session.unsubscribed", "{\"action\": \"on_session_unsubscribed\"}"},
-                {"session.subscribed",   "{\"action\": \"on_session_subscribed\"}"},
-                {"client.unsubscribe",   "{\"action\": \"on_client_unsubscribe\"}"},
-                {"client.subscribe",     "{\"action\": \"on_client_subscribe\"}"},
-                {"client.disconnected",  "{\"action\": \"on_client_disconnected\"}"},
-                {"client.connected",     "{\"action\": \"on_client_connected\"}"},
-                {"client.connack",       "{\"action\": \"on_client_connack\"}"},
-                {"client.connect",       "{\"action\": \"on_client_connect\"}"}],
-    application:set_env(emqx_web_hook, rules, AllRules).
-
-%%--------------------------------------------------------------------
-%% Test cases
-%%--------------------------------------------------------------------
-
-test_full_flow(Config) ->
-    [_|_] = Opts = proplists:get_value(transport_opts, Config),
-    BasePort = proplists:get_value(base_port, Config),
-    Tester = self(),
-    {ok, ServerPid} = http_server:start_link(Tester, BasePort, Opts),
-    receive {ServerPid, ready} -> ok
-    after 1000 -> error(timeout)
-    end,
-    application:set_env(emqx_web_hook, headers, [{"k1","K1"}, {"k2", "K2"}]),
-    ClientId = iolist_to_binary(["client-", integer_to_list(erlang:system_time())]),
-    {ok, C} = emqtt:start_link([ {clientid, ClientId}
-                               , {proto_ver, v5}
-                               , {keepalive, 60}
-                               ]),
-    try
-        do_test_full_flow(C, ClientId)
-    after
-        Ref = erlang:monitor(process, ServerPid),
-        http_server:stop(ServerPid),
-        receive {'DOWN', Ref, _, _, _} -> ok
-        after 5000 -> error(timeout)
-        end
-    end.
-
-do_test_full_flow(C, ClientId) ->
-    {ok, _} = emqtt:connect(C),
-    {ok, _, _} = emqtt:subscribe(C, <<"TopicA">>, qos2),
-    {ok, _} = emqtt:publish(C, <<"TopicA">>, <<"Payload...">>, qos2),
-    {ok, _, _} = emqtt:unsubscribe(C, <<"TopicA">>),
-    emqtt:disconnect(C),
-    validate_params_and_headers(undefined, ClientId).
-
-validate_params_and_headers(ClientState, ClientId) ->
-    receive
-        {http_server, {Params0, _Bool}, Headers} ->
-            Params = emqx_json:decode(Params0, [return_maps]),
-            try
-                validate_hook_resp(ClientId, Params),
-                validate_hook_headers(Headers),
-                case maps:get(<<"action">>, Params) of
-                    <<"session_terminated">> ->
-                        ok;
-                    <<"client_connect">> ->
-                        validate_params_and_headers(connected, ClientId);
-                    _ ->
-                        validate_params_and_headers(ClientState, ClientId) %% continue looping
-                end
-            catch
-                throw : {unknown_client, Other} ->
-                    ct:pal("ignored_event_from_other_client ~p~nexpecting:~p~n~p~n~p",
-                           [Other, ClientId, Params, Headers]),
-                    validate_params_and_headers(ClientState, ClientId) %% continue looping
-            end
-    after
-        5000 ->
-              case ClientState =:= undefined of
-                  true  -> error("client_was_never_connected");
-                  false -> error("terminate_action_is_not_received_in_time")
-              end
-    end.
-
-t_check_hooked(_) ->
-    {ok, Rules} = application:get_env(emqx_web_hook, rules),
-    lists:foreach(fun({HookName, _Action}) ->
-                          Hooks = ?HOOK_LOOKUP(HookName),
-                          ?assertEqual(true, length(Hooks) > 0)
-                  end, Rules).
-
-t_change_config(_) ->
-    {ok, Rules} = application:get_env(emqx_web_hook, rules),
-    emqx_web_hook:unload(),
-    HookRules = lists:keydelete("message.delivered", 1, Rules),
-    application:set_env(emqx_web_hook, rules, HookRules),
-    emqx_web_hook:load(),
-    ?assertEqual([], ?HOOK_LOOKUP("message.delivered")),
-    emqx_web_hook:unload(),
-    application:set_env(emqx_web_hook, rules, Rules),
-    emqx_web_hook:load().
-
-%%--------------------------------------------------------------------
-%% Utils
-%%--------------------------------------------------------------------
-
-validate_hook_headers(Headers) ->
-    ?assertEqual(<<"K1">>, maps:get(<<"k1">>, Headers)),
-    ?assertEqual(<<"K2">>, maps:get(<<"k2">>, Headers)).
-
-validate_hook_resp(ClientId, Body = ?ACTION(<<"client_connect">>)) ->
-    assert_username_clientid(ClientId, Body),
-    ?assertEqual(5,  maps:get(<<"proto_ver">>, Body)),
-    ?assertEqual(60, maps:get(<<"keepalive">>, Body)),
-    ?assertEqual(<<"127.0.0.1">>, maps:get(<<"ipaddress">>, Body)),
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body)),
-    ok;
-validate_hook_resp(ClientId, Body = ?ACTION(<<"client_connack">>)) ->
-    assert_username_clientid(ClientId, Body),
-    ?assertEqual(5,  maps:get(<<"proto_ver">>, Body)),
-    ?assertEqual(60, maps:get(<<"keepalive">>, Body)),
-    ?assertEqual(<<"success">>, maps:get(<<"conn_ack">>, Body)),
-    ?assertEqual(<<"127.0.0.1">>, maps:get(<<"ipaddress">>, Body)),
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body)),
-    ok;
-validate_hook_resp(ClientId, Body = ?ACTION(<<"client_connected">>)) ->
-    assert_username_clientid(ClientId, Body),
-    _ = maps:get(<<"connected_at">>, Body),
-    ?assertEqual(5,  maps:get(<<"proto_ver">>, Body)),
-    ?assertEqual(60, maps:get(<<"keepalive">>, Body)),
-    ?assertEqual(<<"127.0.0.1">>, maps:get(<<"ipaddress">>, Body)),
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body));
-validate_hook_resp(ClientId, Body = ?ACTION(<<"client_disconnected">>)) ->
-    assert_username_clientid(ClientId, Body),
-    ?assertEqual(<<"normal">>, maps:get(<<"reason">>, Body)),
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body));
-validate_hook_resp(ClientId, Body = ?ACTION(<<"client_subscribe">>)) ->
-    assert_username_clientid(ClientId, Body),
-    _ = maps:get(<<"opts">>, Body),
-    ?assertEqual(<<"TopicA">>, maps:get(<<"topic">>, Body)),
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body));
-validate_hook_resp(ClientId, Body = ?ACTION(<<"client_unsubscribe">>)) ->
-    assert_username_clientid(ClientId, Body),
-    _ = maps:get(<<"opts">>, Body),
-    ?assertEqual(<<"TopicA">>, maps:get(<<"topic">>, Body)),
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body));
-validate_hook_resp(ClientId, Body = ?ACTION(<<"session_subscribed">>)) ->
-    assert_username_clientid(ClientId, Body),
-    _ = maps:get(<<"opts">>, Body),
-    ?assertEqual(<<"TopicA">>, maps:get(<<"topic">>, Body)),
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body));
-validate_hook_resp(ClientId, Body = ?ACTION(<<"session_unsubscribed">>)) ->
-    assert_username_clientid(ClientId, Body),
-    ?assertEqual(<<"TopicA">>, maps:get(<<"topic">>, Body)),
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body));
-validate_hook_resp(ClientId, Body = ?ACTION(<<"session_terminated">>)) ->
-    assert_username_clientid(ClientId, Body),
-    ?assertEqual(<<"normal">>, maps:get(<<"reason">>, Body)),
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body));
-validate_hook_resp(_ClientId, Body = ?ACTION(<<"message_publish">>)) ->
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body)),
-    assert_messages_attrs(Body);
-validate_hook_resp(_ClientId, Body = ?ACTION(<<"message_delivered">>)) ->
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body)),
-    assert_messages_attrs(Body);
-validate_hook_resp(_ClientId, Body = ?ACTION(<<"message_acked">>)) ->
-    ?assertEqual(<<"test@127.0.0.1">>, maps:get(<<"node">>, Body)),
-    assert_messages_attrs(Body).
-
-assert_username_clientid(ClientId, #{<<"clientid">> := ClientId, <<"username">> := Username}) ->
-    ?assertEqual(null, Username);
-assert_username_clientid(_ClientId, #{<<"clientid">> := Other}) ->
-    throw({unknown_client, Other}).
-
-assert_messages_attrs(#{ <<"ts">> := _
-                       , <<"qos">> := _
-                       , <<"topic">> := _
-                       , <<"retain">> := _
-                       , <<"payload">> := _
-                       , <<"from_username">> := _
-                       , <<"from_client_id">> := _
-                       }) ->
-    ok.
-
-apps() ->
-    [emqx_web_hook, emqx_modules, emqx_management, emqx_rule_engine].
diff --git a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/ca.pem b/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/ca.pem
deleted file mode 100644
index 00b31d8a4..000000000
--- a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/ca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAeugAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowPDE6MDgGA1UEAwwxTXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DQV9DZXJ0aWZpY2F0ZTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJBlAYvTQ6euY4HcSn4syH7kq9s
-KcG+OMjPUrj+KFEElCzgNuIhaS0f3ORQGB1PNcvVcfdXUI3WX332gWbr9s1b7Xl1
-JKJfDXs+26Cm6NhONTE3sPHnbTSmQEFb52hwAtjQmcY3IQs1AgxKFFHJfnCBEWfE
-ePBQaiuYk1XDESMdWpMLrPnYQaj9MpAOUxjlmZCayzPWlF0j0IWvfsF5TqZL7tFK
-9p5F/DzyZ4n1mqPVEoUmq5ZdSKj2TQkpWTMHBWHEDQQqXbyE1FGJR7zEUFeuG1KT
-sVBg7iZEC93SygZTbgUZSQXIwQCsO6xZ8MB2XDJkPbWp/3Wc6c8I6P09F48CAwEA
-AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADKz6bIpP5anp
-GgLB0jkclRWuMlS4qqIt4itSsMXPJ/ezpHwECixmgW2TIQl6S1woRkUeMxhT2/Ay
-Sn/7aKxuzRagyE5NEGOvrOuAP5RO2ZdNJ/X3/Rh533fK1sOTEEbSsWUvW6iSkZef
-rsfZBVP32xBhRWkKRdLeLB4W99ADMa0IrTmZPCXHSSE2V4e1o6zWLXcOZeH1Qh8N
-SkelBweR+8r1Fbvy1r3s7eH7DCbYoGEDVLQGOLvzHKBisQHmoDnnF5E9g1eeNRdg
-o+vhOKfYCOzeNREJIqS42PHcGhdNRk90ycigPmfUJclz1mDHoMjKR2S5oosTpr65
-tNPx3CL7GA==
------END CERTIFICATE-----
diff --git a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/client-cert.pem b/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/client-cert.pem
deleted file mode 100644
index aad1404ca..000000000
--- a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/client-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAzANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0N1oXDTMwMDYwOTAzMzg0N1owQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9DbGllbnRfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVYSWpOvCTupz82fc85Opv
-EQ7rkB8X2oOMyBCpkyHKBIr1ZQgRDWBp9UVOASq3GnSElm6+T3Kb1QbOffa8GIlw
-sjAueKdq5L2eSkmPIEQ7eoO5kEW+4V866hE1LeL/PmHg2lGP0iqZiJYtElhHNQO8
-3y9I7cm3xWMAA3SSWikVtpJRn3qIp2QSrH+tK+/HHbE5QwtPxdir4ULSCSOaM5Yh
-Wi5Oto88TZqe1v7SXC864JVvO4LuS7TuSreCdWZyPXTJFBFeCEWSAxonKZrqHbBe
-CwKML6/0NuzjaQ51c2tzmVI6xpHj3nnu4cSRx6Jf9WBm+35vm0wk4pohX3ptdzeV
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAByQ5zSNeFUH
-Aw7JlpZHtHaSEeiiyBHke20ziQ07BK1yi/ms2HAWwQkpZv149sjNuIRH8pkTmkZn
-g8PDzSefjLbC9AsWpWV0XNV22T/cdobqLqMBDDZ2+5bsV+jTrOigWd9/AHVZ93PP
-IJN8HJn6rtvo2l1bh/CdsX14uVSdofXnuWGabNTydqtMvmCerZsdf6qKqLL+PYwm
-RDpgWiRUY7KPBSSlKm/9lJzA+bOe4dHeJzxWFVCJcbpoiTFs1je1V8kKQaHtuW39
-ifX6LTKUMlwEECCbDKM8Yq2tm8NjkjCcnFDtKg8zKGPUu+jrFMN5otiC3wnKcP7r
-O9EkaPcgYH8=
------END CERTIFICATE-----
diff --git a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/client-key.pem b/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/client-key.pem
deleted file mode 100644
index 6789d0291..000000000
--- a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1WElqTrwk7qc/Nn3POTqbxEO65AfF9qDjMgQqZMhygSK9WUI
-EQ1gafVFTgEqtxp0hJZuvk9ym9UGzn32vBiJcLIwLninauS9nkpJjyBEO3qDuZBF
-vuFfOuoRNS3i/z5h4NpRj9IqmYiWLRJYRzUDvN8vSO3Jt8VjAAN0klopFbaSUZ96
-iKdkEqx/rSvvxx2xOUMLT8XYq+FC0gkjmjOWIVouTraPPE2antb+0lwvOuCVbzuC
-7ku07kq3gnVmcj10yRQRXghFkgMaJyma6h2wXgsCjC+v9Dbs42kOdXNrc5lSOsaR
-49557uHEkceiX/VgZvt+b5tMJOKaIV96bXc3lQIDAQABAoIBAF7yjXmSOn7h6P0y
-WCuGiTLG2mbDiLJqj2LTm2Z5i+2Cu/qZ7E76Ls63TxF4v3MemH5vGfQhEhR5ZD/6
-GRJ1sKKvB3WGRqjwA9gtojHH39S/nWGy6vYW/vMOOH37XyjIr3EIdIaUtFQBTSHd
-Kd71niYrAbVn6fyWHolhADwnVmTMOl5OOAhCdEF4GN3b5aIhIu8BJ7EUzTtHBJIj
-CAEfjZFjDs1y1cIgGFJkuIQxMfCpq5recU2qwip7YO6fk//WEjOPu7kSf5IEswL8
-jg1dea9rGBV6KaD2xsgsC6Ll6Sb4BbsrHMfflG3K2Lk3RdVqqTFp1Fn1PTLQE/1S
-S/SZPYECgYEA9qYcHKHd0+Q5Ty5wgpxKGa4UCWkpwvfvyv4bh8qlmxueB+l2AIdo
-ZvkM8gTPagPQ3WypAyC2b9iQu70uOJo1NizTtKnpjDdN1YpDjISJuS/P0x73gZwy
-gmoM5AzMtN4D6IbxXtXnPaYICvwLKU80ouEN5ZPM4/ODLUu6gsp0v2UCgYEA3Xgi
-zMC4JF0vEKEaK0H6QstaoXUmw/lToZGH3TEojBIkb/2LrHUclygtONh9kJSFb89/
-jbmRRLAOrx3HZKCNGUmF4H9k5OQyAIv6OGBinvLGqcbqnyNlI+Le8zxySYwKMlEj
-EMrBCLmSyi0CGFrbZ3mlj/oCET/ql9rNvcK+DHECgYAEx5dH3sMjtgp+RFId1dWB
-xePRgt4yTwewkVgLO5wV82UOljGZNQaK6Eyd7AXw8f38LHzh+KJQbIvxd2sL4cEi
-OaAoohpKg0/Y0YMZl//rPMf0OWdmdZZs/I0fZjgZUSwWN3c59T8z7KG/RL8an9RP
-S7kvN7wCttdV61/D5RR6GQKBgDxCe/WKWpBKaovzydMLWLTj7/0Oi0W3iXHkzzr4
-LTgvl4qBSofaNbVLUUKuZTv5rXUG2IYPf99YqCYtzBstNDc1MiAriaBeFtzfOW4t
-i6gEFtoLLbuvPc3N5Sv5vn8Ug5G9UfU3td5R4AbyyCcoUZqOFuZd+EIJSiOXfXOs
-kVmBAoGBAIU9aPAqhU5LX902oq8KsrpdySONqv5mtoStvl3wo95WIqXNEsFY60wO
-q02jKQmJJ2MqhkJm2EoF2Mq8+40EZ5sz8LdgeQ/M0yQ9lAhPi4rftwhpe55Ma9dk
-SE9X1c/DMCBEaIjJqVXdy0/EeArwpb8sHkguVVAZUWxzD+phm1gs
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/server-cert.pem b/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/server-cert.pem
deleted file mode 100644
index a2f9688df..000000000
--- a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/server-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNR
-TF9TZXJ2ZXJfOC4wLjE5X0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4X
-DTIwMDYxMTAzMzg0NloXDTMwMDYwOTAzMzg0NlowQDE+MDwGA1UEAww1TXlTUUxf
-U2VydmVyXzguMC4xOV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcEnEm5hqP1EbEJycOz8Ua
-NWp29QdpFUzTWhkKGhVXk+0msmNTw4NBAFB42moY44OU8wvDideOlJNhPRWveD8z
-G2lxzJA91p0UK4et8ia9MmeuCGhdC9jxJ8X69WNlUiPyy0hI/ZsqRq9Z0C2eW0iL
-JPXsy4X8Xpw3SFwoXf5pR9RFY5Pb2tuyxqmSestu2VXT/NQjJg4CVDR3mFcHPXZB
-4elRzH0WshExEGkgy0bg20MJeRc2Qdb5Xx+EakbmwroDWaCn3NSGqQ7jv6Vw0doy
-TGvS6h6RHBxnyqRfRgKGlCoOMG9/5+rFJC00QpCUG2vHXHWGoWlMlJ3foN7rj5v9
-AgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ5zt2rj4Ag6
-zpN59AWC1Fur8g8l41ksHkSpKPp+PtyO/ngvbMqBpfmK1e7JCKZv/68QXfMyWWAI
-hwalqZkXXWHKjuz3wE7dE25PXFXtGJtcZAaj10xt98fzdqt8lQSwh2kbfNwZIz1F
-sgAStgE7+ZTcqTgvNB76Os1UK0to+/P0VBWktaVFdyub4Nc2SdPVnZNvrRBXBwOD
-3V8ViwywDOFoE7DvCvwx/SVsvoC0Z4j3AMMovO6oHicP7uU83qsQgm1Qru3YeoLR
-+DoVi7IPHbWvN7MqFYn3YjNlByO2geblY7MR0BlqbFlmFrqLsUfjsh2ys7/U/knC
-dN/klu446fI=
------END CERTIFICATE-----
diff --git a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/server-key.pem b/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/server-key.pem
deleted file mode 100644
index a1dfd5f78..000000000
--- a/apps/emqx_web_hook/test/emqx_web_hook_SUITE_data/server-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAnBJxJuYaj9RGxCcnDs/FGjVqdvUHaRVM01oZChoVV5PtJrJj
-U8ODQQBQeNpqGOODlPMLw4nXjpSTYT0Vr3g/MxtpccyQPdadFCuHrfImvTJnrgho
-XQvY8SfF+vVjZVIj8stISP2bKkavWdAtnltIiyT17MuF/F6cN0hcKF3+aUfURWOT
-29rbssapknrLbtlV0/zUIyYOAlQ0d5hXBz12QeHpUcx9FrIRMRBpIMtG4NtDCXkX
-NkHW+V8fhGpG5sK6A1mgp9zUhqkO47+lcNHaMkxr0uoekRwcZ8qkX0YChpQqDjBv
-f+fqxSQtNEKQlBtrx1x1hqFpTJSd36De64+b/QIDAQABAoIBAFiah66Dt9SruLkn
-WR8piUaFyLlcBib8Nq9OWSTJBhDAJERxxb4KIvvGB+l0ZgNXNp5bFPSfzsZdRwZP
-PX5uj8Kd71Dxx3mz211WESMJdEC42u+MSmN4lGLkJ5t/sDwXU91E1vbJM0ve8THV
-4/Ag9qA4DX2vVZOeyqT/6YHpSsPNZplqzrbAiwrfHwkctHfgqwOf3QLfhmVQgfCS
-VwidBldEUv2whSIiIxh4Rv5St4kA68IBCbJxdpOpyuQBkk6CkxZ7VN9FqOuSd4Pk
-Wm7iWyBMZsCmELZh5XAXld4BEt87C5R4CvbPBDZxAv3THk1DNNvpy3PFQfwARRFb
-SAToYMECgYEAyL7U8yxpzHDYWd3oCx6vTi9p9N/z0FfAkWrRF6dm4UcSklNiT1Aq
-EOnTA+SaW8tV3E64gCWcY23gNP8so/ZseWj6L+peHwtchaP9+KB7yGw2A+05+lOx
-VetLTjAOmfpiUXFe5w1q4C1RGhLjZjjzW+GvwdAuchQgUEFaomrV+PUCgYEAxwfH
-cmVGFbAktcjU4HSRjKSfawCrut+3YUOLybyku3Q/hP9amG8qkVTFe95CTLjLe2D0
-ccaTTpofFEJ32COeck0g0Ujn/qQ+KXRoauOYs4FB1DtqMpqB78wufWEUpDpbd9/h
-J+gJdC/IADd4tJW9zA92g8IA7ZtFmqDtiSpQ0ekCgYAQGkaorvJZpN+l7cf0RGTZ
-h7IfI2vCVZer0n6tQA9fmLzjoe6r4AlPzAHSOR8sp9XeUy43kUzHKQQoHCPvjw/K
-eWJAP7OHF/k2+x2fOPhU7mEy1W+mJdp+wt4Kio5RSaVjVQ3AyPG+w8PSrJszEvRq
-dWMMz+851WV2KpfjmWBKlQKBgQC++4j4DZQV5aMkSKV1CIZOBf3vaIJhXKEUFQPD
-PmB4fBEjpwCg+zNGp6iktt65zi17o8qMjrb1mtCt2SY04eD932LZUHNFlwcLMmes
-Ad+aiDLJ24WJL1f16eDGcOyktlblDZB5gZ/ovJzXEGOkLXglosTfo77OQculmDy2
-/UL2WQKBgGeKasmGNfiYAcWio+KXgFkHXWtAXB9B91B1OFnCa40wx+qnl71MIWQH
-PQ/CZFNWOfGiNEJIZjrHsfNJoeXkhq48oKcT0AVCDYyLV0VxDO4ejT95mGW6njNd
-JpvmhwwAjOvuWVr0tn4iXlSK8irjlJHmwcRjLTJq97vE9fsA2MjI
------END RSA PRIVATE KEY-----
diff --git a/apps/emqx_web_hook/test/http_server.erl b/apps/emqx_web_hook/test/http_server.erl
deleted file mode 100644
index 791f725d1..000000000
--- a/apps/emqx_web_hook/test/http_server.erl
+++ /dev/null
@@ -1,102 +0,0 @@
-%%--------------------------------------------------------------------
-%% A Simple HTTP Server based cowboy
-%%
-%% It will deliver the http-request params to initialer process
-%%--------------------------------------------------------------------
-%%
-%% Author:wwhai
-%%
--module(http_server).
--behaviour(gen_server).
-
--export([start_link/3]).
--export([stop/1]).
--export([code_change/3, handle_call/3, handle_cast/2, handle_info/2, init/1, init/2, terminate/2]).
--record(state, {parent :: pid()}).
-%%--------------------------------------------------------------------
-%% APIs
-%%--------------------------------------------------------------------
-
-start_link(Parent, BasePort, Opts) ->
-    stop_http(),
-    stop_https(),
-    timer:sleep(100),
-    gen_server:start_link(?MODULE, {Parent, BasePort, Opts}, []).
-
-init({Parent, BasePort, Opts}) ->
-    ok = start_http(Parent, [{port, BasePort} | Opts]),
-    ok = start_https(Parent, [{port, BasePort + 1} | Opts]),
-    Parent ! {self(), ready},
-    {ok, #state{parent = Parent}}.
-
-handle_call(_Request, _From, State) ->
-    {reply, ignored, State}.
-
-handle_cast(_Msg, State) ->
-    {noreply, State}.
-
-handle_info(_Info, State) ->
-    {noreply, State}.
-
-terminate(_Reason, _State) ->
-    stop_http(),
-    stop_https().
-
-code_change(_OldVsn, State, _Extra) ->
-    {ok, State}.
-
-stop(Pid) ->
-    ok = gen_server:stop(Pid).
-
-%%--------------------------------------------------------------------
-%% Callbacks
-%%--------------------------------------------------------------------
-
-start_http(Parent, Opts) ->
-    {ok, _Pid1} = cowboy:start_clear(http, Opts, #{
-        env => #{dispatch => compile_router(Parent)}
-    }),
-    Port = proplists:get_value(port, Opts),
-    io:format(standard_error, "[TEST LOG] Start http server on ~p successfully!~n", [Port]).
-
-start_https(Parent, Opts) ->
-    Path = emqx_ct_helpers:deps_path(emqx_web_hook, "test/emqx_web_hook_SUITE_data/"),
-    SslOpts = [{keyfile, Path ++ "/server-key.pem"},
-               {cacertfile, Path ++ "/ca.pem"},
-               {certfile, Path ++ "/server-cert.pem"}],
-
-    {ok, _Pid2} = cowboy:start_tls(https, Opts ++ SslOpts,
-                                   #{env => #{dispatch => compile_router(Parent)}}),
-    Port = proplists:get_value(port, Opts),
-    io:format(standard_error, "[TEST LOG] Start https server on ~p successfully!~n", [Port]).
-
-stop_http() ->
-    cowboy:stop_listener(http),
-    io:format("[TEST LOG] Stopped http server").
-
-stop_https() ->
-    cowboy:stop_listener(https),
-    io:format("[TEST LOG] Stopped https server").
-
-compile_router(Parent) ->
-    {ok, _} = application:ensure_all_started(cowboy),
-    cowboy_router:compile([
-        {'_', [{"/", ?MODULE, #{parent => Parent}}]}
-    ]).
-
-init(Req, #{parent := Parent} = State) ->
-    Method = cowboy_req:method(Req),
-    Headers = cowboy_req:headers(Req),
-    [Params] = case Method of
-                 <<"GET">> -> cowboy_req:parse_qs(Req);
-                 <<"POST">> ->
-                     {ok, PostVals, _} = cowboy_req:read_urlencoded_body(Req),
-                     PostVals
-             end,
-    Parent ! {?MODULE, Params, Headers},
-    {ok, reply(Req, ok), State}.
-
-reply(Req, ok) ->
-    cowboy_req:reply(200, #{<<"content-type">> => <<"text/plain">>}, <<"ok">>, Req);
-reply(Req, error) ->
-    cowboy_req:reply(404, #{<<"content-type">> => <<"text/plain">>}, <<"deny">>, Req).
diff --git a/apps/emqx_web_hook/test/props/prop_webhook_confs.erl b/apps/emqx_web_hook/test/props/prop_webhook_confs.erl
deleted file mode 100644
index 8946ce1d2..000000000
--- a/apps/emqx_web_hook/test/props/prop_webhook_confs.erl
+++ /dev/null
@@ -1,146 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(prop_webhook_confs).
--include_lib("proper/include/proper.hrl").
-
--import(emqx_ct_proper_types,
-        [ url/0
-        , nof/1
-        ]).
-
--define(ALL(Vars, Types, Exprs),
-        ?SETUP(fun() ->
-            State = do_setup(),
-            fun() -> do_teardown(State) end
-         end, ?FORALL(Vars, Types, Exprs))).
-
-%%--------------------------------------------------------------------
-%% Properties
-%%--------------------------------------------------------------------
-
-prop_confs() ->
-    Schema = cuttlefish_schema:files(filelib:wildcard(code:priv_dir(emqx_web_hook) ++ "/*.schema")),
-    ?ALL({Url, Confs0}, {url(), confs()},
-        begin
-            Confs = [{"web.hook.url", Url}|Confs0],
-            Envs = cuttlefish_generator:map(Schema, cuttlefish_conf_file(Confs)),
-
-            assert_confs(Confs, Envs),
-
-            set_application_envs(Envs),
-            {ok, _} = application:ensure_all_started(emqx_web_hook),
-            application:stop(emqx_web_hook),
-            unset_application_envs(Envs),
-            true
-        end).
-
-%%--------------------------------------------------------------------
-%% Helpers
-%%--------------------------------------------------------------------
-
-do_setup() ->
-    logger:set_primary_config(#{level => warning}),
-    emqx_ct_helpers:start_apps([], fun set_special_cfgs/1),
-    ok.
-
-do_teardown(_) ->
-    emqx_ct_helpers:stop_apps([]),
-    logger:set_primary_config(#{level => info}),
-    ok.
-
-set_special_cfgs(_) ->
-    application:set_env(emqx, plugins_loaded_file, undefined),
-    application:set_env(emqx, modules_loaded_file, undefined),
-    ok.
-
-assert_confs([{"web.hook.url", Url}|More], Envs) ->
-    %% Assert!
-    Url = deep_get_env("emqx_web_hook.url", Envs),
-    assert_confs(More, Envs);
-
-assert_confs([{"web.hook.rule." ++ HookName0, Spec}|More], Envs) ->
-    HookName = re:replace(HookName0, "\\.[0-9]", "", [{return, list}]),
-    Rules = deep_get_env("emqx_web_hook.rules", Envs),
-
-    %% Assert!
-    Spec = proplists:get_value(HookName, Rules),
-
-    assert_confs(More, Envs);
-
-assert_confs([_|More], Envs) ->
-    assert_confs(More, Envs);
-
-assert_confs([], _) ->
-    true.
-
-deep_get_env(Path, Envs) ->
-    lists:foldl(
-      fun(_K, undefiend) -> undefiend;
-         (K, Acc) -> proplists:get_value(binary_to_atom(K, utf8), Acc)
-    end, Envs, re:split(Path, "\\.")).
-
-set_application_envs(Envs) ->
-    application:set_env(Envs).
-
-unset_application_envs(Envs) ->
-    lists:foreach(fun({App, Es}) ->
-        lists:foreach(fun({K, _}) ->
-            application:unset_env(App, K)
-        end, Es) end, Envs).
-
-cuttlefish_conf_file(Ls) when is_list(Ls) ->
-    [cuttlefish_conf_option(K,V) || {K, V} <- Ls].
-
-cuttlefish_conf_option(K, V)
-    when is_list(K) ->
-    {re:split(K, "[.]", [{return, list}]), V}.
-
-%%--------------------------------------------------------------------
-%% Generators
-%%--------------------------------------------------------------------
-
-confs() ->
-    nof([{"web.hook.headers.content-type",
-           oneof(["application/json"])},
-         {"web.hook.body.encoding_of_payload_field",
-           oneof(["plain", "base64", "base62"])},
-         {"web.hook.rule.client.connect.1", rule_spec()},
-         {"web.hook.rule.client.connack.1", rule_spec()},
-         {"web.hook.rule.client.connected.1", rule_spec()},
-         {"web.hook.rule.client.disconnected.1", rule_spec()},
-         {"web.hook.rule.client.subscribe.1", rule_spec()},
-         {"web.hook.rule.client.unsubscribe.1", rule_spec()},
-         {"web.hook.rule.session.subscribed.1", rule_spec()},
-         {"web.hook.rule.session.unsubscribed.1", rule_spec()},
-         {"web.hook.rule.session.terminated.1", rule_spec()},
-         {"web.hook.rule.message.publish.1", rule_spec()},
-         {"web.hook.rule.message.delivered.1", rule_spec()},
-         {"web.hook.rule.message.acked.1", rule_spec()}
-        ]).
-
-rule_spec() ->
-    ?LET(Action, action_names(),
-         begin
-            binary_to_list(emqx_json:encode(#{action => Action}))
-         end).
-
-action_names() ->
-    oneof([on_client_connect, on_client_connack, on_client_connected,
-           on_client_connected, on_client_disconnected, on_client_subscribe, on_client_unsubscribe,
-           on_session_subscribed, on_session_unsubscribed, on_session_terminated,
-           on_message_publish, on_message_delivered, on_message_acked]).
-
diff --git a/apps/emqx_web_hook/test/props/prop_webhook_hooks.erl b/apps/emqx_web_hook/test/props/prop_webhook_hooks.erl
deleted file mode 100644
index 311585287..000000000
--- a/apps/emqx_web_hook/test/props/prop_webhook_hooks.erl
+++ /dev/null
@@ -1,397 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(prop_webhook_hooks).
-
--include_lib("proper/include/proper.hrl").
-
--import(emqx_ct_proper_types,
-        [ conninfo/0
-        , clientinfo/0
-        , sessioninfo/0
-        , message/0
-        , connack_return_code/0
-        , topictab/0
-        , topic/0
-        , subopts/0
-        ]).
-
--define(ALL(Vars, Types, Exprs),
-        ?SETUP(fun() ->
-            State = do_setup(),
-            fun() -> do_teardown(State) end
-         end, ?FORALL(Vars, Types, Exprs))).
-
-%%--------------------------------------------------------------------
-%% Properties
-%%--------------------------------------------------------------------
-
-prop_client_connect() ->
-    ?ALL({ConnInfo, ConnProps, Env},
-         {conninfo(), conn_properties(), empty_env()},
-       begin
-           ok = emqx_web_hook:on_client_connect(ConnInfo, ConnProps, Env),
-           Body = receive_http_request_body(),
-           Body = emqx_json:encode(
-                    #{action => client_connect,
-                      node => stringfy(node()),
-                      clientid => maps:get(clientid, ConnInfo),
-                      username => maybe(maps:get(username, ConnInfo)),
-                      ipaddress => peer2addr(maps:get(peername, ConnInfo)),
-                      keepalive => maps:get(keepalive, ConnInfo),
-                      proto_ver => maps:get(proto_ver, ConnInfo)
-                     }),
-           true
-       end).
-
-prop_client_connack() ->
-    ?ALL({ConnInfo, Rc, AckProps, Env},
-         {conninfo(), connack_return_code(), ack_properties(), empty_env()},
-        begin
-            ok = emqx_web_hook:on_client_connack(ConnInfo, Rc, AckProps, Env),
-            Body = receive_http_request_body(),
-            Body = emqx_json:encode(
-                     #{action => client_connack,
-                       node => stringfy(node()),
-                       clientid => maps:get(clientid, ConnInfo),
-                       username => maybe(maps:get(username, ConnInfo)),
-                       ipaddress => peer2addr(maps:get(peername, ConnInfo)),
-                       keepalive => maps:get(keepalive, ConnInfo),
-                       proto_ver => maps:get(proto_ver, ConnInfo),
-                       conn_ack => Rc
-                       }),
-            true
-        end).
-
-prop_client_connected() ->
-    ?ALL({ClientInfo, ConnInfo, Env},
-         {clientinfo(), conninfo(), empty_env()},
-        begin
-            ok = emqx_web_hook:on_client_connected(ClientInfo, ConnInfo, Env),
-            Body = receive_http_request_body(),
-            Body = emqx_json:encode(
-                     #{action => client_connected,
-                       node => stringfy(node()),
-                       clientid => maps:get(clientid, ClientInfo),
-                       username => maybe(maps:get(username, ClientInfo)),
-                       ipaddress => peer2addr(maps:get(peerhost, ClientInfo)),
-                       keepalive => maps:get(keepalive, ConnInfo),
-                       proto_ver => maps:get(proto_ver, ConnInfo),
-                       connected_at => maps:get(connected_at, ConnInfo)
-                      }),
-            true
-        end).
-
-prop_client_disconnected() ->
-    ?ALL({ClientInfo, Reason, ConnInfo, Env},
-         {clientinfo(), shutdown_reason(), disconnected_conninfo(), empty_env()},
-        begin
-            ok = emqx_web_hook:on_client_disconnected(ClientInfo, Reason, ConnInfo, Env),
-            Body = receive_http_request_body(),
-            Body = emqx_json:encode(
-                     #{action => client_disconnected,
-                       node => stringfy(node()),
-                       clientid => maps:get(clientid, ClientInfo),
-                       username => maybe(maps:get(username, ClientInfo)),
-                       disconnected_at => maps:get(disconnected_at, ConnInfo),
-                       reason => stringfy(Reason)
-                      }),
-            true
-        end).
-
-prop_client_subscribe() ->
-    ?ALL({ClientInfo, SubProps, TopicTab, Env},
-         {clientinfo(), sub_properties(), topictab(), topic_filter_env()},
-        begin
-            ok = emqx_web_hook:on_client_subscribe(ClientInfo, SubProps, TopicTab, Env),
-
-            Matched = filter_topictab(TopicTab, Env),
-
-            lists:foreach(fun({Topic, Opts}) ->
-                Body = receive_http_request_body(),
-                Body = emqx_json:encode(
-                         #{action => client_subscribe,
-                           node => stringfy(node()),
-                           clientid => maps:get(clientid, ClientInfo),
-                           username => maybe(maps:get(username, ClientInfo)),
-                           topic => Topic,
-                           opts => Opts})
-            end, Matched),
-            true
-        end).
-
-prop_client_unsubscribe() ->
-    ?ALL({ClientInfo, SubProps, TopicTab, Env},
-         {clientinfo(), unsub_properties(), topictab(), topic_filter_env()},
-        begin
-            ok = emqx_web_hook:on_client_unsubscribe(ClientInfo, SubProps, TopicTab, Env),
-
-            Matched = filter_topictab(TopicTab, Env),
-
-            lists:foreach(fun({Topic, Opts}) ->
-                Body = receive_http_request_body(),
-                Body = emqx_json:encode(
-                         #{action => client_unsubscribe,
-                           node => stringfy(node()),
-                           clientid => maps:get(clientid, ClientInfo),
-                           username => maybe(maps:get(username, ClientInfo)),
-                           topic => Topic,
-                           opts => Opts})
-            end, Matched),
-            true
-        end).
-
-prop_session_subscribed() ->
-    ?ALL({ClientInfo, Topic, SubOpts, Env},
-         {clientinfo(), topic(), subopts(), topic_filter_env()},
-        begin
-            ok = emqx_web_hook:on_session_subscribed(ClientInfo, Topic, SubOpts, Env),
-            filter_topic_match(Topic, Env) andalso begin
-                Body = receive_http_request_body(),
-                Body1 = emqx_json:encode(
-                         #{action => session_subscribed,
-                           node => stringfy(node()),
-                           clientid => maps:get(clientid, ClientInfo),
-                           username => maybe(maps:get(username, ClientInfo)),
-                           topic => Topic,
-                           opts => SubOpts
-                          }),
-                Body = Body1
-            end,
-            true
-        end).
-
-prop_session_unsubscribed() ->
-    ?ALL({ClientInfo, Topic, SubOpts, Env},
-         {clientinfo(), topic(), subopts(), empty_env()},
-        begin
-            ok = emqx_web_hook:on_session_unsubscribed(ClientInfo, Topic, SubOpts, Env),
-            filter_topic_match(Topic, Env) andalso begin
-                Body = receive_http_request_body(),
-                Body = emqx_json:encode(
-                         #{action => session_unsubscribed,
-                           node => stringfy(node()),
-                           clientid => maps:get(clientid, ClientInfo),
-                           username => maybe(maps:get(username, ClientInfo)),
-                           topic => Topic
-                          })
-            end,
-            true
-        end).
-
-prop_session_terminated() ->
-    ?ALL({ClientInfo, Reason, SessInfo, Env},
-         {clientinfo(), shutdown_reason(), sessioninfo(), empty_env()},
-        begin
-            ok = emqx_web_hook:on_session_terminated(ClientInfo, Reason, SessInfo, Env),
-            Body = receive_http_request_body(),
-            Body = emqx_json:encode(
-                     #{action => session_terminated,
-                       node => stringfy(node()),
-                       clientid => maps:get(clientid, ClientInfo),
-                       username => maybe(maps:get(username, ClientInfo)),
-                       reason => stringfy(Reason)
-                      }),
-            true
-        end).
-
-prop_message_publish() ->
-    ?ALL({Msg, Env, Encode}, {message(), topic_filter_env(), payload_encode()},
-        begin
-            application:set_env(emqx_web_hook, encoding_of_payload_field, Encode),
-            {ok, Msg} = emqx_web_hook:on_message_publish(Msg, Env),
-            application:unset_env(emqx_web_hook, encoding_of_payload_field),
-
-            (not emqx_message:is_sys(Msg))
-                andalso filter_topic_match(emqx_message:topic(Msg), Env)
-                andalso begin
-                    Body = receive_http_request_body(),
-                    Body = emqx_json:encode(
-                             #{action => message_publish,
-                               node => stringfy(node()),
-                               from_client_id => emqx_message:from(Msg),
-                               from_username => maybe(emqx_message:get_header(username, Msg)),
-                               topic => emqx_message:topic(Msg),
-                               qos => emqx_message:qos(Msg),
-                               retain => emqx_message:get_flag(retain, Msg),
-                               payload => encode(emqx_message:payload(Msg), Encode),
-                               ts => emqx_message:timestamp(Msg)
-                              })
-                end,
-            true
-        end).
-
-prop_message_delivered() ->
-    ?ALL({ClientInfo, Msg, Env, Encode}, {clientinfo(), message(), topic_filter_env(), payload_encode()},
-        begin
-            application:set_env(emqx_web_hook, encoding_of_payload_field, Encode),
-            ok = emqx_web_hook:on_message_delivered(ClientInfo, Msg, Env),
-            application:unset_env(emqx_web_hook, encoding_of_payload_field),
-
-            (not emqx_message:is_sys(Msg))
-                andalso filter_topic_match(emqx_message:topic(Msg), Env)
-                andalso begin
-                    Body = receive_http_request_body(),
-                    Body = emqx_json:encode(
-                             #{action => message_delivered,
-                               node => stringfy(node()),
-                               clientid => maps:get(clientid, ClientInfo),
-                               username => maybe(maps:get(username, ClientInfo)),
-                               from_client_id => emqx_message:from(Msg),
-                               from_username => maybe(emqx_message:get_header(username, Msg)),
-                               topic => emqx_message:topic(Msg),
-                               qos => emqx_message:qos(Msg),
-                               retain => emqx_message:get_flag(retain, Msg),
-                               payload => encode(emqx_message:payload(Msg), Encode),
-                               ts => emqx_message:timestamp(Msg)
-                              })
-                end,
-            true
-        end).
-
-prop_message_acked() ->
-    ?ALL({ClientInfo, Msg, Env, Encode}, {clientinfo(), message(), empty_env(), payload_encode()},
-        begin
-            application:set_env(emqx_web_hook, encoding_of_payload_field, Encode),
-            ok = emqx_web_hook:on_message_acked(ClientInfo, Msg, Env),
-            application:unset_env(emqx_web_hook, encoding_of_payload_field),
-
-            (not emqx_message:is_sys(Msg))
-                andalso filter_topic_match(emqx_message:topic(Msg), Env)
-                andalso begin
-                    Body = receive_http_request_body(),
-                    Body = emqx_json:encode(
-                             #{action => message_acked,
-                               node => stringfy(node()),
-                               clientid => maps:get(clientid, ClientInfo),
-                               username => maybe(maps:get(username, ClientInfo)),
-                               from_client_id => emqx_message:from(Msg),
-                               from_username => maybe(emqx_message:get_header(username, Msg)),
-                               topic => emqx_message:topic(Msg),
-                               qos => emqx_message:qos(Msg),
-                               retain => emqx_message:get_flag(retain, Msg),
-                               payload => encode(emqx_message:payload(Msg), Encode),
-                               ts => emqx_message:timestamp(Msg)
-                              })
-                end,
-            true
-        end).
-
-%%--------------------------------------------------------------------
-%% Helper
-%%--------------------------------------------------------------------
-do_setup() ->
-    %% Pre-defined envs
-    application:set_env(emqx_web_hook, path, "path"),
-    application:set_env(emqx_web_hook, headers, []),
-
-    meck:new(ehttpc_pool, [passthrough, no_history]),
-    meck:expect(ehttpc_pool, pick_worker, fun(_, _) -> ok end),
-
-    Self = self(),
-    meck:new(ehttpc, [passthrough, no_history]),
-    meck:expect(ehttpc, request,
-                fun(_ClientId, Method, {Path, Headers, Body}) ->
-                    Self ! {Method, Path, Headers, Body}, {ok, 200, ok}
-                end),
-
-    meck:new(emqx_metrics, [passthrough, no_history]),
-    meck:expect(emqx_metrics, inc, fun(_) -> ok end),
-    ok.
-
-do_teardown(_) ->
-    meck:unload(ehttpc_pool),
-    meck:unload(ehttpc),
-    meck:unload(emqx_metrics).
-
-maybe(undefined) -> null;
-maybe(T) -> T.
-
-peer2addr({Host, _}) ->
-    list_to_binary(inet:ntoa(Host));
-peer2addr(Host) ->
-    list_to_binary(inet:ntoa(Host)).
-
-stringfy({shutdown, Reason}) ->
-    stringfy(Reason);
-stringfy(Term) when is_binary(Term) ->
-    Term;
-stringfy(Term) when is_atom(Term) ->
-    atom_to_binary(Term, utf8);
-stringfy(Term) ->
-    unicode:characters_to_binary(io_lib:format("~0p", [Term])).
-
-receive_http_request_body() ->
-    receive
-        {post, _, _, Body} ->
-            Body
-    after 100 ->
-        exit(waiting_message_timeout)
-    end.
-
-filter_topictab(TopicTab, {undefined}) ->
-    TopicTab;
-filter_topictab(TopicTab, {TopicFilter}) ->
-    lists:filter(fun({Topic, _}) -> emqx_topic:match(Topic, TopicFilter) end, TopicTab).
-
-filter_topic_match(_Topic, {undefined}) ->
-    true;
-filter_topic_match(Topic, {TopicFilter}) ->
-    emqx_topic:match(Topic, TopicFilter).
-
-encode(Bin, base64) ->
-    base64:encode(Bin);
-encode(Bin, base62) ->
-    emqx_base62:encode(Bin);
-encode(Bin, _) ->
-    Bin.
-
-%%--------------------------------------------------------------------
-%% Generators
-%%--------------------------------------------------------------------
-
-conn_properties() ->
-    #{}.
-
-ack_properties() ->
-    #{}.
-
-sub_properties() ->
-    #{}.
-
-unsub_properties() ->
-    #{}.
-
-shutdown_reason() ->
-    oneof([disconnected, not_autherised,
-           "list_reason", <<"binary_reason">>,
-           {tuple, reason},
-           {shutdown, emqx_ct_proper_types:limited_atom()}]).
-
-empty_env() ->
-    {undefined}.
-
-topic_filter_env() ->
-    oneof([{<<"#">>}, {undefined}, {topic()}]).
-
-payload_encode() ->
-    oneof([base62, base64, plain]).
-
-disconnected_conninfo() ->
-    ?LET(Info, conninfo(),
-         begin
-           Info#{disconnected_at => erlang:system_time(millisecond)}
-         end).
diff --git a/rebar.config.erl b/rebar.config.erl
index f28b43856..901749d72 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -286,8 +286,8 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_coap
     , emqx_stomp
     , emqx_authentication
-    , emqx_web_hook
     , emqx_statsd
+    , emqx_rule_actions
     ]
     ++ relx_plugin_apps_per_rel(ReleaseType)
     ++ relx_plugin_apps_enterprise(is_enterprise())

From 64ce0d0e4f4c5b0c824a029ca61c9afbe92844fe Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 28 Jun 2021 15:08:33 +0800
Subject: [PATCH 121/174] chore(acl): delete acl nomatch config item

---
 apps/emqx/src/emqx_access_control.erl          |  5 ++---
 apps/emqx/test/emqx_access_control_SUITE.erl   |  7 -------
 apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl |  6 +++---
 apps/emqx_authz/src/emqx_authz.erl             | 12 ++++++------
 apps/emqx_authz/test/emqx_authz_SUITE.erl      |  3 +--
 apps/emqx_coap/test/emqx_coap_SUITE.erl        |  1 +
 6 files changed, 13 insertions(+), 21 deletions(-)

diff --git a/apps/emqx/src/emqx_access_control.erl b/apps/emqx/src/emqx_access_control.erl
index 1ef885ed5..a679e6a5e 100644
--- a/apps/emqx/src/emqx_access_control.erl
+++ b/apps/emqx/src/emqx_access_control.erl
@@ -59,9 +59,8 @@ check_acl_cache(ClientInfo, PubSub, Topic) ->
         AclResult -> AclResult
     end.
 
-do_check_acl(ClientInfo = #{zone := Zone}, PubSub, Topic) ->
-    Default = emqx_zone:get_env(Zone, acl_nomatch, deny),
-    case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], Default) of
+do_check_acl(ClientInfo, PubSub, Topic) ->
+    case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], allow) of
         allow  -> allow;
         _Other -> deny
     end.
diff --git a/apps/emqx/test/emqx_access_control_SUITE.erl b/apps/emqx/test/emqx_access_control_SUITE.erl
index e4a888d14..ffe3f4fac 100644
--- a/apps/emqx/test/emqx_access_control_SUITE.erl
+++ b/apps/emqx/test/emqx_access_control_SUITE.erl
@@ -39,13 +39,6 @@ t_authenticate(_) ->
     ?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())).
 
 t_check_acl(_) ->
-    emqx_zone:set_env(zone, acl_nomatch, deny),
-    application:set_env(emqx, enable_acl_cache, false),
-    Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
-    ?assertEqual(deny, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)),
-
-    emqx_zone:set_env(zone, acl_nomatch, allow),
-    application:set_env(emqx, enable_acl_cache, true),
     Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
     ?assertEqual(allow, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)).
 
diff --git a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
index 8ce35b50c..250a959eb 100644
--- a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
+++ b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
@@ -197,8 +197,8 @@ t_connect_will_message(_) ->
 t_batch_subscribe(_) ->
     {ok, Client} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"batch_test">>}]),
     {ok, _} = emqtt:connect(Client),
-    application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
+    ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]),
+    meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> deny end),
     {ok, _, [?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED]} = emqtt:subscribe(Client, [{<<"t1">>, qos1},
@@ -209,7 +209,7 @@ t_batch_subscribe(_) ->
              ?RC_NO_SUBSCRIPTION_EXISTED]} = emqtt:unsubscribe(Client, [<<"t1">>,
                                                                         <<"t2">>,
                                                                         <<"t3">>]),
-    application:set_env(emqx, acl_nomatch, allow),
+    meck:unload(emqx_access_control),
     emqtt:disconnect(Client).
 
 t_connect_will_retain(_) ->
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index 24393a4b0..fde1169de 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -150,22 +150,22 @@ b2l(B) when is_binary(B) -> binary_to_list(B).
 
 %% @doc Check ACL
 -spec(check_authz(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), emqx_permission_rule:acl_result(), rules())
-      -> {ok, allow} | {ok, deny} | deny).
+      -> {stop, allow} | {ok, deny}).
 check_authz(#{username := Username,
               peerhost := IpAddress
-             } = Client, PubSub, Topic, DefaultResult, Rules) ->
+             } = Client, PubSub, Topic, _DefaultResult, Rules) ->
     case do_check_authz(Client, PubSub, Topic, Rules) of
         {matched, allow} ->
-            ?LOG(info, "Client succeeded authorizationa: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
+            ?LOG(info, "Client succeeded authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
             emqx_metrics:inc(?ACL_METRICS(allow)),
             {stop, allow};
         {matched, deny} ->
-            ?LOG(info, "Client failed authorizationa: Username: ~p, IP: ~p, Topic: ~p, Permission: deny", [Username, IpAddress, Topic]),
+            ?LOG(info, "Client failed authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: deny", [Username, IpAddress, Topic]),
             emqx_metrics:inc(?ACL_METRICS(deny)),
             {stop, deny};
         nomatch ->
-            ?LOG(info, "Client failed authorizationa: Username: ~p, IP: ~p, Topic: ~p, Reasion: ~p", [Username, IpAddress, Topic, "no-match rule"]),
-            DefaultResult
+            ?LOG(info, "Client failed authorization: Username: ~p, IP: ~p, Topic: ~p, Reasion: ~p", [Username, IpAddress, Topic, "no-match rule"]),
+            {stop, deny}
     end.
 
 do_check_authz(Client, PubSub, Topic,
diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl
index 88e250377..d036d1dec 100644
--- a/apps/emqx_authz/test/emqx_authz_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl
@@ -39,7 +39,6 @@ end_per_suite(_Config) ->
 set_special_configs(emqx) ->
     application:set_env(emqx, allow_anonymous, true),
     application:set_env(emqx, enable_acl_cache, false),
-    application:set_env(emqx, acl_nomatch, deny),
     ok;
 set_special_configs(emqx_authz) ->
     application:set_env(emqx, plugins_etc_dir,
@@ -145,7 +144,7 @@ t_authz(_) ->
     Rules3 = [emqx_authz:compile(Rule) || Rule <- [?RULE3, ?RULE4]],
     Rules4 = [emqx_authz:compile(Rule) || Rule <- [?RULE4, ?RULE1]],
 
-    ?assertEqual(deny,
+    ?assertEqual({stop, deny},
         emqx_authz:check_authz(ClientInfo1, subscribe, <<"#">>, deny, [])),
     ?assertEqual({stop, deny},
         emqx_authz:check_authz(ClientInfo1, subscribe, <<"+">>, deny, Rules1)),
diff --git a/apps/emqx_coap/test/emqx_coap_SUITE.erl b/apps/emqx_coap/test/emqx_coap_SUITE.erl
index 73c9ef162..416c99018 100644
--- a/apps/emqx_coap/test/emqx_coap_SUITE.erl
+++ b/apps/emqx_coap/test/emqx_coap_SUITE.erl
@@ -289,6 +289,7 @@ t_acl(Config) ->
         ok
     end,
 
+    ok = emqx_hooks:del('client.check_acl', {emqx_authz, check_authz}),
     file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
     application:set_env(emqx, plugins_etc_dir, OldPath),
     application:stop(emqx_authz).

From 98739224f6a639a67759d8efd974682d12bdba49 Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 28 Jun 2021 12:59:35 +0200
Subject: [PATCH 122/174] chore(emqx_sn): Add SN shard

---
 apps/emqx_sn/src/emqx_sn_registry.erl        | 16 ++++++++++------
 apps/emqx_sn/test/emqx_sn_registry_SUITE.erl |  4 ++--
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/apps/emqx_sn/src/emqx_sn_registry.erl b/apps/emqx_sn/src/emqx_sn_registry.erl
index 4a3b22585..4d2e656b3 100644
--- a/apps/emqx_sn/src/emqx_sn_registry.erl
+++ b/apps/emqx_sn/src/emqx_sn_registry.erl
@@ -44,6 +44,8 @@
         , code_change/3
         ]).
 
+-define(SN_SHARD, emqx_sn_shard).
+
 -define(TAB, ?MODULE).
 
 -record(state, {max_predef_topic_id = 0}).
@@ -56,6 +58,7 @@
 -boot_mnesia({mnesia, [boot]}).
 -copy_mnesia({mnesia, [copy]}).
 
+-rlog_shard({?SN_SHARD, ?TAB}).
 
 %% @doc Create or replicate tables.
 -spec(mnesia(boot | copy) -> ok).
@@ -74,6 +77,7 @@ mnesia(copy) ->
 
 -spec(start_link(list()) -> {ok, pid()} | ignore | {error, Reason :: term()}).
 start_link(PredefTopics) ->
+    ekka_mnesia:wait_for_shards([?SN_SHARD], infinity),
     gen_server:start_link({local, ?MODULE}, ?MODULE, [PredefTopics], []).
 
 -spec(stop() -> ok).
@@ -129,10 +133,10 @@ init([PredefTopics]) ->
     %% {ClientId, TopicName} -> TopicId
     MaxPredefId = lists:foldl(
                     fun({TopicId, TopicName}, AccId) ->
-                        mnesia:dirty_write(#emqx_sn_registry{key = {predef, TopicId},
-                                                             value = TopicName}),
-                        mnesia:dirty_write(#emqx_sn_registry{key = {predef, TopicName},
-                                                             value = TopicId}),
+                        ekka_mnesia:dirty_write(#emqx_sn_registry{key = {predef, TopicId},
+                                                                  value = TopicName}),
+                        ekka_mnesia:dirty_write(#emqx_sn_registry{key = {predef, TopicName},
+                                                                  value = TopicId}),
                         if TopicId > AccId -> TopicId; true -> AccId end
                     end, 0, PredefTopics),
     {ok, #state{max_predef_topic_id = MaxPredefId}}.
@@ -157,7 +161,7 @@ handle_call({register, ClientId, TopicName}, _From,
                         mnesia:write(#emqx_sn_registry{key = {ClientId, TopicId},
                                                             value = TopicName})
                     end,
-                    case mnesia:transaction(Fun) of
+                    case ekka_mnesia:transaction(?SN_SHARD, Fun) of
                         {atomic, ok} ->
                             {reply, TopicId, State};
                         {aborted, Error} ->
@@ -168,7 +172,7 @@ handle_call({register, ClientId, TopicName}, _From,
 
 handle_call({unregister, ClientId}, _From, State) ->
     Registry = mnesia:dirty_match_object({?TAB, {ClientId, '_'}, '_'}),
-    lists:foreach(fun(R) -> mnesia:dirty_delete_object(R) end, Registry),
+    lists:foreach(fun(R) -> ekka_mnesia:dirty_delete_object(R) end, Registry),
     {reply, ok, State};
 
 handle_call(Req, _From, State) ->
diff --git a/apps/emqx_sn/test/emqx_sn_registry_SUITE.erl b/apps/emqx_sn/test/emqx_sn_registry_SUITE.erl
index 8d320d8ed..58a458ecc 100644
--- a/apps/emqx_sn/test/emqx_sn_registry_SUITE.erl
+++ b/apps/emqx_sn/test/emqx_sn_registry_SUITE.erl
@@ -41,9 +41,10 @@ end_per_suite(_Config) ->
     ok.
 
 init_per_testcase(_TestCase, Config) ->
+    application:set_env(ekka, strict_mode, true),
     ekka_mnesia:start(),
     emqx_sn_registry:mnesia(boot),
-    mnesia:clear_table(emqx_sn_registry),
+    ekka_mnesia:clear_table(emqx_sn_registry),
     PredefTopics = application:get_env(emqx_sn, predefined, []),
     {ok, _Pid} = ?REGISTRY:start_link(PredefTopics),
     Config.
@@ -118,4 +119,3 @@ register_a_lot(N, Max) when N < Max ->
     Topic = iolist_to_binary(["Topic", integer_to_list(N)]),
     ?assertEqual(N, ?REGISTRY:register_topic(<<"ClientId">>, Topic)),
     register_a_lot(N+1, Max).
-

From 7c9861dbaa7ff82be7805aadc06a13f4e9c6ee0d Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 28 Jun 2021 14:04:47 +0200
Subject: [PATCH 123/174] chore(banned): Add banned shard

---
 apps/emqx/include/emqx.hrl    |  3 ++-
 apps/emqx/src/emqx_app.erl    |  2 +-
 apps/emqx/src/emqx_banned.erl | 19 ++++++++++---------
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/apps/emqx/include/emqx.hrl b/apps/emqx/include/emqx.hrl
index ba72a47b5..b38614562 100644
--- a/apps/emqx/include/emqx.hrl
+++ b/apps/emqx/include/emqx.hrl
@@ -23,6 +23,8 @@
 
 -define(Otherwise, true).
 
+-define(COMMON_SHARD, emqx_common_shard).
+
 %%--------------------------------------------------------------------
 %% Banner
 %%--------------------------------------------------------------------
@@ -134,4 +136,3 @@
         }).
 
 -endif.
-
diff --git a/apps/emqx/src/emqx_app.erl b/apps/emqx/src/emqx_app.erl
index 234f42645..61a5a5633 100644
--- a/apps/emqx/src/emqx_app.erl
+++ b/apps/emqx/src/emqx_app.erl
@@ -28,7 +28,7 @@
 
 -define(APP, emqx).
 
--define(EMQX_SHARDS, [route_shard]).
+-define(EMQX_SHARDS, [?ROUTE_SHARD, ?COMMON_SHARD]).
 
 -include("emqx_release.hrl").
 
diff --git a/apps/emqx/src/emqx_banned.erl b/apps/emqx/src/emqx_banned.erl
index 762a2b61b..16804d329 100644
--- a/apps/emqx/src/emqx_banned.erl
+++ b/apps/emqx/src/emqx_banned.erl
@@ -51,6 +51,8 @@
 
 -define(BANNED_TAB, ?MODULE).
 
+-rlog_shard({?COMMON_SHARD, ?BANNED_TAB}).
+
 %%--------------------------------------------------------------------
 %% Mnesia bootstrap
 %%--------------------------------------------------------------------
@@ -96,19 +98,19 @@ create(#{who    := Who,
          reason := Reason,
          at     := At,
          until  := Until}) ->
-    mnesia:dirty_write(?BANNED_TAB, #banned{who = Who,
-                                            by = By,
-                                            reason = Reason,
-                                            at = At,
-                                            until = Until});
+    ekka_mnesia:dirty_write(?BANNED_TAB, #banned{who = Who,
+                                                 by = By,
+                                                 reason = Reason,
+                                                 at = At,
+                                                 until = Until});
 create(Banned) when is_record(Banned, banned) ->
-    mnesia:dirty_write(?BANNED_TAB, Banned).
+    ekka_mnesia:dirty_write(?BANNED_TAB, Banned).
 
 -spec(delete({clientid, emqx_types:clientid()}
            | {username, emqx_types:username()}
            | {peerhost, emqx_types:peerhost()}) -> ok).
 delete(Who) ->
-    mnesia:dirty_delete(?BANNED_TAB, Who).
+    ekka_mnesia:dirty_delete(?BANNED_TAB, Who).
 
 info(InfoKey) ->
     mnesia:table_info(?BANNED_TAB, InfoKey).
@@ -129,7 +131,7 @@ handle_cast(Msg, State) ->
     {noreply, State}.
 
 handle_info({timeout, TRef, expire}, State = #{expiry_timer := TRef}) ->
-    mnesia:async_dirty(fun expire_banned_items/1, [erlang:system_time(second)]),
+    ekka_mnesia:transaction(?COMMON_SHARD, fun expire_banned_items/1, [erlang:system_time(second)]),
     {noreply, ensure_expiry_timer(State), hibernate};
 
 handle_info(Info, State) ->
@@ -160,4 +162,3 @@ expire_banned_items(Now) ->
               mnesia:delete_object(?BANNED_TAB, B, sticky_write);
          (_, _Acc) -> ok
       end, ok, ?BANNED_TAB).
-

From ce4800e6ae27cda0580d48863e3ecefc0b33d1dd Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 28 Jun 2021 14:18:04 +0200
Subject: [PATCH 124/174] chore(alarm): Alarm shard

---
 apps/emqx/src/emqx_alarm.erl          | 29 ++++++++++++++++++---------
 apps/emqx_sn/src/emqx_sn_registry.erl |  4 ++--
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/apps/emqx/src/emqx_alarm.erl b/apps/emqx/src/emqx_alarm.erl
index 62ce1af8b..a3a7420e3 100644
--- a/apps/emqx/src/emqx_alarm.erl
+++ b/apps/emqx/src/emqx_alarm.erl
@@ -90,6 +90,10 @@
 
 -define(DEACTIVATED_ALARM, emqx_deactivated_alarm).
 
+-rlog_shard({?COMMON_SHARD, ?ACTIVATED_ALARM}).
+-rlog_shard({?COMMON_SHARD, ?DEACTIVATED_ALARM}).
+
+
 -ifdef(TEST).
 -compile(export_all).
 -compile(nowarn_export_all).
@@ -182,7 +186,7 @@ handle_call({activate_alarm, Name, Details}, _From, State = #state{actions = Act
                                      details = Details,
                                      message = normalize_message(Name, Details),
                                      activate_at = erlang:system_time(microsecond)},
-            mnesia:dirty_write(?ACTIVATED_ALARM, Alarm),
+            ekka_mnesia:dirty_write(?ACTIVATED_ALARM, Alarm),
             do_actions(activate, Alarm, Actions),
             {reply, ok, State}
     end;
@@ -202,9 +206,14 @@ handle_call(delete_all_deactivated_alarms, _From, State) ->
     {reply, ok, State};
 
 handle_call({get_alarms, all}, _From, State) ->
-    Alarms = [normalize(Alarm) ||
-              Alarm <- ets:tab2list(?ACTIVATED_ALARM)
-                    ++ ets:tab2list(?DEACTIVATED_ALARM)],
+    {atomic, Alarms} =
+        ekka_mnesia:ro_transaction(
+          ?COMMON_SHARD,
+          fun() ->
+                  [normalize(Alarm) ||
+                      Alarm <- ets:tab2list(?ACTIVATED_ALARM)
+                          ++ ets:tab2list(?DEACTIVATED_ALARM)]
+          end),
     {reply, Alarms, State};
 
 handle_call({get_alarms, activated}, _From, State) ->
@@ -252,7 +261,7 @@ deactivate_alarm(Details, SizeLimit, Actions, #activated_alarm{
             case mnesia:dirty_first(?DEACTIVATED_ALARM) of
                 '$end_of_table' -> ok;
                 ActivateAt2 ->
-                    mnesia:dirty_delete(?DEACTIVATED_ALARM, ActivateAt2)
+                    ekka_mnesia:dirty_delete(?DEACTIVATED_ALARM, ActivateAt2)
             end;
         false -> ok
     end,
@@ -261,8 +270,8 @@ deactivate_alarm(Details, SizeLimit, Actions, #activated_alarm{
     DeActAlarm = make_deactivated_alarm(ActivateAt, Name, Details,
                     normalize_message(Name, Details),
                     erlang:system_time(microsecond)),
-    mnesia:dirty_write(?DEACTIVATED_ALARM, HistoryAlarm),
-    mnesia:dirty_delete(?ACTIVATED_ALARM, Name),
+    ekka_mnesia:dirty_write(?DEACTIVATED_ALARM, HistoryAlarm),
+    ekka_mnesia:dirty_delete(?ACTIVATED_ALARM, Name),
     do_actions(deactivate, DeActAlarm, Actions).
 
 make_deactivated_alarm(ActivateAt, Name, Details, Message, DeActivateAt) ->
@@ -279,7 +288,7 @@ deactivate_all_alarms() ->
                              details = Details,
                              message = Message,
                              activate_at = ActivateAt}) ->
-            mnesia:dirty_write(?DEACTIVATED_ALARM,
+            ekka_mnesia:dirty_write(?DEACTIVATED_ALARM,
                 #deactivated_alarm{
                     activate_at = ActivateAt,
                     name = Name,
@@ -291,7 +300,7 @@ deactivate_all_alarms() ->
 
 %% Delete all records from the given table, ignore result.
 clear_table(TableName) ->
-    case mnesia:clear_table(TableName) of
+    case ekka_mnesia:clear_table(TableName) of
         {aborted, Reason} ->
             ?LOG(warning, "Faile to clear table ~p reason: ~p",
                  [TableName, Reason]);
@@ -311,7 +320,7 @@ delete_expired_deactivated_alarms('$end_of_table', _Checkpoint) ->
 delete_expired_deactivated_alarms(ActivatedAt, Checkpoint) ->
     case ActivatedAt =< Checkpoint of
         true ->
-            mnesia:dirty_delete(?DEACTIVATED_ALARM, ActivatedAt),
+            ekka_mnesia:dirty_delete(?DEACTIVATED_ALARM, ActivatedAt),
             NActivatedAt = mnesia:dirty_next(?DEACTIVATED_ALARM, ActivatedAt),
             delete_expired_deactivated_alarms(NActivatedAt, Checkpoint);
         false ->
diff --git a/apps/emqx_sn/src/emqx_sn_registry.erl b/apps/emqx_sn/src/emqx_sn_registry.erl
index 4d2e656b3..903f61c70 100644
--- a/apps/emqx_sn/src/emqx_sn_registry.erl
+++ b/apps/emqx_sn/src/emqx_sn_registry.erl
@@ -77,7 +77,7 @@ mnesia(copy) ->
 
 -spec(start_link(list()) -> {ok, pid()} | ignore | {error, Reason :: term()}).
 start_link(PredefTopics) ->
-    ekka_mnesia:wait_for_shards([?SN_SHARD], infinity),
+    ekka_rlog:wait_for_shards([?SN_SHARD], infinity),
     gen_server:start_link({local, ?MODULE}, ?MODULE, [PredefTopics], []).
 
 -spec(stop() -> ok).
@@ -172,7 +172,7 @@ handle_call({register, ClientId, TopicName}, _From,
 
 handle_call({unregister, ClientId}, _From, State) ->
     Registry = mnesia:dirty_match_object({?TAB, {ClientId, '_'}, '_'}),
-    lists:foreach(fun(R) -> ekka_mnesia:dirty_delete_object(R) end, Registry),
+    lists:foreach(fun(R) -> ekka_mnesia:dirty_delete_object(?TAB, R) end, Registry),
     {reply, ok, State};
 
 handle_call(Req, _From, State) ->

From 26b2216e25aed075418994a499f36d2f0c61f149 Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 28 Jun 2021 15:08:25 +0200
Subject: [PATCH 125/174] chore(shared_sub): Add shared_sub shard

---
 apps/emqx/include/emqx.hrl        |  1 +
 apps/emqx/src/emqx_app.erl        |  2 +-
 apps/emqx/src/emqx_shared_sub.erl | 10 ++++++----
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/apps/emqx/include/emqx.hrl b/apps/emqx/include/emqx.hrl
index b38614562..9fe69fd30 100644
--- a/apps/emqx/include/emqx.hrl
+++ b/apps/emqx/include/emqx.hrl
@@ -24,6 +24,7 @@
 -define(Otherwise, true).
 
 -define(COMMON_SHARD, emqx_common_shard).
+-define(SHARED_SUB_SHARD, emqx_shared_sub_shard).
 
 %%--------------------------------------------------------------------
 %% Banner
diff --git a/apps/emqx/src/emqx_app.erl b/apps/emqx/src/emqx_app.erl
index 61a5a5633..dfdc9c0f8 100644
--- a/apps/emqx/src/emqx_app.erl
+++ b/apps/emqx/src/emqx_app.erl
@@ -28,7 +28,7 @@
 
 -define(APP, emqx).
 
--define(EMQX_SHARDS, [?ROUTE_SHARD, ?COMMON_SHARD]).
+-define(EMQX_SHARDS, [?ROUTE_SHARD, ?COMMON_SHARD, ?SHARED_SUB_SHARD]).
 
 -include("emqx_release.hrl").
 
diff --git a/apps/emqx/src/emqx_shared_sub.erl b/apps/emqx/src/emqx_shared_sub.erl
index 97aa778f3..c002653ba 100644
--- a/apps/emqx/src/emqx_shared_sub.erl
+++ b/apps/emqx/src/emqx_shared_sub.erl
@@ -77,6 +77,8 @@
 -define(NACK(Reason), {shared_sub_nack, Reason}).
 -define(NO_ACK, no_ack).
 
+-rlog_shard({?SHARED_SUB_SHARD, ?TAB}).
+
 -record(state, {pmon}).
 
 -record(emqx_shared_subscription, {group, topic, subpid}).
@@ -297,7 +299,7 @@ subscribers(Group, Topic) ->
 
 init([]) ->
     {ok, _} = mnesia:subscribe({table, ?TAB, simple}),
-    {atomic, PMon} = mnesia:transaction(fun init_monitors/0),
+    {atomic, PMon} = ekka_mnesia:transaction(?SHARED_SUB_SHARD, fun init_monitors/0),
     ok = emqx_tables:new(?SHARED_SUBS, [protected, bag]),
     ok = emqx_tables:new(?ALIVE_SUBS, [protected, set, {read_concurrency, true}]),
     {ok, update_stats(#state{pmon = PMon})}.
@@ -309,7 +311,7 @@ init_monitors() ->
       end, emqx_pmon:new(), ?TAB).
 
 handle_call({subscribe, Group, Topic, SubPid}, _From, State = #state{pmon = PMon}) ->
-    mnesia:dirty_write(?TAB, record(Group, Topic, SubPid)),
+    ekka_mnesia:dirty_write(?TAB, record(Group, Topic, SubPid)),
     case ets:member(?SHARED_SUBS, {Group, Topic}) of
         true  -> ok;
         false -> ok = emqx_router:do_add_route(Topic, {Group, node()})
@@ -319,7 +321,7 @@ handle_call({subscribe, Group, Topic, SubPid}, _From, State = #state{pmon = PMon
     {reply, ok, update_stats(State#state{pmon = emqx_pmon:monitor(SubPid, PMon)})};
 
 handle_call({unsubscribe, Group, Topic, SubPid}, _From, State) ->
-    mnesia:dirty_delete_object(?TAB, record(Group, Topic, SubPid)),
+    ekka_mnesia:dirty_delete_object(?TAB, record(Group, Topic, SubPid)),
     true = ets:delete_object(?SHARED_SUBS, {{Group, Topic}, SubPid}),
     delete_route_if_needed({Group, Topic}),
     {reply, ok, State};
@@ -373,7 +375,7 @@ cleanup_down(SubPid) ->
     ?IS_LOCAL_PID(SubPid) orelse ets:delete(?ALIVE_SUBS, SubPid),
     lists:foreach(
         fun(Record = #emqx_shared_subscription{topic = Topic, group = Group}) ->
-            ok = mnesia:dirty_delete_object(?TAB, Record),
+            ok = ekka_mnesia:dirty_delete_object(?TAB, Record),
             true = ets:delete_object(?SHARED_SUBS, {{Group, Topic}, SubPid}),
             delete_route_if_needed({Group, Topic})
         end, mnesia:dirty_match_object(#emqx_shared_subscription{_ = '_', subpid = SubPid})).

From 1618a90ddd810228f4973457ba457c566c3197ca Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 28 Jun 2021 18:14:36 +0200
Subject: [PATCH 126/174] chore(telemetry): Add an RLOG shard

---
 apps/emqx_telemetry/src/emqx_telemetry.erl | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/apps/emqx_telemetry/src/emqx_telemetry.erl b/apps/emqx_telemetry/src/emqx_telemetry.erl
index ea4017dc9..dd6e7aa4c 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry.erl
+++ b/apps/emqx_telemetry/src/emqx_telemetry.erl
@@ -90,6 +90,8 @@
 
 -define(TELEMETRY, emqx_telemetry).
 
+-rlog_shard({?COMMON_SHARD, ?TELEMETRY}).
+
 %%--------------------------------------------------------------------
 %% Mnesia bootstrap
 %%--------------------------------------------------------------------
@@ -146,9 +148,9 @@ init([Opts]) ->
                  [] ->
                      Enabled = proplists:get_value(enabled, Opts, true),
                      UUID = generate_uuid(),
-                     mnesia:dirty_write(?TELEMETRY, #telemetry{id = ?UNIQUE_ID,
-                                                               uuid = UUID,
-                                                               enabled = Enabled}),
+                     ekka_mnesia:dirty_write(?TELEMETRY, #telemetry{id = ?UNIQUE_ID,
+                                                                    uuid = UUID,
+                                                                    enabled = Enabled}),
                      State#state{enabled = Enabled, uuid = UUID};
                  [#telemetry{uuid = UUID, enabled = Enabled} | _] ->
                      State#state{enabled = Enabled, uuid = UUID}
@@ -162,16 +164,16 @@ init([Opts]) ->
     end.
 
 handle_call(enable, _From, State = #state{uuid = UUID}) ->
-    mnesia:dirty_write(?TELEMETRY, #telemetry{id = ?UNIQUE_ID,
-                                              uuid = UUID,
-                                              enabled = true}),
+    ekka_mnesia:dirty_write(?TELEMETRY, #telemetry{id = ?UNIQUE_ID,
+                                                   uuid = UUID,
+                                                   enabled = true}),
     _ = erlang:send(self(), first_report),
     {reply, ok, State#state{enabled = true}};
 
 handle_call(disable, _From, State = #state{uuid = UUID}) ->
-    mnesia:dirty_write(?TELEMETRY, #telemetry{id = ?UNIQUE_ID,
-                                              uuid = UUID,
-                                              enabled = false}),
+    ekka_mnesia:dirty_write(?TELEMETRY, #telemetry{id = ?UNIQUE_ID,
+                                                   uuid = UUID,
+                                                   enabled = false}),
     {reply, ok, State#state{enabled = false}};
 
 handle_call(is_enabled, _From, State = #state{enabled = Enabled}) ->

From 9ab5c88d209c08222bb877a8d10fb38212b524f1 Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 28 Jun 2021 20:22:06 +0200
Subject: [PATCH 127/174] chore(retainer): Add RLOG shard

---
 apps/emqx_retainer/include/emqx_retainer.hrl |  2 +-
 apps/emqx_retainer/src/emqx_retainer.erl     | 19 +++++++++++--------
 apps/emqx_retainer/src/emqx_retainer_cli.erl |  3 +--
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/apps/emqx_retainer/include/emqx_retainer.hrl b/apps/emqx_retainer/include/emqx_retainer.hrl
index a1e229cfb..a9978e206 100644
--- a/apps/emqx_retainer/include/emqx_retainer.hrl
+++ b/apps/emqx_retainer/include/emqx_retainer.hrl
@@ -17,4 +17,4 @@
 -define(APP, emqx_retainer).
 -define(TAB, ?APP).
 -record(retained, {topic, msg, expiry_time}).
-
+-define(RETAINER_SHARD, emqx_retainer_shard).
diff --git a/apps/emqx_retainer/src/emqx_retainer.erl b/apps/emqx_retainer/src/emqx_retainer.erl
index 9e6f60013..94c561b39 100644
--- a/apps/emqx_retainer/src/emqx_retainer.erl
+++ b/apps/emqx_retainer/src/emqx_retainer.erl
@@ -51,6 +51,8 @@
 
 -record(state, {stats_fun, stats_timer, expiry_timer}).
 
+-rlog_shard({?RETAINER_SHARD, ?TAB}).
+
 %%--------------------------------------------------------------------
 %% Load/Unload
 %%--------------------------------------------------------------------
@@ -84,7 +86,7 @@ dispatch(Pid, Topic) ->
 on_message_publish(Msg = #message{flags   = #{retain := true},
                                   topic   = Topic,
                                   payload = <<>>}, _Env) ->
-    mnesia:dirty_delete(?TAB, topic2tokens(Topic)),
+    ekka_mnesia:dirty_delete(?TAB, topic2tokens(Topic)),
     {ok, Msg};
 
 on_message_publish(Msg = #message{flags = #{retain := true}}, Env) ->
@@ -115,7 +117,7 @@ clean(Topic) when is_binary(Topic) ->
                           [_M] -> mnesia:delete({?TAB, Tokens}), 1
                       end
                   end,
-            {atomic, N} = mnesia:transaction(Fun), N
+            {atomic, N} = ekka_mnesia:transaction(?RETAINER_SHARD, Fun), N
     end.
 
 %%--------------------------------------------------------------------
@@ -139,6 +141,7 @@ init([Env]) ->
                 {attributes, record_info(fields, retained)},
                 {storage_properties, StoreProps}]),
     ok = ekka_mnesia:copy_table(?TAB, Copies),
+    ok = ekka_rlog:wait_for_shards([?RETAINER_SHARD], infinity),
     case mnesia:table_info(?TAB, storage_type) of
         Copies -> ok;
         _Other ->
@@ -201,11 +204,11 @@ store_retained(Msg = #message{topic = Topic, payload = Payload}, Env) ->
     case {is_table_full(Env), is_too_big(size(Payload), Env)} of
         {false, false} ->
             ok = emqx_metrics:inc('messages.retained'),
-            mnesia:dirty_write(?TAB, #retained{topic = topic2tokens(Topic),
-                                               msg = Msg,
-                                               expiry_time = get_expiry_time(Msg, Env)});
+            ekka_mnesia:dirty_write(?TAB, #retained{topic = topic2tokens(Topic),
+                                                    msg = Msg,
+                                                    expiry_time = get_expiry_time(Msg, Env)});
         {true, false} ->
-            {atomic, _} = mnesia:transaction(
+            {atomic, _} = ekka_mnesia:transaction(?RETAINER_SHARD,
                 fun() ->
                     case mnesia:read(?TAB, Topic) of
                         [_] ->
@@ -256,7 +259,7 @@ expire_messages() ->
     NowMs = erlang:system_time(millisecond),
     MsHd = #retained{topic = '$1', msg = '_', expiry_time = '$3'},
     Ms = [{MsHd, [{'=/=','$3',0}, {'<','$3',NowMs}], ['$1']}],
-    {atomic, _} = mnesia:transaction(
+    {atomic, _} = ekka_mnesia:transaction(?RETAINER_SHARD,
         fun() ->
             Keys = mnesia:select(?TAB, Ms, write),
             lists:foreach(fun(Key) -> mnesia:delete({?TAB, Key}) end, Keys)
@@ -293,7 +296,7 @@ match_delete_messages(Filter) ->
     MsHd = #retained{topic = Cond, msg = '_', expiry_time = '_'},
     Ms = [{MsHd, [], ['$_']}],
     Rs = mnesia:dirty_select(?TAB, Ms),
-    lists:foreach(fun(R) -> mnesia:dirty_delete_object(?TAB, R) end, Rs),
+    lists:foreach(fun(R) -> ekka_mnesia:dirty_delete_object(?TAB, R) end, Rs),
     length(Rs).
 
 %% @private
diff --git a/apps/emqx_retainer/src/emqx_retainer_cli.erl b/apps/emqx_retainer/src/emqx_retainer_cli.erl
index fe8fa9578..1e965946f 100644
--- a/apps/emqx_retainer/src/emqx_retainer_cli.erl
+++ b/apps/emqx_retainer/src/emqx_retainer_cli.erl
@@ -38,7 +38,7 @@ cmd(["topics"]) ->
 
 cmd(["clean"]) ->
     Size = mnesia:table_info(?TAB, size),
-    case mnesia:clear_table(?TAB) of
+    case ekka_mnesia:clear_table(?TAB) of
         {atomic, ok} -> emqx_ctl:print("Cleaned ~p retained messages~n", [Size]);
         {aborted, R} -> emqx_ctl:print("Aborted ~p~n", [R])
     end;
@@ -55,4 +55,3 @@ cmd(_) ->
 
 unload() ->
     emqx_ctl:unregister_command(retainer).
-

From 73ec8c47cc3200f7733d9d71062a3fa7a937e94e Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 28 Jun 2021 18:56:13 +0200
Subject: [PATCH 128/174] chore(rule_engine): Add an RLOG shard

---
 apps/emqx/include/emqx.hrl                    |  3 +++
 apps/emqx/src/emqx_app.erl                    |  6 +++++-
 .../src/emqx_rule_registry.erl                | 19 ++++++++++++++++---
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/apps/emqx/include/emqx.hrl b/apps/emqx/include/emqx.hrl
index 9fe69fd30..67744306e 100644
--- a/apps/emqx/include/emqx.hrl
+++ b/apps/emqx/include/emqx.hrl
@@ -89,6 +89,9 @@
 
 -define(ROUTE_SHARD, route_shard).
 
+
+-define(RULE_ENGINE_SHARD, emqx_rule_engine_shard).
+
 -record(route, {
           topic :: binary(),
           dest  :: node() | {binary(), node()}
diff --git a/apps/emqx/src/emqx_app.erl b/apps/emqx/src/emqx_app.erl
index dfdc9c0f8..06bebe465 100644
--- a/apps/emqx/src/emqx_app.erl
+++ b/apps/emqx/src/emqx_app.erl
@@ -28,7 +28,11 @@
 
 -define(APP, emqx).
 
--define(EMQX_SHARDS, [?ROUTE_SHARD, ?COMMON_SHARD, ?SHARED_SUB_SHARD]).
+-define(EMQX_SHARDS, [ ?ROUTE_SHARD
+                     , ?COMMON_SHARD
+                     , ?SHARED_SUB_SHARD
+                     , ?RULE_ENGINE_SHARD
+                     ]).
 
 -include("emqx_release.hrl").
 
diff --git a/apps/emqx_rule_engine/src/emqx_rule_registry.erl b/apps/emqx_rule_engine/src/emqx_rule_registry.erl
index 2d029f8e3..f2d717dba 100644
--- a/apps/emqx_rule_engine/src/emqx_rule_registry.erl
+++ b/apps/emqx_rule_engine/src/emqx_rule_registry.erl
@@ -19,6 +19,7 @@
 -behaviour(gen_server).
 
 -include("rule_engine.hrl").
+-include_lib("emqx/include/emqx.hrl").
 -include_lib("emqx/include/logger.hrl").
 -include_lib("stdlib/include/qlc.hrl").
 
@@ -95,6 +96,11 @@
 
 -define(T_CALL, 10000).
 
+-rlog_shard({?RULE_ENGINE_SHARD, ?RULE_TAB}).
+-rlog_shard({?RULE_ENGINE_SHARD, ?ACTION_TAB}).
+-rlog_shard({?RULE_ENGINE_SHARD, ?RES_TAB}).
+-rlog_shard({?RULE_ENGINE_SHARD, ?RES_TYPE_TAB}).
+
 %%------------------------------------------------------------------------------
 %% Mnesia bootstrap
 %%------------------------------------------------------------------------------
@@ -174,7 +180,7 @@ get_rules_ordered_by_ts() ->
         Query = qlc:q([E || E <- mnesia:table(?RULE_TAB)]),
         qlc:e(qlc:keysort(#rule.created_at, Query, [{order, ascending}]))
     end,
-    {atomic, List} = mnesia:transaction(F),
+    {atomic, List} = ekka_mnesia:transaction(?RULE_ENGINE_SHARD, F),
     List.
 
 -spec(get_rules_for(Topic :: binary()) -> list(emqx_rule_engine:rule())).
@@ -471,11 +477,18 @@ code_change(_OldVsn, State, _Extra) ->
 
 get_all_records(Tab) ->
     %mnesia:dirty_match_object(Tab, mnesia:table_info(Tab, wild_pattern)).
-    ets:tab2list(Tab).
+    %% Wrapping ets to a r/o transaction to avoid reading inconsistent
+    %% data during shard bootstrap
+    {atomic, Ret} =
+        ekka_mnesia:ro_transaction(?RULE_ENGINE_SHARD,
+                                   fun() ->
+                                           ets:tab2list(Tab)
+                                   end),
+    Ret.
 
 trans(Fun) -> trans(Fun, []).
 trans(Fun, Args) ->
-    case mnesia:transaction(Fun, Args) of
+    case ekka_mnesia:transaction(?RULE_ENGINE_SHARD, Fun, Args) of
         {atomic, Result} -> Result;
         {aborted, Reason} -> error(Reason)
     end.

From e8e956b074745c094c5d203d33382186e41a80da Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Mon, 28 Jun 2021 21:02:26 +0200
Subject: [PATCH 129/174] chore(mod_delayed): Add RLOG shard

---
 apps/emqx/include/emqx.hrl                 | 1 +
 apps/emqx/src/emqx_app.erl                 | 1 +
 apps/emqx_modules/src/emqx_mod_delayed.erl | 7 ++++---
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/apps/emqx/include/emqx.hrl b/apps/emqx/include/emqx.hrl
index 67744306e..d148e01a3 100644
--- a/apps/emqx/include/emqx.hrl
+++ b/apps/emqx/include/emqx.hrl
@@ -25,6 +25,7 @@
 
 -define(COMMON_SHARD, emqx_common_shard).
 -define(SHARED_SUB_SHARD, emqx_shared_sub_shard).
+-define(MOD_DELAYED_SHARD, emqx_delayed_shard).
 
 %%--------------------------------------------------------------------
 %% Banner
diff --git a/apps/emqx/src/emqx_app.erl b/apps/emqx/src/emqx_app.erl
index 06bebe465..60f0fc40d 100644
--- a/apps/emqx/src/emqx_app.erl
+++ b/apps/emqx/src/emqx_app.erl
@@ -32,6 +32,7 @@
                      , ?COMMON_SHARD
                      , ?SHARED_SUB_SHARD
                      , ?RULE_ENGINE_SHARD
+                     , ?MOD_DELAYED_SHARD
                      ]).
 
 -include("emqx_release.hrl").
diff --git a/apps/emqx_modules/src/emqx_mod_delayed.erl b/apps/emqx_modules/src/emqx_mod_delayed.erl
index ac5be58b2..925952078 100644
--- a/apps/emqx_modules/src/emqx_mod_delayed.erl
+++ b/apps/emqx_modules/src/emqx_mod_delayed.erl
@@ -58,6 +58,8 @@
 -define(SERVER, ?MODULE).
 -define(MAX_INTERVAL, 4294967).
 
+-rlog_shard({?MOD_DELAYED_SHARD, ?TAB}).
+
 %%--------------------------------------------------------------------
 %% Mnesia bootstrap
 %%--------------------------------------------------------------------
@@ -137,7 +139,7 @@ init([]) ->
            ensure_publish_timer(#{timer => undefined, publish_at => 0}))}.
 
 handle_call({store, DelayedMsg = #delayed_message{key = Key}}, _From, State) ->
-    ok = mnesia:dirty_write(?TAB, DelayedMsg),
+    ok = ekka_mnesia:dirty_write(?TAB, DelayedMsg),
     emqx_metrics:inc('messages.delayed'),
     {reply, ok, ensure_publish_timer(Key, State)};
 
@@ -152,7 +154,7 @@ handle_cast(Msg, State) ->
 %% Do Publish...
 handle_info({timeout, TRef, do_publish}, State = #{timer := TRef}) ->
     DeletedKeys = do_publish(mnesia:dirty_first(?TAB), os:system_time(seconds)),
-    lists:foreach(fun(Key) -> mnesia:dirty_delete(?TAB, Key) end, DeletedKeys),
+    lists:foreach(fun(Key) -> ekka_mnesia:dirty_delete(?TAB, Key) end, DeletedKeys),
     {noreply, ensure_publish_timer(State#{timer := undefined, publish_at := 0})};
 
 handle_info(stats, State = #{stats_fun := StatsFun}) ->
@@ -222,4 +224,3 @@ do_publish(Key = {Ts, _Id}, Now, Acc) when Ts =< Now ->
 
 -spec(delayed_count() -> non_neg_integer()).
 delayed_count() -> mnesia:table_info(?TAB, size).
-

From cc5bc4f7ca3e831210d37dde3b3befd2ae013f24 Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Tue, 29 Jun 2021 00:27:53 +0200
Subject: [PATCH 130/174] build(rlog): Add xref check for forbidden mnesia APIs

---
 rebar.config | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/rebar.config b/rebar.config
index 205d892aa..e5f46125a 100644
--- a/rebar.config
+++ b/rebar.config
@@ -15,6 +15,15 @@
 {xref_checks,[undefined_function_calls,undefined_functions,locals_not_used,
               deprecated_function_calls,warnings_as_errors,deprecated_functions]}.
 
+%% Check for the mnesia calls forbidden by Ekka:
+{xref_queries,
+ [ {"E || \"mnesia\":\"dirty_write\"/\".*\" : Fun", []}
+ , {"E || \"mnesia\":\"dirty_delete.*\"/\".*\" : Fun", []}
+ , {"E || \"mnesia\":\"transaction\"/\".*\" : Fun", []}
+ , {"E || \"mnesia\":\"async_dirty\"/\".*\" : Fun", []}
+ , {"E || \"mnesia\":\"clear_table\"/\".*\" : Fun", []}
+ ]}.
+
 {dialyzer, [
     {warnings, [unmatched_returns, error_handling, race_conditions]},
     {plt_location, "."},

From c63bdc355a444f637edeac874778f80a9896685f Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 28 Jun 2021 15:17:21 +0800
Subject: [PATCH 131/174] chore: rename check_acl to check_authz

update emqx_coap vsn

rename OnClientCheckAcl to OnClientCheckAuthz in exhook
---
 apps/emqx/src/emqx_access_control.erl         | 18 +++++++-------
 apps/emqx/src/emqx_channel.erl                |  4 ++--
 apps/emqx/src/emqx_metrics.erl                |  4 ++--
 apps/emqx/test/emqx_access_control_SUITE.erl  |  4 ++--
 apps/emqx/test/emqx_acl_test_mod.erl          |  4 ++--
 apps/emqx/test/emqx_channel_SUITE.erl         |  2 +-
 .../emqx/test/emqx_mqtt_protocol_v5_SUITE.erl |  2 +-
 apps/emqx/test/emqx_ws_connection_SUITE.erl   |  2 +-
 apps/emqx_authz/src/emqx_authz.erl            |  8 +++----
 .../test/emqx_authz_mysql_SUITE.erl           | 24 +++++++++----------
 .../test/emqx_authz_pgsql_SUITE.erl           | 24 +++++++++----------
 .../test/emqx_authz_redis_SUITE.erl           | 16 ++++++-------
 apps/emqx_coap/src/emqx_coap.app.src          |  2 +-
 apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl |  4 ++--
 apps/emqx_coap/test/emqx_coap_SUITE.erl       |  6 ++---
 apps/emqx_exhook/include/emqx_exhook.hrl      |  2 +-
 apps/emqx_exhook/priv/protos/exhook.proto     | 12 +++++-----
 apps/emqx_exhook/src/emqx_exhook_handler.erl  |  6 ++---
 apps/emqx_exhook/src/emqx_exhook_server.erl   |  6 ++---
 .../emqx_exhook/test/emqx_exhook_demo_svr.erl |  8 +++----
 .../test/props/prop_exhook_hooks.erl          |  6 ++---
 .../emqx_exproto/src/emqx_exproto_channel.erl |  4 ++--
 apps/emqx_exproto/test/emqx_exproto_SUITE.erl |  2 +-
 apps/emqx_prometheus/src/emqx_prometheus.erl  |  6 ++---
 24 files changed, 88 insertions(+), 88 deletions(-)

diff --git a/apps/emqx/src/emqx_access_control.erl b/apps/emqx/src/emqx_access_control.erl
index a679e6a5e..8ca9f3893 100644
--- a/apps/emqx/src/emqx_access_control.erl
+++ b/apps/emqx/src/emqx_access_control.erl
@@ -20,7 +20,7 @@
 
 -export([authenticate/1]).
 
--export([ check_acl/3
+-export([ check_authz/3
         ]).
 
 -type(result() :: #{auth_result := emqx_types:auth_result(),
@@ -42,25 +42,25 @@ authenticate(ClientInfo = #{zone := Zone}) ->
     end.
 
 %% @doc Check ACL
--spec(check_acl(emqx_types:clientinfo(), emqx_types:pubsub(), emqx_types:topic())
+-spec(check_authz(emqx_types:clientinfo(), emqx_types:pubsub(), emqx_types:topic())
       -> allow | deny).
-check_acl(ClientInfo, PubSub, Topic) ->
+check_authz(ClientInfo, PubSub, Topic) ->
     case emqx_acl_cache:is_enabled() of
-        true  -> check_acl_cache(ClientInfo, PubSub, Topic);
-        false -> do_check_acl(ClientInfo, PubSub, Topic)
+        true  -> check_authz_cache(ClientInfo, PubSub, Topic);
+        false -> do_check_authz(ClientInfo, PubSub, Topic)
     end.
 
-check_acl_cache(ClientInfo, PubSub, Topic) ->
+check_authz_cache(ClientInfo, PubSub, Topic) ->
     case emqx_acl_cache:get_acl_cache(PubSub, Topic) of
         not_found ->
-            AclResult = do_check_acl(ClientInfo, PubSub, Topic),
+            AclResult = do_check_authz(ClientInfo, PubSub, Topic),
             emqx_acl_cache:put_acl_cache(PubSub, Topic, AclResult),
             AclResult;
         AclResult -> AclResult
     end.
 
-do_check_acl(ClientInfo, PubSub, Topic) ->
-    case run_hooks('client.check_acl', [ClientInfo, PubSub, Topic], allow) of
+do_check_authz(ClientInfo, PubSub, Topic) ->
+    case run_hooks('client.check_authz', [ClientInfo, PubSub, Topic], allow) of
         allow  -> allow;
         _Other -> deny
     end.
diff --git a/apps/emqx/src/emqx_channel.erl b/apps/emqx/src/emqx_channel.erl
index e3cbff692..2fcad5b21 100644
--- a/apps/emqx/src/emqx_channel.erl
+++ b/apps/emqx/src/emqx_channel.erl
@@ -1406,7 +1406,7 @@ check_pub_alias(_Packet, _Channel) -> ok.
 check_pub_acl(#mqtt_packet{variable = #mqtt_packet_publish{topic_name = Topic}},
               #channel{clientinfo = ClientInfo}) ->
     case is_acl_enabled(ClientInfo) andalso
-         emqx_access_control:check_acl(ClientInfo, publish, Topic) of
+         emqx_access_control:check_authz(ClientInfo, publish, Topic) of
         false -> ok;
         allow -> ok;
         deny  -> {error, ?RC_NOT_AUTHORIZED}
@@ -1440,7 +1440,7 @@ check_sub_acls([], _Channel, Acc) ->
 
 check_sub_acl(TopicFilter, #channel{clientinfo = ClientInfo}) ->
     case is_acl_enabled(ClientInfo) andalso
-         emqx_access_control:check_acl(ClientInfo, subscribe, TopicFilter) of
+         emqx_access_control:check_authz(ClientInfo, subscribe, TopicFilter) of
         false  -> allow;
         Result -> Result
     end.
diff --git a/apps/emqx/src/emqx_metrics.erl b/apps/emqx/src/emqx_metrics.erl
index c3ce14d83..c583276d8 100644
--- a/apps/emqx/src/emqx_metrics.erl
+++ b/apps/emqx/src/emqx_metrics.erl
@@ -172,7 +172,7 @@
          {counter, 'client.connected'},
          {counter, 'client.authenticate'},
          {counter, 'client.auth.anonymous'},
-         {counter, 'client.check_acl'},
+         {counter, 'client.check_authz'},
          {counter, 'client.subscribe'},
          {counter, 'client.unsubscribe'},
          {counter, 'client.disconnected'}
@@ -563,7 +563,7 @@ reserved_idx('client.connected')             -> 202;
 reserved_idx('client.authenticate')          -> 203;
 reserved_idx('client.enhanced_authenticate') -> 204;
 reserved_idx('client.auth.anonymous')        -> 205;
-reserved_idx('client.check_acl')             -> 206;
+reserved_idx('client.check_authz')             -> 206;
 reserved_idx('client.subscribe')             -> 207;
 reserved_idx('client.unsubscribe')           -> 208;
 reserved_idx('client.disconnected')          -> 209;
diff --git a/apps/emqx/test/emqx_access_control_SUITE.erl b/apps/emqx/test/emqx_access_control_SUITE.erl
index ffe3f4fac..82a0c1669 100644
--- a/apps/emqx/test/emqx_access_control_SUITE.erl
+++ b/apps/emqx/test/emqx_access_control_SUITE.erl
@@ -38,9 +38,9 @@ t_authenticate(_) ->
     emqx_zone:set_env(zone, allow_anonymous, true),
     ?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())).
 
-t_check_acl(_) ->
+t_check_authz(_) ->
     Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
-    ?assertEqual(allow, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)).
+    ?assertEqual(allow, emqx_access_control:check_authz(clientinfo(), Publish, <<"t">>)).
 
 t_bypass_auth_plugins(_) ->
     ClientInfo = clientinfo(),
diff --git a/apps/emqx/test/emqx_acl_test_mod.erl b/apps/emqx/test/emqx_acl_test_mod.erl
index da400f076..be461d584 100644
--- a/apps/emqx/test/emqx_acl_test_mod.erl
+++ b/apps/emqx/test/emqx_acl_test_mod.erl
@@ -18,14 +18,14 @@
 
 %% ACL callbacks
 -export([ init/1
-        , check_acl/2
+        , check_authz/2
         , description/0
         ]).
 
 init(AclOpts) ->
     {ok, AclOpts}.
 
-check_acl({_User, _PubSub, _Topic}, _State) ->
+check_authz({_User, _PubSub, _Topic}, _State) ->
     allow.
 
 description() ->
diff --git a/apps/emqx/test/emqx_channel_SUITE.erl b/apps/emqx/test/emqx_channel_SUITE.erl
index 9558dfd28..cc77acb56 100644
--- a/apps/emqx/test/emqx_channel_SUITE.erl
+++ b/apps/emqx/test/emqx_channel_SUITE.erl
@@ -37,7 +37,7 @@ init_per_suite(Config) ->
     ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]),
     ok = meck:expect(emqx_access_control, authenticate,
                      fun(_) -> {ok, #{auth_result => success}} end),
-    ok = meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> allow end),
+    ok = meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> allow end),
     %% Broker Meck
     ok = meck:new(emqx_broker, [passthrough, no_history, no_link]),
     %% Hooks Meck
diff --git a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
index 250a959eb..e60d52a86 100644
--- a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
+++ b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
@@ -198,7 +198,7 @@ t_batch_subscribe(_) ->
     {ok, Client} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"batch_test">>}]),
     {ok, _} = emqtt:connect(Client),
     ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]),
-    meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> deny end),
+    meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> deny end),
     {ok, _, [?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED]} = emqtt:subscribe(Client, [{<<"t1">>, qos1},
diff --git a/apps/emqx/test/emqx_ws_connection_SUITE.erl b/apps/emqx/test/emqx_ws_connection_SUITE.erl
index 6db831972..b5020439b 100644
--- a/apps/emqx/test/emqx_ws_connection_SUITE.erl
+++ b/apps/emqx/test/emqx_ws_connection_SUITE.erl
@@ -64,7 +64,7 @@ init_per_testcase(TestCase, Config) when
                      end),
     %% Mock emqx_access_control
     ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]),
-    ok = meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> allow end),
+    ok = meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> allow end),
     %% Mock emqx_hooks
     ok = meck:new(emqx_hooks, [passthrough, no_history, no_link]),
     ok = meck:expect(emqx_hooks, run, fun(_Hook, _Args) -> ok end),
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index fde1169de..b757c8908 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -41,7 +41,7 @@ init() ->
     #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:check_plain(emqx_authz_schema, RawConf),
     ok = application:set_env(?APP, rules, Rules),
     NRules = [compile(Rule) || Rule <- Rules],
-    ok = emqx_hooks:add('client.check_acl', {?MODULE, check_authz, [NRules]},  -1).
+    ok = emqx_hooks:add('client.check_authz', {?MODULE, check_authz, [NRules]},  -1).
 
 lookup() ->
     application:get_env(?APP, rules, []).
@@ -50,8 +50,8 @@ update(Rules) ->
     ok = application:set_env(?APP, rules, Rules),
     NRules = [compile(Rule) || Rule <- Rules],
     Action = find_action_in_hooks(),
-    ok = emqx_hooks:del('client.check_acl', Action),
-    ok = emqx_hooks:add('client.check_acl', {?MODULE, check_authz, [NRules]},  -1),
+    ok = emqx_hooks:del('client.check_authz', Action),
+    ok = emqx_hooks:add('client.check_authz', {?MODULE, check_authz, [NRules]},  -1),
     ok = emqx_acl_cache:empty_acl_cache().
 
 %%--------------------------------------------------------------------
@@ -59,7 +59,7 @@ update(Rules) ->
 %%--------------------------------------------------------------------
 
 find_action_in_hooks() ->
-    Callbacks = emqx_hooks:lookup('client.check_acl'),
+    Callbacks = emqx_hooks:lookup('client.check_authz'),
     [Action] = [Action || {callback,{?MODULE, check_authz, _} = Action, _, _} <- Callbacks ],
     Action.
 
diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
index 4f2148522..e4704c5f3 100644
--- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
@@ -95,23 +95,23 @@ t_authz(_) ->
                    },
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end),
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)), % nomatch
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"#">>)), % nomatch
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end),
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"+">>)),
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"+">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end),
-    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)),
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"+">>)),
+    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)),
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"+">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end),
-    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_clientid">>)),
-    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo2, publish,   <<"test/test_clientid">>)),
-    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_username">>)),
-    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, publish,   <<"test/test_username">>)),
-    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo3, subscribe, <<"test">>)), % nomatch
-    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo3, publish,   <<"test">>)), % nomatch
+    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo2, publish,   <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_username">>)),
+    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, publish,   <<"test/test_username">>)),
+    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo3, subscribe, <<"test">>)), % nomatch
+    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo3, publish,   <<"test">>)), % nomatch
     ok.
 
diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
index dcc820a4c..d03cd3338 100644
--- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
@@ -95,23 +95,23 @@ t_authz(_) ->
                    },
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end),
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)), % nomatch
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"#">>)), % nomatch
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end),
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"+">>)),
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo1, publish, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"+">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end),
-    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo1, subscribe, <<"#">>)),
-    ?assertEqual(deny, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"+">>)),
+    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)),
+    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"+">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end),
-    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_clientid">>)),
-    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo2, publish,   <<"test/test_clientid">>)),
-    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo2, subscribe, <<"test/test_username">>)),
-    ?assertEqual(allow, emqx_access_control:check_acl(ClientInfo2, publish,   <<"test/test_username">>)),
-    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo3, subscribe, <<"test">>)), % nomatch
-    ?assertEqual(deny,  emqx_access_control:check_acl(ClientInfo3, publish,   <<"test">>)), % nomatch
+    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo2, publish,   <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_username">>)),
+    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, publish,   <<"test/test_username">>)),
+    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo3, subscribe, <<"test">>)), % nomatch
+    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo3, publish,   <<"test">>)), % nomatch
     ok.
 
diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
index 3f8bea166..ab8465ffa 100644
--- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
@@ -84,30 +84,30 @@ t_authz(_) ->
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, []} end),
     % nomatch
     ?assertEqual(deny,
-                 emqx_access_control:check_acl(ClientInfo, subscribe, <<"#">>)),
+                 emqx_access_control:check_authz(ClientInfo, subscribe, <<"#">>)),
     ?assertEqual(deny,
-                 emqx_access_control:check_acl(ClientInfo, publish, <<"#">>)),
+                 emqx_access_control:check_authz(ClientInfo, publish, <<"#">>)),
 
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE1 ++ ?RULE2} end),
     % nomatch
     ?assertEqual(deny,
-        emqx_access_control:check_acl(ClientInfo, subscribe, <<"+">>)),
+        emqx_access_control:check_authz(ClientInfo, subscribe, <<"+">>)),
     % nomatch
     ?assertEqual(deny,
-        emqx_access_control:check_acl(ClientInfo, subscribe, <<"test/username">>)),
+        emqx_access_control:check_authz(ClientInfo, subscribe, <<"test/username">>)),
 
     ?assertEqual(allow,
-        emqx_access_control:check_acl(ClientInfo, publish, <<"test/clientid">>)),
+        emqx_access_control:check_authz(ClientInfo, publish, <<"test/clientid">>)),
     ?assertEqual(allow,
-        emqx_access_control:check_acl(ClientInfo, publish, <<"test/clientid">>)),
+        emqx_access_control:check_authz(ClientInfo, publish, <<"test/clientid">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE3} end),
 
     ?assertEqual(allow,
-        emqx_access_control:check_acl(ClientInfo, subscribe, <<"#">>)),
+        emqx_access_control:check_authz(ClientInfo, subscribe, <<"#">>)),
     % nomatch
     ?assertEqual(deny,
-        emqx_access_control:check_acl(ClientInfo, publish, <<"#">>)),
+        emqx_access_control:check_authz(ClientInfo, publish, <<"#">>)),
     ok.
 
diff --git a/apps/emqx_coap/src/emqx_coap.app.src b/apps/emqx_coap/src/emqx_coap.app.src
index 2b5fcbb6a..bb6d0431f 100644
--- a/apps/emqx_coap/src/emqx_coap.app.src
+++ b/apps/emqx_coap/src/emqx_coap.app.src
@@ -1,6 +1,6 @@
 {application, emqx_coap,
  [{description, "EMQ X CoAP Gateway"},
-  {vsn, "4.3.0"}, % strict semver, bump manually!
+  {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, []},
   {applications, [kernel,stdlib,gen_coap]},
diff --git a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
index d465f9ca3..a1633a9be 100644
--- a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
+++ b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
@@ -222,7 +222,7 @@ code_change(_OldVsn, State, _Extra) ->
 
 chann_subscribe(Topic, State = #state{clientid = ClientId}) ->
     ?LOG(debug, "subscribe Topic=~p", [Topic]),
-    case emqx_access_control:check_acl(clientinfo(State), subscribe, Topic) of
+    case emqx_access_control:check_authz(clientinfo(State), subscribe, Topic) of
         allow ->
             emqx_broker:subscribe(Topic, ClientId, ?SUBOPTS),
             emqx_hooks:run('session.subscribed', [clientinfo(State), Topic, ?SUBOPTS]),
@@ -241,7 +241,7 @@ chann_unsubscribe(Topic, State) ->
 
 chann_publish(Topic, Payload, State = #state{clientid = ClientId}) ->
     ?LOG(debug, "publish Topic=~p, Payload=~p", [Topic, Payload]),
-    case emqx_access_control:check_acl(clientinfo(State), publish, Topic) of
+    case emqx_access_control:check_authz(clientinfo(State), publish, Topic) of
         allow ->
             _ = emqx_broker:publish(
                     emqx_message:set_flag(retain, false,
diff --git a/apps/emqx_coap/test/emqx_coap_SUITE.erl b/apps/emqx_coap/test/emqx_coap_SUITE.erl
index 416c99018..35975621b 100644
--- a/apps/emqx_coap/test/emqx_coap_SUITE.erl
+++ b/apps/emqx_coap/test/emqx_coap_SUITE.erl
@@ -77,7 +77,7 @@ t_publish_acl_deny(_Config) ->
     emqx:subscribe(Topic),
 
     ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history]),
-    ok = meck:expect(emqx_access_control, check_acl, 3, deny),
+    ok = meck:expect(emqx_access_control, check_authz, 3, deny),
     Reply = er_coap_client:request(put, URI, #coap_content{format = <<"application/octet-stream">>, payload = Payload}),
     ?assertEqual({error,forbidden}, Reply),
     ok = meck:unload(emqx_access_control),
@@ -114,7 +114,7 @@ t_observe_acl_deny(_Config) ->
     Topic = <<"abc">>, TopicStr = binary_to_list(Topic),
     Uri = "coap://127.0.0.1/mqtt/"++TopicStr++"?c=client1&u=tom&p=secret",
     ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history]),
-    ok = meck:expect(emqx_access_control, check_acl, 3, deny),
+    ok = meck:expect(emqx_access_control, check_authz, 3, deny),
     ?assertEqual({error,forbidden}, er_coap_observer:observe(Uri)),
     [] = emqx:subscribers(Topic),
     ok = meck:unload(emqx_access_control).
@@ -289,7 +289,7 @@ t_acl(Config) ->
         ok
     end,
 
-    ok = emqx_hooks:del('client.check_acl', {emqx_authz, check_authz}),
+    ok = emqx_hooks:del('client.check_authz', {emqx_authz, check_authz}),
     file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
     application:set_env(emqx, plugins_etc_dir, OldPath),
     application:stop(emqx_authz).
diff --git a/apps/emqx_exhook/include/emqx_exhook.hrl b/apps/emqx_exhook/include/emqx_exhook.hrl
index 7301fdcbb..f640a5916 100644
--- a/apps/emqx_exhook/include/emqx_exhook.hrl
+++ b/apps/emqx_exhook/include/emqx_exhook.hrl
@@ -25,7 +25,7 @@
       , {'client.connected',    {emqx_exhook_handler, on_client_connected,     []}}
       , {'client.disconnected', {emqx_exhook_handler, on_client_disconnected,  []}}
       , {'client.authenticate', {emqx_exhook_handler, on_client_authenticate,  []}}
-      , {'client.check_acl',    {emqx_exhook_handler, on_client_check_acl,     []}}
+      , {'client.check_authz',    {emqx_exhook_handler, on_client_check_authz,     []}}
       , {'client.subscribe',    {emqx_exhook_handler, on_client_subscribe,     []}}
       , {'client.unsubscribe',  {emqx_exhook_handler, on_client_unsubscribe,   []}}
       , {'session.created',     {emqx_exhook_handler, on_session_created,      []}}
diff --git a/apps/emqx_exhook/priv/protos/exhook.proto b/apps/emqx_exhook/priv/protos/exhook.proto
index 72ba26581..3b8fa8861 100644
--- a/apps/emqx_exhook/priv/protos/exhook.proto
+++ b/apps/emqx_exhook/priv/protos/exhook.proto
@@ -40,7 +40,7 @@ service HookProvider {
 
   rpc OnClientAuthenticate(ClientAuthenticateRequest) returns (ValuedResponse) {};
 
-  rpc OnClientCheckAcl(ClientCheckAclRequest) returns (ValuedResponse) {};
+  rpc OnClientCheckAuthz(ClientCheckAuthzRequest) returns (ValuedResponse) {};
 
   rpc OnClientSubscribe(ClientSubscribeRequest) returns (EmptySuccess) {};
 
@@ -123,18 +123,18 @@ message ClientAuthenticateRequest {
   bool result = 2;
 }
 
-message ClientCheckAclRequest {
+message ClientCheckAuthzRequest {
 
   ClientInfo clientinfo = 1;
 
-  enum AclReqType {
+  enum AuthzReqType {
 
     PUBLISH = 0;
 
     SUBSCRIBE = 1;
   }
 
-  AclReqType type = 2;
+  AuthzReqType type = 2;
 
   string topic = 3;
 
@@ -253,7 +253,7 @@ message ValuedResponse {
 
   oneof value {
 
-    // Boolean result, used on the 'client.authenticate', 'client.check_acl' hooks
+    // Boolean result, used on the 'client.authenticate', 'client.check_authz' hooks
     bool bool_result = 3;
 
     // Message result, used on the 'message.*' hooks
@@ -279,7 +279,7 @@ message HookSpec {
   // Available value:
   //   "client.connect",      "client.connack"
   //   "client.connected",    "client.disconnected"
-  //   "client.authenticate", "client.check_acl"
+  //   "client.authenticate", "client.check_authz"
   //   "client.subscribe",    "client.unsubscribe"
   //
   //   "session.created",      "session.subscribed"
diff --git a/apps/emqx_exhook/src/emqx_exhook_handler.erl b/apps/emqx_exhook/src/emqx_exhook_handler.erl
index f3964dc42..695b1116b 100644
--- a/apps/emqx_exhook/src/emqx_exhook_handler.erl
+++ b/apps/emqx_exhook/src/emqx_exhook_handler.erl
@@ -27,7 +27,7 @@
         , on_client_connected/2
         , on_client_disconnected/3
         , on_client_authenticate/2
-        , on_client_check_acl/4
+        , on_client_check_authz/4
         , on_client_subscribe/3
         , on_client_unsubscribe/3
         ]).
@@ -109,7 +109,7 @@ on_client_authenticate(ClientInfo, AuthResult) ->
             {ok, AuthResult}
     end.
 
-on_client_check_acl(ClientInfo, PubSub, Topic, Result) ->
+on_client_check_authz(ClientInfo, PubSub, Topic, Result) ->
     Bool = Result == allow,
     Type = case PubSub of
                publish -> 'PUBLISH';
@@ -120,7 +120,7 @@ on_client_check_acl(ClientInfo, PubSub, Topic, Result) ->
             topic => Topic,
             result => Bool
            },
-    case call_fold('client.check_acl', Req,
+    case call_fold('client.check_authz', Req,
                    fun merge_responsed_bool/2) of
         {StopOrOk, #{result := Result0}} when is_boolean(Result0) ->
             NResult = case Result0 of true -> allow; _ -> deny end,
diff --git a/apps/emqx_exhook/src/emqx_exhook_server.erl b/apps/emqx_exhook/src/emqx_exhook_server.erl
index f4965e4ca..5c5da4a85 100644
--- a/apps/emqx_exhook/src/emqx_exhook_server.erl
+++ b/apps/emqx_exhook/src/emqx_exhook_server.erl
@@ -58,7 +58,7 @@
                    | 'client.connected'
                    | 'client.disconnected'
                    | 'client.authenticate'
-                   | 'client.check_acl'
+                   | 'client.check_authz'
                    | 'client.subscribe'
                    | 'client.unsubscribe'
                    | 'session.created'
@@ -297,7 +297,7 @@ hk2func('client.connack') -> 'on_client_connack';
 hk2func('client.connected') -> 'on_client_connected';
 hk2func('client.disconnected') -> 'on_client_disconnected';
 hk2func('client.authenticate') -> 'on_client_authenticate';
-hk2func('client.check_acl') -> 'on_client_check_acl';
+hk2func('client.check_authz') -> 'on_client_check_authz';
 hk2func('client.subscribe') -> 'on_client_subscribe';
 hk2func('client.unsubscribe') -> 'on_client_unsubscribe';
 hk2func('session.created') -> 'on_session_created';
@@ -320,7 +320,7 @@ message_hooks() ->
 -compile({inline, [available_hooks/0]}).
 available_hooks() ->
     ['client.connect', 'client.connack', 'client.connected',
-     'client.disconnected', 'client.authenticate', 'client.check_acl',
+     'client.disconnected', 'client.authenticate', 'client.check_authz',
      'client.subscribe', 'client.unsubscribe',
      'session.created', 'session.subscribed', 'session.unsubscribed',
      'session.resumed', 'session.discarded', 'session.takeovered',
diff --git a/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl b/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl
index c2db04dd4..da32a9cf1 100644
--- a/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl
+++ b/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl
@@ -33,7 +33,7 @@
         , on_client_connected/2
         , on_client_disconnected/2
         , on_client_authenticate/2
-        , on_client_check_acl/2
+        , on_client_check_authz/2
         , on_client_subscribe/2
         , on_client_unsubscribe/2
         , on_session_created/2
@@ -122,7 +122,7 @@ on_provider_loaded(Req, Md) ->
                      #{name => <<"client.connected">>},
                      #{name => <<"client.disconnected">>},
                      #{name => <<"client.authenticate">>},
-                     #{name => <<"client.check_acl">>},
+                     #{name => <<"client.check_authz">>},
                      #{name => <<"client.subscribe">>},
                      #{name => <<"client.unsubscribe">>},
                      #{name => <<"session.created">>},
@@ -197,10 +197,10 @@ on_client_authenticate(#{clientinfo := #{username := Username}} = Req, Md) ->
             {ok, #{type => 'IGNORE'}, Md}
     end.
 
--spec on_client_check_acl(emqx_exhook_pb:client_check_acl_request(), grpc:metadata())
+-spec on_client_check_authz(emqx_exhook_pb:client_check_authz_request(), grpc:metadata())
     -> {ok, emqx_exhook_pb:valued_response(), grpc:metadata()}
      | {error, grpc_cowboy_h:error_response()}.
-on_client_check_acl(#{clientinfo := #{username := Username}} = Req, Md) ->
+on_client_check_authz(#{clientinfo := #{username := Username}} = Req, Md) ->
     ?MODULE:in({?FUNCTION_NAME, Req}),
     %io:format("fun: ~p, req: ~0p~n", [?FUNCTION_NAME, Req]),
     %% some cases for testing
diff --git a/apps/emqx_exhook/test/props/prop_exhook_hooks.erl b/apps/emqx_exhook/test/props/prop_exhook_hooks.erl
index 24f45c8b0..f276333dc 100644
--- a/apps/emqx_exhook/test/props/prop_exhook_hooks.erl
+++ b/apps/emqx_exhook/test/props/prop_exhook_hooks.erl
@@ -109,14 +109,14 @@ prop_client_authenticate() ->
             true
         end).
 
-prop_client_check_acl() ->
+prop_client_check_authz() ->
     ?ALL({ClientInfo0, PubSub, Topic, Result},
          {clientinfo(), oneof([publish, subscribe]),
           topic(), oneof([allow, deny])},
         begin
             ClientInfo = inject_magic_into(username, ClientInfo0),
             OutResult = emqx_hooks:run_fold(
-                          'client.check_acl',
+                          'client.check_authz',
                           [ClientInfo, PubSub, Topic],
                           Result),
             ExpectedOutResult = case maps:get(username, ClientInfo) of
@@ -127,7 +127,7 @@ prop_client_check_acl() ->
                                  end,
             ?assertEqual(ExpectedOutResult, OutResult),
 
-            {'on_client_check_acl', Resp} = emqx_exhook_demo_svr:take(),
+            {'on_client_check_authz', Resp} = emqx_exhook_demo_svr:take(),
             Expected =
                 #{result => aclresult_to_bool(Result),
                   type => pubsub_to_enum(PubSub),
diff --git a/apps/emqx_exproto/src/emqx_exproto_channel.erl b/apps/emqx_exproto/src/emqx_exproto_channel.erl
index 229e6f930..c76617047 100644
--- a/apps/emqx_exproto/src/emqx_exproto_channel.erl
+++ b/apps/emqx_exproto/src/emqx_exproto_channel.erl
@@ -305,7 +305,7 @@ handle_call({subscribe, TopicFilter, Qos},
                          conn_state = connected,
                          clientinfo = ClientInfo}) ->
     case is_acl_enabled(ClientInfo) andalso
-         emqx_access_control:check_acl(ClientInfo, subscribe, TopicFilter) of
+         emqx_access_control:check_authz(ClientInfo, subscribe, TopicFilter) of
         deny ->
             {reply, {error, ?RESP_PERMISSION_DENY, <<"ACL deny">>}, Channel};
         _ ->
@@ -325,7 +325,7 @@ handle_call({publish, Topic, Qos, Payload},
                                     = #{clientid := From,
                                         mountpoint := Mountpoint}}) ->
     case is_acl_enabled(ClientInfo) andalso
-         emqx_access_control:check_acl(ClientInfo, publish, Topic) of
+         emqx_access_control:check_authz(ClientInfo, publish, Topic) of
         deny ->
             {reply, {error, ?RESP_PERMISSION_DENY, <<"ACL deny">>}, Channel};
         _ ->
diff --git a/apps/emqx_exproto/test/emqx_exproto_SUITE.erl b/apps/emqx_exproto/test/emqx_exproto_SUITE.erl
index db64c7438..fe6fbbb08 100644
--- a/apps/emqx_exproto/test/emqx_exproto_SUITE.erl
+++ b/apps/emqx_exproto/test/emqx_exproto_SUITE.erl
@@ -167,7 +167,7 @@ t_acl_deny(Cfg) ->
     Password = <<"123456">>,
 
     ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]),
-    ok = meck:expect(emqx_access_control, check_acl, fun(_, _, _) -> deny end),
+    ok = meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> deny end),
 
     ConnBin = frame_connect(Client, Password),
     ConnAckBin = frame_connack(0),
diff --git a/apps/emqx_prometheus/src/emqx_prometheus.erl b/apps/emqx_prometheus/src/emqx_prometheus.erl
index c11c8f0d7..94f5baa4f 100644
--- a/apps/emqx_prometheus/src/emqx_prometheus.erl
+++ b/apps/emqx_prometheus/src/emqx_prometheus.erl
@@ -414,8 +414,8 @@ emqx_collect(emqx_client_authenticate, Stats) ->
     counter_metric(?C('client.authenticate', Stats));
 emqx_collect(emqx_client_auth_anonymous, Stats) ->
     counter_metric(?C('client.auth.anonymous', Stats));
-emqx_collect(emqx_client_check_acl, Stats) ->
-    counter_metric(?C('client.check_acl', Stats));
+emqx_collect(emqx_client_check_authz, Stats) ->
+    counter_metric(?C('client.check_authz', Stats));
 emqx_collect(emqx_client_subscribe, Stats) ->
     counter_metric(?C('client.subscribe', Stats));
 emqx_collect(emqx_client_unsubscribe, Stats) ->
@@ -567,7 +567,7 @@ emqx_metrics_client() ->
     [ emqx_client_connected
     , emqx_client_authenticate
     , emqx_client_auth_anonymous
-    , emqx_client_check_acl
+    , emqx_client_check_authz
     , emqx_client_subscribe
     , emqx_client_unsubscribe
     , emqx_client_disconnected

From e1b0f44a8a00ac6b8abaaa432b1dee3dc63df2c7 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 28 Jun 2021 18:40:04 +0800
Subject: [PATCH 132/174] chore: rename check_authz to authorize

---
 apps/emqx/src/emqx_access_control.erl         | 18 +++++------
 apps/emqx/src/emqx_channel.erl                |  4 +--
 apps/emqx/src/emqx_metrics.erl                |  4 +--
 apps/emqx/test/emqx_access_control_SUITE.erl  |  4 +--
 apps/emqx/test/emqx_acl_test_mod.erl          |  4 +--
 apps/emqx/test/emqx_channel_SUITE.erl         |  2 +-
 .../emqx/test/emqx_mqtt_protocol_v5_SUITE.erl |  2 +-
 apps/emqx/test/emqx_ws_connection_SUITE.erl   |  2 +-
 apps/emqx_authz/src/emqx_authz.erl            | 32 +++++++++----------
 apps/emqx_authz/src/emqx_authz_mysql.erl      | 12 +++----
 apps/emqx_authz/src/emqx_authz_pgsql.erl      | 12 +++----
 apps/emqx_authz/src/emqx_authz_redis.erl      | 12 +++----
 apps/emqx_authz/test/emqx_authz_SUITE.erl     | 20 ++++++------
 .../test/emqx_authz_mysql_SUITE.erl           | 24 +++++++-------
 .../test/emqx_authz_pgsql_SUITE.erl           | 24 +++++++-------
 .../test/emqx_authz_redis_SUITE.erl           | 16 +++++-----
 apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl |  4 +--
 apps/emqx_coap/test/emqx_coap_SUITE.erl       |  6 ++--
 apps/emqx_exhook/include/emqx_exhook.hrl      |  2 +-
 apps/emqx_exhook/priv/protos/exhook.proto     |  8 ++---
 apps/emqx_exhook/src/emqx_exhook_handler.erl  |  6 ++--
 apps/emqx_exhook/src/emqx_exhook_server.erl   |  6 ++--
 .../emqx_exhook/test/emqx_exhook_demo_svr.erl |  8 ++---
 .../test/props/prop_exhook_hooks.erl          |  6 ++--
 .../emqx_exproto/src/emqx_exproto_channel.erl |  4 +--
 apps/emqx_exproto/test/emqx_exproto_SUITE.erl |  2 +-
 apps/emqx_prometheus/src/emqx_prometheus.erl  |  6 ++--
 27 files changed, 125 insertions(+), 125 deletions(-)

diff --git a/apps/emqx/src/emqx_access_control.erl b/apps/emqx/src/emqx_access_control.erl
index 8ca9f3893..7b7138bef 100644
--- a/apps/emqx/src/emqx_access_control.erl
+++ b/apps/emqx/src/emqx_access_control.erl
@@ -20,7 +20,7 @@
 
 -export([authenticate/1]).
 
--export([ check_authz/3
+-export([ authorize/3
         ]).
 
 -type(result() :: #{auth_result := emqx_types:auth_result(),
@@ -42,25 +42,25 @@ authenticate(ClientInfo = #{zone := Zone}) ->
     end.
 
 %% @doc Check ACL
--spec(check_authz(emqx_types:clientinfo(), emqx_types:pubsub(), emqx_types:topic())
+-spec(authorize(emqx_types:clientinfo(), emqx_types:pubsub(), emqx_types:topic())
       -> allow | deny).
-check_authz(ClientInfo, PubSub, Topic) ->
+authorize(ClientInfo, PubSub, Topic) ->
     case emqx_acl_cache:is_enabled() of
-        true  -> check_authz_cache(ClientInfo, PubSub, Topic);
-        false -> do_check_authz(ClientInfo, PubSub, Topic)
+        true  -> authorize_cache(ClientInfo, PubSub, Topic);
+        false -> do_authorize(ClientInfo, PubSub, Topic)
     end.
 
-check_authz_cache(ClientInfo, PubSub, Topic) ->
+authorize_cache(ClientInfo, PubSub, Topic) ->
     case emqx_acl_cache:get_acl_cache(PubSub, Topic) of
         not_found ->
-            AclResult = do_check_authz(ClientInfo, PubSub, Topic),
+            AclResult = do_authorize(ClientInfo, PubSub, Topic),
             emqx_acl_cache:put_acl_cache(PubSub, Topic, AclResult),
             AclResult;
         AclResult -> AclResult
     end.
 
-do_check_authz(ClientInfo, PubSub, Topic) ->
-    case run_hooks('client.check_authz', [ClientInfo, PubSub, Topic], allow) of
+do_authorize(ClientInfo, PubSub, Topic) ->
+    case run_hooks('client.authorize', [ClientInfo, PubSub, Topic], allow) of
         allow  -> allow;
         _Other -> deny
     end.
diff --git a/apps/emqx/src/emqx_channel.erl b/apps/emqx/src/emqx_channel.erl
index 2fcad5b21..99f8cb5df 100644
--- a/apps/emqx/src/emqx_channel.erl
+++ b/apps/emqx/src/emqx_channel.erl
@@ -1406,7 +1406,7 @@ check_pub_alias(_Packet, _Channel) -> ok.
 check_pub_acl(#mqtt_packet{variable = #mqtt_packet_publish{topic_name = Topic}},
               #channel{clientinfo = ClientInfo}) ->
     case is_acl_enabled(ClientInfo) andalso
-         emqx_access_control:check_authz(ClientInfo, publish, Topic) of
+         emqx_access_control:authorize(ClientInfo, publish, Topic) of
         false -> ok;
         allow -> ok;
         deny  -> {error, ?RC_NOT_AUTHORIZED}
@@ -1440,7 +1440,7 @@ check_sub_acls([], _Channel, Acc) ->
 
 check_sub_acl(TopicFilter, #channel{clientinfo = ClientInfo}) ->
     case is_acl_enabled(ClientInfo) andalso
-         emqx_access_control:check_authz(ClientInfo, subscribe, TopicFilter) of
+         emqx_access_control:authorize(ClientInfo, subscribe, TopicFilter) of
         false  -> allow;
         Result -> Result
     end.
diff --git a/apps/emqx/src/emqx_metrics.erl b/apps/emqx/src/emqx_metrics.erl
index c583276d8..cd0039791 100644
--- a/apps/emqx/src/emqx_metrics.erl
+++ b/apps/emqx/src/emqx_metrics.erl
@@ -172,7 +172,7 @@
          {counter, 'client.connected'},
          {counter, 'client.authenticate'},
          {counter, 'client.auth.anonymous'},
-         {counter, 'client.check_authz'},
+         {counter, 'client.authorize'},
          {counter, 'client.subscribe'},
          {counter, 'client.unsubscribe'},
          {counter, 'client.disconnected'}
@@ -563,7 +563,7 @@ reserved_idx('client.connected')             -> 202;
 reserved_idx('client.authenticate')          -> 203;
 reserved_idx('client.enhanced_authenticate') -> 204;
 reserved_idx('client.auth.anonymous')        -> 205;
-reserved_idx('client.check_authz')             -> 206;
+reserved_idx('client.authorize')             -> 206;
 reserved_idx('client.subscribe')             -> 207;
 reserved_idx('client.unsubscribe')           -> 208;
 reserved_idx('client.disconnected')          -> 209;
diff --git a/apps/emqx/test/emqx_access_control_SUITE.erl b/apps/emqx/test/emqx_access_control_SUITE.erl
index 82a0c1669..b356402fb 100644
--- a/apps/emqx/test/emqx_access_control_SUITE.erl
+++ b/apps/emqx/test/emqx_access_control_SUITE.erl
@@ -38,9 +38,9 @@ t_authenticate(_) ->
     emqx_zone:set_env(zone, allow_anonymous, true),
     ?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())).
 
-t_check_authz(_) ->
+t_authorize(_) ->
     Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
-    ?assertEqual(allow, emqx_access_control:check_authz(clientinfo(), Publish, <<"t">>)).
+    ?assertEqual(allow, emqx_access_control:authorize(clientinfo(), Publish, <<"t">>)).
 
 t_bypass_auth_plugins(_) ->
     ClientInfo = clientinfo(),
diff --git a/apps/emqx/test/emqx_acl_test_mod.erl b/apps/emqx/test/emqx_acl_test_mod.erl
index be461d584..f88e0354b 100644
--- a/apps/emqx/test/emqx_acl_test_mod.erl
+++ b/apps/emqx/test/emqx_acl_test_mod.erl
@@ -18,14 +18,14 @@
 
 %% ACL callbacks
 -export([ init/1
-        , check_authz/2
+        , authorize/2
         , description/0
         ]).
 
 init(AclOpts) ->
     {ok, AclOpts}.
 
-check_authz({_User, _PubSub, _Topic}, _State) ->
+authorize({_User, _PubSub, _Topic}, _State) ->
     allow.
 
 description() ->
diff --git a/apps/emqx/test/emqx_channel_SUITE.erl b/apps/emqx/test/emqx_channel_SUITE.erl
index cc77acb56..09ac7a683 100644
--- a/apps/emqx/test/emqx_channel_SUITE.erl
+++ b/apps/emqx/test/emqx_channel_SUITE.erl
@@ -37,7 +37,7 @@ init_per_suite(Config) ->
     ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]),
     ok = meck:expect(emqx_access_control, authenticate,
                      fun(_) -> {ok, #{auth_result => success}} end),
-    ok = meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> allow end),
+    ok = meck:expect(emqx_access_control, authorize, fun(_, _, _) -> allow end),
     %% Broker Meck
     ok = meck:new(emqx_broker, [passthrough, no_history, no_link]),
     %% Hooks Meck
diff --git a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
index e60d52a86..ab4d96eea 100644
--- a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
+++ b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
@@ -198,7 +198,7 @@ t_batch_subscribe(_) ->
     {ok, Client} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"batch_test">>}]),
     {ok, _} = emqtt:connect(Client),
     ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]),
-    meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> deny end),
+    meck:expect(emqx_access_control, authorize, fun(_, _, _) -> deny end),
     {ok, _, [?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED]} = emqtt:subscribe(Client, [{<<"t1">>, qos1},
diff --git a/apps/emqx/test/emqx_ws_connection_SUITE.erl b/apps/emqx/test/emqx_ws_connection_SUITE.erl
index b5020439b..93c192b86 100644
--- a/apps/emqx/test/emqx_ws_connection_SUITE.erl
+++ b/apps/emqx/test/emqx_ws_connection_SUITE.erl
@@ -64,7 +64,7 @@ init_per_testcase(TestCase, Config) when
                      end),
     %% Mock emqx_access_control
     ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]),
-    ok = meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> allow end),
+    ok = meck:expect(emqx_access_control, authorize, fun(_, _, _) -> allow end),
     %% Mock emqx_hooks
     ok = meck:new(emqx_hooks, [passthrough, no_history, no_link]),
     ok = meck:expect(emqx_hooks, run, fun(_Hook, _Args) -> ok end),
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index b757c8908..8f6ae5f2b 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -26,7 +26,7 @@
         , compile/1
         , lookup/0
         , update/1
-        , check_authz/5
+        , authorize/5
         , match/4
         ]).
 
@@ -41,7 +41,7 @@ init() ->
     #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:check_plain(emqx_authz_schema, RawConf),
     ok = application:set_env(?APP, rules, Rules),
     NRules = [compile(Rule) || Rule <- Rules],
-    ok = emqx_hooks:add('client.check_authz', {?MODULE, check_authz, [NRules]},  -1).
+    ok = emqx_hooks:add('client.authorize', {?MODULE, authorize, [NRules]},  -1).
 
 lookup() ->
     application:get_env(?APP, rules, []).
@@ -50,8 +50,8 @@ update(Rules) ->
     ok = application:set_env(?APP, rules, Rules),
     NRules = [compile(Rule) || Rule <- Rules],
     Action = find_action_in_hooks(),
-    ok = emqx_hooks:del('client.check_authz', Action),
-    ok = emqx_hooks:add('client.check_authz', {?MODULE, check_authz, [NRules]},  -1),
+    ok = emqx_hooks:del('client.authorize', Action),
+    ok = emqx_hooks:add('client.authorize', {?MODULE, authorize, [NRules]},  -1),
     ok = emqx_acl_cache:empty_acl_cache().
 
 %%--------------------------------------------------------------------
@@ -59,8 +59,8 @@ update(Rules) ->
 %%--------------------------------------------------------------------
 
 find_action_in_hooks() ->
-    Callbacks = emqx_hooks:lookup('client.check_authz'),
-    [Action] = [Action || {callback,{?MODULE, check_authz, _} = Action, _, _} <- Callbacks ],
+    Callbacks = emqx_hooks:lookup('client.authorize'),
+    [Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ],
     Action.
 
 create_resource(#{<<"type">> := DB,
@@ -149,12 +149,12 @@ b2l(B) when is_binary(B) -> binary_to_list(B).
 %%--------------------------------------------------------------------
 
 %% @doc Check ACL
--spec(check_authz(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), emqx_permission_rule:acl_result(), rules())
+-spec(authorize(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), emqx_permission_rule:acl_result(), rules())
       -> {stop, allow} | {ok, deny}).
-check_authz(#{username := Username,
+authorize(#{username := Username,
               peerhost := IpAddress
              } = Client, PubSub, Topic, _DefaultResult, Rules) ->
-    case do_check_authz(Client, PubSub, Topic, Rules) of
+    case do_authorize(Client, PubSub, Topic, Rules) of
         {matched, allow} ->
             ?LOG(info, "Client succeeded authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
             emqx_metrics:inc(?ACL_METRICS(allow)),
@@ -168,25 +168,25 @@ check_authz(#{username := Username,
             {stop, deny}
     end.
 
-do_check_authz(Client, PubSub, Topic,
+do_authorize(Client, PubSub, Topic,
                [Connector = #{<<"principal">> := Principal,
                               <<"type">> := DB} | Tail] ) ->
     case match_principal(Client, Principal) of
         true ->
             Mod = list_to_existing_atom(io_lib:format("~s_~s",[emqx_authz, DB])),
-            case Mod:check_authz(Client, PubSub, Topic, Connector) of
-                nomatch -> do_check_authz(Client, PubSub, Topic, Tail);
+            case Mod:authorize(Client, PubSub, Topic, Connector) of
+                nomatch -> do_authorize(Client, PubSub, Topic, Tail);
                 Matched -> Matched
             end;
-        false -> do_check_authz(Client, PubSub, Topic, Tail)
+        false -> do_authorize(Client, PubSub, Topic, Tail)
     end;
-do_check_authz(Client, PubSub, Topic,
+do_authorize(Client, PubSub, Topic,
                [#{<<"permission">> := Permission} = Rule | Tail]) ->
     case match(Client, PubSub, Topic, Rule) of
         true -> {matched, Permission};
-        false -> do_check_authz(Client, PubSub, Topic, Tail)
+        false -> do_authorize(Client, PubSub, Topic, Tail)
     end;
-do_check_authz(_Client, _PubSub, _Topic, []) -> nomatch.
+do_authorize(_Client, _PubSub, _Topic, []) -> nomatch.
 
 match(Client, PubSub, Topic,
       #{<<"principal">> := Principal,
diff --git a/apps/emqx_authz/src/emqx_authz_mysql.erl b/apps/emqx_authz/src/emqx_authz_mysql.erl
index c1ab20125..6acb154fb 100644
--- a/apps/emqx_authz/src/emqx_authz_mysql.erl
+++ b/apps/emqx_authz/src/emqx_authz_mysql.erl
@@ -23,7 +23,7 @@
 %% ACL Callbacks
 -export([ description/0
         , parse_query/1
-        , check_authz/4
+        , authorize/4
         ]).
 
 -ifdef(TEST).
@@ -45,25 +45,25 @@ parse_query(Sql) ->
             {Sql, []}
     end.
 
-check_authz(Client, PubSub, Topic,
+authorize(Client, PubSub, Topic,
             #{<<"resource_id">> := ResourceID,
               <<"sql">> := {SQL, Params}
              }) ->
     case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of
         {ok, _Columns, []} -> nomatch;
         {ok, Columns, Rows} ->
-            do_check_authz(Client, PubSub, Topic, Columns, Rows);
+            do_authorize(Client, PubSub, Topic, Columns, Rows);
         {error, Reason} ->
             ?LOG(error, "[AuthZ] Query mysql error: ~p~n", [Reason]),
             nomatch
     end.
 
-do_check_authz(_Client, _PubSub, _Topic, _Columns, []) ->
+do_authorize(_Client, _PubSub, _Topic, _Columns, []) ->
     nomatch;
-do_check_authz(Client, PubSub, Topic, Columns, [Row | Tail]) ->
+do_authorize(Client, PubSub, Topic, Columns, [Row | Tail]) ->
     case match(Client, PubSub, Topic, format_result(Columns, Row)) of
         {matched, Permission} -> {matched, Permission};
-        nomatch -> do_check_authz(Client, PubSub, Topic, Columns, Tail)
+        nomatch -> do_authorize(Client, PubSub, Topic, Columns, Tail)
     end.
 
 format_result(Columns, Row) ->
diff --git a/apps/emqx_authz/src/emqx_authz_pgsql.erl b/apps/emqx_authz/src/emqx_authz_pgsql.erl
index edea8102f..c7cebf1e2 100644
--- a/apps/emqx_authz/src/emqx_authz_pgsql.erl
+++ b/apps/emqx_authz/src/emqx_authz_pgsql.erl
@@ -23,7 +23,7 @@
 %% ACL Callbacks
 -export([ description/0
         , parse_query/1
-        , check_authz/4
+        , authorize/4
         ]).
 
 -ifdef(TEST).
@@ -49,25 +49,25 @@ parse_query(Sql) ->
             {Sql, []}
     end.
 
-check_authz(Client, PubSub, Topic,
+authorize(Client, PubSub, Topic,
             #{<<"resource_id">> := ResourceID,
               <<"sql">> := {SQL, Params}
              }) ->
     case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of
         {ok, _Columns, []} -> nomatch;
         {ok, Columns, Rows} ->
-            do_check_authz(Client, PubSub, Topic, Columns, Rows);
+            do_authorize(Client, PubSub, Topic, Columns, Rows);
         {error, Reason} ->
             ?LOG(error, "[AuthZ] Query pgsql error: ~p~n", [Reason]),
             nomatch
     end.
 
-do_check_authz(_Client, _PubSub, _Topic, _Columns, []) ->
+do_authorize(_Client, _PubSub, _Topic, _Columns, []) ->
     nomatch;
-do_check_authz(Client, PubSub, Topic, Columns, [Row | Tail]) ->
+do_authorize(Client, PubSub, Topic, Columns, [Row | Tail]) ->
     case match(Client, PubSub, Topic, format_result(Columns, Row)) of
         {matched, Permission} -> {matched, Permission};
-        nomatch -> do_check_authz(Client, PubSub, Topic, Columns, Tail)
+        nomatch -> do_authorize(Client, PubSub, Topic, Columns, Tail)
     end.
 
 format_result(Columns, Row) ->
diff --git a/apps/emqx_authz/src/emqx_authz_redis.erl b/apps/emqx_authz/src/emqx_authz_redis.erl
index 7a85b26af..1b99dc2ec 100644
--- a/apps/emqx_authz/src/emqx_authz_redis.erl
+++ b/apps/emqx_authz/src/emqx_authz_redis.erl
@@ -21,7 +21,7 @@
 -include_lib("emqx/include/logger.hrl").
 
 %% ACL Callbacks
--export([ check_authz/4
+-export([ authorize/4
         , description/0
         ]).
 
@@ -33,7 +33,7 @@
 description() ->
     "AuthZ with redis".
 
-check_authz(Client, PubSub, Topic,
+authorize(Client, PubSub, Topic,
             #{<<"resource_id">> := ResourceID,
               <<"cmd">> := CMD 
              }) ->
@@ -41,22 +41,22 @@ check_authz(Client, PubSub, Topic,
     case emqx_resource:query(ResourceID, {cmd, NCMD}) of
         {ok, []} -> nomatch;
         {ok, Rows} ->
-            do_check_authz(Client, PubSub, Topic, Rows);
+            do_authorize(Client, PubSub, Topic, Rows);
         {error, Reason} ->
             ?LOG(error, "[AuthZ] Query redis error: ~p", [Reason]),
             nomatch
     end.
 
-do_check_authz(_Client, _PubSub, _Topic, []) ->
+do_authorize(_Client, _PubSub, _Topic, []) ->
     nomatch;
-do_check_authz(Client, PubSub, Topic, [TopicFilter, Action | Tail]) ->
+do_authorize(Client, PubSub, Topic, [TopicFilter, Action | Tail]) ->
     case match(Client, PubSub, Topic, 
                #{topics => TopicFilter,
                  action => Action
                 }) 
     of
         {matched, Permission} -> {matched, Permission};
-        nomatch -> do_check_authz(Client, PubSub, Topic, Tail)
+        nomatch -> do_authorize(Client, PubSub, Topic, Tail)
     end.
 
 match(Client, PubSub, Topic, 
diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl
index d036d1dec..93be27146 100644
--- a/apps/emqx_authz/test/emqx_authz_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl
@@ -145,23 +145,23 @@ t_authz(_) ->
     Rules4 = [emqx_authz:compile(Rule) || Rule <- [?RULE4, ?RULE1]],
 
     ?assertEqual({stop, deny},
-        emqx_authz:check_authz(ClientInfo1, subscribe, <<"#">>, deny, [])),
+        emqx_authz:authorize(ClientInfo1, subscribe, <<"#">>, deny, [])),
     ?assertEqual({stop, deny},
-        emqx_authz:check_authz(ClientInfo1, subscribe, <<"+">>, deny, Rules1)),
+        emqx_authz:authorize(ClientInfo1, subscribe, <<"+">>, deny, Rules1)),
     ?assertEqual({stop, allow},
-        emqx_authz:check_authz(ClientInfo1, subscribe, <<"+">>, deny, Rules2)),
+        emqx_authz:authorize(ClientInfo1, subscribe, <<"+">>, deny, Rules2)),
     ?assertEqual({stop, allow},
-        emqx_authz:check_authz(ClientInfo1, publish, <<"test">>, deny, Rules3)),
+        emqx_authz:authorize(ClientInfo1, publish, <<"test">>, deny, Rules3)),
     ?assertEqual({stop, deny},
-        emqx_authz:check_authz(ClientInfo1, publish, <<"test">>, deny, Rules4)),
+        emqx_authz:authorize(ClientInfo1, publish, <<"test">>, deny, Rules4)),
     ?assertEqual({stop, deny},
-        emqx_authz:check_authz(ClientInfo2, subscribe, <<"#">>, deny, Rules2)),
+        emqx_authz:authorize(ClientInfo2, subscribe, <<"#">>, deny, Rules2)),
     ?assertEqual({stop, deny},
-        emqx_authz:check_authz(ClientInfo3, publish, <<"test">>, deny, Rules3)),
+        emqx_authz:authorize(ClientInfo3, publish, <<"test">>, deny, Rules3)),
     ?assertEqual({stop, deny},
-        emqx_authz:check_authz(ClientInfo3, publish, <<"fake">>, deny, Rules4)),
+        emqx_authz:authorize(ClientInfo3, publish, <<"fake">>, deny, Rules4)),
     ?assertEqual({stop, deny},
-        emqx_authz:check_authz(ClientInfo4, publish, <<"test">>, deny, Rules3)),
+        emqx_authz:authorize(ClientInfo4, publish, <<"test">>, deny, Rules3)),
     ?assertEqual({stop, deny},
-        emqx_authz:check_authz(ClientInfo4, publish, <<"fake">>, deny, Rules4)),
+        emqx_authz:authorize(ClientInfo4, publish, <<"fake">>, deny, Rules4)),
     ok.
diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
index e4704c5f3..6ee229ec7 100644
--- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
@@ -95,23 +95,23 @@ t_authz(_) ->
                    },
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end),
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)), % nomatch
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"#">>)), % nomatch
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end),
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"+">>)),
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"+">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end),
-    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)),
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"+">>)),
+    ?assertEqual(allow, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end),
-    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_clientid">>)),
-    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo2, publish,   <<"test/test_clientid">>)),
-    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_username">>)),
-    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, publish,   <<"test/test_username">>)),
-    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo3, subscribe, <<"test">>)), % nomatch
-    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo3, publish,   <<"test">>)), % nomatch
+    ?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo2, publish,   <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_username">>)),
+    ?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, publish,   <<"test/test_username">>)),
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo3, subscribe, <<"test">>)), % nomatch
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo3, publish,   <<"test">>)), % nomatch
     ok.
 
diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
index d03cd3338..8fb9cd3e0 100644
--- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
@@ -95,23 +95,23 @@ t_authz(_) ->
                    },
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end),
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)), % nomatch
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"#">>)), % nomatch
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE1 ++ ?RULE2} end),
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"+">>)),
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo1, publish, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"+">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE2 ++ ?RULE1} end),
-    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo1, subscribe, <<"#">>)),
-    ?assertEqual(deny, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"+">>)),
+    ?assertEqual(allow, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo2, subscribe, <<"+">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, ?RULE3 ++ ?RULE4} end),
-    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_clientid">>)),
-    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo2, publish,   <<"test/test_clientid">>)),
-    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo2, subscribe, <<"test/test_username">>)),
-    ?assertEqual(allow, emqx_access_control:check_authz(ClientInfo2, publish,   <<"test/test_username">>)),
-    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo3, subscribe, <<"test">>)), % nomatch
-    ?assertEqual(deny,  emqx_access_control:check_authz(ClientInfo3, publish,   <<"test">>)), % nomatch
+    ?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo2, publish,   <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_username">>)),
+    ?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, publish,   <<"test/test_username">>)),
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo3, subscribe, <<"test">>)), % nomatch
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo3, publish,   <<"test">>)), % nomatch
     ok.
 
diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
index ab8465ffa..6e5015b7e 100644
--- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
@@ -84,30 +84,30 @@ t_authz(_) ->
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, []} end),
     % nomatch
     ?assertEqual(deny,
-                 emqx_access_control:check_authz(ClientInfo, subscribe, <<"#">>)),
+                 emqx_access_control:authorize(ClientInfo, subscribe, <<"#">>)),
     ?assertEqual(deny,
-                 emqx_access_control:check_authz(ClientInfo, publish, <<"#">>)),
+                 emqx_access_control:authorize(ClientInfo, publish, <<"#">>)),
 
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE1 ++ ?RULE2} end),
     % nomatch
     ?assertEqual(deny,
-        emqx_access_control:check_authz(ClientInfo, subscribe, <<"+">>)),
+        emqx_access_control:authorize(ClientInfo, subscribe, <<"+">>)),
     % nomatch
     ?assertEqual(deny,
-        emqx_access_control:check_authz(ClientInfo, subscribe, <<"test/username">>)),
+        emqx_access_control:authorize(ClientInfo, subscribe, <<"test/username">>)),
 
     ?assertEqual(allow,
-        emqx_access_control:check_authz(ClientInfo, publish, <<"test/clientid">>)),
+        emqx_access_control:authorize(ClientInfo, publish, <<"test/clientid">>)),
     ?assertEqual(allow,
-        emqx_access_control:check_authz(ClientInfo, publish, <<"test/clientid">>)),
+        emqx_access_control:authorize(ClientInfo, publish, <<"test/clientid">>)),
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?RULE3} end),
 
     ?assertEqual(allow,
-        emqx_access_control:check_authz(ClientInfo, subscribe, <<"#">>)),
+        emqx_access_control:authorize(ClientInfo, subscribe, <<"#">>)),
     % nomatch
     ?assertEqual(deny,
-        emqx_access_control:check_authz(ClientInfo, publish, <<"#">>)),
+        emqx_access_control:authorize(ClientInfo, publish, <<"#">>)),
     ok.
 
diff --git a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
index a1633a9be..b93d1c640 100644
--- a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
+++ b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
@@ -222,7 +222,7 @@ code_change(_OldVsn, State, _Extra) ->
 
 chann_subscribe(Topic, State = #state{clientid = ClientId}) ->
     ?LOG(debug, "subscribe Topic=~p", [Topic]),
-    case emqx_access_control:check_authz(clientinfo(State), subscribe, Topic) of
+    case emqx_access_control:authorize(clientinfo(State), subscribe, Topic) of
         allow ->
             emqx_broker:subscribe(Topic, ClientId, ?SUBOPTS),
             emqx_hooks:run('session.subscribed', [clientinfo(State), Topic, ?SUBOPTS]),
@@ -241,7 +241,7 @@ chann_unsubscribe(Topic, State) ->
 
 chann_publish(Topic, Payload, State = #state{clientid = ClientId}) ->
     ?LOG(debug, "publish Topic=~p, Payload=~p", [Topic, Payload]),
-    case emqx_access_control:check_authz(clientinfo(State), publish, Topic) of
+    case emqx_access_control:authorize(clientinfo(State), publish, Topic) of
         allow ->
             _ = emqx_broker:publish(
                     emqx_message:set_flag(retain, false,
diff --git a/apps/emqx_coap/test/emqx_coap_SUITE.erl b/apps/emqx_coap/test/emqx_coap_SUITE.erl
index 35975621b..9618425a3 100644
--- a/apps/emqx_coap/test/emqx_coap_SUITE.erl
+++ b/apps/emqx_coap/test/emqx_coap_SUITE.erl
@@ -77,7 +77,7 @@ t_publish_acl_deny(_Config) ->
     emqx:subscribe(Topic),
 
     ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history]),
-    ok = meck:expect(emqx_access_control, check_authz, 3, deny),
+    ok = meck:expect(emqx_access_control, authorize, 3, deny),
     Reply = er_coap_client:request(put, URI, #coap_content{format = <<"application/octet-stream">>, payload = Payload}),
     ?assertEqual({error,forbidden}, Reply),
     ok = meck:unload(emqx_access_control),
@@ -114,7 +114,7 @@ t_observe_acl_deny(_Config) ->
     Topic = <<"abc">>, TopicStr = binary_to_list(Topic),
     Uri = "coap://127.0.0.1/mqtt/"++TopicStr++"?c=client1&u=tom&p=secret",
     ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history]),
-    ok = meck:expect(emqx_access_control, check_authz, 3, deny),
+    ok = meck:expect(emqx_access_control, authorize, 3, deny),
     ?assertEqual({error,forbidden}, er_coap_observer:observe(Uri)),
     [] = emqx:subscribers(Topic),
     ok = meck:unload(emqx_access_control).
@@ -289,7 +289,7 @@ t_acl(Config) ->
         ok
     end,
 
-    ok = emqx_hooks:del('client.check_authz', {emqx_authz, check_authz}),
+    ok = emqx_hooks:del('client.authorize', {emqx_authz, authorize}),
     file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
     application:set_env(emqx, plugins_etc_dir, OldPath),
     application:stop(emqx_authz).
diff --git a/apps/emqx_exhook/include/emqx_exhook.hrl b/apps/emqx_exhook/include/emqx_exhook.hrl
index f640a5916..64131735e 100644
--- a/apps/emqx_exhook/include/emqx_exhook.hrl
+++ b/apps/emqx_exhook/include/emqx_exhook.hrl
@@ -25,7 +25,7 @@
       , {'client.connected',    {emqx_exhook_handler, on_client_connected,     []}}
       , {'client.disconnected', {emqx_exhook_handler, on_client_disconnected,  []}}
       , {'client.authenticate', {emqx_exhook_handler, on_client_authenticate,  []}}
-      , {'client.check_authz',    {emqx_exhook_handler, on_client_check_authz,     []}}
+      , {'client.authorize',    {emqx_exhook_handler, on_client_authorize,     []}}
       , {'client.subscribe',    {emqx_exhook_handler, on_client_subscribe,     []}}
       , {'client.unsubscribe',  {emqx_exhook_handler, on_client_unsubscribe,   []}}
       , {'session.created',     {emqx_exhook_handler, on_session_created,      []}}
diff --git a/apps/emqx_exhook/priv/protos/exhook.proto b/apps/emqx_exhook/priv/protos/exhook.proto
index 3b8fa8861..97a011352 100644
--- a/apps/emqx_exhook/priv/protos/exhook.proto
+++ b/apps/emqx_exhook/priv/protos/exhook.proto
@@ -40,7 +40,7 @@ service HookProvider {
 
   rpc OnClientAuthenticate(ClientAuthenticateRequest) returns (ValuedResponse) {};
 
-  rpc OnClientCheckAuthz(ClientCheckAuthzRequest) returns (ValuedResponse) {};
+  rpc OnClientAuthorize(ClientAuthorizeRequest) returns (ValuedResponse) {};
 
   rpc OnClientSubscribe(ClientSubscribeRequest) returns (EmptySuccess) {};
 
@@ -123,7 +123,7 @@ message ClientAuthenticateRequest {
   bool result = 2;
 }
 
-message ClientCheckAuthzRequest {
+message ClientAuthorizeRequest {
 
   ClientInfo clientinfo = 1;
 
@@ -253,7 +253,7 @@ message ValuedResponse {
 
   oneof value {
 
-    // Boolean result, used on the 'client.authenticate', 'client.check_authz' hooks
+    // Boolean result, used on the 'client.authenticate', 'client.authorize' hooks
     bool bool_result = 3;
 
     // Message result, used on the 'message.*' hooks
@@ -279,7 +279,7 @@ message HookSpec {
   // Available value:
   //   "client.connect",      "client.connack"
   //   "client.connected",    "client.disconnected"
-  //   "client.authenticate", "client.check_authz"
+  //   "client.authenticate", "client.authorize"
   //   "client.subscribe",    "client.unsubscribe"
   //
   //   "session.created",      "session.subscribed"
diff --git a/apps/emqx_exhook/src/emqx_exhook_handler.erl b/apps/emqx_exhook/src/emqx_exhook_handler.erl
index 695b1116b..db653c52b 100644
--- a/apps/emqx_exhook/src/emqx_exhook_handler.erl
+++ b/apps/emqx_exhook/src/emqx_exhook_handler.erl
@@ -27,7 +27,7 @@
         , on_client_connected/2
         , on_client_disconnected/3
         , on_client_authenticate/2
-        , on_client_check_authz/4
+        , on_client_authorize/4
         , on_client_subscribe/3
         , on_client_unsubscribe/3
         ]).
@@ -109,7 +109,7 @@ on_client_authenticate(ClientInfo, AuthResult) ->
             {ok, AuthResult}
     end.
 
-on_client_check_authz(ClientInfo, PubSub, Topic, Result) ->
+on_client_authorize(ClientInfo, PubSub, Topic, Result) ->
     Bool = Result == allow,
     Type = case PubSub of
                publish -> 'PUBLISH';
@@ -120,7 +120,7 @@ on_client_check_authz(ClientInfo, PubSub, Topic, Result) ->
             topic => Topic,
             result => Bool
            },
-    case call_fold('client.check_authz', Req,
+    case call_fold('client.authorize', Req,
                    fun merge_responsed_bool/2) of
         {StopOrOk, #{result := Result0}} when is_boolean(Result0) ->
             NResult = case Result0 of true -> allow; _ -> deny end,
diff --git a/apps/emqx_exhook/src/emqx_exhook_server.erl b/apps/emqx_exhook/src/emqx_exhook_server.erl
index 5c5da4a85..a3b132065 100644
--- a/apps/emqx_exhook/src/emqx_exhook_server.erl
+++ b/apps/emqx_exhook/src/emqx_exhook_server.erl
@@ -58,7 +58,7 @@
                    | 'client.connected'
                    | 'client.disconnected'
                    | 'client.authenticate'
-                   | 'client.check_authz'
+                   | 'client.authorize'
                    | 'client.subscribe'
                    | 'client.unsubscribe'
                    | 'session.created'
@@ -297,7 +297,7 @@ hk2func('client.connack') -> 'on_client_connack';
 hk2func('client.connected') -> 'on_client_connected';
 hk2func('client.disconnected') -> 'on_client_disconnected';
 hk2func('client.authenticate') -> 'on_client_authenticate';
-hk2func('client.check_authz') -> 'on_client_check_authz';
+hk2func('client.authorize') -> 'on_client_authorize';
 hk2func('client.subscribe') -> 'on_client_subscribe';
 hk2func('client.unsubscribe') -> 'on_client_unsubscribe';
 hk2func('session.created') -> 'on_session_created';
@@ -320,7 +320,7 @@ message_hooks() ->
 -compile({inline, [available_hooks/0]}).
 available_hooks() ->
     ['client.connect', 'client.connack', 'client.connected',
-     'client.disconnected', 'client.authenticate', 'client.check_authz',
+     'client.disconnected', 'client.authenticate', 'client.authorize',
      'client.subscribe', 'client.unsubscribe',
      'session.created', 'session.subscribed', 'session.unsubscribed',
      'session.resumed', 'session.discarded', 'session.takeovered',
diff --git a/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl b/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl
index da32a9cf1..656788b5e 100644
--- a/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl
+++ b/apps/emqx_exhook/test/emqx_exhook_demo_svr.erl
@@ -33,7 +33,7 @@
         , on_client_connected/2
         , on_client_disconnected/2
         , on_client_authenticate/2
-        , on_client_check_authz/2
+        , on_client_authorize/2
         , on_client_subscribe/2
         , on_client_unsubscribe/2
         , on_session_created/2
@@ -122,7 +122,7 @@ on_provider_loaded(Req, Md) ->
                      #{name => <<"client.connected">>},
                      #{name => <<"client.disconnected">>},
                      #{name => <<"client.authenticate">>},
-                     #{name => <<"client.check_authz">>},
+                     #{name => <<"client.authorize">>},
                      #{name => <<"client.subscribe">>},
                      #{name => <<"client.unsubscribe">>},
                      #{name => <<"session.created">>},
@@ -197,10 +197,10 @@ on_client_authenticate(#{clientinfo := #{username := Username}} = Req, Md) ->
             {ok, #{type => 'IGNORE'}, Md}
     end.
 
--spec on_client_check_authz(emqx_exhook_pb:client_check_authz_request(), grpc:metadata())
+-spec on_client_authorize(emqx_exhook_pb:client_authorize_request(), grpc:metadata())
     -> {ok, emqx_exhook_pb:valued_response(), grpc:metadata()}
      | {error, grpc_cowboy_h:error_response()}.
-on_client_check_authz(#{clientinfo := #{username := Username}} = Req, Md) ->
+on_client_authorize(#{clientinfo := #{username := Username}} = Req, Md) ->
     ?MODULE:in({?FUNCTION_NAME, Req}),
     %io:format("fun: ~p, req: ~0p~n", [?FUNCTION_NAME, Req]),
     %% some cases for testing
diff --git a/apps/emqx_exhook/test/props/prop_exhook_hooks.erl b/apps/emqx_exhook/test/props/prop_exhook_hooks.erl
index f276333dc..12f54eef6 100644
--- a/apps/emqx_exhook/test/props/prop_exhook_hooks.erl
+++ b/apps/emqx_exhook/test/props/prop_exhook_hooks.erl
@@ -109,14 +109,14 @@ prop_client_authenticate() ->
             true
         end).
 
-prop_client_check_authz() ->
+prop_client_authorize() ->
     ?ALL({ClientInfo0, PubSub, Topic, Result},
          {clientinfo(), oneof([publish, subscribe]),
           topic(), oneof([allow, deny])},
         begin
             ClientInfo = inject_magic_into(username, ClientInfo0),
             OutResult = emqx_hooks:run_fold(
-                          'client.check_authz',
+                          'client.authorize',
                           [ClientInfo, PubSub, Topic],
                           Result),
             ExpectedOutResult = case maps:get(username, ClientInfo) of
@@ -127,7 +127,7 @@ prop_client_check_authz() ->
                                  end,
             ?assertEqual(ExpectedOutResult, OutResult),
 
-            {'on_client_check_authz', Resp} = emqx_exhook_demo_svr:take(),
+            {'on_client_authorize', Resp} = emqx_exhook_demo_svr:take(),
             Expected =
                 #{result => aclresult_to_bool(Result),
                   type => pubsub_to_enum(PubSub),
diff --git a/apps/emqx_exproto/src/emqx_exproto_channel.erl b/apps/emqx_exproto/src/emqx_exproto_channel.erl
index c76617047..d45f445ab 100644
--- a/apps/emqx_exproto/src/emqx_exproto_channel.erl
+++ b/apps/emqx_exproto/src/emqx_exproto_channel.erl
@@ -305,7 +305,7 @@ handle_call({subscribe, TopicFilter, Qos},
                          conn_state = connected,
                          clientinfo = ClientInfo}) ->
     case is_acl_enabled(ClientInfo) andalso
-         emqx_access_control:check_authz(ClientInfo, subscribe, TopicFilter) of
+         emqx_access_control:authorize(ClientInfo, subscribe, TopicFilter) of
         deny ->
             {reply, {error, ?RESP_PERMISSION_DENY, <<"ACL deny">>}, Channel};
         _ ->
@@ -325,7 +325,7 @@ handle_call({publish, Topic, Qos, Payload},
                                     = #{clientid := From,
                                         mountpoint := Mountpoint}}) ->
     case is_acl_enabled(ClientInfo) andalso
-         emqx_access_control:check_authz(ClientInfo, publish, Topic) of
+         emqx_access_control:authorize(ClientInfo, publish, Topic) of
         deny ->
             {reply, {error, ?RESP_PERMISSION_DENY, <<"ACL deny">>}, Channel};
         _ ->
diff --git a/apps/emqx_exproto/test/emqx_exproto_SUITE.erl b/apps/emqx_exproto/test/emqx_exproto_SUITE.erl
index fe6fbbb08..e38347e5e 100644
--- a/apps/emqx_exproto/test/emqx_exproto_SUITE.erl
+++ b/apps/emqx_exproto/test/emqx_exproto_SUITE.erl
@@ -167,7 +167,7 @@ t_acl_deny(Cfg) ->
     Password = <<"123456">>,
 
     ok = meck:new(emqx_access_control, [passthrough, no_history, no_link]),
-    ok = meck:expect(emqx_access_control, check_authz, fun(_, _, _) -> deny end),
+    ok = meck:expect(emqx_access_control, authorize, fun(_, _, _) -> deny end),
 
     ConnBin = frame_connect(Client, Password),
     ConnAckBin = frame_connack(0),
diff --git a/apps/emqx_prometheus/src/emqx_prometheus.erl b/apps/emqx_prometheus/src/emqx_prometheus.erl
index 94f5baa4f..29acc72f6 100644
--- a/apps/emqx_prometheus/src/emqx_prometheus.erl
+++ b/apps/emqx_prometheus/src/emqx_prometheus.erl
@@ -414,8 +414,8 @@ emqx_collect(emqx_client_authenticate, Stats) ->
     counter_metric(?C('client.authenticate', Stats));
 emqx_collect(emqx_client_auth_anonymous, Stats) ->
     counter_metric(?C('client.auth.anonymous', Stats));
-emqx_collect(emqx_client_check_authz, Stats) ->
-    counter_metric(?C('client.check_authz', Stats));
+emqx_collect(emqx_client_authorize, Stats) ->
+    counter_metric(?C('client.authorize', Stats));
 emqx_collect(emqx_client_subscribe, Stats) ->
     counter_metric(?C('client.subscribe', Stats));
 emqx_collect(emqx_client_unsubscribe, Stats) ->
@@ -567,7 +567,7 @@ emqx_metrics_client() ->
     [ emqx_client_connected
     , emqx_client_authenticate
     , emqx_client_auth_anonymous
-    , emqx_client_check_authz
+    , emqx_client_authorize
     , emqx_client_subscribe
     , emqx_client_unsubscribe
     , emqx_client_disconnected

From c9acf423ba156648912f8139506793b522250365 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Tue, 29 Jun 2021 09:25:13 +0800
Subject: [PATCH 133/174] chore: rename authorze_cache function name  to
 check_authorization_cache

---
 apps/emqx/src/emqx_access_control.erl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/src/emqx_access_control.erl b/apps/emqx/src/emqx_access_control.erl
index 7b7138bef..8da3277a9 100644
--- a/apps/emqx/src/emqx_access_control.erl
+++ b/apps/emqx/src/emqx_access_control.erl
@@ -46,11 +46,11 @@ authenticate(ClientInfo = #{zone := Zone}) ->
       -> allow | deny).
 authorize(ClientInfo, PubSub, Topic) ->
     case emqx_acl_cache:is_enabled() of
-        true  -> authorize_cache(ClientInfo, PubSub, Topic);
+        true  -> check_authorization_cache(ClientInfo, PubSub, Topic);
         false -> do_authorize(ClientInfo, PubSub, Topic)
     end.
 
-authorize_cache(ClientInfo, PubSub, Topic) ->
+check_authorization_cache(ClientInfo, PubSub, Topic) ->
     case emqx_acl_cache:get_acl_cache(PubSub, Topic) of
         not_found ->
             AclResult = do_authorize(ClientInfo, PubSub, Topic),

From 2b082f9cf9f606e08fa3106d6ee582993771926b Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Tue, 29 Jun 2021 09:58:02 +0800
Subject: [PATCH 134/174] chore(connector): update connector ssl schema

---
 .../docker-compose-mysql-tls.yaml             |  8 ++--
 .../docker-compose-redis-cluster-tls.yaml     |  4 +-
 .../docker-compose-redis-sentinel-tls.yaml    |  4 +-
 .../docker-compose-redis-single-tls.yaml      | 10 +++--
 .ci/docker-compose-file/pgsql/Dockerfile      |  6 +--
 .ci/docker-compose-file/redis/redis-tls.conf  |  6 +--
 .ci/docker-compose-file/redis/redis.sh        |  8 ++--
 apps/emqx_authz/README.md                     | 11 +++--
 apps/emqx_authz/etc/emqx_authz.conf           | 11 +++--
 apps/emqx_authz/src/emqx_authz.erl            |  6 ++-
 .../test/emqx_authz_redis_SUITE.erl           |  3 +-
 .../emqx_connector/src/emqx_connector.app.src |  6 ++-
 .../src/emqx_connector_ldap.erl               | 30 ++++++-------
 .../src/emqx_connector_mongo.erl              | 18 ++++----
 .../src/emqx_connector_mysql.erl              | 10 ++---
 .../src/emqx_connector_pgsql.erl              | 12 +++---
 .../src/emqx_connector_redis.erl              | 19 ++++----
 .../src/emqx_connector_schema_lib.erl         | 43 ++++++++++++-------
 .../src/emqx_plugin_libs_ssl.erl              |  2 +-
 19 files changed, 128 insertions(+), 89 deletions(-)

diff --git a/.ci/docker-compose-file/docker-compose-mysql-tls.yaml b/.ci/docker-compose-file/docker-compose-mysql-tls.yaml
index c4d5bd500..17dfdcc8e 100644
--- a/.ci/docker-compose-file/docker-compose-mysql-tls.yaml
+++ b/.ci/docker-compose-file/docker-compose-mysql-tls.yaml
@@ -11,9 +11,11 @@ services:
       MYSQL_USER: ssluser
       MYSQL_PASSWORD: public
     volumes:
-      - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/ca.pem:/etc/certs/ca-cert.pem
-      - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-cert.pem:/etc/certs/server-cert.pem
-      - ../../apps/emqx_auth_mysql/test/emqx_auth_mysql_SUITE_data/server-key.pem:/etc/certs/server-key.pem
+      - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca-cert.pem
+      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/server-cert.pem
+      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/server-key.pem
+    ports:
+      - "3306:3306"
     networks:
       - emqx_bridge
     command:
diff --git a/.ci/docker-compose-file/docker-compose-redis-cluster-tls.yaml b/.ci/docker-compose-file/docker-compose-redis-cluster-tls.yaml
index 78b655946..c5cefd9e6 100644
--- a/.ci/docker-compose-file/docker-compose-redis-cluster-tls.yaml
+++ b/.ci/docker-compose-file/docker-compose-redis-cluster-tls.yaml
@@ -5,7 +5,9 @@ services:
     container_name: redis
     image: redis:${REDIS_TAG}
     volumes:
-      - ../../apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs:/tls
+      - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca.crt
+      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/redis.crt
+      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/redis.key
       - ./redis/:/data/conf
     command: bash -c "/bin/bash /data/conf/redis.sh --node cluster --tls-enabled && tail -f /var/log/redis-server.log"
     networks:
diff --git a/.ci/docker-compose-file/docker-compose-redis-sentinel-tls.yaml b/.ci/docker-compose-file/docker-compose-redis-sentinel-tls.yaml
index 7c7f46ce2..045570d5c 100644
--- a/.ci/docker-compose-file/docker-compose-redis-sentinel-tls.yaml
+++ b/.ci/docker-compose-file/docker-compose-redis-sentinel-tls.yaml
@@ -5,7 +5,9 @@ services:
     container_name: redis
     image: redis:${REDIS_TAG}
     volumes:
-      - ../../apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs:/tls
+      - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca.crt
+      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/redis.crt
+      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/redis.key
       - ./redis/:/data/conf
     command: bash -c "/bin/bash /data/conf/redis.sh --node sentinel --tls-enabled && tail -f /var/log/redis-server.log"
     networks:
diff --git a/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml b/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml
index 814a0f1cb..bb6c3ff15 100644
--- a/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml
+++ b/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml
@@ -5,15 +5,17 @@ services:
     container_name: redis
     image: redis:${REDIS_TAG}
     volumes:
-      - ../../apps/emqx_auth_redis/test/emqx_auth_redis_SUITE_data/certs:/tls
+      - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca.crt
+      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/redis.crt
+      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/redis.key
     command:
       - redis-server
       - "--bind 0.0.0.0 ::"
       - --requirepass public
       - --tls-port 6380
-      - --tls-cert-file /tls/redis.crt
-      - --tls-key-file /tls/redis.key
-      - --tls-ca-cert-file /tls/ca.crt
+      - --tls-cert-file /etc/certs/redis.crt
+      - --tls-key-file /etc/certs/redis.key
+      - --tls-ca-cert-file /etc/certs/ca.crt
     restart: always
     networks:
       - emqx_bridge
diff --git a/.ci/docker-compose-file/pgsql/Dockerfile b/.ci/docker-compose-file/pgsql/Dockerfile
index e4c973258..db2cd59fe 100644
--- a/.ci/docker-compose-file/pgsql/Dockerfile
+++ b/.ci/docker-compose-file/pgsql/Dockerfile
@@ -2,9 +2,9 @@ ARG BUILD_FROM=postgres:11
 FROM ${BUILD_FROM}
 ARG POSTGRES_USER=postgres
 COPY --chown=$POSTGRES_USER .ci/docker-compose-file/pgsql/pg_hba.conf /var/lib/postgresql/pg_hba.conf
-COPY --chown=$POSTGRES_USER apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-key.pem /var/lib/postgresql/server.key
-COPY --chown=$POSTGRES_USER apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/server-cert.pem /var/lib/postgresql/server.crt
-COPY --chown=$POSTGRES_USER apps/emqx_auth_pgsql/test/emqx_auth_pgsql_SUITE_data/ca.pem /var/lib/postgresql/root.crt
+COPY --chown=$POSTGRES_USER apps/emqx/etc/certs/key.pem /var/lib/postgresql/server.key
+COPY --chown=$POSTGRES_USER apps/emqx/etc/certs/cert.pem /var/lib/postgresql/server.crt
+COPY --chown=$POSTGRES_USER apps/emqx/etc/certs/cacert.pem /var/lib/postgresql/root.crt
 RUN chmod 600 /var/lib/postgresql/pg_hba.conf
 RUN chmod 600 /var/lib/postgresql/server.key
 RUN chmod 600 /var/lib/postgresql/server.crt
diff --git a/.ci/docker-compose-file/redis/redis-tls.conf b/.ci/docker-compose-file/redis/redis-tls.conf
index 325c200c3..e304c814f 100644
--- a/.ci/docker-compose-file/redis/redis-tls.conf
+++ b/.ci/docker-compose-file/redis/redis-tls.conf
@@ -1,9 +1,9 @@
 daemonize yes
 bind 0.0.0.0 ::
 logfile /var/log/redis-server.log
-tls-cert-file /tls/redis.crt
-tls-key-file /tls/redis.key
-tls-ca-cert-file /tls/ca.crt
+tls-cert-file /etc/certs/redis.crt
+tls-key-file /etc/certs/redis.key
+tls-ca-cert-file /etc/certs/ca.crt
 tls-replication yes
 tls-cluster yes
 protected-mode no
diff --git a/.ci/docker-compose-file/redis/redis.sh b/.ci/docker-compose-file/redis/redis.sh
index 272a5b443..6cc7ce98b 100755
--- a/.ci/docker-compose-file/redis/redis.sh
+++ b/.ci/docker-compose-file/redis/redis.sh
@@ -91,7 +91,7 @@ do
     fi
     if [ "${node}" = "cluster" ] ; then
       if $tls ; then
-       yes "yes" | redis-cli --cluster create "$LOCAL_IP:8000" "$LOCAL_IP:8001" "$LOCAL_IP:8002" --pass public --no-auth-warning --tls true --cacert /tls/ca.crt --cert /tls/redis.crt --key /tls/redis.key;
+       yes "yes" | redis-cli --cluster create "$LOCAL_IP:8000" "$LOCAL_IP:8001" "$LOCAL_IP:8002" --pass public --no-auth-warning --tls true --cacert /etc/certs/ca.crt --cert /etc/certs/redis.crt --key /etc/certs/redis.key;
       else
         yes "yes" | redis-cli --cluster create "$LOCAL_IP:7000" "$LOCAL_IP:7001" "$LOCAL_IP:7002" --pass public --no-auth-warning;
       fi
@@ -107,9 +107,9 @@ EOF
           cat >>/_sentinel.conf<<EOF
 tls-port 26380
 tls-replication yes
-tls-cert-file /tls/redis.crt
-tls-key-file /tls/redis.key
-tls-ca-cert-file /tls/ca.crt
+tls-cert-file /etc/certs/redis.crt
+tls-key-file /etc/certs/redis.key
+tls-ca-cert-file /etc/certs/ca.crt
 sentinel monitor mymaster $LOCAL_IP 8000 1
 EOF
       else
diff --git a/apps/emqx_authz/README.md b/apps/emqx_authz/README.md
index 0fddac9b0..699781b71 100644
--- a/apps/emqx_authz/README.md
+++ b/apps/emqx_authz/README.md
@@ -16,7 +16,12 @@ authz:{
               username: root
               password: public
               auto_reconnect: true
-              ssl: false
+              ssl: {
+                enable: true
+                cacertfile:  "etc/certs/cacert.pem"
+                certfile: "etc/certs/client-cert.pem"
+                keyfile: "etc/certs/client-key.pem"
+              }
            }
            sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or clientid = '%c'"
        },
@@ -29,7 +34,7 @@ authz:{
               username: root
               password: public
               auto_reconnect: true
-              ssl: false
+              ssl: {enable: false}
            }
            sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
        },
@@ -41,7 +46,7 @@ authz:{
               pool_size: 1
               password: public
               auto_reconnect: true
-              ssl: false
+              ssl: {enable: false}
            }
            cmd: "HGETALL mqtt_acl:%u"
        },
diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf
index ec8f642b1..b2575e6d6 100644
--- a/apps/emqx_authz/etc/emqx_authz.conf
+++ b/apps/emqx_authz/etc/emqx_authz.conf
@@ -9,7 +9,12 @@ authz:{
        #        username: root
        #        password: public
        #        auto_reconnect: true
-       #        ssl: false
+       #        ssl: {
+       #          enable: true
+       #          cacertfile:  "{{ platform_etc_dir }}/certs/cacert.pem"
+       #          certfile: "{{ platform_etc_dir }}/certs/client-cert.pem"
+       #          keyfile: "{{ platform_etc_dir }}/certs/client-key.pem"
+       #        }
        #     }
        #     sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or clientid = '%c'"
        # },
@@ -22,7 +27,7 @@ authz:{
        #        username: root
        #        password: public
        #        auto_reconnect: true
-       #        ssl: false
+       #        ssl: {enable: false}
        #     }
        #     sql: "select ipaddress, username, clientid, action, permission, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"
        # },
@@ -34,7 +39,7 @@ authz:{
        #        pool_size: 1
        #        password: public
        #        auto_reconnect: true
-       #        ssl: false
+       #        ssl: {enable: false}
        #     }
        #     cmd: "HGETALL mqtt_acl:%u"
        # },
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index 8f6ae5f2b..337e3b043 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -67,10 +67,14 @@ create_resource(#{<<"type">> := DB,
                   <<"config">> := Config
                  } = Rule) ->
     ResourceID = iolist_to_binary([io_lib:format("~s_~s",[?APP, DB]), "_", integer_to_list(erlang:system_time())]),
+    NConfig = case DB of
+                  redis -> #{<<"config">> => Config };
+                  _ -> Config
+              end,
     case emqx_resource:check_and_create(
             ResourceID,
             list_to_existing_atom(io_lib:format("~s_~s",[emqx_connector, DB])),
-            #{<<"config">> => Config })
+            NConfig)
     of
         {ok, _} ->
             Rule#{<<"resource_id">> => ResourceID};
diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
index 6e5015b7e..a4045a9e4 100644
--- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
@@ -55,7 +55,8 @@ set_special_configs(emqx_authz) ->
                     <<"server">> => <<"127.0.0.1:6379">>,
                     <<"password">> => <<"public">>,
                     <<"pool_size">> => 1,
-                    <<"auto_reconnect">> => true
+                    <<"auto_reconnect">> => true,
+                    <<"ssl">> => #{<<"enable">> => false}
                   },
                   <<"principal">> => all,
                   <<"cmd">> => <<"fake cmd">>,
diff --git a/apps/emqx_connector/src/emqx_connector.app.src b/apps/emqx_connector/src/emqx_connector.app.src
index 5ff7d0828..6eb22cfe5 100644
--- a/apps/emqx_connector/src/emqx_connector.app.src
+++ b/apps/emqx_connector/src/emqx_connector.app.src
@@ -6,9 +6,13 @@
   {applications,
    [kernel,
     stdlib,
+    ecpool,
     emqx_resource,
     eredis_cluster,
-    ecpool
+    eredis,
+    epgsql,
+    mysql,
+    mongodb
    ]},
   {env,[]},
   {modules, []},
diff --git a/apps/emqx_connector/src/emqx_connector_ldap.erl b/apps/emqx_connector/src/emqx_connector_ldap.erl
index ca5ff2482..8c0504d53 100644
--- a/apps/emqx_connector/src/emqx_connector_ldap.erl
+++ b/apps/emqx_connector/src/emqx_connector_ldap.erl
@@ -38,7 +38,7 @@
 structs() -> [""].
 
 fields("") ->
-    redis_fields() ++
+    ldap_fields() ++
     emqx_connector_schema_lib:ssl_fields().
 
 on_jsonify(Config) ->
@@ -51,10 +51,17 @@ on_start(InstId, #{servers := Servers0,
                    bind_password :=  BindPassword,
                    timeout := Timeout,
                    pool_size := PoolSize,
-                   auto_reconnect := AutoReconn} = Config) ->
-    logger:info("starting redis connector: ~p, config: ~p", [InstId, Config]),
+                   auto_reconnect := AutoReconn,
+                   ssl := SSL} = Config) ->
+    logger:info("starting ldap connector: ~p, config: ~p", [InstId, Config]),
     Servers = [begin proplists:get_value(host, S) end || S <- Servers0],
-    SslOpts = init_ssl_opts(Config, InstId),
+    SslOpts = case maps:get(enable, SSL) of
+                  true ->
+                      [{ssl, true},
+                       {sslopts, emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}
+                      ];
+                  false -> [{ssl, false}]
+              end,
     Opts = [{servers, Servers},
             {port, Port},
             {bind_dn, BindDn},
@@ -68,14 +75,14 @@ on_start(InstId, #{servers := Servers0,
     {ok, #{poolname => PoolName}}.
 
 on_stop(InstId, #{poolname := PoolName}) ->
-    logger:info("stopping redis connector: ~p", [InstId]),
+    logger:info("stopping ldap connector: ~p", [InstId]),
     emqx_plugin_libs_pool:stop_pool(PoolName).
 
 on_query(InstId, {search, Base, Filter, Attributes}, AfterQuery, #{poolname := PoolName} = State) ->
-    logger:debug("redis connector ~p received request: ~p, at state: ~p", [InstId, {Base, Filter, Attributes}, State]),
+    logger:debug("ldap connector ~p received request: ~p, at state: ~p", [InstId, {Base, Filter, Attributes}, State]),
     case Result = ecpool:pick_and_do(PoolName, {?MODULE, search, [Base, Filter, Attributes]}, no_handover) of
         {error, Reason} ->
-            logger:debug("redis connector ~p do request failed, request: ~p, reason: ~p", [InstId, {Base, Filter, Attributes}, Reason]),
+            logger:debug("ldap connector ~p do request failed, request: ~p, reason: ~p", [InstId, {Base, Filter, Attributes}, Reason]),
             emqx_resource:query_failed(AfterQuery);
         _ ->
             emqx_resource:query_success(AfterQuery)
@@ -116,14 +123,7 @@ connect(Opts) ->
     ok = eldap2:simple_bind(LDAP, BindDn, BindPassword),
     {ok, LDAP}.
 
-init_ssl_opts(#{ssl := true} = Config, InstId) ->
-    [{ssl, true},
-     {sslopts, emqx_plugin_libs_ssl:save_files_return_opts(Config, "connectors", InstId)}
-    ];
-init_ssl_opts(_Config, _InstId) ->
-    [{ssl, false}].
-
-redis_fields() ->
+ldap_fields() ->
     [ {servers, fun emqx_connector_schema_lib:servers/1}
     , {port, fun port/1}
     , {pool_size, fun emqx_connector_schema_lib:pool_size/1}
diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl
index 841cc0a2a..9b5609c2f 100644
--- a/apps/emqx_connector/src/emqx_connector_mongo.erl
+++ b/apps/emqx_connector/src/emqx_connector_mongo.erl
@@ -48,9 +48,16 @@ on_jsonify(Config) ->
 on_start(InstId, #{servers := Servers,
                    mongo_type := Type,
                    database := Database,
-                   pool_size := PoolSize} = Config) ->
+                   pool_size := PoolSize,
+                   ssl := SSL} = Config) ->
     logger:info("starting mongodb connector: ~p, config: ~p", [InstId, Config]),
-    SslOpts = init_ssl_opts(Config, InstId),
+    SslOpts = case maps:get(enable, SSL) of
+                  true ->
+                      [{ssl, true},
+                       {ssl_opts, emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}
+                      ];
+                  false -> [{ssl, false}]
+              end,
     Hosts = [string:trim(H) || H <- string:tokens(binary_to_list(Servers), ",")],
     Opts = [{type, init_type(Type, Config)},
             {hosts, Hosts},
@@ -157,13 +164,6 @@ init_worker_options([_ | R], Acc) ->
     init_worker_options(R, Acc);
 init_worker_options([], Acc) -> Acc.
 
-init_ssl_opts(#{ssl := true} = Config, InstId) ->
-    [{ssl, true},
-     {ssl_opts, emqx_plugin_libs_ssl:save_files_return_opts(Config, "connectors", InstId)}
-    ];
-init_ssl_opts(_Config, _InstId) ->
-    [{ssl, false}].
-
 host_port(HostPort) ->
     case string:split(HostPort, ":") of
         [Host, Port] ->
diff --git a/apps/emqx_connector/src/emqx_connector_mysql.erl b/apps/emqx_connector/src/emqx_connector_mysql.erl
index afe249682..a606bb82d 100644
--- a/apps/emqx_connector/src/emqx_connector_mysql.erl
+++ b/apps/emqx_connector/src/emqx_connector_mysql.erl
@@ -51,14 +51,14 @@ on_start(InstId, #{server := {Host, Port},
                    username := User,
                    password := Password,
                    auto_reconnect := AutoReconn,
-                   pool_size := PoolSize} = Config) ->
+                   pool_size := PoolSize,
+                   ssl := SSL } = Config) ->
     logger:info("starting mysql connector: ~p, config: ~p", [InstId, Config]),
-    SslOpts = case maps:get(ssl, Config) of
+    SslOpts = case maps:get(enable, SSL) of
         true ->
             [{ssl, [{server_name_indication, disable} |
-                    emqx_plugin_libs_ssl:save_files_return_opts(Config, "connectors", InstId)]}];
-        false ->
-            []
+                    emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)]}];
+        false -> []
     end,
     Options = [{host, Host},
                {port, Port},
diff --git a/apps/emqx_connector/src/emqx_connector_pgsql.erl b/apps/emqx_connector/src/emqx_connector_pgsql.erl
index 827a9606c..ddcc2a7c7 100644
--- a/apps/emqx_connector/src/emqx_connector_pgsql.erl
+++ b/apps/emqx_connector/src/emqx_connector_pgsql.erl
@@ -50,14 +50,14 @@ on_start(InstId, #{server := {Host, Port},
                    username := User,
                    password := Password,
                    auto_reconnect := AutoReconn,
-                   pool_size := PoolSize} = Config) ->
+                   pool_size := PoolSize,
+                   ssl := SSL } = Config) ->
     logger:info("starting postgresql connector: ~p, config: ~p", [InstId, Config]),
-    SslOpts = case maps:get(ssl, Config) of
+    SslOpts = case maps:get(enable, SSL) of
         true ->
-            [{ssl_opts, [{server_name_indication, disable} |
-                         emqx_plugin_libs_ssl:save_files_return_opts(Config, "connectors", InstId)]}];
-        false ->
-            []
+            [{ssl, [{server_name_indication, disable} |
+                    emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)]}];
+        false -> []
     end,
     Options = [{host, Host},
                {port, Port},
diff --git a/apps/emqx_connector/src/emqx_connector_redis.erl b/apps/emqx_connector/src/emqx_connector_redis.erl
index 1aa6263b6..4e1dc1773 100644
--- a/apps/emqx_connector/src/emqx_connector_redis.erl
+++ b/apps/emqx_connector/src/emqx_connector_redis.erl
@@ -81,7 +81,8 @@ on_jsonify(Config) ->
 on_start(InstId, #{config :=#{redis_type := Type,
                               database := Database,
                               pool_size := PoolSize,
-                              auto_reconnect := AutoReconn} = Config}) ->
+                              auto_reconnect := AutoReconn,
+                              ssl := SSL } = Config}) ->
     logger:info("starting redis connector: ~p, config: ~p", [InstId, Config]),
     Servers = case Type of
                 single -> [{servers, [maps:get(server, Config)]}];
@@ -92,8 +93,13 @@ on_start(InstId, #{config :=#{redis_type := Type,
             {password, maps:get(password, Config, "")},
             {auto_reconnect, reconn_interval(AutoReconn)}
            ] ++ Servers,
-    Options = init_ssl_opts(Config, InstId) ++
-              [{sentinel, maps:get(sentinel, Config, undefined)}],
+    Options = case maps:get(enable, SSL) of
+                  true ->
+                      [{ssl, true},
+                       {ssl_options, emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}
+                      ];
+                  false -> [{ssl, false}]
+              end ++ [{sentinel, maps:get(sentinel, Config, undefined)}],
     PoolName = emqx_plugin_libs_pool:pool_name(InstId),
     case Type of
         cluster ->
@@ -157,13 +163,6 @@ cmd(Conn, _Type, Command) ->
 connect(Opts) ->
     eredis:start_link(Opts).
 
-init_ssl_opts(#{ssl := true} = Config, InstId) ->
-    [{ssl, true},
-     {ssl_opts, emqx_plugin_libs_ssl:save_files_return_opts(Config, "connectors", InstId)}
-    ];
-init_ssl_opts(_Config, _InstId) ->
-    [{ssl, false}].
-
 redis_fields() ->
     [ {pool_size, fun emqx_connector_schema_lib:pool_size/1}
     , {password, fun emqx_connector_schema_lib:password/1}
diff --git a/apps/emqx_connector/src/emqx_connector_schema_lib.erl b/apps/emqx_connector/src/emqx_connector_schema_lib.erl
index 03572d91d..17069c7f0 100644
--- a/apps/emqx_connector/src/emqx_connector_schema_lib.erl
+++ b/apps/emqx_connector/src/emqx_connector_schema_lib.erl
@@ -51,6 +51,31 @@
               , servers/0
              ]).
 
+-export([structs/0, fields/1]).
+
+structs() -> [ssl_on, ssl_off].
+
+fields(ssl_on) ->
+    [ {enable, #{type => true}}
+    , {cacertfile, fun cacertfile/1}
+    , {keyfile, fun keyfile/1}
+    , {certfile, fun certfile/1}
+    , {verify, fun verify/1}
+    ];
+
+fields(ssl_off) ->
+    [ {enable, #{type => false}} ].
+
+ssl_fields() ->
+    [ {ssl, #{type => hoconsc:union(
+                       [ hoconsc:ref(?MODULE, ssl_on)
+                       , hoconsc:ref(?MODULE, ssl_off)
+                       ]),
+              default => hoconsc:ref(?MODULE, ssl_off)
+             }
+      }
+    ].
+
 relational_db_fields() ->
     [ {server, fun server/1}
     , {database, fun database/1}
@@ -60,14 +85,6 @@ relational_db_fields() ->
     , {auto_reconnect, fun auto_reconnect/1}
     ].
 
-ssl_fields() ->
-    [ {ssl, fun ssl/1}
-    , {cacertfile, fun cacertfile/1}
-    , {keyfile, fun keyfile/1}
-    , {certfile, fun certfile/1}
-    , {verify, fun verify/1}
-    ].
-
 server(type) -> emqx_schema:ip_port();
 server(validator) -> [?REQUIRED("the field 'server' is required")];
 server(_) -> undefined.
@@ -93,19 +110,15 @@ auto_reconnect(type) -> boolean();
 auto_reconnect(default) -> true;
 auto_reconnect(_) -> undefined.
 
-ssl(type) -> boolean();
-ssl(default) -> false;
-ssl(_) -> undefined.
-
-cacertfile(type) -> binary();
+cacertfile(type) -> string();
 cacertfile(default) -> "";
 cacertfile(_) -> undefined.
 
-keyfile(type) -> binary();
+keyfile(type) -> string();
 keyfile(default) -> "";
 keyfile(_) -> undefined.
 
-certfile(type) -> binary();
+certfile(type) -> string();
 certfile(default) -> "";
 certfile(_) -> undefined.
 
diff --git a/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl b/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl
index 9a17765c6..f6f449f06 100644
--- a/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl
+++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl
@@ -57,7 +57,7 @@ save_files_return_opts(Options, Dir) ->
     Get = fun(Key) -> GetD(Key, undefined) end,
     KeyFile = Get(keyfile),
     CertFile = Get(certfile),
-    CAFile = GetD(cacertfile, Get(cafile)),
+    CAFile = Get(cacertfile),
     Key = do_save_file(KeyFile, Dir),
     Cert = do_save_file(CertFile, Dir),
     CA = do_save_file(CAFile, Dir),

From cdcb63374a1fd22be58575ba1016aa5ea0cb3879 Mon Sep 17 00:00:00 2001
From: tigercl <zhouzb@emqx.io>
Date: Wed, 30 Jun 2021 17:04:28 +0800
Subject: [PATCH 135/174] refactor(authn): support hocon for authn (#5068)

* refactor(use hocon): rename to authn, , support hocon, support two types of chains and support bind listener to chain
---
 .../etc/emqx_authentication.conf              |   0
 .../include/emqx_authentication.hrl           |  43 --
 .../priv/emqx_authentication.schema           |   0
 .../src/emqx_authentication.erl               | 522 -----------------
 .../src/emqx_authentication_api.erl           | 407 -------------
 .../src/emqx_authentication_jwt.erl           | 409 -------------
 .../test/emqx_authentication_SUITE.erl        | 189 ------
 .../data/user-credentials.csv                 |   0
 .../data/user-credentials.json                |   0
 apps/emqx_authn/etc/emqx_authn.conf           |  26 +
 apps/emqx_authn/include/emqx_authn.hrl        |  67 +++
 .../rebar.config                              |   0
 .../src/emqx_authn.app.src}                   |   6 +-
 apps/emqx_authn/src/emqx_authn.erl            | 490 ++++++++++++++++
 apps/emqx_authn/src/emqx_authn_api.erl        | 544 ++++++++++++++++++
 apps/emqx_authn/src/emqx_authn_app.erl        |  80 +++
 apps/emqx_authn/src/emqx_authn_schema.erl     | 114 ++++
 .../src/emqx_authn_sup.erl}                   |   2 +-
 apps/emqx_authn/src/emqx_authn_utils.erl      |  55 ++
 .../emqx_enhanced_authn_mnesia.erl}           |  22 +-
 .../emqx_authn_jwks_connector.erl}            |  26 +-
 .../src/simple_authn/emqx_authn_jwt.erl       | 343 +++++++++++
 .../src/simple_authn/emqx_authn_mnesia.erl}   | 107 ++--
 .../src/simple_authn/emqx_authn_mysql.erl     | 160 ++++++
 .../src/simple_authn/emqx_authn_pgsql.erl     | 155 +++++
 apps/emqx_authn/test/data/private_key.pem     |  15 +
 apps/emqx_authn/test/data/public_key.pem      |   6 +
 .../test/data/user-credentials.csv            |   0
 .../test/data/user-credentials.json           |   0
 apps/emqx_authn/test/emqx_authn_SUITE.erl     | 142 +++++
 apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl | 182 ++++++
 .../test/emqx_authn_mnesia_SUITE.erl          | 187 ++++++
 rebar.config.erl                              |   3 +-
 33 files changed, 2652 insertions(+), 1650 deletions(-)
 delete mode 100644 apps/emqx_authentication/etc/emqx_authentication.conf
 delete mode 100644 apps/emqx_authentication/include/emqx_authentication.hrl
 delete mode 100644 apps/emqx_authentication/priv/emqx_authentication.schema
 delete mode 100644 apps/emqx_authentication/src/emqx_authentication.erl
 delete mode 100644 apps/emqx_authentication/src/emqx_authentication_api.erl
 delete mode 100644 apps/emqx_authentication/src/emqx_authentication_jwt.erl
 delete mode 100644 apps/emqx_authentication/test/emqx_authentication_SUITE.erl
 rename apps/{emqx_authentication => emqx_authn}/data/user-credentials.csv (100%)
 rename apps/{emqx_authentication => emqx_authn}/data/user-credentials.json (100%)
 create mode 100644 apps/emqx_authn/etc/emqx_authn.conf
 create mode 100644 apps/emqx_authn/include/emqx_authn.hrl
 rename apps/{emqx_authentication => emqx_authn}/rebar.config (100%)
 rename apps/{emqx_authentication/src/emqx_authentication.app.src => emqx_authn/src/emqx_authn.app.src} (63%)
 create mode 100644 apps/emqx_authn/src/emqx_authn.erl
 create mode 100644 apps/emqx_authn/src/emqx_authn_api.erl
 create mode 100644 apps/emqx_authn/src/emqx_authn_app.erl
 create mode 100644 apps/emqx_authn/src/emqx_authn_schema.erl
 rename apps/{emqx_authentication/src/emqx_authentication_sup.erl => emqx_authn/src/emqx_authn_sup.erl} (96%)
 create mode 100644 apps/emqx_authn/src/emqx_authn_utils.erl
 rename apps/{emqx_authentication/src/emqx_authentication_app.erl => emqx_authn/src/enhanced_authn/emqx_enhanced_authn_mnesia.erl} (63%)
 rename apps/{emqx_authentication/src/emqx_authentication_jwks_connector.erl => emqx_authn/src/simple_authn/emqx_authn_jwks_connector.erl} (87%)
 create mode 100644 apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
 rename apps/{emqx_authentication/src/emqx_authentication_mnesia.erl => emqx_authn/src/simple_authn/emqx_authn_mnesia.erl} (80%)
 create mode 100644 apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
 create mode 100644 apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
 create mode 100644 apps/emqx_authn/test/data/private_key.pem
 create mode 100644 apps/emqx_authn/test/data/public_key.pem
 rename apps/{emqx_authentication => emqx_authn}/test/data/user-credentials.csv (100%)
 rename apps/{emqx_authentication => emqx_authn}/test/data/user-credentials.json (100%)
 create mode 100644 apps/emqx_authn/test/emqx_authn_SUITE.erl
 create mode 100644 apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl
 create mode 100644 apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl

diff --git a/apps/emqx_authentication/etc/emqx_authentication.conf b/apps/emqx_authentication/etc/emqx_authentication.conf
deleted file mode 100644
index e69de29bb..000000000
diff --git a/apps/emqx_authentication/include/emqx_authentication.hrl b/apps/emqx_authentication/include/emqx_authentication.hrl
deleted file mode 100644
index 814c03eb4..000000000
--- a/apps/emqx_authentication/include/emqx_authentication.hrl
+++ /dev/null
@@ -1,43 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--define(APP, emqx_authentication).
-
--type(service_type_name() :: atom()).
--type(service_name() :: binary()).
--type(chain_id() :: binary()).
-
--record(service_type,
-        { name :: service_type_name()
-        , provider :: module()
-        , params_spec :: #{atom() => term()}
-        }).
-
--record(service,
-        { name :: service_name()
-        , type :: service_type_name()
-        , provider :: module()
-        , params :: map()
-        , state :: map()
-        }).
-
--record(chain,
-        { id :: chain_id()
-        , services :: [{service_name(), #service{}}]
-        , created_at :: integer()
-        }).
-
--define(AUTH_SHARD, emqx_authentication_shard).
diff --git a/apps/emqx_authentication/priv/emqx_authentication.schema b/apps/emqx_authentication/priv/emqx_authentication.schema
deleted file mode 100644
index e69de29bb..000000000
diff --git a/apps/emqx_authentication/src/emqx_authentication.erl b/apps/emqx_authentication/src/emqx_authentication.erl
deleted file mode 100644
index a3d0241c0..000000000
--- a/apps/emqx_authentication/src/emqx_authentication.erl
+++ /dev/null
@@ -1,522 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_authentication).
-
--include("emqx_authentication.hrl").
-
--export([ enable/0
-        , disable/0
-        ]).
-
--export([authenticate/1]).
-
--export([register_service_types/0]).
-
--export([ create_chain/1
-        , delete_chain/1
-        , lookup_chain/1
-        , list_chains/0
-        , add_services/2
-        , delete_services/2
-        , update_service/3
-        , lookup_service/2
-        , list_services/1
-        , move_service_to_the_front/2
-        , move_service_to_the_end/2
-        , move_service_to_the_nth/3
-        ]).
-
--export([ import_users/3
-        , add_user/3
-        , delete_user/3
-        , update_user/4
-        , lookup_user/3
-        , list_users/2
-        ]).
-
--export([mnesia/1]).
-
--boot_mnesia({mnesia, [boot]}).
--copy_mnesia({mnesia, [copy]}).
-
--define(CHAIN_TAB, emqx_authentication_chain).
--define(SERVICE_TYPE_TAB, emqx_authentication_service_type).
-
--rlog_shard({?AUTH_SHARD, ?CHAIN_TAB}).
--rlog_shard({?AUTH_SHARD, ?SERVICE_TYPE_TAB}).
-
-%%------------------------------------------------------------------------------
-%% Mnesia bootstrap
-%%------------------------------------------------------------------------------
-
-%% @doc Create or replicate tables.
--spec(mnesia(boot | copy) -> ok).
-mnesia(boot) ->
-    %% Optimize storage
-    StoreProps = [{ets, [{read_concurrency, true}]}],
-    %% Chain table
-    ok = ekka_mnesia:create_table(?CHAIN_TAB, [
-                {disc_copies, [node()]},
-                {record_name, chain},
-                {attributes, record_info(fields, chain)},
-                {storage_properties, StoreProps}]),
-    %% Service type table
-    ok = ekka_mnesia:create_table(?SERVICE_TYPE_TAB, [
-                {ram_copies, [node()]},
-                {record_name, service_type},
-                {attributes, record_info(fields, service_type)},
-                {storage_properties, StoreProps}]);
-
-mnesia(copy) ->
-    %% Copy chain table
-    ok = ekka_mnesia:copy_table(?CHAIN_TAB, disc_copies),
-    %% Copy service type table
-    ok = ekka_mnesia:copy_table(?SERVICE_TYPE_TAB, ram_copies).
-
-enable() ->
-    case emqx:hook('client.authenticate', {emqx_authentication, authenticate, []}) of
-        ok -> ok;
-        {error, already_exists} -> ok
-    end.
-
-disable() ->
-    emqx:unhook('client.authenticate', {emqx_authentication, authenticate}),
-    ok.
-
-authenticate(#{chain_id := ChainID} = ClientInfo) ->
-    case mnesia:dirty_read(?CHAIN_TAB, ChainID) of
-        [#chain{services = []}] ->
-            {error, no_services};
-        [#chain{services = Services}] ->
-            do_authenticate(Services, ClientInfo);
-        [] ->
-            {error, todo}
-    end.
-
-do_authenticate([], _) ->
-    {error, user_not_found};
-do_authenticate([{_, #service{provider = Provider, state = State}} | More], ClientInfo) ->
-    case Provider:authenticate(ClientInfo, State) of
-        ignore -> do_authenticate(More, ClientInfo);
-        ok -> ok;
-        {ok, NewClientInfo} -> {ok, NewClientInfo};
-        {stop, Reason} -> {error, Reason}
-    end.
-
-register_service_types() ->
-    Attrs = find_attrs(?APP, service_type),
-    register_service_types(Attrs).
-
-register_service_types(Attrs) ->
-    register_service_types(Attrs, []).
-
-register_service_types([], Acc) ->
-    do_register_service_types(Acc);
-register_service_types([{_App, Mod, #{name := Name,
-                                      params_spec := ParamsSpec}} | Types], Acc) ->
-    %% TODO: Temporary realization
-    ok = emqx_rule_validator:validate_spec(ParamsSpec),
-    ServiceType = #service_type{name = Name,
-                                provider = Mod,
-                                params_spec = ParamsSpec},
-    register_service_types(Types, [ServiceType | Acc]).
-
-create_chain(#{id := ID}) ->
-    trans(
-        fun() ->
-            case mnesia:read(?CHAIN_TAB, ID, write) of
-                [] ->
-                    Chain = #chain{id = ID,
-                                   services = [],
-                                   created_at = erlang:system_time(millisecond)},
-                    mnesia:write(?CHAIN_TAB, Chain, write),
-                    {ok, serialize_chain(Chain)};
-                [_ | _] ->
-                    {error, {already_exists, {chain, ID}}}
-            end
-        end).
-
-delete_chain(ID) ->
-    trans(
-        fun() ->
-            case mnesia:read(?CHAIN_TAB, ID, write) of
-                [] ->
-                    {error, {not_found, {chain, ID}}};
-                [#chain{services = Services}] ->
-                    ok = delete_services_(Services),
-                    mnesia:delete(?CHAIN_TAB, ID, write)
-            end
-        end).
-
-lookup_chain(ID) ->
-    case mnesia:dirty_read(?CHAIN_TAB, ID) of
-        [] ->
-            {error, {not_found, {chain, ID}}};
-        [Chain] ->
-            {ok, serialize_chain(Chain)}
-    end.
-
-list_chains() ->
-    Chains = ets:tab2list(?CHAIN_TAB),
-    {ok, [serialize_chain(Chain) || Chain <- Chains]}.
-
-add_services(ChainID, ServiceParams) ->
-    case validate_service_params(ServiceParams) of
-        {ok, NServiceParams} ->
-            UpdateFun = fun(Chain = #chain{services = Services}) ->
-                            Names = [Name || {Name, _} <- Services] ++ [Name || #{name := Name} <- NServiceParams],
-                            case no_duplicate_names(Names) of
-                                ok ->
-                                    case create_services(ChainID, NServiceParams) of
-                                        {ok, NServices} ->
-                                            NChain = Chain#chain{services = Services ++ NServices},
-                                            ok = mnesia:write(?CHAIN_TAB, NChain, write),
-                                            {ok, serialize_services(NServices)};
-                                        {error, Reason} ->
-                                            {error, Reason}
-                                    end;
-                                {error, {duplicate, Name}} ->
-                                    {error, {already_exists, {service, Name}}}
-                            end
-                        end,
-            update_chain(ChainID, UpdateFun);
-        {error, Reason} ->
-            {error, Reason}
-    end.
-
-delete_services(ChainID, ServiceNames) ->
-    case no_duplicate_names(ServiceNames) of
-        ok ->
-            UpdateFun = fun(Chain = #chain{services = Services}) ->
-                            case extract_services(ServiceNames, Services) of
-                                {ok, Extracted, Rest} ->
-                                    ok = delete_services_(Extracted),
-                                    NChain = Chain#chain{services = Rest},
-                                    mnesia:write(?CHAIN_TAB, NChain, write);
-                                {error, Reason} ->
-                                    {error, Reason}
-                            end
-                        end,
-            update_chain(ChainID, UpdateFun);
-        {error, Reason} ->
-            {error, Reason}
-    end.
-
-update_service(ChainID, ServiceName, NewParams) ->
-    UpdateFun = fun(Chain = #chain{services = Services}) ->
-                    case proplists:get_value(ServiceName, Services, undefined) of
-                        undefined ->
-                            {error, {not_found, {service, ServiceName}}};
-                        #service{type     = Type,
-                                 provider = Provider,
-                                 params   = OriginalParams,
-                                 state    = State} = Service ->
-                            Params = maps:merge(OriginalParams, NewParams),
-                            {ok, #service_type{params_spec = ParamsSpec}} = find_service_type(Type),
-                            NParams = emqx_rule_validator:validate_params(Params, ParamsSpec),
-                            case Provider:update(ChainID, ServiceName, NParams, State) of
-                                {ok, NState} ->
-                                    NService = Service#service{params = Params,
-                                                               state = NState},
-                                    NServices = lists:keyreplace(ServiceName, 1, Services, {ServiceName, NService}),
-                                    ok = mnesia:write(?CHAIN_TAB, Chain#chain{services = NServices}, write),
-                                    {ok, serialize_service({ServiceName, NService})};
-                                {error, Reason} ->
-                                    {error, Reason}
-                            end
-                    end
-                 end,
-    update_chain(ChainID, UpdateFun).
-
-lookup_service(ChainID, ServiceName) ->
-    case mnesia:dirty_read(?CHAIN_TAB, ChainID) of
-        [] ->
-            {error, {not_found, {chain, ChainID}}};
-        [#chain{services = Services}] ->
-            case lists:keytake(ServiceName, 1, Services) of
-                {value, Service, _} ->
-                    {ok, serialize_service(Service)};
-                false ->
-                    {error, {not_found, {service, ServiceName}}}
-            end
-    end.
-
-list_services(ChainID) ->
-    case mnesia:dirty_read(?CHAIN_TAB, ChainID) of
-        [] ->
-            {error, {not_found, {chain, ChainID}}};
-        [#chain{services = Services}] ->
-            {ok, serialize_services(Services)}
-    end.
-
-move_service_to_the_front(ChainID, ServiceName) ->
-    UpdateFun = fun(Chain = #chain{services = Services}) ->
-                    case move_service_to_the_front_(ServiceName, Services) of
-                        {ok, NServices} ->
-                            NChain = Chain#chain{services = NServices},
-                            mnesia:write(?CHAIN_TAB, NChain, write);
-                        {error, Reason} ->
-                            {error, Reason}
-                    end
-                 end,
-    update_chain(ChainID, UpdateFun).
-
-move_service_to_the_end(ChainID, ServiceName) ->
-    UpdateFun = fun(Chain = #chain{services = Services}) ->
-                    case move_service_to_the_end_(ServiceName, Services) of
-                        {ok, NServices} ->
-                            NChain = Chain#chain{services = NServices},
-                            mnesia:write(?CHAIN_TAB, NChain, write);
-                        {error, Reason} ->
-                            {error, Reason}
-                    end
-                 end,
-    update_chain(ChainID, UpdateFun).
-
-move_service_to_the_nth(ChainID, ServiceName, N) ->
-    UpdateFun = fun(Chain = #chain{services = Services}) ->
-                    case move_service_to_the_nth_(ServiceName, Services, N) of
-                        {ok, NServices} ->
-                            NChain = Chain#chain{services = NServices},
-                            mnesia:write(?CHAIN_TAB, NChain, write);
-                        {error, Reason} ->
-                            {error, Reason}
-                    end
-                 end,
-    update_chain(ChainID, UpdateFun).
-
-import_users(ChainID, ServiceName, Filename) ->
-    call_service(ChainID, ServiceName, import_users, [Filename]).
-
-add_user(ChainID, ServiceName, UserInfo) ->
-    call_service(ChainID, ServiceName, add_user, [UserInfo]).
-
-delete_user(ChainID, ServiceName, UserID) ->
-    call_service(ChainID, ServiceName, delete_user, [UserID]).
-
-update_user(ChainID, ServiceName, UserID, NewUserInfo) ->
-    call_service(ChainID, ServiceName, update_user, [UserID, NewUserInfo]).
-
-lookup_user(ChainID, ServiceName, UserID) ->
-    call_service(ChainID, ServiceName, lookup_user, [UserID]).
-
-list_users(ChainID, ServiceName) ->
-    call_service(ChainID, ServiceName, list_users, []).
-
-%%------------------------------------------------------------------------------
-%% Internal functions
-%%------------------------------------------------------------------------------
-
-find_attrs(App, AttrName) ->
-    [{App, Mod, Attr} || {ok, Modules} <- [application:get_key(App, modules)],
-                         Mod <- Modules,
-                         {Name, Attrs} <- module_attributes(Mod), Name =:= AttrName,
-                         Attr <- Attrs].
-
-module_attributes(Module) ->
-    try Module:module_info(attributes)
-    catch
-        error:undef -> []
-    end.
-
-do_register_service_types(ServiceTypes) ->
-    trans(fun lists:foreach/2, [fun insert_service_type/1, ServiceTypes]).
-
-insert_service_type(ServiceType) ->
-    mnesia:write(?SERVICE_TYPE_TAB, ServiceType, write).
-
-find_service_type(Name) ->
-    case mnesia:dirty_read(?SERVICE_TYPE_TAB, Name) of
-        [ServiceType] -> {ok, ServiceType};
-        [] -> {error, not_found}
-    end.
-
-validate_service_params(ServiceParams) ->
-    case validate_service_names(ServiceParams) of
-        ok ->
-            validate_other_service_params(ServiceParams);
-        {error, Reason} ->
-            {error, Reason}
-    end.
-
-validate_service_names(ServiceParams) ->
-    Names = [Name || #{name := Name} <- ServiceParams],
-    no_duplicate_names(Names).
-
-validate_other_service_params(ServiceParams) ->
-    validate_other_service_params(ServiceParams, []).
-
-validate_other_service_params([], Acc) ->
-    {ok, lists:reverse(Acc)};
-validate_other_service_params([#{type := Type, params := Params} = ServiceParams | More], Acc) ->
-    case find_service_type(Type) of
-        {ok, #service_type{provider = Provider, params_spec = ParamsSpec}} ->
-            NParams = emqx_rule_validator:validate_params(Params, ParamsSpec),
-            validate_other_service_params(More,
-                                          [ServiceParams#{params => NParams,
-                                                          original_params => Params,
-                                                          provider => Provider} | Acc]);
-        {error, not_found} ->
-            {error, {not_found, {service_type, Type}}}
-    end.
-
-no_duplicate_names(Names) ->
-    no_duplicate_names(Names, #{}).
-
-no_duplicate_names([], _) ->
-    ok;
-no_duplicate_names([Name | More], Acc) ->
-    case maps:is_key(Name, Acc) of
-        false -> no_duplicate_names(More, Acc#{Name => true});
-        true -> {error, {duplicate, Name}}
-    end.
-
-create_services(ChainID, ServiceParams) ->
-    create_services(ChainID, ServiceParams, []).
-
-create_services(_ChainID, [], Acc) ->
-    {ok, lists:reverse(Acc)};
-create_services(ChainID, [#{name := Name,
-                            type := Type,
-                            provider := Provider,
-                            params := Params,
-                            original_params := OriginalParams} | More], Acc) ->
-    case Provider:create(ChainID, Name, Params) of
-        {ok, State} ->
-            Service = #service{name = Name,
-                               type = Type,
-                               provider = Provider,
-                               params = OriginalParams,
-                               state = State},
-            create_services(ChainID, More, [{Name, Service} | Acc]);
-        {error, Reason} ->
-            delete_services_(Acc),
-            {error, Reason}
-    end.
-
-delete_services_([]) ->
-    ok;
-delete_services_([{_, #service{provider = Provider, state = State}} | More]) ->
-    Provider:destroy(State),
-    delete_services_(More).
-
-extract_services(ServiceNames, Services) ->
-    extract_services(ServiceNames, Services, []).
-
-extract_services([], Rest, Extracted) ->
-    {ok, lists:reverse(Extracted), Rest};
-extract_services([ServiceName | More], Services, Acc) ->
-    case lists:keytake(ServiceName, 1, Services) of
-        {value, Extracted, Rest} ->
-            extract_services(More, Rest, [Extracted | Acc]);
-        false ->
-            {error, {not_found, {service, ServiceName}}}
-    end.
-
-move_service_to_the_front_(ServiceName, Services) ->
-    move_service_to_the_front_(ServiceName, Services, []).
-
-move_service_to_the_front_(ServiceName, [], _) ->
-    {error, {not_found, {service, ServiceName}}};
-move_service_to_the_front_(ServiceName, [{ServiceName, _} = Service | More], Passed) ->
-    {ok, [Service | (lists:reverse(Passed) ++ More)]};
-move_service_to_the_front_(ServiceName, [Service | More], Passed) ->
-    move_service_to_the_front_(ServiceName, More, [Service | Passed]).
-
-move_service_to_the_end_(ServiceName, Services) ->
-    move_service_to_the_end_(ServiceName, Services, []).
-
-move_service_to_the_end_(ServiceName, [], _) ->
-    {error, {not_found, {service, ServiceName}}};
-move_service_to_the_end_(ServiceName, [{ServiceName, _} = Service | More], Passed) ->
-    {ok, lists:reverse(Passed) ++ More ++ [Service]};
-move_service_to_the_end_(ServiceName, [Service | More], Passed) ->
-    move_service_to_the_end_(ServiceName, More, [Service | Passed]).
-
-move_service_to_the_nth_(ServiceName, Services, N)
-  when N =< length(Services) andalso N > 0 ->
-    move_service_to_the_nth_(ServiceName, Services, N, []);
-move_service_to_the_nth_(_, _, _) ->
-    {error, out_of_range}.
-
-move_service_to_the_nth_(ServiceName, [], _, _) ->
-    {error, {not_found, {service, ServiceName}}};
-move_service_to_the_nth_(ServiceName, [{ServiceName, _} = Service | More], N, Passed)
-  when N =< length(Passed) ->
-    {L1, L2} = lists:split(N - 1, lists:reverse(Passed)),
-    {ok, L1 ++ [Service] ++ L2 ++ More};
-move_service_to_the_nth_(ServiceName, [{ServiceName, _} = Service | More], N, Passed) ->
-    {L1, L2} = lists:split(N - length(Passed) - 1, More),
-    {ok, lists:reverse(Passed) ++ L1 ++ [Service] ++ L2};
-move_service_to_the_nth_(ServiceName, [Service | More], N, Passed) ->
-    move_service_to_the_nth_(ServiceName, More, N, [Service | Passed]).
-
-update_chain(ChainID, UpdateFun) ->
-    trans(
-        fun() ->
-            case mnesia:read(?CHAIN_TAB, ChainID, write) of
-                [] ->
-                    {error, {not_found, {chain, ChainID}}};
-                [Chain] ->
-                    UpdateFun(Chain)
-            end
-        end).
-
-call_service(ChainID, ServiceName, Func, Args) ->
-    case mnesia:dirty_read(?CHAIN_TAB, ChainID) of
-        [] ->
-            {error, {not_found, {chain, ChainID}}};
-        [#chain{services = Services}] ->
-            case proplists:get_value(ServiceName, Services, undefined) of
-                undefined ->
-                    {error, {not_found, {service, ServiceName}}};
-                #service{provider = Provider,
-                         state = State} ->
-                    case erlang:function_exported(Provider, Func, length(Args) + 1) of
-                        true ->
-                            erlang:apply(Provider, Func, Args ++ [State]);
-                        false ->
-                            {error, unsupported_feature}
-                    end
-            end
-    end.
-
-serialize_chain(#chain{id = ID,
-                       services = Services,
-                       created_at = CreatedAt}) ->
-    #{id => ID,
-      services => serialize_services(Services),
-      created_at => CreatedAt}.
-
-serialize_services(Services) ->
-    [serialize_service(Service) || Service <- Services].
-
-serialize_service({_, #service{name = Name,
-                               type = Type,
-                               params = Params}}) ->
-    #{name => Name,
-      type => Type,
-      params => Params}.
-
-trans(Fun) ->
-    trans(Fun, []).
-
-trans(Fun, Args) ->
-    case ekka_mnesia:transaction(?AUTH_SHARD, Fun, Args) of
-        {atomic, Res} -> Res;
-        {aborted, Reason} -> {error, Reason}
-    end.
diff --git a/apps/emqx_authentication/src/emqx_authentication_api.erl b/apps/emqx_authentication/src/emqx_authentication_api.erl
deleted file mode 100644
index 74887a0b2..000000000
--- a/apps/emqx_authentication/src/emqx_authentication_api.erl
+++ /dev/null
@@ -1,407 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_authentication_api).
-
--export([ create_chain/2
-        , delete_chain/2
-        , lookup_chain/2
-        , list_chains/2
-        , add_service/2
-        , delete_service/2
-        , update_service/2
-        , lookup_service/2
-        , list_services/2
-        , move_service/2
-        , import_users/2
-        , add_user/2
-        , delete_user/2
-        , update_user/2
-        , lookup_user/2
-        , list_users/2
-        ]).
-
--import(minirest,  [return/1]).
-
--rest_api(#{name   => create_chain,
-            method => 'POST',
-            path   => "/authentication/chains",
-            func   => create_chain,
-            descr  => "Create a chain"
-           }).
-
--rest_api(#{name   => delete_chain,
-            method => 'DELETE',
-            path   => "/authentication/chains/:bin:id",
-            func   => delete_chain,
-            descr  => "Delete chain"
-           }).
-
--rest_api(#{name   => lookup_chain,
-            method => 'GET',
-            path   => "/authentication/chains/:bin:id",
-            func   => lookup_chain,
-            descr  => "Lookup chain"
-           }).
-
--rest_api(#{name   => list_chains,
-            method => 'GET',
-            path   => "/authentication/chains",
-            func   => list_chains,
-            descr  => "List all chains"
-           }).
-
--rest_api(#{name   => add_service,
-            method => 'POST',
-            path   => "/authentication/chains/:bin:id/services",
-            func   => add_service,
-            descr  => "Add service to chain"
-           }).
-
--rest_api(#{name   => delete_service,
-            method => 'DELETE',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name",
-            func   => delete_service,
-            descr  => "Delete service from chain"
-           }).
-
--rest_api(#{name   => update_service,
-            method => 'PUT',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name",
-            func   => update_service,
-            descr  => "Update service in chain"
-           }).
-
--rest_api(#{name   => lookup_service,
-            method => 'GET',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name",
-            func   => lookup_service,
-            descr  => "Lookup service in chain"
-           }).
-
--rest_api(#{name   => list_services,
-            method => 'GET',
-            path   => "/authentication/chains/:bin:id/services",
-            func   => list_services,
-            descr  => "List services in chain"
-           }).
-
--rest_api(#{name   => move_service,
-            method => 'POST',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name/position",
-            func   => move_service,
-            descr  => "Change the order of services"
-           }).
-
--rest_api(#{name   => import_users,
-            method => 'POST',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name/import-users",
-            func   => import_users,
-            descr  => "Import users"
-           }).
-
--rest_api(#{name   => add_user,
-            method => 'POST',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name/users",
-            func   => add_user,
-            descr  => "Add user"
-           }).
-
--rest_api(#{name   => delete_user,
-            method => 'DELETE',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name/users/:bin:user_id",
-            func   => delete_user,
-            descr  => "Delete user"
-           }).
-
--rest_api(#{name   => update_user,
-            method => 'PUT',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name/users/:bin:user_id",
-            func   => update_user,
-            descr  => "Update user"
-           }).
-
--rest_api(#{name   => lookup_user,
-            method => 'GET',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name/users/:bin:user_id",
-            func   => lookup_user,
-            descr  => "Lookup user"
-           }).
-
-%% TODO: Support pagination
--rest_api(#{name   => list_users,
-            method => 'GET',
-            path   => "/authentication/chains/:bin:id/services/:bin:service_name/users",
-            func   => list_users,
-            descr  => "List all users"
-           }).
-
-create_chain(Binding, Params) ->
-    do_create_chain(uri_decode(Binding), maps:from_list(Params)).
-
-do_create_chain(_Binding, #{<<"id">> := ChainID}) ->
-    case emqx_authentication:create_chain(#{id => ChainID}) of
-        {ok, Chain} ->
-            return({ok, Chain});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end;
-do_create_chain(_Binding, _Params) ->
-    return(serialize_error({missing_parameter, id})).
-
-delete_chain(Binding, Params) ->
-    do_delete_chain(uri_decode(Binding), maps:from_list(Params)).
-
-do_delete_chain(#{id := ChainID}, _Params) ->
-    case emqx_authentication:delete_chain(ChainID) of
-        ok ->
-            return(ok);
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-lookup_chain(Binding, Params) ->
-    do_lookup_chain(uri_decode(Binding), maps:from_list(Params)).
-
-do_lookup_chain(#{id := ChainID}, _Params) ->
-    case emqx_authentication:lookup_chain(ChainID) of
-        {ok, Chain} ->
-            return({ok, Chain});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-list_chains(Binding, Params) ->
-    do_list_chains(uri_decode(Binding), maps:from_list(Params)).
-
-do_list_chains(_Binding, _Params) ->
-    {ok, Chains} = emqx_authentication:list_chains(),
-    return({ok, Chains}).
-
-add_service(Binding, Params) ->
-    do_add_service(uri_decode(Binding), maps:from_list(Params)).
-
-do_add_service(#{id := ChainID}, #{<<"name">> := Name,
-                                   <<"type">> := Type,
-                                   <<"params">> := Params}) ->
-    case emqx_authentication:add_services(ChainID, [#{name => Name,
-                                                      type => binary_to_existing_atom(Type, utf8),
-                                                      params => maps:from_list(Params)}]) of
-        {ok, Services} ->
-            return({ok, Services});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end;
-%% TODO: Check missed field in params
-do_add_service(_Binding, Params) ->
-    Missed = get_missed_params(Params, [<<"name">>, <<"type">>, <<"params">>]),
-    return(serialize_error({missing_parameter, Missed})).
-
-delete_service(Binding, Params) ->
-    do_delete_service(uri_decode(Binding), maps:from_list(Params)).
-
-do_delete_service(#{id := ChainID,
-                    service_name := ServiceName}, _Params) ->
-    case emqx_authentication:delete_services(ChainID, [ServiceName]) of
-        ok ->
-            return(ok);
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-update_service(Binding, Params) ->
-    do_update_service(uri_decode(Binding), maps:from_list(Params)).
-
-%% TOOD: PUT method supports creation and update
-do_update_service(#{id := ChainID,
-                    service_name := ServiceName}, Params) ->
-    case emqx_authentication:update_service(ChainID, ServiceName, Params) of
-        {ok, Service} ->
-            return({ok, Service});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-lookup_service(Binding, Params) ->
-    do_lookup_service(uri_decode(Binding), maps:from_list(Params)).
-
-do_lookup_service(#{id := ChainID,
-                    service_name := ServiceName}, _Params) ->
-    case emqx_authentication:lookup_service(ChainID, ServiceName) of
-        {ok, Service} ->
-            return({ok, Service});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-list_services(Binding, Params) ->
-    do_list_services(uri_decode(Binding), maps:from_list(Params)).
-
-do_list_services(#{id := ChainID}, _Params) ->
-    case emqx_authentication:list_services(ChainID) of
-        {ok, Services} ->
-            return({ok, Services});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-move_service(Binding, Params) ->
-    do_move_service(uri_decode(Binding), maps:from_list(Params)).
-
-do_move_service(#{id := ChainID,
-                  service_name := ServiceName}, #{<<"position">> := <<"the front">>}) ->
-    case emqx_authentication:move_service_to_the_front(ChainID, ServiceName) of
-        ok ->
-            return(ok);
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end;
-do_move_service(#{id := ChainID,
-                  service_name := ServiceName}, #{<<"position">> := <<"the end">>}) ->
-    case emqx_authentication:move_service_to_the_end(ChainID, ServiceName) of
-        ok ->
-            return(ok);
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end;
-do_move_service(#{id := ChainID,
-                  service_name := ServiceName}, #{<<"position">> := N}) when is_number(N) ->
-    case emqx_authentication:move_service_to_the_nth(ChainID, ServiceName, N) of
-        ok ->
-            return(ok);
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end;
-do_move_service(_Binding, _Params) ->
-    return(serialize_error({missing_parameter, <<"position">>})).
-
-import_users(Binding, Params) ->
-    do_import_users(uri_decode(Binding), maps:from_list(Params)).
-
-do_import_users(#{id := ChainID, service_name := ServiceName},
-                #{<<"filename">> := Filename}) ->
-    case emqx_authentication:import_users(ChainID, ServiceName, Filename) of
-        ok ->
-            return(ok);
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end;
-do_import_users(_Binding, Params) ->
-    Missed = get_missed_params(Params, [<<"filename">>, <<"file_format">>]),
-    return(serialize_error({missing_parameter, Missed})).
-
-add_user(Binding, Params) ->
-    do_add_user(uri_decode(Binding), maps:from_list(Params)).
-
-do_add_user(#{id := ChainID,
-              service_name := ServiceName}, UserInfo) ->
-    case emqx_authentication:add_user(ChainID, ServiceName, UserInfo) of
-        {ok, User} ->
-            return({ok, User});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-delete_user(Binding, Params) ->
-    do_delete_user(uri_decode(Binding), maps:from_list(Params)).
-
-do_delete_user(#{id := ChainID,
-                 service_name := ServiceName,
-                 user_id := UserID}, _Params) ->
-    case emqx_authentication:delete_user(ChainID, ServiceName, UserID) of
-        ok ->
-            return(ok);
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-update_user(Binding, Params) ->
-    do_update_user(uri_decode(Binding), maps:from_list(Params)).
-
-do_update_user(#{id := ChainID,
-                 service_name := ServiceName,
-                 user_id := UserID}, NewUserInfo) ->
-    case emqx_authentication:update_user(ChainID, ServiceName, UserID, NewUserInfo) of
-        {ok, User} ->
-            return({ok, User});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-lookup_user(Binding, Params) ->
-    do_lookup_user(uri_decode(Binding), maps:from_list(Params)).
-
-do_lookup_user(#{id := ChainID,
-                 service_name := ServiceName,
-                 user_id := UserID}, _Params) ->
-    case emqx_authentication:lookup_user(ChainID, ServiceName, UserID) of
-        {ok, User} ->
-            return({ok, User});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-list_users(Binding, Params) ->
-    do_list_users(uri_decode(Binding), maps:from_list(Params)).
-
-do_list_users(#{id := ChainID,
-                service_name := ServiceName}, _Params) ->
-    case emqx_authentication:list_users(ChainID, ServiceName) of
-        {ok, Users} ->
-            return({ok, Users});
-        {error, Reason} ->
-            return(serialize_error(Reason))
-    end.
-
-%%------------------------------------------------------------------------------
-%% Internal functions
-%%------------------------------------------------------------------------------
-
-uri_decode(Params) ->
-    maps:fold(fun(K, V, Acc) ->
-                  Acc#{K => emqx_http_lib:uri_decode(V)}
-              end, #{}, Params).
-
-serialize_error({already_exists, {Type, ID}}) ->
-    {error, <<"ALREADY_EXISTS">>, list_to_binary(io_lib:format("~s '~s' already exists", [serialize_type(Type), ID]))};
-serialize_error({not_found, {Type, ID}}) ->
-    {error, <<"NOT_FOUND">>, list_to_binary(io_lib:format("~s '~s' not found", [serialize_type(Type), ID]))};
-serialize_error({duplicate, Name}) ->
-    {error, <<"INVALID_PARAMETER">>, list_to_binary(io_lib:format("Service name '~s' is duplicated", [Name]))};
-serialize_error({missing_parameter, Names = [_ | Rest]}) ->
-    Format = ["~s," || _ <- Rest] ++ ["~s"],
-    NFormat = binary_to_list(iolist_to_binary(Format)),
-    {error, <<"MISSING_PARAMETER">>, list_to_binary(io_lib:format("The input parameters " ++ NFormat ++ " that are mandatory for processing this request are not supplied.", Names))};
-serialize_error({missing_parameter, Name}) ->
-    {error, <<"MISSING_PARAMETER">>, list_to_binary(io_lib:format("The input parameter '~s' that is mandatory for processing this request is not supplied.", [Name]))};
-serialize_error(_) ->
-    {error, <<"UNKNOWN_ERROR">>, <<"Unknown error">>}.
-
-serialize_type(service) ->
-    "Service";
-serialize_type(chain) ->
-    "Chain";
-serialize_type(service_type) ->
-    "Service type".
-
-get_missed_params(Actual, Expected) ->
-    Keys = lists:foldl(fun(Key, Acc) ->
-                           case maps:is_key(Key, Actual) of
-                               true -> Acc;
-                               false -> [Key | Acc]
-                           end
-                       end, [], Expected),
-    lists:reverse(Keys).
diff --git a/apps/emqx_authentication/src/emqx_authentication_jwt.erl b/apps/emqx_authentication/src/emqx_authentication_jwt.erl
deleted file mode 100644
index 2b8024e1c..000000000
--- a/apps/emqx_authentication/src/emqx_authentication_jwt.erl
+++ /dev/null
@@ -1,409 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_authentication_jwt).
-
--export([ create/3
-        , update/4
-        , authenticate/2
-        , destroy/1
-        ]).
-
--service_type(#{
-    name => jwt,
-    params_spec => #{
-        use_jwks => #{
-            order => 1,
-            type => boolean
-        },
-        jwks_endpoint => #{
-            order => 2,
-            type => string
-        },
-        refresh_interval => #{
-            order => 3,
-            type => number
-        },
-        algorithm => #{
-            order => 3,
-            type => string,
-            enum => [<<"hmac-based">>, <<"public-key">>]
-        },
-        secret => #{
-            order => 4,
-            type => string
-        },
-        secret_base64_encoded => #{
-            order => 5,
-            type => boolean    
-        },
-        jwt_certfile => #{
-            order => 6,
-            type => file
-        },
-        cacertfile => #{
-            order => 7,
-            type => file
-        },
-        keyfile => #{
-            order => 8,
-            type => file
-        },
-        certfile => #{
-            order => 9,
-            type => file
-        },
-        verify => #{
-            order => 10,
-            type => boolean
-        },
-        server_name_indication => #{
-            order => 11,
-            type => string
-        }
-    }
-}).
-
--define(RULES,
-        #{
-            use_jwks               => [],
-            jwks_endpoint          => [use_jwks],
-            refresh_interval       => [use_jwks],
-            algorithm              => [use_jwks],
-            secret                 => [algorithm],
-            secret_base64_encoded  => [algorithm],
-            jwt_certfile           => [algorithm],
-            cacertfile             => [jwks_endpoint],
-            keyfile                => [jwks_endpoint],
-            certfile               => [jwks_endpoint],
-            verify                 => [jwks_endpoint],
-            server_name_indication => [jwks_endpoint],
-            verify_claims          => []
-         }).
-
-create(_ChainID, _ServiceName, Params) ->
-    try handle_options(Params) of
-        Opts ->
-            do_create(Opts)
-    catch
-        {error, Reason} ->
-            {error, Reason}
-    end.
-
-update(_ChainID, _ServiceName, Params, State) ->
-    try handle_options(Params) of
-        Opts ->
-            do_update(Opts, State)
-    catch
-        {error, Reason} ->
-            {error, Reason}
-    end.
-
-authenticate(ClientInfo = #{password := JWT}, #{jwk := JWK,
-                                                verify_claims := VerifyClaims0}) ->
-    JWKs = case erlang:is_pid(JWK) of
-               false ->
-                   [JWK];
-               true ->
-                   {ok, JWKs0} = emqx_authentication_jwks_connector:get_jwks(JWK),
-                   JWKs0
-           end,
-    VerifyClaims = replace_placeholder(VerifyClaims0, ClientInfo),
-    case verify(JWT, JWKs, VerifyClaims) of
-        ok -> ok;
-        {error, invalid_signature} -> ignore;
-        {error, {claims, _}} -> {stop, bad_passowrd}
-    end.
-
-destroy(#{jwks_connector := undefined}) ->
-    ok;
-destroy(#{jwks_connector := Connector}) ->
-    _ = emqx_authentication_jwks_connector:stop(Connector),
-    ok.
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-do_create(#{use_jwks := false,
-            algorithm := 'hmac-based',
-            secret := Secret0,
-            secret_base64_encoded := Base64Encoded} = Opts) ->
-    Secret = case Base64Encoded of
-                 true ->
-                     base64:decode(Secret0);
-                 false ->
-                     Secret0
-             end,
-    JWK = jose_jwk:from_oct(Secret),
-    {ok, #{jwk => JWK,
-           verify_claims => maps:get(verify_claims, Opts)}};
-
-do_create(#{use_jwks := false,
-            algorithm := 'public-key',
-            jwt_certfile := Certfile} = Opts) ->
-    JWK = jose_jwk:from_pem_file(Certfile),
-    {ok, #{jwk => JWK,
-           verify_claims => maps:get(verify_claims, Opts)}};
-
-do_create(#{use_jwks := true} = Opts) ->
-    case emqx_authentication_jwks_connector:start_link(Opts) of
-        {ok, Connector} ->
-            {ok, #{jwk => Connector,
-                   verify_claims => maps:get(verify_claims, Opts)}};
-        {error, Reason} ->
-            {error, Reason}
-    end.
-
-do_update(Opts, #{jwk_connector := undefined}) ->
-    do_create(Opts);
-do_update(#{use_jwks := false} = Opts, #{jwk_connector := Connector}) ->
-    _ = emqx_authentication_jwks_connector:stop(Connector),
-    do_create(Opts);
-do_update(#{use_jwks := true} = Opts, #{jwk_connector := Connector} = State) ->
-    ok = emqx_authentication_jwks_connector:update(Connector, Opts),
-    {ok, State}.
-
-replace_placeholder(L, Variables) ->
-    replace_placeholder(L, Variables, []).
-
-replace_placeholder([], _Variables, Acc) ->
-    Acc;
-replace_placeholder([{Name, {placeholder, PL}} | More], Variables, Acc) ->
-    Value = maps:get(PL, Variables),
-    replace_placeholder(More, Variables, [{Name, Value} | Acc]);
-replace_placeholder([{Name, Value} | More], Variables, Acc) ->
-    replace_placeholder(More, Variables, [{Name, Value} | Acc]).
-
-verify(_JWS, [], _VerifyClaims) ->
-    {error, invalid_signature};
-verify(JWS, [JWK | More], VerifyClaims) ->
-    case jose_jws:verify(JWK, JWS) of
-        {true, Payload, _JWS} ->
-            Claims = emqx_json:decode(Payload, [return_maps]),
-            verify_claims(Claims, VerifyClaims);
-        {false, _, _} ->
-            verify(JWS, More, VerifyClaims)
-    end.
-
-verify_claims(Claims, VerifyClaims0) ->
-    Now = os:system_time(seconds),
-    VerifyClaims = [{<<"exp">>, fun(ExpireTime) ->
-                                    Now < ExpireTime
-                                end},
-                    {<<"iat">>, fun(IssueAt) ->
-                                    IssueAt =< Now
-                                end},
-                    {<<"nbf">>, fun(NotBefore) ->
-                                    NotBefore =< Now
-                                end}] ++ VerifyClaims0,
-    do_verify_claims(Claims, VerifyClaims).
-
-do_verify_claims(_Claims, []) ->
-    ok;
-do_verify_claims(Claims, [{Name, Fun} | More]) when is_function(Fun) ->
-    case maps:take(Name, Claims) of
-        error ->
-            do_verify_claims(Claims, More);
-        {Value, NClaims} ->
-            case Fun(Value) of
-                true ->
-                    do_verify_claims(NClaims, More);
-                _ ->
-                    {error, {claims, {Name, Value}}}
-            end
-    end;
-do_verify_claims(Claims, [{Name, Value} | More]) ->
-    case maps:take(Name, Claims) of
-        error ->
-             do_verify_claims(Claims, More);
-        {Value, NClaims} ->
-            do_verify_claims(NClaims, More);
-        {Value0, _} ->
-            {error, {claims, {Name, Value0}}}
-    end.
-
-handle_options(Opts0) when is_map(Opts0) ->
-    Ks = maps:fold(fun(K, _, Acc) ->
-                       [atom_to_binary(K, utf8) | Acc]
-                   end, [], ?RULES),
-    Opts1 = maps:to_list(maps:with(Ks, Opts0)),
-    handle_options([{binary_to_existing_atom(K, utf8), V} || {K, V} <- Opts1]);
-
-handle_options(Opts0) when is_list(Opts0) ->
-    Opts1 = add_missing_options(Opts0),
-    process_options({Opts1, [], length(Opts1)}, #{}).
-
-add_missing_options(Opts) ->
-    AllOpts = maps:keys(?RULES),
-    Fun = fun(K, Acc) ->
-               case proplists:is_defined(K, Acc) of
-                   true ->
-                       Acc;
-                   false ->
-                       [{K, unbound} | Acc]
-                  end
-          end,
-    lists:foldl(Fun, Opts, AllOpts).
-
-process_options({[], [], _}, OptsMap) ->
-    OptsMap;
-process_options({[], Skipped, Counter}, OptsMap)
-  when length(Skipped) < Counter ->
-    process_options({Skipped, [], length(Skipped)}, OptsMap);
-process_options({[], _Skipped, _Counter}, _OptsMap) ->
-    throw({error, faulty_configuration});
-process_options({[{K, V} = Opt | More], Skipped, Counter}, OptsMap0) ->
-    case check_dependencies(K, OptsMap0) of
-        true ->
-            OptsMap1 = handle_option(K, V, OptsMap0),
-            process_options({More, Skipped, Counter}, OptsMap1);
-        false ->
-            process_options({More, [Opt | Skipped], Counter}, OptsMap0)
-    end.
-
-%% TODO: This is not a particularly good implementation(K => needless), it needs to be improved
-handle_option(use_jwks, true, OptsMap) ->
-    OptsMap#{use_jwks => true,
-             algorithm => needless};
-handle_option(use_jwks, false, OptsMap) ->
-    OptsMap#{use_jwks => false,
-             jwks_endpoint => needless};      
-handle_option(jwks_endpoint = Opt, unbound, #{use_jwks := true}) ->
-    throw({error, {options, {Opt, unbound}}});
-handle_option(jwks_endpoint, Value, #{use_jwks := true} = OptsMap)
-  when Value =/= unbound ->
-    case emqx_http_lib:uri_parse(Value) of
-        {ok, #{scheme := http}} ->
-            OptsMap#{enable_ssl => false,
-                     jwks_endpoint => Value};
-        {ok, #{scheme := https}} ->
-            OptsMap#{enable_ssl => true,
-                     jwks_endpoint => Value};
-        {error, _Reason} ->
-            throw({error, {options, {jwks_endpoint, Value}}})
-    end;
-handle_option(refresh_interval = Opt, Value0, #{use_jwks := true} = OptsMap) ->
-    Value = validate_option(Opt, Value0),
-    OptsMap#{Opt => Value};
-handle_option(algorithm = Opt, Value0, #{use_jwks := false} = OptsMap) ->
-    Value = validate_option(Opt, Value0),
-    OptsMap#{Opt => Value};
-handle_option(secret = Opt, unbound, #{algorithm := 'hmac-based'}) ->
-    throw({error, {options, {Opt, unbound}}});
-handle_option(secret = Opt, Value, #{algorithm := 'hmac-based'} = OptsMap) ->
-    OptsMap#{Opt => Value};
-handle_option(secret_base64_encoded = Opt, Value0, #{algorithm := 'hmac-based'} = OptsMap) ->
-    Value = validate_option(Opt, Value0),
-    OptsMap#{Opt => Value};
-handle_option(jwt_certfile = Opt, unbound, #{algorithm := 'public-key'}) ->
-    throw({error, {options, {Opt, unbound}}});
-handle_option(jwt_certfile = Opt, Value, #{algorithm := 'public-key'} = OptsMap) ->
-    OptsMap#{Opt => Value};
-handle_option(verify = Opt, Value0, #{enable_ssl := true} = OptsMap) ->
-    Value = validate_option(Opt, Value0),
-    OptsMap#{Opt => Value};
-handle_option(cacertfile = Opt, Value, #{enable_ssl := true} = OptsMap)
-  when Value =/= unbound ->
-    OptsMap#{Opt => Value};
-handle_option(certfile, unbound, #{enable_ssl := true} = OptsMap) ->
-    OptsMap;
-handle_option(certfile = Opt, Value, #{enable_ssl := true} = OptsMap) ->
-    OptsMap#{Opt => Value};
-handle_option(keyfile, unbound, #{enable_ssl := true} = OptsMap) ->
-    OptsMap;
-handle_option(keyfile = Opt, Value, #{enable_ssl := true} = OptsMap) ->
-    OptsMap#{Opt => Value};
-handle_option(server_name_indication = Opt, Value0, #{enable_ssl := true} = OptsMap) ->
-    Value = validate_option(Opt, Value0),
-    OptsMap#{Opt => Value};
-handle_option(verify_claims = Opt, Value0, OptsMap) ->
-    Value = handle_verify_claims(Value0),
-    OptsMap#{Opt => Value};
-handle_option(_Opt, _Value, OptsMap) ->
-    OptsMap.
-
-validate_option(refresh_interval, unbound) ->
-    300;
-validate_option(refresh_interval, Value) when is_integer(Value) ->
-    Value;
-validate_option(algorithm, <<"hmac-based">>) ->
-    'hmac-based';
-validate_option(algorithm, <<"public-key">>) ->
-    'public-key';
-validate_option(secret_base64_encoded, unbound) ->
-    false;
-validate_option(secret_base64_encoded, Value) when is_boolean(Value) ->
-    Value;
-validate_option(verify, unbound) ->
-    verify_none;
-validate_option(verify, true) ->
-    verify_peer;
-validate_option(verify, false) ->
-    verify_none;
-validate_option(server_name_indication, unbound) ->
-    disable;
-validate_option(server_name_indication, <<"disable">>) ->
-    disable;
-validate_option(server_name_indication, Value) when is_list(Value) ->
-    Value;
-validate_option(Opt, Value) ->
-    throw({error, {options, {Opt, Value}}}).
-
-handle_verify_claims(Opts0) ->
-    try handle_verify_claims(Opts0, [])
-    catch
-        error:_ ->
-            throw({error, {options, {verify_claims, Opts0}}})
-    end.
-
-handle_verify_claims([], Acc) ->
-    Acc;
-handle_verify_claims([{Name, Expected0} | More], Acc)
-  when is_binary(Name) andalso is_binary(Expected0) ->
-    Expected = handle_placeholder(Expected0),
-    handle_verify_claims(More, [{Name, Expected} | Acc]).
-
-handle_placeholder(Placeholder0) ->
-    case re:run(Placeholder0, "^\\$\\{[a-z0-9\\_]+\\}$", [{capture, all}]) of
-        {match, [{Offset, Length}]} ->
-            Placeholder1 = binary:part(Placeholder0, Offset + 2, Length - 3),
-            Placeholder2 = validate_placeholder(Placeholder1),
-            {placeholder, Placeholder2};
-        nomatch ->
-            Placeholder0
-    end.
-
-validate_placeholder(<<"clientid">>) ->
-    clientid;
-validate_placeholder(<<"username">>) ->
-    username.
-
-check_dependencies(Opt, OptsMap) ->
-    case maps:get(Opt, ?RULES) of
-        [] ->
-            true;
-        Deps ->
-            option_already_defined(Opt, OptsMap) orelse
-                dependecies_already_defined(Deps, OptsMap)
-    end.
-
-option_already_defined(Opt, OptsMap) ->
-    maps:get(Opt, OptsMap, unbound) =/= unbound.
-
-dependecies_already_defined(Deps, OptsMap) ->
-    Fun = fun(Opt) -> option_already_defined(Opt, OptsMap) end,
-    lists:all(Fun, Deps).
diff --git a/apps/emqx_authentication/test/emqx_authentication_SUITE.erl b/apps/emqx_authentication/test/emqx_authentication_SUITE.erl
deleted file mode 100644
index d9f9ace8b..000000000
--- a/apps/emqx_authentication/test/emqx_authentication_SUITE.erl
+++ /dev/null
@@ -1,189 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_authentication_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("common_test/include/ct.hrl").
--include_lib("eunit/include/eunit.hrl").
-
--define(AUTH, emqx_authentication).
-
-all() ->
-    emqx_ct:all(?MODULE).
-
-init_per_suite(Config) ->
-    application:set_env(ekka, strict_mode, true),
-    emqx_ct_helpers:start_apps([emqx_authentication]),
-    Config.
-
-end_per_suite(_) ->
-    emqx_ct_helpers:stop_apps([emqx_authentication]),
-    ok.
-
-t_chain(_) ->
-    ChainID = <<"mychain">>,
-    ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
-    ?assertEqual({error, {already_exists, {chain, ChainID}}}, ?AUTH:create_chain(#{id => ChainID})),
-    ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:lookup_chain(ChainID)),
-    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
-    ?assertMatch({error, {not_found, {chain, ChainID}}}, ?AUTH:lookup_chain(ChainID)),
-    ok.
-
-t_service(_) ->
-    ChainID = <<"mychain">>,
-    ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
-    ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:lookup_chain(ChainID)),
-
-    ServiceName1 = <<"myservice1">>,
-    ServiceParams1 = #{name => ServiceName1,
-                       type => mnesia,
-                       params => #{
-                           user_id_type => <<"username">>,
-                           password_hash_algorithm => <<"sha256">>}},
-    ?assertEqual({ok, [ServiceParams1]}, ?AUTH:add_services(ChainID, [ServiceParams1])),
-    ?assertEqual({ok, ServiceParams1}, ?AUTH:lookup_service(ChainID, ServiceName1)),
-    ?assertEqual({ok, [ServiceParams1]}, ?AUTH:list_services(ChainID)),
-    ?assertEqual({error, {already_exists, {service, ServiceName1}}}, ?AUTH:add_services(ChainID, [ServiceParams1])),
-
-    ServiceName2 = <<"myservice2">>,
-    ServiceParams2 = ServiceParams1#{name => ServiceName2},
-    ?assertEqual({ok, [ServiceParams2]}, ?AUTH:add_services(ChainID, [ServiceParams2])),
-    ?assertMatch({ok, #{id := ChainID, services := [ServiceParams1, ServiceParams2]}}, ?AUTH:lookup_chain(ChainID)),
-    ?assertEqual({ok, ServiceParams2}, ?AUTH:lookup_service(ChainID, ServiceName2)),
-    ?assertEqual({ok, [ServiceParams1, ServiceParams2]}, ?AUTH:list_services(ChainID)),
-
-    ?assertEqual(ok, ?AUTH:move_service_to_the_front(ChainID, ServiceName2)),
-    ?assertEqual({ok, [ServiceParams2, ServiceParams1]}, ?AUTH:list_services(ChainID)),
-    ?assertEqual(ok, ?AUTH:move_service_to_the_end(ChainID, ServiceName2)),
-    ?assertEqual({ok, [ServiceParams1, ServiceParams2]}, ?AUTH:list_services(ChainID)),
-    ?assertEqual(ok, ?AUTH:move_service_to_the_nth(ChainID, ServiceName2, 1)),
-    ?assertEqual({ok, [ServiceParams2, ServiceParams1]}, ?AUTH:list_services(ChainID)),
-    ?assertEqual({error, out_of_range}, ?AUTH:move_service_to_the_nth(ChainID, ServiceName2, 3)),
-    ?assertEqual({error, out_of_range}, ?AUTH:move_service_to_the_nth(ChainID, ServiceName2, 0)),
-    ?assertEqual(ok, ?AUTH:delete_services(ChainID, [ServiceName1, ServiceName2])),
-    ?assertEqual({ok, []}, ?AUTH:list_services(ChainID)),
-    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
-    ok.
-
-t_mnesia_service(_) ->
-    ChainID = <<"mychain">>,
-    ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
-
-    ServiceName = <<"myservice">>,
-    ServiceParams = #{name => ServiceName,
-                      type => mnesia,
-                      params => #{
-                          user_id_type => <<"username">>,
-                          password_hash_algorithm => <<"sha256">>}},
-    ?assertEqual({ok, [ServiceParams]}, ?AUTH:add_services(ChainID, [ServiceParams])),
-
-    UserInfo = #{<<"user_id">> => <<"myuser">>,
-                 <<"password">> => <<"mypass">>},
-    ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:add_user(ChainID, ServiceName, UserInfo)),
-    ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser">>)),
-    ClientInfo = #{chain_id => ChainID,
-			       username => <<"myuser">>,
-			       password => <<"mypass">>},
-    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo)),
-    ClientInfo2 = ClientInfo#{username => <<"baduser">>},
-    ?assertEqual({error, user_not_found}, ?AUTH:authenticate(ClientInfo2)),
-    ClientInfo3 = ClientInfo#{password => <<"badpass">>},
-    ?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo3)),
-    UserInfo2 = UserInfo#{<<"password">> => <<"mypass2">>},
-    ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:update_user(ChainID, ServiceName, <<"myuser">>, UserInfo2)),
-    ClientInfo4 = ClientInfo#{password => <<"mypass2">>},
-    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo4)),
-    ?assertEqual(ok, ?AUTH:delete_user(ChainID, ServiceName, <<"myuser">>)),
-    ?assertEqual({error, not_found}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser">>)),
-
-    ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:add_user(ChainID, ServiceName, UserInfo)),
-    ?assertMatch({ok, #{user_id := <<"myuser">>}}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser">>)),
-    ?assertEqual(ok, ?AUTH:delete_services(ChainID, [ServiceName])),
-    ?assertEqual({ok, [ServiceParams]}, ?AUTH:add_services(ChainID, [ServiceParams])),
-    ?assertMatch({error, not_found}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser">>)),
-
-    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
-    ?assertEqual([], ets:tab2list(mnesia_basic_auth)),
-    ok.
-
-t_import(_) ->
-    ChainID = <<"mychain">>,
-    ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
-
-    ServiceName = <<"myservice">>,
-    ServiceParams = #{name => ServiceName,
-                      type => mnesia,
-                      params => #{
-                          user_id_type => <<"username">>,
-                          password_hash_algorithm => <<"sha256">>}},
-    ?assertEqual({ok, [ServiceParams]}, ?AUTH:add_services(ChainID, [ServiceParams])),
-
-    Dir = code:lib_dir(emqx_authentication, test),
-    ?assertEqual(ok, ?AUTH:import_users(ChainID, ServiceName, filename:join([Dir, "data/user-credentials.json"]))),
-    ?assertEqual(ok, ?AUTH:import_users(ChainID, ServiceName, filename:join([Dir, "data/user-credentials.csv"]))),
-    ?assertMatch({ok, #{user_id := <<"myuser1">>}}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser1">>)),
-    ?assertMatch({ok, #{user_id := <<"myuser3">>}}, ?AUTH:lookup_user(ChainID, ServiceName, <<"myuser3">>)),
-    ClientInfo1 = #{chain_id => ChainID,
-			        username => <<"myuser1">>,
-			        password => <<"mypassword1">>},
-    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo1)),
-    ClientInfo2 = ClientInfo1#{username => <<"myuser3">>,
-                               password => <<"mypassword3">>},
-    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo2)),
-    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
-    ok.
-
-t_multi_mnesia_service(_) ->
-    ChainID = <<"mychain">>,
-    ?assertMatch({ok, #{id := ChainID, services := []}}, ?AUTH:create_chain(#{id => ChainID})),
-
-    ServiceName1 = <<"myservice1">>,
-    ServiceParams1 = #{name => ServiceName1,
-                       type => mnesia,
-                       params => #{
-                           user_id_type => <<"username">>,
-                           password_hash_algorithm => <<"sha256">>}},
-    ServiceName2 = <<"myservice2">>,
-    ServiceParams2 = #{name => ServiceName2,
-                       type => mnesia,
-                       params => #{
-                           user_id_type => <<"clientid">>,
-                           password_hash_algorithm => <<"sha256">>}},
-    ?assertEqual({ok, [ServiceParams1]}, ?AUTH:add_services(ChainID, [ServiceParams1])),
-    ?assertEqual({ok, [ServiceParams2]}, ?AUTH:add_services(ChainID, [ServiceParams2])),
-
-    ?assertEqual({ok, #{user_id => <<"myuser">>}},
-                 ?AUTH:add_user(ChainID, ServiceName1,
-                                #{<<"user_id">> => <<"myuser">>,
-                                  <<"password">> => <<"mypass1">>})),
-    ?assertEqual({ok, #{user_id => <<"myclient">>}},
-                 ?AUTH:add_user(ChainID, ServiceName2,
-                                #{<<"user_id">> => <<"myclient">>,
-                                  <<"password">> => <<"mypass2">>})),
-    ClientInfo1 = #{chain_id => ChainID,
-			        username => <<"myuser">>,
-                    clientid => <<"myclient">>,
-			        password => <<"mypass1">>},
-    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo1)),
-    ?assertEqual(ok, ?AUTH:move_service_to_the_front(ChainID, ServiceName2)),
-    ?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo1)),
-    ClientInfo2 = ClientInfo1#{password => <<"mypass2">>},
-    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo2)),
-    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
-    ok.
diff --git a/apps/emqx_authentication/data/user-credentials.csv b/apps/emqx_authn/data/user-credentials.csv
similarity index 100%
rename from apps/emqx_authentication/data/user-credentials.csv
rename to apps/emqx_authn/data/user-credentials.csv
diff --git a/apps/emqx_authentication/data/user-credentials.json b/apps/emqx_authn/data/user-credentials.json
similarity index 100%
rename from apps/emqx_authentication/data/user-credentials.json
rename to apps/emqx_authn/data/user-credentials.json
diff --git a/apps/emqx_authn/etc/emqx_authn.conf b/apps/emqx_authn/etc/emqx_authn.conf
new file mode 100644
index 000000000..092bd5404
--- /dev/null
+++ b/apps/emqx_authn/etc/emqx_authn.conf
@@ -0,0 +1,26 @@
+authn: {
+    chains: [
+        # {
+        #     id: "chain1"
+        #     type: simple
+        #     authenticators: [
+        #         {
+        #             name: "authenticator1"
+        #             type: built-in-database
+        #             config: {
+        #                 user_id_type: clientid
+        #                 password_hash_algorithm: {
+        #                     name: sha256
+        #                 }
+        #             }
+        #         }
+        #     ]
+        # }
+    ]
+    bindings: [
+        # {
+        #     chain_id: "chain1"
+        #     listeners: ["mqtt-tcp", "mqtt-ssl"]
+        # }
+    ]
+}
diff --git a/apps/emqx_authn/include/emqx_authn.hrl b/apps/emqx_authn/include/emqx_authn.hrl
new file mode 100644
index 000000000..46c1cf7ca
--- /dev/null
+++ b/apps/emqx_authn/include/emqx_authn.hrl
@@ -0,0 +1,67 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-define(APP, emqx_authn).
+
+-type chain_id() :: binary().
+-type authn_type() :: simple | enhanced.
+-type authenticator_name() :: binary().
+-type authenticator_type() :: mnesia | jwt | mysql | postgresql.
+-type listener_id() :: binary().
+
+-record(authenticator,
+        { name :: authenticator_name()
+        , type :: authenticator_type()
+        , provider :: module()
+        , config :: map()
+        , state :: map()
+        }).
+
+-record(chain,
+        { id :: chain_id()
+        , type :: authn_type()
+        , authenticators :: [{authenticator_name(), #authenticator{}}]
+        , created_at :: integer()
+        }).
+
+-record(binding,
+        { bound :: {listener_id(), authn_type()}
+        , chain_id :: chain_id()
+        }).
+
+-define(AUTH_SHARD, emqx_authn_shard).
+
+-define(CLUSTER_CALL(Module, Func, Args), ?CLUSTER_CALL(Module, Func, Args, ok)).
+
+-define(CLUSTER_CALL(Module, Func, Args, ResParttern),
+    fun() ->
+        case LocalResult = erlang:apply(Module, Func, Args) of
+            ResParttern ->
+                Nodes = nodes(),
+                {ResL, BadNodes} = rpc:multicall(Nodes, Module, Func, Args, 5000),
+                NResL = lists:zip(Nodes - BadNodes, ResL),
+                Errors = lists:filter(fun({_, ResParttern}) -> false;
+                                         (_) -> true
+                                      end, NResL),
+                OtherErrors = [{BadNode, node_does_not_exist} || BadNode <- BadNodes],
+                case Errors ++ OtherErrors of
+                    [] -> LocalResult;
+                    NErrors -> {error, NErrors}
+                end;
+            ErrorResult ->
+                {error, ErrorResult}
+        end
+    end()).
diff --git a/apps/emqx_authentication/rebar.config b/apps/emqx_authn/rebar.config
similarity index 100%
rename from apps/emqx_authentication/rebar.config
rename to apps/emqx_authn/rebar.config
diff --git a/apps/emqx_authentication/src/emqx_authentication.app.src b/apps/emqx_authn/src/emqx_authn.app.src
similarity index 63%
rename from apps/emqx_authentication/src/emqx_authentication.app.src
rename to apps/emqx_authn/src/emqx_authn.app.src
index 4f55ca0a7..c997582ec 100644
--- a/apps/emqx_authentication/src/emqx_authentication.app.src
+++ b/apps/emqx_authn/src/emqx_authn.app.src
@@ -1,10 +1,10 @@
-{application, emqx_authentication,
+{application, emqx_authn,
  [{description, "EMQ X Authentication"},
   {vsn, "0.1.0"},
   {modules, []},
-  {registered, [emqx_authentication_sup, emqx_authentication_registry]},
+  {registered, [emqx_authn_sup, emqx_authn_registry]},
   {applications, [kernel,stdlib]},
-  {mod, {emqx_authentication_app,[]}},
+  {mod, {emqx_authn_app,[]}},
   {env, []},
   {licenses, ["Apache-2.0"]},
   {maintainers, ["EMQ X Team <contact@emqx.io>"]},
diff --git a/apps/emqx_authn/src/emqx_authn.erl b/apps/emqx_authn/src/emqx_authn.erl
new file mode 100644
index 000000000..24bdb21e7
--- /dev/null
+++ b/apps/emqx_authn/src/emqx_authn.erl
@@ -0,0 +1,490 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn).
+
+-include("emqx_authn.hrl").
+
+-export([ enable/0
+        , disable/0
+        ]).
+
+-export([authenticate/1]).
+
+-export([ create_chain/1
+        , delete_chain/1
+        , lookup_chain/1
+        , list_chains/0
+        , bind/2
+        , unbind/2
+        , list_bindings/1
+        , list_bound_chains/1
+        , create_authenticator/2
+        , delete_authenticator/2
+        , update_authenticator/3
+        , lookup_authenticator/2
+        , list_authenticators/1
+        , move_authenticator_to_the_front/2
+        , move_authenticator_to_the_end/2
+        , move_authenticator_to_the_nth/3
+        ]).
+
+-export([ import_users/3
+        , add_user/3
+        , delete_user/3
+        , update_user/4
+        , lookup_user/3
+        , list_users/2
+        ]).
+
+-export([mnesia/1]).
+
+-boot_mnesia({mnesia, [boot]}).
+
+-define(CHAIN_TAB, emqx_authn_chain).
+-define(BINDING_TAB, emqx_authn_binding).
+
+-rlog_shard({?AUTH_SHARD, ?CHAIN_TAB}).
+-rlog_shard({?AUTH_SHARD, ?BINDING_TAB}).
+
+%%------------------------------------------------------------------------------
+%% Mnesia bootstrap
+%%------------------------------------------------------------------------------
+
+%% @doc Create or replicate tables.
+-spec(mnesia(boot) -> ok).
+mnesia(boot) ->
+    %% Optimize storage
+    StoreProps = [{ets, [{read_concurrency, true}]}],
+    %% Chain table
+    ok = ekka_mnesia:create_table(?CHAIN_TAB, [
+                {ram_copies, [node()]},
+                {record_name, chain},
+                {local_content, true},
+                {attributes, record_info(fields, chain)},
+                {storage_properties, StoreProps}]),
+    %% Binding table
+    ok = ekka_mnesia:create_table(?BINDING_TAB, [
+                {ram_copies, [node()]},
+                {record_name, binding},
+                {local_content, true},
+                {attributes, record_info(fields, binding)},
+                {storage_properties, StoreProps}]).
+
+enable() ->
+    case emqx:hook('client.authenticate', {?MODULE, authenticate, []}) of
+        ok -> ok;
+        {error, already_exists} -> ok
+    end.
+
+disable() ->
+    emqx:unhook('client.authenticate', {?MODULE, authenticate, []}),
+    ok.
+
+authenticate(#{listener_id := ListenerID} = ClientInfo) ->
+    case lookup_chain_by_listener(ListenerID, simple) of
+        {error, _} ->
+            {error, no_authenticators};
+        {ok, ChainID} ->
+            case mnesia:dirty_read(?CHAIN_TAB, ChainID) of
+                [#chain{authenticators = []}] ->
+                    {error, no_authenticators};
+                [#chain{authenticators = Authenticators}] ->
+                    do_authenticate(Authenticators, ClientInfo);
+                [] ->
+                    {error, no_authenticators}
+            end
+    end.
+
+do_authenticate([], _) ->
+    {error, user_not_found};
+do_authenticate([{_, #authenticator{provider = Provider, state = State}} | More], ClientInfo) ->
+    case Provider:authenticate(ClientInfo, State) of
+        ignore -> do_authenticate(More, ClientInfo);
+        ok -> ok;
+        {ok, NewClientInfo} -> {ok, NewClientInfo};
+        {stop, Reason} -> {error, Reason}
+    end.
+
+create_chain(#{id   := ID,
+               type := Type}) ->
+    trans(
+        fun() ->
+            case mnesia:read(?CHAIN_TAB, ID, write) of
+                [] ->
+                    Chain = #chain{id = ID,
+                                   type = Type,
+                                   authenticators = [],
+                                   created_at = erlang:system_time(millisecond)},
+                    mnesia:write(?CHAIN_TAB, Chain, write),
+                    {ok, serialize_chain(Chain)};
+                [_ | _] ->
+                    {error, {already_exists, {chain, ID}}}
+            end
+        end).
+
+delete_chain(ID) ->
+    trans(
+        fun() ->
+            case mnesia:read(?CHAIN_TAB, ID, write) of
+                [] ->
+                    {error, {not_found, {chain, ID}}};
+                [#chain{authenticators = Authenticators}] ->
+                    _ = [do_delete_authenticator(Authenticator) || {_, Authenticator} <- Authenticators],
+                    mnesia:delete(?CHAIN_TAB, ID, write)
+            end
+        end).
+
+lookup_chain(ID) ->
+    case mnesia:dirty_read(?CHAIN_TAB, ID) of
+        [] ->
+            {error, {not_found, {chain, ID}}};
+        [Chain] ->
+            {ok, serialize_chain(Chain)}
+    end.
+
+list_chains() ->
+    Chains = ets:tab2list(?CHAIN_TAB),
+    {ok, [serialize_chain(Chain) || Chain <- Chains]}.
+
+bind(ChainID, Listeners) ->
+    %% TODO: ensure listener id is valid
+    trans(
+        fun() ->
+            case mnesia:read(?CHAIN_TAB, ChainID, write) of
+                [] ->
+                    {error, {not_found, {chain, ChainID}}};
+                [#chain{type = AuthNType}] ->
+                    Result = lists:foldl(
+                                 fun(ListenerID, Acc) ->
+                                     case mnesia:read(?BINDING_TAB, {ListenerID, AuthNType}, write) of
+                                         [] ->
+                                             Binding = #binding{bound = {ListenerID, AuthNType}, chain_id = ChainID},
+                                             mnesia:write(?BINDING_TAB, Binding, write),
+                                             Acc;
+                                         _ ->
+                                             [ListenerID | Acc]
+                                     end
+                                 end, [], Listeners),
+                    case Result of
+                        [] -> ok;
+                        Listeners0 -> {error, {already_bound, Listeners0}}
+                    end
+            end
+        end).
+
+unbind(ChainID, Listeners) ->
+    trans(
+        fun() ->
+            Result = lists:foldl(
+                        fun(ListenerID, Acc) ->
+                            MatchSpec = [{{binding, {ListenerID, '_'}, ChainID}, [], ['$_']}],
+                            case mnesia:select(?BINDING_TAB, MatchSpec, write) of
+                                [] ->
+                                    [ListenerID | Acc];
+                                [#binding{bound = Bound}] ->
+                                    mnesia:delete(?BINDING_TAB, Bound, write),
+                                    Acc
+                            end
+                        end, [], Listeners),
+            case Result of
+                [] -> ok;
+                Listeners0 ->
+                    {error, {not_found, Listeners0}}
+            end
+        end).
+
+list_bindings(ChainID) ->
+    trans(
+        fun() ->
+            MatchSpec = [{{binding, {'$1', '_'}, ChainID}, [], ['$1']}],
+            Listeners = mnesia:select(?BINDING_TAB, MatchSpec),
+            {ok, #{chain_id => ChainID, listeners => Listeners}}
+        end).
+
+list_bound_chains(ListenerID) ->
+    trans(
+        fun() ->
+            MatchSpec = [{{binding, {ListenerID, '_'}, '_'}, [], ['$_']}],
+            Bindings = mnesia:select(?BINDING_TAB, MatchSpec),
+            Chains = [{AuthNType, ChainID} || #binding{bound = {_, AuthNType},
+                                                    chain_id = ChainID} <- Bindings],
+            {ok, maps:from_list(Chains)}
+        end).
+
+create_authenticator(ChainID, #{name := Name,
+                                type := Type,
+                                config := Config}) ->
+    UpdateFun =
+        fun(Chain = #chain{type = AuthNType, authenticators = Authenticators}) ->
+            case lists:keymember(Name, 1, Authenticators) of
+                true ->
+                    {error, {already_exists, {authenticator, Name}}};
+                false ->
+                    Provider = authenticator_provider(AuthNType, Type),
+                    case Provider:create(ChainID, Name, Config) of
+                        {ok, State} ->
+                            Authenticator = #authenticator{name = Name,
+                                                           type = Type,
+                                                           provider = Provider,
+                                                           config = Config,
+                                                           state = State},
+                            NChain = Chain#chain{authenticators = Authenticators ++ [{Name, Authenticator}]},
+                            ok = mnesia:write(?CHAIN_TAB, NChain, write),
+                            {ok, serialize_authenticator(Authenticator)};
+                        {error, Reason} ->
+                            {error, Reason}
+                    end
+            end
+        end,
+    update_chain(ChainID, UpdateFun).
+
+delete_authenticator(ChainID, AuthenticatorName) ->
+    UpdateFun = fun(Chain = #chain{authenticators = Authenticators}) ->
+                    case lists:keytake(AuthenticatorName, 1, Authenticators) of
+                        false ->
+                            {error, {not_found, {authenticator, AuthenticatorName}}};
+                        {value, {_, Authenticator}, NAuthenticators} ->
+                            _ = do_delete_authenticator(Authenticator),
+                            NChain = Chain#chain{authenticators = NAuthenticators},
+                            mnesia:write(?CHAIN_TAB, NChain, write)
+                    end
+                end,
+    update_chain(ChainID, UpdateFun).
+
+update_authenticator(ChainID, AuthenticatorName, Config) ->
+    UpdateFun = fun(Chain = #chain{authenticators = Authenticators}) ->
+                    case proplists:get_value(AuthenticatorName, Authenticators, undefined) of
+                        undefined ->
+                            {error, {not_found, {authenticator, AuthenticatorName}}};
+                        #authenticator{provider = Provider,
+                                       config   = OriginalConfig,
+                                       state    = State} = Authenticator ->
+                            NewConfig = maps:merge(OriginalConfig, Config),
+                            case Provider:update(ChainID, AuthenticatorName, NewConfig, State) of
+                                {ok, NState} ->
+                                    NAuthenticator = Authenticator#authenticator{config = NewConfig,
+                                                                                 state = NState},
+                                    NAuthenticators = update_value(AuthenticatorName, NAuthenticator, Authenticators),
+                                    ok = mnesia:write(?CHAIN_TAB, Chain#chain{authenticators = NAuthenticators}, write),
+                                    {ok, serialize_authenticator(NAuthenticator)};
+                                {error, Reason} ->
+                                    {error, Reason}
+                            end
+                    end
+                 end,
+    update_chain(ChainID, UpdateFun).
+
+lookup_authenticator(ChainID, AuthenticatorName) ->
+    case mnesia:dirty_read(?CHAIN_TAB, ChainID) of
+        [] ->
+            {error, {not_found, {chain, ChainID}}};
+        [#chain{authenticators = Authenticators}] ->
+            case proplists:get_value(AuthenticatorName, Authenticators, undefined) of
+                undefined ->
+                    {error, {not_found, {authenticator, AuthenticatorName}}};
+                Authenticator ->
+                    {ok, serialize_authenticator(Authenticator)}
+            end
+    end.
+
+list_authenticators(ChainID) ->
+    case mnesia:dirty_read(?CHAIN_TAB, ChainID) of
+        [] ->
+            {error, {not_found, {chain, ChainID}}};
+        [#chain{authenticators = Authenticators}] ->
+            {ok, serialize_authenticators(Authenticators)}
+    end.
+
+move_authenticator_to_the_front(ChainID, AuthenticatorName) ->
+    UpdateFun = fun(Chain = #chain{authenticators = Authenticators}) ->
+                    case move_authenticator_to_the_front_(AuthenticatorName, Authenticators) of
+                        {ok, NAuthenticators} ->
+                            NChain = Chain#chain{authenticators = NAuthenticators},
+                            mnesia:write(?CHAIN_TAB, NChain, write);
+                        {error, Reason} ->
+                            {error, Reason}
+                    end
+                 end,
+    update_chain(ChainID, UpdateFun).
+
+move_authenticator_to_the_end(ChainID, AuthenticatorName) ->
+    UpdateFun = fun(Chain = #chain{authenticators = Authenticators}) ->
+                    case move_authenticator_to_the_end_(AuthenticatorName, Authenticators) of
+                        {ok, NAuthenticators} ->
+                            NChain = Chain#chain{authenticators = NAuthenticators},
+                            mnesia:write(?CHAIN_TAB, NChain, write);
+                        {error, Reason} ->
+                            {error, Reason}
+                    end
+                 end,
+    update_chain(ChainID, UpdateFun).
+
+move_authenticator_to_the_nth(ChainID, AuthenticatorName, N) ->
+    UpdateFun = fun(Chain = #chain{authenticators = Authenticators}) ->
+                    case move_authenticator_to_the_nth_(AuthenticatorName, Authenticators, N) of
+                        {ok, NAuthenticators} ->
+                            NChain = Chain#chain{authenticators = NAuthenticators},
+                            mnesia:write(?CHAIN_TAB, NChain, write);
+                        {error, Reason} ->
+                            {error, Reason}
+                    end
+                 end,
+    update_chain(ChainID, UpdateFun).
+
+import_users(ChainID, AuthenticatorName, Filename) ->
+    call_authenticator(ChainID, AuthenticatorName, import_users, [Filename]).
+
+add_user(ChainID, AuthenticatorName, UserInfo) ->
+    call_authenticator(ChainID, AuthenticatorName, add_user, [UserInfo]).
+
+delete_user(ChainID, AuthenticatorName, UserID) ->
+    call_authenticator(ChainID, AuthenticatorName, delete_user, [UserID]).
+
+update_user(ChainID, AuthenticatorName, UserID, NewUserInfo) ->
+    call_authenticator(ChainID, AuthenticatorName, update_user, [UserID, NewUserInfo]).
+
+lookup_user(ChainID, AuthenticatorName, UserID) ->
+    call_authenticator(ChainID, AuthenticatorName, lookup_user, [UserID]).
+
+list_users(ChainID, AuthenticatorName) ->
+    call_authenticator(ChainID, AuthenticatorName, list_users, []).
+
+%%------------------------------------------------------------------------------
+%% Internal functions
+%%------------------------------------------------------------------------------
+
+authenticator_provider(simple, 'built-in-database') -> emqx_authn_mnesia;
+authenticator_provider(simple, jwt) -> emqx_authn_jwt;
+authenticator_provider(simple, mysql) -> emqx_authn_mysql;
+authenticator_provider(simple, postgresql) -> emqx_authn_pgsql.
+
+% authenticator_provider(enhanced, 'enhanced-built-in-database') -> emqx_enhanced_authn_mnesia.
+
+do_delete_authenticator(#authenticator{provider = Provider, state = State}) ->
+    Provider:destroy(State).
+    
+update_value(Key, Value, List) ->
+    lists:keyreplace(Key, 1, List, {Key, Value}).
+
+move_authenticator_to_the_front_(AuthenticatorName, Authenticators) ->
+    move_authenticator_to_the_front_(AuthenticatorName, Authenticators, []).
+
+move_authenticator_to_the_front_(AuthenticatorName, [], _) ->
+    {error, {not_found, {authenticator, AuthenticatorName}}};
+move_authenticator_to_the_front_(AuthenticatorName, [{AuthenticatorName, _} = Authenticator | More], Passed) ->
+    {ok, [Authenticator | (lists:reverse(Passed) ++ More)]};
+move_authenticator_to_the_front_(AuthenticatorName, [Authenticator | More], Passed) ->
+    move_authenticator_to_the_front_(AuthenticatorName, More, [Authenticator | Passed]).
+
+move_authenticator_to_the_end_(AuthenticatorName, Authenticators) ->
+    move_authenticator_to_the_end_(AuthenticatorName, Authenticators, []).
+
+move_authenticator_to_the_end_(AuthenticatorName, [], _) ->
+    {error, {not_found, {authenticator, AuthenticatorName}}};
+move_authenticator_to_the_end_(AuthenticatorName, [{AuthenticatorName, _} = Authenticator | More], Passed) ->
+    {ok, lists:reverse(Passed) ++ More ++ [Authenticator]};
+move_authenticator_to_the_end_(AuthenticatorName, [Authenticator | More], Passed) ->
+    move_authenticator_to_the_end_(AuthenticatorName, More, [Authenticator | Passed]).
+
+move_authenticator_to_the_nth_(AuthenticatorName, Authenticators, N)
+  when N =< length(Authenticators) andalso N > 0 ->
+    move_authenticator_to_the_nth_(AuthenticatorName, Authenticators, N, []);
+move_authenticator_to_the_nth_(_, _, _) ->
+    {error, out_of_range}.
+
+move_authenticator_to_the_nth_(AuthenticatorName, [], _, _) ->
+    {error, {not_found, {authenticator, AuthenticatorName}}};
+move_authenticator_to_the_nth_(AuthenticatorName, [{AuthenticatorName, _} = Authenticator | More], N, Passed)
+  when N =< length(Passed) ->
+    {L1, L2} = lists:split(N - 1, lists:reverse(Passed)),
+    {ok, L1 ++ [Authenticator] ++ L2 ++ More};
+move_authenticator_to_the_nth_(AuthenticatorName, [{AuthenticatorName, _} = Authenticator | More], N, Passed) ->
+    {L1, L2} = lists:split(N - length(Passed) - 1, More),
+    {ok, lists:reverse(Passed) ++ L1 ++ [Authenticator] ++ L2};
+move_authenticator_to_the_nth_(AuthenticatorName, [Authenticator | More], N, Passed) ->
+    move_authenticator_to_the_nth_(AuthenticatorName, More, N, [Authenticator | Passed]).
+
+update_chain(ChainID, UpdateFun) ->
+    trans(
+        fun() ->
+            case mnesia:read(?CHAIN_TAB, ChainID, write) of
+                [] ->
+                    {error, {not_found, {chain, ChainID}}};
+                [Chain] ->
+                    UpdateFun(Chain)
+            end
+        end).
+
+lookup_chain_by_listener(ListenerID, AuthNType) ->
+    case mnesia:dirty_read(?BINDING_TAB, {ListenerID, AuthNType}) of
+        [] ->
+            {error, not_found};
+        [#binding{chain_id = ChainID}] ->
+            {ok, ChainID}
+    end.
+
+
+call_authenticator(ChainID, AuthenticatorName, Func, Args) ->
+    case mnesia:dirty_read(?CHAIN_TAB, ChainID) of
+        [] ->
+            {error, {not_found, {chain, ChainID}}};
+        [#chain{authenticators = Authenticators}] ->
+            case proplists:get_value(AuthenticatorName, Authenticators, undefined) of
+                undefined ->
+                    {error, {not_found, {authenticator, AuthenticatorName}}};
+                #authenticator{provider = Provider, state = State} ->
+                    case erlang:function_exported(Provider, Func, length(Args) + 1) of
+                        true ->
+                            erlang:apply(Provider, Func, Args ++ [State]);
+                        false ->
+                            {error, unsupported_feature}
+                    end
+            end
+    end.
+
+serialize_chain(#chain{id = ID,
+                       type = Type,
+                       authenticators = Authenticators,
+                       created_at = CreatedAt}) ->
+    #{id => ID,
+      type => Type,
+      authenticators => serialize_authenticators(Authenticators),
+      created_at => CreatedAt}.
+
+% serialize_binding(#binding{bound = {ListenerID, _},
+%                            chain_id = ChainID}) ->
+%     #{listener_id => ListenerID,
+%       chain_id => ChainID}.
+
+serialize_authenticators(Authenticators) ->
+    [serialize_authenticator(Authenticator) || {_, Authenticator} <- Authenticators].
+
+serialize_authenticator(#authenticator{name = Name,
+                                       type = Type,
+                                       config = Config}) ->
+    #{name => Name,
+      type => Type,
+      config => Config}.
+
+trans(Fun) ->
+    trans(Fun, []).
+
+trans(Fun, Args) ->
+    case ekka_mnesia:transaction(?AUTH_SHARD, Fun, Args) of
+        {atomic, Res} -> Res;
+        {aborted, Reason} -> {error, Reason}
+    end.
diff --git a/apps/emqx_authn/src/emqx_authn_api.erl b/apps/emqx_authn/src/emqx_authn_api.erl
new file mode 100644
index 000000000..ad9542958
--- /dev/null
+++ b/apps/emqx_authn/src/emqx_authn_api.erl
@@ -0,0 +1,544 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_api).
+
+-include("emqx_authn.hrl").
+
+-export([ create_chain/2
+        , delete_chain/2
+        , lookup_chain/2
+        , list_chains/2
+        , bind/2
+        , unbind/2
+        , list_bindings/2
+        , list_bound_chains/2
+        , create_authenticator/2
+        , delete_authenticator/2
+        , update_authenticator/2
+        , lookup_authenticator/2
+        , list_authenticators/2
+        , move_authenticator/2
+        , import_users/2
+        , add_user/2
+        , delete_user/2
+        , update_user/2
+        , lookup_user/2
+        , list_users/2
+        ]).
+
+-import(minirest,  [return/1]).
+
+-rest_api(#{name   => create_chain,
+            method => 'POST',
+            path   => "/authentication/chains",
+            func   => create_chain,
+            descr  => "Create a chain"
+           }).
+
+-rest_api(#{name   => delete_chain,
+            method => 'DELETE',
+            path   => "/authentication/chains/:bin:id",
+            func   => delete_chain,
+            descr  => "Delete chain"
+           }).
+
+-rest_api(#{name   => lookup_chain,
+            method => 'GET',
+            path   => "/authentication/chains/:bin:id",
+            func   => lookup_chain,
+            descr  => "Lookup chain"
+           }).
+
+-rest_api(#{name   => list_chains,
+            method => 'GET',
+            path   => "/authentication/chains",
+            func   => list_chains,
+            descr  => "List all chains"
+           }).
+
+-rest_api(#{name   => bind,
+            method => 'POST',
+            path   => "/authentication/chains/:bin:id/bindings/bulk",
+            func   => bind,
+            descr  => "Bind"
+           }).
+
+-rest_api(#{name   => unbind,
+            method => 'DELETE',
+            path   => "/authentication/chains/:bin:id/bindings/bulk",
+            func   => unbind,
+            descr  => "Unbind"
+           }).
+
+-rest_api(#{name   => list_bindings,
+            method => 'GET',
+            path   => "/authentication/chains/:bin:id/bindings",
+            func   => list_bindings,
+            descr  => "List bindings"
+           }).
+
+-rest_api(#{name   => list_bound_chains,
+            method => 'GET',
+            path   => "/authentication/listeners/:bin:listener_id/bound_chains",
+            func   => list_bound_chains,
+            descr  => "List bound chains"
+           }).
+
+-rest_api(#{name   => create_authenticator,
+            method => 'POST',
+            path   => "/authentication/chains/:bin:id/authenticators",
+            func   => create_authenticator,
+            descr  => "Create authenticator to chain"
+           }).
+
+-rest_api(#{name   => delete_authenticator,
+            method => 'DELETE',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name",
+            func   => delete_authenticator,
+            descr  => "Delete authenticator from chain"
+           }).
+
+-rest_api(#{name   => update_authenticator,
+            method => 'PUT',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name",
+            func   => update_authenticator,
+            descr  => "Update authenticator in chain"
+           }).
+
+-rest_api(#{name   => lookup_authenticator,
+            method => 'GET',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name",
+            func   => lookup_authenticator,
+            descr  => "Lookup authenticator in chain"
+           }).
+
+-rest_api(#{name   => list_authenticators,
+            method => 'GET',
+            path   => "/authentication/chains/:bin:id/authenticators",
+            func   => list_authenticators,
+            descr  => "List authenticators in chain"
+           }).
+
+-rest_api(#{name   => move_authenticator,
+            method => 'POST',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name/position",
+            func   => move_authenticator,
+            descr  => "Change the order of authenticators"
+           }).
+
+-rest_api(#{name   => import_users,
+            method => 'POST',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name/import-users",
+            func   => import_users,
+            descr  => "Import users"
+           }).
+
+-rest_api(#{name   => add_user,
+            method => 'POST',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name/users",
+            func   => add_user,
+            descr  => "Add user"
+           }).
+
+-rest_api(#{name   => delete_user,
+            method => 'DELETE',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name/users/:bin:user_id",
+            func   => delete_user,
+            descr  => "Delete user"
+           }).
+
+-rest_api(#{name   => update_user,
+            method => 'PUT',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name/users/:bin:user_id",
+            func   => update_user,
+            descr  => "Update user"
+           }).
+
+-rest_api(#{name   => lookup_user,
+            method => 'GET',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name/users/:bin:user_id",
+            func   => lookup_user,
+            descr  => "Lookup user"
+           }).
+
+%% TODO: Support pagination
+-rest_api(#{name   => list_users,
+            method => 'GET',
+            path   => "/authentication/chains/:bin:id/authenticators/:bin:authenticator_name/users",
+            func   => list_users,
+            descr  => "List all users"
+           }).
+
+create_chain(Binding, Params) ->
+    do_create_chain(uri_decode(Binding), maps:from_list(Params)).
+
+do_create_chain(_Binding, Chain0) ->
+    Config = #{<<"authn">> => #{<<"chains">> => [Chain0#{<<"authenticators">> => []}],
+                                <<"bindings">> => []}},
+    #{authn := #{chains := [Chain1]}}
+                = hocon_schema:check_plain(emqx_authn_schema, Config,
+                                           #{atom_key => true, nullable => true}),
+    case emqx_authn:create_chain(Chain1) of
+        {ok, Chain2} ->
+            return({ok, Chain2});
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+delete_chain(Binding, Params) ->
+    do_delete_chain(uri_decode(Binding), maps:from_list(Params)).
+
+do_delete_chain(#{id := ChainID}, _Params) ->
+    case emqx_authn:delete_chain(ChainID) of
+        ok ->
+            return(ok);
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+lookup_chain(Binding, Params) ->
+    do_lookup_chain(uri_decode(Binding), maps:from_list(Params)).
+
+do_lookup_chain(#{id := ChainID}, _Params) ->
+    case emqx_authn:lookup_chain(ChainID) of
+        {ok, Chain} ->
+            return({ok, Chain});
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+list_chains(Binding, Params) ->
+    do_list_chains(uri_decode(Binding), maps:from_list(Params)).
+
+do_list_chains(_Binding, _Params) ->
+    {ok, Chains} = emqx_authn:list_chains(),
+    return({ok, Chains}).
+
+bind(Binding, Params) ->
+    do_bind(uri_decode(Binding), lists_to_map(Params)).
+
+do_bind(#{id := ChainID}, #{<<"listeners">> := Listeners}) ->
+    % Config = #{<<"authn">> => #{<<"chains">> => [],
+    %                             <<"bindings">> => [#{<<"chain">> := ChainID,
+    %                                                  <<"listeners">> := Listeners}]}},
+    % #{authn := #{bindings := [#{listeners := Listeners}]}}
+    %             = hocon_schema:check_plain(emqx_authn_schema, Config,
+    %                                        #{atom_key => true, nullable => true}),
+    case emqx_authn:bind(ChainID, Listeners) of
+        ok ->
+            return(ok);
+        {error, {alread_bound, Listeners}} ->
+            {ok, #{code => <<"ALREADY_EXISTS">>,
+                   message => <<"ALREADY_BOUND">>,
+                   detail => Listeners}};
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end;
+do_bind(_, _) ->
+    return(serialize_error({missing_parameter, <<"listeners">>})).
+
+unbind(Binding, Params) ->
+    do_unbind(uri_decode(Binding), lists_to_map(Params)).
+
+do_unbind(#{id := ChainID}, #{<<"listeners">> := Listeners0}) ->
+    case emqx_authn:unbind(ChainID, Listeners0) of
+        ok ->
+            return(ok);
+        {error, {not_found, Listeners1}} ->
+            {ok, #{code => <<"NOT_FOUND">>,
+                   detail => Listeners1}};
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end;
+do_unbind(_, _) ->
+    return(serialize_error({missing_parameter, <<"listeners">>})).
+
+list_bindings(Binding, Params) ->
+    do_list_bindings(uri_decode(Binding), lists_to_map(Params)).
+
+do_list_bindings(#{id := ChainID}, _) ->
+    {ok, Binding} = emqx_authn:list_bindings(ChainID),
+    return({ok, Binding}).
+
+list_bound_chains(Binding, Params) ->
+    do_list_bound_chains(uri_decode(Binding), lists_to_map(Params)).
+
+do_list_bound_chains(#{listener_id := ListenerID}, _) ->
+    {ok, Chains} = emqx_authn:list_bound_chains(ListenerID),
+    return({ok, Chains}).
+
+create_authenticator(Binding, Params) ->
+    do_create_authenticator(uri_decode(Binding), lists_to_map(Params)).
+
+do_create_authenticator(#{id := ChainID}, Authenticator0) ->
+    case emqx_authn:lookup_chain(ChainID) of
+        {ok, #{type := Type}} ->
+            Chain = #{<<"id">> => ChainID,
+                      <<"type">> => Type,
+                      <<"authenticators">> => [Authenticator0]},
+            Config = #{<<"authn">> => #{<<"chains">> => [Chain],
+                                        <<"bindings">> => []}},
+            #{authn := #{chains := [#{authenticators := [Authenticator1]}]}}
+                = hocon_schema:check_plain(emqx_authn_schema, Config,
+                                           #{atom_key => true, nullable => true}),
+            case emqx_authn:create_authenticator(ChainID, Authenticator1) of
+                {ok, Authenticator2} ->
+                    return({ok, Authenticator2});
+                {error, Reason} ->
+                    return(serialize_error(Reason))
+            end;
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+delete_authenticator(Binding, Params) ->
+    do_delete_authenticator(uri_decode(Binding), maps:from_list(Params)).
+
+do_delete_authenticator(#{id := ChainID,
+                          authenticator_name := AuthenticatorName}, _Params) ->
+    case emqx_authn:delete_authenticator(ChainID, AuthenticatorName) of
+        ok ->
+            return(ok);
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+%% TODO: Support incremental update
+update_authenticator(Binding, Params) ->
+    do_update_authenticator(uri_decode(Binding), lists_to_map(Params)).
+
+%% TOOD: PUT method supports creation and update
+do_update_authenticator(#{id := ChainID,
+                          authenticator_name := AuthenticatorName}, AuthenticatorConfig0) ->
+    case emqx_authn:lookup_chain(ChainID) of
+        {ok, #{type := ChainType}} ->
+            case emqx_authn:lookup_authenticator(ChainID, AuthenticatorName) of
+                {ok, #{type := Type}} ->
+                    Authenticator = #{<<"name">> => AuthenticatorName,
+                                      <<"type">> => Type,
+                                      <<"config">> => AuthenticatorConfig0},
+                    Chain = #{<<"id">> => ChainID,
+                              <<"type">> => ChainType,
+                              <<"authenticators">> => [Authenticator]},
+                    Config = #{<<"authn">> => #{<<"chains">> => [Chain],
+                                                <<"bindings">> => []}},
+                    #{
+                        authn := #{
+                            chains := [#{
+                                authenticators := [#{
+                                    config := AuthenticatorConfig1
+                                }]
+                            }]
+                        }
+                    } = hocon_schema:check_plain(emqx_authn_schema, Config,
+                                                 #{atom_key => true, nullable => true}),
+                    case emqx_authn:update_authenticator(ChainID, AuthenticatorName, AuthenticatorConfig1) of
+                        {ok, NAuthenticator} ->
+                            return({ok, NAuthenticator});
+                        {error, Reason} ->
+                            return(serialize_error(Reason))
+                    end;
+                {error, Reason} ->
+                    return(serialize_error(Reason))
+            end;
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+lookup_authenticator(Binding, Params) ->
+    do_lookup_authenticator(uri_decode(Binding), maps:from_list(Params)).
+
+do_lookup_authenticator(#{id := ChainID,
+                    authenticator_name := AuthenticatorName}, _Params) ->
+    case emqx_authn:lookup_authenticator(ChainID, AuthenticatorName) of
+        {ok, Authenticator} ->
+            return({ok, Authenticator});
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+list_authenticators(Binding, Params) ->
+    do_list_authenticators(uri_decode(Binding), maps:from_list(Params)).
+
+do_list_authenticators(#{id := ChainID}, _Params) ->
+    case emqx_authn:list_authenticators(ChainID) of
+        {ok, Authenticators} ->
+            return({ok, Authenticators});
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+move_authenticator(Binding, Params) ->
+    do_move_authenticator(uri_decode(Binding), maps:from_list(Params)).
+
+do_move_authenticator(#{id := ChainID,
+                  authenticator_name := AuthenticatorName}, #{<<"position">> := <<"the front">>}) ->
+    case emqx_authn:move_authenticator_to_the_front(ChainID, AuthenticatorName) of
+        ok ->
+            return(ok);
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end;
+do_move_authenticator(#{id := ChainID,
+                  authenticator_name := AuthenticatorName}, #{<<"position">> := <<"the end">>}) ->
+    case emqx_authn:move_authenticator_to_the_end(ChainID, AuthenticatorName) of
+        ok ->
+            return(ok);
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end;
+do_move_authenticator(#{id := ChainID,
+                  authenticator_name := AuthenticatorName}, #{<<"position">> := N}) when is_number(N) ->
+    case emqx_authn:move_authenticator_to_the_nth(ChainID, AuthenticatorName, N) of
+        ok ->
+            return(ok);
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end;
+do_move_authenticator(_Binding, _Params) ->
+    return(serialize_error({missing_parameter, <<"position">>})).
+
+import_users(Binding, Params) ->
+    do_import_users(uri_decode(Binding), maps:from_list(Params)).
+
+do_import_users(#{id := ChainID, authenticator_name := AuthenticatorName},
+                #{<<"filename">> := Filename}) ->
+    case emqx_authn:import_users(ChainID, AuthenticatorName, Filename) of
+        ok ->
+            return(ok);
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end;
+do_import_users(_Binding, Params) ->
+    Missed = get_missed_params(Params, [<<"filename">>, <<"file_format">>]),
+    return(serialize_error({missing_parameter, Missed})).
+
+add_user(Binding, Params) ->
+    do_add_user(uri_decode(Binding), maps:from_list(Params)).
+
+do_add_user(#{id := ChainID,
+              authenticator_name := AuthenticatorName}, UserInfo) ->
+    case emqx_authn:add_user(ChainID, AuthenticatorName, UserInfo) of
+        {ok, User} ->
+            return({ok, User});
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+delete_user(Binding, Params) ->
+    do_delete_user(uri_decode(Binding), maps:from_list(Params)).
+
+do_delete_user(#{id := ChainID,
+                 authenticator_name := AuthenticatorName,
+                 user_id := UserID}, _Params) ->
+    case emqx_authn:delete_user(ChainID, AuthenticatorName, UserID) of
+        ok ->
+            return(ok);
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+update_user(Binding, Params) ->
+    do_update_user(uri_decode(Binding), maps:from_list(Params)).
+
+do_update_user(#{id := ChainID,
+                 authenticator_name := AuthenticatorName,
+                 user_id := UserID}, NewUserInfo) ->
+    case emqx_authn:update_user(ChainID, AuthenticatorName, UserID, NewUserInfo) of
+        {ok, User} ->
+            return({ok, User});
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+lookup_user(Binding, Params) ->
+    do_lookup_user(uri_decode(Binding), maps:from_list(Params)).
+
+do_lookup_user(#{id := ChainID,
+                 authenticator_name := AuthenticatorName,
+                 user_id := UserID}, _Params) ->
+    case emqx_authn:lookup_user(ChainID, AuthenticatorName, UserID) of
+        {ok, User} ->
+            return({ok, User});
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+list_users(Binding, Params) ->
+    do_list_users(uri_decode(Binding), maps:from_list(Params)).
+
+do_list_users(#{id := ChainID,
+                authenticator_name := AuthenticatorName}, _Params) ->
+    case emqx_authn:list_users(ChainID, AuthenticatorName) of
+        {ok, Users} ->
+            return({ok, Users});
+        {error, Reason} ->
+            return(serialize_error(Reason))
+    end.
+
+%%------------------------------------------------------------------------------
+%% Internal functions
+%%------------------------------------------------------------------------------
+
+uri_decode(Params) ->
+    maps:fold(fun(K, V, Acc) ->
+                  Acc#{K => emqx_http_lib:uri_decode(V)}
+              end, #{}, Params).
+
+lists_to_map(L) ->
+    lists_to_map(L, #{}).
+
+lists_to_map([], Acc) ->
+    Acc;
+lists_to_map([{K, V} | More], Acc) when is_list(V) ->
+    NV = lists_to_map(V),
+    lists_to_map(More, Acc#{K => NV});
+lists_to_map([{K, V} | More], Acc) ->
+    lists_to_map(More, Acc#{K => V});
+lists_to_map([_ | _] = L, _) ->
+    L.
+
+serialize_error({already_exists, {Type, ID}}) ->
+    {error, <<"ALREADY_EXISTS">>, list_to_binary(io_lib:format("~s '~s' already exists", [serialize_type(Type), ID]))};
+serialize_error({not_found, {Type, ID}}) ->
+    {error, <<"NOT_FOUND">>, list_to_binary(io_lib:format("~s '~s' not found", [serialize_type(Type), ID]))};
+serialize_error({duplicate, Name}) ->
+    {error, <<"INVALID_PARAMETER">>, list_to_binary(io_lib:format("Authenticator name '~s' is duplicated", [Name]))};
+serialize_error({missing_parameter, Names = [_ | Rest]}) ->
+    Format = ["~s," || _ <- Rest] ++ ["~s"],
+    NFormat = binary_to_list(iolist_to_binary(Format)),
+    {error, <<"MISSING_PARAMETER">>, list_to_binary(io_lib:format("The input parameters " ++ NFormat ++ " that are mandatory for processing this request are not supplied.", Names))};
+serialize_error({missing_parameter, Name}) ->
+    {error, <<"MISSING_PARAMETER">>, list_to_binary(io_lib:format("The input parameter '~s' that is mandatory for processing this request is not supplied.", [Name]))};
+serialize_error(_) ->
+    {error, <<"UNKNOWN_ERROR">>, <<"Unknown error">>}.
+
+serialize_type(authenticator) ->
+    "Authenticator";
+serialize_type(chain) ->
+    "Chain";
+serialize_type(authenticator_type) ->
+    "Authenticator type".
+
+get_missed_params(Actual, Expected) ->
+    Keys = lists:foldl(fun(Key, Acc) ->
+                           case maps:is_key(Key, Actual) of
+                               true -> Acc;
+                               false -> [Key | Acc]
+                           end
+                       end, [], Expected),
+    lists:reverse(Keys).
diff --git a/apps/emqx_authn/src/emqx_authn_app.erl b/apps/emqx_authn/src/emqx_authn_app.erl
new file mode 100644
index 000000000..9e60e5dda
--- /dev/null
+++ b/apps/emqx_authn/src/emqx_authn_app.erl
@@ -0,0 +1,80 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_app).
+
+-include("emqx_authn.hrl").
+-include_lib("emqx/include/logger.hrl").
+
+-behaviour(application).
+
+-emqx_plugin(?MODULE).
+
+%% Application callbacks
+-export([ start/2
+        , stop/1
+        ]).
+
+start(_StartType, _StartArgs) ->
+    {ok, Sup} = emqx_authn_sup:start_link(),
+    ok = ekka_rlog:wait_for_shards([?AUTH_SHARD], infinity),
+    initialize(),
+    {ok, Sup}.
+
+stop(_State) ->
+    ok.
+
+initialize() ->
+    ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?APP]) ++ ".conf",
+    {ok, RawConfig} = hocon:load(ConfFile),
+    #{authn := #{chains := Chains,
+                 bindings := Bindings}}
+        = hocon_schema:check_plain(emqx_authn_schema, RawConfig, #{atom_key => true, nullable => true}),
+    initialize_chains(Chains),
+    initialize_bindings(Bindings).
+
+initialize_chains([]) ->
+    ok;
+initialize_chains([#{id := ChainID,
+                     type := Type,
+                     authenticators := Authenticators} | More]) ->
+    case emqx_authn:create_chain(#{id => ChainID,
+                                   type => Type}) of
+        {ok, _} ->
+            initialize_authenticators(ChainID, Authenticators),
+            initialize_chains(More);
+        {error, Reason} ->
+            ?LOG(error, "Failed to create chain '~s': ~p", [ChainID, Reason])
+    end.
+
+initialize_authenticators(_ChainID, []) ->
+    ok;
+initialize_authenticators(ChainID, [#{name := Name} = Authenticator | More]) ->
+    case emqx_authn:create_authenticator(ChainID, Authenticator) of
+        {ok, _} ->
+            initialize_authenticators(ChainID, More);
+        {error, Reason} ->
+            ?LOG(error, "Failed to create authenticator '~s' in chain '~s': ~p", [Name, ChainID, Reason])
+    end.
+
+initialize_bindings([]) ->
+    ok;
+initialize_bindings([#{chain_id := ChainID, listeners := Listeners} | More]) ->
+    case emqx_authn:bind(Listeners, ChainID) of
+        ok -> initialize_bindings(More);
+        {error, Reason} ->
+           ?LOG(error, "Failed to bind: ~p", [Reason])
+    end.
diff --git a/apps/emqx_authn/src/emqx_authn_schema.erl b/apps/emqx_authn/src/emqx_authn_schema.erl
new file mode 100644
index 000000000..0464350dd
--- /dev/null
+++ b/apps/emqx_authn/src/emqx_authn_schema.erl
@@ -0,0 +1,114 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_schema).
+
+-include("emqx_authn.hrl").
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([structs/0, fields/1]).
+
+-reflect_type([ chain_id/0
+              , authenticator_name/0
+              ]).
+
+structs() -> [authn].
+
+fields(authn) ->
+    [ {chains, fun chains/1}
+    , {bindings, fun bindings/1}];
+
+fields('simple-chain') ->
+    [ {id, fun chain_id/1}
+    , {type, {enum, [simple]}}
+    , {authenticators, fun simple_authenticators/1}
+    ];
+
+% fields('enhanced-chain') ->
+%     [ {id, fun chain_id/1}
+%     , {type, {enum, [enhanced]}}
+%     , {authenticators, fun enhanced_authenticators/1}
+%     ];
+
+fields(binding) ->
+    [ {chain_id, fun chain_id/1}
+    , {listeners, fun listeners/1}
+    ];
+
+fields('built-in-database') ->
+    [ {name, fun authenticator_name/1}
+    , {type, {enum, ['built-in-database']}}
+    , {config, hoconsc:t(hoconsc:ref(emqx_authn_mnesia, config))}
+    ];
+
+% fields('enhanced-built-in-database') ->
+%     [ {name, fun authenticator_name/1}
+%     , {type, {enum, ['built-in-database']}}
+%     , {config, hoconsc:t(hoconsc:ref(emqx_enhanced_authn_mnesia, config))}
+%     ];
+
+fields(jwt) ->
+    [ {name, fun authenticator_name/1}
+    , {type, {enum, [jwt]}}
+    , {config, hoconsc:t(hoconsc:ref(emqx_authn_jwt, config))}
+    ];
+
+fields(mysql) ->
+    [ {name, fun authenticator_name/1}
+    , {type, {enum, [mysql]}}
+    , {config, hoconsc:t(hoconsc:ref(emqx_authn_mysql, config))}
+    ];
+
+fields(pgsql) ->
+    [ {name, fun authenticator_name/1}
+    , {type, {enum, [postgresql]}}
+    , {config, hoconsc:t(hoconsc:ref(emqx_authn_pgsql, config))}
+    ].
+
+chains(type) -> hoconsc:array({union, [hoconsc:ref('simple-chain')]});
+chains(default) -> [];
+chains(_) -> undefined.
+
+chain_id(type) -> chain_id();
+chain_id(nullable) -> false;
+chain_id(_) -> undefined.
+
+simple_authenticators(type) ->
+    hoconsc:array({union, [ hoconsc:ref('built-in-database')
+                          , hoconsc:ref(jwt)
+                          , hoconsc:ref(mysql)
+                          , hoconsc:ref(pgsql)]});
+simple_authenticators(default) -> [];
+simple_authenticators(_) -> undefined.
+
+% enhanced_authenticators(type) ->
+%     hoconsc:array({union, [hoconsc:ref('enhanced-built-in-database')]});
+% enhanced_authenticators(default) -> [];
+% enhanced_authenticators(_) -> undefined.
+
+authenticator_name(type) -> authenticator_name();
+authenticator_name(nullable) -> false;
+authenticator_name(_) -> undefined.
+
+bindings(type) -> hoconsc:array(hoconsc:ref(binding));
+bindings(default) -> [];
+bindings(_) -> undefined.
+
+listeners(type) -> hoconsc:array(binary());
+listeners(default) -> [];
+listeners(_) -> undefined.
diff --git a/apps/emqx_authentication/src/emqx_authentication_sup.erl b/apps/emqx_authn/src/emqx_authn_sup.erl
similarity index 96%
rename from apps/emqx_authentication/src/emqx_authentication_sup.erl
rename to apps/emqx_authn/src/emqx_authn_sup.erl
index 06e12ce6c..bb26af0ad 100644
--- a/apps/emqx_authentication/src/emqx_authentication_sup.erl
+++ b/apps/emqx_authn/src/emqx_authn_sup.erl
@@ -14,7 +14,7 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
--module(emqx_authentication_sup).
+-module(emqx_authn_sup).
 
 -behaviour(supervisor).
 
diff --git a/apps/emqx_authn/src/emqx_authn_utils.erl b/apps/emqx_authn/src/emqx_authn_utils.erl
new file mode 100644
index 000000000..98e27e76c
--- /dev/null
+++ b/apps/emqx_authn/src/emqx_authn_utils.erl
@@ -0,0 +1,55 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_utils).
+
+-export([ replace_placeholder/2
+        ]).
+
+%%------------------------------------------------------------------------------
+%% APIs
+%%------------------------------------------------------------------------------
+
+replace_placeholder(PlaceHolders, Data) ->
+    replace_placeholder(PlaceHolders, Data, []).
+
+replace_placeholder([], _Data, Acc) ->
+    lists:reverse(Acc);
+replace_placeholder([<<"${mqtt-username}">> | More], #{username := Username} = Data, Acc) ->
+    replace_placeholder(More, Data, [convert_to_sql_param(Username) | Acc]);
+replace_placeholder([<<"${mqtt-clientid}">> | More], #{clientid := ClientID} = Data, Acc) ->
+    replace_placeholder(More, Data, [convert_to_sql_param(ClientID) | Acc]);
+replace_placeholder([<<"${ip-address}">> | More], #{peerhost := IPAddress} = Data, Acc) ->
+    replace_placeholder(More, Data, [convert_to_sql_param(IPAddress) | Acc]);
+replace_placeholder([<<"${cert-subject}">> | More], #{dn := Subject} = Data, Acc) ->
+    replace_placeholder(More, Data, [convert_to_sql_param(Subject) | Acc]);
+replace_placeholder([<<"${cert-common-name}">> | More], #{cn := CommonName} = Data, Acc) ->
+    replace_placeholder(More, Data, [convert_to_sql_param(CommonName) | Acc]);
+replace_placeholder([_ | More], Data, Acc) ->
+    replace_placeholder(More, Data, [null | Acc]).
+
+%%------------------------------------------------------------------------------
+%% Internal functions
+%%------------------------------------------------------------------------------
+
+convert_to_sql_param(undefined) ->
+    null;
+convert_to_sql_param(V) ->
+    bin(V).
+
+bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
+bin(L) when is_list(L) -> list_to_binary(L);
+bin(X) -> X.
diff --git a/apps/emqx_authentication/src/emqx_authentication_app.erl b/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_mnesia.erl
similarity index 63%
rename from apps/emqx_authentication/src/emqx_authentication_app.erl
rename to apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_mnesia.erl
index 3bea3c3d6..207e93495 100644
--- a/apps/emqx_authentication/src/emqx_authentication_app.erl
+++ b/apps/emqx_authn/src/enhanced_authn/emqx_enhanced_authn_mnesia.erl
@@ -14,24 +14,4 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
--module(emqx_authentication_app).
-
--behaviour(application).
-
--emqx_plugin(?MODULE).
-
--include("emqx_authentication.hrl").
-
-%% Application callbacks
--export([ start/2
-        , stop/1
-        ]).
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqx_authentication_sup:start_link(),
-    ok = ekka_rlog:wait_for_shards([?AUTH_SHARD], infinity),
-    ok = emqx_authentication:register_service_types(),
-    {ok, Sup}.
-
-stop(_State) ->
-    ok.
+-module(emqx_enhanced_authn_mnesia).
diff --git a/apps/emqx_authentication/src/emqx_authentication_jwks_connector.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_jwks_connector.erl
similarity index 87%
rename from apps/emqx_authentication/src/emqx_authentication_jwks_connector.erl
rename to apps/emqx_authn/src/simple_authn/emqx_authn_jwks_connector.erl
index 9dafc9f5e..95e4b3d6d 100644
--- a/apps/emqx_authentication/src/emqx_authentication_jwks_connector.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_jwks_connector.erl
@@ -14,7 +14,7 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
--module(emqx_authentication_jwks_connector).
+-module(emqx_authn_jwks_connector).
 
 -behaviour(gen_server).
 
@@ -125,23 +125,17 @@ code_change(_OldVsn, State, _Extra) ->
 %% Internal functions
 %%--------------------------------------------------------------------
 
-handle_options(Opts) ->
-    #{endpoint => proplists:get_value(jwks_endpoint, Opts),
-      refresh_interval => limit_refresh_interval(proplists:get_value(refresh_interval, Opts)),
-      ssl_opts => get_ssl_opts(Opts),
+handle_options(#{endpoint := Endpoint,
+                 refresh_interval := RefreshInterval0,
+                 ssl_opts := SSLOpts}) ->
+    #{endpoint => Endpoint,
+      refresh_interval => limit_refresh_interval(RefreshInterval0),
+      ssl_opts => maps:to_list(SSLOpts),
       jwks => [],
-      request_id => undefined}.
+      request_id => undefined};
 
-get_ssl_opts(Opts) ->
-    case proplists:get_value(enable_ssl, Opts) of
-        false -> [];
-        true ->
-            maps:to_list(maps:with([cacertfile,
-                                    keyfile,
-                                    certfile,
-                                    verify,
-                                    server_name_indication], maps:from_list(Opts)))
-    end.
+handle_options(#{enable_ssl := false} = Opts) ->
+    handle_options(Opts#{ssl_opts => #{}}).
 
 refresh_jwks(#{endpoint := Endpoint,
                ssl_opts := SSLOpts} = State) ->
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
new file mode 100644
index 000000000..f737d5168
--- /dev/null
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
@@ -0,0 +1,343 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_jwt).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+        , fields/1
+        , validations/0
+        ]).
+
+-export([ create/3
+        , update/4
+        , authenticate/2
+        , destroy/1
+        ]).
+
+%%------------------------------------------------------------------------------
+%% Hocon Schema
+%%------------------------------------------------------------------------------
+
+structs() -> [config].
+
+fields("") ->
+    [{config, {union, [ hoconsc:t('hmac-based')
+                      , hoconsc:t('public-key')
+                      , hoconsc:t('jwks')
+                      , hoconsc:t('jwks-using-ssl')
+                      ]}}];
+
+fields(config) ->
+    [{union, [ hoconsc:t('hmac-based')
+             , hoconsc:t('public-key')
+             , hoconsc:t('jwks')
+             , hoconsc:t('jwks-using-ssl')
+             ]}];
+
+fields('hmac-based') ->
+    [ {use_jwks,              {enum, [false]}}
+    , {algorithm,             {enum, ['hmac-based']}}
+    , {secret,                fun secret/1}
+    , {secret_base64_encoded, fun secret_base64_encoded/1}
+    , {verify_claims,         fun verify_claims/1}
+    ];
+
+fields('public-key') ->
+    [ {use_jwks,              {enum, [false]}}
+    , {algorithm,             {enum, ['public-key']}}
+    , {certificate,           fun certificate/1}
+    , {verify_claims,         fun verify_claims/1}
+    ];
+
+fields('jwks') ->
+    [ {enable_ssl,            {enum, [false]}}
+    ] ++ jwks_fields();
+
+fields('jwks-using-ssl') ->
+    [ {enable_ssl,            {enum, [true]}}
+    , {ssl_opts,              fun ssl_opts/1}
+    ] ++ jwks_fields();
+
+fields(ssl_opts) ->
+    [ {cacertfile,             fun cacertfile/1}
+    , {certfile,               fun certfile/1}
+    , {keyfile,                fun keyfile/1}
+    , {verify,                 fun verify/1}
+    , {server_name_indication, fun server_name_indication/1}
+    ];
+
+fields(claim) ->
+    [ {"$name", fun expected_claim_value/1} ].
+
+validations() ->
+    [ {check_verify_claims, fun check_verify_claims/1} ].
+
+jwks_fields() ->
+    [ {use_jwks,              {enum, [true]}}
+    , {endpoint,              fun endpoint/1}
+    , {refresh_interval,      fun refresh_interval/1}
+    , {verify_claims,         fun verify_claims/1}
+    ].
+
+secret(type) -> string();
+secret(_) -> undefined.
+
+secret_base64_encoded(type) -> boolean();
+secret_base64_encoded(defualt) -> false;
+secret_base64_encoded(_) -> undefined.
+
+certificate(type) -> string();
+certificate(_) -> undefined.
+
+endpoint(type) -> string();
+endpoint(_) -> undefined.
+
+ssl_opts(type) -> hoconsc:t(hoconsc:ref(ssl_opts));
+ssl_opts(default) -> [];
+ssl_opts(_) -> undefined.
+
+refresh_interval(type) -> integer();
+refresh_interval(default) -> 300;
+refresh_interval(validator) -> [fun(I) -> I > 0 end];
+refresh_interval(_) -> undefined.
+
+cacertfile(type) -> string();
+cacertfile(_) -> undefined.
+
+certfile(type) -> string();
+certfile(_) -> undefined.
+
+keyfile(type) -> string();
+keyfile(_) -> undefined.
+
+verify(type) -> boolean();
+verify(default) -> false;
+verify(_) -> undefined.
+
+server_name_indication(type) -> string();
+server_name_indication(_) -> undefined.
+
+verify_claims(type) -> hoconsc:array(hoconsc:ref(claim));
+verify_claims(default) -> [];
+verify_claims(_) -> undefined.
+
+expected_claim_value(type) -> string();
+expected_claim_value(_) -> undefined.
+
+%%------------------------------------------------------------------------------
+%% APIs
+%%------------------------------------------------------------------------------
+
+create(_ChainID, _AuthenticatorName, Config) ->
+    create(Config).
+
+update(_ChainID, _AuthenticatorName, #{use_jwks := false} = Config, #{jwk := Connector})
+  when is_pid(Connector) ->
+    _ = emqx_authn_jwks_connector:stop(Connector),
+    create(Config);
+
+update(_ChainID, _AuthenticatorName, #{use_jwks := false} = Config, _) ->
+    create(Config);
+
+update(_ChainID, _AuthenticatorName, #{use_jwks := true} = Config, #{jwk := Connector} = State)
+  when is_pid(Connector) ->
+    ok = emqx_authn_jwks_connector:update(Connector, Config),
+    case maps:get(verify_cliams, Config, undefined) of
+        undefined ->
+            {ok, State};
+        VerifyClaims ->
+            {ok, State#{verify_claims => handle_verify_claims(VerifyClaims)}}
+    end;
+
+update(_ChainID, _AuthenticatorName, #{use_jwks := true} = Config, _) ->
+    create(Config).
+
+authenticate(ClientInfo = #{password := JWT}, #{jwk := JWK,
+                                                verify_claims := VerifyClaims0}) ->
+    JWKs = case erlang:is_pid(JWK) of
+               false ->
+                   [JWK];
+               true ->
+                   {ok, JWKs0} = emqx_authn_jwks_connector:get_jwks(JWK),
+                   JWKs0
+           end,
+    VerifyClaims = replace_placeholder(VerifyClaims0, ClientInfo),
+    case verify(JWT, JWKs, VerifyClaims) of
+        ok -> ok;
+        {error, invalid_signature} -> ignore;
+        {error, {claims, _}} -> {stop, bad_password}
+    end.
+
+destroy(#{jwk := Connector}) when is_pid(Connector) ->
+    _ = emqx_authn_jwks_connector:stop(Connector),
+    ok;
+destroy(_) ->
+    ok.
+
+%%--------------------------------------------------------------------
+%% Internal functions
+%%--------------------------------------------------------------------
+
+create(#{verify_claims := VerifyClaims} = Config) ->
+    create2(Config#{verify_claims => handle_verify_claims(VerifyClaims)}).
+
+create2(#{use_jwks := false,
+          algorithm := 'hmac-based',
+          secret := Secret0,
+          secret_base64_encoded := Base64Encoded,
+          verify_claims := VerifyClaims}) ->
+    Secret = case Base64Encoded of
+                 true ->
+                     base64:decode(Secret0);
+                 false ->
+                     Secret0
+             end,
+    JWK = jose_jwk:from_oct(Secret),
+    {ok, #{jwk => JWK,
+           verify_claims => VerifyClaims}};
+
+create2(#{use_jwks := false,
+          algorithm := 'public-key',
+          certificate := Certificate,
+          verify_claims := VerifyClaims}) ->
+    JWK = jose_jwk:from_pem_file(Certificate),
+    {ok, #{jwk => JWK,
+           verify_claims => VerifyClaims}};
+
+create2(#{use_jwks := true,
+          verify_claims := VerifyClaims} = Config) ->
+    case emqx_authn_jwks_connector:start_link(Config) of
+        {ok, Connector} ->
+            {ok, #{jwk => Connector,
+                   verify_claims => VerifyClaims}};
+        {error, Reason} ->
+            {error, Reason}
+    end.
+
+replace_placeholder(L, Variables) ->
+    replace_placeholder(L, Variables, []).
+
+replace_placeholder([], _Variables, Acc) ->
+    Acc;
+replace_placeholder([{Name, {placeholder, PL}} | More], Variables, Acc) ->
+    Value = maps:get(PL, Variables),
+    replace_placeholder(More, Variables, [{Name, Value} | Acc]);
+replace_placeholder([{Name, Value} | More], Variables, Acc) ->
+    replace_placeholder(More, Variables, [{Name, Value} | Acc]).
+
+verify(_JWS, [], _VerifyClaims) ->
+    {error, invalid_signature};
+verify(JWS, [JWK | More], VerifyClaims) ->
+    try jose_jws:verify(JWK, JWS) of
+        {true, Payload, _JWS} ->
+            Claims = emqx_json:decode(Payload, [return_maps]),
+            verify_claims(Claims, VerifyClaims);
+        {false, _, _} ->
+            verify(JWS, More, VerifyClaims)
+    catch
+        _:_Reason:_Stacktrace ->
+            %% TODO: Add log
+            {error, invalid_signature}
+    end.
+
+verify_claims(Claims, VerifyClaims0) ->
+    Now = os:system_time(seconds),
+    VerifyClaims = [{<<"exp">>, fun(ExpireTime) ->
+                                    Now < ExpireTime
+                                end},
+                    {<<"iat">>, fun(IssueAt) ->
+                                    IssueAt =< Now
+                                end},
+                    {<<"nbf">>, fun(NotBefore) ->
+                                    NotBefore =< Now
+                                end}] ++ VerifyClaims0,
+    do_verify_claims(Claims, VerifyClaims).
+
+do_verify_claims(_Claims, []) ->
+    ok;
+do_verify_claims(Claims, [{Name, Fun} | More]) when is_function(Fun) ->
+    case maps:take(Name, Claims) of
+        error ->
+            do_verify_claims(Claims, More);
+        {Value, NClaims} ->
+            case Fun(Value) of
+                true ->
+                    do_verify_claims(NClaims, More);
+                _ ->
+                    {error, {claims, {Name, Value}}}
+            end
+    end;
+do_verify_claims(Claims, [{Name, Value} | More]) ->
+    case maps:take(Name, Claims) of
+        error ->
+            {error, {missing_claim, Name}};
+        {Value, NClaims} ->
+            do_verify_claims(NClaims, More);
+        {Value0, _} ->
+            {error, {claims, {Name, Value0}}}
+    end.
+
+check_verify_claims([]) ->
+    false;
+check_verify_claims([{Name, Expected} | More]) ->
+    check_claim_name(Name) andalso
+    check_claim_expected(Expected) andalso
+    check_verify_claims(More).
+
+check_claim_name(exp) ->
+    false;
+check_claim_name(iat) ->
+    false;
+check_claim_name(nbf) ->
+    false;
+check_claim_name(_) ->
+    true.
+
+check_claim_expected(Expected) ->
+    try handle_placeholder(Expected) of
+        _ -> true
+    catch
+        _:_ ->
+            false
+    end.
+
+handle_verify_claims(VerifyClaims) ->
+    handle_verify_claims(VerifyClaims, []).
+
+handle_verify_claims([], Acc) ->
+    Acc;
+handle_verify_claims([{Name, Expected0} | More], Acc) ->
+    Expected = handle_placeholder(Expected0),
+    handle_verify_claims(More, [{Name, Expected} | Acc]).
+
+handle_placeholder(Placeholder0) ->
+    case re:run(Placeholder0, "^\\$\\{[a-z0-9\\-]+\\}$", [{capture, all}]) of
+        {match, [{Offset, Length}]} ->
+            Placeholder1 = binary:part(Placeholder0, Offset + 2, Length - 3),
+            Placeholder2 = validate_placeholder(Placeholder1),
+            {placeholder, Placeholder2};
+        nomatch ->
+            Placeholder0
+    end.
+
+validate_placeholder(<<"mqtt-clientid">>) ->
+    clientid;
+validate_placeholder(<<"mqtt-username">>) ->
+    username.
diff --git a/apps/emqx_authentication/src/emqx_authentication_mnesia.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
similarity index 80%
rename from apps/emqx_authentication/src/emqx_authentication_mnesia.erl
rename to apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
index 09307e38f..26b20c517 100644
--- a/apps/emqx_authentication/src/emqx_authentication_mnesia.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
@@ -14,9 +14,14 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
--module(emqx_authentication_mnesia).
+-module(emqx_authn_mnesia).
 
--include("emqx_authentication.hrl").
+-include("emqx_authn.hrl").
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0, fields/1 ]).
 
 -export([ create/3
         , update/4
@@ -32,29 +37,10 @@
         , list_users/1
         ]).
 
-%% TODO: support bcrypt
--service_type(#{
-    name => mnesia,
-    params_spec => #{
-        user_id_type => #{
-            order => 1,
-            type => string,
-            enum => [<<"username">>, <<"clientid">>, <<"ip">>, <<"common name">>, <<"issuer">>],
-            default => <<"username">>
-        },
-        password_hash_algorithm => #{
-            order => 2,
-            type => string,
-            enum => [<<"plain">>, <<"md5">>, <<"sha">>, <<"sha256">>, <<"sha512">>, <<"bcrypt">>],
-            default => <<"sha256">>
-        },
-        salt_rounds => #{
-            order => 3,
-            type => number,
-            default => 10
-        }
-    }
-}).
+-type user_id_type() :: clientid | username.
+
+-type user_group() :: {chain_id(), authenticator_name()}.
+-type user_id() :: binary().
 
 -record(user_info,
         { user_id :: {user_group(), user_id()}
@@ -62,8 +48,7 @@
         , salt :: binary()
         }).
 
--type(user_group() :: {chain_id(), service_name()}).
--type(user_id() :: binary()).
+-reflect_type([ user_id_type/0 ]).
 
 -export([mnesia/1]).
 
@@ -73,7 +58,6 @@
 -define(TAB, mnesia_basic_auth).
 
 -rlog_shard({?AUTH_SHARD, ?TAB}).
-
 %%------------------------------------------------------------------------------
 %% Mnesia bootstrap
 %%------------------------------------------------------------------------------
@@ -90,18 +74,61 @@ mnesia(boot) ->
 mnesia(copy) ->
     ok = ekka_mnesia:copy_table(?TAB, disc_copies).
 
-create(ChainID, ServiceName, #{<<"user_id_type">> := Type,
-                               <<"password_hash_algorithm">> := Algorithm,
-                               <<"salt_rounds">> := SaltRounds}) ->
-    Algorithm =:= <<"bcrypt">> andalso ({ok, _} = application:ensure_all_started(bcrypt)),
-    State = #{user_group => {ChainID, ServiceName},
-              user_id_type => binary_to_atom(Type, utf8),
-              password_hash_algorithm => binary_to_atom(Algorithm, utf8),
+%%------------------------------------------------------------------------------
+%% Hocon Schema
+%%------------------------------------------------------------------------------
+
+structs() -> [config].
+
+fields(config) ->
+    [ {user_id_type, fun user_id_type/1}
+    , {password_hash_algorithm, fun password_hash_algorithm/1}
+    ];
+
+fields(bcrypt) ->
+    [ {name, {enum, [bcrypt]}}
+    , {salt_rounds, fun salt_rounds/1}
+    ];
+
+fields(other_algorithms) ->
+    [ {name, {enum, [plain, md5, sha, sha256, sha512]}}
+    ].
+
+user_id_type(type) -> user_id_type();
+user_id_type(default) -> clientid;
+user_id_type(_) -> undefined.
+
+password_hash_algorithm(type) -> {union, [hoconsc:ref(bcrypt), hoconsc:ref(other_algorithms)]};
+password_hash_algorithm(default) -> sha256;
+password_hash_algorithm(_) -> undefined.
+
+salt_rounds(type) -> integer();
+salt_rounds(default) -> 10;
+salt_rounds(_) -> undefined.
+
+%%------------------------------------------------------------------------------
+%% APIs
+%%------------------------------------------------------------------------------
+
+create(ChainID, AuthenticatorName, #{user_id_type := Type,
+                                     password_hash_algorithm := #{name := bcrypt,
+                                                                  salt_rounds := SaltRounds}}) ->
+    {ok, _} = application:ensure_all_started(bcrypt),
+    State = #{user_group => {ChainID, AuthenticatorName},
+              user_id_type => Type,
+              password_hash_algorithm => bcrypt,
               salt_rounds => SaltRounds},
+    {ok, State};
+
+create(ChainID, AuthenticatorName, #{user_id_type := Type,
+                                     password_hash_algorithm := #{name := Name}}) ->
+    State = #{user_group => {ChainID, AuthenticatorName},
+              user_id_type => Type,
+              password_hash_algorithm => Name},
     {ok, State}.
 
-update(ChainID, ServiceName, Params, _State) ->
-    create(ChainID, ServiceName, Params).
+update(ChainID, AuthenticatorName, Config, _State) ->
+    create(ChainID, AuthenticatorName, Config).
 
 authenticate(ClientInfo = #{password := Password},
              #{user_group := UserGroup,
@@ -111,7 +138,11 @@ authenticate(ClientInfo = #{password := Password},
     case mnesia:dirty_read(?TAB, {UserGroup, UserID}) of
         [] ->
             ignore;
-        [#user_info{password_hash = PasswordHash, salt = Salt}] ->
+        [#user_info{password_hash = PasswordHash, salt = Salt0}] ->
+            Salt = case Algorithm of
+                       bcrypt -> PasswordHash;
+                       _ -> Salt0
+                   end,
             case PasswordHash =:= hash(Algorithm, Password, Salt) of
                 true -> ok;
                 false -> {stop, bad_password}
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
new file mode 100644
index 000000000..4fddcc3f7
--- /dev/null
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
@@ -0,0 +1,160 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_mysql).
+
+-include("emqx_authn.hrl").
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0, fields/1 ]).
+
+-export([ create/3
+        , update/4
+        , authenticate/2
+        , destroy/1
+        ]).
+
+%%------------------------------------------------------------------------------
+%% Hocon Schema
+%%------------------------------------------------------------------------------
+
+%% Config:
+%% host
+%% port
+%% username
+%% password
+%% database
+%% pool_size
+%% connect_timeout
+%% enable_ssl
+%% ssl_opts
+%%   cacertfile
+%%   certfile
+%%   keyfile
+%%   verify
+%%   servce_name_indication
+%%   tls_versions
+%%   ciphers
+%% password_hash_algorithm
+%% salt_position
+%% query
+%% query_timeout
+structs() -> [config].
+
+fields(config) ->
+    [ {password_hash_algorithm, fun password_hash_algorithm/1}
+    , {salt_position,           {enum, [prefix, suffix]}}
+    , {query,                   fun query/1}
+    , {query_timeout,           fun query_timeout/1}
+    ].
+
+password_hash_algorithm(type) -> string();
+password_hash_algorithm(_) -> undefined.
+
+query(type) -> string();
+query(nullable) -> false;
+query(_) -> undefined.
+
+query_timeout(type) -> integer();
+query_timeout(defualt) -> 5000;
+query_timeout(_) -> undefined.
+
+%%------------------------------------------------------------------------------
+%% APIs
+%%------------------------------------------------------------------------------
+
+create(ChainID, ServiceName, #{query := Query0,
+                               password_hash_algorithm := Algorithm} = Config) ->
+    {Query, PlaceHolders} = parse_query(Query0),
+    ResourceID = iolist_to_binary(io_lib:format("~s/~s",[ChainID, ServiceName])),
+    State = #{query => Query,
+              placeholders => PlaceHolders,
+              password_hash_algorithm => Algorithm},
+    case emqx_resource:create_local(ResourceID, emqx_connector_mysql, Config) of
+        {ok, _} ->
+            {ok, State#{resource_id => ResourceID}};
+        {error, already_created} ->
+            {ok, State#{resource_id => ResourceID}};
+        {error, Reason} ->
+            {error, Reason}
+    end.
+
+update(_ChainID, _ServiceName, Config, #{resource_id := ResourceID} = State) ->
+    case emqx_resource:update_local(ResourceID, emqx_connector_mysql, Config, []) of
+        {ok, _} -> {ok, State};
+        {error, Reason} -> {error, Reason}
+    end.
+
+authenticate(#{password := Password} = ClientInfo,
+             #{resource_id := ResourceID,
+               placeholders := PlaceHolders,
+               query := Query,
+               query_timeout := Timeout} = State) ->
+    Params = emqx_authn_utils:replace_placeholder(PlaceHolders, ClientInfo),
+    case emqx_resource:query(ResourceID, {sql, Query, Params, Timeout}) of
+        {ok, _Columns, []} -> ignore;
+        {ok, Columns, Rows} ->
+            %% TODO: Support superuser
+            Selected = maps:from_list(lists:zip(Columns, Rows)),
+            check_password(Password, Selected, State);
+        {error, _Reason} ->
+            ignore
+    end.
+
+destroy(#{resource_id := ResourceID}) ->
+    _ = emqx_resource:remove_local(ResourceID),
+    ok.
+    
+%%------------------------------------------------------------------------------
+%% Internal functions
+%%------------------------------------------------------------------------------
+
+check_password(undefined, _Algorithm, _Selected) ->
+    {stop, bad_password};
+check_password(Password,
+               #{password_hash := Hash},
+               #{password_hash_algorithm := bcrypt}) ->
+    {ok, Hash0} = bcrypt:hashpw(Password, Hash),
+    case list_to_binary(Hash0) =:= Hash of
+        true -> ok;
+        false -> {stop, bad_password}
+    end;
+check_password(Password,
+               #{password_hash := Hash} = Selected,
+               #{password_hash_algorithm := Algorithm,
+                 salt_position := SaltPosition}) ->
+    Salt = maps:get(salt, Selected, <<>>),
+    Hash0 = case SaltPosition of
+                prefix -> emqx_passwd:hash(Algorithm, <<Salt/binary, Password/binary>>);
+                suffix -> emqx_passwd:hash(Algorithm, <<Password/binary, Salt/binary>>)
+            end,
+    case Hash0 =:= Hash of
+        true -> ok;
+        false -> {stop, bad_password}
+    end.
+
+%% TODO: Support prepare
+parse_query(Query) ->
+    case re:run(Query, "\\$\\{[a-z0-9\\_]+\\}", [global, {capture, all, binary}]) of
+        {match, Captured} ->
+            PlaceHolders = [PlaceHolder || PlaceHolder <- Captured],
+            NQuery = re:replace(Query, "'\\$\\{[a-z0-9\\_]+\\}'", "?", [global, {return, binary}]),
+            {NQuery, PlaceHolders};
+        nomatch ->
+            {Query, []}
+    end.
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
new file mode 100644
index 000000000..8c250e216
--- /dev/null
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
@@ -0,0 +1,155 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_pgsql).
+
+-include("emqx_authn.hrl").
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0, fields/1 ]).
+
+-export([ create/3
+        , update/4
+        , authenticate/2
+        , destroy/1
+        ]).
+
+%%------------------------------------------------------------------------------
+%% Hocon Schema
+%%------------------------------------------------------------------------------
+
+%% Config:
+%% host
+%% port
+%% username
+%% password
+%% database
+%% pool_size
+%% connect_timeout
+%% enable_ssl
+%% cacertfile
+%% certfile
+%% keyfile
+%% verify
+%% servce_name_indication
+%% tls_versions
+%% ciphers
+%% password_hash_algorithm
+%% salt_position
+%% query
+structs() -> [config].
+
+fields(config) ->
+    [ {password_hash_algorithm, fun password_hash_algorithm/1}
+    , {salt_position, {enum, [prefix, suffix]}}
+    , {query, fun query/1}
+    ].
+
+password_hash_algorithm(type) -> string();
+password_hash_algorithm(_) -> undefined.
+
+query(type) -> string();
+query(nullable) -> false;
+query(_) -> undefined.
+
+%%------------------------------------------------------------------------------
+%% APIs
+%%------------------------------------------------------------------------------
+
+create(ChainID, ServiceName, #{query := Query0,
+                               password_hash_algorithm := Algorithm} = Config) ->
+    {Query, PlaceHolders} = parse_query(Query0),
+    ResourceID = iolist_to_binary(io_lib:format("~s/~s",[ChainID, ServiceName])),
+    State = #{query => Query,
+              placeholders => PlaceHolders,
+              password_hash_algorithm => Algorithm},
+    case emqx_resource:create_local(ResourceID, emqx_connector_pgsql, Config) of
+        {ok, _} ->
+            {ok, State#{resource_id => ResourceID}};
+        {error, already_created} ->
+            {ok, State#{resource_id => ResourceID}};
+        {error, Reason} ->
+            {error, Reason}
+    end.
+
+update(_ChainID, _ServiceName, Config, #{resource_id := ResourceID} = State) ->
+    case emqx_resource:update_local(ResourceID, emqx_connector_pgsql, Config, []) of
+        {ok, _} -> {ok, State};
+        {error, Reason} -> {error, Reason}
+    end.
+
+authenticate(#{password := Password} = ClientInfo,
+             #{resource_id := ResourceID,
+               query := Query,
+               placeholders := PlaceHolders} = State) ->
+    Params = emqx_authn_utils:replace_placeholder(PlaceHolders, ClientInfo),
+    case emqx_resource:query(ResourceID, {sql, Query, Params}) of
+        {ok, _Columns, []} -> ignore;
+        {ok, Columns, Rows} ->
+            %% TODO: Support superuser
+            Selected = maps:from_list(lists:zip(Columns, Rows)),
+            check_password(Password, Selected, State);
+        {error, _Reason} ->
+            ignore
+    end.
+
+destroy(#{resource_id := ResourceID}) ->
+    _ = emqx_resource:remove_local(ResourceID),
+    ok.
+    
+%%------------------------------------------------------------------------------
+%% Internal functions
+%%------------------------------------------------------------------------------
+
+check_password(undefined, _Algorithm, _Selected) ->
+    {stop, bad_password};
+check_password(Password,
+               #{password_hash := Hash},
+               #{password_hash_algorithm := bcrypt}) ->
+    {ok, Hash0} = bcrypt:hashpw(Password, Hash),
+    case list_to_binary(Hash0) =:= Hash of
+        true -> ok;
+        false -> {stop, bad_password}
+    end;
+check_password(Password,
+               #{password_hash := Hash} = Selected,
+               #{password_hash_algorithm := Algorithm,
+                 salt_position := SaltPosition}) ->
+    Salt = maps:get(salt, Selected, <<>>),
+    Hash0 = case SaltPosition of
+                prefix -> emqx_passwd:hash(Algorithm, <<Salt/binary, Password/binary>>);
+                suffix -> emqx_passwd:hash(Algorithm, <<Password/binary, Salt/binary>>)
+            end,
+    case Hash0 =:= Hash of
+        true -> ok;
+        false -> {stop, bad_password}
+    end.
+
+%% TODO: Support prepare
+parse_query(Query) ->
+    case re:run(Query, "\\$\\{[a-z0-9\\_]+\\}", [global, {capture, all, binary}]) of
+        {match, Captured} ->
+            PlaceHolders = [PlaceHolder || PlaceHolder <- Captured],
+            Replacements = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(Captured))],
+            NQuery = lists:foldl(fun({PlaceHolder, Replacement}, Query0) ->
+                                     re:replace(Query0, <<"'\\", PlaceHolder/binary, "'">>, Replacement, [{return, binary}])
+                                 end, Query, lists:zip(PlaceHolders, Replacements)),
+            {NQuery, PlaceHolders};
+        nomatch ->
+            {Query, []}
+    end.
diff --git a/apps/emqx_authn/test/data/private_key.pem b/apps/emqx_authn/test/data/private_key.pem
new file mode 100644
index 000000000..318eefe27
--- /dev/null
+++ b/apps/emqx_authn/test/data/private_key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgHA+aGk+D/0J9ZAj3tQIAvDTnRvZNF0IeaTmJcBooxsY6Ze8PGFS
+QJ/+EJf1i1ffExeaIH99d3nwyBspNlihooGHvTVDeYsu15Htxpqig1L/+MphbZlF
+ClDXtzV0+GeZGoqeloHAXku3Qzk+hMxROalFtH+8GNp+/j2yir1Z9E2xAgMBAAEC
+gYBX7HsLncMWexux6nddbl0nWwyhyPZcvgvT4TjHTPAfhNdOtfQyZCUdbv5+mqip
+j6O8BE7ar2TMz5FgvVrF+O97LkYHNmZk0q3xtZlCYXp4BQqD6Wq65H5U4fAomalK
+xm7HsTCSVXx5CvnZK/JbkPw18QsgwrSHEFs+4Pf2noH+FQJBAL/bpPrkDOB476Iy
+RGnuCckUN1pdCU+UINC8oOWGNwsG6EE5ywlIWRXHtp4VMksG6mCLNJwGUAv2zWIs
+iEjZVfsCQQCVxOciTajTtYO5bPjkXoZoe4VKKXWMYv9AXXVCjq0ff/LjrnKJjbRm
+aoKQGhzjKHk5rgd9+Ydl6FnJw5K4B9dDAkEAtaHfQpZ7ildzpf4ovpBYO0EkViwW
+EHyPxI2PVTwHCC1126o3CYawr+nufSJcBqN5aAThvYRMa8cvEW5PZ4g52QJALF5L
+tt7Yz/crEciVp1nVaaiGISVNHIzLX28QaOpJoVZPR2ILrnJbaifNjBEgU69O0maa
+85fzo54E03/rvDcebwJAfTMgIyzFQK/ESnM43bUCI/Y5XAeKFBiN1YhCioNR4Hj7
+Lkw2RdrrPC9LV+gVJK0b7VUqR5odjdj7PN6SipuXNw==
+-----END RSA PRIVATE KEY-----
diff --git a/apps/emqx_authn/test/data/public_key.pem b/apps/emqx_authn/test/data/public_key.pem
new file mode 100644
index 000000000..b0b151981
--- /dev/null
+++ b/apps/emqx_authn/test/data/public_key.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgHA+aGk+D/0J9ZAj3tQIAvDTnRvZ
+NF0IeaTmJcBooxsY6Ze8PGFSQJ/+EJf1i1ffExeaIH99d3nwyBspNlihooGHvTVD
+eYsu15Htxpqig1L/+MphbZlFClDXtzV0+GeZGoqeloHAXku3Qzk+hMxROalFtH+8
+GNp+/j2yir1Z9E2xAgMBAAE=
+-----END PUBLIC KEY-----
diff --git a/apps/emqx_authentication/test/data/user-credentials.csv b/apps/emqx_authn/test/data/user-credentials.csv
similarity index 100%
rename from apps/emqx_authentication/test/data/user-credentials.csv
rename to apps/emqx_authn/test/data/user-credentials.csv
diff --git a/apps/emqx_authentication/test/data/user-credentials.json b/apps/emqx_authn/test/data/user-credentials.json
similarity index 100%
rename from apps/emqx_authentication/test/data/user-credentials.json
rename to apps/emqx_authn/test/data/user-credentials.json
diff --git a/apps/emqx_authn/test/emqx_authn_SUITE.erl b/apps/emqx_authn/test/emqx_authn_SUITE.erl
new file mode 100644
index 000000000..17c08cc70
--- /dev/null
+++ b/apps/emqx_authn/test/emqx_authn_SUITE.erl
@@ -0,0 +1,142 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_SUITE).
+
+-compile(export_all).
+-compile(nowarn_export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("eunit/include/eunit.hrl").
+
+-define(AUTH, emqx_authn).
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+init_per_suite(Config) ->
+    application:set_env(ekka, strict_mode, true),
+    emqx_ct_helpers:start_apps([emqx_authn], fun set_special_configs/1),
+    Config.
+
+end_per_suite(_) ->
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_authn.conf')),
+    emqx_ct_helpers:stop_apps([emqx_authn]),
+    ok.
+
+set_special_configs(emqx_authn) ->
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authn, "test")),
+    Conf = #{<<"authn">> => #{<<"chains">> => [], <<"bindings">> => []}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_authn.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
+t_chain(_) ->
+    ChainID = <<"mychain">>,
+    Chain = #{id => ChainID,
+              type => simple},
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:create_chain(Chain)),
+    ?assertEqual({error, {already_exists, {chain, ChainID}}}, ?AUTH:create_chain(Chain)),
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:lookup_chain(ChainID)),
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ?assertMatch({error, {not_found, {chain, ChainID}}}, ?AUTH:lookup_chain(ChainID)),
+    ok.
+
+t_binding(_) ->
+    Listener1 = <<"listener1">>,
+    Listener2 = <<"listener2">>,
+    ChainID = <<"mychain">>,
+
+    ?assertEqual({error, {not_found, {chain, ChainID}}}, ?AUTH:bind(ChainID, [Listener1])),
+
+    Chain = #{id => ChainID,
+              type => simple},
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:create_chain(Chain)),
+
+    ?assertEqual(ok, ?AUTH:bind(ChainID, [Listener1])),
+    ?assertEqual(ok, ?AUTH:bind(ChainID, [Listener2])),
+    ?assertEqual({error, {already_bound, [Listener1]}}, ?AUTH:bind(ChainID, [Listener1])),
+    {ok, #{listeners := Listeners}} = ?AUTH:list_bindings(ChainID),
+    ?assertEqual(2, length(Listeners)),
+    ?assertMatch({ok, #{simple := ChainID}}, ?AUTH:list_bound_chains(Listener1)),
+
+    ?assertEqual(ok, ?AUTH:unbind(ChainID, [Listener1])),
+    ?assertEqual(ok, ?AUTH:unbind(ChainID, [Listener2])),
+    ?assertEqual({error, {not_found, [Listener1]}}, ?AUTH:unbind(ChainID, [Listener1])),
+
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ok.
+
+t_binding2(_) ->
+    ChainID = <<"mychain">>,
+    Chain = #{id => ChainID,
+              type => simple},
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:create_chain(Chain)),
+
+    Listener1 = <<"listener1">>,
+    Listener2 = <<"listener2">>,
+
+    ?assertEqual(ok, ?AUTH:bind(ChainID, [Listener1, Listener2])),
+    {ok, #{listeners := Listeners}} = ?AUTH:list_bindings(ChainID),
+    ?assertEqual(2, length(Listeners)),
+    ?assertEqual(ok, ?AUTH:unbind(ChainID, [Listener1, Listener2])),
+    ?assertMatch({ok, #{listeners := []}}, ?AUTH:list_bindings(ChainID)),
+
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ok.
+
+t_authenticator(_) ->
+    ChainID = <<"mychain">>,
+    Chain = #{id => ChainID,
+              type => simple},
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:create_chain(Chain)),
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:lookup_chain(ChainID)),
+
+    AuthenticatorName1 = <<"myauthenticator1">>,
+    AuthenticatorConfig1 = #{name => AuthenticatorName1,
+                             type => 'built-in-database',
+                             config => #{
+                                 user_id_type => username,
+                                 password_hash_algorithm => #{
+                                     name => sha256
+                                 }}},
+    ?assertEqual({ok, AuthenticatorConfig1}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig1)),
+    ?assertEqual({ok, AuthenticatorConfig1}, ?AUTH:lookup_authenticator(ChainID, AuthenticatorName1)),
+    ?assertEqual({ok, [AuthenticatorConfig1]}, ?AUTH:list_authenticators(ChainID)),
+    ?assertEqual({error, {already_exists, {authenticator, AuthenticatorName1}}}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig1)),
+
+    AuthenticatorName2 = <<"myauthenticator2">>,
+    AuthenticatorConfig2 = AuthenticatorConfig1#{name => AuthenticatorName2},
+    ?assertEqual({ok, AuthenticatorConfig2}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig2)),
+    ?assertMatch({ok, #{id := ChainID, authenticators := [AuthenticatorConfig1, AuthenticatorConfig2]}}, ?AUTH:lookup_chain(ChainID)),
+    ?assertEqual({ok, AuthenticatorConfig2}, ?AUTH:lookup_authenticator(ChainID, AuthenticatorName2)),
+    ?assertEqual({ok, [AuthenticatorConfig1, AuthenticatorConfig2]}, ?AUTH:list_authenticators(ChainID)),
+
+    ?assertEqual(ok, ?AUTH:move_authenticator_to_the_front(ChainID, AuthenticatorName2)),
+    ?assertEqual({ok, [AuthenticatorConfig2, AuthenticatorConfig1]}, ?AUTH:list_authenticators(ChainID)),
+    ?assertEqual(ok, ?AUTH:move_authenticator_to_the_end(ChainID, AuthenticatorName2)),
+    ?assertEqual({ok, [AuthenticatorConfig1, AuthenticatorConfig2]}, ?AUTH:list_authenticators(ChainID)),
+    ?assertEqual(ok, ?AUTH:move_authenticator_to_the_nth(ChainID, AuthenticatorName2, 1)),
+    ?assertEqual({ok, [AuthenticatorConfig2, AuthenticatorConfig1]}, ?AUTH:list_authenticators(ChainID)),
+    ?assertEqual({error, out_of_range}, ?AUTH:move_authenticator_to_the_nth(ChainID, AuthenticatorName2, 3)),
+    ?assertEqual({error, out_of_range}, ?AUTH:move_authenticator_to_the_nth(ChainID, AuthenticatorName2, 0)),
+    ?assertEqual(ok, ?AUTH:delete_authenticator(ChainID, AuthenticatorName1)),
+    ?assertEqual(ok, ?AUTH:delete_authenticator(ChainID, AuthenticatorName2)),
+    ?assertEqual({ok, []}, ?AUTH:list_authenticators(ChainID)),
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ok.
diff --git a/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl b/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl
new file mode 100644
index 000000000..27f34f936
--- /dev/null
+++ b/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl
@@ -0,0 +1,182 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_jwt_SUITE).
+
+-compile(export_all).
+-compile(nowarn_export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("eunit/include/eunit.hrl").
+
+-define(AUTH, emqx_authn).
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+init_per_suite(Config) ->
+    emqx_ct_helpers:start_apps([emqx_authn], fun set_special_configs/1),
+    Config.
+
+end_per_suite(_) ->
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_authn.conf')),
+    emqx_ct_helpers:stop_apps([emqx_authn]),
+    ok.
+
+set_special_configs(emqx_authn) ->
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authn, "test")),
+    Conf = #{<<"authn">> => #{<<"chains">> => [], <<"bindings">> => []}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_authn.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
+t_jwt_authenticator(_) ->
+    ChainID = <<"mychain">>,
+    Chain = #{id => ChainID,
+              type => simple},
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:create_chain(Chain)),
+
+    AuthenticatorName = <<"myauthenticator">>,
+    Config = #{use_jwks => false,
+               algorithm => 'hmac-based',
+               secret => <<"abcdef">>,
+               secret_base64_encoded => false,
+               verify_claims => []},
+    AuthenticatorConfig = #{name => AuthenticatorName,
+                            type => jwt,
+                            config => Config},
+    ?assertEqual({ok, AuthenticatorConfig}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig)),
+
+    ListenerID = <<"listener1">>,
+    ?AUTH:bind(ChainID, [ListenerID]),
+
+    Payload = #{<<"username">> => <<"myuser">>},
+    JWS = generate_jws('hmac-based', Payload, <<"abcdef">>),
+    ClientInfo = #{listener_id => ListenerID,
+			       username => <<"myuser">>,
+			       password => JWS},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo)),
+
+    BadJWS = generate_jws('hmac-based', Payload, <<"bad_secret">>),
+    ClientInfo2 = ClientInfo#{password => BadJWS},
+    ?assertEqual({error, user_not_found}, ?AUTH:authenticate(ClientInfo2)),
+
+    %% secret_base64_encoded
+    Config2 = Config#{secret => base64:encode(<<"abcdef">>),
+                      secret_base64_encoded => true},
+    ?assertMatch({ok, _}, ?AUTH:update_authenticator(ChainID, AuthenticatorName, Config2)),
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo)),
+
+    Config3 = Config#{verify_claims => [{<<"username">>, <<"${mqtt-username}">>}]},
+    ?assertMatch({ok, _}, ?AUTH:update_authenticator(ChainID, AuthenticatorName, Config3)),
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo)),
+    ?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo#{username => <<"otheruser">>})),
+
+    %% Expiration
+    Payload3 = #{ <<"username">> => <<"myuser">>
+                , <<"exp">> => erlang:system_time(second) - 60},
+    JWS3 = generate_jws('hmac-based', Payload3, <<"abcdef">>),
+    ClientInfo3 = ClientInfo#{password => JWS3},
+    ?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo3)),
+
+    Payload4 = #{ <<"username">> => <<"myuser">>
+                , <<"exp">> => erlang:system_time(second) + 60},
+    JWS4 = generate_jws('hmac-based', Payload4, <<"abcdef">>),
+    ClientInfo4 = ClientInfo#{password => JWS4},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo4)),
+
+    %% Issued At
+    Payload5 = #{ <<"username">> => <<"myuser">>
+                , <<"iat">> => erlang:system_time(second) - 60},
+    JWS5 = generate_jws('hmac-based', Payload5, <<"abcdef">>),
+    ClientInfo5 = ClientInfo#{password => JWS5},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo5)),
+
+    Payload6 = #{ <<"username">> => <<"myuser">>
+                , <<"iat">> => erlang:system_time(second) + 60},
+    JWS6 = generate_jws('hmac-based', Payload6, <<"abcdef">>),
+    ClientInfo6 = ClientInfo#{password => JWS6},
+    ?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo6)),
+
+    %% Not Before
+    Payload7 = #{ <<"username">> => <<"myuser">>
+                , <<"nbf">> => erlang:system_time(second) - 60},
+    JWS7 = generate_jws('hmac-based', Payload7, <<"abcdef">>),
+    ClientInfo7 = ClientInfo#{password => JWS7},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo7)),
+
+    Payload8 = #{ <<"username">> => <<"myuser">>
+                , <<"nbf">> => erlang:system_time(second) + 60},
+    JWS8 = generate_jws('hmac-based', Payload8, <<"abcdef">>),
+    ClientInfo8 = ClientInfo#{password => JWS8},
+    ?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo8)),
+
+    ?AUTH:unbind([ListenerID], ChainID),
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ok.
+
+t_jwt_authenticator2(_) ->
+    ChainID = <<"mychain">>,
+    Chain = #{id => ChainID,
+              type => simple},
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:create_chain(Chain)),
+
+    Dir = code:lib_dir(emqx_authn, test),
+    PublicKey = list_to_binary(filename:join([Dir, "data/public_key.pem"])),
+    PrivateKey = list_to_binary(filename:join([Dir, "data/private_key.pem"])),
+    AuthenticatorName = <<"myauthenticator">>,
+    Config = #{use_jwks => false,
+               algorithm => 'public-key',
+               certificate => PublicKey,
+               verify_claims => []},
+    AuthenticatorConfig = #{name => AuthenticatorName,
+                            type => jwt,
+                            config => Config},
+    ?assertEqual({ok, AuthenticatorConfig}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig)),
+
+    ListenerID = <<"listener1">>,
+    ?AUTH:bind(ChainID, [ListenerID]),
+
+    Payload = #{<<"username">> => <<"myuser">>},
+    JWS = generate_jws('public-key', Payload, PrivateKey),
+    ClientInfo = #{listener_id => ListenerID,
+			       username => <<"myuser">>,
+			       password => JWS},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo)),
+    ?assertEqual({error, user_not_found}, ?AUTH:authenticate(ClientInfo#{password => <<"badpassword">>})),
+
+    ?AUTH:unbind([ListenerID], ChainID),
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ok.
+
+generate_jws('hmac-based', Payload, Secret) ->
+    JWK = jose_jwk:from_oct(Secret),
+    Header = #{ <<"alg">> => <<"HS256">>
+              , <<"typ">> => <<"JWT">>
+              },
+    Signed = jose_jwt:sign(JWK, Header, Payload),
+    {_, JWS} = jose_jws:compact(Signed),
+    JWS;
+generate_jws('public-key', Payload, PrivateKey) ->
+    JWK = jose_jwk:from_pem_file(PrivateKey),
+    Header = #{ <<"alg">> => <<"RS256">>
+              , <<"typ">> => <<"JWT">>
+              },
+    Signed = jose_jwt:sign(JWK, Header, Payload),
+    {_, JWS} = jose_jws:compact(Signed),
+    JWS.
diff --git a/apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl
new file mode 100644
index 000000000..abc7ad149
--- /dev/null
+++ b/apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl
@@ -0,0 +1,187 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authn_mnesia_SUITE).
+
+-compile(export_all).
+-compile(nowarn_export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("eunit/include/eunit.hrl").
+
+-define(AUTH, emqx_authn).
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+init_per_suite(Config) ->
+    emqx_ct_helpers:start_apps([emqx_authn], fun set_special_configs/1),
+    Config.
+
+end_per_suite(_) ->
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_authn.conf')),
+    emqx_ct_helpers:stop_apps([emqx_authn]),
+    ok.
+
+set_special_configs(emqx_authn) ->
+    application:set_env(emqx, plugins_etc_dir,
+                        emqx_ct_helpers:deps_path(emqx_authn, "test")),
+    Conf = #{<<"authn">> => #{<<"chains">> => [], <<"bindings">> => []}},
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_authn.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
+t_mnesia_authenticator(_) ->
+    ChainID = <<"mychain">>,
+    Chain = #{id => ChainID,
+              type => simple},
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:create_chain(Chain)),
+
+    AuthenticatorName = <<"myauthenticator">>,
+    AuthenticatorConfig = #{name => AuthenticatorName,
+                            type => 'built-in-database',
+                            config => #{
+                                user_id_type => username,
+                                password_hash_algorithm => #{
+                                    name => sha256
+                                }}},
+    ?assertEqual({ok, AuthenticatorConfig}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig)),
+
+    UserInfo = #{<<"user_id">> => <<"myuser">>,
+                 <<"password">> => <<"mypass">>},
+    ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:add_user(ChainID, AuthenticatorName, UserInfo)),
+    ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:lookup_user(ChainID, AuthenticatorName, <<"myuser">>)),
+
+    ListenerID = <<"listener1">>,
+    ?AUTH:bind(ChainID, [ListenerID]),
+
+    ClientInfo = #{listener_id => ListenerID,
+			       username => <<"myuser">>,
+			       password => <<"mypass">>},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo)),
+    ClientInfo2 = ClientInfo#{username => <<"baduser">>},
+    ?assertEqual({error, user_not_found}, ?AUTH:authenticate(ClientInfo2)),
+    ClientInfo3 = ClientInfo#{password => <<"badpass">>},
+    ?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo3)),
+
+    UserInfo2 = UserInfo#{<<"password">> => <<"mypass2">>},
+    ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:update_user(ChainID, AuthenticatorName, <<"myuser">>, UserInfo2)),
+    ClientInfo4 = ClientInfo#{password => <<"mypass2">>},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo4)),
+
+    ?assertEqual(ok, ?AUTH:delete_user(ChainID, AuthenticatorName, <<"myuser">>)),
+    ?assertEqual({error, not_found}, ?AUTH:lookup_user(ChainID, AuthenticatorName, <<"myuser">>)),
+
+    ?assertEqual({ok, #{user_id => <<"myuser">>}}, ?AUTH:add_user(ChainID, AuthenticatorName, UserInfo)),
+    ?assertMatch({ok, #{user_id := <<"myuser">>}}, ?AUTH:lookup_user(ChainID, AuthenticatorName, <<"myuser">>)),
+    ?assertEqual(ok, ?AUTH:delete_authenticator(ChainID, AuthenticatorName)),
+    ?assertEqual({ok, AuthenticatorConfig}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig)),
+    ?assertMatch({error, not_found}, ?AUTH:lookup_user(ChainID, AuthenticatorName, <<"myuser">>)),
+
+    ?AUTH:unbind([ListenerID], ChainID),
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ?assertEqual([], ets:tab2list(mnesia_basic_auth)),
+    ok.
+
+t_import(_) ->
+    ChainID = <<"mychain">>,
+    Chain = #{id => ChainID,
+              type => simple},
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:create_chain(Chain)),
+
+    AuthenticatorName = <<"myauthenticator">>,
+    AuthenticatorConfig = #{name => AuthenticatorName,
+                            type => 'built-in-database',
+                            config => #{
+                                user_id_type => username,
+                                password_hash_algorithm => #{
+                                    name => sha256
+                                }}},
+    ?assertEqual({ok, AuthenticatorConfig}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig)),
+
+    Dir = code:lib_dir(emqx_authn, test),
+    ?assertEqual(ok, ?AUTH:import_users(ChainID, AuthenticatorName, filename:join([Dir, "data/user-credentials.json"]))),
+    ?assertEqual(ok, ?AUTH:import_users(ChainID, AuthenticatorName, filename:join([Dir, "data/user-credentials.csv"]))),
+    ?assertMatch({ok, #{user_id := <<"myuser1">>}}, ?AUTH:lookup_user(ChainID, AuthenticatorName, <<"myuser1">>)),
+    ?assertMatch({ok, #{user_id := <<"myuser3">>}}, ?AUTH:lookup_user(ChainID, AuthenticatorName, <<"myuser3">>)),
+
+    ListenerID = <<"listener1">>,
+    ?AUTH:bind(ChainID, [ListenerID]),
+
+    ClientInfo1 = #{listener_id => ListenerID,
+			        username => <<"myuser1">>,
+			        password => <<"mypassword1">>},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo1)),
+    ClientInfo2 = ClientInfo1#{username => <<"myuser3">>,
+                               password => <<"mypassword3">>},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo2)),
+
+    ?AUTH:unbind([ListenerID], ChainID),
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ok.
+
+t_multi_mnesia_authenticator(_) ->
+    ChainID = <<"mychain">>,
+    Chain = #{id => ChainID,
+              type => simple},
+    ?assertMatch({ok, #{id := ChainID, authenticators := []}}, ?AUTH:create_chain(Chain)),
+
+    AuthenticatorName1 = <<"myauthenticator1">>,
+    AuthenticatorConfig1 = #{name => AuthenticatorName1,
+                             type => 'built-in-database',
+                             config => #{
+                                 user_id_type => username,
+                                 password_hash_algorithm => #{
+                                     name => sha256
+                                 }}},
+    AuthenticatorName2 = <<"myauthenticator2">>,
+    AuthenticatorConfig2 = #{name => AuthenticatorName2,
+                             type => 'built-in-database',
+                             config => #{
+                                 user_id_type => clientid,
+                                 password_hash_algorithm => #{
+                                     name => sha256
+                                 }}},
+    ?assertEqual({ok, AuthenticatorConfig1}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig1)),
+    ?assertEqual({ok, AuthenticatorConfig2}, ?AUTH:create_authenticator(ChainID, AuthenticatorConfig2)),
+
+    ?assertEqual({ok, #{user_id => <<"myuser">>}},
+                 ?AUTH:add_user(ChainID, AuthenticatorName1,
+                                #{<<"user_id">> => <<"myuser">>,
+                                  <<"password">> => <<"mypass1">>})),
+    ?assertEqual({ok, #{user_id => <<"myclient">>}},
+                 ?AUTH:add_user(ChainID, AuthenticatorName2,
+                                #{<<"user_id">> => <<"myclient">>,
+                                  <<"password">> => <<"mypass2">>})),
+
+    ListenerID = <<"listener1">>,
+    ?AUTH:bind(ChainID, [ListenerID]),
+
+    ClientInfo1 = #{listener_id => ListenerID,
+			        username => <<"myuser">>,
+                    clientid => <<"myclient">>,
+			        password => <<"mypass1">>},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo1)),
+    ?assertEqual(ok, ?AUTH:move_authenticator_to_the_front(ChainID, AuthenticatorName2)),
+
+    ?assertEqual({error, bad_password}, ?AUTH:authenticate(ClientInfo1)),
+    ClientInfo2 = ClientInfo1#{password => <<"mypass2">>},
+    ?assertEqual(ok, ?AUTH:authenticate(ClientInfo2)),
+
+    ?AUTH:unbind([ListenerID], ChainID),
+    ?assertEqual(ok, ?AUTH:delete_chain(ChainID)),
+    ok.
diff --git a/rebar.config.erl b/rebar.config.erl
index 901749d72..ff66f746c 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -248,6 +248,7 @@ relx_apps(ReleaseType) ->
     , {mnesia, load}
     , {ekka, load}
     , {emqx_plugin_libs, load}
+    , emqx_authn
     , emqx_authz
     , observer_cli
     , emqx_http_lib
@@ -285,7 +286,6 @@ relx_plugin_apps(ReleaseType) ->
     , emqx_sn
     , emqx_coap
     , emqx_stomp
-    , emqx_authentication
     , emqx_statsd
     , emqx_rule_actions
     ]
@@ -373,6 +373,7 @@ emqx_etc_overlay_common() ->
      {"{{base_dir}}/lib/emqx/etc/ssl_dist.conf", "etc/ssl_dist.conf"},
      {"{{base_dir}}/lib/emqx_data_bridge/etc/emqx_data_bridge.conf", "etc/plugins/emqx_data_bridge.conf"},
      {"{{base_dir}}/lib/emqx_telemetry/etc/emqx_telemetry.conf", "etc/plugins/emqx_telemetry.conf"},
+     {"{{base_dir}}/lib/emqx_authn/etc/emqx_authn.conf", "etc/plugins/emqx_authn.conf"},
      {"{{base_dir}}/lib/emqx_authz/etc/emqx_authz.conf", "etc/plugins/authz.conf"},
      %% TODO: check why it has to end with .paho
      %% and why it is put to etc/plugins dir

From b63bba59d5aabf7cdd14c5024bb505bbabbbdf80 Mon Sep 17 00:00:00 2001
From: zhouzb <zhouzb@emqx.io>
Date: Wed, 30 Jun 2021 17:26:07 +0800
Subject: [PATCH 136/174] feat(authn): update schema for mysql and postgresql

---
 .../src/simple_authn/emqx_authn_mysql.erl     | 24 ++-----------------
 .../src/simple_authn/emqx_authn_pgsql.erl     | 22 ++---------------
 2 files changed, 4 insertions(+), 42 deletions(-)

diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
index 4fddcc3f7..3b5384d9c 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
@@ -33,27 +33,6 @@
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-%% Config:
-%% host
-%% port
-%% username
-%% password
-%% database
-%% pool_size
-%% connect_timeout
-%% enable_ssl
-%% ssl_opts
-%%   cacertfile
-%%   certfile
-%%   keyfile
-%%   verify
-%%   servce_name_indication
-%%   tls_versions
-%%   ciphers
-%% password_hash_algorithm
-%% salt_position
-%% query
-%% query_timeout
 structs() -> [config].
 
 fields(config) ->
@@ -61,7 +40,8 @@ fields(config) ->
     , {salt_position,           {enum, [prefix, suffix]}}
     , {query,                   fun query/1}
     , {query_timeout,           fun query_timeout/1}
-    ].
+    ] ++ emqx_connector_schema_lib:relational_db_fields()
+    ++ emqx_connector_schema_lib:ssl_fields().
 
 password_hash_algorithm(type) -> string();
 password_hash_algorithm(_) -> undefined.
diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
index 8c250e216..c9046c606 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
@@ -33,32 +33,14 @@
 %% Hocon Schema
 %%------------------------------------------------------------------------------
 
-%% Config:
-%% host
-%% port
-%% username
-%% password
-%% database
-%% pool_size
-%% connect_timeout
-%% enable_ssl
-%% cacertfile
-%% certfile
-%% keyfile
-%% verify
-%% servce_name_indication
-%% tls_versions
-%% ciphers
-%% password_hash_algorithm
-%% salt_position
-%% query
 structs() -> [config].
 
 fields(config) ->
     [ {password_hash_algorithm, fun password_hash_algorithm/1}
     , {salt_position, {enum, [prefix, suffix]}}
     , {query, fun query/1}
-    ].
+    ] ++ emqx_connector_schema_lib:relational_db_fields()
+    ++ emqx_connector_schema_lib:ssl_fields().
 
 password_hash_algorithm(type) -> string();
 password_hash_algorithm(_) -> undefined.

From e0f10874903be9386dff81be176efcaa5acd94ec Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Wed, 30 Jun 2021 18:58:51 +0800
Subject: [PATCH 137/174] chore(mgmt): cancel plugins test case

---
 .../test/emqx_mgmt_api_SUITE.erl              | 112 +++++++++---------
 1 file changed, 56 insertions(+), 56 deletions(-)

diff --git a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
index d372596ed..9e6347c65 100644
--- a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
@@ -284,62 +284,62 @@ t_nodes(_) ->
     ?assertEqual(<<"undefined">>, maps:get(<<"error">>, Error)),
     meck:unload(emqx_mgmt).
 
-t_plugins(_) ->
-    application:ensure_all_started(emqx_retainer),
-    {ok, Plugins1} = request_api(get, api_path(["plugins"]), auth_header_()),
-    [Plugins11] = filter(get(<<"data">>, Plugins1), <<"node">>, atom_to_binary(node(), utf8)),
-    [Plugin1] = filter(maps:get(<<"plugins">>, Plugins11), <<"name">>, <<"emqx_retainer">>),
-    ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin1)),
-    ?assertEqual(true, maps:get(<<"active">>, Plugin1)),
-
-    {ok, _} = request_api(put,
-                          api_path(["plugins",
-                                    atom_to_list(emqx_retainer),
-                                    "unload"]),
-                          auth_header_()),
-    {ok, Error1} = request_api(put,
-                               api_path(["plugins",
-                                         atom_to_list(emqx_retainer),
-                                         "unload"]),
-                               auth_header_()),
-    ?assertEqual(<<"not_started">>, get(<<"message">>, Error1)),
-    {ok, Plugins2} = request_api(get,
-                                 api_path(["nodes", atom_to_list(node()), "plugins"]),
-                                 auth_header_()),
-    [Plugin2] = filter(get(<<"data">>, Plugins2), <<"name">>, <<"emqx_retainer">>),
-    ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin2)),
-    ?assertEqual(false, maps:get(<<"active">>, Plugin2)),
-
-    {ok, _} = request_api(put,
-                          api_path(["nodes",
-                                    atom_to_list(node()),
-                                    "plugins",
-                                    atom_to_list(emqx_retainer),
-                                    "load"]),
-                          auth_header_()),
-    {ok, Plugins3} = request_api(get,
-                                 api_path(["nodes", atom_to_list(node()), "plugins"]),
-                                 auth_header_()),
-    [Plugin3] = filter(get(<<"data">>, Plugins3), <<"name">>, <<"emqx_retainer">>),
-    ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin3)),
-    ?assertEqual(true, maps:get(<<"active">>, Plugin3)),
-
-    {ok, _} = request_api(put,
-                          api_path(["nodes",
-                                    atom_to_list(node()),
-                                    "plugins",
-                                    atom_to_list(emqx_retainer),
-                                    "unload"]),
-                          auth_header_()),
-    {ok, Error2} = request_api(put,
-                               api_path(["nodes",
-                                         atom_to_list(node()),
-                                         "plugins",
-                                         atom_to_list(emqx_retainer),
-                                         "unload"]),
-                               auth_header_()),
-    ?assertEqual(<<"not_started">>, get(<<"message">>, Error2)),
-    application:stop(emqx_retainer).
+% t_plugins(_) ->
+%     application:ensure_all_started(emqx_retainer),
+%     {ok, Plugins1} = request_api(get, api_path(["plugins"]), auth_header_()),
+%     [Plugins11] = filter(get(<<"data">>, Plugins1), <<"node">>, atom_to_binary(node(), utf8)),
+%     [Plugin1] = filter(maps:get(<<"plugins">>, Plugins11), <<"name">>, <<"emqx_retainer">>),
+%     ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin1)),
+%     ?assertEqual(true, maps:get(<<"active">>, Plugin1)),
+% 
+%     {ok, _} = request_api(put,
+%                           api_path(["plugins",
+%                                     atom_to_list(emqx_retainer),
+%                                     "unload"]),
+%                           auth_header_()),
+%     {ok, Error1} = request_api(put,
+%                                api_path(["plugins",
+%                                          atom_to_list(emqx_retainer),
+%                                          "unload"]),
+%                                auth_header_()),
+%     ?assertEqual(<<"not_started">>, get(<<"message">>, Error1)),
+%     {ok, Plugins2} = request_api(get,
+%                                  api_path(["nodes", atom_to_list(node()), "plugins"]),
+%                                  auth_header_()),
+%     [Plugin2] = filter(get(<<"data">>, Plugins2), <<"name">>, <<"emqx_retainer">>),
+%     ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin2)),
+%     ?assertEqual(false, maps:get(<<"active">>, Plugin2)),
+% 
+%     {ok, _} = request_api(put,
+%                           api_path(["nodes",
+%                                     atom_to_list(node()),
+%                                     "plugins",
+%                                     atom_to_list(emqx_retainer),
+%                                     "load"]),
+%                           auth_header_()),
+%     {ok, Plugins3} = request_api(get,
+%                                  api_path(["nodes", atom_to_list(node()), "plugins"]),
+%                                  auth_header_()),
+%     [Plugin3] = filter(get(<<"data">>, Plugins3), <<"name">>, <<"emqx_retainer">>),
+%     ?assertEqual(<<"emqx_retainer">>, maps:get(<<"name">>, Plugin3)),
+%     ?assertEqual(true, maps:get(<<"active">>, Plugin3)),
+% 
+%     {ok, _} = request_api(put,
+%                           api_path(["nodes",
+%                                     atom_to_list(node()),
+%                                     "plugins",
+%                                     atom_to_list(emqx_retainer),
+%                                     "unload"]),
+%                           auth_header_()),
+%     {ok, Error2} = request_api(put,
+%                                api_path(["nodes",
+%                                          atom_to_list(node()),
+%                                          "plugins",
+%                                          atom_to_list(emqx_retainer),
+%                                          "unload"]),
+%                                auth_header_()),
+%     ?assertEqual(<<"not_started">>, get(<<"message">>, Error2)),
+%     application:stop(emqx_retainer).
 
 t_acl_cache(_) ->
     ClientId = <<"client1">>,

From 860aea50db20d36850ea94dde4eb4ead6ab3921f Mon Sep 17 00:00:00 2001
From: lafirest <blankalupo@163.com>
Date: Tue, 29 Jun 2021 21:59:54 +0800
Subject: [PATCH 138/174] chore(emqx_retainer): change config of emqx_retainer
 to use hocon

---
 apps/emqx/src/emqx_schema.erl                 |   1 +
 apps/emqx_retainer/etc/emqx_retainer.conf     |  64 +++++------
 apps/emqx_retainer/priv/emqx_retainer.schema  |  30 -----
 apps/emqx_retainer/src/emqx_retainer.erl      | 105 ++++++++++--------
 apps/emqx_retainer/src/emqx_retainer_app.erl  |   5 +-
 .../src/emqx_retainer_schema.erl              |  31 ++++++
 apps/emqx_retainer/src/emqx_retainer_sup.erl  |  12 +-
 .../test/emqx_retainer_SUITE.erl              |  26 +++--
 8 files changed, 151 insertions(+), 123 deletions(-)
 delete mode 100644 apps/emqx_retainer/priv/emqx_retainer.schema
 create mode 100644 apps/emqx_retainer/src/emqx_retainer_schema.erl

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 11ffe664a..cdc20762e 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -64,6 +64,7 @@ includes() ->[].
 includes() ->
     [ "emqx_data_bridge"
     , "emqx_telemetry"
+    , "emqx_retainer"
     ].
 -endif.
 
diff --git a/apps/emqx_retainer/etc/emqx_retainer.conf b/apps/emqx_retainer/etc/emqx_retainer.conf
index 4db438a98..08220a207 100644
--- a/apps/emqx_retainer/etc/emqx_retainer.conf
+++ b/apps/emqx_retainer/etc/emqx_retainer.conf
@@ -5,37 +5,39 @@
 ## Where to store the retained messages.
 ##
 ## Notice that all nodes in the same cluster have to be configured to
-## use the same storage_type.
-##
-## Value: ram | disc | disc_only
-##  - ram: memory only
-##  - disc: both memory and disc
-##  - disc_only: disc only
-##
-## Default: ram
-retainer.storage_type = ram
+emqx_retainer: {
+	## use the same storage_type.
+	##
+	## Value: ram | disc | disc_only
+	##  - ram: memory only
+	##  - disc: both memory and disc
+	##  - disc_only: disc only
+	##
+	## Default: ram
+	storage_type: ram
 
-## Maximum number of retained messages. 0 means no limit.
-##
-## Value: Number >= 0
-retainer.max_retained_messages = 0
+	## Maximum number of retained messages. 0 means no limit.
+	##
+	## Value: Number >= 0
+	max_retained_messages: 0
 
-## Maximum retained message size.
-##
-## Value: Bytes
-retainer.max_payload_size = 1MB
+	## Maximum retained message size.
+	##
+	## Value: Bytes
+	max_payload_size: 1MB
 
-## Expiry interval of the retained messages. Never expire if the value is 0.
-##
-## Value: Duration
-##  - h: hour
-##  - m: minute
-##  - s: second
-##
-## Examples:
-##  - 2h:  2 hours
-##  - 30m: 30 minutes
-##  - 20s: 20 seconds
-##
-## Default: 0
-retainer.expiry_interval = 0
+	## Expiry interval of the retained messages. Never expire if the value is 0.
+	##
+	## Value: Duration
+	##  - h: hour
+	##  - m: minute
+	##  - s: second
+	##
+	## Examples:
+	##  - 2h:  2 hours
+	##  - 30m: 30 minutes
+	##  - 20s: 20 seconds
+	##
+	## Default: 0s
+	expiry_interval: 0s
+}
diff --git a/apps/emqx_retainer/priv/emqx_retainer.schema b/apps/emqx_retainer/priv/emqx_retainer.schema
deleted file mode 100644
index e598864e1..000000000
--- a/apps/emqx_retainer/priv/emqx_retainer.schema
+++ /dev/null
@@ -1,30 +0,0 @@
-%%-*- mode: erlang -*-
-%% Retainer config mapping
-
-%% Storage Type
-%% {$configurable}
-{mapping, "retainer.storage_type", "emqx_retainer.storage_type", [
-  {default, ram},
-  {datatype, {enum, [ram, disc, disc_only]}}
-]}.
-
-%% Maximum number of retained messages.
-%% {$configurable}
-{mapping, "retainer.max_retained_messages", "emqx_retainer.max_retained_messages", [
-  {default, 0},
-  {datatype, integer}
-]}.
-
-%% Maximum payload size of retained message.
-%% {$configurable}
-{mapping, "retainer.max_payload_size", "emqx_retainer.max_payload_size", [
-  {default, "1MB"},
-  {datatype, bytesize}
-]}.
-
-%% Expiry interval of retained message
-%% {$configurable}
-{mapping, "retainer.expiry_interval", "emqx_retainer.expiry_interval", [
-  {default, 0},
-  {datatype, [integer, {duration, ms}]}
-]}.
diff --git a/apps/emqx_retainer/src/emqx_retainer.erl b/apps/emqx_retainer/src/emqx_retainer.erl
index 94c561b39..affbc5ca3 100644
--- a/apps/emqx_retainer/src/emqx_retainer.erl
+++ b/apps/emqx_retainer/src/emqx_retainer.erl
@@ -25,14 +25,14 @@
 
 -logger_header("[Retainer]").
 
--export([start_link/1]).
+-export([start_link/0]).
 
--export([ load/1
+-export([ load/0
         , unload/0
         ]).
 
 -export([ on_session_subscribed/3
-        , on_message_publish/2
+        , on_message_publish/1
         ]).
 
 -export([clean/1]).
@@ -51,15 +51,25 @@
 
 -record(state, {stats_fun, stats_timer, expiry_timer}).
 
+-define(STATS_INTERVAL, timer:seconds(1)).
+-define(DEF_STORAGE_TYPE, ram).
+-define(DEF_MAX_RETAINED_MESSAGES, 0).
+-define(DEF_MAX_PAYLOAD_SIZE, (1024 * 1024)).
+-define(DEF_EXPIRY_INTERVAL, 0).
+
+%% convenient to generate stats_timer/expiry_timer
+-define(MAKE_TIMER(State, Timer, Interval, Msg),
+        State#state{Timer = erlang:send_after(Interval, self(), Msg)}).
+
 -rlog_shard({?RETAINER_SHARD, ?TAB}).
 
 %%--------------------------------------------------------------------
 %% Load/Unload
 %%--------------------------------------------------------------------
 
-load(Env) ->
+load() ->
     _ = emqx:hook('session.subscribed', {?MODULE, on_session_subscribed, []}),
-    _ = emqx:hook('message.publish', {?MODULE, on_message_publish, [Env]}),
+    _ = emqx:hook('message.publish', {?MODULE, on_message_publish, []}),
     ok.
 
 unload() ->
@@ -85,15 +95,15 @@ dispatch(Pid, Topic) ->
 %% RETAIN flag set to 1 and payload containing zero bytes
 on_message_publish(Msg = #message{flags   = #{retain := true},
                                   topic   = Topic,
-                                  payload = <<>>}, _Env) ->
+                                  payload = <<>>}) ->
     ekka_mnesia:dirty_delete(?TAB, topic2tokens(Topic)),
     {ok, Msg};
 
-on_message_publish(Msg = #message{flags = #{retain := true}}, Env) ->
+on_message_publish(Msg = #message{flags = #{retain := true}}) ->
     Msg1 = emqx_message:set_header(retained, true, Msg),
-    store_retained(Msg1, Env),
+    store_retained(Msg1),
     {ok, Msg};
-on_message_publish(Msg, _Env) ->
+on_message_publish(Msg) ->
     {ok, Msg}.
 
 %%--------------------------------------------------------------------
@@ -101,9 +111,9 @@ on_message_publish(Msg, _Env) ->
 %%--------------------------------------------------------------------
 
 %% @doc Start the retainer
--spec(start_link(Env :: list()) -> emqx_types:startlink_ret()).
-start_link(Env) ->
-    gen_server:start_link({local, ?MODULE}, ?MODULE, [Env], []).
+-spec(start_link() -> emqx_types:startlink_ret()).
+start_link() ->
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
 
 -spec(clean(emqx_types:topic()) -> non_neg_integer()).
 clean(Topic) when is_binary(Topic) ->
@@ -124,8 +134,10 @@ clean(Topic) when is_binary(Topic) ->
 %% gen_server callbacks
 %%--------------------------------------------------------------------
 
-init([Env]) ->
-    Copies = case proplists:get_value(storage_type, Env, disc) of
+init([]) ->
+    StorageType = emqx_config:get([?MODULE, storage_type], ?DEF_STORAGE_TYPE),
+    ExpiryInterval = emqx_config:get([?MODULE, expiry_interval], ?DEF_EXPIRY_INTERVAL),
+    Copies = case StorageType of
                  ram       -> ram_copies;
                  disc      -> disc_copies;
                  disc_only -> disc_only_copies
@@ -149,17 +161,15 @@ init([Env]) ->
             ok
     end,
     StatsFun = emqx_stats:statsfun('retained.count', 'retained.max'),
-    {ok, StatsTimer} = timer:send_interval(timer:seconds(1), stats),
-    State = #state{stats_fun = StatsFun, stats_timer = StatsTimer},
-    {ok, start_expire_timer(proplists:get_value(expiry_interval, Env, 0), State)}.
+    State = ?MAKE_TIMER(#state{stats_fun = StatsFun}, stats_timer, ?STATS_INTERVAL, stats),
+    {ok, start_expire_timer(ExpiryInterval, State)}.
 
 start_expire_timer(0, State) ->
     State;
 start_expire_timer(undefined, State) ->
     State;
 start_expire_timer(Ms, State) ->
-    {ok, Timer} = timer:send_interval(Ms, expire),
-    State#state{expiry_timer = Timer}.
+    ?MAKE_TIMER(State, expiry_timer, Ms, expire).
 
 handle_call(Req, _From, State) ->
     ?LOG(error, "Unexpected call: ~p", [Req]),
@@ -171,19 +181,20 @@ handle_cast(Msg, State) ->
 
 handle_info(stats, State = #state{stats_fun = StatsFun}) ->
     StatsFun(retained_count()),
-    {noreply, State, hibernate};
+    {noreply, ?MAKE_TIMER(State, stats_timer, ?STATS_INTERVAL, stats), hibernate};
 
 handle_info(expire, State) ->
     ok = expire_messages(),
-    {noreply, State, hibernate};
+    Interval = emqx_config:get([?MODULE, expiry_interval], ?DEF_EXPIRY_INTERVAL),
+    {noreply, start_expire_timer(Interval, State), hibernate};
 
 handle_info(Info, State) ->
     ?LOG(error, "Unexpected info: ~p", [Info]),
     {noreply, State}.
 
 terminate(_Reason, #state{stats_timer = TRef1, expiry_timer = TRef2}) ->
-    _ = timer:cancel(TRef1),
-    _ = timer:cancel(TRef2),
+    _ = erlang:cancel_timer(TRef1),
+    _ = erlang:cancel_timer(TRef2),
     ok.
 
 code_change(_OldVsn, State, _Extra) ->
@@ -192,31 +203,33 @@ code_change(_OldVsn, State, _Extra) ->
 %%--------------------------------------------------------------------
 %% Internal functions
 %%--------------------------------------------------------------------
-
 sort_retained([]) -> [];
 sort_retained([Msg]) -> [Msg];
 sort_retained(Msgs)  ->
     lists:sort(fun(#message{timestamp = Ts1}, #message{timestamp = Ts2}) ->
-                   Ts1 =< Ts2
-               end, Msgs).
+                       Ts1 =< Ts2 end,
+               Msgs).
 
-store_retained(Msg = #message{topic = Topic, payload = Payload}, Env) ->
-    case {is_table_full(Env), is_too_big(size(Payload), Env)} of
+store_retained(Msg = #message{topic = Topic, payload = Payload}) ->
+    case {is_table_full(), is_too_big(size(Payload))} of
         {false, false} ->
             ok = emqx_metrics:inc('messages.retained'),
             ekka_mnesia:dirty_write(?TAB, #retained{topic = topic2tokens(Topic),
                                                     msg = Msg,
-                                                    expiry_time = get_expiry_time(Msg, Env)});
+                                                    expiry_time = get_expiry_time(Msg)});
         {true, false} ->
             {atomic, _} = ekka_mnesia:transaction(?RETAINER_SHARD,
                 fun() ->
-                    case mnesia:read(?TAB, Topic) of
-                        [_] ->
-                            mnesia:write(?TAB, #retained{topic = topic2tokens(Topic),
-                                                         msg = Msg,
-                                                         expiry_time = get_expiry_time(Msg, Env)}, write);
-                        [] ->
-                            ?LOG(error, "Cannot retain message(topic=~s) for table is full!", [Topic])
+                        case mnesia:read(?TAB, Topic) of
+                            [_] ->
+                                mnesia:write(?TAB,
+                                             #retained{topic = topic2tokens(Topic),
+                                                       msg = Msg,
+                                                       expiry_time = get_expiry_time(Msg)},
+                                             write);
+                            [] ->
+                                ?LOG(error,
+                                     "Cannot retain message(topic=~s) for table is full!", [Topic])
                     end
                 end),
             ok;
@@ -227,22 +240,24 @@ store_retained(Msg = #message{topic = Topic, payload = Payload}, Env) ->
                         "for payload is too big!", [Topic, iolist_size(Payload)])
     end.
 
-is_table_full(Env) ->
-    Limit = proplists:get_value(max_retained_messages, Env, 0),
+is_table_full() ->
+    Limit = emqx_config:get([?MODULE, max_retained_messages], ?DEF_MAX_RETAINED_MESSAGES),
     Limit > 0 andalso (retained_count() > Limit).
 
-is_too_big(Size, Env) ->
-    Limit = proplists:get_value(max_payload_size, Env, 0),
+is_too_big(Size) ->
+    Limit = emqx_config:get([?MODULE, max_payload_size], ?DEF_MAX_PAYLOAD_SIZE),
     Limit > 0 andalso (Size > Limit).
 
-get_expiry_time(#message{headers = #{properties := #{'Message-Expiry-Interval' := 0}}}, _Env) ->
+get_expiry_time(#message{headers = #{properties := #{'Message-Expiry-Interval' := 0}}}) ->
     0;
-get_expiry_time(#message{headers = #{properties := #{'Message-Expiry-Interval' := Interval}}, timestamp = Ts}, _Env) ->
+get_expiry_time(#message{headers = #{properties := #{'Message-Expiry-Interval' := Interval}},
+                         timestamp = Ts}) ->
     Ts + Interval * 1000;
-get_expiry_time(#message{timestamp = Ts}, Env) ->
-    case proplists:get_value(expiry_interval, Env, 0) of
+get_expiry_time(#message{timestamp = Ts}) ->
+    Interval = emqx_config:get([?MODULE, expiry_interval], ?DEF_EXPIRY_INTERVAL),
+    case Interval of
         0 -> 0;
-        Interval -> Ts + Interval
+        _ -> Ts + Interval
     end.
 
 %%--------------------------------------------------------------------
diff --git a/apps/emqx_retainer/src/emqx_retainer_app.erl b/apps/emqx_retainer/src/emqx_retainer_app.erl
index adca5ae7a..3f42ddbd6 100644
--- a/apps/emqx_retainer/src/emqx_retainer_app.erl
+++ b/apps/emqx_retainer/src/emqx_retainer_app.erl
@@ -25,9 +25,8 @@
         ]).
 
 start(_Type, _Args) ->
-    Env = application:get_all_env(emqx_retainer),
-    {ok, Sup} = emqx_retainer_sup:start_link(Env),
-    emqx_retainer:load(Env),
+    {ok, Sup} = emqx_retainer_sup:start_link(),
+    emqx_retainer:load(),
     emqx_retainer_cli:load(),
     {ok, Sup}.
 
diff --git a/apps/emqx_retainer/src/emqx_retainer_schema.erl b/apps/emqx_retainer/src/emqx_retainer_schema.erl
new file mode 100644
index 000000000..ece873dae
--- /dev/null
+++ b/apps/emqx_retainer/src/emqx_retainer_schema.erl
@@ -0,0 +1,31 @@
+-module(emqx_retainer_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-type storage_type() :: ram | disc | disc_only.
+
+-reflect_type([storage_type/0]).
+
+-export([structs/0, fields/1]).
+
+structs() -> ["emqx_retainer"].
+
+fields("emqx_retainer") ->
+    [ {storage_type, t(storage_type(), ram)}
+    , {max_retained_messages, t(integer(), 0, fun is_pos_integer/1)}
+    , {max_payload_size, t(emqx_schema:bytesize(), "1MB")}
+    , {expiry_interval, t(emqx_schema:duration_ms(), "0s")}
+    ].
+
+%%--------------------------------------------------------------------
+%% Internal functions
+%%--------------------------------------------------------------------
+t(Type, Default) ->
+    hoconsc:t(Type, #{default => Default}).
+
+t(Type, Default, Validator) ->
+    hoconsc:t(Type, #{default => Default,
+                      validator => Validator}).
+
+is_pos_integer(V) ->
+    V >= 0.
diff --git a/apps/emqx_retainer/src/emqx_retainer_sup.erl b/apps/emqx_retainer/src/emqx_retainer_sup.erl
index fef245489..d01c20975 100644
--- a/apps/emqx_retainer/src/emqx_retainer_sup.erl
+++ b/apps/emqx_retainer/src/emqx_retainer_sup.erl
@@ -18,17 +18,17 @@
 
 -behaviour(supervisor).
 
--export([start_link/1]).
+-export([start_link/0]).
 
 -export([init/1]).
 
-start_link(Env) ->
-	supervisor:start_link({local, ?MODULE}, ?MODULE, [Env]).
+start_link() ->
+    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
 
-init([Env]) ->
-	{ok, {{one_for_one, 10, 3600},
+init([]) ->
+    {ok, {{one_for_one, 10, 3600},
           [#{id       => retainer,
-             start    => {emqx_retainer, start_link, [Env]},
+             start    => {emqx_retainer, start_link, []},
              restart  => permanent,
              shutdown => 5000,
              type     => worker,
diff --git a/apps/emqx_retainer/test/emqx_retainer_SUITE.erl b/apps/emqx_retainer/test/emqx_retainer_SUITE.erl
index 1df042dd9..1a0a00a1c 100644
--- a/apps/emqx_retainer/test/emqx_retainer_SUITE.erl
+++ b/apps/emqx_retainer/test/emqx_retainer_SUITE.erl
@@ -31,7 +31,7 @@ all() -> emqx_ct:all(?MODULE).
 %%--------------------------------------------------------------------
 
 init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_retainer]),
+    emqx_ct_helpers:start_apps([emqx_retainer], fun set_special_configs/1),
     Config.
 
 end_per_suite(_Config) ->
@@ -39,16 +39,26 @@ end_per_suite(_Config) ->
 
 init_per_testcase(TestCase, Config) ->
     emqx_retainer:clean(<<"#">>),
-    case TestCase of
-        t_message_expiry_2 ->
-            application:set_env(emqx_retainer, expiry_interval, 2000);
-        _ ->
-            application:set_env(emqx_retainer, expiry_interval, 0)
-    end,
-    application:stop(emqx_retainer),
+    Interval = case TestCase of
+                   t_message_expiry_2 -> 2000;
+                   _ -> 0
+               end,
+    init_emqx_retainer_conf(Interval),
     application:ensure_all_started(emqx_retainer),
     Config.
 
+set_special_configs(emqx_retainer) ->
+    init_emqx_retainer_conf(0);
+set_special_configs(_) ->
+    ok.
+
+init_emqx_retainer_conf(Expiry) ->
+    emqx_config:put([emqx_retainer],
+                    #{storage_type => ram,
+                      max_retained_messages => 0,
+                      max_payload_size => 1024 * 1024,
+                      expiry_interval => Expiry}).
+
 %%--------------------------------------------------------------------
 %% Test Cases
 %%--------------------------------------------------------------------

From d4f726419f456d2674fe28a35ece06a54d66d210 Mon Sep 17 00:00:00 2001
From: turtleDeng <deng@emqx.io>
Date: Thu, 1 Jul 2021 10:51:59 +0800
Subject: [PATCH 139/174] feat(bridge-mqtt): Update the configuration file to
 hocon (#5142)

---
 .../etc/emqx_bridge_mqtt.conf                 | 222 ++------
 .../priv/emqx_bridge_mqtt.schema              | 244 ---------
 .../src/emqx_bridge_connect.erl               |  74 ---
 .../emqx_bridge_mqtt/src/emqx_bridge_mqtt.erl |  90 ++--
 .../src/emqx_bridge_mqtt_schema.erl           |  89 ++++
 .../src/emqx_bridge_mqtt_sup.erl              |  39 +-
 apps/emqx_bridge_mqtt/src/emqx_bridge_rpc.erl |  25 +-
 .../src/emqx_bridge_worker.erl                | 293 +++++------
 .../test/emqx_bridge_mqtt_tests.erl           |   2 +-
 .../test/emqx_bridge_rpc_tests.erl            |   4 +-
 .../test/emqx_bridge_stub_conn.erl            |   3 -
 .../test/emqx_bridge_worker_SUITE.erl         | 475 ++++++++++--------
 .../test/emqx_bridge_worker_tests.erl         |  39 +-
 .../src/emqx_bridge_mqtt_actions.erl          |   2 +-
 data/loaded_plugins.tmpl                      |   1 -
 rebar.config.erl                              |   7 +-
 16 files changed, 615 insertions(+), 994 deletions(-)
 delete mode 100644 apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema
 delete mode 100644 apps/emqx_bridge_mqtt/src/emqx_bridge_connect.erl
 create mode 100644 apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_schema.erl

diff --git a/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf b/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
index 3cc719e40..4593e04f0 100644
--- a/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
+++ b/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
@@ -2,173 +2,55 @@
 ## Configuration for EMQ X MQTT Broker Bridge
 ##====================================================================
 
-##--------------------------------------------------------------------
-## Bridges to aws
-##--------------------------------------------------------------------
-
-## Bridge address: node name for local bridge, host:port for remote.
-##
-## Value: String
-## Example: emqx@127.0.0.1,  "127.0.0.1:1883"
-bridge.mqtt.aws.address = "127.0.0.1:1883"
-
-## Protocol version of the bridge.
-##
-## Value: Enum
-## - mqttv5
-## - mqttv4
-## - mqttv3
-bridge.mqtt.aws.proto_ver = mqttv4
-
-## Start type of the bridge.
-##
-## Value: enum
-## manual
-## auto
-bridge.mqtt.aws.start_type = manual
-
-## Whether to enable bridge mode for mqtt bridge
-##
-## This option is prepared for the mqtt broker which does not
-## support bridge_mode such as the mqtt-plugin of the rabbitmq
-##
-## Value: boolean
-#bridge.mqtt.aws.bridge_mode = false
-
-## The ClientId of a remote bridge.
-##
-## Placeholders:
-##  ${node}: Node name
-##
-## Value: String
-bridge.mqtt.aws.clientid = bridge_aws
-
-## The Clean start flag of a remote bridge.
-##
-## Value: boolean
-## Default: true
-##
-## NOTE: Some IoT platforms require clean_start
-##       must be set to 'true'
-bridge.mqtt.aws.clean_start = true
-
-## The username for a remote bridge.
-##
-## Value: String
-bridge.mqtt.aws.username = user
-
-## The password for a remote bridge.
-##
-## Value: String
-bridge.mqtt.aws.password = passwd
-
-## Topics that need to be forward to AWS IoTHUB
-##
-## Value: String
-## Example: "topic1/#,topic2/#"
-bridge.mqtt.aws.forwards = "topic1/#,topic2/#"
-
-## Forward messages to the mountpoint of an AWS IoTHUB
-##
-## Value: String
-bridge.mqtt.aws.forward_mountpoint = "bridge/aws/${node}/"
-
-## Need to subscribe to AWS topics
-##
-## Value: String
-## bridge.mqtt.aws.subscription.1.topic = "cmd/topic1"
-
-## Need to subscribe to AWS topics QoS.
-##
-## Value: Number
-## bridge.mqtt.aws.subscription.1.qos = 1
-
-## A mountpoint that receives messages from AWS IoTHUB
-##
-## Value: String
-## bridge.mqtt.aws.receive_mountpoint = "receive/aws/"
-
-
-## Bribge to remote server via SSL.
-##
-## Value: on | off
-bridge.mqtt.aws.ssl = off
-
-## PEM-encoded CA certificates of the bridge.
-##
-## Value: File
-bridge.mqtt.aws.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
-
-## Client SSL Certfile of the bridge.
-##
-## Value: File
-bridge.mqtt.aws.certfile = "{{ platform_etc_dir }}/certs/client-cert.pem"
-
-## Client SSL Keyfile of the bridge.
-##
-## Value: File
-bridge.mqtt.aws.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem"
-
-## SSL Ciphers used by the bridge.
-##
-## Value: String
-bridge.mqtt.aws.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
-
-## Ciphers for TLS PSK.
-## Note that 'bridge.${BridgeName}.ciphers' and 'bridge.${BridgeName}.psk_ciphers' cannot
-## be configured at the same time.
-## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-#bridge.mqtt.aws.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
-
-## Ping interval of a down bridge.
-##
-## Value: Duration
-## Default: 10 seconds
-bridge.mqtt.aws.keepalive = 60s
-
-## TLS versions used by the bridge.
-##
-## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-## Value: String
-bridge.mqtt.aws.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
-
-## Bridge reconnect time.
-##
-## Value: Duration
-## Default: 30 seconds
-bridge.mqtt.aws.reconnect_interval = 30s
-
-## Retry interval for bridge QoS1 message delivering.
-##
-## Value: Duration
-bridge.mqtt.aws.retry_interval = 20s
-
-## Publish messages in batches, only RPC Bridge supports
-##
-## Value: Integer
-## default: 32
-bridge.mqtt.aws.batch_size = 32
-
-## Inflight size.
-## 0 means infinity (no limit on the inflight window)
-##
-## Value: Integer
-bridge.mqtt.aws.max_inflight_size = 32
-
-## Base directory for replayq to store messages on disk
-## If this config entry is missing or set to undefined,
-## replayq works in a mem-only manner.
-##
-## Value: String
-bridge.mqtt.aws.queue.replayq_dir = "{{ platform_data_dir }}/replayq/emqx_aws_bridge/"
-
-## Replayq segment size
-##
-## Value: Bytesize
-bridge.mqtt.aws.queue.replayq_seg_bytes = 10MB
-
-## Replayq max total size
-##
-## Value: Bytesize
-bridge.mqtt.aws.queue.max_total_size = 5GB
-
+emqx_bridge_mqtt:{
+    bridges:[{
+        name: "mqtt1"
+        start_type: auto
+        forwards: ["test/#"],
+        forward_mountpoint: ""
+        reconnect_interval: "30s"
+        batch_size: 100
+        queue:{
+            replayq_dir: false
+            # replayq_seg_bytes: "100MB"
+            # replayq_offload_mode: false
+            # replayq_max_total_bytes: "1GB"
+        },
+        config:{
+            conn_type: mqtt
+            address: "127.0.0.1:1883"
+            proto_ver: v4
+            bridge_mode: true
+            clientid: "client1"
+            clean_start: true
+            username: "username1"
+            password: ""
+            keepalive: 300
+            subscriptions: [{
+                topic: "t/#"
+                qos: 1
+            }]
+            receive_mountpoint: ""
+            retry_interval: "30s"
+            max_inflight: 32
+        }
+    },
+    {
+        name: "rpc1"
+        start_type: auto
+        forwards: ["test/#"],
+        forward_mountpoint: ""
+        reconnect_interval: "30s"
+        batch_size: 100
+        queue:{
+            replayq_dir: "{{ platform_data_dir }}/replayq/bridge_mqtt/"
+            replayq_seg_bytes: "100MB"
+            replayq_offload_mode: false
+            replayq_max_total_bytes: "1GB"
+        },
+        config:{
+            conn_type: rpc
+            node: "emqx@127.0.0.1"
+        }
+    }]
+}
diff --git a/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema b/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema
deleted file mode 100644
index 3168bfc14..000000000
--- a/apps/emqx_bridge_mqtt/priv/emqx_bridge_mqtt.schema
+++ /dev/null
@@ -1,244 +0,0 @@
-%%-*- mode: erlang -*-
-%%--------------------------------------------------------------------
-%% Bridges
-%%--------------------------------------------------------------------
-{mapping, "bridge.mqtt.$name.address", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.proto_ver", "emqx_bridge_mqtt.bridges", [
-  {datatype, {enum, [mqttv3, mqttv4, mqttv5]}}
-]}.
-
-{mapping, "bridge.mqtt.$name.bridge_mode", "emqx_bridge_mqtt.bridges", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "bridge.mqtt.$name.start_type", "emqx_bridge_mqtt.bridges", [
-  {datatype, {enum, [manual, auto]}},
-  {default, auto}
-]}.
-
-{mapping, "bridge.mqtt.$name.clientid", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.clean_start", "emqx_bridge_mqtt.bridges", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "bridge.mqtt.$name.username", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.password", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.forwards", "emqx_bridge_mqtt.bridges", [
-  {datatype, string},
-  {default, ""}
-]}.
-
-{mapping, "bridge.mqtt.$name.forward_mountpoint", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.subscription.$id.topic", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.subscription.$id.qos", "emqx_bridge_mqtt.bridges", [
-  {datatype, integer}
-]}.
-
-{mapping, "bridge.mqtt.$name.receive_mountpoint", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.ssl", "emqx_bridge_mqtt.bridges", [
-  {datatype, flag},
-  {default, off}
-]}.
-
-{mapping, "bridge.mqtt.$name.cacertfile", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.certfile", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.keyfile", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.ciphers", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.psk_ciphers", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.keepalive", "emqx_bridge_mqtt.bridges", [
-  {default, "10s"},
-  {datatype, {duration, s}}
-]}.
-
-{mapping, "bridge.mqtt.$name.tls_versions", "emqx_bridge_mqtt.bridges", [
-  {datatype, string},
-  {default, "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"}
-]}.
-
-{mapping, "bridge.mqtt.$name.reconnect_interval", "emqx_bridge_mqtt.bridges", [
-  {default, "30s"},
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "bridge.mqtt.$name.retry_interval", "emqx_bridge_mqtt.bridges", [
-  {default, "20s"},
-  {datatype, {duration, s}}
-]}.
-
-{mapping, "bridge.mqtt.$name.max_inflight_size", "emqx_bridge_mqtt.bridges", [
-   {default, 0},
-   {datatype, integer}
- ]}.
-
-{mapping, "bridge.mqtt.$name.batch_size", "emqx_bridge_mqtt.bridges", [
-  {default, 0},
-  {datatype, integer}
-]}.
-
-{mapping, "bridge.mqtt.$name.queue.replayq_dir", "emqx_bridge_mqtt.bridges", [
-  {datatype, string}
-]}.
-
-{mapping, "bridge.mqtt.$name.queue.replayq_seg_bytes", "emqx_bridge_mqtt.bridges", [
-  {datatype, bytesize}
-]}.
-
-{mapping, "bridge.mqtt.$name.queue.max_total_size", "emqx_bridge_mqtt.bridges", [
-  {datatype, bytesize}
-]}.
-
-{translation, "emqx_bridge_mqtt.bridges", fun(Conf) ->
-
-    MapPSKCiphers = fun(PSKCiphers) ->
-                        lists:map(
-                          fun("PSK-AES128-CBC-SHA") -> {psk, aes_128_cbc, sha};
-                             ("PSK-AES256-CBC-SHA") -> {psk, aes_256_cbc, sha};
-                             ("PSK-3DES-EDE-CBC-SHA") -> {psk, '3des_ede_cbc', sha};
-                             ("PSK-RC4-SHA") -> {psk, rc4_128, sha}
-                          end, PSKCiphers)
-                    end,
-
-    Split = fun(undefined) -> undefined; (S) -> string:tokens(S, ",") end,
-
-    IsSsl = fun(cacertfile)   -> true;
-               (certfile)     -> true;
-               (keyfile)      -> true;
-               (ciphers)      -> true;
-               (psk_ciphers)  -> true;
-               (tls_versions) -> true;
-               (_Opt)         -> false
-            end,
-
-    Parse = fun(tls_versions, Vers) ->
-                    [{versions, [list_to_atom(S) || S <- Split(Vers)]}];
-               (ciphers, Ciphers) ->
-                    [{ciphers, Split(Ciphers)}];
-               (psk_ciphers, Ciphers) ->
-                    [{ciphers, MapPSKCiphers(Split(Ciphers))}, {user_lookup_fun, {fun emqx_psk:lookup/3, <<>>}}];
-               (Opt, Val) ->
-                    [{Opt, Val}]
-            end,
-
-    Merge = fun(forwards, Val, Opts) ->
-                  [{forwards, string:tokens(Val, ",")}|Opts];
-               (Opt, Val, Opts) ->
-                  case IsSsl(Opt) of
-                      true ->
-                          SslOpts = Parse(Opt, Val) ++ proplists:get_value(ssl_opts, Opts, []),
-                          lists:ukeymerge(1, [{ssl_opts, SslOpts}], lists:usort(Opts));
-                      false ->
-                          [{Opt, Val}|Opts]
-                  end
-            end,
-    Queue = fun(Name) ->
-                Configs = cuttlefish_variable:filter_by_prefix("bridge.mqtt." ++ Name ++ ".queue", Conf),
-
-                QOpts = [{list_to_atom(QOpt), QValue}|| {[_, _, _, "queue", QOpt], QValue} <- Configs],
-                maps:from_list(QOpts)
-            end,
-    Subscriptions = fun(Name) ->
-                        Configs = cuttlefish_variable:filter_by_prefix("bridge.mqtt." ++ Name ++ ".subscription", Conf),
-                        lists:zip([Topic || {_, Topic} <- lists:sort([{I, Topic} || {[_, _, _, "subscription", I, "topic"], Topic} <- Configs])],
-                                  [QoS || {_, QoS} <- lists:sort([{I, QoS} || {[_, _, _, "subscription", I, "qos"], QoS} <- Configs])])
-                    end,
-    IsNodeAddr = fun(Addr) ->
-                      case string:tokens(Addr, "@") of
-                          [_NodeName, _Hostname] -> true;
-                           _ -> false
-                      end
-                 end,
-    ConnMod = fun(Name) ->
-
-                      [AddrConfig] = cuttlefish_variable:filter_by_prefix("bridge.mqtt." ++ Name ++ ".address", Conf),
-                      {_, Addr} = AddrConfig,
-
-                      Subs = Subscriptions(Name),
-                      case IsNodeAddr(Addr) of
-                          true when Subs =/= [] ->
-                              error({"subscriptions are not supported when bridging between emqx nodes", Name, Subs});
-                          true ->
-                              emqx_bridge_rpc;
-                          false ->
-                              emqx_bridge_mqtt
-                      end
-              end,
-
-    %% to be backward compatible
-    Translate =
-        fun Tr(queue, Q, Cfg) ->
-                NewQ = maps:fold(Tr, #{}, Q),
-                Cfg#{queue => NewQ};
-            Tr(address, Addr0, Cfg) ->
-                Addr = case IsNodeAddr(Addr0) of
-                           true -> list_to_atom(Addr0);
-                           false -> Addr0
-                       end,
-                Cfg#{address => Addr};
-            Tr(reconnect_interval, Ms, Cfg) ->
-                Cfg#{reconnect_delay_ms => Ms};
-            Tr(proto_ver, Ver, Cfg) ->
-                Cfg#{proto_ver =>
-                   case Ver of
-                       mqttv3 -> v3;
-                       mqttv4 -> v4;
-                       mqttv5 -> v5;
-                       _ -> v4
-                   end};
-            Tr(max_inflight_size, Size, Cfg) ->
-                Cfg#{max_inflight => Size};
-            Tr(Key, Value, Cfg) ->
-                Cfg#{Key => Value}
-         end,
-    C = lists:foldl(
-        fun({["bridge", "mqtt", Name, Opt], Val}, Acc) ->
-                %% e.g #{aws => [{OptKey, OptVal}]}
-                Init = [{list_to_atom(Opt), Val},
-                        {connect_module, ConnMod(Name)},
-                        {subscriptions, Subscriptions(Name)},
-                        {queue, Queue(Name)}],
-                maps:update_with(list_to_atom(Name), fun(Opts) -> Merge(list_to_atom(Opt), Val, Opts) end, Init, Acc);
-           (_, Acc) -> Acc
-        end, #{}, lists:usort(cuttlefish_variable:filter_by_prefix("bridge.mqtt", Conf))),
-    C1 = maps:map(fun(Bn, Bc) ->
-                      maps:to_list(maps:fold(Translate, #{}, maps:from_list(Bc)))
-                  end, C),
-    maps:to_list(C1)
-end}.
diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_connect.erl b/apps/emqx_bridge_mqtt/src/emqx_bridge_connect.erl
deleted file mode 100644
index ece6002a7..000000000
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_connect.erl
+++ /dev/null
@@ -1,74 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_bridge_connect).
-
--export([start/2]).
-
--export_type([config/0, connection/0]).
-
--optional_callbacks([ensure_subscribed/3, ensure_unsubscribed/2]).
-
-%% map fields depend on implementation
--type(config() :: map()).
--type(connection() :: term()).
--type(batch() :: emqx_protal:batch()).
--type(ack_ref() :: emqx_bridge_worker:ack_ref()).
--type(topic() :: emqx_topic:topic()).
--type(qos() :: emqx_mqtt_types:qos()).
-
--include_lib("emqx/include/logger.hrl").
-
--logger_header("[Bridge Connect]").
-
-%% establish the connection to remote node/cluster
-%% protal worker (the caller process) should be expecting
-%% a message {disconnected, conn_ref()} when disconnected.
--callback start(config()) -> {ok, connection()} | {error, any()}.
-
-%% send to remote node/cluster
-%% bridge worker (the caller process) should be expecting
-%% a message {batch_ack, reference()} when batch is acknowledged by remote node/cluster
--callback send(connection(), batch()) -> {ok, ack_ref()} | {ok, integer()} | {error, any()}.
-
-%% called when owner is shutting down.
--callback stop(connection()) -> ok.
-
--callback ensure_subscribed(connection(), topic(), qos()) -> ok.
-
--callback ensure_unsubscribed(connection(), topic()) -> ok.
-
-start(Module, Config) ->
-    case Module:start(Config) of
-        {ok, Conn} ->
-            {ok, Conn};
-        {error, Reason} ->
-            Config1 = obfuscate(Config),
-            ?LOG(error, "Failed to connect with module=~p\n"
-                 "config=~p\nreason:~p", [Module, Config1, Reason]),
-            {error, Reason}
-    end.
-
-obfuscate(Map) ->
-    maps:fold(fun(K, V, Acc) ->
-                      case is_sensitive(K) of
-                          true -> [{K, '***'} | Acc];
-                          false -> [{K, V} | Acc]
-                      end
-              end, [], Map).
-
-is_sensitive(password) -> true;
-is_sensitive(_) -> false.
diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.erl b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.erl
index d612af668..8d442463b 100644
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt.erl
@@ -18,15 +18,11 @@
 
 -module(emqx_bridge_mqtt).
 
--behaviour(emqx_bridge_connect).
-
-%% behaviour callbacks
 -export([ start/1
         , send/2
         , stop/1
         ]).
 
-%% optional behaviour callbacks
 -export([ ensure_subscribed/3
         , ensure_unsubscribed/2
         ]).
@@ -37,6 +33,9 @@
         , handle_disconnected/2
         ]).
 
+-export([ check_subscriptions/1
+        ]).
+
 -include_lib("emqx/include/logger.hrl").
 -include_lib("emqx/include/emqx_mqtt.hrl").
 
@@ -49,26 +48,31 @@
 %% emqx_bridge_connect callbacks
 %%--------------------------------------------------------------------
 
-start(Config = #{address := Address}) ->
+start(Config) ->
     Parent = self(),
+    Address = maps:get(address, Config),
     Mountpoint = maps:get(receive_mountpoint, Config, undefined),
+    Subscriptions = maps:get(subscriptions, Config, []),
+    Subscriptions1 = check_subscriptions(Subscriptions),
     Handlers = make_hdlr(Parent, Mountpoint),
     {Host, Port} = case string:tokens(Address, ":") of
                        [H] -> {H, 1883};
                        [H, P] -> {H, list_to_integer(P)}
                    end,
-    ClientConfig = Config#{msg_handler => Handlers,
-                           host => Host,
-                           port => Port,
-                           force_ping => true
-                          },
-    case emqtt:start_link(replvar(ClientConfig)) of
+    Config1 = Config#{
+        msg_handler => Handlers,
+        host => Host,
+        port => Port,
+        force_ping => true,
+        proto_ver => maps:get(proto_ver, Config, v4)
+    },
+    case emqtt:start_link(without_config(Config1)) of
         {ok, Pid} ->
             case emqtt:connect(Pid) of
                 {ok, _} ->
                     try
-                        subscribe_remote_topics(Pid, maps:get(subscriptions, Config, [])),
-                        {ok, #{client_pid => Pid}}
+                        Subscriptions2 = subscribe_remote_topics(Pid, Subscriptions1),
+                        {ok, #{client_pid => Pid, subscriptions => Subscriptions2}}
                     catch
                         throw : Reason ->
                             ok = stop(#{client_pid => Pid}),
@@ -86,25 +90,25 @@ stop(#{client_pid := Pid}) ->
     safe_stop(Pid, fun() -> emqtt:stop(Pid) end, 1000),
     ok.
 
-ensure_subscribed(#{client_pid := Pid}, Topic, QoS) when is_pid(Pid) ->
+ensure_subscribed(#{client_pid := Pid, subscriptions := Subs} = Conn, Topic, QoS) when is_pid(Pid) ->
     case emqtt:subscribe(Pid, Topic, QoS) of
-        {ok, _, _} -> ok;
-        Error -> Error
+        {ok, _, _} -> Conn#{subscriptions => [{Topic, QoS}|Subs]};
+        Error -> {error, Error}
     end;
 ensure_subscribed(_Conn, _Topic, _QoS) ->
     %% return ok for now
     %% next re-connect should should call start with new topic added to config
     ok.
 
-ensure_unsubscribed(#{client_pid := Pid}, Topic) when is_pid(Pid) ->
+ensure_unsubscribed(#{client_pid := Pid, subscriptions := Subs} = Conn, Topic) when is_pid(Pid) ->
     case emqtt:unsubscribe(Pid, Topic) of
-        {ok, _, _} -> ok;
-        Error -> Error
+        {ok, _, _} -> Conn#{subscriptions => lists:keydelete(Topic, 1, Subs)};
+        Error -> {error, Error}
     end;
-ensure_unsubscribed(_, _) ->
+ensure_unsubscribed(Conn, _) ->
     %% return ok for now
     %% next re-connect should should call start with this topic deleted from config
-    ok.
+    Conn.
 
 safe_stop(Pid, StopF, Timeout) ->
     MRef = monitor(process, Pid),
@@ -169,36 +173,18 @@ make_hdlr(Parent, Mountpoint) ->
      }.
 
 subscribe_remote_topics(ClientPid, Subscriptions) ->
-    lists:foreach(fun({Topic, Qos}) ->
-                          case emqtt:subscribe(ClientPid, Topic, Qos) of
-                              {ok, _, _} -> ok;
-                              Error -> throw(Error)
-                          end
-                  end, Subscriptions).
+    lists:map(fun({Topic, Qos}) ->
+        case emqtt:subscribe(ClientPid, Topic, Qos) of
+            {ok, _, _} -> {Topic, Qos};
+            Error -> throw(Error)
+        end
+    end, Subscriptions).
 
-%%--------------------------------------------------------------------
-%% Internal funcs
-%%--------------------------------------------------------------------
+without_config(Config) ->
+    maps:without([conn_type, address, receive_mountpoint, subscriptions], Config).
 
-replvar(Options) ->
-    replvar([clientid, max_inflight], Options).
-
-replvar([], Options) ->
-    Options;
-replvar([Key|More], Options) ->
-    case maps:get(Key, Options, undefined) of
-        undefined ->
-            replvar(More, Options);
-        Val ->
-            replvar(More, maps:put(Key, feedvar(Key, Val, Options), Options))
-    end.
-
-%% ${node} => node()
-feedvar(clientid, ClientId, _) ->
-    iolist_to_binary(re:replace(ClientId, "\\${node}", atom_to_list(node())));
-
-feedvar(max_inflight, 0, _) ->
-    infinity;
-
-feedvar(max_inflight, Size, _) ->
-    Size.
+check_subscriptions(Subscriptions) ->
+    lists:map(fun(#{qos := QoS, topic := Topic}) ->
+        true = emqx_topic:validate({filter, Topic}),
+        {Topic, QoS}
+    end, Subscriptions).
diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_schema.erl b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_schema.erl
new file mode 100644
index 000000000..fcd2f2c1d
--- /dev/null
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_schema.erl
@@ -0,0 +1,89 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_bridge_mqtt_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+        , fields/1]).
+
+structs() -> ["emqx_bridge_mqtt"].
+
+fields("emqx_bridge_mqtt") ->
+    [ {bridges, hoconsc:array("bridges")}
+    ];
+
+fields("bridges") ->
+    [ {name, emqx_schema:t(string(), undefined, true)}
+    , {start_type, fun start_type/1}
+    , {forwards, fun forwards/1}
+    , {forward_mountpoint, emqx_schema:t(string())}
+    , {reconnect_interval, emqx_schema:t(emqx_schema:duration_ms(), undefined, "30s")}
+    , {batch_size, emqx_schema:t(integer(), undefined, 100)}
+    , {queue, emqx_schema:t(hoconsc:ref("queue"))}
+    , {config, hoconsc:union([hoconsc:ref("mqtt"), hoconsc:ref("rpc")])}
+    ];
+
+fields("mqtt") ->
+    [ {conn_type, fun conn_type/1}
+    , {address, emqx_schema:t(string(), undefined, "127.0.0.1:1883")}
+    , {proto_ver, fun proto_ver/1}
+    , {bridge_mode, emqx_schema:t(boolean(), undefined, true)}
+    , {clientid, emqx_schema:t(string())}
+    , {username, emqx_schema:t(string())}
+    , {password, emqx_schema:t(string())}
+    , {clean_start, emqx_schema:t(boolean(), undefined, true)}
+    , {keepalive, emqx_schema:t(integer(), undefined, 300)}
+    , {subscriptions, hoconsc:array("subscriptions")}
+    , {receive_mountpoint, emqx_schema:t(string())}
+    , {retry_interval, emqx_schema:t(emqx_schema:duration_ms(), undefined, "30s")}
+    , {max_inflight, emqx_schema:t(integer(), undefined, 32)}
+    ];
+
+fields("rpc") ->
+    [ {conn_type, fun conn_type/1}
+    , {node, emqx_schema:t(atom(), undefined, 'emqx@127.0.0.1')}
+    ];
+
+fields("subscriptions") ->
+    [ {topic, #{type => binary(), nullable => false}}
+    , {qos, emqx_schema:t(integer(), undefined, 1)}
+    ];
+
+fields("queue") ->
+    [ {replayq_dir, hoconsc:union([boolean(), string()])}
+    , {replayq_seg_bytes, emqx_schema:t(emqx_schema:bytesize(), undefined, "100MB")}
+    , {replayq_offload_mode, emqx_schema:t(boolean(), undefined, false)}
+    , {replayq_max_total_bytes, emqx_schema:t(emqx_schema:bytesize(), undefined, "1024MB")}
+    ].
+
+conn_type(type) -> hoconsc:enum([mqtt, rpc]);
+conn_type(_) -> undefined.
+
+proto_ver(type) -> hoconsc:enum([v3, v4, v5]);
+proto_ver(default) -> v4;
+proto_ver(_) -> undefined.
+
+start_type(type) -> hoconsc:enum([auto, manual]);
+start_type(default) -> auto;
+start_type(_) -> undefined.
+
+forwards(type) -> hoconsc:array(binary());
+forwards(default) -> [];
+forwards(_) -> undefined.
diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_sup.erl b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_sup.erl
index 80a11c1c0..0075b4a1d 100644
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_sup.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_sup.erl
@@ -24,37 +24,33 @@
 
 %% APIs
 -export([ start_link/0
-        , start_link/1
         ]).
 
--export([ create_bridge/2
+-export([ create_bridge/1
         , drop_bridge/1
         , bridges/0
-        , is_bridge_exist/1
         ]).
 
 %% supervisor callbacks
 -export([init/1]).
 
--define(SUP, ?MODULE).
 -define(WORKER_SUP, emqx_bridge_worker_sup).
 
-start_link() -> start_link(?SUP).
+start_link() ->
+    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
 
-start_link(Name) ->
-    supervisor:start_link({local, Name}, ?MODULE, Name).
-
-init(?SUP) ->
-    BridgesConf = application:get_env(?APP, bridges, []),
+init([]) ->
+    BridgesConf = emqx_config:get([?APP, bridges], []),
     BridgeSpec = lists:map(fun bridge_spec/1, BridgesConf),
     SupFlag = #{strategy => one_for_one,
                 intensity => 100,
                 period => 10},
     {ok, {SupFlag, BridgeSpec}}.
 
-bridge_spec({Name, Config}) ->
+bridge_spec(Config) ->
+    Name = list_to_atom(maps:get(name, Config)),
     #{id => Name,
-      start => {emqx_bridge_worker, start_link, [Name, Config]},
+      start => {emqx_bridge_worker, start_link, [Config]},
       restart => permanent,
       shutdown => 5000,
       type => worker,
@@ -62,22 +58,15 @@ bridge_spec({Name, Config}) ->
 
 -spec(bridges() -> [{node(), map()}]).
 bridges() ->
-    [{Name, emqx_bridge_worker:status(Pid)} || {Name, Pid, _, _} <- supervisor:which_children(?SUP)].
+    [{Name, emqx_bridge_worker:status(Name)} || {Name, _Pid, _, _} <- supervisor:which_children(?MODULE)].
 
--spec(is_bridge_exist(atom() | pid()) -> boolean()).
-is_bridge_exist(Id) ->
-    case supervisor:get_childspec(?SUP, Id) of
-        {ok, _ChildSpec} -> true;
-        {error, _Error} -> false
-    end.
+create_bridge(Config) ->
+    supervisor:start_child(?MODULE, bridge_spec(Config)).
 
-create_bridge(Id, Config) ->
-    supervisor:start_child(?SUP, bridge_spec({Id, Config})).
-
-drop_bridge(Id) ->
-    case supervisor:terminate_child(?SUP, Id) of
+drop_bridge(Name) ->
+    case supervisor:terminate_child(?MODULE, Name) of
         ok ->
-            supervisor:delete_child(?SUP, Id);
+            supervisor:delete_child(?MODULE, Name);
         {error, Error} ->
             ?LOG(error, "Delete bridge failed, error : ~p", [Error]),
             {error, Error}
diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_rpc.erl b/apps/emqx_bridge_mqtt/src/emqx_bridge_rpc.erl
index 0cf4b5bc5..33511cc03 100644
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_rpc.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_rpc.erl
@@ -18,9 +18,6 @@
 
 -module(emqx_bridge_rpc).
 
--behaviour(emqx_bridge_connect).
-
-%% behaviour callbacks
 -export([ start/1
         , send/2
         , stop/1
@@ -33,17 +30,15 @@
 
 -type ack_ref() :: emqx_bridge_worker:ack_ref().
 -type batch() :: emqx_bridge_worker:batch().
--type node_or_tuple() :: atom() | {atom(), term()}.
-
 -define(HEARTBEAT_INTERVAL, timer:seconds(1)).
 
 -define(RPC, emqx_rpc).
 
-start(#{address := Remote}) ->
-    case poke(Remote) of
+start(#{node := RemoteNode}) ->
+    case poke(RemoteNode) of
         ok ->
-            Pid = proc_lib:spawn_link(?MODULE, heartbeat, [self(), Remote]),
-            {ok, #{client_pid => Pid, address => Remote}};
+            Pid = proc_lib:spawn_link(?MODULE, heartbeat, [self(), RemoteNode]),
+            {ok, #{client_pid => Pid, remote_node => RemoteNode}};
         Error ->
             Error
     end.
@@ -62,9 +57,9 @@ stop(#{client_pid := Pid}) when is_pid(Pid) ->
     ok.
 
 %% @doc Callback for `emqx_bridge_connect' behaviour
--spec send(#{address := node_or_tuple(), _ => _}, batch()) -> {ok, ack_ref()} | {error, any()}.
-send(#{address := Remote}, Batch) ->
-    case ?RPC:call(Remote, ?MODULE, handle_send, [Batch]) of
+-spec send(#{remote_node := atom(), _ => _}, batch()) -> {ok, ack_ref()} | {error, any()}.
+send(#{remote_node := RemoteNode}, Batch) ->
+    case ?RPC:call(RemoteNode, ?MODULE, handle_send, [Batch]) of
         ok ->
             Ref = make_ref(),
             self() ! {batch_ack, Ref},
@@ -93,8 +88,8 @@ heartbeat(Parent, RemoteNode) ->
             end
     end.
 
-poke(Node) ->
-    case ?RPC:call(Node, erlang, node, []) of
-        Node -> ok;
+poke(RemoteNode) ->
+    case ?RPC:call(RemoteNode, erlang, node, []) of
+        RemoteNode -> ok;
         {badrpc, Reason} -> {error, Reason}
     end.
diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_worker.erl b/apps/emqx_bridge_mqtt/src/emqx_bridge_worker.erl
index e7414683c..dfef6973e 100644
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_worker.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_worker.erl
@@ -66,7 +66,6 @@
 
 %% APIs
 -export([ start_link/1
-        , start_link/2
         , register_metrics/0
         , stop/1
         ]).
@@ -86,7 +85,6 @@
 %% management APIs
 -export([ ensure_started/1
         , ensure_stopped/1
-        , ensure_stopped/2
         , status/1
         ]).
 
@@ -125,14 +123,13 @@
 -define(DEFAULT_RECONNECT_DELAY_MS, timer:seconds(5)).
 -define(DEFAULT_SEG_BYTES, (1 bsl 20)).
 -define(DEFAULT_MAX_TOTAL_SIZE, (1 bsl 31)).
--define(NO_BRIDGE_HANDLER, undefined).
 
 %% @doc Start a bridge worker. Supported configs:
 %% start_type: 'manual' (default) or 'auto', when manual, bridge will stay
 %%      at 'idle' state until a manual call to start it.
 %% connect_module: The module which implements emqx_bridge_connect behaviour
 %%      and work as message batch transport layer
-%% reconnect_delay_ms: Delay in milli-seconds for the bridge worker to retry
+%% reconnect_interval: Delay in milli-seconds for the bridge worker to retry
 %%      in case of transportation failure.
 %% max_inflight: Max number of batches allowed to send-ahead before receiving
 %%       confirmation from remote node/cluster
@@ -148,128 +145,98 @@
 %%
 %% Find more connection specific configs in the callback modules
 %% of emqx_bridge_connect behaviour.
-start_link(Config) when is_list(Config) ->
-    start_link(maps:from_list(Config));
-start_link(Config) ->
-    gen_statem:start_link(?MODULE, Config, []).
-
-start_link(Name, Config) when is_list(Config) ->
-    start_link(Name, maps:from_list(Config));
-start_link(Name, Config) ->
-    Name1 = name(Name),
-    gen_statem:start_link({local, Name1}, ?MODULE, Config#{name => Name1}, []).
+start_link(Opts) when is_list(Opts) ->
+    start_link(maps:from_list(Opts));
+start_link(Opts) ->
+    case maps:get(name, Opts, undefined) of
+        undefined ->
+            gen_statem:start_link(?MODULE, Opts, []);
+        Name ->
+            Name1 = name(Name),
+            gen_statem:start_link({local, Name1}, ?MODULE, Opts#{name => Name1}, [])
+    end.
 
 ensure_started(Name) ->
     gen_statem:call(name(Name), ensure_started).
 
 %% @doc Manually stop bridge worker. State idempotency ensured.
-ensure_stopped(Id) ->
-    ensure_stopped(Id, 1000).
-
-ensure_stopped(Id, Timeout) ->
-    Pid = case id(Id) of
-              P when is_pid(P) -> P;
-              N -> whereis(N)
-          end,
-    case Pid of
-        undefined ->
-            ok;
-        _ ->
-            MRef = monitor(process, Pid),
-            unlink(Pid),
-            _ = gen_statem:call(id(Id), ensure_stopped, Timeout),
-            receive
-                {'DOWN', MRef, _, _, _} ->
-                    ok
-            after
-                Timeout ->
-                    exit(Pid, kill)
-            end
-    end.
+ensure_stopped(Name) ->
+    gen_statem:call(name(Name), ensure_stopped, 5000).
 
 stop(Pid) -> gen_statem:stop(Pid).
 
 status(Pid) when is_pid(Pid) ->
     gen_statem:call(Pid, status);
-status(Id) ->
-    gen_statem:call(name(Id), status).
+status(Name) ->
+    gen_statem:call(name(Name), status).
 
 %% @doc Return all forwards (local subscriptions).
 -spec get_forwards(id()) -> [topic()].
-get_forwards(Id) -> gen_statem:call(id(Id), get_forwards, timer:seconds(1000)).
+get_forwards(Name) -> gen_statem:call(name(Name), get_forwards, timer:seconds(1000)).
 
 %% @doc Return all subscriptions (subscription over mqtt connection to remote broker).
 -spec get_subscriptions(id()) -> [{emqx_topic:topic(), qos()}].
-get_subscriptions(Id) -> gen_statem:call(id(Id), get_subscriptions).
+get_subscriptions(Name) -> gen_statem:call(name(Name), get_subscriptions).
 
 %% @doc Add a new forward (local topic subscription).
 -spec ensure_forward_present(id(), topic()) -> ok.
-ensure_forward_present(Id, Topic) ->
-    gen_statem:call(id(Id), {ensure_present, forwards, topic(Topic)}).
+ensure_forward_present(Name, Topic) ->
+    gen_statem:call(name(Name), {ensure_forward_present, topic(Topic)}).
 
 %% @doc Ensure a forward topic is deleted.
 -spec ensure_forward_absent(id(), topic()) -> ok.
-ensure_forward_absent(Id, Topic) ->
-    gen_statem:call(id(Id), {ensure_absent, forwards, topic(Topic)}).
+ensure_forward_absent(Name, Topic) ->
+    gen_statem:call(name(Name), {ensure_forward_absent, topic(Topic)}).
 
 %% @doc Ensure subscribed to remote topic.
 %% NOTE: only applicable when connection module is emqx_bridge_mqtt
 %%       return `{error, no_remote_subscription_support}' otherwise.
 -spec ensure_subscription_present(id(), topic(), qos()) -> ok | {error, any()}.
-ensure_subscription_present(Id, Topic, QoS) ->
-    gen_statem:call(id(Id), {ensure_present, subscriptions, {topic(Topic), QoS}}).
+ensure_subscription_present(Name, Topic, QoS) ->
+    gen_statem:call(name(Name), {ensure_subscription_present, topic(Topic), QoS}).
 
 %% @doc Ensure unsubscribed from remote topic.
 %% NOTE: only applicable when connection module is emqx_bridge_mqtt
 -spec ensure_subscription_absent(id(), topic()) -> ok.
-ensure_subscription_absent(Id, Topic) ->
-    gen_statem:call(id(Id), {ensure_absent, subscriptions, topic(Topic)}).
+ensure_subscription_absent(Name, Topic) ->
+    gen_statem:call(name(Name), {ensure_subscription_absent, topic(Topic)}).
 
 callback_mode() -> [state_functions].
 
 %% @doc Config should be a map().
-init(Config) ->
+init(Opts) ->
     erlang:process_flag(trap_exit, true),
-    ConnectModule = maps:get(connect_module, Config),
-    Subscriptions = maps:get(subscriptions, Config, []),
-    Forwards = maps:get(forwards, Config, []),
-    Queue = open_replayq(Config),
-    State = init_opts(Config),
-    Topics = [iolist_to_binary(T) || T <- Forwards],
-    Subs = check_subscriptions(Subscriptions),
-    ConnectCfg = get_conn_cfg(Config),
+    ConnectOpts = maps:get(config, Opts),
+    ConnectModule = conn_type(maps:get(conn_type, ConnectOpts)),
+    Forwards = maps:get(forwards, Opts, []),
+    Queue = open_replayq(maps:get(queue, Opts, #{})),
+    State = init_opts(Opts),
     self() ! idle,
     {ok, idle, State#{connect_module => ConnectModule,
-                      connect_cfg => ConnectCfg,
-                      forwards => Topics,
-                      subscriptions => Subs,
+                      connect_opts => ConnectOpts,
+                      forwards => Forwards,
                       replayq => Queue
                      }}.
 
-init_opts(Config) ->
-    IfRecordMetrics = maps:get(if_record_metrics, Config, true),
-    ReconnDelayMs = maps:get(reconnect_delay_ms, Config, ?DEFAULT_RECONNECT_DELAY_MS),
-    StartType = maps:get(start_type, Config, manual),
-    BridgeHandler = maps:get(bridge_handler, Config, ?NO_BRIDGE_HANDLER),
-    Mountpoint = maps:get(forward_mountpoint, Config, undefined),
-    ReceiveMountpoint = maps:get(receive_mountpoint, Config, undefined),
-    MaxInflightSize = maps:get(max_inflight, Config, ?DEFAULT_BATCH_SIZE),
-    BatchSize = maps:get(batch_size, Config, ?DEFAULT_BATCH_SIZE),
-    Name = maps:get(name, Config, undefined),
+init_opts(Opts) ->
+    IfRecordMetrics = maps:get(if_record_metrics, Opts, true),
+    ReconnDelayMs = maps:get(reconnect_interval, Opts, ?DEFAULT_RECONNECT_DELAY_MS),
+    StartType = maps:get(start_type, Opts, manual),
+    Mountpoint = maps:get(forward_mountpoint, Opts, undefined),
+    MaxInflightSize = maps:get(max_inflight, Opts, ?DEFAULT_BATCH_SIZE),
+    BatchSize = maps:get(batch_size, Opts, ?DEFAULT_BATCH_SIZE),
+    Name = maps:get(name, Opts, undefined),
     #{start_type => StartType,
-      reconnect_delay_ms => ReconnDelayMs,
+      reconnect_interval => ReconnDelayMs,
       batch_size => BatchSize,
       mountpoint => format_mountpoint(Mountpoint),
-      receive_mountpoint => ReceiveMountpoint,
       inflight => [],
       max_inflight => MaxInflightSize,
       connection => undefined,
-      bridge_handler => BridgeHandler,
       if_record_metrics => IfRecordMetrics,
       name => Name}.
 
-open_replayq(Config) ->
-    QCfg = maps:get(queue, Config, #{}),
+open_replayq(QCfg) ->
     Dir = maps:get(replayq_dir, QCfg, undefined),
     SegBytes = maps:get(replayq_seg_bytes, QCfg, ?DEFAULT_SEG_BYTES),
     MaxTotalSize = maps:get(max_total_size, QCfg, ?DEFAULT_MAX_TOTAL_SIZE),
@@ -280,22 +247,6 @@ open_replayq(Config) ->
     replayq:open(QueueConfig#{sizer => fun emqx_bridge_msg:estimate_size/1,
                               marshaller => fun ?MODULE:msg_marshaller/1}).
 
-check_subscriptions(Subscriptions) ->
-    lists:map(fun({Topic, QoS}) ->
-        Topic1 = iolist_to_binary(Topic),
-        true = emqx_topic:validate({filter, Topic1}),
-        {Topic1, QoS}
-    end, Subscriptions).
-
-get_conn_cfg(Config) ->
-    maps:without([connect_module,
-                  queue,
-                  reconnect_delay_ms,
-                  forwards,
-                  mountpoint,
-                  name
-                 ], Config).
-
 code_change(_Vsn, State, Data, _Extra) ->
     {ok, State, Data}.
 
@@ -321,14 +272,10 @@ idle(info, idle, #{start_type := auto} = State) ->
 idle(state_timeout, reconnect, State) ->
     connecting(State);
 
-idle(info, {batch_ack, Ref}, State) ->
-    NewState = handle_batch_ack(State, Ref),
-    {keep_state, NewState};
-
 idle(Type, Content, State) ->
     common(idle, Type, Content, State).
 
-connecting(#{reconnect_delay_ms := ReconnectDelayMs} = State) ->
+connecting(#{reconnect_interval := ReconnectDelayMs} = State) ->
     case do_connect(State) of
         {ok, State1} ->
             {next_state, connected, State1, {state_timeout, 0, connected}};
@@ -348,7 +295,7 @@ connected(internal, maybe_send, State) ->
     {keep_state, NewState};
 
 connected(info, {disconnected, Conn, Reason},
-          #{connection := Connection, name := Name, reconnect_delay_ms := ReconnectDelayMs} = State) ->
+          #{connection := Connection, name := Name, reconnect_interval := ReconnectDelayMs} = State) ->
     ?tp(info, disconnected, #{name => Name, reason => Reason}),
     case Conn =:= maps:get(client_pid, Connection, undefined)  of
         true ->
@@ -365,19 +312,27 @@ connected(Type, Content, State) ->
 %% Common handlers
 common(StateName, {call, From}, status, _State) ->
     {keep_state_and_data, [{reply, From, StateName}]};
-common(_StateName, {call, From}, ensure_started, _State) ->
-    {keep_state_and_data, [{reply, From, connected}]};
-common(_StateName, {call, From}, ensure_stopped, _State) ->
-    {stop_and_reply, {shutdown, manual}, [{reply, From, ok}]};
+common(_StateName, {call, From}, ensure_stopped, #{connection := undefined} = _State) ->
+    {keep_state_and_data, [{reply, From, ok}]};
+common(_StateName, {call, From}, ensure_stopped, #{connection := Conn,
+                                                   connect_module := ConnectModule} = State) ->
+    Reply = ConnectModule:stop(Conn),
+    {next_state, idle, State#{connection => undefined}, [{reply, From, Reply}]};
 common(_StateName, {call, From}, get_forwards, #{forwards := Forwards}) ->
     {keep_state_and_data, [{reply, From, Forwards}]};
-common(_StateName, {call, From}, get_subscriptions, #{subscriptions := Subs}) ->
-    {keep_state_and_data, [{reply, From, Subs}]};
-common(_StateName, {call, From}, {ensure_present, What, Topic}, State) ->
-    {Result, NewState} = ensure_present(What, Topic, State),
+common(_StateName, {call, From}, get_subscriptions, #{connection := Connection}) ->
+    {keep_state_and_data, [{reply, From, maps:get(subscriptions, Connection, [])}]};
+common(_StateName, {call, From}, {ensure_forward_present, Topic}, State) ->
+    {Result, NewState} = do_ensure_forward_present(Topic, State),
     {keep_state, NewState, [{reply, From, Result}]};
-common(_StateName, {call, From}, {ensure_absent, What, Topic}, State) ->
-    {Result, NewState} = ensure_absent(What, Topic, State),
+common(_StateName, {call, From}, {ensure_subscription_present, Topic, QoS}, State) ->
+    {Result, NewState} = do_ensure_subscription_present(Topic, QoS, State),
+    {keep_state, NewState, [{reply, From, Result}]};
+common(_StateName, {call, From}, {ensure_forward_absent, Topic}, State) ->
+    {Result, NewState} = do_ensure_forward_absent(Topic, State),
+    {keep_state, NewState, [{reply, From, Result}]};
+common(_StateName, {call, From}, {ensure_subscription_absent, Topic}, State) ->
+    {Result, NewState} = do_ensure_subscription_absent(Topic, State),
     {keep_state, NewState, [{reply, From, Result}]};
 common(_StateName, info, {deliver, _, Msg},
        State = #{replayq := Q, if_record_metrics := IfRecordMetric}) ->
@@ -395,77 +350,79 @@ common(StateName, Type, Content, #{name := Name} = State) ->
           [Name, Type, StateName, Content]),
     {keep_state, State}.
 
-eval_bridge_handler(State = #{bridge_handler := ?NO_BRIDGE_HANDLER}, _Msg) ->
-    State;
-eval_bridge_handler(State = #{bridge_handler := Handler}, Msg) ->
-    Handler(Msg),
-    State.
-
-ensure_present(Key, Topic, State) ->
-    Topics = maps:get(Key, State),
-    case is_topic_present(Topic, Topics) of
+do_ensure_forward_present(Topic, #{forwards := Forwards, name := Name} = State) ->
+    case is_topic_present(Topic, Forwards) of
         true ->
             {ok, State};
         false ->
-            R = do_ensure_present(Key, Topic, State),
-            {R, State#{Key := lists:usort([Topic | Topics])}}
+            R = subscribe_local_topic(Topic, Name),
+            {R, State#{forwards => [Topic | Forwards]}}
     end.
 
-ensure_absent(Key, Topic, State) ->
-    Topics = maps:get(Key, State),
-    case is_topic_present(Topic, Topics) of
+do_ensure_subscription_present(_Topic, _QoS, #{connection := undefined} = State) ->
+    {{error, no_connection}, State};
+do_ensure_subscription_present(_Topic, _QoS, #{connect_module := emqx_bridge_rpc} = State) ->
+    {{error, no_remote_subscription_support}, State};
+do_ensure_subscription_present(Topic, QoS, #{connect_module := ConnectModule,
+                                          connection := Conn} = State) ->
+    case is_topic_present(Topic, maps:get(subscriptions, Conn, [])) of
         true ->
-            R = do_ensure_absent(Key, Topic, State),
-            {R, State#{Key := ensure_topic_absent(Topic, Topics)}};
+            {ok, State};
+        false ->
+            case ConnectModule:ensure_subscribed(Conn, Topic, QoS) of
+                {error, Error} ->
+                    {{error, Error}, State};
+                Conn1 ->
+                    {ok, State#{connection => Conn1}}
+            end
+    end.
+
+do_ensure_forward_absent(Topic, #{forwards := Forwards} = State) ->
+    case is_topic_present(Topic, Forwards) of
+        true ->
+            R = do_unsubscribe(Topic),
+            {R, State#{forwards => lists:delete(Topic, Forwards)}};
+        false ->
+            {ok, State}
+    end.
+do_ensure_subscription_absent(_Topic, #{connection := undefined} = State) ->
+    {{error, no_connection}, State};
+do_ensure_subscription_absent(_Topic, #{connect_module := emqx_bridge_rpc} = State) ->
+    {{error, no_remote_subscription_support}, State};
+do_ensure_subscription_absent(Topic, #{connect_module := ConnectModule,
+                                       connection := Conn} = State) ->
+    case is_topic_present(Topic, maps:get(subscriptions, Conn, [])) of
+        true ->
+            case ConnectModule:ensure_unsubscribed(Conn, Topic) of
+                {error, Error} ->
+                    {{error, Error}, State};
+                Conn1 ->
+                    {ok, State#{connection => Conn1}}
+            end;
         false ->
             {ok, State}
     end.
 
-ensure_topic_absent(_Topic, []) -> [];
-ensure_topic_absent(Topic, [{_, _} | _] = L) -> lists:keydelete(Topic, 1, L);
-ensure_topic_absent(Topic, L) -> lists:delete(Topic, L).
-
-is_topic_present({Topic, _QoS}, Topics) ->
-    is_topic_present(Topic, Topics);
 is_topic_present(Topic, Topics) ->
     lists:member(Topic, Topics) orelse false =/= lists:keyfind(Topic, 1, Topics).
 
 do_connect(#{forwards := Forwards,
-             subscriptions := Subs,
              connect_module := ConnectModule,
-             connect_cfg := ConnectCfg,
+             connect_opts := ConnectOpts,
              inflight := Inflight,
              name := Name} = State) ->
     ok = subscribe_local_topics(Forwards, Name),
-    case emqx_bridge_connect:start(ConnectModule, ConnectCfg#{subscriptions => Subs}) of
+    case ConnectModule:start(ConnectOpts) of
         {ok, Conn} ->
-            Res = eval_bridge_handler(State#{connection => Conn}, connected),
             ?tp(info, connected, #{name => Name, inflight => length(Inflight)}),
-            {ok, Res};
+            {ok, State#{connection => Conn}};
         {error, Reason} ->
+            ConnectOpts1 = obfuscate(ConnectOpts),
+            ?LOG(error, "Failed to connect with module=~p\n"
+                 "config=~p\nreason:~p", [ConnectModule, ConnectOpts1, Reason]),
             {error, Reason, State}
     end.
 
-do_ensure_present(forwards, Topic, #{name := Name}) ->
-    subscribe_local_topic(Topic, Name);
-do_ensure_present(subscriptions, _Topic, #{connection := undefined}) ->
-    {error, no_connection};
-do_ensure_present(subscriptions, _Topic, #{connect_module := emqx_bridge_rpc}) ->
-    {error, no_remote_subscription_support};
-do_ensure_present(subscriptions, {Topic, QoS}, #{connect_module := ConnectModule,
-                                                 connection := Conn}) ->
-    ConnectModule:ensure_subscribed(Conn, Topic, QoS).
-
-do_ensure_absent(forwards, Topic, _) ->
-    do_unsubscribe(Topic);
-do_ensure_absent(subscriptions, _Topic, #{connection := undefined}) ->
-    {error, no_connection};
-do_ensure_absent(subscriptions, _Topic, #{connect_module := emqx_bridge_rpc}) ->
-    {error, no_remote_subscription_support};
-do_ensure_absent(subscriptions, Topic, #{connect_module := ConnectModule,
-                                         connection := Conn}) ->
-    ConnectModule:ensure_unsubscribed(Conn, Topic).
-
 collect(Acc) ->
     receive
         {deliver, _, Msg} ->
@@ -605,10 +562,9 @@ disconnect(#{connection := Conn,
              connect_module := Module
             } = State) when Conn =/= undefined ->
     Module:stop(Conn),
-    State0 = State#{connection => undefined},
-    eval_bridge_handler(State0, disconnected);
+    State#{connection => undefined};
 disconnect(State) ->
-    eval_bridge_handler(State, disconnected).
+        State.
 
 %% Called only when replayq needs to dump it to disk.
 msg_marshaller(Bin) when is_binary(Bin) -> emqx_bridge_msg:from_binary(Bin);
@@ -621,9 +577,6 @@ format_mountpoint(Prefix) ->
 
 name(Id) -> list_to_atom(lists:concat([?MODULE, "_", Id])).
 
-id(Pid) when is_pid(Pid) -> Pid;
-id(Name) -> name(Name).
-
 register_metrics() ->
     lists:foreach(fun emqx_metrics:ensure/1,
                   ['bridge.mqtt.message_sent',
@@ -639,3 +592,21 @@ bridges_metrics_inc(true, Metric, Value) ->
     emqx_metrics:inc(Metric, Value);
 bridges_metrics_inc(_IsRecordMetric, _Metric, _Value) ->
     ok.
+
+obfuscate(Map) ->
+    maps:fold(fun(K, V, Acc) ->
+                      case is_sensitive(K) of
+                          true -> [{K, '***'} | Acc];
+                          false -> [{K, V} | Acc]
+                      end
+              end, [], Map).
+
+is_sensitive(password) -> true;
+is_sensitive(_) -> false.
+
+conn_type(rpc) ->
+    emqx_bridge_rpc;
+conn_type(mqtt) ->
+    emqx_bridge_mqtt;
+conn_type(Mod) when is_atom(Mod) ->
+    Mod.
diff --git a/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_tests.erl b/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_tests.erl
index 830fb1fe0..5babe0ed9 100644
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_tests.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_tests.erl
@@ -44,4 +44,4 @@ send_and_ack_test() ->
         ok = emqx_bridge_mqtt:stop(Conn)
     after
         meck:unload(emqtt)
-    end.
\ No newline at end of file
+    end.
diff --git a/apps/emqx_bridge_mqtt/test/emqx_bridge_rpc_tests.erl b/apps/emqx_bridge_mqtt/test/emqx_bridge_rpc_tests.erl
index fdcc25d5f..cbd80ba3d 100644
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_rpc_tests.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_rpc_tests.erl
@@ -30,8 +30,8 @@ send_and_ack_test() ->
                 end),
     meck:new(emqx_bridge_worker, [passthrough, no_history]),
     try
-        {ok, #{client_pid := Pid, address := Node}} = emqx_bridge_rpc:start(#{address => node()}),
-        {ok, Ref} = emqx_bridge_rpc:send(#{address => Node}, []),
+        {ok, #{client_pid := Pid, remote_node := Node}} = emqx_bridge_rpc:start(#{node => node()}),
+        {ok, Ref} = emqx_bridge_rpc:send(#{remote_node => Node}, []),
         receive
             {batch_ack, Ref} ->
                 ok
diff --git a/apps/emqx_bridge_mqtt/test/emqx_bridge_stub_conn.erl b/apps/emqx_bridge_mqtt/test/emqx_bridge_stub_conn.erl
index d38663fcd..4c2fde6dd 100644
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_stub_conn.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_stub_conn.erl
@@ -16,9 +16,6 @@
 
 -module(emqx_bridge_stub_conn).
 
--behaviour(emqx_bridge_connect).
-
-%% behaviour callbacks
 -export([ start/1
         , send/2
         , stop/1
diff --git a/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_SUITE.erl b/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_SUITE.erl
index 680756742..f3f5d5ceb 100644
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_SUITE.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_SUITE.erl
@@ -59,13 +59,12 @@ init_per_suite(Config) ->
         nonode@nohost -> net_kernel:start(['emqx@127.0.0.1', longnames]);
         _ -> ok
     end,
-    ok = application:set_env(gen_rpc, tcp_client_num, 1),
-    emqx_ct_helpers:start_apps([emqx_modules, emqx_bridge_mqtt]),
+    emqx_ct_helpers:start_apps([emqx_bridge_mqtt]),
     emqx_logger:set_log_level(error),
     [{log_level, error} | Config].
 
 end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_bridge_mqtt, emqx_modules]).
+    emqx_ct_helpers:stop_apps([emqx_bridge_mqtt]).
 
 init_per_testcase(_TestCase, Config) ->
     ok = snabbkaffe:start_trace(),
@@ -74,260 +73,290 @@ init_per_testcase(_TestCase, Config) ->
 end_per_testcase(_TestCase, _Config) ->
     ok = snabbkaffe:stop().
 
-t_mngr(Config) when is_list(Config) ->
-    Subs = [{<<"a">>, 1}, {<<"b">>, 2}],
-    Cfg = #{address => node(),
-            forwards => [<<"mngr">>],
-            connect_module => emqx_bridge_rpc,
-            mountpoint => <<"forwarded">>,
-            subscriptions => Subs,
-            start_type => auto},
-    Name = ?FUNCTION_NAME,
-    {ok, Pid} = emqx_bridge_worker:start_link(Name, Cfg),
-    try
-        ?assertEqual([<<"mngr">>], emqx_bridge_worker:get_forwards(Name)),
-        ?assertEqual(ok, emqx_bridge_worker:ensure_forward_present(Name, "mngr")),
-        ?assertEqual(ok, emqx_bridge_worker:ensure_forward_present(Name, "mngr2")),
-        ?assertEqual([<<"mngr">>, <<"mngr2">>], emqx_bridge_worker:get_forwards(Pid)),
-        ?assertEqual(ok, emqx_bridge_worker:ensure_forward_absent(Name, "mngr2")),
-        ?assertEqual(ok, emqx_bridge_worker:ensure_forward_absent(Name, "mngr3")),
-        ?assertEqual([<<"mngr">>], emqx_bridge_worker:get_forwards(Pid)),
-        ?assertEqual({error, no_remote_subscription_support},
-                     emqx_bridge_worker:ensure_subscription_present(Pid, <<"t">>, 0)),
-        ?assertEqual({error, no_remote_subscription_support},
-                     emqx_bridge_worker:ensure_subscription_absent(Pid, <<"t">>)),
-        ?assertEqual(Subs, emqx_bridge_worker:get_subscriptions(Pid))
-    after
-        ok = emqx_bridge_worker:stop(Pid)
-    end.
+t_rpc_mngr(_Config) ->
+    Name = "rpc_name",
+    Cfg = #{
+        name => Name,
+        forwards => [<<"mngr">>],
+        forward_mountpoint => <<"forwarded">>,
+        start_type => auto,
+        config => #{
+            conn_type => rpc,
+            node => node()
+        }
+    },
+    {ok, Pid} = emqx_bridge_mqtt_sup:create_bridge(Cfg),
+    ?assertEqual([<<"mngr">>], emqx_bridge_worker:get_forwards(Name)),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_forward_present(Name, "mngr")),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_forward_present(Name, "mngr2")),
+    ?assertEqual([<<"mngr2">>, <<"mngr">>], emqx_bridge_worker:get_forwards(Name)),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_forward_absent(Name, "mngr2")),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_forward_absent(Name, "mngr3")),
+    ?assertEqual([<<"mngr">>], emqx_bridge_worker:get_forwards(Name)),
+    ?assertEqual({error, no_remote_subscription_support},
+                    emqx_bridge_worker:ensure_subscription_present(Name, <<"t">>, 0)),
+    ?assertEqual({error, no_remote_subscription_support},
+                    emqx_bridge_worker:ensure_subscription_absent(Name, <<"t">>)),
+    ok = emqx_bridge_worker:stop(Pid).
+
+t_mqtt_mngr(_Config) ->
+    Name = "mqtt_name",
+    Cfg = #{
+        name => Name,
+        forwards => [<<"mngr">>],
+        forward_mountpoint => <<"forwarded">>,
+        start_type => auto,
+        config => #{
+            address => "127.0.0.1:1883",
+            conn_type => mqtt,
+            clientid => <<"client1">>,
+            keepalive => 300,
+            subscriptions => [#{topic => <<"t/#">>, qos => 1}]
+        }
+    },
+    {ok, Pid} = emqx_bridge_mqtt_sup:create_bridge(Cfg),
+    ?assertEqual([<<"mngr">>], emqx_bridge_worker:get_forwards(Name)),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_forward_present(Name, "mngr")),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_forward_present(Name, "mngr2")),
+    ?assertEqual([<<"mngr2">>, <<"mngr">>], emqx_bridge_worker:get_forwards(Name)),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_forward_absent(Name, "mngr2")),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_forward_absent(Name, "mngr3")),
+    ?assertEqual([<<"mngr">>], emqx_bridge_worker:get_forwards(Name)),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_subscription_present(Name, <<"t">>, 0)),
+    ?assertEqual(ok, emqx_bridge_worker:ensure_subscription_absent(Name, <<"t">>)),
+    ?assertEqual([{<<"t/#">>,1}], emqx_bridge_worker:get_subscriptions(Name)),
+    ok = emqx_bridge_worker:stop(Pid).
 
 %% A loopback RPC to local node
-t_rpc(Config) when is_list(Config) ->
-    Cfg = #{address => node(),
-            forwards => [<<"t_rpc/#">>],
-            connect_module => emqx_bridge_rpc,
-            forward_mountpoint => <<"forwarded">>,
-            start_type => auto},
-    {ok, Pid} = emqx_bridge_worker:start_link(?FUNCTION_NAME, Cfg),
-    ClientId = <<"ClientId">>,
-    try
-        {ok, ConnPid} = emqtt:start_link([{clientid, ClientId}]),
-        {ok, _Props} = emqtt:connect(ConnPid),
-        {ok, _Props, [1]} = emqtt:subscribe(ConnPid, {<<"forwarded/t_rpc/one">>, ?QOS_1}),
-        timer:sleep(100),
-        {ok, _PacketId} = emqtt:publish(ConnPid, <<"t_rpc/one">>, <<"hello">>, ?QOS_1),
-        timer:sleep(100),
-        ?assertEqual(1, length(receive_messages(1))),
-        emqtt:disconnect(ConnPid)
-    after
-        ok = emqx_bridge_worker:stop(Pid)
-    end.
+t_rpc(_Config) ->
+    Name = "rpc",
+    Cfg = #{
+        name => Name,
+        forwards => [<<"t_rpc/#">>],
+        forward_mountpoint => <<"forwarded">>,
+        start_type => auto,
+        config => #{
+            conn_type => rpc,
+            node => node()
+        }
+    },
+    {ok, Pid} = emqx_bridge_mqtt_sup:create_bridge(Cfg),
+    {ok, ConnPid} = emqtt:start_link([{clientid, <<"ClientId">>}]),
+    {ok, _Props} = emqtt:connect(ConnPid),
+    {ok, _Props, [1]} = emqtt:subscribe(ConnPid, {<<"forwarded/t_rpc/one">>, ?QOS_1}),
+    timer:sleep(100),
+    {ok, _PacketId} = emqtt:publish(ConnPid, <<"t_rpc/one">>, <<"hello">>, ?QOS_1),
+    timer:sleep(100),
+    ?assertEqual(1, length(receive_messages(1))),
+    emqtt:disconnect(ConnPid),
+    emqx_bridge_worker:stop(Pid).
 
 %% Full data loopback flow explained:
 %% mqtt-client ----> local-broker ---(local-subscription)--->
 %% bridge(export) --- (mqtt-connection)--> local-broker ---(remote-subscription) -->
 %% bridge(import) --> mqtt-client
-t_mqtt(Config) when is_list(Config) ->
+t_mqtt(_Config) ->
     SendToTopic = <<"t_mqtt/one">>,
     SendToTopic2 = <<"t_mqtt/two">>,
     SendToTopic3 = <<"t_mqtt/three">>,
     Mountpoint = <<"forwarded/${node}/">>,
-    Cfg = #{address => "127.0.0.1:1883",
-            forwards => [SendToTopic],
-            connect_module => emqx_bridge_mqtt,
-            forward_mountpoint => Mountpoint,
-            username => "user",
-            clean_start => true,
-            clientid => "bridge_aws",
-            keepalive => 60000,
-            password => "passwd",
-            proto_ver => mqttv4,
-            queue => #{replayq_dir => "data/t_mqtt/",
-                       replayq_seg_bytes => 10000,
-                       batch_bytes_limit => 1000,
-                       batch_count_limit => 10
-                      },
-            reconnect_delay_ms => 1000,
-            ssl => false,
-            %% Consume back to forwarded message for verification
-            %% NOTE: this is a indefenite loopback without mocking emqx_bridge_worker:import_batch/1
-            subscriptions => [{SendToTopic2, _QoS = 1}],
-            receive_mountpoint => <<"receive/aws/">>,
-            start_type => auto},
-    {ok, Pid} = emqx_bridge_worker:start_link(?FUNCTION_NAME, Cfg),
-    ClientId = <<"client-1">>,
-    try
-        ?assertEqual([{SendToTopic2, 1}], emqx_bridge_worker:get_subscriptions(Pid)),
-        ok = emqx_bridge_worker:ensure_subscription_present(Pid, SendToTopic3, _QoS = 1),
-        ?assertEqual([{SendToTopic3, 1},{SendToTopic2, 1}],
-                     emqx_bridge_worker:get_subscriptions(Pid)),
-        {ok, ConnPid} = emqtt:start_link([{clientid, ClientId}]),
-        {ok, _Props} = emqtt:connect(ConnPid),
-        emqtt:subscribe(ConnPid, <<"forwarded/+/t_mqtt/one">>, 1),
-        %% message from a different client, to avoid getting terminated by no-local
-        Max = 10,
-        Msgs = lists:seq(1, Max),
-        lists:foreach(fun(I) ->
-                          {ok, _PacketId} = emqtt:publish(ConnPid, SendToTopic, integer_to_binary(I), ?QOS_1)
-                      end, Msgs),
-        ?assertEqual(10, length(receive_messages(200))),
+    Name = "mqtt",
+    Cfg = #{
+        name => Name,
+        forwards => [SendToTopic],
+        forward_mountpoint => Mountpoint,
+        start_type => auto,
+        config => #{
+            address => "127.0.0.1:1883",
+            conn_type => mqtt,
+            clientid => <<"client1">>,
+            keepalive => 300,
+            subscriptions => [#{topic => SendToTopic2, qos => 1}],
+            receive_mountpoint => <<"receive/aws/">>
+        },
+        queue => #{
+            replayq_dir => "data/t_mqtt/",
+            replayq_seg_bytes => 10000,
+            batch_bytes_limit => 1000,
+            batch_count_limit => 10
+        }
+    },
+    {ok, Pid} = emqx_bridge_mqtt_sup:create_bridge(Cfg),
+    ?assertEqual([{SendToTopic2, 1}], emqx_bridge_worker:get_subscriptions(Name)),
+    ok = emqx_bridge_worker:ensure_subscription_present(Name, SendToTopic3, _QoS = 1),
+    ?assertEqual([{SendToTopic3, 1},{SendToTopic2, 1}],
+                    emqx_bridge_worker:get_subscriptions(Name)),
+    {ok, ConnPid} = emqtt:start_link([{clientid, <<"client-1">>}]),
+    {ok, _Props} = emqtt:connect(ConnPid),
+    emqtt:subscribe(ConnPid, <<"forwarded/+/t_mqtt/one">>, 1),
+    %% message from a different client, to avoid getting terminated by no-local
+    Max = 10,
+    Msgs = lists:seq(1, Max),
+    lists:foreach(fun(I) ->
+                        {ok, _PacketId} = emqtt:publish(ConnPid, SendToTopic, integer_to_binary(I), ?QOS_1)
+                    end, Msgs),
+    ?assertEqual(10, length(receive_messages(200))),
 
-        emqtt:subscribe(ConnPid, <<"receive/aws/t_mqtt/two">>, 1),
-        %% message from a different client, to avoid getting terminated by no-local
-        Max = 10,
-        Msgs = lists:seq(1, Max),
-        lists:foreach(fun(I) ->
-                          {ok, _PacketId} = emqtt:publish(ConnPid, SendToTopic2, integer_to_binary(I), ?QOS_1)
-                      end, Msgs),
-        ?assertEqual(10, length(receive_messages(200))),
+    emqtt:subscribe(ConnPid, <<"receive/aws/t_mqtt/two">>, 1),
+    %% message from a different client, to avoid getting terminated by no-local
+    Max = 10,
+    Msgs = lists:seq(1, Max),
+    lists:foreach(fun(I) ->
+                        {ok, _PacketId} = emqtt:publish(ConnPid, SendToTopic2, integer_to_binary(I), ?QOS_1)
+                    end, Msgs),
+    ?assertEqual(10, length(receive_messages(200))),
 
-        emqtt:disconnect(ConnPid)
-    after
-        ok = emqx_bridge_worker:stop(Pid)
-    end.
+    emqtt:disconnect(ConnPid),
+    ok = emqx_bridge_worker:stop(Pid).
 
 t_stub_normal(Config) when is_list(Config) ->
-    Cfg = #{forwards => [<<"t_stub_normal/#">>],
-            connect_module => emqx_bridge_stub_conn,
-            forward_mountpoint => <<"forwarded">>,
-            start_type => auto,
+    Name = "stub_normal",
+    Cfg = #{
+        name => Name,
+        forwards => [<<"t_stub_normal/#">>],
+        forward_mountpoint => <<"forwarded">>,
+        start_type => auto,
+        config => #{
+            conn_type => emqx_bridge_stub_conn,
             client_pid => self()
-           },
-    {ok, Pid} = emqx_bridge_worker:start_link(?FUNCTION_NAME, Cfg),
+        }
+    },
+    {ok, Pid} = emqx_bridge_mqtt_sup:create_bridge(Cfg),
     receive
         {Pid, emqx_bridge_stub_conn, ready} -> ok
     after
         5000 ->
             error(timeout)
     end,
-    ClientId = <<"ClientId">>,
-    try
-        {ok, ConnPid} = emqtt:start_link([{clientid, ClientId}]),
-        {ok, _} = emqtt:connect(ConnPid),
-        {ok, _PacketId} = emqtt:publish(ConnPid, <<"t_stub_normal/one">>, <<"hello">>, ?QOS_1),
-        receive
-            {stub_message, WorkerPid, BatchRef, _Batch} ->
-                WorkerPid ! {batch_ack, BatchRef},
-                ok
-        after
-            5000 ->
-                error(timeout)
-        end,
-        ?SNK_WAIT(inflight_drained),
-        ?SNK_WAIT(replayq_drained),
-        emqtt:disconnect(ConnPid)
+    {ok, ConnPid} = emqtt:start_link([{clientid, <<"ClientId">>}]),
+    {ok, _} = emqtt:connect(ConnPid),
+    {ok, _PacketId} = emqtt:publish(ConnPid, <<"t_stub_normal/one">>, <<"hello">>, ?QOS_1),
+    receive
+        {stub_message, WorkerPid, BatchRef, _Batch} ->
+            WorkerPid ! {batch_ack, BatchRef},
+            ok
     after
-        ok = emqx_bridge_worker:stop(Pid)
-    end.
+        5000 ->
+            error(timeout)
+    end,
+    ?SNK_WAIT(inflight_drained),
+    ?SNK_WAIT(replayq_drained),
+    emqtt:disconnect(ConnPid),
+    ok = emqx_bridge_worker:stop(Pid).
 
-t_stub_overflow(Config) when is_list(Config) ->
+t_stub_overflow(_Config) ->
     Topic = <<"t_stub_overflow/one">>,
     MaxInflight = 20,
-    Cfg = #{forwards => [Topic],
-            connect_module => emqx_bridge_stub_conn,
-            forward_mountpoint => <<"forwarded">>,
-            start_type => auto,
-            client_pid => self(),
-            max_inflight => MaxInflight
-           },
-    {ok, Worker} = emqx_bridge_worker:start_link(?FUNCTION_NAME, Cfg),
-    ClientId = <<"ClientId">>,
-    try
-        {ok, ConnPid} = emqtt:start_link([{clientid, ClientId}]),
-        {ok, _} = emqtt:connect(ConnPid),
-        lists:foreach(
-          fun(I) ->
-                  Data = integer_to_binary(I),
-                  _ = emqtt:publish(ConnPid, Topic, Data, ?QOS_1)
-          end, lists:seq(1, MaxInflight * 2)),
-        ?SNK_WAIT(inflight_full),
-        Acks = stub_receive(MaxInflight),
-        lists:foreach(fun({Pid, Ref}) -> Pid ! {batch_ack, Ref} end, Acks),
-        Acks2 = stub_receive(MaxInflight),
-        lists:foreach(fun({Pid, Ref}) -> Pid ! {batch_ack, Ref} end, Acks2),
-        ?SNK_WAIT(inflight_drained),
-        ?SNK_WAIT(replayq_drained),
-        emqtt:disconnect(ConnPid)
-    after
-        ok = emqx_bridge_worker:stop(Worker)
-    end.
+    Name = "stub_overflow",
+    Cfg = #{
+        name => Name,
+        forwards => [<<"t_stub_overflow/one">>],
+        forward_mountpoint => <<"forwarded">>,
+        start_type => auto,
+        max_inflight => MaxInflight,
+        config => #{
+            conn_type => emqx_bridge_stub_conn,
+            client_pid => self()
+        }
+    },
+    {ok, Worker} = emqx_bridge_mqtt_sup:create_bridge(Cfg),
+    {ok, ConnPid} = emqtt:start_link([{clientid, <<"ClientId">>}]),
+    {ok, _} = emqtt:connect(ConnPid),
+    lists:foreach(
+        fun(I) ->
+                Data = integer_to_binary(I),
+                _ = emqtt:publish(ConnPid, Topic, Data, ?QOS_1)
+        end, lists:seq(1, MaxInflight * 2)),
+    ?SNK_WAIT(inflight_full),
+    Acks = stub_receive(MaxInflight),
+    lists:foreach(fun({Pid, Ref}) -> Pid ! {batch_ack, Ref} end, Acks),
+    Acks2 = stub_receive(MaxInflight),
+    lists:foreach(fun({Pid, Ref}) -> Pid ! {batch_ack, Ref} end, Acks2),
+    ?SNK_WAIT(inflight_drained),
+    ?SNK_WAIT(replayq_drained),
+    emqtt:disconnect(ConnPid),
+    ok = emqx_bridge_worker:stop(Worker).
 
-t_stub_random_order(Config) when is_list(Config) ->
+t_stub_random_order(_Config) ->
     Topic = <<"t_stub_random_order/a">>,
     MaxInflight = 10,
-    Cfg = #{forwards => [Topic],
-            connect_module => emqx_bridge_stub_conn,
-            forward_mountpoint => <<"forwarded">>,
-            start_type => auto,
-            client_pid => self(),
-            max_inflight => MaxInflight
-           },
-    {ok, Worker} = emqx_bridge_worker:start_link(?FUNCTION_NAME, Cfg),
+    Name = "stub_random_order",
+    Cfg = #{
+        name => Name,
+        forwards => [Topic],
+        forward_mountpoint => <<"forwarded">>,
+        start_type => auto,
+        max_inflight => MaxInflight,
+        config => #{
+            conn_type => emqx_bridge_stub_conn,
+            client_pid => self()
+        }
+    },
+    {ok, Worker} = emqx_bridge_mqtt_sup:create_bridge(Cfg),
     ClientId = <<"ClientId">>,
-    try
-        {ok, ConnPid} = emqtt:start_link([{clientid, ClientId}]),
-        {ok, _} = emqtt:connect(ConnPid),
-        lists:foreach(
-          fun(I) ->
-                  Data = integer_to_binary(I),
-                  _ = emqtt:publish(ConnPid, Topic, Data, ?QOS_1)
-          end, lists:seq(1, MaxInflight)),
-        Acks = stub_receive(MaxInflight),
-        lists:foreach(fun({Pid, Ref}) -> Pid ! {batch_ack, Ref} end,
-                      lists:reverse(Acks)),
-        ?SNK_WAIT(inflight_drained),
-        ?SNK_WAIT(replayq_drained),
-        emqtt:disconnect(ConnPid)
-    after
-        ok = emqx_bridge_worker:stop(Worker)
-    end.
+    {ok, ConnPid} = emqtt:start_link([{clientid, ClientId}]),
+    {ok, _} = emqtt:connect(ConnPid),
+    lists:foreach(
+        fun(I) ->
+                Data = integer_to_binary(I),
+                _ = emqtt:publish(ConnPid, Topic, Data, ?QOS_1)
+        end, lists:seq(1, MaxInflight)),
+    Acks = stub_receive(MaxInflight),
+    lists:foreach(fun({Pid, Ref}) -> Pid ! {batch_ack, Ref} end,
+                    lists:reverse(Acks)),
+    ?SNK_WAIT(inflight_drained),
+    ?SNK_WAIT(replayq_drained),
+    emqtt:disconnect(ConnPid),
+    ok = emqx_bridge_worker:stop(Worker).
 
-t_stub_retry_inflight(Config) when is_list(Config) ->
+t_stub_retry_inflight(_Config) ->
     Topic = <<"to_stub_retry_inflight/a">>,
     MaxInflight = 10,
-    Cfg = #{forwards => [Topic],
-            connect_module => emqx_bridge_stub_conn,
-            forward_mountpoint => <<"forwarded">>,
-            reconnect_delay_ms => 10,
-            start_type => auto,
-            client_pid => self(),
-            max_inflight => MaxInflight
-           },
-    {ok, Worker} = emqx_bridge_worker:start_link(?FUNCTION_NAME, Cfg),
+    Name = "stub_retry_inflight",
+    Cfg = #{
+        name => Name,
+        forwards => [Topic],
+        forward_mountpoint => <<"forwarded">>,
+        reconnect_interval => 10,
+        start_type => auto,
+        max_inflight => MaxInflight,
+        config => #{
+            conn_type => emqx_bridge_stub_conn,
+            client_pid => self()
+        }
+    },
+    {ok, Worker} = emqx_bridge_mqtt_sup:create_bridge(Cfg),
     ClientId = <<"ClientId2">>,
-    try
-        case ?block_until(#{?snk_kind := connected, inflight := 0}, 2000, 1000) of
-            {ok, #{inflight := 0}} -> ok;
-            Other -> ct:fail("~p", [Other])
-        end,
-        {ok, ConnPid} = emqtt:start_link([{clientid, ClientId}]),
-        {ok, _} = emqtt:connect(ConnPid),
-        lists:foreach(
-          fun(I) ->
-                  Data = integer_to_binary(I),
-                  _ = emqtt:publish(ConnPid, Topic, Data, ?QOS_1)
-          end, lists:seq(1, MaxInflight)),
-        %% receive acks but do not ack
-        Acks1 = stub_receive(MaxInflight),
-        ?assertEqual(MaxInflight, length(Acks1)),
-        %% simulate a disconnect
-        Worker ! {disconnected, self(), test},
-        ?SNK_WAIT(disconnected),
-        case ?block_until(#{?snk_kind := connected, inflight := MaxInflight}, 2000, 20) of
-            {ok, _} -> ok;
-            Error -> ct:fail("~p", [Error])
-        end,
-        %% expect worker to retry inflight, so to receive acks again
-        Acks2 = stub_receive(MaxInflight),
-        ?assertEqual(MaxInflight, length(Acks2)),
-        lists:foreach(fun({Pid, Ref}) -> Pid ! {batch_ack, Ref} end,
-                      lists:reverse(Acks2)),
-        ?SNK_WAIT(inflight_drained),
-        ?SNK_WAIT(replayq_drained),
-        emqtt:disconnect(ConnPid)
-    after
-        ok = emqx_bridge_worker:stop(Worker)
-    end.
+    case ?block_until(#{?snk_kind := connected, inflight := 0}, 2000, 1000) of
+        {ok, #{inflight := 0}} -> ok;
+        Other -> ct:fail("~p", [Other])
+    end,
+    {ok, ConnPid} = emqtt:start_link([{clientid, ClientId}]),
+    {ok, _} = emqtt:connect(ConnPid),
+    lists:foreach(
+        fun(I) ->
+                Data = integer_to_binary(I),
+                _ = emqtt:publish(ConnPid, Topic, Data, ?QOS_1)
+        end, lists:seq(1, MaxInflight)),
+    %% receive acks but do not ack
+    Acks1 = stub_receive(MaxInflight),
+    ?assertEqual(MaxInflight, length(Acks1)),
+    %% simulate a disconnect
+    Worker ! {disconnected, self(), test},
+    ?SNK_WAIT(disconnected),
+    case ?block_until(#{?snk_kind := connected, inflight := MaxInflight}, 2000, 20) of
+        {ok, _} -> ok;
+        Error -> ct:fail("~p", [Error])
+    end,
+    %% expect worker to retry inflight, so to receive acks again
+    Acks2 = stub_receive(MaxInflight),
+    ?assertEqual(MaxInflight, length(Acks2)),
+    lists:foreach(fun({Pid, Ref}) -> Pid ! {batch_ack, Ref} end,
+                    lists:reverse(Acks2)),
+    ?SNK_WAIT(inflight_drained),
+    ?SNK_WAIT(replayq_drained),
+    emqtt:disconnect(ConnPid),
+    ok = emqx_bridge_worker:stop(Worker).
 
 stub_receive(N) ->
     stub_receive(N, []).
diff --git a/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_tests.erl b/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_tests.erl
index 69ff87356..ffa2e9ee5 100644
--- a/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_tests.erl
+++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_worker_tests.erl
@@ -15,7 +15,6 @@
 %%--------------------------------------------------------------------
 
 -module(emqx_bridge_worker_tests).
--behaviour(emqx_bridge_connect).
 
 -include_lib("eunit/include/eunit.hrl").
 -include_lib("emqx/include/emqx.hrl").
@@ -69,14 +68,14 @@ disturbance_test() ->
     emqx_bridge_worker:register_metrics(),
     Ref = make_ref(),
     TestPid = self(),
-    Config = make_config(Ref, TestPid, {ok, #{client_pid =>  TestPid}}),
-    {ok, Pid} = emqx_bridge_worker:start_link(?BRIDGE_NAME, Config),
-    ?assertEqual(Pid, whereis(?BRIDGE_REG_NAME)),
+    Config = make_config(Ref, TestPid, {ok, #{client_pid => TestPid}}),
+    {ok, Pid} = emqx_bridge_worker:start_link(Config#{name => disturbance}),
+    ?assertEqual(Pid, whereis(emqx_bridge_worker_disturbance)),
     ?WAIT({connection_start_attempt, Ref}, 1000),
     Pid ! {disconnected, TestPid, test},
     ?WAIT({connection_start_attempt, Ref}, 1000),
     emqx_metrics:stop(),
-    ok = emqx_bridge_worker:stop(?BRIDGE_REG_NAME).
+    ok = emqx_bridge_worker:stop(Pid).
 
 % % %% buffer should continue taking in messages when disconnected
 % buffer_when_disconnected_test_() ->
@@ -113,22 +112,24 @@ manual_start_stop_test() ->
     emqx_bridge_worker:register_metrics(),
     Ref = make_ref(),
     TestPid = self(),
+    BridgeName = manual_start_stop,
     Config0 = make_config(Ref, TestPid, {ok, #{client_pid =>  TestPid}}),
     Config = Config0#{start_type := manual},
-    {ok, Pid} = emqx_bridge_worker:start_link(?BRIDGE_NAME, Config),
+    {ok, Pid} = emqx_bridge_worker:start_link(Config#{name => BridgeName}),
     %% call ensure_started again should yeld the same result
-    ok = emqx_bridge_worker:ensure_started(?BRIDGE_NAME),
-    ?assertEqual(Pid, whereis(?BRIDGE_REG_NAME)),
-    emqx_bridge_worker:ensure_stopped(unknown),
-    emqx_bridge_worker:ensure_stopped(Pid),
-    emqx_bridge_worker:ensure_stopped(?BRIDGE_REG_NAME),
-    emqx_metrics:stop().
+    ok = emqx_bridge_worker:ensure_started(BridgeName),
+    emqx_bridge_worker:ensure_stopped(BridgeName),
+    emqx_metrics:stop(),
+    ok = emqx_bridge_worker:stop(Pid).
 
 make_config(Ref, TestPid, Result) ->
-    #{test_pid => TestPid,
-      test_ref => Ref,
-      connect_module => ?MODULE,
-      reconnect_delay_ms => 50,
-      connect_result => Result,
-      start_type => auto
-     }.
+    #{
+        start_type => auto,
+        reconnect_interval => 50,
+        config => #{
+            test_pid => TestPid,
+            test_ref => Ref,
+            conn_type => ?MODULE,
+            connect_result => Result
+        }
+    }.
diff --git a/apps/emqx_rule_actions/src/emqx_bridge_mqtt_actions.erl b/apps/emqx_rule_actions/src/emqx_bridge_mqtt_actions.erl
index 3f685a72a..80f51d2cc 100644
--- a/apps/emqx_rule_actions/src/emqx_bridge_mqtt_actions.erl
+++ b/apps/emqx_rule_actions/src/emqx_bridge_mqtt_actions.erl
@@ -526,7 +526,7 @@ connect(Options = #{disk_cache := DiskCache, ecpool_worker_id := Id, pool_name :
             end
     end,
     Options2 = maps:without([ecpool_worker_id, pool_name, append], Options1),
-    emqx_bridge_worker:start_link(name(Pool, Id), Options2).
+    emqx_bridge_worker:start_link(Options2#{name => name(Pool, Id)}).
 name(Pool, Id) ->
     list_to_atom(atom_to_list(Pool) ++ ":" ++ integer_to_list(Id)).
 pool_name(ResId) ->
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
index d26d56abf..80a0c832c 100644
--- a/data/loaded_plugins.tmpl
+++ b/data/loaded_plugins.tmpl
@@ -2,4 +2,3 @@
 {emqx_dashboard, true}.
 {emqx_modules, {{enable_plugin_emqx_modules}}}.
 {emqx_retainer, {{enable_plugin_emqx_retainer}}}.
-{emqx_bridge_mqtt, {{enable_plugin_emqx_bridge_mqtt}}}.
diff --git a/rebar.config.erl b/rebar.config.erl
index ff66f746c..5d5d02d05 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -192,8 +192,7 @@ overlay_vars_rel(RelType) ->
                  cloud -> "vm.args";
                  edge -> "vm.args.edge"
              end,
-    [ {enable_plugin_emqx_bridge_mqtt, RelType =:= edge}
-    , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
+    [ {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
     , {enable_plugin_emqx_retainer, true}
     , {vm_args_file, VmArgs}
     ].
@@ -256,6 +255,7 @@ relx_apps(ReleaseType) ->
     , emqx_connector
     , emqx_data_bridge
     , emqx_rule_engine
+    , emqx_bridge_mqtt
     ]
     ++ [emqx_telemetry || not is_enterprise()]
     ++ [emqx_modules || not is_enterprise()]
@@ -282,7 +282,6 @@ relx_plugin_apps(ReleaseType) ->
     [ emqx_retainer
     , emqx_management
     , emqx_dashboard
-    , emqx_bridge_mqtt
     , emqx_sn
     , emqx_coap
     , emqx_stomp
@@ -375,6 +374,8 @@ emqx_etc_overlay_common() ->
      {"{{base_dir}}/lib/emqx_telemetry/etc/emqx_telemetry.conf", "etc/plugins/emqx_telemetry.conf"},
      {"{{base_dir}}/lib/emqx_authn/etc/emqx_authn.conf", "etc/plugins/emqx_authn.conf"},
      {"{{base_dir}}/lib/emqx_authz/etc/emqx_authz.conf", "etc/plugins/authz.conf"},
+     {"{{base_dir}}/lib/emqx_rule_engine/etc/emqx_rule_engine.conf", "etc/plugins/emqx_rule_engine.conf"},
+     {"{{base_dir}}/lib/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf", "etc/plugins/emqx_bridge_mqtt.conf"},
      %% TODO: check why it has to end with .paho
      %% and why it is put to etc/plugins dir
      {"{{base_dir}}/lib/emqx/etc/acl.conf.paho", "etc/plugins/acl.conf.paho"}].

From f2257cee33b936b9f30caeb7ca1b2a367071810f Mon Sep 17 00:00:00 2001
From: gaolihai <coder@gaolihai.local>
Date: Thu, 1 Jul 2021 12:26:38 +0800
Subject: [PATCH 140/174] docs(README): Modify invalid links

---
 README-CN.md | 2 +-
 README-JP.md | 2 +-
 README-RU.md | 2 +-
 README.md    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README-CN.md b/README-CN.md
index 2a9dcebf6..67f1b0ff5 100644
--- a/README-CN.md
+++ b/README-CN.md
@@ -145,7 +145,7 @@ DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 
 [MQTT Version 5.0](https://docs.oasis-open.org/mqtt/mqtt/v5.0/cs02/mqtt-v5.0-cs02.html)
 
-[MQTT SN](http://mqtt.org/new/wp-content/uploads/2009/06/MQTT-SN_spec_v1.2.pdf)
+[MQTT SN](https://www.oasis-open.org/committees/download.php/66091/MQTT-SN_spec_v1.2.pdf)
 
 ## 开源许可
 
diff --git a/README-JP.md b/README-JP.md
index 580a76268..a3e1f5130 100644
--- a/README-JP.md
+++ b/README-JP.md
@@ -125,7 +125,7 @@ DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 
 [MQTT Version 5.0](https://docs.oasis-open.org/mqtt/mqtt/v5.0/cs02/mqtt-v5.0-cs02.html)
 
-[MQTT SN](http://mqtt.org/new/wp-content/uploads/2009/06/MQTT-SN_spec_v1.2.pdf)
+[MQTT SN](https://www.oasis-open.org/committees/download.php/66091/MQTT-SN_spec_v1.2.pdf)
 
 ## License
 
diff --git a/README-RU.md b/README-RU.md
index 5001f3fd3..45f253f5b 100644
--- a/README-RU.md
+++ b/README-RU.md
@@ -135,7 +135,7 @@ DIALYZER_ANALYSE_APP=emqx_lwm2m,emqx_authz make dialyzer
 
 [MQTT Version 5.0](https://docs.oasis-open.org/mqtt/mqtt/v5.0/cs02/mqtt-v5.0-cs02.html)
 
-[MQTT SN](http://mqtt.org/new/wp-content/uploads/2009/06/MQTT-SN_spec_v1.2.pdf)
+[MQTT SN](https://www.oasis-open.org/committees/download.php/66091/MQTT-SN_spec_v1.2.pdf)
 
 ## Лицензия
 
diff --git a/README.md b/README.md
index f76d7ae0a..0f86fd188 100644
--- a/README.md
+++ b/README.md
@@ -134,7 +134,7 @@ You can read the mqtt protocol via the following links:
 
 [MQTT Version 5.0](https://docs.oasis-open.org/mqtt/mqtt/v5.0/cs02/mqtt-v5.0-cs02.html)
 
-[MQTT SN](http://mqtt.org/new/wp-content/uploads/2009/06/MQTT-SN_spec_v1.2.pdf)
+[MQTT SN](https://www.oasis-open.org/committees/download.php/66091/MQTT-SN_spec_v1.2.pdf)
 
 ## License
 

From 47ce507c07085951b229bf0c4c07baf8d1792a8b Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Thu, 1 Jul 2021 11:15:40 +0200
Subject: [PATCH 141/174] chore: disable auto assignee for github issues.

save tigercl
---
 .github/ISSUE_TEMPLATE/bug-report.md      | 1 -
 .github/ISSUE_TEMPLATE/feature-request.md | 1 -
 .github/ISSUE_TEMPLATE/support-needed.md  | 1 -
 3 files changed, 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md
index 0258866dd..96d193913 100644
--- a/.github/ISSUE_TEMPLATE/bug-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -3,7 +3,6 @@ name: Bug Report
 about: Create a report to help us improve
 title: ''
 labels: Support
-assignees: tigercl
 
 ---
 
diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md
index 67b1dfa82..0519e5699 100644
--- a/.github/ISSUE_TEMPLATE/feature-request.md
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@@ -3,7 +3,6 @@ name: Feature Request
 about: Suggest an idea for this project
 title: ''
 labels: Feature
-assignees: tigercl
 
 ---
 
diff --git a/.github/ISSUE_TEMPLATE/support-needed.md b/.github/ISSUE_TEMPLATE/support-needed.md
index 80b494077..18b47bfb5 100644
--- a/.github/ISSUE_TEMPLATE/support-needed.md
+++ b/.github/ISSUE_TEMPLATE/support-needed.md
@@ -3,7 +3,6 @@ name: Support Needed
 about: Asking a question about usages, docs or anything you're insterested in
 title: ''
 labels: Support
-assignees: tigercl
 
 ---
 

From bf4c31b745aa3438d3e31c5c37aac08e825cf6f1 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Thu, 1 Jul 2021 15:52:25 +0800
Subject: [PATCH 142/174] chore(authz): use atom key for hocon config

---
 apps/emqx_authz/etc/emqx_authz.conf           |   2 +-
 apps/emqx_authz/include/emqx_authz.hrl        |   2 +-
 apps/emqx_authz/src/emqx_authz.erl            | 105 +++++++++---------
 apps/emqx_authz/src/emqx_authz_api.erl        |   7 +-
 apps/emqx_authz/src/emqx_authz_mysql.erl      |  10 +-
 apps/emqx_authz/src/emqx_authz_pgsql.erl      |  10 +-
 apps/emqx_authz/src/emqx_authz_redis.erl      |  14 +--
 apps/emqx_authz/src/emqx_authz_schema.erl     |  34 +++---
 apps/emqx_authz/test/emqx_authz_SUITE.erl     | 103 ++++++++---------
 apps/emqx_authz/test/emqx_authz_api_SUITE.erl |   5 +-
 .../test/emqx_authz_mysql_SUITE.erl           |   8 +-
 .../test/emqx_authz_pgsql_SUITE.erl           |   8 +-
 .../test/emqx_authz_redis_SUITE.erl           |   8 +-
 13 files changed, 167 insertions(+), 149 deletions(-)

diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf
index b2575e6d6..89515592f 100644
--- a/apps/emqx_authz/etc/emqx_authz.conf
+++ b/apps/emqx_authz/etc/emqx_authz.conf
@@ -1,4 +1,4 @@
-authz:{
+emqx_authz:{
     rules: [
        # {
        #     type: mysql
diff --git a/apps/emqx_authz/include/emqx_authz.hrl b/apps/emqx_authz/include/emqx_authz.hrl
index ca595525d..9caf3d979 100644
--- a/apps/emqx_authz/include/emqx_authz.hrl
+++ b/apps/emqx_authz/include/emqx_authz.hrl
@@ -1,4 +1,4 @@
--type(rule() :: #{binary() => any()}).
+-type(rule() :: #{atom() => any()}).
 -type(rules() :: [rule()]).
 
 -define(APP, emqx_authz).
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index 337e3b043..9be9fdce8 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -38,16 +38,17 @@ init() ->
     ok = register_metrics(),
     Conf = filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'),
     {ok, RawConf} = hocon:load(Conf),
-    #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:check_plain(emqx_authz_schema, RawConf),
-    ok = application:set_env(?APP, rules, Rules),
+    #{emqx_authz := #{rules := Rules}} = hocon_schema:check_plain(emqx_authz_schema, RawConf, #{atom_key => true}),
+    emqx_config:put([emqx_authz], #{rules => Rules}),
+    % Rules = emqx_config:get([emqx_authz, rules], []),
     NRules = [compile(Rule) || Rule <- Rules],
     ok = emqx_hooks:add('client.authorize', {?MODULE, authorize, [NRules]},  -1).
 
 lookup() ->
-    application:get_env(?APP, rules, []).
+    emqx_config:get([emqx_authz, rules], []).
 
 update(Rules) ->
-    ok = application:set_env(?APP, rules, Rules),
+    emqx_config:put([emqx_authz], #{rules => Rules}),
     NRules = [compile(Rule) || Rule <- Rules],
     Action = find_action_in_hooks(),
     ok = emqx_hooks:del('client.authorize', Action),
@@ -63,12 +64,12 @@ find_action_in_hooks() ->
     [Action] = [Action || {callback,{?MODULE, authorize, _} = Action, _, _} <- Callbacks ],
     Action.
 
-create_resource(#{<<"type">> := DB,
-                  <<"config">> := Config
+create_resource(#{type := DB,
+                  config := Config
                  } = Rule) ->
     ResourceID = iolist_to_binary([io_lib:format("~s_~s",[?APP, DB]), "_", integer_to_list(erlang:system_time())]),
     NConfig = case DB of
-                  redis -> #{<<"config">> => Config };
+                  redis -> #{config => Config };
                   _ -> Config
               end,
     case emqx_resource:check_and_create(
@@ -77,63 +78,63 @@ create_resource(#{<<"type">> := DB,
             NConfig)
     of
         {ok, _} ->
-            Rule#{<<"resource_id">> => ResourceID};
+            Rule#{resource_id => ResourceID};
         {error, already_created} ->
-            Rule#{<<"resource_id">> => ResourceID};
+            Rule#{resource_id => ResourceID};
         {error, Reason} ->
             error({load_config_error, Reason})
     end.
 
 -spec(compile(rule()) -> rule()).
-compile(#{<<"topics">> := Topics,
-          <<"action">> := Action,
-          <<"permission">> := Permission,
-          <<"principal">> := Principal
+compile(#{topics := Topics,
+          action := Action,
+          permission := Permission,
+          principal := Principal
          } = Rule) when ?ALLOW_DENY(Permission), ?PUBSUB(Action), is_list(Topics) ->
     NTopics = [compile_topic(Topic) || Topic <- Topics],
-    Rule#{<<"principal">> => compile_principal(Principal),
-          <<"topics">> => NTopics
+    Rule#{principal => compile_principal(Principal),
+          topics => NTopics
          };
 
-compile(#{<<"principal">> := Principal,
-          <<"type">> := redis
+compile(#{principal := Principal,
+          type := redis
          } = Rule) ->
     NRule = create_resource(Rule),
-    NRule#{<<"principal">> => compile_principal(Principal)};
+    NRule#{principal => compile_principal(Principal)};
 
-compile(#{<<"principal">> := Principal,
-          <<"type">> := DB,
-          <<"sql">> := SQL
+compile(#{principal := Principal,
+          type := DB,
+          sql := SQL
          } = Rule) when DB =:= mysql;
                         DB =:= pgsql ->
     Mod = list_to_existing_atom(io_lib:format("~s_~s",[?APP, DB])),
     NRule = create_resource(Rule),
-    NRule#{<<"principal">> => compile_principal(Principal),
-           <<"sql">> => Mod:parse_query(SQL)
+    NRule#{principal => compile_principal(Principal),
+           sql => Mod:parse_query(SQL)
           }.
 
 compile_principal(all) -> all;
-compile_principal(#{<<"username">> := Username}) ->
+compile_principal(#{username := Username}) ->
     {ok, MP} = re:compile(bin(Username)),
-    #{<<"username">> => MP};
-compile_principal(#{<<"clientid">> := Clientid}) ->
+    #{username => MP};
+compile_principal(#{clientid := Clientid}) ->
     {ok, MP} = re:compile(bin(Clientid)),
-    #{<<"clientid">> => MP};
-compile_principal(#{<<"ipaddress">> := IpAddress}) ->
-    #{<<"ipaddress">> => esockd_cidr:parse(b2l(IpAddress), true)};
-compile_principal(#{<<"and">> := Principals}) when is_list(Principals) ->
-    #{<<"and">> => [compile_principal(Principal) || Principal <- Principals]};
-compile_principal(#{<<"or">> := Principals}) when is_list(Principals) ->
-    #{<<"or">> => [compile_principal(Principal) || Principal <- Principals]}.
+    #{clientid => MP};
+compile_principal(#{ipaddress := IpAddress}) ->
+    #{ipaddress => esockd_cidr:parse(b2l(IpAddress), true)};
+compile_principal(#{'and' := Principals}) when is_list(Principals) ->
+    #{'and' => [compile_principal(Principal) || Principal <- Principals]};
+compile_principal(#{'or' := Principals}) when is_list(Principals) ->
+    #{'or' => [compile_principal(Principal) || Principal <- Principals]}.
 
 compile_topic(<<"eq ", Topic/binary>>) ->
-    compile_topic(#{<<"eq">> => Topic});
-compile_topic(#{<<"eq">> := Topic}) ->
-    #{<<"eq">> => emqx_topic:words(bin(Topic))};
+    compile_topic(#{'eq' => Topic});
+compile_topic(#{'eq' := Topic}) ->
+    #{'eq' => emqx_topic:words(bin(Topic))};
 compile_topic(Topic) when is_binary(Topic)->
     Words = emqx_topic:words(bin(Topic)),
     case pattern(Words) of
-        true  -> #{<<"pattern">> => Words};
+        true  -> #{pattern => Words};
         false -> Words
     end.
 
@@ -173,8 +174,8 @@ authorize(#{username := Username,
     end.
 
 do_authorize(Client, PubSub, Topic,
-               [Connector = #{<<"principal">> := Principal,
-                              <<"type">> := DB} | Tail] ) ->
+               [Connector = #{principal := Principal,
+                              type := DB} | Tail] ) ->
     case match_principal(Client, Principal) of
         true ->
             Mod = list_to_existing_atom(io_lib:format("~s_~s",[emqx_authz, DB])),
@@ -185,7 +186,7 @@ do_authorize(Client, PubSub, Topic,
         false -> do_authorize(Client, PubSub, Topic, Tail)
     end;
 do_authorize(Client, PubSub, Topic,
-               [#{<<"permission">> := Permission} = Rule | Tail]) ->
+               [#{permission := Permission} = Rule | Tail]) ->
     case match(Client, PubSub, Topic, Rule) of
         true -> {matched, Permission};
         false -> do_authorize(Client, PubSub, Topic, Tail)
@@ -193,9 +194,9 @@ do_authorize(Client, PubSub, Topic,
 do_authorize(_Client, _PubSub, _Topic, []) -> nomatch.
 
 match(Client, PubSub, Topic,
-      #{<<"principal">> := Principal,
-        <<"topics">> := TopicFilters,
-        <<"action">> := Action
+      #{principal := Principal,
+        topics := TopicFilters,
+        action := Action
        }) ->
     match_action(PubSub, Action) andalso
     match_principal(Client, Principal) andalso
@@ -207,27 +208,27 @@ match_action(_, all) -> true;
 match_action(_, _) -> false.
 
 match_principal(_, all) -> true;
-match_principal(#{username := undefined}, #{<<"username">> := _MP}) ->
+match_principal(#{username := undefined}, #{username := _MP}) ->
     false;
-match_principal(#{username := Username}, #{<<"username">> := MP}) ->
+match_principal(#{username := Username}, #{username := MP}) ->
     case re:run(Username, MP) of
         {match, _} -> true;
         _ -> false
     end;
-match_principal(#{clientid := Clientid}, #{<<"clientid">> := MP}) ->
+match_principal(#{clientid := Clientid}, #{clientid := MP}) ->
     case re:run(Clientid, MP) of
         {match, _} -> true;
         _ -> false
     end;
-match_principal(#{peerhost := undefined}, #{<<"ipaddress">> := _CIDR}) ->
+match_principal(#{peerhost := undefined}, #{ipaddress := _CIDR}) ->
     false;
-match_principal(#{peerhost := IpAddress}, #{<<"ipaddress">> := CIDR}) ->
+match_principal(#{peerhost := IpAddress}, #{ipaddress := CIDR}) ->
     esockd_cidr:match(IpAddress, CIDR);
-match_principal(ClientInfo, #{<<"and">> := Principals}) when is_list(Principals) ->
+match_principal(ClientInfo, #{'and' := Principals}) when is_list(Principals) ->
     lists:foldl(fun(Principal, Permission) ->
                   match_principal(ClientInfo, Principal) andalso Permission
                 end, true, Principals);
-match_principal(ClientInfo, #{<<"or">> := Principals}) when is_list(Principals) ->
+match_principal(ClientInfo, #{'or' := Principals}) when is_list(Principals) ->
     lists:foldl(fun(Principal, Permission) ->
                   match_principal(ClientInfo, Principal) orelse Permission
                 end, false, Principals);
@@ -235,7 +236,7 @@ match_principal(_, _) -> false.
 
 match_topics(_ClientInfo, _Topic, []) ->
     false;
-match_topics(ClientInfo, Topic, [#{<<"pattern">> := PatternFilter}|Filters]) ->
+match_topics(ClientInfo, Topic, [#{pattern := PatternFilter}|Filters]) ->
     TopicFilter = feed_var(ClientInfo, PatternFilter),
     match_topic(emqx_topic:words(Topic), TopicFilter)
         orelse match_topics(ClientInfo, Topic, Filters);
@@ -243,7 +244,7 @@ match_topics(ClientInfo, Topic, [TopicFilter|Filters]) ->
    match_topic(emqx_topic:words(Topic), TopicFilter)
        orelse match_topics(ClientInfo, Topic, Filters).
 
-match_topic(Topic, #{<<"eq">> := TopicFilter}) ->
+match_topic(Topic, #{'eq' := TopicFilter}) ->
     Topic == TopicFilter;
 match_topic(Topic, TopicFilter) ->
     emqx_topic:match(Topic, TopicFilter).
diff --git a/apps/emqx_authz/src/emqx_authz_api.erl b/apps/emqx_authz/src/emqx_authz_api.erl
index 6b4ed6c74..08ff0a7d7 100644
--- a/apps/emqx_authz/src/emqx_authz_api.erl
+++ b/apps/emqx_authz/src/emqx_authz_api.erl
@@ -74,10 +74,9 @@ push_authz(_Bindings, Params) ->
 %%------------------------------------------------------------------------------
 
 get_rules(Params) ->
-    % #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:check_plain(emqx_authz_schema, #{<<"authz">> => Params}),
-    {ok, Conf} = hocon:binary(jsx:encode(#{<<"authz">> => Params}), #{format => richmap}),
-    CheckConf = hocon_schema:check(emqx_authz_schema, Conf),
-    #{<<"authz">> := #{<<"rules">> := Rules}} = hocon_schema:richmap_to_map(CheckConf),
+    {ok, Conf} = hocon:binary(jsx:encode(#{<<"emqx_authz">> => Params}), #{format => richmap}),
+    CheckConf = hocon_schema:check(emqx_authz_schema, Conf, #{atom_key => true}),
+    #{emqx_authz := #{rules := Rules}} = hocon_schema:richmap_to_map(CheckConf),
     Rules.
 
 %%--------------------------------------------------------------------
diff --git a/apps/emqx_authz/src/emqx_authz_mysql.erl b/apps/emqx_authz/src/emqx_authz_mysql.erl
index 6acb154fb..672954841 100644
--- a/apps/emqx_authz/src/emqx_authz_mysql.erl
+++ b/apps/emqx_authz/src/emqx_authz_mysql.erl
@@ -46,8 +46,8 @@ parse_query(Sql) ->
     end.
 
 authorize(Client, PubSub, Topic,
-            #{<<"resource_id">> := ResourceID,
-              <<"sql">> := {SQL, Params}
+            #{resource_id := ResourceID,
+              sql := {SQL, Params}
              }) ->
     case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of
         {ok, _Columns, []} -> nomatch;
@@ -87,12 +87,12 @@ match(Client, PubSub, Topic,
              <<"action">> => Action,
              <<"permission">> =>  Permission
             },
-    #{<<"simple_rule">> :=
-      #{<<"permission">> := NPermission} = NRule
+    #{simple_rule :=
+      #{permission := NPermission} = NRule
      } = hocon_schema:check_plain(
             emqx_authz_schema,
             #{<<"simple_rule">> => Rule},
-            #{},
+            #{atom_key => true},
             [simple_rule]),
     case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of
         true -> {matched, NPermission};
diff --git a/apps/emqx_authz/src/emqx_authz_pgsql.erl b/apps/emqx_authz/src/emqx_authz_pgsql.erl
index c7cebf1e2..fa24c5f5e 100644
--- a/apps/emqx_authz/src/emqx_authz_pgsql.erl
+++ b/apps/emqx_authz/src/emqx_authz_pgsql.erl
@@ -50,8 +50,8 @@ parse_query(Sql) ->
     end.
 
 authorize(Client, PubSub, Topic,
-            #{<<"resource_id">> := ResourceID,
-              <<"sql">> := {SQL, Params}
+            #{resource_id := ResourceID,
+              sql := {SQL, Params}
              }) ->
     case emqx_resource:query(ResourceID, {sql, SQL, replvar(Params, Client)}) of
         {ok, _Columns, []} -> nomatch;
@@ -91,12 +91,12 @@ match(Client, PubSub, Topic,
              <<"action">> => Action,
              <<"permission">> =>  Permission
             },
-    #{<<"simple_rule">> :=
-      #{<<"permission">> := NPermission} = NRule
+    #{simple_rule :=
+      #{permission := NPermission} = NRule
      } = hocon_schema:check_plain(
             emqx_authz_schema,
             #{<<"simple_rule">> => Rule},
-            #{},
+            #{atom_key => true},
             [simple_rule]),
     case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of
         true -> {matched, NPermission};
diff --git a/apps/emqx_authz/src/emqx_authz_redis.erl b/apps/emqx_authz/src/emqx_authz_redis.erl
index 1b99dc2ec..dc80d959c 100644
--- a/apps/emqx_authz/src/emqx_authz_redis.erl
+++ b/apps/emqx_authz/src/emqx_authz_redis.erl
@@ -34,8 +34,8 @@ description() ->
     "AuthZ with redis".
 
 authorize(Client, PubSub, Topic,
-            #{<<"resource_id">> := ResourceID,
-              <<"cmd">> := CMD 
+            #{resource_id := ResourceID,
+              cmd := CMD
              }) ->
     NCMD = string:tokens(replvar(CMD, Client), " "),
     case emqx_resource:query(ResourceID, {cmd, NCMD}) of
@@ -50,16 +50,16 @@ authorize(Client, PubSub, Topic,
 do_authorize(_Client, _PubSub, _Topic, []) ->
     nomatch;
 do_authorize(Client, PubSub, Topic, [TopicFilter, Action | Tail]) ->
-    case match(Client, PubSub, Topic, 
+    case match(Client, PubSub, Topic,
                #{topics => TopicFilter,
                  action => Action
-                }) 
+                })
     of
         {matched, Permission} -> {matched, Permission};
         nomatch -> do_authorize(Client, PubSub, Topic, Tail)
     end.
 
-match(Client, PubSub, Topic, 
+match(Client, PubSub, Topic,
       #{topics := TopicFilter,
         action := Action
        }) ->
@@ -68,11 +68,11 @@ match(Client, PubSub, Topic,
              <<"action">> => Action,
              <<"permission">> => allow
             },
-    #{<<"simple_rule">> := NRule
+    #{simple_rule := NRule
      } = hocon_schema:check_plain(
             emqx_authz_schema,
             #{<<"simple_rule">> => Rule},
-            #{},
+            #{atom_key => true},
             [simple_rule]),
     case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of
         true -> {matched, allow};
diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl
index 04d1b2268..5836eb12b 100644
--- a/apps/emqx_authz/src/emqx_authz_schema.erl
+++ b/apps/emqx_authz/src/emqx_authz_schema.erl
@@ -11,9 +11,9 @@
 
 -export([structs/0, fields/1]).
 
-structs() -> [authz].
+structs() -> ["emqx_authz"].
 
-fields(authz) ->
+fields("emqx_authz") ->
     [ {rules, rules()}
     ];
 fields(redis_connector) ->
@@ -39,7 +39,7 @@ fields(simple_rule) ->
     , {action,   #{type => action()}}
     , {topics,   #{type => union_array(
                              [ binary()
-                             , hoconsc:ref(eq_topic)
+                             , hoconsc:ref(?MODULE, eq_topic)
                              ]
                             )}}
     , {principal, principal()}
@@ -52,18 +52,18 @@ fields(ipaddress) ->
     [{ipaddress, #{type => string()}}];
 fields(andlist) ->
     [{'and', #{type => union_array(
-                         [ hoconsc:ref(username)
-                         , hoconsc:ref(clientid)
-                         , hoconsc:ref(ipaddress)
+                         [ hoconsc:ref(?MODULE, username)
+                         , hoconsc:ref(?MODULE, clientid)
+                         , hoconsc:ref(?MODULE, ipaddress)
                          ])
               }
      }
     ];
 fields(orlist) ->
     [{'or', #{type => union_array(
-                         [ hoconsc:ref(username)
-                         , hoconsc:ref(clientid)
-                         , hoconsc:ref(ipaddress)
+                         [ hoconsc:ref(?MODULE, username)
+                         , hoconsc:ref(?MODULE, clientid)
+                         , hoconsc:ref(?MODULE, ipaddress)
                          ])
               }
      }
@@ -81,9 +81,9 @@ union_array(Item) when is_list(Item) ->
 
 rules() -> 
     #{type => union_array(
-                [ hoconsc:ref(simple_rule)
-                , hoconsc:ref(sql_connector)
-                , hoconsc:ref(redis_connector)
+                [ hoconsc:ref(?MODULE, simple_rule)
+                , hoconsc:ref(?MODULE, sql_connector)
+                , hoconsc:ref(?MODULE, redis_connector)
                 ])
     }.
 
@@ -91,11 +91,11 @@ principal() ->
     #{default => all,
       type => hoconsc:union(
                 [ all
-                , hoconsc:ref(username)
-                , hoconsc:ref(clientid)
-                , hoconsc:ref(ipaddress)
-                , hoconsc:ref(andlist)
-                , hoconsc:ref(orlist)
+                , hoconsc:ref(?MODULE, username)
+                , hoconsc:ref(?MODULE, clientid)
+                , hoconsc:ref(?MODULE, ipaddress)
+                , hoconsc:ref(?MODULE, andlist)
+                , hoconsc:ref(?MODULE, orlist)
                 ])
      }.
 
diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl
index 93be27146..944053f4e 100644
--- a/apps/emqx_authz/test/emqx_authz_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl
@@ -43,41 +43,42 @@ set_special_configs(emqx) ->
 set_special_configs(emqx_authz) ->
     application:set_env(emqx, plugins_etc_dir,
                         emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"authz">> => #{<<"rules">> => []}},
+    Conf = #{<<"emqx_authz">> => #{<<"rules">> => []}},
     ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    % emqx_config:put([emqx_authz], #{rules => []}),
     ok;
 set_special_configs(_App) ->
     ok.
 
--define(RULE1, #{<<"principal">> => all,
-                 <<"topics">> => [<<"#">>],
-                 <<"action">> => all,
-                 <<"permission">> => deny}
+-define(RULE1, #{principal => all,
+                 topics => [<<"#">>],
+                 action => all,
+                 permission => deny}
        ).
--define(RULE2, #{<<"principal">> =>
-                    #{<<"ipaddress">> => <<"127.0.0.1">>},
-                 <<"topics">> =>
-                        [#{<<"eq">> => <<"#">>},
-                         #{<<"eq">> => <<"+">>}
+-define(RULE2, #{principal =>
+                    #{ipaddress => <<"127.0.0.1">>},
+                 topics =>
+                        [#{eq => <<"#">>},
+                         #{eq => <<"+">>}
                         ] ,
-                 <<"action">> => all,
-                 <<"permission">> => allow}
+                 action => all,
+                 permission => allow}
        ).
--define(RULE3,#{<<"principal">> => 
-                    #{<<"and">> => [#{<<"username">> => "^test?"},
-                                    #{<<"clientid">> => "^test?"}
+-define(RULE3,#{principal =>
+                    #{'and' => [#{username => "^test?"},
+                                    #{clientid => "^test?"}
                                    ]},
-                <<"topics">> => [<<"test">>],
-                <<"action">> => publish,
-                <<"permission">> => allow}
+                topics => [<<"test">>],
+                action => publish,
+                permission => allow}
        ).
--define(RULE4,#{<<"principal">> => 
-                    #{<<"or">> => [#{<<"username">> => <<"^test">>},
-                                   #{<<"clientid">> => <<"test?">>}
-                                  ]},
-                <<"topics">> => [<<"%u">>,<<"%c">>],
-                <<"action">> => publish,
-                <<"permission">> => deny}
+-define(RULE4,#{principal =>
+                    #{'or' => [#{username => <<"^test">>},
+                               #{clientid => <<"test?">>}
+                              ]},
+                topics => [<<"%u">>,<<"%c">>],
+                action => publish,
+                permission => deny}
        ).
 
 
@@ -85,39 +86,39 @@ set_special_configs(_App) ->
 %% Testcases
 %%------------------------------------------------------------------------------
 t_compile(_) ->
-    ?assertEqual(#{<<"permission">> => deny,
-                   <<"action">> => all,
-                   <<"principal">> => all,
-                   <<"topics">> => [['#']]
+    ?assertEqual(#{permission => deny,
+                   action => all,
+                   principal => all,
+                   topics => [['#']]
                   },emqx_authz:compile(?RULE1)),
-    ?assertEqual(#{<<"permission">> => allow,
-                   <<"action">> => all,
-                   <<"principal">> =>
-                        #{<<"ipaddress">> => {{127,0,0,1},{127,0,0,1},32}},
-                   <<"topics">> => [#{<<"eq">> => ['#']},
-                                    #{<<"eq">> => ['+']}]
+    ?assertEqual(#{permission => allow,
+                   action => all,
+                   principal =>
+                        #{ipaddress => {{127,0,0,1},{127,0,0,1},32}},
+                   topics => [#{eq => ['#']},
+                              #{eq => ['+']}]
                   }, emqx_authz:compile(?RULE2)),
     ?assertMatch(
-       #{<<"permission">> := allow,
-         <<"action">> := publish,
-         <<"principal">> := 
-                #{<<"and">> := [#{<<"username">> := {re_pattern, _, _, _, _}},
-                                #{<<"clientid">> := {re_pattern, _, _, _, _}}
-                               ]
+       #{permission := allow,
+         action := publish,
+         principal :=
+                #{'and' := [#{username := {re_pattern, _, _, _, _}},
+                            #{clientid := {re_pattern, _, _, _, _}}
+                           ]
                  },
-         <<"topics">> := [[<<"test">>]]
+         topics := [[<<"test">>]]
         }, emqx_authz:compile(?RULE3)),
     ?assertMatch(
-       #{<<"permission">> := deny,
-         <<"action">> := publish,
-         <<"principal">> :=
-                #{<<"or">> := [#{<<"username">> := {re_pattern, _, _, _, _}},
-                               #{<<"clientid">> := {re_pattern, _, _, _, _}}
-                              ]
+       #{permission := deny,
+         action := publish,
+         principal :=
+                #{'or' := [#{username := {re_pattern, _, _, _, _}},
+                           #{clientid := {re_pattern, _, _, _, _}}
+                          ]
                  },
-              <<"topics">> := [#{<<"pattern">> := [<<"%u">>]},
-                               #{<<"pattern">> := [<<"%c">>]}
-                              ]
+         topics := [#{pattern := [<<"%u">>]},
+                    #{pattern := [<<"%c">>]}
+                   ]
         }, emqx_authz:compile(?RULE4)),
     ok.
 
diff --git a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
index 4871e0d7f..59dac3d71 100644
--- a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
@@ -57,11 +57,10 @@ set_special_configs(emqx) ->
 set_special_configs(emqx_authz) ->
     application:set_env(emqx, plugins_etc_dir,
                         emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"authz">> => #{<<"rules">> => []}},
+    Conf = #{<<"emqx_authz">> => #{<<"rules">> => []}},
     ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
-
+    % emqx_config:put([emqx_authz], #{rules => []}),
     ok;
-
 set_special_configs(_App) ->
     ok.
 
diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
index 6ee229ec7..039d50383 100644
--- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
@@ -49,7 +49,7 @@ set_special_configs(emqx) ->
 set_special_configs(emqx_authz) ->
     application:set_env(emqx, plugins_etc_dir,
                         emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"authz">> =>
+    Conf = #{<<"emqx_authz">> =>
              #{<<"rules">> =>
                [#{<<"config">> =>#{<<"meck">> => <<"fake">>},
                   <<"principal">> => all,
@@ -57,6 +57,12 @@ set_special_configs(emqx_authz) ->
                   <<"type">> => mysql}
                ]}},
     ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    % Rules = [#{config =>#{<<"meck">> => <<"fake">>},
+    %            principal => all,
+    %            sql => <<"fake sql">>,
+    %            type => mysql}
+    %         ],
+    % emqx_config:put([emqx_authz], #{rules => Rules}),
     ok;
 set_special_configs(_App) ->
     ok.
diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
index 8fb9cd3e0..9dcdd7c18 100644
--- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
@@ -49,7 +49,7 @@ set_special_configs(emqx) ->
 set_special_configs(emqx_authz) ->
     application:set_env(emqx, plugins_etc_dir,
                         emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"authz">> =>
+    Conf = #{<<"emqx_authz">> =>
              #{<<"rules">> =>
                [#{<<"config">> =>#{<<"meck">> => <<"fake">>},
                   <<"principal">> => all,
@@ -57,6 +57,12 @@ set_special_configs(emqx_authz) ->
                   <<"type">> => pgsql}
                ]}},
     ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    % Rules = [#{config =>#{<<"meck">> => <<"fake">>},
+    %            principal => all,
+    %            sql => <<"fake sql">>,
+    %            type => pgsql}
+    %         ],
+    % emqx_config:put([emqx_authz], #{rules => Rules}),
     ok;
 set_special_configs(_App) ->
     ok.
diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
index a4045a9e4..8cb7a51b9 100644
--- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
@@ -49,7 +49,7 @@ set_special_configs(emqx) ->
 set_special_configs(emqx_authz) ->
     application:set_env(emqx, plugins_etc_dir,
                         emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"authz">> =>
+    Conf = #{<<"emqx_authz">> =>
              #{<<"rules">> =>
                [#{<<"config">> =>#{
                     <<"server">> => <<"127.0.0.1:6379">>,
@@ -63,6 +63,12 @@ set_special_configs(emqx_authz) ->
                   <<"type">> => redis}
                ]}},
     ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
+    % Rules = [#{config =>#{<<"meck">> => <<"fake">>},
+    %            principal => all,
+    %            cmd => <<"fake cmd">>,
+    %            type => redis}
+    %         ],
+    % emqx_config:put([emqx_authz], #{rules => Rules}),
     ok;
 set_special_configs(_App) ->
     ok.

From c094e5ddcce1f4c474f06b7d0a9892d3f7abdcef Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Thu, 1 Jul 2021 18:29:53 +0800
Subject: [PATCH 143/174] chore(ct): cancel needless apps ct

---
 scripts/find-apps.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/find-apps.sh b/scripts/find-apps.sh
index 47b71c7ca..54467b62b 100755
--- a/scripts/find-apps.sh
+++ b/scripts/find-apps.sh
@@ -7,7 +7,7 @@ cd -P -- "$(dirname -- "$0")/.."
 
 find_app() {
     local appdir="$1"
-    find "${appdir}" -mindepth 1 -maxdepth 1 -type d
+    find "${appdir}" -mindepth 1 -maxdepth 1 -type d | grep -vE "emqx_exhook|emqx_exproto|emqx_lwm2m|emqx_sn|emqx_coap|emqx_stomp"
 }
 
 find_app 'apps'

From c7e540f4f10ca99e53e0287f53ebe9674adfb273 Mon Sep 17 00:00:00 2001
From: turtleDeng <deng@emqx.io>
Date: Thu, 1 Jul 2021 20:08:13 +0800
Subject: [PATCH 144/174] feat(modules): Update the configuration file to hocon
 (#5151)

---
 apps/emqx_modules/etc/emqx_modules.conf       |  32 ++++
 apps/emqx_modules/priv/emqx_modules.schema    |   1 -
 .../src/emqx_mod_api_topic_metrics.erl        |   6 +-
 apps/emqx_modules/src/emqx_mod_presence.erl   |   2 +-
 apps/emqx_modules/src/emqx_mod_rewrite.erl    |  27 ++--
 .../src/emqx_mod_subscription.erl             |  65 --------
 apps/emqx_modules/src/emqx_mod_sup.erl        |   1 -
 apps/emqx_modules/src/emqx_modules.app.src    |   2 +-
 apps/emqx_modules/src/emqx_modules.appup.src  |  23 ---
 apps/emqx_modules/src/emqx_modules.erl        | 142 ++++++------------
 apps/emqx_modules/src/emqx_modules_api.erl    |  31 ++--
 apps/emqx_modules/src/emqx_modules_app.erl    |   3 -
 apps/emqx_modules/src/emqx_modules_schema.erl |  61 ++++++++
 .../test/emqx_mod_delayed_SUITE.erl           |   9 +-
 .../test/emqx_mod_presence_SUITE.erl          |   4 +-
 .../test/emqx_mod_rewrite_SUITE.erl           |  13 +-
 .../test/emqx_mod_subscription_SUITE.erl      |  92 ------------
 apps/emqx_modules/test/emqx_mod_sup_SUITE.erl |  49 ------
 apps/emqx_modules/test/emqx_modules_SUITE.erl |  48 +++---
 apps/emqx_telemetry/src/emqx_telemetry.erl    |   7 +-
 data/loaded_modules.tmpl                      |   2 -
 data/loaded_plugins.tmpl                      |   1 -
 rebar.config.erl                              |   8 +-
 23 files changed, 217 insertions(+), 412 deletions(-)
 delete mode 100644 apps/emqx_modules/priv/emqx_modules.schema
 delete mode 100644 apps/emqx_modules/src/emqx_mod_subscription.erl
 delete mode 100644 apps/emqx_modules/src/emqx_modules.appup.src
 create mode 100644 apps/emqx_modules/src/emqx_modules_schema.erl
 delete mode 100644 apps/emqx_modules/test/emqx_mod_subscription_SUITE.erl
 delete mode 100644 apps/emqx_modules/test/emqx_mod_sup_SUITE.erl
 delete mode 100644 data/loaded_modules.tmpl

diff --git a/apps/emqx_modules/etc/emqx_modules.conf b/apps/emqx_modules/etc/emqx_modules.conf
index 1bb8bf6d7..3f4681ec9 100644
--- a/apps/emqx_modules/etc/emqx_modules.conf
+++ b/apps/emqx_modules/etc/emqx_modules.conf
@@ -1 +1,33 @@
 # empty
+emqx_modules: {
+    modules:[
+        {
+            type: delayed
+            enable: false
+        },
+        {
+            type: presence
+            enable: true
+            qos: 1
+        },
+        {
+            type: recon
+            enable: true
+        },
+        {
+            type: rewrite
+            enable: false
+            rules:[{
+                action: publish
+                source_topic: "x/#"
+                re: "^x/y/(.+)$"
+                dest_topic: "z/y/$1"
+            }]
+        },
+        {
+            type: topic_metrics
+            enable: false
+            topics: ["topic/#"]
+        }
+    ]
+}
diff --git a/apps/emqx_modules/priv/emqx_modules.schema b/apps/emqx_modules/priv/emqx_modules.schema
deleted file mode 100644
index d7c52c644..000000000
--- a/apps/emqx_modules/priv/emqx_modules.schema
+++ /dev/null
@@ -1 +0,0 @@
-% empty
diff --git a/apps/emqx_modules/src/emqx_mod_api_topic_metrics.erl b/apps/emqx_modules/src/emqx_mod_api_topic_metrics.erl
index 5ccef4c6b..d78b3f18a 100644
--- a/apps/emqx_modules/src/emqx_mod_api_topic_metrics.erl
+++ b/apps/emqx_modules/src/emqx_mod_api_topic_metrics.erl
@@ -116,11 +116,7 @@ unregister(#{topic := Topic0}, _Params) ->
     end).
 
 execute_when_enabled(Fun) ->
-    Enabled = case emqx_modules:find_module(emqx_mod_topic_metrics) of
-                  [{_, false}] -> false;
-                  [{_, true}] -> true
-              end,
-    case Enabled of
+    case emqx_modules:find_module(topic_metrics) of
         true ->
             Fun();
         false ->
diff --git a/apps/emqx_modules/src/emqx_mod_presence.erl b/apps/emqx_modules/src/emqx_mod_presence.erl
index 7ba147c9a..738d1c892 100644
--- a/apps/emqx_modules/src/emqx_mod_presence.erl
+++ b/apps/emqx_modules/src/emqx_mod_presence.erl
@@ -117,7 +117,7 @@ topic(connected, ClientId) ->
 topic(disconnected, ClientId) ->
     emqx_topic:systop(iolist_to_binary(["clients/", ClientId, "/disconnected"])).
 
-qos(Env) -> proplists:get_value(qos, Env, 0).
+qos(Env) -> maps:get(qos, Env, 0).
 
 -compile({inline, [reason/1]}).
 reason(Reason) when is_atom(Reason) -> Reason;
diff --git a/apps/emqx_modules/src/emqx_mod_rewrite.erl b/apps/emqx_modules/src/emqx_mod_rewrite.erl
index c3a550692..e1ee6e1b6 100644
--- a/apps/emqx_modules/src/emqx_mod_rewrite.erl
+++ b/apps/emqx_modules/src/emqx_mod_rewrite.erl
@@ -43,8 +43,8 @@
 %% Load/Unload
 %%--------------------------------------------------------------------
 
-load(RawRules) ->
-    {PubRules, SubRules} = compile(RawRules),
+load(Env) ->
+    {PubRules, SubRules} = compile(maps:get(rules, Env, [])),
     emqx_hooks:put('client.subscribe',   {?MODULE, rewrite_subscribe, [SubRules]}),
     emqx_hooks:put('client.unsubscribe', {?MODULE, rewrite_unsubscribe, [SubRules]}),
     emqx_hooks:put('message.publish',    {?MODULE, rewrite_publish, [PubRules]}).
@@ -70,20 +70,23 @@ description() ->
 %%--------------------------------------------------------------------
 
 compile(Rules) ->
-    PubRules = [ begin
-                     {ok, MP} = re:compile(Re),
-                     {rewrite, Topic, MP, Dest}
-                 end || {rewrite, pub, Topic, Re, Dest}<- Rules ],
-    SubRules = [ begin
-                     {ok, MP} = re:compile(Re),
-                     {rewrite, Topic, MP, Dest}
-                 end || {rewrite, sub, Topic, Re, Dest}<- Rules ],
-    {PubRules, SubRules}.
+    lists:foldl(fun(#{source_topic := Topic,
+                      re := Re,
+                      dest_topic := Dest,
+                      action := Action}, {Acc1, Acc2}) ->
+        {ok, MP} = re:compile(Re),
+        case Action of
+            publish ->
+                {[{Topic, MP, Dest} | Acc1], Acc2};
+            subscribe ->
+                {Acc1, [{Topic, MP, Dest} | Acc2]}
+        end
+    end, {[], []}, Rules).
 
 match_and_rewrite(Topic, []) ->
     Topic;
 
-match_and_rewrite(Topic, [{rewrite, Filter, MP, Dest} | Rules]) ->
+match_and_rewrite(Topic, [{Filter, MP, Dest} | Rules]) ->
     case emqx_topic:match(Topic, Filter) of
         true  -> rewrite(Topic, MP, Dest);
         false -> match_and_rewrite(Topic, Rules)
diff --git a/apps/emqx_modules/src/emqx_mod_subscription.erl b/apps/emqx_modules/src/emqx_mod_subscription.erl
deleted file mode 100644
index 06178aee7..000000000
--- a/apps/emqx_modules/src/emqx_mod_subscription.erl
+++ /dev/null
@@ -1,65 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mod_subscription).
-
--behaviour(emqx_gen_mod).
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/emqx_mqtt.hrl").
-
-%% emqx_gen_mod callbacks
--export([ load/1
-        , unload/1
-        , description/0
-        ]).
-
-%% APIs
--export([on_client_connected/3]).
-
-%%--------------------------------------------------------------------
-%% Load/Unload Hook
-%%--------------------------------------------------------------------
-
-load(Topics) ->
-    emqx_hooks:add('client.connected', {?MODULE, on_client_connected, [Topics]}).
-
-on_client_connected(#{clientid := ClientId, username := Username}, _ConnInfo = #{proto_ver := ProtoVer}, Topics) ->
-    Replace = fun(Topic) ->
-                      rep(<<"%u">>, Username, rep(<<"%c">>, ClientId, Topic))
-              end,
-    TopicFilters =  case ProtoVer of
-        ?MQTT_PROTO_V5 -> [{Replace(Topic), SubOpts} || {Topic, SubOpts} <- Topics];
-        _ -> [{Replace(Topic), #{qos => Qos}} || {Topic, #{qos := Qos}} <- Topics]
-    end,
-    self() ! {subscribe, TopicFilters}.
-
-unload(_) ->
-    emqx_hooks:del('client.connected', {?MODULE, on_client_connected}).
-
-description() ->
-    "EMQ X Subscription Module".
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-rep(<<"%c">>, ClientId, Topic) ->
-    emqx_topic:feed_var(<<"%c">>, ClientId, Topic);
-rep(<<"%u">>, undefined, Topic) ->
-    Topic;
-rep(<<"%u">>, Username, Topic) ->
-    emqx_topic:feed_var(<<"%u">>, Username, Topic).
-
diff --git a/apps/emqx_modules/src/emqx_mod_sup.erl b/apps/emqx_modules/src/emqx_mod_sup.erl
index 755e52a60..c47d47a10 100644
--- a/apps/emqx_modules/src/emqx_mod_sup.erl
+++ b/apps/emqx_modules/src/emqx_mod_sup.erl
@@ -60,7 +60,6 @@ stop_child(ChildId) ->
 %%--------------------------------------------------------------------
 
 init([]) ->
-    ok = emqx_tables:new(emqx_modules, [set, public, {write_concurrency, true}]),
     {ok, {{one_for_one, 10, 100}, []}}.
 
 %%--------------------------------------------------------------------
diff --git a/apps/emqx_modules/src/emqx_modules.app.src b/apps/emqx_modules/src/emqx_modules.app.src
index 702652fc2..5d251abc9 100644
--- a/apps/emqx_modules/src/emqx_modules.app.src
+++ b/apps/emqx_modules/src/emqx_modules.app.src
@@ -1,6 +1,6 @@
 {application, emqx_modules,
  [{description, "EMQ X Module Management"},
-  {vsn, "4.3.2"},
+  {vsn, "5.0.0"},
   {modules, []},
   {applications, [kernel,stdlib]},
   {mod, {emqx_modules_app, []}},
diff --git a/apps/emqx_modules/src/emqx_modules.appup.src b/apps/emqx_modules/src/emqx_modules.appup.src
deleted file mode 100644
index aa997c453..000000000
--- a/apps/emqx_modules/src/emqx_modules.appup.src
+++ /dev/null
@@ -1,23 +0,0 @@
-%% -*-: erlang -*-
-{VSN,
-  [
-    {"4.3.1", [
-      {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}
-    ]},
-    {"4.3.0", [
-      {update, emqx_mod_delayed, {advanced, []}},
-      {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}
-    ]},
-    {<<".*">>, []}
-  ],
-  [
-    {"4.3.1", [
-      {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}
-    ]},
-    {"4.3.0", [
-      {update, emqx_mod_delayed, {advanced, []}},
-      {load_module, emqx_mod_api_topic_metrics, brutal_purge, soft_purge, []}
-    ]},
-    {<<".*">>, []}
-  ]
-}.
diff --git a/apps/emqx_modules/src/emqx_modules.erl b/apps/emqx_modules/src/emqx_modules.erl
index 262e700ab..6610a4716 100644
--- a/apps/emqx_modules/src/emqx_modules.erl
+++ b/apps/emqx_modules/src/emqx_modules.erl
@@ -22,12 +22,11 @@
 
 -export([ list/0
         , load/0
-        , load/1
+        , load/2
         , unload/0
         , unload/1
         , reload/1
         , find_module/1
-        , load_module/2
         ]).
 
 -export([cli/1]).
@@ -35,48 +34,51 @@
 %% @doc List all available plugins
 -spec(list() -> [{atom(), boolean()}]).
 list() ->
-    ets:tab2list(?MODULE).
+    persistent_term:get(?MODULE, []).
 
 %% @doc Load all the extended modules.
 -spec(load() -> ok).
 load() ->
-    case emqx:get_env(modules_loaded_file) of
-        undefined -> ok;
-        File ->
-            load_modules(File)
-    end.
+    Modules = emqx_config:get([emqx_modules, modules], []),
+    lists:foreach(fun(#{type := Module, enable := Enable} = Config) ->
+        case Enable of
+            true ->
+                load(name(Module), maps:without([type, enable], Config));
+            false ->
+                ok
+        end
+    end, Modules).
 
-load(ModuleName) ->
+load(Module, Env) ->
+    ModuleName = name(Module),
     case find_module(ModuleName) of
-        [] ->
-            ?LOG(alert, "Module ~s not found, cannot load it", [ModuleName]),
-            {error, not_found};
-        [{ModuleName, true}] ->
+        false ->
+            load_mod(ModuleName, Env);
+        true ->
             ?LOG(notice, "Module ~s is already started", [ModuleName]),
-            {error, already_started};
-        [{ModuleName, false}] ->
-            emqx_modules:load_module(ModuleName, true)
+            {error, already_started}
     end.
 
 %% @doc Unload all the extended modules.
 -spec(unload() -> ok).
 unload() ->
-    case emqx:get_env(modules_loaded_file) of
-        undefined -> ignore;
-        File ->
-            unload_modules(File)
-    end.
+    Modules = emqx_config:get([emqx_modules, modules], []),
+    lists:foreach(fun(#{type := Module, enable := Enable}) ->
+        case Enable of
+            true ->
+                unload_mod(name(Module));
+            false ->
+                ok
+        end
+    end, Modules).
 
 unload(ModuleName) ->
     case find_module(ModuleName) of
-        [] ->
+        false ->
             ?LOG(alert, "Module ~s not found, cannot load it", [ModuleName]),
-            {error, not_found};
-        [{ModuleName, false}] ->
-            ?LOG(error, "Module ~s is not started", [ModuleName]),
             {error, not_started};
-        [{ModuleName, true}] ->
-            unload_module(ModuleName, true)
+        true ->
+            unload_mod(ModuleName)
     end.
 
 -spec(reload(module()) -> ok | ignore | {error, any()}).
@@ -84,94 +86,39 @@ reload(_) ->
     ignore.
 
 find_module(ModuleName) ->
-    ets:lookup(?MODULE, ModuleName).
+    lists:member(ModuleName, persistent_term:get(?MODULE, [])).
 
-filter_module(ModuleNames) ->
-    filter_module(ModuleNames, emqx:get_env(modules, [])).
-filter_module([], Acc) ->
-    Acc;
-filter_module([{ModuleName, true} | ModuleNames], Acc) ->
-    filter_module(ModuleNames, lists:keydelete(ModuleName, 1, Acc));
-filter_module([{_, false} | ModuleNames], Acc) ->
-    filter_module(ModuleNames, Acc).
-
-load_modules(File) ->
-    case file:consult(File) of
-        {ok, ModuleNames} ->
-            lists:foreach(fun({ModuleName, _}) ->
-                ets:insert(?MODULE, {ModuleName, false})
-            end, filter_module(ModuleNames)),
-            lists:foreach(fun load_module/1, ModuleNames);
-        {error, Error} ->
-            ?LOG(alert, "Failed to read: ~p, error: ~p", [File, Error])
-    end.
-
-load_module({ModuleName, true}) ->
-    emqx_modules:load_module(ModuleName, false);
-load_module({ModuleName, false}) ->
-    ets:insert(?MODULE, {ModuleName, false});
-load_module(ModuleName) ->
-    load_module({ModuleName, true}).
-
-load_module(ModuleName, Persistent) ->
-    Modules = emqx:get_env(modules, []),
-    Env = proplists:get_value(ModuleName, Modules, undefined),
+load_mod(ModuleName, Env) ->
     case ModuleName:load(Env) of
         ok ->
-            ets:insert(?MODULE, {ModuleName, true}),
-            ok = write_loaded(Persistent),
+            Modules = persistent_term:get(?MODULE, []),
+            persistent_term:put(?MODULE, [ModuleName| Modules]),
             ?LOG(info, "Load ~s module successfully.", [ModuleName]);
         {error, Error} ->
             ?LOG(error, "Load module ~s failed, cannot load for ~0p", [ModuleName, Error]),
             {error, Error}
     end.
 
-unload_modules(File) ->
-    case file:consult(File) of
-        {ok, ModuleNames} ->
-            lists:foreach(fun unload_module/1, ModuleNames);
-        {error, Error} ->
-            ?LOG(alert, "Failed to read: ~p, error: ~p", [File, Error])
-    end.
-unload_module({ModuleName, true}) ->
-    unload_module(ModuleName, false);
-unload_module({ModuleName, false}) ->
-    ets:insert(?MODULE, {ModuleName, false});
-unload_module(ModuleName) ->
-    unload_module({ModuleName, true}).
-
-unload_module(ModuleName, Persistent) ->
-    Modules = emqx:get_env(modules, []),
-    Env = proplists:get_value(ModuleName, Modules, undefined),
-    case ModuleName:unload(Env) of
+unload_mod(ModuleName) ->
+    case ModuleName:unload(#{}) of
         ok ->
-            ets:insert(?MODULE, {ModuleName, false}),
-            ok = write_loaded(Persistent),
+            Modules = persistent_term:get(?MODULE, []),
+            persistent_term:put(?MODULE, Modules -- [ModuleName]),
             ?LOG(info, "Unload ~s module successfully.", [ModuleName]);
         {error, Error} ->
             ?LOG(error, "Unload module ~s failed, cannot unload for ~0p", [ModuleName, Error])
     end.
 
-write_loaded(true) ->
-    FilePath = emqx:get_env(modules_loaded_file),
-    case file:write_file(FilePath, [io_lib:format("~p.~n", [Name]) || Name <- list()]) of
-        ok -> ok;
-        {error, Error} ->
-            ?LOG(error, "Write File ~p Error: ~p", [FilePath, Error]),
-            ok
-    end;
-write_loaded(false) -> ok.
-
 %%--------------------------------------------------------------------
 %% @doc Modules Command
 cli(["list"]) ->
-    lists:foreach(fun({Name, Active}) -> 
-                    emqx_ctl:print("Module(~s, description=~s, active=~s)~n",
-                        [Name, Name:description(), Active])
+    lists:foreach(fun(Name) ->
+                    emqx_ctl:print("Module(~s, description=~s)~n",
+                        [Name, Name:description()])
                   end, emqx_modules:list());
 
 cli(["load", Name]) ->
-    case emqx_modules:load(list_to_atom(Name)) of
+    case emqx_modules:load(list_to_atom(Name), #{}) of
         ok ->
             emqx_ctl:print("Module ~s loaded successfully.~n", [Name]);
         {error, Reason}   ->
@@ -195,3 +142,10 @@ cli(_) ->
                     {"modules unload <Module>", "Unload module"},
                     {"modules reload <Module>", "Reload module"}
                    ]).
+
+name(delayed) -> emqx_mod_delayed;
+name(presence) -> emqx_mod_presence;
+name(recon) -> emqx_mod_recon;
+name(rewrite) -> emqx_mod_rewrite;
+name(topic_metrics) -> emqx_mod_topic_metrics;
+name(Name) -> Name.
diff --git a/apps/emqx_modules/src/emqx_modules_api.erl b/apps/emqx_modules/src/emqx_modules_api.erl
index 3490c116c..3a4b05fd0 100644
--- a/apps/emqx_modules/src/emqx_modules_api.erl
+++ b/apps/emqx_modules/src/emqx_modules_api.erl
@@ -73,7 +73,7 @@
         , reload/2
         ]).
 
--export([ do_load_module/2
+-export([ do_load_module/3
         , do_unload_module/2
         ]).
 
@@ -83,11 +83,11 @@ list(#{node := Node}, _Params) ->
 list(_Bindings, _Params) ->
     return({ok, [format(Node, Modules) || {Node, Modules} <- list_modules()]}).
 
-load(#{node := Node, module := Module}, _Params) ->
-    return(do_load_module(Node, Module));
+load(#{node := Node, module := Module}, Params) ->
+    return(do_load_module(Node, Module, Params));
 
-load(#{module := Module}, _Params) ->
-    Results = [do_load_module(Node, Module) || Node <- ekka_mnesia:running_nodes()],
+load(#{module := Module}, Params) ->
+    Results = [do_load_module(Node, Module, Params) || Node <- ekka_mnesia:running_nodes()],
     case lists:filter(fun(Item) -> Item =/= ok end, Results) of
         [] ->
             return(ok);
@@ -129,10 +129,9 @@ reload(#{module := Module}, _Params) ->
 format(Node, Modules) ->
     #{node => Node, modules => [format(Module) || Module <- Modules]}.
 
-format({Name, Active}) ->
-    #{name => Name,
-      description => iolist_to_binary(Name:description()),
-      active => Active}.
+format(Name) ->
+    #{name => name(Name),
+      description => iolist_to_binary(Name:description())}.
 
 list_modules() ->
     [{Node, list_modules(Node)} || Node <- ekka_mnesia:running_nodes()].
@@ -142,10 +141,10 @@ list_modules(Node) when Node =:= node() ->
 list_modules(Node) ->
     rpc_call(Node, list_modules, [Node]).
 
-do_load_module(Node, Module) when Node =:= node() ->
-    emqx_modules:load(Module);
-do_load_module(Node, Module) ->
-    rpc_call(Node, do_load_module, [Node, Module]).
+do_load_module(Node, Module, Env) when Node =:= node() ->
+    emqx_modules:load(Module, Env);
+do_load_module(Node, Module, Env) ->
+    rpc_call(Node, do_load_module, [Node, Module, Env]).
 
 do_unload_module(Node, Module) when Node =:= node() ->
     emqx_modules:unload(Module);
@@ -162,3 +161,9 @@ rpc_call(Node, Fun, Args) ->
         {badrpc, Reason} -> {error, Reason};
         Res -> Res
     end.
+
+name(emqx_mod_delayed) -> delayed;
+name(emqx_mod_presence) -> presence;
+name(emqx_mod_recon) -> recon;
+name(emqx_mod_rewrite) -> rewrite;
+name(emqx_mod_topic_metrics) -> topic_metrics.
diff --git a/apps/emqx_modules/src/emqx_modules_app.erl b/apps/emqx_modules/src/emqx_modules_app.erl
index a10176829..33f18459e 100644
--- a/apps/emqx_modules/src/emqx_modules_app.erl
+++ b/apps/emqx_modules/src/emqx_modules_app.erl
@@ -23,9 +23,6 @@
 -export([stop/1]).
 
 start(_Type, _Args) ->
-    % the configs for emqx_modules is so far still in emqx application
-    % Ensure it's loaded
-    _ = application:load(emqx),
     {ok, Pid} = emqx_mod_sup:start_link(),
     ok = emqx_modules:load(),
     emqx_ctl:register_command(modules, {emqx_modules, cli}, []),
diff --git a/apps/emqx_modules/src/emqx_modules_schema.erl b/apps/emqx_modules/src/emqx_modules_schema.erl
new file mode 100644
index 000000000..e7b26b7de
--- /dev/null
+++ b/apps/emqx_modules/src/emqx_modules_schema.erl
@@ -0,0 +1,61 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_modules_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+        , fields/1]).
+
+structs() -> ["emqx_modules"].
+
+fields("emqx_modules") ->
+    [{modules, hoconsc:array(hoconsc:union([ hoconsc:ref(?MODULE, "common")
+                                           , hoconsc:ref(?MODULE, "presence")
+                                           , hoconsc:ref(?MODULE, "rewrite")
+                                           , hoconsc:ref(?MODULE, "topic_metrics")
+                                           ]))}];
+fields("common") ->
+    [ {type, hoconsc:enum([delayed, recon])}
+    , {enable, emqx_schema:t(boolean(), undefined, false)}
+    ];
+
+fields("presence") ->
+    [ {type, hoconsc:enum([presence])}
+    , {enable, emqx_schema:t(boolean(), undefined, false)}
+    , {qos, emqx_schema:t(integer(), undefined, 1)}
+    ];
+fields("rewrite") ->
+    [ {type, hoconsc:enum([rewrite])}
+    , {enable, emqx_schema:t(boolean(), undefined, false)}
+    , {rules, hoconsc:array(hoconsc:ref(?MODULE, "rules"))}
+    ];
+
+fields("topic_metrics") ->
+    [ {type, hoconsc:enum([topic_metrics])}
+    , {enable, emqx_schema:t(boolean(), undefined, false)}
+    , {topics, hoconsc:array(binary())}
+    ];
+
+fields("rules") ->
+    [ {action, hoconsc:enum([publish, subscribe])}
+    , {source_topic, emqx_schema:t(binary())}
+    , {re, emqx_schema:t(binary())}
+    , {dest_topic, emqx_schema:t(binary())}
+    ].
diff --git a/apps/emqx_modules/test/emqx_mod_delayed_SUITE.erl b/apps/emqx_modules/test/emqx_mod_delayed_SUITE.erl
index fcd73bb61..2cd1107f6 100644
--- a/apps/emqx_modules/test/emqx_mod_delayed_SUITE.erl
+++ b/apps/emqx_modules/test/emqx_mod_delayed_SUITE.erl
@@ -35,19 +35,12 @@ all() ->
     emqx_ct:all(?MODULE).
 
 init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_modules], fun set_special_configs/1),
+    emqx_ct_helpers:start_apps([emqx_modules]),
     Config.
 
 end_per_suite(_) ->
     emqx_ct_helpers:stop_apps([emqx_modules]).
 
-set_special_configs(emqx) ->
-    application:set_env(emqx, modules, [{emqx_mod_delayed, []}]),
-    application:set_env(emqx, allow_anonymous, false),
-    application:set_env(emqx, enable_acl_cache, false);
-set_special_configs(_App) ->
-    ok.
-
 %%--------------------------------------------------------------------
 %% Test cases
 %%--------------------------------------------------------------------
diff --git a/apps/emqx_modules/test/emqx_mod_presence_SUITE.erl b/apps/emqx_modules/test/emqx_mod_presence_SUITE.erl
index fafcc3c2f..e02fa6fdd 100644
--- a/apps/emqx_modules/test/emqx_mod_presence_SUITE.erl
+++ b/apps/emqx_modules/test/emqx_mod_presence_SUITE.erl
@@ -36,7 +36,7 @@ end_per_suite(_Config) ->
 
 %% Test case for emqx_mod_presence
 t_mod_presence(_) ->
-    ok = emqx_mod_presence:load([{qos, ?QOS_1}]),
+    ok = emqx_mod_presence:load(#{qos => ?QOS_1}),
     {ok, C1} = emqtt:start_link([{clientid, <<"monsys">>}]),
     {ok, _} = emqtt:connect(C1),
     {ok, _Props, [?QOS_1]} = emqtt:subscribe(C1, <<"$SYS/brokers/+/clients/#">>, qos1),
@@ -49,7 +49,7 @@ t_mod_presence(_) ->
     ok = emqtt:disconnect(C2),
     ok = recv_and_check_presence(<<"clientid">>, <<"disconnected">>),
     ok = emqtt:disconnect(C1),
-    ok = emqx_mod_presence:unload([{qos, ?QOS_1}]).
+    ok = emqx_mod_presence:unload([]).
 
 t_mod_presence_reason(_) ->
     ?assertEqual(normal, emqx_mod_presence:reason(normal)),
diff --git a/apps/emqx_modules/test/emqx_mod_rewrite_SUITE.erl b/apps/emqx_modules/test/emqx_mod_rewrite_SUITE.erl
index 997eff1c2..9b94cba8c 100644
--- a/apps/emqx_modules/test/emqx_mod_rewrite_SUITE.erl
+++ b/apps/emqx_modules/test/emqx_mod_rewrite_SUITE.erl
@@ -22,8 +22,15 @@
 -include_lib("emqx/include/emqx_mqtt.hrl").
 -include_lib("eunit/include/eunit.hrl").
 
--define(RULES, [{rewrite, pub, <<"x/#">>,<<"^x/y/(.+)$">>,<<"z/y/$1">>},
-                {rewrite, sub, <<"y/+/z/#">>,<<"^y/(.+)/z/(.+)$">>,<<"y/z/$2">>}
+-define(RULES, [#{action => publish,
+                  source_topic => <<"x/#">>,
+                  re => <<"^x/y/(.+)$">>,
+                  dest_topic => <<"z/y/$1">>
+                },
+                #{action => subscribe,
+                  source_topic => <<"y/+/z/#">>,
+                  re => <<"^y/(.+)/z/(.+)$">>,
+                  dest_topic => <<"y/z/$2">>}
                ]).
 
 all() -> emqx_ct:all(?MODULE).
@@ -40,7 +47,7 @@ end_per_suite(_Config) ->
 
 %% Test case for emqx_mod_write
 t_mod_rewrite(_Config) ->
-    ok = emqx_mod_rewrite:load(?RULES),
+    ok = emqx_mod_rewrite:load(#{rules => ?RULES}),
     {ok, C} = emqtt:start_link([{clientid, <<"rewrite_client">>}]),
     {ok, _} = emqtt:connect(C),
     PubOrigTopics = [<<"x/y/2">>, <<"x/1/2">>],
diff --git a/apps/emqx_modules/test/emqx_mod_subscription_SUITE.erl b/apps/emqx_modules/test/emqx_mod_subscription_SUITE.erl
deleted file mode 100644
index c2905754b..000000000
--- a/apps/emqx_modules/test/emqx_mod_subscription_SUITE.erl
+++ /dev/null
@@ -1,92 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mod_subscription_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("emqx/include/emqx_mqtt.hrl").
--include_lib("eunit/include/eunit.hrl").
-
-all() -> emqx_ct:all(?MODULE).
-
-init_per_suite(Config) ->
-    emqx_ct_helpers:boot_modules(all),
-    emqx_ct_helpers:start_apps([]),
-    Config.
-
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([]).
-
-t_on_client_connected(_) ->
-    ?assertEqual(ok, emqx_mod_subscription:load([{<<"connected/%c/%u">>, #{qos => ?QOS_0}}])),
-    {ok, C} = emqtt:start_link([{host, "localhost"},
-                            {clientid, "myclient"},
-                            {username, "admin"}]),
-    {ok, _} = emqtt:connect(C),
-    emqtt:publish(C, <<"connected/myclient/admin">>, <<"Hello world">>, ?QOS_0),
-    {ok, #{topic := Topic, payload := Payload}} = receive_publish(100),
-    ?assertEqual(<<"connected/myclient/admin">>, Topic),
-    ?assertEqual(<<"Hello world">>, Payload),
-    ok = emqtt:disconnect(C),
-    ?assertEqual(ok, emqx_mod_subscription:unload([{<<"connected/%c/%u">>, #{qos => ?QOS_0}}])).
-
-t_on_undefined_client_connected(_) ->
-    ?assertEqual(ok, emqx_mod_subscription:load([{<<"connected/undefined">>, #{qos => ?QOS_1}}])),
-    {ok, C} = emqtt:start_link([{host, "localhost"}]),
-    {ok, _} = emqtt:connect(C),
-    emqtt:publish(C, <<"connected/undefined">>, <<"Hello world">>, ?QOS_1),
-    {ok, #{topic := Topic, payload := Payload}} = receive_publish(100),
-    ?assertEqual(<<"connected/undefined">>, Topic),
-    ?assertEqual(<<"Hello world">>, Payload),
-    ok = emqtt:disconnect(C),
-    ?assertEqual(ok, emqx_mod_subscription:unload([{<<"connected/undefined">>, #{qos => ?QOS_1}}])).
-
-t_suboption(_) ->
-    Client_info = fun(Key, Client) -> maps:get(Key, maps:from_list(emqtt:info(Client)), undefined) end,
-    Suboption = #{qos => ?QOS_2, nl => 1, rap => 1, rh => 2},
-    ?assertEqual(ok, emqx_mod_subscription:load([{<<"connected/%c/%u">>, Suboption}])),
-    {ok, C1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(C1),
-    timer:sleep(200),
-    [CPid1] = emqx_cm:lookup_channels(Client_info(clientid, C1)),
-    [ Sub1 | _ ] =  ets:lookup(emqx_subscription,CPid1),
-    [ Suboption1 | _ ] = ets:lookup(emqx_suboption,Sub1),
-    ?assertMatch({Sub1, #{qos := 2, nl := 1, rap := 1, rh := 2, subid := _}}, Suboption1),
-    ok = emqtt:disconnect(C1),
-    %% The subscription option is not valid for MQTT V3.1.1
-    {ok, C2} = emqtt:start_link([{proto_ver, v4}]),
-    {ok, _} = emqtt:connect(C2),
-    timer:sleep(200),
-    [CPid2] = emqx_cm:lookup_channels(Client_info(clientid, C2)),
-    [ Sub2 | _ ] =  ets:lookup(emqx_subscription,CPid2),
-    [ Suboption2 | _ ] = ets:lookup(emqx_suboption,Sub2),
-    ok = emqtt:disconnect(C2),
-    ?assertMatch({Sub2, #{qos := 2, nl := 0, rap := 0, rh := 0, subid := _}}, Suboption2),
-
-    ?assertEqual(ok, emqx_mod_subscription:unload([{<<"connected/undefined">>, Suboption}])).
-
-%%--------------------------------------------------------------------
-%% Internal functions
-%%--------------------------------------------------------------------
-
-receive_publish(Timeout) ->
-    receive
-        {publish, Publish} -> {ok, Publish}
-    after
-        Timeout -> {error, timeout}
-    end.
diff --git a/apps/emqx_modules/test/emqx_mod_sup_SUITE.erl b/apps/emqx_modules/test/emqx_mod_sup_SUITE.erl
deleted file mode 100644
index 59d0ffde2..000000000
--- a/apps/emqx_modules/test/emqx_mod_sup_SUITE.erl
+++ /dev/null
@@ -1,49 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_mod_sup_SUITE).
-
--compile(export_all).
--compile(nowarn_export_all).
-
--include_lib("eunit/include/eunit.hrl").
-
-all() -> emqx_ct:all(?MODULE).
-
-%%--------------------------------------------------------------------
-%% Test cases
-%%--------------------------------------------------------------------
-
-t_start(_) ->
-    ?assertEqual([], supervisor:which_children(emqx_mod_sup)).
-
-t_start_child(_) ->
-    %% Set the emqx_mod_sup child with emqx_hooks for test
-    Mod = emqx_hooks,
-    Spec = #{id => Mod,
-             start => {Mod, start_link, []},
-             restart => permanent,
-             shutdown => 5000,
-             type => worker,
-             modules => [Mod]},
-
-    ok  = emqx_mod_sup:start_child(Mod, worker),
-    ?assertError({already_started, _}, emqx_mod_sup:start_child(Spec)),
-
-    ok = emqx_mod_sup:stop_child(Mod),
-    {error, not_found} = emqx_mod_sup:stop_child(Mod),
-    ok.
-
diff --git a/apps/emqx_modules/test/emqx_modules_SUITE.erl b/apps/emqx_modules/test/emqx_modules_SUITE.erl
index 0ce8b0c5f..e8e0b3218 100644
--- a/apps/emqx_modules/test/emqx_modules_SUITE.erl
+++ b/apps/emqx_modules/test/emqx_modules_SUITE.erl
@@ -37,7 +37,6 @@ init_per_suite(Config) ->
     Config.
 
 set_special_cfg(_) ->
-    application:set_env(emqx, modules_loaded_file, emqx_ct_helpers:deps_path(emqx, "test/emqx_SUITE_data/loaded_modules")),
     ok.
 
 end_per_suite(_Config) ->
@@ -47,70 +46,67 @@ end_per_suite(_Config) ->
 t_load(_) ->
     ?assertEqual(ok, emqx_modules:unload()),
     ?assertEqual(ok, emqx_modules:load()),
-    ?assertEqual({error, not_found}, emqx_modules:load(not_existed_module)),
-    ?assertEqual({error, not_started}, emqx_modules:unload(emqx_mod_rewrite)),
-    ?assertEqual(ignore, emqx_modules:reload(emqx_mod_rewrite)).
+    ?assertEqual({error, not_started}, emqx_modules:unload(rewrite)),
+    ?assertEqual(ignore, emqx_modules:reload(rewrite)).
 
 t_list(_) ->
-    ?assertMatch([{_, _} | _ ], emqx_modules:list()).
+    emqx_modules:load(presence, #{qos => 1}),
+    ?assertMatch([_ | _ ], emqx_modules:list()),
+    emqx_modules:unload(presence).
 
 t_modules_api(_) ->
-    emqx_modules:load_module(emqx_mod_presence, false),
+    emqx_modules:load(presence, #{qos => 1}),
     timer:sleep(50),
     {ok, Modules1} = request_api(get, api_path(["modules"]), auth_header_()),
     [Modules11] = filter(get(<<"data">>, Modules1), <<"node">>, atom_to_binary(node(), utf8)),
-    [Module1] = filter(maps:get(<<"modules">>, Modules11), <<"name">>, <<"emqx_mod_presence">>),
-    ?assertEqual(<<"emqx_mod_presence">>, maps:get(<<"name">>, Module1)),
-    ?assertEqual(true, maps:get(<<"active">>, Module1)),
-
+    [Module1] = filter(maps:get(<<"modules">>, Modules11), <<"name">>, <<"presence">>),
+    ?assertEqual(<<"presence">>, maps:get(<<"name">>, Module1)),
     {ok, _} = request_api(put,
                           api_path(["modules",
-                                    atom_to_list(emqx_mod_presence),
+                                    atom_to_list(presence),
                                     "unload"]),
                           auth_header_()),
     {ok, Error1} = request_api(put,
                                api_path(["modules",
-                                         atom_to_list(emqx_mod_presence),
+                                         atom_to_list(presence),
                                          "unload"]),
                                auth_header_()),
     ?assertEqual(<<"not_started">>, get(<<"message">>, Error1)),
     {ok, Modules2} = request_api(get,
                                  api_path(["nodes", atom_to_list(node()), "modules"]),
                                  auth_header_()),
-    [Module2] = filter(get(<<"data">>, Modules2), <<"name">>, <<"emqx_mod_presence">>),
-    ?assertEqual(<<"emqx_mod_presence">>, maps:get(<<"name">>, Module2)),
-    ?assertEqual(false, maps:get(<<"active">>, Module2)),
+    [Module2] = filter(get(<<"data">>, Modules2), <<"name">>, <<"presence">>),
+    ?assertEqual(<<"presence">>, maps:get(<<"name">>, Module2)),
 
     {ok, _} = request_api(put,
                           api_path(["nodes",
                                     atom_to_list(node()),
                                     "modules",
-                                    atom_to_list(emqx_mod_presence),
+                                    atom_to_list(presence),
                                     "load"]),
                           auth_header_()),
     {ok, Modules3} = request_api(get,
                                  api_path(["nodes", atom_to_list(node()), "modules"]),
                                  auth_header_()),
-    [Module3] = filter(get(<<"data">>, Modules3), <<"name">>, <<"emqx_mod_presence">>),
-    ?assertEqual(<<"emqx_mod_presence">>, maps:get(<<"name">>, Module3)),
-    ?assertEqual(true, maps:get(<<"active">>, Module3)),
+    [Module3] = filter(get(<<"data">>, Modules3), <<"name">>, <<"presence">>),
+    ?assertEqual(<<"presence">>, maps:get(<<"name">>, Module3)),
 
     {ok, _} = request_api(put,
                           api_path(["nodes",
                                     atom_to_list(node()),
                                     "modules",
-                                    atom_to_list(emqx_mod_presence),
+                                    atom_to_list(presence),
                                     "unload"]),
                           auth_header_()),
     {ok, Error2} = request_api(put,
                                api_path(["nodes",
                                          atom_to_list(node()),
                                          "modules",
-                                         atom_to_list(emqx_mod_presence),
+                                         atom_to_list(presence),
                                          "unload"]),
                                auth_header_()),
     ?assertEqual(<<"not_started">>, get(<<"message">>, Error2)),
-    emqx_modules:unload(emqx_mod_presence).
+    emqx_modules:unload(presence).
 
 
 t_modules_cmd(_) ->
@@ -120,10 +116,10 @@ t_modules_cmd(_) ->
     meck:expect(emqx_modules, unload, fun(_) -> ok end),
     meck:expect(emqx_modules, reload, fun(_) -> ok end),
     ?assertEqual(emqx_modules:cli(["list"]), ok),
-    ?assertEqual(emqx_modules:cli(["load", "emqx_mod_presence"]),
-                 "Module emqx_mod_presence loaded successfully.\n"),
-    ?assertEqual(emqx_modules:cli(["unload", "emqx_mod_presence"]),
-                 "Module emqx_mod_presence unloaded successfully.\n"),
+    ?assertEqual(emqx_modules:cli(["load", "delayed"]),
+                 "Module delayed loaded successfully.\n"),
+    ?assertEqual(emqx_modules:cli(["unload", "delayed"]),
+                 "Module delayed unloaded successfully.\n"),
     unmock_print().
 
 %% For: https://github.com/emqx/emqx/issues/4511
diff --git a/apps/emqx_telemetry/src/emqx_telemetry.erl b/apps/emqx_telemetry/src/emqx_telemetry.erl
index dd6e7aa4c..9bf616b0a 100644
--- a/apps/emqx_telemetry/src/emqx_telemetry.erl
+++ b/apps/emqx_telemetry/src/emqx_telemetry.erl
@@ -307,12 +307,7 @@ active_plugins() ->
                     end, [], emqx_plugins:list()).
 
 active_modules() ->
-    lists:foldl(fun({Name, Persistent}, Acc) ->
-                    case Persistent of
-                        true -> [Name | Acc];
-                        false -> Acc
-                    end
-                end, [], emqx_modules:list()).
+    emqx_modules:list().
 
 num_clients() ->
     emqx_stats:getstat('connections.max').
diff --git a/data/loaded_modules.tmpl b/data/loaded_modules.tmpl
deleted file mode 100644
index 8dfe6453e..000000000
--- a/data/loaded_modules.tmpl
+++ /dev/null
@@ -1,2 +0,0 @@
-{emqx_mod_presence, true}.
-{emqx_mod_recon, true}.
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
index 80a0c832c..dc23386dc 100644
--- a/data/loaded_plugins.tmpl
+++ b/data/loaded_plugins.tmpl
@@ -1,4 +1,3 @@
 {emqx_management, true}.
 {emqx_dashboard, true}.
-{emqx_modules, {{enable_plugin_emqx_modules}}}.
 {emqx_retainer, {{enable_plugin_emqx_retainer}}}.
diff --git a/rebar.config.erl b/rebar.config.erl
index 5d5d02d05..13bbb1c15 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -192,8 +192,8 @@ overlay_vars_rel(RelType) ->
                  cloud -> "vm.args";
                  edge -> "vm.args.edge"
              end,
-    [ {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce
-    , {enable_plugin_emqx_retainer, true}
+    [
+      {enable_plugin_emqx_retainer, true}
     , {vm_args_file, VmArgs}
     ].
 
@@ -256,9 +256,9 @@ relx_apps(ReleaseType) ->
     , emqx_data_bridge
     , emqx_rule_engine
     , emqx_bridge_mqtt
+    , emqx_modules
     ]
     ++ [emqx_telemetry || not is_enterprise()]
-    ++ [emqx_modules || not is_enterprise()]
     ++ [emqx_license || is_enterprise()]
     ++ [bcrypt || provide_bcrypt_release(ReleaseType)]
     ++ relx_apps_per_rel(ReleaseType)
@@ -318,7 +318,6 @@ relx_overlay(ReleaseType) ->
     , {mkdir, "data/patches"}
     , {mkdir, "data/scripts"}
     , {template, "data/loaded_plugins.tmpl", "data/loaded_plugins"}
-    , {template, "data/loaded_modules.tmpl", "data/loaded_modules"}
     , {template, "data/emqx_vars", "releases/emqx_vars"}
     , {template, "data/BUILT_ON", "releases/{{release_version}}/BUILT_ON"}
     , {copy, "bin/emqx", "bin/emqx"}
@@ -376,6 +375,7 @@ emqx_etc_overlay_common() ->
      {"{{base_dir}}/lib/emqx_authz/etc/emqx_authz.conf", "etc/plugins/authz.conf"},
      {"{{base_dir}}/lib/emqx_rule_engine/etc/emqx_rule_engine.conf", "etc/plugins/emqx_rule_engine.conf"},
      {"{{base_dir}}/lib/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf", "etc/plugins/emqx_bridge_mqtt.conf"},
+     {"{{base_dir}}/lib/emqx_modules/etc/emqx_modules.conf", "etc/plugins/emqx_modules.conf"},
      %% TODO: check why it has to end with .paho
      %% and why it is put to etc/plugins dir
      {"{{base_dir}}/lib/emqx/etc/acl.conf.paho", "etc/plugins/acl.conf.paho"}].

From 2c7fd0b547140e810d2e5e3ecca0ff14a54b5ebd Mon Sep 17 00:00:00 2001
From: DDDHuang <44492639+DDDHuang@users.noreply.github.com>
Date: Fri, 2 Jul 2021 00:02:09 +0800
Subject: [PATCH 145/174] chore: mgmt hoconf support (#5153)

---
 apps/emqx_authz/test/emqx_authz_api_SUITE.erl |  12 +
 .../test/emqx_dashboard_SUITE.erl             |  17 +-
 apps/emqx_management/etc/emqx_management.conf |  91 +++----
 .../priv/emqx_management.schema               | 239 ------------------
 .../src/emqx_management_schema.erl            |  62 +++++
 apps/emqx_management/src/emqx_mgmt_app.erl    |   7 +
 apps/emqx_management/src/emqx_mgmt_auth.erl   |   6 +-
 apps/emqx_management/src/emqx_mgmt_http.erl   |   4 +-
 apps/emqx_management/test/emqx_mgmt_SUITE.erl |  28 +-
 .../test/emqx_mgmt_api_SUITE.erl              |  16 +-
 .../test/etc/emqx_management.conf             |  72 +++---
 apps/emqx_modules/test/emqx_modules_SUITE.erl |  15 +-
 12 files changed, 218 insertions(+), 351 deletions(-)
 delete mode 100644 apps/emqx_management/priv/emqx_management.schema
 create mode 100644 apps/emqx_management/src/emqx_management_schema.erl

diff --git a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
index 59dac3d71..b813ad1f7 100644
--- a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
@@ -61,6 +61,18 @@ set_special_configs(emqx_authz) ->
     ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
     % emqx_config:put([emqx_authz], #{rules => []}),
     ok;
+
+set_special_configs(emqx_management) ->
+    application:set_env(emqx, plugins_etc_dir,
+        emqx_ct_helpers:deps_path(emqx_management, "test")),
+    Conf = #{<<"emqx_management">> => #{
+        <<"listeners">> => [#{
+            <<"protocol">> => <<"http">>
+        }]}
+    },
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    ok;
+
 set_special_configs(_App) ->
     ok.
 
diff --git a/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl b/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
index be77d474b..afec49419 100644
--- a/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
+++ b/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
@@ -54,13 +54,26 @@ groups() ->
     ].
 
 init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_modules, emqx_management, emqx_dashboard]),
+    emqx_ct_helpers:start_apps([emqx_management, emqx_dashboard],fun set_special_configs/1),
     Config.
 
 end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_dashboard, emqx_management, emqx_modules]),
+    emqx_ct_helpers:stop_apps([emqx_dashboard, emqx_management]),
     ekka_mnesia:ensure_stopped().
 
+set_special_configs(emqx_management) ->
+    application:set_env(emqx, plugins_etc_dir,
+        emqx_ct_helpers:deps_path(emqx_management, "test")),
+    Conf = #{<<"emqx_management">> => #{
+        <<"listeners">> => [#{
+            <<"protocol">> => <<"http">>
+        }]}
+    },
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_) ->
+    ok.
+
 t_overview(_) ->
     [?assert(request_dashboard(get, api_path(erlang:atom_to_list(Overview)), auth_header_()))|| Overview <- ?OVERVIEWS].
 
diff --git a/apps/emqx_management/etc/emqx_management.conf b/apps/emqx_management/etc/emqx_management.conf
index 05a3008fa..62f26474c 100644
--- a/apps/emqx_management/etc/emqx_management.conf
+++ b/apps/emqx_management/etc/emqx_management.conf
@@ -1,53 +1,38 @@
-##--------------------------------------------------------------------
-## EMQ X Management Plugin
-##--------------------------------------------------------------------
-
-## Max Row Limit
-management.max_row_limit = 10000
-
-## Application default secret
-##
-## Value: String
-## management.application.default_secret = public
-
-## Default Application ID
-##
-## Value: String
-management.default_application.id = admin
-
-## Default Application Secret
-##
-## Value: String
-management.default_application.secret = public
-
-##--------------------------------------------------------------------
-## HTTP Listener
-
-management.listener.http.port = 8081
-management.listener.http.acceptors = 2
-management.listener.http.max_clients = 512
-management.listener.http.backlog = 512
-management.listener.http.send_timeout = 15s
-management.listener.http.send_timeout_close = on
-management.listener.http.inet6 = false
-management.listener.http.ipv6_v6only = false
-
-##--------------------------------------------------------------------
-## HTTPS Listener
-
-## management.listener.https.port = 8081
-## management.listener.https.acceptors = 2
-## management.listener.https.max_clients = 512
-## management.listener.https.backlog = 512
-## management.listener.https.send_timeout = 15s
-## management.listener.https.send_timeout_close = on
-## management.listener.https.certfile = "etc/certs/cert.pem"
-## management.listener.https.keyfile = "etc/certs/key.pem"
-## management.listener.https.cacertfile = "etc/certs/cacert.pem"
-## management.listener.https.verify = verify_peer
-## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-## management.listener.https.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
-## management.listener.https.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
-## management.listener.https.fail_if_no_peer_cert = true
-## management.listener.https.inet6 = false
-## management.listener.https.ipv6_v6only = false
+emqx_management:{
+    default_application_id: "admin"
+    default_application_secret: "public"
+    max_row_limit: 10000
+    listeners: [
+        {
+            num_acceptors: 4
+            max_connections: 512
+            protocol: "http"
+            port: 8081
+            backlog: 512
+            send_timeout: 15s
+            send_timeout_close: on
+            inet6: false
+            ipv6_v6only: false
+        }
+##        ,
+##        {
+##            protocol: https
+##            port: 8081
+##            acceptors: 2
+##            backlog: 512
+##            send_timeout: 15s
+##            send_timeout_close: on
+##            inet6: false
+##            ipv6_v6only: false
+##            certfile = "etc/certs/cert.pem"
+##            keyfile = "etc/certs/key.pem"
+##            cacertfile = "etc/certs/cacert.pem"
+##            verify = verify_peer
+##            tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
+##            ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
+##            fail_if_no_peer_cert = true
+##            inet6 = false
+##            ipv6_v6only = false
+##        }
+    ]
+}
diff --git a/apps/emqx_management/priv/emqx_management.schema b/apps/emqx_management/priv/emqx_management.schema
deleted file mode 100644
index 4e887809e..000000000
--- a/apps/emqx_management/priv/emqx_management.schema
+++ /dev/null
@@ -1,239 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_management config mapping
-
-{mapping, "management.max_row_limit", "emqx_management.max_row_limit", [
-  {default, 10000},
-  {datatype, integer}
-]}.
-
-{mapping, "management.default_application.id", "emqx_management.default_application_id", [
-  {default, undefined},
-  {datatype, string}
-]}.
-
-{mapping, "management.default_application.secret", "emqx_management.default_application_secret", [
-  {default, undefined},
-  {datatype, string}
-]}.
-
-{mapping, "management.application.default_secret", "emqx_management.application", [
-  {default, undefined},
-  {datatype, string}
-]}.
-
-{mapping, "management.listener.http.port", "emqx_management.listeners", [
-  {datatype, [integer, ip]}
-]}.
-
-{mapping, "management.listener.http.acceptors", "emqx_management.listeners", [
-  {default, 4},
-  {datatype, integer}
-]}.
-
-{mapping, "management.listener.http.max_clients", "emqx_management.listeners", [
-  {default, 512},
-  {datatype, integer}
-]}.
-
-{mapping, "management.listener.http.backlog", "emqx_management.listeners", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "management.listener.http.send_timeout", "emqx_management.listeners", [
-  {datatype, {duration, ms}},
-  {default, "15s"}
-]}.
-
-{mapping, "management.listener.http.send_timeout_close", "emqx_management.listeners", [
-  {datatype, flag},
-  {default, on}
-]}.
-
-{mapping, "management.listener.http.recbuf", "emqx_management.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "management.listener.http.sndbuf", "emqx_management.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "management.listener.http.buffer", "emqx_management.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "management.listener.http.tune_buffer", "emqx_management.listeners", [
-  {datatype, flag},
-  hidden
-]}.
-
-{mapping, "management.listener.http.nodelay", "emqx_management.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-{mapping, "management.listener.http.inet6", "emqx_management.listeners", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "management.listener.http.ipv6_v6only", "emqx_management.listeners", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "management.listener.https.port", "emqx_management.listeners", [
-  {datatype, [integer, ip]}
-]}.
-
-{mapping, "management.listener.https.acceptors", "emqx_management.listeners", [
-  {default, 8},
-  {datatype, integer}
-]}.
-
-{mapping, "management.listener.https.max_clients", "emqx_management.listeners", [
-  {default, 64},
-  {datatype, integer}
-]}.
-
-{mapping, "management.listener.https.backlog", "emqx_management.listeners", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "management.listener.https.send_timeout", "emqx_management.listeners", [
-  {datatype, {duration, ms}},
-  {default, "15s"}
-]}.
-
-{mapping, "management.listener.https.send_timeout_close", "emqx_management.listeners", [
-  {datatype, flag},
-  {default, on}
-]}.
-
-{mapping, "management.listener.https.recbuf", "emqx_management.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "management.listener.https.sndbuf", "emqx_management.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "management.listener.https.buffer", "emqx_management.listeners", [
-  {datatype, bytesize},
-  hidden
-]}.
-
-{mapping, "management.listener.https.tune_buffer", "emqx_management.listeners", [
-  {datatype, flag},
-  hidden
-]}.
-
-{mapping, "management.listener.https.nodelay", "emqx_management.listeners", [
-  {datatype, {enum, [true, false]}},
-  hidden
-]}.
-
-{mapping, "management.listener.https.keyfile", "emqx_management.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "management.listener.https.certfile", "emqx_management.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "management.listener.https.cacertfile", "emqx_management.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "management.listener.https.verify", "emqx_management.listeners", [
-  {datatype, atom}
-]}.
-
-{mapping, "management.listener.https.ciphers", "emqx_management.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "management.listener.https.tls_versions", "emqx_management.listeners", [
-  {datatype, string}
-]}.
-
-{mapping, "management.listener.https.fail_if_no_peer_cert", "emqx_management.listeners", [
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "management.listener.https.inet6", "emqx_management.listeners", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "management.listener.https.ipv6_v6only", "emqx_management.listeners", [
-  {default, false},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{translation, "emqx_management.application", fun(Conf) ->
-  Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  Opts = fun(Prefix) ->
-            Filter([{default_secret, cuttlefish:conf_get(Prefix ++ ".default_secret", Conf)}])
-         end,
-  Prefix = "management.application",
-  Transfer = fun(default_secret, V) -> list_to_binary(V);
-                (_, V) -> V
-             end,
-  [{K, Transfer(K, V)}|| {K, V} <- Opts(Prefix)]
-end}.
-
-{translation, "emqx_management.listeners", fun(Conf) ->
-  Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  Opts = fun(Prefix) ->
-             Filter([{num_acceptors,   cuttlefish:conf_get(Prefix ++ ".acceptors", Conf)},
-                     {max_connections, cuttlefish:conf_get(Prefix ++ ".max_clients", Conf)}])
-         end,
-  TcpOpts = fun(Prefix) ->
-                Filter([{backlog, cuttlefish:conf_get(Prefix ++ ".backlog", Conf, undefined)},
-                        {send_timeout, cuttlefish:conf_get(Prefix ++ ".send_timeout", Conf, undefined)},
-                        {send_timeout_close, cuttlefish:conf_get(Prefix ++ ".send_timeout_close", Conf, undefined)},
-                        {recbuf,  cuttlefish:conf_get(Prefix ++ ".recbuf", Conf, undefined)},
-                        {sndbuf,  cuttlefish:conf_get(Prefix ++ ".sndbuf", Conf, undefined)},
-                        {buffer,  cuttlefish:conf_get(Prefix ++ ".buffer", Conf, undefined)},
-                        {nodelay, cuttlefish:conf_get(Prefix ++ ".nodelay", Conf, true)},
-                        {inet6, cuttlefish:conf_get(Prefix ++ ".inet6", Conf)},
-                        {ipv6_v6only, cuttlefish:conf_get(Prefix ++ ".ipv6_v6only", Conf)}])
-            end,
-
-  SplitFun = fun(undefined) -> undefined; (S) -> string:tokens(S, ",") end,
-
-  SslOpts = fun(Prefix) ->
-               Versions = case SplitFun(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf, undefined)) of
-                              undefined -> undefined;
-                              L -> [list_to_atom(V) || V <- L]
-                          end,
-                Filter([{versions, Versions},
-                        {ciphers, SplitFun(cuttlefish:conf_get(Prefix ++ ".ciphers", Conf, undefined))},
-                        {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
-                        {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
-                        {verify,     cuttlefish:conf_get(Prefix ++ ".verify", Conf, undefined)},
-                        {fail_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".fail_if_no_peer_cert", Conf, undefined)}])
-              end,
-    lists:foldl(
-      fun(Proto, Acc) ->
-          Prefix = "management.listener." ++ atom_to_list(Proto),
-          case cuttlefish:conf_get(Prefix ++ ".port", Conf, undefined) of
-              undefined -> Acc;
-              Port ->
-                  [{Proto, Port, TcpOpts(Prefix) ++ Opts(Prefix)
-                    ++ case Proto of
-                         http -> [];
-                         https -> SslOpts(Prefix)
-                       end} | Acc]
-          end
-      end, [], [http, https])
-end}.
-
diff --git a/apps/emqx_management/src/emqx_management_schema.erl b/apps/emqx_management/src/emqx_management_schema.erl
new file mode 100644
index 000000000..02f3e2f1a
--- /dev/null
+++ b/apps/emqx_management/src/emqx_management_schema.erl
@@ -0,0 +1,62 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+-module(emqx_management_schema).
+
+-include_lib("typerefl/include/types.hrl").
+
+-behaviour(hocon_schema).
+
+-export([ structs/0
+    , fields/1]).
+
+structs() -> ["emqx_management"].
+
+fields("emqx_management") ->
+    [ {default_application_id, fun default_application_id/1}
+    , {default_application_secret, fun default_application_secret/1}
+    , {max_row_limit, fun max_row_limit/1}
+    , {listeners, hoconsc:array(hoconsc:union([hoconsc:ref("http"), hoconsc:ref("https")]))}
+    ];
+
+fields("http") ->
+    [ {"protocol", emqx_schema:t(string(), undefined, "http")}
+    , {"port", emqx_schema:t(integer(), undefined, 8081)}
+    , {"num_acceptors", emqx_schema:t(integer(), undefined, 4)}
+    , {"max_connections", emqx_schema:t(integer(), undefined, 512)}
+    , {"backlog", emqx_schema:t(integer(), undefined, 1024)}
+    , {"send_timeout", emqx_schema:t(emqx_schema:duration(), undefined, "15s")}
+    , {"send_timeout_close", emqx_schema:t(emqx_schema:flag(), undefined, true)}
+    , {"inet6", emqx_schema:t(boolean(), undefined, false)}
+    , {"ipv6_v6only", emqx_schema:t(boolean(), undefined, false)}
+    ];
+
+fields("https") ->
+    emqx_schema:ssl(undefined, #{enable => true}) ++ fields("http").
+
+default_application_id(type) -> string();
+default_application_id(default) -> "admin";
+default_application_id(nullable) -> true;
+default_application_id(_) -> undefined.
+
+default_application_secret(type) -> string();
+default_application_secret(default) -> "public";
+default_application_secret(nullable) -> true;
+default_application_secret(_) -> undefined.
+
+max_row_limit(type) -> integer();
+max_row_limit(default) -> 1000;
+max_row_limit(nullable) -> false;
+max_row_limit(_) -> undefined.
diff --git a/apps/emqx_management/src/emqx_mgmt_app.erl b/apps/emqx_management/src/emqx_mgmt_app.erl
index 824e218f2..7161435f6 100644
--- a/apps/emqx_management/src/emqx_mgmt_app.erl
+++ b/apps/emqx_management/src/emqx_mgmt_app.erl
@@ -20,6 +20,8 @@
 
 -emqx_plugin(?MODULE).
 
+-define(APP, emqx_management).
+
 -export([ start/2
         , stop/1
         ]).
@@ -27,6 +29,11 @@
 -include("emqx_mgmt.hrl").
 
 start(_Type, _Args) ->
+    Conf = filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'),
+    {ok, RawConf} = hocon:load(Conf),
+    #{emqx_management := Config} =
+        hocon_schema:check_plain(emqx_management_schema, RawConf, #{atom_key => true}),
+    [application:set_env(?APP, Key, maps:get(Key, Config)) || Key <- maps:keys(Config)],
     {ok, Sup} = emqx_mgmt_sup:start_link(),
     ok = ekka_rlog:wait_for_shards([?MANAGEMENT_SHARD], infinity),
     _ = emqx_mgmt_auth:add_default_app(),
diff --git a/apps/emqx_management/src/emqx_mgmt_auth.erl b/apps/emqx_management/src/emqx_mgmt_auth.erl
index 3998f6006..297de0196 100644
--- a/apps/emqx_management/src/emqx_mgmt_auth.erl
+++ b/apps/emqx_management/src/emqx_mgmt_auth.erl
@@ -129,11 +129,7 @@ force_add_app(AppId, Name, Secret, Desc, Status, Expired) ->
 generate_appsecret_if_need(InSecrt) when is_binary(InSecrt), byte_size(InSecrt) > 0 ->
     InSecrt;
 generate_appsecret_if_need(_) ->
-    AppConf = application:get_env(?APP, application, []),
-    case proplists:get_value(default_secret,  AppConf) of
-       undefined -> emqx_guid:to_base62(emqx_guid:gen());
-       Secret when is_binary(Secret) -> Secret
-    end.
+    emqx_guid:to_base62(emqx_guid:gen()).
 
 -spec(get_appsecret(appid()) -> {appsecret() | undefined}).
 get_appsecret(AppId) when is_binary(AppId) ->
diff --git a/apps/emqx_management/src/emqx_mgmt_http.erl b/apps/emqx_management/src/emqx_mgmt_http.erl
index 4b927a982..c23219e5d 100644
--- a/apps/emqx_management/src/emqx_mgmt_http.erl
+++ b/apps/emqx_management/src/emqx_mgmt_http.erl
@@ -78,7 +78,9 @@ stop_listener({Proto, Port, _}) ->
     minirest:stop_http(listener_name(Proto)).
 
 listeners() ->
-    application:get_env(?APP, listeners, []).
+    [{list_to_atom(Protocol), Port, maps:to_list(maps:without([protocol, port], Map))}
+        || Map = #{protocol := Protocol,port := Port}
+        <- application:get_env(?APP, listeners, [])].
 
 listener_name(Proto) ->
     list_to_atom(atom_to_list(Proto) ++ ":management").
diff --git a/apps/emqx_management/test/emqx_mgmt_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
index 84d5f2ebb..f14cc0fef 100644
--- a/apps/emqx_management/test/emqx_mgmt_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
@@ -53,18 +53,30 @@ groups() ->
        ]}].
 
 apps() ->
-    [emqx_management, emqx_retainer, emqx_modules].
+    [emqx_management, emqx_retainer].
 
 init_per_suite(Config) ->
-    application:set_env(ekka, strict_mode, true),
     ekka_mnesia:start(),
     emqx_mgmt_auth:mnesia(boot),
-    emqx_ct_helpers:start_apps(apps()),
+    emqx_ct_helpers:start_apps(apps(), fun set_special_configs/1),
     Config.
 
 end_per_suite(_Config) ->
     emqx_ct_helpers:stop_apps(apps()).
 
+set_special_configs(emqx_management) ->
+    application:set_env(emqx, plugins_etc_dir,
+        emqx_ct_helpers:deps_path(emqx_management, "test")),
+    Conf = #{<<"emqx_management">> => #{
+        <<"listeners">> => [#{
+            <<"protocol">> => <<"http">>
+        }]}
+    },
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
 t_app(_Config) ->
     {ok, AppSecret} = emqx_mgmt_auth:add_app(<<"app_id">>, <<"app_name">>),
     ?assert(emqx_mgmt_auth:is_authorized(<<"app_id">>, AppSecret)),
@@ -74,16 +86,6 @@ t_app(_Config) ->
                   true, undefined},
                  lists:keyfind(<<"app_id">>, 1, emqx_mgmt_auth:list_apps())),
     emqx_mgmt_auth:del_app(<<"app_id">>),
-    %% Use the default application secret
-    application:set_env(emqx_management, application, [{default_secret, <<"public">>}]),
-    {ok, AppSecret1} = emqx_mgmt_auth:add_app(
-                         <<"app_id">>, <<"app_name">>, <<"app_desc">>, true, undefined),
-    ?assert(emqx_mgmt_auth:is_authorized(<<"app_id">>, AppSecret1)),
-    ?assertEqual(AppSecret1, emqx_mgmt_auth:get_appsecret(<<"app_id">>)),
-    ?assertEqual(AppSecret1, <<"public">>),
-    ?assertEqual({<<"app_id">>, AppSecret1, <<"app_name">>, <<"app_desc">>, true, undefined},
-                 lists:keyfind(<<"app_id">>, 1, emqx_mgmt_auth:list_apps())),
-    emqx_mgmt_auth:del_app(<<"app_id">>),
     application:set_env(emqx_management, application, []),
     %% Specify the application secret
     {ok, AppSecret2} = emqx_mgmt_auth:add_app(
diff --git a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
index 9e6347c65..0785b9563 100644
--- a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
@@ -37,8 +37,7 @@ all() ->
     emqx_ct:all(?MODULE).
 
 init_per_suite(Config) ->
-    application:load(emqx_modules),
-    emqx_ct_helpers:start_apps([emqx_management]),
+    emqx_ct_helpers:start_apps([emqx_management], fun set_special_configs/1),
     Config.
 
 end_per_suite(Config) ->
@@ -51,6 +50,19 @@ init_per_testcase(_, Config) ->
 end_per_testcase(_, Config) ->
     Config.
 
+set_special_configs(emqx_management) ->
+    application:set_env(emqx, plugins_etc_dir,
+        emqx_ct_helpers:deps_path(emqx_management, "test")),
+    Conf = #{<<"emqx_management">> => #{
+        <<"listeners">> => [#{
+            <<"protocol">> => <<"http">>
+        }]}
+    },
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
 get(Key, ResponseBody) ->
    maps:get(Key, jiffy:decode(list_to_binary(ResponseBody), [return_maps])).
 
diff --git a/apps/emqx_management/test/etc/emqx_management.conf b/apps/emqx_management/test/etc/emqx_management.conf
index cec70cc8e..e54164cbd 100644
--- a/apps/emqx_management/test/etc/emqx_management.conf
+++ b/apps/emqx_management/test/etc/emqx_management.conf
@@ -1,35 +1,39 @@
-##--------------------------------------------------------------------
-## EMQ X Management Plugin
-##--------------------------------------------------------------------
+emqx_management:{
+    default_application_id: "admin"
+    default_application_secret: "public"
+    max_row_limit: 10000
+    listeners: [
+        {
+            num_acceptors: 4
+            max_connections: 512
+            protocol: "http"
+            port: 8080
+            backlog: 512
+            send_timeout: 15s
+            send_timeout_close: on
+            inet6: false
+            ipv6_v6only: false
+        }
+##        ,
+##        {
+##            protocol: https
+##            port: 8081
+##            acceptors: 2
+##            backlog: 512
+##            send_timeout: 15s
+##            send_timeout_close: on
+##            inet6: false
+##            ipv6_v6only: false
+##            certfile = "etc/certs/cert.pem"
+##            keyfile = "etc/certs/key.pem"
+##            cacertfile = "etc/certs/cacert.pem"
+##            verify = verify_peer
+##            tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
+##            ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
+##            fail_if_no_peer_cert = true
+##            inet6 = false
+##            ipv6_v6only = false
+##        }
+    ]
+}
 
-## Max Row Limit
-management.max_row_limit = 10000
-
-## Application default secret
-#
-# management.application.default_secret = public
-
-##--------------------------------------------------------------------
-## HTTP Listener
-
-management.listener.http = 8080
-management.listener.http.acceptors = 2
-management.listener.http.max_clients = 512
-management.listener.http.backlog = 512
-management.listener.http.send_timeout = 15s
-management.listener.http.send_timeout_close = on
-
-##--------------------------------------------------------------------
-## HTTPS Listener
-
-## management.listener.https = 8081
-## management.listener.https.acceptors = 2
-## management.listener.https.max_clients = 512
-## management.listener.https.backlog = 512
-## management.listener.https.send_timeout = 15s
-## management.listener.https.send_timeout_close = on
-## management.listener.https.certfile = etc/certs/cert.pem
-## management.listener.https.keyfile = etc/certs/key.pem
-## management.listener.https.cacertfile = etc/certs/cacert.pem
-## management.listener.https.verify = verify_peer
-## management.listener.https.fail_if_no_peer_cert = true
diff --git a/apps/emqx_modules/test/emqx_modules_SUITE.erl b/apps/emqx_modules/test/emqx_modules_SUITE.erl
index e8e0b3218..db85cbd0e 100644
--- a/apps/emqx_modules/test/emqx_modules_SUITE.erl
+++ b/apps/emqx_modules/test/emqx_modules_SUITE.erl
@@ -32,11 +32,22 @@
 all() -> emqx_ct:all(?MODULE).
 
 init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_management, emqx_modules], fun set_special_cfg/1),
+    emqx_ct_helpers:start_apps([emqx_management, emqx_modules], fun set_special_configs/1),
     emqx_ct_http:create_default_app(),
     Config.
 
-set_special_cfg(_) ->
+set_special_configs(emqx_management) ->
+    application:set_env(emqx, modules_loaded_file, emqx_ct_helpers:deps_path(emqx, "test/emqx_SUITE_data/loaded_modules")),
+    application:set_env(emqx, plugins_etc_dir,
+        emqx_ct_helpers:deps_path(emqx_management, "test")),
+    Conf = #{<<"emqx_management">> => #{
+        <<"listeners">> => [#{
+            <<"protocol">> => <<"http">>
+        }]}
+    },
+    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    ok;
+set_special_configs(_) ->
     ok.
 
 end_per_suite(_Config) ->

From 8266a79867682e747b96c693bcd6f98d9f1675f5 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 2 Jul 2021 12:11:47 +0800
Subject: [PATCH 146/174] feat(conf): cluster/node conf to hocon

---
 apps/emqx/etc/emqx.conf | 538 ++++++++++++++++++++--------------------
 1 file changed, 270 insertions(+), 268 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index c3368a0c7..d179b9a11 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -1,319 +1,321 @@
 ## EMQ X Configuration 4.3
 
-## NOTE: Do not change format of CONFIG_SECTION_{BGN,END} comments!
-
-## CONFIG_SECTION_BGN=cluster ==================================================
-
-## Cluster name.
-##
-## Value: String
-cluster.name = emqxcl
-
-## Specify the erlang distributed protocol.
-##
-## Value: Enum
-##  - inet_tcp: the default; handles TCP streams with IPv4 addressing.
-##  - inet6_tcp: handles TCP with IPv6 addressing.
-##  - inet_tls: using TLS for Erlang Distribution.
-##
-## vm.args: -proto_dist inet_tcp
-cluster.proto_dist = inet_tcp
-
-## Cluster auto-discovery strategy.
-##
-## Value: Enum
-## - manual: Manual join command
-## - static: Static node list
-## - mcast:  IP Multicast
-## - dns:    DNS A Record
-## - etcd:   etcd
-## - k8s:    Kubernetes
-##
-## Default: manual
-cluster.discovery = manual
-
-## Enable cluster autoheal from network partition.
-##
-## Value: on | off
-##
-## Default: on
-cluster.autoheal = on
-
-## Autoclean down node. A down node will be removed from the cluster
-## if this value > 0.
-##
-## Value: Duration
-## -h: hour, e.g. '2h' for 2 hours
-## -m: minute, e.g. '5m' for 5 minutes
-## -s: second, e.g. '30s' for 30 seconds
-##
-## Default: 5m
-cluster.autoclean = 5m
-
 ##--------------------------------------------------------------------
-## Cluster using static node list
-
-## Node list of the cluster.
-##
-## Value: String
-## cluster.static.seeds = "emqx1@127.0.0.1,emqx2@127.0.0.1"
-
+## Cluster
 ##--------------------------------------------------------------------
-## Cluster using IP Multicast.
+cluster: {
+    ## Cluster name.
+    ##
+    ## Value: String
+    name: emqxcl
 
-## IP Multicast Address.
-##
-## Value: IP Address
-## cluster.mcast.addr = "239.192.0.1"
+    ## Cluster auto-discovery strategy.
+    ##
+    ## Value: Enum
+    ## - manual: Manual join command
+    ## - static: Static node list
+    ## - mcast:  IP Multicast
+    ## - dns:    DNS A Record
+    ## - etcd:   etcd
+    ## - k8s:    Kubernetes
+    ##
+    ## Default: manual
+    discovery: manual
 
-## Multicast Ports.
-##
-## Value: Port List
-## cluster.mcast.ports = "4369,4370"
+    ## Autoclean down node. A down node will be removed from the cluster
+    ## if this value > 0.
+    ##
+    ## Value: Duration
+    ## -h: hour, e.g. '2h' for 2 hours
+    ## -m: minute, e.g. '5m' for 5 minutes
+    ## -s: second, e.g. '30s' for 30 seconds
+    ##
+    ## Default: 5m
+    autoclean: "5m"
 
-## Multicast Iface.
-##
-## Value: Iface Address
-##
-## Default: "0.0.0.0"
-## cluster.mcast.iface = "0.0.0.0"
+    ## Enable cluster autoheal from network partition.
+    ##
+    ## Value: on | off
+    ##
+    ## Default: on
+    autoheal: on
 
-## Multicast Ttl.
-##
-## Value: 0-255
-## cluster.mcast.ttl = 255
+    ## Specify the erlang distributed protocol.
+    ##
+    ## Value: Enum
+    ##  - inet_tcp: the default; handles TCP streams with IPv4 addressing.
+    ##  - inet6_tcp: handles TCP with IPv6 addressing.
+    ##  - inet_tls: using TLS for Erlang Distribution.
+    ##
+    ## vm.args: -proto_dist inet_tcp
+    proto_dist: inet_tcp
 
-## Multicast loop.
-##
-## Value: on | off
-## cluster.mcast.loop = on
+    ## Cluster using static node list
+    static: {
+        ## Node list of the cluster.
+        ##
+        ## Value: String
+        ## seeds: "emqx1@127.0.0.1,emqx2@127.0.0.1"
+    }
 
-##--------------------------------------------------------------------
-## Cluster using DNS A records.
+    ##--------------------------------------------------------------------
+    ## Cluster using IP Multicast.
+    mcast: {
+        ## IP Multicast Address.
+        ##
+        ## Value: IP Address
+        ## addr = "239.192.0.1"
 
-## DNS name.
-##
-## Value: String
-## cluster.dns.name = localhost
+        ## Multicast Ports.
+        ##
+        ## Value: Port List
+        ## ports = "4369,4370"
 
-## The App name is used to build 'node.name' with IP address.
-##
-## Value: String
-## cluster.dns.app = emqx
+        ## Multicast Iface.
+        ##
+        ## Value: Iface Address
+        ##
+        ## Default: "0.0.0.0"
+        ## iface: "0.0.0.0"
 
-##--------------------------------------------------------------------
-## Cluster using etcd
+        ## Multicast Ttl.
+        ##
+        ## Value: 0-255
+        ## ttl: 255
 
-## Etcd server list, seperated by ','.
-##
-## Value: String
-## cluster.etcd.server = "http://127.0.0.1:2379"
+        ## Multicast loop.
+        ##
+        ## Value: on | off
+        ## loop: on
+    }
 
-## Etcd api version
-##
-## Value: Enum
-## - v2
-## - v3
-## cluster.etcd.version = v3
+    ##--------------------------------------------------------------------
+    ## Cluster using DNS A records.
+    dns: {
+        ## DNS name.
+        ##
+        ## Value: String
+        ## name: localhost
 
-## The prefix helps build nodes path in etcd. Each node in the cluster
-## will create a path in etcd: v2/keys/<prefix>/<cluster.name>/<node.name>
-##
-## Value: String
-## cluster.etcd.prefix = emqxcl
+        ## The App name is used to build 'node.name' with IP address.
+        ##
+        ## Value: String
+        ## app: emqx
+    }
 
-## The TTL for node's path in etcd.
-##
-## Value: Duration
-##
-## Default: 1m, 1 minute
-## cluster.etcd.node_ttl = 1m
+    ##--------------------------------------------------------------------
+    ## Cluster using etcd
+    etcd: {
+        ## Etcd server list, seperated by ','.
+        ##
+        ## Value: String
+        ## server: "http://127.0.0.1:2379"
 
-## Path to a file containing the client's private PEM-encoded key.
-##
-## Value: File
-## cluster.etcd.ssl.keyfile = "{{ platform_etc_dir }}/certs/client-key.pem"
+        ## Etcd api version
+        ##
+        ## Value: Enum
+        ## - v2
+        ## - v3
+        ## version: v3
 
-## The path to a file containing the client's certificate.
-##
-## Value: File
-## cluster.etcd.ssl.certfile = "{{ platform_etc_dir }}/certs/client.pem"
+        ## The prefix helps build nodes path in etcd. Each node in the cluster
+        ## will create a path in etcd: v2/keys/<prefix>/<cluster.name>/<node.name>
+        ##
+        ## Value: String
+        ## prefix: emqxcl
 
-## Path to the file containing PEM-encoded CA certificates. The CA certificates
-## are used during server authentication and when building the client certificate chain.
-##
-## Value: File
-## cluster.etcd.ssl.cacertfile = "{{ platform_etc_dir }}/certs/ca.pem"
+        ## The TTL for node's path in etcd.
+        ##
+        ## Value: Duration
+        ##
+        ## Default: 1m, 1 minute
+        ## node_ttl: 1m
 
-##--------------------------------------------------------------------
-## Cluster using Kubernetes
+        ## ssl:{
+        ##     Path to a file containing the client's private PEM-encoded key.
+        ##     Value: File
+        ##     keyfile: "{{ platform_etc_dir }}/certs/client-key.pem"
 
-## Kubernetes API server list, seperated by ','.
-##
-## Value: String
-## cluster.k8s.apiserver = "http://10.110.111.204:8080"
+        ##     The path to a file containing the client's certificate.
+        ##     Value: File
+        ##     certfile: "{{ platform_etc_dir }}/certs/client.pem"
 
-## The service name helps lookup EMQ nodes in the cluster.
-##
-## Value: String
-## cluster.k8s.service_name = emqx
+        ##     Path to the file containing PEM-encoded CA certificates. The CA certificates
+        ##     are used during server authentication and when building the client certificate chain.
+        ##     Value: File
+        ##     cacertfile: "{{ platform_etc_dir }}/certs/ca.pem"
+        # }
+    }
+    ##--------------------------------------------------------------------
+    ## Cluster using Kubernetes
+    k8s: {
+        # Kubernetes API server list, seperated by ','.
+        # Value: String
+        # apiserver: "http://10.110.111.204:8080"
 
-## The address type is used to extract host from k8s service.
-##
-## Value: ip | dns | hostname
-## cluster.k8s.address_type = ip
+        # The service name helps lookup EMQ nodes in the cluster.
+        # Value: String
+        # service_name: emqx
 
-## The app name helps build 'node.name'.
-##
-## Value: String
-## cluster.k8s.app_name = emqx
+        # The address type is used to extract host from k8s service.
+        # Value: ip | dns | hostname
+        # address_type: ip
 
-## The suffix added to dns and hostname get from k8s service
-##
-## Value: String
-## cluster.k8s.suffix = pod.cluster.local
+        # The app name helps build 'node.name'.
+        # Value: String
+        # app_name: emqx
 
-## Kubernetes Namespace
-##
-## Value: String
-## cluster.k8s.namespace = default
+        # The suffix added to dns and hostname get from k8s service
+        # Value: String
+        # suffix: pod.cluster.local
 
-## CONFIG_SECTION_END=cluster ==================================================
+        # Kubernetes Namespace
+        # Value: String
+        # namespace: default
+    }
+    db_backend: mnesia
+    rlog: {
+        # role: core
+        # core_nodes: []
+    }
+
+}
 
 ##--------------------------------------------------------------------
 ## Node
 ##--------------------------------------------------------------------
+node: {
+    ## Node name.
+    ##
+    ## See: http://erlang.org/doc/reference_manual/distributed.html
+    ##
+    ## Value: <name>@<host>
+    ##
+    ## Default: emqx@127.0.0.1
+    name: "emqx@127.0.0.1"
 
-## Node name.
-##
-## See: http://erlang.org/doc/reference_manual/distributed.html
-##
-## Value: <name>@<host>
-##
-## Default: emqx@127.0.0.1
-node.name = "emqx@127.0.0.1"
+    ## Cookie for distributed node communication.
+    ##
+    ## Value: String
+    cookie: "emqxsecretcookie"
 
-## Cookie for distributed node communication.
-##
-## Value: String
-node.cookie = "emqxsecretcookie"
+    ## Data dir for the node
+    ##
+    ## Value: Folder
+    data_dir: "{{ platform_data_dir }}"
 
-## Data dir for the node
-##
-## Value: Folder
-node.data_dir = "{{ platform_data_dir }}"
+    ## The config file dir for the node
+    ##
+    ## Value: Folder
+    etc_dir: "{{ platform_etc_dir }}"
 
-## The config file dir for the node
-##
-## Value: Folder
-node.etc_dir = "{{ platform_etc_dir }}"
+    ## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable
+    ## heartbeat, or set the value as 'on'
+    ##
+    ## Value: on
+    ##
+    ## vm.args: -heart
+    ## heartbeat: on
 
-## Heartbeat monitoring of an Erlang runtime system. Comment the line to disable
-## heartbeat, or set the value as 'on'
-##
-## Value: on
-##
-## vm.args: -heart
-## node.heartbeat = on
+    ## Sets the number of threads in async thread pool. Valid range is 0-1024.
+    ##
+    ## See: http://erlang.org/doc/man/erl.html
+    ##
+    ## Value: 0-1024
+    ##
+    ## vm.args: +A Number
+    ## async_threads: 4
 
-## Sets the number of threads in async thread pool. Valid range is 0-1024.
-##
-## See: http://erlang.org/doc/man/erl.html
-##
-## Value: 0-1024
-##
-## vm.args: +A Number
-## node.async_threads = 4
+    ## Sets the maximum number of simultaneously existing processes for this
+    ## system if a Number is passed as value.
+    ##
+    ## See: http://erlang.org/doc/man/erl.html
+    ##
+    ## Value: Number [1024-134217727]
+    ##
+    ## vm.args: +P Number
+    ## process_limit: 2097152
 
-## Sets the maximum number of simultaneously existing processes for this
-## system if a Number is passed as value.
-##
-## See: http://erlang.org/doc/man/erl.html
-##
-## Value: Number [1024-134217727]
-##
-## vm.args: +P Number
-## node.process_limit = 2097152
+    ## Sets the maximum number of simultaneously existing ports for this system.
+    ##
+    ## See: http://erlang.org/doc/man/erl.html
+    ##
+    ## Value: Number [1024-134217727]
+    ##
+    ## vm.args: +Q Number
+    ## max_ports: 1048576
 
-## Sets the maximum number of simultaneously existing ports for this system.
-##
-## See: http://erlang.org/doc/man/erl.html
-##
-## Value: Number [1024-134217727]
-##
-## vm.args: +Q Number
-## node.max_ports = 1048576
+    ## Sets the distribution buffer busy limit (dist_buf_busy_limit).
+    ##
+    ## See: http://erlang.org/doc/man/erl.html
+    ##
+    ## Value: Number [1KB-2GB]
+    ##
+    ## vm.args: +zdbbl size
+    ## dist_buffer_size: 8MB
 
-## Sets the distribution buffer busy limit (dist_buf_busy_limit).
-##
-## See: http://erlang.org/doc/man/erl.html
-##
-## Value: Number [1KB-2GB]
-##
-## vm.args: +zdbbl size
-## node.dist_buffer_size = 8MB
+    ## Sets the maximum number of ETS tables. Note that mnesia and SSL will
+    ## create temporary ETS tables.
+    ##
+    ## Value: Number
+    ##
+    ## vm.args: +e Number
+    ## max_ets_tables: 262144
 
-## Sets the maximum number of ETS tables. Note that mnesia and SSL will
-## create temporary ETS tables.
-##
-## Value: Number
-##
-## vm.args: +e Number
-## node.max_ets_tables = 262144
+    ## Global GC Interval.
+    ##
+    ## Value: Duration
+    ##
+    ## Examples:
+    ##  - 2h:  2 hours
+    ##  - 30m: 30 minutes
+    ##  - 20s: 20 seconds
+    ##
+    ## Defaut: 15 minutes
+    global_gc_interval: 15m
 
-## Global GC Interval.
-##
-## Value: Duration
-##
-## Examples:
-##  - 2h:  2 hours
-##  - 30m: 30 minutes
-##  - 20s: 20 seconds
-##
-## Defaut: 15 minutes
-node.global_gc_interval = 15m
+    ## Tweak GC to run more often.
+    ##
+    ## Value: Number [0-65535]
+    ##
+    ## vm.args: -env ERL_FULLSWEEP_AFTER Number
+    ## fullsweep_after: 1000
 
-## Tweak GC to run more often.
-##
-## Value: Number [0-65535]
-##
-## vm.args: -env ERL_FULLSWEEP_AFTER Number
-## node.fullsweep_after = 1000
+    ## Crash dump log file.
+    ##
+    ## Value: Log file
+    crash_dump: "{{ platform_log_dir }}/crash.dump"
 
-## Crash dump log file.
-##
-## Value: Log file
-node.crash_dump = "{{ platform_log_dir }}/crash.dump"
+    ## Specify SSL Options in the file if using SSL for Erlang Distribution.
+    ##
+    ## Value: File
+    ##
+    ## vm.args: -ssl_dist_optfile <File>
+    ## node.ssl_dist_optfile = "{{ platform_etc_dir }}/ssl_dist.conf"
 
-## Specify SSL Options in the file if using SSL for Erlang Distribution.
-##
-## Value: File
-##
-## vm.args: -ssl_dist_optfile <File>
-## node.ssl_dist_optfile = "{{ platform_etc_dir }}/ssl_dist.conf"
+    ## Sets the net_kernel tick time. TickTime is specified in seconds.
+    ## Notice that all communicating nodes are to have the same TickTime
+    ## value specified.
+    ##
+    ## See: http://www.erlang.org/doc/man/kernel_app.html#net_ticktime
+    ##
+    ## Value: Number
+    ##
+    ## vm.args: -kernel net_ticktime Number
+    ## dist_net_ticktime: 120
 
-## Sets the net_kernel tick time. TickTime is specified in seconds.
-## Notice that all communicating nodes are to have the same TickTime
-## value specified.
-##
-## See: http://www.erlang.org/doc/man/kernel_app.html#net_ticktime
-##
-## Value: Number
-##
-## vm.args: -kernel net_ticktime Number
-## node.dist_net_ticktime = 120
+    ## Sets the port range for the listener socket of a distributed Erlang node.
+    ## Note that if there are firewalls between clustered nodes, this port segment
+    ## for nodes’ communication should be allowed.
+    ##
+    ## See: http://www.erlang.org/doc/man/kernel_app.html
+    ##
+    ## Value: Port [1024-65535]
+    dist_listen_min: 6369
+    dist_listen_max: 6369
+    backtrace_depth: 16
+}
 
-## Sets the port range for the listener socket of a distributed Erlang node.
-## Note that if there are firewalls between clustered nodes, this port segment
-## for nodes’ communication should be allowed.
-##
-## See: http://www.erlang.org/doc/man/kernel_app.html
-##
-## Value: Port [1024-65535]
-node.dist_listen_min = 6369
-node.dist_listen_max = 6369
-
-node.backtrace_depth = 16
 
 ## CONFIG_SECTION_BGN=rpc ======================================================
 

From 092c5455c81af924cf17b9c34fec70c8b32d5a9d Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Fri, 2 Jul 2021 12:59:24 +0800
Subject: [PATCH 147/174] feat(config): change configs of zone and listener to
 hocon format

---
 apps/emqx/etc/emqx.conf | 2655 ++++++++++++++++++++-------------------
 1 file changed, 1329 insertions(+), 1326 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index d179b9a11..54b4b1078 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -718,1592 +718,1595 @@ mqtt.strict_mode = false
 ## Value: String
 ## mqtt.response_information = example
 
-## CONFIG_SECTION_BGN=zones  ===================================================
-
 ##--------------------------------------------------------------------
 ## External Zone
+zone.external {
+  ## Idle timeout of the external MQTT connections.
+  ##
+  ## Value: duration
+  idle_timeout = 15s
 
-## Idle timeout of the external MQTT connections.
-##
-## Value: duration
-zone.external.idle_timeout = 15s
+  ## Enable ACL check.
+  ##
+  ## Value: Flag
+  enable_acl = on
 
-## Enable ACL check.
-##
-## Value: Flag
-zone.external.enable_acl = on
+  ## Enable ban check.
+  ##
+  ## Value: Flag
+  enable_ban = on
 
-## Enable ban check.
-##
-## Value: Flag
-zone.external.enable_ban = on
+  ## Enable per connection statistics.
+  ##
+  ## Value: on | off
+  enable_stats = on
 
-## Enable per connection statistics.
-##
-## Value: on | off
-zone.external.enable_stats = on
+  ## The action when acl check reject current operation
+  ##
+  ## Value: ignore | disconnect
+  ## Default: ignore
+  acl_deny_action = ignore
 
-## The action when acl check reject current operation
-##
-## Value: ignore | disconnect
-## Default: ignore
-zone.external.acl_deny_action = ignore
+  ## Force the MQTT connection process GC after this number of
+  ## messages | bytes passed through.
+  ##
+  ## Numbers delimited by `|'. Zero or negative is to disable.
+  force_gc_policy = "16000|16MB"
 
-## Force the MQTT connection process GC after this number of
-## messages | bytes passed through.
-##
-## Numbers delimited by `|'. Zero or negative is to disable.
-zone.external.force_gc_policy = "16000|16MB"
+  ## Max message queue length and total heap size to force shutdown
+  ## connection/session process.
+  ## Message queue here is the Erlang process mailbox, but not the number
+  ## of queued MQTT messages of QoS 1 and 2.
+  ##
+  ## Numbers delimited by `|'. Zero or negative is to disable.
+  ##
+  ## Default:
+  ##   - "10000|64MB" on ARCH_64 system
+  ##   - "1000|32MB"  on ARCH_32 sytem
+  #force_shutdown_policy = "10000|64MB"
 
-## Max message queue length and total heap size to force shutdown
-## connection/session process.
-## Message queue here is the Erlang process mailbox, but not the number
-## of queued MQTT messages of QoS 1 and 2.
-##
-## Numbers delimited by `|'. Zero or negative is to disable.
-##
-## Default:
-##   - "10000|64MB" on ARCH_64 system
-##   - "1000|32MB"  on ARCH_32 sytem
-#zone.external.force_shutdown_policy = "10000|64MB"
+  ## Maximum MQTT packet size allowed.
+  ##
+  ## Value: Bytes
+  ## Default: 1MB
+  ## max_packet_size = 64KB
 
-## Maximum MQTT packet size allowed.
-##
-## Value: Bytes
-## Default: 1MB
-## zone.external.max_packet_size = 64KB
+  ## Maximum length of MQTT clientId allowed.
+  ##
+  ## Value: Number [23-65535]
+  ## max_clientid_len = 1024
 
-## Maximum length of MQTT clientId allowed.
-##
-## Value: Number [23-65535]
-## zone.external.max_clientid_len = 1024
+  ## Maximum topic levels allowed. 0 means no limit.
+  ##
+  ## Value: Number
+  ## max_topic_levels = 7
 
-## Maximum topic levels allowed. 0 means no limit.
-##
-## Value: Number
-## zone.external.max_topic_levels = 7
+  ## Maximum QoS allowed.
+  ##
+  ## Value: 0 | 1 | 2
+  ## max_qos_allowed = 2
 
-## Maximum QoS allowed.
-##
-## Value: 0 | 1 | 2
-## zone.external.max_qos_allowed = 2
+  ## Maximum Topic Alias, 0 means no limit.
+  ##
+  ## Value: 0-65535
+  ## max_topic_alias = 65535
 
-## Maximum Topic Alias, 0 means no limit.
-##
-## Value: 0-65535
-## zone.external.max_topic_alias = 65535
+  ## Whether the Server supports retained messages.
+  ##
+  ## Value: boolean
+  ## retain_available = true
 
-## Whether the Server supports retained messages.
-##
-## Value: boolean
-## zone.external.retain_available = true
+  ## Whether the Server supports Wildcard Subscriptions
+  ##
+  ## Value: boolean
+  ## wildcard_subscription = false
 
-## Whether the Server supports Wildcard Subscriptions
-##
-## Value: boolean
-## zone.external.wildcard_subscription = false
+  ## Whether the Server supports Shared Subscriptions
+  ##
+  ## Value: boolean
+  ## shared_subscription = false
 
-## Whether the Server supports Shared Subscriptions
-##
-## Value: boolean
-## zone.external.shared_subscription = false
+  ## Server Keep Alive
+  ##
+  ## Value: Number
+  ## server_keepalive = 0
 
-## Server Keep Alive
-##
-## Value: Number
-## zone.external.server_keepalive = 0
+  ## The backoff for MQTT keepalive timeout. The broker will kick a connection out
+  ## until 'Keepalive * backoff * 2' timeout.
+  ##
+  ## Value: Float > 0.5
+  keepalive_backoff = 0.75
 
-## The backoff for MQTT keepalive timeout. The broker will kick a connection out
-## until 'Keepalive * backoff * 2' timeout.
-##
-## Value: Float > 0.5
-zone.external.keepalive_backoff = 0.75
+  ## Maximum number of subscriptions allowed, 0 means no limit.
+  ##
+  ## Value: Number
+  max_subscriptions = 0
 
-## Maximum number of subscriptions allowed, 0 means no limit.
-##
-## Value: Number
-zone.external.max_subscriptions = 0
+  ## Force to upgrade QoS according to subscription.
+  ##
+  ## Value: on | off
+  upgrade_qos = off
 
-## Force to upgrade QoS according to subscription.
-##
-## Value: on | off
-zone.external.upgrade_qos = off
+  ## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked.
+  ##
+  ## Value: Number
+  max_inflight = 32
 
-## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked.
-##
-## Value: Number
-zone.external.max_inflight = 32
+  ## Retry interval for QoS1/2 message delivering.
+  ##
+  ## Value: Duration
+  retry_interval = 30s
 
-## Retry interval for QoS1/2 message delivering.
-##
-## Value: Duration
-zone.external.retry_interval = 30s
+  ## Maximum QoS2 packets (Client -> Broker) awaiting PUBREL, 0 means no limit.
+  ##
+  ## Value: Number
+  max_awaiting_rel = 100
 
-## Maximum QoS2 packets (Client -> Broker) awaiting PUBREL, 0 means no limit.
-##
-## Value: Number
-zone.external.max_awaiting_rel = 100
+  ## The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout.
+  ##
+  ## Value: Duration
+  await_rel_timeout = 300s
 
-## The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout.
-##
-## Value: Duration
-zone.external.await_rel_timeout = 300s
+  ## Default session expiry interval for MQTT V3.1.1 connections.
+  ##
+  ## Value: Duration
+  ## -d: day
+  ## -h: hour
+  ## -m: minute
+  ## -s: second
+  ##
+  ## Default: 2h, 2 hours
+  session_expiry_interval = 2h
 
-## Default session expiry interval for MQTT V3.1.1 connections.
-##
-## Value: Duration
-## -d: day
-## -h: hour
-## -m: minute
-## -s: second
-##
-## Default: 2h, 2 hours
-zone.external.session_expiry_interval = 2h
+  ## Maximum queue length. Enqueued messages when persistent client disconnected,
+  ## or inflight window is full. 0 means no limit.
+  ##
+  ## Value: Number >= 0
+  max_mqueue_len = 1000
 
-## Maximum queue length. Enqueued messages when persistent client disconnected,
-## or inflight window is full. 0 means no limit.
-##
-## Value: Number >= 0
-zone.external.max_mqueue_len = 1000
+  ## Topic priorities.
+  ## 'none' to indicate no priority table (by default), hence all messages
+  ## are treated equal
+  ##
+  ## Priority number [1-255]
+  ## Example: "topic/1=10,topic/2=8"
+  ## NOTE: comma and equal signs are not allowed for priority topic names
+  ## NOTE: messages for topics not in the priority table are treated as
+  ##       either highest or lowest priority depending on the configured
+  ##       value for mqueue_default_priority
+  ##
+  mqueue_priorities = none
 
-## Topic priorities.
-## 'none' to indicate no priority table (by default), hence all messages
-## are treated equal
-##
-## Priority number [1-255]
-## Example: "topic/1=10,topic/2=8"
-## NOTE: comma and equal signs are not allowed for priority topic names
-## NOTE: messages for topics not in the priority table are treated as
-##       either highest or lowest priority depending on the configured
-##       value for mqueue_default_priority
-##
-zone.external.mqueue_priorities = none
+  ## Default to highest priority for topics not matching priority table
+  ##
+  ## Value: highest | lowest
+  mqueue_default_priority = highest
 
-## Default to highest priority for topics not matching priority table
-##
-## Value: highest | lowest
-zone.external.mqueue_default_priority = highest
+  ## Whether to enqueue QoS0 messages.
+  ##
+  ## Value: false | true
+  mqueue_store_qos0 = true
 
-## Whether to enqueue QoS0 messages.
-##
-## Value: false | true
-zone.external.mqueue_store_qos0 = true
+  ## Whether to turn on flapping detect
+  ##
+  ## Value: on | off
+  enable_flapping_detect = off
 
-## Whether to turn on flapping detect
-##
-## Value: on | off
-zone.external.enable_flapping_detect = off
+  ## Message limit for the a external MQTT connection.
+  ##
+  ## Value: Number,Duration
+  ## Example: 100 messages per 10 seconds.
+  #rate_limit.conn_messages_in = "100,10s"
 
-## Message limit for the a external MQTT connection.
-##
-## Value: Number,Duration
-## Example: 100 messages per 10 seconds.
-#zone.external.rate_limit.conn_messages_in = "100,10s"
+  ## Bytes limit for a external MQTT connections.
+  ##
+  ## Value: Number,Duration
+  ## Example: 100KB incoming per 10 seconds.
+  #rate_limit.conn_bytes_in = "100KB,10s"
 
-## Bytes limit for a external MQTT connections.
-##
-## Value: Number,Duration
-## Example: 100KB incoming per 10 seconds.
-#zone.external.rate_limit.conn_bytes_in = "100KB,10s"
+  ## Whether to alarm the congested connections.
+  ##
+  ## Sometimes the mqtt connection (usually an MQTT subscriber) may get "congested" because
+  ## there're too many packets to sent. The socket trys to buffer the packets until the buffer is
+  ## full. If more packets comes after that, the packets will be "pending" in a queue
+  ## and we consider the connection is "congested".
+  ##
+  ## Enable this to send an alarm when there's any bytes pending in the queue. You could set
+  ## the `listener.tcp.<ZoneName>.sndbuf` to a larger value if the alarm is triggered too often.
+  ##
+  ## The name of the alarm is of format "conn_congestion/<ClientID>/<Username>".
+  ## Where the <ClientID> is the client-id of the congested MQTT connection.
+  ## And the <Username> is the username or "unknown_user" of not provided by the client.
+  ## Default: off
+  #conn_congestion.alarm = off
 
-## Whether to alarm the congested connections.
-##
-## Sometimes the mqtt connection (usually an MQTT subscriber) may get "congested" because
-## there're too many packets to sent. The socket trys to buffer the packets until the buffer is
-## full. If more packets comes after that, the packets will be "pending" in a queue
-## and we consider the connection is "congested".
-##
-## Enable this to send an alarm when there's any bytes pending in the queue. You could set
-## the `listener.tcp.<ZoneName>.sndbuf` to a larger value if the alarm is triggered too often.
-##
-## The name of the alarm is of format "conn_congestion/<ClientID>/<Username>".
-## Where the <ClientID> is the client-id of the congested MQTT connection.
-## And the <Username> is the username or "unknown_user" of not provided by the client.
-## Default: off
-#zone.external.conn_congestion.alarm = off
+  ## Won't clear the congested alarm in how long time.
+  ## The alarm is cleared only when there're no pending bytes in the queue, and also it has been
+  ## `min_alarm_sustain_duration` time since the last time we considered the connection is "congested".
+  ##
+  ## This is to avoid clearing and sending the alarm again too often.
+  ## Default: 1m
+  #conn_congestion.min_alarm_sustain_duration = 1m
 
-## Won't clear the congested alarm in how long time.
-## The alarm is cleared only when there're no pending bytes in the queue, and also it has been
-## `min_alarm_sustain_duration` time since the last time we considered the connection is "congested".
-##
-## This is to avoid clearing and sending the alarm again too often.
-## Default: 1m
-#zone.external.conn_congestion.min_alarm_sustain_duration = 1m
+  ## Messages quota for the each of external MQTT connection.
+  ## This value consumed by the number of recipient on a message.
+  ##
+  ## Value: Number, Duration
+  ##
+  ## Example: 100 messages per 1s
+  #quota.conn_messages_routing = "100,1s"
 
-## Messages quota for the each of external MQTT connection.
-## This value consumed by the number of recipient on a message.
-##
-## Value: Number, Duration
-##
-## Example: 100 messages per 1s
-#zone.external.quota.conn_messages_routing = "100,1s"
+  ## Messages quota for the all of external MQTT connections.
+  ## This value consumed by the number of recipient on a message.
+  ##
+  ## Value: Number, Duration
+  ##
+  ## Example: 200000 messages per 1s
+  #quota.overall_messages_routing = "200000,1s"
 
-## Messages quota for the all of external MQTT connections.
-## This value consumed by the number of recipient on a message.
-##
-## Value: Number, Duration
-##
-## Example: 200000 messages per 1s
-#zone.external.quota.overall_messages_routing = "200000,1s"
+  ## All the topics will be prefixed with the mountpoint path if this option is enabled.
+  ##
+  ## Variables in mountpoint path:
+  ##  - %c: clientid
+  ##  - %u: username
+  ##
+  ## Value: String
+  ## mountpoint = "devicebound/"
 
-## All the topics will be prefixed with the mountpoint path if this option is enabled.
-##
-## Variables in mountpoint path:
-##  - %c: clientid
-##  - %u: username
-##
-## Value: String
-## zone.external.mountpoint = "devicebound/"
+  ## Whether use username replace client id
+  ##
+  ## Value: boolean
+  ## Default: false
+  use_username_as_clientid = false
 
-## Whether use username replace client id
-##
-## Value: boolean
-## Default: false
-zone.external.use_username_as_clientid = false
+  ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
+  ##
+  ## Value: true | false
+  ignore_loop_deliver = false
 
-## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
-##
-## Value: true | false
-zone.external.ignore_loop_deliver = false
+  ## Whether to parse the MQTT frame in strict mode
+  ##
+  ## Value: true | false
+  strict_mode = false
 
-## Whether to parse the MQTT frame in strict mode
-##
-## Value: true | false
-zone.external.strict_mode = false
-
-## Specify the response information returned to the client
-##
-## Value: String
-## zone.external.response_information = example
+  ## Specify the response information returned to the client
+  ##
+  ## Value: String
+  #response_information = example
+}
 
 ##--------------------------------------------------------------------
 ## Internal Zone
+zone.internal {
+  ## Allow anonymous authentication by default if no auth plugins loaded.
+  ## Notice: Disable the option in production deployment!
+  ##
+  ## Value: true | false
+  allow_anonymous = true
 
-zone.internal.allow_anonymous = true
+  ## Enable per connection stats.
+  ##
+  ## Value: Flag
+  enable_stats = on
 
-## Enable per connection stats.
-##
-## Value: Flag
-zone.internal.enable_stats = on
+  ## Enable ACL check.
+  ##
+  ## Value: Flag
+  enable_acl = off
 
-## Enable ACL check.
-##
-## Value: Flag
-zone.internal.enable_acl = off
+  ## The action when acl check reject current operation
+  ##
+  ## Value: ignore | disconnect
+  ## Default: ignore
+  acl_deny_action = ignore
 
-## The action when acl check reject current operation
-##
-## Value: ignore | disconnect
-## Default: ignore
-zone.internal.acl_deny_action = ignore
+  ## See zone.$name.force_gc_policy
+  ## force_gc_policy = "128000|128MB"
 
-## See zone.$name.force_gc_policy
-## zone.internal.force_gc_policy = "128000|128MB"
+  ## See zone.$name.wildcard_subscription.
+  ##
+  ## Value: boolean
+  ## wildcard_subscription = true
 
-## See zone.$name.wildcard_subscription.
-##
-## Value: boolean
-## zone.internal.wildcard_subscription = true
+  ## See zone.$name.shared_subscription.
+  ##
+  ## Value: boolean
+  ## shared_subscription = true
 
-## See zone.$name.shared_subscription.
-##
-## Value: boolean
-## zone.internal.shared_subscription = true
+  ## See zone.$name.max_subscriptions.
+  ##
+  ## Value: Integer
+  max_subscriptions = 0
 
-## See zone.$name.max_subscriptions.
-##
-## Value: Integer
-zone.internal.max_subscriptions = 0
+  ## See zone.$name.max_inflight
+  ##
+  ## Value: Number
+  max_inflight = 128
 
-## See zone.$name.max_inflight
-##
-## Value: Number
-zone.internal.max_inflight = 128
+  ## See zone.$name.max_awaiting_rel
+  ##
+  ## Value: Number
+  max_awaiting_rel = 1000
 
-## See zone.$name.max_awaiting_rel
-##
-## Value: Number
-zone.internal.max_awaiting_rel = 1000
+  ## See zone.$name.max_mqueue_len
+  ##
+  ## Value: Number >= 0
+  max_mqueue_len = 10000
 
-## See zone.$name.max_mqueue_len
-##
-## Value: Number >= 0
-zone.internal.max_mqueue_len = 10000
+  ## Whether to enqueue Qos0 messages.
+  ##
+  ## Value: false | true
+  mqueue_store_qos0 = true
 
-## Whether to enqueue Qos0 messages.
-##
-## Value: false | true
-zone.internal.mqueue_store_qos0 = true
+  ## Whether to turn on flapping detect
+  ##
+  ## Value: on | off
+  enable_flapping_detect = off
 
-## Whether to turn on flapping detect
-##
-## Value: on | off
-zone.internal.enable_flapping_detect = off
+  ## See zone.$name.force_shutdown_policy
+  ##
+  ## Default:
+  ##   - "10000|64MB" on ARCH_64 system
+  ##   - "1000|32MB"  on ARCH_32 sytem
+  #force_shutdown_policy = 10000|64MB
 
-## See zone.$name.force_shutdown_policy
-##
-## Default:
-##   - "10000|64MB" on ARCH_64 system
-##   - "1000|32MB"  on ARCH_32 sytem
-#zone.internal.force_shutdown_policy = 10000|64MB
+  ## All the topics will be prefixed with the mountpoint path if this option is enabled.
+  ##
+  ## Variables in mountpoint path:
+  ##  - %c: clientid
+  ##  - %u: username
+  ##
+  ## Value: String
+  ## mountpoint = "cloudbound/"
 
-## All the topics will be prefixed with the mountpoint path if this option is enabled.
-##
-## Variables in mountpoint path:
-##  - %c: clientid
-##  - %u: username
-##
-## Value: String
-## zone.internal.mountpoint = "cloudbound/"
+  ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
+  ##
+  ## Value: true | false
+  ignore_loop_deliver = false
 
-## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
-##
-## Value: true | false
-zone.internal.ignore_loop_deliver = false
+  ## Whether to parse the MQTT frame in strict mode
+  ##
+  ## Value: true | false
+  strict_mode = false
 
-## Whether to parse the MQTT frame in strict mode
-##
-## Value: true | false
-zone.internal.strict_mode = false
+  ## Specify the response information returned to the client
+  ##
+  ## Value: String
+  ## response_information = example
 
-## Specify the response information returned to the client
-##
-## Value: String
-## zone.internal.response_information = example
-
-## Allow the zone's clients to bypass authentication step
-##
-## Value: true | false
-zone.internal.bypass_auth_plugins = true
-
-## CONFIG_SECTION_END=zones ====================================================
-
-## CONFIG_SECTION_BGN=listeners ================================================
+  ## Allow the zone's clients to bypass authentication step
+  ##
+  ## Value: true | false
+  bypass_auth_plugins = true
+}
 
 ##--------------------------------------------------------------------
 ## MQTT/TCP - External TCP Listener for MQTT Protocol
+listener.tcp.external {
+  ## listener.tcp.$name.endpoint is the IP address and port that the MQTT/TCP
+  ## listener will bind.
+  ##
+  ## Value: IP:Port | Port
+  ##
+  ## Examples: 1883, "127.0.0.1:1883", "::1:1883"
+  endpoint = "0.0.0.0:1883"
 
-## listener.tcp.$name is the IP address and port that the MQTT/TCP
-## listener will bind.
-##
-## Value: IP:Port | Port
-##
-## Examples: 1883, "127.0.0.1:1883", "::1:1883"
-listener.tcp.external.endpoint = "0.0.0.0:1883"
+  ## The acceptor pool for external MQTT/TCP listener.
+  ##
+  ## Value: Number
+  acceptors = 8
 
-## The acceptor pool for external MQTT/TCP listener.
-##
-## Value: Number
-listener.tcp.external.acceptors = 8
+  ## Maximum number of concurrent MQTT/TCP connections.
+  ##
+  ## Value: Number
+  max_connections = 1024000
 
-## Maximum number of concurrent MQTT/TCP connections.
-##
-## Value: Number
-listener.tcp.external.max_connections = 1024000
+  ## Maximum external connections per second.
+  ##
+  ## Value: Number
+  max_conn_rate = 1000
 
-## Maximum external connections per second.
-##
-## Value: Number
-listener.tcp.external.max_conn_rate = 1000
+  ## Specify the {active, N} option for the external MQTT/TCP Socket.
+  ##
+  ## Value: Number
+  active_n = 100
 
-## Specify the {active, N} option for the external MQTT/TCP Socket.
-##
-## Value: Number
-listener.tcp.external.active_n = 100
+  ## Zone of the external MQTT/TCP listener belonged to.
+  ##
+  ## See: zone.$name.*
+  ##
+  ## Value: String
+  zone = external
 
-## Zone of the external MQTT/TCP listener belonged to.
-##
-## See: zone.$name.*
-##
-## Value: String
-listener.tcp.external.zone = external
+  ## The access control rules for the MQTT/TCP listener.
+  ##
+  ## See: https://github.com/emqtt/esockd#allowdeny
+  ##
+  ## Value: ACL Rule
+  ##
+  ## Example: "allow 192.168.0.0/24"
+  access.1 = "allow all"
 
-## The access control rules for the MQTT/TCP listener.
-##
-## See: https://github.com/emqtt/esockd#allowdeny
-##
-## Value: ACL Rule
-##
-## Example: "allow 192.168.0.0/24"
-listener.tcp.external.access.1 = "allow all"
+  ## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
+  ## behind HAProxy or Nginx.
+  ##
+  ## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
+  ##
+  ## Value: on | off
+  ## proxy_protocol = on
 
-## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
-## behind HAProxy or Nginx.
-##
-## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
-##
-## Value: on | off
-## listener.tcp.external.proxy_protocol = on
+  ## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
+  ## if no proxy protocol packet recevied within the timeout.
+  ##
+  ## Value: Duration
+  ## proxy_protocol_timeout = 3s
 
-## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
-## if no proxy protocol packet recevied within the timeout.
-##
-## Value: Duration
-## listener.tcp.external.proxy_protocol_timeout = 3s
+  ## Enable the option for X.509 certificate based authentication.
+  ## EMQX will use the common name of certificate as MQTT username.
+  ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
+  ##
+  ## Value: cn
+  ## peer_cert_as_username = cn
 
-## Enable the option for X.509 certificate based authentication.
-## EMQX will use the common name of certificate as MQTT username.
-## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
-##
-## Value: cn
-## listener.tcp.external.peer_cert_as_username = cn
+  ## Enable the option for X.509 certificate based authentication.
+  ## EMQX will use the common name of certificate as MQTT clientid.
+  ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
+  ##
+  ## Value: cn
+  ## peer_cert_as_clientid = cn
 
-## Enable the option for X.509 certificate based authentication.
-## EMQX will use the common name of certificate as MQTT clientid.
-## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
-##
-## Value: cn
-## listener.tcp.external.peer_cert_as_clientid = cn
+  ## The TCP backlog defines the maximum length that the queue of pending
+  ## connections can grow to.
+  ##
+  ## Value: Number >= 0
+  backlog = 1024
 
-## The TCP backlog defines the maximum length that the queue of pending
-## connections can grow to.
-##
-## Value: Number >= 0
-listener.tcp.external.backlog = 1024
+  ## The TCP send timeout for external MQTT connections.
+  ##
+  ## Value: Duration
+  send_timeout = 15s
 
-## The TCP send timeout for external MQTT connections.
-##
-## Value: Duration
-listener.tcp.external.send_timeout = 15s
+  ## Close the TCP connection if send timeout.
+  ##
+  ## Value: on | off
+  send_timeout_close = on
 
-## Close the TCP connection if send timeout.
-##
-## Value: on | off
-listener.tcp.external.send_timeout_close = on
+  ## The TCP receive buffer(os kernel) for MQTT connections.
+  ##
+  ## See: http://erlang.org/doc/man/inet.html
+  ##
+  ## Value: Bytes
+  ## recbuf = 2KB
 
-## The TCP receive buffer(os kernel) for MQTT connections.
-##
-## See: http://erlang.org/doc/man/inet.html
-##
-## Value: Bytes
-## listener.tcp.external.recbuf = 2KB
+  ## The TCP send buffer(os kernel) for MQTT connections.
+  ##
+  ## See: http://erlang.org/doc/man/inet.html
+  ##
+  ## Value: Bytes
+  ## sndbuf = 2KB
 
-## The TCP send buffer(os kernel) for MQTT connections.
-##
-## See: http://erlang.org/doc/man/inet.html
-##
-## Value: Bytes
-## listener.tcp.external.sndbuf = 2KB
+  ## The size of the user-level software buffer used by the driver.
+  ## Not to be confused with options sndbuf and recbuf, which correspond
+  ## to the Kernel socket buffers. It is recommended to have val(buffer)
+  ## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because
+  ## of unnecessary copying. val(buffer) is automatically set to the above
+  ## maximum when values sndbuf or recbuf are set.
+  ##
+  ## See: http://erlang.org/doc/man/inet.html
+  ##
+  ## Value: Bytes
+  ## buffer = 2KB
 
-## The size of the user-level software buffer used by the driver.
-## Not to be confused with options sndbuf and recbuf, which correspond
-## to the Kernel socket buffers. It is recommended to have val(buffer)
-## >= max(val(sndbuf),val(recbuf)) to avoid performance issues because
-## of unnecessary copying. val(buffer) is automatically set to the above
-## maximum when values sndbuf or recbuf are set.
-##
-## See: http://erlang.org/doc/man/inet.html
-##
-## Value: Bytes
-## listener.tcp.external.buffer = 2KB
+  ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+  ##
+  ## Value: on | off
+  ## tune_buffer = off
 
-## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
-##
-## Value: on | off
-## listener.tcp.external.tune_buffer = off
+  ## The socket is set to a busy state when the amount of data queued internally
+  ## by the ERTS socket implementation reaches this limit.
+  ##
+  ## Value: on | off
+  ## Defaults to 1MB
+  ## high_watermark = 1MB
 
-## The socket is set to a busy state when the amount of data queued internally
-## by the ERTS socket implementation reaches this limit.
-##
-## Value: on | off
-## Defaults to 1MB
-## listener.tcp.external.high_watermark = 1MB
+  ## The TCP_NODELAY flag for MQTT connections. Small amounts of data are
+  ## sent immediately if the option is enabled.
+  ##
+  ## Value: true | false
+  nodelay = true
 
-## The TCP_NODELAY flag for MQTT connections. Small amounts of data are
-## sent immediately if the option is enabled.
-##
-## Value: true | false
-listener.tcp.external.nodelay = true
-
-## The SO_REUSEADDR flag for TCP listener.
-##
-## Value: true | false
-listener.tcp.external.reuseaddr = true
+  ## The SO_REUSEADDR flag for TCP listener.
+  ##
+  ## Value: true | false
+  reuseaddr = true
+}
 
 ##--------------------------------------------------------------------
 ## Internal TCP Listener for MQTT Protocol
 
-## The IP address and port that the internal MQTT/TCP protocol listener
-## will bind.
-##
-## Value: IP:Port, Port
-##
-## Examples: 11883, "127.0.0.1:11883", "::1:11883"
-listener.tcp.internal.endpoint = "127.0.0.1:11883"
+listener.tcp.internal {
+  ## The IP address and port that the internal MQTT/TCP protocol listener
+  ## will bind.
+  ##
+  ## Value: IP:Port, Port
+  ##
+  ## Examples: 11883, "127.0.0.1:11883", "::1:11883"
+  endpoint = "127.0.0.1:11883"
 
-## The acceptor pool for internal MQTT/TCP listener.
-##
-## Value: Number
-listener.tcp.internal.acceptors = 4
+  ## The acceptor pool for internal MQTT/TCP listener.
+  ##
+  ## Value: Number
+  acceptors = 4
 
-## Maximum number of concurrent MQTT/TCP connections.
-##
-## Value: Number
-listener.tcp.internal.max_connections = 1024000
+  ## Maximum number of concurrent MQTT/TCP connections.
+  ##
+  ## Value: Number
+  max_connections = 1024000
 
-## Maximum internal connections per second.
-##
-## Value: Number
-listener.tcp.internal.max_conn_rate = 1000
+  ## Maximum internal connections per second.
+  ##
+  ## Value: Number
+  max_conn_rate = 1000
 
-## Specify the {active, N} option for the internal MQTT/TCP Socket.
-##
-## Value: Number
-listener.tcp.internal.active_n = 1000
+  ## Specify the {active, N} option for the internal MQTT/TCP Socket.
+  ##
+  ## Value: Number
+  active_n = 1000
 
-## Zone of the internal MQTT/TCP listener belonged to.
-##
-## Value: String
-listener.tcp.internal.zone = internal
+  ## Zone of the internal MQTT/TCP listener belonged to.
+  ##
+  ## Value: String
+  zone = internal
 
-## The TCP backlog of internal MQTT/TCP Listener.
-##
-## See: listener.tcp.$name.backlog
-##
-## Value: Number >= 0
-listener.tcp.internal.backlog = 512
+  ## The TCP backlog of internal MQTT/TCP Listener.
+  ##
+  ## See: listener.tcp.$name.backlog
+  ##
+  ## Value: Number >= 0
+  backlog = 512
 
-## The TCP send timeout for internal MQTT connections.
-##
-## See: listener.tcp.$name.send_timeout
-##
-## Value: Duration
-listener.tcp.internal.send_timeout = 5s
+  ## The TCP send timeout for internal MQTT connections.
+  ##
+  ## See: listener.tcp.$name.send_timeout
+  ##
+  ## Value: Duration
+  send_timeout = 5s
 
-## Close the MQTT/TCP connection if send timeout.
-##
-## See: listener.tcp.$name.send_timeout_close
-##
-## Value: on | off
-listener.tcp.internal.send_timeout_close = on
+  ## Close the MQTT/TCP connection if send timeout.
+  ##
+  ## See: listener.tcp.$name.send_timeout_close
+  ##
+  ## Value: on | off
+  send_timeout_close = on
 
-## The TCP receive buffer(os kernel) for internal MQTT connections.
-##
-## See: listener.tcp.$name.recbuf
-##
-## Value: Bytes
-listener.tcp.internal.recbuf = 64KB
+  ## The TCP receive buffer(os kernel) for internal MQTT connections.
+  ##
+  ## See: listener.tcp.$name.recbuf
+  ##
+  ## Value: Bytes
+  recbuf = 64KB
 
-## The TCP send buffer(os kernel) for internal MQTT connections.
-##
-## See: http://erlang.org/doc/man/inet.html
-##
-## Value: Bytes
-listener.tcp.internal.sndbuf = 64KB
+  ## The TCP send buffer(os kernel) for internal MQTT connections.
+  ##
+  ## See: http://erlang.org/doc/man/inet.html
+  ##
+  ## Value: Bytes
+  sndbuf = 64KB
 
-## The size of the user-level software buffer used by the driver.
-##
-## See: listener.tcp.$name.buffer
-##
-## Value: Bytes
-## listener.tcp.internal.buffer = 16KB
+  ## The size of the user-level software buffer used by the driver.
+  ##
+  ## See: listener.tcp.$name.buffer
+  ##
+  ## Value: Bytes
+  ## buffer = 16KB
 
-## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
-##
-## See: listener.tcp.$name.tune_buffer
-##
-## Value: on | off
-## listener.tcp.internal.tune_buffer = off
+  ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+  ##
+  ## See: listener.tcp.$name.tune_buffer
+  ##
+  ## Value: on | off
+  ## tune_buffer = off
 
-## The TCP_NODELAY flag for internal MQTT connections.
-##
-## See: listener.tcp.$name.nodelay
-##
-## Value: true | false
-listener.tcp.internal.nodelay = false
+  ## The TCP_NODELAY flag for internal MQTT connections.
+  ##
+  ## See: listener.tcp.$name.nodelay
+  ##
+  ## Value: true | false
+  nodelay = false
 
-## The SO_REUSEADDR flag for MQTT/TCP Listener.
-##
-## Value: true | false
-listener.tcp.internal.reuseaddr = true
+  ## The SO_REUSEADDR flag for MQTT/TCP Listener.
+  ##
+  ## Value: true | false
+  reuseaddr = true
+}
 
 ##--------------------------------------------------------------------
 ## MQTT/SSL - External SSL Listener for MQTT Protocol
+listener.ssl.external {
+  ## listener.ssl.$name is the IP address and port that the MQTT/SSL
+  ## listener will bind.
+  ##
+  ## Value: IP:Port | Port
+  ##
+  ## Examples: 8883, "127.0.0.1:8883", "::1:8883"
+  endpoint = 8883
 
-## listener.ssl.$name is the IP address and port that the MQTT/SSL
-## listener will bind.
-##
-## Value: IP:Port | Port
-##
-## Examples: 8883, "127.0.0.1:8883", "::1:8883"
-listener.ssl.external.endpoint = 8883
+  ## The acceptor pool for external MQTT/SSL listener.
+  ##
+  ## Value: Number
+  acceptors = 16
 
-## The acceptor pool for external MQTT/SSL listener.
-##
-## Value: Number
-listener.ssl.external.acceptors = 16
+  ## Maximum number of concurrent MQTT/SSL connections.
+  ##
+  ## Value: Number
+  max_connections = 102400
 
-## Maximum number of concurrent MQTT/SSL connections.
-##
-## Value: Number
-listener.ssl.external.max_connections = 102400
+  ## Maximum MQTT/SSL connections per second.
+  ##
+  ## Value: Number
+  max_conn_rate = 500
 
-## Maximum MQTT/SSL connections per second.
-##
-## Value: Number
-listener.ssl.external.max_conn_rate = 500
+  ## Specify the {active, N} option for the internal MQTT/SSL Socket.
+  ##
+  ## Value: Number
+  active_n = 100
 
-## Specify the {active, N} option for the internal MQTT/SSL Socket.
-##
-## Value: Number
-listener.ssl.external.active_n = 100
+  ## Zone of the external MQTT/SSL listener belonged to.
+  ##
+  ## Value: String
+  zone = external
 
-## Zone of the external MQTT/SSL listener belonged to.
-##
-## Value: String
-listener.ssl.external.zone = external
+  ## The access control rules for the MQTT/SSL listener.
+  ##
+  ## See: listener.tcp.$name.access
+  ##
+  ## Value: ACL Rule
+  access.1 = "allow all"
 
-## The access control rules for the MQTT/SSL listener.
-##
-## See: listener.tcp.$name.access
-##
-## Value: ACL Rule
-listener.ssl.external.access.1 = "allow all"
+  ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
+  ## HAProxy or Nginx.
+  ##
+  ## See: listener.tcp.$name.proxy_protocol
+  ##
+  ## Value: on | off
+  ## proxy_protocol = on
 
-## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
-## HAProxy or Nginx.
-##
-## See: listener.tcp.$name.proxy_protocol
-##
-## Value: on | off
-## listener.ssl.external.proxy_protocol = on
+  ## Sets the timeout for proxy protocol.
+  ##
+  ## See: listener.tcp.$name.proxy_protocol_timeout
+  ##
+  ## Value: Duration
+  ## proxy_protocol_timeout = 3s
 
-## Sets the timeout for proxy protocol.
-##
-## See: listener.tcp.$name.proxy_protocol_timeout
-##
-## Value: Duration
-## listener.ssl.external.proxy_protocol_timeout = 3s
+  ## TLS versions only to protect from POODLE attack.
+  ##
+  ## See: http://erlang.org/doc/man/ssl.html
+  ##
+  ## Value: String, seperated by ','
+  ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
+  ## tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
 
-## TLS versions only to protect from POODLE attack.
-##
-## See: http://erlang.org/doc/man/ssl.html
-##
-## Value: String, seperated by ','
-## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-## listener.ssl.external.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
+  ## TLS Handshake timeout.
+  ##
+  ## Value: Duration
+  handshake_timeout = 15s
 
-## TLS Handshake timeout.
-##
-## Value: Duration
-listener.ssl.external.handshake_timeout = 15s
+  ## Maximum number of non-self-issued intermediate certificates that
+  ## can follow the peer certificate in a valid certification path.
+  ##
+  ## Value: Number
+  ## depth = 10
 
-## Maximum number of non-self-issued intermediate certificates that
-## can follow the peer certificate in a valid certification path.
-##
-## Value: Number
-## listener.ssl.external.depth = 10
+  ## String containing the user's password. Only used if the private keyfile
+  ## is password-protected.
+  ##
+  ## Value: String
+  ## key_password = yourpass
 
-## String containing the user's password. Only used if the private keyfile
-## is password-protected.
-##
-## Value: String
-## listener.ssl.external.key_password = yourpass
+  ## Path to the file containing the user's private PEM-encoded key.
+  ##
+  ## See: http://erlang.org/doc/man/ssl.html
+  ##
+  ## Value: File
+  keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
-## Path to the file containing the user's private PEM-encoded key.
-##
-## See: http://erlang.org/doc/man/ssl.html
-##
-## Value: File
-listener.ssl.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
+  ## Path to a file containing the user certificate.
+  ##
+  ## See: http://erlang.org/doc/man/ssl.html
+  ##
+  ## Value: File
+  certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
-## Path to a file containing the user certificate.
-##
-## See: http://erlang.org/doc/man/ssl.html
-##
-## Value: File
-listener.ssl.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
+  ## Path to the file containing PEM-encoded CA certificates. The CA certificates
+  ## are used during server authentication and when building the client certificate chain.
+  ##
+  ## Value: File
+  ## cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
 
-## Path to the file containing PEM-encoded CA certificates. The CA certificates
-## are used during server authentication and when building the client certificate chain.
-##
-## Value: File
-## listener.ssl.external.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
+  ## The Ephemeral Diffie-Helman key exchange is a very effective way of
+  ## ensuring Forward Secrecy by exchanging a set of keys that never hit
+  ## the wire. Since the DH key is effectively signed by the private key,
+  ## it needs to be at least as strong as the private key. In addition,
+  ## the default DH groups that most of the OpenSSL installations have
+  ## are only a handful (since they are distributed with the OpenSSL
+  ## package that has been built for the operating system it’s running on)
+  ## and hence predictable (not to mention, 1024 bits only).
+  ## In order to escape this situation, first we need to generate a fresh,
+  ## strong DH group, store it in a file and then use the option above,
+  ## to force our SSL application to use the new DH group. Fortunately,
+  ## OpenSSL provides us with a tool to do that. Simply run:
+  ## openssl dhparam -out dh-params.pem 2048
+  ##
+  ## Value: File
+  ## dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
 
-## The Ephemeral Diffie-Helman key exchange is a very effective way of
-## ensuring Forward Secrecy by exchanging a set of keys that never hit
-## the wire. Since the DH key is effectively signed by the private key,
-## it needs to be at least as strong as the private key. In addition,
-## the default DH groups that most of the OpenSSL installations have
-## are only a handful (since they are distributed with the OpenSSL
-## package that has been built for the operating system it’s running on)
-## and hence predictable (not to mention, 1024 bits only).
-## In order to escape this situation, first we need to generate a fresh,
-## strong DH group, store it in a file and then use the option above,
-## to force our SSL application to use the new DH group. Fortunately,
-## OpenSSL provides us with a tool to do that. Simply run:
-## openssl dhparam -out dh-params.pem 2048
-##
-## Value: File
-## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
+  ## A server only does x509-path validation in mode verify_peer,
+  ## as it then sends a certificate request to the client (this
+  ## message is not sent if the verify option is verify_none).
+  ## You can then also want to specify option fail_if_no_peer_cert.
+  ## More information at: http://erlang.org/doc/man/ssl.html
+  ##
+  ## Value: verify_peer | verify_none
+  ## verify = verify_peer
 
-## A server only does x509-path validation in mode verify_peer,
-## as it then sends a certificate request to the client (this
-## message is not sent if the verify option is verify_none).
-## You can then also want to specify option fail_if_no_peer_cert.
-## More information at: http://erlang.org/doc/man/ssl.html
-##
-## Value: verify_peer | verify_none
-## listener.ssl.external.verify = verify_peer
+  ## Used together with {verify, verify_peer} by an SSL server. If set to true,
+  ## the server fails if the client does not have a certificate to send, that is,
+  ## sends an empty certificate.
+  ##
+  ## Value: true | false
+  ## fail_if_no_peer_cert = true
 
-## Used together with {verify, verify_peer} by an SSL server. If set to true,
-## the server fails if the client does not have a certificate to send, that is,
-## sends an empty certificate.
-##
-## Value: true | false
-## listener.ssl.external.fail_if_no_peer_cert = true
+  ## This is the single most important configuration option of an Erlang SSL
+  ## application. Ciphers (and their ordering) define the way the client and
+  ## server encrypt information over the wire, from the initial Diffie-Helman
+  ## key exchange, the session key encryption ## algorithm and the message
+  ## digest algorithm. Selecting a good cipher suite is critical for the
+  ## application’s data security, confidentiality and performance.
+  ##
+  ## The cipher list above offers:
+  ##
+  ## A good balance between compatibility with older browsers.
+  ## It can get stricter for Machine-To-Machine scenarios.
+  ## Perfect Forward Secrecy.
+  ## No old/insecure encryption and HMAC algorithms
+  ##
+  ## Most of it was copied from Mozilla’s Server Side TLS article
+  ##
+  ## Value: Ciphers
+  ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
 
-## This is the single most important configuration option of an Erlang SSL
-## application. Ciphers (and their ordering) define the way the client and
-## server encrypt information over the wire, from the initial Diffie-Helman
-## key exchange, the session key encryption ## algorithm and the message
-## digest algorithm. Selecting a good cipher suite is critical for the
-## application’s data security, confidentiality and performance.
-##
-## The cipher list above offers:
-##
-## A good balance between compatibility with older browsers.
-## It can get stricter for Machine-To-Machine scenarios.
-## Perfect Forward Secrecy.
-## No old/insecure encryption and HMAC algorithms
-##
-## Most of it was copied from Mozilla’s Server Side TLS article
-##
-## Value: Ciphers
-listener.ssl.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
+  ## Ciphers for TLS PSK.
+  ## Note that 'ciphers' and 'psk_ciphers' cannot
+  ## be configured at the same time.
+  ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
+  #psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
 
-## Ciphers for TLS PSK.
-## Note that 'listener.ssl.external.ciphers' and 'listener.ssl.external.psk_ciphers' cannot
-## be configured at the same time.
-## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-#listener.ssl.external.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
+  ## SSL parameter renegotiation is a feature that allows a client and a server
+  ## to renegotiate the parameters of the SSL connection on the fly.
+  ## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,
+  ## you drop support for the insecure renegotiation, prone to MitM attacks.
+  ##
+  ## Value: on | off
+  ## secure_renegotiate = off
 
-## SSL parameter renegotiation is a feature that allows a client and a server
-## to renegotiate the parameters of the SSL connection on the fly.
-## RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,
-## you drop support for the insecure renegotiation, prone to MitM attacks.
-##
-## Value: on | off
-## listener.ssl.external.secure_renegotiate = off
+  ## A performance optimization setting, it allows clients to reuse
+  ## pre-existing sessions, instead of initializing new ones.
+  ## Read more about it here.
+  ##
+  ## See: http://erlang.org/doc/man/ssl.html
+  ##
+  ## Value: on | off
+  ## reuse_sessions = on
 
-## A performance optimization setting, it allows clients to reuse
-## pre-existing sessions, instead of initializing new ones.
-## Read more about it here.
-##
-## See: http://erlang.org/doc/man/ssl.html
-##
-## Value: on | off
-## listener.ssl.external.reuse_sessions = on
+  ## An important security setting, it forces the cipher to be set based
+  ## on the server-specified order instead of the client-specified order,
+  ## hence enforcing the (usually more properly configured) security
+  ## ordering of the server administrator.
+  ##
+  ## Value: on | off
+  ## honor_cipher_order = on
 
-## An important security setting, it forces the cipher to be set based
-## on the server-specified order instead of the client-specified order,
-## hence enforcing the (usually more properly configured) security
-## ordering of the server administrator.
-##
-## Value: on | off
-## listener.ssl.external.honor_cipher_order = on
+  ## Use the CN, DN or CRT field from the client certificate as a username.
+  ## Notice that 'verify' should be set as 'verify_peer'.
+  ## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT.
+  ##
+  ## Value: cn | dn | crt | pem | md5
+  ## peer_cert_as_username = cn
 
-## Use the CN, DN or CRT field from the client certificate as a username.
-## Notice that 'verify' should be set as 'verify_peer'.
-## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT.
-##
-## Value: cn | dn | crt | pem | md5
-## listener.ssl.external.peer_cert_as_username = cn
+  ## Use the CN, DN or CRT field from the client certificate as a username.
+  ## Notice that 'verify' should be set as 'verify_peer'.
+  ## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT.
+  ##
+  ## Value: cn | dn | crt | pem | md5
+  ## peer_cert_as_clientid = cn
 
-## Use the CN, DN or CRT field from the client certificate as a username.
-## Notice that 'verify' should be set as 'verify_peer'.
-## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT.
-##
-## Value: cn | dn | crt | pem | md5
-## listener.ssl.external.peer_cert_as_clientid = cn
+  ## TCP backlog for the SSL connection.
+  ##
+  ## See listener.tcp.$name.backlog
+  ##
+  ## Value: Number >= 0
+  ## backlog = 1024
 
-## TCP backlog for the SSL connection.
-##
-## See listener.tcp.$name.backlog
-##
-## Value: Number >= 0
-## listener.ssl.external.backlog = 1024
+  ## The TCP send timeout for the SSL connection.
+  ##
+  ## See listener.tcp.$name.send_timeout
+  ##
+  ## Value: Duration
+  ## send_timeout = 15s
 
-## The TCP send timeout for the SSL connection.
-##
-## See listener.tcp.$name.send_timeout
-##
-## Value: Duration
-## listener.ssl.external.send_timeout = 15s
+  ## Close the SSL connection if send timeout.
+  ##
+  ## See: listener.tcp.$name.send_timeout_close
+  ##
+  ## Value: on | off
+  ## send_timeout_close = on
 
-## Close the SSL connection if send timeout.
-##
-## See: listener.tcp.$name.send_timeout_close
-##
-## Value: on | off
-## listener.ssl.external.send_timeout_close = on
+  ## The TCP receive buffer(os kernel) for the SSL connections.
+  ##
+  ## See: listener.tcp.$name.recbuf
+  ##
+  ## Value: Bytes
+  ## recbuf = 4KB
 
-## The TCP receive buffer(os kernel) for the SSL connections.
-##
-## See: listener.tcp.$name.recbuf
-##
-## Value: Bytes
-## listener.ssl.external.recbuf = 4KB
+  ## The TCP send buffer(os kernel) for internal MQTT connections.
+  ##
+  ## See: listener.tcp.$name.sndbuf
+  ##
+  ## Value: Bytes
+  ## sndbuf = 4KB
 
-## The TCP send buffer(os kernel) for internal MQTT connections.
-##
-## See: listener.tcp.$name.sndbuf
-##
-## Value: Bytes
-## listener.ssl.external.sndbuf = 4KB
+  ## The size of the user-level software buffer used by the driver.
+  ##
+  ## See: listener.tcp.$name.buffer
+  ##
+  ## Value: Bytes
+  ## buffer = 4KB
 
-## The size of the user-level software buffer used by the driver.
-##
-## See: listener.tcp.$name.buffer
-##
-## Value: Bytes
-## listener.ssl.external.buffer = 4KB
+  ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+  ##
+  ## See: listener.tcp.$name.tune_buffer
+  ##
+  ## Value: on | off
+  ## tune_buffer = off
 
-## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
-##
-## See: listener.tcp.$name.tune_buffer
-##
-## Value: on | off
-## listener.ssl.external.tune_buffer = off
+  ## The TCP_NODELAY flag for SSL connections.
+  ##
+  ## See: listener.tcp.$name.nodelay
+  ##
+  ## Value: true | false
+  ## nodelay = true
 
-## The TCP_NODELAY flag for SSL connections.
-##
-## See: listener.tcp.$name.nodelay
-##
-## Value: true | false
-## listener.ssl.external.nodelay = true
-
-## The SO_REUSEADDR flag for MQTT/SSL Listener.
-##
-## Value: true | false
-listener.ssl.external.reuseaddr = true
+  ## The SO_REUSEADDR flag for MQTT/SSL Listener.
+  ##
+  ## Value: true | false
+  reuseaddr = true
+}
 
 ##--------------------------------------------------------------------
 ## External WebSocket listener for MQTT protocol
 
-## listener.ws.$name is the IP address and port that the MQTT/WebSocket
-## listener will bind.
-##
-## Value: IP:Port | Port
-##
-## Examples: 8083, "127.0.0.1:8083", "::1:8083"
-listener.ws.external.endpoint = 8083
+listener.ws.external {
+  ## $name is the IP address and port that the MQTT/WebSocket
+  ## listener will bind.
+  ##
+  ## Value: IP:Port | Port
+  ##
+  ## Examples: 8083, "127.0.0.1:8083", "::1:8083"
+  endpoint = 8083
 
-## The path of WebSocket MQTT endpoint
-##
-## Value: URL Path
-listener.ws.external.mqtt_path = "/mqtt"
+  ## The path of WebSocket MQTT endpoint
+  ##
+  ## Value: URL Path
+  mqtt_path = "/mqtt"
 
-## The acceptor pool for external MQTT/WebSocket listener.
-##
-## Value: Number
-listener.ws.external.acceptors = 4
+  ## The acceptor pool for external MQTT/WebSocket listener.
+  ##
+  ## Value: Number
+  acceptors = 4
 
-## Maximum number of concurrent MQTT/WebSocket connections.
-##
-## Value: Number
-listener.ws.external.max_connections = 102400
+  ## Maximum number of concurrent MQTT/WebSocket connections.
+  ##
+  ## Value: Number
+  max_connections = 102400
 
-## Maximum MQTT/WebSocket connections per second.
-##
-## Value: Number
-listener.ws.external.max_conn_rate = 1000
+  ## Maximum MQTT/WebSocket connections per second.
+  ##
+  ## Value: Number
+  max_conn_rate = 1000
 
-## Simulate the {active, N} option for the MQTT/WebSocket connections.
-##
-## Value: Number
-listener.ws.external.active_n = 100
+  ## Simulate the {active, N} option for the MQTT/WebSocket connections.
+  ##
+  ## Value: Number
+  active_n = 100
 
-## Zone of the external MQTT/WebSocket listener belonged to.
-##
-## Value: String
-listener.ws.external.zone = external
+  ## Zone of the external MQTT/WebSocket listener belonged to.
+  ##
+  ## Value: String
+  zone = external
 
-## The access control for the MQTT/WebSocket listener.
-##
-## See: listener.ws.$name.access
-##
-## Value: ACL Rule
-listener.ws.external.access.1 = "allow all"
+  ## The access control for the MQTT/WebSocket listener.
+  ##
+  ## See: $name.access
+  ##
+  ## Value: ACL Rule
+  access.1 = "allow all"
 
-## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
-## Set to false for WeChat MiniApp.
-##
-## Value: true | false
-## listener.ws.external.fail_if_no_subprotocol = true
+  ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
+  ## Set to false for WeChat MiniApp.
+  ##
+  ## Value: true | false
+  ## fail_if_no_subprotocol = true
 
-## Supported subprotocols
-##
-## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
-## listener.ws.external.supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
+  ## Supported subprotocols
+  ##
+  ## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
+  ## supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
 
-## Specify which HTTP header for real source IP if the EMQ X cluster is
-## deployed behind NGINX or HAProxy.
-##
-## Default: X-Forwarded-For
-## listener.ws.external.proxy_address_header = X-Forwarded-For
+  ## Specify which HTTP header for real source IP if the EMQ X cluster is
+  ## deployed behind NGINX or HAProxy.
+  ##
+  ## Default: X-Forwarded-For
+  ## proxy_address_header = X-Forwarded-For
 
-## Specify which HTTP header for real source port if the EMQ X cluster is
-## deployed behind NGINX or HAProxy.
-##
-## Default: X-Forwarded-Port
-## listener.ws.external.proxy_port_header = X-Forwarded-Port
+  ## Specify which HTTP header for real source port if the EMQ X cluster is
+  ## deployed behind NGINX or HAProxy.
+  ##
+  ## Default: X-Forwarded-Port
+  ## proxy_port_header = X-Forwarded-Port
 
-## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
-## HAProxy or Nginx.
-##
-## See: listener.ws.$name.proxy_protocol
-##
-## Value: on | off
-## listener.ws.external.proxy_protocol = on
+  ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
+  ## HAProxy or Nginx.
+  ##
+  ## See: $name.proxy_protocol
+  ##
+  ## Value: on | off
+  ## proxy_protocol = on
 
-## Sets the timeout for proxy protocol.
-##
-## See: listener.ws.$name.proxy_protocol_timeout
-##
-## Value: Duration
-## listener.ws.external.proxy_protocol_timeout = 3s
+  ## Sets the timeout for proxy protocol.
+  ##
+  ## See: $name.proxy_protocol_timeout
+  ##
+  ## Value: Duration
+  ## proxy_protocol_timeout = 3s
 
-## Enable the option for X.509 certificate based authentication.
-## EMQX will use the common name of certificate as MQTT username.
-## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
-##
-## Value: cn
-## listener.ws.external.peer_cert_as_username = cn
+  ## Enable the option for X.509 certificate based authentication.
+  ## EMQX will use the common name of certificate as MQTT username.
+  ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
+  ##
+  ## Value: cn
+  ## peer_cert_as_username = cn
 
-## Enable the option for X.509 certificate based authentication.
-## EMQX will use the common name of certificate as MQTT clientid.
-## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
-##
-## Value: cn
-## listener.ws.external.peer_cert_as_clientid = cn
+  ## Enable the option for X.509 certificate based authentication.
+  ## EMQX will use the common name of certificate as MQTT clientid.
+  ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
+  ##
+  ## Value: cn
+  ## peer_cert_as_clientid = cn
 
-## The TCP backlog of external MQTT/WebSocket Listener.
-##
-## See: listener.ws.$name.backlog
-##
-## Value: Number >= 0
-listener.ws.external.backlog = 1024
+  ## The TCP backlog of external MQTT/WebSocket Listener.
+  ##
+  ## See: $name.backlog
+  ##
+  ## Value: Number >= 0
+  backlog = 1024
 
-## The TCP send timeout for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.send_timeout
-##
-## Value: Duration
-listener.ws.external.send_timeout = 15s
+  ## The TCP send timeout for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.send_timeout
+  ##
+  ## Value: Duration
+  send_timeout = 15s
 
-## Close the MQTT/WebSocket connection if send timeout.
-##
-## See: listener.ws.$name.send_timeout_close
-##
-## Value: on | off
-listener.ws.external.send_timeout_close = on
+  ## Close the MQTT/WebSocket connection if send timeout.
+  ##
+  ## See: $name.send_timeout_close
+  ##
+  ## Value: on | off
+  send_timeout_close = on
 
-## The TCP receive buffer(os kernel) for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.recbuf
-##
-## Value: Bytes
-## listener.ws.external.recbuf = 2KB
+  ## The TCP receive buffer(os kernel) for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.recbuf
+  ##
+  ## Value: Bytes
+  ## recbuf = 2KB
 
-## The TCP send buffer(os kernel) for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.sndbuf
-##
-## Value: Bytes
-## listener.ws.external.sndbuf = 2KB
+  ## The TCP send buffer(os kernel) for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.sndbuf
+  ##
+  ## Value: Bytes
+  ## sndbuf = 2KB
 
-## The size of the user-level software buffer used by the driver.
-##
-## See: listener.ws.$name.buffer
-##
-## Value: Bytes
-## listener.ws.external.buffer = 2KB
+  ## The size of the user-level software buffer used by the driver.
+  ##
+  ## See: $name.buffer
+  ##
+  ## Value: Bytes
+  ## buffer = 2KB
 
-## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
-##
-## See: listener.ws.$name.tune_buffer
-##
-## Value: on | off
-## listener.ws.external.tune_buffer = off
+  ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+  ##
+  ## See: $name.tune_buffer
+  ##
+  ## Value: on | off
+  ## tune_buffer = off
 
-## The TCP_NODELAY flag for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.nodelay
-##
-## Value: true | false
-listener.ws.external.nodelay = true
+  ## The TCP_NODELAY flag for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.nodelay
+  ##
+  ## Value: true | false
+  nodelay = true
 
-## The compress flag for external MQTT/WebSocket connections.
-##
-## If this Value is set true,the websocket message would be compressed
-##
-## Value: true | false
-## listener.ws.external.compress = true
+  ## The compress flag for external MQTT/WebSocket connections.
+  ##
+  ## If this Value is set true,the websocket message would be compressed
+  ##
+  ## Value: true | false
+  ## compress = true
 
-## The level of deflate options for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.deflate_opts.level
-##
-## Value: none | default | best_compression | best_speed
-## listener.ws.external.deflate_opts.level = default
+  ## The level of deflate options for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.deflate_opts.level
+  ##
+  ## Value: none | default | best_compression | best_speed
+  ## deflate_opts.level = default
 
-## The mem_level of deflate options for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.deflate_opts.mem_level
-##
-## Valid range is 1-9
-## listener.ws.external.deflate_opts.mem_level = 8
+  ## The mem_level of deflate options for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.deflate_opts.mem_level
+  ##
+  ## Valid range is 1-9
+  ## deflate_opts.mem_level = 8
 
-## The strategy of deflate options for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.deflate_opts.strategy
-##
-## Value: default | filtered | huffman_only | rle
-## listener.ws.external.deflate_opts.strategy = default
+  ## The strategy of deflate options for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.deflate_opts.strategy
+  ##
+  ## Value: default | filtered | huffman_only | rle
+  ## deflate_opts.strategy = default
 
-## The deflate option for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.deflate_opts.server_context_takeover
-##
-## Value: takeover | no_takeover
-## listener.ws.external.deflate_opts.server_context_takeover = takeover
+  ## The deflate option for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.deflate_opts.server_context_takeover
+  ##
+  ## Value: takeover | no_takeover
+  ## deflate_opts.server_context_takeover = takeover
 
-## The deflate option for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.deflate_opts.client_context_takeover
-##
-## Value: takeover | no_takeover
-## listener.ws.external.deflate_opts.client_context_takeover = takeover
+  ## The deflate option for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.deflate_opts.client_context_takeover
+  ##
+  ## Value: takeover | no_takeover
+  ## deflate_opts.client_context_takeover = takeover
 
-## The deflate options for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.deflate_opts.server_max_window_bits
-##
-## Valid range is 8-15
-## listener.ws.external.deflate_opts.server_max_window_bits = 15
+  ## The deflate options for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.deflate_opts.server_max_window_bits
+  ##
+  ## Valid range is 8-15
+  ## deflate_opts.server_max_window_bits = 15
 
-## The deflate options for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.deflate_opts.client_max_window_bits
-##
-## Valid range is 8-15
-## listener.ws.external.deflate_opts.client_max_window_bits = 15
+  ## The deflate options for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.deflate_opts.client_max_window_bits
+  ##
+  ## Valid range is 8-15
+  ## deflate_opts.client_max_window_bits = 15
 
-## The idle timeout for external MQTT/WebSocket connections.
-##
-## See: listener.ws.$name.idle_timeout
-##
-## Value: Duration
-## listener.ws.external.idle_timeout = 60s
+  ## The idle timeout for external MQTT/WebSocket connections.
+  ##
+  ## See: $name.idle_timeout
+  ##
+  ## Value: Duration
+  ## idle_timeout = 60s
 
-## The max frame size for external MQTT/WebSocket connections.
-##
-##
-## Value: Number
-## listener.ws.external.max_frame_size = 0
+  ## The max frame size for external MQTT/WebSocket connections.
+  ##
+  ##
+  ## Value: Number
+  ## max_frame_size = 0
 
-## Whether a WebSocket message is allowed to contain multiple MQTT packets
-##
-## Value: single | multiple
-listener.ws.external.mqtt_piggyback = multiple
+  ## Whether a WebSocket message is allowed to contain multiple MQTT packets
+  ##
+  ## Value: single | multiple
+  mqtt_piggyback = multiple
 
-## By default, EMQX web socket connection does not restrict connections to specific origins.
-## It also, by default, does not enforce the presence of origin in request headers for WebSocket connections.
-## Because of this, a malicious user could potentially hijack an existing web-socket connection to EMQX.
+  ## By default, EMQX web socket connection does not restrict connections to specific origins.
+  ## It also, by default, does not enforce the presence of origin in request headers for WebSocket connections.
+  ## Because of this, a malicious user could potentially hijack an existing web-socket connection to EMQX.
 
-## To prevent this, users can set allowed origin headers in their ws connection to EMQX.
-## WS configs are set in listener.ws.external.*
-## WSS configs are set in listener.wss.external.*
+  ## To prevent this, users can set allowed origin headers in their ws connection to EMQX.
+  ## Example for WS connection
+  ## To enables origin check in header for websocket connnection,
+  ## set `check_origin_enable = true`. By default it is false,
+  ## When it is set to true and no origin is present in the header of a ws connection request, the request fails.
 
-## Example for WS connection
-## To enables origin check in header for websocket connnection,
-## set `listener.ws.external.check_origin_enable = true`. By default it is false,
-## When it is set to true and no origin is present in the header of a ws connection request, the request fails.
+  ## To allow origins to be absent in header in the websocket connection when check_origin_enable is true,
+  ## set `allow_origin_absence = true`
 
-## To allow origins to be absent in header in the websocket connection when check_origin_enable is true,
-## set `listener.ws.external.allow_origin_absence = true`
+  ## Enabling origin check implies there are specific valid origins allowed for ws connection.
+  ## To set the list of allowed origins in header for websocket connection
+  ## check_origins = http://localhost:18083(localhost dashboard url), http://yourapp.com`
+  ## check_origins config allows a comma separated list of origins so you can specify as many origins are you want.
+  ## With these configs, you can allow only connections from only authorized origins to your broker
 
-## Enabling origin check implies there are specific valid origins allowed for ws connection.
-## To set the list of allowed origins in header for websocket connection
-## listener.ws.external.check_origins = http://localhost:18083(localhost dashboard url), http://yourapp.com`
-## check_origins config allows a comma separated list of origins so you can specify as many origins are you want.
-## With these configs, you can allow only connections from only authorized origins to your broker
+  ## Enable origin check in header for websocket connection
+  ##
+  ## Value: true | false (default false)
+  check_origin_enable = false
 
-## Enable origin check in header for websocket connection
-##
-## Value: true | false (default false)
-listener.ws.external.check_origin_enable = false
+  ## Allow origin to be absent in header in websocket connection when check_origin_enable is true
+  ##
+  ## Value: true | false (default true)
+  allow_origin_absence = true
 
-## Allow origin to be absent in header in websocket connection when check_origin_enable is true
-##
-## Value: true | false (default true)
-listener.ws.external.allow_origin_absence = true
-
-## Comma separated list of allowed origin in header for websocket connection
-##
-## Value: http://url eg. local http dashboard url - http://localhost:18083, http://127.0.0.1:18083
-listener.ws.external.check_origins = "http://localhost:18083, http://127.0.0.1:18083"
+  ## Comma separated list of allowed origin in header for websocket connection
+  ##
+  ## Value: http://url eg. local http dashboard url - http://localhost:18083, http://127.0.0.1:18083
+  check_origins = "http://localhost:18083, http://127.0.0.1:18083"
+}
 
 ##--------------------------------------------------------------------
 ## External WebSocket/SSL listener for MQTT Protocol
+listener.wss.external {
+  ## listener.wss.$name.endpoint is the IP address and port that the MQTT/WebSocket/SSL
+  ## listener will bind.
+  ##
+  ## Value: IP:Port | Port
+  ##
+  ## Examples: 8084, "127.0.0.1:8084", "::1:8084"
+  endpoint = 8084
 
-## listener.wss.$name.endpoint is the IP address and port that the MQTT/WebSocket/SSL
-## listener will bind.
-##
-## Value: IP:Port | Port
-##
-## Examples: 8084, "127.0.0.1:8084", "::1:8084"
-listener.wss.external.endpoint = 8084
+  ## The path of WebSocket MQTT endpoint
+  ##
+  ## Value: URL Path
+  mqtt_path = "/mqtt"
 
-## The path of WebSocket MQTT endpoint
-##
-## Value: URL Path
-listener.wss.external.mqtt_path = "/mqtt"
+  ## The acceptor pool for external MQTT/WebSocket/SSL listener.
+  ##
+  ## Value: Number
+  acceptors = 4
 
-## The acceptor pool for external MQTT/WebSocket/SSL listener.
-##
-## Value: Number
-listener.wss.external.acceptors = 4
+  ## Maximum number of concurrent MQTT/Webwocket/SSL connections.
+  ##
+  ## Value: Number
+  max_connections = 16
 
-## Maximum number of concurrent MQTT/Webwocket/SSL connections.
-##
-## Value: Number
-listener.wss.external.max_connections = 16
+  ## Maximum MQTT/WebSocket/SSL connections per second.
+  ##
+  ## See: listener.tcp.$name.max_conn_rate
+  ##
+  ## Value: Number
+  max_conn_rate = 1000
 
-## Maximum MQTT/WebSocket/SSL connections per second.
-##
-## See: listener.tcp.$name.max_conn_rate
-##
-## Value: Number
-listener.wss.external.max_conn_rate = 1000
+  ## Simulate the {active, N} option for the MQTT/WebSocket/SSL connections.
+  ##
+  ## Value: Number
+  active_n = 100
 
-## Simulate the {active, N} option for the MQTT/WebSocket/SSL connections.
-##
-## Value: Number
-listener.wss.external.active_n = 100
+  ## Zone of the external MQTT/WebSocket/SSL listener belonged to.
+  ##
+  ## Value: String
+  zone = external
 
-## Zone of the external MQTT/WebSocket/SSL listener belonged to.
-##
-## Value: String
-listener.wss.external.zone = external
+  ## The access control rules for the MQTT/WebSocket/SSL listener.
+  ##
+  ## See: listener.tcp.$name.access.<no>
+  ##
+  ## Value: ACL Rule
+  access.1 = "allow all"
 
-## The access control rules for the MQTT/WebSocket/SSL listener.
-##
-## See: listener.tcp.$name.access.<no>
-##
-## Value: ACL Rule
-listener.wss.external.access.1 = "allow all"
+  ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
+  ## Set to false for WeChat MiniApp.
+  ##
+  ## Value: true | false
+  ## fail_if_no_subprotocol = true
 
-## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
-## Set to false for WeChat MiniApp.
-##
-## Value: true | false
-## listener.wss.external.fail_if_no_subprotocol = true
+  ## Supported subprotocols
+  ##
+  ## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
+  ## supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
 
-## Supported subprotocols
-##
-## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
-## listener.wss.external.supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
+  ## Specify which HTTP header for real source IP if the EMQ X cluster is
+  ## deployed behind NGINX or HAProxy.
+  ##
+  ## Default: X-Forwarded-For
+  ## proxy_address_header = X-Forwarded-For
 
-## Specify which HTTP header for real source IP if the EMQ X cluster is
-## deployed behind NGINX or HAProxy.
-##
-## Default: X-Forwarded-For
-## listener.wss.external.proxy_address_header = X-Forwarded-For
+  ## Specify which HTTP header for real source port if the EMQ X cluster is
+  ## deployed behind NGINX or HAProxy.
+  ##
+  ## Default: X-Forwarded-Port
+  ## proxy_port_header = X-Forwarded-Port
 
-## Specify which HTTP header for real source port if the EMQ X cluster is
-## deployed behind NGINX or HAProxy.
-##
-## Default: X-Forwarded-Port
-## listener.wss.external.proxy_port_header = X-Forwarded-Port
+  ## Enable the Proxy Protocol V1/2 support.
+  ##
+  ## See: listener.tcp.$name.proxy_protocol
+  ##
+  ## Value: on | off
+  ## proxy_protocol = on
 
-## Enable the Proxy Protocol V1/2 support.
-##
-## See: listener.tcp.$name.proxy_protocol
-##
-## Value: on | off
-## listener.wss.external.proxy_protocol = on
+  ## Sets the timeout for proxy protocol.
+  ##
+  ## See: listener.tcp.$name.proxy_protocol_timeout
+  ##
+  ## Value: Duration
+  ## proxy_protocol_timeout = 3s
 
-## Sets the timeout for proxy protocol.
-##
-## See: listener.tcp.$name.proxy_protocol_timeout
-##
-## Value: Duration
-## listener.wss.external.proxy_protocol_timeout = 3s
+  ## TLS versions only to protect from POODLE attack.
+  ##
+  ## See: listener.ssl.$name.tls_versions
+  ##
+  ## Value: String, seperated by ','
+  ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
+  ## tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
 
-## TLS versions only to protect from POODLE attack.
-##
-## See: listener.ssl.$name.tls_versions
-##
-## Value: String, seperated by ','
-## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-## listener.wss.external.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
+  ## Path to the file containing the user's private PEM-encoded key.
+  ##
+  ## See: listener.ssl.$name.keyfile
+  ##
+  ## Value: File
+  keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
-## Path to the file containing the user's private PEM-encoded key.
-##
-## See: listener.ssl.$name.keyfile
-##
-## Value: File
-listener.wss.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
+  ## Path to a file containing the user certificate.
+  ##
+  ## See: listener.ssl.$name.certfile
+  ##
+  ## Value: File
+  certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
-## Path to a file containing the user certificate.
-##
-## See: listener.ssl.$name.certfile
-##
-## Value: File
-listener.wss.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
+  ## Path to the file containing PEM-encoded CA certificates.
+  ##
+  ## See: listener.ssl.$name.cacert
+  ##
+  ## Value: File
+  ## cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
 
-## Path to the file containing PEM-encoded CA certificates.
-##
-## See: listener.ssl.$name.cacert
-##
-## Value: File
-## listener.wss.external.cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
+  ## Maximum number of non-self-issued intermediate certificates that
+  ## can follow the peer certificate in a valid certification path.
+  ##
+  ## See: listener.ssl.external.depth
+  ##
+  ## Value: Number
+  ## depth = 10
 
-## Maximum number of non-self-issued intermediate certificates that
-## can follow the peer certificate in a valid certification path.
-##
-## See: listener.ssl.external.depth
-##
-## Value: Number
-## listener.wss.external.depth = 10
+  ## String containing the user's password. Only used if the private keyfile
+  ## is password-protected.
+  ##
+  ## See: listener.ssl.$name.key_password
+  ##
+  ## Value: String
+  ## key_password = yourpass
 
-## String containing the user's password. Only used if the private keyfile
-## is password-protected.
-##
-## See: listener.ssl.$name.key_password
-##
-## Value: String
-## listener.wss.external.key_password = yourpass
+  ## See: listener.ssl.$name.dhfile
+  ##
+  ## Value: File
+  ## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
 
-## See: listener.ssl.$name.dhfile
-##
-## Value: File
-## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
+  ## See: listener.ssl.$name.verify
+  ##
+  ## Value: verify_peer | verify_none
+  ## verify = verify_peer
 
-## See: listener.ssl.$name.verify
-##
-## Value: verify_peer | verify_none
-## listener.wss.external.verify = verify_peer
+  ## See: listener.ssl.$name.fail_if_no_peer_cert
+  ##
+  ## Value: false | true
+  ## fail_if_no_peer_cert = true
 
-## See: listener.ssl.$name.fail_if_no_peer_cert
-##
-## Value: false | true
-## listener.wss.external.fail_if_no_peer_cert = true
+  ## See: listener.ssl.$name.ciphers
+  ##
+  ## Value: Ciphers
+  ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
 
-## See: listener.ssl.$name.ciphers
-##
-## Value: Ciphers
-listener.wss.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
+  ## Ciphers for TLS PSK.
+  ## Note that 'ciphers' and 'psk_ciphers' cannot
+  ## be configured at the same time.
+  ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
+  ## psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
 
-## Ciphers for TLS PSK.
-## Note that 'listener.wss.external.ciphers' and 'listener.wss.external.psk_ciphers' cannot
-## be configured at the same time.
-## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-## listener.wss.external.psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
+  ## See: listener.ssl.$name.secure_renegotiate
+  ##
+  ## Value: on | off
+  ## secure_renegotiate = off
 
-## See: listener.ssl.$name.secure_renegotiate
-##
-## Value: on | off
-## listener.wss.external.secure_renegotiate = off
+  ## See: listener.ssl.$name.reuse_sessions
+  ##
+  ## Value: on | off
+  ## reuse_sessions = on
 
-## See: listener.ssl.$name.reuse_sessions
-##
-## Value: on | off
-## listener.wss.external.reuse_sessions = on
+  ## See: listener.ssl.$name.honor_cipher_order
+  ##
+  ## Value: on | off
+  ## honor_cipher_order = on
 
-## See: listener.ssl.$name.honor_cipher_order
-##
-## Value: on | off
-## listener.wss.external.honor_cipher_order = on
+  ## See: listener.ssl.$name.peer_cert_as_username
+  ##
+  ## Value: cn | dn | crt | pem | md5
+  ## peer_cert_as_username = cn
 
-## See: listener.ssl.$name.peer_cert_as_username
-##
-## Value: cn | dn | crt | pem | md5
-## listener.wss.external.peer_cert_as_username = cn
+  ## See: listener.ssl.$name.peer_cert_as_clientid
+  ##
+  ## Value: cn | dn | crt | pem | md5
+  ## peer_cert_as_clientid = cn
 
-## See: listener.ssl.$name.peer_cert_as_clientid
-##
-## Value: cn | dn | crt | pem | md5
-## listener.wss.external.peer_cert_as_clientid = cn
+  ## TCP backlog for the WebSocket/SSL connection.
+  ##
+  ## See: listener.tcp.$name.backlog
+  ##
+  ## Value: Number >= 0
+  backlog = 1024
 
-## TCP backlog for the WebSocket/SSL connection.
-##
-## See: listener.tcp.$name.backlog
-##
-## Value: Number >= 0
-listener.wss.external.backlog = 1024
+  ## The TCP send timeout for the WebSocket/SSL connection.
+  ##
+  ## See: listener.tcp.$name.send_timeout
+  ##
+  ## Value: Duration
+  send_timeout = 15s
 
-## The TCP send timeout for the WebSocket/SSL connection.
-##
-## See: listener.tcp.$name.send_timeout
-##
-## Value: Duration
-listener.wss.external.send_timeout = 15s
+  ## Close the WebSocket/SSL connection if send timeout.
+  ##
+  ## See: listener.tcp.$name.send_timeout_close
+  ##
+  ## Value: on | off
+  send_timeout_close = on
 
-## Close the WebSocket/SSL connection if send timeout.
-##
-## See: listener.tcp.$name.send_timeout_close
-##
-## Value: on | off
-listener.wss.external.send_timeout_close = on
+  ## The TCP receive buffer(os kernel) for the WebSocket/SSL connections.
+  ##
+  ## See: listener.tcp.$name.recbuf
+  ##
+  ## Value: Bytes
+  ## recbuf = 4KB
 
-## The TCP receive buffer(os kernel) for the WebSocket/SSL connections.
-##
-## See: listener.tcp.$name.recbuf
-##
-## Value: Bytes
-## listener.wss.external.recbuf = 4KB
+  ## The TCP send buffer(os kernel) for the WebSocket/SSL connections.
+  ##
+  ## See: listener.tcp.$name.sndbuf
+  ##
+  ## Value: Bytes
+  ## sndbuf = 4KB
 
-## The TCP send buffer(os kernel) for the WebSocket/SSL connections.
-##
-## See: listener.tcp.$name.sndbuf
-##
-## Value: Bytes
-## listener.wss.external.sndbuf = 4KB
+  ## The size of the user-level software buffer used by the driver.
+  ##
+  ## See: listener.tcp.$name.buffer
+  ##
+  ## Value: Bytes
+  ## buffer = 4KB
 
-## The size of the user-level software buffer used by the driver.
-##
-## See: listener.tcp.$name.buffer
-##
-## Value: Bytes
-## listener.wss.external.buffer = 4KB
+  ## The TCP_NODELAY flag for WebSocket/SSL connections.
+  ##
+  ## See: listener.tcp.$name.nodelay
+  ##
+  ## Value: true | false
+  ## nodelay = true
 
-## The TCP_NODELAY flag for WebSocket/SSL connections.
-##
-## See: listener.tcp.$name.nodelay
-##
-## Value: true | false
-## listener.wss.external.nodelay = true
+  ## The compress flag for external WebSocket/SSL connections.
+  ##
+  ## If this Value is set true,the websocket message would be compressed
+  ##
+  ## Value: true | false
+  ## compress = true
 
-## The compress flag for external WebSocket/SSL connections.
-##
-## If this Value is set true,the websocket message would be compressed
-##
-## Value: true | false
-## listener.wss.external.compress = true
+  ## The level of deflate options for external WebSocket/SSL connections.
+  ##
+  ## See: listener.wss.$name.deflate_opts.level
+  ##
+  ## Value: none | default | best_compression | best_speed
+  ## deflate_opts.level = default
 
-## The level of deflate options for external WebSocket/SSL connections.
-##
-## See: listener.wss.$name.deflate_opts.level
-##
-## Value: none | default | best_compression | best_speed
-## listener.wss.external.deflate_opts.level = default
+  ## The mem_level of deflate options for external WebSocket/SSL connections.
+  ##
+  ## See: listener.wss.$name.deflate_opts.mem_level
+  ##
+  ## Valid range is 1-9
+  ## deflate_opts.mem_level = 8
 
-## The mem_level of deflate options for external WebSocket/SSL connections.
-##
-## See: listener.wss.$name.deflate_opts.mem_level
-##
-## Valid range is 1-9
-## listener.wss.external.deflate_opts.mem_level = 8
+  ## The strategy of deflate options for external WebSocket/SSL connections.
+  ##
+  ## See: listener.wss.$name.deflate_opts.strategy
+  ##
+  ## Value: default | filtered | huffman_only | rle
+  ## deflate_opts.strategy = default
 
-## The strategy of deflate options for external WebSocket/SSL connections.
-##
-## See: listener.wss.$name.deflate_opts.strategy
-##
-## Value: default | filtered | huffman_only | rle
-## listener.wss.external.deflate_opts.strategy = default
+  ## The deflate option for external WebSocket/SSL connections.
+  ##
+  ## See: listener.wss.$name.deflate_opts.server_context_takeover
+  ##
+  ## Value: takeover | no_takeover
+  ## deflate_opts.server_context_takeover = takeover
 
-## The deflate option for external WebSocket/SSL connections.
-##
-## See: listener.wss.$name.deflate_opts.server_context_takeover
-##
-## Value: takeover | no_takeover
-## listener.wss.external.deflate_opts.server_context_takeover = takeover
+  ## The deflate option for external WebSocket/SSL connections.
+  ##
+  ## See: listener.wss.$name.deflate_opts.client_context_takeover
+  ##
+  ## Value: takeover | no_takeover
+  ## deflate_opts.client_context_takeover = takeover
 
-## The deflate option for external WebSocket/SSL connections.
-##
-## See: listener.wss.$name.deflate_opts.client_context_takeover
-##
-## Value: takeover | no_takeover
-## listener.wss.external.deflate_opts.client_context_takeover = takeover
+  ## The deflate options for external WebSocket/SSL connections.
+  ##
+  ## See: listener.wss.$name.deflate_opts.server_max_window_bits
+  ##
+  ## Valid range is 8-15
+  ## deflate_opts.server_max_window_bits = 15
 
-## The deflate options for external WebSocket/SSL connections.
-##
-## See: listener.wss.$name.deflate_opts.server_max_window_bits
-##
-## Valid range is 8-15
-## listener.wss.external.deflate_opts.server_max_window_bits = 15
+  ## The deflate options for external WebSocket/SSL connections.
+  ##
+  ## See: listener.wss.$name.deflate_opts.client_max_window_bits
+  ##
+  ## Valid range is 8-15
+  ## deflate_opts.client_max_window_bits = 15
 
-## The deflate options for external WebSocket/SSL connections.
-##
-## See: listener.wss.$name.deflate_opts.client_max_window_bits
-##
-## Valid range is 8-15
-## listener.wss.external.deflate_opts.client_max_window_bits = 15
+  ## The idle timeout for external WebSocket/SSL connections.
+  ##
+  ## See: listener.wss.$name.idle_timeout
+  ##
+  ## Value: Duration
+  ## idle_timeout = 60s
 
-## The idle timeout for external WebSocket/SSL connections.
-##
-## See: listener.wss.$name.idle_timeout
-##
-## Value: Duration
-## listener.wss.external.idle_timeout = 60s
-
-## The max frame size for external WebSocket/SSL connections.
-##
-## Value: Number
-## listener.wss.external.max_frame_size = 0
-
-## Whether a WebSocket message is allowed to contain multiple MQTT packets
-##
-## Value: single | multiple
-listener.wss.external.mqtt_piggyback = multiple
-## Enable origin check in header for secure websocket connection
-##
-## Value: true | false (default false)
-listener.wss.external.check_origin_enable = false
-## Allow origin to be absent in header in secure websocket connection  when check_origin_enable is true
-##
-## Value: true | false (default true)
-listener.wss.external.allow_origin_absence = true
-## Comma separated list of allowed origin in header for secure websocket connection
-##
-## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
-listener.wss.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
+  ## The max frame size for external WebSocket/SSL connections.
+  ##
+  ## Value: Number
+  ## max_frame_size = 0
 
+  ## Whether a WebSocket message is allowed to contain multiple MQTT packets
+  ##
+  ## Value: single | multiple
+  mqtt_piggyback = multiple
+  ## Enable origin check in header for secure websocket connection
+  ##
+  ## Value: true | false (default false)
+  check_origin_enable = false
+  ## Allow origin to be absent in header in secure websocket connection  when check_origin_enable is true
+  ##
+  ## Value: true | false (default true)
+  allow_origin_absence = true
+  ## Comma separated list of allowed origin in header for secure websocket connection
+  ##
+  ## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
+  check_origins = "https://localhost:8084, https://127.0.0.1:8084"
+}
 
 ##--------------------------------------------------------------------
 ## External QUIC listener for MQTT Protocol
 
-## listener.quic.$name.endpoint is the IP address and port that the MQTT/QUIC
-## listener will bind.
-##
-## Value: IP:Port | Port
-##
-## Examples: 14567, 127.0.0.1:14567, ::1:14567
-listener.quic.external.endpoint = 14567
+listener.quic.external {
+  ## listener.quic.$name.endpoint is the IP address and port that the MQTT/QUIC
+  ## listener will bind.
+  ##
+  ## Value: IP:Port | Port
+  ##
+  ## Examples: 14567, 127.0.0.1:14567, ::1:14567
+  endpoint = 14567
 
-## The acceptor pool for external MQTT/QUIC listener.
-##
-## Value: Number
-listener.quic.external.acceptors = 4
+  ## The acceptor pool for external MQTT/QUIC listener.
+  ##
+  ## Value: Number
+  acceptors = 4
 
-## Maximum number of concurrent MQTT/Webwocket/SSL connections.
-##
-## Value: Number
-listener.quic.external.max_connections = 16
+  ## Maximum number of concurrent MQTT/Webwocket/SSL connections.
+  ##
+  ## Value: Number
+  max_connections = 16
 
-## Maximum MQTT/QUIC connections per second.
-##
-## See: listener.tcp.$name.max_conn_rate
-##
-## Value: Number
-listener.quic.external.max_conn_rate = 1000
+  ## Maximum MQTT/QUIC connections per second.
+  ##
+  ## See: listener.tcp.$name.max_conn_rate
+  ##
+  ## Value: Number
+  max_conn_rate = 1000
 
-## Simulate the {active, N} option for the MQTT/QUIC connections.
-## @todo
-## Value: Number
-## listener.quic.external.active_n = 100
+  ## Simulate the {active, N} option for the MQTT/QUIC connections.
+  ## @todo
+  ## Value: Number
+  ## active_n = 100
 
-## Zone of the external MQTT/QUIC listener belonged to.
-##
-## Value: String
-listener.quic.external.zone = external
+  ## Zone of the external MQTT/QUIC listener belonged to.
+  ##
+  ## Value: String
+  zone = external
 
-## Path to the file containing the user's private PEM-encoded key.
-##
-## See: listener.ssl.$name.keyfile
-##
-## Value: File
-listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
+  ## Path to the file containing the user's private PEM-encoded key.
+  ##
+  ## See: listener.ssl.$name.keyfile
+  ##
+  ## Value: File
+  keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
-## Path to a file containing the user certificate.
-##
-## See: listener.ssl.$name.certfile
-##
-## Value: File
-listener.quic.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
+  ## Path to a file containing the user certificate.
+  ##
+  ## See: listener.ssl.$name.certfile
+  ##
+  ## Value: File
+  certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
-## Path to the file containing PEM-encoded CA certificates.
-## @todo
-## See: listener.ssl.$name.cacert
-##
-## Value: File
-## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
+  ## Path to the file containing PEM-encoded CA certificates.
+  ## @todo
+  ## See: listener.ssl.$name.cacert
+  ##
+  ## Value: File
+  ## cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 
-## String containing the user's password. Only used if the private keyfile
-## is password-protected.
-## @todo
-## See: listener.ssl.$name.key_password
-##
-## Value: String
-## listener.quic.external.key_password = yourpass
+  ## String containing the user's password. Only used if the private keyfile
+  ## is password-protected.
+  ## @todo
+  ## See: listener.ssl.$name.key_password
+  ##
+  ## Value: String
+  ## key_password = yourpass
 
-## See: listener.ssl.$name.verify
-## @todo
-## Value: verify_peer | verify_none
-## listener.quic.external.verify = verify_peer
+  ## See: listener.ssl.$name.verify
+  ## @todo
+  ## Value: verify_peer | verify_none
+  ## verify = verify_peer
 
-## See: listener.ssl.$name.fail_if_no_peer_cert
-## @todo
-## Value: false | true
-## listener.quic.external.fail_if_no_peer_cert = true
+  ## See: listener.ssl.$name.fail_if_no_peer_cert
+  ## @todo
+  ## Value: false | true
+  ## fail_if_no_peer_cert = true
 
-## See: listener.ssl.$name.ciphers
-## @todo
-## Value: Ciphers
-listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256"
+  ## See: listener.ssl.$name.ciphers
+  ## @todo
+  ## Value: Ciphers
+  ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256"
 
-## Ciphers for TLS PSK.
-## @todo
-## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
-## be configured at the same time.
-## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
+  ## Ciphers for TLS PSK.
+  ## @todo
+  ## Note that 'ciphers' and 'psk_ciphers' cannot
+  ## be configured at the same time.
+  ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
+  ## psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
 
-## See: listener.ssl.$name.honor_cipher_order
-## @todo
-## Value: on | off
-## listener.quic.external.honor_cipher_order = on
+  ## See: listener.ssl.$name.honor_cipher_order
+  ## @todo
+  ## Value: on | off
+  ## honor_cipher_order = on
 
-## The send timeout for the QUIC stream.
-## @todo
-##
-## Value: Duration
-# listener.quic.external.send_timeout = 15s
+  ## The send timeout for the QUIC stream.
+  ## @todo
+  ##
+  ## Value: Duration
+  # send_timeout = 15s
 
-## Close the QUIC connection if send timeout.
-## @todo
-## See: listener.tcp.$name.send_timeout_close
-##
-## Value: on | off
-## listener.quic.external.send_timeout_close = on
+  ## Close the QUIC connection if send timeout.
+  ## @todo
+  ## See: listener.tcp.$name.send_timeout_close
+  ##
+  ## Value: on | off
+  ## send_timeout_close = on
 
-## The receive buffer for the QUIC connections.
-## @todo
-## See: listener.tcp.$name.recbuf
-##
-## Value: Bytes
-## listener.quic.external.recbuf = 4KB
+  ## The receive buffer for the QUIC connections.
+  ## @todo
+  ## See: listener.tcp.$name.recbuf
+  ##
+  ## Value: Bytes
+  ## recbuf = 4KB
 
-## The TCP send buffer(os kernel) for the QUIC connections.
-## @todo
-## See: listener.tcp.$name.sndbuf
-##
-## Value: Bytes
-## listener.quic.external.sndbuf = 4KB
+  ## The TCP send buffer(os kernel) for the QUIC connections.
+  ## @todo
+  ## See: listener.tcp.$name.sndbuf
+  ##
+  ## Value: Bytes
+  ## sndbuf = 4KB
 
-## The size of the user-level software buffer used by the driver.
-## @todo
-## See: listener.tcp.$name.buffer
-##
-## Value: Bytes
-## listener.quic.external.buffer = 4KB
+  ## The size of the user-level software buffer used by the driver.
+  ## @todo
+  ## See: listener.tcp.$name.buffer
+  ##
+  ## Value: Bytes
+  ## buffer = 4KB
 
-## The idle timeout for external QUIC connections.
-## @todo
-## See: listener.quic.$name.idle_timeout
-##
-## Value: Duration
-## listener.quic.external.idle_timeout = 60s
+  ## The idle timeout for external QUIC connections.
+  ## @todo
+  ## See: listener.quic.$name.idle_timeout
+  ##
+  ## Value: Duration
+  ## idle_timeout = 60s
 
-## The max frame size for external QUIC connections.
-## @todo
-## Value: Number
-## listener.quic.external.max_frame_size = 0
-
-## CONFIG_SECTION_END=listeners ================================================
+  ## The max frame size for external QUIC connections.
+  ## @todo
+  ## Value: Number
+  ## max_frame_size = 0
+}
 
 ## CONFIG_SECTION_BGN=modules ==================================================
 

From c7cbe819ed51c8ddcd56fd41f0c63bf14eac92e1 Mon Sep 17 00:00:00 2001
From: zhouzb <zhouzb@emqx.io>
Date: Fri, 2 Jul 2021 13:54:37 +0800
Subject: [PATCH 148/174] feat(hocon): convert config format of rpc and log to
 hocon

---
 apps/emqx/etc/emqx.conf | 503 ++++++++++++++++++++--------------------
 1 file changed, 253 insertions(+), 250 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index 54b4b1078..86b9566ba 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -316,293 +316,296 @@ node: {
     backtrace_depth: 16
 }
 
+##--------------------------------------------------------------------
+## RPC
+##--------------------------------------------------------------------
 
-## CONFIG_SECTION_BGN=rpc ======================================================
+rpc: {
+  ## RPC Mode.
+  ##
+  ## Value: sync | async
+  mode: async
 
-## RPC Mode.
-##
-## Value: sync | async
-rpc.mode = async
+  ## Max batch size of async RPC requests.
+  ##
+  ## Value: Integer
+  ## Zero or negative value disables rpc batching.
+  ##
+  ## NOTE: RPC batch won't work when rpc.mode = sync
+  async_batch_size: 256
 
-## Max batch size of async RPC requests.
-##
-## Value: Integer
-## Zero or negative value disables rpc batching.
-##
-## NOTE: RPC batch won't work when rpc.mode = sync
-rpc.async_batch_size = 256
+  ## RPC port discovery
+  ##
+  ## The strategy for discovering the RPC listening port of other nodes.
+  ##
+  ## Value: Enum
+  ## - manual: discover ports by `tcp_server_port` and `tcp_client_port`.
+  ## - stateless: discover ports in a stateless manner.
+  ##   If node name is `emqx<N>@127.0.0.1`, where the `<N>` is an integer,
+  ##   then the listening port will be `5370 + <N>`
+  ##
+  ## Defaults to `stateless`.
+  port_discovery: stateless
 
-## RPC port discovery
-##
-## The strategy for discovering the RPC listening port of other nodes.
-##
-## Value: Enum
-## - manual: discover ports by `tcp_server_port` and `tcp_client_port`.
-## - stateless: discover ports in a stateless manner.
-##   If node name is `emqx<N>@127.0.0.1`, where the `<N>` is an integer,
-##   then the listening port will be `5370 + <N>`
-##
-## Defaults to `stateless`.
-rpc.port_discovery = stateless
+  ## TCP port number for RPC server to listen on.
+  ##
+  ## Only takes effect when `rpc.port_discovery` = `manual`.
+  ##
+  ## NOTE: All nodes in the cluster should agree to this same config.
+  ##
+  ## Value: Port [1024-65535]
+  ## tcp_server_port: 5369
 
-## TCP port number for RPC server to listen on.
-##
-## Only takes effect when `rpc.port_discovery` = `manual`.
-##
-## NOTE: All nodes in the cluster should agree to this same config.
-##
-## Value: Port [1024-65535]
-#rpc.tcp_server_port = 5369
+  ## Number of outgoing RPC connections.
+  ##
+  ## Value: Interger [0-256]
+  ## Default: 1
+  ## tcp_client_num: 1
 
-## Number of outgoing RPC connections.
-##
-## Value: Interger [0-256]
-## Default = 1
-#rpc.tcp_client_num = 1
+  ## RCP Client connect timeout.
+  ##
+  ## Value: Seconds
+  connect_timeout: 5s
 
-## RCP Client connect timeout.
-##
-## Value: Seconds
-rpc.connect_timeout = 5s
+  ## TCP send timeout of RPC client and server.
+  ##
+  ## Value: Seconds
+  send_timeout: 5s
 
-## TCP send timeout of RPC client and server.
-##
-## Value: Seconds
-rpc.send_timeout = 5s
+  ## Authentication timeout
+  ##
+  ## Value: Seconds
+  authentication_timeout: 5s
 
-## Authentication timeout
-##
-## Value: Seconds
-rpc.authentication_timeout = 5s
+  ## Default receive timeout for call() functions
+  ##
+  ## Value: Seconds
+  call_receive_timeout: 15s
 
-## Default receive timeout for call() functions
-##
-## Value: Seconds
-rpc.call_receive_timeout = 15s
+  ## Socket idle keepalive.
+  ##
+  ## Value: Seconds
+  socket_keepalive_idle: 900s
 
-## Socket idle keepalive.
-##
-## Value: Seconds
-rpc.socket_keepalive_idle = 900s
+  ## TCP Keepalive probes interval.
+  ##
+  ## Value: Seconds
+  socket_keepalive_interval: 75s
 
-## TCP Keepalive probes interval.
-##
-## Value: Seconds
-rpc.socket_keepalive_interval = 75s
+  ## Probes lost to close the connection
+  ##
+  ## Value: Integer
+  socket_keepalive_count: 9
 
-## Probes lost to close the connection
-##
-## Value: Integer
-rpc.socket_keepalive_count = 9
+  ## Size of TCP send buffer.
+  ##
+  ## Value: Bytes
+  socket_sndbuf: 1MB
 
-## Size of TCP send buffer.
-##
-## Value: Bytes
-rpc.socket_sndbuf = 1MB
+  ## Size of TCP receive buffer.
+  ##
+  ## Value: Seconds
+  socket_recbuf: 1MB
 
-## Size of TCP receive buffer.
-##
-## Value: Seconds
-rpc.socket_recbuf = 1MB
+  ## Size of user-level software socket buffer.
+  ##
+  ## Value: Seconds
+  socket_buffer: 1MB
+}
 
-## Size of user-level software socket buffer.
-##
-## Value: Seconds
-rpc.socket_buffer = 1MB
+##--------------------------------------------------------------------
+## Log
+##--------------------------------------------------------------------
 
-## CONFIG_SECTION_END=rpc ======================================================
+log: {
+  ## Where to emit the logs.
+  ## Enable the console (standard output) logs.
+  ##
+  ## Value: file | console | both
+  ## - file: write logs only to file
+  ## - console: write logs only to standard I/O
+  ## - both: write logs both to file and standard I/O
+  to: file
 
-## CONFIG_SECTION_BGN=logger ===================================================
+  ## The log severity level.
+  ##
+  ## Value: debug | info | notice | warning | error | critical | alert | emergency
+  ##
+  ## Note: Only the messages with severity level higher than or equal to
+  ##       this level will be logged.
+  ##
+  ## Default: warning
+  level: warning
 
-## Where to emit the logs.
-## Enable the console (standard output) logs.
-##
-## Value: file | console | both
-## - file: write logs only to file
-## - console: write logs only to standard I/O
-## - both: write logs both to file and standard I/O
-log.to = file
+  ## Timezone offset to display in logs
+  ## Value:
+  ##  - "system" use system zone
+  ##  - "utc" for Universal Coordinated Time (UTC)
+  ##  - "+hh:mm" or "-hh:mm" for a specified offset
+  time_offset: system
 
-## The log severity level.
-##
-## Value: debug | info | notice | warning | error | critical | alert | emergency
-##
-## Note: Only the messages with severity level higher than or equal to
-##       this level will be logged.
-##
-## Default: warning
-log.level = warning
+  ## The dir for log files.
+  ##
+  ## Value: Folder
+  dir: "{{ platform_log_dir }}"
 
-## Timezone offset to display in logs
-## Value:
-##  - "system" use system zone
-##  - "utc" for Universal Coordinated Time (UTC)
-##  - "+hh:mm" or "-hh:mm" for a specified offset
-log.time_offset = system
+  ## The log filename for logs of level specified in "log.level".
+  ##
+  ## If `log.rotation` is enabled, this is the base name of the
+  ## files. Each file in a rotated log is named <base_name>.N, where N is an integer.
+  ##
+  ## Value: String
+  ## Default: emqx.log
+  file: emqx.log
 
-## The dir for log files.
-##
-## Value: Folder
-log.dir = "{{ platform_log_dir }}"
+  ## Limits the total number of characters printed for each log event.
+  ##
+  ## Value: Integer
+  ## Default: No Limit
+  ## chars_limit: 8192
 
-## The log filename for logs of level specified in "log.level".
-##
-## If `log.rotation` is enabled, this is the base name of the
-## files. Each file in a rotated log is named <base_name>.N, where N is an integer.
-##
-## Value: String
-## Default: emqx.log
-log.file = emqx.log
+  ## Maximum depth for Erlang term log formatting
+  ## and Erlang process message queue inspection.
+  ##
+  ## Value: Integer or 'unlimited' (without quotes)
+  ## Default: 80
+  ## max_depth: 80
 
-## Limits the total number of characters printed for each log event.
-##
-## Value: Integer
-## Default: No Limit
-#log.chars_limit = 8192
+  ## Log formatter
+  ## Value: text | json
+  ## formatter: text
 
-## Maximum depth for Erlang term log formatting
-## and Erlang process message queue inspection.
-##
-## Value: Integer or 'unlimited' (without quotes)
-## Default: 80
-#log.max_depth = 80
+  ## Log to single line
+  ## Value: Boolean
+  ## single_line: true
 
-## Log formatter
-## Value: text | json
-#log.formatter = text
+  ## Enables the log rotation.
+  ## With this enabled, new log files will be created when the current
+  ## log file is full, max to `rotation.size` files will be created.
+  ##
+  ## Value: on | off
+  ## Default: on
+  rotation.enable: on
 
-## Log to single line
-## Value: Boolean
-#log.single_line = true
+  ## Maximum size of each log file.
+  ##
+  ## Value: Number
+  ## Default: 10M
+  ## Supported Unit: KB | MB | GB
+  rotation.size: 10MB
 
-## Enables the log rotation.
-## With this enabled, new log files will be created when the current
-## log file is full, max to `log.rotation.size` files will be created.
-##
-## Value: on | off
-## Default: on
-log.rotation.enable = on
+  ## Maximum rotation count of log files.
+  ##
+  ## Value: Number
+  ## Default: 5
+  rotation.count: 5
 
-## Maximum size of each log file.
-##
-## Value: Number
-## Default: 10M
-## Supported Unit: KB | MB | GB
-log.rotation.size = 10MB
+  ## To create additional log files for specific log levels.
+  ##
+  ## Value: File Name
+  ## Format: log.$level.file = $filename,
+  ##         where "$level" can be one of: debug, info, notice, warning,
+  ##                                       error, critical, alert, emergency
+  ## Note: Log files for a specific log level will only contain all the logs
+  ##       that higher than or equal to that level
+  ##
+  ## info.file: info.log
+  ## error.file: error.log
 
-## Maximum rotation count of log files.
-##
-## Value: Number
-## Default: 5
-log.rotation.count = 5
+  ## The max allowed queue length before switching to sync mode.
+  ##
+  ## Log overload protection parameter. If the message queue grows
+  ## larger than this value the handler switches from anync to sync mode.
+  ##
+  ## Default: 100
+  ##
+  ## sync_mode_qlen: 100
 
-## To create additional log files for specific log levels.
-##
-## Value: File Name
-## Format: log.$level.file = $filename,
-##         where "$level" can be one of: debug, info, notice, warning,
-##                                       error, critical, alert, emergency
-## Note: Log files for a specific log level will only contain all the logs
-##       that higher than or equal to that level
-##
-#log.info.file  = info.log
-#log.error.file = error.log
+  ## The max allowed queue length before switching to drop mode.
+  ##
+  ## Log overload protection parameter. When the message queue grows
+  ## larger than this threshold, the handler switches to a mode in which
+  ## it drops all new events that senders want to log.
+  ##
+  ## Default: 3000
+  ##
+  ## drop_mode_qlen: 3000
 
-## The max allowed queue length before switching to sync mode.
-##
-## Log overload protection parameter. If the message queue grows
-## larger than this value the handler switches from anync to sync mode.
-##
-## Default: 100
-##
-#log.sync_mode_qlen = 100
+  ## The max allowed queue length before switching to flush mode.
+  ##
+  ## Log overload protection parameter. If the length of the message queue
+  ## grows larger than this threshold, a flush (delete) operation takes place.
+  ## To flush events, the handler discards the messages in the message queue
+  ## by receiving them in a loop without logging.
+  ##
+  ## Default: 8000
+  ##
+  ## flush_qlen: 8000
 
-## The max allowed queue length before switching to drop mode.
-##
-## Log overload protection parameter. When the message queue grows
-## larger than this threshold, the handler switches to a mode in which
-## it drops all new events that senders want to log.
-##
-## Default: 3000
-##
-#log.drop_mode_qlen = 3000
+  ## Kill the log handler when it gets overloaded.
+  ##
+  ## Log overload protection parameter. It is possible that a handler,
+  ## even if it can successfully manage peaks of high load without crashing,
+  ## can build up a large message queue, or use a large amount of memory.
+  ## We could kill the log handler in these cases and restart it after a
+  ## few seconds.
+  ##
+  ## Default: on
+  ##
+  ## overload_kill: on
 
-## The max allowed queue length before switching to flush mode.
-##
-## Log overload protection parameter. If the length of the message queue
-## grows larger than this threshold, a flush (delete) operation takes place.
-## To flush events, the handler discards the messages in the message queue
-## by receiving them in a loop without logging.
-##
-## Default: 8000
-##
-#log.flush_qlen = 8000
+  ## The max allowed queue length before killing the log hanlder.
+  ##
+  ## Log overload protection parameter. This is the maximum allowed queue
+  ## length. If the message queue grows larger than this, the handler
+  ## process is terminated.
+  ##
+  ## Default: 20000
+  ##
+  ## overload_kill_qlen: 20000
 
-## Kill the log handler when it gets overloaded.
-##
-## Log overload protection parameter. It is possible that a handler,
-## even if it can successfully manage peaks of high load without crashing,
-## can build up a large message queue, or use a large amount of memory.
-## We could kill the log handler in these cases and restart it after a
-## few seconds.
-##
-## Default: on
-##
-#log.overload_kill = on
+  ## The max allowed memory size before killing the log hanlder.
+  ##
+  ## Log overload protection parameter. This is the maximum memory size
+  ## that the handler process is allowed to use. If the handler grows
+  ## larger than this, the process is terminated.
+  ##
+  ## Default: 30MB
+  ##
+  ## overload_kill_mem_size: 30MB
 
-## The max allowed queue length before killing the log hanlder.
-##
-## Log overload protection parameter. This is the maximum allowed queue
-## length. If the message queue grows larger than this, the handler
-## process is terminated.
-##
-## Default: 20000
-##
-#log.overload_kill_qlen = 20000
+  ## Restart the log hanlder after some seconds.
+  ##
+  ## Log overload protection parameter. If the handler is terminated,
+  ## it restarts automatically after a delay specified in seconds.
+  ## The value "infinity" prevents restarts.
+  ##
+  ## Default: 5s
+  ##
+  ## overload_kill_restart_after: 5s
 
-## The max allowed memory size before killing the log hanlder.
-##
-## Log overload protection parameter. This is the maximum memory size
-## that the handler process is allowed to use. If the handler grows
-## larger than this, the process is terminated.
-##
-## Default: 30MB
-##
-#log.overload_kill_mem_size = 30MB
-
-## Restart the log hanlder after some seconds.
-##
-## Log overload protection parameter. If the handler is terminated,
-## it restarts automatically after a delay specified in seconds.
-## The value "infinity" prevents restarts.
-##
-## Default: 5s
-##
-#log.overload_kill_restart_after = 5s
-
-## Max burst count and time window for burst control.
-##
-## Log overload protection parameter. Large bursts of log events - many
-## events received by the handler under a short period of time - can
-## potentially cause problems. By specifying the maximum number of events
-## to be handled within a certain time frame, the handler can avoid
-## choking the log with massive amounts of printouts.
-##
-## This config controls the maximum number of events to handle within
-## a time frame. After the limit is reached, successive events are
-## dropped until the end of the time frame.
-##
-## Note that there would be no warning if any messages were
-## dropped because of burst control.
-##
-## Comment this config out to disable the burst control feature.
-##
-## Value: MaxBurstCount,TimeWindow
-## Default: disabled
-##
-#log.burst_limit = "20000, 1s"
-
-## CONFIG_SECTION_END=logger ===================================================
+  ## Max burst count and time window for burst control.
+  ##
+  ## Log overload protection parameter. Large bursts of log events - many
+  ## events received by the handler under a short period of time - can
+  ## potentially cause problems. By specifying the maximum number of events
+  ## to be handled within a certain time frame, the handler can avoid
+  ## choking the log with massive amounts of printouts.
+  ##
+  ## This config controls the maximum number of events to handle within
+  ## a time frame. After the limit is reached, successive events are
+  ## dropped until the end of the time frame.
+  ##
+  ## Note that there would be no warning if any messages were
+  ## dropped because of burst control.
+  ##
+  ## Comment this config out to disable the burst control feature.
+  ##
+  ## Value: MaxBurstCount,TimeWindow
+  ## Default: disabled
+  ##
+  ## burst_limit: "20000, 1s"
+}
 
 ##--------------------------------------------------------------------
 ## Authentication/Access Control

From 4b87594839cb0d3acc5cc0a3a85ddd7a70280e6a Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 2 Jul 2021 14:05:38 +0800
Subject: [PATCH 149/174] =?UTF-8?q?feat(conf):=20sys=E3=80=81mon=E3=80=81a?=
 =?UTF-8?q?larm=E3=80=81plugins=E3=80=81broker=E3=80=81mqtt=20conf=20to=20?=
 =?UTF-8?q?hocon?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/emqx/etc/emqx.conf       | 1174 ++++++++++++++++-----------------
 apps/emqx/src/emqx_schema.erl |   47 +-
 2 files changed, 571 insertions(+), 650 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index 86b9566ba..f40ecd8e5 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -64,12 +64,12 @@ cluster: {
         ## IP Multicast Address.
         ##
         ## Value: IP Address
-        ## addr = "239.192.0.1"
+        ## addr: "239.192.0.1"
 
         ## Multicast Ports.
         ##
         ## Value: Port List
-        ## ports = "4369,4370"
+        ## ports: "4369,4370"
 
         ## Multicast Iface.
         ##
@@ -291,7 +291,7 @@ node: {
     ## Value: File
     ##
     ## vm.args: -ssl_dist_optfile <File>
-    ## node.ssl_dist_optfile = "{{ platform_etc_dir }}/ssl_dist.conf"
+    ## node.ssl_dist_optfile: "{{ platform_etc_dir }}/ssl_dist.conf"
 
     ## Sets the net_kernel tick time. TickTime is specified in seconds.
     ## Notice that all communicating nodes are to have the same TickTime
@@ -331,7 +331,7 @@ rpc: {
   ## Value: Integer
   ## Zero or negative value disables rpc batching.
   ##
-  ## NOTE: RPC batch won't work when rpc.mode = sync
+  ## NOTE: RPC batch won't work when rpc.mode: sync
   async_batch_size: 256
 
   ## RPC port discovery
@@ -349,7 +349,7 @@ rpc: {
 
   ## TCP port number for RPC server to listen on.
   ##
-  ## Only takes effect when `rpc.port_discovery` = `manual`.
+  ## Only takes effect when `rpc.port_discovery`: `manual`.
   ##
   ## NOTE: All nodes in the cluster should agree to this same config.
   ##
@@ -503,7 +503,7 @@ log: {
   ## To create additional log files for specific log levels.
   ##
   ## Value: File Name
-  ## Format: log.$level.file = $filename,
+  ## Format: log.$level.file: $filename,
   ##         where "$level" can be one of: debug, info, notice, warning,
   ##                                       error, critical, alert, emergency
   ## Note: Log files for a specific log level will only contain all the logs
@@ -610,116 +610,119 @@ log: {
 ##--------------------------------------------------------------------
 ## Authentication/Access Control
 ##--------------------------------------------------------------------
+acl: {
+    ## Allow anonymous authentication by default if no auth plugins loaded.
+    ## Notice: Disable the option in production deployment!
+    ##
+    ## Value: true | false
+    allow_anonymous: true
 
-## Allow anonymous authentication by default if no auth plugins loaded.
-## Notice: Disable the option in production deployment!
-##
-## Value: true | false
-acl.allow_anonymous = true
+    ## Allow or deny if no ACL rules matched.
+    ##
+    ## Value: allow | deny
+    acl_nomatch: allow
 
-## Allow or deny if no ACL rules matched.
-##
-## Value: allow | deny
-acl.acl_nomatch = allow
+    ## Default ACL File.
+    ##
+    ## Value: File Name
+    acl_file: "{{ platform_etc_dir }}/acl.conf"
 
-## Default ACL File.
-##
-## Value: File Name
-acl.acl_file = "{{ platform_etc_dir }}/acl.conf"
+    ## Whether to enable ACL cache.
+    ##
+    ## If enabled, ACLs roles for each client will be cached in the memory
+    ##
+    ## Value: on | off
+    enable_acl_cache: on
 
-## Whether to enable ACL cache.
-##
-## If enabled, ACLs roles for each client will be cached in the memory
-##
-## Value: on | off
-acl.enable_acl_cache = on
+    ## The maximum count of ACL entries can be cached for a client.
+    ##
+    ## Value: Integer greater than 0
+    ## Default: 32
+    acl_cache_max_size: 32
 
-## The maximum count of ACL entries can be cached for a client.
-##
-## Value: Integer greater than 0
-## Default: 32
-acl.acl_cache_max_size = 32
+    ## The time after which an ACL cache entry will be deleted
+    ##
+    ## Value: Duration
+    ## Default: 1 minute
+    acl_cache_ttl: 1m
 
-## The time after which an ACL cache entry will be deleted
-##
-## Value: Duration
-## Default: 1 minute
-acl.acl_cache_ttl = 1m
+    ## The action when acl check reject current operation
+    ##
+    ## Value: ignore | disconnect
+    ## Default: ignore
+    acl_deny_action: ignore
 
-## The action when acl check reject current operation
-##
-## Value: ignore | disconnect
-## Default: ignore
-acl.acl_deny_action = ignore
+    ## Specify the global flapping detect policy.
+    ## The value is a string composed of flapping threshold, duration and banned interval.
+    ## 1. threshold: an integer to specfify the disconnected times of a MQTT Client;
+    ## 2. duration: the time window for flapping detect;
+    ## 3. banned interval: the banned interval if a flapping is detected.
+    ##
+    ## Value: Integer,Duration,Duration
+    flapping_detect_policy: "30, 1m, 5m"
 
-## Specify the global flapping detect policy.
-## The value is a string composed of flapping threshold, duration and banned interval.
-## 1. threshold: an integer to specfify the disconnected times of a MQTT Client;
-## 2. duration: the time window for flapping detect;
-## 3. banned interval: the banned interval if a flapping is detected.
-##
-## Value: Integer,Duration,Duration
-acl.flapping_detect_policy = "30, 1m, 5m"
+}
 
 ##--------------------------------------------------------------------
 ## MQTT Protocol
 ##--------------------------------------------------------------------
+mqtt: {
+    ## Maximum MQTT packet size allowed.
+    ##
+    ## Value: Bytes
+    ## Default: 1MB
+    max_packet_size: "1MB"
 
-## Maximum MQTT packet size allowed.
-##
-## Value: Bytes
-## Default: 1MB
-mqtt.max_packet_size = 1MB
+    ## Maximum length of MQTT clientId allowed.
+    ##
+    ## Value: Number [23-65535]
+    max_clientid_len: 65535
 
-## Maximum length of MQTT clientId allowed.
-##
-## Value: Number [23-65535]
-mqtt.max_clientid_len = 65535
+    ## Maximum topic levels allowed. 0 means no limit.
+    ##
+    ## Value: Number
+    max_topic_levels: 0
 
-## Maximum topic levels allowed. 0 means no limit.
-##
-## Value: Number
-mqtt.max_topic_levels = 0
+    ## Maximum QoS allowed.
+    ##
+    ## Value: 0 | 1 | 2
+    max_qos_allowed: 2
 
-## Maximum QoS allowed.
-##
-## Value: 0 | 1 | 2
-mqtt.max_qos_allowed = 2
+    ## Maximum Topic Alias, 0 means no topic alias supported.
+    ##
+    ## Value: 0-65535
+    max_topic_alias: 65535
 
-## Maximum Topic Alias, 0 means no topic alias supported.
-##
-## Value: 0-65535
-mqtt.max_topic_alias = 65535
+    ## Whether the Server supports MQTT retained messages.
+    ##
+    ## Value: boolean
+    retain_available: true
 
-## Whether the Server supports MQTT retained messages.
-##
-## Value: boolean
-mqtt.retain_available = true
+    ## Whether the Server supports MQTT Wildcard Subscriptions
+    ##
+    ## Value: boolean
+    wildcard_subscription: true
 
-## Whether the Server supports MQTT Wildcard Subscriptions
-##
-## Value: boolean
-mqtt.wildcard_subscription = true
+    ## Whether the Server supports MQTT Shared Subscriptions.
+    ##
+    ## Value: boolean
+    shared_subscription: true
 
-## Whether the Server supports MQTT Shared Subscriptions.
-##
-## Value: boolean
-mqtt.shared_subscription = true
+    ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
+    ##
+    ## Value: true | false
+    ignore_loop_deliver: false
 
-## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
-##
-## Value: true | false
-mqtt.ignore_loop_deliver = false
+    ## Whether to parse the MQTT frame in strict mode
+    ##
+    ## Value: true | false
+    strict_mode: false
 
-## Whether to parse the MQTT frame in strict mode
-##
-## Value: true | false
-mqtt.strict_mode = false
-
-## Specify the response information returned to the client
-##
-## Value: String
-## mqtt.response_information = example
+    ## Specify the response information returned to the client
+    ##
+    ## Value: String
+    ## response_information: example
+}
 
 ##--------------------------------------------------------------------
 ## External Zone
@@ -727,34 +730,34 @@ zone.external {
   ## Idle timeout of the external MQTT connections.
   ##
   ## Value: duration
-  idle_timeout = 15s
+  idle_timeout: 15s
 
   ## Enable ACL check.
   ##
   ## Value: Flag
-  enable_acl = on
+  enable_acl: on
 
   ## Enable ban check.
   ##
   ## Value: Flag
-  enable_ban = on
+  enable_ban: on
 
   ## Enable per connection statistics.
   ##
   ## Value: on | off
-  enable_stats = on
+  enable_stats: on
 
   ## The action when acl check reject current operation
   ##
   ## Value: ignore | disconnect
   ## Default: ignore
-  acl_deny_action = ignore
+  acl_deny_action: ignore
 
   ## Force the MQTT connection process GC after this number of
   ## messages | bytes passed through.
   ##
   ## Numbers delimited by `|'. Zero or negative is to disable.
-  force_gc_policy = "16000|16MB"
+  force_gc_policy: "16000|16MB"
 
   ## Max message queue length and total heap size to force shutdown
   ## connection/session process.
@@ -766,89 +769,89 @@ zone.external {
   ## Default:
   ##   - "10000|64MB" on ARCH_64 system
   ##   - "1000|32MB"  on ARCH_32 sytem
-  #force_shutdown_policy = "10000|64MB"
+  #force_shutdown_policy: "10000|64MB"
 
   ## Maximum MQTT packet size allowed.
   ##
   ## Value: Bytes
   ## Default: 1MB
-  ## max_packet_size = 64KB
+  ## max_packet_size: 64KB
 
   ## Maximum length of MQTT clientId allowed.
   ##
   ## Value: Number [23-65535]
-  ## max_clientid_len = 1024
+  ## max_clientid_len: 1024
 
   ## Maximum topic levels allowed. 0 means no limit.
   ##
   ## Value: Number
-  ## max_topic_levels = 7
+  ## max_topic_levels: 7
 
   ## Maximum QoS allowed.
   ##
   ## Value: 0 | 1 | 2
-  ## max_qos_allowed = 2
+  ## max_qos_allowed: 2
 
   ## Maximum Topic Alias, 0 means no limit.
   ##
   ## Value: 0-65535
-  ## max_topic_alias = 65535
+  ## max_topic_alias: 65535
 
   ## Whether the Server supports retained messages.
   ##
   ## Value: boolean
-  ## retain_available = true
+  ## retain_available: true
 
   ## Whether the Server supports Wildcard Subscriptions
   ##
   ## Value: boolean
-  ## wildcard_subscription = false
+  ## wildcard_subscription: false
 
   ## Whether the Server supports Shared Subscriptions
   ##
   ## Value: boolean
-  ## shared_subscription = false
+  ## shared_subscription: false
 
   ## Server Keep Alive
   ##
   ## Value: Number
-  ## server_keepalive = 0
+  ## server_keepalive: 0
 
   ## The backoff for MQTT keepalive timeout. The broker will kick a connection out
   ## until 'Keepalive * backoff * 2' timeout.
   ##
   ## Value: Float > 0.5
-  keepalive_backoff = 0.75
+  keepalive_backoff: 0.75
 
   ## Maximum number of subscriptions allowed, 0 means no limit.
   ##
   ## Value: Number
-  max_subscriptions = 0
+  max_subscriptions: 0
 
   ## Force to upgrade QoS according to subscription.
   ##
   ## Value: on | off
-  upgrade_qos = off
+  upgrade_qos: off
 
   ## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked.
   ##
   ## Value: Number
-  max_inflight = 32
+  max_inflight: 32
 
   ## Retry interval for QoS1/2 message delivering.
   ##
   ## Value: Duration
-  retry_interval = 30s
+  retry_interval: 30s
 
   ## Maximum QoS2 packets (Client -> Broker) awaiting PUBREL, 0 means no limit.
   ##
   ## Value: Number
-  max_awaiting_rel = 100
+  max_awaiting_rel: 100
 
   ## The QoS2 messages (Client -> Broker) will be dropped if awaiting PUBREL timeout.
   ##
   ## Value: Duration
-  await_rel_timeout = 300s
+  await_rel_timeout: 300s
 
   ## Default session expiry interval for MQTT V3.1.1 connections.
   ##
@@ -859,13 +862,13 @@ zone.external {
   ## -s: second
   ##
   ## Default: 2h, 2 hours
-  session_expiry_interval = 2h
+  session_expiry_interval: 2h
 
   ## Maximum queue length. Enqueued messages when persistent client disconnected,
   ## or inflight window is full. 0 means no limit.
   ##
   ## Value: Number >= 0
-  max_mqueue_len = 1000
+  max_mqueue_len: 1000
 
   ## Topic priorities.
   ## 'none' to indicate no priority table (by default), hence all messages
@@ -878,34 +881,34 @@ zone.external {
   ##       either highest or lowest priority depending on the configured
   ##       value for mqueue_default_priority
   ##
-  mqueue_priorities = none
+  mqueue_priorities: none
 
   ## Default to highest priority for topics not matching priority table
   ##
   ## Value: highest | lowest
-  mqueue_default_priority = highest
+  mqueue_default_priority: highest
 
   ## Whether to enqueue QoS0 messages.
   ##
   ## Value: false | true
-  mqueue_store_qos0 = true
+  mqueue_store_qos0: true
 
   ## Whether to turn on flapping detect
   ##
   ## Value: on | off
-  enable_flapping_detect = off
+  enable_flapping_detect: off
 
   ## Message limit for the a external MQTT connection.
   ##
   ## Value: Number,Duration
   ## Example: 100 messages per 10 seconds.
-  #rate_limit.conn_messages_in = "100,10s"
+  #rate_limit.conn_messages_in: "100,10s"
 
   ## Bytes limit for a external MQTT connections.
   ##
   ## Value: Number,Duration
   ## Example: 100KB incoming per 10 seconds.
-  #rate_limit.conn_bytes_in = "100KB,10s"
+  #rate_limit.conn_bytes_in: "100KB,10s"
 
   ## Whether to alarm the congested connections.
   ##
@@ -921,7 +924,7 @@ zone.external {
   ## Where the <ClientID> is the client-id of the congested MQTT connection.
   ## And the <Username> is the username or "unknown_user" of not provided by the client.
   ## Default: off
-  #conn_congestion.alarm = off
+  #conn_congestion.alarm: off
 
   ## Won't clear the congested alarm in how long time.
   ## The alarm is cleared only when there're no pending bytes in the queue, and also it has been
@@ -929,7 +932,7 @@ zone.external {
   ##
   ## This is to avoid clearing and sending the alarm again too often.
   ## Default: 1m
-  #conn_congestion.min_alarm_sustain_duration = 1m
+  #conn_congestion.min_alarm_sustain_duration: 1m
 
   ## Messages quota for the each of external MQTT connection.
   ## This value consumed by the number of recipient on a message.
@@ -937,7 +940,7 @@ zone.external {
   ## Value: Number, Duration
   ##
   ## Example: 100 messages per 1s
-  #quota.conn_messages_routing = "100,1s"
+  #quota.conn_messages_routing: "100,1s"
 
   ## Messages quota for the all of external MQTT connections.
   ## This value consumed by the number of recipient on a message.
@@ -945,7 +948,7 @@ zone.external {
   ## Value: Number, Duration
   ##
   ## Example: 200000 messages per 1s
-  #quota.overall_messages_routing = "200000,1s"
+  #quota.overall_messages_routing: "200000,1s"
 
   ## All the topics will be prefixed with the mountpoint path if this option is enabled.
   ##
@@ -954,28 +957,28 @@ zone.external {
   ##  - %u: username
   ##
   ## Value: String
-  ## mountpoint = "devicebound/"
+  ## mountpoint: "devicebound/"
 
   ## Whether use username replace client id
   ##
   ## Value: boolean
   ## Default: false
-  use_username_as_clientid = false
+  use_username_as_clientid: false
 
   ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
   ##
   ## Value: true | false
-  ignore_loop_deliver = false
+  ignore_loop_deliver: false
 
   ## Whether to parse the MQTT frame in strict mode
   ##
   ## Value: true | false
-  strict_mode = false
+  strict_mode: false
 
   ## Specify the response information returned to the client
   ##
   ## Value: String
-  #response_information = example
+  #response_information: example
 }
 
 ##--------------------------------------------------------------------
@@ -985,73 +988,73 @@ zone.internal {
   ## Notice: Disable the option in production deployment!
   ##
   ## Value: true | false
-  allow_anonymous = true
+  allow_anonymous: true
 
   ## Enable per connection stats.
   ##
   ## Value: Flag
-  enable_stats = on
+  enable_stats: on
 
   ## Enable ACL check.
   ##
   ## Value: Flag
-  enable_acl = off
+  enable_acl: off
 
   ## The action when acl check reject current operation
   ##
   ## Value: ignore | disconnect
   ## Default: ignore
-  acl_deny_action = ignore
+  acl_deny_action: ignore
 
   ## See zone.$name.force_gc_policy
-  ## force_gc_policy = "128000|128MB"
+  ## force_gc_policy: "128000|128MB"
 
   ## See zone.$name.wildcard_subscription.
   ##
   ## Value: boolean
-  ## wildcard_subscription = true
+  ## wildcard_subscription: true
 
   ## See zone.$name.shared_subscription.
   ##
   ## Value: boolean
-  ## shared_subscription = true
+  ## shared_subscription: true
 
   ## See zone.$name.max_subscriptions.
   ##
   ## Value: Integer
-  max_subscriptions = 0
+  max_subscriptions: 0
 
   ## See zone.$name.max_inflight
   ##
   ## Value: Number
-  max_inflight = 128
+  max_inflight: 128
 
   ## See zone.$name.max_awaiting_rel
   ##
   ## Value: Number
-  max_awaiting_rel = 1000
+  max_awaiting_rel: 1000
 
   ## See zone.$name.max_mqueue_len
   ##
   ## Value: Number >= 0
-  max_mqueue_len = 10000
+  max_mqueue_len: 10000
 
   ## Whether to enqueue Qos0 messages.
   ##
   ## Value: false | true
-  mqueue_store_qos0 = true
+  mqueue_store_qos0: true
 
   ## Whether to turn on flapping detect
   ##
   ## Value: on | off
-  enable_flapping_detect = off
+  enable_flapping_detect: off
 
   ## See zone.$name.force_shutdown_policy
   ##
   ## Default:
   ##   - "10000|64MB" on ARCH_64 system
   ##   - "1000|32MB"  on ARCH_32 sytem
-  #force_shutdown_policy = 10000|64MB
+  #force_shutdown_policy: 10000|64MB
 
   ## All the topics will be prefixed with the mountpoint path if this option is enabled.
   ##
@@ -1060,27 +1063,27 @@ zone.internal {
   ##  - %u: username
   ##
   ## Value: String
-  ## mountpoint = "cloudbound/"
+  ## mountpoint: "cloudbound/"
 
   ## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
   ##
   ## Value: true | false
-  ignore_loop_deliver = false
+  ignore_loop_deliver: false
 
   ## Whether to parse the MQTT frame in strict mode
   ##
   ## Value: true | false
-  strict_mode = false
+  strict_mode: false
 
   ## Specify the response information returned to the client
   ##
   ## Value: String
-  ## response_information = example
+  ## response_information: example
 
   ## Allow the zone's clients to bypass authentication step
   ##
   ## Value: true | false
-  bypass_auth_plugins = true
+  bypass_auth_plugins: true
 }
 
 ##--------------------------------------------------------------------
@@ -1092,34 +1095,34 @@ listener.tcp.external {
   ## Value: IP:Port | Port
   ##
   ## Examples: 1883, "127.0.0.1:1883", "::1:1883"
-  endpoint = "0.0.0.0:1883"
+  endpoint: "0.0.0.0:1883"
 
   ## The acceptor pool for external MQTT/TCP listener.
   ##
   ## Value: Number
-  acceptors = 8
+  acceptors: 8
 
   ## Maximum number of concurrent MQTT/TCP connections.
   ##
   ## Value: Number
-  max_connections = 1024000
+  max_connections: 1024000
 
   ## Maximum external connections per second.
   ##
   ## Value: Number
-  max_conn_rate = 1000
+  max_conn_rate: 1000
 
   ## Specify the {active, N} option for the external MQTT/TCP Socket.
   ##
   ## Value: Number
-  active_n = 100
+  active_n: 100
 
   ## Zone of the external MQTT/TCP listener belonged to.
   ##
   ## See: zone.$name.*
   ##
   ## Value: String
-  zone = external
+  zone: external
 
   ## The access control rules for the MQTT/TCP listener.
   ##
@@ -1128,7 +1131,7 @@ listener.tcp.external {
   ## Value: ACL Rule
   ##
   ## Example: "allow 192.168.0.0/24"
-  access.1 = "allow all"
+  access.1: "allow all"
 
   ## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
   ## behind HAProxy or Nginx.
@@ -1136,57 +1139,57 @@ listener.tcp.external {
   ## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
   ##
   ## Value: on | off
-  ## proxy_protocol = on
+  ## proxy_protocol: on
 
   ## Sets the timeout for proxy protocol. EMQ X will close the TCP connection
   ## if no proxy protocol packet recevied within the timeout.
   ##
   ## Value: Duration
-  ## proxy_protocol_timeout = 3s
+  ## proxy_protocol_timeout: 3s
 
   ## Enable the option for X.509 certificate based authentication.
   ## EMQX will use the common name of certificate as MQTT username.
   ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
   ##
   ## Value: cn
-  ## peer_cert_as_username = cn
+  ## peer_cert_as_username: cn
 
   ## Enable the option for X.509 certificate based authentication.
   ## EMQX will use the common name of certificate as MQTT clientid.
   ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
   ##
   ## Value: cn
-  ## peer_cert_as_clientid = cn
+  ## peer_cert_as_clientid: cn
 
   ## The TCP backlog defines the maximum length that the queue of pending
   ## connections can grow to.
   ##
   ## Value: Number >= 0
-  backlog = 1024
+  backlog: 1024
 
   ## The TCP send timeout for external MQTT connections.
   ##
   ## Value: Duration
-  send_timeout = 15s
+  send_timeout: 15s
 
   ## Close the TCP connection if send timeout.
   ##
   ## Value: on | off
-  send_timeout_close = on
+  send_timeout_close: on
 
   ## The TCP receive buffer(os kernel) for MQTT connections.
   ##
   ## See: http://erlang.org/doc/man/inet.html
   ##
   ## Value: Bytes
-  ## recbuf = 2KB
+  ## recbuf: 2KB
 
   ## The TCP send buffer(os kernel) for MQTT connections.
   ##
   ## See: http://erlang.org/doc/man/inet.html
   ##
   ## Value: Bytes
-  ## sndbuf = 2KB
+  ## sndbuf: 2KB
 
   ## The size of the user-level software buffer used by the driver.
   ## Not to be confused with options sndbuf and recbuf, which correspond
@@ -1198,30 +1201,30 @@ listener.tcp.external {
   ## See: http://erlang.org/doc/man/inet.html
   ##
   ## Value: Bytes
-  ## buffer = 2KB
+  ## buffer: 2KB
 
-  ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+  ## Sets the 'buffer: max(sndbuf, recbuf)' if this option is enabled.
   ##
   ## Value: on | off
-  ## tune_buffer = off
+  ## tune_buffer: off
 
   ## The socket is set to a busy state when the amount of data queued internally
   ## by the ERTS socket implementation reaches this limit.
   ##
   ## Value: on | off
   ## Defaults to 1MB
-  ## high_watermark = 1MB
+  ## high_watermark: 1MB
 
   ## The TCP_NODELAY flag for MQTT connections. Small amounts of data are
   ## sent immediately if the option is enabled.
   ##
   ## Value: true | false
-  nodelay = true
+  nodelay: true
 
   ## The SO_REUSEADDR flag for TCP listener.
   ##
   ## Value: true | false
-  reuseaddr = true
+  reuseaddr: true
 }
 
 ##--------------------------------------------------------------------
@@ -1234,93 +1237,93 @@ listener.tcp.internal {
   ## Value: IP:Port, Port
   ##
   ## Examples: 11883, "127.0.0.1:11883", "::1:11883"
-  endpoint = "127.0.0.1:11883"
+  endpoint: "127.0.0.1:11883"
 
   ## The acceptor pool for internal MQTT/TCP listener.
   ##
   ## Value: Number
-  acceptors = 4
+  acceptors: 4
 
   ## Maximum number of concurrent MQTT/TCP connections.
   ##
   ## Value: Number
-  max_connections = 1024000
+  max_connections: 1024000
 
   ## Maximum internal connections per second.
   ##
   ## Value: Number
-  max_conn_rate = 1000
+  max_conn_rate: 1000
 
   ## Specify the {active, N} option for the internal MQTT/TCP Socket.
   ##
   ## Value: Number
-  active_n = 1000
+  active_n: 1000
 
   ## Zone of the internal MQTT/TCP listener belonged to.
   ##
   ## Value: String
-  zone = internal
+  zone: internal
 
   ## The TCP backlog of internal MQTT/TCP Listener.
   ##
   ## See: listener.tcp.$name.backlog
   ##
   ## Value: Number >= 0
-  backlog = 512
+  backlog: 512
 
   ## The TCP send timeout for internal MQTT connections.
   ##
   ## See: listener.tcp.$name.send_timeout
   ##
   ## Value: Duration
-  send_timeout = 5s
+  send_timeout: 5s
 
   ## Close the MQTT/TCP connection if send timeout.
   ##
   ## See: listener.tcp.$name.send_timeout_close
   ##
   ## Value: on | off
-  send_timeout_close = on
+  send_timeout_close: on
 
   ## The TCP receive buffer(os kernel) for internal MQTT connections.
   ##
   ## See: listener.tcp.$name.recbuf
   ##
   ## Value: Bytes
-  recbuf = 64KB
+  recbuf: 64KB
 
   ## The TCP send buffer(os kernel) for internal MQTT connections.
   ##
   ## See: http://erlang.org/doc/man/inet.html
   ##
   ## Value: Bytes
-  sndbuf = 64KB
+  sndbuf: 64KB
 
   ## The size of the user-level software buffer used by the driver.
   ##
   ## See: listener.tcp.$name.buffer
   ##
   ## Value: Bytes
-  ## buffer = 16KB
+  ## buffer: 16KB
 
-  ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+  ## Sets the 'buffer: max(sndbuf, recbuf)' if this option is enabled.
   ##
   ## See: listener.tcp.$name.tune_buffer
   ##
   ## Value: on | off
-  ## tune_buffer = off
+  ## tune_buffer: off
 
   ## The TCP_NODELAY flag for internal MQTT connections.
   ##
   ## See: listener.tcp.$name.nodelay
   ##
   ## Value: true | false
-  nodelay = false
+  nodelay: false
 
   ## The SO_REUSEADDR flag for MQTT/TCP Listener.
   ##
   ## Value: true | false
-  reuseaddr = true
+  reuseaddr: true
 }
 
 ##--------------------------------------------------------------------
@@ -1332,39 +1335,39 @@ listener.ssl.external {
   ## Value: IP:Port | Port
   ##
   ## Examples: 8883, "127.0.0.1:8883", "::1:8883"
-  endpoint = 8883
+  endpoint: 8883
 
   ## The acceptor pool for external MQTT/SSL listener.
   ##
   ## Value: Number
-  acceptors = 16
+  acceptors: 16
 
   ## Maximum number of concurrent MQTT/SSL connections.
   ##
   ## Value: Number
-  max_connections = 102400
+  max_connections: 102400
 
   ## Maximum MQTT/SSL connections per second.
   ##
   ## Value: Number
-  max_conn_rate = 500
+  max_conn_rate: 500
 
   ## Specify the {active, N} option for the internal MQTT/SSL Socket.
   ##
   ## Value: Number
-  active_n = 100
+  active_n: 100
 
   ## Zone of the external MQTT/SSL listener belonged to.
   ##
   ## Value: String
-  zone = external
+  zone: external
 
   ## The access control rules for the MQTT/SSL listener.
   ##
   ## See: listener.tcp.$name.access
   ##
   ## Value: ACL Rule
-  access.1 = "allow all"
+  access.1: "allow all"
 
   ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
   ## HAProxy or Nginx.
@@ -1372,14 +1375,14 @@ listener.ssl.external {
   ## See: listener.tcp.$name.proxy_protocol
   ##
   ## Value: on | off
-  ## proxy_protocol = on
+  ## proxy_protocol: on
 
   ## Sets the timeout for proxy protocol.
   ##
   ## See: listener.tcp.$name.proxy_protocol_timeout
   ##
   ## Value: Duration
-  ## proxy_protocol_timeout = 3s
+  ## proxy_protocol_timeout: 3s
 
   ## TLS versions only to protect from POODLE attack.
   ##
@@ -1387,44 +1390,44 @@ listener.ssl.external {
   ##
   ## Value: String, seperated by ','
   ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-  ## tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
+  ## tls_versions: "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
 
   ## TLS Handshake timeout.
   ##
   ## Value: Duration
-  handshake_timeout = 15s
+  handshake_timeout: 15s
 
   ## Maximum number of non-self-issued intermediate certificates that
   ## can follow the peer certificate in a valid certification path.
   ##
   ## Value: Number
-  ## depth = 10
+  ## depth: 10
 
   ## String containing the user's password. Only used if the private keyfile
   ## is password-protected.
   ##
   ## Value: String
-  ## key_password = yourpass
+  ## key_password: yourpass
 
   ## Path to the file containing the user's private PEM-encoded key.
   ##
   ## See: http://erlang.org/doc/man/ssl.html
   ##
   ## Value: File
-  keyfile = "{{ platform_etc_dir }}/certs/key.pem"
+  keyfile: "{{ platform_etc_dir }}/certs/key.pem"
 
   ## Path to a file containing the user certificate.
   ##
   ## See: http://erlang.org/doc/man/ssl.html
   ##
   ## Value: File
-  certfile = "{{ platform_etc_dir }}/certs/cert.pem"
+  certfile: "{{ platform_etc_dir }}/certs/cert.pem"
 
   ## Path to the file containing PEM-encoded CA certificates. The CA certificates
   ## are used during server authentication and when building the client certificate chain.
   ##
   ## Value: File
-  ## cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
+  ## cacertfile: "{{ platform_etc_dir }}/certs/cacert.pem"
 
   ## The Ephemeral Diffie-Helman key exchange is a very effective way of
   ## ensuring Forward Secrecy by exchanging a set of keys that never hit
@@ -1441,7 +1444,7 @@ listener.ssl.external {
   ## openssl dhparam -out dh-params.pem 2048
   ##
   ## Value: File
-  ## dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
+  ## dhfile: "{{ platform_etc_dir }}/certs/dh-params.pem"
 
   ## A server only does x509-path validation in mode verify_peer,
   ## as it then sends a certificate request to the client (this
@@ -1450,14 +1453,14 @@ listener.ssl.external {
   ## More information at: http://erlang.org/doc/man/ssl.html
   ##
   ## Value: verify_peer | verify_none
-  ## verify = verify_peer
+  ## verify: verify_peer
 
   ## Used together with {verify, verify_peer} by an SSL server. If set to true,
   ## the server fails if the client does not have a certificate to send, that is,
   ## sends an empty certificate.
   ##
   ## Value: true | false
-  ## fail_if_no_peer_cert = true
+  ## fail_if_no_peer_cert: true
 
   ## This is the single most important configuration option of an Erlang SSL
   ## application. Ciphers (and their ordering) define the way the client and
@@ -1476,13 +1479,13 @@ listener.ssl.external {
   ## Most of it was copied from Mozilla’s Server Side TLS article
   ##
   ## Value: Ciphers
-  ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
+  ciphers: "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
 
   ## Ciphers for TLS PSK.
   ## Note that 'ciphers' and 'psk_ciphers' cannot
   ## be configured at the same time.
   ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-  #psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
+  #psk_ciphers: "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
 
   ## SSL parameter renegotiation is a feature that allows a client and a server
   ## to renegotiate the parameters of the SSL connection on the fly.
@@ -1490,7 +1493,7 @@ listener.ssl.external {
   ## you drop support for the insecure renegotiation, prone to MitM attacks.
   ##
   ## Value: on | off
-  ## secure_renegotiate = off
+  ## secure_renegotiate: off
 
   ## A performance optimization setting, it allows clients to reuse
   ## pre-existing sessions, instead of initializing new ones.
@@ -1499,7 +1502,7 @@ listener.ssl.external {
   ## See: http://erlang.org/doc/man/ssl.html
   ##
   ## Value: on | off
-  ## reuse_sessions = on
+  ## reuse_sessions: on
 
   ## An important security setting, it forces the cipher to be set based
   ## on the server-specified order instead of the client-specified order,
@@ -1507,82 +1510,82 @@ listener.ssl.external {
   ## ordering of the server administrator.
   ##
   ## Value: on | off
-  ## honor_cipher_order = on
+  ## honor_cipher_order: on
 
   ## Use the CN, DN or CRT field from the client certificate as a username.
   ## Notice that 'verify' should be set as 'verify_peer'.
   ## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT.
   ##
   ## Value: cn | dn | crt | pem | md5
-  ## peer_cert_as_username = cn
+  ## peer_cert_as_username: cn
 
   ## Use the CN, DN or CRT field from the client certificate as a username.
   ## Notice that 'verify' should be set as 'verify_peer'.
   ## 'pem' encodes CRT in base64, and md5 is the md5 hash of CRT.
   ##
   ## Value: cn | dn | crt | pem | md5
-  ## peer_cert_as_clientid = cn
+  ## peer_cert_as_clientid: cn
 
   ## TCP backlog for the SSL connection.
   ##
   ## See listener.tcp.$name.backlog
   ##
   ## Value: Number >= 0
-  ## backlog = 1024
+  ## backlog: 1024
 
   ## The TCP send timeout for the SSL connection.
   ##
   ## See listener.tcp.$name.send_timeout
   ##
   ## Value: Duration
-  ## send_timeout = 15s
+  ## send_timeout: 15s
 
   ## Close the SSL connection if send timeout.
   ##
   ## See: listener.tcp.$name.send_timeout_close
   ##
   ## Value: on | off
-  ## send_timeout_close = on
+  ## send_timeout_close: on
 
   ## The TCP receive buffer(os kernel) for the SSL connections.
   ##
   ## See: listener.tcp.$name.recbuf
   ##
   ## Value: Bytes
-  ## recbuf = 4KB
+  ## recbuf: 4KB
 
   ## The TCP send buffer(os kernel) for internal MQTT connections.
   ##
   ## See: listener.tcp.$name.sndbuf
   ##
   ## Value: Bytes
-  ## sndbuf = 4KB
+  ## sndbuf: 4KB
 
   ## The size of the user-level software buffer used by the driver.
   ##
   ## See: listener.tcp.$name.buffer
   ##
   ## Value: Bytes
-  ## buffer = 4KB
+  ## buffer: 4KB
 
-  ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+  ## Sets the 'buffer: max(sndbuf, recbuf)' if this option is enabled.
   ##
   ## See: listener.tcp.$name.tune_buffer
   ##
   ## Value: on | off
-  ## tune_buffer = off
+  ## tune_buffer: off
 
   ## The TCP_NODELAY flag for SSL connections.
   ##
   ## See: listener.tcp.$name.nodelay
   ##
   ## Value: true | false
-  ## nodelay = true
+  ## nodelay: true
 
   ## The SO_REUSEADDR flag for MQTT/SSL Listener.
   ##
   ## Value: true | false
-  reuseaddr = true
+  reuseaddr: true
 }
 
 ##--------------------------------------------------------------------
@@ -1595,67 +1598,67 @@ listener.ws.external {
   ## Value: IP:Port | Port
   ##
   ## Examples: 8083, "127.0.0.1:8083", "::1:8083"
-  endpoint = 8083
+  endpoint: 8083
 
   ## The path of WebSocket MQTT endpoint
   ##
   ## Value: URL Path
-  mqtt_path = "/mqtt"
+  mqtt_path: "/mqtt"
 
   ## The acceptor pool for external MQTT/WebSocket listener.
   ##
   ## Value: Number
-  acceptors = 4
+  acceptors: 4
 
   ## Maximum number of concurrent MQTT/WebSocket connections.
   ##
   ## Value: Number
-  max_connections = 102400
+  max_connections: 102400
 
   ## Maximum MQTT/WebSocket connections per second.
   ##
   ## Value: Number
-  max_conn_rate = 1000
+  max_conn_rate: 1000
 
   ## Simulate the {active, N} option for the MQTT/WebSocket connections.
   ##
   ## Value: Number
-  active_n = 100
+  active_n: 100
 
   ## Zone of the external MQTT/WebSocket listener belonged to.
   ##
   ## Value: String
-  zone = external
+  zone: external
 
   ## The access control for the MQTT/WebSocket listener.
   ##
   ## See: $name.access
   ##
   ## Value: ACL Rule
-  access.1 = "allow all"
+  access.1: "allow all"
 
   ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
   ## Set to false for WeChat MiniApp.
   ##
   ## Value: true | false
-  ## fail_if_no_subprotocol = true
+  ## fail_if_no_subprotocol: true
 
   ## Supported subprotocols
   ##
   ## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
-  ## supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
+  ## supported_subprotocols: "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
 
   ## Specify which HTTP header for real source IP if the EMQ X cluster is
   ## deployed behind NGINX or HAProxy.
   ##
   ## Default: X-Forwarded-For
-  ## proxy_address_header = X-Forwarded-For
+  ## proxy_address_header: X-Forwarded-For
 
   ## Specify which HTTP header for real source port if the EMQ X cluster is
   ## deployed behind NGINX or HAProxy.
   ##
   ## Default: X-Forwarded-Port
-  ## proxy_port_header = X-Forwarded-Port
+  ## proxy_port_header: X-Forwarded-Port
 
   ## Enable the Proxy Protocol V1/2 if the EMQ cluster is deployed behind
   ## HAProxy or Nginx.
@@ -1663,158 +1666,158 @@ listener.ws.external {
   ## See: $name.proxy_protocol
   ##
   ## Value: on | off
-  ## proxy_protocol = on
+  ## proxy_protocol: on
 
   ## Sets the timeout for proxy protocol.
   ##
   ## See: $name.proxy_protocol_timeout
   ##
   ## Value: Duration
-  ## proxy_protocol_timeout = 3s
+  ## proxy_protocol_timeout: 3s
 
   ## Enable the option for X.509 certificate based authentication.
   ## EMQX will use the common name of certificate as MQTT username.
   ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
   ##
   ## Value: cn
-  ## peer_cert_as_username = cn
+  ## peer_cert_as_username: cn
 
   ## Enable the option for X.509 certificate based authentication.
   ## EMQX will use the common name of certificate as MQTT clientid.
   ## Only support Proxy Protocol V2, the CN is available in Proxy Protocol V2 additional info
   ##
   ## Value: cn
-  ## peer_cert_as_clientid = cn
+  ## peer_cert_as_clientid: cn
 
   ## The TCP backlog of external MQTT/WebSocket Listener.
   ##
   ## See: $name.backlog
   ##
   ## Value: Number >= 0
-  backlog = 1024
+  backlog: 1024
 
   ## The TCP send timeout for external MQTT/WebSocket connections.
   ##
   ## See: $name.send_timeout
   ##
   ## Value: Duration
-  send_timeout = 15s
+  send_timeout: 15s
 
   ## Close the MQTT/WebSocket connection if send timeout.
   ##
   ## See: $name.send_timeout_close
   ##
   ## Value: on | off
-  send_timeout_close = on
+  send_timeout_close: on
 
   ## The TCP receive buffer(os kernel) for external MQTT/WebSocket connections.
   ##
   ## See: $name.recbuf
   ##
   ## Value: Bytes
-  ## recbuf = 2KB
+  ## recbuf: 2KB
 
   ## The TCP send buffer(os kernel) for external MQTT/WebSocket connections.
   ##
   ## See: $name.sndbuf
   ##
   ## Value: Bytes
-  ## sndbuf = 2KB
+  ## sndbuf: 2KB
 
   ## The size of the user-level software buffer used by the driver.
   ##
   ## See: $name.buffer
   ##
   ## Value: Bytes
-  ## buffer = 2KB
+  ## buffer: 2KB
 
-  ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
+  ## Sets the 'buffer: max(sndbuf, recbuf)' if this option is enabled.
   ##
   ## See: $name.tune_buffer
   ##
   ## Value: on | off
-  ## tune_buffer = off
+  ## tune_buffer: off
 
   ## The TCP_NODELAY flag for external MQTT/WebSocket connections.
   ##
   ## See: $name.nodelay
   ##
   ## Value: true | false
-  nodelay = true
+  nodelay: true
 
   ## The compress flag for external MQTT/WebSocket connections.
   ##
   ## If this Value is set true,the websocket message would be compressed
   ##
   ## Value: true | false
-  ## compress = true
+  ## compress: true
 
   ## The level of deflate options for external MQTT/WebSocket connections.
   ##
   ## See: $name.deflate_opts.level
   ##
   ## Value: none | default | best_compression | best_speed
-  ## deflate_opts.level = default
+  ## deflate_opts.level: default
 
   ## The mem_level of deflate options for external MQTT/WebSocket connections.
   ##
   ## See: $name.deflate_opts.mem_level
   ##
   ## Valid range is 1-9
-  ## deflate_opts.mem_level = 8
+  ## deflate_opts.mem_level: 8
 
   ## The strategy of deflate options for external MQTT/WebSocket connections.
   ##
   ## See: $name.deflate_opts.strategy
   ##
   ## Value: default | filtered | huffman_only | rle
-  ## deflate_opts.strategy = default
+  ## deflate_opts.strategy: default
 
   ## The deflate option for external MQTT/WebSocket connections.
   ##
   ## See: $name.deflate_opts.server_context_takeover
   ##
   ## Value: takeover | no_takeover
-  ## deflate_opts.server_context_takeover = takeover
+  ## deflate_opts.server_context_takeover: takeover
 
   ## The deflate option for external MQTT/WebSocket connections.
   ##
   ## See: $name.deflate_opts.client_context_takeover
   ##
   ## Value: takeover | no_takeover
-  ## deflate_opts.client_context_takeover = takeover
+  ## deflate_opts.client_context_takeover: takeover
 
   ## The deflate options for external MQTT/WebSocket connections.
   ##
   ## See: $name.deflate_opts.server_max_window_bits
   ##
   ## Valid range is 8-15
-  ## deflate_opts.server_max_window_bits = 15
+  ## deflate_opts.server_max_window_bits: 15
 
   ## The deflate options for external MQTT/WebSocket connections.
   ##
   ## See: $name.deflate_opts.client_max_window_bits
   ##
   ## Valid range is 8-15
-  ## deflate_opts.client_max_window_bits = 15
+  ## deflate_opts.client_max_window_bits: 15
 
   ## The idle timeout for external MQTT/WebSocket connections.
   ##
   ## See: $name.idle_timeout
   ##
   ## Value: Duration
-  ## idle_timeout = 60s
+  ## idle_timeout: 60s
 
   ## The max frame size for external MQTT/WebSocket connections.
   ##
   ##
   ## Value: Number
-  ## max_frame_size = 0
+  ## max_frame_size: 0
 
   ## Whether a WebSocket message is allowed to contain multiple MQTT packets
   ##
   ## Value: single | multiple
-  mqtt_piggyback = multiple
+  mqtt_piggyback: multiple
 
   ## By default, EMQX web socket connection does not restrict connections to specific origins.
   ## It also, by default, does not enforce the presence of origin in request headers for WebSocket connections.
@@ -1823,32 +1826,32 @@ listener.ws.external {
   ## To prevent this, users can set allowed origin headers in their ws connection to EMQX.
   ## Example for WS connection
   ## To enables origin check in header for websocket connnection,
-  ## set `check_origin_enable = true`. By default it is false,
+  ## set `check_origin_enable: true`. By default it is false,
   ## When it is set to true and no origin is present in the header of a ws connection request, the request fails.
 
   ## To allow origins to be absent in header in the websocket connection when check_origin_enable is true,
-  ## set `allow_origin_absence = true`
+  ## set `allow_origin_absence: true`
 
   ## Enabling origin check implies there are specific valid origins allowed for ws connection.
   ## To set the list of allowed origins in header for websocket connection
-  ## check_origins = http://localhost:18083(localhost dashboard url), http://yourapp.com`
+  ## check_origins: http://localhost:18083(localhost dashboard url), http://yourapp.com`
   ## check_origins config allows a comma separated list of origins so you can specify as many origins are you want.
   ## With these configs, you can allow only connections from only authorized origins to your broker
 
   ## Enable origin check in header for websocket connection
   ##
   ## Value: true | false (default false)
-  check_origin_enable = false
+  check_origin_enable: false
 
   ## Allow origin to be absent in header in websocket connection when check_origin_enable is true
   ##
   ## Value: true | false (default true)
-  allow_origin_absence = true
+  allow_origin_absence: true
 
   ## Comma separated list of allowed origin in header for websocket connection
   ##
   ## Value: http://url eg. local http dashboard url - http://localhost:18083, http://127.0.0.1:18083
-  check_origins = "http://localhost:18083, http://127.0.0.1:18083"
+  check_origins: "http://localhost:18083, http://127.0.0.1:18083"
 }
 
 ##--------------------------------------------------------------------
@@ -1860,83 +1863,83 @@ listener.wss.external {
   ## Value: IP:Port | Port
   ##
   ## Examples: 8084, "127.0.0.1:8084", "::1:8084"
-  endpoint = 8084
+  endpoint: 8084
 
   ## The path of WebSocket MQTT endpoint
   ##
   ## Value: URL Path
-  mqtt_path = "/mqtt"
+  mqtt_path: "/mqtt"
 
   ## The acceptor pool for external MQTT/WebSocket/SSL listener.
   ##
   ## Value: Number
-  acceptors = 4
+  acceptors: 4
 
   ## Maximum number of concurrent MQTT/Webwocket/SSL connections.
   ##
   ## Value: Number
-  max_connections = 16
+  max_connections: 16
 
   ## Maximum MQTT/WebSocket/SSL connections per second.
   ##
   ## See: listener.tcp.$name.max_conn_rate
   ##
   ## Value: Number
-  max_conn_rate = 1000
+  max_conn_rate: 1000
 
   ## Simulate the {active, N} option for the MQTT/WebSocket/SSL connections.
   ##
   ## Value: Number
-  active_n = 100
+  active_n: 100
 
   ## Zone of the external MQTT/WebSocket/SSL listener belonged to.
   ##
   ## Value: String
-  zone = external
+  zone: external
 
   ## The access control rules for the MQTT/WebSocket/SSL listener.
   ##
   ## See: listener.tcp.$name.access.<no>
   ##
   ## Value: ACL Rule
-  access.1 = "allow all"
+  access.1: "allow all"
 
   ## If set to true, the server fails if the client does not have a Sec-WebSocket-Protocol to send.
   ## Set to false for WeChat MiniApp.
   ##
   ## Value: true | false
-  ## fail_if_no_subprotocol = true
+  ## fail_if_no_subprotocol: true
 
   ## Supported subprotocols
   ##
   ## Default: mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5
-  ## supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
+  ## supported_subprotocols: "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5"
 
   ## Specify which HTTP header for real source IP if the EMQ X cluster is
   ## deployed behind NGINX or HAProxy.
   ##
   ## Default: X-Forwarded-For
-  ## proxy_address_header = X-Forwarded-For
+  ## proxy_address_header: X-Forwarded-For
 
   ## Specify which HTTP header for real source port if the EMQ X cluster is
   ## deployed behind NGINX or HAProxy.
   ##
   ## Default: X-Forwarded-Port
-  ## proxy_port_header = X-Forwarded-Port
+  ## proxy_port_header: X-Forwarded-Port
 
   ## Enable the Proxy Protocol V1/2 support.
   ##
   ## See: listener.tcp.$name.proxy_protocol
   ##
   ## Value: on | off
-  ## proxy_protocol = on
+  ## proxy_protocol: on
 
   ## Sets the timeout for proxy protocol.
   ##
   ## See: listener.tcp.$name.proxy_protocol_timeout
   ##
   ## Value: Duration
-  ## proxy_protocol_timeout = 3s
+  ## proxy_protocol_timeout: 3s
 
   ## TLS versions only to protect from POODLE attack.
   ##
@@ -1944,28 +1947,28 @@ listener.wss.external {
   ##
   ## Value: String, seperated by ','
   ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-  ## tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
+  ## tls_versions: "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
 
   ## Path to the file containing the user's private PEM-encoded key.
   ##
   ## See: listener.ssl.$name.keyfile
   ##
   ## Value: File
-  keyfile = "{{ platform_etc_dir }}/certs/key.pem"
+  keyfile: "{{ platform_etc_dir }}/certs/key.pem"
 
   ## Path to a file containing the user certificate.
   ##
   ## See: listener.ssl.$name.certfile
   ##
   ## Value: File
-  certfile = "{{ platform_etc_dir }}/certs/cert.pem"
+  certfile: "{{ platform_etc_dir }}/certs/cert.pem"
 
   ## Path to the file containing PEM-encoded CA certificates.
   ##
   ## See: listener.ssl.$name.cacert
   ##
   ## Value: File
-  ## cacertfile = "{{ platform_etc_dir }}/certs/cacert.pem"
+  ## cacertfile: "{{ platform_etc_dir }}/certs/cacert.pem"
 
   ## Maximum number of non-self-issued intermediate certificates that
   ## can follow the peer certificate in a valid certification path.
@@ -1973,7 +1976,7 @@ listener.wss.external {
   ## See: listener.ssl.external.depth
   ##
   ## Value: Number
-  ## depth = 10
+  ## depth: 10
 
   ## String containing the user's password. Only used if the private keyfile
   ## is password-protected.
@@ -1981,192 +1984,192 @@ listener.wss.external {
   ## See: listener.ssl.$name.key_password
   ##
   ## Value: String
-  ## key_password = yourpass
+  ## key_password: yourpass
 
   ## See: listener.ssl.$name.dhfile
   ##
   ## Value: File
-  ## listener.ssl.external.dhfile = "{{ platform_etc_dir }}/certs/dh-params.pem"
+  ## listener.ssl.external.dhfile: "{{ platform_etc_dir }}/certs/dh-params.pem"
 
   ## See: listener.ssl.$name.verify
   ##
   ## Value: verify_peer | verify_none
-  ## verify = verify_peer
+  ## verify: verify_peer
 
   ## See: listener.ssl.$name.fail_if_no_peer_cert
   ##
   ## Value: false | true
-  ## fail_if_no_peer_cert = true
+  ## fail_if_no_peer_cert: true
 
   ## See: listener.ssl.$name.ciphers
   ##
   ## Value: Ciphers
-  ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
+  ciphers: "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
 
   ## Ciphers for TLS PSK.
   ## Note that 'ciphers' and 'psk_ciphers' cannot
   ## be configured at the same time.
   ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-  ## psk_ciphers = "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
+  ## psk_ciphers: "PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA"
 
   ## See: listener.ssl.$name.secure_renegotiate
   ##
   ## Value: on | off
-  ## secure_renegotiate = off
+  ## secure_renegotiate: off
 
   ## See: listener.ssl.$name.reuse_sessions
   ##
   ## Value: on | off
-  ## reuse_sessions = on
+  ## reuse_sessions: on
 
   ## See: listener.ssl.$name.honor_cipher_order
   ##
   ## Value: on | off
-  ## honor_cipher_order = on
+  ## honor_cipher_order: on
 
   ## See: listener.ssl.$name.peer_cert_as_username
   ##
   ## Value: cn | dn | crt | pem | md5
-  ## peer_cert_as_username = cn
+  ## peer_cert_as_username: cn
 
   ## See: listener.ssl.$name.peer_cert_as_clientid
   ##
   ## Value: cn | dn | crt | pem | md5
-  ## peer_cert_as_clientid = cn
+  ## peer_cert_as_clientid: cn
 
   ## TCP backlog for the WebSocket/SSL connection.
   ##
   ## See: listener.tcp.$name.backlog
   ##
   ## Value: Number >= 0
-  backlog = 1024
+  backlog: 1024
 
   ## The TCP send timeout for the WebSocket/SSL connection.
   ##
   ## See: listener.tcp.$name.send_timeout
   ##
   ## Value: Duration
-  send_timeout = 15s
+  send_timeout: 15s
 
   ## Close the WebSocket/SSL connection if send timeout.
   ##
   ## See: listener.tcp.$name.send_timeout_close
   ##
   ## Value: on | off
-  send_timeout_close = on
+  send_timeout_close: on
 
   ## The TCP receive buffer(os kernel) for the WebSocket/SSL connections.
   ##
   ## See: listener.tcp.$name.recbuf
   ##
   ## Value: Bytes
-  ## recbuf = 4KB
+  ## recbuf: 4KB
 
   ## The TCP send buffer(os kernel) for the WebSocket/SSL connections.
   ##
   ## See: listener.tcp.$name.sndbuf
   ##
   ## Value: Bytes
-  ## sndbuf = 4KB
+  ## sndbuf: 4KB
 
   ## The size of the user-level software buffer used by the driver.
   ##
   ## See: listener.tcp.$name.buffer
   ##
   ## Value: Bytes
-  ## buffer = 4KB
+  ## buffer: 4KB
 
   ## The TCP_NODELAY flag for WebSocket/SSL connections.
   ##
   ## See: listener.tcp.$name.nodelay
   ##
   ## Value: true | false
-  ## nodelay = true
+  ## nodelay: true
 
   ## The compress flag for external WebSocket/SSL connections.
   ##
   ## If this Value is set true,the websocket message would be compressed
   ##
   ## Value: true | false
-  ## compress = true
+  ## compress: true
 
   ## The level of deflate options for external WebSocket/SSL connections.
   ##
   ## See: listener.wss.$name.deflate_opts.level
   ##
   ## Value: none | default | best_compression | best_speed
-  ## deflate_opts.level = default
+  ## deflate_opts.level: default
 
   ## The mem_level of deflate options for external WebSocket/SSL connections.
   ##
   ## See: listener.wss.$name.deflate_opts.mem_level
   ##
   ## Valid range is 1-9
-  ## deflate_opts.mem_level = 8
+  ## deflate_opts.mem_level: 8
 
   ## The strategy of deflate options for external WebSocket/SSL connections.
   ##
   ## See: listener.wss.$name.deflate_opts.strategy
   ##
   ## Value: default | filtered | huffman_only | rle
-  ## deflate_opts.strategy = default
+  ## deflate_opts.strategy: default
 
   ## The deflate option for external WebSocket/SSL connections.
   ##
   ## See: listener.wss.$name.deflate_opts.server_context_takeover
   ##
   ## Value: takeover | no_takeover
-  ## deflate_opts.server_context_takeover = takeover
+  ## deflate_opts.server_context_takeover: takeover
 
   ## The deflate option for external WebSocket/SSL connections.
   ##
   ## See: listener.wss.$name.deflate_opts.client_context_takeover
   ##
   ## Value: takeover | no_takeover
-  ## deflate_opts.client_context_takeover = takeover
+  ## deflate_opts.client_context_takeover: takeover
 
   ## The deflate options for external WebSocket/SSL connections.
   ##
   ## See: listener.wss.$name.deflate_opts.server_max_window_bits
   ##
   ## Valid range is 8-15
-  ## deflate_opts.server_max_window_bits = 15
+  ## deflate_opts.server_max_window_bits: 15
 
   ## The deflate options for external WebSocket/SSL connections.
   ##
   ## See: listener.wss.$name.deflate_opts.client_max_window_bits
   ##
   ## Valid range is 8-15
-  ## deflate_opts.client_max_window_bits = 15
+  ## deflate_opts.client_max_window_bits: 15
 
   ## The idle timeout for external WebSocket/SSL connections.
   ##
   ## See: listener.wss.$name.idle_timeout
   ##
   ## Value: Duration
-  ## idle_timeout = 60s
+  ## idle_timeout: 60s
 
   ## The max frame size for external WebSocket/SSL connections.
   ##
   ## Value: Number
-  ## max_frame_size = 0
+  ## max_frame_size: 0
 
   ## Whether a WebSocket message is allowed to contain multiple MQTT packets
   ##
   ## Value: single | multiple
-  mqtt_piggyback = multiple
+  mqtt_piggyback: multiple
   ## Enable origin check in header for secure websocket connection
   ##
   ## Value: true | false (default false)
-  check_origin_enable = false
+  check_origin_enable: false
   ## Allow origin to be absent in header in secure websocket connection  when check_origin_enable is true
   ##
   ## Value: true | false (default true)
-  allow_origin_absence = true
+  allow_origin_absence: true
   ## Comma separated list of allowed origin in header for secure websocket connection
   ##
   ## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
-  check_origins = "https://localhost:8084, https://127.0.0.1:8084"
+  check_origins: "https://localhost:8084, https://127.0.0.1:8084"
 }
 
 ##--------------------------------------------------------------------
@@ -2179,55 +2182,55 @@ listener.quic.external {
   ## Value: IP:Port | Port
   ##
   ## Examples: 14567, 127.0.0.1:14567, ::1:14567
-  endpoint = 14567
+  endpoint: 14567
 
   ## The acceptor pool for external MQTT/QUIC listener.
   ##
   ## Value: Number
-  acceptors = 4
+  acceptors: 4
 
   ## Maximum number of concurrent MQTT/Webwocket/SSL connections.
   ##
   ## Value: Number
-  max_connections = 16
+  max_connections: 16
 
   ## Maximum MQTT/QUIC connections per second.
   ##
   ## See: listener.tcp.$name.max_conn_rate
   ##
   ## Value: Number
-  max_conn_rate = 1000
+  max_conn_rate: 1000
 
   ## Simulate the {active, N} option for the MQTT/QUIC connections.
   ## @todo
   ## Value: Number
-  ## active_n = 100
+  ## active_n: 100
 
   ## Zone of the external MQTT/QUIC listener belonged to.
   ##
   ## Value: String
-  zone = external
+  zone: external
 
   ## Path to the file containing the user's private PEM-encoded key.
   ##
   ## See: listener.ssl.$name.keyfile
   ##
   ## Value: File
-  keyfile = "{{ platform_etc_dir }}/certs/key.pem"
+  keyfile: "{{ platform_etc_dir }}/certs/key.pem"
 
   ## Path to a file containing the user certificate.
   ##
   ## See: listener.ssl.$name.certfile
   ##
   ## Value: File
-  certfile = "{{ platform_etc_dir }}/certs/cert.pem"
+  certfile: "{{ platform_etc_dir }}/certs/cert.pem"
 
   ## Path to the file containing PEM-encoded CA certificates.
   ## @todo
   ## See: listener.ssl.$name.cacert
   ##
   ## Value: File
-  ## cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
+  ## cacertfile: {{ platform_etc_dir }}/certs/cacert.pem
 
   ## String containing the user's password. Only used if the private keyfile
   ## is password-protected.
@@ -2235,382 +2238,333 @@ listener.quic.external {
   ## See: listener.ssl.$name.key_password
   ##
   ## Value: String
-  ## key_password = yourpass
+  ## key_password: yourpass
 
   ## See: listener.ssl.$name.verify
   ## @todo
   ## Value: verify_peer | verify_none
-  ## verify = verify_peer
+  ## verify: verify_peer
 
   ## See: listener.ssl.$name.fail_if_no_peer_cert
   ## @todo
   ## Value: false | true
-  ## fail_if_no_peer_cert = true
+  ## fail_if_no_peer_cert: true
 
   ## See: listener.ssl.$name.ciphers
   ## @todo
   ## Value: Ciphers
-  ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256"
+  ciphers: "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256"
 
   ## Ciphers for TLS PSK.
   ## @todo
   ## Note that 'ciphers' and 'psk_ciphers' cannot
   ## be configured at the same time.
   ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-  ## psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
+  ## psk_ciphers: PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
 
   ## See: listener.ssl.$name.honor_cipher_order
   ## @todo
   ## Value: on | off
-  ## honor_cipher_order = on
+  ## honor_cipher_order: on
 
   ## The send timeout for the QUIC stream.
   ## @todo
   ##
   ## Value: Duration
-  # send_timeout = 15s
+  # send_timeout: 15s
 
   ## Close the QUIC connection if send timeout.
   ## @todo
   ## See: listener.tcp.$name.send_timeout_close
   ##
   ## Value: on | off
-  ## send_timeout_close = on
+  ## send_timeout_close: on
 
   ## The receive buffer for the QUIC connections.
   ## @todo
   ## See: listener.tcp.$name.recbuf
   ##
   ## Value: Bytes
-  ## recbuf = 4KB
+  ## recbuf: 4KB
 
   ## The TCP send buffer(os kernel) for the QUIC connections.
   ## @todo
   ## See: listener.tcp.$name.sndbuf
   ##
   ## Value: Bytes
-  ## sndbuf = 4KB
+  ## sndbuf: 4KB
 
   ## The size of the user-level software buffer used by the driver.
   ## @todo
   ## See: listener.tcp.$name.buffer
   ##
   ## Value: Bytes
-  ## buffer = 4KB
+  ## buffer: 4KB
 
   ## The idle timeout for external QUIC connections.
   ## @todo
   ## See: listener.quic.$name.idle_timeout
   ##
   ## Value: Duration
-  ## idle_timeout = 60s
+  ## idle_timeout: 60s
 
   ## The max frame size for external QUIC connections.
   ## @todo
   ## Value: Number
-  ## max_frame_size = 0
+  ## max_frame_size: 0
 }
 
-## CONFIG_SECTION_BGN=modules ==================================================
-
-## The file to store loaded module names.
-##
-## Value: File
-module.loaded_file = "{{ platform_data_dir }}/loaded_modules"
-
-##--------------------------------------------------------------------
-## Presence Module
-
-## Sets the QoS for presence MQTT message.
-##
-## Value: 0 | 1 | 2
-module.presence.qos = 1
-
-##--------------------------------------------------------------------
-## Subscription Module
-
-## Subscribe the Topics automatically when client connected.
-##
-## Value: String
-## module.subscription.1.topic = "connected/%c/%u"
-
-## Qos of the proxy subscription.
-##
-## Value: 0 | 1 | 2
-## Default: 0
-## module.subscription.1.qos = 0
-
-## No Local of the proxy subscription options.
-## This configuration only takes effect in the MQTT V5 protocol.
-##
-## Value: 0 | 1
-## Default: 0
-## module.subscription.1.nl = 0
-
-## Retain As Published of the proxy subscription options.
-## This configuration only takes effect in the MQTT V5 protocol.
-##
-## Value: 0 | 1
-## Default: 0
-## module.subscription.1.rap = 0
-
-## Retain Handling of the proxy subscription options.
-## This configuration only takes effect in the MQTT V5 protocol.
-##
-## Value: 0 | 1 | 2
-## Default: 0
-## module.subscription.1.rh = 0
-
-##--------------------------------------------------------------------
-## Rewrite Module
-
-## {rewrite, Topic, Re, Dest}
-## module.rewrite.pub_rule.1 = "x/# ^x/y/(.+)$ z/y/$1"
-## module.rewrite.sub_rule.1 = "y/+/z/# ^y/(.+)/z/(.+)$ y/z/$2"
-
-## CONFIG_SECTION_END=modules ==================================================
-
 ##-------------------------------------------------------------------
 ## Plugins
 ##-------------------------------------------------------------------
+plugins: {
+    ## The etc dir for plugins' config.
+    ##
+    ## Value: Folder
+    etc_dir: "{{ platform_etc_dir }}/plugins/"
 
-## The etc dir for plugins' config.
-##
-## Value: Folder
-plugins.etc_dir = "{{ platform_etc_dir }}/plugins/"
+    ## The file to store loaded plugin names.
+    ##
+    ## Value: File
+    loaded_file: "{{ platform_data_dir }}/loaded_plugins"
 
-## The file to store loaded plugin names.
-##
-## Value: File
-plugins.loaded_file = "{{ platform_data_dir }}/loaded_plugins"
+    ## The directory of extension plugins.
+    ##
+    ## Value: File
+    expand_plugins_dir: "{{ platform_plugins_dir }}/"
 
-## The directory of extension plugins.
-##
-## Value: File
-plugins.expand_plugins_dir = "{{ platform_plugins_dir }}/"
+}
 
 ##--------------------------------------------------------------------
 ## Broker
 ##--------------------------------------------------------------------
+broker: {
+    ## System interval of publishing $SYS messages.
+    ##
+    ## Value: Duration
+    ## Default: 1m, 1 minute
+    sys_interval: "1m"
 
-## System interval of publishing $SYS messages.
-##
-## Value: Duration
-## Default: 1m, 1 minute
-broker.sys_interval = 1m
+    ## System heartbeat interval of publishing following heart beat message:
+    ##  - "$SYS/brokers/<node>/uptime"
+    ##  - "$SYS/brokers/<node>/datetime"
+    ##
+    ## Value: Duration
+    ## Default: 30s
+    sys_heartbeat: "30s"
 
-## System heartbeat interval of publishing following heart beat message:
-##  - "$SYS/brokers/<node>/uptime"
-##  - "$SYS/brokers/<node>/datetime"
-##
-## Value: Duration
-## Default: 30s
-broker.sys_heartbeat = 30s
+    ## Session locking strategy in a cluster.
+    ##
+    ## Value: Enum
+    ## - local
+    ## - leader
+    ## - quorum
+    ## - all
+    session_locking_strategy: quorum
 
-## Session locking strategy in a cluster.
-##
-## Value: Enum
-## - local
-## - leader
-## - quorum
-## - all
-broker.session_locking_strategy = quorum
+    ## Dispatch strategy for shared subscription
+    ##
+    ## Value: Enum
+    ## - random
+    ## - round_robin
+    ## - sticky
+    ## - hash # same as hash_clientid
+    ## - hash_clientid
+    ## - hash_topic
+    shared_subscription_strategy: random
 
-## Dispatch strategy for shared subscription
-##
-## Value: Enum
-## - random
-## - round_robin
-## - sticky
-## - hash # same as hash_clientid
-## - hash_clientid
-## - hash_topic
-broker.shared_subscription_strategy = random
+    ## Enable/disable shared dispatch acknowledgement for QoS1 and QoS2 messages
+    ## This should allow messages to be dispatched to a different subscriber in
+    ## the group in case the picked (based on shared_subscription_strategy) one # is offline
+    ##
+    ## Value: Enum
+    ## - true
+    ## - false
+    shared_dispatch_ack_enabled: false
 
-## Enable/disable shared dispatch acknowledgement for QoS1 and QoS2 messages
-## This should allow messages to be dispatched to a different subscriber in
-## the group in case the picked (based on shared_subscription_strategy) one # is offline
-##
-## Value: Enum
-## - true
-## - false
-broker.shared_dispatch_ack_enabled = false
+    ## Enable batch clean for deleted routes.
+    ##
+    ## Value: Flag
+    route_batch_clean: off
 
-## Enable batch clean for deleted routes.
-##
-## Value: Flag
-broker.route_batch_clean = off
+    perf: {
+        ## Performance toggle for subscribe/unsubscribe wildcard topic.
+        ## Change this toggle only when there are many wildcard topics.
+        ## Value: Enum
+        ##  - key:   mnesia translational updates with per-key locks. recommended for single node setup.
+        ##  - tab:   mnesia translational updates with table lock. recommended for multi-nodes setup.
+        ##  - global: global lock protected updates. recommended for larger cluster.
+        ## NOTE: when changing from/to 'global' lock, it requires all nodes in the cluster
+        ## to be stopped before the change.
+        # route_lock_type: key
 
-## Performance toggle for subscribe/unsubscribe wildcard topic.
-## Change this toggle only when there are many wildcard topics.
-## Value: Enum
-##  - key:   mnesia translational updates with per-key locks. recommended for single node setup.
-##  - tab:   mnesia translational updates with table lock. recommended for multi-nodes setup.
-##  - global: global lock protected updates. recommended for larger cluster.
-## NOTE: when changing from/to 'global' lock, it requires all nodes in the cluster
-## to be stopped before the change.
-# broker.perf.route_lock_type = key
+        ## Enable trie path compaction.
+        ## Enabling it significantly improves wildcard topic subscribe rate,
+        ## if wildcard topics have unique prefixes like: 'sensor/{{id}}/+/',
+        ## where ID is unique per subscriber.
+        ##
+        ## Topic match performance (when publishing) may degrade if messages
+        ## are mostly published to topics with large number of levels.
+        ##
+        ## NOTE: This is a cluster-wide configuration.
+        ## It rquires all nodes to be stopped before changing it.
+        ##
+        ## Value: Enum
+        ##  - true: enable trie path compaction
+        ##  - false: disable trie path compaction
+        # trie_compaction: true
+    }
+}
 
-## Enable trie path compaction.
-## Enabling it significantly improves wildcard topic subscribe rate,
-## if wildcard topics have unique prefixes like: 'sensor/{{id}}/+/',
-## where ID is unique per subscriber.
-##
-## Topic match performance (when publishing) may degrade if messages
-## are mostly published to topics with large number of levels.
-##
-## NOTE: This is a cluster-wide configuration.
-## It rquires all nodes to be stopped before changing it.
-##
-## Value: Enum
-##  - true: enable trie path compaction
-##  - false: disable trie path compaction
-# broker.perf.trie_compaction = true
+sysmon: {
+    ## Enable Long GC monitoring. Disable if the value is 0.
+    ## Notice: don't enable the monitor in production for:
+    ## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421
+    ##
+    ## Value: Duration
+    ##  - h: hour
+    ##  - m: minute
+    ##  - s: second
+    ##  - ms: milliseconds
+    ##
+    ## Examples:
+    ##  - 2h:  2 hours
+    ##  - 30m: 30 minutes
+    ##  - 0.1s: 0.1 seconds
+    ##  - 100ms : 100 milliseconds
+    ##
+    ## Default: 0ms
+    long_gc: 0
 
-## CONFIG_SECTION_BGN=sys_mon ==================================================
+    ## Enable Long Schedule(ms) monitoring.
+    ##
+    ## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
+    ##
+    ## Value: Duration
+    ##  - h: hour
+    ##  - m: minute
+    ##  - s: second
+    ##  - ms: milliseconds
+    ##
+    ## Examples:
+    ##  - 2h:  2 hours
+    ##  - 30m: 30 minutes
+    ##  - 100ms: 100 milliseconds
+    ##
+    ## Default: 0ms
+    long_schedule: "240ms"
 
-## Enable Long GC monitoring. Disable if the value is 0.
-## Notice: don't enable the monitor in production for:
-## https://github.com/erlang/otp/blob/feb45017da36be78d4c5784d758ede619fa7bfd3/erts/emulator/beam/erl_gc.c#L421
-##
-## Value: Duration
-##  - h: hour
-##  - m: minute
-##  - s: second
-##  - ms: milliseconds
-##
-## Examples:
-##  - 2h:  2 hours
-##  - 30m: 30 minutes
-##  - 0.1s: 0.1 seconds
-##  - 100ms : 100 milliseconds
-##
-## Default: 0ms
-sysmon.long_gc = 0
+    ## Enable Large Heap monitoring.
+    ##
+    ## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
+    ##
+    ## Value: bytes
+    ##
+    ## Default: 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM.
+    large_heap: "8MB"
 
-## Enable Long Schedule(ms) monitoring.
-##
-## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
-##
-## Value: Duration
-##  - h: hour
-##  - m: minute
-##  - s: second
-##  - ms: milliseconds
-##
-## Examples:
-##  - 2h:  2 hours
-##  - 30m: 30 minutes
-##  - 100ms: 100 milliseconds
-##
-## Default: 0ms
-sysmon.long_schedule = 240ms
+    ## Enable Busy Port monitoring.
+    ##
+    ## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
+    ##
+    ## Value: true | false
+    busy_port: false
 
-## Enable Large Heap monitoring.
-##
-## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
-##
-## Value: bytes
-##
-## Default: 8M words. 32MB on 32-bit VM, 64MB on 64-bit VM.
-sysmon.large_heap = 8MB
+    ## Enable Busy Dist Port monitoring.
+    ##
+    ## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
+    ##
+    ## Value: true | false
+    busy_dist_port: true
+}
 
-## Enable Busy Port monitoring.
-##
-## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
-##
-## Value: true | false
-sysmon.busy_port = false
+os_mon: {
+    ## The time interval for the periodic cpu check
+    ##
+    ## Value: Duration
+    ## -h: hour, e.g. '2h' for 2 hours
+    ## -m: minute, e.g. '5m' for 5 minutes
+    ## -s: second, e.g. '30s' for 30 seconds
+    ##
+    ## Default: 60s
+    cpu_check_interval: "60s"
 
-## Enable Busy Dist Port monitoring.
-##
-## See: http://erlang.org/doc/man/erlang.html#system_monitor-2
-##
-## Value: true | false
-sysmon.busy_dist_port = true
+    ## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is set.
+    ##
+    ## Default: 80%
+    cpu_high_watermark: "80%"
 
-## The time interval for the periodic cpu check
-##
-## Value: Duration
-## -h: hour, e.g. '2h' for 2 hours
-## -m: minute, e.g. '5m' for 5 minutes
-## -s: second, e.g. '30s' for 30 seconds
-##
-## Default: 60s
-os_mon.cpu_check_interval = 60s
+    ## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is clear.
+    ##
+    ## Default: 60%
+    cpu_low_watermark: "60%"
 
-## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is set.
-##
-## Default: 80%
-os_mon.cpu_high_watermark = 80%
+    ## The time interval for the periodic memory check
+    ##
+    ## Value: Duration
+    ## -h: hour, e.g. '2h' for 2 hours
+    ## -m: minute, e.g. '5m' for 5 minutes
+    ## -s: second, e.g. '30s' for 30 seconds
+    ##
+    ## Default: 60s
+    mem_check_interval: "60s"
 
-## The threshold, as percentage of system cpu, for how much system cpu can be used before the corresponding alarm is clear.
-##
-## Default: 60%
-os_mon.cpu_low_watermark = 60%
+    ## The threshold, as percentage of system memory, for how much system memory can be allocated before the corresponding alarm is set.
+    ##
+    ## Default: 70%
+    sysmem_high_watermark: "70%"
 
-## The time interval for the periodic memory check
-##
-## Value: Duration
-## -h: hour, e.g. '2h' for 2 hours
-## -m: minute, e.g. '5m' for 5 minutes
-## -s: second, e.g. '30s' for 30 seconds
-##
-## Default: 60s
-os_mon.mem_check_interval = 60s
+    ## The threshold, as percentage of system memory, for how much system memory can be allocated by one Erlang process before the corresponding alarm is set.
+    ##
+    ## Default: 5%
+    procmem_high_watermark: "5%"
 
-## The threshold, as percentage of system memory, for how much system memory can be allocated before the corresponding alarm is set.
-##
-## Default: 70%
-os_mon.sysmem_high_watermark = 70%
+}
 
-## The threshold, as percentage of system memory, for how much system memory can be allocated by one Erlang process before the corresponding alarm is set.
-##
-## Default: 5%
-os_mon.procmem_high_watermark = 5%
+vm_mon: {
+    ## The time interval for the periodic process limit check
+    ##
+    ## Value: Duration
+    ##
+    ## Default: 30s
+    check_interval: "30s"
 
-## The time interval for the periodic process limit check
-##
-## Value: Duration
-##
-## Default: 30s
-vm_mon.check_interval = 30s
+    ## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is set.
+    ##
+    ## Default: 80%
+    process_high_watermark: "80%"
 
-## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is set.
-##
-## Default: 80%
-vm_mon.process_high_watermark = 80%
+    ## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is clear.
+    ##
+    ## Default: 60%
+    process_low_watermark: "60%"
+}
 
-## The threshold, as percentage of processes, for how many processes can simultaneously exist at the local node before the corresponding alarm is clear.
-##
-## Default: 60%
-vm_mon.process_low_watermark = 60%
+alarm: {
+    ## Specifies the actions to take when an alarm is activated
+    ##
+    ## Value: String
+    ##  - log
+    ##  - publish
+    ##
+    ## Default: "log,publish"
+    actions: "log,publish"
 
-## Specifies the actions to take when an alarm is activated
-##
-## Value: String
-##  - log
-##  - publish
-##
-## Default: "log,publish"
-alarm.actions = "log,publish"
+    ## The maximum number of deactivated alarms
+    ##
+    ## Value: Integer
+    ##
+    ## Default: 1000
+    size_limit: 1000
 
-## The maximum number of deactivated alarms
-##
-## Value: Integer
-##
-## Default: 1000
-alarm.size_limit = 1000
-
-## Validity Period of deactivated alarms
-##
-## Value: Duration
-##  - h: hour
-##  - m: minute
-##  - s: second
-##  - ms: milliseconds
-##
-## Default: 24h
-alarm.validity_period = 24h
-
-## CONFIG_SECTION_END=sys_mon ==================================================
+    ## Validity Period of deactivated alarms
+    ##
+    ## Value: Duration
+    ##  - h: hour
+    ##  - m: minute
+    ##  - s: second
+    ##  - ms: milliseconds
+    ##
+    ## Default: 24h
+    validity_period: "24h"
+}
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index cdc20762e..440dd8117 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -54,7 +54,7 @@
 -export([includes/0]).
 
 structs() -> ["cluster", "node", "rpc", "log", "lager",
-              "acl", "mqtt", "zone", "listener", "module", "broker",
+              "acl", "mqtt", "zone", "listener", "broker",
               "plugins", "sysmon", "os_mon", "vm_mon", "alarm"]
              ++ includes().
 
@@ -65,6 +65,12 @@ includes() ->
     [ "emqx_data_bridge"
     , "emqx_telemetry"
     , "emqx_retainer"
+    , "emqx_statsd"
+    , "emqx_authn"
+    , "emqx_authz"
+    , "emqx_bridge_mqtt"
+    , "emqx_modules"
+    , "emqx_management"
     ].
 -endif.
 
@@ -424,12 +430,6 @@ fields("deflate_opts") ->
     , {"client_max_window_bits", t(integer())}
     ];
 
-fields("module") ->
-    [ {"loaded_file", t(string(), "emqx.modules_loaded_file", undefined)}
-    , {"presence", ref("presence")}
-    , {"subscription", ref("subscription")}
-    , {"rewrite", ref("rewrite")}
-    ];
 
 fields("presence") ->
     [ {"qos", t(range(0, 2), undefined, 1)}];
@@ -533,7 +533,6 @@ translation("emqx") ->
     [ {"flapping_detect_policy", fun tr_flapping_detect_policy/1}
     , {"zones", fun tr_zones/1}
     , {"listeners", fun tr_listeners/1}
-    , {"modules", fun tr_modules/1}
     , {"sysmon", fun tr_sysmon/1}
     , {"os_mon", fun tr_os_mon/1}
     , {"vm_mon", fun tr_vm_mon/1}
@@ -827,38 +826,6 @@ tr_listeners(Conf) ->
                ++ [SslListeners("quic", Name) || Name <- keys("listener.quic", Conf)]
                  ).
 
-tr_modules(Conf) ->
-    Subscriptions = fun() ->
-        List = keys("module.subscription", Conf),
-        TopicList = [{N, conf_get(["module", "subscription", N, "topic"], Conf)}|| N <- List],
-        [{list_to_binary(T), #{ qos => conf_get("module.subscription." ++ N ++ ".qos", Conf, 0),
-                                nl  => conf_get("module.subscription." ++ N ++ ".nl", Conf, 0),
-                                rap => conf_get("module.subscription." ++ N ++ ".rap", Conf, 0),
-                                rh  => conf_get("module.subscription." ++ N ++ ".rh", Conf, 0)
-        }} || {N, T} <- TopicList]
-                    end,
-    Rewrites = fun() ->
-        Rules = keys("module.rewrite.rule", Conf),
-        PubRules = keys("module.rewrite.pub_rule", Conf),
-        SubRules = keys("module.rewrite.sub_rule", Conf),
-        TotalRules =
-            [ {["module", "rewrite", "pub", "rule", R], conf_get(["module.rewrite.rule", R], Conf)} || R <- Rules] ++
-            [ {["module", "rewrite", "pub", "rule", R], conf_get(["module.rewrite.pub_rule", R], Conf)} || R <- PubRules] ++
-            [ {["module", "rewrite", "sub", "rule", R], conf_get(["module.rewrite.rule", R], Conf)} || R <- Rules] ++
-            [ {["module", "rewrite", "sub", "rule", R], conf_get(["module.rewrite.sub_rule", R], Conf)} || R <- SubRules],
-        lists:map(fun({[_, "rewrite", PubOrSub, "rule", _], Rule}) ->
-            [Topic, Re, Dest] = string:tokens(Rule, " "),
-            {rewrite, list_to_atom(PubOrSub), list_to_binary(Topic), list_to_binary(Re), list_to_binary(Dest)}
-                  end, TotalRules)
-               end,
-    lists:append([
-        [{emqx_mod_presence, [{qos, conf_get("module.presence.qos", Conf, 1)}]}],
-        [{emqx_mod_subscription, Subscriptions()}],
-        [{emqx_mod_rewrite, Rewrites()}],
-        [{emqx_mod_topic_metrics, []}],
-        [{emqx_mod_delayed, []}]
-    ]).
-
 tr_sysmon(Conf) ->
     Keys = maps:to_list(conf_get("sysmon", Conf, #{})),
     [{binary_to_atom(K, utf8), maps:get(value, V)} || {K, V} <- Keys].

From fb2f2741a4a55f714918ee794d506e8cb6bd0f6c Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 2 Jul 2021 14:18:09 +0800
Subject: [PATCH 150/174] fix: fix test cases fail

---
 apps/emqx/src/emqx_schema.erl | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 440dd8117..bb8b41cf9 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -65,12 +65,6 @@ includes() ->
     [ "emqx_data_bridge"
     , "emqx_telemetry"
     , "emqx_retainer"
-    , "emqx_statsd"
-    , "emqx_authn"
-    , "emqx_authz"
-    , "emqx_bridge_mqtt"
-    , "emqx_modules"
-    , "emqx_management"
     ].
 -endif.
 

From 918a26e921bfb07de8f95060abaf7f15b6b4b36f Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 2 Jul 2021 14:12:48 +0800
Subject: [PATCH 151/174] feat(conf): merge all conf to emqx.conf

---
 .ci/build_packages/tests.sh                   |   4 +-
 .../docker-compose-emqx-cluster.yaml          |   4 +-
 .github/workflows/build_packages.yaml         |   2 +-
 .github/workflows/build_slim_packages.yaml    |   2 +-
 .github/workflows/run_fvt_tests.yaml          |  14 +-
 .gitignore                                    |   2 +-
 Makefile                                      |   8 +-
 apps/emqx/etc/acl.conf                        |  26 --
 apps/emqx/etc/acl.conf.paho                   |  14 -
 apps/emqx/include/emqx.hrl                    |   3 +-
 apps/emqx/src/emqx.appup.src                  | 111 --------
 apps/emqx/src/emqx.erl                        |   1 -
 apps/emqx/src/emqx_app.erl                    |   2 +-
 apps/emqx/src/emqx_plugins.erl                | 247 ++----------------
 apps/emqx/src/emqx_schema.erl                 |   6 +
 apps/emqx/test/emqx_plugins_SUITE.erl         |  62 +----
 apps/emqx_authn/etc/emqx_authn.conf           |   2 +-
 apps/emqx_authn/src/emqx_authn_app.erl        |   7 +-
 apps/emqx_authn/src/emqx_authn_schema.erl     |  16 +-
 apps/emqx_authz/src/emqx_authz.erl            |   6 +-
 apps/emqx_authz/test/emqx_authz_SUITE.erl     |   6 +-
 apps/emqx_authz/test/emqx_authz_api_SUITE.erl |  17 +-
 .../test/emqx_authz_mysql_SUITE.erl           |  22 +-
 .../test/emqx_authz_pgsql_SUITE.erl           |  22 +-
 .../test/emqx_authz_redis_SUITE.erl           |  28 +-
 .../etc/emqx_bridge_mqtt.conf                 | 102 ++++----
 .../src/emqx_bridge_mqtt_schema.erl           |   6 +-
 .../test/emqx_dashboard_SUITE.erl             |  33 +--
 .../etc/emqx_data_bridge.conf                 | 247 +++++++++---------
 .../src/emqx_data_bridge_schema.erl           |   2 +-
 .../src/emqx_management.app.src               |   2 +-
 .../src/emqx_management.appup.src             |  13 -
 .../src/emqx_management_schema.erl            |   2 +-
 apps/emqx_management/src/emqx_mgmt.erl        |   2 +-
 .../src/emqx_mgmt_api_plugins.erl             |   6 +-
 apps/emqx_management/src/emqx_mgmt_app.erl    |   5 -
 apps/emqx_management/src/emqx_mgmt_auth.erl   |  11 +-
 apps/emqx_management/src/emqx_mgmt_http.erl   |   2 +-
 apps/emqx_management/test/emqx_mgmt_SUITE.erl |  39 +--
 .../test/emqx_mgmt_api_SUITE.erl              |  11 +-
 apps/emqx_modules/src/emqx_modules.erl        |   2 +
 apps/emqx_modules/test/emqx_modules_SUITE.erl |  12 +-
 apps/emqx_sn/vars                             |   2 +-
 data/loaded_plugins.tmpl                      |   3 -
 rebar.config.erl                              |  83 ++----
 scripts/find-apps.sh                          |   2 +-
 scripts/merge-config.escript                  |  36 +++
 47 files changed, 375 insertions(+), 882 deletions(-)
 delete mode 100644 apps/emqx/etc/acl.conf
 delete mode 100644 apps/emqx/etc/acl.conf.paho
 delete mode 100644 apps/emqx/src/emqx.appup.src
 delete mode 100644 apps/emqx_management/src/emqx_management.appup.src
 delete mode 100644 data/loaded_plugins.tmpl
 create mode 100755 scripts/merge-config.escript

diff --git a/.ci/build_packages/tests.sh b/.ci/build_packages/tests.sh
index d14974679..47994c9ad 100755
--- a/.ci/build_packages/tests.sh
+++ b/.ci/build_packages/tests.sh
@@ -39,7 +39,7 @@ emqx_test(){
                 unzip -q "${PACKAGE_PATH}/${packagename}"
                 export EMQX_ZONE__EXTERNAL__SERVER_KEEPALIVE=60 \
                        EMQX_MQTT__MAX_TOPIC_ALIAS=10
-                sed -i '/emqx_telemetry/d' "${PACKAGE_PATH}"/emqx/data/loaded_plugins
+                # sed -i '/emqx_telemetry/d' "${PACKAGE_PATH}"/emqx/data/loaded_plugins
 
                 echo "running ${packagename} start"
                 if ! "${PACKAGE_PATH}"/emqx/bin/emqx start; then
@@ -115,7 +115,7 @@ emqx_test(){
 running_test(){
     export EMQX_ZONE__EXTERNAL__SERVER_KEEPALIVE=60 \
            EMQX_MQTT__MAX_TOPIC_ALIAS=10
-    sed -i '/emqx_telemetry/d' /var/lib/emqx/loaded_plugins
+    # sed -i '/emqx_telemetry/d' /var/lib/emqx/loaded_plugins
 
     if ! emqx start; then
         cat /var/log/emqx/erlang.log.1 || true
diff --git a/.ci/docker-compose-file/docker-compose-emqx-cluster.yaml b/.ci/docker-compose-file/docker-compose-emqx-cluster.yaml
index 6bc8e67e2..81d48aba7 100644
--- a/.ci/docker-compose-file/docker-compose-emqx-cluster.yaml
+++ b/.ci/docker-compose-file/docker-compose-emqx-cluster.yaml
@@ -38,7 +38,7 @@ services:
         - -c
         - |
           sed -i "s 127.0.0.1 $$(ip route show |grep "link" |awk '{print $$1}') g" /opt/emqx/etc/acl.conf
-          sed -i '/emqx_telemetry/d' /opt/emqx/data/loaded_plugins
+          # sed -i '/emqx_telemetry/d' /opt/emqx/data/loaded_plugins
           /opt/emqx/bin/emqx foreground
     healthcheck:
       test: ["CMD", "/opt/emqx/bin/emqx_ctl", "status"]
@@ -62,7 +62,7 @@ services:
       - -c
       - |
         sed -i "s 127.0.0.1 $$(ip route show |grep "link" |awk '{print $$1}') g" /opt/emqx/etc/acl.conf
-        sed -i '/emqx_telemetry/d' /opt/emqx/data/loaded_plugins
+        # sed -i '/emqx_telemetry/d' /opt/emqx/data/loaded_plugins
         /opt/emqx/bin/emqx foreground
     healthcheck:
       test: ["CMD", "/opt/emqx/bin/emqx", "ping"]
diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index b983eaa67..6d1a757af 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -179,7 +179,7 @@ jobs:
         cd source
         pkg_name=$(basename _packages/${{ matrix.profile }}/${{ matrix.profile }}-*.zip)
         unzip -q _packages/${{ matrix.profile }}/$pkg_name
-        gsed -i '/emqx_telemetry/d' ./emqx/data/loaded_plugins
+        # gsed -i '/emqx_telemetry/d' ./emqx/data/loaded_plugins
         ./emqx/bin/emqx start || cat emqx/log/erlang.log.1
         ready='no'
         for i in {1..10}; do
diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml
index bf85578c5..1f79b9ab2 100644
--- a/.github/workflows/build_slim_packages.yaml
+++ b/.github/workflows/build_slim_packages.yaml
@@ -108,7 +108,7 @@ jobs:
       run: |
         pkg_name=$(basename _packages/${EMQX_NAME}/emqx-*.zip)
         unzip -q _packages/${EMQX_NAME}/$pkg_name
-        gsed -i '/emqx_telemetry/d' ./emqx/data/loaded_plugins
+        # gsed -i '/emqx_telemetry/d' ./emqx/data/loaded_plugins
         ./emqx/bin/emqx start || cat emqx/log/erlang.log.1
         ready='no'
         for i in {1..10}; do
diff --git a/.github/workflows/run_fvt_tests.yaml b/.github/workflows/run_fvt_tests.yaml
index 035c0d0e3..e414537b9 100644
--- a/.github/workflows/run_fvt_tests.yaml
+++ b/.github/workflows/run_fvt_tests.yaml
@@ -48,13 +48,13 @@ jobs:
                 echo "['$(date -u +"%Y-%m-%dT%H:%M:%SZ")']:waiting emqx";
                 sleep 5;
             done
-        - name: verify EMQX_LOADED_PLUGINS override working
-          run: |
-            expected="{emqx_sn, true}."
-            output=$(docker exec -i node1.emqx.io bash -c "cat data/loaded_plugins" | tail -n1)
-            if [ "$expected" != "$output" ]; then
-                exit 1
-            fi
+        # - name: verify EMQX_LOADED_PLUGINS override working
+        #   run: |
+        #     expected="{emqx_sn, true}."
+        #     output=$(docker exec -i node1.emqx.io bash -c "cat data/loaded_plugins" | tail -n1)
+        #     if [ "$expected" != "$output" ]; then
+        #         exit 1
+        #     fi
         - name: make paho tests
           run: |
             if ! docker exec -i python /scripts/pytest.sh; then
diff --git a/.gitignore b/.gitignore
index dd8e9b82e..e7b31b394 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,6 +45,6 @@ emqx_dialyzer_*_plt
 */emqx_dashboard/priv/www
 dist.zip
 scripts/git-token
-etc/*.seg
+apps/*/etc/*.all
 _upgrade_base/
 TAGS
diff --git a/Makefile b/Makefile
index cc8cdb0db..c81b9d5a3 100644
--- a/Makefile
+++ b/Makefile
@@ -73,7 +73,8 @@ coveralls: $(REBAR)
 	@ENABLE_COVER_COMPILE=1 $(REBAR) as test coveralls send
 
 .PHONY: $(REL_PROFILES)
-$(REL_PROFILES:%=%): $(REBAR) get-dashboard
+
+$(REL_PROFILES:%=%): $(REBAR) get-dashboard conf-segs
 	@$(REBAR) as $(@) do compile,release
 
 ## Not calling rebar3 clean because
@@ -111,7 +112,7 @@ xref: $(REBAR)
 dialyzer: $(REBAR)
 	@$(REBAR) as check dialyzer
 
-COMMON_DEPS := $(REBAR) get-dashboard $(CONF_SEGS)
+COMMON_DEPS := $(REBAR) get-dashboard conf-segs
 
 ## rel target is to create release package without relup
 .PHONY: $(REL_PROFILES:%=%-rel) $(PKG_PROFILES:%=%-rel)
@@ -152,3 +153,6 @@ quickrun:
 	./_build/$(PROFILE)/rel/emqx/bin/emqx console
 
 include docker.mk
+
+conf-segs:
+	@scripts/merge-config.escript
diff --git a/apps/emqx/etc/acl.conf b/apps/emqx/etc/acl.conf
deleted file mode 100644
index af2fb0dd1..000000000
--- a/apps/emqx/etc/acl.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-%%--------------------------------------------------------------------
-%% [ACL](https://docs.emqx.io/broker/v3/en/config.html)
-%%
-%% -type(who() :: all | binary() |
-%%                {ipaddr, esockd_access:cidr()} |
-%%                {client, binary()} |
-%%                {user, binary()}).
-%%
-%% -type(access() :: subscribe | publish | pubsub).
-%%
-%% -type(topic() :: binary()).
-%%
-%% -type(rule() :: {allow, all} |
-%%                 {allow, who(), access(), list(topic())} |
-%%                 {deny, all} |
-%%                 {deny, who(), access(), list(topic())}).
-%%--------------------------------------------------------------------
-
-{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
-
-{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
-
-{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
-
-{allow, all}.
-
diff --git a/apps/emqx/etc/acl.conf.paho b/apps/emqx/etc/acl.conf.paho
deleted file mode 100644
index 5beec4347..000000000
--- a/apps/emqx/etc/acl.conf.paho
+++ /dev/null
@@ -1,14 +0,0 @@
-%%--------------------------------------------------------------------
-%% For paho interoperability test cases
-%%--------------------------------------------------------------------
-
-{deny, {client, "myclientid"}, subscribe, ["test/nosubscribe"]}.
-
-{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
-
-{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
-
-{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
-
-{allow, all}.
-
diff --git a/apps/emqx/include/emqx.hrl b/apps/emqx/include/emqx.hrl
index d148e01a3..a11c30cb4 100644
--- a/apps/emqx/include/emqx.hrl
+++ b/apps/emqx/include/emqx.hrl
@@ -108,8 +108,7 @@
           descr          :: string(),
           vendor         :: string() | undefined,
           active = false :: boolean(),
-          info   = #{}   :: map(),
-          type           :: atom()
+          info   = #{}   :: map()
         }).
 
 %%--------------------------------------------------------------------
diff --git a/apps/emqx/src/emqx.appup.src b/apps/emqx/src/emqx.appup.src
deleted file mode 100644
index 4f9f00673..000000000
--- a/apps/emqx/src/emqx.appup.src
+++ /dev/null
@@ -1,111 +0,0 @@
-%% -*- mode: erlang -*-
-{VSN,
-  [
-   {"4.3.4",
-    [{load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]}
-    ]},
-   {"4.3.3",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]}
-    ]},
-   {"4.3.2",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
-     {load_module,emqx_channel,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]},
-     {load_module,emqx_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]}
-    ]},
-   {"4.3.1",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_frame,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]},
-     {load_module,emqx_congestion,brutal_purge,soft_purge,[]},
-     {load_module,emqx_node_dump,brutal_purge,soft_purge,[]},
-     {load_module,emqx_channel,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]},
-     {load_module,emqx_plugins,brutal_purge,soft_purge,[]},
-     {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
-     {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
-   {"4.3.0",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_logger_jsonfmt,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_congestion,brutal_purge,soft_purge,[]},
-     {load_module,emqx_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_frame,brutal_purge,soft_purge,[]},
-     {load_module,emqx_trie,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]},
-     {load_module,emqx_node_dump,brutal_purge,soft_purge,[]},
-     {load_module,emqx_channel,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]},
-     {load_module,emqx_plugins,brutal_purge,soft_purge,[]},
-     {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
-     {load_module,emqx_metrics,brutal_purge,soft_purge,[]},
-     {apply,{emqx_metrics,upgrade_retained_delayed_counter_type,[]}},
-     {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
-   {<<".*">>,[]}],
-  [
-   {"4.3.4",
-    [{load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]}
-    ]},
-   {"4.3.3",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]}
-    ]},
-   {"4.3.2",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_http_lib,brutal_purge,soft_purge,[]},
-     {load_module,emqx_channel,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]},
-     {load_module,emqx_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]}
-    ]},
-   {"4.3.1",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_frame,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]},
-     {load_module,emqx_congestion,brutal_purge,soft_purge,[]},
-     {load_module,emqx_node_dump,brutal_purge,soft_purge,[]},
-     {load_module,emqx_channel,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]},
-     {load_module,emqx_plugins,brutal_purge,soft_purge,[]},
-     {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
-     {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
-   {"4.3.0",
-    [{load_module,emqx_packet,brutal_purge,soft_purge,[]},
-     {load_module,emqx_shared_sub,brutal_purge,soft_purge,[]},
-     {load_module,emqx_logger_jsonfmt,brutal_purge,soft_purge,[]},
-     {load_module,emqx_ws_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_connection,brutal_purge,soft_purge,[]},
-     {load_module,emqx_congestion,brutal_purge,soft_purge,[]},
-     {load_module,emqx_frame,brutal_purge,soft_purge,[]},
-     {load_module,emqx_trie,brutal_purge,soft_purge,[]},
-     {load_module,emqx_cm,brutal_purge,soft_purge,[]},
-     {load_module,emqx_node_dump,brutal_purge,soft_purge,[]},
-     {load_module,emqx_channel,brutal_purge,soft_purge,[]},
-     {load_module,emqx_app,brutal_purge,soft_purge,[]},
-     {load_module,emqx_plugins,brutal_purge,soft_purge,[]},
-     {load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
-     {load_module,emqx_metrics,brutal_purge,soft_purge,[]},
-     {load_module,emqx_http_lib,brutal_purge,soft_purge,[]}]},
-   {<<".*">>,[]}]}.
diff --git a/apps/emqx/src/emqx.erl b/apps/emqx/src/emqx.erl
index c700239ca..0a290ff4a 100644
--- a/apps/emqx/src/emqx.erl
+++ b/apps/emqx/src/emqx.erl
@@ -227,7 +227,6 @@ shutdown() ->
 shutdown(Reason) ->
     ?LOG(critical, "emqx shutdown for ~s", [Reason]),
     _ = emqx_alarm_handler:unload(),
-    _ = emqx_plugins:unload(),
     lists:foreach(fun application:stop/1
                  , lists:reverse(default_started_applications())
                  ).
diff --git a/apps/emqx/src/emqx_app.erl b/apps/emqx/src/emqx_app.erl
index 60f0fc40d..666a704f3 100644
--- a/apps/emqx/src/emqx_app.erl
+++ b/apps/emqx/src/emqx_app.erl
@@ -51,7 +51,7 @@ start(_Type, _Args) ->
     ok = ekka_rlog:wait_for_shards(?EMQX_SHARDS, infinity),
     {ok, Sup} = emqx_sup:start_link(),
     ok = start_autocluster(),
-    ok = emqx_plugins:init(),
+    % ok = emqx_plugins:init(),
     _ = emqx_plugins:load(),
     _ = start_ce_modules(),
     emqx_boot:is_enabled(listeners) andalso (ok = emqx_listeners:start()),
diff --git a/apps/emqx/src/emqx_plugins.erl b/apps/emqx/src/emqx_plugins.erl
index 8abc2b21f..ae324c71d 100644
--- a/apps/emqx/src/emqx_plugins.erl
+++ b/apps/emqx/src/emqx_plugins.erl
@@ -21,8 +21,6 @@
 
 -logger_header("[Plugins]").
 
--export([init/0]).
-
 -export([ load/0
         , load/1
         , unload/0
@@ -30,8 +28,6 @@
         , reload/1
         , list/0
         , find_plugin/1
-        , generate_configs/1
-        , apply_configs/1
         ]).
 
 -export([funlog/2]).
@@ -41,35 +37,14 @@
 -compile(nowarn_export_all).
 -endif.
 
--dialyzer({no_match, [ plugin_loaded/2
-                     , plugin_unloaded/2
-                     ]}).
-
 %%--------------------------------------------------------------------
 %% APIs
 %%--------------------------------------------------------------------
 
-%% @doc Init plugins' config
--spec(init() -> ok).
-init() ->
-    case emqx:get_env(plugins_etc_dir) of
-        undefined  -> ok;
-        PluginsEtc ->
-            CfgFiles = [filename:join(PluginsEtc, File) ||
-                        File <- filelib:wildcard("*.config", PluginsEtc)],
-            lists:foreach(fun init_config/1, CfgFiles)
-    end.
-
 %% @doc Load all plugins when the broker started.
 -spec(load() -> ok | ignore | {error, term()}).
 load() ->
-    ok = load_ext_plugins(emqx:get_env(expand_plugins_dir)),
-    case emqx:get_env(plugins_loaded_file) of
-        undefined -> ignore; %% No plugins available
-        File ->
-            _ = ensure_file(File),
-            with_loaded_file(File, fun(Names) -> load_plugins(Names, false) end)
-    end.
+    ok = load_ext_plugins(emqx:get_env(expand_plugins_dir)).
 
 %% @doc Load a Plugin
 -spec(load(atom()) -> ok | {error, term()}).
@@ -82,17 +57,13 @@ load(PluginName) when is_atom(PluginName) ->
             ?LOG(notice, "Plugin ~s is already started", [PluginName]),
             {error, already_started};
         {_, false} ->
-            load_plugin(PluginName, true)
+            load_plugin(PluginName)
     end.
 
 %% @doc Unload all plugins before broker stopped.
--spec(unload() -> list() | {error, term()}).
+-spec(unload() -> ok).
 unload() ->
-    case emqx:get_env(plugins_loaded_file) of
-        undefined -> ignore;
-        File ->
-            with_loaded_file(File, fun stop_plugins/1)
-    end.
+    stop_plugins(list()).
 
 %% @doc UnLoad a Plugin
 -spec(unload(atom()) -> ok | {error, term()}).
@@ -105,7 +76,7 @@ unload(PluginName) when is_atom(PluginName) ->
             ?LOG(error, "Plugin ~s is not started", [PluginName]),
             {error, not_started};
         {_, _} ->
-            unload_plugin(PluginName, true)
+            unload_plugin(PluginName)
     end.
 
 reload(PluginName) when is_atom(PluginName)->
@@ -126,8 +97,8 @@ reload(PluginName) when is_atom(PluginName)->
 -spec(list() -> [emqx_types:plugin()]).
 list() ->
     StartedApps = names(started_app),
-    lists:map(fun({Name, _, [Type| _]}) ->
-        Plugin = plugin(Name, Type),
+    lists:map(fun({Name, _, _}) ->
+        Plugin = plugin(Name),
         case lists:member(Name, StartedApps) of
             true  -> Plugin#plugin{active = true};
             false -> Plugin
@@ -144,12 +115,6 @@ find_plugin(Name, Plugins) ->
 %% Internal functions
 %%--------------------------------------------------------------------
 
-init_config(CfgFile) ->
-    {ok, [AppsEnv]} = file:consult(CfgFile),
-    lists:foreach(fun({App, Envs}) ->
-                      [application:set_env(App, Par, Val) || {Par, Val} <- Envs]
-                  end, AppsEnv).
-
 %% load external plugins which are placed in etc/plugins dir
 load_ext_plugins(undefined) -> ok;
 load_ext_plugins(Dir) ->
@@ -173,15 +138,15 @@ load_ext_plugin(PluginDir) ->
                       ?LOG(alert, "plugin_app_file_not_found: ~s", [AppFile]),
                       error({plugin_app_file_not_found, AppFile})
               end,
-    ok = load_plugin_app(AppName, Ebin),
-    try
-        ok = generate_configs(AppName, PluginDir)
-    catch
-        throw : {conf_file_not_found, ConfFile} ->
-            %% this is maybe a dependency of an external plugin
-            ?LOG(debug, "config_load_error_ignored for app=~p, path=~s", [AppName, ConfFile]),
-            ok
-    end.
+    ok = load_plugin_app(AppName, Ebin).
+    % try
+    %     ok = generate_configs(AppName, PluginDir)
+    % catch
+    %     throw : {conf_file_not_found, ConfFile} ->
+    %         %% this is maybe a dependency of an external plugin
+    %         ?LOG(debug, "config_load_error_ignored for app=~p, path=~s", [AppName, ConfFile]),
+    %         ok
+    % end.
 
 load_plugin_app(AppName, Ebin) ->
     _ = code:add_patha(Ebin),
@@ -199,57 +164,24 @@ load_plugin_app(AppName, Ebin) ->
         {error, {already_loaded, _}} -> ok
     end.
 
-ensure_file(File) ->
-    case filelib:is_file(File) of false -> write_loaded([]); true -> ok end.
-
-with_loaded_file(File, SuccFun) ->
-    case read_loaded(File) of
-        {ok, Names0} ->
-            Names = filter_plugins(Names0),
-            SuccFun(Names);
-        {error, Error} ->
-            ?LOG(alert, "Failed to read: ~p, error: ~p", [File, Error]),
-            {error, Error}
-    end.
-
-filter_plugins(Names) ->
-    lists:filtermap(fun(Name1) when is_atom(Name1) -> {true, Name1};
-                       ({Name1, true}) -> {true, Name1};
-                       ({_Name1, false}) -> false
-                    end, Names).
-
-load_plugins(Names, Persistent) ->
-    Plugins = list(),
-    NotFound = Names -- names(Plugins),
-    case NotFound of
-        []       -> ok;
-        NotFound -> ?LOG(alert, "cannot_find_plugins: ~p", [NotFound])
-    end,
-    NeedToLoad = Names -- NotFound -- names(started_app),
-    lists:foreach(fun(Name) ->
-                      Plugin = find_plugin(Name, Plugins),
-                      load_plugin(Plugin#plugin.name, Persistent)
-                  end, NeedToLoad).
-
 %% Stop plugins
-stop_plugins(Names) ->
-    _ = [stop_app(App) || App <- Names],
+stop_plugins(Plugins) ->
+    _ = [stop_app(Plugin#plugin.name) || Plugin <- Plugins],
     ok.
 
-plugin(AppName, Type) ->
+plugin(AppName) ->
     case application:get_all_key(AppName) of
         {ok, Attrs} ->
             Descr = proplists:get_value(description, Attrs, ""),
-            #plugin{name = AppName, descr = Descr, type = plugin_type(Type)};
+            #plugin{name = AppName, descr = Descr};
         undefined -> error({plugin_not_found, AppName})
     end.
 
-load_plugin(Name, Persistent) ->
+load_plugin(Name) ->
     try
-        ok = ?MODULE:generate_configs(Name),
         case load_app(Name) of
             ok ->
-                start_app(Name, fun(App) -> plugin_loaded(App, Persistent) end);
+                start_app(Name);
             {error, Error0} ->
                 {error, Error0}
         end
@@ -268,22 +200,21 @@ load_app(App) ->
             {error, Error}
     end.
 
-start_app(App, SuccFun) ->
+start_app(App) ->
     case application:ensure_all_started(App) of
         {ok, Started} ->
             ?LOG(info, "Started plugins: ~p", [Started]),
             ?LOG(info, "Load plugin ~s successfully", [App]),
-            _ = SuccFun(App),
             ok;
         {error, {ErrApp, Reason}} ->
             ?LOG(error, "Load plugin ~s failed, cannot start plugin ~s for ~0p", [App, ErrApp, Reason]),
             {error, {ErrApp, Reason}}
     end.
 
-unload_plugin(App, Persistent) ->
+unload_plugin(App) ->
     case stop_app(App) of
         ok ->
-            _ = plugin_unloaded(App, Persistent), ok;
+            ok;
         {error, Reason} ->
             {error, Reason}
     end.
@@ -307,133 +238,5 @@ names(started_app) ->
 names(Plugins) ->
     [Name || #plugin{name = Name} <- Plugins].
 
-plugin_loaded(_Name, false) ->
-    ok;
-plugin_loaded(Name, true) ->
-    case read_loaded() of
-        {ok, Names} ->
-            case lists:member(Name, Names) of
-                false ->
-                    %% write file if plugin is loaded
-                    write_loaded(lists:append(Names, [{Name, true}]));
-                true ->
-                    ignore
-            end;
-        {error, Error} ->
-            ?LOG(error, "Cannot read loaded plugins: ~p", [Error])
-    end.
-
-plugin_unloaded(_Name, false) ->
-    ok;
-plugin_unloaded(Name, true) ->
-    case read_loaded() of
-        {ok, Names0} ->
-            Names = filter_plugins(Names0),
-            case lists:member(Name, Names) of
-                true ->
-                    write_loaded(lists:delete(Name, Names));
-                false ->
-                    ?LOG(error, "Cannot find ~s in loaded_file", [Name])
-            end;
-        {error, Error} ->
-            ?LOG(error, "Cannot read loaded_plugins: ~p", [Error])
-    end.
-
-read_loaded() ->
-    case emqx:get_env(plugins_loaded_file) of
-        undefined -> {error, not_found};
-        File      -> read_loaded(File)
-    end.
-
-read_loaded(File) -> file:consult(File).
-
-write_loaded(AppNames) ->
-    FilePath = emqx:get_env(plugins_loaded_file),
-    case file:write_file(FilePath, [io_lib:format("~p.~n", [Name]) || Name <- AppNames]) of
-        ok -> ok;
-        {error, Error} ->
-            ?LOG(error, "Write File ~p Error: ~p", [FilePath, Error]),
-            {error, Error}
-    end.
-
-plugin_type(auth) -> auth;
-plugin_type(protocol) -> protocol;
-plugin_type(backend) -> backend;
-plugin_type(bridge) -> bridge;
-plugin_type(_) -> feature.
-
-
 funlog(Key, Value) ->
     ?LOG(info, "~s = ~p", [string:join(Key, "."), Value]).
-
-generate_configs(App) ->
-    PluginConfDir = emqx:get_env(plugins_etc_dir),
-    PluginSchemaDir = code:priv_dir(App),
-    generate_configs(App, PluginConfDir, PluginSchemaDir).
-
-generate_configs(App, PluginDir) ->
-    PluginConfDir = filename:join([PluginDir, "etc"]),
-    PluginSchemaDir = filename:join([PluginDir, "priv"]),
-    generate_configs(App, PluginConfDir, PluginSchemaDir).
-
-generate_configs(App, PluginConfDir, PluginSchemaDir) ->
-    ConfigFile = filename:join([PluginConfDir, App]) ++ ".config",
-    case filelib:is_file(ConfigFile) of
-        true ->
-            {ok, [Configs]} = file:consult(ConfigFile),
-            apply_configs(Configs);
-        false ->
-            SchemaFile = filename:join([PluginSchemaDir, App]) ++ ".schema",
-            case filelib:is_file(SchemaFile) of
-                true ->
-                    AppsEnv = do_generate_configs(App),
-                    apply_configs(AppsEnv);
-                false ->
-                    SchemaMod = lists:concat([App, "_schema"]),
-                    ConfName = filename:join([PluginConfDir, App]) ++ ".conf",
-                    SchemaFile1 = filename:join([code:lib_dir(App), "ebin", SchemaMod]) ++ ".beam",
-                    do_generate_hocon_configs(App, ConfName, SchemaFile1)
-            end
-    end.
-
-do_generate_configs(App) ->
-    Name1 = filename:join([emqx:get_env(plugins_etc_dir), App]) ++ ".conf",
-    Name2 = filename:join([code:lib_dir(App), "etc", App]) ++ ".conf",
-    ConfFile = case {filelib:is_file(Name1), filelib:is_file(Name2)} of
-                   {true, _} -> Name1;
-                   {false, true} -> Name2;
-                   {false, false} -> error({config_not_found, [Name1, Name2]})
-               end,
-    SchemaFile = filename:join([code:priv_dir(App), App]) ++ ".schema",
-    case filelib:is_file(SchemaFile) of
-        true ->
-            Schema = cuttlefish_schema:files([SchemaFile]),
-            Conf = cuttlefish_conf:file(ConfFile),
-            cuttlefish_generator:map(Schema, Conf, undefined, fun ?MODULE:funlog/2);
-        false ->
-            error({schema_not_found, SchemaFile})
-    end.
-
-do_generate_hocon_configs(App, ConfName, SchemaFile) ->
-    SchemaMod = lists:concat([App, "_schema"]),
-    case {filelib:is_file(ConfName), filelib:is_file(SchemaFile)} of
-        {true, true} ->
-            {ok, RawConfig} = hocon:load(ConfName, #{format => richmap}),
-            _ = hocon_schema:check(list_to_atom(SchemaMod), RawConfig, #{atom_key => true,
-                                                                         return_plain => true}),
-            ok;
-            % emqx_config:update_config([App], Config);
-        {true, false} ->
-            error({schema_not_found, [SchemaFile]});
-        {false, true} ->
-            error({config_not_found, [ConfName]});
-        {false, false} ->
-            error({conf_and_schema_not_found, [ConfName, SchemaFile]})
-    end.
-
-apply_configs([]) ->
-    ok;
-apply_configs([{App, Config} | More]) ->
-    lists:foreach(fun({Key, _}) -> application:unset_env(App, Key) end, application:get_all_env(App)),
-    lists:foreach(fun({Key, Val}) -> application:set_env(App, Key, Val) end, Config),
-    apply_configs(More).
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index bb8b41cf9..440dd8117 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -65,6 +65,12 @@ includes() ->
     [ "emqx_data_bridge"
     , "emqx_telemetry"
     , "emqx_retainer"
+    , "emqx_statsd"
+    , "emqx_authn"
+    , "emqx_authz"
+    , "emqx_bridge_mqtt"
+    , "emqx_modules"
+    , "emqx_management"
     ].
 -endif.
 
diff --git a/apps/emqx/test/emqx_plugins_SUITE.erl b/apps/emqx/test/emqx_plugins_SUITE.erl
index 6a76cb9d2..a7dd91602 100644
--- a/apps/emqx/test/emqx_plugins_SUITE.erl
+++ b/apps/emqx/test/emqx_plugins_SUITE.erl
@@ -63,64 +63,28 @@ t_load(_) ->
     ?assertEqual({error, not_started}, emqx_plugins:unload(emqx_hocon_plugin)),
 
     application:set_env(emqx, expand_plugins_dir, undefined),
-    application:set_env(emqx, plugins_loaded_file, undefined),
-    ?assertEqual(ignore, emqx_plugins:load()),
-    ?assertEqual(ignore, emqx_plugins:unload()).
-
-
-t_init_config(_) ->
-    ConfFile = "emqx_mini_plugin.config",
-    Data = "[{emqx_mini_plugin,[{mininame ,test}]}].",
-    file:write_file(ConfFile, list_to_binary(Data)),
-    ?assertEqual(ok, emqx_plugins:init_config(ConfFile)),
-    file:delete(ConfFile),
-    ?assertEqual({ok,test}, application:get_env(emqx_mini_plugin, mininame)).
+    application:set_env(emqx, plugins_loaded_file, undefined).
 
 t_load_ext_plugin(_) ->
     ?assertError({plugin_app_file_not_found, _},
                  emqx_plugins:load_ext_plugin("./not_existed_path/")).
 
 t_list(_) ->
-    ?assertMatch([{plugin, _, _, _, _, _, _, _} | _ ], emqx_plugins:list()).
+    ?assertMatch([{plugin, _, _, _, _, _, _} | _ ], emqx_plugins:list()).
 
 t_find_plugin(_) ->
-    ?assertMatch({plugin, emqx_mini_plugin, _, _, _, _, _, _}, emqx_plugins:find_plugin(emqx_mini_plugin)),
-    ?assertMatch({plugin, emqx_hocon_plugin, _, _, _, _, _, _}, emqx_plugins:find_plugin(emqx_hocon_plugin)).
-
-t_plugin_type(_) ->
-    ?assertEqual(auth, emqx_plugins:plugin_type(auth)),
-    ?assertEqual(protocol, emqx_plugins:plugin_type(protocol)),
-    ?assertEqual(backend, emqx_plugins:plugin_type(backend)),
-    ?assertEqual(bridge, emqx_plugins:plugin_type(bridge)),
-    ?assertEqual(feature, emqx_plugins:plugin_type(undefined)).
-
-t_with_loaded_file(_) ->
-    ?assertMatch({error, _}, emqx_plugins:with_loaded_file("./not_existed_path/", fun(_) -> ok end)).
-
-t_plugin_loaded(_) ->
-    ?assertEqual(ok, emqx_plugins:plugin_loaded(emqx_mini_plugin, false)),
-    ?assertEqual(ok, emqx_plugins:plugin_loaded(emqx_mini_plugin, true)),
-    ?assertEqual(ok, emqx_plugins:plugin_loaded(emqx_hocon_plugin, false)),
-    ?assertEqual(ok, emqx_plugins:plugin_loaded(emqx_hocon_plugin, true)).
-
-t_plugin_unloaded(_) ->
-    ?assertEqual(ok, emqx_plugins:plugin_unloaded(emqx_mini_plugin, false)),
-    ?assertEqual(ok, emqx_plugins:plugin_unloaded(emqx_mini_plugin, true)),
-    ?assertEqual(ok, emqx_plugins:plugin_unloaded(emqx_hocon_plugin, false)),
-    ?assertEqual(ok, emqx_plugins:plugin_unloaded(emqx_hocon_plugin, true)).
+    ?assertMatch({plugin, emqx_mini_plugin, _, _, _, _, _}, emqx_plugins:find_plugin(emqx_mini_plugin)),
+    ?assertMatch({plugin, emqx_hocon_plugin, _, _, _, _, _}, emqx_plugins:find_plugin(emqx_hocon_plugin)).
 
 t_plugin(_) ->
     try
-        emqx_plugins:plugin(not_existed_plugin, undefined)
+        emqx_plugins:plugin(not_existed_plugin)
     catch
         _Error:Reason:_Stacktrace ->
             ?assertEqual({plugin_not_found,not_existed_plugin}, Reason)
     end,
-    ?assertMatch({plugin, emqx_mini_plugin, _, _, _, _, _, _}, emqx_plugins:plugin(emqx_mini_plugin, undefined)),
-    ?assertMatch({plugin, emqx_hocon_plugin, _, _, _, _, _, _}, emqx_plugins:plugin(emqx_hocon_plugin, undefined)).
-
-t_filter_plugins(_) ->
-    ?assertEqual([name1, name2], emqx_plugins:filter_plugins([name1, {name2,true}, {name3, false}])).
+    ?assertMatch({plugin, emqx_mini_plugin, _, _, _, _, _}, emqx_plugins:plugin(emqx_mini_plugin)),
+    ?assertMatch({plugin, emqx_hocon_plugin, _, _, _, _, _}, emqx_plugins:plugin(emqx_hocon_plugin)).
 
 t_load_plugin(_) ->
     ok = meck:new(application, [unstick, non_strict, passthrough, no_history]),
@@ -133,9 +97,9 @@ t_load_plugin(_) ->
     ok = meck:new(emqx_plugins, [unstick, non_strict, passthrough, no_history]),
     ok = meck:expect(emqx_plugins, generate_configs, fun(_) -> ok end),
     ok = meck:expect(emqx_plugins, apply_configs, fun(_) -> ok end),
-    ?assertMatch({error, _}, emqx_plugins:load_plugin(already_loaded_app, true)),
-    ?assertMatch(ok, emqx_plugins:load_plugin(normal, true)),
-    ?assertMatch({error,_}, emqx_plugins:load_plugin(error_app, true)),
+    ?assertMatch({error, _}, emqx_plugins:load_plugin(already_loaded_app)),
+    ?assertMatch(ok, emqx_plugins:load_plugin(normal)),
+    ?assertMatch({error,_}, emqx_plugins:load_plugin(error_app)),
 
     ok = meck:unload(emqx_plugins),
     ok = meck:unload(application).
@@ -146,8 +110,8 @@ t_unload_plugin(_) ->
                                            (error_app) -> {error, error};
                                            (_) -> ok end),
 
-    ?assertEqual(ok, emqx_plugins:unload_plugin(not_started_app, true)),
-    ?assertEqual(ok, emqx_plugins:unload_plugin(normal, true)),
-    ?assertEqual({error,error}, emqx_plugins:unload_plugin(error_app, true)),
+    ?assertEqual(ok, emqx_plugins:unload_plugin(not_started_app)),
+    ?assertEqual(ok, emqx_plugins:unload_plugin(normal)),
+    ?assertEqual({error,error}, emqx_plugins:unload_plugin(error_app)),
 
     ok = meck:unload(application).
diff --git a/apps/emqx_authn/etc/emqx_authn.conf b/apps/emqx_authn/etc/emqx_authn.conf
index 092bd5404..ecd49d5a5 100644
--- a/apps/emqx_authn/etc/emqx_authn.conf
+++ b/apps/emqx_authn/etc/emqx_authn.conf
@@ -1,4 +1,4 @@
-authn: {
+emqx_authn: {
     chains: [
         # {
         #     id: "chain1"
diff --git a/apps/emqx_authn/src/emqx_authn_app.erl b/apps/emqx_authn/src/emqx_authn_app.erl
index 9e60e5dda..033c760af 100644
--- a/apps/emqx_authn/src/emqx_authn_app.erl
+++ b/apps/emqx_authn/src/emqx_authn_app.erl
@@ -38,11 +38,8 @@ stop(_State) ->
     ok.
 
 initialize() ->
-    ConfFile = filename:join([emqx:get_env(plugins_etc_dir), ?APP]) ++ ".conf",
-    {ok, RawConfig} = hocon:load(ConfFile),
-    #{authn := #{chains := Chains,
-                 bindings := Bindings}}
-        = hocon_schema:check_plain(emqx_authn_schema, RawConfig, #{atom_key => true, nullable => true}),
+    #{chains := Chains,
+     bindings := Bindings} = emqx_config:get([authn], #{chains => [], bindings => []}),
     initialize_chains(Chains),
     initialize_bindings(Bindings).
 
diff --git a/apps/emqx_authn/src/emqx_authn_schema.erl b/apps/emqx_authn/src/emqx_authn_schema.erl
index 0464350dd..d9bf72910 100644
--- a/apps/emqx_authn/src/emqx_authn_schema.erl
+++ b/apps/emqx_authn/src/emqx_authn_schema.erl
@@ -27,9 +27,9 @@
               , authenticator_name/0
               ]).
 
-structs() -> [authn].
+structs() -> ["emqx_authn"].
 
-fields(authn) ->
+fields("emqx_authn") ->
     [ {chains, fun chains/1}
     , {bindings, fun bindings/1}];
 
@@ -80,7 +80,7 @@ fields(pgsql) ->
     , {config, hoconsc:t(hoconsc:ref(emqx_authn_pgsql, config))}
     ].
 
-chains(type) -> hoconsc:array({union, [hoconsc:ref('simple-chain')]});
+chains(type) -> hoconsc:array({union, [hoconsc:ref(?MODULE, 'simple-chain')]});
 chains(default) -> [];
 chains(_) -> undefined.
 
@@ -89,10 +89,10 @@ chain_id(nullable) -> false;
 chain_id(_) -> undefined.
 
 simple_authenticators(type) ->
-    hoconsc:array({union, [ hoconsc:ref('built-in-database')
-                          , hoconsc:ref(jwt)
-                          , hoconsc:ref(mysql)
-                          , hoconsc:ref(pgsql)]});
+    hoconsc:array({union, [ hoconsc:ref(?MODULE, 'built-in-database')
+                          , hoconsc:ref(?MODULE, jwt)
+                          , hoconsc:ref(?MODULE, mysql)
+                          , hoconsc:ref(?MODULE, pgsql)]});
 simple_authenticators(default) -> [];
 simple_authenticators(_) -> undefined.
 
@@ -105,7 +105,7 @@ authenticator_name(type) -> authenticator_name();
 authenticator_name(nullable) -> false;
 authenticator_name(_) -> undefined.
 
-bindings(type) -> hoconsc:array(hoconsc:ref(binding));
+bindings(type) -> hoconsc:array(hoconsc:ref(?MODULE, binding));
 bindings(default) -> [];
 bindings(_) -> undefined.
 
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index 9be9fdce8..6710e4f69 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -36,11 +36,7 @@ register_metrics() ->
 
 init() ->
     ok = register_metrics(),
-    Conf = filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'),
-    {ok, RawConf} = hocon:load(Conf),
-    #{emqx_authz := #{rules := Rules}} = hocon_schema:check_plain(emqx_authz_schema, RawConf, #{atom_key => true}),
-    emqx_config:put([emqx_authz], #{rules => Rules}),
-    % Rules = emqx_config:get([emqx_authz, rules], []),
+    Rules = emqx_config:get([emqx_authz, rules], []),
     NRules = [compile(Rule) || Rule <- Rules],
     ok = emqx_hooks:add('client.authorize', {?MODULE, authorize, [NRules]},  -1).
 
diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl
index 944053f4e..66b2e62de 100644
--- a/apps/emqx_authz/test/emqx_authz_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl
@@ -41,11 +41,7 @@ set_special_configs(emqx) ->
     application:set_env(emqx, enable_acl_cache, false),
     ok;
 set_special_configs(emqx_authz) ->
-    application:set_env(emqx, plugins_etc_dir,
-                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"emqx_authz">> => #{<<"rules">> => []}},
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
-    % emqx_config:put([emqx_authz], #{rules => []}),
+    emqx_config:put([emqx_authz], #{rules => []}),
     ok;
 set_special_configs(_App) ->
     ok.
diff --git a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
index b813ad1f7..24683cd5b 100644
--- a/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_api_SUITE.erl
@@ -55,22 +55,13 @@ set_special_configs(emqx) ->
     application:set_env(emqx, enable_acl_cache, false),
     ok;
 set_special_configs(emqx_authz) ->
-    application:set_env(emqx, plugins_etc_dir,
-                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"emqx_authz">> => #{<<"rules">> => []}},
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
-    % emqx_config:put([emqx_authz], #{rules => []}),
+    emqx_config:put([emqx_authz], #{rules => []}),
     ok;
 
 set_special_configs(emqx_management) ->
-    application:set_env(emqx, plugins_etc_dir,
-        emqx_ct_helpers:deps_path(emqx_management, "test")),
-    Conf = #{<<"emqx_management">> => #{
-        <<"listeners">> => [#{
-            <<"protocol">> => <<"http">>
-        }]}
-    },
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    emqx_config:put([emqx_management], #{listeners => [#{protocol => "http", port => 8081}],
+                                         default_application_id => <<"admin">>,
+                                         default_application_secret => <<"public">>}),
     ok;
 
 set_special_configs(_App) ->
diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
index 039d50383..d84f0722a 100644
--- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
@@ -47,22 +47,12 @@ set_special_configs(emqx) ->
                         emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
     ok;
 set_special_configs(emqx_authz) ->
-    application:set_env(emqx, plugins_etc_dir,
-                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"emqx_authz">> =>
-             #{<<"rules">> =>
-               [#{<<"config">> =>#{<<"meck">> => <<"fake">>},
-                  <<"principal">> => all,
-                  <<"sql">> => <<"fake sql">>,
-                  <<"type">> => mysql}
-               ]}},
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
-    % Rules = [#{config =>#{<<"meck">> => <<"fake">>},
-    %            principal => all,
-    %            sql => <<"fake sql">>,
-    %            type => mysql}
-    %         ],
-    % emqx_config:put([emqx_authz], #{rules => Rules}),
+    Rules = [#{config =>#{<<"meck">> => <<"fake">>},
+               principal => all,
+               sql => <<"fake sql">>,
+               type => mysql}
+            ],
+    emqx_config:put([emqx_authz], #{rules => Rules}),
     ok;
 set_special_configs(_App) ->
     ok.
diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
index 9dcdd7c18..78112b5bc 100644
--- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
@@ -47,22 +47,12 @@ set_special_configs(emqx) ->
                         emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
     ok;
 set_special_configs(emqx_authz) ->
-    application:set_env(emqx, plugins_etc_dir,
-                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"emqx_authz">> =>
-             #{<<"rules">> =>
-               [#{<<"config">> =>#{<<"meck">> => <<"fake">>},
-                  <<"principal">> => all,
-                  <<"sql">> => <<"fake sql">>,
-                  <<"type">> => pgsql}
-               ]}},
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
-    % Rules = [#{config =>#{<<"meck">> => <<"fake">>},
-    %            principal => all,
-    %            sql => <<"fake sql">>,
-    %            type => pgsql}
-    %         ],
-    % emqx_config:put([emqx_authz], #{rules => Rules}),
+    Rules = [#{config =>#{<<"meck">> => <<"fake">>},
+               principal => all,
+               sql => <<"fake sql">>,
+               type => pgsql}
+            ],
+    emqx_config:put([emqx_authz], #{rules => Rules}),
     ok;
 set_special_configs(_App) ->
     ok.
diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
index 8cb7a51b9..edff8a2a9 100644
--- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
@@ -47,28 +47,12 @@ set_special_configs(emqx) ->
                         emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
     ok;
 set_special_configs(emqx_authz) ->
-    application:set_env(emqx, plugins_etc_dir,
-                        emqx_ct_helpers:deps_path(emqx_authz, "test")),
-    Conf = #{<<"emqx_authz">> =>
-             #{<<"rules">> =>
-               [#{<<"config">> =>#{
-                    <<"server">> => <<"127.0.0.1:6379">>,
-                    <<"password">> => <<"public">>,
-                    <<"pool_size">> => 1,
-                    <<"auto_reconnect">> => true,
-                    <<"ssl">> => #{<<"enable">> => false}
-                  },
-                  <<"principal">> => all,
-                  <<"cmd">> => <<"fake cmd">>,
-                  <<"type">> => redis}
-               ]}},
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf'), jsx:encode(Conf)),
-    % Rules = [#{config =>#{<<"meck">> => <<"fake">>},
-    %            principal => all,
-    %            cmd => <<"fake cmd">>,
-    %            type => redis}
-    %         ],
-    % emqx_config:put([emqx_authz], #{rules => Rules}),
+    Rules = [#{config =>#{<<"meck">> => <<"fake">>},
+               principal => all,
+               cmd => <<"fake cmd">>,
+               type => redis}
+            ],
+    emqx_config:put([emqx_authz], #{rules => Rules}),
     ok;
 set_special_configs(_App) ->
     ok.
diff --git a/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf b/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
index 4593e04f0..c34567ee4 100644
--- a/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
+++ b/apps/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf
@@ -3,54 +3,56 @@
 ##====================================================================
 
 emqx_bridge_mqtt:{
-    bridges:[{
-        name: "mqtt1"
-        start_type: auto
-        forwards: ["test/#"],
-        forward_mountpoint: ""
-        reconnect_interval: "30s"
-        batch_size: 100
-        queue:{
-            replayq_dir: false
-            # replayq_seg_bytes: "100MB"
-            # replayq_offload_mode: false
-            # replayq_max_total_bytes: "1GB"
-        },
-        config:{
-            conn_type: mqtt
-            address: "127.0.0.1:1883"
-            proto_ver: v4
-            bridge_mode: true
-            clientid: "client1"
-            clean_start: true
-            username: "username1"
-            password: ""
-            keepalive: 300
-            subscriptions: [{
-                topic: "t/#"
-                qos: 1
-            }]
-            receive_mountpoint: ""
-            retry_interval: "30s"
-            max_inflight: 32
-        }
-    },
-    {
-        name: "rpc1"
-        start_type: auto
-        forwards: ["test/#"],
-        forward_mountpoint: ""
-        reconnect_interval: "30s"
-        batch_size: 100
-        queue:{
-            replayq_dir: "{{ platform_data_dir }}/replayq/bridge_mqtt/"
-            replayq_seg_bytes: "100MB"
-            replayq_offload_mode: false
-            replayq_max_total_bytes: "1GB"
-        },
-        config:{
-            conn_type: rpc
-            node: "emqx@127.0.0.1"
-        }
-    }]
+    bridges:[
+        # {
+        #     name: "mqtt1"
+        #     start_type: auto
+        #     forwards: ["test/#"],
+        #     forward_mountpoint: ""
+        #     reconnect_interval: "30s"
+        #     batch_size: 100
+        #     queue:{
+        #         replayq_dir: "{{ platform_data_dir }}/replayq/bridge_mqtt/"
+        #         replayq_seg_bytes: "100MB"
+        #         replayq_offload_mode: false
+        #         replayq_max_total_bytes: "1GB"
+        #     },
+        #     config:{
+        #         conn_type: mqtt
+        #         address: "127.0.0.1:1883"
+        #         proto_ver: v4
+        #         bridge_mode: true
+        #         clientid: "client1"
+        #         clean_start: true
+        #         username: "username1"
+        #         password: ""
+        #         keepalive: 300
+        #         subscriptions: [{
+        #             topic: "t/#"
+        #             qos: 1
+        #         }]
+        #         receive_mountpoint: ""
+        #         retry_interval: "30s"
+        #         max_inflight: 32
+        #     }
+        # },
+        # {
+        #     name: "rpc1"
+        #     start_type: auto
+        #     forwards: ["test/#"],
+        #     forward_mountpoint: ""
+        #     reconnect_interval: "30s"
+        #     batch_size: 100
+        #     queue:{
+        #         replayq_dir: "{{ platform_data_dir }}/replayq/bridge_mqtt/"
+        #         replayq_seg_bytes: "100MB"
+        #         replayq_offload_mode: false
+        #         replayq_max_total_bytes: "1GB"
+        #     },
+        #     config:{
+        #         conn_type: rpc
+        #         node: "emqx@127.0.0.1"
+        #     }
+        # }
+    ]
 }
diff --git a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_schema.erl b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_schema.erl
index fcd2f2c1d..8cc87ef64 100644
--- a/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_schema.erl
+++ b/apps/emqx_bridge_mqtt/src/emqx_bridge_mqtt_schema.erl
@@ -26,7 +26,7 @@
 structs() -> ["emqx_bridge_mqtt"].
 
 fields("emqx_bridge_mqtt") ->
-    [ {bridges, hoconsc:array("bridges")}
+    [ {bridges, hoconsc:array(hoconsc:ref(?MODULE, "bridges"))}
     ];
 
 fields("bridges") ->
@@ -36,8 +36,8 @@ fields("bridges") ->
     , {forward_mountpoint, emqx_schema:t(string())}
     , {reconnect_interval, emqx_schema:t(emqx_schema:duration_ms(), undefined, "30s")}
     , {batch_size, emqx_schema:t(integer(), undefined, 100)}
-    , {queue, emqx_schema:t(hoconsc:ref("queue"))}
-    , {config, hoconsc:union([hoconsc:ref("mqtt"), hoconsc:ref("rpc")])}
+    , {queue, emqx_schema:t(hoconsc:ref(?MODULE, "queue"))}
+    , {config, hoconsc:union([hoconsc:ref(?MODULE, "mqtt"), hoconsc:ref(?MODULE, "rpc")])}
     ];
 
 fields("mqtt") ->
diff --git a/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl b/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
index afec49419..3ea8ab743 100644
--- a/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
+++ b/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl
@@ -40,18 +40,7 @@
 -define(OVERVIEWS, ['alarms/activated', 'alarms/deactivated', banned, brokers, stats, metrics, listeners, clients, subscriptions, routes, plugins]).
 
 all() ->
-    [{group, overview},
-     {group, admins},
-     {group, rest},
-     {group, cli}
-     ].
-
-groups() ->
-    [{overview, [sequence], [t_overview]},
-     {admins, [sequence], [t_admins_add_delete]},
-     {rest, [sequence], [t_rest_api]},
-     {cli, [sequence], [t_cli]}
-    ].
+    emqx_ct:all(?MODULE).
 
 init_per_suite(Config) ->
     emqx_ct_helpers:start_apps([emqx_management, emqx_dashboard],fun set_special_configs/1),
@@ -62,29 +51,27 @@ end_per_suite(_Config) ->
     ekka_mnesia:ensure_stopped().
 
 set_special_configs(emqx_management) ->
-    application:set_env(emqx, plugins_etc_dir,
-        emqx_ct_helpers:deps_path(emqx_management, "test")),
-    Conf = #{<<"emqx_management">> => #{
-        <<"listeners">> => [#{
-            <<"protocol">> => <<"http">>
-        }]}
-    },
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    emqx_config:put([emqx_management], #{listeners => [#{protocol => "http", port => 8081}],
+                                         default_application_id => <<"admin">>,
+                                         default_application_secret => <<"public">>}),
     ok;
 set_special_configs(_) ->
     ok.
 
 t_overview(_) ->
+    mnesia:clear_table(mqtt_admin),
+    emqx_dashboard_admin:add_user(<<"admin">>, <<"public">>, <<"tag">>),
     [?assert(request_dashboard(get, api_path(erlang:atom_to_list(Overview)), auth_header_()))|| Overview <- ?OVERVIEWS].
 
 t_admins_add_delete(_) ->
+    mnesia:clear_table(mqtt_admin),
     ok = emqx_dashboard_admin:add_user(<<"username">>, <<"password">>, <<"tag">>),
     ok = emqx_dashboard_admin:add_user(<<"username1">>, <<"password1">>, <<"tag1">>),
     Admins = emqx_dashboard_admin:all_users(),
-    ?assertEqual(3, length(Admins)),
+    ?assertEqual(2, length(Admins)),
     ok = emqx_dashboard_admin:remove_user(<<"username1">>),
     Users = emqx_dashboard_admin:all_users(),
-    ?assertEqual(2, length(Users)),
+    ?assertEqual(1, length(Users)),
     ok = emqx_dashboard_admin:change_password(<<"username">>, <<"password">>, <<"pwd">>),
     timer:sleep(10),
     ?assert(request_dashboard(get, api_path("brokers"), auth_header_("username", "pwd"))),
@@ -93,6 +80,8 @@ t_admins_add_delete(_) ->
     ?assertNotEqual(true, request_dashboard(get, api_path("brokers"), auth_header_("username", "pwd"))).
 
 t_rest_api(_Config) ->
+    mnesia:clear_table(mqtt_admin),
+    emqx_dashboard_admin:add_user(<<"admin">>, <<"public">>, <<"administrator">>),
     {ok, Res0} = http_get("users"),
 
     ?assertEqual([#{<<"username">> => <<"admin">>,
diff --git a/apps/emqx_data_bridge/etc/emqx_data_bridge.conf b/apps/emqx_data_bridge/etc/emqx_data_bridge.conf
index 696cadf05..c299b97a1 100644
--- a/apps/emqx_data_bridge/etc/emqx_data_bridge.conf
+++ b/apps/emqx_data_bridge/etc/emqx_data_bridge.conf
@@ -2,125 +2,128 @@
 ## EMQ X Bridge Plugin
 ##--------------------------------------------------------------------
 
-emqx_data_bridge.bridges: [
-#    {name: "mysql_bridge_1"
-#     type: mysql
-#     config: {
-#        server: "192.168.0.172:3306"
-#        database: mqtt
-#        pool_size: 1
-#        username: root
-#        password: public
-#        auto_reconnect: true
-#        ssl: false
-#     }
-#    }
-#   , {name: "pgsql_bridge_1"
-#     type: pgsql
-#     config: {
-#        server: "192.168.0.172:5432"
-#        database: mqtt
-#        pool_size: 1
-#        username: root
-#        password: public
-#        auto_reconnect: true
-#        ssl: false
-#     }
-#    }
-#   , {name: "mongodb_bridge_single"
-#     type: mongo
-#     config: {
-#        servers: "192.168.0.172:27017"
-#        mongo_type: single
-#        pool_size: 1
-#        login: root
-#        password: public
-#        auth_source: mqtt
-#        database: mqtt
-#        ssl: false
-#     }
-#    }
-#  ,{name: "mongodb_bridge_rs"
-#   type: mongo
-#   config: {
-#      servers: "127.0.0.1:27017"
-#      mongo_type: rs
-#      rs_set_name: rs_name
-#      pool_size: 1
-#      login: root
-#      password: public
-#      auth_source: mqtt
-#      database: mqtt
-#      ssl: false
-#   }
-#  }
-#  ,{name: "mongodb_bridge_shared"
-#   type: mongo
-#   config: {
-#      servers: "127.0.0.1:27017"
-#      mongo_type: shared
-#      pool_size: 1
-#      login: root
-#      password: public
-#      auth_source: mqtt
-#      database: mqtt
-#      ssl: false
-#      max_overflow: 1
-#      overflow_ttl:
-#      overflow_check_period: 10s
-#      local_threshold_ms: 10s
-#      connect_timeout_ms: 10s
-#      socket_timeout_ms: 10s
-#      server_selection_timeout_ms: 10s
-#      wait_queue_timeout_ms: 10s
-#      heartbeat_frequency_ms: 10s
-#      min_heartbeat_frequency_ms: 10s
-#   }
-#  }
-#  , {name: "redis_bridge_single"
-#    type: redis
-#    config: {
-#       servers: "192.168.0.172:6379"
-#       redis_type: single
-#       pool_size: 1
-#       database: 0
-#       password: public
-#       auto_reconnect: true
-#       ssl: false
-#    }
-#   }
-#  ,{name: "redis_bridge_sentinel"
-#   type: redis
-#   config: {
-#      servers: "127.0.0.1:6379, 127.0.0.2:6379, 127.0.0.3:6379"
-#      redis_type: sentinel
-#      sentinel_name: mymaster
-#      pool_size: 1
-#      database: 0
-#      ssl: false
-#   }
-#  }
-#  ,{name: "redis_bridge_cluster"
-#   type: redis
-#   config: {
-#      servers: "127.0.0.1:6379, 127.0.0.2:6379, 127.0.0.3:6379"
-#      redis_type: cluster
-#      pool_size: 1
-#      database: 0
-#      password: "public"
-#      ssl: false
-#   }
-#  }
-#  , {name: "ldap_bridge_1"
-#    type: ldap
-#    config: {
-#       servers: "192.168.0.172"
-#       port: 389
-#       bind_dn: "cn=root,dc=emqx,dc=io"
-#       bind_password: "public"
-#       timeout: 30s
-#       pool_size: 1
-#       ssl: false
-#    }
-#   }
-]
+emqx_data_bridge:{
+    bridges:[
+        #    {name: "mysql_bridge_1"
+        #     type: mysql
+        #     config: {
+        #        server: "192.168.0.172:3306"
+        #        database: mqtt
+        #        pool_size: 1
+        #        username: root
+        #        password: public
+        #        auto_reconnect: true
+        #        ssl: false
+        #     }
+        #    }
+        #   , {name: "pgsql_bridge_1"
+        #     type: pgsql
+        #     config: {
+        #        server: "192.168.0.172:5432"
+        #        database: mqtt
+        #        pool_size: 1
+        #        username: root
+        #        password: public
+        #        auto_reconnect: true
+        #        ssl: false
+        #     }
+        #    }
+        #   , {name: "mongodb_bridge_single"
+        #     type: mongo
+        #     config: {
+        #        servers: "192.168.0.172:27017"
+        #        mongo_type: single
+        #        pool_size: 1
+        #        login: root
+        #        password: public
+        #        auth_source: mqtt
+        #        database: mqtt
+        #        ssl: false
+        #     }
+        #    }
+        #  ,{name: "mongodb_bridge_rs"
+        #   type: mongo
+        #   config: {
+        #      servers: "127.0.0.1:27017"
+        #      mongo_type: rs
+        #      rs_set_name: rs_name
+        #      pool_size: 1
+        #      login: root
+        #      password: public
+        #      auth_source: mqtt
+        #      database: mqtt
+        #      ssl: false
+        #   }
+        #  }
+        #  ,{name: "mongodb_bridge_shared"
+        #   type: mongo
+        #   config: {
+        #      servers: "127.0.0.1:27017"
+        #      mongo_type: shared
+        #      pool_size: 1
+        #      login: root
+        #      password: public
+        #      auth_source: mqtt
+        #      database: mqtt
+        #      ssl: false
+        #      max_overflow: 1
+        #      overflow_ttl:
+        #      overflow_check_period: 10s
+        #      local_threshold_ms: 10s
+        #      connect_timeout_ms: 10s
+        #      socket_timeout_ms: 10s
+        #      server_selection_timeout_ms: 10s
+        #      wait_queue_timeout_ms: 10s
+        #      heartbeat_frequency_ms: 10s
+        #      min_heartbeat_frequency_ms: 10s
+        #   }
+        #  }
+        #  , {name: "redis_bridge_single"
+        #    type: redis
+        #    config: {
+        #       servers: "192.168.0.172:6379"
+        #       redis_type: single
+        #       pool_size: 1
+        #       database: 0
+        #       password: public
+        #       auto_reconnect: true
+        #       ssl: false
+        #    }
+        #   }
+        #  ,{name: "redis_bridge_sentinel"
+        #   type: redis
+        #   config: {
+        #      servers: "127.0.0.1:6379, 127.0.0.2:6379, 127.0.0.3:6379"
+        #      redis_type: sentinel
+        #      sentinel_name: mymaster
+        #      pool_size: 1
+        #      database: 0
+        #      ssl: false
+        #   }
+        #  }
+        #  ,{name: "redis_bridge_cluster"
+        #   type: redis
+        #   config: {
+        #      servers: "127.0.0.1:6379, 127.0.0.2:6379, 127.0.0.3:6379"
+        #      redis_type: cluster
+        #      pool_size: 1
+        #      database: 0
+        #      password: "public"
+        #      ssl: false
+        #   }
+        #  }
+        #  , {name: "ldap_bridge_1"
+        #    type: ldap
+        #    config: {
+        #       servers: "192.168.0.172"
+        #       port: 389
+        #       bind_dn: "cn=root,dc=emqx,dc=io"
+        #       bind_password: "public"
+        #       timeout: 30s
+        #       pool_size: 1
+        #       ssl: false
+        #    }
+        #   }
+
+    ]
+}
diff --git a/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl b/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
index 1ba7f2fc5..b4749af0e 100644
--- a/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
+++ b/apps/emqx_data_bridge/src/emqx_data_bridge_schema.erl
@@ -23,4 +23,4 @@ fields(mysql) -> ?BRIDGE_FIELDS(mysql);
 fields(pgsql) -> ?BRIDGE_FIELDS(pgsql);
 fields(mongo) -> ?BRIDGE_FIELDS(mongo);
 fields(redis) -> ?BRIDGE_FIELDS(redis);
-fields(ldap) -> ?BRIDGE_FIELDS(ldap).
\ No newline at end of file
+fields(ldap) -> ?BRIDGE_FIELDS(ldap).
diff --git a/apps/emqx_management/src/emqx_management.app.src b/apps/emqx_management/src/emqx_management.app.src
index fe68fef44..6cd38d928 100644
--- a/apps/emqx_management/src/emqx_management.app.src
+++ b/apps/emqx_management/src/emqx_management.app.src
@@ -1,6 +1,6 @@
 {application, emqx_management,
  [{description, "EMQ X Management API and CLI"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
+  {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_management_sup]},
   {applications, [kernel,stdlib,minirest]},
diff --git a/apps/emqx_management/src/emqx_management.appup.src b/apps/emqx_management/src/emqx_management.appup.src
deleted file mode 100644
index 06945afad..000000000
--- a/apps/emqx_management/src/emqx_management.appup.src
+++ /dev/null
@@ -1,13 +0,0 @@
-%% -*- mode: erlang -*-
-{VSN,
- [ {<<"4.3.[0-2]">>,
-    [ {restart_application, emqx_management}
-    ]},
-   {<<".*">>, []}
- ],
- [ {<<"4.3.[0-2]">>,
-    [ {restart_application, emqx_management}
-    ]},
-   {<<".*">>, []}
- ]
-}.
diff --git a/apps/emqx_management/src/emqx_management_schema.erl b/apps/emqx_management/src/emqx_management_schema.erl
index 02f3e2f1a..0b99d1046 100644
--- a/apps/emqx_management/src/emqx_management_schema.erl
+++ b/apps/emqx_management/src/emqx_management_schema.erl
@@ -28,7 +28,7 @@ fields("emqx_management") ->
     [ {default_application_id, fun default_application_id/1}
     , {default_application_secret, fun default_application_secret/1}
     , {max_row_limit, fun max_row_limit/1}
-    , {listeners, hoconsc:array(hoconsc:union([hoconsc:ref("http"), hoconsc:ref("https")]))}
+    , {listeners, hoconsc:array(hoconsc:union([hoconsc:ref(?MODULE, "http"), hoconsc:ref(?MODULE, "https")]))}
     ];
 
 fields("http") ->
diff --git a/apps/emqx_management/src/emqx_mgmt.erl b/apps/emqx_management/src/emqx_mgmt.erl
index ce83b9b71..1aea90459 100644
--- a/apps/emqx_management/src/emqx_mgmt.erl
+++ b/apps/emqx_management/src/emqx_mgmt.erl
@@ -525,7 +525,7 @@ check_row_limit([Tab|Tables], Limit) ->
     end.
 
 max_row_limit() ->
-    application:get_env(?APP, max_row_limit, ?MAX_ROW_LIMIT).
+    emqx_config:get([?APP, max_row_limit], ?MAX_ROW_LIMIT).
 
 table_size(Tab) -> ets:info(Tab, size).
 
diff --git a/apps/emqx_management/src/emqx_mgmt_api_plugins.erl b/apps/emqx_management/src/emqx_mgmt_api_plugins.erl
index e4908aeff..369ad6782 100644
--- a/apps/emqx_management/src/emqx_mgmt_api_plugins.erl
+++ b/apps/emqx_management/src/emqx_mgmt_api_plugins.erl
@@ -106,10 +106,8 @@ format({Node, Plugins}) ->
 
 format(#plugin{name = Name,
                descr = Descr,
-               active = Active,
-               type = Type}) ->
+               active = Active}) ->
     #{name => Name,
       description => iolist_to_binary(Descr),
-      active => Active,
-      type => Type}.
+      active => Active}.
 
diff --git a/apps/emqx_management/src/emqx_mgmt_app.erl b/apps/emqx_management/src/emqx_mgmt_app.erl
index 7161435f6..48d57f232 100644
--- a/apps/emqx_management/src/emqx_mgmt_app.erl
+++ b/apps/emqx_management/src/emqx_mgmt_app.erl
@@ -29,11 +29,6 @@
 -include("emqx_mgmt.hrl").
 
 start(_Type, _Args) ->
-    Conf = filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'),
-    {ok, RawConf} = hocon:load(Conf),
-    #{emqx_management := Config} =
-        hocon_schema:check_plain(emqx_management_schema, RawConf, #{atom_key => true}),
-    [application:set_env(?APP, Key, maps:get(Key, Config)) || Key <- maps:keys(Config)],
     {ok, Sup} = emqx_mgmt_sup:start_link(),
     ok = ekka_rlog:wait_for_shards([?MANAGEMENT_SHARD], infinity),
     _ = emqx_mgmt_auth:add_default_app(),
diff --git a/apps/emqx_management/src/emqx_mgmt_auth.erl b/apps/emqx_management/src/emqx_mgmt_auth.erl
index 297de0196..fbba0b2a4 100644
--- a/apps/emqx_management/src/emqx_mgmt_auth.erl
+++ b/apps/emqx_management/src/emqx_mgmt_auth.erl
@@ -68,14 +68,14 @@ mnesia(copy) ->
 %%--------------------------------------------------------------------
 -spec(add_default_app() -> ok | {ok, appsecret()} | {error, term()}).
 add_default_app() ->
-    AppId = application:get_env(?APP, default_application_id, undefined),
-    AppSecret = application:get_env(?APP, default_application_secret, undefined),
+    AppId = emqx_config:get([?APP, default_application_id], undefined),
+    AppSecret = emqx_config:get([?APP, default_application_secret], undefined),
     case {AppId, AppSecret} of
         {undefined, _} -> ok;
         {_, undefined} -> ok;
         {_, _} ->
-            AppId1 = erlang:list_to_binary(AppId),
-            AppSecret1 = erlang:list_to_binary(AppSecret),
+            AppId1 = to_binary(AppId),
+            AppSecret1 = to_binary(AppSecret),
             add_app(AppId1, <<"Default">>, AppSecret1, <<"Application user">>, true, undefined)
     end.
 
@@ -210,3 +210,6 @@ is_authorized(AppId, AppSecret) ->
 
 is_expired(undefined) -> true;
 is_expired(Expired)   -> Expired >= erlang:system_time(second).
+
+to_binary(L) when is_list(L) -> list_to_binary(L);
+to_binary(B) when is_binary(B) -> B.
diff --git a/apps/emqx_management/src/emqx_mgmt_http.erl b/apps/emqx_management/src/emqx_mgmt_http.erl
index c23219e5d..ecf204128 100644
--- a/apps/emqx_management/src/emqx_mgmt_http.erl
+++ b/apps/emqx_management/src/emqx_mgmt_http.erl
@@ -80,7 +80,7 @@ stop_listener({Proto, Port, _}) ->
 listeners() ->
     [{list_to_atom(Protocol), Port, maps:to_list(maps:without([protocol, port], Map))}
         || Map = #{protocol := Protocol,port := Port}
-        <- application:get_env(?APP, listeners, [])].
+        <- emqx_config:get([emqx_management, listeners], [])].
 
 listener_name(Proto) ->
     list_to_atom(atom_to_list(Proto) ++ ":management").
diff --git a/apps/emqx_management/test/emqx_mgmt_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
index f14cc0fef..415bfca2e 100644
--- a/apps/emqx_management/test/emqx_mgmt_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_SUITE.erl
@@ -29,50 +29,19 @@
 -define(LOG_HANDLER_ID, [file, default]).
 
 all() ->
-    [{group, manage_apps},
-     {group, check_cli}].
-
-groups() ->
-    [{manage_apps, [sequence],
-      [t_app
-      ]},
-      {check_cli, [sequence],
-       [t_cli,
-        t_log_cmd,
-        t_mgmt_cmd,
-        t_status_cmd,
-        t_clients_cmd,
-        t_vm_cmd,
-        t_plugins_cmd,
-        t_trace_cmd,
-        t_broker_cmd,
-        t_router_cmd,
-        t_subscriptions_cmd,
-        t_listeners_cmd_old,
-        t_listeners_cmd_new
-       ]}].
-
-apps() ->
-    [emqx_management, emqx_retainer].
+    emqx_ct:all(?MODULE).
 
 init_per_suite(Config) ->
     ekka_mnesia:start(),
     emqx_mgmt_auth:mnesia(boot),
-    emqx_ct_helpers:start_apps(apps(), fun set_special_configs/1),
+    emqx_ct_helpers:start_apps([emqx_retainer, emqx_management], fun set_special_configs/1),
     Config.
 
 end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps(apps()).
+    emqx_ct_helpers:stop_apps([emqx_management, emqx_retainer]).
 
 set_special_configs(emqx_management) ->
-    application:set_env(emqx, plugins_etc_dir,
-        emqx_ct_helpers:deps_path(emqx_management, "test")),
-    Conf = #{<<"emqx_management">> => #{
-        <<"listeners">> => [#{
-            <<"protocol">> => <<"http">>
-        }]}
-    },
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    emqx_config:put([emqx_management], #{listeners => [#{protocol => "http", port => 8081}]}),
     ok;
 set_special_configs(_App) ->
     ok.
diff --git a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
index 0785b9563..66d9328a6 100644
--- a/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
+++ b/apps/emqx_management/test/emqx_mgmt_api_SUITE.erl
@@ -51,14 +51,9 @@ end_per_testcase(_, Config) ->
     Config.
 
 set_special_configs(emqx_management) ->
-    application:set_env(emqx, plugins_etc_dir,
-        emqx_ct_helpers:deps_path(emqx_management, "test")),
-    Conf = #{<<"emqx_management">> => #{
-        <<"listeners">> => [#{
-            <<"protocol">> => <<"http">>
-        }]}
-    },
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    emqx_config:put([emqx_management], #{listeners => [#{protocol => "http", port => 8081}],
+                                         default_application_id => <<"admin">>,
+                                         default_application_secret => <<"public">>}),
     ok;
 set_special_configs(_App) ->
     ok.
diff --git a/apps/emqx_modules/src/emqx_modules.erl b/apps/emqx_modules/src/emqx_modules.erl
index 6610a4716..11b4cdcbe 100644
--- a/apps/emqx_modules/src/emqx_modules.erl
+++ b/apps/emqx_modules/src/emqx_modules.erl
@@ -143,6 +143,8 @@ cli(_) ->
                     {"modules reload <Module>", "Reload module"}
                    ]).
 
+name(Name) when is_binary(Name) ->
+    name(binary_to_atom(Name, utf8));
 name(delayed) -> emqx_mod_delayed;
 name(presence) -> emqx_mod_presence;
 name(recon) -> emqx_mod_recon;
diff --git a/apps/emqx_modules/test/emqx_modules_SUITE.erl b/apps/emqx_modules/test/emqx_modules_SUITE.erl
index db85cbd0e..897c73d50 100644
--- a/apps/emqx_modules/test/emqx_modules_SUITE.erl
+++ b/apps/emqx_modules/test/emqx_modules_SUITE.erl
@@ -37,15 +37,9 @@ init_per_suite(Config) ->
     Config.
 
 set_special_configs(emqx_management) ->
-    application:set_env(emqx, modules_loaded_file, emqx_ct_helpers:deps_path(emqx, "test/emqx_SUITE_data/loaded_modules")),
-    application:set_env(emqx, plugins_etc_dir,
-        emqx_ct_helpers:deps_path(emqx_management, "test")),
-    Conf = #{<<"emqx_management">> => #{
-        <<"listeners">> => [#{
-            <<"protocol">> => <<"http">>
-        }]}
-    },
-    ok = file:write_file(filename:join(emqx:get_env(plugins_etc_dir), 'emqx_management.conf'), jsx:encode(Conf)),
+    emqx_config:put([emqx_management], #{listeners => [#{protocol => "http", port => 8081}],
+                                         default_application_id => <<"admin">>,
+                                         default_application_secret => <<"public">>}),
     ok;
 set_special_configs(_) ->
     ok.
diff --git a/apps/emqx_sn/vars b/apps/emqx_sn/vars
index a170916f3..e39aa2801 100644
--- a/apps/emqx_sn/vars
+++ b/apps/emqx_sn/vars
@@ -5,4 +5,4 @@
 {platform_etc_dir,  "etc"}.
 {platform_lib_dir,  "lib"}.
 {platform_log_dir,  "log"}.
-{platform_plugins_dir,  "plugins"}.
+{platform_plugins_dir,  "data/plugins"}.
diff --git a/data/loaded_plugins.tmpl b/data/loaded_plugins.tmpl
deleted file mode 100644
index dc23386dc..000000000
--- a/data/loaded_plugins.tmpl
+++ /dev/null
@@ -1,3 +0,0 @@
-{emqx_management, true}.
-{emqx_dashboard, true}.
-{emqx_retainer, {{enable_plugin_emqx_retainer}}}.
diff --git a/rebar.config.erl b/rebar.config.erl
index 13bbb1c15..01abf254f 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -127,8 +127,9 @@ prod_compile_opts() ->
 prod_overrides() ->
     [{add, [ {erl_opts, [deterministic]}]}].
 
-relup_deps(Profile) ->
-    {post_hooks, [{"(linux|darwin|solaris|freebsd|netbsd|openbsd)", compile, "scripts/inject-deps.escript " ++ atom_to_list(Profile)}]}.
+relup_deps(_Profile) ->
+    % {post_hooks, [{"(linux|darwin|solaris|freebsd|netbsd|openbsd)", compile, "scripts/inject-deps.escript " ++ atom_to_list(Profile)}]}.
+    {post_hooks, []}.
 
 profiles() ->
     Vsn = get_vsn(),
@@ -192,9 +193,8 @@ overlay_vars_rel(RelType) ->
                  cloud -> "vm.args";
                  edge -> "vm.args.edge"
              end,
-    [
-      {enable_plugin_emqx_retainer, true}
-    , {vm_args_file, VmArgs}
+
+    [ {vm_args_file, VmArgs}
     ].
 
 %% vars per packaging type, bin(zip/tar.gz/docker) or pkg(rpm/deb)
@@ -204,7 +204,7 @@ overlay_vars_pkg(bin) ->
     , {platform_etc_dir, "etc"}
     , {platform_lib_dir, "lib"}
     , {platform_log_dir, "log"}
-    , {platform_plugins_dir,  "etc/plugins"}
+    , {platform_plugins_dir, "plugins"}
     , {runner_root_dir, "$(cd $(dirname $(readlink $0 || echo $0))/..; pwd -P)"}
     , {runner_bin_dir, "$RUNNER_ROOT_DIR/bin"}
     , {runner_etc_dir, "$RUNNER_ROOT_DIR/etc"}
@@ -219,7 +219,7 @@ overlay_vars_pkg(pkg) ->
     , {platform_etc_dir, "/etc/emqx"}
     , {platform_lib_dir, ""}
     , {platform_log_dir, "/var/log/emqx"}
-    , {platform_plugins_dir, "/var/lib/emqx/plugins"}
+    , {platform_plugins_dir, "/var/lib/enqx/plugins"}
     , {runner_root_dir, "/usr/lib/emqx"}
     , {runner_bin_dir, "/usr/bin"}
     , {runner_etc_dir, "/etc/emqx"}
@@ -255,8 +255,12 @@ relx_apps(ReleaseType) ->
     , emqx_connector
     , emqx_data_bridge
     , emqx_rule_engine
+    , emqx_rule_actions
     , emqx_bridge_mqtt
     , emqx_modules
+    , emqx_management
+    , emqx_retainer
+    , emqx_statsd
     ]
     ++ [emqx_telemetry || not is_enterprise()]
     ++ [emqx_license || is_enterprise()]
@@ -279,25 +283,13 @@ is_app(Name) ->
     end.
 
 relx_plugin_apps(ReleaseType) ->
-    [ emqx_retainer
-    , emqx_management
-    , emqx_dashboard
-    , emqx_sn
-    , emqx_coap
-    , emqx_stomp
-    , emqx_statsd
-    , emqx_rule_actions
-    ]
+    []
     ++ relx_plugin_apps_per_rel(ReleaseType)
     ++ relx_plugin_apps_enterprise(is_enterprise())
     ++ relx_plugin_apps_extra().
 
 relx_plugin_apps_per_rel(cloud) ->
-    [ emqx_lwm2m
-    , emqx_exhook
-    , emqx_exproto
-    , emqx_prometheus
-    ];
+    [];
 relx_plugin_apps_per_rel(edge) ->
     [].
 
@@ -313,11 +305,11 @@ relx_plugin_apps_extra() ->
 relx_overlay(ReleaseType) ->
     [ {mkdir, "log/"}
     , {mkdir, "data/"}
+    , {mkdir, "plugins"}
     , {mkdir, "data/mnesia"}
     , {mkdir, "data/configs"}
     , {mkdir, "data/patches"}
     , {mkdir, "data/scripts"}
-    , {template, "data/loaded_plugins.tmpl", "data/loaded_plugins"}
     , {template, "data/emqx_vars", "releases/emqx_vars"}
     , {template, "data/BUILT_ON", "releases/{{release_version}}/BUILT_ON"}
     , {copy, "bin/emqx", "bin/emqx"}
@@ -337,12 +329,8 @@ relx_overlay(ReleaseType) ->
          end.
 
 etc_overlay(ReleaseType) ->
-    PluginApps = relx_plugin_apps(ReleaseType),
-    Templates = emqx_etc_overlay(ReleaseType) ++
-                lists:append([plugin_etc_overlays(App) || App <- PluginApps]) ++
-                [community_plugin_etc_overlays(App) || App <- relx_plugin_apps_extra()],
+    Templates = emqx_etc_overlay(ReleaseType),
     [ {mkdir, "etc/"}
-    , {mkdir, "etc/plugins"}
     , {copy, "{{base_dir}}/lib/emqx/etc/certs","etc/"}
     ] ++
     lists:map(
@@ -352,7 +340,7 @@ etc_overlay(ReleaseType) ->
     ++ extra_overlay(ReleaseType).
 
 extra_overlay(cloud) ->
-    [ {copy,"{{base_dir}}/lib/emqx_lwm2m/lwm2m_xml","etc/"}
+    [
     ];
 extra_overlay(edge) ->
     [].
@@ -366,42 +354,9 @@ emqx_etc_overlay(edge) ->
     ].
 
 emqx_etc_overlay_common() ->
-    [{"{{base_dir}}/lib/emqx/etc/acl.conf", "etc/acl.conf"},
-     {"{{base_dir}}/lib/emqx/etc/emqx.conf", "etc/emqx.conf"},
-     {"{{base_dir}}/lib/emqx/etc/ssl_dist.conf", "etc/ssl_dist.conf"},
-     {"{{base_dir}}/lib/emqx_data_bridge/etc/emqx_data_bridge.conf", "etc/plugins/emqx_data_bridge.conf"},
-     {"{{base_dir}}/lib/emqx_telemetry/etc/emqx_telemetry.conf", "etc/plugins/emqx_telemetry.conf"},
-     {"{{base_dir}}/lib/emqx_authn/etc/emqx_authn.conf", "etc/plugins/emqx_authn.conf"},
-     {"{{base_dir}}/lib/emqx_authz/etc/emqx_authz.conf", "etc/plugins/authz.conf"},
-     {"{{base_dir}}/lib/emqx_rule_engine/etc/emqx_rule_engine.conf", "etc/plugins/emqx_rule_engine.conf"},
-     {"{{base_dir}}/lib/emqx_bridge_mqtt/etc/emqx_bridge_mqtt.conf", "etc/plugins/emqx_bridge_mqtt.conf"},
-     {"{{base_dir}}/lib/emqx_modules/etc/emqx_modules.conf", "etc/plugins/emqx_modules.conf"},
-     %% TODO: check why it has to end with .paho
-     %% and why it is put to etc/plugins dir
-     {"{{base_dir}}/lib/emqx/etc/acl.conf.paho", "etc/plugins/acl.conf.paho"}].
-
-plugin_etc_overlays(App0) ->
-    App = atom_to_list(App0),
-    ConfFiles = find_conf_files(App),
-    %% NOTE: not filename:join here since relx translates it for windows
-    [{"{{base_dir}}/lib/"++ App ++"/etc/" ++ F, "etc/plugins/" ++ F}
-     || F <- ConfFiles].
-
-community_plugin_etc_overlays(App0) ->
-    App = atom_to_list(App0),
-    {"{{base_dir}}/lib/"++ App ++"/etc/" ++ App ++ ".conf", "etc/plugins/" ++ App ++ ".conf"}.
-
-%% NOTE: for apps fetched as rebar dependency (there is so far no such an app)
-%% the overlay should be hand-coded but not to rely on build-time wildcards.
-find_conf_files(App) ->
-    Dir1 = filename:join(["apps", App, "etc"]),
-    filelib:wildcard("*.conf", Dir1) ++
-    case is_enterprise() of
-        true ->
-            Dir2 = filename:join(["lib-ee", App, "etc"]),
-            filelib:wildcard("*.conf", Dir2);
-        false -> []
-    end.
+    [ {"{{base_dir}}/lib/emqx/etc/emqx.conf.all", "etc/emqx.conf"}
+    , {"{{base_dir}}/lib/emqx/etc/ssl_dist.conf", "etc/ssl_dist.conf"}
+    ].
 
 get_vsn() ->
     PkgVsn = os:cmd("./pkg-vsn.sh"),
diff --git a/scripts/find-apps.sh b/scripts/find-apps.sh
index 54467b62b..e437c49c5 100755
--- a/scripts/find-apps.sh
+++ b/scripts/find-apps.sh
@@ -7,7 +7,7 @@ cd -P -- "$(dirname -- "$0")/.."
 
 find_app() {
     local appdir="$1"
-    find "${appdir}" -mindepth 1 -maxdepth 1 -type d | grep -vE "emqx_exhook|emqx_exproto|emqx_lwm2m|emqx_sn|emqx_coap|emqx_stomp"
+    find "${appdir}" -mindepth 1 -maxdepth 1 -type d | grep -vE "emqx_exhook|emqx_exproto|emqx_lwm2m|emqx_sn|emqx_coap|emqx_stomp|emqx_dashboard"
 }
 
 find_app 'apps'
diff --git a/scripts/merge-config.escript b/scripts/merge-config.escript
new file mode 100755
index 000000000..a0fbdb4b3
--- /dev/null
+++ b/scripts/merge-config.escript
@@ -0,0 +1,36 @@
+#!/usr/bin/env escript
+
+%% This script reads up emqx.conf and split the sections
+%% and dump sections to separate files.
+%% Sections are grouped between CONFIG_SECTION_BGN and
+%% CONFIG_SECTION_END pairs
+%%
+%% NOTE: this feature is so far not used in opensource
+%% edition due to backward-compatibility reasons.
+
+-mode(compile).
+
+main(_) ->
+    BaseConf = "apps/emqx/etc/emqx.conf",
+    {ok, Bin} = file:read_file(BaseConf),
+    Apps = filelib:wildcard("emqx_*", "apps/"),
+    Conf = lists:foldl(fun(App, Acc) ->
+        case lists:member(App, ["emqx_exhook",
+                                "emqx_exproto",
+                                "emqx_lwm2m",
+                                "emqx_sn",
+                                "emqx_coap",
+                                "emqx_stomp",
+                                "emqx_dashboard"]) of
+            true -> Acc;
+            false ->
+                Filename = filename:join([apps, App, "etc", App]) ++ ".conf",
+                case filelib:is_regular(Filename) of
+                    true ->
+                        {ok, Bin1} = file:read_file(Filename),
+                        <<Acc/binary, "\r\n", Bin1/binary>>;
+                    false -> Acc
+                end
+        end
+    end, Bin, Apps),
+    ok = file:write_file("apps/emqx/etc/emqx.conf.all", Conf).

From 390b28a25d65917a49851f8779cc263dd97dc374 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 2 Jul 2021 14:40:19 +0800
Subject: [PATCH 152/174] fix: join cluster fail

---
 apps/emqx/src/emqx.erl | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/apps/emqx/src/emqx.erl b/apps/emqx/src/emqx.erl
index 0a290ff4a..bd46ddc03 100644
--- a/apps/emqx/src/emqx.erl
+++ b/apps/emqx/src/emqx.erl
@@ -239,7 +239,7 @@ default_started_applications() ->
     [gproc, esockd, ranch, cowboy, ekka, quicer, emqx].
 -else.
 default_started_applications() ->
-    [gproc, esockd, ranch, cowboy, ekka, quicer, emqx, emqx_modules].
+    [gproc, esockd, ranch, cowboy, ekka, quicer, emqx] ++ emqx_feature().
 -endif.
 
 %%--------------------------------------------------------------------
@@ -252,3 +252,19 @@ reload_config(ConfFile) ->
                       [application:set_env(App, Par, Val) || {Par, Val} <- Vals]
                   end, Conf).
 
+
+emqx_feature() ->
+    [ emqx_authn
+    , emqx_authz
+    , observer_cli
+    , emqx_http_lib
+    , emqx_resource
+    , emqx_connector
+    , emqx_data_bridge
+    , emqx_rule_engine
+    , emqx_rule_actions
+    , emqx_bridge_mqtt
+    , emqx_modules
+    , emqx_management
+    , emqx_retainer
+    , emqx_statsd].

From b93ec0a83aed11cbd9af146455b91e4660814896 Mon Sep 17 00:00:00 2001
From: Rory Z <Rory-Z@outlook.com>
Date: Fri, 2 Jul 2021 15:03:05 +0800
Subject: [PATCH 153/174] chore(CI): fix github workflows error (#1)

---
 .github/workflows/build_slim_packages.yaml |  2 +-
 .github/workflows/run_fvt_tests.yaml       | 20 ++++++++++++++++++--
 deploy/docker/docker-entrypoint.sh         | 22 ----------------------
 3 files changed, 19 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml
index 1f79b9ab2..30768e023 100644
--- a/.github/workflows/build_slim_packages.yaml
+++ b/.github/workflows/build_slim_packages.yaml
@@ -112,7 +112,7 @@ jobs:
         ./emqx/bin/emqx start || cat emqx/log/erlang.log.1
         ready='no'
         for i in {1..10}; do
-          if curl -fs 127.0.0.1:18083 > /dev/null; then
+          if curl -fs 127.0.0.1:8081/status > /dev/null; then
             ready='yes'
             break
           fi
diff --git a/.github/workflows/run_fvt_tests.yaml b/.github/workflows/run_fvt_tests.yaml
index e414537b9..280173bf7 100644
--- a/.github/workflows/run_fvt_tests.yaml
+++ b/.github/workflows/run_fvt_tests.yaml
@@ -131,11 +131,27 @@ jobs:
               echo "waiting emqx started";
               sleep 10;
             done
-        - name: get pods log
+        - name: get emqx-0 pods log
           if: failure()
           env:
             KUBECONFIG: "/etc/rancher/k3s/k3s.yaml"
-          run: kubectl describe pods emqx-0
+          run: |
+            kubectl describe pods emqx-0
+            kubectl logs emqx-0
+        - name: get emqx-1 pods log
+          if: failure()
+          env:
+            KUBECONFIG: "/etc/rancher/k3s/k3s.yaml"
+          run: |
+            kubectl describe pods emqx-1
+            kubectl logs emqx-1
+        - name: get emqx-2 pods log
+          if: failure()
+          env:
+            KUBECONFIG: "/etc/rancher/k3s/k3s.yaml"
+          run: |
+            kubectl describe pods emqx-2
+            kubectl logs emqx-2
         - uses: actions/checkout@v2
           with:
             repository: emqx/paho.mqtt.testing
diff --git a/deploy/docker/docker-entrypoint.sh b/deploy/docker/docker-entrypoint.sh
index 16b6cb077..24498dc10 100755
--- a/deploy/docker/docker-entrypoint.sh
+++ b/deploy/docker/docker-entrypoint.sh
@@ -20,8 +20,6 @@ LOCAL_IP=$(hostname -i | grep -oE '((25[0-5]|(2[0-4]|1[0-9]|[1-9]|)[0-9])\.){3}(
 # Base settings in /opt/emqx/etc/emqx.conf
 # Plugin settings in /opt/emqx/etc/plugins
 
-_EMQX_HOME='/opt/emqx'
-
 if [[ -z "$EMQX_NAME" ]]; then
     EMQX_NAME="$(hostname)"
     export EMQX_NAME
@@ -109,26 +107,6 @@ fill_tuples() {
     done
 }
 
-## EMQX Plugin load settings
-# Plugins loaded by default
-LOADED_PLUGINS="$_EMQX_HOME/data/loaded_plugins"
-if [[ -n "$EMQX_LOADED_PLUGINS" ]]; then
-    EMQX_LOADED_PLUGINS=$(echo "$EMQX_LOADED_PLUGINS" | tr -d '[:cntrl:]' | sed -r -e 's/^[^A-Za-z0-9_]+//g' -e 's/[^A-Za-z0-9_]+$//g' -e 's/[^A-Za-z0-9_]+/ /g')
-    echo "EMQX_LOADED_PLUGINS=$EMQX_LOADED_PLUGINS"
-    # Parse module names and place `{module_name, true}.` tuples in `loaded_plugins`.
-    fill_tuples "$LOADED_PLUGINS" "$EMQX_LOADED_PLUGINS"
-fi
-
-## EMQX Modules load settings
-# Modules loaded by default
-LOADED_MODULES="$_EMQX_HOME/data/loaded_modules"
-if [[ -n "$EMQX_LOADED_MODULES" ]]; then
-    EMQX_LOADED_MODULES=$(echo "$EMQX_LOADED_MODULES" | tr -d '[:cntrl:]' | sed -r -e 's/^[^A-Za-z0-9_]+//g' -e 's/[^A-Za-z0-9_]+$//g' -e 's/[^A-Za-z0-9_]+/ /g')
-    echo "EMQX_LOADED_MODULES=$EMQX_LOADED_MODULES"
-    # Parse module names and place `{module_name, true}.` tuples in `loaded_modules`.
-    fill_tuples "$LOADED_MODULES" "$EMQX_LOADED_MODULES"
-fi
-
 # The default rpc port discovery 'stateless' is mostly for clusters
 # having static node names. So it's troulbe-free for multiple emqx nodes
 # running on the same host.

From 41870a00b31f757187794354d0048cec2d4bc56e Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 2 Jul 2021 16:16:17 +0800
Subject: [PATCH 154/174] chore: fix emqx_retainer test cases

---
 apps/emqx_retainer/test/emqx_retainer_SUITE.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/emqx_retainer/test/emqx_retainer_SUITE.erl b/apps/emqx_retainer/test/emqx_retainer_SUITE.erl
index 1a0a00a1c..4f549a385 100644
--- a/apps/emqx_retainer/test/emqx_retainer_SUITE.erl
+++ b/apps/emqx_retainer/test/emqx_retainer_SUITE.erl
@@ -31,6 +31,7 @@ all() -> emqx_ct:all(?MODULE).
 %%--------------------------------------------------------------------
 
 init_per_suite(Config) ->
+    application:stop(emqx_retainer),
     emqx_ct_helpers:start_apps([emqx_retainer], fun set_special_configs/1),
     Config.
 
@@ -172,7 +173,6 @@ t_clean(_) ->
     emqtt:publish(C1, <<"retained/0">>, <<"this is a retained message 0">>, [{qos, 0}, {retain, true}]),
     emqtt:publish(C1, <<"retained/1">>, <<"this is a retained message 1">>, [{qos, 0}, {retain, true}]),
     emqtt:publish(C1, <<"retained/test/0">>, <<"this is a retained message 2">>, [{qos, 0}, {retain, true}]),
-
     {ok, #{}, [0]} = emqtt:subscribe(C1, <<"retained/#">>, [{qos, 0}, {rh, 0}]),
     ?assertEqual(3, length(receive_messages(3))),
 

From 82d0f2b016c23c1e4786a5aac9d9cf03b85b97b0 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 29 Jun 2021 16:20:58 +0200
Subject: [PATCH 155/174] feat(quic): Add tests and support more listener
 option

- support option `active_n`
- add quic group in emqx_mqtt_protocol_v5_SUITE
- fix rate limit
---
 apps/emqx/src/emqx_connection.erl             |   8 +-
 apps/emqx/src/emqx_listeners.erl              |   1 +
 apps/emqx/src/emqx_quic_stream.erl            |   5 +-
 apps/emqx/src/emqx_schema.erl                 |   3 +-
 .../emqx/test/emqx_mqtt_protocol_v5_SUITE.erl | 470 ++++++++++--------
 5 files changed, 276 insertions(+), 211 deletions(-)

diff --git a/apps/emqx/src/emqx_connection.erl b/apps/emqx/src/emqx_connection.erl
index 8e3ee400b..7300281d7 100644
--- a/apps/emqx/src/emqx_connection.erl
+++ b/apps/emqx/src/emqx_connection.erl
@@ -447,7 +447,7 @@ handle_msg({Closed, _Sock}, State)
     handle_info({sock_closed, Closed}, close_socket(State));
 
 handle_msg({Passive, _Sock}, State)
-  when Passive == tcp_passive; Passive == ssl_passive ->
+  when Passive == tcp_passive; Passive == ssl_passive; Passive =:= quic_passive ->
     %% In Stats
     Pubs = emqx_pd:reset_counter(incoming_pubs),
     Bytes = emqx_pd:reset_counter(incoming_bytes),
@@ -738,9 +738,15 @@ handle_info({sock_error, Reason}, State) ->
     end,
     handle_info({sock_closed, Reason}, close_socket(State));
 
+handle_info({quic, peer_send_shutdown, _Stream}, State) ->
+    handle_info({sock_closed, force}, close_socket(State));
+
 handle_info({quic, closed, _Channel, ReasonFlag}, State) ->
     handle_info({sock_closed, ReasonFlag}, State);
 
+handle_info({quic, closed, _Stream}, State) ->
+    handle_info({sock_closed, force}, State);
+
 handle_info(Info, State) ->
     with_channel(handle_info, [Info], State).
 
diff --git a/apps/emqx/src/emqx_listeners.erl b/apps/emqx/src/emqx_listeners.erl
index c7d42e2e4..48e99926d 100644
--- a/apps/emqx/src/emqx_listeners.erl
+++ b/apps/emqx/src/emqx_listeners.erl
@@ -157,6 +157,7 @@ start_listener(quic, ListenOn, Options) ->
     ConnectionOpts = [ {conn_callback, emqx_quic_connection}
                      , {peer_unidi_stream_count, 1}
                      , {peer_bidi_stream_count, 10}
+                       | Options
                      ],
     StreamOpts = [],
     quicer:start_listener('mqtt:quic', ListenOn, {ListenOpts, ConnectionOpts, StreamOpts}).
diff --git a/apps/emqx/src/emqx_quic_stream.erl b/apps/emqx/src/emqx_quic_stream.erl
index e5cd4c3fc..64e851758 100644
--- a/apps/emqx/src/emqx_quic_stream.erl
+++ b/apps/emqx/src/emqx_quic_stream.erl
@@ -52,7 +52,8 @@ getstat(Socket, Stats) ->
         Res -> Res
     end.
 
-setopts(_Socket, _Opts) ->
+setopts(Socket, Opts) ->
+    [ quicer:setopt(Socket, Opt, V) || {Opt, V} <- Opts ],
     ok.
 
 getopts(_Socket, _Opts) ->
@@ -64,7 +65,7 @@ getopts(_Socket, _Opts) ->
           {buffer,80000}]}.
 
 fast_close(Stream) ->
-    quicer:close_stream(Stream),
+    quicer:async_close_stream(Stream),
     %% Stream might be closed already.
     ok.
 
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 440dd8117..d32073ee5 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -392,8 +392,7 @@ fields("wss_listener_settings") ->
     lists:keydelete("high_watermark", 1, Settings);
 
 fields("quic_listener_settings") ->
-    Unsupported = [ "active_n"
-                  , "access"
+    Unsupported = [ "access"
                   , "proxy_protocol"
                   , "proxy_protocol_timeout"
                   , "backlog"
diff --git a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
index ab4d96eea..2f3048277 100644
--- a/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
+++ b/apps/emqx/test/emqx_mqtt_protocol_v5_SUITE.erl
@@ -23,6 +23,7 @@
 -include_lib("emqx/include/emqx_mqtt.hrl").
 -include_lib("eunit/include/eunit.hrl").
 -include_lib("snabbkaffe/include/snabbkaffe.hrl").
+-include_lib("common_test/include/ct.hrl").
 
 -import(lists, [nth/2]).
 
@@ -32,18 +33,37 @@
 -define(WILD_TOPICS, [<<"TopicA/+">>, <<"+/C">>, <<"#">>, <<"/#">>, <<"/+">>,
                       <<"+/+">>, <<"TopicA/#">>]).
 
-all() -> emqx_ct:all(?MODULE).
+all() ->
+    [ {group, tcp}
+    , {group, quic}
+    ].
+
+groups() ->
+    TCs = emqx_ct:all(?MODULE),
+    [ {tcp,  [], TCs}
+    , {quic, [], TCs}
+    ].
+
+init_per_group(tcp, Config) ->
+    emqx_ct_helpers:start_apps([]),
+    [ {port, 1883}, {conn_fun, connect} | Config];
+init_per_group(quic, Config) ->
+    emqx_ct_helpers:start_apps([]),
+    [ {port, 14567}, {conn_fun, quic_connect} | Config];
+init_per_group(_, Config) ->
+    emqx_ct_helpers:stop_apps([]),
+    Config.
+
+end_per_group(_Group, _Config) ->
+    ok.
 
 init_per_suite(Config) ->
-    %% Meck emqtt
-    ok = meck:new(emqtt, [non_strict, passthrough, no_history, no_link]),
     %% Start Apps
     emqx_ct_helpers:boot_modules(all),
     emqx_ct_helpers:start_apps([]),
     Config.
 
 end_per_suite(_Config) ->
-    ok = meck:unload(emqtt),
     emqx_ct_helpers:stop_apps([]).
 
 init_per_testcase(TestCase, Config) ->
@@ -97,9 +117,10 @@ waiting_client_process_exit(C) ->
         1000 -> error({waiting_timeout, C})
     end.
 
-clean_retained(Topic) ->
-    {ok, Clean} = emqtt:start_link([{clean_start, true}]),
-    {ok, _} = emqtt:connect(Clean),
+clean_retained(Topic, Config) ->
+    ConnFun = ?config(conn_fun, Config),
+    {ok, Clean} = emqtt:start_link([{clean_start, true} | Config]),
+    {ok, _} = emqtt:ConnFun(Clean),
     {ok, _} = emqtt:publish(Clean, Topic, #{}, <<"">>, [{qos, ?QOS_1}, {retain, true}]),
     ok = emqtt:disconnect(Clean).
 
@@ -107,11 +128,12 @@ clean_retained(Topic) ->
 %% Test Cases
 %%--------------------------------------------------------------------
 
-t_basic_test(_) ->
+t_basic_test(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
     ct:print("Basic test starting"),
-    {ok, C} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(C),
+    {ok, C} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(C),
     {ok, _, [1]} = emqtt:subscribe(C, Topic, qos1),
     {ok, _, [2]} = emqtt:subscribe(C, Topic, qos2),
     {ok, _} = emqtt:publish(C, Topic, <<"qos 2">>, 2),
@@ -124,16 +146,17 @@ t_basic_test(_) ->
 %% Connection
 %%--------------------------------------------------------------------
 
-t_connect_clean_start(_) ->
+t_connect_clean_start(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     process_flag(trap_exit, true),
     {ok, Client1} = emqtt:start_link([{clientid, <<"t_connect_clean_start">>},
-                                      {proto_ver, v5},{clean_start, true}]),
-    {ok, _} = emqtt:connect(Client1),
+                                      {proto_ver, v5},{clean_start, true} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     ?assertEqual(0, client_info(session_present, Client1)),  %% [MQTT-3.1.2-4]
     ok = emqtt:pause(Client1),
     {ok, Client2} = emqtt:start_link([{clientid, <<"t_connect_clean_start">>},
-                                      {proto_ver, v5},{clean_start, false}]),
-    {ok, _} = emqtt:connect(Client2),
+                                      {proto_ver, v5},{clean_start, false} | Config]),
+    {ok, _} = emqtt:ConnFun(Client2),
     ?assertEqual(1, client_info(session_present, Client2)),  %% [MQTT-3.1.2-5]
     ?assertEqual(142, receive_disconnect_reasoncode()),
     waiting_client_process_exit(Client1),
@@ -142,32 +165,32 @@ t_connect_clean_start(_) ->
     waiting_client_process_exit(Client2),
 
     {ok, Client3} = emqtt:start_link([{clientid, <<"new_client">>},
-                                      {proto_ver, v5},{clean_start, false}]),
-    {ok, _} = emqtt:connect(Client3),
+                                      {proto_ver, v5},{clean_start, false} | Config]),
+    {ok, _} = emqtt:ConnFun(Client3),
     ?assertEqual(0, client_info(session_present, Client3)),  %% [MQTT-3.1.2-6]
     ok = emqtt:disconnect(Client3),
     waiting_client_process_exit(Client3),
 
     process_flag(trap_exit, false).
 
-t_connect_will_message(_) ->
+t_connect_will_message(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
     Payload = "will message",
 
-    {ok, Client1} = emqtt:start_link([
-                                        {proto_ver, v5},
-                                        {clean_start, true},
-                                        {will_flag, true},
-                                        {will_topic, Topic},
-                                        {will_payload, Payload}
-                                        ]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([ {proto_ver, v5},
+                                       {clean_start, true},
+                                       {will_flag, true},
+                                       {will_topic, Topic},
+                                       {will_payload, Payload} | Config
+                                     ]),
+    {ok, _} = emqtt:ConnFun(Client1),
     [ClientPid] = emqx_cm:lookup_channels(client_info(clientid, Client1)),
     Info = emqx_connection:info(sys:get_state(ClientPid)),
     ?assertNotEqual(undefined, maps:find(will_msg, Info)),  %% [MQTT-3.1.2-7]
 
-    {ok, Client2} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client2),
+    {ok, Client2} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client2),
     {ok, _, [2]} = emqtt:subscribe(Client2, Topic, qos2),
 
     ok = emqtt:disconnect(Client1, 4), %% [MQTT-3.14.2-1]
@@ -178,27 +201,32 @@ t_connect_will_message(_) ->
     ?assertEqual({ok, 0}, maps:find(qos, Msg)),
     ok = emqtt:disconnect(Client2),
 
-    {ok, Client3} = emqtt:start_link([
-                                        {proto_ver, v5},
-                                        {clean_start, true},
-                                        {will_flag, true},
-                                        {will_topic, Topic},
-                                        {will_payload, Payload}
-                                        ]),
-    {ok, _} = emqtt:connect(Client3),
+    {ok, Client3} = emqtt:start_link([ {proto_ver, v5},
+                                       {clean_start, true},
+                                       {will_flag, true},
+                                       {will_topic, Topic},
+                                       {will_payload, Payload} | Config
+                                     ]),
+    {ok, _} = emqtt:ConnFun(Client3),
 
-    {ok, Client4} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client4),
+    {ok, Client4} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client4),
     {ok, _, [2]} = emqtt:subscribe(Client4, Topic, qos2),
     ok = emqtt:disconnect(Client3),
     ?assertEqual(0, length(receive_messages(1))),  %% [MQTT-3.1.2-10]
     ok = emqtt:disconnect(Client4).
 
-t_batch_subscribe(_) ->
-    {ok, Client} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"batch_test">>}]),
-    {ok, _} = emqtt:connect(Client),
+t_batch_subscribe(init, Config) ->
     ok = meck:new(emqx_access_control, [non_strict, passthrough, no_history, no_link]),
     meck:expect(emqx_access_control, authorize, fun(_, _, _) -> deny end),
+    Config;
+t_batch_subscribe('end', _Config) ->
+    meck:unload(emqx_access_control).
+
+t_batch_subscribe(Config) ->
+    ConnFun = ?config(conn_fun, Config),
+    {ok, Client} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"batch_test">>} | Config]),
+    {ok, _} = emqtt:ConnFun(Client),
     {ok, _, [?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED,
              ?RC_NOT_AUTHORIZED]} = emqtt:subscribe(Client, [{<<"t1">>, qos1},
@@ -209,25 +237,25 @@ t_batch_subscribe(_) ->
              ?RC_NO_SUBSCRIPTION_EXISTED]} = emqtt:unsubscribe(Client, [<<"t1">>,
                                                                         <<"t2">>,
                                                                         <<"t3">>]),
-    meck:unload(emqx_access_control),
     emqtt:disconnect(Client).
 
-t_connect_will_retain(_) ->
+t_connect_will_retain(Config) ->
+    ConnFun = ?config(conn_fun, Config),
+    process_flag(trap_exit, true),
     Topic = nth(1, ?TOPICS),
     Payload = "will message",
 
-    {ok, Client1} = emqtt:start_link([
-                                        {proto_ver, v5},
-                                        {clean_start, true},
-                                        {will_flag, true},
-                                        {will_topic, Topic},
-                                        {will_payload, Payload},
-                                        {will_retain, false}
-                                        ]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([ {proto_ver, v5},
+                                       {clean_start, true},
+                                       {will_flag, true},
+                                       {will_topic, Topic},
+                                       {will_payload, Payload},
+                                       {will_retain, false} | Config
+                                     ]),
+    {ok, _} = emqtt:ConnFun(Client1),
 
-    {ok, Client2} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client2),
+    {ok, Client2} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client2),
     {ok, _, [2]} = emqtt:subscribe(Client2, #{}, [{Topic, [{rap, true}, {qos, 2}]}]),
 
     ok = emqtt:disconnect(Client1, 4),
@@ -235,27 +263,26 @@ t_connect_will_retain(_) ->
     ?assertEqual({ok, false}, maps:find(retain, Msg1)),  %% [MQTT-3.1.2-14]
     ok = emqtt:disconnect(Client2),
 
-    {ok, Client3} = emqtt:start_link([
-                                        {proto_ver, v5},
-                                        {clean_start, true},
-                                        {will_flag, true},
-                                        {will_topic, Topic},
-                                        {will_payload, Payload},
-                                        {will_retain, true}
-                                        ]),
-    {ok, _} = emqtt:connect(Client3),
+    {ok, Client3} = emqtt:start_link([ {proto_ver, v5},
+                                       {clean_start, true},
+                                       {will_flag, true},
+                                       {will_topic, Topic},
+                                       {will_payload, Payload},
+                                       {will_retain, true} | Config
+                                     ]),
+    {ok, _} = emqtt:ConnFun(Client3),
 
-    {ok, Client4} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client4),
+    {ok, Client4} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client4),
     {ok, _, [2]} = emqtt:subscribe(Client4, #{}, [{Topic, [{rap, true}, {qos, 2}]}]),
 
     ok = emqtt:disconnect(Client3, 4),
     [Msg2 | _ ] = receive_messages(1),
     ?assertEqual({ok, true}, maps:find(retain, Msg2)),  %% [MQTT-3.1.2-15]
     ok = emqtt:disconnect(Client4),
-    clean_retained(Topic).
+    clean_retained(Topic, Config).
 
-t_connect_idle_timeout(_) ->
+t_connect_idle_timeout(_Config) ->
     IdleTimeout = 2000,
     emqx_zone:set_env(external, idle_timeout, IdleTimeout),
 
@@ -263,25 +290,30 @@ t_connect_idle_timeout(_) ->
     timer:sleep(IdleTimeout),
     ?assertMatch({error, closed}, emqtt_sock:recv(Sock,1024)).
 
-t_connect_limit_timeout(_) ->
+t_connect_limit_timeout(init, Config) ->
     ok = meck:new(proplists, [non_strict, passthrough, no_history, no_link, unstick]),
     meck:expect(proplists, get_value, fun(active_n, _Options, _Default) -> 1;
                                         (Arg1, ARg2, Arg3) -> meck:passthrough([Arg1, ARg2, Arg3])
                                                             end),
+    Config;
+t_connect_limit_timeout('end', _Config) ->
+    catch meck:unload(proplists).
 
+t_connect_limit_timeout(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
     emqx_zone:set_env(external, publish_limit, {3, 5}),
 
-    {ok, Client} = emqtt:start_link([{proto_ver, v5},{keepalive, 60}]),
-    {ok, _} = emqtt:connect(Client),
+    {ok, Client} = emqtt:start_link([{proto_ver, v5},{keepalive, 60} | Config]),
+    {ok, _} = emqtt:ConnFun(Client),
     [ClientPid] = emqx_cm:lookup_channels(client_info(clientid, Client)),
 
     ?assertEqual(undefined, emqx_connection:info(limit_timer, sys:get_state(ClientPid))),
     Payload = <<"t_shared_subscriptions_client_terminates_when_qos_eq_2">>,
-    ok = emqtt:publish(Client, Topic, Payload, 0),
-    ok = emqtt:publish(Client, Topic, Payload, 0),
-    ok = emqtt:publish(Client, Topic, Payload, 0),
-    timer:sleep(200),
+    {ok, 2} = emqtt:publish(Client, Topic, Payload, 1),
+    {ok, 3} = emqtt:publish(Client, Topic, Payload, 1),
+    {ok, 4} = emqtt:publish(Client, Topic, Payload, 1),
+    timer:sleep(250),
     ?assert(is_reference(emqx_connection:info(limit_timer, sys:get_state(ClientPid)))),
 
     ok = emqtt:disconnect(Client),
@@ -301,9 +333,10 @@ t_connect_emit_stats_timeout('end', Config) ->
     ok.
 
 t_connect_emit_stats_timeout(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     {_, IdleTimeout} = lists:keyfind(idle_timeout, 1, Config),
-    {ok, Client} = emqtt:start_link([{proto_ver, v5},{keepalive, 60}]),
-    {ok, _} = emqtt:connect(Client),
+    {ok, Client} = emqtt:start_link([{proto_ver, v5},{keepalive, 60} | Config]),
+    {ok, _} = emqtt:ConnFun(Client),
     [ClientPid] = emqx_cm:lookup_channels(client_info(clientid, Client)),
     ?assert(is_reference(emqx_connection:info(stats_timer, sys:get_state(ClientPid)))),
     ?block_until(#{?snk_kind := cancel_stats_timer}, IdleTimeout * 2, _BackInTime = 0),
@@ -311,15 +344,16 @@ t_connect_emit_stats_timeout(Config) ->
     ok = emqtt:disconnect(Client).
 
 %% [MQTT-3.1.2-22]
-t_connect_keepalive_timeout(_) ->
+t_connect_keepalive_timeout(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     %% Prevent the emqtt client bringing us down on the disconnect.
     process_flag(trap_exit, true),
 
     Keepalive = 2,
 
     {ok, Client} = emqtt:start_link([{proto_ver, v5},
-                                    {keepalive, Keepalive}]),
-    {ok, _} = emqtt:connect(Client),
+                                     {keepalive, Keepalive} | Config]),
+    {ok, _} = emqtt:ConnFun(Client),
     emqtt:pause(Client),
     receive
         {disconnected, ReasonCode, _Channel} -> ?assertEqual(141, ReasonCode)
@@ -328,30 +362,30 @@ t_connect_keepalive_timeout(_) ->
     end.
 
 %% [MQTT-3.1.2-23]
-t_connect_session_expiry_interval(_) ->
+t_connect_session_expiry_interval(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
     Payload = "test message",
 
-    {ok, Client1} = emqtt:start_link([
-                                        {clientid, <<"t_connect_session_expiry_interval">>},
-                                        {proto_ver, v5},
-                                        {properties, #{'Session-Expiry-Interval' => 7200}}
+    {ok, Client1} = emqtt:start_link([ {clientid, <<"t_connect_session_expiry_interval">>},
+                                       {proto_ver, v5},
+                                       {properties, #{'Session-Expiry-Interval' => 7200}}
+                                       | Config
                                     ]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, _} = emqtt:ConnFun(Client1),
     {ok, _, [2]} = emqtt:subscribe(Client1, Topic, qos2),
     ok = emqtt:disconnect(Client1),
 
-    {ok, Client2} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client2),
+    {ok, Client2} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client2),
     {ok, 2} = emqtt:publish(Client2, Topic, Payload, 2),
     ok = emqtt:disconnect(Client2),
 
-    {ok, Client3} = emqtt:start_link([
-                                        {clientid, <<"t_connect_session_expiry_interval">>},
-                                        {proto_ver, v5},
-                                        {clean_start, false}
+    {ok, Client3} = emqtt:start_link([ {clientid, <<"t_connect_session_expiry_interval">>},
+                                       {proto_ver, v5},
+                                       {clean_start, false} | Config
                                     ]),
-    {ok, _} = emqtt:connect(Client3),
+    {ok, _} = emqtt:ConnFun(Client3),
     [Msg | _ ] = receive_messages(1),
     ?assertEqual({ok, iolist_to_binary(Topic)}, maps:find(topic, Msg)),
     ?assertEqual({ok, iolist_to_binary(Payload)}, maps:find(payload, Msg)),
@@ -360,13 +394,13 @@ t_connect_session_expiry_interval(_) ->
 
 %% [MQTT-3.1.3-9]
 %% !!!REFACTOR NEED:
-%t_connect_will_delay_interval(_) ->
+%t_connect_will_delay_interval(Config) ->
 %    process_flag(trap_exit, true),
 %    Topic = nth(1, ?TOPICS),
 %    Payload = "will message",
 %
-%    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-%    {ok, _} = emqtt:connect(Client1),
+%    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+%    {ok, _} = emqtt:ConnFun(Client1),
 %    {ok, _, [2]} = emqtt:subscribe(Client1, Topic, qos2),
 %
 %    {ok, Client2} = emqtt:start_link([
@@ -379,9 +413,9 @@ t_connect_session_expiry_interval(_) ->
 %                                        {will_payload, Payload},
 %                                        {will_props, #{'Will-Delay-Interval' => 3}},
 %                                        {properties, #{'Session-Expiry-Interval' => 7200}},
-%                                        {keepalive, 2}
+%                                        {keepalive, 2} | Config
 %                                        ]),
-%    {ok, _} = emqtt:connect(Client2),
+%    {ok, _} = emqtt:ConnFun(Client2),
 %    timer:sleep(50),
 %    erlang:exit(Client2, kill),
 %    timer:sleep(2000),
@@ -399,9 +433,9 @@ t_connect_session_expiry_interval(_) ->
 %                                        {will_payload, Payload},
 %                                        {will_props, #{'Will-Delay-Interval' => 7200}},
 %                                        {properties, #{'Session-Expiry-Interval' => 3}},
-%                                        {keepalive, 2}
+%                                        {keepalive, 2} | Config
 %                                        ]),
-%    {ok, _} = emqtt:connect(Client3),
+%    {ok, _} = emqtt:ConnFun(Client3),
 %    timer:sleep(50),
 %    erlang:exit(Client3, kill),
 %
@@ -418,18 +452,17 @@ t_connect_session_expiry_interval(_) ->
 %    process_flag(trap_exit, false).
 
 %% [MQTT-3.1.4-3]
-t_connect_duplicate_clientid(_) ->
+t_connect_duplicate_clientid(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     process_flag(trap_exit, true),
-    {ok, Client1} = emqtt:start_link([
-                                        {clientid, <<"t_connect_duplicate_clientid">>},
-                                        {proto_ver, v5}
-                                        ]),
-    {ok, _} = emqtt:connect(Client1),
-    {ok, Client2} = emqtt:start_link([
-                                        {clientid, <<"t_connect_duplicate_clientid">>},
-                                        {proto_ver, v5}
-                                        ]),
-    {ok, _} = emqtt:connect(Client2),
+    {ok, Client1} = emqtt:start_link([ {clientid, <<"t_connect_duplicate_clientid">>},
+                                       {proto_ver, v5} | Config
+                                     ]),
+    {ok, _} = emqtt:ConnFun(Client1),
+    {ok, Client2} = emqtt:start_link([ {clientid, <<"t_connect_duplicate_clientid">>},
+                                       {proto_ver, v5} | Config
+                                     ]),
+    {ok, _} = emqtt:ConnFun(Client2),
     ?assertEqual(142, receive_disconnect_reasoncode()),
     waiting_client_process_exit(Client1),
 
@@ -441,28 +474,33 @@ t_connect_duplicate_clientid(_) ->
 %% Connack
 %%--------------------------------------------------------------------
 
-t_connack_session_present(_) ->
-    {ok, Client1} = emqtt:start_link([
-                                        {clientid, <<"t_connect_duplicate_clientid">>},
-                                        {proto_ver, v5},
-                                        {properties, #{'Session-Expiry-Interval' => 7200}},
-                                        {clean_start, true}
-                                        ]),
-    {ok, _} = emqtt:connect(Client1),
+t_connack_session_present(Config) ->
+    ConnFun = ?config(conn_fun, Config),
+    {ok, Client1} = emqtt:start_link([ {clientid, <<"t_connect_duplicate_clientid">>},
+                                       {proto_ver, v5},
+                                       {properties, #{'Session-Expiry-Interval' => 7200}},
+                                       {clean_start, true} | Config
+                                     ]),
+    {ok, _} = emqtt:ConnFun(Client1),
     ?assertEqual(0, client_info(session_present, Client1)),   %% [MQTT-3.2.2-2]
     ok = emqtt:disconnect(Client1),
 
-    {ok, Client2} = emqtt:start_link([
-                                        {clientid, <<"t_connect_duplicate_clientid">>},
-                                        {proto_ver, v5},
-                                        {properties, #{'Session-Expiry-Interval' => 7200}},
-                                        {clean_start, false}
-                                        ]),
-    {ok, _} = emqtt:connect(Client2),
+    {ok, Client2} = emqtt:start_link([ {clientid, <<"t_connect_duplicate_clientid">>},
+                                       {proto_ver, v5},
+                                       {properties, #{'Session-Expiry-Interval' => 7200}},
+                                       {clean_start, false} | Config
+                                     ]),
+    {ok, _} = emqtt:ConnFun(Client2),
     ?assertEqual(1, client_info(session_present, Client2)),   %% [[MQTT-3.2.2-3]]
     ok = emqtt:disconnect(Client2).
 
-t_connack_max_qos_allowed(_) ->
+t_connack_max_qos_allowed(init, Config) ->
+    Config;
+t_connack_max_qos_allowed('end', _Config) ->
+    emqx_zone:set_env(external, max_qos_allowed, 2),
+    ok.
+t_connack_max_qos_allowed(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     process_flag(trap_exit, true),
     Topic = nth(1, ?TOPICS),
 
@@ -471,8 +509,8 @@ t_connack_max_qos_allowed(_) ->
     persistent_term:erase({emqx_zone, external, '$mqtt_caps'}),
     persistent_term:erase({emqx_zone, external, '$mqtt_pub_caps'}),
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, Connack1} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, Connack1} = emqtt:ConnFun(Client1),
     ?assertEqual(0, maps:get('Maximum-QoS', Connack1)),  %% [MQTT-3.2.2-9]
 
     {ok, _, [0]} = emqtt:subscribe(Client1, Topic, 0),  %% [MQTT-3.2.2-10]
@@ -483,14 +521,13 @@ t_connack_max_qos_allowed(_) ->
     ?assertEqual(155, receive_disconnect_reasoncode()),    %% [MQTT-3.2.2-11]
     waiting_client_process_exit(Client1),
 
-    {ok, Client2} = emqtt:start_link([
-                                        {proto_ver, v5},
-                                        {will_flag, true},
-                                        {will_topic, Topic},
-                                        {will_payload, <<"Unsupported Qos">>},
-                                        {will_qos, 2}
-                                        ]),
-    {error, Connack2} = emqtt:connect(Client2),
+    {ok, Client2} = emqtt:start_link([ {proto_ver, v5},
+                                       {will_flag, true},
+                                       {will_topic, Topic},
+                                       {will_payload, <<"Unsupported Qos">>},
+                                       {will_qos, 2} | Config
+                                     ]),
+    {error, Connack2} = emqtt:ConnFun(Client2),
     ?assertMatch({qos_not_supported, _}, Connack2),     %% [MQTT-3.2.2-12]
     waiting_client_process_exit(Client2),
 
@@ -499,8 +536,8 @@ t_connack_max_qos_allowed(_) ->
     persistent_term:erase({emqx_zone, external, '$mqtt_caps'}),
     persistent_term:erase({emqx_zone, external, '$mqtt_pub_caps'}),
 
-    {ok, Client3} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, Connack3} = emqtt:connect(Client3),
+    {ok, Client3} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, Connack3} = emqtt:ConnFun(Client3),
     ?assertEqual(1, maps:get('Maximum-QoS', Connack3)),  %% [MQTT-3.2.2-9]
 
     {ok, _, [0]} = emqtt:subscribe(Client3, Topic, 0),  %% [MQTT-3.2.2-10]
@@ -511,14 +548,13 @@ t_connack_max_qos_allowed(_) ->
     ?assertEqual(155, receive_disconnect_reasoncode()), %% [MQTT-3.2.2-11]
     waiting_client_process_exit(Client3),
 
-    {ok, Client4} = emqtt:start_link([
-                                        {proto_ver, v5},
-                                        {will_flag, true},
-                                        {will_topic, Topic},
-                                        {will_payload, <<"Unsupported Qos">>},
-                                        {will_qos, 2}
-                                        ]),
-    {error, Connack4} = emqtt:connect(Client4),
+    {ok, Client4} = emqtt:start_link([ {proto_ver, v5},
+                                       {will_flag, true},
+                                       {will_topic, Topic},
+                                       {will_payload, <<"Unsupported Qos">>},
+                                       {will_qos, 2} | Config
+                                     ]),
+    {error, Connack4} = emqtt:ConnFun(Client4),
     ?assertMatch({qos_not_supported, _}, Connack4),     %% [MQTT-3.2.2-12]
     waiting_client_process_exit(Client4),
 
@@ -527,17 +563,18 @@ t_connack_max_qos_allowed(_) ->
     persistent_term:erase({emqx_zone, external, '$mqtt_caps'}),
     persistent_term:erase({emqx_zone, external, '$mqtt_pub_caps'}),
 
-    {ok, Client5} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, Connack5} = emqtt:connect(Client5),
+    {ok, Client5} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, Connack5} = emqtt:ConnFun(Client5),
     ?assertEqual(undefined, maps:get('Maximum-QoS', Connack5, undefined)),  %% [MQTT-3.2.2-9]
     ok = emqtt:disconnect(Client5),
     waiting_client_process_exit(Client5),
 
     process_flag(trap_exit, false).
 
-t_connack_assigned_clienid(_) ->
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+t_connack_assigned_clienid(Config) ->
+    ConnFun = ?config(conn_fun, Config),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     ?assert(is_binary(client_info(clientid, Client1))), %%  [MQTT-3.2.2-16]
     ok = emqtt:disconnect(Client1).
 
@@ -545,11 +582,12 @@ t_connack_assigned_clienid(_) ->
 %% Publish
 %%--------------------------------------------------------------------
 
-t_publish_rap(_) ->
+t_publish_rap(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     {ok, _, [2]} = emqtt:subscribe(Client1, #{}, [{Topic, [{rap, true}, {qos, 2}]}]),
     {ok, _} = emqtt:publish(Client1, Topic, #{}, <<"retained message">>,
                             [{qos, ?QOS_1}, {retain, true}]),
@@ -557,8 +595,8 @@ t_publish_rap(_) ->
     ?assertEqual(true, maps:get(retain, Msg1)),  %% [MQTT-3.3.1-12]
     ok = emqtt:disconnect(Client1),
 
-    {ok, Client2} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client2),
+    {ok, Client2} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client2),
     {ok, _, [2]} = emqtt:subscribe(Client2, #{}, [{Topic, [{rap, false}, {qos, 2}]}]),
     {ok, _} = emqtt:publish(Client2, Topic, #{}, <<"retained message">>,
                             [{qos, ?QOS_1}, {retain, true}]),
@@ -566,44 +604,47 @@ t_publish_rap(_) ->
     ?assertEqual(false, maps:get(retain, Msg2)),  %% [MQTT-3.3.1-13]
     ok = emqtt:disconnect(Client2),
 
-    clean_retained(Topic).
+    clean_retained(Topic, Config).
 
-t_publish_wildtopic(_) ->
+t_publish_wildtopic(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     process_flag(trap_exit, true),
     Topic = nth(1, ?WILD_TOPICS),
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     ok = emqtt:publish(Client1, Topic, <<"error topic">>),
     ?assertEqual(144, receive_disconnect_reasoncode()),
     waiting_client_process_exit(Client1),
 
     process_flag(trap_exit, false).
 
-t_publish_payload_format_indicator(_) ->
+t_publish_payload_format_indicator(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
     Properties = #{'Payload-Format-Indicator' => 233},
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     {ok, _, [2]} = emqtt:subscribe(Client1, Topic, qos2),
     ok = emqtt:publish(Client1, Topic, Properties, <<"Payload Format Indicator">>, [{qos, ?QOS_0}]),
     [Msg1 | _] = receive_messages(1),
     ?assertEqual(Properties, maps:get(properties, Msg1)),   %% [MQTT-3.3.2-6]
     ok = emqtt:disconnect(Client1).
 
-t_publish_topic_alias(_) ->
+t_publish_topic_alias(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     process_flag(trap_exit, true),
     Topic = nth(1, ?TOPICS),
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     ok = emqtt:publish(Client1, Topic, #{'Topic-Alias' => 0}, <<"Topic-Alias">>, [{qos, ?QOS_0}]),
     ?assertEqual(148, receive_disconnect_reasoncode()),  %% [MQTT-3.3.2-8]
     waiting_client_process_exit(Client1),
 
-    {ok, Client2} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client2),
+    {ok, Client2} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client2),
     {ok, _, [2]} = emqtt:subscribe(Client2, Topic, qos2),
     ok = emqtt:publish(Client2, Topic, #{'Topic-Alias' => 233},
                        <<"Topic-Alias">>, [{qos, ?QOS_0}]),
@@ -615,12 +656,13 @@ t_publish_topic_alias(_) ->
 
     process_flag(trap_exit, false).
 
-t_publish_response_topic(_) ->
+t_publish_response_topic(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     process_flag(trap_exit, true),
     Topic = nth(1, ?TOPICS),
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     ok = emqtt:publish(Client1, Topic, #{'Response-Topic' => nth(1, ?WILD_TOPICS)},
                        <<"Response-Topic">>, [{qos, ?QOS_0}]),
     ?assertEqual(130, receive_disconnect_reasoncode()),  %% [MQTT-3.3.2-14]
@@ -628,7 +670,8 @@ t_publish_response_topic(_) ->
 
     process_flag(trap_exit, false).
 
-t_publish_properties(_) ->
+t_publish_properties(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
     Properties =  #{
                     'Response-Topic' => Topic,  %% [MQTT-3.3.2-15]
@@ -637,20 +680,21 @@ t_publish_properties(_) ->
                     'Content-Type' => <<"2333">>   %% [MQTT-3.3.2-20]
                     },
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     {ok, _, [2]} = emqtt:subscribe(Client1, Topic, qos2),
     ok = emqtt:publish(Client1, Topic, Properties, <<"Publish Properties">>, [{qos, ?QOS_0}]),
     [Msg1 | _] = receive_messages(1),
     ?assertEqual(Properties, maps:get(properties, Msg1)),   %% [MQTT-3.3.2-16]
     ok = emqtt:disconnect(Client1).
 
-t_publish_overlapping_subscriptions(_) ->
+t_publish_overlapping_subscriptions(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
     Properties = #{'Subscription-Identifier' => 2333},
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     {ok, _, [1]} = emqtt:subscribe(Client1, Properties, nth(1, ?WILD_TOPICS), qos1),
     {ok, _, [0]} = emqtt:subscribe(Client1, Properties, nth(3, ?WILD_TOPICS), qos0),
     {ok, _} = emqtt:publish(Client1, Topic, #{},
@@ -665,13 +709,15 @@ t_publish_overlapping_subscriptions(_) ->
 %% Subsctibe
 %%--------------------------------------------------------------------
 
-t_subscribe_topic_alias(_) ->
+t_subscribe_topic_alias(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic1 = nth(1, ?TOPICS),
     Topic2 = nth(2, ?TOPICS),
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5},
-                                      {properties, #{'Topic-Alias-Maximum' => 1}}
+    {ok, Client1} = emqtt:start_link([ {proto_ver, v5},
+                                       {properties, #{'Topic-Alias-Maximum' => 1}}
+                                       | Config
                                     ]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, _} = emqtt:ConnFun(Client1),
     {ok, _, [2]} = emqtt:subscribe(Client1, Topic1, qos2),
     {ok, _, [2]} = emqtt:subscribe(Client1, Topic2, qos2),
 
@@ -692,27 +738,29 @@ t_subscribe_topic_alias(_) ->
 
     ok = emqtt:disconnect(Client1).
 
-t_subscribe_no_local(_) ->
+t_subscribe_no_local(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     {ok, _, [2]} = emqtt:subscribe(Client1, #{}, [{Topic, [{nl, true}, {qos, 2}]}]),
 
-    {ok, Client2} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client2),
+    {ok, Client2} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client2),
     {ok, _, [2]} = emqtt:subscribe(Client2, #{}, [{Topic, [{nl, true}, {qos, 2}]}]),
 
     ok = emqtt:publish(Client1, Topic, <<"t_subscribe_no_local">>, 0),
     ?assertEqual(1, length(receive_messages(2))),   %% [MQTT-3.8.3-3]
     ok = emqtt:disconnect(Client1).
 
-t_subscribe_actions(_) ->
+t_subscribe_actions(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic = nth(1, ?TOPICS),
     Properties = #{'Subscription-Identifier' => 2333},
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     {ok, _, [2]} = emqtt:subscribe(Client1, Properties, Topic, qos2),
     {ok, _, [1]} = emqtt:subscribe(Client1, Properties, Topic, qos1),
     {ok, _} = emqtt:publish(Client1, Topic, <<"t_subscribe_actions">>, 2),
@@ -726,12 +774,13 @@ t_subscribe_actions(_) ->
 %% Unsubsctibe Unsuback
 %%--------------------------------------------------------------------
 
-t_unscbsctibe(_) ->
+t_unscbsctibe(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     Topic1 = nth(1, ?TOPICS),
     Topic2 = nth(2, ?TOPICS),
 
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     {ok, _, [2]} = emqtt:subscribe(Client1, Topic1, qos2),
     {ok, _, [0]} = emqtt:unsubscribe(Client1, Topic1),  %% [MQTT-3.10.4-4]
     {ok, _, [17]} = emqtt:unsubscribe(Client1, <<"noExistTopic">>),  %% [MQTT-3.10.4-5]
@@ -745,9 +794,10 @@ t_unscbsctibe(_) ->
 %% Pingreq
 %%--------------------------------------------------------------------
 
-t_pingreq(_) ->
-    {ok, Client1} = emqtt:start_link([{proto_ver, v5}]),
-    {ok, _} = emqtt:connect(Client1),
+t_pingreq(Config) ->
+    ConnFun = ?config(conn_fun, Config),
+    {ok, Client1} = emqtt:start_link([{proto_ver, v5} | Config]),
+    {ok, _} = emqtt:ConnFun(Client1),
     pong = emqtt:ping(Client1),  %% [MQTT-3.12.4-1]
     ok = emqtt:disconnect(Client1).
 
@@ -755,7 +805,14 @@ t_pingreq(_) ->
 %% Shared Subscriptions
 %%--------------------------------------------------------------------
 
-t_shared_subscriptions_client_terminates_when_qos_eq_2(_) ->
+t_shared_subscriptions_client_terminates_when_qos_eq_2(init, Config) ->
+    ok = meck:new(emqtt, [non_strict, passthrough, no_history, no_link]),
+    Config;
+t_shared_subscriptions_client_terminates_when_qos_eq_2('end', _Config) ->
+    catch meck:unload(emqtt).
+
+t_shared_subscriptions_client_terminates_when_qos_eq_2(Config) ->
+    ConnFun = ?config(conn_fun, Config),
     process_flag(trap_exit, true),
     application:set_env(emqx, shared_dispatch_ack_enabled, true),
 
@@ -766,32 +823,33 @@ t_shared_subscriptions_client_terminates_when_qos_eq_2(_) ->
     meck:expect(emqtt, connected,
                 fun(cast, ?PUBLISH_PACKET(?QOS_2, _PacketId), _State) ->
                                         ok = counters:add(CRef, 1, 1),
-                                        {stop, {shutdown, for_testiong}};
+                                        {stop, {shutdown, for_testing}};
                     (Arg1, ARg2, Arg3) -> meck:passthrough([Arg1, ARg2, Arg3])
                                         end),
 
-    {ok, Sub1} = emqtt:start_link([{proto_ver, v5},
+    {ok, Sub1} = emqtt:start_link([ {proto_ver, v5},
                                     {clientid, <<"sub_client_1">>},
-                                    {keepalive, 5}]),
-    {ok, _} = emqtt:connect(Sub1),
+                                    {keepalive, 5} | Config
+                                  ]),
+    {ok, _} = emqtt:ConnFun(Sub1),
     {ok, _, [2]} = emqtt:subscribe(Sub1, SharedTopic, qos2),
 
     {ok, Sub2} = emqtt:start_link([{proto_ver, v5},
                                     {clientid, <<"sub_client_2">>},
-                                    {keepalive, 5}]),
-    {ok, _} = emqtt:connect(Sub2),
+                                    {keepalive, 5} | Config]),
+    {ok, _} = emqtt:ConnFun(Sub2),
     {ok, _, [2]} = emqtt:subscribe(Sub2, SharedTopic, qos2),
 
-    {ok, Pub} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"pub_client">>}]),
-    {ok, _} = emqtt:connect(Pub),
+    {ok, Pub} = emqtt:start_link([{proto_ver, v5}, {clientid, <<"pub_client">>} | Config]),
+    {ok, _} = emqtt:ConnFun(Pub),
     {ok, _} = emqtt:publish(Pub, Topic,
                             <<"t_shared_subscriptions_client_terminates_when_qos_eq_2">>, 2),
 
     receive
-        {'EXIT', _,{shutdown, for_testiong}} ->
+        {'EXIT', _,{shutdown, for_testing}} ->
             ok
     after 1000 ->
-            error("disconnected timeout")
+            ct:fail("disconnected timeout")
     end,
 
     ?assertEqual(1, counters:get(CRef, 1)),

From 72117f3f1df3efa677ac48437de7dce9f493960d Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 29 Jun 2021 16:25:25 +0200
Subject: [PATCH 156/174] feat(quic): bump emqtt and quicer version

emqtt: 1.4.1
quicer: 0.0.5
---
 apps/emqx/rebar.config | 4 ++--
 rebar.config           | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config
index 83129bc1a..fbd980056 100644
--- a/apps/emqx/rebar.config
+++ b/apps/emqx/rebar.config
@@ -20,7 +20,7 @@
     , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
     , {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
-    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.3"}}}
+    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.5"}}}
     ]}.
 
 {plugins, [rebar3_proper]}.
@@ -31,7 +31,7 @@
            [ meck
            , {bbmustache,"1.10.0"}
            , {emqx_ct_helpers, {git,"https://github.com/emqx/emqx-ct-helpers", {branch,"hocon"}}}
-           , {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3.1"}}}
+           , {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.4.1"}}}
            ]},
          {extra_src_dirs, [{"test",[recursive]}]}
        ]}
diff --git a/rebar.config b/rebar.config
index e5f46125a..fc863f7c4 100644
--- a/rebar.config
+++ b/rebar.config
@@ -55,7 +55,7 @@
     , {ecpool, {git, "https://github.com/emqx/ecpool", {tag, "0.5.1"}}}
     , {replayq, {git, "https://github.com/emqx/replayq", {tag, "0.3.2"}}}
     , {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {branch, "2.0.4"}}}
-    , {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.2.3.1"}}}
+    , {emqtt, {git, "https://github.com/emqx/emqtt", {tag, "1.4.1"}}}
     , {rulesql, {git, "https://github.com/emqx/rulesql", {tag, "0.1.2"}}}
     , {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}
     , {observer_cli, "1.6.1"} % NOTE: depends on recon 2.5.1
@@ -63,7 +63,7 @@
     , {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "0.13.0"}}}
     , {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.9.0"}}}
     , {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.2.1"}}}
-    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.3"}}}
+    , {quicer, {git, "https://github.com/emqx/quic.git", {tag, "0.0.5"}}}
     ]}.
 
 {xref_ignores,

From 5ae8cd2fa3448bb538ca70be5eb53e98b61dfd76 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Wed, 30 Jun 2021 11:21:07 +0200
Subject: [PATCH 157/174] fix(quic): dialyzer errors

---
 apps/emqx/src/emqx_quic_stream.erl | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/apps/emqx/src/emqx_quic_stream.erl b/apps/emqx/src/emqx_quic_stream.erl
index 64e851758..236c11ad3 100644
--- a/apps/emqx/src/emqx_quic_stream.erl
+++ b/apps/emqx/src/emqx_quic_stream.erl
@@ -53,7 +53,11 @@ getstat(Socket, Stats) ->
     end.
 
 setopts(Socket, Opts) ->
-    [ quicer:setopt(Socket, Opt, V) || {Opt, V} <- Opts ],
+    lists:foreach(fun({Opt, V}) when is_atom(Opt) ->
+                          quicer:setopt(Socket, Opt, V);
+                     (Opt) when is_atom(Opt) ->
+                          quicer:setopt(Socket, Opt, true)
+                  end, Opts),
     ok.
 
 getopts(_Socket, _Opts) ->
@@ -65,8 +69,8 @@ getopts(_Socket, _Opts) ->
           {buffer,80000}]}.
 
 fast_close(Stream) ->
-    quicer:async_close_stream(Stream),
     %% Stream might be closed already.
+    _ = quicer:async_close_stream(Stream),
     ok.
 
 -spec(ensure_ok_or_exit(atom(), list(term())) -> term()).

From 24292f4f4ec21654af2550fbccb955b159d856a7 Mon Sep 17 00:00:00 2001
From: Turtle <deng@emqx.io>
Date: Fri, 2 Jul 2021 17:45:18 +0800
Subject: [PATCH 158/174] chore: delete plugins related configuration

---
 apps/emqx/etc/emqx.conf       | 12 +-----------
 apps/emqx/src/emqx.erl        |  8 ++------
 apps/emqx/src/emqx_schema.erl |  4 +---
 rebar.config.erl              |  4 ++--
 scripts/merge-config.escript  |  2 +-
 5 files changed, 7 insertions(+), 23 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index f40ecd8e5..d07443012 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -1,4 +1,4 @@
-## EMQ X Configuration 4.3
+## EMQ X Configuration 5.0
 
 ##--------------------------------------------------------------------
 ## Cluster
@@ -2318,16 +2318,6 @@ listener.quic.external {
 ## Plugins
 ##-------------------------------------------------------------------
 plugins: {
-    ## The etc dir for plugins' config.
-    ##
-    ## Value: Folder
-    etc_dir: "{{ platform_etc_dir }}/plugins/"
-
-    ## The file to store loaded plugin names.
-    ##
-    ## Value: File
-    loaded_file: "{{ platform_data_dir }}/loaded_plugins"
-
     ## The directory of extension plugins.
     ##
     ## Value: File
diff --git a/apps/emqx/src/emqx.erl b/apps/emqx/src/emqx.erl
index bd46ddc03..e5855b786 100644
--- a/apps/emqx/src/emqx.erl
+++ b/apps/emqx/src/emqx.erl
@@ -254,15 +254,11 @@ reload_config(ConfFile) ->
 
 
 emqx_feature() ->
-    [ emqx_authn
+    [ emqx_resource
+    , emqx_authn
     , emqx_authz
-    , observer_cli
-    , emqx_http_lib
-    , emqx_resource
-    , emqx_connector
     , emqx_data_bridge
     , emqx_rule_engine
-    , emqx_rule_actions
     , emqx_bridge_mqtt
     , emqx_modules
     , emqx_management
diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index d32073ee5..91aab2dcd 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -455,9 +455,7 @@ fields("rule") ->
     [ {"$id", t(string())}];
 
 fields("plugins") ->
-    [ {"etc_dir", t(string(), "emqx.plugins_etc_dir", undefined)}
-    , {"loaded_file", t(string(), "emqx.plugins_loaded_file", undefined)}
-    , {"expand_plugins_dir", t(string(), "emqx.expand_plugins_dir", undefined)}
+    [ {"expand_plugins_dir", t(string(), "emqx.expand_plugins_dir", undefined)}
     ];
 
 fields("broker") ->
diff --git a/rebar.config.erl b/rebar.config.erl
index 01abf254f..56599dd54 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -247,12 +247,12 @@ relx_apps(ReleaseType) ->
     , {mnesia, load}
     , {ekka, load}
     , {emqx_plugin_libs, load}
-    , emqx_authn
-    , emqx_authz
     , observer_cli
     , emqx_http_lib
     , emqx_resource
     , emqx_connector
+    , emqx_authn
+    , emqx_authz
     , emqx_data_bridge
     , emqx_rule_engine
     , emqx_rule_actions
diff --git a/scripts/merge-config.escript b/scripts/merge-config.escript
index a0fbdb4b3..503e6faa8 100755
--- a/scripts/merge-config.escript
+++ b/scripts/merge-config.escript
@@ -28,7 +28,7 @@ main(_) ->
                 case filelib:is_regular(Filename) of
                     true ->
                         {ok, Bin1} = file:read_file(Filename),
-                        <<Acc/binary, "\r\n", Bin1/binary>>;
+                        [Acc, io_lib:nl(), Bin1];
                     false -> Acc
                 end
         end

From 4313e3799422d52640ed59a26e6565a32f2a49dc Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Fri, 2 Jul 2021 19:01:22 +0800
Subject: [PATCH 159/174] chore(release): update emqx release version

---
 apps/emqx/include/emqx_release.hrl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/emqx/include/emqx_release.hrl b/apps/emqx/include/emqx_release.hrl
index e69b07558..6bacf7052 100644
--- a/apps/emqx/include/emqx_release.hrl
+++ b/apps/emqx/include/emqx_release.hrl
@@ -29,7 +29,7 @@
 
 -ifndef(EMQX_ENTERPRISE).
 
--define(EMQX_RELEASE, {opensource, "5.0-pre"}).
+-define(EMQX_RELEASE, {opensource, "5.0-alpha.1"}).
 
 -else.
 

From 56cdd469ff8e68341e6f75862f58b05405482450 Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Fri, 2 Jul 2021 20:17:40 +0800
Subject: [PATCH 160/174] feat(gateway): The prototype for emqx-gateway
 application

* feat(gateway): add gateway application

* chore(gateway): add normalize confs function

* refactor: move emqx-stomp to emqx-gateway subdir

* chore(gateway): fix some bad function defination

* chore(gateway): rename type to gwid

* chore(gw-stomp): upgrade the implementation to suppport gateway instance

* feat(gw-stomp): add reconnect mechanism

* refactor(stomp): upgrade connection&channel module to latest

* refactor(stomp): more details for handle_in/out

* refactor(stomp): get it up and running

* chore(gw): load some modules by default

* refactor: upgrade the emqx-gateway schema module

* test(stomp): fix testcases for stomp gateway

* chore(gw): remove needless lines

* chore(gateway): correct a lot of specs

* chore(gw): add a draft for metrics

* chore(gw): add metrics process

* fix(gw): fix cm process monitor

* test(gw): add test cases for gateway-regitry

* feat(gw): add metrics/cli for gateway

* fix(gw): fix xref errors

* chore(gw): pretty gateway metrics print format

* chore(gw-stomp): generate clientid by default

* chore(gw): more reliable

* chore(gw): rename gwid -> type

* chore(gw): impl the update logic

* chore(gw): some format improvement

* chore(gw): adapts the hocon configs

* fix(gw): fix xref errors

* test(gw): update configurations for tests

* chore(gw): ignore diaylzer warnings

* fix(gw): fix bad function call

* chore(gw): remove needless comments
---
 apps/emqx/src/emqx_schema.erl                 |   1 +
 apps/emqx_exhook/src/emqx_exhook_app.erl      |   2 +-
 apps/emqx_gateway/.gitignore                  |  20 +
 apps/emqx_gateway/LICENSE                     | 191 ++++
 apps/emqx_gateway/Makefile                    |  28 +
 apps/emqx_gateway/README.md                   | 309 ++++++
 apps/emqx_gateway/etc/emqx_gateway.conf       |  30 +
 apps/emqx_gateway/include/emqx_gateway.hrl    |  35 +
 apps/emqx_gateway/rebar.config                |   7 +
 .../src/bhvrs/emqx_gateway_conn.erl           |  22 +
 .../src/bhvrs/emqx_gateway_impl.erl           |  49 +
 apps/emqx_gateway/src/emqx_gateway.app.src    |  11 +
 apps/emqx_gateway/src/emqx_gateway.erl        |  84 ++
 apps/emqx_gateway/src/emqx_gateway_app.erl    |  93 ++
 apps/emqx_gateway/src/emqx_gateway_cli.erl    | 201 ++++
 apps/emqx_gateway/src/emqx_gateway_cm.erl     | 447 ++++++++
 .../src/emqx_gateway_cm_registry.erl          | 141 +++
 apps/emqx_gateway/src/emqx_gateway_ctx.erl    | 148 +++
 apps/emqx_gateway/src/emqx_gateway_gw_sup.erl | 135 +++
 .../src/emqx_gateway_insta_sup.erl            | 312 ++++++
 .../emqx_gateway/src/emqx_gateway_metrics.erl | 101 ++
 .../src/emqx_gateway_registry.erl             | 163 +++
 apps/emqx_gateway/src/emqx_gateway_schema.erl | 178 ++++
 apps/emqx_gateway/src/emqx_gateway_sup.erl    | 194 ++++
 apps/emqx_gateway/src/emqx_gateway_utils.erl  | 163 +++
 .../src/stomp}/README.md                      |  16 +-
 .../src/stomp/emqx_stomp_channel.erl          | 978 ++++++++++++++++++
 .../src/stomp/emqx_stomp_connection.erl       | 908 ++++++++++++++++
 .../src/stomp}/emqx_stomp_frame.erl           | 109 +-
 .../src/stomp}/emqx_stomp_heartbeat.erl       |  13 +-
 .../src/stomp/emqx_stomp_impl.erl             | 153 +++
 .../src/stomp/include/emqx_stomp.hrl          |  92 ++
 .../test/emqx_gateway_registry_SUITE.erl      |  87 ++
 .../test/emqx_stomp_SUITE.erl                 | 118 ++-
 .../test/emqx_stomp_heartbeat_SUITE.erl       |   0
 apps/emqx_stomp/.gitignore                    |  25 -
 apps/emqx_stomp/etc/emqx_stomp.conf           | 124 ---
 apps/emqx_stomp/include/emqx_stomp.hrl        |  48 -
 apps/emqx_stomp/priv/emqx_stomp.schema        | 149 ---
 apps/emqx_stomp/rebar.config                  |  16 -
 apps/emqx_stomp/src/emqx_stomp.app.src        |  14 -
 apps/emqx_stomp/src/emqx_stomp.erl            | 142 ---
 apps/emqx_stomp/src/emqx_stomp_connection.erl | 274 -----
 apps/emqx_stomp/src/emqx_stomp_protocol.erl   | 468 ---------
 apps/emqx_stomp/test/client.py                |  19 -
 rebar.config.erl                              |   1 +
 46 files changed, 5451 insertions(+), 1368 deletions(-)
 create mode 100644 apps/emqx_gateway/.gitignore
 create mode 100644 apps/emqx_gateway/LICENSE
 create mode 100644 apps/emqx_gateway/Makefile
 create mode 100644 apps/emqx_gateway/README.md
 create mode 100644 apps/emqx_gateway/etc/emqx_gateway.conf
 create mode 100644 apps/emqx_gateway/include/emqx_gateway.hrl
 create mode 100644 apps/emqx_gateway/rebar.config
 create mode 100644 apps/emqx_gateway/src/bhvrs/emqx_gateway_conn.erl
 create mode 100644 apps/emqx_gateway/src/bhvrs/emqx_gateway_impl.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway.app.src
 create mode 100644 apps/emqx_gateway/src/emqx_gateway.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_app.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_cli.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_cm.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_cm_registry.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_ctx.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_gw_sup.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_metrics.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_registry.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_schema.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_sup.erl
 create mode 100644 apps/emqx_gateway/src/emqx_gateway_utils.erl
 rename apps/{emqx_stomp => emqx_gateway/src/stomp}/README.md (90%)
 create mode 100644 apps/emqx_gateway/src/stomp/emqx_stomp_channel.erl
 create mode 100644 apps/emqx_gateway/src/stomp/emqx_stomp_connection.erl
 rename apps/{emqx_stomp/src => emqx_gateway/src/stomp}/emqx_stomp_frame.erl (70%)
 rename apps/{emqx_stomp/src => emqx_gateway/src/stomp}/emqx_stomp_heartbeat.erl (89%)
 create mode 100644 apps/emqx_gateway/src/stomp/emqx_stomp_impl.erl
 create mode 100644 apps/emqx_gateway/src/stomp/include/emqx_stomp.hrl
 create mode 100644 apps/emqx_gateway/test/emqx_gateway_registry_SUITE.erl
 rename apps/{emqx_stomp => emqx_gateway}/test/emqx_stomp_SUITE.erl (82%)
 rename apps/{emqx_stomp => emqx_gateway}/test/emqx_stomp_heartbeat_SUITE.erl (100%)
 delete mode 100644 apps/emqx_stomp/.gitignore
 delete mode 100644 apps/emqx_stomp/etc/emqx_stomp.conf
 delete mode 100644 apps/emqx_stomp/include/emqx_stomp.hrl
 delete mode 100644 apps/emqx_stomp/priv/emqx_stomp.schema
 delete mode 100644 apps/emqx_stomp/rebar.config
 delete mode 100644 apps/emqx_stomp/src/emqx_stomp.app.src
 delete mode 100644 apps/emqx_stomp/src/emqx_stomp.erl
 delete mode 100644 apps/emqx_stomp/src/emqx_stomp_connection.erl
 delete mode 100644 apps/emqx_stomp/src/emqx_stomp_protocol.erl
 delete mode 100644 apps/emqx_stomp/test/client.py

diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 91aab2dcd..73a5812e8 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -71,6 +71,7 @@ includes() ->
     , "emqx_bridge_mqtt"
     , "emqx_modules"
     , "emqx_management"
+    , "emqx_gateway"
     ].
 -endif.
 
diff --git a/apps/emqx_exhook/src/emqx_exhook_app.erl b/apps/emqx_exhook/src/emqx_exhook_app.erl
index 4e00340d8..2988be6d2 100644
--- a/apps/emqx_exhook/src/emqx_exhook_app.erl
+++ b/apps/emqx_exhook/src/emqx_exhook_app.erl
@@ -88,7 +88,7 @@ init_hooks_cnter() ->
     try
         _ = ets:new(?CNTER, [named_table, public]), ok
     catch
-        exit:badarg:_ ->
+        error:badarg:_ ->
             ok
     end.
 
diff --git a/apps/emqx_gateway/.gitignore b/apps/emqx_gateway/.gitignore
new file mode 100644
index 000000000..71ab0135c
--- /dev/null
+++ b/apps/emqx_gateway/.gitignore
@@ -0,0 +1,20 @@
+.rebar3
+_*
+.eunit
+*.o
+*.beam
+*.plt
+*.swp
+*.swo
+.erlang.cookie
+ebin
+log
+erl_crash.dump
+.rebar
+logs
+_build
+.idea
+*.iml
+rebar3.crashdump
+*~
+rebar.lock
diff --git a/apps/emqx_gateway/LICENSE b/apps/emqx_gateway/LICENSE
new file mode 100644
index 000000000..1f15def74
--- /dev/null
+++ b/apps/emqx_gateway/LICENSE
@@ -0,0 +1,191 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2021, JianBo He <heeejianbo@163.com>.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/apps/emqx_gateway/Makefile b/apps/emqx_gateway/Makefile
new file mode 100644
index 000000000..b2a54f7dd
--- /dev/null
+++ b/apps/emqx_gateway/Makefile
@@ -0,0 +1,28 @@
+## shallow clone for speed
+
+REBAR_GIT_CLONE_OPTIONS += --depth 1
+export REBAR_GIT_CLONE_OPTIONS
+
+REBAR = rebar3
+all: compile
+
+compile:
+	$(REBAR) compile
+
+clean: distclean
+
+ct:
+	$(REBAR) as test ct -v
+
+eunit:
+	$(REBAR) as test eunit
+
+xref:
+	$(REBAR) xref
+
+cover:
+	$(REBAR) cover
+
+distclean:
+	@rm -rf _build
+	@rm -f data/app.*.config data/vm.*.args rebar.lock
diff --git a/apps/emqx_gateway/README.md b/apps/emqx_gateway/README.md
new file mode 100644
index 000000000..0f95f286a
--- /dev/null
+++ b/apps/emqx_gateway/README.md
@@ -0,0 +1,309 @@
+# emqx_gateway
+
+***This is a very early prototype application*** for Gateway in EMQ X Broker 5.0
+
+## Concept
+
+    EMQ X Gateway Managment
+     - Gateway-Registry (or Gateway Type)
+        - *Load
+        - *UnLoad
+        - *List
+
+     - Gateway
+        - *Create
+        - *Delete
+        - *Update
+            - *Stop-And-Start
+            - *Hot-Upgrade
+        - *Satrt/Enable
+        - *Stop/Disable
+     - Listener
+
+## ROADMAP
+
+Gateway v0.1: Management support
+
+Gateway v0.2: Conn/Frame/Protocol Template
+
+### Compatible with EMQ X
+
+> Why we need to compatible
+
+1. Authentication
+2. Hooks/Event system
+3. Messages Mode & Rule Engine
+4. Cluster registration
+5. Metrics & Statistic
+
+> How to do it
+
+>
+
+### User Interface
+
+#### Configurations
+
+```hocon
+gateway {
+
+  ## ... some confs for top scope
+  ..
+  ## End.
+
+  ## Gateway Instances
+
+  lwm2m[.name] {
+
+    ## variable support
+    mountpoint: lwm2m/%e/
+
+    lifetime_min: 1s
+    lifetime_max: 86400s
+    #qmode_time_window: 22
+    #auto_observe: off
+
+    #update_msg_publish_condition: contains_object_list
+
+    xml_dir: {{ platform_etc_dir }}/lwm2m_xml
+
+    clientinfo_override: {
+        username: ${register.opts.uname}
+        password: ${register.opts.passwd}
+        clientid: ${epn}
+    }
+
+    #authenticator: allow_anonymous
+    authenticator: [
+      {
+        type: auth-http
+        method: post
+        //?? how to generate clientinfo ??
+        params: $client.credential
+      }
+    ]
+
+    translator: {
+      downlink: "dn/#"
+      uplink: {
+        notify: "up/notify"
+        response: "up/resp"
+        register: "up/resp"
+        update: "up/reps"
+      }
+    }
+
+    %% ?? listener.$type.name ??
+    listener.udp[.name] {
+      listen_on: 0.0.0.0:5683
+      max_connections: 1024000
+      max_conn_rate: 1000
+      ## ?? udp keepalive in socket level ???
+      #keepalive:
+      ## ?? udp proxy-protocol in socket level ???
+      #proxy_protocol: on
+      #proxy_timeout: 30s
+      recbuf: 2KB
+      sndbuf: 2KB
+      buffer: 2KB
+      tune_buffer: off
+      #access: allow all
+      read_packets: 20
+    }
+
+    listener.dtls[.name] {
+      listen_on: 0.0.0.0:5684
+        ...
+    }
+  }
+
+  ## The CoAP Gateway
+  coap[.name] {
+
+    #enable_stats: on
+
+    authenticator: [
+      ...
+    ]
+
+    listener.udp[.name] {
+      ...
+    }
+
+    listener.dtls[.name] {
+      ...
+    }
+}
+
+  ## The Stomp Gateway
+  stomp[.name] {
+
+    allow_anonymous: true
+
+    default_user.login: guest
+    default_user.passcode: guest
+
+    frame.max_headers: 10
+    frame.max_header_length: 1024
+    frame.max_body_length: 8192
+
+    listener.tcp[.name] {
+        ...
+    }
+
+    listener.ssl[.name] {
+        ...
+    }
+  }
+
+  exproto[.name] {
+
+    proto_name: DL-648
+
+    authenticators: [...]
+
+    adapter: {
+      type: grpc
+      options: {
+        listen_on: 9100
+      }
+    }
+
+    handler: {
+      type: grpc
+        options: {
+          url: <http://127.0.0.1:9001>
+        }
+    }
+
+    listener.tcp[.name] {
+        ...
+    }
+  }
+
+  ## ============================ Enterpise gateways
+
+  ## The JT/T 808 Gateway
+  jtt808[.name] {
+
+    idle_timeout: 30s
+    enable_stats: on
+    max_packet_size: 8192
+
+    clientinfo_override: {
+      clientid: $phone
+      username: xxx
+      password: xxx
+    }
+
+    authenticator: [
+      {
+        type: auth-http
+        method: post
+        params: $clientinfo.credential
+        }
+    ]
+
+    translator: {
+      subscribe: [jt808/%c/dn]
+      publish: [jt808/%c/up]
+    }
+
+    listener.tcp[.name] {
+        ...
+    }
+
+    listener.ssl[.name] {
+        ...
+    }
+  }
+
+  gbt32960[.name] {
+
+    frame.max_length: 8192
+    retx_interval: 8s
+    retx_max_times: 3
+    message_queue_len: 10
+
+    authenticators: [...]
+
+    translator: {
+      ## upstream
+      login: gbt32960/${vin}/upstream/vlogin
+      logout: gbt32960/${vin}/upstream/vlogout
+      informing: gbt32960/${vin}/upstream/info
+      reinforming: gbt32960/${vin}/upstream/reinfo
+      ## downstream
+      downstream: gbt32960/${vin}/dnstream
+      response: gbt32960/${vin}/upstream/response
+    }
+
+    listener.tcp[.name] {
+        ...
+    }
+
+    listener.ssl[.name] {
+        ...
+    }
+  }
+
+  privtcp[.name] {
+
+    max_packet_size: 65535
+    idle_timeout: 15s
+
+    enable_stats: on
+
+    force_gc_policy: 1000|1MB
+    force_shutdown_policy: 8000|800MB
+
+    translator: {
+        up_topic: tcp/%c/up
+        dn_topic: tcp/%c/dn
+    }
+
+    listener.tcp[.name]: {
+        ...
+    }
+  }
+}
+```
+
+#### CLI
+
+##### Gateway
+
+```bash
+## List all started gateway and gateway-instance
+emqx_ctl gateway list
+emqx_ctl gateway lookup <GatewayId>
+emqx_ctl gateway stop   <GatewayId>
+emqx_ctl gateway start  <GatewayId>
+
+emqx_ctl gateway-registry re-searching
+emqx_ctl gateway-registry list
+
+emqx_ctl gateway-clients list <Type>
+emqx_ctl gateway-clients show <Type> <ClientId>
+emqx_ctl gateway-clients kick <Type> <ClientId>
+
+## Banned ??
+emqx_ctl gateway-banned
+
+## Metrics
+emqx_ctl gateway-metrics [<GatewayId>]
+```
+
+#### Mangement by HTTP-API/Dashboard/
+
+#### How to integrate a protocol to your platform
+
+### Develop your protocol gateway
+
+There are 3 way to create your protocol gateway for EMQ X 5.0:
+
+1. Use Erlang to create a new emqx plugin to handle all of protocol packets (same as v5.0 before)
+
+2. Based on the emqx-gateway-impl-bhvr and emqx-gateway
+
+3. Use the gRPC Gateway
diff --git a/apps/emqx_gateway/etc/emqx_gateway.conf b/apps/emqx_gateway/etc/emqx_gateway.conf
new file mode 100644
index 000000000..ab5b52143
--- /dev/null
+++ b/apps/emqx_gateway/etc/emqx_gateway.conf
@@ -0,0 +1,30 @@
+##--------------------------------------------------------------------
+## EMQ X Gateway configurations
+##--------------------------------------------------------------------
+
+## TODO:
+
+emqx_gateway: {
+    stomp.1: {
+        frame: {
+            max_headers: 10
+            max_headers_length: 1024
+            max_body_length: 8192
+        }
+
+        clientinfo_override: {
+            username: "${Packet.headers.login}"
+            password: "${Packet.headers.passcode}"
+        }
+
+        authenticator: allow_anonymous
+
+        listener.tcp.1: {
+            bind: 61613
+            acceptors: 16
+            max_connections: 1024000
+            max_conn_rate: 1000
+            active_n: 100
+        }
+    }
+}
diff --git a/apps/emqx_gateway/include/emqx_gateway.hrl b/apps/emqx_gateway/include/emqx_gateway.hrl
new file mode 100644
index 000000000..35fad7f23
--- /dev/null
+++ b/apps/emqx_gateway/include/emqx_gateway.hrl
@@ -0,0 +1,35 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2017-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-ifndef(EMQX_GATEWAY_HRL).
+-define(EMQX_GATEWAY_HRL, 1).
+
+-type instance_id()  :: atom().
+-type gateway_type() :: atom().
+
+%% @doc The Gateway Instace defination
+-type instance() ::
+        #{ id      := instance_id()
+         , type    := gateway_type()
+         , name    := binary()
+         , descr   => binary() | undefined
+         %% Appears only in creating or detailed info
+         , rawconf => map()
+         %% Appears only in getting instance status/info
+         , status  => stopped | running
+         }.
+
+-endif.
diff --git a/apps/emqx_gateway/rebar.config b/apps/emqx_gateway/rebar.config
new file mode 100644
index 000000000..71fc61330
--- /dev/null
+++ b/apps/emqx_gateway/rebar.config
@@ -0,0 +1,7 @@
+{erl_opts, [debug_info]}.
+{deps, []}.
+
+{shell, [
+  % {config, "config/sys.config"},
+    {apps, [emqx_gateway]}
+]}.
diff --git a/apps/emqx_gateway/src/bhvrs/emqx_gateway_conn.erl b/apps/emqx_gateway/src/bhvrs/emqx_gateway_conn.erl
new file mode 100644
index 000000000..7392f0b20
--- /dev/null
+++ b/apps/emqx_gateway/src/bhvrs/emqx_gateway_conn.erl
@@ -0,0 +1,22 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% @doc The behavior abstrat for TCP based gateway conn
+%%
+-module(emqx_gateway_conn).
+
+%% TODO: Gateway v0.2
+
diff --git a/apps/emqx_gateway/src/bhvrs/emqx_gateway_impl.erl b/apps/emqx_gateway/src/bhvrs/emqx_gateway_impl.erl
new file mode 100644
index 000000000..9726dad02
--- /dev/null
+++ b/apps/emqx_gateway/src/bhvrs/emqx_gateway_impl.erl
@@ -0,0 +1,49 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_gateway_impl).
+
+-include("include/emqx_gateway.hrl").
+
+-type state() :: map().
+-type reason() :: any().
+
+%% @doc
+-callback init(Options :: list()) -> {error, reason()} | {ok, GwState :: state()}.
+
+%% @doc
+-callback on_insta_create(Insta :: instance(),
+                          Ctx :: emqx_gateway_ctx:context(),
+                          GwState :: state()
+                         )
+    -> {error, reason()}
+     | {ok, [GwInstaPid :: pid()], GwInstaState :: state()}
+     | {ok, [Childspec :: supervisor:child_spec()], GwInstaState :: state()}.
+
+%% @doc
+-callback on_insta_update(NewInsta :: instance(),
+                          OldInsta :: instance(),
+                          GwInstaState :: state(),
+                          GwState :: state())
+    -> ok
+     | {ok, [GwInstaPid :: pid()], GwInstaState :: state()}
+     | {ok, [Childspec :: supervisor:child_spec()], GwInstaState :: state()}
+     | {error, reason()}.
+
+%% @doc
+-callback on_insta_destroy(Insta :: instance(),
+                           GwInstaState :: state(),
+                           GwState :: state()) -> ok.
diff --git a/apps/emqx_gateway/src/emqx_gateway.app.src b/apps/emqx_gateway/src/emqx_gateway.app.src
new file mode 100644
index 000000000..287d710eb
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway.app.src
@@ -0,0 +1,11 @@
+{application, emqx_gateway,
+ [{description, "The Gateway management application"},
+  {vsn, "0.1.0"},
+  {registered, []},
+  {mod, {emqx_gateway_app, []}},
+  {applications, [kernel, stdlib]},
+  {env, []},
+  {modules, []},
+  {licenses, ["Apache 2.0"]},
+  {links, []}
+ ]}.
diff --git a/apps/emqx_gateway/src/emqx_gateway.erl b/apps/emqx_gateway/src/emqx_gateway.erl
new file mode 100644
index 000000000..f6c12ad53
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway.erl
@@ -0,0 +1,84 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_gateway).
+
+-include("include/emqx_gateway.hrl").
+
+%% APIs
+-export([ registered_gateway/0
+        , create/4
+        , remove/1
+        , lookup/1
+        , update/1
+        , start/1
+        , stop/1
+        , list/0
+        ]).
+
+-spec registered_gateway() ->
+    [{gateway_type(), emqx_gateway_registry:descriptor()}].
+registered_gateway() ->
+    emqx_gateway_registry:list().
+
+%%--------------------------------------------------------------------
+%% Gateway Instace APIs
+
+-spec list() -> [instance()].
+list() ->
+    lists:append(lists:map(
+      fun({_, Insta}) -> Insta end,
+      emqx_gateway_sup:list_gateway_insta()
+     )).
+
+-spec create(gateway_type(), binary(), binary(), map())
+    -> {ok, pid()}
+     | {error, any()}.
+create(Type, Name, Descr, RawConf) ->
+    Insta = #{ id => clacu_insta_id(Type, Name)
+             , type => Type
+             , name => Name
+             , descr => Descr
+             , rawconf => RawConf
+             },
+    emqx_gateway_sup:create_gateway_insta(Insta).
+
+-spec remove(instance_id()) -> ok | {error, any()}.
+remove(InstaId) ->
+    emqx_gateway_sup:remove_gateway_insta(InstaId).
+
+-spec lookup(instance_id()) -> instance() | undefined.
+lookup(InstaId) ->
+    emqx_gateway_sup:lookup_gateway_insta(InstaId).
+
+-spec update(instance()) -> ok | {error, any()}.
+update(NewInsta) ->
+    emqx_gateway_sup:update_gateway_insta(NewInsta).
+
+-spec start(instance_id()) -> ok | {error, any()}.
+start(InstaId) ->
+    emqx_gateway_sup:start_gateway_insta(InstaId).
+
+-spec stop(instance_id()) -> ok | {error, any()}.
+stop(InstaId) ->
+    emqx_gateway_sup:stop_gateway_insta(InstaId).
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+%%--------------------------------------------------------------------
+
+clacu_insta_id(Type, Name) when is_binary(Name) ->
+    list_to_atom(lists:concat([Type, "#", binary_to_list(Name)])).
diff --git a/apps/emqx_gateway/src/emqx_gateway_app.erl b/apps/emqx_gateway/src/emqx_gateway_app.erl
new file mode 100644
index 000000000..230776b73
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_app.erl
@@ -0,0 +1,93 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_gateway_app).
+
+-behaviour(application).
+
+-include_lib("emqx/include/logger.hrl").
+
+-emqx_plugin(?MODULE).
+
+-logger_header("[Gateway]").
+
+-export([start/2, stop/1]).
+
+start(_StartType, _StartArgs) ->
+    {ok, Sup} = emqx_gateway_sup:start_link(),
+    emqx_gateway_cli:load(),
+    load_default_gateway_applications(),
+    create_gateway_by_default(),
+    {ok, Sup}.
+
+stop(_State) ->
+    emqx_gateway_cli:unload(),
+    ok.
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+
+load_default_gateway_applications() ->
+    Apps = gateway_type_searching(),
+    ?LOG(info, "Starting the default gateway types: ~p", [Apps]),
+    lists:foreach(fun load/1, Apps).
+
+gateway_type_searching() ->
+    %% FIXME: Hardcoded apps
+    [emqx_stomp_impl].
+
+load(Mod) ->
+    try
+        Mod:load(),
+        ?LOG(info, "Load ~s gateway application successfully!", [Mod])
+    catch
+        Class : Reason ->
+            ?LOG(error, "Load ~s gateway application failed: {~p, ~p}",
+                        [Mod, Class, Reason])
+    end.
+
+create_gateway_by_default() ->
+    create_gateway_by_default(zipped_confs()).
+
+create_gateway_by_default([]) ->
+    ok;
+create_gateway_by_default([{Type, Name, Confs}|More]) ->
+    case emqx_gateway_registry:lookup(Type) of
+        undefined ->
+            ?LOG(error, "Skip to start ~p#~p: not_registred_type",
+                        [Type, Name]);
+        _ ->
+            case emqx_gateway:create(Type,
+                                     atom_to_binary(Name, utf8),
+                                     <<>>,
+                                     Confs) of
+                {ok, _} ->
+                    ?LOG(debug, "Start ~p#~p successfully!", [Type, Name]);
+                {error, Reason} ->
+                    ?LOG(error, "Start ~p#~p failed: ~0p",
+                                [Type, Name, Reason])
+            end
+    end,
+    create_gateway_by_default(More).
+
+zipped_confs() ->
+    All = maps:to_list(emqx_config:get([emqx_gateway])),
+    lists:append(lists:foldr(
+      fun({Type, Gws}, Acc) ->
+        {Names, Confs} = lists:unzip(maps:to_list(Gws)),
+        Types = [ Type || _ <- lists:seq(1, length(Names))],
+        [lists:zip3(Types, Names, Confs) | Acc]
+      end, [], All)).
diff --git a/apps/emqx_gateway/src/emqx_gateway_cli.erl b/apps/emqx_gateway/src/emqx_gateway_cli.erl
new file mode 100644
index 000000000..beb3e5eae
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_cli.erl
@@ -0,0 +1,201 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% @doc The Command-Line-Interface module for Gateway Application
+-module(emqx_gateway_cli).
+
+-export([ load/0
+        , unload/0
+        ]).
+
+-export([ gateway/1
+        , 'gateway-registry'/1
+        , 'gateway-clients'/1
+        , 'gateway-metrics'/1
+        %, 'gateway-banned'/1
+        ]).
+
+-spec load() -> ok.
+load() ->
+    Cmds = [Fun || {Fun, _} <- ?MODULE:module_info(exports), is_cmd(Fun)],
+    lists:foreach(fun(Cmd) -> emqx_ctl:register_command(Cmd, {?MODULE, Cmd}, []) end, Cmds).
+
+-spec unload() -> ok.
+unload() ->
+    Cmds = [Fun || {Fun, _} <- ?MODULE:module_info(exports), is_cmd(Fun)],
+    lists:foreach(fun(Cmd) -> emqx_ctl:unregister_command(Cmd) end, Cmds).
+
+is_cmd(Fun) ->
+    not lists:member(Fun, [init, load, module_info]).
+
+
+%%--------------------------------------------------------------------
+%% Cmds
+
+gateway(["list"]) ->
+    lists:foreach(fun(#{id := InstaId, name := Name, type := Type}) ->
+        %% FIXME: Get the real running status
+        emqx_ctl:print("Gateway(~s, name=~s, type=~s, status=running~n",
+                       [InstaId, Name, Type])
+    end, emqx_gateway:list());
+
+gateway(["lookup", GatewayInstaId]) ->
+    case emqx_gateway:lookup(GatewayInstaId) of
+        undefined ->
+            emqx_ctl:print("undefined");
+        Info ->
+            emqx_ctl:print("~p~n", [Info])
+    end;
+
+gateway(["stop", GatewayInstaId]) ->
+    case emqx_gateway:stop(GatewayInstaId) of
+        ok ->
+            emqx_ctl:print("ok");
+        {error, Reason} ->
+            emqx_ctl:print("Error: ~p~n", [Reason])
+    end;
+
+gateway(["start", GatewayInstaId]) ->
+    case emqx_gateway:start(GatewayInstaId) of
+        ok ->
+            emqx_ctl:print("ok");
+        {error, Reason} ->
+            emqx_ctl:print("Error: ~p~n", [Reason])
+    end;
+
+gateway(_) ->
+    %% TODO: create/remove APIs
+    emqx_ctl:usage([ {"gateway list",
+                        "List all created gateway instances"}
+                   , {"gateway lookup <GatewayId>",
+                        "Looup a gateway detailed informations"}
+                   , {"gateway stop   <GatewayId>",
+                        "Stop a gateway instance and release all resources"}
+                   , {"gateway start  <GatewayId>",
+                        "Start a gateway instance"}
+                   ]).
+
+'gateway-registry'(["list"]) ->
+    lists:foreach(
+      fun({GwType, #{cbkmod := CbMod}}) ->
+        emqx_ctl:print("Registered Type: ~s, Callback Module: ~s~n", [GwType, CbMod])
+      end,
+    emqx_gateway_registry:list());
+
+'gateway-registry'(_) ->
+    emqx_ctl:usage([ {"gateway-registry list",
+                        "List all registered gateway types"}
+                   ]).
+
+'gateway-clients'(["list", Type]) ->
+    InfoTab = emqx_gateway_cm:tabname(info, Type),
+    dump(InfoTab, client);
+
+'gateway-clients'(["lookup", Type, ClientId]) ->
+    ChanTab = emqx_gateway_cm:tabname(chan, Type),
+    case ets:lookup(ChanTab, bin(ClientId)) of
+        [] -> emqx_ctl:print("Not Found.~n");
+        [Chann] ->
+            InfoTab = emqx_gateway_cm:tabname(info, Type),
+            [ChannInfo] = ets:lookup(InfoTab, Chann),
+            print({client, ChannInfo})
+    end;
+
+'gateway-clients'(["kick", Type, ClientId]) ->
+    case emqx_gateway_cm:kick_session(Type, bin(ClientId)) of
+        ok -> emqx_ctl:print("ok~n");
+        _ -> emqx_ctl:print("Not Found.~n")
+    end;
+
+'gateway-clients'(_) ->
+    emqx_ctl:usage([ {"gateway-clients list   <Type>",
+                        "List all clients for a type of gateway"}
+                   , {"gateway-clients lookup <Type> <ClientId>",
+                        "Lookup the Client Info for specified client"}
+                   , {"gateway-clients kick   <Type> <ClientId>",
+                        "Kick out a client"}
+                   ]).
+
+'gateway-metrics'([GatewayType]) ->
+    Tab = emqx_gateway_metrics:tabname(GatewayType),
+    case ets:info(Tab) of
+        undefined ->
+            emqx_ctl:print("Bad Gateway Tyep.~n");
+        _ ->
+            lists:foreach(
+              fun({K, V}) ->
+                emqx_ctl:print("~-30s: ~w~n", [K, V])
+              end, lists:sort(ets:tab2list(Tab)))
+    end;
+
+'gateway-metrics'(_) ->
+    emqx_ctl:usage([ {"gateway-metrics <Type>",
+                        "List all metrics for a type of gateway"}
+                   ]).
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+%%--------------------------------------------------------------------
+
+bin(S) -> iolist_to_binary(S).
+
+dump(Table, Tag) ->
+    dump(Table, Tag, ets:first(Table), []).
+
+dump(_Table, _, '$end_of_table', Result) ->
+    lists:reverse(Result);
+
+dump(Table, Tag, Key, Result) ->
+    PrintValue = [print({Tag, Record}) || Record <- ets:lookup(Table, Key)],
+    dump(Table, Tag, ets:next(Table, Key), [PrintValue | Result]).
+
+print({client, {_, Infos, Stats}}) ->
+    ClientInfo = maps:get(clientinfo, Infos, #{}),
+    ConnInfo   = maps:get(conninfo, Infos, #{}),
+    _Session    = maps:get(session, Infos, #{}),
+    SafeGet    = fun(K, M) -> maps:get(K, M, undefined) end,
+    StatsGet   = fun(K) -> proplists:get_value(K, Stats, 0) end,
+
+    ConnectedAt = SafeGet(connected_at, ConnInfo),
+    InfoKeys = [clientid, username, peername, clean_start, keepalive,
+                subscriptions_cnt, send_msg, connected, created_at, connected_at],
+    Info = #{ clientid => SafeGet(clientid, ClientInfo),
+              username => SafeGet(username, ClientInfo),
+              peername => SafeGet(peername, ConnInfo),
+              clean_start => SafeGet(clean_start, ConnInfo),
+              keepalive => SafeGet(keepalive, ConnInfo),
+              subscriptions_cnt => StatsGet(subscriptions_cnt),
+              send_msg => StatsGet(send_msg),
+              connected => SafeGet(conn_state, ClientInfo) == connected,
+              created_at => ConnectedAt,
+              connected_at => ConnectedAt
+            },
+
+    emqx_ctl:print("Client(~s, username=~s, peername=~s, "
+                   "clean_start=~s, keepalive=~w, "
+                   "subscriptions=~w, delivered_msgs=~w, "
+                   "connected=~s, created_at=~w, connected_at=~w)~n",
+                [format(K, maps:get(K, Info)) || K <- InfoKeys]).
+
+format(_, undefined) ->
+    undefined;
+
+format(peername, {IPAddr, Port}) ->
+    IPStr = emqx_mgmt_util:ntoa(IPAddr),
+    io_lib:format("~s:~p", [IPStr, Port]);
+
+format(_, Val) ->
+    Val.
diff --git a/apps/emqx_gateway/src/emqx_gateway_cm.erl b/apps/emqx_gateway/src/emqx_gateway_cm.erl
new file mode 100644
index 000000000..f8ca18c1a
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_cm.erl
@@ -0,0 +1,447 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% @doc The gateway connection management
+-module(emqx_gateway_cm).
+
+-behaviour(gen_server).
+
+-include("include/emqx_gateway.hrl").
+-include_lib("emqx/include/logger.hrl").
+
+-logger_header("[PGW-CM]").
+
+%% APIs
+-export([start_link/1]).
+
+-export([ open_session/5
+        , kick_session/2
+        , kick_session/3
+        , register_channel/4
+        , unregister_channel/2
+        , insert_channel_info/4
+        , set_chan_info/3
+        , set_chan_info/4
+        , get_chan_info/2
+        , get_chan_info/3
+        , set_chan_stats/3
+        , set_chan_stats/4
+        , get_chan_stats/2
+        , get_chan_stats/3
+        , connection_closed/2
+        ]).
+
+%% Internal funcs for getting tabname by GatewayId
+-export([cmtabs/1, tabname/2]).
+
+%% gen_server callbacks
+-export([ init/1
+        , handle_call/3
+        , handle_cast/2
+        , handle_info/2
+        , terminate/2
+        , code_change/3
+        ]).
+
+-record(state, {
+          type      :: atom(),    %% Gateway Id
+          locker    :: pid(),     %% ClientId Locker for CM
+          registry  :: pid(),     %% ClientId Registry server
+          chan_pmon :: emqx_pmon:pmon()
+         }).
+
+-define(T_TAKEOVER, 15000).
+
+%%--------------------------------------------------------------------
+%% APIs
+%%--------------------------------------------------------------------
+
+%% XXX: Options for cm process
+start_link(Options) ->
+    Type = proplists:get_value(type, Options),
+    gen_server:start_link({local, procname(Type)}, ?MODULE, Options, []).
+
+procname(Type) ->
+    list_to_atom(lists:concat([emqx_gateway_, Type, '_cm'])).
+
+-spec cmtabs(Type :: atom()) -> {ChanTab :: atom(),
+                                 ConnTab :: atom(),
+                                 ChannInfoTab :: atom()}.
+cmtabs(Type) ->
+    { tabname(chan, Type)   %% Client Tabname; Record: {ClientId, Pid}
+    , tabname(conn, Type)   %% Client ConnMod; Recrod: {{ClientId, Pid}, ConnMod}
+    , tabname(info, Type)   %% ClientInfo Tabname; Record: {{ClientId, Pid}, ClientInfo, ClientStats}
+    }.
+
+tabname(chan, Type) ->
+    list_to_atom(lists:concat([emqx_gateway_, Type, '_channel']));
+tabname(conn, Type) ->
+    list_to_atom(lists:concat([emqx_gateway_, Type, '_channel_conn']));
+tabname(info, Type) ->
+    list_to_atom(lists:concat([emqx_gateway_, Type, '_channel_info'])).
+
+lockername(Type) ->
+    list_to_atom(lists:concat([emqx_gateway_, Type, '_locker'])).
+
+-spec register_channel(atom(), binary(), pid(), emqx_types:conninfo()) -> ok.
+register_channel(Type, ClientId, ChanPid, #{conn_mod := ConnMod}) when is_pid(ChanPid) ->
+    Chan = {ClientId, ChanPid},
+    true = ets:insert(tabname(chan, Type), Chan),
+    true = ets:insert(tabname(conn, Type), {Chan, ConnMod}),
+    ok = emqx_gateway_cm_registry:register_channel(Type, Chan),
+    cast(procname(Type), {registered, Chan}).
+
+%% @doc Unregister a channel.
+-spec unregister_channel(atom(), emqx_types:clientid()) -> ok.
+unregister_channel(Type, ClientId) when is_binary(ClientId) ->
+    true = do_unregister_channel(Type, {ClientId, self()}, cmtabs(Type)),
+    ok.
+
+%% @doc Insert/Update the channel info and stats
+-spec insert_channel_info(atom(),
+                          emqx_types:clientid(),
+                          emqx_types:infos(),
+                          emqx_types:stats()) -> ok.
+insert_channel_info(Type, ClientId, Info, Stats) ->
+    Chan = {ClientId, self()},
+    true = ets:insert(tabname(info, Type), {Chan, Info, Stats}),
+    %%?tp(debug, insert_channel_info, #{client_id => ClientId}),
+    ok.
+
+%% @doc Get info of a channel.
+-spec get_chan_info(gateway_type(), emqx_types:clientid())
+      -> emqx_types:infos() | undefined.
+get_chan_info(Type, ClientId) ->
+    with_channel(Type, ClientId,
+        fun(ChanPid) ->
+            get_chan_info(Type, ClientId, ChanPid)
+        end).
+
+-spec get_chan_info(gateway_type(), emqx_types:clientid(), pid())
+      -> emqx_types:infos() | undefined.
+get_chan_info(Type, ClientId, ChanPid) when node(ChanPid) == node() ->
+    Chan = {ClientId, ChanPid},
+    try ets:lookup_element(tabname(info, Type), Chan, 2)
+    catch
+        error:badarg -> undefined
+    end;
+get_chan_info(Type, ClientId, ChanPid) ->
+    rpc_call(node(ChanPid), get_chan_info, [Type, ClientId, ChanPid]).
+
+%% @doc Update infos of the channel.
+-spec set_chan_info(gateway_type(),
+                    emqx_types:clientid(),
+                    emqx_types:infos()) -> boolean().
+set_chan_info(Type, ClientId, Infos) ->
+    set_chan_info(Type, ClientId, self(), Infos).
+
+-spec set_chan_info(gateway_type(),
+                    emqx_types:clientid(),
+                    pid(),
+                    emqx_types:infos()) -> boolean().
+set_chan_info(Type, ClientId, ChanPid, Infos) when node(ChanPid) == node() ->
+    Chan = {ClientId, ChanPid},
+    try ets:update_element(tabname(info, Type), Chan, {2, Infos})
+    catch
+        error:badarg -> false
+    end;
+set_chan_info(Type, ClientId, ChanPid, Infos) ->
+    rpc_call(node(ChanPid), set_chan_info, [Type, ClientId, ChanPid, Infos]).
+
+%% @doc Get channel's stats.
+-spec get_chan_stats(gateway_type(), emqx_types:clientid())
+      -> emqx_types:stats() | undefined.
+get_chan_stats(Type, ClientId) ->
+    with_channel(Type, ClientId,
+        fun(ChanPid) ->
+            get_chan_stats(Type, ClientId, ChanPid)
+        end).
+
+-spec get_chan_stats(gateway_type(), emqx_types:clientid(), pid())
+      -> emqx_types:stats() | undefined.
+get_chan_stats(Type, ClientId, ChanPid) when node(ChanPid) == node() ->
+    Chan = {ClientId, ChanPid},
+    try ets:lookup_element(tabname(info, Type), Chan, 3)
+    catch
+        error:badarg -> undefined
+    end;
+get_chan_stats(Type, ClientId, ChanPid) ->
+    rpc_call(node(ChanPid), get_chan_stats, [Type, ClientId, ChanPid]).
+
+-spec set_chan_stats(gateway_type(),
+                     emqx_types:clientid(),
+                     emqx_types:stats()) -> boolean().
+set_chan_stats(Type, ClientId, Stats) ->
+    set_chan_stats(Type, ClientId, self(), Stats).
+
+-spec set_chan_stats(gateway_type(),
+                     emqx_types:clientid(),
+                     pid(),
+                     emqx_types:stats()) -> boolean().
+set_chan_stats(Type, ClientId, ChanPid, Stats)  when node(ChanPid) == node() ->
+    Chan = {ClientId, self()},
+    try ets:update_element(tabname(info, Type), Chan, {3, Stats})
+    catch
+        error:badarg -> false
+    end;
+set_chan_stats(Type, ClientId, ChanPid, Stats) ->
+    rpc_call(node(ChanPid), set_chan_stats, [Type, ClientId, ChanPid, Stats]).
+
+-spec connection_closed(gateway_type(), emqx_types:clientid()) -> true.
+connection_closed(Type, ClientId) ->
+    %% XXX: Why we need to delete conn_mod tab ???
+    Chan = {ClientId, self()},
+    ets:delete_object(tabname(conn, Type), Chan).
+
+-spec open_session(Type :: atom(), CleanStart :: boolean(),
+                   ClientInfo :: emqx_types:clientinfo(),
+                   ConnInfo :: emqx_types:conninfo(),
+                   CreateSessionFun :: function())
+    -> {ok, #{session := map(),
+              present := boolean(),
+              pendings => list()
+          }}
+     | {error, any()}.
+
+open_session(Type, true = _CleanStart, ClientInfo, ConnInfo, CreateSessionFun) ->
+    Self = self(),
+    ClientId = maps:get(clientid, ClientInfo),
+    Fun = fun(_) ->
+              ok = discard_session(Type, ClientId),
+              Session = create_session(Type,
+                                       ClientInfo,
+                                       ConnInfo,
+                                       CreateSessionFun
+                                      ),
+              register_channel(Type, ClientId, Self, ConnInfo),
+              {ok, #{session => Session, present => false}}
+          end,
+    locker_trans(Type, ClientId, Fun);
+
+open_session(_Type, false = _CleanStart,
+             _ClientInfo, _ConnInfo, _CreateSessionFun) ->
+    {error, not_supported_now}.
+
+%% @private
+create_session(_Type, ClientInfo, ConnInfo, CreateSessionFun) ->
+    try
+        Session = emqx_gateway_utils:apply(
+                    CreateSessionFun,
+                    [ClientInfo, ConnInfo]
+                   ),
+        %% TODO: v0.2 session metrics & hooks
+        %ok = emqx_metrics:inc('session.created'),
+        %ok = emqx_hooks:run('session.created', [ClientInfo, emqx_session:info(Session)]),
+        Session
+    catch
+        Class : Reason : Stk ->
+            ?LOG(error, "Failed to create a session: ~p, ~p "
+                        "Stacktrace:~0p", [Class, Reason, Stk]),
+        throw(Reason)
+    end.
+
+%% @doc Discard all the sessions identified by the ClientId.
+-spec discard_session(Type :: atom(), binary()) -> ok.
+discard_session(Type, ClientId) when is_binary(ClientId) ->
+    case lookup_channels(Type, ClientId) of
+        [] -> ok;
+        ChanPids -> lists:foreach(fun(Pid) -> do_discard_session(Type, ClientId, Pid) end, ChanPids)
+    end.
+
+%% @private
+do_discard_session(Type, ClientId, Pid) ->
+    try
+        discard_session(Type, ClientId, Pid)
+    catch
+        _ : noproc -> % emqx_ws_connection: call
+            %?tp(debug, "session_already_gone", #{pid => Pid}),
+            ok;
+        _ : {noproc, _} -> % emqx_connection: gen_server:call
+            %?tp(debug, "session_already_gone", #{pid => Pid}),
+            ok;
+        _ : {{shutdown, _}, _} ->
+            %?tp(debug, "session_already_shutdown", #{pid => Pid}),
+            ok;
+        _ : _Error : _St ->
+            %?tp(error, "failed_to_discard_session",
+            %    #{pid => Pid, reason => Error, stacktrace=>St})
+            ok
+    end.
+
+%% @private
+discard_session(Type, ClientId, ChanPid) when node(ChanPid) == node() ->
+    case get_chann_conn_mod(Type, ClientId, ChanPid) of
+        undefined -> ok;
+        ConnMod when is_atom(ConnMod) ->
+            ConnMod:call(ChanPid, discard, ?T_TAKEOVER)
+    end;
+
+%% @private
+discard_session(Type, ClientId, ChanPid) ->
+    rpc_call(node(ChanPid), discard_session, [Type, ClientId, ChanPid]).
+
+-spec kick_session(gateway_type(), emqx_types:clientid())
+    -> {error, any()}
+     | ok.
+kick_session(Type, ClientId) ->
+    case lookup_channels(Type, ClientId) of
+        [] -> {error, not_found};
+        [ChanPid] ->
+            kick_session(Type, ClientId, ChanPid);
+        ChanPids ->
+            [ChanPid|StalePids] = lists:reverse(ChanPids),
+            ?LOG(error, "More than one channel found: ~p", [ChanPids]),
+            lists:foreach(fun(StalePid) ->
+                              catch discard_session(Type, ClientId, StalePid)
+                          end, StalePids),
+            kick_session(Type, ClientId, ChanPid)
+    end.
+
+kick_session(Type, ClientId, ChanPid) when node(ChanPid) == node() ->
+    case get_chan_info(Type, ClientId, ChanPid) of
+        #{conninfo := #{conn_mod := ConnMod}} ->
+            ConnMod:call(ChanPid, kick, ?T_TAKEOVER);
+        undefined ->
+            {error, not_found}
+    end;
+
+kick_session(Type, ClientId, ChanPid) ->
+    rpc_call(node(ChanPid), kick_session, [Type, ClientId, ChanPid]).
+
+with_channel(Type, ClientId, Fun) ->
+    case lookup_channels(Type, ClientId) of
+        []    -> undefined;
+        [Pid] -> Fun(Pid);
+        Pids  -> Fun(lists:last(Pids))
+    end.
+
+%% @doc Lookup channels.
+-spec(lookup_channels(atom(), emqx_types:clientid()) -> list(pid())).
+lookup_channels(Type, ClientId) ->
+    emqx_gateway_cm_registry:lookup_channels(Type, ClientId).
+
+get_chann_conn_mod(Type, ClientId, ChanPid) when node(ChanPid) == node() ->
+    Chan = {ClientId, ChanPid},
+    try [ConnMod] = ets:lookup_element(tabname(conn, Type), Chan, 2), ConnMod
+    catch
+        error:badarg -> undefined
+    end;
+get_chann_conn_mod(Type, ClientId, ChanPid) ->
+    rpc_call(node(ChanPid), get_chann_conn_mod, [Type, ClientId, ChanPid]).
+
+%% Locker
+
+locker_trans(_Type, undefined, Fun) ->
+    Fun([]);
+locker_trans(Type, ClientId, Fun) ->
+    Locker = lockername(Type),
+    case locker_lock(Locker, ClientId) of
+        {true, Nodes} ->
+            try Fun(Nodes) after locker_unlock(Locker, ClientId) end;
+        {false, _Nodes} ->
+            {error, client_id_unavailable}
+    end.
+
+locker_lock(Locker, ClientId) ->
+    ekka_locker:acquire(Locker, ClientId, quorum).
+
+locker_unlock(Locker, ClientId) ->
+    ekka_locker:release(Locker, ClientId, quorum).
+
+%% @private
+rpc_call(Node, Fun, Args) ->
+    case rpc:call(Node, ?MODULE, Fun, Args) of
+        {badrpc, Reason} -> error(Reason);
+        Res -> Res
+    end.
+
+cast(Name, Msg) ->
+    gen_server:cast(Name, Msg).
+
+%%--------------------------------------------------------------------
+%% gen_server callbacks
+%%--------------------------------------------------------------------
+
+init(Options) ->
+    Type = proplists:get_value(type, Options),
+
+    TabOpts = [public, {write_concurrency, true}],
+
+    {ChanTab, ConnTab, InfoTab} = cmtabs(Type),
+    ok = emqx_tables:new(ChanTab, [bag, {read_concurrency, true}|TabOpts]),
+    ok = emqx_tables:new(ConnTab, [bag | TabOpts]),
+    ok = emqx_tables:new(InfoTab, [set, compressed | TabOpts]),
+
+    %% Start link cm-registry process
+    %% XXX: Should I hang it under a higher level supervisor?
+    {ok, Registry} = emqx_gateway_cm_registry:start_link(Type),
+
+    %% Start locker process
+    {ok, Locker} = ekka_locker:start_link(lockername(Type)),
+
+    %% Interval update stats
+    %% TODO: v0.2
+    %ok = emqx_stats:update_interval(chan_stats, fun ?MODULE:stats_fun/0),
+
+    {ok, #state{type = Type,
+                locker = Locker,
+                registry = Registry,
+                chan_pmon = emqx_pmon:new()}}.
+
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast({registered, {ClientId, ChanPid}}, State = #state{chan_pmon = PMon}) ->
+    PMon1 = emqx_pmon:monitor(ChanPid, ClientId, PMon),
+    {noreply, State#state{chan_pmon = PMon1}};
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info({'DOWN', _MRef, process, Pid, _Reason},
+            State = #state{type = Type, chan_pmon = PMon}) ->
+    ChanPids = [Pid | emqx_misc:drain_down(10000)],  %% XXX: Fixed BATCH_SIZE
+    {Items, PMon1} = emqx_pmon:erase_all(ChanPids, PMon),
+
+    CmTabs = cmtabs(Type),
+    ok = emqx_pool:async_submit(fun do_unregister_channel_task/3, [Items, Type, CmTabs]),
+    {noreply, State#state{chan_pmon = PMon1}};
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+do_unregister_channel_task(Items, Type, CmTabs) ->
+    lists:foreach(
+      fun({ChanPid, ClientId}) ->
+          do_unregister_channel(Type, {ClientId, ChanPid}, CmTabs)
+      end, Items).
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+%%--------------------------------------------------------------------
+
+do_unregister_channel(Type, Chan, {ChanTab, ConnTab, InfoTab}) ->
+    ok = emqx_gateway_cm_registry:unregister_channel(Type, Chan),
+    true = ets:delete(ConnTab, Chan),
+    true = ets:delete(InfoTab, Chan),
+    ets:delete_object(ChanTab, Chan).
diff --git a/apps/emqx_gateway/src/emqx_gateway_cm_registry.erl b/apps/emqx_gateway/src/emqx_gateway_cm_registry.erl
new file mode 100644
index 000000000..4275fdf3e
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_cm_registry.erl
@@ -0,0 +1,141 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% @doc The gateway connection registry
+-module(emqx_gateway_cm_registry).
+
+-behaviour(gen_server).
+
+-logger_header("[PGW-CM-Registy]").
+
+-export([start_link/1]).
+
+%% XXX: needless
+%-export([is_enabled/0]).
+
+-export([ register_channel/2
+        , unregister_channel/2
+        ]).
+
+-export([lookup_channels/2]).
+
+%% gen_server callbacks
+-export([ init/1
+        , handle_call/3
+        , handle_cast/2
+        , handle_info/2
+        , terminate/2
+        , code_change/3
+        ]).
+
+-define(LOCK, {?MODULE, cleanup_down}).
+
+-record(channel, {chid, pid}).
+
+%% @doc Start the global channel registry.
+-spec(start_link(atom()) -> gen_server:startlink_ret()).
+start_link(Type) ->
+    gen_server:start_link(?MODULE, [Type], []).
+
+-spec tabname(atom()) -> atom().
+tabname(Type) ->
+    list_to_atom(lists:concat([emqx_gateway_, Type, '_channel_registry'])).
+
+%%--------------------------------------------------------------------
+%% APIs
+%%--------------------------------------------------------------------
+
+%% @doc Register a global channel.
+-spec register_channel(atom(), binary() | {binary(), pid()}) -> ok.
+register_channel(Type, ClientId) when is_binary(ClientId) ->
+    register_channel(Type, {ClientId, self()});
+
+register_channel(Type, {ClientId, ChanPid}) when is_binary(ClientId), is_pid(ChanPid) ->
+    ekka_mnesia:dirty_write(tabname(Type), record(ClientId, ChanPid)).
+
+%% @doc Unregister a global channel.
+-spec unregister_channel(atom(), binary() | {binary(), pid()}) -> ok.
+unregister_channel(Type, ClientId) when is_binary(ClientId) ->
+    unregister_channel(Type, {ClientId, self()});
+
+unregister_channel(Type, {ClientId, ChanPid}) when is_binary(ClientId), is_pid(ChanPid) ->
+    ekka_mnesia:dirty_delete_object(tabname(Type), record(ClientId, ChanPid)).
+
+%% @doc Lookup the global channels.
+-spec lookup_channels(atom(), binary()) -> list(pid()).
+lookup_channels(Type, ClientId) ->
+    [ChanPid || #channel{pid = ChanPid} <- mnesia:dirty_read(tabname(Type), ClientId)].
+
+record(ClientId, ChanPid) ->
+    #channel{chid = ClientId, pid = ChanPid}.
+
+%%--------------------------------------------------------------------
+%% gen_server callbacks
+%%--------------------------------------------------------------------
+
+init([Type]) ->
+    Tab = tabname(Type),
+    ok = ekka_mnesia:create_table(Tab, [
+                {type, bag},
+                {ram_copies, [node()]},
+                {record_name, channel},
+                {attributes, record_info(fields, channel)},
+                {storage_properties, [{ets, [{read_concurrency, true},
+                                             {write_concurrency, true}]}]}]),
+    ok = ekka_mnesia:copy_table(Tab, ram_copies),
+    %%ok = ekka_rlog:wait_for_shards([?CM_SHARD], infinity),
+    ok = ekka:monitor(membership),
+    {ok, #{type => Type}}.
+
+handle_call(Req, _From, State) ->
+    logger:error("Unexpected call: ~p", [Req]),
+    {reply, ignored, State}.
+
+handle_cast(Msg, State) ->
+    logger:error("Unexpected cast: ~p", [Msg]),
+    {noreply, State}.
+
+handle_info({membership, {mnesia, down, Node}}, State = #{type := Type}) ->
+    Tab = tabname(Type),
+    global:trans({?LOCK, self()},
+                 fun() ->
+                     %% FIXME: The shard name should be fixed later
+                     ekka_mnesia:transaction(?MODULE, fun cleanup_channels/2, [Node, Tab])
+                 end),
+    {noreply, State};
+
+handle_info({membership, _Event}, State) ->
+    {noreply, State};
+
+handle_info(Info, State) ->
+    logger:error("Unexpected info: ~p", [Info]),
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+%%--------------------------------------------------------------------
+%% Internal functions
+%%--------------------------------------------------------------------
+
+cleanup_channels(Node, Tab) ->
+    Pat = [{#channel{pid = '$1', _ = '_'}, [{'==', {node, '$1'}, Node}], ['$_']}],
+    lists:foreach(fun(Chan) ->
+        mnesia:delete_object(Tab, Chan, write)
+    end, mnesia:select(Tab, Pat, write)).
diff --git a/apps/emqx_gateway/src/emqx_gateway_ctx.erl b/apps/emqx_gateway/src/emqx_gateway_ctx.erl
new file mode 100644
index 000000000..5dadf2aca
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_ctx.erl
@@ -0,0 +1,148 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% @doc The gateway instance context
+-module(emqx_gateway_ctx).
+
+-include("include/emqx_gateway.hrl").
+
+-logger_header(["PGW-Ctx"]).
+
+%% @doc The running context for a Connection/Channel process.
+%%
+%% The `Context` encapsulates a complex structure of contextual information.
+%% It is convenient to use it directly in Channel/Connection to read
+%% configuration, register devices and other common operations.
+%%
+-type context() ::
+        #{ %% Gateway Instance ID
+           instid := instance_id()
+           %% Gateway ID
+         , type   := gateway_type()
+           %% Autenticator
+         , auth   := allow_anonymous | emqx_authentication:chain_id()
+           %% The ConnectionManager PID
+         , cm     := pid()
+         }.
+
+%% Authentication circle
+-export([ authenticate/2
+        , open_session/5
+        , insert_channel_info/4
+        , set_chan_info/3
+        , set_chan_stats/3
+        , connection_closed/2
+        ]).
+
+%% Message circle
+-export([ authorize/4
+        % Needless for pub/sub
+        %, publish/3
+        %, subscribe/4
+        ]).
+
+%% Metrics & Stats
+-export([ metrics_inc/2
+        , metrics_inc/3
+        ]).
+
+%%--------------------------------------------------------------------
+%% Authentication circle
+
+%% @doc Authenticate whether the client has access to the Broker.
+-spec authenticate(context(), emqx_types:clientinfo())
+    -> {ok, emqx_types:clientinfo()}
+     | {error, any()}.
+authenticate(_Ctx = #{auth := allow_anonymous}, ClientInfo) ->
+    {ok, ClientInfo#{anonymous => true}};
+authenticate(_Ctx = #{auth := ChainId}, ClientInfo0) ->
+    ClientInfo = ClientInfo0#{
+                   zone => undefined,
+                   chain_id => ChainId
+                  },
+    case emqx_access_control:authenticate(ClientInfo) of
+        {ok, AuthResult} ->
+            {ok, mountpoint(maps:merge(ClientInfo, AuthResult))};
+        {error, Reason} ->
+            {error, Reason}
+    end.
+
+%% @doc Register the session to the cluster.
+%%
+%%  This function should be called after the client has authenticated
+%%  successfully so that the client can be managed in the cluster.
+-spec open_session(context(), boolean(), emqx_types:clientinfo(),
+                   emqx_types:conninfo(), function())
+    -> {ok, #{session := any(),
+              present := boolean(),
+              pendings => list()
+             }}
+     | {error, any()}.
+open_session(Ctx, false, ClientInfo, ConnInfo, CreateSessionFun) ->
+    logger:warning("clean_start=false is not supported now, "
+                   "fallback to clean_start mode"),
+    open_session(Ctx, true, ClientInfo, ConnInfo, CreateSessionFun);
+
+open_session(_Ctx = #{type := Type},
+             CleanStart, ClientInfo, ConnInfo, CreateSessionFun) ->
+    emqx_gateway_cm:open_session(Type, CleanStart,
+                                 ClientInfo, ConnInfo, CreateSessionFun).
+
+-spec insert_channel_info(context(),
+                          emqx_types:clientid(),
+                          emqx_types:infos(),
+                          emqx_types:stats()) -> ok.
+insert_channel_info(_Ctx = #{type := Type}, ClientId, Infos, Stats) ->
+    emqx_gateway_cm:insert_channel_info(Type, ClientId, Infos, Stats).
+
+%% @doc Set the Channel Info to the ConnectionManager for this client
+-spec set_chan_info(context(),
+                    emqx_types:clientid(),
+                    emqx_types:infos()) -> boolean().
+set_chan_info(_Ctx = #{type := Type}, ClientId, Infos) ->
+    emqx_gateway_cm:set_chan_info(Type, ClientId, Infos).
+
+-spec set_chan_stats(context(),
+                     emqx_types:clientid(),
+                     emqx_types:stats()) -> boolean().
+set_chan_stats(_Ctx = #{type := Type}, ClientId, Stats) ->
+    emqx_gateway_cm:set_chan_stats(Type, ClientId, Stats).
+
+-spec connection_closed(context(), emqx_types:clientid()) -> boolean().
+connection_closed(_Ctx = #{type := Type}, ClientId) ->
+    emqx_gateway_cm:connection_closed(Type, ClientId).
+
+-spec authorize(context(), emqx_types:clientinfo(),
+                emqx_types:pubsub(), emqx_types:topic())
+    -> allow | deny.
+authorize(_Ctx, ClientInfo, PubSub, Topic) ->
+    emqx_access_control:authorize(ClientInfo, PubSub, Topic).
+
+metrics_inc(_Ctx = #{type := Type}, Name) ->
+    emqx_gateway_metrics:inc(Type, Name).
+
+metrics_inc(_Ctx = #{type := Type}, Name, Oct) ->
+    emqx_gateway_metrics:inc(Type, Name, Oct).
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+%%--------------------------------------------------------------------
+
+mountpoint(ClientInfo = #{mountpoint := undefined}) ->
+    ClientInfo;
+mountpoint(ClientInfo = #{mountpoint := MountPoint}) ->
+    MountPoint1 = emqx_mountpoint:replvar(MountPoint, ClientInfo),
+    ClientInfo#{mountpoint := MountPoint1}.
diff --git a/apps/emqx_gateway/src/emqx_gateway_gw_sup.erl b/apps/emqx_gateway/src/emqx_gateway_gw_sup.erl
new file mode 100644
index 000000000..21ad30c0d
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_gw_sup.erl
@@ -0,0 +1,135 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% @doc The Gateway Top supervisor.
+-module(emqx_gateway_gw_sup).
+
+-behaviour(supervisor).
+
+-include("include/emqx_gateway.hrl").
+
+-export([start_link/1]).
+
+-export([ create_insta/3
+        , remove_insta/2
+        , update_insta/2
+        , start_insta/2
+        , stop_insta/2
+        , list_insta/1
+        ]).
+
+%% Supervisor callbacks
+-export([init/1]).
+
+%%--------------------------------------------------------------------
+%% APIs
+%%--------------------------------------------------------------------
+
+start_link(Type) ->
+    supervisor:start_link({local, Type}, ?MODULE, [Type]).
+
+-spec create_insta(pid(), instance(), map()) -> {ok, GwInstaPid :: pid()} | {error, any()}.
+create_insta(Sup, Insta = #{id := InstaId}, GwDscrptr) ->
+    case emqx_gateway_utils:find_sup_child(Sup, InstaId) of
+        {ok, _GwInstaPid} -> {error, alredy_existed};
+        false ->
+            %% XXX: More instances options to it?
+            %%
+            Ctx = ctx(Sup, InstaId),
+            %%
+            ChildSpec = emqx_gateway_utils:childspec(
+                          InstaId,
+                          worker,
+                          emqx_gateway_insta_sup,
+                          [Insta, Ctx, GwDscrptr]
+                         ),
+            emqx_gateway_utils:supervisor_ret(
+              supervisor:start_child(Sup, ChildSpec)
+             )
+    end.
+
+-spec remove_insta(pid(), InstaId :: atom()) -> ok | {error, any()}.
+remove_insta(Sup, InstaId) ->
+    case emqx_gateway_utils:find_sup_child(Sup, InstaId) of
+        false -> ok;
+        {ok, _GwInstaPid} ->
+            ok = supervisor:terminate_child(Sup, InstaId),
+            ok = supervisor:delete_child(Sup, InstaId)
+    end.
+
+-spec update_insta(pid(), NewInsta :: instance()) -> ok | {error, any()}.
+update_insta(Sup, NewInsta = #{id := InstaId}) ->
+    case emqx_gateway_utils:find_sup_child(Sup, InstaId) of
+        false -> {error, not_found};
+        {ok, GwInstaPid} ->
+            emqx_gateway_insta_sup:update(GwInstaPid, NewInsta)
+    end.
+
+-spec start_insta(pid(), atom()) -> ok | {error, any()}.
+start_insta(Sup, InstaId) ->
+    case emqx_gateway_utils:find_sup_child(Sup, InstaId) of
+        false -> {error, not_found};
+        {ok, GwInstaPid} ->
+            emqx_gateway_insta_sup:enable(GwInstaPid)
+    end.
+
+-spec stop_insta(pid(), atom()) -> ok | {error, any()}.
+stop_insta(Sup, InstaId) ->
+    case emqx_gateway_utils:find_sup_child(Sup, InstaId) of
+        false -> {error, not_found};
+        {ok, GwInstaPid} ->
+            emqx_gateway_insta_sup:disable(GwInstaPid)
+    end.
+
+-spec list_insta(pid()) -> [instance()].
+list_insta(Sup) ->
+    lists:filtermap(
+      fun({InstaId, GwInstaPid, _Type, _Mods}) ->
+        is_gateway_insta_id(InstaId)
+          andalso {true, emqx_gateway_insta_sup:info(GwInstaPid)}
+      end, supervisor:which_children(Sup)).
+
+%% Supervisor callback
+
+%% @doc Initialize Top Supervisor for a Protocol
+init([Type]) ->
+    SupFlags = #{ strategy => one_for_one
+                , intensity => 10
+                , period => 60
+                },
+    CmOpts = [{type, Type}],
+    CM = emqx_gateway_utils:childspec(worker, emqx_gateway_cm, [CmOpts]),
+    Metrics = emqx_gateway_utils:childspec(worker, emqx_gateway_metrics, [Type]),
+    {ok, {SupFlags, [CM, Metrics]}}.
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+%%--------------------------------------------------------------------
+
+ctx(Sup, InstaId) ->
+    {_, Type} = erlang:process_info(Sup, registered_name),
+    {ok, CM}  = emqx_gateway_utils:find_sup_child(Sup, emqx_gateway_cm),
+    #{ instid => InstaId
+     , type => Type
+     , cm => CM
+     }.
+
+is_gateway_insta_id(emqx_gateway_cm) ->
+    false;
+is_gateway_insta_id(emqx_gateway_metrics) ->
+    false;
+is_gateway_insta_id(_Id) ->
+    true.
diff --git a/apps/emqx_gateway/src/emqx_gateway_insta_sup.erl b/apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
new file mode 100644
index 000000000..9f21f0e05
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
@@ -0,0 +1,312 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% @doc The gateway instance management
+-module(emqx_gateway_insta_sup).
+
+-behaviour(gen_server).
+
+-include("include/emqx_gateway.hrl").
+
+-logger_header("[PGW-Insta-Sup]").
+
+%% APIs
+-export([ start_link/3
+        , info/1
+        , disable/1
+        , enable/1
+        , update/2
+        ]).
+
+%% gen_server callbacks
+-export([ init/1
+        , handle_call/3
+        , handle_cast/2
+        , handle_info/2
+        , terminate/2
+        , code_change/3
+        ]).
+
+-record(state, {
+          insta  :: instance(),
+          ctx    :: emqx_gateway_ctx:context(),
+          status :: stopped | running,
+          child_pids :: [pid()],
+          insta_state :: emqx_gateway_impl:state() | undefined
+         }).
+
+%%--------------------------------------------------------------------
+%% APIs
+%%--------------------------------------------------------------------
+
+start_link(Insta, Ctx, GwDscrptr) ->
+    gen_server:start_link(
+      {local, ?MODULE},
+      ?MODULE,
+      [Insta, Ctx, GwDscrptr],
+      []
+     ).
+
+-spec info(pid()) -> instance().
+info(Pid) ->
+    gen_server:call(Pid, info).
+
+%% @doc Stop instance
+-spec disable(pid()) -> ok | {error, any()}.
+disable(Pid) ->
+    call(Pid, disable).
+
+%% @doc Start instance
+-spec enable(pid()) -> ok | {error, any()}.
+enable(Pid) ->
+    call(Pid, enable).
+
+%% @doc Update the gateway instance configurations
+-spec update(pid(), instance()) -> ok | {error, any()}.
+update(Pid, NewInsta) ->
+    call(Pid, {update, NewInsta}).
+
+call(Pid, Req) ->
+    gen_server:call(Pid, Req, 5000).
+
+%%--------------------------------------------------------------------
+%% gen_server callbacks
+%%--------------------------------------------------------------------
+
+init([Insta, Ctx0, _GwDscrptr]) ->
+    process_flag(trap_exit, true),
+    #{rawconf := RawConf} = Insta,
+    Ctx   = do_init_context(RawConf, Ctx0),
+    State = #state{
+               insta = Insta,
+               ctx   = Ctx,
+               child_pids = [],
+               status = stopped
+              },
+    case cb_insta_create(State) of
+        {error, _Reason} ->
+            do_deinit_context(Ctx),
+            %% XXX: Return Reason??
+            {stop, create_gateway_instance_failed};
+        {ok, NState} ->
+            {ok, NState}
+    end.
+
+do_init_context(RawConf, Ctx) ->
+    Auth = case maps:get(authenticator, RawConf, allow_anonymous) of
+               allow_anonymous -> allow_anonymous;
+               Funcs when is_list(Funcs) ->
+                   create_authenticator_for_gateway_insta(Funcs)
+           end,
+    Ctx#{auth => Auth}.
+
+do_deinit_context(Ctx) ->
+    cleanup_authenticator_for_gateway_insta(maps:get(auth, Ctx)),
+    ok.
+
+handle_call(info, _From, State = #state{insta = Insta}) ->
+    {reply, Insta, State};
+
+handle_call(disable, _From, State = #state{status = Status}) ->
+    case Status of
+        running ->
+            case cb_insta_destroy(State) of
+                {ok, NState} ->
+                    {reply, ok, NState};
+                {error, Reason} ->
+                    {reply, {error, Reason}, State}
+            end;
+        _ ->
+            {reply, {error, already_stopped}, State}
+    end;
+
+handle_call(enable, _From, State = #state{status = Status}) ->
+    case Status of
+        stopped ->
+            case cb_insta_create(State) of
+                {error, Reason} ->
+                    {reply, {error, Reason}, State};
+                {ok, NState} ->
+                    {reply, ok, NState}
+            end;
+        _ ->
+            {reply, {error, already_started}, State}
+    end;
+
+%% Stopped -> update
+handle_call({update, NewInsta}, _From, State = #state{insta = Insta,
+                                                      status = stopped}) ->
+    case maps:get(id, NewInsta, undefined) == maps:get(id, Insta, undefined) of
+        true ->
+            {reply, ok, State#state{insta = NewInsta}};
+        false ->
+            {reply, {error, bad_instan_id}, State}
+    end;
+
+%% Running -> update
+handle_call({update, NewInsta}, _From, State = #state{insta = Insta,
+                                                      status = running}) ->
+    case maps:get(id, NewInsta, undefined) == maps:get(id, Insta, undefined) of
+        true ->
+            case cb_insta_update(NewInsta, State) of
+                {ok, NState} ->
+                    {reply, ok, NState};
+                {error, Reason} ->
+                    {reply, {error, Reason}, State}
+            end;
+        false ->
+            {reply, {error, bad_instan_id}, State}
+    end;
+
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info({'EXIT', Pid, Reason}, State = #state{child_pids = Pids}) ->
+    case lists:member(Pid, Pids) of
+        true ->
+            logger:error("Child process ~p exited: ~0p.", [Pid, Reason]),
+            case Pids -- [Pid]of
+                [] ->
+                    logger:error("All child process exited!"),
+                    {noreply, State#state{status = stopped,
+                                          child_pids = [],
+                                          insta_state = undefined}};
+                RemainPids ->
+                    {noreply, State#state{child_pids = RemainPids}}
+            end;
+        _ ->
+            logger:error("Unknown process exited ~p:~0p", [Pid, Reason]),
+            {noreply, State}
+    end;
+
+handle_info(Info, State) ->
+    logger:warning("Unexcepted info: ~p", [Info]),
+    {noreply, State}.
+
+terminate(_Reason, State = #state{ctx = Ctx, child_pids = Pids}) ->
+    %% Cleanup instances
+    %% Step1. Destory instance
+    Pids /= [] andalso (_ = cb_insta_destroy(State)),
+    %% Step2. Delete authenticator resources
+    _ = do_deinit_context(Ctx),
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+%%--------------------------------------------------------------------
+
+create_authenticator_for_gateway_insta(_Funcs) ->
+    todo.
+
+cleanup_authenticator_for_gateway_insta(allow_anonymouse) ->
+    ok;
+cleanup_authenticator_for_gateway_insta(_ChainId) ->
+    todo.
+
+cb_insta_destroy(State = #state{insta = Insta = #{type := Type},
+                                insta_state = InstaState}) ->
+    try
+        #{cbkmod := CbMod,
+          state := GwState} = emqx_gateway_registry:lookup(Type),
+        CbMod:on_insta_destroy(Insta, InstaState, GwState),
+        {ok, State#state{child_pids = [],
+                         insta_state = undefined,
+                         status = stopped}}
+    catch
+        Class : Reason : Stk ->
+            logger:error("Destroy instance (~0p, ~0p, _) crashed: "
+                         "{~p, ~p}, stacktrace: ~0p",
+                         [Insta, InstaState,
+                          Class, Reason, Stk]),
+            {error, {Class, Reason, Stk}}
+    end.
+
+cb_insta_create(State = #state{insta = Insta = #{type := Type},
+                               ctx   = Ctx}) ->
+    try
+        #{cbkmod := CbMod,
+          state := GwState} = emqx_gateway_registry:lookup(Type),
+        case CbMod:on_insta_create(Insta, Ctx, GwState) of
+            {error, Reason} -> throw({callback_return_error, Reason});
+            {ok, InstaPidOrSpecs, InstaState} ->
+                ChildPids = start_child_process(InstaPidOrSpecs),
+                {ok, State#state{
+                       status = running,
+                       child_pids = ChildPids,
+                       insta_state = InstaState
+                      }}
+        end
+    catch
+        Class : Reason1 : Stk ->
+            logger:error("Create instance (~0p, ~0p, _) crashed: "
+                         "{~p, ~p}, stacktrace: ~0p",
+                         [Insta, Ctx,
+                          Class, Reason1, Stk]),
+            {error, {Class, Reason1, Stk}}
+    end.
+
+cb_insta_update(NewInsta,
+                State = #state{insta = Insta = #{type := Type},
+                               ctx   = Ctx,
+                               insta_state = GwInstaState}) ->
+    try
+        #{cbkmod := CbMod,
+          state := GwState} = emqx_gateway_registry:lookup(Type),
+        case CbMod:on_insta_update(NewInsta, Insta, GwInstaState, GwState) of
+            {error, Reason} -> throw({callback_return_error, Reason});
+            {ok, InstaPidOrSpecs, InstaState} ->
+                %% XXX: Hot-upgrade ???
+                ChildPids = start_child_process(InstaPidOrSpecs),
+                {ok, State#state{
+                       status = running,
+                       child_pids = ChildPids,
+                       insta_state = InstaState
+                      }}
+        end
+    catch
+        Class : Reason1 : Stk ->
+            logger:error("Update instance (~0p, ~0p, ~0p, _) crashed: "
+                         "{~p, ~p}, stacktrace: ~0p",
+                         [NewInsta, Insta, Ctx,
+                          Class, Reason1, Stk]),
+            {error, {Class, Reason1, Stk}}
+    end.
+
+start_child_process([Indictor|_] = InstaPidOrSpecs) ->
+    case erlang:is_pid(Indictor) of
+        true ->
+            InstaPidOrSpecs;
+        _ ->
+            do_start_child_process(InstaPidOrSpecs)
+    end.
+
+do_start_child_process(ChildSpecs) when is_list(ChildSpecs) ->
+    lists:map(fun do_start_child_process/1, ChildSpecs);
+
+do_start_child_process(_ChildSpec = #{start := {M, F, A}}) ->
+    case erlang:apply(M, F, A) of
+        {ok, Pid} ->
+            Pid;
+        {error, Reason} ->
+            throw({start_child_process, Reason})
+    end.
diff --git a/apps/emqx_gateway/src/emqx_gateway_metrics.erl b/apps/emqx_gateway/src/emqx_gateway_metrics.erl
new file mode 100644
index 000000000..04b711d0a
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_metrics.erl
@@ -0,0 +1,101 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_gateway_metrics).
+
+-behaviour(gen_server).
+
+-include("include/emqx_gateway.hrl").
+
+-logger_header("[PGW-Metrics]").
+
+%% APIs
+-export([start_link/1]).
+
+-export([ inc/2
+        , inc/3
+        , dec/2
+        , dec/3
+        ]).
+
+%% gen_server callbacks
+-export([ init/1
+        , handle_call/3
+        , handle_cast/2
+        , handle_info/2
+        , terminate/2
+        , code_change/3
+        ]).
+
+-export([tabname/1]).
+
+-record(state, {}).
+
+%%--------------------------------------------------------------------
+%% APIs
+%%--------------------------------------------------------------------
+
+start_link(Type) ->
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [Type], []).
+
+-spec inc(gateway_type(), atom()) -> ok.
+inc(Type, Name) ->
+    inc(Type, Name, 1).
+
+-spec inc(gateway_type(), atom(), integer()) -> ok.
+inc(Type, Name, Oct) ->
+    ets:update_counter(tabname(Type), Name, {2, Oct}, {Name, 0}),
+    ok.
+
+-spec dec(gateway_type(), atom()) -> ok.
+dec(Type, Name) ->
+    inc(Type, Name, -1).
+
+-spec dec(gateway_type(), atom(), non_neg_integer()) -> ok.
+dec(Type, Name, Oct) ->
+    inc(Type, Name, -Oct).
+
+tabname(Type) ->
+    list_to_atom(lists:concat([emqx_gateway_, Type, '_metrics'])).
+
+%%--------------------------------------------------------------------
+%% gen_server callbacks
+%%--------------------------------------------------------------------
+
+init([Type]) ->
+    TabOpts = [public, {write_concurrency, true}],
+    ok = emqx_tables:new(tabname(Type), [set|TabOpts]),
+    {ok, #state{}}.
+
+handle_call(_Request, _From, State) ->
+    Reply = ok,
+    {reply, Reply, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+%%--------------------------------------------------------------------
diff --git a/apps/emqx_gateway/src/emqx_gateway_registry.erl b/apps/emqx_gateway/src/emqx_gateway_registry.erl
new file mode 100644
index 000000000..a100636cf
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_registry.erl
@@ -0,0 +1,163 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% @doc The Registry Centre of Gateway Type
+-module(emqx_gateway_registry).
+
+-include("include/emqx_gateway.hrl").
+
+-logger_header("[PGW-Registry]").
+
+-behavior(gen_server).
+
+%% APIs for Impl.
+-export([ load/3
+        , unload/1
+        ]).
+
+-export([ list/0
+        , lookup/1
+        ]).
+
+%% APIs
+-export([start_link/0]).
+
+%% gen_server callbacks
+-export([ init/1
+        , handle_call/3
+        , handle_cast/2
+        , handle_info/2
+        , terminate/2
+        , code_change/3
+        ]).
+
+-record(state, {
+          loaded = #{} :: #{ gateway_type() => descriptor() }
+         }).
+
+%%--------------------------------------------------------------------
+%% APIs
+%%--------------------------------------------------------------------
+
+start_link() ->
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+%%--------------------------------------------------------------------
+%% Mgmt
+%%--------------------------------------------------------------------
+
+-type registry_options() :: [registry_option()].
+
+-type registry_option() :: {cbkmod, atom()}.
+
+-type gateway_options() :: list().
+
+-type descriptor() :: #{ cbkmod := atom()
+                       , rgopts := registry_options()
+                       , gwopts := gateway_options()
+                       , state  => any()
+                       }.
+
+-spec load(gateway_type(), registry_options(), gateway_options()) -> ok | {error, any()}.
+load(Type, RgOpts, GwOpts) ->
+    CbMod = proplists:get_value(cbkmod, RgOpts, Type),
+    Dscrptr = #{ cbkmod => CbMod
+               , rgopts => RgOpts
+               , gwopts => GwOpts
+               },
+    call({load, Type, Dscrptr}).
+
+-spec unload(gateway_type()) -> ok | {error, any()}.
+unload(Type) ->
+    %% TODO: Checking ALL INSTACE HAS STOPPED
+    call({unload, Type}).
+
+%% TODO:
+%unload(Type, Force) ->
+%    call({unload, Type, Froce}).
+
+%% @doc Return all registered protocol gateway implementation
+-spec list() -> [{gateway_type(), descriptor()}].
+list() ->
+    call(all).
+
+-spec lookup(gateway_type()) -> undefined | descriptor().
+lookup(Type) ->
+    call({lookup, Type}).
+
+call(Req) ->
+    gen_server:call(?MODULE, Req, 5000).
+
+%%--------------------------------------------------------------------
+%% gen_server callbacks
+%%--------------------------------------------------------------------
+
+init([]) ->
+    %% TODO: Metrics ???
+    process_flag(trap_exit, true),
+    {ok, #state{loaded = #{}}}.
+
+handle_call({load, Type, Dscrptr}, _From, State = #state{loaded = Gateways}) ->
+    case maps:get(Type, Gateways, notfound) of
+        notfound ->
+            try
+                GwOpts = maps:get(gwopts, Dscrptr),
+                CbMod  = maps:get(cbkmod, Dscrptr),
+                {ok, GwState} = CbMod:init(GwOpts),
+                NDscrptr = maps:put(state, GwState, Dscrptr),
+                NGateways = maps:put(Type, NDscrptr, Gateways),
+                {reply, ok, State#state{loaded = NGateways}}
+            catch
+                Class : Reason : Stk ->
+                    logger:error("Load ~s crashed {~p, ~p}; stacktrace: ~0p",
+                                  [Type, Class, Reason, Stk]),
+                    {reply, {error, {Class, Reason}}, State}
+            end;
+        _ ->
+            {reply, {error, already_existed}, State}
+    end;
+
+handle_call({unload, Type}, _From, State = #state{loaded = Gateways}) ->
+    case maps:get(Type, Gateways, undefined) of
+        undefined ->
+            {reply, ok, State};
+        _ ->
+            emqx_gateway_sup:stop_all_suptree(Type),
+            {reply, ok, State#state{loaded = maps:remove(Type, Gateways)}}
+    end;
+
+handle_call(all, _From, State = #state{loaded = Gateways}) ->
+    {reply, maps:to_list(Gateways), State};
+
+handle_call({lookup, Type}, _From, State = #state{loaded = Gateways}) ->
+    Reply = maps:get(Type, Gateways, undefined),
+    {reply, Reply, State};
+
+handle_call(Req, _From, State) ->
+    logger:error("Unexpected call: ~0p", [Req]),
+    {reply, ok, State}.
+
+handle_cast(_Msg, State) ->
+    {noreply, State}.
+
+handle_info(_Info, State) ->
+    {noreply, State}.
+
+terminate(_Reason, _State) ->
+    ok.
+
+code_change(_OldVsn, State, _Extra) ->
+    {ok, State}.
diff --git a/apps/emqx_gateway/src/emqx_gateway_schema.erl b/apps/emqx_gateway/src/emqx_gateway_schema.erl
new file mode 100644
index 000000000..8f05582c7
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_schema.erl
@@ -0,0 +1,178 @@
+-module(emqx_gateway_schema).
+
+-dialyzer(no_return).
+-dialyzer(no_match).
+-dialyzer(no_contracts).
+-dialyzer(no_unused).
+-dialyzer(no_fail_call).
+
+-include_lib("typerefl/include/types.hrl").
+
+-type flag() :: true | false.
+-type duration() :: integer().
+-type bytesize() :: integer().
+-type comma_separated_list() :: list().
+-type ip_port() :: tuple().
+
+-typerefl_from_string({flag/0, emqx_schema, to_flag}).
+-typerefl_from_string({duration/0, emqx_schema, to_duration}).
+-typerefl_from_string({bytesize/0, emqx_schema, to_bytesize}).
+-typerefl_from_string({comma_separated_list/0, emqx_schema, to_comma_separated_list}).
+-typerefl_from_string({ip_port/0, emqx_schema, to_ip_port}).
+
+-behaviour(hocon_schema).
+
+-reflect_type([ flag/0
+              , duration/0
+              , bytesize/0
+              , comma_separated_list/0
+              , ip_port/0
+              ]).
+
+-export([structs/0 , fields/1]).
+-export([t/1, t/3, t/4, ref/1]).
+
+structs() -> ["emqx_gateway"].
+
+fields("emqx_gateway") ->
+    [{stomp, t(ref(stomp))}];
+
+fields(stomp) ->
+    [{"$id", t(ref(stomp_structs))}];
+
+fields(stomp_structs) ->
+    [ {frame, t(ref(stomp_frame))}
+    , {clientinfo_override, t(ref(clientinfo_override))}
+    , {authenticator, t(union([allow_anonymous]))}
+    , {listener, t(ref(listener))}
+    ];
+
+fields(stomp_frame) ->
+    [ {max_headers, t(integer(), undefined, 10)}
+    , {max_headers_length, t(integer(), undefined, 1024)}
+    , {max_body_length, t(integer(), undefined, 8192)}
+    ];
+
+fields(clientinfo_override) ->
+    [ {username, t(string())}
+    , {password, t(string())}
+    , {clientid, t(string())}
+    ];
+
+fields(listener) ->
+    [ {tcp, t(ref(tcp_listener))}
+    , {ssl, t(ref(ssl_listener))}
+    ];
+
+fields(tcp_listener) ->
+    [ {"$name", t(ref(tcp_listener_settings))}];
+
+fields(ssl_listener) ->
+    [ {"$name", t(ref(ssl_listener_settings))}];
+
+fields(listener_settings) ->
+    %[ {"bind", t(union(ip_port(), integer()))}
+    [ {bind, t(integer())}
+    , {acceptors, t(integer(), undefined, 8)}
+    , {max_connections, t(integer(), undefined, 1024)}
+    , {max_conn_rate, t(integer())}
+    , {active_n, t(integer(), undefined, 100)}
+    %, {zone, t(string())}
+    %, {rate_limit, t(comma_separated_list())}
+    , {access, t(ref(access))}
+    , {proxy_protocol, t(flag())}
+    , {proxy_protocol_timeout, t(duration())}
+    , {backlog, t(integer(), undefined, 1024)}
+    , {send_timeout, t(duration(), undefined, "15s")}
+    , {send_timeout_close, t(flag(), undefined, true)}
+    , {recbuf, t(bytesize())}
+    , {sndbuf, t(bytesize())}
+    , {buffer, t(bytesize())}
+    , {high_watermark, t(bytesize(), undefined, "1MB")}
+    , {tune_buffer, t(flag())}
+    , {nodelay, t(boolean())}
+    , {reuseaddr, t(boolean())}
+    ];
+
+fields(tcp_listener_settings) ->
+    [ 
+      %% some special confs for tcp listener
+    ] ++ fields(listener_settings);
+
+fields(ssl_listener_settings) ->
+    [
+      %% some special confs for ssl listener
+    ] ++
+    ssl(undefined, #{handshake_timeout => "15s"
+                   , depth => 10
+                   , reuse_sessions => true}) ++ fields(listener_settings);
+
+fields(access) ->
+    [ {"$id", #{type => string(),
+                nullable => true}}];
+
+fields(ExtraField) ->
+    Mod = list_to_atom(ExtraField++"_schema"),
+    Mod:fields(ExtraField).
+
+%translations() -> [].
+%
+%translations(_) -> [].
+
+%%--------------------------------------------------------------------
+%% Helpers
+
+%% types
+
+t(Type) -> #{type => Type}.
+
+t(Type, Mapping, Default) ->
+    hoconsc:t(Type, #{mapping => Mapping, default => Default}).
+
+t(Type, Mapping, Default, OverrideEnv) ->
+    hoconsc:t(Type, #{ mapping => Mapping
+                     , default => Default
+                     , override_env => OverrideEnv
+                     }).
+
+ref(Field) ->
+    hoconsc:ref(?MODULE, Field).
+
+%% utils
+
+%% generate a ssl field.
+%% ssl("emqx", #{"verify" => verify_peer}) will return
+%% [ {"cacertfile", t(string(), "emqx.cacertfile", undefined)}
+%% , {"certfile", t(string(), "emqx.certfile", undefined)}
+%% , {"keyfile", t(string(), "emqx.keyfile", undefined)}
+%% , {"verify", t(union(verify_peer, verify_none), "emqx.verify", verify_peer)}
+%% , {"server_name_indication", "emqx.server_name_indication", undefined)}
+%% ...
+ssl(Mapping, Defaults) ->
+    M = fun (Field) ->
+        case (Mapping) of
+            undefined -> undefined;
+            _ -> Mapping ++ "." ++ Field
+        end end,
+    D = fun (Field) -> maps:get(list_to_atom(Field), Defaults, undefined) end,
+    [ {"enable", t(flag(), M("enable"), D("enable"))}
+    , {"cacertfile", t(string(), M("cacertfile"), D("cacertfile"))}
+    , {"certfile", t(string(), M("certfile"), D("certfile"))}
+    , {"keyfile", t(string(), M("keyfile"), D("keyfile"))}
+    , {"verify", t(union(verify_peer, verify_none), M("verify"), D("verify"))}
+    , {"fail_if_no_peer_cert", t(boolean(), M("fail_if_no_peer_cert"), D("fail_if_no_peer_cert"))}
+    , {"secure_renegotiate", t(flag(), M("secure_renegotiate"), D("secure_renegotiate"))}
+    , {"reuse_sessions", t(flag(), M("reuse_sessions"), D("reuse_sessions"))}
+    , {"honor_cipher_order", t(flag(), M("honor_cipher_order"), D("honor_cipher_order"))}
+    , {"handshake_timeout", t(duration(), M("handshake_timeout"), D("handshake_timeout"))}
+    , {"depth", t(integer(), M("depth"), D("depth"))}
+    , {"password", hoconsc:t(string(), #{mapping => M("key_password"),
+                                         default => D("key_password"),
+                                         sensitive => true
+                                        })}
+    , {"dhfile", t(string(), M("dhfile"), D("dhfile"))}
+    , {"server_name_indication", t(union(disable, string()), M("server_name_indication"),
+                                   D("server_name_indication"))}
+    , {"tls_versions", t(comma_separated_list(), M("tls_versions"), D("tls_versions"))}
+    , {"ciphers", t(comma_separated_list(), M("ciphers"), D("ciphers"))}
+    , {"psk_ciphers", t(comma_separated_list(), M("ciphers"), D("ciphers"))}].
diff --git a/apps/emqx_gateway/src/emqx_gateway_sup.erl b/apps/emqx_gateway/src/emqx_gateway_sup.erl
new file mode 100644
index 000000000..d56b27e52
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_sup.erl
@@ -0,0 +1,194 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_gateway_sup).
+
+-behaviour(supervisor).
+
+-include("include/emqx_gateway.hrl").
+
+-export([start_link/0]).
+
+%% Gateway Instance APIs
+-export([ create_gateway_insta/1
+        , remove_gateway_insta/1
+        , lookup_gateway_insta/1
+        , update_gateway_insta/1
+        , start_gateway_insta/1
+        , stop_gateway_insta/1
+        , list_gateway_insta/1
+        , list_gateway_insta/0
+        ]).
+
+%% Gateway APs
+-export([ list_started_gateway/0
+        , stop_all_suptree/1
+        ]).
+
+%% supervisor callbacks
+-export([init/1]).
+
+%%--------------------------------------------------------------------
+%% APIs
+%%--------------------------------------------------------------------
+
+start_link() ->
+    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
+
+-spec create_gateway_insta(instance()) -> {ok, pid()} | {error, any()}.
+create_gateway_insta(Insta = #{type := Type}) ->
+    case emqx_gateway_registry:lookup(Type) of
+        undefined -> {error, {unknown_gateway_id, Type}};
+        GwDscrptr ->
+            {ok, GwSup} = ensure_gateway_suptree_ready(gatewayid(Type)),
+            emqx_gateway_gw_sup:create_insta(GwSup, Insta, GwDscrptr)
+    end.
+
+-spec remove_gateway_insta(instance_id()) -> ok | {error, any()}.
+remove_gateway_insta(InstaId) ->
+    case search_gateway_insta_proc(InstaId) of
+        {ok, {GwSup, _}} ->
+            emqx_gateway_gw_sup:remove_insta(GwSup, InstaId);
+        _ ->
+            ok
+    end.
+
+-spec lookup_gateway_insta(instance_id()) -> instance() | undefined.
+lookup_gateway_insta(InstaId) ->
+    case search_gateway_insta_proc(InstaId) of
+        {ok, {_, GwInstaPid}} ->
+            emqx_gateway_insta_sup:info(GwInstaPid);
+        _ ->
+            undefined
+    end.
+
+-spec update_gateway_insta(instance())
+    -> ok
+     | {error, any()}.
+update_gateway_insta(NewInsta = #{type := Type}) ->
+    case emqx_gateway_utils:find_sup_child(?MODULE, gatewayid(Type)) of
+        {ok, GwSup} ->
+            emqx_gateway_gw_sup:update_insta(GwSup, NewInsta);
+        _ -> {error, not_found}
+    end.
+
+start_gateway_insta(InstaId) ->
+    case search_gateway_insta_proc(InstaId) of
+        {ok, {GwSup, _}} ->
+            emqx_gateway_gw_sup:start_insta(GwSup, InstaId);
+        _ -> {error, not_found}
+    end.
+
+-spec stop_gateway_insta(instance_id()) -> ok | {error, any()}.
+stop_gateway_insta(InstaId) ->
+    case search_gateway_insta_proc(InstaId) of
+        {ok, {GwSup, _}} ->
+            emqx_gateway_gw_sup:stop_insta(GwSup, InstaId);
+        _ -> {error, not_found}
+    end.
+
+-spec list_gateway_insta(gateway_type()) -> {ok, [instance()]} | {error, any()}.
+list_gateway_insta(Type) ->
+    case emqx_gateway_utils:find_sup_child(?MODULE, gatewayid(Type)) of
+        {ok, GwSup} ->
+            {ok, emqx_gateway_gw_sup:list_insta(GwSup)};
+        _ -> {error, not_found}
+    end.
+
+-spec list_gateway_insta() -> [{gateway_type(), instance()}].
+list_gateway_insta() ->
+    lists:map(
+      fun(SupId) ->
+        Instas = emqx_gateway_gw_sup:list_insta(SupId),
+        {SupId, Instas}
+      end, list_started_gateway()).
+
+-spec list_started_gateway() -> [gateway_type()].
+list_started_gateway() ->
+    started_gateway_type().
+
+-spec stop_all_suptree(atom()) -> ok.
+stop_all_suptree(Type) ->
+    case lists:keyfind(Type, 1, supervisor:which_children(?MODULE)) of
+        false -> ok;
+        _ ->
+            _ = supervisor:terminate_child(?MODULE, Type),
+            _ = supervisor:delete_child(?MODULE, Type),
+            ok
+    end.
+
+%% Supervisor callback
+
+init([]) ->
+    SupFlags = #{ strategy => one_for_one
+                , intensity => 10
+                , period => 60
+                },
+    ChildSpecs = [ emqx_gateway_utils:childspec(worker, emqx_gateway_registry)
+                 ],
+    {ok, {SupFlags, ChildSpecs}}.
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+%%--------------------------------------------------------------------
+
+gatewayid(Type) ->
+    list_to_atom(lists:concat([Type])).
+
+ensure_gateway_suptree_ready(Type) ->
+    case lists:keyfind(Type, 1, supervisor:which_children(?MODULE)) of
+        false ->
+            ChildSpec = emqx_gateway_utils:childspec(
+                          Type,
+                          supervisor,
+                          emqx_gateway_gw_sup,
+                          [Type]
+                         ),
+            emqx_gateway_utils:supervisor_ret(
+              supervisor:start_child(?MODULE, ChildSpec)
+             );
+        {_Id, Pid, _Type, _Mods} ->
+            {ok, Pid}
+    end.
+
+search_gateway_insta_proc(InstaId) ->
+    search_gateway_insta_proc(InstaId, started_gateway_pid()).
+
+search_gateway_insta_proc(_InstaId, []) ->
+    {error, not_found};
+search_gateway_insta_proc(InstaId, [SupPid|More]) ->
+    case emqx_gateway_utils:find_sup_child(SupPid, InstaId) of
+        {ok, InstaPid} -> {ok, {SupPid, InstaPid}};
+        _ ->
+            search_gateway_insta_proc(InstaId, More)
+    end.
+
+started_gateway_type() ->
+    lists:filtermap(
+        fun({Id, _, _, _}) ->
+            is_a_gateway_id(Id) andalso {true, Id}
+        end, supervisor:which_children(?MODULE)).
+
+started_gateway_pid() ->
+    lists:filtermap(
+        fun({Id, Pid, _, _}) ->
+            is_a_gateway_id(Id) andalso {true, Pid}
+        end, supervisor:which_children(?MODULE)).
+
+is_a_gateway_id(Id) ->
+    Id /= emqx_gateway_registry.
+
+
diff --git a/apps/emqx_gateway/src/emqx_gateway_utils.erl b/apps/emqx_gateway/src/emqx_gateway_utils.erl
new file mode 100644
index 000000000..184c3ff87
--- /dev/null
+++ b/apps/emqx_gateway/src/emqx_gateway_utils.erl
@@ -0,0 +1,163 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+%% @doc Utils funcs for emqx-gateway
+-module(emqx_gateway_utils).
+
+-export([ childspec/2
+        , childspec/3
+        , childspec/4
+        , supervisor_ret/1
+        , find_sup_child/2
+        ]).
+
+-export([ apply/2
+        ]).
+
+-export([ normalize_rawconf/1
+        ]).
+
+%% Common Envs
+-export([ active_n/1
+        , ratelimit/1
+        , frame_options/1
+        , init_gc_state/1
+        , stats_timer/1
+        , idle_timeout/1
+        , oom_policy/1
+        ]).
+
+-define(ACTIVE_N, 100).
+-define(DEFAULT_IDLE_TIMEOUT, 30000).
+
+-spec childspec(supervisor:worker(), Mod :: atom())
+    -> supervisor:child_spec().
+childspec(Type, Mod) ->
+    childspec(Mod, Type, Mod, []).
+
+-spec childspec(supervisor:worker(), Mod :: atom(), Args :: list())
+    -> supervisor:child_spec().
+childspec(Type, Mod, Args) ->
+    childspec(Mod, Type, Mod, Args).
+
+-spec childspec(atom(), supervisor:worker(), Mod :: atom(), Args :: list())
+    -> supervisor:child_spec().
+childspec(Id, Type, Mod, Args) ->
+    #{ id => Id
+     , start => {Mod, start_link, Args}
+     , type => Type
+     }.
+
+-spec supervisor_ret(supervisor:startchild_ret())
+    -> {ok, pid()}
+     | {error, supervisor:startchild_err()}.
+supervisor_ret({ok, Pid, _Info}) -> {ok, Pid};
+supervisor_ret(Ret) -> Ret.
+
+-spec find_sup_child(Sup :: pid() | atom(), ChildId :: supervisor:child_id())
+    -> false
+     | {ok, pid()}.
+find_sup_child(Sup, ChildId) ->
+    case lists:keyfind(ChildId, 1, supervisor:which_children(Sup)) of
+        false -> false;
+        {_Id, Pid, _Type, _Mods} -> {ok, Pid}
+    end.
+
+apply({M, F, A}, A2) when is_atom(M),
+                          is_atom(M),
+                          is_list(A),
+                          is_list(A2) ->
+    erlang:apply(M, F, A ++ A2);
+apply({F, A}, A2) when is_function(F),
+                       is_list(A),
+                       is_list(A2) ->
+    erlang:apply(F, A ++ A2);
+apply(F, A2) when is_function(F),
+                  is_list(A2) ->
+    erlang:apply(F, A2).
+
+-type listener() :: #{}.
+
+-type rawconf() ::
+        #{ clientinfo_override => #{}
+         , authenticators      := #{}
+         , listeners           => listener()
+         , atom()              => any()
+         }.
+
+-spec normalize_rawconf(rawconf())
+    -> list({ Type :: udp | tcp | ssl | dtls
+            , ListenOn :: esockd:listen_on()
+            , SocketOpts :: esockd:option()
+            , Cfg :: map()
+            }).
+normalize_rawconf(RawConf = #{listener := LisMap}) ->
+    Cfg0 = maps:without([listener], RawConf),
+    lists:append(maps:fold(fun(Type, Liss, AccIn1) ->
+        Listeners =
+            maps:fold(fun(_Name, Confs, AccIn2) ->
+                ListenOn   = maps:get(bind, Confs),
+                SocketOpts = esockd:parse_opt(maps:to_list(Confs)),
+                RemainCfgs = maps:without(
+                               [bind] ++ proplists:get_keys(SocketOpts),
+                               Confs),
+                Cfg = maps:merge(Cfg0, RemainCfgs),
+                [{Type, ListenOn, SocketOpts, Cfg}|AccIn2]
+            end, [], Liss),
+            [Listeners|AccIn1]
+    end, [], LisMap)).
+
+%%--------------------------------------------------------------------
+%% Envs
+
+active_n(Options) ->
+    maps:get(
+      active_n,
+      maps:get(listener, Options, #{active_n => ?ACTIVE_N}),
+      ?ACTIVE_N
+     ).
+
+-spec idle_timeout(map()) -> pos_integer().
+idle_timeout(Options) ->
+    maps:get(idle_timeout, Options, ?DEFAULT_IDLE_TIMEOUT).
+
+-spec ratelimit(map()) -> esockd_rate_limit:config() | undefined.
+ratelimit(Options) ->
+    maps:get(ratelimit, Options, undefined).
+
+-spec frame_options(map()) -> map().
+frame_options(Options) ->
+    maps:get(frame, Options, #{}).
+
+-spec init_gc_state(map()) -> emqx_gc:gc_state() | undefined.
+init_gc_state(Options) ->
+    emqx_misc:maybe_apply(fun emqx_gc:init/1, force_gc_policy(Options)).
+
+-spec force_gc_policy(map()) -> emqx_gc:opts() | undefined.
+force_gc_policy(Options) ->
+    maps:get(force_gc_policy, Options, undefined).
+
+-spec oom_policy(map()) -> emqx_types:oom_policy().
+oom_policy(Options) ->
+    maps:get(force_shutdown_policy, Options).
+
+-spec stats_timer(map()) -> undefined | disabled.
+stats_timer(Options) ->
+    case enable_stats(Options) of true -> undefined; false -> disabled end.
+
+-spec enable_stats(map()) -> boolean().
+enable_stats(Options) ->
+    maps:get(enable_stats, Options, true).
diff --git a/apps/emqx_stomp/README.md b/apps/emqx_gateway/src/stomp/README.md
similarity index 90%
rename from apps/emqx_stomp/README.md
rename to apps/emqx_gateway/src/stomp/README.md
index ec841b1e6..c5736a755 100644
--- a/apps/emqx_stomp/README.md
+++ b/apps/emqx_gateway/src/stomp/README.md
@@ -1,13 +1,12 @@
 
-emqx-stomp
-==========
+# emqx-stomp
+
 
 The plugin adds STOMP 1.0/1.1/1.2 protocol supports to the EMQ X broker.
 
 The STOMP clients could PubSub to the MQTT clients.
 
-Configuration
--------------
+## Configuration
 
 etc/emqx_stomp.conf
 
@@ -58,20 +57,17 @@ stomp.frame.max_header_length = 1024
 stomp.frame.max_body_length = 8192
 ```
 
-Load the Plugin
----------------
+## Load the Plugin
 
 ```
 ./bin/emqx_ctl plugins load emqx_stomp
 ```
 
-License
--------
+## License
 
 Apache License Version 2.0
 
-Author
-------
+## Author
 
 EMQ X Team.
 
diff --git a/apps/emqx_gateway/src/stomp/emqx_stomp_channel.erl b/apps/emqx_gateway/src/stomp/emqx_stomp_channel.erl
new file mode 100644
index 000000000..322baa120
--- /dev/null
+++ b/apps/emqx_gateway/src/stomp/emqx_stomp_channel.erl
@@ -0,0 +1,978 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_stomp_channel).
+
+-include("src/stomp/include/emqx_stomp.hrl").
+-include_lib("emqx/include/emqx.hrl").
+-include_lib("emqx/include/logger.hrl").
+
+-logger_header("[Stomp-Proto]").
+
+-import(proplists, [get_value/2, get_value/3]).
+
+%% API
+-export([ info/1
+        , info/2
+        , stats/1
+        ]).
+
+-export([ init/2
+        , handle_in/2
+        , handle_out/3
+        , handle_deliver/2
+        , handle_timeout/3
+        , terminate/2
+        , set_conn_state/2
+        ]).
+
+-export([ handle_call/2
+        , handle_info/2
+        ]).
+
+%% for trans callback
+-export([ handle_recv_send_frame/2
+        , handle_recv_ack_frame/2
+        , handle_recv_nack_frame/2
+        ]).
+
+-record(channel, {
+          %% Context
+          ctx           :: emqx_gateway_ctx:context(),
+          %% Stomp Connection Info
+          conninfo      :: emqx_types:conninfo(),
+          %% Stomp Client Info
+          clientinfo    :: emqx_types:clientinfo(),
+          %% ClientInfo override specs
+          clientinfo_override :: map(),
+          %% Connection Channel
+          conn_state    :: conn_state(),
+          %% Heartbeat
+          heartbeat     :: emqx_stomp_heartbeat:heartbeat(),
+          %% Subscriptions
+          subscriptions = [],
+          %% Timer
+          timers :: #{atom() => disable | undefined | reference()},
+          %% Transaction
+          transaction :: #{binary() => list()}
+         }).
+
+-type(channel() :: #channel{}).
+
+-type(conn_state() :: idle | connecting | connected | disconnected).
+
+-type(reply() :: {outgoing, stomp_frame()}
+               | {outgoing, [stomp_frame()]}
+               | {event, conn_state()|updated}
+               | {close, Reason :: atom()}).
+
+-type(replies() :: emqx_stomp_frame:packet() | reply() | [reply()]).
+
+-define(TIMER_TABLE, #{
+          incoming_timer => incoming,
+          outgoing_timer => outgoing,
+          clean_trans_timer => clean_trans
+        }).
+
+-define(TRANS_TIMEOUT, 60000).
+
+-define(DEFAULT_OVERRIDE,
+        #{ clientid => <<"">>  %% Generate clientid by default
+         , username => <<"${Packet.headers.login}">>
+         , password => <<"${Packet.headers.passcode}">>
+         }).
+
+-define(INFO_KEYS, [conninfo, conn_state, clientinfo, session, will_msg]).
+
+-dialyzer({nowarn_function, [init/2,enrich_conninfo/2,ensure_connected/1,
+                             process_connect/1,handle_in/2,handle_info/2,
+                             ensure_disconnected/2,reverse_heartbeats/1,
+                             negotiate_version/2]}).
+
+%%--------------------------------------------------------------------
+%% Init the channel
+%%--------------------------------------------------------------------
+
+%% @doc Init protocol
+init(ConnInfo = #{peername := {PeerHost, _},
+                  sockname := {_, SockPort}}, Option) ->
+    Peercert = maps:get(peercert, ConnInfo, undefined),
+    Mountpoint = maps:get(mountpoint, Option, undefined),
+    ClientInfo = setting_peercert_infos(
+                   Peercert,
+                   #{ zone => undefined
+                    , protocol => stomp
+                    , peerhost => PeerHost
+                    , sockport => SockPort
+                    , clientid => undefined
+                    , username => undefined
+                    , is_bridge => false
+                    , is_superuser => false
+                    , mountpoint => Mountpoint
+                    }
+                  ),
+
+    Ctx = maps:get(ctx, Option),
+    Override = maps:merge(?DEFAULT_OVERRIDE,
+                          maps:get(clientinfo_override, Option, #{})
+                         ),
+	#channel{ ctx = Ctx
+            , conninfo = ConnInfo
+            , clientinfo = ClientInfo
+            , clientinfo_override = Override
+            , timers = #{}
+            , transaction = #{}
+            }.
+
+setting_peercert_infos(NoSSL, ClientInfo)
+  when NoSSL =:= nossl;
+       NoSSL =:= undefined ->
+    ClientInfo;
+setting_peercert_infos(Peercert, ClientInfo) ->
+    {DN, CN} = {esockd_peercert:subject(Peercert),
+                esockd_peercert:common_name(Peercert)},
+    ClientInfo#{dn => DN, cn => CN}.
+
+-spec info(channel()) -> emqx_types:infos().
+info(Channel) ->
+    maps:from_list(info(?INFO_KEYS, Channel)).
+
+-spec(info(list(atom())|atom(), channel()) -> term()).
+info(Keys, Channel) when is_list(Keys) ->
+    [{Key, info(Key, Channel)} || Key <- Keys];
+
+info(conninfo, #channel{conninfo = ConnInfo}) ->
+    ConnInfo;
+info(conn_state, #channel{conn_state = ConnState}) ->
+    ConnState;
+info(clientinfo, #channel{clientinfo = ClientInfo}) ->
+    ClientInfo;
+info(session, _) ->
+    #{};
+info(will_msg, _) ->
+    undefined;
+info(clientid, #channel{clientinfo = #{clientid := ClientId}}) ->
+    ClientId;
+info(ctx, #channel{ctx = Ctx}) ->
+    Ctx.
+
+stats(_Channel) ->
+    [].
+
+set_conn_state(ConnState, Channel) ->
+    Channel#channel{conn_state = ConnState}.
+
+enrich_conninfo(_Packet,
+                Channel = #channel{conninfo = ConnInfo}) ->
+    %% XXX: How enrich more infos?
+    NConnInfo = ConnInfo#{ proto_name => <<"STOMP">>
+                         , proto_ver => undefined
+                         , clean_start => true
+                         , keepalive => 0
+                         , expiry_interval => 0
+                         },
+    {ok, Channel#channel{conninfo = NConnInfo}}.
+
+run_conn_hooks(Packet, Channel = #channel{ctx = Ctx,
+                                          conninfo = ConnInfo}) ->
+    %% XXX: Assign headers of Packet to ConnProps
+    ConnProps = #{},
+    case run_hooks(Ctx, 'client.connect', [ConnInfo], ConnProps) of
+        Error = {error, _Reason} -> Error;
+        _NConnProps ->
+            {ok, Packet, Channel}
+    end.
+
+negotiate_version(#stomp_frame{headers = Headers},
+                  Channel = #channel{conninfo = ConnInfo}) ->
+    %% XXX:
+    case do_negotiate_version(header(<<"accept-version">>, Headers)) of
+        {ok, Version} ->
+            {ok, Channel#channel{conninfo = ConnInfo#{proto_ver => Version}}};
+        {error, Reason}->
+            {error, Reason}
+    end.
+
+enrich_clientinfo(Packet,
+                  Channel = #channel{
+                               conninfo = ConnInfo,
+                               clientinfo = ClientInfo0,
+                               clientinfo_override = Override}) ->
+    ClientInfo = write_clientinfo(
+                   feedvar(Override, Packet, ConnInfo, ClientInfo0),
+                   ClientInfo0
+                  ),
+    {ok, NPacket, NClientInfo} = emqx_misc:pipeline(
+                                   [ fun maybe_assign_clientid/2
+                                   , fun parse_heartbeat/2
+                                   %% FIXME: CALL After authentication successfully
+                                   , fun fix_mountpoint/2
+                                   ], Packet, ClientInfo
+                                  ),
+    {ok, NPacket, Channel#channel{clientinfo = NClientInfo}}.
+
+feedvar(Override, Packet, ConnInfo, ClientInfo) ->
+    Envs = #{ 'ConnInfo' => ConnInfo
+            , 'ClientInfo' => ClientInfo
+            , 'Packet' => connect_packet_to_map(Packet)
+            },
+    maps:map(fun(_K, V) ->
+        Tokens = emqx_rule_utils:preproc_tmpl(V),
+        emqx_rule_utils:proc_tmpl(Tokens, Envs)
+    end, Override).
+
+connect_packet_to_map(#stomp_frame{headers = Headers}) ->
+    #{headers => maps:from_list(Headers)}.
+
+write_clientinfo(Override, ClientInfo) ->
+    Override1 = maps:with([username, password, clientid], Override),
+    maps:merge(ClientInfo, Override1).
+
+maybe_assign_clientid(_Packet, ClientInfo = #{clientid := ClientId})
+    when ClientId == undefined;
+         ClientId == <<>> ->
+    {ok, ClientInfo#{clientid => emqx_guid:to_base62(emqx_guid:gen())}};
+
+maybe_assign_clientid(_Packet, ClientInfo) ->
+    {ok, ClientInfo}.
+
+parse_heartbeat(#stomp_frame{headers = Headers}, ClientInfo) ->
+    Heartbeat0 = header(<<"heart-beat">>, Headers, <<"0,0">>),
+    CxCy = re:split(Heartbeat0, <<",">>, [{return, list}]),
+    Heartbeat = list_to_tuple([list_to_integer(S) || S <- CxCy]),
+    {ok, ClientInfo#{heartbeat => Heartbeat}}.
+
+fix_mountpoint(_Packet, #{mountpoint := undefined}) -> ok;
+fix_mountpoint(_Packet, ClientInfo = #{mountpoint := Mountpoint}) ->
+    %% TODO: Enrich the varibale replacement????
+    %%       i.e: ${ClientInfo.auth_result.productKey}
+    Mountpoint1 = emqx_mountpoint:replvar(Mountpoint, ClientInfo),
+    {ok, ClientInfo#{mountpoint := Mountpoint1}}.
+
+set_log_meta(_Packet, #channel{clientinfo = #{clientid := ClientId}}) ->
+    emqx_logger:set_metadata_clientid(ClientId),
+    ok.
+
+auth_connect(_Packet, Channel = #channel{ctx = Ctx,
+                                         clientinfo = ClientInfo}) ->
+    #{clientid := ClientId,
+      username := Username} = ClientInfo,
+    case emqx_gateway_ctx:authenticate(Ctx, ClientInfo) of
+        {ok, NClientInfo} ->
+            {ok, Channel#channel{clientinfo = NClientInfo}};
+        {error, Reason} ->
+            ?LOG(warning, "Client ~s (Username: '~s') login failed for ~0p",
+                          [ClientId, Username, Reason]),
+            {error, Reason}
+    end.
+
+ensure_connected(Channel = #channel{
+                              ctx = Ctx,
+                              conninfo = ConnInfo,
+                              clientinfo = ClientInfo}) ->
+    NConnInfo = ConnInfo#{connected_at => erlang:system_time(millisecond)},
+    ok = run_hooks(Ctx, 'client.connected', [ClientInfo, NConnInfo]),
+    Channel#channel{conninfo = NConnInfo,
+                 conn_state = connected
+                }.
+
+process_connect(Channel = #channel{
+                           ctx = Ctx,
+                           conninfo = ConnInfo,
+                           clientinfo = ClientInfo
+                          }) ->
+    SessFun = fun(_,_) -> #{} end,
+    case emqx_gateway_ctx:open_session(
+           Ctx,
+           true,
+           ClientInfo,
+           ConnInfo,
+           SessFun
+          ) of
+        {ok, _Sess} -> %% The stomp protocol doesn't have session
+            #{proto_ver := Version} = ConnInfo,
+            #{heartbeat := Heartbeat} = ClientInfo,
+            Headers = [{<<"version">>, Version},
+                       {<<"heart-beat">>, reverse_heartbeats(Heartbeat)}],
+            handle_out(connected, Headers, Channel);
+        {error, Reason} ->
+            ?LOG(error, "Failed to open session du to ~p", [Reason]),
+            Headers = [{<<"version">>, <<"1.0,1.1,1.2">>},
+                       {<<"content-type">>, <<"text/plain">>}],
+            handle_out(connerr, {Headers, undefined, <<"Not Authenticated">>}, Channel)
+    end.
+
+%%--------------------------------------------------------------------
+%% Handle incoming packet
+%%--------------------------------------------------------------------
+
+-spec handle_in(emqx_types:packet(), channel())
+      -> {ok, channel()}
+       | {ok, replies(), channel()}
+       | {shutdown, Reason :: term(), channel()}
+       | {shutdown, Reason :: term(), replies(), channel()}.
+
+handle_in(Frame = ?PACKET(?CMD_STOMP), Channel) ->
+    handle_in(Frame#stomp_frame{command = <<"CONNECT">>}, Channel);
+
+handle_in(?PACKET(?CMD_CONNECT),
+          Channel = #channel{conn_state = connected}) ->
+    {error, unexpected_connect, Channel};
+
+handle_in(Packet = ?PACKET(?CMD_CONNECT), Channel) ->
+    case emqx_misc:pipeline(
+           [ fun enrich_conninfo/2
+           , fun run_conn_hooks/2
+           , fun negotiate_version/2
+           , fun enrich_clientinfo/2
+           , fun set_log_meta/2
+           %% TODO: How to implement the banned in the gateway instance?
+           %, fun check_banned/2
+           , fun auth_connect/2
+           ], Packet, Channel#channel{conn_state = connecting}) of
+        {ok, _NPacket, NChannel} ->
+            process_connect(ensure_connected(NChannel));
+        {error, ReasonCode, NChannel} ->
+            ErrMsg = io_lib:format("Login Failed: ~s", [ReasonCode]),
+            handle_out(connerr, {[], undefined, ErrMsg}, NChannel)
+    end;
+
+handle_in(Frame = ?PACKET(?CMD_SEND, Headers),
+          Channel = #channel{
+                       ctx = Ctx,
+                       clientinfo = ClientInfo
+                      }) ->
+    Topic = header(<<"destination">>, Headers),
+    case emqx_gateway_ctx:authorize(Ctx, ClientInfo, publish, Topic) of
+        deny ->
+            handle_out(error, {receipt_id(Headers), "ACL Deny"}, Channel);
+        allow ->
+            case header(<<"transaction">>, Headers) of
+                undefined ->
+                    handle_recv_send_frame(Frame, Channel);
+                TxId ->
+                    add_action(TxId, {fun ?MODULE:handle_recv_send_frame/2, [Frame]}, receipt_id(Headers), Channel)
+            end
+    end;
+
+handle_in(?PACKET(?CMD_SUBSCRIBE, Headers),
+          Channel = #channel{
+                       ctx = Ctx,
+                       subscriptions = Subs,
+                       clientinfo = ClientInfo = #{mountpoint := Mountpoint}
+                      }) ->
+    SubId = header(<<"id">>, Headers),
+    Topic = header(<<"destination">>, Headers),
+    Ack   = header(<<"ack">>, Headers, <<"auto">>),
+
+    MountedTopic = emqx_mountpoint:mount(Mountpoint, Topic),
+
+    case lists:keyfind(SubId, 1, Subs) of
+        {SubId, MountedTopic, Ack} ->
+            maybe_outgoing_receipt(receipt_id(Headers), Channel);
+        {SubId, _OtherTopic, _OtherAck} ->
+            %% FIXME:
+            ?LOG(error, "Conflicts with subscribed topics ~s, id: ~s",
+                        [_OtherTopic, SubId]),
+            ErrMsg = "Conflict subscribe id ",
+            handle_out(error, {receipt_id(Headers), ErrMsg}, Channel);
+        false ->
+            case emqx_gateway_ctx:authorize(Ctx, ClientInfo, subscribe, Topic) of
+                deny ->
+                    handle_out(error, {receipt_id(Headers), "ACL Deny"}, Channel);
+                allow ->
+                    _ = emqx_broker:subscribe(MountedTopic),
+                    maybe_outgoing_receipt(
+                      receipt_id(Headers),
+                      Channel#channel{subscriptions = [{SubId, MountedTopic, Ack} | Subs]}
+                     )
+            end
+    end;
+
+handle_in(?PACKET(?CMD_UNSUBSCRIBE, Headers),
+          Channel = #channel{subscriptions = Subs}) ->
+    SubId = header(<<"id">>, Headers),
+    {ok, NChannel} = case lists:keyfind(SubId, 1, Subs) of
+                       {SubId, Topic, _Ack} ->
+                           ok = emqx_broker:unsubscribe(Topic),
+                           {ok, Channel#channel{subscriptions = lists:keydelete(SubId, 1, Subs)}};
+                       false ->
+                           {ok, Channel}
+                   end,
+    handle_out(receipt, receipt_id(Headers), NChannel);
+
+%% XXX: How to ack a frame ???
+handle_in(Frame = ?PACKET(?CMD_ACK, Headers), Channel) ->
+    case header(<<"transaction">>, Headers) of
+        undefined -> handle_recv_ack_frame(Frame, Channel);
+        TxId      -> add_action(TxId, {fun ?MODULE:handle_recv_ack_frame/2, [Frame]}, receipt_id(Headers), Channel)
+    end;
+
+%% NACK
+%% id:12345
+%% transaction:tx1
+%%
+%% ^@
+handle_in(Frame = ?PACKET(?CMD_NACK, Headers), Channel) ->
+    case header(<<"transaction">>, Headers) of
+        undefined -> handle_recv_nack_frame(Frame, Channel);
+        TxId      -> add_action(TxId, {fun ?MODULE:handle_recv_nack_frame/2, [Frame]}, receipt_id(Headers), Channel)
+    end;
+
+%% The transaction header is REQUIRED, and the transaction identifier
+%% will be used for SEND, COMMIT, ABORT, ACK, and NACK frames to bind
+%% them to the named transaction.
+%%
+%% BEGIN
+%% transaction:tx1
+%%
+%% ^@
+handle_in(?PACKET(?CMD_BEGIN, Headers),
+          Channel = #channel{transaction = Trans}) ->
+    TxId = header(<<"transaction">>, Headers),
+    case maps:get(TxId, Trans, undefined) of
+        undefined ->
+            StartedAt = erlang:system_time(millisecond),
+            NChannel = ensure_clean_trans_timer(
+                         Channel#channel{
+                           transaction = Trans#{TxId => {StartedAt, []}}}
+                        ),
+            handle_out(receipt, receipt_id(Headers), NChannel);
+        _ ->
+            ErrMsg = ["Transaction ", TxId, " already started"],
+            handle_out(error, {receipt_id(Headers), ErrMsg}, Channel)
+    end;
+
+%% COMMIT
+%% transaction:tx1
+%%
+%% ^@
+handle_in(?PACKET(?CMD_COMMIT, Headers), Channel) ->
+    with_transaction(Headers, Channel, fun(TxId, Actions) ->
+        Chann0 = remove_trans(TxId, Channel),
+        case trans_pipeline(lists:reverse(Actions), [], Chann0) of
+            {ok, Outgoings, Chann1} ->
+                maybe_outgoing_receipt(receipt_id(Headers), Outgoings, Chann1);
+            {error, Reason} ->
+                %% FIXME: atomic for transaction ??
+                ErrMsg = io_lib:format("Execute transaction ~s falied: ~0p",
+                                       [TxId, Reason]
+                                      ),
+                handle_out(error, {receipt_id(Headers), ErrMsg}, Chann0)
+        end
+    end);
+
+%% ABORT
+%% transaction:tx1
+%%
+%% ^@
+handle_in(?PACKET(?CMD_ABORT, Headers),
+          Channel = #channel{transaction = Trans}) ->
+    with_transaction(Headers, Channel, fun(Id, _Actions) ->
+        NChannel = Channel#channel{transaction = maps:remove(Id, Trans)},
+        handle_out(receipt, receipt_id(Headers), NChannel)
+    end);
+
+handle_in(?PACKET(?CMD_DISCONNECT, Headers), Channel) ->
+    shutdown_with_recepit(normal, receipt_id(Headers), Channel);
+
+handle_in({frame_error, Reason}, Channel = #channel{conn_state = _ConnState}) ->
+    ?LOG(error, "Unexpected frame error: ~p", [Reason]),
+    shutdown(Reason, Channel).
+
+with_transaction(Headers, Channel = #channel{transaction = Trans}, Fun) ->
+    Id = header(<<"transaction">>, Headers),
+    ReceiptId = receipt_id(Headers),
+    case maps:get(Id, Trans, undefined) of
+        {_, Actions} ->
+            Fun(Id, Actions);
+        _ ->
+            ErrMsg =  ["Transaction ", Id, " not found"],
+            handle_out(error, {ReceiptId, ErrMsg}, Channel)
+    end.
+
+remove_trans(Id, Channel = #channel{transaction = Trans}) ->
+    Channel#channel{transaction = maps:remove(Id, Trans)}.
+
+trans_pipeline([], Outgoings, Channel) ->
+    {ok, Outgoings, Channel};
+
+trans_pipeline([{Func, Args}|More], Outgoings, Channel) ->
+    case erlang:apply(Func, Args ++ [Channel]) of
+        {ok, NChannel} ->
+            trans_pipeline(More, Outgoings, NChannel);
+        {ok, Outgoings1, NChannel} ->
+            trans_pipeline(More, Outgoings ++ Outgoings1, NChannel);
+        {error, Reason} ->
+            {error, Reason, Channel}
+    end.
+
+%%--------------------------------------------------------------------
+%% Handle outgoing packet
+%%--------------------------------------------------------------------
+
+-spec(handle_out(atom(), term(), channel())
+      -> {ok, channel()}
+       | {ok, replies(), channel()}
+       | {shutdown, Reason :: term(), channel()}
+       | {shutdown, Reason :: term(), replies(), channel()}).
+
+handle_out(connerr, {Headers, ReceiptId, ErrMsg}, Channel) ->
+    Frame = error_frame(Headers, ReceiptId, ErrMsg),
+    shutdown(ErrMsg, Frame, Channel);
+
+handle_out(error, {ReceiptId, ErrMsg}, Channel) ->
+    Frame = error_frame(ReceiptId, ErrMsg),
+    {ok, Frame, Channel};
+
+handle_out(connected, Headers, Channel = #channel{
+                                            ctx = Ctx,
+                                            conninfo = ConnInfo
+                                           }) ->
+    %% XXX: connection_accepted is not defined by stomp protocol
+    _ = run_hooks(Ctx, 'client.connack', [ConnInfo, connection_accepted, []]),
+    Replies = [{outgoing, connected_frame(Headers)},
+               {event, connected}
+              ],
+    {ok, Replies, ensure_heartbeart_timer(Channel)};
+
+handle_out(receipt, undefined, Channel) ->
+    {ok, Channel};
+handle_out(receipt, ReceiptId, Channel) ->
+    Frame = receipt_frame(ReceiptId),
+    {ok, Frame, Channel}.
+
+%%--------------------------------------------------------------------
+%% Handle call
+%%--------------------------------------------------------------------
+
+-spec(handle_call(Req :: term(), channel())
+      -> {reply, Reply :: term(), channel()}
+       | {shutdown, Reason :: term(), Reply :: term(), channel()}
+       | {shutdown, Reason :: term(), Reply :: term(), emqx_types:packet(), channel()}).
+handle_call(kick, Channel) ->
+    NChannel = ensure_disconnected(kicked, Channel),
+    shutdown_and_reply(kicked, ok, NChannel);
+
+handle_call(discard, Channel) ->
+    shutdown_and_reply(discarded, ok, Channel);
+
+%% XXX: No Session Takeover
+%handle_call({takeover, 'begin'}, Channel = #channel{session = Session}) ->
+%    reply(Session, Channel#channel{takeover = true});
+%
+%handle_call({takeover, 'end'}, Channel = #channel{session  = Session,
+%                                                  pendings = Pendings}) ->
+%    ok = emqx_session:takeover(Session),
+%    %% TODO: Should not drain deliver here (side effect)
+%    Delivers = emqx_misc:drain_deliver(),
+%    AllPendings = lists:append(Delivers, Pendings),
+%    shutdown_and_reply(takeovered, AllPendings, Channel);
+
+handle_call(list_acl_cache, Channel) ->
+    {reply, emqx_acl_cache:list_acl_cache(), Channel};
+
+%% XXX: No Quota Now
+% handle_call({quota, Policy}, Channel) ->
+%     Zone = info(zone, Channel),
+%     Quota = emqx_limiter:init(Zone, Policy),
+%     reply(ok, Channel#channel{quota = Quota});
+
+handle_call(Req, Channel) ->
+    ?LOG(error, "Unexpected call: ~p", [Req]),
+    reply(ignored, Channel).
+
+%%--------------------------------------------------------------------
+%% Handle Info
+%%--------------------------------------------------------------------
+
+-spec(handle_info(Info :: term(), channel())
+      -> ok | {ok, channel()} | {shutdown, Reason :: term(), channel()}).
+
+%% XXX: Received from the emqx-management ???
+%handle_info({subscribe, TopicFilters}, Channel ) ->
+%    {_, NChannel} = lists:foldl(
+%        fun({TopicFilter, SubOpts}, {_, ChannelAcc}) ->
+%            do_subscribe(TopicFilter, SubOpts, ChannelAcc)
+%        end, {[], Channel}, parse_topic_filters(TopicFilters)),
+%    {ok, NChannel};
+%
+%handle_info({unsubscribe, TopicFilters}, Channel) ->
+%    {_RC, NChannel} = process_unsubscribe(TopicFilters, #{}, Channel),
+%    {ok, NChannel};
+
+handle_info({sock_closed, Reason},
+            Channel = #channel{conn_state = idle}) ->
+    shutdown(Reason, Channel);
+
+handle_info({sock_closed, Reason},
+            Channel = #channel{conn_state = connecting}) ->
+    shutdown(Reason, Channel);
+
+handle_info({sock_closed, Reason},
+            Channel = #channel{conn_state = connected,
+                               clientinfo = _ClientInfo}) ->
+    %% XXX: Flapping detect ???
+    %% How to get the flapping detect policy ???
+    %emqx_zone:enable_flapping_detect(Zone)
+    %    andalso emqx_flapping:detect(ClientInfo),
+    NChannel = ensure_disconnected(Reason, Channel),
+    %% XXX: Session keepper detect here
+    shutdown(Reason, NChannel);
+
+handle_info({sock_closed, Reason},
+            Channel = #channel{conn_state = disconnected}) ->
+    ?LOG(error, "Unexpected sock_closed: ~p", [Reason]),
+    {ok, Channel};
+
+handle_info(clean_acl_cache, Channel) ->
+    ok = emqx_acl_cache:empty_acl_cache(),
+    {ok, Channel};
+
+handle_info(Info, Channel) ->
+    ?LOG(error, "Unexpected info: ~p", [Info]),
+    {ok, Channel}.
+
+%%--------------------------------------------------------------------
+%% Ensure disconnected
+
+ensure_disconnected(Reason, Channel = #channel{
+                                         ctx = Ctx,
+                                         conninfo = ConnInfo,
+                                         clientinfo = ClientInfo}) ->
+    NConnInfo = ConnInfo#{disconnected_at => erlang:system_time(millisecond)},
+    ok = run_hooks(Ctx, 'client.disconnected',
+                   [ClientInfo, Reason, NConnInfo]),
+    Channel#channel{conninfo = NConnInfo, conn_state = disconnected}.
+
+%%--------------------------------------------------------------------
+%% Handle Delivers from broker to client
+%%--------------------------------------------------------------------
+
+-spec(handle_deliver(list(emqx_types:deliver()), channel())
+      -> {ok, channel()}
+       | {ok, replies(), channel()}).
+
+handle_deliver(Delivers,
+               Channel = #channel{
+                            ctx = Ctx,
+                            clientinfo = ClientInfo,
+                            subscriptions = Subs
+                           }) ->
+
+    %% TODO: Re-deliver ???
+    %%       Shared-subscription support ???
+
+    Frames0 = lists:foldl(fun({_, _, Message}, Acc) ->
+                Topic0 = emqx_message:topic(Message),
+                case lists:keyfind(Topic0, 2, Subs) of
+                    {Id, Topic, Ack} ->
+                        %% XXX: refactor later
+                        metrics_inc('messages.delivered', Channel),
+                        NMessage = run_hooks_without_metrics(
+                                     Ctx,
+                                     'message.delivered',
+                                     [ClientInfo],
+                                     Message
+                                    ),
+                        Topic = emqx_message:topic(NMessage),
+                        Headers = emqx_message:get_headers(NMessage),
+                        Payload = emqx_message:payload(NMessage),
+                        Headers0 = [{<<"subscription">>, Id},
+                                    {<<"message-id">>, next_msgid()},
+                                    {<<"destination">>, Topic},
+                                    {<<"content-type">>, <<"text/plain">>}],
+                        Headers1 = case Ack of
+                                       _ when Ack =:= <<"client">>;
+                                              Ack =:= <<"client-individual">> ->
+                                           Headers0 ++ [{<<"ack">>, next_ackid()}];
+                                       _ ->
+                                           Headers0
+                                   end,
+                        Frame = #stomp_frame{command = <<"MESSAGE">>,
+                                             headers = Headers1 ++ maps:get(stomp_headers, Headers, []),
+                                             body = Payload
+                                            },
+                        [Frame|Acc];
+                    false ->
+                        ?LOG(error, "Dropped message ~0p due to not found "
+                                    "subscription id for ~s",
+                                    [Message, emqx_message:topic(Message)]),
+                        metrics_inc('delivery.dropped', Channel),
+                        metrics_inc('delivery.dropped.no_subid', Channel),
+                        Acc
+                end
+              end, [], Delivers),
+    {ok, [{outgoing, lists:reverse(Frames0)}], Channel}.
+
+%%--------------------------------------------------------------------
+%% Handle timeout
+%%--------------------------------------------------------------------
+
+-spec(handle_timeout(reference(), Msg :: term(), channel())
+      -> {ok, channel()}
+       | {ok, replies(), channel()}
+       | {shutdown, Reason :: term(), channel()}).
+
+handle_timeout(_TRef, {incoming, NewVal},
+        Channel = #channel{heartbeat = HrtBt}) ->
+    case emqx_stomp_heartbeat:check(incoming, NewVal, HrtBt) of
+        {error, timeout} ->
+            shutdown(heartbeat_timeout, Channel);
+        {ok, NHrtBt} ->
+            {ok, reset_timer(incoming_timer,
+                             Channel#channel{heartbeat = NHrtBt}
+                            )}
+    end;
+
+handle_timeout(_TRef, {outgoing, NewVal},
+               Channel = #channel{heartbeat = HrtBt}) ->
+    case emqx_stomp_heartbeat:check(outgoing, NewVal, HrtBt) of
+        {error, timeout} ->
+            NHrtBt = emqx_stomp_heartbeat:reset(outgoing, NewVal, HrtBt),
+            NChannel = Channel#channel{heartbeat = NHrtBt},
+            {ok, emqx_stomp_frame:make(heartbeat),
+             reset_timer(outgoing_timer, NChannel)};
+        {ok, NHrtBt} ->
+            {ok, reset_timer(outgoing_timer,
+                             Channel#channel{heartbeat = NHrtBt}
+                            )}
+    end;
+
+handle_timeout(_TRef, clean_trans, Channel = #channel{transaction = Trans}) ->
+    Now = erlang:system_time(millisecond),
+    NTrans = maps:filter(fun(_, {StartedAt, _}) ->
+                 StartedAt + ?TRANS_TIMEOUT < Now
+             end, Trans),
+    {ok, ensure_clean_trans_timer(Channel#channel{transaction = NTrans})}.
+
+%%--------------------------------------------------------------------
+%% Terminate
+%%--------------------------------------------------------------------
+
+terminate(_Reason, _Channel) ->
+    ok.
+
+reply(Reply, Channel) ->
+    {reply, Reply, Channel}.
+
+shutdown(Reason, Channel) ->
+    {shutdown, Reason, Channel}.
+
+shutdown_with_recepit(Reason, ReceiptId, Channel) ->
+    case ReceiptId of
+        undefined ->
+            {shutdown, Reason, Channel};
+        _ ->
+            {shutdown, Reason, receipt_frame(ReceiptId), Channel}
+    end.
+
+shutdown(Reason, AckFrame, Channel) ->
+    {shutdown, Reason, AckFrame, Channel}.
+
+shutdown_and_reply(Reason, Reply, Channel) ->
+    {shutdown, Reason, Reply, Channel}.
+
+do_negotiate_version(undefined) ->
+    {ok, <<"1.0">>};
+
+do_negotiate_version(Accepts) ->
+     do_negotiate_version(
+       ?STOMP_VER,
+       lists:reverse(lists:sort(binary:split(Accepts, <<",">>, [global])))
+      ).
+
+do_negotiate_version(Ver, []) ->
+    {error, <<"Supported protocol versions < ", Ver/binary>>};
+do_negotiate_version(Ver, [AcceptVer|_]) when Ver >= AcceptVer ->
+    {ok, AcceptVer};
+do_negotiate_version(Ver, [_|T]) ->
+    do_negotiate_version(Ver, T).
+
+header(Name, Headers) ->
+    get_value(Name, Headers).
+header(Name, Headers, Val) ->
+    get_value(Name, Headers, Val).
+
+connected_frame(Headers) ->
+    emqx_stomp_frame:make(<<"CONNECTED">>, Headers).
+
+receipt_frame(ReceiptId) ->
+    emqx_stomp_frame:make(<<"RECEIPT">>, [{<<"receipt-id">>, ReceiptId}]).
+
+error_frame(ReceiptId, Msg) ->
+    error_frame([{<<"content-type">>, <<"text/plain">>}], ReceiptId, Msg).
+
+error_frame(Headers, undefined, Msg) ->
+    emqx_stomp_frame:make(<<"ERROR">>, Headers, Msg);
+error_frame(Headers, ReceiptId, Msg) ->
+    emqx_stomp_frame:make(<<"ERROR">>, [{<<"receipt-id">>, ReceiptId} | Headers], Msg).
+
+next_msgid() ->
+    MsgId = case get(msgid) of
+                undefined -> 1;
+                I         -> I
+            end,
+    put(msgid, MsgId + 1),
+    MsgId.
+
+next_ackid() ->
+    AckId = case get(ackid) of
+                undefined -> 1;
+                I         -> I
+            end,
+    put(ackid, AckId + 1),
+    AckId.
+
+frame2message(?PACKET(?CMD_SEND, Headers, Body),
+              #channel{
+                 conninfo = #{proto_ver := ProtoVer},
+                 clientinfo = #{
+                    protocol := Protocol,
+                    clientid := ClientId,
+                    username := Username,
+                    peerhost := PeerHost,
+                    mountpoint := Mountpoint
+                 }}) ->
+    Topic = header(<<"destination">>, Headers),
+    Msg = emqx_message:make(ClientId, Topic, Body),
+    StompHeaders = lists:foldl(
+                     fun(Key, Headers0) ->
+                        proplists:delete(Key, Headers0)
+                     end, Headers,
+                     [<<"destination">>,
+                      <<"content-length">>,
+                      <<"content-type">>,
+                      <<"transaction">>,
+                      <<"receipt">>
+                     ]),
+    %% Pass-through of custom headers on the sending side
+    NMsg = emqx_message:set_headers(#{proto_ver => ProtoVer,
+                                      protocol => Protocol,
+                                      username => Username,
+                                      peerhost => PeerHost,
+                                      stomp_headers => StompHeaders
+                                     }, Msg),
+    emqx_mountpoint:mount(Mountpoint, NMsg).
+
+receipt_id(Headers) ->
+    header(<<"receipt">>, Headers).
+
+%%--------------------------------------------------------------------
+%% Trans
+
+add_action(TxId, Action, ReceiptId, Channel = #channel{transaction = Trans}) ->
+    case maps:get(TxId, Trans, undefined) of
+        {_StartedAt, Actions} ->
+            NTrans = Trans#{TxId => {_StartedAt, [Action|Actions]}},
+            {ok, Channel#channel{transaction = NTrans}};
+        _ ->
+            {ok, error_frame(ReceiptId, ["Transaction ", TxId, " not found"]), Channel}
+    end.
+
+%%--------------------------------------------------------------------
+%% Transaction Handle
+
+handle_recv_send_frame(Frame = ?PACKET(?CMD_SEND, Headers), Channel) ->
+    Msg = frame2message(Frame, Channel),
+    _ = emqx_broker:publish(Msg),
+    maybe_outgoing_receipt(receipt_id(Headers), Channel).
+
+handle_recv_ack_frame(?PACKET(?CMD_ACK, Headers), Channel) ->
+    maybe_outgoing_receipt(receipt_id(Headers), Channel).
+
+handle_recv_nack_frame(?PACKET(?CMD_NACK, Headers), Channel) ->
+    maybe_outgoing_receipt(receipt_id(Headers), Channel).
+
+maybe_outgoing_receipt(undefined, Channel) ->
+    {ok, [], Channel};
+maybe_outgoing_receipt(ReceiptId, Channel) ->
+    {ok, [{outgoing, receipt_frame(ReceiptId)}], Channel}.
+
+maybe_outgoing_receipt(undefined, Outgoings, Channel) ->
+    {ok, Outgoings, Channel};
+maybe_outgoing_receipt(ReceiptId, Outgoings, Channel) ->
+    {ok, lists:reverse([receipt_frame(ReceiptId)|Outgoings]), Channel}.
+
+ensure_clean_trans_timer(Channel = #channel{transaction = Trans}) ->
+    case maps:size(Trans) of
+        0 -> Channel;
+        _ -> ensure_timer(clean_trans_timer, Channel)
+    end.
+
+%%--------------------------------------------------------------------
+%% Heartbeat
+
+reverse_heartbeats({Cx, Cy}) ->
+    iolist_to_binary(io_lib:format("~w,~w", [Cy, Cx])).
+
+ensure_heartbeart_timer(Channel = #channel{clientinfo = ClientInfo}) ->
+    Heartbeat = maps:get(heartbeat, ClientInfo),
+    ensure_timer(
+      [incoming_timer, outgoing_timer],
+      Channel#channel{heartbeat = emqx_stomp_heartbeat:init(Heartbeat)}).
+
+%%--------------------------------------------------------------------
+%% Timer
+
+ensure_timer([Name], Channel) ->
+    ensure_timer(Name, Channel);
+ensure_timer([Name | Rest], Channel) ->
+    ensure_timer(Rest, ensure_timer(Name, Channel));
+
+ensure_timer(Name, Channel = #channel{timers = Timers}) ->
+    TRef = maps:get(Name, Timers, undefined),
+    Time = interval(Name, Channel),
+    case TRef == undefined andalso is_integer(Time) andalso Time > 0 of
+        true  -> ensure_timer(Name, Time, Channel);
+        false -> Channel %% Timer disabled or exists
+    end.
+
+ensure_timer(Name, Time, Channel = #channel{timers = Timers}) ->
+    Msg = maps:get(Name, ?TIMER_TABLE),
+    TRef = emqx_misc:start_timer(Time, Msg),
+    Channel#channel{timers = Timers#{Name => TRef}}.
+
+reset_timer(Name, Channel) ->
+    ensure_timer(Name, clean_timer(Name, Channel)).
+
+clean_timer(Name, Channel = #channel{timers = Timers}) ->
+    Channel#channel{timers = maps:remove(Name, Timers)}.
+
+interval(incoming_timer, #channel{heartbeat = HrtBt}) ->
+    emqx_stomp_heartbeat:interval(incoming, HrtBt);
+interval(outgoing_timer, #channel{heartbeat = HrtBt}) ->
+    emqx_stomp_heartbeat:interval(outgoing, HrtBt);
+interval(clean_trans_timer, _) ->
+    ?TRANS_TIMEOUT.
+
+%%--------------------------------------------------------------------
+%% Helper functions
+%%--------------------------------------------------------------------
+
+run_hooks(Ctx, Name, Args) ->
+    emqx_gateway_ctx:metrics_inc(Ctx, Name),
+    emqx_hooks:run(Name, Args).
+
+run_hooks(Ctx, Name, Args, Acc) ->
+    emqx_gateway_ctx:metrics_inc(Ctx, Name),
+    emqx_hooks:run_fold(Name, Args, Acc).
+
+run_hooks_without_metrics(_Ctx, Name, Args, Acc) ->
+    emqx_hooks:run_fold(Name, Args, Acc).
+
+metrics_inc(Name, #channel{ctx = Ctx}) ->
+    emqx_gateway_ctx:metrics_inc(Ctx, Name).
diff --git a/apps/emqx_gateway/src/stomp/emqx_stomp_connection.erl b/apps/emqx_gateway/src/stomp/emqx_stomp_connection.erl
new file mode 100644
index 000000000..a4b87fcd4
--- /dev/null
+++ b/apps/emqx_gateway/src/stomp/emqx_stomp_connection.erl
@@ -0,0 +1,908 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_stomp_connection).
+
+-include("src/stomp/include/emqx_stomp.hrl").
+-include_lib("emqx/include/logger.hrl").
+-include_lib("snabbkaffe/include/snabbkaffe.hrl").
+
+-logger_header("[Stomp-Conn]").
+
+%% API
+-export([ start_link/3
+        , stop/1
+        ]).
+
+-export([ info/1
+        , stats/1
+        ]).
+
+-export([ async_set_keepalive/3
+        , async_set_keepalive/4
+        , async_set_socket_options/2
+        ]).
+
+-export([ call/2
+        , call/3
+        , cast/2
+        ]).
+
+%% Callback
+-export([init/4]).
+
+%% Sys callbacks
+-export([ system_continue/3
+        , system_terminate/4
+        , system_code_change/4
+        , system_get_state/1
+        ]).
+
+%% Internal callback
+-export([wakeup_from_hib/2, recvloop/2, get_state/1]).
+
+%% Export for CT
+-export([set_field/3]).
+
+-import(emqx_misc,
+        [ maybe_apply/2
+        ]).
+
+-record(state, {
+          %% TCP/TLS Transport
+          transport :: esockd:transport(),
+          %% TCP/TLS Socket
+          socket :: esockd:socket(),
+          %% Peername of the connection
+          peername :: emqx_types:peername(),
+          %% Sockname of the connection
+          sockname :: emqx_types:peername(),
+          %% Sock State
+          sockstate :: emqx_types:sockstate(),
+          %% The {active, N} option
+          active_n :: pos_integer(),
+          %% Limiter
+          limiter :: emqx_limiter:limiter() | undefined,
+          %% Limit Timer
+          limit_timer :: reference() | undefined,
+          %% Parse State
+          parse_state :: emqx_stomp_frame:parse_state(),
+          %% Serialize options
+          serialize :: emqx_stomp_frame:serialize_opts(),
+          %% Channel State
+          channel :: emqx_stomp_channel:channel(),
+          %% GC State
+          gc_state :: emqx_gc:gc_state() | undefined,
+          %% Stats Timer
+          stats_timer :: disabled | reference(),
+          %% Idle Timeout
+          idle_timeout :: integer(),
+          %% Idle Timer
+          idle_timer :: reference() | undefined
+        }).
+
+-type(state() :: #state{}).
+
+-define(ACTIVE_N, 100).
+-define(INFO_KEYS, [socktype, peername, sockname, sockstate, active_n]).
+-define(CONN_STATS, [recv_pkt, recv_msg, send_pkt, send_msg]).
+-define(SOCK_STATS, [recv_oct, recv_cnt, send_oct, send_cnt, send_pend]).
+
+-define(ENABLED(X), (X =/= undefined)).
+
+%-define(ALARM_TCP_CONGEST(Channel),
+%        list_to_binary(io_lib:format("mqtt_conn/congested/~s/~s",
+%            [emqx_stomp_channel:info(clientid, Channel),
+%             emqx_stomp_channel:info(username, Channel)]))).
+%-define(ALARM_CONN_INFO_KEYS, [
+%    socktype, sockname, peername,
+%    clientid, username, proto_name, proto_ver, connected_at
+%]).
+%-define(ALARM_SOCK_STATS_KEYS, [send_pend, recv_cnt, recv_oct, send_cnt, send_oct]).
+%-define(ALARM_SOCK_OPTS_KEYS, [high_watermark, high_msgq_watermark, sndbuf, recbuf, buffer]).
+
+-dialyzer({no_match, [info/2]}).
+-dialyzer({nowarn_function, [ init/4
+                            , init_state/3
+                            , run_loop/2
+                            , system_terminate/4
+                            , system_code_change/4
+                            ]}).
+
+-dialyzer({nowarn_function, [ensure_stats_timer/2,cancel_stats_timer/1,
+                             terminate/2,handle_call/3,handle_timeout/3,
+                             parse_incoming/3,serialize_and_inc_stats_fun/1,
+                             check_oom/1,inc_incoming_stats/1,
+                             inc_outgoing_stats/1]}).
+
+-spec(start_link(esockd:transport(), esockd:socket(), proplists:proplist())
+      -> {ok, pid()}).
+start_link(Transport, Socket, Options) ->
+    Args = [self(), Transport, Socket, Options],
+    CPid = proc_lib:spawn_link(?MODULE, init, Args),
+    {ok, CPid}.
+
+%%--------------------------------------------------------------------
+%% API
+%%--------------------------------------------------------------------
+
+%% @doc Get infos of the connection/channel.
+-spec(info(pid()|state()) -> emqx_types:infos()).
+info(CPid) when is_pid(CPid) ->
+    call(CPid, info);
+info(State = #state{channel = Channel}) ->
+    ChanInfo = emqx_stomp_channel:info(Channel),
+    SockInfo = maps:from_list(
+                 info(?INFO_KEYS, State)),
+    ChanInfo#{sockinfo => SockInfo}.
+
+info(Keys, State) when is_list(Keys) ->
+    [{Key, info(Key, State)} || Key <- Keys];
+info(socktype, #state{transport = Transport, socket = Socket}) ->
+    Transport:type(Socket);
+info(peername, #state{peername = Peername}) ->
+    Peername;
+info(sockname, #state{sockname = Sockname}) ->
+    Sockname;
+info(sockstate, #state{sockstate = SockSt}) ->
+    SockSt;
+info(active_n, #state{active_n = ActiveN}) ->
+    ActiveN;
+info(stats_timer, #state{stats_timer = StatsTimer}) ->
+    StatsTimer;
+info(limit_timer, #state{limit_timer = LimitTimer}) ->
+    LimitTimer;
+info(limiter, #state{limiter = Limiter}) ->
+    maybe_apply(fun emqx_limiter:info/1, Limiter).
+
+%% @doc Get stats of the connection/channel.
+-spec(stats(pid()|state()) -> emqx_types:stats()).
+stats(CPid) when is_pid(CPid) ->
+    call(CPid, stats);
+stats(#state{transport = Transport,
+             socket    = Socket,
+             channel   = Channel}) ->
+    SockStats = case Transport:getstat(Socket, ?SOCK_STATS) of
+                    {ok, Ss}   -> Ss;
+                    {error, _} -> []
+                end,
+    ConnStats = emqx_pd:get_counters(?CONN_STATS),
+    ChanStats = emqx_stomp_channel:stats(Channel),
+    ProcStats = emqx_misc:proc_stats(),
+    lists:append([SockStats, ConnStats, ChanStats, ProcStats]).
+
+%% @doc Set TCP keepalive socket options to override system defaults.
+%% Idle: The number of seconds a connection needs to be idle before
+%%       TCP begins sending out keep-alive probes (Linux default 7200).
+%% Interval: The number of seconds between TCP keep-alive probes
+%%           (Linux default 75).
+%% Probes: The maximum number of TCP keep-alive probes to send before
+%%         giving up and killing the connection if no response is
+%%         obtained from the other end (Linux default 9).
+%%
+%% NOTE: This API sets TCP socket options, which has nothing to do with
+%%       the MQTT layer's keepalive (PINGREQ and PINGRESP).
+async_set_keepalive(Idle, Interval, Probes) ->
+    async_set_keepalive(self(), Idle, Interval, Probes).
+
+async_set_keepalive(Pid, Idle, Interval, Probes) ->
+    Options = [ {keepalive, true}
+              , {raw, 6, 4, <<Idle:32/native>>}
+              , {raw, 6, 5, <<Interval:32/native>>}
+              , {raw, 6, 6, <<Probes:32/native>>}
+              ],
+    async_set_socket_options(Pid, Options).
+
+%% @doc Set custom socket options.
+%% This API is made async because the call might be originated from
+%% a hookpoint callback (otherwise deadlock).
+%% If failed to set, the error message is logged.
+async_set_socket_options(Pid, Options) ->
+    cast(Pid, {async_set_socket_options, Options}).
+
+cast(Pid, Req) ->
+    gen_server:cast(Pid, Req).
+
+call(Pid, Req) ->
+    call(Pid, Req, infinity).
+call(Pid, Req, Timeout) ->
+    gen_server:call(Pid, Req, Timeout).
+
+stop(Pid) ->
+    gen_server:stop(Pid).
+
+%%--------------------------------------------------------------------
+%% callbacks
+%%--------------------------------------------------------------------
+
+init(Parent, Transport, RawSocket, Options) ->
+    case Transport:wait(RawSocket) of
+        {ok, Socket} ->
+            run_loop(Parent, init_state(Transport, Socket, Options));
+        {error, Reason} ->
+            ok = Transport:fast_close(RawSocket),
+            exit_on_sock_error(Reason)
+    end.
+
+init_state(Transport, Socket, Options) ->
+    {ok, Peername} = Transport:ensure_ok_or_exit(peername, [Socket]),
+    {ok, Sockname} = Transport:ensure_ok_or_exit(sockname, [Socket]),
+    Peercert = Transport:ensure_ok_or_exit(peercert, [Socket]),
+    ConnInfo = #{socktype => Transport:type(Socket),
+                 peername => Peername,
+                 sockname => Sockname,
+                 peercert => Peercert,
+                 conn_mod => ?MODULE
+                },
+    ActiveN = emqx_gateway_utils:active_n(Options),
+    %% TODO: RateLimit ? How ?
+    Limiter = undefined,
+    %RateLimit = emqx_gateway_utils:ratelimit(Options),
+    %%Limiter = emqx_limiter:init(Zone, RateLimit),
+    FrameOpts = emqx_gateway_utils:frame_options(Options),
+    ParseState = emqx_stomp_frame:initial_parse_state(FrameOpts),
+    Serialize = emqx_stomp_frame:serialize_opts(),
+    Channel = emqx_stomp_channel:init(ConnInfo, Options),
+    GcState = emqx_gateway_utils:init_gc_state(Options),
+    StatsTimer = emqx_gateway_utils:stats_timer(Options),
+    IdleTimeout = emqx_gateway_utils:idle_timeout(Options),
+    IdleTimer = emqx_misc:start_timer(IdleTimeout, idle_timeout),
+    #state{transport    = Transport,
+           socket       = Socket,
+           peername     = Peername,
+           sockname     = Sockname,
+           sockstate    = idle,
+           active_n     = ActiveN,
+           limiter      = Limiter,
+           parse_state  = ParseState,
+           serialize    = Serialize,
+           channel      = Channel,
+           gc_state     = GcState,
+           stats_timer  = StatsTimer,
+           idle_timeout = IdleTimeout,
+           idle_timer   = IdleTimer
+          }.
+
+run_loop(Parent, State = #state{transport = Transport,
+                                socket    = Socket,
+                                peername  = Peername,
+                                channel   = _Channel}) ->
+    emqx_logger:set_metadata_peername(esockd:format(Peername)),
+    % TODO: How yo get oom_policy ???
+    %emqx_misc:tune_heap_size(emqx_gateway_utils:oom_policy(
+    %                           emqx_stomp_channel:info(zone, Channel))),
+    case activate_socket(State) of
+        {ok, NState} -> hibernate(Parent, NState);
+        {error, Reason} ->
+            ok = Transport:fast_close(Socket),
+            exit_on_sock_error(Reason)
+    end.
+
+-spec exit_on_sock_error(any()) -> no_return().
+exit_on_sock_error(Reason) when Reason =:= einval;
+                                Reason =:= enotconn;
+                                Reason =:= closed ->
+    erlang:exit(normal);
+exit_on_sock_error(timeout) ->
+    erlang:exit({shutdown, ssl_upgrade_timeout});
+exit_on_sock_error(Reason) ->
+    erlang:exit({shutdown, Reason}).
+
+%%--------------------------------------------------------------------
+%% Recv Loop
+
+recvloop(Parent, State = #state{idle_timeout = IdleTimeout}) ->
+    receive
+        Msg ->
+            handle_recv(Msg, Parent, State)
+    after
+        IdleTimeout + 100 ->
+            hibernate(Parent, cancel_stats_timer(State))
+    end.
+
+handle_recv({system, From, Request}, Parent, State) ->
+    sys:handle_system_msg(Request, From, Parent, ?MODULE, [], State);
+handle_recv({'EXIT', Parent, Reason}, Parent, State) ->
+    %% FIXME: it's not trapping exit, should never receive an EXIT
+    terminate(Reason, State);
+handle_recv(Msg, Parent, State = #state{idle_timeout = IdleTimeout}) ->
+    case process_msg([Msg], ensure_stats_timer(IdleTimeout, State)) of
+        {ok, NewState} ->
+            ?MODULE:recvloop(Parent, NewState);
+        {stop, Reason, NewSate} ->
+            terminate(Reason, NewSate)
+    end.
+
+hibernate(Parent, State) ->
+    proc_lib:hibernate(?MODULE, wakeup_from_hib, [Parent, State]).
+
+%% Maybe do something here later.
+wakeup_from_hib(Parent, State) ->
+    ?MODULE:recvloop(Parent, State).
+
+%%--------------------------------------------------------------------
+%% Ensure/cancel stats timer
+
+ensure_stats_timer(Timeout, State = #state{stats_timer = undefined}) ->
+    State#state{stats_timer = emqx_misc:start_timer(Timeout, emit_stats)};
+ensure_stats_timer(_Timeout, State) -> State.
+
+cancel_stats_timer(State = #state{stats_timer = TRef})
+ when is_reference(TRef) ->
+    ?tp(debug, cancel_stats_timer, #{}),
+    ok = emqx_misc:cancel_timer(TRef),
+    State#state{stats_timer = undefined};
+cancel_stats_timer(State) -> State.
+
+%%--------------------------------------------------------------------
+%% Process next Msg
+
+process_msg([], State) ->
+    {ok, State};
+process_msg([Msg|More], State) ->
+    try
+        case handle_msg(Msg, State) of
+            ok ->
+                process_msg(More, State);
+            {ok, NState} ->
+                process_msg(More, NState);
+            {ok, Msgs, NState} ->
+                process_msg(append_msg(More, Msgs), NState);
+            {stop, Reason, NState} ->
+                {stop, Reason, NState}
+        end
+    catch
+        exit : normal ->
+            {stop, normal, State};
+        exit : shutdown ->
+            {stop, shutdown, State};
+        exit : {shutdown, _} = Shutdown ->
+            {stop, Shutdown, State};
+        Exception : Context : Stack ->
+            {stop, #{exception => Exception,
+                     context => Context,
+                     stacktrace => Stack}, State}
+    end.
+
+append_msg([], Msgs) when is_list(Msgs) ->
+    Msgs;
+append_msg([], Msg) -> [Msg];
+append_msg(Q, Msgs) when is_list(Msgs) ->
+    lists:append(Q, Msgs);
+append_msg(Q, Msg) ->
+    lists:append(Q, [Msg]).
+
+%%--------------------------------------------------------------------
+%% Handle a Msg
+
+handle_msg({'$gen_call', From, Req}, State) ->
+    case handle_call(From, Req, State) of
+        {reply, Reply, NState} ->
+            gen_server:reply(From, Reply),
+            {ok, NState};
+        {stop, Reason, Reply, NState} ->
+            gen_server:reply(From, Reply),
+            stop(Reason, NState)
+    end;
+handle_msg({'$gen_cast', Req}, State) ->
+    NewState = handle_cast(Req, State),
+    {ok, NewState};
+
+handle_msg({Inet, _Sock, Data}, State = #state{channel = Channel})
+  when Inet == tcp;
+       Inet == ssl ->
+    ?LOG(debug, "RECV ~0p", [Data]),
+    Oct = iolist_size(Data),
+    inc_counter(incoming_bytes, Oct),
+    Ctx = emqx_stomp_channel:info(ctx, Channel),
+    ok = emqx_gateway_ctx:metrics_inc(Ctx, 'bytes.received', Oct),
+    parse_incoming(Data, State);
+
+handle_msg({incoming, Packet}, State = #state{idle_timer = undefined}) ->
+    handle_incoming(Packet, State);
+
+handle_msg({incoming, Packet},
+           State = #state{idle_timer = IdleTimer}) ->
+    ok = emqx_misc:cancel_timer(IdleTimer),
+    %% XXX: Serialize with inpunt packets
+    %%Serialize = emqx_stomp_frame:serialize_opts(),
+    NState = State#state{idle_timer = undefined},
+    handle_incoming(Packet, NState);
+
+handle_msg({outgoing, Packets}, State) ->
+    handle_outgoing(Packets, State);
+
+handle_msg({Error, _Sock, Reason}, State)
+  when Error == tcp_error; Error == ssl_error ->
+    handle_info({sock_error, Reason}, State);
+
+handle_msg({Closed, _Sock}, State)
+  when Closed == tcp_closed; Closed == ssl_closed ->
+    handle_info({sock_closed, Closed}, close_socket(State));
+
+handle_msg({Passive, _Sock}, State)
+  when Passive == tcp_passive; Passive == ssl_passive ->
+    %% In Stats
+    Pubs = emqx_pd:reset_counter(incoming_pubs),
+    Bytes = emqx_pd:reset_counter(incoming_bytes),
+    InStats = #{cnt => Pubs, oct => Bytes},
+    %% Ensure Rate Limit
+    NState = ensure_rate_limit(InStats, State),
+    %% Run GC and Check OOM
+    NState1 = check_oom(run_gc(InStats, NState)),
+    handle_info(activate_socket, NState1);
+
+handle_msg(Deliver = {deliver, _Topic, _Msg},
+           #state{active_n = ActiveN} = State) ->
+    Delivers = [Deliver|emqx_misc:drain_deliver(ActiveN)],
+    with_channel(handle_deliver, [Delivers], State);
+
+%% Something sent
+handle_msg({inet_reply, _Sock, ok}, State = #state{active_n = ActiveN}) ->
+    case emqx_pd:get_counter(outgoing_pubs) > ActiveN of
+        true ->
+            Pubs = emqx_pd:reset_counter(outgoing_pubs),
+            Bytes = emqx_pd:reset_counter(outgoing_bytes),
+            OutStats = #{cnt => Pubs, oct => Bytes},
+            {ok, run_gc(OutStats, State)};
+            %% FIXME: check oom ???
+            %%{ok, check_oom(run_gc(OutStats, State))};
+        false -> ok
+    end;
+
+handle_msg({inet_reply, _Sock, {error, Reason}}, State) ->
+    handle_info({sock_error, Reason}, State);
+
+handle_msg({connack, ConnAck}, State) ->
+    handle_outgoing(ConnAck, State);
+
+handle_msg({close, Reason}, State) ->
+    ?LOG(debug, "Force to close the socket due to ~p", [Reason]),
+    handle_info({sock_closed, Reason}, close_socket(State));
+
+handle_msg({event, connected}, State = #state{channel = Channel}) ->
+    Ctx = emqx_stomp_channel:info(ctx, Channel),
+    ClientId = emqx_stomp_channel:info(clientid, Channel),
+    emqx_gateway_ctx:insert_channel_info(
+      Ctx,
+      ClientId,
+      info(State),
+      stats(State)
+     );
+
+handle_msg({event, disconnected}, State = #state{channel = Channel}) ->
+    Ctx = emqx_stomp_channel:info(ctx, Channel),
+    ClientId = emqx_stomp_channel:info(clientid, Channel),
+    emqx_gateway_ctx:set_chan_info(Ctx, ClientId, info(State)),
+    emqx_gateway_ctx:connection_closed(Ctx, ClientId),
+    {ok, State};
+
+handle_msg({event, _Other}, State = #state{channel = Channel}) ->
+    Ctx = emqx_stomp_channel:info(ctx, Channel),
+    ClientId = emqx_stomp_channel:info(clientid, Channel),
+    emqx_gateway_ctx:set_chan_info(Ctx, ClientId, info(State)),
+    emqx_gateway_ctx:set_chan_stats(Ctx, ClientId, stats(State)),
+    {ok, State};
+
+handle_msg({timeout, TRef, TMsg}, State) ->
+    handle_timeout(TRef, TMsg, State);
+
+handle_msg(Shutdown = {shutdown, _Reason}, State) ->
+    stop(Shutdown, State);
+
+handle_msg(Msg, State) ->
+    handle_info(Msg, State).
+
+%%--------------------------------------------------------------------
+%% Terminate
+
+-spec terminate(any(), state()) -> no_return().
+terminate(Reason, State = #state{channel = Channel, transport = _Transport,
+          socket = _Socket}) ->
+    try
+        Channel1 = emqx_stomp_channel:set_conn_state(disconnected, Channel),
+        %emqx_congestion:cancel_alarms(Socket, Transport, Channel1),
+        emqx_stomp_channel:terminate(Reason, Channel1),
+        close_socket_ok(State)
+    catch
+        E : C : S ->
+            ?tp(warning, unclean_terminate, #{exception => E, context => C, stacktrace => S})
+    end,
+    ?tp(info, terminate, #{reason => Reason}),
+    maybe_raise_excption(Reason).
+
+%% close socket, discard new state, always return ok.
+close_socket_ok(State) ->
+    _ = close_socket(State),
+    ok.
+
+%% tell truth about the original exception
+maybe_raise_excption(#{exception := Exception,
+                       context := Context,
+                       stacktrace := Stacktrace
+                      }) ->
+    erlang:raise(Exception, Context, Stacktrace);
+maybe_raise_excption(Reason) ->
+    exit(Reason).
+
+%%--------------------------------------------------------------------
+%% Sys callbacks
+
+system_continue(Parent, _Debug, State) ->
+    ?MODULE:recvloop(Parent, State).
+
+system_terminate(Reason, _Parent, _Debug, State) ->
+    terminate(Reason, State).
+
+system_code_change(State, _Mod, _OldVsn, _Extra) ->
+    {ok, State}.
+
+system_get_state(State) -> {ok, State}.
+
+%%--------------------------------------------------------------------
+%% Handle call
+
+handle_call(_From, info, State) ->
+    {reply, info(State), State};
+
+handle_call(_From, stats, State) ->
+    {reply, stats(State), State};
+
+%% TODO: How to set ratelimit ???
+%%handle_call(_From, {ratelimit, Policy}, State = #state{channel = Channel}) ->
+%%    Zone = emqx_stomp_channel:info(zone, Channel),
+%%    Limiter = emqx_limiter:init(Zone, Policy),
+%%    {reply, ok, State#state{limiter = Limiter}};
+
+handle_call(_From, Req, State = #state{channel = Channel}) ->
+    case emqx_stomp_channel:handle_call(Req, Channel) of
+        {reply, Reply, NChannel} ->
+            {reply, Reply, State#state{channel = NChannel}};
+        {shutdown, Reason, Reply, NChannel} ->
+            shutdown(Reason, Reply, State#state{channel = NChannel});
+        {shutdown, Reason, Reply, OutPacket, NChannel} ->
+            NState = State#state{channel = NChannel},
+            ok = handle_outgoing(OutPacket, NState),
+            shutdown(Reason, Reply, NState)
+    end.
+
+%%--------------------------------------------------------------------
+%% Handle timeout
+
+handle_timeout(_TRef, idle_timeout, State) ->
+    shutdown(idle_timeout, State);
+
+handle_timeout(_TRef, limit_timeout, State) ->
+    NState = State#state{sockstate   = idle,
+                         limit_timer = undefined
+                        },
+    handle_info(activate_socket, NState);
+
+handle_timeout(_TRef, emit_stats, State = #state{channel = Channel,
+                                                 transport = _Transport,
+                                                 socket = _Socket}) ->
+    %emqx_congestion:maybe_alarm_conn_congestion(Socket, Transport, Channel),
+    Ctx = emqx_stomp_channel:info(ctx, Channel),
+    ClientId = emqx_stomp_channel:info(clientid, Channel),
+    emqx_gateway_ctx:set_chan_stats(Ctx, ClientId, stats(State)),
+    {ok, State#state{stats_timer = undefined}};
+
+%% Abstraction ???
+%handle_timeout(TRef, keepalive, State = #state{transport = Transport,
+%                                               socket = Socket,
+%                                               channel = Channel})->
+%    case emqx_stomp_channel:info(conn_state, Channel) of
+%        disconnected -> {ok, State};
+%        _ ->
+%            case Transport:getstat(Socket, [recv_oct]) of
+%                {ok, [{recv_oct, RecvOct}]} ->
+%                    handle_timeout(TRef, {keepalive, RecvOct}, State);
+%                {error, Reason} ->
+%                    handle_info({sock_error, Reason}, State)
+%            end
+%    end;
+
+handle_timeout(TRef, TMsg, State = #state{transport = Transport,
+                                          socket = Socket,
+                                          channel = Channel
+                                         })
+  when TMsg =:= incoming;
+       TMsg =:= outgoing ->
+    Stat = case TMsg of incoming -> recv_oct; _ -> send_oct end,
+    case emqx_stomp_channel:info(conn_state, Channel) of
+        disconnected -> {ok, State};
+        _ ->
+            case Transport:getstat(Socket, [Stat]) of
+                {ok, [{recv_oct, RecvOct}]} ->
+                    handle_timeout(TRef, {incoming, RecvOct}, State);
+                {ok, [{send_oct, SendOct}]} ->
+                    handle_timeout(TRef, {outgoing, SendOct}, State);
+                {error, Reason} ->
+                    handle_info({sock_error, Reason}, State)
+            end
+    end;
+
+handle_timeout(TRef, Msg, State) ->
+    with_channel(handle_timeout, [TRef, Msg], State).
+
+%%--------------------------------------------------------------------
+%% Parse incoming data
+
+parse_incoming(Data, State) ->
+    {Packets, NState} = parse_incoming(Data, [], State),
+    {ok, next_incoming_msgs(Packets), NState}.
+
+parse_incoming(<<>>, Packets, State) ->
+    {Packets, State};
+
+parse_incoming(Data, Packets, State = #state{parse_state = ParseState}) ->
+    try emqx_stomp_frame:parse(Data, ParseState) of
+        {more, NParseState} ->
+            {Packets, State#state{parse_state = NParseState}};
+        {ok, Packet, Rest, NParseState} ->
+            NState = State#state{parse_state = NParseState},
+            parse_incoming(Rest, [Packet|Packets], NState)
+    catch
+        error:Reason:Stk ->
+            ?LOG(error, "~nParse failed for ~0p~n~0p~nFrame data:~0p",
+                 [Reason, Stk, Data]),
+            {[{frame_error, Reason}|Packets], State}
+    end.
+
+next_incoming_msgs([Packet]) ->
+    {incoming, Packet};
+next_incoming_msgs(Packets) ->
+    [{incoming, Packet} || Packet <- lists:reverse(Packets)].
+
+%%--------------------------------------------------------------------
+%% Handle incoming packet
+
+handle_incoming(Packet, State) when is_record(Packet, stomp_frame) ->
+    ok = inc_incoming_stats(Packet),
+    ?LOG(debug, "RECV ~s", [emqx_stomp_frame:format(Packet)]),
+    with_channel(handle_in, [Packet], State);
+
+handle_incoming(FrameError, State) ->
+    with_channel(handle_in, [FrameError], State).
+
+%%--------------------------------------------------------------------
+%% With Channel
+
+with_channel(Fun, Args, State = #state{channel = Channel}) ->
+    case erlang:apply(emqx_stomp_channel, Fun, Args ++ [Channel]) of
+        ok -> {ok, State};
+        {ok, NChannel} ->
+            {ok, State#state{channel = NChannel}};
+        {ok, Replies, NChannel} ->
+            {ok, next_msgs(Replies), State#state{channel = NChannel}};
+        {shutdown, Reason, NChannel} ->
+            shutdown(Reason, State#state{channel = NChannel});
+        {shutdown, Reason, Packet, NChannel} ->
+            NState = State#state{channel = NChannel},
+            ok = handle_outgoing(Packet, NState),
+            shutdown(Reason, NState)
+    end.
+
+%%--------------------------------------------------------------------
+%% Handle outgoing packets
+
+handle_outgoing(Packets, State) when is_list(Packets) ->
+    send(lists:map(serialize_and_inc_stats_fun(State), Packets), State);
+
+handle_outgoing(Packet, State) ->
+    send((serialize_and_inc_stats_fun(State))(Packet), State).
+
+serialize_and_inc_stats_fun(#state{serialize = Serialize, channel = Channel}) ->
+    Ctx = emqx_stomp_channel:info(ctx, Channel),
+    fun(Packet) ->
+        case emqx_stomp_frame:serialize_pkt(Packet, Serialize) of
+            <<>> -> ?LOG(warning, "~s is discarded due to the frame is too large!",
+                         [emqx_stomp_frame:format(Packet)]),
+                    ok = emqx_gateway_ctx:metrics_inc(Ctx, 'delivery.dropped.too_large'),
+                    ok = emqx_gateway_ctx:metrics_inc(Ctx, 'delivery.dropped'),
+                    <<>>;
+            Data -> ?LOG(debug, "SEND ~s", [emqx_stomp_frame:format(Packet)]),
+                    ok = inc_outgoing_stats(Packet),
+                    Data
+        end
+    end.
+
+%%--------------------------------------------------------------------
+%% Send data
+
+-spec(send(iodata(), state()) -> ok).
+send(IoData, #state{transport = Transport, socket = Socket, channel = Channel}) ->
+    Ctx = emqx_stomp_channel:info(ctx, Channel),
+    Oct = iolist_size(IoData),
+    ok = emqx_gateway_ctx:metrics_inc(Ctx, 'bytes.sent', Oct),
+    inc_counter(outgoing_bytes, Oct),
+    %emqx_congestion:maybe_alarm_conn_congestion(Socket, Transport, Channel),
+    case Transport:async_send(Socket, IoData, [nosuspend]) of
+        ok -> ok;
+        Error = {error, _Reason} ->
+            %% Send an inet_reply to postpone handling the error
+            self() ! {inet_reply, Socket, Error},
+            ok
+    end.
+
+%%--------------------------------------------------------------------
+%% Handle Info
+
+handle_info(activate_socket, State = #state{sockstate = OldSst}) ->
+    case activate_socket(State) of
+        {ok, NState = #state{sockstate = NewSst}} ->
+            case OldSst =/= NewSst of
+                true -> {ok, {event, NewSst}, NState};
+                false -> {ok, NState}
+            end;
+        {error, Reason} ->
+            handle_info({sock_error, Reason}, State)
+    end;
+
+handle_info({sock_error, Reason}, State) ->
+    case Reason =/= closed andalso Reason =/= einval of
+        true -> ?LOG(warning, "socket_error: ~p", [Reason]);
+        false -> ok
+    end,
+    handle_info({sock_closed, Reason}, close_socket(State));
+
+handle_info(Info, State) ->
+    with_channel(handle_info, [Info], State).
+
+%%--------------------------------------------------------------------
+%% Handle Info
+
+handle_cast({async_set_socket_options, Opts},
+            State = #state{transport = Transport,
+                           socket    = Socket
+                          }) ->
+    case Transport:setopts(Socket, Opts) of
+        ok -> ?tp(info, "custom_socket_options_successfully", #{opts => Opts});
+        Err -> ?tp(error, "failed_to_set_custom_socket_optionn", #{reason => Err})
+    end,
+    State;
+handle_cast(Req, State) ->
+    ?tp(error, "received_unknown_cast", #{cast => Req}),
+    State.
+
+%%--------------------------------------------------------------------
+%% Ensure rate limit
+
+ensure_rate_limit(Stats, State = #state{limiter = Limiter}) ->
+    case ?ENABLED(Limiter) andalso emqx_limiter:check(Stats, Limiter) of
+        false -> State;
+        {ok, Limiter1} ->
+            State#state{limiter = Limiter1};
+        {pause, Time, Limiter1} ->
+            ?LOG(warning, "Pause ~pms due to rate limit", [Time]),
+            TRef = emqx_misc:start_timer(Time, limit_timeout),
+            State#state{sockstate   = blocked,
+                        limiter     = Limiter1,
+                        limit_timer = TRef
+                       }
+    end.
+
+%%--------------------------------------------------------------------
+%% Run GC and Check OOM
+
+run_gc(Stats, State = #state{gc_state = GcSt}) ->
+    case ?ENABLED(GcSt) andalso emqx_gc:run(Stats, GcSt) of
+        false -> State;
+        {_IsGC, GcSt1} ->
+            State#state{gc_state = GcSt1}
+    end.
+
+check_oom(State = #state{channel = Channel}) ->
+    Zone = emqx_stomp_channel:info(zone, Channel),
+    OomPolicy = emqx_gateway_utils:oom_policy(Zone),
+    ?tp(debug, check_oom, #{policy => OomPolicy}),
+    case ?ENABLED(OomPolicy) andalso emqx_misc:check_oom(OomPolicy) of
+        {shutdown, Reason} ->
+            %% triggers terminate/2 callback immediately
+            erlang:exit({shutdown, Reason});
+        _Other ->
+            ok
+    end,
+    State.
+
+%%--------------------------------------------------------------------
+%% Activate Socket
+
+-compile({inline, [activate_socket/1]}).
+activate_socket(State = #state{sockstate = closed}) ->
+    {ok, State};
+activate_socket(State = #state{sockstate = blocked}) ->
+    {ok, State};
+activate_socket(State = #state{transport = Transport,
+                               socket    = Socket,
+                               active_n  = N}) ->
+    case Transport:setopts(Socket, [{active, N}]) of
+        ok -> {ok, State#state{sockstate = running}};
+        Error -> Error
+    end.
+
+%%--------------------------------------------------------------------
+%% Close Socket
+
+close_socket(State = #state{sockstate = closed}) -> State;
+close_socket(State = #state{transport = Transport, socket = Socket}) ->
+    ok = Transport:fast_close(Socket),
+    State#state{sockstate = closed}.
+
+%%--------------------------------------------------------------------
+%% Inc incoming/outgoing stats
+
+%% XXX: Other packet type?
+inc_incoming_stats(Packet = ?PACKET(Type)) ->
+    inc_counter(recv_pkt, 1),
+    case Type =:= ?CMD_SEND of
+        true ->
+            inc_counter(recv_msg, 1),
+            inc_counter(incoming_pubs, 1);
+        false ->
+            ok
+    end,
+    emqx_metrics:inc_recv(Packet).
+
+inc_outgoing_stats(Packet = ?PACKET(Type)) ->
+    inc_counter(send_pkt, 1),
+    case Type =:= ?CMD_MESSAGE of
+        true ->
+            inc_counter(send_msg, 1),
+            inc_counter(outgoing_pubs, 1);
+        false ->
+            ok
+    end,
+    emqx_metrics:inc_sent(Packet).
+
+%%--------------------------------------------------------------------
+%% Helper functions
+
+next_msgs(Packet) when is_record(Packet, stomp_frame) ->
+    {outgoing, Packet};
+next_msgs(Event) when is_tuple(Event) ->
+    Event;
+next_msgs(More) when is_list(More) ->
+    More.
+
+shutdown(Reason, State) ->
+    stop({shutdown, Reason}, State).
+
+shutdown(Reason, Reply, State) ->
+    stop({shutdown, Reason}, Reply, State).
+
+stop(Reason, State) ->
+    {stop, Reason, State}.
+
+stop(Reason, Reply, State) ->
+    {stop, Reason, Reply, State}.
+
+inc_counter(Key, Inc) ->
+    _ = emqx_pd:inc_counter(Key, Inc),
+    ok.
+
+%%--------------------------------------------------------------------
+%% For CT tests
+%%--------------------------------------------------------------------
+
+set_field(Name, Value, State) ->
+    Pos = emqx_misc:index_of(Name, record_info(fields, state)),
+    setelement(Pos+1, State, Value).
+
+get_state(Pid) ->
+    State = sys:get_state(Pid),
+    maps:from_list(lists:zip(record_info(fields, state),
+                             tl(tuple_to_list(State)))).
diff --git a/apps/emqx_stomp/src/emqx_stomp_frame.erl b/apps/emqx_gateway/src/stomp/emqx_stomp_frame.erl
similarity index 70%
rename from apps/emqx_stomp/src/emqx_stomp_frame.erl
rename to apps/emqx_gateway/src/stomp/emqx_stomp_frame.erl
index fa9cb63a8..4db8a1f5f 100644
--- a/apps/emqx_stomp/src/emqx_stomp_frame.erl
+++ b/apps/emqx_gateway/src/stomp/emqx_stomp_frame.erl
@@ -68,14 +68,16 @@
 
 -module(emqx_stomp_frame).
 
--include("emqx_stomp.hrl").
+-include("src/stomp/include/emqx_stomp.hrl").
 
--export([ init_parer_state/1
+-export([ initial_parse_state/1
         , parse/2
-        , serialize/1
+        , serialize_opts/0
+        , serialize_pkt/2
         ]).
 
--export([ make/2
+-export([ make/1
+        , make/2
         , make/3
         , format/1
         ]).
@@ -96,28 +98,33 @@
 
 -record(frame_limit, {max_header_num, max_header_length, max_body_length}).
 
--type(result() :: {ok, stomp_frame(), binary()}
-                | {more, parser()}
-                | {error, any()}).
+-type(parse_result() :: {ok, stomp_frame(), binary()}
+                      | {more, parse_state()}).
 
--type(parser() :: #{phase := none | command | headers | hdname | hdvalue | body,
-                    pre => binary(),
-                    state := #parser_state{}}).
+-type(parse_state() ::
+      #{phase := none | command | headers | hdname | hdvalue | body,
+        pre => binary(),
+        state := #parser_state{}
+       }).
+
+-dialyzer({nowarn_function, [serialize_pkt/2,make/1]}).
 
 %% @doc Initialize a parser
--spec init_parer_state([proplists:property()]) -> parser().
-init_parer_state(Opts) ->
+-spec initial_parse_state(map()) -> parse_state().
+initial_parse_state(Opts) ->
     #{phase => none, state => #parser_state{limit = limit(Opts)}}.
 
 limit(Opts) ->
-    #frame_limit{max_header_num     = g(max_header_num,    Opts, ?MAX_HEADER_NUM),
-                 max_header_length  = g(max_header_length, Opts, ?MAX_BODY_LENGTH),
-                 max_body_length    = g(max_body_length,   Opts, ?MAX_BODY_LENGTH)}.
+    #frame_limit{
+       max_header_num = g(max_header_num, Opts, ?MAX_HEADER_NUM),
+       max_header_length = g(max_header_length, Opts, ?MAX_BODY_LENGTH),
+       max_body_length = g(max_body_length, Opts, ?MAX_BODY_LENGTH)
+      }.
 
 g(Key, Opts, Val) ->
-    proplists:get_value(Key, Opts, Val).
+    maps:get(Key, Opts, Val).
 
--spec parse(binary(), parser()) -> result().
+-spec parse(binary(), parse_state()) -> parse_result().
 parse(<<>>, Parser) ->
     {more, Parser};
 
@@ -131,11 +138,14 @@ parse(<<?CR, ?LF, Rest/binary>>, #{phase := Phase, state := State}) ->
 parse(<<?CR>>, Parser) ->
     {more, Parser#{pre => <<?CR>>}};
 parse(<<?CR, _Ch:8, _Rest/binary>>, _Parser) ->
-    {error, linefeed_expected};
+    error(linefeed_expected);
 
-parse(<<?BSL>>, Parser = #{phase := Phase}) when Phase =:= hdname; Phase =:= hdvalue ->
+parse(<<?BSL>>, Parser = #{phase := Phase}) when Phase =:= hdname;
+                                                 Phase =:= hdvalue ->
     {more, Parser#{pre => <<?BSL>>}};
-parse(<<?BSL, Ch:8, Rest/binary>>, #{phase := Phase, state := State}) when Phase =:= hdname; Phase =:= hdvalue ->
+parse(<<?BSL, Ch:8, Rest/binary>>,
+      #{phase := Phase, state := State}) when Phase =:= hdname;
+                                              Phase =:= hdvalue ->
     parse(Phase, Rest, acc(unescape(Ch), State));
 
 parse(Bytes, #{phase := none, state := State}) ->
@@ -153,14 +163,19 @@ parse(headers, Bin, State) ->
     parse(hdname, Bin, State);
 
 parse(hdname, <<?LF, _Rest/binary>>, _State) ->
-    {error, unexpected_linefeed};
+    error(unexpected_linefeed);
 parse(hdname, <<?COLON, Rest/binary>>, State = #parser_state{acc = Acc}) ->
     parse(hdvalue, Rest, State#parser_state{hdname = Acc, acc = <<>>});
 parse(hdname, <<Ch:8, Rest/binary>>, State) ->
     parse(hdname, Rest, acc(Ch, State));
 
-parse(hdvalue, <<?LF, Rest/binary>>, State = #parser_state{headers = Headers, hdname = Name, acc = Acc}) ->
-    parse(headers, Rest, State#parser_state{headers = add_header(Name, Acc, Headers), hdname = undefined, acc = <<>>});
+parse(hdvalue, <<?LF, Rest/binary>>,
+      State = #parser_state{headers = Headers, hdname = Name, acc = Acc}) ->
+    NState = State#parser_state{headers = add_header(Name, Acc, Headers),
+                                hdname = undefined,
+                                acc = <<>>
+                               },
+    parse(headers, Rest, NState);
 parse(hdvalue, <<Ch:8, Rest/binary>>, State) ->
     parse(hdvalue, Rest, acc(Ch, State)).
 
@@ -170,15 +185,19 @@ parse(body, <<>>, State, Length) ->
 parse(body, Bin, State, none) ->
     case binary:split(Bin, <<?NULL>>) of
         [Chunk, Rest] ->
-            {ok, new_frame(acc(Chunk, State)), Rest};
+            {ok, new_frame(acc(Chunk, State)), Rest, new_state(State)};
         [Chunk] ->
-            {more, #{phase => body, length => none, state => acc(Chunk, State)}}
+            {more, #{phase => body,
+                     length => none,
+                     state => acc(Chunk, State)}}
     end;
 parse(body, Bin, State, Len) when byte_size(Bin) >= (Len+1) ->
     <<Chunk:Len/binary, ?NULL, Rest/binary>> = Bin,
-    {ok, new_frame(acc(Chunk, State)), Rest};
+    {ok, new_frame(acc(Chunk, State)), Rest, new_state(State)};
 parse(body, Bin, State, Len) ->
-    {more, #{phase => body, length => Len - byte_size(Bin), state => acc(Bin, State)}}.
+    {more, #{phase => body,
+             length => Len - byte_size(Bin),
+             state => acc(Bin, State)}}.
 
 add_header(Name, Value, Headers) ->
     case lists:keyfind(Name, 1, Headers) of
@@ -208,20 +227,33 @@ unescape($r)  -> ?CR;
 unescape($n)  -> ?LF;
 unescape($c)  -> ?COLON;
 unescape($\\) -> ?BSL;
-unescape(_Ch) -> {error, cannnot_unescape}.
+unescape(_Ch) -> error(cannnot_unescape).
 
-serialize(#stomp_frame{command = Cmd, headers = Headers, body = Body}) ->
+%%--------------------------------------------------------------------
+%% Serialize funcs
+%%--------------------------------------------------------------------
+
+serialize_opts() ->
+    #{}.
+
+serialize_pkt(#stomp_frame{command = heartbeat}, _SerializeOpts) ->
+    <<$\n>>;
+
+serialize_pkt(#stomp_frame{command = Cmd, headers = Headers, body = Body},
+             _SerializeOpts) ->
     Headers1 = lists:keydelete(<<"content-length">>, 1, Headers),
     Headers2 =
     case iolist_size(Body) of
         0   -> Headers1;
         Len -> Headers1 ++ [{<<"content-length">>, Len}]
     end,
-    [Cmd, ?LF, [serialize(header, Header) || Header <- Headers2], ?LF, Body, 0].
+    [Cmd,
+     ?LF, [serialize_pkt(header, Header) || Header <- Headers2],
+     ?LF, Body, 0];
 
-serialize(header, {Name, Val}) when is_integer(Val) ->
+serialize_pkt(header, {Name, Val}) when is_integer(Val) ->
     [escape(Name), ?COLON, integer_to_list(Val), ?LF];
-serialize(header, {Name, Val}) ->
+serialize_pkt(header, {Name, Val}) ->
     [escape(Name), ?COLON, escape(Val), ?LF].
 
 escape(Bin) when is_binary(Bin) ->
@@ -232,8 +264,18 @@ escape(?BSL)   -> <<?BSL, ?BSL>>;
 escape(?COLON) -> <<?BSL, $c>>;
 escape(Ch)     -> <<Ch>>.
 
+new_state(#parser_state{limit = Limit}) ->
+    #{phase => none, state => #parser_state{limit = Limit}}.
+
+%%--------------------------------------------------------------------
+%% ???
+%%--------------------------------------------------------------------
 
 %% @doc Make a frame
+
+make(heartbeat) ->
+    #stomp_frame{command = heartbeat}.
+
 make(<<"CONNECTED">>, Headers) ->
     #stomp_frame{command = <<"CONNECTED">>,
                  headers = [{<<"server">>, ?STOMP_SERVER} | Headers]};
@@ -245,5 +287,4 @@ make(Command, Headers, Body) ->
     #stomp_frame{command = Command, headers = Headers, body = Body}.
 
 %% @doc Format a frame
-format(Frame) -> serialize(Frame).
-
+format(Frame) -> serialize_pkt(Frame, #{}).
diff --git a/apps/emqx_stomp/src/emqx_stomp_heartbeat.erl b/apps/emqx_gateway/src/stomp/emqx_stomp_heartbeat.erl
similarity index 89%
rename from apps/emqx_stomp/src/emqx_stomp_heartbeat.erl
rename to apps/emqx_gateway/src/stomp/emqx_stomp_heartbeat.erl
index 145359e53..99a1508e1 100644
--- a/apps/emqx_stomp/src/emqx_stomp_heartbeat.erl
+++ b/apps/emqx_gateway/src/stomp/emqx_stomp_heartbeat.erl
@@ -17,10 +17,11 @@
 %% @doc Stomp heartbeat.
 -module(emqx_stomp_heartbeat).
 
--include("emqx_stomp.hrl").
+-include("src/stomp/include/emqx_stomp.hrl").
 
 -export([ init/1
         , check/3
+        , reset/3
         , info/1
         , interval/2
         ]).
@@ -33,7 +34,6 @@
                        outgoing => #heartbeater{}
                       }.
 
-
 %%--------------------------------------------------------------------
 %% APIs
 %%--------------------------------------------------------------------
@@ -77,6 +77,15 @@ check(NewVal, HrtBter = #heartbeater{statval = OldVal,
         true -> {error, timeout}
     end.
 
+-spec reset(name(), pos_integer(), heartbeat())
+    -> heartbeat().
+reset(Name, NewVal, HrtBt) ->
+    HrtBter = maps:get(Name, HrtBt),
+    HrtBt#{Name => reset(NewVal, HrtBter)}.
+
+reset(NewVal, HrtBter) ->
+    HrtBter#heartbeater{statval = NewVal, repeat = 1}.
+
 -spec info(heartbeat()) -> map().
 info(HrtBt) ->
     maps:map(fun(_, #heartbeater{interval = Intv,
diff --git a/apps/emqx_gateway/src/stomp/emqx_stomp_impl.erl b/apps/emqx_gateway/src/stomp/emqx_stomp_impl.erl
new file mode 100644
index 000000000..e6e62565a
--- /dev/null
+++ b/apps/emqx_gateway/src/stomp/emqx_stomp_impl.erl
@@ -0,0 +1,153 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2017-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_stomp_impl).
+
+-include_lib("emqx_gateway/include/emqx_gateway.hrl").
+
+-behavior(emqx_gateway_impl).
+
+%% APIs
+-export([ load/0
+        , unload/0
+        ]).
+
+-export([ init/1
+        , on_insta_create/3
+        , on_insta_update/4
+        , on_insta_destroy/3
+        ]).
+
+-define(TCP_OPTS, [binary, {packet, raw}, {reuseaddr, true}, {nodelay, true}]).
+
+-dialyzer({nowarn_function, [load/0]}).
+
+%%--------------------------------------------------------------------
+%% APIs
+%%--------------------------------------------------------------------
+
+load() ->
+    RegistryOptions = [ {cbkmod, ?MODULE}
+                      , {schema, emqx_stomp_schema}
+                      ],
+
+    YourOptions = [param1, param2],
+    emqx_gateway_registry:load(stomp, RegistryOptions, YourOptions).
+
+unload() ->
+    emqx_gateway_registry:unload(stomp).
+
+init([param1, param2]) ->
+    GwState = #{},
+    {ok, GwState}.
+
+%%--------------------------------------------------------------------
+%% emqx_gateway_registry callbacks
+%%--------------------------------------------------------------------
+
+on_insta_create(_Insta = #{ id := InstaId,
+                            rawconf := RawConf
+                          }, Ctx, _GwState) ->
+    %% Step1. Fold the rawconfs to listeners
+    Listeners = emqx_gateway_utils:normalize_rawconf(RawConf),
+    %% Step2. Start listeners or escokd:specs
+    ListenerPids = lists:map(fun(Lis) ->
+                     start_listener(InstaId, Ctx, Lis)
+                   end, Listeners),
+    %% FIXME: How to throw an exception to interrupt the restart logic ?
+    %% FIXME: Assign ctx to InstaState
+    {ok, ListenerPids, _InstaState = #{ctx => Ctx}}.
+
+%% @private
+on_insta_update(NewInsta, OldInstace, GwInstaState = #{ctx := Ctx}, GwState) ->
+    InstaId = maps:get(id, NewInsta),
+    try
+        %% XXX: 1. How hot-upgrade the changes ???
+        %% XXX: 2. Check the New confs first before destroy old instance ???
+        on_insta_destroy(OldInstace, GwInstaState, GwState),
+        on_insta_create(NewInsta, Ctx, GwState)
+    catch
+        Class : Reason : Stk ->
+            logger:error("Failed to update stomp instance ~s; "
+                         "reason: {~0p, ~0p} stacktrace: ~0p",
+                         [InstaId, Class, Reason, Stk]),
+            {error, {Class, Reason}}
+    end.
+
+on_insta_destroy(_Insta = #{ id := InstaId,
+                             rawconf := RawConf
+                           }, _GwInstaState, _GwState) ->
+    Listeners = emqx_gateway_utils:normalize_rawconf(RawConf),
+    lists:foreach(fun(Lis) ->
+        stop_listener(InstaId, Lis)
+    end, Listeners).
+
+%%--------------------------------------------------------------------
+%% Internal funcs
+%%--------------------------------------------------------------------
+
+start_listener(InstaId, Ctx, {Type, ListenOn, SocketOpts, Cfg}) ->
+    case start_listener(InstaId, Ctx, Type, ListenOn, SocketOpts, Cfg) of
+        {ok, Pid} ->
+            io:format("Start stomp ~s:~s listener on ~s successfully.~n",
+                      [InstaId, Type, format(ListenOn)]),
+            Pid;
+        {error, Reason} ->
+            io:format(standard_error,
+                      "Failed to start stomp ~s:~s listener on ~s: ~0p~n",
+                      [InstaId, Type, format(ListenOn), Reason]),
+            throw({badconf, Reason})
+    end.
+
+start_listener(InstaId, Ctx, Type, ListenOn, SocketOpts, Cfg) ->
+    Name = name(InstaId, Type),
+    esockd:open(Name, ListenOn, merge_default(SocketOpts),
+                {emqx_stomp_connection, start_link, [Cfg#{ctx => Ctx}]}).
+
+name(InstaId, Type) ->
+    list_to_atom(lists:concat([InstaId, ":", Type])).
+
+merge_default(Options) ->
+    case lists:keytake(tcp_options, 1, Options) of
+        {value, {tcp_options, TcpOpts}, Options1} ->
+            [{tcp_options, emqx_misc:merge_opts(?TCP_OPTS, TcpOpts)} | Options1];
+        false ->
+            [{tcp_options, ?TCP_OPTS} | Options]
+    end.
+
+format(Port) when is_integer(Port) ->
+    io_lib:format("0.0.0.0:~w", [Port]);
+format({Addr, Port}) when is_list(Addr) ->
+    io_lib:format("~s:~w", [Addr, Port]);
+format({Addr, Port}) when is_tuple(Addr) ->
+    io_lib:format("~s:~w", [inet:ntoa(Addr), Port]).
+
+stop_listener(InstaId, {Type, ListenOn, SocketOpts, Cfg}) ->
+    StopRet = stop_listener(InstaId, Type, ListenOn, SocketOpts, Cfg),
+    case StopRet of
+        ok -> io:format("Stop stomp ~s:~s listener on ~s successfully.~n",
+                        [InstaId, Type, format(ListenOn)]);
+        {error, Reason} ->
+            io:format(standard_error,
+                      "Failed to stop stomp ~s:~s listener on ~s: ~0p~n",
+                      [InstaId, Type, format(ListenOn), Reason]
+                     )
+    end,
+    StopRet.
+
+stop_listener(InstaId, Type, ListenOn, _SocketOpts, _Cfg) ->
+    Name = name(InstaId, Type),
+    esockd:close(Name, ListenOn).
diff --git a/apps/emqx_gateway/src/stomp/include/emqx_stomp.hrl b/apps/emqx_gateway/src/stomp/include/emqx_stomp.hrl
new file mode 100644
index 000000000..cffcb1bdf
--- /dev/null
+++ b/apps/emqx_gateway/src/stomp/include/emqx_stomp.hrl
@@ -0,0 +1,92 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-ifndef(EMQX_STOMP_HRL).
+-define(EMQX_STOMP_HRL, true).
+
+-define(STOMP_VER, <<"1.2">>).
+
+-define(STOMP_SERVER, <<"emqx-stomp/1.2">>).
+
+%%--------------------------------------------------------------------
+%% STOMP Frame
+%%--------------------------------------------------------------------
+
+%% client command
+-define(CMD_STOMP,       <<"STOMP">>).
+-define(CMD_CONNECT,     <<"CONNECT">>).
+-define(CMD_SEND,        <<"SEND">>).
+-define(CMD_SUBSCRIBE,   <<"SUBSCRIBE">>).
+-define(CMD_UNSUBSCRIBE, <<"UNSUBSCRIBE">>).
+-define(CMD_BEGIN,       <<"BEGIN">>).
+-define(CMD_COMMIT,      <<"COMMIT">>).
+-define(CMD_ABORT,       <<"ABORT">>).
+-define(CMD_ACK,         <<"ACK">>).
+-define(CMD_NACK,        <<"NACK">>).
+-define(CMD_DISCONNECT,  <<"DISCONNECT">>).
+
+%% server command
+-define(CMD_CONNECTED, <<"CONNECTED">>).
+-define(CMD_MESSAGE,   <<"MESSAGE">>).
+-define(CMD_RECEIPT,   <<"RECEIPT">>).
+-define(CMD_ERROR,     <<"ERROR">>).
+
+-type client_command() :: binary().
+%-type client_command() :: ?CMD_SEND | ?CMD_SUBSCRIBE | ?CMD_UNSUBSCRIBE
+%                        | ?CMD_BEGIN | ?CMD_COMMIT | ?CMD_ABORT | ?CMD_ACK
+%                        | ?CMD_NACK | ?CMD_DISCONNECT | ?CMD_CONNECT
+%                        | ?CMD_STOMP.
+%
+-type server_command() :: binary().
+%-type server_command() :: ?CMD_CONNECTED | ?CMD_MESSAGE | ?CMD_RECEIPT
+%                        | ?CMD_ERROR.
+
+-record(stomp_frame, {
+          command :: client_command() | server_command(),
+          headers = [],
+          body = <<>> :: iodata()}
+       ).
+
+-type stomp_frame() :: #stomp_frame{}.
+
+-define(PACKET(CMD), #stomp_frame{command = CMD}).
+
+-define(PACKET(CMD, Headers), #stomp_frame{command = CMD, headers = Headers}).
+
+-define(PACKET(CMD, Headers, Body), #stomp_frame{command = CMD,
+                                                 headers = Headers,
+                                                 body    = Body
+                                                }).
+
+%%--------------------------------------------------------------------
+%% Frame Size Limits
+%%
+%% To prevent malicious clients from exploiting memory allocation in a server,
+%% servers MAY place maximum limits on:
+%%
+%% the number of frame headers allowed in a single frame
+%% the maximum length of header lines
+%% the maximum size of a frame body
+%%
+%% If these limits are exceeded the server SHOULD send the client an ERROR frame
+%% and then close the connection.
+%%--------------------------------------------------------------------
+
+-define(MAX_HEADER_NUM,    10).
+-define(MAX_HEADER_LENGTH, 1024).
+-define(MAX_BODY_LENGTH,   65536).
+
+-endif.
diff --git a/apps/emqx_gateway/test/emqx_gateway_registry_SUITE.erl b/apps/emqx_gateway/test/emqx_gateway_registry_SUITE.erl
new file mode 100644
index 000000000..cfc9399bb
--- /dev/null
+++ b/apps/emqx_gateway/test/emqx_gateway_registry_SUITE.erl
@@ -0,0 +1,87 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_gateway_registry_SUITE).
+
+-include_lib("eunit/include/eunit.hrl").
+
+-compile(export_all).
+-compile(nowarn_export_all).
+
+all() -> emqx_ct:all(?MODULE).
+
+%%--------------------------------------------------------------------
+%% Setups
+%%--------------------------------------------------------------------
+
+init_per_suite(Cfg) ->
+    emqx_ct_helpers:start_apps([emqx_gateway], fun set_special_configs/1),
+    Cfg.
+
+end_per_suite(_Cfg) ->
+    emqx_ct_helpers:stop_apps([emqx_gateway]),
+    ok.
+
+set_special_configs(emqx_gateway) ->
+    emqx_config:put(
+      [emqx_gateway],
+      #{stomp =>
+        #{'1' =>
+          #{authenticator => allow_anonymous,
+            clientinfo_override =>
+                #{password => "${Packet.headers.passcode}",
+                  username => "${Packet.headers.login}"},
+            frame =>
+                #{max_body_length => 8192,
+                  max_headers => 10,
+                  max_headers_length => 1024},
+            listener =>
+                #{tcp =>
+                  #{'1' =>
+                    #{acceptors => 16,active_n => 100,backlog => 1024,
+                      bind => 61613,high_watermark => 1048576,
+                      max_conn_rate => 1000,max_connections => 1024000,
+                      send_timeout => 15000,send_timeout_close => true}}}}}}),
+    ok;
+set_special_configs(_) ->
+    ok.
+
+%%--------------------------------------------------------------------
+%% Test cases
+%%--------------------------------------------------------------------
+
+t_load_unload(_) ->
+    OldCnt = length(emqx_gateway_registry:list()),
+    RgOpts = [{cbkmod, ?MODULE}],
+    GwOpts = [paramsin],
+    ok = emqx_gateway_registry:load(test, RgOpts, GwOpts),
+    ?assertEqual(OldCnt+1, length(emqx_gateway_registry:list())),
+
+    #{cbkmod := ?MODULE,
+      rgopts := RgOpts,
+      gwopts := GwOpts,
+      state  := #{gwstate := 1}} = emqx_gateway_registry:lookup(test),
+
+    {error, already_existed} = emqx_gateway_registry:load(test, [{cbkmod, ?MODULE}], GwOpts),
+
+    ok = emqx_gateway_registry:unload(test),
+    undefined = emqx_gateway_registry:lookup(test),
+    OldCnt = length(emqx_gateway_registry:list()),
+    ok.
+
+init([paramsin]) ->
+    {ok, _GwState = #{gwstate => 1}}.
+
diff --git a/apps/emqx_stomp/test/emqx_stomp_SUITE.erl b/apps/emqx_gateway/test/emqx_stomp_SUITE.erl
similarity index 82%
rename from apps/emqx_stomp/test/emqx_stomp_SUITE.erl
rename to apps/emqx_gateway/test/emqx_stomp_SUITE.erl
index 9a5d9698e..cc2b0db54 100644
--- a/apps/emqx_stomp/test/emqx_stomp_SUITE.erl
+++ b/apps/emqx_gateway/test/emqx_stomp_SUITE.erl
@@ -16,7 +16,7 @@
 
 -module(emqx_stomp_SUITE).
 
--include_lib("emqx_stomp/include/emqx_stomp.hrl").
+-include_lib("emqx_gateway/src/stomp/include/emqx_stomp.hrl").
 
 -compile(export_all).
 -compile(nowarn_export_all).
@@ -29,12 +29,37 @@ all() -> emqx_ct:all(?MODULE).
 %% Setups
 %%--------------------------------------------------------------------
 
-init_per_suite(Config) ->
-    emqx_ct_helpers:start_apps([emqx_stomp]),
-    Config.
+init_per_suite(Cfg) ->
+    emqx_ct_helpers:start_apps([emqx_gateway], fun set_special_configs/1),
+    Cfg.
 
-end_per_suite(_Config) ->
-    emqx_ct_helpers:stop_apps([emqx_stomp]).
+end_per_suite(_Cfg) ->
+    emqx_ct_helpers:stop_apps([emqx_gateway]),
+    ok.
+
+set_special_configs(emqx_gateway) ->
+    emqx_config:put(
+      [emqx_gateway],
+      #{stomp =>
+        #{'1' =>
+          #{authenticator => allow_anonymous,
+            clientinfo_override =>
+                #{password => "${Packet.headers.passcode}",
+                  username => "${Packet.headers.login}"},
+            frame =>
+                #{max_body_length => 8192,
+                  max_headers => 10,
+                  max_headers_length => 1024},
+            listener =>
+                #{tcp =>
+                  #{'1' =>
+                    #{acceptors => 16,active_n => 100,backlog => 1024,
+                      bind => 61613,high_watermark => 1048576,
+                      max_conn_rate => 1000,max_connections => 1024000,
+                      send_timeout => 15000,send_timeout_close => true}}}}}}),
+    ok;
+set_special_configs(_) ->
+    ok.
 
 %%--------------------------------------------------------------------
 %% Test Cases
@@ -52,7 +77,7 @@ t_connect(_) ->
                         {ok, Data} = gen_tcp:recv(Sock, 0),
                         {ok, Frame = #stomp_frame{command = <<"CONNECTED">>,
                                                   headers = _,
-                                                  body    = _}, _} = parse(Data),
+                                                  body    = _}, _, _} = parse(Data),
                         <<"2000,1000">> = proplists:get_value(<<"heart-beat">>, Frame#stomp_frame.headers),
 
                         gen_tcp:send(Sock, serialize(<<"DISCONNECT">>,
@@ -61,22 +86,23 @@ t_connect(_) ->
                         {ok, Data1} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"RECEIPT">>,
                                           headers = [{<<"receipt-id">>, <<"12345">>}],
-                                          body    = _}, _} = parse(Data1)
+                                          body    = _}, _, _} = parse(Data1)
                     end),
 
     %% Connect will be failed, because of bad login or passcode
-    with_connection(fun(Sock) ->
-                        gen_tcp:send(Sock, serialize(<<"CONNECT">>,
-                                                     [{<<"accept-version">>, ?STOMP_VER},
-                                                      {<<"host">>, <<"127.0.0.1:61613">>},
-                                                      {<<"login">>, <<"admin">>},
-                                                      {<<"passcode">>, <<"admin">>},
-                                                      {<<"heart-beat">>, <<"1000,2000">>}])),
-                        {ok, Data} = gen_tcp:recv(Sock, 0),
-                        {ok, #stomp_frame{command = <<"ERROR">>,
-                                          headers = _,
-                                          body    = <<"Login or passcode error!">>}, _} = parse(Data)
-                    end),
+    %% FIXME: Waiting for authentication works
+    %with_connection(fun(Sock) ->
+    %                    gen_tcp:send(Sock, serialize(<<"CONNECT">>,
+    %                                                 [{<<"accept-version">>, ?STOMP_VER},
+    %                                                  {<<"host">>, <<"127.0.0.1:61613">>},
+    %                                                  {<<"login">>, <<"admin">>},
+    %                                                  {<<"passcode">>, <<"admin">>},
+    %                                                  {<<"heart-beat">>, <<"1000,2000">>}])),
+    %                    {ok, Data} = gen_tcp:recv(Sock, 0),
+    %                    {ok, #stomp_frame{command = <<"ERROR">>,
+    %                                      headers = _,
+    %                                      body    = <<"Login or passcode error!">>}, _, _} = parse(Data)
+    %                end),
 
     %% Connect will be failed, because of bad version
     with_connection(fun(Sock) ->
@@ -89,7 +115,7 @@ t_connect(_) ->
                         {ok, Data} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"ERROR">>,
                                           headers = _,
-                                          body    = <<"Supported protocol versions < 1.2">>}, _} = parse(Data)
+                                          body    = <<"Login Failed: Supported protocol versions < 1.2">>}, _, _} = parse(Data)
                     end).
 
 t_heartbeat(_) ->
@@ -104,7 +130,7 @@ t_heartbeat(_) ->
                         {ok, Data} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"CONNECTED">>,
                                           headers = _,
-                                          body    = _}, _} = parse(Data),
+                                          body    = _}, _, _} = parse(Data),
 
                         {ok, ?HEARTBEAT} = gen_tcp:recv(Sock, 0),
                         %% Server will close the connection because never receive the heart beat from client
@@ -122,7 +148,7 @@ t_subscribe(_) ->
                         {ok, Data} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"CONNECTED">>,
                                           headers = _,
-                                          body    = _}, _} = parse(Data),
+                                          body    = _}, _, _} = parse(Data),
 
                         %% Subscribe
                         gen_tcp:send(Sock, serialize(<<"SUBSCRIBE">>,
@@ -139,7 +165,7 @@ t_subscribe(_) ->
                         {ok, Data1} = gen_tcp:recv(Sock, 0, 1000),
                         {ok, Frame = #stomp_frame{command = <<"MESSAGE">>,
                                                   headers = _,
-                                                  body    = <<"hello">>}, _} = parse(Data1),
+                                                  body    = <<"hello">>}, _, _} = parse(Data1),
                         lists:foreach(fun({Key, Val}) ->
                                           Val = proplists:get_value(Key, Frame#stomp_frame.headers)
                                       end, [{<<"destination">>,  <<"/queue/foo">>},
@@ -155,7 +181,7 @@ t_subscribe(_) ->
 
                         {ok, #stomp_frame{command = <<"RECEIPT">>,
                                           headers = [{<<"receipt-id">>, <<"12345">>}],
-                                          body    = _}, _} = parse(Data2),
+                                          body    = _}, _, _} = parse(Data2),
 
                         gen_tcp:send(Sock, serialize(<<"SEND">>,
                                                     [{<<"destination">>, <<"/queue/foo">>}],
@@ -175,7 +201,7 @@ t_transaction(_) ->
                         {ok, Data} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"CONNECTED">>,
                                                   headers = _,
-                                                  body    = _}, _} = parse(Data),
+                                                  body    = _}, _, _} = parse(Data),
 
                         %% Subscribe
                         gen_tcp:send(Sock, serialize(<<"SUBSCRIBE">>,
@@ -208,12 +234,12 @@ t_transaction(_) ->
 
                         {ok, #stomp_frame{command = <<"MESSAGE">>,
                                           headers = _,
-                                          body    = <<"hello">>}, Rest1} = parse(Data1),
+                                          body    = <<"hello">>}, Rest1, _} = parse(Data1),
 
                         %{ok, Data2} = gen_tcp:recv(Sock, 0, 500),
                         {ok, #stomp_frame{command = <<"MESSAGE">>,
                                           headers = _,
-                                          body    = <<"hello again">>}, _Rest2} = parse(Rest1),
+                                          body    = <<"hello again">>}, _Rest2, _} = parse(Rest1),
 
                         %% Transaction: tx2
                         gen_tcp:send(Sock, serialize(<<"BEGIN">>,
@@ -236,7 +262,7 @@ t_transaction(_) ->
                         {ok, Data3} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"RECEIPT">>,
                                           headers = [{<<"receipt-id">>, <<"12345">>}],
-                                          body    = _}, _} = parse(Data3)
+                                          body    = _}, _, _} = parse(Data3)
                     end).
 
 t_receipt_in_error(_) ->
@@ -250,7 +276,7 @@ t_receipt_in_error(_) ->
                         {ok, Data} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"CONNECTED">>,
                                           headers = _,
-                                          body    = _}, _} = parse(Data),
+                                          body    = _}, _, _} = parse(Data),
 
                         gen_tcp:send(Sock, serialize(<<"ABORT">>,
                                                     [{<<"transaction">>, <<"tx1">>},
@@ -259,7 +285,7 @@ t_receipt_in_error(_) ->
                         {ok, Data1} = gen_tcp:recv(Sock, 0),
                         {ok, Frame = #stomp_frame{command = <<"ERROR">>,
                                           headers = _,
-                                          body    = <<"Transaction tx1 not found">>}, _} = parse(Data1),
+                                          body    = <<"Transaction tx1 not found">>}, _, _} = parse(Data1),
 
                          <<"12345">> = proplists:get_value(<<"receipt-id">>, Frame#stomp_frame.headers)
                     end).
@@ -275,7 +301,7 @@ t_ack(_) ->
                         {ok, Data} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"CONNECTED">>,
                                           headers = _,
-                                          body    = _}, _} = parse(Data),
+                                          body    = _}, _, _} = parse(Data),
 
                         %% Subscribe
                         gen_tcp:send(Sock, serialize(<<"SUBSCRIBE">>,
@@ -290,7 +316,7 @@ t_ack(_) ->
                         {ok, Data1} = gen_tcp:recv(Sock, 0),
                         {ok, Frame = #stomp_frame{command = <<"MESSAGE">>,
                                                   headers = _,
-                                                  body    = <<"ack test">>}, _} = parse(Data1),
+                                                  body    = <<"ack test">>}, _, _} = parse(Data1),
 
                         AckId = proplists:get_value(<<"ack">>, Frame#stomp_frame.headers),
 
@@ -301,7 +327,7 @@ t_ack(_) ->
                         {ok, Data2} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"RECEIPT">>,
                                                   headers = [{<<"receipt-id">>, <<"12345">>}],
-                                                  body    = _}, _} = parse(Data2),
+                                                  body    = _}, _, _} = parse(Data2),
 
                         gen_tcp:send(Sock, serialize(<<"SEND">>,
                                                     [{<<"destination">>, <<"/queue/foo">>}],
@@ -310,7 +336,7 @@ t_ack(_) ->
                         {ok, Data3} = gen_tcp:recv(Sock, 0),
                         {ok, Frame1 = #stomp_frame{command = <<"MESSAGE">>,
                                                   headers = _,
-                                                  body    = <<"nack test">>}, _} = parse(Data3),
+                                                  body    = <<"nack test">>}, _, _} = parse(Data3),
 
                         AckId1 = proplists:get_value(<<"ack">>, Frame1#stomp_frame.headers),
 
@@ -321,9 +347,16 @@ t_ack(_) ->
                         {ok, Data4} = gen_tcp:recv(Sock, 0),
                         {ok, #stomp_frame{command = <<"RECEIPT">>,
                                                   headers = [{<<"receipt-id">>, <<"12345">>}],
-                                                  body    = _}, _} = parse(Data4)
+                                                  body    = _}, _, _} = parse(Data4)
                     end).
 
+%% TODO: Mountpoint, AuthChain, ACL + Mountpoint, ClientInfoOverride,
+%%       Listeners, Metrics, Stats, ClientInfo
+%%
+%% TODO: Start/Stop, List Instace
+%%
+%% TODO: RateLimit, OOM, 
+
 with_connection(DoFun) ->
     {ok, Sock} = gen_tcp:connect({127, 0, 0, 1},
                                  61613,
@@ -336,14 +369,15 @@ with_connection(DoFun) ->
     end.
 
 serialize(Command, Headers) ->
-    emqx_stomp_frame:serialize(emqx_stomp_frame:make(Command, Headers)).
+    emqx_stomp_frame:serialize_pkt(emqx_stomp_frame:make(Command, Headers), #{}).
 
 serialize(Command, Headers, Body) ->
-    emqx_stomp_frame:serialize(emqx_stomp_frame:make(Command, Headers, Body)).
+    emqx_stomp_frame:serialize_pkt(emqx_stomp_frame:make(Command, Headers, Body), #{}).
 
 parse(Data) ->
-    ProtoEnv = [{max_headers, 10},
-                {max_header_length, 1024},
-                {max_body_length, 8192}],
-    Parser = emqx_stomp_frame:init_parer_state(ProtoEnv),
+    ProtoEnv = #{max_headers => 10,
+                 max_header_length => 1024,
+                 max_body_length => 8192
+                },
+    Parser = emqx_stomp_frame:initial_parse_state(ProtoEnv),
     emqx_stomp_frame:parse(Data, Parser).
diff --git a/apps/emqx_stomp/test/emqx_stomp_heartbeat_SUITE.erl b/apps/emqx_gateway/test/emqx_stomp_heartbeat_SUITE.erl
similarity index 100%
rename from apps/emqx_stomp/test/emqx_stomp_heartbeat_SUITE.erl
rename to apps/emqx_gateway/test/emqx_stomp_heartbeat_SUITE.erl
diff --git a/apps/emqx_stomp/.gitignore b/apps/emqx_stomp/.gitignore
deleted file mode 100644
index 95654d437..000000000
--- a/apps/emqx_stomp/.gitignore
+++ /dev/null
@@ -1,25 +0,0 @@
-.eunit
-deps
-*.o
-*.beam
-*.plt
-erl_crash.dump
-ebin
-rel/example_project
-.concrete/DEV_MODE
-.rebar
-.erlang.mk/
-emq_stomp.d
-ct.coverdata
-logs/
-test/ct.cover.spec
-data/
-.DS_Store
-emqx_stomp.d
-_build/
-rebar.lock
-erlang.mk
-rebar3.crashdump
-etc/emqx_stomp.conf.rendered
-.rebar3/
-*.swp
diff --git a/apps/emqx_stomp/etc/emqx_stomp.conf b/apps/emqx_stomp/etc/emqx_stomp.conf
deleted file mode 100644
index 832b50655..000000000
--- a/apps/emqx_stomp/etc/emqx_stomp.conf
+++ /dev/null
@@ -1,124 +0,0 @@
-##--------------------------------------------------------------------
-## Stomp Plugin
-##--------------------------------------------------------------------
-
-##--------------------------------------------------------------------
-## Stomp listener
-
-## The Port that stomp listener will bind.
-##
-## Value: Port
-stomp.listener.port = 61613
-
-## The acceptor pool for stomp listener.
-##
-## Value: Number
-stomp.listener.acceptors = 4
-
-## Maximum number of concurrent stomp connections.
-##
-## Value: Number
-stomp.listener.max_connections = 512
-
-## Whether to enable SSL.
-##
-## Value: on | off
-## stomp.listener.ssl = off
-
-## Path to the file containing the user's private PEM-encoded key.
-##
-## Value: File
-## stomp.listener.keyfile = "etc/certs/key.pem"
-
-## Path to a file containing the user certificate.
-##
-## Value: File
-## stomp.listener.certfile = "etc/certs/cert.pem"
-
-## Path to the file containing PEM-encoded CA certificates.
-##
-## Value: File
-## stomp.listener.cacertfile = "etc/certs/cacert.pem"
-
-## See: 'listener.ssl.<name>.dhfile' in emq.conf
-##
-## Value: File
-## stomp.listener.dhfile = "etc/certs/dh-params.pem"
-
-## See: 'listener.ssl.<name>.verify' in emq.conf
-##
-## Value: verify_peer | verify_none
-## stomp.listener.verify = verify_peer
-
-## See: 'listener.ssl.<name>.fail_if_no_peer_cert' in emq.conf
-##
-## Value: false | true
-## stomp.listener.fail_if_no_peer_cert = true
-
-## TLS versions only to protect from POODLE attack.
-##
-## Value: String, seperated by ','
-## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-## stomp.listener.tls_versions = "tlsv1.3,tlsv1.2,tlsv1.1,tlsv1"
-
-## SSL Handshake timeout.
-##
-## Value: Duration
-## stomp.listener.handshake_timeout = 15s
-
-## See: 'listener.ssl.<name>.ciphers' in emq.conf
-##
-## Value: Ciphers
-## stomp.listener.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
-
-## See: 'listener.ssl.<name>.secure_renegotiate' in emq.conf
-##
-## Value: on | off
-## stomp.listener.secure_renegotiate = off
-
-## See: 'listener.ssl.<name>.reuse_sessions' in emq.conf
-##
-## Value: on | off
-## stomp.listener.reuse_sessions = on
-
-## See: 'listener.ssl.<name>.honor_cipher_order' in emq.conf
-##
-## Value: on | off
-## stomp.listener.honor_cipher_order = on
-
-##--------------------------------------------------------------------
-## Stomp login user and password
-
-## Default login user
-##
-## Value: String
-stomp.default_user.login = guest
-
-## Default login password
-##
-## Value: String
-stomp.default_user.passcode = guest
-
-## Allow anonymous authentication.
-##
-## Value: true | false
-stomp.allow_anonymous = true
-
-##--------------------------------------------------------------------
-## Stomp frame
-
-## Maximum numbers of frame headers.
-##
-## Value: Number
-stomp.frame.max_headers = 10
-
-## Maximum length of frame header.
-##
-## Value: Number
-stomp.frame.max_header_length = 1024
-
-## Maximum body length of frame.
-##
-## Value: Number
-stomp.frame.max_body_length = 8192
-
diff --git a/apps/emqx_stomp/include/emqx_stomp.hrl b/apps/emqx_stomp/include/emqx_stomp.hrl
deleted file mode 100644
index a9cf2cf48..000000000
--- a/apps/emqx_stomp/include/emqx_stomp.hrl
+++ /dev/null
@@ -1,48 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
-%% @doc Stomp Frame Header.
-
--define(STOMP_VER, <<"1.2">>).
-
--define(STOMP_SERVER, <<"emqx-stomp/1.2">>).
-
-%%--------------------------------------------------------------------
-%% STOMP Frame
-%%--------------------------------------------------------------------
-
--record(stomp_frame, {command, headers = [], body = <<>> :: iodata()}).
-
--type(stomp_frame() :: #stomp_frame{}).
-
-%%--------------------------------------------------------------------
-%% Frame Size Limits
-%%
-%% To prevent malicious clients from exploiting memory allocation in a server,
-%% servers MAY place maximum limits on:
-%%
-%% the number of frame headers allowed in a single frame
-%% the maximum length of header lines
-%% the maximum size of a frame body
-%%
-%% If these limits are exceeded the server SHOULD send the client an ERROR frame
-%% and then close the connection.
-%%--------------------------------------------------------------------
-
--define(MAX_HEADER_NUM,    10).
--define(MAX_HEADER_LENGTH, 1024).
--define(MAX_BODY_LENGTH,   65536).
-
diff --git a/apps/emqx_stomp/priv/emqx_stomp.schema b/apps/emqx_stomp/priv/emqx_stomp.schema
deleted file mode 100644
index 32a3c272b..000000000
--- a/apps/emqx_stomp/priv/emqx_stomp.schema
+++ /dev/null
@@ -1,149 +0,0 @@
-%%-*- mode: erlang -*-
-%% emqx_stomp config mapping
-
-{mapping, "stomp.listener.port", "emqx_stomp.listener", [
-  {default, 61613},
-  {datatype, [integer, ip]}
-]}.
-
-{mapping, "stomp.listener.acceptors", "emqx_stomp.listener", [
-  {default, 4},
-  {datatype, integer}
-]}.
-
-{mapping, "stomp.listener.max_connections", "emqx_stomp.listener", [
-  {default, 512},
-  {datatype, integer}
-]}.
-
-{mapping, "stomp.listener.ssl", "emqx_stomp.listener", [
-  {datatype, flag},
-  {default, off}
-]}.
-
-{mapping, "stomp.listener.tls_versions", "emqx_stomp.listener", [
-  {datatype, string}
-]}.
-
-{mapping, "stomp.listener.handshake_timeout", "emqx_stomp.listener", [
-  {default, "15s"},
-  {datatype, {duration, ms}}
-]}.
-
-{mapping, "stomp.listener.dhfile", "emqx_stomp.listener", [
-  {datatype, string}
-]}.
-
-{mapping, "stomp.listener.keyfile", "emqx_stomp.listener", [
-  {datatype, string}
-]}.
-
-{mapping, "stomp.listener.certfile", "emqx_stomp.listener", [
-  {datatype, string}
-]}.
-
-{mapping, "stomp.listener.cacertfile", "emqx_stomp.listener", [
-  {datatype, string}
-]}.
-
-{mapping, "stomp.listener.verify", "emqx_stomp.listener", [
-  {datatype, string}
-]}.
-
-{mapping, "stomp.listener.fail_if_no_peer_cert", "emqx_stomp.listener", [
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "stomp.listener.ciphers", "emqx_stomp.listener", [
-  {datatype, string}
-]}.
-
-{mapping, "stomp.listener.secure_renegotiate", "emqx_stomp.listener", [
-  {datatype, flag}
-]}.
-
-{mapping, "stomp.listener.reuse_sessions", "emqx_stomp.listener", [
-  {default, on},
-  {datatype, flag}
-]}.
-
-{mapping, "stomp.listener.honor_cipher_order", "emqx_stomp.listener", [
-  {datatype, flag}
-]}.
-
-{translation, "emqx_stomp.listener", fun(Conf) ->
-  Port = cuttlefish:conf_get("stomp.listener.port", Conf),
-  Acceptors = cuttlefish:conf_get("stomp.listener.acceptors", Conf),
-  MaxConnections = cuttlefish:conf_get("stomp.listener.max_connections", Conf),
-  Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
-  SplitFun = fun(undefined) -> undefined; (S) -> string:tokens(S, ",") end,
-  SslOpts = fun(Prefix) ->
-               Versions = case SplitFun(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf, undefined)) of
-                              undefined -> undefined;
-                              L -> [list_to_atom(V) || V <- L]
-                          end,
-                Filter([{versions, Versions},
-                        {ciphers, SplitFun(cuttlefish:conf_get(Prefix ++ ".ciphers", Conf, undefined))},
-                        {handshake_timeout, cuttlefish:conf_get(Prefix ++ ".handshake_timeout", Conf, undefined)},
-                        {dhfile, cuttlefish:conf_get(Prefix ++ ".dhfile", Conf, undefined)},
-                        {keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
-                        {certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
-                        {verify, cuttlefish:conf_get(Prefix ++ ".verify", Conf, undefined)},
-                        {fail_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".fail_if_no_peer_cert", Conf, undefined)},
-                        {secure_renegotiate, cuttlefish:conf_get(Prefix ++ ".secure_renegotiate", Conf, undefined)},
-                        {reuse_sessions, cuttlefish:conf_get(Prefix ++ ".reuse_sessions", Conf, undefined)},
-                        {honor_cipher_order, cuttlefish:conf_get(Prefix ++ ".honor_cipher_order", Conf, undefined)}])
-            end,
-  Opts = [{acceptors, Acceptors}, {max_connections, MaxConnections}],
-  {Port, case cuttlefish:conf_get("stomp.listener.ssl", Conf) of
-             true  ->
-                 [{sslopts, SslOpts("stomp.listener")} | Opts];
-             false ->
-                 Opts
-         end}
-end}.
-
-{mapping, "stomp.default_user.login", "emqx_stomp.default_user", [
-  {default, "guest"},
-  {datatype, string}
-]}.
-
-{mapping, "stomp.default_user.passcode", "emqx_stomp.default_user", [
-  {default, "guest"},
-  {datatype, string}
-]}.
-
-{translation, "emqx_stomp.default_user", fun(Conf) ->
-  Login = cuttlefish:conf_get("stomp.default_user.login", Conf),
-  Passcode = cuttlefish:conf_get("stomp.default_user.passcode", Conf),
-  [{login, Login}, {passcode, Passcode}]
-end}.
-
-{mapping, "stomp.allow_anonymous", "emqx_stomp.allow_anonymous", [
-  {default, true},
-  {datatype, {enum, [true, false]}}
-]}.
-
-{mapping, "stomp.frame.max_headers", "emqx_stomp.frame", [
-  {default, 10},
-  {datatype, integer}
-]}.
-
-{mapping, "stomp.frame.max_header_length", "emqx_stomp.frame", [
-  {default, 1024},
-  {datatype, integer}
-]}.
-
-{mapping, "stomp.frame.max_body_length", "emqx_stomp.frame", [
-  {default, 8192},
-  {datatype, integer}
-]}.
-
-{translation, "emqx_stomp.frame", fun(Conf) ->
-  MaxHeaders = cuttlefish:conf_get("stomp.frame.max_headers", Conf),
-  MaxHeaderLength = cuttlefish:conf_get("stomp.frame.max_header_length", Conf),
-  MaxBodyLength = cuttlefish:conf_get("stomp.frame.max_body_length", Conf),
-  [{max_headers, MaxHeaders}, {max_header_length, MaxHeaderLength}, {max_body_length, MaxBodyLength}]
-end}.
-
diff --git a/apps/emqx_stomp/rebar.config b/apps/emqx_stomp/rebar.config
deleted file mode 100644
index 7ac3b98c8..000000000
--- a/apps/emqx_stomp/rebar.config
+++ /dev/null
@@ -1,16 +0,0 @@
-{deps, []}.
-
-{edoc_opts, [{preprocess, true}]}.
-{erl_opts, [warn_unused_vars,
-            warn_shadow_vars,
-            warn_unused_import,
-            warn_obsolete_guard,
-            debug_info,
-            {parse_transform}]}.
-
-{xref_checks, [undefined_function_calls, undefined_functions,
-               locals_not_used, deprecated_function_calls,
-               warnings_as_errors, deprecated_functions]}.
-{cover_enabled, true}.
-{cover_opts, [verbose]}.
-{cover_export_enabled, true}.
diff --git a/apps/emqx_stomp/src/emqx_stomp.app.src b/apps/emqx_stomp/src/emqx_stomp.app.src
deleted file mode 100644
index 2e66734ec..000000000
--- a/apps/emqx_stomp/src/emqx_stomp.app.src
+++ /dev/null
@@ -1,14 +0,0 @@
-{application, emqx_stomp,
- [{description, "EMQ X Stomp Protocol Plugin"},
-  {vsn, "4.4.0"}, % strict semver, bump manually!
-  {modules, []},
-  {registered, [emqx_stomp_sup]},
-  {applications, [kernel,stdlib]},
-  {mod, {emqx_stomp,[]}},
-  {env, []},
-  {licenses, ["Apache-2.0"]},
-  {maintainers, ["EMQ X Team <contact@emqx.io>"]},
-  {links, [{"Homepage", "https://emqx.io/"},
-           {"Github", "https://github.com/emqx/emqx-stomp"}
-          ]}
- ]}.
diff --git a/apps/emqx_stomp/src/emqx_stomp.erl b/apps/emqx_stomp/src/emqx_stomp.erl
deleted file mode 100644
index 9eafe3cf7..000000000
--- a/apps/emqx_stomp/src/emqx_stomp.erl
+++ /dev/null
@@ -1,142 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_stomp).
-
--behaviour(application).
--behaviour(supervisor).
-
--emqx_plugin(protocol).
-
--export([ start/2
-        , stop/1
-        ]).
-
--export([ start_listeners/0
-        , start_listener/1
-        , start_listener/3
-        , stop_listeners/0
-        , stop_listener/1
-        , stop_listener/3
-        ]).
-
--export([init/1]).
-
--define(APP, ?MODULE).
--define(TCP_OPTS, [binary, {packet, raw}, {reuseaddr, true}, {nodelay, true}]).
-
--type(listener() :: {esockd:proto(), esockd:listen_on(), [esockd:option()]}).
-
-%%--------------------------------------------------------------------
-%% Application callbacks
-%%--------------------------------------------------------------------
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = supervisor:start_link({local, emqx_stomp_sup}, ?MODULE, []),
-    start_listeners(),
-    {ok, Sup}.
-
-stop(_State) ->
-    stop_listeners().
-
-%%--------------------------------------------------------------------
-%% Supervisor callbacks
-%%--------------------------------------------------------------------
-
-init([]) ->
-    {ok, {{one_for_all, 10, 100}, []}}.
-
-%%--------------------------------------------------------------------
-%% Start/Stop listeners
-%%--------------------------------------------------------------------
-
--spec(start_listeners() -> ok).
-start_listeners() ->
-    lists:foreach(fun start_listener/1, listeners_confs()).
-
--spec(start_listener(listener()) -> ok).
-start_listener({Proto, ListenOn, Options}) ->
-    case start_listener(Proto, ListenOn, Options) of
-        {ok, _} -> io:format("Start stomp:~s listener on ~s successfully.~n",
-                             [Proto, format(ListenOn)]);
-        {error, Reason} ->
-            io:format(standard_error, "Failed to start stomp:~s listener on ~s: ~0p~n",
-                      [Proto, format(ListenOn), Reason]),
-            error(Reason)
-    end.
-
--spec(start_listener(esockd:proto(), esockd:listen_on(), [esockd:option()])
-      -> {ok, pid()} | {error, term()}).
-start_listener(tcp, ListenOn, Options) ->
-    start_stomp_listener('stomp:tcp', ListenOn, Options);
-start_listener(ssl, ListenOn, Options) ->
-    start_stomp_listener('stomp:ssl', ListenOn, Options).
-
-%% @private
-start_stomp_listener(Name, ListenOn, Options) ->
-    SockOpts = esockd:parse_opt(Options),
-    esockd:open(Name, ListenOn, merge_default(SockOpts),
-                 {emqx_stomp_connection, start_link, [Options -- SockOpts]}).
-
--spec(stop_listeners() -> ok).
-stop_listeners() ->
-    lists:foreach(fun stop_listener/1, listeners_confs()).
-
--spec(stop_listener(listener()) -> ok | {error, term()}).
-stop_listener({Proto, ListenOn, Opts}) ->
-    StopRet = stop_listener(Proto, ListenOn, Opts),
-    case StopRet of
-        ok -> io:format("Stop stomp:~s listener on ~s successfully.~n",
-                        [Proto, format(ListenOn)]);
-        {error, Reason} ->
-            io:format(standard_error, "Failed to stop stomp:~s listener on ~s: ~0p~n",
-                      [Proto, format(ListenOn), Reason])
-    end,
-    StopRet.
-
--spec(stop_listener(esockd:proto(), esockd:listen_on(), [esockd:option()])
-      -> ok | {error, term()}).
-stop_listener(tcp, ListenOn, _Opts) ->
-    esockd:close('stomp:tcp', ListenOn);
-stop_listener(ssl, ListenOn, _Opts) ->
-    esockd:close('stomp:ssl', ListenOn).
-
-%%--------------------------------------------------------------------
-%% Internal funcs
-%%--------------------------------------------------------------------
-
-listeners_confs() ->
-    {ok, {Port, Opts}} = application:get_env(?APP, listener),
-    Options = application:get_env(?APP, frame, []),
-    Anonymous = application:get_env(emqx_stomp, allow_anonymous, false),
-    {ok, DefaultUser} = application:get_env(emqx_stomp, default_user),
-    [{tcp, Port, [{allow_anonymous, Anonymous},
-                  {default_user, DefaultUser} | Options ++ Opts]}].
-
-merge_default(Options) ->
-    case lists:keytake(tcp_options, 1, Options) of
-        {value, {tcp_options, TcpOpts}, Options1} ->
-            [{tcp_options, emqx_misc:merge_opts(?TCP_OPTS, TcpOpts)} | Options1];
-        false ->
-            [{tcp_options, ?TCP_OPTS} | Options]
-    end.
-
-format(Port) when is_integer(Port) ->
-    io_lib:format("0.0.0.0:~w", [Port]);
-format({Addr, Port}) when is_list(Addr) ->
-    io_lib:format("~s:~w", [Addr, Port]);
-format({Addr, Port}) when is_tuple(Addr) ->
-    io_lib:format("~s:~w", [inet:ntoa(Addr), Port]).
diff --git a/apps/emqx_stomp/src/emqx_stomp_connection.erl b/apps/emqx_stomp/src/emqx_stomp_connection.erl
deleted file mode 100644
index d4e7f6475..000000000
--- a/apps/emqx_stomp/src/emqx_stomp_connection.erl
+++ /dev/null
@@ -1,274 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--module(emqx_stomp_connection).
-
--behaviour(gen_server).
-
--include("emqx_stomp.hrl").
--include_lib("emqx/include/logger.hrl").
-
--logger_header("[Stomp-Conn]").
-
--export([ start_link/3
-        , info/1
-        ]).
-
-%% gen_server Function Exports
--export([ init/1
-        , handle_call/3
-        , handle_cast/2
-        , handle_info/2
-        , code_change/3
-        , terminate/2
-        ]).
-
-%% for protocol
--export([send/4, heartbeat/2]).
-
--record(state, {transport, socket, peername, conn_name, conn_state,
-                await_recv, rate_limit, parser, pstate,
-                proto_env, heartbeat}).
-
--define(INFO_KEYS, [peername, await_recv, conn_state]).
--define(SOCK_STATS, [recv_oct, recv_cnt, send_oct, send_cnt]).
-
-start_link(Transport, Sock, ProtoEnv) ->
-    {ok, proc_lib:spawn_link(?MODULE, init, [[Transport, Sock, ProtoEnv]])}.
-
-info(CPid) ->
-    gen_server:call(CPid, info, infinity).
-
-init([Transport, Sock, ProtoEnv]) ->
-    process_flag(trap_exit, true),
-    case Transport:wait(Sock) of
-        {ok, NewSock} ->
-            {ok, Peername} = Transport:ensure_ok_or_exit(peername, [NewSock]),
-            ConnName = esockd:format(Peername),
-            SendFun = {fun ?MODULE:send/4, [Transport, Sock, self()]},
-            HrtBtFun = {fun ?MODULE:heartbeat/2, [Transport, Sock]},
-            Parser = emqx_stomp_frame:init_parer_state(ProtoEnv),
-            PState = emqx_stomp_protocol:init(#{peername => Peername,
-                                                sendfun => SendFun,
-                                                heartfun => HrtBtFun}, ProtoEnv),
-            RateLimit = init_rate_limit(proplists:get_value(rate_limit, ProtoEnv)),
-            State = run_socket(#state{transport   = Transport,
-                                      socket      = NewSock,
-                                      peername    = Peername,
-                                      conn_name   = ConnName,
-                                      conn_state  = running,
-                                      await_recv  = false,
-                                      rate_limit  = RateLimit,
-                                      parser      = Parser,
-                                      proto_env   = ProtoEnv,
-                                      pstate      = PState}),
-            emqx_logger:set_metadata_peername(esockd:format(Peername)),
-            gen_server:enter_loop(?MODULE, [{hibernate_after, 5000}], State, 20000);
-        {error, Reason} ->
-            {stop, Reason}
-    end.
-
-init_rate_limit(undefined) ->
-    undefined;
-init_rate_limit({Rate, Burst}) ->
-    esockd_rate_limit:new(Rate, Burst).
-
-send(Data, Transport, Sock, ConnPid) ->
-    try Transport:async_send(Sock, Data) of
-        ok -> ok;
-        {error, Reason} -> ConnPid ! {shutdown, Reason}
-    catch
-        error:Error -> ConnPid ! {shutdown, Error}
-    end.
-
-heartbeat(Transport, Sock) ->
-    Transport:send(Sock, <<$\n>>).
-
-handle_call(info, _From, State = #state{transport   = Transport,
-                                        socket      = Sock,
-                                        peername    = Peername,
-                                        await_recv  = AwaitRecv,
-                                        conn_state  = ConnState,
-                                        pstate      = PState}) ->
-    ClientInfo = [{peername,  Peername}, {await_recv, AwaitRecv},
-                  {conn_state, ConnState}],
-    ProtoInfo  = emqx_stomp_protocol:info(PState),
-    case Transport:getstat(Sock, ?SOCK_STATS) of
-        {ok, SockStats} ->
-            {reply, lists:append([ClientInfo, ProtoInfo, SockStats]), State};
-        {error, Reason} ->
-            {stop, Reason, lists:append([ClientInfo, ProtoInfo]), State}
-    end;
-
-handle_call(Req, _From, State) ->
-    ?LOG(error, "unexpected request: ~p", [Req]),
-    {reply, ignored, State}.
-
-handle_cast(Msg, State) ->
-    ?LOG(error, "unexpected msg: ~p", [Msg]),
-    noreply(State).
-
-handle_info(timeout, State) ->
-    shutdown(idle_timeout, State);
-
-handle_info({shutdown, Reason}, State) ->
-    shutdown(Reason, State);
-
-handle_info({timeout, TRef, TMsg}, State) when TMsg =:= incoming;
-                                               TMsg =:= outgoing ->
-
-    Stat = case TMsg of
-               incoming -> recv_oct;
-               _ -> send_oct
-           end,
-    case getstat(Stat, State) of
-        {ok, Val} ->
-            with_proto(timeout, [TRef, {TMsg, Val}], State);
-        {error, Reason} ->
-            shutdown({sock_error, Reason}, State)
-    end;
-
-handle_info({timeout, TRef, TMsg}, State) ->
-    with_proto(timeout, [TRef, TMsg], State);
-
-handle_info({'EXIT', HbProc, Error}, State = #state{heartbeat = HbProc}) ->
-    stop(Error, State);
-
-handle_info(activate_sock, State) ->
-    noreply(run_socket(State#state{conn_state = running}));
-
-handle_info({inet_async, _Sock, _Ref, {ok, Bytes}}, State) ->
-    ?LOG(debug, "RECV ~p", [Bytes]),
-    received(Bytes, rate_limit(size(Bytes), State#state{await_recv = false}));
-
-handle_info({inet_async, _Sock, _Ref, {error, Reason}}, State) ->
-    shutdown(Reason, State);
-
-handle_info({inet_reply, _Ref, ok}, State) ->
-    noreply(State);
-
-handle_info({inet_reply, _Sock, {error, Reason}}, State) ->
-    shutdown(Reason, State);
-
-handle_info({deliver, _Topic, Msg}, State = #state{pstate = PState}) ->
-    noreply(State#state{pstate = case emqx_stomp_protocol:send(Msg, PState) of
-                                     {ok, PState1} ->
-                                         PState1;
-                                     {error, dropped, PState1} ->
-                                         PState1
-                                 end});
-
-handle_info(Info, State) ->
-    ?LOG(error, "Unexpected info: ~p", [Info]),
-    noreply(State).
-
-terminate(Reason, #state{transport = Transport,
-                         socket    = Sock,
-                         pstate    = PState}) ->
-    ?LOG(info, "terminated for ~p", [Reason]),
-    Transport:fast_close(Sock),
-    case {PState, Reason} of
-        {undefined, _} -> ok;
-        {_, {shutdown, Error}} ->
-            emqx_stomp_protocol:shutdown(Error, PState);
-        {_,  Reason} ->
-            emqx_stomp_protocol:shutdown(Reason, PState)
-    end.
-
-code_change(_OldVsn, State, _Extra) ->
-    {ok, State}.
-
-%%--------------------------------------------------------------------
-%% Receive and Parse data
-%%--------------------------------------------------------------------
-
-with_proto(Fun, Args, State = #state{pstate = PState}) ->
-    case erlang:apply(emqx_stomp_protocol, Fun, Args ++ [PState]) of
-        {ok, NPState} ->
-            noreply(State#state{pstate = NPState});
-        {F, Reason, NPState} when F == stop;
-                                  F == error;
-                                  F == shutdown ->
-            shutdown(Reason, State#state{pstate = NPState})
-    end.
-
-received(<<>>, State) ->
-    noreply(State);
-
-received(Bytes, State = #state{parser   = Parser,
-                               pstate = PState}) ->
-    try emqx_stomp_frame:parse(Bytes, Parser) of
-        {more, NewParser} ->
-            noreply(State#state{parser = NewParser});
-        {ok, Frame, Rest} ->
-            ?LOG(info, "RECV Frame: ~s", [emqx_stomp_frame:format(Frame)]),
-            case emqx_stomp_protocol:received(Frame, PState) of
-                {ok, PState1}           ->
-                    received(Rest, reset_parser(State#state{pstate = PState1}));
-                {error, Error, PState1} ->
-                    shutdown(Error, State#state{pstate = PState1});
-                {stop, Reason, PState1} ->
-                    stop(Reason, State#state{pstate = PState1})
-            end;
-        {error, Error} ->
-            ?LOG(error, "Framing error - ~s", [Error]),
-            ?LOG(error, "Bytes: ~p", [Bytes]),
-            shutdown(frame_error, State)
-    catch
-        _Error:Reason ->
-            ?LOG(error, "Parser failed for ~p", [Reason]),
-            ?LOG(error, "Error data: ~p", [Bytes]),
-            shutdown(parse_error, State)
-    end.
-
-reset_parser(State = #state{proto_env = ProtoEnv}) ->
-    State#state{parser = emqx_stomp_frame:init_parer_state(ProtoEnv)}.
-
-rate_limit(_Size, State = #state{rate_limit = undefined}) ->
-    run_socket(State);
-rate_limit(Size, State = #state{rate_limit = Rl}) ->
-    case esockd_rate_limit:check(Size, Rl) of
-        {0, Rl1} ->
-            run_socket(State#state{conn_state = running, rate_limit = Rl1});
-        {Pause, Rl1} ->
-            ?LOG(error, "Rate limiter pause for ~p", [Pause]),
-            erlang:send_after(Pause, self(), activate_sock),
-            State#state{conn_state = blocked, rate_limit = Rl1}
-    end.
-
-run_socket(State = #state{conn_state = blocked}) ->
-    State;
-run_socket(State = #state{await_recv = true}) ->
-    State;
-run_socket(State = #state{transport = Transport, socket = Sock}) ->
-    Transport:async_recv(Sock, 0, infinity),
-    State#state{await_recv = true}.
-
-getstat(Stat, #state{transport = Transport, socket = Sock}) ->
-    case Transport:getstat(Sock, [Stat]) of
-        {ok, [{Stat, Val}]} -> {ok, Val};
-        {error, Error}      -> {error, Error}
-    end.
-
-noreply(State) ->
-    {noreply, State}.
-
-stop(Reason, State) ->
-    {stop, Reason, State}.
-
-shutdown(Reason, State) ->
-    stop({shutdown, Reason}, State).
-
diff --git a/apps/emqx_stomp/src/emqx_stomp_protocol.erl b/apps/emqx_stomp/src/emqx_stomp_protocol.erl
deleted file mode 100644
index cc5c28ce9..000000000
--- a/apps/emqx_stomp/src/emqx_stomp_protocol.erl
+++ /dev/null
@@ -1,468 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
-%% @doc Stomp Protocol Processor.
--module(emqx_stomp_protocol).
-
--include("emqx_stomp.hrl").
-
--include_lib("emqx/include/emqx.hrl").
--include_lib("emqx/include/logger.hrl").
--include_lib("emqx/include/emqx_mqtt.hrl").
-
--logger_header("[Stomp-Proto]").
-
--import(proplists, [get_value/2, get_value/3]).
-
-%% API
--export([ init/2
-        , info/1
-        ]).
-
--export([ received/2
-        , send/2
-        , shutdown/2
-        , timeout/3
-        ]).
-
-%% for trans callback
--export([ handle_recv_send_frame/2
-        , handle_recv_ack_frame/2
-        , handle_recv_nack_frame/2
-        ]).
-
--record(pstate, {
-          peername,
-          heartfun,
-          sendfun,
-          connected = false,
-          proto_ver,
-          proto_name,
-          heart_beats,
-          login,
-          allow_anonymous,
-          default_user,
-          subscriptions = [],
-          timers :: #{atom() => disable | undefined | reference()},
-          transaction :: #{binary() => list()}
-         }).
-
--define(TIMER_TABLE, #{
-          incoming_timer => incoming,
-          outgoing_timer => outgoing,
-          clean_trans_timer => clean_trans
-        }).
-
--define(TRANS_TIMEOUT, 60000).
-
--type(pstate() :: #pstate{}).
-
-%% @doc Init protocol
-init(#{peername := Peername,
-       sendfun := SendFun,
-       heartfun := HeartFun}, Env) ->
-    AllowAnonymous = get_value(allow_anonymous, Env, false),
-    DefaultUser = get_value(default_user, Env),
-	#pstate{peername = Peername,
-                 heartfun = HeartFun,
-                 sendfun = SendFun,
-                 timers = #{},
-                 transaction = #{},
-                 allow_anonymous = AllowAnonymous,
-                 default_user = DefaultUser}.
-
-info(#pstate{connected     = Connected,
-                  proto_ver     = ProtoVer,
-                  proto_name    = ProtoName,
-                  heart_beats   = Heartbeats,
-                  login         = Login,
-                  subscriptions = Subscriptions}) ->
-    [{connected, Connected},
-     {proto_ver, ProtoVer},
-     {proto_name, ProtoName},
-     {heart_beats, Heartbeats},
-     {login, Login},
-     {subscriptions, Subscriptions}].
-
--spec(received(stomp_frame(), pstate())
-    -> {ok, pstate()}
-     | {error, any(), pstate()}
-     | {stop, any(), pstate()}).
-received(Frame = #stomp_frame{command = <<"STOMP">>}, State) ->
-    received(Frame#stomp_frame{command = <<"CONNECT">>}, State);
-
-received(#stomp_frame{command = <<"CONNECT">>, headers = Headers},
-         State = #pstate{connected = false, allow_anonymous = AllowAnonymous, default_user = DefaultUser}) ->
-    case negotiate_version(header(<<"accept-version">>, Headers)) of
-        {ok, Version} ->
-            Login = header(<<"login">>, Headers),
-            Passc = header(<<"passcode">>, Headers),
-            case check_login(Login, Passc, AllowAnonymous, DefaultUser) of
-                true ->
-                    emqx_logger:set_metadata_clientid(Login),
-
-                    Heartbeats = parse_heartbeats(header(<<"heart-beat">>, Headers, <<"0,0">>)),
-                    NState = start_heartbeart_timer(Heartbeats, State#pstate{connected = true,
-                                                                                  proto_ver = Version, login = Login}),
-                    send(connected_frame([{<<"version">>, Version},
-                                          {<<"heart-beat">>, reverse_heartbeats(Heartbeats)}]), NState);
-                false ->
-                    _ = send(error_frame(undefined, <<"Login or passcode error!">>), State),
-                    {error, login_or_passcode_error, State}
-             end;
-        {error, Msg} ->
-            _ = send(error_frame([{<<"version">>, <<"1.0,1.1,1.2">>},
-                                  {<<"content-type">>, <<"text/plain">>}], undefined, Msg), State),
-            {error, unsupported_version, State}
-    end;
-
-received(#stomp_frame{command = <<"CONNECT">>}, State = #pstate{connected = true}) ->
-    {error, unexpected_connect, State};
-
-received(Frame = #stomp_frame{command = <<"SEND">>, headers = Headers}, State) ->
-    case header(<<"transaction">>, Headers) of
-        undefined     -> {ok, handle_recv_send_frame(Frame, State)};
-        TransactionId -> add_action(TransactionId, {fun ?MODULE:handle_recv_send_frame/2, [Frame]}, receipt_id(Headers), State)
-    end;
-
-received(#stomp_frame{command = <<"SUBSCRIBE">>, headers = Headers},
-            State = #pstate{subscriptions = Subscriptions}) ->
-    Id    = header(<<"id">>, Headers),
-    Topic = header(<<"destination">>, Headers),
-    Ack   = header(<<"ack">>, Headers, <<"auto">>),
-    {ok, State1} = case lists:keyfind(Id, 1, Subscriptions) of
-                       {Id, Topic, Ack} ->
-                           {ok, State};
-                       false ->
-                           emqx_broker:subscribe(Topic),
-                           {ok, State#pstate{subscriptions = [{Id, Topic, Ack}|Subscriptions]}}
-                   end,
-    maybe_send_receipt(receipt_id(Headers), State1);
-
-received(#stomp_frame{command = <<"UNSUBSCRIBE">>, headers = Headers},
-            State = #pstate{subscriptions = Subscriptions}) ->
-    Id = header(<<"id">>, Headers),
-
-    {ok, State1} = case lists:keyfind(Id, 1, Subscriptions) of
-                       {Id, Topic, _Ack} ->
-                           ok = emqx_broker:unsubscribe(Topic),
-                           {ok, State#pstate{subscriptions = lists:keydelete(Id, 1, Subscriptions)}};
-                       false ->
-                           {ok, State}
-                   end,
-    maybe_send_receipt(receipt_id(Headers), State1);
-
-%% ACK
-%% id:12345
-%% transaction:tx1
-%%
-%% ^@
-received(Frame = #stomp_frame{command = <<"ACK">>, headers = Headers}, State) ->
-    case header(<<"transaction">>, Headers) of
-        undefined     -> {ok, handle_recv_ack_frame(Frame, State)};
-        TransactionId -> add_action(TransactionId, {fun ?MODULE:handle_recv_ack_frame/2, [Frame]}, receipt_id(Headers), State)
-    end;
-
-%% NACK
-%% id:12345
-%% transaction:tx1
-%%
-%% ^@
-received(Frame = #stomp_frame{command = <<"NACK">>, headers = Headers}, State) ->
-    case header(<<"transaction">>, Headers) of
-        undefined     -> {ok, handle_recv_nack_frame(Frame, State)};
-        TransactionId -> add_action(TransactionId, {fun ?MODULE:handle_recv_nack_frame/2, [Frame]}, receipt_id(Headers), State)
-    end;
-
-%% BEGIN
-%% transaction:tx1
-%%
-%% ^@
-received(#stomp_frame{command = <<"BEGIN">>, headers = Headers},
-         State = #pstate{transaction = Trans}) ->
-    Id = header(<<"transaction">>, Headers),
-    case maps:get(Id, Trans, undefined) of
-        undefined ->
-            Ts = erlang:system_time(millisecond),
-            NState = ensure_clean_trans_timer(State#pstate{transaction = Trans#{Id => {Ts, []}}}),
-            maybe_send_receipt(receipt_id(Headers), NState);
-        _ ->
-            send(error_frame(receipt_id(Headers), ["Transaction ", Id, " already started"]), State)
-    end;
-
-%% COMMIT
-%% transaction:tx1
-%%
-%% ^@
-received(#stomp_frame{command = <<"COMMIT">>, headers = Headers},
-         State = #pstate{transaction = Trans}) ->
-    Id = header(<<"transaction">>, Headers),
-    case maps:get(Id, Trans, undefined) of
-        {_, Actions} ->
-            NState = lists:foldr(fun({Func, Args}, S) ->
-                erlang:apply(Func, Args ++ [S])
-            end, State#pstate{transaction = maps:remove(Id, Trans)}, Actions),
-            maybe_send_receipt(receipt_id(Headers), NState);
-        _ ->
-            send(error_frame(receipt_id(Headers), ["Transaction ", Id, " not found"]), State)
-    end;
-
-%% ABORT
-%% transaction:tx1
-%%
-%% ^@
-received(#stomp_frame{command = <<"ABORT">>, headers = Headers},
-         State = #pstate{transaction = Trans}) ->
-    Id = header(<<"transaction">>, Headers),
-    case maps:get(Id, Trans, undefined) of
-        {_, _Actions} ->
-            NState = State#pstate{transaction = maps:remove(Id, Trans)},
-            maybe_send_receipt(receipt_id(Headers), NState);
-        _ ->
-            send(error_frame(receipt_id(Headers), ["Transaction ", Id, " not found"]), State)
-    end;
-
-received(#stomp_frame{command = <<"DISCONNECT">>, headers = Headers}, State) ->
-    _ = maybe_send_receipt(receipt_id(Headers), State),
-    {stop, normal, State}.
-
-send(Msg = #message{topic = Topic, headers = Headers, payload = Payload},
-     State = #pstate{subscriptions = Subscriptions}) ->
-    case lists:keyfind(Topic, 2, Subscriptions) of
-        {Id, Topic, Ack} ->
-            Headers0 = [{<<"subscription">>, Id},
-                        {<<"message-id">>, next_msgid()},
-                        {<<"destination">>, Topic},
-                        {<<"content-type">>, <<"text/plain">>}],
-            Headers1 = case Ack of
-                           _ when Ack =:= <<"client">> orelse Ack =:= <<"client-individual">> ->
-                               Headers0 ++ [{<<"ack">>, next_ackid()}];
-                           _ ->
-                               Headers0
-                       end,
-            Frame = #stomp_frame{command = <<"MESSAGE">>,
-                                 headers = Headers1 ++ maps:get(stomp_headers, Headers, []),
-                                 body = Payload},
-            send(Frame, State);
-        false ->
-            ?LOG(error, "Stomp dropped: ~p", [Msg]),
-            {error, dropped, State}
-    end;
-
-send(Frame, State = #pstate{sendfun = {Fun, Args}}) ->
-    ?LOG(info, "SEND Frame: ~s", [emqx_stomp_frame:format(Frame)]),
-    Data = emqx_stomp_frame:serialize(Frame),
-    ?LOG(debug, "SEND ~p", [Data]),
-    erlang:apply(Fun, [Data] ++ Args),
-    {ok, State}.
-
-shutdown(_Reason, _State) ->
-    ok.
-
-timeout(_TRef, {incoming, NewVal},
-        State = #pstate{heart_beats = HrtBt}) ->
-    case emqx_stomp_heartbeat:check(incoming, NewVal, HrtBt) of
-        {error, timeout} ->
-            {shutdown, heartbeat_timeout, State};
-        {ok, NHrtBt} ->
-            {ok, reset_timer(incoming_timer, State#pstate{heart_beats = NHrtBt})}
-    end;
-
-timeout(_TRef, {outgoing, NewVal},
-        State = #pstate{heart_beats = HrtBt,
-                             heartfun = {Fun, Args}}) ->
-    case emqx_stomp_heartbeat:check(outgoing, NewVal, HrtBt) of
-        {error, timeout} ->
-            _ = erlang:apply(Fun, Args),
-            {ok, State};
-        {ok, NHrtBt} ->
-            {ok, reset_timer(outgoing_timer, State#pstate{heart_beats = NHrtBt})}
-    end;
-
-timeout(_TRef, clean_trans, State = #pstate{transaction = Trans}) ->
-    Now = erlang:system_time(millisecond),
-    NTrans = maps:filter(fun(_, {Ts, _}) -> Ts + ?TRANS_TIMEOUT < Now end, Trans),
-    {ok, ensure_clean_trans_timer(State#pstate{transaction = NTrans})}.
-
-negotiate_version(undefined) ->
-    {ok, <<"1.0">>};
-negotiate_version(Accepts) ->
-     negotiate_version(?STOMP_VER,
-                        lists:reverse(
-                          lists:sort(
-                            binary:split(Accepts, <<",">>, [global])))).
-
-negotiate_version(Ver, []) ->
-    {error, <<"Supported protocol versions < ", Ver/binary>>};
-negotiate_version(Ver, [AcceptVer|_]) when Ver >= AcceptVer ->
-    {ok, AcceptVer};
-negotiate_version(Ver, [_|T]) ->
-    negotiate_version(Ver, T).
-
-check_login(undefined, _, AllowAnonymous, _) ->
-    AllowAnonymous;
-check_login(_, _, _, undefined) ->
-    false;
-check_login(Login, Passcode, _, DefaultUser) ->
-    case {list_to_binary(get_value(login, DefaultUser)),
-          list_to_binary(get_value(passcode, DefaultUser))} of
-        {Login, Passcode} -> true;
-        {_,     _       } -> false
-    end.
-
-add_action(Id, Action, ReceiptId, State = #pstate{transaction = Trans}) ->
-    case maps:get(Id, Trans, undefined) of
-        {Ts, Actions} ->
-            NTrans = Trans#{Id => {Ts, [Action|Actions]}},
-            {ok, State#pstate{transaction = NTrans}};
-        _ ->
-            send(error_frame(ReceiptId, ["Transaction ", Id, " not found"]), State)
-    end.
-
-maybe_send_receipt(undefined, State) ->
-    {ok, State};
-maybe_send_receipt(ReceiptId, State) ->
-    send(receipt_frame(ReceiptId), State).
-
-ack(_Id, State) ->
-    State.
-
-nack(_Id, State) -> State.
-
-header(Name, Headers) ->
-    get_value(Name, Headers).
-header(Name, Headers, Val) ->
-    get_value(Name, Headers, Val).
-
-connected_frame(Headers) ->
-    emqx_stomp_frame:make(<<"CONNECTED">>, Headers).
-
-receipt_frame(ReceiptId) ->
-    emqx_stomp_frame:make(<<"RECEIPT">>, [{<<"receipt-id">>, ReceiptId}]).
-
-error_frame(ReceiptId, Msg) ->
-    error_frame([{<<"content-type">>, <<"text/plain">>}], ReceiptId, Msg).
-
-error_frame(Headers, undefined, Msg) ->
-    emqx_stomp_frame:make(<<"ERROR">>, Headers, Msg);
-error_frame(Headers, ReceiptId, Msg) ->
-    emqx_stomp_frame:make(<<"ERROR">>, [{<<"receipt-id">>, ReceiptId} | Headers], Msg).
-
-next_msgid() ->
-    MsgId = case get(msgid) of
-                undefined -> 1;
-                I         -> I
-            end,
-    put(msgid, MsgId + 1),
-    MsgId.
-
-next_ackid() ->
-    AckId = case get(ackid) of
-                undefined -> 1;
-                I         -> I
-            end,
-    put(ackid, AckId + 1),
-    AckId.
-
-make_mqtt_message(Topic, Headers, Body) ->
-    Msg = emqx_message:make(stomp, Topic, Body),
-    Headers1 = lists:foldl(fun(Key, Headers0) ->
-                               proplists:delete(Key, Headers0)
-                           end, Headers, [<<"destination">>,
-                                          <<"content-length">>,
-                                          <<"content-type">>,
-                                          <<"transaction">>,
-                                          <<"receipt">>]),
-    emqx_message:set_headers(#{stomp_headers => Headers1}, Msg).
-
-receipt_id(Headers) ->
-    header(<<"receipt">>, Headers).
-
-%%--------------------------------------------------------------------
-%% Transaction Handle
-
-handle_recv_send_frame(#stomp_frame{command = <<"SEND">>, headers = Headers, body = Body}, State) ->
-    Topic = header(<<"destination">>, Headers),
-    _ = maybe_send_receipt(receipt_id(Headers), State),
-    _ = emqx_broker:publish(
-        make_mqtt_message(Topic, Headers, iolist_to_binary(Body))
-    ),
-    State.
-
-handle_recv_ack_frame(#stomp_frame{command = <<"ACK">>, headers = Headers}, State) ->
-    Id = header(<<"id">>, Headers),
-    _ = maybe_send_receipt(receipt_id(Headers), State),
-    ack(Id, State).
-
-handle_recv_nack_frame(#stomp_frame{command = <<"NACK">>, headers = Headers}, State) ->
-    Id = header(<<"id">>, Headers),
-     _ = maybe_send_receipt(receipt_id(Headers), State),
-     nack(Id, State).
-
-ensure_clean_trans_timer(State = #pstate{transaction = Trans}) ->
-    case maps:size(Trans) of
-        0 -> State;
-        _ -> ensure_timer(clean_trans_timer, State)
-    end.
-
-%%--------------------------------------------------------------------
-%% Heartbeat
-
-parse_heartbeats(Heartbeats) ->
-    CxCy = re:split(Heartbeats, <<",">>, [{return, list}]),
-    list_to_tuple([list_to_integer(S) || S <- CxCy]).
-
-reverse_heartbeats({Cx, Cy}) ->
-    iolist_to_binary(io_lib:format("~w,~w", [Cy, Cx])).
-
-start_heartbeart_timer(Heartbeats, State) ->
-    ensure_timer(
-      [incoming_timer, outgoing_timer],
-      State#pstate{heart_beats = emqx_stomp_heartbeat:init(Heartbeats)}).
-
-%%--------------------------------------------------------------------
-%% Timer
-
-ensure_timer([Name], State) ->
-    ensure_timer(Name, State);
-ensure_timer([Name | Rest], State) ->
-    ensure_timer(Rest, ensure_timer(Name, State));
-
-ensure_timer(Name, State = #pstate{timers = Timers}) ->
-    TRef = maps:get(Name, Timers, undefined),
-    Time = interval(Name, State),
-    case TRef == undefined andalso is_integer(Time) andalso Time > 0 of
-        true  -> ensure_timer(Name, Time, State);
-        false -> State %% Timer disabled or exists
-    end.
-
-ensure_timer(Name, Time, State = #pstate{timers = Timers}) ->
-    Msg = maps:get(Name, ?TIMER_TABLE),
-    TRef = emqx_misc:start_timer(Time, Msg),
-    State#pstate{timers = Timers#{Name => TRef}}.
-
-reset_timer(Name, State) ->
-    ensure_timer(Name, clean_timer(Name, State)).
-
-clean_timer(Name, State = #pstate{timers = Timers}) ->
-    State#pstate{timers = maps:remove(Name, Timers)}.
-
-interval(incoming_timer, #pstate{heart_beats = HrtBt}) ->
-    emqx_stomp_heartbeat:interval(incoming, HrtBt);
-interval(outgoing_timer, #pstate{heart_beats = HrtBt}) ->
-    emqx_stomp_heartbeat:interval(outgoing, HrtBt);
-interval(clean_trans_timer, _) ->
-    ?TRANS_TIMEOUT.
diff --git a/apps/emqx_stomp/test/client.py b/apps/emqx_stomp/test/client.py
deleted file mode 100644
index f9f9e6577..000000000
--- a/apps/emqx_stomp/test/client.py
+++ /dev/null
@@ -1,19 +0,0 @@
-from stompest.config import StompConfig
-from stompest.protocol import StompSpec
-from stompest.sync import Stomp
-
-CONFIG = StompConfig('tcp://localhost:61613', version=StompSpec.VERSION_1_1)
-QUEUE = '/queue/test'
-
-if __name__ == '__main__':
-  client = Stomp(CONFIG)
-  client.connect(heartBeats=(0, 10000))
-  client.subscribe(QUEUE, {StompSpec.ID_HEADER: 1, StompSpec.ACK_HEADER: StompSpec.ACK_CLIENT_INDIVIDUAL})
-  client.send(QUEUE, 'test message 1')
-  client.send(QUEUE, 'test message 2')
-  while True:
-    frame = client.receiveFrame()
-    print 'Got %s' % frame.info()
-    client.ack(frame)
-  client.disconnect()
-
diff --git a/rebar.config.erl b/rebar.config.erl
index 56599dd54..de42601af 100644
--- a/rebar.config.erl
+++ b/rebar.config.erl
@@ -253,6 +253,7 @@ relx_apps(ReleaseType) ->
     , emqx_connector
     , emqx_authn
     , emqx_authz
+    , emqx_gateway
     , emqx_data_bridge
     , emqx_rule_engine
     , emqx_rule_actions

From 8ee86f2fbe29b172a2bbb59d0986b82587433d3f Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Fri, 2 Jul 2021 20:23:14 +0800
Subject: [PATCH 161/174] fix(gw): start emqx-gateway after emqx restarted

---
 apps/emqx/src/emqx.erl                     | 1 +
 apps/emqx_gateway/src/emqx_gateway_app.erl | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/apps/emqx/src/emqx.erl b/apps/emqx/src/emqx.erl
index e5855b786..82688017a 100644
--- a/apps/emqx/src/emqx.erl
+++ b/apps/emqx/src/emqx.erl
@@ -257,6 +257,7 @@ emqx_feature() ->
     [ emqx_resource
     , emqx_authn
     , emqx_authz
+    , emqx_gateway
     , emqx_data_bridge
     , emqx_rule_engine
     , emqx_bridge_mqtt
diff --git a/apps/emqx_gateway/src/emqx_gateway_app.erl b/apps/emqx_gateway/src/emqx_gateway_app.erl
index 230776b73..c99228f17 100644
--- a/apps/emqx_gateway/src/emqx_gateway_app.erl
+++ b/apps/emqx_gateway/src/emqx_gateway_app.erl
@@ -20,8 +20,6 @@
 
 -include_lib("emqx/include/logger.hrl").
 
--emqx_plugin(?MODULE).
-
 -logger_header("[Gateway]").
 
 -export([start/2, stop/1]).

From 2f5ab6a9743f9d3e2d503bb4d4896b2167be3608 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 5 Jul 2021 09:49:17 +0800
Subject: [PATCH 162/174] chore(CI): fix macos build error

---
 .github/workflows/build_packages.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index 6d1a757af..de4315d36 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -183,7 +183,7 @@ jobs:
         ./emqx/bin/emqx start || cat emqx/log/erlang.log.1
         ready='no'
         for i in {1..10}; do
-          if curl -fs 127.0.0.1:18083 > /dev/null; then
+          if curl -fs 127.0.0.1:8081/status > /dev/null; then
             ready='yes'
             break
           fi

From ce1e6ce89d452cf0b07cc96d1a970cc5c616f117 Mon Sep 17 00:00:00 2001
From: DDDHuang <904897578@qq.com>
Date: Mon, 5 Jul 2021 14:12:05 +0800
Subject: [PATCH 163/174] fix: start jiffy by emqx

---
 apps/emqx/src/emqx.app.src | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/emqx/src/emqx.app.src b/apps/emqx/src/emqx.app.src
index a6984370e..d9efbe82a 100644
--- a/apps/emqx/src/emqx.app.src
+++ b/apps/emqx/src/emqx.app.src
@@ -4,7 +4,7 @@
   {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, []},
-  {applications, [kernel,stdlib,gproc,gen_rpc,esockd,cowboy,sasl,os_mon,quicer]},
+  {applications, [kernel,stdlib,gproc,gen_rpc,esockd,cowboy,sasl,os_mon,quicer,jiffy]},
   {mod, {emqx_app,[]}},
   {env, []},
   {licenses, ["Apache-2.0"]},

From e1a33c373c4e6b61c93d320b6e84ecf0156703ed Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Mon, 5 Jul 2021 14:44:14 +0800
Subject: [PATCH 164/174] chore(CI): disable apps version check in unstable
 tags

---
 scripts/apps-version-check.sh | 82 ++++++++++++++++++++---------------
 1 file changed, 47 insertions(+), 35 deletions(-)

diff --git a/scripts/apps-version-check.sh b/scripts/apps-version-check.sh
index 4fc31ccc6..7c2ea5eb2 100755
--- a/scripts/apps-version-check.sh
+++ b/scripts/apps-version-check.sh
@@ -17,40 +17,52 @@ get_vsn() {
     fi
 }
 
-while read -r app_path; do
-    app=$(basename "$app_path")
-    src_file="$app_path/src/$app.app.src"
-    old_app_version="$(get_vsn "$latest_release" "$src_file")"
-    ## TODO: delete it after new version is released with emqx app in apps dir
-    if [ "$app" = 'emqx' ] && [ "$old_app_version" = '' ]; then
-        old_app_version="$(get_vsn "$latest_release" 'src/emqx.app.src')"
-    fi
-    now_app_version="$(get_vsn 'HEAD' "$src_file")"
-    ## TODO: delete it after new version is released with emqx app in apps dir
-    if [ "$app" = 'emqx' ] && [ "$now_app_version" = '' ]; then
-        now_app_version="$(get_vsn 'HEAD' 'src/emqx.app.src')"
-    fi
-    if [ -z "$now_app_version" ]; then
-        echo "failed_to_get_new_app_vsn for $app"
-        exit 1
-    fi
-    if [ -z "${old_app_version:-}" ]; then
-        echo "skiped checking new app ${app}"
-    elif [ "$old_app_version" = "$now_app_version" ]; then
-        lines="$(git diff --name-only "$latest_release"...HEAD \
-                    -- "$app_path/src" \
-                    -- "$app_path/priv" \
-                    -- "$app_path/c_src")"
-        if [ "$lines" != '' ]; then
-            echo "$src_file needs a vsn bump (old=$old_app_version)"
-            echo "changed: $lines"
-            bad_app_count=$(( bad_app_count + 1))
+check_apps() {
+    while read -r app_path; do
+        app=$(basename "$app_path")
+        src_file="$app_path/src/$app.app.src"
+        old_app_version="$(get_vsn "$latest_release" "$src_file")"
+        ## TODO: delete it after new version is released with emqx app in apps dir
+        if [ "$app" = 'emqx' ] && [ "$old_app_version" = '' ]; then
+            old_app_version="$(get_vsn "$latest_release" 'src/emqx.app.src')"
         fi
-    fi
-done < <(./scripts/find-apps.sh)
+        now_app_version="$(get_vsn 'HEAD' "$src_file")"
+        ## TODO: delete it after new version is released with emqx app in apps dir
+        if [ "$app" = 'emqx' ] && [ "$now_app_version" = '' ]; then
+            now_app_version="$(get_vsn 'HEAD' 'src/emqx.app.src')"
+        fi
+        if [ -z "$now_app_version" ]; then
+            echo "failed_to_get_new_app_vsn for $app"
+            exit 1
+        fi
+        if [ -z "${old_app_version:-}" ]; then
+            echo "skiped checking new app ${app}"
+        elif [ "$old_app_version" = "$now_app_version" ]; then
+            lines="$(git diff --name-only "$latest_release"...HEAD \
+                        -- "$app_path/src" \
+                        -- "$app_path/priv" \
+                        -- "$app_path/c_src")"
+            if [ "$lines" != '' ]; then
+                echo "$src_file needs a vsn bump (old=$old_app_version)"
+                echo "changed: $lines"
+                bad_app_count=$(( bad_app_count + 1))
+            fi
+        fi
+    done < <(./scripts/find-apps.sh)
 
-if [ $bad_app_count -gt 0 ]; then
-    exit 1
-else
-    echo "apps version check successfully"       
-fi
+    if [ $bad_app_count -gt 0 ]; then
+        exit 1
+    else
+        echo "apps version check successfully"
+    fi
+}
+
+_main() {
+    if echo "${latest_release}" |grep -oE '[0-9]+.[0-9]+.[0-9]+' > /dev/null 2>&1; then
+        check_apps
+    else
+        echo "skiped unstable tag: ${latest_release}"
+    fi
+}
+
+_main

From 694f3bd67fde5485f38494881bc43bbadde06151 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Wed, 30 Jun 2021 19:09:23 +0800
Subject: [PATCH 165/174] feat(authz): support mongo single

---
 .../docker-compose-mongo-tcp.yaml             |   2 +
 apps/emqx_authz/README.md                     |  13 +++
 apps/emqx_authz/etc/emqx_authz.conf           |  12 ++
 apps/emqx_authz/src/emqx_authz.erl            |   5 +-
 apps/emqx_authz/src/emqx_authz_mongo.erl      | 106 ++++++++++++++++++
 apps/emqx_authz/src/emqx_authz_schema.erl     |   8 +-
 .../src/emqx_connector_mongo.erl              |  34 +++---
 .../src/emqx_connector_redis.erl              |   2 +-
 .../src/emqx_connector_schema_lib.erl         |   4 +-
 .../src/emqx_plugin_libs_pool.erl             |   2 +-
 10 files changed, 167 insertions(+), 21 deletions(-)
 create mode 100644 apps/emqx_authz/src/emqx_authz_mongo.erl

diff --git a/.ci/docker-compose-file/docker-compose-mongo-tcp.yaml b/.ci/docker-compose-file/docker-compose-mongo-tcp.yaml
index dee2daff6..494b42ce4 100644
--- a/.ci/docker-compose-file/docker-compose-mongo-tcp.yaml
+++ b/.ci/docker-compose-file/docker-compose-mongo-tcp.yaml
@@ -9,6 +9,8 @@ services:
       MONGO_INITDB_DATABASE: mqtt
     networks:
       - emqx_bridge
+    ports:
+      - "27017:27017"
     command:
       --ipv6
       --bind_ip_all
diff --git a/apps/emqx_authz/README.md b/apps/emqx_authz/README.md
index 699781b71..de0d695ee 100644
--- a/apps/emqx_authz/README.md
+++ b/apps/emqx_authz/README.md
@@ -133,3 +133,16 @@ HSET mqtt_acl:emqx '$SYS/#' subscribe
 
 A rule of Redis ACL defines `publish`, `subscribe`, or `all `information. All lists in the rule are **allow** lists.
 
+#### Mongo
+
+Create Example BSON documents
+```sql
+db.inventory.insertOne(
+    {username: "emqx",
+     clientid: "emqx",
+     ipaddress: "127.0.0.1",
+     permission: "allow",
+     action: "all",
+     topics: ["#"]
+    })
+```
diff --git a/apps/emqx_authz/etc/emqx_authz.conf b/apps/emqx_authz/etc/emqx_authz.conf
index 89515592f..e91a68a63 100644
--- a/apps/emqx_authz/etc/emqx_authz.conf
+++ b/apps/emqx_authz/etc/emqx_authz.conf
@@ -43,6 +43,18 @@ emqx_authz:{
        #     }
        #     cmd: "HGETALL mqtt_acl:%u"
        # },
+       # {
+       #     type: mongo
+       #     config: {
+       #        mongo_type: single
+       #        servers: "127.0.0.1:27017"
+       #        pool_size: 1
+       #        database: mqtt
+       #        ssl: {enable: false}
+       #     }
+       #     collection: mqtt_acl
+       #     find: { "$or": [ { "username": "%u" }, { "clientid": "%c" } ] }
+       # },
        {
            permission: allow
            action: all
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index 6710e4f69..f673b3979 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -93,8 +93,9 @@ compile(#{topics := Topics,
          };
 
 compile(#{principal := Principal,
-          type := redis
-         } = Rule) ->
+          type := DB
+         } = Rule) when DB =:= redis;
+                        DB =:= mongo ->
     NRule = create_resource(Rule),
     NRule#{principal => compile_principal(Principal)};
 
diff --git a/apps/emqx_authz/src/emqx_authz_mongo.erl b/apps/emqx_authz/src/emqx_authz_mongo.erl
new file mode 100644
index 000000000..a106dd0f5
--- /dev/null
+++ b/apps/emqx_authz/src/emqx_authz_mongo.erl
@@ -0,0 +1,106 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_mongo).
+
+-include("emqx_authz.hrl").
+-include_lib("emqx/include/emqx.hrl").
+-include_lib("emqx/include/logger.hrl").
+
+%% ACL Callbacks
+-export([ authorize/4
+        , description/0
+        ]).
+
+-ifdef(TEST).
+-compile(export_all).
+-compile(nowarn_export_all).
+-endif.
+
+description() ->
+    "AuthZ with Mongo".
+
+authorize(Client, PubSub, Topic,
+            #{resource_id := ResourceID,
+              collection := Collection,
+              find := Find
+             }) ->
+    case emqx_resource:query(ResourceID, {find, Collection, replvar(Find, Client), #{}}) of
+        {error, Reason} ->
+            ?LOG(error, "[AuthZ] Query mongo error: ~p", [Reason]),
+            nomatch;
+        [] -> nomatch;
+        Rows ->
+            do_authorize(Client, PubSub, Topic, Rows)
+    end.
+
+do_authorize(_Client, _PubSub, _Topic, []) ->
+    nomatch;
+do_authorize(Client, PubSub, Topic, [Rule | Tail]) ->
+    case match(Client, PubSub, Topic, Rule)
+    of
+        {matched, Permission} -> {matched, Permission};
+        nomatch -> do_authorize(Client, PubSub, Topic, Tail)
+    end.
+
+match(Client, PubSub, Topic,
+      #{<<"topics">> := Topics,
+        <<"permission">> := Permission,
+        <<"action">> := Action
+       }) ->
+    Rule = #{<<"principal">> => all,
+             <<"permission">> => Permission,
+             <<"topics">> => Topics,
+             <<"action">> => Action
+            },
+    #{simple_rule :=
+      #{permission := NPermission} = NRule
+     } = hocon_schema:check_plain(
+            emqx_authz_schema,
+            #{<<"simple_rule">> => Rule},
+            #{atom_key => true},
+            [simple_rule]),
+    case emqx_authz:match(Client, PubSub, Topic, emqx_authz:compile(NRule)) of
+        true -> {matched, NPermission};
+        false -> nomatch
+    end.
+
+replvar(Find, #{clientid := Clientid,
+                username := Username,
+                peerhost := IpAddress
+               }) ->
+    Fun = fun
+              _Fun(K, V, AccIn) when is_map(V) -> maps:put(K, maps:fold(_Fun, AccIn, V), AccIn);
+              _Fun(K, V, AccIn) when is_list(V) ->
+                  maps:put(K, [ begin
+                                    [{K1, V1}] = maps:to_list(M),
+                                    _Fun(K1, V1, AccIn)
+                                end || M <- V],
+                           AccIn);
+              _Fun(K, V, AccIn) when is_binary(V) ->
+                  V1 = re:replace(V,  "%c", bin(Clientid), [global, {return, binary}]),
+                  V2 = re:replace(V1, "%u", bin(Username), [global, {return, binary}]),
+                  V3 = re:replace(V2, "%a", inet_parse:ntoa(IpAddress), [global, {return, binary}]),
+                  maps:put(K, V3, AccIn);
+              _Fun(K, V, AccIn) -> maps:put(K, V, AccIn)
+          end,
+    maps:fold(Fun, #{}, Find).
+
+bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
+bin(B) when is_binary(B) -> B;
+bin(L) when is_list(L) -> list_to_binary(L);
+bin(X) -> X.
+
diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl
index 5836eb12b..5c82d460e 100644
--- a/apps/emqx_authz/src/emqx_authz_schema.erl
+++ b/apps/emqx_authz/src/emqx_authz_schema.erl
@@ -16,6 +16,13 @@ structs() -> ["emqx_authz"].
 fields("emqx_authz") ->
     [ {rules, rules()}
     ];
+fields(mongo_connector) ->
+    [ {principal, principal()}
+    , {type, #{type => hoconsc:enum([mongo])}}
+    , {config, #{type => map()}}
+    , {collection, #{type => atom()}}
+    , {find, #{type => map()}}
+    ];
 fields(redis_connector) ->
     [ {principal, principal()}
     , {type, #{type => hoconsc:enum([redis])}}
@@ -27,7 +34,6 @@ fields(redis_connector) ->
       }
     , {cmd, query()}
     ];
-
 fields(sql_connector) ->
     [ {principal, principal() }
     , {type, #{type => hoconsc:enum([mysql, pgsql])}}
diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl
index 9b5609c2f..dda192252 100644
--- a/apps/emqx_connector/src/emqx_connector_mongo.erl
+++ b/apps/emqx_connector/src/emqx_connector_mongo.erl
@@ -38,7 +38,7 @@ structs() -> [""].
 fields("") ->
     mongodb_fields() ++
     mongodb_topology_fields() ++
-    mongodb_rs_set_name_fields() ++
+    % mongodb_rs_set_name_fields() ++
     emqx_connector_schema_lib:ssl_fields().
 
 on_jsonify(Config) ->
@@ -71,7 +71,7 @@ on_start(InstId, #{servers := Servers,
 
     PoolName = emqx_plugin_libs_pool:pool_name(InstId),
     _ = emqx_plugin_libs_pool:start_pool(PoolName, ?MODULE, Opts ++ SslOpts),
-    {ok, #{pool => PoolName,
+    {ok, #{poolname => PoolName,
            type => Type,
            test_conn => TestConn,
            test_opts => TestOpts}}.
@@ -82,23 +82,27 @@ on_stop(InstId, #{poolname := PoolName}) ->
 
 on_query(InstId, {Action, Collection, Selector, Docs}, AfterQuery, #{poolname := PoolName} = State) ->
     logger:debug("mongodb connector ~p received request: ~p, at state: ~p", [InstId, {Action, Collection, Selector, Docs}, State]),
-    case Result = ecpool:pick_and_do(PoolName, {?MODULE, mongo_query, [Action, Collection, Selector, Docs]}, no_handover) of
+    case ecpool:pick_and_do(PoolName, {?MODULE, mongo_query, [Action, Collection, Selector, Docs]}, no_handover) of
         {error, Reason} ->
             logger:debug("mongodb connector ~p do sql query failed, request: ~p, reason: ~p", [InstId, {Action, Collection, Selector, Docs}, Reason]),
-            emqx_resource:query_failed(AfterQuery);
-        _ ->
-            emqx_resource:query_success(AfterQuery)
-    end,
-    Result.
+            emqx_resource:query_failed(AfterQuery),
+            {error, Reason};
+        {ok, Cursor} when is_pid(Cursor) ->
+            emqx_resource:query_success(AfterQuery),
+            mc_cursor:foldl(fun(O, Acc2) -> [O|Acc2] end, [], Cursor, 1000);
+        Result ->
+            emqx_resource:query_success(AfterQuery),
+            Result
+    end.
 
 -dialyzer({nowarn_function, [on_health_check/2]}).
-on_health_check(_InstId, #{test_opts := TestOpts}) ->
+on_health_check(_InstId, #{test_opts := TestOpts} = State) ->
     case mc_worker_api:connect(TestOpts) of
         {ok, TestConn} ->
             mc_worker_api:disconnect(TestConn),
-            {ok, true};
+            {ok, State};
         {error, _} ->
-            {ok, false}
+            {error, health_check_failed, State}
     end.
 
 %% ===================================================================
@@ -197,11 +201,12 @@ mongodb_topology_fields() ->
     , {min_heartbeat_frequency_ms, fun duration/1}
     ].
 
-mongodb_rs_set_name_fields() ->
-    [ {rs_set_name, fun emqx_connector_schema_lib:database/1}
-    ].
+% mongodb_rs_set_name_fields() ->
+%     [ {rs_set_name, fun emqx_connector_schema_lib:database/1}
+%     ].
 
 auth_source(type) -> binary();
+auth_source(nullable) -> true;
 auth_source(_) -> undefined.
 
 servers(type) -> binary();
@@ -213,4 +218,5 @@ mongo_type(default) -> single;
 mongo_type(_) -> undefined.
 
 duration(type) -> emqx_schema:duration_ms();
+duration(nullable) -> true;
 duration(_) -> undefined.
diff --git a/apps/emqx_connector/src/emqx_connector_redis.erl b/apps/emqx_connector/src/emqx_connector_redis.erl
index 4e1dc1773..6333cdb1a 100644
--- a/apps/emqx_connector/src/emqx_connector_redis.erl
+++ b/apps/emqx_connector/src/emqx_connector_redis.erl
@@ -140,7 +140,7 @@ on_health_check(_InstId, #{type := cluster, poolname := PoolName} = State) ->
                 eredis_cluster_pool_worker:is_connected(Pid) =:= true
             end, Workers) of
         true -> {ok, State};
-        false -> {error, test_query_failed, State}
+        false -> {error, health_check_failed, State}
     end;
 on_health_check(_InstId, #{poolname := PoolName} = State) ->
     emqx_plugin_libs_pool:health_check(PoolName, fun ?MODULE:do_health_check/1, State).
diff --git a/apps/emqx_connector/src/emqx_connector_schema_lib.erl b/apps/emqx_connector/src/emqx_connector_schema_lib.erl
index 17069c7f0..743d37ae3 100644
--- a/apps/emqx_connector/src/emqx_connector_schema_lib.erl
+++ b/apps/emqx_connector/src/emqx_connector_schema_lib.erl
@@ -99,11 +99,11 @@ pool_size(validator) -> [?MIN(1), ?MAX(64)];
 pool_size(_) -> undefined.
 
 username(type) -> binary();
-username(default) -> "root";
+username(nullable) -> true;
 username(_) -> undefined.
 
 password(type) -> binary();
-password(default) -> "";
+password(nullable) -> true;
 password(_) -> undefined.
 
 auto_reconnect(type) -> boolean();
diff --git a/apps/emqx_plugin_libs/src/emqx_plugin_libs_pool.erl b/apps/emqx_plugin_libs/src/emqx_plugin_libs_pool.erl
index 71119264d..03c5bdc8f 100644
--- a/apps/emqx_plugin_libs/src/emqx_plugin_libs_pool.erl
+++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs_pool.erl
@@ -54,5 +54,5 @@ health_check(PoolName, CheckFunc, State) when is_function(CheckFunc) ->
     end || {_WorkerName, Worker} <- ecpool:workers(PoolName)],
     case length(Status) > 0 andalso lists:all(fun(St) -> St =:= true end, Status) of
         true -> {ok, State};
-        false -> {error, test_query_failed, State}
+        false -> {error, health_check_failed, State}
     end.

From f92b8bb7fb23550044540ac813622af4787ab55e Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Mon, 5 Jul 2021 11:09:47 +0800
Subject: [PATCH 166/174] chore(authz): add test case

---
 .../test/emqx_authz_mongo_SUITE.erl           | 112 ++++++++++++++++++
 1 file changed, 112 insertions(+)
 create mode 100644 apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl

diff --git a/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl
new file mode 100644
index 000000000..daf4d1722
--- /dev/null
+++ b/apps/emqx_authz/test/emqx_authz_mongo_SUITE.erl
@@ -0,0 +1,112 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_mongo_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_authz.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    meck:new(emqx_resource, [non_strict, passthrough, no_history, no_link]),
+    meck:expect(emqx_resource, check_and_create, fun(_, _, _) -> {ok, meck_data} end ),
+    ok = emqx_ct_helpers:start_apps([emqx_authz], fun set_special_configs/1),
+    Config.
+
+end_per_suite(_Config) ->
+    file:delete(filename:join(emqx:get_env(plugins_etc_dir), 'authz.conf')),
+    emqx_ct_helpers:stop_apps([emqx_authz, emqx_resource]),
+    meck:unload(emqx_resource).
+
+set_special_configs(emqx) ->
+    application:set_env(emqx, allow_anonymous, true),
+    application:set_env(emqx, enable_acl_cache, false),
+    application:set_env(emqx, acl_nomatch, deny),
+    application:set_env(emqx, plugins_loaded_file,
+                        emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
+    ok;
+set_special_configs(emqx_authz) ->
+    Rules = [#{config =>#{},
+               principal => all,
+               collection => <<"fake">>,
+               find => #{<<"a">> => <<"b">>},
+               type => mongo}
+            ],
+    emqx_config:put([emqx_authz], #{rules => Rules}),
+    ok;
+set_special_configs(_App) ->
+    ok.
+
+-define(RULE1,[#{<<"topics">> => [<<"#">>],
+                 <<"permission">> => <<"deny">>,
+                 <<"action">> => <<"all">>}]).
+-define(RULE2,[#{<<"topics">> => [<<"eq #">>],
+                 <<"permission">> => <<"allow">>,
+                 <<"action">> => <<"all">>}]).
+-define(RULE3,[#{<<"topics">> => [<<"test/%c">>],
+                 <<"permission">> => <<"allow">>,
+                 <<"action">> => <<"subscribe">>}]).
+-define(RULE4,[#{<<"topics">> => [<<"test/%u">>],
+                 <<"permission">> => <<"allow">>,
+                 <<"action">> => <<"publish">>}]).
+
+%%------------------------------------------------------------------------------
+%% Testcases
+%%------------------------------------------------------------------------------
+
+t_authz(_) ->
+    ClientInfo1 = #{clientid => <<"test">>,
+                    username => <<"test">>,
+                    peerhost => {127,0,0,1}
+                   },
+    ClientInfo2 = #{clientid => <<"test_clientid">>,
+                    username => <<"test_username">>,
+                    peerhost => {192,168,0,10}
+                   },
+    ClientInfo3 = #{clientid => <<"test_clientid">>,
+                    username => <<"fake_username">>,
+                    peerhost => {127,0,0,1}
+                   },
+
+    meck:expect(emqx_resource, query, fun(_, _) -> [] end),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)), % nomatch
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"#">>)), % nomatch
+
+    meck:expect(emqx_resource, query, fun(_, _) -> ?RULE1 ++ ?RULE2 end),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, publish, <<"+">>)),
+
+    meck:expect(emqx_resource, query, fun(_, _) -> ?RULE2 ++ ?RULE1 end),
+    ?assertEqual(allow, emqx_access_control:authorize(ClientInfo1, subscribe, <<"#">>)),
+    ?assertEqual(deny, emqx_access_control:authorize(ClientInfo1, subscribe, <<"+">>)),
+
+    meck:expect(emqx_resource, query, fun(_, _) -> ?RULE3 ++ ?RULE4 end),
+    ?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo2, publish,   <<"test/test_clientid">>)),
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo2, subscribe, <<"test/test_username">>)),
+    ?assertEqual(allow, emqx_access_control:authorize(ClientInfo2, publish,   <<"test/test_username">>)),
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo3, subscribe, <<"test">>)), % nomatch
+    ?assertEqual(deny,  emqx_access_control:authorize(ClientInfo3, publish,   <<"test">>)), % nomatch
+    ok.
+

From f733293a8b5edc4ff902a94ec543349ebeaae164 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Mon, 5 Jul 2021 15:07:03 +0800
Subject: [PATCH 167/174] chore(authz): update apps vsn

---
 apps/emqx_authz/src/emqx_authz.app.src          |  2 +-
 apps/emqx_authz/src/emqx_authz_mongo.erl        |  3 +--
 apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl | 13 +++++--------
 apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl | 13 +++++--------
 apps/emqx_authz/test/emqx_authz_redis_SUITE.erl |  7 +++----
 apps/emqx_connector/src/emqx_connector.app.src  |  2 +-
 6 files changed, 16 insertions(+), 24 deletions(-)

diff --git a/apps/emqx_authz/src/emqx_authz.app.src b/apps/emqx_authz/src/emqx_authz.app.src
index 10801eca1..f79e10f85 100644
--- a/apps/emqx_authz/src/emqx_authz.app.src
+++ b/apps/emqx_authz/src/emqx_authz.app.src
@@ -1,6 +1,6 @@
 {application, emqx_authz,
  [{description, "An OTP application"},
-  {vsn, "0.1.0"},
+  {vsn, "0.1.1"},
   {registered, []},
   {mod, {emqx_authz_app, []}},
   {applications,
diff --git a/apps/emqx_authz/src/emqx_authz_mongo.erl b/apps/emqx_authz/src/emqx_authz_mongo.erl
index a106dd0f5..bffb3f07b 100644
--- a/apps/emqx_authz/src/emqx_authz_mongo.erl
+++ b/apps/emqx_authz/src/emqx_authz_mongo.erl
@@ -50,8 +50,7 @@ authorize(Client, PubSub, Topic,
 do_authorize(_Client, _PubSub, _Topic, []) ->
     nomatch;
 do_authorize(Client, PubSub, Topic, [Rule | Tail]) ->
-    case match(Client, PubSub, Topic, Rule)
-    of
+    case match(Client, PubSub, Topic, Rule) of
         {matched, Permission} -> {matched, Permission};
         nomatch -> do_authorize(Client, PubSub, Topic, Tail)
     end.
diff --git a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
index d84f0722a..edc35ca45 100644
--- a/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_mysql_SUITE.erl
@@ -47,9 +47,9 @@ set_special_configs(emqx) ->
                         emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
     ok;
 set_special_configs(emqx_authz) ->
-    Rules = [#{config =>#{<<"meck">> => <<"fake">>},
+    Rules = [#{config =>#{},
                principal => all,
-               sql => <<"fake sql">>,
+               sql => <<"fake">>,
                type => mysql}
             ],
     emqx_config:put([emqx_authz], #{rules => Rules}),
@@ -76,18 +76,15 @@ set_special_configs(_App) ->
 t_authz(_) ->
     ClientInfo1 = #{clientid => <<"test">>,
                     username => <<"test">>,
-                    peerhost => {127,0,0,1},
-                    zone => zone
+                    peerhost => {127,0,0,1}
                    },
     ClientInfo2 = #{clientid => <<"test_clientid">>,
                     username => <<"test_username">>,
-                    peerhost => {192,168,0,10},
-                    zone => zone
+                    peerhost => {192,168,0,10}
                    },
     ClientInfo3 = #{clientid => <<"test_clientid">>,
                     username => <<"fake_username">>,
-                    peerhost => {127,0,0,1},
-                    zone => zone
+                    peerhost => {127,0,0,1}
                    },
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end),
diff --git a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
index 78112b5bc..d5f89bcad 100644
--- a/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_pgsql_SUITE.erl
@@ -47,9 +47,9 @@ set_special_configs(emqx) ->
                         emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
     ok;
 set_special_configs(emqx_authz) ->
-    Rules = [#{config =>#{<<"meck">> => <<"fake">>},
+    Rules = [#{config =>#{},
                principal => all,
-               sql => <<"fake sql">>,
+               sql => <<"fake">>,
                type => pgsql}
             ],
     emqx_config:put([emqx_authz], #{rules => Rules}),
@@ -76,18 +76,15 @@ set_special_configs(_App) ->
 t_authz(_) ->
     ClientInfo1 = #{clientid => <<"test">>,
                     username => <<"test">>,
-                    peerhost => {127,0,0,1},
-                    zone => zone
+                    peerhost => {127,0,0,1}
                    },
     ClientInfo2 = #{clientid => <<"test_clientid">>,
                     username => <<"test_username">>,
-                    peerhost => {192,168,0,10},
-                    zone => zone
+                    peerhost => {192,168,0,10}
                    },
     ClientInfo3 = #{clientid => <<"test_clientid">>,
                     username => <<"fake_username">>,
-                    peerhost => {127,0,0,1},
-                    zone => zone
+                    peerhost => {127,0,0,1}
                    },
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, ?COLUMNS, []} end),
diff --git a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
index edff8a2a9..0d7ffa9d8 100644
--- a/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_redis_SUITE.erl
@@ -47,9 +47,9 @@ set_special_configs(emqx) ->
                         emqx_ct_helpers:deps_path(emqx, "test/loaded_plguins")),
     ok;
 set_special_configs(emqx_authz) ->
-    Rules = [#{config =>#{<<"meck">> => <<"fake">>},
+    Rules = [#{config =>#{},
                principal => all,
-               cmd => <<"fake cmd">>,
+               cmd => <<"fake">>,
                type => redis}
             ],
     emqx_config:put([emqx_authz], #{rules => Rules}),
@@ -68,8 +68,7 @@ set_special_configs(_App) ->
 t_authz(_) ->
     ClientInfo = #{clientid => <<"clientid">>,
                    username => <<"username">>,
-                   peerhost => {127,0,0,1},
-                   zone => zone
+                   peerhost => {127,0,0,1}
                    },
 
     meck:expect(emqx_resource, query, fun(_, _) -> {ok, []} end),
diff --git a/apps/emqx_connector/src/emqx_connector.app.src b/apps/emqx_connector/src/emqx_connector.app.src
index 6eb22cfe5..0b8717a0f 100644
--- a/apps/emqx_connector/src/emqx_connector.app.src
+++ b/apps/emqx_connector/src/emqx_connector.app.src
@@ -1,6 +1,6 @@
 {application, emqx_connector,
  [{description, "An OTP application"},
-  {vsn, "0.1.0"},
+  {vsn, "0.1.1"},
   {registered, []},
   {mod, {emqx_connector_app, []}},
   {applications,

From 45ee504dc5000ff62d071175320d39221b0b86b0 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Mon, 5 Jul 2021 15:11:58 +0800
Subject: [PATCH 168/174] chore(authz): rename ACL to AuthZ

---
 apps/emqx_authz/README.md                |  2 +-
 apps/emqx_authz/include/emqx_authz.hrl   | 12 ++++++------
 apps/emqx_authz/src/emqx_authz.erl       | 10 +++++-----
 apps/emqx_authz/src/emqx_authz_mongo.erl |  2 +-
 apps/emqx_authz/src/emqx_authz_mysql.erl |  2 +-
 apps/emqx_authz/src/emqx_authz_pgsql.erl |  2 +-
 apps/emqx_authz/src/emqx_authz_redis.erl |  2 +-
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/apps/emqx_authz/README.md b/apps/emqx_authz/README.md
index de0d695ee..a8b4ca170 100644
--- a/apps/emqx_authz/README.md
+++ b/apps/emqx_authz/README.md
@@ -131,7 +131,7 @@ Sample data in the default configuration:
 HSET mqtt_acl:emqx '$SYS/#' subscribe
 ```
 
-A rule of Redis ACL defines `publish`, `subscribe`, or `all `information. All lists in the rule are **allow** lists.
+A rule of Redis AuthZ defines `publish`, `subscribe`, or `all `information. All lists in the rule are **allow** lists.
 
 #### Mongo
 
diff --git a/apps/emqx_authz/include/emqx_authz.hrl b/apps/emqx_authz/include/emqx_authz.hrl
index 9caf3d979..76aa20688 100644
--- a/apps/emqx_authz/include/emqx_authz.hrl
+++ b/apps/emqx_authz/include/emqx_authz.hrl
@@ -6,14 +6,14 @@
 -define(ALLOW_DENY(A), ((A =:= allow) orelse (A =:= deny))).
 -define(PUBSUB(A), ((A =:= subscribe) orelse (A =:= publish) orelse (A =:= all))).
 
--record(acl_metrics, {
-        allow = 'client.acl.allow',
-        deny = 'client.acl.deny',
-        ignore = 'client.acl.ignore'
+-record(authz_metrics, {
+        allow = 'client.authorize.allow',
+        deny = 'client.authorize.deny',
+        ignore = 'client.authorize.ignore'
     }).
 
 -define(METRICS(Type), tl(tuple_to_list(#Type{}))).
 -define(METRICS(Type, K), #Type{}#Type.K).
 
--define(ACL_METRICS, ?METRICS(acl_metrics)).
--define(ACL_METRICS(K), ?METRICS(acl_metrics, K)).
+-define(AUTHZ_METRICS, ?METRICS(authz_metrics)).
+-define(AUTHZ_METRICS(K), ?METRICS(authz_metrics, K)).
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index f673b3979..578f6d7cc 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -32,7 +32,7 @@
 
 -spec(register_metrics() -> ok).
 register_metrics() ->
-    lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
+    lists:foreach(fun emqx_metrics:ensure/1, ?AUTHZ_METRICS).
 
 init() ->
     ok = register_metrics(),
@@ -147,10 +147,10 @@ b2l(B) when is_list(B) -> B;
 b2l(B) when is_binary(B) -> binary_to_list(B).
 
 %%--------------------------------------------------------------------
-%% ACL callbacks
+%% AuthZ callbacks
 %%--------------------------------------------------------------------
 
-%% @doc Check ACL
+%% @doc Check AuthZ
 -spec(authorize(emqx_types:clientinfo(), emqx_types:all(), emqx_topic:topic(), emqx_permission_rule:acl_result(), rules())
       -> {stop, allow} | {ok, deny}).
 authorize(#{username := Username,
@@ -159,11 +159,11 @@ authorize(#{username := Username,
     case do_authorize(Client, PubSub, Topic, Rules) of
         {matched, allow} ->
             ?LOG(info, "Client succeeded authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: allow", [Username, IpAddress, Topic]),
-            emqx_metrics:inc(?ACL_METRICS(allow)),
+            emqx_metrics:inc(?AUTHZ_METRICS(allow)),
             {stop, allow};
         {matched, deny} ->
             ?LOG(info, "Client failed authorization: Username: ~p, IP: ~p, Topic: ~p, Permission: deny", [Username, IpAddress, Topic]),
-            emqx_metrics:inc(?ACL_METRICS(deny)),
+            emqx_metrics:inc(?AUTHZ_METRICS(deny)),
             {stop, deny};
         nomatch ->
             ?LOG(info, "Client failed authorization: Username: ~p, IP: ~p, Topic: ~p, Reasion: ~p", [Username, IpAddress, Topic, "no-match rule"]),
diff --git a/apps/emqx_authz/src/emqx_authz_mongo.erl b/apps/emqx_authz/src/emqx_authz_mongo.erl
index bffb3f07b..04af8f1ec 100644
--- a/apps/emqx_authz/src/emqx_authz_mongo.erl
+++ b/apps/emqx_authz/src/emqx_authz_mongo.erl
@@ -20,7 +20,7 @@
 -include_lib("emqx/include/emqx.hrl").
 -include_lib("emqx/include/logger.hrl").
 
-%% ACL Callbacks
+%% AuthZ Callbacks
 -export([ authorize/4
         , description/0
         ]).
diff --git a/apps/emqx_authz/src/emqx_authz_mysql.erl b/apps/emqx_authz/src/emqx_authz_mysql.erl
index 672954841..4c769085d 100644
--- a/apps/emqx_authz/src/emqx_authz_mysql.erl
+++ b/apps/emqx_authz/src/emqx_authz_mysql.erl
@@ -20,7 +20,7 @@
 -include_lib("emqx/include/emqx.hrl").
 -include_lib("emqx/include/logger.hrl").
 
-%% ACL Callbacks
+%% AuthZ Callbacks
 -export([ description/0
         , parse_query/1
         , authorize/4
diff --git a/apps/emqx_authz/src/emqx_authz_pgsql.erl b/apps/emqx_authz/src/emqx_authz_pgsql.erl
index fa24c5f5e..d74db36b2 100644
--- a/apps/emqx_authz/src/emqx_authz_pgsql.erl
+++ b/apps/emqx_authz/src/emqx_authz_pgsql.erl
@@ -20,7 +20,7 @@
 -include_lib("emqx/include/emqx.hrl").
 -include_lib("emqx/include/logger.hrl").
 
-%% ACL Callbacks
+%% AuthZ Callbacks
 -export([ description/0
         , parse_query/1
         , authorize/4
diff --git a/apps/emqx_authz/src/emqx_authz_redis.erl b/apps/emqx_authz/src/emqx_authz_redis.erl
index dc80d959c..8d24b4534 100644
--- a/apps/emqx_authz/src/emqx_authz_redis.erl
+++ b/apps/emqx_authz/src/emqx_authz_redis.erl
@@ -20,7 +20,7 @@
 -include_lib("emqx/include/emqx.hrl").
 -include_lib("emqx/include/logger.hrl").
 
-%% ACL Callbacks
+%% AuthZ Callbacks
 -export([ authorize/4
         , description/0
         ]).

From fd0a211629ea831b9837a8f8de068c105477e02a Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Mon, 5 Jul 2021 16:10:41 +0800
Subject: [PATCH 169/174] chore(authz): mongo connector support ssl

---
 .../docker-compose-mongo-tls.yaml             | 15 ++++--
 apps/emqx_authz/src/emqx_authz_schema.erl     |  1 +
 .../src/emqx_connector_mongo.erl              | 47 +++++++++----------
 3 files changed, 32 insertions(+), 31 deletions(-)

diff --git a/.ci/docker-compose-file/docker-compose-mongo-tls.yaml b/.ci/docker-compose-file/docker-compose-mongo-tls.yaml
index a09bc803d..c4f162783 100644
--- a/.ci/docker-compose-file/docker-compose-mongo-tls.yaml
+++ b/.ci/docker-compose-file/docker-compose-mongo-tls.yaml
@@ -8,11 +8,16 @@ services:
     environment:
       MONGO_INITDB_DATABASE: mqtt
     volumes:
-        - ../../apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE_data/mongodb.pem/:/etc/certs/mongodb.pem
+      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/cert.pem
+      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/key.pem
     networks:
       - emqx_bridge
+    ports:
+      - "27017:27017"
     command:
-      --ipv6
-      --bind_ip_all
-      --sslMode requireSSL
-      --sslPEMKeyFile /etc/certs/mongodb.pem
+      - /bin/bash
+      - -c
+      - |
+        cat /etc/certs/key.pem /etc/certs/cert.pem >  /etc/certs/mongodb.pem
+        mongod --ipv6 --bind_ip_all --sslMode requireSSL --sslPEMKeyFile /etc/certs/mongodb.pem
+
diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl
index 5c82d460e..0b6a1d107 100644
--- a/apps/emqx_authz/src/emqx_authz_schema.erl
+++ b/apps/emqx_authz/src/emqx_authz_schema.erl
@@ -90,6 +90,7 @@ rules() ->
                 [ hoconsc:ref(?MODULE, simple_rule)
                 , hoconsc:ref(?MODULE, sql_connector)
                 , hoconsc:ref(?MODULE, redis_connector)
+                , hoconsc:ref(?MODULE, mongo_connector)
                 ])
     }.
 
diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl
index dda192252..25d9f36df 100644
--- a/apps/emqx_connector/src/emqx_connector_mongo.erl
+++ b/apps/emqx_connector/src/emqx_connector_mongo.erl
@@ -36,10 +36,28 @@
 structs() -> [""].
 
 fields("") ->
-    mongodb_fields() ++
-    mongodb_topology_fields() ++
+    [ {mongo_type, fun mongo_type/1}
+    , {servers, fun servers/1}
+    , {pool_size, fun emqx_connector_schema_lib:pool_size/1}
+    , {login, fun emqx_connector_schema_lib:username/1}
+    , {password, fun emqx_connector_schema_lib:password/1}
+    , {auth_source, fun auth_source/1}
+    , {database, fun emqx_connector_schema_lib:database/1}
+    ] ++
     % mongodb_rs_set_name_fields() ++
-    emqx_connector_schema_lib:ssl_fields().
+    emqx_connector_schema_lib:ssl_fields();
+fields(topology) ->
+    [ {max_overflow, fun emqx_connector_schema_lib:pool_size/1}
+    , {overflow_ttl, fun duration/1}
+    , {overflow_check_period, fun duration/1}
+    , {local_threshold_ms, fun duration/1}
+    , {connect_timeout_ms, fun duration/1}
+    , {socket_timeout_ms, fun duration/1}
+    , {server_selection_timeout_ms, fun duration/1}
+    , {wait_queue_timeout_ms, fun duration/1}
+    , {heartbeat_frequency_ms, fun duration/1}
+    , {min_heartbeat_frequency_ms, fun duration/1}
+    ].
 
 on_jsonify(Config) ->
     Config.
@@ -178,29 +196,6 @@ host_port(HostPort) ->
             [{host, Host1}]
     end.
 
-mongodb_fields() ->
-    [ {mongo_type, fun mongo_type/1}
-    , {servers, fun servers/1}
-    , {pool_size, fun emqx_connector_schema_lib:pool_size/1}
-    , {login, fun emqx_connector_schema_lib:username/1}
-    , {password, fun emqx_connector_schema_lib:password/1}
-    , {auth_source, fun auth_source/1}
-    , {database, fun emqx_connector_schema_lib:database/1}
-    ].
-
-mongodb_topology_fields() ->
-    [ {max_overflow, fun emqx_connector_schema_lib:pool_size/1}
-    , {overflow_ttl, fun duration/1}
-    , {overflow_check_period, fun duration/1}
-    , {local_threshold_ms, fun duration/1}
-    , {connect_timeout_ms, fun duration/1}
-    , {socket_timeout_ms, fun duration/1}
-    , {server_selection_timeout_ms, fun duration/1}
-    , {wait_queue_timeout_ms, fun duration/1}
-    , {heartbeat_frequency_ms, fun duration/1}
-    , {min_heartbeat_frequency_ms, fun duration/1}
-    ].
-
 % mongodb_rs_set_name_fields() ->
 %     [ {rs_set_name, fun emqx_connector_schema_lib:database/1}
 %     ].

From b2801299cbb47083dff385f65d83403dfee17452 Mon Sep 17 00:00:00 2001
From: zhanghongtong <rory-z@outlook.com>
Date: Wed, 30 Jun 2021 19:18:12 +0800
Subject: [PATCH 170/174] chore(CI): cancel build of 32-bit docker

---
 .github/workflows/build_packages.yaml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index de4315d36..99ea45d29 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -342,13 +342,6 @@ jobs:
           - [amd64, x86_64]
           - [arm64v8, aarch64]
           - [arm32v7, arm]
-          - [i386, i386]
-          - [s390x, s390x]
-        exclude:
-          - profile: emqx-ee
-            arch: [i386, i386]
-          - profile: emqx-ee
-            arch: [s390x, s390x]
 
     steps:
     - uses: actions/download-artifact@v2

From 53df218e6a57d8faea9c5d37dbebc99af9f8b02e Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Tue, 6 Jul 2021 14:53:28 +0800
Subject: [PATCH 171/174] feat(connector): mongo support replica set

---
 .../docker-compose-mongo-replicaset-tcp.yaml  |  81 ++++++++++
 .../docker-compose-mongo-replicaset-tls.yaml  |  98 ++++++++++++
 ...l => docker-compose-mongo-single-tcp.yaml} |   0
 ...l => docker-compose-mongo-single-tls.yaml} |   0
 apps/emqx_authz/src/emqx_authz.erl            |   1 +
 .../src/emqx_connector_mongo.erl              | 143 +++++++++++-------
 .../src/emqx_connector_redis.erl              |   6 +-
 7 files changed, 275 insertions(+), 54 deletions(-)
 create mode 100644 .ci/docker-compose-file/docker-compose-mongo-replicaset-tcp.yaml
 create mode 100644 .ci/docker-compose-file/docker-compose-mongo-replicaset-tls.yaml
 rename .ci/docker-compose-file/{docker-compose-mongo-tcp.yaml => docker-compose-mongo-single-tcp.yaml} (100%)
 rename .ci/docker-compose-file/{docker-compose-mongo-tls.yaml => docker-compose-mongo-single-tls.yaml} (100%)

diff --git a/.ci/docker-compose-file/docker-compose-mongo-replicaset-tcp.yaml b/.ci/docker-compose-file/docker-compose-mongo-replicaset-tcp.yaml
new file mode 100644
index 000000000..f83fe0932
--- /dev/null
+++ b/.ci/docker-compose-file/docker-compose-mongo-replicaset-tcp.yaml
@@ -0,0 +1,81 @@
+version: "3"
+
+services:
+  mongo1:
+    hostname: mongo1
+    container_name: mongo1
+    image: mongo:${MONGO_TAG}
+    environment:
+      MONGO_INITDB_DATABASE: mqtt
+    networks:
+      - emqx_bridge
+    expose:
+      - 27017
+    ports:
+      - 27011:27017
+    restart: always
+    command:
+      --ipv6
+      --bind_ip_all
+      --replSet rs0
+      
+  mongo2:
+    hostname: mongo2
+    container_name: mongo2
+    image: mongo:${MONGO_TAG}
+    environment:
+      MONGO_INITDB_DATABASE: mqtt
+    networks:
+      - emqx_bridge
+    expose:
+      - 27017
+    ports:
+      - 27012:27017
+    restart: always
+    command:
+      --ipv6
+      --bind_ip_all
+      --replSet rs0
+
+  mongo3:
+    hostname: mongo3
+    container_name: mongo3
+    image: mongo:${MONGO_TAG}
+    environment:
+      MONGO_INITDB_DATABASE: mqtt
+    networks:
+      - emqx_bridge
+    expose:
+      - 27017
+    ports:
+      - 27013:27017
+    restart: always
+    command:
+      --ipv6
+      --bind_ip_all
+      --replSet rs0
+      
+  mongo_client:
+    image: mongo:${MONGO_TAG}
+    container_name: mongo_client
+    networks:
+      - emqx_bridge
+    depends_on:
+      - mongo1
+      - mongo2
+      - mongo3
+    command:
+      - /bin/bash
+      - -c
+      - |
+        while ! mongo --host mongo1 --eval 'db.runCommand("ping").ok' --quiet > /dev/null 2>&1; do
+            sleep 1
+        done
+        while ! mongo --host mongo2 --eval 'db.runCommand("ping").ok' --quiet > /dev/null 2>&1; do
+            sleep 1
+        done
+        while ! mongo --host mongo3 --eval 'db.runCommand("ping").ok' --quiet > /dev/null 2>&1; do
+            sleep 1
+        done
+        mongo --host mongo1 --eval "rs.initiate( { _id : 'rs0', members: [ { _id : 0, host : 'mongo1:27017' }, { _id : 1, host : 'mongo2:27017' }, { _id : 2, host : 'mongo3:27017' } ] })" --quiet
+        mongo --host mongo1 --eval "rs.status()" --quiet
diff --git a/.ci/docker-compose-file/docker-compose-mongo-replicaset-tls.yaml b/.ci/docker-compose-file/docker-compose-mongo-replicaset-tls.yaml
new file mode 100644
index 000000000..be8f7ea21
--- /dev/null
+++ b/.ci/docker-compose-file/docker-compose-mongo-replicaset-tls.yaml
@@ -0,0 +1,98 @@
+version: "3"
+
+services:
+  mongo1:
+    hostname: mongo1
+    container_name: mongo1
+    image: mongo:${MONGO_TAG}
+    environment:
+      MONGO_INITDB_DATABASE: mqtt
+    networks:
+      - emqx_bridge
+    expose:
+      - 27017
+    ports:
+      - 27011:27017
+    restart: always
+    volumes:
+      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/cert.pem
+      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/key.pem
+    command:
+      - /bin/bash
+      - -c
+      - |
+        cat /etc/certs/key.pem /etc/certs/cert.pem >  /etc/certs/mongodb.pem
+        mongod --ipv6 --bind_ip_all --tlsMode requireTLS --tlsCertificateKeyFile /etc/certs/mongodb.pem --replSet rs0
+      
+  mongo2:
+    hostname: mongo2
+    container_name: mongo2
+    image: mongo:${MONGO_TAG}
+    environment:
+      MONGO_INITDB_DATABASE: mqtt
+    networks:
+      - emqx_bridge
+    expose:
+      - 27017
+    ports:
+      - 27012:27017
+    restart: always
+    volumes:
+      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/cert.pem
+      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/key.pem
+    command:
+      - /bin/bash
+      - -c
+      - |
+        cat /etc/certs/key.pem /etc/certs/cert.pem >  /etc/certs/mongodb.pem
+        mongod --ipv6 --bind_ip_all --tlsMode requireTLS --tlsCertificateKeyFile /etc/certs/mongodb.pem --replSet rs0
+
+  mongo3:
+    hostname: mongo3
+    container_name: mongo3
+    image: mongo:${MONGO_TAG}
+    environment:
+      MONGO_INITDB_DATABASE: mqtt
+    networks:
+      - emqx_bridge
+    expose:
+      - 27017
+    ports:
+      - 27013:27017
+    restart: always
+    volumes:
+      - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/cert.pem
+      - ../../apps/emqx/etc/certs/key.pem:/etc/certs/key.pem
+    command:
+      - /bin/bash
+      - -c
+      - |
+        cat /etc/certs/key.pem /etc/certs/cert.pem >  /etc/certs/mongodb.pem
+        mongod --ipv6 --bind_ip_all --tlsMode requireTLS --tlsCertificateKeyFile /etc/certs/mongodb.pem --replSet rs0
+      
+  mongo_client:
+    image: mongo:${MONGO_TAG}
+    container_name: mongo_client
+    networks:
+      - emqx_bridge
+    depends_on:
+      - mongo1
+      - mongo2
+      - mongo3
+    volumes:
+      - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/cacert.pem
+    command:
+      - /bin/bash
+      - -c
+      - |
+        while ! mongo --host mongo1 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval 'db.runCommand("ping").ok' --quiet > /dev/null 2>&1; do
+            sleep 1
+        done
+        while ! mongo --host mongo2 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval 'db.runCommand("ping").ok' --quiet > /dev/null 2>&1; do
+            sleep 1
+        done
+        while ! mongo --host mongo3 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval 'db.runCommand("ping").ok' --quiet > /dev/null 2>&1; do
+            sleep 1
+        done
+        mongo --host mongo1 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval "rs.initiate( { _id : 'rs0', members: [ { _id : 0, host : 'mongo1:27017' }, { _id : 1, host : 'mongo2:27017' }, { _id : 2, host : 'mongo3:27017' } ] })" --quiet
+        mongo --host mongo1 --tls --tlsCAFile /etc/certs/cacert.pem --tlsAllowInvalidHostnames --eval "rs.status()" --quiet
diff --git a/.ci/docker-compose-file/docker-compose-mongo-tcp.yaml b/.ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml
similarity index 100%
rename from .ci/docker-compose-file/docker-compose-mongo-tcp.yaml
rename to .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml
diff --git a/.ci/docker-compose-file/docker-compose-mongo-tls.yaml b/.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml
similarity index 100%
rename from .ci/docker-compose-file/docker-compose-mongo-tls.yaml
rename to .ci/docker-compose-file/docker-compose-mongo-single-tls.yaml
diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl
index 578f6d7cc..725d884e1 100644
--- a/apps/emqx_authz/src/emqx_authz.erl
+++ b/apps/emqx_authz/src/emqx_authz.erl
@@ -66,6 +66,7 @@ create_resource(#{type := DB,
     ResourceID = iolist_to_binary([io_lib:format("~s_~s",[?APP, DB]), "_", integer_to_list(erlang:system_time())]),
     NConfig = case DB of
                   redis -> #{config => Config };
+                  mongo -> #{config => Config };
                   _ -> Config
               end,
     case emqx_resource:check_and_create(
diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl
index 25d9f36df..bac97a41a 100644
--- a/apps/emqx_connector/src/emqx_connector_mongo.erl
+++ b/apps/emqx_connector/src/emqx_connector_mongo.erl
@@ -19,6 +19,9 @@
 -include_lib("typerefl/include/types.hrl").
 -include_lib("emqx_resource/include/emqx_resource_behaviour.hrl").
 
+-type server() :: string().
+-reflect_type([server/0]).
+
 %% callbacks of behaviour emqx_resource
 -export([ on_start/2
         , on_stop/2
@@ -36,16 +39,28 @@
 structs() -> [""].
 
 fields("") ->
-    [ {mongo_type, fun mongo_type/1}
+    [ {config, #{type => hoconsc:union(
+                          [ hoconsc:ref(?MODULE, single)
+                          , hoconsc:ref(?MODULE, rs)
+                          , hoconsc:ref(?MODULE, sharded)
+                          ])}}
+    ];
+fields(single) ->
+    [ {mongo_type, #{type => single,
+                     default => single}}
+    , {server, fun server/1}
+    ] ++ mongo_fields();
+fields(rs) ->
+    [ {mongo_type, #{type => rs,
+                     default => rs}}
     , {servers, fun servers/1}
-    , {pool_size, fun emqx_connector_schema_lib:pool_size/1}
-    , {login, fun emqx_connector_schema_lib:username/1}
-    , {password, fun emqx_connector_schema_lib:password/1}
-    , {auth_source, fun auth_source/1}
-    , {database, fun emqx_connector_schema_lib:database/1}
-    ] ++
-    % mongodb_rs_set_name_fields() ++
-    emqx_connector_schema_lib:ssl_fields();
+    , {replicaset_name, fun emqx_connector_schema_lib:database/1}
+    ] ++ mongo_fields();
+fields(sharded) ->
+    [ {mongo_type, #{type => sharded,
+                     default => sharded}}
+    , {servers, fun servers/1}
+    ] ++ mongo_fields();
 fields(topology) ->
     [ {max_overflow, fun emqx_connector_schema_lib:pool_size/1}
     , {overflow_ttl, fun duration/1}
@@ -59,40 +74,42 @@ fields(topology) ->
     , {min_heartbeat_frequency_ms, fun duration/1}
     ].
 
+mongo_fields() ->
+    [ {pool_size, fun emqx_connector_schema_lib:pool_size/1}
+    , {login, fun emqx_connector_schema_lib:username/1}
+    , {password, fun emqx_connector_schema_lib:password/1}
+    , {auth_source, fun auth_source/1}
+    , {database, fun emqx_connector_schema_lib:database/1}
+    ] ++
+    emqx_connector_schema_lib:ssl_fields().
+
 on_jsonify(Config) ->
     Config.
 
 %% ===================================================================
-on_start(InstId, #{servers := Servers,
-                   mongo_type := Type,
-                   database := Database,
-                   pool_size := PoolSize,
-                   ssl := SSL} = Config) ->
+on_start(InstId, #{config := #{server := Server,
+                               mongo_type := single} = Config}) ->
     logger:info("starting mongodb connector: ~p, config: ~p", [InstId, Config]),
-    SslOpts = case maps:get(enable, SSL) of
-                  true ->
-                      [{ssl, true},
-                       {ssl_opts, emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}
-                      ];
-                  false -> [{ssl, false}]
-              end,
-    Hosts = [string:trim(H) || H <- string:tokens(binary_to_list(Servers), ",")],
-    Opts = [{type, init_type(Type, Config)},
-            {hosts, Hosts},
-            {pool_size, PoolSize},
-            {options, init_topology_options(maps:to_list(Config), [])},
-            {worker_options, init_worker_options(maps:to_list(Config), SslOpts)}],
+    Opts = [{type, single},
+            {hosts, [Server]}
+            ],
+    do_start(InstId, Opts, Config);
 
-    %% test the connection
-    TestOpts = [{database, Database}] ++ host_port(hd(Hosts)),
-    {ok, TestConn} = mc_worker_api:connect(TestOpts),
+on_start(InstId, #{config := #{servers := Servers,
+                               mongo_type := rs,
+                               replicaset_name := RsName} = Config}) ->
+    logger:info("starting mongodb connector: ~p, config: ~p", [InstId, Config]),
+    Opts = [{type,  {rs, RsName}},
+            {hosts, Servers}],
+    do_start(InstId, Opts, Config);
 
-    PoolName = emqx_plugin_libs_pool:pool_name(InstId),
-    _ = emqx_plugin_libs_pool:start_pool(PoolName, ?MODULE, Opts ++ SslOpts),
-    {ok, #{poolname => PoolName,
-           type => Type,
-           test_conn => TestConn,
-           test_opts => TestOpts}}.
+on_start(InstId, #{config := #{servers := Servers,
+                               mongo_type := sharded} = Config}) ->
+    logger:info("starting mongodb connector: ~p, config: ~p", [InstId, Config]),
+    Opts = [{type, sharded},
+            {hosts, Servers}
+            ],
+    do_start(InstId, Opts, Config).
 
 on_stop(InstId, #{poolname := PoolName}) ->
     logger:info("stopping mongodb connector: ~p", [InstId]),
@@ -138,10 +155,38 @@ mongo_query(Conn, find, Collection, Selector, Docs) ->
 mongo_query(_Conn, _Action, _Collection, _Selector, _Docs) ->
     ok.
 
-init_type(rs, #{rs_set_name := Name}) ->
-    {rs, Name};
-init_type(Type, _Opts) ->
-    Type.
+do_start(InstId, Opts0, Config = #{mongo_type := Type,
+                                   database := Database,
+                                   pool_size := PoolSize,
+                                   ssl := SSL}) ->
+    SslOpts = case maps:get(enable, SSL) of
+                  true ->
+                      [{ssl, true},
+                       {ssl_opts, emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}
+                      ];
+                  false -> [{ssl, false}]
+              end,
+    Opts = Opts0 ++
+           [{pool_size, PoolSize},
+            {options, init_topology_options(maps:to_list(Config), [])},
+            {worker_options, init_worker_options(maps:to_list(Config), SslOpts)}],
+    %% test the connection
+    TestOpts = case maps:is_key(server, Config) of
+                  true ->
+                    Server = maps:get(server, Config),
+                    host_port(Server);
+                  false ->
+                    Servers = maps:get(servers, Config),
+                    host_port(erlang:hd(Servers))
+              end ++ [{database, Database}],
+    {ok, TestConn} = mc_worker_api:connect(TestOpts),
+
+    PoolName = emqx_plugin_libs_pool:pool_name(InstId),
+    _ = emqx_plugin_libs_pool:start_pool(PoolName, ?MODULE, Opts ++ SslOpts),
+    {ok, #{poolname => PoolName,
+           type => Type,
+           test_conn => TestConn,
+           test_opts => TestOpts}}.
 
 init_topology_options([{pool_size, Val}| R], Acc) ->
     init_topology_options(R, [{pool_size, Val}| Acc]);
@@ -196,22 +241,18 @@ host_port(HostPort) ->
             [{host, Host1}]
     end.
 
-% mongodb_rs_set_name_fields() ->
-%     [ {rs_set_name, fun emqx_connector_schema_lib:database/1}
-%     ].
+server(type) -> server();
+server(validator) -> [?REQUIRED("the field 'server' is required")];
+server(_) -> undefined.
+
+servers(type) -> hoconsc:array(server());
+servers(validator) -> [?REQUIRED("the field 'servers' is required")];
+servers(_) -> undefined.
 
 auth_source(type) -> binary();
 auth_source(nullable) -> true;
 auth_source(_) -> undefined.
 
-servers(type) -> binary();
-servers(validator) -> [?REQUIRED("the field 'servers' is required")];
-servers(_) -> undefined.
-
-mongo_type(type) -> hoconsc:enum([single, unknown, shared, rs]);
-mongo_type(default) -> single;
-mongo_type(_) -> undefined.
-
 duration(type) -> emqx_schema:duration_ms();
 duration(nullable) -> true;
 duration(_) -> undefined.
diff --git a/apps/emqx_connector/src/emqx_connector_redis.erl b/apps/emqx_connector/src/emqx_connector_redis.erl
index 6333cdb1a..0df12185d 100644
--- a/apps/emqx_connector/src/emqx_connector_redis.erl
+++ b/apps/emqx_connector/src/emqx_connector_redis.erl
@@ -45,9 +45,9 @@ structs() -> [""].
 
 fields("") ->
     [ {config, #{type => hoconsc:union(
-                  [ hoconsc:ref(cluster)
-                  , hoconsc:ref(single)
-                  , hoconsc:ref(sentinel)
+                  [ hoconsc:ref(?MODULE, cluster)
+                  , hoconsc:ref(?MODULE, single)
+                  , hoconsc:ref(?MODULE, sentinel)
                   ])}
       }
     ];

From 72f9e60d63e6f464f18f8a592b716981dc5af759 Mon Sep 17 00:00:00 2001
From: lafirest <blankalupo@163.com>
Date: Mon, 5 Jul 2021 14:31:21 +0800
Subject: [PATCH 172/174] feat(emqx_retainer): add simple restapi for
 emqx_retainer

---
 apps/emqx_retainer/etc/emqx_retainer.conf     |   2 +
 apps/emqx_retainer/src/emqx_retainer.app.src  |   2 +-
 .../emqx_retainer/src/emqx_retainer.appup.src |  15 --
 apps/emqx_retainer/src/emqx_retainer.erl      |  37 +++-
 apps/emqx_retainer/src/emqx_retainer_api.erl  |  61 +++++++
 apps/emqx_retainer/src/emqx_retainer_app.erl  |   1 -
 .../src/emqx_retainer_schema.erl              |   3 +-
 .../test/emqx_retainer_SUITE.erl              |   3 +-
 .../test/emqx_retainer_api_SUITE.erl          | 158 ++++++++++++++++++
 .../test/mqtt_protocol_v5_SUITE.erl           |  12 +-
 10 files changed, 271 insertions(+), 23 deletions(-)
 delete mode 100644 apps/emqx_retainer/src/emqx_retainer.appup.src
 create mode 100644 apps/emqx_retainer/src/emqx_retainer_api.erl
 create mode 100644 apps/emqx_retainer/test/emqx_retainer_api_SUITE.erl

diff --git a/apps/emqx_retainer/etc/emqx_retainer.conf b/apps/emqx_retainer/etc/emqx_retainer.conf
index 08220a207..f91b3aa4f 100644
--- a/apps/emqx_retainer/etc/emqx_retainer.conf
+++ b/apps/emqx_retainer/etc/emqx_retainer.conf
@@ -6,6 +6,8 @@
 ##
 ## Notice that all nodes in the same cluster have to be configured to
 emqx_retainer: {
+    ## enable/disable emqx_retainer
+    enable: true
 	## use the same storage_type.
 	##
 	## Value: ram | disc | disc_only
diff --git a/apps/emqx_retainer/src/emqx_retainer.app.src b/apps/emqx_retainer/src/emqx_retainer.app.src
index c5ca7599d..4bc3b962b 100644
--- a/apps/emqx_retainer/src/emqx_retainer.app.src
+++ b/apps/emqx_retainer/src/emqx_retainer.app.src
@@ -1,6 +1,6 @@
 {application, emqx_retainer,
  [{description, "EMQ X Retainer"},
-  {vsn, "4.3.2"}, % strict semver, bump manually!
+  {vsn, "5.0.0"}, % strict semver, bump manually!
   {modules, []},
   {registered, [emqx_retainer_sup]},
   {applications, [kernel,stdlib]},
diff --git a/apps/emqx_retainer/src/emqx_retainer.appup.src b/apps/emqx_retainer/src/emqx_retainer.appup.src
deleted file mode 100644
index 759ec56bd..000000000
--- a/apps/emqx_retainer/src/emqx_retainer.appup.src
+++ /dev/null
@@ -1,15 +0,0 @@
-%% -*-: erlang -*-
-{VSN,
-  [
-    {<<"4.3.[0-1]">>, [
-      {restart_application, emqx_retainer}
-    ]},
-    {<<".*">>, []}
-  ],
-  [
-    {<<"4.3.[0-1]">>, [
-      {restart_application, emqx_retainer}
-    ]},
-    {<<".*">>, []}
-  ]
-}.
diff --git a/apps/emqx_retainer/src/emqx_retainer.erl b/apps/emqx_retainer/src/emqx_retainer.erl
index affbc5ca3..961578870 100644
--- a/apps/emqx_retainer/src/emqx_retainer.erl
+++ b/apps/emqx_retainer/src/emqx_retainer.erl
@@ -27,15 +27,15 @@
 
 -export([start_link/0]).
 
--export([ load/0
-        , unload/0
+-export([unload/0
         ]).
 
 -export([ on_session_subscribed/3
         , on_message_publish/1
         ]).
 
--export([clean/1]).
+-export([ clean/1
+        , update_config/1]).
 
 %% for emqx_pool task func
 -export([dispatch/2]).
@@ -56,6 +56,7 @@
 -define(DEF_MAX_RETAINED_MESSAGES, 0).
 -define(DEF_MAX_PAYLOAD_SIZE, (1024 * 1024)).
 -define(DEF_EXPIRY_INTERVAL, 0).
+-define(DEF_ENABLE_VAL, false).
 
 %% convenient to generate stats_timer/expiry_timer
 -define(MAKE_TIMER(State, Timer, Interval, Msg),
@@ -130,6 +131,15 @@ clean(Topic) when is_binary(Topic) ->
             {atomic, N} = ekka_mnesia:transaction(?RETAINER_SHARD, Fun), N
     end.
 
+%%--------------------------------------------------------------------
+%% Update Config
+%%--------------------------------------------------------------------
+-spec update_config(hocon:config()) -> ok.
+update_config(Conf) ->
+    OldCfg = emqx_config:get([?APP]),
+    emqx_config:put([?APP], Conf),
+    check_enable_when_update(OldCfg).
+
 %%--------------------------------------------------------------------
 %% gen_server callbacks
 %%--------------------------------------------------------------------
@@ -162,6 +172,7 @@ init([]) ->
     end,
     StatsFun = emqx_stats:statsfun('retained.count', 'retained.max'),
     State = ?MAKE_TIMER(#state{stats_fun = StatsFun}, stats_timer, ?STATS_INTERVAL, stats),
+    check_enable_when_init(),
     {ok, start_expire_timer(ExpiryInterval, State)}.
 
 start_expire_timer(0, State) ->
@@ -321,3 +332,23 @@ condition(Ws) ->
         false -> Ws1;
         _ -> (Ws1 -- ['#']) ++ '_'
     end.
+
+-spec check_enable_when_init() -> ok.
+check_enable_when_init() ->
+    case emqx_config:get([?APP, enable], ?DEF_ENABLE_VAL) of
+        true -> load();
+        _  -> ok
+    end.
+
+-spec check_enable_when_update(hocon:config()) -> ok.
+check_enable_when_update(OldCfg) ->
+    OldVal = maps:get(enable, OldCfg, undefined),
+    case emqx_config:get([?APP, enable], ?DEF_ENABLE_VAL) of
+        OldVal ->
+            ok;
+        true ->
+            load();
+        _ ->
+            unload()
+    end.
+
diff --git a/apps/emqx_retainer/src/emqx_retainer_api.erl b/apps/emqx_retainer/src/emqx_retainer_api.erl
new file mode 100644
index 000000000..237a3b19c
--- /dev/null
+++ b/apps/emqx_retainer/src/emqx_retainer_api.erl
@@ -0,0 +1,61 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_retainer_api).
+
+-rest_api(#{name   => lookup_config,
+            method => 'GET',
+            path   => "/retainer",
+            func   => lookup_config,
+            descr  => "lookup retainer config"
+           }).
+
+-rest_api(#{name   => update_config,
+            method => 'PUT',
+            path   => "/retainer",
+            func   => update_config,
+            descr  => "update retainer config"
+           }).
+
+-export([ lookup_config/2
+        , update_config/2
+        ]).
+
+lookup_config(_Bindings, _Params) ->
+    Config = emqx_config:get([emqx_retainer]),
+    minirest:return({ok, Config}).
+
+update_config(_Bindings, Params) ->
+    try
+        ConfigList = proplists:get_value(<<"emqx_retainer">>, Params),
+        {ok, RawConf} = hocon:binary(jsx:encode(#{<<"emqx_retainer">> => ConfigList}),
+                                     #{format => richmap}),
+        RichConf = hocon_schema:check(emqx_retainer_schema, RawConf, #{atom_key => true}),
+        #{emqx_retainer := Conf} = hocon_schema:richmap_to_map(RichConf),
+        Action = proplists:get_value(<<"action">>, Params, undefined),
+        do_update_config(Action, Conf),
+        minirest:return()
+    catch _:_:Reason ->
+            minirest:return({error, Reason})
+    end.
+
+%%------------------------------------------------------------------------------
+%% Interval Funcs
+%%------------------------------------------------------------------------------
+do_update_config(undefined, Config) ->
+    emqx_retainer:update_config(Config);
+do_update_config(<<"test">>, _) ->
+    ok.
diff --git a/apps/emqx_retainer/src/emqx_retainer_app.erl b/apps/emqx_retainer/src/emqx_retainer_app.erl
index 3f42ddbd6..3626bbd00 100644
--- a/apps/emqx_retainer/src/emqx_retainer_app.erl
+++ b/apps/emqx_retainer/src/emqx_retainer_app.erl
@@ -26,7 +26,6 @@
 
 start(_Type, _Args) ->
     {ok, Sup} = emqx_retainer_sup:start_link(),
-    emqx_retainer:load(),
     emqx_retainer_cli:load(),
     {ok, Sup}.
 
diff --git a/apps/emqx_retainer/src/emqx_retainer_schema.erl b/apps/emqx_retainer/src/emqx_retainer_schema.erl
index ece873dae..14f643823 100644
--- a/apps/emqx_retainer/src/emqx_retainer_schema.erl
+++ b/apps/emqx_retainer/src/emqx_retainer_schema.erl
@@ -11,7 +11,8 @@
 structs() -> ["emqx_retainer"].
 
 fields("emqx_retainer") ->
-    [ {storage_type, t(storage_type(), ram)}
+    [ {enable, t(boolean(), false)}
+    , {storage_type, t(storage_type(), ram)}
     , {max_retained_messages, t(integer(), 0, fun is_pos_integer/1)}
     , {max_payload_size, t(emqx_schema:bytesize(), "1MB")}
     , {expiry_interval, t(emqx_schema:duration_ms(), "0s")}
diff --git a/apps/emqx_retainer/test/emqx_retainer_SUITE.erl b/apps/emqx_retainer/test/emqx_retainer_SUITE.erl
index 4f549a385..cf74b1334 100644
--- a/apps/emqx_retainer/test/emqx_retainer_SUITE.erl
+++ b/apps/emqx_retainer/test/emqx_retainer_SUITE.erl
@@ -55,7 +55,8 @@ set_special_configs(_) ->
 
 init_emqx_retainer_conf(Expiry) ->
     emqx_config:put([emqx_retainer],
-                    #{storage_type => ram,
+                    #{enable => true,
+                      storage_type => ram,
                       max_retained_messages => 0,
                       max_payload_size => 1024 * 1024,
                       expiry_interval => Expiry}).
diff --git a/apps/emqx_retainer/test/emqx_retainer_api_SUITE.erl b/apps/emqx_retainer/test/emqx_retainer_api_SUITE.erl
new file mode 100644
index 000000000..57196c7bd
--- /dev/null
+++ b/apps/emqx_retainer/test/emqx_retainer_api_SUITE.erl
@@ -0,0 +1,158 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_retainer_api_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-include("emqx_retainer.hrl").
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+
+-import(emqx_ct_http, [ request_api/3
+                      , request_api/5
+                      , get_http_data/1
+                      , create_default_app/0
+                      , delete_default_app/0
+                      , default_auth_header/0
+                      ]).
+
+-define(HOST, "http://127.0.0.1:8081/").
+-define(API_VERSION, "v4").
+-define(BASE_PATH, "api").
+
+all() ->
+    emqx_ct:all(?MODULE).
+
+groups() ->
+    [].
+
+init_per_suite(Config) ->
+    application:stop(emqx_retainer),
+    emqx_ct_helpers:start_apps([emqx_retainer, emqx_management], fun set_special_configs/1),
+    create_default_app(),
+    Config.
+
+end_per_suite(_Config) ->
+    delete_default_app(),
+    emqx_ct_helpers:stop_apps([emqx_retainer]).
+
+init_per_testcase(_, Config) ->
+    Config.
+
+set_special_configs(emqx_retainer) ->
+    init_emqx_retainer_conf(0);
+set_special_configs(emqx_management) ->
+    emqx_config:put([emqx_management], #{listeners => [#{protocol => "http", port => 8081}],
+                                         default_application_id => <<"admin">>,
+                                         default_application_secret => <<"public">>}),
+    ok;
+set_special_configs(_) ->
+    ok.
+
+init_emqx_retainer_conf(Expiry) ->
+    emqx_config:put([emqx_retainer],
+                    #{enable => true,
+                      storage_type => ram,
+                      max_retained_messages => 0,
+                      max_payload_size => 1024 * 1024,
+                      expiry_interval => Expiry}).
+%%------------------------------------------------------------------------------
+%% Test Cases
+%%------------------------------------------------------------------------------
+
+t_config(_Config) ->
+    {ok, Return} = request_http_rest_lookup(["retainer"]),
+    NowCfg = get_http_data(Return),
+    NewCfg = NowCfg#{<<"expiry_interval">> => timer:seconds(60)},
+    RetainerConf = #{<<"emqx_retainer">> => NewCfg},
+
+    {ok, _} = request_http_rest_update(["retainer?action=test"], RetainerConf),
+    {ok, TestReturn} = request_http_rest_lookup(["retainer"]),
+    ?assertEqual(NowCfg, get_http_data(TestReturn)),
+
+    {ok, _} = request_http_rest_update(["retainer"], RetainerConf),
+    {ok, UpdateReturn} = request_http_rest_lookup(["retainer"]),
+    ?assertEqual(NewCfg, get_http_data(UpdateReturn)),
+    ok.
+
+t_enable_disable(_Config) ->
+    Conf = switch_emqx_retainer(undefined, true),
+
+    {ok, C1} = emqtt:start_link([{clean_start, true}, {proto_ver, v5}]),
+    {ok, _} = emqtt:connect(C1),
+
+    emqtt:publish(C1, <<"retained">>, <<"this is a retained message">>, [{qos, 0}, {retain, true}]),
+    timer:sleep(100),
+
+    {ok, #{}, [0]} = emqtt:subscribe(C1, <<"retained">>, [{qos, 0}, {rh, 0}]),
+    ?assertEqual(1, length(receive_messages(1))),
+
+    _ = switch_emqx_retainer(Conf, false),
+
+    {ok, #{}, [0]} = emqtt:unsubscribe(C1, <<"retained">>),
+    emqtt:publish(C1, <<"retained">>, <<"this is a retained message">>, [{qos, 0}, {retain, true}]),
+    timer:sleep(100),
+    {ok, #{}, [0]} = emqtt:subscribe(C1, <<"retained">>, [{qos, 0}, {rh, 0}]),
+    ?assertEqual(0, length(receive_messages(1))),
+
+    ok = emqtt:disconnect(C1).
+
+%%--------------------------------------------------------------------
+%% HTTP Request
+%%--------------------------------------------------------------------
+request_http_rest_lookup(Path) ->
+    request_api(get, uri([Path]), default_auth_header()).
+
+request_http_rest_update(Path, Params) ->
+    request_api(put, uri([Path]), [], default_auth_header(), Params).
+
+uri(Parts) when is_list(Parts) ->
+    NParts = [b2l(E) || E <- Parts],
+    ?HOST ++ filename:join([?BASE_PATH, ?API_VERSION | NParts]).
+
+%% @private
+b2l(B) when is_binary(B) ->
+    binary_to_list(B);
+b2l(L) when is_list(L) ->
+    L.
+
+receive_messages(Count) ->
+    receive_messages(Count, []).
+receive_messages(0, Msgs) ->
+    Msgs;
+receive_messages(Count, Msgs) ->
+    receive
+        {publish, Msg} ->
+            ct:log("Msg: ~p ~n", [Msg]),
+            receive_messages(Count-1, [Msg|Msgs]);
+        Other ->
+            ct:log("Other Msg: ~p~n",[Other]),
+            receive_messages(Count, Msgs)
+    after 2000 ->
+            Msgs
+    end.
+
+switch_emqx_retainer(undefined, IsEnable) ->
+    {ok, Return} = request_http_rest_lookup(["retainer"]),
+    NowCfg = get_http_data(Return),
+    switch_emqx_retainer(NowCfg, IsEnable);
+
+switch_emqx_retainer(NowCfg, IsEnable) ->
+    NewCfg = NowCfg#{<<"enable">> => IsEnable},
+    RetainerConf = #{<<"emqx_retainer">> => NewCfg},
+    {ok, _} = request_http_rest_update(["retainer"], RetainerConf),
+    NewCfg.
diff --git a/apps/emqx_retainer/test/mqtt_protocol_v5_SUITE.erl b/apps/emqx_retainer/test/mqtt_protocol_v5_SUITE.erl
index cec492c6a..19d404010 100644
--- a/apps/emqx_retainer/test/mqtt_protocol_v5_SUITE.erl
+++ b/apps/emqx_retainer/test/mqtt_protocol_v5_SUITE.erl
@@ -27,7 +27,7 @@ init_per_suite(Config) ->
     %% Meck emqtt
     ok = meck:new(emqtt, [non_strict, passthrough, no_history, no_link]),
     %% Start Apps
-    emqx_ct_helpers:start_apps([emqx_retainer]),
+    emqx_ct_helpers:start_apps([emqx_retainer], fun set_special_configs/1),
     Config.
 
 end_per_suite(_Config) ->
@@ -37,6 +37,16 @@ end_per_suite(_Config) ->
 %%--------------------------------------------------------------------
 %% Helpers
 %%--------------------------------------------------------------------
+set_special_configs(emqx_retainer) ->
+    emqx_config:put([emqx_retainer],
+                    #{enable => true,
+                      storage_type => ram,
+                      max_retained_messages => 0,
+                      max_payload_size => 1024 * 1024,
+                      expiry_interval => 0});
+
+set_special_configs(_) ->
+    ok.
 
 client_info(Key, Client) ->
     maps:get(Key, maps:from_list(emqtt:info(Client)), undefined).

From a95b91c005e6494be697a636f33180644006c3ff Mon Sep 17 00:00:00 2001
From: k32 <10274441+k32@users.noreply.github.com>
Date: Tue, 6 Jul 2021 18:37:49 +0200
Subject: [PATCH 173/174] chore(coap): Fix debug logs

---
 apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
index b93d1c640..315cfbb5c 100644
--- a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
+++ b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
@@ -105,8 +105,8 @@ call(Pid, Msg, _) ->
 %%--------------------------------------------------------------------
 
 init({ClientId, Username, Password, Channel}) ->
-    ?LOG(debug, "try to start adapter ClientId=~p, Username=~p, Password=~p, "
-                "Channel=~0p", [ClientId, Username, Password, Channel]),
+    ?LOG(debug, "try to start adapter ClientId=~p, Username=~p, "
+                "Channel=~0p", [ClientId, Username, Channel]),
     State0 = #state{peername = Channel,
                     clientid = ClientId,
                     username = Username,
@@ -384,4 +384,3 @@ clientinfo(#state{peername = {PeerHost, _},
       mountpoint => undefined,
       ws_cookie  => undefined
      }.
-

From 612d25fdb358bf31ac833673c768eb8ea4e279f3 Mon Sep 17 00:00:00 2001
From: Rory Z <rory-z@outlook.com>
Date: Tue, 6 Jul 2021 18:19:22 +0800
Subject: [PATCH 174/174] chore(connector): rename mongo config key

---
 apps/emqx_connector/src/emqx_connector_mongo.erl | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl
index bac97a41a..b8a3c0da0 100644
--- a/apps/emqx_connector/src/emqx_connector_mongo.erl
+++ b/apps/emqx_connector/src/emqx_connector_mongo.erl
@@ -76,9 +76,10 @@ fields(topology) ->
 
 mongo_fields() ->
     [ {pool_size, fun emqx_connector_schema_lib:pool_size/1}
-    , {login, fun emqx_connector_schema_lib:username/1}
+    , {username, fun emqx_connector_schema_lib:username/1}
     , {password, fun emqx_connector_schema_lib:password/1}
-    , {auth_source, fun auth_source/1}
+    , {authentication_database, #{type => binary(),
+                                  nullable => true}}
     , {database, fun emqx_connector_schema_lib:database/1}
     ] ++
     emqx_connector_schema_lib:ssl_fields().
@@ -217,9 +218,9 @@ init_topology_options([], Acc) ->
 
 init_worker_options([{database, V} | R], Acc) ->
     init_worker_options(R, [{database, V} | Acc]);
-init_worker_options([{auth_source, V} | R], Acc) ->
+init_worker_options([{authentication_database, V} | R], Acc) ->
     init_worker_options(R, [{auth_source, V} | Acc]);
-init_worker_options([{login, V} | R], Acc) ->
+init_worker_options([{username, V} | R], Acc) ->
     init_worker_options(R, [{login, V} | Acc]);
 init_worker_options([{password, V} | R], Acc) ->
     init_worker_options(R, [{password, V} | Acc]);
@@ -249,10 +250,6 @@ servers(type) -> hoconsc:array(server());
 servers(validator) -> [?REQUIRED("the field 'servers' is required")];
 servers(_) -> undefined.
 
-auth_source(type) -> binary();
-auth_source(nullable) -> true;
-auth_source(_) -> undefined.
-
 duration(type) -> emqx_schema:duration_ms();
 duration(nullable) -> true;
 duration(_) -> undefined.