From 53cd0b83d3dc455488d24da029f03ee61afbf90c Mon Sep 17 00:00:00 2001 From: Jan Larwig Date: Mon, 13 Nov 2023 11:27:28 +0100 Subject: [PATCH] add contribution guide to documentation (#2318) * add contribution guide to doucmentation * fix EOF --- contrib/local-environment/dex.yaml | 4 +- .../docker-compose-keycloak.yaml | 17 ++-- contrib/local-environment/docker-compose.yaml | 16 ++-- .../oauth2-proxy-keycloak.cfg | 6 +- contrib/local-environment/oauth2-proxy.cfg | 15 ++-- docs/docs/community/contribution.md | 78 ++++++++++++++++++ docs/sidebars.js | 2 +- docs/src/pages/index.md | 4 +- docs/static/img/debug-tab.png | Bin 0 -> 26779 bytes .../version-7.5.x/community/contribution.md | 78 ++++++++++++++++++ .../version-7.5.x-sidebars.json | 1 + 11 files changed, 193 insertions(+), 28 deletions(-) create mode 100644 docs/docs/community/contribution.md create mode 100644 docs/static/img/debug-tab.png create mode 100644 docs/versioned_docs/version-7.5.x/community/contribution.md diff --git a/contrib/local-environment/dex.yaml b/contrib/local-environment/dex.yaml index ae687e0..fd64152 100644 --- a/contrib/local-environment/dex.yaml +++ b/contrib/local-environment/dex.yaml @@ -1,7 +1,7 @@ # This configuration is intended to be used with the docker-compose testing # environment. # This should configure Dex to run on port 4190 and provides a static login -issuer: http://dex.localhost:4190/dex +issuer: http://dex.localtest.me:4190/dex storage: type: etcd config: @@ -19,7 +19,7 @@ staticClients: - id: oauth2-proxy redirectURIs: # These redirect URIs point to the `--redirect-url` for OAuth2 proxy. - - 'http://localhost:4180/oauth2/callback' # For basic proxy example. + - 'http://oauth2-proxy.localtest.me:4180/oauth2/callback' # For basic proxy example. - 'http://oauth2-proxy.oauth2-proxy.localhost/oauth2/callback' # For nginx and traefik example. name: 'OAuth2 Proxy' secret: b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK diff --git a/contrib/local-environment/docker-compose-keycloak.yaml b/contrib/local-environment/docker-compose-keycloak.yaml index e9dfa17..ae435ea 100644 --- a/contrib/local-environment/docker-compose-keycloak.yaml +++ b/contrib/local-environment/docker-compose-keycloak.yaml @@ -12,7 +12,6 @@ # Access http://keycloak.localtest.me:9080 with the same credentials to check out the settings version: '3.0' services: - oauth2-proxy: container_name: oauth2-proxy image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 @@ -21,6 +20,8 @@ services: volumes: - "./oauth2-proxy-keycloak.cfg:/oauth2-proxy.cfg" restart: unless-stopped + ports: + - 4180:4180/tcp networks: keycloak: {} httpbin: {} @@ -28,15 +29,17 @@ services: depends_on: - httpbin - keycloak - ports: - - 4180:4180/tcp httpbin: container_name: httpbin image: kennethreitz/httpbin:latest hostname: httpbin + ports: + - 8080:80/tcp networks: - httpbin: {} + httpbin: + aliases: + - httpbin.localtest.me keycloak: container_name: keycloak @@ -50,19 +53,19 @@ services: '-Dkeycloak.migration.action=import', '-Dkeycloak.migration.provider=dir', '-Dkeycloak.migration.dir=/realm-config', - '-Dkeycloak.migration.strategy=IGNORE_EXISTING', + '-Dkeycloak.migration.strategy=IGNORE_EXISTING' ] volumes: - ./keycloak:/realm-config environment: KEYCLOAK_USER: admin@example.com KEYCLOAK_PASSWORD: password + ports: + - 9080:9080/tcp networks: keycloak: aliases: - keycloak.localtest.me - ports: - - 9080:9080/tcp networks: httpbin: {} diff --git a/contrib/local-environment/docker-compose.yaml b/contrib/local-environment/docker-compose.yaml index c5ba9ec..52cf786 100644 --- a/contrib/local-environment/docker-compose.yaml +++ b/contrib/local-environment/docker-compose.yaml @@ -8,19 +8,19 @@ # Or: # make (eg. make up, make down) # -# Access http://localhost:4180 to initiate a login cycle +# Access http://oauth2-proxy.localtest.me:4180 to initiate a login cycle version: '3.0' services: oauth2-proxy: container_name: oauth2-proxy image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 command: --config /oauth2-proxy.cfg - ports: - - 4180:4180/tcp hostname: oauth2-proxy volumes: - "./oauth2-proxy.cfg:/oauth2-proxy.cfg" restart: unless-stopped + ports: + - 4180:4180/tcp networks: dex: {} httpbin: {} @@ -31,16 +31,16 @@ services: container_name: dex image: ghcr.io/dexidp/dex:v2.30.3 command: dex serve /dex.yaml - ports: - - 4190:4190/tcp hostname: dex volumes: - "./dex.yaml:/dex.yaml" restart: unless-stopped + ports: + - 4190:4190/tcp networks: dex: aliases: - - dex.localhost + - dex.localtest.me etcd: {} depends_on: - etcd @@ -50,7 +50,9 @@ services: ports: - 8080:80/tcp networks: - httpbin: {} + httpbin: + aliases: + - httpbin.localtest.me etcd: container_name: etcd image: gcr.io/etcd-development/etcd:v3.4.7 diff --git a/contrib/local-environment/oauth2-proxy-keycloak.cfg b/contrib/local-environment/oauth2-proxy-keycloak.cfg index 6620b8a..602cf31 100644 --- a/contrib/local-environment/oauth2-proxy-keycloak.cfg +++ b/contrib/local-environment/oauth2-proxy-keycloak.cfg @@ -1,8 +1,8 @@ http_address="0.0.0.0:4180" cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=" -email_domains=["example.com"] +email_domains="example.com" cookie_secure="false" -upstreams="http://httpbin" +upstreams="http://httpbin.localtest.me:8080" cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains. whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target. @@ -16,5 +16,3 @@ redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback" oidc_issuer_url="http://keycloak.localtest.me:9080/auth/realms/master" provider="oidc" provider_display_name="Keycloak" - - diff --git a/contrib/local-environment/oauth2-proxy.cfg b/contrib/local-environment/oauth2-proxy.cfg index 7ee55d8..ee58e14 100644 --- a/contrib/local-environment/oauth2-proxy.cfg +++ b/contrib/local-environment/oauth2-proxy.cfg @@ -1,11 +1,16 @@ http_address="0.0.0.0:4180" cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=" -provider="oidc" email_domains="example.com" -oidc_issuer_url="http://dex.localhost:4190/dex" +cookie_secure="false" +upstreams="http://httpbin.localtest.me:8080" +cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains. +whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target. + +# dex provider client_secret="b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK" client_id="oauth2-proxy" -cookie_secure="false" +redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback" -redirect_url="http://localhost:4180/oauth2/callback" -upstreams="http://httpbin" +oidc_issuer_url="http://dex.localtest.me:4190/dex" +provider="oidc" +provider_display_name="Dex" diff --git a/docs/docs/community/contribution.md b/docs/docs/community/contribution.md new file mode 100644 index 0000000..cb0b284 --- /dev/null +++ b/docs/docs/community/contribution.md @@ -0,0 +1,78 @@ +--- +id: contribution +title: Contribution Guide +--- + +We track bugs and issues using Github. + +If you find a bug, please open an Issue. When opening an Issue or Pull Request please follow the preconfigured template and take special note of the checkboxes. + +If you want to fix a bug, add a new feature or extend existing functionality, please create a fork, create a feature branch and open a PR back to this repo. +Please mention open bug issue number(s) within your PR if applicable. + +We suggest using [Visual Studio Code](https://code.visualstudio.com/docs/languages/go) with the official [Go for Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=golang.go) extension. + + +# Go version + +This project is currently still using go 1.19. You can follow the installation guide for go [here.](https://go.dev/doc/install) And you can find go version 1.19 in the archived section [here.](https://go.dev/dl/) + +# Preparing your fork +Clone your fork, create a feature branch and update the depedencies to get started. +```bash +git clone git@github.com:/oauth2-proxy +cd oauth2-proxy +git branch feature/ +git push --set-upstream origin feature/ +go mod download +``` + + +# Testing / Debugging +For starting oauth2-proxy locally open the debugging tab and create the `launch.json` and select `Go: Launch Package`. + +![Debugging Tab](/img/debug-tab.png) +```json +{ + "version": "0.2.0", + "configurations": [ + { + "name": "Launch OAuth2-Proxy with Dex", + "type": "go", + "request": "launch", + "mode": "auto", + "program": "${workspaceFolder}", + "args": [ + "--config", + // The following configuration contains settings for a locally deployed + // upstream and dex as an idetity provider + "contrib/local-environment/oauth2-proxy.cfg" + ] + }, + { + "name": "Launch OAuth2-Proxy with Keycloak", + "type": "go", + "request": "launch", + "mode": "auto", + "program": "${workspaceFolder}", + "args": [ + "--config", + // The following configuration contains settings for a locally deployed + // upstream and keycloak as an idetity provider + "contrib/local-environment/oauth2-proxy-keycloak.cfg" + ] + } + ] +} +``` + +Before you can start your local version of oauth2-proxy, you will have to use the provided docker compose files to start a local upstream service and identity provider. We suggest using [httpbin](https://hub.docker.com/r/kennethreitz/httpbin) as your upstream for testing as it allows for request and response introspection of all things HTTP. + +Open a terminal and switch to the `contrib/local-environment` directory. + +- Dex as your IdP: `docker compose -f docker-compose.yaml up dex etcd httpbin` +- Keycloak as your IdP: `docker compose -f docker-compose-keycloak.yaml up keycloak httpbin` + +The username for both is `admin@example.com` and password is `password`. + +Start oauth2-proxy from the debug tab and open http://oauth2-proxy.localtest.me:4180/ for testing. diff --git a/docs/sidebars.js b/docs/sidebars.js index b573ad5..a73d7ae 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -67,7 +67,7 @@ module.exports = { id: 'community/security', }, collapsed: false, - items: ['community/security'], + items: ['community/contribution', 'community/security'], }, ], }; diff --git a/docs/src/pages/index.md b/docs/src/pages/index.md index b75b4e2..e08e345 100644 --- a/docs/src/pages/index.md +++ b/docs/src/pages/index.md @@ -14,8 +14,8 @@ Versions v3.0.0 and up are from this fork and will have diverged from any change A list of changes can be seen in the [CHANGELOG](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md). ::: -![Sign In Page](../../static/img/sign-in-page.png) +![Sign In Page](/img/sign-in-page.png) ## Architecture -![OAuth2 Proxy Architecture](../../static/img/architecture.png) +![OAuth2 Proxy Architecture](/img/architecture.png) diff --git a/docs/static/img/debug-tab.png b/docs/static/img/debug-tab.png new file mode 100644 index 0000000000000000000000000000000000000000..dfa79baa6ef709c7fdbe000034b956df855c7d4c GIT binary patch literal 26779 zcmb@sW00gz6z(}aZQHhO+qP}nwrx+_wx?Nb+qQe!+Wy}gcjIovjo1&nA2Kqc-m13} zCo<1-eov%=oH#5L7Syj_zhEULM3jF00@D9!h!9{upKP8K=l*n%4icKqzkb0D{nvm} zso}7H{UZ1!DI%!ik#o7_ucN&3`Er*|n5g3?!axK>jFeFRSEiylDphMvirQ_k^@)1} zl|NVe#Jpvz%sKz*;i_|H`4Qm0VP3ma(~5u5W|zO#VmGh09)((?5sliS5UsqZ5E(WK zZwZ1#*pEGbgC76}a+p4XfAZ>a>yeP{J;V7-=DFiM!~2|rI5sx6BZy&Hk{i1;wfHipuve$qaaqMre8AkC@jBblp4UTor$j1m8pW(Bj?&4vUR>Dpe#(U z6L0f1H=#iEB3>}t>ZdXG00^O%d_NFn_nvoJdaM^!Pez?()%{NCM-;)9ne2Lp+ZO^l ze?44MZ;W*p*$-lLD3+=8Z#eWz(F{?bsawrgif+ZjK0FSPi%Jt?juO|6b7jbAQglw7^F zl5|jh-V!I_b%nPl_K+9lv`3VEn_?xc1UGF5@SHs3^2jc!;B5|z z`|C>|1&NPIUctCa6`t^o6g3gk;lSrx*F3!L_p7?c=-wPP?iE4g`4L$D0?dr$bxneaVHj)cCd9*QzQ^2W#sXqb^NhT1lU(( z4r;Yc_$D@FUG-y+bUheusDlqfC$kTWn~UEHSr?O!9mPil*=*~I_0f@`NDC4jW%`~G z8)IR8loZzMd==xOMlyOsa=M7h*S{FUx3;#`XTM}G9ydxwqGXJ`_B9T}!hmr3XXa{b z=-^Ga`wkiGtzh=7NTpmU_7oj6VsaA~MAvrwC!+l?0ADdMq-3sGj)Aa?8{i5Ezf^{{ z_~OeCve&#uS!ZKG`772xu=76F>_@9OPMZGVq~3gok^4Vc-^abu*&pxn`%NYDzr$+F z!O`vng6pTIQ8J$}*k5T-Agq;MKi1Ii4qb8Yt_t_&LQV zDU*d2KCUHs)FEBBMd?!+c~_H~VGBH384S>rJX0i}OD2aseNj!zc9hMThOyPRu7JQt z7vFq=p!2kP=4iOykS-yDJ7@<&0r`c==|L5J9anH)G=*b_dHOVvx*~99KCGgK@^E+3 ztFMDS%pFxxO>uPa`Lj=z6x)hYrlO1+edX9n)4wSlJV~6<8;wC%UEGell8mK!ljp znb0+^Z~SmPIK-PUH0wt@aD+OY``s9H{K>R{Hu6dnPwf2~{|BY_sEfyd3I5{+QD{6^ zGTT2A|BMud;ss0ui&3oHLG7}*esk_|s-Dth)2_Rr*CO{SPh;)vJX;0Xt01>-=0wJe z?{eJHJ%M*?QlIZ7q}X(XueGkMxfm&ZYdl|X6)ND;QE*H!N14920y(iYV-28Zya0zB zKXtlO>zO0BIj$h|hV22g3CqD-AOb=Slu2h>!K*N`wJ>)K-F`v2anI(jd9t5~za{7b zVAZU9e2jZ0ZGlp6LWai`XZ697_REPVD@lR<){U#upW^sACz{h2UWdKDnioP*&L1!- z!MvT0*e+@2On@Ds@Bw+j2i6NC2S#|7D8c{jW3J{#)^ zrX3ggWjnE{EBK}`O*bq`-(zayT-d1MVF;Bj`!=U&d^xZjJxGLtyksK(a%@Vy`HYnn zee3e$%ADv;?U1AK^~aFo`TPHC;mGOm;*ytx}?u?*%FS6LWW7 z(|5Q7m{=kz41ocU1(NCOogskug`?-+gIYkhFLTLBQihogeI|=5UK2p2;mn_{;il^8 z@o(_N-r;~RKm2l`j+474z3+h{Vt@6drAHKdQ(LdE;?QD+$cpbkX`vL>G!P#85;*^1 zQIQmqebfbO#cTz%CP!~ljknjUObB+CN44Q<2s5uUSIPGcvD+3BK=&XO1O2$(;a%LP z(GRs_3NJ;8V=no6cMo*oy}P0~rZf0*W3qZ{Zm`GGoU`OuL5BZwJBX6;>{x`&em&gN zPA2{=yo}apyJ6*}Ub```j_q#0DO=#@vc{EG8DPQF;e$5T4|Pdz*i$#X@^vY37>Q$N zvOXg!mA|$9XJP;FxfBO2&Gr78H}lNT?t0lQA~LCR?Rjfw#MPTxz;605+EHWkX+hhC zt>ckWATmVKc&mR+R`D<{__F{d@kqTF#%?`*Y4KS)9tuRD;mC$EL|VTSEICvo*O0@b zGo;;slt-qF^X}knzRFRQr&)wrnmk?%SG!%2>#i*R9@*ZYGF@%oIE&|}gB6gN(iVTT zz@|Jlq&XO4F(wd_0*`EsZ&@;qiu0H5Dj2V@4klJ?2)0*$Ao*A);Sb=spNLM(6bzLv1}n~DkqOHyLq5sDv z7ZXIO40yOMWRz*pjMP(?m!-F6J2yx2{MWNbUH3Dze4RwU-YG=Mp6((d<82W)8oa?2 zznHuwZ?2!wt)x*S`D_*R#5h)|B(e#L-mziZKN`OU=`H-E+y5vT1EhR z=@SdH)!xdS|AhU&`1uwV zOna54_JO0DJs;m6TP@vcZg z^!<0Yq-KX+lmi*$u+?sK@G6Gu75yhHa4CZuloba(9_=UN*X<|_t^oLajRycbC=5Cp z@%bMyrAquPEPt)Vt!gKBB(+!X4H*Rf`uNolDldIlG789E=Rtb^Vi8==@F_AkUDlY; zo@0TV8nTXm1_NXAj}}>J0GiVCp+#&$|9L+vGO`6!5W!0zMDKrFPZ0Fq2H;2RQvWOv zIMK`hr$@qvU!8gUpG7H}^gcpE-*hDV>Rp-7{AO(HJYRI{x3_E$f_jt{eN-g>&V)w# zQ~|ZL?-F{>LB?0qxBc0nA|D-D)STyy#wQazcmKS`dwi=8S(D#CnyR-g@q1b7u$V~g zdHRv9qa0tmC2t-NzFLE6WUcw(445nV@TzXE`mTu6m;{4Q!`t8 ztasO9`}NMm4BVYA{xEQ3gz?j#@1#K%kb(b9%S7s*=4>IC=XQXH++VcNlEGD%Jd)u7 zs4F=q56z1a&;RF62~r?V^a7XG686{vbxfakitNEnLE?mVs`)NXeevxXH>oWiv@$)O z4ma2)n-Q1!y2YQn$cVH+!b@)kVA>*wb#IA1VOMXMTaNNB9=c)&+|BDE%A7*@wTPB% z-p@d=?VRn&YgewRdBX(-XXcxkENwarcu_hP4UhX@RT`()WExK)aI)p(fGT@fDZ#fm z+avqGJt*pNUJqQgFkSd-6S8DY&B%y-_S>Q5#h5+I?`JF;%jwDCRUc;Jw)niYfV-|z z;AL

Tlviy%oCZqSSe&xvyWJgaYO*_~kh%J`S1=HIX&%H=X8%)>oQud@@g3tu?=N z;JgBUS#W9n?VJ)#QRgNQk>9VjLEAAE0p4Y8+T&MOc73P!wCZgwvTz%3J5sK{VQ2+| zmx@Ij%)v>UnQQCwuVC>eQP$3q|B6GJbcN#y)FL9EGGCi#X&zmDI##YP!;#L#4Hu7O zqf5QKp&MCLBmqpPdtL`bqG~dQ-oTUS3+xRvy5f4~rzvj~ieNhN38SD?6fNt=8k@NF!ifcDDg(CNBPXyI?dUM{DRWjOYiEj+-YyQxU zv)7tU!C_~etsQ<4gkN%!#muckSHW<|I;7N^KV}cFK4Q}7b;jg`o{LR`T6;3Jl0SCk? z;<83ku)r(`3@euoYtP5F+3}KNdvv)7m;h%%0=>yIPYpB^T84+UgcnPWoq|(Sah#tjCjn*KIB}pas3)G9%h8pk5KlFc9dELLqcI*SHVmRP~mo_(JhmcLPDEZ=Z3HyoYBcxwQA@c_s=`8Ihuy7%ej}ud#^%4MTsowo&QeRPlkcG~FC>F5Veu;&~Y6LNXSJjMJtpz1x(-n0n>R0Ll_F7@)Fr zfKN>kS&(pT+mEE{*6pWYFY7|jl1E-x{9}e#1cS85O?hz}DTqf1xYG{Y1V(&DVHzS$ zWbopv_8Hjd6?6lSs^N@-EYNlzoe5sz|BEJ*Qwa-R@my$#D?`w_>|{8I==9F!{z~Ak+#40D0TqWy+Ta!8TxhJm z4{}6(H+ct=*xo5%D$*h_6-!I|@XyC4o|+C#H|ZI;e-2Gh|8Y>hlO6-Gm4c~ zkB-l{I;KQ~s-n|o(8UwMI5iJOudxWWw)A1C(s-4i_ht<5kbqG0jN3RtkQXNy)9fd0 z{6we>f|3OO5xzlIyOxDuBwcZOe$tBIE5H-Q&#v@523Y+hQf}$09G+!IE)Ypj7p*)Y zNWd=jj^Kb}yBapqS7}>&nR)l3+=KTFG1D z`MhR0+Bq)--PyA2U;0fYiy);Ukpx9#XS7D_907CMSwYnvPyK7JvFmp~d%*4}hLMZb zfLLfD9;QG*8|>Oualc=d^0M-(u5G&9u@y41s9baEiMv{(byVV7FTYt`bgZ^*3aI#P zw7u(m0;Ue$zPmfHV&9fkVAl+yFmh=_51o-+YypRq#EKmzCb@+L zc`<1b7n%_gcDD;eI6SVnt*t>T^%?`b9{M<2Yw8YvSLXOqF$UeLfh!v`^~~7VG8LY; zo{;Fbmr83}p0u*VJA2R~yZVQ5H12Cik{jg645xtB0D>y4My|@a?p8;s-wQvyi&{6>`!4&7dw&*cAR5BBM%nN6h$a{ z*RpI1Ws%!`+a8`Q#M}VF_5^xqLMOZF*Sz0vlw!r7`bx`Kk|PT5Vxq-~j5P_a+4|#RmU)Kb@n&IQ70J9Z_gIW=nBGSWgr}6V7 z30&A#VbH_tHsD0z4fJ0sf9eyyS9lIN$y^qdT6yE0REap-TJv>^D>6+ky)r*otsN#M z2QdnQn%pYoIA*7&1{SsZM1CTRr{7(K;h=O|$|?vARd3V0TBD|A(a#pJ$0fcIkq8n$ z&&1}0!^o&;VXT}{wBY>jffuI|d%BB1J)Mgy&0P)Tq3lYH@8yzuna!KffuvLex9-at z2mX|vue)?D*<<$tx%$J}oPUR7dn}GqAK5G>&o!RvrLLyzMOly4wFZHWDr3Vw3VR;e z)Q}z9v!ydf|GOxIzlACT0k>ZnI$5F5*#x5EDQRVq@~}$owkwyl`a_$vMGq9&WzWal zP2~og5{3lpPrHn?(tfB`1r;A6@NkMH3<(^ko@7SvJIMr#C(7k?$72(2}r>inb&q^sw=Thz<{Q@NmLk=;-M1oUw*S zElu|&OmSOjBgdR8x5V~A1TfKtH&$pk`BIgHD5BA+pZS;j2Ks^Me-Hk?4a>RVR*S2J z8Oq3#9&^RXuBc2z5kRC*-Gc4>btI9UE4XKKa?z(;Zu;D+j}?2sd&;!{v&4~%qZPj>cWnZ!8wiaE#Sd2*M-A5UEzWrkt5G;Y@GxVLab+Rw;Zqw40W2( zhS_6PaQU~~m4)p$%j$Ei%yJBA4qT{c$ZK=6?bC~A8_(BZ{L_UHLaK&tmwbQ+AQpa2 zxmmq!ZO-aqKbB!9Dk79FMU{g8NKoxTbe|G~AmCr=!N-I=%yVw7n9uACN}X{xoj)3I z5W9D`s$D@Icm2WYinxvf1&Z-J{ztFX>_yw#q2IF${1Lg0=qE=;Knbw|8MS*R7=igu zqO!s0-}0_V2s0xTn%c~gu3W2Tu;H-k;mF1cR|~$2zh=un4B%xK+lLIIYcMx`sH5uKq+>{OL zcOX`h?WEDe&l$6Cd2e*Ah(@nqd3xHSBQyC#3+5IA6C>uHuOeJCJgJ_3VKCyJeD?mg zl&CFuDO$i4(2a~ZKB2Zn_$Qe+E-~9nRz)vcI<2W|_1>ia#xPB0ToT(#qhiw2lGiy; zrTEG8ZD#5+qO`!r9f&KS7Zi2Ro3C9JdTGD=BGFY{z0zbhUxZbULU3W!F3i{aao!^MnNUN4QREddVsYOnlu_F1ebMz$2*o2woXjeT1QfJV_%)2a7Wlb z?=-`xgbHqz(XhTnBY*>8P23oITT9lc7YBCmz{ocIy@xOD$Gbf99Hl_(ag&!W(0vMx z(={_uZcBX|L3)zd8%F3<=xc7erZQEc+e)y>g(?Tlu+2tymb#Ao{b3Na@y@))Kv)Z0 zMoxc{CRTGpkE@`I;^Q6Hq#SJpbQ%I?sc@OWFWVcq-j8>#%A|!cJudu;VWBzj*J^)f z7O#BdYyy~cL%3d`5ZRo8c7k1Og;0R=g$^#*g<~(5XOxzA(~NBMli>0Jxty7i3PY6r z<{}fz zA~&D7^jE7gYgZGJR~R@tts4pGU)=I~_ZXwA=glS@Mg1mM8pTY zXyZGTe+CjGm~sS)iJyQz*{TcdcO zRFoL5;*Vl>^-ia|f|HLcLdL>fR8_E=+3T(`nyG;y7^uT1C#2QGP6L4{2@*jws})+o zK(RV;HE>GC+-Ofsh(^6jVKKG&%p9u~jhqSlNpv!Ga0s~qL8Spvap{dqL9r5zNWR2T zA&iDRFCaTlW9Z1<89oj5zW2kDOliuscn{1WCvI{ypf_+Duh*By#AS7*FmklxS2Uh!5RaB0Y z))c3o#h7+&s=$kV5nWjUbELf;V?;Dgvwsk8ZVJ2-x*&E2e!Tad>7GD36ZESIXdM{JeNbEA$9E+Uf|H{sxBhs5k3q~ zb*B~&BqW&&l)WvhDa_(u*L^sQ{)}8amS38|y>HJY+G^PJx+>B_Hel&2xiW}_(^X#N zkGNx{V=<%c07Y_<3&otZzoL*JhCrv=KbzOVPEhXrEgNQ#8*tr>8E(UXMWf+6vdNd2 z4|~lRG$+NBHeCrP8UbJ@U~Q1=U+THlh%I^hxiO=G_b3fxFoG;9`juZ?)&E@26{=^F z7%T6sz@(B=7Ou0Vacbc;6L+WlnBuWLpCQx`!Ys{MbxIQ{nH57}6c(*lWiPvD*43{D zx5X(Nl3Sf&w*G4Zvq6|YrzDLxG=*cut`ELB>PSZ>3ErgX6jtVBrld$%z=U3CiQHg} zs3orZ96c{0k)jw3VQ7jC^}xR^%+m(tUgmW9i@VHdMbUxFjX7V<(YH2Mnmkhhr!|T- zH3{1Q`J3PfmHA|7jXqCY&q^8@L<4@U(N-zLOA4O3iFRadaqUF9CLT@u~zmkn7 zBlX9*4MH0*%{KG~uL~|V3Z~4`bcftk>8~d)7iTp1img`enz;x!X-3eEDUoT*o6ozm zuFzGCmyiDY0@&{MR*Kl&-)gjlsrfW&7r#M9`rwf zZa@^BZg%%n`djVWoDRg2Q6_h09+YbNwVAxisPScvn5p9iz5Y7&>8q*2-7LA)nD^*p zWj^8U_Mn~ZSgGETHPm8OUW%L>dD-@!Qsw8eRT(yWD7q284hOCFUjp3|Go#TFdkRcn zTf692Hhh_e@dOMAubFL6>j!9y%c;A4ah495V1j(Wr$ueW6CWOfWtTkQyYEjn|53REME$e@; zHR^q5I$p**$PDdO*U<4)yLYC8I^ov@lk8C|fIwFz*!&8HV3s4PC4>RxP7D5|;~S`c zI%3yvq|V4yST}ZJN`uM=c7B~TaloubPYQzV+a;%qAB4K+EZj4sD74eDEVnm!h$Ew7{qj&G$1eZUx6<>zf|$wci&LxL-8Q*@G;jB8 zi3QdJok+`i>DU^8DoaBzwU&Sk4GS~d-nKk42jAq?xo?YR61)4bH8c^ajD!M9@5$u% z_esjfwE`8u#TI^5Vy*gmV^uyDxihHFa;TdGa^~fK{}VQF3~ic~gfn&SX`E338&KNR z-7*p9t#ATQFCJB;k(x7lQx0)zoMmg|^b!EiV1?un2zVq)1+h(@#u{)r@IDhAaOM&F1Oi9&u!0Y*uNY zJ`$!~l z|EfowElQt1L+{POEU>H0JD;p2*Hjd2>c^i^$wga79(?laK7GmH>etE$rXhrwY-R8$ zPK71MJew8=19|N8*ES}*oWSx%t?I%jZ)2qx0-xd_FwtLNz8KW#F=Um!dHnvYvs6XD zf9F)MdnBo2uczBoC^J1k;$k*HsjYd-)s_Auah9g<-adde>z`LJ6QlI#YJ!0RjXhGk z-dI*#;6DG0%bDtKERW=FHBwjn8jJwC27sc4$6&MW z6+qPw25k_H-RA7|#x8ZQ!0Zk&QANsEsr}UFs3Ob8Edm?FFp?Y5oNe0;s3LPkextC%g#E=Vr*%P;HiN86n zICLT^fE7Vvc>#r5FAiZ;`ez1Rpes}Qi^z)!(>{MLiS2a=7OUPA*N>gJCd5aKop{ z9o{NG5CB_y{2nWl4USPDgbVSqY$q-uK^4F@{piN-9s(81mh&foO)Cq_v3+=}<07sl zt{PXiJ(aM!n>~wiiuTg7^Pd^7)#EJ3-&#$|g@4@)y24r_1bf8X=@UM4ro8a6yli%H zrxIo$hEf(Tu6;h%7p7fbnMimMSeaR50*C=}u;(Jcwdk;0%PEl9XAg}_8;=|wKQ&`P zUZ!7=Z!2 zLO>yyN)nP$f>qZXMgGJK9_J9?@EM$2TV$3C19ds=j!MeKd(oa=d7lGgGjjiM zMF)R}Z(n1iaRh!`Dr!X4&}_~Qq08E~6BoVi1B}7a5}vWKcoEzbVY{?py$DbQH_cUq zeSt&e0_-h#z+uI0X*QR7&d*AYo6{fA%LAbXP;^d-s}&H@AneSw^Lq$7aTfHREkUg2 z4!uQT-yGQeTp_HXK>#x5+qi8>NjWm(|2QYRNWmW2r*b%aVn*yc?TRAhjh~t|ngeY) zF6136JMqe@iDdXwn>R`kmcOec_OP6a+q2ZM7kSb!$5N*4b2g-jfkHsveLz#M(qDy( z2pH)yDAbXwT5}EMg|Y4E%LjqyU|A^ZqUq1qA>!v47TUnD5GSV!f+@9sVPYPLx|{lr}3)o^r6x8F0Dl{Ge1*G@o&WQ*iwZtG7h<`P<7jJ116+6H5RTK#VQ6lM8n4~4qtk8 zaX6OlYLwzhJ&$R~;`4-@szbK`qU7lpaey&s{QSNCZ`84yvRuN82enN$a&R5vc6Q#R zXDqpgP<5kz+k+QB4g-8CGd-Fo=k^i;G?Ge6nsmr`+^Gl5A_#Sue`fmFH@<#g(uHa4 zXcIiz>q12+L&0sagv-L-e=npR5T41x_tYpNpx}vY?=7yQA^$3QCE;IQbWc9q>nY-f z@-IHLiHqHyqszsy2)|IUQX(>4u&ubez(4#Jto9)Qi^{HNNCIt(B^I_b6199MHT#aM zNPm9H-5XV+wWr|&H09@)DB=$FG!bR&i}LWggTkH>Mz@ktgG1He%8cZbW*4QXd~c|R`N><-WM4xXJ0JK8n} zyr;}H?((wOkHr(d?dN9K$I-!*ke8qu@5!s%_f1-13! zGVeBT>aUG@!K=+gnrsc?e)_np-A50BsOec9I3jkp6!)lybakW>v&yO2mhU}>Z|VZO z>*7AwJl_xGH1M<hj6elWM!*#MdUkiaRA%#j&%(RK z2R&Qj^jxj+yL#AW+rRRH%W%wOI#=d&1$?#p;-%i@mX3}NFHFS?{mnm4cljUaUeq~8 z9Z}H-Mx^%iTNjHu?a6l@i;bmj1KAT>S+E&>`G^SO+|gO|uYrGDLE-{U3zSwpLA&sX z1(P^OB_nj#Uiy^kb_Tg-)PSm3i^qoIX&ylTAbI@+RWou@W)?!2Q0>XfU7q#SPth0u zamZr3Q?nm$LNkt~S>^jP1r;EvG%mhnv z^(i(9%JnZV_c7jHI=b&e#S^X;>aw2)1C9+!Q_&aX9N#|B4SV%aD9uZi)r#uBcm= zp$S7LWgC+kf0}QXG{+L7kY16W89pRs29qn#4IS1XiuR7OG5i1YfeE5}a+HWwz5dfD zd+EaXF`E^E;rg&5ml;N>9q?Ko{oMxEz%o?`MdYW2P3B8mw9g&sU5UcBh?6)cMMcGY zfcda>qfq=T4`vr9=~qSiPcVcTB`iRMA~Nem2bs};OKkwt2W*bsB>`(_3zS3?Qq}u5 zaIuRR3^rR1SucV70!m7ISwt}k65!JnwgsHJSeZZ8qqw!t z|G3+3+XQzUoHO8^OfG4XMurlY$ib2U&{Cq_Ebc2xYHm5xXTO3k;1`ha_zwrbR`Bth zu>LFG2lqceJg#y!dXv9Tm08#%3RVO-PpwwLHF=ve0(|ZMgswfo2rGuu|BM{OA3M!5 zDyhQC$Df1YrT-Ew&1ScU9+eMn6+6=rrm_C-@0Y zFr0v3tT^O{SL*Z%k)L0DIf@3?&2LHQ%su=#6Mr0twnuLJQF-Wtl2AWpw~l*e&Dm`b z#nFbwrkh5+z-qC8F>@+`sI&KC1^(eKdHR`hXDMTpLy0I zPp>sR(x33w7c?X~=}SwjJoin-j{YfJ_e#{VXP4ngiaKLDm2cf6(cAXS((8~~&W?~U z9@N?}?bpQ%zD(@+WU)SGe%zN~T6k*}5T%>zQx43%Y8430ix^4B96fO_NG`%%LZ7X^ zGR@d6HGX^_CQwvb4$6V-2r7`$n7qQzTjcYM$&HQh&@`;k^tK$37t9*9YXR4-$XrKn z%zm1Ho~08*JxN3sFBMoXIB3F0r${Udw=wGxF3f94zvcs1MTttp#`=}yPg5kb*b zJkyi8vg}&++g1HBvFEdfOG$h^g=*ZdTc$sb6$jbrpFNe#skHyzu^znVTWtoDQHK4Z zRp%c~V;aX6bQg72HPmVUePB9ch7xut5(D)Mxq{s?F<*aX`;(2Suc&XcL!VT|!Wdcd za&xPqqIf1#aGSb{@Vp`g$qLeGgFf7@L^A1auRZj2MQJuveMXx99n4v zpB26y_tC~Z<*GY|b})E}ShS%W+{DRgL(ljB!XB}EAEpNX8}|U-9cW}u@7@Y;SkoO1 z#ByOIJLa#)IEZ}g{&+^ZWIE(~2k8j#>u2V1O@~Wpz#k=V`xEj5XF^UHiYE!Z4YA(h z@T>ka1G@hmih8Ak+Wt<7@`4|a0I}2mNAS>McF%UK>@*NZt{^^8{qE@y*iaNHSb7+n zTK!D3*EX?`a1Q;l75%!}t?RDaY0BB>%W*f*u+f~1RD~=5CoM#~QNt%5@=ActU)bez zp#So;9l@T~aBAUVFL0;P=Qy+!;`J}r*Fha!qyLs8tHH!c3BMZS3AyE>?Q~gtAzHdp zFd<{|@Qy6MKM&o!hFpJ|(0JU6lDT_;SiI%55!wtR0g%U(&CAT=?O!LO_~V8vY3L_4 z()En&QLkM;r6M{X`op)RrvuG3M;>!CLnsWB8datQ*BzK~y*25%f>4Yy*UNWJ=+NwY z3NDkuK#{{km&Tikp;K>BlwY!@p4HnrF>BX?^H>r+7k-WQbFMnWtCSyu&L|e?4+HZ< z(CTb)L_bwLy!rW^dYTerOJB?m?1%Md$@xSE;_T3Z&~BZqQRW`j5*>iZZI8}*w8v+v zjumXC3BMD+R$cBru4naoQEpCITH^WvXR?IWAc+~>E}c({{h z+ggz0o>C($l2dSOR1_Ku)~w8wnW!~1eb0f>*GyU>+HZ*~P{)+olOy&iiv{$gCJLm~ zq9A$x&A-%3czIqtpC9nTwUh>1X2fUiw4}mTg*MiBp#HkDnh>YvW=)rLs87M!V;ik` zAFKL}Bn{yKh>86Nedjimb50|H|3lleBy*kRdZ}8R)Zzl^6`C8h)zNL_N)RuJvni*0@Uv$$CjTKS z@R9~2O|+3X{YpkY2*AU|=#C|EOWB0M|L!y!%(WEY?7DQr2?SFzCo_ToF@nWV=Gs~M z1E~gt7sP_aa$=kmTX~^W#jikM1MMZVd?(lgb9g0$VUJkoXv8pB{y^n+@Z%v=zDGp>NiZzjL zmV^N@ggwia;c4ehXbSxkQULpH;)zkHTNW*fwIp%P?8M8nU`r61liDP#bQc?_s zT&AYuc1-TDylmTM%R`#J+j#~%!lM%F`rLZqk5J@tYZARLW*{YGnOA_^wO&8Kf1l6}^H z>4t?&99^18?7NU|Oj>yJeOPp@Pw07i@*O{2B|jjcrKPVawWxo0iA8>9poiv0s{*E+ zUVI$MPLVLmfqHjje!^=_szI}{P0UCF_XjGKlo^(Q^!N4T1ubFI*_O5s9tUESgWiW(sG^i+l&@3k>TsAKoXtqE>dV3j#o{>BmxK2}$R`1?80aVg6?O4160enahi;cjfRGZ^<9HJYD# z_vzT%7J!m=CS2=>6R;pPw`na@9iu1ruu(8v1r_yFRKsId(tk=IDBOLKaV z&FdBu$@3~1CcJc*q>$1HMioSqVi0lr4PBvZTyJ0tB$o07#~fQAZ$$dG5Y-?O}^J3AtDNd;uKOIzx2IAdW+dpz9f|xA$tY`g#g33tCXJZ z*zQ6VwaM$t->VO1d1{%`D|7VyiUV&eYzC22WIuNm1`&yh#;EU?DHT{s!hc9nT^#n^ zC-Vm>%HwZ5%JQj&b*K(x{3+u-tsvMZOXFn<9}Tc0g?M`9;h}AI;ofVX_99RSU9|0@ z(=ydM{lI$emB;fO75~a2&BCRF#vSpXt&L)$=?$DymGdl#VOw4`zEwSgJ#A1_+g2_T zF^?Ub(>pjltT#OKbWQkIOs6H2wH!FL-k=l!MatB815ZT~7-CV6!?jr=MyEZ_kiTRQ z@zA4&gZH$By=sFke++!Kb?sy=8L_lmSsTpA<)Wzj&GLCgR+2COM2j^E>Y3uQj0PM8 z0R<9nFN>F1iQHOnqaX{KhK6ei&BP!kRgNN1g$q~{b8BGFeWjhA+YLAkKBuUB}ub0_|#`H*~yDY(;9a>R4!ylWbR7G z7C^K#k)bx(I$qJ-;lfvTL2xogWiv%uWBz9mE7q(XMY(E6<`ftBrwNVEw+#UsooYM| z*z<73;%C-H&_Ldzgr;t=BN#a^G;wS(lg!6fYzgDyjE9rKC;_rA+Dd?6>{R*Fje2 z&2W658w?2}v?K_L=(s#7(Yl4XY%WpTf?!pgrnsiAwwL{*Q`bau8+_GR~ zHD`vC+%tdXr+@8!Zg?M3wevpQeMzGKUtWNR48|A7n1?btBy^O(`*TmY8_L~oaF$OR zDNb9sh37t*{(N^PudmOL7oDSh@mCz@mw?JT`L=nDJIZ{$P_^*XkxKd3Q(|VcTMtZ=Y{ATC4p+_$vzQyN7@3 zGb(Y=jly02*!&USrFUDvmjCn#mEUPmX>z9z&_YYwTLRKS(M;o_J^QQp_Tj23INuIT zKZn29#>O7BMwU-1JM>pJI<%JJIZ;GzQ;6uj?O|K`?t?7pGV^Qq>$WP+ijM-A7z698 zC7SMy6T}-F|C=8x=XX~$zYh(u(N_}>cCiR2XKFsp2H^Vh-Q#Ffb<@e8=-M;nXea&x z!;M7($2{)g?4-uw)>MyY^$d3KhfMGxn;PIqr&F&zw>^)|d`48!DVzsId@T#TEdlMb z=ZZSRH!<3ygYM`J2PyEI@pY!Wt++oN+xttw`JIx>knc5!K2=_ny1X{dN0qcXjuwUR_nse)oP$T42YQ zuAkNH!0YOvH(X5Y$aY8fbd(hST>Upe3B8aLO6e;{LhQsHj=!Yb^F@6Wbj1ntY;x;m z(%^#VMD;sW)#yh;gmPjaA-vx!xPoEO&oDDa@ZlJR|n( z+sT{iK(&v~+goAjf39H703>r_CY?Je-X1URBFzs*Zh=<-?zf2bKp2!)$4Fp6V8;+# z)o^&`E9uJm#BTpiYW13t66`Dleb^=}{$%p9KGTf&*-ZDjr~G*RmK2S;4}Ag#?u!`X zYW2x(w~mGbdGy>qPf?LwM5>oFM`xF9#oL67D_5Jai%dRz6q>jzd+;#!etu$kd4U@t z8f?E7kAHep6!ES8^ZowvvSxq&4rSF?@ybP~kiOA!4C?d#sO<5n6?N~WEEVJBWi|Hv zGn>$8`wa#5{p_83wYV&_v|i~oDb3LSi5h-Q#k7y`F^r|kXz$O0wY<-cULAOjGP~tV z)JdDq4MAkMI@ZH-XWe0h3J2(J5y%F~&AIN!<{<7cYhiwCSY@`Gg_w#vzJBfOO354L zU5V4HODkdK@<(TY%&%u$%j3(qxXM;|qp;u-?$8_sWT@QP$?{><_51oJ)Gl|k0&m|% zXS-aAU@W<~I9A9Lc1xaLrBccY{v1VW7)98$5mR!W1=1fj_WOi-Qu@inz{Z6ZcfMH+ zW82eO_PS8f54NulY*(mt!>h65)9ZD(QBqBGb$2NVnr6MfgL63TGzgTy$ zA^lY~zS^gyg*ke|%hqS+(r*Op%k`S?a9ZctG9e0kt0cpZNbo3a0Za{ib)`8GqIi5P zI;%O_3AhBxR+)&EgCpO@trq5ebFL8%ssAA#s@gA(Wq?0cwm4&@Z|jqx<%;?sshfeT z@?2TPwd#3^m3UPgKgnt0Idz=hhf5-}(A!Pe{^EJ9ZSqEk75wrf=g3>` z_-dtcsYJ>Pt1-JmWay|@V-?Rs3O|svA=hHew0QO@8M>g>7097{Ah?60;@duT(E*^k zT7JvLn0WF&Z<*CZsJ&_*LB_`tc`z@PM45 zs+XFH_P};_3upR3y)wOXMp1QXdZEFjIc7BAC>v;#ez?@K&jW5PcBPaLdkafXHq(sf z;m6hdBDG6zSuys6>o}yuMKf1WsM6i|g5Vs|S9c~MzH^_G1V>Ji(UhUL_*-=kE1Hm2 zxYfr}1WF(fOTLcJ^D{w2mso_bShh|?366K(;#g4jkq`rE&v$9;uo3dIT3xAZ@!UV0 znYQH+eb=w2Gy1cgE4gfrRB;AQ&Fhi{ZQVvP(3wH+>J!7U=Y)~wH0M!GWM&5*U<}pz z2>!(KnANF4b~d`^GwwPngXyg> zYlT9#QiLzAKCeqF7!_;h7h12Ku3xNOjK$S44N~geHSxmpP~UHpb_K&8l{(`QGm`@s zF^a|JJ#IXQD$P2(*0}lZ6ZQd5n?r{<2bSzZxn%nY%?zZwCV-h$Yt28^E=$=*j*}XCz??6)y z4Q|R*BS2y+P%8mMl~{oy`uvubmpSWCVgdK3{)l>v0v&zVyqh`yG$C|y62UXx&2-$+D%s#=18@-FMr|PZ{+5fHhoMY3X-k@nDZ`NA z+O%MOc0rQ&+hcJVdZddJnc_c^oA0Uhz-r zB2x6W-EVv56peAEY2p5*VcIJwBWuR)?!tT>R3HUh@Ar&gHc*p_?w_+=>5-gAXbcEy z-NJt-5Ba0D3B1Xwoia2n)XS%#YMG7f7K##M)wSyoO&dnmP~5ylZ&zI!eO$MDDJq$G zFDqFc_c4;B7^%iU&{xk)CMpms<-|C7`VNs}knnrawa67zL*}$UneC}Z&#~}VzFAD} zQFuT0HaK@)!F9inkc+oyNM!>~UOpAEA||L9;c$49)Nf0LnDb7hI?E@6AWNhVa=mfU z7MP{5D$Z{0+HJ~r#}2nZ_B(fJ3o(>^d0oZC?wt|Nx%cXvaL&Vy?ORn(lV2%&w;SK< zo02`=@$Tp>l{R=GNNAdP)U~p(J^B4DXt{)CMIaB)uzH7xNu`-Z#(U7|NS;vN` zy0#@JjnC zo%5kzB$9n5E4+;nGi}2^^&N_I15~-u$W-on$oAs)pJ&O@h*l=^jBEk&v>$^KgoKSW zH-8z}$n@m2&k`iU3*Pp)w7qOH-|u?LXyH)*Ql_}c$xHKq??(WDI_nnitT26`{;<9L!QO~feC#NLYdD~Kpp9#elO@0kLtH*fVUvLXL)L`qsBoMH zYDMzJQ-Q%Yl>S#sFZxAy>KysuQH4NnzI?|nSwQ&xy$jAn)_&~?x%SxkV9s0n1dJ$yOEpSZLiLVoS^=`IY zxu6b30iGQ0ZvmN}NXcdR=ofJS&rTm2M&!kw+!@5NyKkQpNpSe}B2OQKOj=W4oYJyeA;MBPl+VoqbyH>taaO|D&spS8!!Ot<{3bs0kw za9HwN%hEm0RyYTw6L`=ulq(4ap}*H*Kk(PeKG7>?@&noCcn+RNJpbKX&Zss+$yVlg z+1D#AE~`fgO+or`-WC~Iu6aUP{RKYiMYi3g&UtK?GxX;Pvcl)cQ`(33R~^|kmudZ} z!8 zswcj7<7I~05-&fy)olom(zPLlYJ|J?7^V9Al|&Yp`nUn`+L%-C%DL2-Jb{XUOf}0 z*f8A-eTLu?^a ziDf~+wpkeR&f@v4OVX96gsZ`3k}TJm32XqIYofBynLIJSstz1w&c5dL_1{^#RmXU} zjj?Pgr&^_3afZxZfQvx@DL<3u$Kn^2d$Bw+{Q!zt$-aCi8u`~5$=M|G4?;yVc&9DUHJ3I|qQ#pp2X0h4Pd6NlF=>f|u$p4{rNV z5t7|^8N<(D9RWk`OXm_46Re3tyW|dS)p`x-k&oNbn|P;$XJ4xgW3sD>9~cCux>hDd z`_L$^aiwj|CB#H;s=1<0I*obM1`Q3vr zHq3#q=alT@cb?SOt}Me);Xv_wVf@Ipau{P7c?b4ZmS)Dg2i(7t=2Ahr6q|)>E#b^A z_*oiqNOimdvyHjux)i!MUVnMZ*ha-An&OomV`?b%W~#RrH-F&$hxf=;X3$ILQSX;g z{#2N_YdUoEM0Gt{xXbfKGhsG$v3ITn&V5!_gs7xiVpRuLN%lvtGq`#qYS-bR|Lt42 z0oJ{KambLFxgSN1$d^)a|2Xj~gQ?_P0U#&)i#4&PbRf(sq(`|uu*cDj*q}az+XDz6 z_DU1^JB``L$#ccqWN{at@o!@o$o_DdE4SCLHMh z8txDx{_Aam4*zd9@wfkQKk5B9srdidtOH}5piDQ-s4rxHgZ_M_Bgu7iU(tUwbeb@y4FCI7!M7YsZRE@uAPy%&ae^vPAWP z#(h7#E5cj`zi$ewHSPkO*=Z;OwQ2k7cDLj-=pWv;0u&YIhl=J*s?5}9|?EtUABt__6(m(D0@~rhg z%_$z;4n9KOx^@76kH1emiRS4q5lc?!($}Aud1=I*Yy6@h-7{uWw|6+T&QKoO^A&#q zv>LK>C?PDPJo6G)5j~sRuY7t-Q{XqC`IDvKg&VdCVKdvM4Q#69jL)-UE`s$z5$UJ% z<#b(~HVVDwAJ6c+&!s!=V<}`jPYj&>-{NjuIKBl1pjAXWFqN38hGLB3@t4d4`lS^WwvDYA#nb^?Mycn4pEG zv%OV!{z-a7^Ok^~a#r)(QBUoH1J3=V1cQUF(ob>N{BadTHP+5V857GT*Fzk{lEVs^ z{S0?`P;zDxz6?E`qoA1&C6RA@DBH5KC4XC6j;*i$^BZhk$JfxoV(?+^#e*3?yE zijcQ7vZz+5tay}?zdw}L;<@8}Jx1^;ro|0>Sq8zC0E39`z|Y?@W1itPuFwiy8%o}W zE4YMB1y&-T-JMTO4USJyuo|eh(~55}>t1#Hgw}A`SW%AeQ!CSVZY*t*$4pm5PdtE2 zLrd-u^T7U)Si#4e z<8lk4T$p46$^&{{Pj8)2??~w%&It&u`)ll%aO;YmG}*4NT<2svdSV%Qdr6 z@2e9iudIKFs|^mV@iP~!x1uX#HvfKRyYaKq0Tv+N4vs27GWR}_ovz3_1iLCtidT>H zTE*WPOs|uy-Tp}Bi&*t4=kQu<#XS?1zci&U^3nX&#`2A4Tua+YTv;W>7#nHH&)#K# z_*W8N^x|(>O`m(7;ipQ0Cs)EQW$234%%rcJQk3P{2Sg36=z_D7Q*CzBn(xVHZy2cu z>dkW_2QMc$UmR%V?_y|J#X`K5n<+94s9m>kwMmwZ`9p_m63O?YHAwmnyYxr*z(#$O z{BgXBOSfqZf#_M_G$Y;aEIk>GJYdL)^QH|e;G5)Cs7%CsP(h6Sj*;Sr3BPA`?+RRP zKaK$}J9RI*QoW0i+U-|0Jmv|$SYzA%@CY~$lf%ELJJ|Vupl+d;<&ednc`n>9lC-jc z=C4abg1^4lyRlT$zH4+&z)YAJKR!m~(~}(HGBjEEI5ih;F|Gkyn;`aEt0pj0Ox99_ zU?Xx!d@aulD%8?GoXUayAO8i0#!#Eu^-Aq)C^_-!08W_ABo*Aeg;I&NDR=~y6E0;xSQou!Y*TZ9INV0LtT z_Zci>%q+ivC{~mvj~A~3*q-szxK|eWCBhbNslY!j>d3{p zhpNf7E+07$27fjJEbWxGet6aw0F*GaWevC&{tGw3EB}d`yg7^StAT3%({SDlY_)mF zB#O)4ybEa2siOZFedzbZbI)r>_Z|9|aj)w`=g@`;I#4sKBwAdp>fNrn!-)`I+2}t= zr;1-N@%Ixr{4h>3jZpJ?UNHvOs3{w4I{L*?Hj)}T2{nR{3ZcoUBomxMI5);D4$Y%p}kaFg{GOphzKp#*j%MF80RM*b&hfEG|#j}fWH*DcTa8Kr}x!Y$rBJFhJ zBau7xJiIU`8VHAVW2JC9?lLDP5$Sm6R7mpxJe{EAn{LZ5EyI)7lCW1c5PkX3A!^(Mm1M?V|S7KyFM zg^Z%8QDyF#@s+~s6P&0Yp8P7{=%|Xj;Xm3T)IDnlAqQXco|>3JQ=8q(23|0WE$hjR zkD(e3liwncAz!7dsCV1E;y^`j-7ArR>mXY^CL+|#xuu{9acV!s74RoUI2`x9IRUJ{ zL>SeBkHJhg^v~{OCMO;#QzK{Xatt*Kf+o1!Ble{%4c&lJPw|xIz=>8rE$sP6nD^?! z?4@zdd;;W#v_E%y=@Q6M^o9tv!oop7<>JQD$(4I%>9@4K!BW6wt=}Ktpasbe_=d8T z=R;r3z-l=gkmV+D_Bf~pg4xy%Y9n218r?muQ^iFkLX{scE2g^ydE9X&0yE7GT!nsi zoZ0k8gcLQih27rR3RQ#g(|-UT$c5I{?m9Vi`;5t?R1DC@ho)j~1Dcs6fvEuDceF-< z63Ov&EMmk;C!p_-3>b)Q(Qn;9+;l?$C2;b}&j^BhGsKtdJ{;1Az7Q$ke*p1IT!9S3 z^vD~-Px{XJemPa)W?>O?A!@$|N7UrLjKX;OM{=D1)JXTC&B=9M*lz`c#ZBh63vHyN z7(rhF{h438R9M!QG@+hEMc>I~kkCC};6f3q7S`_){zAI~4BCw=bP5MbE?gQKN=L

G=`X*WJ@^i+#JC`VbQ=H#88sJdX z)a0RKWMWc7Ov8t&Xz(-HV_M96O+%6(Z&#So>9*Z+Z%tiDDG2rYP+cG+eMrzy5#$0W zH3g-(e5Fg(s<+djRDkRH3+_q!NOSIr)Ch>iS@FV2!E-2mIy+q)_8Lz^=tM;fytsyD+j>mRo&TNKF`o; zUHpR1RwPKr&si`U{lR&J zYdm{^O^cC4oW*nt4@*BfJp_R!?IJxUxuSqd483lWL7oGMz$WeehVF1!>*za$U%8fz zZWgJ0|LI@x20c*$rwDAl^0DUpy6g50T&{(vgY_;Px90j)&Xld3a;j7^Fj$!%|B`kW zsaAKLiQfF`{Y;$c_nG>~I5obPM$N#m0@DYq9?r8WD_c)qiG)1C^AH@65{q+T^3^Cj zo`~^Wux1rNj4!?8>fn~aaZ|5ms&ZwPU;``KSTgTtA$tsP}@ZC zxuC|9m)*Cn5JfZOCq?<x+KuJerd%mB`YY=PimCfrb@H zH)EJM*urQ*3-tHuu~IfOm=z3o*c-HHqm-+r@d!Y-JxiRL*1e-;>>o;A+h3}ALdZDp z7oZ9mYmIHc!^leK47L;Xgk>=08`k3`^IYBS$;{8RzG+C2g%KuMKy!r_w0zirc{+h; zLJ??onj!Ot-!B_`E4?G)gRG*B!-)r{1U6!H6bG3F1uOl&0@^q^N{5WJWDoAbEzenq z%gU)?b~RX>b0bUH;WN7`DR9R3fkhT7cK(Lt5tb57IDD!*>XjpX)>@nna@m%1ut zRTL12_c?{Bzx~;~!qqZv)6~L+IgFT}`e&cL!h@fPJ3>EA>bO0_TqGrtrlZ-AgE`P2 z7cY~*v;%~povP0KV^z~LhW(}WyuWLuU<77xE_OdM=r(zrCUw-_V(PhQbU!RsFl87< zSOZJ!b>Xi5THR?%JS{{)tcdAa25BZ=QNJg#a+~y~`Bo-0!E;krve~#7iC3{|B;9T8 zl&)TTTk4v+(Gmhhx{Jf(z6`Tp#QX7i{XMOLb^;48^_w@yjDPnCPy!ei}uO02XEvJu5GeZ=PjYheRt{hNEMtNtLM z9rX$}$$4$_hGxfyLs1(*yX_xBs>9!Ir-!JzQ=sdNZS*SO8S|U#SOJH zr>{HGF7<$+=bs6r4dTIigo&JBd}?1ISHNL#_;(36L5bv9z7 z)D&d-%!^NEJ>rLI>?fAocY7mbZ?Bi)6~4+OJRZ+Jz#z&@9syv?0RnrddM!et zvQz?;4_OmUo{!9vpElVzMO-*x-H&z?PO8Lt;@T(IkON6 zBw`7nTOjt0WtZfuMw)xL$lIvK|1PL4b1y9X#RL9yGTq0a@Fo76`LPh z(ueM^^xO(47oZHp`8#dEI~0FOJLd%$(PZ2kt|S_dv30U7`}4s;6!eZ zTQcPM^9r}7+|Rg<+)z>HAKj$fG5aY}d9J#{!_4$A7$#AZQf6H$o~N+4!LG|nl}nuq zF8qlSxvYa=Y%0~}&T8UCLmMdG(|9n8d_&?++%2JhKPx+JZ(^0sHivzQ>gh7FafD zqPT%YpBK4n0iFR3fofb(Uj~+n9JTjjRdW|72?0mnu~IafFL+2W4dm0STWf*tT}Gtd zJC7)eVbhLkd2x>epBebF?wk}Ho<>Ot_!W)dw4rw+|u+v2V$$TpwJj1H!3 zMs975<7t(th!Z>}SP#Wy?piK9U}3h_h=r zOU+7)E5f}yn^i&0^e04ttS=+?M_q<%!F)ZPqUTMTj|qfSaR$?j9m1cH7pDaUziZRT zevP&w$XSSU1ILHH8y_o)H^7^`m8rj}l~2K^8LBW|&WbRk~UxhC>`0 zWw5Vs_Cp)wuAe6{e1GJsdG;o{%&%l+F3roY3|v?I=)GJ&>1lLJN6ue$3K|k+ zUCFw*GYTH^_2o+mcp-D>gyJ&;ML|u?ha<=u!Sm~&Lh=d~ECx$pbOs2dY)N=ZHrZrt z?fzJ*hVG#SI4jAi%bv#x5iZSE|EEXXm+vCCgMByuHq`l^Yl0A51%CEpjmB5WtbCdg zjc`EL%okXY3t01x>RwxSm~3xrEr{DYkl_DGUS+)=-MKc_COS_q6`j`--oyO4U2JUB ze9-XZG#=HkJTa%RkyXwFY|F>ouhXt8pAyx1QZ0xWf1wk~*puR6P0R><=P3f*vH`s2 zA@yF9Ul#aCONvuvvbt9u`;2~D!Z77>;aRxow-JRl9|q%xm`d@0^gue?S4s%7M{ojowG&N;YWbAW6hI(B5c$! zkeR+~bO`7~G0#K{?Fi2l)xw3B09EeraX~$;BO(D?JAyM__m|HsWTpZP3@kJ{m)4^d z0oMfH6&9UZSnq|<&GBrE_}s+ndRo+?xHhk-jrBScW`<^u_ri}GX+ zZTFU~XS=i=txH*j2(-HFfF`b&^Db$BuVA^V-dj+Q*h37#)OT^U+QNyjZ(IQuPg7Nv zs%?w+5NzZb)q?Fju>ZhVSild|XXA-?lxO3@Oiy#0`YM@EXRD2_cUkZ7$DXV??qcy* z2a6HM%8X1cXLYd2X-N*b3Hp|AQ(-iHsW_-H9=+1ST+^5pzYQr7LYObMf zRi?aea)aWm=z<_bxOY?uKmVM6VmksbpC7U$Ke_C#RpWa+^A$PJa< z#9bP`&Gzck!&hQ|X}U$jGX8jCR}fVIuW8Y7a8a zw{(z}H}O*J>=(0m@qvF#aGmJ;DU#|B>f-StpM*(avvV$8@R?3%0j1&Y=h+~fg{4)2 zION$Q-5YP7a+3QAc9kI?46ukG{ zW>+8p;BXfmybyOS2s;&CTj`DC=%vdLAk$+VmR$RN2uRaD5 zN3GPU|D<@&pal}snp*~D<~zk(XAHs*?O1{J#LpMpv)^ literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-7.5.x/community/contribution.md b/docs/versioned_docs/version-7.5.x/community/contribution.md new file mode 100644 index 0000000..cb0b284 --- /dev/null +++ b/docs/versioned_docs/version-7.5.x/community/contribution.md @@ -0,0 +1,78 @@ +--- +id: contribution +title: Contribution Guide +--- + +We track bugs and issues using Github. + +If you find a bug, please open an Issue. When opening an Issue or Pull Request please follow the preconfigured template and take special note of the checkboxes. + +If you want to fix a bug, add a new feature or extend existing functionality, please create a fork, create a feature branch and open a PR back to this repo. +Please mention open bug issue number(s) within your PR if applicable. + +We suggest using [Visual Studio Code](https://code.visualstudio.com/docs/languages/go) with the official [Go for Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=golang.go) extension. + + +# Go version + +This project is currently still using go 1.19. You can follow the installation guide for go [here.](https://go.dev/doc/install) And you can find go version 1.19 in the archived section [here.](https://go.dev/dl/) + +# Preparing your fork +Clone your fork, create a feature branch and update the depedencies to get started. +```bash +git clone git@github.com:/oauth2-proxy +cd oauth2-proxy +git branch feature/ +git push --set-upstream origin feature/ +go mod download +``` + + +# Testing / Debugging +For starting oauth2-proxy locally open the debugging tab and create the `launch.json` and select `Go: Launch Package`. + +![Debugging Tab](/img/debug-tab.png) +```json +{ + "version": "0.2.0", + "configurations": [ + { + "name": "Launch OAuth2-Proxy with Dex", + "type": "go", + "request": "launch", + "mode": "auto", + "program": "${workspaceFolder}", + "args": [ + "--config", + // The following configuration contains settings for a locally deployed + // upstream and dex as an idetity provider + "contrib/local-environment/oauth2-proxy.cfg" + ] + }, + { + "name": "Launch OAuth2-Proxy with Keycloak", + "type": "go", + "request": "launch", + "mode": "auto", + "program": "${workspaceFolder}", + "args": [ + "--config", + // The following configuration contains settings for a locally deployed + // upstream and keycloak as an idetity provider + "contrib/local-environment/oauth2-proxy-keycloak.cfg" + ] + } + ] +} +``` + +Before you can start your local version of oauth2-proxy, you will have to use the provided docker compose files to start a local upstream service and identity provider. We suggest using [httpbin](https://hub.docker.com/r/kennethreitz/httpbin) as your upstream for testing as it allows for request and response introspection of all things HTTP. + +Open a terminal and switch to the `contrib/local-environment` directory. + +- Dex as your IdP: `docker compose -f docker-compose.yaml up dex etcd httpbin` +- Keycloak as your IdP: `docker compose -f docker-compose-keycloak.yaml up keycloak httpbin` + +The username for both is `admin@example.com` and password is `password`. + +Start oauth2-proxy from the debug tab and open http://oauth2-proxy.localtest.me:4180/ for testing. diff --git a/docs/versioned_sidebars/version-7.5.x-sidebars.json b/docs/versioned_sidebars/version-7.5.x-sidebars.json index b52d71a..6141da2 100644 --- a/docs/versioned_sidebars/version-7.5.x-sidebars.json +++ b/docs/versioned_sidebars/version-7.5.x-sidebars.json @@ -33,6 +33,7 @@ "label": "Community", "collapsed": false, "items": [ + "community/contribution", "community/security" ] }