From 6059c965dd7f62f64ea9eb6e6d79add6c688c3a4 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Thu, 19 Apr 2018 08:41:16 +0800
Subject: [PATCH] minimal-http-server-basicauth

---
 lib/roles/http/server/server.c                |   4 +-
 minimal-examples/http-server/README.md        |   1 +
 .../CMakeLists.txt                            |  76 ++++++++++++
 .../minimal-http-server-basicauth/README.md   |  29 +++++
 .../ba-passwords                              |   1 +
 .../minimal-http-server-basicauth.c           | 111 ++++++++++++++++++
 .../mount-origin/404.html                     |   9 ++
 .../mount-origin/favicon.ico                  | Bin 0 -> 1406 bytes
 .../mount-origin/index.html                   |  22 ++++
 .../mount-origin/libwebsockets.org-logo.png   | Bin 0 -> 7029 bytes
 .../mount-secret-origin/index.html            |   9 ++
 .../libwebsockets.org-logo.png                | Bin 0 -> 7029 bytes
 12 files changed, 260 insertions(+), 2 deletions(-)
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/README.md
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/ba-passwords
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/minimal-http-server-basicauth.c
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/404.html
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/favicon.ico
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/index.html
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/libwebsockets.org-logo.png
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/index.html
 create mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/libwebsockets.org-logo.png

diff --git a/lib/roles/http/server/server.c b/lib/roles/http/server/server.c
index 19e57b83..0b86a808 100644
--- a/lib/roles/http/server/server.c
+++ b/lib/roles/http/server/server.c
@@ -696,7 +696,7 @@ lws_find_string_in_file(const char *filename, const char *string, int stringlen)
 	fd = open(filename, O_RDONLY);
 	if (fd < 0) {
 		lwsl_err("can't open auth file: %s\n", filename);
-		return 1;
+		return 0;
 	}
 
 	while (1) {
@@ -1097,7 +1097,7 @@ lws_http_action(struct lws *wsi)
 			return lws_unauthorised_basic_auth(wsi);
 		}
 
-		lwsl_notice("basic auth accepted\n");
+		lwsl_info("basic auth accepted\n");
 
 		/* accept the auth */
 	}
diff --git a/minimal-examples/http-server/README.md b/minimal-examples/http-server/README.md
index 1ecfeebe..84ef807d 100644
--- a/minimal-examples/http-server/README.md
+++ b/minimal-examples/http-server/README.md
@@ -1,5 +1,6 @@
 |Example|Demonstrates|
 ---|---
+minimal-http-server-basicauth|Shows how to protect a mount using a password file and basic auth
 minimal-http-server-dynamic|Serves both static and dynamically generated http content
 minimal-http-server-form-get|Process a GET form
 minimal-http-server-form-post-file|Process a multipart POST form with file transfer
diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt
new file mode 100644
index 00000000..edf29d0a
--- /dev/null
+++ b/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt
@@ -0,0 +1,76 @@
+cmake_minimum_required(VERSION 2.8)
+include(CheckCSourceCompiles)
+
+set(SAMP lws-minimal-http-server-basicauth)
+set(SRCS minimal-http-server-basicauth.c)
+
+# If we are being built as part of lws, confirm current build config supports
+# reqconfig, else skip building ourselves.
+#
+# If we are being built externally, confirm installed lws was configured to
+# support reqconfig, else error out with a helpful message about the problem.
+#
+MACRO(require_lws_config reqconfig _val result)
+
+	if (DEFINED ${reqconfig})
+	if (${reqconfig})
+		set (rq 1)
+	else()
+		set (rq 0)
+	endif()
+	else()
+		set(rq 0)
+	endif()
+
+	if (${_val} EQUAL ${rq})
+		set(SAME 1)
+	else()
+		set(SAME 0)
+	endif()
+
+	if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME})
+		if (${_val})
+			message("${SAMP}: skipping as lws being built without ${reqconfig}")
+		else()
+			message("${SAMP}: skipping as lws built with ${reqconfig}")
+		endif()
+		set(${result} 0)
+	else()
+		if (LWS_WITH_MINIMAL_EXAMPLES)
+			set(MET ${SAME})
+		else()
+			CHECK_C_SOURCE_COMPILES("#include <libwebsockets.h>\nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig})
+			if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig})
+				set(HAS_${reqconfig} 0)
+			else()
+				set(HAS_${reqconfig} 1)
+			endif()
+			if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val}))
+				set(MET 1)
+			else()
+				set(MET 0)
+			endif()
+		endif()
+		if (NOT MET)
+			if (${_val})
+				message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}")
+			else()
+				message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project")
+			endif()
+		endif()
+	endif()
+ENDMACRO()
+
+set(requirements 1)
+require_lws_config(LWS_WITHOUT_SERVER 0 requirements)
+
+if (requirements)
+	add_executable(${SAMP} ${SRCS})
+
+	if (websockets_shared)
+		target_link_libraries(${SAMP} websockets_shared)
+		add_dependencies(${SAMP} websockets_shared)
+	else()
+		target_link_libraries(${SAMP} websockets)
+	endif()
+endif()
diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/README.md b/minimal-examples/http-server/minimal-http-server-basicauth/README.md
new file mode 100644
index 00000000..0b386132
--- /dev/null
+++ b/minimal-examples/http-server/minimal-http-server-basicauth/README.md
@@ -0,0 +1,29 @@
+# lws minimal http server basic auth
+
+This demonstrates how to protect a mount using a password
+file outside of the mount itself.
+
+The demo has two mounts, a normal one at / and one protected
+by basic auth at /secret.
+
+The file at ./ba-passwords contains valid user:password
+combinations.
+
+## build
+
+```
+ $ cmake . && make
+```
+
+## usage
+
+```
+ $ ./lws-minimal-http-server-basic-auth
+[2018/04/19 08:40:05:1333] USER: LWS minimal http server basic auth | visit http://localhost:7681
+[2018/04/19 08:40:05:1333] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off
+```
+
+Visit http://localhost:7681, and follow the link there to the secret area.
+
+Give your browser "user" and "password" as the credentials.
+
diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/ba-passwords b/minimal-examples/http-server/minimal-http-server-basicauth/ba-passwords
new file mode 100644
index 00000000..28b9bb2a
--- /dev/null
+++ b/minimal-examples/http-server/minimal-http-server-basicauth/ba-passwords
@@ -0,0 +1 @@
+user:password
diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/minimal-http-server-basicauth.c b/minimal-examples/http-server/minimal-http-server-basicauth/minimal-http-server-basicauth.c
new file mode 100644
index 00000000..843a48b6
--- /dev/null
+++ b/minimal-examples/http-server/minimal-http-server-basicauth/minimal-http-server-basicauth.c
@@ -0,0 +1,111 @@
+/*
+ * lws-minimal-http-server-basicauth
+ *
+ * Copyright (C) 2018 Andy Green <andy@warmcat.com>
+ *
+ * This file is made available under the Creative Commons CC0 1.0
+ * Universal Public Domain Dedication.
+ *
+ * This demonstrates a minimal http server with a second mount that
+ * is protected using a password file and basic auth.
+ *
+ * To keep it simple, it serves the static stuff from the subdirectory
+ * "./mount-origin" of the directory it was started in.
+ *
+ * You can change that by changing mount.origin below.
+ */
+
+#include <libwebsockets.h>
+#include <string.h>
+#include <signal.h>
+#include <time.h>
+
+static int interrupted;
+
+/* override the default mount for /secret in the URL space */
+
+static const struct lws_http_mount mount_secret = {
+	/* .mount_next */		NULL,		/* linked-list "next" */
+	/* .mountpoint */		"/secret",	/* mountpoint URL */
+	/* .origin */			"./mount-secret-origin",
+	/* .def */			"index.html",
+	/* .protocol */			NULL,
+	/* .cgienv */			NULL,
+	/* .extra_mimetypes */		NULL,
+	/* .interpret */		NULL,
+	/* .cgi_timeout */		0,
+	/* .cache_max_age */		0,
+	/* .auth_mask */		0,
+	/* .cache_reusable */		0,
+	/* .cache_revalidate */		0,
+	/* .cache_intermediaries */	0,
+	/* .origin_protocol */		LWSMPRO_FILE, /* dynamic */
+	/* .mountpoint_len */		7,		/* char count */
+	/* .basic_auth_login_file */	"./ba-passwords",
+};
+
+/* default mount serves the URL space from ./mount-origin */
+
+static const struct lws_http_mount mount = {
+	/* .mount_next */		&mount_secret,	/* linked-list "next" */
+	/* .mountpoint */		"/",		/* mountpoint URL */
+	/* .origin */			"./mount-origin", /* serve from dir */
+	/* .def */			"index.html",	/* default filename */
+	/* .protocol */			NULL,
+	/* .cgienv */			NULL,
+	/* .extra_mimetypes */		NULL,
+	/* .interpret */		NULL,
+	/* .cgi_timeout */		0,
+	/* .cache_max_age */		0,
+	/* .auth_mask */		0,
+	/* .cache_reusable */		0,
+	/* .cache_revalidate */		0,
+	/* .cache_intermediaries */	0,
+	/* .origin_protocol */		LWSMPRO_FILE,	/* files in a dir */
+	/* .mountpoint_len */		1,		/* char count */
+	/* .basic_auth_login_file */	NULL,
+};
+
+void sigint_handler(int sig)
+{
+	interrupted = 1;
+}
+
+int main(int argc, const char **argv)
+{
+	struct lws_context_creation_info info;
+	struct lws_context *context;
+	const char *p;
+	int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE
+			/* for LLL_ verbosity above NOTICE to be built into lws,
+			 * lws must have been configured and built with
+			 * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */
+			/* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */
+			/* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */
+			/* | LLL_DEBUG */;
+
+	signal(SIGINT, sigint_handler);
+
+	if ((p = lws_cmdline_option(argc, argv, "-d")))
+		logs = atoi(p);
+
+	lws_set_log_level(logs, NULL);
+	lwsl_user("LWS minimal http server basic auth | visit http://localhost:7681\n");
+
+	memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */
+	info.port = 7681;
+	info.mounts = &mount;
+
+	context = lws_create_context(&info);
+	if (!context) {
+		lwsl_err("lws init failed\n");
+		return 1;
+	}
+
+	while (n >= 0 && !interrupted)
+		n = lws_service(context, 1000);
+
+	lws_context_destroy(context);
+
+	return 0;
+}
diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/404.html
new file mode 100644
index 00000000..1f7ae66e
--- /dev/null
+++ b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/404.html
@@ -0,0 +1,9 @@
+<meta charset="UTF-8"> 
+<html>
+	<body>
+		<img src="libwebsockets.org-logo.png"><br>
+		<h1>404</h1>
+		Sorry, that file doesn't exist.
+	</body>
+</html>
+
diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..c0cc2e3dff34012ba3d4a7848a7ed17579788ec5
GIT binary patch
literal 1406
zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A
zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y
z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^&
JqOtKoVgQl$ETjMc

literal 0
HcmV?d00001

diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/index.html
new file mode 100644
index 00000000..5813719e
--- /dev/null
+++ b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/index.html
@@ -0,0 +1,22 @@
+<meta charset="UTF-8">
+<html>
+	<body>
+		<img src="libwebsockets.org-logo.png"><br>
+
+		Hello from the <b>minimal http server basic auth example</b>.
+		<p>
+		This is a static page served from ./mount-origin/index.html.
+		<p>
+		Stuff down /secret in the URL space is protected by Basic Auth.<br>
+		Your browser will ask for a username / password combination, and<br>
+		lws will check it against ./ba-passwords, which contains a list of<br>
+		"username:password" one per line.<br>
+		<br>
+		The example content for ba-passwords is literally "user:password".<br>
+		Click on the link into the protected area of the URL space below<br>
+		and give your browser the credentials "user" and "password".
+		<p>
+		<a href="/secret/" target=_blank>/secret</a>
+	</body>
+</html>
+
diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/libwebsockets.org-logo.png b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/libwebsockets.org-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..2060a10c936a0959f2a5c3a6b7fa60ac324f1a95
GIT binary patch
literal 7029
zcmbVRWmpqlxM!r~7}7Nyl2W6Q#v!1jW1y7e=<Y7XA@!dij8>5vh%{0%8YD%LA&rz{
z3?wCl%l&#k-rw__{GIbY=Xu}r;f-WdV?9PXZaOkDGDZV^*dsDBfa>-9-VN&O{@2fU
zOV<NsppJq0jcY{Ra7JCPY5nw{1d@^QOZ{&H{3~P;x!&Xo(tR8R_eBPUIs~|og@%So
zx%+qqIyv~cNcjf1=9AR8$;i0(4Pe^lVFf#dp`R@J{|sv0)1zWF)uLi6?X$m!?tAdP
z??OU5t?o@-zm&FVDq|XFyJ$#BvS>HE6PdL<H<8=u9lkD+6`-w^CoptziBa!}JW=12
zJhAgxA)SPe9~6bUo~yWqgoYq3%wMCf(ZrYL(M}G!hC=)h5dwj5Q$iY2P$)NM)Tk5$
z@=jYow*C4T_5UH=9?h|d(m<wol{vS_8UY&QMeym59!-wda)S9EfwNxfz6bg7`>E9;
zwCw2SDGEMdM?5}xT(d`%!9}ww_d_}SY|s@~)J&Gs?w%cw{+D1n(nf{~ou>LQ$=tw$
zIRQ}=7o5sn_dVG`ATwXna@P>Z6nhwWi}ODz#Pm|TGC2cP4S=0o6-y{bh&G5!!V!a(
ziW%2WZF|wC(V&_Tbzcei$pB`RGDLx!#(86iH43%SY$G;ce8<ah7!39unl(U#k+fh{
zrx8H(f9U6Kxhy|;ACniLpuN)ZC2`2~OCxuqYk_Y1qKKn4hBx$k2ObjVFL3lIVjAHv
zRoQ(s%+}u09(^9mIQe~Hf<~iq;O>1GtXfDkZML!owkES2W8W*DJ<Ew7UI?YJgE>o^
zm%s0OovL=+Z*Im!aqRDq5+|piUaUX|atGK@y}>3@{Pd0UjypF$>aq)ax~#wKjp%Hr
zuCm@?MyJIug=@>1AN~A^oybc<@d7S}=p(ccPd|P*gJs=7d^n{~60Zm~Lg2+yX&A`l
z*U#9M2l{8(lzH*BcL_<IeTgH6-+or*Q#SsQy1)xugmGvzTNG(4*x{PH55n7<w;Pk@
zA}uEuZ+g@c)#GD^5p&UI#WjS6H_YxdM54w;D=wv?MnA3UE;+gk$0qe&PO*26XWGDS
zbTEzzUlyOij<bc-OZzppwFp4o0hUjfV}B4tAX?L*PP*K;0%-Tx_JGUU%TICgFs4z%
z@(3ZnWR5A?%oXqaly@mIE-Ui#-N={;i?_!L*Lr7^0cl;ENAm4mbCdhzT_(d-6nip|
zt|7z9y9M(^CPV(eyb#rJ2NQO&u42@@O+>IKJGKpm;BfmPp>+LU@0&KcRO<tmgQVB|
z?Kx{feq_k?Jtf$&?$POYHFIg$d#*B0hDr9n9FX(3XX1W${6uT@;`10-(Fkk=5|P&+
zEC6w(h>n{xKk6s{V@w`HSdF3WAh#*Q(swGS#eZEZno~olFO(<^5}#$3jzwe7FnUYi
zzfG1zQAG6J3O#Fk0pS<h>0=Kx$u-D)W?nibIeITq<j;}_377Qq@36kkeM?lzj9bZ!
z*<-bQ#~<Tb;*{cO5J&A<jh)bk`6Mmiva02-!Q-V^v-dU8wzlo9o_wQ^HYJzM5dR{%
zc1RQjx+E1*zfOz!H$PdFr<<B+n*Eh%!)QKfQ*5#um&^MOi$j3a+FgigmGoxlarANT
z=V3;f{`2sfYNfb8{b$0Zql);GpEP)G%sL@D2fOj159Uli%Hq+CEfRx70=oLDi|zt6
z9}ol}wsC<_H2w^?{rF1rHYA6_+Ht8ra{W73#VR$G%`b1+)NfkKAN^jJs6W-QQ=-gg
zPhmX{TK!}zv(VN!Mt8;i1aV8asa6|cvq{>dC=L(rr14^ZA1Ub;D3Z~vrxhuxf3Bsq
zoB60*h3YJnOA(_$H?{6<N+v>f=h6OSx(o4AptShPsrckA{TVvA_|<2vJR#h3hfdqG
zv^XdZOa5Dg#$8rPRK_Ur6!1?XW08`RbS7KX(TYQB=awF(k>|Jn?G)R|KlK*+oFOK)
zBW_<mll>Z3n<d}L_fO6+(XsUWDlO7y!KTBuE?#ojlVzZQjWd-on~n&t^lg7I3b-Ue
z%YVtPrUoB|2(2mo81Ze5Xg9*;>e>yhwbh7wzuU-Nc;potuC)&(w<f#E_pef5VO={C
zc;MDc{*x%M!;ql}b|Zd0Hu*hLirW-hp-7CnhivH>lCvs`%94tn$Z}O>bRxnlhUD)d
zIb@60?ioZ{CQ-Umh1F>BWuCvn@YM>kaV?zShP8k0afuDgBdHv!;uflK#6{X34*O9@
zma?+f&vHhIwQ1e%QVW{#$5I_CGS7H#stP2|MyHH@`be%A(8wtBD;~Lq+3MBu)bph*
zSSuQQ<bj@*+{3^*q%WAC53+@rbFOajrK~mO_c%&-l{~r|8I}yZ_!-eh+}F_2Tbk_T
zr6X=U-(_n&LS`HrK6rW<)aaxAH%!`=$38*}Ojo_R6-l0={uA;h5P&Sli+;XS%U`Q1
zqwpr<cnZuj$;5c}j%y%Q58&OoS4{QW!hWPVxK?Pg2@p+NTbdK&r**{-f3(#1Rn;+Z
z@@7AV?^t_+o**lrKa=v(Fo<droWG;MxJXN-L75jh@#g6R%@g_>cFbz0=C^;IU(TEO
z{KWkHxOPuXbCx)?8d%Rt(=RpHXr>nJY<<Rt&gJ#4o*i=ib+O}b>LG4Kj#i>MG~f=Y
zI!@2a**36|Zd|8_h{s#&!4C0Enj-7*<+d~C*n1wX$Qg0LrAV8C?ao^EHO!mUpr7+J
znKHMF>k0^4BGmunhDHu70Xv0RA*r;h499NnqdvO={{Vn!uGU;4Eno-8%EK$U@H8Q)
z1isqA)u%F8^1Pwg`a#s<t%i24zjxi{w8ehcFiiau5*m-xE>I_rcpfue@$`=PxYyG@
z*16KGV>Y)Fda14kxvibL+<bEN4!`1A?_9LvsqsE_jNb0nx|tZ#a(V%;TeWL$8NO0X
zq2~l%Fp1AMwJpj^9Ad)3@f1A@!rwfT^N^R}Lf?0ITU1PE{^aJpG~yO+TatW5ra)8r
zG0Z<AdFTw!;$h1XLUBA5KX&6{iSlO0Ihe9>1E&n)Dz?E_KO=XKk}#X5)yCh%8xBZ2
z!9%Z>1V}RWWvHl?FI|seF$Ir|CzfOL%JcNTO`-H}dO6_+CB=R}?AG#fV)WX(Yx=Eo
z<Jr;9%1Pb!W^kgib&fUHiAMAq)lNF}_!P3AfJ$XW3-&2ek7!$-<hOOd#|GB1k>l^{
zpj<e8_3!Pc$70YY5?)%B@>r~Sfs;LiXEh|g)@67BKcaSH&TQ<3zO>ix^*fC8eqhL$
zDPLx`A>w0*YGw{c<&vUM<J)Gm3kQQR7yxfOh63<&3rgf6C98UWSexgX=v!^Qif6|x
zrcXMr77{Mn+pCy$?yvkBk<mgRU>jsSk=@p0aKw=<sFgO-GAhX5GS>bR$`FS%OyN^M
zv{Dx=m1;=5GO$(>*;FHc$x!cNFMB$wDxumvF0^JzRB?6?DC7IuL+_c`2^?018o{V5
z2qXQnfr-7sB;U88#}A3EKG{0?r9OGt32U9AL47@jZ*1R2u<Ial7b@|n1zyaum(8Z*
z<ywd|X6j<VNWk(`1>dW}KbO=+gWjmPRFQ1O+O2RdmLk0Fc?&i&{i%yTF9bh((NMMk
z9i+1_S-R~tTt{D9hq_38$slLm$Hdjcfx&e!YuwTD%mgip|Lux+Zvi*p%#dt3w@;NY
zZ^HAyVJ6?RHvZcd)ZZPc9sQWFM42Gj`?5)uap~2;<iWk=Vo1Hom(*y*)=kQ?@l1s(
z6Vu$YH`tr7_dLQm^Ng8an{K=drXD~IWn1~XWM?lu06jse&*|)X?GrakC+S{8>9?<r
zsaAtT%?ICAeBri3m?`T!lx8+{e(-rwrk^Lth76N!JEfab{fV&qEB^dj$`HuswzW^F
ziO?F0f@DKJLSP9d8tKZs$T?^G@JrOfx#oEP>`X})@8L)?SFl0N+=y3f-e^rAv+GFQ
zXF9hh0ux8I89~nfk&L9r1pzw=Sy3e5s?EmN9;3{XhhDy-4XXK3r%MlUZQ5=53Cbdf
z)qe~KuYE;2*(rtY?5`qle?cL5diE<l$d#H};^I&wFm%7ivZ{!6NHsjWvb~q{W;G(0
z590*^$@r#>?bVm(LGm5sQk;LbQR0EqEjBTm4&)xSUym(dNvsv!edLX2aZJ|=<lGux
zRG#|xuh;}Wy<6!f*ecfwQZTcLVLO)*DF2=>P%zthzu)Xczx*(d1~h90^9klJq`#FL
zF7ohA6~&n~_UuDRC>uJaW{j+Y;MlZ2UAnfGVd^h@;_=@m7o<LddOIr;$hi8~T}Np5
zPCx8U)h)>O%c0~-$x#Ol#ZQ0tD;DDP3iS%A&zL~yqbXTdv^s3<E$bs?K_i9XAlcUG
z1}lVZB^Hb&6p9_WJ#^Rq-1JL!i^gGhg=P5{%Yoru>bZJ<I2h<}m3z8gBFig#l%Tzs
zN|ZGER+VVPs&TLyT~%v&Kc=@M4C@y|J$S7$!rZ8FU5;BxTv5fWp^%FR&tLER`Tsyi
znqr5;T;89AQ7z2*$pz`HzGs5X&{vb8dsAg&L{{svg$&86dp`koXT|Nczwu0m;M$x>
zWhBo|c_jYf3@<!z?{^?{{kQ+xVf`!5sL2hcwL509FQUUj9m`$@_Gk!NPt@EIZrFD>
zSsnX4WC_emA1*TKS47@l*%>NRE4Lil9SO%&`xS8bzV*Bk#H&aqLaWmKEdQy#d7e{4
zQ?{!}RZiUg+6-x#iwM%1<Aw8>*@tP}aY4=$%o|3^FIIyayq-KT_AX~PH`(X<-p?PH
zS5ah~r9<;PL+y;N$+k-8w2()pqj#U1tji$$?@{t>=d<YAZ*@Yay7+1%sL<Fwxi9l~
zOFQW+E0*LTLgThvr%iibB-h3Jh#LLKj3@43rZ1P_$u3gl5j5_hJ(M&3Q!#O_-m9fc
z8Br-O_VRe&i#cn5O}TJc71V<3?dqh9v35Qp%yns9%yfj&Ka}{@BXDKMzw<(D{pspg
za4&K73g$Bz#!+7UyHxB8(Wav~Y{F4RkruOk3GB5{e%Vkhem++tn>gZXDyY73Sf*qB
z{FrVxd<9!XYlOZ?3UlAbFrS_|T_V7kg~x_3w%EkKI3X!C?>zERPPy?xlF9IQrkcx+
zz!-?L;lcKV5Q$22A@;3-5{GBf*i=+Q#X3GfQC?~L_x_kH!a5n6`kCr1_BJwxwX87B
z+f80_a^n~?{DeF4G4(vSPkL)&yz^d4qB3xW8Zx7_$?CRiv#cTOjKU-w9pFg~A5Avp
z+Et+n=@L~Xq4DrX`%*(hn}W+V39*Zqwlr212_ackj+S=Ma}oTjXkOCXEv19G4%v>%
zGZT)6qhry4?XzSIQBv)Ot9Y#{7XEPPfWgrJK*HSj#!FS&$Xa*K57<GMN!gdLzz#{n
zN~~!%V}7#Pi?|%DRTXJn*V)$VNi(e?JePLVeEPM^#y5sJTJvQ-Bj_q{HFSW8m~#LV
z4DH*n*+I=He5-I3AE3hHXN~>aL%xcw8_V~C>-!Y|pjooH4)+Y`MlQy~v?&T>Ow%Cu
zqgWD3Eel5+d`}cdhw25SlW9nuEQmH#9}Ue;HJfKz=R79_F6L?>pz%JQ%gpvP8F@Fl
zc^tl-(xQm*gi%QN;>#hr{g!bD$pE{GGVGp?_Y8#=BFDbusvR-9sak(DKDBBhSpM{J
z?mp7YAeb>HM)4G@?8$(=TWn8(%{zD+xAR|3a!1wo8JAVHRNoF$uKP5e1X10pQ8ebJ
z3Ah|>9g;w+CL-|Y!iIiMm;1HO6HkmS40bOG#lVbCfxXX1$+Pz&A+iYt)8DCHkHwA^
z@^}iKX=AJ?aJm(X$$V13JilC#g;D2^bBqM~KX9|vJXgF9&*X!8%+oXmSerPU+Iw7`
zWV_?BXI4l8q~g-08aOS4BGMGZ5rXahN@5JR#5wBu_Do>M-GLTQAgkBe2*({<G{(k<
z!_Z=$8(x|FOy%8JeU&8b^Z>D7-&x5J^N+FC9AW7oo4mcxQel@y%lD%7KMmZ?@v1*l
z0WWK;#snb{0(k+$-UJC7V(v~W3OP?1Qh@ABd+}WG89w#Wkg<l5n9*KNQPU|hKt9?K
z3jWe}Kf=FyWIa8&&MPD(J%Fl$ev3h3dxJ{GyBQjzGc$$p7H7jaL5QrHoZR#+Ow72v
zVM`fBX{(==ZDGB57rQo$1VS5=VjAI8qO7sDpm4RsAM(Rhd4!M(IK4Rgt|REwfck@z
z&^$AOc0EfBa>b0!7F!w9y&WWp@Hov!4H-ZJo}&sNA;S7r9p$}|peH6U{)Z`GGg_nw
zviwXI8TdH$tHc0irk_-s8dOmf@4;c-Ued;h&B=n7%C6RUZ`~W88+eE@ZDG!{Z`hPS
z>|+hBqKAu)X#{v0ew1STRq;%-Mch$>O+AyfhlGJAF{cf;=t<FmPBjgUTmwh3NO(O0
zeL+#dGGMuNsu-3f)DT!sZks$?_c{T&7L{Zx05LK@nh*FQ0oVnEI#1S*7ufQk@e<@!
zCM<KHPaJp?gzq0W+dBBb;()P_6%}u)iV$b&Z{ujPMziUhg4OLhTrncJE)s~WB+wY2
z{-rc@4^G7j*A#yqlmNeyRqACOTk0GAyx~E5RxvP+|19a(f*l8`?o{3M%R(LYQhrbF
z>Qh7U&7RUWe=!}E@X0Mv2-w+qUdSHOg~g)0=nnfO%wpm@r3>Q#ka`he8Q%m(V!mTY
zjWi`)SE24&4yGrF;59yWnLa4tLPAV;Xyf`@Z~kqHNH@`ScDBe@m!RJ#BtPj<E5}NI
zs!hk3^iDt}lg;ogvtam}n8%1EfB%`#m77rMAJUGyJ-v2ZG*08Z!a1g0cjE(GLo7}2
zmcYgD>QVkJM6LN+m;<n9)!3pu|FoL%dV=!!U@{AAO=Fpp_^S&fSNdR*WlrXdS5BjA
z==sFJXlt3h)x`&yc0HL4eoK2--eppLvOe4^dx<f>KaCyTYg3>OwInKklrnLM*^hb2
zRdQbRVxoV1o-C|4yz}ug;h?k%u029eG|ldEa8(JSTx3(VVliBfW>A!2y1j}1#3QW3
z^%8p7D(2$z0-9+l!}m2mA;8yv=k8Q;h&V1hCY(R;wkqu>I4s?u@+ut{z^JB{;|7rJ
zY4=T5-_3|S&|Qn*_{_BdJJG2IXFE*TW6xt7P`sO~KF>Opa-4)+zwxPucUd{zOcf7j
zs`1bAuuSUYbRV2nPcFO&hMo>yxY#OL3^acbmJ)a1u}%q&25%8aA`T<P*_^)~FieC3
zELzVMYpya&wwtLgf00@YNDEhG7<aS4)F(C+HoN<nv}7O?P0^nzFQD2giH5?m?OZj^
zsUvK6C8`wwBo|cs+2#M4@!vVi*(#LSF}-#bmTJ(_i^L2YJT6>_oadHPdz!F`pbm^}
zy!T&=eM3)lyh-Pt?xzOf+T?q(`qdOsJ3Z$V(vj{FWG3a`uV%6W*4(5n>-YErv6Z;=
z#Vf9w%V_Avg7{Fmm@t#dY-GrSt;Qv^P%v|soaeUQ^zr#q5@KAoS(?o?fxgaZ^^)-1
zRvg0NPz0hI<EBvoyLz6bqF%RA?;H_Cn*kb@(`y|sS}4wR#%32{;&XS_wGo!6As)_y
zB`(!zqJdY)$tx@tGttfu+3(1aA3Gq8n+J`7&jb#~N<ZU}w|q;dt8QF0fG%G^&t@^(
zC$07yZV=g<`TycoD2z10RLp3K+IY3E@>`-19uFUbf0{YF;-GNwLC=0$j;^Ks!JCY!
zFZmnOmEw<+BR8;ZS}^uZRp6@aQHMy%&~EMQ$sDKPp^>VHr>@+%CVA{&qlj@&f%f-1
zS-nJ^vOln%tv-gMc6;i9SZ1^sW-vvEVK?YU)Qd3|ba90T;TFHA*dlq`OZ~tT&<X9<
z6Y7nTI<v*W27HRT5n}V@tO(e6{B)Cb)Lpv^5*)$h6t?^6N)`UqA8ApTjh3bpd$v<6
z6cC`voj)6N?Yk}vE`c&fqMwV^)ZEy=F``DV3`bn;tfhAWSABtop$~UI47;wuWlo*1
zg~d|1-GM}#2RBL9p&GyM^Md5N6(28#qzhR&K~h4(yn{2-<myTkIg*EN;Q>Er#Sc@k
zF}EQNFlXjT7$Q2!PTG{IfgUKwMI!*AfM(qObfs>7Brn3sue*~M7))6d%&=SXu5O0B
zf)EPXw_G+TPpSo<QXsfB06&$3(HYZ}a}$mhQp35x3CH^GwfT%XyzzM&-k21DKkZ%-
zvjvicrszj{9Zx><qTc+aYySq78tCE+WI#-t?{?rWeL|+$t&@4Hun%>eC4@~n=&cjd
z{8ObRGje1y26@_LHTx9}tN^a|#<!yxLQ;KV4eh(MU_btBWjMW{T1Xm8wIa86Uq%c<
z3*_qH3pE3Zs0hdWyDM>s8%uzk)_r4~x7KrSgeu&T-LC^RigV8G_fr)P;k3CQO<?%q
z0K4j5)1iH}K0%GKS5~=8;spJ!Xja+dp##^O-Q1#76M?)|FRhgNWfAb=&wRpx&s%Jw
z%)dbwyb60VM~2Iq;o++*K^yLVrb3?wBv@54re(Q~bQO*3A2xjA-O>PTrc~vIx9DfT
z`nbZYT|ubgJb1E9P<cI1>kM>~RqMDKHoUO%GF_l{Vp)K;K4zEdUCWk?^Oko_4wN7G
z#MH-xdN5yYGJuTLs0rRN`qF{xp99ZfxRQoX{jMekvj2X36^Q;!zL~U`d^0AMQJA7O
zEx)?t1{hb=eJ16jO3eCH-JEnXQY&=gf)@z=h%H)m`!?KSsLVT;il=p28%7Sygx%!4
zw%VPzNI8Oei&=UckW<GebH&9lY=I}U?k|5L@Xyq3hL2fkDGK3ZWNkT<0}&0{W^Wjy
zp-;@Dy#(4mWN&|C`ev{lCz;aKW6t$u%vH2oTZ4ZGs%E+S2Yc*_r*=xRoC&cNk9_UP
z6M08b_Gs|_AC5Y+TCvuz`<@*om*z)OBH&MjKM`b$ocSw9-+I!a9A;t1rr=3_Yahk#
zXY12g65N0{<2Tl*cbr*tn5!I!;4_Q6kUBDAdl%zyyR0$B-`nziz33dg4zoZ=<m{z~
z0+me=S6Qz}LG?@{HBUy#&MFJNc|f4ATBc$xL}P(S0Tq)zdgzDq5d{?%sQQ9{;gh;%
z5SJYcMse?`So^v<12UrlbzWSTH{@@?kQ~=H1(<WM-9cEQmUGB8%Seu%)%|~xSHP#t
X1tV9n(X!ViGBN{QV_1!jeZv0$^iEsv

literal 0
HcmV?d00001

diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/index.html b/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/index.html
new file mode 100644
index 00000000..ba2d3e6e
--- /dev/null
+++ b/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/index.html
@@ -0,0 +1,9 @@
+<meta charset="UTF-8">
+<html>
+	<body>
+		<img src="libwebsockets.org-logo.png"><br>
+
+		This is the big secret protected by <b>basic auth</b>.
+	</body>
+</html>
+
diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/libwebsockets.org-logo.png b/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/libwebsockets.org-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..2060a10c936a0959f2a5c3a6b7fa60ac324f1a95
GIT binary patch
literal 7029
zcmbVRWmpqlxM!r~7}7Nyl2W6Q#v!1jW1y7e=<Y7XA@!dij8>5vh%{0%8YD%LA&rz{
z3?wCl%l&#k-rw__{GIbY=Xu}r;f-WdV?9PXZaOkDGDZV^*dsDBfa>-9-VN&O{@2fU
zOV<NsppJq0jcY{Ra7JCPY5nw{1d@^QOZ{&H{3~P;x!&Xo(tR8R_eBPUIs~|og@%So
zx%+qqIyv~cNcjf1=9AR8$;i0(4Pe^lVFf#dp`R@J{|sv0)1zWF)uLi6?X$m!?tAdP
z??OU5t?o@-zm&FVDq|XFyJ$#BvS>HE6PdL<H<8=u9lkD+6`-w^CoptziBa!}JW=12
zJhAgxA)SPe9~6bUo~yWqgoYq3%wMCf(ZrYL(M}G!hC=)h5dwj5Q$iY2P$)NM)Tk5$
z@=jYow*C4T_5UH=9?h|d(m<wol{vS_8UY&QMeym59!-wda)S9EfwNxfz6bg7`>E9;
zwCw2SDGEMdM?5}xT(d`%!9}ww_d_}SY|s@~)J&Gs?w%cw{+D1n(nf{~ou>LQ$=tw$
zIRQ}=7o5sn_dVG`ATwXna@P>Z6nhwWi}ODz#Pm|TGC2cP4S=0o6-y{bh&G5!!V!a(
ziW%2WZF|wC(V&_Tbzcei$pB`RGDLx!#(86iH43%SY$G;ce8<ah7!39unl(U#k+fh{
zrx8H(f9U6Kxhy|;ACniLpuN)ZC2`2~OCxuqYk_Y1qKKn4hBx$k2ObjVFL3lIVjAHv
zRoQ(s%+}u09(^9mIQe~Hf<~iq;O>1GtXfDkZML!owkES2W8W*DJ<Ew7UI?YJgE>o^
zm%s0OovL=+Z*Im!aqRDq5+|piUaUX|atGK@y}>3@{Pd0UjypF$>aq)ax~#wKjp%Hr
zuCm@?MyJIug=@>1AN~A^oybc<@d7S}=p(ccPd|P*gJs=7d^n{~60Zm~Lg2+yX&A`l
z*U#9M2l{8(lzH*BcL_<IeTgH6-+or*Q#SsQy1)xugmGvzTNG(4*x{PH55n7<w;Pk@
zA}uEuZ+g@c)#GD^5p&UI#WjS6H_YxdM54w;D=wv?MnA3UE;+gk$0qe&PO*26XWGDS
zbTEzzUlyOij<bc-OZzppwFp4o0hUjfV}B4tAX?L*PP*K;0%-Tx_JGUU%TICgFs4z%
z@(3ZnWR5A?%oXqaly@mIE-Ui#-N={;i?_!L*Lr7^0cl;ENAm4mbCdhzT_(d-6nip|
zt|7z9y9M(^CPV(eyb#rJ2NQO&u42@@O+>IKJGKpm;BfmPp>+LU@0&KcRO<tmgQVB|
z?Kx{feq_k?Jtf$&?$POYHFIg$d#*B0hDr9n9FX(3XX1W${6uT@;`10-(Fkk=5|P&+
zEC6w(h>n{xKk6s{V@w`HSdF3WAh#*Q(swGS#eZEZno~olFO(<^5}#$3jzwe7FnUYi
zzfG1zQAG6J3O#Fk0pS<h>0=Kx$u-D)W?nibIeITq<j;}_377Qq@36kkeM?lzj9bZ!
z*<-bQ#~<Tb;*{cO5J&A<jh)bk`6Mmiva02-!Q-V^v-dU8wzlo9o_wQ^HYJzM5dR{%
zc1RQjx+E1*zfOz!H$PdFr<<B+n*Eh%!)QKfQ*5#um&^MOi$j3a+FgigmGoxlarANT
z=V3;f{`2sfYNfb8{b$0Zql);GpEP)G%sL@D2fOj159Uli%Hq+CEfRx70=oLDi|zt6
z9}ol}wsC<_H2w^?{rF1rHYA6_+Ht8ra{W73#VR$G%`b1+)NfkKAN^jJs6W-QQ=-gg
zPhmX{TK!}zv(VN!Mt8;i1aV8asa6|cvq{>dC=L(rr14^ZA1Ub;D3Z~vrxhuxf3Bsq
zoB60*h3YJnOA(_$H?{6<N+v>f=h6OSx(o4AptShPsrckA{TVvA_|<2vJR#h3hfdqG
zv^XdZOa5Dg#$8rPRK_Ur6!1?XW08`RbS7KX(TYQB=awF(k>|Jn?G)R|KlK*+oFOK)
zBW_<mll>Z3n<d}L_fO6+(XsUWDlO7y!KTBuE?#ojlVzZQjWd-on~n&t^lg7I3b-Ue
z%YVtPrUoB|2(2mo81Ze5Xg9*;>e>yhwbh7wzuU-Nc;potuC)&(w<f#E_pef5VO={C
zc;MDc{*x%M!;ql}b|Zd0Hu*hLirW-hp-7CnhivH>lCvs`%94tn$Z}O>bRxnlhUD)d
zIb@60?ioZ{CQ-Umh1F>BWuCvn@YM>kaV?zShP8k0afuDgBdHv!;uflK#6{X34*O9@
zma?+f&vHhIwQ1e%QVW{#$5I_CGS7H#stP2|MyHH@`be%A(8wtBD;~Lq+3MBu)bph*
zSSuQQ<bj@*+{3^*q%WAC53+@rbFOajrK~mO_c%&-l{~r|8I}yZ_!-eh+}F_2Tbk_T
zr6X=U-(_n&LS`HrK6rW<)aaxAH%!`=$38*}Ojo_R6-l0={uA;h5P&Sli+;XS%U`Q1
zqwpr<cnZuj$;5c}j%y%Q58&OoS4{QW!hWPVxK?Pg2@p+NTbdK&r**{-f3(#1Rn;+Z
z@@7AV?^t_+o**lrKa=v(Fo<droWG;MxJXN-L75jh@#g6R%@g_>cFbz0=C^;IU(TEO
z{KWkHxOPuXbCx)?8d%Rt(=RpHXr>nJY<<Rt&gJ#4o*i=ib+O}b>LG4Kj#i>MG~f=Y
zI!@2a**36|Zd|8_h{s#&!4C0Enj-7*<+d~C*n1wX$Qg0LrAV8C?ao^EHO!mUpr7+J
znKHMF>k0^4BGmunhDHu70Xv0RA*r;h499NnqdvO={{Vn!uGU;4Eno-8%EK$U@H8Q)
z1isqA)u%F8^1Pwg`a#s<t%i24zjxi{w8ehcFiiau5*m-xE>I_rcpfue@$`=PxYyG@
z*16KGV>Y)Fda14kxvibL+<bEN4!`1A?_9LvsqsE_jNb0nx|tZ#a(V%;TeWL$8NO0X
zq2~l%Fp1AMwJpj^9Ad)3@f1A@!rwfT^N^R}Lf?0ITU1PE{^aJpG~yO+TatW5ra)8r
zG0Z<AdFTw!;$h1XLUBA5KX&6{iSlO0Ihe9>1E&n)Dz?E_KO=XKk}#X5)yCh%8xBZ2
z!9%Z>1V}RWWvHl?FI|seF$Ir|CzfOL%JcNTO`-H}dO6_+CB=R}?AG#fV)WX(Yx=Eo
z<Jr;9%1Pb!W^kgib&fUHiAMAq)lNF}_!P3AfJ$XW3-&2ek7!$-<hOOd#|GB1k>l^{
zpj<e8_3!Pc$70YY5?)%B@>r~Sfs;LiXEh|g)@67BKcaSH&TQ<3zO>ix^*fC8eqhL$
zDPLx`A>w0*YGw{c<&vUM<J)Gm3kQQR7yxfOh63<&3rgf6C98UWSexgX=v!^Qif6|x
zrcXMr77{Mn+pCy$?yvkBk<mgRU>jsSk=@p0aKw=<sFgO-GAhX5GS>bR$`FS%OyN^M
zv{Dx=m1;=5GO$(>*;FHc$x!cNFMB$wDxumvF0^JzRB?6?DC7IuL+_c`2^?018o{V5
z2qXQnfr-7sB;U88#}A3EKG{0?r9OGt32U9AL47@jZ*1R2u<Ial7b@|n1zyaum(8Z*
z<ywd|X6j<VNWk(`1>dW}KbO=+gWjmPRFQ1O+O2RdmLk0Fc?&i&{i%yTF9bh((NMMk
z9i+1_S-R~tTt{D9hq_38$slLm$Hdjcfx&e!YuwTD%mgip|Lux+Zvi*p%#dt3w@;NY
zZ^HAyVJ6?RHvZcd)ZZPc9sQWFM42Gj`?5)uap~2;<iWk=Vo1Hom(*y*)=kQ?@l1s(
z6Vu$YH`tr7_dLQm^Ng8an{K=drXD~IWn1~XWM?lu06jse&*|)X?GrakC+S{8>9?<r
zsaAtT%?ICAeBri3m?`T!lx8+{e(-rwrk^Lth76N!JEfab{fV&qEB^dj$`HuswzW^F
ziO?F0f@DKJLSP9d8tKZs$T?^G@JrOfx#oEP>`X})@8L)?SFl0N+=y3f-e^rAv+GFQ
zXF9hh0ux8I89~nfk&L9r1pzw=Sy3e5s?EmN9;3{XhhDy-4XXK3r%MlUZQ5=53Cbdf
z)qe~KuYE;2*(rtY?5`qle?cL5diE<l$d#H};^I&wFm%7ivZ{!6NHsjWvb~q{W;G(0
z590*^$@r#>?bVm(LGm5sQk;LbQR0EqEjBTm4&)xSUym(dNvsv!edLX2aZJ|=<lGux
zRG#|xuh;}Wy<6!f*ecfwQZTcLVLO)*DF2=>P%zthzu)Xczx*(d1~h90^9klJq`#FL
zF7ohA6~&n~_UuDRC>uJaW{j+Y;MlZ2UAnfGVd^h@;_=@m7o<LddOIr;$hi8~T}Np5
zPCx8U)h)>O%c0~-$x#Ol#ZQ0tD;DDP3iS%A&zL~yqbXTdv^s3<E$bs?K_i9XAlcUG
z1}lVZB^Hb&6p9_WJ#^Rq-1JL!i^gGhg=P5{%Yoru>bZJ<I2h<}m3z8gBFig#l%Tzs
zN|ZGER+VVPs&TLyT~%v&Kc=@M4C@y|J$S7$!rZ8FU5;BxTv5fWp^%FR&tLER`Tsyi
znqr5;T;89AQ7z2*$pz`HzGs5X&{vb8dsAg&L{{svg$&86dp`koXT|Nczwu0m;M$x>
zWhBo|c_jYf3@<!z?{^?{{kQ+xVf`!5sL2hcwL509FQUUj9m`$@_Gk!NPt@EIZrFD>
zSsnX4WC_emA1*TKS47@l*%>NRE4Lil9SO%&`xS8bzV*Bk#H&aqLaWmKEdQy#d7e{4
zQ?{!}RZiUg+6-x#iwM%1<Aw8>*@tP}aY4=$%o|3^FIIyayq-KT_AX~PH`(X<-p?PH
zS5ah~r9<;PL+y;N$+k-8w2()pqj#U1tji$$?@{t>=d<YAZ*@Yay7+1%sL<Fwxi9l~
zOFQW+E0*LTLgThvr%iibB-h3Jh#LLKj3@43rZ1P_$u3gl5j5_hJ(M&3Q!#O_-m9fc
z8Br-O_VRe&i#cn5O}TJc71V<3?dqh9v35Qp%yns9%yfj&Ka}{@BXDKMzw<(D{pspg
za4&K73g$Bz#!+7UyHxB8(Wav~Y{F4RkruOk3GB5{e%Vkhem++tn>gZXDyY73Sf*qB
z{FrVxd<9!XYlOZ?3UlAbFrS_|T_V7kg~x_3w%EkKI3X!C?>zERPPy?xlF9IQrkcx+
zz!-?L;lcKV5Q$22A@;3-5{GBf*i=+Q#X3GfQC?~L_x_kH!a5n6`kCr1_BJwxwX87B
z+f80_a^n~?{DeF4G4(vSPkL)&yz^d4qB3xW8Zx7_$?CRiv#cTOjKU-w9pFg~A5Avp
z+Et+n=@L~Xq4DrX`%*(hn}W+V39*Zqwlr212_ackj+S=Ma}oTjXkOCXEv19G4%v>%
zGZT)6qhry4?XzSIQBv)Ot9Y#{7XEPPfWgrJK*HSj#!FS&$Xa*K57<GMN!gdLzz#{n
zN~~!%V}7#Pi?|%DRTXJn*V)$VNi(e?JePLVeEPM^#y5sJTJvQ-Bj_q{HFSW8m~#LV
z4DH*n*+I=He5-I3AE3hHXN~>aL%xcw8_V~C>-!Y|pjooH4)+Y`MlQy~v?&T>Ow%Cu
zqgWD3Eel5+d`}cdhw25SlW9nuEQmH#9}Ue;HJfKz=R79_F6L?>pz%JQ%gpvP8F@Fl
zc^tl-(xQm*gi%QN;>#hr{g!bD$pE{GGVGp?_Y8#=BFDbusvR-9sak(DKDBBhSpM{J
z?mp7YAeb>HM)4G@?8$(=TWn8(%{zD+xAR|3a!1wo8JAVHRNoF$uKP5e1X10pQ8ebJ
z3Ah|>9g;w+CL-|Y!iIiMm;1HO6HkmS40bOG#lVbCfxXX1$+Pz&A+iYt)8DCHkHwA^
z@^}iKX=AJ?aJm(X$$V13JilC#g;D2^bBqM~KX9|vJXgF9&*X!8%+oXmSerPU+Iw7`
zWV_?BXI4l8q~g-08aOS4BGMGZ5rXahN@5JR#5wBu_Do>M-GLTQAgkBe2*({<G{(k<
z!_Z=$8(x|FOy%8JeU&8b^Z>D7-&x5J^N+FC9AW7oo4mcxQel@y%lD%7KMmZ?@v1*l
z0WWK;#snb{0(k+$-UJC7V(v~W3OP?1Qh@ABd+}WG89w#Wkg<l5n9*KNQPU|hKt9?K
z3jWe}Kf=FyWIa8&&MPD(J%Fl$ev3h3dxJ{GyBQjzGc$$p7H7jaL5QrHoZR#+Ow72v
zVM`fBX{(==ZDGB57rQo$1VS5=VjAI8qO7sDpm4RsAM(Rhd4!M(IK4Rgt|REwfck@z
z&^$AOc0EfBa>b0!7F!w9y&WWp@Hov!4H-ZJo}&sNA;S7r9p$}|peH6U{)Z`GGg_nw
zviwXI8TdH$tHc0irk_-s8dOmf@4;c-Ued;h&B=n7%C6RUZ`~W88+eE@ZDG!{Z`hPS
z>|+hBqKAu)X#{v0ew1STRq;%-Mch$>O+AyfhlGJAF{cf;=t<FmPBjgUTmwh3NO(O0
zeL+#dGGMuNsu-3f)DT!sZks$?_c{T&7L{Zx05LK@nh*FQ0oVnEI#1S*7ufQk@e<@!
zCM<KHPaJp?gzq0W+dBBb;()P_6%}u)iV$b&Z{ujPMziUhg4OLhTrncJE)s~WB+wY2
z{-rc@4^G7j*A#yqlmNeyRqACOTk0GAyx~E5RxvP+|19a(f*l8`?o{3M%R(LYQhrbF
z>Qh7U&7RUWe=!}E@X0Mv2-w+qUdSHOg~g)0=nnfO%wpm@r3>Q#ka`he8Q%m(V!mTY
zjWi`)SE24&4yGrF;59yWnLa4tLPAV;Xyf`@Z~kqHNH@`ScDBe@m!RJ#BtPj<E5}NI
zs!hk3^iDt}lg;ogvtam}n8%1EfB%`#m77rMAJUGyJ-v2ZG*08Z!a1g0cjE(GLo7}2
zmcYgD>QVkJM6LN+m;<n9)!3pu|FoL%dV=!!U@{AAO=Fpp_^S&fSNdR*WlrXdS5BjA
z==sFJXlt3h)x`&yc0HL4eoK2--eppLvOe4^dx<f>KaCyTYg3>OwInKklrnLM*^hb2
zRdQbRVxoV1o-C|4yz}ug;h?k%u029eG|ldEa8(JSTx3(VVliBfW>A!2y1j}1#3QW3
z^%8p7D(2$z0-9+l!}m2mA;8yv=k8Q;h&V1hCY(R;wkqu>I4s?u@+ut{z^JB{;|7rJ
zY4=T5-_3|S&|Qn*_{_BdJJG2IXFE*TW6xt7P`sO~KF>Opa-4)+zwxPucUd{zOcf7j
zs`1bAuuSUYbRV2nPcFO&hMo>yxY#OL3^acbmJ)a1u}%q&25%8aA`T<P*_^)~FieC3
zELzVMYpya&wwtLgf00@YNDEhG7<aS4)F(C+HoN<nv}7O?P0^nzFQD2giH5?m?OZj^
zsUvK6C8`wwBo|cs+2#M4@!vVi*(#LSF}-#bmTJ(_i^L2YJT6>_oadHPdz!F`pbm^}
zy!T&=eM3)lyh-Pt?xzOf+T?q(`qdOsJ3Z$V(vj{FWG3a`uV%6W*4(5n>-YErv6Z;=
z#Vf9w%V_Avg7{Fmm@t#dY-GrSt;Qv^P%v|soaeUQ^zr#q5@KAoS(?o?fxgaZ^^)-1
zRvg0NPz0hI<EBvoyLz6bqF%RA?;H_Cn*kb@(`y|sS}4wR#%32{;&XS_wGo!6As)_y
zB`(!zqJdY)$tx@tGttfu+3(1aA3Gq8n+J`7&jb#~N<ZU}w|q;dt8QF0fG%G^&t@^(
zC$07yZV=g<`TycoD2z10RLp3K+IY3E@>`-19uFUbf0{YF;-GNwLC=0$j;^Ks!JCY!
zFZmnOmEw<+BR8;ZS}^uZRp6@aQHMy%&~EMQ$sDKPp^>VHr>@+%CVA{&qlj@&f%f-1
zS-nJ^vOln%tv-gMc6;i9SZ1^sW-vvEVK?YU)Qd3|ba90T;TFHA*dlq`OZ~tT&<X9<
z6Y7nTI<v*W27HRT5n}V@tO(e6{B)Cb)Lpv^5*)$h6t?^6N)`UqA8ApTjh3bpd$v<6
z6cC`voj)6N?Yk}vE`c&fqMwV^)ZEy=F``DV3`bn;tfhAWSABtop$~UI47;wuWlo*1
zg~d|1-GM}#2RBL9p&GyM^Md5N6(28#qzhR&K~h4(yn{2-<myTkIg*EN;Q>Er#Sc@k
zF}EQNFlXjT7$Q2!PTG{IfgUKwMI!*AfM(qObfs>7Brn3sue*~M7))6d%&=SXu5O0B
zf)EPXw_G+TPpSo<QXsfB06&$3(HYZ}a}$mhQp35x3CH^GwfT%XyzzM&-k21DKkZ%-
zvjvicrszj{9Zx><qTc+aYySq78tCE+WI#-t?{?rWeL|+$t&@4Hun%>eC4@~n=&cjd
z{8ObRGje1y26@_LHTx9}tN^a|#<!yxLQ;KV4eh(MU_btBWjMW{T1Xm8wIa86Uq%c<
z3*_qH3pE3Zs0hdWyDM>s8%uzk)_r4~x7KrSgeu&T-LC^RigV8G_fr)P;k3CQO<?%q
z0K4j5)1iH}K0%GKS5~=8;spJ!Xja+dp##^O-Q1#76M?)|FRhgNWfAb=&wRpx&s%Jw
z%)dbwyb60VM~2Iq;o++*K^yLVrb3?wBv@54re(Q~bQO*3A2xjA-O>PTrc~vIx9DfT
z`nbZYT|ubgJb1E9P<cI1>kM>~RqMDKHoUO%GF_l{Vp)K;K4zEdUCWk?^Oko_4wN7G
z#MH-xdN5yYGJuTLs0rRN`qF{xp99ZfxRQoX{jMekvj2X36^Q;!zL~U`d^0AMQJA7O
zEx)?t1{hb=eJ16jO3eCH-JEnXQY&=gf)@z=h%H)m`!?KSsLVT;il=p28%7Sygx%!4
zw%VPzNI8Oei&=UckW<GebH&9lY=I}U?k|5L@Xyq3hL2fkDGK3ZWNkT<0}&0{W^Wjy
zp-;@Dy#(4mWN&|C`ev{lCz;aKW6t$u%vH2oTZ4ZGs%E+S2Yc*_r*=xRoC&cNk9_UP
z6M08b_Gs|_AC5Y+TCvuz`<@*om*z)OBH&MjKM`b$ocSw9-+I!a9A;t1rr=3_Yahk#
zXY12g65N0{<2Tl*cbr*tn5!I!;4_Q6kUBDAdl%zyyR0$B-`nziz33dg4zoZ=<m{z~
z0+me=S6Qz}LG?@{HBUy#&MFJNc|f4ATBc$xL}P(S0Tq)zdgzDq5d{?%sQQ9{;gh;%
z5SJYcMse?`So^v<12UrlbzWSTH{@@?kQ~=H1(<WM-9cEQmUGB8%Seu%)%|~xSHP#t
X1tV9n(X!ViGBN{QV_1!jeZv0$^iEsv

literal 0
HcmV?d00001