From 8d7b3d6dc27f8f07e96860f06d0e259b56c1f5bd Mon Sep 17 00:00:00 2001
From: uku <hi@uku.moe>
Date: Wed, 20 Nov 2024 09:30:57 +0100
Subject: [PATCH] feat: add discord login

---
 bun.lockb                            | Bin 136864 -> 139464 bytes
 migrations/0001_init.sql             |  12 +++++
 package.json                         |   3 ++
 src/app.d.ts                         |   8 ++-
 src/hooks.server.ts                  |  25 +++++++++
 src/lib/auth/cookie.ts               |  19 +++++++
 src/lib/auth/discord.ts              |  14 +++++
 src/lib/auth/index.ts                |  15 ++++++
 src/lib/auth/session.ts              |  76 +++++++++++++++++++++++++++
 src/routes/+page.server.ts           |   5 ++
 src/routes/+page.svelte              |  20 +++++++
 src/routes/login/+server.ts          |  19 +++++++
 src/routes/login/callback/+server.ts |  53 +++++++++++++++++++
 src/routes/logout/+server.ts         |  16 ++++++
 wrangler.toml                        |   5 ++
 15 files changed, 289 insertions(+), 1 deletion(-)
 create mode 100644 migrations/0001_init.sql
 create mode 100644 src/hooks.server.ts
 create mode 100644 src/lib/auth/cookie.ts
 create mode 100644 src/lib/auth/discord.ts
 create mode 100644 src/lib/auth/index.ts
 create mode 100644 src/lib/auth/session.ts
 create mode 100644 src/routes/+page.server.ts
 create mode 100644 src/routes/login/+server.ts
 create mode 100644 src/routes/login/callback/+server.ts
 create mode 100644 src/routes/logout/+server.ts

diff --git a/bun.lockb b/bun.lockb
index 5ccfe2be3f324579e28a81dffeb02b4e97008e79..3cfcf9cc256fd4ab2e525f5a3466d019de7c8a52 100755
GIT binary patch
delta 25479
zcmZ3mmgB@hjtP32Z_ginpxqL(eDf2B-EJqtn`i9Uvcl-hkMA9~E~o8SFMrEIfr$YG
z5+{bs*T=>(g4j^Z#lX-Y%E-W=$iUE$lbV>8lUl-%Sd?6nnasez#l*nC&A`yW%E-VV
zfJA?1U|`^5U}z9#hS2QH3=BLB3=L(OC8;1|(~48eQu9iR3-XIgl8cKO8d(?^co`TP
z%2^l~xat`g8uAkJ@-tHy7*dOqN;7j(7@XM|7{nPE8g$ti7{nMD8pNSABb0v41`)r;
z#=s!Tz|e4rje$XgfuUg?l%55p+n{t2l#YYaUQpVMje(&aq*0lTfkBvop+Nvj|7C^n
zUqR^`tPBi73=9p&p!60fy$DKAfYL?zIXR^T3=A*$85m?47#hy-Gcd?7Ff^=(@~81L
zFi0{mG*s|2Fvu}5G=%Uo)HA3sFf^F(GcYJHFf@okB|h^pFeo!HG+g9kU{GRUXxPNZ
zz#z}S&@dTFm-0aj2!ryi_#hU^^D!_;GcYs=@j-(483O}@AOk}~YH?0xUI_!kYzYPi
zP!#`@fJ9+VYJFKAD2~2BB_2ZQ*Afg2oD2*NDXFOix|zicJrWEI{0s~Y%~0`oQV@QS
zG{is`X-M3cOF-g2NP>Yum4TrlvsgDhCqIedhzvxXy96W+Wv1ul7o{>V*wjM>(lYZ>
zbV~~ue#=4>e1Osgx;gpDi6yB8x;dG-nI#M#<RJ1oP#-kPLkv#KNh~QzO<~ARtt<n1
zNLK-(P8RC$)Z)^T%$#C|)Z)U@)S^lT4Mm8)q}1YqqSRCd1}+ImoG(^{_&hN=zX%jG
zF#4Z3#Akn%Ao8!oA&D*}HK{b6fq@~n7-TI2!+mjx#X2gG5NcGJJd0Va{;(<}fHD$`
zb<=VZ(|4#sly$2?V(OL}#65{wVCOR=t1~c2F)%dvt3#|QEy~o*DrR6PD9x)(&QD1_
zD-KDLJE6{)Ee=T$ec}-FR%=3NsC<1x4OBysIK-kPaYz#Qp#|}GR<UknVr~vYVo`cQ
zVo`DG8!d=`m2@Dqs1C%y4LT72gQ7Jtr<frO8ZJ&yhpg6xWJ*nONLuFxJFFg&24NB~
z4X}WRIS}SBSj3?F2o@1Ai(vu&RS)7Zm<M6z&Jbf@PyiJ(^<oeg9WZ79XF5(}NTyn0
z%)lVQz|io(2;$Q_3=o6R)4G!h#OLm25cys+2tTPPF*&uEfq}&wBJO1liRwA#5c%BH
zqV)PyBL)T=Xj(Tng9LqAVsS|!0|P@*YH4w1S|!5-3rJK1T0$H$*AkM1)S>E&Q*+Bw
zix?O*j3K4P8zV?DlP(7Fz;z>tg%=ng`isj_b3jG#85@RraLIkZ1|pGY11Tmp*gzbz
z1S+0dT$EVA04j)cbyM@o7^c}ke9~hB@mUR2y^jqfj$c?qLX^(|QedyJhtNA6Ao9hD
zDc~9)w`lS%Hn)0M%)nyqurnlWGrK~Z1&eW546kv97$@llaYk}+acXfg1H(*bNI11Y
zX;*iMzrpDj6rNCX<Dv2s7{K)fcS94jruyPBxr<%Ri{A^P@1-XLgBntW1q(M=utYLI
zN>?8SNEZ0w1JMV{0!67641T_of3eHebNE3*>9G%_(7oUTab`+tSz=CUDnoL9es*Rm
z1H)k-h%p9GW6O&Y^U`xti`E1}oZ%D%v2I@wBzW|LAz5817@`jrivl5#<k1GvSKp8o
z2+^3EnF|i~fIvtYQk9<qE}I+!AsUPWA>pYJ2q}YPp|o%y!~>jAIw~B(_Y8-4=m|4K
zy-Wloz8C@_;qV{=lnzxG8er++QUt_;6A=&t_D4VzZi|>~#VMDxFB+15=SM>_U}H3-
z>`I9SnZwZF5e@N2X<kZZawY@AyI6?3EAvZ}GZ+{ca^fKF*ct~h{!bhvfD(&!OA?cE
zQYXhx-o>d_|2qNVinmaDVj{#FMX8A?DVaqDiFuW|i6zMyMXAO4Ic2E~+may8S(5}Y
zc3u)he@0?)et8}P!-r%@_!HSosc)cWJB9RSiU>mkdOKxr*5prIZcI0FCR=gqS+pFT
zq-nNTw%s=M(f$94#qO`zboOT5d$JrxKby{HeWXJ2P1C%N1y}21!n{~iUgku}MlR0a
z=4LdToGE6{xM1>1F?-Hyj0_AW3=9oSlMP+XIYpTm7|a+L8W<)U>X@^7GchnYOn$3u
z&DsrNiCc4?W@2ElVPI%rocvMMoKuk*&eJgGjAdqEuz<*Em@_S4p8QJ8j){Y1vX;0V
zlLO1-EO9%gK9<R=#O;_auuOg>ZpS3WI$2A?jwzCLa+ZW0YZN;JgWu#_32W9B><kP(
zVAdBn%Yg$X)&pnV;9y|z0;^NvWMJ?Bv$Ei<O>ovPILnC(rmhRlx&&uQal>SjxEUDS
zz~-%hv);j3COk0NDjo&~7qGg0a269UOw0|=>VmPD?($B~lCxuF6<}b9o}4RZ&6*&<
zzz_*$?SzYo2r@7PgT>MX85m;0tRsR944Gh-t`Gx5BAC@D1e1L&#K4da77G$)U`PeC
zwhJ>b#DiI4A|TdU1sfI-n1)MWA&>(MMZpe`w_y=wU<e1PXL=|)d6kkKlZ@EpS4wuA
z*TfhYOc@v&I46HpGUr?>0f}>l$s5JYIr$_R7(Bq~XQPriQ<&uBSITxwZIY9<RP0y}
zNis0lOkOK)&Gb)l@+uWOCJU*_uT<<f^Q0IU+`#F?P{o{cixdNc6$3*9^W;J?bEdyi
zlUJ$QF~vwvex+*1G(&o_mYN;Y9qGwgYIdA5G7JnwV0|A|&6)aSCcjd%V>%}@SxeoH
zl}na^!EW+f6>BCB*~zQa?Ko>d0t^fdY?BSu%vpEIGBB7;eyd^4$tK6ZV8_7Fz%u!x
zhB>DTl*b0*F*V6eex+f@xl0a`3z#Q=6gTJm4OPMb=2^-^{L2B-z}YPi2@4ibZeTht
zKUqu5j_I%b<SZ>aP74KyMa*EiGKI;nwCp(dC_s#6n*34CoavLo<ScDFCL_hktF-Mn
z^AsV$%r$wVwmH)p#mQPacC5b?85pc4uT{5Z3RjxEO2>|=OKI{e9XrmwN(>AR3=9n%
zpq$FdrVI%~7LZm>2W19^0Js+?C^Ik^fq8}!=A4I=85nfH@%2&5ob#PB#EtBeH!7KP
zTB|_fg$eApJ{1NACvd!g0_uVaByTfMHdHs~R8obQ$pi{q&JZ{cq_PdlV*$k{=S5Wp
z1{Vf~26nJJMb#jtKmy-a4PraQ)icx}_A!CNi}Q&ZBxD&Ue^fDNQc$0qWoXA)tIog>
z197~s1&cZZLjb6B;?&fDlwmBBKPsDZ#%e(9V47^GWzIBJWAZ8^JJ#D83=EE7#WI=<
z459EuRH!*Q%h---hvwu}#&(>aG#MBiA;q7TIg_#0WGxdr&T=hCv_Mk-8ZAh;GlTuZ
zt<AvT2M!}psHAH{B9{f6Qs!#I+yN>nuWG~eZPYgB)YF0RAmNaw1MxYeOx>viiAzZ8
z`>eyjV9vnMzz2#GCN15`ugvV2l5{6)ncHz5&}Crof&_<(IVYDM1A`|xo;T{4a|Y`%
zFa&{lhAQSv2lOUuS=cfC*PEPWVaMd5KY5jf9p^-Sh~pv7y{`|6C~(owscZmoAjA>L
z29O}&0(qKghQZ`lmUgU{3_vMU*W8+u#}J~J1MF`fLx{f_CKqa(bG8^l;+P$j;5iQ&
zLShwc3DZAAu&a!XCa<!#V{J5IU<jN1R>_(*!5CBwgIG_D85rWgV%{bU3?X3Fd=pUN
z`&P-C^Qj5MUPe%=XEHRMoMmgrlxsS9m8~7;a#MI(RyF5*YYGd~jq2u1fo7Al?CdzF
znLz}>35D~586*)ggB{9e4sj?uIJrldL&Am?oHUo3L-etOqJ;ClIYb{LIPnQvK)lNe
zO8iWL7L&6a?3fl?OkU++$8^nN@+${BCLYVlT8?&{v6e8$8|s*IuCatTmvOS8i8<#d
zO9lpeaKvu3HRrUmg4n=5xzN^}v&f2pAq<l7l`UATz<EH)npMIY7AkSp5a%&Y2F3ge
z>&aQpcAOG65Hnc8=3lpgxRMd<N>SU%S}t}>;kJ{rT<kbk+CmCAW{~e#KiYzu0CqNv
zc9XSS?KqR|AW57NB+EI|4iYZl6vTSh4qV);TQf=8Pu6m?<4m%Lc!~)eKl|+`uX3~F
zRCRzPT1au9?=V@*-H!E~1IYEDnnJ{J@+x;bP8UZ820d^t1%*zLBLjm0q%2o4=Un6n
zNnqeYm-7~!XQ*b*Ddfb!5CYDSg%0MN^PC_mnI{{Hn{!@+^7tnkT9`BOIZs~YX~!hs
zGWnIK9g{1Bs&bi}<z>gT$z}2?FFPiFS5Vk7`MXZm^0wn_c7;S3JGiBE*cB2DY~UbN
zcLUW^oTYA%PzHw`=Snw7{sPx6oZq25W>A5~>E{lKBqmUnVd`+7tmSLRw9|cZmaiQX
zm&fE)zIL2R9uTi^f|YFZn5^Yz$He40Im^$E)!CDQ!FsZ;w>4*-C&V3)z%cNFIDiqH
zi2J=Dr8LWALq~JYgI*9TSwQ6?=Wj0thAePEebg{#s`8$!6=27?${V7c6|DW9H^jrt
z;6h%`2X2vuIcK*IBxIQ;Z*(_j67ij!6==sA;R~u{bH%JV`+OnU2U2IA@`XenBv^#}
zAX>roBBz%h#7c0T!&K)t`Bjh|=Wahp8ey7T=w;5y>JJG=a4O>r_J^cER&dVj^oMAN
z6gGSP85pd=<#(aBInxjS$yp(GObr2(SB2Pd-VbD8NCwM+8oF^o3=9ci-bQhA)=NR4
zY_vAOhB0{Zs!%)5-e5?9%rM!|+nniq@MNtpJ0|&%$ys4`tf?Uk49SyqO{|$tgiL-F
zX2&TLitIa|P)OYib`aB?(8;U9?Kn?|!ZHFVjS7ZAat#|OTd;<Pff_ElYSyfiAuLC0
z&WmBN;4}0#=j08C@R-0QObV382#Q9g1>uudMcOev37`Bb(vC?ZVzO409aCw<<g6$=
z&c6{14B-$zx|=hFL{5GcWyiWG64W?-t8C5rED~ZY$K;P;=A24Vkkr9Axlq%B1Il5V
zyiweoX<8IGQ=E&MoE2lo#2r0(Rg4|$y=YJ{tc|f|b&LVEMnSAaG2m8aj15aHsFev4
zii-s`bJxaLGwqC>tQBX+`Ztz=!FIB)x;3X&93*uzgY0K2kDL4|&W>q+++?kIJ5IiM
z1_mE+0cfaZ&J-0tc~!g})AIPquj1`kSrQl+EGFyfSTorqOwLNM<19#EV9*7Zh#M`;
zIk$qO!3i5w{ct8i!WxqFe4#vWuH#&k2uo$4D)~(!ELj$6o3pAUfh>8eWzCeHG&w8D
zj`L~~14A0PKmz3#>*UF=lI)nulP7B>+i~tmh9p8rYv^w>B=JBBSNoL7uafOp%TpK_
z{3pLnwq`w+!oc7QW(lXlSP5{}S_muEh9#AO!5gg1HI0G66U^#^v#!Hg3h6M}OgL*3
zob?;da>;<H>&;+ba0i=r1<sPrgo!1=St~Oc7+k^X-oaVMSun8*7)#?}76U^RD6YWc
z6bRx}7Gwly%e+-QSNMJZOb!r};Iz($L^?QdICJ5=k1FPz^Rpoti49yrp3jEW0EJrS
zOn<W{zsj;>GR>K+m2JnFmIDcJNG&@nXY#6SJI+Trkn{|WY9_hd$yzyfOvSmAvvRCJ
zqlci`2(aVCz$AE7iGi5`JP5`Bnnsa=iX+pYxfU6yIEV(RlZA}XF=#@?K{Uu59Vj0Q
zT@RWPVQ_{jpg&y?v6&K!g&4riX0Sn_V3Gtr)P7LA8?2RN1HigaEo5O}U;qv7DKjuI
z)G#nGurV+&fW`<xN<lOz>RK2Wz)?GyBcF#8B+&{YCbQ<NgLxfbo@~B(JxFm6h{wRd
z0HQ(h+zZv*2c`R=@*o-{4;q;S>6-)<2hkw$$xuEv8YDjjDi5MT>1H~(q0Yd-Fdb^q
z45$KR8f4KdsQhfGJctGvI0woH(I5logVastEl{8AQ@}Afr9dDNq-rThl!1X^8B{fh
z28H1&C?A;ysb38h$47%)wHBmqa%q8lJt$1KgLn)K3?Le0$_^+WM1xfCg7QH$NPahz
zkBtWTWgk=?nFg72fB`%Y!0-er|Ac{|9-Nz>Lj^!I$buIP;NeS#j|>c8`7aC%3?Ku(
zLDhk15dR01528U9|Az9h(cGZq#t2DrJd6ws91IK$B8-z)6-qHOOx{~4UeC(Fz#zv6
zu}A^r3I+xS5Dj7~GD6a%5|ma32{JG+Ak!cr6{vnSs5*6!AOiyfhz2=W6DqC+6-S~W
z*$pHBQmDhozyNZPA(S?QY5>vf3=9mmjNqYB1}~^Mhz2peK?DN>12PQ~@_{<c55!?$
zV8Ep7AwKknDh!0u!B7n#8WhA~P(FwTF~dOw0|Nty1~DU`K8yr$K)D@iPBfH{O!G1@
zFk~=7(nL=^R6!3C4JsZcK@FVD2uTampa#x>(zBrIk!g_7Y(@qKP*#}_;xI5UV531H
zy%1`C{URu1F;oMH1}RtyO)P7n^6Q}T$TY~JO^o0{dWL<_s5uQ)e+H`m3L|(>o#8Rm
z;ZLFFK<Ro05Cas%FQ5{X(4e&QmJvK10#4B&bD5bSQOv>w2}yP+p9ADehI$4D5Cdd4
zCs=@i0YroNpmhi!nj0z(qCrev5CNK^A%O-d<p&WA3=AL|WUc_nA)xdx2$cZQJPZsB
zvLFdiwqyc(f&sdW0!)K6DnivG(;y*b5CO`bOpsip0p;VPLH09%6o3rYglYiMprF%%
zIzSIf8$jhjG)TQ6l#h)DNf|Ri3LI+?hk=0sM1%C%K>0RI4E5kj&lYNdJv5G-pbC&_
zkVa={$hbh|K{Tk16b0pzPJ{i=z(Bf2NSRBCK2Yw716St^3=DBlA7G>TLDT+BkZe}T
z1StXApdr=))rU@loCgXS5Qec~G$?8%p;c@>auX7y0K^BG32H)u_#he-^kg(8iD^mJ
z4`5Rh<h^<ZybhqKDG4&4P*XI3kODM$P@=)xl$`uGPaM>`VHj;cj<z2m^#`ck2uh0}
z8kDs`?M4tEM1#r#Z0$ynJV<=B{Rj#%%yuIvd_e8V(e@*>y$5PHf&v9ZgMw_d{W#iw
z9Bn^R(mn*`CVcuqO@X)oP+p^E`*E{nlL}+~>@`J}1{t&GzuLpRNae%J8PyYiecir#
zR{NDbVrNr$9Q<@=CQtvNe5um<yGIz?4{h}sKjL@ReB=E6QIRQaqyD?w;6mXa|37GN
z6yy~UX35!T&35s1p!i&_I-a85XW5s2BnM8ssm!>e`*GC1*E9L-qyKT9-YZ<Mz#;kD
z^Tae?LwVbLlmCVv43=;13(8Nun1^IAsIvz$6ogsYJYKvw-J$(cz<t7MiR%uwGlDLM
zImJC~c9~oA-lA&N!m{7W>}eDJ*05>DpW2r5c$d3I>fI_Q|CJ)~`+7e~q&-A3myLm8
za&!w<{d*sQHa4}nH!LKSKid59mwbIuYsm@q<irOrl?*eR8N+mZ`6p*@S@mo4y}dQl
zCGWhx@Bb=A@{{FCr_EM8$6}V2A{hx9y8t;8gjwFz+DM<g*2DEb>FxX7cRsJZ%l)<T
zwdyaQt`?a+%7!c*t<SoSaFp+q{9jbkmwGYmhy03@`+s*CPUWApy57mM>5l2-zbz8=
zUj?STcq1OXs_IQ0uZ7vWV}B>zeZG7rpM6Bo>rLys{`u{>E%kX$ol9tfwRx-S<f{>(
z$Bu4UwQl`10mtbkClwcNL~<Rtxd?I^0|NugdHxUcy_GN73TSQ;ujxz|Jo3JC!RCZ#
z=HasroHD6Oy4-jo+OyNHTJ`aJ&99kJMY5_X_3@<_ew^H&n&H4Pz5BWYlEGY)1DnGc
zxhJn|4rk<<%-9mn$U8Z*C7h9O^2U~MM*hj1t>KIUlM`FR83iZrYz=1=nk?8B&L})N
zvn`xaWb(nba7NL|lI`J)Vv`Ho!x_aVpKK3jl$fm85zZ(%xw0diQEKwVj&Mfl$(o(v
zj53oOJHr`eC*SN0XOx?4*cHwwKe@9joKa!&!>({f#mSc4;fzX?Cw7N3Do=jd9nPpS
z*|8^_QFZdno^VFB$sc>d8Pz9y_J%WROkUU<&Zs&0XKy&8*5tsxa7OLPEBnG3btW_R
zhcoI<j_eO-)SJAqKb%p2GUtSFMuW+T6T%q{C-0mP&S*4QaAG*4@#M^j;fyAe4^9kc
zG@UFtDV))4a^a+KM)S!hCxtUwOjev6&S*Kga&q`&i)p-*?@sn+w4SUvC4BOWX}ptr
zr+72kPQE!MeDaLxypwIGdNbNj?wlGv*<%Lp<hN738678EP79y>V+QZ!xzoHEohQGX
z7Cw2!Oy0@9)4ds8C(oQ7J~?6*@8rMJy&2snd(H@-%rTpH^4b~RjGmK!&Iq5pV>a*P
z*qPpp-ji3(44<4ahj%jXEN@2N$&s_dCrixboxFFJH>3Y#&e`FUPt4_=oIBf_F>vzE
z+2NBb=J8IJo#V|IJUMet_+*Xwypzw)@n#I2EIBuP@{RetlWXUCGlow-IX8TA#{%BT
zy7RmlBPUnR3!iMUkazOkdESiClQrjuPkynGcXIE1Z^qckH|K{>p0S8`vh4zI#`wvd
z3&JOREasj3c7Zoz;$+K(;gf$X=AArup*Lgl<d+M>C$Ct-JK1-UH)HDLnTx_FM=a%?
z{CANzWBO#z#o?1VmhnzryV#pCbMnu{;gfeP<DDG4#G5gD^2#OQlQWj{PUc<e&6qnm
za%uQvi50w)_b&Bj%%9A;EPV2b6}*#kmw7W5PTsjJd~(G~-pR7dy%~!qXD$z)tg(uB
z^4aCyjHQz$SA<W#v5I$c?Fw(k^2sMxgir2R%{y6lr8i^c<jR%dlP%WpPQJU+o3VPb
z=Bn_?FV^r*?p@{0SUdUVs_@A(*78oaUG2?SKe=;t_+*cDyp!Lq_GWCHY`G?U@{e`A
zljpASW^A7Pa!vT;73+B?`>yq7Y@IxFZTRGf4ZM^8uJvYYpX|9Vd@{#I-pOm%c{6rS
z{<$uE@{WzXlVjI=Gj>m2xjuYy#wOm$yc@h3dnZS32%jvmnRoKu4c?6XlQ}nrPd>4k
zcXIAVZ^ns}cWw-yT(O0Bvg{^r#>ta2H-%5u*vdQk>?Uu<sgor)hflt-m3MOOW^cyn
zlTU6ApWLyHce3slZ^oIEE4PGCw%E=)`R*2P#@UlKw}wxCv7L8v?^bWdxsz{h4WB$?
z2k&ItZQhLYCwFcOpX{-dck<h9-i!+;TW$}Z{9`BY<hk3u85d7}xjlUHie0>ueRp^>
zE}cAcNBHE3-Mo|k?(k+@KG}0;_+*Yfypz}N^k!T+`RC5?$vgJ&PLAE>&A58<%3a};
zGxqXM=H2bhxOQ^n?(oSH`*<hs-R;e|elq8t@X06k@lMX&<IT8n^3FZslPmV~PL|#4
z&A54T=HBqh8V7hMpWW-txOKARzVOL64)9K{-RI4?ee%hD;gdTK@=n&>@6EV#a^?Q;
z$rgurC*R%g&A5BA=7I3ZFAnie?mghmxOei+1L2cr9Oj*Dd(fM4|K!et;gda%@J@bv
z(3|n#WXnV0lYboHojmuDH{;>SFAs%JUU8InvhQJU#-o#G9uA)zag2BJ-^1RF$0vIp
z37^byoOkltBi@WBC;vPWK6%G+-pR2?y%|qWUU@Wpa>fbX$-KwB8P86RJQhA#;w10n
zy~n&6&rjw&9zOZRN#4o1$GsUZPTqMud~(Gp-pR5jycsV~&O8x5S>rVC<g+Kd8Lv*3
zJQ+Uu#%bQkwI{t9uTMUCGJJB!8Q#gdr@R?&POdx^KH1_d@8r9uycus#);t|P`Ndh@
z$-Sq&8ShTMc{+UZjB~t`ZO?c!-k;ogCVaBTdEUuy&v-LFoNReEeDaU;yp!ji^=5oL
z`Q_R0$ty1KPWC<L&G>Zk%yZ$BBQEkz{(H`w@%d!W^Wl>@F7ZxYd)}Mz<>a5|!zb^!
z#5+0mf;Z#q$ty2}PtLf^JDK;QH{;vMkr%@!OI+cdy!WCv<NL{+m%=BXxWYR*_mVf`
z$H_Y{g-@=y$~#&1vNz-B$(fhKCu>~eoqYDPH{;jIl2^hf-?+v*x%P@T<M+uYuY^zT
zxXwFS_o_GJ&&icn!zWwZ;GKN;syE~B$(q-~C%?GCJGu9oH{;*QH?M_Ho^g|Rvh8(m
z#{ZK$uZK_exWzm9?R9S^M#jljH^L_WxWzkp?hS7yX2!{{ZiG!<ahrFt?@ezeR>sM*
zZiY>cxWha7?@ez;_Q{^N!Y6aw<(<6tmNz5k<e#^~C-1n+J302YH>gs(9X>hZ9`9t{
zJKmsb?N0b)iTk{h_ulaaRcv>|C!e^_J305RH>hg68$P+>0q<nld)}bR?Oym~jfcFG
z&))L}Rd4shC*OF;JGu70H>iTUA3nL`5$|N(2i~A6?m_rui^sf^?>_JbRdNr(mE6N{
zP$l;eT**BO2UT*9!Y6w?<(>TYkvFKCdkn7T9*2XfxyRsY?nyYPntKAS=AMLus=24(
zlQ~}SPG0-e8&uIf4WGQ@1@Gk8XWpQy?pgTcjF-HVd7pcOD!b?5lO<m9PTu?68&uuB
z2%mi774PKS7v7)>??w3Jir2i8WnX%Os=SxslQrJ(PCon68&v7N3ZH!A4e#XISKgp%
z?-jV(dmRp{_FjiGT1~$AIviB#y$NTuncVm$98~4K31_sMZ1^@DRN=i1XLOkS@NGD#
zx_cMS=rnoayKqot_b!~#WwPV@a8OnEKAh2Q^2hh#po;E8IHSkpg&)E})!c`0Mz6_%
zAHx~FC$Ib%&ge6l@l!aciu)AK=r?)er*KdO_c@#~U~=N;a8UL3Ih-+Qvf!6+#^A}B
zU&0wfCLjC~&KNpb@@x3y8{c^+*M0?8ZC}GDcl_X;tosdIwS5a`jGBD$TR5m<`yS31
zGr945IH+3t9?lpy+3-g=s8ah8&X_Ry;g9aA1&lq@1GpJ^7^hDD_%nQRf*6Y;Y$GBM
zD`e$As0|NW?eE9Rz`(sZ@b7s>kWyaQR=;z+3=I661OH|-PImaq!*o(?v)|uuOp<;|
z;3>lfkO{CIWMHw$fq%Dy4d76P>@pBiWnd849Qb!P*jz5yHmpeP>F<~r-!YvO+kTIk
zQI46(&}#ZWHpV2@8P+K33yM-pN-|T6`kbcgaWY!5o)lwX;GLc*z_^?Xwp}LMZMqy6
zV;5_L2Ll5aSZZ>?PY$rRok33FD)E6hrOs#jI&Q{WOkA*y9hni+;{+I2O}F7^<X~lp
zh6DgR#G$#R#U+W!8L2<wL25R!#w0N?a8C~Wn?Bj$FB>;xBPT4(<e5PB$Rg|kkClT1
zrwqDD6ch=ww`Yhjaye~pU}p?x<XR958s27L_!2k0CXCUx{@;HH05ynV6QB?k3=A+n
zD7fE11woUeAU<d$4Ky+f(g&Il1xbUtXt5vx1_lOIaKjifGm`)ngH4!%X8dv>V)fuz
zQ;=p*ry&)@U|?X-fKCH~rf(%63K_Ja27;RJ?-?OOeV_?c(2zeD0|Ub+sF)L!1`Xwz
zK+SW3>IF?ViGW<sz`)=N7K;Ig8G{T|&<!jIPNod}P|fa8G0?n(03&#h41)($OaL@@
z4b|%j6;p_ZX!J;#ZWqg_G+iTt(WhP*G!e}J-oM50l97So6(a)!C`du`g;yCF7(kmn
zt}`+)++bv2xXH-CaEp<F0o1L$!^psJmyv<t9wP(8eMSa`rHl*=%NQ9LmNPOitYTzf
z0F6H_VPs$c&1-_9BZ`3ml%hauu^B*75y!y55D!{W1B!!01_p*C&_*-{@QNvh^y#XR
zjLP-k&2kJ344|!+B@7G<r3?%VpzV_73=9kv3=9mF3=9la3=9l0j0_B*)C2Ng0wV(h
zXz@Z4BLhP+BLhPUBLf2{_CQnCpgxf!BLf2{CY%`|Aq@&xP(XqL2{gTJ&d9)E!N|a1
z$;coFUVIV;nqCIY27)H!8NfTNKznW(B&OetWHe{BWME*hnl2d4s9fL9#J~WW^?b+3
z!0>^Qf#D+~1H)%V28J(;3=Cfx85q7XGBA8+WMKHg$iVQEk%8eCBLl;4Mh1pIj0_Ba
z85tNrliHwJ*yoH4;Az??j0_B*1skA+4x1Sm7`8AlFl=LBU;r(jSOZ;_v4VktVI>0t
z!$QzvhD8hv44@Sqa~T*I<}olZfL4RdWME*J%D}(?T7uHWz`)SWz`y`n!~&X@0Ih+k
zWnf^aV*u%9U}$7uV9;h@U;s^C&tYU>08MhwWMp8Nz{tP=nwba9%7bRuLCXS+L7RX;
zbITwPFfcIu1x<G|GETROW|ZRdW&p3nWAFvd^)pOA6~QP~4;n&=W@2E7VPas2Wny3e
z%`rMKF)%nXF))B;OjVc|7*v@U7}S^;7}S{<7(kPjrc4YB7EBBbmP`x`pjlZVCI$vj
zHUaH95@%vykYHk9kYr+DkYZwBkY-{4=N8bkFdt}^4m3x}#J~VrMzRy+KhXLT(2A8M
z3=9m585kHAfTrac7#Ki{awb9-@w728Ftjr;Fo4z@fU+5A;uEwA12i!Tnl;s8Vqnl_
zVgS$7DltLkkU<mMptUKW)iR(3J)lKEl8g)tQj81?GK>rivWyH2&P?@?QVTQ`r_02^
z0Gf0L&4jZtF))Bu3xP^1P{{-;#X!@#ps8NaggB_c0hLamr5m6bc~AiZDo{X+TQ)K<
zFo2fYOaVEbk%6I?k%6I)5wbcBG$ZTE#K7Rj#K7Rr#K7P&{c8-Pd=O}uDv*hRA&7~A
zA()AQA%uy6A(V-MA&iNEA)JYUA%cm4AriEqi;0239OO(!1_sb9G-xVZnvsD)9JC;W
ziGiU4l&wH1EDv0ifM;((IS(|8{F#A);S~b|!%GGR2GEikYX$}e(8lzu3=9lc7#J8X
zGcYh*Vqjp{%fP^}hk=0s6dzWQJ-7^@vKCYbg9>p_=>;mVU}B&`95mJhDrZ6EF9>Te
zFo4b`-~=5&0NV1(FkLW(QJ(8Rs7T}ktqqu77{@5hs5t#;ETgj`D6fJ_Uke8C1_{u%
zHP9v{&}KFUV+IBWqv@V;jOz8E$OJ8j0%akP<3aHQid0b60c9ajHfexn8Bi9gh89C0
z<3U9dsHg&MB?s+YOoNtc$&liX0aWb8K#M|9kqBDW<`2##4B*`214^l04B%}UpiNSs
zjWFPuQ5yyZ22h3QzyMw<3fgl5TJI0qm&9Pp0A6(s=7Z#285kJc8Nlm@89-SPWL_Wx
zc#$z^g9k$}19+J@Xioq`1hjYqmC>MbISI5B15_r*GcYiK%4N`AQji1)gEqc{>c?yb
z28K)q@M>^|Tm}XPP(hu~z`y|7Ok4ylut9}1$cLZ;8&q(E3T#k811fOr7#J8pp#%yY
zP>6IgKzt7>l$t?_$pyMH540K&lpjI)5>#q|7TSR{f#gA@9H>+S83YP$kT|HM0~I>3
zAO;03$oC-ippp?3il8DDv@XsMT1bIPNKi@X!N9;U4HT`Qcm%oJnSp@;l(#@}1X`H~
zid#?y2Nf0|pMW;qf(j2%`T(T?PiPb&I}+KaAjhHjlmWcZ7`y}#6w;tjp9G43kl~<}
zeXyX11ve<@LB0c32%r)S<Umkj1trd%kV*ht+<_7;C;@{)1XL$1WPlWdpb`%x2NDOB
zhM<sH&cMI`D!D-BLDbfRD`o}|2b48Ii~c}~2~_iJU|?Wa&%nU2j)8#zRP%s}Q&8;#
zDuqBb5~yYZ849YcK&8_rXpIG`xwbMefXxIs2IK&cg&@bn90jru6p}kY@edO`$-uw>
z+TMO1vXh(PEVSGJIqU=j0|RJHA1Jy&!FQa2f#Dbf1H(}U28JUH3=D@E7#I#QFfbfs
zU|`tKz`y`1GGXdrG)UiR1_lO@J*S}N)t`Y1fE1mB#_2_9!38R`K&}MIJ%#3D(1Jox
z1MVRM1H%Ib28O%P#f&$hdap4+%6L#(0i~TA&~$a3fq?;(u0V+nlzu?bZV8HiP(p*H
zYEViA1s5o>fl?_b0fG_|EQNy-Dky=1QaUI_gVG0R<2ooBKnW6*szIqAlvZp&bvx8i
zpi>V(Ip{WYY4R<oI1ecQgMtN=8bJzRiSRxH1H(P2;>QdO43D51K!p-0F@dro2!mEn
zf}#ZEiFeTU+*<|)hBwe?cnyt0P}3Ns7v#B53=9k(7#JAdgPPc&vK!QV1qCUnv<4UH
z_5VR`0!1k(YC+KqicZi9O;FT=>;pwRC<%a~8#!s<as$l1{|pQa|G*6xNV55Z<kp`I
z4B#a98x$y@b8kRPK|ysJC>ek}@Qs0i;VT0J!!HH~29RRVR6eK`3UWWFMH&TadNVRG
zghE%}*+E;Epbm@?BLjm3XptNv1A`DF1A`#woE?xlMg|5x&}u$L1_mxh1_n-0zX4R=
zf&v2+VxXkJ3{ni5CjhM}Wn^Gr2UW~aHV0IW8?+P<)GuIUU;rKRBf`kQAO@|(K}|Sb
zP*a(KfdSOE04)(!oPIEsQM?}3c7f#wP{4yC3Dgb(HAO(p6i{;owE7g(Tmdyv3>X<0
z^cfi#KnqB985zKRB2XU)<S#u&NX-RuI;g+^rA$yO8`Rnc6(*p*5U4c?@}4OpgB7?v
z3o2DWg4T=-3|5flID-u%WaViHBcy>A#K^z^YLW&(o2P!$UDFutV?b*^L9JBKnov-a
znz#sNV1UIhC^3S16ri=Dpm+qOLr^;d<UVj(bpMZ>zCghPN_U_%2}*;Y^a)C*ptK1}
zi=gxgN~@sc5y!~DZ~`=U25LHO*q)Tm_<+$DWH0DECD{IZCdN2JJp(;M1_s#4ORydK
zU>QR_0|xjRO|U)vOpI|xdPaIi4AUJm8Ks#-8K=i(GD_5A8VxlWi_wO9V3Xm;KEaL&
zU}7}TGXmL(MUR1=3CNucup^*gM+Pu4g6uIcV_;x_oe~8*RRAi5PiFebrHs<kCuA~S
zkbxaRF;PFNS8c1Ur3m9iX7IAohWE_V=S^mmVEWBGeOeZyks0`ODF%jy;!cl$Tb8QS
zAi@fE{*?CB#YGphH^qQuj6m+5z&ib37Ndk2>|CeJoi-~>*m9q-fV^y|XUf0;J5k~J
zw31H??Z53t$Q)yx?vu?ZAp<)r%FO4?wuO_nR3TKnVx8WQ%_w08J6&qg%DSv~9IBTP
zDg>bCPj#@Y$%q%UszAsnvrRt-(hEAW3Un023HE^LZZC2VAymK)wUYSt%P{DaSt>#%
zj%~V34x@w&>=>-u&1r6i({3F^sAyxG9+1N*VFo)mD@p7RC%?SNH-rk<(OQ$O-zaDG
z&gwwO9AcY352P1%7}q>$gI$+jCPyJuyoMgv6=ZioTSiuJIYNe!efk@a%U}n5t#-?d
zEwWdigHWN%K3yS~Q9=fGB-q7;0<uRmUiu?c2=Pr1$z?P$gB^XfTSQDKwtr?53!{mi
zkqIcB!VbsU`v1)*E~!(h2$?Xx>3cw?!;aHpE4h@CbM7+}Ld9gh=^t_#CCp$4a9Mn)
z_U995zlcx)JEE(*|L>gb%7U*DGN1XT+vPDzn86P9dgiFg@zvSo2tozy*e`SSwH8Ld
zFSsFOLinfm<S|Ofz)uRhw|`;#mqsasifR1Q4}eUEoh>F?<<I!E=4t~%1?==O{zn%L
zb^e_GgOGW_Kb<e1QGzL5Y<f-uql64-ZxiTTvb3A_n?iLho-#37=oy-V!fuAx^q71`
zEv_A64B&&rxW%VW0O`~epKj32D53z$Hn4-7?kP$NaoO@QF)_v&=own-88C#2PrsMX
zC}9Ra(y8ucc~RuU<xGrm#*i`ub|jD(Yox57Z1YJbMoXy8HR97J)G&(58#6G#PJoJP
zSFEz!`t2yh0y8}`hS}oN6ABn5WT2;9HGH|HEV^*zV|%a)a8V@0H=VDBQG)5L`1ExJ
zj6O{F#i#!%U^HTSB|hDtkWoSgcGl4BnJW8yColiP#29A*aT=Gz^u8uWiRm?kjDAeA
z64TEVGD<M%NKDV^Wi(>4k(j;!M7v8&_bXyFl7XFf7AEC!QU2rRli)H1TxOR`OrKN4
zD8bY$G5tdoqXbir#Pkaw{%ncq1$~SX)0v7HrI;Q{OqVNWG?IZGyLN!@`AYZADIdYc
z7=a3&FA~#piW!ZV{z*(<P|PR+)gd7RJGjkan(h?E!$K#S80$cVumJ-D#7qe@*imhf
z``@w7x%XBBY^I?eXgfOe(6;cvE55OxPCf+77=WTZNP4<W38Mtl5t->>C5%Qgu+!MW
z0#ExT3T!#f#29C$2Uhu8cKVVMMjsj2xorB&?G8L^O{xXQ0Js8al%LL1%IG5lJCQ9{
zQ!Z)Mlq7#9Mq@~=#-O1%y`+@Uh-tCn^uB&Z2_{&`-zsGkQZZ2i53x1C&Rt79q<GYQ
zhU8Z!#yAr_V~}Gt6sHT6F-kB&>FG{ojDAcyD$_62GfFTus!U%~#%RQ}Lv{KCkfOt?
z(|>{Z-D=bI${8h?ZmCW8C}%VRMQ}|yqlAn<^t`p39cusVqB}Uj{s5<>WcBGAKq_~N
zPwQb6Wi?=6SgkqzUpeCzrZ-yCXVfto!K3(x)^w&yMk5*6k!h<HBNqK?{jY)uUnQOC
z0hNprGO)wcUh^nOayO|Ofing;TvzK(UssD{CYQwYOO=dTOiT5q|EpyD0JBR5YX$;W
z&(H+M^i^-VT{WYG4D6h=fV!MLcQ$Tb!^9Y8u4kYJK9>xXm?fAXiCIDhc0QLRTeym}
zM%ff_7?^>A`k(mp1J#TYOt3`VCqDg5H=_g-ESJHu2`rH(iBGQs$wRV@1QR4v!*Zj9
z4D5`y=j$pbhCeF&4vtiCs&NvZeh-vy!J#by%dSk2az}y*Rt`Z60Hz>`=~bZMLJPL(
zziJuhV2ht;p!kBOH$1KY+m001VsZuy1QX))E%l62&;;niblqsWTmz#7(*vXF4oyh;
zA6oW8eI&vLiuE@}(-(lsW7x@bOn2I9W^@|oA<AP7<LL#Bj1tq|G%yOuzzSvb;#+{x
z!+5$>BclS-3ghVwt&9>f1Px?5U_AX?E29=G*v#p&jf}F>uQf87Fgck_=V@Y;kbxbB
zC(raKF7VyE0w%^dOFaWU69xvD#|Ya6&DStjO+V1YD8=+nYWf|J1+Wt&F$*Jgv*`lO
zj1n@iWApaw%)VtED&YmrPDXmhpo8_MyEHQzF}a&fuK>}#X4BVzbihvJv;BNv<0%2t
z3~-V+1hw?M%%?wSW|Ux>V?O;CNXG<=>3S`UK1}Ln(`#B7C1hYn@U^pR&huTo2~=Z&
z+QXI%40A1~Z)jnZfO&$6(|G!m7Dgj@{KDcD8ldo+6Bay>^AH&tiuZ)BUdO}_D&kG_
z!0i-h+`^&)uJeWUbiPhTvFQ?RjAl&bEYkzp7+p9RZ6G_NL4hbTeM1`~8<UUC^bb=Q
zC1hZy`~4J5&HiU{b|yHSz_qy$-}E<aj7Cf~Hq#Z_L21!uy22Dj38rZ_({q+H`pCcz
zygT{o+x<^H3$H+nBVz`J4K~yFfOH(NnZ98nqd2qS8Jp=J+6h?(u6Yw}rrUKu%7};#
zMkA&b_S1Vne2BLsnD`u~9{}+o>cr$s7+}W-KKyrforVeT46p}4Ee!^k9;n*scAbne
zOuc5)V>%h*RMMOn7&I6d8gPd&M4JRtyz}%Qos33IMb6W8x)_a^+MK5+bTLZE%!D2o
zxTHecT|eY5Kcbpj<2-!|NabPY=_k4vwN$P<Lrzdkg&wTBGo+z<y}*he0*s%WA&1$)
zN+?)~1uf997p~@@!WCLrVlUFcH65(@gcZB6(hporAxdGSwoX$IqOHROE4{fSroZZ8
zOas+<v}x49>KsVp=AZcVeSM7JYW+qZqYo3a>vXk#MlGi6&eMbX8LeQ|z8RLvz!=h>
zBwXZv>1UK;l60FcFoDsB$<=*&+yus1W?wwO^P>%(?>Rzey^-3;#Ha<GqJ^E0YZu3~
z=gNDI`v{q{;?wmeGD?WR&V=-wxb^nEi_LGD7_WFv517iRz{Kx0y=Ee#5fdaUxG+h0
zO@A|$QDM5+Bt{{o6tC%8lNgPdQoX0gO=6UQOU{_Y_=>pB>yF8cX-qxPj0wwSI5MUY
z0|Uer;>?DSyba6C67W0@%em0f!2@6E0G?uQzzh_U1B2<X&vd?NjA=|4e5O||fd`h@
z^aIlv&6pnhO#cHC{Ngj+U@4;(>t7!R2Jz{MlNd!=!NuD2_fr|ASdAGN{CuZRna*e=
z0y|l=X5zsp_5%uYnHYchPQNvs(TBq?0ODrQ=zzp@w;7BgOwj?;V`eb=FzpPOzG?<z
zn%#>4@D9C(<c$36%#_5U^aEY7()Rkhz=fMBsQQ2{cX)7=q0x7y<pd_iFHk+4fz$nF
zGD<KB2Tu2y&nO`SJ1J9hI^T-}-z22K!z|!|0gb@vb7nG1$QVP<*5ocrufKZ#pEkG%
z0cT#v!08ueGD?`iPUQ^TG2xe#@%JO3@f2|5iUD?h=Z|w-S~LB&T?5G&gQ{4Dw!rCf
zvlu0q)&x$sn8oPAbtw?yZD=os$th_1f?144GO!~<11_1WS!%xlRgs`ZwgCf!Qt<S5
zvlu1JV26iJ+vdHP!~6)S#buyp1PTV&F{A4XpT7Iy^7aqdZx*1+5~`O;AY^*jY{mvN
z*m<CLl;8Sau$;diTt0*S2s<%!<CM+|26EM!AQ?!Od%`@OXAYwTlT5^PwK<Gym|g@-
zzcPnWL1r8DXwVg{C89bTD}unbg3J2-5z__cGD?`i4iQz{Bl6t;nf(Gp4-IzAsQr%u
z?Op6|JHYK!a9jOB#Pm3jUf6-8l^?g>xNX0u4iciE(P7w;wF#cd+)ACHx4@~v0F)Xa
zm4w*zLvtAe>S0HbGB{_>lrnA9U}1zMC)i=7=N?(dHy0g!jF5pHXS&gjDe#3S^8$nn
z?7-6<7o~iX8;jx*GO#02ZBMFRcb-2n87jldz|in6cKWn=j6O^`anqm7V>B{@oqGDn
z{?YRtp3BaHL(D+W(1-zc4yyUV?rqbYAD)NG7%(uv((mMW$dR(o6f^DGl~%fd;s?}<
zGh&#VFuh?uqXg6Pgz2;9Gd6%axH1bEC1hZSr@HWOSYFb5p^J&J&ImFv_&Z^Gzyd}i
z8Q8I^DLvc5GVjcLhp@HRZ2G(fj1p$BgOWoN-u(YHA@Lhjg$V-#?1<JHw%FOWJxlYT
zv0%W!FfVEP8<735!&sX)q@LHZ^xp|}u{i_7wxsC_3qgHT=&`J`XP%NO%-z8aR$&P0
z*DPY4p0|)u!VKG>ouRp&p(O+CK=*@BC$10{cmEC=R)WafV4c2aA)|!ME9epM22Qi$
zx3lpxAyoWjo&Eu2I<`SOh#9bB<v9fHw0AI0IfKw^#x~t<5u=0|wn00HUf5anhZx?u
ztG#4$K<F)Eo8GgCQ9=fGy1kZ=hB0IJ<An$nv)HB|0GW<$&<<ic?8N*N-x}m=mV{15
z=)J}^oo_Ltgc-I$JBVJ`Dg3<RE-&Y;D?5(RE6zSWW-+6L4D8(goP<UHuT9+Ph*06o
zK7GPs#s(@>57Q?vWz3esJsdo3GNTj|bWC`<&oV|S(7<rUGR8F8HIt2SH<PC;tYDO4
zx{)*8W(A`J*NY9HWef}q85^g^tzZN#DVaWR1*1`vswt$VYOydq!&t%h4|Xv0BbTg_
zS#~lXGXlUzHZ(B(s@o=YTHsiD00a1t{`zm6%&q0ubJ68zfHspbFfdG#->$WiQI=88
zA-^~$KdV?jxu~+BBp=30%}dTt$;?Zi?!Jog;Ph=D7^PJpS3c<L>O&a1;JF07lJqK=
zo~-hc>4}>eWrUz6W|f!d>*{Bfm*^TyZ#c`SEDci#GhAO+AI6;i{s5z@EFJ~AhSL>4
zFsfKV&4##EUl;0ZT|>~Y5wc?vi}MU&#wBIuB^FhJ-6jFm4-wMW)rT;24X1xR!>B9?
z(*e>A@@a9NA=qex?JTPqE3>#R$b%M~FfiPZpWZIYqzGEQ_nz(dor{k-Un?j;q%0Je
Xrq_ls%1pm5%B0A2B6s>PQKn@8U!=lo

delta 24073
zcmX?ckYmAGjtP32!N&1(r<$$0lN+({_m0UDzxNp}iM_x2kFjId1U*H@{j~yOObj3p
zH8EUXsVIyQ#D-!n28M?33=9m43=9o9sflShsU-{(FG$ocVPat5WngHS#l*k>Qj?dM
zm!Fx!z>r#;RGOKS!jQ(wz#z`R&=A1Nz#zuJ&|n3nRiHE<l>W)Wz#z)N(D0OnfkA|U
zq2VHw-V3EyLg}ecx)DOxH{?PX4UtgVjfH_hn1P|e7)mQZX<jJ(o0)+@h=HNuC6vAn
zrH?}C%}}~1KPRWOfPsOVkAXp!fuZ3&F9U-N14F|lUI>3DF9U-lLp?*oY+eQiIR=J?
za$W`o6$XZea9#!m1qOx&OQ^UQF9U-z14F|X9tH*_28M>KJPZu-3=9q1p!5tLi2h0_
zKb8k#krNLCgERv}gDDRrgr6}mFbFa*G^7^iWagDHFzgd!VBo4}U}#VjXJ8NjM@v~A
zD7M7KAyL5srTN4e7&sXi8d6eI3v@G!8P<z2Fz_=lG%OQ?hzm+W_@$B%ed&@641Ay{
z6=PuFVPI$|6=PsfWngH?EY?lW$xmW<E(KASCC0!|&kd4D&&w}LWnhRGV_*RB(=zi?
zbV~~u<YXXxVJKaoo0FfMSdv<xo0FNFS;8PJ3z7F1gLq(xEX3fnoWzon)D(v7)XFlD
zhXUjv>KvdBPc1Gj$;>HcNG&d`FHJ3~Wbl@UXiP0GC`wIbV9*tVq=94d5FaKc=NEy3
z21YAFeWsuYk>?eIB)XK;q|$T-28P^XkhKg9Oi&N`D?vhNi4r6#3KB~)bhA?{%QGfF
zViv1^rVI(NjKpHyw4B8B+sY94u2X?1|EmIVUSby5I}B~A3=C2X3=Ku95Nk_|GIg_x
z85jym^D2|`Q&K;OLXzkmQHcCLQAi5eC<-y}oH~St%GWo{hiaHA3bCkF6cV7)nvihF
zD%Pz`%*|m)EJ`m(EGkar*M!8Zs}_W|(1I9vSql;#plD9aDQ2h?g~+Eu9db?^l1Y6;
zL1~|%K@aS(dPJIpNx(F~A_C?>n8RQZh3+F*#K0_uMSz4Z#A7fI!pz+*!oZ*a$^(l;
zATD}r2+4#xhLB8l+K_=kf`Ord*%0EBI}8wm(9?dZ5ya<NCJ^}zCJ=s7QDSmxF$06T
zDMUQi6cW|@O(F8RsYU7aAkDC}A7ugw`n1I2l0pUshN9Hc;>@&4hRtS>s3<XqIOKpi
zBuRNe)fcDcmZcUkFnAk6N)LWRNHNnT0`b5v1Bite7$EwK%TjYnQW+TDTQSswGu>k=
zh(wDOq}aG@1#!r6sCa5|QDOlDs9?_3P0cG~*l7jv$$Be@&*nqb=UYMInA-{xqK0;m
z0{pZsguY`3kuOe6Nd@JS+@i^!*xc%2F$0UaXO57xtL6-G7A(eLF?`+;Vw{Z&#2LxO
z#i_-~3=Df5A>p(VN@uu2{0&aO3=9lYq2@M0<tH$J>lN;XCI*N>;_j0Vv8&Y^c|i2>
zcrY-iF)%cgWr9MBfdLk7uwaQ~fRwgA43I1!?hVlg$^u2H6%2*mkl-oKECOfVlKhgy
zoXp~q+@jpf+*AezZ6Am{n>VC%{_F*Ie|<wrYFT1VX(~f<etvdlDg(naFNg&OPz%e8
z67$k?Qj5;}LmZeI0CC8}07$?E1wsk|*FcCqSo|6XK@!eNsJ>o*h(3sO7#NEEL4`{_
zLqk=53MhUUQv4wr!u%lt<n0eBogARFnLoq_I#9Yc6vEF5h4_e_38LOU3=)&d{*Vx2
z4u_;rSVH+41~LD27_?q`6b4av6G|s17UUJ^mK2v1=VT@^Fff$o7iFgwr7%2<ge3Vx
zk&ryQBob2GwMRlM$c}{gurx0vGdYuiK`;j5q00Qy<O~J|hW;3c18>AY94;Trz`zHp
z;uDK?OA?cEQn$rU{=}&!Bo_~Hpa7KK5<gjsORoNA0>s+$2@vfE6Clbm5{vW8^B5R}
zlOPd5qZUna16q@Y>MfcF8I!fR-I#u7O)lcrTYQ6?n^9u&O)-1Mrpc1x_DqKvCre4%
zF=;bRj*_%vN@kioOVW;MBh%ztl6I`0nHU&sCd*1#Gubjvj*_xts$rfyOUjP5mX(3Q
zZ}MCzYu3}O3=BSCmN*-Xl?-RChqHdOF)(<6)w!}WFnEAjy>Ql5I7^lTCYuUpt%b9`
z!dbSQFm<h*3=D2y^G?HAf?P1Ma5!r&7XyO}SlvT7OO+cYmI-IAg|V0zcqY$Muw&KW
zV_=A$JXgV*wV98BArj2G0~a&rXJ81P9IIl(!q31E3zmG&&%lrgW(5c^FeHLm8wFsp
ze1Z%N>67Ow+pq{SFr<PdZwWFm#DiIuLNL}0A()1*aIp|!nEh*o85qJrI+$2QCf`!A
zW3m^SETwA4`BQ{}!IXiafphXg7YhzC1_m1jh6aYoisI&+hT;qi9t;c(Op_m~n6p-j
zGcXuTzAJ9cv{HO>l$ssuQ*j0co5^=2t(g=hCf`!CV~UoTETwM8IZ=Xv!Ht2TfpK!8
znmOln2?ho$P<1-_p_n<7g5=~|>UNy<k}!J`CCr(2OHPi`uw(i!IeC_b9jm<*14Gf|
zSP5&UjZ%}PH0_u^N==T^v}4tkW?-<JEURwKlr25^mZlx&e2@SGLj&97L=AJ!yV48{
zW(*7stdkWD%{et?7#Qpr7#di>ymTm!4a{3A!@ytxS9w<kqK|p9qJ%l8oGe5i!{mpt
z796q=|8sz~t&@egnPoD_&97u9N9ouxDacKprDMk#EeFxY43?WIH(5&8j`O}8#AK$)
zikjw3qVkhx>Dn=c%1^$fYsWcJ9un$YlOO7ubDo!HVDJOGcA>aAtE>V8gVp4_n$}EJ
z3X^Z?*)gqEm@K7l$N4~kfx&@+p@C!aLUD6WO+`q!vVcuUR%BoZ0Gj~v{bof51|u*p
zQOcb2sUib|4mcVWb<H^il^{-K2SqApoDw9im_S}++Nd;H%FvGUvl1kLm?tM{nsd4;
zLkwdA2Xi@`2eN1-l*a;!T+T1b3=A#|3=QmH2U@5=Oo2o}feOT0h;w(VFfcfQos=kH
z&dII{30cO;it6S}&Z?7V8QXC#P-S3<0V`3IFlYUv%D@l+N_?C?Y77h}V81;SH|K0n
zgIK~eIZ?-)X@}b6TPAj_|I`>596^d%?bR6=LcwWiiu&YPrgluX)hFLFwc`}kU|?_r
zr*n|DFpbGkW_FyjG$3)pIayKFob$W}B(#~qp3&2U#1JG%x-=m%%K}a_2Q=YskTB=`
zp$XFmirGLd2oD?xtP`~u7@R=P;k=^-i9JZF6Vqm3FlS(B;G4YA$bwOOvXrGAQ>*sm
zC`&ue$Jz`GUXWl=H|NyVVPNotcwWz(vrLD9AqdP%R5NFKtTQ>v%8p4%ck(PNJEm;i
z$+xWRIJf9R+zoaqE0Z3$@DjJ?bkl>l3u1qp9>nKdAipy0)|)J4W5@bc50ngJEv-5A
z^&yHmz~0T*hj^D^@<Ls6&gJ@$cx4AAa@ME%pdw+exHXfa0oXNR29s~u+OaM%U|<NF
zEURkG+H43ag+VNKBL;>zuvnfE149Uyb;t-*3d^cmb8;9%>|_KbZ>A9A$+PV3m?juc
zzGZL6dCC};XhEq*zyubQ4>ir1N=zota<Jpv2^9pV3)asj3=AfdW!-H!Od%<a9h|bO
zO(E%(6_jf^Pnbf?VFzUeP9`%*GGm+!N@iwe5MQ!_(m7L!+2mPHc1*|2Cf{<hWBO?}
zS<2atN#A^Ol(QXYgE`FIpiFw+9O6>O$%$s>oT3&C4EEr-d}wdZnP>sAfqn8qdvn&Q
z7O)U{Z2?N^pb)aQgoQ?<CB$vuB9-a1<>XnecAVB$5Cd4jhX1mHIFS+TL<{T5QEqlj
zRo0Vdx!JLvu?7dap*5$74a9lOpy=WZv4Lc5#>t7|=A3OdkW|eG4uCy2kidbY90prZ
z#DdBs8{5fI9(J6qwh*5&f#c_q?c`e?cAOq|ki^OicEcpQ$x)tmtRL+_z5rDd=Ju0s
zdD?NN+cPlef$IlQ5KXmbU@(A`;%ercN9`er3tY%@{zdRK%sEXR7#KppHOWFJbIyYf
z5S7f66D7?#e?oculM}7XnG78#-}1I&GIp9Q<zvT`0iotPO`hdr$8^<c@+}`bCL?E1
z7%~+(Pmc1n<6Pzp2^My6Ks<A1U<d;{2~=fyxqxaX))_9~G-PPadBz2jry#Y7lq-bC
z3@W@h3tb@*#RSSKOsicdNBP?^-Eo~f%ioSk*KP7Ge>=`rH;6YlCqFc{V04=t6=27t
z>OOf^fE{a^I|GCD<XB&8&V}v}CqTj>*aH&NjNn+?<N=8_mdT0E=A2JFAU3jqN<daQ
zPX>mp$+CvlOmjUaM+Mn&p7n%iWd&(vW%OcTaF{$d+=jyoW<IDGU*`o0OQy*WJ<XZS
zy(iBKwqvdKW?(Rzd{@kxbE7vT*D!!Q#roD8)DDm}wB|JRfoKEQdYrjF5St)X$wHsW
zQlWO7_k18Jf@$(XA9GF(Ur1Pi(-dc!FC@LOf-~b9Ux;={vGTx|fx#MFKrhraXOi}t
zJS)tOX|dnrTVZybOaTlG$zVB9s%;ElU`PP-9!i>Xehq-sgUq1HiYX;<@~v<?&JBT(
z+J<3rqOUpAr@+Zk5q3;YL6c`i*s*p5F)$=gjy1DpdL1-bD$<VCJ{ab`{9uS#U>7m%
z51xE0(vI_8Ff84J8XYDfkW9h`$_1<yA)ppYtcEq~HVDhvn)6EtEbJ0}%{dK1Av`8<
zsnQPRF@mCw>2T=eThVq*>|v9oV(gf_!zM??*fGrrn>;JVj#D9=fgv2?Nl$a8^6<%0
zv39IS!$GC_U2$tp&IpLH9Fr9z%~@R|Kn1s~gf(Y9hy^KdB+Z$2Mu0QG$B4<Z;_O)U
zA{iKLC(n(yVTl5Tz}+}&)|4nv+Y`h(8U<=pf><iiphhK#)ff$G)ZUG=X1WtSIV!=9
zRUrmsLae4WXKV~4MKXizXPOl=St`+v=~2w&s6;zX!&n9eAFvw|HO!f6V<+EAv|~CI
zJ6S5pj#E7jl7Lvi^-g@;<XK5}oRi}i7<9qSoQGECoHw9Km_fA-t4=(~%b>JZ0AhiS
z1vT4_#>0{ssM6(6fEWwW;|}6YmesXp>PnbAE5(lUM*;&w8o2yXG&E<5OPnl~YR5Dy
zadK3u9q0W-NGgOhb`+8z2?tW9CM8XlO0#2~mBhf{KUp@-n)PK81A{M^WtI$MHN#mK
z;4Ik`1_p1ix{MSC22U_+BbXJNZo>j*fQ)lag-Q0nSy$mKxipw;I-Ip3je)@(Y}|J^
z%Pt)z)(U5xNoQbi1*;RxfU&~htl2P@21_ObLlh`b!J_~O;%x?G<YmjeRXkVteg8~$
zaFyi9gv2>GY&a*td5Y@hoQE=DWjcuWDHC4a>zFesWKEXJwPT9NnjDpD$Jv<$32#Wn
zx;Ja`tz0`+)@)E^11iKEvnNO8*)dJao;)khs$Q4@JWv957l;jFfM^~DaCaQU1r3uk
zFf)LM&B1&nFp0_+XJBBkgo=|u*Mqf?pn=NjA@+k^F2umV;0-pOjx^MMtQNB{FfjNt
zfM+cjiWnFe*cccXDxeMo(V$79Dh37y(ELy}R2&}-Qdh&kzyQ)$2UQ;nV_>5}8ek5@
zMuX%Vpaz1*{Xk}dXpnd_$YGPuR*O&mQ!O!Br$z&8Ko<i8I3@Lhlrk_dfM}5FJ}4iV
z200TntO$~y2$cuXApRsMA4G#v=2Vbv3=9m@pyJ3hNd0tJVx10k?o6nLSx^linsM^q
zLUBfx$+AW2oFL(aAY!s@tvHys7|ipn6=&p}ythcc9^||YATb681`rLhW+Rl3jRrY$
z3sfGN2AQ*s0X$sJa0@CAqCx8KLir#XWd1z{@K7GZa|VWba5%n#dgl#PA&3SU_zubk
z(IA69LiyNeZUzR1KhWgG#K^$F0UDcUgd`IlkgcGhZbnEl<Aw5h8HFJNd{7B~Mg|7f
z$#?7IC$rQGfTLOxsuV<nm{L$9WuQ7_L4phn3?LfhWO=B#0#qCu4N|8BvWbC#K^;o#
zK-Gh2b_NCpV@8I0&{Qac15^S;gP4vWf`NennFa|tK^^7-;xI5UV531&u26OEP}&nD
z$iTn=qCsKo1LgZL)<eR^7b*avK}<iW5B)(LP~L_b6bR)b)4U7}3~`K*RM7;LN2Wn#
zK?l^lPDV(k>VcZqR}W=OfNDghK|&K585lr?%Ty2tG?<Tt1_kwWs0A~i^h~Ha5Dk)_
z4NWbJq4G<h^7SwVhz41-f)PAs&9H?LJci3~5USx2)PPfr;GtxOn^1?}h8l!SgM#=T
zRGa`^&wx(>D+2?=V@61=_YE3!KcNo#1?B&R^8Z0C1koVoe-OdIzyPAbOeRQFGlGHx
zRHQJ0@=ZMh12a^B6dI(36+|#FFo0-~1#D0YK%@VlJPe{iRkJWuTm)<(0|Ru$0GI})
zKL&BALC7>nND@RaFff2<P)Nu@`NYs52gyU#gJ@8cC_x>d0;ScMKxGpH0|STw(x492
zfQ<%8X)-~I977O?fq?-;gY+3e`5+p^H-=hZ$^=R67EpO)8l=vWiJ=}`C0aohfM_uW
z28IAApY}Ak{G*PApxhGzbvQnnpMilPnF*51@<DYIr~s*f23Z}{0CXCZpg?Us5Qec~
zG$@hDgE-K3AULj}d_wKN`hjcDfn8V+ZqI?3q&S3n?Z0~JG$287PgeU6l>V?a1VPyY
zy#a`=-3JOekT^&^$Se>a8x4}j*8bxJNsKlC85kIl8-k!5gxv50g(`>-%ABJOKn8}<
z2H<D|aI^skYWRUl1`rJ@Mn@ZfqYXfO4L?v?0m-8@02Lssff;Z%05{)kQDK~%+TqQ}
zGI?W1I3w$1&d%`3KiYUF=XQECvQOUG89sSMJMU!KE^kK8$(dc@j9ilsc7-!?PnPTs
zXXKe&*d5NuJNaaHI3wR=#h!3R{>ha+;fw;4FZP5p3QpGS4QCXZ+}In=C_MRQZ#bjK
zWW&C2M$yTgec_B^lOOhlGm1~P><?#@m^`sRoKbS}%l>dismYEL!WpF}&zum>C^Pxv
zgm6aL$(|F#8RaG~oEXk1Kl$gxa7Km6fs?`+6(_Hp6watLnQ?MBqw?g)$>EGDlQ&Kd
zXH=ccIVGG?ZF1t2a7OjXJEw#*YD^ZK8qTOWIdf__qt@huQ^OgxCreHXXVjToI4zt}
zck;<;;f#8d6{m+Y>QAnm9?obm`Qr3&M#IUPGr}2-CO6IqXEdICb4EC$$z;Qs;f$t}
zJ7<P7noWK<Gn~<UvgNFBMvKW4XN5CbPJTHneDaMMypw%rdox;3o;f>wa>q>G$$w{i
zGulq}oD)9TVixb@wR5}~?I-`76F&LHEZ)hnbG;cIC$F3vK6%D$-pRc4ycwM*N6rhM
z>@kOT^4@vgjINV8=Z8=JF^6|@?tE`X_sKiwhfiKHmv^%40&hmo$(aknCr8ZVoqTqI
zH>3At$%WyQIp*_Du3hNO=sWr3!tlvE=JQV0UF6N^Ke=*I_~eWQyp!)P@@5R2thqRR
zvcy8($-Rrc8G|R^TpT|6#6sT5woAMjLnn7G37=fCh<EbaCEkqTlP#BqPu5t>J9+L>
zZ^p>UFPDZ-zOk5hvhOl)#^}j2mxWL6Si(E`?=o-3*vX#D!zWuT<(<5Cxi@3{<e$sK
zC%;(AJ2`fRH)G=Dl`Fz0&sfGgnRlf(WAfz4mEn^;mh(>DyV9F6bu#Cw@X0@x^G?oP
z<;|ErdFQI|$tzayPL^Hm&6qhkb9MOSh?TsP&#v}n%$_W{CVVo-D&EPpYrGkAC!bss
zK6%F~-pRUay&3Z-SFR18oUxjB^4+!GjD?dm*M(1(Si?KHcbzw5@#LH9!Y7|t!#mk_
zy*Fd&<j(cslPlKpPJX-Io3VVd<%aOd8tZr`&)wk7SULIShVaQZ*6~jE-RR9&J$dHF
z@W~zPc_;tf=*?I=*>h9)WQz^Flh<zYW~`t5b5r=_7aMpd$8Pp!Y@EDubNJ*L8+j-5
zZt-Spo*cO)e6q(T-pPBncr&(6=G+=S`Nt;S$+=s-8QUlC+!{W4#b(~gvfI2FJ11vu
z3!faZg?IAVZQhLClO?x@Pv+RlJGpkdH)HSQliR~5@7T&aS$BswWB=sJ9pRHRw((BB
zyThAt;$+R8;gcn{^G@#F>CHHK^39#$lTU2toou_yn{n#o&RyY?D|YZse!I(?ar$J-
z-QklpcJfZ1yW5*_=H!>V!zbU^$vfG1k2mA&$uswaPwv>oJNfS(Z^pTkJ@<xBw%E-(
zdF@_r#`%+f?hT*(VmI&P*nQrN3n#DK7e0B$9^T2k`@I<#PmbIlKG|b0@8rGvy&0EI
z<~$HS`Nv+~$+-u-8JADqc_4i9ihaD3We<8YuAH2CFnn^ve%{Gv4|+4Mo-BDNd@{!Y
z-pRFxycyR{K6xm7@{R+%lXVY!Gp?Upc{qG>#zEf6cMp3rZk()nBz&^OA>PToN4yy~
zPri91eDaAyypwH@dNXdF+<7#7a>ZfZ$#0K(Gj5-3c`SUg#u47hbB}p5?wtJcSoq`{
zM|dau9`|P4J$dHw@W~xVc_;rp?#;M&vge8L$ri_WC$Bx>&A5N^&lBO3UmW9|9DCB6
z@!;f@C&MStIL<qn_mnr|;mMJw!Y6y2;GMkplsDti$(*OdC;vFXJ305XH{<ciJ5PsC
zUU8Clvg{de#*>pX&xB8oIK?~p>=|#y(~~97hEL`=%{#gFtT*G?$tTZ-Pu_8wce3s|
zZ^rYJE6;^b&N#z6`R+My#*33R&xcQzILkY^_q;db<;geChfh9nmUpu41#iZylRGbj
zPp&w}JNfMeZ^rABEiZ;o);P~QdG1AT#+#F0UJRdn<2>(V-%H+%w<piM6h67*0`KI%
zm%JJ8PWHSUKH1_T@8q?Yy&3OM{&_ik@{5bSlVh)VGd`TW@=EyR8JBn`^Ir94d^|bw
zYWQT2%e<5KUiD^tI+^oY_~aj#c_-&y^JaWLdFQq8$t$k#PL{py&G>S1=JoK&5m$L9
zpS|wQ_<FMBjqu4F*LWw_-tcC8JNe{|@X0%_@lMvg>CO0la^=nN$r;yqC*Qs4&G>P$
z=B@C_5;u4!_ulem{5<*Qt?<bwZtzaFz3t8Tb#mwJ@W~Z7c_+WU?alaovgMud$r`tK
zC(pg(&GeID@~b;xlW*MOo$Pzpo9Q>h<XLyaCU@NCo&5K%H`8B+$zJ!uCR^O$oxJv*
zH`9NH$-nM}O@48QcXI4~Z$`$+EANL-o^h9VGVcR#M&`+p55gyV+~b|R_klO4PJ0+W
z`Nuup$+-`~b=t%5$t&*jPL_QHuG1ccPmXxNJNfJ*Z$|FPl8?hDb3EjoT>ID?RIfb_
zpS<HC?_}L4-k_T8N%-W9N4%5oKJf<CZBN4|OFZVC-22oURJ%P5pM2sm?_}F&-k|#J
zS@`6NC%lv2KJy0EaL>ahYdqzhJomXbsE&IcKKaH|-pRf%yg{|x3vey>A{<o9y#&{C
zFT+8#+{^IEFP`&Gj(z0~s^?yT>$%tApnC2#xSo3*4yxzgfa|$8;h=i%P59&$uXrcR
zzV!yxbZ^5aN4(~peD<w3sIGe#KAGbU@8sHd-k{p<UHIf3Z+Iu`zV`;zckja|XT0T|
zeD}RKsK)ycK3U=&@8sSO-k>_~L-^zq?|3KMe)I;_dLP3lSG?z){Pv?asNVYouJ=BL
zGg?l5`6-;yYO>?!a8RxHIh@gE^2g8NpgQkMIHTR<g<rx!HQtwSMu*9PU&BH5-PdqN
zr^$@p!Wo?>M}7-ubeX*ITR5n$`yS5dHaYQoIH;!k9?s}7S@1_VsGj=~&geDy;E!-n
zE%!5=(Pwhu&u~y3_cNT)Z?fXAa8M2RE1WT4^2J}_p!)51IAhS{#^2$f+U<8ZW5{H~
zKjEOd?N9jRieJ2w-~IvDZGXcjYy9S&JohiSZu{Fk=|2zC4#vrR|C2=ZnIVggL49)A
zLgT{eiIR-7w+rwxS};z&AjUF1hLMqj^&>X}1OIkKamH-0Aa5#kJJ1^u1_oY`xIEKz
z0ba%vU>z4&89BrX6&S$#e?Vr#cEA)WOn=A9xQ|y`8M5fvRGEQ60Hk|2#8lXhks3_~
z2EOTv;*9q}=3!bknQ=P@H)97QYlsB{1Mg(P|KZc$@Gx?)?zTiVub?Qkq$D%7XrluI
zgTQ3L|JoqqxKiP6pZ<@JaT9Bw3j+h!^pC8J)gWn3&?Fpa&sg>Jjr@%DlUg<40p<jf
z=bi2aar{Ei(t42N*%`O{2r*t@<b|zK?*Xk@pU%k7xP1Br5k?Ls<;d-F;*4AnKjxMe
zmn0@<q)NvzFz`SW%@JedV69JJVBiM1A{}H4CuVeXfb}b)SPz|Ohix<1!3Z^D`u0DP
zj9gA!JD|JieuPg?k7cw4jcWb-4*{T-v@~?wAJp?g=7Zww5mXQ~fd%4&#&bZ!b0Bqc
zP<@~wyI_z2Xw(!c1{!4#gNlJBwLr#zrf)!N??Lu6C_)v2X0M__vY@GU=tKl)GVUpK
zRz#H%yvG8Rh!|c##jK$;7Xt%>7F4e-)I89{9v8@^3=9l*P%+T3t`Jnro{_;DJW>uC
zD`tgihRv4ofo235!4V6dF#}11`WT>@5|C#=vt}SMjR+9Qz+e(P{a+lT+H{3@MxU_z
zj0_A97#SEqK?a)JInBtxaE6hA;VdHq!#PF<hVzUJ3>O#~7%nn0FkE6}V7Sc4z;K0;
zf#E760|RJMX$~U;!(2uNh6Ria44}!TS&R$}GZ?3PB{51lhBAOxS%H@BFhnpgFhnze
z*R(RkGB7a2Gl17EF(fiDFo1$LnSp@;wEF_ILne)ZfdRCsEMq!j0;95O5F-OaFe3v)
zC?f*{C{2VjGBAL=63NKG5XH#A0E!6X=@Szeg(E>>Y{SUF018)oMg|7ZOrtI%1A`tT
z1A{&zWUSYRfq}snx|9Mm*#H_MSBB2&s)A-iKr@yM3=A3!3=Eo}xME;n(4KxUfziCa
zmI*Q+^@Ndu;Ta<X!*fOkhL?;C46hg&7+y0nFuY-8V0g>O!0?Wdf#E$P1H%VK28NG}
z3=E$b85lk@GBAMV9YGUicNrPL6KJ;>85ltG<e;&~l?)6Fs~8v<)-W(IfF`gPF)%R9
zVPIgG$H2fapMim4I%u+H1_J{FXd-<w0|Ubp1_lPuBz!*u14B0h14AnVXoVC5Ln8wN
z187JXG^`9-ivZf0SHi%+Pzu^W0@;ts0Gd{u#K^$V$H>6Y&&a^g#>l_`nluGXn1bd$
zK{K|RjF5EtkAZ>V69WUoXV5hE_vwEV7?tatL6ffx3=FOe;N@Tp?hN3i;-JO3pyj&Y
z37kMC28JLe28LiJ1_o0m1_m=G1_pB`$aIzz69a=Z69a<`69a=R69WTiW=WfgfkBUn
zfkB^%fdMpk#sS(N3))Eo>LD{RFz_)kFz_=mFbIHVjRct(7(kf=G-<~Inmb`)VEE3+
zz_5;ifnhxZ1H)Pd28IO;3=E*f0-yy1pj8H-l?QDM3=HiI3=E*P51{e&TIj4WC{KZ=
zr^FZ;7(mlkps6iT*Ibc_fdMq%Ccy-m=mX`c4Gi@R46_*+7&;gj7(ip^pc!=mMg|5U
z&{QQO1A`?K1A{mt0|RKnO__;-0W>fKny&oA$iUFTz`y{SUk4Rm5{!_!H_(I}Xxb7~
zG=YjN(C{i~S`<{8fJzV0(DQNz1_sb72hg&NCPPLBhGvjqj0_B*IWud}t`jB(23sZu
z20JDO274w31_vev21h0a1}7#424|+}=aLzXv~-vl7<54nVq{<d%?g61CIvwgy^IVD
zzZn@A5@I1GL_|8MgiwkB<*=U&3=E*P3Xd5W7#=Y&Fg#!YFIi%^&%nTNj)8&UECU0>
z83qQ1(+ms@pt13-3=9l&L6iH?^&_AX3}mVzbU_5Dj0Kgw(*v^^<+=WYN=;B{$~N6G
zmC;#IfB`bS3@Xz=WgVyx1Q(7B;N?~fEYp{!GOE{u@}@d8uY&Td3UuuaC@*hjU|;~{
z6VUn*6KHgUq8$|Spx6Sf!>NR>&jIBLP~HIL5hKvvL(o=MXz2qgnLwpf9JJH|m0;lv
z3=E;5j2ObezyPW}{GbURlmXnJ83L3!oItA=7#Kk7hCw?@KwC^0Ky?>rmdly}ykr%$
z2?Mn39kgu&JPT$4U6*CY0A7s?S}P6OPrv{&&kK}Jp{t&JK<N)uf`O{EK+tq419%}k
zXwfdXj0Nq`1GzSefdO3Bf~qtSP5^CYgqE|gG8a_VW-%}@fVPEYGB7Y?GcYjZFfcHH
zHa>zpn9sn#0NMx)+L>9-z`y|7(q|5;3v;1`I4DR!xe4TZP_YBbRkjQa44~o%l)FH)
zP9XK5VhL14fr1ny56Y3C3<NR<RM>;WLB$!!98kpp3Skch2C(lz>Or~J6k6=ngUUZp
zkb}w}P<aR{L>(Cz7(itqC>}vBw_$)RS^`B;4>WE;<s>KvfqVjr*G_2q0Hpy?l!2lM
z*^%bZ^Z;`l)T8y_0v6e)pr8f?JIDf%;h=^XsG0)>JE&R%1vjW_1Njb=ok1l#$bq25
z3QC-tpk)=PCIBT`Pyz;73MytmWf({tRE~k<;z98bTE_%R7@$H9R7HRcgeeBaJ%|m;
zhM=m$0a_@6s+biF3=FWc1Xj%~VPIfb%D}*|3>w^^DhN~+t%m9Y6{etq6=WvJG4Y`I
z1X&1jJ<L@gNl?j(?9xLF3=Ah37#L14Fff2J`7vl20dm+u1_p+m&|D1)y#ovk4Eq@v
z81^wRFzjVuVA#XJz_6QvfngT|1H%pm28QiO>g$m;9${c$09kYxs^BP;4^nd+v;gG)
z|Np0;g%qfO0yz>S2U?*8N@SoFTcAP-w36#40|Ub~=qj;GP`&4&X#|v3KxyY9DF1_2
z!+|yygAx`f(SZ^WDBeMd4^-*GQZ*={g5nXB*g%OCls-VI9G1dC2^Ew;K`9-Sph4*a
zl&C>b3rdinL=8&)HVoh`D&R{0|Nr{`|F1%q&|LwoKw)5DxD0hI$S0uS1SLjL7K0_i
z8w?B#*P&`bTe@#U)q_$zC@q1qA_zZ(MhVCh&!JfybdJJPXf!+lMWHsdYzJuu`R+9X
z1H(%O28I{V<^^aK9>^i^a=!jQ$W5Rq1w}0=nnBSCS`r6}T2P>Yq8*e3K+%nyG;p~A
zX59}41_sb68{eSG<|_jO1I(?URtqS}eF0^d4-5<pZ$aycKpud)|2+c(18CjdXJ``#
zwB`=fvIMyw)Y1gCI)5=RFo2pwpo+?zk%0kJ_kt>LZAJzLP~8bycgGECeKRsJfM(M<
z7#SGYK?~kM-2zaPA5^!3G7Km%Kmi6y3ZO-NAWQy&Vgb}fXJlXiwX^<%7AAoVVqjok
zVPs%n11<kzWMBZT-2*M?gS9k3{Rfa7C{#hK>_D9rkfT5?3Q)@f)Qk~jWMB}1wn{{W
z85tO083d#W6l;>xFXk|c=Ysk)ptha{BLjmns6_%=%f`sS0P4elJO*kDg4_+lpb`U=
zG!3BbX;5hbYF~re*&zRc+S#CnD+q(cOhC;kMg|5WMg|5`Mg|76=?ili?dw5Z98eP-
z)KmvG*{wj0CPoGZ3q}S8P-`DFyBfgAzyMl)M_dFmFu>v$lomlfg%D^kg3=+V?E!Kg
z$P54f|DPU_%_!miA32$U!UUB3KuHsn6hX-plw3hc6qF=E$rO}iK}ibK|L8~uwP_d_
zLRM^Fl*jmhar%V<Mk%K64Ab8fFiK44TgNCh{o5?Y3o@XFEa-rbiTY8!YFlkBMHs(;
z8i@=H4MI%Q4-_#<Fv&4Z|1+CWV)~~dMk%IQOw;*_870hMXT)e<U0ifAds7S(W1OL$
zk)9y~1MIMsd-wLwU2U}2l7-Pg&&W{El!4(W^YoZvMhO|%@hs1$m3&%g|7|xy#Y^Vt
z6F{c_h91~r=5uD-!bw}I5Gr6tz8E;oir>!0&xDXsV3~doq!)HbOb5%FjCet-3WN&S
zF)|#2cG^1_r<_5^M6yiRDPfe5fgL;}@#~ji&?&Q2go;L%=?Nu_5@xWC-M5?5+zhAP
zI*3pKJIzK*NW+-1`|(1A%wCr1>p*&8=if}Wexsb#JF5es0(L^qiEj<^HA_M#BV>NE
zO#cIN8SG4*AiE3NGO~ip5h_$zryG<qN|?b;;aTmL8CztpJ_n%!c1}-D!lM7zChl}Z
z$fU7OuPbGgU^3;IKBJV;h{=g(`k7Kj37J^vc{N-Azxl)^bxM_m(L~S4M9+YMp^|4>
z8KZ<5?0_4#l1nK$=RPwb6u^$a*{sSEYw)5~7$I|&XSyFqFYM5q?*6}Xwkr$1La2Zp
ztMemnW}V5LQ~wb%mb}yFlrc)kzz*UuS6^#k^!tJvLPa_6^a~)<VMq6b+}ppf{Y#@1
zLIvb>ABF~d_Q15Fj*}?}nM=IW<;oc)%wXpM@jtp~sPpIaAA}0ni9sDjv(@i*c=94-
zx<saL=wOtPft^;8cGG@SsIJ9RCPoWALsL+Y?G~B7pqx=l<+cdq@CC>TD+~?AdqP*Q
zW8(kF#29CyX9QB|BRajHl~KeBl#gJ?t=v<T6ymbwV`5^AGte`%)H8se;3CNut|F~b
zHU%sLl3-{Roo-XXC?NwoxI>IJQr1tl`6LsgCDbkRMW+{3FiJ3O6rC<Gg;7k-i~)8K
zjg_Hyh*abKHQ<bF0LsXBM5pfqsWs)9ZqUyt%4){I@IiF?yB0=?=@X_fnlLemO?Rkd
zG?Iaxw9~h6Q|RB?^Pyn>7=ZkvC^o&Xl2L+5S8V!<O2#xM2eIh_Rg4l${$kTNOl34;
ziWi$6SH)<=lqEL(LNlYpbc1P(QcR^{)AzM9N-)h5oBjZ#c$wIAfp$g-8Q2j=q5>Ot
zSM}%306P?%CijU=*Q;hUVqy`W{;!%*VtQ3Iqm&Hngroy}&sVx{P6357sDLtMU=SCd
zzM-1YNCtMsQpL`%=B!qptC<+%jPwlj%orG;2FbuqU9y;_J4NxZ&`Bo7Is-khl~5H-
zf|ApHY8WMCVCO4^2VU`w{dDpn*m2-6D3zSvP{Sy}^jvECtQtlmCSjTB=RkZpndvWT
z7=2`52PWw+w>$8xHK`UHn}(p!TOvC>pq9~xDL`)eyjn&HCU5!aJ8Bt?n2yO$k86j7
zDq9_+mP)t+=yVW<2H43*iH8)Ay3dgO3XTV3kV)S1(;t9zK<Vjib&P&8umg}BMDNeA
z+Rp*98038e28Ja{(?8TP8p*)UJo3{&v`F&QVG*!_V5dD(o^DsqXe0wW4JoNm#nyqF
z-vSzhh71gURi^jUGa7-S{6IaUgbeIlq?;XT|LmeWIKkdD0VT6G)#+bAW<gIrYWQ+X
zS#;sb$M#?qVCSDxpYGJaxP^&dbNZb&Mk6L@ieQq~obJ}hXk-RE>S(oM#G+rV|5Xry
z4?7I$&5xwJ@xmM?U>|^^<+9fFb&ZS?Oy{(xpJ+rfQ&()dSQDcb#|a(Ckvrg|KE0-i
zaU0y)siM>Uni(aSAjwXGNkVt}xoM0N(EK3EY6Lnp3zV=WU<um{c7hH{mNf%K4eack
z*)vu4`A%N`g^4lFLJu6qu=Eefs^BsjmJOl#2v3%16`j7I1)kF+m>~IHl+^&9he4TA
zZz`iCqv-U$$&3<AcSNV#v@%NI$<2_`Nx}?w`GvbIfn;hU^x&Ru*Ty&pTfAzuqb78{
zsf-dbcvHw4P#Hle3m7r^D@_;aVDyoJoxOA<(%?H+&$fPWngM5RX2a<<paLCtc>^u-
znIHioq5w)zu(O>eZa;iDQ^~LcQT*!|PXE^d%D#rvB{~_kWMI_*dW9jtm~A*cu9H!L
z>9pbWhE7HaCa6vs*!fX;a-a8Ky`f@>F#ECL^a;I;TC89*rzdtY%1)Q+Vl-h&HJTpK
z#V8>II}%Ht=}}zZyLSaljB%EF26`q83{YQU*abU<>-oCMiQ$h5zk_oOxN?HJYC20d
zqZFvzQ|M-tFvDH$!4ARdPMNZC&#ja9p+$oc14ER_^t^6H2~g?Z(G4p7O{VVw(Hl&r
ze*l>YJD1D$^MQ@01WYrS7~{<K3_(Q&?4&N12&0g*Y^#nkF~*tdf$OUMrqk_u7>$@V
zn@un3Vf110GMRp$hf%@|b~INzyXHLK#haFcquEf;l7RtsSeLcDM_kn;FK@7nk)9C)
z1Jt9i;Ggc$%P7SJ3olsQLqnbm9P$hd4KPi5qSNp7GD;ARGq_G}tLbiij6R^2^^`tF
z7bX>}>9_hA6`1m^rvK?<lwfMHn(j9N(nd4rXEb7(Z#8W$qXg4>tLb(9j1o*ct)_2S
z&*&oqJN)Y8t8e!|^(?%?#29C+XP{@yz;M}W8c6?RtLg9NF^aJm8osxhUN;BBWKmEB
z-(ofW!%{{u7E=ajtv`L^1V&k=)3(zuOkk8SgPjXi`El!w+xC0vpk=g?2?Oj%u>{X#
zZl%u9TVU(K<rvgR3lj#|F=G$^on5D4!V9UvL2Vrd+~z`bOH6N>$SB3M!DRY^iHvbv
zoetp1j|OO9gMtX^>L$nOHj@~Qn5H^TFPOw=Bm+Bg%>U=%t$SFKW<i~0!oaY{ar(YV
zj1o-e9jD&_>3HTioo6zmmfbH$NWl-A$J`mxP`zGY#SZ~SQ76b5R=CSQNP!^1lnN<R
zWv~|e=AdF9Rz6P^oqh*Y`XZIj(DGgecVP-GszI%GSdD<CVJ15L_7p~0GkmQx@D`5-
z%&JFMY`Wf5TDR9=6{nF5mO9W}51bWs#iq+lXY^rGbDo|xol%SFm*ezl(;2Ohn?P@-
zGfK$dE%y~>Fd8x0xJ(b3!RW)3;W~ZM48~bZ;_lP!W->~6z)s?{i(}ez<vquJCPppL
zXa@tRo`f9McH*VUn$ivT-XLUP=g)ag+<N=o#pbt6jNjd-&zs4pz+~hx{lH8{BPM8G
zn>LS8kIC9&y1_g~h3QeV7=@VHJ*MZ)Vl-my@MK^Roj!j)qbOYd&Md}PMEAzi;Q1ex
znU7md|F@n|0%kRfp&=v(!%7GVSiu1;4$z7hJ=_67mUo$+c})*n!<feO*=zc~HSi$u
zVPf;1?y#28h)LXgdck}~EhYu;=?m5}O0cR}F))Zv-#?2{iq)8bq0oE!jroj5BCw<Q
zY9=0xVn3iTmx)o<XS&=1Mjxg^zv(#(7>$_f{H8Ae@$dLef46`!jfvZTde}ln1vA)k
zfd@w!8hvM4PGDjb_lKl+*r9lg+8iDe=kuM1)=Y*B3}*h*CoE@_ka2(>qo+BY@5O;{
z5>j9l;2{ie|LG4FGD?`i4&LJ~ORv9r|DQG!W1N{DxUmX5nr}t^wcQsBc@@BV4M6ou
zvHx_vMT`<=z0lMBew^ddn(4Rg8WW>|o-wFSW`Ldl_efxo_v}@NK}~W4JtI&Ve%^n2
z%_2q@m9PHbO^*$@b9HLK^e2lLjbvbF4hCE@RkPH7;{`7HKrIyp*TCrwiy<k+XECFM
z4D3|G^@UI0{cw5v2kc@CP<;ziX&f|t)?&s6rkv2}GD{dGWMIb$Zk*D2!9cEB6I6FX
zat%Av^nfLd5={1C)3cT^t^vh{#8O5DGuU~7D_ToLbv9N6f$abn{jd`Sm6aZ*G8&|S
zdSQl;2Jq{!>3K^TCCt7;4<WSwQJ}qx{cQ)h(gAlJV8<0o+Hx_Ou~%||LK5t725zhA
zdzLav$Y8COz_lWzVo9rqokYmsoH<j<v{8eFksF#$U}qJcdt@EoTy*p?LS{)Mq$b#C
z#}xR&lX(F`26o=zj*C)0$&E$v2pQOkh_)wHuRG75m<*L+WngF!jG2CG8KVzVf6R1^
z<%~v5H)5v8fRZ8T&_mFfhvo;nw@q_?2ur92@Pul%Ef#XH<TJ%gyLP3OE})12weO4=
z4#a_%TQp=8ulxUte|4q^XpjNiR5}$m{oZoM22k@WVFjav4D9Gc7yb>)OL{MKF)`K|
zK_Wmde)^OZj7DZ#;voYUDLvc5GVjcL2aY^&Qi2_+8k+Ft|E~#&-@r29Xx(5k{SU}=
z*a3|-Y_YR#dzR)QlHtLG=>{tqC1hY{G&XNYJ+EcyzZ2>Qa|VW+3DZ+nG8&n|PHUV!
z^ORI!?hbCS3PVtqf*tUjxzlEa30v+n(8!jdxt^gV!*%BAXF#UIj)Xq=bm9tOarf^C
z6~CFMtzwig!#1D@F#>kV^rDq@S?@ShFCnxVvrP8`>BTmn2+<2Wx%vcqz;w44xrY#X
zb6KX(S;Z(J13m1z;Sj?+ceR&H4hR)fS*BkAnT~Bh5n?**0PQ5PKb-vXBHs{tFS1OR
zTg@n8hHXF*q8D~3_dIEXU6)@bM<Mj`u};rf%_t!QJI0$=+~wuGb!Ep9Dy&$iF94~)
zHlPSGJ&kqxmDP+56qNqcudijy7Qr?uJw0q4qXH9jRC@Y^b&OJ=q3Jd27}H2>D>K3B
zN@!IGt*sF)<LN0I7^RqgXH9R|z$n4B0JP(rfq_9`<@7}x7@elS*uZGO<Y7ErY9phZ
zRkt5_IY0x`uexngrv;A9@?!w4scNYI#>w1TemxgmK42weSUy*Dd(lQlS;pyWH!&XE
zuDg}7G>dD6C}=4H1H%T<>1*Vf6oucj{l0VYG3V<aP;mh<rs)~6j55>z%QGo5z0RJl
Iq`<Tc08~h;t^fc4

diff --git a/migrations/0001_init.sql b/migrations/0001_init.sql
new file mode 100644
index 0000000..708d65c
--- /dev/null
+++ b/migrations/0001_init.sql
@@ -0,0 +1,12 @@
+-- Migration number: 0001 	 2024-11-19T11:13:32.513Z
+CREATE TABLE user (
+    `id` VARCHAR(32) NOT NULL PRIMARY KEY,
+    `name` VARCHAR(32) NOT NULL,
+    `avatar_hash` VARCHAR(32) NOT NULL
+);
+
+CREATE TABLE session (
+    `id` TEXT NOT NULL PRIMARY KEY,
+    `user_id` VARCHAR(32) NOT NULL REFERENCES user(id),
+    `expires_at` INTEGER NOT NULL
+);
\ No newline at end of file
diff --git a/package.json b/package.json
index 7adfc85..49dd5db 100644
--- a/package.json
+++ b/package.json
@@ -12,6 +12,9 @@
 		"format": "prettier --write ."
 	},
 	"dependencies": {
+		"@oslojs/crypto": "^1.0.1",
+		"@oslojs/encoding": "^1.1.0",
+		"arctic": "^2.2.2",
 		"leaflet": "^1.9.4",
 		"leaflet-defaulticon-compatibility": "^0.1.2"
 	},
diff --git a/src/app.d.ts b/src/app.d.ts
index fb61326..e249b04 100644
--- a/src/app.d.ts
+++ b/src/app.d.ts
@@ -1,14 +1,20 @@
+import type { Session, User } from "$lib/auth";
+
 // See https://kit.svelte.dev/docs/types#app
 // for information about these interfaces
 declare global {
 	namespace App {
 		// interface Error {}
-		// interface Locals {}
 		// interface PageData {}
 		// interface PageState {}
+		interface Locals {
+			user: User | null;
+			session: Session | null;
+		}
 		interface Platform {
 			env?: {
 				TCL_GUESSR_KV: KVNamespace;
+				TCL_GUESSR_D1: D1Database;
 			};
 		}
 	}
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
new file mode 100644
index 0000000..8a2fca5
--- /dev/null
+++ b/src/hooks.server.ts
@@ -0,0 +1,25 @@
+import { deleteSessionTokenCookie, setSessionTokenCookie } from "$lib/auth/cookie";
+import { validateSessionToken } from "$lib/auth/session";
+import type { Handle } from "@sveltejs/kit";
+
+export const handle: Handle = async ({ event, resolve }) => {
+	const db = event.platform?.env?.TCL_GUESSR_D1 ?? null;
+	const token = event.cookies.get("session") ?? null;
+
+	if (db === null || token === null) {
+		event.locals.session = null;
+		event.locals.user = null;
+		return resolve(event);
+	}
+
+	const { session, user } = await validateSessionToken(token, db);
+	if (session !== null) {
+		setSessionTokenCookie(event.cookies, token, session.expiresAt);
+	} else {
+		deleteSessionTokenCookie(event.cookies);
+	}
+
+	event.locals.session = session;
+	event.locals.user = user;
+	return resolve(event);
+};
diff --git a/src/lib/auth/cookie.ts b/src/lib/auth/cookie.ts
new file mode 100644
index 0000000..68acc60
--- /dev/null
+++ b/src/lib/auth/cookie.ts
@@ -0,0 +1,19 @@
+import type { Cookies } from "@sveltejs/kit";
+
+export function setSessionTokenCookie(cookies: Cookies, token: string, expiresAt: Date): void {
+	cookies.set("session", token, {
+		httpOnly: true,
+		sameSite: "lax",
+		expires: expiresAt,
+		path: "/",
+	});
+}
+
+export function deleteSessionTokenCookie(cookies: Cookies): void {
+	cookies.set("session", "", {
+		httpOnly: true,
+		sameSite: "lax",
+		maxAge: 0,
+		path: "/",
+	});
+}
diff --git a/src/lib/auth/discord.ts b/src/lib/auth/discord.ts
new file mode 100644
index 0000000..6994872
--- /dev/null
+++ b/src/lib/auth/discord.ts
@@ -0,0 +1,14 @@
+import { Discord } from "arctic";
+import { DISCORD_CLIENT_ID, DISCORD_CLIENT_SECRET } from "$env/static/private";
+
+export interface DiscordUser {
+	id: string;
+	username: string;
+	avatar: string;
+}
+
+export const discord = new Discord(
+	DISCORD_CLIENT_ID,
+	DISCORD_CLIENT_SECRET,
+	"http://localhost:8788/login/callback",
+);
diff --git a/src/lib/auth/index.ts b/src/lib/auth/index.ts
new file mode 100644
index 0000000..2f5b7a6
--- /dev/null
+++ b/src/lib/auth/index.ts
@@ -0,0 +1,15 @@
+export type SessionValidationResult =
+	| { session: Session; user: User }
+	| { session: null; user: null };
+
+export interface Session {
+	id: string;
+	userId: string;
+	expiresAt: Date;
+}
+
+export interface User {
+	id: string;
+	name: string;
+	avatarHash: string;
+}
diff --git a/src/lib/auth/session.ts b/src/lib/auth/session.ts
new file mode 100644
index 0000000..11256e0
--- /dev/null
+++ b/src/lib/auth/session.ts
@@ -0,0 +1,76 @@
+import { encodeBase32LowerCaseNoPadding, encodeHexLowerCase } from "@oslojs/encoding";
+import { sha256 } from "@oslojs/crypto/sha2";
+import type { Session, SessionValidationResult, User } from ".";
+
+interface ValidateResponse {
+	id: string;
+	user_id: string;
+	expires_at: number;
+	name: string;
+	avatar_hash: string;
+}
+
+export function generateSessionToken(): string {
+	const bytes = new Uint8Array(40);
+	crypto.getRandomValues(bytes);
+	return encodeBase32LowerCaseNoPadding(bytes);
+}
+
+export async function createSession(
+	token: string,
+	userId: string,
+	db: D1Database,
+): Promise<Session> {
+	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
+	const session: Session = {
+		id: sessionId,
+		userId,
+		expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 7), // 7 days
+	};
+
+	await db
+		.prepare("INSERT INTO session (id, user_id, expires_at) VALUES (?, ?, ?)")
+		.bind(session.id, session.userId, Math.floor(session.expiresAt.getTime() / 1000))
+		.run();
+
+	return session;
+}
+
+export async function validateSessionToken(
+	token: string,
+	db: D1Database,
+): Promise<SessionValidationResult> {
+	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
+
+	const row = await db
+		.prepare(
+			"SELECT session.id, session.user_id, session.expires_at, user.name, user.avatar_hash FROM session INNER JOIN user ON user.id = session.user_id WHERE session.id = ?",
+		)
+		.bind(sessionId)
+		.first<ValidateResponse>();
+
+	if (row === null) return { session: null, user: null };
+
+	const session: Session = {
+		id: row.id,
+		userId: row.user_id,
+		expiresAt: new Date(row.expires_at * 1000),
+	};
+
+	const user: User = {
+		id: row.user_id,
+		name: row.name,
+		avatarHash: row.avatar_hash,
+	};
+
+	if (Date.now() >= session.expiresAt.getTime()) {
+		await invalidateSession(sessionId, db);
+		return { session: null, user: null };
+	} else {
+		return { session, user };
+	}
+}
+
+export async function invalidateSession(sessionId: string, db: D1Database): Promise<void> {
+	await db.prepare("DELETE FROM session WHERE id = ?").bind(sessionId).run();
+}
diff --git a/src/routes/+page.server.ts b/src/routes/+page.server.ts
new file mode 100644
index 0000000..353be24
--- /dev/null
+++ b/src/routes/+page.server.ts
@@ -0,0 +1,5 @@
+import type { PageServerLoad } from "./$types";
+
+export const load: PageServerLoad = async ({ locals }) => {
+	return { user: locals.user };
+};
diff --git a/src/routes/+page.svelte b/src/routes/+page.svelte
index 271c903..267ec96 100644
--- a/src/routes/+page.svelte
+++ b/src/routes/+page.svelte
@@ -1,9 +1,29 @@
 <script lang="ts">
+	import type { PageData } from "./$types";
+
+	interface Props {
+		data: PageData;
+	}
+
+	const props: Props = $props();
 </script>
 
 <div class="container">
 	<h1>TCL-Guessr</h1>
 
+	<div class="login">
+		{#if props.data.user === null}
+			<a href="/login">Login</a>
+		{:else}
+			Logged in as <img
+				src={`https://cdn.discordapp.com/avatars/${props.data.user.id}/${props.data.user.avatarHash}.webp?size=32`}
+				alt="avatar"
+			/> <b>{props.data.user.name}</b> - <a href="logout">Logout</a>
+		{/if}
+	</div>
+
+	<span class="login"> </span>
+
 	<form action="/game" method="GET">
 		<label>
 			difficulté: <select name="mode">
diff --git a/src/routes/login/+server.ts b/src/routes/login/+server.ts
new file mode 100644
index 0000000..b32ac72
--- /dev/null
+++ b/src/routes/login/+server.ts
@@ -0,0 +1,19 @@
+import { redirect } from "@sveltejs/kit";
+import { generateState } from "arctic";
+import { discord } from "$lib/auth/discord";
+import type { RequestHandler } from "./$types";
+
+export const GET: RequestHandler = async ({ cookies }) => {
+	const state = generateState();
+	const scopes = ["identify"];
+	const url = discord.createAuthorizationURL(state, scopes);
+
+	cookies.set("discord_oauth_state", state, {
+		path: "/",
+		httpOnly: true,
+		maxAge: 60 * 10,
+		sameSite: "lax",
+	});
+
+	redirect(302, url);
+};
diff --git a/src/routes/login/callback/+server.ts b/src/routes/login/callback/+server.ts
new file mode 100644
index 0000000..46ada4a
--- /dev/null
+++ b/src/routes/login/callback/+server.ts
@@ -0,0 +1,53 @@
+import { error, redirect } from "@sveltejs/kit";
+import type { RequestHandler } from "./$types";
+import { discord, type DiscordUser } from "$lib/auth/discord";
+import { OAuth2RequestError, type OAuth2Tokens } from "arctic";
+import { createSession, generateSessionToken } from "$lib/auth/session";
+import { setSessionTokenCookie } from "$lib/auth/cookie";
+
+export const GET: RequestHandler = async ({ platform, url, cookies, fetch }) => {
+	const db = platform?.env?.TCL_GUESSR_D1 ?? null;
+	if (db === null) error(500, "could not access D1");
+
+	const code = url.searchParams.get("code");
+	const state = url.searchParams.get("state");
+	const storedState = cookies.get("discord_oauth_state") ?? null;
+
+	if (code === null || state === null || storedState === null) {
+		error(400, "missing things from oauth2 response");
+	}
+
+	if (state !== storedState) {
+		error(400, "state does not match");
+	}
+
+	let tokens: OAuth2Tokens;
+	try {
+		tokens = await discord.validateAuthorizationCode(code);
+	} catch (e) {
+		if (e instanceof OAuth2RequestError) {
+			error(400, e.message);
+		} else {
+			error(400, "could not validate auth code");
+		}
+	}
+
+	const discordUser: DiscordUser = await fetch("https://discord.com/api/v10/users/@me", {
+		headers: {
+			Authorization: `Bearer ${tokens.accessToken()}`,
+		},
+	}).then((r) => r.json());
+
+	await db
+		.prepare(
+			"INSERT INTO user(id, name, avatar_hash) VALUES (?, ?, ?) ON CONFLICT(id) DO UPDATE SET name=excluded.name;",
+		)
+		.bind(discordUser.id, discordUser.username, discordUser.avatar)
+		.run();
+
+	const sessionToken = generateSessionToken();
+	const session = await createSession(sessionToken, discordUser.id, db);
+	setSessionTokenCookie(cookies, sessionToken, session.expiresAt);
+
+	redirect(302, "/");
+};
diff --git a/src/routes/logout/+server.ts b/src/routes/logout/+server.ts
new file mode 100644
index 0000000..1834899
--- /dev/null
+++ b/src/routes/logout/+server.ts
@@ -0,0 +1,16 @@
+import { invalidateSession } from "$lib/auth/session";
+import { redirect } from "@sveltejs/kit";
+import type { RequestHandler } from "./$types";
+
+export const GET: RequestHandler = async ({ platform, locals }) => {
+	const db = platform?.env?.TCL_GUESSR_D1 ?? null;
+
+	if (locals.session !== null && db !== null) {
+		await invalidateSession(locals.session.id, db);
+	}
+
+	locals.session = null;
+	locals.user = null;
+
+	redirect(302, "/");
+};
diff --git a/wrangler.toml b/wrangler.toml
index 7040cf6..cefc2c9 100644
--- a/wrangler.toml
+++ b/wrangler.toml
@@ -5,3 +5,8 @@ pages_build_output_dir = ".svelte-kit/cloudflare"
 [[kv_namespaces]]
 binding = "TCL_GUESSR_KV"
 id = "b2d8980ac3a74a80854c35bf9569dbf8"
+
+[[d1_databases]]
+binding = "TCL_GUESSR_D1"
+database_name = "tcl-guessr"
+database_id = "dd6fbdf0-5ede-4226-9787-4fbe15a46caa"